rule(:undocumented) do s( any ) end rule(:key_attribute_long_type) do arg.as(:arg) end rule(:key_attribute_string_type) do arg.as(:arg) end rule(:key_attribute_ulong_type) do arg.as(:arg) end rule(:filename) do arg.as(:arg) end rule(:client_filename) do arg.as(:arg) end rule(:hostname) do arg.as(:arg) end rule(:ipaddr) do arg.as(:arg) end rule(:sysid) do arg.as(:arg) end rule(:interface_device) do arg.as(:arg) end rule(:bits) do arg.as(:arg) end rule(:isoaddr) do arg.as(:arg) end rule(:ipprefix) do arg.as(:arg) end rule(:ipprefix_mandatory) do arg.as(:arg) end rule(:interface_unit) do arg.as(:arg) end rule(:ipaddr_or_interface) do arg.as(:arg) end rule(:areaid) do arg.as(:arg) end rule(:interface_name) do arg.as(:arg) end rule(:community) do arg.as(:arg) end rule(:interface_wildcard) do arg.as(:arg) end rule(:unreadable) do arg.as(:arg) end rule(:ipprefix_optional) do arg.as(:arg) end rule(:policy_algebra) do arg.as(:arg) end rule(:regular_expression) do arg.as(:arg) end rule(:group_glob) do arg.as(:arg) end rule(:atm_vci) do arg.as(:arg) end rule(:ipprefix_only) do arg.as(:arg) end rule(:ipv4addr) do arg.as(:arg) end rule(:ipv4prefix) do arg.as(:arg) end rule(:ipv4prefix_mandatory) do arg.as(:arg) end rule(:ipv4addr_or_interface) do arg.as(:arg) end rule(:ipv4prefix_optional) do arg.as(:arg) end rule(:ipv4prefix_only) do arg.as(:arg) end rule(:ipv6addr) do arg.as(:arg) end rule(:ipv6prefix) do arg.as(:arg) end rule(:ipv6prefix_mandatory) do arg.as(:arg) end rule(:ipv6addr_or_interface) do arg.as(:arg) end rule(:ipv6prefix_optional) do arg.as(:arg) end rule(:ipv6prefix_only) do arg.as(:arg) end rule(:interface_device_wildcard) do arg.as(:arg) end rule(:interface_unit_wildcard) do arg.as(:arg) end rule(:time) do arg.as(:arg) end rule(:mac_addr) do arg.as(:arg) end rule(:mac_addr_prefix) do arg.as(:arg) end rule(:mac_unicast) do arg.as(:arg) end rule(:mac_unicast_prefix) do arg.as(:arg) end rule(:mac_multicast) do arg.as(:arg) end rule(:mac_multicast_prefix) do arg.as(:arg) end rule(:mpls_label) do arg.as(:arg) end rule(:float) do arg.as(:arg) end rule(:unsigned_float) do arg.as(:arg) end rule(:isoprefix) do arg.as(:arg) end rule(:isosysid) do arg.as(:arg) end rule(:interface_range_wild) do arg.as(:arg) end rule(:fc_addr) do arg.as(:arg) end rule(:wwn) do arg.as(:arg) end rule(:logfilename) do arg.as(:arg) end rule(:esi) do arg.as(:arg) end rule(:typedef) do arg.as(:arg) end rule(:time_of_day) do arg.as(:arg) end rule(:date) do arg.as(:arg) end rule(:ipaddr_scoped) do arg.as(:arg) end rule(:configuration) do c( "rcsid" arg /* Revision control system identifier */, "version" arg /* Software version information */, "groups" ( /* Configuration groups */ s( any ) ), "system" ( /* System parameters */ juniper_system /* System parameters */ ), "logical-systems" ( /* Logical systems */ juniper_logical_system /* Logical systems */ ), "chassis" ( /* Chassis configuration */ chassis_type /* Chassis configuration */ ), "services" ( /* System services */ c( "jinsightd" ( /* Health Monitoring services */ c( "traceoptions" ( /* Jinsight trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("all" | "rule-engine" | "core" | "database" | "timer")) /* Tracing parameters */.as(:oneline) ) ), "subscribe" ( /* Subscription */ c( "health-monitor" /* Health-monitor parameters */ ) ) ) ), "fixed-wireless-access" ( /* Configuration for fixed wireless access service */ c( "control-plane" arg ( /* S11 configuration */ c( "s11" ( /* S11 IP address */ c( "v4-address" ( /* IPv4 address configured on interface */ ipv4addr /* IPv4 address configured on interface */ ), "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ) ) ) ) ), "apn" arg ( /* Configure access point names for fixed wireless connections */ c( "description" arg /* Text description of APN */, "apn-data-type" ( /* Specify APN data type */ ("ipv4") ), "aaa-profile" arg /* Specify AAA profile for Authorization and Accounting */, "dynamic-profile" arg /* Dynamic profile for the apn */, "ipv4-address-pool" arg /* IPv4 address pool for the apn */, "routing-instance" arg /* Routing instance used for redirect */, "authentication" ( /* FWA tunnel authentication */ fwa_authentication_type /* FWA tunnel authentication */ ) ) ), "data-plane" arg ( /* S1-U configuration */ c( "s1-u" ( /* S1-U IP address */ c( "v4-address" ( /* IPv4 address configured on interface */ ipv4addr /* IPv4 address configured on interface */ ) ) ) ) ), "anchor-point" arg /* Interface used for GTP-U tunnel termination */, "traceoptions" ( /* Fixed wirelss access service trace options */ bbefwa_trace_options_type /* Fixed wirelss access service trace options */ ) ) ), "captive-portal-content-delivery" ( /* Configuration for captive portal and content delivery service */ c( "auto-deactivate" arg /* Deactivate content delivery service */, "rule" ( /* Define a captive portal content delivery rule */ cpcd_rule_object_type /* Define a captive portal content delivery rule */ ), "rule-set" arg ( /* Define a set of captive portal content delivery rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ), "profile" arg ( /* One or more rule/rule set in the profile */ c( c( "dynamic" /* Dynamic profile flag */, "cpcd-rules" arg /* List of captive portal content delivery rules */, "cpcd-rule-sets" arg /* List of captive portal content delivery rule sets */ ), "ipda-rewrite-options" ( /* Ipda rewrite options */ c( "destination-address" ( /* Default ipda rewrite IP address */ ipaddr /* Default ipda rewrite IP address */ ), "destination-port" arg /* Default ipda rewrite port */ ) ), "http-redirect-options" ( /* Http redirect options */ c( arg /* URL of the captive portal file */ ) ), "auto-deactivate" ( /* Deactivate content delivery service */ ("never" | "initial-get") ) ) ), "traceoptions" ( /* Captive portal and content delivery trace options */ cpcd_trace_options_type /* Captive portal and content delivery trace options */ ) ) ), "dynamic-flow-capture" ( /* Configure Dynamic Flow Capture parameters */ c( "g-max-duplicates" arg /* Maximum content destinations for the capture group */, "g-duplicates-dropped-periodicity" arg /* Periodicity of DuplicatesDropped notification in secs */, "capture-group" ( /* Configure DFC group parameters */ dfc_group_type /* Configure DFC group parameters */ ), "traceoptions" ( /* Trace options for dynamic-flow-capture service */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline) ) ) ) ), "flow-tap" ( /* Configure flow-tap parameters */ c( "family" ( /* Address family of packets to tap */ c( "inet" /* IPv4 family */, "inet6" /* IPv4 family */, "ccc" /* CCC family */ ) ), "interface" ( /* Service interface on which to configure flow-tap service */ interface_name /* Service interface on which to configure flow-tap service */ ), "tunnel-interface" ( /* Tunnel interface through which flow-tap would communicate with MD */ interface_name /* Tunnel interface through which flow-tap would communicate with MD */ ) ) ), "radius-flow-tap" ( /* Configure radius triggered flow-tap parameters */ c( "forwarding-class" arg /* Forwarding class assigned to intercepted packets */, "source-ipv4-address" ( /* IP Address to use as source address in IPv4 header appended to intercepted packets */ ipv4addr /* IP Address to use as source address in IPv4 header appended to intercepted packets */ ), "multicast-interception" /* Enable Multicast Tapping */, "interfaces" ( /* Tunnel Interfaces */ c( tunnel_interface_type ) ), c( "routing-instance" arg /* Routing instance to be used for radius flow tap */, "logical-system" arg ( /* Logical system to be used for radius flow tap */ c( "routing-instance" arg /* Routing instance to be used for radius flow tap */ ) ) ), "policy" arg ( /* Policy */ c( "inet" ( /* Protocol family IPv4 drop policy terms */ c( "drop-policy" ( /* Define an IPv4 drop policy */ drop_policy_term /* Define an IPv4 drop policy */ ) ) ), "inet6" ( /* Protocol family IPv6 drop policy terms */ c( "drop-policy" ( /* Define an IPv6 drop policy */ drop_policy6_term /* Define an IPv6 drop policy */ ) ) ) ) ), "snmp" ( /* SNMP options for radius flow tap */ c( "notify-targets" arg /* Target list for packet mirror SNMP notifications */ ) ) ) ), "mobile-flow-tap" ( /* Configure mobile triggered flow-tap parameters */ c( "source-interface" ( /* Source interface from which IRI packets will be sent */ sc( interface_name /* Interface name */, "ipv4-address" ( /* Source IPv4 address to be used */ ipv4addr /* Source IPv4 address to be used */ ) ) ).as(:oneline) ) ), "flow-monitoring" ( /* Configure flow monitoring */ c( "version9" ( /* Version 9 configuration */ c( "template" ( /* One or more version 9 templates */ version9_template /* One or more version 9 templates */ ) ) ), "version-ipfix" ( /* Version IP-Fix configuration */ c( "template" ( /* One or more version ip-fix templates */ version_ipfix_template /* One or more version ip-fix templates */ ) ) ) ) ), "jdaf" ( /* Juniper distributed application framework (JDAF) */ c( "routing-instances" arg /* List of routing-instance name for JDAF clients */ ) ), "rpm" ( /* Real-time performance monitoring */ c( "traceoptions" ( /* RMOPD trace options */ rmopd_traceoptions /* RMOPD trace options */ ), "bgp" ( /* BGP options for real-time performance monitoring */ c( "probe-type" ( /* RPM-BGP probe request type */ ("icmp-ping" | "icmp-ping-timestamp" | "icmp6-ping" | "tcp-ping" | "udp-ping" | "udp-ping-timestamp") ), "probe-count" arg /* Total number of probes per test */, "probe-interval" arg /* Delay between probes */, "test-interval" arg /* Delay between tests */, "destination-port" arg /* TCP/UDP port number */, "history-size" arg /* Number of stored history entries */, "moving-average-size" arg /* Number of samples used for moving average */, "data-size" arg /* Size of the data portion of the probes */, "data-fill" arg /* Define contents of the data portion of the probes */, "ttl" arg /* Time to Live (hop-limit) value for an RPM IPv4(IPv6) packet */, "logical-system" ( /* Logical systems */ bgp_logical_system /* Logical systems */ ), "routing-instances" ( /* Routing instances */ bgp_routing_instances /* Routing instances */ ) ) ), "probe" arg ( /* TCP/UDP/ICMP ping */ c( "delegate-probes" /* Offload real-time performance monitoring probes to MS-MIC/MS-MPC card */, "test" arg ( /* TCP/UDP/ICMP/ICMP6 ping test */ c( "rpm-scale" ( /* Configuring real-time performance monitoring scale tests */ c( "tests-count" arg /* Number of probe-tests generated using scale config */, c( "target" ( /* Target address generation for scale test config */ c( "address-base" ( /* Base address of target host in a.b.c.d format */ ipv4addr /* Base address of target host in a.b.c.d format */ ), "step" ( /* Steps to increment target address in a.b.c.d format */ ipv4addr /* Steps to increment target address in a.b.c.d format */ ), "count" arg /* Target address count */ ) ), "target-inet6" ( /* IPv6 target address generation for scale test config */ c( "address-base" ( /* Base address of target host in a:b:c:d:e:f:g:h format */ ipv6addr /* Base address of target host in a:b:c:d:e:f:g:h format */ ), "step" ( /* Steps to increment target address in a:b:c:d:e:f:g:h format */ ipv6addr /* Steps to increment target address in a:b:c:d:e:f:g:h format */ ), "count" arg /* Target address count */ ) ) ), c( "source" ( /* Source address generation in scale tests */ c( "address-base" ( /* Base address of host in a.b.c.d format */ ipv4addr /* Base address of host in a.b.c.d format */ ), "step" ( /* Steps to increment src address in a.b.c.d format */ ipv4addr /* Steps to increment src address in a.b.c.d format */ ), "count" arg /* Source-address count */ ) ), "source-inet6" ( /* IPv6 source address generation in scale tests */ c( "address-base" ( /* Base address of host in a:b:c:d:e:f:g:h format */ ipv6addr /* Base address of host in a:b:c:d:e:f:g:h format */ ), "step" ( /* Steps to increment src address in a:b:c:d:e:f:g:h format */ ipv6addr /* Steps to increment src address in a:b:c:d:e:f:g:h format */ ), "count" arg /* Source-address count */ ) ) ), "destination" ( /* Name of output interface for probes */ c( "interface" ( /* Base destination interface for scale test */ interface_name /* Base destination interface for scale test */ ), "subunit-cnt" arg /* Subunit count for destination interface for scale test */ ) ) ) ), "probe-type" ( /* Probe request type */ ("http-get" | "http-metadata-get" | "icmp-ping" | "icmp-ping-timestamp" | "icmp6-ping" | "tcp-ping" | "udp-ping" | "udp-ping-timestamp") ), "target" ( /* Target destination for probe */ sc( c( "address" ( /* Address of target host */ ipv4addr /* Address of target host */ ), "inet6-address" ( /* Inet6 Address of target host */ ipv6addr /* Inet6 Address of target host */ ), "url" arg /* Fully formed target URL */, "inet6-url" arg /* Fully formed target IPV6 URL */ ) ) ).as(:oneline), "inet6-options" ( /* IPV6 related options */ c( "source-address" ( /* Inet6 Source Address of the probe */ ipv6addr /* Inet6 Source Address of the probe */ ) ) ), "probe-count" arg /* Total number of probes per test */, "probe-interval" arg /* Delay between probes */, "test-interval" arg /* Delay between tests */, "destination-port" arg /* TCP/UDP port number */, "source-address" ( /* Source address for probe */ ipv4addr /* Source address for probe */ ), "routing-instance" arg /* Routing instance used by probes */, "history-size" arg /* Number of stored history entries */, "moving-average-size" arg /* Number of samples used for moving average */, "dscp-code-points" arg /* Differentiated Services code point bits or alias */, "data-size" arg /* Size of the data portion of the probes */, "data-fill" arg /* Define contents of the data portion of the probes */, "ttl" arg /* Time to Live (hop-limit) value for an RPM IPv4(IPv6) packet */, "thresholds" ( /* Probe and test threshold values. Set 0 to disable respective threshold */ c( "successive-loss" arg /* Successive probe loss count indicating probe failure */, "total-loss" arg /* Total probe loss count indicating test failure */, "rtt" arg /* Maximum round trip time per probe */, "jitter-rtt" arg /* Maximum jitter per test */, "std-dev-rtt" arg /* Maximum standard deviation per test */, "egress-time" arg /* Maximum source to destination time per probe */, "ingress-time" arg /* Maximum destination to source time per probe */, "jitter-ingress" arg /* Maximum destination to source jitter per test */, "jitter-egress" arg /* Maximum source to destination jitter per test */, "std-dev-ingress" arg /* Maximum destination to source standard deviation per test */, "std-dev-egress" arg /* Maximum source to destination standard deviation per test */ ) ), "traps" ( /* Trap to send if threshold is met or exceeded */ ("probe-failure" | "test-failure" | "test-completion" | "rtt-exceeded" | "std-dev-exceeded" | "jitter-exceeded" | "ingress-time-exceeded" | "ingress-std-dev-exceeded" | "ingress-jitter-exceeded" | "egress-time-exceeded" | "egress-std-dev-exceeded" | "egress-jitter-exceeded") ), "destination-interface" ( /* Name of output interface for probes */ interface_name /* Name of output interface for probes */ ), "hardware-timestamp" /* Packet Forwarding Engine updates timestamps */, "one-way-hardware-timestamp" /* Enable hardware timestamps for one-way measurements */, "next-hop" ( /* Next-hop to which probe should be sent */ ipv4addr /* Next-hop to which probe should be sent */ ) ) ) ) ), "probe-server" ( /* ICMP/TCP/UDP probe server */ c( "icmp" ( /* ICMP probe server */ c( "destination-interface" ( /* Name of output interface for probes */ interface_name /* Name of output interface for probes */ ) ) ), "tcp" ( /* TCP probe server */ c( "port" arg /* Port number 7 through 65535 */, "destination-interface" ( /* Name of output interface for probes */ interface_name /* Name of output interface for probes */ ) ) ), "udp" ( /* UDP probe server */ c( "port" arg /* Port number 7 through 65535 */, "destination-interface" ( /* Name of output interface for probes */ interface_name /* Name of output interface for probes */ ) ) ) ) ), "probe-limit" arg /* Maximum number of concurrent probes allowed */, "rfc2544-benchmarking" ( /* Rfc2544 benchmarking tests */ c( "profiles" ( /* Rfc2544 test profiles */ c( "test-profile" arg ( /* Test-profile definition */ c( "test-type" ( /* Rfc2544 test type */ ("throughput" | "latency" | "frame-loss" | "back-back-frames") ), "packet-size" arg /* Size of the test packet */, "bandwidth-kbps" arg /* Theoretical max service bandwidth in kbps */, "step-percent" arg /* Step percent for test */ ) ) ) ), "tests" ( /* Rfc2544 test configuration */ c( "test-name" arg ( /* Test definition */ c( "test-profile" arg /* Name of the test profile */, "source-mac-address" ( /* MAC address of source host in xx:xx:xx:xx:xx:xx format -Generator MAC */ mac_unicast /* MAC address of source host in xx:xx:xx:xx:xx:xx format -Generator MAC */ ), "destination-mac-address" ( /* MAC address of destination host in xx:xx:xx:xx:xx:xx format -Reflector MAC */ mac_unicast /* MAC address of destination host in xx:xx:xx:xx:xx:xx format -Reflector MAC */ ), "ovlan-id" arg /* Outer vlan id */, "ovlan-priority" arg /* Outer vlan priority */, "ovlan-cfi" arg /* Outer vlan CFI bit */, "outer-tag-protocol-id" arg /* Outer tag protocol id */, "ivlan-id" arg /* Inner vlan id */, "ivlan-priority" arg /* Inner vlan priority */, "ivlan-cfi" arg /* Inner vlan CFI bit */, "vlan-id" arg /* VLAN identifier */, "vlan-priority" arg /* VLAN priority */, "vlan-cfi" arg /* VLAN CFI bit */, "service-type" ( /* Service type */ ("eline" | "elan") ), "in-service" /* Test executed in-service mode */, "ip-swap" /* Swap IP in the test payload */, "udp-tcp-port-swap" /* Swap UDP/TCP port in the test payload */, "ignore-test-interface-state" /* Ignore interface state to run the test */, "check-test-interface-mtu" /* Check interface MTU to run the test */, "disable-signature-check" /* Signature check disable */, "forwarding-class" arg /* Forwarding class assigned to the frames */, "packet-loss-priority" ( /* Packet loss priority assigned to the frames */ ("low" | "high" | "medium-high") ), "dscp-code-points" arg /* Differentiated Services code point bits or alias */, "mode" ( /* Test mode */ ("reflect" | "initiate-and-terminate" | "ethernet-loopback") ), "reflect-mode" ( /* Reflect mode */ ("mac-swap" | "no-mac-swap" | "mac-rewrite") ), "family" ( /* Family type */ ("inet" | "ccc" | "bridge" | "vpls") ), "reflect-etype" arg /* Etype to match for reflect mode */, "direction" ( /* Direction of test */ ("ingress" | "egress") ), "timestamp-format" ( /* Format of timestamp values */ ("microseconds" | "nanoseconds") ), "source-udp-port" arg /* Source udp port */, "destination-udp-port" arg /* Destination udp port */, "test-duration" arg /* Test duration in minutes */, "test-iterator-duration" arg /* Duration of each iteration in seconds */, "test-finish-wait-duration" arg /* Number of seconds to wait after test completes before stopping the test */, "transmit-failure-threshold" arg /* Transmit failure-threshold (default 0.5%) */, "receive-failure-threshold" arg /* Receive failure-threshold (default 0%) */, "test-iterator-pass-threshold" arg /* Test pass-threshold (default 0.5%) */, "halt-on-prefix-down" /* Halt test on prefix down */, "skip-arp-iteration" /* Skip arp iteration in tests */, "test-interface" ( /* Name of interface(ifl) for test */ interface_name /* Name of interface(ifl) for test */ ), "reflector-port" arg /* Front panel port number - ACX5048: [16-53], ACX5096: [64-95, 100-103] */, "destination-ipv4-address" ( /* Destination address for test */ ipv4addr /* Destination address for test */ ), "source-ipv4-address" ( /* Source address for test */ ipv4addr /* Source address for test */ ) ) ) ) ) ) ), "twamp" ( /* Two-way Active Measurement Protocol configuration */ c( "post-cli-implicit-firewall" /* Enable post cli implicit firewall */, "client" ( /* TWAMP client configuration */ c( "control-connection" arg ( /* TWAMP control session configuration */ c( "authentication-mode" ( /* Authentication modes */ c( "none" /* No authentication or encryption */ ) ), "destination-interface" ( /* Name of output interface for all test sessions */ interface_name /* Name of output interface for all test sessions */ ), "persistent-results" /* Displays the old results along with present. Default disable */, "control-type" ( /* TWAMP control connection type */ ("light" | "managed") ), "tcp-keepidle" arg /* Time to start TCP KEEPALIVEs on control connection (default 120) */, "tcp-keepintvl" arg /* Delay between succesive TCP KEEPALIVEs (default 5) */, "tcp-keepcnt" arg /* Number of TCP KEEPALIVEs sent (default 6) */, "destination-port" arg /* TCP TWAMP client listening port for the test sessions. Default 862 */, "history-size" arg /* Number of stored history entries */, "moving-average-size" arg /* Number of samples used for moving average */, "routing-instance" arg /* Routing instance used by the test sessions */, "target-address" ( /* Destination address of TWAMP responder */ ipv4addr /* Destination address of TWAMP responder */ ), "test-count" arg /* Total number of test session iterations */, "test-interval" arg /* Delay between test session iterations */, "traps" ( /* Trap to send if threshold is met or exceeded */ c( "test-iteration-done" /* All test sessions configured under the control connection have completed an iteration */, "control-connection-closed" /* Control connection closed */ ) ), "test-session" arg ( /* Test session details */ c( "target-address" ( /* Destination address of TWAMP responder */ ipaddr /* Destination address of TWAMP responder */ ), "destination-port" arg /* Target port number for test */, "data-fill-with-zeros" /* Fill contents of test packet with zeros */, "data-size" arg /* Size of the data portion of the probes */, "dscp-code-points" arg /* Differentiated Services code point bits or alias used for TCP control and UDP TWAMP test packets */, "ttl" arg /* Time to Live (hop-limit) value for an RPM IPv4(IPv6) packet */, "probe-count" arg /* Total number of probes per test */, "probe-interval" arg /* Delay between two consecutive probes */, "thresholds" ( /* TWAMP test threshold values. Set 0 to disable respective threshold */ c( "successive-loss" arg /* Successive probe loss count indicating probe failure */, "total-loss" arg /* Total probe loss count indicating test failure */, "rtt" arg /* Maximum round trip time per probe */, "max-rtt" arg /* Maximum round trip time per test */, "jitter-rtt" arg /* Maximum jitter per test */, "std-dev-rtt" arg /* Maximum standard deviation per test */, "egress-time" arg /* Maximum source to destination time per probe */, "ingress-time" arg /* Maximum destination to source time per probe */, "jitter-ingress" arg /* Maximum destination to source jitter per test */, "jitter-egress" arg /* Maximum source to destination jitter per test */, "std-dev-ingress" arg /* Maximum destination to source standard deviation per test */, "std-dev-egress" arg /* Maximum source to destination standard deviation per test */ ) ), "traps" ( /* Trap to send if threshold is met or exceeded */ c( "probe-failure" /* Successive probe loss threshold reached */, "test-failure" /* Total probe loss threshold reached */, "test-completion" /* Test completed */, "rtt-exceeded" /* Exceeded maximum round trip time threshold */, "max-rtt-exceeded" /* Exceeded maximum round trip time threshold at the end of per test */, "std-dev-exceeded" /* Exceeded round trip time standard deviation threshold */, "jitter-exceeded" /* Exceeded jitter in round trip time threshold */, "ingress-time-exceeded" /* Exceeded maximum ingress time threshold */, "ingress-std-dev-exceeded" /* Exceeded ingress time standard deviation threshold */, "ingress-jitter-exceeded" /* Exceeded jitter in ingress time threshold */, "egress-time-exceeded" /* Exceeded maximum egress time threshold */, "egress-std-dev-exceeded" /* Exceeded egress time standard deviation threshold */, "egress-jitter-exceeded" /* Exceeded jitter in egress time threshold */ ) ) ) ) ) ) ) ), "server" ( /* TWAMP server configuration */ c( "tcp-keepidle" arg /* Time to start TCP KEEPALIVEs on control connection (default 120) */, "tcp-keepintvl" arg /* Delay between succesive TCP KEEPALIVEs (default 5) */, "tcp-keepcnt" arg /* Number of TCP KEEPALIVEs sent (default 6) */, "routing-instance-list" arg ( /* List of allowed routing instances,not more than 100, along with ports */ c( "port" arg /* Port to be used by the routing instance */ ) ), "authentication-mode" ( /* Authentication modes */ c( "none" /* No authentication or encryption */, "authenticated" ( /* Authenticated mode */ sc( "control-only" /* Authentication mode only for TWAMP control protocol */ ) ).as(:oneline), "encrypted" ( /* Encrypted mode */ sc( "control-only" /* Encryption mode only for TWAMP control protocol */ ) ).as(:oneline), "control-only-encrypted" /* Encrypted control and unauthenticated data mode */ ) ), "authentication-key-chain" ( /* Authentication key chain configuration */ twamp_authentication_key_chain /* Authentication key chain configuration */ ), "server-inactivity-timeout" arg /* Control packet idle timeout value in minutes, 0 to disable */, "max-connection-duration" arg /* Maximum Connection duration in hours, 0 to disable */, "maximum-sessions" arg /* Maximum number of test sessions for the server */, "maximum-sessions-per-connection" arg /* Maximum number of test sessions per client connection */, "maximum-connections" arg /* Maximum number of connections for the server */, "maximum-connections-per-client" arg /* Maximum number of server connections per client */, "port" arg /* TWAMP server listening port */, "client-list" arg ( /* List of allowed clients */ c( "address" arg /* IP prefix of client */ ) ), "light" ( /* Enable TWAMP server for light control on the default port */ c( "port" arg /* UDP ports reflecting TWAMP light test packets */ ) ) ) ) ) ) ) ), "video-monitoring" ( /* Video monitoring service */ c( "templates" arg ( /* Template for MDI flows */ c( "interval-duration" arg /* Monitoring interval in sec */, "inactive-timeout" arg /* Inactive timeout for idle flow in sec */, "rate" ( /* Media rate or layer3 pps */ c( c( "media" arg /* Constant bit rate in bps */, "layer3" arg /* Layer3 packet rate in pps */ ) ) ), "delay-factor" ( /* Delay factor related parameters */ c( "threshold" ( /* Threshold for delay factor alarm */ c( "info" arg /* Threshold for information alarm */, "warning" arg /* Threshold for warning alarm */, "critical" arg /* Threshold for critical alarm */ ) ), ("disable") ) ), "media-loss-rate" ( /* MLR related parameters */ c( "threshold" ( /* Threshold for MLR alarm */ c( "info" ( /* Threshold for information alarm */ c( c( "packet-count" ( /* MLR threshold value in packets count */ unsigned_float /* MLR threshold value in packets count */ ), "percentage" arg /* MLR threshold value in percentage */ ) ) ), "warning" ( /* Threshold for warning alarm */ c( c( "packet-count" ( /* MLR threshold value in packets count */ unsigned_float /* MLR threshold value in packets count */ ), "percentage" arg /* MLR threshold value in percentage */ ) ) ), "critical" ( /* Threshold for critical alarm */ c( c( "packet-count" ( /* MLR threshold value in packets count */ unsigned_float /* MLR threshold value in packets count */ ), "percentage" arg /* MLR threshold value in percentage */ ) ) ) ) ), ("disable") ) ), "media-rate-variation" ( /* MRV related parameters */ c( "threshold" ( /* Threshold for MRV alarm */ c( "info" arg /* Threshold for information alarm */, "warning" arg /* Threshold for warning alarm */, "critical" arg /* Threshold for critical alarm */ ) ), ("disable") ) ), "media-packets-count-in-layer3" arg /* Number of media packets in a IP packet */, "media-packet-size" arg /* Size of media packet */ ) ), "interfaces" arg ( /* Interfaces to enable video monitoring */ c( "family" ( /* Protocol family */ c( "inet" ( /* IPv4 flows */ c( "input-flows" arg ( /* Input flows informations */ c( "source-address" ( /* Prefix to match */ ipv4prefix /* Prefix to match */ ), "destination-address" ( /* Prefix to match */ ipv4prefix /* Prefix to match */ ), "source-port" arg /* Source port number to match */, "destination-port" arg /* Destination port number to match */, "template" arg /* Name of template */ ) ), "output-flows" arg ( /* Output flows informations */ c( "source-address" ( /* Prefix to match */ ipv4prefix /* Prefix to match */ ), "destination-address" ( /* Prefix to match */ ipv4prefix /* Prefix to match */ ), "source-port" arg /* Source port number to match */, "destination-port" arg /* Destination port number to match */, "template" arg /* Name of template */ ) ) ) ), "inet6" ( /* IPv6 flows */ c( "input-flows" arg ( /* Input flows informations */ c( "source-address" ( /* Prefix to match */ ipv6prefix /* Prefix to match */ ), "destination-address" ( /* Prefix to match */ ipv6prefix /* Prefix to match */ ), "source-port" arg /* Source port number to match */, "destination-port" arg /* Destination port number to match */, "template" arg /* Name of template */ ) ), "output-flows" arg ( /* Output flows informations */ c( "source-address" ( /* Prefix to match */ ipv6prefix /* Prefix to match */ ), "destination-address" ( /* Prefix to match */ ipv6prefix /* Prefix to match */ ), "source-port" arg /* Source port number to match */, "destination-port" arg /* Destination port number to match */, "template" arg /* Name of template */ ) ) ) ), "mpls" ( /* MPLS flows */ c( "input-flows" arg ( /* Input flows informations */ c( "payload-type" ( /* Specify MPLS payload-type */ ("ipv4" | "ipv6") ), "source-address" ( /* Prefix to match */ ipprefix /* Prefix to match */ ), "destination-address" ( /* Prefix to match */ ipprefix /* Prefix to match */ ), "source-port" arg /* Source port number to match */, "destination-port" arg /* Destination port number to match */, "template" arg /* Name of template */ ) ), "output-flows" arg ( /* Output flows informations */ c( "payload-type" ( /* Specify MPLS payload-type */ ("ipv4" | "ipv6") ), "source-address" ( /* Prefix to match */ ipprefix /* Prefix to match */ ), "destination-address" ( /* Prefix to match */ ipprefix /* Prefix to match */ ), "source-port" arg /* Source port number to match */, "destination-port" arg /* Destination port number to match */, "template" arg /* Name of template */ ) ) ) ) ) ) ) ), "stats-cache-life-time" arg /* Lifetime of cached stats in seconds */, "errors-cache-life-time" arg /* Lifetime of cached errors in seconds */, "flow-cache-life-time" arg /* Lifetime of cached flows in seconds */, "alarms" ( /* Alarms for Flows */ c( "delay-factor" ( /* DF Alarms */ c( "no-syslog-generation" /* Don't generate syslog when threshold exceed */, "generate-snmp-traps" /* Generate SNMP traps when threshold exceed */, "storm-control" ( /* Control frequency of alarm generation */ c( "count" arg /* Max number of alarms in specified interval */, "interval" arg /* Interval in Seconds */ ) ), "alarm-mode" ( /* Mode of alarm generation */ c( "mdi-records-count" arg /* Number of MDI records to average */, c( "immediate" /* Alarm will be triggered immediately */, "average" /* Alarm will be triggered based on average */ ) ) ) ) ), "media-rate-variation" ( /* MLR Alarms */ c( "no-syslog-generation" /* Don't generate syslog when threshold exceed */, "generate-snmp-traps" /* Generate SNMP traps when threshold exceed */, "storm-control" ( /* Control frequency of alarm generation */ c( "count" arg /* Max number of alarms in specified interval */, "interval" arg /* Interval in Seconds */ ) ), "alarm-mode" ( /* Mode of alarm generation */ c( "mdi-records-count" arg /* Number of MDI records to average */, c( "immediate" /* Alarm will be triggered immediately */, "average" /* Alarm will be triggered based on average */ ) ) ) ) ), "media-loss-rate" ( /* MRV Alarms */ c( "no-syslog-generation" /* Don't generate syslog when threshold exceed */, "generate-snmp-traps" /* Generate SNMP traps when threshold exceed */, "storm-control" ( /* Control frequency of alarm generation */ c( "count" arg /* Max number of alarms in specified interval */, "interval" arg /* Interval in Seconds */ ) ), "alarm-mode" ( /* Mode of alarm generation */ c( "mdi-records-count" arg /* Number of MDI records to average */, c( "immediate" /* Alarm will be triggered immediately */, "average" /* Alarm will be triggered based on average */ ) ) ) ) ), "flow-insert" ( /* Flow Insert Alarms */ c( "no-syslog-generation" /* Don't generate syslog when threshold exceed */, "generate-snmp-traps" /* Generate SNMP traps when threshold exceed */, "storm-control" ( /* Control frequency of alarm generation */ c( "count" arg /* Max number of alarms in specified interval */, "interval" arg /* Interval in Seconds */ ) ) ) ), "flow-delete" ( /* Flow Delete Alarms */ c( "no-syslog-generation" /* Don't generate syslog when threshold exceed */, "generate-snmp-traps" /* Generate SNMP traps when threshold exceed */, "storm-control" ( /* Control frequency of alarm generation */ c( "count" arg /* Max number of alarms in specified interval */, "interval" arg /* Interval in Seconds */ ) ) ) ) ) ) ) ), "inline-monitoring" ( /* Inline packet monitoring service */ c( "traceoptions" ( /* Trace options for IMOND */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline) ) ), "counter-profile" arg ( /* Custom counter profiles for Inline packet monitoring */ c( "counter" arg ( /* Inline monitoring counter */ c( "max-value" arg /* Non-overlapping min/max range for counter-type, not exceeding packet contruct */, "min-value" arg /* Non-overlapping min/max range for counter-type, not exceeding packet contruct */, "counter-type" ( /* Counter type */ ("packet-range" | "ttl-range" | "tcp-window-range" | "dos-attack") ) ) ) ) ), "template" arg ( /* Templates for Inline packet monitoring */ c( "template-refresh-rate" arg /* Refresh rate in seconds */, "option-template-refresh-rate" arg /* Option refresh rate in seconds */, "observation-domain-id" arg /* Observation domain ID */, "template-id" arg /* Template ID */, "option-template-id" arg /* Option template ID */, "flow-active-timeout" arg /* Interval after which active flow is exported in seconds */, "flow-inactive-timeout" arg /* Period of inactivity that marks a flow inactive in seconds */, "template-type" ( /* Template IP version */ ("ipv4-template" | "ipv6-template") ), "flow-monitoring" ( c( "sampling-profile" ( /* Supported sampling profiles */ ("first-N-Packets" | "deterministic" | "random" | "combo-1" | "combo-2") ), "packet-count" arg /* Packet count for first-N-Packets/combo-1/combo-2 sampling profiles */, "sampling-rate" arg /* Sampling rate */, "security-enable" /* Enable DOS attack detection on monitored flows */, "flow-rate" arg /* Flow meter rate in kbps */, "burst-size" arg /* Burst size in bytes */, "flow-limit" arg /* Maximum number of flows allowed */, "counter-profile" arg /* Counter profiles per-flow-4-counters, per-flow-6-counters or custom profile */ ) ), "primary-data-record-fields" enum(("datalink-frame-size" | "direction" | "egress-interface-snmp-id" | "ingress-interface-snmp-id" | "cpid-ingress-interface-index" | "cpid-underlying-ingress-interface-index" | "cpid-egress-interface-index" | "cpid-forwarding-nexthop-id" | "cpid-forwarding-exception-code" | "cpid-forwarding-class-drop-priority")) /* Primary data record fields */.as(:oneline) ) ), "instance" arg ( /* Inline monitoring instance */ c( "template-name" arg /* Template Name */, "maximum-clip-length" arg /* Maximum packet length */, "collector" arg ( /* Inline monitoring collector */ c( "source-address" ( /* Source address */ ipv4addr /* Source address */ ), "destination-address" ( /* Destination address */ ipv4addr /* Destination address */ ), "dscp" arg /* DSCP Value */, "destination-port" arg /* Destination port value */, "forwarding-class" arg /* Forwarding class for exported frames */, "sampling-rate" arg /* Sampling rate */, "routing-instance" arg /* Name of routing instance */ ) ) ) ), "observation-cloud-id" arg /* Observation cloud ID */ ) ), "app-engine" ( /* App-engine */ c( "security" /* Enable app-engine security */, "monitor-cpu" ( /* Monitor node CPU usage */ monitor_threshold /* Monitor node CPU usage */ ), "monitor-memory" ( /* Monitor node memory usage */ monitor_threshold /* Monitor node memory usage */ ), "monitor-storage" ( /* Monitor storage usage */ monitor_threshold /* Monitor storage usage */ ), "default-compute-node-package" arg /* Default JunosV App Engine package for appliance */, "compute-cluster" arg ( /* Configure compute cluster */ c( "local-management" ( /* Management address connected to compute cluster */ c( "routing-instance" ( /* Packets are restriction to specified routing instance */ s( arg, c( "family" ( /* Protocol family */ c( "inet" ( /* IPv4 parameters */ c( "address" ( /* Interface address */ ipv4addr /* Interface address */ ) ) ) ) ) ) ) ), "family" ( /* Protocol family */ c( "inet" ( /* IPv4 parameters */ c( "address" ( /* Interface address */ ipv4addr /* Interface address */ ) ) ) ) ) ) ), "monitor-cpu" ( /* Monitor node CPU usage */ monitor_threshold /* Monitor node CPU usage */ ), "monitor-memory" ( /* Monitor node memory usage */ monitor_threshold /* Monitor node memory usage */ ), "monitor-storage" ( /* Monitor storage usage */ monitor_threshold /* Monitor storage usage */ ), "compute-node" arg ( /* Compute node name */ c( "monitor-cpu" ( /* Monitor node CPU usage */ monitor_threshold /* Monitor node CPU usage */ ), "monitor-memory" ( /* Monitor node memory usage */ monitor_threshold /* Monitor node memory usage */ ), "monitor-storage" ( /* Monitor storage usage */ monitor_threshold /* Monitor storage usage */ ), c( "mac-address" ( /* MAC address of the network boot interface */ mac_addr /* MAC address of the network boot interface */ ), "fpc" arg /* FPC slot number */, "hypervisor" /* Compute node is hypervisor */ ), "package" arg /* JunosV App Engine package */, "routing-options" ( /* Route configuration for compute node */ c( "static" ( /* Static routes */ c( "route" arg ( /* Static route */ c( "next-hop" ( /* Next hop to destination */ ipv4addr /* Next hop to destination */ ) ) ) ) ), "rib" arg ( /* Routing table options */ c( "static" ( /* Static routes */ c( "route" arg ( /* Static route */ c( "next-hop" ( /* Next hop to destination */ ipv4addr /* Next hop to destination */ ) ) ) ) ) ) ) ) ), "interfaces" ( /* Network interfaces configuration */ c( "ethernet" arg ( /* Interface configuration */ c( "management" /* Use this as management interface */, "family" ( /* Protocol family */ family /* Protocol family */ ), "enable-passthrough" /* Enable passthrough on this interface */, "mtu" arg /* Maximum transmit packet size */, "ether-options" ( c( c( "ieee-802-3ad" arg /* Aggregated interface name */ ) ) ) ) ), "bridge" arg ( /* Bridge configuration */ c( "management" /* Use this as management bridge */, "family" ( /* Protocol family */ family /* Protocol family */ ), "interface" arg /* Bridge interface list */, "mtu" arg /* Maximum transmit packet size */ ) ), "aggregate" arg ( /* Aggregate interface configuration */ c( "management" /* Use this as management aggregate */, "family" ( /* Protocol family */ family /* Protocol family */ ), "mtu" arg /* Maximum transmit packet size */, "aggregated-ether-options" ( /* Link aggregation parameters */ c( "hash-policy" ( ("layer-2" | "layer-3-and-4" | "layer-2-and-3") ), "miimon" arg /* Link monitoring interval in milli-second */ ) ) ) ) ) ), "syslog" enum(("any" | "authorization" | "privileged" | "cron" | "daemon" | "kernel" | "syslog" | "user" | "uucp" | "local0" | "local1" | "local2" | "local3" | "local4" | "local5" | "local6" | "local7")) ( /* System logging facility */ sc( c( "any" /* All levels */, "emergency" /* Panic conditions */, "alert" /* Conditions that should be corrected immediately */, "critical" /* Critical conditions */, "error" /* Error conditions */, "warning" /* Warning messages */, "notice" /* Conditions that should be handled specially */, "info" /* Informational messages */, "debug" /* Debug messages */ ) ) ).as(:oneline) ) ) ) ), "virtual-machines" ( /* Virtual-machine management */ c( "instance" arg ( /* Virtual-machine instance */ c( "cpu" arg /* Units of CPUs (default 1 cpu) */, "memory" arg /* Memory for the virtual-machine (default 1 gigabytes) */, "management-interface" arg /* Virtual-machine management interface name */, "package" arg /* Virtual-machine package */, "local-management" ( /* Management address connected to virtual machine */ c( "routing-instance" ( /* Packets are restriction to specified routing instance */ s( arg, c( "family" ( /* Protocol family */ c( "inet" ( /* IPv4 parameters */ c( "address" ( /* Interface address */ ipv4addr /* Interface address */ ) ) ) ) ) ) ) ), "family" ( /* Protocol family */ c( "inet" ( /* IPv4 parameters */ c( "address" ( /* Interface address */ ipv4addr /* Interface address */ ) ) ) ) ) ) ), "compute-cluster" arg ( /* Compute cluster on which the virtual-machine runs */ c( "compute-node" arg /* Compute node on which the virtual-machine runs */ ) ), "interface" arg ( /* Virtual-machine interface configuration */ c( "hw-model" ( /* Interface hardware model */ ("e1000g" | "virtio") ), "host-interface" arg /* Passthrough host interface for virtual-machine */, "bridge" arg /* Bridge that the interface connected to */, "mtu" arg /* Maximum transmit packet size */, "family" ( /* Interface address family */ c( "inet" ( /* IPv4 parameters */ c( "address" arg ( /* Interface address/destination prefix */ c( "primary" /* Primary address on the interface */ ) ) ) ) ) ) ) ), "routing-options" ( /* Route configuration for virutal machine */ c( "static" ( /* Static routes */ c( "route" arg ( /* Static route */ c( "next-hop" ( /* Next hop to destination */ ipv4addr /* Next hop to destination */ ) ) ) ) ), "rib" arg ( /* Routing table options */ c( "static" ( /* Static routes */ c( "route" arg ( /* Static route */ c( "next-hop" ( /* Next hop to destination */ ipv4addr /* Next hop to destination */ ) ) ) ) ) ) ) ) ), "secondary-disk" ("hdb" | "hdc" | "hdd") ( /* Virtual-machine disk */ sc( "size" arg /* Virtual-machine secondary disk size */ ) ).as(:oneline) ) ) ) ) ) ), "unified-access-control" ( /* Configure Unified Access Control */ c( "infranet-controller" arg ( /* Configure infranet controller */ c( "address" ( /* Infranet controller IP address */ ipv4addr /* Infranet controller IP address */ ), "port" arg /* Infranet controller port */, "interface" ( /* Outgoing interface */ interface_name /* Outgoing interface */ ), "password" arg /* Infranet controller server password */, "ca-profile" arg /* Define a list of certificate authority */, "server-certificate-subject" arg /* Subject name of infranet controller certificate to match */ ) ), "certificate-verification" ( /* Specify certificate verification requirement */ ("warning" | "required" | "optional") ), "timeout" arg /* Timeout for idle infranet controller link in seconds */, "interval" arg /* Heartbeat interval from infranet controller in seconds */, "timeout-action" ( /* Specify action when infranet controller timeout occurs */ ("close" | "no-change" | "open") ), "test-only-mode" /* Allow all traffic and only log enforcement result */, "event-entry-lifetime" arg /* Interval between successive NO-AUTH msgs for same src ip in seconds */, "traceoptions" ( /* UAC trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("all" | "ipc" | "config" | "connect")) /* Tracing parameters */.as(:oneline) ) ), "captive-portal" arg ( /* Unauthenticated HTTP redirect */ c( "redirect-traffic" ( /* Traffic to redirect */ ("unauthenticated" | "all") ), "redirect-url" arg /* Redirect URL for unauthenticated users */ ) ) ) ), "agf" ( /* Configuration for access gateway function */ c( "node-name" arg /* AGF node name */, "node-id" arg /* AGF node identifier */, "ip-address" ( /* AGF ip address */ ipv4addr /* AGF ip address */ ), "n2-proxy" ( /* N2 proxy settings */ c( "ip-address" ( /* N2 proxy ip address */ ipv4addr /* N2 proxy ip address */ ), "port" arg /* N2 proxy port number */ ) ), "plmn" arg ( /* AGF public land mobile network */ c( "mcc" arg /* Mobile country code */, "mnc" arg /* Mobile network code */ ) ), "tracking-area" arg ( /* Tracking area */ c( "plmn" arg ( /* Public land mobile network */ c( "s-nssai" arg ( /* Single network slice selection assistance information */ c( "sst" ( /* Slice service type */ ("embb" | "urllc" | "miot" | "v2x") ), "sd" arg /* Selection differentiator */ ) ) ) ) ) ), "amf" arg ( /* AGF access and mobility management function */ c( "node-id" arg /* AMF node identifier */, "ip-address" ( /* AMF ip address */ ipv4addr /* AMF ip address */ ), "port" arg /* AMF port number */, "default-amf" /* Configure a default AMF */ ) ) ) ), "flow-collector" ( /* Configure options to control flow collector */ c( "analyzer-address" ( /* Analyzer IP address field override value */ ipv4addr /* Analyzer IP address field override value */ ), "analyzer-id" arg /* Analyzer ID field override value */, "retry" arg /* Transfer retry attempt count */, "retry-delay" arg /* Delay between transfer retry attempts */, "destinations" ( /* Configure destination for files */ collector_destinations_type /* Configure destination for files */ ), "file-specification" ( /* File format specification */ file_specification_type /* File format specification */ ), "interface-map" ( /* Input interface to Collector PIC mapping */ interface_map_type /* Input interface to Collector PIC mapping */ ), "transfer-log-archive" ( /* Transfer log archive specification */ collector_transfer_log_archive_type /* Transfer log archive specification */ ) ) ), "captive-portal" ( /* Captive Portal options */ juniper_services_captive_portal /* Captive Portal options */ ), "logging" ( /* Bulk logging configuration */ juniper_pic_services_logging_options /* Bulk logging configuration */ ), "application-identification" ( /* Application identification configuration */ c( "enable-heuristics" /* Enable heuristic application identification */, "enable-performance-mode" ( /* Enable performance mode knobs for best DPI performance */ c( "max-packet-threshold" arg /* Max packet inspection threshold including both c2s ans s2c direction packets. Default value is 2 if not configured */ ) ), "imap-cache-timeout" arg /* IMAP cache entry timeout in seconds */, "imap-cache-size" arg /* IMAP cache size, it will be effective only after next appid sigpack install */, "download" ( c( "url" arg /* URL for application package download */, "ignore-server-validation" /* Disable server authentication for Applicaton Signature download */, "automatic" ( /* Scheduled download and update */ c( "start-time" arg /* Start time(MM-DD.hh:mm / YYYY-MM-DD.hh:mm:ss) */, "interval" arg /* Attempt to download new application package */ ) ), "proxy-profile" arg /* Configure web proxy for Application signature download */ ) ), "statistics" ( /* Configure application statistics information */ c( "interval" arg /* Application statistics collection interval */ ) ), "nested-application-settings" ( /* Nested application settings */ c( "no-nested-application" /* Disable nested application identification */, "no-application-system-cache" /* Not to save nested AI match in application system cache */ ) ), "no-application-identification" /* Disable all application identification methods */, "no-signature-based" /* Disable signature based method */, "no-protocol-based" /* Disable protocol based method */, "signature-method-all-ports" /* Use signature-method on all(including well-known) ports */, "no-clear-application-system-cache" /* Disable clearing application system cache */, "no-application-system-cache" /* Disable storing AI result in application system cache */, "no-application-statistics" /* Disable application statistics */, "max-sessions" arg /* Max sessions that can run AI at the same time */, "application-system-cache-timeout" arg /* Application system cache entry lifetime */, "application-system-cache" ( /* Enable or Disable application system cache */ c( "security-services" /* Enable ASC for security services (appfw, appqos, idp, skyatp..) */, "no-miscellaneous-services" /* Disable ASC for miscellaneous services APBR,... */ ) ), "micro-apps" /* Enable Micro Apps identifcation */, "max-transactions" arg /* Number of transaction finals to terminate application classification */, "custom-application-byte-limit" arg /* Max bytes to be scanned for identification of custom application */, "max-memory" arg /* Maximum amount of object cache memory JDPI can use (in MB) */, "max-checked-bytes" arg /* Inspect the maximal number of bytes */, "application" arg ( /* Configure application definition */ c( "type" arg /* Well-known application such as HTTP and FTP */, "index" arg /* Custom index (32768..65534). Application index */, "tags" arg ( /* Application tags eg. risk factors, technology, traffic type */ c( arg /* Value */ ) ), "session-timeout" ( /* Lifetime of a session */ ("0" | "30" | "60" | "1800" | "3600" | "43200" | "86400" | "2592000") ), "idle-timeout" ( /* Remove the session if no packets */ ("0" | "5" | "15" | "30" | "60" | "1800" | "3600") ), "type-of-service" ( /* Type of service */ c( "minimize-delay" /* Requires minimal delay in packet transmission */, "maximize-throughput" /* Requires maximal throughput in packet transmission */, "maximize-reliability" /* Requires maximal reliability in packet transmission */, "minimize-monetary-cost" /* Requires minimal monetary cost in packet transmission */ ) ), "disable" /* Disable this application definition in AI */, "cacheable" /* Cacheable */, "risk" arg /* Risk/Hotness of application */, "description" arg /* Text description of application */, "priority" ( /* Application matching priority */ ("high" | "low") ), "order" arg /* The order value, lower the value higher the priority */, "maximum-transactions" arg /* Maximum number of transactions matched by AI */, "alt-name" arg /* Alt name for the application */, "compatibility" arg /* Juniper compatibility version */, "port-mapping" ( c( "icmp" ( /* Match ICMP message */ c( "type" arg /* Numeric type value (0 .. 254) */, "code" arg /* Numeric code value (0 .. 254) */ ) ), "protocol" arg /* Numeric protocol value (0 .. 254) */, "port-range" ( /* Used by port-based AI method */ c( "tcp" arg /* TCP port range */, "udp" arg /* UDP port range */ ) ), "disable" /* Disable port-based method for this application */ ) ), "icmp-mapping" ( /* Match ICMP message */ c( "type" arg /* Numeric type value */, "code" arg /* Numeric code value */, "order" arg /* The Order value */, "order-priority" ( /* Application matching priority */ ("high" | "low") ) ) ), "ip-protocol-mapping" ( /* Match IP protocol */ c( "protocol" arg /* Numeric protocol value */, "order" arg /* The Order value */, "order-priority" ( /* Application matching priority */ ("high" | "low") ) ) ), "address-mapping" arg ( /* Match IP address */ c( "filter" ( /* Match IP/port */ c( "ip" ( /* IP address and prefix-length */ ipprefix /* IP address and prefix-length */ ), "port-range" ( /* Port ranges */ c( "tcp" arg /* TCP port range */, "udp" arg /* UDP port range */ ) ) ) ), "source" ( /* Match IP source address */ c( "ip" ( /* IP address and prefix-length */ ipprefix /* IP address and prefix-length */ ), "wildcard-address" ( /* IP wildcard address and mask */ sc( "wildcard-mask" ( /* IP wildcard address mask */ ipaddr /* IP wildcard address mask */ ), ipaddr /* IP wildcard address */ ) ).as(:oneline), "port-range" ( /* IP port ranges */ c( "tcp" arg /* TCP port range */, "udp" arg /* UDP port range */ ) ) ) ), "destination" ( /* Match IP destination address */ c( "ip" ( /* IP address and prefix-length */ ipprefix /* IP address and prefix-length */ ), "wildcard-address" ( /* IP wildcard address and mask */ sc( "wildcard-mask" ( /* IP wildcard address mask */ ipaddr /* IP wildcard address mask */ ), ipaddr /* IP wildcard address */ ) ).as(:oneline), "port-range" ( /* IP port ranges */ c( "tcp" arg /* TCP port range */, "udp" arg /* UDP port range */ ) ) ) ), "order" arg /* Application matching priority */, "order-priority" ( /* Application matching priority */ ("high" | "low") ) ) ), "over" arg ( /* Set of L4/L7 application that carries given application */ c( "protocol" ( /* Application protocol */ ("http" | "ssl" | "udp" | "tcp") ), "chain-order" /* The order of members is used to match the pattern */, "order-priority" ( /* Application matching priority */ ("high" | "low") ), "order" arg /* The order value */, "port-range" ( /* Apply signature to packets sent to this port range */ c( "tcp" arg /* TCP port range */, "udp" arg /* UDP port range */ ) ), "member" arg ( /* Pattern matched on client-to-server packets */ c( "context" arg /* Context to be matched on */, "pattern" arg /* Pattern matched on context */, "direction" ( /* Connection direction of the packets to apply pattern matching */ ("client-to-server" | "server-to-client" | "any") ), "check-bytes" arg /* Maximum number of bytes to check for stream context */ ) ), "signature" arg ( /* Application signature for pattern matching */ c( "port-range" arg /* Port range */, "member" arg ( /* Application signature member */ c( "depth" arg /* Maximum number of bytes to check for context match */, "context" arg /* Context to be matched on */, "pattern" arg /* DFA pattern matched on context */, "direction" ( /* Connection direction of the packets to apply pattern matching */ ("client-to-server" | "server-to-client" | "any") ) ) ) ) ) ) ) ) ), "nested-application" arg ( /* Configure nested application definition */ c( "type" arg /* Well-known application such as FACEBOOK and KAZZA */, "index" arg /* Custom index (32768..65534). Application index */, "protocol" arg /* Name of layer 7 application that carries nested application */, "signature" arg ( /* Nested application signature for pattern matching */ c( "member" arg ( /* Pattern matched on client-to-server packets */ c( "context" arg /* Context to be matched on */, "pattern" arg /* Pattern matched on context */, "direction" ( /* Connection direction of the packets to apply pattern matching */ ("client-to-server" | "server-to-client" | "any") ), "check-bytes" arg /* Maximum number of bytes to check for stream context */ ) ), "chain-order" /* The order of members is used to match the pattern */, "maximum-transactions" arg /* Maximum number of transactions matched by AI */, "order" arg /* Application matching priority */, "insert-before" ( /* Insert before another signature */ c( arg /* An application name */ ) ) ) ) ) ), "application-group" arg ( /* Define application group */ c( "tag-group" arg ( /* Configure application tag group that belong to this application group */ c( "application-tags" arg /* Name of application tag to configure */ ) ), "application-groups" arg /* Configure child application group(s) */, "applications" arg /* Configure applications that belong to this application group */, "disable" /* Disable this application group definition in AI */ ) ), "rule" arg ( /* One or more application rules for address-based method AI */ c( "application-name" arg /* Name of application that is target of this rule */, "address" arg ( /* Configure one of more addresses */ c( "source" ( /* Match IP source address */ c( "ip" ( /* IP address and prefix-length */ ipv4prefix /* IP address and prefix-length */ ), "port-range" ( /* IP port ranges */ c( "tcp" arg /* TCP port range */, "udp" arg /* UDP port range */ ) ) ) ), "destination" ( /* Match IP destination address */ c( "ip" ( /* IP address and prefix-length */ ipv4prefix /* IP address and prefix-length */ ), "port-range" ( /* IP port ranges */ c( "tcp" arg /* TCP port range */, "udp" arg /* UDP port range */ ) ) ) ), "order" arg /* Application matching priority */ ) ) ) ), "rule-set" arg ( /* One or more application rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ), "profile" arg ( /* One or more application rule-sets */ c( "rule-set" arg /* One or more rule-sets in the profile */ ) ), "traceoptions" ( /* Trace options for application identification */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("all")) /* Events and other information to include in trace output */.as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ) ) ), "inspection-limit" ( /* Bytes and packets limit for AppID inspection. */ c( "tcp" ( /* TCP byte/packet inspection limit. */ c( "byte-limit" arg /* TCP byte inspection limit. (Default 6000) */, "packet-limit" arg /* TCP packet inspection limit. */ ) ), "udp" ( /* UDP byte/packet inspection limit. */ c( "byte-limit" arg /* UDP byte inspection limit. */, "packet-limit" arg /* UDP packet inspection limit. (Default 10) */ ) ) ) ), "global-offload-byte-limit" arg /* Global byte limit to offload AppID inspection. (Default 10000) */, "packet-capture" ( /* To capture the unknown application traffic */ c( "global" /* Enable global capturing of application traffic */, "aggressive-mode" /* This mode captures all traffic prior to AppID classification */, "max-packets" arg /* Maximum number of UDP packets per session */, "max-bytes" arg /* Maximum number of TCP bytes per session */, "max-files" arg /* Maximum number of unique pcap files */, "no-inconclusive" /* Disable capturing of inconclusive traffic */, "storage-limit" arg /* Maximum disk space */, "buffer-packets-limit" arg /* Maximum memory to buffer packets */, "capture-interval" arg /* Timeout to avoid repetitive capture of same traffic (minutes) */, "capture-limit" arg /* Number of repetitive captures of same traffic */, "ssl-unknown" /* This mode captures all SSL unknown traffic */ ) ), "l3l4-app-reclassification" /* Enable l3l4 custom app to be reclassified by jdpi ignoring results from other plugins */ ) ), "service-set" arg ( /* Define a service set */ c( "syslog" ( /* Define system logging parameters */ log_object /* Define system logging parameters */ ), "max-flows" arg /* Maximum number of flows allowed for a service set */, "hosted-service-identifier" arg /* Service Set to Hosted service Map */, "max-session-setup-rate" arg /* Maximum number of session creations allowed per second */, "max-drop-flows" ( /* Maximum number of drop flows allowed for a service-set */ c( "ingress" arg /* Maximum number of ingress drop flows allowed */, "egress" arg /* Maximum number of egress drop flows allowed */ ) ), "snmp-trap-thresholds" ( /* Define snmp traps for service sets */ c( "flow" ( /* Flow Threshold range for a service set */ sc( "low" arg /* Lower limit of flow threshold */, "high" arg /* Upper limit of flow threshold */ ) ).as(:oneline), "nat-address-port" ( /* Nat Address and port usage trap threshold range */ sc( "low" arg /* Lower limit of trap threshold */, "high" arg /* Upper limit of trap threshold */ ) ).as(:oneline), "session" ( /* Session threshold range for a service set */ sc( "low" arg /* Lower limit of flow threshold */, "high" arg /* Upper limit of flow threshold */ ) ).as(:oneline) ) ), "tcp-mss" arg /* Enable the limit on TCP Max. Seg. Size in SYN packets */, "cos-options" ( /* Options for COS service */ c( "match-rules-on-reverse-flow" /* If forward rules match fails, do it on reverse flow */ ) ), "softwire-options" ( /* Options for softwire */ c( "dslite-ipv6-prefix-length" ( /* The ipv6 prefix length for subscriber addresses */ ("56" | "64" | "96" | "128") ) ) ), "nat-options" ( /* Options for NAT */ c( "stateful-nat64" ( /* Options for stateful NAT64 */ c( "no-v6-frag-header" /* No fragmentation header in IPv6 header during IPv4 to IPv6 translation */, "clear-dont-fragment-bit" /* Clear DF bit in IPv4 header if IPv6 packet size is less than 1280 bytes */, "ipv6-mtu" arg /* Path MTU of IPv6 network */, "disable-h323-ras" /* Disable H323 and RAS ALG for NAT64 */ ) ), "nptv6" ( /* Options for NPTv6 */ c( "icmpv6-error-messages" /* Send ICMP Error messages if NPTv6 address translation fails */ ) ), "land-attack-check" ( /* Enable land attack checks */ ("ip-only" | "ip-port") ), "max-sessions-per-subscriber" arg /* Limit the number of sessions per subscriber */, "snmp-value-match-msmic" /* Match the MSMIC specific snmp values for the msdpc */ ) ), "service-set-options" ( /* Options for service set */ c( "tcp-non-syn" ( /* Deny session creation on receiving first non SYN pkt */ ("drop-flow" | "drop-flow-send-rst") ), "tcp-fast-open" ( /* Tcp-fast-Open enabled packets will be handled accordingly */ ("disabled" | "drop") ), "bypass-traffic-on-pic-failure" /* Bypass traffic on service PIC failure */, "bypass-traffic-on-exceeding-flow-limits" /* Bypass traffic when exceeding the max flow limit */, "enable-asymmetric-traffic-processing" /* Enable service-processing for asymmetric traffic */, "subscriber-awareness" /* Enable subscriber awareness on the service chain */, "static-subscriber-application" /* Enable static subscriber on the service set */, "header-integrity-check" ( /* Enable/Disable header integrity checks */ c( "enable-all" /* Enable all header integrity checks */ ) ), "enable-descriptive-session-syslog" /* This knob enables descriptive session syslogs for OPEN and CLOSE */, "enable-change-on-ams-redistribution" /* Allow NAT pool change on AMS redistribution */, "routing-engine-services" /* Enable service-processing at RE */, "inactivity-non-tcp-timeout" arg /* Inactivity timeout period for non-TCP established sessions */, "session-timeout" arg /* Session timeout period for established sessions */, "session-limit" ( /* Session limit */ c( "maximum" arg /* Maximum number of sessions allowed simultaneously */ ) ), "max-sessions-per-subscriber" arg /* Limit the number of sessions per subscriber */, "tcp-session" ( /* Transmission Control Protocol session configuration */ c( "tcp-mss" arg /* Enable the limit on TCP Max. Seg. Size in SYN packets */, "tcp-tickles" arg /* Number of TCP keep-alive packets to be sent for bi-directional TCP flows */, "open-timeout" arg /* Timeout period for TCP session establishment */, "inactivity-tcp-timeout" arg /* Inactivity timeout period for TCP established sessions */, "inactivity-asymm-tcp-timeout" arg /* Inactivity timeout period for asymmetric TCP established sessions */, "ignore-errors" ( /* Ignore anomalies or errors */ sc( "tcp" /* TCP protocol errors */ ) ).as(:oneline), "close-timeout" arg /* Timeout period for TCP session tear-down */, "tcp-non-syn" ( /* Deny session creation on receiving first non SYN pkt */ ("drop-flow" | "drop-flow-send-rst") ), "tcp-fast-open" ( /* Tcp-fast-Open enabled paclets will be handled accordingly */ ("disabled" | "drop") ) ) ), "enforce-global-timeout" /* Enforce global inactivity or session timeout */, "unidirectional-session-refreshing" ( /* Enable unidirectional session refreshing on this service-set */ ("input" | "output") ) ) ), "replicate-services" ( /* Define services that will be replicated to peer. */ c( "replication-threshold" arg /* Duration in seconds for which flow should remain active for replication. (Min 180s) */, "disable-replication-capability" /* Disable replication capability for this service-set */ ) ), "allow-multicast" /* Allow multicast packets */, c( "softwire-rules" arg /* List of softwire rules */, "softwire-rule-sets" arg /* List of softwire rule sets */ ), "softwires-rule-set" arg /* List of softwire rule sets */, c( "stateful-firewall-rules" arg /* List of stateful firewall rules */, "stateful-firewall-rule-sets" arg /* List of stateful firewall rule sets */ ), c( "ids-option" arg /* List of ids-options */ ), c( "pcp-rules" arg /* List of PCP rules */, "pcp-rule-sets" arg /* List of PCP rule sets */ ), "appid-profile" arg /* Define AppID profile */, c( "nat-rules" arg /* List of NAT rules */, "nat-rule-sets" arg /* List of NAT rule sets */ ), c( "ip-reassembly-rules" arg /* List of ip-reassembly rules */ ), c( "ids-rules" arg /* List of IDS rules */, "ids-rule-sets" arg /* List of IDS rule sets */ ), c( "cos-rules" arg /* One or more CoS rules */, "cos-rule-sets" arg /* One or more CoS rule sets */ ), c( "aacl-rules" arg /* One or more AACL rules */, "aacl-rule-sets" arg /* One or more AACL rule sets */ ), "aacl-dyn-rules" arg /* One or more AACL rule */, c( "pgcp-rules" arg /* One or more PGCP rules */, "pgcp-rule-sets" arg /* One or more PGCP rule sets */ ), "jflow-rules" ( /* One or more jflow rules */ c( "sampling" ( c( "instance" arg /* Name of the instance */ ) ) ) ), c( "application-identification-profile" arg /* Define Application Identification profile */ ), "pcef-profile" arg /* Define PCEF profile */, "lrf-profile" arg /* Define logging and reporting profile */, "hcm-profile" arg /* Define HCM profile */, "web-filter-profile" arg /* Define WEB filtering profile */, c( "hcm-url-rules" arg /* One or more HCM uri rules */, "hcm-url-rule-sets" arg /* One or more HCM url rule sets */ ), c( "tag-rules" arg /* One or more HCM tag rules */, "tag-rule-sets" arg /* One or more HCM tag rule sets */ ), c( "idp-profile" arg /* IDP policy to use */ ), c( "captive-portal-content-delivery-profile" arg /* Define captive portal and content delivery profile */ ), c( "policy-decision-statistics-profile" ( /* Define policy decision statistics profile */ c( arg ) ) ), c( "interface-service" ( /* Define parameters for interface-specific service sets */ c( "service-interface" ( /* Services interface to use */ interface_unit /* Services interface to use */ ), "load-balancing-options" ( c( "hash-keys" ( c( "resource-triggered" /* Resource Triggered load balancing */, "ingress-key" ( /* Hash Key for the ingress direction */ enum(("source-ip" | "destination-ip" | "protocol" | "iif")) ), "egress-key" ( /* Hash Key for the egress direction */ enum(("source-ip" | "destination-ip" | "protocol" | "oif")) ) ) ) ) ) ) ), "sampling-service" ( /* Define parameters for sampling service sets */ c( "service-interface" ( /* Services interface to use */ interface_unit /* Services interface to use */ ) ) ), "next-hop-service" ( /* Define parameters for next-hop service sets */ c( "inside-service-interface" ( /* Service interface to inside network */ interface_unit /* Service interface to inside network */ ), "outside-service-interface" ( /* Service interface name */ interface_unit /* Service interface name */ ), "outside-service-interface-type" ( /* Service interface type local for reassembly service */ ("local") ), "service-interface-pool" arg /* Service interface pool name */ ) ) ), "extension-service" arg /* Define the customer specific extensions */, "service-order" ( /* Define of order of services to be applied */ c( "forward-flow" arg /* Service Order for forward flow */, "reverse-flow" arg /* Service Order for reverse flow */ ) ), "jflow-log" ( /* Define Jflow-logging parameters. */ c( "template-profile" arg /* Allow jflow messages for applications */ ) ), "flow" ( /* Define flow parameters */ c( "traceoptions" /* Trace options for flow services */ ) ), "ipsec-vpn-options" ( /* Define IPSec VPN options */ service_set_ipsec_vpn_options_object /* Define IPSec VPN options */ ), c( "ipsec-vpn-rules" arg /* List of IPSec VPN rules */, "ipsec-vpn-rule-sets" arg /* List of IPSec VPN rule sets */ ), "ipsec-group-vpn" arg /* Designate service-set to a Group VPN */, "redundancy-set-id" arg /* Redundancy set identifier */ ) ), "ipsec-vpn" ( /* Configure IPSec VPN service */ c( "rule" ( /* Define an IPSec rule */ ipsec_vpn_rule_object /* Define an IPSec rule */ ), "rule-set" arg ( /* Defines a set of IPSec rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ), "ipsec" ( /* IPSec configuration */ services_ipsec /* IPSec configuration */ ), "ike" ( /* IKE configuration */ services_ike /* IKE configuration */ ), "traceoptions" ( /* Trace options for IPSec key management process */ ipsec_services_traceoptions /* Trace options for IPSec key management process */ ), "no-ipsec-tunnel-in-traceroute" /* Do not display IPSec tunnel endpoint in traceroute output */, "establish-tunnels" ( /* Define the criteria to establish tunnels */ ("immediately" | "on-traffic" | "responder-only") ), "clear-ike-sas-on-pic-restart" /* Clear IKE SAs when the corresponding PIC restarts */, "clear-ipsec-sas-on-pic-restart" /* Clear IPSec SAs when the corresponding PIC restarts */, "disable-natt" /* Disable NAT traversal even if NAT is detected */ ) ), "lrf" ( /* Logging and reporting service configuration */ c( "profile" ( /* One or more LRF profiles */ lrf_profile_object /* One or more LRF profiles */ ) ) ), "pcef" ( /* Policy and Charging Enforcement Function(PCEF) configuration */ services_pcef /* Policy and Charging Enforcement Function(PCEF) configuration */ ), "mobile-edge" ( /* Mobile edge configuration */ c( "gateways" ( /* Gateways */ c( "description" arg /* Description of the gateway */, "resource-management" ( /* Configure resource management packet steering daemon */ c( "server" ( /* Configure resource management packet steering daemon */ c( "traceoptions" ( /* Resource management packet steering daemon trace options */ rmpsd_traceoptions_type /* Resource management packet steering daemon trace options */ ) ) ), "client" ( /* Configure resource management packet steering client */ c( "traceoptions" ( /* Resource management packet steering client trace options */ rmps_clnt_traceoptions_type /* Resource management packet steering client trace options */ ) ) ) ) ), "saegw" ( /* SAE gateway name */ saegw_names /* SAE gateway name */ ) ) ), "pfcp" ( /* Trace options for upad pfcp */ c( "traceoptions" ( /* SAEGW upad pfcp trace options */ pfcp_traceoptions_type /* SAEGW upad pfcp trace options */ ) ) ), "session-manager" ( /* Trace options for upad session-manager */ c( "traceoptions" ( /* SAEGW upad session-manager trace options */ sm_traceoptions_type /* SAEGW upad session-manager trace options */ ) ) ), "charging-module" ( /* Trace options for upad charging-module */ c( "traceoptions" ( /* SAEGW upad charging-module trace options */ cm_traceoptions_type /* SAEGW upad charging-module trace options */ ) ) ) ) ), "security-intelligence" ( c( "url" arg /* Configure the url of feed server [https://:/] */, "authentication" ( /* Authenticate to use feed update services */ c( "auth-token" arg /* Token string for authentication */, "tls-profile" arg /* TLS profile */ ) ), "traceoptions" ( /* Security intelligence trace options */ secintel_traceoptions /* Security intelligence trace options */ ) ) ), "ssl" ( /* Configuration for Secure Socket Layer support service */ c( "traceoptions" ( /* Trace options for Secure Socket Layer support service */ ssl_traceoptions /* Trace options for Secure Socket Layer support service */ ), "termination" ( /* Configuration for Secure Socket Layer termination support service */ ssl_termination_config /* Configuration for Secure Socket Layer termination support service */ ), "initiation" ( /* Configuration for Secure Socket Layer initiation support service */ ssl_initiation_config /* Configuration for Secure Socket Layer initiation support service */ ), "proxy" ( /* Configuration for Secure Socket Layer proxy support service */ ssl_proxy_config /* Configuration for Secure Socket Layer proxy support service */ ) ) ), "web-proxy" ( /* Configuration for Web Proxy service */ c( "traceoptions" ( /* Trace options for Web Proxy service */ web_proxy_traceoptions /* Trace options for Web Proxy service */ ), "secure-proxy" ( /* Configuration for Secure Web Proxy profile */ web_config /* Configuration for Secure Web Proxy profile */ ) ) ), "stateful-firewall" ( /* Configure stateful firewall services */ c( "rule" ( /* Define a stateful firewall rule */ sfw_rule_object /* Define a stateful firewall rule */ ), "rule-set" arg ( /* Define a set of stateful firewall rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ) ) ), "ip-reassembly" ( /* Configure ip-reassembly services */ c( "profile" ( /* Define a ip reassembly profile */ ipr_profile_object /* Define a ip reassembly profile */ ), "rule" ( /* Define a ip reassembly rule */ ipr_rule_object /* Define a ip reassembly rule */ ), "rule-set" arg ( /* Define a set of ip reassembly rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ) ) ), "softwire" ( /* Configure softwire services */ c( "ipv6-multicast-interfaces" ("all" | "interface-name") /* Enable IPv6 multicast filter */, "softwire-concentrator" ( /* Configure softwire concentrators */ c( "ds-lite" ( /* Configure DS-Lite concentrator */ dslite_object /* Configure DS-Lite concentrator */ ), "v6rd" ( /* Configure 6rd concentrator */ v6rd_object /* Configure 6rd concentrator */ ), "map-e" ( /* Configure MAP-E concentrator */ mape_object /* Configure MAP-E concentrator */ ) ) ), "rule" ( /* Define a softwire rule */ sw_rule_object /* Define a softwire rule */ ), "rule-set" arg ( /* Define a set of softwire rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ) ) ), "aacl" ( /* Application Aware Access List services configuration */ c( "rule" ( /* One or more AACL rules */ aacl_rule_object /* One or more AACL rules */ ), "rule-set" arg ( /* Define a Set of AACL rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ), "aacl-dyn-rule-set" arg ( /* Define a set of AACL dynamic rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ) ) ), "hcm" ( /* Http Content Management services configuration */ c( "url-rule" ( /* One or more url HCM rules */ hcm_url_rule_object /* One or more url HCM rules */ ), "tag-rule" ( /* One or more HCM tag rules */ hcm_tag_rule_object /* One or more HCM tag rules */ ), "url-list" ( /* List of URL's */ hcm_url_list_object /* List of URL's */ ), "tag-attribute" ( /* Tag Attributes (Subscriber Aware Attrs: imsi,msisdn,ipv4addr,imei,ipv6addr,apn,ggsnipv4,ggsnipv6) */ ("ipv4addr" | "ipv6addr") ), "url-rule-set" arg ( /* Define a Set of HCM url rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ), "tag-rule-set" arg ( /* Define a Set of HCM tag rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ), "profile" arg ( /* HCM Profile Name */ c( "tag-rule" ( /* Tag rule to be included in this profile */ c( arg /* Tag Rule name */ ) ) ) ) ) ), "cos" ( /* Class of Service services configuration */ cos_object /* Class of Service services configuration */ ), "pgcp" ( /* Packet Gateway Control Protocol services configuration */ c( "traceoptions" ( /* Trace options for packet gateway service */ c( "flag" ( /* Per-component trace options */ c( "default" ( /* Default trace level for all the components */ ("trace" | "debug" | "info" | "warning" | "error") ), "h248-stack" ( /* H248 stack sub-components */ c( "default" ( /* Default trace level for the H248 stack subcomponents */ ("trace" | "debug" | "info" | "warning" | "error") ), "control-association" ( /* Control association trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "media-gateway" ( /* Media gateway trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "messages" /* Enable H248 dump messages */ ) ), "bgf-core" ( /* BGF core sub-components */ c( "default" ( /* Default trace level for the bgf core subcomponents */ ("trace" | "debug" | "info" | "warning" | "error") ), "firewall" ( /* Firewall trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "gate-logic" ( /* Gate trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "policy" ( /* Policy trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "pic-broker" ( /* PIC broker trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "statistics" ( /* Statistics trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "common" ( /* Common trace level */ ("trace" | "debug" | "info" | "warning" | "error") ) ) ), "sbc-utils" ( /* SBC utils sub-components */ c( "default" ( /* Default trace level for the sbc-utils subcomponents */ ("trace" | "debug" | "info" | "warning" | "error") ), "common" ( /* Common utils trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "configuration" ( /* Configuration trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "device-monitor" ( /* Device-monitor trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "ipc" ( /* IPC trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "memory-management" ( /* Memory mgmt trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "messaging" ( /* Messaging trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "user-interface" ( /* UI trace level */ ("trace" | "debug" | "info" | "warning" | "error") ) ) ) ) ), "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline) ) ), "media-service" ( /* One or more PGCP media service */ pgcp_media_service_object /* One or more PGCP media service */ ), "virtual-interface" ( /* One or more Virtual Interfaces */ pgcp_virtual_interface_object /* One or more Virtual Interfaces */ ), "gateway" ( /* One or more Packet Gateways */ pgcp_gateway_object /* One or more Packet Gateways */ ), "rule" ( /* One or more PGCP rules */ pgcp_rule_object /* One or more PGCP rules */ ), "rule-set" arg ( /* Define a Set of PGCP rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ), "session-mirroring" ( /* Session mirroring configuration */ pgcp_session_mirroring_object /* Session mirroring configuration */ ), "notification-rate-limit" arg /* Max number of notifications/second sent to PGC */ ) ), "border-signaling-gateway" ( /* Border signaling service configuration */ c( "gateway" ( gateway_type ) ) ), "ids" ( /* Configure the intrusion detection system */ c( "rule" ( /* Define an IDS rule */ ids_rule_object /* Define an IDS rule */ ), "rule-set" arg ( /* Define a set of IDS rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ) ) ), "nat" ( /* Configure Network Address Translation */ nat_object /* Configure Network Address Translation */ ), "pcp" ( /* Configure Port Control Protocol */ pcp_object /* Configure Port Control Protocol */ ), "l2tp" ( /* Configure Layer 2 Tunneling Protocol service */ c( "tunnel-group" ( /* Layer 2 Tunneling Protocol profile */ l2tp_tunnel_group_object /* Layer 2 Tunneling Protocol profile */ ), "ip-reassembly" ( /* Configure IP Reassembly parameters */ c( "service-set" arg /* Name of IP Reassembly service set */ ) ), "traceoptions" ( /* Layer 2 Tunneling Protocol daemon trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("gres" | "init" | "events" | "memory" | "message" | "packet-error" | "parse" | "receive-packets" | "session-db" | "states" | "timer" | "transmit-packets" | "routing-socket" | "routing-process" | "protocol" | "configuration" | "ipc-tx" | "ipc-rx" | "general" | "tunnel" | "stats" | "authentication" | "all")) /* Tracing parameters */.as(:oneline), "debug-level" ( /* Trace level for PPP, L2TP, RADIUS, and UDP */ ("error" | "detail" | "packet-dump") ), "filter" ( /* Filter to control trace messages */ c( "protocol" enum(("ppp" | "l2tp" | "radius" | "udp")) /* Additional filter for protocol */.as(:oneline), "user-name" arg /* Additional filter by user name */, "user" ( /* Filter by user name */ c( arg ) ) ) ), "interfaces" ( /* Layer 2 Tunneling Protocol service interface */ l2tp_interface_traceoptions /* Layer 2 Tunneling Protocol service interface */ ) ) ), "weighted-load-balancing" /* Enable weighted-load-balancing for LAC sessions */, "destination-equal-load-balancing" /* Enable equal load balancing of destinations */, "drain" /* Prevents creation of destinations, tunnels and sessions */, "failover-within-preference" /* Enable failover-within-preference level for LAC sessions */, "disable-calling-number-avp" /* Disable the calling number AVP in ICRQ packet */, "disable-failover-protocol" /* Disable failover protocol resync mechanism */, "rx-connect-speed-when-equal" /* Generate rx connect speed AVP when tx equals rx speed */, "tx-connect-speed-method" ( /* TX connect speed method */ ("none" | "static" | "ancp" | "pppoe-ia-tag" | "service-profile") ), "maximum-sessions" arg /* Maximum number of sessions per chassis */, "tunnel" ( /* System wide tunnel attributes */ c( "name" arg ( sc( "address" arg ( /* Address of the tunnel destination */ sc( "routing-instance" arg ( /* Routing instance in which tunnel exists */ sc( "drain" /* Prevents assignment of sessions to tunnel */ ) ).as(:oneline), "drain" /* Prevents assignment of sessions to tunnel */ ) ).as(:oneline), "drain" /* Prevents sessions assignment to tunnel */ ) ).as(:oneline), "assignment-id-format" ( /* Assignment id format */ ("assignment-id" | "client-server-id") ), "retransmission-count-established" arg /* Max Retransmission count for Established tunnels */, "retransmission-count-not-established" arg /* Max Retransmission count for Not Established tunnels */, "nas-port-method" ( /* Tunnel network access server port method */ ("cisco-avp") ), "minimum-retransmission-timeout" ( /* Min retransmission timeout for control packets in seconds (default 1) */ ("1" | "2" | "4" | "8" | "16") ), "idle-timeout" arg /* Tunnel idle timeout value in seconds */, "rx-window-size" arg /* Tunnel Receive Window Size */, "tx-address-change" ( /* Tunnel Tx Address Change */ c( "accept" /* Accept Tx IP Address or UDP Port Change */, "ignore" /* Ignore Tx IP Address or UDP Port Change */, "ignore-ip-address" /* Ignore Tx IP Address Change */, "ignore-udp-port" /* Ignore Tx UDP Port Change */, "reject" /* Reject Tx IP Address or UDP Port Change */, "reject-ip-address" /* Reject Tx IP Address Change */, "reject-udp-port" /* Reject Tx UDP Port Change */ ) ), "maximum-sessions" arg /* Maximum number of sessions per tunnel */, "failover-resync" ( /* Tunnel Failover Resync Mechanism */ ("silent-failover" | "failover-protocol") ) ) ), "destruct-timeout" arg /* The destruct timeout in seconds */, "tunnel-switch-profile" arg /* Default tunnel switch profile name */, "destination" ( /* System wide destination attributes */ l2tp_destination_object /* System wide destination attributes */ ), "access-line-information" ( /* Enable system wide sending of access-line attributes */ l2tp_access_line_object /* Enable system wide sending of access-line attributes */ ), "session-limit-group" arg ( /* Session-limit-group configuration */ c( "maximum-sessions" arg /* Maximum number of sessions per tunnel-group */ ) ), "enable-ipv6-services-for-lac" /* Enable IPv6 services for LAC sessions */, "enable-snmp-tunnel-statistics" /* Enable L2TP tunnel statistics for availability via SNMP */ ) ), "adaptive-services-pics" ( /* Adaptive Services PIC daemon configuration */ c( "traceoptions" ( /* Adaptive Services PIC daemon trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("routing-socket" | "routing-protocol" | "service-identification" | "configuration" | "ipc" | "kernel-object" | "snmp" | "all")) /* Tracing parameters */.as(:oneline) ) ) ) ), "license-management" ( /* Configure license management server */ c( "license-server" ( c( "ip-address" ( /* Address of the license log server */ ipv4addr /* Address of the license log server */ ), "log-interval" arg /* Time interval to send data to Log Collector */, "services" ( /* List of services that require throughput data export */ ("jflow" | "cgnat" | "firewall") ) ) ) ) ), "rtlog" ( /* Secure log daemon options */ c( "traceoptions" ( /* Security log daemon trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("source" | "configuration" | "all" | "report" | "hpl")) /* List of things to include in trace */.as(:oneline) ) ) ) ), "soft-gre" ( /* Soft GRE tunnel definitions */ c( soft_gre_tunnel_group_object ) ), "service-interface-pools" ( /* Configure service interface pools */ c( "pool" ( /* Define service interface pool */ service_interface_pool_object /* Define service interface pool */ ) ) ), "hosted-services" ( /* Configuration for services performed in the remote server */ c( "client-profile" arg ( /* Configure client profile */ c( "transport-type" ( /* Transport type */ ("GRE" | "UDP" | "TCP") ), "client-address" ( /* Client address */ ipv4addr /* Client address */ ), "hosted-service-identifier" arg /* Identifier for the service performed on the remote server */ ) ), "server-profile" arg ( /* Configure server profile */ c( "transport-type" ( /* Transport type */ ("GRE" | "UDP" | "TCP") ), "server-address" ( /* Server address */ ipv4addr /* Server address */ ), "client-address" ( /* Client address */ ipv4addr /* Client address */ ), "hosted-service-identifier" arg /* Identifier for the service performed in the remote server */ ) ) ) ), "jflow-log" ( /* Configure jflow-logging parameters for services */ c( "collector" arg ( /* Collector attributes */ c( "destination-address" arg /* IPv4 Address or hostname of the collector */, "destination-port" arg /* Destination port of the collector */, "source-ip" ( /* Source IPv4 Address from which logging is to be done */ ipv4addr /* Source IPv4 Address from which logging is to be done */ ) ) ), "collector-group" arg ( c( "collector" arg /* List of Collector profiles */ ) ), "template-profile" arg ( c( "collector" arg /* Specify a collector name */, "collector-group" arg /* Specify a collector-group name */, "template-type" ( /* Allow jflow-log for applications */ ("nat") ), "version" ( /* Version of jflow-logging */ ("v9" | "ipfix") ), "refresh-rate" ( c( "packets" arg /* Specify number of packets after which templates are sent to collector */, "seconds" arg /* Specify number of seconds after which templates are sent to collector */ ) ) ) ) ) ), "service-device-pools" ( /* Configure service device pools */ c( "pool" ( /* Define service device pool */ service_device_pool_object /* Define service device pool */ ) ) ), "redundancy-set" ( /* Redundancy-set settings */ c( "traceoptions" ( /* Services redundancy trace options */ srd_traceoptions_object /* Services redundancy trace options */ ), srd_rs_id_object /* Definition of redundancy-set */ ) ), "analytics" ( /* Traffic analytics configuration options */ c( "zero-suppression" ( /* Configure suppression of zeros for GRPC sensors */ c( "no-zero-suppression" /* Disable zero suppression */ ) ), "streaming-server" arg ( /* Define Telemetry data servers */ c( "remote-address" ( /* Telemetry server IP address */ ipaddr /* Telemetry server IP address */ ), "remote-port" arg /* Telemetry server Port */, "transport" ( /* Telemetry export transport protocol */ ("udp" | "grpc") ), "dialout" /* Supports dynamic dialout subscriptions */ ) ), "export-profile" arg ( /* Telemetry export profile name */ c( "local-address" ( /* Source address for exported packets */ ipv4addr /* Source address for exported packets */ ), "local-port" arg /* Source port for exported packets */, "dscp" arg /* DSCP value for exported packets */, "forwarding-class" arg /* Forwarding-class for exported packets, applicable only for PFE sensors */, "loss-priority" ( /* Packet Loss Priority for exported packets, applicable only for PFE sensors */ ("low" | "high" | "medium-low" | "medium-high") ), "reporting-rate" arg /* Telemetry interval in seconds, max 24 hours */, "payload-size" arg /* Telemetry payload size */, "format" ( /* Telemetry export record format */ ("gpb" | "gpb-sdm" | "gpb-gnmi" | "json-gnmi") ), "transport" ( /* Telemetry export transport protocol */ ("udp" | "grpc") ) ) ), "sensor" arg ( /* Define Telemetry sensors */ c( "server-name" arg /* Define Telemetry server */, "export-name" arg /* Define Telemetry export profiles */, "polling-interval" arg /* Define sensor polling interval in nano secs (1 .. 4294967295) */, "resource" arg /* System resource identifier string */, "resource-filter" arg /* Regexp for filtering resource instances (1 .. 1024) */, "subscription-id" arg /* Subscription ID (Used internally to group sensors) */, "suppress-zeros" /* Supress zeros while data export */, "reporting-rate" arg /* Telemetry interval in seconds, max 24 hours */, "end-of-sync-identifiers" arg /* Set of end-of-syncs for this sensor */, "target-defined" /* Allow target to decide periodic, on-change or mix */, "life-time" ( /* Denotes sensor life-time */ ("long-lived" | "one-off") ) ) ), "agent" ( /* Configure analytics agent */ c( "service-agents" arg ( /* Analytics service agent configuration */ c( "inputs" ( /* List of input plugins */ c( "input-jti-ipfix" ( /* Junos grpc IPFIX group plugin */ c( "parameters" ( c( "record-group" arg ( /* Group sensors */ c( "reporting-interval" arg /* Reporting-interval */, "record" ( /* Ipfix record name */ ("port-statistics" | "address-pool-utilization" | "dhcpv4-server-stats" | "thermal" | "chassis-inventory" | "chassis-power" | "resource-utilization" | "uptime" | "subscriber-statistics" | "interface-metadata" | "interface-queue-statistics") ) ) ) ) ) ) ), "input-ipfix" ( /* Junos IPFIX Mediator input plugin */ c( "parameters" ( /* List of IPFIX parameters */ c( "tcp-port" arg /* Listening TCP Port for IPFIX Mediator */, "maximum-connections" arg /* Maximum TCP Connections 1..500 */, "vrf-name" arg /* VRF name on which IPFIX packets are accepted */ ) ) ) ), "analytics" ( /* Junos Telemetry plugin */ c( "parameters" ( /* List of key:value parameters */ c( "sample-frequency" arg /* Interval for sensor data in seconds, max 24 hours */, "sensors" arg /* Space separated list of sensor paths */, "generate-tags" /* Enable generation of tags */ ) ) ) ) ) ), "outputs" ( /* List of output plugins */ output_plugin /* List of output plugins */ ) ) ), "traceoptions" ( c( "flag" ( /* Set log level for tracing */ ("trace" | "debug" | "info" | "error") ), "filename" arg /* Configure filename for trace messages */ ) ) ) ), "traceoptions" ( /* Traffic analytics trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("all" | "configuration" | "rtsock" | "client-server" | "interface" | "xmlproxy")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "export-profiles" arg ( /* Mapping of export-profiles to collectors */ c( "stream-format" ( /* Streaming data format */ ("gpb" | "json" | "csv" | "tsv") ), "interface" ( /* Interface specific information */ c( "information" /* Enable streaming of interface information */, "statistics" ( /* Type of statistics to stream */ c( "traffic" /* Enable streaming of interface traffic statistics */, "queue" /* Enable streaming of interface queue statistics */ ) ), "status" ( /* Type of statistics to stream */ c( "link" /* Enable streaming of interface link status */, "traffic" /* Enable streaming of interface traffic status */, "queue" /* Enable streaming of interface queue status */ ) ) ) ), "system" ( /* Interface specific information */ c( "information" /* Enable streaming of system information */, "status" ( /* Type of statistics to stream */ c( "traffic" /* Enable streaming of system traffic status */, "queue" /* Enable streaming of system queue status */ ) ) ) ) ) ), "resource-profiles" arg ( /* Mapping of resource profiles to interfaces/queues/system */ c( "queue-monitoring" /* Enable queue statistics monitoring */, "no-queue-monitoring" /* Don't enable queue statistics monitoring */, "traffic-monitoring" /* Enable traffic statistics monitoring */, "no-traffic-monitoring" /* Don't enable traffic statistics monitoring */, "depth-threshold" ( /* Depth threshold configuration */ sc( "high" arg /* High queue depth threshold */, "low" arg /* Low queue depth threshold */ ) ).as(:oneline), "latency-threshold" ( /* Latency threshold configuration */ sc( "high" arg /* High latency threshold */, "low" arg /* Low latency threshold */ ) ).as(:oneline) ) ), "resource" ( c( "system" ( /* System configuration options */ c( "resource-profile" arg /* Resouce profile name */, "polling-interval" ( /* Polling interval */ c( "traffic-monitoring" arg /* Traffic statistics polling interval */, "queue-monitoring" arg /* Queue statistics polling interval */ ) ) ) ), "interfaces" ( /* Interface configuration options */ c( interface_type ) ) ) ), "collector" ( /* Remote streaming servers configuration options */ c( "local" ( /* Remote streaming servers configuration options */ c( "file" ( /* Log file information */ sc( filename /* Name of file in which to write log information */, "size" arg /* Maximum log file size */, "files" arg /* Maximum number of trace files */ ) ).as(:oneline) ) ), "address" arg ( /* IP address of remote server */ c( "port" arg ( /* Remote streaming server port number */ c( "transport" enum(("tcp" | "udp")) ( /* Transport protocol */ c( "export-profile" arg /* Export profile name */ ) ) ) ) ) ) ) ), "traffic-statistics" ( /* Traffic statistics configuration options */ c( "file" ( /* Log file information */ sc( filename /* Name of file in which to write log information */, "size" arg /* Maximum log file size */, "files" arg /* Maximum number of trace files */ ) ).as(:oneline), "interval" arg /* Traffic statistics polling interval */ ) ), "queue-statistics" ( /* Microburst statistics configuration options */ c( "file" ( /* Log file information */ sc( filename /* Name of file in which to write log information */, "size" arg /* Maximum log file size */, "files" arg /* Maximum number of trace files */ ) ).as(:oneline), "interval" arg /* Queue statistics polling interval */ ) ), "interfaces" ( /* Interface configuration options */ c( interface_type ) ), "streaming-servers" ( /* Remote streaming servers configuration options */ c( "address" arg ( /* IP address of remote server */ c( "port" arg ( /* Remote streaming server port number */ c( "stream-format" ( /* Streaming data format */ ("json" | "csv" | "tsv") ), "stream-type" enum(("traffic-statistics" | "queue-statistics")) /* Type of statistics to stream */ ) ) ) ) ) ) ) ), "traffic-load-balance" ( /* Traffic load balance configuration */ tdir_service_load_balance_object /* Traffic load balance configuration */ ), "network-monitoring" ( /* Network monitoring probe configuration */ tdir_netmon_object /* Network monitoring probe configuration */ ), "web-filter" ( /* Web Filtering service configuration */ c( "multi-tenant-support" /* Enable multi-tenant-support */, "multi-tenant-hash" ( /* Multi-tenant hashed file configuration */ dnsf_multitenant_hash_object /* Multi-tenant hashed file configuration */ ), "profile" ( /* Web Filter profile */ urlf_profile_object /* Web Filter profile */ ), "traceoptions" ( /* Trace options for Web Filter */ urlf_traceoptions_object /* Trace options for Web Filter */ ) ) ) ) ), "access-profile" ( /* Access profile for this instance */ sc( arg /* Profile name */ ) ).as(:oneline), # Ported from vSRX 18.3R1.9 "security" ( /* Security configuration */ c( "alarms" ( /* Configure security alarms */ c( "audible" ( /* Beep when new security alarms arrive */ c( "continuous" /* Keep beeping until all security alarms have been cleared */ ) ), "potential-violation" ( /* Configure potential security violations */ c( "authentication" arg /* Raise alarm for specified number of authentication failures */, "cryptographic-self-test" /* Raise alarm for cryptographic self test failures */, "decryption-failures" ( /* No. of decryption failures before which an alarm needs to be raised */ c( "threshold" arg /* Threshold value [default is 1000] */ ) ), "encryption-failures" ( /* No. of encryption failures before which an alarm needs to be raised */ c( "threshold" arg /* Threshold value [default is 1000] */ ) ), "ike-phase1-failures" ( /* No. of IKE Phase-1 failures before which an alarm needs to be raised */ c( "threshold" arg /* Threshold value [default is 20] */ ) ), "ike-phase2-failures" ( /* No. of IKE Phase-2 failures before which an alarm needs to be raised */ c( "threshold" arg /* Threshold value [default is 20] */ ) ), "key-generation-self-test" /* Raise alarm for key generation self test failures */, "non-cryptographic-self-test" /* Raise alarm for non-cryptographic self test failures */, "policy" ( /* Raise alarm for flow policy violations */ c( "source-ip" ( /* Configure source address type of policy violation */ c( "threshold" arg /* Number of source IP address matches to raise alarm */, "duration" arg /* Time window matches must occur within */, "size" arg /* Total source IP address number that can be done policy violation check concurrently */ ) ), "destination-ip" ( /* Configure destination address type of policy violation */ c( "threshold" arg /* Number of destination IP address matches to raise alarm */, "duration" arg /* Time window matches must occur within */, "size" arg /* Total destination IP address number that can be done policy violation check concurrently */ ) ), "application" ( /* Configure application type of policy violation */ c( "threshold" arg /* Number of application matches to raise alarm */, "duration" arg /* Time window matches must occur within */, "size" arg /* Total application number that can be done policy violation check concurrently */ ) ), "policy-match" ( /* Configure policy type of policy violation */ c( "threshold" arg /* Number of policy matches to raise alarm */, "duration" arg /* Time window matches must occur within */, "size" arg /* Total concurrent number of policy check violations */ ) ) ) ), "replay-attacks" ( /* No. of Replay attacks before which an alarm needs to be raised */ c( "threshold" arg /* Replay threshold value */ ) ), "security-log-percent-full" arg /* Raise alarm when security log exceeds this percent capacity */, "idp" /* Raise alarm for idp attack */ ) ) ) ), "log" ( /* Configure security log */ c( "exclude" arg ( /* List of security log criteria to exclude from the audit log */ c( "destination-address" ( /* Destination address */ ipaddr /* Destination address */ ), "destination-port" arg /* Destination port */, "event-id" arg /* Event ID filter */, "failure" /* Event was a failure */, "interface-name" arg /* Name of interface */, "policy-name" arg /* Policy name filter */, "process" arg /* Process that generated the event */, "protocol" arg /* Protocol filter */, "source-address" ( /* Source address */ ipaddr /* Source address */ ), "source-port" arg /* Source port */, "success" /* Event was successful */, "username" arg /* Username filter */ ) ), "limit" arg /* Limit number of security log entries to keep in memory */, "cache" ( /* Cache security log events in the audit log buffer */ c( "exclude" arg ( /* List of security log criteria to exclude from the audit log */ c( "destination-address" ( /* Destination address */ ipaddr /* Destination address */ ), "destination-port" arg /* Destination port */, "event-id" arg /* Event ID filter */, "failure" /* Event was a failure */, "interface-name" arg /* Name of interface */, "policy-name" arg /* Policy name filter */, "process" arg /* Process that generated the event */, "protocol" arg /* Protocol filter */, "source-address" ( /* Source address */ ipaddr /* Source address */ ), "source-port" arg /* Source port */, "success" /* Event was successful */, "username" arg /* Username filter */ ) ), "limit" arg /* Limit number of security log entries to keep in memory */ ) ), "disable" /* Disable security logging for the device */, "utc-timestamp" /* Use UTC time for security log timestamps */, "mode" ( /* Controls how security logs are processed and exported */ ("stream" | "event") ), "event-rate" arg /* Control plane event rate */, "format" ( /* Set security log format for the device */ ("syslog" | "sd-syslog" | "binary") ), "rate-cap" arg /* Data plane event rate */, "max-database-record" arg /* Maximum records in database */, "report" /* Set security log report settings */, c( "source-address" ( /* Source ip address used when exporting security logs */ ipaddr /* Source ip address used when exporting security logs */ ), "source-interface" ( /* Source interface used when exporting security logs */ interface_name /* Source interface used when exporting security logs */ ) ), "transport" ( /* Set security log transport settings */ c( "tcp-connections" arg /* Set tcp connection number per-stream */, "protocol" ( /* Set security log transport protocol for the device */ ("udp" | "tcp" | "tls") ), "tls-profile" arg /* TLS profile */ ) ), "facility-override" ( /* Alternate facility for logging to remote host */ ("authorization" | "daemon" | "ftp" | "kernel" | "user" | "local0" | "local1" | "local2" | "local3" | "local4" | "local5" | "local6" | "local7") ), "stream" arg ( /* Set security log stream settings */ c( "severity" ( /* Severity threshold for security logs */ ("emergency" | "alert" | "critical" | "error" | "warning" | "notice" | "info" | "debug") ), "format" ( /* Specify the log stream format */ ("syslog" | "sd-syslog" | "welf" | "binary") ), "category" enum(("all" | "content-security" | "fw-auth" | "screen" | "alg" | "nat" | "flow" | "sctp" | "gtp" | "ipsec" | "idp" | "rtlog" | "pst-ds-lite" | "appqos" | "secintel" | "aamw")) /* Selects the type of events that may be logged */, "filter" enum(("threat-attack")) /* Selects the filter to filter the logs to be logged */, "host" ( /* Destination to send security logs to */ host_object /* Destination to send security logs to */ ), "rate-limit" ( /* Rate-limit for security logs */ c( arg ) ), "file" ( /* Security log file options for logs in local file */ c( "localfilename" arg /* Name of local log file */, "size" arg /* Maximum size of local log file in megabytes */, "rotation" arg /* Maximum number of rotate files */, "allow-duplicates" /* To disable log consolidation */ ) ) ) ), "file" ( /* Security log file options for logs in binary format */ c( "filename" arg /* Name of binary log file */, "size" arg /* Maximum size of binary log file in megabytes */, "path" arg /* Path to binary log files */, "files" arg /* Maximum number of binary log files */ ) ), "traceoptions" ( /* Security log daemon trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("source" | "configuration" | "all" | "report" | "hpl")) /* List of things to include in trace */.as(:oneline) ) ) ) ), "certificates" ( /* X.509 certificate configuration */ c( "local" ( /* Local X.509 certificate configuration */ certificate_object /* Local X.509 certificate configuration */ ), "path-length" arg /* Maximum certificate path length */, "maximum-certificates" arg /* Maximum number of certificates to cache */, "cache-size" arg /* Maximum size of certificate cache */, "cache-timeout-negative" arg /* Time in seconds to cache negative responses */, "enrollment-retry" arg /* Number of retry attempts for an enrollment request */, "certification-authority" arg ( /* CA X.509 certificate configuration */ c( "ca-name" arg /* CA name */, "file" arg /* File to read certificate from */, "crl" arg /* File to read crl from */, "enrollment-url" arg /* URL */, "ldap-url" arg /* URL */, "encoding" ( /* Encoding to use for certificate or CRL on disk */ ("binary" | "pem") ) ) ) ) ), "authentication-key-chains" ( /* Authentication key chain configuration */ security_authentication_key_chains /* Authentication key chain configuration */ ), "ssh-known-hosts" ( /* SSH known host list */ c( "host" arg ( /* SSH known host entry */ c( "rsa1-key" arg /* Base64 encoded RSA key (protocol version 1) */, "rsa-key" arg /* Base64 encoded RSA key */, "dsa-key" arg /* Base64 encoded DSA key */, "ecdsa-key" arg /* Base64 encoded ECDSA key */, "ecdsa-sha2-nistp256-key" arg /* Base64 encoded ECDSA-SHA2-NIST256 key */, "ecdsa-sha2-nistp384-key" arg /* Base64 encoded ECDSA-SHA2-NIST384 key */, "ecdsa-sha2-nistp521-key" arg /* Base64 encoded ECDSA-SHA2-NIST521 key */, "ed25519-key" arg /* Base64 encoded ED25519 key */ ) ) ) ), "key-protection" /* Common-Criteria key-protection configuration */, "pki" ( /* PKI service configuration */ security_pki /* PKI service configuration */ ), "group-vpn" ( /* Group VPN configuration */ security_group_vpn /* Group VPN configuration */ ), "ipsec" ( /* IPSec configuration */ security_ipsec_vpn /* IPSec configuration */ ), "ike" ( /* IKE configuration */ security_ike /* IKE configuration */ ), "ipsec-policy" ( /* IPSec policy configuration */ security_ipsec_policies /* IPSec policy configuration */ ), "idp" ( /* Configure IDP */ c( "idp-policy" ( /* Configure IDP policy */ idp_policy_type /* Configure IDP policy */ ), "active-policy" arg /* Set active policy */, "default-policy" arg /* Set active policy */, "custom-attack" ( /* Configure custom attacks */ custom_attack_type /* Configure custom attacks */ ), "custom-attack-group" ( /* Configure custom attack groups */ custom_attack_group_type /* Configure custom attack groups */ ), "dynamic-attack-group" ( /* Configure dynamic attack groups */ dynamic_attack_group_type /* Configure dynamic attack groups */ ), "traceoptions" ( /* Trace options for idp services */ idpd_traceoptions_type /* Trace options for idp services */ ), "security-package" ( /* Security package options */ c( "url" arg /* URL of Security package download */, "source-address" ( /* Source address to be used for sending download request */ ipv4addr /* Source address to be used for sending download request */ ), "proxy-profile" arg /* Proxy profile of security package download */, "routing-instance" arg /* Routing instance for security-package download */, "install" ( /* Configure install command */ c( "ignore-version-check" /* Skip version check when attack database gets installed */, "ignore-appid-failure" /* Continue idp installation even if appid installation fails */ ) ), "automatic" ( /* Scheduled download and update */ c( "start-time" ( /* Start time (YYYY-MM-DD.HH:MM:SS) */ time /* Start time (YYYY-MM-DD.HH:MM:SS) */ ), "interval" arg /* Interval */, "download-timeout" arg /* Maximum time for download to complete */, ("enable") ) ) ) ), "sensor-configuration" ( /* IDP Sensor Configuration */ c( "log" ( /* IDP Log Configuration */ c( "cache-size" arg /* Log cache size */, "suppression" ( /* Log suppression */ c( ("disable"), "include-destination-address" /* Include destination address while performing a log suppression */, "no-include-destination-address" /* Don't include destination address while performing a log suppression */, "start-log" arg /* Suppression start log */, "max-logs-operate" arg /* Maximum logs can be operate on */, "max-time-report" arg /* Time after suppressed logs will be reported */ ) ) ) ), "packet-log" ( /* IDP Packetlog Configuration */ c( "total-memory" arg /* Total memory unit(%) */, "max-sessions" arg /* Max num of sessions in unit(%) */, "threshold-logging-interval" arg /* Interval of logs for max limit session/memory reached in minutes */, "source-address" ( /* Source IP address used to transport packetlog to a host */ ipv4addr /* Source IP address used to transport packetlog to a host */ ), "host" ( /* Destination host to send packetlog to */ c( ipv4addr /* IP address */, "port" arg /* UDP port number */ ) ) ) ), "application-identification" ( /* Application identification */ c( ("disable"), "application-system-cache" /* Application system cache */, "no-application-system-cache" /* Don't application system cache */, "max-tcp-session-packet-memory" arg /* Max TCP session memory */, "max-udp-session-packet-memory" arg /* Max UDP session memory */, "max-sessions" arg /* Max sessions that can run AI at the same time */, "max-packet-memory" arg /* Max packet memory */, "max-packet-memory-ratio" arg /* Max packet memory ratio */, "max-reass-packet-memory-ratio" arg /* Max reass packet memory ratio */, "application-system-cache-timeout" arg /* Application system cache timeout */ ) ), "flow" ( /* Flow configuration */ c( "log-errors" /* Flow log errors */, "no-log-errors" /* Don't flow log errors */, "reset-on-policy" /* Flow reset-on-policy */, "no-reset-on-policy" /* Don't flow reset-on-policy */, "allow-icmp-without-flow" /* Allow icmp without flow */, "no-allow-icmp-without-flow" /* Don't allow icmp without flow */, "hash-table-size" arg /* Flow hash table size */, "reject-timeout" arg /* Flow reject timeout */, "max-timers-poll-ticks" arg /* Maximum timers poll ticks */, "fifo-max-size" arg /* Maximum fifo size */, "udp-anticipated-timeout" arg /* Maximum udp anticipated timeout */, "allow-nonsyn-connection" /* Allow TCP non-syn connection */, "drop-on-limit" /* Drop connections on exceeding resource limits */, "drop-on-failover" /* Drop traffic on HA failover sessions */, "drop-if-no-policy-loaded" /* Drop all traffic till IDP policy gets loaded */, "max-sessions-offset" arg /* Maximum session offset limit percentage */, "min-objcache-limit-lt" arg /* Memory lower threshold limit percentage */, "min-objcache-limit-ut" arg /* Memory upper threshold limit percentage */, "session-steering" /* Session steering for session anticipation */, "idp-bypass-cpu-usg-overload" /* Enable IDP bypass of sessions/packets on CPU usage overload */, "idp-bypass-cpu-threshold" arg /* Threshold of CPU usage in percentage for IDP bypass */, "idp-bypass-cpu-tolerance" arg /* Tolerance of CPU usage in percentage for IDP bypass */, "idp-bypass-cpu-tolerance" arg /* Tolerance of CPU usage in percentage for IDP bypass */, "intel-inspect-enable" /* Minimizes IDP processing during system overload */, "intel-inspect-cpu-usg-threshold" arg /* CPU usage threshold percentage for intelligent inspection */, "intel-inspect-cpu-usg-tolerance" arg /* CPU usage tolerance percentage for intelligent inspection */, "intel-inspect-free-mem-threshold" arg /* Free memory threshold percentage for intelligent inspection */, "intel-inspect-mem-tolerance" arg /* Memory tolerance percentage for intelligent inspection */, "intel-inspect-disable-content-decompress" /* Disables payload content decompression */, "intel-inspect-session-bytes-depth" arg /* Session bytes scanning depth */, "intel-inspect-protocols" arg /* Protocols to be processed in Intelligent Inspection mode */, "intel-inspect-signature-severity" ( /* Signature severities to be considered for IDP processing */ ("minor" | "major" | "critical") ) ) ), "re-assembler" ( /* Re-assembler configuration */ c( "drop-on-syn-in-window" /* Drop session when SYN is seen in the window */, "no-drop-on-syn-in-window" /* Don't drop session when SYN is seen in the window */, "ignore-memory-overflow" /* Ignore memory overflow */, "no-ignore-memory-overflow" /* Don't ignore memory overflow */, "ignore-reassembly-memory-overflow" /* Ignore packet reassembly memory overflow */, "no-ignore-reassembly-memory-overflow" /* Don't ignore packet reassembly memory overflow */, "ignore-reassembly-overflow" /* Ignore global reassembly overflow */, "max-packet-mem" arg /* Maximum packet memory */, "max-flow-mem" arg /* Maximum flow memory */, "max-packet-mem-ratio" arg /* Maximum packet memory ratio */, "action-on-reassembly-failure" ( /* Select the action on reassembly failures */ ("ignore" | "drop" | "drop-session") ), "tcp-error-logging" /* Enable logging on tcp errors */, "no-tcp-error-logging" /* Don't enable logging on tcp errors */, "max-synacks-queued" arg /* Maximum syn-acks queued with different SEQ numbers */, "force-tcp-window-checks" /* Force TCP window checks if uni-directional policy is configured */, "no-force-tcp-window-checks" /* Don't force TCP window checks if uni-directional policy is configured */ ) ), "ips" ( /* Ips configuration */ c( "process-override" /* Process override */, "no-process-override" /* Don't process override */, "detect-shellcode" /* Detect shellcode */, "no-detect-shellcode" /* Don't detect shellcode */, "process-ignore-s2c" /* Process ignore s2c */, "no-process-ignore-s2c" /* Don't process ignore s2c */, "ignore-regular-expression" /* Ignore regular expression */, "no-ignore-regular-expression" /* Don't ignore regular expression */, "process-port" arg /* Process port */, "fifo-max-size" arg /* Maximum fifo size */, "log-supercede-min" arg /* Minimum log supercede */, "content-decompression-max-memory-kb" arg /* Maximum memory usage in kilo bytes */, "content-decompression-max-ratio" arg /* Maximum decompression ratio supported */, "session-pkt-depth" arg /* Session pkt scanning depth */ ) ), "global" ( /* Global configuration */ c( "enable-packet-pool" /* Enable packet pool */, "no-enable-packet-pool" /* Don't enable packet pool */, "log-xff-header" /* Log xff header */, "enable-all-qmodules" /* Enable all qmodules */, "no-enable-all-qmodules" /* Don't enable all qmodules */, "policy-lookup-cache" /* Policy lookup cache */, "no-policy-lookup-cache" /* Don't policy lookup cache */, "memory-limit-percent" arg /* Memory limit percentage */, "disable-idp-processing" /* Flag to disable IDP processing */, "intelligent-offload" ( /* Intelligently offload the flow */ ("disable" | "conservative") ) ) ), "detector" ( /* Detector Configuration */ c( "protocol-name" ( /* Apropriate help string */ proto_object /* Apropriate help string */ ) ) ), "ssl-inspection" ( /* SSL inspection */ c( "sessions" arg /* Number of SSL sessions to inspect */, "session-id-cache-timeout" arg /* Timeout value for SSL session ID cache */, "maximum-cache-size" arg /* Maximum SSL session ID cache size */, "cache-prune-chunk-size" arg /* Number of cache entries to delete when pruning SSL session ID cache */, "key-protection" /* Enable SSL key protection */ ) ), "disable-low-memory-handling" /* Do not abort IDP operations under low memory condition */, "high-availability" ( /* High availability configuration */ c( "no-policy-cold-synchronization" /* Disable policy cold synchronization */ ) ), "security-configuration" ( /* IDP security configuration */ c( "protection-mode" ( /* Enable security protection mode */ ("datacenter" | "datacenter-full" | "perimeter" | "perimeter-full") ) ) ) ) ), "max-sessions" arg /* Max number of IDP sessions */, "logical-system" ( /* Configure max IDP sessions for the logial system */ logical_system_type /* Configure max IDP sessions for the logial system */ ), "processes" /* Configure IDP Processes */, "tenant-system" ( /* Configure max IDP sessions for the tenant */ tenant_system_type /* Configure max IDP sessions for the tenant */ ) ) ), "address-book" ( /* Security address book */ named_address_book_type /* Security address book */ ), "alg" ( /* Configure ALG security options */ alg_object /* Configure ALG security options */ ), "application-firewall" ( /* Configure application-firewall rule-sets */ c( "traceoptions" ( /* Rule-sets Tracing Options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "lookup" | "compilation" | "ipc" | "all")) /* Tracing parameters */.as(:oneline) ) ), "profile" arg ( /* Configure application-firewall profile */ c( "block-message" ( /* Block message settings */ c( "type" ( /* Type of block message desired */ c( c( "custom-text" ( /* Custom defined block message */ c( "content" arg /* Content of custom-text */ ) ), "custom-redirect-url" ( /* Custom redirect URL server */ c( "content" arg /* URL of block message */ ) ) ) ) ) ) ) ) ), "rule-sets" arg ( /* Configure application-firewall rule-sets */ c( "rule" ( /* Rule */ appfw_rule_type /* Rule */ ), "default-rule" ( /* Specify default rule for a rule-set */ c( c( "permit" /* Permit packets */, "deny" ( /* Deny packets */ c( "block-message" /* Block message */ ) ), "reject" ( /* Reject packets */ c( "block-message" /* Block message */ ) ) ) ) ), "profile" arg /* Profile for block message */ ) ), "nested-application" ( /* Configure nested application dynamic lookup */ c( "dynamic-lookup" ( /* Configure dynamic lookup */ c( "enable" /* Enable dynamic lookup */ ) ) ) ) ) ), "application-tracking" ( /* Application tracking configuration */ c( "disable" /* Disable Application tracking */, c( "first-update-interval" arg /* Interval when the first update message is sent */, "first-update" /* Generate Application tracking initial message when a session is created */ ), "session-update-interval" arg /* Frequency in which Application tracking update messages are generated */ ) ), "utm" ( /* Content security service configuration */ c( "traceoptions" ( /* Trace options for utm */ utm_traceoptions /* Trace options for utm */ ), "application-proxy" ( /* Application proxy settings */ c( "traceoptions" ( /* Trace options for application proxy */ utm_apppxy_traceoptions /* Trace options for application proxy */ ) ) ), "ipc" ( /* IPC settings */ c( "traceoptions" ( /* Trace options for IPC */ utm_ipc_traceoptions /* Trace options for IPC */ ) ) ), "custom-objects" ( /* Custom-objects settings */ c( "category-package" ( /* Category package download and install options */ c( "url" arg /* HTTPS URL of category package download */, "proxy-profile" arg /* Proxy profile */, "routing-instance" arg /* Routing instance name */, "automatic" ( /* Scheduled download and install */ c( "start-time" ( /* Start time (YYYY-MM-DD.HH:MM:SS) */ time /* Start time (YYYY-MM-DD.HH:MM:SS) */ ), "interval" arg /* Interval in hours */, "enable" /* Enable automatic download and install */ ) ) ) ), "mime-pattern" ( /* Configure mime-list object */ mime_list_type /* Configure mime-list object */ ), "filename-extension" ( /* Configure extension-list object */ extension_list_type /* Configure extension-list object */ ), "url-pattern" ( /* Configure url-list object */ url_list_type /* Configure url-list object */ ), "custom-url-category" ( /* Configure category-list object */ category_list_type /* Configure category-list object */ ), "protocol-command" ( /* Configure command-list object */ command_list_type /* Configure command-list object */ ), "custom-message" ( /* Configure custom-message object */ custom_message_type /* Configure custom-message object */ ) ) ), "default-configuration" ( /* Global default UTM configurations */ c( "anti-virus" ( /* Configure anti-virus feature */ default_anti_virus_feature /* Configure anti-virus feature */ ), "web-filtering" ( /* Configure web-filtering feature */ default_webfilter_feature /* Configure web-filtering feature */ ), "anti-spam" ( /* Configure anti-spam feature */ default_anti_spam_feature /* Configure anti-spam feature */ ), "content-filtering" ( /* Configure content filtering feature */ default_content_filtering_feature /* Configure content filtering feature */ ) ) ), "feature-profile" ( /* Feature-profile settings */ c( "anti-virus" ( /* Configure anti-virus feature */ anti_virus_feature /* Configure anti-virus feature */ ), "web-filtering" ( /* Configure web-filtering feature */ webfilter_feature /* Configure web-filtering feature */ ), "anti-spam" ( /* Configure anti-spam feature */ anti_spam_feature /* Configure anti-spam feature */ ), "content-filtering" ( /* Configure content filtering feature */ content_filtering_feature /* Configure content filtering feature */ ) ) ), "utm-policy" ( /* Configure profile */ profile_setting /* Configure profile */ ) ) ), "dynamic-address" ( /* Configure security dynamic address */ c( "traceoptions" ( /* Security dynamic address tracing options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("configuration" | "control" | "ipc" | "ip-entry" | "file-retrieval" | "lookup" | "all")) /* Tracing parameters */.as(:oneline) ) ), "feed-server" arg ( /* Security dynamic address feed-server */ c( "description" arg /* Text description of feed-server */, "hostname" arg /* Hostname or IP address of feed-server */, "update-interval" arg /* Interval to retrieve update */, "hold-interval" arg /* Time to keep IP entry when update failed */, "feed-name" arg ( /* Feed name in feed-server */ c( "description" arg /* Text description of feed in feed-server */, "path" arg /* Path of feed, appended to feed-server to form a complete URL */, "update-interval" arg /* Interval to retrieve update */, "hold-interval" arg /* Time to keep IP entry when update failed */ ) ) ) ), "address-name" arg ( /* Security dynamic address name */ c( "description" arg /* Text description of dynamic address */, "profile" ( /* Information to categorize feed data into this dynamic address */ c( "feed-name" arg /* Name of feed in feed-server for this dynamic address */, "category" arg ( /* Name of category */ c( "feed" arg /* Name of feed under category */, "property" arg ( /* Property to match */ c( c( "string" arg /* Value type is strings */ ) ) ) ) ) ) ) ) ) ) ), "dynamic-vpn" /* Configure dynamic VPN */, "dynamic-application" ( /* Configure dynamic-application */ c( "traceoptions" ( /* Dynamic application tracing options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "lookup" | "compilation" | "ipc" | "all")) /* Tracing parameters */.as(:oneline) ) ), "profile" arg ( /* Configure application-firewall profile */ c( "redirect-message" ( /* Redirect message settings */ c( "type" ( /* Type of redirect message desired */ c( c( "custom-text" ( /* Custom defined text block message */ c( "content" arg /* Content of custom-text */ ) ), "redirect-url" ( /* Custom redirect URL server */ c( "content" arg /* URL of block message */ ) ) ) ) ) ) ) ) ) ) ), "softwires" ( /* Configure softwire feature */ softwires_object /* Configure softwire feature */ ), "forwarding-options" ( /* Security-forwarding-options configuration */ c( "family" ( /* Security forwarding-options for family */ c( "inet6" ( /* Family IPv6 */ c( "mode" ( /* Forwarding mode */ ("packet-based" | "flow-based" | "drop") ) ) ), "mpls" ( /* Family MPLS */ c( "mode" ( /* Forwarding mode */ ("packet-based") ) ) ), "iso" ( /* Family ISO */ c( "mode" ( /* Forwarding mode */ ("packet-based") ) ) ) ) ), "mirror-filter" ( /* Security mirror filters */ mirror_filter_type /* Security mirror filters */ ), "secure-wire" ( /* Secure-wire cross connections */ secure_wire_type /* Secure-wire cross connections */ ) ) ), "advanced-services" /* Advanced services configuration */, "flow" ( /* FLOW configuration */ c( "enhanced-routing-mode" /* Enable enhanced route scaling */, "traceoptions" ( /* Trace options for flow services */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("all" | "basic-datapath" | "high-availability" | "host-traffic" | "fragmentation" | "multicast" | "route" | "session" | "session-scan" | "tcp-basic" | "tunnel")) /* Events and other information to include in trace output */.as(:oneline), "rate-limit" arg /* Limit the incoming rate of trace messages */, "packet-filter" ( /* Flow packet debug filters */ flow_filter_type /* Flow packet debug filters */ ), "trace-level" ( /* FLow trace level */ c( c( "error" /* Error messages */, "brief" /* Brief messages */, "detail" /* Detail messages */ ) ) ) ) ), "pending-sess-queue-length" ( /* Maximum queued length per pending session */ ("normal" | "moderate" | "high") ), "enable-reroute-uniform-link-check" ( /* Enable reroute check with uniform link */ c( "nat" /* Enable NAT check */ ) ), "allow-dns-reply" /* Allow unmatched incoming DNS reply packet */, "route-change-timeout" arg /* Timeout value for route change to nonexistent route */, "syn-flood-protection-mode" ( /* TCP SYN flood protection mode */ ("syn-cookie" | "syn-proxy") ), "allow-embedded-icmp" /* Allow embedded ICMP packets not matching a session to pass through */, "mcast-buffer-enhance" /* Allow to hold more packets during multicast session creation */, "allow-reverse-ecmp" /* Allow reverse ECMP route lookup */, "sync-icmp-session" /* Allow icmp sessions to sync to peer node */, "ipsec-performance-acceleration" /* Accelerate the IPSec traffic performance */, "aging" ( /* Aging configuration */ c( "early-ageout" arg /* Delay before device declares session invalid */, "low-watermark" arg /* Percentage of session-table capacity at which aggressive aging-out ends */, "high-watermark" arg /* Percentage of session-table capacity at which aggressive aging-out starts */ ) ), "ethernet-switching" ( /* Ethernet-switching configuration for flow */ c( "block-non-ip-all" /* Block all non-IP and non-ARP traffic including broadcast/multicast */, "bypass-non-ip-unicast" /* Allow all non-IP (including unicast) traffic */, "no-packet-flooding" ( /* Stop IP flooding, send ARP/ICMP to trigger MAC learning */ c( "no-trace-route" /* Don't send ICMP to trigger MAC learning */ ) ), "bpdu-vlan-flooding" /* Set 802.1D BPDU flooding based on VLAN */ ) ), "tcp-mss" ( /* TCP maximum segment size configuration */ c( "all-tcp" ( /* Enable MSS override for all packets */ c( "mss" arg /* MSS value */ ) ), "ipsec-vpn" ( /* Enable MSS override for all packets entering IPSec tunnel */ c( "mss" arg /* MSS value */ ) ), "gre-in" ( /* Enable MSS override for all GRE packets coming out of an IPSec tunnel */ c( "mss" arg /* MSS value */ ) ), "gre-out" ( /* Enable MSS override for all GRE packets entering an IPsec tunnel */ c( "mss" arg /* MSS value */ ) ) ) ), "tcp-session" ( /* Transmission Control Protocol session configuration */ c( "rst-invalidate-session" /* Immediately end session on receipt of reset (RST) segment */, "fin-invalidate-session" /* Immediately end session on receipt of fin (FIN) segment */, "rst-sequence-check" /* Check sequence number in reset (RST) segment */, "no-syn-check" /* Disable creation-time SYN-flag check */, "strict-syn-check" /* Enable strict syn check */, "no-syn-check-in-tunnel" /* Disable creation-time SYN-flag check for tunnel packets */, "no-sequence-check" /* Disable sequence-number checking */, "tcp-initial-timeout" arg /* Timeout for TCP session when initialization fails */, "maximum-window" ( /* Maximum TCP proxy scaled receive window, default 256K bytes */ ("64K" | "128K" | "256K" | "512K" | "1M") ), "time-wait-state" ( /* Session timeout value in time-wait state, default 150 seconds */ c( c( "session-ageout" /* Allow session to ageout using service based timeout values */, "session-timeout" arg /* Configure session timeout value for time-wait state */ ), "apply-to-half-close-state" /* Apply time-wait-state timeout to half-close state */ ) ) ) ), "force-ip-reassembly" /* Force to reassemble ip fragments */, "preserve-incoming-fragment-size" /* Preserve incoming fragment size for egress MTU */, "advanced-options" ( /* Flow config advanced options */ c( "drop-matching-reserved-ip-address" /* Drop matching reserved source IP address */, "drop-matching-link-local-address" /* Drop matching link local address */, "reverse-route-packet-mode-vr" /* Allow reverse route lookup with packet mode vr */ ) ), "load-distribution" ( /* Flow config SPU load distribution */ c( "session-affinity" /* SPU load distribution based on the service anchor SPU */ ) ), "packet-log" ( /* Configure flow packet log */ c( "enable" /* Enable log for dropped packet */, "throttle-interval" arg /* Interval should be configured as a power of two */, "packet-filter" ( /* Configure packet log filter */ flow_filter_type /* Configure packet log filter */ ) ) ), "power-mode-ipsec" /* Enable power mode ipsec processing */ ) ), "firewall-authentication" ( /* Firewall authentication parameters */ c( "traceoptions" ( /* Data-plane firewall authentication tracing options */ c( "flag" enum(("authentication" | "proxy" | "all")) ( /* Events to include in trace output */ sc( c( "terse" /* Include terse amount of output in trace */, "detail" /* Include detailed amount of output in trace */, "extensive" /* Include extensive amount of output in trace */ ) ) ).as(:oneline) ) ) ) ), "screen" ( /* Configure screen feature */ c( "trap" ( /* Configure trap interval */ sc( "interval" arg /* Trap interval */ ) ).as(:oneline), "ids-option" ( /* Configure ids-option */ ids_option_type /* Configure ids-option */ ), "traceoptions" ( /* Trace options for Network Security Screen */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "flow" | "all")) /* Tracing parameters */.as(:oneline) ) ), "white-list" ( /* Set of IP addresses for white list */ ids_wlist_type /* Set of IP addresses for white list */ ) ) ), "nat" ( /* Configure Network Address Translation */ nat_object /* Configure Network Address Translation */ ), "forwarding-process" ( /* Configure security forwarding-process options */ c( "enhanced-services-mode" /* Enable enhanced application services mode */, "application-services" ( /* Configure application service options */ c( "maximize-alg-sessions" /* Maximize ALG session capacity */, "maximize-persistent-nat-capacity" /* Increase persistent NAT capacity by reducing maximum flow sessions */, "maximize-cp-sessions" /* Maximize CP session capacity */, "session-distribution-mode" arg /* Session distribution mode */, "enable-gtpu-distribution" /* Enable GTP-U distribution */, "packet-ordering-mode" arg /* Packet ordering mode */, "maximize-idp-sessions" /* Run security services in dedicated processes to maximize IDP session capacity */ ) ) ) ), "policies" ( /* Configure Network Security Policies */ policy_object_type /* Configure Network Security Policies */ ), "tcp-encap" ( /* Configure TCP Encapsulation. */ c( "traceoptions" ( /* Trace options for TCP encapsulation service */ ragw_traceoptions /* Trace options for TCP encapsulation service */ ), "profile" arg ( /* Configure profile. */ c( "ssl-profile" arg /* SSL Termination profile */, "log" /* Enable logging for remote-access */ ) ), "global-options" ( /* Global settings for TCP encapsulation */ c( "enable-tunnel-tracking" /* Track ESP tunnels */ ) ) ) ), "resource-manager" ( /* Configure resource manager security options */ c( "traceoptions" ( /* Traceoptions for resource manager */ c( "flag" enum(("client" | "group" | "resource" | "gate" | "session" | "chassis cluster" | "messaging" | "service pinhole" | "error" | "all")) ( /* Resource manager objects and events to include in trace */ sc( c( "terse" /* Set trace verbosity level to terse */, "detail" /* Set trace verbosity level to detail */, "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ), "analysis" ( /* Configure security analysis */ c( "no-report" /* Stops security analysis reporting */ ) ), "traceoptions" ( /* Network security daemon tracing options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "routing-socket" | "compilation" | "all")) /* Tracing parameters */.as(:oneline), "rate-limit" arg /* Limit the incoming rate of trace messages */ ) ), "datapath-debug" ( /* Datapath debug options */ c( "traceoptions" ( /* End to end debug trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline) ) ), "capture-file" ( /* Packet capture options */ sc( arg /* Capture file name */, "format" ( /* Capture file format */ ("pcap") ), "size" arg /* Maximum file size */, "files" arg /* Maximum number of files */, "world-readable" /* Allow any user to read packet-capture files */, "no-world-readable" /* Don't allow any user to read packet-capture files */ ) ).as(:oneline), "maximum-capture-size" arg /* Max packet capture length */, "action-profile" ( /* Action profile definitions */ e2e_action_profile /* Action profile definitions */ ), "packet-filter" ( /* Packet filter configuration */ end_to_end_debug_filter /* Packet filter configuration */ ) ) ), "user-identification" ( /* Configure user-identification */ c( "traceoptions" ( /* User-identification Tracing Options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("all")) /* Tracing parameters */.as(:oneline) ) ), "authentication-source" ( /* Configure user-identification authentication-source */ authentication_source_type /* Configure user-identification authentication-source */ ) ) ), "zones" ( /* Zone configuration */ c( "functional-zone" ( /* Functional zone */ c( "management" ( /* Host for out of band management interfaces */ c( "interfaces" ( /* Interfaces that are part of this zone */ zone_interface_list_type /* Interfaces that are part of this zone */ ), "screen" arg /* Name of ids option object applied to the zone */, "host-inbound-traffic" ( /* Allowed system services & protocols */ zone_host_inbound_traffic_t /* Allowed system services & protocols */ ), "description" arg /* Text description of zone */ ) ) ) ), "security-zone" ( /* Security zones */ security_zone_type /* Security zones */ ) ) ), "advance-policy-based-routing" ( /* Configure Network Security APBR Policies */ c( "traceoptions" ( /* Advance policy based routing tracing options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "lookup" | "compilation" | "ipc" | "all")) /* Tracing parameters */.as(:oneline) ) ), "tunables" ( /* Configure advance policy based routing tunables */ c( "max-route-change" arg /* Maximum route change */, "drop-on-zone-mismatch" /* Drop session if zone mismatches */, "enable-logging" /* Enable AppTrack logging */ ) ), "profile" arg ( /* Configure advance-policy-based-routing profile */ c( "rule" ( /* Specify an advance policy based routing rule */ apbr_rule_type /* Specify an advance policy based routing rule */ ) ) ), "active-probe-params" arg ( /* Active probe's settings */ c( "settings" ( /* Settings */ appqoe_probe_params /* Settings */ ) ) ), "metrics-profile" arg ( /* Configure metric profiles */ c( "sla-threshold" ( /* Configure SLA metric threshold */ appqoe_sla_metric_profile /* Configure SLA metric threshold */ ) ) ), "overlay-path" arg ( /* List of overlay paths */ c( "tunnel-path" ( /* Tunnel start & end ip addresses */ appqoe_probe_path /* Tunnel start & end ip addresses */ ), "probe-path" ( /* Probe start & end ip addresses */ appqoe_probe_path /* Probe start & end ip addresses */ ) ) ), "destination-path-group" arg ( /* Group of tunnels to a particular destination */ c( "probe-routing-instance" ( /* Set routing instance for the probe-path */ c( arg /* Name of routing instance */ ) ), "overlay-path" arg /* List of paths */ ) ), "sla-options" ( /* Global SLA options */ c( "local-route-switch" ( /* Enable/disable Automatic local route switching */ c( c( "enabled" /* Enable */, "disabled" /* Disable */ ) ) ), "log-type" ( /* Choose the logging mechanism */ c( c( "syslog" /* Choose syslog */ ) ) ), "max-passive-probe-limit" ( /* Set max passive probe limits */ c( "number-of-probes" ( /* Number of passive probes to be sent */ c( arg ) ), "interval" ( /* Interval within which to send */ c( arg ) ) ) ) ) ), "sla-rule" arg ( /* Create SLA rule */ c( "switch-idle-time" ( /* Idle timeout period where no SLA violation will be detected once path switch has happened */ c( arg ) ), "metrics-profile" ( /* Set metrics profile for the SLA */ c( arg /* Metrics Profile name */ ) ), "active-probe-params" ( /* Set Probe params for the overlay-path */ c( arg /* Probe parameter's name */ ) ), "passive-probe-params" ( /* Passive probe settings */ c( "sampling-percentage" ( /* Mininmum percentage of Sessions to be evaluated for the application */ c( arg ) ), "violation-count" ( /* Number of SLA violations within sampling period to be considered as a violation. */ c( arg ) ), "sampling-period" ( /* Time period in which the sampling is done */ c( arg ) ), "sla-export-factor" ( /* Enabled sampling window based SLA exporting */ c( arg ) ), "type" ( /* Choose type of SLA measurement */ c( c( "book-ended" /* Choose custom method of probing within WAN link */ ) ) ), "sampling-frequency" ( /* Sampling frequency settings */ c( "interval" ( /* Time based sampling interval */ c( arg ) ), "ratio" ( /* 1:N based sampling ratio */ c( arg ) ) ) ) ) ) ) ), "policy" arg ( /* Define a policy context from this zone */ c( "policy" ( /* Define security policy in specified zone-to-zone direction */ sla_policy_type /* Define security policy in specified zone-to-zone direction */ ) ) ) ) ), "gprs" ( /* GPRS configuration */ c( "gtp" ( /* GPRS tunneling protocol configuration */ c( "profile" arg ( /* Configure GTP Profile */ c( "min-message-length" arg /* Minimum message length, from 0 to 65535 */, "max-message-length" arg /* Maximum message length, from 1 to 65535 */, "timeout" arg /* Tunnel idle timeout */, "rate-limit" arg /* Limit messages per second */, "log" ( /* GPRS tunneling protocol logs */ c( "forwarded" ( /* Log passed good packets */ ("basic" | "detail") ), "state-invalid" ( /* Dropped by state-inspection or sanity failure */ ("basic" | "detail") ), "prohibited" ( /* Dropped for type/length/version filtering */ ("basic" | "detail") ), "gtp-u" enum(("all" | "dropped")) /* Logs for gtp-u */, "rate-limited" ( /* Dropped for rate-limit */ c( c( "basic" /* Basic logs */, "detail" /* Detailed logs */ ), "frequency-number" arg /* Logging frequency over threshold, set by rate-limit */ ) ) ) ), "remove-ie" ( /* Remove information elements */ c( "version" enum(("v1")) ( /* GTP version */ c( "release" enum(("R6" | "R7" | "R8" | "R9")) /* Remove information elements by release */, "number" ( /* Remove information elements by number */ c( arg ) ) ) ) ) ), "path-rate-limit" ( /* Limit control messages based on IP pairs */ c( "message-type" enum(("create-req" | "delete-req" | "echo-req" | "other")) ( /* Specific group of control messages */ c( "drop-threshold" ( /* Set drop threshold for path rate limiting */ c( "forward" arg /* Limit messages of forward direction */, "reverse" arg /* Limit messages of reverse direction */ ) ), "alarm-threshold" ( /* Set alarm threshold for path rate limiting */ c( "forward" arg /* Limit messages of forward direction */, "reverse" arg /* Limit messages of reverse direction */ ) ) ) ) ) ), "drop" ( /* Drop certain type of messages */ c( "aa-create-pdp" ( /* Create AA pdp request/response message */ c( c( "0" /* Version 0 */ ) ) ), "aa-delete-pdp" ( /* Delete AA pdp request/response message */ c( c( "0" /* Version 0 */ ) ) ), "bearer-resource" ( /* Bearer resource command/failure message */ c( c( "2" /* Version 2 */ ) ) ), "change-notification" ( /* Change notification request/response message */ c( c( "2" /* Version 2 */ ) ) ), "config-transfer" ( /* Configuration transfer message */ c( c( "2" /* Version 2 */ ) ) ), "context" ( /* Context request/response/ack message */ c( c( "2" /* Version 2 */ ) ) ), "create-bearer" ( /* Create bearer request/response message */ c( c( "2" /* Version 2 */ ) ) ), "create-data-forwarding" ( /* Create indirect data forwarding tunnel request/response message */ c( c( "2" /* Version 2 */ ) ) ), "create-pdp" ( /* Create pdp request/response message */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "all" /* All versions */ ) ) ), "create-session" ( /* Create session request/response message */ c( c( "2" /* Version 2 */ ) ) ), "create-tnl-forwarding" ( /* Create forwarding tunnel request/response message */ c( c( "2" /* Version 2 */ ) ) ), "cs-paging" ( /* CS paging indication message */ c( c( "2" /* Version 2 */ ) ) ), "data-record" ( /* Data record request/response message */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "all" /* All versions */ ) ) ), "delete-bearer" ( /* Delete bearer request/response message */ c( c( "2" /* Version 2 */ ) ) ), "delete-command" ( /* Delete bearer command/failure message */ c( c( "2" /* Version 2 */ ) ) ), "delete-data-forwarding" ( /* Delete indirect data forwarding tunnel request/response message */ c( c( "2" /* Version 2 */ ) ) ), "delete-pdn" ( /* Delete PDN connection set request/response message */ c( c( "2" /* Version 2 */ ) ) ), "delete-pdp" ( /* Delete pdp request/response message */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "all" /* All versions */ ) ) ), "delete-session" ( /* Delete session request/response message */ c( c( "2" /* Version 2 */ ) ) ), "detach" ( /* Detach notification/ack message */ c( c( "2" /* Version 2 */ ) ) ), "downlink-notification" ( /* Downlink data notification/ack/failure message */ c( c( "2" /* Version 2 */ ) ) ), "echo" ( /* Echo request/response message */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "2" /* Version 2 */, "all" /* All versions */ ) ) ), "error-indication" ( /* Error indication message */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "all" /* All versions */ ) ) ), "failure-report" ( /* Failure report request/response message */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "all" /* All versions */ ) ) ), "fwd-access" ( /* Forward access context notification/ack message */ c( c( "2" /* Version 2 */ ) ) ), "fwd-relocation" ( /* Forward relocation request/response/comp/comp-ack message */ c( c( "1" /* Version 1 */, "2" /* Version 2 */, "all" /* All versions */ ) ) ), "fwd-srns-context" ( /* Forward SRNS context/context-ack message */ c( c( "1" /* Version 1 */ ) ) ), "g-pdu" ( /* G-PDU (user PDU) message/T-PDU */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "all" /* All versions */ ) ) ), "identification" ( /* Identification request/response message */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "2" /* Version 2 */, "all" /* All versions */ ) ) ), "mbms-session-start" ( /* MBMS session start request/response message */ c( c( "1" /* Version 1 */, "2" /* Version 2 */, "all" /* All versions */ ) ) ), "mbms-session-stop" ( /* MBMS session stop request/response message */ c( c( "1" /* Version 1 */, "2" /* Version 2 */, "all" /* All versions */ ) ) ), "mbms-session-update" ( /* MBMS session update request/response message */ c( c( "1" /* Version 1 */, "2" /* Version 2 */, "all" /* All versions */ ) ) ), "modify-bearer" ( /* Modify bearer request/response message */ c( c( "2" /* Version 2 */ ) ) ), "modify-command" ( /* Modify bearer command/failure message */ c( c( "2" /* Version 2 */ ) ) ), "node-alive" ( /* Node alive request/response message */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "all" /* All versions */ ) ) ), "note-ms-present" ( /* Note MS GPRS present request/response message */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "all" /* All versions */ ) ) ), "pdu-notification" ( /* PDU notification requst/response/reject/reject-response message */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "all" /* All versions */ ) ) ), "ran-info" ( /* RAN info relay message */ c( c( "1" /* Version 1 */, "2" /* Version 2 */, "all" /* All versions */ ) ) ), "redirection" ( /* Redirection request/response message */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "all" /* All versions */ ) ) ), "release-access" ( /* Release access-bearer request/response message */ c( c( "2" /* Version 2 */ ) ) ), "relocation-cancel" ( /* Relocation cancel request/response message */ c( c( "1" /* Version 1 */, "2" /* Version 2 */, "all" /* All versions */ ) ) ), "resume" ( /* Resume notification/ack message */ c( c( "2" /* Version 2 */ ) ) ), "send-route" ( /* Send route info request/response message */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "all" /* All versions */ ) ) ), "sgsn-context" ( /* SGSN context request/response/ack message */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "all" /* All versions */ ) ) ), "stop-paging" ( /* Stop paging indication message */ c( c( "2" /* Version 2 */ ) ) ), "supported-extension" ( /* Supported extension headers notification message */ c( c( "1" /* Version 1 */ ) ) ), "suspend" ( /* Suspend notification/ack message */ c( c( "2" /* Version 2 */ ) ) ), "trace-session" ( /* Trace session activation/deactivation message */ c( c( "2" /* Version 2 */ ) ) ), "update-bearer" ( /* Update bearer request/response message */ c( c( "2" /* Version 2 */ ) ) ), "update-pdn" ( /* Update PDN connection set request/response message */ c( c( "2" /* Version 2 */ ) ) ), "update-pdp" ( /* Update pdp request/response message */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "all" /* All versions */ ) ) ), "ver-not-supported" ( /* Version not supported message */ c( c( "0" /* Version 0 */, "1" /* Version 1 */, "2" /* Version 2 */, "all" /* All versions */ ) ) ) ) ), "apn" arg ( /* GTP Access Point Name (APN) filter */ c( "imsi-prefix" arg ( /* Specific filter prefix digits for International Mobile Subscriber Identification(IMSI) */ c( "action" ( /* Configure GTP profile APN action */ c( c( "pass" /* Pass all selection modes for this APN */, "drop" /* Drop all selection modes for this APN */, "selection" ( /* Allowed selection modes for this APN */ c( "ms" /* Mobile Station selection mode */, "net" /* Network selection mode */, "vrf" /* Subscriber verified mode */ ) ) ) ) ) ) ) ) ), "restart-path" ( /* Restart GTP paths */ ("echo" | "create" | "all") ), "seq-number-validated" /* Validate G-PDU sequence number */, "gtp-in-gtp-denied" /* Deny nested GTP */, "u-tunnel-validated" /* Validate GTP-u tunnel */, "end-user-address-validated" /* Validate end user address */, "req-timeout" arg /* Request message timeout, default timeout value 5 seconds */, "handover-on-roaming-intf" /* Enable tunnel setup by Handover messages on roaming interface */, "handover-group" ( /* SGSN handover group configuration */ c( arg ) ) ) ), "traceoptions" ( /* Trace options for GPRS tunneling protocol */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "flow" | "parser" | "chassis-cluster" | "gsn" | "jmpi" | "tnl" | "req" | "path" | "all")) /* Tracing parameters */.as(:oneline), "trace-level" ( /* GTP trace level */ c( c( "error" /* Match error conditions */, "warning" /* Match warning messages */, "notice" /* Match conditions that should be handled specially */, "info" /* Match informational messages */, "verbose" /* Match verbose messages */ ) ) ) ) ), "handover-group" arg ( /* Set handover group */ c( "address-book" arg ( /* Set addreess book */ c( "address-set" ( /* Set address set */ c( arg ) ) ) ) ) ), "handover-default" ( /* Set handover default deny */ c( "deny" /* Handover default deny */ ) ) ) ), "sctp" ( /* GPRS stream control transmission protocol configuration */ c( "profile" arg ( /* Configure stream transmission protocol */ c( "nat-only" /* Only do payload IPs translation for SCTP packet */, "association-timeout" arg /* SCTP association timeout length, in minutes */, "handshake-timeout" arg /* SCTP handshake timeout, in seconds */, "drop" ( /* Disallowed SCTP payload message */ c( "m3ua-service" enum(("sccp" | "tup" | "isup")) /* MTP level 3 (MTP3) user adaptation layer service */.as(:oneline), "payload-protocol" enum(("reserved" | "iua" | "m2ua" | "m3ua" | "sua" | "m2pa" | "v5ua" | "h248" | "bicc" | "tali" | "dua" | "asap" | "enrp" | "h323" | "qipc" | "simco" | "ddp-segment" | "ddp-stream" | "s1ap" | "x2ap" | "diameter-sctp" | "diameter-dtls" | "all" | arg)) /* SCTP payload protocol identifier */.as(:oneline) ) ), "permit" ( /* Permit SCTP payload message */ c( "payload-protocol" enum(("reserved" | "iua" | "m2ua" | "m3ua" | "sua" | "m2pa" | "v5ua" | "h248" | "bicc" | "tali" | "dua" | "asap" | "enrp" | "h323" | "qipc" | "simco" | "ddp-segment" | "ddp-stream" | "s1ap" | "x2ap" | "diameter-sctp" | "diameter-dtls" | "all" | arg)) /* SCTP payload protocol identifier */.as(:oneline) ) ), "limit" ( /* Packet limits */ c( "payload-protocol" enum(("reserved" | "iua" | "m2ua" | "m3ua" | "sua" | "m2pa" | "v5ua" | "h248" | "bicc" | "tali" | "dua" | "asap" | "enrp" | "h323" | "qipc" | "simco" | "ddp-segment" | "ddp-stream" | "s1ap" | "x2ap" | "diameter-sctp" | "diameter-dtls" | "others" | arg)) ( /* Payload Rate limit */ sc( "rate" arg /* Rate limit */ ) ).as(:oneline), "address" arg ( /* Rate limit for a list of IP addresses */ c( "payload-protocol" enum(("reserved" | "iua" | "m2ua" | "m3ua" | "sua" | "m2pa" | "v5ua" | "h248" | "bicc" | "tali" | "dua" | "asap" | "enrp" | "h323" | "qipc" | "simco" | "ddp-segment" | "ddp-stream" | "s1ap" | "x2ap" | "diameter-sctp" | "diameter-dtls" | "others" | arg)) ( /* Payload Rate limit */ sc( "rate" arg /* Rate limit */ ) ).as(:oneline) ) ), "rate" ( /* Rate limit */ c( "sccp" arg /* Global SCCP messages rate limit */, "ssp" arg /* Global SSP messages rate limit */, "sst" arg /* Global SST messages rate limit */, "address" arg ( /* Rate limit for a list of IP addresses */ c( "sccp" arg /* SCCP messages rate limit */, "ssp" arg /* SSP messages rate limit */, "sst" arg /* SST messages rate limit */ ) ) ) ) ) ) ) ), "multichunk-inspection" ( /* Configure for SCTP multi chunks inspection */ c( c( "disable" /* Set multichunk inspection flag to disable */ ) ) ), "nullpdu" ( /* Configure for SCTP NULLPDU protocol value */ c( "protocol" ( /* SCTP NULLPDU payload protocol identifier */ c( c( "ID-0x0000" /* Set 0x0000 to be NULLPDU ID value */, "ID-0xFFFF" /* Set 0xFFFF to be NULLPDU ID value */ ) ) ) ) ), "log" enum(("configuration" | "rate-limit" | "association" | "data-message-drop" | "control-message-drop" | "control-message-all")) /* GPRS stream control transmission protocol logs */.as(:oneline), "traceoptions" ( /* Trace options for GPRS stream control transmission protocol */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "detail" | "flow" | "parser" | "chassis-cluster" | "all")) /* Tracing parameters */.as(:oneline) ) ) ) ) ) ), "ngfw" ( /* Next generation unified L4/L7 firewall */ c( "default-profile" ( /* Unified L4/L7 firewall default profile configuration */ c( "ssl-proxy" ( /* SSL proxy services */ c( "profile-name" arg /* Specify SSL proxy service profile name */ ) ), "application-traffic-control" ( /* Application traffic control services */ jsf_application_traffic_control_rule_set_type /* Application traffic control services */ ) ) ) ) ), "macsec" ( /* MAC Security configuration */ security_macsec /* MAC Security configuration */ ) ) ), # End of vSRX 18.3R1.9 "interfaces" ( /* Interface configuration */ c( "pic-set" arg ( /* NP bundling configuration */ c( "interface" arg /* One or more interfaces that use this picset */, "fpc" arg ( c( "pic" arg /* Physical Interface Card number */ ) ) ) ), "interface-set" ("$junos-interface-set-name" | arg | "$junos-svlan-interface-set-name" | "$junos-tagged-vlan-interface-set-name" | "$junos-phy-ifd-interface-set-name" | "$junos-pon-id-interface-set-name") ( /* Logical interface set configuration */ c( "targeted-distribution" /* Interface participates in targeted-distribution */, "targeted-options" ( /* Targeting specific options */ c( "weight" ( /* Targeting weight for interface set */ ("$junos-interface-set-target-weight" | arg) ) ) ), "interface" arg ( /* One or more interfaces that belong to interface set */ c( "unit" arg /* One or more logical interface unit numbers */, "vlan-tags-outer" arg /* One or more outer VLAN tags */ ) ), "pppoe-underlying-options" ( /* PPP over Ethernet underlying interface-specific options */ pppoe_underlying_options_type /* PPP over Ethernet underlying interface-specific options */ ) ) ), "stacked-interface-set" ( /* Stacked interface set configuration */ c( "interface-set" ("$junos-aggregation-interface-set-name" | arg) ( /* Stacked parent interface set configuration */ c( "interface-set" ("$junos-interface-set-name" | arg | "$junos-svlan-interface-set-name" | "$junos-tagged-vlan-interface-set-name" | "$junos-phy-ifd-interface-set-name" | "$junos-pon-id-interface-set-name") /* Stacked child interface set configuration */ ) ) ) ), "traceoptions" ( /* Interface trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("all" | "kernel" | "change-events" | "kernel-detail" | "config-states" | "resource-usage" | "gres-events" | "select-events" | "bfd-events" | "lib-events" | "reserved" | "emergency" | "alert" | "critical" | "error" | "warning" | "notice" | "informational" | "debugging" | "verbose" | "japi")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "interface-range" arg ( /* Interface ranges configuration */ c( "member" arg /* Interfaces belonging to the interface range */, "member-range" arg ( /* Interfaces range in to format */ sc( "end-range" ( interface_device ) ) ).as(:oneline), "description" arg /* Text description of interface */, "external-model-name" arg /* Name for interface as configured using 3rd-party model */, "metadata" arg /* Text metadata attached to interface */, ("disable"), "promiscuous-mode" /* Enable promiscuous mode for L3 interface */, "port-mirror-instance" arg /* Port-mirror the packet to specified instance */, "multicast-statistics" /* Enable multicast statistics */, "oam-on-svlan" /* Propagate SVLAN OAM state to CVLANs */, "fabric-options" ( /* Fabric interface specific options */ c( "member-interfaces" arg /* Member interface for the fabric interface */, "remote-chassis" ( /* Remote chassis reachability */ c( "destination" ( /* Destination IP address to reach remote chassis */ ipv4addr /* Destination IP address to reach remote chassis */ ) ) ) ) ), "traceoptions" ( /* Interface trace options */ c( "flag" enum(("ipc" | "event" | "media" | "all")) /* Tracing parameters */.as(:oneline) ) ), "passive-monitor-mode" /* Use interface to tap packets from another router */, c( "keepalives" ( /* Send or demand keepalive messages */ keepalives_type /* Send or demand keepalive messages */ ).as(:oneline), "no-keepalives" /* Do not send keepalive messages */ ), "traps" /* Enable SNMP notifications on state changes */, "no-traps" /* Don't enable SNMP notifications on state changes */, "interface-mib" /* Enable interface-related MIBs */, "no-interface-mib" /* Don't enable interface-related MIBs */, "accounting-profile" arg /* Accounting profile name */, "anchor-point" ( /* Anchor point */ c( interface_device /* Interface name */ ) ), "bypass-queueing-chip" /* Enable to bypass queueing chip */, "no-bypass-queueing-chip" /* Don't enable to bypass queueing chip */, c( "per-unit-scheduler" /* Enable subunit queuing on Frame Relay or VLAN IQ interface */, "no-per-unit-scheduler" /* Don't enable subunit queuing on Frame Relay or VLAN IQ interface */, "shared-scheduler" /* Enabled shared queuing on an IQ2 interface */, "hierarchical-scheduler" ( /* Enable hierarchical scheduling */ sc( "maximum-hierarchy-levels" arg /* Maximum hierarchy levels */, "maximum-l2-nodes" arg /* Maximum l2 nodes, allowed numbers are power of 2 between 1 and 16k (needs FPC reboot) */, "maximum-l3-nodes" arg /* Maximum l3 nodes, allowed numbers are power of 2 between 2 and 32k (needs FPC reboot) */, "implicit-hierarchy" /* Implicit hierarchy (follows interface hierarchy) */ ) ).as(:oneline) ), "l2tp-maximum-session" arg /* Maximum L2TP session */, "schedulers" arg /* Number of schedulers to allocate for interface */, "interface-transmit-statistics" /* Interface statistics based on the transmitted packets */, "cascade-port" /* Cascade port */, "dce" /* Respond to Frame Relay status enquiry messages */, c( "vlan-tagging" /* 802.1q VLAN tagging support */, "stacked-vlan-tagging" /* Stacked 802.1q VLAN tagging support */, "flexible-vlan-tagging" /* Support for no tagging, or single and double 802.1q VLAN tagging */, "vlan-vci-tagging" /* CCC for VLAN Q-in-Q and ATM VPI/VCI interworking */ ), "native-vlan-id" arg /* Virtual LAN identifier for untagged frames */, "no-native-vlan-insert" /* Disable native-vlan-id insertion to untagged frames */, "vlan-offload" /* Offload VLAN filtering to NIC HW */, "input-native-vlan-push" ( /* Control native-vlan-id insertion to untagged frames when input-vlan-map push is configured */ ("disable" | "enable") ), "no-pseudowire-down-on-core-isolation" /* Do not bring the pseudowire down in the event of EVPN Core isolation */, "number-of-sub-ports" arg /* Number of channels to create for a port */, "unused" /* Disable physical port */, "speed" ( /* Link speed */ ("auto" | "auto-10m-100m" | "10m" | "100m" | "1g" | "2.5g" | "5g" | "10g" | "25g" | "40g" | "50g" | "100g" | "200g" | "400g" | "oc3" | "oc12" | "oc48") ), "forwarding-class-accounting" ( /* Configure Forwarding-class-accounting parameters */ c( "direction" ( /* Direction of the traffic to be accounted for IFD */ ("ingress" | "egress" | "both") ), "enhanced" ( c( "traffic-type" ( /* Traffic-type to be accounted for forwarding-class-accounting */ ("unicast-statistics" | "multicast-statistics") ), "family" ( /* Protocol traffic to be accounted for forwarding-class-accounting */ ("inet" | "inet6" | "both") ), "direction" ( /* Direction of the traffic to be accounted for forwarding-class-accounting */ ("ingress" | "egress" | "both") ), "overhead-bytes" arg /* Per octet overhead bytes to be accounted for forwarding-class-accounting */ ) ) ) ), "auto-configure" ( /* Auto configuration */ auto_configure_vlan_type /* Auto configuration */ ), "mtu" arg /* Maximum transmit packet size */, "hold-time" ( /* Hold time for link up and link down */ sc( "up" arg /* Link up hold time */, "down" arg /* Link down hold time */ ) ).as(:oneline), "damping" ( /* Interface damping parameters */ c( "half-life" arg /* Damping half life time */, "max-suppress" arg /* Maximum suppress time */, "reuse" arg /* Reuse threshold */, "suppress" arg /* Suppress threshold */, "enable" /* Enable interface damping */ ) ), "link-degrade-monitor" ( /* Enable link degrade monitoring */ c( c( "link-degrade-monitor-enable" /* Enable Link Degrade Monitoring */, "no-link-degrade-monitor-enable" /* Disable Link Degrade Monitoring */ ), "actions" ( /* Action upon link degrade event */ c( c( "media-based" /* Media based */ ) ) ), "recovery" ( /* Link degrade recovery mechanism */ c( "timer" arg /* Auto recovery timer in seconds */, c( "auto" /* Automatic recovery */, "manual" /* Manual recovery */ ) ) ), "thresholds" ( /* Link degrade threshold parameters */ c( "set" arg /* BER at which link considered degraded(1..16) */, "clear" arg /* BER at which link considered improved(1..16) */, "warning-set" arg /* BER at which link degrade warning raised(1..16) */, "warning-clear" arg /* BER at which link degrade warning cleared(1..16) */, "interval" arg /* Consecutive link degrade events */ ) ) ) ), "satop-options" ( /* Structure-Agnostic TDM over Packet protocol options */ c( "idle-pattern" arg /* An 8-bit hexadecimal pattern to replace TDM data in a lost packet */, "payload-size" arg /* Number of payload bytes per packet */, "excessive-packet-loss-rate" ( /* Packet loss options */ c( "threshold" arg /* Percentile designating the threshold of excessive packet loss rate */, "sample-period" arg /* Number of milliseconds over which excessive packet loss rate is calculated */ ) ), c( "jitter-buffer-packets" arg /* Number of packets in jitter buffer before packet data is played out in the line */, "jitter-buffer-latency" arg /* Number of milliseconds delay in jitter buffer before packet data is played out in the line */, "jitter-buffer-auto-adjust" /* Automatically adjust jitter buffer */ ), "bit-rate" arg /* In multiples of DS0 */ ) ), "cesopsn-options" ( /* Structure-Aware TDM over Packet protocol options */ c( "idle-pattern" arg /* An 8-bit hexadecimal pattern to replace TDM data in a lost packet */, "packetization-latency" arg /* Number of microseconds to create packets */, "payload-size" arg /* Number of payload bytes per packet */, "excessive-packet-loss-rate" ( /* Packet loss options */ c( "threshold" arg /* Percentile designating the threshold of excessive packet loss rate */, "sample-period" arg /* Number of milliseconds over which excessive packet loss rate is calculated */ ) ), c( "jitter-buffer-packets" arg /* Number of packets in jitter buffer before packet data is played out in the line */, "jitter-buffer-latency" arg /* Number of milliseconds delay in jitter buffer before packet data is played out in the line */, "jitter-buffer-auto-adjust" /* Automatically adjust jitter buffer */ ), "bit-rate" arg /* In multiples of DS0 */ ) ), "ima-group-options" ( /* IMA group options */ c( "frame-length" ( /* Frame length (cells) */ ("32" | "64" | "128" | "256") ), "symmetry" ( /* Symmetry of IMA group */ ("symmetrical-config-and-operation" | "symmetrical-config-asymmetrical-operation") ), "transmit-clock" ( /* Transmit clock */ ("common" | "independent") ), "version" ( /* IMA specification version */ ("1.0" | "1.1") ), "minimum-links" ( /* IMA group minimum active links */ c( c( arg ) ) ), "frame-synchronization" ( /* IMA group frame synchronization state parameters */ c( "alpha" arg /* Consecutive invalid ICP cells */, "beta" arg /* Consecutive errored ICP cells */, "gamma" arg /* Consecutive valid ICP cells */ ) ), "test-procedure" ( /* IMA group test pattern procedure */ c( "period" arg /* Length of IMA pattern test */, "interface" ( /* Interface name of the IMA link to test */ interface_device /* Interface name of the IMA link to test */ ), "pattern" arg /* IMA test pattern */ ) ), "differential-delay" arg /* Maximum differential delay among links in the IMA group */ ) ), "ima-link-options" ( /* IMA link options */ c( "group-id" arg /* IMA group ID this IMA link belongs to */ ) ), "multi-chassis-protection" ( /* Inter-Chassis protection configuration */ multi_chassis_protection_group /* Inter-Chassis protection configuration */ ), "clocking" ( /* Interface clock source */ sc( c( "internal" /* Clocking provided by local system */, "external" /* Clocking provided by DCE (loop timing) */ ) ) ).as(:oneline), "link-mode" ( /* Link operational mode */ ("automatic" | "half-duplex" | "full-duplex") ), "media-type" ( /* Interface media type (copper or fiber) */ ("copper" | "fiber") ), "encapsulation" ( /* Physical link-layer encapsulation */ ("ethernet" | "fddi" | "token-ring" | "ppp" | "ppp-ccc" | "ppp-tcc" | "ether-vpls-ppp" | "frame-relay" | "frame-relay-ccc" | "frame-relay-tcc" | "extended-frame-relay-ccc" | "extended-frame-relay-tcc" | "flexible-frame-relay" | "frame-relay-port-ccc" | "frame-relay-ether-type" | "frame-relay-ether-type-tcc" | "extended-frame-relay-ether-type-tcc" | "cisco-hdlc" | "cisco-hdlc-ccc" | "cisco-hdlc-tcc" | "vlan-ccc" | "extended-vlan-ccc" | "ethernet-ccc" | "flexible-ethernet-services" | "smds-dxi" | "atm-pvc" | "atm-ccc-cell-relay" | "ethernet-over-atm" | "ethernet-tcc" | "extended-vlan-tcc" | "multilink-frame-relay-uni-nni" | "satop" | "cesopsn" | "ima" | "ethernet-vpls" | "ethernet-bridge" | "vlan-vpls" | "vlan-vci-ccc" | "extended-vlan-vpls" | "extended-vlan-bridge" | "multilink-ppp" | "generic-services") ), "esi" ( /* ESI configuration of multi-homed interface */ c( "auto-derive" ( /* Auto-derive ESI value for the interface */ c( c( "lacp" /* Auto-derive ESI from lacp */ ) ) ), esi /* ESI value for the interface */, c( "single-active" /* Single-active mode */, "all-active" /* All-active mode */ ), "df-election-granularity" ( /* DF Election Granularity Selection */ c( c( "per-esi" ( /* DF Election Granularity Per Esi */ c( "lacp-oos-on-ndf" /* Lacp Oos */ ) ), "per-esi-vlan" /* Per Esi Vlan */ ) ) ), "df-election-type" ( /* DF Election Type */ c( c( "preference" ( /* Preference based DF election */ c( "value" arg /* Preference value for EVPN Multihoming DF election */ ) ) ), c( "mod" /* MOD based DF election */ ) ) ), "source-bmac" ( /* Unicast Source B-MAC address per ESI for PBB-EVPN */ mac_unicast /* Unicast Source B-MAC address per ESI for PBB-EVPN */ ) ) ), "framing" ( /* Frame type */ c( c( "lan-phy" /* 802.3ae 10-Gbps LAN-mode interface */, "wan-phy" /* 802.3ae 10-Gbps WAN-mode interface */, "sonet" /* SONET framing */, "sdh" /* SDH framing */ ), "precise-bandwidth" /* Use precise bandwidth for 10G wan-phy interface */ ) ), "unidirectional" /* Unidirectional Mode */, "lmi" ( /* Local Management Interface settings */ c( "n391dte" arg /* DTE full status polling interval */, "n392dce" arg /* DCE error threshold */, "n392dte" arg /* DTE error threshold */, "n393dce" arg /* DCE monitored event count */, "n393dte" arg /* DTE monitored event count */, "t391dte" arg /* DTE polling timer */, "t392dce" arg /* DCE polling verification timer */, "lmi-type" ( /* Specify the Frame Relay LMI type */ ("ansi" | "itu" | "c-lmi") ) ) ), "mlfr-uni-nni-bundle-options" ( /* Multilink Frame Relay UNI NNI (FRF.16) management settings */ c( "cisco-interoperability" ( /* FRF.16 Cisco interoperability settings */ c( "send-lip-remove-link-for-link-reject" /* Send Link Integrity Protocol remove link on receiving add-link rejection */ ) ), "mrru" arg /* Maximum received reconstructed unit */, "yellow-differential-delay" arg /* Yellow differential delay among bundle links to give warning */, "red-differential-delay" arg /* Red differential delay among bundle links to take action */, "action-red-differential-delay" ( /* Type of actions when differential delay exceeds red limit */ ("remove-link" | "disable-tx") ), "fragment-threshold" arg /* Fragmentation threshold */, "drop-timeout" arg /* Drop timeout */, "link-layer-overhead" ( /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ unsigned_float /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ ), "lmi-type" ( /* Specify the multilink Frame Relay UNI NNI LMI type */ ("ansi" | "itu" | "c-lmi") ), "minimum-links" arg /* Minimum number of links to sustain the bundle */, "hello-timer" arg /* LIP hello timer */, "acknowledge-timer" arg /* LIP ack timer */, "acknowledge-retries" arg /* LIP ack retry times */, "n391" arg /* Multilink Frame Relay UNI NNI full status polling counter */, "n392" arg /* Multilink Frame Relay UNI NNI LMI error threshold */, "n393" arg /* Multilink Frame Relay UNI NNI LMI monitored event count */, "t391" arg /* Multilink Frame Relay UNI NNI link integrity verify polling timer */, "t392" arg /* Multilink Frame Relay UNI NNI polling verification timer */ ) ), "mac" ( /* Hardware MAC address */ mac_unicast /* Hardware MAC address */ ), "receive-bucket" ( /* Set receive bucket parameters */ dcd_rx_bucket_config /* Set receive bucket parameters */ ), "transmit-bucket" ( /* Set transmit bucket parameters */ dcd_tx_bucket_config /* Set transmit bucket parameters */ ), "shared-interface" /* Enable shared interface on the interface */, "sonet-options" ( /* SONET interface-specific options */ sonet_options_type /* SONET interface-specific options */ ), "logical-tunnel-options" ( /* Logical Tunnel interface-specific options */ c( "link-protection" ( /* Enable link protection mode */ c( "revertive" /* Revert back (Default mode) from active backup link to primary, if primary is UP */, "non-revertive" /* Do not revert back from active backup link to primary, if primary is UP */ ) ), "per-unit-mac-disable" /* Disable the creation of per unit mac address on LT IFLs for VPLS/CCC encaps */, "load-balance" ( aggregate_load_balance ) ) ), "aggregated-sonet-options" ( /* Aggregated SONET interface-specific options */ c( "minimum-links" arg /* Minimum number of aggregated links */, "link-speed" ( /* Aggregated links speed */ ("oc3" | "oc12" | "oc48" | "oc192" | "oc768" | "mixed") ), "minimum-bandwidth" arg /* Minimum bandwidth necessary to sustain bundle */ ) ), "atm-options" ( /* ATM interface-specific options */ c( "pic-type" ( /* Type of ATM PIC (ATM I, ATM II or ATM CE) */ ("atm-ce" | "atm2" | "atm1") ), "cell-bundle-size" arg /* L2 circuit cell bundle size */, "cell-bundle-timeout" arg /* L2 circuit cell bundle timeout */, "plp-to-clp" /* Enable ATM2 PLP to CLP copy */, "use-null-cw" /* Always insert/strip null control words with cell-relay */, "promiscuous-mode" ( /* Set ATM interface to promiscuous mode */ c( "vpi" arg /* Open this VPI in promiscuous mode */.as(:oneline) ) ), "vpi" arg ( /* Define a virtual path */ c( "maximum-vcs" arg /* Maximum number of virtual circuits on this VP */, "shaping" ( /* Virtual path traffic-shaping options */ dcd_shaping_config /* Virtual path traffic-shaping options */ ), "oam-period" ( /* F4 OAM cell period */ sc( c( arg, "disable" /* Disable F4 OAM loopback */.as(:oneline) ) ) ).as(:oneline), "oam-liveness" ( /* F4 OAM virtual path liveness parameters */ c( "up-count" arg /* Number of F4 OAM cells to consider VP up */, "down-count" arg /* Number of F4 OAM cells to consider VP down */ ) ) ) ), "ilmi" /* Enable Interim Local Management Interface */, "linear-red-profiles" arg ( /* ATM2 CoS virtual circuit drop profiles */ sc( "queue-depth" arg /* Maximum queue depth */, "high-plp-threshold" arg /* Fill level percentage when linear RED is applied for high PLP */, "low-plp-threshold" arg /* Fill level percentage when linear RED is applied for low PLP */, "high-plp-max-threshold" arg /* Fill level percentage with 100 percent packet drop for high PLP */, "low-plp-max-threshold" arg /* Fill level percentage with 100 percent packet drop for low PLP */ ) ).as(:oneline), "scheduler-maps" arg ( /* ATM2 CoS parameters assigned to forwarding classes */ c( "vc-cos-mode" ( /* ATM2 virtual circuit CoS mode */ ("strict" | "alternate") ), "forwarding-class" arg ( /* Scheduling parameters associated with forwarding class */ c( "priority" ( /* Queuing priority assigned to forwarding class */ ("low" | "high") ), "transmit-weight" ( /* Transmit weight */ sc( c( "percent" arg /* Transmit weight as percentage */, "cells" arg /* Transmit weight by cells count */ ) ) ).as(:oneline), c( "epd-threshold" ( /* Early packet discard threshold for ATM2 */ epd_threshold_config /* Early packet discard threshold for ATM2 */ ).as(:oneline), "linear-red-profile" arg /* Linear RED profile profile name */ ) ) ) ) ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "payload-scrambler" /* Enable payload scrambling */, "no-payload-scrambler" /* Don't enable payload scrambling */ ) ), "multiservice-options" ( /* Multiservice interface-specific options */ c( "syslog" /* Enable system logging on this interface */, "no-syslog" /* Don't enable system logging on this interface */, "core-dump" /* Enable core dumping on this interface */, "no-core-dump" /* Don't enable core dumping on this interface */, "dump-on-flow-control" /* Enable dumping for this interface on prolonged flow-control */, "no-dump-on-flow-control" /* Don't enable dumping for this interface on prolonged flow-control */, "reset-on-flow-control" /* Enable resetting this interface on prolonged flow-control */, "no-reset-on-flow-control" /* Don't enable resetting this interface on prolonged flow-control */, "flow-control-options" ( /* Flow control configuration */ c( "dump-on-flow-control" /* Cause core dump during prolonged flow-control */, "reset-on-flow-control" /* Reset interface during prolonged flow-control */, "down-on-flow-control" /* Bring interface down during prolonged flow-control */, "up-on-flow-control" /* Keep interface up during prolonged flow-control */ ) ) ) ), "ggsn-options" ( /* GGSN interface-specific options */ c( "syslog" /* Enable system logging on this interface */, "no-syslog" /* Don't enable system logging on this interface */, "core-dump" /* Enable core dumping on this interface */, "no-core-dump" /* Don't enable core dumping on this interface */ ) ), "ppp-options" ( /* Point-to-Point Protocol (PPP) interface-specific options */ ppp_options_type /* Point-to-Point Protocol (PPP) interface-specific options */ ), "redundancy-options" ( /* Redundancy options */ c( "primary" ( /* Specify the primary interface */ interface_device /* Specify the primary interface */ ), "secondary" ( /* Specify the secondary interface */ interface_device /* Specify the secondary interface */ ), "redundancy-peer" ( /* Specify information for peer */ c( "ipaddress" ( /* Specify the IP address */ ipv4addr /* Specify the IP address */ ) ) ), "redundancy-local" ( /* Specify information for the local peer */ c( "data-address" ( /* Specify the HA local data IP address */ ipv4addr /* Specify the HA local data IP address */ ) ) ), "routing-instance" arg /* Specify routing-instance for the HA traffic */, "replication-threshold" arg /* Duration for which flow should remain active for replication */, "replication-options" ( /* Specify state replication attributes */ c( "mtu" arg /* Specify the maximal packet size for replicated data */ ) ), "replicate-services" ( /* Replicate services state from active to backup */ c( "pgcp" /* Replicate the PGCP service state */ ) ) ) ), "load-balancing-options" ( /* Load-balancing on services pics */ c( "member-interface" arg, "member-failure-options" ( /* Load balancing member failure handling options */ c( c( "redistribute-all-traffic" ( /* On a member failure, redistribute traffic to ams */ c( "enable-rejoin" /* Failed member can rejoin after recovery */ ) ), "drop-member-traffic" ( /* On a member failure, drop its traffic */ c( "rejoin-timeout" arg /* Wait time(in seconds) for failed member to rejoin */, "enable-rejoin" /* Failed member can join after recovery */ ) ) ) ) ), "no-bundle-flap" /* No bundle flap on member addition - recommended only with IPSec services */, "high-availability-options" ( /* High Availability options for Load-balancing */ c( c( "many-to-one" ( /* N:1 High Availability model */ c( "preferred-backup" ( /* Preferred backup Interface name */ interface_device /* Preferred backup Interface name */ ) ) ), "one-to-one" ( /* 1:1 High Availability model */ c( "preferred-backup" ( /* Preferred backup Interface name */ interface_device /* Preferred backup Interface name */ ) ) ) ) ) ) ) ), "aggregated-inline-services-options" ( /* Aggregated Inline Service interface specific options */ c( "primary-interface" ( /* Specify the primary interface */ interface_device /* Specify the primary interface */ ), "secondary-interface" ( /* Specify the secondary interface */ interface_device /* Specify the secondary interface */ ) ) ), "anchoring-options" ( /* Groups anchoring PFEs or FPCs together. */ c( "apfe-group-set" arg /* Ties up different anchoring groups to share similar fate */, "primary-list" arg /* Primary anchoring PFE name. */, "secondary" ( /* Secondary anchoring PFE name. */ c( arg /* Anchoring PFE name. */ ) ), c( "warm-standby" /* Delayed failover to secondary when primary fails */ ) ) ), "lsq-failure-options" ( /* Link services queuing failure options */ c( "trigger-link-failure" arg /* Link on which to trigger failure */, "no-termination-request" /* Do not send PPP termination requests */, "no-no-termination-request" /* Don't do not send PPP termination requests */ ) ), "redundancy-group" ( /* Redundancy group configuration */ c( "member-interface" arg ( /* Member interface for the redundancy group */ c( c( "active" /* Active interface */, "backup" /* Backup interface */ ) ) ), "maximum-links" arg ) ), "services-options" ( /* Services interface-specific options */ c( "syslog" ( /* Define system log parameters */ log_object /* Define system log parameters */ ), "jflow-log" ( /* Define Jflow-log parameters. */ c( "message-rate-limit" arg /* Maximum jflow-log NAT error events allowed per second from this interface */ ) ), "deterministic-nat-configuration-log-interval" ( /* Define Deterministic NAT parameters */ c( "interval" arg /* Interval in which deterministic NAT logs are generated */ ) ), "open-timeout" arg /* Timeout period for TCP session establishment */, "close-timeout" arg /* Timeout period for TCP session tear-down */, "inactivity-timeout" arg /* Inactivity timeout period for established sessions (4..86400) */, "inactivity-tcp-timeout" arg /* Inactivity timeout period for TCP established sessions */, "inactivity-asymm-tcp-timeout" arg /* Inactivity timeout period for asymmetric TCP established sessions */, "inactivity-non-tcp-timeout" arg /* Inactivity timeout period for non-TCP established sessions */, "session-timeout" arg /* Session timeout period for established sessions */, "disable-global-timeout-override" /* Disallow overriding global inactivity or session timeout */, "tcp-tickles" arg /* Number of TCP keep-alive packets to be sent for bi-directional TCP flows */, "trio-flow-offload" ( /* Allow PIC to offload flows to Trio-based PFE */ c( "minimum-bytes" arg /* Attempt flow offload after minimum bytes are seen on the flow */ ) ), "fragment-limit" arg /* Maximum number of fragments allowed for a packet */, "reassembly-timeout" arg /* Re-assembly timeout (seconds) for fragments of a packet */, "cgn-pic" /* PIC will be used for Carrier Grade NAT configuration only */, "pba-interim-logging-interval" arg /* Interim logging interval in seconds */, "session-limit" ( /* Session limit */ c( "maximum" arg /* Maximum number of sessions allowed simultaneously */, "rate" arg /* Maximum number of new sessions allowed per second */, "cpu-load-threshold" arg /* CPU limit in percentage for auto-tuning of session rate */ ) ), "enable-subscriber-analysis" /* Enable subscriber analysis on the interface */, "disable-subscriber-analysis" /* Disable subscriber analysis on the interface */, "disable-usp-tracing" /* Disable usp tracing on this pic */, "disable-drop-flows" /* Disable drop flows on this pic */, "ignore-errors" ( /* Ignore anomalies or errors */ sc( "tcp" /* TCP protocol errors */, "alg" /* ALG anomalies or errors */ ) ).as(:oneline), "capture" ( /* Packet capture for SFW and NAT on the Services PIC */ c( "capture-size" arg /* The number of packets to store */, "pkt-size" arg /* Number of bytes to be saved from each packet */, "logs-per-packet" arg /* The number of trace messages stored for each packet */, "max-log-line-size" arg /* The maximum length of a stored trace message */, "filter" ( /* Filtering options for the packet capture */ c( "source-ip" ( /* Filter based on source-ip (and wildcard) */ sc( "wildcard" ( /* Source IP wildcard */ ipaddr /* Source IP wildcard */ ), ipaddr /* Source IP */ ) ).as(:oneline), "dest-ip" ( /* Filter based on dest-ip (and wildcard) */ sc( "wildcard" ( /* Dest IP wildcard */ ipaddr /* Dest IP wildcard */ ), ipaddr /* Dest IP */ ) ).as(:oneline), "sw-sip" ( /* Filter based on source softwire ip (and wildcard) */ sc( "wildcard" ( /* Source IP wildcard */ ipv6addr /* Source IP wildcard */ ), ipv6addr /* Source softwire IP */ ) ).as(:oneline), "sw-dip" ( /* Filter based on destination softwire ip (and wildcard) */ sc( "wildcard" ( /* Destination IP wildcard */ ipaddr /* Destination IP wildcard */ ), ipaddr /* Destination softwire IP */ ) ).as(:oneline), "sport-range" ( /* Filter based on source port */ sc( "low" arg /* Source port range start */, "high" arg /* Source port range end */ ) ).as(:oneline), "dport-range" ( /* Filter based on destination port */ sc( "low" arg /* Destination port range start */, "high" arg /* Destination port range end */ ) ).as(:oneline), "proto" ( /* Filter based on L4 protocol */ ("icmp" | "tcp" | "udp") ) ) ) ) ), "flow" ( /* Define flow parameters */ c( "traceoptions" /* Trace options for flow services */ ) ), "fpc-pic-information" /* Include FPC and PIC slot number in the syslogs */, "utc-timestamp" /* Use UTC time for security log timestamps */, "syslog-local-system-timestamp" /* Use local system time for services syslog timestamp */ ) ), "t3-options" ( /* T3 interface-specific options */ c( "loopback" ( /* Loopback mode */ ("local" | "remote" | "payload") ), "long-buildout" /* Set hardware to drive line longer than 255 feet */, "no-long-buildout" /* Don't set hardware to drive line longer than 255 feet */, "loop-timing" /* Set loop timing for T3 */, "no-loop-timing" /* Don't set loop timing for T3 */, "unframed" /* Enable unframed mode */, "no-unframed" /* Don't enable unframed mode */, "compatibility-mode" ( /* Set CSU compatibility mode */ sc( c( "larscom" ( /* Compatible with Larscom CSU */ sc( "subrate" arg /* Set subrate value */ ) ).as(:oneline), "verilink" ( /* Compatible with Verilink CSU (not on 2/4-port T3 PIC) */ sc( "subrate" arg /* Set subrate value */ ) ).as(:oneline), "adtran" ( /* Compatible with Adtran CSU (not on 2/4-port T3 PIC) */ sc( "subrate" arg /* Set subrate value */ ) ).as(:oneline), "kentrox" ( /* Compatible with Kentrox CSU */ sc( "subrate" arg /* Set subrate value (not on 2/4-port T3 PIC) */ ) ).as(:oneline), "digital-link" ( /* Compatible with Digital Link CSU */ sc( "subrate" ( /* Set subrate value */ ("301Kb" | "601Kb" | "902Kb" | "1.2Mb" | "1.5Mb" | "1.8Mb" | "2.1Mb" | "2.4Mb" | "2.7Mb" | "3.0Mb" | "3.3Mb" | "3.6Mb" | "3.9Mb" | "4.2Mb" | "4.5Mb" | "4.8Mb" | "5.1Mb" | "5.4Mb" | "5.7Mb" | "6.0Mb" | "6.3Mb" | "6.6Mb" | "6.9Mb" | "7.2Mb" | "7.5Mb" | "7.8Mb" | "8.1Mb" | "8.4Mb" | "8.7Mb" | "9.0Mb" | "9.3Mb" | "9.6Mb" | "9.9Mb" | "10.2Mb" | "10.5Mb" | "10.8Mb" | "11.1Mb" | "11.4Mb" | "11.7Mb" | "12.0Mb" | "12.3Mb" | "12.6Mb" | "12.9Mb" | "13.2Mb" | "13.5Mb" | "13.8Mb" | "14.1Mb" | "14.4Mb" | "14.7Mb" | "15.0Mb" | "15.3Mb" | "15.6Mb" | "15.9Mb" | "16.2Mb" | "16.5Mb" | "16.8Mb" | "17.1Mb" | "17.4Mb" | "17.7Mb" | "18.0Mb" | "18.3Mb" | "18.6Mb" | "18.9Mb" | "19.2Mb" | "19.5Mb" | "19.8Mb" | "20.1Mb" | "20.5Mb" | "20.8Mb" | "21.1Mb" | "21.4Mb" | "21.7Mb" | "22.0Mb" | "22.3Mb" | "22.6Mb" | "22.9Mb" | "23.2Mb" | "23.5Mb" | "23.8Mb" | "24.1Mb" | "24.4Mb" | "24.7Mb" | "25.0Mb" | "25.3Mb" | "25.6Mb" | "25.9Mb" | "26.2Mb" | "26.5Mb" | "26.8Mb" | "27.1Mb" | "27.4Mb" | "27.7Mb" | "28.0Mb" | "28.3Mb" | "28.6Mb" | "28.9Mb" | "29.2Mb" | "29.5Mb" | "29.8Mb" | "30.1Mb" | "30.4Mb" | "30.7Mb" | "31.0Mb" | "31.3Mb" | "31.6Mb" | "31.9Mb" | "32.2Mb" | "32.5Mb" | "32.8Mb" | "33.1Mb" | "33.4Mb" | "33.7Mb" | "34.0Mb" | "34.3Mb" | "34.6Mb" | "34.9Mb" | "35.2Mb" | "35.5Mb" | "35.8Mb" | "36.1Mb" | "36.4Mb" | "36.7Mb" | "37.0Mb" | "37.3Mb" | "37.6Mb" | "37.9Mb" | "38.2Mb" | "38.5Mb" | "38.8Mb" | "39.1Mb" | "39.4Mb" | "39.7Mb" | "40.0Mb" | "40.3Mb" | "40.6Mb" | "40.9Mb" | "41.2Mb" | "41.5Mb" | "41.8Mb" | "42.1Mb" | "42.4Mb" | "42.7Mb" | "43.0Mb" | "43.3Mb" | "43.6Mb" | "43.9Mb" | "44.2Mb") ) ) ).as(:oneline) ) ) ).as(:oneline), "payload-scrambler" /* Enable payload scrambling */, "no-payload-scrambler" /* Don't enable payload scrambling */, "cbit-parity" /* Enable C-bit parity mode */, "no-cbit-parity" /* Don't enable C-bit parity mode */, "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "feac-loop-respond" /* Respond to FEAC loop requests */, "no-feac-loop-respond" /* Don't respond to FEAC loop requests */, "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */, "buildout" arg /* Line buildout */, "atm-encapsulation" ( /* DS-3 interface encapsulation */ ("plcp" | "direct") ) ) ), "e3-options" ( /* E3 interface-specific options */ c( "loopback" ( /* Loopback mode */ ("local" | "remote") ), "unframed" /* Enable unframed mode */, "no-unframed" /* Don't enable unframed mode */, "compatibility-mode" ( /* Set CSU compatibility mode */ sc( c( "larscom" /* Compatible with Larscom CSU (only non IQ E3 interfaces) */, "digital-link" ( /* Compatible with Digital Link CSU */ sc( "subrate" ( /* Set subrate value */ ("358Kb" | "716Kb" | "1.1Mb" | "1.4Mb" | "1.8Mb" | "2.1Mb" | "2.5Mb" | "2.9Mb" | "3.2Mb" | "3.6Mb" | "3.9Mb" | "4.3Mb" | "4.7Mb" | "5.0Mb" | "5.4Mb" | "5.7Mb" | "6.1Mb" | "6.4Mb" | "6.8Mb" | "7.2Mb" | "7.5Mb" | "7.9Mb" | "8.2Mb" | "8.6Mb" | "9.0Mb" | "9.3Mb" | "9.7Mb" | "10.0Mb" | "10.4Mb" | "10.7Mb" | "11.1Mb" | "11.5Mb" | "11.8Mb" | "12.2Mb" | "12.5Mb" | "12.9Mb" | "13.2Mb" | "13.6Mb" | "14.0Mb" | "14.3Mb" | "14.7Mb" | "15.0Mb" | "15.4Mb" | "15.8Mb" | "16.1Mb" | "16.5Mb" | "16.8Mb" | "17.2Mb" | "17.5Mb" | "17.9Mb" | "18.3Mb" | "18.6Mb" | "19.0Mb" | "19.3Mb" | "19.7Mb" | "20.0Mb" | "20.4Mb" | "20.8Mb" | "21.1Mb" | "21.5Mb" | "21.8Mb" | "22.2Mb" | "22.6Mb" | "22.9Mb" | "23.3Mb" | "23.6Mb" | "24.0Mb" | "24.3Mb" | "24.7Mb" | "25.1Mb" | "25.4Mb" | "25.8Mb" | "26.1Mb" | "26.5Mb" | "26.9Mb" | "27.2Mb" | "27.6Mb" | "27.9Mb" | "28.3Mb" | "28.6Mb" | "29.0Mb" | "29.4Mb" | "29.7Mb" | "30.1Mb" | "30.4Mb" | "30.8Mb" | "31.1Mb" | "31.5Mb" | "31.9Mb" | "32.2Mb" | "32.6Mb" | "32.9Mb" | "33.3Mb" | "33.7Mb" | "34.0Mb") ) ) ).as(:oneline), "kentrox" ( /* Compatible with Kentrox CSU */ sc( "subrate" arg /* Set subrate value (only for E3 IQ interfaces) */ ) ).as(:oneline) ) ) ).as(:oneline), "payload-scrambler" /* Enable payload scrambling */, "no-payload-scrambler" /* Don't enable payload scrambling */, "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "invert-data" /* Invert data */, "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */, "buildout" arg /* Line buildout */, "atm-encapsulation" ( /* E3 interface encapsulation */ ("plcp" | "direct") ), "framing" ( /* E3 line format */ ("g.751" | "g.832") ) ) ), "e1-options" ( /* E1 interface-specific options */ c( "timeslots" arg /* Timeslots (1..32); for example, 1-4,6,9-11,32 (no space) */, "loopback" ( /* Loopback mode */ ("local" | "remote") ), "framing" ( /* Framing mode */ ("g704" | "unframed" | "g704-no-crc4") ), "fcs" ( /* Frame checksum */ ("32" | "16") ), "invert-data" /* Invert data */, "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */ ) ), "t1-options" ( /* T1 interface-specific options */ c( "timeslots" arg /* Timeslots (1..24; for example, 1-3,4,9,22-24 (no space) */, "voice-timeslots" arg /* Voice timeslots (1..24),for example, 1-3,4,9,22-24 (no space) */, "disable-remote-alarm-detection" ( /* Disable detection of a remote alarm */ ("yellow") ), "loopback" ( /* Loopback mode */ ("local" | "remote" | "payload") ), "buildout" ( /* Line buildout */ ("0-132" | "133-265" | "266-398" | "399-531" | "532-655" | "long-0db" | "long-7.5db" | "long-15db" | "long-22.5db") ), "byte-encoding" ( /* Byte encoding */ ("nx64" | "nx56") ), "line-encoding" ( /* Line encoding */ ("ami" | "b8zs") ), "invert-data" /* Invert data */, "framing" ( /* Framing mode */ ("sf" | "esf") ), "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */, "remote-loopback-respond" /* Respond to loop requests from remote end */, "crc-major-alarm-threshold" ( /* CRC Major alarm threshold value */ ("1e-3" | "5e-4" | "1e-4" | "5e-5" | "1e-5") ), "crc-minor-alarm-threshold" ( /* CRC Minor alarm threshold value */ ("1e-3" | "5e-4" | "1e-4" | "5e-5" | "1e-5" | "5e-6" | "1e-6") ), "alarm-compliance" ( /* Enforce standard for alarm reporting */ ("accunet-t1-5-service") ) ) ), "ds0-options" ( /* DS-0 interface-specific options */ c( "loopback" ( /* Loopback mode */ ("payload") ), "byte-encoding" ( /* Byte encoding */ ("nx64" | "nx56") ), "invert-data" /* Invert data */, "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4" | "repeating-1-in-16") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */ ) ), "serial-options" ( /* Serial interface-specific options */ c( "line-protocol" ( /* Line protocol to be used */ ("eia530" | "v.35" | "x.21") ), c( "dte-options" ( /* DTE options/control leads */ c( "ignore-all" /* Ignore all control leads */, "dtr" ( /* Data Transmit Ready signal handling */ sc( c( "assert" /* Assert DTR signal */, "de-assert" /* Deassert DTR signal */, "normal" /* Normal DTR signal */, "auto-synchronize" ( /* Normal DTR signal, with autoresynchronization */ c( "duration" arg /* Duration of autoresynchronization */, "interval" arg /* Interval for autoresynchronization */ ) ) ) ) ).as(:oneline), "control-signal" ( /* X.21 control signal handling */ ("assert" | "de-assert" | "normal") ), "rts" ( /* Request To Send signal handling */ ("assert" | "de-assert" | "normal") ), "dcd" ( /* Data Carrier Detect signal handling */ ("require" | "ignore" | "normal") ), "dsr" ( /* Data Set Ready signal handling */ ("require" | "ignore" | "normal") ), "cts" ( /* Clear To Send signal handling */ ("require" | "ignore" | "normal") ), "indication" ( /* X.21 Indication signal handling */ ("require" | "ignore" | "normal") ), "tm" ( /* Test Mode signal handling */ ("require" | "ignore" | "normal") ) ) ), "dce-options" ( /* DCE options */ c( "ignore-all" /* Ignore all control leads */, "dtr" ( /* Data Transmit Ready signal handling */ ("require" | "ignore" | "normal") ), "rts" ( /* Request To Send signal handling */ ("require" | "ignore" | "normal") ), "dcd" ( /* Data Carrier Detect signal handling */ ("assert" | "de-assert" | "normal") ), "dsr" ( /* Data Set Ready signal handling */ ("assert" | "de-assert" | "normal") ), "cts" ( /* Clear To Send signal handling */ ("assert" | "de-assert" | "normal") ), "tm" ( /* Test Mode signal handling */ ("require" | "ignore" | "normal") ), "dce-loopback-override" /* DCE loopback override */ ) ) ), "dtr-circuit" ( /* Data Transmit Ready circuit mode */ ("balanced" | "unbalanced") ), "dtr-polarity" ( /* Data Transmit Ready signal polarity */ ("positive" | "negative") ), "rts-polarity" ( /* Request To Send signal polarity */ ("positive" | "negative") ), "control-polarity" ( /* X.21 Control signal polarity */ ("positive" | "negative") ), "dcd-polarity" ( /* Data Carrier Detect signal polarity */ ("positive" | "negative") ), "dsr-polarity" ( /* Data Set Ready signal polarity */ ("positive" | "negative") ), "cts-polarity" ( /* Clear To Send signal polarity */ ("positive" | "negative") ), "indication-polarity" ( /* X.21 Indication signal polarity */ ("positive" | "negative") ), "tm-polarity" ( /* Test Mode signal polarity */ ("positive" | "negative") ), "clocking-mode" ( /* Clock mode */ ("dce" | "internal" | "loop") ), "transmit-clock" ( /* Transmit clock phase */ ("invert") ), "clock-rate" ( /* Interface clock rate */ ("2.048mhz" | "2.341mhz" | "2.731mhz" | "3.277mhz" | "4.096mhz" | "5.461mhz" | "8.192mhz" | "16.384mhz" | "1.2khz" | "2.4khz" | "9.6khz" | "19.2khz" | "38.4khz" | "56.0khz" | "64.0khz" | "72.0khz" | "125.0khz" | "148.0khz" | "250.0khz" | "500.0khz" | "800.0khz" | "1.0mhz" | "1.3mhz" | "2.0mhz" | "4.0mhz" | "8.0mhz") ), "loopback" ( /* Loopback mode */ ("local" | "remote" | "dce-local" | "dce-remote") ), "encoding" ( /* Line encoding */ ("nrz" | "nrzi") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ) ) ), "gratuitous-arp-reply" /* Enable gratuitous ARP reply */, "no-gratuitous-arp-reply" /* Don't enable gratuitous ARP reply */, "no-gratuitous-arp-request" /* Ignore gratuitous ARP request */, "no-no-gratuitous-arp-request" /* Don't ignore gratuitous ARP request */, "arp-l2-validate" /* Validate ARP against L2 */, "ether-options" ( /* Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "loopback-remote" /* Enable remote loopback */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "ethernet-switch-profile" ( /* Ethernet virtual LAN/media access control-level options */ c( "tag-protocol-id" arg /* IEEE 802.1q Tag Protocol Identifier values for VLAN-tagged frames */, "ethernet-policer-profile" ( /* Ethernet level CoS-based policer configuration */ c( "input-priority-map" ( /* Input policer priority map */ cos_policer_input_priority_map /* Input policer priority map */ ), "output-priority-map" ( /* Output policer priority map */ cos_policer_output_priority_map /* Output policer priority map */ ), "policer" ( /* Policer template definition */ cos_policer /* Policer template definition */ ) ) ), "storm-control" ( /* Storm control profile name to bind */ c( arg /* Profile name */ ) ), "recovery-timeout" ( /* Recovery timeout for this interface */ sc( arg ) ).as(:oneline), "mac-learn-enable" /* Learn MAC addresses dynamically */, "no-mac-learn-enable" /* Don't learn MAC addresses dynamically */ ) ), "asynchronous-notification" /* Enable sending asynchronous notification to peer on CCC-down */, "source-address-filter" arg /* Source address filters */.as(:oneline), "auto-negotiation" /* Enable auto-negotiation */, "no-auto-negotiation" /* Don't enable auto-negotiation */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "configured-flow-control" ( /* Enable flow control */ c( "rx-buffers" ( /* Enable/Disable Rx buffers */ ("on" | "off") ), "tx-buffers" ( /* Enable/Disable Tx buffers */ ("on" | "off") ) ) ), "link-mode" ( /* Link duplex */ ("automatic" | "half-duplex" | "full-duplex") ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "ignore-l3-incompletes" /* Ignore L3 incomplete errors */, "no-auto-mdix" /* Disable auto MDI/MDIX */, "fec" ( /* Forward Error Correction mode */ ("none" | "fec91" | "fec74" | "fec108") ), "speed" ( /* Specify speed */ c( c( "auto-negotiation" ( /* Enable auto-negotiation */ sc( "auto-negotiate-10-100" /* Limits the auto-negotiation to 10m/100m only */ ) ).as(:oneline), "ethernet-10m" /* 10Mbps */, "ethernet-100m" /* 100Mbps */, "ethernet-1g" /* 1Gbps */, "ethernet-10g" /* 10Gbps */ ) ) ), "ieee-802.3ad" ( /* IEEE 802.3ad */ c( "lacp" ( /* Link Aggregation Control Protocol configuration */ c( "force-up" /* Keep the port up in absence of received LACPDU */, "port-priority" arg /* Priority of the port (0 ... 65535) */ ) ), interface_device /* Join an aggregated Ethernet interface */, c( "primary" /* Primary interface for link-protection mode */, "backup" /* Backup interface for link-protection mode */ ), "link-protection-sub-group" ( /* Link Protection subgroup configuration */ c( arg ) ), "port-priority" arg /* Link protection Priority of the port (0 ... 65535) */ ) ), "ieee-802-3az-eee" /* IEEE 802.3az Energy Efficient Ethernet(EEE) */, "mdi-mode" ( /* Cable cross-over mode */ ("auto" | "force" | "mdi" | "mdix") ), "redundant-parent" ( /* Parent of this interface */ c( interface_device /* Join a redundant ethernet interface */ ) ), "autostate-exclude" /* Interface will not contribute to IRB state */ ) ), "fibrechannel-options" ( /* Fibre Channel interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "bb-sc-n" arg /* B2B state change number */, "speed" ( /* Specify speed */ ("auto-negotiation" | "1g" | "2g" | "4g" | "8g") ) ) ), "gigether-options" ( /* Gigabit Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "loopback-remote" /* Enable remote loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, c( "no-auto-negotiation" /* Disable auto-negotiation */, "auto-negotiation" ( /* Enable auto-negotiation */ sc( "remote-fault" ( ("local-interface-offline" | "local-interface-online") ) ) ).as(:oneline) ), "mac-mode" ( /* Physical layer protocol of MAC's SERDES interface */ ("sgmii" | "mac-mode-1000base-x") ), "asynchronous-notification" /* Enable sending asynchronous notification to peer on CCC-down */, "source-address-filter" arg /* Source address filters */.as(:oneline), "pad-to-minimum-frame-size" /* Pad Tx vlan tagged frame to minimum of 68 bytes */, "redundant-parent" ( /* Parent of this interface */ c( interface_device /* Join a redundant-ethernet interface */ ) ), "ieee-802.3ad" ( /* IEEE 802.3ad */ c( "lacp" ( /* Link Aggregation Control Protocol configuration */ c( "port-priority" arg /* Priority of the port (0 ... 65535) */ ) ), interface_device /* Join an aggregated Ethernet interface */, "link-index" arg /* Desired child link index within the Aggregated Interface */, c( "primary" /* Primary interface for link-protection mode */, "backup" /* Backup interface for link-protection mode */ ), "distribution-list" arg /* Distribution list to which interface belongs */ ) ), "ethernet-switch-profile" ( /* Ethernet virtual LAN/media access control-level options */ c( "tag-protocol-id" arg /* IEEE 802.1q Tag Protocol Identifier values for VLAN-tagged frames */, "ethernet-policer-profile" ( /* Ethernet level CoS-based policer configuration */ c( "ieee802.1-priority-map" ( /* Premium priority values for IEEE 802.1p bits */ c( "premium" arg /* Premium policer priority map */ ) ), "input-priority-map" ( /* Input policer priority map */ cos_policer_input_priority_map /* Input policer priority map */ ), "output-priority-map" ( /* Output policer priority map */ cos_policer_output_priority_map /* Output policer priority map */ ), "policer" ( /* Policer template definition */ cos_policer /* Policer template definition */ ) ) ), "accept-from" ( /* Accept traffic from or to specified remote MAC */ c( "mac-address" ( /* Remote MAC */ mac_list /* Remote MAC */ ) ) ), "reject-the-rest" /* Accept traffic from only the specified MAC addresses */, "no-reject-the-rest" /* Don't accept traffic from only the specified MAC addresses */, "mac-learn-enable" /* Learn MAC addresses dynamically */ ) ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "ignore-l3-incompletes" /* Ignore L3 incomplete errors */, "no-auto-mdix" /* Disable auto MDI/MDIX */, "ieee-802-3az-eee" /* IEEE 802.3az Energy Efficient Ethernet(EEE) */, "mru" arg /* Maximum receive packet size */, "fec" ( /* Forward Error Correction mode */ ("none" | "fec91" | "fec74" | "fec108") ), "speed" ( /* Speed mode */ ("1g" | "10g") ) ) ), "optics-options" ( /* Optics options */ c( "wavelength" ( /* Wavelength of the optics (nanometers) for 50Ghz/100Ghz spacing */ ("1568.77" | "1568.36" | "1568.31" | "1568.26" | "1568.21" | "1568.16" | "1568.11" | "1568.05" | "1568.00" | "1567.95" | "1567.90" | "1567.85" | "1567.80" | "1567.75" | "1567.70" | "1567.64" | "1567.59" | "1567.54" | "1567.49" | "1567.44" | "1567.39" | "1567.34" | "1567.29" | "1567.23" | "1567.18" | "1567.13" | "1567.08" | "1567.03" | "1566.98" | "1566.93" | "1566.88" | "1566.83" | "1566.77" | "1566.72" | "1566.67" | "1566.62" | "1566.57" | "1566.52" | "1566.47" | "1566.42" | "1566.36" | "1566.31" | "1566.26" | "1566.21" | "1566.16" | "1566.11" | "1566.06" | "1566.01" | "1565.96" | "1565.90" | "1565.85" | "1565.80" | "1565.75" | "1565.70" | "1565.65" | "1565.60" | "1565.55" | "1565.50" | "1565.44" | "1565.39" | "1565.34" | "1565.29" | "1565.24" | "1565.19" | "1565.14" | "1565.09" | "1565.04" | "1564.99" | "1564.93" | "1564.88" | "1564.83" | "1564.78" | "1564.73" | "1564.68" | "1564.63" | "1564.58" | "1564.53" | "1564.47" | "1564.42" | "1564.37" | "1564.32" | "1564.27" | "1564.22" | "1564.17" | "1564.12" | "1564.07" | "1564.02" | "1563.96" | "1563.91" | "1563.86" | "1563.81" | "1563.76" | "1563.71" | "1563.66" | "1563.61" | "1563.56" | "1563.51" | "1563.45" | "1563.40" | "1563.35" | "1563.30" | "1563.25" | "1563.20" | "1563.15" | "1563.10" | "1563.05" | "1563.00" | "1562.95" | "1562.89" | "1562.84" | "1562.79" | "1562.74" | "1562.69" | "1562.64" | "1562.59" | "1562.54" | "1562.49" | "1562.44" | "1562.39" | "1562.33" | "1562.28" | "1562.23" | "1562.18" | "1562.13" | "1562.08" | "1562.03" | "1561.98" | "1561.93" | "1561.88" | "1561.83" | "1561.77" | "1561.72" | "1561.67" | "1561.62" | "1561.57" | "1561.52" | "1561.47" | "1561.42" | "1561.37" | "1561.32" | "1561.27" | "1561.22" | "1561.16" | "1561.11" | "1561.06" | "1561.01" | "1560.96" | "1560.91" | "1560.86" | "1560.81" | "1560.76" | "1560.71" | "1560.66" | "1560.61" | "1560.56" | "1560.50" | "1560.45" | "1560.40" | "1560.35" | "1560.30" | "1560.25" | "1560.20" | "1560.15" | "1560.10" | "1560.05" | "1560.00" | "1559.95" | "1559.90" | "1559.84" | "1559.79" | "1559.74" | "1559.69" | "1559.64" | "1559.59" | "1559.54" | "1559.49" | "1559.44" | "1559.39" | "1559.34" | "1559.29" | "1559.24" | "1559.19" | "1559.14" | "1559.08" | "1559.03" | "1558.98" | "1558.93" | "1558.88" | "1558.83" | "1558.78" | "1558.73" | "1558.68" | "1558.63" | "1558.58" | "1558.53" | "1558.48" | "1558.43" | "1558.38" | "1558.32" | "1558.27" | "1558.22" | "1558.17" | "1558.12" | "1558.07" | "1558.02" | "1557.97" | "1557.92" | "1557.87" | "1557.82" | "1557.77" | "1557.72" | "1557.67" | "1557.62" | "1557.57" | "1557.52" | "1557.46" | "1557.41" | "1557.36" | "1557.31" | "1557.26" | "1557.21" | "1557.16" | "1557.11" | "1557.06" | "1557.01" | "1556.96" | "1556.91" | "1556.86" | "1556.81" | "1556.76" | "1556.71" | "1556.66" | "1556.61" | "1556.55" | "1556.50" | "1556.45" | "1556.40" | "1556.35" | "1556.30" | "1556.25" | "1556.20" | "1556.15" | "1556.10" | "1556.05" | "1556.00" | "1555.95" | "1555.90" | "1555.85" | "1555.80" | "1555.75" | "1555.70" | "1555.65" | "1555.60" | "1555.55" | "1555.49" | "1555.44" | "1555.39" | "1555.34" | "1555.29" | "1555.24" | "1555.19" | "1555.14" | "1555.09" | "1555.04" | "1554.99" | "1554.94" | "1554.89" | "1554.84" | "1554.79" | "1554.74" | "1554.69" | "1554.64" | "1554.59" | "1554.54" | "1554.49" | "1554.44" | "1554.39" | "1554.34" | "1554.29" | "1554.23" | "1554.18" | "1554.13" | "1554.08" | "1554.03" | "1553.98" | "1553.93" | "1553.88" | "1553.83" | "1553.78" | "1553.73" | "1553.68" | "1553.63" | "1553.58" | "1553.53" | "1553.48" | "1553.43" | "1553.38" | "1553.33" | "1553.28" | "1553.23" | "1553.18" | "1553.13" | "1553.08" | "1553.03" | "1552.98" | "1552.93" | "1552.88" | "1552.83" | "1552.78" | "1552.73" | "1552.68" | "1552.62" | "1552.57" | "1552.52" | "1552.47" | "1552.42" | "1552.37" | "1552.32" | "1552.27" | "1552.22" | "1552.17" | "1552.12" | "1552.07" | "1552.02" | "1551.97" | "1551.92" | "1551.87" | "1551.82" | "1551.77" | "1551.72" | "1551.67" | "1551.62" | "1551.57" | "1551.52" | "1551.47" | "1551.42" | "1551.37" | "1551.32" | "1551.27" | "1551.22" | "1551.17" | "1551.12" | "1551.07" | "1551.02" | "1550.97" | "1550.92" | "1550.87" | "1550.82" | "1550.77" | "1550.72" | "1550.67" | "1550.62" | "1550.57" | "1550.52" | "1550.47" | "1550.42" | "1550.37" | "1550.32" | "1550.27" | "1550.22" | "1550.17" | "1550.12" | "1550.07" | "1550.02" | "1549.97" | "1549.92" | "1549.87" | "1549.82" | "1549.77" | "1549.72" | "1549.67" | "1549.62" | "1549.57" | "1549.52" | "1549.47" | "1549.42" | "1549.37" | "1549.32" | "1549.26" | "1549.21" | "1549.16" | "1549.11" | "1549.06" | "1549.01" | "1548.96" | "1548.91" | "1548.86" | "1548.81" | "1548.76" | "1548.71" | "1548.66" | "1548.61" | "1548.56" | "1548.51" | "1548.46" | "1548.41" | "1548.36" | "1548.31" | "1548.26" | "1548.21" | "1548.16" | "1548.11" | "1548.06" | "1548.02" | "1547.97" | "1547.92" | "1547.87" | "1547.82" | "1547.77" | "1547.72" | "1547.67" | "1547.62" | "1547.57" | "1547.52" | "1547.47" | "1547.42" | "1547.37" | "1547.32" | "1547.27" | "1547.22" | "1547.17" | "1547.12" | "1547.07" | "1547.02" | "1546.97" | "1546.92" | "1546.87" | "1546.82" | "1546.77" | "1546.72" | "1546.67" | "1546.62" | "1546.57" | "1546.52" | "1546.47" | "1546.42" | "1546.37" | "1546.32" | "1546.27" | "1546.22" | "1546.17" | "1546.12" | "1546.07" | "1546.02" | "1545.97" | "1545.92" | "1545.87" | "1545.82" | "1545.77" | "1545.72" | "1545.67" | "1545.62" | "1545.57" | "1545.52" | "1545.47" | "1545.42" | "1545.37" | "1545.32" | "1545.27" | "1545.22" | "1545.17" | "1545.12" | "1545.07" | "1545.02" | "1544.97" | "1544.92" | "1544.87" | "1544.82" | "1544.77" | "1544.72" | "1544.68" | "1544.63" | "1544.58" | "1544.53" | "1544.48" | "1544.43" | "1544.38" | "1544.33" | "1544.28" | "1544.23" | "1544.18" | "1544.13" | "1544.08" | "1544.03" | "1543.98" | "1543.93" | "1543.88" | "1543.83" | "1543.78" | "1543.73" | "1543.68" | "1543.63" | "1543.58" | "1543.53" | "1543.48" | "1543.43" | "1543.38" | "1543.33" | "1543.28" | "1543.23" | "1543.18" | "1543.13" | "1543.08" | "1543.04" | "1542.99" | "1542.94" | "1542.89" | "1542.84" | "1542.79" | "1542.74" | "1542.69" | "1542.64" | "1542.59" | "1542.54" | "1542.49" | "1542.44" | "1542.39" | "1542.34" | "1542.29" | "1542.24" | "1542.19" | "1542.14" | "1542.09" | "1542.04" | "1541.99" | "1541.94" | "1541.89" | "1541.84" | "1541.80" | "1541.75" | "1541.70" | "1541.65" | "1541.60" | "1541.55" | "1541.50" | "1541.45" | "1541.40" | "1541.35" | "1541.30" | "1541.25" | "1541.20" | "1541.15" | "1541.10" | "1541.05" | "1541.00" | "1540.95" | "1540.90" | "1540.85" | "1540.80" | "1540.76" | "1540.71" | "1540.66" | "1540.61" | "1540.56" | "1540.51" | "1540.46" | "1540.41" | "1540.36" | "1540.31" | "1540.26" | "1540.21" | "1540.16" | "1540.11" | "1540.06" | "1540.01" | "1539.96" | "1539.91" | "1539.86" | "1539.82" | "1539.77" | "1539.72" | "1539.67" | "1539.62" | "1539.57" | "1539.52" | "1539.47" | "1539.42" | "1539.37" | "1539.32" | "1539.27" | "1539.22" | "1539.17" | "1539.12" | "1539.07" | "1539.03" | "1538.98" | "1538.93" | "1538.88" | "1538.83" | "1538.78" | "1538.73" | "1538.68" | "1538.63" | "1538.58" | "1538.53" | "1538.48" | "1538.43" | "1538.38" | "1538.33" | "1538.28" | "1538.24" | "1538.19" | "1538.14" | "1538.09" | "1538.04" | "1537.99" | "1537.94" | "1537.89" | "1537.84" | "1537.79" | "1537.74" | "1537.69" | "1537.64" | "1537.59" | "1537.55" | "1537.50" | "1537.45" | "1537.40" | "1537.35" | "1537.30" | "1537.25" | "1537.20" | "1537.15" | "1537.10" | "1537.05" | "1537.00" | "1536.95" | "1536.90" | "1536.86" | "1536.81" | "1536.76" | "1536.71" | "1536.66" | "1536.61" | "1536.56" | "1536.51" | "1536.46" | "1536.41" | "1536.36" | "1536.31" | "1536.26" | "1536.22" | "1536.17" | "1536.12" | "1536.07" | "1536.02" | "1535.97" | "1535.92" | "1535.87" | "1535.82" | "1535.77" | "1535.72" | "1535.67" | "1535.63" | "1535.58" | "1535.53" | "1535.48" | "1535.43" | "1535.38" | "1535.33" | "1535.28" | "1535.23" | "1535.18" | "1535.13" | "1535.08" | "1535.04" | "1534.99" | "1534.94" | "1534.89" | "1534.84" | "1534.79" | "1534.74" | "1534.69" | "1534.64" | "1534.59" | "1534.54" | "1534.50" | "1534.45" | "1534.40" | "1534.35" | "1534.30" | "1534.25" | "1534.20" | "1534.15" | "1534.10" | "1534.05" | "1534.00" | "1533.96" | "1533.91" | "1533.86" | "1533.81" | "1533.76" | "1533.71" | "1533.66" | "1533.61" | "1533.56" | "1533.51" | "1533.47" | "1533.42" | "1533.37" | "1533.32" | "1533.27" | "1533.22" | "1533.17" | "1533.12" | "1533.07" | "1533.02" | "1532.98" | "1532.93" | "1532.88" | "1532.83" | "1532.78" | "1532.73" | "1532.68" | "1532.63" | "1532.58" | "1532.53" | "1532.49" | "1532.44" | "1532.39" | "1532.34" | "1532.29" | "1532.24" | "1532.19" | "1532.14" | "1532.09" | "1532.04" | "1532.00" | "1531.95" | "1531.90" | "1531.85" | "1531.80" | "1531.75" | "1531.70" | "1531.65" | "1531.60" | "1531.56" | "1531.51" | "1531.46" | "1531.41" | "1531.36" | "1531.31" | "1531.26" | "1531.21" | "1531.16" | "1531.12" | "1531.07" | "1531.02" | "1530.97" | "1530.92" | "1530.87" | "1530.82" | "1530.77" | "1530.72" | "1530.68" | "1530.63" | "1530.58" | "1530.53" | "1530.48" | "1530.43" | "1530.38" | "1530.33" | "1530.29" | "1530.24" | "1530.19" | "1530.14" | "1530.09" | "1530.04" | "1529.99" | "1529.94" | "1529.89" | "1529.85" | "1529.80" | "1529.75" | "1529.70" | "1529.65" | "1529.60" | "1529.55" | "1529.50" | "1529.46" | "1529.41" | "1529.36" | "1529.31" | "1529.26" | "1529.21" | "1529.16" | "1529.11" | "1529.07" | "1529.02" | "1528.97" | "1528.92" | "1528.87" | "1528.82" | "1528.77" | "1528.38") ), "tx-power" arg /* Transmit laser output power */, "loopback" /* Put the optics in loopback mode */, "los-warning-threshold" arg /* LOS warning threshold */, "los-alarm-threshold" arg /* LOS alarm threshold */, "modulation-format" ( /* Type of Modulation Format */ ("16qam" | "8qam" | "qpsk") ), "laser-enable" /* Enable Laser */, "no-laser-enable" /* Don't enable Laser */, "is-ma" /* Link is enabled with alarms masked */, "no-is-ma" /* Don't link is enabled with alarms masked */, "encoding" ( /* Line encoding */ ("differential" | "non-differential") ), "fec" ( /* Forward Error Correction mode */ ("sdfec" | "sdfec25" | "hgfec" | "sdfec15") ), "high-polarization" /* High polarization tracking mode */, "signal-degrade" ( /* Signal degrade thresholds */ c( "interval" arg /* Time interval */, "ber-threshold-clear" arg /* Ber threshold for signal degrade clear (format: xe-n, example: 4.5e-3) */, "ber-threshold-signal-degrade" arg /* Ber threshold for signal-degrade (format: xe-n, example: 4.5e-3) */, "q-threshold-signal-degrade-clear" arg /* Q threshold for signal-degrade clear (e.g. 14.26) */, "q-threshold-signal-degrade" arg /* Q threshold for signal-degrade (e.g. 9.26) */ ) ), "alarm" enum(("low-light-alarm")) ( /* Set optic alarms */ c( c( "syslog", "link-down" ) ) ), "tca" ( /* Set tca for optic alarms */ c( "tx-power-high-tca" ( /* Tx power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute tx power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour tx power high TCA in dBm */ ) ), "tx-power-low-tca" ( /* Tx power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute tx power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour tx power low TCA in dBm */ ) ), "rx-power-high-tca" ( /* Rx power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute rx power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour rx power high TCA in dBm */ ) ), "rx-power-low-tca" ( /* Rx power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute rx power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour rx power low TCA in dBm */ ) ), "temperature-high-tca" ( /* Temperature high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute high temperature TCA in celsius */, "threshold-24hrs" arg /* Threshold for 24 hour high temperature TCA in celsius */ ) ), "temperature-low-tca" ( /* Temperature low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute low temperature TCA in celsius */, "threshold-24hrs" arg /* Threshold for 24 hour low temperature TCA in celsius */ ) ), "carrier-frequency-offset-high-tca" ( /* Carrier frequency offset high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency offset high TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency offset high TCA in MHz */ ) ), "carrier-frequency-offset-low-tca" ( /* Carrier frequency offset low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency offset low TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency offset low TCA in MHz */ ) ), "fec-ber" ( /* Optics Errored Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the Optics errored seconds threshold crossing alert */, "no-enable-tca" /* Don't enable the Optics errored seconds threshold crossing alert */, "threshold" arg /* TCA threshold for BER value in format: xe-n, x is an integer or decimal number, n = 0..9 */, "threshold-24hrs" arg /* TCA threshold for BER value in format: xe-n, x is an integer or decimal number, n = 0..9 */ ) ).as(:oneline), "tec-current-high-tca" ( /* TEC Current high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute TEC Current high TCA in mA */, "threshold-24hrs" arg /* Threshold for 24 hour TEC Current high TCA in mA */ ) ), "tec-current-low-tca" ( /* TEC Current low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute TEC Current low TCA in mA */, "threshold-24hrs" arg /* Threshold for 24 hour TEC Current low TCA in mA */ ) ), "residual-isi-high-tca" ( /* Residual ISI high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Residual ISI high TCA in ps/nm */, "threshold-24hrs" arg /* Threshold for 24 hour Residual ISI high TCA in ps/nm */ ) ), "residual-isi-low-tca" ( /* Residual ISI low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Residual ISI low TCA in ps/nm */, "threshold-24hrs" arg /* Threshold for 24 hour Residual ISI low TCA in ps/nm */ ) ), "pam-histogram-high-tca" ( /* PAM Histogram high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute PAM Histogram high TCA */, "threshold-24hrs" arg /* Threshold for 24 hour PAM Histogram high TCA */ ) ), "snr-low-tca" ( /* SNR low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute SNR low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour SNR low TCA in dBm */ ) ), "fec-corrected-errors-high-tca" ( /* FEC Corrected Error High Threshold crossing defect trigger */ c( "enable-tca" /* Enable the FEC Corrected Errors threshold crossing alert */, "no-enable-tca" /* Don't enable the FEC Corrected Errors threshold crossing alert */, "threshold" arg /* FEC Corrected-Errs value in format: xe-n, x is an integer or decimal number, n = 0..9 */, "threshold-24hrs" arg /* FEC Corrected-Errs value in format: xe-n, x is an integer or decimal number, n = 0..9 */ ) ), "fec-ucorrected-words-high-tca" ( /* FEC UCorrected Words High Threshold crossing defect trigger */ c( "enable-tca" /* Enable the FEC UCorrected Words threshold crossing alert */, "no-enable-tca" /* Don't enable the FEC UCorrected Words threshold crossing alert */, "threshold" arg /* FEC UCorrected-Words value in format: xe-n, x is an integer or decimal number, n = 0..9 */, "threshold-24hrs" arg /* FEC UCorrected-Words value in format: xe-n, x is an integer or decimal number, n = 0..9 */ ) ), "laser-frequency-error-high-tca" ( /* Laser frequency error high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency error high TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency error high TCA in MHz */ ) ), "laser-frequency-error-low-tca" ( /* Laser frequency error low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency error low TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency error low TCA in MHz */ ) ) ) ), "warning" enum(("low-light-warning")) ( /* Set optic warnings */ c( c( "syslog" /* Set action as syslog */, "link-down" /* Set action as link-down */ ) ) ), "low-power-mode" /* Force optics to low power mode */, "host-side-fec" ( /* Host side optics FEC ON/OFF */ ("off" | "on") ), "media-side-fec" ( /* Media side FEC ON/OFF */ ("off" | "on") ), c( "lane" arg ( /* Media lane number */ c( "tx-laser" ( /* Transmit Laser ON/OFF */ ("off" | "on") ), "rx-output" ( /* Receive output ON/OFF */ ("off" | "on") ), "tx-cdr" ( /* Transmit Clock and Data Recovery ON/OFF */ ("off" | "on") ), "rx-cdr" ( /* Receive Clock and Data Recovery ON/OFF */ ("off" | "on") ), "tx-input-equalization-adaptive" ( /* Transmit adaptive equalization ON/OFF */ ("off" | "on") ), "tx-input-equalization-manual" arg /* Transmit manual equalization for optics */, "rx-output-emphasis" arg /* Receive output emphasis for optics */, "rx-output-amplitude" ( /* Receive output amplitude setting */ ("400mV" | "600mV" | "800mV" | "1200mV") ), "tx-squelch" ( /* Transmit squelch ON/OFF */ ("off" | "on") ), "rx-squelch" ( /* Receive squelch ON/OFF */ ("off" | "on") ), "tx-rate-select" arg /* Transmit rate select for optics */, "rx-rate-select" arg /* Receive rate select for optics */ ) ), "lane-all" ( /* Apply settings to all lane */ c( "tx-laser" ( /* Transmit Laser ON/OFF */ ("off" | "on") ), "rx-output" ( /* Receive output ON/OFF */ ("off" | "on") ), "tx-cdr" ( /* Transmit Clock and Data Recovery ON/OFF */ ("off" | "on") ), "rx-cdr" ( /* Receive Clock and Data Recovery ON/OFF */ ("off" | "on") ), "tx-input-equalization-adaptive" ( /* Transmit adaptive equalization ON/OFF */ ("off" | "on") ), "tx-input-equalization-manual" arg /* Transmit manual equalization for optics */, "rx-output-emphasis" arg /* Receive output emphasis for optics */, "rx-output-amplitude" ( /* Receive output amplitude setting */ ("400mV" | "600mV" | "800mV" | "1200mV") ), "tx-squelch" ( /* Transmit squelch ON/OFF */ ("off" | "on") ), "rx-squelch" ( /* Receive squelch ON/OFF */ ("off" | "on") ), "tx-rate-select" arg /* Transmit rate select for optics */, "rx-rate-select" arg /* Receive rate select for optics */ ) ) ) ) ), "otn-options" ( /* Optical Transmission Network interface-specific options */ otn_options_type /* Optical Transmission Network interface-specific options */ ), "tdm-options" ( /* Time division multiplexing (TDM) interface-specific options */ tdm_options_type /* Time division multiplexing (TDM) interface-specific options */ ), "och-options" ( /* Optical channel configuration options */ och_attributes /* Optical channel configuration options */ ), "otu-options" ( /* Optical transmission unit configuration options */ otu_attributes /* Optical transmission unit configuration options */ ), "odu-options" ( /* Optical data unit configuration options */ odu_attributes /* Optical data unit configuration options */ ), "ett-options" ( /* Transport ethernet client configuration options */ ett_attributes /* Transport ethernet client configuration options */ ), "fastether-options" ( /* Fast Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "auto-negotiation" /* Enable auto-negotiation */, "no-auto-negotiation" /* Don't enable auto-negotiation */, "ingress-rate-limit" arg /* Ingress rate at port */, "source-address-filter" arg /* Source address filters */.as(:oneline), "redundant-parent" ( /* Parent of this interface */ c( interface_device /* Join a redundant ethernet interface */ ) ), "ieee-802.3ad" ( /* IEEE 802.3ad */ c( "lacp" ( /* Link Aggregation Control Protocol configuration */ c( "port-priority" arg /* Priority of the port (0 ... 65535) */ ) ), interface_device /* Join an aggregated Ethernet interface */, c( "primary" /* Primary interface for link-protection mode */, "backup" /* Backup interface for link-protection mode */ ) ) ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "ignore-l3-incompletes" /* Ignore L3 incomplete errors */ ) ), "redundant-ether-options" ( /* Ethernet redundancy options */ c( "redundancy-group" arg /* Redundancy group of this interface */, "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "source-address-filter" arg /* Source address filters */.as(:oneline), "mru" arg /* Maximum receive packet size */, "link-speed" ( /* Link speed of individual interface that joins the RETH */ ("10m" | "100m" | "1g" | "10g") ), "minimum-links" arg /* Minimum number of active links */, "lacp" ( /* Link Aggregation Control Protocol configuration */ c( c( "active" /* Initiate transmission of LACP packets */, "passive" /* Respond to LACP packets */ ), "periodic" ( /* Timer interval for periodic transmission of LACP packets */ ("fast" | "slow") ) ) ) ) ), "aggregated-ether-options" ( /* Aggregated Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "autostate-exclude" /* Interface will not contribute to IRB state */, "link-protection" ( /* Enable link protection mode */ c( "revertive" /* Revert back from active backup link to primary, if primary is UP */, "non-revertive" /* Do not revert back (default mode) from active backup link to primary, if primary is UP */, "backup-state" ( /* Link protection backup link state */ ("accept-data" | "discard-data" | "down") ), "rtg-config" ( /* RTG enable on AE */ c( "preempt-cutover-timer" arg /* RTG preempt-cutover-timer in seconds */ ) ) ) ), "fcoe-lag" /* Enable FIP/FCoE LAG */, "no-fcoe-lag" /* Don't enable FIP/FCoE LAG */, "source-address-filter" arg /* Source address filters */.as(:oneline), "configured-flow-control" ( /* Enable flow control */ c( "rx-buffers" ( /* Enable/Disable Rx buffers */ ("on" | "off") ), "tx-buffers" ( /* Enable/Disable Tx buffers */ ("on" | "off") ) ) ), "load-balance" ( aggregate_load_balance ), "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "neighbor" ( /* BFD neighbor address */ ipaddr /* BFD neighbor address */ ), "local-address" ( /* BFD local address */ ipaddr /* BFD local address */ ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */ ) ), "minimum-links" arg /* Minimum number of aggregated links */, "minimum-bandwidth" ( /* Minimum bandwidth configured for aggregated bundle */ c( "bw-value" arg /* Bandwidth value */, "bw-unit" ( /* Bandwidth unit */ ("bps" | "kbps" | "mbps" | "gbps") ) ) ), "targeted-options" ( /* Targeting specific options */ c( "type" ( /* Targeting type of AE bundle */ ("auto" | "manual") ), c( "logical-interface-fpc-redundancy" /* Enable FPC redundancy for logical interfaces */, "logical-interface-chassis-redundancy" /* Enable CHASSIS redundancy for logical interfaces */ ), "rebalance-periodic" ( c( "start-time" ( /* Start time of the rebalance operation ( Wall clock time ) */ date /* Start time of the rebalance operation ( Wall clock time ) */ ), "interval" arg /* Interval of the rebalance operation in hrs */ ) ), "rebalance-subscriber-granularity" arg /* Max subscriber aggregate weight */ ) ), c( "logical-interface-fpc-redundancy" /* Enable FPC redundancy for logical interfaces */, "logical-interface-chassis-redundancy" /* Enable CHASSIS redundancy for logical interfaces */ ), "rebalance-periodic" ( c( "start-time" ( /* Start time of the rebalance operation ( Wall clock time ) */ date /* Start time of the rebalance operation ( Wall clock time ) */ ), "interval" arg /* Interval of the rebalance operation in hrs */ ) ), "pad-to-minimum-frame-size" /* Pad Tx vlan tagged frame to minimum of 68 bytes */, "link-speed" ( /* Link speed of individual interface that joins the AE */ ("10m" | "100m" | "1g" | "2.5g" | "5g" | "8g" | "10g" | "25g" | "40g" | "50g" | "80g" | "100g" | "400g" | "oc192" | "mixed") ), "local-bias" ( /* Turn on local bias functionality */ c( "disable" /* Disable local-bias */ ) ), "local-minimum-links-threshold" arg /* Specify threshold for minimum links per VC/VCF member */, "resilient-hash" /* Turn on resilient-hash */, "dlb" ( /* Enable DLB on LAG */ c( c( "per-packet" /* Per-packet link assignment */, "assigned-flow" /* Fixed link assignment */, "flowlet" ( /* Inactivity-based link assignment */ c( "inactivity-interval" arg /* Minimum inactivity interval in micro-seconds for link re-assignment */ ) ) ) ) ), "lacp" ( /* Link Aggregation Control Protocol configuration */ c( c( "active" /* Initiate transmission of LACP packets */, "passive" /* Respond to LACP packets */ ), "periodic" ( /* Timer interval for periodic transmission of LACP packets */ ("fast" | "slow") ), "fast-failover" /* To turn off LACP fast-failover */, "link-protection" ( c( "disable" /* To turn off LACP link-protection */, c( "revertive" /* Switch links when better priority link comes up */, "non-revertive" /* Do not switch links when better priority link comes up */ ), "rtg-config" ( /* RTG Feature enable on AE */ c( "preempt-cutover-timer" arg /* RTG preempt-cutover-timer in seconds */ ) ) ) ), "accept-data" /* Keep receiving traffic even when LACP goes down */, "sync-reset" ( /* On minimum-link failure notify out of sync to peer */ ("disable" | "enable") ), "system-priority" arg /* Priority of the system (0 ... 65535) */, "system-id" ( /* Node's System ID, encoded as a MAC address */ mac_addr /* Node's System ID, encoded as a MAC address */ ), "admin-key" arg /* Node's administrative key */, "hold-time" ( /* Hold time for link up and link down for AE link members */ sc( "up" arg /* Link up hold time for the AE link members */ ) ).as(:oneline), "aggregate-wait-time" arg /* Aggregate wait time for the AE */, "force-up" /* Forceup AE interface with LACP */, "no-peer-loopback-validation" /* Skip MCLAG peer loop back validation for LACP PDUs on Forceup AE interface */ ) ), "link-protection-sub-group" arg ( /* Link Protection subgroup configuration */ c( c( "primary" /* Primary subgroup for N:N link-protection mode */, "backup" /* Backup subgroup for N:N link-protection mode */ ) ) ), "ethernet-switch-profile" ( /* Ethernet virtual LAN/media access control-level options */ c( "tag-protocol-id" arg /* IEEE 802.1q Tag Protocol Identifier values for VLAN-tagged frames */, "storm-control" ( /* Storm control profile name to bind */ c( arg /* Profile name */ ) ), "recovery-timeout" ( /* Recovery timeout for this interface */ sc( arg ) ).as(:oneline), "mac-learn-enable" /* Learn MAC addresses dynamically */ ) ), "mc-ae" ( /* Multi-chassis aggregation (MC-AE) network device configuration */ c( "mc-ae-id" arg /* MC-AE group id */, "redundancy-group" arg /* Redundancy group id */, "chassis-id" arg /* Chassis id of MC-AE network device */, "mode" ( /* Mode of the MC-AE */ ("active-standby" | "active-active") ), "status-control" ( /* Status of the MC-AE chassis */ ("active" | "standby") ), "switchover-mode" ( /* Switchover mode */ ("revertive" | "non-revertive") ), "revert-time" arg /* Wait interval before performing switchover */, "init-delay-time" arg /* Init delay timer for mcae sm for min traffic loss */, "recovery-delay-time" arg /* Delay timer for bringing up ICL, ICCP */, "enhanced-convergence" /* Optimized convergence time for mcae */, "events" ( /* MCAE related events */ c( "iccp-peer-down" ( /* Define behavior in the event of ICCP peer down */ c( "force-icl-down" /* Bring down ICL logical interface */, "prefer-status-control-active" /* Keep this node up (recommended only on status-control active) */ ) ) ) ) ) ), "share-standby" /* Share the resources with standby ports, needs FPC reboot to take effect */ ) ), "es-options" ( /* ES PIC interface-specific options */ c( "backup-interface" ( /* Name of backup interface */ interface_device /* Name of backup interface */ ) ) ), "dsl-options" ( /* DSL interface-specific options */ c( "operating-mode" ( /* DSL operating mode */ ("auto" | "ansi-dmt" | "itu-dmt" | "etsi" | "itu-annexb-ur2" | "itu-annexb-non-ur2" | "itu-dmt-bis" | "adsl2plus" | "annexm-itu-dmt-bis" | "annexm-adsl2plus") ) ) ), "vdsl-options" ( /* VDSL interface-specific options */ c( "vdsl-profile" ( /* VDSL profile */ ("auto" | "8a" | "8b" | "8c" | "8d" | "12a" | "12b" | "17a") ), "sra" ( /* DSL SRA */ ("enable" | "disable") ), "v43" ( /* DSL V43 tones */ ("enable" | "disable") ), "sos" /* Enable SOS */ ) ), "dsl-sfp-options" ( /* DSL SFP options */ c( "adsl-options" ( /* ADSL options */ c( "vpi" arg /* Virtual path identifier */, "vci" arg /* Virtual circuit identifier */, "encap" ( /* Encapsulation */ ("bypass" | "llcsnap-bridged-802dot1q" | "llcsnap-routed-ip" | "vc-mux-bridged" | "vc-mux-routed-ip" | "generic") ), "annex" ( /* Annex type */ ("auto" | "annexj-off") ) ) ), "vdsl-options" ( /* VDSL options */ c( "profile" ( /* VDSL profile */ ("auto" | "8a" | "8b" | "8c" | "8d" | "12a" | "12b" | "17a" | "30a") ), "carrier" ( /* Carrier setting */ ("auto" | "a43" | "b43") ) ) ), "gfast-options" ( /* G.fast options */ c( "carrier" ( /* Carrier setting */ ("a43" | "a43c" | "b43" | "b43c") ) ) ) ) ), "shdsl-options" ( /* SHDSL interface-specific options */ c( "annex" ( /* Type of SHDSL annex */ ("annex-a" | "annex-b" | "annex-f" | "annex-g" | "annex-auto") ), "line-rate" ( /* SHDSL line rate */ ("auto" | arg) ), "loopback" ( /* Loopback mode */ ("local" | "remote") ), "snr-margin" ( /* Signal to noise ratio margin */ c( "current" ( /* Current signal to noise ratio margin */ ("disable" | arg) ), "snext" ( /* SNEXT signal to noise ratio margin */ ("disable" | arg) ) ) ) ) ), "data-input" ( /* Configuration for drop-insert data input */ c( c( "system" /* Data sourced from system */, "interface" ( /* Interface that acts as data source */ interface_device /* Interface that acts as data source */ ) ) ) ), "switch-options" ( /* Front end ports configuration */ c( "switch-port" arg ( c( "auto-negotiation" /* Enable auto-negotiation */, "no-auto-negotiation" /* Don't enable auto-negotiation */, "link-mode" ( /* Link operational mode */ ("half-duplex" | "full-duplex") ), "speed" ( /* Link speed */ ("10m" | "100m" | "1g") ), "vlan-id" arg /* VLAN ID for this port */, "cascade-port" /* Port externally connected to another cascade port */ ) ) ) ), "container-options" ( /* Container interface specific options */ c( "container-type" ( /* Protocol type of the container interface */ c( c( "aps" ( /* APS options on the container */ aps_type /* APS options on the container */ ) ) ) ), "member-interface-type" ( /* Link type of members of container */ c( c( "sonet" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("oc3" | "oc12" | "oc48" | "oc192" | "oc768" | "mixed") ) ) ), "atm" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("oc3" | "oc12" | "oc48") ) ) ), "channelized-sonet" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("coc3" | "coc12" | "coc48" | "coc192" | "coc768") ) ) ), "channelized-sdh" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("cstm1" | "cstm4" | "cstm16" | "coc64" | "cstm256") ) ) ) ) ) ), "redundancy" ( /* Container interface redundancy options */ c( "hold-time" ( /* Hold time for link up and link down */ sc( "up" arg /* Link up hold time */, "down" arg /* Link down hold time */ ) ).as(:oneline) ) ), "container-list" ( /* List of container interfaces this member link is associated to */ interface_device /* List of container interfaces this member link is associated to */ ), c( "primary" /* This member link is primary interface of the container */, "standby" /* This member link is standby interface of the container */ ), "fast-aps" /* Fast APS switch */, "allow-configuration-override" /* Allow physical configuration of member link to override container configuration */ ) ), "layer2-policer" ( /* Layer2 policing for interface */ c( c( "input-policer" arg /* Two-color policer for received packets */, "input-hierarchical-policer" arg /* Hierarchical policer for received packets */ ) ) ), "unit" enum(("$junos-underlying-interface-unit" | "$junos-interface-unit" | arg)) ( /* Logical interface */ c( "policer-overhead" ( /* Policer overhead adjustment for this unit */ c( arg, "ingress" arg /* Ingress value in bytes */, "egress" arg /* Egress value in bytes */ ) ), "alias" arg /* Interface alias */, "enhanced-convergence" /* Optimize convergence time for L3 */, "proxy-macip-advertisement" /* Proxy advertisement of type 2 MAC+IP route for EVPN */, "virtual-gateway-accept-data" /* Accept packets destined for virtual gateway address */, "peer-psd" ( /* Peer psd */ sc( arg /* Peer psd name */ ) ).as(:oneline), "peer-interface" ( /* Peer interface */ c( interface_unit /* Peer interface name */ ) ), "interface-shared-with" ( /* Specify which PSD owns this logical interface */ c( arg /* Name of protected system domain (psd[1-31], ex. psd2) */ ) ), ("disable"), "passive-monitor-mode" /* Use interface to tap packets from another router */, "per-session-scheduler" /* Enable per-session queuing on an IQ2 interface */, "account-layer2-overhead" ( /* Account layer2 overhead in IFL byte statistics */ c( arg, "ingress" arg /* Layer2 overhead bytes to be accounted in ingress */, "egress" arg /* Layer2 overhead bytes to be accounted in egress */ ) ), "forwarding-class-accounting" ( /* Configure Forwarding-class-accounting parameters for IFL */ c( "direction" ( /* Direction of the traffic to be accounted for IFL */ ("ingress" | "egress" | "both") ), "enhanced" ( c( "traffic-type" ( /* Traffic-type to be accounted for forwarding-class-accounting for IFL */ ("unicast-statistics" | "multicast-statistics") ), "family" ( /* Protocol traffic to be accounted for forwarding-class-accounting for IFL */ ("inet" | "inet6" | "both") ), "direction" ( /* Direction of the traffic to be accounted for forwarding-class-accounting for IFL */ ("ingress" | "egress" | "both") ), "overhead-bytes" arg /* Per octet overhead bytes to be accounted for forwarding-class-accounting for IFL */ ) ) ) ), "clear-dont-fragment-bit" /* Clear DF bit in packet (AS PIC and J-series only as well as MIF) */, "packet-inject-enable" /* Enable packet inject functionality on this IFL */, "reassemble-packets" /* Do reassembly of fragmented tunnel packets */, "services-options" /* Services interface-specific options */, "rpm" ( /* Enable RPM service on this interface */ c( c( c( "client" /* Client mode */, "server" /* Server mode */, "client-delegate-probes" /* Client delegate probe mode */ ), "twamp-server" /* Set TWAMP server mode on this interface */, "twamp-client" /* Set TWAMP client mode on this interface */ ) ) ), "description" arg /* Text description of interface */, "metadata" arg /* Text metadata attached to interface */, "dial-options" ( /* Dial options */ c( c( "l2tp-interface-id" arg /* Identifier for group of PPP sessions */, "ipsec-interface-id" arg /* Identifier for group of dynamic peers */ ), c( "dedicated" /* Use this unit for only one PPP/IPSec session */, "shared" /* Share this unit for multiple PPP/IPSec sessions */ ) ) ), "actual-transit-statistics" /* Actual transit statistics */, "demux-source" ( enum(("inet" | "inet6")) ), "demux-destination" ( enum(("inet" | "inet6")) ), "demux" ( /* Demux based on source or destination address */ c( "inet" ( /* Family inet */ c( "address" ( /* Address type */ ("source" | "destination") ), "auto-configure" ( /* Auto configuration */ dynamic_ipv4_type /* Auto configuration */ ) ) ), "inet6" ( /* Family inet6 */ c( "address" ( /* Address type */ ("source" | "destination") ), "auto-configure" ( /* Auto configuration */ dynamic_ipv6_type /* Auto configuration */ ) ) ) ) ), "encapsulation" ( /* Logical link-layer encapsulation */ ("atm-nlpid" | "atm-cisco-nlpid" | "atm-snap" | "atm-vc-mux" | "atm-ccc-vc-mux" | "atm-tcc-vc-mux" | "atm-tcc-snap" | "atm-ccc-cell-relay" | "vlan-vci-ccc" | "ether-over-atm-llc" | "ether-vpls-over-atm-llc" | "ppp-over-ether-over-atm-llc" | "ppp-over-ether" | "atm-ppp-vc-mux" | "atm-ppp-llc" | "atm-mlppp-llc" | "frame-relay-ppp" | "frame-relay-ccc" | "frame-relay" | "frame-relay-tcc" | "frame-relay-ether-type" | "frame-relay-ether-type-tcc" | "ether-vpls-fr" | "vlan-ccc" | "ethernet-ccc" | "vlan-vpls" | "vlan-bridge" | "ethernet-tcc" | "dix" | "ethernet" | "ethernet-vpls" | "ethernet-bridge" | "vlan" | "vlan-tcc" | "multilink-ppp" | "multilink-frame-relay-end-to-end" | "ppp-ccc") ), "gre" /* Allow GRE packets */, "mtu" arg /* Maximum transmission unit packet size */, c( "point-to-point" /* Point-to-point connection */, "multipoint" /* Multipoint connection */ ), "bandwidth" arg /* Logical unit bandwidth (informational only) */, "global-layer2-domainid" arg /* Global Layer-2 Identifier for this interface */, "radio-router" ( /* Parameters for dynamic link cost management */ dynamic_ifbw_parms_type /* Parameters for dynamic link cost management */ ), "traps" /* Enable SNMP notifications on state changes */, "no-traps" /* Don't enable SNMP notifications on state changes */, "routing-services" /* Enable routing services */, "no-routing-services" /* Don't enable routing services */, "routing-service" ( /* Routing Services on this interface */ c( ("enable" | "disable") ) ), "arp-resp" ( /* Knob to control ARP response on the interface, default is restricted */ sc( c( "unrestricted" /* Enable unrestricted ARP respone on the interface */, "restricted" /* Enable restricted proxy ARP response on the interface */ ) ) ).as(:oneline), "proxy-arp" ( /* Enable proxy ARP on the interface, default is unrestricted */ sc( c( "unrestricted" /* Enable unrestricted proxy ARP on the interface */, "restricted" /* Enable restricted proxy ARP on the interface */ ) ) ).as(:oneline), c( "vlan-id" ( /* Virtual LAN identifier value for 802.1q VLAN tags */ ("none" | arg) ), "vlan-id-range" arg /* Virtual LAN identifier range of form vid1-vid2 */, "inner-vlan-id-swap-ranges" arg /* Inner vlan-id swap range(s) of form vid1-vid2 for dynamic L2 VLANs */, "vlan-id-list" arg /* List of VLAN identifiers */, "vlan-tag" arg /* IEEE 802.1q tag list for VLAN tagged frames */, "vlan-tags" ( /* IEEE 802.1q tags */ sc( "outer" ( /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */ ("$junos-stacked-vlan-id" | "$junos-vlan-id" | arg) ), c( "inner" ( /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */ ("$junos-vlan-id" | arg) ), "inner-range" arg /* [tpid.]vid1-vid2, tpid format is 0xNNNN and is optional */, "inner-list" arg /* List of VLAN identifiers */ ) ) ).as(:oneline) ), "deep-vlan-qualified-learning" arg /* Enable qualified MAC-address learning on the specified vlan tag */, "native-inner-vlan-id" arg /* Native virtual LAN identifier for singly tagged frames */, "inner-vlan-id-range" ( /* Inner vlan-id range start end */ sc( "start" arg /* Inner vlan-id range's start value */, "end" arg /* Inner vlan-id range's end value */ ) ).as(:oneline), "accept-source-mac" ( /* Remote media access control address to/from which to accept traffic */ c( "mac-address" ( /* Remote MAC address */ mac_list /* Remote MAC address */ ) ) ), "input-vlan-map" ( /* VLAN map operation on input */ vlan_map /* VLAN map operation on input */ ), "output-vlan-map" ( /* VLAN map operation on output */ vlan_map /* VLAN map operation on output */ ), "swap-by-poppush" /* Pop original vlan tag and then push a new vlan tag */, "receive-lsp" arg /* Name of incoming label-switched path */, "transmit-lsp" arg /* Name of outgoing label-switched path */, "dlci" arg /* Frame Relay data-link control identifier */, "multicast-dlci" arg /* Frame Relay data-link control identifier for multicast packets */, c( "vci" ( /* ATM point-to-point virtual circuit identifier ([vpi.]vci) */ atm_vci /* ATM point-to-point virtual circuit identifier ([vpi.]vci) */ ), "allow-any-vci" /* Allow all VCIs to open in atm-ccc-cell-relay mode */, "vpi" arg /* ATM point-to-point virtual path identifier (vpi) */, "trunk-id" arg /* ATM trunk identifier */ ), "no-vpivci-swapping" /* Do not swap VPI/VCI for Cell Relay */, c( "psn-vci" ( /* PSN VCI */ atm_vci /* PSN VCI */ ), "psn-vpi" arg /* PSN VPI */ ), "atm-l2circuit-mode" ( /* Select ATM Layer 2 circuit transport mode */ sc( c( "cell" /* ATM Layer 2 circuit cell mode */, "aal5" /* ATM Layer 2 circuit AAL5 mode */ ) ) ).as(:oneline), "vci-range" ( /* ATM VCI range start end */ sc( "start" arg /* ATM VCI range's start value */, "end" arg /* ATM VCI range's end value */ ) ).as(:oneline), "trunk-bandwidth" arg /* ATM trunk bandwidth */, "multicast-vci" ( /* ATM virtual circuit identifier for multicast packets */ atm_vci /* ATM virtual circuit identifier for multicast packets */ ), "shaping" ( /* Virtual circuit traffic-shaping options */ dcd_shaping_config /* Virtual circuit traffic-shaping options */ ), "oam-period" ( /* OAM cell period */ sc( c( arg, "disable" /* Disable F5 OAM loopback */.as(:oneline) ) ) ).as(:oneline), "oam-liveness" ( /* OAM virtual circuit liveness parameters */ c( "up-count" arg /* Number of OAM cells to consider VC up */, "down-count" arg /* Number of OAM cells to consider VC down */ ) ), "ppp-options" ( /* Point-to-Point Protocol interface-specific options */ ppp_options_type /* Point-to-Point Protocol interface-specific options */ ), "pppoe-options" ( /* PPP over Ethernet interface-specific options */ pppoe_options_type /* PPP over Ethernet interface-specific options */ ), "pppoe-underlying-options" ( /* PPP over Ethernet underlying interface-specific options */ pppoe_underlying_options_type /* PPP over Ethernet underlying interface-specific options */ ), "advisory-options" ( /* Interface-specific recommendations */ advisory_options_type /* Interface-specific recommendations */ ), "auto-configure" ( /* Auto configuration */ auto_configure_vlan_type /* Auto configuration */ ), "demux-options" ( /* IP demux interface-specific options */ demux_options_type /* IP demux interface-specific options */ ), "targeted-distribution" ( /* Interface participates in targeted-distribution */ c( "primary-list" arg /* Primary targeted distribution list */, "backup-list" arg /* Backup targeted distribution list */, "standby-list" arg /* Standby targeted distribution list */ ) ), "targeted-options" ( /* Targeting specific options */ c( "weight" ( /* Targeting weight for subscriber */ ("$junos-interface-target-weight" | arg) ), "primary" ( /* Primary link for the subscriber */ interface_device /* Primary link for the subscriber */ ), "backup" ( /* Backup link for the subscriber */ interface_device /* Backup link for the subscriber */ ), "group" arg /* Group name to which the subscriber is associated */ ) ), c( "keepalives" ( /* Send or demand keepalive messages */ keepalives_type /* Send or demand keepalive messages */ ).as(:oneline), "no-keepalives" /* Do not send or demand keepalive messages */ ), "inverse-arp" /* Enable inverse ARP */, "transmit-weight" arg /* ATM2 transmit weight for VC under VP tunnel */, "epd-threshold" ( /* Early packet discard threshold for ATM2 */ epd_threshold_config /* Early packet discard threshold for ATM2 */ ).as(:oneline), "cell-bundle-size" arg /* L2 circuit cell bundle size */, "cell-bundle-timeout" arg /* L2 circuit cell bundle timeout */, "plp-to-clp" /* Enable ATM2 PLP to CLP copy */, "atm-scheduler-map" arg /* Assign ATM2 CoS scheduling map */, "mrru" arg /* Maximum received reconstructed unit */, "short-sequence" /* Short sequence number header format (MLPPP only) */, "fragment-threshold" arg /* Fragmentation threshold */, "drop-timeout" arg /* Drop timeout */, "disable-mlppp-inner-ppp-pfc" /* Disable compression for inner PPP header in MLPPP payload */, "minimum-links" arg /* Minimum number of links to sustain the bundle */, "multilink-max-classes" arg /* Number of multilink classes */, "compression" ( /* Various packet header compressions */ c( "rtp" ( /* Compress and decompress RTP */ c( "f-max-period" arg /* Maximum number of compressed packets between transmission of full headers */, "queues" ( /* Queue holding RTP packets. Default is queue 1 */ ("q0" | "q1" | "q2" | "q3") ), "port" ( /* UDP destination ports reserved for RTP packets */ sc( "minimum" arg, "maximum" arg ) ).as(:oneline), "maximum-contexts" ( /* Maximum number of simultaneous RTP contexts */ sc( arg ) ).as(:oneline) ) ) ) ), "interleave-fragments" /* Interleave long packets with high priority ones */, "link-layer-overhead" ( /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ unsigned_float /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ ), "accounting-profile" arg /* Accounting profile name */, "peer-unit" arg /* Peer unit number */, "tunnel" ( /* Tunnel parameters */ c( "encapsulation" ( /* Encapsulation over tunnel */ c( "vxlan-gpe" ( c( "source" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ), "mac-address" ( /* Interface source mac address */ mac_addr /* Interface source mac address */ ), "interface" ( /* Name of the interface */ interface_name /* Name of the interface */ ) ) ), "destination" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ), "mac-address" ( /* Interface destination mac address */ mac_addr /* Interface destination mac address */ ) ) ), "tunnel-endpoint" ( /* Tunnel end point type */ ("vxlan") ), "destination-udp-port" arg /* Value to write to the destination-udp-port field */, "vni" arg /* Value to write to the vni field */ ) ), "udp" ( /* Family for tunnel encapsulation udp */ c( "source" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ), "interface" ( /* Name of the interface */ interface_name /* Name of the interface */ ) ) ), "destination" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ) ) ) ) ), "ipip" ( /* Family for tunnel encapsulation ipip */ c( "source" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ), "interface" ( /* Name of the interface */ interface_name /* Name of the interface */ ) ) ), "destination" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ) ) ) ) ) ) ), "source" ( /* Tunnel source */ ipaddr /* Tunnel source */ ), "destination" ( /* Tunnel destination */ ipaddr /* Tunnel destination */ ), "key" arg /* Tunnel key */, "backup-destination" ( /* Backup tunnel destination */ ipaddr /* Backup tunnel destination */ ), c( "allow-fragmentation" /* Do not set DF bit on packets */, "do-not-fragment" /* Set DF bit on packets */ ), "ttl" arg /* Time to live */, "traffic-class" arg /* TOS/Traffic class field of IP-header */, "flow-label" arg /* Flow label field of IP6-header */, "path-mtu-discovery" /* Enable path MTU discovery for tunnels */, "no-path-mtu-discovery" /* Don't enable path MTU discovery for tunnels */, "routing-instance" ( /* Routing instance to which tunnel ends belong */ c( "destination" arg /* Routing instance of tunnel destination */ ) ) ) ), "compression-device" ( /* Logical interface used for compression */ interface_unit /* Logical interface used for compression */ ), "atm-policer" ( /* ATM policing for logical interface */ c( "input-atm-policer" arg /* Input atm policer */ ) ), "layer2-policer" ( /* Layer2 policing for logical interface */ c( c( "input-policer" arg /* Two-color policer for received packets */, "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "input-three-color" arg /* Color-blind three-color policer for received packets */ ), c( "output-policer" ( /* Two-color policer for transmitted packets */ ("$junos-layer2-output-policer" | arg) ), "output-three-color" ( /* Three-color policer for transmitted packets */ ("$junos-layer2-output-policer" | arg) ) ) ) ), "filter" ( /* Filters to apply to all families configured under this logical interface */ c( c( "input" ( /* Name of filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline) ), c( "output" ( /* Name of filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline) ) ) ), "multi-chassis-protection" ( /* Inter-Chassis protection configuration */ multi_chassis_protection_group_ifl /* Inter-Chassis protection configuration */ ), "statistics" /* Enable statistics collection in PFE */, "esi" ( /* ESI configuration of logical interface */ c( "auto-derive" ( /* Auto-derive ESI value for the interface */ c( c( "lacp" /* Auto-derive ESI from lacp */ ) ) ), esi /* ESI value for the interface */, c( "single-active" /* Single-active mode */, "all-active" /* All-active mode */ ), "df-election-granularity" ( /* DF Election Granularity Selection */ c( c( "per-esi" ( /* DF Election Granularity Per Esi */ c( "lacp-oos-on-ndf" /* Lacp Oos */ ) ), "per-esi-vlan" /* Per Esi Vlan */ ) ) ), "df-election-type" ( /* DF Election Type */ c( c( "preference" ( /* Preference based DF election */ c( "value" arg /* Preference value for EVPN Multihoming DF election */ ) ) ), c( "mod" /* MOD based DF election */ ) ) ), "source-bmac" ( /* Unicast Source B-MAC address per ESI for PBB-EVPN */ mac_unicast /* Unicast Source B-MAC address per ESI for PBB-EVPN */ ) ) ), c( "no-auto-virtual-gateway-esi" /* Disable auto ESI generation for virtual gateway address */, "virtual-gateway-esi" ( /* ESI configuration of virtual gateway */ c( esi /* ESI value for the interface */, c( "single-active" /* Single-active mode */, "all-active" /* All-active mode */ ) ) ) ), "service" ( /* Service operations */ c( "pcef" arg ( /* PCEF configuration */ c( "activate-all" /* Activate all rules and rulebases in the pcef profile */, "activate" arg /* Name of pcef profile rule or rulebase to activate */ ) ) ) ), "generate-eui64" /* To generate Link Local EUI-64 addresses */, "no-generate-eui64" /* Don't to generate Link Local EUI-64 addresses */, "family" ( /* Protocol family */ c( "inet" ( /* IPv4 parameters */ c( "dhcp" ( /* Dynamic Host Configuration Protocol client configuration */ dhcp_client_type /* Dynamic Host Configuration Protocol client configuration */ ), "targeted-broadcast" ( /* Directed broadcast */ c( c( "forward-and-send-to-re" /* Allow packets to be forwarded and sent to re */, "forward-only" /* Allow packets only to be forwarded */ ) ) ), "destination-class-usage" /* Enable destination class usage on this interface */, "transit-options-packets" /* Transit IP options packets (don't send to Routing Engine) */, "transit-ttl-exceeded" /* Transit IP TTL-exceeded packets (don't send to Routing Engine) */, "receive-options-packets" /* Receive IP options packets (don't send to Routing Engine) */, "receive-ttl-exceeded" /* Receive IP TTL-exceeded packets (don't send to Routing Engine) */, "accounting" ( /* Configure interface-based accounting options */ c( "source-class-usage" ( /* Enable source class usage on this interface */ c( "input" /* Specify this interface for source-class-usage input */, "output" /* Specify this interface for source-class-usage output */ ) ), "destination-class-usage" /* Enable destination class usage on this interface */ ) ), "mac-validate" ( /* Validate source MAC address */ ("strict" | "loose") ), "rpf-check" ( /* Enable reverse-path-forwarding checks on this interface */ c( "fail-filter" arg /* Name of filter applied to packets failing RPF check */, "mode" ( /* Mode for reverse path forwarding */ sc( "loose" /* Reverse-path-forwarding loose mode */ ) ).as(:oneline) ) ), "mtu" arg /* Protocol family maximum transmission unit */, "arp-max-cache" arg /* Max interface ARP nexthop cache size */, "arp-new-hold-limit" arg /* Max no. of new unresolved nexthops */, "tcp-mss" arg /* Protocol family tcp maximum segment size */, "no-redirects" /* Do not redirect traffic */, "no-neighbor-learn" /* Disable neighbor address learning on interface */, "unconditional-src-learn" /* Glean from arp packets even when source cannot be validated */, "multicast-only" /* Allow only multicast traffic (tunnels only) */, "primary" /* Candidate for primary interface in system */, "ipsec-sa" arg /* Name of security association */, "allow-filter-on-re" /* Enable kernel filter on network ports */, "demux-source" ("$junos-subscriber-ip-address" | arg) /* Demux based on source prefix */, "demux-destination" ("$junos-subscriber-ip-address" | arg) /* Demux based on destination prefix */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, "output-chain" arg /* List of filter modules applied to transmitted packets */, c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "iq-policing-filter" ( /* Protocol family ingress-queuing-policing-filter */ sc( arg /* Name of the ingress-queuing-policing-filter */ ) ).as(:oneline), "simple-filter" ( /* Filter for doing multifield classification */ c( "input" arg /* Name of simple filter applied to received packets */ ) ), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "arp" arg /* Name of policer applied to received ARP packets */, "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ), "service" ( /* Service operations */ c( "input" ( /* Service sets to consider for received packets */ c( "service-set" arg ( /* Service set to consider for received packets */ c( "service-filter" arg /* Name of service filter */ ) ), "post-service-filter" arg /* Post-service filter to apply to received packets */ ) ), "output" ( /* Service sets to consider for transmitted packets */ c( "service-set" arg ( /* Service set to consider for transmitted packets */ c( "service-filter" arg /* Name of service filter */ ) ) ) ) ) ), "next-hop-tunnel" arg ( /* One or more next-hop tunnel tables */ c( "ipsec-vpn" arg /* Name of IPSec VPN */ ) ), "tunnel-termination" /* Tunnel termination */, "address" arg ( /* Interface address/destination prefix */ c( "destination" ( /* Destination address */ ipv4addr /* Destination address */ ), "destination-profile" arg /* Profile to use for destination address */, "broadcast" ( /* Broadcast address */ ipv4addr /* Broadcast address */ ), "primary" /* Candidate for primary address in system */, "preferred" /* Preferred address on interface */, "master-only" /* Master management IP address for router */, "multipoint-destination" arg ( /* Multipoint NBMA destination */ c( c( "dlci" arg /* Frame Relay data-link control identifier */, "vci" ( /* ATM virtual circuit identifier ([vpi.]vci) */ atm_vci /* ATM virtual circuit identifier ([vpi.]vci) */ ) ), "shaping" ( /* Virtual circuit traffic-shaping options */ dcd_shaping_config /* Virtual circuit traffic-shaping options */ ), "oam-period" ( /* OAM cell period */ sc( c( arg, "disable" /* Disable OAM loopback */.as(:oneline) ) ) ).as(:oneline), "oam-liveness" ( /* OAM virtual circuit liveness parameters */ c( "up-count" arg /* Number of OAM cells to consider VC up */, "down-count" arg /* Number of OAM cells to consider VC down */ ) ), "inverse-arp" /* Enable inverse ARP reply messages */, "transmit-weight" arg /* ATM2 transmit weight for VC under VP tunnel */, "epd-threshold" ( /* Early packet discard threshold for ATM2 */ epd_threshold_config /* Early packet discard threshold for ATM2 */ ).as(:oneline) ) ), "arp" arg ( /* Static Address Resolution Protocol entries */ sc( "l2-interface" ( /* Layer 2 interface name for ARP entry */ interface_name /* Layer 2 interface name for ARP entry */ ), c( "mac" ( /* MAC address */ mac_unicast /* MAC address */ ), "multicast-mac" ( /* Multicast MAC address */ mac_multicast /* Multicast MAC address */ ) ), "publish" /* Reply to ARP requests for this entry */ ) ).as(:oneline), "host-discovery" arg ( /* Discover servers IP based on subnet range */ sc( "aging-timer" arg /* ARP aging timer */, "discovery-interval" arg /* ARP proactive discovery time */ ) ).as(:oneline), "web-authentication" ( /* Parameters for web-based firewall-user authentication */ c( "http" /* Enable authentication via HTTP */, "https" /* Enable authentication via HTTPS */, "redirect-to-https" /* Web authentication redirect to HTTPS */ ) ), "vrrp-group" ( /* VRRP group */ vrrp_group /* VRRP group */ ), "virtual-gateway-address" ( /* Virtual Gateway IP address */ ipv4addr /* Virtual Gateway IP address */ ) ) ), "unnumbered-address" ( /* Unnumbered interface address/destination prefix */ sc( interface_unit /* Interface from which to take local address */, "preferred-source-address" ( /* Preferred address on the donor interface */ ("$junos-preferred-source-address" | arg) ), "destination" ( /* Destination address */ ipv4addr /* Destination address */ ), "destination-profile" arg /* Profile to use for destination address */ ) ).as(:oneline), "location-pool-address" ( /* Location-based IP address pool */ c( arg ) ), "negotiate-address" /* Negotiate address with remote */, "destination-udp-port" arg /* Choose destination UDP port number */ ) ), "iso" ( /* OSI ISO protocol parameters */ c( "address" arg /* Interface address */, "mtu" arg /* Protocol family maximum transmission unit */, "destination-udp-port" arg /* Choose destination UDP port number */ ) ), "inet6" ( /* IPv6 protocol parameters */ c( "dhcpv6-client" ( /* Dynamic Host Configuration Protocol DHCPv6 client configuration */ c( "client-type" ( /* DHCPv6 client type */ ("stateful" | "autoconfig") ), "client-ia-type" enum(("ia-na" | "ia-pd")) /* DHCPv6 client identity association type */, "rapid-commit" /* Option is used to signal the use of the two message exchange for address assignment */, "prefix-delegating" ( /* Prefix delegating parameters */ c( "preferred-prefix-length" arg /* Client preferred prefix length */, "sub-prefix-length" arg /* The sub prefix length for LAN interfaces */ ) ), "client-identifier" ( /* DHCP Server identifies a client by client-identifier value */ sc( "duid-type" ( /* DUID identifying a client */ ("duid-llt" | "vendor" | "duid-ll") ) ) ).as(:oneline), "vendor-id" arg /* Vendor class id for the dhcpv6 client */, "req-option" enum(("dns-server" | "domain" | "ntp-server" | "time-zone" | "sip-server" | "sip-domain" | "nis-server" | "nis-domain" | "fqdn" | "vendor-spec" | "zero-touch-redirect" | "bootfile-url" | "bootfile-param")) /* DHCPV6 client requested option configuration */, "options" ( /* DHCP options */ c( "number" arg ( /* DHCP option code */ sc( c( "hex-string" arg /* Hexadecimal string */ ) ) ).as(:oneline) ) ), "retransmission-attempt" arg /* Number of attempts to retransmit the DHCPV6 client protocol packet */, "no-dns-install" /* Not propagate DNS to kernel */, "update-router-advertisement" ( /* Dhcpv6 client update rpd for prefix delegation */ c( "interface" arg ( /* Interfaces on which to delegate prefix */ c( "managed-configuration" /* Set managed address configuration */, "no-managed-configuration" /* Don't set managed address configuration */, "other-stateful-configuration" /* Set other stateful configuration */, "no-other-stateful-configuration" /* Don't set other stateful configuration */, "max-advertisement-interval" arg /* Maximum advertisement interval */, "min-advertisement-interval" arg /* Minimum advertisement interval */, "enable-recursive-dns-server-option" /* Enables the recursive DNS server option */, "no-enable-recursive-dns-server-option" /* Don't enables the recursive DNS server option */ ) ) ) ), "update-server" /* Propagate TCP/IP settings to DHCP server */ ) ), "rpf-check" ( /* Enable reverse-path-forwarding checks on this interface */ c( "fail-filter" arg /* Name of filter applied to packets failing RPF check */, "mode" ( /* Mode for reverse path forwarding */ sc( "loose" /* Reverse-path-forwarding loose mode */ ) ).as(:oneline) ) ), "accounting" ( /* Interface-based accounting options */ c( "source-class-usage" ( c( "input" /* Interface for source-class-usage input */, "output" /* Interface for source-class-usage output */ ) ), "destination-class-usage" /* Enable destination class usage on this interface */ ) ), "mtu" arg /* Protocol family maximum transmission unit */, "tcp-mss" arg /* Protocol family tcp maximum segment size */, "nd6-stale-time" arg /* Stale time to reconfirm reachability with inet6 neighbour */, "no-neighbor-learn" /* Disable neighbor address learning on interface */, "slaac-enable" /* Enable slaac on management interface */, "ndp-proxy" ( /* Enable ndp proxy on interface */ c( "interface-restricted" /* Enable ndp interface proxy restricted to interface */ ) ), "dad-proxy" ( /* DAD proxy on interface */ c( "interface-restricted" /* Enable DAD interface proxy restricted to interface */ ) ), "nd6-max-cache" arg /* Max interface ND nexthop cache size */, "nd6-new-hold-limit" arg /* Max no. of new unresolved nexthops */, "no-redirects" /* Do not redirect traffic */, "allow-filter-on-re" /* Enable kernel filter on network ports */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, "output-chain" arg /* List of filter modules applied to transmitted packets */, "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ), "service" ( /* Service operations */ c( "input" ( /* Service sets to consider for received packets */ c( "service-set" arg ( /* Service set to consider for received packets */ c( "service-filter" arg /* Name of service filter */ ) ), "post-service-filter" arg /* Post-service filter to apply to received packets */ ) ), "output" ( /* Service sets to consider for transmitted packets */ c( "service-set" arg ( /* Service set to consider for transmitted packets */ c( "service-filter" arg /* Name of service filter */ ) ) ) ) ) ), "tunnel-termination" /* Tunnel termination */, "address" arg ( /* Interface address or destination prefix */ c( "destination" ( /* Destination address */ ipv6addr /* Destination address */ ), "eui-64" /* Generate EUI-64 interface ID */, "primary" /* Candidate for primary address in system */, "preferred" /* Preferred address on interface */, "master-only" /* Master management IP address for router */, "ndp" arg ( /* Static Neighbor Discovery Protocol entries */ sc( "l2-interface" ( /* Layer 2 interface name for NDP entry */ interface_name /* Layer 2 interface name for NDP entry */ ), c( "mac" ( /* MAC address */ mac_unicast /* MAC address */ ), "multicast-mac" ( /* Multicast MAC address */ mac_multicast /* Multicast MAC address */ ) ), "publish" /* Reply to NDP requests for this entry */ ) ).as(:oneline), "vrrp-inet6-group" ( /* VRRP group */ vrrp_group /* VRRP group */ ), "web-authentication" ( /* Parameters for web-based firewall-user authentication */ c( "http" /* Enable authentication via HTTP */, "https" /* Enable authentication via HTTPS */, "redirect-to-https" /* Web authentication redirect to HTTPS */ ) ), "virtual-gateway-address" ( /* Virtual Gateway IP address */ ipv6addr /* Virtual Gateway IP address */ ), "subnet-router-anycast" /* Create a subnet roter anycast address for this address. */ ) ), "demux-source" ("$junos-subscriber-ipv6-address" | arg | "$junos-subscriber-ipv6-multi-address") /* Demux based on source prefix */, "demux-destination" ("$junos-subscriber-ipv6-address" | arg) /* Demux based on destination prefix */, "unnumbered-address" ( /* Unnumbered interface address/destination prefix */ sc( interface_unit /* Interface from which to take local address */, "preferred-source-address" ( /* Preferred address on the donor interface */ ("$junos-preferred-source-ipv6-address" | arg) ) ) ).as(:oneline), "dad-disable" /* Disable duplicate-address-detection */, "no-dad-disable" /* Don't disable duplicate-address-detection */, "destination-udp-port" arg /* Choose destination UDP port number */ ) ), "mpls" ( /* MPLS protocol parameters */ c( "mtu" arg /* Protocol family maximum transmission unit */, "maximum-labels" arg /* Protocol family maximum number of labels */, "filter" ( /* Packet filtering */ c( c( "input" arg /* Name of filter applied to received packets */, "input-list" arg /* List of filter modules applied to received packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, c( "output" arg /* Name of filter applied to transmitted packets */, "output-list" arg /* List of filter modules applied to transmitted packets */ ), "output-chain" arg /* List of filter modules applied to transmitted packets */, "group" arg /* Interface group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "destination-udp-port" arg /* Choose destination UDP port number */ ) ), "mlppp" ( /* Multilink PPP protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ ("$junos-bundle-interface-name" | arg) ), c( "service-interface" ( /* Services interface to use */ interface_device /* Services interface to use */ ), "service-device-pool" arg /* Service interface pool name to use */ ), "dynamic-profile" arg /* dynamic profile for interface to use */ ) ), "mlfr-end-to-end" ( /* Multilink Frame Relay end-to-end protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ interface_unit /* Logical interface name this link will join */ ) ) ), "mlfr-uni-nni" ( /* Multilink Frame Relay UNI NNI protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ interface_unit /* Logical interface name this link will join */ ) ) ), "ccc" ( /* Circuit cross-connect parameters */ c( "mtu" arg /* Protocol family maximum transmission unit */, "filter" ( /* Packet filtering */ c( c( "input" arg /* Name of filter applied to received packets */, "input-list" arg /* List of filter modules applied to received packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, c( "output" arg /* Name of filter applied to transmitted packets */, "output-list" arg /* List of filter modules applied to transmitted packets */ ), "output-chain" arg /* List of filter modules applied to transmitted packets */, "group" arg /* Interface group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "translate-fecn-and-becn" /* Translate FECN and BECN bits */, c( "translate-discard-eligible" /* Translate DE bit */, "translate-plp-control-word-de" /* Translate PLP to/from Martini Control DE bit */ ), "keep-address-and-control" /* Don't strip PPP address and control bytes */ ) ), "tcc" ( /* Translational cross-connect parameters */ c( "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "proxy" ( c( "inet-address" ( /* Remote host address on non-Ethernet side of Ethernet TCC */ ipv4addr /* Remote host address on non-Ethernet side of Ethernet TCC */ ) ) ), "remote" ( c( "inet-address" ( /* Remote host address on Ethernet side of Ethernet TCC */ ipv4addr /* Remote host address on Ethernet side of Ethernet TCC */ ), "mac-address" ( /* Remote host MAC address on Ethernet side of Ethernet TCC */ mac_addr /* Remote host MAC address on Ethernet side of Ethernet TCC */ ) ) ), "protocols" ( /* Protocols supported on TCC interface */ ("mpls" | "inet" | "iso" | "inet6") ) ) ), "vpls" ( /* Virtual private LAN service parameters */ c( "core-facing" /* Interface is core facing */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, "output-chain" arg /* List of filter modules applied to transmitted packets */, c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "iq-policing-filter" ( /* Protocol family ingress-queuing-policing-filter */ sc( arg /* Name of the ingress-queuing-policing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ) ) ), "bridge" ( /* Layer-2 bridging parameters */ c( "core-facing" /* Interface is core facing */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, "output-chain" arg /* List of filter modules applied to transmitted packets */, c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "iq-policing-filter" ( /* Protocol family ingress-queuing-policing-filter */ sc( arg /* Name of the ingress-queuing-policing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "interface-mode" ( /* Interface mode (access or trunk) */ ("access" | "trunk") ), "vlan-auto-sense" /* Enable VLAN auto sense on this interface */, "bridge-domain-type" ( /* Bridge domain type (svlan or bvlan) */ ("svlan" | "bvlan") ), "inter-switch-link" /* PVLAN inter switch link */, c( "vlan-id" arg /* Access mode and trunk mode VLAN membership */, "vlan-id-list" arg /* Trunk mode VLAN membership for this interface */, "inner-vlan-id-list" arg /* Trunk mode VLAN membership for this interface based on inner VLAN tag */ ), "vlan-rewrite" ( /* Specify vlan translation */ c( "translate" arg ( /* Translate incoming VLAN tag */ sc( arg ) ).as(:oneline) ) ), c( "isid-list" ( /* Specify the ISID list */ ("all-service-groups" | "all") ) ), "storm-control" ( /* Storm control profile name to bind */ c( arg /* Profile name */ ) ), "recovery-timeout" ( /* Recovery timeout for this interface */ sc( arg ) ).as(:oneline), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ) ) ), "ethernet-switching" ( /* Ethernet switching parameters */ ethernet_switching_type /* Ethernet switching parameters */ ), "fibre-channel" ( /* Fibre channel switching parameters */ fibre_channel_type /* Fibre channel switching parameters */ ), "pppoe" ( /* PPP over Ethernet underlying interface-specific options */ pppoe_underlying_options_type /* PPP over Ethernet underlying interface-specific options */ ), "any" ( /* Parameters for 'any' family */ c( "filter" ( /* Layer 2 packet filtering */ c( "input" arg /* Name of filter applied to received packets */, "group" arg /* Group to which interface belongs */ ) ) ) ) ) ), "service-domain" ( /* Service domain to which interface belongs */ ("inside" | "outside") ), "copy-tos-to-outer-ip-header" /* Copy IP payload header's ToS field to GRE delivery header */, "copy-tos-to-outer-ip-header-transit" /* Copy IP ToS field to GRE header for transit packets */, "force-control-packets-on-transit-path" /* Force control packets to follow transit path */, "load-balancing-options" ( /* AMS subunit load balancing options */ c( "preferred-active" ( /* Preferred active Interface name */ interface_device /* Preferred active Interface name */ ), "disable-hash" /* Hash based distribution is not needed for this subunit */, "hash-keys" ( c( "ingress-key" ( /* Hash Key for the ingress direction */ enum(("source-ip" | "destination-ip" | "protocol" | "iif")) ), "egress-key" ( /* Hash Key for the egress direction */ enum(("source-ip" | "destination-ip" | "protocol" | "oif")) ), "ipv6-source-prefix-length" ( /* IPv6 source prefix length for hash computation */ ("56" | "64" | "96" | "128") ) ) ) ) ), "mac" ( /* Configure logical interface MAC address */ mac_unicast /* Configure logical interface MAC address */ ), "virtual-gateway-v4-mac" ( /* Configure virtual gateway IPV4 virtual MAC address */ mac_unicast /* Configure virtual gateway IPV4 virtual MAC address */ ), "virtual-gateway-v6-mac" ( /* Configure virtual gateway IPV6 virtual MAC address */ mac_unicast /* Configure virtual gateway IPV6 virtual MAC address */ ), "forwarding-options" ( /* Aggregated Ethernet interface forwarding-options */ c( "load-balance-stateful" ( /* Stateful load balancing */ c( "per-flow" /* Enable feature */, "rebalance" arg /* Rebalancing interval */, "load-type" ( /* Load - defines the flows */ ("high" | "medium" | "low") ) ) ) ) ), "etree-ac-role" ( /* ETREE attachment circuit role */ ("root" | "leaf") ) ) ), "no-partition" ( /* Use channelizable interface as clear channel */ sc( "interface-type" ( /* Interface type */ ("e1" | "t1" | "at" | "t3" | "e3" | "ct3" | "so" | "cau4") ) ) ).as(:oneline), "partition" arg ( /* Channelized interface partition */ sc( "oc-slice" arg /* Range of SONET/SDH slices (for example, 1, 7-9) */, "timeslots" arg /* Timeslots [(1..24) for T1, (1..31) for E1]; for example, 1-3,4,9,22-24 (no spaces) */, "interface-type" ( /* Sublevel interface type */ ("ds" | "e1" | "t1" | "at" | "ct1" | "ce1" | "t3" | "ct3" | "e3" | "so" | "coc1" | "cau4" | "dc" | "bc") ) ) ).as(:oneline), "radius-options" ( /* Interface RADIUS Options */ radius_options_vlan_type /* Interface RADIUS Options */ ) ) ), interfaces_type ) ), "multi-chassis" ( /* Multi-chassis configuration */ c( "mc-lag" ( /* Multi-chassis Lag configuration */ c( "consistency-check" ( /* Consistency Check properties */ c( "comparison-delay-time" arg /* Time after which local and remote config are compared */, "traceoptions" ( /* Trace options for MCLAG_CFGCHK */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("error" | "event" | "packet" | "pipe" | "pipe-detail" | "all")) /* Trace flag information */.as(:oneline) ) ) ) ) ) ), "multi-chassis-protection" ( /* Inter-Chassis protection configuration */ multi_chassis_protection_group /* Inter-Chassis protection configuration */ ) ) ), "jsrc-partition" ( /* JSRC partition configuration */ sc( arg ) ).as(:oneline), "snmp" ( /* Simple Network Management Protocol configuration */ c( "system-name" arg /* System name override */, "description" arg /* System description */, "location" arg /* Physical location of system */, "contact" arg /* Contact information for administrator */, "interface" ( /* Restrict SNMP requests to interfaces */ interface_name /* Restrict SNMP requests to interfaces */ ), "alarm-management" ( /* Alarm management */ c( "alarm-list-name" arg ( /* Alarm list name */ c( "alarm-id" arg ( /* Alarm id */ c( "alarm-state" arg ( /* Alarm model state, configure state value as 1 for clear alarm */ c( "notification-id" arg /* Notification id of alarm */, "varbind-index" arg /* Varbind index in alarm varbind list */, "varbind-value" arg /* Alarm varbind value */, "description" arg /* Alarm description */, "varbind-subtree" arg /* Alarm varbind subtree */, "resource-prefix" arg /* Alarm resource prefix */ ) ) ) ) ) ) ) ), "filter-interfaces" ( /* List of interfaces that needs to be filtered */ c( "interfaces" arg /* Filter specified interfaces */, "all-internal-interfaces" /* Filter all internal interfaces */ ) ), "if-count-with-filter-interfaces" /* Filter interfaces config for ifNumber and ipv6Interfaces */, "filter-duplicates" /* Filter requests with duplicate source address/port and request ID */, "nonvolatile" ( /* Configure the handling of nonvolatile SNMP Set requests */ c( "commit-delay" arg /* Delay between affirmative SNMP Set reply and start of commit */ ) ), "v3" ( /* SNMPv3 configuration information */ c( "usm" ( /* User-based security model (USM) information */ c( "local-engine" ( /* Local engine user configuration */ c( "user" ( /* SNMPv3 USM user information */ v3_user_config /* SNMPv3 USM user information */ ) ) ), "remote-engine" arg ( /* Remote engine user configuration */ c( "user" ( /* SNMPv3 USM user information */ v3_user_config /* SNMPv3 USM user information */ ) ) ) ) ), "vacm" ( /* View-based access control model (VACM) information */ c( "security-to-group" ( /* Assigns security names to group */ c( "security-model" enum(("usm" | "v1" | "v2c")) ( /* Security model context for group assignment */ c( "security-name" arg ( /* Security name to assign to group */ c( "group" arg /* Group to which to assign security name */ ) ) ) ) ) ), "access" ( /* Specify SNMP access limits */ c( "group" arg ( /* Group access configuration */ c( "default-context-prefix" ( /* Default context-prefix access configuration */ c( "security-model" ( /* Security model access configuration */ security_model_access /* Security model access configuration */ ) ) ), "context-prefix" arg ( /* Context-prefix access configuration */ c( "security-model" ( /* Security model access configuration */ security_model_access /* Security model access configuration */ ) ) ) ) ) ) ) ) ), "target-address" arg ( /* Identifies notification targets as well as allowed management stations */ c( "address" ( /* SNMP target address */ ipaddr /* SNMP target address */ ), "port" arg /* SNMP target port number */, "timeout" arg /* Acknowledgment timeout for confirmed SNMP notifications */, "retry-count" arg /* Maximum retry count for confirmed SNMP notifications */, "tag-list" arg /* SNMP tag list used to select target addresses */, "address-mask" ( /* Mask range of addresses for community string access control. */ ipaddr /* Mask range of addresses for community string access control. */ ), "routing-instance" arg /* Routing instance for trap destination */, "logical-system" arg /* Logical-system name for trap destination */, "target-parameters" arg /* SNMPv3 target parameter name in the target parameters table */ ) ), "target-parameters" arg ( /* Parameters and filter name used when sending notifications */ c( "parameters" ( /* Parameters used when sending notifications */ c( "message-processing-model" ( /* The message processing model to be used when generating SNMP notifications */ ("v1" | "v2c" | "v3") ), "security-model" ( /* Security-model used when generating SNMP notifications */ ("usm" | "v1" | "v2c") ), "security-level" ( /* Security-level used when generating SNMP notifications */ ("none" | "authentication" | "privacy") ), "security-name" arg /* Security name used when generating SNMP notifications */ ) ), "notify-filter" ( /* Notify filter to apply to notifications */ sc( arg ) ).as(:oneline) ) ), "notify" arg ( /* Used to select management targets for notifications as well as the type of notifications */ c( "type" ( /* Notification type */ ("trap" | "inform") ), "tag" arg /* Notifications will be sent to all targets configured with this tag */ ) ), "notify-filter" arg ( /* Filters to apply to SNMP notifications */ c( "oid" arg ( /* OID include/exclude list */ sc( c( "include" /* Include this OID in the notify filter */, "exclude" /* Exclude this OID from the notify filter */ ) ) ).as(:oneline) ) ), "management-routing-instance" arg /* Enable SNMPv3 access for all routing instances from this default context */, "snmp-community" arg ( /* SNMP community and view-based access control model configuration */ c( "community-name" ( /* SNMPv1/v2c community name (default is same as community-index) */ unreadable /* SNMPv1/v2c community name (default is same as community-index) */ ), "security-name" arg /* Security name used when performing access control */, "context" arg /* Context used when performing access control */, "tag" arg /* Tag identifier for set of targets allowed to use this community string */ ) ) ) ), "proxy" arg ( /* SNMP proxy configuration */ c( "device-name" arg /* Satellite/Proxied Device name or IP address */, c( "version-v1" ( /* For v1 proxy configuration define snmp-community */ comm_object /* For v1 proxy configuration define snmp-community */ ), "version-v2c" ( /* For v2c proxy configuration define snmp-community */ comm_object /* For v2c proxy configuration define snmp-community */ ), "version-v3" ( /* For v3 proxy configuration define security-name */ sec_object /* For v3 proxy configuration define security-name */ ) ), "routing-instance" arg /* Associate routing-instance name for proxy forwarding */, "logical-system" arg ( /* Associate logical-system name for proxy forwarding */ c( "routing-instance" arg /* Associate routing-instance name for proxy forwarding */ ) ) ) ), "subagent" ( /* SNMP subagent configuration */ c( "tcp" ( /* Allow SNMP subagent tcp connection */ c( "routing-instance" ( /* Specify routing-instance name for tcp connection */ c( "default" /* Allow connections over default routing-instance */ ) ) ) ) ) ), "engine-id" ( /* SNMPv3 engine ID */ c( c( "use-mac-address" /* Uses management interface MAC Address for the engine ID */, "use-default-ip-address" /* Use default IP address for the engine ID */, "local" arg /* Local engine ID */ ) ) ), "access" ( /* SNMPv3 access information */ c( "user" arg ( /* SNMPv3 USM user information */ c( "authentication-type" ( /* SNMPv3 USM authentication type */ ("none" | "md5" | "sha") ), "authentication-password" ( /* SNMPv3 USM authentication password */ unreadable /* SNMPv3 USM authentication password */ ), "privacy-type" ( /* SNMPv3 USM privacy type */ ("none" | "des") ), "privacy-password" ( /* SNMPv3 USM privacy password */ unreadable /* SNMPv3 USM privacy password */ ), "clients" arg ( /* List of source address prefix ranges to accept */ sc( "restrict" /* Deny access */ ) ).as(:oneline) ) ), "group" arg ( /* SNMPv3 USM group information */ c( "user" arg /* SNMPv3 USM username */, "model" ( /* SNMPv3 security model */ ("usm") ) ) ), "context" arg ( /* SNMPv3 context information */ c( "description" arg /* SNMPv3 context description */, "group" arg ( /* Access group */ c( "model" ( /* SNMPv3 security model */ ("usm") ), "security-level" ( /* SNMPv3 security level */ ("none" | "authentication" | "privacy") ), "read-view" arg /* Read view name */, "write-view" arg /* Write view name */ ) ) ) ) ) ), "view" arg ( /* Define MIB views */ c( "oid" arg ( /* OID include/exclude list */ sc( c( "include" /* Include this OID in the view */, "exclude" /* Exclude this OID from the view */ ) ) ).as(:oneline) ) ), "client-list" arg ( /* Client list */ c( client_address_object /* Client address list */ ) ), "community" arg ( /* Configure a community string */ c( "view" arg /* View name */, "authorization" ( /* Authorization type */ ("read-only" | "read-write") ), c( "client-list-name" arg /* The name of client list or prefix list */, "clients" arg ( /* List of source address prefix ranges to accept */ sc( "restrict" /* Deny access */ ) ).as(:oneline) ), "routing-instances" arg ( /* Use logical-system/routing-instance for v1/v2c clients */ c( c( "client-list-name" arg /* The name of client list or prefix list */, "clients" arg ( /* List of source address prefix ranges to accept */ sc( "restrict" /* Deny access */ ) ).as(:oneline) ) ) ), "routing-instance" arg ( /* Use routing-instance name for v1/v2c clients */ c( c( "client-list-name" arg /* The name of client list or prefix list */, "clients" arg ( /* List of source address prefix ranges to accept */ sc( "restrict" /* Deny access */ ) ).as(:oneline) ) ) ), "logical-system" arg ( /* Use logical-system name for v1/v2c clients */ c( "routing-instance" arg ( /* Use routing-instance name for v1/v2c clients */ c( c( "client-list-name" arg /* The name of client list or prefix list */, "clients" arg ( /* List of source address prefix ranges to accept */ sc( "restrict" /* Deny access */ ) ).as(:oneline) ) ) ) ) ) ) ), "trap-options" ( /* SNMP trap options */ c( "source-address" ( /* IPv4/IPv6 source address for trap PDUs */ c( c( "lo0" /* Use lowest address on loopback interface */, ipaddr /* Use specified address */ ) ) ), "enterprise-oid" /* Add snmpTrapEnterprise oid in varbind of all traps */, "context-oid" /* Add context oid in varbind of all traps at the end */, "routing-instances" arg ( /* Use routing-instance name for source-address */ c( "source-address" ( /* IPv4/IPv6 source address for trap PDUs */ c( c( "lo0" /* Use lowest address on loopback interface */, ipaddr /* Use specified address */ ) ) ) ) ), "routing-instance" arg ( /* Use routing-instance name for source-address */ c( "source-address" ( /* IPv4/IPv6 source address for trap PDUs */ c( c( "lo0" /* Use lowest address on loopback interface */, ipaddr /* Use specified address */ ) ) ) ) ), "logical-system" arg ( /* Use logical-system name for source-address */ c( "routing-instance" arg ( /* Use routing-instance name for source-address */ c( "source-address" ( /* IPv4/IPv6 source address for trap PDUs */ c( c( "lo0" /* Use lowest address on loopback interface */, ipaddr /* Use specified address */ ) ) ) ) ) ) ), "agent-address" ( /* Agent address for v1 trap PDUs */ ("outgoing-interface") ) ) ), "trap-group" arg ( /* Configure traps and notifications */ c( "version" ( /* SNMP version */ ("all" | "v1" | "v2") ), "destination-port" arg /* SNMP trap receiver port number */, "categories" ( /* Trap categories */ c( "authentication" /* Authentication failures */, "chassis" /* Chassis or environment notifications */, "link" /* Link up-down transitions */, "remote-operations" /* Remote operations */, "routing" /* Routing protocol notifications */, "startup" /* System warm and cold starts */, "ggsn" /* GGSN notifications */, "rmon-alarm" /* RMON rising and falling alarms */, "vrrp-events" /* VRRP notifications */, "configuration" /* Configuration notifications */, "services" /* Services notifications */, "chassis-cluster" /* Clustering notifications */, "chassis-high-availability" /* High Availability notifications */, "chassis-ha-reswatch" /* High availability resource watch notifications */, "timing-events" /* Timing defects/events notifications */, "dot3oam-events" /* 802.3ah notifications */, "sonet-alarms" ( /* SONET alarm trap subcategories */ c( "loss-of-light" /* Loss of light alarm notification */, "pll-lock" /* PLL lock alarm notification */, "loss-of-frame" /* Loss of frame alarm notification */, "loss-of-signal" /* Loss of signal alarm notification */, "severely-errored-frame" /* Severely errored frame alarm notification */, "line-ais" /* Line AIS alarm notification */, "path-ais" /* Path AIS alarm notification */, "loss-of-pointer" /* Loss of pointer alarm notification */, "ber-defect" /* Sonet bit error rate alarm defect notification */, "ber-fault" /* Sonet bit error rate alarm fault notification */, "line-remote-defect-indication" /* Line Remote Defect Indication alarm notification */, "path-remote-defect-indication" /* Path Remote Defect Indication alarm notification */, "remote-error-indication" /* Remote Error Indication alarm notification */, "unequipped" /* Unequipped alarm notification */, "path-mismatch" /* Path mismatch alarm notification */, "loss-of-cell" /* Loss of Cell delineation alarm notification */, "vt-ais" /* VT AIS alarm notification */, "vt-loss-of-pointer" /* VT Loss Of Pointer alarm notification */, "vt-remote-defect-indication" /* VT Remote Defect Indication alarm notification */, "vt-unequipped" /* VT Unequipped alarm notification */, "vt-label-mismatch" /* VT label mismatch error notification */, "vt-loss-of-cell" /* VT Loss of Cell delineation notification */ ) ), "otn-alarms" ( /* OTN alarm trap subcategories */ c( "oc-los" /* Loss of signal alarm notification */, "oc-lof" /* Loss of frame alarm notification */, "oc-lom" /* Loss of multiframe alarm notification */, "wavelength-lock" /* Wavelength lock alarm notification */, "otu-ais" /* OTU Alarm indication signal alarm notification */, "otu-bdi" /* OTU Backward defect indication alarm notification */, "otu-ttim" /* OTU Trace identification mismatch alarm notification */, "otu-iae" /* OTU Incoming alignment error alarm notification */, "otu-sd" /* OTU Signal degrade alarm notification */, "otu-sf" /* OTU Signal fail alarm notification */, "otu-fec-exe" /* OTU Fec excessive errors alarm notification */, "otu-fec-deg" /* OTU Fec degraded errors alarm notification */, "otu-bbe-threshold" /* OTU Background block error threshold alarm notification */, "otu-es-threshold" /* OTU Errored Second threshold alarm notification */, "otu-ses-threshold" /* OTU Severely Errored Second threshold alarm notification */, "otu-uas-threshold" /* OTU Unavailable Second threshold alarm notification */, "odu-ais" /* ODU Alarm indication signal alarm notification */, "odu-oci" /* ODU Open connection indicator alarm notification */, "odu-lck" /* ODU Locked alarm notification */, "odu-bdi" /* ODU Backward defect indication alarm notification */, "odu-ttim" /* ODU Trace identification mismatch alarm notification */, "odu-sd" /* ODU Signal degrade alarm notification */, "odu-sf" /* ODU Signal fail alarm notification */, "odu-rx-aps-change" /* ODU Receive APS change notification */, "odu-bbe-threshold" /* ODU Background block error threshold alarm notification */, "odu-es-threshold" /* ODU Errored Second threshold alarm notification */, "odu-ses-threshold" /* ODU Severely Errored Second threshold alarm notification */, "odu-uas-threshold" /* ODU Unavailable Second threshold alarm notification */, "opu-ptm" /* ODU Payload Type Mismatch alarm notification */ ) ) ) ), "targets" arg /* Targets for trap messages */.as(:oneline), "routing-instance" arg /* Routing instance for trap destination */, "logical-system" arg /* Logical-system name for trap destination */ ) ), "routing-instance-access" ( /* SNMP routing-instance options */ c( "access-list" arg ( /* Allow/Deny SNMP access to routing-instances */ sc( "restrict" /* Deny access */ ) ).as(:oneline) ) ), "logical-system-trap-filter" /* Allow only logical-system specific traps */, "traceoptions" ( /* Trace options for SNMP */ c( "memory-trace" ( /* Memory tracing information */ c( "size" arg /* Memory size reserved for tracing */ ) ), "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("timer" | "protocol-timeouts" | "pdu" | "varbind-error" | "routing-socket" | "interface-stats" | "subagent" | "general" | "nonvolatile-sets" | "all")) /* Tracing parameters */.as(:oneline) ) ), "rmon" ( /* Remote Monitoring configuration */ c( "history" arg ( /* RMON history entries */ c( "interface" ( /* Enable RMON on this interface */ interface_name /* Enable RMON on this interface */ ), "bucket-size" arg /* Requested buckets for the interface */, "interval" arg /* Interval between samples */, "owner" arg /* Owner name of the entry */ ) ), "alarm" arg ( /* RMON alarm entries */ c( "description" arg /* General description of alarm (stored in alarmOwner) */, "interval" arg /* Interval between samples */, "falling-threshold-interval" arg /* Interval between samples during falling-threshold test */, "variable" arg /* OID of MIB variable to be monitored */, "sample-type" ( /* Method of sampling the selected variable */ ("absolute-value" | "delta-value") ), "request-type" ( /* Type of SNMP request to issue for alarm */ ("get-request" | "get-next-request" | "walk-request") ), "startup-alarm" ( /* The alarm that may be sent upon entry startup */ ("rising-alarm" | "falling-alarm" | "rising-or-falling-alarm") ), "rising-threshold" arg /* The rising threshold */, "falling-threshold" arg /* The falling threshold */, "rising-event-index" arg /* Event triggered after rising threshold is crossed */, "falling-event-index" arg /* Event triggered after falling threshold is crossed */, "syslog-subtag" arg /* Tag to be added to syslog messages */ ) ), "event" arg ( /* RMON event entries */ c( "description" arg /* General description of event */, "type" ( /* The type of notification for this event */ ("none" | "log" | "snmptrap" | "log-and-trap") ), "community" arg /* The community (trap group) for outgoing traps */ ) ) ) ), "health-monitor" ( /* Health monitoring configuration */ c( "routing-engine" ( /* Routing engine health monitoring configuration */ c( "cpu" ( /* CPU monitoring parameters configuration */ c( "interval" arg /* Interval between samples */, "moderate-threshold" arg /* Acceptable limit for resource utilization */, "high-threshold" arg /* Warning limit for resource utilization */, "critical-threshold" arg /* Critical limit for resource utilization */, "action" ( /* Action level (monitor, prevent or recover) */ ("monitor" | "prevent" | "recover") ) ) ), "memory" ( /* Memory monitoring parameters configuration */ c( "interval" arg /* Interval between samples */, "moderate-threshold" arg /* Acceptable limit for resource utilization */, "high-threshold" arg /* Warning limit for resource utilization */, "critical-threshold" arg /* Critical limit for resource utilization */, "action" ( /* Action level (monitor, prevent or recover) */ ("monitor" | "prevent" | "recover") ) ) ), "storage" ( /* Storage monitoring parameters configuration */ c( "interval" arg /* Interval between samples */, "moderate-threshold" arg /* Acceptable limit for resource utilization */, "high-threshold" arg /* Warning limit for resource utilization */, "critical-threshold" arg /* Critical limit for resource utilization */, "action" ( /* Action level (monitor, prevent or recover) */ ("monitor" | "prevent" | "recover") ) ) ), "temperature" ( /* Temperature monitoring parameters configuration */ c( "interval" arg /* Interval between samples */, "moderate-threshold" arg /* Acceptable limit for resource utilization */, "high-threshold" arg /* Warning limit for resource utilization */, "critical-threshold" arg /* Critical limit for resource utilization */ ) ), "process-count" ( /* Process count monitoring parameters configuration */ c( "interval" arg /* Interval between samples */, "moderate-threshold" arg /* Acceptable limit for resource utilization */, "high-threshold" arg /* Warning limit for resource utilization */, "critical-threshold" arg /* Critical limit for resource utilization */, "action" ( /* Action level (monitor, prevent or recover) */ ("monitor" | "prevent" | "recover") ) ) ), "open-files-count" ( /* Open files count monitoring parameters configuration */ c( "interval" arg /* Interval between samples */, "moderate-threshold" arg /* Acceptable limit for resource utilization */, "high-threshold" arg /* Warning limit for resource utilization */, "critical-threshold" arg /* Critical limit for resource utilization */, "action" ( /* Action level (monitor, prevent or recover) */ ("monitor" | "prevent" | "recover") ) ) ), "interval" arg /* Interval between samples */, "moderate-threshold" arg /* Acceptable limit for resource utilization */, "high-threshold" arg /* Warning limit for resource utilization */, "critical-threshold" arg /* Critical limit for resource utilization */, "action" ( /* Action level (monitor, prevent or recover) */ ("monitor" | "prevent" | "recover") ), "traceoptions" ( /* Trace options for system health management process */ c( "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("configuration" | "memory" | "diagnostic" | "all")) /* Events or messages to include in the trace output */.as(:oneline) ) ) ) ), "interval" arg /* Interval between samples */, "rising-threshold" arg /* Rising threshold applied to all monitored objects */, "falling-threshold" arg /* Falling threshold applied to all monitored objects */, "idp" ( /* IDP health monitor configuration */ c( "interval" arg /* Interval between samples */, "rising-threshold" arg /* Rising threshold applied to all monitored objects */, "falling-threshold" arg /* Falling threshold applied to all monitored objects */ ) ) ) ), "arp" ( /* JVision ARP settings */ c( "host-name-resolution" /* Enable host name resolution */ ) ), "customization" ( /* Customize SNMP behaviour based on knob */ c( "ether-stats-ifd-only" /* To stop exposing IFLs as part of etherStatsTable */ ) ) ) ), "forwarding-options" ( /* Configure options to control packet forwarding */ juniper_forwarding_options /* Configure options to control packet forwarding */ ), "event-options" ( /* Event processing configuration */ c( "max-policies" arg /* Number of policies that can be executed simultaneously */, "generate-event" arg ( /* Generate an internal event */ sc( c( "time-of-day" ( /* Time of day at which to generate event (hh:mm:ss) */ date /* Time of day at which to generate event (hh:mm:ss) */ ), "time-interval" arg /* Frequency for generating the event */ ), "start-time" ( /* Start-time to generate event (yyyy-mm-dd.hh:mm) */ time /* Start-time to generate event (yyyy-mm-dd.hh:mm) */ ), "no-drift" /* Avoid event generation delay propagating to next event */ ) ).as(:oneline), "policy" arg ( /* Event policy for event policy manager */ c( "events" arg /* List of events that trigger this policy */, "within" arg ( /* List of events correlated with trigering events */ c( "trigger" ( /* Correlate events based on the number of occurrences */ sc( c( "until" /* Trigger when occurrences of triggering event < 'count' */, "on" /* Trigger when occurrences of triggering event = 'count' */, "after" /* Trigger when occurrences of triggering event > 'count' */ ), arg /* Number of occurrences of triggering event */ ) ).as(:oneline), "events" arg /* List of events that must occur within time interval */, "not" ( /* Events must not occur within time interval */ sc( "events" arg /* List of events that must not occur within time interval */ ) ).as(:oneline) ) ), "attributes-match" ( /* List of attributes to compare for two events */ s( arg, enum(("equals" | "starts-with" | "matches")), arg ) ).as(:oneline), "then" ( /* List of actions to perform when policy matches */ c( "ignore" /* Do not log event or perform any other action */, "priority-override" ( /* Change syslog priority value */ c( "facility" ( /* Facility type */ ("authorization" | "daemon" | "ftp" | "ntp" | "security" | "kernel" | "user" | "dfc" | "external" | "firewall" | "pfe" | "conflict-log" | "change-log" | "interactive-commands") ), "severity" ( /* Severity type */ ("emergency" | "alert" | "critical" | "error" | "warning" | "notice" | "info") ) ) ), "upload" ( /* Upload file to specified destination */ s( "filename" arg /* Name of file to upload */, "destination" arg /* Location to which to output file */, c( "user-name" arg /* User under whose privileges upload action will execute */, "transfer-delay" arg /* Delay before uploading file to the destination */, "retry-count" ( /* Upload output-filename retry attempt count */ sc( arg, "retry-interval" arg /* Time interval between each retry */ ) ).as(:oneline) ) ) ), "change-configuration" ( /* Change configuration */ c( "retry" ( /* Change configuration retry attempt count */ sc( "count" arg /* Number of retry attempts */, "interval" arg /* Time interval between each retry */ ) ).as(:oneline), "commands" arg /* List of configuration commands */, "user-name" arg /* User under whose privileges configuration should be changed */, "commit-options" ( /* List of commit options */ c( "check" ( /* Check correctness of syntax; do not apply changes */ c( "synchronize" /* Synchronize commit on both Routing Engines */ ) ), "synchronize" /* Synchronize commit on both Routing Engines */, "force" /* Force commit on other Routing Engine (ignore warnings) */, "log" arg /* Message to write to commit log */ ) ) ) ), "execute-commands" ( /* Issue one or more CLI commands */ c( "commands" arg /* List of CLI commands to issue */, "user-name" arg /* User under whose privileges command will execute */, "output-filename" arg /* Name of file in which to write command output */, "destination" arg ( /* Location to which to upload command output */ c( "transfer-delay" arg /* Delay before uploading file to the destination */, "retry-count" ( /* Upload output-filename retry attempt count */ sc( arg, "retry-interval" arg /* Time interval between each retry */ ) ).as(:oneline) ) ), "output-format" ( /* Format of output from CLI commands */ ("text" | "xml") ) ) ), "event-script" arg ( /* Invoke event scripts */ c( "arguments" arg ( /* Command line argument to the script */ sc( arg /* Value of the argument */ ) ).as(:oneline), "user-name" arg /* User under whose privileges event script will execute */, "output-filename" arg /* Name of file in which to write event script output */, "destination" arg ( /* Location to which to upload event script output */ c( "transfer-delay" arg /* Delay before uploading files */, "retry-count" ( /* Upload output-filename retry attempt count */ sc( arg, "retry-interval" arg /* Time interval between each retry */ ) ).as(:oneline) ) ), "output-format" ( /* Format of output from event-script */ ("text" | "xml") ) ) ), "raise-trap" /* Raise SNMP trap */ ) ) ) ), "event-script" ( /* Configure event-scripts */ c( "optional" /* Allow commit to succeed if the script is missing */, "max-datasize" arg /* Maximum data segment size for scripts execution */, "dampen" ( /* Run event scripts in dampen mode */ c( "dampen-options" ( /* Dampen options for event scripts */ c( "cpu-factor" arg /* CPU factor at which to pause */, "line-interval" arg /* Line interval at which to pause */, "time-interval" arg /* Time to pause */ ) ) ) ), "traceoptions" ( /* Trace options for event scripts */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("events" | "input" | "offline" | "output" | "rpc" | "xslt" | "all")) /* Tracing parameters */.as(:oneline) ) ), "file" arg ( /* File name for event script */ c( "source" arg /* URL of source for this script */, "cert-file" arg /* Specify the certificate file name */, "python-script-user" arg /* Run the python event script with privileges of user */, "dampen" ( /* Run script in dampen mode */ c( "dampen-options" ( /* Dampen options for the script */ c( "cpu-factor" arg /* CPU factor at which to pause */, "line-interval" arg /* Line interval at which to pause */, "time-interval" arg /* Time to pause */ ) ) ) ), "routing-instance" arg /* Routing instance */, "refresh" /* Refresh all operation scripts from their source */, "refresh-from" arg /* Refresh all operation scripts from a given base URL */, "checksum" ( /* Checksum of this script */ c( "sha-256" arg /* SHA-256 checksum of this script */ ) ), "remote-execution" arg ( /* Remote login username and password details for script */ c( "username" arg /* SSH username for login into the remote host */, "passphrase" ( /* SSH passphrase for login into the remote host */ unreadable /* SSH passphrase for login into the remote host */ ) ) ) ) ), "refresh" /* Refresh all operation scripts from their source */, "refresh-from" arg /* Refresh all operation scripts from a given base URL */ ) ), "destinations" arg ( /* List of destinations referred to in 'then' clause */ c( "transfer-delay" arg /* Delay before transferring files */, "archive-sites" arg ( /* List of archive destinations */ sc( "password" ( /* Password for login into the archive site */ unreadable /* Password for login into the archive site */ ) ) ).as(:oneline) ) ), "traceoptions" ( /* Trace options for the event processing daemon */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("server" | "configuration" | "events" | "timer-events" | "database" | "policy" | "registration" | "syslogd" | "all")) /* List of event types to include in trace */.as(:oneline) ) ), "redundancy-event" ( /* Events for policies to take action on */ srd_events_object /* Events for policies to take action on */ ) ) ), "accounting-options" ( /* Accounting data configuration */ juniper_accounting_options /* Accounting data configuration */ ), "policy-options" ( /* Policy option configuration */ juniper_policy_options /* Policy option configuration */ ), "class-of-service" ( /* Class-of-service configuration */ juniper_class_of_service_options /* Class-of-service configuration */ ), "firewall" ( /* Define a firewall configuration */ c( "family" ( /* Protocol family */ c( "inet" ( /* Protocol family IPv4 for firewall filter */ c( "dialer-filter" ( /* Define an IPv4 dialer filter */ inet_dialer_filter /* Define an IPv4 dialer filter */ ), "prefix-action" ( /* Define a prefix action */ prefix_action /* Define a prefix action */ ), "filter" ( /* Define an IPv4 firewall filter */ inet_filter /* Define an IPv4 firewall filter */ ), "template" ( /* Define an Inet firewall template */ inet_template /* Define an Inet firewall template */ ), "simple-filter" ( /* Define an IPv4 firewall simple filter */ inet_simple_filter /* Define an IPv4 firewall simple filter */ ), "service-filter" ( /* One or more IPv4 service filters */ inet_service_filter /* One or more IPv4 service filters */ ), "fast-update-filter" ( /* One or more fast update filters */ inet_fuf /* One or more fast update filters */ ) ) ), "inet6" ( /* Protocol family IPv6 for firewall filter */ c( "dialer-filter" ( /* Define an IPv6 dialer filter */ inet6_dialer_filter /* Define an IPv6 dialer filter */ ), "filter" ( /* Define an IPv6 firewall filter */ inet6_filter /* Define an IPv6 firewall filter */ ), "service-filter" ( /* One or more IPv6 service filters */ inet6_service_filter /* One or more IPv6 service filters */ ), "fast-update-filter" ( /* One or more fast update filters */ inet6_fuf /* One or more fast update filters */ ), "template" ( /* Define an Inet6 firewall template */ inet6_template /* Define an Inet6 firewall template */ ) ) ), "mpls" ( /* Protocol family MPLS for firewall filter */ c( "dialer-filter" ( /* Define an mpls dialer filter */ mpls_dialer_filter /* Define an mpls dialer filter */ ), "filter" ( mpls_filter ), "template" ( /* Define an MPLS firewall template */ mpls_template /* Define an MPLS firewall template */ ) ) ), "vpls" ( /* Protocol family VPLS for firewall filter */ c( "filter" ( vpls_filter ) ) ), "evpn" ( /* Protocol family EVPN for firewall filter */ c( "filter" ( vpls_filter ) ) ), "bridge" ( /* Protocol family BRIDGE for firewall filter */ c( "filter" ( bridge_filter ) ) ), "ccc" ( /* Protocol family CCC for firewall filter */ c( "filter" ( ccc_filter ) ) ), "any" ( /* Protocol-independent filter */ c( "filter" ( /* Define a protocol independent filter */ any_filter /* Define a protocol independent filter */ ), "template" ( /* Define Protocol independent filter template */ any_template /* Define Protocol independent filter template */ ) ) ), "ethernet-switching" ( /* Protocol family Ethernet Switching for firewall filter */ c( "filter" ( /* Define an Ethernet Switching firewall filter */ es_filter /* Define an Ethernet Switching firewall filter */ ), "template" ( /* Define an ethernet switching firewall template */ es_template /* Define an ethernet switching firewall template */ ) ) ) ) ), "policer" ( /* Policer template definition */ firewall_policer /* Policer template definition */ ), "flexible-match" ( /* Flexible packet match template definition */ firewall_flexible_match /* Flexible packet match template definition */ ), "tunnel-end-point" ( /* Tunnel end-point template definition */ tunnel_end_point /* Tunnel end-point template definition */ ), "hierarchical-policer" ( /* Hierarchical policer template definition */ firewall_hierpolicer /* Hierarchical policer template definition */ ), "interface-set" ( /* Interface set definition */ interface_set_type /* Interface set definition */ ), "load-balance-group" ( /* Load-balance group definition */ firewall_load_balance_group /* Load-balance group definition */ ), "atm-policer" ( /* Atm policer */ atm_policer_type /* Atm policer */ ), "three-color-policer" ( /* Three-color policer */ three_color_policer_type /* Three-color policer */ ), "filter" ( /* Define an IPv4 firewall filter */ inet_filter /* Define an IPv4 firewall filter */ ) ) ), "access" ( /* Network access configuration */ juniper_access_options /* Network access configuration */ ), "routing-instances" ( /* Routing instance configuration */ c( juniper_routing_instance ) ), "tenants" ( /* Tenants defined in this system */ juniper_tenant /* Tenants defined in this system */ ), "unified-edge" ( /* Unified edge configuration */ c( "cos-cac" ( /* Unified Edge COS configuration */ juniper_unified_edge_cos_options /* Unified Edge COS configuration */ ), "local-policies" arg ( /* Local policy profiles */ c( "description" arg /* Text description of local policy */, "resource-threshold-profile" arg /* Resource threshold profile associated with the local policy */, "classifier-profile" arg /* QoS class profile associated with the local policy */, "cos-policy-profile" arg /* QoS policy profile associated with the local policy */, "roamer-classifier-profile" arg /* QoS classifier profile for roamers */, "roamer-cos-policy-profile" arg /* QoS policy profile for roamers */, "visitor-classifier-profile" arg /* QoS classifier profile for visitor */, "visitor-cos-policy-profile" arg /* QoS policy profile for visitor */, "traffic-class-qci-mapping-profile" arg /* Traffic class to qci mapping profile */, "ul-bandwidth-pool" arg /* Bandwidth pool associated with the local policy */, "dl-bandwidth-pool" arg /* Bandwidth pool associated with the local policy */ ) ), "aaa" ( /* AAA configuration */ c( "traceoptions" ( aaa_traceoptions ), "profiles" ( /* AAA profile configuration */ aaa_profile /* AAA profile configuration */ ) ) ), "diameter-profiles" ( /* Unified Edge Diameter application configurations */ mobile_diameter_profiles /* Unified Edge Diameter application configurations */ ), "gateways" ( /* Gateways configuration */ c( "ggsn-pgw" arg ( /* GGSN-PGW Configuration */ c( "service-mode" ( /* Service mode */ ("maintenance") ), "maximum-bearers" arg /* Maximum bearers for the GW */, "session-timeout-check-interval" arg /* Session timeout checking interval in minutes */, "redirect-timeout" arg /* Delay before a redirected session is deleted */, "local-policy-profile" arg /* Local profile for the system level */, "pfes" ( /* PFE Configuration */ c( "guaranteed-bandwidth" arg /* PFE guaranteed bandwidth */, "maximum-bearers" arg /* PFE maximum bearers */, "default-bearers-percentage" arg /* PFE default bearer percentage */, "ipv4-nbm-prefixes" arg /* PFE IPv4 prefixes limit for NBM */, "ipv6-nbm-prefixes" arg /* PFE IPv6 prefixes limit for NBM */, "maximum-sdfs" arg /* PFE maximum SDFs */ ) ), "anchor-pfe-guaranteed-bandwidth" arg /* PFE guaranteed bandwidth */, "anchor-pfe-maximum-bearers" arg /* PFE maximum bearers */, "anchor-pfe-default-bearers-percentage" arg /* PFE default bearer percentage */, "anchor-pfe-ipv4-nbm-prefixes" arg /* PFE IPv4 prefixes limit for NBM */, "anchor-pfe-ipv6-nbm-prefixes" arg /* PFE IPv6 prefixes limit for NBM */, "preemption" ( /* Pre-Emption configuration */ c( "enable" /* Preemption-enabled - default is disabled */, "gtpv1-pvi-disable" /* Preemption Vulnerability indicator disabled - default is Enabled */, "gtpv1-pci-disable" /* Preemption Capability indicator disabled - default is Enabled */ ) ), "gtp" ( /* GTP configuration */ mobile_gateway_config_gtp /* GTP configuration */ ), "home-plmn" ( /* Configure home PLMN MCC MNC values */ c( "mcc" ( /* Enter MCC value */ s( arg, "mnc" arg /* Mobile network code */ ) ) ) ), "traceoptions" ( /* Trace options related to mobile subscriber management */ mobile_smd_traceoptions /* Trace options related to mobile subscriber management */ ), "call-rate-statistics" ( /* Call-rate-statistics options */ c( "interval" arg /* Time interval in minutes */, "history" arg /* Number of intervals */ ) ), "service-selection-profiles" arg ( /* Profile definition */ c( "term" arg ( /* Define a selection term */ c( "from" ( /* Define match criteria */ c( "imsi" arg /* Match IMSI */, "msisdn" arg /* Match MSISDN */, "imei" arg /* Match IMEI */, "anonymous-user" /* Match anonymous users */, "domain-name" arg /* Match domain name */, "roaming-status" ( /* Match roaming status */ ("home" | "roamer" | "visitor") ), "plmn" ( /* Match PLMN MCC MNC values */ c( "mcc" ( /* Enter MCC value */ s( arg, "mnc" arg /* Mobile network code */ ) ), "except" /* Except the specified plmns */ ) ), "charging-characteristics" arg /* Match charging characteristics */, "maximum-bearers" arg /* Maximum bearers in the gateway */, "peer" ( /* IP address of the peer creating the session */ ipaddr /* IP address of the peer creating the session */ ), "peer-routing-instance" arg /* Routing instance of the peer creating the session */, "pdn-type" ( /* Match pdn type */ ("ipv4" | "ipv6" | "ipv4v6") ), "rat-type" ( /* Radio Access Technology Type */ ("geran" | "utran" | "eutran" | "wlan" | "hspa") ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( "redirect-peer" arg /* IP address of the redirect peer */.as(:oneline), "accept" /* Stop matching futher terms and accept */, "reject" /* Reject the connection attempt */, "apn-name" arg /* Real APN name */, "pcef-profile" arg /* PCEF profile for service selection profile */, "charging-profile" arg /* Charging profile for service selection profile */ ) ) ) ) ) ), "apn-services" ( /* Apn services configuration */ ggsn_pgw_apn_services /* Apn services configuration */ ), "system" ( /* System parameters */ unified_edge_ggsn_pgw_system /* System parameters */ ), "diameter" ( /* Diameter protocol parameters specific to gateway */ unified_edge_gateway_diameter /* Diameter protocol parameters specific to gateway */ ), "charging" ( /* PGW charging profile definitions */ c( "traceoptions" ( /* Charging trace options */ charging_traceoptions /* Charging trace options */ ), "charging-profiles" ( /* Charging profile */ c( juniper_charging_profiles ) ), "transport-profiles" ( /* Transport profile definition */ c( juniper_transport_profiles ) ), "cdr-profiles" ( /* CDR profiles definition */ c( juniper_cdr_profiles /* CDR profile definition */ ) ), "trigger-profiles" ( /* Trigger profile definition */ c( juniper_trigger_profiles ) ), "local-persistent-storage-options" ( /* Local persistent storage configuration */ juniper_charged_configuraton /* Local persistent storage configuration */ ), "gtpp" ( /* Configuration for GTPP protocol for charging */ c( "source-interface" ( /* Source interface from which GTPP packets will be sent */ sc( interface_name /* Interface name */, "ipv4-address" ( /* Source IPv4 address to be used */ ipv4addr /* Source IPv4 address to be used */ ) ) ).as(:oneline), "destination-port" arg /* Destination port number of the CGF Server */, "n3-requests" arg /* Number of retries of GTPP messages upon timeout */, "transport-protocol" ( /* Default Transport protocol(udp/tcp) used */ ("udp" | "tcp") ), "version" ( /* GTPP version V0|V1|V2 */ ("v0" | "v1" | "v2") ), "echo-interval" arg /* GTPP echo-interval in seconds */, "no-path-management" /* Disables path management */, "t3-response" arg /* Response timeout value for GTPP request message */, "header-type" ( /* GTPP protocol header type short|long */ ("short" | "long") ), "pending-queue-size" arg /* Maximum number of DRT messages awaiting an ack */, "down-detect-time" arg /* Time (in sec) to wait before declaring a CGF as Down */, "reconnect-time" arg /* Time (in sec) after which connection to the CGF server should be retried */, "peer" ( /* GTPP peer object */ gtpp_peer /* GTPP peer object */ ) ) ) ) ), "ip-reassembly-profile" ( /* IP reassembly profile for mobile gateways */ c( arg ) ), "ipv6-router-advertisement" ( /* IPv6 router advertisement configuration for GGSN/PGW */ mobile_gateways_ipv6_router_advertisement /* IPv6 router advertisement configuration for GGSN/PGW */ ), "software-datapath" ( /* Mobility software datapath options */ c( "traceoptions" ( /* Mobility software datapath trace options */ software_datapath_traceoptions /* Mobility software datapath trace options */ ) ) ), "inline-services" ( /* Inline services */ c( "ip-reassembly" ( /* IP reassembly */ c( "service-set" ( /* Inline IP reassembly service set for mobile gateways */ c( arg ) ) ) ) ) ) ) ), "sgw" arg ( /* Serving Gateway Configuration */ c( "service-mode" ( /* Service mode */ ("maintenance") ), "maximum-bearers" arg /* Maximum bearers for the GW */, "local-policy-profile" arg /* Local profile for the system level */, "pfes" ( /* PFE Configuration */ c( "guaranteed-bandwidth" arg /* PFE guaranteed bandwidth */, "maximum-bearers" arg /* PFE maximum bearers */, "default-bearers-percentage" arg /* PFE default bearer percentage */ ) ), "anchor-pfe-guaranteed-bandwidth" arg /* PFE guaranteed bandwidth */, "anchor-pfe-maximum-bearers" arg /* PFE maximum bearers */, "anchor-pfe-default-bearers-percentage" arg /* PFE default bearer percentage */, "preemption" ( /* Pre-Emption configuration */ c( "enable" /* Preemption-enabled - default is disabled */ ) ), "remote-delete-on-peer-fail" /* Send delete towards remote peer if other peer fails */, "gtp" ( /* GTP configuration */ sgw_config_gtp /* GTP configuration */ ), "home-plmn" ( /* Configure home PLMN MCC MNC values */ c( "mcc" ( /* Enter MCC value */ s( arg, "mnc" arg /* Mobile network code */ ) ) ) ), "traceoptions" ( /* Trace options related to mobile subscriber management */ mobile_smd_traceoptions /* Trace options related to mobile subscriber management */ ), "call-rate-statistics" ( /* Call rate statistics options */ c( "interval" arg /* Time interval in minutes */, "history" arg /* Number of intervals */ ) ), "system" ( /* System parameters */ unified_edge_sgw_system /* System parameters */ ), "charging" ( /* SGW charging profile definitions */ c( "traceoptions" ( /* Charging trace options */ charging_traceoptions /* Charging trace options */ ), "charging-profiles" ( /* Charging profile */ c( juniper_charging_profiles ) ), "transport-profiles" ( /* Transport profile definition */ c( juniper_transport_profiles ) ), "cdr-profiles" ( /* CDR profiles definition */ c( juniper_cdr_profiles /* CDR profile definition */ ) ), "trigger-profiles" ( /* Trigger profile definition */ c( juniper_trigger_profiles ) ), "local-persistent-storage-options" ( /* Local persistent storage configuration */ juniper_charged_configuraton /* Local persistent storage configuration */ ), "gtpp" ( /* Configuration for GTPP protocol for charging */ c( "source-interface" ( /* Source interface from which GTPP packets will be sent */ sc( interface_name /* Interface name */, "ipv4-address" ( /* Source IPv4 address to be used */ ipv4addr /* Source IPv4 address to be used */ ) ) ).as(:oneline), "destination-port" arg /* Destination port number of the CGF Server */, "n3-requests" arg /* Number of retries of GTPP messages upon timeout */, "transport-protocol" ( /* Default Transport protocol(udp/tcp) used */ ("udp" | "tcp") ), "version" ( /* GTPP version V0|V1|V2 */ ("v0" | "v1" | "v2") ), "echo-interval" arg /* GTPP echo-interval in seconds */, "no-path-management" /* Disables path management */, "t3-response" arg /* Response timeout value for GTPP request message */, "header-type" ( /* GTPP protocol header type short|long */ ("short" | "long") ), "pending-queue-size" arg /* Maximum number of DRT messages awaiting an ack */, "down-detect-time" arg /* Time (in sec) to wait before declaring a CGF as Down */, "reconnect-time" arg /* Time (in sec) after which connection to the CGF server should be retried */, "peer" ( /* GTPP peer object */ gtpp_peer /* GTPP peer object */ ) ) ), "global-profile" ( /* Global charging profiles */ c( "default-profile" arg /* Global charging profile for SGW */, "home-profile" arg /* Global home profile for SGW */, "roamer-profile" arg /* Global roamer profile for SGW */, "visitor-profile" arg /* Global visitor profile for SGW */, "profile-selection-order" ( /* Global charging profile selection order */ ("static" | "serving" | "pgw-cg-addr") ) ) ) ) ), "ip-reassembly-profile" ( /* IP reassembly profile for mobile gateways */ c( arg ) ), "idle-mode-buffering" ( /* Idle mode buffering */ sgw_idle_mode_buffering /* Idle mode buffering */ ), "software-datapath" ( /* Mobility software datapath options */ c( "traceoptions" ( /* Mobility software datapath trace options */ software_datapath_traceoptions /* Mobility software datapath trace options */ ) ) ), "inline-services" ( /* Inline services */ c( "ip-reassembly" ( /* IP reassembly */ c( "service-set" ( /* Inline IP reassembly service set for mobile gateways */ c( arg ) ) ) ) ) ) ) ), "tdf" ( /* Traffic Detection Function Configuration */ unified_edge_tdf /* Traffic Detection Function Configuration */ ) ) ), "mobile-options" ( /* Mobile options */ unified_edge_mobile_options /* Mobile options */ ), "pcef" ( /* PCEF configuration */ unified_edge_pcef /* PCEF configuration */ ), "resource-management" ( /* Configure Resource Mangement Packet Steering Daemon */ c( "server" ( /* Configure Resource Mangement Packet Steering Daemon */ c( "traceoptions" ( /* Resource Management Packet Steering Daemon trace options */ rmpsd_traceoptions_type /* Resource Management Packet Steering Daemon trace options */ ) ) ), "client" ( /* Configure Resource Mangement Packet Steering Client */ c( "traceoptions" ( /* Resource Management Packet Steering Client trace options */ rmps_clnt_traceoptions_type /* Resource Management Packet Steering Client trace options */ ) ) ) ) ) ) ), "jsrc" ( /* JSRC partition configuration */ jsrc_options /* JSRC partition configuration */ ), "vmhost" ( /* VM Host configurations */ c( "no-auto-recovery" /* Disable Guest auto recovery by the host */, "management-if" ( /* Configuration for the host's side management interface */ c( "link-mode" ( /* Link operational mode */ ("automatic" | "half-duplex" | "full-duplex") ), "speed" ( /* Link speed */ ("automatic" | "10m" | "100m" | "1g") ), "disable" /* Administratively disable the management port */ ) ), "resize" ( /* Resize the resource allocation of guest VM */ c( "vjunos" ( /* Vjunos/adminjunos VM */ c( "compact" /* Reduce the resource allocation of vjunos VM */ ) ) ) ), "interfaces" ("management-if0" | "management-if1") ( /* Interface configuration */ c( "family" ( /* Protocol family */ c( "inet" ( /* IPv4 parameters */ c( "address" arg ( /* Interface address/destination prefix */ c( "master-only" /* Master management IP address for host */ ) ), "gateway" ( /* Gateway IP address */ ipv4addr /* Gateway IP address */ ) ) ), "inet6" ( /* IPv6 parameters */ c( "address" arg ( /* Interface address/destination prefix */ c( "master-only" /* Master management IP address for host */ ) ), "gateway" ( /* Gateway IP address */ ipv6addr /* Gateway IP address */ ) ) ) ) ) ) ), "syslog" ( /* VMhost logging facility */ c( "file" arg ( /* File in which to log data */ c( s( enum(("any" | "authorization" | "privileged" | "cron" | "daemon" | "kernel" | "lpr" | "mail" | "mark" | "news" | "syslog" | "user" | "uucp" | "local0" | "local1" | "local2" | "local3" | "local4" | "local5" | "local6" | "local7")), enum(("any" | "emergency" | "alert" | "critical" | "error" | "warning" | "notice" | "info" | "none")) ).as(:oneline) ) ), "host" arg ( /* Host to be notified */ c( s( enum(("any" | "authorization" | "privileged" | "cron" | "daemon" | "kernel" | "lpr" | "mail" | "mark" | "news" | "syslog" | "user" | "uucp" | "local0" | "local1" | "local2" | "local3" | "local4" | "local5" | "local6" | "local7")), enum(("any" | "emergency" | "alert" | "critical" | "error" | "warning" | "notice" | "info" | "none")) ).as(:oneline), "transport" ( /* Transport type */ ("tcp" | "udp") ) ) ) ) ), "services" ( /* System services */ c( "ssh" ( /* Allow ssh access */ c( "root-login" ( /* Configure vmhost root access via ssh */ ("allow" | "deny") ) ) ) ) ) ) ), "applications" ( /* Define applications by protocol characteristics */ c( "application" ( /* Define an application */ application_object /* Define an application */ ), "application-set" ( /* Define an application set */ application_set_object /* Define an application set */ ) ) ), "diameter" ( /* Diameter protocol layer */ c( "origin" ( /* Origin attributes of this diameter instance */ c( "realm" arg /* Origin realm of this diameter instance */, "host" arg /* Origin host of this diameter instance */ ) ), "network-element" arg ( /* Network element of this diameter instance */ c( "dne-origin" ( /* Optional origin filter of this networkd element */ c( "realm" arg /* Origin realm of this network element */, "host" arg /* Optional origin host of this network element */ ) ), "function" ( /* Diameter function associated with by this network element */ ("jsrc" | "gx-plus" | "sd-3gpp" | "nasreq" | "pcrf" | "ocs" | "s6a") ), "peer" arg ( /* Peer associated with this network element */ c( "priority" arg /* Peer priority with this network element */ ) ), "forwarding" ( /* Forwarding configuration for this network-element */ c( "route" arg ( /* Routes associated with this network-element */ c( "function" ( /* Diameter function and partition associated with route */ sc( c( "jsrc" /* Function to use SRC application */, "gx-plus" /* Function to use GX-PLUS application */, "sd-3gpp" /* Function to use SD-3GPP application */, "nasreq" /* Function to use NASREQ application */, "pcrf" /* Function to use PCRF(GX) application */, "ocs" /* Function to use OCS(GY) application */, "s6a" /* Function to use S6A application */ ), "partition" arg /* Diameter function partition name */ ) ).as(:oneline), "destination" ( /* Destination for this route */ sc( "realm" arg /* Diameter destination realm */, "host" arg /* Diameter destination host */ ) ).as(:oneline), "metric" arg /* Metric for this route */ ) ) ) ) ) ), "transport" arg ( /* Diameter transport configuration */ c( "address" ( /* Source IP address for a peer */ ipaddr /* Source IP address for a peer */ ), c( "logical-system" ( /* Logical system to be used by transport */ sc( arg /* Name of logical system */, "routing-instance" arg /* Routing instance to be used by transport */ ) ).as(:oneline), "routing-instance" arg /* Routing instance of server to which to forward */ ) ) ), "peer" arg ( /* Diameter peer configuration */ c( "address" ( /* IP Address of Diameter peer */ ipaddr /* IP Address of Diameter peer */ ), "send-origin-state-id" /* Include origin-state-id in peer messages */, c( "logical-system" ( /* Logical system to be used by transport */ sc( arg /* Name of logical system */, "routing-instance" arg /* Routing instance to be used by transport */ ) ).as(:oneline), "routing-instance" arg /* Routing instance of server to which to forward */ ), "connect-actively" ( c( "transport" arg /* Name of transport */, "port" arg /* Peer port */ ) ), "peer-origin" ( /* Optional origin attributes of this diameter peer */ c( "realm" arg /* Origin realm of this diameter peer */, "host" arg /* Origin host of this diameter peer */ ) ) ) ), "product-name" arg /* Product name to advertise in capability-exchange */ ) ), "poe" ( /* Power over Ethernet options */ c( "management" ( /* Power management mode for Power over Ethernet */ ("static" | "class" | "high-power") ), "guard-band" arg /* Guard band for Power over Ethernet */, "notification-control" ( /* Notification control for Power over Ethernet traps */ c( "fpc" arg ( /* FPC slot number */ c( "disable" /* Disable Power over Ethernet notification */ ) ) ) ), "lldp-priority" /* PoE controller LLDP priority */, "fast-poe" /* Fast Power over Ethernet */, "perpetual-poe" /* Perpetual Power over Ethernet */, "interface" ("all" | "all-extended" | arg) ( /* Interface configuration for Power over Ethernet */ c( "disable" /* Disable interface */, "priority" ( /* Priority options */ ("low" | "high") ), "maximum-power" arg /* Maximum power */, "telemetries" ( /* Telemetries settings */ c( "disable" /* Disable telemetries */, "interval" arg /* Interval at which data should be recorded */, "duration" arg /* Duration to continue recording of data */ ) ) ) ) ) ), "dynamic-profiles" ( /* Dynamic profiles configuration */ juniper_dynamic_profile_object /* Dynamic profiles configuration */ ), "routing-options" ( /* Protocol-independent routing option configuration */ juniper_routing_options /* Protocol-independent routing option configuration */ ), "protocols" ( /* Routing protocol configuration */ juniper_protocols /* Routing protocol configuration */ ), "bridge-domains" ( /* Bridge domain configuration */ c( juniper_bridge_domains ) ), "switch-options" ( /* Options for default routing-instance of type virtual-switch */ juniper_def_rtb_switch_options /* Options for default routing-instance of type virtual-switch */ ), "fabric" ( /* Fabric configuration */ c( "protocols" ( /* Routing protocol configuration */ c( "bgp" ( /* BGP options */ juniper_protocols_bgp /* BGP options */ ) ) ), "virtual-chassis" ( /* Virtual chassis configuration */ c( "flow-groups" ( /* Flow groups */ c( flow_group_type, "node-device" arg ( /* Node device */ c( "interconnect-device" arg ( /* Interconnect device */ c( "preference" ( /* Preference metric for link */ ("high" | "normal" | "never") ) ) ) ) ) ) ), "traceoptions" ( juniper_virtual_chassis_traceoptions ) ) ) ) ), "multicast-snooping-options" ( /* Multicast snooping option configuration */ juniper_multicast_snooping_options /* Multicast snooping option configuration */ ), "session-limit-group" arg ( /* Session-limit-group configuration */ sc( "maximum-sessions" arg /* Maximum number of sessions per tunnel-group */ ) ).as(:oneline), "virtual-chassis" ( /* Virtual chassis configuration */ c( "auto-sw-update" ( /* Auto software update */ c( "package-name" arg /* URL or pathname of software package */, "ex-4200" ( /* URL or pathname of EX-42xx software package */ c( "package-name" arg /* URL or pathname of software package */ ) ), "ex-4500" ( /* URL or pathname of EX-45xx software package */ c( "package-name" arg /* URL or pathname of software package */ ) ), "ex-4300" ( /* URL or pathname of EX-43xx software package */ c( "package-name" arg /* URL or pathname of software package */ ) ), "ex-4600" ( /* URL or pathname of EX-46xx software package */ c( "package-name" arg /* URL or pathname of software package */ ) ), "qfx-3" ( /* URL or pathname of qfx-3 software package */ c( "package-name" arg /* URL or pathname of software package */ ) ), "qfx-5" ( /* URL or pathname of qfx-5 software package */ c( "package-name" arg /* URL or pathname of software package */ ) ) ) ), c( "preprovisioned" /* Only accept preprovisioned members */, "auto-provisioned" /* Add and configure new line-card members automatically */ ), "id" ( /* Virtual chassis identifier, of type ISO system-id */ isosysid /* Virtual chassis identifier, of type ISO system-id */ ), "graceful-restart" ( /* Configure graceful restart attributes */ c( ("disable") ) ), "no-split-detection" /* Disable split detection. This command is recommended to only be enabled in a 2 member setup */, "traceoptions" ( /* Trace options for virtual chassis */ juniper_virtual_chassis_traceoptions /* Trace options for virtual chassis */ ), "heartbeat-timeout" arg /* Member's timeout period for receiving a heartbeat packet */, "heartbeat-address" ( /* Peer member's IP address for sending heartbeat packet */ ipaddr /* Peer member's IP address for sending heartbeat packet */ ), "heartbeat-tos" arg /* IPv4 TOS/DS or IPv6 TC octet for heartbeat packet */, "locality-bias" /* Bias transit packets to egress local chassis of Virtual-Chassis */, "member" arg ( /* Member of virtual chassis configuration */ c( "mastership-priority" arg /* Member's mastership priority */, "fabric-tree-root" /* Member's participation as root of multicast distribution tree */, "role" ( /* Member's role */ ("routing-engine" | "line-card") ), "serial-number" arg /* Member's serial number */, "no-management-vlan" /* Disable management VLAN */, "location" arg /* Member's location */ ) ), "aliases" ( /* Aliases for serial numbers */ c( "serial-number" arg ( /* Set alias for a serial number */ c( "alias-name" arg /* Provide an alias name for this serial-number */ ) ) ) ), "mac-persistence-timer" ( /* How long to retain MAC address when member leaves virtual chassis */ c( arg, "disable" /* Disable MAC persistence timer */ ) ), "fast-failover" ( /* Fast failover mechanism */ c( "ge" /* Fast failover on GE VC uplink ports (ring has to be formed) */, "xe" /* Fast failover on XE VC uplink ports (ring has to be formed) */, "et" /* Fast failover on ET VC uplink ports (ring has to be formed) */, "vcp" ( /* Fast failover on VCP ports */ c( "disable" /* Disable */ ) ) ) ), "vc-port" ( /* Set vc ports lag hashing mode */ c( "lag-hash" ( /* Set vc ports lag hashing mode */ ("packet-based" | "source-port-based") ) ) ), c( "no-auto-conversion" /* Disable automatic VC port conversion */, "auto-conversion" /* Enable automatic VC port conversion */ ), "vcp-no-hold-time" /* Set no hold time for vcp interfaces */, "vcp-snmp-statistics" ) ), "ethernet-switching-options" ( juniper_ethernet_options ), "vlans" ( /* VLAN configuration */ c( vlan_types /* Virtual LAN */ ) ), "openconfig-bgp:bgp" ( /* Top-level configuration and state for the BGP router */ c( "global" ( /* Global configuration for the BGP router */ c( "config" ( /* Configuration parameters relating to the global BGP router */ c( "as" arg /* Local autonomous system number of the router. Uses the 32-bit as-number type from the model in RFC 6991. */, "router-id" arg /* Router id of the router - an unsigned 32-bit integer expressed in dotted quad notation. */ ) ), "default-route-distance" ( /* Administrative distance (or preference) assigned to routes received from different sources (external, internal, and local). */ c( "config" ( /* Configuration parameters relating to the default route distance */ c( "external-route-distance" arg /* Administrative distance for routes learned from external BGP (eBGP). */, "internal-route-distance" arg /* Administrative distance for routes learned from internal BGP (iBGP). */ ) ) ) ), "confederation" ( /* Parameters indicating whether the local system acts as part of a BGP confederation */ c( "config" ( /* Configuration parameters relating to BGP confederations */ c( "identifier" arg /* Confederation identifier for the autonomous system. Setting the identifier indicates that the local-AS is part of a BGP confederation. */, "member-as" arg /* Remote autonomous systems that are to be treated as part of the local confederation. */ ) ) ) ), "graceful-restart" ( /* Parameters relating the graceful restart mechanism for BGP */ c( "config" ( /* Configuration parameters relating to graceful-restart */ c( "enabled" ( /* Enable or disable the graceful-restart capability. */ ("true" | "false") ), "restart-time" arg /* Estimated time (in seconds) for the local BGP speaker to restart a session. This value is advertise in the graceful restart BGP capability. This is a 12-bit value, referred to as Restart Time in RFC4724. Per RFC4724, the suggested default value is <= the hold-time value. */, "stale-routes-time" arg /* An upper-bound on the time thate stale routes will be retained by a router after a session is restarted. If an End-of-RIB (EOR) marker is received prior to this timer expiring stale-routes will be flushed upon its receipt - if no EOR is received, then when this timer expires stale paths will be purged. This timer is referred to as the Selection_Deferral_Timer in RFC4724 */, "helper-only" ( /* Enable graceful-restart in helper mode only. When this leaf is set, the local system does not retain forwarding its own state during a restart, but supports procedures for the receiving speaker, as defined in RFC4724. */ ("true" | "false") ) ) ) ) ), "use-multiple-paths" ( /* Parameters related to the use of multiple paths for the same NLRI */ c( "config" ( /* Configuration parameters relating to multipath */ c( "enabled" ( /* Whether the use of multiple paths for the same NLRI is enabled for the neighbor. This value is overridden by any more specific configuration value. */ ("true" | "false") ) ) ), "ebgp" ( /* Multipath parameters for eBGP */ c( "config" ( /* Configuration parameters relating to eBGP multipath */ c( "allow-multiple-as" ( /* Allow multipath to use paths from different neighbouring ASes. The default is to only consider multiple paths from the same neighbouring AS. */ ("true" | "false") ), "maximum-paths" arg /* Maximum number of parallel paths to consider when using BGP multipath. The default is use a single path. */ ) ) ) ), "ibgp" ( /* Multipath parameters for iBGP */ c( "config" ( /* Configuration parameters relating to iBGP multipath */ c( "maximum-paths" arg /* Maximum number of parallel paths to consider when using iBGP multipath. The default is to use a single path */ ) ) ) ) ) ), "route-selection-options" ( /* Parameters relating to options for route selection */ c( "config" ( /* Configuration parameters relating to route selection options */ c( "always-compare-med" ( /* Compare multi-exit discriminator (MED) value from different ASes when selecting the best route. The default behavior is to only compare MEDs for paths received from the same AS. */ ("true" | "false") ), "ignore-as-path-length" ( /* Ignore the AS path length when selecting the best path. The default is to use the AS path length and prefer paths with shorter length. */ ("true" | "false") ), "external-compare-router-id" ( /* When comparing similar routes received from external BGP peers, use the router-id as a criterion to select the active path. */ ("true" | "false") ), "advertise-inactive-routes" ( /* Advertise inactive routes to external peers. The default is to only advertise active routes. */ ("true" | "false") ), "enable-aigp" ( /* Flag to enable sending / receiving accumulated IGP attribute in routing updates */ ("true" | "false") ), "ignore-next-hop-igp-metric" ( /* Ignore the IGP metric to the next-hop when calculating BGP best-path. The default is to select the route for which the metric to the next-hop is lowest */ ("true" | "false") ) ) ) ) ), "afi-safis" ( /* Address family specific configuration */ c( "afi-safi" ( /* AFI,SAFI configuration available for the neighbour or group */ s( arg, c( "config" ( /* Configuration parameters for the AFI-SAFI */ c( "afi-safi-name" ( /* AFI,SAFI */ ("L2VPN_EVPN" | "L2VPN_VPLS" | "L3VPN_IPV6_MULTICAST" | "L3VPN_IPV4_MULTICAST" | "L3VPN_IPV6_UNICAST" | "L3VPN_IPV4_UNICAST" | "IPV6_LABELED_UNICAST" | "IPV4_LABELED_UNICAST" | "IPV6_UNICAST" | "IPV4_UNICAST" | "IPV4_MULTICAST" | "IPV6_MULTICAST") ), "enabled" ( /* This leaf indicates whether the IPv4 Unicast AFI,SAFI is enabled for the neighbour or group */ ("true" | "false") ) ) ), "graceful-restart" ( /* Parameters relating to BGP graceful-restart */ c( "config" ( /* Configuration options for BGP graceful-restart */ c( "enabled" ( /* This leaf indicates whether graceful-restart is enabled for this AFI-SAFI */ ("true" | "false") ) ) ) ) ), "route-selection-options" ( /* Parameters relating to options for route selection */ c( "config" ( /* Configuration parameters relating to route selection options */ c( "always-compare-med" ( /* Compare multi-exit discriminator (MED) value from different ASes when selecting the best route. The default behavior is to only compare MEDs for paths received from the same AS. */ ("true" | "false") ), "ignore-as-path-length" ( /* Ignore the AS path length when selecting the best path. The default is to use the AS path length and prefer paths with shorter length. */ ("true" | "false") ), "external-compare-router-id" ( /* When comparing similar routes received from external BGP peers, use the router-id as a criterion to select the active path. */ ("true" | "false") ), "advertise-inactive-routes" ( /* Advertise inactive routes to external peers. The default is to only advertise active routes. */ ("true" | "false") ), "enable-aigp" ( /* Flag to enable sending / receiving accumulated IGP attribute in routing updates */ ("true" | "false") ), "ignore-next-hop-igp-metric" ( /* Ignore the IGP metric to the next-hop when calculating BGP best-path. The default is to select the route for which the metric to the next-hop is lowest */ ("true" | "false") ) ) ) ) ), "use-multiple-paths" ( /* Parameters related to the use of multiple paths for the same NLRI */ c( "config" ( /* Configuration parameters relating to multipath */ c( "enabled" ( /* Whether the use of multiple paths for the same NLRI is enabled for the neighbor. This value is overridden by any more specific configuration value. */ ("true" | "false") ) ) ), "ebgp" ( /* Multipath parameters for eBGP */ c( "config" ( /* Configuration parameters relating to eBGP multipath */ c( "allow-multiple-as" ( /* Allow multipath to use paths from different neighbouring ASes. The default is to only consider multiple paths from the same neighbouring AS. */ ("true" | "false") ), "maximum-paths" arg /* Maximum number of parallel paths to consider when using BGP multipath. The default is use a single path. */ ) ) ) ), "ibgp" ( /* Multipath parameters for iBGP */ c( "config" ( /* Configuration parameters relating to iBGP multipath */ c( "maximum-paths" arg /* Maximum number of parallel paths to consider when using iBGP multipath. The default is to use a single path */ ) ) ) ) ) ), "add-paths" ( /* Parameters relating to the advertisement and receipt of multiple paths for a single NLRI (add-paths) */ c( "config" ( /* Configuration parameters relating to ADD_PATHS */ c( "receive" ( /* Enable capability negotiation to receive multiple path advertisements for an NLRI from the neighbor or group */ ("true" | "false") ), "send" ( /* Enable capability negotiation to send multiple path advertisements for an NLRI from the neighbor or group */ ("true" | "false") ), "send-max" arg /* The maximum total number of paths to advertise to neighbors for a single NLRI. This includes the single best path as well as additional paths advertised when add-paths is enabled. */, "eligible-prefix-policy" arg /* A reference to a routing policy which can be used to restrict the prefixes for which add-paths is enabled */ ) ) ) ), "ipv4-unicast" ( /* IPv4 unicast configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ), "config" ( /* Configuration parameters for common IPv4 and IPv6 unicast AFI-SAFI options */ c( "send-default-route" ( /* If set to true, send the default-route to the neighbour(s) */ ("true" | "false") ) ) ) ) ), "ipv6-unicast" ( /* IPv6 unicast configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ), "config" ( /* Configuration parameters for common IPv4 and IPv6 unicast AFI-SAFI options */ c( "send-default-route" ( /* If set to true, send the default-route to the neighbour(s) */ ("true" | "false") ) ) ) ) ), "ipv4-labeled-unicast" ( /* IPv4 Labeled Unicast configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "ipv6-labeled-unicast" ( /* IPv6 Labeled Unicast configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l3vpn-ipv4-unicast" ( /* Unicast IPv4 L3VPN configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l3vpn-ipv6-unicast" ( /* Unicast IPv6 L3VPN configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l3vpn-ipv4-multicast" ( /* Multicast IPv4 L3VPN configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l3vpn-ipv6-multicast" ( /* Multicast IPv6 L3VPN configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l2vpn-vpls" ( /* BGP-signalled VPLS configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l2vpn-evpn" ( /* BGP EVPN configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ) ) ) ) ) ), "dynamic-neighbor-prefixes" ( /* A list of IP prefixes from which the system should: - Accept connections to the BGP daemon - Dynamically configure a BGP neighbor corresponding to the source address of the remote system, using the parameters of the specified peer-group. For such neighbors, an entry within the neighbor list should be created, indicating that the peer was dynamically configured, and referencing the peer-group from which the configuration was derived. */ c( "dynamic-neighbor-prefix" ( /* An individual prefix from which dynamic neighbor connections are allowed. */ s( arg, c( "config" ( /* Configuration parameters relating to the source prefix for the dynamic BGP neighbor connections. */ c( "prefix" ( /* The IP prefix within which the source address of the remote BGP speaker must fall to be considered eligible to the dynamically configured. */ time_of_day /* The IP prefix within which the source address of the remote BGP speaker must fall to be considered eligible to the dynamically configured. */ ), "peer-group" arg /* The peer-group within which the dynamic neighbor will be configured. The configuration parameters used for the dynamic neighbor are those specified within the referenced peer group. */ ) ) ) ) ) ) ) ) ), "neighbors" ( /* Configuration for BGP neighbors */ c( "neighbor" ( /* List of BGP neighbors configured on the local system, uniquely identified by peer IPv[46] address */ s( arg, c( "config" ( /* Configuration parameters relating to the BGP neighbor or group */ c( "peer-group" arg /* The peer-group with which this neighbor is associated */, "neighbor-address" ( /* Address of the BGP peer, either in IPv4 or IPv6 */ time_of_day /* Address of the BGP peer, either in IPv4 or IPv6 */ ), "enabled" ( /* Whether the BGP peer is enabled. In cases where the enabled leaf is set to false, the local system should not initiate connections to the neighbor, and should not respond to TCP connections attempts from the neighbor. If the state of the BGP session is ESTABLISHED at the time that this leaf is set to false, the BGP session should be ceased. */ ("true" | "false") ), "peer-as" arg /* AS number of the peer. */, "local-as" arg /* The local autonomous system number that is to be used when establishing sessions with the remote peer or peer group, if this differs from the global BGP router autonomous system number. */, "peer-type" ( /* Explicitly designate the peer or peer group as internal (iBGP) or external (eBGP). */ ("INTERNAL" | "EXTERNAL") ), "auth-password" arg /* Configures an MD5 authentication password for use with neighboring devices. */, "remove-private-as" ( /* Remove private AS numbers from updates sent to peers - when this leaf is not specified, the AS_PATH attribute should be sent to the peer unchanged */ ("PRIVATE_AS_REPLACE_ALL" | "PRIVATE_AS_REMOVE_ALL") ), "route-flap-damping" ( /* Enable route flap damping. */ ("true" | "false") ), "send-community" ( /* Specify which types of community should be sent to the neighbor or group. The default is to not send the community attribute */ ("STANDARD" | "EXTENDED" | "BOTH" | "NONE") ), "description" arg /* An optional textual description (intended primarily for use with a peer or group */ ) ), "timers" ( /* Timers related to a BGP neighbor */ c( "config" ( /* Configuration parameters relating to timers used for the BGP neighbor */ c( "connect-retry" arg /* Time interval in seconds between attempts to establish a session with the peer. */, "hold-time" arg /* Time interval in seconds that a BGP session will be considered active in the absence of keepalive or other messages from the peer. The hold-time is typically set to 3x the keepalive-interval. */, "keepalive-interval" arg /* Time interval in seconds between transmission of keepalive messages to the neighbor. Typically set to 1/3 the hold-time. */, "minimum-advertisement-interval" arg /* Minimum time which must elapse between subsequent UPDATE messages relating to a common set of NLRI being transmitted to a peer. This timer is referred to as MinRouteAdvertisementIntervalTimer by RFC 4721 and serves to reduce the number of UPDATE messages transmitted when a particular set of NLRI exhibit instability. */ ) ) ) ), "transport" ( /* Transport session parameters for the BGP neighbor */ c( "config" ( /* Configuration parameters relating to the transport session(s) used for the BGP neighbor */ c( "tcp-mss" arg /* Sets the max segment size for BGP TCP sessions. */, "mtu-discovery" ( /* Turns path mtu discovery for BGP TCP sessions on (true) or off (false) */ ("true" | "false") ), "passive-mode" ( /* Wait for peers to issue requests to open a BGP session, rather than initiating sessions from the local router. */ ("true" | "false") ), "local-address" ( /* Set the local IP (either IPv4 or IPv6) address to use for the session when sending BGP update messages. This may be expressed as either an IP address or reference to the name of an interface. */ time_of_day /* Set the local IP (either IPv4 or IPv6) address to use for the session when sending BGP update messages. This may be expressed as either an IP address or reference to the name of an interface. */ ) ) ) ) ), "error-handling" ( /* Error handling parameters used for the BGP neighbor or group */ c( "config" ( /* Configuration parameters enabling or modifying the behavior or enhanced error handling mechanisms for the BGP neighbor */ c( "treat-as-withdraw" ( /* Specify whether erroneous UPDATE messages for which the NLRI can be extracted are reated as though the NLRI is withdrawn - avoiding session reset */ ("true" | "false") ) ) ) ) ), "graceful-restart" ( /* Parameters relating the graceful restart mechanism for BGP */ c( "config" ( /* Configuration parameters relating to graceful-restart */ c( "enabled" ( /* Enable or disable the graceful-restart capability. */ ("true" | "false") ), "restart-time" arg /* Estimated time (in seconds) for the local BGP speaker to restart a session. This value is advertise in the graceful restart BGP capability. This is a 12-bit value, referred to as Restart Time in RFC4724. Per RFC4724, the suggested default value is <= the hold-time value. */, "stale-routes-time" arg /* An upper-bound on the time thate stale routes will be retained by a router after a session is restarted. If an End-of-RIB (EOR) marker is received prior to this timer expiring stale-routes will be flushed upon its receipt - if no EOR is received, then when this timer expires stale paths will be purged. This timer is referred to as the Selection_Deferral_Timer in RFC4724 */, "helper-only" ( /* Enable graceful-restart in helper mode only. When this leaf is set, the local system does not retain forwarding its own state during a restart, but supports procedures for the receiving speaker, as defined in RFC4724. */ ("true" | "false") ) ) ) ) ), "logging-options" ( /* Logging options for events related to the BGP neighbor or group */ c( "config" ( /* Configuration parameters enabling or modifying logging for events relating to the BGPgroup */ c( "log-neighbor-state-changes" ( /* Configure logging of peer state changes. Default is to enable logging of peer state changes. */ ("true" | "false") ) ) ) ) ), "ebgp-multihop" ( /* eBGP multi-hop parameters for the BGPgroup */ c( "config" ( /* Configuration parameters relating to eBGP multihop for the BGP group */ c( "enabled" ( /* When enabled the referenced group or neighbors are permitted to be indirectly connected - including cases where the TTL can be decremented between the BGP peers */ ("true" | "false") ), "multihop-ttl" arg /* Time-to-live value to use when packets are sent to the referenced group or neighbors and ebgp-multihop is enabled */ ) ) ) ), "route-reflector" ( /* Route reflector parameters for the BGPgroup */ c( "config" ( /* Configuraton parameters relating to route reflection for the BGPgroup */ c( "route-reflector-cluster-id" ( /* route-reflector cluster id to use when local router is configured as a route reflector. Commonly set at the group level, but allows a different cluster id to be set for each neighbor. */ time_of_day /* route-reflector cluster id to use when local router is configured as a route reflector. Commonly set at the group level, but allows a different cluster id to be set for each neighbor. */ ), "route-reflector-client" ( /* Configure the neighbor as a route reflector client. */ ("true" | "false") ) ) ) ) ), "as-path-options" ( /* AS_PATH manipulation parameters for the BGP neighbor or group */ c( "config" ( /* Configuration parameters relating to AS_PATH manipulation for the BGP peer or group */ c( "allow-own-as" arg /* Specify the number of occurrences of the local BGP speaker's AS that can occur within the AS_PATH before it is rejected. */, "replace-peer-as" ( /* Replace occurrences of the peer's AS in the AS_PATH with the local autonomous system number */ ("true" | "false") ), "disable-peer-as-filter" ( /* When set to true, the system advertises routes to a peer even if the peer's AS was in the AS path. The default behavior (false) suppresses advertisements to peers if their AS number is in the AS path of the route. */ ("true" | "false") ) ) ) ) ), "use-multiple-paths" ( /* Parameters related to the use of multiple-paths for the same NLRI when they are received only from this neighbor */ c( "config" ( /* Configuration parameters relating to multipath */ c( "enabled" ( /* Whether the use of multiple paths for the same NLRI is enabled for the neighbor. This value is overridden by any more specific configuration value. */ ("true" | "false") ) ) ), "ebgp" ( /* Multipath configuration for eBGP */ c( "config" ( /* Configuration parameters relating to eBGP multipath */ c( "allow-multiple-as" ( /* Allow multipath to use paths from different neighbouring ASes. The default is to only consider multiple paths from the same neighbouring AS. */ ("true" | "false") ) ) ) ) ) ) ), "apply-policy" ( /* Anchor point for routing policies in the model. Import and export policies are with respect to the local routing table, i.e., export (send) and import (receive), depending on the context. */ c( "config" ( /* Policy configuration data. */ c( "import-policy" arg /* list of policy names in sequence to be applied on receiving a routing update in the current context, e.g., for the current peer group, neighbor, address family, etc. */, "default-import-policy" ( /* explicitly set a default policy if no policy definition in the import policy chain is satisfied. */ ("ACCEPT_ROUTE" | "REJECT_ROUTE") ), "export-policy" arg /* list of policy names in sequence to be applied on sending a routing update in the current context, e.g., for the current peer group, neighbor, address family, etc. */, "default-export-policy" ( /* explicitly set a default policy if no policy definition in the export policy chain is satisfied. */ ("ACCEPT_ROUTE" | "REJECT_ROUTE") ) ) ) ) ), "afi-safis" ( /* Per-address-family configuration parameters associated with the neighbor */ c( "afi-safi" ( /* AFI,SAFI configuration available for the neighbour or group */ s( arg, c( "config" ( /* Configuration parameters for the AFI-SAFI */ c( "afi-safi-name" ( /* AFI,SAFI */ ("L2VPN_EVPN" | "L2VPN_VPLS" | "L3VPN_IPV6_MULTICAST" | "L3VPN_IPV4_MULTICAST" | "L3VPN_IPV6_UNICAST" | "L3VPN_IPV4_UNICAST" | "IPV6_LABELED_UNICAST" | "IPV4_LABELED_UNICAST" | "IPV6_UNICAST" | "IPV4_UNICAST" | "IPV4_MULTICAST" | "IPV6_MULTICAST") ), "enabled" ( /* This leaf indicates whether the IPv4 Unicast AFI,SAFI is enabled for the neighbour or group */ ("true" | "false") ) ) ), "graceful-restart" ( /* Parameters relating to BGP graceful-restart */ c( "config" ( /* Configuration options for BGP graceful-restart */ c( "enabled" ( /* This leaf indicates whether graceful-restart is enabled for this AFI-SAFI */ ("true" | "false") ) ) ) ) ), "add-paths" ( /* Parameters relating to the advertisement and receipt of multiple paths for a single NLRI (add-paths) */ c( "config" ( /* Configuration parameters relating to ADD_PATHS */ c( "receive" ( /* Enable capability negotiation to receive multiple path advertisements for an NLRI from the neighbor or group */ ("true" | "false") ), "send" ( /* Enable capability negotiation to send multiple path advertisements for an NLRI from the neighbor or group */ ("true" | "false") ), "send-max" arg /* The maximum total number of paths to advertise to neighbors for a single NLRI. This includes the single best path as well as additional paths advertised when add-paths is enabled. */, "eligible-prefix-policy" arg /* A reference to a routing policy which can be used to restrict the prefixes for which add-paths is enabled */ ) ) ) ), "apply-policy" ( /* Anchor point for routing policies in the model. Import and export policies are with respect to the local routing table, i.e., export (send) and import (receive), depending on the context. */ c( "config" ( /* Policy configuration data. */ c( "import-policy" arg /* list of policy names in sequence to be applied on receiving a routing update in the current context, e.g., for the current peer group, neighbor, address family, etc. */, "default-import-policy" ( /* explicitly set a default policy if no policy definition in the import policy chain is satisfied. */ ("ACCEPT_ROUTE" | "REJECT_ROUTE") ), "export-policy" arg /* list of policy names in sequence to be applied on sending a routing update in the current context, e.g., for the current peer group, neighbor, address family, etc. */, "default-export-policy" ( /* explicitly set a default policy if no policy definition in the export policy chain is satisfied. */ ("ACCEPT_ROUTE" | "REJECT_ROUTE") ) ) ) ) ), "ipv4-unicast" ( /* IPv4 unicast configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ), "config" ( /* Configuration parameters for common IPv4 and IPv6 unicast AFI-SAFI options */ c( "send-default-route" ( /* If set to true, send the default-route to the neighbour(s) */ ("true" | "false") ) ) ) ) ), "ipv6-unicast" ( /* IPv6 unicast configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ), "config" ( /* Configuration parameters for common IPv4 and IPv6 unicast AFI-SAFI options */ c( "send-default-route" ( /* If set to true, send the default-route to the neighbour(s) */ ("true" | "false") ) ) ) ) ), "ipv4-labeled-unicast" ( /* IPv4 Labeled Unicast configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "ipv6-labeled-unicast" ( /* IPv6 Labeled Unicast configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l3vpn-ipv4-unicast" ( /* Unicast IPv4 L3VPN configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l3vpn-ipv6-unicast" ( /* Unicast IPv6 L3VPN configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l3vpn-ipv4-multicast" ( /* Multicast IPv4 L3VPN configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l3vpn-ipv6-multicast" ( /* Multicast IPv6 L3VPN configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l2vpn-vpls" ( /* BGP-signalled VPLS configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l2vpn-evpn" ( /* BGP EVPN configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "use-multiple-paths" ( /* Parameters related to the use of multiple-paths for the same NLRI when they are received only from this neighbor */ c( "config" ( /* Configuration parameters relating to multipath */ c( "enabled" ( /* Whether the use of multiple paths for the same NLRI is enabled for the neighbor. This value is overridden by any more specific configuration value. */ ("true" | "false") ) ) ), "ebgp" ( /* Multipath configuration for eBGP */ c( "config" ( /* Configuration parameters relating to eBGP multipath */ c( "allow-multiple-as" ( /* Allow multipath to use paths from different neighbouring ASes. The default is to only consider multiple paths from the same neighbouring AS. */ ("true" | "false") ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ), "peer-groups" ( /* Configuration for BGP peer-groups */ c( "peer-group" ( /* List of BGP peer-groups configured on the local system - uniquely identified by peer-group name */ s( arg, c( "config" ( /* Configuration parameters relating to the BGP neighbor or group */ c( "peer-group-name" arg /* Name of the BGP peer-group */, "peer-as" arg /* AS number of the peer. */, "local-as" arg /* The local autonomous system number that is to be used when establishing sessions with the remote peer or peer group, if this differs from the global BGP router autonomous system number. */, "peer-type" ( /* Explicitly designate the peer or peer group as internal (iBGP) or external (eBGP). */ ("INTERNAL" | "EXTERNAL") ), "auth-password" arg /* Configures an MD5 authentication password for use with neighboring devices. */, "remove-private-as" ( /* Remove private AS numbers from updates sent to peers - when this leaf is not specified, the AS_PATH attribute should be sent to the peer unchanged */ ("PRIVATE_AS_REPLACE_ALL" | "PRIVATE_AS_REMOVE_ALL") ), "route-flap-damping" ( /* Enable route flap damping. */ ("true" | "false") ), "send-community" ( /* Specify which types of community should be sent to the neighbor or group. The default is to not send the community attribute */ ("STANDARD" | "EXTENDED" | "BOTH" | "NONE") ), "description" arg /* An optional textual description (intended primarily for use with a peer or group */ ) ), "timers" ( /* Timers related to a BGP peer-group */ c( "config" ( /* Configuration parameters relating to timers used for the BGP neighbor or peer group */ c( "connect-retry" arg /* Time interval in seconds between attempts to establish a session with the peer. */, "hold-time" arg /* Time interval in seconds that a BGP session will be considered active in the absence of keepalive or other messages from the peer. The hold-time is typically set to 3x the keepalive-interval. */, "keepalive-interval" arg /* Time interval in seconds between transmission of keepalive messages to the neighbor. Typically set to 1/3 the hold-time. */, "minimum-advertisement-interval" arg /* Minimum time which must elapse between subsequent UPDATE messages relating to a common set of NLRI being transmitted to a peer. This timer is referred to as MinRouteAdvertisementIntervalTimer by RFC 4721 and serves to reduce the number of UPDATE messages transmitted when a particular set of NLRI exhibit instability. */ ) ) ) ), "transport" ( /* Transport session parameters for the BGP peer-group */ c( "config" ( /* Configuration parameters relating to the transport session(s) used for the BGP neighbor or group */ c( "tcp-mss" arg /* Sets the max segment size for BGP TCP sessions. */, "mtu-discovery" ( /* Turns path mtu discovery for BGP TCP sessions on (true) or off (false) */ ("true" | "false") ), "passive-mode" ( /* Wait for peers to issue requests to open a BGP session, rather than initiating sessions from the local router. */ ("true" | "false") ), "local-address" ( /* Set the local IP (either IPv4 or IPv6) address to use for the session when sending BGP update messages. This may be expressed as either an IP address or reference to the name of an interface. */ time_of_day /* Set the local IP (either IPv4 or IPv6) address to use for the session when sending BGP update messages. This may be expressed as either an IP address or reference to the name of an interface. */ ) ) ) ) ), "error-handling" ( /* Error handling parameters used for the BGP peer-group */ c( "config" ( /* Configuration parameters enabling or modifying the behavior or enhanced error handling mechanisms for the BGP group */ c( "treat-as-withdraw" ( /* Specify whether erroneous UPDATE messages for which the NLRI can be extracted are reated as though the NLRI is withdrawn - avoiding session reset */ ("true" | "false") ) ) ) ) ), "graceful-restart" ( /* Parameters relating the graceful restart mechanism for BGP */ c( "config" ( /* Configuration parameters relating to graceful-restart */ c( "enabled" ( /* Enable or disable the graceful-restart capability. */ ("true" | "false") ), "restart-time" arg /* Estimated time (in seconds) for the local BGP speaker to restart a session. This value is advertise in the graceful restart BGP capability. This is a 12-bit value, referred to as Restart Time in RFC4724. Per RFC4724, the suggested default value is <= the hold-time value. */, "stale-routes-time" arg /* An upper-bound on the time thate stale routes will be retained by a router after a session is restarted. If an End-of-RIB (EOR) marker is received prior to this timer expiring stale-routes will be flushed upon its receipt - if no EOR is received, then when this timer expires stale paths will be purged. This timer is referred to as the Selection_Deferral_Timer in RFC4724 */, "helper-only" ( /* Enable graceful-restart in helper mode only. When this leaf is set, the local system does not retain forwarding its own state during a restart, but supports procedures for the receiving speaker, as defined in RFC4724. */ ("true" | "false") ) ) ) ) ), "logging-options" ( /* Logging options for events related to the BGP neighbor or group */ c( "config" ( /* Configuration parameters enabling or modifying logging for events relating to the BGPgroup */ c( "log-neighbor-state-changes" ( /* Configure logging of peer state changes. Default is to enable logging of peer state changes. */ ("true" | "false") ) ) ) ) ), "ebgp-multihop" ( /* eBGP multi-hop parameters for the BGPgroup */ c( "config" ( /* Configuration parameters relating to eBGP multihop for the BGP group */ c( "enabled" ( /* When enabled the referenced group or neighbors are permitted to be indirectly connected - including cases where the TTL can be decremented between the BGP peers */ ("true" | "false") ), "multihop-ttl" arg /* Time-to-live value to use when packets are sent to the referenced group or neighbors and ebgp-multihop is enabled */ ) ) ) ), "route-reflector" ( /* Route reflector parameters for the BGPgroup */ c( "config" ( /* Configuraton parameters relating to route reflection for the BGPgroup */ c( "route-reflector-cluster-id" ( /* route-reflector cluster id to use when local router is configured as a route reflector. Commonly set at the group level, but allows a different cluster id to be set for each neighbor. */ time_of_day /* route-reflector cluster id to use when local router is configured as a route reflector. Commonly set at the group level, but allows a different cluster id to be set for each neighbor. */ ), "route-reflector-client" ( /* Configure the neighbor as a route reflector client. */ ("true" | "false") ) ) ) ) ), "as-path-options" ( /* AS_PATH manipulation parameters for the BGP neighbor or group */ c( "config" ( /* Configuration parameters relating to AS_PATH manipulation for the BGP peer or group */ c( "allow-own-as" arg /* Specify the number of occurrences of the local BGP speaker's AS that can occur within the AS_PATH before it is rejected. */, "replace-peer-as" ( /* Replace occurrences of the peer's AS in the AS_PATH with the local autonomous system number */ ("true" | "false") ), "disable-peer-as-filter" ( /* When set to true, the system advertises routes to a peer even if the peer's AS was in the AS path. The default behavior (false) suppresses advertisements to peers if their AS number is in the AS path of the route. */ ("true" | "false") ) ) ) ) ), "use-multiple-paths" ( /* Parameters related to the use of multiple paths for the same NLRI */ c( "config" ( /* Configuration parameters relating to multipath */ c( "enabled" ( /* Whether the use of multiple paths for the same NLRI is enabled for the neighbor. This value is overridden by any more specific configuration value. */ ("true" | "false") ) ) ), "ebgp" ( /* Multipath parameters for eBGP */ c( "config" ( /* Configuration parameters relating to eBGP multipath */ c( "allow-multiple-as" ( /* Allow multipath to use paths from different neighbouring ASes. The default is to only consider multiple paths from the same neighbouring AS. */ ("true" | "false") ), "maximum-paths" arg /* Maximum number of parallel paths to consider when using BGP multipath. The default is use a single path. */ ) ) ) ), "ibgp" ( /* Multipath parameters for iBGP */ c( "config" ( /* Configuration parameters relating to iBGP multipath */ c( "maximum-paths" arg /* Maximum number of parallel paths to consider when using iBGP multipath. The default is to use a single path */ ) ) ) ) ) ), "apply-policy" ( /* Anchor point for routing policies in the model. Import and export policies are with respect to the local routing table, i.e., export (send) and import (receive), depending on the context. */ c( "config" ( /* Policy configuration data. */ c( "import-policy" arg /* list of policy names in sequence to be applied on receiving a routing update in the current context, e.g., for the current peer group, neighbor, address family, etc. */, "default-import-policy" ( /* explicitly set a default policy if no policy definition in the import policy chain is satisfied. */ ("ACCEPT_ROUTE" | "REJECT_ROUTE") ), "export-policy" arg /* list of policy names in sequence to be applied on sending a routing update in the current context, e.g., for the current peer group, neighbor, address family, etc. */, "default-export-policy" ( /* explicitly set a default policy if no policy definition in the export policy chain is satisfied. */ ("ACCEPT_ROUTE" | "REJECT_ROUTE") ) ) ) ) ), "afi-safis" ( /* Per-address-family configuration parameters associated with thegroup */ c( "afi-safi" ( /* AFI,SAFI configuration available for the neighbour or group */ s( arg, c( "config" ( /* Configuration parameters for the AFI-SAFI */ c( "afi-safi-name" ( /* AFI,SAFI */ ("L2VPN_EVPN" | "L2VPN_VPLS" | "L3VPN_IPV6_MULTICAST" | "L3VPN_IPV4_MULTICAST" | "L3VPN_IPV6_UNICAST" | "L3VPN_IPV4_UNICAST" | "IPV6_LABELED_UNICAST" | "IPV4_LABELED_UNICAST" | "IPV6_UNICAST" | "IPV4_UNICAST" | "IPV4_MULTICAST" | "IPV6_MULTICAST") ), "enabled" ( /* This leaf indicates whether the IPv4 Unicast AFI,SAFI is enabled for the neighbour or group */ ("true" | "false") ) ) ), "graceful-restart" ( /* Parameters relating to BGP graceful-restart */ c( "config" ( /* Configuration options for BGP graceful-restart */ c( "enabled" ( /* This leaf indicates whether graceful-restart is enabled for this AFI-SAFI */ ("true" | "false") ) ) ) ) ), "add-paths" ( /* Parameters relating to the advertisement and receipt of multiple paths for a single NLRI (add-paths) */ c( "config" ( /* Configuration parameters relating to ADD_PATHS */ c( "receive" ( /* Enable capability negotiation to receive multiple path advertisements for an NLRI from the neighbor or group */ ("true" | "false") ), "send" ( /* Enable capability negotiation to send multiple path advertisements for an NLRI from the neighbor or group */ ("true" | "false") ), "send-max" arg /* The maximum total number of paths to advertise to neighbors for a single NLRI. This includes the single best path as well as additional paths advertised when add-paths is enabled. */, "eligible-prefix-policy" arg /* A reference to a routing policy which can be used to restrict the prefixes for which add-paths is enabled */ ) ) ) ), "use-multiple-paths" ( /* Parameters related to the use of multiple paths for the same NLRI */ c( "config" ( /* Configuration parameters relating to multipath */ c( "enabled" ( /* Whether the use of multiple paths for the same NLRI is enabled for the neighbor. This value is overridden by any more specific configuration value. */ ("true" | "false") ) ) ), "ebgp" ( /* Multipath parameters for eBGP */ c( "config" ( /* Configuration parameters relating to eBGP multipath */ c( "allow-multiple-as" ( /* Allow multipath to use paths from different neighbouring ASes. The default is to only consider multiple paths from the same neighbouring AS. */ ("true" | "false") ), "maximum-paths" arg /* Maximum number of parallel paths to consider when using BGP multipath. The default is use a single path. */ ) ) ) ), "ibgp" ( /* Multipath parameters for iBGP */ c( "config" ( /* Configuration parameters relating to iBGP multipath */ c( "maximum-paths" arg /* Maximum number of parallel paths to consider when using iBGP multipath. The default is to use a single path */ ) ) ) ) ) ), "apply-policy" ( /* Anchor point for routing policies in the model. Import and export policies are with respect to the local routing table, i.e., export (send) and import (receive), depending on the context. */ c( "config" ( /* Policy configuration data. */ c( "import-policy" arg /* list of policy names in sequence to be applied on receiving a routing update in the current context, e.g., for the current peer group, neighbor, address family, etc. */, "default-import-policy" ( /* explicitly set a default policy if no policy definition in the import policy chain is satisfied. */ ("ACCEPT_ROUTE" | "REJECT_ROUTE") ), "export-policy" arg /* list of policy names in sequence to be applied on sending a routing update in the current context, e.g., for the current peer group, neighbor, address family, etc. */, "default-export-policy" ( /* explicitly set a default policy if no policy definition in the export policy chain is satisfied. */ ("ACCEPT_ROUTE" | "REJECT_ROUTE") ) ) ) ) ), "ipv4-unicast" ( /* IPv4 unicast configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ), "config" ( /* Configuration parameters for common IPv4 and IPv6 unicast AFI-SAFI options */ c( "send-default-route" ( /* If set to true, send the default-route to the neighbour(s) */ ("true" | "false") ) ) ) ) ), "ipv6-unicast" ( /* IPv6 unicast configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ), "config" ( /* Configuration parameters for common IPv4 and IPv6 unicast AFI-SAFI options */ c( "send-default-route" ( /* If set to true, send the default-route to the neighbour(s) */ ("true" | "false") ) ) ) ) ), "ipv4-labeled-unicast" ( /* IPv4 Labeled Unicast configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "ipv6-labeled-unicast" ( /* IPv6 Labeled Unicast configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l3vpn-ipv4-unicast" ( /* Unicast IPv4 L3VPN configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l3vpn-ipv6-unicast" ( /* Unicast IPv6 L3VPN configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l3vpn-ipv4-multicast" ( /* Multicast IPv4 L3VPN configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l3vpn-ipv6-multicast" ( /* Multicast IPv6 L3VPN configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l2vpn-vpls" ( /* BGP-signalled VPLS configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l2vpn-evpn" ( /* BGP EVPN configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ), "openconfig-mpls:mpls" ( /* Anchor point for mpls configuration and operational data */ c( "global" ( /* general mpls configuration applicable to any type of LSP and signaling protocol - label ranges, entropy label supportmay be added here */ c( "config" ( /* Top level global MPLS configuration */ c( "null-label" ( /* The null-label type used, implicit or explicit */ ("IMPLICIT" | "EXPLICIT") ) ) ), "interface-attributes" ( /* Parameters related to MPLS interfaces */ c( "interface" ( /* List of TE interfaces */ s( arg, c( "config" ( /* Configuration parameters related to MPLS interfaces: */ c( "interface-id" arg /* Indentifier for the MPLS interface */, "mpls-enabled" ( /* Enable MPLS forwarding on this interface */ ("true" | "false") ) ) ), "interface-ref" ( /* Reference to an interface or subinterface */ c( "config" ( /* Configured reference to interface / subinterface */ c( "interface" arg /* Reference to a base interface. If a reference to a subinterface is required, this leaf must be specified to indicate the base interface. */, "subinterface" arg /* Reference to a subinterface -- this requires the base interface to be specified using the interface leaf in this container. If only a reference to a base interface is requuired, this leaf should not be set. */ ) ) ) ) ) ) ) ) ), "reserved-label-blocks" ( /* A range of labels starting with the start-label and up-to and including the end label that should be allocated as reserved. These labels should not be utilised by any dynamic label allocation on the local system unless the allocating protocol is explicitly configured to specify that allocation of labels should be out of the label block specified. */ c( "reserved-label-block" ( /* A range of labels starting with the start-label up to and including the end label that should be allocated for use by a specific protocol. */ s( arg, c( "config" ( /* Configuration parameters relating to the label block. */ c( "local-id" arg /* A local identifier for the global label block allocation. */, "lower-bound" ( /* Lower bound of the global label block. The block is defined to include this label. */ time_of_day /* Lower bound of the global label block. The block is defined to include this label. */ ), "upper-bound" ( /* Upper bound for the global label block. The block is defined to include this label. */ time_of_day /* Upper bound for the global label block. The block is defined to include this label. */ ) ) ) ) ) ) ) ) ) ), "te-global-attributes" ( /* traffic-engineering global attributes */ c( "srlgs" ( /* Shared risk link groups attributes */ c( "srlg" arg ( /* List of shared risk link groups */ c( "config" ( /* Configuration parameters related to the SRLG */ c( "name" arg /* SRLG group identifier */, "value" arg /* group ID for the SRLG */, "cost" arg /* The cost of the SRLG to the computation algorithm */, "flooding-type" ( /* The type of SRLG, either flooded in the IGP or statically configured */ ("FLOODED_SRLG" | "STATIC_SRLG") ) ) ), "static-srlg-members" ( /* SRLG members for static (not flooded) SRLGs */ c( "members-list" ( /* List of SRLG members, which are expressed as IP address endpoints of links contained in the SRLG */ s( arg, c( "config" ( /* Configuration parameters relating to the SRLG members */ c( "from-address" ( /* IP address of the a-side of the SRLG link */ time_of_day /* IP address of the a-side of the SRLG link */ ), "to-address" ( /* IP address of the z-side of the SRLG link */ time_of_day /* IP address of the z-side of the SRLG link */ ) ) ) ) ) ) ) ) ) ) ) ), "mpls-admin-groups" ( /* Top-level container for admin-groups configuration and state */ c( "admin-group" ( /* configuration of value to name mapping for mpls affinities/admin-groups */ s( arg, c( "config" ( /* Configurable items for admin-groups */ c( "admin-group-name" arg /* name for mpls admin-group */, "bit-position" arg /* bit-position value for mpls admin-group. The value for the admin group is an integer that represents one of the bit positions in the admin-group bitmask. Values between 0 and 31 are interpreted as the original limit of 32 admin groups. Values >=32 are interpreted as extended admin group values as per RFC7308. */ ) ) ) ) ) ) ), "te-lsp-timers" ( /* Definition for delays associated with setup and cleanup of TE LSPs */ c( "config" ( /* Configuration parameters related to timers for TE LSPs */ c( "install-delay" arg /* delay the use of newly installed te lsp for a specified amount of time. */, "cleanup-delay" arg /* delay the removal of old te lsp for a specified amount of time */, "reoptimize-timer" arg /* frequency of reoptimization of a traffic engineered LSP */ ) ) ) ) ) ), "te-interface-attributes" ( /* traffic engineering attributes specific for interfaces */ c( "interface" ( /* List of TE interfaces */ s( arg, c( "config" ( /* Configuration parameters related to TE interfaces: */ c( "interface-id" arg /* Id of the interface */, "te-metric" arg /* TE specific metric for the link */, "srlg-membership" arg /* list of references to named shared risk link groups that the interface belongs to. */, "admin-group" arg /* list of admin groups (by name) on the interface */ ) ), "interface-ref" ( /* Reference to an interface or subinterface */ c( "config" ( /* Configured reference to interface / subinterface */ c( "interface" arg /* Reference to a base interface. If a reference to a subinterface is required, this leaf must be specified to indicate the base interface. */, "subinterface" arg /* Reference to a subinterface -- this requires the base interface to be specified using the interface leaf in this container. If only a reference to a base interface is requuired, this leaf should not be set. */ ) ) ) ), "igp-flooding-bandwidth" ( /* Interface bandwidth change percentages that trigger update events into the IGP traffic engineering database (TED) */ c( "config" ( /* Configuration parameters for TED update threshold */ c( "threshold-type" ( /* The type of threshold that should be used to specify the values at which bandwidth is flooded. DELTA indicates that the local system should flood IGP updates when a change in reserved bandwidth >= the specified delta occurs on the interface. Where THRESHOLD_CROSSED is specified, the local system should trigger an update (and hence flood) the reserved bandwidth when the reserved bandwidth changes such that it crosses, or becomes equal to one of the threshold values */ ("DELTA" | "THRESHOLD_CROSSED") ), "delta-percentage" arg /* The percentage of the maximum-reservable-bandwidth considered as the delta that results in an IGP update being flooded */, "threshold-specification" ( /* This value specifies whether a single set of threshold values should be used for both increasing and decreasing bandwidth when determining whether to trigger updated bandwidth values to be flooded in the IGP TE extensions. MIRRORED-UP-DOWN indicates that a single value (or set of values) should be used for both increasing and decreasing values, where SEPARATE-UP-DOWN specifies that the increasing and decreasing values will be separately specified */ ("MIRRORED_UP_DOWN" | "SEPARATE_UP_DOWN") ), "up-thresholds" arg /* The thresholds (expressed as a percentage of the maximum reservable bandwidth) at which bandwidth updates are to be triggered when the bandwidth is increasing. */, "down-thresholds" arg /* The thresholds (expressed as a percentage of the maximum reservable bandwidth) at which bandwidth updates are to be triggered when the bandwidth is decreasing. */, "up-down-thresholds" arg /* The thresholds (expressed as a percentage of the maximum reservable bandwidth of the interface) at which bandwidth updates are flooded - used both when the bandwidth is increasing and decreasing */ ) ) ) ) ) ) ) ) ), "signaling-protocols" ( /* top-level signaling protocol configuration */ c( "rsvp-te" ( /* RSVP-TE global signaling protocol configuration */ c( "sessions" /* Enclosing container for sessions */, "neighbors" /* Configuration and state for RSVP neighbors connecting to the device */, "global" ( /* Platform wide RSVP configuration and state */ c( "graceful-restart" ( /* Operational state and configuration parameters relating to graceful-restart for RSVP */ c( "config" ( /* Configuration parameters relating to graceful-restart */ c( "enable" ( /* Enables graceful restart on the node. */ ("true" | "false") ), "restart-time" arg /* Graceful restart time (seconds). */, "recovery-time" arg /* RSVP state recovery time */ ) ) ) ), "soft-preemption" ( /* Protocol options relating to RSVP soft preemption */ c( "config" ( /* Configuration parameters relating to RSVP soft preemption support */ c( "enable" ( /* Enables soft preemption on a node. */ ("true" | "false") ), "soft-preemption-timeout" arg /* Timeout value for soft preemption to revert to hard preemption. The default timeout for soft-preemption is 30 seconds - after which the local system reverts to hard pre-emption. */ ) ) ) ), "hellos" ( /* Top level container for RSVP hello parameters */ c( "config" ( /* Configuration parameters relating to RSVP hellos */ c( "hello-interval" arg /* set the interval in ms between RSVP hello messages */, "refresh-reduction" ( /* enables all RSVP refresh reduction message bundling, RSVP message ID, reliable message delivery and summary refresh */ ("true" | "false") ) ) ) ) ) ) ), "interface-attributes" ( /* Attributes relating to RSVP-TE enabled interfaces */ c( "interface" ( /* list of per-interface RSVP configurations */ s( arg, c( "config" ( /* Configuration of per-interface RSVP parameters */ c( "interface-id" arg /* Identifier for the interface */ ) ), "interface-ref" ( /* Reference to an interface or subinterface */ c( "config" ( /* Configured reference to interface / subinterface */ c( "interface" arg /* Reference to a base interface. If a reference to a subinterface is required, this leaf must be specified to indicate the base interface. */, "subinterface" arg /* Reference to a subinterface -- this requires the base interface to be specified using the interface leaf in this container. If only a reference to a base interface is requuired, this leaf should not be set. */ ) ) ) ), "bandwidth-reservations" /* Enclosing container for bandwidth reservation */, "hellos" ( /* Top level container for RSVP hello parameters */ c( "config" ( /* Configuration parameters relating to RSVP hellos */ c( "hello-interval" arg /* set the interval in ms between RSVP hello messages */, "refresh-reduction" ( /* enables all RSVP refresh reduction message bundling, RSVP message ID, reliable message delivery and summary refresh */ ("true" | "false") ) ) ) ) ), "authentication" ( /* Configuration and state parameters relating to RSVP authentication as per RFC2747 */ c( "config" ( /* Configuration parameters relating to authentication */ c( "enable" ( /* Enables RSVP authentication on the node. */ ("true" | "false") ), "authentication-key" arg /* authenticate RSVP signaling messages */ ) ) ) ), "subscription" ( /* Bandwidth percentage reservable by RSVP on an interface */ c( "config" ( /* Configuration parameters relating to RSVP subscription options */ c( "subscription" arg /* percentage of the interface bandwidth that RSVP can reserve */ ) ) ) ), "protection" ( /* link-protection (NHOP) related configuration */ c( "config" ( /* Configuration for link-protection */ c( "link-protection-style-requested" ( /* Style of mpls frr protection desired: link, link-node, or unprotected */ ("LINK_NODE_PROTECTION_REQUESTED" | "LINK_PROTECTION_REQUIRED" | "UNPROTECTED") ), "bypass-optimize-interval" arg /* interval between periodic optimization of the bypass LSPs */ ) ) ) ) ) ) ) ) ) ) ), "ldp" ( /* LDP global signaling configuration */ c( "global" ( /* Platform wide LDP configuration and state */ c( "config" ( /* Global LDP configuration attributes. */ c( "lsr-id" ( /* Global label switch router identifier configuration. */ time_of_day /* Global label switch router identifier configuration. */ ) ) ), "graceful-restart" ( /* Top container for LDP graceful-restart attributes */ c( "config" ( /* LDP graceful-restart configuration attributes. */ c( "enabled" ( /* When set to true, the functionality within which this leaf is defined is enabled, when set to false it is explicitly disabled. */ ("true" | "false") ), "reconnect-time" arg /* Interval for which the remote LDP peers will wait for the local node to reconnect after a failure */, "recovery-time" arg /* Interval used to specify the time for the remote peer to maintain the MPLS forwarding state after the local node has succesfully reconnected */, "forwarding-holdtime" arg /* Time that defines the interval for keeping the node in recovery mode. */, "helper-enable" ( /* Enables the graceful restart helper for LDP. */ ("true" | "false") ) ) ) ) ), "authentication" ( /* Global LDP authentication */ c( "config" ( /* Configuration of LDP authentication attributes */ c( "enable" ( /* Enables LDP authentication on the node. */ ("true" | "false") ), "authentication-key" arg /* authenticate LDP signaling messages */ ) ) ) ) ) ), "interface-attributes" ( /* Container including attributes for LDP-enabled interfaces */ c( "config" ( /* Configuration of per-interface LDP parameters */ c( "hello-holdtime" arg /* Defines the time for which a neighbor adjacency will be kept by the router while it waits for a new link Hello message. */, "hello-interval" arg /* Defines the interval for sending Hello messages on each link LDP adjacency. */ ) ), "interfaces" ( /* Container aggregating all interfaces and their LDP-specific attributes. */ c( "interface" ( /* list of per-interface LDP configurations */ s( arg, c( "config" ( /* Configuration of per-interface LDP parameters */ c( "interface-id" arg /* Identifier for the interface */, "hello-holdtime" arg /* Defines the time for which a neighbor adjacency will be kept by the router while it waits for a new link Hello message. */, "hello-interval" arg /* Defines the interval for sending Hello messages on each link LDP adjacency. */ ) ), "interface-ref" ( /* Reference to an interface or subinterface */ c( "config" ( /* Configured reference to interface / subinterface */ c( "interface" arg /* Reference to a base interface. If a reference to a subinterface is required, this leaf must be specified to indicate the base interface. */, "subinterface" arg /* Reference to a subinterface -- this requires the base interface to be specified using the interface leaf in this container. If only a reference to a base interface is requuired, this leaf should not be set. */ ) ) ) ), "address-families" ( /* Top container comprising the adress families attributes */ c( "address-family" ( /* List for attributes related to address-families for LDP. */ s( arg, c( "config" ( /* Configuration attributes related to address-families for LDP. */ c( "afi-name" ( /* Adress-family name atttibute (IPv4, IPv6). */ ("IPV4" | "IPV6") ), "enabled" ( /* When set to true, the functionality within which this leaf is defined is enabled, when set to false it is explicitly disabled. */ ("true" | "false") ) ) ) ) ) ) ) ) ) ) ) ) ) ) ), "targeted" ( /* Top container for targeted LDP state and configuration attributes. */ c( "config" ( /* Configuration attributes related to targeted LDP. */ c( "hello-holdtime" arg /* Defines the time for which a neighbor adjacency will be kept by the router while it waits for a new link Hello message. */, "hello-interval" arg /* Defines the interval for sending Hello messages on each link LDP adjacency. */, "hello-accept" ( /* Enables or disables the acceptance of targeted LDP hello messages. */ ("true" | "false") ) ) ), "address-families" ( /* Global container for IPv4 and IPv6 attributes for LDP. */ c( "address-family" ( /* List of address families for targeted LDP configuration */ s( arg, c( "config" ( /* Address-family configuration for targeted LDP */ c( "afi-name" ( /* Adress-family name atttibute (IPv4, IPv6). */ ("IPV4" | "IPV6") ) ) ), "targets" ( /* Container aggregating all targeted sessions and their LDP-specific attributes. */ c( "target" ( /* List of LDP targets configuration */ s( arg, c( "config" ( /* Configuration parameters of a targeted LDP adjacency */ c( "remote-address" ( /* Configuration of neighbor address of the targeted LDP adjacency */ time_of_day /* Configuration of neighbor address of the targeted LDP adjacency */ ), "local-address" ( /* Local IP address of the LDP adjacency */ time_of_day /* Local IP address of the LDP adjacency */ ), "enabled" ( /* When set to true, the functionality within which this leaf is defined is enabled, when set to false it is explicitly disabled. */ ("true" | "false") ), "hello-holdtime" arg /* Defines the time for which a neighbor adjacency will be kept by the router while it waits for a new link Hello message. */, "hello-interval" arg /* Defines the interval for sending Hello messages on each link LDP adjacency. */ ) ) ) ) ) ) ) ) ) ) ) ) ) ), "neighbors" ( /* State and configuration LDP neighbors attributes */ c( "neighbor" ( /* List of LDP neighbors and their attributes. */ s( arg, arg, c( "config" ( /* Neighbor configuration attributes. */ c( "lsr-id" ( /* Neighbor label switch router identifier. */ time_of_day /* Neighbor label switch router identifier. */ ), "label-space-id" arg /* Label space ID of the neighbor. */ ) ), "authentication" ( /* Global LDP authentication */ c( "config" ( /* Configuration of LDP authentication attributes */ c( "enable" ( /* Enables LDP authentication on the node. */ ("true" | "false") ), "authentication-key" arg /* authenticate LDP signaling messages */ ) ) ) ) ) ) ) ) ), "jnx-aug-openconfig-mpls:lsp-ingress-policies" ( /* LDP lsp ingress policies on the system */ c( "lsp-ingress-policy" ( /* LDP lsp ingress policy with the corresponding IP-prefix on the system */ s( arg, c( "state" /* State parameters for Ingress LDP Lsp statistics */ ) ) ) ) ), "jnx-aug-openconfig-mpls:lsp-transit-policies" ( /* LDP lsp transit policies on the system */ c( "lsp-transit-policy" ( /* LDP lsp transit policy with the corresponding IP-prefix on the system */ s( arg, c( "state" /* State parameters for Transit LDP Lsp statistics */ ) ) ) ) ), "jnx-aug-openconfig-mpls:p2mp-lsps" ( /* As per root-address lsp-id source-ip and group-ip counters on the system */ c( "p2mp-lsp" ( s( arg, arg, arg, arg, c( "state" /* State parameters for Transit LDP P2MP LSP statistics */ ) ) ) ) ), "jnx-aug-openconfig-mpls:p2mp-lsp-branches" ( /* As per root-address lsp-id branch-id source-ip and group-ip counters on the system */ c( "p2mp-lsp-branch" ( s( arg, arg, arg, arg, arg, c( "state" /* State parameters for Transit LDP P2MP LSP BRANCH statistics */ ) ) ) ) ), "jnx-aug-openconfig-mpls:p2mp-interfaces" ( /* Per interface-name for ldp p2mp interface counters on the system */ c( "p2mp-interface" ( s( arg, c( "state" ( c( "received-counters" /* State parameters for Transit LDP P2MP IF received statistics */, "transmit-counters" /* State parameters for Transit LDP P2MP IF transmit statistics */ ) ) ) ) ) ) ) ) ), "segment-routing" ( /* MPLS-specific Segment Routing configuration and operational state parameters */ c( "aggregate-sid-counters" /* Per-SID counters aggregated across all interfaces on the local system */, "interfaces" ( /* Interface related Segment Routing parameters. */ c( "interface" ( /* Parameters and MPLS-specific configuration relating to Segment Routing on an interface. */ s( arg, c( "config" ( /* MPLS-specific Segment Routing configuration parameters related to an interface. */ c( "interface-id" arg /* A unique identifier for the interface. */ ) ), "sid-counters" /* Per-SID statistics for MPLS */, "interface-ref" ( /* Reference to an interface or subinterface */ c( "config" ( /* Configured reference to interface / subinterface */ c( "interface" arg /* Reference to a base interface. If a reference to a subinterface is required, this leaf must be specified to indicate the base interface. */, "subinterface" arg /* Reference to a subinterface -- this requires the base interface to be specified using the interface leaf in this container. If only a reference to a base interface is requuired, this leaf should not be set. */ ) ) ) ) ) ) ) ) ), "jnx-aug-openconfig-mpls:sr-te-bsid-policies" /* Per bsid, to-address and color counters on the local system */, "jnx-aug-openconfig-mpls:sr-te-ip-policies" /* Per to-address and color counters on the local system */, "jnx-aug-openconfig-mpls:sr-te-transit-tunnel-policies" /* Tunnel-name on the local system */, "jnx-aug-openconfig-mpls:sr-te-ingress-tunnel-policies" /* Tunnel-name on the local system */, "jnx-aug-openconfig-mpls:sr-te-per-lsp-transit-policies" /* Tunnel-name on the local system */, "jnx-aug-openconfig-mpls:sr-te-per-lsp-ingress-policies" /* Tunnel-name on the local system */ ) ) ) ), "lsps" ( /* LSP definitions and configuration */ c( "constrained-path" ( /* traffic-engineered LSPs supporting different path computation and signaling methods */ c( "named-explicit-paths" ( /* Enclosing container for the named explicit paths */ c( "named-explicit-path" arg ( /* A list of explicit paths */ c( "config" ( /* Configuration parameters relating to named explicit paths */ c( "name" arg /* A string name that uniquely identifies an explicit path */ ) ), "explicit-route-objects" ( /* Enclosing container for EROs */ c( "explicit-route-object" ( /* List of explicit route objects */ s( arg, c( "config" ( /* Configuration parameters relating to an explicit route */ c( "address" ( /* router hop for the LSP path */ time_of_day /* router hop for the LSP path */ ), "hop-type" ( /* strict or loose hop */ ("LOOSE" | "STRICT") ), "index" arg /* Index of this explicit route object to express the order of hops in the path */ ) ) ) ) ) ) ) ) ) ) ), "tunnels" ( /* Enclosing container for tunnels */ c( "tunnel" arg ( /* List of TE tunnels. This list contains only the LSPs that the current device originates (i.e., for which it is the head-end). Where the signaling protocol utilised for an LSP allows a mid-point or tail device to be aware of the LSP (e.g., RSVP-TE), then the associated sessions are maintained per protocol */ c( "config" ( /* Configuration parameters related to TE tunnels: */ c( "name" arg /* The tunnel name */, "type" ( /* Tunnel type, p2p or p2mp */ ("P2MP" | "P2P") ), "signaling-protocol" ( /* Signaling protocol used to set up this tunnel */ ("PATH_SETUP_LDP" | "PATH_SETUP_SR" | "PATH_SETUP_RSVP") ), "description" arg /* optional text description for the tunnel */, "admin-status" ( /* TE tunnel administrative state. */ ("ADMIN_UP" | "ADMIN_DOWN") ), "preference" arg /* Specifies a preference for this tunnel. A lower number signifies a better preference */, "metric-type" ( /* The type of metric specification that should be used to set the LSP(s) metric */ ("LSP_METRIC_INHERITED" | "LSP_METRIC_ABSOLUTE" | "LSP_METRIC_RELATIVE") ), "metric" arg /* The value of the metric that should be specified. The value supplied in this leaf is used in conjunction with the metric type to determine the value of the metric used by the system. Where the metric-type is set to LSP_METRIC_ABSOLUTE - the value of this leaf is used directly; where it is set to LSP_METRIC_RELATIVE, the relevant (positive or negative) offset is used to formulate the metric; where metric-type is LSP_METRIC_INHERITED, the value of this leaf is not utilised */, "shortcut-eligible" ( /* Whether this LSP is considered to be eligible for us as a shortcut in the IGP. In the case that this leaf is set to true, the IGP SPF calculation uses the metric specified to determine whether traffic should be carried over this LSP */ ("true" | "false") ), "protection-style-requested" ( /* style of mpls frr protection desired: can be link, link-node or unprotected. */ ("LINK_NODE_PROTECTION_REQUESTED" | "LINK_PROTECTION_REQUIRED" | "UNPROTECTED") ), "reoptimize-timer" arg /* frequency of reoptimization of a traffic engineered LSP */, "source" ( /* RSVP-TE tunnel source address */ time_of_day /* RSVP-TE tunnel source address */ ), "soft-preemption" ( /* Enables RSVP soft-preemption on this LSP */ ("true" | "false") ), "setup-priority" arg /* RSVP-TE preemption priority during LSP setup, lower is higher priority; default 7 indicates that LSP will not preempt established LSPs during setup */, "hold-priority" arg /* preemption priority once the LSP is established, lower is higher priority; default 0 indicates other LSPs will not preempt the LSPs once established */ ) ), "bandwidth" ( /* Bandwidth configuration for TE LSPs */ c( "config" ( /* Configuration parameters related to bandwidth on TE tunnels: */ c( "specification-type" ( /* The method used for settign the bandwidth, either explicitly specified or configured */ ("SPECIFIED" | "AUTO") ), "set-bandwidth" arg /* set bandwidth explicitly, e.g., using offline calculation */ ) ), "auto-bandwidth" ( /* Parameters related to auto-bandwidth */ c( "config" ( /* Configuration parameters relating to MPLS auto-bandwidth on the tunnel. */ c( "enabled" ( /* enables mpls auto-bandwidth on the lsp */ ("true" | "false") ), "min-bw" arg /* set the minimum bandwidth in Kbps for an auto-bandwidth LSP */, "max-bw" arg /* set the maximum bandwidth in Kbps for an auto-bandwidth LSP */, "adjust-interval" arg /* time in seconds between adjustments to LSP bandwidth */, "adjust-threshold" arg /* percentage difference between the LSP's specified bandwidth and its current bandwidth allocation -- if the difference is greater than the specified percentage, auto-bandwidth adjustment is triggered */ ) ), "overflow" ( /* configuration of MPLS overflow bandwidth adjustement for the LSP */ c( "config" ( /* Config information for MPLS overflow bandwidth adjustment */ c( "enabled" ( /* enables mpls lsp bandwidth overflow adjustment on the lsp */ ("true" | "false") ), "overflow-threshold" arg /* bandwidth percentage change to trigger an overflow event */, "trigger-event-count" arg /* number of consecutive overflow sample events needed to trigger an overflow adjustment */ ) ) ) ), "underflow" ( /* configuration of MPLS underflow bandwidth adjustement for the LSP */ c( "config" ( /* Config information for MPLS underflow bandwidth adjustment */ c( "enabled" ( /* enables bandwidth underflow adjustment on the lsp */ ("true" | "false") ), "underflow-threshold" arg /* bandwidth percentage change to trigger and underflow event */, "trigger-event-count" arg /* number of consecutive underflow sample events needed to trigger an underflow adjustment */ ) ) ) ) ) ) ) ), "p2p-tunnel-attributes" ( /* Parameters related to LSPs of type P2P */ c( "config" ( /* Configuration parameters for P2P LSPs */ c( "destination" ( /* P2P tunnel destination address */ time_of_day /* P2P tunnel destination address */ ) ) ), "p2p-primary-path" ( /* Primary paths associated with the LSP */ c( "p2p-primary-path" arg ( /* List of p2p primary paths for a tunnel */ c( "config" ( /* Configuration parameters related to paths */ c( "name" arg /* Path name */, "path-computation-method" ( /* The method used for computing the path, either locally computed, queried from a server or not computed at all (explicitly configured). */ ("EXPLICITLY_DEFINED" | "EXTERNALLY_QUERIED" | "LOCALLY_COMPUTED") ), "use-cspf" ( /* Flag to enable CSPF for locally computed LSPs */ ("true" | "false") ), "cspf-tiebreaker" ( /* Determine the tie-breaking method to choose between equally desirable paths during CSFP computation */ ("RANDOM" | "LEAST_FILL" | "MOST_FILL") ), "path-computation-server" ( /* Address of the external path computation server */ time_of_day /* Address of the external path computation server */ ), "explicit-path-name" arg /* reference to a defined path */, "preference" arg /* Specifies a preference for this path. The lower the number higher the preference */, "setup-priority" arg /* RSVP-TE preemption priority during LSP setup, lower is higher priority; default 7 indicates that LSP will not preempt established LSPs during setup */, "hold-priority" arg /* preemption priority once the LSP is established, lower is higher priority; default 0 indicates other LSPs will not preempt the LSPs once established */, "retry-timer" arg /* sets the time between attempts to establish the LSP */ ) ), "candidate-secondary-paths" ( /* The set of candidate secondary paths which may be used for this primary path. When secondary paths are specified in the list the path of the secondary LSP in use must be restricted to those path options referenced. The priority of the secondary paths is specified within the list. Higher priority values are less preferred - that is to say that a path with priority 0 is the most preferred path. In the case that the list is empty, any secondary path option may be utilised when the current primary path is in use. */ c( "candidate-secondary-path" ( /* List of secondary paths which may be utilised when the current primary path is in use */ s( arg, c( "config" ( /* Configuration parameters relating to the candidate secondary path */ c( "secondary-path" arg /* A reference to the secondary path that should be utilised when the containing primary path option is in use */, "priority" arg /* The priority of the specified secondary path option. Higher priority options are less preferable - such that a secondary path reference with a priority of 0 is the most preferred */ ) ) ) ) ) ) ), "admin-groups" ( /* Top-level container for include/exclude constraints for link affinities */ c( "config" ( /* Configuration data */ c( "exclude-group" arg /* list of references to named admin-groups to exclude in path calculation. */, "include-all-group" arg /* list of references to named admin-groups of which all must be included */, "include-any-group" arg /* list of references to named admin-groups of which one must be included */ ) ) ) ), "jnx-aug-openconfig-mpls:lsp-instances" ( s( arg, c( "state" ( c( "local-index" arg, "notify-status" arg, "metric" arg, "bandwidth" arg, "max-average-bandwidth" arg ) ) ) ) ) ) ) ) ), "p2p-secondary-paths" ( /* Secondary paths for the LSP */ c( "p2p-secondary-path" arg ( /* List of p2p primary paths for a tunnel */ c( "config" ( /* Configuration parameters related to paths */ c( "name" arg /* Path name */, "path-computation-method" ( /* The method used for computing the path, either locally computed, queried from a server or not computed at all (explicitly configured). */ ("EXPLICITLY_DEFINED" | "EXTERNALLY_QUERIED" | "LOCALLY_COMPUTED") ), "use-cspf" ( /* Flag to enable CSPF for locally computed LSPs */ ("true" | "false") ), "cspf-tiebreaker" ( /* Determine the tie-breaking method to choose between equally desirable paths during CSFP computation */ ("RANDOM" | "LEAST_FILL" | "MOST_FILL") ), "path-computation-server" ( /* Address of the external path computation server */ time_of_day /* Address of the external path computation server */ ), "explicit-path-name" arg /* reference to a defined path */, "preference" arg /* Specifies a preference for this path. The lower the number higher the preference */, "setup-priority" arg /* RSVP-TE preemption priority during LSP setup, lower is higher priority; default 7 indicates that LSP will not preempt established LSPs during setup */, "hold-priority" arg /* preemption priority once the LSP is established, lower is higher priority; default 0 indicates other LSPs will not preempt the LSPs once established */, "retry-timer" arg /* sets the time between attempts to establish the LSP */ ) ), "admin-groups" ( /* Top-level container for include/exclude constraints for link affinities */ c( "config" ( /* Configuration data */ c( "exclude-group" arg /* list of references to named admin-groups to exclude in path calculation. */, "include-all-group" arg /* list of references to named admin-groups of which all must be included */, "include-any-group" arg /* list of references to named admin-groups of which one must be included */ ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ), "unconstrained-path" ( /* LSPs that use the IGP-determined path, i.e., non traffic-engineered, or non constrained-path */ c( "path-setup-protocol" ( /* select and configure the signaling method for the LSP */ c( "ldp" /* LDP signaling setup for IGP-congruent LSPs */ ) ) ) ), "static-lsps" ( /* statically configured LSPs, without dynamic signaling */ c( "static-lsp" arg ( /* list of defined static LSPs */ c( "config" ( /* Configuration data for the static lsp */ c( "name" arg /* name to identify the LSP */ ) ), "ingress" ( /* Static LSPs for which the router is an ingress node */ c( "config" ( /* Configuration data for ingress LSPs */ c( "next-hop" ( /* next hop IP address for the LSP */ time_of_day /* next hop IP address for the LSP */ ), "incoming-label" ( /* label value on the incoming packet */ time_of_day /* label value on the incoming packet */ ), "push-label" ( /* label value to push at the current hop for the LSP */ time_of_day /* label value to push at the current hop for the LSP */ ) ) ) ) ), "transit" ( /* Static LSPs for which the router is an transit node */ c( "config" ( /* Configuration data for transit LSPs */ c( "next-hop" ( /* next hop IP address for the LSP */ time_of_day /* next hop IP address for the LSP */ ), "incoming-label" ( /* label value on the incoming packet */ time_of_day /* label value on the incoming packet */ ), "push-label" ( /* label value to push at the current hop for the LSP */ time_of_day /* label value to push at the current hop for the LSP */ ) ) ) ) ), "egress" ( /* Static LSPs for which the router is an egress node */ c( "config" ( /* Configuration data for egress LSPs */ c( "next-hop" ( /* next hop IP address for the LSP */ time_of_day /* next hop IP address for the LSP */ ), "incoming-label" ( /* label value on the incoming packet */ time_of_day /* label value on the incoming packet */ ), "push-label" ( /* label value to push at the current hop for the LSP */ time_of_day /* label value to push at the current hop for the LSP */ ) ) ) ) ) ) ) ) ) ) ) ) ), "openconfig-routing-policy:routing-policy" ( /* Top-level container for all routing policy configuration */ c( "defined-sets" ( /* Predefined sets of attributes used in policy match statements */ c( "prefix-sets" ( /* Enclosing container */ c( "prefix-set" arg ( /* List of the defined prefix sets */ c( "config" ( /* Configuration data for prefix sets */ c( "name" arg /* name / label of the prefix set -- this is used to reference the set in match conditions */, "mode" ( /* Indicates the mode of the prefix set, in terms of which address families (IPv4, IPv6, or both) are present. The mode provides a hint, but the device must validate that all prefixes are of the indicated type, and is expected to reject the configuration if there is a discrepancy. The MIXED mode may not be supported on devices that require prefix sets to be of only one address family. */ ("IPV4" | "IPV6" | "MIXED") ) ) ), "prefixes" ( /* Enclosing container for the list of prefixes in a policy prefix list */ c( "prefix" ( /* List of prefixes in the prefix set */ s( arg, arg, c( "config" ( /* Configuration data for prefix definition */ c( "ip-prefix" ( /* The prefix member in CIDR notation -- while the prefix may be either IPv4 or IPv6, most implementations require all members of the prefix set to be the same address family. Mixing address types in the same prefix set is likely to cause an error. */ time_of_day /* The prefix member in CIDR notation -- while the prefix may be either IPv4 or IPv6, most implementations require all members of the prefix set to be the same address family. Mixing address types in the same prefix set is likely to cause an error. */ ), "masklength-range" arg /* Defines a range for the masklength, or 'exact' if the prefix has an exact length. Example: 10.3.192.0/21 through 10.3.192.0/24 would be expressed as prefix: 10.3.192.0/21, masklength-range: 21..24. Example: 10.3.192.0/21 would be expressed as prefix: 10.3.192.0/21, masklength-range: exact */ ) ) ) ) ) ) ) ) ) ) ), "neighbor-sets" ( /* Enclosing container for the list of neighbor set definitions */ c( "neighbor-set" arg ( /* List of defined neighbor sets for use in policies. */ c( "config" ( /* Configuration data for neighbor sets. */ c( "name" arg /* name / label of the neighbor set -- this is used to reference the set in match conditions */, "address" ( /* List of IP addresses in the neighbor set */ time_of_day /* List of IP addresses in the neighbor set */ ) ) ) ) ) ) ), "tag-sets" ( /* Enclosing container for the list of tag sets. */ c( "tag-set" arg ( /* List of tag set definitions. */ c( "config" ( /* Configuration data for tag sets */ c( "name" arg /* name / label of the tag set -- this is used to reference the set in match conditions */, "tag-value" ( /* Value of the tag set member */ time_of_day /* Value of the tag set member */ ) ) ) ) ) ) ), "openconfig-bgp-policy:bgp-defined-sets" ( /* BGP-related set definitions for policy match conditions */ c( "community-sets" ( /* Enclosing container for list of defined BGP community sets */ c( "community-set" ( /* List of defined BGP community sets */ s( arg, c( "config" ( /* Configuration data for BGP community sets */ c( "community-set-name" arg /* name / label of the community set -- this is used to reference the set in match conditions */, "community-member" arg /* members of the community set */ ) ) ) ) ) ) ), "ext-community-sets" ( /* Enclosing container for list of extended BGP community sets */ c( "ext-community-set" ( /* List of defined extended BGP community sets */ s( arg, c( "config" ( /* Configuration data for extended BGP community sets */ c( "ext-community-set-name" arg /* name / label of the extended community set -- this is used to reference the set in match conditions */, "ext-community-member" ( /* members of the extended community set */ time_of_day /* members of the extended community set */ ) ) ) ) ) ) ) ), "as-path-sets" ( /* Enclosing container for list of define AS path sets */ c( "as-path-set" ( /* List of defined AS path sets */ s( arg, c( "config" ( /* Configuration data for AS path sets */ c( "as-path-set-name" arg /* name of the AS path set -- this is used to reference the set in match conditions */, "as-path-set-member" arg /* AS path expression -- list of ASes in the set */ ) ) ) ) ) ) ) ) ) ) ), "policy-definitions" ( /* Enclosing container for the list of top-level policy definitions */ c( "policy-definition" arg ( /* List of top-level policy definitions, keyed by unique name. These policy definitions are expected to be referenced (by name) in policy chains specified in import or export configuration statements. */ c( "config" ( /* Configuration data for policy defintions */ c( "name" arg /* Name of the top-level policy definition -- this name is used in references to the current policy */ ) ), "statements" ( /* Enclosing container for policy statements */ c( "statement" arg ( /* Policy statements group conditions and actions within a policy definition. They are evaluated in the order specified (see the description of policy evaluation at the top of this module. */ c( "config" ( /* Configuration data for policy statements */ c( "name" arg /* name of the policy statement */ ) ), "conditions" ( /* Condition statements for the current policy statement */ c( "config" ( /* Configuration data for policy conditions */ c( "call-policy" arg /* Applies the statements from the specified policy definition and then returns control the current policy statement. Note that the called policy may itself call other policies (subject to implementation limitations). This is intended to provide a policy 'subroutine' capability. The called policy should contain an explicit or a default route disposition that returns an effective true (accept-route) or false (reject-route), otherwise the behavior may be ambiguous and implementation dependent */, "install-protocol-eq" ( /* Condition to check the protocol / method used to install the route into the local routing table */ ("IGMP" | "PIM" | "LOCAL_AGGREGATE" | "DIRECTLY_CONNECTED" | "STATIC" | "OSPF3" | "OSPF" | "ISIS" | "BGP") ) ) ), "match-interface" ( /* Top-level container for interface match conditions */ c( "config" ( /* Configuration data for interface match conditions */ c( "interface" arg /* Reference to a base interface. If a reference to a subinterface is required, this leaf must be specified to indicate the base interface. */, "subinterface" arg /* Reference to a subinterface -- this requires the base interface to be specified using the interface leaf in this container. If only a reference to a base interface is requuired, this leaf should not be set. */ ) ) ) ), "match-prefix-set" ( /* Match a referenced prefix-set according to the logic defined in the match-set-options leaf */ c( "config" ( /* Configuration data for a prefix-set condition */ c( "prefix-set" arg /* References a defined prefix set */, "match-set-options" ( /* Optional parameter that governs the behaviour of the match operation. This leaf only supports matching on ANY member of the set or inverting the match. Matching on ALL is not supported */ ("ANY" | "INVERT") ) ) ) ) ), "match-neighbor-set" ( /* Match a referenced neighbor set according to the logic defined in the match-set-options-leaf */ c( "config" ( /* Configuration data */ c( "neighbor-set" arg /* References a defined neighbor set */, "match-set-options" ( /* Optional parameter that governs the behaviour of the match operation. This leaf only supports matching on ANY member of the set or inverting the match. Matching on ALL is not supported */ ("ANY" | "INVERT") ) ) ) ) ), "match-tag-set" ( /* Match a referenced tag set according to the logic defined in the match-options-set leaf */ c( "config" ( /* Configuration data for tag-set conditions */ c( "tag-set" arg /* References a defined tag set */, "match-set-options" ( /* Optional parameter that governs the behaviour of the match operation. This leaf only supports matching on ANY member of the set or inverting the match. Matching on ALL is not supported */ ("ANY" | "INVERT") ) ) ) ) ), "openconfig-isis-policy:isis-conditions" ( /* Match conditions relating to the IS-IS protocol */ c( "config" ( /* Configuration parameters relating to IS-IS match conditions */ c( "level-eq" arg /* Match the level that the IS-IS prefix is within. This can be used in the case that import or export policies refer to an IS-IS instance that has multiple levels configured within it */ ) ) ) ), "openconfig-bgp-policy:bgp-conditions" ( /* Top-level container */ c( "config" ( /* Configuration data for BGP-specific policy conditions */ c( "med-eq" arg /* Condition to check if the received MED value is equal to the specified value */, "origin-eq" ( /* Condition to check if the route origin is equal to the specified value */ ("IGP" | "EGP" | "INCOMPLETE") ), "next-hop-in" ( /* List of next hop addresses to check for in the route update */ time_of_day /* List of next hop addresses to check for in the route update */ ), "afi-safi-in" ( /* List of address families which the NLRI may be within */ ("L2VPN_EVPN" | "L2VPN_VPLS" | "L3VPN_IPV6_MULTICAST" | "L3VPN_IPV4_MULTICAST" | "L3VPN_IPV6_UNICAST" | "L3VPN_IPV4_UNICAST" | "IPV6_LABELED_UNICAST" | "IPV4_LABELED_UNICAST" | "IPV6_UNICAST" | "IPV4_UNICAST" | "IPV4_MULTICAST" | "IPV6_MULTICAST" | "FABRIC_VPN" | "FABRIC" | "BRIDGE_VPN_UNICAST" | "BRIDGE_UNICAST" | "TE_UNICAST" | "IPV4_MDT" | "IPV6_MVPN" | "IPV4_MVPN" | "ISO_VPN_UNICAST" | "ISO_UNICAST" | "IPV6_VPN_FLOW" | "IPV6_FLOW" | "IPV4_VPN_FLOW" | "IPV4_FLOW" | "ROUTE_TARGET" | "ATMVPN" | "L2VPN_MSPW_AD") ), "local-pref-eq" arg /* Condition to check if the local pref attribute is equal to the specified value */, "route-type" ( /* Condition to check the route type in the route update */ ("INTERNAL" | "EXTERNAL") ) ) ), "community-count" ( /* Value and comparison operations for conditions based on the number of communities in the route update */ c( "config" ( /* Configuration data for community count condition */ c( "operator" ( /* type of comparison to be performed */ ("ATTRIBUTE_LE" | "ATTRIBUTE_GE" | "ATTRIBUTE_EQ") ), "value" arg /* value to compare with the community count */ ) ) ) ), "as-path-length" ( /* Value and comparison operations for conditions based on the length of the AS path in the route update */ c( "config" ( /* Configuration data for AS path length condition */ c( "operator" ( /* type of comparison to be performed */ ("ATTRIBUTE_LE" | "ATTRIBUTE_GE" | "ATTRIBUTE_EQ") ), "value" arg /* value to compare with the community count */ ) ) ) ), "match-community-set" ( /* Top-level container for match conditions on communities. Match a referenced community-set according to the logic defined in the match-set-options leaf */ c( "config" ( /* Configuration data for match conditions on communities */ c( "community-set" arg /* References a defined community set */, "match-set-options" ( /* Optional parameter that governs the behaviour of the match operation */ ("ANY" | "ALL" | "INVERT") ) ) ) ) ), "match-ext-community-set" ( /* Match a referenced extended community-set according to the logic defined in the match-set-options leaf */ c( "config" ( /* Configuration data for match conditions on extended communities */ c( "ext-community-set" arg /* References a defined extended community set */, "match-set-options" ( /* Optional parameter that governs the behaviour of the match operation */ ("ANY" | "ALL" | "INVERT") ) ) ) ) ), "match-as-path-set" ( /* Match a referenced as-path set according to the logic defined in the match-set-options leaf */ c( "config" ( /* Configuration data for match conditions on AS path set */ c( "as-path-set" arg /* References a defined AS path set */, "match-set-options" ( /* Optional parameter that governs the behaviour of the match operation */ ("ANY" | "ALL" | "INVERT") ) ) ) ) ) ) ) ) ), "actions" ( /* Top-level container for policy action statements */ c( "config" ( /* Configuration data for policy actions */ c( "policy-result" ( /* Select the final disposition for the route, either accept or reject. */ ("ACCEPT_ROUTE" | "REJECT_ROUTE") ) ) ), "openconfig-isis-policy:isis-actions" ( /* Actions that can be performed by IS-IS within a policy */ c( "config" ( /* Configuration parameters relating to IS-IS actions */ c( "set-level" arg /* Set the level that a prefix is to be imported into. */, "set-metric-type" arg /* Set the type of metric that is to be specified when the set metric leaf is specified */, "set-metric" arg /* Set the metric of the IS-IS prefix */ ) ) ) ), "openconfig-bgp-policy:bgp-actions" ( /* Top-level container for BGP-specific actions */ c( "config" ( /* Configuration data for BGP-specific actions */ c( "set-route-origin" ( /* set the origin attribute to the specified value */ ("IGP" | "EGP" | "INCOMPLETE") ), "set-local-pref" arg /* set the local pref attribute on the route update */, "set-next-hop" ( /* set the next-hop attribute in the route update */ time_of_day /* set the next-hop attribute in the route update */ ), "set-med" arg /* set the med metric attribute in the route update */ ) ), "set-as-path-prepend" ( /* Action to prepend the specified AS number to the AS-path a specified number of times */ c( "config" ( /* Configuration data for the AS path prepend action */ c( "repeat-n" arg /* Number of times to prepend the value specified in the asn leaf to the AS path. If no value is specified by the asn leaf, the local AS number of the system is used. The value should be between 1 and the maximum supported by the implementation. */, "asn" arg /* The AS number to prepend to the AS path. If this leaf is not specified and repeat-n is set, then the local AS number will be used for prepending. */ ) ) ) ), "set-community" ( /* Action to set the community attributes of the route, along with options to modify how the community is modified. Communities may be set using an inline list OR reference to an existing defined set (not both). */ c( "config" ( /* Configuration data for the set-community action */ c( "method" ( /* Indicates the method used to specify the extended communities for the set-ext-community action */ ("INLINE" | "REFERENCE") ), "options" ( /* Options for modifying the community attribute with the specified values. These options apply to both methods of setting the community attribute. */ ("ADD" | "REMOVE" | "REPLACE") ) ) ), "inline" ( /* Set the community values for the action inline with a list. */ c( "config" ( /* Configuration data or inline specification of set-community action */ c( "communities" arg /* Set the community values for the update inline with a list. */ ) ) ) ), "reference" ( /* Provide a reference to a defined community set for the set-community action */ c( "config" ( /* Configuration data for referening a community-set in the set-community action */ c( "community-set-ref" arg /* References a defined community set by name */ ) ) ) ) ) ), "set-ext-community" ( /* Action to set the extended community attributes of the route, along with options to modify how the community is modified. Extended communities may be set using an inline list OR a reference to an existing defined set (but not both). */ c( "config" ( /* Configuration data for the set-ext-community action */ c( "method" ( /* Indicates the method used to specify the extended communities for the set-ext-community action */ ("INLINE" | "REFERENCE") ), "options" ( /* Options for modifying the community attribute with the specified values. These options apply to both methods of setting the community attribute. */ ("ADD" | "REMOVE" | "REPLACE") ) ) ), "inline" ( /* Set the extended community values for the action inline with a list. */ c( "config" ( /* Configuration data or inline specification of set-ext-community action */ c( "communities" arg /* Set the extended community values for the update inline with a list. */ ) ) ) ), "reference" ( /* Provide a reference to an extended community set for the set-ext-community action */ c( "config" ( /* Configuration data for referening an extended community-set in the set-ext-community action */ c( "ext-community-set-ref" arg /* References a defined extended community set by name */ ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ), "openconfig-interfaces:interfaces" ( /* Top level container for interfaces, including configuration and state data. */ c( "interface" arg ( /* The list of named interfaces on the device. */ c( "config" ( /* Configurable items at the global, physical interface level */ c( "name" arg /* The name of the interface. A device MAY restrict the allowed values for this leaf, possibly depending on the type of the interface. For system-controlled interfaces, this leaf is the device-specific name of the interface. The 'config false' list interfaces/interface[name]/state contains the currently existing interfaces on the device. If a client tries to create configuration for a system-controlled interface that is not present in the corresponding state list, the server MAY reject the request if the implementation does not support pre-provisioning of interfaces or if the name refers to an interface that can never exist in the system. A NETCONF server MUST reply with an rpc-error with the error-tag 'invalid-value' in this case. The IETF model in RFC 7223 provides YANG features for the following (i.e., pre-provisioning and arbitrary-names), however they are omitted here: If the device supports pre-provisioning of interface configuration, the 'pre-provisioning' feature is advertised. If the device allows arbitrarily named user-controlled interfaces, the 'arbitrary-names' feature is advertised. When a configured user-controlled interface is created by the system, it is instantiated with the same name in the /interfaces/interface[name]/state list. */, "type" arg /* The type of the interface. When an interface entry is created, a server MAY initialize the type leaf with a valid value, e.g., if it is possible to derive the type from the name of the interface. If a client tries to set the type of an interface to a value that can never be used by the system, e.g., if the type is not supported or if the type does not match the name of the interface, the server MUST reject the request. A NETCONF server MUST reply with an rpc-error with the error-tag 'invalid-value' in this case. */, "mtu" arg /* Set the max transmission unit size in octets for the physical interface. If this is not set, the mtu is set to the operational default -- e.g., 1514 bytes on an Ethernet interface. */, "loopback-mode" ( /* When set to true, the interface is logically looped back, such that packets that are forwarded via the interface are received on the same interface. */ ("true" | "false") ), "description" arg /* A textual description of the interface. A server implementation MAY map this leaf to the ifAlias MIB object. Such an implementation needs to use some mechanism to handle the differences in size and characters allowed between this leaf and ifAlias. The definition of such a mechanism is outside the scope of this document. Since ifAlias is defined to be stored in non-volatile storage, the MIB implementation MUST map ifAlias to the value of 'description' in the persistently stored datastore. Specifically, if the device supports ':startup', when ifAlias is read the device MUST return the value of 'description' in the 'startup' datastore, and when it is written, it MUST be written to the 'running' and 'startup' datastores. Note that it is up to the implementation to decide whether to modify this single leaf in 'startup' or perform an implicit copy-config from 'running' to 'startup'. If the device does not support ':startup', ifAlias MUST be mapped to the 'description' leaf in the 'running' datastore. */, "enabled" ( /* This leaf contains the configured, desired state of the interface. Systems that implement the IF-MIB use the value of this leaf in the 'running' datastore to set IF-MIB.ifAdminStatus to 'up' or 'down' after an ifEntry has been initialized, as described in RFC 2863. Changes in this leaf in the 'running' datastore are reflected in ifAdminStatus, but if ifAdminStatus is changed over SNMP, this leaf is not affected. */ ("true" | "false") ), "openconfig-vlan:tpid" ( /* Optionally set the tag protocol identifier field (TPID) that is accepted on the VLAN */ ("TPID_ANY" | "TPID_0X9200" | "TPID_0X9100" | "TPID_0X88A8" | "TPID_0X8100") ) ) ), "hold-time" ( /* Top-level container for hold-time settings to enable dampening advertisements of interface transitions. */ c( "config" ( /* Configuration data for interface hold-time settings. */ c( "up" arg /* Dampens advertisement when the interface transitions from down to up. A zero value means dampening is turned off, i.e., immediate notification. */, "down" arg /* Dampens advertisement when the interface transitions from up to down. A zero value means dampening is turned off, i.e., immediate notification. */ ) ) ) ), "subinterfaces" ( /* Enclosing container for the list of subinterfaces associated with a physical interface */ c( "subinterface" ( /* The list of subinterfaces (logical interfaces) associated with a physical interface */ s( arg, c( "config" ( /* Configurable items at the subinterface level */ c( "index" arg /* The index of the subinterface, or logical interface number. On systems with no support for subinterfaces, or not using subinterfaces, this value should default to 0, i.e., the default subinterface. */, "description" arg /* A textual description of the interface. A server implementation MAY map this leaf to the ifAlias MIB object. Such an implementation needs to use some mechanism to handle the differences in size and characters allowed between this leaf and ifAlias. The definition of such a mechanism is outside the scope of this document. Since ifAlias is defined to be stored in non-volatile storage, the MIB implementation MUST map ifAlias to the value of 'description' in the persistently stored datastore. Specifically, if the device supports ':startup', when ifAlias is read the device MUST return the value of 'description' in the 'startup' datastore, and when it is written, it MUST be written to the 'running' and 'startup' datastores. Note that it is up to the implementation to decide whether to modify this single leaf in 'startup' or perform an implicit copy-config from 'running' to 'startup'. If the device does not support ':startup', ifAlias MUST be mapped to the 'description' leaf in the 'running' datastore. */, "enabled" ( /* This leaf contains the configured, desired state of the interface. Systems that implement the IF-MIB use the value of this leaf in the 'running' datastore to set IF-MIB.ifAdminStatus to 'up' or 'down' after an ifEntry has been initialized, as described in RFC 2863. Changes in this leaf in the 'running' datastore are reflected in ifAdminStatus, but if ifAdminStatus is changed over SNMP, this leaf is not affected. */ ("true" | "false") ) ) ), "jnx-aug-openconfig-interfaces:init-time" arg /* interface initialisation time */, "openconfig-vlan:vlan" ( /* Enclosing container for VLAN interface-specific data on subinterfaces */ c( "config" ( /* Configuration parameters for VLANs */ c( "vlan-id" ( /* VLAN id for the subinterface -- specified inline for the case of a local VLAN. The id is scoped to the subinterface, and could be repeated on different subinterfaces. Deprecation note: See adjacent elements in the 'vlan' container for making more expressive VLAN matches. */ time_of_day /* VLAN id for the subinterface -- specified inline for the case of a local VLAN. The id is scoped to the subinterface, and could be repeated on different subinterfaces. Deprecation note: See adjacent elements in the 'vlan' container for making more expressive VLAN matches. */ ) ) ), "match" ( /* Configuration for various VLAN tag matching schemes, including single-tagged 802.1q packets and double-tagged 802.1ad 'Q-in-Q' packets. Typically only one of the subordinate containers should be specified. Wildcards may be matched by specifying range values of 2-4094. If implementations have a more efficient way to match Wildcards then they should recognize this pattern and translate accordingly. Implementations are expected to return errors for combinations that they do not support, or provide deviations to the same effect. For simple VLAN configurations without an 'egress-mapping' then using the 'single-tagged' and 'double-tagged' VLAN matches that resolve to specific values, these specify the VLAN identifiers applied to packets on egress. */ c( "single-tagged" ( /* Match single-tagged packets with an exact VLAN identifier. */ c( "config" ( /* Configuration for matching single-tagged packets with an exact VLAN identifier. */ c( "vlan-id" arg /* VLAN identifier for single-tagged packets. */ ) ) ) ), "single-tagged-list" ( /* Match single-tagged packets with a list of VLAN identifiers. */ c( "config" ( /* Configuration for matching single-tagged packets with a list of VLAN identifiers. */ c( "vlan-ids" arg /* VLAN identifiers for single-tagged packets. */ ) ) ) ), "single-tagged-range" ( /* Match single-tagged packets with a range of VLAN identifiers. */ c( "config" ( /* Configuration for matching single-tagged packets with a range of VLAN identifiers. */ c( "low-vlan-id" arg /* The low-value VLAN identifier in a range for single-tagged packets. The range is matched inclusively. */, "high-vlan-id" arg /* The high-value VLAN identifier in a range for single-tagged packets. The range is matched inclusively. */ ) ) ) ), "double-tagged" ( /* Match double-tagged packets against inner exact and outer exact VLAN identifiers. */ c( "config" ( /* Configuration for matching double-tagged packets against inner exact and outer exact VLAN identifiers. */ c( "inner-vlan-id" arg /* Inner VLAN identifier for double-tagged packets. */, "outer-vlan-id" arg /* Outer VLAN identifier for double-tagged packets. */ ) ) ) ), "double-tagged-inner-list" ( /* Match double-tagged packets against an inner list and outer exact VLAN identifiers. */ c( "config" ( /* Configuration for matching double-tagged packets against an inner list and outer exact VLAN identifiers. */ c( "inner-vlan-ids" arg /* Inner VLAN identifiers for double-tagged packets. */, "outer-vlan-id" arg /* Outer VLAN identifier for double-tagged packets. */ ) ) ) ), "double-tagged-outer-list" ( /* Match double-tagged packets against an inner exact and outer list of VLAN identifiers. */ c( "config" ( /* Configuration for matching double-tagged packets against an inner exact and outer list of VLAN identifiers. */ c( "inner-vlan-id" arg /* Inner VLAN identifier for double-tagged packets. */, "outer-vlan-ids" arg /* Outer VLAN identifiers for double-tagged packets. */ ) ) ) ), "double-tagged-inner-range" ( /* Match double-tagged packets against an inner range and outer exact VLAN identifiers. */ c( "config" ( /* Configuration for matching double-tagged packets against an inner range and outer exact VLAN identifiers. */ c( "inner-low-vlan-id" arg /* The low-value inner VLAN identifier in a range for double-tagged packets. The range is matched inclusively. */, "inner-high-vlan-id" arg /* The high-value inner VLAN identifier in a range for double-tagged packets. The range is matched inclusively. */, "outer-vlan-id" arg /* Outer VLAN identifier of double-tagged packets. */ ) ) ) ), "double-tagged-outer-range" ( /* Match double-tagged packets against an inner exact and an outer range of VLAN identifiers. */ c( "config" ( /* Configuration for matching double-tagged packets against an inner exact and an outer range of VLAN identifiers. */ c( "inner-vlan-id" arg /* Inner VLAN identifier for double-tagged packets. */, "outer-low-vlan-id" arg /* The low-value outer VLAN identifier for double-tagged packets. The range is matched inclusively. */, "outer-high-vlan-id" arg /* The high-value outer VLAN identifier for double-tagged packets. The range is matched inclusively. */ ) ) ) ), "double-tagged-inner-outer-range" ( /* Match double-tagged packets against an inner range and an outer range of VLAN identifiers. */ c( "config" ( /* Configuration for matching double-tagged packets against an inner range and an outer range of VLAN identifiers. */ c( "inner-low-vlan-id" arg /* The low-value inner VLAN identifier in a range for double-tagged packets. The range is matched inclusively. */, "inner-high-vlan-id" arg /* The high-value inner VLAN identifier in a range for double-tagged packets. The range is matched inclusively. */, "outer-low-vlan-id" arg /* The low-value outer VLAN identifier in a range for double-tagged packets. The range is matched inclusively. */, "outer-high-vlan-id" arg /* The high-value outer VLAN identifier for double-tagged packets. The range is matched inclusively. */ ) ) ) ) ) ), "ingress-mapping" ( /* Ingress VLAN stack behaviors for packets that arrive on this subinterface after their VLAN idenitifer(s) have been matched. */ c( "config" ( /* Configuration for ingress VLAN and label behaviors for packets that arrive on this subinterface after their VLAN identifier(s) have been matched. */ c( "vlan-stack-action" ( /* The action to take on the VLAN stack of a packet. This is optionally used in conjunction with adjacent leaves to override the values of the action. */ ("PUSH" | "POP" | "SWAP") ), "vlan-id" arg /* Optionally specifies a fixed VLAN identifier that is used by the action configured in 'vlan-stack-action'. For example, if the action is 'PUSH' then this VLAN identifier is added to the the stack. This value must be non-zero if the 'vlan-stack-action' is one of 'PUSH' or 'SWAP'. */, "tpid" ( /* Optionally override the tag protocol identifier field (TPID) that is used by the action configured by 'vlan-stack-action' when modifying the VLAN stack. */ ("TPID_ANY" | "TPID_0X9200" | "TPID_0X9100" | "TPID_0X88A8" | "TPID_0X8100") ) ) ) ) ), "egress-mapping" ( /* Egress VLAN and label behaviors for packets that are destined for output via this subinterface. */ c( "config" ( /* Configuration for egress VLAN stack behaviors for packets that are destined for output via this subinterface. */ c( "vlan-stack-action" ( /* The action to take on the VLAN stack of a packet. This is optionally used in conjunction with adjacent leaves to override the values of the action. */ ("PUSH" | "POP" | "SWAP") ), "vlan-id" arg /* Optionally specifies a fixed VLAN identifier that is used by the action configured in 'vlan-stack-action'. For example, if the action is 'POP' then a VLAN identifier is removed from the stack but the value of this leaf is used instead. This value must be non-zero if the 'vlan-stack-action' is one of 'PUSH' or 'SWAP'. */, "tpid" ( /* Optionally override the tag protocol identifier field (TPID) that is used by the action configured by 'vlan-stack-action' when modifying the VLAN stack. */ ("TPID_ANY" | "TPID_0X9200" | "TPID_0X9100" | "TPID_0X88A8" | "TPID_0X8100") ) ) ) ) ) ) ), "openconfig-if-ip:ipv4" ( /* Parameters for the IPv4 address family. */ c( "addresses" ( /* Enclosing container for address list */ c( "address" ( /* The list of configured IPv4 addresses on the interface. */ s( arg, c( "config" ( /* Configuration data for each configured IPv4 address on the interface */ c( "ip" arg /* The IPv4 address on the interface. */, "prefix-length" arg /* The length of the subnet prefix. */ ) ), "vrrp" ( /* Enclosing container for VRRP groups handled by this IP interface */ c( "vrrp-group" ( /* List of VRRP groups, keyed by virtual router id */ s( arg, c( "config" ( /* Configuration data for the VRRP group */ c( "virtual-router-id" arg /* Set the virtual router id for use by the VRRP group. This usually also determines the virtual MAC address that is generated for the VRRP group */, "virtual-address" arg /* Configure one or more virtual addresses for the VRRP group */, "priority" arg /* Specifies the sending VRRP interface's priority for the virtual router. Higher values equal higher priority */, "preempt" ( /* When set to true, enables preemption by a higher priority backup router of a lower priority master router */ ("true" | "false") ), "preempt-delay" arg /* Set the delay the higher priority router waits before preempting */, "accept-mode" ( /* Configure whether packets destined for virtual addresses are accepted even when the virtual address is not owned by the router interface */ ("true" | "false") ), "advertisement-interval" arg /* Sets the interval between successive VRRP advertisements -- RFC 5798 defines this as a 12-bit value expressed as 0.1 seconds, with default 100, i.e., 1 second. Several implementation express this in units of seconds */ ) ), "interface-tracking" ( /* Top-level container for VRRP interface tracking */ c( "config" ( /* Configuration data for VRRP interface tracking */ c( "track-interface" arg /* Sets a list of one or more interfaces that should be tracked for up/down events to dynamically change the priority state of the VRRP group, and potentially change the mastership if the tracked interface going down lowers the priority sufficiently. Any of the tracked interfaces going down will cause the priority to be lowered. Some implementations may only support a single tracked interface. */, "priority-decrement" arg /* Set the value to subtract from priority when the tracked interface goes down */ ) ) ) ) ) ) ) ) ) ) ) ) ) ), "proxy-arp" ( /* Configuration and operational state parameters relating to proxy ARP. This functionality allows a system to respond to ARP requests that are not explicitly destined to the local system. */ c( "config" ( /* Configuration parameters for proxy ARP */ c( "mode" ( /* When set to a value other than DISABLE, the local system should respond to ARP requests that are for target addresses other than those that are configured on the local subinterface using its own MAC address as the target hardware address. If the REMOTE_ONLY value is specified, replies are only sent when the target address falls outside the locally configured subnets on the interface, whereas with the ALL value, all requests, regardless of their target address are replied to. */ ("DISABLE" | "REMOTE_ONLY" | "ALL") ) ) ) ) ), "neighbors" ( /* Enclosing container for neighbor list */ c( "neighbor" ( /* A list of mappings from IPv4 addresses to link-layer addresses. Entries in this list are used as static entries in the ARP Cache. */ s( arg, c( "config" ( /* Configuration data for each configured IPv4 address on the interface */ c( "ip" arg /* The IPv4 address of the neighbor node. */, "link-layer-address" arg /* The link-layer address of the neighbor node. */ ) ) ) ) ) ) ), "unnumbered" ( /* Top-level container for setting unnumbered interfaces. Includes reference the interface that provides the address information */ c( "config" ( /* Configuration data for unnumbered interface */ c( "enabled" ( /* Indicates that the subinterface is unnumbered. By default the subinterface is numbered, i.e., expected to have an IP address configuration. */ ("true" | "false") ) ) ), "interface-ref" ( /* Reference to an interface or subinterface */ c( "config" ( /* Configured reference to interface / subinterface */ c( "interface" arg /* Reference to a base interface. If a reference to a subinterface is required, this leaf must be specified to indicate the base interface. */, "subinterface" arg /* Reference to a subinterface -- this requires the base interface to be specified using the interface leaf in this container. If only a reference to a base interface is requuired, this leaf should not be set. */ ) ) ) ) ) ), "config" ( /* Top-level IPv4 configuration data for the interface */ c( "enabled" ( /* Controls whether IPv4 is enabled or disabled on this interface. When IPv4 is enabled, this interface is connected to an IPv4 stack, and the interface can send and receive IPv4 packets. */ ("true" | "false") ), "mtu" arg /* The size, in octets, of the largest IPv4 packet that the interface will send and receive. The server may restrict the allowed values for this leaf, depending on the interface's type. If this leaf is not configured, the operationally used MTU depends on the interface's type. */, "dhcp-client" ( /* Enables a DHCP client on the interface in order to request an address */ ("true" | "false") ) ) ) ) ), "openconfig-if-ip:ipv6" ( /* Parameters for the IPv6 address family. */ c( "addresses" ( /* Enclosing container for address list */ c( "address" ( /* The list of configured IPv6 addresses on the interface. */ s( arg, c( "config" ( /* Configuration data for each IPv6 address on the interface */ c( "ip" arg /* The IPv6 address on the interface. */, "prefix-length" arg /* The length of the subnet prefix. */ ) ), "vrrp" ( /* Enclosing container for VRRP groups handled by this IP interface */ c( "vrrp-group" ( /* List of VRRP groups, keyed by virtual router id */ s( arg, c( "config" ( /* Configuration data for the VRRP group */ c( "virtual-router-id" arg /* Set the virtual router id for use by the VRRP group. This usually also determines the virtual MAC address that is generated for the VRRP group */, "virtual-address" arg /* Configure one or more virtual addresses for the VRRP group */, "priority" arg /* Specifies the sending VRRP interface's priority for the virtual router. Higher values equal higher priority */, "preempt" ( /* When set to true, enables preemption by a higher priority backup router of a lower priority master router */ ("true" | "false") ), "preempt-delay" arg /* Set the delay the higher priority router waits before preempting */, "accept-mode" ( /* Configure whether packets destined for virtual addresses are accepted even when the virtual address is not owned by the router interface */ ("true" | "false") ), "advertisement-interval" arg /* Sets the interval between successive VRRP advertisements -- RFC 5798 defines this as a 12-bit value expressed as 0.1 seconds, with default 100, i.e., 1 second. Several implementation express this in units of seconds */, "virtual-link-local" arg /* For VRRP on IPv6 interfaces, sets the virtual link local address */ ) ), "interface-tracking" ( /* Top-level container for VRRP interface tracking */ c( "config" ( /* Configuration data for VRRP interface tracking */ c( "track-interface" arg /* Sets a list of one or more interfaces that should be tracked for up/down events to dynamically change the priority state of the VRRP group, and potentially change the mastership if the tracked interface going down lowers the priority sufficiently. Any of the tracked interfaces going down will cause the priority to be lowered. Some implementations may only support a single tracked interface. */, "priority-decrement" arg /* Set the value to subtract from priority when the tracked interface goes down */ ) ) ) ) ) ) ) ) ) ) ) ) ) ), "jnx-aug-openconfig-if-ip:router-advertisement" ( /* Configuration and operational state parameters relating to router advertisements. */ c( "config" ( /* Configuration parameters relating to router advertisements for IPv6. */ c( "interval" arg /* The interval between periodic router advertisement neighbor discovery messages sent on this interface expressed in seconds. */, "lifetime" arg /* The lifetime advertised in the router advertisement neighbor discovery message on this interface. */, "suppress" ( /* When set to true, router advertisement neighbor discovery messages are not transmitted on this interface. */ ("true" | "false") ) ) ), "state" ( c( "name" arg /* Name of the interface */, "initial-adv-sent" arg /* Number of initial advertisements sent */, "adv-sent" arg /* Number of advertisements sent */, "adv-received" arg /* Number of advertisements received */, "solicits-received" arg /* Number of solicits received */, "last-adv-time" arg /* Time (in seconds) since last advertisement sent */, "last-solicit-time" arg /* Time (in seconds) since last solicit received */ ) ) ) ), "neighbors" ( /* Enclosing container for list of IPv6 neighbors */ c( "neighbor" ( /* List of IPv6 neighbors */ s( arg, c( "config" ( /* Configuration data for each IPv6 address on the interface */ c( "ip" arg /* The IPv6 address of the neighbor node. */, "link-layer-address" arg /* The link-layer address of the neighbor node. */ ) ) ) ) ) ) ), "unnumbered" ( /* Top-level container for setting unnumbered interfaces. Includes reference the interface that provides the address information */ c( "config" ( /* Configuration data for unnumbered interface */ c( "enabled" ( /* Indicates that the subinterface is unnumbered. By default the subinterface is numbered, i.e., expected to have an IP address configuration. */ ("true" | "false") ) ) ), "interface-ref" ( /* Reference to an interface or subinterface */ c( "config" ( /* Configured reference to interface / subinterface */ c( "interface" arg /* Reference to a base interface. If a reference to a subinterface is required, this leaf must be specified to indicate the base interface. */, "subinterface" arg /* Reference to a subinterface -- this requires the base interface to be specified using the interface leaf in this container. If only a reference to a base interface is requuired, this leaf should not be set. */ ) ) ) ) ) ), "config" ( /* Top-level config data for the IPv6 interface */ c( "enabled" ( /* Controls whether IPv6 is enabled or disabled on this interface. When IPv6 is enabled, this interface is connected to an IPv6 stack, and the interface can send and receive IPv6 packets. */ ("true" | "false") ), "mtu" arg /* The size, in octets, of the largest IPv6 packet that the interface will send and receive. The server may restrict the allowed values for this leaf, depending on the interface's type. If this leaf is not configured, the operationally used MTU depends on the interface's type. */, "dup-addr-detect-transmits" arg /* The number of consecutive Neighbor Solicitation messages sent while performing Duplicate Address Detection on a tentative address. A value of zero indicates that Duplicate Address Detection is not performed on tentative addresses. A value of one indicates a single transmission with no follow-up retransmissions. */, "dhcp-client" ( /* Enables a DHCP client on the interface in order to request an address */ ("true" | "false") ) ) ), "openconfig-if-ip-ext:autoconf" ( /* Top-level container for IPv6 autoconf */ c( "config" ( /* [adapted from IETF IP model RFC 7277] Parameters to control the autoconfiguration of IPv6 addresses, as described in RFC 4862. */ c( "create-global-addresses" ( /* [adapted from IETF IP model RFC 7277] If enabled, the host creates global addresses as described in RFC 4862. */ ("true" | "false") ), "create-temporary-addresses" ( /* [adapted from IETF IP model RFC 7277] If enabled, the host creates temporary addresses as described in RFC 4941. */ ("true" | "false") ), "temporary-valid-lifetime" arg /* [adapted from IETF IP model RFC 7277] The time period during which the temporary address is valid. */, "temporary-preferred-lifetime" arg /* [adapted from IETF IP model RFC 7277] The time period during which the temporary address is preferred. */ ) ) ) ) ) ) ) ) ) ) ), "jnx-aug-openconfig-interfaces:index" arg /* Interface index */, "egress-queues" arg /* Number of egress queues */, "init-time" arg /* interface initialisation time */, "openconfig-if-tunnel:tunnel" ( /* In the case that the interface is logical tunnel interface, the parameters for the tunnel are specified within this subtree. Tunnel interfaces have only a single logical subinterface associated with them. */ c( "config" ( /* Configuration parameters associated with the tunnel interface */ c( "src" ( /* The source address that should be used for the tunnel. */ time_of_day /* The source address that should be used for the tunnel. */ ), "dst" ( /* The destination address for the tunnel. */ time_of_day /* The destination address for the tunnel. */ ), "ttl" arg /* The time-to-live (or hop limit) that should be utilised for the IP packets used for the tunnel transport. */, "gre-key" arg /* The GRE key to be specified for the tunnel. The key is used to identify a traffic flow within a tunnel. */ ) ), "ipv4" ( /* Parameters for the IPv4 address family. */ c( "addresses" ( /* Enclosing container for address list */ c( "address" ( /* The list of configured IPv4 addresses on the interface. */ s( arg, c( "config" ( /* Configuration data for each configured IPv4 address on the interface */ c( "ip" arg /* The IPv4 address on the interface. */, "prefix-length" arg /* The length of the subnet prefix. */ ) ) ) ) ) ) ), "proxy-arp" ( /* Configuration and operational state parameters relating to proxy ARP. This functionality allows a system to respond to ARP requests that are not explicitly destined to the local system. */ c( "config" ( /* Configuration parameters for proxy ARP */ c( "mode" ( /* When set to a value other than DISABLE, the local system should respond to ARP requests that are for target addresses other than those that are configured on the local subinterface using its own MAC address as the target hardware address. If the REMOTE_ONLY value is specified, replies are only sent when the target address falls outside the locally configured subnets on the interface, whereas with the ALL value, all requests, regardless of their target address are replied to. */ ("DISABLE" | "REMOTE_ONLY" | "ALL") ) ) ) ) ), "neighbors" ( /* Enclosing container for neighbor list */ c( "neighbor" ( /* A list of mappings from IPv4 addresses to link-layer addresses. Entries in this list are used as static entries in the ARP Cache. */ s( arg, c( "config" ( /* Configuration data for each configured IPv4 address on the interface */ c( "ip" arg /* The IPv4 address of the neighbor node. */, "link-layer-address" arg /* The link-layer address of the neighbor node. */ ) ) ) ) ) ) ), "unnumbered" ( /* Top-level container for setting unnumbered interfaces. Includes reference the interface that provides the address information */ c( "config" ( /* Configuration data for unnumbered interface */ c( "enabled" ( /* Indicates that the subinterface is unnumbered. By default the subinterface is numbered, i.e., expected to have an IP address configuration. */ ("true" | "false") ) ) ), "interface-ref" ( /* Reference to an interface or subinterface */ c( "config" ( /* Configured reference to interface / subinterface */ c( "interface" arg /* Reference to a base interface. If a reference to a subinterface is required, this leaf must be specified to indicate the base interface. */, "subinterface" arg /* Reference to a subinterface -- this requires the base interface to be specified using the interface leaf in this container. If only a reference to a base interface is requuired, this leaf should not be set. */ ) ) ) ) ) ), "config" ( /* Top-level IPv4 configuration data for the interface */ c( "enabled" ( /* Controls whether IPv4 is enabled or disabled on this interface. When IPv4 is enabled, this interface is connected to an IPv4 stack, and the interface can send and receive IPv4 packets. */ ("true" | "false") ), "mtu" arg /* The size, in octets, of the largest IPv4 packet that the interface will send and receive. The server may restrict the allowed values for this leaf, depending on the interface's type. If this leaf is not configured, the operationally used MTU depends on the interface's type. */, "dhcp-client" ( /* Enables a DHCP client on the interface in order to request an address */ ("true" | "false") ) ) ) ) ), "ipv6" ( /* Parameters for the IPv6 address family. */ c( "addresses" ( /* Enclosing container for address list */ c( "address" ( /* The list of configured IPv6 addresses on the interface. */ s( arg, c( "config" ( /* Configuration data for each IPv6 address on the interface */ c( "ip" arg /* The IPv6 address on the interface. */, "prefix-length" arg /* The length of the subnet prefix. */ ) ) ) ) ) ) ), "router-advertisement" ( /* Configuration and operational state parameters relating to router advertisements. */ c( "config" ( /* Configuration parameters relating to router advertisements for IPv6. */ c( "interval" arg /* The interval between periodic router advertisement neighbor discovery messages sent on this interface expressed in seconds. */, "lifetime" arg /* The lifetime advertised in the router advertisement neighbor discovery message on this interface. */, "suppress" ( /* When set to true, router advertisement neighbor discovery messages are not transmitted on this interface. */ ("true" | "false") ) ) ) ) ), "neighbors" ( /* Enclosing container for list of IPv6 neighbors */ c( "neighbor" ( /* List of IPv6 neighbors */ s( arg, c( "config" ( /* Configuration data for each IPv6 address on the interface */ c( "ip" arg /* The IPv6 address of the neighbor node. */, "link-layer-address" arg /* The link-layer address of the neighbor node. */ ) ) ) ) ) ) ), "unnumbered" ( /* Top-level container for setting unnumbered interfaces. Includes reference the interface that provides the address information */ c( "config" ( /* Configuration data for unnumbered interface */ c( "enabled" ( /* Indicates that the subinterface is unnumbered. By default the subinterface is numbered, i.e., expected to have an IP address configuration. */ ("true" | "false") ) ) ), "interface-ref" ( /* Reference to an interface or subinterface */ c( "config" ( /* Configured reference to interface / subinterface */ c( "interface" arg /* Reference to a base interface. If a reference to a subinterface is required, this leaf must be specified to indicate the base interface. */, "subinterface" arg /* Reference to a subinterface -- this requires the base interface to be specified using the interface leaf in this container. If only a reference to a base interface is requuired, this leaf should not be set. */ ) ) ) ) ) ), "config" ( /* Top-level config data for the IPv6 interface */ c( "enabled" ( /* Controls whether IPv6 is enabled or disabled on this interface. When IPv6 is enabled, this interface is connected to an IPv6 stack, and the interface can send and receive IPv6 packets. */ ("true" | "false") ), "mtu" arg /* The size, in octets, of the largest IPv6 packet that the interface will send and receive. The server may restrict the allowed values for this leaf, depending on the interface's type. If this leaf is not configured, the operationally used MTU depends on the interface's type. */, "dup-addr-detect-transmits" arg /* The number of consecutive Neighbor Solicitation messages sent while performing Duplicate Address Detection on a tentative address. A value of zero indicates that Duplicate Address Detection is not performed on tentative addresses. A value of one indicates a single transmission with no follow-up retransmissions. */, "dhcp-client" ( /* Enables a DHCP client on the interface in order to request an address */ ("true" | "false") ) ) ) ) ) ) ), "openconfig-if-ethernet:ethernet" ( /* Top-level container for ethernet configuration and state */ c( "config" ( /* Configuration data for ethernet interfaces */ c( "mac-address" arg /* Assigns a MAC address to the Ethernet interface. If not specified, the corresponding operational state leaf is expected to show the system-assigned MAC address. */, "auto-negotiate" ( /* Set to TRUE to request the interface to auto-negotiate transmission parameters with its peer interface. When set to FALSE, the transmission parameters are specified manually. */ ("true" | "false") ), "duplex-mode" ( /* When auto-negotiate is TRUE, this optionally sets the duplex mode that will be advertised to the peer. If unspecified, the interface should negotiate the duplex mode directly (typically full-duplex). When auto-negotiate is FALSE, this sets the duplex mode on the interface directly. */ ("FULL" | "HALF") ), "port-speed" ( /* When auto-negotiate is TRUE, this optionally sets the port-speed mode that will be advertised to the peer for negotiation. If unspecified, it is expected that the interface will select the highest speed available based on negotiation. When auto-negotiate is set to FALSE, sets the link speed to a fixed value -- supported values are defined by ETHERNET_SPEED identities */ ("SPEED_UNKNOWN" | "SPEED_800GB" | "SPEED_600GB" | "SPEED_400GB" | "SPEED_200GB" | "SPEED_100GB" | "SPEED_50GB" | "SPEED_40GB" | "SPEED_25GB" | "SPEED_10GB" | "SPEED_5GB" | "SPEED_2500MB" | "SPEED_1GB" | "SPEED_100MB" | "SPEED_10MB") ), "enable-flow-control" ( /* Enable or disable flow control for this interface. Ethernet flow control is a mechanism by which a receiver may send PAUSE frames to a sender to stop transmission for a specified time. This setting should override auto-negotiated flow control settings. If left unspecified, and auto-negotiate is TRUE, flow control mode is negotiated with the peer interface. */ ("true" | "false") ), "openconfig-if-aggregate:aggregate-id" arg /* Specify the logical aggregate interface to which this interface belongs */ ) ), "openconfig-vlan:switched-vlan" ( /* Enclosing container for VLAN interface-specific data on Ethernet interfaces. These are for standard L2, switched-style VLANs. */ c( "config" ( /* Configuration parameters for VLANs */ c( "interface-mode" ( /* Set the interface to access or trunk mode for VLANs */ ("ACCESS" | "TRUNK") ), "native-vlan" arg /* Set the native VLAN id for untagged frames arriving on a trunk interface. Tagged frames sent on an interface configured with a native VLAN should have their tags stripped prior to transmission. This configuration is only valid on a trunk interface. */, "access-vlan" arg /* Assign the access vlan to the access port. */, "trunk-vlans" ( /* Specify VLANs, or ranges thereof, that the interface may carry when in trunk mode. If not specified, all VLANs are allowed on the interface. Ranges are specified in the form x..y, where x=32 are interpreted as extended admin group values as per RFC7308. */ ) ) ) ) ) ) ), "te-lsp-timers" ( /* Definition for delays associated with setup and cleanup of TE LSPs */ c( "config" ( /* Configuration parameters related to timers for TE LSPs */ c( "install-delay" arg /* delay the use of newly installed te lsp for a specified amount of time. */, "cleanup-delay" arg /* delay the removal of old te lsp for a specified amount of time */, "reoptimize-timer" arg /* frequency of reoptimization of a traffic engineered LSP */ ) ) ) ) ) ), "te-interface-attributes" ( /* traffic engineering attributes specific for interfaces */ c( "interface" ( /* List of TE interfaces */ s( arg, c( "config" ( /* Configuration parameters related to TE interfaces: */ c( "interface-id" arg /* Id of the interface */, "te-metric" arg /* TE specific metric for the link */, "srlg-membership" arg /* list of references to named shared risk link groups that the interface belongs to. */, "admin-group" arg /* list of admin groups (by name) on the interface */ ) ), "interface-ref" ( /* Reference to an interface or subinterface */ c( "config" ( /* Configured reference to interface / subinterface */ c( "interface" arg /* Reference to a base interface. If a reference to a subinterface is required, this leaf must be specified to indicate the base interface. */, "subinterface" arg /* Reference to a subinterface -- this requires the base interface to be specified using the interface leaf in this container. If only a reference to a base interface is requuired, this leaf should not be set. */ ) ) ) ), "igp-flooding-bandwidth" ( /* Interface bandwidth change percentages that trigger update events into the IGP traffic engineering database (TED) */ c( "config" ( /* Configuration parameters for TED update threshold */ c( "threshold-type" ( /* The type of threshold that should be used to specify the values at which bandwidth is flooded. DELTA indicates that the local system should flood IGP updates when a change in reserved bandwidth >= the specified delta occurs on the interface. Where THRESHOLD_CROSSED is specified, the local system should trigger an update (and hence flood) the reserved bandwidth when the reserved bandwidth changes such that it crosses, or becomes equal to one of the threshold values */ ("DELTA" | "THRESHOLD_CROSSED") ), "delta-percentage" arg /* The percentage of the maximum-reservable-bandwidth considered as the delta that results in an IGP update being flooded */, "threshold-specification" ( /* This value specifies whether a single set of threshold values should be used for both increasing and decreasing bandwidth when determining whether to trigger updated bandwidth values to be flooded in the IGP TE extensions. MIRRORED-UP-DOWN indicates that a single value (or set of values) should be used for both increasing and decreasing values, where SEPARATE-UP-DOWN specifies that the increasing and decreasing values will be separately specified */ ("MIRRORED_UP_DOWN" | "SEPARATE_UP_DOWN") ), "up-thresholds" arg /* The thresholds (expressed as a percentage of the maximum reservable bandwidth) at which bandwidth updates are to be triggered when the bandwidth is increasing. */, "down-thresholds" arg /* The thresholds (expressed as a percentage of the maximum reservable bandwidth) at which bandwidth updates are to be triggered when the bandwidth is decreasing. */, "up-down-thresholds" arg /* The thresholds (expressed as a percentage of the maximum reservable bandwidth of the interface) at which bandwidth updates are flooded - used both when the bandwidth is increasing and decreasing */ ) ) ) ), "jnx-aug-openconfig-ni-mpls:bandwidth-measurement" ( c( "state" ( c( "last-calculated-sr-utilisation" arg /* The last calculated value of the Segment Routing utilisation (taken post any averaging or adjustment that occurs). This value is updated regardless of whether the value was flooded or not. */, "last-sample-measured-sr-util" arg /* The measured Segment Routing bandwidth utilisation at the last sample. */ ) ) ) ) ) ) ) ) ), "signaling-protocols" ( /* top-level signaling protocol configuration */ c( "rsvp-te" ( /* RSVP-TE global signaling protocol configuration */ c( "sessions" /* Enclosing container for sessions */, "neighbors" /* Configuration and state for RSVP neighbors connecting to the device */, "global" ( /* Platform wide RSVP configuration and state */ c( "graceful-restart" ( /* Operational state and configuration parameters relating to graceful-restart for RSVP */ c( "config" ( /* Configuration parameters relating to graceful-restart */ c( "enable" ( /* Enables graceful restart on the node. */ ("true" | "false") ), "restart-time" arg /* Graceful restart time (seconds). */, "recovery-time" arg /* RSVP state recovery time */ ) ) ) ), "soft-preemption" ( /* Protocol options relating to RSVP soft preemption */ c( "config" ( /* Configuration parameters relating to RSVP soft preemption support */ c( "enable" ( /* Enables soft preemption on a node. */ ("true" | "false") ), "soft-preemption-timeout" arg /* Timeout value for soft preemption to revert to hard preemption. The default timeout for soft-preemption is 30 seconds - after which the local system reverts to hard pre-emption. */ ) ) ) ), "hellos" ( /* Top level container for RSVP hello parameters */ c( "config" ( /* Configuration parameters relating to RSVP hellos */ c( "hello-interval" arg /* set the interval in ms between RSVP hello messages */, "refresh-reduction" ( /* enables all RSVP refresh reduction message bundling, RSVP message ID, reliable message delivery and summary refresh */ ("true" | "false") ) ) ) ) ) ) ), "interface-attributes" ( /* Attributes relating to RSVP-TE enabled interfaces */ c( "interface" ( /* list of per-interface RSVP configurations */ s( arg, c( "config" ( /* Configuration of per-interface RSVP parameters */ c( "interface-id" arg /* Identifier for the interface */ ) ), "interface-ref" ( /* Reference to an interface or subinterface */ c( "config" ( /* Configured reference to interface / subinterface */ c( "interface" arg /* Reference to a base interface. If a reference to a subinterface is required, this leaf must be specified to indicate the base interface. */, "subinterface" arg /* Reference to a subinterface -- this requires the base interface to be specified using the interface leaf in this container. If only a reference to a base interface is requuired, this leaf should not be set. */ ) ) ) ), "bandwidth-reservations" /* Enclosing container for bandwidth reservation */, "hellos" ( /* Top level container for RSVP hello parameters */ c( "config" ( /* Configuration parameters relating to RSVP hellos */ c( "hello-interval" arg /* set the interval in ms between RSVP hello messages */, "refresh-reduction" ( /* enables all RSVP refresh reduction message bundling, RSVP message ID, reliable message delivery and summary refresh */ ("true" | "false") ) ) ) ) ), "authentication" ( /* Configuration and state parameters relating to RSVP authentication as per RFC2747 */ c( "config" ( /* Configuration parameters relating to authentication */ c( "enable" ( /* Enables RSVP authentication on the node. */ ("true" | "false") ), "authentication-key" arg /* authenticate RSVP signaling messages */ ) ) ) ), "subscription" ( /* Bandwidth percentage reservable by RSVP on an interface */ c( "config" ( /* Configuration parameters relating to RSVP subscription options */ c( "subscription" arg /* percentage of the interface bandwidth that RSVP can reserve */ ) ) ) ), "protection" ( /* link-protection (NHOP) related configuration */ c( "config" ( /* Configuration for link-protection */ c( "link-protection-style-requested" ( /* Style of mpls frr protection desired: link, link-node, or unprotected */ ("LINK_NODE_PROTECTION_REQUESTED" | "LINK_PROTECTION_REQUIRED" | "UNPROTECTED") ), "bypass-optimize-interval" arg /* interval between periodic optimization of the bypass LSPs */ ) ) ) ), "jnx-aug-openconfig-ni-mpls:admin-status" ( ("ENABLED" | "DISABLED") ) ) ) ) ) ) ) ), "ldp" ( /* LDP global signaling configuration */ c( "global" ( /* Platform wide LDP configuration and state */ c( "config" ( /* Global LDP configuration attributes. */ c( "lsr-id" ( /* Global label switch router identifier configuration. */ time_of_day /* Global label switch router identifier configuration. */ ) ) ), "graceful-restart" ( /* Top container for LDP graceful-restart attributes */ c( "config" ( /* LDP graceful-restart configuration attributes. */ c( "enabled" ( /* When set to true, the functionality within which this leaf is defined is enabled, when set to false it is explicitly disabled. */ ("true" | "false") ), "reconnect-time" arg /* Interval for which the remote LDP peers will wait for the local node to reconnect after a failure */, "recovery-time" arg /* Interval used to specify the time for the remote peer to maintain the MPLS forwarding state after the local node has succesfully reconnected */, "forwarding-holdtime" arg /* Time that defines the interval for keeping the node in recovery mode. */, "helper-enable" ( /* Enables the graceful restart helper for LDP. */ ("true" | "false") ) ) ) ) ), "authentication" ( /* Global LDP authentication */ c( "config" ( /* Configuration of LDP authentication attributes */ c( "enable" ( /* Enables LDP authentication on the node. */ ("true" | "false") ), "authentication-key" arg /* authenticate LDP signaling messages */ ) ) ) ) ) ), "interface-attributes" ( /* Container including attributes for LDP-enabled interfaces */ c( "config" ( /* Configuration of per-interface LDP parameters */ c( "hello-holdtime" arg /* Defines the time for which a neighbor adjacency will be kept by the router while it waits for a new link Hello message. */, "hello-interval" arg /* Defines the interval for sending Hello messages on each link LDP adjacency. */ ) ), "interfaces" ( /* Container aggregating all interfaces and their LDP-specific attributes. */ c( "interface" ( /* list of per-interface LDP configurations */ s( arg, c( "config" ( /* Configuration of per-interface LDP parameters */ c( "interface-id" arg /* Identifier for the interface */, "hello-holdtime" arg /* Defines the time for which a neighbor adjacency will be kept by the router while it waits for a new link Hello message. */, "hello-interval" arg /* Defines the interval for sending Hello messages on each link LDP adjacency. */ ) ), "interface-ref" ( /* Reference to an interface or subinterface */ c( "config" ( /* Configured reference to interface / subinterface */ c( "interface" arg /* Reference to a base interface. If a reference to a subinterface is required, this leaf must be specified to indicate the base interface. */, "subinterface" arg /* Reference to a subinterface -- this requires the base interface to be specified using the interface leaf in this container. If only a reference to a base interface is requuired, this leaf should not be set. */ ) ) ) ), "address-families" ( /* Top container comprising the adress families attributes */ c( "address-family" ( /* List for attributes related to address-families for LDP. */ s( arg, c( "config" ( /* Configuration attributes related to address-families for LDP. */ c( "afi-name" ( /* Adress-family name atttibute (IPv4, IPv6). */ ("IPV4" | "IPV6") ), "enabled" ( /* When set to true, the functionality within which this leaf is defined is enabled, when set to false it is explicitly disabled. */ ("true" | "false") ) ) ) ) ) ) ) ) ) ) ) ) ) ) ), "targeted" ( /* Top container for targeted LDP state and configuration attributes. */ c( "config" ( /* Configuration attributes related to targeted LDP. */ c( "hello-holdtime" arg /* Defines the time for which a neighbor adjacency will be kept by the router while it waits for a new link Hello message. */, "hello-interval" arg /* Defines the interval for sending Hello messages on each link LDP adjacency. */, "hello-accept" ( /* Enables or disables the acceptance of targeted LDP hello messages. */ ("true" | "false") ) ) ), "address-families" ( /* Global container for IPv4 and IPv6 attributes for LDP. */ c( "address-family" ( /* List of address families for targeted LDP configuration */ s( arg, c( "config" ( /* Address-family configuration for targeted LDP */ c( "afi-name" ( /* Adress-family name atttibute (IPv4, IPv6). */ ("IPV4" | "IPV6") ) ) ), "targets" ( /* Container aggregating all targeted sessions and their LDP-specific attributes. */ c( "target" ( /* List of LDP targets configuration */ s( arg, c( "config" ( /* Configuration parameters of a targeted LDP adjacency */ c( "remote-address" ( /* Configuration of neighbor address of the targeted LDP adjacency */ time_of_day /* Configuration of neighbor address of the targeted LDP adjacency */ ), "local-address" ( /* Local IP address of the LDP adjacency */ time_of_day /* Local IP address of the LDP adjacency */ ), "enabled" ( /* When set to true, the functionality within which this leaf is defined is enabled, when set to false it is explicitly disabled. */ ("true" | "false") ), "hello-holdtime" arg /* Defines the time for which a neighbor adjacency will be kept by the router while it waits for a new link Hello message. */, "hello-interval" arg /* Defines the interval for sending Hello messages on each link LDP adjacency. */ ) ) ) ) ) ) ) ) ) ) ) ) ) ), "neighbors" ( /* State and configuration LDP neighbors attributes */ c( "neighbor" ( /* List of LDP neighbors and their attributes. */ s( arg, arg, c( "config" ( /* Neighbor configuration attributes. */ c( "lsr-id" ( /* Neighbor label switch router identifier. */ time_of_day /* Neighbor label switch router identifier. */ ), "label-space-id" arg /* Label space ID of the neighbor. */ ) ), "authentication" ( /* Global LDP authentication */ c( "config" ( /* Configuration of LDP authentication attributes */ c( "enable" ( /* Enables LDP authentication on the node. */ ("true" | "false") ), "authentication-key" arg /* authenticate LDP signaling messages */ ) ) ) ) ) ) ) ) ) ) ), "segment-routing" ( /* MPLS-specific Segment Routing configuration and operational state parameters */ c( "aggregate-sid-counters" /* Per-SID counters aggregated across all interfaces on the local system */, "interfaces" ( /* Interface related Segment Routing parameters. */ c( "interface" ( /* Parameters and MPLS-specific configuration relating to Segment Routing on an interface. */ s( arg, c( "config" ( /* MPLS-specific Segment Routing configuration parameters related to an interface. */ c( "interface-id" arg /* A unique identifier for the interface. */ ) ), "sid-counters" /* Per-SID statistics for MPLS */, "interface-ref" ( /* Reference to an interface or subinterface */ c( "config" ( /* Configured reference to interface / subinterface */ c( "interface" arg /* Reference to a base interface. If a reference to a subinterface is required, this leaf must be specified to indicate the base interface. */, "subinterface" arg /* Reference to a subinterface -- this requires the base interface to be specified using the interface leaf in this container. If only a reference to a base interface is requuired, this leaf should not be set. */ ) ) ) ) ) ) ) ) ) ) ) ) ), "lsps" ( /* LSP definitions and configuration */ c( "constrained-path" ( /* traffic-engineered LSPs supporting different path computation and signaling methods */ c( "named-explicit-paths" ( /* Enclosing container for the named explicit paths */ c( "named-explicit-path" arg ( /* A list of explicit paths */ c( "config" ( /* Configuration parameters relating to named explicit paths */ c( "name" arg /* A string name that uniquely identifies an explicit path */ ) ), "explicit-route-objects" ( /* Enclosing container for EROs */ c( "explicit-route-object" ( /* List of explicit route objects */ s( arg, c( "config" ( /* Configuration parameters relating to an explicit route */ c( "address" ( /* router hop for the LSP path */ time_of_day /* router hop for the LSP path */ ), "hop-type" ( /* strict or loose hop */ ("LOOSE" | "STRICT") ), "index" arg /* Index of this explicit route object to express the order of hops in the path */ ) ) ) ) ) ) ) ) ) ) ), "tunnels" ( /* Enclosing container for tunnels */ c( "tunnel" arg ( /* List of TE tunnels. This list contains only the LSPs that the current device originates (i.e., for which it is the head-end). Where the signaling protocol utilised for an LSP allows a mid-point or tail device to be aware of the LSP (e.g., RSVP-TE), then the associated sessions are maintained per protocol */ c( "config" ( /* Configuration parameters related to TE tunnels: */ c( "name" arg /* The tunnel name */, "type" ( /* Tunnel type, p2p or p2mp */ ("P2MP" | "P2P") ), "signaling-protocol" ( /* Signaling protocol used to set up this tunnel */ ("PATH_SETUP_LDP" | "PATH_SETUP_SR" | "PATH_SETUP_RSVP") ), "description" arg /* optional text description for the tunnel */, "admin-status" ( /* TE tunnel administrative state. */ ("ADMIN_UP" | "ADMIN_DOWN") ), "preference" arg /* Specifies a preference for this tunnel. A lower number signifies a better preference */, "metric-type" ( /* The type of metric specification that should be used to set the LSP(s) metric */ ("LSP_METRIC_INHERITED" | "LSP_METRIC_ABSOLUTE" | "LSP_METRIC_RELATIVE") ), "metric" arg /* The value of the metric that should be specified. The value supplied in this leaf is used in conjunction with the metric type to determine the value of the metric used by the system. Where the metric-type is set to LSP_METRIC_ABSOLUTE - the value of this leaf is used directly; where it is set to LSP_METRIC_RELATIVE, the relevant (positive or negative) offset is used to formulate the metric; where metric-type is LSP_METRIC_INHERITED, the value of this leaf is not utilised */, "shortcut-eligible" ( /* Whether this LSP is considered to be eligible for us as a shortcut in the IGP. In the case that this leaf is set to true, the IGP SPF calculation uses the metric specified to determine whether traffic should be carried over this LSP */ ("true" | "false") ), "protection-style-requested" ( /* style of mpls frr protection desired: can be link, link-node or unprotected. */ ("LINK_NODE_PROTECTION_REQUESTED" | "LINK_PROTECTION_REQUIRED" | "UNPROTECTED") ), "reoptimize-timer" arg /* frequency of reoptimization of a traffic engineered LSP */, "source" ( /* RSVP-TE tunnel source address */ time_of_day /* RSVP-TE tunnel source address */ ), "soft-preemption" ( /* Enables RSVP soft-preemption on this LSP */ ("true" | "false") ), "setup-priority" arg /* RSVP-TE preemption priority during LSP setup, lower is higher priority; default 7 indicates that LSP will not preempt established LSPs during setup */, "hold-priority" arg /* preemption priority once the LSP is established, lower is higher priority; default 0 indicates other LSPs will not preempt the LSPs once established */ ) ), "bandwidth" ( /* Bandwidth configuration for TE LSPs */ c( "config" ( /* Configuration parameters related to bandwidth on TE tunnels: */ c( "specification-type" ( /* The method used for settign the bandwidth, either explicitly specified or configured */ ("SPECIFIED" | "AUTO") ), "set-bandwidth" arg /* set bandwidth explicitly, e.g., using offline calculation */ ) ), "auto-bandwidth" ( /* Parameters related to auto-bandwidth */ c( "config" ( /* Configuration parameters relating to MPLS auto-bandwidth on the tunnel. */ c( "enabled" ( /* enables mpls auto-bandwidth on the lsp */ ("true" | "false") ), "min-bw" arg /* set the minimum bandwidth in Kbps for an auto-bandwidth LSP */, "max-bw" arg /* set the maximum bandwidth in Kbps for an auto-bandwidth LSP */, "adjust-interval" arg /* time in seconds between adjustments to LSP bandwidth */, "adjust-threshold" arg /* percentage difference between the LSP's specified bandwidth and its current bandwidth allocation -- if the difference is greater than the specified percentage, auto-bandwidth adjustment is triggered */ ) ), "overflow" ( /* configuration of MPLS overflow bandwidth adjustement for the LSP */ c( "config" ( /* Config information for MPLS overflow bandwidth adjustment */ c( "enabled" ( /* enables mpls lsp bandwidth overflow adjustment on the lsp */ ("true" | "false") ), "overflow-threshold" arg /* bandwidth percentage change to trigger an overflow event */, "trigger-event-count" arg /* number of consecutive overflow sample events needed to trigger an overflow adjustment */ ) ) ) ), "underflow" ( /* configuration of MPLS underflow bandwidth adjustement for the LSP */ c( "config" ( /* Config information for MPLS underflow bandwidth adjustment */ c( "enabled" ( /* enables bandwidth underflow adjustment on the lsp */ ("true" | "false") ), "underflow-threshold" arg /* bandwidth percentage change to trigger and underflow event */, "trigger-event-count" arg /* number of consecutive underflow sample events needed to trigger an underflow adjustment */ ) ) ) ) ) ) ) ), "p2p-tunnel-attributes" ( /* Parameters related to LSPs of type P2P */ c( "config" ( /* Configuration parameters for P2P LSPs */ c( "destination" ( /* P2P tunnel destination address */ time_of_day /* P2P tunnel destination address */ ) ) ), "p2p-primary-path" ( /* Primary paths associated with the LSP */ c( "p2p-primary-path" arg ( /* List of p2p primary paths for a tunnel */ c( "config" ( /* Configuration parameters related to paths */ c( "name" arg /* Path name */, "path-computation-method" ( /* The method used for computing the path, either locally computed, queried from a server or not computed at all (explicitly configured). */ ("EXPLICITLY_DEFINED" | "EXTERNALLY_QUERIED" | "LOCALLY_COMPUTED") ), "use-cspf" ( /* Flag to enable CSPF for locally computed LSPs */ ("true" | "false") ), "cspf-tiebreaker" ( /* Determine the tie-breaking method to choose between equally desirable paths during CSFP computation */ ("RANDOM" | "LEAST_FILL" | "MOST_FILL") ), "path-computation-server" ( /* Address of the external path computation server */ time_of_day /* Address of the external path computation server */ ), "explicit-path-name" arg /* reference to a defined path */, "preference" arg /* Specifies a preference for this path. The lower the number higher the preference */, "setup-priority" arg /* RSVP-TE preemption priority during LSP setup, lower is higher priority; default 7 indicates that LSP will not preempt established LSPs during setup */, "hold-priority" arg /* preemption priority once the LSP is established, lower is higher priority; default 0 indicates other LSPs will not preempt the LSPs once established */, "retry-timer" arg /* sets the time between attempts to establish the LSP */ ) ), "candidate-secondary-paths" ( /* The set of candidate secondary paths which may be used for this primary path. When secondary paths are specified in the list the path of the secondary LSP in use must be restricted to those path options referenced. The priority of the secondary paths is specified within the list. Higher priority values are less preferred - that is to say that a path with priority 0 is the most preferred path. In the case that the list is empty, any secondary path option may be utilised when the current primary path is in use. */ c( "candidate-secondary-path" ( /* List of secondary paths which may be utilised when the current primary path is in use */ s( arg, c( "config" ( /* Configuration parameters relating to the candidate secondary path */ c( "secondary-path" arg /* A reference to the secondary path that should be utilised when the containing primary path option is in use */, "priority" arg /* The priority of the specified secondary path option. Higher priority options are less preferable - such that a secondary path reference with a priority of 0 is the most preferred */ ) ) ) ) ) ) ), "admin-groups" ( /* Top-level container for include/exclude constraints for link affinities */ c( "config" ( /* Configuration data */ c( "exclude-group" arg /* list of references to named admin-groups to exclude in path calculation. */, "include-all-group" arg /* list of references to named admin-groups of which all must be included */, "include-any-group" arg /* list of references to named admin-groups of which one must be included */ ) ) ) ), "jnx-aug-openconfig-ni-mpls:lsp-instances" ( s( arg, c( "state" ( c( "local-index" arg, "notify-status" arg, "metric" arg, "bandwidth" arg, "max-avg-bandwidth" arg ) ) ) ) ) ) ) ) ), "p2p-secondary-paths" ( /* Secondary paths for the LSP */ c( "p2p-secondary-path" arg ( /* List of p2p primary paths for a tunnel */ c( "config" ( /* Configuration parameters related to paths */ c( "name" arg /* Path name */, "path-computation-method" ( /* The method used for computing the path, either locally computed, queried from a server or not computed at all (explicitly configured). */ ("EXPLICITLY_DEFINED" | "EXTERNALLY_QUERIED" | "LOCALLY_COMPUTED") ), "use-cspf" ( /* Flag to enable CSPF for locally computed LSPs */ ("true" | "false") ), "cspf-tiebreaker" ( /* Determine the tie-breaking method to choose between equally desirable paths during CSFP computation */ ("RANDOM" | "LEAST_FILL" | "MOST_FILL") ), "path-computation-server" ( /* Address of the external path computation server */ time_of_day /* Address of the external path computation server */ ), "explicit-path-name" arg /* reference to a defined path */, "preference" arg /* Specifies a preference for this path. The lower the number higher the preference */, "setup-priority" arg /* RSVP-TE preemption priority during LSP setup, lower is higher priority; default 7 indicates that LSP will not preempt established LSPs during setup */, "hold-priority" arg /* preemption priority once the LSP is established, lower is higher priority; default 0 indicates other LSPs will not preempt the LSPs once established */, "retry-timer" arg /* sets the time between attempts to establish the LSP */ ) ), "admin-groups" ( /* Top-level container for include/exclude constraints for link affinities */ c( "config" ( /* Configuration data */ c( "exclude-group" arg /* list of references to named admin-groups to exclude in path calculation. */, "include-all-group" arg /* list of references to named admin-groups of which all must be included */, "include-any-group" arg /* list of references to named admin-groups of which one must be included */ ) ) ) ) ) ) ) ) ) ) ) ) ) ), "jnx-aug-openconfig-ni-mpls:container-tunnels" ( c( "container-tunnel" arg ( c( "state" ( c( "name" arg, "oper-state" ( ("CONTAINER_TUNNEL_UP" | "CONTAINER_TUNNEL_DOWN") ), "normalization-status" arg, "member-count" arg, "minimum-lsp-count" arg, "maximum-lsp-count" arg, "normalize-timer" arg, "normalize-threshold" arg, "aggregate-bandwidth" arg, "sampled-aggregate-bandwidth" arg, "max-signaling-bandwidth" arg, "min-signaling-bandwidth" arg, "splitting-bandwidth" arg, "merging-bandwidth" arg, "time-to-normalize" arg, "incremental-normalization" ( ("true" | "false") ), "failover-normalization" ( ("true" | "false") ), "sampling" ( c( "sampling-outlier-cutoff" arg, "sampling-mode" ( ("SAMPLE_MODE_NONE" | "SAMPLE_MODE_AVERAGE_AGGREGATE" | "SAMPLE_MODE_MAX_AGGREGATE" | "SAMPLE_MODE_PERCENTILE_BASED") ), "sampling-percentile" arg ) ) ) ) ) ) ) ) ) ), "unconstrained-path" ( /* LSPs that use the IGP-determined path, i.e., non traffic-engineered, or non constrained-path */ c( "path-setup-protocol" ( /* select and configure the signaling method for the LSP */ c( "ldp" /* LDP signaling setup for IGP-congruent LSPs */ ) ) ) ), "static-lsps" ( /* statically configured LSPs, without dynamic signaling */ c( "static-lsp" arg ( /* list of defined static LSPs */ c( "config" ( /* Configuration data for the static lsp */ c( "name" arg /* name to identify the LSP */ ) ), "ingress" ( /* Static LSPs for which the router is an ingress node */ c( "config" ( /* Configuration data for ingress LSPs */ c( "next-hop" ( /* next hop IP address for the LSP */ time_of_day /* next hop IP address for the LSP */ ), "incoming-label" ( /* label value on the incoming packet */ time_of_day /* label value on the incoming packet */ ), "push-label" ( /* label value to push at the current hop for the LSP */ time_of_day /* label value to push at the current hop for the LSP */ ) ) ) ) ), "transit" ( /* Static LSPs for which the router is an transit node */ c( "config" ( /* Configuration data for transit LSPs */ c( "next-hop" ( /* next hop IP address for the LSP */ time_of_day /* next hop IP address for the LSP */ ), "incoming-label" ( /* label value on the incoming packet */ time_of_day /* label value on the incoming packet */ ), "push-label" ( /* label value to push at the current hop for the LSP */ time_of_day /* label value to push at the current hop for the LSP */ ) ) ) ) ), "egress" ( /* Static LSPs for which the router is an egress node */ c( "config" ( /* Configuration data for egress LSPs */ c( "next-hop" ( /* next hop IP address for the LSP */ time_of_day /* next hop IP address for the LSP */ ), "incoming-label" ( /* label value on the incoming packet */ time_of_day /* label value on the incoming packet */ ), "push-label" ( /* label value to push at the current hop for the LSP */ time_of_day /* label value to push at the current hop for the LSP */ ) ) ) ) ) ) ) ) ) ) ) ) ), "segment-routing" ( /* Configuration and operational state parameters relating to segment routing. */ c( "srgbs" ( /* Configuration and operational state parameters relating to the SRGBs defined for the system. */ c( "srgb" ( /* A single definition of an SRGB which may comprise of multiple sets of dataplane addresses (IPv6 addresses, or MPLS labels). */ s( arg, c( "config" ( /* Configuration parameters relating to the SRGB. */ c( "local-id" arg /* Unique identifier for the segment routing global block on the local system. */, "dataplane-type" ( /* The dataplane being used to instantiate the SRGB. When MPLS is specified the set of MPLS label blocks that are defined in the mpls-label-blocks list are used to make up the SRGB. When IPv6 is specified, the set of IPv6 prefixes specified in the ipv6-prefixes list are used. */ ("MPLS" | "IPV6") ), "mpls-label-blocks" arg /* A list of refences to the label blocks that are used to make up the SRGB. */, "ipv6-prefixes" arg /* A list of IPv6 prefixes which are to be used for segment routing using the IPv6 dataplane. */ ) ) ) ) ) ) ), "srlbs" ( /* Configuration and operational state parameters relating to the Segment Routing Local Blocks (SRLBs) defined for the system. */ c( "srlb" ( /* A definition of a Segment Routing Local Block, defined to be a set of Segment Identifiers (specified as MPLS labels or IPv6 addreses) that are defined for local allocation by the system. A block may optionally be advertised into an IGP. */ s( arg, c( "config" ( /* Configuration parameters relating to the SRLB. */ c( "local-id" arg /* A unique local identifier used for the Segment Routing Local Block. The identifier is used when referencing the SRLB within other contexts. */, "dataplane-type" ( /* The dataplane that is to be used for the Segment Routing Local Block. When MPLS is specified, the local block corresponds to a block of MPLS labels; when IPv6 is specified it corresponds to an IPv6 prefix. */ ("MPLS" | "IPV6") ), "mpls-label-block" arg /* A reference to the MPLS label block that is used to contain the SIDs of the SRLB. */, "ipv6-prefix" arg /* The IPv6 prefix that is used for the SRLB. */ ) ) ) ) ) ) ) ) ), "vlans" ( /* Container for VLAN configuration and state variables */ c( "vlan" ( /* Configured VLANs keyed by id */ s( arg, c( "config" ( /* Configuration parameters for VLANs */ c( "vlan-id" arg /* Interface VLAN id. */, "name" arg /* Interface VLAN name. */, "status" ( /* Admin state of the VLAN */ ("ACTIVE" | "SUSPENDED") ) ) ), "members" /* Enclosing container for list of member interfaces */ ) ) ) ) ), "protocols" ( /* The routing protocols that are enabled for this network-instance. */ c( "protocol" arg ( /* A process (instance) of a routing protocol. Some systems may not support more than one instance of a particular routing protocol */ s( arg, c( "config" ( /* Configuration parameters relating to the routing protocol instance */ c( "identifier" ( /* The protocol identifier for the instance */ ("IGMP" | "PIM" | "LOCAL_AGGREGATE" | "DIRECTLY_CONNECTED" | "STATIC" | "OSPF3" | "OSPF" | "ISIS" | "BGP") ), "name" arg /* A unique name for the protocol instance */, "enabled" ( /* A boolean value indicating whether the local protocol instance is enabled. */ ("true" | "false") ), "default-metric" arg /* The default metric within the RIB for entries that are installed by this protocol instance. This value may be overridden by protocol specific configuration options. The lower the metric specified the more preferable the RIB entry is to be selected for use within the network instance. Where multiple entries have the same metric value then these equal cost paths should be treated according to the specified ECMP path selection behaviour for the instance */ ) ), "static-routes" ( /* Enclosing container for the list of static routes */ c( "static" ( /* List of locally configured static routes */ s( arg, c( "config" ( /* Configuration data for static routes */ c( "prefix" ( /* Destination prefix for the static route, either IPv4 or IPv6. */ time_of_day /* Destination prefix for the static route, either IPv4 or IPv6. */ ), "set-tag" ( /* Set a generic tag value on the route. This tag can be used for filtering routes that are distributed to other routing protocols. */ time_of_day /* Set a generic tag value on the route. This tag can be used for filtering routes that are distributed to other routing protocols. */ ) ) ), "next-hops" ( /* Configuration and state parameters relating to the next-hops that are to be utilised for the static route being specified */ c( "next-hop" ( /* A list of next-hops to be utilised for the static route being specified. */ s( arg, c( "config" ( /* Configuration parameters relating to the next-hop entry */ c( "index" arg /* An user-specified identifier utilised to uniquely reference the next-hop entry in the next-hop list. The value of this index has no semantic meaning other than for referencing the entry. */, "next-hop" arg /* The next-hop that is to be used for the static route - this may be specified as an IP address, an interface or a pre-defined next-hop type - for instance, DROP or LOCAL_LINK. When this leaf is not set, and the interface-ref value is specified for the next-hop, then the system should treat the prefix as though it is directly connected to the interface. */, "metric" arg /* A metric which is utilised to specify the preference of the next-hop entry when it is injected into the RIB. The lower the metric, the more preferable the prefix is. When this value is not specified the metric is inherited from the default metric utilised for static routes within the network instance that the static routes are being instantiated. When multiple next-hops are specified for a static route, the metric is utilised to determine which of the next-hops is to be installed in the RIB. When multiple next-hops have the same metric (be it specified, or simply the default) then these next-hops should all be installed in the RIB */, "recurse" ( /* Determines whether the next-hop should be allowed to be looked up recursively - i.e., via a RIB entry which has been installed by a routing protocol, or another static route - rather than needing to be connected directly to an interface of the local system within the current network instance. When the interface reference specified within the next-hop entry is set (i.e., is not null) then forwarding is restricted to being via the interface specified - and recursion is hence disabled. */ ("true" | "false") ) ) ), "interface-ref" ( /* Reference to an interface or subinterface */ c( "config" ( /* Configured reference to interface / subinterface */ c( "interface" arg /* Reference to a base interface. If a reference to a subinterface is required, this leaf must be specified to indicate the base interface. */, "subinterface" arg /* Reference to a subinterface -- this requires the base interface to be specified using the interface leaf in this container. If only a reference to a base interface is requuired, this leaf should not be set. */ ) ) ) ), "openconfig-bfd:enable-bfd" ( /* Enable BFD for liveliness detection to the next-hop or neighbour. */ c( "config" ( /* Configuration parameters relating to enabling BFD. */ c( "enabled" ( /* When this leaf is set to true, BFD is used to detect the liveliness of the remote peer or next-hop. */ ("true" | "false") ) ) ) ) ) ) ) ) ) ) ) ) ) ) ), "local-aggregates" ( /* Enclosing container for locally-defined aggregate routes */ c( "aggregate" ( /* List of aggregates */ s( arg, c( "config" ( /* Configuration data for aggregate advertisements */ c( "prefix" ( /* Aggregate prefix to be advertised */ time_of_day /* Aggregate prefix to be advertised */ ), "discard" ( /* When true, install the aggregate route with a discard next-hop -- traffic destined to the aggregate will be discarded with no ICMP message generated. When false, traffic destined to an aggregate address when no constituent routes are present will generate an ICMP unreachable message. */ ("true" | "false") ), "set-tag" ( /* Set a generic tag value on the route. This tag can be used for filtering routes that are distributed to other routing protocols. */ time_of_day /* Set a generic tag value on the route. This tag can be used for filtering routes that are distributed to other routing protocols. */ ) ) ) ) ) ) ) ), "bgp" ( /* Top-level configuration and state for the BGP router */ c( "global" ( /* Global configuration for the BGP router */ c( "config" ( /* Configuration parameters relating to the global BGP router */ c( "as" arg /* Local autonomous system number of the router. Uses the 32-bit as-number type from the model in RFC 6991. */, "router-id" arg /* Router id of the router - an unsigned 32-bit integer expressed in dotted quad notation. */ ) ), "default-route-distance" ( /* Administrative distance (or preference) assigned to routes received from different sources (external, internal, and local). */ c( "config" ( /* Configuration parameters relating to the default route distance */ c( "external-route-distance" arg /* Administrative distance for routes learned from external BGP (eBGP). */, "internal-route-distance" arg /* Administrative distance for routes learned from internal BGP (iBGP). */ ) ) ) ), "confederation" ( /* Parameters indicating whether the local system acts as part of a BGP confederation */ c( "config" ( /* Configuration parameters relating to BGP confederations */ c( "identifier" arg /* Confederation identifier for the autonomous system. Setting the identifier indicates that the local-AS is part of a BGP confederation. */, "member-as" arg /* Remote autonomous systems that are to be treated as part of the local confederation. */ ) ) ) ), "graceful-restart" ( /* Parameters relating the graceful restart mechanism for BGP */ c( "config" ( /* Configuration parameters relating to graceful-restart */ c( "enabled" ( /* Enable or disable the graceful-restart capability. */ ("true" | "false") ), "restart-time" arg /* Estimated time (in seconds) for the local BGP speaker to restart a session. This value is advertise in the graceful restart BGP capability. This is a 12-bit value, referred to as Restart Time in RFC4724. Per RFC4724, the suggested default value is <= the hold-time value. */, "stale-routes-time" arg /* An upper-bound on the time thate stale routes will be retained by a router after a session is restarted. If an End-of-RIB (EOR) marker is received prior to this timer expiring stale-routes will be flushed upon its receipt - if no EOR is received, then when this timer expires stale paths will be purged. This timer is referred to as the Selection_Deferral_Timer in RFC4724 */, "helper-only" ( /* Enable graceful-restart in helper mode only. When this leaf is set, the local system does not retain forwarding its own state during a restart, but supports procedures for the receiving speaker, as defined in RFC4724. */ ("true" | "false") ) ) ) ) ), "use-multiple-paths" ( /* Parameters related to the use of multiple paths for the same NLRI */ c( "config" ( /* Configuration parameters relating to multipath */ c( "enabled" ( /* Whether the use of multiple paths for the same NLRI is enabled for the neighbor. This value is overridden by any more specific configuration value. */ ("true" | "false") ) ) ), "ebgp" ( /* Multipath parameters for eBGP */ c( "config" ( /* Configuration parameters relating to eBGP multipath */ c( "allow-multiple-as" ( /* Allow multipath to use paths from different neighbouring ASes. The default is to only consider multiple paths from the same neighbouring AS. */ ("true" | "false") ), "maximum-paths" arg /* Maximum number of parallel paths to consider when using BGP multipath. The default is use a single path. */ ) ) ) ), "ibgp" ( /* Multipath parameters for iBGP */ c( "config" ( /* Configuration parameters relating to iBGP multipath */ c( "maximum-paths" arg /* Maximum number of parallel paths to consider when using iBGP multipath. The default is to use a single path */ ) ) ) ) ) ), "route-selection-options" ( /* Parameters relating to options for route selection */ c( "config" ( /* Configuration parameters relating to route selection options */ c( "always-compare-med" ( /* Compare multi-exit discriminator (MED) value from different ASes when selecting the best route. The default behavior is to only compare MEDs for paths received from the same AS. */ ("true" | "false") ), "ignore-as-path-length" ( /* Ignore the AS path length when selecting the best path. The default is to use the AS path length and prefer paths with shorter length. */ ("true" | "false") ), "external-compare-router-id" ( /* When comparing similar routes received from external BGP peers, use the router-id as a criterion to select the active path. */ ("true" | "false") ), "advertise-inactive-routes" ( /* Advertise inactive routes to external peers. The default is to only advertise active routes. */ ("true" | "false") ), "enable-aigp" ( /* Flag to enable sending / receiving accumulated IGP attribute in routing updates */ ("true" | "false") ), "ignore-next-hop-igp-metric" ( /* Ignore the IGP metric to the next-hop when calculating BGP best-path. The default is to select the route for which the metric to the next-hop is lowest */ ("true" | "false") ) ) ) ) ), "afi-safis" ( /* Address family specific configuration */ c( "afi-safi" ( /* AFI,SAFI configuration available for the neighbour or group */ s( arg, c( "config" ( /* Configuration parameters for the AFI-SAFI */ c( "afi-safi-name" ( /* AFI,SAFI */ ("L2VPN_EVPN" | "L2VPN_VPLS" | "L3VPN_IPV6_MULTICAST" | "L3VPN_IPV4_MULTICAST" | "L3VPN_IPV6_UNICAST" | "L3VPN_IPV4_UNICAST" | "IPV6_LABELED_UNICAST" | "IPV4_LABELED_UNICAST" | "IPV6_UNICAST" | "IPV4_UNICAST" | "IPV4_MULTICAST" | "IPV6_MULTICAST") ), "enabled" ( /* This leaf indicates whether the IPv4 Unicast AFI,SAFI is enabled for the neighbour or group */ ("true" | "false") ) ) ), "graceful-restart" ( /* Parameters relating to BGP graceful-restart */ c( "config" ( /* Configuration options for BGP graceful-restart */ c( "enabled" ( /* This leaf indicates whether graceful-restart is enabled for this AFI-SAFI */ ("true" | "false") ) ) ) ) ), "route-selection-options" ( /* Parameters relating to options for route selection */ c( "config" ( /* Configuration parameters relating to route selection options */ c( "always-compare-med" ( /* Compare multi-exit discriminator (MED) value from different ASes when selecting the best route. The default behavior is to only compare MEDs for paths received from the same AS. */ ("true" | "false") ), "ignore-as-path-length" ( /* Ignore the AS path length when selecting the best path. The default is to use the AS path length and prefer paths with shorter length. */ ("true" | "false") ), "external-compare-router-id" ( /* When comparing similar routes received from external BGP peers, use the router-id as a criterion to select the active path. */ ("true" | "false") ), "advertise-inactive-routes" ( /* Advertise inactive routes to external peers. The default is to only advertise active routes. */ ("true" | "false") ), "enable-aigp" ( /* Flag to enable sending / receiving accumulated IGP attribute in routing updates */ ("true" | "false") ), "ignore-next-hop-igp-metric" ( /* Ignore the IGP metric to the next-hop when calculating BGP best-path. The default is to select the route for which the metric to the next-hop is lowest */ ("true" | "false") ) ) ) ) ), "use-multiple-paths" ( /* Parameters related to the use of multiple paths for the same NLRI */ c( "config" ( /* Configuration parameters relating to multipath */ c( "enabled" ( /* Whether the use of multiple paths for the same NLRI is enabled for the neighbor. This value is overridden by any more specific configuration value. */ ("true" | "false") ) ) ), "ebgp" ( /* Multipath parameters for eBGP */ c( "config" ( /* Configuration parameters relating to eBGP multipath */ c( "allow-multiple-as" ( /* Allow multipath to use paths from different neighbouring ASes. The default is to only consider multiple paths from the same neighbouring AS. */ ("true" | "false") ), "maximum-paths" arg /* Maximum number of parallel paths to consider when using BGP multipath. The default is use a single path. */ ) ) ) ), "ibgp" ( /* Multipath parameters for iBGP */ c( "config" ( /* Configuration parameters relating to iBGP multipath */ c( "maximum-paths" arg /* Maximum number of parallel paths to consider when using iBGP multipath. The default is to use a single path */ ) ) ) ) ) ), "add-paths" ( /* Parameters relating to the advertisement and receipt of multiple paths for a single NLRI (add-paths) */ c( "config" ( /* Configuration parameters relating to ADD_PATHS */ c( "receive" ( /* Enable capability negotiation to receive multiple path advertisements for an NLRI from the neighbor or group */ ("true" | "false") ), "send" ( /* Enable capability negotiation to send multiple path advertisements for an NLRI from the neighbor or group */ ("true" | "false") ), "send-max" arg /* The maximum total number of paths to advertise to neighbors for a single NLRI. This includes the single best path as well as additional paths advertised when add-paths is enabled. */, "eligible-prefix-policy" arg /* A reference to a routing policy which can be used to restrict the prefixes for which add-paths is enabled */ ) ) ) ), "ipv4-unicast" ( /* IPv4 unicast configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ), "config" ( /* Configuration parameters for common IPv4 and IPv6 unicast AFI-SAFI options */ c( "send-default-route" ( /* If set to true, send the default-route to the neighbour(s) */ ("true" | "false") ) ) ) ) ), "ipv6-unicast" ( /* IPv6 unicast configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ), "config" ( /* Configuration parameters for common IPv4 and IPv6 unicast AFI-SAFI options */ c( "send-default-route" ( /* If set to true, send the default-route to the neighbour(s) */ ("true" | "false") ) ) ) ) ), "ipv4-labeled-unicast" ( /* IPv4 Labeled Unicast configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "ipv6-labeled-unicast" ( /* IPv6 Labeled Unicast configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l3vpn-ipv4-unicast" ( /* Unicast IPv4 L3VPN configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l3vpn-ipv6-unicast" ( /* Unicast IPv6 L3VPN configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l3vpn-ipv4-multicast" ( /* Multicast IPv4 L3VPN configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l3vpn-ipv6-multicast" ( /* Multicast IPv6 L3VPN configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l2vpn-vpls" ( /* BGP-signalled VPLS configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l2vpn-evpn" ( /* BGP EVPN configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ) ) ) ) ) ), "dynamic-neighbor-prefixes" ( /* A list of IP prefixes from which the system should: - Accept connections to the BGP daemon - Dynamically configure a BGP neighbor corresponding to the source address of the remote system, using the parameters of the specified peer-group. For such neighbors, an entry within the neighbor list should be created, indicating that the peer was dynamically configured, and referencing the peer-group from which the configuration was derived. */ c( "dynamic-neighbor-prefix" ( /* An individual prefix from which dynamic neighbor connections are allowed. */ s( arg, c( "config" ( /* Configuration parameters relating to the source prefix for the dynamic BGP neighbor connections. */ c( "prefix" ( /* The IP prefix within which the source address of the remote BGP speaker must fall to be considered eligible to the dynamically configured. */ time_of_day /* The IP prefix within which the source address of the remote BGP speaker must fall to be considered eligible to the dynamically configured. */ ), "peer-group" arg /* The peer-group within which the dynamic neighbor will be configured. The configuration parameters used for the dynamic neighbor are those specified within the referenced peer group. */ ) ) ) ) ) ) ), "jnx-aug-openconfig-ni:apply-policy" ( /* Anchor point for routing policies in the model. Import and export policies are with respect to the local routing table, i.e., export (send) and import (receive), depending on the context. */ c( "config" ( /* Policy configuration data. */ c( "import-policy" arg /* list of policy names in sequence to be applied on receiving a routing update in the current context, e.g., for the current peer group, neighbor, address family, etc. */, "default-import-policy" ( /* explicitly set a default policy if no policy definition in the import policy chain is satisfied. */ ("ACCEPT_ROUTE" | "REJECT_ROUTE") ), "export-policy" arg /* list of policy names in sequence to be applied on sending a routing update in the current context, e.g., for the current peer group, neighbor, address family, etc. */, "default-export-policy" ( /* explicitly set a default policy if no policy definition in the export policy chain is satisfied. */ ("ACCEPT_ROUTE" | "REJECT_ROUTE") ) ) ) ) ) ) ), "neighbors" ( /* Configuration for BGP neighbors */ c( "neighbor" ( /* List of BGP neighbors configured on the local system, uniquely identified by peer IPv[46] address */ s( arg, c( "config" ( /* Configuration parameters relating to the BGP neighbor or group */ c( "peer-group" arg /* The peer-group with which this neighbor is associated */, "neighbor-address" ( /* Address of the BGP peer, either in IPv4 or IPv6 */ time_of_day /* Address of the BGP peer, either in IPv4 or IPv6 */ ), "enabled" ( /* Whether the BGP peer is enabled. In cases where the enabled leaf is set to false, the local system should not initiate connections to the neighbor, and should not respond to TCP connections attempts from the neighbor. If the state of the BGP session is ESTABLISHED at the time that this leaf is set to false, the BGP session should be ceased. */ ("true" | "false") ), "peer-as" arg /* AS number of the peer. */, "local-as" arg /* The local autonomous system number that is to be used when establishing sessions with the remote peer or peer group, if this differs from the global BGP router autonomous system number. */, "peer-type" ( /* Explicitly designate the peer or peer group as internal (iBGP) or external (eBGP). */ ("INTERNAL" | "EXTERNAL") ), "auth-password" arg /* Configures an MD5 authentication password for use with neighboring devices. */, "remove-private-as" ( /* Remove private AS numbers from updates sent to peers - when this leaf is not specified, the AS_PATH attribute should be sent to the peer unchanged */ ("PRIVATE_AS_REPLACE_ALL" | "PRIVATE_AS_REMOVE_ALL") ), "route-flap-damping" ( /* Enable route flap damping. */ ("true" | "false") ), "send-community" ( /* Specify which types of community should be sent to the neighbor or group. The default is to not send the community attribute */ ("STANDARD" | "EXTENDED" | "BOTH" | "NONE") ), "description" arg /* An optional textual description (intended primarily for use with a peer or group */ ) ), "timers" ( /* Timers related to a BGP neighbor */ c( "config" ( /* Configuration parameters relating to timers used for the BGP neighbor */ c( "connect-retry" arg /* Time interval in seconds between attempts to establish a session with the peer. */, "hold-time" arg /* Time interval in seconds that a BGP session will be considered active in the absence of keepalive or other messages from the peer. The hold-time is typically set to 3x the keepalive-interval. */, "keepalive-interval" arg /* Time interval in seconds between transmission of keepalive messages to the neighbor. Typically set to 1/3 the hold-time. */, "minimum-advertisement-interval" arg /* Minimum time which must elapse between subsequent UPDATE messages relating to a common set of NLRI being transmitted to a peer. This timer is referred to as MinRouteAdvertisementIntervalTimer by RFC 4721 and serves to reduce the number of UPDATE messages transmitted when a particular set of NLRI exhibit instability. */ ) ) ) ), "transport" ( /* Transport session parameters for the BGP neighbor */ c( "config" ( /* Configuration parameters relating to the transport session(s) used for the BGP neighbor */ c( "tcp-mss" arg /* Sets the max segment size for BGP TCP sessions. */, "mtu-discovery" ( /* Turns path mtu discovery for BGP TCP sessions on (true) or off (false) */ ("true" | "false") ), "passive-mode" ( /* Wait for peers to issue requests to open a BGP session, rather than initiating sessions from the local router. */ ("true" | "false") ), "local-address" ( /* Set the local IP (either IPv4 or IPv6) address to use for the session when sending BGP update messages. This may be expressed as either an IP address or reference to the name of an interface. */ time_of_day /* Set the local IP (either IPv4 or IPv6) address to use for the session when sending BGP update messages. This may be expressed as either an IP address or reference to the name of an interface. */ ) ) ) ) ), "error-handling" ( /* Error handling parameters used for the BGP neighbor or group */ c( "config" ( /* Configuration parameters enabling or modifying the behavior or enhanced error handling mechanisms for the BGP neighbor */ c( "treat-as-withdraw" ( /* Specify whether erroneous UPDATE messages for which the NLRI can be extracted are reated as though the NLRI is withdrawn - avoiding session reset */ ("true" | "false") ) ) ) ) ), "graceful-restart" ( /* Parameters relating the graceful restart mechanism for BGP */ c( "config" ( /* Configuration parameters relating to graceful-restart */ c( "enabled" ( /* Enable or disable the graceful-restart capability. */ ("true" | "false") ), "restart-time" arg /* Estimated time (in seconds) for the local BGP speaker to restart a session. This value is advertise in the graceful restart BGP capability. This is a 12-bit value, referred to as Restart Time in RFC4724. Per RFC4724, the suggested default value is <= the hold-time value. */, "stale-routes-time" arg /* An upper-bound on the time thate stale routes will be retained by a router after a session is restarted. If an End-of-RIB (EOR) marker is received prior to this timer expiring stale-routes will be flushed upon its receipt - if no EOR is received, then when this timer expires stale paths will be purged. This timer is referred to as the Selection_Deferral_Timer in RFC4724 */, "helper-only" ( /* Enable graceful-restart in helper mode only. When this leaf is set, the local system does not retain forwarding its own state during a restart, but supports procedures for the receiving speaker, as defined in RFC4724. */ ("true" | "false") ) ) ) ) ), "logging-options" ( /* Logging options for events related to the BGP neighbor or group */ c( "config" ( /* Configuration parameters enabling or modifying logging for events relating to the BGPgroup */ c( "log-neighbor-state-changes" ( /* Configure logging of peer state changes. Default is to enable logging of peer state changes. */ ("true" | "false") ) ) ) ) ), "ebgp-multihop" ( /* eBGP multi-hop parameters for the BGPgroup */ c( "config" ( /* Configuration parameters relating to eBGP multihop for the BGP group */ c( "enabled" ( /* When enabled the referenced group or neighbors are permitted to be indirectly connected - including cases where the TTL can be decremented between the BGP peers */ ("true" | "false") ), "multihop-ttl" arg /* Time-to-live value to use when packets are sent to the referenced group or neighbors and ebgp-multihop is enabled */ ) ) ) ), "route-reflector" ( /* Route reflector parameters for the BGPgroup */ c( "config" ( /* Configuraton parameters relating to route reflection for the BGPgroup */ c( "route-reflector-cluster-id" ( /* route-reflector cluster id to use when local router is configured as a route reflector. Commonly set at the group level, but allows a different cluster id to be set for each neighbor. */ time_of_day /* route-reflector cluster id to use when local router is configured as a route reflector. Commonly set at the group level, but allows a different cluster id to be set for each neighbor. */ ), "route-reflector-client" ( /* Configure the neighbor as a route reflector client. */ ("true" | "false") ) ) ) ) ), "as-path-options" ( /* AS_PATH manipulation parameters for the BGP neighbor or group */ c( "config" ( /* Configuration parameters relating to AS_PATH manipulation for the BGP peer or group */ c( "allow-own-as" arg /* Specify the number of occurrences of the local BGP speaker's AS that can occur within the AS_PATH before it is rejected. */, "replace-peer-as" ( /* Replace occurrences of the peer's AS in the AS_PATH with the local autonomous system number */ ("true" | "false") ), "disable-peer-as-filter" ( /* When set to true, the system advertises routes to a peer even if the peer's AS was in the AS path. The default behavior (false) suppresses advertisements to peers if their AS number is in the AS path of the route. */ ("true" | "false") ) ) ) ) ), "use-multiple-paths" ( /* Parameters related to the use of multiple-paths for the same NLRI when they are received only from this neighbor */ c( "config" ( /* Configuration parameters relating to multipath */ c( "enabled" ( /* Whether the use of multiple paths for the same NLRI is enabled for the neighbor. This value is overridden by any more specific configuration value. */ ("true" | "false") ) ) ), "ebgp" ( /* Multipath configuration for eBGP */ c( "config" ( /* Configuration parameters relating to eBGP multipath */ c( "allow-multiple-as" ( /* Allow multipath to use paths from different neighbouring ASes. The default is to only consider multiple paths from the same neighbouring AS. */ ("true" | "false") ) ) ) ) ) ) ), "apply-policy" ( /* Anchor point for routing policies in the model. Import and export policies are with respect to the local routing table, i.e., export (send) and import (receive), depending on the context. */ c( "config" ( /* Policy configuration data. */ c( "import-policy" arg /* list of policy names in sequence to be applied on receiving a routing update in the current context, e.g., for the current peer group, neighbor, address family, etc. */, "default-import-policy" ( /* explicitly set a default policy if no policy definition in the import policy chain is satisfied. */ ("ACCEPT_ROUTE" | "REJECT_ROUTE") ), "export-policy" arg /* list of policy names in sequence to be applied on sending a routing update in the current context, e.g., for the current peer group, neighbor, address family, etc. */, "default-export-policy" ( /* explicitly set a default policy if no policy definition in the export policy chain is satisfied. */ ("ACCEPT_ROUTE" | "REJECT_ROUTE") ) ) ) ) ), "afi-safis" ( /* Per-address-family configuration parameters associated with the neighbor */ c( "afi-safi" ( /* AFI,SAFI configuration available for the neighbour or group */ s( arg, c( "config" ( /* Configuration parameters for the AFI-SAFI */ c( "afi-safi-name" ( /* AFI,SAFI */ ("L2VPN_EVPN" | "L2VPN_VPLS" | "L3VPN_IPV6_MULTICAST" | "L3VPN_IPV4_MULTICAST" | "L3VPN_IPV6_UNICAST" | "L3VPN_IPV4_UNICAST" | "IPV6_LABELED_UNICAST" | "IPV4_LABELED_UNICAST" | "IPV6_UNICAST" | "IPV4_UNICAST" | "IPV4_MULTICAST" | "IPV6_MULTICAST") ), "enabled" ( /* This leaf indicates whether the IPv4 Unicast AFI,SAFI is enabled for the neighbour or group */ ("true" | "false") ) ) ), "graceful-restart" ( /* Parameters relating to BGP graceful-restart */ c( "config" ( /* Configuration options for BGP graceful-restart */ c( "enabled" ( /* This leaf indicates whether graceful-restart is enabled for this AFI-SAFI */ ("true" | "false") ) ) ) ) ), "add-paths" ( /* Parameters relating to the advertisement and receipt of multiple paths for a single NLRI (add-paths) */ c( "config" ( /* Configuration parameters relating to ADD_PATHS */ c( "receive" ( /* Enable capability negotiation to receive multiple path advertisements for an NLRI from the neighbor or group */ ("true" | "false") ), "send" ( /* Enable capability negotiation to send multiple path advertisements for an NLRI from the neighbor or group */ ("true" | "false") ), "send-max" arg /* The maximum total number of paths to advertise to neighbors for a single NLRI. This includes the single best path as well as additional paths advertised when add-paths is enabled. */, "eligible-prefix-policy" arg /* A reference to a routing policy which can be used to restrict the prefixes for which add-paths is enabled */ ) ) ) ), "apply-policy" ( /* Anchor point for routing policies in the model. Import and export policies are with respect to the local routing table, i.e., export (send) and import (receive), depending on the context. */ c( "config" ( /* Policy configuration data. */ c( "import-policy" arg /* list of policy names in sequence to be applied on receiving a routing update in the current context, e.g., for the current peer group, neighbor, address family, etc. */, "default-import-policy" ( /* explicitly set a default policy if no policy definition in the import policy chain is satisfied. */ ("ACCEPT_ROUTE" | "REJECT_ROUTE") ), "export-policy" arg /* list of policy names in sequence to be applied on sending a routing update in the current context, e.g., for the current peer group, neighbor, address family, etc. */, "default-export-policy" ( /* explicitly set a default policy if no policy definition in the export policy chain is satisfied. */ ("ACCEPT_ROUTE" | "REJECT_ROUTE") ) ) ) ) ), "ipv4-unicast" ( /* IPv4 unicast configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ), "config" ( /* Configuration parameters for common IPv4 and IPv6 unicast AFI-SAFI options */ c( "send-default-route" ( /* If set to true, send the default-route to the neighbour(s) */ ("true" | "false") ) ) ) ) ), "ipv6-unicast" ( /* IPv6 unicast configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ), "config" ( /* Configuration parameters for common IPv4 and IPv6 unicast AFI-SAFI options */ c( "send-default-route" ( /* If set to true, send the default-route to the neighbour(s) */ ("true" | "false") ) ) ) ) ), "ipv4-labeled-unicast" ( /* IPv4 Labeled Unicast configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "ipv6-labeled-unicast" ( /* IPv6 Labeled Unicast configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l3vpn-ipv4-unicast" ( /* Unicast IPv4 L3VPN configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l3vpn-ipv6-unicast" ( /* Unicast IPv6 L3VPN configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l3vpn-ipv4-multicast" ( /* Multicast IPv4 L3VPN configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l3vpn-ipv6-multicast" ( /* Multicast IPv6 L3VPN configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l2vpn-vpls" ( /* BGP-signalled VPLS configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l2vpn-evpn" ( /* BGP EVPN configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "use-multiple-paths" ( /* Parameters related to the use of multiple-paths for the same NLRI when they are received only from this neighbor */ c( "config" ( /* Configuration parameters relating to multipath */ c( "enabled" ( /* Whether the use of multiple paths for the same NLRI is enabled for the neighbor. This value is overridden by any more specific configuration value. */ ("true" | "false") ) ) ), "ebgp" ( /* Multipath configuration for eBGP */ c( "config" ( /* Configuration parameters relating to eBGP multipath */ c( "allow-multiple-as" ( /* Allow multipath to use paths from different neighbouring ASes. The default is to only consider multiple paths from the same neighbouring AS. */ ("true" | "false") ) ) ) ) ) ) ) ) ) ) ) ), "openconfig-bfd:enable-bfd" ( /* Enable BFD for liveliness detection to the next-hop or neighbour. */ c( "config" ( /* Configuration parameters relating to enabling BFD. */ c( "enabled" ( /* When this leaf is set to true, BFD is used to detect the liveliness of the remote peer or next-hop. */ ("true" | "false") ) ) ) ) ), "jnx-aug-openconfig-ni:snmp-peer-index" arg /* An unique index for the remote peer entry in the jnxBgpM2PeerTable */, "jnx-aug-openconfig-ni:bfd-params" ( c( "local-multiplier" arg /* Multiplier transmitted by local system. */, "enable" ( /* Indicates whether the BFD is enabled. */ ("true" | "false") ), c( "desired-min-tx-interval" arg /* Desired minimum transmit interval of control packets. */, "required-min-rx-interval" arg /* Required minimum receive interval of control packets. */, "min-interval" arg /* Desired minimum transmit interval and required minimum receive interval of control packets. */ ) ) ) ) ) ) ) ), "peer-groups" ( /* Configuration for BGP peer-groups */ c( "peer-group" ( /* List of BGP peer-groups configured on the local system - uniquely identified by peer-group name */ s( arg, c( "config" ( /* Configuration parameters relating to the BGP neighbor or group */ c( "peer-group-name" arg /* Name of the BGP peer-group */, "peer-as" arg /* AS number of the peer. */, "local-as" arg /* The local autonomous system number that is to be used when establishing sessions with the remote peer or peer group, if this differs from the global BGP router autonomous system number. */, "peer-type" ( /* Explicitly designate the peer or peer group as internal (iBGP) or external (eBGP). */ ("INTERNAL" | "EXTERNAL") ), "auth-password" arg /* Configures an MD5 authentication password for use with neighboring devices. */, "remove-private-as" ( /* Remove private AS numbers from updates sent to peers - when this leaf is not specified, the AS_PATH attribute should be sent to the peer unchanged */ ("PRIVATE_AS_REPLACE_ALL" | "PRIVATE_AS_REMOVE_ALL") ), "route-flap-damping" ( /* Enable route flap damping. */ ("true" | "false") ), "send-community" ( /* Specify which types of community should be sent to the neighbor or group. The default is to not send the community attribute */ ("STANDARD" | "EXTENDED" | "BOTH" | "NONE") ), "description" arg /* An optional textual description (intended primarily for use with a peer or group */ ) ), "timers" ( /* Timers related to a BGP peer-group */ c( "config" ( /* Configuration parameters relating to timers used for the BGP neighbor or peer group */ c( "connect-retry" arg /* Time interval in seconds between attempts to establish a session with the peer. */, "hold-time" arg /* Time interval in seconds that a BGP session will be considered active in the absence of keepalive or other messages from the peer. The hold-time is typically set to 3x the keepalive-interval. */, "keepalive-interval" arg /* Time interval in seconds between transmission of keepalive messages to the neighbor. Typically set to 1/3 the hold-time. */, "minimum-advertisement-interval" arg /* Minimum time which must elapse between subsequent UPDATE messages relating to a common set of NLRI being transmitted to a peer. This timer is referred to as MinRouteAdvertisementIntervalTimer by RFC 4721 and serves to reduce the number of UPDATE messages transmitted when a particular set of NLRI exhibit instability. */ ) ) ) ), "transport" ( /* Transport session parameters for the BGP peer-group */ c( "config" ( /* Configuration parameters relating to the transport session(s) used for the BGP neighbor or group */ c( "tcp-mss" arg /* Sets the max segment size for BGP TCP sessions. */, "mtu-discovery" ( /* Turns path mtu discovery for BGP TCP sessions on (true) or off (false) */ ("true" | "false") ), "passive-mode" ( /* Wait for peers to issue requests to open a BGP session, rather than initiating sessions from the local router. */ ("true" | "false") ), "local-address" ( /* Set the local IP (either IPv4 or IPv6) address to use for the session when sending BGP update messages. This may be expressed as either an IP address or reference to the name of an interface. */ time_of_day /* Set the local IP (either IPv4 or IPv6) address to use for the session when sending BGP update messages. This may be expressed as either an IP address or reference to the name of an interface. */ ) ) ) ) ), "error-handling" ( /* Error handling parameters used for the BGP peer-group */ c( "config" ( /* Configuration parameters enabling or modifying the behavior or enhanced error handling mechanisms for the BGP group */ c( "treat-as-withdraw" ( /* Specify whether erroneous UPDATE messages for which the NLRI can be extracted are reated as though the NLRI is withdrawn - avoiding session reset */ ("true" | "false") ) ) ) ) ), "graceful-restart" ( /* Parameters relating the graceful restart mechanism for BGP */ c( "config" ( /* Configuration parameters relating to graceful-restart */ c( "enabled" ( /* Enable or disable the graceful-restart capability. */ ("true" | "false") ), "restart-time" arg /* Estimated time (in seconds) for the local BGP speaker to restart a session. This value is advertise in the graceful restart BGP capability. This is a 12-bit value, referred to as Restart Time in RFC4724. Per RFC4724, the suggested default value is <= the hold-time value. */, "stale-routes-time" arg /* An upper-bound on the time thate stale routes will be retained by a router after a session is restarted. If an End-of-RIB (EOR) marker is received prior to this timer expiring stale-routes will be flushed upon its receipt - if no EOR is received, then when this timer expires stale paths will be purged. This timer is referred to as the Selection_Deferral_Timer in RFC4724 */, "helper-only" ( /* Enable graceful-restart in helper mode only. When this leaf is set, the local system does not retain forwarding its own state during a restart, but supports procedures for the receiving speaker, as defined in RFC4724. */ ("true" | "false") ) ) ) ) ), "logging-options" ( /* Logging options for events related to the BGP neighbor or group */ c( "config" ( /* Configuration parameters enabling or modifying logging for events relating to the BGPgroup */ c( "log-neighbor-state-changes" ( /* Configure logging of peer state changes. Default is to enable logging of peer state changes. */ ("true" | "false") ) ) ) ) ), "ebgp-multihop" ( /* eBGP multi-hop parameters for the BGPgroup */ c( "config" ( /* Configuration parameters relating to eBGP multihop for the BGP group */ c( "enabled" ( /* When enabled the referenced group or neighbors are permitted to be indirectly connected - including cases where the TTL can be decremented between the BGP peers */ ("true" | "false") ), "multihop-ttl" arg /* Time-to-live value to use when packets are sent to the referenced group or neighbors and ebgp-multihop is enabled */ ) ) ) ), "route-reflector" ( /* Route reflector parameters for the BGPgroup */ c( "config" ( /* Configuraton parameters relating to route reflection for the BGPgroup */ c( "route-reflector-cluster-id" ( /* route-reflector cluster id to use when local router is configured as a route reflector. Commonly set at the group level, but allows a different cluster id to be set for each neighbor. */ time_of_day /* route-reflector cluster id to use when local router is configured as a route reflector. Commonly set at the group level, but allows a different cluster id to be set for each neighbor. */ ), "route-reflector-client" ( /* Configure the neighbor as a route reflector client. */ ("true" | "false") ) ) ) ) ), "as-path-options" ( /* AS_PATH manipulation parameters for the BGP neighbor or group */ c( "config" ( /* Configuration parameters relating to AS_PATH manipulation for the BGP peer or group */ c( "allow-own-as" arg /* Specify the number of occurrences of the local BGP speaker's AS that can occur within the AS_PATH before it is rejected. */, "replace-peer-as" ( /* Replace occurrences of the peer's AS in the AS_PATH with the local autonomous system number */ ("true" | "false") ), "disable-peer-as-filter" ( /* When set to true, the system advertises routes to a peer even if the peer's AS was in the AS path. The default behavior (false) suppresses advertisements to peers if their AS number is in the AS path of the route. */ ("true" | "false") ) ) ) ) ), "use-multiple-paths" ( /* Parameters related to the use of multiple paths for the same NLRI */ c( "config" ( /* Configuration parameters relating to multipath */ c( "enabled" ( /* Whether the use of multiple paths for the same NLRI is enabled for the neighbor. This value is overridden by any more specific configuration value. */ ("true" | "false") ) ) ), "ebgp" ( /* Multipath parameters for eBGP */ c( "config" ( /* Configuration parameters relating to eBGP multipath */ c( "allow-multiple-as" ( /* Allow multipath to use paths from different neighbouring ASes. The default is to only consider multiple paths from the same neighbouring AS. */ ("true" | "false") ), "maximum-paths" arg /* Maximum number of parallel paths to consider when using BGP multipath. The default is use a single path. */ ) ) ) ), "ibgp" ( /* Multipath parameters for iBGP */ c( "config" ( /* Configuration parameters relating to iBGP multipath */ c( "maximum-paths" arg /* Maximum number of parallel paths to consider when using iBGP multipath. The default is to use a single path */ ) ) ) ) ) ), "apply-policy" ( /* Anchor point for routing policies in the model. Import and export policies are with respect to the local routing table, i.e., export (send) and import (receive), depending on the context. */ c( "config" ( /* Policy configuration data. */ c( "import-policy" arg /* list of policy names in sequence to be applied on receiving a routing update in the current context, e.g., for the current peer group, neighbor, address family, etc. */, "default-import-policy" ( /* explicitly set a default policy if no policy definition in the import policy chain is satisfied. */ ("ACCEPT_ROUTE" | "REJECT_ROUTE") ), "export-policy" arg /* list of policy names in sequence to be applied on sending a routing update in the current context, e.g., for the current peer group, neighbor, address family, etc. */, "default-export-policy" ( /* explicitly set a default policy if no policy definition in the export policy chain is satisfied. */ ("ACCEPT_ROUTE" | "REJECT_ROUTE") ) ) ) ) ), "afi-safis" ( /* Per-address-family configuration parameters associated with thegroup */ c( "afi-safi" ( /* AFI,SAFI configuration available for the neighbour or group */ s( arg, c( "config" ( /* Configuration parameters for the AFI-SAFI */ c( "afi-safi-name" ( /* AFI,SAFI */ ("L2VPN_EVPN" | "L2VPN_VPLS" | "L3VPN_IPV6_MULTICAST" | "L3VPN_IPV4_MULTICAST" | "L3VPN_IPV6_UNICAST" | "L3VPN_IPV4_UNICAST" | "IPV6_LABELED_UNICAST" | "IPV4_LABELED_UNICAST" | "IPV6_UNICAST" | "IPV4_UNICAST" | "IPV4_MULTICAST" | "IPV6_MULTICAST") ), "enabled" ( /* This leaf indicates whether the IPv4 Unicast AFI,SAFI is enabled for the neighbour or group */ ("true" | "false") ) ) ), "graceful-restart" ( /* Parameters relating to BGP graceful-restart */ c( "config" ( /* Configuration options for BGP graceful-restart */ c( "enabled" ( /* This leaf indicates whether graceful-restart is enabled for this AFI-SAFI */ ("true" | "false") ) ) ) ) ), "add-paths" ( /* Parameters relating to the advertisement and receipt of multiple paths for a single NLRI (add-paths) */ c( "config" ( /* Configuration parameters relating to ADD_PATHS */ c( "receive" ( /* Enable capability negotiation to receive multiple path advertisements for an NLRI from the neighbor or group */ ("true" | "false") ), "send" ( /* Enable capability negotiation to send multiple path advertisements for an NLRI from the neighbor or group */ ("true" | "false") ), "send-max" arg /* The maximum total number of paths to advertise to neighbors for a single NLRI. This includes the single best path as well as additional paths advertised when add-paths is enabled. */, "eligible-prefix-policy" arg /* A reference to a routing policy which can be used to restrict the prefixes for which add-paths is enabled */ ) ) ) ), "use-multiple-paths" ( /* Parameters related to the use of multiple paths for the same NLRI */ c( "config" ( /* Configuration parameters relating to multipath */ c( "enabled" ( /* Whether the use of multiple paths for the same NLRI is enabled for the neighbor. This value is overridden by any more specific configuration value. */ ("true" | "false") ) ) ), "ebgp" ( /* Multipath parameters for eBGP */ c( "config" ( /* Configuration parameters relating to eBGP multipath */ c( "allow-multiple-as" ( /* Allow multipath to use paths from different neighbouring ASes. The default is to only consider multiple paths from the same neighbouring AS. */ ("true" | "false") ), "maximum-paths" arg /* Maximum number of parallel paths to consider when using BGP multipath. The default is use a single path. */ ) ) ) ), "ibgp" ( /* Multipath parameters for iBGP */ c( "config" ( /* Configuration parameters relating to iBGP multipath */ c( "maximum-paths" arg /* Maximum number of parallel paths to consider when using iBGP multipath. The default is to use a single path */ ) ) ) ) ) ), "apply-policy" ( /* Anchor point for routing policies in the model. Import and export policies are with respect to the local routing table, i.e., export (send) and import (receive), depending on the context. */ c( "config" ( /* Policy configuration data. */ c( "import-policy" arg /* list of policy names in sequence to be applied on receiving a routing update in the current context, e.g., for the current peer group, neighbor, address family, etc. */, "default-import-policy" ( /* explicitly set a default policy if no policy definition in the import policy chain is satisfied. */ ("ACCEPT_ROUTE" | "REJECT_ROUTE") ), "export-policy" arg /* list of policy names in sequence to be applied on sending a routing update in the current context, e.g., for the current peer group, neighbor, address family, etc. */, "default-export-policy" ( /* explicitly set a default policy if no policy definition in the export policy chain is satisfied. */ ("ACCEPT_ROUTE" | "REJECT_ROUTE") ) ) ) ) ), "ipv4-unicast" ( /* IPv4 unicast configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ), "config" ( /* Configuration parameters for common IPv4 and IPv6 unicast AFI-SAFI options */ c( "send-default-route" ( /* If set to true, send the default-route to the neighbour(s) */ ("true" | "false") ) ) ) ) ), "ipv6-unicast" ( /* IPv6 unicast configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ), "config" ( /* Configuration parameters for common IPv4 and IPv6 unicast AFI-SAFI options */ c( "send-default-route" ( /* If set to true, send the default-route to the neighbour(s) */ ("true" | "false") ) ) ) ) ), "ipv4-labeled-unicast" ( /* IPv4 Labeled Unicast configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "ipv6-labeled-unicast" ( /* IPv6 Labeled Unicast configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l3vpn-ipv4-unicast" ( /* Unicast IPv4 L3VPN configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l3vpn-ipv6-unicast" ( /* Unicast IPv6 L3VPN configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l3vpn-ipv4-multicast" ( /* Multicast IPv4 L3VPN configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l3vpn-ipv6-multicast" ( /* Multicast IPv6 L3VPN configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l2vpn-vpls" ( /* BGP-signalled VPLS configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ), "l2vpn-evpn" ( /* BGP EVPN configuration options */ c( "prefix-limit" ( /* Configure the maximum number of prefixes that will be accepted from a peer */ c( "config" ( /* Configuration parameters relating to the prefix limit for the AFI-SAFI */ c( "max-prefixes" arg /* Maximum number of prefixes that will be accepted from the neighbour */, "prevent-teardown" ( /* Do not tear down the BGP session when the maximum prefix limit is exceeded, but rather only log a warning. The default of this leaf is false, such that when it is not specified, the session is torn down. */ ("true" | "false") ), "shutdown-threshold-pct" arg /* Threshold on number of prefixes that can be received from a neighbour before generation of warning messages or log entries. Expressed as a percentage of max-prefixes */, "restart-timer" arg /* Time interval in seconds after which the BGP session is re-established after being torn down due to exceeding the max-prefix limit. */ ) ) ) ) ) ) ) ) ) ) ), "openconfig-bfd:enable-bfd" ( /* Enable BFD for liveliness detection to the next-hop or neighbour. */ c( "config" ( /* Configuration parameters relating to enabling BFD. */ c( "enabled" ( /* When this leaf is set to true, BFD is used to detect the liveliness of the remote peer or next-hop. */ ("true" | "false") ) ) ) ) ), "jnx-aug-openconfig-ni:bfd-params" ( c( "local-multiplier" arg /* Multiplier transmitted by local system. */, "enable" ( /* Indicates whether the BFD is enabled. */ ("true" | "false") ), c( "desired-min-tx-interval" arg /* Desired minimum transmit interval of control packets. */, "required-min-rx-interval" arg /* Required minimum receive interval of control packets. */, "min-interval" arg /* Desired minimum transmit interval and required minimum receive interval of control packets. */ ) ) ), "jnx-aug-openconfig-ni:dynamic-neighbor-prefixes" ( /* A list of IP prefixes from which the system should: - Accept connections to the BGP daemon - Dynamically configure a BGP neighbor corresponding to the source address of the remote system, using the parameters of the specified peer-group. */ c( "dynamic-neighbor-prefix" ( /* An individual prefix from which dynamic neighbor connections are allowed. */ s( arg ) ) ) ) ) ) ) ) ) ) ), "isis" ( /* This container defines top-level ISIS configuration and state information. */ c( "global" ( /* This container defines global ISIS configuration and state information. */ c( "config" ( /* This container defines ISIS global configuration router. */ c( "authentication-check" ( /* When set to true, reject all ISIS protocol PDUs that either have a mismatch in authentication-type or authentication-key. */ ("true" | "false") ), "instance" arg /* ISIS Instance. */, "net" arg /* ISIS network entity title (NET). The first 8 bits are usually 49 (private AFI), next 16 bits represent area, next 48 bits represent system id and final 8 bits are set to 0. */, "maximum-area-addresses" arg /* Maximum areas supported. */, "level-capability" ( /* ISIS level capability(level-1, level-2,vlevel-1-2). */ ("LEVEL_1" | "LEVEL_2" | "LEVEL_1_2") ), "max-ecmp-paths" arg /* ISIS max-paths count. */, "poi-tlv" ( /* ISIS purge TLV. When set to true, a TLV is added to purges to record the system ID of the IS generating the purge. */ ("true" | "false") ), "iid-tlv" ( /* ISIS Instance Identifier TLV. When set to trues, the IID-TLV identifies the unique instance as well as the topology/topologies to which the PDU applies. */ ("true" | "false") ), "fast-flooding" ( /* When set to true, IS will always flood the LSP that triggered an SPF before the router actually runs the SPF computation. */ ("true" | "false") ) ) ), "lsp-bit" ( /* This container defines ISIS LSP Operational Bits. */ c( "overload-bit" ( /* This container defines Overload Bit configuration. */ c( "config" ( /* This container defines ISIS Overload Bit configuration. */ c( "set-bit" ( /* When set to true, IS-IS overload bit is set. */ ("true" | "false") ), "set-bit-on-boot" ( /* When set to true, the IS-IS overload bit is set on system boot. */ ("true" | "false") ), "advertise-high-metric" ( /* When set to true, the local IS advertises links with the highest available metric regardless of their configured metric. The metric value is based on the metric style - if wide metrics are utilised the metric is advertised as 16777214, otherwise they are advertised with a value of 63. */ ("true" | "false") ) ) ), "reset-triggers" ( /* This container defines state for ISIS Overload Bit reset triggers */ c( "reset-trigger" ( /* This list describes ISIS Overload reset trigger reasons. */ s( arg, c( "config" ( /* This container defines ISIS Overload Bit reset trigger configuration. */ c( "reset-trigger" ( /* In the case that the system sets the overload bit on start, the system should reset the bit (i.e., clear the overload bit) upon the specified trigger. */ ("WAIT_FOR_SYSTEM" | "WAIT_FOR_BGP") ), "delay" arg /* If a reset trigger is specified, the system should delay resetting the overload bit for the specified number of seconds after the trigger occurs. */ ) ) ) ) ) ) ) ) ), "attached-bit" ( /* This container defines Attached Bit. */ c( "config" ( /* This container defines Attached Bit configuration. */ c( "ignore-bit" ( /* When set to true, if the attached bit is set on an incoming Level 1 IS-IS, the local system ignores it. In this case the local system does not set a default route to the L1L2 router advertising the PDU with the attached bit set. */ ("true" | "false") ), "suppress-bit" ( /* When set to true, if the local IS acts as a L1L2 router, then the attached bit is not advertised in locally generated PDUs. */ ("true" | "false") ) ) ) ) ) ) ), "reference-bandwidth" ( /* This container defines ISIS Reference Bandwidth. */ c( "config" ( /* This container defines Reference Bandwidth configuration */ c( "reference-bandwidth" arg /* ISIS Reference Bandwidth value */ ) ) ) ), "nsr" ( /* This container defines ISIS Non-Stop Routing. */ c( "config" ( /* This container defines Non-Stop-Routing configuration. */ c( "enabled" ( /* When set to true, the functionality within which this leaf is defined is enabled, when set to false it is explicitly disabled. */ ("true" | "false") ) ) ) ) ), "graceful-restart" ( /* This container defines ISIS Graceful Restart. */ c( "config" ( /* This container defines ISIS graceful-restart configuration. */ c( "enabled" ( /* When set to true, the functionality within which this leaf is defined is enabled, when set to false it is explicitly disabled. */ ("true" | "false") ), "helper-only" ( /* Enable or disable the IS-IS graceful restart helper function. When this leaf is set, the local system does not utilise the IS-IS graceful restart procedures during its own restart, but supports retaining forwarding information during a remote speaker's restart. */ ("true" | "false") ) ) ) ) ), "timers" ( /* This container defines ISIS timers. */ c( "config" ( /* This container defines ISIS global timers configuration. */ c( "lsp-lifetime-interval" arg /* Time interval in seconds that specifies how long an LSP remains in LSDB without being refreshed. */, "lsp-refresh-interval" arg /* Time interval in seconds that specifies how often route topology that a device originates is transmitted in LSPs. */ ) ), "spf" ( /* This container defines ISIS SPF timer settings. */ c( "config" ( /* This container defines ISIS SPF timers configuration. */ c( "spf-hold-interval" arg /* SPF Hold Down time interval in milliseconds. */, "spf-first-interval" arg /* Time interval in milliseconds between the detection of topology change and when the SPF algorithm runs. */, "spf-second-interval" arg /* Time interval in milliseconds between the first and second SPF calculation. */ ) ) ) ), "lsp-generation" ( /* This container defines ISIS LSP Generation. */ c( "config" ( /* This container defines ISIS LSP Generation timers configuration. */ c( "lsp-max-wait-interval" arg /* Time interval in milliseconds that specifies max interval between two consecutive occurrences of an LSP being generated. */, "lsp-first-wait-interval" arg /* Time interval in milliseconds that specifies the first LSP generation delay. */, "lsp-second-wait-interval" arg /* Time interval in milliseconds that specifies the millisecond LSP generation delay. */ ) ) ) ) ) ), "transport" ( /* This container defines ISIS transport. */ c( "config" ( /* This container defines ISIS transport related configuration. */ c( "lsp-mtu-size" arg /* The maximum size in bytes of an IS-IS Link state PDU. */ ) ) ) ), "mpls" ( /* Configuration and operational state relating to MPLS-related features in IS-IS */ c( "igp-ldp-sync" ( /* Configuration and operational state relating to synchronisation between the LDP and IS-IS */ c( "config" ( /* This container defines ISIS/IGP configuration. */ c( "enabled" ( /* When set to true, rely on IGP/LDP synchronization. IGP cost for link is maintained at max until LDP adjacencies are established */ ("true" | "false") ), "post-session-up-delay" arg /* Specifies a delay, expressed in units of seconds, between the LDP session to the IGP neighbor being established, and it being considered synchronized by the IGP. */ ) ) ) ) ) ), "igp-shortcuts" ( /* This container defines IGP shortcuts configuration and state information. */ c( "afi" ( /* Address-family list. */ s( arg, c( "config" ( /* This container defines ISIS Shortcuts configuration parameters */ c( "afi-name" ( /* Address-family type. */ ("IPV6" | "IPV4") ), "nh-type" ( /* Tunnel NH Type(RSVP,SR). When present it implies that nh-type shortcut is enabled for a specified AFI. */ ("PATH_SETUP_LDP" | "PATH_SETUP_SR" | "PATH_SETUP_RSVP") ) ) ) ) ) ) ) ), "afi-safi" ( /* This container defines address-family specific configuration and state information. */ c( "af" ( /* Address-family/Subsequent Address-family list. */ s( arg, arg, c( "config" ( /* This container defines AFI-SAFI configuration parameters */ c( "afi-name" ( /* Address-family type. */ ("IPV6" | "IPV4") ), "safi-name" ( /* Subsequent address-family type. */ ("MULTICAST" | "UNICAST") ), "metric" arg /* ISIS metric value(default=10). */, "enabled" ( /* When set to true, the functionality within which this leaf is defined is enabled, when set to false it is explicitly disabled. */ ("true" | "false") ) ) ), "multi-topology" ( /* This container defines multi-topology address-family configuration and state information. ISIS TLV 235, 237. */ c( "config" ( /* This container defines AFI-SAFI multi-topology configuration parameters */ c( "afi-name" ( /* Address-family type. */ ("IPV6" | "IPV4") ), "safi-name" ( /* Subsequent address-family type. */ ("MULTICAST" | "UNICAST") ) ) ) ) ) ) ) ) ) ), "segment-routing" ( /* Configuration and operational state relating to segment routing. */ c( "config" ( /* Configuration parameters relating to the configuration of segment routing for the IGP instance. */ c( "enabled" ( /* When this leaf is set to true, the segment routing extensions are utilised within the IGP. */ ("true" | "false") ), "srgb" arg /* A reference to the Segment Routing Global Block (SRGB) that is to be used by this IGP instance. */, "srlb" arg /* A reference to the Segment Routing Local Block (SRLB) that is to be advertised by the IGP instance. */ ) ) ) ), "inter-level-propagation-policies" ( /* Policies to propagate prefixes between IS-IS levels. */ c( "level1-to-level2" ( /* Policies relating to prefixes to be propagated from Level 1 to Level 2. */ c( "config" ( /* Configuration parameters relating to the propagation of prefixes from IS-IS Level 1 to Level 2. */ c( "import-policy" arg /* list of policy names in sequence to be applied on receiving a routing update in the current context, e.g., for the current peer group, neighbor, address family, etc. */, "default-import-policy" ( /* explicitly set a default policy if no policy definition in the import policy chain is satisfied. */ ("ACCEPT_ROUTE" | "REJECT_ROUTE") ) ) ) ) ), "level2-to-level1" ( /* Policies relating to prefixes to be propagated from Level2 to Level 1. */ c( "config" ( /* Configuration parameters relating to the propagation of prefixes from IS-IS Level 2 to Level 1. */ c( "import-policy" arg /* list of policy names in sequence to be applied on receiving a routing update in the current context, e.g., for the current peer group, neighbor, address family, etc. */, "default-import-policy" ( /* explicitly set a default policy if no policy definition in the import policy chain is satisfied. */ ("ACCEPT_ROUTE" | "REJECT_ROUTE") ) ) ) ) ) ) ) ) ), "levels" ( /* This container defines ISIS level configuration and state information. */ c( "level" ( /* Configuration and operational state parameters related to a particular level within the IS-IS protocol instance */ s( arg, c( "config" ( /* This container defines ISIS level based configuration. */ c( "enabled" ( /* When set to true, the functionality within which this leaf is defined is enabled, when set to false it is explicitly disabled. */ ("true" | "false") ), "level-number" arg /* ISIS level number (level-1, level-2). */, "metric-style" ( /* ISIS metric style types(narrow, wide). */ ("NARROW_METRIC" | "WIDE_METRIC") ), "authentication-check" ( /* When set to true, reject all ISIS protocol PDUs that either have a mismatch in authentication-type or authentication-key. */ ("true" | "false") ) ) ), "system-level-counters" /* This container defines ISIS system level counters. */, "traffic-engineering" ( /* This container defines ISIS TE. */ c( "config" ( /* This container defines ISIS TE configuration. */ c( "enabled" ( /* When set to true, the functionality within which this leaf is defined is enabled, when set to false it is explicitly disabled. */ ("true" | "false") ), "ipv4-router-id" arg /* IPv4 MPLS Traffic Engineering Router-ID. */, "ipv6-router-id" arg /* IPv6 MPLS Traffic Engineering Router-ID. */ ) ) ) ), "route-preference" ( /* This container defines Administrative Distance (or preference) assigned to ISIS routes (level1 internal, level2 internal, level1 external, level2 external). */ c( "config" ( /* This container defines route preference configuration. */ c( "external-route-preference" arg /* Administrative Distance(preference) for external ISIS routes. */, "internal-route-preference" arg /* Administrative Distance(preference) for internal ISIS routes. */ ) ) ) ), "authentication" ( /* This container defines ISIS authentication. */ c( "config" ( /* This container defines ISIS authentication configuration. */ c( "csnp-authentication" ( /* Enable or disable for IS-IS CSNPs. */ ("true" | "false") ), "psnp-authentication" ( /* Enable or disable authentication for IS-IS PSNPs. */ ("true" | "false") ), "lsp-authentication" ( /* Enable or disable authentication for IS-IS LSPs. */ ("true" | "false") ) ) ), "key" ( /* This container defines ISIS authentication key */ c( "config" ( /* This container defines ISIS authentication key configuration. */ c( "auth-password" arg /* Authentication key string. */ ) ) ) ), "keychain" /* This container defines keychain parameters. */ ) ) ) ) ) ) ), "interfaces" ( /* This container defines global ISIS interface configuration and state information. */ c( "interface" ( /* This list contains ISIS interfaces. */ s( arg, c( "config" ( /* This container defines ISIS interface configuration. */ c( "enabled" ( /* When set to true, the functionality within which this leaf is defined is enabled, when set to false it is explicitly disabled. */ ("true" | "false") ), "interface-id" arg /* Interface for which ISIS configuration is to be applied. */, "passive" ( /* When set to true, the referenced interface is a passive interface such that it is not eligible to establish adjacencies with other systems, but is advertised into the IS-IS topology. */ ("true" | "false") ), "hello-padding" ( /* This leaf controls padding type for IS-IS Hello PDUs. */ ("STRICT" | "LOOSE" | "ADAPTIVE" | "DISABLE") ), "circuit-type" ( /* ISIS circuit type (p2p, broadcast). */ ("POINT_TO_POINT" | "BROADCAST") ) ) ), "circuit-counters" /* This container defines state information for ISIS circuit counters. */, "authentication" ( /* This container defines ISIS authentication. */ c( "config" ( /* This container defines ISIS authentication configuration. */ c( "hello-authentication" ( /* Enabled or disable ISIS Hello authentication. */ ("true" | "false") ) ) ), "key" ( /* This container defines ISIS authentication key */ c( "config" ( /* This container defines ISIS authentication key configuration. */ c( "auth-password" arg /* Authentication key string. */ ) ) ) ), "keychain" /* This container defines keychain parameters. */ ) ), "afi-safi" ( /* This container defines address-family specific configuration and state information. */ c( "af" ( /* Address-family/Subsequent Address-family list. */ s( arg, arg, c( "config" ( /* This container defines AFI-SAFI configuration parameters. Single topology is the default setting. */ c( "afi-name" ( /* Address-family type. */ ("IPV6" | "IPV4") ), "safi-name" ( /* Subsequent address-family type. */ ("MULTICAST" | "UNICAST") ), "enabled" ( /* When set to true, the functionality within which this leaf is defined is enabled, when set to false it is explicitly disabled. */ ("true" | "false") ) ) ) ) ) ) ) ), "levels" ( /* This container defines ISIS level specific configuration and state information. */ c( "level" ( /* Configuration and operational state parameters related to a particular level on an IS-IS enabled interface. */ s( arg, c( "config" ( /* This container defines interface ISIS level configuration. */ c( "level-number" arg /* ISIS level number(level-1, level-2). */, "passive" ( /* ISIS passive interface admin enable/disable function. */ ("true" | "false") ), "priority" arg /* ISIS neighbor priority(LAN hello PDU only). */, "enabled" ( /* When set to true, the functionality within which this leaf is defined is enabled, when set to false it is explicitly disabled. */ ("true" | "false") ) ) ), "packet-counters" ( /* This container defines ISIS interface packet counters. */ c( "lsp" /* This container defines LSP packet counters. */, "iih" /* This container defines IIH packet counters. */, "ish" /* This container defines ISH packet counters. */, "esh" /* This container defines ESH packet counters. */, "psnp" /* This container defines PSNP packet counters. */, "csnp" /* Operational state parameters relating to CSNPs. */, "unknown" /* Operational state parameters relating to IS-IS PDUs that are not otherwise classified - referred to as Unknown PDUs. */ ) ), "timers" ( /* This container defines ISIS timers. */ c( "config" ( /* This container defines ISIS interface hello-timers configuration. */ c( "hello-interval" arg /* ISIS hello-interval value. */, "hello-multiplier" arg /* ISIS hello-multiplier value. */ ) ) ) ), "afi-safi" ( /* This container defines address-family specific configuration and state information. */ c( "af" ( /* Address-family/Subsequent Address-family list. */ s( arg, arg, c( "config" ( /* This container defines AFI-SAFI configuration parameters. Single topology is the default setting. */ c( "afi-name" ( /* Address-family type. */ ("IPV6" | "IPV4") ), "safi-name" ( /* Subsequent address-family type. */ ("MULTICAST" | "UNICAST") ), "metric" arg /* ISIS metric value(default=10). */, "enabled" ( /* When set to true, the functionality within which this leaf is defined is enabled, when set to false it is explicitly disabled. */ ("true" | "false") ) ) ), "segment-routing" ( /* Configuration and operatioanl state parameters relating to segment routing for an interface within the IGP. */ c( "prefix-sids" ( /* Configuration and operational state parameters relating to the advertisement of a segment routing IGP-Prefix SID for this interface. */ c( "prefix-sid" ( /* An IGP prefix that should have a segment routing IGP-Prefix SID allocated to it. The value of the SID is specified by the SID ID, as an absolute value. If the absolute value falls within the SRGB, the Global flag should be advertised by the system. */ s( arg, c( "config" ( /* Configuration parameters for the IGP Prefix SID. */ c( "prefix" ( /* The IP prefix for which the IGP prefix SID should be advertised. The value specified is a local prefix on the interface which is advertised into the IGP. */ time_of_day /* The IP prefix for which the IGP prefix SID should be advertised. The value specified is a local prefix on the interface which is advertised into the IGP. */ ), "sid-id" ( /* The Segment Identifier to be used when advertising the IGP Prefix SID. */ time_of_day /* The Segment Identifier to be used when advertising the IGP Prefix SID. */ ), "label-options" ( /* The options associated with the IGP prefix SID for MPLS. The value of this leaf specifies the option that the SID should be advertised into the IGP with. */ ("NO_PHP" | "EXPLICIT_NULL") ) ) ) ) ) ) ) ), "adjacency-sids" ( /* Configuration and operational state parameters relating to the advertisement of a segment routing adjacency SID for this interface. */ c( "adjacency-sid" ( /* An Adjacency SID to be advertised for the specified interface. The Adj-SID's identifier (the SID ID) must be unique, with flags specified indicating the parameters that should be set for the SID. Where a SID value is specified that is allocated from the SRGB, the global flag must be set by the system. */ s( arg, arg, c( "config" ( /* Configuraton parameters relating to the AdjSID. */ c( "sid-id" ( /* The value of the Adj-SID to be advertised. Where a static SID identifier is specified, this should be advertised directly by the system. Where the DYNAMIC value is specified, this should be treated as a dynamically allocated value. When the MPLS data plane is in use the dynamic value should not fall within a reserved-label-block. */ time_of_day /* The value of the Adj-SID to be advertised. Where a static SID identifier is specified, this should be advertised directly by the system. Where the DYNAMIC value is specified, this should be treated as a dynamically allocated value. When the MPLS data plane is in use the dynamic value should not fall within a reserved-label-block. */ ), "protection-eligible" ( /* Whether the Adj-SID should be considered to be eligible for protection using IP or MPLS FRR during a network failure. When this value is set to true, the B-flag of the Adj-SID is set to 1, and the local system should provide FRR paths for the associated label forwarding entry. When it is set to false, the local system must not provide FRR for the specified LFIB entry. */ ("true" | "false") ), "group" ( /* When set to true, the Adj-SID is indicated to be part of a group, and the G flag is set to 1 in the corresponding advertisement in the IGP. */ ("true" | "false") ), "neighbor" ( /* The remote system on the interface with which the Adj-SID is associated. */ time_of_day /* The remote system on the interface with which the Adj-SID is associated. */ ) ) ) ) ) ) ) ) ) ) ) ) ) ) ), "hello-authentication" ( /* This container defines ISIS authentication. */ c( "config" ( /* This container defines ISIS authentication configuration. */ c( "hello-authentication" ( /* Enabled or disable ISIS Hello authentication. */ ("true" | "false") ) ) ), "key" ( /* This container defines ISIS authentication key */ c( "config" ( /* This container defines ISIS authentication key configuration. */ c( "auth-password" arg /* Authentication key string. */ ) ) ) ), "keychain" /* This container defines keychain parameters. */ ) ) ) ) ) ) ), "timers" ( /* This container describes ISIS interface timers configuration */ c( "config" ( /* Configuration parameters relating to interface timers for IS-IS */ c( "csnp-interval" arg /* The interval, specified in seconds, at which periodic CSNP packets should be transmitted by the local IS. */, "lsp-pacing-interval" arg /* The interval interval in milliseconds between the detection of topology change and when the SPF algorithm runs. */ ) ) ) ), "bfd" ( /* This container defines BFD. */ c( "config" ( /* This container defines BFD configuration parameters. */ c( "bfd-tlv" ( /* When set to true, BFD TLV is used. This enables support for the IS-IS BFD TLV options, which specify that a BFD session must be established before an IS-IS adjacency can transition to the established state. This option should be enabled on all IS-IS neighbors on a shared interface. */ ("true" | "false") ) ) ) ) ), "interface-ref" ( /* Reference to an interface or subinterface */ c( "config" ( /* Configured reference to interface / subinterface */ c( "interface" arg /* Reference to a base interface. If a reference to a subinterface is required, this leaf must be specified to indicate the base interface. */, "subinterface" arg /* Reference to a subinterface -- this requires the base interface to be specified using the interface leaf in this container. If only a reference to a base interface is requuired, this leaf should not be set. */ ) ) ) ), "jnx-aug-openconfig-isis:packet-counters" ( /* This container defines ISIS interface packet counters. */ c( "lsp" /* This container defines LSP packet counters. */, "iih" /* This container defines IIH packet counters. */, "ish" /* This container defines ISH packet counters. */, "esh" /* This container defines ESH packet counters. */, "psnp" /* This container defines PSNP packet counters. */, "csnp" /* Operational state parameters relating to CSNPs. */, "unknown" /* Operational state parameters relating to IS-IS PDUs that are not otherwise classified - referred to as Unknown PDUs. */ ) ) ) ) ) ) ) ) ), "jnx-aug-openconfig-evpn:evpn" ( c( "num-peers" arg /* Number of peers with EVPN family */, "num-interfaces" arg /* Number of local interfaces */, "num-interfaces-up" arg /* Number of local interfaces with status UP */, "num-irb-interfaces" arg /* Number of irb interfaces */, "num-irb-interfaces-up" arg /* Number of irb interfaces with status UP */, "num-remote-macs" arg /* Number of macs learned from remote peers */, "num-remote-mac-ip-v4" arg /* Number of ipv4 macs-ip routes learned from remote peers */, "num-remote-mac-ip-v6" arg /* Number of ipv6 macs-ip routes learned from remote peers */, "num-remote-irb-macs" arg /* Number of irb macs learned from remote peers */, "num-ethernet-segments" arg /* Number of ethernet-segment routes received from remote peers */, "label-allocation-mode" arg, "interfaces" arg ( /* Interfaces */ c( "esi" arg /* Ethernet Segment Interface */, "mode" arg /* Multihoming mode */, "status" arg /* Resolution status */ ) ), "irb-interfaces" arg ( /* IRB interfaces */ c( "virtual-gateway-esi" arg /* Virtual Gateway ESI */, "status" arg /* Status */, "l3-context" arg /* L3 context name */ ) ), "peer" ( /* Remote evpn peers */ s( arg, c( "num-auto-discovery-routes" arg /* Number of auto-discovery i.e Type 1 routes received from peer */, "num-multicast-routes" arg /* Number of multicast i.e Type 3 routes received from peer */, "num-ethernet-segment-routes" arg /* Number of ethernet-segment routes i.e Type 4 routes received from peer */, "num-mac-routes" arg /* Number of Type 2 MAC routes received from peer */, "num-mac-ip-routes" arg /* Number of Type 2 MAC+IP routes received from peer */, "num-selective-multicast-routes" arg /* Number of selective multicast i.e Type 6 routes received from peer */ ) ) ), "sg-db" ( /* Multicast source groups */ s( arg, arg, arg, c( "total-esi-fanout" arg /* Number of ESI interested in the multicast group */, "total-local-fanout" arg /* Number of local interface interested in the multicast group */, "total-remote-fanout" arg /* Number of remote peers interested in the multicast group */, "sgdb-esi" ( /* Multicast source group database esi list */ s( arg, c( "local-intf-name" arg /* Interface name */, "join-sync-status" arg /* Join sync route Type 7 status */, "join-sync-last-updated" arg /* Join sync route Type 7 last status change time */, "leave-sync-status" arg /* Leave sync route Type 8 status */, "leave-sync-last-updated" arg /* Leave sync route Type 8 last status change time */ ) ) ) ) ) ), "ethernet-segment" ( /* Ethernet segment identifiers */ s( arg, c( "status" arg /* Status */, "local-intf-name" arg /* ethernet segment interface name */, "local-intf-status" arg /* ethernet segment interface status */, "df-election-algorithm" arg /* Designated forwarder algorithm in use */, "designated-forwarder" arg /* Elected designated forwarder address */, "remote-pe" ( /* Remote peers */ s( arg, c( "mode" arg /* Multihoming Mode */ ) ) ) ) ) ), "assisted-replication" ( c( "role" arg /* Assisted replication role leaf or replicator */, "l2-domain" ( /* L2 domains */ s( arg, c( "nexthops" ( /* Nexthops */ s( arg, c( "vni-id" arg /* Virtual network identifier */, "interface" arg /* Interface name */, "replicator-ip" arg /* Replicator peer address value */, "is-designated-node" ( /* True if replicator is designated forwarder */ ("true" | "false") ) ) ) ) ) ) ) ) ), "vxlan-tunnel-end-point" ( /* Remote VTEPs */ s( arg, c( "source-ip-address" arg /* Source IP of the Remote VTEP */, "status" ( /* state of the Remote VTEP */ ("IF-DOWN" | "IF-UP") ), "mode" ( /* Mode of the Remote VTEP */ ("RNVE" | "AR-REPLICATOR" | "AR-LEAF") ), "nexthop" arg /* Nexthop Index of the Remote VTEP */, "source-interface" arg /* Source Interface name of Remote VTEP */ ) ) ) ) ) ) ) ) ) ), "jnx-aug-openconfig-ni-vlan:vlan" ( s( arg, c( "vlan" arg /* Vlan tag of the Bridge domain */, "status" ( /* Admin state of the VLAN */ ("ACTIVE" | "SUSPENDED") ), "vni" arg /* VXLAN VNI of the Bridge domain */, "l3-interface" arg /* L3 Inter Routing interface name of the Bridge domain */, "member" ( s( arg ) ) ) ) ) ) ) ) ), "openconfig-system:system" ( /* Enclosing container for system-related configuration and operational state data */ c( "config" ( /* Global configuration data for the system */ c( "hostname" arg /* The hostname of the device -- should be a single domain label, without the domain. */, "domain-name" arg /* Specifies the domain name used to form fully qualified name for unqualified hostnames. */, "login-banner" arg /* The console login message displayed before the login prompt, i.e., before a user logs into the system. */, "motd-banner" arg /* The console message displayed after a user logs into the system. They system may append additional standard information such as the current system date and time, uptime, last login timestamp, etc. */ ) ), "clock" ( /* Top-level container for clock configuration data */ c( "config" ( /* Configuration data for system clock */ c( "timezone-name" arg /* The TZ database name to use for the system, such as 'Europe/Stockholm'. */ ) ) ) ), "dns" ( /* Enclosing container for DNS resolver data */ c( "config" ( /* Configuration data for the DNS resolver */ c( "search" arg /* An ordered list of domains to search when resolving a host name. */ ) ), "servers" ( /* Enclosing container for DNS resolver list */ c( "server" ( /* List of the DNS servers that the resolver should query. When the resolver is invoked by a calling application, it sends the query to the first name server in this list. If no response has been received within 'timeout' seconds, the resolver continues with the next server in the list. If no response is received from any server, the resolver continues with the first server again. When the resolver has traversed the list 'attempts' times without receiving any response, it gives up and returns an error to the calling application. Implementations MAY limit the number of entries in this list. */ s( arg, c( "config" ( /* Configuration data for each DNS resolver */ c( "address" ( /* The address of the DNS server, can be either IPv4 or IPv6. */ time_of_day /* The address of the DNS server, can be either IPv4 or IPv6. */ ), "port" arg /* The port number of the DNS server. */ ) ) ) ) ) ) ), "host-entries" ( /* Enclosing container for list of static host entries */ c( "host-entry" ( /* List of static host entries */ s( arg, c( "config" ( /* Configuration data for static host entries */ c( "hostname" arg /* Hostname for the static DNS entry */, "alias" arg /* Additional aliases for the hostname */, "ipv4-address" arg /* List of IPv4 addressses for the host entry */, "ipv6-address" arg /* List of IPv6 addresses for the host entry */ ) ) ) ) ) ) ) ) ), "ntp" ( /* Top-level container for NTP configuration and state */ c( "config" ( /* Configuration data for NTP client. */ c( "enabled" ( /* Enables the NTP protocol and indicates that the system should attempt to synchronize the system clock with an NTP server from the servers defined in the 'ntp/server' list. */ ("true" | "false") ), "ntp-source-address" ( /* Source address to use on outgoing NTP packets */ time_of_day /* Source address to use on outgoing NTP packets */ ), "enable-ntp-auth" ( /* Enable or disable NTP authentication -- when enabled, the system will only use packets containing a trusted authentication key to synchronize the time. */ ("true" | "false") ) ) ), "ntp-keys" ( /* Enclosing container for list of NTP authentication keys */ c( "ntp-key" ( /* List of NTP authentication keys */ s( arg, c( "config" ( /* Configuration data for NTP auth keys */ c( "key-id" arg /* Integer identifier used by the client and server to designate a secret key. The client and server must use the same key id. */, "key-type" ( /* Encryption type used for the NTP authentication key */ ("NTP_AUTH_MD5") ), "key-value" arg /* NTP authentication key value */ ) ) ) ) ) ) ), "servers" ( /* Enclosing container for the list of NTP servers */ c( "server" ( /* List of NTP servers to use for system clock synchronization. If '/system/ntp/enabled' is 'true', then the system will attempt to contact and utilize the specified NTP servers. */ s( arg, c( "config" ( /* Configuration data for an NTP server. */ c( "address" ( /* The address or hostname of the NTP server. */ time_of_day /* The address or hostname of the NTP server. */ ), "port" arg /* The port number of the NTP server. */, "version" arg /* Version number to put in outgoing NTP packets */, "association-type" ( /* The desired association type for this NTP server. */ ("SERVER" | "PEER" | "POOL") ), "iburst" ( /* Indicates whether this server should enable burst synchronization or not. */ ("true" | "false") ), "prefer" ( /* Indicates whether this server should be preferred or not. */ ("true" | "false") ) ) ) ) ) ) ) ) ) ), "grpc-server" ( /* Top-level container for the gRPC server */ c( "config" ( /* Configuration data for the system gRPC server */ c( "enable" ( /* Enables the gRPC server. The gRPC server is enabled by default */ ("true" | "false") ), "port" arg /* TCP port on which the gRPC server should listen */, "transport-security" ( /* Enables gRPC transport security (e.g., TLS or SSL) */ ("true" | "false") ), "certificate-id" arg /* The certificate ID to be used for authentication */, "listen-addresses" ( /* The IP addresses that the gRPC server should listen on. This may be an IPv4 or an IPv6 address */ time_of_day /* The IP addresses that the gRPC server should listen on. This may be an IPv4 or an IPv6 address */ ) ) ) ) ), "ssh-server" ( /* Top-level container for ssh server */ c( "config" ( /* Configuration data for the system ssh server */ c( "enable" ( /* Enables the ssh server. The ssh server is enabled by default. */ ("true" | "false") ), "protocol-version" ( /* Set the protocol version for SSH connections to the system */ ("V2" | "V1" | "V1_V2") ), "timeout" arg /* Set the idle timeout in seconds on terminal connections to the system for the protocol. */, "rate-limit" arg /* Set a limit on the number of connection attempts per minute to the system for the protocol. */, "session-limit" arg /* Set a limit on the number of simultaneous active terminal sessions to the system for the protocol (e.g., ssh, telnet, ...) */ ) ) ) ), "telnet-server" ( /* Top-level container for telnet terminal servers */ c( "config" ( /* Configuration data for telnet */ c( "enable" ( /* Enables the telnet server. Telnet is disabled by default */ ("true" | "false") ), "timeout" arg /* Set the idle timeout in seconds on terminal connections to the system for the protocol. */, "rate-limit" arg /* Set a limit on the number of connection attempts per minute to the system for the protocol. */, "session-limit" arg /* Set a limit on the number of simultaneous active terminal sessions to the system for the protocol (e.g., ssh, telnet, ...) */ ) ) ) ), "logging" ( /* Top-level container for data related to logging / syslog */ c( "console" ( /* Top-level container for data related to console-based logging */ c( "config" /* Configuration data for console logging */, "selectors" ( /* Enclosing container */ c( "selector" ( /* List of selectors for log messages */ s( arg, arg, c( "config" ( /* Configuration data */ c( "facility" ( /* Specifies the facility, or class of messages to log */ ("LOCAL7" | "LOCAL6" | "LOCAL5" | "LOCAL4" | "LOCAL3" | "LOCAL2" | "LOCAL1" | "LOCAL0" | "CONSOLE" | "AUDIT" | "NTP" | "AUTHPRIV" | "SYSLOG" | "AUTH" | "SYSTEM_DAEMON" | "MAIL" | "USER" | "KERNEL" | "ALL") ), "severity" ( /* Specifies that only messages of the given severity (or greater severity) for the corresonding facility are logged */ ("EMERGENCY" | "ALERT" | "CRITICAL" | "ERROR" | "WARNING" | "NOTICE" | "INFORMATIONAL" | "DEBUG") ) ) ) ) ) ) ) ) ) ), "remote-servers" ( /* Enclosing container for the list of remote log servers */ c( "remote-server" ( /* List of remote log servers */ s( arg, c( "config" ( /* Configuration data for remote log servers */ c( "host" ( /* IP address or hostname of the remote log server */ time_of_day /* IP address or hostname of the remote log server */ ), "source-address" ( /* Source IP address for packets to the log server */ time_of_day /* Source IP address for packets to the log server */ ), "remote-port" arg /* Sets the destination port number for syslog UDP messages to the server. The default for syslog is 514. */ ) ), "selectors" ( /* Enclosing container */ c( "selector" ( /* List of selectors for log messages */ s( arg, arg, c( "config" ( /* Configuration data */ c( "facility" ( /* Specifies the facility, or class of messages to log */ ("LOCAL7" | "LOCAL6" | "LOCAL5" | "LOCAL4" | "LOCAL3" | "LOCAL2" | "LOCAL1" | "LOCAL0" | "CONSOLE" | "AUDIT" | "NTP" | "AUTHPRIV" | "SYSLOG" | "AUTH" | "SYSTEM_DAEMON" | "MAIL" | "USER" | "KERNEL" | "ALL") ), "severity" ( /* Specifies that only messages of the given severity (or greater severity) for the corresonding facility are logged */ ("EMERGENCY" | "ALERT" | "CRITICAL" | "ERROR" | "WARNING" | "NOTICE" | "INFORMATIONAL" | "DEBUG") ) ) ) ) ) ) ) ) ) ) ) ) ) ) ), "aaa" ( /* Top-level container for AAA services */ c( "config" /* Configuration data for top level AAA services */, "authentication" ( /* Top-level container for global authentication data */ c( "config" ( /* Configuration data for global authentication services */ c( "authentication-method" arg /* Ordered list of authentication methods for users. This can be either a reference to a server group, or a well- defined designation in the AAA_METHOD_TYPE identity. If authentication fails with one method, the next defined method is tried -- failure of all methods results in the user being denied access. */ ) ), "admin-user" ( /* Top-level container for the system root or admin user configuration and operational state */ c( "config" ( /* Configuration data for the root user account */ c( "admin-password" ( /* The admin/root password, supplied as a cleartext string. The system should hash and only store the password as a hashed value. */ unreadable /* The admin/root password, supplied as a cleartext string. The system should hash and only store the password as a hashed value. */ ), "admin-password-hashed" arg /* The admin/root password, supplied as a hashed value using the notation described in the definition of the crypt-password-type. */ ) ) ) ), "users" ( /* Enclosing container list of local users */ c( "user" ( /* List of local users on the system */ s( arg, c( "config" ( /* Configuration data for local users */ c( "username" arg /* Assigned username for this user */, "password" ( /* The user password, supplied as cleartext. The system must hash the value and only store the hashed value. */ unreadable /* The user password, supplied as cleartext. The system must hash the value and only store the hashed value. */ ), "password-hashed" arg /* The user password, supplied as a hashed value using the notation described in the definition of the crypt-password-type. */, "ssh-key" arg /* SSH public key for the user (RSA or DSA) */, "role" arg /* Role assigned to the user. The role may be supplied as a string or a role defined by the SYSTEM_DEFINED_ROLES identity. */ ) ) ) ) ) ) ) ) ), "authorization" ( /* Top-level container for AAA authorization configuration and operational state data */ c( "config" ( /* Configuration data for authorization based on AAA methods */ c( "authorization-method" arg /* Ordered list of methods for authorizing commands. The first method that provides a response (positive or negative) should be used. The list may contain a well-defined method such as the set of all TACACS or RADIUS servers, or the name of a defined AAA server group. The system must validate that the named server group exists. */ ) ), "events" ( /* Enclosing container for the set of events subject to authorization */ c( "event" ( /* List of events subject to AAA authorization */ s( arg, c( "config" ( /* Configuration data for each authorized event */ c( "event-type" ( /* The type of event to record at the AAA authorization server */ ("AAA_AUTHORIZATION_EVENT_CONFIG" | "AAA_AUTHORIZATION_EVENT_COMMAND") ) ) ) ) ) ) ) ) ) ), "accounting" ( /* Top-level container for AAA accounting */ c( "config" ( /* Configuration data for user activity accounting. */ c( "accounting-method" arg /* An ordered list of methods used for AAA accounting for this event type. The method is defined by the destination for accounting data, which may be specified as the group of all TACACS+/RADIUS servers, a defined server group, or the local system. */ ) ), "events" ( /* Enclosing container for defining handling of events for accounting */ c( "event" ( /* List of events subject to accounting */ s( arg, c( "config" ( /* Configuration data for accounting events */ c( "event-type" ( /* The type of activity to record at the AAA accounting server */ ("AAA_ACCOUNTING_EVENT_LOGIN" | "AAA_ACCOUNTING_EVENT_COMMAND") ), "record" ( /* Type of record to send to the accounting server for this activity type */ ("START_STOP" | "STOP") ) ) ) ) ) ) ) ) ) ), "server-groups" ( /* Enclosing container for AAA server groups */ c( "server-group" arg ( /* List of AAA server groups. All servers in a group must have the same type as indicated by the server type. */ c( "config" ( /* Configuration data for each server group */ c( "name" arg /* Name for the server group */, "type" ( /* AAA server type -- all servers in the group must be of this type */ ("TACACS" | "RADIUS") ) ) ), "servers" ( /* Enclosing container the list of servers */ c( "server" ( /* List of AAA servers */ s( arg, c( "config" ( /* Configuration data */ c( "name" arg /* Name assigned to the server */, "address" ( /* Address of the authentication server */ time_of_day /* Address of the authentication server */ ), "timeout" arg /* Set the timeout in seconds on responses from the AAA server */ ) ), "tacacs" ( /* Top-level container for TACACS+ server data */ c( "config" ( /* Configuration data for TACACS+ server */ c( "port" arg /* The port number on which to contact the TACACS server */, "secret-key" ( /* The unencrypted shared key used between the authentication server and the device. */ unreadable /* The unencrypted shared key used between the authentication server and the device. */ ), "source-address" ( /* Source IP address to use in messages to the TACACS server */ time_of_day /* Source IP address to use in messages to the TACACS server */ ) ) ) ) ), "radius" ( /* Top-level container for RADIUS server data */ c( "config" ( /* Configuration data for RADIUS servers */ c( "auth-port" arg /* Port number for authentication requests */, "acct-port" arg /* Port number for accounting requests */, "secret-key" ( /* The unencrypted shared key used between the authentication server and the device. */ unreadable /* The unencrypted shared key used between the authentication server and the device. */ ), "source-address" ( /* Source IP address to use in messages to the RADIUS server */ time_of_day /* Source IP address to use in messages to the RADIUS server */ ), "retransmit-attempts" arg /* Number of times the system may resend a request to the RADIUS server when it is unresponsive */ ) ) ) ) ) ) ) ) ) ) ) ) ) ) ), "memory" ( /* Top-level container for system memory data */ c( "config" /* Configuration data for system memory */ ) ), "processes" /* Parameters related to all monitored processes */ ) ), "openconfig-local-routing:local-routes" ( /* Top-level container for local routes */ c( "config" /* Configuration data for locally defined routes */, "static-routes" ( /* Enclosing container for the list of static routes */ c( "static" ( /* List of locally configured static routes */ s( arg, c( "config" ( /* Configuration data for static routes */ c( "prefix" ( /* Destination prefix for the static route, either IPv4 or IPv6. */ time_of_day /* Destination prefix for the static route, either IPv4 or IPv6. */ ), "set-tag" ( /* Set a generic tag value on the route. This tag can be used for filtering routes that are distributed to other routing protocols. */ time_of_day /* Set a generic tag value on the route. This tag can be used for filtering routes that are distributed to other routing protocols. */ ) ) ), "next-hops" ( /* Configuration and state parameters relating to the next-hops that are to be utilised for the static route being specified */ c( "next-hop" ( /* A list of next-hops to be utilised for the static route being specified. */ s( arg, c( "config" ( /* Configuration parameters relating to the next-hop entry */ c( "index" arg /* An user-specified identifier utilised to uniquely reference the next-hop entry in the next-hop list. The value of this index has no semantic meaning other than for referencing the entry. */, "next-hop" arg /* The next-hop that is to be used for the static route - this may be specified as an IP address, an interface or a pre-defined next-hop type - for instance, DROP or LOCAL_LINK. When this leaf is not set, and the interface-ref value is specified for the next-hop, then the system should treat the prefix as though it is directly connected to the interface. */, "metric" arg /* A metric which is utilised to specify the preference of the next-hop entry when it is injected into the RIB. The lower the metric, the more preferable the prefix is. When this value is not specified the metric is inherited from the default metric utilised for static routes within the network instance that the static routes are being instantiated. When multiple next-hops are specified for a static route, the metric is utilised to determine which of the next-hops is to be installed in the RIB. When multiple next-hops have the same metric (be it specified, or simply the default) then these next-hops should all be installed in the RIB */, "recurse" ( /* Determines whether the next-hop should be allowed to be looked up recursively - i.e., via a RIB entry which has been installed by a routing protocol, or another static route - rather than needing to be connected directly to an interface of the local system within the current network instance. When the interface reference specified within the next-hop entry is set (i.e., is not null) then forwarding is restricted to being via the interface specified - and recursion is hence disabled. */ ("true" | "false") ), "jnx-aug-openconfig-local-routing:interface-id" arg /* Identifier for the interface */, "set-tag" ( /* In Junos each qualified next-hop can have a tag on its own. This leaf will be used to display tag value of a qualified next-hop. */ time_of_day /* In Junos each qualified next-hop can have a tag on its own. This leaf will be used to display tag value of a qualified next-hop. */ ) ) ), "interface-ref" ( /* Reference to an interface or subinterface */ c( "config" ( /* Configured reference to interface / subinterface */ c( "interface" arg /* Reference to a base interface. If a reference to a subinterface is required, this leaf must be specified to indicate the base interface. */, "subinterface" arg /* Reference to a subinterface -- this requires the base interface to be specified using the interface leaf in this container. If only a reference to a base interface is requuired, this leaf should not be set. */ ) ) ) ) ) ) ) ) ) ) ) ) ) ), "local-aggregates" ( /* Enclosing container for locally-defined aggregate routes */ c( "aggregate" ( /* List of aggregates */ s( arg, c( "config" ( /* Configuration data for aggregate advertisements */ c( "prefix" ( /* Aggregate prefix to be advertised */ time_of_day /* Aggregate prefix to be advertised */ ), "discard" ( /* When true, install the aggregate route with a discard next-hop -- traffic destined to the aggregate will be discarded with no ICMP message generated. When false, traffic destined to an aggregate address when no constituent routes are present will generate an ICMP unreachable message. */ ("true" | "false") ), "set-tag" ( /* Set a generic tag value on the route. This tag can be used for filtering routes that are distributed to other routing protocols. */ time_of_day /* Set a generic tag value on the route. This tag can be used for filtering routes that are distributed to other routing protocols. */ ) ) ) ) ) ) ) ) ) ), "openconfig-vlan:vlans" ( /* Container for VLAN configuration and state variables */ c( "vlan" ( /* Configured VLANs keyed by id */ s( arg, c( "config" ( /* Configuration parameters for VLANs */ c( "vlan-id" arg /* Interface VLAN id. */, "name" arg /* Interface VLAN name. */, "status" ( /* Admin state of the VLAN */ ("ACTIVE" | "SUSPENDED") ) ) ), "members" /* Enclosing container for list of member interfaces */ ) ) ) ) ), "openconfig-telemetry:telemetry-system" ( /* Top level configuration and state for the device's telemetry system. */ c( "sensor-groups" ( /* Top level container for sensor-groups. */ c( "sensor-group" ( /* List of telemetry sensory groups on the local system, where a sensor grouping represents a resuable grouping of multiple paths and exclude filters. */ s( arg, c( "config" ( /* Configuration parameters relating to the telemetry sensor grouping */ c( "sensor-group-id" arg /* Name or identifier for the sensor group itself. Will be referenced by other configuration specifying a sensor group */ ) ), "sensor-paths" ( /* Top level container to hold a set of sensor paths grouped together */ c( "sensor-path" ( /* List of paths in the model which together comprise a sensor grouping. Filters for each path to exclude items are also provided. */ s( arg, c( "config" ( /* Configuration parameters to configure a set of data model paths as a sensor grouping */ c( "path" arg /* Path to a section of operational state of interest (the sensor). */, "exclude-filter" arg /* Filter to exclude certain values out of the state values */ ) ) ) ) ) ) ) ) ) ) ) ), "destination-groups" ( /* Top level container for destination group configuration and state. */ c( "destination-group" ( /* List of destination-groups. Destination groups allow the reuse of common telemetry destinations across the telemetry configuration. An operator references a set of destinations via the configurable destination-group-identifier. A destination group may contain one or more telemetry destinations */ s( arg, c( "config" ( /* Top level config container for destination groups */ c( "group-id" arg /* Unique identifier for the destination group */ ) ), "destinations" ( /* The destination container lists the destination information such as IP address and port of the telemetry messages from the network element. */ c( "destination" ( /* List of telemetry stream destinations */ s( arg, arg, c( "config" ( /* Configuration parameters relating to telemetry destinations */ c( "destination-address" ( /* IP address of the telemetry stream destination */ time_of_day /* IP address of the telemetry stream destination */ ), "destination-port" arg /* Protocol (udp or tcp) port number for the telemetry stream destination */, "destination-protocol" ( /* Protocol used to transmit telemetry data to the collector */ ("TCP" | "UDP") ) ) ) ) ) ) ) ) ) ) ) ) ), "subscriptions" ( /* This container holds information for both persistent and dynamic telemetry subscriptions. */ c( "persistent" ( /* This container holds information relating to persistent telemetry subscriptions. A persistent telemetry subscription is configued locally on the device through configuration, and is persistent across device restarts or other redundancy changes. */ c( "subscription" ( /* List of telemetry subscriptions. A telemetry subscription consists of a set of collection destinations, stream attributes, and associated paths to state information in the model (sensor data) */ s( arg, c( "config" ( /* Config parameters relating to the telemetry subscriptions on the local device */ c( "subscription-id" arg /* Identifer of the telemetry subscription. Will be used by configuration operations needing to modify or delete the telemetry subscription */, "local-source-address" ( /* The IP address which will be the source of packets from the device to a telemetry collector destination. */ time_of_day /* The IP address which will be the source of packets from the device to a telemetry collector destination. */ ), "originated-qos-marking" arg /* DSCP marking of packets generated by the telemetry subsystem on the network device. */ ) ), "sensor-profiles" ( /* A sensor profile is a set of sensor groups or individual sensor paths which are associated with a telemetry subscription. This is the source of the telemetry data for the subscription to send to the defined collectors. */ c( "sensor-profile" ( /* List of telemetry sensor groups used in the subscription */ s( arg, c( "config" ( /* Configuration parameters related to the sensor profile for a subscription */ c( "sensor-group" arg /* Reference to the sensor group which is used in the profile */, "sample-interval" arg /* Time in milliseconds between the device's sample of a telemetry data source. For example, setting this to 100 would require the local device to collect the telemetry data every 100 milliseconds. There can be latency or jitter in transmitting the data, but the sample must occur at the specified interval. The timestamp must reflect the actual time when the data was sampled, not simply the previous sample timestamp + sample-interval. If sample-interval is set to 0, the telemetry sensor becomes event based. The sensor must then emit data upon every change of the underlying data source. */, "heartbeat-interval" arg /* Maximum time interval in seconds that may pass between updates from a device to a telemetry collector. If this interval expires, but there is no updated data to send (such as if suppress_updates has been configured), the device must send a telemetry message to the collector. */, "suppress-redundant" ( /* Boolean flag to control suppression of redundant telemetry updates to the collector platform. If this flag is set to TRUE, then the collector will only send an update at the configured interval if a subscribed data value has changed. Otherwise, the device will not send an update to the collector until expiration of the heartbeat interval. */ ("true" | "false") ) ) ) ) ) ) ) ), "destination-groups" ( /* A subscription may specify destination addresses. If the subscription supplies destination addresses, the network element will be the initiator of the telemetry streaming, sending it to the destination(s) specified. If the destination set is omitted, the subscription preconfigures certain elements such as paths and sample intervals under a specified subscription ID. In this case, the network element will NOT initiate an outbound connection for telemetry, but will wait for an inbound connection from a network management system. It is expected that the network management system connecting to the network element will reference the preconfigured subscription ID when initiating a subscription. */ c( "destination-group" ( /* Identifier of the previously defined destination group */ s( arg, c( "config" ( /* Configuration parameters related to telemetry destinations. */ c( "group-id" arg /* The destination group id references a reusable group of destination addresses and ports for the telemetry stream. */ ) ), "state" ( /* State information related to telemetry destinations */ c( "group-id" arg /* The destination group id references a reusable group of destination addresses and ports for the telemetry stream. */ ) ) ) ) ) ) ) ) ) ) ) ), "dynamic" /* This container holds information relating to dynamic telemetry subscriptions. A dynamic subscription is typically configured through an RPC channel, and does not persist across device restarts, or if the RPC channel is reset or otherwise torn down. */ ) ) ) ), "openconfig-qos:qos" ( /* Top-level container for QoS data */ c( "config" /* Configuration data for global QoS */, "interfaces" ( /* Enclosing container for the list of interface references */ c( "interface" ( /* List of interfaces referenced by QoS entities. */ s( arg, c( "config" ( /* Configuration data */ c( "interface-id" arg /* Identifier for the interface. */ ) ), "interface-ref" ( /* Reference to an interface or subinterface */ c( "config" ( /* Configured reference to interface / subinterface */ c( "interface" arg /* Reference to a base interface. If a reference to a subinterface is required, this leaf must be specified to indicate the base interface. */, "subinterface" arg /* Reference to a subinterface -- this requires the base interface to be specified using the interface leaf in this container. If only a reference to a base interface is requuired, this leaf should not be set. */ ) ) ) ), "input" ( /* Top-level container for QoS data for the ingress interface */ c( "config" /* Configuration data for QoS on ingress interface */, "classifiers" ( /* Classifiers to be applied to the interface. */ c( "classifier" ( /* A list of classifiers that should be applied to the interface */ s( arg, c( "config" ( /* Configuration parameters for the list of classifiers. */ c( "name" arg /* Reference to the classifier to be applied to ingress traffic on the interface */, "type" ( /* Type of packets matched by the classifier. */ ("IPV4" | "IPV6" | "MPLS") ) ) ), "terms" ( /* Enclosing container for the list of match terms in the classifier */ c( "term" ( /* List of match terms in the classifier associated with the interface */ s( arg, c( "config" ( /* Configuration data for match terms in the classifier associated with an interface */ c( "id" arg /* Reference to match terms in the classifier */ ) ) ) ) ) ) ) ) ) ) ) ), "queues" ( /* Surrounding container for a list of queues that are instantiated on an interface. */ c( "queue" arg ( /* Top-level container for the queue associated with this interface */ c( "config" ( /* Configuration data for the queue associated with the interface */ c( "name" arg /* Reference to the queue associated with this interface. A queue may be explicitly configured, or implicitly created by the system based on default queues that are instantiated by a hardware component, or are assumed to be default on the system. */ ) ) ) ) ) ), "scheduler-policy" ( /* Scheduler policy associated with the interface. */ c( "config" ( /* Configuration parameters relating to a scheduler policy on an interface. */ c( "name" arg /* The scheduler policy to be applied to traffic on this interface. */ ) ) ) ), "virtual-output-queues" ( /* Surrounding container for the list of egress interfaces for which virtual output queues are instantiated on this interface. */ c( "voq-interface" arg ( /* List of egress interfaces for which a virtual output queue is instantiated at this interface. */ c( "config" ( /* Configuration parameters relating to the interface for which the VOQs are instantiated. */ c( "name" arg /* Name used to refer to the egress interface. */ ) ), "queues" ( /* Surrounding container for a list of queues that are instantiated on an interface. */ c( "queue" arg ( /* Top-level container for the queue associated with this interface */ c( "config" ( /* Configuration data for the queue associated with the interface */ c( "name" arg /* Reference to the queue associated with this interface. A queue may be explicitly configured, or implicitly created by the system based on default queues that are instantiated by a hardware component, or are assumed to be default on the system. */ ) ) ) ) ) ) ) ) ) ) ) ), "output" ( /* Top-level container for QoS data related to the egress interface */ c( "config" /* Configuration data for QoS on the egress interface */, "interface-ref" ( /* Reference to an interface or subinterface */ c( "config" ( /* Configured reference to interface / subinterface */ c( "interface" arg /* Reference to a base interface. If a reference to a subinterface is required, this leaf must be specified to indicate the base interface. */, "subinterface" arg /* Reference to a subinterface -- this requires the base interface to be specified using the interface leaf in this container. If only a reference to a base interface is requuired, this leaf should not be set. */ ) ) ) ), "classifiers" ( /* Classifiers to be applied to the interface. */ c( "classifier" ( /* A list of classifiers that should be applied to the interface */ s( arg, c( "config" ( /* Configuration parameters for the list of classifiers. */ c( "name" arg /* Reference to the classifier to be applied to ingress traffic on the interface */, "type" ( /* Type of packets matched by the classifier. */ ("IPV4" | "IPV6" | "MPLS") ) ) ), "terms" ( /* Enclosing container for the list of match terms in the classifier */ c( "term" ( /* List of match terms in the classifier associated with the interface */ s( arg, c( "config" ( /* Configuration data for match terms in the classifier associated with an interface */ c( "id" arg /* Reference to match terms in the classifier */ ) ) ) ) ) ) ) ) ) ) ) ), "queues" ( /* Surrounding container for a list of queues that are instantiated on an interface. */ c( "queue" arg ( /* Top-level container for the queue associated with this interface */ c( "config" ( /* Configuration data for the queue associated with the interface */ c( "name" arg /* Reference to the queue associated with this interface. A queue may be explicitly configured, or implicitly created by the system based on default queues that are instantiated by a hardware component, or are assumed to be default on the system. */ ) ) ) ) ) ), "scheduler-policy" ( /* Scheduler policy associated with the interface. */ c( "config" ( /* Configuration parameters relating to a scheduler policy on an interface. */ c( "name" arg /* The scheduler policy to be applied to traffic on this interface. */ ) ) ) ) ) ) ) ) ) ) ), "classifiers" ( /* Enclosing container for QoS classifiers */ c( "classifier" arg ( /* List of classifier elements */ c( "config" ( /* Configuration data for classifers */ c( "name" arg /* User-assigned name of the classifier */, "type" ( /* Type of classifier. */ ("IPV4" | "IPV6" | "MPLS" | "ETHERNET") ) ) ), "terms" ( /* Enclosing container for ths list of terms */ c( "term" ( /* List of match terms used in the classifier */ s( arg, c( "config" ( /* Configuration data for list of match criteria in a QoS classifier */ c( "id" arg /* Identifier for the match term */ ) ), "conditions" ( /* Conditions for the classifier term. Packets must match all of the criteria specified within the match condition to be considered matching the term. */ c( "l2" ( /* Ethernet header fields */ c( "config" ( /* Configuration data */ c( "source-mac" arg /* Source IEEE 802 MAC address. */, "source-mac-mask" arg /* Source IEEE 802 MAC address mask. */, "destination-mac" arg /* Destination IEEE 802 MAC address. */, "destination-mac-mask" arg /* Destination IEEE 802 MAC address mask. */, "ethertype" arg /* Ethertype field to match in Ethernet packets */ ) ) ) ), "ipv4" ( /* Top level container for IPv4 match field data */ c( "config" ( /* Configuration data for IPv4 match fields */ c( "source-address" arg /* Source IPv4 address prefix. */, "destination-address" arg /* Destination IPv4 address prefix. */, "dscp" arg /* Value of diffserv codepoint. */, "protocol" arg /* The protocol carried in the IP packet, expressed either as its IP protocol number, or by a defined identity. */, "hop-limit" arg /* The IP packet's hop limit -- known as TTL (in hops) in IPv4 packets, and hop limit in IPv6 */ ) ) ) ), "ipv6" ( /* Top-level container for IPv6 match field data */ c( "config" ( /* Configuration data for IPv6 match fields */ c( "source-address" arg /* Source IPv6 address prefix. */, "source-flow-label" arg /* Source IPv6 Flow label. */, "destination-address" arg /* Destination IPv6 address prefix. */, "destination-flow-label" arg /* Destination IPv6 Flow label. */, "dscp" arg /* Value of diffserv codepoint. */, "protocol" arg /* The protocol carried in the IP packet, expressed either as its IP protocol number, or by a defined identity. */, "hop-limit" arg /* The IP packet's hop limit -- known as TTL (in hops) in IPv4 packets, and hop limit in IPv6 */ ) ) ) ), "transport" ( /* Transport fields container */ c( "config" ( /* Configuration data */ c( "source-port" ( /* Source port or range */ time_of_day /* Source port or range */ ), "destination-port" ( /* Destination port or range */ time_of_day /* Destination port or range */ ), "tcp-flags" ( /* List of TCP flags to match */ ("TCP_CWR" | "TCP_ECE" | "TCP_URG" | "TCP_ACK" | "TCP_PSH" | "TCP_RST" | "TCP_FIN" | "TCP_SYN") ) ) ) ) ), "mpls" ( /* MPLS header fields */ c( "config" ( /* Configuration parameters relating to fields within the MPLS header. */ c( "traffic-class" arg /* The value of the MPLS traffic class (TC) bits, formerly known as the EXP bits. */ ) ) ) ) ) ), "actions" ( /* Actions to be applied for packets matching the specified classification rules. */ c( "config" ( /* Actions to be applied to packets that match the classifier term. */ c( "target-group" arg /* References the forwarding group or class to which the matched packets should be assigned */ ) ), "remark" ( /* Remark actions to be associated with packets that match the classifier term. Where a packet matches these criteria, the specified rewrite actions should be performed. */ c( "config" ( /* Configuration parameters relating to remarking packets. */ c( "set-dscp" arg /* Sets the 6-bit DSCP (differentiated services code point) value in the IP packet header. */, "set-dot1p" arg /* Sets the 3-bit class-of-service value in the Ethernet packet header for 802.1Q VLAN-tagged packets, also known as PCP (priority code point). */, "set-mpls-tc" arg /* Sets the 3-bit traffic class value (also referred to as EXP or CoS) in MPLS packets. */ ) ) ) ) ) ) ) ) ) ) ) ) ) ) ), "forwarding-groups" ( /* Enclosing container for list of forwarding groups */ c( "forwarding-group" arg ( /* List of forwarding groups. Forwarding groups are logical groups of traffic that will receive common forwarding treatment. */ c( "config" ( /* Configuration data for forwarding groups */ c( "name" arg /* Name of the forwarding group */, "fabric-priority" arg /* Set the priority for the forwarding group for local transmission through the device, e.g., across a switching fabric. Higher priorities are considered to be better, such that traffic with fabric priority 128 is considered to be higher priority than that with fabric priority 0. */, "output-queue" arg /* Queue for packets in this forwarding group. */ ) ) ) ) ) ), "queues" ( /* Enclosing container for the list of queues */ c( "queue" arg ( /* List of defined queues */ c( "config" ( /* Configuration data for queues */ c( "name" arg /* User-defined name of the queue */, "queue-type" ( /* Sets the type of the queue */ ("WRED" | "RED" | "DROP_TAIL") ) ) ), "red" ( /* Top-level container for data related to RED-managed queues */ c( "config" ( /* Configuration data for RED queues */ c( "minth" arg /* The mininum threshold parameter for a RED-managed queue. When the average queue length is less than minth, all packets are admitted to the queue. */, "maxth" arg /* The maximum threshold parameter for a RED-managed queue. When the average queue length exceeds the maxth value, all packets are dropped (or marked if ECN is enabled). */ ) ) ) ), "wred" ( /* Top-level container for WRED data */ c( "config" /* Configuration data for WRED */ ) ) ) ) ) ), "scheduler-policies" ( /* Enclosing container for the list of configured scheduler policies. */ c( "scheduler-policy" arg ( /* List of scheduler policies. A scheduler policy is a set of schedulers that are to be applied together. Each scheduler within a scheduler policy takes an input, and outputs it according to a scheduling discipline that is specified within it. The schedulers consume resources according to the specification that is provided - which may be absolute resource limits, or relative. */ c( "config" ( /* Configuration parameters relating to a scheduler policy. */ c( "name" arg /* Name for the scheduler policy. */ ) ), "schedulers" ( /* Schedulers within the scheduler policy. */ c( "scheduler" ( /* List of defined QoS traffic schedulers. */ s( arg, c( "config" ( /* Configuration data for QoS schedulers */ c( "sequence" arg /* Sequence number for the scheduler within the scheduler policy. Schedulers are processed from lowest sequence to highest. */, "type" ( /* Sets the type of scheduler, i.e. the scheduling algorithm used to serve inputs. */ ("TWO_RATE_THREE_COLOR" | "ONE_RATE_TWO_COLOR") ), "priority" ( /* Priority of the scheduler within the scheduler policy. */ ("STRICT") ) ) ), "inputs" ( /* Enclosing container */ c( "input" ( /* List of input sources for the scheduler. */ s( arg, c( "config" ( /* Configuration data for scheduler input sources */ c( "id" arg /* User-defined identifier for the scheduler input */, "input-type" ( /* Describes the type of input source for the scheduler */ ("QUEUE" | "IN_PROFILE" | "OUT_PROFILE") ), "queue" arg /* Reference to a queue that is an input source for the scheduler */, "weight" arg /* For priority schedulers, this indicates the priority of the corresponding input. Higher values indicate higher priority. For weighted round-robin schedulers, this leaf indicates the weight of the corresponding input. */ ) ) ) ) ) ) ), "output" ( /* Top-level container for scheduler output data */ c( "config" ( /* Configuration data for scheduler output */ c( "output-type" ( /* Describes the type of output sink for the scheduler. */ ("SCHEDULER" | "FWD_GROUP" | "INTERFACE") ), "child-scheduler" arg /* When the scheduler output type is a child scheduler, this leaf provides a reference to the downstream scheduler. */, "output-fwd-group" arg /* When the scheduler output type is a forwarding group, this leaf provides a reference to the forwarding group. */ ) ) ) ), "one-rate-two-color" ( /* Top-level container for data related to a 1 rate, 2 color shaper. */ c( "config" ( /* Configuration data for 1 rate, 2 color shapers */ c( "cir" arg /* Committed information rate for the single-rate token bucket scheduler. This value represents the rate at which tokens are added to the bucket. */, "cir-pct" arg /* Committed information rate for the single-rate token bucket scheduler. This value represents the rate at which tokens are added to the bucket. It is expressed as a percentage of the total bandwidth allocated to the context in which the scheduler is referenced. */, "cir-pct-remaining" arg /* Committed information rate for the single-rate token bucket scheduler. This value represents the rate at which tokens are added to the bucket. It is expressed as a percentage of the unallocated bandwidth available in the context in which the scheduled is referenced. */, "bc" arg /* Committed burst size for the single-rate token bucket scheduler. This value represents the depth of the token bucket. */, "queuing-behavior" ( /* The type of scheduler that is being configured. */ ("SHAPE" | "POLICE") ), "max-queue-depth-bytes" arg /* When the scheduler is specified to be a shaper - the maximum depth of the queue in bytes is the value specified by this leaf. */, "max-queue-depth-packets" arg /* When the scheduler is specified to be a shaper - the maximum depth of the queue in packets is the value specified by this leaf. */, "max-queue-depth-percent" arg /* The queue depth specified as a percentage of the total available buffer that is avaialble. */ ) ), "conform-action" ( /* Action to be applied to packets that are scheduled within the CIR of the one-rate, two-colour scheduler. Packets that receive a token from the in-CIR bucket are said to be conforming and have all of the specified actions applied. */ c( "config" ( /* Configuration parameters relating to conforming packets for the 1r2c scheduler. */ c( "set-dscp" arg /* Sets the 6-bit DSCP (differentiated services code point) value in the IP packet header. */, "set-dot1p" arg /* Sets the 3-bit class-of-service value in the Ethernet packet header for 802.1Q VLAN-tagged packets, also known as PCP (priority code point). */, "set-mpls-tc" arg /* Sets the 3-bit traffic class value (also referred to as EXP or CoS) in MPLS packets. */ ) ) ) ), "exceed-action" ( /* Action to be applied to packets that are scheduled above the CIR of the one-rate, two-colour shaper. Packets that do not receive a token from the in-CIR bucket are said to be exceeding, and have all of the specified actions applied. */ c( "config" ( /* Configuration parameters relating to exceeding packets for the 1r2c scheduler. */ c( "set-dscp" arg /* Sets the 6-bit DSCP (differentiated services code point) value in the IP packet header. */, "set-dot1p" arg /* Sets the 3-bit class-of-service value in the Ethernet packet header for 802.1Q VLAN-tagged packets, also known as PCP (priority code point). */, "set-mpls-tc" arg /* Sets the 3-bit traffic class value (also referred to as EXP or CoS) in MPLS packets. */, "drop" ( /* If set to true, packets within this context are dropped. */ ("true" | "false") ) ) ) ) ) ) ), "two-rate-three-color" ( /* Top-level container for data for a 2 rate, 3 color policer. */ c( "config" ( /* Configuration data for 2 rate, 3 color policers. */ c( "cir" arg /* Committed information rate for the dual-rate token bucket policer. This value represents the rate at which tokens are added to the primary bucket. */, "cir-pct" arg /* Committed information rate for the dual-rate token bucket policer. This value represents the rate at which tokens are added to the primary bucket. It is expressed as a percentage of the total bandwidth available within the context the scheduler is instantiated. */, "cir-pct-remaining" arg /* Committed information rate for the dual-rate token bucket policer. This value represents the rate at which tokens are added to the primary bucket. It is expressed as a percentage of the remaining bandwidth within the context the scheduler is instantiated. */, "pir" arg /* Peak information rate for the dual-rate token bucket policer. This value represents the rate at which tokens are added to the secondary bucket. */, "pir-pct" arg /* Peak information rate for the dual-rate token bucket policer. This value represents the rate at which tokens are added to the secondary bucket. The value is expressed as a percentage of the total bandwidth available in the context in which the scheduler is instantiated. */, "pir-pct-remaining" arg /* Peak information rate for the dual-rate token bucket policer. This value represents the rate at which tokens are added to the secondary bucket. It is expressed as a percentage of the remaining bandwidth within the context the scheduler is instantiated. */, "bc" arg /* Committed burst size for the dual-rate token bucket policer. This value represents the depth of the token bucket. */, "be" arg /* Excess burst size for the dual-rate token bucket policer. This value represents the depth of the secondary bucket. */ ) ), "conform-action" ( /* Action to be applied to the packets that are scheduled within the CIR of the policer. All packets that receive a token from this bucket have all actions specified applied to them */ c( "config" ( /* Configuration parameters for the conform action of a 2r3c policer. */ c( "set-dscp" arg /* Sets the 6-bit DSCP (differentiated services code point) value in the IP packet header. */, "set-dot1p" arg /* Sets the 3-bit class-of-service value in the Ethernet packet header for 802.1Q VLAN-tagged packets, also known as PCP (priority code point). */, "set-mpls-tc" arg /* Sets the 3-bit traffic class value (also referred to as EXP or CoS) in MPLS packets. */ ) ) ) ), "exceed-action" ( /* Action to be applied to the packets that are scheduled within the PIR of the policer. Packets that receive a token from within the PIR allocation have all the specified actions applied to them */ c( "config" ( /* Configuration parameters relating to the action applied to exceeding packets. */ c( "set-dscp" arg /* Sets the 6-bit DSCP (differentiated services code point) value in the IP packet header. */, "set-dot1p" arg /* Sets the 3-bit class-of-service value in the Ethernet packet header for 802.1Q VLAN-tagged packets, also known as PCP (priority code point). */, "set-mpls-tc" arg /* Sets the 3-bit traffic class value (also referred to as EXP or CoS) in MPLS packets. */, "drop" ( /* If set to true, packets within this context are dropped. */ ("true" | "false") ) ) ) ) ), "violate-action" ( /* Action to be applied to the packets that are scheduled above the PIR of the policer. Packets that do not receive a token from either bucket have all specified actions applied to them. */ c( "config" ( /* Configuration parameters relating to the action applied to violating packets. */ c( "set-dscp" arg /* Sets the 6-bit DSCP (differentiated services code point) value in the IP packet header. */, "set-dot1p" arg /* Sets the 3-bit class-of-service value in the Ethernet packet header for 802.1Q VLAN-tagged packets, also known as PCP (priority code point). */, "set-mpls-tc" arg /* Sets the 3-bit traffic class value (also referred to as EXP or CoS) in MPLS packets. */, "drop" ( /* If set to true, packets within this context are dropped. */ ("true" | "false") ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ), "openconfig-platform:components" ( /* Enclosing container for the components in the system. */ c( "component" arg ( /* List of components, keyed by component name. */ c( "config" ( /* Configuration data for each component */ c( "name" arg /* Device name for the component -- this may not be a configurable parameter on many implementations. Where component preconfiguration is supported, for example, the component name may be configurable. */ ) ), "properties" ( /* Enclosing container */ c( "property" arg ( /* List of system properties for the component */ c( "config" ( /* Configuration data for each property */ c( "name" arg /* System-supplied name of the property -- this is typically non-configurable */, "value" arg /* Property values can take on a variety of types. Signed and unsigned integer types may be provided in smaller sizes, e.g., int8, uint16, etc. */ ) ) ) ) ) ), "subcomponents" ( /* Enclosing container for subcomponent references */ c( "subcomponent" arg ( /* List of subcomponent references */ c( "config" ( /* Configuration data for the subcomponent */ c( "name" arg /* Reference to the name of the subcomponent */ ) ) ) ) ) ), "chassis" ( /* Data for chassis components */ c( "config" /* Configuration data for chassis components */ ) ), "port" ( /* Data for physical port components */ c( "config" /* Configuration data for physical port components */, "openconfig-platform-port:breakout-mode" ( /* Top-level container for port breakout data */ c( "config" ( /* Configuration data for port breakout */ c( "num-channels" arg /* Sets the number of channels to 'breakout' on a port capable of channelization */, "channel-speed" ( /* Sets the channel speed on each channel -- the supported values are defined by the ETHERNET_SPEED identity */ ("SPEED_UNKNOWN" | "SPEED_800GB" | "SPEED_600GB" | "SPEED_400GB" | "SPEED_200GB" | "SPEED_100GB" | "SPEED_50GB" | "SPEED_40GB" | "SPEED_25GB" | "SPEED_10GB" | "SPEED_5GB" | "SPEED_2500MB" | "SPEED_1GB" | "SPEED_100MB" | "SPEED_10MB") ) ) ) ) ) ) ), "power-supply" ( /* Data for power supply components */ c( "config" /* Configuration data for power supply components */ ) ), "fan" ( /* Data for fan components */ c( "config" /* Configuration data for fan components */ ) ), "fabric" ( /* Data for fabric components */ c( "config" /* Configuration data for fabric components */ ) ), "storage" ( /* Data for storage components */ c( "config" /* Configuration data for storage components */ ) ), "cpu" ( /* Data for cpu components */ c( "config" /* Configuration data for cpu components */, "openconfig-platform-cpu:utilization" /* Statistics representing CPU utilization of the component. */ ) ), "integrated-circuit" ( /* Data for chip components, such as ASIC, NPUs, etc. */ c( "config" /* Configuration data for chip components */ ) ), "backplane" ( /* Data for backplane components */ c( "config" /* Configuration data for backplane components */ ) ), "openconfig-platform-transceiver:transceiver" ( /* Top-level container for client port transceiver data */ c( "config" ( /* Configuration data for client port transceivers */ c( "enabled" ( /* Turns power on / off to the transceiver -- provides a means to power on/off the transceiver (in the case of SFP, SFP+, QSFP,...) or enable high-power mode (in the case of CFP, CFP2, CFP4) and is optionally supported (device can choose to always enable). True = power on / high power, False = powered off */ ("true" | "false") ), "form-factor-preconf" ( /* Indicates the type of optical transceiver used on this port. If the client port is built into the device and not pluggable, then non-pluggable is the corresponding state. If a device port supports multiple form factors (e.g. QSFP28 and QSFP+, then the value of the transceiver installed shall be reported. If no transceiver is present, then the value of the highest rate form factor shall be reported (QSFP28, for example). The form factor is included in configuration data to allow pre-configuring a device with the expected type of transceiver ahead of deployment. The corresponding state leaf should reflect the actual transceiver type plugged into the system. */ ("OTHER" | "NON_PLUGGABLE" | "X2" | "XFP" | "SFP_PLUS" | "SFP" | "QSFP28" | "QSFP" | "CFP4" | "CFP2_ACO" | "CFP2" | "CFP") ), "ethernet-pmd-preconf" ( /* The Ethernet PMD is a property of the optical transceiver used on the port, indicating the type of physical connection. It is included in configuration data to allow pre-configuring a port/transceiver with the expected PMD. The actual PMD is indicated by the ethernet-pmd state leaf. */ ("ETH_UNDEFINED" | "ETH_100GBASE_CR4" | "ETH_100GBASE_PSM4" | "ETH_100GBASE_CLR4" | "ETH_100GBASE_CWDM4" | "ETH_100GBASE_ER4" | "ETH_100GBASE_LR4" | "ETH_100GBASE_SR4" | "ETH_100GBASE_SR10" | "ETH_100G_ACC" | "ETH_100G_AOC" | "ETH_4X10GBASE_SR" | "ETH_4X10GBASE_LR" | "ETH_40GBASE_PSM4" | "ETH_40GBASE_ER4" | "ETH_40GBASE_LR4" | "ETH_40GBASE_SR4" | "ETH_40GBASE_CR4" | "ETH_10GBASE_SR" | "ETH_10GBASE_ER" | "ETH_10GBASE_ZR" | "ETH_10GBASE_LR" | "ETH_10GBASE_LRM") ) ) ), "physical-channels" ( /* Enclosing container for client channels */ c( "channel" ( /* List of client channels, keyed by index within a physical client port. A physical port with a single channel would have a single zero-indexed element */ s( arg, c( "config" ( /* Configuration data for physical channels */ c( "index" arg /* Index of the physical channnel or lane within a physical client port */, "description" arg /* Text description for the client physical channel */, "tx-laser" ( /* Enable (true) or disable (false) the transmit label for the channel */ ("true" | "false") ), "target-output-power" arg /* Target output optical power level of the optical channel, expressed in increments of 0.01 dBm (decibel-milliwats) */ ) ) ) ) ) ) ) ) ) ) ) ) ), "openconfig-lldp:lldp" ( /* Top-level container for LLDP configuration and state data */ c( "config" ( /* Configuration data */ c( "enabled" ( /* System level state of the LLDP protocol. */ ("true" | "false") ), "hello-timer" arg /* System level hello timer for the LLDP protocol. */, "suppress-tlv-advertisement" ( /* Indicates whether the local system should suppress the advertisement of particular TLVs with the LLDP PDUs that it transmits. Where a TLV type is specified within this list, it should not be included in any LLDP PDU transmitted by the local agent. */ ("MANAGEMENT_ADDRESS" | "SYSTEM_CAPABILITIES" | "SYSTEM_DESCRIPTION" | "SYSTEM_NAME" | "PORT_DESCRIPTION" | "PORT_ID" | "CHASSIS_ID") ), "system-name" arg /* The system name field shall contain an alpha-numeric string that indicates the system's administratively assigned name. The system name should be the system's fully qualified domain name. If implementations support IETF RFC 3418, the sysName object should be used for this field. */, "system-description" arg /* The system description field shall contain an alpha-numeric string that is the textual description of the network entity. The system description should include the full name and version identification of the system's hardware type, software operating system, and networking software. If implementations support IETF RFC 3418, the sysDescr object should be used for this field. */, "chassis-id" arg /* The Chassis ID is a mandatory TLV which identifies the chassis component of the endpoint identifier associated with the transmitting LLDP agent */, "chassis-id-type" ( /* This field identifies the format and source of the chassis identifier string. It is an enumerator defined by the LldpChassisIdSubtype object from IEEE 802.1AB MIB. */ ("CHASSIS_COMPONENT" | "INTERFACE_ALIAS" | "PORT_COMPONENT" | "MAC_ADDRESS" | "NETWORK_ADDRESS" | "INTERFACE_NAME" | "LOCAL") ) ) ), "interfaces" ( /* Enclosing container */ c( "interface" arg ( /* List of interfaces on which LLDP is enabled / available */ c( "config" ( /* Configuration data for LLDP on each interface */ c( "name" arg /* Reference to the LLDP Ethernet interface */, "enabled" ( /* Enable or disable the LLDP protocol on the interface. */ ("true" | "false") ) ) ) ) ) ) ) ) ), "ietf-interfaces:interfaces" ( /* Interface configuration parameters. */ c( "interface" arg ( /* The list of configured interfaces on the device. The operational state of an interface is available in the /interfaces-state/interface list. If the configuration of a system-controlled interface cannot be used by the system (e.g., the interface hardware present does not match the interface type), then the configuration is not applied to the system-controlled interface shown in the /interfaces-state/interface list. If the configuration of a user-controlled interface cannot be used by the system, the configured interface is not instantiated in the /interfaces-state/interface list. */ c( "description" arg /* A textual description of the interface. A server implementation MAY map this leaf to the ifAlias MIB object. Such an implementation needs to use some mechanism to handle the differences in size and characters allowed between this leaf and ifAlias. The definition of such a mechanism is outside the scope of this document. Since ifAlias is defined to be stored in non-volatile storage, the MIB implementation MUST map ifAlias to the value of 'description' in the persistently stored datastore. Specifically, if the device supports ':startup', when ifAlias is read the device MUST return the value of 'description' in the 'startup' datastore, and when it is written, it MUST be written to the 'running' and 'startup' datastores. Note that it is up to the implementation to decide whether to modify this single leaf in 'startup' or perform an implicit copy-config from 'running' to 'startup'. If the device does not support ':startup', ifAlias MUST be mapped to the 'description' leaf in the 'running' datastore. */, "type" ( /* The type of the interface. When an interface entry is created, a server MAY initialize the type leaf with a valid value, e.g., if it is possible to derive the type from the name of the interface. If a client tries to set the type of an interface to a value that can never be used by the system, e.g., if the type is not supported or if the type does not match the name of the interface, the server MUST reject the request. A NETCONF server MUST reply with an rpc-error with the error-tag 'invalid-value' in this case. */ ("iana-interface-type") ), "enabled" ( /* This leaf contains the configured, desired state of the interface. Systems that implement the IF-MIB use the value of this leaf in the 'running' datastore to set IF-MIB.ifAdminStatus to 'up' or 'down' after an ifEntry has been initialized, as described in RFC 2863. Changes in this leaf in the 'running' datastore are reflected in ifAdminStatus, but if ifAdminStatus is changed over SNMP, this leaf is not affected. */ ("true" | "false") ), "link-up-down-trap-enable" ( /* Controls whether linkUp/linkDown SNMP notifications should be generated for this interface. If this node is not configured, the value 'enabled' is operationally used by the server for interfaces that do not operate on top of any other interface (i.e., there are no 'lower-layer-if' entries), and 'disabled' otherwise. */ ("enabled" | "disabled") ) ) ) ) ) ) end rule(:aaa_profile) do arg.as(:arg) ( c( "radius" ( /* Specify RADIUS options */ aaa_profile_radius /* Specify RADIUS options */ ) ) ) end rule(:aaa_profile_radius) do c( "authentication" ( /* Specify RADIUS authentication parameters */ c( "network-element" arg /* The network-element used for authentication */ ) ), "accounting" ( /* Specify RADIUS accounting parameters */ c( "network-element" arg /* The network-element used for accounting */ ) ), "policy" ( /* Specify RADIUS policy parameters */ c( "activation-attribute" ( /* Configure the attribute used for policy activation */ c( "code" arg /* Attribute code */, "vendor-id" arg /* Attribute vendor-id */ ) ), "deactivation-attribute" ( /* Configure the attribute used for policy deactivation */ c( "code" arg /* Attribute code */, "vendor-id" arg /* Attribute vendor-id */ ) ), "coa-accounting" ( /* Allow/disallow accounting to the CoA server */ ("allow" | "disallow") ) ) ) ) end rule(:aaa_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("init" | "config" | "general" | "request" | "response" | "high-availability" | "debug" | "request-in" | "request-out" | "response-in" | "response-out" | "client-request-in" | "client-request-out" | "all")) /* Tracing parameters */.as(:oneline), "protocol" enum(("radius" | "diameter" | "all")) /* AAA Protocol to trace */.as(:oneline) ) end rule(:aacl_rule_object) do arg.as(:arg) ( c( "dynamic" /* Make rule dynamic */, "match-direction" ( /* Direction for which the rule match is applied */ ("input" | "output" | "input-output") ), "term" arg ( /* One or more terms in AACL rule */ c( "from" ( /* Match criteria */ aacl_match_object /* Match criteria */ ), "then" ( /* Action to take if the 'from' condition is matched */ c( "forwarding-class" arg /* Forwarding class assigned to outgoing packets */, "count" ( /* Count packets by application or Application group */ ("none" | "application" | "application-group" | "application-group-any" | "nested-application") ), "log" ( /* Log session information for this application match */ ("none" | "session-start" | "session-start-end" | "session-start-end-no-stats" | "session-start-interim-end" | "session-interim-end" | "session-end") ), "police" arg /* Policer name */, c( "accept" /* Accept the packet */, "discard" /* Discard the packet */ ) ) ) ) ) ) ) end rule(:aacl_match_object) do c( "source-address" ( /* Match IP source address */ sfw_addr_object /* Match IP source address */ ), "destination-address" ( /* Match IP destination address */ sfw_addr_object /* Match IP destination address */ ), "source-address-range" ( /* Match IP source address range */ s( "low" arg /* Lower limit of address range */, "high" arg /* Upper limit of address range */, c( "except" /* Match address not in this prefix */ ) ) ).as(:oneline), "source-prefix-list" arg ( /* One or more named lists of source prefixes to match */ sc( "except" /* Name of prefix list not to match against */ ) ).as(:oneline), "destination-address-range" ( /* Match IP destination address range */ s( "low" arg /* Lower limit of address range */, "high" arg /* Upper limit of address range */, c( "except" /* Match address not in this prefix */ ) ) ).as(:oneline), "destination-prefix-list" arg ( /* One or more named lists of destination prefixes to match */ sc( "except" /* Name of prefix list not to match against */ ) ).as(:oneline), c( "application-group-any" /* Use to wildcard or match any application group */, "application-unknown" /* Use to specify unknown application as the match criteria. */, "nested-application-unknown" /* Use to specify unknown nested application as the match criteria. */, "applications" arg /* Match one or more applications */, "nested-applications" arg /* Match one or more nested-applications */, "application-groups" arg /* Match one or more applications */ ) ) end rule(:advisory_options_type) do c( "upstream-rate" arg /* Recommended upstream shaping rate */, "downstream-rate" arg /* Recommended downstream shaping rate */ ) end rule(:aggregate_load_balance) do c( c( "per-packet" /* Per packet */, "no-adaptive" /* Disable adaptive */, "adaptive" ( /* Enable adaptive load balancing by re-programming selector table */ c( "tolerance" arg /* Target tolerance in percentage (default 20%) */, "pps" /* Adaptive load balance based on packet per second (default bps) */, "scan-interval" arg /* Scan interval for multiple of 30 seconds (default 30 seconds) */ ) ) ), "local-bias" arg /* Local bias in percentage */ ) end rule(:any_filter) do arg.as(:arg) ( c( "interface-specific" /* Defined counters are interface specific */, "interface-shared" /* Filter is interface-shared */, "term" arg ( /* Define a firewall term */ c( "from" ( /* Define match criteria */ c( "interface" ( /* Match interface name */ match_interface_object_oam /* Match interface name */ ), "interface-set" ( /* Match interface in set */ match_interface_set_object /* Match interface in set */ ), c( "packet-length" arg, "packet-length-except" arg ), c( "forwarding-class" arg, "forwarding-class-except" arg ), c( "loss-priority" ( ("low" | "high" | "medium-low" | "medium-high") ), "loss-priority-except" ( ("low" | "high" | "medium-low" | "medium-high") ) ), c( "policy-map" arg, "policy-map-except" arg ), "service-filter-hit" /* Match if service-filter-hit is set */, c( "learn-vlan-1p-priority" arg, "learn-vlan-1p-priority-except" arg ), c( "user-vlan-1p-priority" arg, "user-vlan-1p-priority-except" arg ), "destination-mac-address" ( /* Destination MAC address */ firewall_mac_addr_object /* Destination MAC address */ ), "source-mac-address" ( /* Source MAC address */ firewall_mac_addr_object /* Source MAC address */ ), c( "user-vlan-id" arg, "user-vlan-id-except" arg ), c( "learn-vlan-id" arg, "learn-vlan-id-except" arg ), c( "ether-type" ( ("ipv4" | "ipv6" | "arp" | "appletalk" | "sna" | "aarp" | "ppp" | "mpls-unicast" | "mpls-multicast" | "pppoe-discovery" | "pppoe-session" | "oam" | "fcoe" | "fip" | "vlan" | arg) ), "ether-type-except" ( ("ipv4" | "ipv6" | "arp" | "appletalk" | "sna" | "aarp" | "ppp" | "mpls-unicast" | "mpls-multicast" | "pppoe-discovery" | "pppoe-session" | "oam" | "fcoe" | "fip" | "vlan" | arg) ) ), "ip-version" ( /* Define IP version */ c( "ipv4" ( /* Define L3/L4 match items to match IPv4 packets */ c( c( "ip-protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "ip-protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "icmp-type" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ), "icmp-type-except" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ) ), c( "icmp-code" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ), "icmp-code-except" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "ip-precedence" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ), "ip-precedence-except" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ) ), c( "dscp" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "dscp-except" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ) ), "ip-source-address" ( /* Match IP source address */ firewall_addr_object /* Match IP source address */ ), "ip-destination-address" ( /* Match IP destination address */ firewall_addr_object /* Match IP destination address */ ), "source-prefix-list" ( /* Match IP source prefixes in named list */ firewall_prefix_list /* Match IP source prefixes in named list */ ), "destination-prefix-list" ( /* Match IP destination prefixes in named list */ firewall_prefix_list /* Match IP destination prefixes in named list */ ), "tcp-flags" arg /* Match TCP flags (in symbolic or hex formats) - (Ingress only) */, "tcp-initial" /* Match initial packet of a TCP connection - (Ingress only) */, "tcp-established" /* Match packet of an established TCP connection */, "is-fragment" /* Match if packet is a fragment */ ) ), "ipv6" ( /* Define L3/L4 match items to match IPv6 packets */ c( "ip6-source-address" ( /* Match source address */ firewall_addr6_object /* Match source address */ ), "ip6-destination-address" ( /* Match destination address */ firewall_addr6_object /* Match destination address */ ), c( "icmp-type" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ), "icmp-type-except" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ) ), c( "icmp-code" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ), "icmp-code-except" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), "source-prefix-list" ( /* Match IP source prefixes in named list */ firewall_prefix_list /* Match IP source prefixes in named list */ ), "destination-prefix-list" ( /* Match IP destination prefixes in named list */ firewall_prefix_list /* Match IP destination prefixes in named list */ ), c( "next-header" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "next-header-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "traffic-class" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "traffic-class-except" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ) ), "tcp-flags" arg /* Match TCP flags (in symbolic or hex formats) */, "tcp-initial" /* Match initial packet of a TCP connection */, "tcp-established" /* Match packet of an established TCP connection */ ) ) ) ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "policer" arg /* Name of policer to use to rate-limit traffic */, "three-color-policer" ( /* Police the packet using a three-color-policer */ c( c( "single-rate" arg /* Name of single-rate three-color policer to use to rate-limit traffic */, "single-packet-rate" arg /* Name of single-packet-rate three-color policer to use to rate-limit traffic */, "two-rate" arg /* Name of two-rate three-color policer to use to rate-limit traffic */, "two-packet-rate" arg /* Name of two-packet-rate three-color policer to use to rate-limit traffic */ ) ) ), "hierarchical-policer" arg /* Name of hierarchical policer to use to rate-limit traffic */ ), c( "clear-policy-map" /* Clear the policy marking */, "policy-map" arg /* Policy map action */ ), "count" arg /* Count the packet in the named counter */, "service-accounting" /* Count the packets for service accounting */, "service-accounting-deferred" /* Count the packets for deferred service accounting */, "service-filter-hit" /* Signal subsequent filters in the chain that packet was processed */, "force-premium" /* Process packets as premium traffic by subsequent hierarchical policers */, "loss-priority" ( /* Classify packet to loss-priority */ ("low" | "high" | "medium-low" | "medium-high") ), "port-mirror-instance" arg /* Port-mirror the packet to specified instance */, "port-mirror" /* Port-mirror the packet */, "inline-monitoring-instance" arg /* Inline monitoring to specified instance */, "forwarding-class" arg /* Classify packet to forwarding class */, c( "encapsulate" ( /* Send to a tunnel */ sc( arg /* Name of the tunnel end point */ ) ).as(:oneline), "accept" /* Accept the packet */, "discard" /* Discard the packet */, "next" ( /* Continue to next term in a filter */ ("term") ) ) ) ), "template" ( /* Refer a template */ c( arg /* Template name */ ) ) ) ) ) ) end rule(:any_template) do arg.as(:arg) ( c( "attributes" ( /* Template attributes */ c( "forwarding-class" /* Match forwarding class */, "forwarding-class-except" /* Do not match forwarding class */, "interface" /* Match interface name */, "interface-set" /* Match interface in set */, "loss-priority" /* Match Loss Priority */, "loss-priority-except" /* Do not match Loss Priority */, "packet-length" /* Match packet length */, "packet-length-except" /* Do not match packet length */ ) ) ) ) end rule(:application_set_object) do arg.as(:arg) ( c( "description" arg /* Text description of application set */, "application" arg /* Application to be included in the set */, "application-set" arg /* Define an application-set */ ) ) end rule(:aps_type) do c( c( "working-circuit" arg /* Working circuit group name */, "protect-circuit" arg /* Protect circuit group name */ ), "annex-b" /* Annex-b mode */, "wait-to-restore-time" arg /* Circuit wait-to-restore time for annex-b */, "preserve-interface" /* Preserve interface state for fast failover */, "neighbor" ( /* Neighbor address */ ipv4addr /* Neighbor address */ ), "paired-group" arg /* Name of paired APS group */, "authentication-key" ( /* Authentication parameters */ sc( unreadable /* Authentication key */ ) ).as(:oneline), "switching-mode" ( /* APS switching mode */ ("bidirectional" | "unidirectional") ), "advertise-interval" arg /* Advertise interval */, "hold-time" arg /* Hold time */, "revert-time" arg /* Circuit revert time */, "break-before-make" /* Ensure only one interface is active at a time */, "no-break-before-make" /* Don't ensure only one interface is active at a time */, c( "request" ( /* Request circuit state */ ("protect" | "working") ), "force" ( /* Force circuit state */ ("protect" | "working") ), "lockout" /* Lockout protection */ ), "fast-aps-switch" /* Fast aps switch */ ) end rule(:atm_policer_type) do arg.as(:arg) ( c( "logical-interface-policer" /* Policer is logical interface policer */, "atm-service" ( /* ATM service category */ ("cbr" | "rtvbr" | "nrtvbr" | "ubr") ), "peak-rate" arg /* ATM Peak Cell Rate (PCR) */, "sustained-rate" arg /* ATM Sustained Cell Rate (SCR) */, "max-burst-size" arg /* ATM Maximum Burst Size (MBS) */, "cdvt" arg /* Cell Delay Variation Tolerance */, "policing-action" ( /* Policing action */ ("count" | "discard" | "discard-tag") ) ) ) end rule(:auto_configure_vlan_type) do c( "stacked-vlan-ranges" ( /* Stacked Vlan Range configuration */ c( "dynamic-profile" arg ( /* Attach dynamic-profile to ranges */ c( "accept" ( enum(("inet" | "inet6" | "pppoe" | "dhcp-v4" | "dhcp-v6" | "any")) ), "ranges" arg /* Configure interface based on stacked-vlan range */, "access-profile" ( /* Auto-configure VLAN access profile for these ranges */ sc( arg ) ).as(:oneline) ) ), "override" ( /* SVLAN profile override specification */ c( "outer-tag" arg ( /* Specify pair of SVLAN tags for profile override */ c( "inner-tag" arg /* Stacked-vlan inner tag to be overridden */, "dynamic-profile" arg /* Dynamic profile to override with */ ) ) ) ), "authentication" ( /* Auto-configure stacked VLAN authentication */ auto_configure_authentication_type /* Auto-configure stacked VLAN authentication */ ), "access-profile" ( /* Auto-configure stacked VLAN access profile */ sc( arg ) ).as(:oneline) ) ), "vlan-ranges" ( /* Vlan Range configuration */ c( "dynamic-profile" arg ( /* Attach dynamic-profile to ranges */ c( c( "accept" ( enum(("inet" | "inet6" | "pppoe" | "dhcp-v4" | "dhcp-v6" | "any")) ), "accept-out-of-band" ( enum(("ancp")) ) ), "ranges" arg /* Configure interface based on vlan range */, "access-profile" ( /* Auto-configure VLAN access profile for these ranges */ sc( arg ) ).as(:oneline) ) ), "override" ( /* VLAN profile override specification */ c( "tag" arg ( /* Specify VLAN tag for profile override */ c( "dynamic-profile" arg /* Dynamic profile to override with */ ) ) ) ), "authentication" ( /* Auto-configure VLAN authentication */ auto_configure_authentication_type /* Auto-configure VLAN authentication */ ), "access-profile" ( /* Auto-configure VLAN access profile */ sc( arg ) ).as(:oneline) ) ), "agent-circuit-identifier" ( /* ACI configuration */ c( "dynamic-profile" arg /* Dynamic profile name */ ) ), "line-identity" ( /* Line-identity configuration */ c( "includes" ( /* Agent options configuration */ c( "circuit-id" /* Agent Circit id */, "remote-id" /* Agent Remote id */, "accept-no-ids" /* Accept packet with no agent options */ ) ), "dynamic-profile" arg /* Dynamic profile name */ ) ), "remove-when-no-subscribers" /* Requests auto-deletion of interface when not in use by subscribers */ ) end rule(:auto_configure_authentication_type) do c( "packet-types" ( enum(("inet" | "inet6" | "pppoe" | "dhcp-v4" | "dhcp-v6" | "any")) ), "password" arg /* Username password */, "username-include" ( /* Username options */ c( "delimiter" arg /* Delimiter/separator character */, "domain-name" arg /* Domain name */, "user-prefix" arg /* User defined prefix */, "mac-address" /* Include MAC address */, "option-82" ( /* Include option 82 */ sc( "circuit-id" /* Include option 82 circuit-id (sub option 1) */, "remote-id" /* Include option 82 remote-id (sub option 2) */ ) ).as(:oneline), "option-18" /* Include option 18 for dhcp-v6 */, "option-37" /* Include option 37 for dhcp-v6 */, "circuit-type" /* Include circuit type */, "radius-realm" arg /* Include Radius realm name */, "interface-name" /* Include interface name */, "vlan-tags" /* Include vlan tag(s) */ ) ) ) end rule(:bbefwa_trace_options_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "cli" | "general" | "statistics" | "tunnel" | "gateway" | "authentication" | "infra" | "all")) /* Fixed wireless access operations to include in debugging trace */.as(:oneline) ) end rule(:bgp_logical_system) do arg.as(:arg) ( c( "routing-instances" ( /* Routing instances */ bgp_routing_instances /* Routing instances */ ) ) ) end rule(:bgp_routing_instances) do arg.as(:arg) end rule(:bridge_filter) do arg.as(:arg) ( c( "accounting-profile" arg /* Accounting profile name */, "interface-specific" /* Defined counters are interface specific */, "physical-interface-filter" /* Filter is physical interface filter */, "instance-shared" /* Filter is routing-instance shared */, "term" arg ( /* Define a firewall term */ c( "filter" arg /* Filter to include */, "from" ( /* Define match criteria */ c( c( "interface-group" arg, "interface-group-except" arg ), c( "ether-type" ( ("ipv4" | "ipv6" | "arp" | "appletalk" | "sna" | "aarp" | "ppp" | "mpls-unicast" | "mpls-multicast" | "pppoe-discovery" | "pppoe-session" | "oam" | "fcoe" | "fip" | "vlan" | arg) ), "ether-type-except" ( ("ipv4" | "ipv6" | "arp" | "appletalk" | "sna" | "aarp" | "ppp" | "mpls-unicast" | "mpls-multicast" | "pppoe-discovery" | "pppoe-session" | "oam" | "fcoe" | "fip" | "vlan" | arg) ) ), c( "vlan-ether-type" ( ("ipv4" | "ipv6" | "arp" | "appletalk" | "sna" | "aarp" | "ppp" | "mpls-unicast" | "mpls-multicast" | "pppoe-discovery" | "pppoe-session" | "oam" | "fcoe" | "fip" | "vlan" | arg) ), "vlan-ether-type-except" ( ("ipv4" | "ipv6" | "arp" | "appletalk" | "sna" | "aarp" | "ppp" | "mpls-unicast" | "mpls-multicast" | "pppoe-discovery" | "pppoe-session" | "oam" | "fcoe" | "fip" | "vlan" | arg) ) ), "destination-mac-address" ( /* Destination MAC address */ firewall_mac_addr_object /* Destination MAC address */ ), "source-mac-address" ( /* Source MAC address */ firewall_mac_addr_object /* Source MAC address */ ), c( "forwarding-class" arg, "forwarding-class-except" arg ), c( "loss-priority" ( ("low" | "high" | "medium-low" | "medium-high") ), "loss-priority-except" ( ("low" | "high" | "medium-low" | "medium-high") ) ), c( "learn-vlan-id" arg, "learn-vlan-id-except" arg ), c( "learn-vlan-1p-priority" arg, "learn-vlan-1p-priority-except" arg ), c( "user-vlan-id" arg, "user-vlan-id-except" arg ), c( "user-vlan-1p-priority" arg, "user-vlan-1p-priority-except" arg ), c( "learn-vlan-dei" arg, "learn-vlan-dei-except" arg ), c( "traffic-type" ( ("broadcast" | "multicast" | "unknown-unicast" | "known-unicast") ), "traffic-type-except" ( ("broadcast" | "multicast" | "unknown-unicast" | "known-unicast") ) ), "ip-source-address" ( /* Match IP source address */ firewall_addr_object /* Match IP source address */ ), "ip-destination-address" ( /* Match IP destination address */ firewall_addr_object /* Match IP destination address */ ), "ip-address" ( /* Match IP source or destination address */ firewall_addr_object /* Match IP source or destination address */ ), c( "ip-protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "ip-protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "dscp" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "dscp-except" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ) ), c( "ip-precedence" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ), "ip-precedence-except" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), "tcp-flags" arg /* Match TCP flags */, c( "icmp-code" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ), "icmp-code-except" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ) ), c( "icmp-type" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ), "icmp-type-except" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ) ), "interface" ( /* Match interface name */ match_interface_object /* Match interface name */ ), "interface-set" ( /* Match interface in set */ match_interface_set_object /* Match interface in set */ ), "source-prefix-list" ( /* Match IP source prefixes in named list */ firewall_prefix_list /* Match IP source prefixes in named list */ ), "destination-prefix-list" ( /* Match IP destination prefixes in named list */ firewall_prefix_list /* Match IP destination prefixes in named list */ ), "prefix-list" ( /* Match IP source or destination prefixes in named list */ firewall_prefix_list /* Match IP source or destination prefixes in named list */ ), "ipv6-destination-address" ( /* Match IPv6 destination address */ firewall_addr6_object /* Match IPv6 destination address */ ), "ipv6-source-address" ( /* Match IPv6 source address */ firewall_addr6_object /* Match IPv6 source address */ ), "ipv6-address" ( /* Match IPv6 address */ firewall_addr6_object /* Match IPv6 address */ ), c( "ipv6-next-header" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "ipv6-next-header-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "ipv6-payload-protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "ipv6-payload-protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "ipv6-traffic-class" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "ipv6-traffic-class-except" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ) ), "ipv6-source-prefix-list" ( /* Match IPV6 source prefixes in named list */ firewall_prefix_list /* Match IPV6 source prefixes in named list */ ), "ipv6-destination-prefix-list" ( /* Match IPV6 destination prefixes in named list */ firewall_prefix_list /* Match IPV6 destination prefixes in named list */ ), "ipv6-prefix-list" ( /* Match IP source or destination prefixes in named list */ firewall_prefix_list /* Match IP source or destination prefixes in named list */ ), c( "flexible-match-mask" ( /* Match flexible mask */ match_l2_flexible_mask /* Match flexible mask */ ) ), c( "flexible-match-range" ( /* Match flexible range */ match_l2_flexible_range /* Match flexible range */ ) ), c( "policy-map" arg, "policy-map-except" arg ), c( "isid" arg, "isid-except" arg ), c( "isid-priority-code-point" arg, "isid-priority-code-point-except" arg ), c( "isid-dei" arg, "isid-dei-except" arg ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "policer" arg /* Name of policer to use to rate-limit traffic */, "three-color-policer" ( /* Police the packet using a three-color-policer */ c( c( "single-rate" arg /* Name of single-rate three-color policer to use to rate-limit traffic */, "single-packet-rate" arg /* Name of single-packet-rate three-color policer to use to rate-limit traffic */, "two-rate" arg /* Name of two-rate three-color policer to use to rate-limit traffic */, "two-packet-rate" arg /* Name of two-packet-rate three-color policer to use to rate-limit traffic */ ) ) ), "hierarchical-policer" arg /* Name of hierarchical policer to use to rate-limit traffic */ ), c( "clear-policy-map" /* Clear the policy marking */, "policy-map" arg /* Policy map action */ ), "count" arg /* Count the packet in the named counter */, "loss-priority" ( /* Packet's loss priority */ ("low" | "high" | "medium-low" | "medium-high") ), "forwarding-class" arg /* Classify packet to forwarding class */, "port-mirror-instance" arg /* Port-mirror the packet to specified instance */, "port-mirror" /* Port-mirror the packet */, "inline-monitoring-instance" arg /* Inline monitoring to specified instance */, c( "accept" /* Accept the packet */, "discard" /* Discard the packet */, "next" ( /* Continue to next term in a filter */ ("term") ) ), "next-hop-group" arg /* Use specified next-hop group */, "sample" /* Sample the packet */, "log" /* Log the packet */, "syslog" /* System log (syslog) information about the packet */, "forwarding-policy" ( /* Specify forwarding policy for extended port */ c( "uplink-select" arg /* Specify port group for uplink selection */ ) ) ) ) ) ) ) ) end rule(:ccc_filter) do arg.as(:arg) ( c( "accounting-profile" arg /* Accounting profile name */, "interface-specific" /* Any counters defined will be interface specific */, "physical-interface-filter" /* Filter is physical interface filter */, "term" arg ( /* Define a firewall term */ c( "filter" arg /* Filter to include */, "from" ( /* Define match criteria */ c( c( "interface-group" arg, "interface-group-except" arg ), "interface" ( /* Match interface name */ match_interface_object /* Match interface name */ ), c( "packet-length" arg, "packet-length-except" arg ), c( "forwarding-class" arg, "forwarding-class-except" arg ), c( "loss-priority" ( ("low" | "high" | "medium-low" | "medium-high") ), "loss-priority-except" ( ("low" | "high" | "medium-low" | "medium-high") ) ), c( "learn-vlan-1p-priority" arg, "learn-vlan-1p-priority-except" arg ), c( "user-vlan-1p-priority" arg, "user-vlan-1p-priority-except" arg ), "destination-mac-address" ( /* Destination MAC address */ firewall_mac_addr_object /* Destination MAC address */ ), "is-host-packet" /* Match if packet is host generated */, "source-mac-address" ( /* Source MAC address */ firewall_mac_addr_object /* Source MAC address */ ), "ip-source-address" ( /* Match IP source address */ firewall_addr_object /* Match IP source address */ ), "ip-destination-address" ( /* Match IP destination address */ firewall_addr_object /* Match IP destination address */ ), c( "dscp" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "dscp-except" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ) ), c( "ip-precedence" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ), "ip-precedence-except" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ) ), c( "ip-protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "ip-protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "icmp-type" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ), "icmp-type-except" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ) ), c( "icmp-code" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ), "icmp-code-except" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "policy-map" arg, "policy-map-except" arg ), c( "flexible-match-mask" ( /* Match flexible mask */ match_l2_flexible_mask /* Match flexible mask */ ) ), c( "flexible-match-range" ( /* Match flexible range */ match_l2_flexible_range /* Match flexible range */ ) ), c( "user-vlan-id" arg, "user-vlan-id-except" arg ), c( "ether-type" ( ("ipv4" | "ipv6" | "arp" | "appletalk" | "sna" | "aarp" | "ppp" | "mpls-unicast" | "mpls-multicast" | "pppoe-discovery" | "pppoe-session" | "oam" | "fcoe" | "fip" | "vlan" | arg) ), "ether-type-except" ( ("ipv4" | "ipv6" | "arp" | "appletalk" | "sna" | "aarp" | "ppp" | "mpls-unicast" | "mpls-multicast" | "pppoe-discovery" | "pppoe-session" | "oam" | "fcoe" | "fip" | "vlan" | arg) ) ), c( "learn-vlan-id" arg, "learn-vlan-id-except" arg ), "ip-version" ( /* Define IP version */ c( "ipv4" ( /* Define L3/L4 match items to match IPv4 packets */ c( c( "ip-protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "ip-protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "icmp-type" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ), "icmp-type-except" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ) ), c( "icmp-code" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ), "icmp-code-except" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "ip-precedence" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ) ), c( "dscp" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "dscp-except" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ) ), c( "traffic-class" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "traffic-class-except" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ) ), "ip-source-address" ( /* Match IP source address */ firewall_addr_object /* Match IP source address */ ), "ip-destination-address" ( /* Match IP destination address */ firewall_addr_object /* Match IP destination address */ ), "source-prefix-list" ( /* Match IP source prefixes in named list */ firewall_prefix_list /* Match IP source prefixes in named list */ ), "destination-prefix-list" ( /* Match IP destination prefixes in named list */ firewall_prefix_list /* Match IP destination prefixes in named list */ ), "tcp-flags" arg /* Match TCP flags (in symbolic or hex formats) - (Ingress only) */, "tcp-initial" /* Match initial packet of a TCP connection - (Ingress only) */, "tcp-established" /* Match packet of an established TCP connection */, "is-fragment" /* Match if packet is a fragment */ ) ), "ipv6" ( /* Define L3/L4 match items to match IPv6 packets */ c( "ip6-source-address" ( /* Match source address */ firewall_addr6_object /* Match source address */ ), "ip6-destination-address" ( /* Match destination address */ firewall_addr6_object /* Match destination address */ ), c( "icmp-type" ( ("destination-unreachable" | "packet-too-big" | "time-exceeded" | "parameter-problem" | "echo-request" | "echo-reply" | "membership-query" | "membership-report" | "membership-termination" | "router-solicit" | "router-advertisement" | "redirect" | "neighbor-solicit" | "neighbor-advertisement" | "router-renumbering" | "node-information-request" | "node-information-reply" | "inverse-neighbor-discovery-solicitation" | "inverse-neighbor-discovery-advertisement" | "home-agent-address-discovery-request" | "home-agent-address-discovery-reply" | "mobile-prefix-solicitation" | "mobile-prefix-advertisement-reply" | "certificate-path-solicitation" | "certificate-path-advertisement" | "private-experimentation-100" | "private-experimentation-101" | "private-experimentation-200" | "private-experimentation-201" | arg) ), "icmp-type-except" ( ("destination-unreachable" | "packet-too-big" | "time-exceeded" | "parameter-problem" | "echo-request" | "echo-reply" | "membership-query" | "membership-report" | "membership-termination" | "router-solicit" | "router-advertisement" | "redirect" | "neighbor-solicit" | "neighbor-advertisement" | "router-renumbering" | "node-information-request" | "node-information-reply" | "inverse-neighbor-discovery-solicitation" | "inverse-neighbor-discovery-advertisement" | "home-agent-address-discovery-request" | "home-agent-address-discovery-reply" | "mobile-prefix-solicitation" | "mobile-prefix-advertisement-reply" | "certificate-path-solicitation" | "certificate-path-advertisement" | "private-experimentation-100" | "private-experimentation-101" | "private-experimentation-200" | "private-experimentation-201" | arg) ) ), c( "icmp-code" ( ("no-route-to-destination" | "administratively-prohibited" | "address-unreachable" | "port-unreachable" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip6-header-bad" | "unrecognized-next-header" | "unrecognized-option" | arg) ), "icmp-code-except" ( ("no-route-to-destination" | "administratively-prohibited" | "address-unreachable" | "port-unreachable" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip6-header-bad" | "unrecognized-next-header" | "unrecognized-option" | arg) ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), "source-prefix-list" ( /* Match IP source prefixes in named list */ firewall_prefix_list /* Match IP source prefixes in named list */ ), "destination-prefix-list" ( /* Match IP destination prefixes in named list */ firewall_prefix_list /* Match IP destination prefixes in named list */ ), c( "next-header" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "next-header-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "traffic-class" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "traffic-class-except" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ) ), "tcp-flags" arg /* Match TCP flags (in symbolic or hex formats) */, "tcp-initial" /* Match initial packet of a TCP connection */, "tcp-established" /* Match packet of an established TCP connection */ ) ) ) ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "policer" arg /* Name of policer to use to rate-limit traffic */, "three-color-policer" ( /* Police the packet using a three-color-policer */ c( c( "single-rate" arg /* Name of single-rate three-color policer to use to rate-limit traffic */, "single-packet-rate" arg /* Name of single-packet-rate three-color policer to use to rate-limit traffic */, "two-rate" arg /* Name of two-rate three-color policer to use to rate-limit traffic */, "two-packet-rate" arg /* Name of two-packet-rate three-color policer to use to rate-limit traffic */ ) ) ), "hierarchical-policer" arg /* Name of hierarchical policer to use to rate-limit traffic */ ), c( "clear-policy-map" /* Clear the policy marking */, "policy-map" arg /* Policy map action */ ), "count" arg /* Count the packet in the named counter */, "loss-priority" ( /* Packet's loss priority */ ("low" | "high" | "medium-low" | "medium-high") ), "forwarding-class" arg /* Classify packet to forwarding class */, "port-mirror-instance" arg /* Port-mirror the packet to the specified instance */, "next-hop-group" arg /* Use specified next-hop group */, "port-mirror" /* Port-mirror the packet */, "inline-monitoring-instance" arg /* Inline monitoring to specified instance */, "packet-mode" /* Bypass flow mode for the packet */, "force-premium" /* Convert traffic-class to premium */, "log" /* Log the packet */, "syslog" /* System log (syslog) information about the packet */, c( "encapsulate" ( /* Send to a tunnel */ sc( arg /* Name of the tunnel end point */ ) ).as(:oneline), "accept" /* Accept the packet */, "discard" /* Discard the packet */, "next" ( /* Continue to next term in a filter */ ("term") ) ) ) ) ) ) ) ) end rule(:certificate_object) do arg.as(:arg) ( c( arg /* Certificate and private key string */ ) ) end rule(:charging_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "level" ( /* Level of debugging output */ ("critical" | "error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("init" | "config" | "general" | "triggers" | "cdr-encoding" | "transport" | "path-management" | "fsm" | "ipc" | "resource" | "group-fsm" | "client-fsm" | "timers" | "online" | "tpm" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:chassis_type) do c( "copy-tos-to-outer" ( /* Copy TOS from inner to outer header */ c( "service-type" ( /* Service type for which the TOS copy is needed */ c( "gre" /* Copy TOS for GRE Tunnel service */, "mt" /* Copy TOS for MT Tunnel service */ ) ) ) ), "nssu" ( /* Nonstop Software Upgrade settings */ c( "upgrade-group" arg ( /* Nonstop Software Upgrade group */ c( "fpcs" arg /* FPCs associated with update-group */, "node-devices" arg /* Node-devices associated with update-group */, "member" ( /* Member of virtual chassis configuration */ upgrade_group_fpcs /* Member of virtual chassis configuration */ ) ) ), "rcp-count" arg /* Parallel rcp count */, "lc-reboot-delay" arg /* Delay between linecard reboot during NSSU */ ) ), "no-power-budget" /* Disable Chassis Power Budget */, "psu" ( /* Power Supply Unit redundancy configuration */ c( "redundancy" ( /* PSU Redundancy settings */ c( "n-plus-n" /* PSU redundancy: N+N configuration */ ) ) ) ), "fpc-resync" /* Send and receive Nchip cells for newly onlined FPC */, "craft-lockout" /* Disable craft interface input */, "config-button" ( /* Config button behavior settings */ sc( "no-rescue" /* Don't reset to rescue configuration */, "no-clear" /* Don't reset to factory-default configuration */ ) ).as(:oneline), "routing-engine-power-off-button-disable" /* Disable RE power off button */, "source-route" /* Enable IP source-route processing */, "no-source-route" /* Don't enable IP source-route processing */, "packet-scheduling" /* Enable DX2.0 packet scheduling */, "no-packet-scheduling" /* Don't enable DX2.0 packet scheduling */, "route-memory-enhanced" /* Enhance memory allocation for routes */, "policer-drop-probability-low" /* Set policer probabilistic drop probability to Minimum */, "policer-limit" /* Limit the policer tick unit to 32 bytes */, "enhanced-policer" /* Enhanced Policer Counters */, "effective-shaping-rate" /* Report effective shaping rate */, "memory-enhanced" ( /* Enhance memory allocation */ c( "route" /* Enhance memory allocation for routes */, "filter" /* Enhance memory allocation for filter */, "vpn-label" /* Enhance memory allocation for L3 VPN label */ ) ), "vrf-mtu-check" /* Enable Internet Processor II-based MTU check */, "icmp" ( /* ICMP protocol */ c( "rate-limit" arg /* Icmp rate-limit for non ttl-expired pkts in range */, "per-iff-rate-limit" arg /* Configure icmp per iff rate limit value in the range 50-500 */ ) ), "routing-performance" /* Alter routing performance */, "icmp6" ( /* ICMP version 6 protocol */ c( "rate-limit" arg /* Icmp rate-limit for non ttl-expired pkts in range */, "per-iff-rate-limit" arg /* Configure icmp6 per iff rate limit value in the range 50-500 */ ) ), "maximum-ecmp" ( /* Maximum ECMP limit for nexthops */ ("16" | "32" | "64" | "96" | "128" | "160" | "192" | "224" | "256" | "288" | "320" | "352" | "384" | "416" | "448" | "480" | "512") ), "ecmp-alb" ( /* Enable adaptive load balancing for ECMP nexthops */ c( "tolerance" arg /* Adaptive tolerance in percentage (default 20%) */ ) ), "redundancy" ( /* Redundancy settings */ chassis_redundancy_type /* Redundancy settings */ ), "routing-engine" ( /* Routing Engine settings */ chassis_routing_engine_type /* Routing Engine settings */ ), "aggregated-devices" ( /* Aggregated devices configuration */ chassis_agg_dev_type /* Aggregated devices configuration */ ), "disk-partition" enum(("/var" | "/config")) ( /* Chassis disk monitor configuration */ c( "level" enum(("high" | "full")) ( /* Threshold level */ c( "free-space" ( /* Enter threshold value & choose the metric */ sc( arg, c( "percent" /* Free space threshold in % */, "mb" /* Free space threshold in MB */ ) ) ).as(:oneline) ) ) ) ), "container-devices" ( /* Container devices configuration */ chassisd_agg_container_type /* Container devices configuration */ ), "pseudowire-service" ( /* Pseudowire L3 termination device configuration */ chassis_pw_type /* Pseudowire L3 termination device configuration */ ), "provider-instance-devices" ( /* Provider instance devices configuration */ chassisd_provider_instance_type /* Provider instance devices configuration */ ), "power-off-ports-on-no-master-re" ( /* Power off line card ports at once in the absence of any master RE */ chassis_power_off_ports_on_no_master_re_type /* Power off line card ports at once in the absence of any master RE */ ), "redundancy-group" ( /* Redundancy group configuration */ chassisd_redundancy_group_type /* Redundancy group configuration */ ), "fabric" ( /* Switch fabric settings */ chassis_fabric_type /* Switch fabric settings */ ), "fpc" ( /* Flexible PIC Concentrator parameters */ chassis_fpc_type /* Flexible PIC Concentrator parameters */ ), "disable-fm" /* Disable Fabric Manager */, "disable-power-management" /* Disable Power Management in this chassis */, "monitor-pem-inputs" /* Enable low current usage monitoring */, "dedicated-ukern-cpu" /* Run Microkernel on a dedicated CPU core */, "realtime-ukern-thread" /* Run Microkernel on a realtime CPU thread */, "fpc-feb-connectivity" ( /* Connectivity between Flexible PIC Concentrators and Forwarding Engine Boards */ c( "fpc" arg ( c( "feb" ( /* FEB slot number */ sc( c( "none" /* FPC not connected to any FEB */, arg ) ) ).as(:oneline) ) ) ) ), "ioc-npc-connectivity" ( /* Connectivity between IOC and NPC */ c( "ioc" arg ( c( "npc" ( /* NPC-FPC slot number */ sc( c( "none" /* IOC not connected to any NPC */, arg ) ) ).as(:oneline) ) ) ) ), "pem" ( /* Power supply (PEM) parameters */ chassis_pem_type /* Power supply (PEM) parameters */ ), "sib" ( /* Switch Interface Board parameters */ chassis_sib_type /* Switch Interface Board parameters */ ), "sfm" ( /* Switching and Forwarding Module parameters */ chassis_sfm_type /* Switching and Forwarding Module parameters */ ), "feb" ( /* Forwarding Engine Board parameters */ chassis_feb_type /* Forwarding Engine Board parameters */ ), "afeb" ( /* Forwarding Engine Board parameters */ chassis_feb_type /* Forwarding Engine Board parameters */ ), "tfeb" ( /* Taz Forwarding Engine Board parameters */ chassis_feb_type /* Taz Forwarding Engine Board parameters */ ), "alarm" ( /* Global alarm settings */ chassis_alarm_type /* Global alarm settings */ ), "slow-pfe-alarm" /* Enable slow (potential) PFE alarm */, "onbox-av-load-flavor" ( /* Select onbox anti-virus traffic load flavor */ ("heavy") ), "fpc-ifl-ae-statistics" /* Enable fpc ifl ae child statistics */, "ppp-subscriber-services" ( /* Select PPP subscriber services */ ("disable" | "enable") ), "ambient-temperature" ( /* Chassis ambient-temperature value in degree celsius */ ("55C" | "40C" | "25C" | "32C") ), "resource-watch" ( /* Chassis routing engine resource watch configuration */ c( "resource-watch-enable" /* Enable resource watch */, "cpu-statistics" arg /* Set statistics collection, 0 disable */, "junos-statistics" arg /* Set statistics collection, 0 disable */, "orange-zone-enable" /* Enable orange zone */, "orange-zone-threshold" arg /* Set orange zone value (CPU idle %), default 20 */, "red-zone-enable" /* Enable red zone */, "red-zone-cpu-threshold" arg /* Set red zone value (CPU idle %), default 10 */, "red-zone-jkl-threshold" arg /* Set red zone value (Junos load %), default 50 */, "red-zone-snmp-enable" /* Enable red zone snmp */ ) ), "network-services" ( /* Chassis network services configuration */ ("ip" | "ethernet" | "enhanced-ip" | "enhanced-ethernet" | "enhanced-mode" | "lan") ), "limited-ifl-scaling" /* Configured to limit IFL scaling to 64k */, "alarm-port" ( /* Craft-interface parameters */ chassis_alarm_port_op_type /* Craft-interface parameters */ ), "usb" ( /* USB control flags */ c( "storage" ( /* USB storage flags */ c( "disable" /* Disable USB storage */ ) ) ) ), "serdes" ( /* Serdes test mode for link training */ c( "test-mode" arg /* Serdes test mode */ ) ), "lcc" arg ( /* Line-card chassis configuration */ c( "fpc" ( /* Flexible PIC Concentrator parameters */ chassis_fpc_type /* Flexible PIC Concentrator parameters */ ), "pem" ( /* Power supply (PEM) parameters */ chassis_pem_type /* Power supply (PEM) parameters */ ), "spmb" /* Switch Processor Mezzanine Board parameters */, c( "online-expected" /* LCC is expected to be online */, "offline" /* LCC is expected to be offline */ ) ) ), "lcc-mode" ( /* Line card chassis mode T4000/T1600/EMPTY configuration */ c( "lcc" arg ( c( "mode" ( /* Changing Mode of LCC will result in the restart of LCC */ ("t1600" | "t4000" | "empty") ) ) ) ) ), "member" arg ( /* Member chassis configuration */ c( "fabric" ( /* Switch fabric settings */ chassis_fabric_type /* Switch fabric settings */ ), "fpc" ( /* Flexible PIC Concentrator parameters */ chassis_fpc_type /* Flexible PIC Concentrator parameters */ ) ) ), "license" ( /* Set license */ c( "bandwidth" arg /* Configure bandwidth of FPC */, "scale" ( /* Add scale license */ ("base" | "advance" | "premium") ) ) ), "host-outbound" ( /* Host-out bound options */ c( "media-interface" /* Enable processing of media interface features for Host gernated packets */ ) ), "synchronization" ( /* Clock synchronization options */ c( "switchover-mode" ( /* Should system revert to higher priority valid source */ ("non-revertive" | "revertive") ), "switching-mode" ( /* Should system revert to higher priority valid source */ ("non-revertive" | "revertive") ), "network-option" ( /* EEC synchronization networking type */ ("option-1" | "option-2") ), "selection-mode" ( /* Selection mode for incoming ESMC quality */ ("configured-quality" | "received-quality") ), "clock-mode" ( /* Synchronous Ethernet Clock selection mode */ ("free-run" | "auto-select") ), "quality-mode-enable" /* Enable Synchronous Ethernet ESMC Quality mode */, "max-transmit-quality-level" ( /* Maximum transmit quality level */ ("ePRTC" | "PRTC" | "ePRC" | "eEEC" | "prc" | "ssu-a" | "ssu-b" | "sec" | "prs" | "stu" | "st2" | "tnc" | "st3e") ), "enable-extended-ql-tlv" /* Enable enhanced ESMC QL support */, "global-wait-to-restore" arg /* Global Port signal up state time before opening for ESMC */, "minimum-quality" ( /* Minimum quality threshold */ ("prc" | "ssu-a" | "ssu-b" | "sec" | "prs" | "st2" | "tnc" | "st3e" | "st3" | "st4" | "smc" | "stu") ), "loop-prevention" ( /* Clock loop prevention */ ("master-side") ), "port" ("auxiliary" | "gnss" | "time-of-day") ( /* Clock synchronization ports */ c( "client" ( /* Port client receiving external signals */ c( "time-of-day-format" ( /* Time-of-day format as received on this port */ c( c( "ascii" arg /* ASCII Time-of-day message format string */, "nmea-custom-format" /* Customized NMEA format used when interfacing with GRU GPS Receiver Unit */, "no-protocol" /* Used when interfacing with GRU GPS Receiver Unit to process PPS with no Time Of Day */ ) ) ), "cable-length-compensation" arg /* Antenna cable length compensation in nanoseconds */, "cable-delay-compensation" arg /* GPS Receiver Unit to Router delay compensation in nanoseconds */, "antenna-voltage" ( /* Configure antenna voltage */ ("3.3" | "5") ), "alarm-filter" arg /* Set alarm filter window */, "constellation" ( /* Configure constellation of satellites to use */ ("gps" | "glonass" | "gps-and-glonass" | "beidou" | "gps-beidou" | "gps-beidou-qzss" | "galileo" | "gps-galileo" | "gps-qzss" | "gps-glonass-qzss" | "gps-galileo-qzss") ), "anti-jamming" /* Enable anti-jamming feature */, "pps-loopback" /* Enable 1PPS loopback mode */, "dump-gpsstats" /* Enable dumping gnss data */ ) ), "server" ( /* The role of port is server which transmits signals out */ c( "time-of-day-format" ( /* RS-232 port time-of-day format */ c( c( "ascii" arg /* ASCII Time-of-day message format string */ ) ) ) ) ) ) ), "interfaces" ("external" | "external-0/0" | "external-0/1" | "external-1/0" | "external-1/1" | "external-a" | "external-b" | "external-0" | "external-1" | "external-2" | "bits" | "bits-a" | "bits-b" | "gps-0" | "gps-1") ( /* Interface(s) with upstream clock source */ c( "signal-type" ( /* Frequency for provided reference clocks */ ("1mhz" | "5mhz" | "10mhz" | "2048khz" | "e1" | "t1" | "cc-8k" | "cc-8k-400" | "6312k") ), "pulse-per-second-enable" /* Enable pulse-per-second (PPS) receive on the interface */, "e1-options" ( /* E1 interface-specific options */ c( "line-encoding" ( /* Line encoding */ ("ami" | "hdb3") ), "framing" ( /* Framing mode */ ("g704" | "g704-no-crc4") ), "sabit" arg /* The sabit used for exchanging SSM quality */ ) ), "t1-options" ( /* T1 interface-specific options */ c( "line-encoding" ( /* Line encoding */ ("ami" | "b8zs") ), "framing" ( /* Framing mode */ ("esf" | "sf") ) ) ) ) ), "output" ( /* External clock interface related */ c( "interfaces" ("external" | "external-0/0" | "external-0/1" | "external-1/0" | "external-1/1" | "external-a" | "external-b" | "bits" | "external-0" | "external-1" | "external-2") ( /* Interface(s) to output source to */ c( "ssm" ( /* SSM Message config */ c( "option-2" ( /* Select generation */ ("GEN-1" | "GEN-2") ) ) ), "squelch" ( /* Squelch a interface */ c( "method" ( /* Type of Squelch to be done */ ("ais" | "ql-dnu" | "rai" | "shut") ) ) ), "wander-filter-disable" /* Disables wander filtering */, "holdover-mode-disable" /* Disables holdover */, "source-mode" ( /* Source mode for selecting source to output */ ("chassis" | "line" | "equipment-clock" | "ptp-clock") ), "tx-dnu-to-line-source-enable" /* Sets Tx QL to DNU/DUS on line source interface */, "minimum-quality" ( /* Minimum quality threshold */ ("ePRTC" | "PRTC" | "ePRC" | "eEEC" | "prc" | "ssu-a" | "ssu-b" | "sec" | "prs" | "st2" | "tnc" | "st3e" | "st3" | "st4" | "smc" | "stu") ) ) ) ) ), "source" ( /* ESMC source(s) related */ c( "external-a" ( /* External Clock source A */ c( "priority" arg /* User priority for this clock */, "request" ( /* Clock selection request criterion */ ("lockout" | "force-switch") ), "quality-level" ( /* ESMC Clock EEC level */ ("ePRTC" | "PRTC" | "ePRC" | "eEEC" | "prc" | "ssu-a" | "ssu-b" | "sec" | "prs" | "st2" | "tnc" | "st3e" | "st3" | "st4" | "smc" | "stu") ) ) ), "external-b" ( /* External Clock source B */ c( "priority" arg /* User priority for this clock */, "request" ( /* Clock selection request criterion */ ("lockout" | "force-switch") ), "quality-level" ( /* ESMC Clock EEC level */ ("ePRTC" | "PRTC" | "ePRC" | "eEEC" | "prc" | "ssu-a" | "ssu-b" | "sec" | "prs" | "st2" | "tnc" | "st3e" | "st3" | "st4" | "smc" | "stu") ) ) ), "gps" ( /* Global Positioning System 10MHz input */ c( "priority" arg /* User priority for this clock */, "request" ( /* Clock selection request criterion */ ("lockout" | "force-switch") ), "no-ssm-support" /* No SSM support available for this interface */, "quality-level" ( /* ESMC Clock EEC level */ ("ePRTC" | "PRTC" | "ePRC" | "eEEC" | "prc" | "ssu-a" | "ssu-b" | "sec" | "prs" | "st2" | "tnc" | "st3e" | "st3" | "st4" | "smc" | "stu") ) ) ), "gps-0" ( /* Global Positioning System input A */ c( "priority" arg /* User priority for this clock */, "request" ( /* Clock selection request criterion */ ("lockout" | "force-switch") ), "wait-to-restore" arg /* Port signal up state time before opening for ESMC */, "quality-level" ( /* ESMC Clock EEC level */ ("ePRTC" | "PRTC" | "ePRC" | "eEEC" | "prc" | "ssu-a" | "ssu-b" | "sec" | "prs" | "st2" | "tnc" | "st3e" | "st3" | "st4" | "smc" | "stu") ) ) ), "gps-1" ( /* Global Positioning System input B */ c( "priority" arg /* User priority for this clock */, "request" ( /* Clock selection request criterion */ ("lockout" | "force-switch") ), "wait-to-restore" arg /* Port signal up state time before opening for ESMC */, "quality-level" ( /* ESMC Clock EEC level */ ("ePRTC" | "PRTC" | "ePRC" | "eEEC" | "prc" | "ssu-a" | "ssu-b" | "sec" | "prs" | "st2" | "tnc" | "st3e" | "st3" | "st4" | "smc" | "stu") ) ) ), "bits" ( /* External Building Integrated Timing Supply input */ c( "priority" arg /* User priority for this clock */, "request" ( /* Clock selection request criterion */ ("lockout" | "force-switch") ), "no-ssm-support" /* No SSM support available for this interface */, "quality-level" ( /* ESMC Clock EEC level */ ("ePRTC" | "PRTC" | "ePRC" | "eEEC" | "prc" | "ssu-a" | "ssu-b" | "sec" | "prs" | "st2" | "tnc" | "st3e" | "st3" | "st4" | "smc" | "stu") ) ) ), "bits-a" ( /* External Building Integrated Timing Supply input A */ c( "priority" arg /* User priority for this clock */, "request" ( /* Clock selection request criterion */ ("lockout" | "force-switch") ), "wait-to-restore" arg /* Port signal up state time before opening for ESMC */, "quality-level" ( /* ESMC Clock EEC level */ ("ePRTC" | "PRTC" | "ePRC" | "eEEC" | "prc" | "ssu-a" | "ssu-b" | "sec" | "prs" | "st2" | "tnc" | "st3e" | "st3" | "st4" | "smc" | "stu") ) ) ), "bits-b" ( /* External Building Integrated Timing Supply input B */ c( "priority" arg /* User priority for this clock */, "request" ( /* Clock selection request criterion */ ("lockout" | "force-switch") ), "wait-to-restore" arg /* Port signal up state time before opening for ESMC */, "quality-level" ( /* ESMC Clock EEC level */ ("ePRTC" | "PRTC" | "ePRC" | "eEEC" | "prc" | "ssu-a" | "ssu-b" | "sec" | "prs" | "st2" | "tnc" | "st3e" | "st3" | "st4" | "smc" | "stu") ) ) ), "virtual-port" ( /* Virtual port */ c( "priority" arg /* User priority for this clock */, "request" ( /* Clock selection request criterion */ ("lockout" | "force-switch") ), "wait-to-restore" arg /* Port signal up state time before opening for ESMC */, "quality-level" ( /* ESMC Clock EEC level */ ("ePRTC" | "PRTC" | "ePRC" | "eEEC" | "prc" | "ssu-a" | "ssu-b" | "sec" | "prs" | "st2" | "tnc" | "st3e" | "st3" | "st4" | "smc" | "stu") ) ) ), "interfaces" ("external" | "external-0/0" | "external-0/1" | "external-1/0" | "external-1/1" | "external-a" | "external-b" | "external-0" | "external-1" | "external-2" | arg) ( /* Interface(s) with upstream clock source */ c( "priority" arg /* User priority for this clock */, "request" ( /* Clock selection request criterion */ ("lockout" | "force-switch") ), "wait-to-restore" arg /* Port signal up state time before opening for ESMC */, "no-ssm-support" /* No SSM support available for this interface */, "hold-off-time" arg /* Port signal down state time before closing for ESMC */, "aggregated-ether" arg /* Aggregated sources group name */, "quality-level" ( /* ESMC Clock EEC level */ ("ePRTC" | "PRTC" | "ePRC" | "eEEC" | "prc" | "ssu-a" | "ssu-b" | "sec" | "prs" | "st2" | "tnc" | "st3e" | "st3" | "st4" | "smc" | "stu") ) ) ) ) ), "esmc-transmit" ( /* ESMC transmit parameters */ c( "interfaces" (arg | "all") ( /* Interface(s) on which to permit ESMC transmit messages */ c( "squelch" ( /* Squelch a interface */ c( "method" ( /* Type of Squelch to be done */ ("ais" | "ql-dnu" | "rai" | "shut") ), "quality-level" ( /* ESMC Quality level below which output is squelched */ ("ePRTC" | "PRTC" | "ePRC" | "eEEC" | "prc" | "ssu-a" | "ssu-b" | "sec" | "prs" | "st2" | "tnc" | "st3e" | "st3" | "st4" | "smc" | "stu") ) ) ) ) ) ) ), "hold-interval" ( /* Hold interval */ c( "switchover" arg /* Switchover wait time after clock recovery */, "configuration-change" arg /* Clock select wait time after change in config */, "restart" arg /* Clock select wait time after reboot */ ) ), "validation-interval" arg /* Time between frequency measurements */, "slave-free-run" /* Slave Clock running mode */, "y-cable-line-termination" /* A single signal is wired to both CBs via Y-cable */, "transmitter-enable" /* Control whether diagnostic timing signal is transmitted */, "signal-type" ( /* Frequency for provided reference clocks */ ("e1" | "t1" | "cc-8k" | "cc-8k-400" | "6312k") ), "primary" ( /* Best choice synchronization reference source list */ ("external-a" | "external-b" | "bits-a" | "bits-b" | "gps-0" | "gps-1" | "fpc-0" | "fpc-1" | "fpc-2" | "fpc-3" | "fpc-4" | "fpc-5" | "fpc-6" | "fpc-7" | "fpc-8" | "fpc-9" | "fpc-10" | "fpc-11" | "fpc-12" | "fpc-13" | "fpc-14" | "fpc-15") ), "secondary" ( /* Alternative choice synchronization reference source list */ ("external-a" | "external-b" | "bits-a" | "bits-b" | "gps-0" | "gps-1" | "fpc-0" | "fpc-1" | "fpc-2" | "fpc-3" | "fpc-4" | "fpc-5" | "fpc-6" | "fpc-7" | "fpc-8" | "fpc-9" | "fpc-10" | "fpc-11" | "fpc-12" | "fpc-13" | "fpc-14" | "fpc-15") ) ) ), "lcd" ( /* Chassis LCD */ c( "fpc" arg ( sc( c( "maintenance-menu" /* LCD maintenance menu */ ), ("disable") ) ).as(:oneline), c( "maintenance-menu" /* LCD maintenance menu */ ), ("disable") ) ), "forwarding-options" ( /* Configure options to control packet forwarding */ c( c( "l2-profile-one" ( /* MAC: 288K L3-host: 16K LPM: 16K EM:0, needs reboot for VC; restarts PFE if standalone */ c( "num-65-127-prefix" arg /* IPV6 prefixes > 64, in multiples of 1K e.g 3 = 3x1K entries(default 1) */ ) ), "l2-profile-two" ( /* MAC: 224K L3-host: 80K LPM: 16K EM:0, needs reboot for VC; restarts PFE if standalone */ c( "num-65-127-prefix" arg /* IPV6 prefixes > 64, in multiples of 1K e.g 3 = 3x1K entries(default 1) */ ) ), "l2-profile-three" ( /* (default) MAC: 160K L3-host: 144K LPM: 16K, needs reboot for VC;restarts PFE if standalone */ c( "num-65-127-prefix" arg /* IPV6 prefixes > 64, in multiples of 1K e.g 3 = 3x1K entries(default 1) */ ) ), "l3-profile" ( /* MAC: 96K L3-host: 208K LPM: 16K EM:0, needs reboot for VC; restarts PFE if standalone */ c( "num-65-127-prefix" arg /* IPV6 prefixes > 64, in multiples of 1K e.g 3 = 3x1K entries(default 1) */ ) ), "lpm-profile" ( /* MAC: 32K L3-host: 16K LPM: 128K EM:0, needs reboot for VC; restarts PFE if standalone */ c( "prefix-65-127-disable" /* Disable IPV6 prefixes with length > 64 */, "unicast-in-lpm" /* Install unicast host entries in LPM table */ ) ), "exact-match-profile" ( /* MAC: 8K L3-host: 8K LPM: 16K EM: 64K, needs reboot for VC; restarts PFE if standalone */ c( "num-65-127-prefix" arg /* IPV6 prefixes > 64, in multiples of 1K e.g 3 = 3x1K entries(default 1) */ ) ), "vxlan-gbp-profile" /* MAC: 48K L3-host: 48K LPM: 16K EM:32K, needs reboot for VC; restarts PFE if standalone */, "custom-profile" ( /* (Partition the shared banks, will automatically restart the PFE when configured) */ c( "l2-entries" ( /* Customize l2 entries needed */ c( "num-banks" arg /* Number of banks needed for entries of this type */ ) ), "l3-entries" ( /* Customize l3 entries needed */ c( "num-banks" arg /* Number of banks needed for entries of this type */ ) ), "exact-match-entries" ( /* Customize exact match entries needed */ c( "num-banks" arg /* Number of banks needed for entries of this type */ ) ), "lpm-entries" ( /* Customize lpm banks needed */ c( "num-banks" ( /* Number of banks needed for entries of this type */ ("0" | "2" | "4") ), "prefix-65-127-disable" /* Disable IPV6 prefixes with length > 64 */ ) ), "num-65-127-prefix" arg /* IPV6 prefixes > 64, in multiples of 1K e.g 3 = 3x1K entries(default 1) */ ) ) ) ) ), "loopback-firewall-optimization" /* Optimal TCAM use,restarts PFE(for IP rsrved multicast dest & IP ttl=0/1,config explicitly) */, "epacl-firewall-optimization" /* Maximizes Egress Port ACLs TCAM use and restarts PFE */, "lcd-menu" ( /* Chassis LCD menu */ c( "fpc" arg ( c( "menu-item" arg ( /* LCD menu item */ sc( "disable" /* Disable LCD menu */ ) ).as(:oneline) ) ), "menu-item" arg ( /* LCD menu item */ sc( "disable" /* Disable LCD menu */ ) ).as(:oneline) ) ), "fru-poweron-sequence" arg /* FRUs power on sequence like 0 1 2 3 ... within double quotes */, "fru-local-storage-disable" /* Disable and erase local storage on FPC.(FPC reboot required) */, "psm" ( /* Power supply module */ c( "max-power" arg /* Configure power capacity for the PSM (W) */ ) ), "auto-image-upgrade" /* Auto image upgrade using DHCP */, "route-localization" ( /* Route-Localization settings */ c( "inet" /* Route-Localization inet */, "inet6" /* Route-Localization inet6 */ ) ), "state" ( /* Set SFB upgrade state. */ c( "cb-upgrade" ( /* Set CB upgrade state on/off. */ ("off" | "on") ), "sfb-upgrade" ( /* Set SFB upgrade state on/off. */ ("off" | "on") ) ) ), "multicast-loadbalance" ( /* Multicast load balancing settings */ chassis_ae_lb_type /* Multicast load balancing settings */ ), "extended-statistics" /* Enable extended system statistics */, "error" ( /* Error level configuration for all FPC */ chassis_fpc_error_type /* Error level configuration for all FPC */ ), "oss-map" ( /* Translate Operation Supported System's requirements */ c( "model-name" ( /* Override chassis model name for specific show/snmp output */ ("t640" | "t1600") ) ) ), "satellite" arg /* List of available satellite configurations */, "preserve-fpc-poweron-sequence" /* Preserve MPC poweron sequence for consistency across reboot */, "auto-satellite-conversion" /* Enable remote conversion to satellite device-mode */, "satellite-management" ( /* Satellite management configuration */ c( "designated-event-forwarding" /* Designated event forwarding */, "traceoptions" ( /* Global satelite discovery and provisioning trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("parse" | "config-internal" | "normal" | "general" | "state" | "task" | "timer" | "krt" | "lldp" | "provision" | "extended-port" | "multi-chassis" | "upgrade-group" | "device" | "tcp" | "interface" | "cluster" | "all")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "cluster-policy" arg /* Cluster policy */, "cluster" arg ( /* Configure a satellite device cluster */ c( "cluster-id" arg /* Satellite cluster identifier */, "cascade-ports" ( /* Cascade ports */ interface_device /* Cascade ports */ ), "cluster-policy" arg /* Candidate uplink policy */, "fpc" arg ( c( "alias" arg /* Satellite alias */, "description" arg /* Satellite description */, "member-id" arg /* Satellite member id */, "system-id" ( /* Satellite system id */ mac_addr /* Satellite system id */ ), "cluster-policy" arg /* Candidate uplink policy */ ) ) ) ), "fpc" arg ( /* FPC identifier for a satellite device */ c( "serial-number" arg /* Satellite serial number */, "system-id" ( /* Satellite system id */ mac_addr /* Satellite system id */ ), "target-mode" /* Enable target mode forwarding for extended-ports */, "alias" arg /* Satellite alias */, "description" arg /* Satellite description */, "management-address" ( /* Satellite Management Interface IP */ c( "address" ( /* Satellite Management Interface IP address */ ipv4prefix /* Satellite Management Interface IP address */ ), "gateway" ( /* Satellite Management Interface Gateway IP address */ ipv4addr /* Satellite Management Interface Gateway IP address */ ) ) ), "cascade-ports" ( /* Cascade ports */ interface_device /* Cascade ports */ ), "extended-ports-template" arg /* Extended ports template */, c( "uplink-failure-detection" ( /* Enable uplink-failure-detection */ c( "candidate-uplink-policy" arg /* Candidate uplink policy */ ) ) ), "environment-monitoring-policy" arg /* Environment monitoring policy */, c( "forwarding-policy" ( /* Enable a forwarding policy */ c( arg /* Define forwarding policy alias */ ) ) ) ) ), "extended-ports-policy" arg /* Extended ports policy */, c( "uplink-failure-detection" ( /* Enable uplink-failure-detection */ c( "candidate-uplink-policy" arg /* Candidate uplink policy */ ) ) ), "psu" ( /* Power Supply Unit redundancy configuration */ c( "redundancy" ( /* PSU Redundancy settings */ c( "n-plus-n" /* PSU redundancy: N+N configuration */ ) ) ) ), "environment-monitoring-policy" ( /* Environment monitoring policy */ c( "policy-name" arg /* Default environment monitoring policy */ ) ), c( "forwarding-policy" ( /* Enable a forwarding policy */ c( arg /* Define forwarding policy alias */ ) ) ), "redundancy-groups" ( /* Redundancy groups configuration */ c( "chassis-id" arg /* Chassis identifier */, redundancy_group_type /* Redundancy groups */ ) ), "upgrade-groups" ( /* Upgrade group configuration */ c( upgrade_group_type /* Upgrade group */ ) ), "auto-satellite-conversion" ( /* Enable automatic satellite conversion */ c( "satellite" arg /* Satellite slot-id or range or all */ ) ), "single-home" ( /* Devices are connected to local aggregation device only */ c( "satellite" arg /* Satellite slot-id or range or all */ ) ), "aging-timer" arg /* Aging-timer */, "block-console-access" /* Block console access */, "firewall" ( /* Define a firewall configuration */ c( "family" ( /* Protocol family */ c( "bridge" ( /* Protocol family BRIDGE for firewall filter */ c( "filter" ( satellite_bridge_filter ) ) ), "ethernet-switching" ( /* Protocol family Ethernet Switching for firewall filter */ c( "filter" ( /* Define an Ethernet Switching firewall filter */ satellite_bridge_filter /* Define an Ethernet Switching firewall filter */ ) ) ) ) ) ) ) ) ), "periodic" ( /* Chassisd periodic options */ c( "yield-cpu" /* Yield cpu in FRU periodic */, "one-sib-per-check" /* Check one SIB per periodic */, "no-sib-asic-stats" /* Disable asic statis for all SIBs in periodic */, "slow-fpc-check" /* Slow FPC check in periodic */, "ch-power-check-interval" arg /* Chassis power check interval, 0=default */, "re-check-interval" arg /* Chassis RE check interval, 0=default */ ) ), "turbotx-disable" /* Disable turbotx processing */, "thermal-health-check" ( /* Enable Thermal Health check of the chassis */ c( "fet-failure-check" ( c( "action-onfail" ( /* Set the action when Oring FET detected */ ("none" | "auto-shutdown") ) ) ) ) ), "fpc-down-on-repeated-conn-drops" ( /* Bring FPC down if connection drops repeatedly */ c( "max-drop-count" arg /* Number of connection drops to shutdown FPC */, "time-interval" arg /* Interval in minutes over which connection drops are counted */ ) ), "mode" ( /* Bringup FRU in Standalone mode */ c( "standalone" ( /* Bringup FRU in standalone mode1 */ c( "fpc" arg ( c( "loopback" ( /* Loopback Configuration for Mode & Type */ c( "wan" ( ("serdes" | "retimer") ), "fabric" ( ("serdes" | "retimer") ) ) ) ) ), "fabric-card" ( /* Fabric Card Loopback setting */ chassis_fabric_card_type /* Fabric Card Loopback setting */ ) ) ) ) ), "system-domains" ( /* Root and protected system domain configuration */ c( "root-domain-id" arg /* Root domain identifier */, "protected-system-domains" ( /* Protected system domain configuration */ juniper_protected_system_domain /* Protected system domain configuration */ ), "traceoptions" ( /* Protected system domain traceoptions */ juniper_protected_system_domain_traceoptions /* Protected system domain traceoptions */ ) ) ), "network-slices" ( /* Network slices configuration */ c( "guest-network-functions" ( /* Guest network function configuration */ c( "gnf" ( /* Guest network function */ juniper_gnf /* Guest network function */ ) ) ), "vlan-isolation" /* Enable VLAN isolation for Control Plane */ ) ) ) end rule(:chassis_pw_type) do c( "device-count" arg /* Number of pseudo-wire ps devices */ ) end rule(:chassis_ae_lb_type) do c( "disable" /* Disable Multicast load balancing */, "hash-mode" ( /* PFE hash mode */ ("crc-sgip" | "crc-gip" | "crc-sip" | "simple-sgip" | "simple-gip" | "simple-sip" | "balanced") ) ) end rule(:chassis_agg_dev_type) do c( "ae-20" /* Run AE over Container nexthops Infrastructure */, "ethernet" ( /* Aggregated device options for Ethernet */ chassisd_agg_enet_type /* Aggregated device options for Ethernet */ ), "sonet" ( /* Aggregated device options for SONET */ chassisd_agg_pos_type /* Aggregated device options for SONET */ ), "maximum-links" arg /* Maximum links limit for aggregated devices (16, 32, or 64) */ ) end rule(:chassis_alarm_port_op_type) do c( "input" ( /* Input alarm port */ c( "port" arg ( /* Input Port */ c( "active" ( /* Active signal of alarm IO input port */ ("low" | "high") ), "admin-state" ( /* Administrative state of alarm IO input port */ ("disabled" | "enabled") ), "description" ( /* Alarm description of alarm IO input port */ c( arg /* Description to be used for alarm IO output port */ ) ), "severity" ( /* Set alarm severity of alarm IO input port */ ("critical" | "major" | "minor" | "warning") ) ) ) ) ), "output" ( /* Output alarm port */ c( "port" arg ( /* Output port */ c( "admin-state" ( /* Administrative state of alarm IO output port */ ("disabled" | "enabled") ), "description" ( /* Alarm description of alarm IO output port */ c( arg /* Description to be used for alarm IO output port */ ) ) ) ) ) ) ) end rule(:chassis_alarm_type) do c( "management-ethernet" ( /* Management Ethernet alarms */ chassis_alarm_ethernet_type /* Management Ethernet alarms */ ), "otn-odu" ( /* OTN ODU alarms */ chassis_alarm_otn_odu_type /* OTN ODU alarms */ ), "otn-otu" ( /* OTN OTU alarms */ chassis_alarm_otn_otu_type /* OTN OTU alarms */ ), "sonet" ( /* SONET alarms */ chassis_alarm_sonet_type /* SONET alarms */ ), "t3" ( /* DS3 alarms */ chassis_alarm_ds3_type /* DS3 alarms */ ), "ds1" ( /* DS1 alarms */ chassis_alarm_ds1_type /* DS1 alarms */ ), "ethernet" ( /* Ethernet alarms */ chassis_alarm_ethernet_type /* Ethernet alarms */ ), "l2-chan-err-ethernet" ( /* L2 channel error ethernet alarms */ chassis_alarm_l2_chan_err_type /* L2 channel error ethernet alarms */ ), "integrated-services" ( /* Integrated services alarms */ chassis_alarm_integrated_services_type /* Integrated services alarms */ ), "services" ( /* Services PIC alarms */ chassis_alarm_services_type /* Services PIC alarms */ ), "serial" ( /* Serial alarms */ chassis_alarm_serial_type /* Serial alarms */ ), "fibre-channel" ( /* Fibre Channel alarms */ chassis_alarm_fibre_channel_type /* Fibre Channel alarms */ ), "pem-absence" ( /* Power supply module absence */ ("ignore") ), "relay" ( /* Alarm relays */ chassis_alarm_relay_type /* Alarm relays */ ) ) end rule(:chassis_alarm_ds1_type) do c( "ais" ( /* Alarm indicator signal */ ("red" | "yellow" | "ignore") ), "ylw" ( /* Yellow alarm */ ("red" | "yellow" | "ignore") ) ) end rule(:chassis_alarm_ds3_type) do c( "ais" ( /* Alarm indicator signal */ ("red" | "yellow" | "ignore") ), "exz" ( /* Excessive zeros */ ("red" | "yellow" | "ignore") ), "ferf" ( /* Far-end failure */ ("red" | "yellow" | "ignore") ), "idle" ( /* Idle alarm */ ("red" | "yellow" | "ignore") ), "lcv" ( /* Line code violation */ ("red" | "yellow" | "ignore") ), "lof" ( /* Loss of frame */ ("red" | "yellow" | "ignore") ), "los" ( /* Loss of signal */ ("red" | "yellow" | "ignore") ), "pll" ( /* Phase-locked loop out of lock */ ("red" | "yellow" | "ignore") ), "ylw" ( /* Yellow alarm */ ("red" | "yellow" | "ignore") ) ) end rule(:chassis_alarm_ethernet_type) do c( "link-down" ( /* Link has gone down */ ("red" | "yellow" | "ignore") ) ) end rule(:chassis_alarm_fibre_channel_type) do c( "link-down" ( /* Link has gone down */ ("red" | "yellow" | "ignore") ) ) end rule(:chassis_alarm_integrated_services_type) do c( "failure" ( /* Integrated Services failure */ ("red" | "yellow" | "ignore") ) ) end rule(:chassis_alarm_l2_chan_err_type) do c( "l2-channel-errors" ( /* Received L2 channel error */ ("red" | "yellow" | "ignore") ), "l2-channel-error-threshold" arg /* L2 channel error threshold - 50,000 as default */ ) end rule(:chassis_alarm_otn_odu_type) do c( "odu-bdi" ( /* ODU backward-defect-indicator, ODU-BDI failure */ ("red" | "yellow" | "ignore") ), "odu-ttim" ( /* ODU trail-trace-identifier-mismatch, ODU-TTIM failure */ ("red" | "yellow" | "ignore") ), "odu-ptim" ( /* ODU payload-type-mismatch, ODU-PTIM failure */ ("red" | "yellow" | "ignore") ) ) end rule(:chassis_alarm_otn_otu_type) do c( "oc-los" ( /* Loss of signal, LOS failure */ ("red" | "yellow" | "ignore") ), "oc-lof" ( /* Loss of framing, LOF failure */ ("red" | "yellow" | "ignore") ), "oc-lom" ( /* Loss of multiframe, LOM failure */ ("red" | "yellow" | "ignore") ), "wavelength-lock" ( /* Wavelength lock alarm */ ("red" | "yellow" | "ignore") ), "otu-bdi" ( /* OTU backward-defect-indicator, OTU-BDI failure */ ("red" | "yellow" | "ignore") ), "otu-iae" ( /* OTU incoming-alignment-error, OTU-IAE failure */ ("red" | "yellow" | "ignore") ), "otu-ttim" ( /* OTU trail-trace-identifier-mismatch, OTU-TTIM failure */ ("red" | "yellow" | "ignore") ), "otu-fec-excessive-errs" ( /* OTU fec-excessive-errors, OTU-FEC_EXE failure */ ("red" | "yellow" | "ignore") ) ) end rule(:chassis_alarm_relay_type) do c( "input" ( /* Input relays */ c( "port" arg ( c( "mode" ( /* Relay mode in de-active state */ ("open" | "close") ), "trigger" ( /* Relay triggered */ ("red" | "yellow" | "ignore") ) ) ) ) ), "output" ( /* Output relays */ c( "port" arg ( c( "mode" ( /* Relay mode in de-active state */ ("open" | "close") ), "temperature" /* Trigger on temperature alarm red */, "input-relay" arg /* Trigger on input relay trigger */ ) ) ) ) ) end rule(:chassis_alarm_serial_type) do c( "loss-of-rx-clock" ( /* RX clock absent */ ("red" | "yellow" | "ignore") ), "loss-of-tx-clock" ( /* TX clock absent */ ("red" | "yellow" | "ignore") ), "dcd-absent" ( /* DCD signal absent */ ("red" | "yellow" | "ignore") ), "cts-absent" ( /* CTS signal absent */ ("red" | "yellow" | "ignore") ), "dsr-absent" ( /* DSR signal absent */ ("red" | "yellow" | "ignore") ), "tm-absent" ( /* TM signal absent */ ("red" | "yellow" | "ignore") ) ) end rule(:chassis_alarm_services_type) do c( "pic-reset" ( /* Services PIC reset */ ("red" | "yellow" | "ignore") ), "pic-hold-reset" ( /* Services PIC held in reset */ ("red" | "yellow" | "ignore") ), "linkdown" ( /* Services PIC linkdown */ ("red" | "yellow" | "ignore") ), "rx-errors" ( /* Services PIC excessive rx errors */ ("red" | "yellow" | "ignore") ), "tx-errors" ( /* Services PIC excessive tx errors */ ("red" | "yellow" | "ignore") ), "sw-down" ( /* Services PIC software problem */ ("red" | "yellow" | "ignore") ), "hw-down" ( /* Services PIC hardware problem */ ("red" | "yellow" | "ignore") ) ) end rule(:chassis_alarm_sonet_type) do c( "lol" ( /* Loss of light */ ("red" | "yellow" | "ignore") ), "pll" ( /* Phase locked loop out of lock */ ("red" | "yellow" | "ignore") ), "lof" ( /* Loss of framing, LOF failure */ ("red" | "yellow" | "ignore") ), "los" ( /* Loss of signal, LOS failure */ ("red" | "yellow" | "ignore") ), "ais-l" ( /* Line alarm indication signal, AIS-L failure */ ("red" | "yellow" | "ignore") ), "ais-p" ( /* Path alarm indication signal, AIS-P failure */ ("red" | "yellow" | "ignore") ), "lop-p" ( /* Loss of pointer, LOP-P failure */ ("red" | "yellow" | "ignore") ), "ber-sd" ( /* Signal Degrade (SD), bit error rate > 1E-6 */ ("red" | "yellow" | "ignore") ), "ber-sf" ( /* Signal Fail (SF), bit error rate > 1E-3 */ ("red" | "yellow" | "ignore") ), "rfi-l" ( /* Line remote failure indication, RFI-L, line FERF */ ("red" | "yellow" | "ignore") ), "rfi-p" ( /* Path remote failure indication, RFI-P, STS path yellow */ ("red" | "yellow" | "ignore") ), "uneq-p" ( /* STS Path (C2) unequipped, UNEQ-P failure */ ("red" | "yellow" | "ignore") ), "locd" ( /* Loss of cell delineation (ATM only) */ ("red" | "yellow" | "ignore") ), "plm-p" ( /* STS payload label (C2) mismatch, PLM-P failure */ ("red" | "yellow" | "ignore") ) ) end rule(:chassis_fabric_card_type) do arg.as(:arg) ( c( "loopback" ( /* Loopback Configuration for Mode & Type */ c( "serdes" /* Fabric Card serdes setting */, "retimer" /* Fabric card retimer setting */ ) ) ) ) end rule(:chassis_fabric_type) do c( "upgrade-mode" ( /* Enable online switch fabric upgrade */ ("default" | "t4000" | "3d-fabric") ), "link-autoheal" /* Link-autoheal fabric configuration */, "oam" ( /* Fabric OAM configuration */ c( "detection-disable" /* Disable fabric OAM */ ) ), "degraded" ( /* Degraded fabric configuration */ c( "action-fpc-restart-disable" /* Limit degraded fabric actions to Plane restart only */, "degraded-fpc-bad-plane-threshold" arg /* No of bad planes to declare a FPC degraded */, "degraded-fabric-detection-enable" /* Enable degraded FPC detection */, "fpc-restart" /* Restart fpc on zero planes */, "auto-recovery-disable" /* Disable fabric degraded auto recovery */, "fpc-offline-on-blackholing" /* Offline FPC on fabric blackholing */ ) ), "redundancy-mode" ( /* Fabric redundancy mode */ c( c( "redundant" /* Fabric is configured in redundant mode */, "increased-bandwidth" /* Fabric is configured in increased bandwidth mode */ ) ) ), "disable-grant-bypass" /* Disable fabric grant-bypass mode */ ) end rule(:chassis_feb_type) do c( "sanity-poll" ( /* FPC register sanity poll */ c( "retry-count" arg /* Number of retries before reporting error */, "on-error" ( /* Actions to be taken if inconsistencies are detected */ c( "raise-alarm" /* Raise emergency alarm */, "power" ( /* Power cycle or power off FPC */ ("cycle" | "off") ), "write-coredump" /* Write coredump and continue */ ) ) ) ), "slot" arg ( c( "sanity-poll" ( /* FPC register sanity poll */ c( "retry-count" arg /* Number of retries before reporting error */, "on-error" ( /* Actions to be taken if inconsistencies are detected */ c( "raise-alarm" /* Raise emergency alarm */, "power" ( /* Power cycle or power off FPC */ ("cycle" | "off") ), "write-coredump" /* Write coredump and continue */ ) ) ) ), "power" ( /* Power FEBs on or off */ ("off" | "on") ), "port-mirror-instance" arg /* Associate a port mirroring instance with the FEB */, "sampling-instance" arg /* Associate a sampling instance with the FEB */, "ucode-imem-remap" /* Remap the PIC microcode to IMEM on FEB */, "inline-services" ( c( "report-zero-oif-gw-on-discard" /* Jflow reports value zero in OIF and GW when traffic is not forwarded */, "flex-flow-sizing" /* No fixed size allocation of flow tables for proto families */, "use-extended-flow-memory" /* Use extended memory for flow records */, "flow-table-size" ( c( "ipv4-flow-table-size" arg /* IPv4 flow table size in units of 256k */, "ipv6-flow-table-size" arg /* IPv6 flow table size in units of 256k */, "vpls-flow-table-size" arg /* VPLS flow table size in units of 256k */, "bridge-flow-table-size" arg /* BRIDGE flow table size in units of 256k */, "ipv6-extended-attrib" /* Enable extended flow attribute */, "mpls-flow-table-size" arg /* MPLS flow table size in units of 256k */ ) ) ) ), "inline-video-monitoring" ( c( "maximum-flows-count" arg /* Maximum number of inline video monitoring flows per PFE instance */ ) ), "openflow" ( /* Openflow configuration */ c( "access-list-partition" arg /* Space reserved for openflow access-list rules */ ) ) ) ) ) end rule(:chassis_fpc_error_type) do c( "fatal" ( /* FPC Fatal errors (default threshold = 1) */ chassis_fpc_error_level_major_fatal /* FPC Fatal errors (default threshold = 1) */ ), "major" ( /* FPC Major Level errors (default threshold = 1) */ chassis_fpc_error_level_major_fatal /* FPC Major Level errors (default threshold = 1) */ ), "minor" ( /* FPC Minor Level errors (default threshold = 10) */ chassis_fpc_error_level_minor /* FPC Minor Level errors (default threshold = 10) */ ), chassis_fru_cmerror_override_type /* Error configuration override */, "scope" ( /* Error scope */ chassis_fpc_scope_type /* Error scope */ ) ) end rule(:chassis_fpc_error_level_major_fatal) do c( "threshold" arg /* Error count at which to take the action */, "action" enum(("reset" | "offline" | "alarm" | "get-state" | "log" | "disable-pfe" | "offline-pic" | "trap")) /* Configure the action for this level */ ) end rule(:chassis_fpc_error_level_minor) do c( "threshold" arg /* Error count at which to take the action */, "action" enum(("reset" | "offline" | "alarm" | "get-state" | "log" | "disable-pfe" | "offline-pic" | "trap")) /* Configure the action for this level */ ) end rule(:chassis_fpc_scope_type) do c( "board" ( /* Board level scope */ chassis_fpc_scope_category /* Board level scope */ ), "pfe" ( /* Forwarding engine scope */ chassis_fpc_scope_category /* Forwarding engine scope */ ) ) end rule(:chassis_fpc_scope_category) do c( "category" ( /* FPC error category */ chassis_fpc_scope_category_type /* FPC error category */ ) ) end rule(:chassis_fpc_scope_category_type) do c( "functional" ( /* FPC functional category */ chassis_fpc_scope_category_error_type /* FPC functional category */ ), "memory" ( /* FPC memory category */ chassis_fpc_scope_category_error_type /* FPC memory category */ ), "io" ( /* FPC input-output category */ chassis_fpc_scope_category_error_type /* FPC input-output category */ ), "storage" ( /* FPC storage category */ chassis_fpc_scope_category_error_type /* FPC storage category */ ), "switch" ( /* FPC switch category */ chassis_fpc_scope_category_error_type /* FPC switch category */ ), "processing" ( /* FPC processing category */ chassis_fpc_scope_category_error_type /* FPC processing category */ ) ) end rule(:chassis_fpc_scope_category_error_type) do c( "fatal" ( /* FPC Fatal errors (default threshold = 1) */ chassis_fpc_error_level_type /* FPC Fatal errors (default threshold = 1) */ ), "major" ( /* FPC Major Level errors (default threshold = 1) */ chassis_fpc_error_level_type /* FPC Major Level errors (default threshold = 1) */ ), "minor" ( /* FPC Minor Level errors (default threshold = 10) */ chassis_fpc_error_level_type /* FPC Minor Level errors (default threshold = 10) */ ) ) end rule(:chassis_fpc_error_level_type) do c( "threshold" arg /* Error count at which to take the action (0 - valid for minor only) */, "action" enum(("reset" | "offline" | "alarm" | "get-state" | "log" | "disable-pfe" | "offline-pic" | "trap")) /* Configure the action for this level */ ) end rule(:chassis_fpc_type) do arg.as(:arg) ( c( "auto-speed-detection" ( /* Disables auto-speed detection */ c( c( "disable" /* Disables automatic speed detection */ ) ) ), "ukern-trace" ( /* Set ukern trace */ c( "log" ( /* Set ukern-trace log */ c( "app-type" ( /* Name of application with ukern-trace logs */ ("dfw") ), "logging" ( /* Enable or Disable ukern-trace logging of an app-type */ ("off" | "on") ) ) ) ) ), "sanity-poll" ( /* FPC register sanity poll */ c( "retry-count" arg /* Number of retries before reporting error */, "on-error" ( /* Actions to be taken if inconsistencies are detected */ c( "raise-alarm" /* Raise emergency alarm */, "power" ( /* Power cycle or power off FPC */ ("cycle" | "off") ), "write-coredump" /* Write coredump and continue */ ) ) ) ), "forwarding-options" ( /* Configure options to control packet forwarding */ c( c( "l2-profile-one" ( /* MAC: 288K L3-host: 16K LPM: 16K EM:0, needs reboot for VC; restarts PFE if standalone */ c( "num-65-127-prefix" arg /* IPV6 prefixes > 64, in multiples of 1K e.g 3 = 3x1K entries(default 1) */ ) ), "l2-profile-two" ( /* MAC: 224K L3-host: 80K LPM: 16K EM:0, needs reboot for VC; restarts PFE if standalone */ c( "num-65-127-prefix" arg /* IPV6 prefixes > 64, in multiples of 1K e.g 3 = 3x1K entries(default 1) */ ) ), "l2-profile-three" ( /* (default) MAC: 160K L3-host: 144K LPM: 16K, needs reboot for VC;restarts PFE if standalone */ c( "num-65-127-prefix" arg /* IPV6 prefixes > 64, in multiples of 1K e.g 3 = 3x1K entries(default 1) */ ) ), "l3-profile" ( /* MAC: 96K L3-host: 208K LPM: 16K EM:0, needs reboot for VC; restarts PFE if standalone */ c( "num-65-127-prefix" arg /* IPV6 prefixes > 64, in multiples of 1K e.g 3 = 3x1K entries(default 1) */ ) ), "lpm-profile" ( /* MAC: 32K L3-host: 16K LPM: 128K EM:0, needs reboot for VC; restarts PFE if standalone */ c( "prefix-65-127-disable" /* Disable IPV6 prefixes with length > 64 */, "unicast-in-lpm" /* Install unicast host entries in LPM table */ ) ), "exact-match-profile" ( /* MAC: 8K L3-host: 8K LPM: 16K EM: 64K, needs reboot for VC; restarts PFE if standalone */ c( "num-65-127-prefix" arg /* IPV6 prefixes > 64, in multiples of 1K e.g 3 = 3x1K entries(default 1) */ ) ), "vxlan-gbp-profile" /* MAC: 48K L3-host: 48K LPM: 16K EM:32K, needs reboot for VC; restarts PFE if standalone */, "custom-profile" ( /* (Partition the shared banks, will automatically restart the PFE when configured) */ c( "l2-entries" ( /* Customize l2 entries needed */ c( "num-banks" arg /* Number of banks needed for entries of this type */ ) ), "l3-entries" ( /* Customize l3 entries needed */ c( "num-banks" arg /* Number of banks needed for entries of this type */ ) ), "exact-match-entries" ( /* Customize exact match entries needed */ c( "num-banks" arg /* Number of banks needed for entries of this type */ ) ), "lpm-entries" ( /* Customize lpm banks needed */ c( "num-banks" ( /* Number of banks needed for entries of this type */ ("0" | "2" | "4") ), "prefix-65-127-disable" /* Disable IPV6 prefixes with length > 64 */ ) ), "num-65-127-prefix" arg /* IPV6 prefixes > 64, in multiples of 1K e.g 3 = 3x1K entries(default 1) */ ) ) ) ) ), "pic" ( /* Physical Interface Card number */ chassis_pic_type /* Physical Interface Card number */ ), "optical-options" ( /* Integrated Photonic Line Card settings */ c( "disable-edfa" /* Disable both EDFA */, "no-disable-edfa" /* Don't disable both EDFA */, "disable-osc" /* Disable OSC */, "no-disable-osc" /* Don't disable OSC */, "wavelength" ("1568.77" | "1568.36" | "1568.31" | "1568.26" | "1568.21" | "1568.16" | "1568.11" | "1568.05" | "1568.00" | "1567.95" | "1567.90" | "1567.85" | "1567.80" | "1567.75" | "1567.70" | "1567.64" | "1567.59" | "1567.54" | "1567.49" | "1567.44" | "1567.39" | "1567.34" | "1567.29" | "1567.23" | "1567.18" | "1567.13" | "1567.08" | "1567.03" | "1566.98" | "1566.93" | "1566.88" | "1566.83" | "1566.77" | "1566.72" | "1566.67" | "1566.62" | "1566.57" | "1566.52" | "1566.47" | "1566.42" | "1566.36" | "1566.31" | "1566.26" | "1566.21" | "1566.16" | "1566.11" | "1566.06" | "1566.01" | "1565.96" | "1565.90" | "1565.85" | "1565.80" | "1565.75" | "1565.70" | "1565.65" | "1565.60" | "1565.55" | "1565.50" | "1565.44" | "1565.39" | "1565.34" | "1565.29" | "1565.24" | "1565.19" | "1565.14" | "1565.09" | "1565.04" | "1564.99" | "1564.93" | "1564.88" | "1564.83" | "1564.78" | "1564.73" | "1564.68" | "1564.63" | "1564.58" | "1564.53" | "1564.47" | "1564.42" | "1564.37" | "1564.32" | "1564.27" | "1564.22" | "1564.17" | "1564.12" | "1564.07" | "1564.02" | "1563.96" | "1563.91" | "1563.86" | "1563.81" | "1563.76" | "1563.71" | "1563.66" | "1563.61" | "1563.56" | "1563.51" | "1563.45" | "1563.40" | "1563.35" | "1563.30" | "1563.25" | "1563.20" | "1563.15" | "1563.10" | "1563.05" | "1563.00" | "1562.95" | "1562.89" | "1562.84" | "1562.79" | "1562.74" | "1562.69" | "1562.64" | "1562.59" | "1562.54" | "1562.49" | "1562.44" | "1562.39" | "1562.33" | "1562.28" | "1562.23" | "1562.18" | "1562.13" | "1562.08" | "1562.03" | "1561.98" | "1561.93" | "1561.88" | "1561.83" | "1561.77" | "1561.72" | "1561.67" | "1561.62" | "1561.57" | "1561.52" | "1561.47" | "1561.42" | "1561.37" | "1561.32" | "1561.27" | "1561.22" | "1561.16" | "1561.11" | "1561.06" | "1561.01" | "1560.96" | "1560.91" | "1560.86" | "1560.81" | "1560.76" | "1560.71" | "1560.66" | "1560.61" | "1560.56" | "1560.50" | "1560.45" | "1560.40" | "1560.35" | "1560.30" | "1560.25" | "1560.20" | "1560.15" | "1560.10" | "1560.05" | "1560.00" | "1559.95" | "1559.90" | "1559.84" | "1559.79" | "1559.74" | "1559.69" | "1559.64" | "1559.59" | "1559.54" | "1559.49" | "1559.44" | "1559.39" | "1559.34" | "1559.29" | "1559.24" | "1559.19" | "1559.14" | "1559.08" | "1559.03" | "1558.98" | "1558.93" | "1558.88" | "1558.83" | "1558.78" | "1558.73" | "1558.68" | "1558.63" | "1558.58" | "1558.53" | "1558.48" | "1558.43" | "1558.38" | "1558.32" | "1558.27" | "1558.22" | "1558.17" | "1558.12" | "1558.07" | "1558.02" | "1557.97" | "1557.92" | "1557.87" | "1557.82" | "1557.77" | "1557.72" | "1557.67" | "1557.62" | "1557.57" | "1557.52" | "1557.46" | "1557.41" | "1557.36" | "1557.31" | "1557.26" | "1557.21" | "1557.16" | "1557.11" | "1557.06" | "1557.01" | "1556.96" | "1556.91" | "1556.86" | "1556.81" | "1556.76" | "1556.71" | "1556.66" | "1556.61" | "1556.55" | "1556.50" | "1556.45" | "1556.40" | "1556.35" | "1556.30" | "1556.25" | "1556.20" | "1556.15" | "1556.10" | "1556.05" | "1556.00" | "1555.95" | "1555.90" | "1555.85" | "1555.80" | "1555.75" | "1555.70" | "1555.65" | "1555.60" | "1555.55" | "1555.49" | "1555.44" | "1555.39" | "1555.34" | "1555.29" | "1555.24" | "1555.19" | "1555.14" | "1555.09" | "1555.04" | "1554.99" | "1554.94" | "1554.89" | "1554.84" | "1554.79" | "1554.74" | "1554.69" | "1554.64" | "1554.59" | "1554.54" | "1554.49" | "1554.44" | "1554.39" | "1554.34" | "1554.29" | "1554.23" | "1554.18" | "1554.13" | "1554.08" | "1554.03" | "1553.98" | "1553.93" | "1553.88" | "1553.83" | "1553.78" | "1553.73" | "1553.68" | "1553.63" | "1553.58" | "1553.53" | "1553.48" | "1553.43" | "1553.38" | "1553.33" | "1553.28" | "1553.23" | "1553.18" | "1553.13" | "1553.08" | "1553.03" | "1552.98" | "1552.93" | "1552.88" | "1552.83" | "1552.78" | "1552.73" | "1552.68" | "1552.62" | "1552.57" | "1552.52" | "1552.47" | "1552.42" | "1552.37" | "1552.32" | "1552.27" | "1552.22" | "1552.17" | "1552.12" | "1552.07" | "1552.02" | "1551.97" | "1551.92" | "1551.87" | "1551.82" | "1551.77" | "1551.72" | "1551.67" | "1551.62" | "1551.57" | "1551.52" | "1551.47" | "1551.42" | "1551.37" | "1551.32" | "1551.27" | "1551.22" | "1551.17" | "1551.12" | "1551.07" | "1551.02" | "1550.97" | "1550.92" | "1550.87" | "1550.82" | "1550.77" | "1550.72" | "1550.67" | "1550.62" | "1550.57" | "1550.52" | "1550.47" | "1550.42" | "1550.37" | "1550.32" | "1550.27" | "1550.22" | "1550.17" | "1550.12" | "1550.07" | "1550.02" | "1549.97" | "1549.92" | "1549.87" | "1549.82" | "1549.77" | "1549.72" | "1549.67" | "1549.62" | "1549.57" | "1549.52" | "1549.47" | "1549.42" | "1549.37" | "1549.32" | "1549.26" | "1549.21" | "1549.16" | "1549.11" | "1549.06" | "1549.01" | "1548.96" | "1548.91" | "1548.86" | "1548.81" | "1548.76" | "1548.71" | "1548.66" | "1548.61" | "1548.56" | "1548.51" | "1548.46" | "1548.41" | "1548.36" | "1548.31" | "1548.26" | "1548.21" | "1548.16" | "1548.11" | "1548.06" | "1548.02" | "1547.97" | "1547.92" | "1547.87" | "1547.82" | "1547.77" | "1547.72" | "1547.67" | "1547.62" | "1547.57" | "1547.52" | "1547.47" | "1547.42" | "1547.37" | "1547.32" | "1547.27" | "1547.22" | "1547.17" | "1547.12" | "1547.07" | "1547.02" | "1546.97" | "1546.92" | "1546.87" | "1546.82" | "1546.77" | "1546.72" | "1546.67" | "1546.62" | "1546.57" | "1546.52" | "1546.47" | "1546.42" | "1546.37" | "1546.32" | "1546.27" | "1546.22" | "1546.17" | "1546.12" | "1546.07" | "1546.02" | "1545.97" | "1545.92" | "1545.87" | "1545.82" | "1545.77" | "1545.72" | "1545.67" | "1545.62" | "1545.57" | "1545.52" | "1545.47" | "1545.42" | "1545.37" | "1545.32" | "1545.27" | "1545.22" | "1545.17" | "1545.12" | "1545.07" | "1545.02" | "1544.97" | "1544.92" | "1544.87" | "1544.82" | "1544.77" | "1544.72" | "1544.68" | "1544.63" | "1544.58" | "1544.53" | "1544.48" | "1544.43" | "1544.38" | "1544.33" | "1544.28" | "1544.23" | "1544.18" | "1544.13" | "1544.08" | "1544.03" | "1543.98" | "1543.93" | "1543.88" | "1543.83" | "1543.78" | "1543.73" | "1543.68" | "1543.63" | "1543.58" | "1543.53" | "1543.48" | "1543.43" | "1543.38" | "1543.33" | "1543.28" | "1543.23" | "1543.18" | "1543.13" | "1543.08" | "1543.04" | "1542.99" | "1542.94" | "1542.89" | "1542.84" | "1542.79" | "1542.74" | "1542.69" | "1542.64" | "1542.59" | "1542.54" | "1542.49" | "1542.44" | "1542.39" | "1542.34" | "1542.29" | "1542.24" | "1542.19" | "1542.14" | "1542.09" | "1542.04" | "1541.99" | "1541.94" | "1541.89" | "1541.84" | "1541.80" | "1541.75" | "1541.70" | "1541.65" | "1541.60" | "1541.55" | "1541.50" | "1541.45" | "1541.40" | "1541.35" | "1541.30" | "1541.25" | "1541.20" | "1541.15" | "1541.10" | "1541.05" | "1541.00" | "1540.95" | "1540.90" | "1540.85" | "1540.80" | "1540.76" | "1540.71" | "1540.66" | "1540.61" | "1540.56" | "1540.51" | "1540.46" | "1540.41" | "1540.36" | "1540.31" | "1540.26" | "1540.21" | "1540.16" | "1540.11" | "1540.06" | "1540.01" | "1539.96" | "1539.91" | "1539.86" | "1539.82" | "1539.77" | "1539.72" | "1539.67" | "1539.62" | "1539.57" | "1539.52" | "1539.47" | "1539.42" | "1539.37" | "1539.32" | "1539.27" | "1539.22" | "1539.17" | "1539.12" | "1539.07" | "1539.03" | "1538.98" | "1538.93" | "1538.88" | "1538.83" | "1538.78" | "1538.73" | "1538.68" | "1538.63" | "1538.58" | "1538.53" | "1538.48" | "1538.43" | "1538.38" | "1538.33" | "1538.28" | "1538.24" | "1538.19" | "1538.14" | "1538.09" | "1538.04" | "1537.99" | "1537.94" | "1537.89" | "1537.84" | "1537.79" | "1537.74" | "1537.69" | "1537.64" | "1537.59" | "1537.55" | "1537.50" | "1537.45" | "1537.40" | "1537.35" | "1537.30" | "1537.25" | "1537.20" | "1537.15" | "1537.10" | "1537.05" | "1537.00" | "1536.95" | "1536.90" | "1536.86" | "1536.81" | "1536.76" | "1536.71" | "1536.66" | "1536.61" | "1536.56" | "1536.51" | "1536.46" | "1536.41" | "1536.36" | "1536.31" | "1536.26" | "1536.22" | "1536.17" | "1536.12" | "1536.07" | "1536.02" | "1535.97" | "1535.92" | "1535.87" | "1535.82" | "1535.77" | "1535.72" | "1535.67" | "1535.63" | "1535.58" | "1535.53" | "1535.48" | "1535.43" | "1535.38" | "1535.33" | "1535.28" | "1535.23" | "1535.18" | "1535.13" | "1535.08" | "1535.04" | "1534.99" | "1534.94" | "1534.89" | "1534.84" | "1534.79" | "1534.74" | "1534.69" | "1534.64" | "1534.59" | "1534.54" | "1534.50" | "1534.45" | "1534.40" | "1534.35" | "1534.30" | "1534.25" | "1534.20" | "1534.15" | "1534.10" | "1534.05" | "1534.00" | "1533.96" | "1533.91" | "1533.86" | "1533.81" | "1533.76" | "1533.71" | "1533.66" | "1533.61" | "1533.56" | "1533.51" | "1533.47" | "1533.42" | "1533.37" | "1533.32" | "1533.27" | "1533.22" | "1533.17" | "1533.12" | "1533.07" | "1533.02" | "1532.98" | "1532.93" | "1532.88" | "1532.83" | "1532.78" | "1532.73" | "1532.68" | "1532.63" | "1532.58" | "1532.53" | "1532.49" | "1532.44" | "1532.39" | "1532.34" | "1532.29" | "1532.24" | "1532.19" | "1532.14" | "1532.09" | "1532.04" | "1532.00" | "1531.95" | "1531.90" | "1531.85" | "1531.80" | "1531.75" | "1531.70" | "1531.65" | "1531.60" | "1531.56" | "1531.51" | "1531.46" | "1531.41" | "1531.36" | "1531.31" | "1531.26" | "1531.21" | "1531.16" | "1531.12" | "1531.07" | "1531.02" | "1530.97" | "1530.92" | "1530.87" | "1530.82" | "1530.77" | "1530.72" | "1530.68" | "1530.63" | "1530.58" | "1530.53" | "1530.48" | "1530.43" | "1530.38" | "1530.33" | "1530.29" | "1530.24" | "1530.19" | "1530.14" | "1530.09" | "1530.04" | "1529.99" | "1529.94" | "1529.89" | "1529.85" | "1529.80" | "1529.75" | "1529.70" | "1529.65" | "1529.60" | "1529.55" | "1529.50" | "1529.46" | "1529.41" | "1529.36" | "1529.31" | "1529.26" | "1529.21" | "1529.16" | "1529.11" | "1529.07" | "1529.02" | "1528.97" | "1528.92" | "1528.87" | "1528.82" | "1528.77" | "1528.38") ( /* Wavelength Selective Switch */ c( c( "switch" ( /* Switch the wavelength to an optical interface */ c( arg /* Name of physical interface */ ) ), "wss-express-in" /* Express-in this wavelength to another optical card */ ) ) ), "tca" ( /* Set tca for optical properties */ c( "osc-tx-power-high-tca" ( /* OSC TX power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc tx power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc tx power high TCA in dBm */ ) ), "osc-tx-power-low-tca" ( /* OSC TX power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc tx power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc tx power low TCA in dBm */ ) ), "osc-rx-power-high-tca" ( /* OSC RX power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc rx power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc rx power high TCA in dBm */ ) ), "osc-rx-power-low-tca" ( /* OSC RX power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc rx power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc rx power low TCA in dBm */ ) ), "osc-fiber-loss-high-tca" ( /* OSC fiber loss high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc fiber loss high TCA in dB */, "threshold-24hrs" arg /* Threshold for 24 hour osc fiber loss high TCA in dB */ ) ), "osc-fiber-loss-low-tca" ( /* OSC fiber loss low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc fiber loss low TCA in dB */, "threshold-24hrs" arg /* Threshold for 24 hour osc fiber loss low TCA in dB */ ) ), "lout-voa-high-tca" ( /* LOUT VOA high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute LOUT VOA high TCA in dB */, "threshold-24hrs" arg /* Threshold for 24 hour LOUT VOA high TCA in dB */ ) ), "lout-voa-low-tca" ( /* LOUT VOA low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute LOUT VOA low TCA in dB */, "threshold-24hrs" arg /* Threshold for 24 hour LOUT VOA low TCA in dB */ ) ), "edfa1-in-power-high-tca" ( /* Ingress EDFA input power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Ingress EDFA input power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour Ingress EDFA input power high TCA in dBm */ ) ), "edfa1-in-power-low-tca" ( /* Ingress EDFA input power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Ingress EDFA input power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour Ingress EDFA input power low TCA in dBm */ ) ), "edfa1-out-power-high-tca" ( /* Ingress EDFA output power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Ingress EDFA output power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour Ingress EDFA output power high TCA in dBm */ ) ), "edfa1-out-power-low-tca" ( /* Ingress EDFA output power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Ingress EDFA output power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour Ingress EDFA output power low TCA in dBm */ ) ), "edfa1-sig-power-high-tca" ( /* Ingress EDFA signal power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Ingress EDFA signal power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour Ingress EDFA signal power high TCA in dBm */ ) ), "edfa1-sig-power-low-tca" ( /* Ingress EDFA signal power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Ingress EDFA signal power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour Ingress EDFA signal power low TCA in dBm */ ) ), "edfa1-awg-high-tca" ( /* Ingress EDFA pump AWG high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Ingress EDFA pump AWG high TCA in mW */, "threshold-24hrs" arg /* Threshold for 24 hour Ingress EDFA pump AWG high TCA in mW */ ) ), "edfa1-awg-low-tca" ( /* Ingress EDFA pump AWG low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Ingress EDFA pump AWG low TCA in mW */, "threshold-24hrs" arg /* Threshold for 24 hour Ingress EDFA pump AWG low TCA in mW */ ) ), "edfa1-express-high-tca" ( /* Ingress EDFA pump express high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Ingress EDFA pump express high TCA in mW */, "threshold-24hrs" arg /* Threshold for 24 hour Ingress EDFA pump express high TCA in mW */ ) ), "edfa1-express-low-tca" ( /* Ingress EDFA pump express low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Ingress EDFA pump express low TCA in mW */, "threshold-24hrs" arg /* Threshold for 24 hour Ingress EDFA pump express low TCA in mW */ ) ), "edfa2-in-power-high-tca" ( /* Egress EDFA input power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Egress EDFA input power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour Egress EDFA input power high TCA in dBm */ ) ), "edfa2-in-power-low-tca" ( /* Egress EDFA input power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Egress EDFA input power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour Egress EDFA input power low TCA in dBm */ ) ), "edfa2-out-power-high-tca" ( /* Egress EDFA output power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Egress EDFA output power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour Egress EDFA output power high TCA in dBm */ ) ), "edfa2-out-power-low-tca" ( /* Egress EDFA output power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Egress EDFA output power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour Egress EDFA output power low TCA in dBm */ ) ), "edfa2-sig-power-high-tca" ( /* Egress EDFA signal power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Egress EDFA signal power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour Egress EDFA signal power high TCA in dBm */ ) ), "edfa2-sig-power-low-tca" ( /* Egress EDFA signal power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Egress EDFA signal power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour Egress EDFA signal power low TCA in dBm */ ) ), "edfa2-awg-high-tca" ( /* Egress EDFA pump AWG high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Egress EDFA pump AWG high TCA in mW */, "threshold-24hrs" arg /* Threshold for 24 hour Egress EDFA pump AWG high TCA in mW */ ) ), "edfa2-awg-low-tca" ( /* Egress EDFA pump AWG low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Egress EDFA pump AWG low TCA in mW */, "threshold-24hrs" arg /* Threshold for 24 hour Egress EDFA pump AWG low TCA in mW */ ) ), "edfa2-express-high-tca" ( /* Egress EDFA pump express high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Egress EDFA pump express high TCA in mW */, "threshold-24hrs" arg /* Threshold for 24 hour Egress EDFA pump express high TCA in mW */ ) ), "edfa2-express-low-tca" ( /* Egress EDFA pump express low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Egress EDFA pump express low TCA in mW */, "threshold-24hrs" arg /* Threshold for 24 hour Egress EDFA pump express low TCA in mW */ ) ), "ocm-power-high-line-out-tca" ( /* OCM Power Line Out high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute OCM Power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour OCM Power high TCA in dBm */ ) ), "ocm-power-low-line-out-tca" ( /* OCM Power Line Out low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute OCM Power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour OCM Power low TCA in dBm */ ) ) ) ), "expansion-card" ( /* Associate an expansion card with the IPLC card */ c( "fpc" ( c( arg ) ) ) ), "express-in" ( /* Associate an express-in card with the IPLC card */ c( "fpc" ( c( arg ) ) ) ), "amplifier-chain" ( /* In-line amplifier options */ c( "anchor-iplc" /* Mark IPLC as anchor for In-line amplifier chain */, "no-anchor-iplc" /* Don't mark IPLC as anchor for In-line amplifier chain */, "osc-ip" arg /* IPLC OSC path IPv4 address format w.x.y.z/a */, "osc-mac" arg /* IPLC OSC path MAC address format a:b:c:d:e:f */, "ila" arg ( /* Configure In-line amplifier number */ c( "ila-options" ( /* In-line amplifier settings */ c( "ila-ipv4-address" arg /* In-line amplifier IPV4 address format w.x.y.z/a */, "ila-user" arg /* ILA User Name */, "ila-password" ( /* ILA password string */ unreadable /* ILA password string */ ), "edfa-a-b" ( /* Configure edfa-a-b */ c( "tca-input-power-low" ( /* Input power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute input power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour input power low TCA in dBm */ ) ), "tca-input-power-high" ( /* Input power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute input power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour input power high TCA in dBm */ ) ), "tca-output-power-low" ( /* Output power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute output power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour output power low TCA in dBm */ ) ), "tca-output-power-high" ( /* Output power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute output power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour output power high TCA in dBm */ ) ), "tca-signal-output-power-low" ( /* Signal output power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute signal output power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour signal output power low TCA in dBm */ ) ), "tca-signal-output-power-high" ( /* Signal output power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute signal output power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour signal output power high TCA in dBm */ ) ), "tca-pump0-current-low" ( /* Pump0 current low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump0 current low TCA in mA */, "threshold-24hrs" arg /* Threshold for 24 hour pump0 current low TCA in mA */ ) ), "tca-pump0-current-high" ( /* Pump0 current high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump0 current high TCA in mA */, "threshold-24hrs" arg /* Threshold for 24 hour pump0 current high TCA in mA */ ) ), "tca-pump1-current-low" ( /* Pump1 current low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump1 current low TCA in mA */, "threshold-24hrs" arg /* Threshold for 24 hour pump1 current low TCA in mA */ ) ), "tca-pump1-current-high" ( /* Pump1 current high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump1 current high TCA in mA */, "threshold-24hrs" arg /* Threshold for 24 hour pump1 current high TCA in mA */ ) ), "tca-pump0-temperature-low" ( /* Pump0 temperature low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump0 temperature low TCA in C */, "threshold-24hrs" arg /* Threshold for 24 hour pump0 temperature low TCA in C */ ) ), "tca-pump0-temperature-high" ( /* Pump0 temperature high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump0 temperature high TCA in C */, "threshold-24hrs" arg /* Threshold for 24 hour pump0 temperature high TCA in C */ ) ), "tca-pump1-temperature-low" ( /* Pump1 temperature low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump1 temperature low TCA in C */, "threshold-24hrs" arg /* Threshold for 24 hour pump1 temperature low TCA in C */ ) ), "tca-pump1-temperature-high" ( /* Pump1 temperature high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump1 temperature high TCA in C */, "threshold-24hrs" arg /* Threshold for 24 hour pump1 temperature high TCA in C */ ) ) ) ), "voa-a" ( /* Configure voa-a */ c( "tca-attenuation-low" ( /* Attenuation low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute attenuation low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour attenuation low TCA in dBm */ ) ), "tca-attenuation-high" ( /* Attenuation high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute attenuation high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour attenuation high TCA in dBm */ ) ) ) ), "osc-a" ( /* Configure osc-a */ c( "osc-tx-power-high-tca" ( /* OSC TX power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc tx power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc tx power high TCA in dBm */ ) ), "osc-tx-power-low-tca" ( /* OSC TX power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc tx power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc tx power low TCA in dBm */ ) ), "osc-rx-power-high-tca" ( /* OSC RX power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc rx power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc rx power high TCA in dBm */ ) ), "osc-rx-power-low-tca" ( /* OSC RX power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc rx power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc rx power low TCA in dBm */ ) ), "osc-fiber-loss-high-tca" ( /* OSC fiber loss high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc fiber loss high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc fiber loss high TCA in dBm */ ) ), "osc-fiber-loss-low-tca" ( /* OSC fiber loss low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc fiber loss low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc fiber loss low TCA in dBm */ ) ) ) ), "edfa-b-a" ( /* Configure edfa-b-a */ c( "tca-input-power-low" ( /* Input power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute input power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour input power low TCA in dBm */ ) ), "tca-input-power-high" ( /* Input power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute input power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour input power high TCA in dBm */ ) ), "tca-output-power-low" ( /* Output power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute output power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour output power low TCA in dBm */ ) ), "tca-output-power-high" ( /* Output power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute output power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour output power high TCA in dBm */ ) ), "tca-signal-output-power-low" ( /* Signal output power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute signal output power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour signal output power low TCA in dBm */ ) ), "tca-signal-output-power-high" ( /* Signal output power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute signal output power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour signal output power high TCA in dBm */ ) ), "tca-pump0-current-low" ( /* Pump0 current low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump0 current low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour pump0 current low TCA in dBm */ ) ), "tca-pump0-current-high" ( /* Pump0 current high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump0 current high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour pump0 current high TCA in dBm */ ) ), "tca-pump1-current-low" ( /* Pump1 current low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump1 current low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour pump1 current low TCA in dBm */ ) ), "tca-pump1-current-high" ( /* Pump1 current high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump1 current high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour pump1 current high TCA in dBm */ ) ), "tca-pump0-temperature-low" ( /* Pump0 temperature low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump0 temperature low TCA in C */, "threshold-24hrs" arg /* Threshold for 24 hour pump0 temperature low TCA in C */ ) ), "tca-pump0-temperature-high" ( /* Pump0 temperature high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump0 temperature high TCA in C */, "threshold-24hrs" arg /* Threshold for 24 hour pump0 temperature high TCA in C */ ) ), "tca-pump1-temperature-low" ( /* Pump1 temperature low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump1 temperature low TCA in C */, "threshold-24hrs" arg /* Threshold for 24 hour pump1 temperature low TCA in C */ ) ), "tca-pump1-temperature-high" ( /* Pump1 temperature high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute pump1 temperature high TCA in C */, "threshold-24hrs" arg /* Threshold for 24 hour pump1 temperature high TCA in C */ ) ) ) ), "voa-b" ( /* Configure voa-b */ c( "tca-attenuation-low" ( /* Attenuation low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute attenuation low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour attenuation low TCA in dBm */ ) ), "tca-attenuation-high" ( /* Attenuation high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute attenuation high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour attenuation high TCA in dBm */ ) ) ) ), "osc-b" ( /* Configure osc-b */ c( "osc-tx-power-high-tca" ( /* OSC TX power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc tx power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc tx power high TCA in dBm */ ) ), "osc-tx-power-low-tca" ( /* OSC TX power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc tx power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc tx power low TCA in dBm */ ) ), "osc-rx-power-high-tca" ( /* OSC RX power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc rx power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc rx power high TCA in dBm */ ) ), "osc-rx-power-low-tca" ( /* OSC RX power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc rx power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc rx power low TCA in dBm */ ) ), "osc-fiber-loss-high-tca" ( /* OSC fiber loss high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc fiber loss high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc fiber loss high TCA in dBm */ ) ), "osc-fiber-loss-low-tca" ( /* OSC fiber loss low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute osc fiber loss low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour osc fiber loss low TCA in dBm */ ) ) ) ) ) ) ) ) ) ) ) ), "power" ( /* Power FPCs on or off */ ("off" | "on") ), "traffic-manager" ( /* Configure traffic-manager attributes */ c( "buffer-monitor-enable" /* Enable port buffer monitoring */, "queue-threshold" ( /* Set queue thresholds */ c( "fabric-queue" ( /* Set fabric queue thresholds */ c( "priority" enum(("low" | "high")) ( /* Queue priority */ c( "threshold" arg /* Threshold percentage to be set */ ) ) ) ), "wan-queue" ( /* Set wan queue thresholds */ c( "priority" enum(("low" | "medium-low" | "medium-high" | "high")) ( /* Queue Priority */ c( "threshold" arg /* Threshold percentage to be set */ ) ) ) ) ) ), "enhanced-priority-mode" /* Enable enhanced priority mode */, "no-enhanced-priority-mode" /* Don't enable enhanced priority mode */, "packet-timestamp" ( /* Configure collecting CoS last packet enqueued timestamp */ ("enable" | "disable") ) ) ), "max-power" arg /* Max power to be consumed by MPC */, "route-localization" ( /* Route-Localization fib-remote or fib-local */ ("fib-remote" | "fib-local") ), "vpn-localization" ( /* VPN-localization core-facing-only or core-facing-default */ ("vpn-core-facing-only" | "vpn-core-facing-default") ), "power-budget-priority" arg /* FPC priority number */, c( "disable-power" /* Do not provide power to the card */, "allow-sram-parity-errors" /* Do not power cycle FPC when SRAM parity errors occur */ ), c( "performance-mode" ( /* Enable performance mode, FPC will restart if mode changes from lite mode to performance mode */ c( "number-of-ucode-workers" arg /* Configure number of ucode worker cores, FPC will restart if there is a change in number of ucode worker cores */ ) ), "lite-mode" /* Enable lite mode, FPC will restart if mode changes from performance mode to lite mode */ ), "services-offload" /* Enable services offload on fpc */, "cfp-to-et" /* Enable ET interface and remove CFP client */, "np-cache" /* Enable NP cache and services offload on fpc */, "np-cache-disable" /* Disable NP cache and services offload on fpc */, "offline" /* Keep FPC offline */, "offline-on-fabric-bandwidth-reduction" /* Bring FPC offline when running with reduced fabric bandwidth */, "ir-mode" ( /* Configure IR or R mode for MPC4 and above cards */ ("IR" | "R") ), "no-loss" ( /* PFC lossless buffer configuratios */ c( "buffer" ( /* PFC lossless buffer */ c( "percentage" arg /* Configure buffer space for lossless traffic handling */ ) ) ) ), "license-mode" ( /* Configure license mode for PTX FPC3 and later cards */ ("r" | "ir" | "lsr" | "ip") ), "fabric" ( c( "loopback" ( /* Set fpc fabric loopback mode */ c( "wan" ( /* Enable/Disable fpc fabric wan loopback */ ("off" | "on") ) ) ), "blackhole-action" ( /* Action taken upon fabric plane blackhole involving the FPC */ ("log-only" | "offline" | "restart" | "restart-then-offline") ), "bandwidth-degradation" ( /* Take FPC recovery action when FPC running with reduced fabric bandwidth */ c( "percentage" arg /* The percentage of PFE bandwidth degradation to trigger action */, "no-fabric-switchover" /* Do not perform switchover to spare CB */, "action" ( /* Type of action to trigger */ ("log-only" | "offline" | "restart" | "restart-then-offline") ) ) ) ) ), "port-mirror-instance" arg, "sampling-instance" arg, "inline-services" ( c( "report-zero-oif-gw-on-discard" /* Jflow reports value zero in OIF and GW when traffic is not forwarded */, "flex-flow-sizing" /* No fixed size allocation of flow tables for proto families */, "use-extended-flow-memory" /* Use extended memory for flow records */, "flow-table-size" ( c( "ipv4-flow-table-size" arg /* IPv4 flow table size in units of 256k */, "ipv6-flow-table-size" arg /* IPv6 flow table size in units of 256k */, "vpls-flow-table-size" arg /* VPLS flow table size in units of 256k */, "bridge-flow-table-size" arg /* BRIDGE flow table size in units of 256k */, "ipv6-extended-attrib" /* Enable extended flow attribute */, "mpls-flow-table-size" arg /* MPLS flow table size in units of 256k */ ) ) ) ), "inline-video-monitoring" ( c( "maximum-flows-count" arg /* Maximum number of inline video monitoring flows per PFE instance. */, "flow-table-size" arg /* Size of flow table size per PFE instance */ ) ), "application-services" ( /* Application services configuration */ c( "package" arg /* Package selection */ ) ), "slamon-services" ( /* SLA monitoring services */ c( "rfc2544" /* Enable sla monitoring services */ ) ), "flexible-queuing-mode" /* Enable flexible queuing mode */, "loopback-device-count" arg /* Number of loopbacks */, "interasic-linkerror-recovery-enable" /* Enable inter-asic link error recovery */, "number-of-ports" ( /* Number of physical ports to enable on FPC */ ("8" | "12") ), "pfe" ( /* Packet forwarding engine parameters */ chassis_pfe_type /* Packet forwarding engine parameters */ ), "service-package" ( /* Service package to be loaded on FPC */ ("bundle-rfc2544" | "bundle-nat-ipsec" | "bundle-ptp-enterprise-profile") ), "max-queues" ( /* Maximum number of queues configurable on FPC */ ("8k" | "16k" | "32k" | "48k" | "64k" | "96k" | "128k" | "192k" | "256k" | "384k" | "512k" | "768k" | "1M" | "1536k" | "2M") ), "bandwidth" ( /* Configure bandwidth of FPC */ ("1.6T") ), "pfe-bandwidth" ( /* Configure per PFE bandwidth */ ("240G" | "300G" | "400G") ), "error" ( /* Error level configuration for FPC */ chassis_fpc_error_type /* Error level configuration for FPC */ ), "ether-type" arg ( /* Set Ethernet type on FPC */ c( arg /* Ether type */ ) ), "slc" ( /* Sub-line card (SLC) */ chassis_slc_type /* Sub-line card (SLC) */ ), "openflow" ( /* Openflow configuration */ c( "access-list-partition" arg /* Space reserved for openflow access-list rules */, "buffer-partition" arg /* Buffer space reserved for openflow traffic */ ) ) ) ) end rule(:chassis_fru_cmerror_override_type) do arg.as(:arg) ( c( "state" ( /* State */ ("disable") ), "severity" ( /* Severity */ ("minor" | "major" | "fatal") ), "pfe" ( /* Apply to these pfe */ c( "all" /* Apply to all pfe */ ) ) ) ) end rule(:chassis_pem_type) do c( "minimum" arg /* Minimum number of power supplies required for normal operation */, "feeds" arg /* Number of input feeds required */, "input-current" ( /* Input current (Amps) in each feed */ ("40" | "60") ) ) end rule(:chassis_pfe_type) do arg.as(:arg) ( c( "forwarding-packages" ( /* Associated forwarding package configuration */ c( "mobility" ( /* Mobility related PFE configuration */ c( c( "user-plane" /* User plane function */ ) ) ) ) ), "exception-reporting" ( /* Enable reporting of exceptions in the forwarding path */ c( "category" enum(("layer3" | "layer2" | "firewall" | "forwarding-state" | "packet-errors")) ( /* Exception category type */ c( "inline-monitoring-instance" arg /* Inline monitoring to specified instance */ ) ) ) ), "power" ( /* Power PFEs on or off */ ("off" | "on") ), "tunnel-services" /* Tunnel services configuration */ ) ) end rule(:chassis_pic_type) do arg.as(:arg) ( c( "pic-mode" ( /* PIC mode configuration */ ("1G" | "10G" | "25G" | "40G" | "50G" | "100G" | "400G") ), "tunnel-port" ( /* Tunnel port number */ chassis_port_type /* Tunnel port number */ ), "tunnel-services" ( /* Tunnel services configuration */ c( "bandwidth" ( /* Amount of bandwidth reserved for tunnel service */ ("1g" | "10g" | "20g" | "30g" | "40g" | "50g" | "60g" | "70g" | "80g" | "90g" | "100g" | "200g" | "300g" | "400g" | "480g" | arg) ), "tunnel-only" /* Support only tunnel traffic */, "priority" ( /* Specify bandwidths with priorities */ c( "high" ( /* High Priority */ c( "bandwidth" ( /* Amount of bandwidth reserved for tunnel service */ ("1g" | "10g" | "20g" | "30g" | "40g" | "50g" | "60g" | "70g" | "80g" | "90g" | "100g" | "200g" | "300g" | "400g" | "480g" | arg) ) ) ), "medium" ( /* Medium Priority */ c( "bandwidth" ( /* Amount of bandwidth reserved for tunnel service */ ("1g" | "10g" | "20g" | "30g" | "40g" | "50g" | "60g" | "70g" | "80g" | "90g" | "100g" | "200g" | "300g" | "400g" | "480g" | arg) ) ) ), "low" ( /* Low Priority */ c( "bandwidth" ( /* Amount of bandwidth reserved for tunnel service */ ("1g" | "10g" | "20g" | "30g" | "40g" | "50g" | "60g" | "70g" | "80g" | "90g" | "100g" | "200g" | "300g" | "400g" | "480g" | arg) ) ) ) ) ), "port" arg /* Front panel port number - ACX5048: [16-53], ACX5096: [64-95, 100-103] */, "tunnel-port" arg ( /* Tunnel port number */ c( "bandwidth" ( /* Amount of bandwidth reserved for tunnel service */ ("1g" | "10g" | "20g" | "30g" | "40g" | "50g" | "60g" | "70g" | "80g" | "90g" | "100g" | "200g" | "300g" | "400g" | "480g" | arg) ) ) ) ) ), "interface-type" ( /* Interface prefix */ ("ge" | "xe" | "et") ), "inline-services" ( /* Inline services configuration */ c( "bandwidth" ( /* Amount of bandwidth reserved for inline service */ ("1g" | "10g" | "20g" | "30g" | "40g" | "50g" | "60g" | "70g" | "80g" | "90g" | "100g" | "200g" | "300g" | "400g" | "480g" | arg) ), "fragmentation-mtu" arg /* Set the fragmentation MTU size */, "reassembly-context-age" arg /* Set the re-assembly context age millisecond timeout */, "service-plane-recovery" ( /* Service plane recovery configuration */ c( "disable", "downtime-gap-seconds" arg /* Gap between successive downtime events for recovery */, "downtime-events" arg /* Number of downtime events after which recovery is disabled */ ) ) ) ), c( "adaptive-services" ( /* Adaptive services configuration */ c( "service-package" ( /* AS PIC service package */ c( c( "layer-3" /* Layer 3 service package */, "layer-2" /* Layer 2 service package */, "layer-2-3" /* Combined Layer 2 and Layer 3 service package */, "extension-provider" ( /* Extension provider package configuration */ c( "data-pollers" arg /* Number of cpus dedicated to poll data packets */, "data-flow-affinity" ( /* Enable flow affinity on data cores */ c( "hash-key" ( ("layer-3" | "layer-4") ) ) ), "session-offload" /* Enable session offload */, "no-default-packages" /* Do not load default packages */, "package" arg /* Extension provider package to run on the PIC */, "syslog" enum(("external" | "pfe" | "daemon" | "kernel")) ( /* System logging facility */ c( c( "any" /* All levels */, "emergency" /* Panic conditions */, "alert" /* Conditions that should be corrected immediately */, "critical" /* Critical conditions */, "error" /* Error conditions */, "warning" /* Warning messages */, "notice" /* Conditions that should be handled specially */, "info" /* Informational messages */, "none" /* No messages */ ), "destination" ( /* Sylog destination */ ("routing-engine" | "pic-console") ) ) ) ) ) ) ) ) ) ), "monitoring-services" ( /* Monitoring services configuration */ c( "application" ( /* Application mode */ ("dynamic-flow-capture" | "flow-collector" | "monitor") ) ) ) ), "no-mcast-replication" /* No mcast replication */, "ggsn-services" ( /* GGSN services configuration */ c( "application" ( /* Application mode */ ("ggsn-data" | "ggsn-inspection" | "ggsn-tunnel") ) ) ), "framing" ( /* Framing mode */ ("sonet" | "sdh" | "t3" | "e3" | "t1" | "e1" | "lan") ), "synchronization" ( /* PIC synchronization source */ c( c( "port" arg /* Port Number */ ) ) ), "recovered-clock" ( /* Select recovered clock for this port */ c( "port" arg /* Port Number */, "channel" arg /* Channel Number */ ) ), "vtmapping" ( /* Virtual tunnel mapping mode */ ("klm" | "itu-t") ), "no-concatenate" /* Do not concatenate channels */, "no-multi-rate" /* Disable multi-rate mode */, "channelization" /* Enable Channelization */, "linerate-mode" /* Disable oversubscription. PIC operates in line rate mode */, "speed" ( /* Port speed */ ("1G") ), "mixed-rate-mode" /* PIC operates in mixed-rate-mode. Speed and AE configurable for PIC Ports */, "no-pre-classifier" /* No pre-classification of packets */, "aggregate-ports" /* Aggregate multiple ports on a PIC as a single port */, "number-of-ports" arg /* Number of physical ports to enable on PIC */, "power" ( /* Power off PIC */ ("off") ), "pic-type" arg /* OID of PIC type to be configured */, "aggregated-devices" ( /* Aggregated devices configuration */ c( "ima" ( /* Aggregated device options for Inverse Multiplexing for ATM */ c( "device-count" arg /* Number of IMA groups */ ) ) ) ), "sparse-dlcis" /* Run in sparse data-link connection identifier mode */, "multi-link-layer-2-inline" /* Enable inline layer-2 services */, "q-pic-large-buffer" ( /* Run in large delay buffer mode */ c( c( "small-scale" /* Supports less number of interfaces */, "large-scale" /* Supports large number of interfaces */ ) ) ), "red-buffer-occupancy" ( /* Computation type for RED buffer occupancy */ c( "weighted-averaged" ( /* Weighted-average computation */ c( "instant-usage-weight-exponent" arg /* Weight for instant buffer usage (negative exponent of 2) */ ) ) ) ), "traffic-manager" ( /* Configure traffic manager attributes */ c( "ingress-shaping-overhead" arg /* Number of CoS shaping overhead bytes in ingress */, "egress-shaping-overhead" arg /* Number of CoS shaping overhead bytes in egress */, "queue-buffer-size" ( /* Set the buffer size of output queue */ ("small") ), "mode" ( /* Configure traffic manager mode */ ("egress-only" | "session-shaping" | "ingress-and-egress") ) ) ), "idle-cell-format" ( /* ATM idle cell configuration */ c( "itu-t" /* ITU-T idle cell header format */, "payload-pattern" arg /* Payload pattern byte (0x00-0xff) */ ) ), "atm-l2circuit-mode" ( /* Enable ATM Layer 2 circuit transport mode */ c( c( "aal5" /* ATM Layer 2 circuit AAL5 mode */, "cell" /* ATM Layer 2 circuit cell mode */, "trunk" ( /* Set ATM Layer 2 circuit trunk mode */ c( c( "uni" /* ATM Layer 2 circuit user-to-network interface trunk mode */, "nni" /* ATM Layer 2 circuit network-to-network interface trunk mode */ ) ) ) ) ) ), "atm-cell-relay-accumulation" /* Enable ATM cell-relay accumulation mode */, "services-offload" ( /* Enable services offload */ c( "per-session-statistics" /* Keep per session statistics in NP */, "low-latency" /* Bypass Traffic Management stage to achieve low latency */ ) ), "mlfr-uni-nni-bundles" arg /* Number of multilink Frame Relay UNI NNI (FRF.16) bundles to allocate on PIC */, "mlfr-uni-nni-bundles-inline" arg /* Number of inline multilink frame relay UNI NNI bundles */, "ct3" ( /* CT3 NxDS0 PIC configuration */ c( "port" ( /* CT3 port */ ct3_port_type /* CT3 port */ ) ) ), "ce1" ( /* CE1 NxDS0 PIC configuration */ c( "e1" ( /* E1 link */ ce1_channel_type /* E1 link */ ) ) ), "max-queues-per-interface" ( /* Maximum number of queues per interface on QOS-capable PIC */ ("4" | "8") ), "shdsl" ( /* SHDSL chassis configuration */ c( "pic-mode" ( /* PIC mode */ ("1-port-atm" | "2-port-atm" | "4-port-atm" | "efm") ) ) ), "ethernet" ( /* J-series Ethernet PIM mode configuration */ c( "pic-mode" ( /* PIC mode */ ("switching" | "routing" | "enhanced-switching") ) ) ), "tunnel-queuing" /* Enable queueing for GRE/IPIP tunnels */, "port-mirror-instance" arg, "port" ( /* Port number */ chassis_pic_port_framing /* Port number */ ), "port-range" ( /* Physical ports to channelize */ s( arg, arg, c( "short-reach-mode" ( /* Short reach mode (For ports 0..47) */ ("disable" | "enable") ), "channel-speed" ( /* Port channel speed */ ("10g" | "25g" | "50g" | "disable-auto-speed-detection") ) ) ) ), "fibre-channel" ( /* Fibre channel configuration option */ chassis_fibre_channel_type /* Fibre channel configuration option */ ), "xe" ( /* Ports configurable in 10G mode */ c( "port" ( /* Attribute port */ s( arg ) ), "port-range" ( /* Attribute port range */ s( arg, arg ) ) ) ), "xle" ( /* Ports configurable in 40G mode */ c( "port" ( /* Attribute port */ s( arg ) ), "port-range" ( /* Attribute port range */ s( arg, arg ) ) ) ), "fte" ( /* Ports configurable in 40G HIGIG mode */ c( "port" ( /* Attribute port */ s( arg ) ), "port-range" ( /* Attribute port range */ s( arg, arg ) ) ) ), "qsfp-port" arg ( /* Qsfp port to configure */ c( "port-mode" ( /* Select mode for port-group */ ("40g" | "10g") ) ) ), "sfpplus" ( /* Sfpplus configuration option */ c( "pic-mode" ( /* PIC mode */ ("1g" | "10g") ) ) ), "hash-key" ( /* Select data used in the hash key */ c( "family" ( /* Protocol family */ c( "inet" ( /* IPv4 protocol family */ c( "layer-3" ( /* Include Layer 3 (IP) data in the hash key */ c( "destination-address" /* Include IP destination address in the hash key */ ) ), "layer-4" /* Include Layer 4 (TCP or UDP) data in the hash key */, "symmetric-hash" ( /* Create symmetric hash-key with source & dest ports */ c( "complement" /* Create complement of symmetric hash-key */ ) ) ) ), "multiservice" ( /* Multiservice protocol family */ c( "source-mac" /* Include source MAC address in hash key */, "destination-mac" /* Include destination MAC address in hash key */, "payload" ( /* Include payload data in the hash key */ c( "ip" ( /* Include IPv4 payload data in the hash key */ c( "layer-3" ( /* Include layer-3 ip info for VPLS/Bridge */ c( c( "source-ip-only" /* Include source IP only in hash-key */, "destination-ip-only" /* Include desintation IP only in hash-key */ ) ) ), "layer-4" /* Include layer-4 IP information for VPLS/Bridge */ ) ) ) ), "symmetric-hash" ( /* Create a/symmetric hash-key with any attributes */ c( "complement" /* Create complement of symmetric hash-key */ ) ) ) ) ) ) ) ), "ingress-policer-overhead" arg /* Number of policer overhead bytes in ingress */, "egress-policer-overhead" arg /* Number of policer overhead bytes in egress */, "account-layer2-overhead" /* Account Layer2 overhead in egress and ingress IFD/IFL stats */, "forwarding-mode" ( /* Set 100GE PIC packet distribution mode */ c( c( "sa-multicast" /* Used for Juniper CGE to Juniper 100GE PIC back to back connection */, "vlan-steering" ( /* Steer packet by VLAN id, interoperate with other vendors */ c( "vlan-rule" ( /* Set 100GE PIC forwarding VLAN rule */ ("odd-even" | "high-low") ) ) ) ) ) ), "subscriber-aware-services" /* Enable subscriber aware services */, "ptp-mode" /* Set hardware to run PTP BC applications. */ ) ) end rule(:ce1_channel_type) do arg.as(:arg) ( c( "channel-group" arg ( /* Define channel group */ sc( "timeslots" arg /* DS0 timeslots (1..31); for example, 1-3,4,9,22-24 (no spaces) */ ) ).as(:oneline) ) ) end rule(:chassis_fibre_channel_type) do c( "port" arg /* Fibre channel port */, "port-range" ( /* Fibre channel port range */ s( arg, arg ) ) ) end rule(:chassis_pic_port_framing) do arg.as(:arg) ( c( "short-reach-mode" ( /* Short reach mode (For ports 0...47) */ ("disable" | "enable") ), "framing" ( /* Framing mode */ ("sonet" | "sdh" | "t3" | "e3" | "t1" | "e1") ), "number-of-sub-ports" arg /* Number of subports per physical port */, "unused" /* Keep the port unused. */, "speed" ( /* Port speed */ ("oc3-stm1" | "oc12-stm4" | "oc48-stm16" | "1G" | "10g" | "25g" | "40g" | "100g" | "50g" | "200g" | "400g") ), "channel-speed" ( /* Port channel speed */ ("10g" | "25g" | "50g" | "disable-auto-speed-detection") ), "forwarding-mode" ( /* PIC packet distribution mode - Brooklyn interop mode */ c( "sa-multicast" /* SA multicast mode - interop with 100G Brooklyn PIC */ ) ), "no-mcast-replication" /* No multicast replication */, "traffic-manager" ( /* Configure per port traffic manager mode */ c( "mode" ( /* Configure port traffic manager mode as ingress-and-egress */ ("ingress-and-egress") ) ) ) ) ) end rule(:chassis_port_type) do arg.as(:arg) ( c( "tunnel-services" /* Tunnel services configuration */ ) ) end rule(:chassis_power_off_ports_on_no_master_re_type) do c( c( "disable" /* Disable powering off ports if no master RE present */, "enable" /* Enable Powering of ports if no master RE present */ ) ).as(:oneline) end rule(:chassis_redundancy_type) do c( "routing-engine" ( /* Redundancy options for Routing Engines */ chassis_rdd_re_type /* Redundancy options for Routing Engines */ ), "ssb" ( /* Redundancy options for System Switch Boards */ chassis_rdd_id_type /* Redundancy options for System Switch Boards */ ), "cfeb" ( /* Redundancy options for Compact Forwarding Engine Boards */ chassis_rdd_cfeb_id_type /* Redundancy options for Compact Forwarding Engine Boards */ ), "sfm" ( /* Redundancy options for Switching and Forwarding Modules */ chassis_rdd_sfm_id_type /* Redundancy options for Switching and Forwarding Modules */ ), "failover" ( /* Failover to other Routing Engine */ chassis_rdd_failover_type /* Failover to other Routing Engine */ ), "keepalive-time" arg /* Time before Routing Engine failover */, "mastership-refresh-timeout" arg /* Mastership refresh timeout */, "graceful-switchover" ( /* Enable graceful switchover on supported hardware */ chassis_non_stop_forwarding_type /* Enable graceful switchover on supported hardware */ ), "feb" ( /* Forwarding Engine Board redundancy configuration */ c( "redundancy-group" arg ( c( "description" arg /* Text description of FEB redundancy group */, "feb" arg ( /* Redundancy settings for a Forwarding Engine Board */ c( c( "primary" /* FEB is default master in the redundancy group */, "backup" /* FEB is backup in the redundancy group */ ) ) ), "no-auto-failover" /* Disable automatic FEB failover */ ) ) ) ) ) end rule(:chassis_non_stop_forwarding_type) do c( "traceoptions" ( /* Graceful switchover trace options */ c( "flag" enum(("update" | "all")) /* Tracing parameters */.as(:oneline) ) ) ) end rule(:chassis_rdd_cfeb_id_type) do arg.as(:arg) ( c( c( "always" /* Sole device */, "preferred" /* Preferred device */ ) ) ).as(:oneline) end rule(:chassis_rdd_failover_type) do c( "disable" /* Disable better RE evaluation algorithm */, "category" ( /* Failover category */ chassis_rdd_fail_cat_type /* Failover category */ ), "on-loss-of-keepalives" /* Failover on loss of keepalives */, "on-re-to-fpc-stale" /* Failover on loss of communication between the re and fpc */, "on-disk-failure" /* Failover on disk failure */, "not-on-disk-underperform" /* Prevent gstatd from initiating failovers in response to slow disks */, "disk-read-threshold" arg /* Read threshold (ms) on disk underperform monitoring */, "disk-write-threshold" arg /* Write threshold (ms) on disk underperform monitoring */, "on-loss-of-vm-host-connection" /* Failover on loss of vm host connection */ ) end rule(:chassis_rdd_fail_cat_type) do c( "component-failure" ( /* Failover due to component failure */ chassis_rdd_fail_cat_sev_type /* Failover due to component failure */ ), "software-failure" ( /* Failover due to software failure */ chassis_rdd_fail_cat_sev_type /* Failover due to software failure */ ), "power-failure" ( /* Failover due to power failure */ chassis_rdd_fail_cat_sev_type /* Failover due to power failure */ ), "clock-failure" ( /* Failover due to clock failure */ chassis_rdd_fail_cat_sev_type /* Failover due to clock failure */ ), "link-failure" ( /* Failover due to link failure */ chassis_rdd_fail_cat_sev_type /* Failover due to link failure */ ), "degraded-health" ( /* Failover due to degraded health */ chassis_rdd_fail_cat_sev_type /* Failover due to degraded health */ ) ) end rule(:chassis_rdd_fail_cat_sev_type) do c( "critical" ( /* Critical severity */ chassis_rdd_fail_cat_sev_act_type /* Critical severity */ ), "important" ( /* Important severity */ chassis_rdd_fail_cat_sev_act_type /* Important severity */ ) ) end rule(:chassis_rdd_fail_cat_sev_act_type) do c( "disable" /* Disable action */ ) end rule(:chassis_rdd_id_type) do arg.as(:arg) ( c( c( "always" /* Sole device */, "preferred" /* Preferred device */ ) ) ).as(:oneline) end rule(:chassis_rdd_re_type) do arg.as(:arg) ( c( c( "master" /* Master Routing Engine */, "backup" /* Backup Routing Engine */, "disabled" /* Routing Engine disabled */ ) ) ).as(:oneline) end rule(:chassis_rdd_sfm_id_type) do arg.as(:arg) ( c( c( "always" /* Sole device */, "preferred" /* Preferred device */ ) ) ).as(:oneline) end rule(:chassis_routing_engine_type) do c( "on-disk-failure" ( /* Action to take when Routing Engine disk fails */ chassis_re_on_disk_failure /* Action to take when Routing Engine disk fails */ ), "control-interface" ( /* Configure recovery method and pause frame for control interface */ c( "recovery-method" ( /* Select the recovery method */ ("disable-recovery" | "socket" | "counter") ), "pause-frame" /* Enable or disable Pause frame generation */ ) ), "bios" ( /* Routing Engine BIOS */ c( "no-auto-upgrade" /* Disable routing-engine BIOS auto-upgrade */, "uninterrupt" /* Set routing-engine BIOS uninterruptable */ ) ), "disk" ( /* Action to take for Routing Engine disk */ c( "write-threshold-rate" arg /* Write threshold rate */, "write-threshold-duration" arg /* Write threshold duration */, "smart-check" /* Enable smart check command to disk */, "ssd-series" arg ( /* Specify the ssd vendor series */ c( "id" arg ( /* Attribute ids to monitor of this series type */ c( "id-threshold" arg /* SSD smart attribute threshold */, "id-value" ( /* SSD attribute value */ ("raw" | "norm") ), "id-flag" ( /* SSD attribute flag */ ("low" | "high") ) ) ) ) ) ) ), "usb-wwan" ( /* Enable WWAN (3G) access on the USB port */ c( "port" ( /* Select the port */ ("0" | "1") ) ) ) ) end rule(:chassis_re_on_disk_failure) do c( c( "reboot" /* Reboot on disk failure */, "disk-failure-action" ( ("reboot" | "halt") ) ), "failover" /* Redundancy group 0 failover on disk failure */ ).as(:oneline) end rule(:chassis_sfm_type) do arg.as(:arg) ( c( "power" ( /* Power SFMs on or off */ ("off" | "on") ), c( "disable-power" /* Do not enable power to the card */ ) ) ) end rule(:chassis_sib_type) do c( "slot" arg ( /* SIB slot number */ c( "error" ( /* Error level configuration for SIB */ chassis_sib_error_type /* Error level configuration for SIB */ ) ) ), "minimum" arg /* Minimum number of Switch Interface Boards required for normal operation */, "power-off" ( /* Power off the SIB slot */ c( "slot" arg /* SIB slot number to be powered off */ ) ) ) end rule(:chassis_sib_error_type) do c( "fatal" ( /* SIB Fatal errors (default threshold = 1) */ chassis_sib_error_level_major_fatal /* SIB Fatal errors (default threshold = 1) */ ), "major" ( /* SIB Major Level errors (default threshold = 1) */ chassis_sib_error_level_major_fatal /* SIB Major Level errors (default threshold = 1) */ ), "minor" ( /* SIB Minor Level errors (default threshold = 10) */ chassis_sib_error_level_minor /* SIB Minor Level errors (default threshold = 10) */ ), "scope" ( /* Error scope */ chassis_sib_scope_type /* Error scope */ ) ) end rule(:chassis_sib_error_level_major_fatal) do c( "threshold" arg /* Error count at which to take the action */, "action" enum(("reset" | "offline" | "alarm" | "get-state" | "log")) /* Configure the action for this level */ ) end rule(:chassis_sib_error_level_minor) do c( "threshold" arg /* Error count at which to take the action */, "action" enum(("reset" | "offline" | "alarm" | "get-state" | "log")) /* Configure the action for this level */ ) end rule(:chassis_sib_scope_type) do c( "board" ( /* Board level scope */ chassis_sib_scope_category /* Board level scope */ ), "switch" ( /* SIB scope */ chassis_sib_scope_category /* SIB scope */ ) ) end rule(:chassis_sib_scope_category) do c( "category" ( /* SIB error category */ chassis_sib_scope_category_type /* SIB error category */ ) ) end rule(:chassis_sib_scope_category_type) do c( "functional" ( /* SIB functional category */ chassis_sib_scope_category_error_type /* SIB functional category */ ), "memory" ( /* SIB memory category */ chassis_sib_scope_category_error_type /* SIB memory category */ ), "io" ( /* SIB input-output category */ chassis_sib_scope_category_error_type /* SIB input-output category */ ), "storage" ( /* SIB storage category */ chassis_sib_scope_category_error_type /* SIB storage category */ ), "switch" ( /* SIB switch category */ chassis_sib_scope_category_error_type /* SIB switch category */ ), "processing" ( /* SIB processing category */ chassis_sib_scope_category_error_type /* SIB processing category */ ) ) end rule(:chassis_sib_scope_category_error_type) do c( "fatal" ( /* SIB Fatal errors (default threshold = 1) */ chassis_sib_error_level_type /* SIB Fatal errors (default threshold = 1) */ ), "major" ( /* SIB Major Level errors (default threshold = 1) */ chassis_sib_error_level_type /* SIB Major Level errors (default threshold = 1) */ ), "minor" ( /* SIB Minor Level errors (default threshold = 10) */ chassis_sib_error_level_type /* SIB Minor Level errors (default threshold = 10) */ ) ) end rule(:chassis_sib_error_level_type) do c( "threshold" arg /* Error count at which to take the action (0 - valid for minor only) */, "action" enum(("reset" | "offline" | "alarm" | "get-state" | "log")) /* Configure the action for this level */ ) end rule(:chassis_slc_type) do arg.as(:arg) ( c( "power" ( /* Power SLCs on or off */ ("off" | "on") ) ) ) end rule(:chassisd_redundancy_group_type) do c( "interface-type" ( c( "redundant-logical-tunnel" ( /* Redundant logical tunnel interface group */ c( "device-count" arg /* Number of devices */ ) ), "redundant-virtual-tunnel" ( /* Redundant virtual tunnel interface group */ c( "device-count" arg /* Number of devices */ ) ) ) ) ) end rule(:chassisd_agg_container_type) do c( "device-count" arg /* Number of container devices */ ) end rule(:chassisd_agg_enet_type) do c( "device-count" arg /* Number of aggregated Ethernet devices */, "lacp" ( /* Global Link Aggregation Control Protocol configuration */ c( "system-priority" arg /* Priority of the system (0 ... 65535) */, "link-protection" ( c( "non-revertive" /* Don't revert links when better priority link comes up */ ) ) ) ) ) end rule(:chassisd_agg_pos_type) do c( "device-count" arg /* Number of aggregated SONET devices */ ) end rule(:chassisd_provider_instance_type) do c( "device-count" arg /* Number of provider instance port devices */ ) end rule(:client_address_object) do arg.as(:arg) ( c( "restrict" /* Deny access */ ) ) end rule(:cm_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("general" | "state-machine" | "mirroring" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:collector_destinations_type) do arg.as(:arg) ( c( "password" ( /* Password for accessing URL */ unreadable /* Password for accessing URL */ ) ) ) end rule(:collector_transfer_log_archive_type) do c( "filename-prefix" arg /* Filename prefix for transfer log */, "maximum-age" arg /* Maximum age of transfer log file */, "archive-sites" arg ( sc( "password" ( /* Password to log in to the archive site */ unreadable /* Password to log in to the archive site */ ) ) ).as(:oneline) ) end rule(:comm_object) do c( "snmp-community" arg /* Specify community name */, "no-default-comm-to-v3-config" /* No default snmp-community and v3 configuration */ ) end rule(:cos_object) do c( "application-profile" ( /* One or more CoS application profiles */ cos_application_profile_object /* One or more CoS application profiles */ ), "rule" ( /* One or more CoS rules */ cos_rule_object /* One or more CoS rules */ ), "rule-set" arg ( /* Define a Set of CoS rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ) ) end rule(:cos_application_profile_object) do arg.as(:arg) ( c( "sip" ( /* CoS treatment of Session Initiation Protocol data */ c( "voice" ( /* CoS treatment of SIP voice data */ c( "dscp" arg /* Code point alias or bit string */, "forwarding-class" arg /* Forwarding class assigned to outgoing packets */ ) ), "video" ( /* CoS treatment of SIP video data */ c( "dscp" arg /* Code point alias or bit string */, "forwarding-class" arg /* Forwarding class assigned to outgoing packets */ ) ) ) ), "ftp" ( /* CoS treatment for FTP data */ c( "data" ( c( "dscp" arg /* Code point alias or bit string */, "forwarding-class" arg /* Forwarding class assigned to outgoing packets */ ) ) ) ) ) ) end rule(:cos_policer) do arg.as(:arg) ( c( "premium" ( /* Policer to apply to premium traffic */ ethernet_policer /* Policer to apply to premium traffic */ ), "aggregate" ( /* Policer to apply to aggregate traffic */ ethernet_policer /* Policer to apply to aggregate traffic */ ) ) ) end rule(:cos_policer_input_priority_map) do c( "ieee-802.1p" ( /* Use IEEE 802.1p to determine policer priority map */ c( "premium" arg /* Input traffic's IEEE 802.1p value to which premium policer is applied */ ) ) ) end rule(:cos_policer_output_priority_map) do c( "classifier" ( /* Use classifier as policer priority map */ c( "premium" ( /* Output traffic classifier to which premium policer is applied */ c( "forwarding-class" arg ( /* Select a classification for this priority map */ c( "loss-priority" enum(("low" | "high")) /* Select a loss priority */.as(:oneline) ) ) ) ) ) ) ) end rule(:cos_rule_object) do arg.as(:arg) ( c( "match-direction" ( /* Direction for which the rule match is applied */ ("input" | "output" | "input-output") ), "term" arg ( /* One or more terms in CoS rule */ c( "from" ( /* Match criteria */ sfw_match_object /* Match criteria */ ), "then" ( /* Action to take if the 'from' condition is matched */ c( "dscp" arg /* Code point alias or bit string */, "forwarding-class" arg /* Forwarding class assigned to outgoing packets */, "application-profile" arg /* CoS application profile */, "syslog" /* System log information about the packet */, c( "reflexive" /* Apply mirror rule to reverse traffic */, "revert" /* Apply received COS values to reverse traffic */, "reverse" ( /* CoS treatment for reverse traffic */ c( "dscp" arg /* Code point alias or bit string */, "forwarding-class" arg /* Forwarding class assigned to outgoing packets */, "application-profile" arg /* CoS application profile */, "syslog" /* System log information about the packet */ ) ) ) ) ) ) ), "policy" arg ( /* One or more policies in CoS rule */ c( "match" ( /* Match criteria */ sfw_match_object /* Match criteria */ ), "then" ( /* Action to take if the 'from' condition is matched */ c( "dscp" arg /* Code point alias or bit string */, "forwarding-class" arg /* Forwarding class assigned to outgoing packets */, "application-profile" arg /* CoS application profile */, c( "reflexive" /* Apply mirror rule to reverse traffic */, "revert" /* Apply received COS values to reverse traffic */, "reverse" ( /* CoS treatment for reverse traffic */ c( "dscp" arg /* Code point alias or bit string */, "forwarding-class" arg /* Forwarding class assigned to outgoing packets */, "application-profile" arg /* CoS application profile */ ) ) ) ) ) ) ) ) ) end rule(:cpcd_rule_object_type) do arg.as(:arg) ( c( "match-direction" ( /* Direction for which the rule match is applied */ ("input" | "output" | "input-output") ), "term" arg ( /* Define a captive portal content delivery term */ c( "from" ( /* Define match criteria */ cpcd_match_object_type /* Define match criteria */ ), "then" ( /* Action to take if the 'from' condition is matched */ cpcd_action_object_type /* Action to take if the 'from' condition is matched */ ) ) ) ) ) end rule(:cpcd_action_object_type) do c( c( "accept" /* Accept the packet */, "rewrite" ( /* Rewrite the IP-DA of the packet */ c( "destination-address" ( /* The destination IP address */ ipaddr /* The destination IP address */ ), "destination-port" arg /* The destination port */ ) ), "redirect" ( /* Redirect the http packet */ sc( arg /* URL of the captive portal file */ ) ).as(:oneline), "insert" ( /* Insert tag into the http packet */ c( "tag" arg ( /* Tag name to be inserted */ c( "tag-value" ( /* Tag value to be inserted */ ("subscriber-mac-addr" | "subscriber-ip" | "subscriber-ipv6" | "hostname" | arg) ) ) ) ) ) ), "syslog" /* System log information about the packet */ ) end rule(:cpcd_match_object_type) do c( "destination-address" ("any-unicast" | arg) ( /* Match IP destination address */ sc( "except" /* Match address not in this prefix */ ) ).as(:oneline), "destination-address-range" ( /* Match IP destination address range */ s( "low" arg /* Lower limit of address range */, "high" arg /* Upper limit of address range */, c( "except" /* Match address not in this prefix */ ) ) ).as(:oneline), "destination-prefix-list" arg ( /* One or more named lists of destination prefixes to match */ sc( "except" /* Name of prefix list not to match against */ ) ).as(:oneline), "applications" arg ( /* Match one or more applications */ c( "application-protocol" ( /* Application protocol type */ ("bootp" | "dce-rpc" | "dce-rpc-portmap" | "dns" | "exec" | "ftp" | "ftp-data" | "gprs-gtp-c" | "gprs-gtp-u" | "gprs-gtp-v0" | "gprs-sctp" | "h323" | "icmp" | "icmpv6" | "ignore" | "iiop" | "ike-esp-nat" | "ip" | "login" | "mgcp-ca" | "mgcp-ua" | "ms-rpc" | "netbios" | "netshow" | "none" | "pptp" | "q931" | "ras" | "realaudio" | "rpc" | "rpc-portmap" | "rsh" | "rtsp" | "sccp" | "sip" | "shell" | "snmp" | "sqlnet" | "sqlnet-v2" | "sun-rpc" | "talk" | "tftp" | "traceroute" | "http" | "winframe" | "https" | "imap" | "smtp" | "ssh" | "telnet" | "twamp" | "pop3" | "smtps" | "imaps" | "pop3s") ), "protocol" ( /* Match IP protocol type */ ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | arg) ), "source-port" ( /* Match TCP/UDP source port */ ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port" ( /* Match TCP/UDP destination port */ ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ) ) ) end rule(:cpcd_trace_options_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "clicommand" | "general" | "rtsock" | "statistics" | "rules" | "ssets" | "ipc" | "gres" | "re-services" | "re-svc-debug-stat" | "all")) /* Captive portal operations to include in debugging trace */.as(:oneline) ) end rule(:ct3_port_type) do arg.as(:arg) ( c( "t1" ( /* T1 link */ ct3_channel_type /* T1 link */ ) ) ) end rule(:ct3_channel_type) do arg.as(:arg) ( c( "channel-group" arg ( /* Define channel group */ sc( "timeslots" arg /* DS0 timeslots (1..24); for example, 1-3,4,9,22-24 (no spaces) */ ) ).as(:oneline) ) ) end rule(:custom_attack_group_type) do arg.as(:arg) ( c( "attack-group-description" arg /* Attack group description in xml format */, "group-members" arg /* List of attacks/attack groups belonging to this group */ ) ) end rule(:custom_attack_type) do arg.as(:arg) ( c( "attack-description" arg /* Attack description */, "recommended-action" ( /* Recommended Action */ ("none" | "ignore" | "drop-packet" | "drop" | "close-client" | "close-server" | "close") ), "severity" ( /* Select the severity that matches the lethality of this attack on your network */ ("info" | "warning" | "minor" | "major" | "critical") ), "time-binding" ( /* Time binding params */ c( "count" arg /* Number of times this attack is to be triggered */, "scope" ( /* Scope within which the count occurs */ ("peer" | "source" | "destination") ), "interval" arg /* Maximum time-gap between two instances of the attack. Format : MMm-SSs */ ) ), "detection-filter" ( /* Detection filter params */ c( "count" arg /* Number of matches for this attack to be triggered. Must be greater than 0 */, "scope" ( /* Scope within which the count occurs */ ("session" | "source" | "destination") ), "interval" arg /* Time period over which count is accrued. Format : MMm-SSs. Minimum value is 1 second */ ) ), "attack-type" ( /* Type of attack */ c( "signature" ( /* Signature based attack */ c( "protocol-binding" ( /* Protocol binding over which attack will be detected */ c( c( "tcp" ( /* Attack is for TCP packets only */ c( "minimum-port" ( /* Multiple sets of (single port/port ranges) can be specified */ port_range /* Multiple sets of (single port/port ranges) can be specified */ ) ) ), "udp" ( /* Attack is for UDP packets only */ c( "minimum-port" ( /* Either single port or port ranges can be specified */ port_range /* Either single port or port ranges can be specified */ ) ) ), "rpc" ( /* Attack is for RPC packets only */ c( "program-number" arg /* RPC Program Number */ ) ), "icmp" /* Attack is for ICMP packets only */, "icmpv6" /* Attack is for ICMPv6 packets only */, "ip" ( /* Attack is for all IP based packets */ c( "protocol-number" arg /* Transport layer protocol number */ ) ), "ipv6" ( /* Attack is for all IPv6 based packets */ c( "protocol-number" arg /* Transport layer protocol number */ ) ), "application" arg /* Application name */, "nested-application" arg /* Nested application name */ ) ) ), "context" arg /* Context */, "pattern" arg /* Pattern is the signature of the attack you want to detect */, "pattern-pcre" arg /* Attack signature pattern in PCRE format */, "content" ( /* Mention the match-modifire parameters to enhance pattern matching */ c( "pattern" arg /* Specify match-modifier pattern */, "pcre" arg /* PCRE expression */, "depth" ( /* Maximum depth to search pattern within a packet. Depth is not relative */ c( "depth-value" arg /* Specify the value of 'depth' */, "depth-variable" arg /* Specify the variable name from which 'depth' should be extracted */ ) ), "offset" ( /* Where to start searching for a pattern within a packet. Offset value is not relative */ c( "offset-value" arg /* Specify the value of 'offset' */, "offset-variable" arg /* Specify the variable name from which 'offset' should be extracted */ ) ), "within" ( /* Maximum Number of bytes present between two conjugative pattern match. within is relative */ c( "within-value" arg /* Specify the value of 'within' */, "within-variable" arg /* Specify the variable name from which 'within' should be extracted */ ) ), "distance" ( /* Maximum Length to ignore before searching next pattern match. Distance is relative */ c( "distance-value" arg /* Specify the value of 'distance' */, "distance-variable" arg /* Specify the variable name from which 'distance' should be extracted */ ) ), "byte-extract" ( /* Mention the byte-extract parameters for signature in length encoded protocols */ c( "bytes" arg /* Specify the number of bytes to extract from packet */, "offset" arg /* Specify the number of bytes in to payload to start processing */, "var-name" arg /* Specify the name of the variable to reference in other rule options */, "relative" /* Specify whether to use an offset relative to last pattern match or not */, "multiplier" arg /* Specify the value to be multiplied against the bytes read */, "endianness" ( /* Specify the endianness with which bytes read should be processed */ ("Little" | "Big") ), "align" ( /* Specify the byte alignment */ ("2-byte" | "4-byte") ), "string" ( /* Specify the data type in which string data should be parsed */ ("hex" | "dec" | "oct") ), "bitmask" arg /* Specify the bitmask (1-4 bytes) for AND operation in hexadecimal format */ ) ), "byte-test" ( /* Mention the byte-test parameters for signature in length encoded protocols */ c( "bytes" arg /* Specify the number of bytes to extract from packet */, "offset" ( /* Mention the offset variable name or offset value to be used */ c( "offset-value" arg /* Specify the number of bytes in to payload to start processing */, "offset-variable" arg /* Specify the name of the offset variable */ ) ), "rvalue" ( /* Specify the rvalue to test the converted value against */ c( "rvalue-value" arg /* Specify the value */, "rvalue-variable" arg /* Specify the variable name */ ) ), "relative" /* Specify whether to use an offset relative to last pattern match or not */, "operator" ( /* Specify the operation to perform on extracted value */ ("less-than" | "greater-than" | "less-than-or-equal" | "greater-than-or-equal" | "equal" | "bitwise-AND" | "bitwise-XOR") ), "negate" /* Check if the operator is not true */, "endianness" ( /* Specify the endianness with which bytes read should be processed */ ("Little" | "Big") ), "string" ( /* Specify the data type in which string data should be parsed */ ("hex" | "dec" | "oct") ), "bitmask" arg /* Specify the bitmask (1-4 bytes) for AND operation in hexadecimal format */ ) ), "byte-math" ( /* Mention the byte-math parameters for signature in length encoded protocols */ c( "bytes" arg /* Specify the number of bytes to extract from packet */, "offset" arg /* Specify the number of bytes in to payload to start processing */, "rvalue" ( /* Specify the value to use mathematical operation against */ c( "rvalue-value" arg /* Specify the value */, "rvalue-variable" arg /* Specify the variable name */ ) ), "relative" /* Specify whether to use an offset relative to last pattern match or not */, "operator" ( /* Specify the operation to perform on extracted value */ ("addition" | "subtraction" | "multiplication" | "division" | "right-shift" | "left-shift") ), "endianness" ( /* Specify the endianness with which bytes read should be processed */ ("Little" | "Big") ), "string" ( /* Specify the data type in which string data should be parsed */ ("hex" | "dec" | "oct") ), "bitmask" arg /* Specify the bitmask (1-4 bytes) for AND operation in hexadecimal format */, "result" arg /* Specify the variable name to which result should be stored */ ) ), "byte-jump" ( /* Mention the byte-jump parameters for signature in length encoded protocols */ c( "bytes" arg /* Specify the number of bytes to extract from packet */, "offset" ( /* Mention the offset variable name or offset value to be used */ c( "offset-value" arg /* Specify the number of bytes in to payload to start processing */, "offset-variable" arg /* Specify the name of the offset variable */ ) ), "relative" /* Specify whether to use an offset relative to last pattern match or not */, "multiplier" arg /* Specify the value to be multiplied against the bytes read */, "endianness" ( /* Specify the endianness with which bytes read should be processed */ ("Little" | "Big") ), "align" ( /* Specify the endianness with which bytes read should be processed */ ("4-byte") ), "string" ( /* Specify the data type in which string data should be parsed */ ("hex" | "dec" | "oct") ), "bitmask" arg /* Specify the bitmask (1-4 bytes) for AND operation in hexadecimal format */, "from-beginning" /* Enable jump from the beginning of the payload */, "from-end" /* Enable jump from the end of the payload */, "post-offset" arg /* Specify the number of bytes to skip forward or backward */ ) ), "is-data-at" ( /* Mention the is-data-at parameters for signature in length encoded protocols */ c( "offset" ( /* Mention the offset variable name or offset value to be used */ c( "offset-value" arg /* Specify the number of bytes in to payload to start processing */, "offset-variable" arg /* Specify the name of the offset variable */ ) ), "relative" /* Specify whether to use an offset relative to last pattern match or not */, "negate" /* Negates the results of the isdataat test */ ) ) ) ), "optional-parameters" ( /* Mention the optional parameters to enhance pattern matching */ c( "min-offset" arg /* Minimum offset in data at which pattern-match can end */, "max-offset" arg /* Maximum offset in data at which pattern-match can end */, "min-length" arg /* Minimum match length required to match the pattern */, "edit-distance" arg /* Match the pattern within this edit distance */, "hamming-distance" arg /* Match the pattern within this hamming distance */ ) ), "regexp" arg /* Regular expression used for matching repetition of patterns */, "negate" /* Trigger the attack if condition is not met */, "direction" ( /* Connection direction of the attack */ ("client-to-server" | "server-to-client" | "any") ), "shellcode" ( /* Specify shellcode flag for this attack */ ("intel" | "sparc" | "all" | "no-shellcode") ), "protocol" ( /* Protocol header matches */ c( "ipv4" ( /* IPv4 protocol parameters */ c( "tos" ( /* Type of Service */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "ihl" ( /* Header length in words */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "total-length" ( /* Total Length of IP datagram */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "identification" ( /* Fragment Identification */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "ip-flags" ( /* IP Flag bits */ sc( "rb" /* Reserved bit */, "no-rb" /* Don't reserved bit */, "mf" /* More Fragment bit */, "no-mf" /* Don't more Fragment bit */, "df" /* Don't Fragment bit */, "no-df" /* Don't don't Fragment bit */ ) ).as(:oneline), "ttl" ( /* Time to live */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "protocol" ( /* Transport layer protocol */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "source" ( /* Source IP-address/Hostname */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" ( /* Match value */ ipv4addr /* Match value */ ) ) ), "destination" ( /* Destination IP-address/Hostname */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" ( /* Match value */ ipv4addr /* Match value */ ) ) ), "checksum-validate" ( /* Validate checksum field against calculated checksum */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ) ) ), "ipv6" ( /* IPv6 protocol parameters */ c( "traffic-class" ( /* Traffic class. Similar to TOS in IPv4 */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "payload-length" ( /* Length of the payload in the IPv6 datagram */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "flow-label" ( /* Flow label identification */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "hop-limit" ( /* Hop limit */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "next-header" ( /* The header following the basic IPv6 header */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "source" ( /* Source IP-address or hostname */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" ( /* Match value */ ipv6addr /* Match value */ ) ) ), "destination" ( /* Destination IP-address or hostname */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" ( /* Match value */ ipv6addr /* Match value */ ) ) ), "extension-header" ( /* IPv6 Extension headers */ c( "routing-header" ( /* IPv6 Routing extension header */ c( "header-type" ( /* Routing header type */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ) ) ), "destination-option" ( /* IPv6 Destination option extension header */ c( "option-type" ( /* Destination option header type */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "home-address" ( /* IPv6 Home address of the mobile node */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" ( /* Match value */ ipv6addr /* Match value */ ) ) ) ) ) ) ) ) ), "tcp" ( /* TCP protocol parameters */ c( "source-port" ( /* Source port */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "destination-port" ( /* Destination port */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "sequence-number" ( /* Sequence Number */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "ack-number" ( /* Acknowledgement Number */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "header-length" ( /* Header Length in words */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "reserved" ( /* Three reserved bits */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "window-size" ( /* Window Size */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "urgent-pointer" ( /* Urgent Pointer */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "tcp-flags" ( /* TCP header flags */ sc( "r1" /* Set Reserverd bit 1 */, "no-r1" /* Don't set Reserverd bit 1 */, "r2" /* Set Reserved bit 2 */, "no-r2" /* Don't set Reserved bit 2 */, "urg" /* Set Urgent bit */, "no-urg" /* Don't set Urgent bit */, "ack" /* Set Acknowledge bit */, "no-ack" /* Don't set Acknowledge bit */, "psh" /* Set Push bit */, "no-psh" /* Don't set Push bit */, "rst" /* Set Reset bit */, "no-rst" /* Don't set Reset bit */, "syn" /* Set SYN bit */, "no-syn" /* Don't set SYN bit */, "fin" /* Set FINish bit */, "no-fin" /* Don't set FINish bit */ ) ).as(:oneline), "option" ( /* Kind */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "data-length" ( /* Size of IP datagram subtracted by TCP header length */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "window-scale" ( /* Window scale */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "mss" ( /* Maximum Segment Size */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "checksum-validate" ( /* Validate checksum field against calculated checksum */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ) ) ), "udp" ( /* UDP protocol parameters */ c( "source-port" ( /* Source port */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "destination-port" ( /* Destination port */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "data-length" ( /* Size of IP datagram subtracted by UDP header length */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "checksum-validate" ( /* Validate checksum field against calculated checksum */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ) ) ), "icmp" ( /* ICMP protocol parameters */ c( "type" ( /* Type */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "code" ( /* Code */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "identification" ( /* Identifier in echo request/reply */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "sequence-number" ( /* Sequence Number */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "data-length" ( /* Size of IP datagram subtracted by ICMP header length */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "checksum-validate" ( /* Validate checksum field against calculated checksum */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ) ) ), "icmpv6" ( /* ICMPv6 protocol parameters */ c( "type" ( /* Type */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "code" ( /* Code */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "identification" ( /* Identifier in echo request/reply */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "sequence-number" ( /* Sequence number */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "data-length" ( /* Size of IPv6 datagram subtracted by ICMPv6 header length */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "checksum-validate" ( /* Validate checksum field against calculated checksum */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ) ) ) ) ) ) ), "anomaly" ( /* Protocol anomaly */ c( "service" arg /* Service name */, "test" arg /* Protocol anomaly condition to be checked */, "direction" ( /* Direction */ ("client-to-server" | "server-to-client" | "any") ), "shellcode" ( /* Specify shellcode flag for this attack */ ("intel" | "sparc" | "all" | "no-shellcode") ) ) ), "chain" ( /* Chain attack */ c( "protocol-binding" ( /* Protocol binding over which attack will be detected */ c( c( "tcp" ( /* Attack is for TCP packets only */ c( "minimum-port" ( /* Multiple sets of (single port/port ranges) can be specified */ port_range /* Multiple sets of (single port/port ranges) can be specified */ ) ) ), "udp" ( /* Attack is for UDP packets only */ c( "minimum-port" ( /* Either single port or port ranges can be specified */ port_range /* Either single port or port ranges can be specified */ ) ) ), "rpc" ( /* Attack is for RPC packets only */ c( "program-number" arg /* RPC Program Number */ ) ), "icmp" /* Attack is for ICMP packets only */, "icmpv6" /* Attack is for ICMPv6 packets only */, "ip" ( /* Attack is for all IP based packets */ c( "protocol-number" arg /* Transport layer protocol number */ ) ), "ipv6" ( /* Attack is for all IPv6 based packets */ c( "protocol-number" arg /* Transport layer protocol number */ ) ), "application" arg /* Application name */, "nested-application" arg /* Nested application name */ ) ) ), "scope" ( /* Scope of the attack */ ("session" | "transaction") ), "order" /* Attacks should match in the order in which they are defined */, "reset" /* Repeat match should generate a new alert */, "expression" arg /* Boolean Expression(or, and, oand). Multiple expressions can be combined using parenthesis. */, "member" ( /* List of member attacks. */ chain_member_type /* List of member attacks. */ ) ) ) ) ) ) ) end rule(:chain_member_type) do arg.as(:arg) ( c( "attack-type" ( /* Type of attack */ c( "signature" ( /* Signature based attack */ c( "context" arg /* Context */, "pattern" arg /* Pattern is the signature of the attack you want to detect */, "pattern-pcre" arg /* Attack signature pattern in PCRE format */, "content" ( /* Mention the match-modifire parameters to enhance pattern matching */ c( "pattern" arg /* Specify match-modifier pattern */, "pcre" arg /* PCRE expression */, "depth" ( /* Maximum depth to search pattern within a packet. Depth is not relative */ c( "depth-value" arg /* Specify the value of 'depth' */, "depth-variable" arg /* Specify the variable name from which 'depth' should be extracted */ ) ), "offset" ( /* Where to start searching for a pattern within a packet. Offset value is not relative */ c( "offset-value" arg /* Specify the value of 'offset' */, "offset-variable" arg /* Specify the variable name from which 'offset' should be extracted */ ) ), "within" ( /* Maximum Number of bytes present between two conjugative pattern match. within is relative */ c( "within-value" arg /* Specify the value of 'within' */, "within-variable" arg /* Specify the variable name from which 'within' should be extracted */ ) ), "distance" ( /* Maximum Length to ignore before searching next pattern match. Distance is relative */ c( "distance-value" arg /* Specify the value of 'distance' */, "distance-variable" arg /* Specify the variable name from which 'distance' should be extracted */ ) ), "byte-extract" ( /* Mention the byte-extract parameters for signature in length encoded protocols */ c( "bytes" arg /* Specify the number of bytes to extract from packet */, "offset" arg /* Specify the number of bytes in to payload to start processing */, "var-name" arg /* Specify the name of the variable to reference in other rule options */, "relative" /* Specify whether to use an offset relative to last pattern match or not */, "multiplier" arg /* Specify the value to be multiplied against the bytes read */, "endianness" ( /* Specify the endianness with which bytes read should be processed */ ("Little" | "Big") ), "align" ( /* Specify the byte alignment */ ("2-byte" | "4-byte") ), "string" ( /* Specify the data type in which string data should be parsed */ ("hex" | "dec" | "oct") ), "bitmask" arg /* Specify the bitmask (1-4 bytes) for AND operation in hexadecimal format */ ) ), "byte-test" ( /* Mention the byte-test parameters for signature in length encoded protocols */ c( "bytes" arg /* Specify the number of bytes to extract from packet */, "offset" ( /* Mention the offset variable name or offset value to be used */ c( "offset-value" arg /* Specify the number of bytes in to payload to start processing */, "offset-variable" arg /* Specify the name of the offset variable */ ) ), "rvalue" ( /* Specify the rvalue to test the converted value against */ c( "rvalue-value" arg /* Specify the value */, "rvalue-variable" arg /* Specify the variable name */ ) ), "relative" /* Specify whether to use an offset relative to last pattern match or not */, "operator" ( /* Specify the operation to perform on extracted value */ ("less-than" | "greater-than" | "less-than-or-equal" | "greater-than-or-equal" | "equal" | "bitwise-AND" | "bitwise-XOR") ), "negate" /* Check if the operator is not true */, "endianness" ( /* Specify the endianness with which bytes read should be processed */ ("Little" | "Big") ), "string" ( /* Specify the data type in which string data should be parsed */ ("hex" | "dec" | "oct") ), "bitmask" arg /* Specify the bitmask (1-4 bytes) for AND operation in hexadecimal format */ ) ), "byte-math" ( /* Mention the byte-math parameters for signature in length encoded protocols */ c( "bytes" arg /* Specify the number of bytes to extract from packet */, "offset" arg /* Specify the number of bytes in to payload to start processing */, "rvalue" ( /* Specify the value to use mathematical operation against */ c( "rvalue-value" arg /* Specify the value */, "rvalue-variable" arg /* Specify the variable name */ ) ), "relative" /* Specify whether to use an offset relative to last pattern match or not */, "operator" ( /* Specify the operation to perform on extracted value */ ("addition" | "subtraction" | "multiplication" | "division" | "right-shift" | "left-shift") ), "endianness" ( /* Specify the endianness with which bytes read should be processed */ ("Little" | "Big") ), "string" ( /* Specify the data type in which string data should be parsed */ ("hex" | "dec" | "oct") ), "bitmask" arg /* Specify the bitmask (1-4 bytes) for AND operation in hexadecimal format */, "result" arg /* Specify the variable name to which result should be stored */ ) ), "byte-jump" ( /* Mention the byte-jump parameters for signature in length encoded protocols */ c( "bytes" arg /* Specify the number of bytes to extract from packet */, "offset" ( /* Mention the offset variable name or offset value to be used */ c( "offset-value" arg /* Specify the number of bytes in to payload to start processing */, "offset-variable" arg /* Specify the name of the offset variable */ ) ), "relative" /* Specify whether to use an offset relative to last pattern match or not */, "multiplier" arg /* Specify the value to be multiplied against the bytes read */, "endianness" ( /* Specify the endianness with which bytes read should be processed */ ("Little" | "Big") ), "align" ( /* Specify the endianness with which bytes read should be processed */ ("4-byte") ), "string" ( /* Specify the data type in which string data should be parsed */ ("hex" | "dec" | "oct") ), "bitmask" arg /* Specify the bitmask (1-4 bytes) for AND operation in hexadecimal format */, "from-beginning" /* Enable jump from the beginning of the payload */, "from-end" /* Enable jump from the end of the payload */, "post-offset" arg /* Specify the number of bytes to skip forward or backward */ ) ), "is-data-at" ( /* Mention the is-data-at parameters for signature in length encoded protocols */ c( "offset" ( /* Mention the offset variable name or offset value to be used */ c( "offset-value" arg /* Specify the number of bytes in to payload to start processing */, "offset-variable" arg /* Specify the name of the offset variable */ ) ), "relative" /* Specify whether to use an offset relative to last pattern match or not */, "negate" /* Negates the results of the isdataat test */ ) ) ) ), "optional-parameters" ( /* Mention the optional parameters to enhance pattern matching */ c( "min-offset" arg /* Minimum offset in data at which pattern-match can end */, "max-offset" arg /* Maximum offset in data at which pattern-match can end */, "min-length" arg /* Minimum match length required to match the pattern */, "edit-distance" arg /* Match the pattern within this edit distance */, "hamming-distance" arg /* Match the pattern within this hamming distance */ ) ), "regexp" arg /* Regular expression used for matching repetition of patterns */, "negate" /* Trigger the attack if condition is not met */, "direction" ( /* Connection direction of the attack */ ("client-to-server" | "server-to-client" | "any") ), "shellcode" ( /* Specify shellcode flag for this attack */ ("intel" | "sparc" | "all" | "no-shellcode") ), "protocol" ( /* Protocol header matches */ c( "ipv4" ( /* IPv4 protocol parameters */ c( "tos" ( /* Type of Service */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "ihl" ( /* Header length in words */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "total-length" ( /* Total Length of IP datagram */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "identification" ( /* Fragment Identification */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "ip-flags" ( /* IP Flag bits */ sc( "rb" /* Reserved bit */, "no-rb" /* Don't reserved bit */, "mf" /* More Fragment bit */, "no-mf" /* Don't more Fragment bit */, "df" /* Don't Fragment bit */, "no-df" /* Don't don't Fragment bit */ ) ).as(:oneline), "ttl" ( /* Time to live */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "protocol" ( /* Transport layer protocol */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "source" ( /* Source IP-address/Hostname */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" ( /* Match value */ ipv4addr /* Match value */ ) ) ), "destination" ( /* Destination IP-address/Hostname */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" ( /* Match value */ ipv4addr /* Match value */ ) ) ), "checksum-validate" ( /* Validate checksum field against calculated checksum */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ) ) ), "ipv6" ( /* IPv6 protocol parameters */ c( "traffic-class" ( /* Traffic class. Similar to TOS in IPv4 */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "payload-length" ( /* Length of the payload in the IPv6 datagram */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "flow-label" ( /* Flow label identification */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "hop-limit" ( /* Hop limit */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "next-header" ( /* The header following the basic IPv6 header */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "source" ( /* Source IP-address or hostname */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" ( /* Match value */ ipv6addr /* Match value */ ) ) ), "destination" ( /* Destination IP-address or hostname */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" ( /* Match value */ ipv6addr /* Match value */ ) ) ), "extension-header" ( /* IPv6 Extension headers */ c( "routing-header" ( /* IPv6 Routing extension header */ c( "header-type" ( /* Routing header type */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ) ) ), "destination-option" ( /* IPv6 Destination option extension header */ c( "option-type" ( /* Destination option header type */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "home-address" ( /* IPv6 Home address of the mobile node */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" ( /* Match value */ ipv6addr /* Match value */ ) ) ) ) ) ) ) ) ), "tcp" ( /* TCP protocol parameters */ c( "source-port" ( /* Source port */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "destination-port" ( /* Destination port */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "sequence-number" ( /* Sequence Number */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "ack-number" ( /* Acknowledgement Number */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "header-length" ( /* Header Length in words */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "reserved" ( /* Three reserved bits */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "window-size" ( /* Window Size */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "urgent-pointer" ( /* Urgent Pointer */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "tcp-flags" ( /* TCP header flags */ sc( "r1" /* Set Reserverd bit 1 */, "no-r1" /* Don't set Reserverd bit 1 */, "r2" /* Set Reserved bit 2 */, "no-r2" /* Don't set Reserved bit 2 */, "urg" /* Set Urgent bit */, "no-urg" /* Don't set Urgent bit */, "ack" /* Set Acknowledge bit */, "no-ack" /* Don't set Acknowledge bit */, "psh" /* Set Push bit */, "no-psh" /* Don't set Push bit */, "rst" /* Set Reset bit */, "no-rst" /* Don't set Reset bit */, "syn" /* Set SYN bit */, "no-syn" /* Don't set SYN bit */, "fin" /* Set FINish bit */, "no-fin" /* Don't set FINish bit */ ) ).as(:oneline), "option" ( /* Kind */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "data-length" ( /* Size of IP datagram subtracted by TCP header length */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "window-scale" ( /* Window scale */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "mss" ( /* Maximum Segment Size */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "checksum-validate" ( /* Validate checksum field against calculated checksum */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ) ) ), "udp" ( /* UDP protocol parameters */ c( "source-port" ( /* Source port */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "destination-port" ( /* Destination port */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "data-length" ( /* Size of IP datagram subtracted by UDP header length */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "checksum-validate" ( /* Validate checksum field against calculated checksum */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ) ) ), "icmp" ( /* ICMP protocol parameters */ c( "type" ( /* Type */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "code" ( /* Code */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "identification" ( /* Identifier in echo request/reply */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "sequence-number" ( /* Sequence Number */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "data-length" ( /* Size of IP datagram subtracted by ICMP header length */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "checksum-validate" ( /* Validate checksum field against calculated checksum */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ) ) ), "icmpv6" ( /* ICMPv6 protocol parameters */ c( "type" ( /* Type */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "code" ( /* Code */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "identification" ( /* Identifier in echo request/reply */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "sequence-number" ( /* Sequence number */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "data-length" ( /* Size of IPv6 datagram subtracted by ICMPv6 header length */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ), "checksum-validate" ( /* Validate checksum field against calculated checksum */ c( "match" ( /* Match condition */ ("equal" | "greater-than" | "less-than" | "not-equal") ), "value" arg /* Match value */ ) ) ) ) ) ) ) ), "anomaly" ( /* Protocol anomaly */ c( "test" arg /* Protocol anomaly condition to be checked */, "direction" ( /* Direction */ ("client-to-server" | "server-to-client" | "any") ), "shellcode" ( /* Specify shellcode flag for this attack */ ("intel" | "sparc" | "all" | "no-shellcode") ) ) ) ) ) ) ) end rule(:dcd_rx_bucket_config) do c( "overflow" ( /* Overflow behavior */ ("tag" | "discard") ), "rate" arg /* Bucket rate */, "threshold" arg /* Bucket threshold */ ) end rule(:dcd_shaping_config) do c( c( "cbr" ( /* Constant bandwidth utilization */ sc( arg /* Constant bandwidth utilization */, "cdvt" arg /* Cell Delay Variation Tolerance */ ) ).as(:oneline), "vbr" ( /* Variable bandwidth utilization */ sc( "peak" arg /* Peak rate */, "sustained" arg /* Sustained rate */, "burst" arg /* Burst size */, "cdvt" arg /* Cell Delay Variation Tolerance */ ) ).as(:oneline), "rtvbr" ( /* ATM2 real-time variable bandwidth utilization */ sc( "peak" arg /* Peak rate */, "sustained" arg /* Sustained rate */, "burst" arg /* Burst size */, "cdvt" arg /* Cell Delay Variation Tolerance */ ) ).as(:oneline) ), "queue-length" arg /* Queue length */ ) end rule(:dcd_tx_bucket_config) do c( "overflow" ( /* Overflow behavior */ ("discard") ), "rate" arg /* Bucket rate */, "threshold" arg /* Bucket threshold */ ) end rule(:demux_options_type) do c( "underlying-interface" ( /* Underlying interface name */ ("$junos-underlying-interface" | "$junos-interface-ifd-name" | arg) ) ) end rule(:dfc_group_type) do arg.as(:arg) ( c( "interfaces" ( /* DFC PIC(s) in this group */ interface_device /* DFC PIC(s) in this group */ ), "input-packet-rate-threshold" arg /* Input pps (max 300k on MO-III, 1M on MS-400) */, "max-duplicates" arg /* Maximum content destinations for the capture group */, "duplicates-dropped-periodicity" arg /* Periodicity of DuplicatesDropped notification in secs */, "pic-memory-threshold" ( /* PIC memory threshold */ sc( "percentage" arg /* Threshold in percentage */ ) ).as(:oneline), "control-source" ( /* Configure control source parameters */ dfc_control_source_type /* Configure control source parameters */ ), "content-destination" ( /* Configure content destination parameters */ content_destination_type /* Configure content destination parameters */ ) ) ) end rule(:content_destination_type) do arg.as(:arg) ( c( "address" ( /* Content destination IP address */ ipv4addr /* Content destination IP address */ ), "ttl" arg /* Time to live */, "soft-limit-clear" arg /* Soft limit clear threshold */, "soft-limit" arg /* Soft limit threshold */, "hard-limit-target" arg /* Hard limit target threshold */, "hard-limit" arg /* Hard limit threshold */ ) ) end rule(:dfc_control_source_type) do arg.as(:arg) ( c( "source-addresses" ( /* Allowed control source IP address list */ ipv4addr /* Allowed control source IP address list */ ), "service-port" arg /* Service port */, "notification-targets" ( /* Notification target list */ dfc_notification_target_type /* Notification target list */ ).as(:oneline), "no-syslog" /* Disable syslog */, "shared-key" arg /* Shared key with control source */, "allowed-destinations" arg /* Allowed destinations */, "minimum-priority" arg /* Minimum priority of the control source */ ) ) end rule(:dfc_notification_target_type) do arg.as(:arg) ( c( "port" arg /* Notification target port */ ) ).as(:oneline) end rule(:dhcp_client_type) do c( "client-identifier" ( /* DHCP server identifies a client by client-identifier value */ c( c( "ascii" arg /* Client identifier as an ASCII string */, "hexadecimal" arg /* Client identifier as a hexadecimal string */ ), "user-id" ( /* Add user id to client-id option */ sc( c( "ascii" arg /* Client identifier as an ASCII string */, "hexadecimal" arg /* Client identifier as a hexadecimal string */ ) ) ).as(:oneline), "prefix" ( /* Add prefix to client-id option */ c( "host-name" /* Add router host name to client-id option */, "logical-system-name" /* Add logical system name to client-id option */, "routing-instance-name" /* Add routing instance name to client-id option */ ) ), "use-interface-description" ( /* Use the interface description */ ("logical" | "device") ), "hardware-type" arg /* Hardware type */ ) ), "no-dns-install" /* Do not install DNS information learned from DHCP server */, "lease-time" ( /* Lease time in seconds requested in DHCP client protocol packet */ ("infinite" | arg) ), "retransmission-attempt" arg /* Number of attempts to retransmit the DHCP client protocol packet */, "retransmission-interval" arg /* Number of seconds between successive retransmission */, "metric" arg /* Client initiated default-route metric */, "server-address" ( /* DHCP Server-address */ ipv4addr /* DHCP Server-address */ ), "update-server" /* Propagate TCP/IP settings to DHCP server */, "vendor-id" arg /* Vendor class id for the DHCP Client */, "force-discover" /* Send DHCPDISCOVER after DHCPREQUEST retransmission failure */, "options" ( /* DHCP options */ c( "number" arg ( /* DHCP option code */ sc( c( "hex-string" arg /* Hexadecimal string */ ) ) ).as(:oneline), "no-hostname" /* Do not carry hostname (RFC option code is 12) in packet */ ) ), "requested-options" arg /* DHCP options */.as(:oneline) ) end rule(:dnsf_multitenant_hash_object) do c( "file-hash-key" ( /* Define web-filter global file key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline), "hash-method" ( /* Define authentication algorithm */ ("hmac-sha2-256") ) ) end rule(:drop_policy_term) do arg.as(:arg) ( c( "from" ( /* Define match criteria */ c( "source-address" ( /* Source IP Address */ li_policy_addr_simple_object /* Source IP Address */ ), "destination-address" ( /* Destination IP Address */ li_policy_addr_simple_object /* Destination IP Address */ ), c( "source-port" ( /* Match source port */ match_li_simple_port_value /* Match source port */ ) ), c( "destination-port" ( /* Match destination port */ match_li_simple_port_value /* Match destination port */ ) ), c( "protocol" ( /* Match IP protocol type */ match_li_simple_protocol_value /* Match IP protocol type */ ) ), c( "dscp" ( /* Match Differentiated Services (DiffServ) code point */ match_li_simple_dscp_value /* Match Differentiated Services (DiffServ) code point */ ) ) ) ) ) ) end rule(:drop_policy6_term) do arg.as(:arg) ( c( "from" ( /* Define match criteria */ c( "source-address" ( /* Source IPv6 Address or Prefix */ li_policy_addr6_simple_object /* Source IPv6 Address or Prefix */ ), "destination-address" ( /* Destination IPv6 Address or Prefix */ li_policy_addr6_simple_object /* Destination IPv6 Address or Prefix */ ), c( "source-port" ( /* Match source port */ match_li_simple_port_value /* Match source port */ ) ), c( "destination-port" ( /* Match destination port */ match_li_simple_port_value /* Match destination port */ ) ), c( "protocol" ( /* Match IP protocol type */ match_li_simple_protocol_value /* Match IP protocol type */ ) ), c( "dscp" ( /* Match Differentiated Services (DiffServ) code point */ match_li_simple_dscp_value /* Match Differentiated Services (DiffServ) code point */ ) ) ) ) ) ) end rule(:dslite_object) do arg.as(:arg) ( c( "softwire-address" ( /* Softwire concentrator address */ ipv6addr /* Softwire concentrator address */ ), "mtu-v6" arg /* MTU for the softwire tunnel */, "copy-dscp" /* Copy DSCP (type of service) from IPv6 to IPv4 header */, "auto-update-mtu" /* Auto update MTU from received ICMPv6 messages */, "flow-limit" arg /* Max Number of IPv4 flows per Softwire */, "session-limit-per-prefix" arg /* Max number of sessions allowed per Softwire prefix */ ) ) end rule(:dynamic_attack_group_type) do arg.as(:arg) ( c( "attack-group-description" arg /* Filter name/value in xml format */, "filters" ( /* Configure filters */ c( "direction" ( /* Direction of attack */ c( "expression" ( /* Boolean AND/OR to be used for values */ ("and" | "or") ), "values" ( /* Values for direction field */ ("client-to-server" | "server-to-client" | "any" | "exclude-client-to-server" | "exclude-server-to-client" | "exclude-any") ) ) ), "severity" ( /* Severity of attack */ c( "values" ( /* Values for severity field */ ("info" | "warning" | "minor" | "major" | "critical") ) ) ), "type" ( /* Type of attack */ c( "values" ( /* Values for type field */ ("signature" | "anomaly") ) ) ), "recommended" /* Recommended flag */, "no-recommended" /* Don't recommended flag */, "performance" ( /* Performance of attack */ c( "values" ( /* Values for performance field */ ("unknown" | "fast" | "normal" | "slow") ) ) ), "category" ( /* Category of attack */ c( "values" arg /* Values for category field */ ) ), "service" ( /* Service/Application of attack */ c( "values" arg /* Values for service field */ ) ), "false-positives" ( /* False positive field in attack */ c( "values" ( /* Values for false-positives field */ ("unknown" | "rarely" | "occasionally" | "frequently") ) ) ), "vendor" ( /* Vendor/Product the attack belongs to */ vendor_object /* Vendor/Product the attack belongs to */ ), "file-type" ( /* File type the attack is valid for */ c( "values" arg /* Values for file-type field */ ) ), "vulnerability-type" ( /* Vulnariability type of attack */ c( "values" arg /* Values for vulnariability-type field */ ) ), "excluded" /* Excluded Attacks */, "no-excluded" /* Don't excluded Attacks */, "attack-prefix" ( /* Prefix match for attack names */ c( "values" arg /* Values for attack name prefix match */ ) ), "cvss-score" ("greater-than" | "less-than") ( /* CVSS score of Attack */ c( "value" arg /* Match value */ ) ), "age-of-attack" ("greater-than" | "less-than") ( /* Age of an Attack */ c( "value" arg /* Match value */ ) ) ) ) ) ) end rule(:dynamic_ifbw_parms_type) do c( "capacity" arg /* Weight of current (vs. maximum) data rate */, "margin" arg /* Maximum reduction in bandwidth due to low link quality */, "delay" arg /* Bandwidth reduction when delay is announced as 1 second */, "bandwidth" arg /* Weight of current (vs. maximum) data rate */, "resource" arg /* Resource weight */, "latency" arg /* Latency weight */, "quality" arg /* Relative Link Quality weight */, "data-rate" arg /* Data rate weight */, "threshold" arg /* Percentage bandwidth change required for routing updates */, "credit" ( /* Credit-based scheduling parameters */ c( "interval" arg /* Grant rate interval in 100mS steps */ ) ) ) end rule(:dynamic_ipv4_type) do c( "address-ranges" ( /* Packet triggered subscribers configuration */ c( "dynamic-profile" arg ( /* Attach dynamic-profile to packet triggered subscriber ranges */ c( "network" arg ( /* IPv4 Network address */ c( "range" arg ( /* Configure demux interface based on source IP address range */ c( "low" ( /* Lower limit of address range */ ipv4prefix /* Lower limit of address range */ ), "high" ( /* Upper limit of address range */ ipv4prefix /* Upper limit of address range */ ) ) ) ) ) ) ), "authentication" ( /* Auto-configure packet triggered subscriber authentication */ dynamic_ip_authentication_type /* Auto-configure packet triggered subscriber authentication */ ) ) ) ) end rule(:dynamic_ip_authentication_type) do c( "password" arg /* Username password */, "username-include" ( /* Username options */ c( "delimiter" arg /* Delimiter/separator character */, "domain-name" arg /* Domain name */, "user-prefix" arg /* User defined prefix */, "auth-server-realm" arg /* Authentication server realm name */, "interface-name" /* Interface name */, "source-address" /* Source address */ ) ) ) end rule(:dynamic_ipv6_type) do c( "prefix-ranges" ( /* Packet triggered subscribers configuration */ c( "dynamic-profile" arg ( /* Attach dynamic-profile to packet triggered subscriber ranges */ c( "prefix" arg ( /* IPv6 Network prefix */ c( "range" arg ( /* Configure demux interface based on source IP address range */ c( "low" ( /* Lower limit of prefix range */ ipv6prefix /* Lower limit of prefix range */ ), "high" ( /* Upper limit of prefix range */ ipv6prefix /* Upper limit of prefix range */ ) ) ) ) ) ) ), "authentication" ( /* Auto-configure packet triggered subscriber authentication */ dynamic_ip_authentication_type /* Auto-configure packet triggered subscriber authentication */ ) ) ) ) end rule(:epd_threshold_config) do c( arg /* Early packet discard threshold value */, "plp1" arg /* Early packet drop threshold value for PLP 1 */ ).as(:oneline) end rule(:es_filter) do arg.as(:arg) ( c( "interface-specific" /* Defined counters are interface specific */, "physical-interface-filter" /* Filter is physical interface filter */, "instance-specific" /* Filter is instance specific */, "term" arg ( /* Define a firewall term */ c( "from" ( /* Define match criteria */ c( "interface" ( /* Match interface name */ match_interface_object /* Match interface name */ ), "source-mac-address" ( /* Match MAC source address */ firewall_mac_addr_object /* Match MAC source address */ ), "destination-mac-address" ( /* Match MAC destination address */ firewall_mac_addr_object /* Match MAC destination address */ ), c( "ether-type" ( ("ipv4" | "ipv6" | "arp" | "appletalk" | "sna" | "aarp" | "ppp" | "mpls-unicast" | "mpls-multicast" | "pppoe-discovery" | "pppoe-session" | "oam" | "fcoe" | "fip" | "vlan" | arg) ), "ether-type-except" ( ("ipv4" | "ipv6" | "arp" | "appletalk" | "sna" | "aarp" | "ppp" | "mpls-unicast" | "mpls-multicast" | "pppoe-discovery" | "pppoe-session" | "oam" | "fcoe" | "fip" | "vlan" | arg) ) ), c( "l2-encap-type" ( ("llc-non-snap" | arg) ), "l2-encap-type-except" ( ("llc-non-snap" | arg) ) ), c( "vlan" arg, "vlan-except" arg ), c( "dot1q-tag" arg, "dot1q-tag-except" arg ), c( "dot1q-user-priority" ( ("best-effort" | "background" | "standard" | "excellent-load" | "controlled-load" | "video" | "voice" | "network-control" | arg) ), "dot1q-user-priority-except" ( ("best-effort" | "background" | "standard" | "excellent-load" | "controlled-load" | "video" | "voice" | "network-control" | arg) ) ), "address" ( /* Match IP source or destination address */ firewall_addr_object /* Match IP source or destination address */ ), "source-address" ( /* Match IP source address */ firewall_addr_object /* Match IP source address */ ), "destination-address" ( /* Match IP destination address */ firewall_addr_object /* Match IP destination address */ ), c( "dscp" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "dscp-except" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ) ), c( "precedence" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ), "precedence-except" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ) ), c( "ip-options" ( ("any") ), "ip-options-except" ( ("any") ) ), "fragment-flags" arg /* Match fragment flags (in symbolic or hex formats) - (Ingress only) */, "is-fragment" /* Match if packet is a fragment */, c( "protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), "tcp-flags" arg /* Match TCP flags (in symbolic or hex formats) */, "tcp-initial" /* Match initial packet of a TCP connection */, "tcp-established" /* Match packet of an established TCP connection */, c( "icmp-type" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ), "icmp-type-except" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ) ), c( "icmp-code" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ), "icmp-code-except" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ) ), "source-prefix-list" ( /* Match IP source prefixes in named list */ firewall_prefix_list /* Match IP source prefixes in named list */ ), "destination-prefix-list" ( /* Match IP destination prefixes in named list */ firewall_prefix_list /* Match IP destination prefixes in named list */ ), "ip-source-address" ( /* Match IP source address */ firewall_addr_object /* Match IP source address */ ), "ip-destination-address" ( /* Match IP destination address */ firewall_addr_object /* Match IP destination address */ ), c( "ip-protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "ip-protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "ip-precedence" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ), "ip-precedence-except" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ) ), "ipv6-destination-address" ( /* Match IPv6 destination address */ firewall_addr6_object /* Match IPv6 destination address */ ), "ipv6-source-address" ( /* Match IPv6 source address */ firewall_addr6_object /* Match IPv6 source address */ ), "ipv6-address" ( /* Match IPv6 address */ firewall_addr6_object /* Match IPv6 address */ ), c( "ipv6-next-header" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "ipv6-next-header-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "ipv6-payload-protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "ipv6-payload-protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "ipv6-traffic-class" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "ipv6-traffic-class-except" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ) ), "ipv6-source-prefix-list" ( /* Match IPV6 source prefixes in named list */ firewall_prefix_list /* Match IPV6 source prefixes in named list */ ), "ipv6-destination-prefix-list" ( /* Match IPV6 destination prefixes in named list */ firewall_prefix_list /* Match IPV6 destination prefixes in named list */ ), "ipv6-prefix-list" ( /* Match IP source or destination prefixes in named list */ firewall_prefix_list /* Match IP source or destination prefixes in named list */ ), c( "interface-group" arg, "interface-group-except" arg ), c( "vlan-ether-type" ( ("ipv4" | "ipv6" | "arp" | "appletalk" | "sna" | "aarp" | "ppp" | "mpls-unicast" | "mpls-multicast" | "pppoe-discovery" | "pppoe-session" | "oam" | "fcoe" | "fip" | "vlan" | arg) ), "vlan-ether-type-except" ( ("ipv4" | "ipv6" | "arp" | "appletalk" | "sna" | "aarp" | "ppp" | "mpls-unicast" | "mpls-multicast" | "pppoe-discovery" | "pppoe-session" | "oam" | "fcoe" | "fip" | "vlan" | arg) ) ), c( "loss-priority" ( ("low" | "high" | "medium-low" | "medium-high") ), "loss-priority-except" ( ("low" | "high" | "medium-low" | "medium-high") ) ), c( "learn-vlan-id" arg, "learn-vlan-id-except" arg ), c( "learn-vlan-1p-priority" arg, "learn-vlan-1p-priority-except" arg ), c( "learn-vlan-dei" arg, "learn-vlan-dei-except" arg ), c( "user-vlan-id" arg, "user-vlan-id-except" arg ), c( "user-vlan-1p-priority" arg, "user-vlan-1p-priority-except" arg ), c( "traffic-type" ( ("broadcast" | "multicast" | "unknown-unicast" | "known-unicast") ), "traffic-type-except" ( ("broadcast" | "multicast" | "unknown-unicast" | "known-unicast") ) ), "ip-address" ( /* Match IP source or destination address */ firewall_addr_object /* Match IP source or destination address */ ), "interface-set" ( /* Match interface in set */ match_interface_set_object /* Match interface in set */ ), "prefix-list" ( /* Match IP source or destination prefixes in named list */ firewall_prefix_list /* Match IP source or destination prefixes in named list */ ), c( "isid" arg, "isid-except" arg ), c( "isid-priority-code-point" arg, "isid-priority-code-point-except" arg ), c( "isid-dei" arg, "isid-dei-except" arg ), c( "forwarding-class" arg, "forwarding-class-except" arg ), "to-fabric" ( /* Match packets going to fabric */ to_fabric_object /* Match packets going to fabric */ ), "from-fabric" /* Match packets coming from fabric */, c( "arp-type" ( ("arp-request" | "arp-reply" | arg) ) ), c( "flexible-match-mask" ( /* Match flexible mask */ match_l2_flexible_mask /* Match flexible mask */ ) ), c( "flexible-match-range" ( /* Match flexible range */ match_l2_flexible_range /* Match flexible range */ ) ), "ip-version" ( /* Define IP version */ c( "ipv4" ( /* Define L3/L4 match items to match IPv4 packets */ c( "address" ( /* Match IP source or destination address */ firewall_addr_object /* Match IP source or destination address */ ), "source-address" ( /* Match IP source address */ firewall_addr_object /* Match IP source address */ ), "destination-address" ( /* Match IP destination address */ firewall_addr_object /* Match IP destination address */ ), c( "dscp" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "dscp-except" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ) ), c( "precedence" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ), "precedence-except" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ) ), c( "ip-options" ( ("any") ), "ip-options-except" ( ("any") ) ), "fragment-flags" arg /* Match fragment flags (in symbolic or hex formats) - (Ingress only) */, "is-fragment" /* Match if packet is a fragment */, c( "protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), "tcp-flags" arg /* Match TCP flags (in symbolic or hex formats) - (Ingress only) */, "tcp-initial" /* Match initial packet of a TCP connection - (Ingress only) */, "tcp-established" /* Match packet of an established TCP connection */, c( "icmp-type" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ), "icmp-type-except" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ) ), c( "icmp-code" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ), "icmp-code-except" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ) ), "source-prefix-list" ( /* Match IP source prefixes in named list */ firewall_prefix_list /* Match IP source prefixes in named list */ ), "destination-prefix-list" ( /* Match IP destination prefixes in named list */ firewall_prefix_list /* Match IP destination prefixes in named list */ ), "ip-source-address" ( /* Match IP source address */ firewall_addr_object /* Match IP source address */ ), "ip-destination-address" ( /* Match IP destination address */ firewall_addr_object /* Match IP destination address */ ), c( "ip-protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "ip-protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "ip-precedence" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ), "ip-precedence-except" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ) ) ) ), "ipv6" ( /* Define L3/L4 match items to match IPv6 packets */ c( "source-address" ( /* Match source address */ firewall_addr6_object /* Match source address */ ), "destination-address" ( /* Match destination address */ firewall_addr6_object /* Match destination address */ ), c( "traffic-class" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "traffic-class-except" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ) ), c( "next-header" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "next-header-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "payload-protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "payload-protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "extension-header" ( ("any" | "hop-by-hop" | "routing" | "mobility" | "esp" | "fragment" | "dstopts" | "ah" | arg) ), "extension-header-except" ( ("any" | "hop-by-hop" | "routing" | "mobility" | "esp" | "fragment" | "dstopts" | "ah" | arg) ) ), "tcp-flags" arg /* Match TCP flags (in symbolic or hex formats) */, "tcp-initial" /* Match initial packet of a TCP connection */, "tcp-established" /* Match packet of an established TCP connection */, c( "icmp-type" ( ("destination-unreachable" | "packet-too-big" | "time-exceeded" | "parameter-problem" | "echo-request" | "echo-reply" | "membership-query" | "membership-report" | "membership-termination" | "router-solicit" | "router-advertisement" | "redirect" | "neighbor-solicit" | "neighbor-advertisement" | "router-renumbering" | "node-information-request" | "node-information-reply" | "inverse-neighbor-discovery-solicitation" | "inverse-neighbor-discovery-advertisement" | "home-agent-address-discovery-request" | "home-agent-address-discovery-reply" | "mobile-prefix-solicitation" | "mobile-prefix-advertisement-reply" | "certificate-path-solicitation" | "certificate-path-advertisement" | "private-experimentation-100" | "private-experimentation-101" | "private-experimentation-200" | "private-experimentation-201" | arg) ), "icmp-type-except" ( ("destination-unreachable" | "packet-too-big" | "time-exceeded" | "parameter-problem" | "echo-request" | "echo-reply" | "membership-query" | "membership-report" | "membership-termination" | "router-solicit" | "router-advertisement" | "redirect" | "neighbor-solicit" | "neighbor-advertisement" | "router-renumbering" | "node-information-request" | "node-information-reply" | "inverse-neighbor-discovery-solicitation" | "inverse-neighbor-discovery-advertisement" | "home-agent-address-discovery-request" | "home-agent-address-discovery-reply" | "mobile-prefix-solicitation" | "mobile-prefix-advertisement-reply" | "certificate-path-solicitation" | "certificate-path-advertisement" | "private-experimentation-100" | "private-experimentation-101" | "private-experimentation-200" | "private-experimentation-201" | arg) ) ), c( "icmp-code" ( ("no-route-to-destination" | "administratively-prohibited" | "address-unreachable" | "port-unreachable" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip6-header-bad" | "unrecognized-next-header" | "unrecognized-option" | arg) ), "icmp-code-except" ( ("no-route-to-destination" | "administratively-prohibited" | "address-unreachable" | "port-unreachable" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip6-header-bad" | "unrecognized-next-header" | "unrecognized-option" | arg) ) ), "source-prefix-list" ( /* Match IP source prefixes in named list */ firewall_prefix_list /* Match IP source prefixes in named list */ ), "destination-prefix-list" ( /* Match IP destination prefixes in named list */ firewall_prefix_list /* Match IP destination prefixes in named list */ ), "ip6-source-address" ( /* Match source address */ firewall_addr6_object /* Match source address */ ), "ip6-destination-address" ( /* Match destination address */ firewall_addr6_object /* Match destination address */ ) ) ) ) ), "vxlan" ( /* Define vxlan match items */ c( c( "vni" arg, "vni-except" arg ), c( "rsvd1" arg, "rsvd1-except" arg ), c( "rsvd2" arg, "rsvd2-except" arg ), "flags" ( /* Match VXlan flag field */ match_flags_value /* Match VXlan flag field */ ) ) ), c( "gbp-src-tag" arg ), c( "gbp-dst-tag" arg ), c( "packet-length" arg, "packet-length-except" arg ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "accept" /* Accept the packet */, "discard" /* Discard the packet */, "next" ( /* Continue to next term in a filter */ ("term") ) ), "log" /* Log the packet */, "pkt-trace" /* Trace the packet */, "flood" /* Flood the packet */, "syslog" /* System log (syslog) information about the packet */, "packet-capture" /* Enable packet capture for telemetry */, "forwarding-class" arg /* Classify packet to forwarding class */, "analyzer" arg /* Name of analyzer - (Ingress only) */, "port-mirror-instance" arg /* Port-mirror the packet to specified instance */, "port-mirror" /* Port-mirror the packet */, "next-hop-group" arg /* Use specified next-hop group */, "loss-priority" ( /* Packet's loss priority */ ("low" | "high" | "medium-low" | "medium-high") ), "count" arg /* Count the packet in the named counter */, c( "policer" arg /* Name of policer to use to rate-limit traffic */, "three-color-policer" ( /* Police the packet using a three-color-policer */ c( c( "single-rate" arg /* Name of single-rate three-color policer to use to rate-limit traffic */, "single-packet-rate" arg /* Name of single-packet-rate three-color policer to use to rate-limit traffic */, "two-rate" arg /* Name of two-rate three-color policer to use to rate-limit traffic */, "two-packet-rate" arg /* Name of two-packet-rate three-color policer to use to rate-limit traffic */ ) ) ), "hierarchical-policer" arg /* Name of hierarchical policer to use to rate-limit traffic */ ), "vlan" arg /* Name of VLAN - (Ingress only) */, "interface" ( /* Switch traffic to the specified interface by-passing switching lookup - (Ingress only) */ interface_unit /* Switch traffic to the specified interface by-passing switching lookup - (Ingress only) */ ), "vxlan" ( /* Vxlan related data */ c( "flags" arg /* Set vxlan flags value (8..255 or 0x08..0xFF) */, "rsvd1" arg /* Set vxlan reserved-1 value */, "rsvd2" arg /* Set vxlan reserved-2 value */ ) ), "gbp-src-tag" arg /* Set GBP source tag */ ) ), "template" ( /* Refer a template */ c( arg /* Template name */ ) ) ) ) ) ) end rule(:es_template) do arg.as(:arg) ( c( "attributes" ( /* Template attributes */ c( "ip-version" ( /* Define IP version */ c( "ipv4" ( /* Define L3/L4 match items to match IPv4 packets */ c( "destination-port" /* Match TCP/UDP destination port */, "destination-prefix-list" /* Match IP destination prefixes in named list */, "dscp" /* Match Differentiated Services (DiffServ) code point */, "fragment-flags" /* Match fragment flags */, "icmp-code" /* Match ICMP message code */, "icmp-type" /* Match ICMP message type */, "ip-destination-address" /* Match IP destination address */, "ip-precedence" /* Match IP precedence value */, "ip-protocol" /* Match IP protocol type */, "ip-source-address" /* Match IP source address */, "is-fragment" /* Match if packet is a fragment */, "source-port" /* Match TCP/UDP source port */, "source-prefix-list" /* Match IP source prefixes in named list */, "tcp-established" /* Match packet of an established TCP connection */, "tcp-flags" /* Match TCP flags */, "tcp-initial" /* Match initial packet of a TCP connection */ ) ), "ipv6" ( /* Define L3/L4 match items to match IPv6 packets */ c( "destination-port" /* Match TCP/UDP destination port */, "destination-prefix-list" /* Match IP destination prefixes in named list */, "icmp-code" /* Match ICMP message code */, "icmp-type" /* Match ICMP message type */, "ip6-destination-address" /* Match destination address */, "ip6-source-address" /* Match source address */, "next-header" /* Match next header protocol type */, "source-port" /* Match TCP/UDP source port */, "source-prefix-list" /* Match IP source prefixes in named list */, "tcp-established" /* Match packet of an established TCP connection */, "tcp-flags" /* Match TCP flags */, "tcp-initial" /* Match initial packet of a TCP connection */, "traffic-class" /* Match Differentiated Services (DiffServ) code point */ ) ) ) ), "arp-type" /* Match ARP type */, "destination-mac-address" /* Match MAC destination address */, "destination-port" /* Match TCP/UDP destination port */, "destination-prefix-list" /* Match IP destination prefixes in named list */, "dscp" /* Match Differentiated Services (DiffServ) code point */, "ether-type" /* Match Ethernet Type */, "fragment-flags" /* Match fragment flags */, "icmp-code" /* Match ICMP message code */, "icmp-type" /* Match ICMP message type */, "interface" /* Match interface name */, "ip-destination-address" /* Match IP destination address */, "ip-precedence" /* Match IP precedence value */, "ip-protocol" /* Match IP protocol type */, "ip-source-address" /* Match IP source address */, "is-fragment" /* Match if packet is a fragment */, "l2-encap-type" /* Match Ethernet Encapsulation Type */, "learn-vlan-id" /* Match Learnt VLAN ID */, "source-mac-address" /* Match MAC source address */, "source-port" /* Match TCP/UDP source port */, "source-prefix-list" /* Match IP source prefixes in named list */, "tcp-established" /* Match packet of an established TCP connection */, "tcp-flags" /* Match TCP flags */, "tcp-initial" /* Match initial packet of a TCP connection */, "user-vlan-1p-priority" /* Match User 802.1p VLAN priority */, "user-vlan-id" /* Match User VLAN ID */ ) ) ) ) end rule(:ethernet_switching_type) do c( "port-mode" ( /* Type of port mode */ ("access" | "tagged-access" | "trunk") ), "interface-mode" ( /* Type of interface mode */ ("access" | "trunk") ), "inter-switch-link" /* PVLAN inter switch link */, "reflective-relay" /* Reflective-relay mode for this interface */, c( "vlan" ( /* Virtual LAN parameters */ c( "members" ( /* Membership for this interface (name or id) */ ("all" | arg) ) ) ), "inner-vlan" ( /* Trunk mode vlan membership for this interface */ c( "members" ( /* Membership for this interface (name or id) */ ("all" | arg) ) ) ), "inner-vlan-id-list" arg /* Trunk mode VLAN membership for this interface based on inner VLAN tag */ ), "vlan-auto-sense" /* Enable VLAN auto sense on this interface */, "bridge-domain-type" ( /* Bridge domain type */ ("svlan" | "bvlan") ), "vlan-rewrite" ( /* Specify VLAN translation */ c( "translate" arg ( /* Translate incoming VLAN tag */ sc( arg ) ).as(:oneline) ) ), "native-vlan-id" arg /* Untagged packets on a trunk/tagged-access interface belong to this vlan */, c( "isid-list" ( /* Specify the ISID list */ ("all-service-groups" | "all") ) ), "core-facing" /* Interface is core facing */, "filter" ( /* Packet filtering */ c( "input" arg /* Name of filter applied to received packets */, "input-precedence" arg /* Precedence of the filter */, "input-list" arg /* List of filter modules applied to received packets */, "output" arg /* Name of filter applied to transmitted packets */, "output-precedence" arg /* Precedence of the filter */, "output-list" arg /* List of filter modules applied to transmitted packets */, "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "storm-control" ( /* Storm control profile name to bind */ c( arg /* Profile name */ ) ), "recovery-timeout" ( /* Recovery timeout for this interface */ sc( arg ) ).as(:oneline) ) end rule(:ethernet_policer) do c( c( "bandwidth-limit" arg /* Bandwidth limit */ ), "burst-size-limit" arg /* Burst size limit */ ) end rule(:ett_attributes) do c( "rate" ( /* Ethernet client signal rate */ ("100ge") ) ) end rule(:family) do c( "inet" ( /* IPv4 parameters */ c( c( "dhcp" /* Enable DHCP on ethernet interface */, "address" ( /* Interface address/destination prefix */ ipv4prefix /* Interface address/destination prefix */ ) ) ) ) ) end rule(:fibre_channel_type) do c( "port-mode" ( /* Port mode */ ("f-port" | "e-port" | "np-port" | "auto") ), "no-npiv" /* Disable NPIV */, "fc-fabric" ( /* Virtual fabric parameters */ c( "members" ( /* Virtual Fabric Membership for this interface (name or id) */ ("all" | arg) ) ) ), "native-fabric" arg /* FC frames with no virtual fabric header on a interface belong to this fabric */ ) end rule(:file_specification_type) do arg.as(:arg) ( c( "name-format" arg /* Format string for filename (allows {text} macros) */, "data-format" ( /* Data format for flow collection output */ ("flow-compressed") ), "transfer" ( sc( "timeout" arg /* Timeout in seconds when the file is transferred */, "record-level" arg /* Number of records at which the file is transferred */ ) ).as(:oneline) ) ) end rule(:firewall_addr6_object) do arg.as(:arg) ( c( "except" /* Match address not in this prefix */ ) ).as(:oneline) end rule(:firewall_addr_object) do arg.as(:arg) ( c( "except" /* Match address not in this prefix */ ) ).as(:oneline) end rule(:firewall_flexible_match) do arg.as(:arg) ( c( "match-start" ( /* Start point to match in packet */ ("layer-2" | "layer-3" | "layer-4" | "payload") ), "byte-offset" arg /* Byte offset after the match start point */, "bit-offset" arg /* Bit offset after the (match-start + byte) offset */, "bit-length" arg /* Length of integer input (1..32 bits), Optional length of string input (1..128 bits) */ ) ) end rule(:firewall_hierpolicer) do arg.as(:arg) ( c( c( "logical-interface-policer" /* Hierarchical policer is a logical interface policer */, "physical-interface-policer" /* Hierarchical policer is a physical interface policer */ ), "shared-bandwidth-policer" /* Share policer bandwidth among bundle links */, "filter-specific" /* Hierarchical policer is filter-specific */, "aggregate" ( /* Aggregate definition */ hierarchical_policer_aggregate_bucket /* Aggregate definition */ ), "premium" ( /* Premium definition */ hierarchical_policer_premium_bucket /* Premium definition */ ) ) ) end rule(:firewall_load_balance_group) do arg.as(:arg) ( c( "next-hop-group" arg /* Use specified next-hop group */ ) ) end rule(:firewall_mac_addr_object) do arg.as(:arg) ( c( "except" /* Match MAC address not in this range */ ) ).as(:oneline) end rule(:firewall_policer) do arg.as(:arg) ( c( "filter-specific" /* Policer is filter-specific */, "logical-interface-policer" /* Policer is logical interface policer */, "physical-interface-policer" /* Policer is physical interface policer */, "logical-bandwidth-policer" /* Policer uses logical interface bandwidth */, "shared-bandwidth-policer" /* Share policer bandwidth among bundle links */, c( "if-exceeding" ( /* Define rate limits */ c( c( "bandwidth-limit" arg /* Bandwidth limit */, "bandwidth-percent" arg /* Bandwidth limit in percentage */ ), "burst-size-limit" arg /* Burst size limit */, "aggregate-policing" ( /* Configure Aggregate Policer */ c( "policer" arg ( /* Two-color policer to be used as aggregate */ c( "aggregate-sharing-mode" ( /* Hierarchical Metering model */ ("guarantee" | "peak") ) ) ) ) ) ) ), "if-exceeding-pps" ( /* Define pps limits */ c( c( "pps-limit" arg /* PPS limit */ ), "packet-burst" arg /* PPS burst size limit */ ) ) ), "counter" ( /* Define policer counter configuration */ c( "counter-id" arg /* Counter Index */ ) ), "then" ( /* Action to take if the rate limits are exceeded */ c( "discard" /* Discard the packet */, "loss-priority" ( /* Packet's loss priority */ ("low" | "high" | "medium-low" | "medium-high") ), "forwarding-class" arg /* Classify packet to forwarding class */, "out-of-profile" /* Discard packets only if both congested and over threshold */ ) ), "aggregate" ( /* Aggregate policer used in Extended Hierarchical Policers */ c( c( "global" /* Single global instance of aggregate policer */ ) ) ) ) ) end rule(:firewall_prefix_list) do arg.as(:arg) ( c( "except" /* Match addresses not in this prefix list */ ) ).as(:oneline) end rule(:flow_group_type) do arg.as(:arg) ( c( "node-device" arg /* Node device(s) associated with this flow group */, "interconnect-device" arg /* Interconnect device(s) associated with this flow group */ ) ) end rule(:fwa_authentication_type) do c( "password" arg /* Username password to use */, "username-include" ( /* Add username options */ c( "delimiter" arg /* Change delimiter/separator character */, "domain-name" arg /* Add domain name */, "user-prefix" arg /* Add user defined prefix */, "imsi" /* Include IMSI */, "msisdn" /* Include MSISDN */, "mei" /* Include MEI */ ) ) ) end rule(:gateway_type) do arg.as(:arg) ( c( "service-interface" ( /* Associated services interface */ interface_device /* Associated services interface */ ), "sip" ( c( "timers" ( /* Timers configuration */ sip_timers_type /* Timers configuration */ ), "new-transaction-policy" ( /* Definition of a new-transaction policy */ transaction_policy_type /* Definition of a new-transaction policy */ ), "new-transaction-policy-set" ( /* Definition of a new-transaction policy set */ new_transaction_set_type /* Definition of a new-transaction policy set */ ), "new-registration-policy" ( /* Definition of a new-registration policy */ registration_policy_type /* Definition of a new-registration policy */ ), "new-registration-policy-set" ( /* Definition of a new-registration policy set */ new_registration_set_type /* Definition of a new-registration policy set */ ), "new-call-usage-policy" ( /* Definition of a new-call usage policy */ call_usage_policy_type /* Definition of a new-call usage policy */ ), "new-call-usage-policy-set" ( /* Definition of a new-call usage policy set */ new_call_usage_set_type /* Definition of a new-call usage policy set */ ), "routing-destinations" ( /* Definition of routing destinations */ routing_destinations /* Definition of routing destinations */ ), "message-manipulation-rules" ( /* Definition of manipulation rules */ header_manipulation_message_manipulation_rules_type /* Definition of manipulation rules */ ), "local-tag-prefix" arg /* Local tag prefix */, "signaling-realms" ( /* Signaling realm */ signaling_realm /* Signaling realm */ ), "local-uri-prefix" arg /* Local URI prefix */ ) ), "admission-control" ( /* Definition of an admission controller */ admission_control_type /* Definition of an admission controller */ ), "service-point" ( service_point_type ), "name-resolution-cache" ( name_resolution_cache_type ), "embedded-spdf" ( c( "service-class" arg ( /* Definition of service class policies */ c( "term" arg ( /* Service class settings by media type */ c( "from" ( /* The media-related filter that the rate limiting and DSCP marking are based on */ c( "media-type" ( /* Media types to filter on */ ("any-media" | "audio" | "video") ) ) ), "then" ( /* The action to take based on the 'from' filter */ c( "reject" /* Reject the request */, "committed-information-rate" ( /* Committed information rate value per stream */ enum(arg) ), "committed-burst-size" ( /* Committed burst size value per stream */ enum(arg) ), "dscp" arg /* Code point alias or 6-bit pattern */ ) ) ) ) ) ) ) ), "traceoptions" ( /* Trace options for border signaling gateway */ c( "flag" ( /* Per-component trace options */ c( "minimum" ( /* Minimum trace level for all the components */ ("trace" | "debug" | "info" | "warning" | "error") ), "session-trace" ( /* Trace level for the session tracing component */ ("trace" | "debug" | "info" | "warning" | "error") ), "sip-stack" ( /* Sip stack trace level options */ c( "event-tracing" /* Event tracing */, "ips-tracing" /* IPS tracing */, "per-tracing" /* Performance tracing */, "dev-logging" /* Development tracing */, "verbose-logging" /* Verbose tracing */, "pd-log-level" ( /* Set pd trace level */ ("problem" | "exception" | "audit") ), "pd-log-detail" ( /* Set detail level for DC logs */ ("full" | "summary") ) ) ), "signaling" ( /* Signaling component sub-components */ c( "minimum" ( /* Minimum trace level for the signaling subcomponents */ ("trace" | "debug" | "info" | "warning" | "error") ), "sip-stack-wrapper" ( /* Sip stack wrapper trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "b2b-wrapper" ( /* B2B wrapper trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "ua" ( /* UA trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "b2b" ( /* B2B trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "topology-hiding" ( /* Topology hiding trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "policy" ( /* Policy trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "name-resolution-cache" ( /* Name resolution cache trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "accounting-trigger" ( /* Accounting trigger trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "event-trigger" ( /* Event trigger trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "packet-capture" ( /* Packet capture trace level */ ("trace" | "debug" | "info" | "warning" | "error") ) ) ), "framework" ( /* Framework component sub-components */ c( "minimum" ( /* Minimum trace level for the framework subcomponents */ ("trace" | "debug" | "info" | "warning" | "error") ), "executor" ( /* Executor trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "action" ( /* Action trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "event" ( /* Event trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "freezer" ( /* Freezer trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "memory-pool" ( /* Memory pool trace level */ ("trace" | "debug" | "info" | "warning" | "error") ) ) ), "datastore" ( /* Datastore component sub-components */ c( "minimum" ( /* Minimum trace level for the datastore subcomponents */ ("trace" | "debug" | "info" | "warning" | "error") ), "data" ( /* Data trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "handle" ( /* Handle trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "db" ( /* DB trace level */ ("trace" | "debug" | "info" | "warning" | "error") ) ) ), "sbc-utils" ( /* SBC utils component sub-components */ c( "minimum" ( /* Minimum trace level for the sbc-utils subcomponents */ ("trace" | "debug" | "info" | "warning" | "error") ), "configuration" ( /* Configuration trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "ipc" ( /* IPC trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "device-monitor" ( /* Device-monitor trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "memory-management" ( /* Memory mgmt trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "message" ( /* Messaging trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "common" ( /* Common utils trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "user-interface" ( /* User-interface trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "memory-pool" ( /* Memory-pool trace level */ ("trace" | "debug" | "info" | "warning" | "error") ), "packet-capture" ( /* Trace packet capture events */ ("trace" | "debug" | "info" | "warning" | "error") ) ) ) ) ), "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline) ) ) ) ) end rule(:admission_control_type) do arg.as(:arg) ( c( "dialogs" ( /* Dialog admission control rules */ c( "maximum-concurrent" arg /* Maximum concurrent dialogs allowed */, "committed-attempts-rate" arg /* Committed rate of dialog admission attempts */, "committed-burst-size" arg /* Committed burst size of dialog admission attempts */ ) ), "transactions" ( /* Transaction admission control rules */ c( "maximum-concurrent" arg /* Maximum concurrent transactions allowed */, "committed-attempts-rate" arg /* Committed rate of transaction admission attempts */, "committed-burst-size" arg /* Committed burst size of transaction admission attempts */ ) ) ) ) end rule(:call_usage_policy_type) do arg.as(:arg) ( c( "term" arg ( /* Term definition */ c( "from" ( c( "source-address" ( /* Source addresses and masks */ ipaddr /* Source addresses and masks */ ), "method" ( /* Methods */ call_usage_method_type /* Methods */ ), "request-uri" ( /* Request URI field */ c( "regular-expression" ( /* Regular expression matched on incoming Request-URI */ regular_expression /* Regular expression matched on incoming Request-URI */ ) ) ), "contact" ( /* Contact field */ c( "regular-expression" ( /* Regular expression matched on incoming contact */ regular_expression /* Regular expression matched on incoming contact */ ) ) ) ) ), "then" ( /* Action */ new_call_then_type /* Action */ ) ) ) ) ) end rule(:call_usage_method_type) do enum(("method-invite")).as(:arg) end rule(:ggsn_pgw_apn_services) do c( "apns" ( /* Apn configuration */ c( ggsn_pgw_apn ) ) ) end rule(:ggsn_pgw_apn) do arg.as(:arg) ( c( "maximum-bearers" arg /* Maximum bearers for the APN */, "wait-accounting" /* Wait for accounting response for session creation */, "block-visitors" /* Do not allow visitors connect to the APN */, "allow-network-behind-mobile" /* Allow routing behind MS */, "local-policy-profile" arg /* Local profile for the apn */, "apn-type" ( /* Specify APN type */ ("real" | "virtual" | "virtual-pre-authenticate") ), "description" arg /* Text description of APN */, "apn-data-type" ( /* Specify APN data type */ ("ipv4" | "ipv6" | "ipv4v6") ), "mobile-interface" ( interface_unit ), "address-assignment" ( /* Specify address assignment options */ c( c( "aaa" /* AAA assigns addresses */, "local" ( /* Gateway assigns addresses locally */ c( "aaa-override" /* Override local address by address from AAA */ ) ), "dhcp-proxy-client" ( /* Gateway assigns address received when acting as DHCP proxy client */ c( "aaa-override" /* Override address received from DHCP proxy client mechanism by address from AAA */ ) ) ), "inet-pool" ( /* Specify address group name or pool name for IPv4 */ c( "group" arg, "pool" arg, "exclude-pools" arg /* Names of pool to exclude */ ) ), "inet6-pool" ( /* Specify address group name or pool name for IPv6 */ c( "group" arg, "pool" arg, "exclude-v6pools" arg /* Names of pool to exclude */ ) ), "dhcpv4-proxy-client-profile" ( /* DHCPv4 proxy client profile for this APN */ c( "logical-system" arg /* Logical system where this DHCP proxy client profile is defined. If this option is not specified, default logical-system will be used */, "routing-instance" arg /* Routing-instance where this DHCP proxy client profile is defined. If this option is not specified, default routing-instance will be used */, "profile-name" arg /* Name of DHCP proxy client profile */, "pool-name" arg /* Name of the pool to be sent to DHCP server. It is optional */ ) ), "dhcpv6-proxy-client-profile" ( /* DHCPv6 proxy client profile for this APN */ c( "logical-system" arg /* Logical system where this DHCP proxy client profile is defined. If this option is not specified, default logical-system will be used */, "routing-instance" arg /* Routing-instance where this DHCP proxy client profile is defined. If this option is not specified, default routing-instance will be used */, "profile-name" arg /* Name of DHCP proxy client profile */, "pool-name" arg /* Name of the pool to be sent to DHCP server. It is optional */ ) ), "allow-static-ip-address" ( /* Allow user equipment provided static address */ c( "no-aaa-verify" /* Do not verify the address provided by user equipment through AAA */ ) ) ) ), "session-timeout" arg /* Session timeout value */, "idle-timeout" arg /* Idle timeout value */, "idle-timeout-direction" ( /* Specific idle timeout direction */ ("uplink" | "both") ), "restriction-value" arg /* Restriction value */, "aaa-profile" arg /* Specify AAA profile for Authorization and Accounting */, "user-options" ( /* Specify user options */ c( c( "user-name" arg /* Default user name for user authentication */, "use-msisdn" /* Use msisdn for user authentication */, "use-imsi" /* Use imsi for user authentication */, "use-apnname" /* Use APN name for user authentication */ ), "password" ( /* Default user password for user authentication */ unreadable /* Default user password for user authentication */ ), "override-pco" /* Override the username and password received in PCO */ ) ), "charging" ( /* Default charging profiles */ c( "default-profile" arg /* Default charging profile for the APN */, "home-profile" arg /* Default home profile for the APN */, "roamer-profile" arg /* Default roamer profile for the APN */, "visitor-profile" arg /* Default visitor profile for the APN */, "profile-selection-order" ( /* Default charging profile selection order */ ("radius" | "static" | "serving") ) ) ), "dns-server" ( /* Specify DNS servers */ c( "primary-v4" ( /* Primary IPv4 DNS server address */ ipv4addr /* Primary IPv4 DNS server address */ ), "secondary-v4" ( /* Secondary IPv4 DNS server address */ ipv4addr /* Secondary IPv4 DNS server address */ ), "primary-v6" ( /* Primary IPv6 DNS server address */ ipv6addr /* Primary IPv6 DNS server address */ ), "secondary-v6" ( /* Secondary IPv6 DNS server address */ ipv6addr /* Secondary IPv6 DNS server address */ ) ) ), "nbns-server" ( /* Specify NBNS servers */ c( "primary-v4" ( /* Primary IPv4 NBNS server address */ ipv4addr /* Primary IPv4 NBNS server address */ ), "secondary-v4" ( /* Secondary IPv4 NBNS server address */ ipv4addr /* Secondary IPv4 NBNS server address */ ) ) ), "p-cscf" arg /* Specify IPv4 or IPv6 P-CSCF server */, "selection-mode" ( /* Specify APN access options */ c( "no-subscribed" /* Reject subscribed verified Users */, "from-ms" /* Admit MS provided APN, subscription not verified */, "from-sgsn" /* Admit Network provided APN, subscription not verified */ ) ), "service-selection-profile" arg /* Service selection profile for this APN */, "network-behind-mobile" ( /* Specify IMSI nbm-address */ c( "imsi" arg ( /* Prefixes for a given IMSI */ c( "prefix-v4" ( /* IPv4 Prefix Address */ ipv4prefix /* IPv4 Prefix Address */ ), "prefix-v6" ( /* IPv6 Prefix Address */ ipv6prefix /* IPv6 Prefix Address */ ) ) ) ) ), "service-mode" ( /* Service mode */ ("maintenance") ), "call-rate-statistics" ( /* Call-rate-statistics options */ c( "interval" arg /* Time interval in minutes */, "history" arg /* Number of intervals */ ) ), "pcef-profile" arg /* PCEF profile for the apn */, "verify-source-address" ( /* UE address verification - default is enabled */ c( "disable" /* Disable UE address verification */ ) ), "inter-mobile-traffic" ( /* Inter mobile traffic redirect options */ c( "redirect" ( /* Redirect options */ c( "redirect-ip" ( /* Redirect destination address */ ipv4addr /* Redirect destination address */ ), c( "routing-instance" arg /* Routing instance used for redirect */ ) ) ), "deny" /* Do not allow inter mobile traffic */ ) ) ) ) end rule(:gtpp_peer) do arg.as(:arg) ( c( "destination-ipv4-address" ( /* CGF Server IP address */ ipv4addr /* CGF Server IP address */ ), "source-interface" ( /* Source interface from which GTPP packets will be sent */ sc( interface_name /* Interface name */, "ipv4-address" ( /* Source IPv4 address to be used */ ipv4addr /* Source IPv4 address to be used */ ) ) ).as(:oneline), "destination-port" arg /* Destination port number of the CGF Server */, "transport-protocol" ( /* Default Transport protocol(udp/tcp) used */ ("udp" | "tcp") ), "version" ( /* GTPP version V0|V1|V2 */ ("v0" | "v1" | "v2") ), "echo-interval" arg /* GTPP echo-interval in seconds */, "n3-requests" arg /* Number of retries of GTPP messages upon timeout */, "t3-response" arg /* Response timeout value for GTPP request message */, "header-type" ( /* GTPP protocol header type short|long */ ("short" | "long") ), "pending-queue-size" arg /* Maximum number of DRT messages awaiting an ack */, "down-detect-time" arg /* Time (in sec) to wait before declaring a CGF as Down */, "reconnect-time" arg /* Time (in sec) after which connection to the CGF server should be retried */, "no-path-management" /* Disables path management */ ) ) end rule(:hcm_tag_rule_object) do arg.as(:arg) ( c( "term" arg ( /* One or more terms in HCM tag rule */ c( "from" ( /* Match criteria */ hcm_tag_match_object /* Match criteria */ ), "then" ( /* Action to take if the 'from' condition is matched */ c( "tag" arg ( /* One or more terms in HCM tag rule */ c( "tag-header" arg /* Tag header string */, "do-not-rename-existing-tag-header" /* Disable renaming of the tag header */, "tag-separator" arg /* Tag separator character */, "tag-attribute" ( /* One or more tag attributes */ ("ipv4addr" | "ipv6addr") ), "encrypt" ( /* Specify encryption or hashing algorithm */ c( "hash" ( /* Hashing algorithm */ ("md5") ), "prefix" arg /* Hash prefix key */ ) ), "ipv4-mask" ( /* Specify a logical and mask for the x-forwarded-for address */ ipv4addr /* Specify a logical and mask for the x-forwarded-for address */ ), "ipv4-or-value" ( /* Specify a logical or mask for x-forwarded address */ ipv4addr /* Specify a logical or mask for x-forwarded address */ ), "ipv6-mask" ( /* Specify a logical and mask for the x-forwarded-for address */ ipv6addr /* Specify a logical and mask for the x-forwarded-for address */ ), "ipv6-or-value" ( /* Specify a logical or mask for x-forwarded address */ ipv6addr /* Specify a logical or mask for x-forwarded address */ ) ) ), "count" /* Enable statistics for term */ ) ) ) ) ) ) end rule(:hcm_tag_match_object) do c( "destination-address" ( /* Match IP destination address */ sfw_addr_object /* Match IP destination address */ ), "destination-address-range" ( /* Match IP destination address range */ s( "low" arg /* Lower limit of address range */, "high" arg /* Upper limit of address range */, c( "except" /* Match address not in this prefix */ ) ) ).as(:oneline), "destination-prefix-list" arg ( /* One or more named lists of destination prefixes to match */ sc( "except" /* Name of prefix list not to match against */ ) ).as(:oneline), "destination-ports" arg /* Destination port list specification */, "destination-port-range" ( /* Match destination port range */ s( "low" arg /* Lower limit of port range */, "high" arg /* Upper limit of port range */ ) ).as(:oneline) ) end rule(:hcm_url_list_object) do arg.as(:arg) ( c( "host" arg /* One or more host(s) */, "request-uri" arg /* One or more uri's */ ) ) end rule(:hcm_url_rule_object) do arg.as(:arg) ( c( "term" arg ( /* One or more terms in HCM url_rule */ c( "from" ( /* Match criteria */ hcm_url_match_object /* Match criteria */ ), "then" ( /* Action to take if the 'from' condition is matched */ c( "count" /* Enable statistics for term */, "log-request" /* Enable logging for term */, c( "accept" /* Accept the URL */, "discard" /* Discard the URL */ ) ) ) ) ) ) ) end rule(:hcm_url_match_object) do c( "url-list" arg /* List of Url lists to referance */, "url" arg ( /* Rule specific url list */ c( "host" arg /* One or more host(s) */, "request-uri" arg /* One or more uri's */ ) ) ) end rule(:header_manipulation_message_manipulation_rules_type) do c( "manipulation-rule" ( /* Definition of manipulation rules */ header_manipulation_manipulation_rule_type /* Definition of manipulation rules */ ) ) end rule(:header_manipulation_manipulation_rule_type) do arg.as(:arg) ( c( "actions" ( /* Header manipulation actions */ header_manipulation_actions_type /* Header manipulation actions */ ) ) ) end rule(:header_manipulation_actions_type) do c( "sip-header" arg ( /* Manipulation of the SIP header */ c( "field-value" ( /* Manipulation on the header's field value */ header_manipulation_sip_header_field_value_type /* Manipulation on the header's field value */ ) ) ), "request-uri" ( /* Manipulation of the message request-uri */ c( "field-value" ( /* Manipulation on the request-uri field value */ c( "modify-regular-expression" ( /* Set modify regular expression and patterns */ header_manipulation_modify_type /* Set modify regular expression and patterns */ ) ) ) ) ) ) end rule(:header_manipulation_modify_type) do arg.as(:arg) ( c( "with" arg /* Modification string */ ) ).as(:oneline) end rule(:header_manipulation_sip_header_field_value_type) do c( "remove-all" /* Remove all headers */, "remove-regular-expression" ( /* Remove field-value */ header_manipulation_remove_type /* Remove field-value */ ), "reject-regular-expression" ( /* Reject message using regular expression */ header_manipulation_reject_type /* Reject message using regular expression */ ), "modify-regular-expression" ( /* Modify field-value using regular expression */ header_manipulation_modify_type /* Modify field-value using regular expression */ ), "add" ( /* Add field-value to header */ header_manipulation_add_type /* Add field-value to header */ ), "add-missing" ( /* Add field-value only if header is missing */ header_manipulation_add_missing_type /* Add field-value only if header is missing */ ), "add-overwrite" ( /* Overwrite headers field-value */ header_manipulation_add_overwrite_type /* Overwrite headers field-value */ ) ) end rule(:header_manipulation_add_missing_type) do arg.as(:arg).as(:oneline) end rule(:header_manipulation_add_overwrite_type) do arg.as(:arg).as(:oneline) end rule(:header_manipulation_add_type) do arg.as(:arg).as(:oneline) end rule(:header_manipulation_reject_type) do arg.as(:arg).as(:oneline) end rule(:header_manipulation_remove_type) do arg.as(:arg).as(:oneline) end rule(:hierarchical_policer_aggregate_bucket) do c( c( "if-exceeding" ( /* Define rate limits */ c( c( "bandwidth-limit" arg /* Bandwidth limit */ ), "burst-size-limit" arg /* Burst size limit */ ) ), "if-exceeding-pps" ( /* Define pps limits */ c( c( "pps-limit" arg /* PPS limit */ ), "packet-burst" arg /* PPS burst size limit */ ) ) ), "then" ( /* Action to take if the rate limits are exceeded */ c( c( "discard" /* Discard the packet */, "loss-priority" ( /* Packet's loss priority */ ("low" | "high" | "medium-low" | "medium-high") ), "forwarding-class" arg /* Classify packet to forwarding class */ ) ) ) ) end rule(:hierarchical_policer_premium_bucket) do c( c( "if-exceeding" ( /* Define rate limits */ c( c( "bandwidth-limit" arg /* Bandwidth limit */ ), "burst-size-limit" arg /* Burst size limit */ ) ), "if-exceeding-pps" ( /* Define pps limits */ c( c( "pps-limit" arg /* PPS limit */ ), "packet-burst" arg /* PPS burst size limit */ ) ) ), "then" ( /* Action to take if the rate limits are exceeded */ c( c( "discard" /* Discard the packet */ ) ) ) ) end rule(:idp_policy_type) do arg.as(:arg) ( c( "rulebase-ips" ( /* IPS rulebase */ c( "rule" arg ( /* Configure IPS rule */ c( "description" arg /* Rule description */, "match" ( /* Rule match criteria */ c( "from-zone" ( /* Match from zone */ ("any" | arg) ), c( "source-address" ( /* Match source address */ ("any" | "any-ipv4" | "any-ipv6" | arg) ), "source-except" ( /* Don't match source address */ (arg) ), "source-prefix" ( /* Match source address */ ipv4prefix /* Match source address */ ), "source-prefix-except" ( /* Don't match source address */ ipv4prefix /* Don't match source address */ ) ), "to-zone" ( /* Match to zone */ ("any" | arg) ), c( "destination-address" ( /* Match destination address */ ("any" | "any-ipv4" | "any-ipv6" | arg) ), "destination-except" ( /* Don't match destination address */ (arg) ), "destination-prefix" ( /* Match destination address */ ipv4prefix /* Match destination address */ ), "destination-prefix-except" ( /* Don't match destination address */ ipv4prefix /* Don't match destination address */ ) ), "application" ( /* Specify application or application-set name to match */ ("any" | "default" | arg) ), "attacks" ( /* Match attack objects */ c( "custom-attacks" arg /* Custom attacks */, "custom-attack-groups" arg /* Custom attack groups */, "dynamic-attack-groups" arg /* Dynamic attack groups */, "predefined-attacks" arg /* Predefined attacks */, "predefined-attack-groups" arg /* Predefined attack groups */ ) ) ) ), "then" ( c( "action" ( c( c( "no-action" /* No action */, "ignore-connection" /* Ignore */, "mark-diffserv" ( /* Mark differentiated services codepoint (DSCP) */ c( arg ) ), "class-of-service" ( /* Classification of traffic based on class-of-service */ c( "forwarding-class" arg /* Forwarding class for outgoing packets */, "dscp-code-point" arg /* Differentiated services code point value */ ) ), "drop-packet" /* Drop packet */, "drop-connection" /* Drop connection */, "close-client" /* Close client */, "close-server" /* Close server */, "close-client-and-server" /* Close client and server */, "recommended" /* Recommended */ ) ) ), "ip-action" ( c( c( "ip-notify" /* Notify about future traffic */, "ip-close" /* Close future connections */, "ip-block" /* Block future connections */ ), "target" ( ("service" | "source-zone-address" | "source-address" | "destination-address" | "zone-service" | "source-zone") ), "log" /* Log IP action taken */, "log-create" /* Log IP action creation */, "timeout" arg /* Number of seconds IP action should remain effective */, "refresh-timeout" /* Refresh timeout when future connections match installed ip-action filter */ ) ), "notification" ( /* Configure notification/logging options */ c( "log-attacks" ( /* Enable attack logging */ c( "alert" /* Set alert flag in attack log */ ) ), "packet-log" ( c( "pre-attack" arg /* No of packets to capture before attack */, "post-attack" arg /* No of packets to capture after attack */, "post-attack-timeout" arg /* Timeout (seconds) after attack before stopping packet capture */ ) ) ) ), "severity" ( /* Set rule severity level */ ("info" | "warning" | "minor" | "major" | "critical") ), "application-services" ( /* Enable application services for this rule */ c( "security-intelligence" ( /* Generate security intellegence feeds */ c( "add-attacker-ip-to-feed" arg /* Specify the desired feed-name */, "add-target-ip-to-feed" arg /* Specify the desired feed-name */ ) ) ) ) ) ), "terminal" /* Set/Unset terminal flag */ ) ) ) ), "rulebase-exempt" ( /* Exempt rulebase */ c( "rule" arg ( /* Configure exempt rule */ c( "description" arg /* Rule description */, "match" ( /* Rule match criteria */ c( "from-zone" ( /* Match from zone */ ("any" | arg) ), c( "source-address" ( /* Match source address */ ("any" | "any-ipv4" | "any-ipv6" | arg) ), "source-except" ( /* Don't match source address */ (arg) ), "source-prefix" ( /* Match source address */ ipv4prefix /* Match source address */ ), "source-prefix-except" ( /* Don't match source address */ ipv4prefix /* Don't match source address */ ) ), "to-zone" ( /* Match to zone */ ("any" | arg) ), c( "destination-address" ( /* Match destination address */ ("any" | "any-ipv4" | "any-ipv6" | arg) ), "destination-except" ( /* Don't match destination address */ (arg) ), "destination-prefix" ( /* Match destination address */ ipv4prefix /* Match destination address */ ), "destination-prefix-except" ( /* Don't match destination address */ ipv4prefix /* Don't match destination address */ ) ), "attacks" ( /* Match attack objects */ c( "custom-attacks" arg /* Custom attacks */, "custom-attack-groups" arg /* Custom attack groups */, "dynamic-attack-groups" arg /* Dynamic attack groups */, "predefined-attacks" arg /* Predefined attacks */, "predefined-attack-groups" arg /* Predefined attack groups */ ) ) ) ) ) ) ) ) ) ) end rule(:idpd_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("all")) /* Events and other information to include in trace output */.as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ) ) end rule(:ids_rule_object) do arg.as(:arg) ( c( "match-direction" ( /* Direction for which the rule match is applied */ ("input" | "output" | "input-output") ), "term" arg ( /* Define an IDS term */ c( "from" ( /* Define match criteria */ sfw_match_object /* Define match criteria */ ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "force-entry" /* Force entries in IDS tables for matching traffic */, "ignore-entry" /* Ignore IDS events for matching traffic */, "user-interface" ( /* User-interface trace level */ ("trace" | "debug" | "info" | "warning" | "error") ) ), "aggregation" ( /* Define aggregation parameters */ c( "source-prefix" arg /* Prefix length for IPv4 source addresses */, "destination-prefix" arg /* Prefix length for IPv4 destination addresses */, "source-prefix-ipv6" arg /* Prefix length for IPv6 source addresses */, "destination-prefix-ipv6" arg /* Prefix length for IPv6 destination addresses */ ) ), "logging" ( /* Define system logging parameters */ c( "threshold" arg /* Threshold above which events should be logged */, "syslog" /* System log information about the packet */ ) ), "syn-cookie" ( /* Define SYN cookie parameters */ c( "threshold" arg /* Threshold above which SYN cookies are enabled */, "mss" arg /* MSS value for TCP delayed binding */ ) ), "session-limit" ( /* Define IDS session limit parameters */ c( "by-source" ( /* Define IDS session limit parameters by source */ ids_limit_type /* Define IDS session limit parameters by source */ ), "by-destination" ( /* Define IDS session limit parameters by destination */ ids_limit_type /* Define IDS session limit parameters by destination */ ), "by-pair" ( /* Define IDS session limit parameters by source-destination pair */ ids_limit_type /* Define IDS session limit parameters by source-destination pair */ ) ) ), "allow-ip-options" ( ("any" | "strict-source-route" | "loose-source-route" | "route-record" | "timestamp" | "router-alert" | "security" | "stream-id" | arg) ), "allow-ipv6-extension-header" ( ("any" | "hop-by-hop" | "routing" | "mobility" | "esp" | "fragment" | "dstopts" | "ah" | arg) ), "tcp-syn-defense" /* Enable tcp-syn-defense */, "tcp-syn-fragment-check" /* Enable tcp syn fragment check */, "tcp-winnuke-check" /* Enable tcp winnuke check */, "icmp-fragment-check" /* Enable icmp fragment check */, "icmp-large-packet-check" /* Enable icmp large packet check */, "land-attack-check" ( /* Enable land attack checks */ ("ip-only" | "ip-port") ) ) ) ) ) ) ) end rule(:ids_limit_type) do c( "maximum" arg /* Maximum number of open sessions allowed simultaneously */, "rate" arg /* Maximum number of new sessions allowed per second */, "packets" arg /* Maximum number of packets allowed per second */, "hold-time" arg /* How long to keep limit information after session is deleted */, "by-protocol" ( /* Define IDS session limit parameters */ c( "tcp" ( /* Define TCP IDS session limits */ ids_proto_limit_type /* Define TCP IDS session limits */ ), "udp" ( /* Define UDP IDS session limits by source */ ids_proto_limit_type /* Define UDP IDS session limits by source */ ), "icmp" ( /* Define ICMP IDS session limits by source */ ids_proto_limit_type /* Define ICMP IDS session limits by source */ ) ) ) ) end rule(:ids_proto_limit_type) do c( "maximum" arg /* Maximum number of open sessions allowed simultaneously */, "rate" arg /* Maximum number of new sessions allowed per second */, "packets" arg /* Maximum number of packets allowed per second */ ) end rule(:inet6_dialer_filter) do arg.as(:arg) ( c( "accounting-profile" arg /* Accounting profile name */, "term" arg ( /* Define a firewall term */ c( "from" ( /* Define match criteria */ c( "source-address" ( /* Match source address */ firewall_addr6_object /* Match source address */ ), "destination-address" ( /* Match destination address */ firewall_addr6_object /* Match destination address */ ), "address" ( /* Match source or destination address */ firewall_addr6_object /* Match source or destination address */ ), "source-prefix-list" ( /* Match source prefixes in named list */ firewall_prefix_list /* Match source prefixes in named list */ ), "destination-prefix-list" ( /* Match destination prefixes in named list */ firewall_prefix_list /* Match destination prefixes in named list */ ), "prefix-list" ( /* Match source or destination prefixes in named list */ firewall_prefix_list /* Match source or destination prefixes in named list */ ), c( "packet-length" arg, "packet-length-except" arg ), c( "next-header" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "next-header-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "icmp-type" ( ("destination-unreachable" | "packet-too-big" | "time-exceeded" | "parameter-problem" | "echo-request" | "echo-reply" | "membership-query" | "membership-report" | "membership-termination" | "router-solicit" | "router-advertisement" | "redirect" | "neighbor-solicit" | "neighbor-advertisement" | "router-renumbering" | "node-information-request" | "node-information-reply" | "inverse-neighbor-discovery-solicitation" | "inverse-neighbor-discovery-advertisement" | "home-agent-address-discovery-request" | "home-agent-address-discovery-reply" | "mobile-prefix-solicitation" | "mobile-prefix-advertisement-reply" | "certificate-path-solicitation" | "certificate-path-advertisement" | "private-experimentation-100" | "private-experimentation-101" | "private-experimentation-200" | "private-experimentation-201" | arg) ), "icmp-type-except" ( ("destination-unreachable" | "packet-too-big" | "time-exceeded" | "parameter-problem" | "echo-request" | "echo-reply" | "membership-query" | "membership-report" | "membership-termination" | "router-solicit" | "router-advertisement" | "redirect" | "neighbor-solicit" | "neighbor-advertisement" | "router-renumbering" | "node-information-request" | "node-information-reply" | "inverse-neighbor-discovery-solicitation" | "inverse-neighbor-discovery-advertisement" | "home-agent-address-discovery-request" | "home-agent-address-discovery-reply" | "mobile-prefix-solicitation" | "mobile-prefix-advertisement-reply" | "certificate-path-solicitation" | "certificate-path-advertisement" | "private-experimentation-100" | "private-experimentation-101" | "private-experimentation-200" | "private-experimentation-201" | arg) ) ), c( "icmp-code" ( ("no-route-to-destination" | "administratively-prohibited" | "address-unreachable" | "port-unreachable" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip6-header-bad" | "unrecognized-next-header" | "unrecognized-option" | arg) ), "icmp-code-except" ( ("no-route-to-destination" | "administratively-prohibited" | "address-unreachable" | "port-unreachable" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip6-header-bad" | "unrecognized-next-header" | "unrecognized-option" | arg) ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( "log" /* Log the packet */, "syslog" /* System log (syslog) information about the packet */, "sample" /* Sample the packet */, c( "note" /* Interested ISDN packet */, "ignore" /* Non-interested ISDN packet */ ) ) ) ) ) ) ) end rule(:inet6_filter) do arg.as(:arg) ( c( "promote" ( /* Promote a firewall match to PFM */ ("gre-key" | "traffic-class") ), "accounting-profile" arg /* Accounting profile name */, "interface-specific" /* Defined counters are interface specific */, "scale-optimized" /* Improve filter prefix scale */, "enhanced-mode" /* Define filter for chassis network-services enhanced mode */, "interface-shared" /* Filter is interface-shared */, "enhanced-mode-override" /* Override the default chassis network-services enhanced mode for dynamic filter */, "physical-interface-filter" /* Filter is physical interface filter */, "fast-lookup-filter" /* Configure filter in the fast lookup hardware block */, "instance-shared" /* Filter is routing-instance shared */, "instance-specific" /* Filter is instance specific */, "term" arg ( /* Define a firewall term */ c( "filter" arg /* Filter to include */, "from" ( /* Define match criteria */ c( c( "destination-class" arg, "destination-class-except" arg ), c( "source-class" arg, "source-class-except" arg ), c( "interface-group" arg, "interface-group-except" arg ), "source-address" ( /* Match source address */ firewall_addr6_object /* Match source address */ ), "destination-address" ( /* Match destination address */ firewall_addr6_object /* Match destination address */ ), "address" ( /* Match source or destination address */ firewall_addr6_object /* Match source or destination address */ ), "source-prefix-list" ( /* Match source prefixes in named list */ firewall_prefix_list /* Match source prefixes in named list */ ), "destination-prefix-list" ( /* Match destination prefixes in named list */ firewall_prefix_list /* Match destination prefixes in named list */ ), "prefix-list" ( /* Match source or destination prefixes in named list */ firewall_prefix_list /* Match source or destination prefixes in named list */ ), c( "next-header" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "next-header-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "payload-protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "payload-protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "extension-header" ( ("any" | "hop-by-hop" | "routing" | "mobility" | "esp" | "fragment" | "dstopts" | "ah" | arg) ), "extension-header-except" ( ("any" | "hop-by-hop" | "routing" | "mobility" | "esp" | "fragment" | "dstopts" | "ah" | arg) ) ), c( "packet-length" arg, "packet-length-except" arg ), c( "traffic-class" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "traffic-class-except" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ) ), c( "icmp-type" ( ("destination-unreachable" | "packet-too-big" | "time-exceeded" | "parameter-problem" | "echo-request" | "echo-reply" | "membership-query" | "membership-report" | "membership-termination" | "router-solicit" | "router-advertisement" | "redirect" | "neighbor-solicit" | "neighbor-advertisement" | "router-renumbering" | "node-information-request" | "node-information-reply" | "inverse-neighbor-discovery-solicitation" | "inverse-neighbor-discovery-advertisement" | "home-agent-address-discovery-request" | "home-agent-address-discovery-reply" | "mobile-prefix-solicitation" | "mobile-prefix-advertisement-reply" | "certificate-path-solicitation" | "certificate-path-advertisement" | "private-experimentation-100" | "private-experimentation-101" | "private-experimentation-200" | "private-experimentation-201" | arg) ), "icmp-type-except" ( ("destination-unreachable" | "packet-too-big" | "time-exceeded" | "parameter-problem" | "echo-request" | "echo-reply" | "membership-query" | "membership-report" | "membership-termination" | "router-solicit" | "router-advertisement" | "redirect" | "neighbor-solicit" | "neighbor-advertisement" | "router-renumbering" | "node-information-request" | "node-information-reply" | "inverse-neighbor-discovery-solicitation" | "inverse-neighbor-discovery-advertisement" | "home-agent-address-discovery-request" | "home-agent-address-discovery-reply" | "mobile-prefix-solicitation" | "mobile-prefix-advertisement-reply" | "certificate-path-solicitation" | "certificate-path-advertisement" | "private-experimentation-100" | "private-experimentation-101" | "private-experimentation-200" | "private-experimentation-201" | arg) ) ), c( "icmp-code" ( ("no-route-to-destination" | "administratively-prohibited" | "address-unreachable" | "port-unreachable" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip6-header-bad" | "unrecognized-next-header" | "unrecognized-option" | arg) ), "icmp-code-except" ( ("no-route-to-destination" | "administratively-prohibited" | "address-unreachable" | "port-unreachable" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip6-header-bad" | "unrecognized-next-header" | "unrecognized-option" | arg) ) ), "tcp-initial" /* Match initial packet of a TCP connection */, "tcp-established" /* Match packet of an established TCP connection */, "tcp-flags" arg /* Match TCP flags (in symbolic or hex formats) */, "interface" ( /* Match interface name */ match_interface_object /* Match interface name */ ), "interface-set" ( /* Match interface in set */ match_interface_set_object /* Match interface in set */ ), c( "forwarding-class" arg, "forwarding-class-except" arg ), c( "loss-priority" ( ("low" | "high" | "medium-low" | "medium-high") ), "loss-priority-except" ( ("low" | "high" | "medium-low" | "medium-high") ) ), "service-filter-hit" /* Match if service-filter-hit is set */, c( "hop-limit" arg, "hop-limit-except" arg ), "is-fragment" /* Match if packet is a fragment */, "egress-to-ingress" /* Match egress fields in ingress */, "first-fragment" /* Match if packet is first fragment */, "last-fragment" /* Match if packet is last fragment */, c( "flexible-match-mask" ( /* Match flexible mask */ match_l3_flexible_mask /* Match flexible mask */ ) ), c( "flexible-match-range" ( /* Match flexible range */ match_l3_flexible_range /* Match flexible range */ ) ), c( "gre-key" arg, "gre-key-except" arg ), c( "policy-map" arg, "policy-map-except" arg ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "policer" arg /* Name of policer to use to rate-limit traffic */, "three-color-policer" ( /* Police the packet using a three-color-policer */ c( c( "single-rate" arg /* Name of single-rate three-color policer to use to rate-limit traffic */, "single-packet-rate" arg /* Name of single-packet-rate three-color policer to use to rate-limit traffic */, "two-rate" arg /* Name of two-rate three-color policer to use to rate-limit traffic */, "two-packet-rate" arg /* Name of two-packet-rate three-color policer to use to rate-limit traffic */ ) ) ), "hierarchical-policer" arg /* Name of hierarchical policer to use to rate-limit traffic */ ), c( "clear-policy-map" /* Clear the policy marking */, "policy-map" arg /* Policy map action */ ), c( "traffic-class-count" arg /* Count the packet in the named traffic-class counter */, "count" arg /* Count the packet in the named counter */ ), "service-accounting" /* Count the packets for service accounting */, "service-accounting-deferred" /* Count the packets for deferred service accounting */, "log" /* Log the packet */, "pkt-trace" /* Trace packet forwarding */, "packet-mode" /* Bypass flow mode for the packet */, "syslog" /* System log (syslog) information about the packet */, "packet-capture" /* Enable packet capture for telemetry */, "sample" /* Sample the packet */, "port-mirror-instance" arg /* Port-mirror the packet to specified instance */, "port-mirror" /* Port-mirror the packet */, "inline-monitoring-instance" arg /* Inline monitoring to specified instance */, "l2-mirror" /* L2 mirror the packet */, "analyzer" arg /* Name of analyzer */, "loss-priority" ( /* Packet's loss priority */ ("low" | "high" | "medium-low" | "medium-high") ), "forwarding-class" arg /* Classify packet to forwarding class */, "traffic-class" ( /* Set traffic-class code point */ ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "skip-services" /* Skip the services */, "service-filter-hit" /* Marked when packet processing by the current type of chained filters is done, the packet is directed to the next type of filters */, "force-premium" /* When this bit is marked, traffic is considered as premium by the following hierarchical policer */, "exclude-accounting" /* When this is marked, traffic is excluded from accurate accounting */, c( "decapsulate" ( /* Terminate a tunnel */ sc( c( "gre" ( /* GRE protocol */ c( "sample" ( /* Sample the packet */ ("inet" | "inet6" | "mpls") ), "no-decrement-ttl" /* Do not decrement TTL */, "forwarding-class" arg /* Classify packet to forwarding class */, "interface-group" arg /* Set the interface group */, c( "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */ ) ).as(:oneline) ) ) ), "gre-in-udp" ( /* GRE-in-UDP protocol */ c( "sample" ( /* Sample the packet */ ("inet" | "inet6" | "mpls") ), "no-decrement-ttl" /* Do not decrement TTL */, "forwarding-class" arg /* Classify packet to forwarding class */, "interface-group" arg /* Set the interface group */, c( "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */ ) ).as(:oneline) ) ) ), "mpls-in-udp" ( /* MPLS-in-UDP protocol */ c( "sample" ( /* Sample the packet */ ("inet" | "inet6" | "mpls") ), "no-decrement-ttl" /* Do not decrement TTL */, "forwarding-class" arg /* Classify packet to forwarding class */, "interface-group" arg /* Set the interface group */, c( "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */ ) ).as(:oneline) ) ) ), "l2tp" ( /* L2TP protocol */ c( "sample" ( /* Sample the packet */ ("inet" | "inet6" | "mpls") ), "no-decrement-ttl" /* Do not decrement TTL */, "forwarding-class" arg /* Classify packet to forwarding class */, "interface-group" arg /* Set the interface group */, "cookie" arg /* L2TPv3 cookie */, c( "output-interface" ( /* Interface name */ interface_unit /* Interface name */ ) ) ) ), "ipip" ( /* IPIP protocol */ c( "sample" ( /* Sample the packet */ ("inet" | "inet6" | "mpls") ), "no-decrement-ttl" /* Do not decrement TTL */, "forwarding-class" arg /* Classify packet to forwarding class */, "interface-group" arg /* Set the interface group */, c( "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */ ) ).as(:oneline) ) ) ) ) ) ).as(:oneline), "encapsulate" ( /* Send to a tunnel */ sc( arg /* Name of the tunnel end point */ ) ).as(:oneline), "accept" /* Accept the packet */, "discard" /* Discard the packet */, "next" ( /* Continue to next term in a filter */ ("term") ), "next-hop-group" arg /* Use specified next-hop group */, "logical-system" ( /* Packets are directed to specified logical system */ s( arg, c( "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */, "topology" arg /* Packets are directed to specified topology */ ) ).as(:oneline), "topology" arg /* Packets are directed to specified topology */ ) ) ).as(:oneline), "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */, "topology" arg /* Packets are directed to specified topology */ ) ).as(:oneline), "topology" arg /* Packets are directed to specified topology */, "next-ip6" ( /* Packets are directed to specified the specified ipv6 address */ sc( ipv6prefix /* Address to route */, "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */, "topology" arg /* Packets are directed to specified topology */ ) ).as(:oneline) ) ).as(:oneline), "next-interface" ( /* Packets are to be routed through the specified interface */ c( arg, "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */, "topology" arg /* Packets are directed to specified topology */ ) ).as(:oneline), c( "accept" /* Accept the packet */, "next" ( /* Continue to next term in a filter */ ("term") ) ) ) ), "reject" ( /* Reject the packet */ sc( c( "no-route" /* Send ICMPv6 No Route message */, "administratively-prohibited" /* Send ICMPv6 Administratively Prohibited message */, "beyond-scope" /* Send ICMPv6 Beyond Scope of Source Address message */, "address-unreachable" /* Send ICMPv6 Address Unreachable message */, "port-unreachable" /* Send ICMPv6 Port Unreachable message */, "policy-failed" /* Source address failed ingress/egress policy */, "reject-route" /* Reject route to destination */, "tcp-reset" /* Send TCP Reset message */, "network-unreachable" /* Send ICMPv4 Network Unreachable message */, "host-unreachable" /* Send ICMPv4 Host Unreachable message */, "protocol-unreachable" /* Send ICMPv4 Protocol Unreachable message */, "source-route-failed" /* Send ICMPv4 Source Route Failed message */, "network-unknown" /* Send ICMPv4 Network Unknown message */, "host-unknown" /* Send ICMPv4 Host Unknown message */, "source-host-isolated" /* Send ICMPv4 Source Host Isolated message */, "network-prohibited" /* Send ICMPv4 Network Prohibited message */, "host-prohibited" /* Send ICMPv4 Host Prohibited message */, "bad-network-tos" /* Send ICMPv4 Bad Network ToS message */, "bad-host-tos" /* Send ICMPv4 Bad Host ToS message */, "precedence-violation" /* Send ICMPv4 Precedence Violation message */, "precedence-cutoff" /* Send ICMPv4 Precedence Cutoff message */ ) ) ).as(:oneline) ) ) ), "template" ( /* Refer a template */ c( arg /* Template name */ ) ) ) ) ) ) end rule(:inet6_fuf) do arg.as(:arg) ( c( "interface-specific" /* Defined counters are interface specific */, "match-order" ( ("next-header" | "payload-protocol" | "source-address" | "destination-address" | "source-port" | "destination-port" | "traffic-class") ), "term" arg ( /* One or more firewall terms */ c( "only-at-create" /* Add term only when filter is first created. */, "from" ( /* Match criteria */ c( "source-address" ( /* Match source IP address */ firewall_addr6_simple_object /* Match source IP address */ ), "destination-address" ( /* Match destination IP address */ firewall_addr6_simple_object /* Match destination IP address */ ), c( "source-port" ( /* Match TCP/UDP source port */ match_simple_port_value /* Match TCP/UDP source port */ ) ), c( "destination-port" ( /* Match TCP/UDP destination port */ match_simple_port_value /* Match TCP/UDP destination port */ ) ), c( "next-header" ( /* Match next header protocol type */ match_simple_protocol_value /* Match next header protocol type */ ) ), c( "payload-protocol" ( /* Match payload protocol type */ match_simple_payload_protocol_value /* Match payload protocol type */ ) ), c( "traffic-class" ( /* Match Differentiated Services (DiffServ) code point */ match_simple_dscp_value /* Match Differentiated Services (DiffServ) code point */ ) ), "match-terms" arg /* Dynamically supplied list of match criteria */ ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "policer" arg /* Name of policer to use to rate-limit traffic */ ), "count" arg /* Count the packet in the named counter */, "service-accounting" /* Count the packets for service accounting */, "log" /* Log the packet */, "port-mirror" /* Port-mirror the packet */, "loss-priority" ( /* Packet's loss priority */ ("low" | "high" | "medium-low" | "medium-high") ), "forwarding-class" arg /* Classify packet to forwarding class */, "action-terms" arg /* Dynamically supplied list of actions */, c( "accept" /* Accept the packet */, "discard" /* Discard the packet */, "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */, "topology" arg /* Packets are directed to specified topology */ ) ).as(:oneline) ) ) ) ) ) ) ) end rule(:firewall_addr6_simple_object) do c( ipv6prefix /* Prefix to match */ ) end rule(:inet6_service_filter) do arg.as(:arg) ( c( "term" arg ( /* Service filter term */ c( "from" ( /* Match criteria */ c( c( "interface-group" arg, "interface-group-except" arg ), "source-address" ( /* Match source address */ firewall_addr6_object /* Match source address */ ), "destination-address" ( /* Match destination address */ firewall_addr6_object /* Match destination address */ ), "address" ( /* Match source or destination address */ firewall_addr6_object /* Match source or destination address */ ), "source-prefix-list" ( /* Match source prefixes in named list */ firewall_prefix_list /* Match source prefixes in named list */ ), "destination-prefix-list" ( /* Match destination prefixes in named list */ firewall_prefix_list /* Match destination prefixes in named list */ ), "prefix-list" ( /* Match source or destination prefixes in named list */ firewall_prefix_list /* Match source or destination prefixes in named list */ ), c( "next-header" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "next-header-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "payload-protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "payload-protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "extension-header" ( ("any" | "hop-by-hop" | "routing" | "mobility" | "esp" | "fragment" | "dstopts" | "ah" | arg) ), "extension-header-except" ( ("any" | "hop-by-hop" | "routing" | "mobility" | "esp" | "fragment" | "dstopts" | "ah" | arg) ) ), c( "esp-spi" arg, "esp-spi-except" arg ), c( "ah-spi" arg, "ah-spi-except" arg ), "tcp-flags" arg /* Match TCP flags (in symbolic or hex formats) */, c( "loss-priority" ( ("low" | "high" | "medium-low" | "medium-high") ), "loss-priority-except" ( ("low" | "high" | "medium-low" | "medium-high") ) ), c( "forwarding-class" arg, "forwarding-class-except" arg ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( "count" arg /* Count the packet in the named counter */, "log" /* Log the packet */, "pkt-trace" /* Pkt-Trace the packet */, "sample" /* Sample the packet */, "port-mirror" /* Port-mirror the packet */, c( "service" /* Forward packets to service processing */, "skip" /* Skip service processing */, "accept" /* Accept the packet */ ) ) ) ) ) ) ) end rule(:inet6_template) do arg.as(:arg) ( c( "attributes" ( /* Template attributes */ c( "destination-address" /* Match destination address */, "destination-port" /* Match TCP/UDP destination port */, "destination-prefix-list" /* Match destination prefixes in named list */, "flexible-match-mask" /* Match flexible mask */, "flexible-match-range" /* Match ICMP message code */, "hop-limit" /* Match Hop Limit */, "icmp-code" /* Match ICMP message code */, "icmp-type" /* Match ICMP message code */, "interface" /* Match interface name */, "next-header" /* Match next header protocol type */, "source-address" /* Match source address */, "source-port" /* Match TCP/UDP source port */, "source-prefix-list" /* Match source prefixes in named list */, "tcp-established" /* Match packet of an established TCP connection */, "tcp-flags" /* Match TCP flags */, "tcp-initial" /* Match initial packet of a TCP connection */, "traffic-class" /* Match Differentiated Services (DiffServ) code point */, "egress-to-ingress" /* Match egress fields in ingress */ ) ) ) ) end rule(:inet_dialer_filter) do arg.as(:arg) ( c( "accounting-profile" arg /* Accounting profile name */, "term" arg ( /* Define a firewall term */ c( "from" ( /* Define match criteria */ c( "source-address" ( /* Match IP source address */ firewall_addr_object /* Match IP source address */ ), "destination-address" ( /* Match IP destination address */ firewall_addr_object /* Match IP destination address */ ), "address" ( /* Match IP source or destination address */ firewall_addr_object /* Match IP source or destination address */ ), "source-prefix-list" ( /* Match IP source prefixes in named list */ firewall_prefix_list /* Match IP source prefixes in named list */ ), "destination-prefix-list" ( /* Match IP destination prefixes in named list */ firewall_prefix_list /* Match IP destination prefixes in named list */ ), "prefix-list" ( /* Match IP source or destination prefixes in named list */ firewall_prefix_list /* Match IP source or destination prefixes in named list */ ), c( "packet-length" arg, "packet-length-except" arg ), c( "precedence" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ), "precedence-except" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ) ), c( "dscp" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "dscp-except" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ) ), c( "ip-options" ( ("any" | "strict-source-route" | "loose-source-route" | "route-record" | "timestamp" | "router-alert" | "security" | "stream-id" | arg) ), "ip-options-except" ( ("any" | "strict-source-route" | "loose-source-route" | "route-record" | "timestamp" | "router-alert" | "security" | "stream-id" | arg) ) ), "is-fragment" /* Match if packet is a fragment */, "first-fragment" /* Match if packet is the first fragment */, c( "fragment-offset" arg, "fragment-offset-except" arg ), "fragment-flags" arg /* Match fragment flags */, c( "protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "ttl" arg, "ttl-except" arg ), c( "icmp-type" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ), "icmp-type-except" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ) ), c( "icmp-code" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ), "icmp-code-except" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), "tcp-initial" /* Match initial packet of a TCP connection */, "tcp-established" /* Match packet of an established TCP connection */, "tcp-flags" arg /* Match TCP flags (in symbolic or hex formats) */, c( "esp-spi" arg, "esp-spi-except" arg ), c( "ah-spi" arg, "ah-spi-except" arg ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( "log" /* Log the packet */, "syslog" /* System log (syslog) information about the packet */, "sample" /* Sample the packet */, c( "note" /* Interested ISDN packet */, "ignore" /* Non-interested ISDN packet */ ) ) ) ) ) ) ) end rule(:inet_filter) do arg.as(:arg) ( c( "promote" ( /* Promote a firewall match to PFM */ ("gre-key" | "dscp" | "vni") ), "accounting-profile" arg /* Accounting profile name */, "interface-specific" /* Defined counters are interface specific */, "scale-optimized" /* Improve filter prefix scale */, "physical-interface-filter" /* Filter is physical interface filter */, "enhanced-mode" /* Define filter for chassis network-services enhanced mode */, "interface-shared" /* Filter is interface-shared */, "enhanced-mode-override" /* Override the default chassis network-services enhanced mode for dynamic filter */, "instance-shared" /* Filter is routing-instance shared */, "instance-specific" /* Filter is instance specific */, "fast-lookup-filter" /* Configure filter in the fast lookup hardware block */, "term" arg ( /* Define a firewall term */ c( "filter" arg /* Filter to include */, "from" ( /* Define match criteria */ c( c( "destination-class" arg, "destination-class-except" arg ), c( "source-class" arg, "source-class-except" arg ), c( "interface-group" arg, "interface-group-except" arg ), "source-address" ( /* Match IP source address */ firewall_addr_object /* Match IP source address */ ), "destination-address" ( /* Match IP destination address */ firewall_addr_object /* Match IP destination address */ ), "address" ( /* Match IP source or destination address */ firewall_addr_object /* Match IP source or destination address */ ), "source-prefix-list" ( /* Match IP source prefixes in named list */ firewall_prefix_list /* Match IP source prefixes in named list */ ), "destination-prefix-list" ( /* Match IP destination prefixes in named list */ firewall_prefix_list /* Match IP destination prefixes in named list */ ), "prefix-list" ( /* Match IP source or destination prefixes in named list */ firewall_prefix_list /* Match IP source or destination prefixes in named list */ ), c( "packet-length" arg, "packet-length-except" arg ), c( "dscp" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "dscp-except" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ) ), c( "precedence" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ), "precedence-except" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ) ), c( "ip-options" ( ("any" | "strict-source-route" | "loose-source-route" | "route-record" | "timestamp" | "router-alert" | "security" | "stream-id" | arg) ), "ip-options-except" ( ("any" | "strict-source-route" | "loose-source-route" | "route-record" | "timestamp" | "router-alert" | "security" | "stream-id" | arg) ) ), "is-fragment" /* Match if packet is a fragment */, "egress-to-ingress" /* Match egress fields in ingress */, "first-fragment" /* Match if packet is the first fragment */, "service-filter-hit" /* Match if service-filter-hit is set */, c( "fragment-offset" arg, "fragment-offset-except" arg ), "fragment-flags" arg /* Match fragment flags (in symbolic or hex formats) - (Ingress only) */, c( "protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "ttl" arg, "ttl-except" arg ), c( "icmp-type" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ), "icmp-type-except" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ) ), c( "icmp-code" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ), "icmp-code-except" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), "tcp-initial" /* Match initial packet of a TCP connection */, "tcp-established" /* Match packet of an established TCP connection */, "tcp-flags" arg /* Match TCP flags (in symbolic or hex formats) */, c( "esp-spi" arg, "esp-spi-except" arg ), c( "ah-spi" arg, "ah-spi-except" arg ), "interface" ( /* Match interface name */ match_interface_object /* Match interface name */ ), "interface-set" ( /* Match interface in set */ match_interface_set_object /* Match interface in set */ ), c( "forwarding-class" arg, "forwarding-class-except" arg ), c( "loss-priority" ( ("low" | "high" | "medium-low" | "medium-high") ), "loss-priority-except" ( ("low" | "high" | "medium-low" | "medium-high") ) ), "source-port-range-optimize" /* Optimize the source port range */, "destination-port-range-optimize" /* Optimize the destination port range */, c( "rat-type" ( ("geran" | "utran" | "eutran" | arg) ), "rat-type-except" ( ("geran" | "utran" | "eutran" | arg) ) ), c( "redirect-reason" ( ("aoc" | "aolb" | "dpi") ), "redirect-reason-except" ( ("aoc" | "aolb" | "dpi") ) ), c( "gre-key" arg, "gre-key-except" arg ), c( "flexible-match-mask" ( /* Match flexible mask */ match_l3_flexible_mask /* Match flexible mask */ ) ), c( "flexible-match-range" ( /* Match flexible range */ match_l3_flexible_range /* Match flexible range */ ) ), c( "policy-map" arg, "policy-map-except" arg ), "vxlan" ( /* Define vxlan match items */ c( c( "vni" arg, "vni-except" arg ), c( "rsvd1" arg, "rsvd1-except" arg ), c( "rsvd2" arg, "rsvd2-except" arg ), "flags" ( /* Match VXlan flag field */ match_flags_value /* Match VXlan flag field */ ) ) ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "policer" arg /* Name of policer to use to rate-limit traffic */, "three-color-policer" ( /* Police the packet using a three-color-policer */ c( c( "single-rate" arg /* Name of single-rate three-color policer to use to rate-limit traffic */, "single-packet-rate" arg /* Name of single-packet-rate three-color policer to use to rate-limit traffic */, "two-rate" arg /* Name of two-rate three-color policer to use to rate-limit traffic */, "two-packet-rate" arg /* Name of two-packet-rate three-color policer to use to rate-limit traffic */ ) ) ), "hierarchical-policer" arg /* Name of hierarchical policer to use to rate-limit traffic */ ), c( "clear-policy-map" /* Clear the policy marking */, "policy-map" arg /* Policy map action */ ), c( "traffic-class-count" arg /* Count the packet in the named traffic-class counter */, "count" arg /* Count the packet in the named counter */ ), "service-accounting" /* Count the packets for service accounting */, "skip-services" /* Skip the services */, "service-accounting-deferred" /* Count the packets for deferred service accounting */, "log" /* Log the packet */, "pkt-trace" /* Trace the packet */, "packet-mode" /* Bypass flow mode for the packet */, "syslog" /* System log (syslog) information about the packet */, "packet-capture" /* Enable packet capture for telemetry */, "sample" /* Sample the packet */, "port-mirror-instance" arg /* Port-mirror the packet to specified instance */, "port-mirror" /* Port-mirror the packet */, "inline-monitoring-instance" arg /* Inline monitoring to specified instance */, "l2-mirror" /* L2 mirror the packet */, "analyzer" arg /* Name of analyzer - (Ingress only) */, "loss-priority" ( /* Packet's loss priority */ ("low" | "high" | "medium-low" | "medium-high") ), "forwarding-class" arg /* Classify packet to forwarding class */, "service-filter-hit" /* Marked when packet processing by the current type of chained filters is done, the packet is directed to the next type of filters */, "force-premium" /* When this bit is marked, traffic is considered as premium by the following hierarchical policer */, "exclude-accounting" /* When this is marked, traffic is excluded from accurate accounting */, "virtual-channel" arg /* Set the output interface virtual channel */, c( "accept" /* Accept the packet */, "discard" ( /* Discard the packet */ c( "accounting" arg /* Named discard collector for packet */ ) ), "next" ( /* Continue to next term in a filter */ ("term") ), "logical-system" ( /* Packets are directed to specified logical system */ s( arg, c( "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */, "topology" arg /* Packets are directed to specified topology */ ) ).as(:oneline), "topology" arg /* Packets are directed to specified topology */ ) ) ).as(:oneline), "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */, "topology" arg /* Packets are directed to specified topology */ ) ).as(:oneline), "topology" arg /* Packets are directed to specified topology */, "next-ip" ( /* Packets are directed to specified the specified ipv4 address */ sc( ipv4prefix /* Address to route */, "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */, "topology" arg /* Packets are directed to specified topology */ ) ).as(:oneline) ) ).as(:oneline), "next-interface" ( /* Packets are to be routed through the specified interface */ c( arg, "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */, "topology" arg /* Packets are directed to specified topology */ ) ).as(:oneline), c( "accept" /* Accept the packet */, "next" ( /* Continue to next term in a filter */ ("term") ) ) ) ), "ipsec-sa" arg /* Use specified IPSec security association */, "next-hop-group" arg /* Use specified next-hop group */, "decapsulate" ( /* Terminate a tunnel */ sc( c( "gre" ( /* GRE protocol */ c( "sample" ( /* Sample the packet */ ("inet" | "inet6" | "mpls") ), "no-decrement-ttl" /* Do not decrement TTL */, "forwarding-class" arg /* Classify packet to forwarding class */, "interface-group" arg /* Set the interface group */, c( "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */ ) ).as(:oneline) ) ) ), "gre-in-udp" ( /* GRE-in-UDP protocol */ c( "sample" ( /* Sample the packet */ ("inet" | "inet6" | "mpls") ), "no-decrement-ttl" /* Do not decrement TTL */, "forwarding-class" arg /* Classify packet to forwarding class */, "interface-group" arg /* Set the interface group */, c( "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */ ) ).as(:oneline) ) ) ), "mpls-in-udp" ( /* MPLS-in-UDP protocol */ c( "sample" ( /* Sample the packet */ ("inet" | "inet6" | "mpls") ), "no-decrement-ttl" /* Do not decrement TTL */, "forwarding-class" arg /* Classify packet to forwarding class */, "interface-group" arg /* Set the interface group */, c( "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */ ) ).as(:oneline) ) ) ), "l2tp" ( /* L2TP protocol */ c( "sample" ( /* Sample the packet */ ("inet" | "inet6" | "mpls") ), "no-decrement-ttl" /* Do not decrement TTL */, "forwarding-class" arg /* Classify packet to forwarding class */, "interface-group" arg /* Set the interface group */, "cookie" arg /* L2TPv3 cookie */, c( "output-interface" ( /* Interface name */ interface_unit /* Interface name */ ) ) ) ), "ipip" ( /* IPIP protocol */ c( "sample" ( /* Sample the packet */ ("inet" | "inet6" | "mpls") ), "no-decrement-ttl" /* Do not decrement TTL */, "forwarding-class" arg /* Classify packet to forwarding class */, "interface-group" arg /* Set the interface group */, c( "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */ ) ).as(:oneline) ) ) ) ) ) ).as(:oneline), "encapsulate" ( /* Send to a tunnel */ sc( arg /* Name of the tunnel end point */ ) ).as(:oneline), "reject" ( /* Reject the packet */ sc( c( "network-unreachable" /* Send ICMP Network Unreachable message */, "host-unreachable" /* Send ICMP Host Unreachable message */, "protocol-unreachable" /* Send ICMP Protocol Unreachable message */, "port-unreachable" /* Send ICMP Port Unreachable message */, "fragmentation-needed" /* Send ICMP Fragmentation Needed message */, "source-route-failed" /* Send ICMP Source Route Failed message */, "network-unknown" /* Send ICMP Network Unknown message */, "host-unknown" /* Send ICMP Host Unknown message */, "source-host-isolated" /* Send ICMP Source Host Isolated message */, "network-prohibited" /* Send ICMP Network Prohibited message */, "host-prohibited" /* Send ICMP Host Prohibited message */, "bad-network-tos" /* Send ICMP Bad Network ToS message */, "bad-host-tos" /* Send ICMP Bad Host ToS message */, "administratively-prohibited" /* Send ICMP Administratively Prohibited message */, "precedence-violation" /* Send ICMP Precedence Violation message */, "precedence-cutoff" /* Send ICMP Precedence Cutoff message */, "tcp-reset" /* Send TCP Reset message */ ) ) ).as(:oneline), "load-balance" arg /* Use specified load balancing group */ ), "dscp" ( /* Set Differentiated Services (DiffServ) code point */ ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "dont-fragment" ( /* Set or clear the DF bit flag of the IP header (ingress only) */ ("clear" | "set") ), "prefix-action" arg /* Police or count packets using named prefix action */ ) ), "template" ( /* Refer a template */ c( arg /* Template name */ ) ) ) ) ) ) end rule(:inet_fuf) do arg.as(:arg) ( c( "interface-specific" /* Defined counters are interface specific */, "match-order" ( ("protocol" | "source-address" | "destination-address" | "source-port" | "destination-port" | "dscp") ), "term" arg ( /* One or more firewall terms */ c( "only-at-create" /* Add term only when filter is first created. */, "from" ( /* Match criteria */ c( "source-address" ( /* Match source IP address */ firewall_addr_simple_object /* Match source IP address */ ), "destination-address" ( /* Match destination IP address */ firewall_addr_simple_object /* Match destination IP address */ ), c( "source-port" ( /* Match TCP/UDP source port */ match_simple_port_value /* Match TCP/UDP source port */ ) ), c( "destination-port" ( /* Match TCP/UDP destination port */ match_simple_port_value /* Match TCP/UDP destination port */ ) ), c( "protocol" ( /* Match IP protocol type */ match_simple_protocol_value /* Match IP protocol type */ ) ), c( "dscp" ( /* Match Differentiated Services (DiffServ) code point */ match_simple_dscp_value /* Match Differentiated Services (DiffServ) code point */ ) ), "match-terms" arg /* Dynamically supplied list of match criteria */ ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "policer" arg /* Name of policer to use to rate-limit traffic */ ), "count" arg /* Count the packet in the named counter */, "service-accounting" /* Count the packets for service accounting */, "log" /* Log the packet */, "port-mirror" /* Port-mirror the packet */, "loss-priority" ( /* Packet's loss priority */ ("low" | "high" | "medium-low" | "medium-high") ), "forwarding-class" arg /* Classify packet to forwarding class */, "action-terms" arg /* Dynamically supplied list of actions */, c( "accept" /* Accept the packet */, "discard" /* Discard the packet */, "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */, "topology" arg /* Packets are directed to specified topology */ ) ).as(:oneline) ) ) ) ) ) ) ) end rule(:firewall_addr_simple_object) do c( ipv4prefix /* Prefix to match */ ) end rule(:inet_service_filter) do arg.as(:arg) ( c( "term" arg ( /* Service filter term */ c( "from" ( /* Match criteria */ c( c( "interface-group" arg, "interface-group-except" arg ), "source-address" ( /* Match IP source address */ firewall_addr_object /* Match IP source address */ ), "destination-address" ( /* Match IP destination address */ firewall_addr_object /* Match IP destination address */ ), "address" ( /* Match IP source or destination address */ firewall_addr_object /* Match IP source or destination address */ ), "source-prefix-list" ( /* Match IP source prefixes in named list */ firewall_prefix_list /* Match IP source prefixes in named list */ ), "destination-prefix-list" ( /* Match IP destination prefixes in named list */ firewall_prefix_list /* Match IP destination prefixes in named list */ ), "prefix-list" ( /* Match IP source or destination prefixes in named list */ firewall_prefix_list /* Match IP source or destination prefixes in named list */ ), c( "protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "ip-options" ( ("any") ), "ip-options-except" ( ("any") ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "esp-spi" arg, "esp-spi-except" arg ), "is-fragment" /* Match if packet is a fragment */, "first-fragment" /* Match if packet is the first fragment */, c( "fragment-offset" arg, "fragment-offset-except" arg ), "fragment-flags" arg /* Match fragment flags */, "tcp-flags" arg /* Match TCP flags (in symbolic or hex formats) */, c( "ah-spi" arg, "ah-spi-except" arg ), c( "loss-priority" ( ("low" | "high" | "medium-low" | "medium-high") ), "loss-priority-except" ( ("low" | "high" | "medium-low" | "medium-high") ) ), c( "forwarding-class" arg, "forwarding-class-except" arg ), c( "redirect-reason" ( ("aoc" | "aolb" | "dpi") ), "redirect-reason-except" ( ("aoc" | "aolb" | "dpi") ) ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( "count" arg /* Count the packet in the named counter */, "log" /* Log the packet */, "pkt-trace" /* Pkt-Trace the packet */, "sample" /* Sample the packet */, "port-mirror" /* Port-mirror the packet */, c( "service" /* Forward packets to service processing */, "skip" /* Skip service processing */, "accept" /* Accept the packet */ ) ) ) ) ) ) ) end rule(:inet_simple_filter) do arg.as(:arg) ( c( "interface-specific" /* Defined counters are interface specific */, "term" arg ( /* One or more firewall terms */ c( "from" ( /* Match criteria */ c( "source-address" ( /* Source IP address */ firewall_addr_simple_object /* Source IP address */ ), "destination-address" ( /* Destination IP address */ firewall_addr_simple_object /* Destination IP address */ ), c( "protocol" ( /* Match IP protocol type */ match_simple_protocol_value /* Match IP protocol type */ ) ), c( "source-port" ( /* Match TCP/UDP source port */ match_simple_port_value /* Match TCP/UDP source port */ ) ), c( "destination-port" ( /* Match TCP/UDP destination port */ match_simple_port_value /* Match TCP/UDP destination port */ ) ), c( "forwarding-class" arg ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "policer" arg /* Name of policer to use to rate-limit traffic */, "three-color-policer" ( /* Police the packet using a three-color-policer */ c( c( "single-rate" arg /* Name of single-rate three-color policer to use to rate-limit traffic */, "two-rate" arg /* Name of two-rate three-color policer to use to rate-limit traffic */ ) ) ) ), "loss-priority" ( /* Packet's loss priority */ ("low" | "medium-high" | "medium-low" | "high") ), "forwarding-class" arg /* Classify packet to forwarding class */, "discard" /* Discard the packet */, "accept" /* Accept the packet */ ) ) ) ) ) ) end rule(:inet_template) do arg.as(:arg) ( c( "attributes" ( /* Template attributes */ c( "destination-address" /* Match IP destination address */, "destination-port" /* Match TCP/UDP destination port */, "destination-port-range-optimize" /* Optimize the destination port range */, "destination-prefix-list" /* Match IP destination prefixes in named list */, "dscp" /* Match Differentiated Services (DiffServ) code point */, "flexible-match-mask" /* Match flexible mask */, "flexible-match-range" /* Match flexible range */, "fragment-flags" /* Match fragment flags */, "icmp-code" /* Match ICMP message code */, "icmp-type" /* Match ICMP message type */, "interface" /* Match interface name */, "ip-options" /* Match IP options */, "is-fragment" /* Match if packet is a fragment */, "packet-length" /* Match packet length */, "precedence" /* Match IP precedence value */, "protocol" /* Match IP protocol type */, "rat-type" /* Match RAT Type */, "redirect-reason" /* Match Redirect Reason */, "source-address" /* Match IP source address */, "source-port" /* Match TCP/UDP source port */, "source-port-range-optimize" /* Optimize the source port range */, "source-prefix-list" /* Match IP source prefixes in named list */, "tcp-established" /* Match packet of an established TCP connection */, "tcp-flags" /* Match TCP flags */, "tcp-initial" /* Match initial packet of a TCP connection */, "ttl" /* Match IP ttl type */, "egress-to-ingress" /* Match egress fields in ingress */ ) ) ) ) end rule(:interface_map_type) do c( "file-specification" arg /* Default file specification */, "collector" ( /* Default Collector PIC to be used for flow manipulation */ interface_device /* Default Collector PIC to be used for flow manipulation */ ), input_intf_to_cpic_map_type ) end rule(:input_intf_to_cpic_map_type) do arg.as(:arg) ( c( "file-specification" arg /* File specification to use for this interface */, "collector" ( /* Collector PIC to be used for flow manipulation */ interface_device /* Collector PIC to be used for flow manipulation */ ) ) ) end rule(:interface_set_type) do arg.as(:arg) ( c( arg /* Interface list */ ) ) end rule(:interface_type) do ("all" | arg).as(:arg) ( c( "queue-statistics" /* Enable queue statistics collection */, "no-queue-statistics" /* Don't enable queue statistics collection */, "traffic-statistics" /* Enable traffic statistics collection */, "no-traffic-statistics" /* Don't enable traffic statistics collection */, "resource-profile" arg /* Resouce profile name */ ) ) end rule(:interfaces_type) do ("$junos-interface-ifd-name" | arg).as(:arg) ( c( "description" arg /* Text description of interface */, "external-model-name" arg /* Name for interface as configured using 3rd-party model */, "metadata" arg /* Text metadata attached to interface */, ("disable"), "promiscuous-mode" /* Enable promiscuous mode for L3 interface */, "port-mirror-instance" arg /* Port-mirror the packet to specified instance */, "multicast-statistics" /* Enable multicast statistics */, "oam-on-svlan" /* Propagate SVLAN OAM state to CVLANs */, "fabric-options" ( /* Fabric interface specific options */ c( "member-interfaces" arg /* Member interface for the fabric interface */, "remote-chassis" ( /* Remote chassis reachability */ c( "destination" ( /* Destination IP address to reach remote chassis */ ipv4addr /* Destination IP address to reach remote chassis */ ) ) ) ) ), "traceoptions" ( /* Interface trace options */ c( "flag" enum(("ipc" | "event" | "media" | "all")) /* Tracing parameters */.as(:oneline) ) ), "passive-monitor-mode" /* Use interface to tap packets from another router */, c( "keepalives" ( /* Send or demand keepalive messages */ keepalives_type /* Send or demand keepalive messages */ ).as(:oneline), "no-keepalives" /* Do not send keepalive messages */ ), "traps" /* Enable SNMP notifications on state changes */, "no-traps" /* Don't enable SNMP notifications on state changes */, "interface-mib" /* Enable interface-related MIBs */, "no-interface-mib" /* Don't enable interface-related MIBs */, "accounting-profile" arg /* Accounting profile name */, "anchor-point" ( /* Anchor point */ c( interface_device /* Interface name */ ) ), "bypass-queueing-chip" /* Enable to bypass queueing chip */, "no-bypass-queueing-chip" /* Don't enable to bypass queueing chip */, c( "per-unit-scheduler" /* Enable subunit queuing on Frame Relay or VLAN IQ interface */, "no-per-unit-scheduler" /* Don't enable subunit queuing on Frame Relay or VLAN IQ interface */, "shared-scheduler" /* Enabled shared queuing on an IQ2 interface */, "hierarchical-scheduler" ( /* Enable hierarchical scheduling */ sc( "maximum-hierarchy-levels" arg /* Maximum hierarchy levels */, "maximum-l2-nodes" arg /* Maximum l2 nodes, allowed numbers are power of 2 between 1 and 16k (needs FPC reboot) */, "maximum-l3-nodes" arg /* Maximum l3 nodes, allowed numbers are power of 2 between 2 and 32k (needs FPC reboot) */, "implicit-hierarchy" /* Implicit hierarchy (follows interface hierarchy) */ ) ).as(:oneline) ), "l2tp-maximum-session" arg /* Maximum L2TP session */, "schedulers" arg /* Number of schedulers to allocate for interface */, "interface-transmit-statistics" /* Interface statistics based on the transmitted packets */, "cascade-port" /* Cascade port */, "dce" /* Respond to Frame Relay status enquiry messages */, c( "vlan-tagging" /* 802.1q VLAN tagging support */, "stacked-vlan-tagging" /* Stacked 802.1q VLAN tagging support */, "flexible-vlan-tagging" /* Support for no tagging, or single and double 802.1q VLAN tagging */, "vlan-vci-tagging" /* CCC for VLAN Q-in-Q and ATM VPI/VCI interworking */ ), "native-vlan-id" arg /* Virtual LAN identifier for untagged frames */, "no-native-vlan-insert" /* Disable native-vlan-id insertion to untagged frames */, "vlan-offload" /* Offload VLAN filtering to NIC HW */, "input-native-vlan-push" ( /* Control native-vlan-id insertion to untagged frames when input-vlan-map push is configured */ ("disable" | "enable") ), "no-pseudowire-down-on-core-isolation" /* Do not bring the pseudowire down in the event of EVPN Core isolation */, "number-of-sub-ports" arg /* Number of channels to create for a port */, "unused" /* Disable physical port */, "speed" ( /* Link speed */ ("auto" | "auto-10m-100m" | "10m" | "100m" | "1g" | "2.5g" | "5g" | "10g" | "25g" | "40g" | "50g" | "100g" | "200g" | "400g" | "oc3" | "oc12" | "oc48") ), "forwarding-class-accounting" ( /* Configure Forwarding-class-accounting parameters */ c( "direction" ( /* Direction of the traffic to be accounted for IFD */ ("ingress" | "egress" | "both") ), "enhanced" ( c( "traffic-type" ( /* Traffic-type to be accounted for forwarding-class-accounting */ ("unicast-statistics" | "multicast-statistics") ), "family" ( /* Protocol traffic to be accounted for forwarding-class-accounting */ ("inet" | "inet6" | "both") ), "direction" ( /* Direction of the traffic to be accounted for forwarding-class-accounting */ ("ingress" | "egress" | "both") ), "overhead-bytes" arg /* Per octet overhead bytes to be accounted for forwarding-class-accounting */ ) ) ) ), "auto-configure" ( /* Auto configuration */ auto_configure_vlan_type /* Auto configuration */ ), "mtu" arg /* Maximum transmit packet size */, "hold-time" ( /* Hold time for link up and link down */ sc( "up" arg /* Link up hold time */, "down" arg /* Link down hold time */ ) ).as(:oneline), "damping" ( /* Interface damping parameters */ c( "half-life" arg /* Damping half life time */, "max-suppress" arg /* Maximum suppress time */, "reuse" arg /* Reuse threshold */, "suppress" arg /* Suppress threshold */, "enable" /* Enable interface damping */ ) ), "link-degrade-monitor" ( /* Enable link degrade monitoring */ c( c( "link-degrade-monitor-enable" /* Enable Link Degrade Monitoring */, "no-link-degrade-monitor-enable" /* Disable Link Degrade Monitoring */ ), "actions" ( /* Action upon link degrade event */ c( c( "media-based" /* Media based */ ) ) ), "recovery" ( /* Link degrade recovery mechanism */ c( "timer" arg /* Auto recovery timer in seconds */, c( "auto" /* Automatic recovery */, "manual" /* Manual recovery */ ) ) ), "thresholds" ( /* Link degrade threshold parameters */ c( "set" arg /* BER at which link considered degraded(1..16) */, "clear" arg /* BER at which link considered improved(1..16) */, "warning-set" arg /* BER at which link degrade warning raised(1..16) */, "warning-clear" arg /* BER at which link degrade warning cleared(1..16) */, "interval" arg /* Consecutive link degrade events */ ) ) ) ), "satop-options" ( /* Structure-Agnostic TDM over Packet protocol options */ c( "idle-pattern" arg /* An 8-bit hexadecimal pattern to replace TDM data in a lost packet */, "payload-size" arg /* Number of payload bytes per packet */, "excessive-packet-loss-rate" ( /* Packet loss options */ c( "threshold" arg /* Percentile designating the threshold of excessive packet loss rate */, "sample-period" arg /* Number of milliseconds over which excessive packet loss rate is calculated */ ) ), c( "jitter-buffer-packets" arg /* Number of packets in jitter buffer before packet data is played out in the line */, "jitter-buffer-latency" arg /* Number of milliseconds delay in jitter buffer before packet data is played out in the line */, "jitter-buffer-auto-adjust" /* Automatically adjust jitter buffer */ ), "bit-rate" arg /* In multiples of DS0 */ ) ), "cesopsn-options" ( /* Structure-Aware TDM over Packet protocol options */ c( "idle-pattern" arg /* An 8-bit hexadecimal pattern to replace TDM data in a lost packet */, "packetization-latency" arg /* Number of microseconds to create packets */, "payload-size" arg /* Number of payload bytes per packet */, "excessive-packet-loss-rate" ( /* Packet loss options */ c( "threshold" arg /* Percentile designating the threshold of excessive packet loss rate */, "sample-period" arg /* Number of milliseconds over which excessive packet loss rate is calculated */ ) ), c( "jitter-buffer-packets" arg /* Number of packets in jitter buffer before packet data is played out in the line */, "jitter-buffer-latency" arg /* Number of milliseconds delay in jitter buffer before packet data is played out in the line */, "jitter-buffer-auto-adjust" /* Automatically adjust jitter buffer */ ), "bit-rate" arg /* In multiples of DS0 */ ) ), "ima-group-options" ( /* IMA group options */ c( "frame-length" ( /* Frame length (cells) */ ("32" | "64" | "128" | "256") ), "symmetry" ( /* Symmetry of IMA group */ ("symmetrical-config-and-operation" | "symmetrical-config-asymmetrical-operation") ), "transmit-clock" ( /* Transmit clock */ ("common" | "independent") ), "version" ( /* IMA specification version */ ("1.0" | "1.1") ), "minimum-links" ( /* IMA group minimum active links */ c( c( arg ) ) ), "frame-synchronization" ( /* IMA group frame synchronization state parameters */ c( "alpha" arg /* Consecutive invalid ICP cells */, "beta" arg /* Consecutive errored ICP cells */, "gamma" arg /* Consecutive valid ICP cells */ ) ), "test-procedure" ( /* IMA group test pattern procedure */ c( "period" arg /* Length of IMA pattern test */, "interface" ( /* Interface name of the IMA link to test */ interface_device /* Interface name of the IMA link to test */ ), "pattern" arg /* IMA test pattern */ ) ), "differential-delay" arg /* Maximum differential delay among links in the IMA group */ ) ), "ima-link-options" ( /* IMA link options */ c( "group-id" arg /* IMA group ID this IMA link belongs to */ ) ), "multi-chassis-protection" ( /* Inter-Chassis protection configuration */ multi_chassis_protection_group /* Inter-Chassis protection configuration */ ), "clocking" ( /* Interface clock source */ sc( c( "internal" /* Clocking provided by local system */, "external" /* Clocking provided by DCE (loop timing) */ ) ) ).as(:oneline), "link-mode" ( /* Link operational mode */ ("automatic" | "half-duplex" | "full-duplex") ), "media-type" ( /* Interface media type (copper or fiber) */ ("copper" | "fiber") ), "encapsulation" ( /* Physical link-layer encapsulation */ ("ethernet" | "fddi" | "token-ring" | "ppp" | "ppp-ccc" | "ppp-tcc" | "ether-vpls-ppp" | "frame-relay" | "frame-relay-ccc" | "frame-relay-tcc" | "extended-frame-relay-ccc" | "extended-frame-relay-tcc" | "flexible-frame-relay" | "frame-relay-port-ccc" | "frame-relay-ether-type" | "frame-relay-ether-type-tcc" | "extended-frame-relay-ether-type-tcc" | "cisco-hdlc" | "cisco-hdlc-ccc" | "cisco-hdlc-tcc" | "vlan-ccc" | "extended-vlan-ccc" | "ethernet-ccc" | "flexible-ethernet-services" | "smds-dxi" | "atm-pvc" | "atm-ccc-cell-relay" | "ethernet-over-atm" | "ethernet-tcc" | "extended-vlan-tcc" | "multilink-frame-relay-uni-nni" | "satop" | "cesopsn" | "ima" | "ethernet-vpls" | "ethernet-bridge" | "vlan-vpls" | "vlan-vci-ccc" | "extended-vlan-vpls" | "extended-vlan-bridge" | "multilink-ppp" | "generic-services") ), "esi" ( /* ESI configuration of multi-homed interface */ c( "auto-derive" ( /* Auto-derive ESI value for the interface */ c( c( "lacp" /* Auto-derive ESI from lacp */ ) ) ), esi /* ESI value for the interface */, c( "single-active" /* Single-active mode */, "all-active" /* All-active mode */ ), "df-election-granularity" ( /* DF Election Granularity Selection */ c( c( "per-esi" ( /* DF Election Granularity Per Esi */ c( "lacp-oos-on-ndf" /* Lacp Oos */ ) ), "per-esi-vlan" /* Per Esi Vlan */ ) ) ), "df-election-type" ( /* DF Election Type */ c( c( "preference" ( /* Preference based DF election */ c( "value" arg /* Preference value for EVPN Multihoming DF election */ ) ) ), c( "mod" /* MOD based DF election */ ) ) ), "source-bmac" ( /* Unicast Source B-MAC address per ESI for PBB-EVPN */ mac_unicast /* Unicast Source B-MAC address per ESI for PBB-EVPN */ ) ) ), "framing" ( /* Frame type */ c( c( "lan-phy" /* 802.3ae 10-Gbps LAN-mode interface */, "wan-phy" /* 802.3ae 10-Gbps WAN-mode interface */, "sonet" /* SONET framing */, "sdh" /* SDH framing */ ), "precise-bandwidth" /* Use precise bandwidth for 10G wan-phy interface */ ) ), "unidirectional" /* Unidirectional Mode */, "lmi" ( /* Local Management Interface settings */ c( "n391dte" arg /* DTE full status polling interval */, "n392dce" arg /* DCE error threshold */, "n392dte" arg /* DTE error threshold */, "n393dce" arg /* DCE monitored event count */, "n393dte" arg /* DTE monitored event count */, "t391dte" arg /* DTE polling timer */, "t392dce" arg /* DCE polling verification timer */, "lmi-type" ( /* Specify the Frame Relay LMI type */ ("ansi" | "itu" | "c-lmi") ) ) ), "mlfr-uni-nni-bundle-options" ( /* Multilink Frame Relay UNI NNI (FRF.16) management settings */ c( "cisco-interoperability" ( /* FRF.16 Cisco interoperability settings */ c( "send-lip-remove-link-for-link-reject" /* Send Link Integrity Protocol remove link on receiving add-link rejection */ ) ), "mrru" arg /* Maximum received reconstructed unit */, "yellow-differential-delay" arg /* Yellow differential delay among bundle links to give warning */, "red-differential-delay" arg /* Red differential delay among bundle links to take action */, "action-red-differential-delay" ( /* Type of actions when differential delay exceeds red limit */ ("remove-link" | "disable-tx") ), "fragment-threshold" arg /* Fragmentation threshold */, "drop-timeout" arg /* Drop timeout */, "link-layer-overhead" ( /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ unsigned_float /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ ), "lmi-type" ( /* Specify the multilink Frame Relay UNI NNI LMI type */ ("ansi" | "itu" | "c-lmi") ), "minimum-links" arg /* Minimum number of links to sustain the bundle */, "hello-timer" arg /* LIP hello timer */, "acknowledge-timer" arg /* LIP ack timer */, "acknowledge-retries" arg /* LIP ack retry times */, "n391" arg /* Multilink Frame Relay UNI NNI full status polling counter */, "n392" arg /* Multilink Frame Relay UNI NNI LMI error threshold */, "n393" arg /* Multilink Frame Relay UNI NNI LMI monitored event count */, "t391" arg /* Multilink Frame Relay UNI NNI link integrity verify polling timer */, "t392" arg /* Multilink Frame Relay UNI NNI polling verification timer */ ) ), "mac" ( /* Hardware MAC address */ mac_unicast /* Hardware MAC address */ ), "receive-bucket" ( /* Set receive bucket parameters */ dcd_rx_bucket_config /* Set receive bucket parameters */ ), "transmit-bucket" ( /* Set transmit bucket parameters */ dcd_tx_bucket_config /* Set transmit bucket parameters */ ), "shared-interface" /* Enable shared interface on the interface */, "sonet-options" ( /* SONET interface-specific options */ sonet_options_type /* SONET interface-specific options */ ), "logical-tunnel-options" ( /* Logical Tunnel interface-specific options */ c( "link-protection" ( /* Enable link protection mode */ c( "revertive" /* Revert back (Default mode) from active backup link to primary, if primary is UP */, "non-revertive" /* Do not revert back from active backup link to primary, if primary is UP */ ) ), "per-unit-mac-disable" /* Disable the creation of per unit mac address on LT IFLs for VPLS/CCC encaps */, "load-balance" ( aggregate_load_balance ) ) ), "aggregated-sonet-options" ( /* Aggregated SONET interface-specific options */ c( "minimum-links" arg /* Minimum number of aggregated links */, "link-speed" ( /* Aggregated links speed */ ("oc3" | "oc12" | "oc48" | "oc192" | "oc768" | "mixed") ), "minimum-bandwidth" arg /* Minimum bandwidth necessary to sustain bundle */ ) ), "atm-options" ( /* ATM interface-specific options */ c( "pic-type" ( /* Type of ATM PIC (ATM I, ATM II or ATM CE) */ ("atm-ce" | "atm2" | "atm1") ), "cell-bundle-size" arg /* L2 circuit cell bundle size */, "cell-bundle-timeout" arg /* L2 circuit cell bundle timeout */, "plp-to-clp" /* Enable ATM2 PLP to CLP copy */, "use-null-cw" /* Always insert/strip null control words with cell-relay */, "promiscuous-mode" ( /* Set ATM interface to promiscuous mode */ c( "vpi" arg /* Open this VPI in promiscuous mode */.as(:oneline) ) ), "vpi" arg ( /* Define a virtual path */ c( "maximum-vcs" arg /* Maximum number of virtual circuits on this VP */, "shaping" ( /* Virtual path traffic-shaping options */ dcd_shaping_config /* Virtual path traffic-shaping options */ ), "oam-period" ( /* F4 OAM cell period */ sc( c( arg, "disable" /* Disable F4 OAM loopback */.as(:oneline) ) ) ).as(:oneline), "oam-liveness" ( /* F4 OAM virtual path liveness parameters */ c( "up-count" arg /* Number of F4 OAM cells to consider VP up */, "down-count" arg /* Number of F4 OAM cells to consider VP down */ ) ) ) ), "ilmi" /* Enable Interim Local Management Interface */, "linear-red-profiles" arg ( /* ATM2 CoS virtual circuit drop profiles */ sc( "queue-depth" arg /* Maximum queue depth */, "high-plp-threshold" arg /* Fill level percentage when linear RED is applied for high PLP */, "low-plp-threshold" arg /* Fill level percentage when linear RED is applied for low PLP */, "high-plp-max-threshold" arg /* Fill level percentage with 100 percent packet drop for high PLP */, "low-plp-max-threshold" arg /* Fill level percentage with 100 percent packet drop for low PLP */ ) ).as(:oneline), "scheduler-maps" arg ( /* ATM2 CoS parameters assigned to forwarding classes */ c( "vc-cos-mode" ( /* ATM2 virtual circuit CoS mode */ ("strict" | "alternate") ), "forwarding-class" arg ( /* Scheduling parameters associated with forwarding class */ c( "priority" ( /* Queuing priority assigned to forwarding class */ ("low" | "high") ), "transmit-weight" ( /* Transmit weight */ sc( c( "percent" arg /* Transmit weight as percentage */, "cells" arg /* Transmit weight by cells count */ ) ) ).as(:oneline), c( "epd-threshold" ( /* Early packet discard threshold for ATM2 */ epd_threshold_config /* Early packet discard threshold for ATM2 */ ).as(:oneline), "linear-red-profile" arg /* Linear RED profile profile name */ ) ) ) ) ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "payload-scrambler" /* Enable payload scrambling */, "no-payload-scrambler" /* Don't enable payload scrambling */ ) ), "multiservice-options" ( /* Multiservice interface-specific options */ c( "syslog" /* Enable system logging on this interface */, "no-syslog" /* Don't enable system logging on this interface */, "core-dump" /* Enable core dumping on this interface */, "no-core-dump" /* Don't enable core dumping on this interface */, "dump-on-flow-control" /* Enable dumping for this interface on prolonged flow-control */, "no-dump-on-flow-control" /* Don't enable dumping for this interface on prolonged flow-control */, "reset-on-flow-control" /* Enable resetting this interface on prolonged flow-control */, "no-reset-on-flow-control" /* Don't enable resetting this interface on prolonged flow-control */, "flow-control-options" ( /* Flow control configuration */ c( "dump-on-flow-control" /* Cause core dump during prolonged flow-control */, "reset-on-flow-control" /* Reset interface during prolonged flow-control */, "down-on-flow-control" /* Bring interface down during prolonged flow-control */, "up-on-flow-control" /* Keep interface up during prolonged flow-control */ ) ) ) ), "ggsn-options" ( /* GGSN interface-specific options */ c( "syslog" /* Enable system logging on this interface */, "no-syslog" /* Don't enable system logging on this interface */, "core-dump" /* Enable core dumping on this interface */, "no-core-dump" /* Don't enable core dumping on this interface */ ) ), "ppp-options" ( /* Point-to-Point Protocol (PPP) interface-specific options */ ppp_options_type /* Point-to-Point Protocol (PPP) interface-specific options */ ), "redundancy-options" ( /* Redundancy options */ c( "primary" ( /* Specify the primary interface */ interface_device /* Specify the primary interface */ ), "secondary" ( /* Specify the secondary interface */ interface_device /* Specify the secondary interface */ ), "redundancy-peer" ( /* Specify information for peer */ c( "ipaddress" ( /* Specify the IP address */ ipv4addr /* Specify the IP address */ ) ) ), "redundancy-local" ( /* Specify information for the local peer */ c( "data-address" ( /* Specify the HA local data IP address */ ipv4addr /* Specify the HA local data IP address */ ) ) ), "routing-instance" arg /* Specify routing-instance for the HA traffic */, "replication-threshold" arg /* Duration for which flow should remain active for replication */, "replication-options" ( /* Specify state replication attributes */ c( "mtu" arg /* Specify the maximal packet size for replicated data */ ) ), "replicate-services" ( /* Replicate services state from active to backup */ c( "pgcp" /* Replicate the PGCP service state */ ) ) ) ), "load-balancing-options" ( /* Load-balancing on services pics */ c( "member-interface" arg, "member-failure-options" ( /* Load balancing member failure handling options */ c( c( "redistribute-all-traffic" ( /* On a member failure, redistribute traffic to ams */ c( "enable-rejoin" /* Failed member can rejoin after recovery */ ) ), "drop-member-traffic" ( /* On a member failure, drop its traffic */ c( "rejoin-timeout" arg /* Wait time(in seconds) for failed member to rejoin */, "enable-rejoin" /* Failed member can join after recovery */ ) ) ) ) ), "no-bundle-flap" /* No bundle flap on member addition - recommended only with IPSec services */, "high-availability-options" ( /* High Availability options for Load-balancing */ c( c( "many-to-one" ( /* N:1 High Availability model */ c( "preferred-backup" ( /* Preferred backup Interface name */ interface_device /* Preferred backup Interface name */ ) ) ), "one-to-one" ( /* 1:1 High Availability model */ c( "preferred-backup" ( /* Preferred backup Interface name */ interface_device /* Preferred backup Interface name */ ) ) ) ) ) ) ) ), "aggregated-inline-services-options" ( /* Aggregated Inline Service interface specific options */ c( "primary-interface" ( /* Specify the primary interface */ interface_device /* Specify the primary interface */ ), "secondary-interface" ( /* Specify the secondary interface */ interface_device /* Specify the secondary interface */ ) ) ), "anchoring-options" ( /* Groups anchoring PFEs or FPCs together. */ c( "apfe-group-set" arg /* Ties up different anchoring groups to share similar fate */, "primary-list" arg /* Primary anchoring PFE name. */, "secondary" ( /* Secondary anchoring PFE name. */ c( arg /* Anchoring PFE name. */ ) ), c( "warm-standby" /* Delayed failover to secondary when primary fails */ ) ) ), "lsq-failure-options" ( /* Link services queuing failure options */ c( "trigger-link-failure" arg /* Link on which to trigger failure */, "no-termination-request" /* Do not send PPP termination requests */, "no-no-termination-request" /* Don't do not send PPP termination requests */ ) ), "redundancy-group" ( /* Redundancy group configuration */ c( "member-interface" arg ( /* Member interface for the redundancy group */ c( c( "active" /* Active interface */, "backup" /* Backup interface */ ) ) ), "maximum-links" arg ) ), "services-options" ( /* Services interface-specific options */ c( "syslog" ( /* Define system log parameters */ log_object /* Define system log parameters */ ), "jflow-log" ( /* Define Jflow-log parameters. */ c( "message-rate-limit" arg /* Maximum jflow-log NAT error events allowed per second from this interface */ ) ), "deterministic-nat-configuration-log-interval" ( /* Define Deterministic NAT parameters */ c( "interval" arg /* Interval in which deterministic NAT logs are generated */ ) ), "open-timeout" arg /* Timeout period for TCP session establishment */, "close-timeout" arg /* Timeout period for TCP session tear-down */, "inactivity-timeout" arg /* Inactivity timeout period for established sessions (4..86400) */, "inactivity-tcp-timeout" arg /* Inactivity timeout period for TCP established sessions */, "inactivity-asymm-tcp-timeout" arg /* Inactivity timeout period for asymmetric TCP established sessions */, "inactivity-non-tcp-timeout" arg /* Inactivity timeout period for non-TCP established sessions */, "session-timeout" arg /* Session timeout period for established sessions */, "disable-global-timeout-override" /* Disallow overriding global inactivity or session timeout */, "tcp-tickles" arg /* Number of TCP keep-alive packets to be sent for bi-directional TCP flows */, "trio-flow-offload" ( /* Allow PIC to offload flows to Trio-based PFE */ c( "minimum-bytes" arg /* Attempt flow offload after minimum bytes are seen on the flow */ ) ), "fragment-limit" arg /* Maximum number of fragments allowed for a packet */, "reassembly-timeout" arg /* Re-assembly timeout (seconds) for fragments of a packet */, "cgn-pic" /* PIC will be used for Carrier Grade NAT configuration only */, "pba-interim-logging-interval" arg /* Interim logging interval in seconds */, "session-limit" ( /* Session limit */ c( "maximum" arg /* Maximum number of sessions allowed simultaneously */, "rate" arg /* Maximum number of new sessions allowed per second */, "cpu-load-threshold" arg /* CPU limit in percentage for auto-tuning of session rate */ ) ), "enable-subscriber-analysis" /* Enable subscriber analysis on the interface */, "disable-subscriber-analysis" /* Disable subscriber analysis on the interface */, "disable-usp-tracing" /* Disable usp tracing on this pic */, "disable-drop-flows" /* Disable drop flows on this pic */, "ignore-errors" ( /* Ignore anomalies or errors */ sc( "tcp" /* TCP protocol errors */, "alg" /* ALG anomalies or errors */ ) ).as(:oneline), "capture" ( /* Packet capture for SFW and NAT on the Services PIC */ c( "capture-size" arg /* The number of packets to store */, "pkt-size" arg /* Number of bytes to be saved from each packet */, "logs-per-packet" arg /* The number of trace messages stored for each packet */, "max-log-line-size" arg /* The maximum length of a stored trace message */, "filter" ( /* Filtering options for the packet capture */ c( "source-ip" ( /* Filter based on source-ip (and wildcard) */ sc( "wildcard" ( /* Source IP wildcard */ ipaddr /* Source IP wildcard */ ), ipaddr /* Source IP */ ) ).as(:oneline), "dest-ip" ( /* Filter based on dest-ip (and wildcard) */ sc( "wildcard" ( /* Dest IP wildcard */ ipaddr /* Dest IP wildcard */ ), ipaddr /* Dest IP */ ) ).as(:oneline), "sw-sip" ( /* Filter based on source softwire ip (and wildcard) */ sc( "wildcard" ( /* Source IP wildcard */ ipv6addr /* Source IP wildcard */ ), ipv6addr /* Source softwire IP */ ) ).as(:oneline), "sw-dip" ( /* Filter based on destination softwire ip (and wildcard) */ sc( "wildcard" ( /* Destination IP wildcard */ ipaddr /* Destination IP wildcard */ ), ipaddr /* Destination softwire IP */ ) ).as(:oneline), "sport-range" ( /* Filter based on source port */ sc( "low" arg /* Source port range start */, "high" arg /* Source port range end */ ) ).as(:oneline), "dport-range" ( /* Filter based on destination port */ sc( "low" arg /* Destination port range start */, "high" arg /* Destination port range end */ ) ).as(:oneline), "proto" ( /* Filter based on L4 protocol */ ("icmp" | "tcp" | "udp") ) ) ) ) ), "flow" ( /* Define flow parameters */ c( "traceoptions" /* Trace options for flow services */ ) ), "fpc-pic-information" /* Include FPC and PIC slot number in the syslogs */, "utc-timestamp" /* Use UTC time for security log timestamps */, "syslog-local-system-timestamp" /* Use local system time for services syslog timestamp */ ) ), "t3-options" ( /* T3 interface-specific options */ c( "loopback" ( /* Loopback mode */ ("local" | "remote" | "payload") ), "long-buildout" /* Set hardware to drive line longer than 255 feet */, "no-long-buildout" /* Don't set hardware to drive line longer than 255 feet */, "loop-timing" /* Set loop timing for T3 */, "no-loop-timing" /* Don't set loop timing for T3 */, "unframed" /* Enable unframed mode */, "no-unframed" /* Don't enable unframed mode */, "compatibility-mode" ( /* Set CSU compatibility mode */ sc( c( "larscom" ( /* Compatible with Larscom CSU */ sc( "subrate" arg /* Set subrate value */ ) ).as(:oneline), "verilink" ( /* Compatible with Verilink CSU (not on 2/4-port T3 PIC) */ sc( "subrate" arg /* Set subrate value */ ) ).as(:oneline), "adtran" ( /* Compatible with Adtran CSU (not on 2/4-port T3 PIC) */ sc( "subrate" arg /* Set subrate value */ ) ).as(:oneline), "kentrox" ( /* Compatible with Kentrox CSU */ sc( "subrate" arg /* Set subrate value (not on 2/4-port T3 PIC) */ ) ).as(:oneline), "digital-link" ( /* Compatible with Digital Link CSU */ sc( "subrate" ( /* Set subrate value */ ("301Kb" | "601Kb" | "902Kb" | "1.2Mb" | "1.5Mb" | "1.8Mb" | "2.1Mb" | "2.4Mb" | "2.7Mb" | "3.0Mb" | "3.3Mb" | "3.6Mb" | "3.9Mb" | "4.2Mb" | "4.5Mb" | "4.8Mb" | "5.1Mb" | "5.4Mb" | "5.7Mb" | "6.0Mb" | "6.3Mb" | "6.6Mb" | "6.9Mb" | "7.2Mb" | "7.5Mb" | "7.8Mb" | "8.1Mb" | "8.4Mb" | "8.7Mb" | "9.0Mb" | "9.3Mb" | "9.6Mb" | "9.9Mb" | "10.2Mb" | "10.5Mb" | "10.8Mb" | "11.1Mb" | "11.4Mb" | "11.7Mb" | "12.0Mb" | "12.3Mb" | "12.6Mb" | "12.9Mb" | "13.2Mb" | "13.5Mb" | "13.8Mb" | "14.1Mb" | "14.4Mb" | "14.7Mb" | "15.0Mb" | "15.3Mb" | "15.6Mb" | "15.9Mb" | "16.2Mb" | "16.5Mb" | "16.8Mb" | "17.1Mb" | "17.4Mb" | "17.7Mb" | "18.0Mb" | "18.3Mb" | "18.6Mb" | "18.9Mb" | "19.2Mb" | "19.5Mb" | "19.8Mb" | "20.1Mb" | "20.5Mb" | "20.8Mb" | "21.1Mb" | "21.4Mb" | "21.7Mb" | "22.0Mb" | "22.3Mb" | "22.6Mb" | "22.9Mb" | "23.2Mb" | "23.5Mb" | "23.8Mb" | "24.1Mb" | "24.4Mb" | "24.7Mb" | "25.0Mb" | "25.3Mb" | "25.6Mb" | "25.9Mb" | "26.2Mb" | "26.5Mb" | "26.8Mb" | "27.1Mb" | "27.4Mb" | "27.7Mb" | "28.0Mb" | "28.3Mb" | "28.6Mb" | "28.9Mb" | "29.2Mb" | "29.5Mb" | "29.8Mb" | "30.1Mb" | "30.4Mb" | "30.7Mb" | "31.0Mb" | "31.3Mb" | "31.6Mb" | "31.9Mb" | "32.2Mb" | "32.5Mb" | "32.8Mb" | "33.1Mb" | "33.4Mb" | "33.7Mb" | "34.0Mb" | "34.3Mb" | "34.6Mb" | "34.9Mb" | "35.2Mb" | "35.5Mb" | "35.8Mb" | "36.1Mb" | "36.4Mb" | "36.7Mb" | "37.0Mb" | "37.3Mb" | "37.6Mb" | "37.9Mb" | "38.2Mb" | "38.5Mb" | "38.8Mb" | "39.1Mb" | "39.4Mb" | "39.7Mb" | "40.0Mb" | "40.3Mb" | "40.6Mb" | "40.9Mb" | "41.2Mb" | "41.5Mb" | "41.8Mb" | "42.1Mb" | "42.4Mb" | "42.7Mb" | "43.0Mb" | "43.3Mb" | "43.6Mb" | "43.9Mb" | "44.2Mb") ) ) ).as(:oneline) ) ) ).as(:oneline), "payload-scrambler" /* Enable payload scrambling */, "no-payload-scrambler" /* Don't enable payload scrambling */, "cbit-parity" /* Enable C-bit parity mode */, "no-cbit-parity" /* Don't enable C-bit parity mode */, "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "feac-loop-respond" /* Respond to FEAC loop requests */, "no-feac-loop-respond" /* Don't respond to FEAC loop requests */, "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */, "buildout" arg /* Line buildout */, "atm-encapsulation" ( /* DS-3 interface encapsulation */ ("plcp" | "direct") ) ) ), "e3-options" ( /* E3 interface-specific options */ c( "loopback" ( /* Loopback mode */ ("local" | "remote") ), "unframed" /* Enable unframed mode */, "no-unframed" /* Don't enable unframed mode */, "compatibility-mode" ( /* Set CSU compatibility mode */ sc( c( "larscom" /* Compatible with Larscom CSU (only non IQ E3 interfaces) */, "digital-link" ( /* Compatible with Digital Link CSU */ sc( "subrate" ( /* Set subrate value */ ("358Kb" | "716Kb" | "1.1Mb" | "1.4Mb" | "1.8Mb" | "2.1Mb" | "2.5Mb" | "2.9Mb" | "3.2Mb" | "3.6Mb" | "3.9Mb" | "4.3Mb" | "4.7Mb" | "5.0Mb" | "5.4Mb" | "5.7Mb" | "6.1Mb" | "6.4Mb" | "6.8Mb" | "7.2Mb" | "7.5Mb" | "7.9Mb" | "8.2Mb" | "8.6Mb" | "9.0Mb" | "9.3Mb" | "9.7Mb" | "10.0Mb" | "10.4Mb" | "10.7Mb" | "11.1Mb" | "11.5Mb" | "11.8Mb" | "12.2Mb" | "12.5Mb" | "12.9Mb" | "13.2Mb" | "13.6Mb" | "14.0Mb" | "14.3Mb" | "14.7Mb" | "15.0Mb" | "15.4Mb" | "15.8Mb" | "16.1Mb" | "16.5Mb" | "16.8Mb" | "17.2Mb" | "17.5Mb" | "17.9Mb" | "18.3Mb" | "18.6Mb" | "19.0Mb" | "19.3Mb" | "19.7Mb" | "20.0Mb" | "20.4Mb" | "20.8Mb" | "21.1Mb" | "21.5Mb" | "21.8Mb" | "22.2Mb" | "22.6Mb" | "22.9Mb" | "23.3Mb" | "23.6Mb" | "24.0Mb" | "24.3Mb" | "24.7Mb" | "25.1Mb" | "25.4Mb" | "25.8Mb" | "26.1Mb" | "26.5Mb" | "26.9Mb" | "27.2Mb" | "27.6Mb" | "27.9Mb" | "28.3Mb" | "28.6Mb" | "29.0Mb" | "29.4Mb" | "29.7Mb" | "30.1Mb" | "30.4Mb" | "30.8Mb" | "31.1Mb" | "31.5Mb" | "31.9Mb" | "32.2Mb" | "32.6Mb" | "32.9Mb" | "33.3Mb" | "33.7Mb" | "34.0Mb") ) ) ).as(:oneline), "kentrox" ( /* Compatible with Kentrox CSU */ sc( "subrate" arg /* Set subrate value (only for E3 IQ interfaces) */ ) ).as(:oneline) ) ) ).as(:oneline), "payload-scrambler" /* Enable payload scrambling */, "no-payload-scrambler" /* Don't enable payload scrambling */, "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "invert-data" /* Invert data */, "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */, "buildout" arg /* Line buildout */, "atm-encapsulation" ( /* E3 interface encapsulation */ ("plcp" | "direct") ), "framing" ( /* E3 line format */ ("g.751" | "g.832") ) ) ), "e1-options" ( /* E1 interface-specific options */ c( "timeslots" arg /* Timeslots (1..32); for example, 1-4,6,9-11,32 (no space) */, "loopback" ( /* Loopback mode */ ("local" | "remote") ), "framing" ( /* Framing mode */ ("g704" | "unframed" | "g704-no-crc4") ), "fcs" ( /* Frame checksum */ ("32" | "16") ), "invert-data" /* Invert data */, "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */ ) ), "t1-options" ( /* T1 interface-specific options */ c( "timeslots" arg /* Timeslots (1..24; for example, 1-3,4,9,22-24 (no space) */, "voice-timeslots" arg /* Voice timeslots (1..24),for example, 1-3,4,9,22-24 (no space) */, "disable-remote-alarm-detection" ( /* Disable detection of a remote alarm */ ("yellow") ), "loopback" ( /* Loopback mode */ ("local" | "remote" | "payload") ), "buildout" ( /* Line buildout */ ("0-132" | "133-265" | "266-398" | "399-531" | "532-655" | "long-0db" | "long-7.5db" | "long-15db" | "long-22.5db") ), "byte-encoding" ( /* Byte encoding */ ("nx64" | "nx56") ), "line-encoding" ( /* Line encoding */ ("ami" | "b8zs") ), "invert-data" /* Invert data */, "framing" ( /* Framing mode */ ("sf" | "esf") ), "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */, "remote-loopback-respond" /* Respond to loop requests from remote end */, "crc-major-alarm-threshold" ( /* CRC Major alarm threshold value */ ("1e-3" | "5e-4" | "1e-4" | "5e-5" | "1e-5") ), "crc-minor-alarm-threshold" ( /* CRC Minor alarm threshold value */ ("1e-3" | "5e-4" | "1e-4" | "5e-5" | "1e-5" | "5e-6" | "1e-6") ), "alarm-compliance" ( /* Enforce standard for alarm reporting */ ("accunet-t1-5-service") ) ) ), "ds0-options" ( /* DS-0 interface-specific options */ c( "loopback" ( /* Loopback mode */ ("payload") ), "byte-encoding" ( /* Byte encoding */ ("nx64" | "nx56") ), "invert-data" /* Invert data */, "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4" | "repeating-1-in-16") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */ ) ), "serial-options" ( /* Serial interface-specific options */ c( "line-protocol" ( /* Line protocol to be used */ ("eia530" | "v.35" | "x.21") ), c( "dte-options" ( /* DTE options/control leads */ c( "ignore-all" /* Ignore all control leads */, "dtr" ( /* Data Transmit Ready signal handling */ sc( c( "assert" /* Assert DTR signal */, "de-assert" /* Deassert DTR signal */, "normal" /* Normal DTR signal */, "auto-synchronize" ( /* Normal DTR signal, with autoresynchronization */ c( "duration" arg /* Duration of autoresynchronization */, "interval" arg /* Interval for autoresynchronization */ ) ) ) ) ).as(:oneline), "control-signal" ( /* X.21 control signal handling */ ("assert" | "de-assert" | "normal") ), "rts" ( /* Request To Send signal handling */ ("assert" | "de-assert" | "normal") ), "dcd" ( /* Data Carrier Detect signal handling */ ("require" | "ignore" | "normal") ), "dsr" ( /* Data Set Ready signal handling */ ("require" | "ignore" | "normal") ), "cts" ( /* Clear To Send signal handling */ ("require" | "ignore" | "normal") ), "indication" ( /* X.21 Indication signal handling */ ("require" | "ignore" | "normal") ), "tm" ( /* Test Mode signal handling */ ("require" | "ignore" | "normal") ) ) ), "dce-options" ( /* DCE options */ c( "ignore-all" /* Ignore all control leads */, "dtr" ( /* Data Transmit Ready signal handling */ ("require" | "ignore" | "normal") ), "rts" ( /* Request To Send signal handling */ ("require" | "ignore" | "normal") ), "dcd" ( /* Data Carrier Detect signal handling */ ("assert" | "de-assert" | "normal") ), "dsr" ( /* Data Set Ready signal handling */ ("assert" | "de-assert" | "normal") ), "cts" ( /* Clear To Send signal handling */ ("assert" | "de-assert" | "normal") ), "tm" ( /* Test Mode signal handling */ ("require" | "ignore" | "normal") ), "dce-loopback-override" /* DCE loopback override */ ) ) ), "dtr-circuit" ( /* Data Transmit Ready circuit mode */ ("balanced" | "unbalanced") ), "dtr-polarity" ( /* Data Transmit Ready signal polarity */ ("positive" | "negative") ), "rts-polarity" ( /* Request To Send signal polarity */ ("positive" | "negative") ), "control-polarity" ( /* X.21 Control signal polarity */ ("positive" | "negative") ), "dcd-polarity" ( /* Data Carrier Detect signal polarity */ ("positive" | "negative") ), "dsr-polarity" ( /* Data Set Ready signal polarity */ ("positive" | "negative") ), "cts-polarity" ( /* Clear To Send signal polarity */ ("positive" | "negative") ), "indication-polarity" ( /* X.21 Indication signal polarity */ ("positive" | "negative") ), "tm-polarity" ( /* Test Mode signal polarity */ ("positive" | "negative") ), "clocking-mode" ( /* Clock mode */ ("dce" | "internal" | "loop") ), "transmit-clock" ( /* Transmit clock phase */ ("invert") ), "clock-rate" ( /* Interface clock rate */ ("2.048mhz" | "2.341mhz" | "2.731mhz" | "3.277mhz" | "4.096mhz" | "5.461mhz" | "8.192mhz" | "16.384mhz" | "1.2khz" | "2.4khz" | "9.6khz" | "19.2khz" | "38.4khz" | "56.0khz" | "64.0khz" | "72.0khz" | "125.0khz" | "148.0khz" | "250.0khz" | "500.0khz" | "800.0khz" | "1.0mhz" | "1.3mhz" | "2.0mhz" | "4.0mhz" | "8.0mhz") ), "loopback" ( /* Loopback mode */ ("local" | "remote" | "dce-local" | "dce-remote") ), "encoding" ( /* Line encoding */ ("nrz" | "nrzi") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ) ) ), "gratuitous-arp-reply" /* Enable gratuitous ARP reply */, "no-gratuitous-arp-reply" /* Don't enable gratuitous ARP reply */, "no-gratuitous-arp-request" /* Ignore gratuitous ARP request */, "no-no-gratuitous-arp-request" /* Don't ignore gratuitous ARP request */, "arp-l2-validate" /* Validate ARP against L2 */, "ether-options" ( /* Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "loopback-remote" /* Enable remote loopback */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "ethernet-switch-profile" ( /* Ethernet virtual LAN/media access control-level options */ c( "tag-protocol-id" arg /* IEEE 802.1q Tag Protocol Identifier values for VLAN-tagged frames */, "ethernet-policer-profile" ( /* Ethernet level CoS-based policer configuration */ c( "input-priority-map" ( /* Input policer priority map */ cos_policer_input_priority_map /* Input policer priority map */ ), "output-priority-map" ( /* Output policer priority map */ cos_policer_output_priority_map /* Output policer priority map */ ), "policer" ( /* Policer template definition */ cos_policer /* Policer template definition */ ) ) ), "storm-control" ( /* Storm control profile name to bind */ c( arg /* Profile name */ ) ), "recovery-timeout" ( /* Recovery timeout for this interface */ sc( arg ) ).as(:oneline), "mac-learn-enable" /* Learn MAC addresses dynamically */, "no-mac-learn-enable" /* Don't learn MAC addresses dynamically */ ) ), "asynchronous-notification" /* Enable sending asynchronous notification to peer on CCC-down */, "source-address-filter" arg /* Source address filters */.as(:oneline), "auto-negotiation" /* Enable auto-negotiation */, "no-auto-negotiation" /* Don't enable auto-negotiation */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "configured-flow-control" ( /* Enable flow control */ c( "rx-buffers" ( /* Enable/Disable Rx buffers */ ("on" | "off") ), "tx-buffers" ( /* Enable/Disable Tx buffers */ ("on" | "off") ) ) ), "link-mode" ( /* Link duplex */ ("automatic" | "half-duplex" | "full-duplex") ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "ignore-l3-incompletes" /* Ignore L3 incomplete errors */, "no-auto-mdix" /* Disable auto MDI/MDIX */, "fec" ( /* Forward Error Correction mode */ ("none" | "fec91" | "fec74" | "fec108") ), "speed" ( /* Specify speed */ c( c( "auto-negotiation" ( /* Enable auto-negotiation */ sc( "auto-negotiate-10-100" /* Limits the auto-negotiation to 10m/100m only */ ) ).as(:oneline), "ethernet-10m" /* 10Mbps */, "ethernet-100m" /* 100Mbps */, "ethernet-1g" /* 1Gbps */, "ethernet-10g" /* 10Gbps */ ) ) ), "ieee-802.3ad" ( /* IEEE 802.3ad */ c( "lacp" ( /* Link Aggregation Control Protocol configuration */ c( "force-up" /* Keep the port up in absence of received LACPDU */, "port-priority" arg /* Priority of the port (0 ... 65535) */ ) ), interface_device /* Join an aggregated Ethernet interface */, c( "primary" /* Primary interface for link-protection mode */, "backup" /* Backup interface for link-protection mode */ ), "link-protection-sub-group" ( /* Link Protection subgroup configuration */ c( arg ) ), "port-priority" arg /* Link protection Priority of the port (0 ... 65535) */ ) ), "ieee-802-3az-eee" /* IEEE 802.3az Energy Efficient Ethernet(EEE) */, "mdi-mode" ( /* Cable cross-over mode */ ("auto" | "force" | "mdi" | "mdix") ), "redundant-parent" ( /* Parent of this interface */ c( interface_device /* Join a redundant ethernet interface */ ) ), "autostate-exclude" /* Interface will not contribute to IRB state */ ) ), "fibrechannel-options" ( /* Fibre Channel interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "bb-sc-n" arg /* B2B state change number */, "speed" ( /* Specify speed */ ("auto-negotiation" | "1g" | "2g" | "4g" | "8g") ) ) ), "gigether-options" ( /* Gigabit Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "loopback-remote" /* Enable remote loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, c( "no-auto-negotiation" /* Disable auto-negotiation */, "auto-negotiation" ( /* Enable auto-negotiation */ sc( "remote-fault" ( ("local-interface-offline" | "local-interface-online") ) ) ).as(:oneline) ), "mac-mode" ( /* Physical layer protocol of MAC's SERDES interface */ ("sgmii" | "mac-mode-1000base-x") ), "asynchronous-notification" /* Enable sending asynchronous notification to peer on CCC-down */, "source-address-filter" arg /* Source address filters */.as(:oneline), "pad-to-minimum-frame-size" /* Pad Tx vlan tagged frame to minimum of 68 bytes */, "redundant-parent" ( /* Parent of this interface */ c( interface_device /* Join a redundant-ethernet interface */ ) ), "ieee-802.3ad" ( /* IEEE 802.3ad */ c( "lacp" ( /* Link Aggregation Control Protocol configuration */ c( "port-priority" arg /* Priority of the port (0 ... 65535) */ ) ), interface_device /* Join an aggregated Ethernet interface */, "link-index" arg /* Desired child link index within the Aggregated Interface */, c( "primary" /* Primary interface for link-protection mode */, "backup" /* Backup interface for link-protection mode */ ), "distribution-list" arg /* Distribution list to which interface belongs */ ) ), "ethernet-switch-profile" ( /* Ethernet virtual LAN/media access control-level options */ c( "tag-protocol-id" arg /* IEEE 802.1q Tag Protocol Identifier values for VLAN-tagged frames */, "ethernet-policer-profile" ( /* Ethernet level CoS-based policer configuration */ c( "ieee802.1-priority-map" ( /* Premium priority values for IEEE 802.1p bits */ c( "premium" arg /* Premium policer priority map */ ) ), "input-priority-map" ( /* Input policer priority map */ cos_policer_input_priority_map /* Input policer priority map */ ), "output-priority-map" ( /* Output policer priority map */ cos_policer_output_priority_map /* Output policer priority map */ ), "policer" ( /* Policer template definition */ cos_policer /* Policer template definition */ ) ) ), "accept-from" ( /* Accept traffic from or to specified remote MAC */ c( "mac-address" ( /* Remote MAC */ mac_list /* Remote MAC */ ) ) ), "reject-the-rest" /* Accept traffic from only the specified MAC addresses */, "no-reject-the-rest" /* Don't accept traffic from only the specified MAC addresses */, "mac-learn-enable" /* Learn MAC addresses dynamically */ ) ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "ignore-l3-incompletes" /* Ignore L3 incomplete errors */, "no-auto-mdix" /* Disable auto MDI/MDIX */, "ieee-802-3az-eee" /* IEEE 802.3az Energy Efficient Ethernet(EEE) */, "mru" arg /* Maximum receive packet size */, "fec" ( /* Forward Error Correction mode */ ("none" | "fec91" | "fec74" | "fec108") ), "speed" ( /* Speed mode */ ("1g" | "10g") ) ) ), "optics-options" ( /* Optics options */ c( "wavelength" ( /* Wavelength of the optics (nanometers) for 50Ghz/100Ghz spacing */ ("1568.77" | "1568.36" | "1568.31" | "1568.26" | "1568.21" | "1568.16" | "1568.11" | "1568.05" | "1568.00" | "1567.95" | "1567.90" | "1567.85" | "1567.80" | "1567.75" | "1567.70" | "1567.64" | "1567.59" | "1567.54" | "1567.49" | "1567.44" | "1567.39" | "1567.34" | "1567.29" | "1567.23" | "1567.18" | "1567.13" | "1567.08" | "1567.03" | "1566.98" | "1566.93" | "1566.88" | "1566.83" | "1566.77" | "1566.72" | "1566.67" | "1566.62" | "1566.57" | "1566.52" | "1566.47" | "1566.42" | "1566.36" | "1566.31" | "1566.26" | "1566.21" | "1566.16" | "1566.11" | "1566.06" | "1566.01" | "1565.96" | "1565.90" | "1565.85" | "1565.80" | "1565.75" | "1565.70" | "1565.65" | "1565.60" | "1565.55" | "1565.50" | "1565.44" | "1565.39" | "1565.34" | "1565.29" | "1565.24" | "1565.19" | "1565.14" | "1565.09" | "1565.04" | "1564.99" | "1564.93" | "1564.88" | "1564.83" | "1564.78" | "1564.73" | "1564.68" | "1564.63" | "1564.58" | "1564.53" | "1564.47" | "1564.42" | "1564.37" | "1564.32" | "1564.27" | "1564.22" | "1564.17" | "1564.12" | "1564.07" | "1564.02" | "1563.96" | "1563.91" | "1563.86" | "1563.81" | "1563.76" | "1563.71" | "1563.66" | "1563.61" | "1563.56" | "1563.51" | "1563.45" | "1563.40" | "1563.35" | "1563.30" | "1563.25" | "1563.20" | "1563.15" | "1563.10" | "1563.05" | "1563.00" | "1562.95" | "1562.89" | "1562.84" | "1562.79" | "1562.74" | "1562.69" | "1562.64" | "1562.59" | "1562.54" | "1562.49" | "1562.44" | "1562.39" | "1562.33" | "1562.28" | "1562.23" | "1562.18" | "1562.13" | "1562.08" | "1562.03" | "1561.98" | "1561.93" | "1561.88" | "1561.83" | "1561.77" | "1561.72" | "1561.67" | "1561.62" | "1561.57" | "1561.52" | "1561.47" | "1561.42" | "1561.37" | "1561.32" | "1561.27" | "1561.22" | "1561.16" | "1561.11" | "1561.06" | "1561.01" | "1560.96" | "1560.91" | "1560.86" | "1560.81" | "1560.76" | "1560.71" | "1560.66" | "1560.61" | "1560.56" | "1560.50" | "1560.45" | "1560.40" | "1560.35" | "1560.30" | "1560.25" | "1560.20" | "1560.15" | "1560.10" | "1560.05" | "1560.00" | "1559.95" | "1559.90" | "1559.84" | "1559.79" | "1559.74" | "1559.69" | "1559.64" | "1559.59" | "1559.54" | "1559.49" | "1559.44" | "1559.39" | "1559.34" | "1559.29" | "1559.24" | "1559.19" | "1559.14" | "1559.08" | "1559.03" | "1558.98" | "1558.93" | "1558.88" | "1558.83" | "1558.78" | "1558.73" | "1558.68" | "1558.63" | "1558.58" | "1558.53" | "1558.48" | "1558.43" | "1558.38" | "1558.32" | "1558.27" | "1558.22" | "1558.17" | "1558.12" | "1558.07" | "1558.02" | "1557.97" | "1557.92" | "1557.87" | "1557.82" | "1557.77" | "1557.72" | "1557.67" | "1557.62" | "1557.57" | "1557.52" | "1557.46" | "1557.41" | "1557.36" | "1557.31" | "1557.26" | "1557.21" | "1557.16" | "1557.11" | "1557.06" | "1557.01" | "1556.96" | "1556.91" | "1556.86" | "1556.81" | "1556.76" | "1556.71" | "1556.66" | "1556.61" | "1556.55" | "1556.50" | "1556.45" | "1556.40" | "1556.35" | "1556.30" | "1556.25" | "1556.20" | "1556.15" | "1556.10" | "1556.05" | "1556.00" | "1555.95" | "1555.90" | "1555.85" | "1555.80" | "1555.75" | "1555.70" | "1555.65" | "1555.60" | "1555.55" | "1555.49" | "1555.44" | "1555.39" | "1555.34" | "1555.29" | "1555.24" | "1555.19" | "1555.14" | "1555.09" | "1555.04" | "1554.99" | "1554.94" | "1554.89" | "1554.84" | "1554.79" | "1554.74" | "1554.69" | "1554.64" | "1554.59" | "1554.54" | "1554.49" | "1554.44" | "1554.39" | "1554.34" | "1554.29" | "1554.23" | "1554.18" | "1554.13" | "1554.08" | "1554.03" | "1553.98" | "1553.93" | "1553.88" | "1553.83" | "1553.78" | "1553.73" | "1553.68" | "1553.63" | "1553.58" | "1553.53" | "1553.48" | "1553.43" | "1553.38" | "1553.33" | "1553.28" | "1553.23" | "1553.18" | "1553.13" | "1553.08" | "1553.03" | "1552.98" | "1552.93" | "1552.88" | "1552.83" | "1552.78" | "1552.73" | "1552.68" | "1552.62" | "1552.57" | "1552.52" | "1552.47" | "1552.42" | "1552.37" | "1552.32" | "1552.27" | "1552.22" | "1552.17" | "1552.12" | "1552.07" | "1552.02" | "1551.97" | "1551.92" | "1551.87" | "1551.82" | "1551.77" | "1551.72" | "1551.67" | "1551.62" | "1551.57" | "1551.52" | "1551.47" | "1551.42" | "1551.37" | "1551.32" | "1551.27" | "1551.22" | "1551.17" | "1551.12" | "1551.07" | "1551.02" | "1550.97" | "1550.92" | "1550.87" | "1550.82" | "1550.77" | "1550.72" | "1550.67" | "1550.62" | "1550.57" | "1550.52" | "1550.47" | "1550.42" | "1550.37" | "1550.32" | "1550.27" | "1550.22" | "1550.17" | "1550.12" | "1550.07" | "1550.02" | "1549.97" | "1549.92" | "1549.87" | "1549.82" | "1549.77" | "1549.72" | "1549.67" | "1549.62" | "1549.57" | "1549.52" | "1549.47" | "1549.42" | "1549.37" | "1549.32" | "1549.26" | "1549.21" | "1549.16" | "1549.11" | "1549.06" | "1549.01" | "1548.96" | "1548.91" | "1548.86" | "1548.81" | "1548.76" | "1548.71" | "1548.66" | "1548.61" | "1548.56" | "1548.51" | "1548.46" | "1548.41" | "1548.36" | "1548.31" | "1548.26" | "1548.21" | "1548.16" | "1548.11" | "1548.06" | "1548.02" | "1547.97" | "1547.92" | "1547.87" | "1547.82" | "1547.77" | "1547.72" | "1547.67" | "1547.62" | "1547.57" | "1547.52" | "1547.47" | "1547.42" | "1547.37" | "1547.32" | "1547.27" | "1547.22" | "1547.17" | "1547.12" | "1547.07" | "1547.02" | "1546.97" | "1546.92" | "1546.87" | "1546.82" | "1546.77" | "1546.72" | "1546.67" | "1546.62" | "1546.57" | "1546.52" | "1546.47" | "1546.42" | "1546.37" | "1546.32" | "1546.27" | "1546.22" | "1546.17" | "1546.12" | "1546.07" | "1546.02" | "1545.97" | "1545.92" | "1545.87" | "1545.82" | "1545.77" | "1545.72" | "1545.67" | "1545.62" | "1545.57" | "1545.52" | "1545.47" | "1545.42" | "1545.37" | "1545.32" | "1545.27" | "1545.22" | "1545.17" | "1545.12" | "1545.07" | "1545.02" | "1544.97" | "1544.92" | "1544.87" | "1544.82" | "1544.77" | "1544.72" | "1544.68" | "1544.63" | "1544.58" | "1544.53" | "1544.48" | "1544.43" | "1544.38" | "1544.33" | "1544.28" | "1544.23" | "1544.18" | "1544.13" | "1544.08" | "1544.03" | "1543.98" | "1543.93" | "1543.88" | "1543.83" | "1543.78" | "1543.73" | "1543.68" | "1543.63" | "1543.58" | "1543.53" | "1543.48" | "1543.43" | "1543.38" | "1543.33" | "1543.28" | "1543.23" | "1543.18" | "1543.13" | "1543.08" | "1543.04" | "1542.99" | "1542.94" | "1542.89" | "1542.84" | "1542.79" | "1542.74" | "1542.69" | "1542.64" | "1542.59" | "1542.54" | "1542.49" | "1542.44" | "1542.39" | "1542.34" | "1542.29" | "1542.24" | "1542.19" | "1542.14" | "1542.09" | "1542.04" | "1541.99" | "1541.94" | "1541.89" | "1541.84" | "1541.80" | "1541.75" | "1541.70" | "1541.65" | "1541.60" | "1541.55" | "1541.50" | "1541.45" | "1541.40" | "1541.35" | "1541.30" | "1541.25" | "1541.20" | "1541.15" | "1541.10" | "1541.05" | "1541.00" | "1540.95" | "1540.90" | "1540.85" | "1540.80" | "1540.76" | "1540.71" | "1540.66" | "1540.61" | "1540.56" | "1540.51" | "1540.46" | "1540.41" | "1540.36" | "1540.31" | "1540.26" | "1540.21" | "1540.16" | "1540.11" | "1540.06" | "1540.01" | "1539.96" | "1539.91" | "1539.86" | "1539.82" | "1539.77" | "1539.72" | "1539.67" | "1539.62" | "1539.57" | "1539.52" | "1539.47" | "1539.42" | "1539.37" | "1539.32" | "1539.27" | "1539.22" | "1539.17" | "1539.12" | "1539.07" | "1539.03" | "1538.98" | "1538.93" | "1538.88" | "1538.83" | "1538.78" | "1538.73" | "1538.68" | "1538.63" | "1538.58" | "1538.53" | "1538.48" | "1538.43" | "1538.38" | "1538.33" | "1538.28" | "1538.24" | "1538.19" | "1538.14" | "1538.09" | "1538.04" | "1537.99" | "1537.94" | "1537.89" | "1537.84" | "1537.79" | "1537.74" | "1537.69" | "1537.64" | "1537.59" | "1537.55" | "1537.50" | "1537.45" | "1537.40" | "1537.35" | "1537.30" | "1537.25" | "1537.20" | "1537.15" | "1537.10" | "1537.05" | "1537.00" | "1536.95" | "1536.90" | "1536.86" | "1536.81" | "1536.76" | "1536.71" | "1536.66" | "1536.61" | "1536.56" | "1536.51" | "1536.46" | "1536.41" | "1536.36" | "1536.31" | "1536.26" | "1536.22" | "1536.17" | "1536.12" | "1536.07" | "1536.02" | "1535.97" | "1535.92" | "1535.87" | "1535.82" | "1535.77" | "1535.72" | "1535.67" | "1535.63" | "1535.58" | "1535.53" | "1535.48" | "1535.43" | "1535.38" | "1535.33" | "1535.28" | "1535.23" | "1535.18" | "1535.13" | "1535.08" | "1535.04" | "1534.99" | "1534.94" | "1534.89" | "1534.84" | "1534.79" | "1534.74" | "1534.69" | "1534.64" | "1534.59" | "1534.54" | "1534.50" | "1534.45" | "1534.40" | "1534.35" | "1534.30" | "1534.25" | "1534.20" | "1534.15" | "1534.10" | "1534.05" | "1534.00" | "1533.96" | "1533.91" | "1533.86" | "1533.81" | "1533.76" | "1533.71" | "1533.66" | "1533.61" | "1533.56" | "1533.51" | "1533.47" | "1533.42" | "1533.37" | "1533.32" | "1533.27" | "1533.22" | "1533.17" | "1533.12" | "1533.07" | "1533.02" | "1532.98" | "1532.93" | "1532.88" | "1532.83" | "1532.78" | "1532.73" | "1532.68" | "1532.63" | "1532.58" | "1532.53" | "1532.49" | "1532.44" | "1532.39" | "1532.34" | "1532.29" | "1532.24" | "1532.19" | "1532.14" | "1532.09" | "1532.04" | "1532.00" | "1531.95" | "1531.90" | "1531.85" | "1531.80" | "1531.75" | "1531.70" | "1531.65" | "1531.60" | "1531.56" | "1531.51" | "1531.46" | "1531.41" | "1531.36" | "1531.31" | "1531.26" | "1531.21" | "1531.16" | "1531.12" | "1531.07" | "1531.02" | "1530.97" | "1530.92" | "1530.87" | "1530.82" | "1530.77" | "1530.72" | "1530.68" | "1530.63" | "1530.58" | "1530.53" | "1530.48" | "1530.43" | "1530.38" | "1530.33" | "1530.29" | "1530.24" | "1530.19" | "1530.14" | "1530.09" | "1530.04" | "1529.99" | "1529.94" | "1529.89" | "1529.85" | "1529.80" | "1529.75" | "1529.70" | "1529.65" | "1529.60" | "1529.55" | "1529.50" | "1529.46" | "1529.41" | "1529.36" | "1529.31" | "1529.26" | "1529.21" | "1529.16" | "1529.11" | "1529.07" | "1529.02" | "1528.97" | "1528.92" | "1528.87" | "1528.82" | "1528.77" | "1528.38") ), "tx-power" arg /* Transmit laser output power */, "loopback" /* Put the optics in loopback mode */, "los-warning-threshold" arg /* LOS warning threshold */, "los-alarm-threshold" arg /* LOS alarm threshold */, "modulation-format" ( /* Type of Modulation Format */ ("16qam" | "8qam" | "qpsk") ), "laser-enable" /* Enable Laser */, "no-laser-enable" /* Don't enable Laser */, "is-ma" /* Link is enabled with alarms masked */, "no-is-ma" /* Don't link is enabled with alarms masked */, "encoding" ( /* Line encoding */ ("differential" | "non-differential") ), "fec" ( /* Forward Error Correction mode */ ("sdfec" | "sdfec25" | "hgfec" | "sdfec15") ), "high-polarization" /* High polarization tracking mode */, "signal-degrade" ( /* Signal degrade thresholds */ c( "interval" arg /* Time interval */, "ber-threshold-clear" arg /* Ber threshold for signal degrade clear (format: xe-n, example: 4.5e-3) */, "ber-threshold-signal-degrade" arg /* Ber threshold for signal-degrade (format: xe-n, example: 4.5e-3) */, "q-threshold-signal-degrade-clear" arg /* Q threshold for signal-degrade clear (e.g. 14.26) */, "q-threshold-signal-degrade" arg /* Q threshold for signal-degrade (e.g. 9.26) */ ) ), "alarm" enum(("low-light-alarm")) ( /* Set optic alarms */ c( c( "syslog", "link-down" ) ) ), "tca" ( /* Set tca for optic alarms */ c( "tx-power-high-tca" ( /* Tx power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute tx power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour tx power high TCA in dBm */ ) ), "tx-power-low-tca" ( /* Tx power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute tx power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour tx power low TCA in dBm */ ) ), "rx-power-high-tca" ( /* Rx power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute rx power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour rx power high TCA in dBm */ ) ), "rx-power-low-tca" ( /* Rx power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute rx power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour rx power low TCA in dBm */ ) ), "temperature-high-tca" ( /* Temperature high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute high temperature TCA in celsius */, "threshold-24hrs" arg /* Threshold for 24 hour high temperature TCA in celsius */ ) ), "temperature-low-tca" ( /* Temperature low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute low temperature TCA in celsius */, "threshold-24hrs" arg /* Threshold for 24 hour low temperature TCA in celsius */ ) ), "carrier-frequency-offset-high-tca" ( /* Carrier frequency offset high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency offset high TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency offset high TCA in MHz */ ) ), "carrier-frequency-offset-low-tca" ( /* Carrier frequency offset low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency offset low TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency offset low TCA in MHz */ ) ), "fec-ber" ( /* Optics Errored Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the Optics errored seconds threshold crossing alert */, "no-enable-tca" /* Don't enable the Optics errored seconds threshold crossing alert */, "threshold" arg /* TCA threshold for BER value in format: xe-n, x is an integer or decimal number, n = 0..9 */, "threshold-24hrs" arg /* TCA threshold for BER value in format: xe-n, x is an integer or decimal number, n = 0..9 */ ) ).as(:oneline), "tec-current-high-tca" ( /* TEC Current high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute TEC Current high TCA in mA */, "threshold-24hrs" arg /* Threshold for 24 hour TEC Current high TCA in mA */ ) ), "tec-current-low-tca" ( /* TEC Current low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute TEC Current low TCA in mA */, "threshold-24hrs" arg /* Threshold for 24 hour TEC Current low TCA in mA */ ) ), "residual-isi-high-tca" ( /* Residual ISI high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Residual ISI high TCA in ps/nm */, "threshold-24hrs" arg /* Threshold for 24 hour Residual ISI high TCA in ps/nm */ ) ), "residual-isi-low-tca" ( /* Residual ISI low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Residual ISI low TCA in ps/nm */, "threshold-24hrs" arg /* Threshold for 24 hour Residual ISI low TCA in ps/nm */ ) ), "pam-histogram-high-tca" ( /* PAM Histogram high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute PAM Histogram high TCA */, "threshold-24hrs" arg /* Threshold for 24 hour PAM Histogram high TCA */ ) ), "snr-low-tca" ( /* SNR low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute SNR low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour SNR low TCA in dBm */ ) ), "fec-corrected-errors-high-tca" ( /* FEC Corrected Error High Threshold crossing defect trigger */ c( "enable-tca" /* Enable the FEC Corrected Errors threshold crossing alert */, "no-enable-tca" /* Don't enable the FEC Corrected Errors threshold crossing alert */, "threshold" arg /* FEC Corrected-Errs value in format: xe-n, x is an integer or decimal number, n = 0..9 */, "threshold-24hrs" arg /* FEC Corrected-Errs value in format: xe-n, x is an integer or decimal number, n = 0..9 */ ) ), "fec-ucorrected-words-high-tca" ( /* FEC UCorrected Words High Threshold crossing defect trigger */ c( "enable-tca" /* Enable the FEC UCorrected Words threshold crossing alert */, "no-enable-tca" /* Don't enable the FEC UCorrected Words threshold crossing alert */, "threshold" arg /* FEC UCorrected-Words value in format: xe-n, x is an integer or decimal number, n = 0..9 */, "threshold-24hrs" arg /* FEC UCorrected-Words value in format: xe-n, x is an integer or decimal number, n = 0..9 */ ) ), "laser-frequency-error-high-tca" ( /* Laser frequency error high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency error high TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency error high TCA in MHz */ ) ), "laser-frequency-error-low-tca" ( /* Laser frequency error low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency error low TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency error low TCA in MHz */ ) ) ) ), "warning" enum(("low-light-warning")) ( /* Set optic warnings */ c( c( "syslog" /* Set action as syslog */, "link-down" /* Set action as link-down */ ) ) ), "low-power-mode" /* Force optics to low power mode */, "host-side-fec" ( /* Host side optics FEC ON/OFF */ ("off" | "on") ), "media-side-fec" ( /* Media side FEC ON/OFF */ ("off" | "on") ), c( "lane" arg ( /* Media lane number */ c( "tx-laser" ( /* Transmit Laser ON/OFF */ ("off" | "on") ), "rx-output" ( /* Receive output ON/OFF */ ("off" | "on") ), "tx-cdr" ( /* Transmit Clock and Data Recovery ON/OFF */ ("off" | "on") ), "rx-cdr" ( /* Receive Clock and Data Recovery ON/OFF */ ("off" | "on") ), "tx-input-equalization-adaptive" ( /* Transmit adaptive equalization ON/OFF */ ("off" | "on") ), "tx-input-equalization-manual" arg /* Transmit manual equalization for optics */, "rx-output-emphasis" arg /* Receive output emphasis for optics */, "rx-output-amplitude" ( /* Receive output amplitude setting */ ("400mV" | "600mV" | "800mV" | "1200mV") ), "tx-squelch" ( /* Transmit squelch ON/OFF */ ("off" | "on") ), "rx-squelch" ( /* Receive squelch ON/OFF */ ("off" | "on") ), "tx-rate-select" arg /* Transmit rate select for optics */, "rx-rate-select" arg /* Receive rate select for optics */ ) ), "lane-all" ( /* Apply settings to all lane */ c( "tx-laser" ( /* Transmit Laser ON/OFF */ ("off" | "on") ), "rx-output" ( /* Receive output ON/OFF */ ("off" | "on") ), "tx-cdr" ( /* Transmit Clock and Data Recovery ON/OFF */ ("off" | "on") ), "rx-cdr" ( /* Receive Clock and Data Recovery ON/OFF */ ("off" | "on") ), "tx-input-equalization-adaptive" ( /* Transmit adaptive equalization ON/OFF */ ("off" | "on") ), "tx-input-equalization-manual" arg /* Transmit manual equalization for optics */, "rx-output-emphasis" arg /* Receive output emphasis for optics */, "rx-output-amplitude" ( /* Receive output amplitude setting */ ("400mV" | "600mV" | "800mV" | "1200mV") ), "tx-squelch" ( /* Transmit squelch ON/OFF */ ("off" | "on") ), "rx-squelch" ( /* Receive squelch ON/OFF */ ("off" | "on") ), "tx-rate-select" arg /* Transmit rate select for optics */, "rx-rate-select" arg /* Receive rate select for optics */ ) ) ) ) ), "otn-options" ( /* Optical Transmission Network interface-specific options */ otn_options_type /* Optical Transmission Network interface-specific options */ ), "tdm-options" ( /* Time division multiplexing (TDM) interface-specific options */ tdm_options_type /* Time division multiplexing (TDM) interface-specific options */ ), "och-options" ( /* Optical channel configuration options */ och_attributes /* Optical channel configuration options */ ), "otu-options" ( /* Optical transmission unit configuration options */ otu_attributes /* Optical transmission unit configuration options */ ), "odu-options" ( /* Optical data unit configuration options */ odu_attributes /* Optical data unit configuration options */ ), "ett-options" ( /* Transport ethernet client configuration options */ ett_attributes /* Transport ethernet client configuration options */ ), "fastether-options" ( /* Fast Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "auto-negotiation" /* Enable auto-negotiation */, "no-auto-negotiation" /* Don't enable auto-negotiation */, "ingress-rate-limit" arg /* Ingress rate at port */, "source-address-filter" arg /* Source address filters */.as(:oneline), "redundant-parent" ( /* Parent of this interface */ c( interface_device /* Join a redundant ethernet interface */ ) ), "ieee-802.3ad" ( /* IEEE 802.3ad */ c( "lacp" ( /* Link Aggregation Control Protocol configuration */ c( "port-priority" arg /* Priority of the port (0 ... 65535) */ ) ), interface_device /* Join an aggregated Ethernet interface */, c( "primary" /* Primary interface for link-protection mode */, "backup" /* Backup interface for link-protection mode */ ) ) ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "ignore-l3-incompletes" /* Ignore L3 incomplete errors */ ) ), "redundant-ether-options" ( /* Ethernet redundancy options */ c( "redundancy-group" arg /* Redundancy group of this interface */, "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "source-address-filter" arg /* Source address filters */.as(:oneline), "mru" arg /* Maximum receive packet size */, "link-speed" ( /* Link speed of individual interface that joins the RETH */ ("10m" | "100m" | "1g" | "10g") ), "minimum-links" arg /* Minimum number of active links */, "lacp" ( /* Link Aggregation Control Protocol configuration */ c( c( "active" /* Initiate transmission of LACP packets */, "passive" /* Respond to LACP packets */ ), "periodic" ( /* Timer interval for periodic transmission of LACP packets */ ("fast" | "slow") ) ) ) ) ), "aggregated-ether-options" ( /* Aggregated Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "autostate-exclude" /* Interface will not contribute to IRB state */, "link-protection" ( /* Enable link protection mode */ c( "revertive" /* Revert back from active backup link to primary, if primary is UP */, "non-revertive" /* Do not revert back (default mode) from active backup link to primary, if primary is UP */, "backup-state" ( /* Link protection backup link state */ ("accept-data" | "discard-data" | "down") ), "rtg-config" ( /* RTG enable on AE */ c( "preempt-cutover-timer" arg /* RTG preempt-cutover-timer in seconds */ ) ) ) ), "fcoe-lag" /* Enable FIP/FCoE LAG */, "no-fcoe-lag" /* Don't enable FIP/FCoE LAG */, "source-address-filter" arg /* Source address filters */.as(:oneline), "configured-flow-control" ( /* Enable flow control */ c( "rx-buffers" ( /* Enable/Disable Rx buffers */ ("on" | "off") ), "tx-buffers" ( /* Enable/Disable Tx buffers */ ("on" | "off") ) ) ), "load-balance" ( aggregate_load_balance ), "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "neighbor" ( /* BFD neighbor address */ ipaddr /* BFD neighbor address */ ), "local-address" ( /* BFD local address */ ipaddr /* BFD local address */ ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */ ) ), "minimum-links" arg /* Minimum number of aggregated links */, "minimum-bandwidth" ( /* Minimum bandwidth configured for aggregated bundle */ c( "bw-value" arg /* Bandwidth value */, "bw-unit" ( /* Bandwidth unit */ ("bps" | "kbps" | "mbps" | "gbps") ) ) ), "targeted-options" ( /* Targeting specific options */ c( "type" ( /* Targeting type of AE bundle */ ("auto" | "manual") ), c( "logical-interface-fpc-redundancy" /* Enable FPC redundancy for logical interfaces */, "logical-interface-chassis-redundancy" /* Enable CHASSIS redundancy for logical interfaces */ ), "rebalance-periodic" ( c( "start-time" ( /* Start time of the rebalance operation ( Wall clock time ) */ date /* Start time of the rebalance operation ( Wall clock time ) */ ), "interval" arg /* Interval of the rebalance operation in hrs */ ) ), "rebalance-subscriber-granularity" arg /* Max subscriber aggregate weight */ ) ), c( "logical-interface-fpc-redundancy" /* Enable FPC redundancy for logical interfaces */, "logical-interface-chassis-redundancy" /* Enable CHASSIS redundancy for logical interfaces */ ), "rebalance-periodic" ( c( "start-time" ( /* Start time of the rebalance operation ( Wall clock time ) */ date /* Start time of the rebalance operation ( Wall clock time ) */ ), "interval" arg /* Interval of the rebalance operation in hrs */ ) ), "pad-to-minimum-frame-size" /* Pad Tx vlan tagged frame to minimum of 68 bytes */, "link-speed" ( /* Link speed of individual interface that joins the AE */ ("10m" | "100m" | "1g" | "2.5g" | "5g" | "8g" | "10g" | "25g" | "40g" | "50g" | "80g" | "100g" | "400g" | "oc192" | "mixed") ), "local-bias" ( /* Turn on local bias functionality */ c( "disable" /* Disable local-bias */ ) ), "local-minimum-links-threshold" arg /* Specify threshold for minimum links per VC/VCF member */, "resilient-hash" /* Turn on resilient-hash */, "dlb" ( /* Enable DLB on LAG */ c( c( "per-packet" /* Per-packet link assignment */, "assigned-flow" /* Fixed link assignment */, "flowlet" ( /* Inactivity-based link assignment */ c( "inactivity-interval" arg /* Minimum inactivity interval in micro-seconds for link re-assignment */ ) ) ) ) ), "lacp" ( /* Link Aggregation Control Protocol configuration */ c( c( "active" /* Initiate transmission of LACP packets */, "passive" /* Respond to LACP packets */ ), "periodic" ( /* Timer interval for periodic transmission of LACP packets */ ("fast" | "slow") ), "fast-failover" /* To turn off LACP fast-failover */, "link-protection" ( c( "disable" /* To turn off LACP link-protection */, c( "revertive" /* Switch links when better priority link comes up */, "non-revertive" /* Do not switch links when better priority link comes up */ ), "rtg-config" ( /* RTG Feature enable on AE */ c( "preempt-cutover-timer" arg /* RTG preempt-cutover-timer in seconds */ ) ) ) ), "accept-data" /* Keep receiving traffic even when LACP goes down */, "sync-reset" ( /* On minimum-link failure notify out of sync to peer */ ("disable" | "enable") ), "system-priority" arg /* Priority of the system (0 ... 65535) */, "system-id" ( /* Node's System ID, encoded as a MAC address */ mac_addr /* Node's System ID, encoded as a MAC address */ ), "admin-key" arg /* Node's administrative key */, "hold-time" ( /* Hold time for link up and link down for AE link members */ sc( "up" arg /* Link up hold time for the AE link members */ ) ).as(:oneline), "aggregate-wait-time" arg /* Aggregate wait time for the AE */, "force-up" /* Forceup AE interface with LACP */, "no-peer-loopback-validation" /* Skip MCLAG peer loop back validation for LACP PDUs on Forceup AE interface */ ) ), "link-protection-sub-group" arg ( /* Link Protection subgroup configuration */ c( c( "primary" /* Primary subgroup for N:N link-protection mode */, "backup" /* Backup subgroup for N:N link-protection mode */ ) ) ), "ethernet-switch-profile" ( /* Ethernet virtual LAN/media access control-level options */ c( "tag-protocol-id" arg /* IEEE 802.1q Tag Protocol Identifier values for VLAN-tagged frames */, "storm-control" ( /* Storm control profile name to bind */ c( arg /* Profile name */ ) ), "recovery-timeout" ( /* Recovery timeout for this interface */ sc( arg ) ).as(:oneline), "mac-learn-enable" /* Learn MAC addresses dynamically */ ) ), "mc-ae" ( /* Multi-chassis aggregation (MC-AE) network device configuration */ c( "mc-ae-id" arg /* MC-AE group id */, "redundancy-group" arg /* Redundancy group id */, "chassis-id" arg /* Chassis id of MC-AE network device */, "mode" ( /* Mode of the MC-AE */ ("active-standby" | "active-active") ), "status-control" ( /* Status of the MC-AE chassis */ ("active" | "standby") ), "switchover-mode" ( /* Switchover mode */ ("revertive" | "non-revertive") ), "revert-time" arg /* Wait interval before performing switchover */, "init-delay-time" arg /* Init delay timer for mcae sm for min traffic loss */, "recovery-delay-time" arg /* Delay timer for bringing up ICL, ICCP */, "enhanced-convergence" /* Optimized convergence time for mcae */, "events" ( /* MCAE related events */ c( "iccp-peer-down" ( /* Define behavior in the event of ICCP peer down */ c( "force-icl-down" /* Bring down ICL logical interface */, "prefer-status-control-active" /* Keep this node up (recommended only on status-control active) */ ) ) ) ) ) ), "share-standby" /* Share the resources with standby ports, needs FPC reboot to take effect */ ) ), "es-options" ( /* ES PIC interface-specific options */ c( "backup-interface" ( /* Name of backup interface */ interface_device /* Name of backup interface */ ) ) ), "dsl-options" ( /* DSL interface-specific options */ c( "operating-mode" ( /* DSL operating mode */ ("auto" | "ansi-dmt" | "itu-dmt" | "etsi" | "itu-annexb-ur2" | "itu-annexb-non-ur2" | "itu-dmt-bis" | "adsl2plus" | "annexm-itu-dmt-bis" | "annexm-adsl2plus") ) ) ), "vdsl-options" ( /* VDSL interface-specific options */ c( "vdsl-profile" ( /* VDSL profile */ ("auto" | "8a" | "8b" | "8c" | "8d" | "12a" | "12b" | "17a") ), "sra" ( /* DSL SRA */ ("enable" | "disable") ), "v43" ( /* DSL V43 tones */ ("enable" | "disable") ), "sos" /* Enable SOS */ ) ), "dsl-sfp-options" ( /* DSL SFP options */ c( "adsl-options" ( /* ADSL options */ c( "vpi" arg /* Virtual path identifier */, "vci" arg /* Virtual circuit identifier */, "encap" ( /* Encapsulation */ ("bypass" | "llcsnap-bridged-802dot1q" | "llcsnap-routed-ip" | "vc-mux-bridged" | "vc-mux-routed-ip" | "generic") ), "annex" ( /* Annex type */ ("auto" | "annexj-off") ) ) ), "vdsl-options" ( /* VDSL options */ c( "profile" ( /* VDSL profile */ ("auto" | "8a" | "8b" | "8c" | "8d" | "12a" | "12b" | "17a" | "30a") ), "carrier" ( /* Carrier setting */ ("auto" | "a43" | "b43") ) ) ), "gfast-options" ( /* G.fast options */ c( "carrier" ( /* Carrier setting */ ("a43" | "a43c" | "b43" | "b43c") ) ) ) ) ), "shdsl-options" ( /* SHDSL interface-specific options */ c( "annex" ( /* Type of SHDSL annex */ ("annex-a" | "annex-b" | "annex-f" | "annex-g" | "annex-auto") ), "line-rate" ( /* SHDSL line rate */ ("auto" | arg) ), "loopback" ( /* Loopback mode */ ("local" | "remote") ), "snr-margin" ( /* Signal to noise ratio margin */ c( "current" ( /* Current signal to noise ratio margin */ ("disable" | arg) ), "snext" ( /* SNEXT signal to noise ratio margin */ ("disable" | arg) ) ) ) ) ), "data-input" ( /* Configuration for drop-insert data input */ c( c( "system" /* Data sourced from system */, "interface" ( /* Interface that acts as data source */ interface_device /* Interface that acts as data source */ ) ) ) ), "switch-options" ( /* Front end ports configuration */ c( "switch-port" arg ( c( "auto-negotiation" /* Enable auto-negotiation */, "no-auto-negotiation" /* Don't enable auto-negotiation */, "link-mode" ( /* Link operational mode */ ("half-duplex" | "full-duplex") ), "speed" ( /* Link speed */ ("10m" | "100m" | "1g") ), "vlan-id" arg /* VLAN ID for this port */, "cascade-port" /* Port externally connected to another cascade port */ ) ) ) ), "container-options" ( /* Container interface specific options */ c( "container-type" ( /* Protocol type of the container interface */ c( c( "aps" ( /* APS options on the container */ aps_type /* APS options on the container */ ) ) ) ), "member-interface-type" ( /* Link type of members of container */ c( c( "sonet" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("oc3" | "oc12" | "oc48" | "oc192" | "oc768" | "mixed") ) ) ), "atm" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("oc3" | "oc12" | "oc48") ) ) ), "channelized-sonet" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("coc3" | "coc12" | "coc48" | "coc192" | "coc768") ) ) ), "channelized-sdh" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("cstm1" | "cstm4" | "cstm16" | "coc64" | "cstm256") ) ) ) ) ) ), "redundancy" ( /* Container interface redundancy options */ c( "hold-time" ( /* Hold time for link up and link down */ sc( "up" arg /* Link up hold time */, "down" arg /* Link down hold time */ ) ).as(:oneline) ) ), "container-list" ( /* List of container interfaces this member link is associated to */ interface_device /* List of container interfaces this member link is associated to */ ), c( "primary" /* This member link is primary interface of the container */, "standby" /* This member link is standby interface of the container */ ), "fast-aps" /* Fast APS switch */, "allow-configuration-override" /* Allow physical configuration of member link to override container configuration */ ) ), "layer2-policer" ( /* Layer2 policing for interface */ c( c( "input-policer" arg /* Two-color policer for received packets */, "input-hierarchical-policer" arg /* Hierarchical policer for received packets */ ) ) ), "unit" enum(("$junos-underlying-interface-unit" | "$junos-interface-unit" | arg)) ( /* Logical interface */ c( "policer-overhead" ( /* Policer overhead adjustment for this unit */ c( arg, "ingress" arg /* Ingress value in bytes */, "egress" arg /* Egress value in bytes */ ) ), "alias" arg /* Interface alias */, "enhanced-convergence" /* Optimize convergence time for L3 */, "proxy-macip-advertisement" /* Proxy advertisement of type 2 MAC+IP route for EVPN */, "virtual-gateway-accept-data" /* Accept packets destined for virtual gateway address */, "peer-psd" ( /* Peer psd */ sc( arg /* Peer psd name */ ) ).as(:oneline), "peer-interface" ( /* Peer interface */ c( interface_unit /* Peer interface name */ ) ), "interface-shared-with" ( /* Specify which PSD owns this logical interface */ c( arg /* Name of protected system domain (psd[1-31], ex. psd2) */ ) ), ("disable"), "passive-monitor-mode" /* Use interface to tap packets from another router */, "per-session-scheduler" /* Enable per-session queuing on an IQ2 interface */, "account-layer2-overhead" ( /* Account layer2 overhead in IFL byte statistics */ c( arg, "ingress" arg /* Layer2 overhead bytes to be accounted in ingress */, "egress" arg /* Layer2 overhead bytes to be accounted in egress */ ) ), "forwarding-class-accounting" ( /* Configure Forwarding-class-accounting parameters for IFL */ c( "direction" ( /* Direction of the traffic to be accounted for IFL */ ("ingress" | "egress" | "both") ), "enhanced" ( c( "traffic-type" ( /* Traffic-type to be accounted for forwarding-class-accounting for IFL */ ("unicast-statistics" | "multicast-statistics") ), "family" ( /* Protocol traffic to be accounted for forwarding-class-accounting for IFL */ ("inet" | "inet6" | "both") ), "direction" ( /* Direction of the traffic to be accounted for forwarding-class-accounting for IFL */ ("ingress" | "egress" | "both") ), "overhead-bytes" arg /* Per octet overhead bytes to be accounted for forwarding-class-accounting for IFL */ ) ) ) ), "clear-dont-fragment-bit" /* Clear DF bit in packet (AS PIC and J-series only as well as MIF) */, "packet-inject-enable" /* Enable packet inject functionality on this IFL */, "reassemble-packets" /* Do reassembly of fragmented tunnel packets */, "services-options" /* Services interface-specific options */, "rpm" ( /* Enable RPM service on this interface */ c( c( c( "client" /* Client mode */, "server" /* Server mode */, "client-delegate-probes" /* Client delegate probe mode */ ), "twamp-server" /* Set TWAMP server mode on this interface */, "twamp-client" /* Set TWAMP client mode on this interface */ ) ) ), "description" arg /* Text description of interface */, "metadata" arg /* Text metadata attached to interface */, "dial-options" ( /* Dial options */ c( c( "l2tp-interface-id" arg /* Identifier for group of PPP sessions */, "ipsec-interface-id" arg /* Identifier for group of dynamic peers */ ), c( "dedicated" /* Use this unit for only one PPP/IPSec session */, "shared" /* Share this unit for multiple PPP/IPSec sessions */ ) ) ), "actual-transit-statistics" /* Actual transit statistics */, "demux-source" ( enum(("inet" | "inet6")) ), "demux-destination" ( enum(("inet" | "inet6")) ), "demux" ( /* Demux based on source or destination address */ c( "inet" ( /* Family inet */ c( "address" ( /* Address type */ ("source" | "destination") ), "auto-configure" ( /* Auto configuration */ dynamic_ipv4_type /* Auto configuration */ ) ) ), "inet6" ( /* Family inet6 */ c( "address" ( /* Address type */ ("source" | "destination") ), "auto-configure" ( /* Auto configuration */ dynamic_ipv6_type /* Auto configuration */ ) ) ) ) ), "encapsulation" ( /* Logical link-layer encapsulation */ ("atm-nlpid" | "atm-cisco-nlpid" | "atm-snap" | "atm-vc-mux" | "atm-ccc-vc-mux" | "atm-tcc-vc-mux" | "atm-tcc-snap" | "atm-ccc-cell-relay" | "vlan-vci-ccc" | "ether-over-atm-llc" | "ether-vpls-over-atm-llc" | "ppp-over-ether-over-atm-llc" | "ppp-over-ether" | "atm-ppp-vc-mux" | "atm-ppp-llc" | "atm-mlppp-llc" | "frame-relay-ppp" | "frame-relay-ccc" | "frame-relay" | "frame-relay-tcc" | "frame-relay-ether-type" | "frame-relay-ether-type-tcc" | "ether-vpls-fr" | "vlan-ccc" | "ethernet-ccc" | "vlan-vpls" | "vlan-bridge" | "ethernet-tcc" | "dix" | "ethernet" | "ethernet-vpls" | "ethernet-bridge" | "vlan" | "vlan-tcc" | "multilink-ppp" | "multilink-frame-relay-end-to-end" | "ppp-ccc") ), "gre" /* Allow GRE packets */, "mtu" arg /* Maximum transmission unit packet size */, c( "point-to-point" /* Point-to-point connection */, "multipoint" /* Multipoint connection */ ), "bandwidth" arg /* Logical unit bandwidth (informational only) */, "global-layer2-domainid" arg /* Global Layer-2 Identifier for this interface */, "radio-router" ( /* Parameters for dynamic link cost management */ dynamic_ifbw_parms_type /* Parameters for dynamic link cost management */ ), "traps" /* Enable SNMP notifications on state changes */, "no-traps" /* Don't enable SNMP notifications on state changes */, "routing-services" /* Enable routing services */, "no-routing-services" /* Don't enable routing services */, "routing-service" ( /* Routing Services on this interface */ c( ("enable" | "disable") ) ), "arp-resp" ( /* Knob to control ARP response on the interface, default is restricted */ sc( c( "unrestricted" /* Enable unrestricted ARP respone on the interface */, "restricted" /* Enable restricted proxy ARP response on the interface */ ) ) ).as(:oneline), "proxy-arp" ( /* Enable proxy ARP on the interface, default is unrestricted */ sc( c( "unrestricted" /* Enable unrestricted proxy ARP on the interface */, "restricted" /* Enable restricted proxy ARP on the interface */ ) ) ).as(:oneline), c( "vlan-id" ( /* Virtual LAN identifier value for 802.1q VLAN tags */ ("none" | arg) ), "vlan-id-range" arg /* Virtual LAN identifier range of form vid1-vid2 */, "inner-vlan-id-swap-ranges" arg /* Inner vlan-id swap range(s) of form vid1-vid2 for dynamic L2 VLANs */, "vlan-id-list" arg /* List of VLAN identifiers */, "vlan-tag" arg /* IEEE 802.1q tag list for VLAN tagged frames */, "vlan-tags" ( /* IEEE 802.1q tags */ sc( "outer" ( /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */ ("$junos-stacked-vlan-id" | "$junos-vlan-id" | arg) ), c( "inner" ( /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */ ("$junos-vlan-id" | arg) ), "inner-range" arg /* [tpid.]vid1-vid2, tpid format is 0xNNNN and is optional */, "inner-list" arg /* List of VLAN identifiers */ ) ) ).as(:oneline) ), "deep-vlan-qualified-learning" arg /* Enable qualified MAC-address learning on the specified vlan tag */, "native-inner-vlan-id" arg /* Native virtual LAN identifier for singly tagged frames */, "inner-vlan-id-range" ( /* Inner vlan-id range start end */ sc( "start" arg /* Inner vlan-id range's start value */, "end" arg /* Inner vlan-id range's end value */ ) ).as(:oneline), "accept-source-mac" ( /* Remote media access control address to/from which to accept traffic */ c( "mac-address" ( /* Remote MAC address */ mac_list /* Remote MAC address */ ) ) ), "input-vlan-map" ( /* VLAN map operation on input */ vlan_map /* VLAN map operation on input */ ), "output-vlan-map" ( /* VLAN map operation on output */ vlan_map /* VLAN map operation on output */ ), "swap-by-poppush" /* Pop original vlan tag and then push a new vlan tag */, "receive-lsp" arg /* Name of incoming label-switched path */, "transmit-lsp" arg /* Name of outgoing label-switched path */, "dlci" arg /* Frame Relay data-link control identifier */, "multicast-dlci" arg /* Frame Relay data-link control identifier for multicast packets */, c( "vci" ( /* ATM point-to-point virtual circuit identifier ([vpi.]vci) */ atm_vci /* ATM point-to-point virtual circuit identifier ([vpi.]vci) */ ), "allow-any-vci" /* Allow all VCIs to open in atm-ccc-cell-relay mode */, "vpi" arg /* ATM point-to-point virtual path identifier (vpi) */, "trunk-id" arg /* ATM trunk identifier */ ), "no-vpivci-swapping" /* Do not swap VPI/VCI for Cell Relay */, c( "psn-vci" ( /* PSN VCI */ atm_vci /* PSN VCI */ ), "psn-vpi" arg /* PSN VPI */ ), "atm-l2circuit-mode" ( /* Select ATM Layer 2 circuit transport mode */ sc( c( "cell" /* ATM Layer 2 circuit cell mode */, "aal5" /* ATM Layer 2 circuit AAL5 mode */ ) ) ).as(:oneline), "vci-range" ( /* ATM VCI range start end */ sc( "start" arg /* ATM VCI range's start value */, "end" arg /* ATM VCI range's end value */ ) ).as(:oneline), "trunk-bandwidth" arg /* ATM trunk bandwidth */, "multicast-vci" ( /* ATM virtual circuit identifier for multicast packets */ atm_vci /* ATM virtual circuit identifier for multicast packets */ ), "shaping" ( /* Virtual circuit traffic-shaping options */ dcd_shaping_config /* Virtual circuit traffic-shaping options */ ), "oam-period" ( /* OAM cell period */ sc( c( arg, "disable" /* Disable F5 OAM loopback */.as(:oneline) ) ) ).as(:oneline), "oam-liveness" ( /* OAM virtual circuit liveness parameters */ c( "up-count" arg /* Number of OAM cells to consider VC up */, "down-count" arg /* Number of OAM cells to consider VC down */ ) ), "ppp-options" ( /* Point-to-Point Protocol interface-specific options */ ppp_options_type /* Point-to-Point Protocol interface-specific options */ ), "pppoe-options" ( /* PPP over Ethernet interface-specific options */ pppoe_options_type /* PPP over Ethernet interface-specific options */ ), "pppoe-underlying-options" ( /* PPP over Ethernet underlying interface-specific options */ pppoe_underlying_options_type /* PPP over Ethernet underlying interface-specific options */ ), "advisory-options" ( /* Interface-specific recommendations */ advisory_options_type /* Interface-specific recommendations */ ), "auto-configure" ( /* Auto configuration */ auto_configure_vlan_type /* Auto configuration */ ), "demux-options" ( /* IP demux interface-specific options */ demux_options_type /* IP demux interface-specific options */ ), "targeted-distribution" ( /* Interface participates in targeted-distribution */ c( "primary-list" arg /* Primary targeted distribution list */, "backup-list" arg /* Backup targeted distribution list */, "standby-list" arg /* Standby targeted distribution list */ ) ), "targeted-options" ( /* Targeting specific options */ c( "weight" ( /* Targeting weight for subscriber */ ("$junos-interface-target-weight" | arg) ), "primary" ( /* Primary link for the subscriber */ interface_device /* Primary link for the subscriber */ ), "backup" ( /* Backup link for the subscriber */ interface_device /* Backup link for the subscriber */ ), "group" arg /* Group name to which the subscriber is associated */ ) ), c( "keepalives" ( /* Send or demand keepalive messages */ keepalives_type /* Send or demand keepalive messages */ ).as(:oneline), "no-keepalives" /* Do not send or demand keepalive messages */ ), "inverse-arp" /* Enable inverse ARP */, "transmit-weight" arg /* ATM2 transmit weight for VC under VP tunnel */, "epd-threshold" ( /* Early packet discard threshold for ATM2 */ epd_threshold_config /* Early packet discard threshold for ATM2 */ ).as(:oneline), "cell-bundle-size" arg /* L2 circuit cell bundle size */, "cell-bundle-timeout" arg /* L2 circuit cell bundle timeout */, "plp-to-clp" /* Enable ATM2 PLP to CLP copy */, "atm-scheduler-map" arg /* Assign ATM2 CoS scheduling map */, "mrru" arg /* Maximum received reconstructed unit */, "short-sequence" /* Short sequence number header format (MLPPP only) */, "fragment-threshold" arg /* Fragmentation threshold */, "drop-timeout" arg /* Drop timeout */, "disable-mlppp-inner-ppp-pfc" /* Disable compression for inner PPP header in MLPPP payload */, "minimum-links" arg /* Minimum number of links to sustain the bundle */, "multilink-max-classes" arg /* Number of multilink classes */, "compression" ( /* Various packet header compressions */ c( "rtp" ( /* Compress and decompress RTP */ c( "f-max-period" arg /* Maximum number of compressed packets between transmission of full headers */, "queues" ( /* Queue holding RTP packets. Default is queue 1 */ ("q0" | "q1" | "q2" | "q3") ), "port" ( /* UDP destination ports reserved for RTP packets */ sc( "minimum" arg, "maximum" arg ) ).as(:oneline), "maximum-contexts" ( /* Maximum number of simultaneous RTP contexts */ sc( arg ) ).as(:oneline) ) ) ) ), "interleave-fragments" /* Interleave long packets with high priority ones */, "link-layer-overhead" ( /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ unsigned_float /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ ), "accounting-profile" arg /* Accounting profile name */, "peer-unit" arg /* Peer unit number */, "tunnel" ( /* Tunnel parameters */ c( "encapsulation" ( /* Encapsulation over tunnel */ c( "vxlan-gpe" ( c( "source" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ), "mac-address" ( /* Interface source mac address */ mac_addr /* Interface source mac address */ ), "interface" ( /* Name of the interface */ interface_name /* Name of the interface */ ) ) ), "destination" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ), "mac-address" ( /* Interface destination mac address */ mac_addr /* Interface destination mac address */ ) ) ), "tunnel-endpoint" ( /* Tunnel end point type */ ("vxlan") ), "destination-udp-port" arg /* Value to write to the destination-udp-port field */, "vni" arg /* Value to write to the vni field */ ) ), "udp" ( /* Family for tunnel encapsulation udp */ c( "source" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ), "interface" ( /* Name of the interface */ interface_name /* Name of the interface */ ) ) ), "destination" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ) ) ) ) ), "ipip" ( /* Family for tunnel encapsulation ipip */ c( "source" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ), "interface" ( /* Name of the interface */ interface_name /* Name of the interface */ ) ) ), "destination" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ) ) ) ) ) ) ), "source" ( /* Tunnel source */ ipaddr /* Tunnel source */ ), "destination" ( /* Tunnel destination */ ipaddr /* Tunnel destination */ ), "key" arg /* Tunnel key */, "backup-destination" ( /* Backup tunnel destination */ ipaddr /* Backup tunnel destination */ ), c( "allow-fragmentation" /* Do not set DF bit on packets */, "do-not-fragment" /* Set DF bit on packets */ ), "ttl" arg /* Time to live */, "traffic-class" arg /* TOS/Traffic class field of IP-header */, "flow-label" arg /* Flow label field of IP6-header */, "path-mtu-discovery" /* Enable path MTU discovery for tunnels */, "no-path-mtu-discovery" /* Don't enable path MTU discovery for tunnels */, "routing-instance" ( /* Routing instance to which tunnel ends belong */ c( "destination" arg /* Routing instance of tunnel destination */ ) ) ) ), "compression-device" ( /* Logical interface used for compression */ interface_unit /* Logical interface used for compression */ ), "atm-policer" ( /* ATM policing for logical interface */ c( "input-atm-policer" arg /* Input atm policer */ ) ), "layer2-policer" ( /* Layer2 policing for logical interface */ c( c( "input-policer" arg /* Two-color policer for received packets */, "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "input-three-color" arg /* Color-blind three-color policer for received packets */ ), c( "output-policer" ( /* Two-color policer for transmitted packets */ ("$junos-layer2-output-policer" | arg) ), "output-three-color" ( /* Three-color policer for transmitted packets */ ("$junos-layer2-output-policer" | arg) ) ) ) ), "filter" ( /* Filters to apply to all families configured under this logical interface */ c( c( "input" ( /* Name of filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline) ), c( "output" ( /* Name of filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline) ) ) ), "multi-chassis-protection" ( /* Inter-Chassis protection configuration */ multi_chassis_protection_group_ifl /* Inter-Chassis protection configuration */ ), "statistics" /* Enable statistics collection in PFE */, "esi" ( /* ESI configuration of logical interface */ c( "auto-derive" ( /* Auto-derive ESI value for the interface */ c( c( "lacp" /* Auto-derive ESI from lacp */ ) ) ), esi /* ESI value for the interface */, c( "single-active" /* Single-active mode */, "all-active" /* All-active mode */ ), "df-election-granularity" ( /* DF Election Granularity Selection */ c( c( "per-esi" ( /* DF Election Granularity Per Esi */ c( "lacp-oos-on-ndf" /* Lacp Oos */ ) ), "per-esi-vlan" /* Per Esi Vlan */ ) ) ), "df-election-type" ( /* DF Election Type */ c( c( "preference" ( /* Preference based DF election */ c( "value" arg /* Preference value for EVPN Multihoming DF election */ ) ) ), c( "mod" /* MOD based DF election */ ) ) ), "source-bmac" ( /* Unicast Source B-MAC address per ESI for PBB-EVPN */ mac_unicast /* Unicast Source B-MAC address per ESI for PBB-EVPN */ ) ) ), c( "no-auto-virtual-gateway-esi" /* Disable auto ESI generation for virtual gateway address */, "virtual-gateway-esi" ( /* ESI configuration of virtual gateway */ c( esi /* ESI value for the interface */, c( "single-active" /* Single-active mode */, "all-active" /* All-active mode */ ) ) ) ), "service" ( /* Service operations */ c( "pcef" arg ( /* PCEF configuration */ c( "activate-all" /* Activate all rules and rulebases in the pcef profile */, "activate" arg /* Name of pcef profile rule or rulebase to activate */ ) ) ) ), "generate-eui64" /* To generate Link Local EUI-64 addresses */, "no-generate-eui64" /* Don't to generate Link Local EUI-64 addresses */, "family" ( /* Protocol family */ c( "inet" ( /* IPv4 parameters */ c( "dhcp" ( /* Dynamic Host Configuration Protocol client configuration */ dhcp_client_type /* Dynamic Host Configuration Protocol client configuration */ ), "targeted-broadcast" ( /* Directed broadcast */ c( c( "forward-and-send-to-re" /* Allow packets to be forwarded and sent to re */, "forward-only" /* Allow packets only to be forwarded */ ) ) ), "destination-class-usage" /* Enable destination class usage on this interface */, "transit-options-packets" /* Transit IP options packets (don't send to Routing Engine) */, "transit-ttl-exceeded" /* Transit IP TTL-exceeded packets (don't send to Routing Engine) */, "receive-options-packets" /* Receive IP options packets (don't send to Routing Engine) */, "receive-ttl-exceeded" /* Receive IP TTL-exceeded packets (don't send to Routing Engine) */, "accounting" ( /* Configure interface-based accounting options */ c( "source-class-usage" ( /* Enable source class usage on this interface */ c( "input" /* Specify this interface for source-class-usage input */, "output" /* Specify this interface for source-class-usage output */ ) ), "destination-class-usage" /* Enable destination class usage on this interface */ ) ), "mac-validate" ( /* Validate source MAC address */ ("strict" | "loose") ), "rpf-check" ( /* Enable reverse-path-forwarding checks on this interface */ c( "fail-filter" arg /* Name of filter applied to packets failing RPF check */, "mode" ( /* Mode for reverse path forwarding */ sc( "loose" /* Reverse-path-forwarding loose mode */ ) ).as(:oneline) ) ), "mtu" arg /* Protocol family maximum transmission unit */, "arp-max-cache" arg /* Max interface ARP nexthop cache size */, "arp-new-hold-limit" arg /* Max no. of new unresolved nexthops */, "tcp-mss" arg /* Protocol family tcp maximum segment size */, "no-redirects" /* Do not redirect traffic */, "no-neighbor-learn" /* Disable neighbor address learning on interface */, "unconditional-src-learn" /* Glean from arp packets even when source cannot be validated */, "multicast-only" /* Allow only multicast traffic (tunnels only) */, "primary" /* Candidate for primary interface in system */, "ipsec-sa" arg /* Name of security association */, "allow-filter-on-re" /* Enable kernel filter on network ports */, "demux-source" ("$junos-subscriber-ip-address" | arg) /* Demux based on source prefix */, "demux-destination" ("$junos-subscriber-ip-address" | arg) /* Demux based on destination prefix */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, "output-chain" arg /* List of filter modules applied to transmitted packets */, c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "iq-policing-filter" ( /* Protocol family ingress-queuing-policing-filter */ sc( arg /* Name of the ingress-queuing-policing-filter */ ) ).as(:oneline), "simple-filter" ( /* Filter for doing multifield classification */ c( "input" arg /* Name of simple filter applied to received packets */ ) ), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "arp" arg /* Name of policer applied to received ARP packets */, "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ), "service" ( /* Service operations */ c( "input" ( /* Service sets to consider for received packets */ c( "service-set" arg ( /* Service set to consider for received packets */ c( "service-filter" arg /* Name of service filter */ ) ), "post-service-filter" arg /* Post-service filter to apply to received packets */ ) ), "output" ( /* Service sets to consider for transmitted packets */ c( "service-set" arg ( /* Service set to consider for transmitted packets */ c( "service-filter" arg /* Name of service filter */ ) ) ) ) ) ), "next-hop-tunnel" arg ( /* One or more next-hop tunnel tables */ c( "ipsec-vpn" arg /* Name of IPSec VPN */ ) ), "tunnel-termination" /* Tunnel termination */, "address" arg ( /* Interface address/destination prefix */ c( "destination" ( /* Destination address */ ipv4addr /* Destination address */ ), "destination-profile" arg /* Profile to use for destination address */, "broadcast" ( /* Broadcast address */ ipv4addr /* Broadcast address */ ), "primary" /* Candidate for primary address in system */, "preferred" /* Preferred address on interface */, "master-only" /* Master management IP address for router */, "multipoint-destination" arg ( /* Multipoint NBMA destination */ c( c( "dlci" arg /* Frame Relay data-link control identifier */, "vci" ( /* ATM virtual circuit identifier ([vpi.]vci) */ atm_vci /* ATM virtual circuit identifier ([vpi.]vci) */ ) ), "shaping" ( /* Virtual circuit traffic-shaping options */ dcd_shaping_config /* Virtual circuit traffic-shaping options */ ), "oam-period" ( /* OAM cell period */ sc( c( arg, "disable" /* Disable OAM loopback */.as(:oneline) ) ) ).as(:oneline), "oam-liveness" ( /* OAM virtual circuit liveness parameters */ c( "up-count" arg /* Number of OAM cells to consider VC up */, "down-count" arg /* Number of OAM cells to consider VC down */ ) ), "inverse-arp" /* Enable inverse ARP reply messages */, "transmit-weight" arg /* ATM2 transmit weight for VC under VP tunnel */, "epd-threshold" ( /* Early packet discard threshold for ATM2 */ epd_threshold_config /* Early packet discard threshold for ATM2 */ ).as(:oneline) ) ), "arp" arg ( /* Static Address Resolution Protocol entries */ sc( "l2-interface" ( /* Layer 2 interface name for ARP entry */ interface_name /* Layer 2 interface name for ARP entry */ ), c( "mac" ( /* MAC address */ mac_unicast /* MAC address */ ), "multicast-mac" ( /* Multicast MAC address */ mac_multicast /* Multicast MAC address */ ) ), "publish" /* Reply to ARP requests for this entry */ ) ).as(:oneline), "host-discovery" arg ( /* Discover servers IP based on subnet range */ sc( "aging-timer" arg /* ARP aging timer */, "discovery-interval" arg /* ARP proactive discovery time */ ) ).as(:oneline), "web-authentication" ( /* Parameters for web-based firewall-user authentication */ c( "http" /* Enable authentication via HTTP */, "https" /* Enable authentication via HTTPS */, "redirect-to-https" /* Web authentication redirect to HTTPS */ ) ), "vrrp-group" ( /* VRRP group */ vrrp_group /* VRRP group */ ), "virtual-gateway-address" ( /* Virtual Gateway IP address */ ipv4addr /* Virtual Gateway IP address */ ) ) ), "unnumbered-address" ( /* Unnumbered interface address/destination prefix */ sc( interface_unit /* Interface from which to take local address */, "preferred-source-address" ( /* Preferred address on the donor interface */ ("$junos-preferred-source-address" | arg) ), "destination" ( /* Destination address */ ipv4addr /* Destination address */ ), "destination-profile" arg /* Profile to use for destination address */ ) ).as(:oneline), "location-pool-address" ( /* Location-based IP address pool */ c( arg ) ), "negotiate-address" /* Negotiate address with remote */, "destination-udp-port" arg /* Choose destination UDP port number */ ) ), "iso" ( /* OSI ISO protocol parameters */ c( "address" arg /* Interface address */, "mtu" arg /* Protocol family maximum transmission unit */, "destination-udp-port" arg /* Choose destination UDP port number */ ) ), "inet6" ( /* IPv6 protocol parameters */ c( "dhcpv6-client" ( /* Dynamic Host Configuration Protocol DHCPv6 client configuration */ c( "client-type" ( /* DHCPv6 client type */ ("stateful" | "autoconfig") ), "client-ia-type" enum(("ia-na" | "ia-pd")) /* DHCPv6 client identity association type */, "rapid-commit" /* Option is used to signal the use of the two message exchange for address assignment */, "prefix-delegating" ( /* Prefix delegating parameters */ c( "preferred-prefix-length" arg /* Client preferred prefix length */, "sub-prefix-length" arg /* The sub prefix length for LAN interfaces */ ) ), "client-identifier" ( /* DHCP Server identifies a client by client-identifier value */ sc( "duid-type" ( /* DUID identifying a client */ ("duid-llt" | "vendor" | "duid-ll") ) ) ).as(:oneline), "vendor-id" arg /* Vendor class id for the dhcpv6 client */, "req-option" enum(("dns-server" | "domain" | "ntp-server" | "time-zone" | "sip-server" | "sip-domain" | "nis-server" | "nis-domain" | "fqdn" | "vendor-spec" | "zero-touch-redirect" | "bootfile-url" | "bootfile-param")) /* DHCPV6 client requested option configuration */, "options" ( /* DHCP options */ c( "number" arg ( /* DHCP option code */ sc( c( "hex-string" arg /* Hexadecimal string */ ) ) ).as(:oneline) ) ), "retransmission-attempt" arg /* Number of attempts to retransmit the DHCPV6 client protocol packet */, "no-dns-install" /* Not propagate DNS to kernel */, "update-router-advertisement" ( /* Dhcpv6 client update rpd for prefix delegation */ c( "interface" arg ( /* Interfaces on which to delegate prefix */ c( "managed-configuration" /* Set managed address configuration */, "no-managed-configuration" /* Don't set managed address configuration */, "other-stateful-configuration" /* Set other stateful configuration */, "no-other-stateful-configuration" /* Don't set other stateful configuration */, "max-advertisement-interval" arg /* Maximum advertisement interval */, "min-advertisement-interval" arg /* Minimum advertisement interval */, "enable-recursive-dns-server-option" /* Enables the recursive DNS server option */, "no-enable-recursive-dns-server-option" /* Don't enables the recursive DNS server option */ ) ) ) ), "update-server" /* Propagate TCP/IP settings to DHCP server */ ) ), "rpf-check" ( /* Enable reverse-path-forwarding checks on this interface */ c( "fail-filter" arg /* Name of filter applied to packets failing RPF check */, "mode" ( /* Mode for reverse path forwarding */ sc( "loose" /* Reverse-path-forwarding loose mode */ ) ).as(:oneline) ) ), "accounting" ( /* Interface-based accounting options */ c( "source-class-usage" ( c( "input" /* Interface for source-class-usage input */, "output" /* Interface for source-class-usage output */ ) ), "destination-class-usage" /* Enable destination class usage on this interface */ ) ), "mtu" arg /* Protocol family maximum transmission unit */, "tcp-mss" arg /* Protocol family tcp maximum segment size */, "nd6-stale-time" arg /* Stale time to reconfirm reachability with inet6 neighbour */, "no-neighbor-learn" /* Disable neighbor address learning on interface */, "slaac-enable" /* Enable slaac on management interface */, "ndp-proxy" ( /* Enable ndp proxy on interface */ c( "interface-restricted" /* Enable ndp interface proxy restricted to interface */ ) ), "dad-proxy" ( /* DAD proxy on interface */ c( "interface-restricted" /* Enable DAD interface proxy restricted to interface */ ) ), "nd6-max-cache" arg /* Max interface ND nexthop cache size */, "nd6-new-hold-limit" arg /* Max no. of new unresolved nexthops */, "no-redirects" /* Do not redirect traffic */, "allow-filter-on-re" /* Enable kernel filter on network ports */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, "output-chain" arg /* List of filter modules applied to transmitted packets */, "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ), "service" ( /* Service operations */ c( "input" ( /* Service sets to consider for received packets */ c( "service-set" arg ( /* Service set to consider for received packets */ c( "service-filter" arg /* Name of service filter */ ) ), "post-service-filter" arg /* Post-service filter to apply to received packets */ ) ), "output" ( /* Service sets to consider for transmitted packets */ c( "service-set" arg ( /* Service set to consider for transmitted packets */ c( "service-filter" arg /* Name of service filter */ ) ) ) ) ) ), "tunnel-termination" /* Tunnel termination */, "address" arg ( /* Interface address or destination prefix */ c( "destination" ( /* Destination address */ ipv6addr /* Destination address */ ), "eui-64" /* Generate EUI-64 interface ID */, "primary" /* Candidate for primary address in system */, "preferred" /* Preferred address on interface */, "master-only" /* Master management IP address for router */, "ndp" arg ( /* Static Neighbor Discovery Protocol entries */ sc( "l2-interface" ( /* Layer 2 interface name for NDP entry */ interface_name /* Layer 2 interface name for NDP entry */ ), c( "mac" ( /* MAC address */ mac_unicast /* MAC address */ ), "multicast-mac" ( /* Multicast MAC address */ mac_multicast /* Multicast MAC address */ ) ), "publish" /* Reply to NDP requests for this entry */ ) ).as(:oneline), "vrrp-inet6-group" ( /* VRRP group */ vrrp_group /* VRRP group */ ), "web-authentication" ( /* Parameters for web-based firewall-user authentication */ c( "http" /* Enable authentication via HTTP */, "https" /* Enable authentication via HTTPS */, "redirect-to-https" /* Web authentication redirect to HTTPS */ ) ), "virtual-gateway-address" ( /* Virtual Gateway IP address */ ipv6addr /* Virtual Gateway IP address */ ), "subnet-router-anycast" /* Create a subnet roter anycast address for this address. */ ) ), "demux-source" ("$junos-subscriber-ipv6-address" | arg | "$junos-subscriber-ipv6-multi-address") /* Demux based on source prefix */, "demux-destination" ("$junos-subscriber-ipv6-address" | arg) /* Demux based on destination prefix */, "unnumbered-address" ( /* Unnumbered interface address/destination prefix */ sc( interface_unit /* Interface from which to take local address */, "preferred-source-address" ( /* Preferred address on the donor interface */ ("$junos-preferred-source-ipv6-address" | arg) ) ) ).as(:oneline), "dad-disable" /* Disable duplicate-address-detection */, "no-dad-disable" /* Don't disable duplicate-address-detection */, "destination-udp-port" arg /* Choose destination UDP port number */ ) ), "mpls" ( /* MPLS protocol parameters */ c( "mtu" arg /* Protocol family maximum transmission unit */, "maximum-labels" arg /* Protocol family maximum number of labels */, "filter" ( /* Packet filtering */ c( c( "input" arg /* Name of filter applied to received packets */, "input-list" arg /* List of filter modules applied to received packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, c( "output" arg /* Name of filter applied to transmitted packets */, "output-list" arg /* List of filter modules applied to transmitted packets */ ), "output-chain" arg /* List of filter modules applied to transmitted packets */, "group" arg /* Interface group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "destination-udp-port" arg /* Choose destination UDP port number */ ) ), "mlppp" ( /* Multilink PPP protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ ("$junos-bundle-interface-name" | arg) ), c( "service-interface" ( /* Services interface to use */ interface_device /* Services interface to use */ ), "service-device-pool" arg /* Service interface pool name to use */ ), "dynamic-profile" arg /* dynamic profile for interface to use */ ) ), "mlfr-end-to-end" ( /* Multilink Frame Relay end-to-end protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ interface_unit /* Logical interface name this link will join */ ) ) ), "mlfr-uni-nni" ( /* Multilink Frame Relay UNI NNI protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ interface_unit /* Logical interface name this link will join */ ) ) ), "ccc" ( /* Circuit cross-connect parameters */ c( "mtu" arg /* Protocol family maximum transmission unit */, "filter" ( /* Packet filtering */ c( c( "input" arg /* Name of filter applied to received packets */, "input-list" arg /* List of filter modules applied to received packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, c( "output" arg /* Name of filter applied to transmitted packets */, "output-list" arg /* List of filter modules applied to transmitted packets */ ), "output-chain" arg /* List of filter modules applied to transmitted packets */, "group" arg /* Interface group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "translate-fecn-and-becn" /* Translate FECN and BECN bits */, c( "translate-discard-eligible" /* Translate DE bit */, "translate-plp-control-word-de" /* Translate PLP to/from Martini Control DE bit */ ), "keep-address-and-control" /* Don't strip PPP address and control bytes */ ) ), "tcc" ( /* Translational cross-connect parameters */ c( "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "proxy" ( c( "inet-address" ( /* Remote host address on non-Ethernet side of Ethernet TCC */ ipv4addr /* Remote host address on non-Ethernet side of Ethernet TCC */ ) ) ), "remote" ( c( "inet-address" ( /* Remote host address on Ethernet side of Ethernet TCC */ ipv4addr /* Remote host address on Ethernet side of Ethernet TCC */ ), "mac-address" ( /* Remote host MAC address on Ethernet side of Ethernet TCC */ mac_addr /* Remote host MAC address on Ethernet side of Ethernet TCC */ ) ) ), "protocols" ( /* Protocols supported on TCC interface */ ("mpls" | "inet" | "iso" | "inet6") ) ) ), "vpls" ( /* Virtual private LAN service parameters */ c( "core-facing" /* Interface is core facing */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, "output-chain" arg /* List of filter modules applied to transmitted packets */, c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "iq-policing-filter" ( /* Protocol family ingress-queuing-policing-filter */ sc( arg /* Name of the ingress-queuing-policing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ) ) ), "bridge" ( /* Layer-2 bridging parameters */ c( "core-facing" /* Interface is core facing */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, "output-chain" arg /* List of filter modules applied to transmitted packets */, c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "iq-policing-filter" ( /* Protocol family ingress-queuing-policing-filter */ sc( arg /* Name of the ingress-queuing-policing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "interface-mode" ( /* Interface mode (access or trunk) */ ("access" | "trunk") ), "vlan-auto-sense" /* Enable VLAN auto sense on this interface */, "bridge-domain-type" ( /* Bridge domain type (svlan or bvlan) */ ("svlan" | "bvlan") ), "inter-switch-link" /* PVLAN inter switch link */, c( "vlan-id" arg /* Access mode and trunk mode VLAN membership */, "vlan-id-list" arg /* Trunk mode VLAN membership for this interface */, "inner-vlan-id-list" arg /* Trunk mode VLAN membership for this interface based on inner VLAN tag */ ), "vlan-rewrite" ( /* Specify vlan translation */ c( "translate" arg ( /* Translate incoming VLAN tag */ sc( arg ) ).as(:oneline) ) ), c( "isid-list" ( /* Specify the ISID list */ ("all-service-groups" | "all") ) ), "storm-control" ( /* Storm control profile name to bind */ c( arg /* Profile name */ ) ), "recovery-timeout" ( /* Recovery timeout for this interface */ sc( arg ) ).as(:oneline), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ) ) ), "ethernet-switching" ( /* Ethernet switching parameters */ ethernet_switching_type /* Ethernet switching parameters */ ), "fibre-channel" ( /* Fibre channel switching parameters */ fibre_channel_type /* Fibre channel switching parameters */ ), "pppoe" ( /* PPP over Ethernet underlying interface-specific options */ pppoe_underlying_options_type /* PPP over Ethernet underlying interface-specific options */ ), "any" ( /* Parameters for 'any' family */ c( "filter" ( /* Layer 2 packet filtering */ c( "input" arg /* Name of filter applied to received packets */, "group" arg /* Group to which interface belongs */ ) ) ) ) ) ), "service-domain" ( /* Service domain to which interface belongs */ ("inside" | "outside") ), "copy-tos-to-outer-ip-header" /* Copy IP payload header's ToS field to GRE delivery header */, "copy-tos-to-outer-ip-header-transit" /* Copy IP ToS field to GRE header for transit packets */, "force-control-packets-on-transit-path" /* Force control packets to follow transit path */, "load-balancing-options" ( /* AMS subunit load balancing options */ c( "preferred-active" ( /* Preferred active Interface name */ interface_device /* Preferred active Interface name */ ), "disable-hash" /* Hash based distribution is not needed for this subunit */, "hash-keys" ( c( "ingress-key" ( /* Hash Key for the ingress direction */ enum(("source-ip" | "destination-ip" | "protocol" | "iif")) ), "egress-key" ( /* Hash Key for the egress direction */ enum(("source-ip" | "destination-ip" | "protocol" | "oif")) ), "ipv6-source-prefix-length" ( /* IPv6 source prefix length for hash computation */ ("56" | "64" | "96" | "128") ) ) ) ) ), "mac" ( /* Configure logical interface MAC address */ mac_unicast /* Configure logical interface MAC address */ ), "virtual-gateway-v4-mac" ( /* Configure virtual gateway IPV4 virtual MAC address */ mac_unicast /* Configure virtual gateway IPV4 virtual MAC address */ ), "virtual-gateway-v6-mac" ( /* Configure virtual gateway IPV6 virtual MAC address */ mac_unicast /* Configure virtual gateway IPV6 virtual MAC address */ ), "forwarding-options" ( /* Aggregated Ethernet interface forwarding-options */ c( "load-balance-stateful" ( /* Stateful load balancing */ c( "per-flow" /* Enable feature */, "rebalance" arg /* Rebalancing interval */, "load-type" ( /* Load - defines the flows */ ("high" | "medium" | "low") ) ) ) ) ), "etree-ac-role" ( /* ETREE attachment circuit role */ ("root" | "leaf") ) ) ), "no-partition" ( /* Use channelizable interface as clear channel */ sc( "interface-type" ( /* Interface type */ ("e1" | "t1" | "at" | "t3" | "e3" | "ct3" | "so" | "cau4") ) ) ).as(:oneline), "partition" arg ( /* Channelized interface partition */ sc( "oc-slice" arg /* Range of SONET/SDH slices (for example, 1, 7-9) */, "timeslots" arg /* Timeslots [(1..24) for T1, (1..31) for E1]; for example, 1-3,4,9,22-24 (no spaces) */, "interface-type" ( /* Sublevel interface type */ ("ds" | "e1" | "t1" | "at" | "ct1" | "ce1" | "t3" | "ct3" | "e3" | "so" | "coc1" | "cau4" | "dc" | "bc") ) ) ).as(:oneline), "radius-options" ( /* Interface RADIUS Options */ radius_options_vlan_type /* Interface RADIUS Options */ ) ) ) end rule(:ipr_profile_object) do arg.as(:arg) ( c( "timeout" arg /* IP-reassembly timeout value */, "max-reassembly-pending-packets" arg /* IP-reassembly pending packets */ ) ) end rule(:ipr_rule_object) do arg.as(:arg) ( c( "match-direction" ( /* Direction for which the rule match is applied */ ("input") ) ) ) end rule(:ipsec_services_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("timer" | "routing-socket" | "parse" | "ike" | "policy-manager" | "general" | "database" | "certificates" | "snmp" | "ams" | "lic" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:ipsec_vpn_rule_object) do arg.as(:arg) ( c( "term" arg ( /* Define an IPSec term */ c( "from" ( /* Define match criteria */ ipsec_vpn_match_object /* Define match criteria */ ), "then" ( /* Action to take if the 'from' condition is matched */ c( "syslog" /* System log information about the packet */, "remote-gateway" ( /* Remote gateway address */ ipaddr /* Remote gateway address */ ), "backup-remote-gateway" ( /* Backup remote gateway address */ ipaddr /* Backup remote gateway address */ ), c( "manual" ( /* Define a manual security association */ c( "direction" enum(("inbound" | "outbound" | "bidirectional")) ( /* Define the direction of the security association */ c( "protocol" ( /* Define an IPSec protocol for the security association */ ("ah" | "esp" | "bundle") ), "spi" arg /* Define security parameter index */, "auxiliary-spi" arg /* ESP security parameter index for IPSec SA bundle */, "authentication" ( /* Define authentication parameters */ c( "algorithm" ( /* Define authentication algorithm */ ("hmac-md5-96" | "hmac-sha1-96" | "hmac-sha2-256" | "hmac-sha-256-128") ), "key" ( /* Define an authentication key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline) ) ), "encryption" ( /* Define encryption parameters */ c( "algorithm" ( /* Define encryption algorithm */ ("des-cbc" | "3des-cbc" | "aes-128-cbc" | "aes-192-cbc" | "aes-256-cbc") ), "key" ( /* Define an encryption key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline) ) ) ) ) ) ), "dynamic" ( /* Define a dynamic security association */ c( "ike-policy" arg /* Name of the IKE policy */, "ipsec-policy" arg /* Name of the IPSec policy */, "natt-install-interval" arg /* Installation interval of the IPSEC SA in NAT-T scenario */ ) ) ), "clear-dont-fragment-bit" /* Clear the do not fragment bit */, "copy-dont-fragment-bit" /* Copy the do not fragment bit */, "set-dont-fragment-bit" /* Set the do not fragment bit */, "no-anti-replay" /* Disable the anti-replay check */, "tunnel-mtu" arg /* Maximum transmit packet size */, "copy-ttl-from-inner-ip-header" /* Copy the inner ip ttl value to outer ip header */, "ttl" arg /* TTL value to be used for outer IP header */, "copy-tos-from-inner-ip-header" /* Copy the inner ip tos value to outer ip header */, "tos" arg /* ToS value to be used for outer IP header */, "initiate-dead-peer-detection" /* Initiate dead peer detection */, "dead-peer-detection" ( /* Dead peer detection options */ c( "interval" arg /* Interval at which the DPD messages should be sent */, "threshold" arg /* Maximum number of DPD messages */ ) ), "anti-replay-window-size" arg /* Size of the anti-replay window */ ) ) ) ), "match-direction" ( /* Direction for which the rule match is applied */ ("input" | "output") ) ) ) end rule(:ipsec_vpn_match_object) do c( "source-address" ( /* Match IP source address */ ipsec_vpn_addr_object /* Match IP source address */ ), "destination-address" ( /* Match IP destination address */ ipsec_vpn_addr_object /* Match IP destination address */ ), "ipsec-inside-interface" ( /* IPSec interface to internal network */ interface_unit /* IPSec interface to internal network */ ) ) end rule(:ipsec_vpn_addr_object) do arg.as(:arg).as(:oneline) end rule(:jsrc_options) do c( "partition" arg ( /* JSRC partition definition */ c( "diameter-instance" arg /* JSRC diameter instance */, "destination-realm" arg /* JSRC destination realm */, "destination-host" arg /* JSRC destination host */ ) ) ) end rule(:juniper_access_options) do c( "radius-server" ( /* RADIUS server configuration */ access_radius_server_object /* RADIUS server configuration */ ), "radius-server-name" ( /* RADIUS server FQDN configuration */ access_radius_server_name_object /* RADIUS server FQDN configuration */ ), "radius-disconnect-port" arg /* Server port on which to access disconnect requests from RADIUS client */, "radius-disconnect" ( /* RADIUS-initiated disconnect configuration for dynamic termination of user sessions by external entity */ radius_disconnect_object /* RADIUS-initiated disconnect configuration for dynamic termination of user sessions by external entity */ ), "domain-name-server" arg /* Default DNS server's IPv4 address */, "domain-name-server-inet" arg /* DNS server's IPv4 address */, "domain-name-server-inet6" arg /* DNS server's IPv6 address */, "wins-server" arg /* Default WINS server's IPv4 address */, "address-pool" ( /* Address pool */ address_pool_object /* Address pool */ ), "group-profile" ( /* Group profile to use for this client */ group_profile_object /* Group profile to use for this client */ ), "profile" arg ( /* Set of attributes that define access */ c( "accounting-order" ( /* Order in which accounting mechanisms are used */ ("radius") ), "authentication-order" ( /* Order in which authentication mechanisms are used */ ("radius" | "password" | "none" | "nasreq" | "nas-5g" | "ldap" | "securid" | "s6a") ), "authorization-order" ( /* Order in which authorization mechanisms are used */ ("jsrc" | "nasreq" | "none") ), "provisioning-order" ( /* Order in which provisioning mechanisms are used */ ("jsrc" | "gx-plus" | "pcrf") ), "preauthentication-order" ( /* Order in which preauthentication mechanisms are used */ ("radius") ), "charging-service-list" ( /* List of used 3gpp charging servicess */ ("ocs") ), "domain-name-server" arg /* Default DNS server's IPv4 address */, "domain-name-server-inet" arg /* DNS server's IPv4 address */, "domain-name-server-inet6" arg /* DNS server's IPv6 address */, "wins-server" arg /* Default WINS server's IPv4 address */, "client" ( /* Entity requesting access */ access_client_object /* Entity requesting access */ ), "address-assignment" ( /* Address assignment pool */ c( "pool" arg /* Name of address-assignment pool */, "inet6-pool" arg /* Name of address-assignment pool for family inet6 */ ) ), "session-limit-per-username" arg /* Maximum number of sessions allowed per username */, "local" ( /* Set configuration for local reporting - obsolete config */ c( "flat-file-profile" arg /* Specifies that the service accounting will be reported as per flat-file profile */ ) ), "radius" ( /* Set of RADIUS configurations */ c( "authentication-server" ( /* The authentication server list to use in the specified order to send authentication messages */ ipaddr /* The authentication server list to use in the specified order to send authentication messages */ ), "accounting-server" ( /* The accounting server list to use in the specified order to send accounting messages */ ipaddr /* The accounting server list to use in the specified order to send accounting messages */ ), "preauthentication-server" ( /* The preauthentication server list to use in the specified order to send preauthentication messages */ ipv4addr /* The preauthentication server list to use in the specified order to send preauthentication messages */ ), "authentication-server-name" arg /* The authentication server to use to send authentication messages */, "accounting-server-name" arg /* The accounting server to use to send accounting messages */, "options" ( /* Specifies the RADIUS options */ c( "ethernet-port-type-virtual" /* Type of physical port to authenticate the user is virtual (RADIUS attribute 61) */, "interface-description-format" ( /* Interface description in the NAS-port-ID attribute */ c( "exclude-sub-interface" /* Exclude sub-interface from interface description */, "exclude-adapter" /* Exclude adapter from interface description */, "exclude-channel" /* Exclude channel from interface description */ ) ), "nas-identifier" arg /* NAS-Identifier to be used for authentication and accounting requests (RADIUS attribute 32) */, "nas-port-extended-format" ( /* RADIUS client's use of an extended format for RADIUS attribute 5 */ c( "ae-width" arg /* Number of bits for the aggregated ethernet identifier field */, "slot-width" arg /* Number of bits for the slot field */, "adapter-width" arg /* Number of bits for the adapter field */, "port-width" arg /* Number of bits for the port field */, "pw-width" arg /* Number of bits for the pseudo-wire field */, "stacked-vlan-width" arg /* Number of bits for the S-VLAN subinterface field */, "vlan-width" arg /* Number of bits for the VLAN subinterface field */, "atm" ( /* ATM specific parameters for NAS Port */ c( "slot-width" arg /* Number of bits for the ATM slot field */, "adapter-width" arg /* Number of bits for the ATM adapter field */, "port-width" arg /* Number of bits for the ATM port field */, "vpi-width" arg /* Number of bits for the ATM VPI field */, "vci-width" arg /* Number of bits for the ATM VCI field */ ) ) ) ), "nas-port-id-delimiter" arg /* Single character delimiter character to use in the NAS-Port-Id */, "nas-port-id-format" ( /* Format methods for building the NAS-Port-Id radius attribute */ c( "nas-identifier" /* Include the nas-identifier value */, "interface-description" /* Include the interface-description value */, "agent-circuit-id" /* Include (ACI) agent-circuit-id value */, "agent-remote-id" /* Include (ARI) agent-remote-id value */, "postpend-vlan-tags" /* Include the vlan tag(s) using :- */, "interface-text-description" /* Include the interfaces description string */, "order" ( /* Order of options for appearance in the NAS-Port-Id string */ ("nas-identifier" | "agent-circuit-id" | "agent-remote-id" | "interface-description" | "interface-text-description" | "postpend-vlan-tags") ) ) ), "nas-port-type" ( /* Translation mechanism for changing the NAS-Port-Type radius attribute */ c( "ethernet" ( /* Translation mechanism for changing the Ethernet value */ ("async" | "sync" | "isdn-sync" | "isdn-v120" | "isdn-v110" | "virtual" | "piafs" | "hdlc-clear-channel" | "x25" | "x75" | "g3-fax" | "sdsl" | "adsl-cap" | "adsl-dmt" | "idsl" | "ethernet" | "xdsl" | "cable" | "wireless" | "wireless-ieee80211" | "token-ring" | "fddi" | "wireless-cdma2000" | "wireless-umts" | "wireless-1x-ev" | "iapp" | arg) ) ) ), "calling-station-id-delimiter" arg /* Single character separator for calling-station-id */, "calling-station-id-format" ( /* Format method for building the calling-station-id */ c( "nas-identifier" /* Include the nas-identifier value */, "interface-description" /* Include the interface-description value */, "agent-circuit-id" /* Include agent-circuit-id value */, "agent-remote-id" /* Include agent-remote-id value */, "mac-address" /* Include mac-address value */, "interface-text-description" /* Include the interfaces description string */, "stacked-vlan" /* Include the stacked vlan tag value */, "vlan" /* Include the vlan tag value */ ) ), "remote-circuit-id-delimiter" arg /* Single delimiter character to use in the remote-circuit-id */, "remote-circuit-id-format" ( /* Format method for building the remote-circuit-id attribute */ c( "agent-circuit-id" /* Include agent-circuit-id (ACI) value */, "agent-remote-id" /* Include agent-remote-id (ARI) value */ ) ), "remote-circuit-id-fallback" ( /* Configure the fallback for remote-circuit-id attribute */ ("default" | "configured-calling-station-id") ), "override" ( /* Configure RADIUS to override the standard use of an attribute */ c( "calling-station-id" ( /* Configure RADIUS value for calling-station-id attribute */ sc( "remote-circuit-id" /* Configure RADIUS to use remote-circuit-id */ ) ).as(:oneline), "nas-port" ( /* Configure override RADIUS nas-port with */ ("tunnel-client-nas-port") ), "nas-port-type" ( /* Configure override RADIUS nas-port-type with */ ("tunnel-client-nas-port-type") ), "nas-ip-address" ( /* Configure override RADIUS nas-ip-address with */ ("tunnel-client-gateway-address") ) ) ), "accounting-session-id-format" ( /* Decimal format or description format for the accounting session ID */ ("decimal" | "description") ), "accounting-session-id-strict" /* Enforce exact match of accounting-session-id in CoA processing */, "revert-interval" arg /* Time after which to revert to primary server */, "vlan-nas-port-stacked-format" /* Include the S-VLAN ID, in addition to the VLAN ID, for subscribers on Ethernet interfaces */, "client-authentication-algorithm" ( /* Algorithm to access the RADIUS servers for authentication */ ("direct" | "round-robin") ), "client-accounting-algorithm" ( /* Algorithm to access the RADIUS servers for accounting */ ("direct" | "round-robin") ), "juniper-access-line-attributes" /* Include the Juniper (IANA 4874) access line VSAs in requests to RADIUS servers */, "ip-address-change-notify" ( /* Include IPv4-Release-Control VSA (26-164) in requests to RADIUS server */ sc( "message" arg /* Message to be added in IPv4-Release-Control VSA (26-164) */ ) ).as(:oneline), "coa-dynamic-variable-validation" /* Enable strict dynamic variable validation (no undefined variable) in CoA processing */, "chap-challenge-in-request-authenticator" /* Use 16-byte CHAP challenge as Request Authenticator */, "service-activation" ( /* Service activation requirement for successful login */ c( "extensible-service" ( /* Service activation of extensible services requirement for successful login */ ("required-at-login" | "optional-at-login") ), "dynamic-profile" ( /* Service activation of dynamic-profile services requirement for successful login */ ("required-at-login" | "optional-at-login") ) ) ), "accounting-username-original" /* Use orignal (un-modified) username in accounting messages */ ) ), "attributes" ( /* Specifies how RADIUS attributes should be handled */ c( "ignore" ( /* Ignores the specified attribute in RADIUS Access-Accept messages */ c( "output-filter" /* Juniper (IANA 4874) Output-filter / Egress-Policy-Name (VSA 26-11) */, "input-filter" /* Juniper (IANA 4874) Input-filter / Ingress-Policy-Name (VSA 26-10) */, "framed-ip-netmask" /* Framed-IP-Netmask (attribute 9) */, "logical-system-routing-instance" /* Juniper (IANA 4874) Logical-system-routing-instance / Virtual-Router (VSA 26-1) */, "dynamic-iflset-name" /* Juniper (IANA 4874) Dynamic interface set / Qos-Set-Name (VSA 26-130) */, "idle-timeout" /* Idle-Timeout (attribute 28) */, "session-timeout" /* Session-Timeout (attribute 27) */, "standard-attribute" arg /* RADIUS standard attribute number */, "vendor-id" arg ( /* Specify the vendor-identifier for a vendor-specific attribute (VSA) */ c( "vendor-attribute" arg /* Vendor specific attribute number */ ) ) ) ), "exclude" ( /* Configures the exclusion of RADIUS attributes in RADIUS messages */ c( "standard-attribute" arg ( /* Specify RADIUS standard attribute number */ c( "packet-type" ( /* Specify packet types to be excluded */ ("access-request" | "accounting-on" | "accounting-off" | "accounting-start" | "accounting-stop") ) ) ), "vendor-id" arg ( /* Specify the vendor-identifier for a vendor-specific attribute (VSA) */ c( "vendor-attribute" arg ( /* Specify vendor specific attribute number */ c( "packet-type" ( /* Specify packet types to be excluded */ ("access-request" | "accounting-on" | "accounting-off" | "accounting-start" | "accounting-stop") ) ) ) ) ), "accounting-authentic" ( /* Excludes RADIUS attribute 45, Acct-Authentic */ ("accounting-on" | "accounting-off" | "accounting-start" | "accounting-stop") ), "accounting-delay-time" ( /* Excludes RADIUS attribute 41, Acct-Delay-Time */ ("accounting-on" | "accounting-off" | "accounting-start" | "accounting-stop") ), "accounting-session-id" ( /* Excludes RADIUS attribute 44, Acct-Session-ID */ ("access-request") ), "accounting-terminate-cause" ( /* Excludes RADIUS attribute 49, Acct-Terminate-Cause */ ("accounting-off") ), "called-station-id" ( /* Excludes RADIUS attribute 30, Called-Station-ID */ ("access-request" | "accounting-start" | "accounting-stop") ), "calling-station-id" ( /* Excludes RADIUS attribute 31, Calling-Station-ID */ ("access-request" | "accounting-start" | "accounting-stop") ), "class" ( /* Excludes RADIUS attribute 25, Class */ ("accounting-start" | "accounting-stop") ), "delegated-ipv6-prefix" ( /* Excludes RADIUS attribute 123, Delegated-IPv6-Prefix */ ("accounting-start" | "accounting-stop") ), "dhcp-options" ( /* Excludes RADIUS attribute 26-55, DHCP-Options */ ("access-request" | "accounting-start" | "accounting-stop") ), "dhcp-gi-address" ( /* Excludes RADIUS attribute 26-57, DHCP-GI-Address */ ("access-request" | "accounting-start" | "accounting-stop") ), "dhcp-mac-address" ( /* Excludes RADIUS attribute 26-56, DHCP-MAC-Address */ ("access-request" | "accounting-start" | "accounting-stop") ), "output-filter" ( /* Excludes RADIUS attribute 26-11, Egress-Policy-Name */ ("accounting-start" | "accounting-stop") ), "event-time-stamp" ( /* Excludes RADIUS attribute 55, Event-Timestamp */ ("accounting-on" | "accounting-off" | "accounting-start" | "accounting-stop") ), "filter-id" ( /* Excludes RADIUS attribute 11, Filter-Id */ ("accounting-start" | "accounting-stop") ), "framed-ip-address" ( /* Excludes RADIUS attribute 8, Framed-IP-Address */ ("access-request" | "accounting-start" | "accounting-stop") ), "framed-ip-netmask" ( /* Excludes RADIUS attribute 9, Framed-IP-Netmask */ ("access-request" | "accounting-start" | "accounting-stop") ), "framed-ip-route" ( /* Excludes RADIUS attribute 22, Framed-Route */ ("accounting-start" | "accounting-stop") ), "framed-ipv6-address" ( /* Excludes RADIUS attribute 168, Framed-IPV6-Address */ ("access-request" | "accounting-start" | "accounting-stop") ), "framed-ipv6-pool" ( /* Excludes RADIUS attribute 100, Framed-IPv6-Pool */ ("accounting-start" | "accounting-stop") ), "framed-ipv6-prefix" ( /* Excludes RADIUS attribute 97, Framed-IPv6-Prefix */ ("accounting-start" | "accounting-stop") ), "framed-ipv6-route" ( /* Excludes RADIUS attribute 99, Framed-IPv6-Route */ ("accounting-start" | "accounting-stop") ), "framed-pool" ( /* Excludes RADIUS attribute 88, Framed-Pool */ ("accounting-start" | "accounting-stop") ), "input-filter" ( /* Excludes RADIUS attribute 26-10, Ingress-Policy-Name */ ("accounting-start" | "accounting-stop") ), "input-gigapackets" ( /* Excludes Juniper (IANA 4874) VSA 26-42, Acct-Input-Gigapackets */ ("accounting-stop") ), "input-gigawords" ( /* Excludes RADIUS attribute 52, Acct-Input-Gigawords */ ("accounting-stop") ), "input-ipv6-packets" ( /* Excludes Juniper (IANA 4874) VSA 26-153, Acct-Input-IPv6-Packets */ ("accounting-stop") ), "input-ipv6-gigawords" ( /* Excludes Juniper (IANA 4874) VSA 26-155, Acct-Input-IPv6-Gigawords */ ("accounting-stop") ), "input-ipv6-octets" ( /* Excludes Juniper (IANA 4874) VSA 26-151, Acct-Input-IPv6-Octets */ ("accounting-stop") ), "interface-description" ( /* Excludes RADIUS attribute 26-63, Interface-Desc */ ("access-request" | "accounting-start" | "accounting-stop") ), "nas-identifier" ( /* Excludes RADIUS attribute 32, NAS-identifier */ ("access-request" | "accounting-on" | "accounting-off" | "accounting-start" | "accounting-stop") ), "nas-port" ( /* Excludes RADIUS attribute 5, NAS-Port */ ("access-request" | "accounting-start" | "accounting-stop") ), "nas-port-id" ( /* Excludes RADIUS attribute 87, NAS-Port-ID */ ("access-request" | "accounting-start" | "accounting-stop") ), "nas-port-type" ( /* Excludes RADIUS attribute 61, NAS-Port-Type */ ("access-request" | "accounting-start" | "accounting-stop") ), "output-gigapackets" ( /* Excludes Juniper (IANA 4874) VSA 26-43, Acct-Output-Gigapackets */ ("accounting-stop") ), "output-gigawords" ( /* Excludes RADIUS attribute 53, Acct-Output-Gigawords */ ("accounting-stop") ), "output-ipv6-packets" ( /* Excludes Juniper (IANA 4874) VSA 26-154, Acct-Output-IPv6-Packets */ ("accounting-stop") ), "output-ipv6-gigawords" ( /* Excludes Juniper (IANA 4874) VSA 26-156, Acct-Output-IPv6-Gigawords */ ("accounting-stop") ), "output-ipv6-octets" ( /* Excludes Juniper (IANA 4874) VSA 26-152, Acct-Output-IPv6-Octets */ ("accounting-stop") ), "dynamic-iflset-name" ( /* Excludes RADIUS attribute 26-130, Dynamic-Iflset-Name */ ("accounting-start" | "accounting-stop") ), "dsl-forum-attributes" ( /* Excludes DSL Forum RADIUS attributes (RFC 4679) */ ("access-request" | "accounting-start" | "accounting-stop") ), "l2c-upstream-data" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-92, L2C-Upstream-Data */ ("access-request" | "accounting-start" | "accounting-stop") ), "l2c-downstream-data" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-93, L2C-Downstream-Data */ ("access-request" | "accounting-start" | "accounting-stop") ), "acc-loop-cir-id" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-110, Acc-Loop-Cir-Id */ ("access-request" | "accounting-start" | "accounting-stop") ), "acc-aggr-cir-id-bin" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-111, Acc-Aggr-Cir-Id-Bin */ ("access-request" | "accounting-start" | "accounting-stop") ), "acc-aggr-cir-id-asc" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-112, Acc-Aggr-Cir-Id-Asc */ ("access-request" | "accounting-start" | "accounting-stop") ), "act-data-rate-up" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-113, Act-Data-Rate-Up */ ("access-request" | "accounting-start" | "accounting-stop") ), "act-data-rate-dn" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-114, Act-Data-Rate-Dn */ ("access-request" | "accounting-start" | "accounting-stop") ), "min-data-rate-up" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-115, Min-Data-Rate-Up */ ("access-request" | "accounting-start" | "accounting-stop") ), "min-data-rate-dn" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-116, Min-Data-Rate-Dn */ ("access-request" | "accounting-start" | "accounting-stop") ), "att-data-rate-up" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-117, Att-Data-Rate-Up */ ("access-request" | "accounting-start" | "accounting-stop") ), "att-data-rate-dn" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-118, Att-Data-Rate-Dn */ ("access-request" | "accounting-start" | "accounting-stop") ), "max-data-rate-up" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-119, Max-Data-Rate-Up */ ("access-request" | "accounting-start" | "accounting-stop") ), "max-data-rate-dn" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-120, Max-Data-Rate-Dn */ ("access-request" | "accounting-start" | "accounting-stop") ), "min-lp-data-rate-up" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-121, Min-Lp-Data-Rate-Up */ ("access-request" | "accounting-start" | "accounting-stop") ), "min-lp-data-rate-dn" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-122, Min-Lp-Data-Rate-Dn */ ("access-request" | "accounting-start" | "accounting-stop") ), "max-interlv-delay-up" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-123, Max-Interlv-Delay-Up */ ("access-request" | "accounting-start" | "accounting-stop") ), "act-interlv-delay-up" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-124, Act-Interlv-Delay-Up */ ("access-request" | "accounting-start" | "accounting-stop") ), "max-interlv-delay-dn" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-125, Max-Interlv-Delay-Dn */ ("access-request" | "accounting-start" | "accounting-stop") ), "act-interlv-delay-dn" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-126, Act-Interlv-Delay-Dn */ ("access-request" | "accounting-start" | "accounting-stop") ), "dsl-line-state" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-127, DSL-Line-State */ ("access-request" | "accounting-start" | "accounting-stop") ), "dsl-type" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-128, DSL-Type */ ("access-request" | "accounting-start" | "accounting-stop") ), "downstream-calculated-qos-rate" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-141, Downstream-Calculated-QoS-Rate */ ("access-request" | "accounting-start" | "accounting-stop") ), "upstream-calculated-qos-rate" ( /* Excludes Juniper (IANA 4874) DSL VSA 26-142, Upstream-Calculated-QoS-Rate */ ("access-request" | "accounting-start" | "accounting-stop") ), "cos-shaping-rate" ( /* Excludes Juniper (IANA 4874) VSA 26-177, Cos-Shaping-Rate */ ("accounting-start" | "accounting-stop") ), "framed-interface-id" ( /* Excludes RADIUS attribute 96, Framed-Interface-Id */ ("access-request" | "accounting-start" | "accounting-stop") ), "chargeable-user-identity" ( /* Excludes RADIUS attribute 89, Chargeable-User-Identity */ ("access-request") ), "l2tp-tx-connect-speed" ( /* Excludes Juniper (IANA 4874) VSA 26-162, , L2TP-Tx-Connect-Speed */ ("access-request" | "accounting-start" | "accounting-stop") ), "l2tp-rx-connect-speed" ( /* Excludes Juniper (IANA 4874) VSA 26-163, , L2TP-Rx-Connect-Speed */ ("access-request" | "accounting-start" | "accounting-stop") ), "tunnel-type" ( /* Excludes RADIUS attribute 64, Tunnel-Type */ ("access-request" | "accounting-start" | "accounting-stop") ), "tunnel-medium-type" ( /* Excludes RADIUS attribute 65, Tunnel-Medium-Type */ ("access-request" | "accounting-start" | "accounting-stop") ), "tunnel-client-endpoint" ( /* Excludes RADIUS attribute 66, Tunnel-Client-Endpoint */ ("access-request" | "accounting-start" | "accounting-stop") ), "tunnel-server-endpoint" ( /* Excludes RADIUS attribute 67, Tunnel-Server-Endpoint */ ("access-request" | "accounting-start" | "accounting-stop") ), "tunnel-assignment-id" ( /* Excludes RADIUS attribute 82, Tunnel-Assignment-Id */ ("access-request" | "accounting-start" | "accounting-stop") ), "tunnel-client-auth-id" ( /* Excludes RADIUS attribute 90, Tunnel-Client-Auth-Id */ ("access-request" | "accounting-start" | "accounting-stop") ), "tunnel-server-auth-id" ( /* Excludes RADIUS attribute 91, Tunnel-Server-Auth-Id */ ("access-request" | "accounting-start" | "accounting-stop") ), "acct-tunnel-connection" ( /* Excludes RADIUS attribute 68, Acct-Tunnel-Connection */ ("access-request" | "accounting-start" | "accounting-stop") ), "acc-loop-remote-id" ( /* Excludes Juniper (IANA 4874) VSA 26-XXX, ERX-Acc-Loop-Remote-Id */ ("access-request" | "accounting-start" | "accounting-stop") ), "acc-loop-encap" ( /* Excludes Juniper (IANA 4874) VSA 26-182, ERX-Acc-Loop-Encap */ ("access-request" | "accounting-start" | "accounting-stop") ), "pppoe-description" ( /* Excludes RADIUS attribute 26-24, PPPOE-Description */ ("access-request" | "accounting-start" | "accounting-stop") ), "virtual-router" ( /* Excludes Juniper (IANA 4874) VSA 26-1, Virtual-Router */ ("access-request" | "accounting-start" | "accounting-stop") ), "first-relay-ipv4-address" ( /* Excludes RADIUS attribute 26-189, DHCP-First-Relay-IPv4-Address */ ("access-request" | "accounting-start" | "accounting-stop") ), "first-relay-ipv6-address" ( /* Excludes RADIUS attribute 26-190, DHCP-First-Relay-IPv6-Address */ ("access-request" | "accounting-start" | "accounting-stop") ), "dhcpv6-options" ( /* Excludes RADIUS attribute 26-207, DHCPv6-Options */ ("access-request" | "accounting-start" | "accounting-stop") ), "dhcp-header" ( /* Excludes RADIUS attribute 26-208, DHCP-Header */ ("access-request") ), "dhcpv6-header" ( /* Excludes RADIUS attribute 26-209, DHCPv6-Header */ ("access-request") ), "acct-request-reason" ( /* Excludes RADIUS attribute 26-210, Acct-Request-Reason */ ("accounting-start" | "accounting-stop") ) ) ) ) ) ) ), "session-options" ( /* Options for an authenticated client's session */ c( "client-group" arg /* One or more groups to which client belongs */, "client-idle-timeout" arg /* Time in minutes of idleness after which access is denied */, "client-idle-timeout-ingress-only" /* Idle timeout applies to ingress traffic only */, "client-session-timeout" arg /* Time in minutes since initial access after which access is denied */, "strip-user-name" ( /* Options for stripping user name string */ c( "delimiter" ( /* Allowable delimiter characters for strip user name separation */ sc( arg ) ).as(:oneline), "parse-direction" ( /* Strip user name parsing direction */ sc( c( "right-to-left" /* Parse the username from right to left */, "left-to-right" /* Parse the username field from left to right */ ) ) ).as(:oneline) ) ), "pcc-context" ( /* Pcc context configurations */ c( "pcef-profile" arg /* Pcef profile name */, "input-service-set" arg /* Input service-set name */, "output-service-set" arg /* Output service-set name */, "input-ipv6-service-set" arg /* Input ipv6 service set name */, "output-ipv6-service-set" arg /* Output ipv6 service set name */, "input-service-filter" arg /* Input service filter name */, "output-service-filter" arg /* Output service filter name */, "input-ipv6-service-filter" arg /* Input ipv6 service filter name */, "output-ipv6-service-filter" arg /* Output ipv6 service filter name */ ) ) ) ), "client-name-filter" ( /* Restrictions on client names */ access_client_name_filter_object /* Restrictions on client names */ ), "ldap-options" ( /* Lightweight Directory Access Protocol options */ access_ldap_options /* Lightweight Directory Access Protocol options */ ), "ldap-server" ( /* Lightweight Directory Access Protocol server */ ldap_server_object /* Lightweight Directory Access Protocol server */ ), "radius-server" ( /* RADIUS server configuration */ profile_radius_server_object /* RADIUS server configuration */ ), "radius-server-name" ( /* RADIUS server FQDN configuration */ profile_radius_server_name_object /* RADIUS server FQDN configuration */ ), "radius-options" ( /* RADIUS options */ access_radius_options /* RADIUS options */ ), "accounting" ( /* Specifies the accounting options */ c( "order" ( /* Order in which accounting mechanisms are used */ ("radius") ), "accounting-stop-on-failure" /* Send an Acct-Stop message if a user fails authentication, but AAA-server grants access */, "accounting-stop-on-access-deny" /* Send an Acct-Stop message if AAA-server denies access */, "immediate-update" /* Send an Acct-Update message on receipt of a Acct-response for the Acct-Start message */, "coa-immediate-update" /* Send an Acct-Update message on completion of processing a change of authorization */, "address-change-immediate-update" /* Send an Acct-Update message to notify address change */, "update-interval" arg /* The interval in min btw accounting updates(Interim-stats off,if unspecified) */, "statistics" ( /* Reports set of statistics attributes based on reporting type */ ("volume-time" | "time") ), "wait-for-acct-on-ack" /* Wait for ACCT-ON-ACK */, "send-acct-status-on-config-change" /* Send ACCT-ON/OFF on config change */, "duplication" /* Send duplicated accounting reports if applied */, "duplication-filter" ( /* Configure duplication filters */ ("interim-original" | "interim-duplicated" | "exclude-attributes") ), "duplication-vrf" ( /* Duplication vrf configurations */ c( "vrf-name" arg /* VRF name */, "access-profile-name" arg /* Access profile name */ ) ), "duplication-attribute-format" ( /* Use attribute format defined under duplication accouting access-profile */ ("username") ), "ancp-speed-change-immediate-update" /* Send an Acct-Update message when ANCP speed change is detected */, "family-state-change-immediate-update" /* Send an Acct-Update message to notify address family activation state change */ ) ), "service" ( /* Subscriber service configurations */ c( "accounting-order" ( /* Order in which accounting mechanism service is used */ ("activation-protocol" | "radius" | "local") ), "accounting" ( /* Specifies the service accounting options */ c( "update-interval" arg /* The interval in minutes between accounting updates(Interim-stats off, if not specified) */, "statistics" ( /* Reports set of statistics attributes based on reporting type */ ("time" | "volume-time") ) ) ) ) ), "jsrc" ( /* Set of JSRC configurations */ c( "attributes" ( /* Specifies how JSRC attributes should be handled */ c( "exclude" ( /* Configures the exclusion of JSRC attributes in DIAMETER messages */ c( "user-name" ( /* Excludes Diameter attribute 1, User-Name */ ("authorization-request" | "provisioning-request") ) ) ) ) ) ) ), "subscriber" ( /* Locally authenticated subscriber configuration */ localauth_subscriber_object /* Locally authenticated subscriber configuration */ ) ) ), "address-assignment" ( /* Address assignment configuration */ address_assignment_type /* Address assignment configuration */ ), "address-protection" ( /* Initiate Duplicate Address Protection */ c( "reassign-on-match" /* Disconnect owning session and reassign to this session */ ) ), "address-preservation" ( /* Enable address preservation */ c( "address-types" ( ("delegated-prefix") ), "aging-time" arg /* Time to hold address reservation */ ) ), "linked-pool-aggregation" /* Enable linked pools aggregation */, "tunnel-profile" arg ( /* Set of attributes that define tunnel access */ c( "tunnel" arg ( /* Tunnel id 1 to 31 */ c( "preference" arg /* Preference value */, "remote-gateway" ( /* Tunnel remote gateway */ c( "address" ( /* IP address */ ipv4addr /* IP address */ ), "gateway-name" arg /* Gateway name */ ) ), "source-gateway" ( /* Tunnel source gateway */ c( "address" ( /* IP address */ ipv4addr /* IP address */ ), "gateway-name" arg /* Tunnel source name */ ) ), c( "routing-instance" arg /* Routing instance to be used for tunneled subscriber */, "logical-system" arg ( /* Logical system to be used for tunneled subscriber */ c( "routing-instance" arg /* Routing instance to be used for tunneled subscriber */ ) ) ), "secret" arg /* Tunnel password sent to remote gateway */, "medium" ( /* Tunnel medium */ ("ipv4") ), "tunnel-type" ( /* Tunnel type */ ("l2tp") ), "identification" arg /* Tunnel assignment identification */, "max-sessions" arg /* Maximum number of sessions per tunnel */, "nas-port-method" ( /* Tunnel network access server port method */ ("cisco-avp") ) ) ) ) ), "tunnel-switch-profile" arg ( /* Tunnel switch profile name */ c( "avp" ( /* L2TP AVPs action configuration */ c( "calling-number" ( /* Action for L2TP AVP calling number */ ("regenerate" | "relay" | "drop") ), "bearer-type" ( /* Action for L2TP AVP bearer type */ ("regenerate" | "relay" | "drop") ), "cisco-nas-port-info" ( /* Action for L2TP AVP Cisco NAS port information */ ("regenerate" | "relay" | "drop") ) ) ), "tunnel-profile" arg /* Tunnel profile name */ ) ), "domain" ( /* Domain map configuration */ domain_map_type /* Domain map configuration */ ), "ppp-options" ( /* Point-to-Point Protocol (PPP) specific options */ c( "compliance" ( /* Standards compliance definition */ c( "rfc" ( /* Enforce compliance with RFC standards */ ("2486") ) ) ) ) ), "gx-plus" ( /* GX-PLUS configuration */ gx_plus_definition /* GX-PLUS configuration */ ), "pcrf" ( /* PCRF configuration */ pcrf_definition /* PCRF configuration */ ), "ocs" ( /* OCS configuration */ ocs_definition /* OCS configuration */ ), "radsec" ( /* RADSEC configuration */ radsec_definition /* RADSEC configuration */ ), "s6a" ( /* S6a configuration */ s6a_definition /* S6a configuration */ ), "report-interface-descriptions" /* Support reporting of interface descriptions */, "nasreq" ( /* Nasreq configuration */ nasreq_definition /* Nasreq configuration */ ), "nas-5g" ( /* NAS-5G configuration */ nas_5g_definition /* NAS-5G configuration */ ), "protocol-attributes" ( /* Protocol specific attribute configuration */ protocol_attribute_type /* Protocol specific attribute configuration */ ), "aaa-options" arg ( /* AAA option configurations */ c( "access-profile" arg /* Access profile name */, "aaa-context" arg /* AAA context */, "subscriber-context" arg /* Subscriber context */ ) ), "disable-tenant-access" /* Disable access to root lsys profiles for tenants */, "radius-options" ( /* RADIUS options */ access_radius_options /* RADIUS options */ ), "ldap-options" ( /* Lightweight Directory Access Protocol options */ access_ldap_options /* Lightweight Directory Access Protocol options */ ), "ldap-server" ( /* Lightweight Directory Access Protocol server options */ ldap_server_object /* Lightweight Directory Access Protocol server options */ ), "securid-server" ( /* SecurID server configuration */ securid_server_object /* SecurID server configuration */ ), "accounting-backup-options" ( /* Pending accounting backup-options */ c( "max-pending-accounting-stops" arg /* Max pending accouting stops */, "max-withhold-time" arg /* Maximum time in mins to hold the pending accounting stops */ ) ), "terminate-code" ( /* Terminate code mapping configuration */ c( "aaa" ( /* AAA terminate-code mapping configuration */ c( "deny" ( /* Terminate-code specification */ c( "authentication-denied" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "server-request-timeout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "service-shutdown" ( /* Terminate-code specification */ c( "network-logout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "remote-reset" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "subscriber-logout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "time-limit" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "volume-limit" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "shutdown" ( /* Terminate-code specification */ c( "administrative-reset" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "idle-timeout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "reassign-on-match" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "remote-reset" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-timeout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ) ) ), "dhcp" ( /* DHCP terminate-code mapping configuration */ c( "client-request" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "lost-carrier" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "nak" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "nas-logout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-offers" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "hybrid-access" ( /* HYBRID-ACCESS terminate-code mapping configuration */ c( "admin-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "client-request" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "lost-carrier" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "nak" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "nas-logout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resource" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "l2tp" ( /* L2TP terminate-code mapping configuration */ c( "issu" ( /* Terminate-code specification */ c( "in-progress" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "session" ( /* Terminate-code specification */ c( "access-interface-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "administrative-close" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "administrative-drain" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "call-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "call-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "create-failed" ( /* Terminate-code specification */ c( "icrq-to-initiator-tunnel" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "invalid-config" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "limit-reached" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "single-shot-tunnel-already-fired" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "too-busy" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "failover-protocol-resync-disconnect" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "hardware-unavailable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources-server-port" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "not-ready" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "receive-cdn" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline), "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-duplicate-value-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-result-code" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-iccn" ( /* Terminate-code specification */ c( "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-framing-type" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-proxy-authen-type" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-unsupported-proxy-authen-type" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-connect-speed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-framing-type" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-proxy-authen-challenge" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-proxy-authen-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-proxy-authen-name" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-proxy-authen-response" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "unexpected" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-icrp" ( /* Terminate-code specification */ c( "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-duplicate-value-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "unexpected" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-icrq" ( /* Terminate-code specification */ c( "administrative-close" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "authenticate-failed-host" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-bearer-type" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-cisco-nas-port" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-duplicate-value-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-call-serial-number" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "unexpected" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-occn" ( /* Terminate-code specification */ c( "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-framing-type" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-connect-speed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-framing-type" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "unexpected" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-ocrp" ( /* Terminate-code specification */ c( "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-duplicate-value-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "unexpected" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-ocrq" ( /* Terminate-code specification */ c( "administrative-close" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "authenticate-failed-host" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-bearer-type" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-framing-type" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-duplicate-value-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-bearer-type" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-call-serial-number" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-called-number" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-framing-type" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-maximum-bps" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-minimum-bps" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "unexpected" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "unsupported" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-sli" ( /* Terminate-code specification */ c( "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-accm" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-accm" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-unexpected-packet" ( /* Terminate-code specification */ c( "lac-incoming" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "lac-outgoing" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "lns-incoming" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "lns-outgoing" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-unknown-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "receive-wen" ( /* Terminate-code specification */ c( "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-call-errors" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "timeout-connection" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "timeout-inactivity" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "timeout-session" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "timeout-upper-create" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "transmit-speed-unavailable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "tunnel-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "tunnel-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "tunnel-switch-profile-deleted" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "tunneled-interface-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "unknown-cause" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "upper-create-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "upper-removed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "warmstart-not-operational" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "warmstart-recovery-error" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "warmstart-uppper-not-restacked" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "session-eracheck-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-mappedswitchedsession-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-rx-csurq-avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-rx-icrq-issu-in-progress" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-rx-ocrq-issu-in-progress" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-sdb-release" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-stray-ifl-association" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-tunnelswitch-error" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-uptimer-expiry" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "tunnel" ( /* Terminate-code specification */ c( "administrative-close" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "administrative-drain" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "control-channel-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "created-no-sessions" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "destination-address-changed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "destination-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "failover-protocol" ( /* Terminate-code specification */ c( "no-resources-for-recovery-tunnel" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources-for-session-resync" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "not-supported" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "not-supported-by-peer" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "recovery-control-channel-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "recovery-tunnel-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "recovery-tunnel-finished" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "recovery-tunnel-primary-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-resync-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "host-profile-changed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "host-profile-deleted" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "receive-fsq" ( /* Terminate-code specification */ c( "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-failover-session-state" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-id-not-null" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-fsr" ( /* Terminate-code specification */ c( "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-failover-session-state" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-id-not-null" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-recovery-scccn" ( /* Terminate-code specification */ c( "authenticate-failed-challenge" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-challenge-response" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-challenge-response" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unexpected-challenge-response" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-id-not-null" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-recovery-scccp" ( /* Terminate-code specification */ c( "avp-unexpected-challenge-response" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-recovery-scccp-avp-bad-value-challenge-response" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "receive-recovery-scccp-avp-missing-challenge-response" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "receive-recovery-sccrp" ( /* Terminate-code specification */ c( "authenticate-failed-challenge" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-bearer-capabilities" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-challenge" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-framing-capabilities" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-protocol-version" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-receive-window-size" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-suggested-control-sequence" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-duplicate-value-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-mismatched-host-name" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-mismatched-vendor-name" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-framing-capabilities" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-host-name" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-protocol-version" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unexpected-challenge-without-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-id-not-null" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-recovery-sccrq" ( /* Terminate-code specification */ c( "administrative-close" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-bearer-capabilities" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-challenge" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-framing-capabilities" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-protocol-version" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-receive-window-size" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-tunnel" ( /* Terminate-code specification */ c( "recovery" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "avp-duplicate-value-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-duplicate-value-tie-breaker" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-mismatched-host-name" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-mismatched-vendor-name" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-framing-capabilities" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-host-name" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-protocol-version" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-tunnel" ( /* Terminate-code specification */ c( "recovery" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-tie-breaker" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unexpected-challenge-without-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources-max-tunnels" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-id-not-null" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "tunnel-id-not-null" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-recovery-stopccn" ( /* Terminate-code specification */ c( "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-duplicate-value-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-result-code" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-id-not-null" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-recovery-unexpected-packet" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "receive-recovery-unknown-packet" ( /* Terminate-code specification */ c( "message-type-indecipherable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "message-type-unrecognized" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-scccn" ( /* Terminate-code specification */ c( "authenticate-failed-challenge" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-challenge-response" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-challenge-response" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unexpected-challenge-response" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-id-not-null" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "unexpected" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-sccrp" ( /* Terminate-code specification */ c( "authenticate-failed-challenge" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "authenticate-failed-host" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-bearer-capabilities" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-challenge" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-challenge-response" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-failover-capability" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-framing-capabilities" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-protocol-version" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-receive-window-size" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-duplicate-value-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-challenge-response" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-framing-capabilities" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-host-name" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-protocol-version" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unexpected-challenge-response" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unexpected-challenge-without-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-id-not-null" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "unexpected" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-sccrq" ( /* Terminate-code specification */ c( "administrative-close" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "authenticate-failed-host" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-bearer-capabilities" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-challenge" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-failover-capability" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-framing-capabilities" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-protocol-version" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-receive-window-size" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-duplicate-value-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-framing-capabilities" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-host-name" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-protocol-version" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unexpected-challenge-without-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "bad-address" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "invalid-ns" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources-max-tunnels" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-id-not-null" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "unexpected" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-session-packet" ( /* Terminate-code specification */ c( "null-session-id-invalid" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "null-session-id-without-assigned-session-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-stopccn" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline), "avp-bad-hidden" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-bad-value-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-duplicate-value-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-bad-length" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-malformed-truncated" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-assigned-tunnel-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-mandatory-result-code" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-random-vector" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-missing-secret" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "avp-unknown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-id-not-null" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-unexpected-packet" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline), "for-session" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "receive-unknown-packet" ( /* Terminate-code specification */ c( "message-type-indecipherable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "message-type-unrecognized" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "timeout-connection" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "timeout-connection-recovery-tunnel" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "timeout-idle" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "unknown-cause" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "warmstart-not-operational" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "warmstart-recovery-error" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ) ) ), "ppp" ( /* PPP terminate-code mapping configuration */ c( "admin-logout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "admin-reconnect-request" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "authenticate" ( /* Terminate-code specification */ c( "authenticator-timeout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "challenge-timeout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "chap-no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "chap-peer-authenticator-timeout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "chap-peer-challenge-timeout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "deny-by-peer" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "eap-challenge-larger-than-mtu" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "eap-peer-authenticator-timeout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "eap-request-timeout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "inactivity-timeout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "max-requests" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-authenticator" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-resources" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "pap-peer-authenticator-timeout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "pap-request-timeout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "session-timeout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "too-many-requests" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "tunnel-fail-immediate" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "tunnel-unsupported-tunnel-type" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "bridging" ( /* Terminate-code specification */ c( "admin-disable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "failed-to-activate-family-bridging" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "inhibited-by-authentication" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "link-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "max-configure-exceeded" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "max-passive-retries-exceeded" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "max-sevice-disable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-ieee802-tagged-frame-format" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-mac-frame-format" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-ieee802-tagged-frame-format" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-mac-fram-fromat" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-service" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "renegotiate-rx-conf-ack" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "renegotiate-rx-conf-nak" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "renegotiate-rx-conf-rej" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "renegotiate-rx-conf-req" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "stale-stacking" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "terminate-code-rej" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "terminate-term-ack" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "terminate-term-req" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "bundle" ( /* Terminate-code specification */ c( "fail-activation" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-create" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-engine-add" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-fragment-size-mismatch" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-fragmentation-location" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-fragmentation-mismatch" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-hash-link-selection-mismatch" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-join" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-local-mped-not-set-yet" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-local-mrru-mismatch" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-local-mru-mismatch" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-peer-endpoint-discriminator-mismatch" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-peer-mrru-mismatch" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-profile-nak" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-reassembly-location" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-reassembly-mismatch" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-record-network" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-server-location-mismatch" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-static-link" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "fail-unrecoverable-ifl" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "dynamic-profile-instantiation-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "failover-during-authentication" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "interface-admin-disable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "interface-no-hardware" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "ip" ( /* Terminate-code specification */ c( "admin-disable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "failed-to-activate-family-inet" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "failed-to-activate-services" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "failed-to-add-access-internal-route" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "inhibited-by-authentication" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "link-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "max-configure-exceeded" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "max-passive-retries-exceeded" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-ip-address" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-ip-address-mask" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-primary-dns-address" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-primary-nbns-address" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-secondary-dns-address" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-secondary-nbns-address" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-ip-address" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-ip-address-mask" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-primary-dns-address" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-primary-nbns-address" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-secondary-dns-address" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-secondary-nbns-address" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-service" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-ack" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-nak" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-rej" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-req" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-code-rej" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-term-ack" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-term-req" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "service-disable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "stale-stacking" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "ipv6" ( /* Terminate-code specification */ c( "admin-disable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "failed-to-activate-family-inet6" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "failed-to-activate-services" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "inhibited-by-authentication" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "link-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "local-and-peer-interface-ids-identical" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "max-configure-exceeded" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "max-passive-retries-exceeded" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-ipv6-interface-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-ipv6-interface-id" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-service" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-ack" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-nak" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-rej" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-req" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-code-rej" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-term-ack" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-term-req" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "service-disable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "stale-stacking" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "l2tp-session" ( /* Terminate-code specification */ c( "apply-link-attribute-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "lcp" ( /* Terminate-code specification */ c( "authenticate-terminate-hold" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "configured-mrru-too-small" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "configured-mru-invalid" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "configured-mru-too-small" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "dynamic-interface-hold" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "failed-to-activate-services" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "keepalive-failure" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "loopback-rx-conf-req" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "loopback-rx-echo-reply" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "loopback-rx-echo-req" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "max-configure-exceeded" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "max-passive-retries-exceeded" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "mru-changed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "negotiation-timeout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-accm" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-acfc" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-authentication" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-endpoint-discriminator" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-magic-number" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-mrru" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-mru" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-pfc" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-accm" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-acfc" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-authentication" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-endpoint-discriminator" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-magic-number" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-mrru" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-mru" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-pfc" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-ack" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-nak" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-rej" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-req" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-code-rej" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-protocol-reject" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-term-ack" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-term-req" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "tunnel-disconnected" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "tunnel-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "license-limit-exceeded" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "link-interface-no-hardware" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "lower-interface-attach-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "lower-interface-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "lower-interface-teardown" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "mpls" ( /* Terminate-code specification */ c( "admin-disable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "failed-to-activate-family-mpls" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "link-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "max-configure-exceeded" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "max-passive-retries-exceeded" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-service" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-ack" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-nak" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-rej" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-req" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-code-rej" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-term-ack" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-term-req" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "service-disable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "stale-stacking" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "network-interface-admin-disable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-bundle" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-interface" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-link-interface" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-ncps-available" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-network-interface" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-upper-interface" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "osi" ( /* Terminate-code specification */ c( "admin-disable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "failed-to-activate-family-osi" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "link-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "max-configure-exceeded" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "max-passive-retries-exceeded" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-local-align-npdu" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-peer-align-npdu" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "no-service" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-ack" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-nak" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-rej" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-renegotiate-rx-conf-req" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-code-rej" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-term-ack" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "peer-terminate-term-req" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "service-disable" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "stale-stacking" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "recovery" ( /* Terminate-code specification */ c( "active-state-cleanup" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "configured-state-cleanup" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "init-state-cleanup" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "terminated-state-cleanup" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "terminating-state-cleanup" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "session-init-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "subscriber-mgr" ( /* Terminate-code specification */ c( "activation-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "get-credentials-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "link-interface-not-found" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "set-state-active-failed" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ) ) ), "vlan" ( /* VLAN terminate-code mapping configuration */ c( "admin-logout" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "admin-reconnect" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "other" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "out-of-band" ( /* Terminate-code specification */ c( "access-interface-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "admin-access-interface-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "admin-core-interface-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "ancp" ( /* Terminate-code specification */ c( "port-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "port-vlan-id-change" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ), "core-interface-down" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "l2-wholesale" ( /* Terminate-code specification */ c( "no-free-vlans" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ) ) ), "profile-request-error" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "sdb-error" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ), "subscriber-activate-error" ( /* Terminate-code specification */ c( "radius" ( /* Radius Acct-Terminate-Cause configuration */ sc( arg ) ).as(:oneline) ) ) ) ) ) ), "diameter-profiles" ( /* Diameter application configurations */ aaa_diameter_profiles /* Diameter application configurations */ ), "radius" ( /* RADIUS server and network-element configuration */ juniper_radius /* RADIUS server and network-element configuration */ ), "diameter" ( /* Diameter server and network-element configuration */ juniper_mobile_diameter /* Diameter server and network-element configuration */ ) ) end rule(:aaa_diameter_profiles) do c( "gy-profile" ( /* Diameter Gy application profile configuration */ aaa_diameter_profile_type_gy /* Diameter Gy application profile configuration */ ), "gx-profile" ( /* Diameter Gx application profile configuration */ aaa_diameter_profile_type_gx /* Diameter Gx application profile configuration */ ) ) end rule(:aaa_diameter_profile_type_gx) do arg.as(:arg) ( c( "targets" ( /* AAA diameter target configurations */ aaa_diameter_target /* AAA diameter target configurations */ ), "request-timeout" arg /* Profile request timeout */, "attributes" ( /* Diameter AVP attributes for Gx application */ aaa_diameter_gx_profile_attr_type /* Diameter AVP attributes for Gx application */ ) ) ) end rule(:aaa_diameter_gx_profile_attr_type) do c( "include" ( /* Specify AVP options to be included */ c( "gx-capability-list" arg /* Include Gx Capability list AVP */, "rule-suggestion" arg /* Include rule-suggestion AVP */, "rai" /* Include RAI AVP */, "qos-negotiation" /* Include QoS negotiation AVP */, "qos-upgrade" /* Include QoS upgrade AVP */ ) ), "exclude" ( /* Specify AVP options to be excluded */ c( "packet-filter-information" /* Exclude packet filter information AVP */, "packet-filter-operation" /* Exclude packet filter operation AVP */, "rat-type" /* Exclude rat-type AVP */, "default-eps-bearer-qos" /* Exclude default EPS bearer QOS AVP */, "an-gw-address" /* Exclude an-gw-address AVP */, "network-request-support" /* Exclude network request support AVP */, "event-trigger" /* Exclude event trigger AVP */, "threegpp-rat-type" /* Exclude 3GPP-RAT-type AVP */, "offline" /* Exclude offline AVP */, "qos-negotiation" /* Exclude QoS negotiation AVP */, "qos-upgrade" /* Exclude QoS upgrade AVP */ ) ) ) end rule(:aaa_diameter_profile_type_gy) do arg.as(:arg) ( c( "targets" ( /* AAA diameter target configurations */ aaa_diameter_target /* AAA diameter target configurations */ ), "request-timeout" arg /* Profile request timeout */, "attributes" ( /* Diameter AVP attributes for Gy application */ aaa_diameter_gy_profile_attr_type /* Diameter AVP attributes for Gy application */ ) ) ) end rule(:aaa_diameter_gy_profile_attr_type) do c( "include" ( /* Specify AVP options to be included */ c( "cumulative-used-service-unit" /* Include cumulative-used-service-unit AVP */, "credit-instance-id" /* Include credit-instance-id AVP */, "service-start-timestamp" /* Include service-start-timestamp AVP */, "mscc-qos-information" /* Include mscc-qos-information AVP */, "framed-ip-address" /* Include framed ip address AVP */, "framed-ipv6-prefix" /* Include framed IPV6 Prefix AVP */, "gprs-negotiated-qos" /* Include GPRS negotiated QOS AVP */ ) ), "exclude" ( /* Specify AVP options to be excluded */ c( "ps-information" /* Exclude PS Information AVP. If excluded, all the 3GPP AVPs will be sent at command level */, "username" /* Exclude Username AVP */, "user-equipment-info" /* Exclude user equipment info AVP */, "all-3gpp-avps" /* Exclude all 3GPP AVPs */, "qos-information" /* Exclude QOS information AVP */, "pdn-connection-id" /* Exclude PDN connection id AVP */, "dynamic-address-flag" /* Exclude dynamic address flag AVP */, "serving-node-type" /* Exclude serving node type AVP */, "cc-selection-mode" /* Exclude charging characteristics selection mode AVP */, "start-time" /* Exclude start time AVP */, "stop-time" /* Exclude stop time AVP */, "user-location-information" /* Exclude user location information AVP */ ) ) ) end rule(:aaa_diameter_target) do arg.as(:arg) ( c( "destination-realm" arg /* Destination realm associated with this target */, "destination-host" arg /* Destination host associated with this target */, "priority" arg /* Target priority */, "network-element" arg /* Specify the diameter network element for this target */ ) ) end rule(:access_client_name_filter_object) do c( "domain-name" arg /* Domain name to match (must be part of username) */, "separator" arg /* Separator character in domain name */, "count" arg /* Number of separator instances */ ) end rule(:access_client_object) do arg.as(:arg) ( c( "no-rfc2486" /* RFC2486 compliance is not enforced */, "chap-secret" ( /* CHAP secret */ unreadable /* CHAP secret */ ), "pap-password" ( /* PAP password */ unreadable /* PAP password */ ), c( "ppp" ( /* Configuration for Point-to-Point Protocol */ c( "framed-pool" arg /* Address pool used to assign an address for the user */, "idle-timeout" arg /* Idle timeout before termination of session */, "ppp-options" ( /* Point-to-Point Protocol interface-specific options */ c( "pap" /* Password Authentication Protocol */, "chap" /* Challenge Handshake Authentication Protocol */ ) ), "keepalive" arg /* PPP keepalive interval */, "primary-dns" arg /* Primary DNS server name */, "secondary-dns" arg /* Secondary DNS server name */, "primary-wins" arg /* Primary wins server name */, "secondary-wins" arg /* Secondary wins server name */, "encapsulation-overhead" arg /* Encapsulation overhead for Class of Service calculation */, "cell-overhead" /* ATM cell overhead for Class of Service calculation */, "interface-id" arg /* Interface identifier to look up session information */, "framed-ip-address" ( /* Address to be configured for the user */ ipv4prefix /* Address to be configured for the user */ ), "keepalive-retries" arg /* PPP keepalive retries */ ) ), "l2tp" ( /* Configuration for Layer 2 Tunneling Protocol */ c( "maximum-sessions" arg /* Maximum number of sessions per client */, "maximum-sessions-per-tunnel" arg /* Maximum number of sessions per L2TP tunnel */, "service-profile" arg /* Dynamic service profile(s) to be applied to this session */, "interface-id" arg /* Interface identifier for PPP users missing one */, "lcp-renegotiation" /* Force renegotiation of LCP options */, "local-chap" /* Force local CHAP challenge */, "override-result-code" ( /* Override result code with admin value in CDN message at LNS */ c( "session-out-of-resource" /* Override result code for session out-of-resource due to permanent or temporary condition with admin value in CDN message at LNS */ ) ), "aaa-access-profile" arg /* AAA access profile name */, "multilink" ( /* Multilink Point-to-Point Protocol command options */ multilink_object /* Multilink Point-to-Point Protocol command options */ ), "session-limit-group" arg /* Session limit group name */, "ppp-authentication" ( /* Method for authenticating client */ ("chap" | "pap") ), "shared-secret" arg /* Shared secret for authenticating peer */, "ppp-profile" arg /* User profile name */, "dynamic-profile" arg /* Dynamic profile name */ ) ), "ike" ( /* Configuration for dynamic IKE peers */ c( "allowed-proxy-pair" ( /* List of local and remote proxy identity pairs */ s( "local" arg /* Local proxy identity */, "remote" arg /* Remote proxy identity */ ) ), "initiate-dead-peer-detection" /* Initiate dead peer detection */, "dead-peer-detection" ( /* Dead peer detection options */ c( "interval" arg /* Interval at which the DPD messages should be sent */, "threshold" arg /* Maximum number of DPD messages */ ) ), "respond-bad-spi" ( /* Respond to IPsec packets with bad security parameter index (SPI) values */ sc( arg ) ).as(:oneline), c( "pre-shared-key" ( /* Define pre-shared key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline), "ike-policy" arg /* Name of IKE policy */ ), "ipsec-policy" arg /* Name of IPsec policy */, "reverse-route" ( /* Reverse route parameters */ c( "preference" ( /* Preference value */ sc( arg /* Metric value */ ) ).as(:oneline) ) ), "interface-id" arg /* Identity of logical service interface pool */ ) ) ), "group-profile" arg /* Group profile name */, "user-group-profile" arg /* User group profile name */, "xauth" ( /* Configure xauth attributes */ c( "ip-address" ( /* Specify the ip-address for client */ ipv4prefix /* Specify the ip-address for client */ ) ) ), "client-group" arg /* One or more groups to which the client belongs */, "firewall-user" ( /* Client is configured as a firewall user */ c( "password" arg /* Password for user */ ) ) ) ) end rule(:access_ldap_options) do c( "revert-interval" arg /* Time after which to revert to primary server */, "base-distinguished-name" arg /* Suffix when assembling user distinguished name (DN) or base DN under which to search for user DN */, c( "assemble" ( /* Derive user distinguished name from 'common-name' and 'base-distinguished-name' */ c( "common-name" arg /* Prefix in user distinguished name (for example, 'cn' or 'uid') */ ) ), "search" ( /* Search for user's distinguished name */ c( "search-filter" arg /* Filter to use in search (examples: 'cn=' or 'givenName=') */, "admin-search" ( /* Perform an administrator search to find user's distinguished name */ c( "distinguished-name" arg /* Administrator's distinguished name */, "password" ( /* Administrator password */ unreadable /* Administrator password */ ) ) ) ) ) ) ) end rule(:access_radius_options) do c( "revert-interval" arg /* Time after which to revert to primary server */, "timeout-grace" arg /* The period after a RADIUS server times out before marking the server as dead */, "request-rate" arg /* Maximum number of RADIUS requests sent per second */, "interim-rate" arg /* Maximum number of RADIUS requests sent per second */, "interim-update-tolerance" arg /* Maximum tolerance for Interim Updates to RADIUS */, "unique-nas-port" ( /* Use unique value for NAS-Port radius attribute */ c( "chassis-id" arg /* Configure chassis identifier field of NAS-Port */, "chassis-id-width" arg /* Number of bits for the chassis identifier field of NAS-Port */ ) ) ) end rule(:access_radius_server_name_object) do arg.as(:arg) ( c( "dns-query-interval" arg /* Frequency of RADIUS server name resolution */, "accounting-port" arg /* RADIUS server accounting port number */, "radsec-destination" arg /* RADSEC destination */, "port" arg /* RADIUS server authentication port number */, "preauthentication-port" arg /* RADIUS server preauthentication port number */, "dynamic-request-port" arg /* RADIUS client dynamic request port number */, "secret" ( /* Shared secret with the RADIUS server */ unreadable /* Shared secret with the RADIUS server */ ), "preauthentication-secret" ( /* Shared secret with the RADIUS server */ unreadable /* Shared secret with the RADIUS server */ ), "timeout" arg /* Request timeout period */, "retry" arg /* Retry attempts */, "accounting-timeout" arg /* Accounting request timeout period */, "accounting-retry" arg /* Accounting retry attempts */, "max-outstanding-requests" arg /* Maximum requests in flight to server */, "source-address" ( /* Use specified address as source address */ ipaddr /* Use specified address as source address */ ), "routing-instance" arg /* Use specified routing instance */ ) ) end rule(:access_radius_server_object) do arg.as(:arg) ( c( "port" arg /* RADIUS server authentication port number */, "preauthentication-port" arg /* RADIUS server preauthentication port number */, "accounting-port" arg /* Port number to send RADIUS accounting messages */, "dynamic-request-port" arg /* RADIUS client dynamic request port number */, "secret" ( /* Shared secret with the RADIUS server */ unreadable /* Shared secret with the RADIUS server */ ), "preauthentication-secret" ( /* Shared secret with the RADIUS server */ unreadable /* Shared secret with the RADIUS server */ ), "timeout" arg /* Request timeout period */, "retry" arg /* Retry attempts */, "accounting-timeout" arg /* Accounting request timeout period */, "accounting-retry" arg /* Accounting retry attempts */, "max-outstanding-requests" arg /* Maximum requests in flight to server */, "source-address" ( /* Use specified address as source address */ ipaddr /* Use specified address as source address */ ), "routing-instance" arg /* Use specified routing instance */, "radsec-destination" arg /* RADSEC destination */ ) ) end rule(:address_assignment_type) do c( "neighbor-discovery-router-advertisement" ( /* Designated NDRA pool for this instance */ sc( arg ) ).as(:oneline), "high-utilization" arg /* Generate an SNMP trap when address pool use surpasses this percentage */, "abated-utilization" arg /* Generate an SNMP clear trap when address pool use falls below this percentage */, "high-utilization-v6" arg /* Generate an SNMP trap when address pool use surpasses this percentage */, "abated-utilization-v6" arg /* Generate an SNMP clear trap when address pool use falls below this percentage */, "dynamic-pool" arg ( /* Dynamic address pool */ c( "family" ( /* Address family */ c( "inet6" ( /* IPv6 */ c( "delegated-prefix-length" arg /* Delegated IPv6 network prefix length */, "from-interface" ( /* Get prefix from interface name */ interface_name /* Get prefix from interface name */ ), "range" arg ( /* IPv6 address range */ c( "masked-low" ( /* Lower limit of ipv6 address range */ ipv6prefix_mandatory /* Lower limit of ipv6 address range */ ), "masked-high" ( /* Upper limit of ipv6 address range */ ipv6prefix_mandatory /* Upper limit of ipv6 address range */ ), "prefix-length" arg /* IPv6 delegated prefix length */ ) ), "dhcp-attributes" ( /* DHCP options and match criteria */ dynamic_dhcp_attribute_type /* DHCP options and match criteria */ ) ) ) ) ) ) ), "pool" arg ( /* Address pool */ c( "active-drain" /* Notify client of pool active drain mode */, "hold-down" /* Place pool in passive drain mode */, "link" arg /* Address pool link name */, "family" ( /* Address family */ c( c( "inet" ( /* IPv4 */ c( "network" ( /* Network address */ ipv4prefix /* Network address */ ), "range" arg ( /* Address range */ c( "low" ( /* Lower limit of address range */ ipv4addr /* Lower limit of address range */ ), "high" ( /* Upper limit of address range */ ipv4addr /* Upper limit of address range */ ) ) ), "dhcp-attributes" ( /* DHCP options and match criteria */ dhcp_attribute_type /* DHCP options and match criteria */ ), "xauth-attributes" ( /* Configure xauth attributes */ c( "primary-dns" ( /* Specify the primary-dns IP address */ ipv4prefix /* Specify the primary-dns IP address */ ), "secondary-dns" ( /* Specify the secondary-dns IP address */ ipv4prefix /* Specify the secondary-dns IP address */ ), "primary-wins" ( /* Specify the primary-wins IP address */ ipv4prefix /* Specify the primary-wins IP address */ ), "secondary-wins" ( /* Specify the secondary-wins IP address */ ipv4prefix /* Specify the secondary-wins IP address */ ) ) ), "host" arg ( /* Hostname for static reservations */ c( "hardware-address" ( /* Hardware address */ mac_addr /* Hardware address */ ), "ip-address" ( /* Reserved address */ ipv4addr /* Reserved address */ ), c( "user-name" /* Set subscriber user name as host identifier */ ) ) ), "excluded-address" arg /* Excluded Addresses */, "excluded-range" arg ( /* Excluded address range */ c( "low" ( /* Lower limit of excluded address range */ ipv4addr /* Lower limit of excluded address range */ ), "high" ( /* Upper limit of excluded address range */ ipv4addr /* Upper limit of excluded address range */ ) ) ) ) ), "inet6" ( /* IPv6 */ c( "prefix" ( /* IPv6 network prefix */ ipv6prefix_mandatory /* IPv6 network prefix */ ), "range" arg ( /* IPv6 address range */ c( "low" ( /* Lower limit of ipv6 address range */ ipv6prefix_mandatory /* Lower limit of ipv6 address range */ ), "high" ( /* Upper limit of ipv6 address range */ ipv6prefix_mandatory /* Upper limit of ipv6 address range */ ), "prefix-length" arg /* IPv6 delegated prefix length */ ) ), "dhcp-attributes" ( /* DHCP options and match criteria */ dhcp_attribute_type /* DHCP options and match criteria */ ), "xauth-attributes" ( /* Configure xauth ipv6 attributes */ c( "primary-dns-ipv6" ( /* Specify the primary-dns IPv6 address */ ipv6addr /* Specify the primary-dns IPv6 address */ ), "secondary-dns-ipv6" ( /* Specify the secondary-dns IPv6 address */ ipv6addr /* Specify the secondary-dns IPv6 address */ ) ) ), "host" arg ( /* Hostname for static reservations */ c( "hardware-address" ( /* Hardware address */ mac_addr /* Hardware address */ ), "ip-address" ( /* Reserved address */ ipv6addr /* Reserved address */ ), c( "user-name" /* Set subscriber user name as host identifier */ ) ) ), "excluded-address" arg /* Excluded Addresses */, "excluded-range" arg ( /* Excluded address range */ c( "low" ( /* Lower limit of excluded address range */ ipv6addr /* Lower limit of excluded address range */ ), "high" ( /* Upper limit of excluded address range */ ipv6addr /* Upper limit of excluded address range */ ) ) ) ) ) ) ) ) ) ), "location-pool" arg ( /* Location-based IP address pool */ c( "family" ( /* Address family */ c( "inet" ( /* IPv4 location pool */ c( "location" arg ( /* Relative location of router */ c( "address" ( /* IP address/destination prefix */ ipv4prefix /* IP address/destination prefix */ ) ) ) ) ) ) ) ) ), "address-pools" ( /* Address pools for subscribers */ sm_ippool_pool /* Address pools for subscribers */ ) ) end rule(:address_pool_object) do arg.as(:arg) ( c( c( "address" ( /* Address or address prefix */ ipv4prefix /* Address or address prefix */ ), "address-range" ( /* Range of addresses for pool */ sc( "low" ( /* Lower limit of address range */ ipv4addr /* Lower limit of address range */ ), "high" ( /* Upper limit of address range */ ipv4addr /* Upper limit of address range */ ) ) ).as(:oneline) ) ) ) end rule(:dhcp_attribute_type) do c( "option-match" ( /* Match */ c( "option-82" ( c( "circuit-id" arg ( /* Circuit ID portion of the option 82 */ sc( "range" arg /* Range name */ ) ).as(:oneline), "remote-id" arg ( /* Remote ID portion of the option 82 */ sc( "range" arg /* Range name */ ) ).as(:oneline) ) ) ) ), "maximum-lease-time" ( /* Maximum lease time advertised to clients */ ("infinite" | arg) ), "next-server" ( /* Next server that clients need to contact */ ipv4addr /* Next server that clients need to contact */ ), "server-identifier" ( /* Server Identifier - IP address value */ ipv4addr /* Server Identifier - IP address value */ ), "grace-period" arg /* Grace period for leases */, "domain-name" arg /* Domain name advertised to clients */, "name-server" arg /* Domain name servers available to the client */, "wins-server" arg /* WINS name servers */, "router" arg /* Routers advertised to clients */, "boot-file" arg /* Boot filename advertised to clients */, "boot-server" arg /* Boot server advertised to clients */, "tftp-server" ( /* TFTP server IP address advertised to clients */ ipv4addr /* TFTP server IP address advertised to clients */ ), "sip-server" ( /* SIP servers to clients */ c( "name" arg /* SIP server domain name available to clients */, "ip-address" arg /* SIP servers list of IPv4 addresses available to the client */ ) ), "netbios-node-type" ( /* Type of NETBIOS node advertised to clients */ ("b-node" | "p-node" | "m-node" | "h-node") ), "sip-server-domain-name" arg /* SIP server domain name available to clients */, "sip-server-address" arg /* SIP Servers list of IPv6 addresses available to the client */, "dns-server" arg /* Domain name servers available to the client */, "propagate-settings" arg /* Interface name for propagating TCP/IP Settings to pool */, "propagate-ppp-settings" ( /* PPP interface name for propagating DNS/WINS settings */ interface_name /* PPP interface name for propagating DNS/WINS settings */ ), "option" arg ( /* DHCP option */ sc( c( "flag" ( /* Boolean flag value */ ("true" | "false" | "on" | "off") ), "byte" arg /* Unsigned 8-bit value */, "short" arg /* Signed 16-bit numeric value */, "unsigned-short" arg /* Unsigned 16-bit numeric value */, "integer" arg /* Signed 32-bit numeric value */, "unsigned-integer" arg /* Unsigned 32-bit numeric value */, "hex-string" arg /* Hexadecimal string */, "string" arg /* Character string value */, "ip-address" ( /* IP address value */ ipv4addr /* IP address value */ ), "ipv6-address" ( /* IPV6 address value */ ipv6addr /* IPV6 address value */ ), "array" ( /* Array of values */ c( c( "flag" ( /* Array of boolean flag values */ ("true" | "false" | "on" | "off") ), "byte" arg /* Array of unsigned 8-bit values */, "short" arg /* Array of signed 16-bit numeric values */, "unsigned-short" arg /* Array of 16-bit numeric values */, "integer" arg /* Array of signed 32-bit numeric values */, "unsigned-integer" arg /* Array of unsigned 32-bit numeric values */, "hex-string" arg /* Hexadecimal string */, "string" arg /* Array of character string values */, "ip-address" ( /* Array of IP address values */ ipv4addr /* Array of IP address values */ ), "ipv6-address" ( /* Array of IPv6 address values */ ipv6addr /* Array of IPv6 address values */ ) ) ) ) ) ) ).as(:oneline), "valid-lifetime" ( /* Valid lifetime advertised to clients */ ("infinite" | arg) ), "preferred-lifetime" ( /* Preferred lifetime advertised to clients */ ("infinite" | arg) ), "t1-percentage" arg /* T1 time as percentage of preferred lifetime or max lease */, "t2-percentage" arg /* T2 time as percentage of preferred lifetime or max lease */, "exclude-prefix-len" arg /* Length of IPv6 prefix to be excluded from delegated prefix */, "t1-renewal-time" arg /* T1 renewal time */, "t2-rebinding-time" arg /* T2 rebinding time */ ) end rule(:domain_map_type) do c( "map" arg ( /* Domain map definitions */ c( c( "aaa-routing-instance" ( /* Routing instance to be used for applying AAA services */ ("default" | arg) ), "aaa-logical-system" arg ( /* Logical system to be used for applying AAA services */ c( "aaa-routing-instance" ( /* Routing instance to be used for applying AAA services */ ("default" | arg) ) ) ) ), "access-profile" arg /* Access profile to be used for applying AAA services */, "address-pool" arg /* Address pool to use for providing address-allocation services */, "dynamic-profile" arg /* Dynamic profile to be used for this client's session */, "override-password" arg /* Use this password for authentication */, "override-chap-password" arg /* Use this CHAP password for authentication */, "using-user-password" /* Send overridden CHAP-Password using User-Password */, "padn" arg ( /* PPPoE Active Discovery Network parameters to apply for this client's session */ c( "mask" ( /* Destination mask */ ipv4addr /* Destination mask */ ), "metric" arg /* Metric value */ ) ), c( "target-routing-instance" ( /* Routing instance the client's session will be mapped to */ ("default" | arg) ), "target-logical-system" arg ( /* Logical system the client's session will be mapped to */ c( "target-routing-instance" ( /* Routing instance the client's session will be mapped to */ ("default" | arg) ) ) ) ), "strip-domain" /* Enable domain name stripping from the username */, "strip-username" ( /* Enable user name stripping from the username */ sc( c( "right-to-left" /* Strip to first domain delimiter on the right */, "left-to-right" /* Strip to first domain delimiter on the left */ ) ) ).as(:oneline), "tunnel-profile" arg /* Tunnel profile to be used for this client's session */, "tunnel-switch-profile" arg /* Tunnel switch profile */, "sub-domain" arg ( /* Sub-Domain definitions */ c( c( "aaa-routing-instance" ( /* Routing instance to be used for applying AAA services */ ("default" | arg) ), "aaa-logical-system" arg ( /* Logical system to be used for applying AAA services */ c( "aaa-routing-instance" ( /* Routing instance to be used for applying AAA services */ ("default" | arg) ) ) ) ), "access-profile" arg /* Access profile to be used for applying AAA services */, "address-pool" arg /* Address pool to use for providing address-allocation services */, "dynamic-profile" arg /* Dynamic profile to be used for this client's session */, "override-password" arg /* Use this password for authentication */, "override-chap-password" arg /* Use this CHAP password for authentication */, "using-user-password" /* Send overridden CHAP-Password using User-Password */, "padn" arg ( /* PPPoE Active Discovery Network parameters to apply for this client's session */ c( "mask" ( /* Destination mask */ ipv4addr /* Destination mask */ ), "metric" arg /* Metric value */ ) ), c( "target-routing-instance" ( /* Routing instance the client's session will be mapped to */ ("default" | arg) ), "target-logical-system" arg ( /* Logical system the client's session will be mapped to */ c( "target-routing-instance" ( /* Routing instance the client's session will be mapped to */ ("default" | arg) ) ) ) ), "strip-domain" /* Enable domain name stripping from the username */, "strip-username" ( /* Enable user name stripping from the username */ sc( c( "right-to-left" /* Strip to first domain delimiter on the right */, "left-to-right" /* Strip to first domain delimiter on the left */ ) ) ).as(:oneline), "tunnel-profile" arg /* Tunnel profile to be used for this client's session */, "tunnel-switch-profile" arg /* Tunnel switch profile */, "qualifier" ( /* Qualifier definition for sub-domain */ c( c( "vlan-id-list" arg /* Apply access-profile only for the vlan-id specified in the vlan-id-list */ ) ) ) ) ) ) ), "parse-order" ( /* Order in which search parsing is conducted (i.e. look for domain-namd or realm-name first) */ sc( c( "domain-first" /* Search for domain name in username field before searching for realm name */, "realm-first" /* Search for realm name in username field before searching for domain name */ ) ) ).as(:oneline), "delimiter" ( /* Allowable delimiter characters for domain name separation */ sc( arg ) ).as(:oneline), "parse-direction" ( /* Domain name parsing direction */ sc( c( "right-to-left" /* Parse the username from right to left */, "left-to-right" /* Parse the username field from left to right to find domain name */ ) ) ).as(:oneline), "realm-delimiter" ( /* Allowable delimiter characters for realm name separation */ sc( arg ) ).as(:oneline), "realm-parse-direction" ( /* Realm name parsing direction */ sc( c( "left-to-right" /* Parse the username field from left to right to find realm name */, "right-to-left" /* Parse the username field from right to left to find realm name */ ) ) ).as(:oneline) ) end rule(:dynamic_dhcp_attribute_type) do c( "maximum-lease-time" ( /* Maximum lease time advertised to clients */ ("infinite" | arg) ), "valid-lifetime" ( /* Preferred lifetime */ ("infinite" | arg) ), "preferred-lifetime" ( /* Preferred lifetime */ ("infinite" | arg) ), "dns-server" arg /* Domain name servers available to the client */, "t1-percentage" arg /* T1 time as percentage of preferred lifetime advertised to clients */, "t2-percentage" arg /* T2 time as percentage of preferred lifetime advertised to clients */ ) end rule(:group_profile_object) do arg.as(:arg) ( c( "ppp" ( /* Configuration for Point-to-Point Protocol */ c( "framed-pool" arg /* Address pool used to assign an address for the user */, "idle-timeout" arg /* Idle timeout before termination of session */, "ppp-options" ( /* Point-to-Point Protocol interface-specific options */ c( "pap" /* Password Authentication Protocol */, "chap" /* Challenge Handshake Authentication Protocol */, "mru" arg /* The Maximum Receive Unit size in bytes */, "mtu" ( /* The Maximum Transfer Unit size in bytes */ ("use-lower-layer" | arg) ), "initiate-ncp" ( /* Enable server initiated NCP */ c( "ip" /* Enable server initiated IPNCP */, "ipv6" /* Enable server initiated IPv6NCP */, "dual-stack-passive" /* Disable server initiated IPNCP/IPv6NCP for dual-stack client */ ) ), "peer-ip-address-optional" /* Set Peer IP Address Optional in IP NCP Negotiations */, "ipcp-suggest-dns-option" /* Suggest peer to negotiate with DNS Addresses options */, "ignore-magic-number-mismatch" /* Ignore magic-number validation failure in LCP keepalive */, "aaa-options" arg /* Attach AAA options name to group-profile */ ) ), "keepalive" arg /* PPP keepalive interval */, "primary-dns" arg /* Primary DNS server name */, "secondary-dns" arg /* Secondary DNS server name */, "primary-wins" arg /* Primary wins server name */, "secondary-wins" arg /* Secondary wins server name */, "encapsulation-overhead" arg /* Encapsulation overhead for Class of Service calculation */, "cell-overhead" /* ATM cell overhead for Class of Service calculation */, "interface-id" arg /* Interface identifier to look up session information */ ) ), "l2tp" ( /* Configuration for Layer 2 Tunneling Protocol */ c( "maximum-sessions" arg /* Maximum number of sessions per client */, "maximum-sessions-per-tunnel" arg /* Maximum number of sessions per L2TP tunnel */, "service-profile" arg /* Dynamic service profile(s) to be applied to this session */, "interface-id" arg /* Interface identifier for PPP users missing one */, "lcp-renegotiation" /* Force renegotiation of LCP options */, "local-chap" /* Force local CHAP challenge */, "override-result-code" ( /* Override result code with admin value in CDN message at LNS */ c( "session-out-of-resource" /* Override result code for session out-of-resource due to permanent or temporary condition with admin value in CDN message at LNS */ ) ), "multilink" ( /* Multilink Point-to-Point Protocol command options */ multilink_object /* Multilink Point-to-Point Protocol command options */ ) ) ) ) ) end rule(:gx_plus_definition) do c( "partition" arg ( /* GX-PLUS partition configuration */ c( "diameter-instance" arg /* GX-PLUS diameter instance */, "destination-realm" arg /* GX-PLUS destination realm */, "destination-host" arg /* GX-PLUS destination host */ ) ), "global" ( /* GX-PLUS global parameters */ c( "include-ipv6" /* Send provisioning request for IPv6-only subscribers */, "max-outstanding-requests" arg /* Maximum number of outstanding requests */ ) ) ) end rule(:juniper_bridge_domains) do arg.as(:arg) ( c( "description" arg /* Text description of bridge domain */, "domain-type" ( /* Type of bridge domain */ ("bridge") ), c( "vlan-id" ( /* IEEE 802.1q VLAN identifier for bridging domain */ ("all" | "none" | "inner-all" | arg) ), "vlan-tags" ( /* IEEE 802.1q VLAN tags for bridging domain */ sc( "outer" arg /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */, "inner" arg /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */ ) ).as(:oneline), "vlan-id-list" arg /* Create bridge-domain for each of the vlan-id specified in the vlan-id-list */ ), "isid-list" arg /* Create bridge-domain for isid (Valid isid:256..16777214) */, "vlan-id-scope-local" /* Enable the scope of vlan-id local to avoid transmitting vlan tagged packets */, "service-id" arg /* Service id required if bridge-domain is of type MC-AE and vlan-id all or vlan-id none or vlan-tags */, "domain-id" arg /* Domain-id for auto derived Route Target */, "no-local-switching" /* Disable local switching within CE-facing interfaces */, "mcae-mac-synchronize" /* Enable IRB MAC synchronization in this bridge domain */, "mcae-mac-flush" /* Enable MCAE MAC flush in a/s mode for a bridge domain on MCAE link up */, "no-irb-layer-2-copy" /* Disable transmission of layer-2 copy of packets of irb routing-interface */, "enable-mac-move-action" /* Enable blocking action due to mac-move in this Bridge Domain */, "interface" ("$junos-interface-name" | arg) ( /* Interface name for this bridge domain */ c( "protect-interface" ( /* Name of protect interface */ interface_name /* Name of protect interface */ ) ) ), "routing-interface" ( /* Routing interface name for this bridge-domain */ interface_unit /* Routing interface name for this bridge-domain */ ), "forwarding-options" ( /* Forwarding options configuration */ juniper_bridge_forwarding_options /* Forwarding options configuration */ ), "bridge-options" ( /* Bridge domain configuration */ juniper_protocols_bd /* Bridge domain configuration */ ), "protocols" ( c( "igmp-snooping" ( /* IGMP snooping configuration */ juniper_bd_protocols_igmp_snooping /* IGMP snooping configuration */ ), "mld-snooping" ( /* MLD snooping configuration */ juniper_bd_protocols_mld_snooping /* MLD snooping configuration */ ) ) ), "vxlan" ( /* VXLAN options */ c( "ovsdb-managed" /* Bridge-domain is managed remotely via VXLAN OVSDB Controller */, "vni" arg /* VXLAN identifier */, "translation-vni" arg /* Translated VXLAN identifier */, "multicast-group" ( /* Multicast group registered for VXLAN segment */ ipv4addr /* Multicast group registered for VXLAN segment */ ), "encapsulate-inner-vlan" /* Retain inner VLAN in the packet */, "decapsulate-accept-inner-vlan" /* Accept VXLAN packets with inner VLAN */, "unreachable-vtep-aging-timer" arg /* Unreachable VXLAN tunnel endpoint removal timer */, "ingress-node-replication" /* Enable ingress node replication */, "static-remote-vtep-list" ( /* Configure bridge domain specific static remote VXLAN tunnel endpoints */ ipaddr /* Configure bridge domain specific static remote VXLAN tunnel endpoints */ ) ) ), "isolated-vlan" arg /* Isolated VLAN ID for private vlan bridge domain */, "community-vlans" arg /* List of Community VLANs for private vlan bridge domain */, "proxy-mac" ( /* Proxy MAC settings */ c( "irb" /* Reply with virtual-gateway MAC or IRB MAC */, mac_unicast /* Reply with configured MAC for all requests */ ) ), "multicast-snooping-options" ( /* Multicast snooping option configuration */ juniper_multicast_snooping_options /* Multicast snooping option configuration */ ) ) ) end rule(:juniper_bd_protocols_igmp_snooping) do c( "traceoptions" ( /* Trace options for IGMP Snooping */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("packets" | "query" | "report" | "leave" | "group" | "client-notification" | "host-notification" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "query-interval" arg /* When to send host query messages */, "l2-querier" ( /* Enable L2 querier mode */ c( "source-address" ( /* Source IP address to use for L2 querier */ ipv4addr /* Source IP address to use for L2 querier */ ) ) ), "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "learn-pim-router" /* Learn PIM router interfaces from PIM hellos */, "immediate-leave" /* Enable immediate group leave on interfaces */, "evpn-ssm-reports-only" /* Accept and process only reports of SSM groups */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv4addr /* Source IP address to use for proxy */ ), "irb" /* Proxy IGMP reports to IRB */ ) ), "interface" arg ( /* Interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "pseudowire-remote-address" arg ( /* Pseudowire interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */ ) ), "vlan" arg ( /* Vlan options */ c( "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv4addr /* Source IP address to use for proxy */ ) ) ), "evpn-ssm-reports-only" /* Accept and process only reports of SSM groups */, "interface" arg ( /* Interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "pseudowire-remote-address" arg ( /* Pseudowire interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */ ) ), "qualified-vlan" arg ( /* VLAN options for qualified-learning */ c( "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv4addr /* Source IP address to use for proxy */ ) ) ), "evpn-ssm-reports-only" /* Accept and process only reports of SSM groups */, "interface" arg ( /* Interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "pseudowire-remote-address" arg ( /* Pseudowire interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */ ) ) ) ), "disable" ) ) ) end rule(:juniper_bd_protocols_mld_snooping) do c( "traceoptions" ( /* Trace options for MLD Snooping */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("packets" | "query" | "report" | "leave" | "group" | "client-notification" | "host-notification" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "query-interval" arg /* When to send host query messages */, "l2-querier" ( /* Enable L2 querier mode */ c( "source-address" ( /* Source IP address to use for L2 querier */ ipv6addr /* Source IP address to use for L2 querier */ ) ) ), "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "evpn-ssm-reports-only" /* Accept and process only reports of SSM groups */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv6addr /* Source IP address to use for proxy */ ), "irb" /* Proxy IGMP reports to IRB */ ) ), "interface" arg ( /* Interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "pseudowire-remote-address" arg ( /* Pseudowire interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */ ) ), "vlan" arg ( /* Vlan options */ c( "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv6addr /* Source IP address to use for proxy */ ) ) ), "evpn-ssm-reports-only" /* Accept and process only reports of SSM groups */, "interface" arg ( /* Interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "pseudowire-remote-address" arg ( /* Pseudowire interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */ ) ), "qualified-vlan" arg ( /* VLAN options for qualified-learning */ c( "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv6addr /* Source IP address to use for proxy */ ) ) ), "evpn-ssm-reports-only" /* Accept and process only reports of SSM groups */, "interface" arg ( /* Interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "pseudowire-remote-address" arg ( /* Pseudowire interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */ ) ) ) ) ) ) ) end rule(:juniper_bridge_forwarding_options) do c( "filter" ( /* Filtering for bridge forwarding table */ c( "input" arg /* Name of input filter to apply for forwarded packets */, "output" arg /* Name of output filter to apply for forwarded packets */ ) ), "flood" ( /* Filtering for bridge flood table */ c( "input" arg /* Name of input filter to apply for bridge flood packets */ ) ), "dhcp-relay" ( /* Dynamic Host Configuration Protocol relay configuration */ jdhcp_relay_type /* Dynamic Host Configuration Protocol relay configuration */ ), "dhcp-security" ( /* Dynamic ARP Inspection configuration */ jdhcp_security_type /* Dynamic ARP Inspection configuration */ ) ) end rule(:jdhcp_relay_type) do c( "traceoptions" ( /* DHCP relay trace options */ jdhcp_traceoptions_type /* DHCP relay trace options */ ), "persistent-storage" ( /* Trigger to enable flat file storage */ sc( "automatic" /* Trigger automatically */ ) ).as(:oneline), "duplicate-clients-on-interface" /* Allow duplicate clients on different interfaces in a subnet */, "duplicate-clients-in-subnet" ( /* Allow duplicate clients in a subnet */ jdhcp_duplicate_clients_in_subnet_type /* Allow duplicate clients in a subnet */ ).as(:oneline), "interface-traceoptions" ( /* DHCP relay interface trace options */ jdhcp_interface_traceoptions_type /* DHCP relay interface trace options */ ), "dhcpv6" ( /* DHCPv6 configuration */ dhcpv6_relay_type /* DHCPv6 configuration */ ), "arp-inspection" /* Enable Dynamic ARP Inspection */, "forward-snooped-clients" ( /* Forward snooped (unicast) packets */ sc( c( "configured-interfaces" /* Forward snooped (unicast) packets on configured interfaces */, "non-configured-interfaces" /* Forward snooped (unicast) packets on non-configured interfaces */, "all-interfaces" /* Forward snooped (unicast) packets on configured and non-configured interfaces */ ) ) ).as(:oneline), "authentication" ( /* DHCP authentication */ authentication_type /* DHCP authentication */ ), "liveness-detection" ( /* DHCP client liveness detection processing */ dhcp_liveness_detection_type /* DHCP client liveness detection processing */ ), "dynamic-profile" ( /* Dynamic profile to use */ dynamic_profile_type /* Dynamic profile to use */ ).as(:oneline), "service-profile" arg /* Dynamic profile to use for default service activation */, "access-profile" arg /* Access profile to use for AAA services */, "short-cycle-protection" ( /* Short cycle lockout configuration */ sc( "lockout-min-time" arg /* Short cycle lockout time in seconds */, "lockout-max-time" arg /* Short cycle lockout time in seconds */ ) ).as(:oneline), "overrides" ( /* DHCP override processing */ override_type /* DHCP override processing */ ), "relay-option" ( /* DHCP option processing */ dhcp_generic_v4_option /* DHCP option processing */ ), "server-match" ( /* Server match processing */ c( "default-action" ( /* Server match default action */ server_match_action_choice /* Server match default action */ ), "address" arg ( /* Server address */ c( c( "forward-only" /* Forward without subscriber services when a match is made */, "create-relay-entry" /* Create relay entry and allow subscriber services */ ) ) ) ) ), "relay-option-60" ( /* DHCP option-60 processing */ relay_option_60_type_top /* DHCP option-60 processing */ ), "relay-option-82" ( /* DHCP option-82 processing */ relay_option_82_type /* DHCP option-82 processing */ ), "forward-only" ( /* Forward DHCP packets without creating binding */ forward_only_to_rc_type /* Forward DHCP packets without creating binding */ ), "description" arg /* Text description of servers */, "maximum-hop-count" arg /* Maximum number of hops per packet */, "minimum-wait-time" arg /* Minimum number of seconds before requests are forwarded */, "client-response-ttl" arg /* IP time-to-live value to set in responses to client */, "source-ip-change" /* Use address of egress interface as source ip */, "forward-only-replies" /* Forward-only replies from server to appropriate logical-system:routing-instance based on options */, "server-group" ( /* Define a DHCP server group */ server_group_type /* Define a DHCP server group */ ), "active-server-group" ( /* Name of DHCP server group */ dhcpv4_gbl_active_sg_type /* Name of DHCP server group */ ), "route-suppression" ( /* Suppress access-internal and/or destination route addition */ dhcp_route_suppression_type /* Suppress access-internal and/or destination route addition */ ), "group" ( /* Define a DHCP group */ dhcp_group /* Define a DHCP group */ ), "dual-stack-group" ( /* Define a DHCP dual stack group */ dhcp_dual_stack_group /* Define a DHCP dual stack group */ ), "no-snoop" /* Do not snoop DHCP packets */, "server-response-time" arg /* Number of seconds in a period of activity between the last server response and an unaswered request */, "lease-time-validation" ( /* Configure lease time violation validation */ c( "lease-time-threshold" arg /* Threshold for lease time violation in seconds */, "violation-action" ( /* Lease time validation violation action */ sc( "drop" /* Drop dhcpv4 offer and ack packets */ ) ).as(:oneline) ) ), "leasequery" ( /* DHCP leasequery configuration */ relay_leasequery_type /* DHCP leasequery configuration */ ), "bulk-leasequery" ( /* DHCP bulk leasequery configuration */ relay_bulk_leasequery_v4_type /* DHCP bulk leasequery configuration */ ), "active-leasequery" ( /* DHCPv4 active leasequery configuration */ relay_active_leasequery_v4_type /* DHCPv4 active leasequery configuration */ ), "remote-id-mismatch" ( /* DHCP client remote-id mismatch */ dhcp_remote_id_mismatch_type /* DHCP client remote-id mismatch */ ) ) end rule(:authentication_type) do c( "password" arg /* Username password to use */, "username-include" ( /* Add username options */ c( "delimiter" arg /* Change delimiter/separator character */, "domain-name" arg /* Add domain name */, "user-prefix" arg /* Add user defined prefix */, "mac-address" /* Include MAC address */, "option-82" ( /* Include option 82 */ sc( "circuit-id" /* Include option 82 circuit-id (sub option 1) */, "remote-id" /* Include option 82 remote-id (sub option 2) */ ) ).as(:oneline), "logical-system-name" /* Include logical system name */, "routing-instance-name" /* Include routing instance name */, "client-id" ( /* Include client ID */ sc( "exclude-headers" /* Exclude all the headers */, "use-automatic-ascii-hex-encoding" /* Use automatic ascii hex username encoding */ ) ).as(:oneline), "option-60" /* Include option 60 */, "circuit-type" /* Include circuit type */, "interface-name" /* Include interface name */, "interface-description" ( /* Include interface description */ ("device" | "logical") ), "vlan-tags" /* Include the vlan tag(s) */ ) ) ) end rule(:dhcp_dual_stack_group) do arg.as(:arg) ( c( "authentication" ( /* DHCP authentication */ dual_stack_authentication_type /* DHCP authentication */ ), "service-profile" arg /* Dynamic profile to use for default service activation */, "access-profile" arg /* Access profile to be used for jdhcpd */, "dynamic-profile" ( /* Dynamic profile to use */ dynamic_profile_type /* Dynamic profile to use */ ).as(:oneline), "liveness-detection" ( /* DHCP client liveness detection processing */ dhcp_liveness_detection_dualstack_type /* DHCP client liveness detection processing */ ), "relay-agent-interface-id" ( /* Interface-id option processing */ v6_relay_option_interface_id_type /* Interface-id option processing */ ), "relay-agent-remote-id" ( /* Remote-id option processing */ v6_relay_option_remote_id_type /* Remote-id option processing */ ), "classification-key" ( /* Classification key for identifying dual stack household */ classification_types /* Classification key for identifying dual stack household */ ), "dual-stack-interface-client-limit" arg /* Limit the number of client allowed on an interface */, "protocol-master" ( /* Select family as protocol master */ jdhcp_dual_stack_protocol_mstr_type /* Select family as protocol master */ ).as(:oneline), "short-cycle-protection" ( /* Short cycle lockout configuration */ sc( "lockout-min-time" arg /* Short cycle lockout time in seconds */, "lockout-max-time" arg /* Short cycle lockout time in seconds */ ) ).as(:oneline) ) ) end rule(:classification_types) do c( "mac-address" /* MAC address of client */, "circuit-id" /* Circuit-id as key */, "remote-id" /* Remote-id as key */ ) end rule(:dhcp_generic_v4_option) do c( "option-number" ( /* Option number */ ("60" | "77") ), "equals" ( /* Generic option equals */ relay_v4_option_ascii_hex /* Generic option equals */ ), "default-action" ( /* Generic option default action */ dhcp_v4_option_default_action /* Generic option default action */ ), "starts-with" ( /* Generic option starts with */ relay_v4_option_ascii_hex /* Generic option starts with */ ), "option-60" ( /* Add option 60 processing */ dhcp_generic_v4_option_type /* Add option 60 processing */ ), "option-77" ( /* Add option 77 processing */ dhcp_generic_v4_option_type /* Add option 77 processing */ ), "option-order" enum(("60" | "77")) /* Options precedence order */ ) end rule(:dhcp_generic_v4_option_type) do c( "equals" ( /* Generic option equals */ relay_v4_option_ascii_hex /* Generic option equals */ ), "default-action" ( /* Generic option default action */ dhcp_v4_option_default_action /* Generic option default action */ ), "starts-with" ( /* Generic option starts with */ relay_v4_option_ascii_hex /* Generic option starts with */ ) ) end rule(:dhcp_group) do arg.as(:arg) ( c( "active-server-group" ( /* Name of DHCP server group */ dhcpv4_gp_active_sg_type /* Name of DHCP server group */ ), "authentication" ( /* DHCP authentication */ authentication_type /* DHCP authentication */ ), "liveness-detection" ( /* DHCP client liveness detection processing */ dhcp_liveness_detection_type /* DHCP client liveness detection processing */ ), "dynamic-profile" ( /* Dynamic profile to use */ dynamic_profile_type /* Dynamic profile to use */ ).as(:oneline), "service-profile" arg /* Dynamic profile to use for default service activation */, "access-profile" arg /* Access profile to use for AAA services */, "overrides" ( /* DHCP override processing */ override_type /* DHCP override processing */ ), "short-cycle-protection" ( /* Short cycle lockout configuration */ sc( "lockout-min-time" arg /* Short cycle lockout time in seconds */, "lockout-max-time" arg /* Short cycle lockout time in seconds */ ) ).as(:oneline), "server-match" ( /* Server match processing */ c( "default-action" ( /* Server match default action */ server_match_action_choice /* Server match default action */ ), "address" arg ( /* Server address */ c( c( "forward-only" /* Forward without subscriber services when a match is made */, "create-relay-entry" /* Create relay entry and allow subscriber services */ ) ) ) ) ), "relay-option" ( /* DHCP option processing */ dhcp_generic_v4_option /* DHCP option processing */ ), "relay-option-60" ( /* DHCP option-60 processing */ relay_option_60_type_group /* DHCP option-60 processing */ ), "relay-option-82" ( /* DHCP option-82 processing */ relay_option_82_type /* DHCP option-82 processing */ ), "forward-only" ( /* Forward DHCP packets without creating binding */ forward_only_to_rc_type /* Forward DHCP packets without creating binding */ ), "route-suppression" ( /* Suppress access-internal and/or destination route addition */ dhcp_route_suppression_type /* Suppress access-internal and/or destination route addition */ ), "description" arg /* Text description of servers */, "maximum-hop-count" arg /* Maximum number of hops per packet */, "minimum-wait-time" arg /* Minimum number of seconds before requests are forwarded */, "client-response-ttl" arg /* IP time-to-live value to set in responses to client */, "source-ip-change" /* Use address of egress interface as source ip */, "interface" arg ( /* One or more interfaces */ c( "upto" ( /* Interface up to */ interface_name /* Interface up to */ ), "exclude" /* Exclude this interface range */, "trace" /* Enable tracing for this interface */, "overrides" ( /* DHCP override processing */ override_type /* DHCP override processing */ ), "dynamic-profile" ( /* Dynamic profile to use */ dynamic_profile_type /* Dynamic profile to use */ ).as(:oneline), "service-profile" arg /* Dynamic profile to use for default service activation */, "access-profile" arg /* Access profile to use for AAA services */, "short-cycle-protection" ( /* Short cycle lockout configuration */ sc( "lockout-min-time" arg /* Short cycle lockout time in seconds */, "lockout-max-time" arg /* Short cycle lockout time in seconds */ ) ).as(:oneline) ) ), "remote-id-mismatch" ( /* DHCP client remote-id mismatch */ dhcp_remote_id_mismatch_type /* DHCP client remote-id mismatch */ ), "lease-time-validation" ( /* Configure lease time violation validation */ c( "lease-time-threshold" arg /* Threshold for lease time violation in seconds */, "violation-action" ( /* Lease time validation violation action */ sc( "drop" /* Drop dhcpv4 offer and ack packets */ ) ).as(:oneline) ) ) ) ) end rule(:dhcp_liveness_detection_dualstack_type) do c( "failure-action" ( /* Liveness detection failure action options */ dhcp_liveness_detection_failure_action_type /* Liveness detection failure action options */ ).as(:oneline), "method" ( /* Liveness detection method options */ c( c( "layer2-liveness-detection" ( /* Address resolution options */ dhcp_arp_nud_liveness_detection_type /* Address resolution options */ ) ) ) ) ) end rule(:dhcp_arp_nud_liveness_detection_type) do c( "transmit-interval" arg /* Transmit interval for address resolution */, "max-consecutive-retries" arg /* Retry attempts */ ) end rule(:dhcp_liveness_detection_failure_action_type) do c( c( "clear-binding" /* Clear the client binding */, "clear-binding-if-interface-up" /* Clear the client binding only if the incoming interface is up */, "log-only" /* Maintain the client binding and log the failure event */ ) ).as(:oneline) end rule(:dhcp_liveness_detection_type) do c( "failure-action" ( /* Liveness detection failure action options */ dhcp_liveness_detection_failure_action_type /* Liveness detection failure action options */ ).as(:oneline), "method" ( /* Liveness detection method options */ c( c( "bfd" ( /* Bidirectional Forwarding Detection (BFD) options */ dhcp_bfd_liveness_detection_type /* Bidirectional Forwarding Detection (BFD) options */ ), "layer2-liveness-detection" ( /* Address resolution options */ dhcp_arp_nud_liveness_detection_type /* Address resolution options */ ) ) ) ) ) end rule(:dhcp_bfd_liveness_detection_type) do c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "session-mode" ( /* BFD single-hop or multihop session-mode */ ("automatic" | "single-hop" | "multihop") ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */ ) end rule(:dhcp_remote_id_mismatch_type) do c( "disconnect" /* Disconnect session on remote-id mismatch */ ) end rule(:dhcp_route_suppression_type) do c( c( "access-internal" /* Suppress access-internal and destination route addition */, "destination" /* Suppress destination route addition */ ) ) end rule(:dhcp_v4_option_default_action) do c( c( "relay-server-group" arg /* Name of DHCP relay server group when match is made */, "local-server-group" arg /* Name of DHCP local server group when match is made */, "drop" /* Discard when a match is made */, "forward-only" /* Forward without subscriber services when a match is made */ ) ) end rule(:dhcpv4_gbl_active_sg_type) do c( arg, "allow-server-change" /* Accept DHCP-ACK from any server in this group */ ).as(:oneline) end rule(:dhcpv4_gp_active_sg_type) do c( arg, "allow-server-change" /* Accept DHCP-ACK from any server in this group */ ).as(:oneline) end rule(:dhcpv6_relay_type) do c( "authentication" ( /* DHCPv6 authentication */ dhcpv6_authentication_type /* DHCPv6 authentication */ ), "persistent-storage" ( /* Trigger to enable flat file storage */ sc( "automatic" /* Trigger automatically */ ) ).as(:oneline), "liveness-detection" ( /* DHCPv6 client liveness detection processing */ dhcpv6_liveness_detection_type /* DHCPv6 client liveness detection processing */ ), "dynamic-profile" ( /* Dynamic profile to use */ dynamic_profile_type /* Dynamic profile to use */ ).as(:oneline), "service-profile" arg /* Dynamic profile to use for default service activation */, "access-profile" arg /* Access profile to use for AAA services */, "short-cycle-protection" ( /* Short cycle lockout configuration */ sc( "lockout-min-time" arg /* Short cycle lockout time in seconds */, "lockout-max-time" arg /* Short cycle lockout time in seconds */ ) ).as(:oneline), "overrides" ( /* DHCPv6 override processing */ dhcpv6_override_relay_type /* DHCPv6 override processing */ ), "relay-option" ( /* DHCPv6 option processing */ dhcp_generic_v6_option /* DHCPv6 option processing */ ), "exclude-relay-agent-identifier" /* Exclude relay agent identifier from packets to server */, "server-match" ( /* Server match processing */ c( "default-action" ( /* Server match default action */ server_match_action_choice /* Server match default action */ ), "duid" ( /* Match duid processing */ c( "equals" ( /* Duid equals */ server_match_v6_ascii_hex /* Duid equals */ ), "starts-with" ( /* Duid starts with */ server_match_v6_ascii_hex /* Duid starts with */ ) ) ), "address" arg ( /* Server ipv6 address */ c( c( "forward-only" /* Forward without subscriber services when a match is made */, "create-relay-entry" /* Create relay entry and allow subscriber services */ ) ) ) ) ), "relay-agent-option-79" /* Add the client MAC address to the Relay Forward header. */, "vendor-specific-information" ( /* DHCPv6 option 17 vendor-specific processing */ jdhcp_vendor_specific_type /* DHCPv6 option 17 vendor-specific processing */ ), "forward-only" ( /* Forward DHCPv6 packets without creating binding */ forward_only_to_rc_type /* Forward DHCPv6 packets without creating binding */ ), "forward-only-replies" /* Forward-only replies from server to appropriate logical-system:routing-instance based on options */, "forward-snooped-clients" ( /* Forward snooped (unicast) packets */ sc( c( "configured-interfaces" /* Forward snooped (unicast) packets on configured interfaces */, "non-configured-interfaces" /* Forward snooped (unicast) packets on non-configured interfaces */, "all-interfaces" /* Forward snooped (unicast) packets on configured and non-configured interfaces */ ) ) ).as(:oneline), "route-suppression" ( /* Suppress access-internal and/or access route addition */ dhcpv6_route_suppression_type /* Suppress access-internal and/or access route addition */ ), "group" ( /* Define a DHCPv6 relay group */ dhcpv6_relay_group /* Define a DHCPv6 relay group */ ), "relay-agent-interface-id" ( /* DHCPv6 interface-id option processing */ v6_relay_option_interface_id_type /* DHCPv6 interface-id option processing */ ), "relay-agent-remote-id" ( /* DHCPv6 remote-id option processing */ v6_relay_option_remote_id_type /* DHCPv6 remote-id option processing */ ), "server-group" ( /* Define a DHCPv6 server group */ v6_server_group_type /* Define a DHCPv6 server group */ ), "active-server-group" ( /* Name of DHCPv6 server group */ dhcpv6_gbl_active_sg_type /* Name of DHCPv6 server group */ ), "server-response-time" arg /* Number of seconds in a period of activity between the last server response and an unaswered request */, "lease-time-validation" ( /* Configure lease time violation validation */ c( "lease-time-threshold" arg /* Threshold for lease time violation in seconds */, "violation-action" ( /* Lease time validation violation action */ sc( "drop" /* Drop dhcpv6 advertise and reply packets */ ) ).as(:oneline) ) ), "no-snoop" /* Do not snoop DHCPV6 packets */, "leasequery" ( /* DHCPv6 leasequery configuration */ relay_leasequery_type /* DHCPv6 leasequery configuration */ ), "bulk-leasequery" ( /* DHCPv6 bulk leasequery configuration */ relay_bulk_leasequery_v6_type /* DHCPv6 bulk leasequery configuration */ ), "active-leasequery" ( /* DHCPv6 active leasequery configuration */ relay_active_leasequery_v6_type /* DHCPv6 active leasequery configuration */ ), "remote-id-mismatch" ( /* DHCP client remote-id mismatch */ dhcp_remote_id_mismatch_type /* DHCP client remote-id mismatch */ ), "duplicate-clients" ( /* Allow duplicate clients */ dhcpv6_duplicate_clients_type /* Allow duplicate clients */ ).as(:oneline) ) end rule(:dhcp_generic_v6_option) do c( "option-number" ( /* Option number */ ("15" | "16") ), "equals" ( /* Generic option equals */ relay_v6_option_ascii_hex /* Generic option equals */ ), "default-action" ( /* Generic option default action */ dhcp_v6_option_default_action /* Generic option default action */ ), "starts-with" ( /* Generic option starts with */ relay_v6_option_ascii_hex /* Generic option starts with */ ), "option-15" ( /* Add option 15 processing */ dhcp_generic_v6_option_type /* Add option 15 processing */ ), "option-16" ( /* Add option 16 processing */ dhcp_generic_v6_option_type /* Add option 16 processing */ ), "option-order" enum(("15" | "16")) /* Options precedence order */ ) end rule(:dhcp_generic_v6_option_type) do c( "equals" ( /* Generic option equals */ relay_v6_option_ascii_hex /* Generic option equals */ ), "default-action" ( /* Generic option default action */ dhcp_v6_option_default_action /* Generic option default action */ ), "starts-with" ( /* Generic option starts with */ relay_v6_option_ascii_hex /* Generic option starts with */ ) ) end rule(:dhcp_v6_option_default_action) do c( c( "relay-server-group" arg /* Name of DHCP relay server group when match is made */, "drop" /* Discard when a match is made */, "forward-only" /* Forward without subscriber services when a match is made */ ) ) end rule(:dhcpv6_authentication_type) do c( "password" arg /* Username password to use */, "username-include" ( /* Add username options */ c( "delimiter" arg /* Change delimiter/separator character */, "domain-name" arg /* Add domain name */, "user-prefix" arg /* Add user defined prefix */, "mac-address" /* Include MAC address */, "client-id" ( /* Include client ID */ sc( "exclude-headers" /* Exclude all the headers */, "use-automatic-ascii-hex-encoding" /* Use automatic ascii hex username encoding */ ) ).as(:oneline), "relay-agent-remote-id" ( /* Include the relay agent remote ID */ c( c( "enterprise-id" /* Only use enterprise-id portion of option-37 */, "remote-id" /* Only use remote-id portion of option-37 */ ) ) ), "logical-system-name" /* Include logical system name */, "routing-instance-name" /* Include routing instance name */, "relay-agent-subscriber-id" /* Include the relay agent subscriber ID */, "relay-agent-interface-id" /* Include the relay agent interface ID */, "circuit-type" /* Include circuit type */, "interface-name" /* Include interface name */, "interface-description" ( /* Include interface description */ ("device" | "logical") ), "vlan-tags" /* Include the vlan tag(s) */ ) ) ) end rule(:dhcpv6_duplicate_clients_type) do c( c( "incoming-interface" /* Allow duplicate clients on different underlying interfaces */ ) ).as(:oneline) end rule(:dhcpv6_gbl_active_sg_type) do c( arg ) end rule(:dhcpv6_liveness_detection_type) do c( "failure-action" ( /* Liveness detection failure action options */ dhcp_liveness_detection_failure_action_type /* Liveness detection failure action options */ ).as(:oneline), "method" ( /* Liveness detection method options */ c( c( "bfd" ( /* Bidirectional Forwarding Detection (BFD) options */ dhcp_bfd_liveness_detection_type /* Bidirectional Forwarding Detection (BFD) options */ ), "layer2-liveness-detection" ( /* Neighbor discovery options */ dhcp_arp_nud_liveness_detection_type /* Neighbor discovery options */ ) ) ) ) ) end rule(:dhcpv6_override_relay_type) do c( "allow-snooped-clients" /* Allow client creation from snooped PDUs */, "no-allow-snooped-clients" /* Don't allow client creation from snooped PDUs */, "delay-authentication" /* Delay subscriber authentication in DHCP protocol processing until request packet */, "interface-client-limit" arg /* Limit the number of clients allowed on an interface */, "dual-stack" arg /* Dual stack group to use. */, "no-bind-on-request" /* Do not bind if stray DHCPv6 RENEW, REBIND is received */, "client-negotiation-match" ( /* Use secondary match criteria for SOLICIT PDU */ sc( c( "incoming-interface" /* Use incoming interface */ ) ) ).as(:oneline), "send-release-on-delete" /* Always send RELEASE to the server when a binding is deleted */, "always-process-option-request-option" /* Always process option even after address allocation failure */, "relay-source" ( /* Interface for relay source */ interface_name /* Interface for relay source */ ), "delete-binding-on-renegotiation" /* Delete binding on renegotiation */, "asymmetric-lease-time" arg /* Use a reduced lease time for the client. In seconds */, "asymmetric-prefix-lease-time" arg /* Use a reduced prefix lease time for the client. In seconds */ ) end rule(:dhcpv6_relay_group) do arg.as(:arg) ( c( "active-server-group" ( /* Name of DHCPv6 server group */ dhcpv6_gp_active_sg_type /* Name of DHCPv6 server group */ ), "dual-stack-group" ( /* Define a DHCP dual stack group */ dhcp_dual_stack_group /* Define a DHCP dual stack group */ ), "authentication" ( /* DHCPv6 authentication */ dhcpv6_authentication_type /* DHCPv6 authentication */ ), "liveness-detection" ( /* DHCPv6 client liveness detection processing */ dhcpv6_liveness_detection_type /* DHCPv6 client liveness detection processing */ ), "dynamic-profile" ( /* Dynamic profile to use */ dynamic_profile_type /* Dynamic profile to use */ ).as(:oneline), "service-profile" arg /* Dynamic profile to use for default service activation */, "access-profile" arg /* Access profile to use for AAA services */, "short-cycle-protection" ( /* Short cycle lockout configuration */ sc( "lockout-min-time" arg /* Short cycle lockout time in seconds */, "lockout-max-time" arg /* Short cycle lockout time in seconds */ ) ).as(:oneline), "overrides" ( /* DHCPv6 override processing */ dhcpv6_override_relay_type /* DHCPv6 override processing */ ), "relay-option" ( /* DHCPv6 option processing */ dhcp_generic_v6_option /* DHCPv6 option processing */ ), "vendor-specific-information" ( /* DHCPv6 option 17 vendor-specific processing */ jdhcp_vendor_specific_type /* DHCPv6 option 17 vendor-specific processing */ ), "forward-only" ( /* Forward DHCPv6 packets without creating binding */ forward_only_to_rc_type /* Forward DHCPv6 packets without creating binding */ ), "relay-agent-interface-id" ( /* DHCPv6 interface-id option processing */ v6_relay_option_interface_id_type /* DHCPv6 interface-id option processing */ ), "relay-agent-remote-id" ( /* DHCPv6 remote-id option processing */ v6_relay_option_remote_id_type /* DHCPv6 remote-id option processing */ ), "route-suppression" ( /* Suppress access-internal and/or access route addition */ dhcpv6_route_suppression_type /* Suppress access-internal and/or access route addition */ ), "relay-agent-option-79" /* Add the client MAC address to the Relay Forward header. */, "interface" arg ( /* One or more interfaces */ c( "upto" ( /* Interface up to */ interface_name /* Interface up to */ ), "exclude" /* Exclude this interface range */, "trace" /* Enable tracing for this interface */, "overrides" ( /* DHCPv6 override processing */ dhcpv6_override_relay_type /* DHCPv6 override processing */ ), "dynamic-profile" ( /* Dynamic profile to use */ dynamic_profile_type /* Dynamic profile to use */ ).as(:oneline), "service-profile" arg /* Dynamic profile to use for default service activation */, "access-profile" arg /* Access profile to use for AAA services */, "short-cycle-protection" ( /* Short cycle lockout configuration */ sc( "lockout-min-time" arg /* Short cycle lockout time in seconds */, "lockout-max-time" arg /* Short cycle lockout time in seconds */ ) ).as(:oneline) ) ), "lease-time-validation" ( /* Configure lease time violation validation */ c( "lease-time-threshold" arg /* Threshold for lease time violation in seconds */, "violation-action" ( /* Lease time validation violation action */ sc( "drop" /* Drop dhcpv6 advertise and reply packets */ ) ).as(:oneline) ) ), "remote-id-mismatch" ( /* DHCP client remote-id mismatch */ dhcp_remote_id_mismatch_type /* DHCP client remote-id mismatch */ ), "server-match" ( /* Server match processing */ c( "default-action" ( /* Server match default action */ server_match_action_choice /* Server match default action */ ), "duid" ( /* Match duid processing */ c( "equals" ( /* Duid equals */ server_match_v6_ascii_hex /* Duid equals */ ), "starts-with" ( /* Duid starts with */ server_match_v6_ascii_hex /* Duid starts with */ ) ) ), "address" arg ( /* Server ipv6 address */ c( c( "forward-only" /* Forward without subscriber services when a match is made */, "create-relay-entry" /* Create relay entry and allow subscriber services */ ) ) ) ) ) ) ) end rule(:dhcpv6_gp_active_sg_type) do c( arg ) end rule(:dhcpv6_route_suppression_type) do c( "access" /* Suppress access route addition */, "access-internal" /* Suppress access-internal route addition */ ).as(:oneline) end rule(:dual_stack_authentication_type) do c( "password" arg /* Username password to use */, "username-include" ( /* Add username options */ c( "delimiter" arg /* Change delimiter/separator character */, "domain-name" arg /* Add domain name */, "user-prefix" arg /* Add user defined prefix */, "mac-address" /* Include MAC address */, "client-id" ( /* Include client ID */ sc( "exclude-headers" /* Exclude all the headers */, "use-automatic-ascii-hex-encoding" /* Use automatic ascii hex username encoding */ ) ).as(:oneline), "relay-agent-remote-id" /* Include the relay agent remote ID */, "logical-system-name" /* Include logical system name */, "routing-instance-name" /* Include routing instance name */, "relay-agent-interface-id" /* Include the relay agent interface ID */, "interface-name" /* Include interface name */, "interface-description" ( /* Include interface description */ ("device" | "logical") ), "circuit-type" /* Include circuit type */, "vlan-tags" /* Include the vlan tag(s) */ ) ) ) end rule(:dynamic_profile_type) do c( arg, c( "use-primary" arg /* Dynamic profile to use on the primary interface */, "aggregate-clients" ( /* Aggregate client profiles */ c( c( "merge" /* Merge the client dynamic profiles */, "replace" /* Replace client dynamic profiles */ ) ) ) ) ).as(:oneline) end rule(:forward_only_to_rc_type) do c( "logical-system" ( ("default" | "current" | arg) ), "routing-instance" ( ("default" | "current" | arg) ) ) end rule(:jdhcp_dual_stack_protocol_mstr_type) do c( c( "inet" /* INET family has protocol master behavior */, "inet6" /* INET6 family has protocol master behavior */ ) ).as(:oneline) end rule(:jdhcp_duplicate_clients_in_subnet_type) do c( c( "incoming-interface" /* Allow duplicate clients on different interfaces in a subnet */, "option-82" /* Allow duplicate clients using different option-82 options in a subnet */ ) ).as(:oneline) end rule(:jdhcp_interface_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("state" | "packet" | "flow" | "packet-option" | "dhcpv6-state" | "dhcpv6-packet" | "dhcpv6-packet-option" | "all")) /* Interface trace categories */.as(:oneline) ) end rule(:jdhcp_security_type) do c( "no-dhcp-snooping" /* Disable dhcp snooping */, "arp-inspection" /* Enable dynamic ARP inspection */, "ip-source-guard" /* Enable IP source guard */, "no-dhcpv6-snooping" /* Disable DHCPv6 snooping */, "neighbor-discovery-inspection" /* Enable neighbor discovery inspection */, "ipv6-source-guard" /* Enable IPv6 source guard */, "light-weight-dhcpv6-relay" /* Enable light weight dhcpv6 relay */, "group" ( /* Define a DHCP security group for overriding defaults */ ds_group /* Define a DHCP security group for overriding defaults */ ), "option-82" ( /* DHCP option-82 processing for snooped packets */ security_option_82_type /* DHCP option-82 processing for snooped packets */ ), "dhcpv6-options" ( /* DHCPv6 option processing for snooped packets */ security_dhcpv6_options_type /* DHCPv6 option processing for snooped packets */ ) ) end rule(:ds_group) do arg.as(:arg) ( c( "overrides" ( /* DHCP override processing */ ds_override_type /* DHCP override processing */ ), "interface" arg ( /* One or more interfaces */ c( "static-ip" ( /* Static IP address configuration */ ip_mac_static /* Static IP address configuration */ ), "static-ipv6" ( /* Static IPv6 address configuration */ ipv6_mac_static /* Static IPv6 address configuration */ ) ) ) ) ) end rule(:ds_override_type) do c( "trusted" /* Make this trusted group of interfaces */, "untrusted" /* Make this untrusted group of interfaces */, "no-option82" /* Make this group of interfaces not to add option82 */, "no-option37" /* Make this group of interfaces not to add option37 */, "no-option18" /* Make this group of interfaces not to add option18 */, "no-option16" /* Make this group of interfaces not to add option16 */, "no-option79" /* Make this group of interfaces not to add option79 */, "no-dhcpv6-options" /* Make this group of interfaces not to add any DHCPv6 options */ ) end rule(:ip_mac_static) do arg.as(:arg) ( c( "mac" ( /* MAC address */ mac_addr /* MAC address */ ) ) ).as(:oneline) end rule(:ipv6_mac_static) do arg.as(:arg) ( c( "mac" ( /* MAC address */ mac_addr /* MAC address */ ) ) ).as(:oneline) end rule(:jdhcp_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("state" | "packet" | "flow" | "packet-option" | "dhcpv6-state" | "dhcpv6-packet" | "dhcpv6-packet-option" | "all" | "database" | "persistent" | "lockout-db" | "interface" | "rtsock" | "flow-notify" | "io" | "ha" | "ui" | "general" | "fwd" | "rpd" | "auth" | "profile" | "session-db" | "performance" | "statistics" | "dhcpv6-io" | "dhcpv6-rpd" | "dhcpv6-session-db" | "dhcpv6-general" | "liveness-detection" | "security-persistence" | "mclag" | "ra-guard" | "era")) /* DHCP operations to include in debugging trace */.as(:oneline) ) end rule(:jdhcp_vendor_specific_type) do c( "host-name" /* Add router host name */, "location" /* Add location information expressed as interface name format */ ).as(:oneline) end rule(:juniper_cdr_profiles) do arg.as(:arg) ( c( "description" arg /* Text description of this profile */, "enable-reduced-partial-cdrs" /* Enable reduced partial CDR's */, "report-requested-apn" /* Report requested/virtual APN in CDR's */, "exclude-attributes" ( /* Specify excluded IE options in CDRs */ c( "apn-ni" /* Exclude APN network identifier IE in the CDR */, "apn-selection-mode" /* Exclude APN selection mode IE in the CDR */, "cc-selection-mode" /* Exclude charging characteristic selection mode IE in the CDR */, "dynamic-address" /* Exclude dynamic address IE in the CDR */, "pgw-plmn-identifier" /* Exclude PGW PLMN identifier IE in the CDR */, "list-of-traffic-volumes" /* Exclude list of traffic volumes in the CDR */, "list-of-service-data" /* Exclude list of service data in the CDR */, "lrsn" /* Exclude local record sequece number IE in the CDR */, "ms-time-zone" /* Exclude MS time zone IE in the CDR */, "network-initiation" /* Exclude network initiation flag in the CDR */, "node-id" /* Exclude node ID IE in the CDR */, "pdn-connection-id" /* Exclude PDN connection ID IE in the CDR */, "pdppdn-type" /* Exclude PDP or PDN type IE in the CDR */, "rat-type" /* Exclude RAT type IE in the CDR */, "record-sequence-number" /* Exclude record sequence number IE in the CDR */, "served-imeisv" /* Exclude served IMEI IE in the CDR */, "served-msisdn" /* Exclude served MSISDN IE in the CDR */, "served-pdppdn-address" /* Exclude served PDP context or IP CAN bearer address IE in the CDR */, "serving-node-plmn-identifier" /* Exclude serving node PLMN identifier IE in the CDR */, "start-time" /* Exclude start time IE in the CDR */, "stop-time" /* Exclude stop time IE in the CDR */, "user-location-information" /* Exclude user location IE in the CDR */, "sgw-change" /* S-GW specific: Exclude S-GW change IE in the CDR */, "pgw-address-used" /* S-GW specific: Exclude P-GW address used IE in the CDR */, "ps-furnish-info" /* Exclude PS Furnish charging info */, "served-pdp-address-extension" /* Exclude served pdp pdn address extension */ ) ), "node-id" ( /* Default node identifier */ ("hostname" | "hostname-spic" | "ipaddress-spic") ) ) ) end rule(:juniper_charged_configuraton) do c( "file-age" ( /* Configures file age */ sc( arg, "disable" /* Disable file age trigger */ ) ).as(:oneline), "file-size" ( /* Configures file size */ sc( arg, "disable" /* Disable file size trigger */ ) ).as(:oneline), "cdrs-per-file" arg /* Number of CDRs per file */, "user-name" arg /* User authorized to access the files */, "disable-replication" /* Disable replication of CDR log files to standby RE */, "world-readable" /* CDR log files can be accessed by all users */, "file-format" ( /* CDR file format */ ("3gpp" | "raw-asn") ), "file-name-private-extension" arg /* File name private extension */, "file-creation-policy" ( /* File creation policy (shared/unique) */ ("shared-file" | "unique-file") ), "disk-space-policy" ( /* Policy on what should be done when disk runs out of space */ c( "water-mark-level1" ( /* Water mark level1 percentage and notification */ c( "percentage" arg /* The water mark level1 percentage, a value of 0 will disable it */, "notification-level" ( /* Notification when water-mark-level is reached */ ("snmp-alarm" | "syslog" | "both") ) ) ), "water-mark-level2" ( /* Water mark level2 percentage and notification */ c( "percentage" arg /* The water mark level2 percentage, a value of 0 will disable it */, "notification-level" ( /* Notification when water-mark-leve2 is reached */ ("snmp-alarm" | "syslog" | "both") ) ) ), "water-mark-level3" ( /* Water mark level3 percentage and notification */ c( "percentage" arg /* The water mark level3 percentage */, "notification-level" ( /* Notification when water-mark-level3 is reached */ ("snmp-alarm" | "syslog" | "both") ) ) ) ) ), "traceoptions" ( /* Charged persistent local-storage CDR trace options */ charged_traceoptions_type /* Charged persistent local-storage CDR trace options */ ) ) end rule(:charged_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("critical" | "error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("general" | "mirror" | "connection" | "file-operations" | "journaling" | "all")) /* Charged operations to include in debugging trace */.as(:oneline) ) end rule(:juniper_charging_profiles) do arg.as(:arg) ( c( "description" arg /* Text description of this profile */, "profile-id" arg /* Profile id that is matched against GTP charging characteristic or AAA charging profile number (applicable only in the case of ggsn-pgw) */, "default-service-id" arg /* Default service ID to be used for charging, applicable for GGSN/P-GW only */, "default-rating-group" arg /* Default rating group to be used for charging, applicable for GGSN/P-GW only */, "default-l7-rating-group" arg /* Default rating group to be used for L7 charging */, "transport-profile" ( /* Transport profile referred by this charging profile */ c( arg ) ), "cdr-profile" ( /* Transport profile referred by this charging profile */ c( arg ) ), "trigger-profile" arg ( /* Trigger profile referred by this charging profile */ c( "rating-group" arg /* Input rating-group identifier */ ) ), "service-mode" ( /* Service mode */ ("maintenance") ) ) ) end rule(:juniper_class_of_service_options) do c( "classifiers" ( /* Classify incoming packets based on code point value */ c( "dscp" arg ( /* Differentiated Services code point classifier */ c( "import" ( /* Include this classifier in this definition */ ("default") ), "forwarding-class" arg ( /* Define a classification of code point aliases */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Classify code points to a loss priority */ sc( "code-points" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline) ) ) ) ), "dscp-ipv6" arg ( /* Differentiated Services code point classifier IPv6 */ c( "import" ( /* Include this classifier in this definition */ ("default") ), "forwarding-class" arg ( /* Define a classification of code point aliases */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Classify code points to a loss priority */ sc( "code-points" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline) ) ) ) ), "exp" arg ( /* MPLS EXP classifier */ c( "import" ( /* Include this classifier in this definition */ ("default") ), "forwarding-class" arg ( /* Define a classification of code point aliases */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Classify code points to a loss priority */ sc( "code-points" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline) ) ) ) ), "ieee-802.1" arg ( /* IEEE-802.1 classifier */ c( "import" ( /* Include this classifier in this definition */ ("default") ), "forwarding-class" arg ( /* Define a classification of code point aliases */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Classify code points to a loss priority */ sc( "code-points" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline) ) ) ) ), "inet-precedence" arg ( /* IPv4 precedence classifier */ c( "import" ( /* Include this classifier in this definition */ ("default") ), "forwarding-class" arg ( /* Define a classification of code point aliases */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Classify code points to a loss priority */ sc( "code-points" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline) ) ) ) ), "ieee-802.1ad" arg ( /* IEEE-802.1ad (DEI) classifier */ c( "import" ( /* Include this classifier in this definition */ ("default") ), "forwarding-class" arg ( /* Define a classification of code point aliases */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Classify code points to a loss priority */ sc( "code-points" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline) ) ) ) ) ) ), "traffic-class-map" ( /* Packet input priority map based on incoming packets code point */ c( "inet-precedence" arg ( /* IPv4 precedence traffic-class-map */ c( "traffic-class" ("real-time" | "network-control" | "best-effort") ( /* Map code points to a input packet priority */ sc( "code-points" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline) ) ), "dscp" arg ( /* Differentiated Services code point traffic-class-map */ c( "traffic-class" ("real-time" | "network-control" | "best-effort") ( /* Map code points to a input packet priority */ sc( "code-points" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline) ) ), "exp" arg ( /* MPLS EXP traffic-class-map */ c( "traffic-class" ("real-time" | "network-control" | "best-effort") ( /* Map code points to a input packet priority */ sc( "code-points" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline) ) ), "ieee-802.1" arg ( /* IEEE-802.1 traffic-class-map */ c( "traffic-class" ("real-time" | "network-control" | "best-effort") ( /* Map code points to a input packet priority */ sc( "code-points" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline) ) ), "ieee-802.1ad" arg ( /* IEEE-802.1ad (DEI) traffic-class-map */ c( "traffic-class" ("real-time" | "network-control" | "best-effort") ( /* Map code points to a input packet priority */ sc( "code-points" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline) ) ) ) ), "policy-map" arg ( /* Policy-map describing the packet marking rule */ c( "inet-precedence" ("proto-ip" | "proto-mpls") ( /* IPv4 INET-Precedence Policy-map code point */ sc( "code-point" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline), "dscp" ("proto-ip" | "proto-mpls") ( /* IPv4 Differentiated Services Policy-map code point */ sc( "code-point" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline), "dscp-ipv6" ("proto-ip" | "proto-mpls") ( /* IPv6 Differentiated Services Policy-map code point */ sc( "code-point" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline), "exp" ("all-label" | "outer-label") ( /* MPLS EXP Policy-map code point */ sc( "code-point" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline), "ieee-802.1" ("outer" | "outer-and-inner") ( /* IEEE-802.1 Policy-map code point */ sc( "code-point" arg /* List of code point aliases and/or bit strings */ ) ).as(:oneline), "ieee-802.1ad" ("outer" | "outer-and-inner") ( /* IEEE-802.1ad Policy-map code point */ sc( "code-point" arg /* IEEE-802.1ad (DEI) Policy-map code point */ ) ).as(:oneline) ) ), "forwarding-class-map" arg ( /* Map forwarding class to queue number for interfaces */ c( "class" arg ( /* Forwarding class */ sc( "queue-num" arg /* Queue number */, "restricted-queue" arg /* Restricted queue number */ ) ).as(:oneline) ) ), "loss-priority-maps" ( /* Map loss priority of incoming packets based on code point value */ c( "frame-relay-de" arg ( /* Frame relay discard eligible bit loss priority map */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Map code points to a loss priority */ sc( "code-points" arg /* List of bit strings */ ) ).as(:oneline) ) ) ) ), "loss-priority-rewrites" ( /* Rewrite code point of outgoing packet based on loss priority */ c( "frame-relay-de" arg ( /* Frame relay discard eligible bit loss priority rewrite */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Code point marking based on loss priority */ sc( "code-point" arg /* Code point aliases or bit string */ ) ).as(:oneline) ) ) ) ), "code-point-aliases" ( /* Mapping of code point aliases to bit strings */ c( "dscp" arg ( /* Differentiated Services code point aliases */ sc( arg /* DSCP 6-bit pattern */ ) ).as(:oneline), "dscp-ipv6" arg ( /* Differentiated Services code point aliases IPv6 */ sc( arg /* DSCP 6-bit pattern */ ) ).as(:oneline), "exp" arg ( /* MPLS EXP code point aliases */ sc( arg /* EXP 3-bit pattern */ ) ).as(:oneline), "ieee-802.1" arg ( /* IEEE-802.1 code point aliases */ sc( arg /* IEEE-802.1 3-bit pattern */ ) ).as(:oneline), "inet-precedence" arg ( /* IPv4 precedence code point aliases */ sc( arg /* IPv4 precedence 3-bit pattern */ ) ).as(:oneline), "ieee-802.1ad" arg ( /* IEEE-802.1ad (DEI) code point aliases */ sc( arg /* IEEE-802.1ad (DEI) 4-bit pattern */ ) ).as(:oneline), "inet6-precedence" arg ( /* IPv6 precedence code point aliases */ sc( arg /* IPv6 precedence 3-bit pattern */ ) ).as(:oneline) ) ), "translation-table" ( /* Translation table */ c( "to-802.1p-from-dscp" arg ( /* DSCP to 802.1 translation table */ c( "to-code-point" arg ( /* IEEE 802.1 code point */ sc( "from-code-points" arg /* DSCP code point */ ) ).as(:oneline) ) ), "to-inet-precedence-from-inet-precedence" arg ( /* INET PRECEDENCE to INET PRECEDENCE translation table */ c( "to-code-point" arg ( /* INET PRECEDENCE code point */ sc( "from-code-points" arg /* INET PRECEDENCE code point */ ) ).as(:oneline) ) ), "to-dscp-from-dscp" arg ( /* DSCP to DSCP translation table */ c( "to-code-point" arg ( /* DSCP code point */ sc( "from-code-points" arg /* DSCP code point */ ) ).as(:oneline) ) ), "to-dscp-ipv6-from-dscp-ipv6" arg ( /* DSCP-IPV6 to DSCP-IPV6 translation table */ c( "to-code-point" arg ( /* DSCP-IPV6 code point */ sc( "from-code-points" arg /* DSCP-IPV6 code point */ ) ).as(:oneline) ) ), "to-exp-from-exp" arg ( /* EXP to EXP translation table */ c( "to-code-point" arg ( /* EXP code point */ sc( "from-code-points" arg /* EXP code point */ ) ).as(:oneline) ) ) ) ), "host-outbound-traffic" ( /* Classify and mark host traffic to forwarding engine */ c( "forwarding-class" arg /* Classification of host traffic to forwarding engine */, "dscp-code-point" arg /* Static DSCP code point of egress host traffic */, "override-firewall" /* Override firewall filter actions for RE generated traffic */, "translation-table" ( /* Translation table for host outbound packets */ sc( "to-802.1p-from-dscp" arg /* DSCP to 802.1 translation table */ ) ).as(:oneline), "tcp" ( /* Settings for host outbound TCP packets */ c( "raise-internet-control-priority" /* Place packets with IP Precedence set to Internet control into Q3 (network-control) */ ) ), "ieee-802.1" ( /* Mark IEEE 802.1p for host output traffic */ c( "rewrite-rules" /* Mark IEEE 802.1p for host outbound traffic using rewrite-rules */, "default" arg /* Mark IEEE 802.1p for host outbound traffic default value */ ) ), "protocol" ( /* Settings for specific host outbound protocol packets */ c( "isis-over-gre" ( /* Settings for ISIS over GRE packets */ c( "dscp-code-point" arg /* Static DSCP code point of egress host traffic */ ) ) ) ) ) ), "drop-profiles" arg ( /* Random Early Drop (RED) data point map */ c( "fill-level" arg ( /* Fill-level value of data point */ sc( "drop-probability" arg /* Probability packet will be dropped */ ) ).as(:oneline), "interpolate" ( /* Data points interpolated */ c( "fill-level" arg /* Data points for queue full percentage */, "drop-probability" arg /* Data points for packet drop probability */ ) ) ) ), "adaptive-shapers" arg ( /* Define the list of trigger types and associated rates */ c( "trigger" enum(("becn")) ( /* List of trigger types */ sc( "shaping-rate" ( /* Shaping rate for the trigger */ sc( c( arg /* Shaping rate as an absolute rate */, "percent" arg /* Shaping rate as a percentage */ ) ) ).as(:oneline) ) ).as(:oneline) ) ), "virtual-channels" arg /* Define the list of virtual channels */, "virtual-channel-groups" arg ( /* Define list of virtual channel groups */ c( c( "scheduler-map" arg /* Scheduler map applied to this virtual channel */, "shaping-rate" ( /* Shaping rate for the trigger */ sc( c( arg /* Adaptive shaping rate as an absolute rate */, "percent" arg /* Adaptive shaping rate as a percentage */ ) ) ).as(:oneline), "default" /* Default virtual channel */ ) ) ), "copy-plp-all" /* Turn on loss-precedence copying including IP multicast */, "tri-color" /* Enable tricolor marking */, "non-strict-priority-scheduling" /* Enable non-strict-priority scheduling */, "shared-buffer" ( /* Shared buffer configuration */ c( "percent" arg /* Percentage of shared buffer to be used */, "ingress" ( /* Shared buffer configuration at ingress */ c( "percent" arg /* Percentage of shared buffer to be used at ingress */, "buffer-partition" arg ( /* Buffer-partition */ c( "percent" arg /* Percentage of ingress shared buffer to be used */, "dynamic-threshold" arg /* Threshold for maximum buffer share for a queue at ingress buffer-partition */ ) ) ) ), "egress" ( /* Shared buffer configuration at egress */ c( "percent" arg /* Percentage of shared buffer to be used at egress */, "buffer-partition" arg ( /* Buffer-partition */ c( "percent" arg /* Percentage of egress shared buffer to be used */, "dynamic-threshold" arg /* Threshold for maximum buffer share for a queue at egress buffer-partition */ ) ) ) ), "node-group" arg ( /* Node group to apply configuration to */ c( "ingress" ( /* Shared buffer configuration at ingress */ c( "percent" arg /* Percentage of shared buffer to be used at ingress */, "buffer-partition" arg ( /* Buffer-partition */ c( "percent" arg /* Percentage of ingress shared buffer to be used */ ) ) ) ), "egress" ( /* Shared buffer configuration at ingress */ c( "percent" arg /* Percentage of shared buffer to be used at egress */, "buffer-partition" arg ( /* Buffer-partition */ c( "percent" arg /* Percentage of egress shared buffer to be used */ ) ) ) ) ) ) ) ), "forwarding-classes" ( /* One or more mappings of forwarding class to queue number */ c( "class" arg ( /* Forwarding class to map to queue number */ sc( "queue-num" arg /* Queue number */, "priority" ( /* Fabric priority */ ("low" | "high") ), "policing-priority" ( /* Policing priority for hierarchical policers */ ("normal" | "premium") ), "no-loss" /* This is no traffic loss class */, "pfc-priority" arg /* PFC priority (FC id's) */, "spu-priority" ( /* SPU priority */ ("low" | "high" | "medium-low" | "medium-high" | "medium") ) ) ).as(:oneline), "queue" arg ( /* Queue number to map to forwarding class */ sc( arg, "priority" ( /* Fabric priority */ ("low" | "high") ), "policing-priority" ( /* Policing priority for hierarchical policers */ ("normal" | "premium") ) ) ).as(:oneline) ) ), "restricted-queues" ( /* Map forwarding classes to restricted queues */ c( "forwarding-class" arg ( /* Forwarding class to map to a restricted queue */ sc( arg ) ).as(:oneline) ) ), "traffic-control-profiles" arg ( /* Traffic shaping and scheduling profiles */ c( "scheduler-map" arg /* Mapping of forwarding classes to packet schedulers */, "strict-priority-scheduler" /* Enable strict priority scheduler. */, "atm-service" ( /* ATM service category */ ("cbr" | "rtvbr" | "nrtvbr") ), "peak-rate" arg /* ATM Peak Cell Rate (PCR) */, "sustained-rate" arg /* ATM Sustained Cell Rate (SCR) */, "max-burst-size" arg /* ATM Maximum Burst Size (MBS) */, "shaping-rate" ( /* Shaping rate */ sc( c( arg /* Shaping rate as an absolute rate */, "percent" arg /* Shaping rate as a percentage */ ), "burst-size" arg /* Shaping rate burst size */ ) ).as(:oneline), "overhead-accounting" ( /* Overhead accounting */ sc( arg, "bytes" arg /* Byte adjust value */, "frame-mode-bytes" arg /* Overhead bytes when in frame-mode */, "cell-mode-bytes" arg /* Overhead bytes when in cell-mode */ ) ).as(:oneline), "shaping-rate-priority-strict-high" ( /* Shaping rate for strict high priority traffic */ sc( c( arg /* Shaping rate in bits per second */, "percent" arg /* Shaping rate as a percentage */ ), "burst-size" arg /* Shaping rate burst size */ ) ).as(:oneline), "shaping-rate-priority-high" ( /* Shaping rate for high priority traffic */ sc( c( arg /* Shaping rate in bits per second */, "percent" arg /* Shaping rate as a percentage */ ), "burst-size" arg /* Shaping rate burst size */ ) ).as(:oneline), "shaping-rate-priority-medium" ( /* Shaping rate for medium priority traffic */ sc( c( arg /* Shaping rate in bits per second */, "percent" arg /* Shaping rate as a percentage */ ), "burst-size" arg /* Shaping rate burst size */ ) ).as(:oneline), "shaping-rate-priority-medium-low" ( /* Shaping rate for medium low priority traffic */ sc( c( arg /* Shaping rate in bits per second */, "percent" arg /* Shaping rate as a percentage */ ), "burst-size" arg /* Shaping rate burst size */ ) ).as(:oneline), "shaping-rate-priority-low" ( /* Shaping rate for low priority traffic */ sc( c( arg /* Shaping rate in bits per second */, "percent" arg /* Shaping rate as a percentage */ ), "burst-size" arg /* Shaping rate burst size */ ) ).as(:oneline), "shaping-rate-excess-high" ( /* Shaping rate for excess high traffic */ sc( c( arg /* Shaping rate in bits per second */, "percent" arg /* Shaping rate as a percentage */ ), "burst-size" arg /* Shaping rate burst size */ ) ).as(:oneline), "shaping-rate-excess-low" ( /* Shaping rate for excess low traffic */ sc( c( arg /* Shaping rate in bits per second */, "percent" arg /* Shaping rate as a percentage */ ), "burst-size" arg /* Shaping rate burst size */ ) ).as(:oneline), "shaping-rate-excess-medium-high" ( /* Shaping rate for excess medium-high traffic */ sc( c( arg /* Shaping rate in bits per second */, "percent" arg /* Shaping rate as a percentage */ ), "burst-size" arg /* Shaping rate burst size */ ) ).as(:oneline), "shaping-rate-excess-medium-low" ( /* Shaping rate for excess medium-low traffic */ sc( c( arg /* Shaping rate in bits per second */, "percent" arg /* Shaping rate as a percentage */ ), "burst-size" arg /* Shaping rate burst size */ ) ).as(:oneline), "guaranteed-rate" ( /* Guaranteed rate */ sc( c( arg /* Guaranteed rate as an absolute rate */, "percent" arg /* Guaranteed rate as a percentage */ ), "burst-size" arg /* Guaranteed rate burst size */ ) ).as(:oneline), "excess-rate" ( /* Excess bandwidth sharing proportion */ sc( c( "proportion" arg /* Excess rate as a proportion */, "percent" arg /* Excess rate as a percentage */ ) ) ).as(:oneline), "excess-rate-high" ( /* Excess bandwidth sharing for excess-high priority */ sc( c( "proportion" arg /* Excess rate as a proportion */, "percent" arg /* Excess rate as a percentage */ ) ) ).as(:oneline), "excess-rate-medium-high" ( /* Excess bandwidth sharing for excess-medium-high priority */ sc( c( "proportion" arg /* Excess rate as a proportion */, "percent" arg /* Excess rate as a percentage */ ) ) ).as(:oneline), "excess-rate-low" ( /* Excess bandwidth sharing for excess-low priority */ sc( c( "proportion" arg /* Excess rate as a proportion */, "percent" arg /* Excess rate as a percentage */ ) ) ).as(:oneline), "excess-rate-medium-low" ( /* Excess bandwidth sharing for excess-medium-low priority */ sc( c( "proportion" arg /* Excess rate as a proportion */, "percent" arg /* Excess rate as a percentage */ ) ) ).as(:oneline), c( "delay-buffer-rate" ( /* Delay buffer rate */ sc( c( arg /* Delay buffer rate as an absolute rate */, "percent" arg /* Delay buffer rate as a percentage */, "cps" arg /* Delay buffer rate as an absolute cells per second rate */ ) ) ).as(:oneline) ), "adjust-minimum" ( /* Minimum shaping-rate when adjusted */ sc( arg /* Minimum shaping rate in bits per second */ ) ).as(:oneline) ) ), "forwarding-class-sets" arg ( /* Forwarding class sets */ c( "class" arg /* Forwarding class */ ) ), "congestion-notification-profile" arg ( /* Congestion notification profile */ c( "pfc-watchdog" ( /* Configure pfc-watchdog parameters */ c( "poll-interval" arg /* Pfc watchdog poll interval timings */, "detection" arg /* Pfc Number of poll periods */, "recovery" arg /* Pfc watchdog recovery time interval */, "watchdog-action" ( /* Configure pfc-wathdog action */ ("drop") ) ) ), "input" ( /* Input congestion notification components */ c( "cable-length" arg /* Length of cable in metre */, "pfc-account" arg ( /* PFC account configurations */ c( "xon" arg /* Specifies account threshold for resume in microseconds of source port speed */, "xoff" arg /* Specifies account threshold for pause in microseconds of source port speed */, "pfc-priority" arg /* PFC priorities( set of priorities) */ ) ), "ieee-802.1" ( /* IEEE 802.1 code point */ c( "code-point" arg ( /* IEEE 802.1 code point */ c( "pfc" /* PFC */, "pfc-account-name" arg /* Attach PFC account to code point */, "mru" arg /* Max Receive Size of packet for this code point */, c( "qfc" /* QFC */, "qcn" ( /* QCN */ c( "defense-mode-edge" ( /* Choose the defense mode edge */ c( "alternate-priority" ( /* Choose the alternate priority for defense mode edge */ c( arg /* IEEE 802.1 code point */ ) ) ) ) ) ) ) ) ) ) ), "dscp" ( /* DSCP code point */ c( "code-point" arg ( /* DSCP code point */ c( "pfc" /* PFC */, "pfc-account-name" arg /* Attach PFC account to code point */, "mru" arg /* Max Receive Size of packet for this code point */ ) ) ) ) ) ), "output" ( /* Output congestion notification components */ c( "class" arg ( /* Forwarding class */ c( "remove-cntag" /* Remove cntag for this forwarding class */, "qcn" /* Enabling Quantized Congestion Notification for this forwarding class */ ) ), "ieee-802.1" ( /* IEEE 802.1 code point */ c( "code-point" arg ( /* IEEE 802.1 code point */ c( "flow-control-queue" arg /* Flow control queue( set of queues) */ ) ) ) ) ) ) ) ), "scheduler-map-forwarding-class-sets" arg ( /* Mapping of forwarding class sets to packet schedulers */ c( "forwarding-class-set" arg ( /* Forwarding class set name to map to scheduler */ sc( "scheduler" arg /* Scheduler name */ ) ).as(:oneline) ) ), "system-defaults" ( /* System defaults */ c( "classifiers" ( /* System wide Classifiers applied to incoming packets */ c( "exp" ( /* EXP classifier */ sc( ("default") ) ).as(:oneline) ) ), "traffic-control-profiles" ( /* Default traffic control profiles */ c( "interface-set-input" ( /* Default input traffic control profile for dynamic interface-set */ sc( arg ) ).as(:oneline), "interface-set-output" ( /* Default output traffic control profile for dynamic interface-set */ sc( arg ) ).as(:oneline) ) ) ) ), "dynamic-class-of-service-options" ( /* Dynamic class-of-service options */ c( "vendor-specific-tags" enum(("actual-data-rate-downstream" | "access-loop-encapsulation" | "apply-to-interface-set")) /* Enable vendor specific tags */ ) ), "interfaces" ( /* Apply class-of-service options to interfaces */ c( "interface-set" arg ( /* Interface set traffic-control-profile attachment */ c( "internal-node" /* Internal node */, "input-excess-bandwidth-share" ( /* Input Excess bandwidth sharing policy */ sc( c( "proportional" arg /* Maximum Queue Bandwidth */, "equal" /* Equal sharing of excess bandwidth */ ) ) ).as(:oneline), "excess-bandwidth-share" ( /* Output Excess bandwidth sharing policy */ sc( c( "proportional" arg /* Maximum Queue Bandwidth */, "equal" /* Equal sharing of excess bandwidth */ ) ) ).as(:oneline), "input-traffic-control-profile" ( /* Input traffic control profile for the interface set */ sc( arg ) ).as(:oneline), "input-traffic-control-profile-remaining" ( /* Input traffic control profile for the remaining traffic on an interface set */ sc( arg ) ).as(:oneline), "output-traffic-control-profile" ( /* Output traffic control profile for the interface set */ sc( arg ) ).as(:oneline), "output-traffic-control-profile-remaining" ( /* Output traffic control profile for the remaining traffic on an interface set */ sc( arg ) ).as(:oneline) ) ), cos_interfaces_type ) ), "routing-instances" arg ( /* Apply CoS options to routing instances with VRF table label */ c( "classifiers" ( /* Classifiers applied to incoming packets */ c( "no-default" /* Do not apply default classifiers to this interface */, "exp" ( /* EXP classifier */ sc( ("default") ) ).as(:oneline), "ieee-802.1" ( /* IEEE-802.1 classifier */ sc( ("default"), "encapsulated" /* Inner or outer ethernet header */, "vlan-tag" ( /* VLAN tag used for classification */ ("outer" | "inner") ) ) ).as(:oneline), "dscp" ( /* Differentiated Services code point classifier */ sc( ("default") ) ).as(:oneline), "dscp-ipv6" ( /* Differentiated Services code point classifier IPv6 */ sc( ("default") ) ).as(:oneline) ) ), "rewrite-rules" ( /* Rewrite rules applied to outgoing packets */ c( c( "ieee-802.1" ( /* IEEE-802.1 rewrite rule */ sc( ("default"), "encapsulated" /* Inner ethernet header */, "vlan-tag" ( /* One or more VLAN tags to which rewrite rule applies */ ("outer" | "outer-and-inner") ) ) ).as(:oneline), "ieee-802.1ad" ( /* IEEE-802.1ad (DEI) rewrite rule */ sc( ("default"), "encapsulated" /* Inner ethernet header */, "vlan-tag" ( /* One or more VLAN tags to which rewrite rule applies */ ("outer" | "outer-and-inner") ) ) ).as(:oneline) ) ) ), "policy-map" ( /* Policy-map describing the packet marking rule */ sc( arg /* Name of Policy-map to be applied */ ) ).as(:oneline) ) ), "rewrite-rules" ( /* Write code point value of outgoing packets */ c( "dscp" arg ( /* Differentiated Services code point rewrite rule */ c( "import" ( /* Include this rewrite rule in this definition */ ("default") ), "forwarding-class" arg ( /* Markings for named forwarding class */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Code point marking based on loss priority */ sc( "code-point" arg /* Code point aliases or bit string */ ) ).as(:oneline) ) ) ) ), "dscp-ipv6" arg ( /* Differentiated Services code point rewrite rule IPv6 */ c( "import" ( /* Include this rewrite rule in this definition */ ("default") ), "forwarding-class" arg ( /* Markings for named forwarding class */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Code point marking based on loss priority */ sc( "code-point" arg /* Code point aliases or bit string */ ) ).as(:oneline) ) ) ) ), "exp" arg ( /* MPLS EXP rewrite rule */ c( "import" ( /* Include this rewrite rule in this definition */ ("default") ), "forwarding-class" arg ( /* Markings for named forwarding class */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Code point marking based on loss priority */ sc( "code-point" arg /* Code point aliases or bit string */ ) ).as(:oneline) ) ) ) ), "ieee-802.1" arg ( /* IEEE-802.1 rewrite rule */ c( "import" ( /* Include this rewrite rule in this definition */ ("default") ), "forwarding-class" arg ( /* Markings for named forwarding class */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Code point marking based on loss priority */ sc( "code-point" arg /* Code point aliases or bit string */ ) ).as(:oneline) ) ) ) ), "inet-precedence" arg ( /* IPv4 precedence rewrite rule */ c( "import" ( /* Include this rewrite rule in this definition */ ("default") ), "forwarding-class" arg ( /* Markings for named forwarding class */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Code point marking based on loss priority */ sc( "code-point" arg /* Code point aliases or bit string */ ) ).as(:oneline) ) ) ) ), "frame-relay-de" arg ( /* Frame relay discard eligible bit rewrite rule */ c( "import" ( /* Include this rewrite rule in this definition */ ("default") ), "forwarding-class" arg ( /* Markings for named forwarding class */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Code point marking based on loss priority */ sc( "code-point" arg /* Code point aliases or bit string */ ) ).as(:oneline) ) ) ) ), "ieee-802.1ad" arg ( /* IEEE-802.1ad (DEI) rewrite rule */ c( "import" ( /* Include this rewrite rule in this definition */ ("default") ), "forwarding-class" arg ( /* Markings for named forwarding class */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Code point marking based on loss priority */ sc( "code-point" arg /* Code point aliases or bit string */ ) ).as(:oneline) ) ) ) ), "inet6-precedence" arg ( /* IPv6 precedence rewrite rule */ c( "import" ( /* Include this rewrite rule in this definition */ ("default") ), "forwarding-class" arg ( /* Markings for named forwarding class */ c( "loss-priority" ("low" | "high" | "medium-low" | "medium-high") ( /* Code point marking based on loss priority */ sc( "code-point" arg /* Code point aliases or bit string */ ) ).as(:oneline) ) ) ) ) ) ), "fabric" ( /* Define CoS parameters of switch fabric */ c( "scheduler-map" ( /* Mapping of fabric traffic to packet schedulers */ c( "priority" enum(("low" | "high")) ( /* Fabric traffic priority */ sc( "scheduler" arg /* Scheduler name */ ) ).as(:oneline) ) ) ) ), "scheduler-maps" arg ( /* Mapping of forwarding classes to packet schedulers */ c( "forwarding-class" arg ( /* Forwarding class name to map to scheduler */ sc( "scheduler" arg /* Scheduler name */ ) ).as(:oneline) ) ), "fragmentation-maps" arg ( /* Mapping of forwarding class to fragmentation options */ c( "forwarding-class" arg ( /* Forwarding class name to map to fragmentation options */ c( c( "fragment-threshold" arg /* Fragmentation threshold */, "no-fragmentation" /* Don't allow fragmentation */ ), "multilink-class" arg /* Multilink-Class assigned to the forwarding class */, "drop-timeout" arg /* Drop timeout */ ) ) ) ), "schedulers" arg ( /* Packet schedulers */ c( "transmit-rate" ( /* Transmit rate */ c( c( arg /* Transmit rate as rate */, "percent" arg /* Transmit rate as percentage */, "remainder" ( /* Remainder available */ c( arg ) ) ), c( "exact" /* Enforce exact transmit rate */, "rate-limit" /* Enforce rate limit that uses policer */ ) ) ), "excess-rate" ( /* Excess bandwidth sharing proportion */ sc( c( "proportion" arg /* Excess rate as a proportion */, "percent" arg /* Excess rate as a percentage */ ) ) ).as(:oneline), "shaping-rate" ( /* Shaping rate */ sc( c( arg /* Shaping rate as an absolute rate */, "percent" arg /* Shaping rate as a percentage */ ), "burst-size" arg /* Shaping rate burst size */ ) ).as(:oneline), "buffer-size" ( /* Queue transmission buffer size */ c( c( "percent" arg /* Buffer size as a percentage */, "remainder" ( /* Remainder of buffer size available */ c( arg ) ), "shared" /* Shared buffer allocation */, "temporal" arg /* Buffer size as temporal value */ ), c( "exact" /* Enforce exact buffer size */ ), "buffer-partition" ( /* Partition buffer size among multicast and unicast */ c( "multicast" ( /* Specify multicast fraction of reserved buffer */ c( "percent" arg ) ) ) ) ) ), "shared-buffer" ( /* Queue transmission shared-buffer */ c( "maximum" ( /* Control the amount of shared buffer a given queue can consume */ c( arg, "multicast" ( /* Control the amount of shared buffer mcast pkts consume */ c( arg ) ) ) ) ) ), "priority" arg /* Scheduling priority */, "excess-priority" arg /* Priority in the excess region */, "drop-profile-map" ( /* Assign drop profile to a loss priority and protocol */ s( "loss-priority" ( /* Loss priority value */ ("low" | "high" | "medium-low" | "medium-high" | "any") ), "protocol" ( /* Protocol type */ ("tcp" | "non-tcp" | "any") ), c( "drop-profile" arg /* Name of drop profile to apply */ ) ) ).as(:oneline), "explicit-congestion-notification" /* Enable or Disable Explicit Congestion Notification */, "ecn-enhanced" ( /* Configure enhanced explicit congestion notification parameters */ c( "no-pfc-assist" /* Enable or disable PFC assist for explicit congestion notification */ ) ), "drop-profile-map-set" ( /* System drop profile */ c( arg, "profile-type" ( ("drop" | "mark") ) ) ), "adjust-percent" arg /* Percent of a bandwidth adjustment applied to a queue */, "adjust-minimum" arg /* Minimum shaping-rate when adjusted */, "queue-monitoring" /* Enable queue depth monitoring */ ) ), "adjustment-control-profiles" arg ( /* Adjustment control profiles */ c( "application" enum(("ancp" | "radius-coa" | "pppoe-tags" | "dhcp-tags")) ( /* Applications that can perform adjustments */ sc( "priority" arg /* Priority for the application; 1 is the highest */, "algorithm" ( /* Adjustment algorithm for the application */ ("adjust-less" | "adjust-less-or-equal" | "adjust-greater" | "adjust-greater-or-equal" | "adjust-always" | "adjust-never") ) ) ).as(:oneline) ) ), "traceoptions" ( /* Trace options for class-of-service process */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("init" | "show" | "route-socket" | "parse" | "process" | "util" | "restart" | "snmp" | "hardware-database" | "asynch" | "dynamic" | "cos-adjustment" | "performance-monitor" | "chassis-scheduler" | "cn-util" | "snmp-timeouts" | "all" | "feature-capability" | "application" | "jvision")) /* Tracing parameters */.as(:oneline) ) ), "multi-destination" ( /* Multicast class of service */ c( "scheduler-map" arg /* Scheduler map for multi destination */, "family" ( /* Family Inet/Inet6/Ethernet */ c( "ethernet" ( /* Ethernet switching options */ c( "broadcast" arg /* Forwarding class to be applied to broadcast */ ) ), "inet" ( /* IP Multicast */ c( "classifier" ( /* Classifier applied to ip-multicast */ c( "dscp" ( /* Differentiated Services code point classifier */ sc( arg ) ).as(:oneline), "inet-precedence" ( /* IPv4 precedence classifier */ sc( arg ) ).as(:oneline) ) ) ) ), "inet6" ( /* IPv6 Multicast */ c( "classifier" ( /* Classifier applied to ipv6-multicast */ c( "dscp-ipv6" ( /* Differentiated Services code point classifier */ sc( arg ) ).as(:oneline) ) ) ) ) ) ), "classifiers" ( /* Classifier applied to multicast traffic */ c( "ieee-802.1" ( /* IEEE-802.1 classifier */ sc( arg ) ).as(:oneline), "dscp" ( /* Differentiated services code point classifier */ sc( arg ) ).as(:oneline), "dscp-ipv6" ( /* Differentiated services code point classifier IPv6 */ sc( arg ) ).as(:oneline), "inet-precedence" ( /* IPv4 precedence classifier */ sc( arg ) ).as(:oneline) ) ), "forwarding-class" arg /* Forwarding class assigned to incoming Multi-destination packets */ ) ), "application-traffic-control" ( /* Application classifier configuration */ c( "traceoptions" ( /* Trace options for application classifier */ appqos_traceoptions_type /* Trace options for application classifier */ ), "rate-limiters" arg ( /* Configure application-traffic-control rate limiters */ c( "bandwidth-limit" arg /* Bandwidth limit */, "burst-size-limit" arg /* Burst size limit (default with bandwidth-limit and no larger than 6400 * bandwidth) */ ) ), "rule-sets" arg ( /* Configure application-traffic-control rule-sets */ c( "rule" ( /* Rule */ appqos_rule_type /* Rule */ ) ) ) ) ), "forwarding-policy" ( /* Class-of-service forwarding policy */ c( "next-hop-map" arg ( /* Class-of-service next-hop map */ c( "forwarding-class" arg ( /* Forwarding class from which to map */ c( "next-hop" ( /* Next-hop identifier to which to map */ ipaddr_or_interface /* Next-hop identifier to which to map */ ), "lsp-next-hop" arg /* Regular expression for LSP next hop */, "non-lsp-next-hop" /* Any non-RSVP LSP next hop */, "non-labelled-next-hop" /* Any non-labelled next hop */, "discard" /* Discard next hop */ ) ), "forwarding-class-default" ( /* Next Hop For traffic which does not meet any FC in the next-hop-map */ c( "next-hop" ( /* Next-hop identifier to which to map */ ipaddr_or_interface /* Next-hop identifier to which to map */ ), "lsp-next-hop" arg /* Regular expression for LSP next hop */, "non-lsp-next-hop" /* Any non-RSVP LSP next hop */, "non-labelled-next-hop" /* Any non-labelled next hop */, "discard" /* Discard next hop */ ) ) ) ), "class" arg ( /* Class-of-service description */ c( "classification-override" ( /* Define classification overrides */ c( "forwarding-class" arg /* Forwarding class name */ ) ) ) ) ) ) ) end rule(:appqos_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("all")) /* Events and other information to include in trace output */.as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ) ) end rule(:appqos_rule_type) do arg.as(:arg) ( c( "match" ( /* Specify application traffic control rule match-criteria */ c( "application-any" /* Any applications */, "application-unknown" /* Uknown applcations */, "application-known" /* Identifiable applications */, "application" arg, "application-group" arg ) ), "then" ( /* Specify rule action to take when packet match criteria */ c( "forwarding-class" arg /* Forwarding class for outgoing packets */, "dscp-code-point" arg /* DSCP code point bitmap or alias */, "loss-priority" ( /* Packet loss priority */ ("low" | "medium-low" | "medium-high" | "high") ), "rate-limit" ( /* Apply rate limiters */ c( "client-to-server" arg /* Client-to-server rate limiter */, "server-to-client" arg /* Server-to-client rate limiter */, "loss-priority-high" /* Set Rate limiter's action Loss-Priority to high */ ) ), "log" /* Log the action */ ) ) ) ) end rule(:cos_interfaces_type) do arg.as(:arg) ( c( "forwarding-class-set" arg ( /* Map forwarding class sets to output traffic control profile */ c( "output-traffic-control-profile" ( /* Output traffic control profile for the interface */ sc( arg ) ).as(:oneline) ) ), "congestion-notification-profile" arg /* Congestion notification profile for the interface */, "rewrite-value" ( /* FC interface rewrite value */ c( "input" ( /* Input direction */ c( "ieee-802.1" ( /* IEEE 802.1 code point */ c( "code-point" ( /* IEEE 802.1 code point */ c( arg /* IEEE 802.1 code point */ ) ) ) ) ) ) ) ), "scheduler-map-forwarding-class-set" arg /* Output scheduler map forwarding-class-set */, "scheduler-map" arg /* Output scheduler map */, "input-scheduler-map" arg /* Input scheduler map */, "scheduler-map-chassis" ( /* Scheduler map applied to chassis queues (not PIC queues) */ ("derived") ), "output-forwarding-class-map" arg /* Output forwarding class map name */, "shaping-rate" ( /* Output shaping rate */ sc( arg /* Shaping rate as an absolute rate */, "overhead" arg /* Shaping overhead bytes to be accounted in egress */ ) ).as(:oneline), "input-excess-bandwidth-share" ( /* Input Excess bandwidth sharing policy */ sc( c( "proportional" arg /* Maximum Queue Bandwidth */, "equal" /* Equal sharing of excess bandwidth */ ) ) ).as(:oneline), "excess-bandwidth-share" ( /* Output Excess bandwidth sharing policy */ sc( c( "proportional" arg /* Maximum Queue Bandwidth */, "equal" /* Equal sharing of excess bandwidth */ ) ) ).as(:oneline), "input-shaping-rate" ( /* Input shaping rate */ sc( arg /* Input shaping rate as an absolute rate */ ) ).as(:oneline), "input-traffic-control-profile" ( /* Input traffic control profile */ sc( arg ) ).as(:oneline), "input-traffic-control-profile-remaining" ( /* Input traffic control profile for remaining traffic on the ifd */ sc( arg ) ).as(:oneline), "output-traffic-control-profile" ( /* Output traffic control profile */ sc( arg ) ).as(:oneline), "output-traffic-control-profile-remaining" ( /* Output traffic control profile for remaining traffic on the ifd */ sc( arg ) ).as(:oneline), "member-link-scheduler" ( /* Scheduler parameter model for member link */ sc( c( "scale" /* Scale scheduler parameters on aggregate interface */, "replicate" /* Copy scheduler parameters from aggregate interface */ ) ) ).as(:oneline), "traffic-class-map" ( /* Packet code point to input priority mapping */ c( "inet-precedence" ( /* IPv4 precedence code point traffic-class-map */ c( arg ) ), "dscp" ( /* Differentiated services code point traffic-class-map */ c( arg ) ), "exp" ( /* MPLS experimental code point traffic-class-map */ c( arg ) ), "ieee-802.1" ( /* IEEE-802.1 code point traffic-class-map */ c( arg, "vlan-tag" ( /* VLAN tag used for traffic-class-map */ ("outer" | "inner") ) ) ), "ieee-802.1ad" ( /* IEEE-802.1ad (DEI) code point traffic-class-map */ c( arg, "vlan-tag" ( /* VLAN tag used for traffic-class-map */ ("outer" | "inner") ) ) ) ) ), "exclude-queue-overhead-bytes" ( /* Exclude the overhead bytes from the queue statistics */ c( "include-hierarchy" /* Perform overhead adjustment on IFD and all children */ ) ), "logical-interface-aggregate-statistics" /* Logical interface aggregate queue statistics */, "unit" enum(("*")) ( /* Logical interface unit (or wildcard) */ c( "output-forwarding-class-map" arg /* Output forwarding class map name */, "forwarding-class" arg /* Forwarding class assigned to incoming packets */, "virtual-channel-group" arg /* Virtual channel group applied to this logical interface */, "vc-shared-scheduler" /* Virtual channel group shared scheduler indicator */, "scheduler-map" arg /* Output scheduler map */, "input-scheduler-map" arg /* Input scheduler map */, "fragmentation-map" arg /* Fragmentation map applied to this logical interface */, "adaptive-shaper" arg /* Adaptive shaper applied to this logical interface */, "shaping-rate" ( /* Output shaping rate */ sc( c( arg /* Shaping rate as an absolute rate */, "percent" arg /* Shaping rate as a percentage */ ) ) ).as(:oneline), "input-shaping-rate" ( /* Input shaping rate */ sc( c( arg /* Shaping rate as an absolute rate */, "percent" arg /* Shaping rate as a percentage */ ) ) ).as(:oneline), "input-traffic-control-profile" ( /* Input traffic control profile */ sc( arg, "shared-instance" arg /* Name of the shared instance */ ) ).as(:oneline), "output-traffic-control-profile" ( /* Output traffic control profile */ sc( arg, "shared-instance" arg /* Name of the shared instance */ ) ).as(:oneline), "output-traffic-control-profile-remaining" ( /* Output traffic control profile for remaining traffic on the ifl */ sc( arg /* Name of the traffic control profile */ ) ).as(:oneline), "report-ingress-shaping-rate" ( /* Report ingress shaping rate */ sc( c( arg /* Ingress shaping rate as an absolute value */ ) ) ).as(:oneline), "classifiers" ( /* Classifiers applied to incoming packets */ c( "no-default" /* Do not apply default classifiers to this interface */, "dscp" ("default") ( /* Differentiated Services code point classifier */ c( "family" arg /* Family for DSCP classifier */ ) ), "dscp-ipv6" ("default") ( /* Differentiated Services code point classifier IPv6 */ c( "family" arg /* Family for DSCP Ipv6 classifier */ ) ), "exp" ( /* EXP classifier */ sc( ("default") ) ).as(:oneline), "ieee-802.1" ( /* IEEE-802.1 classifier */ sc( ("default"), "vlan-tag" ( /* VLAN tag used for classification */ ("outer" | "inner" | "transparent") ) ) ).as(:oneline), "inet-precedence" ( /* IPv4 precedence classifier */ sc( ("default") ) ).as(:oneline), "ieee-802.1ad" ( /* IEEE-802.1ad (DEI) classifier */ sc( ("default"), "vlan-tag" ( /* VLAN tag used for classification */ ("outer" | "inner") ) ) ).as(:oneline) ) ), "ingress-rewrite-rules" ( /* Rewrite rules applied to outgoing packets of the ingress interface */ c( "dscp" ("default") /* Differentiated Services code point rewrite rule */.as(:oneline), "dscp-ipv6" ( /* Differentiated Services code point rewrite rule IPv6 */ sc( ("default") ) ).as(:oneline), "inet-precedence" ("default") /* IPv4 precedence rewrite rule */.as(:oneline) ) ), "loss-priority-maps" ( /* Loss priority maps applied to incoming packets */ c( "frame-relay-de" ( /* Frame Relay discard eligible bit loss priority map */ sc( ("default") ) ).as(:oneline) ) ), "rewrite-rules" ( /* Rewrite rules applied to outgoing packets */ c( "dscp" ("default") ( /* Differentiated Services code point rewrite rule */ sc( "protocol" ( /* Specify protocol matching criteria */ ("mpls" | "gtp-inet-outer" | "gtp-inet-both" | "inet-outer" | "inet-both") ) ) ).as(:oneline), "dscp-ipv6" ("default") ( /* Differentiated Services code point rewrite rule IPv6 */ sc( "protocol" ( /* Specify protocol matching criteria */ ("mpls" | "gtp-inet-outer" | "gtp-inet-both") ) ) ).as(:oneline), "exp" ("default") ( /* EXP rewrite rule */ sc( "protocol" ( /* Specify protocol matching criteria */ ("mpls-any" | "mpls-inet-both" | "mpls-inet-both-non-vpn") ) ) ).as(:oneline), "ieee-802.1" ( /* IEEE-802.1 rewrite rule */ sc( ("default"), "vlan-tag" ( /* One or more VLAN tags to which rewrite rule applies */ ("outer" | "outer-and-inner") ) ) ).as(:oneline), "inet-precedence" ("default") ( /* IPv4 precedence rewrite rule */ sc( "protocol" ( /* Specify protocol matching criteria */ ("mpls" | "gtp-inet-outer" | "gtp-inet-both" | "inet-outer" | "inet-both") ) ) ).as(:oneline), "exp-swap-push-push" ( /* Copy incoming EXP into all swap-push-push labels */ sc( c( "default" /* Apply default rewrite rule */ ) ) ).as(:oneline), "exp-push-push-push" ( /* Top-label EXP rewrite rule for push-push-push operation */ sc( c( "default" /* Apply default rewrite rule */ ) ) ).as(:oneline), "frame-relay-de" ( /* Frame relay discard eligible bit rewrite rule */ sc( ("default") ) ).as(:oneline), "ieee-802.1ad" ( /* IEEE-802.1ad (DEI) rewrite rule */ c( ("default"), "vlan-tag" ( /* One or more VLAN tags to which rewrite rule applies */ ("outer" | "outer-and-inner") ) ) ), "inet6-precedence" ("default") ( /* IPv6 precedence rewrite rule */ sc( "protocol" ( /* Specify protocol matching criteria */ ("mpls") ) ) ).as(:oneline) ) ), "loss-priority-rewrites" ( /* Loss priority rewrites applied to outgoing packets */ c( "frame-relay-de" ( /* Frame Relay discard eligible bit loss priority rewrite */ sc( ("default") ) ).as(:oneline) ) ), "translation-table" ( /* Translation tables applied to incoming packets */ c( "to-inet-precedence-from-inet-precedence" ( /* IPv4 precedence translation table */ sc( arg ) ).as(:oneline), "to-dscp-from-dscp" ( /* Differentiated Services code point translation table */ sc( arg ) ).as(:oneline), "to-dscp-ipv6-from-dscp-ipv6" ( /* Differentiated Services code point IPV6 translation table */ sc( arg ) ).as(:oneline), "to-exp-from-exp" ( /* EXP translation table */ sc( arg ) ).as(:oneline) ) ), "policy-map" ( /* Policy-map describing the packet marking rule */ sc( arg /* Name of Policy-map to be applied */ ) ).as(:oneline) ) ), "classifiers" ( /* Classifiers applied to incoming packets */ c( "dscp" ("default") /* Differentiated Services code point classifier */, "dscp-ipv6" ("default") /* Differentiated Services code point classifier IPv6 */, "ieee-802.1" ( /* IEEE-802.1 classifier */ sc( ("default"), "vlan-tag" ( /* VLAN tag used for classification */ ("outer" | "inner") ) ) ).as(:oneline), "ieee-802.1ad" ( /* IEEE-802.1ad (DEI) classifier */ sc( ("default"), "vlan-tag" ( /* VLAN tag used for classification */ ("outer" | "inner") ) ) ).as(:oneline), "inet-precedence" ( /* IPv4 precedence classifier */ sc( ("default") ) ).as(:oneline) ) ), "forwarding-class" arg /* Forwarding class assigned to incoming packets */, "rewrite-rules" ( /* Rewrite rules applied to outgoing packets */ c( "dscp" ("default") /* Differentiated Services code point rewrite rule */.as(:oneline), "dscp-ipv6" ("default") /* Differentiated Services code point rewrite rule IPv6 */.as(:oneline), "ieee-802.1" ( /* IEEE-802.1 rewrite rule */ sc( ("default") ) ).as(:oneline), "ieee-802.1ad" ( /* IEEE-802.1ad (DEI) rewrite rule */ c( ("default"), "vlan-tag" ( /* One or more VLAN tags to which rewrite rule applies */ ("outer") ) ) ), "inet-precedence" ("default") /* IPv4 precedence rewrite rule */.as(:oneline) ) ), "multi-destination" ( /* Multi-destination class of service */ c( "classifiers" ( /* Classifier applied to multi-destination traffic */ c( "ieee-802.1" ( /* IEEE-802.1P classifier */ sc( arg ) ).as(:oneline), "dscp" ( /* Differentiated services code point classifier */ sc( arg ) ).as(:oneline), "dscp-ipv6" ( /* Differentiated services code point classifier IPv6 */ sc( arg ) ).as(:oneline), "inet-precedence" ( /* IPv4 precedence classifier */ sc( arg ) ).as(:oneline) ) ), "forwarding-class" arg /* Forwarding class assigned to incoming Multi-destination packets */ ) ) ) ) end rule(:juniper_def_rtb_switch_options) do c( "mac-table-size" ( /* Size of MAC address forwarding table */ c( arg, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop") ) ) ), "mac-ip-table-size" ( /* Size of MAC+IP bindings table */ c( arg ) ), "interface-mac-limit" ( /* Maximum MAC address learned per interface */ c( arg, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop" | "log" | "shutdown" | "drop-and-log") ) ) ), "interface-mac-ip-limit" ( /* Maximum MAC+IP bindings learned per interface */ c( arg ) ), "mac-notification" ( /* MAC notification options */ c( "notification-interval" arg /* Interval for sending MAC notifications */ ) ), "mac-table-aging-time" arg /* Delay for discarding MAC address if no updates are received */, "no-mac-learning" /* Disable dynamic MAC address learning */, "no-normalization" /* Disable vlan id normalization for interfaces */, "mac-statistics" /* Enable MAC address statistics */, "mib" ( /* Snmp mib options */ c( "dot1q-mib" ( /* Dot1q MIB configuration options */ c( "port-list" ( /* Port list for staticegressports and staticuntaggedports MIB */ ("bit-map" | "string") ) ) ) ) ), "static-rvtep-mac" ( /* Configure Static MAC and remote VxLAN tunnel endpoint entries */ c( "mac" ( /* Unicast MAC address */ s( arg, "remote-vtep" arg /* Configure static remote VXLAN tunnel endpoints */ ) ).as(:oneline) ) ), "service-id" arg /* Service ID required if multi-chassis AE is part of a bridge-domain */, "ovsdb-managed" /* All vxlan bridge domains in routing instance are remote managed */, "vtep-source-interface" ( /* Source layer-3 IFL for VXLAN */ sc( interface_name, c( "inet" /* IPv4 source */, "inet6" /* IPv6 source */ ) ) ).as(:oneline), "vtep-remote-interface" ( /* Remote VTEP interface */ c( "remote-ip" arg ( /* Remote VTEP IP address */ c( "dynamic-profile" arg /* Define associate dynamic profile */ ) ), "default" ( /* To all remote vtep interface */ c( "dynamic-profile" arg /* Define associate dynamic profile */ ) ) ) ), "interface" arg ( /* Interface for configuring bridge-options */ c( "interface-mac-limit" ( /* Maximum number of MAC addresses learned on the interface */ c( arg, "disable" /* Disable interface for interface-mac-limit */, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop" | "log" | "shutdown" | "drop-and-log") ) ) ), "interface-mac-ip-limit" ( /* Maximum number of MAC+IP bindings learned on the interface */ c( arg ) ), "no-mac-learning" /* Disable dynamic MAC address learning */, "mac-pinning" /* Enable MAC pinning */, "persistent-learning" /* Enable persistent MAC learning on this interface */, "no-mac-notification" /* Disable mac notification on this interface */ ) ), "remote-vtep-list" ( /* Configure static remote VXLAN tunnel endpoints */ ipaddr /* Configure static remote VXLAN tunnel endpoints */ ), "interface-shutdown-action" ( /* Interface shutdown mode for Storm-Control/Mac-Limit/Mac-Move-limit scenario */ ("soft-shutdown" | "hard-shutdown") ), "remote-vtep-v6-list" ( /* Configurate static IPv6 remote VXLAN tunnel endpoints */ ipv6addr /* Configurate static IPv6 remote VXLAN tunnel endpoints */ ), "route-distinguisher" ( /* Route distinguisher for this instance */ sc( arg /* Number in (16 bit:32 bit) or (32 bit 'L':16 bit) or (IP address:16 bit) format */ ) ).as(:oneline), "vrf-import" ( /* Import policy for VRF instance RIBs */ policy_algebra /* Import policy for VRF instance RIBs */ ), "vrf-export" ( /* Export policy for VRF instance RIBs */ policy_algebra /* Export policy for VRF instance RIBs */ ), "vrf-target" ( /* VRF target community configuration */ c( arg /* Target community to use in import and export */, "import" arg /* Target community to use when filtering on import */, "export" arg /* Target community to use when marking routes on export */, "auto" ( /* Auto derive import and export target community from BGP AS & L2 */ juniper_def_rtb_auto_import_as /* Auto derive import and export target community from BGP AS & L2 */ ) ) ), "redundant-trunk-group" ( /* Redundant trunk group */ c( "group" arg ( /* Name of Redundant trunk group */ c( "preempt-cutover-timer" arg /* Hold timer for primary interface before preempting secondary interface */, "description" arg /* Text description of the RTG */, "interface" arg ( /* Interfaces that are part of this redundant trunk group */ c( "primary" /* Set Primary Redundant Trunk Group interface */ ) ) ) ) ) ), "voip" ( /* Voice-over-IP configuration */ c( "interface" (arg | "access-ports") ( /* Enable voice over IP on this port */ c( "vlan" arg /* VLAN for voice over IP */, "forwarding-class" arg /* Forwarding class */ ) ) ) ), "unknown-unicast-forwarding" ( /* Set interface for forwarding of unknown unicast packets */ c( "vlan" arg ( /* VLAN for the unknown unicast packets */ c( "interface" ( /* Interface to send unknown unicast packets for the VLAN */ interface_name /* Interface to send unknown unicast packets for the VLAN */ ) ) ) ) ), "authentication-whitelist" arg ( /* MAC authentication-whitelist configuration needed to bypass Authentication */ c( "vlan-assignment" arg /* VLAN name or 802.1q tag for the MAC address */, "bridge-domain-assignment" arg /* Bridge-domain name or 802.1q tag for the MAC address */, "interface" ( /* Interface on which authentication is bypassed */ interface_name /* Interface on which authentication is bypassed */ ) ) ) ) end rule(:juniper_def_rtb_auto_import_as) do c( "import-as" arg ( /* AS to auto import for a list of VNI ids */ c( "vni-list" arg /* List of VNI identifiers or all */ ) ) ) end rule(:juniper_dynamic_profile_object) do arg.as(:arg) ( c( "version-alias" arg /* Dynamic profile version alias, transmitted to RADIUS during authentication */, "variables" ( /* Dynamic variable configuration */ juniper_dynamic_variable_object /* Dynamic variable configuration */ ), "predefined-variable-defaults" ( /* Assign default values to predefined variables */ c( "aggregation-interface-set-name" ( /* Default for junos-aggregation-interface-set-name */ c( c( arg /* Default value for junos-aggregation-interface-set-name */, "equals" arg /* Computable expression of dynamic profile variables */ ) ) ), "interface-set-name" ( /* Default for junos-interface-set-name */ c( c( arg /* Default value for junos-interface-set-name */, "equals" arg /* Computable expression of dynamic profile variables */ ) ) ), "default-interface-set-name" ( /* Default for junos-default-interface-set-name */ c( "equals" arg /* Computable expression of dynamic profile variables */ ) ), "phy-ifd-interface-set-name" ( /* Default for junos-phy-ifd-interface-set-name */ c( c( arg /* Default value for junos-phy-ifd-interface-set-name */, "equals" arg /* Computable expression of dynamic profile variables */ ) ) ), "phy-ifd-underlying-intf-set-name" ( /* Default for junos-phy-ifd-underlying-intf-set-name */ c( c( arg /* Default value for junos-phy-ifd-underlying-intf-set-name */, "equals" arg /* Computable expression of dynamic profile variables */ ) ) ), "cos-excess-rate" ( /* Default for junos-cos-excess-rate */ c( "proportion" arg /* Excess rate as proportion */, "percent" arg /* Excess rate as percentage */ ) ), "cos-excess-rate-high" ( /* Default for junos-cos-excess-rate-high */ c( "proportion" arg /* Excess rate as proportion */, "percent" arg /* Excess rate as percentage */ ) ), "cos-excess-rate-low" ( /* Default for junos-cos-excess-rate-low */ c( "proportion" arg /* Excess rate as proportion */, "percent" arg /* Excess rate as percentage */ ) ), "cos-scheduler-tx" ( /* Default for junos-cos-scheduler-tx */ c( "rate" arg /* Transmit rate as rate */, "percent" arg /* Transmit rate as percentage */ ) ), "cos-scheduler-bs" ( /* Default for junos-cos-scheduler-bs */ c( "percent" arg /* Buffer size as percentage */, "temporal" arg /* Buffer size as temporal */ ) ), "cos-scheduler-shaping-rate" ( /* Default for junos-cos-scheduler-shaping-rate */ c( "rate" arg /* Shaping rate as rate */, "percent" arg /* Shaping rate as percentage */ ) ), base_default_variable_object ) ), "routing-instances" ( /* Routing instance configuration */ c( c( "interface" ("$junos-interface-name" | arg) ( /* Interface name for this routing instance */ c( c( "any" /* Interface used for both unicast and multicast traffic */, "unicast" /* Interface used for unicast traffic only */, "multicast" /* Interface used for multicast traffic only */ ), "primary" /* Preferred multicast vt interface for the routing-instance */, "protect-interface" ( /* Name of protect interface */ interface_name /* Name of protect interface */ ) ) ), "routing-options" ( /* Protocol-independent routing option configuration */ c( "rib" arg ( /* Routing table options */ c( "static" ( /* Static routes */ c( "rib-group" arg /* Routing table group */, "defaults" ( /* Global route options */ c( "retain" /* Always keep route in forwarding table */, "no-retain" /* Don't always keep route in forwarding table */, "install" /* Install route into forwarding table */, "no-install" /* Don't install route into forwarding table */, "readvertise" /* Mark route as eligible to be readvertised */, "no-readvertise" /* Don't mark route as eligible to be readvertised */, "resolve" /* Allow resolution of indirectly connected next hops */, "no-resolve" /* Don't allow resolution of indirectly connected next hops */, "longest-match" /* Always use longest prefix match to resolve next hops */, "no-longest-match" /* Don't always use longest prefix match to resolve next hops */, c( "active" /* Remove inactive route from forwarding table */, "passive" /* Retain inactive route in forwarding table */ ), "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ) ) ), "route" arg ( /* Static route */ c( c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "reject" /* Drop packets to destination; send ICMP unreachables */, "discard" /* Drop packets to destination; send no ICMP unreachables */, "receive" /* Install a receive route for the destination */, "next-table" arg /* Next hop to another table */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ), "backup-pe-group" arg /* Multicast source redundancy group */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "neighbor" ( /* BFD neighbor address */ ipaddr /* BFD neighbor address */ ), "local-address" ( /* BFD local address (for multihop only) */ ipaddr /* BFD local address (for multihop only) */ ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */, "minimum-receive-ttl" arg /* Minimum receive TTL below which to drop */ ) ), "retain" /* Always keep route in forwarding table */, "no-retain" /* Don't always keep route in forwarding table */, "install" /* Install route into forwarding table */, "no-install" /* Don't install route into forwarding table */, "readvertise" /* Mark route as eligible to be readvertised */, "no-readvertise" /* Don't mark route as eligible to be readvertised */, "resolve" /* Allow resolution of indirectly connected next hops */, "no-resolve" /* Don't allow resolution of indirectly connected next hops */, "longest-match" /* Always use longest prefix match to resolve next hops */, "no-longest-match" /* Don't always use longest prefix match to resolve next hops */, c( "active" /* Remove inactive route from forwarding table */, "passive" /* Retain inactive route in forwarding table */ ), "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ), "lsp-next-hop" ( /* LSP next hop */ lsp_nh_obj /* LSP next hop */ ), "p2mp-lsp-next-hop" ( /* Point-to-multipoint LSP next hop */ lsp_nh_obj /* Point-to-multipoint LSP next hop */ ), "spring-te-lsp-next-hop" ( /* SPRING-TE LSP next hop */ springte_lsp_nh_obj /* SPRING-TE LSP next hop */ ), "p2mp-ldp-next-hop" ( /* Point-to-multipoint LDP LSP next hop */ p2mp_ldp_lsp_nh_obj /* Point-to-multipoint LDP LSP next hop */ ), "static-lsp-next-hop" ( /* Static LSP next hop */ lsp_nh_obj /* Static LSP next hop */ ) ) ), "static-route" ( /* Static route Status */ sc( "bfd-admin-down" ( /* Static route State on BFD ADMIN DOWN */ ("active" | "passive") ) ) ).as(:oneline), "iso-route" arg ( /* ISO family static route */ c( c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "reject" /* Drop packets to destination; send ICMP unreachables */, "discard" /* Drop packets to destination; send no ICMP unreachables */, "receive" /* Install a receive route for the destination */, "next-table" arg /* Next hop to another table */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ), "backup-pe-group" arg /* Multicast source redundancy group */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "neighbor" ( /* BFD neighbor address */ ipaddr /* BFD neighbor address */ ), "local-address" ( /* BFD local address (for multihop only) */ ipaddr /* BFD local address (for multihop only) */ ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */, "minimum-receive-ttl" arg /* Minimum receive TTL below which to drop */ ) ), "retain" /* Always keep route in forwarding table */, "no-retain" /* Don't always keep route in forwarding table */, "install" /* Install route into forwarding table */, "no-install" /* Don't install route into forwarding table */, "readvertise" /* Mark route as eligible to be readvertised */, "no-readvertise" /* Don't mark route as eligible to be readvertised */, "resolve" /* Allow resolution of indirectly connected next hops */, "no-resolve" /* Don't allow resolution of indirectly connected next hops */, "longest-match" /* Always use longest prefix match to resolve next hops */, "no-longest-match" /* Don't always use longest prefix match to resolve next hops */, c( "active" /* Remove inactive route from forwarding table */, "passive" /* Retain inactive route in forwarding table */ ), "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ), "lsp-next-hop" ( /* LSP next hop */ lsp_nh_obj /* LSP next hop */ ), "p2mp-lsp-next-hop" ( /* Point-to-multipoint LSP next hop */ lsp_nh_obj /* Point-to-multipoint LSP next hop */ ), "spring-te-lsp-next-hop" ( /* SPRING-TE LSP next hop */ springte_lsp_nh_obj /* SPRING-TE LSP next hop */ ), "p2mp-ldp-next-hop" ( /* Point-to-multipoint LDP LSP next hop */ p2mp_ldp_lsp_nh_obj /* Point-to-multipoint LDP LSP next hop */ ) ) ), "route-target-filter" arg ( /* Route-target-filter route */ c( "neighbor" arg /* BGP peers for filter */, "group" arg /* BGP groups for filter */, "local" /* Locally originated filter */ ) ) ) ), "martians" ( /* Invalid routes */ martian_type /* Invalid routes */ ), "aggregate" ( /* Coalesced routes */ rib_aggregate_type /* Coalesced routes */ ), "generate" ( /* Route of last resort */ rib_aggregate_type /* Route of last resort */ ), c( "maximum-routes" ( /* Maximum number of routes */ sc( arg, c( "threshold" arg /* Percentage of limit at which to start generating warnings */, "log-only" /* Generate warning messages only */ ), "log-interval" arg /* Minimum interval between log messages */ ) ).as(:oneline), "maximum-paths" ( /* Maximum number of paths */ sc( arg, c( "threshold" arg /* Percentage of limit at which to start generating warnings */, "log-only" /* Generate warning messages only */ ), "log-interval" arg /* Minimum interval between log messages */ ) ).as(:oneline) ), "maximum-prefixes" ( /* Maximum number of prefixes */ sc( arg, c( "threshold" arg /* Percentage of limit at which to start generating warnings */, "log-only" /* Generate warning messages only */ ), "log-interval" arg /* Minimum interval between log messages */ ) ).as(:oneline), "multipath" ( /* Protocol-independent load balancing */ c( "vpn-unequal-cost" ( /* Include VPN routes with unequal IGP metrics */ sc( "equal-external-internal" /* Include external and internal VPN routes */ ) ).as(:oneline), "as-path-compare" /* Compare AS path sequences in addition to AS path length */, "preserve-nexthop-hierarchy" /* Force multipath to create List nexthop */ ) ), "policy-multipath" ( /* Policy based multipath */ c( "policy" ( /* Import policy to create policy based multipath */ policy_algebra /* Import policy to create policy based multipath */ ), "traceoptions" ( /* Trace options */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("route")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ) ) ), "protect" ( /* Protocol-independent protection */ sc( "core" /* Protect against unreachability to service-edge router */ ) ).as(:oneline), "access" ( /* Access routes */ c( "route" arg ( /* Access route */ c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ), "metric" arg /* Metric value */, "preference" arg /* Preference value */, "tag" arg /* Tag string */, "tag2" arg /* Tag2 string */ ) ) ) ), "access-internal" ( /* Access-internal routes */ c( "route" arg ( /* Access-internal route */ c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ) ) ) ) ), "bgp-static" ( /* Routes for BGP static advertisements */ c( "route" arg ( /* BGP-static route */ c( "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ) ) ) ) ), "flow" ( /* Locally defined flow routing information */ c( "validation" ( /* Flow route validation options */ flow_validation /* Flow route validation options */ ), "route" ( /* Flow route */ flow_route_inet6 /* Flow route */ ), "security-group" arg ( /* Security groups */ c( "rule" ( /* Flow route */ flow_rule_inet6 /* Flow route */ ) ) ), "interface-group" ( /* Interface-group for applying flow-spec filter */ flow_interface_group /* Interface-group for applying flow-spec filter */ ), "discard-action-for-unresolved-redir-addr" /* For action redirect IP if redirect address is unresolved install discard action filter */, "per-route-accounting" /* Enable traffic accounting per flowspec route */, "no-per-route-accounting" /* Don't enable traffic accounting per flowspec route */ ) ), "label" ( /* Label processing */ c( "allocation" ( /* Label allocation policy */ policy_algebra /* Label allocation policy */ ), "substitution" ( /* Label substitution policy */ policy_algebra /* Label substitution policy */ ) ) ) ) ), "access" ( /* Access routes */ c( "route" arg ( /* Access route */ c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ), "metric" arg /* Metric value */, "preference" arg /* Preference value */, "tag" arg /* Tag string */, "tag2" arg /* Tag2 string */ ) ) ) ), "access-internal" ( /* Access-internal routes */ c( "route" arg ( /* Access-internal route */ c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ) ) ) ) ), "multicast" ( /* Global multicast options */ c( "traceoptions" ( /* Global multicast trace options */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("parse" | "config-internal" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "rpf" arg, "scope" arg ( /* Multicast address scope */ c( "prefix" ( /* Administratively scoped address */ ipprefix /* Administratively scoped address */ ), "interface" ( /* Interface on which to configure scoping */ interface_name /* Interface on which to configure scoping */ ) ) ), "scope-policy" ( /* Scoping policy */ policy_algebra /* Scoping policy */ ), "flow-map" arg ( /* Multicast flow map configuration */ c( "policy" ( /* Policy for matched flows */ policy_algebra /* Policy for matched flows */ ), "bandwidth" ( /* Bandwidth properties for matched flows */ sc( arg /* Static or default bandwidth for the matched flows */, "adaptive" /* Auto-sense bandwidth for matched flows */ ) ).as(:oneline), "redundant-sources" ( /* Redundant source addresses */ ipaddr /* Redundant source addresses */ ), "forwarding-cache" ( /* Forwarding cache properties for matched flows */ c( "timeout" ( /* Timeout properties for matched flows */ sc( c( arg, "never" ( /* Forwarding cache entries never time out */ c( "non-discard-entry-only" /* Apply only to non-discard entries */ ) ) ) ) ).as(:oneline) ) ) ) ), "resolve-filter" ( /* Multicast resolve policy filter */ policy_algebra /* Multicast resolve policy filter */ ), "ssm-groups" ( /* Source-specific multicast group ranges */ ipprefix /* Source-specific multicast group ranges */ ), "cont-stats-collection-interval" arg /* IGMP/MLD continuous statistics collection interval */, "asm-override-ssm" /* Allow ASM state for SSM group ranges */, "rpf-check-policy" ( /* Disable RPF check for a source group pair */ policy_algebra /* Disable RPF check for a source group pair */ ), "pim-to-igmp-proxy" ( /* PIM-to-IGMP proxy */ c( "upstream-interface" ( /* Upstream interface list */ interface_name /* Upstream interface list */ ) ) ), "pim-to-mld-proxy" ( /* PIM-to-MLD proxy */ c( "upstream-interface" ( /* Upstream interface list */ interface_name /* Upstream interface list */ ) ) ), "forwarding-cache" ( /* Multicast forwarding cache */ c( "allow-maximum" /* Allow maximum of global and family level threshold values for suppress and reuse */, "family" enum(("inet" | "inet6")) ( /* Protocol family */ c( "threshold" ( /* Multicast forwarding cache suppress threshold */ c( "suppress" arg /* Suppress threshold */, "reuse" arg /* Reuse threshold */, "mvpn-rpt-suppress" arg /* MVPN RP tree entry suppress threshold */, "mvpn-rpt-reuse" arg /* MVPN RP tree entry reuse threshold */, "log-warning" arg /* Percentage at which to start generating warnings */ ) ) ) ), "threshold" ( /* Threshold */ c( "suppress" arg /* Suppress threshold */, "reuse" arg /* Reuse threshold */, "mvpn-rpt-suppress" arg /* MVPN RP tree entry suppress threshold */, "mvpn-rpt-reuse" arg /* MVPN RP tree entry reuse threshold */, "log-warning" arg /* Percentage at which to start generating warnings */ ) ), "timeout" arg /* Forwarding cache entry timeout in minutes */ ) ), "interface" ( /* Multicast interface options */ multicast_interface_options_type /* Multicast interface options */ ), "ssm-map" arg ( /* SSM map definitions */ c( "policy" ( /* Policy for matching group */ policy_algebra /* Policy for matching group */ ), "source" ( /* One or more source addresses */ ipaddr /* One or more source addresses */ ) ) ), "stream-protection" ( /* Multicast only Fast Re-Route */ c( "mofrr-primary-path-selection-by-routing" /* Multicast only Fast Re-Route primary path by Routing */, "mofrr-disjoint-upstream-only" /* Multicast only Fast Re-Route disjoint upstream only */, "mofrr-no-backup-join" /* Multicast only Fast Re-Route no backup join */, "mofrr-asm-starg" /* Multicast only Fast Re-Route asm (*,G) */, "policy" ( /* MoFRR Policy */ policy_algebra /* MoFRR Policy */ ) ) ), "backup-pe-group" arg ( /* Backup PE group definitions */ c( "backups" ( /* One or more IP addresses */ ipaddr /* One or more IP addresses */ ), "local-address" ( /* Address to be used as local-address for this group */ ipaddr /* Address to be used as local-address for this group */ ) ) ), "omit-wildcard-address" /* Omit wildcard source/group fields in SPMSI AD NLRI */, "local-address" ( /* Local address for PIM and MVPN sessions */ ipv4addr /* Local address for PIM and MVPN sessions */ ) ) ) ) ) ) ) ), "telemetry" ( /* Telemetry configuration */ c( "service-statistics" /* Subscriber Service-statistics configuration */, "subscriber-statistics" /* Subscriber statistics configuration */, "queue-statistics" ( /* Telemetry Queue-Statistics configuration */ c( "interface" ("$junos-interface-name") ( /* Interface name for this telemetry configuration */ c( "refresh" arg /* Refresh interval range 300-86400 */, "queues" arg /* Queues to be exported 0-7 separated by , */ ) ), "interface-set" ("$junos-interface-set-name") ( /* Logical interface set configuration */ c( "refresh" arg /* Refresh interval range 300-86400 */, "queues" arg /* Queues to be exported 0-7 separated by , */ ) ) ) ) ) ), "interfaces" ( /* Interface configuration */ c( "pic-set" arg ( /* NP bundling configuration */ c( "interface" arg /* One or more interfaces that use this picset */, "fpc" arg ( c( "pic" arg /* Physical Interface Card number */ ) ) ) ), "interface-set" ("$junos-interface-set-name" | arg | "$junos-svlan-interface-set-name" | "$junos-tagged-vlan-interface-set-name" | "$junos-phy-ifd-interface-set-name" | "$junos-pon-id-interface-set-name") ( /* Logical interface set configuration */ c( "targeted-distribution" /* Interface participates in targeted-distribution */, "targeted-options" ( /* Targeting specific options */ c( "weight" ( /* Targeting weight for interface set */ ("$junos-interface-set-target-weight" | arg) ) ) ), "interface" arg ( /* One or more interfaces that belong to interface set */ c( "unit" arg /* One or more logical interface unit numbers */, "vlan-tags-outer" arg /* One or more outer VLAN tags */ ) ), "pppoe-underlying-options" ( /* PPP over Ethernet underlying interface-specific options */ pppoe_underlying_options_type /* PPP over Ethernet underlying interface-specific options */ ) ) ), "stacked-interface-set" ( /* Stacked interface set configuration */ c( "interface-set" ("$junos-aggregation-interface-set-name" | arg) ( /* Stacked parent interface set configuration */ c( "interface-set" ("$junos-interface-set-name" | arg | "$junos-svlan-interface-set-name" | "$junos-tagged-vlan-interface-set-name" | "$junos-phy-ifd-interface-set-name" | "$junos-pon-id-interface-set-name") /* Stacked child interface set configuration */ ) ) ) ), "traceoptions" ( /* Interface trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("all" | "kernel" | "change-events" | "kernel-detail" | "config-states" | "resource-usage" | "gres-events" | "select-events" | "bfd-events" | "lib-events" | "reserved" | "emergency" | "alert" | "critical" | "error" | "warning" | "notice" | "informational" | "debugging" | "verbose" | "japi")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "interface-range" arg ( /* Interface ranges configuration */ c( "member" arg /* Interfaces belonging to the interface range */, "member-range" arg ( /* Interfaces range in to format */ sc( "end-range" ( interface_device ) ) ).as(:oneline), "description" arg /* Text description of interface */, "external-model-name" arg /* Name for interface as configured using 3rd-party model */, "metadata" arg /* Text metadata attached to interface */, ("disable"), "promiscuous-mode" /* Enable promiscuous mode for L3 interface */, "port-mirror-instance" arg /* Port-mirror the packet to specified instance */, "multicast-statistics" /* Enable multicast statistics */, "oam-on-svlan" /* Propagate SVLAN OAM state to CVLANs */, "fabric-options" ( /* Fabric interface specific options */ c( "member-interfaces" arg /* Member interface for the fabric interface */, "remote-chassis" ( /* Remote chassis reachability */ c( "destination" ( /* Destination IP address to reach remote chassis */ ipv4addr /* Destination IP address to reach remote chassis */ ) ) ) ) ), "traceoptions" ( /* Interface trace options */ c( "flag" enum(("ipc" | "event" | "media" | "all")) /* Tracing parameters */.as(:oneline) ) ), "passive-monitor-mode" /* Use interface to tap packets from another router */, c( "keepalives" ( /* Send or demand keepalive messages */ keepalives_type /* Send or demand keepalive messages */ ).as(:oneline), "no-keepalives" /* Do not send keepalive messages */ ), "traps" /* Enable SNMP notifications on state changes */, "no-traps" /* Don't enable SNMP notifications on state changes */, "interface-mib" /* Enable interface-related MIBs */, "no-interface-mib" /* Don't enable interface-related MIBs */, "accounting-profile" arg /* Accounting profile name */, "anchor-point" ( /* Anchor point */ c( interface_device /* Interface name */ ) ), "bypass-queueing-chip" /* Enable to bypass queueing chip */, "no-bypass-queueing-chip" /* Don't enable to bypass queueing chip */, c( "per-unit-scheduler" /* Enable subunit queuing on Frame Relay or VLAN IQ interface */, "no-per-unit-scheduler" /* Don't enable subunit queuing on Frame Relay or VLAN IQ interface */, "shared-scheduler" /* Enabled shared queuing on an IQ2 interface */, "hierarchical-scheduler" ( /* Enable hierarchical scheduling */ sc( "maximum-hierarchy-levels" arg /* Maximum hierarchy levels */, "maximum-l2-nodes" arg /* Maximum l2 nodes, allowed numbers are power of 2 between 1 and 16k (needs FPC reboot) */, "maximum-l3-nodes" arg /* Maximum l3 nodes, allowed numbers are power of 2 between 2 and 32k (needs FPC reboot) */, "implicit-hierarchy" /* Implicit hierarchy (follows interface hierarchy) */ ) ).as(:oneline) ), "l2tp-maximum-session" arg /* Maximum L2TP session */, "schedulers" arg /* Number of schedulers to allocate for interface */, "interface-transmit-statistics" /* Interface statistics based on the transmitted packets */, "cascade-port" /* Cascade port */, "dce" /* Respond to Frame Relay status enquiry messages */, c( "vlan-tagging" /* 802.1q VLAN tagging support */, "stacked-vlan-tagging" /* Stacked 802.1q VLAN tagging support */, "flexible-vlan-tagging" /* Support for no tagging, or single and double 802.1q VLAN tagging */, "vlan-vci-tagging" /* CCC for VLAN Q-in-Q and ATM VPI/VCI interworking */ ), "native-vlan-id" arg /* Virtual LAN identifier for untagged frames */, "no-native-vlan-insert" /* Disable native-vlan-id insertion to untagged frames */, "vlan-offload" /* Offload VLAN filtering to NIC HW */, "input-native-vlan-push" ( /* Control native-vlan-id insertion to untagged frames when input-vlan-map push is configured */ ("disable" | "enable") ), "no-pseudowire-down-on-core-isolation" /* Do not bring the pseudowire down in the event of EVPN Core isolation */, "number-of-sub-ports" arg /* Number of channels to create for a port */, "unused" /* Disable physical port */, "speed" ( /* Link speed */ ("auto" | "auto-10m-100m" | "10m" | "100m" | "1g" | "2.5g" | "5g" | "10g" | "25g" | "40g" | "50g" | "100g" | "200g" | "400g" | "oc3" | "oc12" | "oc48") ), "forwarding-class-accounting" ( /* Configure Forwarding-class-accounting parameters */ c( "direction" ( /* Direction of the traffic to be accounted for IFD */ ("ingress" | "egress" | "both") ), "enhanced" ( c( "traffic-type" ( /* Traffic-type to be accounted for forwarding-class-accounting */ ("unicast-statistics" | "multicast-statistics") ), "family" ( /* Protocol traffic to be accounted for forwarding-class-accounting */ ("inet" | "inet6" | "both") ), "direction" ( /* Direction of the traffic to be accounted for forwarding-class-accounting */ ("ingress" | "egress" | "both") ), "overhead-bytes" arg /* Per octet overhead bytes to be accounted for forwarding-class-accounting */ ) ) ) ), "auto-configure" ( /* Auto configuration */ auto_configure_vlan_type /* Auto configuration */ ), "mtu" arg /* Maximum transmit packet size */, "hold-time" ( /* Hold time for link up and link down */ sc( "up" arg /* Link up hold time */, "down" arg /* Link down hold time */ ) ).as(:oneline), "damping" ( /* Interface damping parameters */ c( "half-life" arg /* Damping half life time */, "max-suppress" arg /* Maximum suppress time */, "reuse" arg /* Reuse threshold */, "suppress" arg /* Suppress threshold */, "enable" /* Enable interface damping */ ) ), "link-degrade-monitor" ( /* Enable link degrade monitoring */ c( c( "link-degrade-monitor-enable" /* Enable Link Degrade Monitoring */, "no-link-degrade-monitor-enable" /* Disable Link Degrade Monitoring */ ), "actions" ( /* Action upon link degrade event */ c( c( "media-based" /* Media based */ ) ) ), "recovery" ( /* Link degrade recovery mechanism */ c( "timer" arg /* Auto recovery timer in seconds */, c( "auto" /* Automatic recovery */, "manual" /* Manual recovery */ ) ) ), "thresholds" ( /* Link degrade threshold parameters */ c( "set" arg /* BER at which link considered degraded(1..16) */, "clear" arg /* BER at which link considered improved(1..16) */, "warning-set" arg /* BER at which link degrade warning raised(1..16) */, "warning-clear" arg /* BER at which link degrade warning cleared(1..16) */, "interval" arg /* Consecutive link degrade events */ ) ) ) ), "satop-options" ( /* Structure-Agnostic TDM over Packet protocol options */ c( "idle-pattern" arg /* An 8-bit hexadecimal pattern to replace TDM data in a lost packet */, "payload-size" arg /* Number of payload bytes per packet */, "excessive-packet-loss-rate" ( /* Packet loss options */ c( "threshold" arg /* Percentile designating the threshold of excessive packet loss rate */, "sample-period" arg /* Number of milliseconds over which excessive packet loss rate is calculated */ ) ), c( "jitter-buffer-packets" arg /* Number of packets in jitter buffer before packet data is played out in the line */, "jitter-buffer-latency" arg /* Number of milliseconds delay in jitter buffer before packet data is played out in the line */, "jitter-buffer-auto-adjust" /* Automatically adjust jitter buffer */ ), "bit-rate" arg /* In multiples of DS0 */ ) ), "cesopsn-options" ( /* Structure-Aware TDM over Packet protocol options */ c( "idle-pattern" arg /* An 8-bit hexadecimal pattern to replace TDM data in a lost packet */, "packetization-latency" arg /* Number of microseconds to create packets */, "payload-size" arg /* Number of payload bytes per packet */, "excessive-packet-loss-rate" ( /* Packet loss options */ c( "threshold" arg /* Percentile designating the threshold of excessive packet loss rate */, "sample-period" arg /* Number of milliseconds over which excessive packet loss rate is calculated */ ) ), c( "jitter-buffer-packets" arg /* Number of packets in jitter buffer before packet data is played out in the line */, "jitter-buffer-latency" arg /* Number of milliseconds delay in jitter buffer before packet data is played out in the line */, "jitter-buffer-auto-adjust" /* Automatically adjust jitter buffer */ ), "bit-rate" arg /* In multiples of DS0 */ ) ), "ima-group-options" ( /* IMA group options */ c( "frame-length" ( /* Frame length (cells) */ ("32" | "64" | "128" | "256") ), "symmetry" ( /* Symmetry of IMA group */ ("symmetrical-config-and-operation" | "symmetrical-config-asymmetrical-operation") ), "transmit-clock" ( /* Transmit clock */ ("common" | "independent") ), "version" ( /* IMA specification version */ ("1.0" | "1.1") ), "minimum-links" ( /* IMA group minimum active links */ c( c( arg ) ) ), "frame-synchronization" ( /* IMA group frame synchronization state parameters */ c( "alpha" arg /* Consecutive invalid ICP cells */, "beta" arg /* Consecutive errored ICP cells */, "gamma" arg /* Consecutive valid ICP cells */ ) ), "test-procedure" ( /* IMA group test pattern procedure */ c( "period" arg /* Length of IMA pattern test */, "interface" ( /* Interface name of the IMA link to test */ interface_device /* Interface name of the IMA link to test */ ), "pattern" arg /* IMA test pattern */ ) ), "differential-delay" arg /* Maximum differential delay among links in the IMA group */ ) ), "ima-link-options" ( /* IMA link options */ c( "group-id" arg /* IMA group ID this IMA link belongs to */ ) ), "multi-chassis-protection" ( /* Inter-Chassis protection configuration */ multi_chassis_protection_group /* Inter-Chassis protection configuration */ ), "clocking" ( /* Interface clock source */ sc( c( "internal" /* Clocking provided by local system */, "external" /* Clocking provided by DCE (loop timing) */ ) ) ).as(:oneline), "link-mode" ( /* Link operational mode */ ("automatic" | "half-duplex" | "full-duplex") ), "media-type" ( /* Interface media type (copper or fiber) */ ("copper" | "fiber") ), "encapsulation" ( /* Physical link-layer encapsulation */ ("ethernet" | "fddi" | "token-ring" | "ppp" | "ppp-ccc" | "ppp-tcc" | "ether-vpls-ppp" | "frame-relay" | "frame-relay-ccc" | "frame-relay-tcc" | "extended-frame-relay-ccc" | "extended-frame-relay-tcc" | "flexible-frame-relay" | "frame-relay-port-ccc" | "frame-relay-ether-type" | "frame-relay-ether-type-tcc" | "extended-frame-relay-ether-type-tcc" | "cisco-hdlc" | "cisco-hdlc-ccc" | "cisco-hdlc-tcc" | "vlan-ccc" | "extended-vlan-ccc" | "ethernet-ccc" | "flexible-ethernet-services" | "smds-dxi" | "atm-pvc" | "atm-ccc-cell-relay" | "ethernet-over-atm" | "ethernet-tcc" | "extended-vlan-tcc" | "multilink-frame-relay-uni-nni" | "satop" | "cesopsn" | "ima" | "ethernet-vpls" | "ethernet-bridge" | "vlan-vpls" | "vlan-vci-ccc" | "extended-vlan-vpls" | "extended-vlan-bridge" | "multilink-ppp" | "generic-services") ), "esi" ( /* ESI configuration of multi-homed interface */ c( "auto-derive" ( /* Auto-derive ESI value for the interface */ c( c( "lacp" /* Auto-derive ESI from lacp */ ) ) ), esi /* ESI value for the interface */, c( "single-active" /* Single-active mode */, "all-active" /* All-active mode */ ), "df-election-granularity" ( /* DF Election Granularity Selection */ c( c( "per-esi" ( /* DF Election Granularity Per Esi */ c( "lacp-oos-on-ndf" /* Lacp Oos */ ) ), "per-esi-vlan" /* Per Esi Vlan */ ) ) ), "df-election-type" ( /* DF Election Type */ c( c( "preference" ( /* Preference based DF election */ c( "value" arg /* Preference value for EVPN Multihoming DF election */ ) ) ), c( "mod" /* MOD based DF election */ ) ) ), "source-bmac" ( /* Unicast Source B-MAC address per ESI for PBB-EVPN */ mac_unicast /* Unicast Source B-MAC address per ESI for PBB-EVPN */ ) ) ), "framing" ( /* Frame type */ c( c( "lan-phy" /* 802.3ae 10-Gbps LAN-mode interface */, "wan-phy" /* 802.3ae 10-Gbps WAN-mode interface */, "sonet" /* SONET framing */, "sdh" /* SDH framing */ ), "precise-bandwidth" /* Use precise bandwidth for 10G wan-phy interface */ ) ), "unidirectional" /* Unidirectional Mode */, "lmi" ( /* Local Management Interface settings */ c( "n391dte" arg /* DTE full status polling interval */, "n392dce" arg /* DCE error threshold */, "n392dte" arg /* DTE error threshold */, "n393dce" arg /* DCE monitored event count */, "n393dte" arg /* DTE monitored event count */, "t391dte" arg /* DTE polling timer */, "t392dce" arg /* DCE polling verification timer */, "lmi-type" ( /* Specify the Frame Relay LMI type */ ("ansi" | "itu" | "c-lmi") ) ) ), "mlfr-uni-nni-bundle-options" ( /* Multilink Frame Relay UNI NNI (FRF.16) management settings */ c( "cisco-interoperability" ( /* FRF.16 Cisco interoperability settings */ c( "send-lip-remove-link-for-link-reject" /* Send Link Integrity Protocol remove link on receiving add-link rejection */ ) ), "mrru" arg /* Maximum received reconstructed unit */, "yellow-differential-delay" arg /* Yellow differential delay among bundle links to give warning */, "red-differential-delay" arg /* Red differential delay among bundle links to take action */, "action-red-differential-delay" ( /* Type of actions when differential delay exceeds red limit */ ("remove-link" | "disable-tx") ), "fragment-threshold" arg /* Fragmentation threshold */, "drop-timeout" arg /* Drop timeout */, "link-layer-overhead" ( /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ unsigned_float /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ ), "lmi-type" ( /* Specify the multilink Frame Relay UNI NNI LMI type */ ("ansi" | "itu" | "c-lmi") ), "minimum-links" arg /* Minimum number of links to sustain the bundle */, "hello-timer" arg /* LIP hello timer */, "acknowledge-timer" arg /* LIP ack timer */, "acknowledge-retries" arg /* LIP ack retry times */, "n391" arg /* Multilink Frame Relay UNI NNI full status polling counter */, "n392" arg /* Multilink Frame Relay UNI NNI LMI error threshold */, "n393" arg /* Multilink Frame Relay UNI NNI LMI monitored event count */, "t391" arg /* Multilink Frame Relay UNI NNI link integrity verify polling timer */, "t392" arg /* Multilink Frame Relay UNI NNI polling verification timer */ ) ), "mac" ( /* Hardware MAC address */ mac_unicast /* Hardware MAC address */ ), "receive-bucket" ( /* Set receive bucket parameters */ dcd_rx_bucket_config /* Set receive bucket parameters */ ), "transmit-bucket" ( /* Set transmit bucket parameters */ dcd_tx_bucket_config /* Set transmit bucket parameters */ ), "shared-interface" /* Enable shared interface on the interface */, "sonet-options" ( /* SONET interface-specific options */ sonet_options_type /* SONET interface-specific options */ ), "logical-tunnel-options" ( /* Logical Tunnel interface-specific options */ c( "link-protection" ( /* Enable link protection mode */ c( "revertive" /* Revert back (Default mode) from active backup link to primary, if primary is UP */, "non-revertive" /* Do not revert back from active backup link to primary, if primary is UP */ ) ), "per-unit-mac-disable" /* Disable the creation of per unit mac address on LT IFLs for VPLS/CCC encaps */, "load-balance" ( aggregate_load_balance ) ) ), "aggregated-sonet-options" ( /* Aggregated SONET interface-specific options */ c( "minimum-links" arg /* Minimum number of aggregated links */, "link-speed" ( /* Aggregated links speed */ ("oc3" | "oc12" | "oc48" | "oc192" | "oc768" | "mixed") ), "minimum-bandwidth" arg /* Minimum bandwidth necessary to sustain bundle */ ) ), "atm-options" ( /* ATM interface-specific options */ c( "pic-type" ( /* Type of ATM PIC (ATM I, ATM II or ATM CE) */ ("atm-ce" | "atm2" | "atm1") ), "cell-bundle-size" arg /* L2 circuit cell bundle size */, "cell-bundle-timeout" arg /* L2 circuit cell bundle timeout */, "plp-to-clp" /* Enable ATM2 PLP to CLP copy */, "use-null-cw" /* Always insert/strip null control words with cell-relay */, "promiscuous-mode" ( /* Set ATM interface to promiscuous mode */ c( "vpi" arg /* Open this VPI in promiscuous mode */.as(:oneline) ) ), "vpi" arg ( /* Define a virtual path */ c( "maximum-vcs" arg /* Maximum number of virtual circuits on this VP */, "shaping" ( /* Virtual path traffic-shaping options */ dcd_shaping_config /* Virtual path traffic-shaping options */ ), "oam-period" ( /* F4 OAM cell period */ sc( c( arg, "disable" /* Disable F4 OAM loopback */.as(:oneline) ) ) ).as(:oneline), "oam-liveness" ( /* F4 OAM virtual path liveness parameters */ c( "up-count" arg /* Number of F4 OAM cells to consider VP up */, "down-count" arg /* Number of F4 OAM cells to consider VP down */ ) ) ) ), "ilmi" /* Enable Interim Local Management Interface */, "linear-red-profiles" arg ( /* ATM2 CoS virtual circuit drop profiles */ sc( "queue-depth" arg /* Maximum queue depth */, "high-plp-threshold" arg /* Fill level percentage when linear RED is applied for high PLP */, "low-plp-threshold" arg /* Fill level percentage when linear RED is applied for low PLP */, "high-plp-max-threshold" arg /* Fill level percentage with 100 percent packet drop for high PLP */, "low-plp-max-threshold" arg /* Fill level percentage with 100 percent packet drop for low PLP */ ) ).as(:oneline), "scheduler-maps" arg ( /* ATM2 CoS parameters assigned to forwarding classes */ c( "vc-cos-mode" ( /* ATM2 virtual circuit CoS mode */ ("strict" | "alternate") ), "forwarding-class" arg ( /* Scheduling parameters associated with forwarding class */ c( "priority" ( /* Queuing priority assigned to forwarding class */ ("low" | "high") ), "transmit-weight" ( /* Transmit weight */ sc( c( "percent" arg /* Transmit weight as percentage */, "cells" arg /* Transmit weight by cells count */ ) ) ).as(:oneline), c( "epd-threshold" ( /* Early packet discard threshold for ATM2 */ epd_threshold_config /* Early packet discard threshold for ATM2 */ ).as(:oneline), "linear-red-profile" arg /* Linear RED profile profile name */ ) ) ) ) ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "payload-scrambler" /* Enable payload scrambling */, "no-payload-scrambler" /* Don't enable payload scrambling */ ) ), "multiservice-options" ( /* Multiservice interface-specific options */ c( "syslog" /* Enable system logging on this interface */, "no-syslog" /* Don't enable system logging on this interface */, "core-dump" /* Enable core dumping on this interface */, "no-core-dump" /* Don't enable core dumping on this interface */, "dump-on-flow-control" /* Enable dumping for this interface on prolonged flow-control */, "no-dump-on-flow-control" /* Don't enable dumping for this interface on prolonged flow-control */, "reset-on-flow-control" /* Enable resetting this interface on prolonged flow-control */, "no-reset-on-flow-control" /* Don't enable resetting this interface on prolonged flow-control */, "flow-control-options" ( /* Flow control configuration */ c( "dump-on-flow-control" /* Cause core dump during prolonged flow-control */, "reset-on-flow-control" /* Reset interface during prolonged flow-control */, "down-on-flow-control" /* Bring interface down during prolonged flow-control */, "up-on-flow-control" /* Keep interface up during prolonged flow-control */ ) ) ) ), "ggsn-options" ( /* GGSN interface-specific options */ c( "syslog" /* Enable system logging on this interface */, "no-syslog" /* Don't enable system logging on this interface */, "core-dump" /* Enable core dumping on this interface */, "no-core-dump" /* Don't enable core dumping on this interface */ ) ), "ppp-options" ( /* Point-to-Point Protocol (PPP) interface-specific options */ ppp_options_type /* Point-to-Point Protocol (PPP) interface-specific options */ ), "redundancy-options" ( /* Redundancy options */ c( "primary" ( /* Specify the primary interface */ interface_device /* Specify the primary interface */ ), "secondary" ( /* Specify the secondary interface */ interface_device /* Specify the secondary interface */ ), "redundancy-peer" ( /* Specify information for peer */ c( "ipaddress" ( /* Specify the IP address */ ipv4addr /* Specify the IP address */ ) ) ), "redundancy-local" ( /* Specify information for the local peer */ c( "data-address" ( /* Specify the HA local data IP address */ ipv4addr /* Specify the HA local data IP address */ ) ) ), "routing-instance" arg /* Specify routing-instance for the HA traffic */, "replication-threshold" arg /* Duration for which flow should remain active for replication */, "replication-options" ( /* Specify state replication attributes */ c( "mtu" arg /* Specify the maximal packet size for replicated data */ ) ), "replicate-services" ( /* Replicate services state from active to backup */ c( "pgcp" /* Replicate the PGCP service state */ ) ) ) ), "load-balancing-options" ( /* Load-balancing on services pics */ c( "member-interface" arg, "member-failure-options" ( /* Load balancing member failure handling options */ c( c( "redistribute-all-traffic" ( /* On a member failure, redistribute traffic to ams */ c( "enable-rejoin" /* Failed member can rejoin after recovery */ ) ), "drop-member-traffic" ( /* On a member failure, drop its traffic */ c( "rejoin-timeout" arg /* Wait time(in seconds) for failed member to rejoin */, "enable-rejoin" /* Failed member can join after recovery */ ) ) ) ) ), "no-bundle-flap" /* No bundle flap on member addition - recommended only with IPSec services */, "high-availability-options" ( /* High Availability options for Load-balancing */ c( c( "many-to-one" ( /* N:1 High Availability model */ c( "preferred-backup" ( /* Preferred backup Interface name */ interface_device /* Preferred backup Interface name */ ) ) ), "one-to-one" ( /* 1:1 High Availability model */ c( "preferred-backup" ( /* Preferred backup Interface name */ interface_device /* Preferred backup Interface name */ ) ) ) ) ) ) ) ), "aggregated-inline-services-options" ( /* Aggregated Inline Service interface specific options */ c( "primary-interface" ( /* Specify the primary interface */ interface_device /* Specify the primary interface */ ), "secondary-interface" ( /* Specify the secondary interface */ interface_device /* Specify the secondary interface */ ) ) ), "anchoring-options" ( /* Groups anchoring PFEs or FPCs together. */ c( "apfe-group-set" arg /* Ties up different anchoring groups to share similar fate */, "primary-list" arg /* Primary anchoring PFE name. */, "secondary" ( /* Secondary anchoring PFE name. */ c( arg /* Anchoring PFE name. */ ) ), c( "warm-standby" /* Delayed failover to secondary when primary fails */ ) ) ), "lsq-failure-options" ( /* Link services queuing failure options */ c( "trigger-link-failure" arg /* Link on which to trigger failure */, "no-termination-request" /* Do not send PPP termination requests */, "no-no-termination-request" /* Don't do not send PPP termination requests */ ) ), "redundancy-group" ( /* Redundancy group configuration */ c( "member-interface" arg ( /* Member interface for the redundancy group */ c( c( "active" /* Active interface */, "backup" /* Backup interface */ ) ) ), "maximum-links" arg ) ), "services-options" ( /* Services interface-specific options */ c( "syslog" ( /* Define system log parameters */ log_object /* Define system log parameters */ ), "jflow-log" ( /* Define Jflow-log parameters. */ c( "message-rate-limit" arg /* Maximum jflow-log NAT error events allowed per second from this interface */ ) ), "deterministic-nat-configuration-log-interval" ( /* Define Deterministic NAT parameters */ c( "interval" arg /* Interval in which deterministic NAT logs are generated */ ) ), "open-timeout" arg /* Timeout period for TCP session establishment */, "close-timeout" arg /* Timeout period for TCP session tear-down */, "inactivity-timeout" arg /* Inactivity timeout period for established sessions (4..86400) */, "inactivity-tcp-timeout" arg /* Inactivity timeout period for TCP established sessions */, "inactivity-asymm-tcp-timeout" arg /* Inactivity timeout period for asymmetric TCP established sessions */, "inactivity-non-tcp-timeout" arg /* Inactivity timeout period for non-TCP established sessions */, "session-timeout" arg /* Session timeout period for established sessions */, "disable-global-timeout-override" /* Disallow overriding global inactivity or session timeout */, "tcp-tickles" arg /* Number of TCP keep-alive packets to be sent for bi-directional TCP flows */, "trio-flow-offload" ( /* Allow PIC to offload flows to Trio-based PFE */ c( "minimum-bytes" arg /* Attempt flow offload after minimum bytes are seen on the flow */ ) ), "fragment-limit" arg /* Maximum number of fragments allowed for a packet */, "reassembly-timeout" arg /* Re-assembly timeout (seconds) for fragments of a packet */, "cgn-pic" /* PIC will be used for Carrier Grade NAT configuration only */, "pba-interim-logging-interval" arg /* Interim logging interval in seconds */, "session-limit" ( /* Session limit */ c( "maximum" arg /* Maximum number of sessions allowed simultaneously */, "rate" arg /* Maximum number of new sessions allowed per second */, "cpu-load-threshold" arg /* CPU limit in percentage for auto-tuning of session rate */ ) ), "enable-subscriber-analysis" /* Enable subscriber analysis on the interface */, "disable-subscriber-analysis" /* Disable subscriber analysis on the interface */, "disable-usp-tracing" /* Disable usp tracing on this pic */, "disable-drop-flows" /* Disable drop flows on this pic */, "ignore-errors" ( /* Ignore anomalies or errors */ sc( "tcp" /* TCP protocol errors */, "alg" /* ALG anomalies or errors */ ) ).as(:oneline), "capture" ( /* Packet capture for SFW and NAT on the Services PIC */ c( "capture-size" arg /* The number of packets to store */, "pkt-size" arg /* Number of bytes to be saved from each packet */, "logs-per-packet" arg /* The number of trace messages stored for each packet */, "max-log-line-size" arg /* The maximum length of a stored trace message */, "filter" ( /* Filtering options for the packet capture */ c( "source-ip" ( /* Filter based on source-ip (and wildcard) */ sc( "wildcard" ( /* Source IP wildcard */ ipaddr /* Source IP wildcard */ ), ipaddr /* Source IP */ ) ).as(:oneline), "dest-ip" ( /* Filter based on dest-ip (and wildcard) */ sc( "wildcard" ( /* Dest IP wildcard */ ipaddr /* Dest IP wildcard */ ), ipaddr /* Dest IP */ ) ).as(:oneline), "sw-sip" ( /* Filter based on source softwire ip (and wildcard) */ sc( "wildcard" ( /* Source IP wildcard */ ipv6addr /* Source IP wildcard */ ), ipv6addr /* Source softwire IP */ ) ).as(:oneline), "sw-dip" ( /* Filter based on destination softwire ip (and wildcard) */ sc( "wildcard" ( /* Destination IP wildcard */ ipaddr /* Destination IP wildcard */ ), ipaddr /* Destination softwire IP */ ) ).as(:oneline), "sport-range" ( /* Filter based on source port */ sc( "low" arg /* Source port range start */, "high" arg /* Source port range end */ ) ).as(:oneline), "dport-range" ( /* Filter based on destination port */ sc( "low" arg /* Destination port range start */, "high" arg /* Destination port range end */ ) ).as(:oneline), "proto" ( /* Filter based on L4 protocol */ ("icmp" | "tcp" | "udp") ) ) ) ) ), "flow" ( /* Define flow parameters */ c( "traceoptions" /* Trace options for flow services */ ) ), "fpc-pic-information" /* Include FPC and PIC slot number in the syslogs */, "utc-timestamp" /* Use UTC time for security log timestamps */, "syslog-local-system-timestamp" /* Use local system time for services syslog timestamp */ ) ), "t3-options" ( /* T3 interface-specific options */ c( "loopback" ( /* Loopback mode */ ("local" | "remote" | "payload") ), "long-buildout" /* Set hardware to drive line longer than 255 feet */, "no-long-buildout" /* Don't set hardware to drive line longer than 255 feet */, "loop-timing" /* Set loop timing for T3 */, "no-loop-timing" /* Don't set loop timing for T3 */, "unframed" /* Enable unframed mode */, "no-unframed" /* Don't enable unframed mode */, "compatibility-mode" ( /* Set CSU compatibility mode */ sc( c( "larscom" ( /* Compatible with Larscom CSU */ sc( "subrate" arg /* Set subrate value */ ) ).as(:oneline), "verilink" ( /* Compatible with Verilink CSU (not on 2/4-port T3 PIC) */ sc( "subrate" arg /* Set subrate value */ ) ).as(:oneline), "adtran" ( /* Compatible with Adtran CSU (not on 2/4-port T3 PIC) */ sc( "subrate" arg /* Set subrate value */ ) ).as(:oneline), "kentrox" ( /* Compatible with Kentrox CSU */ sc( "subrate" arg /* Set subrate value (not on 2/4-port T3 PIC) */ ) ).as(:oneline), "digital-link" ( /* Compatible with Digital Link CSU */ sc( "subrate" ( /* Set subrate value */ ("301Kb" | "601Kb" | "902Kb" | "1.2Mb" | "1.5Mb" | "1.8Mb" | "2.1Mb" | "2.4Mb" | "2.7Mb" | "3.0Mb" | "3.3Mb" | "3.6Mb" | "3.9Mb" | "4.2Mb" | "4.5Mb" | "4.8Mb" | "5.1Mb" | "5.4Mb" | "5.7Mb" | "6.0Mb" | "6.3Mb" | "6.6Mb" | "6.9Mb" | "7.2Mb" | "7.5Mb" | "7.8Mb" | "8.1Mb" | "8.4Mb" | "8.7Mb" | "9.0Mb" | "9.3Mb" | "9.6Mb" | "9.9Mb" | "10.2Mb" | "10.5Mb" | "10.8Mb" | "11.1Mb" | "11.4Mb" | "11.7Mb" | "12.0Mb" | "12.3Mb" | "12.6Mb" | "12.9Mb" | "13.2Mb" | "13.5Mb" | "13.8Mb" | "14.1Mb" | "14.4Mb" | "14.7Mb" | "15.0Mb" | "15.3Mb" | "15.6Mb" | "15.9Mb" | "16.2Mb" | "16.5Mb" | "16.8Mb" | "17.1Mb" | "17.4Mb" | "17.7Mb" | "18.0Mb" | "18.3Mb" | "18.6Mb" | "18.9Mb" | "19.2Mb" | "19.5Mb" | "19.8Mb" | "20.1Mb" | "20.5Mb" | "20.8Mb" | "21.1Mb" | "21.4Mb" | "21.7Mb" | "22.0Mb" | "22.3Mb" | "22.6Mb" | "22.9Mb" | "23.2Mb" | "23.5Mb" | "23.8Mb" | "24.1Mb" | "24.4Mb" | "24.7Mb" | "25.0Mb" | "25.3Mb" | "25.6Mb" | "25.9Mb" | "26.2Mb" | "26.5Mb" | "26.8Mb" | "27.1Mb" | "27.4Mb" | "27.7Mb" | "28.0Mb" | "28.3Mb" | "28.6Mb" | "28.9Mb" | "29.2Mb" | "29.5Mb" | "29.8Mb" | "30.1Mb" | "30.4Mb" | "30.7Mb" | "31.0Mb" | "31.3Mb" | "31.6Mb" | "31.9Mb" | "32.2Mb" | "32.5Mb" | "32.8Mb" | "33.1Mb" | "33.4Mb" | "33.7Mb" | "34.0Mb" | "34.3Mb" | "34.6Mb" | "34.9Mb" | "35.2Mb" | "35.5Mb" | "35.8Mb" | "36.1Mb" | "36.4Mb" | "36.7Mb" | "37.0Mb" | "37.3Mb" | "37.6Mb" | "37.9Mb" | "38.2Mb" | "38.5Mb" | "38.8Mb" | "39.1Mb" | "39.4Mb" | "39.7Mb" | "40.0Mb" | "40.3Mb" | "40.6Mb" | "40.9Mb" | "41.2Mb" | "41.5Mb" | "41.8Mb" | "42.1Mb" | "42.4Mb" | "42.7Mb" | "43.0Mb" | "43.3Mb" | "43.6Mb" | "43.9Mb" | "44.2Mb") ) ) ).as(:oneline) ) ) ).as(:oneline), "payload-scrambler" /* Enable payload scrambling */, "no-payload-scrambler" /* Don't enable payload scrambling */, "cbit-parity" /* Enable C-bit parity mode */, "no-cbit-parity" /* Don't enable C-bit parity mode */, "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "feac-loop-respond" /* Respond to FEAC loop requests */, "no-feac-loop-respond" /* Don't respond to FEAC loop requests */, "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */, "buildout" arg /* Line buildout */, "atm-encapsulation" ( /* DS-3 interface encapsulation */ ("plcp" | "direct") ) ) ), "e3-options" ( /* E3 interface-specific options */ c( "loopback" ( /* Loopback mode */ ("local" | "remote") ), "unframed" /* Enable unframed mode */, "no-unframed" /* Don't enable unframed mode */, "compatibility-mode" ( /* Set CSU compatibility mode */ sc( c( "larscom" /* Compatible with Larscom CSU (only non IQ E3 interfaces) */, "digital-link" ( /* Compatible with Digital Link CSU */ sc( "subrate" ( /* Set subrate value */ ("358Kb" | "716Kb" | "1.1Mb" | "1.4Mb" | "1.8Mb" | "2.1Mb" | "2.5Mb" | "2.9Mb" | "3.2Mb" | "3.6Mb" | "3.9Mb" | "4.3Mb" | "4.7Mb" | "5.0Mb" | "5.4Mb" | "5.7Mb" | "6.1Mb" | "6.4Mb" | "6.8Mb" | "7.2Mb" | "7.5Mb" | "7.9Mb" | "8.2Mb" | "8.6Mb" | "9.0Mb" | "9.3Mb" | "9.7Mb" | "10.0Mb" | "10.4Mb" | "10.7Mb" | "11.1Mb" | "11.5Mb" | "11.8Mb" | "12.2Mb" | "12.5Mb" | "12.9Mb" | "13.2Mb" | "13.6Mb" | "14.0Mb" | "14.3Mb" | "14.7Mb" | "15.0Mb" | "15.4Mb" | "15.8Mb" | "16.1Mb" | "16.5Mb" | "16.8Mb" | "17.2Mb" | "17.5Mb" | "17.9Mb" | "18.3Mb" | "18.6Mb" | "19.0Mb" | "19.3Mb" | "19.7Mb" | "20.0Mb" | "20.4Mb" | "20.8Mb" | "21.1Mb" | "21.5Mb" | "21.8Mb" | "22.2Mb" | "22.6Mb" | "22.9Mb" | "23.3Mb" | "23.6Mb" | "24.0Mb" | "24.3Mb" | "24.7Mb" | "25.1Mb" | "25.4Mb" | "25.8Mb" | "26.1Mb" | "26.5Mb" | "26.9Mb" | "27.2Mb" | "27.6Mb" | "27.9Mb" | "28.3Mb" | "28.6Mb" | "29.0Mb" | "29.4Mb" | "29.7Mb" | "30.1Mb" | "30.4Mb" | "30.8Mb" | "31.1Mb" | "31.5Mb" | "31.9Mb" | "32.2Mb" | "32.6Mb" | "32.9Mb" | "33.3Mb" | "33.7Mb" | "34.0Mb") ) ) ).as(:oneline), "kentrox" ( /* Compatible with Kentrox CSU */ sc( "subrate" arg /* Set subrate value (only for E3 IQ interfaces) */ ) ).as(:oneline) ) ) ).as(:oneline), "payload-scrambler" /* Enable payload scrambling */, "no-payload-scrambler" /* Don't enable payload scrambling */, "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "invert-data" /* Invert data */, "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */, "buildout" arg /* Line buildout */, "atm-encapsulation" ( /* E3 interface encapsulation */ ("plcp" | "direct") ), "framing" ( /* E3 line format */ ("g.751" | "g.832") ) ) ), "e1-options" ( /* E1 interface-specific options */ c( "timeslots" arg /* Timeslots (1..32); for example, 1-4,6,9-11,32 (no space) */, "loopback" ( /* Loopback mode */ ("local" | "remote") ), "framing" ( /* Framing mode */ ("g704" | "unframed" | "g704-no-crc4") ), "fcs" ( /* Frame checksum */ ("32" | "16") ), "invert-data" /* Invert data */, "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */ ) ), "t1-options" ( /* T1 interface-specific options */ c( "timeslots" arg /* Timeslots (1..24; for example, 1-3,4,9,22-24 (no space) */, "voice-timeslots" arg /* Voice timeslots (1..24),for example, 1-3,4,9,22-24 (no space) */, "disable-remote-alarm-detection" ( /* Disable detection of a remote alarm */ ("yellow") ), "loopback" ( /* Loopback mode */ ("local" | "remote" | "payload") ), "buildout" ( /* Line buildout */ ("0-132" | "133-265" | "266-398" | "399-531" | "532-655" | "long-0db" | "long-7.5db" | "long-15db" | "long-22.5db") ), "byte-encoding" ( /* Byte encoding */ ("nx64" | "nx56") ), "line-encoding" ( /* Line encoding */ ("ami" | "b8zs") ), "invert-data" /* Invert data */, "framing" ( /* Framing mode */ ("sf" | "esf") ), "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */, "remote-loopback-respond" /* Respond to loop requests from remote end */, "crc-major-alarm-threshold" ( /* CRC Major alarm threshold value */ ("1e-3" | "5e-4" | "1e-4" | "5e-5" | "1e-5") ), "crc-minor-alarm-threshold" ( /* CRC Minor alarm threshold value */ ("1e-3" | "5e-4" | "1e-4" | "5e-5" | "1e-5" | "5e-6" | "1e-6") ), "alarm-compliance" ( /* Enforce standard for alarm reporting */ ("accunet-t1-5-service") ) ) ), "ds0-options" ( /* DS-0 interface-specific options */ c( "loopback" ( /* Loopback mode */ ("payload") ), "byte-encoding" ( /* Byte encoding */ ("nx64" | "nx56") ), "invert-data" /* Invert data */, "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4" | "repeating-1-in-16") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */ ) ), "serial-options" ( /* Serial interface-specific options */ c( "line-protocol" ( /* Line protocol to be used */ ("eia530" | "v.35" | "x.21") ), c( "dte-options" ( /* DTE options/control leads */ c( "ignore-all" /* Ignore all control leads */, "dtr" ( /* Data Transmit Ready signal handling */ sc( c( "assert" /* Assert DTR signal */, "de-assert" /* Deassert DTR signal */, "normal" /* Normal DTR signal */, "auto-synchronize" ( /* Normal DTR signal, with autoresynchronization */ c( "duration" arg /* Duration of autoresynchronization */, "interval" arg /* Interval for autoresynchronization */ ) ) ) ) ).as(:oneline), "control-signal" ( /* X.21 control signal handling */ ("assert" | "de-assert" | "normal") ), "rts" ( /* Request To Send signal handling */ ("assert" | "de-assert" | "normal") ), "dcd" ( /* Data Carrier Detect signal handling */ ("require" | "ignore" | "normal") ), "dsr" ( /* Data Set Ready signal handling */ ("require" | "ignore" | "normal") ), "cts" ( /* Clear To Send signal handling */ ("require" | "ignore" | "normal") ), "indication" ( /* X.21 Indication signal handling */ ("require" | "ignore" | "normal") ), "tm" ( /* Test Mode signal handling */ ("require" | "ignore" | "normal") ) ) ), "dce-options" ( /* DCE options */ c( "ignore-all" /* Ignore all control leads */, "dtr" ( /* Data Transmit Ready signal handling */ ("require" | "ignore" | "normal") ), "rts" ( /* Request To Send signal handling */ ("require" | "ignore" | "normal") ), "dcd" ( /* Data Carrier Detect signal handling */ ("assert" | "de-assert" | "normal") ), "dsr" ( /* Data Set Ready signal handling */ ("assert" | "de-assert" | "normal") ), "cts" ( /* Clear To Send signal handling */ ("assert" | "de-assert" | "normal") ), "tm" ( /* Test Mode signal handling */ ("require" | "ignore" | "normal") ), "dce-loopback-override" /* DCE loopback override */ ) ) ), "dtr-circuit" ( /* Data Transmit Ready circuit mode */ ("balanced" | "unbalanced") ), "dtr-polarity" ( /* Data Transmit Ready signal polarity */ ("positive" | "negative") ), "rts-polarity" ( /* Request To Send signal polarity */ ("positive" | "negative") ), "control-polarity" ( /* X.21 Control signal polarity */ ("positive" | "negative") ), "dcd-polarity" ( /* Data Carrier Detect signal polarity */ ("positive" | "negative") ), "dsr-polarity" ( /* Data Set Ready signal polarity */ ("positive" | "negative") ), "cts-polarity" ( /* Clear To Send signal polarity */ ("positive" | "negative") ), "indication-polarity" ( /* X.21 Indication signal polarity */ ("positive" | "negative") ), "tm-polarity" ( /* Test Mode signal polarity */ ("positive" | "negative") ), "clocking-mode" ( /* Clock mode */ ("dce" | "internal" | "loop") ), "transmit-clock" ( /* Transmit clock phase */ ("invert") ), "clock-rate" ( /* Interface clock rate */ ("2.048mhz" | "2.341mhz" | "2.731mhz" | "3.277mhz" | "4.096mhz" | "5.461mhz" | "8.192mhz" | "16.384mhz" | "1.2khz" | "2.4khz" | "9.6khz" | "19.2khz" | "38.4khz" | "56.0khz" | "64.0khz" | "72.0khz" | "125.0khz" | "148.0khz" | "250.0khz" | "500.0khz" | "800.0khz" | "1.0mhz" | "1.3mhz" | "2.0mhz" | "4.0mhz" | "8.0mhz") ), "loopback" ( /* Loopback mode */ ("local" | "remote" | "dce-local" | "dce-remote") ), "encoding" ( /* Line encoding */ ("nrz" | "nrzi") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ) ) ), "gratuitous-arp-reply" /* Enable gratuitous ARP reply */, "no-gratuitous-arp-reply" /* Don't enable gratuitous ARP reply */, "no-gratuitous-arp-request" /* Ignore gratuitous ARP request */, "no-no-gratuitous-arp-request" /* Don't ignore gratuitous ARP request */, "arp-l2-validate" /* Validate ARP against L2 */, "ether-options" ( /* Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "loopback-remote" /* Enable remote loopback */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "ethernet-switch-profile" ( /* Ethernet virtual LAN/media access control-level options */ c( "tag-protocol-id" arg /* IEEE 802.1q Tag Protocol Identifier values for VLAN-tagged frames */, "ethernet-policer-profile" ( /* Ethernet level CoS-based policer configuration */ c( "input-priority-map" ( /* Input policer priority map */ cos_policer_input_priority_map /* Input policer priority map */ ), "output-priority-map" ( /* Output policer priority map */ cos_policer_output_priority_map /* Output policer priority map */ ), "policer" ( /* Policer template definition */ cos_policer /* Policer template definition */ ) ) ), "storm-control" ( /* Storm control profile name to bind */ c( arg /* Profile name */ ) ), "recovery-timeout" ( /* Recovery timeout for this interface */ sc( arg ) ).as(:oneline), "mac-learn-enable" /* Learn MAC addresses dynamically */, "no-mac-learn-enable" /* Don't learn MAC addresses dynamically */ ) ), "asynchronous-notification" /* Enable sending asynchronous notification to peer on CCC-down */, "source-address-filter" arg /* Source address filters */.as(:oneline), "auto-negotiation" /* Enable auto-negotiation */, "no-auto-negotiation" /* Don't enable auto-negotiation */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "configured-flow-control" ( /* Enable flow control */ c( "rx-buffers" ( /* Enable/Disable Rx buffers */ ("on" | "off") ), "tx-buffers" ( /* Enable/Disable Tx buffers */ ("on" | "off") ) ) ), "link-mode" ( /* Link duplex */ ("automatic" | "half-duplex" | "full-duplex") ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "ignore-l3-incompletes" /* Ignore L3 incomplete errors */, "no-auto-mdix" /* Disable auto MDI/MDIX */, "fec" ( /* Forward Error Correction mode */ ("none" | "fec91" | "fec74" | "fec108") ), "speed" ( /* Specify speed */ c( c( "auto-negotiation" ( /* Enable auto-negotiation */ sc( "auto-negotiate-10-100" /* Limits the auto-negotiation to 10m/100m only */ ) ).as(:oneline), "ethernet-10m" /* 10Mbps */, "ethernet-100m" /* 100Mbps */, "ethernet-1g" /* 1Gbps */, "ethernet-10g" /* 10Gbps */ ) ) ), "ieee-802.3ad" ( /* IEEE 802.3ad */ c( "lacp" ( /* Link Aggregation Control Protocol configuration */ c( "force-up" /* Keep the port up in absence of received LACPDU */, "port-priority" arg /* Priority of the port (0 ... 65535) */ ) ), interface_device /* Join an aggregated Ethernet interface */, c( "primary" /* Primary interface for link-protection mode */, "backup" /* Backup interface for link-protection mode */ ), "link-protection-sub-group" ( /* Link Protection subgroup configuration */ c( arg ) ), "port-priority" arg /* Link protection Priority of the port (0 ... 65535) */ ) ), "ieee-802-3az-eee" /* IEEE 802.3az Energy Efficient Ethernet(EEE) */, "mdi-mode" ( /* Cable cross-over mode */ ("auto" | "force" | "mdi" | "mdix") ), "redundant-parent" ( /* Parent of this interface */ c( interface_device /* Join a redundant ethernet interface */ ) ), "autostate-exclude" /* Interface will not contribute to IRB state */ ) ), "fibrechannel-options" ( /* Fibre Channel interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "bb-sc-n" arg /* B2B state change number */, "speed" ( /* Specify speed */ ("auto-negotiation" | "1g" | "2g" | "4g" | "8g") ) ) ), "gigether-options" ( /* Gigabit Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "loopback-remote" /* Enable remote loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, c( "no-auto-negotiation" /* Disable auto-negotiation */, "auto-negotiation" ( /* Enable auto-negotiation */ sc( "remote-fault" ( ("local-interface-offline" | "local-interface-online") ) ) ).as(:oneline) ), "mac-mode" ( /* Physical layer protocol of MAC's SERDES interface */ ("sgmii" | "mac-mode-1000base-x") ), "asynchronous-notification" /* Enable sending asynchronous notification to peer on CCC-down */, "source-address-filter" arg /* Source address filters */.as(:oneline), "pad-to-minimum-frame-size" /* Pad Tx vlan tagged frame to minimum of 68 bytes */, "redundant-parent" ( /* Parent of this interface */ c( interface_device /* Join a redundant-ethernet interface */ ) ), "ieee-802.3ad" ( /* IEEE 802.3ad */ c( "lacp" ( /* Link Aggregation Control Protocol configuration */ c( "port-priority" arg /* Priority of the port (0 ... 65535) */ ) ), interface_device /* Join an aggregated Ethernet interface */, "link-index" arg /* Desired child link index within the Aggregated Interface */, c( "primary" /* Primary interface for link-protection mode */, "backup" /* Backup interface for link-protection mode */ ), "distribution-list" arg /* Distribution list to which interface belongs */ ) ), "ethernet-switch-profile" ( /* Ethernet virtual LAN/media access control-level options */ c( "tag-protocol-id" arg /* IEEE 802.1q Tag Protocol Identifier values for VLAN-tagged frames */, "ethernet-policer-profile" ( /* Ethernet level CoS-based policer configuration */ c( "ieee802.1-priority-map" ( /* Premium priority values for IEEE 802.1p bits */ c( "premium" arg /* Premium policer priority map */ ) ), "input-priority-map" ( /* Input policer priority map */ cos_policer_input_priority_map /* Input policer priority map */ ), "output-priority-map" ( /* Output policer priority map */ cos_policer_output_priority_map /* Output policer priority map */ ), "policer" ( /* Policer template definition */ cos_policer /* Policer template definition */ ) ) ), "accept-from" ( /* Accept traffic from or to specified remote MAC */ c( "mac-address" ( /* Remote MAC */ mac_list /* Remote MAC */ ) ) ), "reject-the-rest" /* Accept traffic from only the specified MAC addresses */, "no-reject-the-rest" /* Don't accept traffic from only the specified MAC addresses */, "mac-learn-enable" /* Learn MAC addresses dynamically */ ) ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "ignore-l3-incompletes" /* Ignore L3 incomplete errors */, "no-auto-mdix" /* Disable auto MDI/MDIX */, "ieee-802-3az-eee" /* IEEE 802.3az Energy Efficient Ethernet(EEE) */, "mru" arg /* Maximum receive packet size */, "fec" ( /* Forward Error Correction mode */ ("none" | "fec91" | "fec74" | "fec108") ), "speed" ( /* Speed mode */ ("1g" | "10g") ) ) ), "optics-options" ( /* Optics options */ c( "wavelength" ( /* Wavelength of the optics (nanometers) for 50Ghz/100Ghz spacing */ ("1568.77" | "1568.36" | "1568.31" | "1568.26" | "1568.21" | "1568.16" | "1568.11" | "1568.05" | "1568.00" | "1567.95" | "1567.90" | "1567.85" | "1567.80" | "1567.75" | "1567.70" | "1567.64" | "1567.59" | "1567.54" | "1567.49" | "1567.44" | "1567.39" | "1567.34" | "1567.29" | "1567.23" | "1567.18" | "1567.13" | "1567.08" | "1567.03" | "1566.98" | "1566.93" | "1566.88" | "1566.83" | "1566.77" | "1566.72" | "1566.67" | "1566.62" | "1566.57" | "1566.52" | "1566.47" | "1566.42" | "1566.36" | "1566.31" | "1566.26" | "1566.21" | "1566.16" | "1566.11" | "1566.06" | "1566.01" | "1565.96" | "1565.90" | "1565.85" | "1565.80" | "1565.75" | "1565.70" | "1565.65" | "1565.60" | "1565.55" | "1565.50" | "1565.44" | "1565.39" | "1565.34" | "1565.29" | "1565.24" | "1565.19" | "1565.14" | "1565.09" | "1565.04" | "1564.99" | "1564.93" | "1564.88" | "1564.83" | "1564.78" | "1564.73" | "1564.68" | "1564.63" | "1564.58" | "1564.53" | "1564.47" | "1564.42" | "1564.37" | "1564.32" | "1564.27" | "1564.22" | "1564.17" | "1564.12" | "1564.07" | "1564.02" | "1563.96" | "1563.91" | "1563.86" | "1563.81" | "1563.76" | "1563.71" | "1563.66" | "1563.61" | "1563.56" | "1563.51" | "1563.45" | "1563.40" | "1563.35" | "1563.30" | "1563.25" | "1563.20" | "1563.15" | "1563.10" | "1563.05" | "1563.00" | "1562.95" | "1562.89" | "1562.84" | "1562.79" | "1562.74" | "1562.69" | "1562.64" | "1562.59" | "1562.54" | "1562.49" | "1562.44" | "1562.39" | "1562.33" | "1562.28" | "1562.23" | "1562.18" | "1562.13" | "1562.08" | "1562.03" | "1561.98" | "1561.93" | "1561.88" | "1561.83" | "1561.77" | "1561.72" | "1561.67" | "1561.62" | "1561.57" | "1561.52" | "1561.47" | "1561.42" | "1561.37" | "1561.32" | "1561.27" | "1561.22" | "1561.16" | "1561.11" | "1561.06" | "1561.01" | "1560.96" | "1560.91" | "1560.86" | "1560.81" | "1560.76" | "1560.71" | "1560.66" | "1560.61" | "1560.56" | "1560.50" | "1560.45" | "1560.40" | "1560.35" | "1560.30" | "1560.25" | "1560.20" | "1560.15" | "1560.10" | "1560.05" | "1560.00" | "1559.95" | "1559.90" | "1559.84" | "1559.79" | "1559.74" | "1559.69" | "1559.64" | "1559.59" | "1559.54" | "1559.49" | "1559.44" | "1559.39" | "1559.34" | "1559.29" | "1559.24" | "1559.19" | "1559.14" | "1559.08" | "1559.03" | "1558.98" | "1558.93" | "1558.88" | "1558.83" | "1558.78" | "1558.73" | "1558.68" | "1558.63" | "1558.58" | "1558.53" | "1558.48" | "1558.43" | "1558.38" | "1558.32" | "1558.27" | "1558.22" | "1558.17" | "1558.12" | "1558.07" | "1558.02" | "1557.97" | "1557.92" | "1557.87" | "1557.82" | "1557.77" | "1557.72" | "1557.67" | "1557.62" | "1557.57" | "1557.52" | "1557.46" | "1557.41" | "1557.36" | "1557.31" | "1557.26" | "1557.21" | "1557.16" | "1557.11" | "1557.06" | "1557.01" | "1556.96" | "1556.91" | "1556.86" | "1556.81" | "1556.76" | "1556.71" | "1556.66" | "1556.61" | "1556.55" | "1556.50" | "1556.45" | "1556.40" | "1556.35" | "1556.30" | "1556.25" | "1556.20" | "1556.15" | "1556.10" | "1556.05" | "1556.00" | "1555.95" | "1555.90" | "1555.85" | "1555.80" | "1555.75" | "1555.70" | "1555.65" | "1555.60" | "1555.55" | "1555.49" | "1555.44" | "1555.39" | "1555.34" | "1555.29" | "1555.24" | "1555.19" | "1555.14" | "1555.09" | "1555.04" | "1554.99" | "1554.94" | "1554.89" | "1554.84" | "1554.79" | "1554.74" | "1554.69" | "1554.64" | "1554.59" | "1554.54" | "1554.49" | "1554.44" | "1554.39" | "1554.34" | "1554.29" | "1554.23" | "1554.18" | "1554.13" | "1554.08" | "1554.03" | "1553.98" | "1553.93" | "1553.88" | "1553.83" | "1553.78" | "1553.73" | "1553.68" | "1553.63" | "1553.58" | "1553.53" | "1553.48" | "1553.43" | "1553.38" | "1553.33" | "1553.28" | "1553.23" | "1553.18" | "1553.13" | "1553.08" | "1553.03" | "1552.98" | "1552.93" | "1552.88" | "1552.83" | "1552.78" | "1552.73" | "1552.68" | "1552.62" | "1552.57" | "1552.52" | "1552.47" | "1552.42" | "1552.37" | "1552.32" | "1552.27" | "1552.22" | "1552.17" | "1552.12" | "1552.07" | "1552.02" | "1551.97" | "1551.92" | "1551.87" | "1551.82" | "1551.77" | "1551.72" | "1551.67" | "1551.62" | "1551.57" | "1551.52" | "1551.47" | "1551.42" | "1551.37" | "1551.32" | "1551.27" | "1551.22" | "1551.17" | "1551.12" | "1551.07" | "1551.02" | "1550.97" | "1550.92" | "1550.87" | "1550.82" | "1550.77" | "1550.72" | "1550.67" | "1550.62" | "1550.57" | "1550.52" | "1550.47" | "1550.42" | "1550.37" | "1550.32" | "1550.27" | "1550.22" | "1550.17" | "1550.12" | "1550.07" | "1550.02" | "1549.97" | "1549.92" | "1549.87" | "1549.82" | "1549.77" | "1549.72" | "1549.67" | "1549.62" | "1549.57" | "1549.52" | "1549.47" | "1549.42" | "1549.37" | "1549.32" | "1549.26" | "1549.21" | "1549.16" | "1549.11" | "1549.06" | "1549.01" | "1548.96" | "1548.91" | "1548.86" | "1548.81" | "1548.76" | "1548.71" | "1548.66" | "1548.61" | "1548.56" | "1548.51" | "1548.46" | "1548.41" | "1548.36" | "1548.31" | "1548.26" | "1548.21" | "1548.16" | "1548.11" | "1548.06" | "1548.02" | "1547.97" | "1547.92" | "1547.87" | "1547.82" | "1547.77" | "1547.72" | "1547.67" | "1547.62" | "1547.57" | "1547.52" | "1547.47" | "1547.42" | "1547.37" | "1547.32" | "1547.27" | "1547.22" | "1547.17" | "1547.12" | "1547.07" | "1547.02" | "1546.97" | "1546.92" | "1546.87" | "1546.82" | "1546.77" | "1546.72" | "1546.67" | "1546.62" | "1546.57" | "1546.52" | "1546.47" | "1546.42" | "1546.37" | "1546.32" | "1546.27" | "1546.22" | "1546.17" | "1546.12" | "1546.07" | "1546.02" | "1545.97" | "1545.92" | "1545.87" | "1545.82" | "1545.77" | "1545.72" | "1545.67" | "1545.62" | "1545.57" | "1545.52" | "1545.47" | "1545.42" | "1545.37" | "1545.32" | "1545.27" | "1545.22" | "1545.17" | "1545.12" | "1545.07" | "1545.02" | "1544.97" | "1544.92" | "1544.87" | "1544.82" | "1544.77" | "1544.72" | "1544.68" | "1544.63" | "1544.58" | "1544.53" | "1544.48" | "1544.43" | "1544.38" | "1544.33" | "1544.28" | "1544.23" | "1544.18" | "1544.13" | "1544.08" | "1544.03" | "1543.98" | "1543.93" | "1543.88" | "1543.83" | "1543.78" | "1543.73" | "1543.68" | "1543.63" | "1543.58" | "1543.53" | "1543.48" | "1543.43" | "1543.38" | "1543.33" | "1543.28" | "1543.23" | "1543.18" | "1543.13" | "1543.08" | "1543.04" | "1542.99" | "1542.94" | "1542.89" | "1542.84" | "1542.79" | "1542.74" | "1542.69" | "1542.64" | "1542.59" | "1542.54" | "1542.49" | "1542.44" | "1542.39" | "1542.34" | "1542.29" | "1542.24" | "1542.19" | "1542.14" | "1542.09" | "1542.04" | "1541.99" | "1541.94" | "1541.89" | "1541.84" | "1541.80" | "1541.75" | "1541.70" | "1541.65" | "1541.60" | "1541.55" | "1541.50" | "1541.45" | "1541.40" | "1541.35" | "1541.30" | "1541.25" | "1541.20" | "1541.15" | "1541.10" | "1541.05" | "1541.00" | "1540.95" | "1540.90" | "1540.85" | "1540.80" | "1540.76" | "1540.71" | "1540.66" | "1540.61" | "1540.56" | "1540.51" | "1540.46" | "1540.41" | "1540.36" | "1540.31" | "1540.26" | "1540.21" | "1540.16" | "1540.11" | "1540.06" | "1540.01" | "1539.96" | "1539.91" | "1539.86" | "1539.82" | "1539.77" | "1539.72" | "1539.67" | "1539.62" | "1539.57" | "1539.52" | "1539.47" | "1539.42" | "1539.37" | "1539.32" | "1539.27" | "1539.22" | "1539.17" | "1539.12" | "1539.07" | "1539.03" | "1538.98" | "1538.93" | "1538.88" | "1538.83" | "1538.78" | "1538.73" | "1538.68" | "1538.63" | "1538.58" | "1538.53" | "1538.48" | "1538.43" | "1538.38" | "1538.33" | "1538.28" | "1538.24" | "1538.19" | "1538.14" | "1538.09" | "1538.04" | "1537.99" | "1537.94" | "1537.89" | "1537.84" | "1537.79" | "1537.74" | "1537.69" | "1537.64" | "1537.59" | "1537.55" | "1537.50" | "1537.45" | "1537.40" | "1537.35" | "1537.30" | "1537.25" | "1537.20" | "1537.15" | "1537.10" | "1537.05" | "1537.00" | "1536.95" | "1536.90" | "1536.86" | "1536.81" | "1536.76" | "1536.71" | "1536.66" | "1536.61" | "1536.56" | "1536.51" | "1536.46" | "1536.41" | "1536.36" | "1536.31" | "1536.26" | "1536.22" | "1536.17" | "1536.12" | "1536.07" | "1536.02" | "1535.97" | "1535.92" | "1535.87" | "1535.82" | "1535.77" | "1535.72" | "1535.67" | "1535.63" | "1535.58" | "1535.53" | "1535.48" | "1535.43" | "1535.38" | "1535.33" | "1535.28" | "1535.23" | "1535.18" | "1535.13" | "1535.08" | "1535.04" | "1534.99" | "1534.94" | "1534.89" | "1534.84" | "1534.79" | "1534.74" | "1534.69" | "1534.64" | "1534.59" | "1534.54" | "1534.50" | "1534.45" | "1534.40" | "1534.35" | "1534.30" | "1534.25" | "1534.20" | "1534.15" | "1534.10" | "1534.05" | "1534.00" | "1533.96" | "1533.91" | "1533.86" | "1533.81" | "1533.76" | "1533.71" | "1533.66" | "1533.61" | "1533.56" | "1533.51" | "1533.47" | "1533.42" | "1533.37" | "1533.32" | "1533.27" | "1533.22" | "1533.17" | "1533.12" | "1533.07" | "1533.02" | "1532.98" | "1532.93" | "1532.88" | "1532.83" | "1532.78" | "1532.73" | "1532.68" | "1532.63" | "1532.58" | "1532.53" | "1532.49" | "1532.44" | "1532.39" | "1532.34" | "1532.29" | "1532.24" | "1532.19" | "1532.14" | "1532.09" | "1532.04" | "1532.00" | "1531.95" | "1531.90" | "1531.85" | "1531.80" | "1531.75" | "1531.70" | "1531.65" | "1531.60" | "1531.56" | "1531.51" | "1531.46" | "1531.41" | "1531.36" | "1531.31" | "1531.26" | "1531.21" | "1531.16" | "1531.12" | "1531.07" | "1531.02" | "1530.97" | "1530.92" | "1530.87" | "1530.82" | "1530.77" | "1530.72" | "1530.68" | "1530.63" | "1530.58" | "1530.53" | "1530.48" | "1530.43" | "1530.38" | "1530.33" | "1530.29" | "1530.24" | "1530.19" | "1530.14" | "1530.09" | "1530.04" | "1529.99" | "1529.94" | "1529.89" | "1529.85" | "1529.80" | "1529.75" | "1529.70" | "1529.65" | "1529.60" | "1529.55" | "1529.50" | "1529.46" | "1529.41" | "1529.36" | "1529.31" | "1529.26" | "1529.21" | "1529.16" | "1529.11" | "1529.07" | "1529.02" | "1528.97" | "1528.92" | "1528.87" | "1528.82" | "1528.77" | "1528.38") ), "tx-power" arg /* Transmit laser output power */, "loopback" /* Put the optics in loopback mode */, "los-warning-threshold" arg /* LOS warning threshold */, "los-alarm-threshold" arg /* LOS alarm threshold */, "modulation-format" ( /* Type of Modulation Format */ ("16qam" | "8qam" | "qpsk") ), "laser-enable" /* Enable Laser */, "no-laser-enable" /* Don't enable Laser */, "is-ma" /* Link is enabled with alarms masked */, "no-is-ma" /* Don't link is enabled with alarms masked */, "encoding" ( /* Line encoding */ ("differential" | "non-differential") ), "fec" ( /* Forward Error Correction mode */ ("sdfec" | "sdfec25" | "hgfec" | "sdfec15") ), "high-polarization" /* High polarization tracking mode */, "signal-degrade" ( /* Signal degrade thresholds */ c( "interval" arg /* Time interval */, "ber-threshold-clear" arg /* Ber threshold for signal degrade clear (format: xe-n, example: 4.5e-3) */, "ber-threshold-signal-degrade" arg /* Ber threshold for signal-degrade (format: xe-n, example: 4.5e-3) */, "q-threshold-signal-degrade-clear" arg /* Q threshold for signal-degrade clear (e.g. 14.26) */, "q-threshold-signal-degrade" arg /* Q threshold for signal-degrade (e.g. 9.26) */ ) ), "alarm" enum(("low-light-alarm")) ( /* Set optic alarms */ c( c( "syslog", "link-down" ) ) ), "tca" ( /* Set tca for optic alarms */ c( "tx-power-high-tca" ( /* Tx power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute tx power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour tx power high TCA in dBm */ ) ), "tx-power-low-tca" ( /* Tx power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute tx power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour tx power low TCA in dBm */ ) ), "rx-power-high-tca" ( /* Rx power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute rx power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour rx power high TCA in dBm */ ) ), "rx-power-low-tca" ( /* Rx power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute rx power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour rx power low TCA in dBm */ ) ), "temperature-high-tca" ( /* Temperature high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute high temperature TCA in celsius */, "threshold-24hrs" arg /* Threshold for 24 hour high temperature TCA in celsius */ ) ), "temperature-low-tca" ( /* Temperature low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute low temperature TCA in celsius */, "threshold-24hrs" arg /* Threshold for 24 hour low temperature TCA in celsius */ ) ), "carrier-frequency-offset-high-tca" ( /* Carrier frequency offset high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency offset high TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency offset high TCA in MHz */ ) ), "carrier-frequency-offset-low-tca" ( /* Carrier frequency offset low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency offset low TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency offset low TCA in MHz */ ) ), "fec-ber" ( /* Optics Errored Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the Optics errored seconds threshold crossing alert */, "no-enable-tca" /* Don't enable the Optics errored seconds threshold crossing alert */, "threshold" arg /* TCA threshold for BER value in format: xe-n, x is an integer or decimal number, n = 0..9 */, "threshold-24hrs" arg /* TCA threshold for BER value in format: xe-n, x is an integer or decimal number, n = 0..9 */ ) ).as(:oneline), "tec-current-high-tca" ( /* TEC Current high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute TEC Current high TCA in mA */, "threshold-24hrs" arg /* Threshold for 24 hour TEC Current high TCA in mA */ ) ), "tec-current-low-tca" ( /* TEC Current low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute TEC Current low TCA in mA */, "threshold-24hrs" arg /* Threshold for 24 hour TEC Current low TCA in mA */ ) ), "residual-isi-high-tca" ( /* Residual ISI high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Residual ISI high TCA in ps/nm */, "threshold-24hrs" arg /* Threshold for 24 hour Residual ISI high TCA in ps/nm */ ) ), "residual-isi-low-tca" ( /* Residual ISI low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Residual ISI low TCA in ps/nm */, "threshold-24hrs" arg /* Threshold for 24 hour Residual ISI low TCA in ps/nm */ ) ), "pam-histogram-high-tca" ( /* PAM Histogram high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute PAM Histogram high TCA */, "threshold-24hrs" arg /* Threshold for 24 hour PAM Histogram high TCA */ ) ), "snr-low-tca" ( /* SNR low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute SNR low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour SNR low TCA in dBm */ ) ), "fec-corrected-errors-high-tca" ( /* FEC Corrected Error High Threshold crossing defect trigger */ c( "enable-tca" /* Enable the FEC Corrected Errors threshold crossing alert */, "no-enable-tca" /* Don't enable the FEC Corrected Errors threshold crossing alert */, "threshold" arg /* FEC Corrected-Errs value in format: xe-n, x is an integer or decimal number, n = 0..9 */, "threshold-24hrs" arg /* FEC Corrected-Errs value in format: xe-n, x is an integer or decimal number, n = 0..9 */ ) ), "fec-ucorrected-words-high-tca" ( /* FEC UCorrected Words High Threshold crossing defect trigger */ c( "enable-tca" /* Enable the FEC UCorrected Words threshold crossing alert */, "no-enable-tca" /* Don't enable the FEC UCorrected Words threshold crossing alert */, "threshold" arg /* FEC UCorrected-Words value in format: xe-n, x is an integer or decimal number, n = 0..9 */, "threshold-24hrs" arg /* FEC UCorrected-Words value in format: xe-n, x is an integer or decimal number, n = 0..9 */ ) ), "laser-frequency-error-high-tca" ( /* Laser frequency error high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency error high TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency error high TCA in MHz */ ) ), "laser-frequency-error-low-tca" ( /* Laser frequency error low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency error low TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency error low TCA in MHz */ ) ) ) ), "warning" enum(("low-light-warning")) ( /* Set optic warnings */ c( c( "syslog" /* Set action as syslog */, "link-down" /* Set action as link-down */ ) ) ), "low-power-mode" /* Force optics to low power mode */, "host-side-fec" ( /* Host side optics FEC ON/OFF */ ("off" | "on") ), "media-side-fec" ( /* Media side FEC ON/OFF */ ("off" | "on") ), c( "lane" arg ( /* Media lane number */ c( "tx-laser" ( /* Transmit Laser ON/OFF */ ("off" | "on") ), "rx-output" ( /* Receive output ON/OFF */ ("off" | "on") ), "tx-cdr" ( /* Transmit Clock and Data Recovery ON/OFF */ ("off" | "on") ), "rx-cdr" ( /* Receive Clock and Data Recovery ON/OFF */ ("off" | "on") ), "tx-input-equalization-adaptive" ( /* Transmit adaptive equalization ON/OFF */ ("off" | "on") ), "tx-input-equalization-manual" arg /* Transmit manual equalization for optics */, "rx-output-emphasis" arg /* Receive output emphasis for optics */, "rx-output-amplitude" ( /* Receive output amplitude setting */ ("400mV" | "600mV" | "800mV" | "1200mV") ), "tx-squelch" ( /* Transmit squelch ON/OFF */ ("off" | "on") ), "rx-squelch" ( /* Receive squelch ON/OFF */ ("off" | "on") ), "tx-rate-select" arg /* Transmit rate select for optics */, "rx-rate-select" arg /* Receive rate select for optics */ ) ), "lane-all" ( /* Apply settings to all lane */ c( "tx-laser" ( /* Transmit Laser ON/OFF */ ("off" | "on") ), "rx-output" ( /* Receive output ON/OFF */ ("off" | "on") ), "tx-cdr" ( /* Transmit Clock and Data Recovery ON/OFF */ ("off" | "on") ), "rx-cdr" ( /* Receive Clock and Data Recovery ON/OFF */ ("off" | "on") ), "tx-input-equalization-adaptive" ( /* Transmit adaptive equalization ON/OFF */ ("off" | "on") ), "tx-input-equalization-manual" arg /* Transmit manual equalization for optics */, "rx-output-emphasis" arg /* Receive output emphasis for optics */, "rx-output-amplitude" ( /* Receive output amplitude setting */ ("400mV" | "600mV" | "800mV" | "1200mV") ), "tx-squelch" ( /* Transmit squelch ON/OFF */ ("off" | "on") ), "rx-squelch" ( /* Receive squelch ON/OFF */ ("off" | "on") ), "tx-rate-select" arg /* Transmit rate select for optics */, "rx-rate-select" arg /* Receive rate select for optics */ ) ) ) ) ), "otn-options" ( /* Optical Transmission Network interface-specific options */ otn_options_type /* Optical Transmission Network interface-specific options */ ), "tdm-options" ( /* Time division multiplexing (TDM) interface-specific options */ tdm_options_type /* Time division multiplexing (TDM) interface-specific options */ ), "och-options" ( /* Optical channel configuration options */ och_attributes /* Optical channel configuration options */ ), "otu-options" ( /* Optical transmission unit configuration options */ otu_attributes /* Optical transmission unit configuration options */ ), "odu-options" ( /* Optical data unit configuration options */ odu_attributes /* Optical data unit configuration options */ ), "ett-options" ( /* Transport ethernet client configuration options */ ett_attributes /* Transport ethernet client configuration options */ ), "fastether-options" ( /* Fast Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "auto-negotiation" /* Enable auto-negotiation */, "no-auto-negotiation" /* Don't enable auto-negotiation */, "ingress-rate-limit" arg /* Ingress rate at port */, "source-address-filter" arg /* Source address filters */.as(:oneline), "redundant-parent" ( /* Parent of this interface */ c( interface_device /* Join a redundant ethernet interface */ ) ), "ieee-802.3ad" ( /* IEEE 802.3ad */ c( "lacp" ( /* Link Aggregation Control Protocol configuration */ c( "port-priority" arg /* Priority of the port (0 ... 65535) */ ) ), interface_device /* Join an aggregated Ethernet interface */, c( "primary" /* Primary interface for link-protection mode */, "backup" /* Backup interface for link-protection mode */ ) ) ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "ignore-l3-incompletes" /* Ignore L3 incomplete errors */ ) ), "redundant-ether-options" ( /* Ethernet redundancy options */ c( "redundancy-group" arg /* Redundancy group of this interface */, "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "source-address-filter" arg /* Source address filters */.as(:oneline), "mru" arg /* Maximum receive packet size */, "link-speed" ( /* Link speed of individual interface that joins the RETH */ ("10m" | "100m" | "1g" | "10g") ), "minimum-links" arg /* Minimum number of active links */, "lacp" ( /* Link Aggregation Control Protocol configuration */ c( c( "active" /* Initiate transmission of LACP packets */, "passive" /* Respond to LACP packets */ ), "periodic" ( /* Timer interval for periodic transmission of LACP packets */ ("fast" | "slow") ) ) ) ) ), "aggregated-ether-options" ( /* Aggregated Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "autostate-exclude" /* Interface will not contribute to IRB state */, "link-protection" ( /* Enable link protection mode */ c( "revertive" /* Revert back from active backup link to primary, if primary is UP */, "non-revertive" /* Do not revert back (default mode) from active backup link to primary, if primary is UP */, "backup-state" ( /* Link protection backup link state */ ("accept-data" | "discard-data" | "down") ), "rtg-config" ( /* RTG enable on AE */ c( "preempt-cutover-timer" arg /* RTG preempt-cutover-timer in seconds */ ) ) ) ), "fcoe-lag" /* Enable FIP/FCoE LAG */, "no-fcoe-lag" /* Don't enable FIP/FCoE LAG */, "source-address-filter" arg /* Source address filters */.as(:oneline), "configured-flow-control" ( /* Enable flow control */ c( "rx-buffers" ( /* Enable/Disable Rx buffers */ ("on" | "off") ), "tx-buffers" ( /* Enable/Disable Tx buffers */ ("on" | "off") ) ) ), "load-balance" ( aggregate_load_balance ), "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "neighbor" ( /* BFD neighbor address */ ipaddr /* BFD neighbor address */ ), "local-address" ( /* BFD local address */ ipaddr /* BFD local address */ ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */ ) ), "minimum-links" arg /* Minimum number of aggregated links */, "minimum-bandwidth" ( /* Minimum bandwidth configured for aggregated bundle */ c( "bw-value" arg /* Bandwidth value */, "bw-unit" ( /* Bandwidth unit */ ("bps" | "kbps" | "mbps" | "gbps") ) ) ), "targeted-options" ( /* Targeting specific options */ c( "type" ( /* Targeting type of AE bundle */ ("auto" | "manual") ), c( "logical-interface-fpc-redundancy" /* Enable FPC redundancy for logical interfaces */, "logical-interface-chassis-redundancy" /* Enable CHASSIS redundancy for logical interfaces */ ), "rebalance-periodic" ( c( "start-time" ( /* Start time of the rebalance operation ( Wall clock time ) */ date /* Start time of the rebalance operation ( Wall clock time ) */ ), "interval" arg /* Interval of the rebalance operation in hrs */ ) ), "rebalance-subscriber-granularity" arg /* Max subscriber aggregate weight */ ) ), c( "logical-interface-fpc-redundancy" /* Enable FPC redundancy for logical interfaces */, "logical-interface-chassis-redundancy" /* Enable CHASSIS redundancy for logical interfaces */ ), "rebalance-periodic" ( c( "start-time" ( /* Start time of the rebalance operation ( Wall clock time ) */ date /* Start time of the rebalance operation ( Wall clock time ) */ ), "interval" arg /* Interval of the rebalance operation in hrs */ ) ), "pad-to-minimum-frame-size" /* Pad Tx vlan tagged frame to minimum of 68 bytes */, "link-speed" ( /* Link speed of individual interface that joins the AE */ ("10m" | "100m" | "1g" | "2.5g" | "5g" | "8g" | "10g" | "25g" | "40g" | "50g" | "80g" | "100g" | "400g" | "oc192" | "mixed") ), "local-bias" ( /* Turn on local bias functionality */ c( "disable" /* Disable local-bias */ ) ), "local-minimum-links-threshold" arg /* Specify threshold for minimum links per VC/VCF member */, "resilient-hash" /* Turn on resilient-hash */, "dlb" ( /* Enable DLB on LAG */ c( c( "per-packet" /* Per-packet link assignment */, "assigned-flow" /* Fixed link assignment */, "flowlet" ( /* Inactivity-based link assignment */ c( "inactivity-interval" arg /* Minimum inactivity interval in micro-seconds for link re-assignment */ ) ) ) ) ), "lacp" ( /* Link Aggregation Control Protocol configuration */ c( c( "active" /* Initiate transmission of LACP packets */, "passive" /* Respond to LACP packets */ ), "periodic" ( /* Timer interval for periodic transmission of LACP packets */ ("fast" | "slow") ), "fast-failover" /* To turn off LACP fast-failover */, "link-protection" ( c( "disable" /* To turn off LACP link-protection */, c( "revertive" /* Switch links when better priority link comes up */, "non-revertive" /* Do not switch links when better priority link comes up */ ), "rtg-config" ( /* RTG Feature enable on AE */ c( "preempt-cutover-timer" arg /* RTG preempt-cutover-timer in seconds */ ) ) ) ), "accept-data" /* Keep receiving traffic even when LACP goes down */, "sync-reset" ( /* On minimum-link failure notify out of sync to peer */ ("disable" | "enable") ), "system-priority" arg /* Priority of the system (0 ... 65535) */, "system-id" ( /* Node's System ID, encoded as a MAC address */ mac_addr /* Node's System ID, encoded as a MAC address */ ), "admin-key" arg /* Node's administrative key */, "hold-time" ( /* Hold time for link up and link down for AE link members */ sc( "up" arg /* Link up hold time for the AE link members */ ) ).as(:oneline), "aggregate-wait-time" arg /* Aggregate wait time for the AE */, "force-up" /* Forceup AE interface with LACP */, "no-peer-loopback-validation" /* Skip MCLAG peer loop back validation for LACP PDUs on Forceup AE interface */ ) ), "link-protection-sub-group" arg ( /* Link Protection subgroup configuration */ c( c( "primary" /* Primary subgroup for N:N link-protection mode */, "backup" /* Backup subgroup for N:N link-protection mode */ ) ) ), "ethernet-switch-profile" ( /* Ethernet virtual LAN/media access control-level options */ c( "tag-protocol-id" arg /* IEEE 802.1q Tag Protocol Identifier values for VLAN-tagged frames */, "storm-control" ( /* Storm control profile name to bind */ c( arg /* Profile name */ ) ), "recovery-timeout" ( /* Recovery timeout for this interface */ sc( arg ) ).as(:oneline), "mac-learn-enable" /* Learn MAC addresses dynamically */ ) ), "mc-ae" ( /* Multi-chassis aggregation (MC-AE) network device configuration */ c( "mc-ae-id" arg /* MC-AE group id */, "redundancy-group" arg /* Redundancy group id */, "chassis-id" arg /* Chassis id of MC-AE network device */, "mode" ( /* Mode of the MC-AE */ ("active-standby" | "active-active") ), "status-control" ( /* Status of the MC-AE chassis */ ("active" | "standby") ), "switchover-mode" ( /* Switchover mode */ ("revertive" | "non-revertive") ), "revert-time" arg /* Wait interval before performing switchover */, "init-delay-time" arg /* Init delay timer for mcae sm for min traffic loss */, "recovery-delay-time" arg /* Delay timer for bringing up ICL, ICCP */, "enhanced-convergence" /* Optimized convergence time for mcae */, "events" ( /* MCAE related events */ c( "iccp-peer-down" ( /* Define behavior in the event of ICCP peer down */ c( "force-icl-down" /* Bring down ICL logical interface */, "prefer-status-control-active" /* Keep this node up (recommended only on status-control active) */ ) ) ) ) ) ), "share-standby" /* Share the resources with standby ports, needs FPC reboot to take effect */ ) ), "es-options" ( /* ES PIC interface-specific options */ c( "backup-interface" ( /* Name of backup interface */ interface_device /* Name of backup interface */ ) ) ), "dsl-options" ( /* DSL interface-specific options */ c( "operating-mode" ( /* DSL operating mode */ ("auto" | "ansi-dmt" | "itu-dmt" | "etsi" | "itu-annexb-ur2" | "itu-annexb-non-ur2" | "itu-dmt-bis" | "adsl2plus" | "annexm-itu-dmt-bis" | "annexm-adsl2plus") ) ) ), "vdsl-options" ( /* VDSL interface-specific options */ c( "vdsl-profile" ( /* VDSL profile */ ("auto" | "8a" | "8b" | "8c" | "8d" | "12a" | "12b" | "17a") ), "sra" ( /* DSL SRA */ ("enable" | "disable") ), "v43" ( /* DSL V43 tones */ ("enable" | "disable") ), "sos" /* Enable SOS */ ) ), "dsl-sfp-options" ( /* DSL SFP options */ c( "adsl-options" ( /* ADSL options */ c( "vpi" arg /* Virtual path identifier */, "vci" arg /* Virtual circuit identifier */, "encap" ( /* Encapsulation */ ("bypass" | "llcsnap-bridged-802dot1q" | "llcsnap-routed-ip" | "vc-mux-bridged" | "vc-mux-routed-ip" | "generic") ), "annex" ( /* Annex type */ ("auto" | "annexj-off") ) ) ), "vdsl-options" ( /* VDSL options */ c( "profile" ( /* VDSL profile */ ("auto" | "8a" | "8b" | "8c" | "8d" | "12a" | "12b" | "17a" | "30a") ), "carrier" ( /* Carrier setting */ ("auto" | "a43" | "b43") ) ) ), "gfast-options" ( /* G.fast options */ c( "carrier" ( /* Carrier setting */ ("a43" | "a43c" | "b43" | "b43c") ) ) ) ) ), "shdsl-options" ( /* SHDSL interface-specific options */ c( "annex" ( /* Type of SHDSL annex */ ("annex-a" | "annex-b" | "annex-f" | "annex-g" | "annex-auto") ), "line-rate" ( /* SHDSL line rate */ ("auto" | arg) ), "loopback" ( /* Loopback mode */ ("local" | "remote") ), "snr-margin" ( /* Signal to noise ratio margin */ c( "current" ( /* Current signal to noise ratio margin */ ("disable" | arg) ), "snext" ( /* SNEXT signal to noise ratio margin */ ("disable" | arg) ) ) ) ) ), "data-input" ( /* Configuration for drop-insert data input */ c( c( "system" /* Data sourced from system */, "interface" ( /* Interface that acts as data source */ interface_device /* Interface that acts as data source */ ) ) ) ), "switch-options" ( /* Front end ports configuration */ c( "switch-port" arg ( c( "auto-negotiation" /* Enable auto-negotiation */, "no-auto-negotiation" /* Don't enable auto-negotiation */, "link-mode" ( /* Link operational mode */ ("half-duplex" | "full-duplex") ), "speed" ( /* Link speed */ ("10m" | "100m" | "1g") ), "vlan-id" arg /* VLAN ID for this port */, "cascade-port" /* Port externally connected to another cascade port */ ) ) ) ), "container-options" ( /* Container interface specific options */ c( "container-type" ( /* Protocol type of the container interface */ c( c( "aps" ( /* APS options on the container */ aps_type /* APS options on the container */ ) ) ) ), "member-interface-type" ( /* Link type of members of container */ c( c( "sonet" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("oc3" | "oc12" | "oc48" | "oc192" | "oc768" | "mixed") ) ) ), "atm" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("oc3" | "oc12" | "oc48") ) ) ), "channelized-sonet" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("coc3" | "coc12" | "coc48" | "coc192" | "coc768") ) ) ), "channelized-sdh" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("cstm1" | "cstm4" | "cstm16" | "coc64" | "cstm256") ) ) ) ) ) ), "redundancy" ( /* Container interface redundancy options */ c( "hold-time" ( /* Hold time for link up and link down */ sc( "up" arg /* Link up hold time */, "down" arg /* Link down hold time */ ) ).as(:oneline) ) ), "container-list" ( /* List of container interfaces this member link is associated to */ interface_device /* List of container interfaces this member link is associated to */ ), c( "primary" /* This member link is primary interface of the container */, "standby" /* This member link is standby interface of the container */ ), "fast-aps" /* Fast APS switch */, "allow-configuration-override" /* Allow physical configuration of member link to override container configuration */ ) ), "layer2-policer" ( /* Layer2 policing for interface */ c( c( "input-policer" arg /* Two-color policer for received packets */, "input-hierarchical-policer" arg /* Hierarchical policer for received packets */ ) ) ), "unit" enum(("$junos-underlying-interface-unit" | "$junos-interface-unit" | arg)) ( /* Logical interface */ c( "policer-overhead" ( /* Policer overhead adjustment for this unit */ c( arg, "ingress" arg /* Ingress value in bytes */, "egress" arg /* Egress value in bytes */ ) ), "alias" arg /* Interface alias */, "enhanced-convergence" /* Optimize convergence time for L3 */, "proxy-macip-advertisement" /* Proxy advertisement of type 2 MAC+IP route for EVPN */, "virtual-gateway-accept-data" /* Accept packets destined for virtual gateway address */, "peer-psd" ( /* Peer psd */ sc( arg /* Peer psd name */ ) ).as(:oneline), "peer-interface" ( /* Peer interface */ c( interface_unit /* Peer interface name */ ) ), "interface-shared-with" ( /* Specify which PSD owns this logical interface */ c( arg /* Name of protected system domain (psd[1-31], ex. psd2) */ ) ), ("disable"), "passive-monitor-mode" /* Use interface to tap packets from another router */, "per-session-scheduler" /* Enable per-session queuing on an IQ2 interface */, "account-layer2-overhead" ( /* Account layer2 overhead in IFL byte statistics */ c( arg, "ingress" arg /* Layer2 overhead bytes to be accounted in ingress */, "egress" arg /* Layer2 overhead bytes to be accounted in egress */ ) ), "forwarding-class-accounting" ( /* Configure Forwarding-class-accounting parameters for IFL */ c( "direction" ( /* Direction of the traffic to be accounted for IFL */ ("ingress" | "egress" | "both") ), "enhanced" ( c( "traffic-type" ( /* Traffic-type to be accounted for forwarding-class-accounting for IFL */ ("unicast-statistics" | "multicast-statistics") ), "family" ( /* Protocol traffic to be accounted for forwarding-class-accounting for IFL */ ("inet" | "inet6" | "both") ), "direction" ( /* Direction of the traffic to be accounted for forwarding-class-accounting for IFL */ ("ingress" | "egress" | "both") ), "overhead-bytes" arg /* Per octet overhead bytes to be accounted for forwarding-class-accounting for IFL */ ) ) ) ), "clear-dont-fragment-bit" /* Clear DF bit in packet (AS PIC and J-series only as well as MIF) */, "packet-inject-enable" /* Enable packet inject functionality on this IFL */, "reassemble-packets" /* Do reassembly of fragmented tunnel packets */, "services-options" /* Services interface-specific options */, "rpm" ( /* Enable RPM service on this interface */ c( c( c( "client" /* Client mode */, "server" /* Server mode */, "client-delegate-probes" /* Client delegate probe mode */ ), "twamp-server" /* Set TWAMP server mode on this interface */, "twamp-client" /* Set TWAMP client mode on this interface */ ) ) ), "description" arg /* Text description of interface */, "metadata" arg /* Text metadata attached to interface */, "dial-options" ( /* Dial options */ c( c( "l2tp-interface-id" arg /* Identifier for group of PPP sessions */, "ipsec-interface-id" arg /* Identifier for group of dynamic peers */ ), c( "dedicated" /* Use this unit for only one PPP/IPSec session */, "shared" /* Share this unit for multiple PPP/IPSec sessions */ ) ) ), "actual-transit-statistics" /* Actual transit statistics */, "demux-source" ( enum(("inet" | "inet6")) ), "demux-destination" ( enum(("inet" | "inet6")) ), "demux" ( /* Demux based on source or destination address */ c( "inet" ( /* Family inet */ c( "address" ( /* Address type */ ("source" | "destination") ), "auto-configure" ( /* Auto configuration */ dynamic_ipv4_type /* Auto configuration */ ) ) ), "inet6" ( /* Family inet6 */ c( "address" ( /* Address type */ ("source" | "destination") ), "auto-configure" ( /* Auto configuration */ dynamic_ipv6_type /* Auto configuration */ ) ) ) ) ), "encapsulation" ( /* Logical link-layer encapsulation */ ("atm-nlpid" | "atm-cisco-nlpid" | "atm-snap" | "atm-vc-mux" | "atm-ccc-vc-mux" | "atm-tcc-vc-mux" | "atm-tcc-snap" | "atm-ccc-cell-relay" | "vlan-vci-ccc" | "ether-over-atm-llc" | "ether-vpls-over-atm-llc" | "ppp-over-ether-over-atm-llc" | "ppp-over-ether" | "atm-ppp-vc-mux" | "atm-ppp-llc" | "atm-mlppp-llc" | "frame-relay-ppp" | "frame-relay-ccc" | "frame-relay" | "frame-relay-tcc" | "frame-relay-ether-type" | "frame-relay-ether-type-tcc" | "ether-vpls-fr" | "vlan-ccc" | "ethernet-ccc" | "vlan-vpls" | "vlan-bridge" | "ethernet-tcc" | "dix" | "ethernet" | "ethernet-vpls" | "ethernet-bridge" | "vlan" | "vlan-tcc" | "multilink-ppp" | "multilink-frame-relay-end-to-end" | "ppp-ccc") ), "gre" /* Allow GRE packets */, "mtu" arg /* Maximum transmission unit packet size */, c( "point-to-point" /* Point-to-point connection */, "multipoint" /* Multipoint connection */ ), "bandwidth" arg /* Logical unit bandwidth (informational only) */, "global-layer2-domainid" arg /* Global Layer-2 Identifier for this interface */, "radio-router" ( /* Parameters for dynamic link cost management */ dynamic_ifbw_parms_type /* Parameters for dynamic link cost management */ ), "traps" /* Enable SNMP notifications on state changes */, "no-traps" /* Don't enable SNMP notifications on state changes */, "routing-services" /* Enable routing services */, "no-routing-services" /* Don't enable routing services */, "routing-service" ( /* Routing Services on this interface */ c( ("enable" | "disable") ) ), "arp-resp" ( /* Knob to control ARP response on the interface, default is restricted */ sc( c( "unrestricted" /* Enable unrestricted ARP respone on the interface */, "restricted" /* Enable restricted proxy ARP response on the interface */ ) ) ).as(:oneline), "proxy-arp" ( /* Enable proxy ARP on the interface, default is unrestricted */ sc( c( "unrestricted" /* Enable unrestricted proxy ARP on the interface */, "restricted" /* Enable restricted proxy ARP on the interface */ ) ) ).as(:oneline), c( "vlan-id" ( /* Virtual LAN identifier value for 802.1q VLAN tags */ ("none" | arg) ), "vlan-id-range" arg /* Virtual LAN identifier range of form vid1-vid2 */, "inner-vlan-id-swap-ranges" arg /* Inner vlan-id swap range(s) of form vid1-vid2 for dynamic L2 VLANs */, "vlan-id-list" arg /* List of VLAN identifiers */, "vlan-tag" arg /* IEEE 802.1q tag list for VLAN tagged frames */, "vlan-tags" ( /* IEEE 802.1q tags */ sc( "outer" ( /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */ ("$junos-stacked-vlan-id" | "$junos-vlan-id" | arg) ), c( "inner" ( /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */ ("$junos-vlan-id" | arg) ), "inner-range" arg /* [tpid.]vid1-vid2, tpid format is 0xNNNN and is optional */, "inner-list" arg /* List of VLAN identifiers */ ) ) ).as(:oneline) ), "deep-vlan-qualified-learning" arg /* Enable qualified MAC-address learning on the specified vlan tag */, "native-inner-vlan-id" arg /* Native virtual LAN identifier for singly tagged frames */, "inner-vlan-id-range" ( /* Inner vlan-id range start end */ sc( "start" arg /* Inner vlan-id range's start value */, "end" arg /* Inner vlan-id range's end value */ ) ).as(:oneline), "accept-source-mac" ( /* Remote media access control address to/from which to accept traffic */ c( "mac-address" ( /* Remote MAC address */ mac_list /* Remote MAC address */ ) ) ), "input-vlan-map" ( /* VLAN map operation on input */ vlan_map /* VLAN map operation on input */ ), "output-vlan-map" ( /* VLAN map operation on output */ vlan_map /* VLAN map operation on output */ ), "swap-by-poppush" /* Pop original vlan tag and then push a new vlan tag */, "receive-lsp" arg /* Name of incoming label-switched path */, "transmit-lsp" arg /* Name of outgoing label-switched path */, "dlci" arg /* Frame Relay data-link control identifier */, "multicast-dlci" arg /* Frame Relay data-link control identifier for multicast packets */, c( "vci" ( /* ATM point-to-point virtual circuit identifier ([vpi.]vci) */ atm_vci /* ATM point-to-point virtual circuit identifier ([vpi.]vci) */ ), "allow-any-vci" /* Allow all VCIs to open in atm-ccc-cell-relay mode */, "vpi" arg /* ATM point-to-point virtual path identifier (vpi) */, "trunk-id" arg /* ATM trunk identifier */ ), "no-vpivci-swapping" /* Do not swap VPI/VCI for Cell Relay */, c( "psn-vci" ( /* PSN VCI */ atm_vci /* PSN VCI */ ), "psn-vpi" arg /* PSN VPI */ ), "atm-l2circuit-mode" ( /* Select ATM Layer 2 circuit transport mode */ sc( c( "cell" /* ATM Layer 2 circuit cell mode */, "aal5" /* ATM Layer 2 circuit AAL5 mode */ ) ) ).as(:oneline), "vci-range" ( /* ATM VCI range start end */ sc( "start" arg /* ATM VCI range's start value */, "end" arg /* ATM VCI range's end value */ ) ).as(:oneline), "trunk-bandwidth" arg /* ATM trunk bandwidth */, "multicast-vci" ( /* ATM virtual circuit identifier for multicast packets */ atm_vci /* ATM virtual circuit identifier for multicast packets */ ), "shaping" ( /* Virtual circuit traffic-shaping options */ dcd_shaping_config /* Virtual circuit traffic-shaping options */ ), "oam-period" ( /* OAM cell period */ sc( c( arg, "disable" /* Disable F5 OAM loopback */.as(:oneline) ) ) ).as(:oneline), "oam-liveness" ( /* OAM virtual circuit liveness parameters */ c( "up-count" arg /* Number of OAM cells to consider VC up */, "down-count" arg /* Number of OAM cells to consider VC down */ ) ), "ppp-options" ( /* Point-to-Point Protocol interface-specific options */ ppp_options_type /* Point-to-Point Protocol interface-specific options */ ), "pppoe-options" ( /* PPP over Ethernet interface-specific options */ pppoe_options_type /* PPP over Ethernet interface-specific options */ ), "pppoe-underlying-options" ( /* PPP over Ethernet underlying interface-specific options */ pppoe_underlying_options_type /* PPP over Ethernet underlying interface-specific options */ ), "advisory-options" ( /* Interface-specific recommendations */ advisory_options_type /* Interface-specific recommendations */ ), "auto-configure" ( /* Auto configuration */ auto_configure_vlan_type /* Auto configuration */ ), "demux-options" ( /* IP demux interface-specific options */ demux_options_type /* IP demux interface-specific options */ ), "targeted-distribution" ( /* Interface participates in targeted-distribution */ c( "primary-list" arg /* Primary targeted distribution list */, "backup-list" arg /* Backup targeted distribution list */, "standby-list" arg /* Standby targeted distribution list */ ) ), "targeted-options" ( /* Targeting specific options */ c( "weight" ( /* Targeting weight for subscriber */ ("$junos-interface-target-weight" | arg) ), "primary" ( /* Primary link for the subscriber */ interface_device /* Primary link for the subscriber */ ), "backup" ( /* Backup link for the subscriber */ interface_device /* Backup link for the subscriber */ ), "group" arg /* Group name to which the subscriber is associated */ ) ), c( "keepalives" ( /* Send or demand keepalive messages */ keepalives_type /* Send or demand keepalive messages */ ).as(:oneline), "no-keepalives" /* Do not send or demand keepalive messages */ ), "inverse-arp" /* Enable inverse ARP */, "transmit-weight" arg /* ATM2 transmit weight for VC under VP tunnel */, "epd-threshold" ( /* Early packet discard threshold for ATM2 */ epd_threshold_config /* Early packet discard threshold for ATM2 */ ).as(:oneline), "cell-bundle-size" arg /* L2 circuit cell bundle size */, "cell-bundle-timeout" arg /* L2 circuit cell bundle timeout */, "plp-to-clp" /* Enable ATM2 PLP to CLP copy */, "atm-scheduler-map" arg /* Assign ATM2 CoS scheduling map */, "mrru" arg /* Maximum received reconstructed unit */, "short-sequence" /* Short sequence number header format (MLPPP only) */, "fragment-threshold" arg /* Fragmentation threshold */, "drop-timeout" arg /* Drop timeout */, "disable-mlppp-inner-ppp-pfc" /* Disable compression for inner PPP header in MLPPP payload */, "minimum-links" arg /* Minimum number of links to sustain the bundle */, "multilink-max-classes" arg /* Number of multilink classes */, "compression" ( /* Various packet header compressions */ c( "rtp" ( /* Compress and decompress RTP */ c( "f-max-period" arg /* Maximum number of compressed packets between transmission of full headers */, "queues" ( /* Queue holding RTP packets. Default is queue 1 */ ("q0" | "q1" | "q2" | "q3") ), "port" ( /* UDP destination ports reserved for RTP packets */ sc( "minimum" arg, "maximum" arg ) ).as(:oneline), "maximum-contexts" ( /* Maximum number of simultaneous RTP contexts */ sc( arg ) ).as(:oneline) ) ) ) ), "interleave-fragments" /* Interleave long packets with high priority ones */, "link-layer-overhead" ( /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ unsigned_float /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ ), "accounting-profile" arg /* Accounting profile name */, "peer-unit" arg /* Peer unit number */, "tunnel" ( /* Tunnel parameters */ c( "encapsulation" ( /* Encapsulation over tunnel */ c( "vxlan-gpe" ( c( "source" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ), "mac-address" ( /* Interface source mac address */ mac_addr /* Interface source mac address */ ), "interface" ( /* Name of the interface */ interface_name /* Name of the interface */ ) ) ), "destination" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ), "mac-address" ( /* Interface destination mac address */ mac_addr /* Interface destination mac address */ ) ) ), "tunnel-endpoint" ( /* Tunnel end point type */ ("vxlan") ), "destination-udp-port" arg /* Value to write to the destination-udp-port field */, "vni" arg /* Value to write to the vni field */ ) ), "udp" ( /* Family for tunnel encapsulation udp */ c( "source" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ), "interface" ( /* Name of the interface */ interface_name /* Name of the interface */ ) ) ), "destination" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ) ) ) ) ), "ipip" ( /* Family for tunnel encapsulation ipip */ c( "source" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ), "interface" ( /* Name of the interface */ interface_name /* Name of the interface */ ) ) ), "destination" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ) ) ) ) ) ) ), "source" ( /* Tunnel source */ ipaddr /* Tunnel source */ ), "destination" ( /* Tunnel destination */ ipaddr /* Tunnel destination */ ), "key" arg /* Tunnel key */, "backup-destination" ( /* Backup tunnel destination */ ipaddr /* Backup tunnel destination */ ), c( "allow-fragmentation" /* Do not set DF bit on packets */, "do-not-fragment" /* Set DF bit on packets */ ), "ttl" arg /* Time to live */, "traffic-class" arg /* TOS/Traffic class field of IP-header */, "flow-label" arg /* Flow label field of IP6-header */, "path-mtu-discovery" /* Enable path MTU discovery for tunnels */, "no-path-mtu-discovery" /* Don't enable path MTU discovery for tunnels */, "routing-instance" ( /* Routing instance to which tunnel ends belong */ c( "destination" arg /* Routing instance of tunnel destination */ ) ) ) ), "compression-device" ( /* Logical interface used for compression */ interface_unit /* Logical interface used for compression */ ), "atm-policer" ( /* ATM policing for logical interface */ c( "input-atm-policer" arg /* Input atm policer */ ) ), "layer2-policer" ( /* Layer2 policing for logical interface */ c( c( "input-policer" arg /* Two-color policer for received packets */, "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "input-three-color" arg /* Color-blind three-color policer for received packets */ ), c( "output-policer" ( /* Two-color policer for transmitted packets */ ("$junos-layer2-output-policer" | arg) ), "output-three-color" ( /* Three-color policer for transmitted packets */ ("$junos-layer2-output-policer" | arg) ) ) ) ), "filter" ( /* Filters to apply to all families configured under this logical interface */ c( c( "input" ( /* Name of filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline) ), c( "output" ( /* Name of filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline) ) ) ), "multi-chassis-protection" ( /* Inter-Chassis protection configuration */ multi_chassis_protection_group_ifl /* Inter-Chassis protection configuration */ ), "statistics" /* Enable statistics collection in PFE */, "esi" ( /* ESI configuration of logical interface */ c( "auto-derive" ( /* Auto-derive ESI value for the interface */ c( c( "lacp" /* Auto-derive ESI from lacp */ ) ) ), esi /* ESI value for the interface */, c( "single-active" /* Single-active mode */, "all-active" /* All-active mode */ ), "df-election-granularity" ( /* DF Election Granularity Selection */ c( c( "per-esi" ( /* DF Election Granularity Per Esi */ c( "lacp-oos-on-ndf" /* Lacp Oos */ ) ), "per-esi-vlan" /* Per Esi Vlan */ ) ) ), "df-election-type" ( /* DF Election Type */ c( c( "preference" ( /* Preference based DF election */ c( "value" arg /* Preference value for EVPN Multihoming DF election */ ) ) ), c( "mod" /* MOD based DF election */ ) ) ), "source-bmac" ( /* Unicast Source B-MAC address per ESI for PBB-EVPN */ mac_unicast /* Unicast Source B-MAC address per ESI for PBB-EVPN */ ) ) ), c( "no-auto-virtual-gateway-esi" /* Disable auto ESI generation for virtual gateway address */, "virtual-gateway-esi" ( /* ESI configuration of virtual gateway */ c( esi /* ESI value for the interface */, c( "single-active" /* Single-active mode */, "all-active" /* All-active mode */ ) ) ) ), "service" ( /* Service operations */ c( "pcef" arg ( /* PCEF configuration */ c( "activate-all" /* Activate all rules and rulebases in the pcef profile */, "activate" arg /* Name of pcef profile rule or rulebase to activate */ ) ) ) ), "generate-eui64" /* To generate Link Local EUI-64 addresses */, "no-generate-eui64" /* Don't to generate Link Local EUI-64 addresses */, "family" ( /* Protocol family */ c( "inet" ( /* IPv4 parameters */ c( "dhcp" ( /* Dynamic Host Configuration Protocol client configuration */ dhcp_client_type /* Dynamic Host Configuration Protocol client configuration */ ), "targeted-broadcast" ( /* Directed broadcast */ c( c( "forward-and-send-to-re" /* Allow packets to be forwarded and sent to re */, "forward-only" /* Allow packets only to be forwarded */ ) ) ), "destination-class-usage" /* Enable destination class usage on this interface */, "transit-options-packets" /* Transit IP options packets (don't send to Routing Engine) */, "transit-ttl-exceeded" /* Transit IP TTL-exceeded packets (don't send to Routing Engine) */, "receive-options-packets" /* Receive IP options packets (don't send to Routing Engine) */, "receive-ttl-exceeded" /* Receive IP TTL-exceeded packets (don't send to Routing Engine) */, "accounting" ( /* Configure interface-based accounting options */ c( "source-class-usage" ( /* Enable source class usage on this interface */ c( "input" /* Specify this interface for source-class-usage input */, "output" /* Specify this interface for source-class-usage output */ ) ), "destination-class-usage" /* Enable destination class usage on this interface */ ) ), "mac-validate" ( /* Validate source MAC address */ ("strict" | "loose") ), "rpf-check" ( /* Enable reverse-path-forwarding checks on this interface */ c( "fail-filter" arg /* Name of filter applied to packets failing RPF check */, "mode" ( /* Mode for reverse path forwarding */ sc( "loose" /* Reverse-path-forwarding loose mode */ ) ).as(:oneline) ) ), "mtu" arg /* Protocol family maximum transmission unit */, "arp-max-cache" arg /* Max interface ARP nexthop cache size */, "arp-new-hold-limit" arg /* Max no. of new unresolved nexthops */, "tcp-mss" arg /* Protocol family tcp maximum segment size */, "no-redirects" /* Do not redirect traffic */, "no-neighbor-learn" /* Disable neighbor address learning on interface */, "unconditional-src-learn" /* Glean from arp packets even when source cannot be validated */, "multicast-only" /* Allow only multicast traffic (tunnels only) */, "primary" /* Candidate for primary interface in system */, "ipsec-sa" arg /* Name of security association */, "allow-filter-on-re" /* Enable kernel filter on network ports */, "demux-source" ("$junos-subscriber-ip-address" | arg) /* Demux based on source prefix */, "demux-destination" ("$junos-subscriber-ip-address" | arg) /* Demux based on destination prefix */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, "output-chain" arg /* List of filter modules applied to transmitted packets */, c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "iq-policing-filter" ( /* Protocol family ingress-queuing-policing-filter */ sc( arg /* Name of the ingress-queuing-policing-filter */ ) ).as(:oneline), "simple-filter" ( /* Filter for doing multifield classification */ c( "input" arg /* Name of simple filter applied to received packets */ ) ), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "arp" arg /* Name of policer applied to received ARP packets */, "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ), "service" ( /* Service operations */ c( "input" ( /* Service sets to consider for received packets */ c( "service-set" arg ( /* Service set to consider for received packets */ c( "service-filter" arg /* Name of service filter */ ) ), "post-service-filter" arg /* Post-service filter to apply to received packets */ ) ), "output" ( /* Service sets to consider for transmitted packets */ c( "service-set" arg ( /* Service set to consider for transmitted packets */ c( "service-filter" arg /* Name of service filter */ ) ) ) ) ) ), "next-hop-tunnel" arg ( /* One or more next-hop tunnel tables */ c( "ipsec-vpn" arg /* Name of IPSec VPN */ ) ), "tunnel-termination" /* Tunnel termination */, "address" arg ( /* Interface address/destination prefix */ c( "destination" ( /* Destination address */ ipv4addr /* Destination address */ ), "destination-profile" arg /* Profile to use for destination address */, "broadcast" ( /* Broadcast address */ ipv4addr /* Broadcast address */ ), "primary" /* Candidate for primary address in system */, "preferred" /* Preferred address on interface */, "master-only" /* Master management IP address for router */, "multipoint-destination" arg ( /* Multipoint NBMA destination */ c( c( "dlci" arg /* Frame Relay data-link control identifier */, "vci" ( /* ATM virtual circuit identifier ([vpi.]vci) */ atm_vci /* ATM virtual circuit identifier ([vpi.]vci) */ ) ), "shaping" ( /* Virtual circuit traffic-shaping options */ dcd_shaping_config /* Virtual circuit traffic-shaping options */ ), "oam-period" ( /* OAM cell period */ sc( c( arg, "disable" /* Disable OAM loopback */.as(:oneline) ) ) ).as(:oneline), "oam-liveness" ( /* OAM virtual circuit liveness parameters */ c( "up-count" arg /* Number of OAM cells to consider VC up */, "down-count" arg /* Number of OAM cells to consider VC down */ ) ), "inverse-arp" /* Enable inverse ARP reply messages */, "transmit-weight" arg /* ATM2 transmit weight for VC under VP tunnel */, "epd-threshold" ( /* Early packet discard threshold for ATM2 */ epd_threshold_config /* Early packet discard threshold for ATM2 */ ).as(:oneline) ) ), "arp" arg ( /* Static Address Resolution Protocol entries */ sc( "l2-interface" ( /* Layer 2 interface name for ARP entry */ interface_name /* Layer 2 interface name for ARP entry */ ), c( "mac" ( /* MAC address */ mac_unicast /* MAC address */ ), "multicast-mac" ( /* Multicast MAC address */ mac_multicast /* Multicast MAC address */ ) ), "publish" /* Reply to ARP requests for this entry */ ) ).as(:oneline), "host-discovery" arg ( /* Discover servers IP based on subnet range */ sc( "aging-timer" arg /* ARP aging timer */, "discovery-interval" arg /* ARP proactive discovery time */ ) ).as(:oneline), "web-authentication" ( /* Parameters for web-based firewall-user authentication */ c( "http" /* Enable authentication via HTTP */, "https" /* Enable authentication via HTTPS */, "redirect-to-https" /* Web authentication redirect to HTTPS */ ) ), "vrrp-group" ( /* VRRP group */ vrrp_group /* VRRP group */ ), "virtual-gateway-address" ( /* Virtual Gateway IP address */ ipv4addr /* Virtual Gateway IP address */ ) ) ), "unnumbered-address" ( /* Unnumbered interface address/destination prefix */ sc( interface_unit /* Interface from which to take local address */, "preferred-source-address" ( /* Preferred address on the donor interface */ ("$junos-preferred-source-address" | arg) ), "destination" ( /* Destination address */ ipv4addr /* Destination address */ ), "destination-profile" arg /* Profile to use for destination address */ ) ).as(:oneline), "location-pool-address" ( /* Location-based IP address pool */ c( arg ) ), "negotiate-address" /* Negotiate address with remote */, "destination-udp-port" arg /* Choose destination UDP port number */ ) ), "iso" ( /* OSI ISO protocol parameters */ c( "address" arg /* Interface address */, "mtu" arg /* Protocol family maximum transmission unit */, "destination-udp-port" arg /* Choose destination UDP port number */ ) ), "inet6" ( /* IPv6 protocol parameters */ c( "dhcpv6-client" ( /* Dynamic Host Configuration Protocol DHCPv6 client configuration */ c( "client-type" ( /* DHCPv6 client type */ ("stateful" | "autoconfig") ), "client-ia-type" enum(("ia-na" | "ia-pd")) /* DHCPv6 client identity association type */, "rapid-commit" /* Option is used to signal the use of the two message exchange for address assignment */, "prefix-delegating" ( /* Prefix delegating parameters */ c( "preferred-prefix-length" arg /* Client preferred prefix length */, "sub-prefix-length" arg /* The sub prefix length for LAN interfaces */ ) ), "client-identifier" ( /* DHCP Server identifies a client by client-identifier value */ sc( "duid-type" ( /* DUID identifying a client */ ("duid-llt" | "vendor" | "duid-ll") ) ) ).as(:oneline), "vendor-id" arg /* Vendor class id for the dhcpv6 client */, "req-option" enum(("dns-server" | "domain" | "ntp-server" | "time-zone" | "sip-server" | "sip-domain" | "nis-server" | "nis-domain" | "fqdn" | "vendor-spec" | "zero-touch-redirect" | "bootfile-url" | "bootfile-param")) /* DHCPV6 client requested option configuration */, "options" ( /* DHCP options */ c( "number" arg ( /* DHCP option code */ sc( c( "hex-string" arg /* Hexadecimal string */ ) ) ).as(:oneline) ) ), "retransmission-attempt" arg /* Number of attempts to retransmit the DHCPV6 client protocol packet */, "no-dns-install" /* Not propagate DNS to kernel */, "update-router-advertisement" ( /* Dhcpv6 client update rpd for prefix delegation */ c( "interface" arg ( /* Interfaces on which to delegate prefix */ c( "managed-configuration" /* Set managed address configuration */, "no-managed-configuration" /* Don't set managed address configuration */, "other-stateful-configuration" /* Set other stateful configuration */, "no-other-stateful-configuration" /* Don't set other stateful configuration */, "max-advertisement-interval" arg /* Maximum advertisement interval */, "min-advertisement-interval" arg /* Minimum advertisement interval */, "enable-recursive-dns-server-option" /* Enables the recursive DNS server option */, "no-enable-recursive-dns-server-option" /* Don't enables the recursive DNS server option */ ) ) ) ), "update-server" /* Propagate TCP/IP settings to DHCP server */ ) ), "rpf-check" ( /* Enable reverse-path-forwarding checks on this interface */ c( "fail-filter" arg /* Name of filter applied to packets failing RPF check */, "mode" ( /* Mode for reverse path forwarding */ sc( "loose" /* Reverse-path-forwarding loose mode */ ) ).as(:oneline) ) ), "accounting" ( /* Interface-based accounting options */ c( "source-class-usage" ( c( "input" /* Interface for source-class-usage input */, "output" /* Interface for source-class-usage output */ ) ), "destination-class-usage" /* Enable destination class usage on this interface */ ) ), "mtu" arg /* Protocol family maximum transmission unit */, "tcp-mss" arg /* Protocol family tcp maximum segment size */, "nd6-stale-time" arg /* Stale time to reconfirm reachability with inet6 neighbour */, "no-neighbor-learn" /* Disable neighbor address learning on interface */, "slaac-enable" /* Enable slaac on management interface */, "ndp-proxy" ( /* Enable ndp proxy on interface */ c( "interface-restricted" /* Enable ndp interface proxy restricted to interface */ ) ), "dad-proxy" ( /* DAD proxy on interface */ c( "interface-restricted" /* Enable DAD interface proxy restricted to interface */ ) ), "nd6-max-cache" arg /* Max interface ND nexthop cache size */, "nd6-new-hold-limit" arg /* Max no. of new unresolved nexthops */, "no-redirects" /* Do not redirect traffic */, "allow-filter-on-re" /* Enable kernel filter on network ports */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, "output-chain" arg /* List of filter modules applied to transmitted packets */, "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ), "service" ( /* Service operations */ c( "input" ( /* Service sets to consider for received packets */ c( "service-set" arg ( /* Service set to consider for received packets */ c( "service-filter" arg /* Name of service filter */ ) ), "post-service-filter" arg /* Post-service filter to apply to received packets */ ) ), "output" ( /* Service sets to consider for transmitted packets */ c( "service-set" arg ( /* Service set to consider for transmitted packets */ c( "service-filter" arg /* Name of service filter */ ) ) ) ) ) ), "tunnel-termination" /* Tunnel termination */, "address" arg ( /* Interface address or destination prefix */ c( "destination" ( /* Destination address */ ipv6addr /* Destination address */ ), "eui-64" /* Generate EUI-64 interface ID */, "primary" /* Candidate for primary address in system */, "preferred" /* Preferred address on interface */, "master-only" /* Master management IP address for router */, "ndp" arg ( /* Static Neighbor Discovery Protocol entries */ sc( "l2-interface" ( /* Layer 2 interface name for NDP entry */ interface_name /* Layer 2 interface name for NDP entry */ ), c( "mac" ( /* MAC address */ mac_unicast /* MAC address */ ), "multicast-mac" ( /* Multicast MAC address */ mac_multicast /* Multicast MAC address */ ) ), "publish" /* Reply to NDP requests for this entry */ ) ).as(:oneline), "vrrp-inet6-group" ( /* VRRP group */ vrrp_group /* VRRP group */ ), "web-authentication" ( /* Parameters for web-based firewall-user authentication */ c( "http" /* Enable authentication via HTTP */, "https" /* Enable authentication via HTTPS */, "redirect-to-https" /* Web authentication redirect to HTTPS */ ) ), "virtual-gateway-address" ( /* Virtual Gateway IP address */ ipv6addr /* Virtual Gateway IP address */ ), "subnet-router-anycast" /* Create a subnet roter anycast address for this address. */ ) ), "demux-source" ("$junos-subscriber-ipv6-address" | arg | "$junos-subscriber-ipv6-multi-address") /* Demux based on source prefix */, "demux-destination" ("$junos-subscriber-ipv6-address" | arg) /* Demux based on destination prefix */, "unnumbered-address" ( /* Unnumbered interface address/destination prefix */ sc( interface_unit /* Interface from which to take local address */, "preferred-source-address" ( /* Preferred address on the donor interface */ ("$junos-preferred-source-ipv6-address" | arg) ) ) ).as(:oneline), "dad-disable" /* Disable duplicate-address-detection */, "no-dad-disable" /* Don't disable duplicate-address-detection */, "destination-udp-port" arg /* Choose destination UDP port number */ ) ), "mpls" ( /* MPLS protocol parameters */ c( "mtu" arg /* Protocol family maximum transmission unit */, "maximum-labels" arg /* Protocol family maximum number of labels */, "filter" ( /* Packet filtering */ c( c( "input" arg /* Name of filter applied to received packets */, "input-list" arg /* List of filter modules applied to received packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, c( "output" arg /* Name of filter applied to transmitted packets */, "output-list" arg /* List of filter modules applied to transmitted packets */ ), "output-chain" arg /* List of filter modules applied to transmitted packets */, "group" arg /* Interface group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "destination-udp-port" arg /* Choose destination UDP port number */ ) ), "mlppp" ( /* Multilink PPP protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ ("$junos-bundle-interface-name" | arg) ), c( "service-interface" ( /* Services interface to use */ interface_device /* Services interface to use */ ), "service-device-pool" arg /* Service interface pool name to use */ ), "dynamic-profile" arg /* dynamic profile for interface to use */ ) ), "mlfr-end-to-end" ( /* Multilink Frame Relay end-to-end protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ interface_unit /* Logical interface name this link will join */ ) ) ), "mlfr-uni-nni" ( /* Multilink Frame Relay UNI NNI protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ interface_unit /* Logical interface name this link will join */ ) ) ), "ccc" ( /* Circuit cross-connect parameters */ c( "mtu" arg /* Protocol family maximum transmission unit */, "filter" ( /* Packet filtering */ c( c( "input" arg /* Name of filter applied to received packets */, "input-list" arg /* List of filter modules applied to received packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, c( "output" arg /* Name of filter applied to transmitted packets */, "output-list" arg /* List of filter modules applied to transmitted packets */ ), "output-chain" arg /* List of filter modules applied to transmitted packets */, "group" arg /* Interface group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "translate-fecn-and-becn" /* Translate FECN and BECN bits */, c( "translate-discard-eligible" /* Translate DE bit */, "translate-plp-control-word-de" /* Translate PLP to/from Martini Control DE bit */ ), "keep-address-and-control" /* Don't strip PPP address and control bytes */ ) ), "tcc" ( /* Translational cross-connect parameters */ c( "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "proxy" ( c( "inet-address" ( /* Remote host address on non-Ethernet side of Ethernet TCC */ ipv4addr /* Remote host address on non-Ethernet side of Ethernet TCC */ ) ) ), "remote" ( c( "inet-address" ( /* Remote host address on Ethernet side of Ethernet TCC */ ipv4addr /* Remote host address on Ethernet side of Ethernet TCC */ ), "mac-address" ( /* Remote host MAC address on Ethernet side of Ethernet TCC */ mac_addr /* Remote host MAC address on Ethernet side of Ethernet TCC */ ) ) ), "protocols" ( /* Protocols supported on TCC interface */ ("mpls" | "inet" | "iso" | "inet6") ) ) ), "vpls" ( /* Virtual private LAN service parameters */ c( "core-facing" /* Interface is core facing */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, "output-chain" arg /* List of filter modules applied to transmitted packets */, c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "iq-policing-filter" ( /* Protocol family ingress-queuing-policing-filter */ sc( arg /* Name of the ingress-queuing-policing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ) ) ), "bridge" ( /* Layer-2 bridging parameters */ c( "core-facing" /* Interface is core facing */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, "output-chain" arg /* List of filter modules applied to transmitted packets */, c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "iq-policing-filter" ( /* Protocol family ingress-queuing-policing-filter */ sc( arg /* Name of the ingress-queuing-policing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "interface-mode" ( /* Interface mode (access or trunk) */ ("access" | "trunk") ), "vlan-auto-sense" /* Enable VLAN auto sense on this interface */, "bridge-domain-type" ( /* Bridge domain type (svlan or bvlan) */ ("svlan" | "bvlan") ), "inter-switch-link" /* PVLAN inter switch link */, c( "vlan-id" arg /* Access mode and trunk mode VLAN membership */, "vlan-id-list" arg /* Trunk mode VLAN membership for this interface */, "inner-vlan-id-list" arg /* Trunk mode VLAN membership for this interface based on inner VLAN tag */ ), "vlan-rewrite" ( /* Specify vlan translation */ c( "translate" arg ( /* Translate incoming VLAN tag */ sc( arg ) ).as(:oneline) ) ), c( "isid-list" ( /* Specify the ISID list */ ("all-service-groups" | "all") ) ), "storm-control" ( /* Storm control profile name to bind */ c( arg /* Profile name */ ) ), "recovery-timeout" ( /* Recovery timeout for this interface */ sc( arg ) ).as(:oneline), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ) ) ), "ethernet-switching" ( /* Ethernet switching parameters */ ethernet_switching_type /* Ethernet switching parameters */ ), "fibre-channel" ( /* Fibre channel switching parameters */ fibre_channel_type /* Fibre channel switching parameters */ ), "pppoe" ( /* PPP over Ethernet underlying interface-specific options */ pppoe_underlying_options_type /* PPP over Ethernet underlying interface-specific options */ ), "any" ( /* Parameters for 'any' family */ c( "filter" ( /* Layer 2 packet filtering */ c( "input" arg /* Name of filter applied to received packets */, "group" arg /* Group to which interface belongs */ ) ) ) ) ) ), "service-domain" ( /* Service domain to which interface belongs */ ("inside" | "outside") ), "copy-tos-to-outer-ip-header" /* Copy IP payload header's ToS field to GRE delivery header */, "copy-tos-to-outer-ip-header-transit" /* Copy IP ToS field to GRE header for transit packets */, "force-control-packets-on-transit-path" /* Force control packets to follow transit path */, "load-balancing-options" ( /* AMS subunit load balancing options */ c( "preferred-active" ( /* Preferred active Interface name */ interface_device /* Preferred active Interface name */ ), "disable-hash" /* Hash based distribution is not needed for this subunit */, "hash-keys" ( c( "ingress-key" ( /* Hash Key for the ingress direction */ enum(("source-ip" | "destination-ip" | "protocol" | "iif")) ), "egress-key" ( /* Hash Key for the egress direction */ enum(("source-ip" | "destination-ip" | "protocol" | "oif")) ), "ipv6-source-prefix-length" ( /* IPv6 source prefix length for hash computation */ ("56" | "64" | "96" | "128") ) ) ) ) ), "mac" ( /* Configure logical interface MAC address */ mac_unicast /* Configure logical interface MAC address */ ), "virtual-gateway-v4-mac" ( /* Configure virtual gateway IPV4 virtual MAC address */ mac_unicast /* Configure virtual gateway IPV4 virtual MAC address */ ), "virtual-gateway-v6-mac" ( /* Configure virtual gateway IPV6 virtual MAC address */ mac_unicast /* Configure virtual gateway IPV6 virtual MAC address */ ), "forwarding-options" ( /* Aggregated Ethernet interface forwarding-options */ c( "load-balance-stateful" ( /* Stateful load balancing */ c( "per-flow" /* Enable feature */, "rebalance" arg /* Rebalancing interval */, "load-type" ( /* Load - defines the flows */ ("high" | "medium" | "low") ) ) ) ) ), "etree-ac-role" ( /* ETREE attachment circuit role */ ("root" | "leaf") ) ) ), "no-partition" ( /* Use channelizable interface as clear channel */ sc( "interface-type" ( /* Interface type */ ("e1" | "t1" | "at" | "t3" | "e3" | "ct3" | "so" | "cau4") ) ) ).as(:oneline), "partition" arg ( /* Channelized interface partition */ sc( "oc-slice" arg /* Range of SONET/SDH slices (for example, 1, 7-9) */, "timeslots" arg /* Timeslots [(1..24) for T1, (1..31) for E1]; for example, 1-3,4,9,22-24 (no spaces) */, "interface-type" ( /* Sublevel interface type */ ("ds" | "e1" | "t1" | "at" | "ct1" | "ce1" | "t3" | "ct3" | "e3" | "so" | "coc1" | "cau4" | "dc" | "bc") ) ) ).as(:oneline), "radius-options" ( /* Interface RADIUS Options */ radius_options_vlan_type /* Interface RADIUS Options */ ) ) ), interfaces_type ) ), "logical-systems" arg ( /* Logical systems */ c( "interfaces" ( /* Interface configuration */ c( "pic-set" arg ( /* NP bundling configuration */ c( "interface" arg /* One or more interfaces that use this picset */, "fpc" arg ( c( "pic" arg /* Physical Interface Card number */ ) ) ) ), "interface-set" ("$junos-interface-set-name" | arg | "$junos-svlan-interface-set-name" | "$junos-tagged-vlan-interface-set-name" | "$junos-phy-ifd-interface-set-name" | "$junos-pon-id-interface-set-name") ( /* Logical interface set configuration */ c( "targeted-distribution" /* Interface participates in targeted-distribution */, "targeted-options" ( /* Targeting specific options */ c( "weight" ( /* Targeting weight for interface set */ ("$junos-interface-set-target-weight" | arg) ) ) ), "interface" arg ( /* One or more interfaces that belong to interface set */ c( "unit" arg /* One or more logical interface unit numbers */, "vlan-tags-outer" arg /* One or more outer VLAN tags */ ) ), "pppoe-underlying-options" ( /* PPP over Ethernet underlying interface-specific options */ pppoe_underlying_options_type /* PPP over Ethernet underlying interface-specific options */ ) ) ), "stacked-interface-set" ( /* Stacked interface set configuration */ c( "interface-set" ("$junos-aggregation-interface-set-name" | arg) ( /* Stacked parent interface set configuration */ c( "interface-set" ("$junos-interface-set-name" | arg | "$junos-svlan-interface-set-name" | "$junos-tagged-vlan-interface-set-name" | "$junos-phy-ifd-interface-set-name" | "$junos-pon-id-interface-set-name") /* Stacked child interface set configuration */ ) ) ) ), "traceoptions" ( /* Interface trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("all" | "kernel" | "change-events" | "kernel-detail" | "config-states" | "resource-usage" | "gres-events" | "select-events" | "bfd-events" | "lib-events" | "reserved" | "emergency" | "alert" | "critical" | "error" | "warning" | "notice" | "informational" | "debugging" | "verbose" | "japi")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "interface-range" arg ( /* Interface ranges configuration */ c( "member" arg /* Interfaces belonging to the interface range */, "member-range" arg ( /* Interfaces range in to format */ sc( "end-range" ( interface_device ) ) ).as(:oneline), "description" arg /* Text description of interface */, "external-model-name" arg /* Name for interface as configured using 3rd-party model */, "metadata" arg /* Text metadata attached to interface */, ("disable"), "promiscuous-mode" /* Enable promiscuous mode for L3 interface */, "port-mirror-instance" arg /* Port-mirror the packet to specified instance */, "multicast-statistics" /* Enable multicast statistics */, "oam-on-svlan" /* Propagate SVLAN OAM state to CVLANs */, "fabric-options" ( /* Fabric interface specific options */ c( "member-interfaces" arg /* Member interface for the fabric interface */, "remote-chassis" ( /* Remote chassis reachability */ c( "destination" ( /* Destination IP address to reach remote chassis */ ipv4addr /* Destination IP address to reach remote chassis */ ) ) ) ) ), "traceoptions" ( /* Interface trace options */ c( "flag" enum(("ipc" | "event" | "media" | "all")) /* Tracing parameters */.as(:oneline) ) ), "passive-monitor-mode" /* Use interface to tap packets from another router */, c( "keepalives" ( /* Send or demand keepalive messages */ keepalives_type /* Send or demand keepalive messages */ ).as(:oneline), "no-keepalives" /* Do not send keepalive messages */ ), "traps" /* Enable SNMP notifications on state changes */, "no-traps" /* Don't enable SNMP notifications on state changes */, "interface-mib" /* Enable interface-related MIBs */, "no-interface-mib" /* Don't enable interface-related MIBs */, "accounting-profile" arg /* Accounting profile name */, "anchor-point" ( /* Anchor point */ c( interface_device /* Interface name */ ) ), "bypass-queueing-chip" /* Enable to bypass queueing chip */, "no-bypass-queueing-chip" /* Don't enable to bypass queueing chip */, c( "per-unit-scheduler" /* Enable subunit queuing on Frame Relay or VLAN IQ interface */, "no-per-unit-scheduler" /* Don't enable subunit queuing on Frame Relay or VLAN IQ interface */, "shared-scheduler" /* Enabled shared queuing on an IQ2 interface */, "hierarchical-scheduler" ( /* Enable hierarchical scheduling */ sc( "maximum-hierarchy-levels" arg /* Maximum hierarchy levels */, "maximum-l2-nodes" arg /* Maximum l2 nodes, allowed numbers are power of 2 between 1 and 16k (needs FPC reboot) */, "maximum-l3-nodes" arg /* Maximum l3 nodes, allowed numbers are power of 2 between 2 and 32k (needs FPC reboot) */, "implicit-hierarchy" /* Implicit hierarchy (follows interface hierarchy) */ ) ).as(:oneline) ), "l2tp-maximum-session" arg /* Maximum L2TP session */, "schedulers" arg /* Number of schedulers to allocate for interface */, "interface-transmit-statistics" /* Interface statistics based on the transmitted packets */, "cascade-port" /* Cascade port */, "dce" /* Respond to Frame Relay status enquiry messages */, c( "vlan-tagging" /* 802.1q VLAN tagging support */, "stacked-vlan-tagging" /* Stacked 802.1q VLAN tagging support */, "flexible-vlan-tagging" /* Support for no tagging, or single and double 802.1q VLAN tagging */, "vlan-vci-tagging" /* CCC for VLAN Q-in-Q and ATM VPI/VCI interworking */ ), "native-vlan-id" arg /* Virtual LAN identifier for untagged frames */, "no-native-vlan-insert" /* Disable native-vlan-id insertion to untagged frames */, "vlan-offload" /* Offload VLAN filtering to NIC HW */, "input-native-vlan-push" ( /* Control native-vlan-id insertion to untagged frames when input-vlan-map push is configured */ ("disable" | "enable") ), "no-pseudowire-down-on-core-isolation" /* Do not bring the pseudowire down in the event of EVPN Core isolation */, "number-of-sub-ports" arg /* Number of channels to create for a port */, "unused" /* Disable physical port */, "speed" ( /* Link speed */ ("auto" | "auto-10m-100m" | "10m" | "100m" | "1g" | "2.5g" | "5g" | "10g" | "25g" | "40g" | "50g" | "100g" | "200g" | "400g" | "oc3" | "oc12" | "oc48") ), "forwarding-class-accounting" ( /* Configure Forwarding-class-accounting parameters */ c( "direction" ( /* Direction of the traffic to be accounted for IFD */ ("ingress" | "egress" | "both") ), "enhanced" ( c( "traffic-type" ( /* Traffic-type to be accounted for forwarding-class-accounting */ ("unicast-statistics" | "multicast-statistics") ), "family" ( /* Protocol traffic to be accounted for forwarding-class-accounting */ ("inet" | "inet6" | "both") ), "direction" ( /* Direction of the traffic to be accounted for forwarding-class-accounting */ ("ingress" | "egress" | "both") ), "overhead-bytes" arg /* Per octet overhead bytes to be accounted for forwarding-class-accounting */ ) ) ) ), "auto-configure" ( /* Auto configuration */ auto_configure_vlan_type /* Auto configuration */ ), "mtu" arg /* Maximum transmit packet size */, "hold-time" ( /* Hold time for link up and link down */ sc( "up" arg /* Link up hold time */, "down" arg /* Link down hold time */ ) ).as(:oneline), "damping" ( /* Interface damping parameters */ c( "half-life" arg /* Damping half life time */, "max-suppress" arg /* Maximum suppress time */, "reuse" arg /* Reuse threshold */, "suppress" arg /* Suppress threshold */, "enable" /* Enable interface damping */ ) ), "link-degrade-monitor" ( /* Enable link degrade monitoring */ c( c( "link-degrade-monitor-enable" /* Enable Link Degrade Monitoring */, "no-link-degrade-monitor-enable" /* Disable Link Degrade Monitoring */ ), "actions" ( /* Action upon link degrade event */ c( c( "media-based" /* Media based */ ) ) ), "recovery" ( /* Link degrade recovery mechanism */ c( "timer" arg /* Auto recovery timer in seconds */, c( "auto" /* Automatic recovery */, "manual" /* Manual recovery */ ) ) ), "thresholds" ( /* Link degrade threshold parameters */ c( "set" arg /* BER at which link considered degraded(1..16) */, "clear" arg /* BER at which link considered improved(1..16) */, "warning-set" arg /* BER at which link degrade warning raised(1..16) */, "warning-clear" arg /* BER at which link degrade warning cleared(1..16) */, "interval" arg /* Consecutive link degrade events */ ) ) ) ), "satop-options" ( /* Structure-Agnostic TDM over Packet protocol options */ c( "idle-pattern" arg /* An 8-bit hexadecimal pattern to replace TDM data in a lost packet */, "payload-size" arg /* Number of payload bytes per packet */, "excessive-packet-loss-rate" ( /* Packet loss options */ c( "threshold" arg /* Percentile designating the threshold of excessive packet loss rate */, "sample-period" arg /* Number of milliseconds over which excessive packet loss rate is calculated */ ) ), c( "jitter-buffer-packets" arg /* Number of packets in jitter buffer before packet data is played out in the line */, "jitter-buffer-latency" arg /* Number of milliseconds delay in jitter buffer before packet data is played out in the line */, "jitter-buffer-auto-adjust" /* Automatically adjust jitter buffer */ ), "bit-rate" arg /* In multiples of DS0 */ ) ), "cesopsn-options" ( /* Structure-Aware TDM over Packet protocol options */ c( "idle-pattern" arg /* An 8-bit hexadecimal pattern to replace TDM data in a lost packet */, "packetization-latency" arg /* Number of microseconds to create packets */, "payload-size" arg /* Number of payload bytes per packet */, "excessive-packet-loss-rate" ( /* Packet loss options */ c( "threshold" arg /* Percentile designating the threshold of excessive packet loss rate */, "sample-period" arg /* Number of milliseconds over which excessive packet loss rate is calculated */ ) ), c( "jitter-buffer-packets" arg /* Number of packets in jitter buffer before packet data is played out in the line */, "jitter-buffer-latency" arg /* Number of milliseconds delay in jitter buffer before packet data is played out in the line */, "jitter-buffer-auto-adjust" /* Automatically adjust jitter buffer */ ), "bit-rate" arg /* In multiples of DS0 */ ) ), "ima-group-options" ( /* IMA group options */ c( "frame-length" ( /* Frame length (cells) */ ("32" | "64" | "128" | "256") ), "symmetry" ( /* Symmetry of IMA group */ ("symmetrical-config-and-operation" | "symmetrical-config-asymmetrical-operation") ), "transmit-clock" ( /* Transmit clock */ ("common" | "independent") ), "version" ( /* IMA specification version */ ("1.0" | "1.1") ), "minimum-links" ( /* IMA group minimum active links */ c( c( arg ) ) ), "frame-synchronization" ( /* IMA group frame synchronization state parameters */ c( "alpha" arg /* Consecutive invalid ICP cells */, "beta" arg /* Consecutive errored ICP cells */, "gamma" arg /* Consecutive valid ICP cells */ ) ), "test-procedure" ( /* IMA group test pattern procedure */ c( "period" arg /* Length of IMA pattern test */, "interface" ( /* Interface name of the IMA link to test */ interface_device /* Interface name of the IMA link to test */ ), "pattern" arg /* IMA test pattern */ ) ), "differential-delay" arg /* Maximum differential delay among links in the IMA group */ ) ), "ima-link-options" ( /* IMA link options */ c( "group-id" arg /* IMA group ID this IMA link belongs to */ ) ), "multi-chassis-protection" ( /* Inter-Chassis protection configuration */ multi_chassis_protection_group /* Inter-Chassis protection configuration */ ), "clocking" ( /* Interface clock source */ sc( c( "internal" /* Clocking provided by local system */, "external" /* Clocking provided by DCE (loop timing) */ ) ) ).as(:oneline), "link-mode" ( /* Link operational mode */ ("automatic" | "half-duplex" | "full-duplex") ), "media-type" ( /* Interface media type (copper or fiber) */ ("copper" | "fiber") ), "encapsulation" ( /* Physical link-layer encapsulation */ ("ethernet" | "fddi" | "token-ring" | "ppp" | "ppp-ccc" | "ppp-tcc" | "ether-vpls-ppp" | "frame-relay" | "frame-relay-ccc" | "frame-relay-tcc" | "extended-frame-relay-ccc" | "extended-frame-relay-tcc" | "flexible-frame-relay" | "frame-relay-port-ccc" | "frame-relay-ether-type" | "frame-relay-ether-type-tcc" | "extended-frame-relay-ether-type-tcc" | "cisco-hdlc" | "cisco-hdlc-ccc" | "cisco-hdlc-tcc" | "vlan-ccc" | "extended-vlan-ccc" | "ethernet-ccc" | "flexible-ethernet-services" | "smds-dxi" | "atm-pvc" | "atm-ccc-cell-relay" | "ethernet-over-atm" | "ethernet-tcc" | "extended-vlan-tcc" | "multilink-frame-relay-uni-nni" | "satop" | "cesopsn" | "ima" | "ethernet-vpls" | "ethernet-bridge" | "vlan-vpls" | "vlan-vci-ccc" | "extended-vlan-vpls" | "extended-vlan-bridge" | "multilink-ppp" | "generic-services") ), "esi" ( /* ESI configuration of multi-homed interface */ c( "auto-derive" ( /* Auto-derive ESI value for the interface */ c( c( "lacp" /* Auto-derive ESI from lacp */ ) ) ), esi /* ESI value for the interface */, c( "single-active" /* Single-active mode */, "all-active" /* All-active mode */ ), "df-election-granularity" ( /* DF Election Granularity Selection */ c( c( "per-esi" ( /* DF Election Granularity Per Esi */ c( "lacp-oos-on-ndf" /* Lacp Oos */ ) ), "per-esi-vlan" /* Per Esi Vlan */ ) ) ), "df-election-type" ( /* DF Election Type */ c( c( "preference" ( /* Preference based DF election */ c( "value" arg /* Preference value for EVPN Multihoming DF election */ ) ) ), c( "mod" /* MOD based DF election */ ) ) ), "source-bmac" ( /* Unicast Source B-MAC address per ESI for PBB-EVPN */ mac_unicast /* Unicast Source B-MAC address per ESI for PBB-EVPN */ ) ) ), "framing" ( /* Frame type */ c( c( "lan-phy" /* 802.3ae 10-Gbps LAN-mode interface */, "wan-phy" /* 802.3ae 10-Gbps WAN-mode interface */, "sonet" /* SONET framing */, "sdh" /* SDH framing */ ), "precise-bandwidth" /* Use precise bandwidth for 10G wan-phy interface */ ) ), "unidirectional" /* Unidirectional Mode */, "lmi" ( /* Local Management Interface settings */ c( "n391dte" arg /* DTE full status polling interval */, "n392dce" arg /* DCE error threshold */, "n392dte" arg /* DTE error threshold */, "n393dce" arg /* DCE monitored event count */, "n393dte" arg /* DTE monitored event count */, "t391dte" arg /* DTE polling timer */, "t392dce" arg /* DCE polling verification timer */, "lmi-type" ( /* Specify the Frame Relay LMI type */ ("ansi" | "itu" | "c-lmi") ) ) ), "mlfr-uni-nni-bundle-options" ( /* Multilink Frame Relay UNI NNI (FRF.16) management settings */ c( "cisco-interoperability" ( /* FRF.16 Cisco interoperability settings */ c( "send-lip-remove-link-for-link-reject" /* Send Link Integrity Protocol remove link on receiving add-link rejection */ ) ), "mrru" arg /* Maximum received reconstructed unit */, "yellow-differential-delay" arg /* Yellow differential delay among bundle links to give warning */, "red-differential-delay" arg /* Red differential delay among bundle links to take action */, "action-red-differential-delay" ( /* Type of actions when differential delay exceeds red limit */ ("remove-link" | "disable-tx") ), "fragment-threshold" arg /* Fragmentation threshold */, "drop-timeout" arg /* Drop timeout */, "link-layer-overhead" ( /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ unsigned_float /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ ), "lmi-type" ( /* Specify the multilink Frame Relay UNI NNI LMI type */ ("ansi" | "itu" | "c-lmi") ), "minimum-links" arg /* Minimum number of links to sustain the bundle */, "hello-timer" arg /* LIP hello timer */, "acknowledge-timer" arg /* LIP ack timer */, "acknowledge-retries" arg /* LIP ack retry times */, "n391" arg /* Multilink Frame Relay UNI NNI full status polling counter */, "n392" arg /* Multilink Frame Relay UNI NNI LMI error threshold */, "n393" arg /* Multilink Frame Relay UNI NNI LMI monitored event count */, "t391" arg /* Multilink Frame Relay UNI NNI link integrity verify polling timer */, "t392" arg /* Multilink Frame Relay UNI NNI polling verification timer */ ) ), "mac" ( /* Hardware MAC address */ mac_unicast /* Hardware MAC address */ ), "receive-bucket" ( /* Set receive bucket parameters */ dcd_rx_bucket_config /* Set receive bucket parameters */ ), "transmit-bucket" ( /* Set transmit bucket parameters */ dcd_tx_bucket_config /* Set transmit bucket parameters */ ), "shared-interface" /* Enable shared interface on the interface */, "sonet-options" ( /* SONET interface-specific options */ sonet_options_type /* SONET interface-specific options */ ), "logical-tunnel-options" ( /* Logical Tunnel interface-specific options */ c( "link-protection" ( /* Enable link protection mode */ c( "revertive" /* Revert back (Default mode) from active backup link to primary, if primary is UP */, "non-revertive" /* Do not revert back from active backup link to primary, if primary is UP */ ) ), "per-unit-mac-disable" /* Disable the creation of per unit mac address on LT IFLs for VPLS/CCC encaps */, "load-balance" ( aggregate_load_balance ) ) ), "aggregated-sonet-options" ( /* Aggregated SONET interface-specific options */ c( "minimum-links" arg /* Minimum number of aggregated links */, "link-speed" ( /* Aggregated links speed */ ("oc3" | "oc12" | "oc48" | "oc192" | "oc768" | "mixed") ), "minimum-bandwidth" arg /* Minimum bandwidth necessary to sustain bundle */ ) ), "atm-options" ( /* ATM interface-specific options */ c( "pic-type" ( /* Type of ATM PIC (ATM I, ATM II or ATM CE) */ ("atm-ce" | "atm2" | "atm1") ), "cell-bundle-size" arg /* L2 circuit cell bundle size */, "cell-bundle-timeout" arg /* L2 circuit cell bundle timeout */, "plp-to-clp" /* Enable ATM2 PLP to CLP copy */, "use-null-cw" /* Always insert/strip null control words with cell-relay */, "promiscuous-mode" ( /* Set ATM interface to promiscuous mode */ c( "vpi" arg /* Open this VPI in promiscuous mode */.as(:oneline) ) ), "vpi" arg ( /* Define a virtual path */ c( "maximum-vcs" arg /* Maximum number of virtual circuits on this VP */, "shaping" ( /* Virtual path traffic-shaping options */ dcd_shaping_config /* Virtual path traffic-shaping options */ ), "oam-period" ( /* F4 OAM cell period */ sc( c( arg, "disable" /* Disable F4 OAM loopback */.as(:oneline) ) ) ).as(:oneline), "oam-liveness" ( /* F4 OAM virtual path liveness parameters */ c( "up-count" arg /* Number of F4 OAM cells to consider VP up */, "down-count" arg /* Number of F4 OAM cells to consider VP down */ ) ) ) ), "ilmi" /* Enable Interim Local Management Interface */, "linear-red-profiles" arg ( /* ATM2 CoS virtual circuit drop profiles */ sc( "queue-depth" arg /* Maximum queue depth */, "high-plp-threshold" arg /* Fill level percentage when linear RED is applied for high PLP */, "low-plp-threshold" arg /* Fill level percentage when linear RED is applied for low PLP */, "high-plp-max-threshold" arg /* Fill level percentage with 100 percent packet drop for high PLP */, "low-plp-max-threshold" arg /* Fill level percentage with 100 percent packet drop for low PLP */ ) ).as(:oneline), "scheduler-maps" arg ( /* ATM2 CoS parameters assigned to forwarding classes */ c( "vc-cos-mode" ( /* ATM2 virtual circuit CoS mode */ ("strict" | "alternate") ), "forwarding-class" arg ( /* Scheduling parameters associated with forwarding class */ c( "priority" ( /* Queuing priority assigned to forwarding class */ ("low" | "high") ), "transmit-weight" ( /* Transmit weight */ sc( c( "percent" arg /* Transmit weight as percentage */, "cells" arg /* Transmit weight by cells count */ ) ) ).as(:oneline), c( "epd-threshold" ( /* Early packet discard threshold for ATM2 */ epd_threshold_config /* Early packet discard threshold for ATM2 */ ).as(:oneline), "linear-red-profile" arg /* Linear RED profile profile name */ ) ) ) ) ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "payload-scrambler" /* Enable payload scrambling */, "no-payload-scrambler" /* Don't enable payload scrambling */ ) ), "multiservice-options" ( /* Multiservice interface-specific options */ c( "syslog" /* Enable system logging on this interface */, "no-syslog" /* Don't enable system logging on this interface */, "core-dump" /* Enable core dumping on this interface */, "no-core-dump" /* Don't enable core dumping on this interface */, "dump-on-flow-control" /* Enable dumping for this interface on prolonged flow-control */, "no-dump-on-flow-control" /* Don't enable dumping for this interface on prolonged flow-control */, "reset-on-flow-control" /* Enable resetting this interface on prolonged flow-control */, "no-reset-on-flow-control" /* Don't enable resetting this interface on prolonged flow-control */, "flow-control-options" ( /* Flow control configuration */ c( "dump-on-flow-control" /* Cause core dump during prolonged flow-control */, "reset-on-flow-control" /* Reset interface during prolonged flow-control */, "down-on-flow-control" /* Bring interface down during prolonged flow-control */, "up-on-flow-control" /* Keep interface up during prolonged flow-control */ ) ) ) ), "ggsn-options" ( /* GGSN interface-specific options */ c( "syslog" /* Enable system logging on this interface */, "no-syslog" /* Don't enable system logging on this interface */, "core-dump" /* Enable core dumping on this interface */, "no-core-dump" /* Don't enable core dumping on this interface */ ) ), "ppp-options" ( /* Point-to-Point Protocol (PPP) interface-specific options */ ppp_options_type /* Point-to-Point Protocol (PPP) interface-specific options */ ), "redundancy-options" ( /* Redundancy options */ c( "primary" ( /* Specify the primary interface */ interface_device /* Specify the primary interface */ ), "secondary" ( /* Specify the secondary interface */ interface_device /* Specify the secondary interface */ ), "redundancy-peer" ( /* Specify information for peer */ c( "ipaddress" ( /* Specify the IP address */ ipv4addr /* Specify the IP address */ ) ) ), "redundancy-local" ( /* Specify information for the local peer */ c( "data-address" ( /* Specify the HA local data IP address */ ipv4addr /* Specify the HA local data IP address */ ) ) ), "routing-instance" arg /* Specify routing-instance for the HA traffic */, "replication-threshold" arg /* Duration for which flow should remain active for replication */, "replication-options" ( /* Specify state replication attributes */ c( "mtu" arg /* Specify the maximal packet size for replicated data */ ) ), "replicate-services" ( /* Replicate services state from active to backup */ c( "pgcp" /* Replicate the PGCP service state */ ) ) ) ), "load-balancing-options" ( /* Load-balancing on services pics */ c( "member-interface" arg, "member-failure-options" ( /* Load balancing member failure handling options */ c( c( "redistribute-all-traffic" ( /* On a member failure, redistribute traffic to ams */ c( "enable-rejoin" /* Failed member can rejoin after recovery */ ) ), "drop-member-traffic" ( /* On a member failure, drop its traffic */ c( "rejoin-timeout" arg /* Wait time(in seconds) for failed member to rejoin */, "enable-rejoin" /* Failed member can join after recovery */ ) ) ) ) ), "no-bundle-flap" /* No bundle flap on member addition - recommended only with IPSec services */, "high-availability-options" ( /* High Availability options for Load-balancing */ c( c( "many-to-one" ( /* N:1 High Availability model */ c( "preferred-backup" ( /* Preferred backup Interface name */ interface_device /* Preferred backup Interface name */ ) ) ), "one-to-one" ( /* 1:1 High Availability model */ c( "preferred-backup" ( /* Preferred backup Interface name */ interface_device /* Preferred backup Interface name */ ) ) ) ) ) ) ) ), "aggregated-inline-services-options" ( /* Aggregated Inline Service interface specific options */ c( "primary-interface" ( /* Specify the primary interface */ interface_device /* Specify the primary interface */ ), "secondary-interface" ( /* Specify the secondary interface */ interface_device /* Specify the secondary interface */ ) ) ), "anchoring-options" ( /* Groups anchoring PFEs or FPCs together. */ c( "apfe-group-set" arg /* Ties up different anchoring groups to share similar fate */, "primary-list" arg /* Primary anchoring PFE name. */, "secondary" ( /* Secondary anchoring PFE name. */ c( arg /* Anchoring PFE name. */ ) ), c( "warm-standby" /* Delayed failover to secondary when primary fails */ ) ) ), "lsq-failure-options" ( /* Link services queuing failure options */ c( "trigger-link-failure" arg /* Link on which to trigger failure */, "no-termination-request" /* Do not send PPP termination requests */, "no-no-termination-request" /* Don't do not send PPP termination requests */ ) ), "redundancy-group" ( /* Redundancy group configuration */ c( "member-interface" arg ( /* Member interface for the redundancy group */ c( c( "active" /* Active interface */, "backup" /* Backup interface */ ) ) ), "maximum-links" arg ) ), "services-options" ( /* Services interface-specific options */ c( "syslog" ( /* Define system log parameters */ log_object /* Define system log parameters */ ), "jflow-log" ( /* Define Jflow-log parameters. */ c( "message-rate-limit" arg /* Maximum jflow-log NAT error events allowed per second from this interface */ ) ), "deterministic-nat-configuration-log-interval" ( /* Define Deterministic NAT parameters */ c( "interval" arg /* Interval in which deterministic NAT logs are generated */ ) ), "open-timeout" arg /* Timeout period for TCP session establishment */, "close-timeout" arg /* Timeout period for TCP session tear-down */, "inactivity-timeout" arg /* Inactivity timeout period for established sessions (4..86400) */, "inactivity-tcp-timeout" arg /* Inactivity timeout period for TCP established sessions */, "inactivity-asymm-tcp-timeout" arg /* Inactivity timeout period for asymmetric TCP established sessions */, "inactivity-non-tcp-timeout" arg /* Inactivity timeout period for non-TCP established sessions */, "session-timeout" arg /* Session timeout period for established sessions */, "disable-global-timeout-override" /* Disallow overriding global inactivity or session timeout */, "tcp-tickles" arg /* Number of TCP keep-alive packets to be sent for bi-directional TCP flows */, "trio-flow-offload" ( /* Allow PIC to offload flows to Trio-based PFE */ c( "minimum-bytes" arg /* Attempt flow offload after minimum bytes are seen on the flow */ ) ), "fragment-limit" arg /* Maximum number of fragments allowed for a packet */, "reassembly-timeout" arg /* Re-assembly timeout (seconds) for fragments of a packet */, "cgn-pic" /* PIC will be used for Carrier Grade NAT configuration only */, "pba-interim-logging-interval" arg /* Interim logging interval in seconds */, "session-limit" ( /* Session limit */ c( "maximum" arg /* Maximum number of sessions allowed simultaneously */, "rate" arg /* Maximum number of new sessions allowed per second */, "cpu-load-threshold" arg /* CPU limit in percentage for auto-tuning of session rate */ ) ), "enable-subscriber-analysis" /* Enable subscriber analysis on the interface */, "disable-subscriber-analysis" /* Disable subscriber analysis on the interface */, "disable-usp-tracing" /* Disable usp tracing on this pic */, "disable-drop-flows" /* Disable drop flows on this pic */, "ignore-errors" ( /* Ignore anomalies or errors */ sc( "tcp" /* TCP protocol errors */, "alg" /* ALG anomalies or errors */ ) ).as(:oneline), "capture" ( /* Packet capture for SFW and NAT on the Services PIC */ c( "capture-size" arg /* The number of packets to store */, "pkt-size" arg /* Number of bytes to be saved from each packet */, "logs-per-packet" arg /* The number of trace messages stored for each packet */, "max-log-line-size" arg /* The maximum length of a stored trace message */, "filter" ( /* Filtering options for the packet capture */ c( "source-ip" ( /* Filter based on source-ip (and wildcard) */ sc( "wildcard" ( /* Source IP wildcard */ ipaddr /* Source IP wildcard */ ), ipaddr /* Source IP */ ) ).as(:oneline), "dest-ip" ( /* Filter based on dest-ip (and wildcard) */ sc( "wildcard" ( /* Dest IP wildcard */ ipaddr /* Dest IP wildcard */ ), ipaddr /* Dest IP */ ) ).as(:oneline), "sw-sip" ( /* Filter based on source softwire ip (and wildcard) */ sc( "wildcard" ( /* Source IP wildcard */ ipv6addr /* Source IP wildcard */ ), ipv6addr /* Source softwire IP */ ) ).as(:oneline), "sw-dip" ( /* Filter based on destination softwire ip (and wildcard) */ sc( "wildcard" ( /* Destination IP wildcard */ ipaddr /* Destination IP wildcard */ ), ipaddr /* Destination softwire IP */ ) ).as(:oneline), "sport-range" ( /* Filter based on source port */ sc( "low" arg /* Source port range start */, "high" arg /* Source port range end */ ) ).as(:oneline), "dport-range" ( /* Filter based on destination port */ sc( "low" arg /* Destination port range start */, "high" arg /* Destination port range end */ ) ).as(:oneline), "proto" ( /* Filter based on L4 protocol */ ("icmp" | "tcp" | "udp") ) ) ) ) ), "flow" ( /* Define flow parameters */ c( "traceoptions" /* Trace options for flow services */ ) ), "fpc-pic-information" /* Include FPC and PIC slot number in the syslogs */, "utc-timestamp" /* Use UTC time for security log timestamps */, "syslog-local-system-timestamp" /* Use local system time for services syslog timestamp */ ) ), "t3-options" ( /* T3 interface-specific options */ c( "loopback" ( /* Loopback mode */ ("local" | "remote" | "payload") ), "long-buildout" /* Set hardware to drive line longer than 255 feet */, "no-long-buildout" /* Don't set hardware to drive line longer than 255 feet */, "loop-timing" /* Set loop timing for T3 */, "no-loop-timing" /* Don't set loop timing for T3 */, "unframed" /* Enable unframed mode */, "no-unframed" /* Don't enable unframed mode */, "compatibility-mode" ( /* Set CSU compatibility mode */ sc( c( "larscom" ( /* Compatible with Larscom CSU */ sc( "subrate" arg /* Set subrate value */ ) ).as(:oneline), "verilink" ( /* Compatible with Verilink CSU (not on 2/4-port T3 PIC) */ sc( "subrate" arg /* Set subrate value */ ) ).as(:oneline), "adtran" ( /* Compatible with Adtran CSU (not on 2/4-port T3 PIC) */ sc( "subrate" arg /* Set subrate value */ ) ).as(:oneline), "kentrox" ( /* Compatible with Kentrox CSU */ sc( "subrate" arg /* Set subrate value (not on 2/4-port T3 PIC) */ ) ).as(:oneline), "digital-link" ( /* Compatible with Digital Link CSU */ sc( "subrate" ( /* Set subrate value */ ("301Kb" | "601Kb" | "902Kb" | "1.2Mb" | "1.5Mb" | "1.8Mb" | "2.1Mb" | "2.4Mb" | "2.7Mb" | "3.0Mb" | "3.3Mb" | "3.6Mb" | "3.9Mb" | "4.2Mb" | "4.5Mb" | "4.8Mb" | "5.1Mb" | "5.4Mb" | "5.7Mb" | "6.0Mb" | "6.3Mb" | "6.6Mb" | "6.9Mb" | "7.2Mb" | "7.5Mb" | "7.8Mb" | "8.1Mb" | "8.4Mb" | "8.7Mb" | "9.0Mb" | "9.3Mb" | "9.6Mb" | "9.9Mb" | "10.2Mb" | "10.5Mb" | "10.8Mb" | "11.1Mb" | "11.4Mb" | "11.7Mb" | "12.0Mb" | "12.3Mb" | "12.6Mb" | "12.9Mb" | "13.2Mb" | "13.5Mb" | "13.8Mb" | "14.1Mb" | "14.4Mb" | "14.7Mb" | "15.0Mb" | "15.3Mb" | "15.6Mb" | "15.9Mb" | "16.2Mb" | "16.5Mb" | "16.8Mb" | "17.1Mb" | "17.4Mb" | "17.7Mb" | "18.0Mb" | "18.3Mb" | "18.6Mb" | "18.9Mb" | "19.2Mb" | "19.5Mb" | "19.8Mb" | "20.1Mb" | "20.5Mb" | "20.8Mb" | "21.1Mb" | "21.4Mb" | "21.7Mb" | "22.0Mb" | "22.3Mb" | "22.6Mb" | "22.9Mb" | "23.2Mb" | "23.5Mb" | "23.8Mb" | "24.1Mb" | "24.4Mb" | "24.7Mb" | "25.0Mb" | "25.3Mb" | "25.6Mb" | "25.9Mb" | "26.2Mb" | "26.5Mb" | "26.8Mb" | "27.1Mb" | "27.4Mb" | "27.7Mb" | "28.0Mb" | "28.3Mb" | "28.6Mb" | "28.9Mb" | "29.2Mb" | "29.5Mb" | "29.8Mb" | "30.1Mb" | "30.4Mb" | "30.7Mb" | "31.0Mb" | "31.3Mb" | "31.6Mb" | "31.9Mb" | "32.2Mb" | "32.5Mb" | "32.8Mb" | "33.1Mb" | "33.4Mb" | "33.7Mb" | "34.0Mb" | "34.3Mb" | "34.6Mb" | "34.9Mb" | "35.2Mb" | "35.5Mb" | "35.8Mb" | "36.1Mb" | "36.4Mb" | "36.7Mb" | "37.0Mb" | "37.3Mb" | "37.6Mb" | "37.9Mb" | "38.2Mb" | "38.5Mb" | "38.8Mb" | "39.1Mb" | "39.4Mb" | "39.7Mb" | "40.0Mb" | "40.3Mb" | "40.6Mb" | "40.9Mb" | "41.2Mb" | "41.5Mb" | "41.8Mb" | "42.1Mb" | "42.4Mb" | "42.7Mb" | "43.0Mb" | "43.3Mb" | "43.6Mb" | "43.9Mb" | "44.2Mb") ) ) ).as(:oneline) ) ) ).as(:oneline), "payload-scrambler" /* Enable payload scrambling */, "no-payload-scrambler" /* Don't enable payload scrambling */, "cbit-parity" /* Enable C-bit parity mode */, "no-cbit-parity" /* Don't enable C-bit parity mode */, "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "feac-loop-respond" /* Respond to FEAC loop requests */, "no-feac-loop-respond" /* Don't respond to FEAC loop requests */, "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */, "buildout" arg /* Line buildout */, "atm-encapsulation" ( /* DS-3 interface encapsulation */ ("plcp" | "direct") ) ) ), "e3-options" ( /* E3 interface-specific options */ c( "loopback" ( /* Loopback mode */ ("local" | "remote") ), "unframed" /* Enable unframed mode */, "no-unframed" /* Don't enable unframed mode */, "compatibility-mode" ( /* Set CSU compatibility mode */ sc( c( "larscom" /* Compatible with Larscom CSU (only non IQ E3 interfaces) */, "digital-link" ( /* Compatible with Digital Link CSU */ sc( "subrate" ( /* Set subrate value */ ("358Kb" | "716Kb" | "1.1Mb" | "1.4Mb" | "1.8Mb" | "2.1Mb" | "2.5Mb" | "2.9Mb" | "3.2Mb" | "3.6Mb" | "3.9Mb" | "4.3Mb" | "4.7Mb" | "5.0Mb" | "5.4Mb" | "5.7Mb" | "6.1Mb" | "6.4Mb" | "6.8Mb" | "7.2Mb" | "7.5Mb" | "7.9Mb" | "8.2Mb" | "8.6Mb" | "9.0Mb" | "9.3Mb" | "9.7Mb" | "10.0Mb" | "10.4Mb" | "10.7Mb" | "11.1Mb" | "11.5Mb" | "11.8Mb" | "12.2Mb" | "12.5Mb" | "12.9Mb" | "13.2Mb" | "13.6Mb" | "14.0Mb" | "14.3Mb" | "14.7Mb" | "15.0Mb" | "15.4Mb" | "15.8Mb" | "16.1Mb" | "16.5Mb" | "16.8Mb" | "17.2Mb" | "17.5Mb" | "17.9Mb" | "18.3Mb" | "18.6Mb" | "19.0Mb" | "19.3Mb" | "19.7Mb" | "20.0Mb" | "20.4Mb" | "20.8Mb" | "21.1Mb" | "21.5Mb" | "21.8Mb" | "22.2Mb" | "22.6Mb" | "22.9Mb" | "23.3Mb" | "23.6Mb" | "24.0Mb" | "24.3Mb" | "24.7Mb" | "25.1Mb" | "25.4Mb" | "25.8Mb" | "26.1Mb" | "26.5Mb" | "26.9Mb" | "27.2Mb" | "27.6Mb" | "27.9Mb" | "28.3Mb" | "28.6Mb" | "29.0Mb" | "29.4Mb" | "29.7Mb" | "30.1Mb" | "30.4Mb" | "30.8Mb" | "31.1Mb" | "31.5Mb" | "31.9Mb" | "32.2Mb" | "32.6Mb" | "32.9Mb" | "33.3Mb" | "33.7Mb" | "34.0Mb") ) ) ).as(:oneline), "kentrox" ( /* Compatible with Kentrox CSU */ sc( "subrate" arg /* Set subrate value (only for E3 IQ interfaces) */ ) ).as(:oneline) ) ) ).as(:oneline), "payload-scrambler" /* Enable payload scrambling */, "no-payload-scrambler" /* Don't enable payload scrambling */, "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "invert-data" /* Invert data */, "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */, "buildout" arg /* Line buildout */, "atm-encapsulation" ( /* E3 interface encapsulation */ ("plcp" | "direct") ), "framing" ( /* E3 line format */ ("g.751" | "g.832") ) ) ), "e1-options" ( /* E1 interface-specific options */ c( "timeslots" arg /* Timeslots (1..32); for example, 1-4,6,9-11,32 (no space) */, "loopback" ( /* Loopback mode */ ("local" | "remote") ), "framing" ( /* Framing mode */ ("g704" | "unframed" | "g704-no-crc4") ), "fcs" ( /* Frame checksum */ ("32" | "16") ), "invert-data" /* Invert data */, "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */ ) ), "t1-options" ( /* T1 interface-specific options */ c( "timeslots" arg /* Timeslots (1..24; for example, 1-3,4,9,22-24 (no space) */, "voice-timeslots" arg /* Voice timeslots (1..24),for example, 1-3,4,9,22-24 (no space) */, "disable-remote-alarm-detection" ( /* Disable detection of a remote alarm */ ("yellow") ), "loopback" ( /* Loopback mode */ ("local" | "remote" | "payload") ), "buildout" ( /* Line buildout */ ("0-132" | "133-265" | "266-398" | "399-531" | "532-655" | "long-0db" | "long-7.5db" | "long-15db" | "long-22.5db") ), "byte-encoding" ( /* Byte encoding */ ("nx64" | "nx56") ), "line-encoding" ( /* Line encoding */ ("ami" | "b8zs") ), "invert-data" /* Invert data */, "framing" ( /* Framing mode */ ("sf" | "esf") ), "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e3" | "pseudo-2e4" | "pseudo-2e5" | "pseudo-2e6" | "pseudo-2e7" | "pseudo-2e9-o153" | "pseudo-2e10" | "pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e17" | "pseudo-2e18" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "pseudo-2e21" | "pseudo-2e22" | "pseudo-2e23-o151" | "pseudo-2e25" | "pseudo-2e28" | "pseudo-2e29" | "pseudo-2e31" | "pseudo-2e32" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */, "remote-loopback-respond" /* Respond to loop requests from remote end */, "crc-major-alarm-threshold" ( /* CRC Major alarm threshold value */ ("1e-3" | "5e-4" | "1e-4" | "5e-5" | "1e-5") ), "crc-minor-alarm-threshold" ( /* CRC Minor alarm threshold value */ ("1e-3" | "5e-4" | "1e-4" | "5e-5" | "1e-5" | "5e-6" | "1e-6") ), "alarm-compliance" ( /* Enforce standard for alarm reporting */ ("accunet-t1-5-service") ) ) ), "ds0-options" ( /* DS-0 interface-specific options */ c( "loopback" ( /* Loopback mode */ ("payload") ), "byte-encoding" ( /* Byte encoding */ ("nx64" | "nx56") ), "invert-data" /* Invert data */, "fcs" ( /* Frame checksum */ ("32" | "16") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ), "start-end-flag" ( /* Set start/end flags on transmission */ ("shared" | "filler") ), "bert-algorithm" ( /* Set BERT algorithm */ ("pseudo-2e11-o152" | "pseudo-2e15-o151" | "pseudo-2e20-o153" | "pseudo-2e20-o151" | "all-ones-repeating" | "all-zeros-repeating" | "alternating-ones-zeros" | "alternating-double-ones-zeros" | "repeating-3-in-24" | "repeating-1-in-8" | "repeating-1-in-4" | "repeating-1-in-16") ), "bert-error-rate" arg /* Bit error rate (10^-n for n > 0, and zero for n = 0) */, "bert-period" arg /* Length of BERT test */ ) ), "serial-options" ( /* Serial interface-specific options */ c( "line-protocol" ( /* Line protocol to be used */ ("eia530" | "v.35" | "x.21") ), c( "dte-options" ( /* DTE options/control leads */ c( "ignore-all" /* Ignore all control leads */, "dtr" ( /* Data Transmit Ready signal handling */ sc( c( "assert" /* Assert DTR signal */, "de-assert" /* Deassert DTR signal */, "normal" /* Normal DTR signal */, "auto-synchronize" ( /* Normal DTR signal, with autoresynchronization */ c( "duration" arg /* Duration of autoresynchronization */, "interval" arg /* Interval for autoresynchronization */ ) ) ) ) ).as(:oneline), "control-signal" ( /* X.21 control signal handling */ ("assert" | "de-assert" | "normal") ), "rts" ( /* Request To Send signal handling */ ("assert" | "de-assert" | "normal") ), "dcd" ( /* Data Carrier Detect signal handling */ ("require" | "ignore" | "normal") ), "dsr" ( /* Data Set Ready signal handling */ ("require" | "ignore" | "normal") ), "cts" ( /* Clear To Send signal handling */ ("require" | "ignore" | "normal") ), "indication" ( /* X.21 Indication signal handling */ ("require" | "ignore" | "normal") ), "tm" ( /* Test Mode signal handling */ ("require" | "ignore" | "normal") ) ) ), "dce-options" ( /* DCE options */ c( "ignore-all" /* Ignore all control leads */, "dtr" ( /* Data Transmit Ready signal handling */ ("require" | "ignore" | "normal") ), "rts" ( /* Request To Send signal handling */ ("require" | "ignore" | "normal") ), "dcd" ( /* Data Carrier Detect signal handling */ ("assert" | "de-assert" | "normal") ), "dsr" ( /* Data Set Ready signal handling */ ("assert" | "de-assert" | "normal") ), "cts" ( /* Clear To Send signal handling */ ("assert" | "de-assert" | "normal") ), "tm" ( /* Test Mode signal handling */ ("require" | "ignore" | "normal") ), "dce-loopback-override" /* DCE loopback override */ ) ) ), "dtr-circuit" ( /* Data Transmit Ready circuit mode */ ("balanced" | "unbalanced") ), "dtr-polarity" ( /* Data Transmit Ready signal polarity */ ("positive" | "negative") ), "rts-polarity" ( /* Request To Send signal polarity */ ("positive" | "negative") ), "control-polarity" ( /* X.21 Control signal polarity */ ("positive" | "negative") ), "dcd-polarity" ( /* Data Carrier Detect signal polarity */ ("positive" | "negative") ), "dsr-polarity" ( /* Data Set Ready signal polarity */ ("positive" | "negative") ), "cts-polarity" ( /* Clear To Send signal polarity */ ("positive" | "negative") ), "indication-polarity" ( /* X.21 Indication signal polarity */ ("positive" | "negative") ), "tm-polarity" ( /* Test Mode signal polarity */ ("positive" | "negative") ), "clocking-mode" ( /* Clock mode */ ("dce" | "internal" | "loop") ), "transmit-clock" ( /* Transmit clock phase */ ("invert") ), "clock-rate" ( /* Interface clock rate */ ("2.048mhz" | "2.341mhz" | "2.731mhz" | "3.277mhz" | "4.096mhz" | "5.461mhz" | "8.192mhz" | "16.384mhz" | "1.2khz" | "2.4khz" | "9.6khz" | "19.2khz" | "38.4khz" | "56.0khz" | "64.0khz" | "72.0khz" | "125.0khz" | "148.0khz" | "250.0khz" | "500.0khz" | "800.0khz" | "1.0mhz" | "1.3mhz" | "2.0mhz" | "4.0mhz" | "8.0mhz") ), "loopback" ( /* Loopback mode */ ("local" | "remote" | "dce-local" | "dce-remote") ), "encoding" ( /* Line encoding */ ("nrz" | "nrzi") ), "idle-cycle-flag" ( /* Value to transmit in idle cycles */ ("flags" | "ones") ) ) ), "gratuitous-arp-reply" /* Enable gratuitous ARP reply */, "no-gratuitous-arp-reply" /* Don't enable gratuitous ARP reply */, "no-gratuitous-arp-request" /* Ignore gratuitous ARP request */, "no-no-gratuitous-arp-request" /* Don't ignore gratuitous ARP request */, "arp-l2-validate" /* Validate ARP against L2 */, "ether-options" ( /* Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "loopback-remote" /* Enable remote loopback */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "ethernet-switch-profile" ( /* Ethernet virtual LAN/media access control-level options */ c( "tag-protocol-id" arg /* IEEE 802.1q Tag Protocol Identifier values for VLAN-tagged frames */, "ethernet-policer-profile" ( /* Ethernet level CoS-based policer configuration */ c( "input-priority-map" ( /* Input policer priority map */ cos_policer_input_priority_map /* Input policer priority map */ ), "output-priority-map" ( /* Output policer priority map */ cos_policer_output_priority_map /* Output policer priority map */ ), "policer" ( /* Policer template definition */ cos_policer /* Policer template definition */ ) ) ), "storm-control" ( /* Storm control profile name to bind */ c( arg /* Profile name */ ) ), "recovery-timeout" ( /* Recovery timeout for this interface */ sc( arg ) ).as(:oneline), "mac-learn-enable" /* Learn MAC addresses dynamically */, "no-mac-learn-enable" /* Don't learn MAC addresses dynamically */ ) ), "asynchronous-notification" /* Enable sending asynchronous notification to peer on CCC-down */, "source-address-filter" arg /* Source address filters */.as(:oneline), "auto-negotiation" /* Enable auto-negotiation */, "no-auto-negotiation" /* Don't enable auto-negotiation */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "configured-flow-control" ( /* Enable flow control */ c( "rx-buffers" ( /* Enable/Disable Rx buffers */ ("on" | "off") ), "tx-buffers" ( /* Enable/Disable Tx buffers */ ("on" | "off") ) ) ), "link-mode" ( /* Link duplex */ ("automatic" | "half-duplex" | "full-duplex") ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "ignore-l3-incompletes" /* Ignore L3 incomplete errors */, "no-auto-mdix" /* Disable auto MDI/MDIX */, "fec" ( /* Forward Error Correction mode */ ("none" | "fec91" | "fec74" | "fec108") ), "speed" ( /* Specify speed */ c( c( "auto-negotiation" ( /* Enable auto-negotiation */ sc( "auto-negotiate-10-100" /* Limits the auto-negotiation to 10m/100m only */ ) ).as(:oneline), "ethernet-10m" /* 10Mbps */, "ethernet-100m" /* 100Mbps */, "ethernet-1g" /* 1Gbps */, "ethernet-10g" /* 10Gbps */ ) ) ), "ieee-802.3ad" ( /* IEEE 802.3ad */ c( "lacp" ( /* Link Aggregation Control Protocol configuration */ c( "force-up" /* Keep the port up in absence of received LACPDU */, "port-priority" arg /* Priority of the port (0 ... 65535) */ ) ), interface_device /* Join an aggregated Ethernet interface */, c( "primary" /* Primary interface for link-protection mode */, "backup" /* Backup interface for link-protection mode */ ), "link-protection-sub-group" ( /* Link Protection subgroup configuration */ c( arg ) ), "port-priority" arg /* Link protection Priority of the port (0 ... 65535) */ ) ), "ieee-802-3az-eee" /* IEEE 802.3az Energy Efficient Ethernet(EEE) */, "mdi-mode" ( /* Cable cross-over mode */ ("auto" | "force" | "mdi" | "mdix") ), "redundant-parent" ( /* Parent of this interface */ c( interface_device /* Join a redundant ethernet interface */ ) ), "autostate-exclude" /* Interface will not contribute to IRB state */ ) ), "fibrechannel-options" ( /* Fibre Channel interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "bb-sc-n" arg /* B2B state change number */, "speed" ( /* Specify speed */ ("auto-negotiation" | "1g" | "2g" | "4g" | "8g") ) ) ), "gigether-options" ( /* Gigabit Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "loopback-remote" /* Enable remote loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, c( "no-auto-negotiation" /* Disable auto-negotiation */, "auto-negotiation" ( /* Enable auto-negotiation */ sc( "remote-fault" ( ("local-interface-offline" | "local-interface-online") ) ) ).as(:oneline) ), "mac-mode" ( /* Physical layer protocol of MAC's SERDES interface */ ("sgmii" | "mac-mode-1000base-x") ), "asynchronous-notification" /* Enable sending asynchronous notification to peer on CCC-down */, "source-address-filter" arg /* Source address filters */.as(:oneline), "pad-to-minimum-frame-size" /* Pad Tx vlan tagged frame to minimum of 68 bytes */, "redundant-parent" ( /* Parent of this interface */ c( interface_device /* Join a redundant-ethernet interface */ ) ), "ieee-802.3ad" ( /* IEEE 802.3ad */ c( "lacp" ( /* Link Aggregation Control Protocol configuration */ c( "port-priority" arg /* Priority of the port (0 ... 65535) */ ) ), interface_device /* Join an aggregated Ethernet interface */, "link-index" arg /* Desired child link index within the Aggregated Interface */, c( "primary" /* Primary interface for link-protection mode */, "backup" /* Backup interface for link-protection mode */ ), "distribution-list" arg /* Distribution list to which interface belongs */ ) ), "ethernet-switch-profile" ( /* Ethernet virtual LAN/media access control-level options */ c( "tag-protocol-id" arg /* IEEE 802.1q Tag Protocol Identifier values for VLAN-tagged frames */, "ethernet-policer-profile" ( /* Ethernet level CoS-based policer configuration */ c( "ieee802.1-priority-map" ( /* Premium priority values for IEEE 802.1p bits */ c( "premium" arg /* Premium policer priority map */ ) ), "input-priority-map" ( /* Input policer priority map */ cos_policer_input_priority_map /* Input policer priority map */ ), "output-priority-map" ( /* Output policer priority map */ cos_policer_output_priority_map /* Output policer priority map */ ), "policer" ( /* Policer template definition */ cos_policer /* Policer template definition */ ) ) ), "accept-from" ( /* Accept traffic from or to specified remote MAC */ c( "mac-address" ( /* Remote MAC */ mac_list /* Remote MAC */ ) ) ), "reject-the-rest" /* Accept traffic from only the specified MAC addresses */, "no-reject-the-rest" /* Don't accept traffic from only the specified MAC addresses */, "mac-learn-enable" /* Learn MAC addresses dynamically */ ) ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "ignore-l3-incompletes" /* Ignore L3 incomplete errors */, "no-auto-mdix" /* Disable auto MDI/MDIX */, "ieee-802-3az-eee" /* IEEE 802.3az Energy Efficient Ethernet(EEE) */, "mru" arg /* Maximum receive packet size */, "fec" ( /* Forward Error Correction mode */ ("none" | "fec91" | "fec74" | "fec108") ), "speed" ( /* Speed mode */ ("1g" | "10g") ) ) ), "optics-options" ( /* Optics options */ c( "wavelength" ( /* Wavelength of the optics (nanometers) for 50Ghz/100Ghz spacing */ ("1568.77" | "1568.36" | "1568.31" | "1568.26" | "1568.21" | "1568.16" | "1568.11" | "1568.05" | "1568.00" | "1567.95" | "1567.90" | "1567.85" | "1567.80" | "1567.75" | "1567.70" | "1567.64" | "1567.59" | "1567.54" | "1567.49" | "1567.44" | "1567.39" | "1567.34" | "1567.29" | "1567.23" | "1567.18" | "1567.13" | "1567.08" | "1567.03" | "1566.98" | "1566.93" | "1566.88" | "1566.83" | "1566.77" | "1566.72" | "1566.67" | "1566.62" | "1566.57" | "1566.52" | "1566.47" | "1566.42" | "1566.36" | "1566.31" | "1566.26" | "1566.21" | "1566.16" | "1566.11" | "1566.06" | "1566.01" | "1565.96" | "1565.90" | "1565.85" | "1565.80" | "1565.75" | "1565.70" | "1565.65" | "1565.60" | "1565.55" | "1565.50" | "1565.44" | "1565.39" | "1565.34" | "1565.29" | "1565.24" | "1565.19" | "1565.14" | "1565.09" | "1565.04" | "1564.99" | "1564.93" | "1564.88" | "1564.83" | "1564.78" | "1564.73" | "1564.68" | "1564.63" | "1564.58" | "1564.53" | "1564.47" | "1564.42" | "1564.37" | "1564.32" | "1564.27" | "1564.22" | "1564.17" | "1564.12" | "1564.07" | "1564.02" | "1563.96" | "1563.91" | "1563.86" | "1563.81" | "1563.76" | "1563.71" | "1563.66" | "1563.61" | "1563.56" | "1563.51" | "1563.45" | "1563.40" | "1563.35" | "1563.30" | "1563.25" | "1563.20" | "1563.15" | "1563.10" | "1563.05" | "1563.00" | "1562.95" | "1562.89" | "1562.84" | "1562.79" | "1562.74" | "1562.69" | "1562.64" | "1562.59" | "1562.54" | "1562.49" | "1562.44" | "1562.39" | "1562.33" | "1562.28" | "1562.23" | "1562.18" | "1562.13" | "1562.08" | "1562.03" | "1561.98" | "1561.93" | "1561.88" | "1561.83" | "1561.77" | "1561.72" | "1561.67" | "1561.62" | "1561.57" | "1561.52" | "1561.47" | "1561.42" | "1561.37" | "1561.32" | "1561.27" | "1561.22" | "1561.16" | "1561.11" | "1561.06" | "1561.01" | "1560.96" | "1560.91" | "1560.86" | "1560.81" | "1560.76" | "1560.71" | "1560.66" | "1560.61" | "1560.56" | "1560.50" | "1560.45" | "1560.40" | "1560.35" | "1560.30" | "1560.25" | "1560.20" | "1560.15" | "1560.10" | "1560.05" | "1560.00" | "1559.95" | "1559.90" | "1559.84" | "1559.79" | "1559.74" | "1559.69" | "1559.64" | "1559.59" | "1559.54" | "1559.49" | "1559.44" | "1559.39" | "1559.34" | "1559.29" | "1559.24" | "1559.19" | "1559.14" | "1559.08" | "1559.03" | "1558.98" | "1558.93" | "1558.88" | "1558.83" | "1558.78" | "1558.73" | "1558.68" | "1558.63" | "1558.58" | "1558.53" | "1558.48" | "1558.43" | "1558.38" | "1558.32" | "1558.27" | "1558.22" | "1558.17" | "1558.12" | "1558.07" | "1558.02" | "1557.97" | "1557.92" | "1557.87" | "1557.82" | "1557.77" | "1557.72" | "1557.67" | "1557.62" | "1557.57" | "1557.52" | "1557.46" | "1557.41" | "1557.36" | "1557.31" | "1557.26" | "1557.21" | "1557.16" | "1557.11" | "1557.06" | "1557.01" | "1556.96" | "1556.91" | "1556.86" | "1556.81" | "1556.76" | "1556.71" | "1556.66" | "1556.61" | "1556.55" | "1556.50" | "1556.45" | "1556.40" | "1556.35" | "1556.30" | "1556.25" | "1556.20" | "1556.15" | "1556.10" | "1556.05" | "1556.00" | "1555.95" | "1555.90" | "1555.85" | "1555.80" | "1555.75" | "1555.70" | "1555.65" | "1555.60" | "1555.55" | "1555.49" | "1555.44" | "1555.39" | "1555.34" | "1555.29" | "1555.24" | "1555.19" | "1555.14" | "1555.09" | "1555.04" | "1554.99" | "1554.94" | "1554.89" | "1554.84" | "1554.79" | "1554.74" | "1554.69" | "1554.64" | "1554.59" | "1554.54" | "1554.49" | "1554.44" | "1554.39" | "1554.34" | "1554.29" | "1554.23" | "1554.18" | "1554.13" | "1554.08" | "1554.03" | "1553.98" | "1553.93" | "1553.88" | "1553.83" | "1553.78" | "1553.73" | "1553.68" | "1553.63" | "1553.58" | "1553.53" | "1553.48" | "1553.43" | "1553.38" | "1553.33" | "1553.28" | "1553.23" | "1553.18" | "1553.13" | "1553.08" | "1553.03" | "1552.98" | "1552.93" | "1552.88" | "1552.83" | "1552.78" | "1552.73" | "1552.68" | "1552.62" | "1552.57" | "1552.52" | "1552.47" | "1552.42" | "1552.37" | "1552.32" | "1552.27" | "1552.22" | "1552.17" | "1552.12" | "1552.07" | "1552.02" | "1551.97" | "1551.92" | "1551.87" | "1551.82" | "1551.77" | "1551.72" | "1551.67" | "1551.62" | "1551.57" | "1551.52" | "1551.47" | "1551.42" | "1551.37" | "1551.32" | "1551.27" | "1551.22" | "1551.17" | "1551.12" | "1551.07" | "1551.02" | "1550.97" | "1550.92" | "1550.87" | "1550.82" | "1550.77" | "1550.72" | "1550.67" | "1550.62" | "1550.57" | "1550.52" | "1550.47" | "1550.42" | "1550.37" | "1550.32" | "1550.27" | "1550.22" | "1550.17" | "1550.12" | "1550.07" | "1550.02" | "1549.97" | "1549.92" | "1549.87" | "1549.82" | "1549.77" | "1549.72" | "1549.67" | "1549.62" | "1549.57" | "1549.52" | "1549.47" | "1549.42" | "1549.37" | "1549.32" | "1549.26" | "1549.21" | "1549.16" | "1549.11" | "1549.06" | "1549.01" | "1548.96" | "1548.91" | "1548.86" | "1548.81" | "1548.76" | "1548.71" | "1548.66" | "1548.61" | "1548.56" | "1548.51" | "1548.46" | "1548.41" | "1548.36" | "1548.31" | "1548.26" | "1548.21" | "1548.16" | "1548.11" | "1548.06" | "1548.02" | "1547.97" | "1547.92" | "1547.87" | "1547.82" | "1547.77" | "1547.72" | "1547.67" | "1547.62" | "1547.57" | "1547.52" | "1547.47" | "1547.42" | "1547.37" | "1547.32" | "1547.27" | "1547.22" | "1547.17" | "1547.12" | "1547.07" | "1547.02" | "1546.97" | "1546.92" | "1546.87" | "1546.82" | "1546.77" | "1546.72" | "1546.67" | "1546.62" | "1546.57" | "1546.52" | "1546.47" | "1546.42" | "1546.37" | "1546.32" | "1546.27" | "1546.22" | "1546.17" | "1546.12" | "1546.07" | "1546.02" | "1545.97" | "1545.92" | "1545.87" | "1545.82" | "1545.77" | "1545.72" | "1545.67" | "1545.62" | "1545.57" | "1545.52" | "1545.47" | "1545.42" | "1545.37" | "1545.32" | "1545.27" | "1545.22" | "1545.17" | "1545.12" | "1545.07" | "1545.02" | "1544.97" | "1544.92" | "1544.87" | "1544.82" | "1544.77" | "1544.72" | "1544.68" | "1544.63" | "1544.58" | "1544.53" | "1544.48" | "1544.43" | "1544.38" | "1544.33" | "1544.28" | "1544.23" | "1544.18" | "1544.13" | "1544.08" | "1544.03" | "1543.98" | "1543.93" | "1543.88" | "1543.83" | "1543.78" | "1543.73" | "1543.68" | "1543.63" | "1543.58" | "1543.53" | "1543.48" | "1543.43" | "1543.38" | "1543.33" | "1543.28" | "1543.23" | "1543.18" | "1543.13" | "1543.08" | "1543.04" | "1542.99" | "1542.94" | "1542.89" | "1542.84" | "1542.79" | "1542.74" | "1542.69" | "1542.64" | "1542.59" | "1542.54" | "1542.49" | "1542.44" | "1542.39" | "1542.34" | "1542.29" | "1542.24" | "1542.19" | "1542.14" | "1542.09" | "1542.04" | "1541.99" | "1541.94" | "1541.89" | "1541.84" | "1541.80" | "1541.75" | "1541.70" | "1541.65" | "1541.60" | "1541.55" | "1541.50" | "1541.45" | "1541.40" | "1541.35" | "1541.30" | "1541.25" | "1541.20" | "1541.15" | "1541.10" | "1541.05" | "1541.00" | "1540.95" | "1540.90" | "1540.85" | "1540.80" | "1540.76" | "1540.71" | "1540.66" | "1540.61" | "1540.56" | "1540.51" | "1540.46" | "1540.41" | "1540.36" | "1540.31" | "1540.26" | "1540.21" | "1540.16" | "1540.11" | "1540.06" | "1540.01" | "1539.96" | "1539.91" | "1539.86" | "1539.82" | "1539.77" | "1539.72" | "1539.67" | "1539.62" | "1539.57" | "1539.52" | "1539.47" | "1539.42" | "1539.37" | "1539.32" | "1539.27" | "1539.22" | "1539.17" | "1539.12" | "1539.07" | "1539.03" | "1538.98" | "1538.93" | "1538.88" | "1538.83" | "1538.78" | "1538.73" | "1538.68" | "1538.63" | "1538.58" | "1538.53" | "1538.48" | "1538.43" | "1538.38" | "1538.33" | "1538.28" | "1538.24" | "1538.19" | "1538.14" | "1538.09" | "1538.04" | "1537.99" | "1537.94" | "1537.89" | "1537.84" | "1537.79" | "1537.74" | "1537.69" | "1537.64" | "1537.59" | "1537.55" | "1537.50" | "1537.45" | "1537.40" | "1537.35" | "1537.30" | "1537.25" | "1537.20" | "1537.15" | "1537.10" | "1537.05" | "1537.00" | "1536.95" | "1536.90" | "1536.86" | "1536.81" | "1536.76" | "1536.71" | "1536.66" | "1536.61" | "1536.56" | "1536.51" | "1536.46" | "1536.41" | "1536.36" | "1536.31" | "1536.26" | "1536.22" | "1536.17" | "1536.12" | "1536.07" | "1536.02" | "1535.97" | "1535.92" | "1535.87" | "1535.82" | "1535.77" | "1535.72" | "1535.67" | "1535.63" | "1535.58" | "1535.53" | "1535.48" | "1535.43" | "1535.38" | "1535.33" | "1535.28" | "1535.23" | "1535.18" | "1535.13" | "1535.08" | "1535.04" | "1534.99" | "1534.94" | "1534.89" | "1534.84" | "1534.79" | "1534.74" | "1534.69" | "1534.64" | "1534.59" | "1534.54" | "1534.50" | "1534.45" | "1534.40" | "1534.35" | "1534.30" | "1534.25" | "1534.20" | "1534.15" | "1534.10" | "1534.05" | "1534.00" | "1533.96" | "1533.91" | "1533.86" | "1533.81" | "1533.76" | "1533.71" | "1533.66" | "1533.61" | "1533.56" | "1533.51" | "1533.47" | "1533.42" | "1533.37" | "1533.32" | "1533.27" | "1533.22" | "1533.17" | "1533.12" | "1533.07" | "1533.02" | "1532.98" | "1532.93" | "1532.88" | "1532.83" | "1532.78" | "1532.73" | "1532.68" | "1532.63" | "1532.58" | "1532.53" | "1532.49" | "1532.44" | "1532.39" | "1532.34" | "1532.29" | "1532.24" | "1532.19" | "1532.14" | "1532.09" | "1532.04" | "1532.00" | "1531.95" | "1531.90" | "1531.85" | "1531.80" | "1531.75" | "1531.70" | "1531.65" | "1531.60" | "1531.56" | "1531.51" | "1531.46" | "1531.41" | "1531.36" | "1531.31" | "1531.26" | "1531.21" | "1531.16" | "1531.12" | "1531.07" | "1531.02" | "1530.97" | "1530.92" | "1530.87" | "1530.82" | "1530.77" | "1530.72" | "1530.68" | "1530.63" | "1530.58" | "1530.53" | "1530.48" | "1530.43" | "1530.38" | "1530.33" | "1530.29" | "1530.24" | "1530.19" | "1530.14" | "1530.09" | "1530.04" | "1529.99" | "1529.94" | "1529.89" | "1529.85" | "1529.80" | "1529.75" | "1529.70" | "1529.65" | "1529.60" | "1529.55" | "1529.50" | "1529.46" | "1529.41" | "1529.36" | "1529.31" | "1529.26" | "1529.21" | "1529.16" | "1529.11" | "1529.07" | "1529.02" | "1528.97" | "1528.92" | "1528.87" | "1528.82" | "1528.77" | "1528.38") ), "tx-power" arg /* Transmit laser output power */, "loopback" /* Put the optics in loopback mode */, "los-warning-threshold" arg /* LOS warning threshold */, "los-alarm-threshold" arg /* LOS alarm threshold */, "modulation-format" ( /* Type of Modulation Format */ ("16qam" | "8qam" | "qpsk") ), "laser-enable" /* Enable Laser */, "no-laser-enable" /* Don't enable Laser */, "is-ma" /* Link is enabled with alarms masked */, "no-is-ma" /* Don't link is enabled with alarms masked */, "encoding" ( /* Line encoding */ ("differential" | "non-differential") ), "fec" ( /* Forward Error Correction mode */ ("sdfec" | "sdfec25" | "hgfec" | "sdfec15") ), "high-polarization" /* High polarization tracking mode */, "signal-degrade" ( /* Signal degrade thresholds */ c( "interval" arg /* Time interval */, "ber-threshold-clear" arg /* Ber threshold for signal degrade clear (format: xe-n, example: 4.5e-3) */, "ber-threshold-signal-degrade" arg /* Ber threshold for signal-degrade (format: xe-n, example: 4.5e-3) */, "q-threshold-signal-degrade-clear" arg /* Q threshold for signal-degrade clear (e.g. 14.26) */, "q-threshold-signal-degrade" arg /* Q threshold for signal-degrade (e.g. 9.26) */ ) ), "alarm" enum(("low-light-alarm")) ( /* Set optic alarms */ c( c( "syslog", "link-down" ) ) ), "tca" ( /* Set tca for optic alarms */ c( "tx-power-high-tca" ( /* Tx power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute tx power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour tx power high TCA in dBm */ ) ), "tx-power-low-tca" ( /* Tx power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute tx power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour tx power low TCA in dBm */ ) ), "rx-power-high-tca" ( /* Rx power high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute rx power high TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour rx power high TCA in dBm */ ) ), "rx-power-low-tca" ( /* Rx power low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute rx power low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour rx power low TCA in dBm */ ) ), "temperature-high-tca" ( /* Temperature high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute high temperature TCA in celsius */, "threshold-24hrs" arg /* Threshold for 24 hour high temperature TCA in celsius */ ) ), "temperature-low-tca" ( /* Temperature low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute low temperature TCA in celsius */, "threshold-24hrs" arg /* Threshold for 24 hour low temperature TCA in celsius */ ) ), "carrier-frequency-offset-high-tca" ( /* Carrier frequency offset high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency offset high TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency offset high TCA in MHz */ ) ), "carrier-frequency-offset-low-tca" ( /* Carrier frequency offset low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency offset low TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency offset low TCA in MHz */ ) ), "fec-ber" ( /* Optics Errored Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the Optics errored seconds threshold crossing alert */, "no-enable-tca" /* Don't enable the Optics errored seconds threshold crossing alert */, "threshold" arg /* TCA threshold for BER value in format: xe-n, x is an integer or decimal number, n = 0..9 */, "threshold-24hrs" arg /* TCA threshold for BER value in format: xe-n, x is an integer or decimal number, n = 0..9 */ ) ).as(:oneline), "tec-current-high-tca" ( /* TEC Current high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute TEC Current high TCA in mA */, "threshold-24hrs" arg /* Threshold for 24 hour TEC Current high TCA in mA */ ) ), "tec-current-low-tca" ( /* TEC Current low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute TEC Current low TCA in mA */, "threshold-24hrs" arg /* Threshold for 24 hour TEC Current low TCA in mA */ ) ), "residual-isi-high-tca" ( /* Residual ISI high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Residual ISI high TCA in ps/nm */, "threshold-24hrs" arg /* Threshold for 24 hour Residual ISI high TCA in ps/nm */ ) ), "residual-isi-low-tca" ( /* Residual ISI low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute Residual ISI low TCA in ps/nm */, "threshold-24hrs" arg /* Threshold for 24 hour Residual ISI low TCA in ps/nm */ ) ), "pam-histogram-high-tca" ( /* PAM Histogram high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute PAM Histogram high TCA */, "threshold-24hrs" arg /* Threshold for 24 hour PAM Histogram high TCA */ ) ), "snr-low-tca" ( /* SNR low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute SNR low TCA in dBm */, "threshold-24hrs" arg /* Threshold for 24 hour SNR low TCA in dBm */ ) ), "fec-corrected-errors-high-tca" ( /* FEC Corrected Error High Threshold crossing defect trigger */ c( "enable-tca" /* Enable the FEC Corrected Errors threshold crossing alert */, "no-enable-tca" /* Don't enable the FEC Corrected Errors threshold crossing alert */, "threshold" arg /* FEC Corrected-Errs value in format: xe-n, x is an integer or decimal number, n = 0..9 */, "threshold-24hrs" arg /* FEC Corrected-Errs value in format: xe-n, x is an integer or decimal number, n = 0..9 */ ) ), "fec-ucorrected-words-high-tca" ( /* FEC UCorrected Words High Threshold crossing defect trigger */ c( "enable-tca" /* Enable the FEC UCorrected Words threshold crossing alert */, "no-enable-tca" /* Don't enable the FEC UCorrected Words threshold crossing alert */, "threshold" arg /* FEC UCorrected-Words value in format: xe-n, x is an integer or decimal number, n = 0..9 */, "threshold-24hrs" arg /* FEC UCorrected-Words value in format: xe-n, x is an integer or decimal number, n = 0..9 */ ) ), "laser-frequency-error-high-tca" ( /* Laser frequency error high TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency error high TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency error high TCA in MHz */ ) ), "laser-frequency-error-low-tca" ( /* Laser frequency error low TCA */ c( "enable-tca" /* Enable tca */, "no-enable-tca" /* Don't enable tca */, "threshold" arg /* Threshold for 15 minute frequency error low TCA in MHz */, "threshold-24hrs" arg /* Threshold for 24 hour frequency error low TCA in MHz */ ) ) ) ), "warning" enum(("low-light-warning")) ( /* Set optic warnings */ c( c( "syslog" /* Set action as syslog */, "link-down" /* Set action as link-down */ ) ) ), "low-power-mode" /* Force optics to low power mode */, "host-side-fec" ( /* Host side optics FEC ON/OFF */ ("off" | "on") ), "media-side-fec" ( /* Media side FEC ON/OFF */ ("off" | "on") ), c( "lane" arg ( /* Media lane number */ c( "tx-laser" ( /* Transmit Laser ON/OFF */ ("off" | "on") ), "rx-output" ( /* Receive output ON/OFF */ ("off" | "on") ), "tx-cdr" ( /* Transmit Clock and Data Recovery ON/OFF */ ("off" | "on") ), "rx-cdr" ( /* Receive Clock and Data Recovery ON/OFF */ ("off" | "on") ), "tx-input-equalization-adaptive" ( /* Transmit adaptive equalization ON/OFF */ ("off" | "on") ), "tx-input-equalization-manual" arg /* Transmit manual equalization for optics */, "rx-output-emphasis" arg /* Receive output emphasis for optics */, "rx-output-amplitude" ( /* Receive output amplitude setting */ ("400mV" | "600mV" | "800mV" | "1200mV") ), "tx-squelch" ( /* Transmit squelch ON/OFF */ ("off" | "on") ), "rx-squelch" ( /* Receive squelch ON/OFF */ ("off" | "on") ), "tx-rate-select" arg /* Transmit rate select for optics */, "rx-rate-select" arg /* Receive rate select for optics */ ) ), "lane-all" ( /* Apply settings to all lane */ c( "tx-laser" ( /* Transmit Laser ON/OFF */ ("off" | "on") ), "rx-output" ( /* Receive output ON/OFF */ ("off" | "on") ), "tx-cdr" ( /* Transmit Clock and Data Recovery ON/OFF */ ("off" | "on") ), "rx-cdr" ( /* Receive Clock and Data Recovery ON/OFF */ ("off" | "on") ), "tx-input-equalization-adaptive" ( /* Transmit adaptive equalization ON/OFF */ ("off" | "on") ), "tx-input-equalization-manual" arg /* Transmit manual equalization for optics */, "rx-output-emphasis" arg /* Receive output emphasis for optics */, "rx-output-amplitude" ( /* Receive output amplitude setting */ ("400mV" | "600mV" | "800mV" | "1200mV") ), "tx-squelch" ( /* Transmit squelch ON/OFF */ ("off" | "on") ), "rx-squelch" ( /* Receive squelch ON/OFF */ ("off" | "on") ), "tx-rate-select" arg /* Transmit rate select for optics */, "rx-rate-select" arg /* Receive rate select for optics */ ) ) ) ) ), "otn-options" ( /* Optical Transmission Network interface-specific options */ otn_options_type /* Optical Transmission Network interface-specific options */ ), "tdm-options" ( /* Time division multiplexing (TDM) interface-specific options */ tdm_options_type /* Time division multiplexing (TDM) interface-specific options */ ), "och-options" ( /* Optical channel configuration options */ och_attributes /* Optical channel configuration options */ ), "otu-options" ( /* Optical transmission unit configuration options */ otu_attributes /* Optical transmission unit configuration options */ ), "odu-options" ( /* Optical data unit configuration options */ odu_attributes /* Optical data unit configuration options */ ), "ett-options" ( /* Transport ethernet client configuration options */ ett_attributes /* Transport ethernet client configuration options */ ), "fastether-options" ( /* Fast Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "auto-negotiation" /* Enable auto-negotiation */, "no-auto-negotiation" /* Don't enable auto-negotiation */, "ingress-rate-limit" arg /* Ingress rate at port */, "source-address-filter" arg /* Source address filters */.as(:oneline), "redundant-parent" ( /* Parent of this interface */ c( interface_device /* Join a redundant ethernet interface */ ) ), "ieee-802.3ad" ( /* IEEE 802.3ad */ c( "lacp" ( /* Link Aggregation Control Protocol configuration */ c( "port-priority" arg /* Priority of the port (0 ... 65535) */ ) ), interface_device /* Join an aggregated Ethernet interface */, c( "primary" /* Primary interface for link-protection mode */, "backup" /* Backup interface for link-protection mode */ ) ) ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ), "ignore-l3-incompletes" /* Ignore L3 incomplete errors */ ) ), "redundant-ether-options" ( /* Ethernet redundancy options */ c( "redundancy-group" arg /* Redundancy group of this interface */, "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "source-address-filter" arg /* Source address filters */.as(:oneline), "mru" arg /* Maximum receive packet size */, "link-speed" ( /* Link speed of individual interface that joins the RETH */ ("10m" | "100m" | "1g" | "10g") ), "minimum-links" arg /* Minimum number of active links */, "lacp" ( /* Link Aggregation Control Protocol configuration */ c( c( "active" /* Initiate transmission of LACP packets */, "passive" /* Respond to LACP packets */ ), "periodic" ( /* Timer interval for periodic transmission of LACP packets */ ("fast" | "slow") ) ) ) ) ), "aggregated-ether-options" ( /* Aggregated Ethernet interface-specific options */ c( "loopback" /* Enable loopback */, "no-loopback" /* Don't enable loopback */, "flow-control" /* Enable flow control */, "no-flow-control" /* Don't enable flow control */, "source-filtering" /* Enable source address filtering */, "no-source-filtering" /* Don't enable source address filtering */, "autostate-exclude" /* Interface will not contribute to IRB state */, "link-protection" ( /* Enable link protection mode */ c( "revertive" /* Revert back from active backup link to primary, if primary is UP */, "non-revertive" /* Do not revert back (default mode) from active backup link to primary, if primary is UP */, "backup-state" ( /* Link protection backup link state */ ("accept-data" | "discard-data" | "down") ), "rtg-config" ( /* RTG enable on AE */ c( "preempt-cutover-timer" arg /* RTG preempt-cutover-timer in seconds */ ) ) ) ), "fcoe-lag" /* Enable FIP/FCoE LAG */, "no-fcoe-lag" /* Don't enable FIP/FCoE LAG */, "source-address-filter" arg /* Source address filters */.as(:oneline), "configured-flow-control" ( /* Enable flow control */ c( "rx-buffers" ( /* Enable/Disable Rx buffers */ ("on" | "off") ), "tx-buffers" ( /* Enable/Disable Tx buffers */ ("on" | "off") ) ) ), "load-balance" ( aggregate_load_balance ), "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "neighbor" ( /* BFD neighbor address */ ipaddr /* BFD neighbor address */ ), "local-address" ( /* BFD local address */ ipaddr /* BFD local address */ ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */ ) ), "minimum-links" arg /* Minimum number of aggregated links */, "minimum-bandwidth" ( /* Minimum bandwidth configured for aggregated bundle */ c( "bw-value" arg /* Bandwidth value */, "bw-unit" ( /* Bandwidth unit */ ("bps" | "kbps" | "mbps" | "gbps") ) ) ), "targeted-options" ( /* Targeting specific options */ c( "type" ( /* Targeting type of AE bundle */ ("auto" | "manual") ), c( "logical-interface-fpc-redundancy" /* Enable FPC redundancy for logical interfaces */, "logical-interface-chassis-redundancy" /* Enable CHASSIS redundancy for logical interfaces */ ), "rebalance-periodic" ( c( "start-time" ( /* Start time of the rebalance operation ( Wall clock time ) */ date /* Start time of the rebalance operation ( Wall clock time ) */ ), "interval" arg /* Interval of the rebalance operation in hrs */ ) ), "rebalance-subscriber-granularity" arg /* Max subscriber aggregate weight */ ) ), c( "logical-interface-fpc-redundancy" /* Enable FPC redundancy for logical interfaces */, "logical-interface-chassis-redundancy" /* Enable CHASSIS redundancy for logical interfaces */ ), "rebalance-periodic" ( c( "start-time" ( /* Start time of the rebalance operation ( Wall clock time ) */ date /* Start time of the rebalance operation ( Wall clock time ) */ ), "interval" arg /* Interval of the rebalance operation in hrs */ ) ), "pad-to-minimum-frame-size" /* Pad Tx vlan tagged frame to minimum of 68 bytes */, "link-speed" ( /* Link speed of individual interface that joins the AE */ ("10m" | "100m" | "1g" | "2.5g" | "5g" | "8g" | "10g" | "25g" | "40g" | "50g" | "80g" | "100g" | "400g" | "oc192" | "mixed") ), "local-bias" ( /* Turn on local bias functionality */ c( "disable" /* Disable local-bias */ ) ), "local-minimum-links-threshold" arg /* Specify threshold for minimum links per VC/VCF member */, "resilient-hash" /* Turn on resilient-hash */, "dlb" ( /* Enable DLB on LAG */ c( c( "per-packet" /* Per-packet link assignment */, "assigned-flow" /* Fixed link assignment */, "flowlet" ( /* Inactivity-based link assignment */ c( "inactivity-interval" arg /* Minimum inactivity interval in micro-seconds for link re-assignment */ ) ) ) ) ), "lacp" ( /* Link Aggregation Control Protocol configuration */ c( c( "active" /* Initiate transmission of LACP packets */, "passive" /* Respond to LACP packets */ ), "periodic" ( /* Timer interval for periodic transmission of LACP packets */ ("fast" | "slow") ), "fast-failover" /* To turn off LACP fast-failover */, "link-protection" ( c( "disable" /* To turn off LACP link-protection */, c( "revertive" /* Switch links when better priority link comes up */, "non-revertive" /* Do not switch links when better priority link comes up */ ), "rtg-config" ( /* RTG Feature enable on AE */ c( "preempt-cutover-timer" arg /* RTG preempt-cutover-timer in seconds */ ) ) ) ), "accept-data" /* Keep receiving traffic even when LACP goes down */, "sync-reset" ( /* On minimum-link failure notify out of sync to peer */ ("disable" | "enable") ), "system-priority" arg /* Priority of the system (0 ... 65535) */, "system-id" ( /* Node's System ID, encoded as a MAC address */ mac_addr /* Node's System ID, encoded as a MAC address */ ), "admin-key" arg /* Node's administrative key */, "hold-time" ( /* Hold time for link up and link down for AE link members */ sc( "up" arg /* Link up hold time for the AE link members */ ) ).as(:oneline), "aggregate-wait-time" arg /* Aggregate wait time for the AE */, "force-up" /* Forceup AE interface with LACP */, "no-peer-loopback-validation" /* Skip MCLAG peer loop back validation for LACP PDUs on Forceup AE interface */ ) ), "link-protection-sub-group" arg ( /* Link Protection subgroup configuration */ c( c( "primary" /* Primary subgroup for N:N link-protection mode */, "backup" /* Backup subgroup for N:N link-protection mode */ ) ) ), "ethernet-switch-profile" ( /* Ethernet virtual LAN/media access control-level options */ c( "tag-protocol-id" arg /* IEEE 802.1q Tag Protocol Identifier values for VLAN-tagged frames */, "storm-control" ( /* Storm control profile name to bind */ c( arg /* Profile name */ ) ), "recovery-timeout" ( /* Recovery timeout for this interface */ sc( arg ) ).as(:oneline), "mac-learn-enable" /* Learn MAC addresses dynamically */ ) ), "mc-ae" ( /* Multi-chassis aggregation (MC-AE) network device configuration */ c( "mc-ae-id" arg /* MC-AE group id */, "redundancy-group" arg /* Redundancy group id */, "chassis-id" arg /* Chassis id of MC-AE network device */, "mode" ( /* Mode of the MC-AE */ ("active-standby" | "active-active") ), "status-control" ( /* Status of the MC-AE chassis */ ("active" | "standby") ), "switchover-mode" ( /* Switchover mode */ ("revertive" | "non-revertive") ), "revert-time" arg /* Wait interval before performing switchover */, "init-delay-time" arg /* Init delay timer for mcae sm for min traffic loss */, "recovery-delay-time" arg /* Delay timer for bringing up ICL, ICCP */, "enhanced-convergence" /* Optimized convergence time for mcae */, "events" ( /* MCAE related events */ c( "iccp-peer-down" ( /* Define behavior in the event of ICCP peer down */ c( "force-icl-down" /* Bring down ICL logical interface */, "prefer-status-control-active" /* Keep this node up (recommended only on status-control active) */ ) ) ) ) ) ), "share-standby" /* Share the resources with standby ports, needs FPC reboot to take effect */ ) ), "es-options" ( /* ES PIC interface-specific options */ c( "backup-interface" ( /* Name of backup interface */ interface_device /* Name of backup interface */ ) ) ), "dsl-options" ( /* DSL interface-specific options */ c( "operating-mode" ( /* DSL operating mode */ ("auto" | "ansi-dmt" | "itu-dmt" | "etsi" | "itu-annexb-ur2" | "itu-annexb-non-ur2" | "itu-dmt-bis" | "adsl2plus" | "annexm-itu-dmt-bis" | "annexm-adsl2plus") ) ) ), "vdsl-options" ( /* VDSL interface-specific options */ c( "vdsl-profile" ( /* VDSL profile */ ("auto" | "8a" | "8b" | "8c" | "8d" | "12a" | "12b" | "17a") ), "sra" ( /* DSL SRA */ ("enable" | "disable") ), "v43" ( /* DSL V43 tones */ ("enable" | "disable") ), "sos" /* Enable SOS */ ) ), "dsl-sfp-options" ( /* DSL SFP options */ c( "adsl-options" ( /* ADSL options */ c( "vpi" arg /* Virtual path identifier */, "vci" arg /* Virtual circuit identifier */, "encap" ( /* Encapsulation */ ("bypass" | "llcsnap-bridged-802dot1q" | "llcsnap-routed-ip" | "vc-mux-bridged" | "vc-mux-routed-ip" | "generic") ), "annex" ( /* Annex type */ ("auto" | "annexj-off") ) ) ), "vdsl-options" ( /* VDSL options */ c( "profile" ( /* VDSL profile */ ("auto" | "8a" | "8b" | "8c" | "8d" | "12a" | "12b" | "17a" | "30a") ), "carrier" ( /* Carrier setting */ ("auto" | "a43" | "b43") ) ) ), "gfast-options" ( /* G.fast options */ c( "carrier" ( /* Carrier setting */ ("a43" | "a43c" | "b43" | "b43c") ) ) ) ) ), "shdsl-options" ( /* SHDSL interface-specific options */ c( "annex" ( /* Type of SHDSL annex */ ("annex-a" | "annex-b" | "annex-f" | "annex-g" | "annex-auto") ), "line-rate" ( /* SHDSL line rate */ ("auto" | arg) ), "loopback" ( /* Loopback mode */ ("local" | "remote") ), "snr-margin" ( /* Signal to noise ratio margin */ c( "current" ( /* Current signal to noise ratio margin */ ("disable" | arg) ), "snext" ( /* SNEXT signal to noise ratio margin */ ("disable" | arg) ) ) ) ) ), "data-input" ( /* Configuration for drop-insert data input */ c( c( "system" /* Data sourced from system */, "interface" ( /* Interface that acts as data source */ interface_device /* Interface that acts as data source */ ) ) ) ), "switch-options" ( /* Front end ports configuration */ c( "switch-port" arg ( c( "auto-negotiation" /* Enable auto-negotiation */, "no-auto-negotiation" /* Don't enable auto-negotiation */, "link-mode" ( /* Link operational mode */ ("half-duplex" | "full-duplex") ), "speed" ( /* Link speed */ ("10m" | "100m" | "1g") ), "vlan-id" arg /* VLAN ID for this port */, "cascade-port" /* Port externally connected to another cascade port */ ) ) ) ), "container-options" ( /* Container interface specific options */ c( "container-type" ( /* Protocol type of the container interface */ c( c( "aps" ( /* APS options on the container */ aps_type /* APS options on the container */ ) ) ) ), "member-interface-type" ( /* Link type of members of container */ c( c( "sonet" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("oc3" | "oc12" | "oc48" | "oc192" | "oc768" | "mixed") ) ) ), "atm" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("oc3" | "oc12" | "oc48") ) ) ), "channelized-sonet" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("coc3" | "coc12" | "coc48" | "coc192" | "coc768") ) ) ), "channelized-sdh" ( c( "member-interface-speed" ( /* Link speed of members of container */ ("cstm1" | "cstm4" | "cstm16" | "coc64" | "cstm256") ) ) ) ) ) ), "redundancy" ( /* Container interface redundancy options */ c( "hold-time" ( /* Hold time for link up and link down */ sc( "up" arg /* Link up hold time */, "down" arg /* Link down hold time */ ) ).as(:oneline) ) ), "container-list" ( /* List of container interfaces this member link is associated to */ interface_device /* List of container interfaces this member link is associated to */ ), c( "primary" /* This member link is primary interface of the container */, "standby" /* This member link is standby interface of the container */ ), "fast-aps" /* Fast APS switch */, "allow-configuration-override" /* Allow physical configuration of member link to override container configuration */ ) ), "layer2-policer" ( /* Layer2 policing for interface */ c( c( "input-policer" arg /* Two-color policer for received packets */, "input-hierarchical-policer" arg /* Hierarchical policer for received packets */ ) ) ), "unit" enum(("$junos-underlying-interface-unit" | "$junos-interface-unit" | arg)) ( /* Logical interface */ c( "policer-overhead" ( /* Policer overhead adjustment for this unit */ c( arg, "ingress" arg /* Ingress value in bytes */, "egress" arg /* Egress value in bytes */ ) ), "alias" arg /* Interface alias */, "enhanced-convergence" /* Optimize convergence time for L3 */, "proxy-macip-advertisement" /* Proxy advertisement of type 2 MAC+IP route for EVPN */, "virtual-gateway-accept-data" /* Accept packets destined for virtual gateway address */, "peer-psd" ( /* Peer psd */ sc( arg /* Peer psd name */ ) ).as(:oneline), "peer-interface" ( /* Peer interface */ c( interface_unit /* Peer interface name */ ) ), "interface-shared-with" ( /* Specify which PSD owns this logical interface */ c( arg /* Name of protected system domain (psd[1-31], ex. psd2) */ ) ), ("disable"), "passive-monitor-mode" /* Use interface to tap packets from another router */, "per-session-scheduler" /* Enable per-session queuing on an IQ2 interface */, "account-layer2-overhead" ( /* Account layer2 overhead in IFL byte statistics */ c( arg, "ingress" arg /* Layer2 overhead bytes to be accounted in ingress */, "egress" arg /* Layer2 overhead bytes to be accounted in egress */ ) ), "forwarding-class-accounting" ( /* Configure Forwarding-class-accounting parameters for IFL */ c( "direction" ( /* Direction of the traffic to be accounted for IFL */ ("ingress" | "egress" | "both") ), "enhanced" ( c( "traffic-type" ( /* Traffic-type to be accounted for forwarding-class-accounting for IFL */ ("unicast-statistics" | "multicast-statistics") ), "family" ( /* Protocol traffic to be accounted for forwarding-class-accounting for IFL */ ("inet" | "inet6" | "both") ), "direction" ( /* Direction of the traffic to be accounted for forwarding-class-accounting for IFL */ ("ingress" | "egress" | "both") ), "overhead-bytes" arg /* Per octet overhead bytes to be accounted for forwarding-class-accounting for IFL */ ) ) ) ), "clear-dont-fragment-bit" /* Clear DF bit in packet (AS PIC and J-series only as well as MIF) */, "packet-inject-enable" /* Enable packet inject functionality on this IFL */, "reassemble-packets" /* Do reassembly of fragmented tunnel packets */, "services-options" /* Services interface-specific options */, "rpm" ( /* Enable RPM service on this interface */ c( c( c( "client" /* Client mode */, "server" /* Server mode */, "client-delegate-probes" /* Client delegate probe mode */ ), "twamp-server" /* Set TWAMP server mode on this interface */, "twamp-client" /* Set TWAMP client mode on this interface */ ) ) ), "description" arg /* Text description of interface */, "metadata" arg /* Text metadata attached to interface */, "dial-options" ( /* Dial options */ c( c( "l2tp-interface-id" arg /* Identifier for group of PPP sessions */, "ipsec-interface-id" arg /* Identifier for group of dynamic peers */ ), c( "dedicated" /* Use this unit for only one PPP/IPSec session */, "shared" /* Share this unit for multiple PPP/IPSec sessions */ ) ) ), "actual-transit-statistics" /* Actual transit statistics */, "demux-source" ( enum(("inet" | "inet6")) ), "demux-destination" ( enum(("inet" | "inet6")) ), "demux" ( /* Demux based on source or destination address */ c( "inet" ( /* Family inet */ c( "address" ( /* Address type */ ("source" | "destination") ), "auto-configure" ( /* Auto configuration */ dynamic_ipv4_type /* Auto configuration */ ) ) ), "inet6" ( /* Family inet6 */ c( "address" ( /* Address type */ ("source" | "destination") ), "auto-configure" ( /* Auto configuration */ dynamic_ipv6_type /* Auto configuration */ ) ) ) ) ), "encapsulation" ( /* Logical link-layer encapsulation */ ("atm-nlpid" | "atm-cisco-nlpid" | "atm-snap" | "atm-vc-mux" | "atm-ccc-vc-mux" | "atm-tcc-vc-mux" | "atm-tcc-snap" | "atm-ccc-cell-relay" | "vlan-vci-ccc" | "ether-over-atm-llc" | "ether-vpls-over-atm-llc" | "ppp-over-ether-over-atm-llc" | "ppp-over-ether" | "atm-ppp-vc-mux" | "atm-ppp-llc" | "atm-mlppp-llc" | "frame-relay-ppp" | "frame-relay-ccc" | "frame-relay" | "frame-relay-tcc" | "frame-relay-ether-type" | "frame-relay-ether-type-tcc" | "ether-vpls-fr" | "vlan-ccc" | "ethernet-ccc" | "vlan-vpls" | "vlan-bridge" | "ethernet-tcc" | "dix" | "ethernet" | "ethernet-vpls" | "ethernet-bridge" | "vlan" | "vlan-tcc" | "multilink-ppp" | "multilink-frame-relay-end-to-end" | "ppp-ccc") ), "gre" /* Allow GRE packets */, "mtu" arg /* Maximum transmission unit packet size */, c( "point-to-point" /* Point-to-point connection */, "multipoint" /* Multipoint connection */ ), "bandwidth" arg /* Logical unit bandwidth (informational only) */, "global-layer2-domainid" arg /* Global Layer-2 Identifier for this interface */, "radio-router" ( /* Parameters for dynamic link cost management */ dynamic_ifbw_parms_type /* Parameters for dynamic link cost management */ ), "traps" /* Enable SNMP notifications on state changes */, "no-traps" /* Don't enable SNMP notifications on state changes */, "routing-services" /* Enable routing services */, "no-routing-services" /* Don't enable routing services */, "routing-service" ( /* Routing Services on this interface */ c( ("enable" | "disable") ) ), "arp-resp" ( /* Knob to control ARP response on the interface, default is restricted */ sc( c( "unrestricted" /* Enable unrestricted ARP respone on the interface */, "restricted" /* Enable restricted proxy ARP response on the interface */ ) ) ).as(:oneline), "proxy-arp" ( /* Enable proxy ARP on the interface, default is unrestricted */ sc( c( "unrestricted" /* Enable unrestricted proxy ARP on the interface */, "restricted" /* Enable restricted proxy ARP on the interface */ ) ) ).as(:oneline), c( "vlan-id" ( /* Virtual LAN identifier value for 802.1q VLAN tags */ ("none" | arg) ), "vlan-id-range" arg /* Virtual LAN identifier range of form vid1-vid2 */, "inner-vlan-id-swap-ranges" arg /* Inner vlan-id swap range(s) of form vid1-vid2 for dynamic L2 VLANs */, "vlan-id-list" arg /* List of VLAN identifiers */, "vlan-tag" arg /* IEEE 802.1q tag list for VLAN tagged frames */, "vlan-tags" ( /* IEEE 802.1q tags */ sc( "outer" ( /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */ ("$junos-stacked-vlan-id" | "$junos-vlan-id" | arg) ), c( "inner" ( /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */ ("$junos-vlan-id" | arg) ), "inner-range" arg /* [tpid.]vid1-vid2, tpid format is 0xNNNN and is optional */, "inner-list" arg /* List of VLAN identifiers */ ) ) ).as(:oneline) ), "deep-vlan-qualified-learning" arg /* Enable qualified MAC-address learning on the specified vlan tag */, "native-inner-vlan-id" arg /* Native virtual LAN identifier for singly tagged frames */, "inner-vlan-id-range" ( /* Inner vlan-id range start end */ sc( "start" arg /* Inner vlan-id range's start value */, "end" arg /* Inner vlan-id range's end value */ ) ).as(:oneline), "accept-source-mac" ( /* Remote media access control address to/from which to accept traffic */ c( "mac-address" ( /* Remote MAC address */ mac_list /* Remote MAC address */ ) ) ), "input-vlan-map" ( /* VLAN map operation on input */ vlan_map /* VLAN map operation on input */ ), "output-vlan-map" ( /* VLAN map operation on output */ vlan_map /* VLAN map operation on output */ ), "swap-by-poppush" /* Pop original vlan tag and then push a new vlan tag */, "receive-lsp" arg /* Name of incoming label-switched path */, "transmit-lsp" arg /* Name of outgoing label-switched path */, "dlci" arg /* Frame Relay data-link control identifier */, "multicast-dlci" arg /* Frame Relay data-link control identifier for multicast packets */, c( "vci" ( /* ATM point-to-point virtual circuit identifier ([vpi.]vci) */ atm_vci /* ATM point-to-point virtual circuit identifier ([vpi.]vci) */ ), "allow-any-vci" /* Allow all VCIs to open in atm-ccc-cell-relay mode */, "vpi" arg /* ATM point-to-point virtual path identifier (vpi) */, "trunk-id" arg /* ATM trunk identifier */ ), "no-vpivci-swapping" /* Do not swap VPI/VCI for Cell Relay */, c( "psn-vci" ( /* PSN VCI */ atm_vci /* PSN VCI */ ), "psn-vpi" arg /* PSN VPI */ ), "atm-l2circuit-mode" ( /* Select ATM Layer 2 circuit transport mode */ sc( c( "cell" /* ATM Layer 2 circuit cell mode */, "aal5" /* ATM Layer 2 circuit AAL5 mode */ ) ) ).as(:oneline), "vci-range" ( /* ATM VCI range start end */ sc( "start" arg /* ATM VCI range's start value */, "end" arg /* ATM VCI range's end value */ ) ).as(:oneline), "trunk-bandwidth" arg /* ATM trunk bandwidth */, "multicast-vci" ( /* ATM virtual circuit identifier for multicast packets */ atm_vci /* ATM virtual circuit identifier for multicast packets */ ), "shaping" ( /* Virtual circuit traffic-shaping options */ dcd_shaping_config /* Virtual circuit traffic-shaping options */ ), "oam-period" ( /* OAM cell period */ sc( c( arg, "disable" /* Disable F5 OAM loopback */.as(:oneline) ) ) ).as(:oneline), "oam-liveness" ( /* OAM virtual circuit liveness parameters */ c( "up-count" arg /* Number of OAM cells to consider VC up */, "down-count" arg /* Number of OAM cells to consider VC down */ ) ), "ppp-options" ( /* Point-to-Point Protocol interface-specific options */ ppp_options_type /* Point-to-Point Protocol interface-specific options */ ), "pppoe-options" ( /* PPP over Ethernet interface-specific options */ pppoe_options_type /* PPP over Ethernet interface-specific options */ ), "pppoe-underlying-options" ( /* PPP over Ethernet underlying interface-specific options */ pppoe_underlying_options_type /* PPP over Ethernet underlying interface-specific options */ ), "advisory-options" ( /* Interface-specific recommendations */ advisory_options_type /* Interface-specific recommendations */ ), "auto-configure" ( /* Auto configuration */ auto_configure_vlan_type /* Auto configuration */ ), "demux-options" ( /* IP demux interface-specific options */ demux_options_type /* IP demux interface-specific options */ ), "targeted-distribution" ( /* Interface participates in targeted-distribution */ c( "primary-list" arg /* Primary targeted distribution list */, "backup-list" arg /* Backup targeted distribution list */, "standby-list" arg /* Standby targeted distribution list */ ) ), "targeted-options" ( /* Targeting specific options */ c( "weight" ( /* Targeting weight for subscriber */ ("$junos-interface-target-weight" | arg) ), "primary" ( /* Primary link for the subscriber */ interface_device /* Primary link for the subscriber */ ), "backup" ( /* Backup link for the subscriber */ interface_device /* Backup link for the subscriber */ ), "group" arg /* Group name to which the subscriber is associated */ ) ), c( "keepalives" ( /* Send or demand keepalive messages */ keepalives_type /* Send or demand keepalive messages */ ).as(:oneline), "no-keepalives" /* Do not send or demand keepalive messages */ ), "inverse-arp" /* Enable inverse ARP */, "transmit-weight" arg /* ATM2 transmit weight for VC under VP tunnel */, "epd-threshold" ( /* Early packet discard threshold for ATM2 */ epd_threshold_config /* Early packet discard threshold for ATM2 */ ).as(:oneline), "cell-bundle-size" arg /* L2 circuit cell bundle size */, "cell-bundle-timeout" arg /* L2 circuit cell bundle timeout */, "plp-to-clp" /* Enable ATM2 PLP to CLP copy */, "atm-scheduler-map" arg /* Assign ATM2 CoS scheduling map */, "mrru" arg /* Maximum received reconstructed unit */, "short-sequence" /* Short sequence number header format (MLPPP only) */, "fragment-threshold" arg /* Fragmentation threshold */, "drop-timeout" arg /* Drop timeout */, "disable-mlppp-inner-ppp-pfc" /* Disable compression for inner PPP header in MLPPP payload */, "minimum-links" arg /* Minimum number of links to sustain the bundle */, "multilink-max-classes" arg /* Number of multilink classes */, "compression" ( /* Various packet header compressions */ c( "rtp" ( /* Compress and decompress RTP */ c( "f-max-period" arg /* Maximum number of compressed packets between transmission of full headers */, "queues" ( /* Queue holding RTP packets. Default is queue 1 */ ("q0" | "q1" | "q2" | "q3") ), "port" ( /* UDP destination ports reserved for RTP packets */ sc( "minimum" arg, "maximum" arg ) ).as(:oneline), "maximum-contexts" ( /* Maximum number of simultaneous RTP contexts */ sc( arg ) ).as(:oneline) ) ) ) ), "interleave-fragments" /* Interleave long packets with high priority ones */, "link-layer-overhead" ( /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ unsigned_float /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ ), "accounting-profile" arg /* Accounting profile name */, "peer-unit" arg /* Peer unit number */, "tunnel" ( /* Tunnel parameters */ c( "encapsulation" ( /* Encapsulation over tunnel */ c( "vxlan-gpe" ( c( "source" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ), "mac-address" ( /* Interface source mac address */ mac_addr /* Interface source mac address */ ), "interface" ( /* Name of the interface */ interface_name /* Name of the interface */ ) ) ), "destination" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ), "mac-address" ( /* Interface destination mac address */ mac_addr /* Interface destination mac address */ ) ) ), "tunnel-endpoint" ( /* Tunnel end point type */ ("vxlan") ), "destination-udp-port" arg /* Value to write to the destination-udp-port field */, "vni" arg /* Value to write to the vni field */ ) ), "udp" ( /* Family for tunnel encapsulation udp */ c( "source" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ), "interface" ( /* Name of the interface */ interface_name /* Name of the interface */ ) ) ), "destination" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ) ) ) ) ), "ipip" ( /* Family for tunnel encapsulation ipip */ c( "source" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ), "interface" ( /* Name of the interface */ interface_name /* Name of the interface */ ) ) ), "destination" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ) ) ) ) ) ) ), "source" ( /* Tunnel source */ ipaddr /* Tunnel source */ ), "destination" ( /* Tunnel destination */ ipaddr /* Tunnel destination */ ), "key" arg /* Tunnel key */, "backup-destination" ( /* Backup tunnel destination */ ipaddr /* Backup tunnel destination */ ), c( "allow-fragmentation" /* Do not set DF bit on packets */, "do-not-fragment" /* Set DF bit on packets */ ), "ttl" arg /* Time to live */, "traffic-class" arg /* TOS/Traffic class field of IP-header */, "flow-label" arg /* Flow label field of IP6-header */, "path-mtu-discovery" /* Enable path MTU discovery for tunnels */, "no-path-mtu-discovery" /* Don't enable path MTU discovery for tunnels */, "routing-instance" ( /* Routing instance to which tunnel ends belong */ c( "destination" arg /* Routing instance of tunnel destination */ ) ) ) ), "compression-device" ( /* Logical interface used for compression */ interface_unit /* Logical interface used for compression */ ), "atm-policer" ( /* ATM policing for logical interface */ c( "input-atm-policer" arg /* Input atm policer */ ) ), "layer2-policer" ( /* Layer2 policing for logical interface */ c( c( "input-policer" arg /* Two-color policer for received packets */, "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "input-three-color" arg /* Color-blind three-color policer for received packets */ ), c( "output-policer" ( /* Two-color policer for transmitted packets */ ("$junos-layer2-output-policer" | arg) ), "output-three-color" ( /* Three-color policer for transmitted packets */ ("$junos-layer2-output-policer" | arg) ) ) ) ), "filter" ( /* Filters to apply to all families configured under this logical interface */ c( c( "input" ( /* Name of filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline) ), c( "output" ( /* Name of filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline) ) ) ), "multi-chassis-protection" ( /* Inter-Chassis protection configuration */ multi_chassis_protection_group_ifl /* Inter-Chassis protection configuration */ ), "statistics" /* Enable statistics collection in PFE */, "esi" ( /* ESI configuration of logical interface */ c( "auto-derive" ( /* Auto-derive ESI value for the interface */ c( c( "lacp" /* Auto-derive ESI from lacp */ ) ) ), esi /* ESI value for the interface */, c( "single-active" /* Single-active mode */, "all-active" /* All-active mode */ ), "df-election-granularity" ( /* DF Election Granularity Selection */ c( c( "per-esi" ( /* DF Election Granularity Per Esi */ c( "lacp-oos-on-ndf" /* Lacp Oos */ ) ), "per-esi-vlan" /* Per Esi Vlan */ ) ) ), "df-election-type" ( /* DF Election Type */ c( c( "preference" ( /* Preference based DF election */ c( "value" arg /* Preference value for EVPN Multihoming DF election */ ) ) ), c( "mod" /* MOD based DF election */ ) ) ), "source-bmac" ( /* Unicast Source B-MAC address per ESI for PBB-EVPN */ mac_unicast /* Unicast Source B-MAC address per ESI for PBB-EVPN */ ) ) ), c( "no-auto-virtual-gateway-esi" /* Disable auto ESI generation for virtual gateway address */, "virtual-gateway-esi" ( /* ESI configuration of virtual gateway */ c( esi /* ESI value for the interface */, c( "single-active" /* Single-active mode */, "all-active" /* All-active mode */ ) ) ) ), "service" ( /* Service operations */ c( "pcef" arg ( /* PCEF configuration */ c( "activate-all" /* Activate all rules and rulebases in the pcef profile */, "activate" arg /* Name of pcef profile rule or rulebase to activate */ ) ) ) ), "generate-eui64" /* To generate Link Local EUI-64 addresses */, "no-generate-eui64" /* Don't to generate Link Local EUI-64 addresses */, "family" ( /* Protocol family */ c( "inet" ( /* IPv4 parameters */ c( "dhcp" ( /* Dynamic Host Configuration Protocol client configuration */ dhcp_client_type /* Dynamic Host Configuration Protocol client configuration */ ), "targeted-broadcast" ( /* Directed broadcast */ c( c( "forward-and-send-to-re" /* Allow packets to be forwarded and sent to re */, "forward-only" /* Allow packets only to be forwarded */ ) ) ), "destination-class-usage" /* Enable destination class usage on this interface */, "transit-options-packets" /* Transit IP options packets (don't send to Routing Engine) */, "transit-ttl-exceeded" /* Transit IP TTL-exceeded packets (don't send to Routing Engine) */, "receive-options-packets" /* Receive IP options packets (don't send to Routing Engine) */, "receive-ttl-exceeded" /* Receive IP TTL-exceeded packets (don't send to Routing Engine) */, "accounting" ( /* Configure interface-based accounting options */ c( "source-class-usage" ( /* Enable source class usage on this interface */ c( "input" /* Specify this interface for source-class-usage input */, "output" /* Specify this interface for source-class-usage output */ ) ), "destination-class-usage" /* Enable destination class usage on this interface */ ) ), "mac-validate" ( /* Validate source MAC address */ ("strict" | "loose") ), "rpf-check" ( /* Enable reverse-path-forwarding checks on this interface */ c( "fail-filter" arg /* Name of filter applied to packets failing RPF check */, "mode" ( /* Mode for reverse path forwarding */ sc( "loose" /* Reverse-path-forwarding loose mode */ ) ).as(:oneline) ) ), "mtu" arg /* Protocol family maximum transmission unit */, "arp-max-cache" arg /* Max interface ARP nexthop cache size */, "arp-new-hold-limit" arg /* Max no. of new unresolved nexthops */, "tcp-mss" arg /* Protocol family tcp maximum segment size */, "no-redirects" /* Do not redirect traffic */, "no-neighbor-learn" /* Disable neighbor address learning on interface */, "unconditional-src-learn" /* Glean from arp packets even when source cannot be validated */, "multicast-only" /* Allow only multicast traffic (tunnels only) */, "primary" /* Candidate for primary interface in system */, "ipsec-sa" arg /* Name of security association */, "allow-filter-on-re" /* Enable kernel filter on network ports */, "demux-source" ("$junos-subscriber-ip-address" | arg) /* Demux based on source prefix */, "demux-destination" ("$junos-subscriber-ip-address" | arg) /* Demux based on destination prefix */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, "output-chain" arg /* List of filter modules applied to transmitted packets */, c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "iq-policing-filter" ( /* Protocol family ingress-queuing-policing-filter */ sc( arg /* Name of the ingress-queuing-policing-filter */ ) ).as(:oneline), "simple-filter" ( /* Filter for doing multifield classification */ c( "input" arg /* Name of simple filter applied to received packets */ ) ), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "arp" arg /* Name of policer applied to received ARP packets */, "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ), "service" ( /* Service operations */ c( "input" ( /* Service sets to consider for received packets */ c( "service-set" arg ( /* Service set to consider for received packets */ c( "service-filter" arg /* Name of service filter */ ) ), "post-service-filter" arg /* Post-service filter to apply to received packets */ ) ), "output" ( /* Service sets to consider for transmitted packets */ c( "service-set" arg ( /* Service set to consider for transmitted packets */ c( "service-filter" arg /* Name of service filter */ ) ) ) ) ) ), "next-hop-tunnel" arg ( /* One or more next-hop tunnel tables */ c( "ipsec-vpn" arg /* Name of IPSec VPN */ ) ), "tunnel-termination" /* Tunnel termination */, "address" arg ( /* Interface address/destination prefix */ c( "destination" ( /* Destination address */ ipv4addr /* Destination address */ ), "destination-profile" arg /* Profile to use for destination address */, "broadcast" ( /* Broadcast address */ ipv4addr /* Broadcast address */ ), "primary" /* Candidate for primary address in system */, "preferred" /* Preferred address on interface */, "master-only" /* Master management IP address for router */, "multipoint-destination" arg ( /* Multipoint NBMA destination */ c( c( "dlci" arg /* Frame Relay data-link control identifier */, "vci" ( /* ATM virtual circuit identifier ([vpi.]vci) */ atm_vci /* ATM virtual circuit identifier ([vpi.]vci) */ ) ), "shaping" ( /* Virtual circuit traffic-shaping options */ dcd_shaping_config /* Virtual circuit traffic-shaping options */ ), "oam-period" ( /* OAM cell period */ sc( c( arg, "disable" /* Disable OAM loopback */.as(:oneline) ) ) ).as(:oneline), "oam-liveness" ( /* OAM virtual circuit liveness parameters */ c( "up-count" arg /* Number of OAM cells to consider VC up */, "down-count" arg /* Number of OAM cells to consider VC down */ ) ), "inverse-arp" /* Enable inverse ARP reply messages */, "transmit-weight" arg /* ATM2 transmit weight for VC under VP tunnel */, "epd-threshold" ( /* Early packet discard threshold for ATM2 */ epd_threshold_config /* Early packet discard threshold for ATM2 */ ).as(:oneline) ) ), "arp" arg ( /* Static Address Resolution Protocol entries */ sc( "l2-interface" ( /* Layer 2 interface name for ARP entry */ interface_name /* Layer 2 interface name for ARP entry */ ), c( "mac" ( /* MAC address */ mac_unicast /* MAC address */ ), "multicast-mac" ( /* Multicast MAC address */ mac_multicast /* Multicast MAC address */ ) ), "publish" /* Reply to ARP requests for this entry */ ) ).as(:oneline), "host-discovery" arg ( /* Discover servers IP based on subnet range */ sc( "aging-timer" arg /* ARP aging timer */, "discovery-interval" arg /* ARP proactive discovery time */ ) ).as(:oneline), "web-authentication" ( /* Parameters for web-based firewall-user authentication */ c( "http" /* Enable authentication via HTTP */, "https" /* Enable authentication via HTTPS */, "redirect-to-https" /* Web authentication redirect to HTTPS */ ) ), "vrrp-group" ( /* VRRP group */ vrrp_group /* VRRP group */ ), "virtual-gateway-address" ( /* Virtual Gateway IP address */ ipv4addr /* Virtual Gateway IP address */ ) ) ), "unnumbered-address" ( /* Unnumbered interface address/destination prefix */ sc( interface_unit /* Interface from which to take local address */, "preferred-source-address" ( /* Preferred address on the donor interface */ ("$junos-preferred-source-address" | arg) ), "destination" ( /* Destination address */ ipv4addr /* Destination address */ ), "destination-profile" arg /* Profile to use for destination address */ ) ).as(:oneline), "location-pool-address" ( /* Location-based IP address pool */ c( arg ) ), "negotiate-address" /* Negotiate address with remote */, "destination-udp-port" arg /* Choose destination UDP port number */ ) ), "iso" ( /* OSI ISO protocol parameters */ c( "address" arg /* Interface address */, "mtu" arg /* Protocol family maximum transmission unit */, "destination-udp-port" arg /* Choose destination UDP port number */ ) ), "inet6" ( /* IPv6 protocol parameters */ c( "dhcpv6-client" ( /* Dynamic Host Configuration Protocol DHCPv6 client configuration */ c( "client-type" ( /* DHCPv6 client type */ ("stateful" | "autoconfig") ), "client-ia-type" enum(("ia-na" | "ia-pd")) /* DHCPv6 client identity association type */, "rapid-commit" /* Option is used to signal the use of the two message exchange for address assignment */, "prefix-delegating" ( /* Prefix delegating parameters */ c( "preferred-prefix-length" arg /* Client preferred prefix length */, "sub-prefix-length" arg /* The sub prefix length for LAN interfaces */ ) ), "client-identifier" ( /* DHCP Server identifies a client by client-identifier value */ sc( "duid-type" ( /* DUID identifying a client */ ("duid-llt" | "vendor" | "duid-ll") ) ) ).as(:oneline), "vendor-id" arg /* Vendor class id for the dhcpv6 client */, "req-option" enum(("dns-server" | "domain" | "ntp-server" | "time-zone" | "sip-server" | "sip-domain" | "nis-server" | "nis-domain" | "fqdn" | "vendor-spec" | "zero-touch-redirect" | "bootfile-url" | "bootfile-param")) /* DHCPV6 client requested option configuration */, "options" ( /* DHCP options */ c( "number" arg ( /* DHCP option code */ sc( c( "hex-string" arg /* Hexadecimal string */ ) ) ).as(:oneline) ) ), "retransmission-attempt" arg /* Number of attempts to retransmit the DHCPV6 client protocol packet */, "no-dns-install" /* Not propagate DNS to kernel */, "update-router-advertisement" ( /* Dhcpv6 client update rpd for prefix delegation */ c( "interface" arg ( /* Interfaces on which to delegate prefix */ c( "managed-configuration" /* Set managed address configuration */, "no-managed-configuration" /* Don't set managed address configuration */, "other-stateful-configuration" /* Set other stateful configuration */, "no-other-stateful-configuration" /* Don't set other stateful configuration */, "max-advertisement-interval" arg /* Maximum advertisement interval */, "min-advertisement-interval" arg /* Minimum advertisement interval */, "enable-recursive-dns-server-option" /* Enables the recursive DNS server option */, "no-enable-recursive-dns-server-option" /* Don't enables the recursive DNS server option */ ) ) ) ), "update-server" /* Propagate TCP/IP settings to DHCP server */ ) ), "rpf-check" ( /* Enable reverse-path-forwarding checks on this interface */ c( "fail-filter" arg /* Name of filter applied to packets failing RPF check */, "mode" ( /* Mode for reverse path forwarding */ sc( "loose" /* Reverse-path-forwarding loose mode */ ) ).as(:oneline) ) ), "accounting" ( /* Interface-based accounting options */ c( "source-class-usage" ( c( "input" /* Interface for source-class-usage input */, "output" /* Interface for source-class-usage output */ ) ), "destination-class-usage" /* Enable destination class usage on this interface */ ) ), "mtu" arg /* Protocol family maximum transmission unit */, "tcp-mss" arg /* Protocol family tcp maximum segment size */, "nd6-stale-time" arg /* Stale time to reconfirm reachability with inet6 neighbour */, "no-neighbor-learn" /* Disable neighbor address learning on interface */, "slaac-enable" /* Enable slaac on management interface */, "ndp-proxy" ( /* Enable ndp proxy on interface */ c( "interface-restricted" /* Enable ndp interface proxy restricted to interface */ ) ), "dad-proxy" ( /* DAD proxy on interface */ c( "interface-restricted" /* Enable DAD interface proxy restricted to interface */ ) ), "nd6-max-cache" arg /* Max interface ND nexthop cache size */, "nd6-new-hold-limit" arg /* Max no. of new unresolved nexthops */, "no-redirects" /* Do not redirect traffic */, "allow-filter-on-re" /* Enable kernel filter on network ports */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, "output-chain" arg /* List of filter modules applied to transmitted packets */, "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ), "service" ( /* Service operations */ c( "input" ( /* Service sets to consider for received packets */ c( "service-set" arg ( /* Service set to consider for received packets */ c( "service-filter" arg /* Name of service filter */ ) ), "post-service-filter" arg /* Post-service filter to apply to received packets */ ) ), "output" ( /* Service sets to consider for transmitted packets */ c( "service-set" arg ( /* Service set to consider for transmitted packets */ c( "service-filter" arg /* Name of service filter */ ) ) ) ) ) ), "tunnel-termination" /* Tunnel termination */, "address" arg ( /* Interface address or destination prefix */ c( "destination" ( /* Destination address */ ipv6addr /* Destination address */ ), "eui-64" /* Generate EUI-64 interface ID */, "primary" /* Candidate for primary address in system */, "preferred" /* Preferred address on interface */, "master-only" /* Master management IP address for router */, "ndp" arg ( /* Static Neighbor Discovery Protocol entries */ sc( "l2-interface" ( /* Layer 2 interface name for NDP entry */ interface_name /* Layer 2 interface name for NDP entry */ ), c( "mac" ( /* MAC address */ mac_unicast /* MAC address */ ), "multicast-mac" ( /* Multicast MAC address */ mac_multicast /* Multicast MAC address */ ) ), "publish" /* Reply to NDP requests for this entry */ ) ).as(:oneline), "vrrp-inet6-group" ( /* VRRP group */ vrrp_group /* VRRP group */ ), "web-authentication" ( /* Parameters for web-based firewall-user authentication */ c( "http" /* Enable authentication via HTTP */, "https" /* Enable authentication via HTTPS */, "redirect-to-https" /* Web authentication redirect to HTTPS */ ) ), "virtual-gateway-address" ( /* Virtual Gateway IP address */ ipv6addr /* Virtual Gateway IP address */ ), "subnet-router-anycast" /* Create a subnet roter anycast address for this address. */ ) ), "demux-source" ("$junos-subscriber-ipv6-address" | arg | "$junos-subscriber-ipv6-multi-address") /* Demux based on source prefix */, "demux-destination" ("$junos-subscriber-ipv6-address" | arg) /* Demux based on destination prefix */, "unnumbered-address" ( /* Unnumbered interface address/destination prefix */ sc( interface_unit /* Interface from which to take local address */, "preferred-source-address" ( /* Preferred address on the donor interface */ ("$junos-preferred-source-ipv6-address" | arg) ) ) ).as(:oneline), "dad-disable" /* Disable duplicate-address-detection */, "no-dad-disable" /* Don't disable duplicate-address-detection */, "destination-udp-port" arg /* Choose destination UDP port number */ ) ), "mpls" ( /* MPLS protocol parameters */ c( "mtu" arg /* Protocol family maximum transmission unit */, "maximum-labels" arg /* Protocol family maximum number of labels */, "filter" ( /* Packet filtering */ c( c( "input" arg /* Name of filter applied to received packets */, "input-list" arg /* List of filter modules applied to received packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, c( "output" arg /* Name of filter applied to transmitted packets */, "output-list" arg /* List of filter modules applied to transmitted packets */ ), "output-chain" arg /* List of filter modules applied to transmitted packets */, "group" arg /* Interface group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "destination-udp-port" arg /* Choose destination UDP port number */ ) ), "mlppp" ( /* Multilink PPP protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ ("$junos-bundle-interface-name" | arg) ), c( "service-interface" ( /* Services interface to use */ interface_device /* Services interface to use */ ), "service-device-pool" arg /* Service interface pool name to use */ ), "dynamic-profile" arg /* dynamic profile for interface to use */ ) ), "mlfr-end-to-end" ( /* Multilink Frame Relay end-to-end protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ interface_unit /* Logical interface name this link will join */ ) ) ), "mlfr-uni-nni" ( /* Multilink Frame Relay UNI NNI protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ interface_unit /* Logical interface name this link will join */ ) ) ), "ccc" ( /* Circuit cross-connect parameters */ c( "mtu" arg /* Protocol family maximum transmission unit */, "filter" ( /* Packet filtering */ c( c( "input" arg /* Name of filter applied to received packets */, "input-list" arg /* List of filter modules applied to received packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, c( "output" arg /* Name of filter applied to transmitted packets */, "output-list" arg /* List of filter modules applied to transmitted packets */ ), "output-chain" arg /* List of filter modules applied to transmitted packets */, "group" arg /* Interface group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "translate-fecn-and-becn" /* Translate FECN and BECN bits */, c( "translate-discard-eligible" /* Translate DE bit */, "translate-plp-control-word-de" /* Translate PLP to/from Martini Control DE bit */ ), "keep-address-and-control" /* Don't strip PPP address and control bytes */ ) ), "tcc" ( /* Translational cross-connect parameters */ c( "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "proxy" ( c( "inet-address" ( /* Remote host address on non-Ethernet side of Ethernet TCC */ ipv4addr /* Remote host address on non-Ethernet side of Ethernet TCC */ ) ) ), "remote" ( c( "inet-address" ( /* Remote host address on Ethernet side of Ethernet TCC */ ipv4addr /* Remote host address on Ethernet side of Ethernet TCC */ ), "mac-address" ( /* Remote host MAC address on Ethernet side of Ethernet TCC */ mac_addr /* Remote host MAC address on Ethernet side of Ethernet TCC */ ) ) ), "protocols" ( /* Protocols supported on TCC interface */ ("mpls" | "inet" | "iso" | "inet6") ) ) ), "vpls" ( /* Virtual private LAN service parameters */ c( "core-facing" /* Interface is core facing */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, "output-chain" arg /* List of filter modules applied to transmitted packets */, c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "iq-policing-filter" ( /* Protocol family ingress-queuing-policing-filter */ sc( arg /* Name of the ingress-queuing-policing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ) ) ), "bridge" ( /* Layer-2 bridging parameters */ c( "core-facing" /* Interface is core facing */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, "output-chain" arg /* List of filter modules applied to transmitted packets */, c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "iq-policing-filter" ( /* Protocol family ingress-queuing-policing-filter */ sc( arg /* Name of the ingress-queuing-policing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "interface-mode" ( /* Interface mode (access or trunk) */ ("access" | "trunk") ), "vlan-auto-sense" /* Enable VLAN auto sense on this interface */, "bridge-domain-type" ( /* Bridge domain type (svlan or bvlan) */ ("svlan" | "bvlan") ), "inter-switch-link" /* PVLAN inter switch link */, c( "vlan-id" arg /* Access mode and trunk mode VLAN membership */, "vlan-id-list" arg /* Trunk mode VLAN membership for this interface */, "inner-vlan-id-list" arg /* Trunk mode VLAN membership for this interface based on inner VLAN tag */ ), "vlan-rewrite" ( /* Specify vlan translation */ c( "translate" arg ( /* Translate incoming VLAN tag */ sc( arg ) ).as(:oneline) ) ), c( "isid-list" ( /* Specify the ISID list */ ("all-service-groups" | "all") ) ), "storm-control" ( /* Storm control profile name to bind */ c( arg /* Profile name */ ) ), "recovery-timeout" ( /* Recovery timeout for this interface */ sc( arg ) ).as(:oneline), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ) ) ), "ethernet-switching" ( /* Ethernet switching parameters */ ethernet_switching_type /* Ethernet switching parameters */ ), "fibre-channel" ( /* Fibre channel switching parameters */ fibre_channel_type /* Fibre channel switching parameters */ ), "pppoe" ( /* PPP over Ethernet underlying interface-specific options */ pppoe_underlying_options_type /* PPP over Ethernet underlying interface-specific options */ ), "any" ( /* Parameters for 'any' family */ c( "filter" ( /* Layer 2 packet filtering */ c( "input" arg /* Name of filter applied to received packets */, "group" arg /* Group to which interface belongs */ ) ) ) ) ) ), "service-domain" ( /* Service domain to which interface belongs */ ("inside" | "outside") ), "copy-tos-to-outer-ip-header" /* Copy IP payload header's ToS field to GRE delivery header */, "copy-tos-to-outer-ip-header-transit" /* Copy IP ToS field to GRE header for transit packets */, "force-control-packets-on-transit-path" /* Force control packets to follow transit path */, "load-balancing-options" ( /* AMS subunit load balancing options */ c( "preferred-active" ( /* Preferred active Interface name */ interface_device /* Preferred active Interface name */ ), "disable-hash" /* Hash based distribution is not needed for this subunit */, "hash-keys" ( c( "ingress-key" ( /* Hash Key for the ingress direction */ enum(("source-ip" | "destination-ip" | "protocol" | "iif")) ), "egress-key" ( /* Hash Key for the egress direction */ enum(("source-ip" | "destination-ip" | "protocol" | "oif")) ), "ipv6-source-prefix-length" ( /* IPv6 source prefix length for hash computation */ ("56" | "64" | "96" | "128") ) ) ) ) ), "mac" ( /* Configure logical interface MAC address */ mac_unicast /* Configure logical interface MAC address */ ), "virtual-gateway-v4-mac" ( /* Configure virtual gateway IPV4 virtual MAC address */ mac_unicast /* Configure virtual gateway IPV4 virtual MAC address */ ), "virtual-gateway-v6-mac" ( /* Configure virtual gateway IPV6 virtual MAC address */ mac_unicast /* Configure virtual gateway IPV6 virtual MAC address */ ), "forwarding-options" ( /* Aggregated Ethernet interface forwarding-options */ c( "load-balance-stateful" ( /* Stateful load balancing */ c( "per-flow" /* Enable feature */, "rebalance" arg /* Rebalancing interval */, "load-type" ( /* Load - defines the flows */ ("high" | "medium" | "low") ) ) ) ) ), "etree-ac-role" ( /* ETREE attachment circuit role */ ("root" | "leaf") ) ) ), "no-partition" ( /* Use channelizable interface as clear channel */ sc( "interface-type" ( /* Interface type */ ("e1" | "t1" | "at" | "t3" | "e3" | "ct3" | "so" | "cau4") ) ) ).as(:oneline), "partition" arg ( /* Channelized interface partition */ sc( "oc-slice" arg /* Range of SONET/SDH slices (for example, 1, 7-9) */, "timeslots" arg /* Timeslots [(1..24) for T1, (1..31) for E1]; for example, 1-3,4,9,22-24 (no spaces) */, "interface-type" ( /* Sublevel interface type */ ("ds" | "e1" | "t1" | "at" | "ct1" | "ce1" | "t3" | "ct3" | "e3" | "so" | "coc1" | "cau4" | "dc" | "bc") ) ) ).as(:oneline), "radius-options" ( /* Interface RADIUS Options */ radius_options_vlan_type /* Interface RADIUS Options */ ) ) ), interfaces_type ) ) ) ), "protocols" ( /* Routing protocol configuration */ c( "igmp" ( /* IGMP options */ c( "traceoptions" ( /* Trace options for IGMP */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("packets" | "query" | "report" | "leave" | "mtrace" | "group" | "client-notification" | "host-notification" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "maximum-transmit-rate" arg /* Maximum transmission rate (packets per second) */, "accounting" /* Enable join and leave event notification */, "interface" ("$junos-interface-name" | arg) ( /* Interface options for IGMP */ c( ("disable"), "version" arg /* Set IGMP version number on this interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "group-increment" ( /* Mask for the incrementing group IP address */ ipv4addr /* Mask for the incrementing group IP address */ ), "group-count" arg /* Number of groups */, "exclude" /* Exclude sources */, "source" arg ( /* IP multicast source address */ c( "source-increment" ( /* Mask for the incrementing source IP address */ ipv4addr /* Mask for the incrementing source IP address */ ), "source-count" arg /* Number of sources */ ) ) ) ) ) ), "ssm-map" arg /* Map for SSM translation of IGMPv1 or IGMPv2 messages */, "ssm-map-policy" ( /* SSM map policy name */ policy_algebra /* SSM map policy name */ ), "immediate-leave" /* Group removed immediately, last membership query not sent */, "promiscuous-mode" /* Accept igmp messages coming from different subnet */, "accounting" /* Enable join and leave event notification */, "no-accounting" /* Don't enable join and leave event notification */, "group-policy" ( /* Group filter applied to incoming IGMP report messages */ policy_algebra /* Group filter applied to incoming IGMP report messages */ ), "group-limit" arg /* Maximum number of (source,group) per interface */, "group-threshold" arg /* Percentage of limit at which to generate warnings */, "log-interval" arg /* Time between consecutive log messages */, "passive" ( /* Suppress sending and receiving IGMP messages */ sc( "allow-receive" /* Allow receiving IGMP messages */, "send-general-query" /* Send IGMP general query messages */, "send-group-query" /* Send IGMP group query messages */ ) ).as(:oneline), "oif-map" ( /* Output interface map */ policy_algebra /* Output interface map */ ), "distributed" /* Distributed IGMP interface */ ) ), "amt" ( /* Automatic Multicast Tunnel options for IGMP */ c( "relay" ( /* AMT relay options for IGMP */ c( "defaults" ( /* Default AMT relay options for IGMP */ c( "version" arg /* Set IGMP version number on AMT interfaces */, "ssm-map" arg /* Map for SSM translation of IGMPv1 or IGMPv2 messages */, "ssm-map-policy" ( /* SSM map policy name */ policy_algebra /* SSM map policy name */ ), "accounting" /* Enable join and leave event notification */, "no-accounting" /* Don't enable join and leave event notification */, "group-policy" ( /* Group filter applied to incoming IGMP report messages */ policy_algebra /* Group filter applied to incoming IGMP report messages */ ), "group-limit" arg /* Maximum number of (source,group) per interface */, "group-threshold" arg /* Percentage of limit at which to generate warnings */, "log-interval" arg /* Time between consecutive log messages */, "robust-count" arg /* Expected packet loss on a subnet */, "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */ ) ) ) ) ) ) ) ), "oam" ( /* Operation, Administration, and Management configuration */ c( "ethernet" ( /* OAM configuration for Ethernet */ c( "link-fault-management" ( /* 802.3ah Ethernet OAM configuration */ c( "hardware-assisted-keepalives" /* Enable delegating keepalives to hardware */, "traceoptions" ( /* Trace options for link-fault management */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "routing-socket" | "protocol" | "action-profile" | "all")) /* Tracing parameters */.as(:oneline) ) ), "action-profile" arg ( /* Define an action profile */ c( "event" ( /* Events this action profile will check */ c( "link-adjacency-loss" /* Loss of adjacency with OAM peer */, "protocol-down" /* Upper layer indication on protocol down */, "link-event-rate" ( c( "symbol-period" arg /* Rate of receiving symbol period events */, "frame-error" arg /* Rate of receiving frame error events */, "frame-period" arg /* Rate of receiving frame period events */, "frame-period-summary" arg /* Rate of receiving frame period summary events */ ) ) ) ), "action" ( /* Action to take on specified events */ c( "syslog" /* Generate syslog message */, "link-down" /* Mark the interface down for transit traffic */, "send-critical-event" /* Start sending OAM PDUs with critical event bit set */ ) ) ) ), "interface" arg ( /* Interface on which to set Ethernet OAM parameters */ c( "apply-action-profile" arg /* Apply the specified action profile on the interface */, "pdu-interval" arg /* Periodic OAM protocol data unit interval */, "loopback-tracking" /* Enable link down on loopback detection */, "detect-loc" /* Detects initial lack of adjacency formation */, "link-discovery" ( /* Mode of discovery */ ("active" | "passive") ), "pdu-threshold" arg /* Number of PDUs missed before declaring peer lost */, "remote-loopback" /* Put remote DTE into remote-loopback mode */, "negotiation-options" ( /* 802.3ah features supported on the interface */ c( "no-allow-link-events" /* Do not emit periodic PDUs detailing framing and symbol errors */, "allow-remote-loopback" /* Allow local port to be put into loopback mode */ ) ), "event-thresholds" ( /* Thresholds for sending 802.3ah events */ c( "symbol-period" arg /* Threshold for sending symbol period events */, "frame-error" arg /* Threshold for sending frame error events */, "frame-period" arg /* Threshold for sending frame period error events */, "frame-period-summary" arg /* Threshold for sending frame period summary error events */ ) ) ) ) ) ), "connectivity-fault-management" ( /* Configurations related to 802.1ag ethernet oam */ c( "performance-monitoring" ( /* Configurations related to ethernet performance monitoring */ c( "hardware-assisted-timestamping" /* Enable timestamping feature in hardware */, "delegate-server-processing" /* Delegate performance measurement request handling to PFE */, "hardware-assisted-keepalives" ( /* Enable/Disable delegating keepalives to hardware */ ("enable" | "disable") ), "hardware-assisted-pm" /* Enable inline support for performance monitoring */, "enhanced-sla-iterator" /* Enable Enhanced SLA Iterator Cycle-time */, "measurement-interval" ( /* Enables measurement-interval based PM (MEF 36 mode). Default 15 min in enhanced-cfm-mode */ ("2" | "5" | "15" | "30" | "60") ), "legacy-pm-display" /* Display Legacy PM output (for DM) in MEF mode. */, "sla-iterator-profiles" arg ( /* Configuration related to an sla monitoring iterator */ c( "disable" /* Disable the iterator profile */, "measurement-type" ( /* Choice of the type of Y.1731(SLA measurement) frame to be sent */ ("two-way-delay" | "loss" | "slm" | "statistical-frame-loss") ), "flap-trap-monitor" arg /* Configurable timer value 1-360 */, "cycle-time" arg /* Time period of an iterator profile */, "iteration-period" arg /* Maximum services under this iterator profile */, "calculation-weight" ( /* Configure delay and delay variation calculation weight */ c( "delay" arg /* Weight used in delay calculation */, "delay-variation" arg /* Weight used in delay-variation calculation */ ) ), "avg-flr-forward-threshold" ( /* Avg forward flr threshold */ c( arg, "flap-trap-monitor" arg /* Configurable timer value 1-360 */ ) ), "avg-flr-backward-threshold" ( /* Avg backward flr threshold */ c( arg, "flap-trap-monitor" arg /* Configurable timer value 1-360 */ ) ), "avg-fd-twoway-threshold" ( /* Avg frame delay threshold value */ c( arg, "flap-trap-monitor" arg /* Configurable timer value 1-360 */ ) ), "avg-fdv-twoway-threshold" ( /* Avg frame delay variance threshold */ c( arg, "flap-trap-monitor" arg /* Configurable timer value 1-360 */ ) ), "measurement-interval" ( /* Measurement-interval to be used for this PM session (MEF 36 mode) */ ("2" | "5" | "15" | "30" | "60") ), "frame-delay" ( /* Bin configuration for frame delay */ c( "num-bins" arg /* Max number of bins */, "two-way" ( /* Bin configuration for 2way frame delay */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ), "forward" ( /* Bin configuration for forward frame delay */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ), "backward" ( /* Bin configuration for backward frame delay */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ) ) ), "frame-delay-range" ( /* Bin configuration for frame delay range */ c( "num-bins" arg /* Max number of bins */, "two-way" ( /* Bin configuration for 2way frame delay range */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ), "forward" ( /* Bin configuration for forward frame delay range */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ), "backward" ( /* Bin configuration for backward frame delay range */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ) ) ), "ifdv" ( /* Bin configuration for IFDV */ c( "num-bins" arg /* Max number of bins */, "two-way" ( /* Bin configuration for 2way IFDV */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ), "forward" ( /* Bin configuration for forward IFDV */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ), "backward" ( /* Bin configuration for backward IFDV */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ) ) ), "availability" ( /* Configuration of availabilty related parameters (MEF 36 mode) */ c( "num-consecutive-pdus" arg /* Number of consecutive LM/SLM PDUs to be used in availability measurement */, "flr-threshold" arg /* FLR threshold in milli-percent to be used for evaluating availability */, "num-consecutive-intervals" arg /* Number of consecutive availability indicators to detect change in availability */, "num-consecutive-highflr" arg /* Number of consecutive availability indicators to access CHLI */ ) ) ) ), "interface" arg ( /* Name of interface for the performance monitoring */ sc( "enable-multiclass-loss-measurement" /* Disable multiclass loss measurement in hardware */, "code-point-based-lm-accounting" /* Enable code point based loss measurement in hardware */, "priority-based-lm-accounting" /* Enable priority based loss measurement in hardware */ ) ).as(:oneline), "enable-multiclass-loss-measurement" /* Disable multiclass loss measurement in hardware */, "code-point-based-lm-accounting" /* Enable code point based loss measurement in hardware */, "priority-based-lm-accounting" /* Enable priority based loss measurement in hardware */, "colorless-loss-measurement" /* Enable colorless loss measurement in hardware */ ) ), "connection-protection" ( /* Configurations related to Carrier Ethernet Transport Mode */ c( "mark-connection-protection-tlv" /* Enable marking of Connection Protection TLV */, "uhp-label-lookup" /* Enable lookup for special UHP labels */ ) ), "no-aggregate-delegate-processing" /* Do not distribute aggregate session to pfe */, "enhanced-cfm-mode" /* Enables Enhanced CFM Mode */, "expected-defect" ( /* Configure Expected Defect Parameters */ c( "rx-enable" /* Enables Expected Defect PDU processing */, "rx-max-duration" arg /* Max duration that is allowed in EDM in secs */, "tx-enable" /* Enables Expected Defect PDU transmission */, "tx-duration" arg /* Duration value in secs for Peer to suppress alarms */ ) ), "traceoptions" ( /* Trace options for connectivity fault management */ cfm_traceoptions /* Trace options for connectivity fault management */ ), "action-profile" arg ( /* Action profiles to use when one or more remote maintenance association endpoints are down */ c( "event" ( /* Events that need to be monitored */ c( "interface-status-tlv" ( /* Values that need to be monitored in interface status TLV */ ("down" | "lower-layer-down") ), "port-status-tlv" ( /* Values that need to be monitored in port status TLV */ ("blocked") ), "adjacency-loss" /* Connectivity is lost */, "rdi" /* RDI received from some MEP */, "connection-protection-tlv" ( /* Values that need to be monitored in connection protection TLV */ ("using-working-path" | "using-protection-path") ), "server-mep-defects" ( /* Defects which are monitored by Server MEP */ ("link-loss-defect" | "l2circuit-defect" | "l2vpn-defect") ), "ais-trigger-condition" ( /* Defect condition that generates alarm indication signal */ ("all-defects" | "adjacency-loss" | "cross-connect-ccm" | "erroneous-ccm" | "receive-ais") ) ) ), "action" ( c( "interface-down" /* Mark the interface as down */, "revertive-interface-down" /* Wait for CC loss-threshold to bring back the interface up */, "non-revertive-interface-down" /* Interface will not be brought up when CC is received */, "propagate-remote-mac-flush" /* Remote mac-flush */, "interface-group-down" /* Mark the interface group as down */, "asynchronous-notification" /* Generate asynchronous notification (Laser-off for optical phys) */, "log-and-generate-ais" ( c( "level" arg /* Server maintenance domain levels range */, "interval" ( /* Interval between AIS messages */ ("1s" | "1m") ), "priority" arg /* 802.1p priority of AIS packet */ ) ) ) ), "clear-action" ( c( "interface-down" ( /* Mark the interface as down */ sc( "peer-interface" /* Mark the interface as down */ ) ).as(:oneline), "propagate-remote-mac-flush" /* Remote mac flush */ ) ), "default-actions" ( /* Action that needs to be taken */ c( "interface-down" /* Bring the interface down */ ) ) ) ), "server-mep" arg ( /* Server MEP to use when generation of AIS is required to monitor different services */ c( "protocol" ( /* Protocol that needs to be monitored by Server MEP */ c( c( "l2circuit" ( /* Protocol that need to be monitored is l2circuit protocol */ sc( "interface" ( /* Interface which is participating in l2circuit service */ sc( interface_name /* Interface name */ ) ).as(:oneline) ) ).as(:oneline), "l2vpn" ( /* Protocol that need to be monitored is l2vpn protocol */ sc( "interface" ( /* Interface which is participating in l2vpn service */ sc( interface_name /* Interface name */ ) ).as(:oneline) ) ).as(:oneline), "ethernet" ( /* Protocol that need to be monitored is physical ethernet service */ sc( "interface" ( /* Interface which is going to be monitored */ sc( interface_device /* Interface name */ ) ).as(:oneline) ) ).as(:oneline) ) ) ), "action-profile" ( /* Attached action profile for this Server MEP */ c( arg /* Name of the action profile */ ) ) ) ), "policer" ( /* Rate limit Ethernet OAM packets for all sessions */ c( "continuity-check" arg /* Policer to rate limit Continuity Check Ethernet OAM messages */, "other" arg /* Policer to rate limit non Continuity Check Ethernet OAM messages */, "all" arg /* Policer to rate limit all Ethernet OAM messages */ ) ), "linktrace" ( /* Linktrace protocol global options */ c( "path-database-size" arg /* Number of linktrace reply entries to be stored per linktrace request */, "age" ( /* Time after which a stale request-response entry is deleted */ ("10s" | "30s" | "1m" | "10m" | "30m") ) ) ), "maintenance-domain" ("default-0" | "default-1" | "default-2" | "default-3" | "default-4" | "default-5" | "default-6" | "default-7" | arg) ( /* Maintenance domain configuration */ c( "bridge-domain" arg ( /* Bridge-domain information for the default maintenance domain */ sc( "vlan-id" arg /* VLAN id */ ) ).as(:oneline), "vlan" arg /* VLAN information for the default maintenance domain */.as(:oneline), "virtual-switch" arg ( /* Virtual switch Bridge-domain information for the default maintenance domain */ c( "bridge-domain" arg ( sc( "vlan-id" arg /* VLAN id */ ) ).as(:oneline) ) ), "instance" arg /* VPLS instance name for the default maintenance domain */.as(:oneline), "interface" arg /* Name of interface for the default maintenance domain */.as(:oneline), "level" arg /* Level value for maintenance domain */, "name-format" ( /* Format of maintenance domain name */ ("none" | "dns" | "mac+2oct" | "character-string") ), "mip-half-function" ( /* Half function to be implemented by MIP */ ("none" | "default" | "explicit") ), "maintenance-association" arg ( /* Maintenance association configuration */ c( "debug-session" /* Debug the CFM session */, "short-name-format" ( /* Format of Maintenance Association Name */ ("2octet" | "rfc-2685-vpn-id" | "vlan" | "character-string" | "icc") ), "protect-maintenance-association" ( /* Maintenance association used for connection protection */ sc( arg, "aps-profile" arg /* Name of the automatic-protection-switching profile */, "detect-path-type" /* Enable detection of working and protect paths */ ) ).as(:oneline), "primary-vid" ( /* VLAN id */ ("none" | arg) ), "continuity-check" ( /* Continuity check configuration */ c( "interval" ( /* Interval between continuity-check messages */ ("10ms" | "100ms" | "1s" | "10s" | "1m" | "10m" | "3.3ms") ), "loss-threshold" arg /* Number of continuity-check messages lost before marking endpoint as down */, "hold-interval" arg /* Time before flushing MEP database if no updates occur */, "port-status-tlv" /* Include port status TLV in CCM */, "interface-status-tlv" /* Include interface status TLV in CCM */, "connection-protection-tlv" /* Include connection protection OUI TLV in CCM */, "convey-loss-threshold" /* Include Loss Threshold OUI TLV in CCM */, "interface-status-send-rdi" /* Send RDI on interface operation status down in CCM */, "sendid-tlv" ( /* Include sendid-tlv in CCM/LBM/LTM */ c( "send-chassis-tlv" /* Attach Chassis ID & Mgmt Addr to CCM/LBM/LTM */ ) ) ) ), "mip-half-function" ( /* Half function to be implemented by MIP */ ("none" | "default" | "explicit" | "defer") ), "mep" arg ( /* Maintenance association endpoint configuration */ c( "interface" ( /* Name of interface */ sc( interface_unit, "vlan" arg /* Trunk port interface VLAN identifier */, c( "working" /* Monitory the primary path */, "protect" /* Monitory the protect path */ ) ) ).as(:oneline), "direction" ( /* Direction of maintenance endpoint */ ("up" | "down") ), "priority" arg /* 802.1p priority of continuity-check and link-trace packet */, "auto-discovery" /* Accept continuity-check messages from all remote MEPs */, "action-profile" arg /* Name of the action profile */, "remote-mep" arg ( /* Remote maintenance association endpoint configuration */ c( "action-profile" arg /* Name of the action profile */, "interface-group" ( /* Mark this interface group down Profile configured with action interface-group-down */ c( interface_device /* Interface device name */, "unit-list" arg /* One or more logical interface unit numbers */ ) ), "sla-iterator-profile" arg ( /* Name of the iterator profile */ c( "iteration-count" arg /* Iterations to partake for acquiring SLA measurements */, "priority" arg /* The vlan pcp value to be sent in the Y.1731 frame */, "data-tlv-size" arg /* Size of the data-tlv portion of Y.1731 frame */ ) ), "detect-loc" /* Detects initial loss of connectivity with remote mep */ ) ), "lowest-priority-defect" ( /* Lowest priority defect that is allowed to generate a fault alarm */ ("all-defects" | "mac-rem-err-xcon" | "rem-err-xcon" | "err-xcon" | "xcon" | "no-defect") ) ) ), "policer" ( /* Rate limit Ethernet OAM packets for this session */ c( "continuity-check" arg /* Policer to rate limit Continuity Check Ethernet OAM messages */, "other" arg /* Policer to rate limit non Continuity Check Ethernet OAM messages */, "all" arg /* Policer to rate limit all Ethernet OAM messages */ ) ) ) ) ) ), "sendid-tlv" ( /* Include sendid-tlv in CCM/LBM/LTM */ c( "send-chassis-tlv" /* Attach Chassis ID & Mgmt Addr to CCM/LBM/LTM */ ) ) ) ), "evcs" arg ( /* Ethernet virtual circuits configuration */ c( "evc-protocol" ( /* Signaling protocol to monitor EVC status */ sc( c( "cfm" ( /* Connectivity fault management */ sc( "maintenance-domain" arg /* Maintenance domain name */, "maintenance-association" arg /* Maintenance association name */, "mep" arg /* Identifier for maintenance association endpoint */, "faults" ( /* CFM faults to trigger ELMI */ c( "rdi" /* RDI received from some MEP */ ) ) ) ).as(:oneline), "vpls" ( /* Virtual private LAN service (BGP/LDP) */ sc( "routing-instance" arg /* Routing instance name */ ) ).as(:oneline), "l2circuit" ( /* L2circuit */ c( "interface" ( /* Name of interface forming the Layer 2 circuit */ sc( interface_name ) ).as(:oneline) ) ), "l2vpn" ( /* L2vpn */ c( "interface" ( /* Name of interface forming the Layer 2 VPN */ sc( interface_name ) ).as(:oneline) ) ) ) ) ).as(:oneline), "remote-uni-count" arg /* Number of remote UNIs in the EVC */, "async-status-msg-transmit-interval" arg /* Time interval between E-LMI async status messages per EVC */, "multipoint-to-multipoint" /* Multipoint to Multipoint EVC */ ) ), "lmi" ( /* Ethernet local management interface configuration */ c( "traceoptions" ( /* Trace options for ethernet local management interface */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "routing-socket" | "protocol" | "init" | "error" | "packet" | "all")) /* Tracing parameters */.as(:oneline) ) ), "status-counter" arg /* E-LMI status counter (N393) */, "polling-verification-timer" arg /* Polling verification timer (T392) */, "interface" arg ( /* Interface options */ c( "uni-id" arg /* UNI identifier */, "status-counter" arg /* E-LMI status counter (N393) */, "polling-verification-timer" arg /* Polling verification timer (T392) */, "evc-map-type" ( /* CE-VLAN ID/EVC map type */ ("all-to-one-bundling" | "service-multiplexing" | "bundling") ), "evc" arg ( /* EVC configuration */ c( "default-evc" /* Default EVC */, "vlan-list" arg /* Vlans mapped to this EVC */ ) ) ) ) ) ), "fnp" ( /* Failure notification protocol configuration */ c( "traceoptions" ( /* Tracing options for FNP */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("events" | "pdu" | "timers" | "error" | "all")) /* Tracing parameters */.as(:oneline) ) ), "interval" ( /* Interval between FNP messages */ ("100ms" | "1s" | "10s" | "1m" | "10m") ), "loss-threshold" arg /* Number of FNP messages lost before clearing FNP state */, "interface" arg ( /* Interface configuration */ c( "domain-id" arg /* Ethernet domain identifier */ ) ) ) ) ) ), "gre-tunnel" ( c( "traceoptions" ( /* Trace options for GRE keepalives */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "routing-socket" | "protocol" | "snmp" | "all")) /* Tracing parameters */.as(:oneline) ) ), "interface" arg ( c( "keepalive-time" arg /* Keepalive time */, "hold-time" arg /* Hold time */ ) ) ) ) ) ), "mld" ( /* MLD options */ c( "traceoptions" ( /* Trace options for MLD */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("packets" | "query" | "report" | "leave" | "mtrace" | "group" | "client-notification" | "host-notification" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "maximum-transmit-rate" arg /* Maximum transmission rate (packets per second) */, "accounting" /* Enable join and leave event notification */, "interface" ("$junos-interface-name" | arg) ( /* Interface options for MLD */ c( ("disable"), "version" arg /* Set mld version number on this interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "group-increment" ( /* Mask for the incrementing group IP address */ ipv6addr /* Mask for the incrementing group IP address */ ), "group-count" arg /* Number of groups */, "exclude" /* Exclude sources */, "source" arg ( /* IP multicast source address */ c( "source-increment" ( /* Mask for the incrementing source IP address */ ipv6addr /* Mask for the incrementing source IP address */ ), "source-count" arg /* Number of sources */ ) ) ) ) ) ), "ssm-map" arg /* Map for ssm translation of mld v1 messages */, "ssm-map-policy" ( /* SSM map policy name */ policy_algebra /* SSM map policy name */ ), "immediate-leave" /* Group removed immediately, last membership query not sent */, "group-policy" ( /* Group filter applied to incoming mld report messages */ policy_algebra /* Group filter applied to incoming mld report messages */ ), "group-limit" arg /* Maximum number of (source,group) per interface */, "group-threshold" arg /* Percentage of group-limit at which to start generating warnings */, "log-interval" arg /* Time between consecutive log messages */, "accounting" /* Enable join and leave event notification */, "no-accounting" /* Don't enable join and leave event notification */, "passive" ( /* Suppress sending and receiving mld messages */ sc( "allow-receive" /* Allow receiving mld messages */, "send-general-query" /* Send mld general query messages */, "send-group-query" /* Send mld group query messages */ ) ).as(:oneline), "oif-map" ( /* Output interface map */ policy_algebra /* Output interface map */ ), "distributed" /* Distributed MLD interface */ ) ) ) ), "pim" ( /* PIM configuration */ juniper_protocols_pim /* PIM configuration */ ), "router-advertisement" ( /* IPv6 router advertisement options */ c( "traceoptions" ( /* Trace options for router advertisement */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) /* Tracing parameters */.as(:oneline) ) ), "interface" ("$junos-interface-name" | arg) ( /* Interfaces on which to configure router advertisement */ c( "preference" ( /* Set the Preference for Router Selection */ ("medium" | "high" | "low") ), "max-advertisement-interval" arg /* Maximum advertisement interval */, "min-advertisement-interval" arg /* Minimum advertisement interval */, "managed-configuration" /* Set managed address configuration */, "no-managed-configuration" /* Don't set managed address configuration */, "other-stateful-configuration" /* Set other stateful configuration */, "no-other-stateful-configuration" /* Don't set other stateful configuration */, "link-mtu" /* Link MTU */, "no-link-mtu" /* Don't link MTU */, "solicit-router-advertisement-unicast" /* Enbale solicited router advertisement as unicast */, "reachable-time" arg /* Reachable time */, "retransmit-timer" arg /* Retransmit timer */, "virtual-router-only" /* Send advertisemnets only for vrrp-inet6-group */, "current-hop-limit" arg /* Current hop limit */, "default-lifetime" arg /* Router lifetime */, "dns-server-address" ("$junos-ipv6-dns-server-address" | arg) ( /* Recursive DNS address configuration */ c( "lifetime" arg /* DNS address lifetime */ ) ), "prefix" arg ( /* Prefix configuration */ c( "valid-lifetime" arg /* Valid lifetime (fixed) */, "on-link" /* Set on-link flag */, "no-on-link" /* Don't set on-link flag */, "preferred-lifetime" arg /* Preferred lifetime (fixed) */, "autonomous" /* Set autonomous flag */, "no-autonomous" /* Don't set autonomous flag */ ) ), "dns-search-list" arg ( /* DNS search list configuration */ c( "lifetime" arg /* DNS search list lifetime */ ) ), "rio-prefix" arg ( /* Route information option configuration */ c( "rio-lifetime" arg /* Route information lifetime */, "rio-preference" ( /* Set the preference for route information */ ("medium" | "high" | "low") ) ) ) ) ), "ra-secure" ( /* Protect box against rogue incoming RA messages */ c( "accept-current-hop-limit-min" arg /* Current hop limit acceptable min for incoming RA */, "accept-current-hop-limit-max" arg /* Current hop acceptable min for incoming RA */, "accept-reachable-time-min" arg /* Reachable Time acceptable min for incoming RA */, "accept-reachable-time-max" arg /* Reachable Time acceptable max for incoming RA */, "accept-retransmit-time-min" arg /* Retransmit Time acceptable min for incoming RA */, "accept-retransmit-time-max" arg /* Retransmit Time acceptable min for incoming RA */ ) ) ) ) ) ), "class-of-service" ( /* Class-of-service configuration */ juniper_class_of_service_options /* Class-of-service configuration */ ), "routing-options" ( /* Protocol-independent routing option configuration */ c( "rib" arg ( /* Routing table options */ c( "static" ( /* Static routes */ c( "rib-group" arg /* Routing table group */, "defaults" ( /* Global route options */ c( "retain" /* Always keep route in forwarding table */, "no-retain" /* Don't always keep route in forwarding table */, "install" /* Install route into forwarding table */, "no-install" /* Don't install route into forwarding table */, "readvertise" /* Mark route as eligible to be readvertised */, "no-readvertise" /* Don't mark route as eligible to be readvertised */, "resolve" /* Allow resolution of indirectly connected next hops */, "no-resolve" /* Don't allow resolution of indirectly connected next hops */, "longest-match" /* Always use longest prefix match to resolve next hops */, "no-longest-match" /* Don't always use longest prefix match to resolve next hops */, c( "active" /* Remove inactive route from forwarding table */, "passive" /* Retain inactive route in forwarding table */ ), "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ) ) ), "route" arg ( /* Static route */ c( c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "reject" /* Drop packets to destination; send ICMP unreachables */, "discard" /* Drop packets to destination; send no ICMP unreachables */, "receive" /* Install a receive route for the destination */, "next-table" arg /* Next hop to another table */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ), "backup-pe-group" arg /* Multicast source redundancy group */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "neighbor" ( /* BFD neighbor address */ ipaddr /* BFD neighbor address */ ), "local-address" ( /* BFD local address (for multihop only) */ ipaddr /* BFD local address (for multihop only) */ ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */, "minimum-receive-ttl" arg /* Minimum receive TTL below which to drop */ ) ), "retain" /* Always keep route in forwarding table */, "no-retain" /* Don't always keep route in forwarding table */, "install" /* Install route into forwarding table */, "no-install" /* Don't install route into forwarding table */, "readvertise" /* Mark route as eligible to be readvertised */, "no-readvertise" /* Don't mark route as eligible to be readvertised */, "resolve" /* Allow resolution of indirectly connected next hops */, "no-resolve" /* Don't allow resolution of indirectly connected next hops */, "longest-match" /* Always use longest prefix match to resolve next hops */, "no-longest-match" /* Don't always use longest prefix match to resolve next hops */, c( "active" /* Remove inactive route from forwarding table */, "passive" /* Retain inactive route in forwarding table */ ), "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ), "lsp-next-hop" ( /* LSP next hop */ lsp_nh_obj /* LSP next hop */ ), "p2mp-lsp-next-hop" ( /* Point-to-multipoint LSP next hop */ lsp_nh_obj /* Point-to-multipoint LSP next hop */ ), "spring-te-lsp-next-hop" ( /* SPRING-TE LSP next hop */ springte_lsp_nh_obj /* SPRING-TE LSP next hop */ ), "p2mp-ldp-next-hop" ( /* Point-to-multipoint LDP LSP next hop */ p2mp_ldp_lsp_nh_obj /* Point-to-multipoint LDP LSP next hop */ ), "static-lsp-next-hop" ( /* Static LSP next hop */ lsp_nh_obj /* Static LSP next hop */ ) ) ), "static-route" ( /* Static route Status */ sc( "bfd-admin-down" ( /* Static route State on BFD ADMIN DOWN */ ("active" | "passive") ) ) ).as(:oneline), "iso-route" arg ( /* ISO family static route */ c( c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "reject" /* Drop packets to destination; send ICMP unreachables */, "discard" /* Drop packets to destination; send no ICMP unreachables */, "receive" /* Install a receive route for the destination */, "next-table" arg /* Next hop to another table */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ), "backup-pe-group" arg /* Multicast source redundancy group */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "neighbor" ( /* BFD neighbor address */ ipaddr /* BFD neighbor address */ ), "local-address" ( /* BFD local address (for multihop only) */ ipaddr /* BFD local address (for multihop only) */ ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */, "minimum-receive-ttl" arg /* Minimum receive TTL below which to drop */ ) ), "retain" /* Always keep route in forwarding table */, "no-retain" /* Don't always keep route in forwarding table */, "install" /* Install route into forwarding table */, "no-install" /* Don't install route into forwarding table */, "readvertise" /* Mark route as eligible to be readvertised */, "no-readvertise" /* Don't mark route as eligible to be readvertised */, "resolve" /* Allow resolution of indirectly connected next hops */, "no-resolve" /* Don't allow resolution of indirectly connected next hops */, "longest-match" /* Always use longest prefix match to resolve next hops */, "no-longest-match" /* Don't always use longest prefix match to resolve next hops */, c( "active" /* Remove inactive route from forwarding table */, "passive" /* Retain inactive route in forwarding table */ ), "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ), "lsp-next-hop" ( /* LSP next hop */ lsp_nh_obj /* LSP next hop */ ), "p2mp-lsp-next-hop" ( /* Point-to-multipoint LSP next hop */ lsp_nh_obj /* Point-to-multipoint LSP next hop */ ), "spring-te-lsp-next-hop" ( /* SPRING-TE LSP next hop */ springte_lsp_nh_obj /* SPRING-TE LSP next hop */ ), "p2mp-ldp-next-hop" ( /* Point-to-multipoint LDP LSP next hop */ p2mp_ldp_lsp_nh_obj /* Point-to-multipoint LDP LSP next hop */ ) ) ), "route-target-filter" arg ( /* Route-target-filter route */ c( "neighbor" arg /* BGP peers for filter */, "group" arg /* BGP groups for filter */, "local" /* Locally originated filter */ ) ) ) ), "martians" ( /* Invalid routes */ martian_type /* Invalid routes */ ), "aggregate" ( /* Coalesced routes */ rib_aggregate_type /* Coalesced routes */ ), "generate" ( /* Route of last resort */ rib_aggregate_type /* Route of last resort */ ), c( "maximum-routes" ( /* Maximum number of routes */ sc( arg, c( "threshold" arg /* Percentage of limit at which to start generating warnings */, "log-only" /* Generate warning messages only */ ), "log-interval" arg /* Minimum interval between log messages */ ) ).as(:oneline), "maximum-paths" ( /* Maximum number of paths */ sc( arg, c( "threshold" arg /* Percentage of limit at which to start generating warnings */, "log-only" /* Generate warning messages only */ ), "log-interval" arg /* Minimum interval between log messages */ ) ).as(:oneline) ), "maximum-prefixes" ( /* Maximum number of prefixes */ sc( arg, c( "threshold" arg /* Percentage of limit at which to start generating warnings */, "log-only" /* Generate warning messages only */ ), "log-interval" arg /* Minimum interval between log messages */ ) ).as(:oneline), "multipath" ( /* Protocol-independent load balancing */ c( "vpn-unequal-cost" ( /* Include VPN routes with unequal IGP metrics */ sc( "equal-external-internal" /* Include external and internal VPN routes */ ) ).as(:oneline), "as-path-compare" /* Compare AS path sequences in addition to AS path length */, "preserve-nexthop-hierarchy" /* Force multipath to create List nexthop */ ) ), "policy-multipath" ( /* Policy based multipath */ c( "policy" ( /* Import policy to create policy based multipath */ policy_algebra /* Import policy to create policy based multipath */ ), "traceoptions" ( /* Trace options */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("route")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ) ) ), "protect" ( /* Protocol-independent protection */ sc( "core" /* Protect against unreachability to service-edge router */ ) ).as(:oneline), "access" ( /* Access routes */ c( "route" arg ( /* Access route */ c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ), "metric" arg /* Metric value */, "preference" arg /* Preference value */, "tag" arg /* Tag string */, "tag2" arg /* Tag2 string */ ) ) ) ), "access-internal" ( /* Access-internal routes */ c( "route" arg ( /* Access-internal route */ c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ) ) ) ) ), "bgp-static" ( /* Routes for BGP static advertisements */ c( "route" arg ( /* BGP-static route */ c( "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ) ) ) ) ), "flow" ( /* Locally defined flow routing information */ c( "validation" ( /* Flow route validation options */ flow_validation /* Flow route validation options */ ), "route" ( /* Flow route */ flow_route_inet6 /* Flow route */ ), "security-group" arg ( /* Security groups */ c( "rule" ( /* Flow route */ flow_rule_inet6 /* Flow route */ ) ) ), "interface-group" ( /* Interface-group for applying flow-spec filter */ flow_interface_group /* Interface-group for applying flow-spec filter */ ), "discard-action-for-unresolved-redir-addr" /* For action redirect IP if redirect address is unresolved install discard action filter */, "per-route-accounting" /* Enable traffic accounting per flowspec route */, "no-per-route-accounting" /* Don't enable traffic accounting per flowspec route */ ) ), "label" ( /* Label processing */ c( "allocation" ( /* Label allocation policy */ policy_algebra /* Label allocation policy */ ), "substitution" ( /* Label substitution policy */ policy_algebra /* Label substitution policy */ ) ) ) ) ), "access" ( /* Access routes */ c( "route" arg ( /* Access route */ c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ), "metric" arg /* Metric value */, "preference" arg /* Preference value */, "tag" arg /* Tag string */, "tag2" arg /* Tag2 string */ ) ) ) ), "access-internal" ( /* Access-internal routes */ c( "route" arg ( /* Access-internal route */ c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ) ) ) ) ), "multicast" ( /* Global multicast options */ c( "traceoptions" ( /* Global multicast trace options */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("parse" | "config-internal" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "rpf" arg, "scope" arg ( /* Multicast address scope */ c( "prefix" ( /* Administratively scoped address */ ipprefix /* Administratively scoped address */ ), "interface" ( /* Interface on which to configure scoping */ interface_name /* Interface on which to configure scoping */ ) ) ), "scope-policy" ( /* Scoping policy */ policy_algebra /* Scoping policy */ ), "flow-map" arg ( /* Multicast flow map configuration */ c( "policy" ( /* Policy for matched flows */ policy_algebra /* Policy for matched flows */ ), "bandwidth" ( /* Bandwidth properties for matched flows */ sc( arg /* Static or default bandwidth for the matched flows */, "adaptive" /* Auto-sense bandwidth for matched flows */ ) ).as(:oneline), "redundant-sources" ( /* Redundant source addresses */ ipaddr /* Redundant source addresses */ ), "forwarding-cache" ( /* Forwarding cache properties for matched flows */ c( "timeout" ( /* Timeout properties for matched flows */ sc( c( arg, "never" ( /* Forwarding cache entries never time out */ c( "non-discard-entry-only" /* Apply only to non-discard entries */ ) ) ) ) ).as(:oneline) ) ) ) ), "resolve-filter" ( /* Multicast resolve policy filter */ policy_algebra /* Multicast resolve policy filter */ ), "ssm-groups" ( /* Source-specific multicast group ranges */ ipprefix /* Source-specific multicast group ranges */ ), "cont-stats-collection-interval" arg /* IGMP/MLD continuous statistics collection interval */, "asm-override-ssm" /* Allow ASM state for SSM group ranges */, "rpf-check-policy" ( /* Disable RPF check for a source group pair */ policy_algebra /* Disable RPF check for a source group pair */ ), "pim-to-igmp-proxy" ( /* PIM-to-IGMP proxy */ c( "upstream-interface" ( /* Upstream interface list */ interface_name /* Upstream interface list */ ) ) ), "pim-to-mld-proxy" ( /* PIM-to-MLD proxy */ c( "upstream-interface" ( /* Upstream interface list */ interface_name /* Upstream interface list */ ) ) ), "forwarding-cache" ( /* Multicast forwarding cache */ c( "allow-maximum" /* Allow maximum of global and family level threshold values for suppress and reuse */, "family" enum(("inet" | "inet6")) ( /* Protocol family */ c( "threshold" ( /* Multicast forwarding cache suppress threshold */ c( "suppress" arg /* Suppress threshold */, "reuse" arg /* Reuse threshold */, "mvpn-rpt-suppress" arg /* MVPN RP tree entry suppress threshold */, "mvpn-rpt-reuse" arg /* MVPN RP tree entry reuse threshold */, "log-warning" arg /* Percentage at which to start generating warnings */ ) ) ) ), "threshold" ( /* Threshold */ c( "suppress" arg /* Suppress threshold */, "reuse" arg /* Reuse threshold */, "mvpn-rpt-suppress" arg /* MVPN RP tree entry suppress threshold */, "mvpn-rpt-reuse" arg /* MVPN RP tree entry reuse threshold */, "log-warning" arg /* Percentage at which to start generating warnings */ ) ), "timeout" arg /* Forwarding cache entry timeout in minutes */ ) ), "interface" ( /* Multicast interface options */ multicast_interface_options_type /* Multicast interface options */ ), "ssm-map" arg ( /* SSM map definitions */ c( "policy" ( /* Policy for matching group */ policy_algebra /* Policy for matching group */ ), "source" ( /* One or more source addresses */ ipaddr /* One or more source addresses */ ) ) ), "stream-protection" ( /* Multicast only Fast Re-Route */ c( "mofrr-primary-path-selection-by-routing" /* Multicast only Fast Re-Route primary path by Routing */, "mofrr-disjoint-upstream-only" /* Multicast only Fast Re-Route disjoint upstream only */, "mofrr-no-backup-join" /* Multicast only Fast Re-Route no backup join */, "mofrr-asm-starg" /* Multicast only Fast Re-Route asm (*,G) */, "policy" ( /* MoFRR Policy */ policy_algebra /* MoFRR Policy */ ) ) ), "backup-pe-group" arg ( /* Backup PE group definitions */ c( "backups" ( /* One or more IP addresses */ ipaddr /* One or more IP addresses */ ), "local-address" ( /* Address to be used as local-address for this group */ ipaddr /* Address to be used as local-address for this group */ ) ) ), "omit-wildcard-address" /* Omit wildcard source/group fields in SPMSI AD NLRI */, "local-address" ( /* Local address for PIM and MVPN sessions */ ipv4addr /* Local address for PIM and MVPN sessions */ ) ) ) ) ), "firewall" ( /* Define a firewall configuration */ c( "family" ( /* Protocol family */ c( "inet" ( /* Protocol family IPv4 for firewall filter */ c( "dialer-filter" ( /* Define an IPv4 dialer filter */ inet_dialer_filter /* Define an IPv4 dialer filter */ ), "prefix-action" ( /* Define a prefix action */ prefix_action /* Define a prefix action */ ), "filter" ( /* Define an IPv4 firewall filter */ inet_filter /* Define an IPv4 firewall filter */ ), "template" ( /* Define an Inet firewall template */ inet_template /* Define an Inet firewall template */ ), "simple-filter" ( /* Define an IPv4 firewall simple filter */ inet_simple_filter /* Define an IPv4 firewall simple filter */ ), "service-filter" ( /* One or more IPv4 service filters */ inet_service_filter /* One or more IPv4 service filters */ ), "fast-update-filter" ( /* One or more fast update filters */ inet_fuf /* One or more fast update filters */ ) ) ), "inet6" ( /* Protocol family IPv6 for firewall filter */ c( "dialer-filter" ( /* Define an IPv6 dialer filter */ inet6_dialer_filter /* Define an IPv6 dialer filter */ ), "filter" ( /* Define an IPv6 firewall filter */ inet6_filter /* Define an IPv6 firewall filter */ ), "service-filter" ( /* One or more IPv6 service filters */ inet6_service_filter /* One or more IPv6 service filters */ ), "fast-update-filter" ( /* One or more fast update filters */ inet6_fuf /* One or more fast update filters */ ), "template" ( /* Define an Inet6 firewall template */ inet6_template /* Define an Inet6 firewall template */ ) ) ), "mpls" ( /* Protocol family MPLS for firewall filter */ c( "dialer-filter" ( /* Define an mpls dialer filter */ mpls_dialer_filter /* Define an mpls dialer filter */ ), "filter" ( mpls_filter ), "template" ( /* Define an MPLS firewall template */ mpls_template /* Define an MPLS firewall template */ ) ) ), "vpls" ( /* Protocol family VPLS for firewall filter */ c( "filter" ( vpls_filter ) ) ), "evpn" ( /* Protocol family EVPN for firewall filter */ c( "filter" ( vpls_filter ) ) ), "bridge" ( /* Protocol family BRIDGE for firewall filter */ c( "filter" ( bridge_filter ) ) ), "ccc" ( /* Protocol family CCC for firewall filter */ c( "filter" ( ccc_filter ) ) ), "any" ( /* Protocol-independent filter */ c( "filter" ( /* Define a protocol independent filter */ any_filter /* Define a protocol independent filter */ ), "template" ( /* Define Protocol independent filter template */ any_template /* Define Protocol independent filter template */ ) ) ), "ethernet-switching" ( /* Protocol family Ethernet Switching for firewall filter */ c( "filter" ( /* Define an Ethernet Switching firewall filter */ es_filter /* Define an Ethernet Switching firewall filter */ ), "template" ( /* Define an ethernet switching firewall template */ es_template /* Define an ethernet switching firewall template */ ) ) ) ) ), "policer" ( /* Policer template definition */ firewall_policer /* Policer template definition */ ), "flexible-match" ( /* Flexible packet match template definition */ firewall_flexible_match /* Flexible packet match template definition */ ), "tunnel-end-point" ( /* Tunnel end-point template definition */ tunnel_end_point /* Tunnel end-point template definition */ ), "hierarchical-policer" ( /* Hierarchical policer template definition */ firewall_hierpolicer /* Hierarchical policer template definition */ ), "interface-set" ( /* Interface set definition */ interface_set_type /* Interface set definition */ ), "load-balance-group" ( /* Load-balance group definition */ firewall_load_balance_group /* Load-balance group definition */ ), "atm-policer" ( /* Atm policer */ atm_policer_type /* Atm policer */ ), "three-color-policer" ( /* Three-color policer */ three_color_policer_type /* Three-color policer */ ), "filter" ( /* Define an IPv4 firewall filter */ inet_filter /* Define an IPv4 firewall filter */ ) ) ), "services" ( /* Service PIC applications settings */ c( "aacl" ( /* Application Aware Access List services configuration */ c( "rule" ( /* One or more AACL rules */ aacl_rule_object /* One or more AACL rules */ ), "rule-set" arg ( /* Define a Set of AACL rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ), "aacl-dyn-rule-set" arg ( /* Define a set of AACL dynamic rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ) ) ), "captive-portal-content-delivery" ( /* Configuration for captive portal and content delivery service */ c( "auto-deactivate" arg /* Deactivate content delivery service */, "rule" ( /* Define a captive portal content delivery rule */ cpcd_rule_object_type /* Define a captive portal content delivery rule */ ), "rule-set" arg ( /* Define a set of captive portal content delivery rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ), "profile" arg ( /* One or more rule/rule set in the profile */ c( c( "dynamic" /* Dynamic profile flag */, "cpcd-rules" arg /* List of captive portal content delivery rules */, "cpcd-rule-sets" arg /* List of captive portal content delivery rule sets */ ), "ipda-rewrite-options" ( /* Ipda rewrite options */ c( "destination-address" ( /* Default ipda rewrite IP address */ ipaddr /* Default ipda rewrite IP address */ ), "destination-port" arg /* Default ipda rewrite port */ ) ), "http-redirect-options" ( /* Http redirect options */ c( arg /* URL of the captive portal file */ ) ), "auto-deactivate" ( /* Deactivate content delivery service */ ("never" | "initial-get") ) ) ), "traceoptions" ( /* Captive portal and content delivery trace options */ cpcd_trace_options_type /* Captive portal and content delivery trace options */ ) ) ) ) ), "profile-variable-set" ( /* Dynamic profiles variable configuration */ juniper_dynamic_profile_varset_object /* Dynamic profiles variable configuration */ ), "policy-options" ( /* Routing policy option configuration */ c( "prefix-list" arg ( /* Define a named set of address prefixes */ c( prefix_list_items, "apply-path" arg /* Apply IP prefixes from a configuration statement */ ) ) ) ), "extensible-subscriber-services" ( /* Extensible subscriber services */ c( "vsas" arg /* Service VSAs */ ) ), "access-cac" ( /* Access ucac configuration */ c( "interface" ( /* Access ucac interface options */ access_cac_interface_options /* Access ucac interface options */ ) ) ), "profile-type" ( /* Profile type */ c( "remote-device-service" /* Service profile to be programmed on a remote device */ ) ) ) ) end rule(:access_cac_interface_options) do arg.as(:arg) ( c( "multicast-video-bandwidth" ( /* Maximum multicast bandwidth for the interface */ sc( arg /* Bandwidth used in access cac configuration */ ) ).as(:oneline), "video-bandwidth" ( /* Maximum video bandwidth for the interface */ sc( arg /* Bandwidth used in access cac configuration */ ) ).as(:oneline), c( "no-qos-adjust" /* No qos adjustment */, "qos-adjust-hierarchical" ( /* Ucac interface set configuration */ c( "interface-set" /* Enable hierarchical adjust on iflset */ ) ) ), "multicast-video-policy" arg ( /* Mcast video policy */ c( "family" ( /* Access cac multicast policy family */ c( c( "inet" ( /* Family inet */ c( "source" ( /* One or more multicast source addresses */ ipv4addr /* One or more multicast source addresses */ ), "group" ( /* One or more multicast group addresses */ ipv4addr /* One or more multicast group addresses */ ) ) ), "inet6" ( /* Family inet6 */ c( "source" ( /* One or more multicast source addresses */ ipv6addr /* One or more multicast source addresses */ ), "group" ( /* One or more multicast group addresses */ ipv6addr /* One or more multicast group addresses */ ) ) ) ) ) ), "bandwidth" ( /* Maximum video bandwidth for the interface */ c( arg /* Bandwidth used in access cac configuration */ ) ), "adaptive" /* Use multicast real traffic rate */ ) ) ) ) end rule(:base_default_variable_object) do ("igmp-enable" | "igmp-access-group-name" | "igmp-access-source-group-name" | "igmp-version" | "igmp-immediate-leave" | "mld-access-group-name" | "mld-access-source-group-name" | "mld-immediate-leave" | "input-filter" | "output-filter" | "input-interface-filter" | "output-interface-filter" | "input-ipv6-filter" | "output-ipv6-filter" | "adf-rule-v4" | "adf-rule-v6" | "cos-scheduler-map" | "cos-shaping-rate" | "cos-guaranteed-rate" | "cos-delay-buffer-rate" | "cos-traffic-control-profile" | "cos-shaping-mode" | "cos-byte-adjust" | "cos-scheduler" | "cos-scheduler-pri" | "cos-scheduler-dropfile-low" | "cos-scheduler-dropfile-medium-low" | "cos-scheduler-dropfile-medium-high" | "cos-scheduler-dropfile-high" | "cos-scheduler-dropfile-any" | "cos-scheduler-excess-rate" | "cos-scheduler-explicit-congestion-notification" | "cos-scheduler-excess-priority" | "cos-adjust-minimum" | "cos-excess-rate-high" | "cos-excess-rate-low" | "cos-shaping-rate-burst" | "cos-byte-adjust-frame" | "cos-byte-adjust-cell" | "cos-shaping-rate-priority-high" | "cos-shaping-rate-priority-high-burst" | "cos-shaping-rate-priority-medium" | "cos-shaping-rate-priority-medium-burst" | "cos-shaping-rate-priority-low" | "cos-shaping-rate-priority-low-burst" | "cos-shaping-rate-excess-high" | "cos-shaping-rate-excess-high-burst" | "cos-shaping-rate-excess-low" | "cos-shaping-rate-excess-low-burst" | "cos-guaranteed-rate-burst" | "cos-traffic-control-profile-remaining" | "routing-instances" | "pim-enable" | "interface-mtu" | "inner-vlan-tag-protocol-id" | "routing-services" | "aggregation-interface-set-name" | "interface-set-name" | "default-interface-set-name" | "phy-ifd-interface-set-name" | "phy-ifd-underlying-intf-set-name").as(:arg) ( c( arg /* Default value for predefined variable */ ) ) end rule(:cfm_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "routing-socket" | "protocol" | "init" | "error" | "issu" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:flow_interface_group) do c( arg, "exclude" /* Don't apply flow-spec filter to traffic on this group */ ).as(:oneline) end rule(:flow_route_inet6) do arg.as(:arg) ( c( "no-install" /* Don't install firewall filter in forwarding */, "match" ( /* Flow definition */ flow_route_qualifier_inet6 /* Flow definition */ ), "then" ( /* Actions to take for this flow */ flow_route_op /* Actions to take for this flow */ ) ) ) end rule(:flow_route_op) do c( "community" arg /* Name of BGP community */, c( "accept" /* Allow traffic through */, "discard" /* Discard all traffic for this flow */, "rate-limit" arg /* Rate in bits/sec to limit the flow traffic */ ), "routing-instance" arg /* Redirect to instance identified via Route Target community */, "sample" /* Sample traffic that matches this flow */, "mark" arg /* Set DSCP value for traffic that matches this flow */, "next-term" /* Continue the filter evaluation after matching this flow */, c( "redirect" ( /* Redirect(Tunnel) this flow's traffic to given next-hop address */ ipaddr /* Redirect(Tunnel) this flow's traffic to given next-hop address */ ) ) ) end rule(:flow_route_qualifier_inet6) do c( "protocol" ( /* IP protocol value */ ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | arg) ), "port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "tcp-flags" ( /* TCP flags */ ("fin" | "syn" | "rst" | "push" | "ack" | "urgent" | arg) ), "packet-length" ( /* Packet length (0-65535) */ policy_algebra /* Packet length (0-65535) */ ), "dscp" ( /* Differentiated Services (DiffServ) code point (DSCP) (0-63) */ policy_algebra /* Differentiated Services (DiffServ) code point (DSCP) (0-63) */ ), "fragment" ( ("dont-fragment" | "not-a-fragment" | "is-fragment" | "first-fragment" | "last-fragment") ), "destination" ( /* Destination prefix for this traffic flow */ flow_prefix_with_offset /* Destination prefix for this traffic flow */ ), "source" ( /* Source prefix for this traffic flow */ flow_prefix_with_offset /* Source prefix for this traffic flow */ ), "icmp6-type" ( /* ICMP message type */ ("echo-request" | "echo-reply" | "destination-unreachable" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "packet-too-big" | "membership-query" | "membership-report" | "membership-termination" | "redirect" | "neighbor-solicit" | "neighbor-advertisement" | "router-renumbering" | "node-information-request" | "node-information-reply" | arg) ), "icmp6-code" ( /* ICMP message code */ ("no-route-to-destination" | "administratively-prohibited" | "address-unreachable" | "port-unreachable" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip6-header-bad" | "unrecognized-next-header" | "unrecognized-option" | arg) ), "flow-label" ( /* Flow-label (0-1048575) */ policy_algebra /* Flow-label (0-1048575) */ ) ) end rule(:flow_prefix_with_offset) do c( ipv6prefix, "prefix-offset" arg /* Offset from where prefix match will start */ ).as(:oneline) end rule(:flow_rule_inet6) do arg.as(:arg) ( c( "no-install" /* Don't install firewall filter in forwarding */, "match" ( /* Flow definition */ flow_rule_qualifier_inet6 /* Flow definition */ ), "then" ( /* Actions to take for this flow */ flow_rule_op /* Actions to take for this flow */ ) ) ) end rule(:flow_rule_op) do c( c( "accept" /* Allow traffic through */, "discard" /* Discard all traffic for this flow */, "rate-limit" arg /* Rate in bits/sec to limit the flow traffic */ ) ) end rule(:flow_rule_qualifier_inet6) do c( "protocol" ( /* IP protocol value */ ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | arg) ), "port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination" ( /* Destination prefix for this traffic flow */ flow_prefix_with_offset /* Destination prefix for this traffic flow */ ), "source" ( /* Source prefix for this traffic flow */ flow_prefix_with_offset /* Source prefix for this traffic flow */ ) ) end rule(:flow_validation) do c( "traceoptions" ( /* Trace options */ flow_dep_traceoptions /* Trace options */ ) ) end rule(:flow_dep_traceoptions) do c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("resolution" | "flash" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */, "filter" ( /* Filter to apply to tracing */ sc( "match-on" ( /* Argument on which to match */ ("prefix" | "route-attribute") ), "policy" ( /* Filter policy */ policy_algebra /* Filter policy */ ) ) ).as(:oneline) ) ).as(:oneline) ) end rule(:juniper_dynamic_profile_varset_object) do arg.as(:arg) ( c( "junos-mep-id" arg /* Dynamic variable to substitute 'mep' value in the profile */, "junos-md-level" arg /* Dynamic variable to substitute 'level' value in the profile */, "junos-remote-mep-id" arg /* Dynamic variable to substitute 'remote-mep' value in the profile */, "junos-md-name" arg /* Dynamic variable to substitute 'maintenance-domain' in profile */, "junos-ma-name" arg /* Dynamic variable to substitute 'maintenance-association' in profile */, "junos-loss-threshold" arg /* Dynamic variable to substitute 'loss-threshold' in profile */, "junos-md-name-format" ( /* Dynamic variable to substitute 'name-format' in profile */ ("none" | "dns" | "mac+2oct" | "character-string") ), "junos-ma-name-format" ( /* Dynamic variable to substitute 'short-name-format' in profile */ ("2octet" | "rfc-2685-vpn-id" | "vlan" | "character-string" | "icc") ), "junos-ccm-interval" ( /* Dynamic variable to substitute 'interval' in profile */ ("10ms" | "100ms" | "1s" | "10s" | "1m" | "10m") ), "junos-action-profile" arg /* Dynamic variable to substitute 'action-profile' in profile */, "junos-layer2-output-policer" arg /* Dynamic variable to substitute 'layer2 output-policer' */ ) ) end rule(:juniper_dynamic_variable_object) do arg.as(:arg) ( c( "equals" arg /* Computable expression of dynamic profile variables */, "default-value" arg /* Default value for variable */, "mandatory" /* Variable must be supplied by external server */, "uid-reference" /* Variable that refers to the uid variable */, "uid" /* Compute unique Id value for the variable */ ) ) end rule(:juniper_forwarding_options) do c( "storm-control-profiles" arg ( /* Storm control profile for this instance */ c( "all" ( /* For all BUM traffic */ c( c( "bandwidth-percentage" arg /* Percentage of link bandwidth */, "bandwidth-level" arg /* Link bandwidth */ ), "burst-size" arg /* Burst size */, "no-broadcast" /* Disable broadcast storm control */, "no-unknown-unicast" /* Disable unknown unicast storm control */, c( "no-multicast" /* Disable multicast storm control */, "no-registered-multicast" /* Disable registered multicast storm control */, "no-unregistered-multicast" /* Disable unregistered multicast storm control */ ) ) ), "action-shutdown" /* Disable port for excessive storm control errors */ ) ), "tunnels" ( /* Tunnel port profile */ c( "udp" ( c( "payload-port-profile" ( /* Tunnel payload port profile udp, only 1 can exist */ c( arg /* Payload port profile name */, "inet" arg /* Tunnel port profile udp inet port */, "inet6" arg /* Tunnel port profile udp inet6 port */, "mpls" arg /* Tunnel port profile udp mpls port */, "iso" arg /* Tunnel port profile udp iso port */ ) ) ) ) ) ), "mirror-profile" ( /* Mirror profile of mirror instance */ mirror_profile_attributes /* Mirror profile of mirror instance */ ), c( "sampling" ( /* Statistical traffic sampling options */ juniper_sampling_options /* Statistical traffic sampling options */ ), "packet-capture" ( /* Packet capture options */ juniper_packet_capture_options /* Packet capture options */ ) ), "monitoring" ( /* Configure lawful interception of traffic */ juniper_monitoring_options /* Configure lawful interception of traffic */ ), "accounting" ( /* Configure accounting of traffic */ juniper_packet_accounting_options /* Configure accounting of traffic */ ), "analyzer" ( /* Analyzer options */ smpl_analyzer_type /* Analyzer options */ ), "port-mirroring" ( /* Configure port mirroring of traffic */ juniper_port_mirror_options /* Configure port mirroring of traffic */ ), "evpn-vxlan" ( /* EVPN VXLAN configurations */ c( "shared-tunnels" /* Create VTEP tunnels to EVPN PE */, "reroute-address" ( /* Reroute IP address for vxlan encapsulation */ sc( c( "inet" ( /* IPv4 address family */ c( ipv4addr /* Reroute address for IPV4 FRR */ ) ), "inet6" ( /* IPv6 address family */ c( ipv6addr /* Reroute address for IPV6 FRR */ ) ) ) ) ).as(:oneline) ) ), "multicast-replication" ( /* Set mode of multicast replication */ c( "ingress" /* Complete ingress replication */, "local-latency-fairness" /* Complete parallel replication */, "evpn" ( /* EVPN IRB multicast related options */ c( "irb" ( ("local-only" | "local-remote" | "oism") ), "smet-nexthop-limit" arg /* Flood traffic to all egress when count goes above limit */ ) ) ) ), "load-balance" ( /* Configure load-balancing attributes on the forwarding path */ c( "ecmp-local-bias" /* Apply locality bias for ecmp nexthops */, "indexed-load-balance" /* Use indexed permuted next hop lists for unilist and aggregate next hops */, "per-flow" ( c( "hash-seed" /* Enable per flow seed value on packet forwarding engine */ ) ), "per-prefix" ( c( "hash-seed" arg /* Specifies per-router input value for per-prefix load-balancing hash function */ ) ) ) ), "hash-key" ( /* Select data used in the hash key */ junos_hash_key /* Select data used in the hash key */ ), "local-bias" ( /* Turn on local bias functionality */ c( "disable" /* Disable local-bias */ ) ), "enhanced-hash-key" ( /* Select data used in the hash key for Enhanced IP Forwarding Engines */ c( "use-trunk-max-links" /* Use 8 links in trunk programming instead of actual links */, "ecmp-resilient-hash" /* Set resilient hashing for ECMP */, "lag-dlb" ( /* Setting dynamic load balancing options for LAG */ c( "ether-type" ( /* Setting ether type for LAG DLB */ c( "ipv4" /* Ether type is ipv4 */, "ipv6" /* Ether type is ipv6 */, "mpls" /* Ether type is mpls */ ) ) ) ), "fabric-load-balance" ( /* Set load balancing options for VC-Fabric forwarding */ c( c( "flowlet" ( /* Inactivity-based flowlet link assignment (default) */ c( "inactivity-interval" ( /* Minimum inactivity interval for flowlet detection */ ("16us" | "64us" | "512us" | "32ms") ) ) ), "per-packet" /* Per-packet optimal spraying */ ) ) ), "ecmp-dlb" ( /* Set load balancing options for VC-Fabric forwarding */ c( c( "assigned-flow" /* Flow-based fixed link assignment */, "flowlet" ( /* Inactivity-based flowlet link assignment (default) */ c( "inactivity-interval" arg /* Minimum inactivity interval in micro-seconds for flowlet detection */ ) ), "per-packet" /* Per-packet optimal spraying */ ), "ether-type" ( /* Ether type */ c( "ipv4" /* Set DLB for ipv4 */, "ipv6" /* Set DLB for ipv6 */, "mpls" /* Set DLB for mpls */ ) ) ) ), "hash-mode" ( /* Hashing mode */ c( c( "layer2-header" /* Only layer2 header fields are considered for hashing */, "layer2-payload" /* Only layer2 payload fields are considered for hashing */, "gtp-header-offset" arg /* Gtp header first byte offset */ ) ) ), "hash-parameters" ( /* Set traffic hashing parameters */ c( "ecmp" ( /* Configure hashing parameters for ECMP Traffic */ c( "offset" arg /* Set hashing offset for ECMP Traffic */, "preprocess" ( /* Enable/Disable the preprocess parameter for ECMP traffic */ c( c( "enable" /* Enable preprocess for ECMP */, "disable" /* Disable preprocess for ECMP */ ) ) ), "function" ( /* Configure hash functions for ECMP traffic */ c( c( "crc16-bisync" /* Use CRC16-BISYNC function for ECMP traffic rcvd on xe */, "crc16-ccitt" /* Use CRC16-CCITT function for ECMP traffic rcvd on xe */, "crc32-hi" /* Use CRC32-HI function for ECMP traffic rcvd on xe */, "crc32-lo" /* Use CRC32-LO function for ECMP traffic rcvd on xe */ ) ) ) ) ), "lag" ( /* Configure hashing parameters for LAG Traffic */ c( "offset" arg /* Set hashing offset for LAG Traffic */, "preprocess" ( /* Enable/Disable the preprocess parameter for LAG traffic */ c( c( "enable" /* Enable preprocess for LAG */, "disable" /* Disable preprocess for LAG */ ) ) ), "function" ( /* Configure hash functions for LAG traffic */ c( c( "crc16-bisync" /* Use CRC16-BISYNC function for LAG traffic rcvd on xe */, "crc16-ccitt" /* Use CRC16-CCITT function for LAG traffic rcvd on xe */, "crc32-hi" /* Use CRC32-HI function for LAG traffic rcvd on xe */, "crc32-lo" /* Use CRC32-LO function for LAG traffic rcvd on xe */ ) ) ) ) ) ) ), "hash-seed" ( /* Hash seed */ c( arg ) ), "resilient-hash-seed" ( /* Resilient hash seed */ c( arg ) ), "mpls" ( /* Configure mpls fields */ c( "no-incoming-port" /* Exclude incoming port from the hash key */, "no-incoming-device" /* Exclude incoming device from the hash key */ ) ), "layer2" ( /* Configure layer2 fields */ c( "no-incoming-port" /* Exclude incoming port from the hash key */, "no-incoming-device" /* Exclude incoming device from the hash key */, "no-source-mac-address" /* Exclude source MAC address from the hash key */, "source-mac-address" /* Include source MAC address from the hash key */, "no-destination-mac-address" /* Exclude destination MAC address from the hash key */, "destination-mac-address" /* Include destination MAC address from the hash key */, "no-ether-type" /* Exclude ether type from the hash key */, "vlan-id" /* Include incoming vlan-id in hash key */, "no-vlan-id" /* Not include vlan-id in hash key */, "inner-vlan-id" /* Include incoming inner-vlan-id in hash key */ ) ), "inet" ( /* Configure inet4 fields */ c( "no-incoming-port" /* Exclude incoming port from the hash key */, "no-incoming-device" /* Exclude incoming device from the hash key */, "no-l4-source-port" /* Exclude l4 source port from the hash key */, "no-l4-destination-port" /* Exclude l4 dest port from the hash key */, "no-protocol" /* Exclude protocol from the hash key */, "no-ipv4-source-address" /* Exclude IPv4 source address */, "no-ipv4-destination-address" /* Exclude IPv4 destination address */, "vlan-id" /* Include incoming vlan-id in hash key */ ) ), "inet6" ( /* Configure inet6 fields */ c( "no-incoming-port" /* Exclude incoming port from the hash key */, "no-incoming-device" /* Exclude incoming device from the hash key */, "no-l4-source-port" /* Exclude l4 source port from the hash key */, "no-l4-destination-port" /* Exclude l4 dest port from the hash key */, "ipv6-flow-label" /* Include IPv6 flow label */, "no-next-header" /* Exclude next header from the hash key */, "no-ipv6-source-address" /* Exclude IPv6 source address */, "no-ipv6-destination-address" /* Exclude IPv6 destination address */, "vlan-id" /* Include vlan-id in hash key */ ) ), "no-mpls" /* Disable mpls in hash key */, "gre" ( /* Configure for GRE */ c( "key" /* Include key in hash key */, "protocol" /* Include protocol in hash key */ ) ), "vxlan-vnid" /* Enable vxlan-vnid */, "symmetric-hash" ( /* Enable symmetric hash for load-balancing */ c( "inet" /* Enable symmetric hash on ipv4 flows */, "inet6" /* Enable symmetric hash on ipv6 flows */ ) ), "services-loadbalancing" ( /* Select key to load balance across service PICs */ c( "family" ( /* Protocol family */ c( "inet" ( /* IPv4 protocol family */ c( "layer-3-services" ( /* Include Layer 3 (IP) data in the hash key */ c( "source-address" /* Include IP source address in the hash key */, "destination-address" /* Include IP destination address in the hash key */, "incoming-interface-index" /* Include incoming interface index in the hash key */ ) ) ) ), "inet6" ( /* IPv6 protocol family */ c( "layer-3-services" ( /* Include Layer 3 (IP) data in the hash key */ c( "source-address" /* Include IP source address in the hash key */, "destination-address" /* Include IP destination address in the hash key */, "incoming-interface-index" /* Include incoming interface index in the hash key */, "src-prefix-len" arg /* Enhanced hash key inet6 source prefix length */ ) ) ) ) ) ) ) ), "source-destination-only-loadbalancing" ( /* Configure key for source/destination-ip-only load balancing */ c( "family" ( /* Protocol family */ c( "inet" ( /* IPv4 protocol family */ c( "prefix-length" arg /* Source/Destination Only Load-Balancing inet prefix length */ ) ), "inet6" ( /* IPv6 protocol family */ c( "prefix-length" arg /* Source/Destination Only Load-Balancing inet6 prefix length */ ) ) ) ) ) ), "family" ( /* Protocol family */ c( "any" ( /* Applicable to all protocol families */ c( "incoming-interface-index" /* Include incoming interface index in the hash key */, "no-tunnel-payload" /* Omit tunnel payload in the hash key */ ) ), "inet" ( /* IPv4 protocol family */ c( "incoming-interface-index" /* Include incoming interface index in the hash key */, "no-destination-port" /* Omit IP destination port in the hash key */, "no-source-port" /* Omit IP source port in the hash key */, "type-of-service" /* Include TOS byte in the hash key */, "gtp-tunnel-endpoint-identifier" /* Include TEID in the hash key for GTP-U packets */, "l2tp-tunnel-session-identifier" /* Include TID SID in the hash key for L2TP packets */, "session-id" /* Include session ID in the enhanced hash key */ ) ), "inet6" ( /* IPv6 protocol family */ c( "incoming-interface-index" /* Include incoming interface index in the hash key */, "traffic-class" /* Include Traffic Class byte in the hash key */, "no-destination-port" /* Omit IP destination port in the hash key */, "no-source-port" /* Omit IP source port in the hash key */, "gtp-tunnel-endpoint-identifier" /* Include TEID in the hash key for GTP-U packets */, "session-id" /* Include session ID in the enhanced hash key */, "no-flow-label" /* Omit Flow label in the hash key */, "type-of-service" /* Include TOS byte in the hash key */ ) ), "mpls" ( /* MPLS protocol family */ c( "label-1-exp" /* Include EXP of first MPLS label from the hash key */, "incoming-interface-index" /* Include incoming interface index in the hash key */, c( "no-ether-pseudowire" /* Omit IP payload over ethernet PW from the hash-key */, "ether-pseudowire" ( /* Load-balance IP over ethernet PW */ sc( "zero-control-word" /* Parse zero control word in packet header */ ) ).as(:oneline) ), "no-labels" /* Exclude all MPLS labels from hash key */, "no-payload" /* Omit MPLS payload data from the hash key */ ) ), "multiservice" ( /* Multiservice protocol (bridged/CCC/VPLS) family */ c( "incoming-interface-index" /* Include incoming interface index in hash key */, "outer-priority" /* Include Outer 802.1 Priority bits in the hash key */, "no-payload" /* Omit payload data from the hash key */, "no-mac-addresses" /* Omit source and destination MAC addresses from the hash key */ ) ) ) ), "hash-function" ( /* Configure hash functions */ c( c( "CRC16-CCITT" /* 16-bit CRC16 using CCITT polynomial */, "CRC16" /* 16-bit CRC16 calculated using the BISYNC polynomial */, "CRC16XOR1" /* Upper 8 bits BISYNC CRC16 and 8 bit XOR1 */, "CRC16XOR2" /* Upper 8 bit BISYNC CRC16 and 8 bit XOR2 */, "CRC16XOR4" /* Upper 8 bit BISYNC CRC16 and 8 bit XOR4 */, "CRC16XOR8" /* Upper 8 bit BISYNC CRC16 and 8 bit XOR8 */, "CRC32HI" /* 16 LSBs of computed CRC32 */, "CRC32LO" /* 16 MSBs of computed CRC32 */, "xor" ( /* XOR based hashing */ c( "no-L3-L4-headers" /* Exclude source IP, dest IP, source L4 port, dest L4 port addresses from hashing */, "no-L4-ports" /* Exclude source L4 port and dest L4 port addresses from hashing */, "mac-addresses" /* Include source and destination MAC addresses in IPv4/IPv6 packet hashing */, "no-mpls-hash" /* Exclude MPLS information from hashing */, "no-ipv4-source-address" /* Exclude source IPv4 address from hashing */, "no-ipv4-destination-address" /* Exclude dest IPv4 address from hashing */, "no-ipv6-source-address" /* Exclude source IPv6 address from hashing */, "no-ipv6-destination-address" /* Exclude dest IPv6 address from hashing */, "no-ip6-flow-label" /* Exclude IPv6 flow label from hashing */, "en-ip-over-mpls" /* Enable parsing of IP in MPLS packets */, "no-mpls-label0" /* Exclude MPLS Label 0 from hashing */, "no-mpls-label1" /* Exclude MPLS Label 1 from hashing */, "no-source-mac-address" /* Exclude source MAC address from hashing */, "no-destination-mac-address" /* Exclude dest MAC address from hashing */, "no-l4-source-port" /* Exclude l4 source port from the hash key */, "no-l4-destination-port" /* Exclude l4 dest port from the hash key */ ) ), "ingress-port" /* Ingress port based hashing */, "crc6" ( /* CRC6 based hashing */ c( "crc6-seed" arg /* CRC6 seed value */, "en-ip-over-mpls" /* Enable parsing of IP in MPLS packets */, "no-source-mac-address" /* Exclude source MAC address from hashing */, "no-destination-mac-address" /* Exclude dest MAC address from hashing */, "no-mpls-label0" /* Exclude MPLS Label 0 from hashing */, "no-mpls-label1" /* Exclude MPLS Label 1 from hashing */, "no-l4-source-port" /* Exclude l4 source port from the hash key */, "no-l4-destination-port" /* Exclude l4 dest port from the hash key */, "no-ip-source-address" /* Exclude source IPv4/IPv6 address from hashing */, "no-ip-destination-address" /* Exclude dest IPv4/IPv6 address from hashing */, "no-ip6-flow-label" /* Exclude IPv6 flow label from hashing */ ) ), "crc16" ( /* CRC16 based hashing */ c( "crc16-seed" arg /* CRC16 seed value */, "en-ip-over-mpls" /* Enable parsing of IP in MPLS packets */, "no-source-mac-address" /* Exclude source MAC address from hashing */, "no-destination-mac-address" /* Exclude dest MAC address from hashing */, "no-mpls-label0" /* Exclude MPLS Label 0 from hashing */, "no-mpls-label1" /* Exclude MPLS Label 1 from hashing */, "no-l4-source-port" /* Exclude l4 source port from the hash key */, "no-l4-destination-port" /* Exclude l4 dest port from the hash key */, "no-ip-source-address" /* Exclude source IPv4/IPv6 address from hashing */, "no-ip-destination-address" /* Exclude dest IPv4/IPv6 address from hashing */, "no-ip6-flow-label" /* Exclude IPv6 flow label from hashing */ ) ) ) ) ), "vxlan" ( /* Vxlan traffic */ c( "no-inner-payload" /* To enable load-balancing on Vxlan traffic based on outer IP/UDP header */ ) ), "conditional-match" arg ( /* Configures a conditional match */ c( "offset1" ( /* Configure offset 1 */ c( "base-offset1" ( /* Configure base-offset */ ("start-of-L2Header" | "start-of-L3-OuterHeader" | "start-of-L3-InnerHeader" | "start-of-L4-Header") ), "offset1-value" arg /* Offset of the data to be extracted from the base offset. Only even number */, "matchdata1" arg /* Data to be matched */, "matchdata1-mask" arg /* Matchdata mask */ ) ), "offset2" ( /* Configure offset 2 */ c( "base-offset2" ( /* Configure base-offset */ ("start-of-L2Header" | "start-of-L3-OuterHeader" | "start-of-L3-InnerHeader" | "start-of-L4-Header") ), "offset2-value" arg /* Offset of the data to be extracted from the base offset. Only even number */, "matchdata2" arg /* Data to be matched */, "matchdata2-mask" arg /* Matchdata mask */ ) ), "offset3" ( /* Configure offset 3 */ c( "base-offset3" ( /* Configure base-offset */ ("start-of-L2Header" | "start-of-L3-OuterHeader" | "start-of-L3-InnerHeader" | "start-of-L4-Header") ), "offset3-value" arg /* Offset of the data to be extracted from the base offset. Only even number */, "matchdata3" arg /* Data to be matched */, "matchdata3-mask" arg /* Matchdata mask */ ) ), "offset4" ( /* Configure offset 4 */ c( "base-offset4" ( /* Configure base-offset */ ("start-of-L2Header" | "start-of-L3-OuterHeader" | "start-of-L3-InnerHeader" | "start-of-L4-Header") ), "offset4-value" arg /* Offset of the data to be extracted from the base offset. Only even number */, "matchdata4" arg /* Data to be matched */, "matchdata4-mask" arg /* Matchdata mask */ ) ) ) ), "flex-hashing" arg ( /* Set flex hashing */ c( "ethtype" ( /* Configure ether-type of packet */ c( "inet" ( /* Enable flex-hashing on ipv4 */ c( "interface" ( /* Incoming interface name. This is optional parameter */ interface_name /* Incoming interface name. This is optional parameter */ ), "conditional-match" arg /* Conditional match to be matched in the packet */, "hash-offset" ( /* Configure the offsets for hashing */ c( "offset1" ( /* Configure offset 1 value */ c( "base-offset1" ( /* Configure base-offset */ ("start-of-L2Header" | "start-of-L3-OuterHeader" | "start-of-L3-InnerHeader" | "start-of-L4-Header") ), "offset1-value" arg /* Offset of the data to be extracted from the base offset. Only even number */, "offset1-mask" arg /* Mask for the hash data extracted. 2 byte mask */, "offset2" ( /* Configure offset 2 value */ c( "base-offset2" ( /* Configure base-offset */ ("start-of-L2Header" | "start-of-L3-OuterHeader" | "start-of-L3-InnerHeader" | "start-of-L4-Header") ), "offset2-value" arg /* Offset of the data to be extracted from the base offset. Only even number */, "offset2-mask" arg /* Mask for the hash data extracted. 2 byte mask */ ) ) ) ) ) ) ) ), "inet6" ( /* Enable flex-hashing on ipv6 */ c( "interface" ( /* Incoming interface name. This is optional parameter */ interface_name /* Incoming interface name. This is optional parameter */ ), "conditional-match" arg /* Conditional match to be matched in the packet */, "hash-offset" ( /* Configure the offsets for hashing */ c( "offset1" ( /* Configure offset 1 value */ c( "base-offset1" ( /* Configure base-offset */ ("start-of-L2Header" | "start-of-L3-OuterHeader" | "start-of-L3-InnerHeader" | "start-of-L4-Header") ), "offset1-value" arg /* Offset of the data to be extracted from the base offset. Only even number */, "offset1-mask" arg /* Mask for the hash data extracted. 2 byte mask */, "offset2" ( /* Configure offset 2 value */ c( "base-offset2" ( /* Configure base-offset */ ("start-of-L2Header" | "start-of-L3-OuterHeader" | "start-of-L3-InnerHeader" | "start-of-L4-Header") ), "offset2-value" arg /* Offset of the data to be extracted from the base offset. Only even number */, "offset2-mask" arg /* Mask for the hash data extracted. 2 byte mask */ ) ) ) ) ) ) ) ), "mpls" ( /* Configure number of MPLS labels */ c( "num-labels" arg /* Configure number of MPLS labels */, "interface" ( /* Incoming interface name. This is optional parameter */ interface_name /* Incoming interface name. This is optional parameter */ ), "conditional-match" arg /* Conditional match to be matched in the packet */, "hash-offset" ( /* Configure the offsets for hashing */ c( "offset1" ( /* Configure offset 1 value */ c( "base-offset1" ( /* Configure base-offset */ ("start-of-L2Header" | "start-of-L3-OuterHeader" | "start-of-L3-InnerHeader" | "start-of-L4-Header") ), "offset1-value" arg /* Offset of the data to be extracted from the base offset. Only even number */, "offset1-mask" arg /* Mask for the hash data extracted. 2 byte mask */, "offset2" ( /* Configure offset 2 value */ c( "base-offset2" ( /* Configure base-offset */ ("start-of-L2Header" | "start-of-L3-OuterHeader" | "start-of-L3-InnerHeader" | "start-of-L4-Header") ), "offset2-value" arg /* Offset of the data to be extracted from the base offset. Only even number */, "offset2-mask" arg /* Mask for the hash data extracted. 2 byte mask */ ) ) ) ) ) ) ) ) ) ) ) ), "symmetric" /* Enable symmetric load-balancing */ ) ), "next-hop" ( /* Next hop throttle */ c( "arp-throttle" arg /* Change the arp throttling time(seconds) */, "arp-detect" arg /* Change the arp throttling detect time(milliseconds) */ ) ), "sflow" ( /* Sflow related */ c( "egress-multicast" ( /* Sflow for egress multicast */ c( "enable" /* To enable sflow for egress multicast */, "max-replication-rate" arg /* To configure max replication rate (0 to 2K pps) */ ) ) ) ), "multicast" ( /* Multicast resolve and mismatch rate */ c( "resolve-rate" arg /* Multicast resolve rate */, "mismatch-rate" arg /* Multicast interface mismatch rate */, "policer" ( c( "bandwidth-limit" arg /* Bandwidth limit */, "burst-size-limit" arg /* Burst size limit */ ) ) ) ), "packet-capture-telemetry" ( /* Packet capture telemetry options */ c( "egress" ( /* Egress options */ packet_capture_egress_intf_type /* Egress options */ ) ) ), "rpf-loose-mode-discard" ( /* Configure rpf loose mode behavior */ c( "family" ( /* Protocol family */ c( "inet" /* Configure rpf loose mode behavior for IPv4 */, "inet6" /* Configure rpf loose mode behavior for IPv6 */ ) ) ) ), "l2circuit-control-passthrough" /* Configure passthrough for control protocol packets on L2 Circuit */, "explicit-null-cos" ( /* Configure to use MPLS explicit null exp for COS classification */ c( "inet" /* Include family inet */, "inet6" /* Include family inet6 */ ) ), "helpers" ( /* Port forwarding configuration */ c( "traceoptions" ( /* Trace options for helper */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("trace" | "address" | "main" | "config" | "ifdb" | "io" | "rtsock" | "ui" | "util" | "gencfg" | "domain" | "tftp" | "bootp" | "port" | "if-rtsdb" | "all")) /* Area of UDP forwarding helper process on which to enable debugging output */.as(:oneline) ) ), "rtsdb-client-traceoptions" ( /* SHM rtsock database client library trace options */ c( "if-rtsdb" ( /* Trace interface hierarchy rtsdb */ c( "flag" enum(("init" | "routing-socket" | "map" | "all")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ) ) ), "domain" ( /* Incoming DNS request forwarding configuration */ c( "description" arg /* Text description of server */, "server" ( /* Server information */ sc( ipv4addr /* Name or address of server to which to forward */, c( "logical-system" ( /* Logical system of server to which to forward */ sc( arg /* Name of logical system */, "routing-instance" arg /* Routing instance of server to which to forward */ ) ).as(:oneline), "routing-instance" arg /* Routing instance of server to which to forward */ ) ) ).as(:oneline), "interface" arg ( /* Incoming DNS request forwarding interface configuration */ c( "no-listen" /* Do not listen on this interface */, "broadcast" /* If the layer 2 interface is unknown then broadcast */, "description" arg /* Text description of server */, "server" ( /* Server information */ sc( ipv4addr /* Name or address of server to which to forward */, c( "logical-system" ( /* Logical system of server to which to forward */ sc( arg /* Name of logical system */, "routing-instance" arg /* Routing instance of server to which to forward */ ) ).as(:oneline), "routing-instance" arg /* Routing instance of server to which to forward */ ) ) ).as(:oneline) ) ) ) ), "tftp" ( /* Incoming TFTP request forwarding configuration */ c( "description" arg /* Text description of server */, "server" ( /* Server information */ sc( ipv4addr /* Name or address of server to which to forward */, c( "logical-system" ( /* Logical system of server to which to forward */ sc( arg /* Name of logical system */, "routing-instance" arg /* Routing instance of server to which to forward */ ) ).as(:oneline), "routing-instance" arg /* Routing instance of server to which to forward */ ) ) ).as(:oneline), "interface" arg ( /* Incoming TFTP request forwarding interface configuration */ c( "no-listen" /* Do not listen on this interface */, "broadcast" /* If the layer 2 interface is unknown then broadcast */, "description" arg /* Text description of server */, "server" ( /* Server information */ sc( ipv4addr /* Name or address of server to which to forward */, c( "logical-system" ( /* Logical system of server to which to forward */ sc( arg /* Name of logical system */, "routing-instance" arg /* Routing instance of server to which to forward */ ) ).as(:oneline), "routing-instance" arg /* Routing instance of server to which to forward */ ) ) ).as(:oneline) ) ) ) ), "bootp" ( /* Incoming BOOTP/DHCP request forwarding configuration */ c( "relay-agent-option" /* Use DHCP Relay Agent option in relayed BOOTP/DHCP messages */, "dhcp-option82" ( /* Configure DHCP option 82 */ dhcp_option82_type /* Configure DHCP option 82 */ ), "description" arg /* Text description of servers */, "server" arg ( /* Server information */ c( "logical-system" arg ( /* Logical system of server to which to forward */ sc( "routing-instance" arg /* Routing instance of server to which to forward */ ) ).as(:oneline), "routing-instance" arg /* Routing instance of server to which to forward */ ) ), "maximum-hop-count" arg /* Maximum number of hops per packet */, "minimum-wait-time" arg /* Minimum number of seconds before requests are forwarded */, "client-response-ttl" arg /* IP time-to-live value to set in responses to client */, "source-address-giaddr" /* Use GIADDR as the source IP address for relayed packets */, "vpn" /* Enable vpn encryption */, "apply-secondary-as-giaddr" /* Enable DHCP relay to use secondary gateway ip on all interfaces */, "interface" arg ( /* Incoming BOOTP/DHCP request forwarding interface configuration */ c( "no-listen" /* Do not listen on this interface */, "broadcast" /* If the layer 2 interface is unknown then broadcast */, "description" arg /* Text description of servers */, "server" arg ( /* Server information */ c( "logical-system" arg ( /* Logical system of server to which to forward */ sc( "routing-instance" arg /* Routing instance of server to which to forward */ ) ).as(:oneline), "routing-instance" arg /* Routing instance of server to which to forward */ ) ), "maximum-hop-count" arg /* Maximum number of hops per packet */, "minimum-wait-time" arg /* Minimum number of seconds before requests are forwarded */, "client-response-ttl" arg /* IP time-to-live value to set in responses to client */, "source-address-giaddr" /* Use GIADDR as the source IP address for relayed packets */, "vpn" /* Enable vpn encryption */, "dhcp-option82" ( /* Configure DHCP option 82 */ dhcp_option82_type /* Configure DHCP option 82 */ ), "apply-secondary-as-giaddr" /* Enable DHCP relay to use secondary gateway ip on this interface */ ) ) ) ), "port" arg ( /* Incoming arbitrary protocol request forwarding configuration */ c( "description" arg /* Text description of server */, "server" arg ( /* Server information */ c( c( "logical-system" ( /* Logical system of server to which to forward */ sc( arg /* Name of logical system */, "routing-instance" arg /* Routing instance of server to which to forward */ ) ).as(:oneline), "routing-instance" arg /* Routing instance of server to which to forward */ ) ) ), "interface" arg ( /* Incoming request forwarding interface configuration */ c( "no-listen" /* Do not listen on this interface */, "broadcast" /* If the layer 2 interface is unknown then broadcast */, "description" arg /* Text description of server */, "server" arg ( /* Server information */ c( c( "logical-system" ( /* Logical system of server to which to forward */ sc( arg /* Name of logical system */, "routing-instance" arg /* Routing instance of server to which to forward */ ) ).as(:oneline), "routing-instance" arg /* Routing instance of server to which to forward */ ) ) ) ) ) ) ) ) ), "family" ( /* Protocol family */ c( "inet" ( /* IPv4 parameters */ c( "filter" ( /* Filtering for forwarding table */ c( "input" arg /* Name of input filter to apply for forwarded packets */, "output" arg /* Name of output filter to apply for forwarded packets */ ) ), "route-accounting" /* Enable IPv4 route accounting */ ) ), "inet6" ( /* IPv6 parameters */ c( "filter" ( /* Filtering for forwarding table */ c( "input" arg /* Name of input filter to apply for forwarded packets */, "output" arg /* Name of output filter to apply for forwarded packets */ ) ), "route-accounting" /* Enable IPv6 route accounting */, "source-checking" /* Discard IPv6 packet when source address type is unspecified, loopback, multicast or link-local */ ) ), "mpls" ( /* MPLS parameters */ c( "filter" ( /* Filtering for forwarding table */ c( "input" arg /* Name of input filter to apply for forwarded packets */, "output" arg /* Name of output filter to apply for forwarded packets */ ) ) ) ), "vpls" ( /* VPLS parameters */ c( "filter" ( /* Filtering for VPLS DMAC forwarding table */ c( "input" arg /* Name of input filter to apply for forwarded packets */ ) ), "flood" ( /* Filtering for VPLS flood table */ c( "input" arg /* Name of input filter to apply for VPLS flood packets */ ) ) ) ), "evpn" ( /* EVPN parameters */ c( "filter" ( /* Filtering for EVPN DMAC forwarding table */ c( "input" arg /* Name of input filter to apply for forwarded packets */ ) ), "flood" ( /* Filtering for EVPN flood table */ c( "input" arg /* Name of input filter to apply for EVPN flood packets */ ) ) ) ) ) ), "next-hop-group" ( /* Next hop group forwarding option */ juniper_next_hop_group_options /* Next hop group forwarding option */ ), "dhcp-relay" ( /* Dynamic Host Configuration Protocol relay configuration */ jdhcp_relay_type /* Dynamic Host Configuration Protocol relay configuration */ ), "load-balance-label-capability" /* Load balance label capability */, "no-load-balance-label-capability" /* Don't load balance label capability */, "fast-reroute-priority" ( /* Fast-reroute repair priority */ ("low" | "medium" | "high") ), "ip-options-protocol-queue" arg ( /* IP Options protocol logical queue parameters */ c( "protocol-id" arg /* Protocol Identifier */, "queue-depth" arg /* Size of the protocol logical options queue */ ) ), "link-layer-broadcast-inet-check" /* Enable destination mac and destination ip address check */, "cut-through" /* Enable cut-through forwarding */, "storm-control" ( /* Storm control config */ c( "enhanced" /* Enable enhanced storm control feature */ ) ), "vrf-fallback" /* Enable vrf-fallback forwarding. This will restart PFE */, "mpls-tunnel-extend" /* Extend MPLS Tunnel table usage. This config will restart PFE */, "vxlan-disable-copy-tos-encap" /* Disable copy of TOS bits from Outer IP to Inner IP at VxLAN Tunnel Encap */, "vxlan-disable-copy-tos-decap" /* Disable copy of TOS bits from Outer IP to Inner IP at VxLAN Tunnel Decap */, "no-hierarchical-ecmp" /* Disable hierarchical ecmp. This will restart PFE */, "ipmc-miss-do-l2mc" /* Do L2MC forwarding when IPMC miss */, "hyper-mode" /* Enable hyper mode */, "no-hyper-mode" /* Don't enable hyper mode */, "vxlan-flexflow" /* Enable VxLAN flexflow. This will restart PFE */, "ecmp-do-local-lookup" /* Do ECMP local lookup only */, "access-security" ( /* Access security configuration */ jdhcp_access_security_type /* Access security configuration */ ), "forwarding-sandbox" ( /* Create forwarding sandbox */ juniper_forwarding_sandbox_options /* Create forwarding sandbox */ ), "vxlan-routing" ( /* VXLAN Routing forwarding options */ c( "next-hop" arg /* Next-hop. Must be multiple of 4096. This will restart PFE */, "interface-num" arg /* Interface. Must be multiple of 2048. This will restart PFE */, "overlay-ecmp" /* Enable overlay ecmp for vxlan L3. This will restart PFE */ ) ), "satellite" ( /* Satellite forwarding options */ c( "traceoptions" ( /* Global tracing options for satellite control plane */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("all" | "bd" | "config-internal" | "interface" | "interface-vlan" | "ipc" | "kernel" | "krt" | "mac" | "nh" | "normal" | "parse" | "stp" | "task" | "timer" | "firewall" | "l3" | "fip-snooping")) /* Tracing parameters */.as(:oneline) ) ), "local-replication" /* Enable satellite multicast replication */, "fpc" arg ( c( c( "local-switching" ( /* Enable local-switching on Satellite device */ c( "l3" /* Enable L3 local switching on the Satellite device */ ) ), "selective-vlan-switching" ( /* Enable selective-vlan-switching on Satellite device */ c( "routing-instance" arg /* Associated Routing instance name */ ) ) ) ) ), "vlan-auto-sense" ( /* Vlan-auto-sense attributes provisioning */ c( "expiry-time" arg /* Expiry time (in seconds) after last MAC aged out */ ) ), "analyzer-vlan" ( /* Output VLAN for Analyzer */ c( arg /* Name of the analyzer VLAN */ ) ), "disable-heartbeat" /* Disable heartbeat between Aggregation and Satellite */, "no-disable-heartbeat" /* Don't disable heartbeat between Aggregation and Satellite */ ) ) ) end rule(:dhcp_option82_type) do c( "disable" /* Disable DHCP option 82 on this VLAN */, "circuit-id" ( /* Configure DHCP option 82 circuit id */ c( "prefix" ( /* Configure DHCP option 82 circuit id prefix */ ("hostname") ), "use-interface-description" /* Use interface description instead of name */, "use-vlan-id" /* Use VLAN id instead of name */ ) ), "remote-id" ( /* Configure DHCP option 82 remote id */ c( "prefix" ( /* Configure DHCP option 82 remote id prefix */ ("none" | "hostname" | "mac") ), "use-interface-description" /* Use interface description instead of name */, "use-string" arg /* Use raw string instead of the default remote id */ ) ), "vendor-id" ( /* Configure DHCP option 82 vendor id */ c( arg /* Use raw string instead of the default vendor id */ ) ) ) end rule(:jdhcp_access_security_type) do c( "slaac-snooping" ( /* Stateless address auto configuration options */ slaacd_config_type /* Stateless address auto configuration options */ ), "router-advertisement-guard" ( /* Router Advertisement Guard Configuration */ c( "policy" arg ( /* Router Advertisement Guard policy */ c( "discard" ( /* Discard parameters */ c( "source-ip-address-list" arg /* IPv6 Source address list name */, "source-mac-address-list" arg /* Source mac address list name */, "prefix-list-name" arg /* Prefix-list Name */ ) ), "accept" ( /* Accept parameters */ c( "match-list" ( /* List of parameters to check */ c( "source-ip-address-list" arg /* IPv6 Source address list name */, "source-mac-address-list" arg /* Source mac address list name */, "prefix-list-name" arg /* Prefix-list Name */, "match-criteria" ( /* Match Criteria */ ("match-all" | "match-any") ) ) ), "match-options" ( /* List of Options to check */ c( "hop-limit" ( /* Hop limit */ c( "maximum" arg /* Maximum hop limit */, "minimum" arg /* Minimum hop limit */ ) ), "route-preference" ( /* Accept route preference */ c( "maximum" ( /* Maximum route preference */ ("low" | "medium" | "high") ) ) ), "managed-config-flag" /* Check Managed config flag */, "other-config-flag" /* Check Other config flag */ ) ) ) ) ) ), "interface" ( /* RA Guard config on Interface */ c( interface_policy /* Interface Configuration */ ) ), "vlans" ( /* RA Guard config on Vlan */ c( vlan_policy /* Virtual LAN Configuration */ ) ) ) ) ) end rule(:interface_policy) do arg.as(:arg) ( c( "policy" ( /* Attach policy */ c( arg /* Router Advertisement Guard policy name */, c( "stateful" /* Stateful router advertisement guard */, "stateless" /* Stateless router advertisement guard */ ) ) ), "mark-interface" ( /* Mark interface */ c( c( "trusted" /* Mark interface trusted */, "block" /* Block router-advertisement */ ) ) ) ) ) end rule(:juniper_forwarding_sandbox_options) do arg.as(:arg) ( c( "size" ( /* Size of the sandbox */ ("small" | "medium" | "large") ), "port" ( /* Sandbox port */ juniper_forwarding_sandbox_port_options /* Sandbox port */ ) ) ) end rule(:juniper_forwarding_sandbox_port_options) do arg.as(:arg) ( c( "interface" arg /* Interface to which the port is mapped */ ) ) end rule(:juniper_gnf) do arg.as(:arg) ( c( "description" arg /* Description of guest network function */, "control-plane-bandwidth-percent" arg /* Percentage of control plane bandwidth */, "fpcs" arg /* FPC associated with guest network function */, "fpc-slice" ( /* FPC sub-line cards (SLCs) associated with guest network function */ c( "fpc" arg ( /* FPC resource parameters for SLC */ c( "slc" arg ( /* Sub-line card configuration */ c( "pfe-id-list" arg /* List of pfe of FPC to be assigned to SLC */, "cores" arg /* Number of cpu cores of FPC to be assigned to SLC (2, 4, 6, 8) */, "dram" arg /* Amount of DRAM (in GB) of FPC to be assigned to SLC */ ) ) ) ) ) ), abstract_interface_type ) ) end rule(:abstract_interface_type) do arg.as(:arg) ( c( "description" arg /* Description of AF interface */, "peer-gnf" ( /* Peer gnf */ sc( "id" arg /* Peer-gnf id */, arg ) ).as(:oneline), "collapsed-forward" ( /* Enable/disable collapsed forwarding */ sc( c( "monitor" /* Monitor mode */, "optimize" /* Optimize mode */ ) ) ).as(:oneline) ) ) end rule(:juniper_logical_system) do arg.as(:arg) ( c( "interfaces" ( /* Interface configuration */ c( lr_interfaces_type ) ), "protocols" ( /* Routing protocol configuration */ juniper_protocols /* Routing protocol configuration */ ), "policy-options" ( /* Policy option configuration */ juniper_policy_options /* Policy option configuration */ ), "routing-instances" ( /* Routing instance configuration */ c( juniper_routing_instance ) ), "routing-options" ( /* Protocol-independent routing option configuration */ juniper_routing_options /* Protocol-independent routing option configuration */ ), "forwarding-options" ( /* Configure options to control packet forwarding */ c( "dhcp-relay" ( /* Dynamic Host Configuration Protocol relay configuration */ jdhcp_relay_type /* Dynamic Host Configuration Protocol relay configuration */ ), "storm-control-profiles" arg ( /* Storm control profile for this instance */ c( "all" ( /* For all BUM traffic */ c( c( "bandwidth-percentage" arg /* Percentage of link bandwidth */, "bandwidth-level" arg /* Link bandwidth */ ), "burst-size" arg /* Burst size */, "no-broadcast" /* Disable broadcast storm control */, "no-unknown-unicast" /* Disable unknown unicast storm control */, c( "no-multicast" /* Disable multicast storm control */, "no-registered-multicast" /* Disable registered multicast storm control */, "no-unregistered-multicast" /* Disable unregistered multicast storm control */ ) ) ), "action-shutdown" /* Disable port for excessive storm control errors */ ) ), "sampling" ( c( "family" ( /* Address family of packets to sample */ c( "inet" ( /* Sample IPv4 packets */ c( "output" ( /* Configure output options for packet sampling */ c( "flow-server" ( /* Configure sending traffic aggregates in cflowd format */ cflowd_sampling_inet_lr_type /* Configure sending traffic aggregates in cflowd format */ ) ) ) ) ), "mpls" ( /* Sample MPLS packets */ c( "output" ( /* Configure output options for packet sampling */ c( "flow-server" ( /* Configure sending traffic aggregates in cflowd format */ cflowd_sampling_mpls_lr_type /* Configure sending traffic aggregates in cflowd format */ ) ) ) ) ) ) ), "instance" arg ( /* Instance of sampling parameters */ c( ("disable"), "family" ( /* Address family of packets to sample */ c( "inet" ( /* Sample IPv4 packets */ c( "output" ( /* Configure output options for packet sampling */ c( "flow-server" ( /* Configure sending traffic aggregates in cflowd format */ cflowd_sampling_inet_lr_inst_type /* Configure sending traffic aggregates in cflowd format */ ) ) ) ) ), "mpls" ( /* Sample MPLS packets */ c( "output" ( /* Configure output options for packet sampling */ c( "flow-server" ( /* Configure sending traffic aggregates in cflowd format */ cflowd_sampling_mpls_lr_inst_type /* Configure sending traffic aggregates in cflowd format */ ) ) ) ) ) ) ) ) ) ) ) ) ), "system" ( /* System parameters */ c( "arp" ( /* ARP settings */ c( "aging-timer" arg /* Change the ARP aging time value */, "interfaces" ( /* Logical interface on which to specify ARP aging timer */ c( arp_interface_type ) ), "passive-learning" /* ARP passive learning */, "purging" /* ARP purging when link goes down */, "gratuitous-arp-on-ifup" /* Gratuitous ARP announcement on interface up */, "gratuitous-arp-delay" arg /* Delay gratuitous ARP request */, "non-subscriber-no-reply" /* Do not reply to ARP requests from non-subscribers */, "proactive-arp-detection" /* Proactive ARP Detection */, "unicast-mode-on-expire" /* Send unicast ARP request on expiry timer */ ) ), "services" ( /* System services */ c( "dhcp-local-server" ( /* Dynamic Host Configuration Protocol server configuration */ jdhcp_local_server_type /* Dynamic Host Configuration Protocol server configuration */ ), "dhcp-proxy-client" ( /* Dynamic Host Configuration Protocol Proxy client configuration */ jdhcp_proxy_client_type /* Dynamic Host Configuration Protocol Proxy client configuration */ ), "static-subscribers" ( /* Static Subscriber Client configuration */ jsscd_static_subscribers_type /* Static Subscriber Client configuration */ ), "tcp-forwarding" ( /* TCP forwarding configuration */ c( "listening-port" ( /* TCP listener configuration */ s( arg, "listening-address" arg /* Listening address */, c( "forwarding-address" ( /* Forwarding address */ ipv4addr /* Forwarding address */ ), "forwarding-port" arg /* Forwarding port */, "max-connections" arg /* Maxmimum allowed connections */, "allowed-source" arg /* Allowed source prefix */ ) ) ) ) ) ) ), "processes" ( /* Process control */ c( "routing" ( /* Routing process */ c( c( "force-32-bit" /* Always use 32-bit mode */, "force-64-bit" /* Always use 64-bit mode */, "auto-64-bit" /* Ignored; same as force-32-bit */ ) ) ) ) ) ) ), "access" ( /* Network access configuration */ c( "address-assignment" ( /* Address assignment configuration */ address_assignment_type /* Address assignment configuration */ ), "address-protection" ( /* Initiate Duplicate Address Protection */ c( "reassign-on-match" /* Disconnect owning session and reassign to this session */ ) ) ) ), "access-profile" ( /* Access profile for this instance */ sc( arg /* Profile name */ ) ).as(:oneline), "firewall" ( /* Define a firewall configuration */ c( "family" ( /* Protocol family */ c( "inet" ( /* Protocol family IPv4 for firewall filter */ c( "dialer-filter" ( /* Define an IPv4 dialer filter */ inet_dialer_filter /* Define an IPv4 dialer filter */ ), "prefix-action" ( /* Define a prefix action */ prefix_action /* Define a prefix action */ ), "filter" ( /* Define an IPv4 firewall filter */ inet_filter /* Define an IPv4 firewall filter */ ), "template" ( /* Define an Inet firewall template */ inet_template /* Define an Inet firewall template */ ), "simple-filter" ( /* Define an IPv4 firewall simple filter */ inet_simple_filter /* Define an IPv4 firewall simple filter */ ), "service-filter" ( /* One or more IPv4 service filters */ inet_service_filter /* One or more IPv4 service filters */ ), "fast-update-filter" ( /* One or more fast update filters */ inet_fuf /* One or more fast update filters */ ) ) ), "inet6" ( /* Protocol family IPv6 for firewall filter */ c( "dialer-filter" ( /* Define an IPv6 dialer filter */ inet6_dialer_filter /* Define an IPv6 dialer filter */ ), "filter" ( /* Define an IPv6 firewall filter */ inet6_filter /* Define an IPv6 firewall filter */ ), "service-filter" ( /* One or more IPv6 service filters */ inet6_service_filter /* One or more IPv6 service filters */ ), "fast-update-filter" ( /* One or more fast update filters */ inet6_fuf /* One or more fast update filters */ ), "template" ( /* Define an Inet6 firewall template */ inet6_template /* Define an Inet6 firewall template */ ) ) ), "mpls" ( /* Protocol family MPLS for firewall filter */ c( "dialer-filter" ( /* Define an mpls dialer filter */ mpls_dialer_filter /* Define an mpls dialer filter */ ), "filter" ( mpls_filter ), "template" ( /* Define an MPLS firewall template */ mpls_template /* Define an MPLS firewall template */ ) ) ), "vpls" ( /* Protocol family VPLS for firewall filter */ c( "filter" ( vpls_filter ) ) ), "evpn" ( /* Protocol family EVPN for firewall filter */ c( "filter" ( vpls_filter ) ) ), "bridge" ( /* Protocol family BRIDGE for firewall filter */ c( "filter" ( bridge_filter ) ) ), "ccc" ( /* Protocol family CCC for firewall filter */ c( "filter" ( ccc_filter ) ) ), "any" ( /* Protocol-independent filter */ c( "filter" ( /* Define a protocol independent filter */ any_filter /* Define a protocol independent filter */ ), "template" ( /* Define Protocol independent filter template */ any_template /* Define Protocol independent filter template */ ) ) ), "ethernet-switching" ( /* Protocol family Ethernet Switching for firewall filter */ c( "filter" ( /* Define an Ethernet Switching firewall filter */ es_filter /* Define an Ethernet Switching firewall filter */ ), "template" ( /* Define an ethernet switching firewall template */ es_template /* Define an ethernet switching firewall template */ ) ) ) ) ), "policer" ( /* Policer template definition */ firewall_policer /* Policer template definition */ ), "flexible-match" ( /* Flexible packet match template definition */ firewall_flexible_match /* Flexible packet match template definition */ ), "tunnel-end-point" ( /* Tunnel end-point template definition */ tunnel_end_point /* Tunnel end-point template definition */ ), "hierarchical-policer" ( /* Hierarchical policer template definition */ firewall_hierpolicer /* Hierarchical policer template definition */ ), "interface-set" ( /* Interface set definition */ interface_set_type /* Interface set definition */ ), "load-balance-group" ( /* Load-balance group definition */ firewall_load_balance_group /* Load-balance group definition */ ), "atm-policer" ( /* Atm policer */ atm_policer_type /* Atm policer */ ), "three-color-policer" ( /* Three-color policer */ three_color_policer_type /* Three-color policer */ ), "filter" ( /* Define an IPv4 firewall filter */ inet_filter /* Define an IPv4 firewall filter */ ) ) ), "multicast-snooping-options" ( /* Multicast snooping option configuration */ juniper_multicast_snooping_options /* Multicast snooping option configuration */ ), "services" ( /* Service PIC daemon configuration */ c( "flow-monitoring" ( /* Configure flow monitoring under logical-systems */ c( "version9" ( /* Version 9 configuration */ c( "template" ( /* One or more version 9 templates */ version9_template /* One or more version 9 templates */ ) ) ) ) ) ) ), "bridge-domains" ( /* Bridge domain configuration */ c( juniper_bridge_domains ) ), "switch-options" ( /* Options for default routing-instance of type virtual-switch */ juniper_def_rtb_switch_options /* Options for default routing-instance of type virtual-switch */ ), "vlans" ( /* VLAN configuration */ c( vlan_types /* Virtual LAN */ ) ) ) ) end rule(:arp_interface_type) do arg.as(:arg) ( c( "aging-timer" arg /* Change the ARP aging time value */ ) ) end rule(:cflowd_sampling_inet_lr_inst_type) do arg.as(:arg) ( c( "port" arg /* UDP port number on host collecting cflowd packets */, "dscp" arg /* Numeric DSCP value in the range 0 to 63 */, "forwarding-class" arg /* Forwarding-class for exported jflow packets, applicable only for inline-jflow */, "routing-instance" arg /* Name of routing instance on which flow collector is reachable */, "autonomous-system-type" ( /* Type of autonomous system number to export */ ("origin" | "peer") ), "aggregation" ( /* Aggregations to perform for exported flows (version 8 only) */ aggregation_type /* Aggregations to perform for exported flows (version 8 only) */ ), "local-dump" /* Dump cflowd records to log file before exporting */, "no-local-dump" /* Don't dump cflowd records to log file before exporting */, "source-address" ( /* Source IPv4 address for cflowd packets */ ipv4addr /* Source IPv4 address for cflowd packets */ ), "version9" ( /* Export data in version 9 format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ), "version-ipfix" ( /* Export data in version ipfix format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ) ) ) end rule(:aggregation_type) do c( "autonomous-system" /* Aggregate by autonomous system number */, "protocol-port" /* Aggregate by protocol and port number */, "source-prefix" /* Aggregate by source prefix */, "destination-prefix" /* Aggregate by destination prefix */, "source-destination-prefix" ( /* Aggregate by source and destination prefix */ c( "caida-compliant" /* Compatible with Caida record format for prefix aggregation (v8) */ ) ) ) end rule(:cflowd_sampling_inet_lr_type) do arg.as(:arg) ( c( "port" arg /* UDP port number on host collecting cflowd packets */, "dscp" arg /* Numeric DSCP value in the range 0 to 63 */, "forwarding-class" arg /* Forwarding-class for exported jflow packets, applicable only for inline-jflow */, "routing-instance" arg /* Name of routing instance on which flow collector is reachable */, "autonomous-system-type" ( /* Type of autonomous system number to export */ ("origin" | "peer") ), "aggregation" ( /* Aggregations to perform for exported flows (version 8 only) */ aggregation_type /* Aggregations to perform for exported flows (version 8 only) */ ), "local-dump" /* Dump cflowd records to log file before exporting */, "no-local-dump" /* Don't dump cflowd records to log file before exporting */, "source-address" ( /* Source IPv4 address for cflowd packets */ ipv4addr /* Source IPv4 address for cflowd packets */ ), "version9" ( /* Export data in version 9 format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ), "version-ipfix" ( /* Export data in version ipfix format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ) ) ) end rule(:cflowd_sampling_mpls_lr_inst_type) do arg.as(:arg) ( c( "port" arg /* UDP port number on host collecting cflowd packets */, "dscp" arg /* Numeric DSCP value in the range 0 to 63 */, "forwarding-class" arg /* Forwarding-class for exported jflow packets, applicable only for inline-jflow */, "routing-instance" arg /* Name of routing instance on which flow collector is reachable */, "autonomous-system-type" ( /* Type of autonomous system number to export */ ("origin" | "peer") ), "aggregation" ( /* Aggregations to perform for exported flows (version 8 only) */ aggregation_type /* Aggregations to perform for exported flows (version 8 only) */ ), "local-dump" /* Dump cflowd records to log file before exporting */, "no-local-dump" /* Don't dump cflowd records to log file before exporting */, "source-address" ( /* Source IPv4 address for cflowd packets */ ipv4addr /* Source IPv4 address for cflowd packets */ ), "version9" ( /* Export data in version 9 format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ), "version-ipfix" ( /* Export data in version ipfix format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ) ) ) end rule(:cflowd_sampling_mpls_lr_type) do arg.as(:arg) ( c( "port" arg /* UDP port number on host collecting cflowd packets */, "dscp" arg /* Numeric DSCP value in the range 0 to 63 */, "forwarding-class" arg /* Forwarding-class for exported jflow packets, applicable only for inline-jflow */, "routing-instance" arg /* Name of routing instance on which flow collector is reachable */, "autonomous-system-type" ( /* Type of autonomous system number to export */ ("origin" | "peer") ), "aggregation" ( /* Aggregations to perform for exported flows (version 8 only) */ aggregation_type /* Aggregations to perform for exported flows (version 8 only) */ ), "local-dump" /* Dump cflowd records to log file before exporting */, "no-local-dump" /* Don't dump cflowd records to log file before exporting */, "source-address" ( /* Source IPv4 address for cflowd packets */ ipv4addr /* Source IPv4 address for cflowd packets */ ), "version9" ( /* Export data in version 9 format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ), "version-ipfix" ( /* Export data in version ipfix format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ) ) ) end rule(:jdhcp_local_server_type) do c( "traceoptions" ( /* DHCP local server trace options */ jdhcp_traceoptions_type /* DHCP local server trace options */ ), "interface-traceoptions" ( /* DHCP local server interface trace options */ jdhcp_interface_traceoptions_type /* DHCP local server interface trace options */ ), "dhcpv6" ( /* DHCPv6 configuration */ dhcpv6_local_server_type /* DHCPv6 configuration */ ), "pool-match-order" enum(("external-authority" | "ip-address-first" | "option-82" | "option-82-strict")) /* Define order of attribute matching for pool selection */, "duplicate-clients-on-interface" /* Allow duplicate clients on different interfaces in a subnet */, "duplicate-clients-in-subnet" ( /* Allow duplicate clients in a subnet */ jdhcp_duplicate_clients_in_subnet_type /* Allow duplicate clients in a subnet */ ).as(:oneline), "forward-snooped-clients" ( /* Forward snooped (unicast) packets */ sc( c( "configured-interfaces" /* Forward snooped (unicast) packets on configured interfaces */, "non-configured-interfaces" /* Forward snooped (unicast) packets on non-configured interfaces */, "all-interfaces" /* Forward snooped (unicast) packets on configured and non-configured interfaces */ ) ) ).as(:oneline), "authentication" ( /* DHCP authentication */ authentication_type /* DHCP authentication */ ), "liveness-detection" ( /* DHCP client liveness detection processing */ dhcp_liveness_detection_type /* DHCP client liveness detection processing */ ), "reconfigure" ( /* DHCP reconfigure processing */ reconfigure_type /* DHCP reconfigure processing */ ), "overrides" ( /* DHCP override processing */ override_local_server_type /* DHCP override processing */ ), "dynamic-profile" ( /* Dynamic profile to use */ dynamic_profile_type /* Dynamic profile to use */ ).as(:oneline), "service-profile" arg /* Dynamic profile to use for default service activation */, "access-profile" arg /* Access profile to use for AAA services */, "short-cycle-protection" ( /* Short cycle lockout configuration */ sc( "lockout-min-time" arg /* Short cycle lockout time in seconds */, "lockout-max-time" arg /* Short cycle lockout time in seconds */ ) ).as(:oneline), "route-suppression" ( /* Suppress access-internal and/or destination route addition */ dhcp_route_suppression_type /* Suppress access-internal and/or destination route addition */ ), "group" ( /* Define a DHCP local server group */ dhcp_local_server_group /* Define a DHCP local server group */ ), "dual-stack-group" ( /* Define a DHCP dual stack group */ dhcp_local_server_dual_stack_group /* Define a DHCP dual stack group */ ), "lease-time-validation" ( /* Configure lease time violation validation */ c( "lease-time-threshold" arg /* Threshold for lease time violation seconds */, "violation-action" ( /* Lease time validation violation action */ sc( c( "strict" /* Reject discover and renew */, "override-lease" /* Override assigned lease time with threshold */ ) ) ).as(:oneline) ) ), c( "requested-ip-network-match" arg /* Subnet to match server's address for active and giaddr for passive clients */, "requested-ip-interface-match" /* Use incoming-interface's subnet to check */ ), "no-snoop" /* Do not snoop DHCP packets */, "persistent-storage" ( /* Trigger to enable flat file storage */ sc( "automatic" /* Trigger automatically */ ) ).as(:oneline), "allow-leasequery" ( /* Allow DHCP leasequery */ server_leasequery_type /* Allow DHCP leasequery */ ), "remote-id-mismatch" ( /* DHCP client remote-id mismatch */ dhcp_remote_id_mismatch_type /* DHCP client remote-id mismatch */ ), "reauthenticate" ( /* DHCP client reauthenticate processing */ sc( "lease-renewal" /* Reauthenticate on each renew, rebind, DISCOVER or SOLICIT */, "remote-id-mismatch" /* Reauthenticate on remote-id mismatch for renew, rebind and re-negotiation */ ) ).as(:oneline), "allow-bulk-leasequery" ( /* Allow DHCP bulk leasequery */ server_bulk_leasequery_type /* Allow DHCP bulk leasequery */ ), "allow-active-leasequery" ( /* Allow DHCP active leasequery */ server_active_leasequery_type /* Allow DHCP active leasequery */ ) ) end rule(:dhcp_local_server_dual_stack_group) do arg.as(:arg) ( c( "authentication" ( /* DHCP authentication */ dual_stack_authentication_type /* DHCP authentication */ ), "access-profile" arg /* Access profile to be used for jdhcpd */, "dynamic-profile" ( /* Dynamic profile to use */ dynamic_profile_type /* Dynamic profile to use */ ).as(:oneline), "service-profile" arg /* Dynamic profile to use for default service activation */, "on-demand-address-allocation" /* Allocate addresses on demand */, "classification-key" ( /* Classification key for identifying dual stack household */ classification_types /* Classification key for identifying dual stack household */ ), "dual-stack-interface-client-limit" arg /* Limit the number of client allowed on an interface */, "protocol-master" ( /* Select family as protocol master */ jdhcp_dual_stack_protocol_mstr_type /* Select family as protocol master */ ).as(:oneline), "liveness-detection" ( /* DHCP client liveness detection processing */ dhcp_liveness_detection_dualstack_type /* DHCP client liveness detection processing */ ), "reauthenticate" ( /* DHCP client reauthenticate processing */ sc( "lease-renewal" /* Reauthenticate on each renew, rebind, DISCOVER or SOLICIT */, "remote-id-mismatch" /* Reauthenticate on remote-id mismatch for renew, rebind and re-negotiation */ ) ).as(:oneline), "short-cycle-protection" ( /* Short cycle lockout configuration */ sc( "lockout-min-time" arg /* Short cycle lockout time in seconds */, "lockout-max-time" arg /* Short cycle lockout time in seconds */ ) ).as(:oneline) ) ) end rule(:dhcp_local_server_group) do arg.as(:arg) ( c( "authentication" ( /* DHCP authentication */ authentication_type /* DHCP authentication */ ), "liveness-detection" ( /* DHCP client liveness detection processing */ dhcp_liveness_detection_type /* DHCP client liveness detection processing */ ), "reconfigure" ( /* DHCP reconfigure processing */ reconfigure_type /* DHCP reconfigure processing */ ), "overrides" ( /* DHCP override processing */ override_local_server_type /* DHCP override processing */ ), "dynamic-profile" ( /* Dynamic profile to use */ dynamic_profile_type /* Dynamic profile to use */ ).as(:oneline), "service-profile" arg /* Dynamic profile to use for default service activation */, "access-profile" arg /* Access profile to use for AAA services */, "short-cycle-protection" ( /* Short cycle lockout configuration */ sc( "lockout-min-time" arg /* Short cycle lockout time in seconds */, "lockout-max-time" arg /* Short cycle lockout time in seconds */ ) ).as(:oneline), "route-suppression" ( /* Suppress access-internal and/or destination route addition */ dhcp_route_suppression_type /* Suppress access-internal and/or destination route addition */ ), "interface" arg ( /* One or more interfaces */ c( "upto" ( /* Interface up to */ interface_name /* Interface up to */ ), "exclude" /* Exclude this interface range */, "trace" /* Enable tracing for this interface */, "overrides" ( /* DHCP override processing */ override_local_server_type /* DHCP override processing */ ), "dynamic-profile" ( /* Dynamic profile to use */ dynamic_profile_type /* Dynamic profile to use */ ).as(:oneline), "service-profile" arg /* Dynamic profile to use for default service activation */, "access-profile" arg /* Access profile to use for AAA services */, "short-cycle-protection" ( /* Short cycle lockout configuration */ sc( "lockout-min-time" arg /* Short cycle lockout time in seconds */, "lockout-max-time" arg /* Short cycle lockout time in seconds */ ) ).as(:oneline) ) ), "lease-time-validation" ( /* Configure lease time violation validation */ c( "lease-time-threshold" arg /* Threshold for lease time violation seconds */, "violation-action" ( /* Lease time validation violation action */ sc( c( "strict" /* Reject discover and renew */, "override-lease" /* Override assigned lease time with threshold */ ) ) ).as(:oneline) ) ), "remote-id-mismatch" ( /* DHCP client remote-id mismatch */ dhcp_remote_id_mismatch_type /* DHCP client remote-id mismatch */ ), "reauthenticate" ( /* DHCP client reauthenticate processing */ sc( "lease-renewal" /* Reauthenticate on each renew, rebind, DISCOVER or SOLICIT */, "remote-id-mismatch" /* Reauthenticate on remote-id mismatch for renew, rebind and re-negotiation */ ) ).as(:oneline) ) ) end rule(:dhcpv6_local_server_type) do c( "authentication" ( /* DHCPv6 authentication */ dhcpv6_authentication_type /* DHCPv6 authentication */ ), "liveness-detection" ( /* DHCPv6 client liveness detection processing */ dhcpv6_liveness_detection_type /* DHCPv6 client liveness detection processing */ ), "reconfigure" ( /* DHCPv6 reconfigure processing */ dhcpv6_reconfigure_type /* DHCPv6 reconfigure processing */ ), "dynamic-profile" ( /* Dynamic profile to use */ dynamic_profile_type /* Dynamic profile to use */ ).as(:oneline), "forward-snooped-clients" ( /* Forward snooped (unicast) packets */ sc( c( "configured-interfaces" /* Forward snooped (unicast) packets on configured interfaces */, "non-configured-interfaces" /* Forward snooped (unicast) packets on non-configured interfaces */, "all-interfaces" /* Forward snooped (unicast) packets on configured and non-configured interfaces */ ) ) ).as(:oneline), "service-profile" arg /* Dynamic profile to use for default service activation */, "access-profile" arg /* Access profile to use for AAA services */, "short-cycle-protection" ( /* Short cycle lockout configuration */ sc( "lockout-min-time" arg /* Short cycle lockout time in seconds */, "lockout-max-time" arg /* Short cycle lockout time in seconds */ ) ).as(:oneline), "overrides" ( /* DHCPv6 override processing */ dhcpv6_override_local_server_type /* DHCPv6 override processing */ ), "route-suppression" ( /* Suppress access-internal and/or access route addition */ dhcpv6_route_suppression_type /* Suppress access-internal and/or access route addition */ ), "group" ( /* Define a DHCPv6 local server group */ dhcpv6_local_server_group /* Define a DHCPv6 local server group */ ), "lease-time-validation" ( /* Configure lease time violation validation */ c( "lease-time-threshold" arg /* Threshold for lease time violation seconds */, "violation-action" ( /* Lease time validation violation action */ sc( c( "strict" /* Reject solicit and renew */, "override-lease" /* Override assigned lease time with threshold */ ) ) ).as(:oneline) ) ), c( "requested-ip-network-match" arg /* Subnet to match server's address for active and link-address for passive clients */, "requested-ip-interface-match" /* Use incoming-interface's subnet to check */ ), "no-snoop" /* Do not snoop DHCPV6 packets */, "persistent-storage" ( /* Trigger to enable flat file storage */ sc( "automatic" /* Trigger automatically */ ) ).as(:oneline), "server-duid-type" ( /* Define the DUID type to be used as the Server ID. Type supported is DUID-LL */ duid_type /* Define the DUID type to be used as the Server ID. Type supported is DUID-LL */ ), "remote-id-mismatch" ( /* DHCP client remote-id mismatch */ dhcp_remote_id_mismatch_type /* DHCP client remote-id mismatch */ ), "reauthenticate" ( /* DHCP client reauthenticate processing */ sc( "lease-renewal" /* Reauthenticate on each renew, rebind, DISCOVER or SOLICIT */, "remote-id-mismatch" /* Reauthenticate on remote-id mismatch for renew, rebind and re-negotiation */ ) ).as(:oneline), "allow-leasequery" ( /* Allow DHCPv6 leasequery */ server_leasequery_type /* Allow DHCPv6 leasequery */ ), "allow-bulk-leasequery" ( /* Allow DHCPv6 bulk leasequery */ server_bulk_leasequery_type /* Allow DHCPv6 bulk leasequery */ ), "allow-active-leasequery" ( /* Allow DHCPv6 active leasequery */ server_active_leasequery_type /* Allow DHCPv6 active leasequery */ ), "duplicate-clients" ( /* Allow duplicate clients */ dhcpv6_duplicate_clients_type /* Allow duplicate clients */ ).as(:oneline), "dynamic-server" ( /* DHCPv6 dynamic server configuration */ dhcpv6_dynamic_server_type /* DHCPv6 dynamic server configuration */ ) ) end rule(:dhcpv6_dynamic_server_type) do c( "overrides" ( /* DHCPv6 override processing */ dhcpv6_override_dynamic_server_type /* DHCPv6 override processing */ ), "group" ( /* Define a DHCPv6 dynamic server group */ dhcpv6_dynamic_server_group /* Define a DHCPv6 dynamic server group */ ) ) end rule(:dhcpv6_dynamic_server_group) do arg.as(:arg) ( c( "neighbor-discovery-router-advertisement" arg /* Designated NDRA pool for this group */, "overrides" ( /* DHCP override processing */ dhcpv6_override_dynamic_server_type /* DHCP override processing */ ), "interface" arg ( /* One or more interfaces */ c( "overrides" ( /* DHCP override processing */ dhcpv6_override_dynamic_server_type /* DHCP override processing */ ) ) ) ) ) end rule(:dhcpv6_local_server_group) do arg.as(:arg) ( c( "authentication" ( /* DHCP authentication */ dhcpv6_authentication_type /* DHCP authentication */ ), "liveness-detection" ( /* DHCPv6 client liveness detection processing */ dhcpv6_liveness_detection_type /* DHCPv6 client liveness detection processing */ ), "reconfigure" ( /* DHCPv6 reconfigure processing */ dhcpv6_reconfigure_type /* DHCPv6 reconfigure processing */ ), "dynamic-profile" ( /* Dynamic profile to use */ dynamic_profile_type /* Dynamic profile to use */ ).as(:oneline), "service-profile" arg /* Dynamic profile to use for default service activation */, "access-profile" arg /* Access profile to use for AAA services */, "short-cycle-protection" ( /* Short cycle lockout configuration */ sc( "lockout-min-time" arg /* Short cycle lockout time in seconds */, "lockout-max-time" arg /* Short cycle lockout time in seconds */ ) ).as(:oneline), "overrides" ( /* DHCP override processing */ dhcpv6_override_local_server_type /* DHCP override processing */ ), "route-suppression" ( /* Suppress access-internal and/or access route addition */ dhcpv6_route_suppression_type /* Suppress access-internal and/or access route addition */ ), "interface" arg ( /* One or more interfaces */ c( "upto" ( /* Interface up to */ interface_name /* Interface up to */ ), "exclude" /* Exclude this interface range */, "trace" /* Enable tracing for this interface */, "overrides" ( /* DHCP override processing */ dhcpv6_override_local_server_type /* DHCP override processing */ ), "dynamic-profile" ( /* Dynamic profile to use */ dynamic_profile_type /* Dynamic profile to use */ ).as(:oneline), "service-profile" arg /* Dynamic profile to use for default service activation */, "access-profile" arg /* Access profile to use for AAA services */, "short-cycle-protection" ( /* Short cycle lockout configuration */ sc( "lockout-min-time" arg /* Short cycle lockout time in seconds */, "lockout-max-time" arg /* Short cycle lockout time in seconds */ ) ).as(:oneline) ) ), "lease-time-validation" ( /* Configure lease time violation validation */ c( "lease-time-threshold" arg /* Threshold for lease time violation seconds */, "violation-action" ( /* Lease time validation violation action */ sc( c( "strict" /* Reject solicit and renew */, "override-lease" /* Override assigned lease time with threshold */ ) ) ).as(:oneline) ) ), "remote-id-mismatch" ( /* DHCP client remote-id mismatch */ dhcp_remote_id_mismatch_type /* DHCP client remote-id mismatch */ ), "reauthenticate" ( /* DHCP client reauthenticate processing */ sc( "lease-renewal" /* Reauthenticate on each renew, rebind, DISCOVER or SOLICIT */, "remote-id-mismatch" /* Reauthenticate on remote-id mismatch for renew, rebind and re-negotiation */ ) ).as(:oneline) ) ) end rule(:dhcpv6_override_dynamic_server_type) do c( "interface-client-limit" arg /* Limit the number of clients allowed on an interface */, "rapid-commit" /* Enable rapid commit processing */, "process-inform" ( /* Process INFORMATION request PDUs */ c( "pool" arg /* Pool name for family inet6 */ ) ), "delegated-pool" arg /* Delegated pool name for inet6 */, "ia-na-pool" arg /* IA_NA pool name for inet6 */ ) end rule(:dhcpv6_override_local_server_type) do c( "interface-client-limit" arg /* Limit the number of clients allowed on an interface */, "rapid-commit" /* Enable rapid commit processing */, "client-negotiation-match" ( /* Use secondary match criteria for SOLICIT PDU */ sc( c( "incoming-interface" /* Use incoming interface */ ) ) ).as(:oneline), "process-inform" ( /* Process INFORMATION request PDUs */ c( "pool" arg /* Pool name for family inet6 */ ) ), "delay-advertise" ( /* Filter options for dhcp-server */ dhcpv6_filter_option /* Filter options for dhcp-server */ ), "delegated-pool" arg /* Delegated pool name for inet6 */, "multi-address-embedded-option-response" /* If the client requests multiple addresses place the options in each address */, "always-process-option-request-option" /* Always process option even after address allocation failure */, "delete-binding-on-renegotiation" /* Delete binding on renegotiation */, "top-level-status-code" /* A top level status code option rather than encapsulated in IA for NoAddrsAvail in Advertise PDUs */, "always-add-option-dns-server" /* Add option-23, DNS recursive name server in Advertise and Reply */, "asymmetric-lease-time" arg /* Use a reduced lease time for the client. In seconds */, "asymmetric-prefix-lease-time" arg /* Use a reduced prefix lease time for the client. In seconds */, "protocol-attributes" arg /* DHCPv6 attributes to use as defined under access protocol-attributes */, "dual-stack" arg /* Dual stack group to use */ ) end rule(:dhcpv6_filter_option) do c( "delay-time" arg /* Time delay between solicit and advertise */, "based-on" ( /* Option number */ c( "option-18" ( /* Option 18 */ c( "equals" ( /* Generic option equals */ server_v6_option_ascii_hex /* Generic option equals */ ), "not-equals" ( /* Generic option not equals */ server_v6_option_ascii_hex /* Generic option not equals */ ), "starts-with" ( /* Generic option starts-with */ server_v6_option_ascii_hex /* Generic option starts-with */ ) ) ), "option-37" ( /* Option 37 */ c( "equals" ( /* Generic option equals */ server_v6_option_ascii_hex /* Generic option equals */ ), "not-equals" ( /* Generic option not equals */ server_v6_option_ascii_hex /* Generic option not equals */ ), "starts-with" ( /* Generic option starts-with */ server_v6_option_ascii_hex /* Generic option starts-with */ ) ) ), "option-15" ( /* Option 15 */ c( "equals" ( /* Generic option equals */ server_v6_option_ascii_hex /* Generic option equals */ ), "not-equals" ( /* Generic option not equals */ server_v6_option_ascii_hex /* Generic option not equals */ ), "starts-with" ( /* Generic option starts-with */ server_v6_option_ascii_hex /* Generic option starts-with */ ) ) ), "option-16" ( /* Option 16 */ c( "equals" ( /* Generic option equals */ server_v6_option_ascii_hex /* Generic option equals */ ), "not-equals" ( /* Generic option not equals */ server_v6_option_ascii_hex /* Generic option not equals */ ), "starts-with" ( /* Generic option starts-with */ server_v6_option_ascii_hex /* Generic option starts-with */ ) ) ) ) ) ) end rule(:dhcpv6_reconfigure_type) do c( "strict" /* Only allow packets containing Reconfigure Accept Option */, "clear-on-abort" /* Delete client on reconfiguration abort */, "attempts" arg /* Number of reconfigure attempts before aborting */, "timeout" arg /* Initial timeout value for retry */, "token" arg /* Reconfigure token */, "trigger" ( /* DHCP reconfigure trigger */ reconfigure_trigger_type /* DHCP reconfigure trigger */ ), "support-option-pd-exclude" /* Request prefix exclude option in reconfigure message */ ) end rule(:duid_type) do c( "duid_ll" /* Link Layer Address based DUID */ ) end rule(:jdhcp_proxy_client_type) do c( "dhcpv4-profiles" ( /* DHCPv4 proxy client profile configuration */ dhcpv4_profile /* DHCPv4 proxy client profile configuration */ ), "dhcpv6-profiles" ( /* DHCPv6 proxy client profile configuration */ dhcpv6_profile /* DHCPv6 proxy client profile configuration */ ), "traceoptions" ( /* DHCP proxy-client trace options */ jdhcp_traceoptions_type /* DHCP proxy-client trace options */ ) ) end rule(:dhcpv4_profile) do arg.as(:arg) ( c( "pool-name" arg /* This pool name will be sent to sever in subnet-name-suboption(3) of subnet allocation option(220). It is optional. It shall be sent only if configured. */, "lease-time" arg /* Default least time requested in seconds. If DHCP client does not get the lease time from DHCP server, it will use this default lease time as the lease time. By default, the value of lease-time is zero */, "retransmission-attempt" arg /* Number of attempts to retransmit the DHCP client protocol message */, "retransmission-interval" arg /* Number of seconds between successive retransmissions of DHCP client protocols messages */, "dead-server-retry-interval" arg /* Number of seconds before reconnecting to a server which was marked as down in previous attempts */, "dhcp-server-selection-algorithm" ( /* DHCP server selection algorithm to be used */ ("highest-priority-server" | "round-robin") ), "dead-server-successive-retry-attempt" arg /* Number of successive retry attempts before declaring an unresponsive server as dead */, "bind-interface" ( /* Primary IPv4 address of bind-interface is source of DHCP packets */ interface_unit /* Primary IPv4 address of bind-interface is source of DHCP packets */ ), "servers" arg ( /* DHCP server */ c( "priority" arg /* Server priority */ ) ) ) ) end rule(:dhcpv6_profile) do arg.as(:arg) ( c( "pool-name" arg /* This pool name will be sent to sever in subnet-name-suboption(3) of subnet allocation option(220). It is optional. It shall be sent only if configured. */, "lease-time" arg /* Default least time requested in seconds. If DHCP client does not get the lease time from DHCP server, it will use this default lease time as the lease time. By default, the value of lease-time is zero */, "retransmission-attempt" arg /* Number of attempts to retransmit the DHCP client protocol message */, "retransmission-interval" arg /* Number of seconds between successive retransmissions of DHCP client protocols messages */, "bind-interface" ( /* Source interface of DHCP control packets */ interface_unit /* Source interface of DHCP control packets */ ) ) ) end rule(:jsscd_static_subscribers_type) do c( "access-profile" ( /* Access profile reference */ jsscd_access_profile_type /* Access profile reference */ ), "dynamic-profile" ( /* Dynamic profile reference */ jsscd_dynamic_profile_type /* Dynamic profile reference */ ), "service-profile" ( /* Dynamic profile to use for default service activation */ jsscd_service_profile_type /* Dynamic profile to use for default service activation */ ), "authentication" ( /* Static Subscriber Client authentication */ jsscd_authentication_type /* Static Subscriber Client authentication */ ), "group" ( /* Static Subscriber Client group configuration */ jsscd_group_type /* Static Subscriber Client group configuration */ ), "auto-login" /* Auto login the operator logged-out static subscribers */, "baseline-stats" /* Baseline the statistics for static subscribers */, "interface" arg ( /* One or more interfaces */ c( "subscriber-ip-address" ( /* Assigned IP address to report externally */ c( ipv4addr /* IPv4 address */ ) ), "subscriber-ipv6-address" ( /* Assigned IPv6 address to report externally */ c( ipv6prefix /* IPv6 Address or Prefix */ ) ) ) ) ) end rule(:jsscd_access_profile_type) do c( arg /* Profile name */ ) end rule(:jsscd_authentication_type) do c( "password" ( /* Username password to use */ unreadable /* Username password to use */ ), "username-include" ( /* Add username options */ c( "delimiter" arg /* Change delimiter/separator character */, "domain-name" arg /* Add domain name */, "user-prefix" arg /* Add user defined prefix */, "interface" /* Include interface name */, "logical-system-name" /* Include logical system name */, "routing-instance-name" /* Include routing instance name */, "vlan-tags" /* Include vlan tag(s) */ ) ) ) end rule(:jsscd_dynamic_profile_type) do c( arg, "aggregate-clients" ( /* Aggregate client profiles */ c( c( "merge" /* Merge the client dynamic profiles */, "replace" /* Replace client dynamic profiles */ ) ) ) ) end rule(:jsscd_group_type) do arg.as(:arg) ( c( "service-profile" ( /* Dynamic profile to use for default service activation */ jsscd_service_profile_type /* Dynamic profile to use for default service activation */ ), "access-profile" ( /* Access profile reference */ jsscd_access_profile_type /* Access profile reference */ ), "dynamic-profile" ( /* Dynamic profile reference */ jsscd_dynamic_profile_type /* Dynamic profile reference */ ), "authentication" ( /* Static Subscriber Client authentication */ jsscd_authentication_type /* Static Subscriber Client authentication */ ), "interface" arg ( /* One or more interfaces */ sc( "upto" ( /* Interface up to */ interface_unit /* Interface up to */ ), "exclude" /* Exclude this interface range */ ) ).as(:oneline), "auto-login" /* Auto login the operator logged-out static subscribers */ ) ) end rule(:jsscd_service_profile_type) do c( arg ) end rule(:juniper_mobile_diameter) do c( "traceoptions" ( /* Trace options related to DIAMETER servers */ diameter_traceoptions /* Trace options related to DIAMETER servers */ ), "origin" ( /* Origin attributes of this diameter instance */ c( "realm" arg /* Origin realm of this diameter instance */, "host" arg /* Origin host of this diameter instance */ ) ), "vendor-id" arg /* Vendor-Id to advertize in Capability-Exchange */, "firmware-revision" arg /* Firmware-Revision to advertize in Capability-Exchange */, "product-name" arg /* Product-Name to advertize in Capability-Exchange */, "network-element" arg ( /* Network element of this diameter instance */ c( "function" ( /* Diameter function associated with by this network element */ ("pcc-gx" | "dcca-gy") ), "peer" arg ( /* Peer associated with this network element */ c( "priority" arg /* Peer priority with this network element */, "timeout" arg /* Peer timeout with this network element in seconds */ ) ) ) ), "transport" arg ( /* Diameter transport configuration */ c( "address" ( /* Source IP address for a peer */ ipaddr /* Source IP address for a peer */ ), c( "logical-system" ( /* Logical system to be used by transport */ sc( arg /* Name of logical system */, "routing-instance" arg /* Routing instance to be used by transport */ ) ).as(:oneline), "routing-instance" arg /* Routing instance of server to which to forward */ ) ) ), "peer" arg ( /* Diameter peer configuration */ c( "address" ( /* IP Address of Diameter peer */ ipaddr /* IP Address of Diameter peer */ ), "connect-actively" ( c( "transport" arg /* Name of transport */, "port" arg /* Peer port */, "capabilities-exchange-timeout" arg /* Time to wait in Wait-I-CEA state */, "repeat-timeout" arg /* Timer to reconnect after getting DO_NOT_WANT_TO_TALK_TO_YOU in DPR */, "retry-timeout" arg /* Time to wait between connection attempts */, "timeout" arg /* Time to wait in Wait-Conn-Ack state */ ) ), "incoming-queue" ( /* Incoming queue properties of this peer */ c( "size" arg /* Incoming queue size for this peer */ ) ), "outgoing-queue" ( /* Outgoing queue properties of this peer */ c( "size" arg /* Outgoing queue size for this peer */, "low-watermark" arg /* Low watermark in percentage for outgoing queue of this peer */, "high-watermark" arg /* High watermark in percentage for outgoing queue of this peer */ ) ), "watchdog-timeout" arg /* Time to wait for Device-Watchdog-Answer */, "connection-timeout" arg /* Time to wait in Wait-Conn-Ack state */, "connection-repeat-timeout" arg /* Timer to reconnect after getting DO_NOT_WANT_TO_TALK_TO_YOU in DPR */, "capabilities-exchange-timeout" arg /* Time to wait in Wait-I-CEA state */, "disconnect-peer-timeout" arg /* Time to wait in Closing state */, "connection-retry-timeout" arg /* Time to wait between connection attempts */, "origin-host-prefix" arg /* Peer-specific prefix for local Origin-Host */ ) ), "applications" ( /* Diameter applications related configuration */ c( "pcc-gx" ( /* Policy and Charging Control Application Gx configuration */ c( "maximum-pending-requests" arg /* Maximum pending requests for this application */ ) ), "dcca-gy" ( /* Diameter Credit Control Application Gy configuration */ c( "maximum-pending-requests" arg /* Maximum pending requests for this application */ ) ) ) ) ) end rule(:diameter_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("send" | "send-detail" | "receive" | "receive-detail" | "timeout" | "state" | "all")) /* Tracing parameters */.as(:oneline), "peer" arg /* Trace packet sent to or received from the peer[s] */ ) end rule(:juniper_monitoring_options) do arg.as(:arg) ( c( "family" ( /* Address family of packets to monitor */ c( "inet" ( /* Monitor IPv4 packets */ c( "input" ( /* Monitor data acquisition */ monitoring_input_type /* Monitor data acquisition */ ), "output" ( /* Monitoring data disposition */ monitoring_output_type /* Monitoring data disposition */ ) ) ) ) ) ) ) end rule(:juniper_multicast_snooping_options) do c( "options" ( /* Miscellaneous options */ c( "syslog" ( /* Set system logging level */ c( "level" ( /* Logging level */ sc( "emergency" /* Emergency level */, "alert" /* Alert level */, "critical" /* Critical level */, "error" /* Error level */, "warning" /* Warning level */, "notice" /* Notice level */, "info" /* Informational level */, "debug" /* Debugging level */ ) ).as(:oneline), "upto" ( /* Log up to a particular logging level */ ("emergency" | "alert" | "critical" | "error" | "warning" | "notice" | "info" | "debug") ), "mark" arg /* Periodically mark the trace file */ ) ) ) ), "traceoptions" ( /* Multicast snooping trace options */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("parse" | "config-internal" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "forwarding-cache" ( /* Multicast forwarding cache */ c( "threshold" ( /* Threshold */ c( "suppress" arg /* Suppress threshold */, "reuse" arg /* Reuse threshold */ ) ) ) ), "flood-groups" ( /* Groups for which the traffic will be flooded */ ipaddr /* Groups for which the traffic will be flooded */ ), "host-outbound-traffic" ( /* Host generated protocol packets */ c( "forwarding-class" arg /* Forwarding class name */, "dot1p" arg /* Dot1p bits */ ) ), "graceful-restart" ( /* Configure graceful restart attributes */ c( ("disable"), "restart-duration" arg /* Maximum time for graceful restart to finish */ ) ), "ignore-stp-topology-change" /* Don't process stp topology change */, "multichassis-lag-replicate-state" ( /* Enable multichassis lag replication */ c( "suppress-report" /* Enable mclag report suppression */ ) ), "oism" ( /* Optimized inter subnet multicast options */ c( "install-star-g-routes" /* Install (*,G) multicast routes in data plane */ ) ), "nexthop-hold-time" arg /* Nexthop hold time in milliseconds */ ) end rule(:juniper_next_hop_group_options) do arg.as(:arg) ( c( "group-type" ( /* Next hop group type */ ("inet" | "layer-2" | "inet6") ), "interface" ( /* Interfaces through which to send sampled traffic */ next_hop_group_intf_type /* Interfaces through which to send sampled traffic */ ), "next-hop-subgroup" ( /* Group of interfaces through which to send sampled traffic */ juniper_next_hop_subgroup_options /* Group of interfaces through which to send sampled traffic */ ) ) ) end rule(:juniper_next_hop_subgroup_options) do arg.as(:arg) ( c( "interface" ( /* Interface through which to send the sampled traffic */ next_hop_subgroup_intf_type /* Interface through which to send the sampled traffic */ ) ) ) end rule(:juniper_packet_accounting_options) do arg.as(:arg) ( c( "output" ( /* Accounting data disposition */ packet_accounting_output_type /* Accounting data disposition */ ) ) ) end rule(:juniper_packet_capture_options) do c( ("disable"), "file" ( /* Parameters for file that contains captured packets */ sc( "filename" arg /* Name of file */, "files" arg /* Maximum number of files */, "size" arg /* Maximum file size */, "world-readable" /* Allow any user to read packet-capture files */, "no-world-readable" /* Don't allow any user to read packet-capture files */ ) ).as(:oneline), "maximum-capture-size" arg /* Maximum packet size to capture */ ) end rule(:juniper_pic_services_logging_options) do c( "traceoptions" ( /* Fsad trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("init" | "bookkeeping" | "connections" | "charging" | "flow-collector" | "all")) /* Tracing parameters */.as(:oneline) ) ) ) end rule(:juniper_policy_options) do c( "satellite-policies" ( /* Satellite Policy configuration */ satellite_policy_options /* Satellite Policy configuration */ ), "prefix-list" arg ( /* Define a named set of address prefixes */ c( prefix_list_items, "apply-path" arg /* Apply IP prefixes from a configuration statement */ ) ), "mac-list" arg ( /* Define a named set of mac addresses */ c( mac_addr_list_items ) ), "vsi-policy" arg ( /* Define a named set of VSI policies */ c( "from" ( /* Conditions to match the VSI policy */ c( "vsi-manager" ( /* VSI manager */ s( arg, "vsi-type" arg /* VSI type */, "vsi-version" arg /* VSI version */, "vsi-instance" arg /* VSI instance */ ) ) ) ), "then" ( /* Actions to take if 'from' conditions match */ c( "filter" arg /* Filter name */ ) ) ) ), "skip-then-actions" /* Skip 'then' actions and allow route actions in 'from' */, "route-filter-list" arg ( /* Define a named set of route-filter address prefixes */ c( route_filter_list_items ) ), "source-address-filter-list" arg ( /* Define a named set of source address filter address prefixes */ c( source_address_filter_list_items ) ), "policy-statement" arg ( /* Routing policy */ c( "defaults" ( /* Policy default behaviour */ c( "route-filter" ( /* Set route filter behaviour */ sc( c( "no-walkup" /* Route filter walk up disable */, "walkup" /* Route filter walk up enable */ ) ) ).as(:oneline) ) ), "term" arg ( /* Policy term */ c( "from" ( /* Conditions to match the source of a route */ c( "instance" arg /* Routing protocol instance */, "instance-any" /* Any routing protocol instance */, "instance-list" arg /* A list of routing protocol instances */, "igp-instance" arg /* IGP instance */, "family" ( ("inet" | "inet-vpn" | "inet6" | "inet6-vpn" | "iso-vpn" | "iso" | "evpn" | "inet-mvpn" | "inet6-mvpn" | "inet-mdt" | "route-target" | "traffic-engineering" | "inet-srte" | "inet6-srte") ), "protocol" ( /* Protocol from which route was learned */ ("aggregate" | "bgp" | "direct" | "dvmrp" | "isis" | "esis" | "l-isis" | "l2circuit" | "l2vpn" | "local" | "ospf" | "ospf2" | "ospf3" | "l-ospf" | "pim" | "rip" | "ripng" | "static" | "arp" | "frr" | "mpls" | "ldp" | "rsvp" | "msdp" | "route-target" | "access" | "access-internal" | "anchor" | "bgp-static" | "vpls" | "evpn" | "spring-te" | "bgp-ls-epe" | "express-segments" | "rift" | "l2-learned-host-routing" | "srv6-isis") ), "rib" arg /* Routing table */, "neighbor" ( /* Neighboring router */ ipaddr /* Neighboring router */ ), "next-hop" ( /* Next-hop router */ ipaddr /* Next-hop router */ ), "interface" ( /* Interface name or address */ ipaddr_or_interface /* Interface name or address */ ), "area" ( /* OSPF area identifier */ areaid /* OSPF area identifier */ ), "as-path" arg /* Name of AS path regular expression (BGP only) */, "as-path-group" arg /* Name of AS path group (BGP only) */, "origin" ( /* BGP origin attribute */ ("igp" | "egp" | "incomplete") ), "community" arg /* BGP community */, "level" arg /* IS-IS level */, "external" ( /* External route */ c( "type" arg /* OSPF external metric type */ ) ), "bgp-srte-discriminator" arg /* Srte discriminator */, "srte-color" arg /* Srte color */, "programmed" /* API-programmed route */, "validation-database" ( /* Name to identify a validation-state */ ("valid" | "invalid" | "unknown") ), "nexthop-weight" ( /* Weight of the gateway */ s( c( "equal" arg /* Weight should be equal */, "greater-than" arg /* Weight should be greater than */, "less-than" arg /* Weight should be less than */, "greater-than-equal" arg /* Weight should be greater than or equal to */, "less-than-equal" arg /* Weight should be less than or equal to */ ), arg, c( "all-nexthop" /* All the gateway weight should be matched */ ) ) ), "metric" arg /* Metric value */, "metric2" arg /* Metric value 2 */, "metric3" arg /* Metric value 3 */, "metric4" arg /* Metric value 4 */, "tag" arg /* Tag string */, "tag2" arg /* Tag string 2 */, "preference" arg /* Preference value */, "preference2" arg /* Preference value 2 */, "color" arg /* Color (preference) value */, "color2" arg /* Color (preference) value 2 */, "local-preference" arg /* Local preference associated with a route */, "policy" ( /* Name of policy to evaluate */ policy_algebra /* Name of policy to evaluate */ ), c( "lsp" arg /* Label switched path name */, "lsp-regex" arg /* Label switched path name regular expression */ ), "source-routing-path" ( /* Spring-te lsp policy attributes */ sc( "name-regex" arg /* Spring-te lsp name regex */, "dest" ( /* Spring-te lsp IPV4/IPV6 destination without color */ ipaddr /* Spring-te lsp IPV4/IPV6 destination without color */ ), "origin" ( /* Spring-te lsp origin address */ ipaddr /* Spring-te lsp origin address */ ), "tunnel-source" ( /* Spring-te lsp source protocol */ ("pcep" | "bgp") ), "route-distinguisher" arg /* Spring-te lsp route distinguisher */, "color" arg /* Spring-te lsp color */ ) ).as(:oneline), "route-filter" ( /* List of routes to match */ control_route_filter_type /* List of routes to match */ ), "source-address-filter" ( /* List of source addresses to match */ control_source_address_filter_type /* List of source addresses to match */ ), "prefix-list" ( /* List of prefix-lists of routes to match */ control_prefix_list_type /* List of prefix-lists of routes to match */ ), "as-path-neighbors" ( /* List of peer AS to match */ control_as_list_type /* List of peer AS to match */ ), "as-path-origins" ( /* List of originating AS to match */ control_as_list_type /* List of originating AS to match */ ), "as-path-transits" ( /* List of originating AS to match */ control_as_list_type /* List of originating AS to match */ ), "prefix-list-filter" ( /* List of prefix-list-filters to match */ control_prefix_list_filter_type /* List of prefix-list-filters to match */ ), "rtf-prefix-list" ( /* List of rtf-prefix-lists of routes to match */ control_rtf_prefix_list_type /* List of rtf-prefix-lists of routes to match */ ), "route-filter-list" ( /* List of route-filter-lists of routes to match */ control_route_filter_list_type /* List of route-filter-lists of routes to match */ ), "source-address-filter-list" ( /* List of source-address-filter-lists of routes to match */ control_source_address_filter_list_type /* List of source-address-filter-lists of routes to match */ ), "multicast-scope" ( /* Multicast scope to match */ sc( c( "node-local" /* Node-local scope */, "link-local" /* Link-local scope */, "site-local" /* Site-local scope */, "organization-local" /* Organization-local scope */, "global" /* Global scope */, arg ), c( "orhigher" /* Match higher values */, "orlower" /* Match lower values */ ) ) ).as(:oneline), "aggregate-contributor" /* Match more specifics of an aggregate */, "state" ( /* Route state */ ("active" | "inactive") ), "tunnel-type" ( /* Tunnel type */ ("gre" | "udp" | "ipip") ), "route-type" ( /* Route type */ ("internal" | "external") ), "nlri-route-type" arg /* Route type from NLRI */, "evpn-tag" arg /* Tag in EVPN Route */, "evpn-esi" arg /* ESI in EVPN Route */, "mac-filter-list" ( /* List of mac-filter-list macs to match */ control_mac_address_filter_list_type /* List of mac-filter-list macs to match */ ), "evpn-mac-route" ( /* EVPN Mac Route type */ ("mac-only" | "mac-ipv4" | "mac-ipv6") ), "next-hop-type" ( /* Next-hop type */ ("merged") ), "condition" arg /* Condition to match on */, "community-count" ( /* Number of BGP communities */ community_count_type /* Number of BGP communities */ ), "as-path-unique-count" ( /* Number of unique BGP ASes excluding confederations */ as_path_unique_count_type /* Number of unique BGP ASes excluding confederations */ ), "as-path-calc-length" ( /* Number of BGP ASes excluding confederations */ as_path_calc_length_type /* Number of BGP ASes excluding confederations */ ), "traffic-engineering" ( /* Traffic-Engineering related parameters */ c( "protocol" ( /* Protocol that originated the entry */ ("direct" | "ospf" | "isis-level-1" | "isis-level-2" | "static" | "unknown") ), "node" ( /* Node-related parameters */ c( "as" arg /* AS number */, "node-type" ( /* Real or pseudo-node */ ("router" | "pseudo-node") ), "router-id" ( /* IP prefix to match the router-id against */ ipprefix /* IP prefix to match the router-id against */ ), "sys-id" ( /* ISO address of the node */ sysid /* ISO address of the node */ ) ) ), "ipv4-prefix" ( /* IPV4 prefix-related parameters */ c( "as" arg /* AS number */, "router-id" ( /* IP prefix to match the router-id against */ ipprefix /* IP prefix to match the router-id against */ ), "prefix" ( /* IP prefix to match against */ ipprefix /* IP prefix to match against */ ), "sys-id" ( /* ISO address of the node */ sysid /* ISO address of the node */ ) ) ), "link" ( /* Link-related parameters */ c( "from" ( /* Specify parameter of the 'from' side */ c( "as" arg /* AS number */, "router-id" ( /* IP prefix to match the router-id against */ ipprefix /* IP prefix to match the router-id against */ ), "sys-id" ( /* System-ID of the node */ sysid /* System-ID of the node */ ), "node-type" ( /* Type of the node */ ("router" | "pseudo-node") ), "link-address" ( /* IP prefix to match the link address against */ ipprefix /* IP prefix to match the link address against */ ) ) ), "to" ( /* Specify parameters of the 'to' side */ c( "as" arg /* AS number */, "router-id" ( /* IP prefix to match the router-id against */ ipprefix /* IP prefix to match the router-id against */ ), "sys-id" ( /* System-ID of the node */ sysid /* System-ID of the node */ ), "node-type" ( /* Type of the node */ ("router" | "pseudo-node") ), "link-address" ( /* IP prefix to match the link address against */ ipprefix /* IP prefix to match the link address against */ ) ) ) ) ) ) ), "route-distinguisher" arg /* Name of the route-distinguisher */ ) ), "to" ( /* Conditions to match the destination of a route */ c( "instance" arg /* Routing protocol instance */, "instance-any" /* Any routing protocol instance */, "instance-list" arg /* A list of routing protocol instances */, "igp-instance" arg /* IGP instance */, "family" ( ("inet" | "inet-vpn" | "inet6" | "inet6-vpn" | "iso-vpn" | "iso" | "evpn" | "inet-mvpn" | "inet6-mvpn" | "inet-mdt" | "route-target" | "traffic-engineering" | "inet-srte" | "inet6-srte") ), "protocol" ( /* Protocol from which route was learned */ ("aggregate" | "bgp" | "direct" | "dvmrp" | "isis" | "esis" | "l-isis" | "l2circuit" | "l2vpn" | "local" | "ospf" | "ospf2" | "ospf3" | "l-ospf" | "pim" | "rip" | "ripng" | "static" | "arp" | "frr" | "mpls" | "ldp" | "rsvp" | "msdp" | "route-target" | "access" | "access-internal" | "anchor" | "bgp-static" | "vpls" | "evpn" | "spring-te" | "bgp-ls-epe" | "express-segments" | "rift" | "l2-learned-host-routing" | "srv6-isis") ), "rib" arg /* Routing table */, "neighbor" ( /* Neighboring router */ ipaddr /* Neighboring router */ ), "next-hop" ( /* Next-hop router */ ipaddr /* Next-hop router */ ), "interface" ( /* Interface name or address */ ipaddr_or_interface /* Interface name or address */ ), "area" ( /* OSPF area identifier */ areaid /* OSPF area identifier */ ), "as-path" arg /* Name of AS path regular expression (BGP only) */, "as-path-group" arg /* Name of AS path group (BGP only) */, "origin" ( /* BGP origin attribute */ ("igp" | "egp" | "incomplete") ), "community" arg /* BGP community */, "level" arg /* IS-IS level */, "external" ( /* External route */ c( "type" arg /* OSPF external metric type */ ) ), "bgp-srte-discriminator" arg /* Srte discriminator */, "srte-color" arg /* Srte color */, "programmed" /* API-programmed route */, "validation-database" ( /* Name to identify a validation-state */ ("valid" | "invalid" | "unknown") ), "nexthop-weight" ( /* Weight of the gateway */ s( c( "equal" arg /* Weight should be equal */, "greater-than" arg /* Weight should be greater than */, "less-than" arg /* Weight should be less than */, "greater-than-equal" arg /* Weight should be greater than or equal to */, "less-than-equal" arg /* Weight should be less than or equal to */ ), arg, c( "all-nexthop" /* All the gateway weight should be matched */ ) ) ), "metric" arg /* Metric value */, "metric2" arg /* Metric value 2 */, "metric3" arg /* Metric value 3 */, "metric4" arg /* Metric value 4 */, "tag" arg /* Tag string */, "tag2" arg /* Tag string 2 */, "preference" arg /* Preference value */, "preference2" arg /* Preference value 2 */, "color" arg /* Color (preference) value */, "color2" arg /* Color (preference) value 2 */, "local-preference" arg /* Local preference associated with a route */, "policy" ( /* Name of policy to evaluate */ policy_algebra /* Name of policy to evaluate */ ), c( "lsp" arg /* Label switched path name */, "lsp-regex" arg /* Label switched path name regular expression */ ), "source-routing-path" ( /* Spring-te lsp policy attributes */ sc( "name-regex" arg /* Spring-te lsp name regex */, "dest" ( /* Spring-te lsp IPV4/IPV6 destination without color */ ipaddr /* Spring-te lsp IPV4/IPV6 destination without color */ ), "origin" ( /* Spring-te lsp origin address */ ipaddr /* Spring-te lsp origin address */ ), "tunnel-source" ( /* Spring-te lsp source protocol */ ("pcep" | "bgp") ), "route-distinguisher" arg /* Spring-te lsp route distinguisher */, "color" arg /* Spring-te lsp color */ ) ).as(:oneline) ) ), "then" ( /* Actions to take if 'from' and 'to' conditions match */ c( "metric" ( /* Metric value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */, "igp" ( /* Track the IGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "minimum-igp" ( /* Track the minimum IGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "expression" ( /* Calculate value based on route metric and metric2 */ metric_expression_type /* Calculate value based on route metric and metric2 */ ), "aigp" /* Use aigp, if it exists, to set the IGP metric */, "effective-aigp" ( /* Track the effective AIGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "minimum-effective-aigp" ( /* Track the minimum effective AIGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline) ) ) ), "metric2" ( /* Metric value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "metric3" ( /* Metric value 3 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "metric4" ( /* Metric value 4 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "tag" ( /* Tag string */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "tag2" ( /* Tag string 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "preference" ( /* Preference value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "preference2" ( /* Preference value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "color" ( /* Color (preference) value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "color2" ( /* Color (preference) value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "local-preference" ( /* Local preference associated with a route */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "priority" ( /* Set priority for route installation */ ("high" | "medium" | "low") ), "prefix-segment" ( /* Set prefix segment attributes */ c( "algorithm" arg ( /* Set prefix segment attributes for strict/flex algorithm */ sc( "index" arg /* Set prefix segment index id */, "node-segment" /* Set node segment flag for this prefix segment */ ) ).as(:oneline), "index" arg /* Set prefix segment index id */, "node-segment" /* Set node segment flag for default prefix segment */ ) ), "label-allocation" ( /* Set label allocation mode */ ("per-table" | "per-nexthop" | "per-table-localize") ), "add-path" ( /* Set BGP add-path attributes */ sc( "send-count" arg /* Number of add-paths sent */ ) ).as(:oneline), "validation-state" ( /* Set validation-state of a route */ ("valid" | "invalid" | "unknown") ), "origin" ( /* BGP path origin */ ("igp" | "egp" | "incomplete") ), "aigp-originate" ( /* Originate a BGP AIGP attribute */ sc( "distance" arg /* AIGP distance */ ) ).as(:oneline), "aigp-adjust" ( /* Adjust a BGP AIGP attribute */ sc( c( "add", "subtract", "multiply", "divide" ), c( arg /* Adjustment value */, "distance-to-protocol-nexthop" /* Metric2 */ ) ) ).as(:oneline), "community" ( /* BGP community properties associated with a route */ s( c( "equal-literal" arg /* Set the BGP communities in the route */, "set" arg /* Set the BGP communities in the route */, "plus-literal" arg /* Add BGP communities to the route */, "add" arg /* Add BGP communities to the route */, "minus-literal" arg /* Remove BGP communities from the route */, "delete" arg /* Remove BGP communities from the route */ ), arg ) ).as(:oneline), "tunnel-attribute" ( /* BGP tunnel attribute associated with a route */ s( c( "set" arg /* Set BGP tunnel attribute in the route */, "remove" arg /* Remove BGP tunnel attribute from the route */ ), arg ) ).as(:oneline), "damping" arg /* Define BGP route flap damping parameters */, "aggregate-bandwidth" /* Advertise aggregate outbound link bandwidth */, "limit-bandwidth" arg /* Limit advertised aggregate outbound link bandwidth */, "no-entropy-label-capability" /* Don't advertise entropy label capability */, "as-path-prepend" arg /* Prepend AS numbers to an AS path (BGP only) */, "as-path-expand" ( /* Prepend AS numbers prior to adding local-as (BGP only) */ sc( c( "last-as" ( /* Prepend last AS */ sc( "count" arg /* Repeat count */ ) ).as(:oneline), arg /* AS path string */ ) ) ).as(:oneline), "next-hop" ( /* Set the address of the next-hop router */ sc( c( "self" /* Use a local address as the next-hop address */, "peer-address" /* Use the remote peer address as the next-hop address */, "reject" /* Use a reject next hop */, "discard" /* Use a discard next hop */, "next-table" arg /* Perform a forwarding lookup in the specified table */, ipaddr /* Next-hop address */ ) ) ).as(:oneline), "install-nexthop" ( /* Choose the next hop to be used for forwarding */ sc( c( "strict" /* Do not use any other available next hops */, "strict-named-lsp" /* Do not use any other non-lsp next hops */ ), c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "fallback" ( /* Backup option */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ) ) ) ) ) ) ), "fallback" ( /* Backup option */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ) ) ) ) ) ) ).as(:oneline), "trace" /* Log matches to a trace file */, "external" ( /* External route */ c( "type" arg /* OSPF external metric type */, "nssa-only" /* Clear P-bit on lsa type 7 */ ) ), "load-balance" ( /* Type of load balancing in forwarding table */ sc( c( "per-packet" /* Load balance on a per-packet basis */, "random" /* Load balance using packet random spray */, "per-prefix" /* Load balance on a per-prefix basis */, "consistent-hash" /* Give a prefix consistent load-balancing */, "source-ip-only" /* Give a source based ip load-balancing */, "destination-ip-only" /* Give a destination based ip load-balancing */ ) ) ).as(:oneline), "no-route-localize" /* Force route install on all fib-remote PFEs */, "install-to-fib" /* Install route to fib */, "no-install-to-fib" /* Don't install route to fib */, "analyze" /* Send to registered controllers for analysis */, "class" arg /* Set class-of-service parameters */, "destination-class" arg /* Set destination class in forwarding table */, "source-class" arg /* Set source class in forwarding table */, "forwarding-class" arg /* Set source or destination class in forwarding table */, "map-to-interface" ( /* Set output logical interface */ sc( c( "self" /* Map the interface to itself */, interface_name /* Output logical interface */ ) ) ).as(:oneline), "ssm-source" ( /* List of Sources for SSM mapping */ ipaddr /* List of Sources for SSM mapping */ ), "p2mp-lsp-root" ( /* P2mp lsp root address */ c( "address" ( /* Ipv4 root address */ ipv4addr /* Ipv4 root address */ ) ) ), "cos-next-hop-map" arg /* Set CoS-based next-hop map in forwarding table */, "dynamic-tunnel-attributes" arg /* Choose the dynamic tunnel attributes used for forwarding */, "tunnel-end-point-address" ( /* Set tunnel end-point address of tunnel */ ipaddr /* Set tunnel end-point address of tunnel */ ), "selected-mldp-egress" /* This node should act as egress node for MLDP inband signalling */, "mhop-bfd-port" /* Use port number 4784 for MPLS-BFD as per RFC5884 */, "no-backup" /* This prefix should not have backup */, "default-action" ( /* Set default policy action */ ("accept" | "reject") ), "next" ( /* Skip to next policy or term */ ("policy" | "term") ), c( "accept" /* Accept a route */, "reject" /* Reject a route */ ), "bgp-output-queue-priority" ( /* Set the BGP Update output queue priority. */ sc( c( "priority" arg /* Output queue priority; higher is better */, "expedited" /* Expedited queue; highest priority */ ) ) ).as(:oneline), "multipath-resolve" /* Use all paths for resolution over this prefix */, "source-routing-path-template" arg /* Spring-te template to apply */, "label-allocation-fallback-reject" /* Suppress prefix export when label allocation fails */, "resolution-map" arg /* Set resolution map modes */, "ignore-service-label" /* Ignore service labels */, "request-long-lived-ack" /* Advertise route after forwarding is programmed */, "send-withdrawal-on-route-change" /* Withdraw route if change is not acked from forwarding */ ) ) ) ), "from" ( /* Conditions to match the source of a route */ c( "instance" arg /* Routing protocol instance */, "instance-any" /* Any routing protocol instance */, "instance-list" arg /* A list of routing protocol instances */, "igp-instance" arg /* IGP instance */, "family" ( ("inet" | "inet-vpn" | "inet6" | "inet6-vpn" | "iso-vpn" | "iso" | "evpn" | "inet-mvpn" | "inet6-mvpn" | "inet-mdt" | "route-target" | "traffic-engineering" | "inet-srte" | "inet6-srte") ), "protocol" ( /* Protocol from which route was learned */ ("aggregate" | "bgp" | "direct" | "dvmrp" | "isis" | "esis" | "l-isis" | "l2circuit" | "l2vpn" | "local" | "ospf" | "ospf2" | "ospf3" | "l-ospf" | "pim" | "rip" | "ripng" | "static" | "arp" | "frr" | "mpls" | "ldp" | "rsvp" | "msdp" | "route-target" | "access" | "access-internal" | "anchor" | "bgp-static" | "vpls" | "evpn" | "spring-te" | "bgp-ls-epe" | "express-segments" | "rift" | "l2-learned-host-routing" | "srv6-isis") ), "rib" arg /* Routing table */, "neighbor" ( /* Neighboring router */ ipaddr /* Neighboring router */ ), "next-hop" ( /* Next-hop router */ ipaddr /* Next-hop router */ ), "interface" ( /* Interface name or address */ ipaddr_or_interface /* Interface name or address */ ), "area" ( /* OSPF area identifier */ areaid /* OSPF area identifier */ ), "as-path" arg /* Name of AS path regular expression (BGP only) */, "as-path-group" arg /* Name of AS path group (BGP only) */, "origin" ( /* BGP origin attribute */ ("igp" | "egp" | "incomplete") ), "community" arg /* BGP community */, "level" arg /* IS-IS level */, "external" ( /* External route */ c( "type" arg /* OSPF external metric type */ ) ), "bgp-srte-discriminator" arg /* Srte discriminator */, "srte-color" arg /* Srte color */, "programmed" /* API-programmed route */, "validation-database" ( /* Name to identify a validation-state */ ("valid" | "invalid" | "unknown") ), "nexthop-weight" ( /* Weight of the gateway */ s( c( "equal" arg /* Weight should be equal */, "greater-than" arg /* Weight should be greater than */, "less-than" arg /* Weight should be less than */, "greater-than-equal" arg /* Weight should be greater than or equal to */, "less-than-equal" arg /* Weight should be less than or equal to */ ), arg, c( "all-nexthop" /* All the gateway weight should be matched */ ) ) ), "metric" arg /* Metric value */, "metric2" arg /* Metric value 2 */, "metric3" arg /* Metric value 3 */, "metric4" arg /* Metric value 4 */, "tag" arg /* Tag string */, "tag2" arg /* Tag string 2 */, "preference" arg /* Preference value */, "preference2" arg /* Preference value 2 */, "color" arg /* Color (preference) value */, "color2" arg /* Color (preference) value 2 */, "local-preference" arg /* Local preference associated with a route */, "policy" ( /* Name of policy to evaluate */ policy_algebra /* Name of policy to evaluate */ ), c( "lsp" arg /* Label switched path name */, "lsp-regex" arg /* Label switched path name regular expression */ ), "source-routing-path" ( /* Spring-te lsp policy attributes */ sc( "name-regex" arg /* Spring-te lsp name regex */, "dest" ( /* Spring-te lsp IPV4/IPV6 destination without color */ ipaddr /* Spring-te lsp IPV4/IPV6 destination without color */ ), "origin" ( /* Spring-te lsp origin address */ ipaddr /* Spring-te lsp origin address */ ), "tunnel-source" ( /* Spring-te lsp source protocol */ ("pcep" | "bgp") ), "route-distinguisher" arg /* Spring-te lsp route distinguisher */, "color" arg /* Spring-te lsp color */ ) ).as(:oneline), "route-filter" ( /* List of routes to match */ control_route_filter_type /* List of routes to match */ ), "source-address-filter" ( /* List of source addresses to match */ control_source_address_filter_type /* List of source addresses to match */ ), "prefix-list" ( /* List of prefix-lists of routes to match */ control_prefix_list_type /* List of prefix-lists of routes to match */ ), "as-path-neighbors" ( /* List of peer AS to match */ control_as_list_type /* List of peer AS to match */ ), "as-path-origins" ( /* List of originating AS to match */ control_as_list_type /* List of originating AS to match */ ), "as-path-transits" ( /* List of originating AS to match */ control_as_list_type /* List of originating AS to match */ ), "prefix-list-filter" ( /* List of prefix-list-filters to match */ control_prefix_list_filter_type /* List of prefix-list-filters to match */ ), "rtf-prefix-list" ( /* List of rtf-prefix-lists of routes to match */ control_rtf_prefix_list_type /* List of rtf-prefix-lists of routes to match */ ), "route-filter-list" ( /* List of route-filter-lists of routes to match */ control_route_filter_list_type /* List of route-filter-lists of routes to match */ ), "source-address-filter-list" ( /* List of source-address-filter-lists of routes to match */ control_source_address_filter_list_type /* List of source-address-filter-lists of routes to match */ ), "multicast-scope" ( /* Multicast scope to match */ sc( c( "node-local" /* Node-local scope */, "link-local" /* Link-local scope */, "site-local" /* Site-local scope */, "organization-local" /* Organization-local scope */, "global" /* Global scope */, arg ), c( "orhigher" /* Match higher values */, "orlower" /* Match lower values */ ) ) ).as(:oneline), "aggregate-contributor" /* Match more specifics of an aggregate */, "state" ( /* Route state */ ("active" | "inactive") ), "tunnel-type" ( /* Tunnel type */ ("gre" | "udp" | "ipip") ), "route-type" ( /* Route type */ ("internal" | "external") ), "nlri-route-type" arg /* Route type from NLRI */, "evpn-tag" arg /* Tag in EVPN Route */, "evpn-esi" arg /* ESI in EVPN Route */, "mac-filter-list" ( /* List of mac-filter-list macs to match */ control_mac_address_filter_list_type /* List of mac-filter-list macs to match */ ), "evpn-mac-route" ( /* EVPN Mac Route type */ ("mac-only" | "mac-ipv4" | "mac-ipv6") ), "next-hop-type" ( /* Next-hop type */ ("merged") ), "condition" arg /* Condition to match on */, "community-count" ( /* Number of BGP communities */ community_count_type /* Number of BGP communities */ ), "as-path-unique-count" ( /* Number of unique BGP ASes excluding confederations */ as_path_unique_count_type /* Number of unique BGP ASes excluding confederations */ ), "as-path-calc-length" ( /* Number of BGP ASes excluding confederations */ as_path_calc_length_type /* Number of BGP ASes excluding confederations */ ), "traffic-engineering" ( /* Traffic-Engineering related parameters */ c( "protocol" ( /* Protocol that originated the entry */ ("direct" | "ospf" | "isis-level-1" | "isis-level-2" | "static" | "unknown") ), "node" ( /* Node-related parameters */ c( "as" arg /* AS number */, "node-type" ( /* Real or pseudo-node */ ("router" | "pseudo-node") ), "router-id" ( /* IP prefix to match the router-id against */ ipprefix /* IP prefix to match the router-id against */ ), "sys-id" ( /* ISO address of the node */ sysid /* ISO address of the node */ ) ) ), "ipv4-prefix" ( /* IPV4 prefix-related parameters */ c( "as" arg /* AS number */, "router-id" ( /* IP prefix to match the router-id against */ ipprefix /* IP prefix to match the router-id against */ ), "prefix" ( /* IP prefix to match against */ ipprefix /* IP prefix to match against */ ), "sys-id" ( /* ISO address of the node */ sysid /* ISO address of the node */ ) ) ), "link" ( /* Link-related parameters */ c( "from" ( /* Specify parameter of the 'from' side */ c( "as" arg /* AS number */, "router-id" ( /* IP prefix to match the router-id against */ ipprefix /* IP prefix to match the router-id against */ ), "sys-id" ( /* System-ID of the node */ sysid /* System-ID of the node */ ), "node-type" ( /* Type of the node */ ("router" | "pseudo-node") ), "link-address" ( /* IP prefix to match the link address against */ ipprefix /* IP prefix to match the link address against */ ) ) ), "to" ( /* Specify parameters of the 'to' side */ c( "as" arg /* AS number */, "router-id" ( /* IP prefix to match the router-id against */ ipprefix /* IP prefix to match the router-id against */ ), "sys-id" ( /* System-ID of the node */ sysid /* System-ID of the node */ ), "node-type" ( /* Type of the node */ ("router" | "pseudo-node") ), "link-address" ( /* IP prefix to match the link address against */ ipprefix /* IP prefix to match the link address against */ ) ) ) ) ) ) ), "route-distinguisher" arg /* Name of the route-distinguisher */ ) ), "to" ( /* Conditions to match the destination of a route */ c( "instance" arg /* Routing protocol instance */, "instance-any" /* Any routing protocol instance */, "instance-list" arg /* A list of routing protocol instances */, "igp-instance" arg /* IGP instance */, "family" ( ("inet" | "inet-vpn" | "inet6" | "inet6-vpn" | "iso-vpn" | "iso" | "evpn" | "inet-mvpn" | "inet6-mvpn" | "inet-mdt" | "route-target" | "traffic-engineering" | "inet-srte" | "inet6-srte") ), "protocol" ( /* Protocol from which route was learned */ ("aggregate" | "bgp" | "direct" | "dvmrp" | "isis" | "esis" | "l-isis" | "l2circuit" | "l2vpn" | "local" | "ospf" | "ospf2" | "ospf3" | "l-ospf" | "pim" | "rip" | "ripng" | "static" | "arp" | "frr" | "mpls" | "ldp" | "rsvp" | "msdp" | "route-target" | "access" | "access-internal" | "anchor" | "bgp-static" | "vpls" | "evpn" | "spring-te" | "bgp-ls-epe" | "express-segments" | "rift" | "l2-learned-host-routing" | "srv6-isis") ), "rib" arg /* Routing table */, "neighbor" ( /* Neighboring router */ ipaddr /* Neighboring router */ ), "next-hop" ( /* Next-hop router */ ipaddr /* Next-hop router */ ), "interface" ( /* Interface name or address */ ipaddr_or_interface /* Interface name or address */ ), "area" ( /* OSPF area identifier */ areaid /* OSPF area identifier */ ), "as-path" arg /* Name of AS path regular expression (BGP only) */, "as-path-group" arg /* Name of AS path group (BGP only) */, "origin" ( /* BGP origin attribute */ ("igp" | "egp" | "incomplete") ), "community" arg /* BGP community */, "level" arg /* IS-IS level */, "external" ( /* External route */ c( "type" arg /* OSPF external metric type */ ) ), "bgp-srte-discriminator" arg /* Srte discriminator */, "srte-color" arg /* Srte color */, "programmed" /* API-programmed route */, "validation-database" ( /* Name to identify a validation-state */ ("valid" | "invalid" | "unknown") ), "nexthop-weight" ( /* Weight of the gateway */ s( c( "equal" arg /* Weight should be equal */, "greater-than" arg /* Weight should be greater than */, "less-than" arg /* Weight should be less than */, "greater-than-equal" arg /* Weight should be greater than or equal to */, "less-than-equal" arg /* Weight should be less than or equal to */ ), arg, c( "all-nexthop" /* All the gateway weight should be matched */ ) ) ), "metric" arg /* Metric value */, "metric2" arg /* Metric value 2 */, "metric3" arg /* Metric value 3 */, "metric4" arg /* Metric value 4 */, "tag" arg /* Tag string */, "tag2" arg /* Tag string 2 */, "preference" arg /* Preference value */, "preference2" arg /* Preference value 2 */, "color" arg /* Color (preference) value */, "color2" arg /* Color (preference) value 2 */, "local-preference" arg /* Local preference associated with a route */, "policy" ( /* Name of policy to evaluate */ policy_algebra /* Name of policy to evaluate */ ), c( "lsp" arg /* Label switched path name */, "lsp-regex" arg /* Label switched path name regular expression */ ), "source-routing-path" ( /* Spring-te lsp policy attributes */ sc( "name-regex" arg /* Spring-te lsp name regex */, "dest" ( /* Spring-te lsp IPV4/IPV6 destination without color */ ipaddr /* Spring-te lsp IPV4/IPV6 destination without color */ ), "origin" ( /* Spring-te lsp origin address */ ipaddr /* Spring-te lsp origin address */ ), "tunnel-source" ( /* Spring-te lsp source protocol */ ("pcep" | "bgp") ), "route-distinguisher" arg /* Spring-te lsp route distinguisher */, "color" arg /* Spring-te lsp color */ ) ).as(:oneline) ) ), "then" ( /* Actions to take if 'from' and 'to' conditions match */ c( "metric" ( /* Metric value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */, "igp" ( /* Track the IGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "minimum-igp" ( /* Track the minimum IGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "expression" ( /* Calculate value based on route metric and metric2 */ metric_expression_type /* Calculate value based on route metric and metric2 */ ), "aigp" /* Use aigp, if it exists, to set the IGP metric */, "effective-aigp" ( /* Track the effective AIGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "minimum-effective-aigp" ( /* Track the minimum effective AIGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline) ) ) ), "metric2" ( /* Metric value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "metric3" ( /* Metric value 3 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "metric4" ( /* Metric value 4 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "tag" ( /* Tag string */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "tag2" ( /* Tag string 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "preference" ( /* Preference value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "preference2" ( /* Preference value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "color" ( /* Color (preference) value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "color2" ( /* Color (preference) value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "local-preference" ( /* Local preference associated with a route */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "priority" ( /* Set priority for route installation */ ("high" | "medium" | "low") ), "prefix-segment" ( /* Set prefix segment attributes */ c( "algorithm" arg ( /* Set prefix segment attributes for strict/flex algorithm */ sc( "index" arg /* Set prefix segment index id */, "node-segment" /* Set node segment flag for this prefix segment */ ) ).as(:oneline), "index" arg /* Set prefix segment index id */, "node-segment" /* Set node segment flag for default prefix segment */ ) ), "label-allocation" ( /* Set label allocation mode */ ("per-table" | "per-nexthop" | "per-table-localize") ), "add-path" ( /* Set BGP add-path attributes */ sc( "send-count" arg /* Number of add-paths sent */ ) ).as(:oneline), "validation-state" ( /* Set validation-state of a route */ ("valid" | "invalid" | "unknown") ), "origin" ( /* BGP path origin */ ("igp" | "egp" | "incomplete") ), "aigp-originate" ( /* Originate a BGP AIGP attribute */ sc( "distance" arg /* AIGP distance */ ) ).as(:oneline), "aigp-adjust" ( /* Adjust a BGP AIGP attribute */ sc( c( "add", "subtract", "multiply", "divide" ), c( arg /* Adjustment value */, "distance-to-protocol-nexthop" /* Metric2 */ ) ) ).as(:oneline), "community" ( /* BGP community properties associated with a route */ s( c( "equal-literal" arg /* Set the BGP communities in the route */, "set" arg /* Set the BGP communities in the route */, "plus-literal" arg /* Add BGP communities to the route */, "add" arg /* Add BGP communities to the route */, "minus-literal" arg /* Remove BGP communities from the route */, "delete" arg /* Remove BGP communities from the route */ ), arg ) ).as(:oneline), "tunnel-attribute" ( /* BGP tunnel attribute associated with a route */ s( c( "set" arg /* Set BGP tunnel attribute in the route */, "remove" arg /* Remove BGP tunnel attribute from the route */ ), arg ) ).as(:oneline), "damping" arg /* Define BGP route flap damping parameters */, "aggregate-bandwidth" /* Advertise aggregate outbound link bandwidth */, "limit-bandwidth" arg /* Limit advertised aggregate outbound link bandwidth */, "no-entropy-label-capability" /* Don't advertise entropy label capability */, "as-path-prepend" arg /* Prepend AS numbers to an AS path (BGP only) */, "as-path-expand" ( /* Prepend AS numbers prior to adding local-as (BGP only) */ sc( c( "last-as" ( /* Prepend last AS */ sc( "count" arg /* Repeat count */ ) ).as(:oneline), arg /* AS path string */ ) ) ).as(:oneline), "next-hop" ( /* Set the address of the next-hop router */ sc( c( "self" /* Use a local address as the next-hop address */, "peer-address" /* Use the remote peer address as the next-hop address */, "reject" /* Use a reject next hop */, "discard" /* Use a discard next hop */, "next-table" arg /* Perform a forwarding lookup in the specified table */, ipaddr /* Next-hop address */ ) ) ).as(:oneline), "install-nexthop" ( /* Choose the next hop to be used for forwarding */ sc( c( "strict" /* Do not use any other available next hops */, "strict-named-lsp" /* Do not use any other non-lsp next hops */ ), c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "fallback" ( /* Backup option */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ) ) ) ) ) ) ), "fallback" ( /* Backup option */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ) ) ) ) ) ) ).as(:oneline), "trace" /* Log matches to a trace file */, "external" ( /* External route */ c( "type" arg /* OSPF external metric type */, "nssa-only" /* Clear P-bit on lsa type 7 */ ) ), "load-balance" ( /* Type of load balancing in forwarding table */ sc( c( "per-packet" /* Load balance on a per-packet basis */, "random" /* Load balance using packet random spray */, "per-prefix" /* Load balance on a per-prefix basis */, "consistent-hash" /* Give a prefix consistent load-balancing */, "source-ip-only" /* Give a source based ip load-balancing */, "destination-ip-only" /* Give a destination based ip load-balancing */ ) ) ).as(:oneline), "no-route-localize" /* Force route install on all fib-remote PFEs */, "install-to-fib" /* Install route to fib */, "no-install-to-fib" /* Don't install route to fib */, "analyze" /* Send to registered controllers for analysis */, "class" arg /* Set class-of-service parameters */, "destination-class" arg /* Set destination class in forwarding table */, "source-class" arg /* Set source class in forwarding table */, "forwarding-class" arg /* Set source or destination class in forwarding table */, "map-to-interface" ( /* Set output logical interface */ sc( c( "self" /* Map the interface to itself */, interface_name /* Output logical interface */ ) ) ).as(:oneline), "ssm-source" ( /* List of Sources for SSM mapping */ ipaddr /* List of Sources for SSM mapping */ ), "p2mp-lsp-root" ( /* P2mp lsp root address */ c( "address" ( /* Ipv4 root address */ ipv4addr /* Ipv4 root address */ ) ) ), "cos-next-hop-map" arg /* Set CoS-based next-hop map in forwarding table */, "dynamic-tunnel-attributes" arg /* Choose the dynamic tunnel attributes used for forwarding */, "tunnel-end-point-address" ( /* Set tunnel end-point address of tunnel */ ipaddr /* Set tunnel end-point address of tunnel */ ), "selected-mldp-egress" /* This node should act as egress node for MLDP inband signalling */, "mhop-bfd-port" /* Use port number 4784 for MPLS-BFD as per RFC5884 */, "no-backup" /* This prefix should not have backup */, "default-action" ( /* Set default policy action */ ("accept" | "reject") ), "next" ( /* Skip to next policy or term */ ("policy" | "term") ), c( "accept" /* Accept a route */, "reject" /* Reject a route */ ), "bgp-output-queue-priority" ( /* Set the BGP Update output queue priority. */ sc( c( "priority" arg /* Output queue priority; higher is better */, "expedited" /* Expedited queue; highest priority */ ) ) ).as(:oneline), "multipath-resolve" /* Use all paths for resolution over this prefix */, "source-routing-path-template" arg /* Spring-te template to apply */, "label-allocation-fallback-reject" /* Suppress prefix export when label allocation fails */, "resolution-map" arg /* Set resolution map modes */, "ignore-service-label" /* Ignore service labels */, "request-long-lived-ack" /* Advertise route after forwarding is programmed */, "send-withdrawal-on-route-change" /* Withdraw route if change is not acked from forwarding */ ) ) ) ), "defaults" ( /* Policy default behaviour */ c( "route-filter" ( /* Set route filter behaviour */ sc( "walkup" /* Route filter walk up enable */ ) ).as(:oneline) ) ), "tunnel-attribute" arg ( /* BGP tunnel attributes definition */ c( "tunnel-type" ( /* Tunnel type */ ("ipip") ), "tunnel-color" arg /* Tunnel color */, "remote-end-point" ( /* Tunnel remote end point */ ipaddr /* Tunnel remote end point */ ) ) ), "community" arg ( /* BGP community information */ c( "invert-match" /* Invert the result of the community expression matching */, "members" arg /* Community members */ ) ), "as-list" arg ( /* BGP as range list information */ c( "members" arg /* Single autonomous system number or range of autonomous system numbers in plain number */ ) ), "as-list-group" arg ( /* Group a set of as-list */ c( "as-list" arg ( /* BGP as range list information */ c( "members" arg /* Single autonomous system number or range of autonomous system numbers */ ) ) ) ), "route-distinguisher" arg ( /* Route-distinguisher information */ c( "members" arg /* Route distinguisher string in ( *:X ) or ( Y:* ) or (X:Y) format */ ) ), "as-path" arg ( /* BGP autonomous system path regular expression */ c( arg /* AS path regular expression */ ) ), "as-path-group" arg ( /* Group a set of AS paths */ c( "as-path" arg ( /* BGP autonomous system path regular expression */ sc( arg /* AS path regular expression */ ) ).as(:oneline) ) ), "damping" arg ( /* BGP route flap damping properties */ c( ("disable"), "half-life" arg /* Decay half-life */, "reuse" arg /* Reuse threshold (figure-of-merit value) */, "suppress" arg /* Cutoff threshold (figure-of-merit value) */, "max-suppress" arg /* Maximum hold-down time */ ) ), "condition" arg ( /* Define a route advertisement condition */ c( c( "route-active-on" ( /* Route is active on a specific node */ ("node0" | "node1") ), "if-route-exists" ( /* Route exists in a specific routing table */ c( "address-family" ( /* Indicates the address family of the route to match on */ c( c( "inet" ( /* Route to match corresponds to an inet/inet6 prefix */ c( "table" arg /* Routing table in which route should exist */, ipprefix /* Exact address of the route */ ) ), "ccc" ( /* Route to match corresponds to a ccc prefix */ c( interface_name /* Logical interface used to establish ccc route */, "table" arg /* Routing table in which route should exist */, "standby" /* Indicates if route must be in standby state to be considered a match */, "peer-unit" arg /* Associated LT ifl's peer-unit. Required for LT-based routes */ ) ) ) ) ), "table" arg /* Routing table in which route should exist */, ipprefix /* Exact address of the route */ ) ) ) ) ), "rtf-prefix-list" arg ( /* Define a named set of family route target prefixes */ c( rtf_prefix_list_items ) ), "resolution-map" arg ( /* Define a set of PNH resolution modes */ c( "mode" ( /* List of resolution modes in order that defines fallback mechanism */ ("ip-color" | "color-only") ) ) ), "application-maps" ( /* Define application maps */ application_map_object /* Define application maps */ ), "redundancy-policy" arg ( c( "redundancy-events" arg /* Events related services redundancy under event-options */, "then" ( /* Action to take when of the event occurs */ srd_ev_action_object /* Action to take when of the event occurs */ ) ) ) ) end rule(:application_map_object) do arg.as(:arg) ( c( "application" arg ( /* Name of the application */ sc( "code-points" arg /* List of code point bit strings */ ) ).as(:oneline) ) ) end rule(:as_path_calc_length_type) do arg.as(:arg) ( c( c( "equal" /* Match equal values */, "orhigher" /* Match higher or equal values */, "orlower" /* Match lower or equal values */ ) ) ).as(:oneline) end rule(:as_path_unique_count_type) do arg.as(:arg) ( c( c( "equal" /* Match equal values */, "orhigher" /* Match higher or equal values */, "orlower" /* Match lower or equal values */ ) ) ).as(:oneline) end rule(:community_count_type) do arg.as(:arg) ( c( c( "equal" /* Match equal values */, "orhigher" /* Match higher or equal values */, "orlower" /* Match lower or equal values */ ) ) ).as(:oneline) end rule(:control_as_list_type) do s( enum(("as-list" | "as-list-group")), arg ) end rule(:control_mac_address_filter_list_type) do arg.as(:arg) end rule(:control_prefix_list_filter_type) do s( arg, c( "exact" arg /* Exactly match the prefix length */, "longer" arg /* Mask is greater than the prefix length */, "orlonger" arg /* Mask is greater than or equal to the prefix length */ ), c( "metric" ( /* Metric value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */, "igp" ( /* Track the IGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "minimum-igp" ( /* Track the minimum IGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "expression" ( /* Calculate value based on route metric and metric2 */ metric_expression_type /* Calculate value based on route metric and metric2 */ ), "aigp" /* Use aigp, if it exists, to set the IGP metric */, "effective-aigp" ( /* Track the effective AIGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "minimum-effective-aigp" ( /* Track the minimum effective AIGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline) ) ) ), "metric2" ( /* Metric value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "metric3" ( /* Metric value 3 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "metric4" ( /* Metric value 4 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "tag" ( /* Tag string */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "tag2" ( /* Tag string 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "preference" ( /* Preference value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "preference2" ( /* Preference value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "color" ( /* Color (preference) value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "color2" ( /* Color (preference) value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "local-preference" ( /* Local preference associated with a route */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "priority" ( /* Set priority for route installation */ ("high" | "medium" | "low") ), "prefix-segment" ( /* Set prefix segment attributes */ c( "algorithm" arg ( /* Set prefix segment attributes for strict/flex algorithm */ sc( "index" arg /* Set prefix segment index id */, "node-segment" /* Set node segment flag for this prefix segment */ ) ).as(:oneline), "index" arg /* Set prefix segment index id */, "node-segment" /* Set node segment flag for default prefix segment */ ) ), "label-allocation" ( /* Set label allocation mode */ ("per-table" | "per-nexthop" | "per-table-localize") ), "add-path" ( /* Set BGP add-path attributes */ sc( "send-count" arg /* Number of add-paths sent */ ) ).as(:oneline), "validation-state" ( /* Set validation-state of a route */ ("valid" | "invalid" | "unknown") ), "origin" ( /* BGP path origin */ ("igp" | "egp" | "incomplete") ), "aigp-originate" ( /* Originate a BGP AIGP attribute */ sc( "distance" arg /* AIGP distance */ ) ).as(:oneline), "aigp-adjust" ( /* Adjust a BGP AIGP attribute */ sc( c( "add", "subtract", "multiply", "divide" ), c( arg /* Adjustment value */, "distance-to-protocol-nexthop" /* Metric2 */ ) ) ).as(:oneline), "community" ( /* BGP community properties associated with a route */ s( c( "equal-literal" arg /* Set the BGP communities in the route */, "set" arg /* Set the BGP communities in the route */, "plus-literal" arg /* Add BGP communities to the route */, "add" arg /* Add BGP communities to the route */, "minus-literal" arg /* Remove BGP communities from the route */, "delete" arg /* Remove BGP communities from the route */ ), arg ) ).as(:oneline), "tunnel-attribute" ( /* BGP tunnel attribute associated with a route */ s( c( "set" arg /* Set BGP tunnel attribute in the route */, "remove" arg /* Remove BGP tunnel attribute from the route */ ), arg ) ).as(:oneline), "damping" arg /* Define BGP route flap damping parameters */, "aggregate-bandwidth" /* Advertise aggregate outbound link bandwidth */, "limit-bandwidth" arg /* Limit advertised aggregate outbound link bandwidth */, "no-entropy-label-capability" /* Don't advertise entropy label capability */, "as-path-prepend" arg /* Prepend AS numbers to an AS path (BGP only) */, "as-path-expand" ( /* Prepend AS numbers prior to adding local-as (BGP only) */ sc( c( "last-as" ( /* Prepend last AS */ sc( "count" arg /* Repeat count */ ) ).as(:oneline), arg /* AS path string */ ) ) ).as(:oneline), "next-hop" ( /* Set the address of the next-hop router */ sc( c( "self" /* Use a local address as the next-hop address */, "peer-address" /* Use the remote peer address as the next-hop address */, "reject" /* Use a reject next hop */, "discard" /* Use a discard next hop */, "next-table" arg /* Perform a forwarding lookup in the specified table */, ipaddr /* Next-hop address */ ) ) ).as(:oneline), "install-nexthop" ( /* Choose the next hop to be used for forwarding */ sc( c( "strict" /* Do not use any other available next hops */, "strict-named-lsp" /* Do not use any other non-lsp next hops */ ), c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "fallback" ( /* Backup option */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ) ) ) ) ) ) ), "fallback" ( /* Backup option */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ) ) ) ) ) ) ).as(:oneline), "trace" /* Log matches to a trace file */, "external" ( /* External route */ c( "type" arg /* OSPF external metric type */, "nssa-only" /* Clear P-bit on lsa type 7 */ ) ), "load-balance" ( /* Type of load balancing in forwarding table */ sc( c( "per-packet" /* Load balance on a per-packet basis */, "random" /* Load balance using packet random spray */, "per-prefix" /* Load balance on a per-prefix basis */, "consistent-hash" /* Give a prefix consistent load-balancing */, "source-ip-only" /* Give a source based ip load-balancing */, "destination-ip-only" /* Give a destination based ip load-balancing */ ) ) ).as(:oneline), "no-route-localize" /* Force route install on all fib-remote PFEs */, "install-to-fib" /* Install route to fib */, "no-install-to-fib" /* Don't install route to fib */, "analyze" /* Send to registered controllers for analysis */, "class" arg /* Set class-of-service parameters */, "destination-class" arg /* Set destination class in forwarding table */, "source-class" arg /* Set source class in forwarding table */, "forwarding-class" arg /* Set source or destination class in forwarding table */, "map-to-interface" ( /* Set output logical interface */ sc( c( "self" /* Map the interface to itself */, interface_name /* Output logical interface */ ) ) ).as(:oneline), "ssm-source" ( /* List of Sources for SSM mapping */ ipaddr /* List of Sources for SSM mapping */ ), "p2mp-lsp-root" ( /* P2mp lsp root address */ c( "address" ( /* Ipv4 root address */ ipv4addr /* Ipv4 root address */ ) ) ), "cos-next-hop-map" arg /* Set CoS-based next-hop map in forwarding table */, "dynamic-tunnel-attributes" arg /* Choose the dynamic tunnel attributes used for forwarding */, "tunnel-end-point-address" ( /* Set tunnel end-point address of tunnel */ ipaddr /* Set tunnel end-point address of tunnel */ ), "selected-mldp-egress" /* This node should act as egress node for MLDP inband signalling */, "mhop-bfd-port" /* Use port number 4784 for MPLS-BFD as per RFC5884 */, "no-backup" /* This prefix should not have backup */, "default-action" ( /* Set default policy action */ ("accept" | "reject") ), "next" ( /* Skip to next policy or term */ ("policy" | "term") ), c( "accept" /* Accept a route */, "reject" /* Reject a route */ ), "bgp-output-queue-priority" ( /* Set the BGP Update output queue priority. */ sc( c( "priority" arg /* Output queue priority; higher is better */, "expedited" /* Expedited queue; highest priority */ ) ) ).as(:oneline), "multipath-resolve" /* Use all paths for resolution over this prefix */, "source-routing-path-template" arg /* Spring-te template to apply */, "label-allocation-fallback-reject" /* Suppress prefix export when label allocation fails */, "resolution-map" arg /* Set resolution map modes */, "ignore-service-label" /* Ignore service labels */, "request-long-lived-ack" /* Advertise route after forwarding is programmed */, "send-withdrawal-on-route-change" /* Withdraw route if change is not acked from forwarding */ ) ) end rule(:control_prefix_list_type) do arg.as(:arg) end rule(:control_route_filter_list_type) do arg.as(:arg) ( c( c( "exact" /* Exactly match the prefix length */, "longer" /* Mask is greater than the prefix length */, "orlonger" /* Mask is greater than or equal to the prefix length */, "upto" arg /* Mask falls between two prefix lengths */, "prefix-length-range" arg /* Mask falls between two prefix lengths */ ), "metric" ( /* Metric value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */, "igp" ( /* Track the IGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "minimum-igp" ( /* Track the minimum IGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "expression" ( /* Calculate value based on route metric and metric2 */ metric_expression_type /* Calculate value based on route metric and metric2 */ ), "aigp" /* Use aigp, if it exists, to set the IGP metric */, "effective-aigp" ( /* Track the effective AIGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "minimum-effective-aigp" ( /* Track the minimum effective AIGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline) ) ) ), "metric2" ( /* Metric value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "metric3" ( /* Metric value 3 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "metric4" ( /* Metric value 4 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "tag" ( /* Tag string */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "tag2" ( /* Tag string 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "preference" ( /* Preference value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "preference2" ( /* Preference value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "color" ( /* Color (preference) value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "color2" ( /* Color (preference) value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "local-preference" ( /* Local preference associated with a route */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "priority" ( /* Set priority for route installation */ ("high" | "medium" | "low") ), "prefix-segment" ( /* Set prefix segment attributes */ c( "algorithm" arg ( /* Set prefix segment attributes for strict/flex algorithm */ sc( "index" arg /* Set prefix segment index id */, "node-segment" /* Set node segment flag for this prefix segment */ ) ).as(:oneline), "index" arg /* Set prefix segment index id */, "node-segment" /* Set node segment flag for default prefix segment */ ) ), "label-allocation" ( /* Set label allocation mode */ ("per-table" | "per-nexthop" | "per-table-localize") ), "add-path" ( /* Set BGP add-path attributes */ sc( "send-count" arg /* Number of add-paths sent */ ) ).as(:oneline), "validation-state" ( /* Set validation-state of a route */ ("valid" | "invalid" | "unknown") ), "origin" ( /* BGP path origin */ ("igp" | "egp" | "incomplete") ), "aigp-originate" ( /* Originate a BGP AIGP attribute */ sc( "distance" arg /* AIGP distance */ ) ).as(:oneline), "aigp-adjust" ( /* Adjust a BGP AIGP attribute */ sc( c( "add", "subtract", "multiply", "divide" ), c( arg /* Adjustment value */, "distance-to-protocol-nexthop" /* Metric2 */ ) ) ).as(:oneline), "community" ( /* BGP community properties associated with a route */ s( c( "equal-literal" arg /* Set the BGP communities in the route */, "set" arg /* Set the BGP communities in the route */, "plus-literal" arg /* Add BGP communities to the route */, "add" arg /* Add BGP communities to the route */, "minus-literal" arg /* Remove BGP communities from the route */, "delete" arg /* Remove BGP communities from the route */ ), arg ) ).as(:oneline), "tunnel-attribute" ( /* BGP tunnel attribute associated with a route */ s( c( "set" arg /* Set BGP tunnel attribute in the route */, "remove" arg /* Remove BGP tunnel attribute from the route */ ), arg ) ).as(:oneline), "damping" arg /* Define BGP route flap damping parameters */, "aggregate-bandwidth" /* Advertise aggregate outbound link bandwidth */, "limit-bandwidth" arg /* Limit advertised aggregate outbound link bandwidth */, "no-entropy-label-capability" /* Don't advertise entropy label capability */, "as-path-prepend" arg /* Prepend AS numbers to an AS path (BGP only) */, "as-path-expand" ( /* Prepend AS numbers prior to adding local-as (BGP only) */ sc( c( "last-as" ( /* Prepend last AS */ sc( "count" arg /* Repeat count */ ) ).as(:oneline), arg /* AS path string */ ) ) ).as(:oneline), "next-hop" ( /* Set the address of the next-hop router */ sc( c( "self" /* Use a local address as the next-hop address */, "peer-address" /* Use the remote peer address as the next-hop address */, "reject" /* Use a reject next hop */, "discard" /* Use a discard next hop */, "next-table" arg /* Perform a forwarding lookup in the specified table */, ipaddr /* Next-hop address */ ) ) ).as(:oneline), "install-nexthop" ( /* Choose the next hop to be used for forwarding */ sc( c( "strict" /* Do not use any other available next hops */, "strict-named-lsp" /* Do not use any other non-lsp next hops */ ), c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "fallback" ( /* Backup option */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ) ) ) ) ) ) ), "fallback" ( /* Backup option */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ) ) ) ) ) ) ).as(:oneline), "trace" /* Log matches to a trace file */, "external" ( /* External route */ c( "type" arg /* OSPF external metric type */, "nssa-only" /* Clear P-bit on lsa type 7 */ ) ), "load-balance" ( /* Type of load balancing in forwarding table */ sc( c( "per-packet" /* Load balance on a per-packet basis */, "random" /* Load balance using packet random spray */, "per-prefix" /* Load balance on a per-prefix basis */, "consistent-hash" /* Give a prefix consistent load-balancing */, "source-ip-only" /* Give a source based ip load-balancing */, "destination-ip-only" /* Give a destination based ip load-balancing */ ) ) ).as(:oneline), "no-route-localize" /* Force route install on all fib-remote PFEs */, "install-to-fib" /* Install route to fib */, "no-install-to-fib" /* Don't install route to fib */, "analyze" /* Send to registered controllers for analysis */, "class" arg /* Set class-of-service parameters */, "destination-class" arg /* Set destination class in forwarding table */, "source-class" arg /* Set source class in forwarding table */, "forwarding-class" arg /* Set source or destination class in forwarding table */, "map-to-interface" ( /* Set output logical interface */ sc( c( "self" /* Map the interface to itself */, interface_name /* Output logical interface */ ) ) ).as(:oneline), "ssm-source" ( /* List of Sources for SSM mapping */ ipaddr /* List of Sources for SSM mapping */ ), "p2mp-lsp-root" ( /* P2mp lsp root address */ c( "address" ( /* Ipv4 root address */ ipv4addr /* Ipv4 root address */ ) ) ), "cos-next-hop-map" arg /* Set CoS-based next-hop map in forwarding table */, "dynamic-tunnel-attributes" arg /* Choose the dynamic tunnel attributes used for forwarding */, "tunnel-end-point-address" ( /* Set tunnel end-point address of tunnel */ ipaddr /* Set tunnel end-point address of tunnel */ ), "selected-mldp-egress" /* This node should act as egress node for MLDP inband signalling */, "mhop-bfd-port" /* Use port number 4784 for MPLS-BFD as per RFC5884 */, "no-backup" /* This prefix should not have backup */, "default-action" ( /* Set default policy action */ ("accept" | "reject") ), "next" ( /* Skip to next policy or term */ ("policy" | "term") ), c( "accept" /* Accept a route */, "reject" /* Reject a route */ ), "bgp-output-queue-priority" ( /* Set the BGP Update output queue priority. */ sc( c( "priority" arg /* Output queue priority; higher is better */, "expedited" /* Expedited queue; highest priority */ ) ) ).as(:oneline), "multipath-resolve" /* Use all paths for resolution over this prefix */, "source-routing-path-template" arg /* Spring-te template to apply */, "label-allocation-fallback-reject" /* Suppress prefix export when label allocation fails */, "resolution-map" arg /* Set resolution map modes */, "ignore-service-label" /* Ignore service labels */, "request-long-lived-ack" /* Advertise route after forwarding is programmed */, "send-withdrawal-on-route-change" /* Withdraw route if change is not acked from forwarding */ ) ) end rule(:control_route_filter_type) do s( arg, c( "exact" arg /* Exactly match the prefix length */, "longer" arg /* Mask is greater than the prefix length */, "orlonger" arg /* Mask is greater than or equal to the prefix length */, "upto" arg /* Mask falls between two prefix lengths */, "through" arg /* Route falls between two prefixes */, "prefix-length-range" arg /* Mask falls between two prefix lengths */, "address-mask" arg /* Mask applied to prefix address */ ), c( "label" ( /* Set label for BGP LU label allocation */ sc( c( "range" ( /* Label range */ sc( c( arg /* Label range in : format */ ) ) ).as(:oneline), arg ) ) ).as(:oneline), "get-route-range" /* Get the range */, "metric" ( /* Metric value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */, "igp" ( /* Track the IGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "minimum-igp" ( /* Track the minimum IGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "expression" ( /* Calculate value based on route metric and metric2 */ metric_expression_type /* Calculate value based on route metric and metric2 */ ), "aigp" /* Use aigp, if it exists, to set the IGP metric */, "effective-aigp" ( /* Track the effective AIGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "minimum-effective-aigp" ( /* Track the minimum effective AIGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline) ) ) ), "metric2" ( /* Metric value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "metric3" ( /* Metric value 3 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "metric4" ( /* Metric value 4 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "tag" ( /* Tag string */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "tag2" ( /* Tag string 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "preference" ( /* Preference value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "preference2" ( /* Preference value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "color" ( /* Color (preference) value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "color2" ( /* Color (preference) value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "local-preference" ( /* Local preference associated with a route */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "priority" ( /* Set priority for route installation */ ("high" | "medium" | "low") ), "prefix-segment" ( /* Set prefix segment attributes */ c( "algorithm" arg ( /* Set prefix segment attributes for strict/flex algorithm */ sc( "index" arg /* Set prefix segment index id */, "node-segment" /* Set node segment flag for this prefix segment */ ) ).as(:oneline), "index" arg /* Set prefix segment index id */, "node-segment" /* Set node segment flag for default prefix segment */ ) ), "label-allocation" ( /* Set label allocation mode */ ("per-table" | "per-nexthop" | "per-table-localize") ), "add-path" ( /* Set BGP add-path attributes */ sc( "send-count" arg /* Number of add-paths sent */ ) ).as(:oneline), "validation-state" ( /* Set validation-state of a route */ ("valid" | "invalid" | "unknown") ), "origin" ( /* BGP path origin */ ("igp" | "egp" | "incomplete") ), "aigp-originate" ( /* Originate a BGP AIGP attribute */ sc( "distance" arg /* AIGP distance */ ) ).as(:oneline), "aigp-adjust" ( /* Adjust a BGP AIGP attribute */ sc( c( "add", "subtract", "multiply", "divide" ), c( arg /* Adjustment value */, "distance-to-protocol-nexthop" /* Metric2 */ ) ) ).as(:oneline), "community" ( /* BGP community properties associated with a route */ s( c( "equal-literal" arg /* Set the BGP communities in the route */, "set" arg /* Set the BGP communities in the route */, "plus-literal" arg /* Add BGP communities to the route */, "add" arg /* Add BGP communities to the route */, "minus-literal" arg /* Remove BGP communities from the route */, "delete" arg /* Remove BGP communities from the route */ ), arg ) ).as(:oneline), "tunnel-attribute" ( /* BGP tunnel attribute associated with a route */ s( c( "set" arg /* Set BGP tunnel attribute in the route */, "remove" arg /* Remove BGP tunnel attribute from the route */ ), arg ) ).as(:oneline), "damping" arg /* Define BGP route flap damping parameters */, "aggregate-bandwidth" /* Advertise aggregate outbound link bandwidth */, "limit-bandwidth" arg /* Limit advertised aggregate outbound link bandwidth */, "no-entropy-label-capability" /* Don't advertise entropy label capability */, "as-path-prepend" arg /* Prepend AS numbers to an AS path (BGP only) */, "as-path-expand" ( /* Prepend AS numbers prior to adding local-as (BGP only) */ sc( c( "last-as" ( /* Prepend last AS */ sc( "count" arg /* Repeat count */ ) ).as(:oneline), arg /* AS path string */ ) ) ).as(:oneline), "next-hop" ( /* Set the address of the next-hop router */ sc( c( "self" /* Use a local address as the next-hop address */, "peer-address" /* Use the remote peer address as the next-hop address */, "reject" /* Use a reject next hop */, "discard" /* Use a discard next hop */, "next-table" arg /* Perform a forwarding lookup in the specified table */, ipaddr /* Next-hop address */ ) ) ).as(:oneline), "install-nexthop" ( /* Choose the next hop to be used for forwarding */ sc( c( "strict" /* Do not use any other available next hops */, "strict-named-lsp" /* Do not use any other non-lsp next hops */ ), c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "fallback" ( /* Backup option */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ) ) ) ) ) ) ), "fallback" ( /* Backup option */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ) ) ) ) ) ) ).as(:oneline), "trace" /* Log matches to a trace file */, "external" ( /* External route */ c( "type" arg /* OSPF external metric type */, "nssa-only" /* Clear P-bit on lsa type 7 */ ) ), "load-balance" ( /* Type of load balancing in forwarding table */ sc( c( "per-packet" /* Load balance on a per-packet basis */, "random" /* Load balance using packet random spray */, "per-prefix" /* Load balance on a per-prefix basis */, "consistent-hash" /* Give a prefix consistent load-balancing */, "source-ip-only" /* Give a source based ip load-balancing */, "destination-ip-only" /* Give a destination based ip load-balancing */ ) ) ).as(:oneline), "no-route-localize" /* Force route install on all fib-remote PFEs */, "install-to-fib" /* Install route to fib */, "no-install-to-fib" /* Don't install route to fib */, "analyze" /* Send to registered controllers for analysis */, "class" arg /* Set class-of-service parameters */, "destination-class" arg /* Set destination class in forwarding table */, "source-class" arg /* Set source class in forwarding table */, "forwarding-class" arg /* Set source or destination class in forwarding table */, "map-to-interface" ( /* Set output logical interface */ sc( c( "self" /* Map the interface to itself */, interface_name /* Output logical interface */ ) ) ).as(:oneline), "ssm-source" ( /* List of Sources for SSM mapping */ ipaddr /* List of Sources for SSM mapping */ ), "p2mp-lsp-root" ( /* P2mp lsp root address */ c( "address" ( /* Ipv4 root address */ ipv4addr /* Ipv4 root address */ ) ) ), "cos-next-hop-map" arg /* Set CoS-based next-hop map in forwarding table */, "dynamic-tunnel-attributes" arg /* Choose the dynamic tunnel attributes used for forwarding */, "tunnel-end-point-address" ( /* Set tunnel end-point address of tunnel */ ipaddr /* Set tunnel end-point address of tunnel */ ), "selected-mldp-egress" /* This node should act as egress node for MLDP inband signalling */, "mhop-bfd-port" /* Use port number 4784 for MPLS-BFD as per RFC5884 */, "no-backup" /* This prefix should not have backup */, "default-action" ( /* Set default policy action */ ("accept" | "reject") ), "next" ( /* Skip to next policy or term */ ("policy" | "term") ), c( "accept" /* Accept a route */, "reject" /* Reject a route */ ), "bgp-output-queue-priority" ( /* Set the BGP Update output queue priority. */ sc( c( "priority" arg /* Output queue priority; higher is better */, "expedited" /* Expedited queue; highest priority */ ) ) ).as(:oneline), "multipath-resolve" /* Use all paths for resolution over this prefix */, "source-routing-path-template" arg /* Spring-te template to apply */, "label-allocation-fallback-reject" /* Suppress prefix export when label allocation fails */, "resolution-map" arg /* Set resolution map modes */, "ignore-service-label" /* Ignore service labels */, "request-long-lived-ack" /* Advertise route after forwarding is programmed */, "send-withdrawal-on-route-change" /* Withdraw route if change is not acked from forwarding */ ) ) end rule(:control_rtf_prefix_list_type) do arg.as(:arg) end rule(:control_source_address_filter_list_type) do arg.as(:arg) end rule(:control_source_address_filter_type) do s( arg, c( "exact" arg /* Exactly match the prefix length */, "longer" arg /* Mask is greater than the prefix length */, "orlonger" arg /* Mask is greater than or equal to the prefix length */, "upto" arg /* Mask falls between two prefix lengths */, "through" arg /* Route falls between two prefixes */, "prefix-length-range" arg /* Mask falls between two prefix lengths */ ), c( "metric" ( /* Metric value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */, "igp" ( /* Track the IGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "minimum-igp" ( /* Track the minimum IGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "expression" ( /* Calculate value based on route metric and metric2 */ metric_expression_type /* Calculate value based on route metric and metric2 */ ), "aigp" /* Use aigp, if it exists, to set the IGP metric */, "effective-aigp" ( /* Track the effective AIGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "minimum-effective-aigp" ( /* Track the minimum effective AIGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline) ) ) ), "metric2" ( /* Metric value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "metric3" ( /* Metric value 3 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "metric4" ( /* Metric value 4 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "tag" ( /* Tag string */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "tag2" ( /* Tag string 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "preference" ( /* Preference value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "preference2" ( /* Preference value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "color" ( /* Color (preference) value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "color2" ( /* Color (preference) value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "local-preference" ( /* Local preference associated with a route */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "priority" ( /* Set priority for route installation */ ("high" | "medium" | "low") ), "prefix-segment" ( /* Set prefix segment attributes */ c( "algorithm" arg ( /* Set prefix segment attributes for strict/flex algorithm */ sc( "index" arg /* Set prefix segment index id */, "node-segment" /* Set node segment flag for this prefix segment */ ) ).as(:oneline), "index" arg /* Set prefix segment index id */, "node-segment" /* Set node segment flag for default prefix segment */ ) ), "label-allocation" ( /* Set label allocation mode */ ("per-table" | "per-nexthop" | "per-table-localize") ), "add-path" ( /* Set BGP add-path attributes */ sc( "send-count" arg /* Number of add-paths sent */ ) ).as(:oneline), "validation-state" ( /* Set validation-state of a route */ ("valid" | "invalid" | "unknown") ), "origin" ( /* BGP path origin */ ("igp" | "egp" | "incomplete") ), "aigp-originate" ( /* Originate a BGP AIGP attribute */ sc( "distance" arg /* AIGP distance */ ) ).as(:oneline), "aigp-adjust" ( /* Adjust a BGP AIGP attribute */ sc( c( "add", "subtract", "multiply", "divide" ), c( arg /* Adjustment value */, "distance-to-protocol-nexthop" /* Metric2 */ ) ) ).as(:oneline), "community" ( /* BGP community properties associated with a route */ s( c( "equal-literal" arg /* Set the BGP communities in the route */, "set" arg /* Set the BGP communities in the route */, "plus-literal" arg /* Add BGP communities to the route */, "add" arg /* Add BGP communities to the route */, "minus-literal" arg /* Remove BGP communities from the route */, "delete" arg /* Remove BGP communities from the route */ ), arg ) ).as(:oneline), "tunnel-attribute" ( /* BGP tunnel attribute associated with a route */ s( c( "set" arg /* Set BGP tunnel attribute in the route */, "remove" arg /* Remove BGP tunnel attribute from the route */ ), arg ) ).as(:oneline), "damping" arg /* Define BGP route flap damping parameters */, "aggregate-bandwidth" /* Advertise aggregate outbound link bandwidth */, "limit-bandwidth" arg /* Limit advertised aggregate outbound link bandwidth */, "no-entropy-label-capability" /* Don't advertise entropy label capability */, "as-path-prepend" arg /* Prepend AS numbers to an AS path (BGP only) */, "as-path-expand" ( /* Prepend AS numbers prior to adding local-as (BGP only) */ sc( c( "last-as" ( /* Prepend last AS */ sc( "count" arg /* Repeat count */ ) ).as(:oneline), arg /* AS path string */ ) ) ).as(:oneline), "next-hop" ( /* Set the address of the next-hop router */ sc( c( "self" /* Use a local address as the next-hop address */, "peer-address" /* Use the remote peer address as the next-hop address */, "reject" /* Use a reject next hop */, "discard" /* Use a discard next hop */, "next-table" arg /* Perform a forwarding lookup in the specified table */, ipaddr /* Next-hop address */ ) ) ).as(:oneline), "install-nexthop" ( /* Choose the next hop to be used for forwarding */ sc( c( "strict" /* Do not use any other available next hops */, "strict-named-lsp" /* Do not use any other non-lsp next hops */ ), c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "fallback" ( /* Backup option */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ) ) ) ) ) ) ), "fallback" ( /* Backup option */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ) ) ) ) ) ) ).as(:oneline), "trace" /* Log matches to a trace file */, "external" ( /* External route */ c( "type" arg /* OSPF external metric type */, "nssa-only" /* Clear P-bit on lsa type 7 */ ) ), "load-balance" ( /* Type of load balancing in forwarding table */ sc( c( "per-packet" /* Load balance on a per-packet basis */, "random" /* Load balance using packet random spray */, "per-prefix" /* Load balance on a per-prefix basis */, "consistent-hash" /* Give a prefix consistent load-balancing */, "source-ip-only" /* Give a source based ip load-balancing */, "destination-ip-only" /* Give a destination based ip load-balancing */ ) ) ).as(:oneline), "no-route-localize" /* Force route install on all fib-remote PFEs */, "install-to-fib" /* Install route to fib */, "no-install-to-fib" /* Don't install route to fib */, "analyze" /* Send to registered controllers for analysis */, "class" arg /* Set class-of-service parameters */, "destination-class" arg /* Set destination class in forwarding table */, "source-class" arg /* Set source class in forwarding table */, "forwarding-class" arg /* Set source or destination class in forwarding table */, "map-to-interface" ( /* Set output logical interface */ sc( c( "self" /* Map the interface to itself */, interface_name /* Output logical interface */ ) ) ).as(:oneline), "ssm-source" ( /* List of Sources for SSM mapping */ ipaddr /* List of Sources for SSM mapping */ ), "p2mp-lsp-root" ( /* P2mp lsp root address */ c( "address" ( /* Ipv4 root address */ ipv4addr /* Ipv4 root address */ ) ) ), "cos-next-hop-map" arg /* Set CoS-based next-hop map in forwarding table */, "dynamic-tunnel-attributes" arg /* Choose the dynamic tunnel attributes used for forwarding */, "tunnel-end-point-address" ( /* Set tunnel end-point address of tunnel */ ipaddr /* Set tunnel end-point address of tunnel */ ), "selected-mldp-egress" /* This node should act as egress node for MLDP inband signalling */, "mhop-bfd-port" /* Use port number 4784 for MPLS-BFD as per RFC5884 */, "no-backup" /* This prefix should not have backup */, "default-action" ( /* Set default policy action */ ("accept" | "reject") ), "next" ( /* Skip to next policy or term */ ("policy" | "term") ), c( "accept" /* Accept a route */, "reject" /* Reject a route */ ), "bgp-output-queue-priority" ( /* Set the BGP Update output queue priority. */ sc( c( "priority" arg /* Output queue priority; higher is better */, "expedited" /* Expedited queue; highest priority */ ) ) ).as(:oneline), "multipath-resolve" /* Use all paths for resolution over this prefix */, "source-routing-path-template" arg /* Spring-te template to apply */, "label-allocation-fallback-reject" /* Suppress prefix export when label allocation fails */, "resolution-map" arg /* Set resolution map modes */, "ignore-service-label" /* Ignore service labels */, "request-long-lived-ack" /* Advertise route after forwarding is programmed */, "send-withdrawal-on-route-change" /* Withdraw route if change is not acked from forwarding */ ) ) end rule(:juniper_port_mirror_options) do c( "traceoptions" ( /* Port-mirroring trace options */ sampling_traceoptions_type /* Port-mirroring trace options */ ), "disable" /* Disable the global port-mirroring instance */, "disable-all-instances" /* Disable the all port-mirroring instances */, "mirror-once" /* Sample the packet for port mirroring only once */, "no-preserve-ingress-tag" /* Mirror the packet retaining tag value before normalization */, "remote-port-mirroring" /* Flag to specify about remote-port-mirroring */, "input" ( /* Settings for sampling of input packets */ pm_family_input_type /* Settings for sampling of input packets */ ), "family" ( /* Address family of packets to mirror */ c( "inet" ( /* Mirror IPv4 packets */ c( "input" ( /* Settings for sampling of input packets */ pm_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* One or more next hops for port-mirrored packets */ inet_pm_family_output_type /* One or more next hops for port-mirrored packets */ ) ) ), "inet6" ( /* Mirror IPv6 packets */ c( "input" ( /* Settings for sampling of input packets */ pm_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* One or more next hops for port-mirrored packets */ inet6_pm_family_output_type /* One or more next hops for port-mirrored packets */ ) ) ), "mpls" ( /* Mirror MPLS packets */ c( "input" ( /* Settings for sampling of input packets */ pm_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* One or more next hops for port-mirrored packets */ mpls_pm_family_output_type /* One or more next hops for port-mirrored packets */ ) ) ), "any" ( /* Mirror any packets */ c( "output" ( /* One or more next hops for port-mirrored packets */ any_pm_family_output_type /* One or more next hops for port-mirrored packets */ ) ) ), "vpls" ( /* Mirror Layer-2 bridged/vpls packets */ c( "input" ( /* Settings for sampling of input packets */ pm_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* Destination for port-mirrored packets */ layer2_pm_family_output_type /* Destination for port-mirrored packets */ ) ) ), "ethernet-switching" ( /* Mirror Layer-2 ethernet-switched packets */ c( "output" ( /* Destination for port-mirrored packets */ layer2_pm_family_output_type /* Destination for port-mirrored packets */ ) ) ), "ccc" ( /* Mirror layer-2 ccc packets */ c( "input" ( /* Settings for sampling of input packets */ pm_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* Destination for port-mirrored packets */ layer2_pm_family_output_type /* Destination for port-mirrored packets */ ) ) ) ) ), "instance" arg ( /* Instance of port-mirroring parameters */ c( "disable" /* Disable the this port-mirroring instance */, c( "input" ( /* Settings for sampling of input packets */ pm_family_input_type /* Settings for sampling of input packets */ ), "input-parameters-instance" arg /* Name of port-mirroring instance to use for input parameters */ ), "output" ( /* One or more next hops for port-mirrored packets */ inet_pm_output_type /* One or more next hops for port-mirrored packets */ ), "family" ( /* Address family of packets to mirror */ c( "inet" ( /* Mirror IPv4 packets */ c( "input" ( /* Settings for sampling of input packets */ pm_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* One or more next hops for port-mirrored packets */ inet_pm_family_output_type /* One or more next hops for port-mirrored packets */ ) ) ), "inet6" ( /* Mirror IPv6 packets */ c( "input" ( /* Settings for sampling of input packets */ pm_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* One or more next hops for port-mirrored packets */ inet6_pm_family_output_type /* One or more next hops for port-mirrored packets */ ) ) ), "mpls" ( /* Mirror MPLS packets */ c( "input" ( /* Settings for sampling of input packets */ pm_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* One or more next hops for port-mirrored packets */ mpls_pm_family_output_type /* One or more next hops for port-mirrored packets */ ) ) ), "any" ( /* Mirror any packets */ c( "output" ( /* One or more next hops for port-mirrored packets */ any_pm_family_output_type /* One or more next hops for port-mirrored packets */ ) ) ), "vpls" ( /* Mirror Layer-2 bridged/vpls packets */ c( "input" ( /* Settings for sampling of input packets */ pm_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* Destination for port-mirrored packets */ layer2_pm_family_output_type /* Destination for port-mirrored packets */ ) ) ), "ethernet-switching" ( /* Mirror Layer-2 ethernet-switched packets */ c( "output" ( /* Destination for port-mirrored packets */ layer2_pm_family_output_type /* Destination for port-mirrored packets */ ) ) ), "ccc" ( /* Mirror layer-2 ccc packets */ c( "input" ( /* Settings for sampling of input packets */ pm_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* Destination for port-mirrored packets */ layer2_pm_family_output_type /* Destination for port-mirrored packets */ ) ) ) ) ), "mirror-profile" ( /* Mirror profile to be attached to the instance */ c( arg ) ) ) ) ) end rule(:any_pm_family_output_type) do c( c( "interface" ( /* Interfaces through which to send sampled traffic */ any_pm_intf_type /* Interfaces through which to send sampled traffic */ ), "next-hop-group" arg /* Next-hop-group through which to send port-mirror traffic */ ), "no-filter-check" /* Do not check for filters on port-mirroring interface */, "hosted-service" ( /* Configure Hosted Service */ c( "server-profile" arg /* Server profile name */ ) ) ) end rule(:any_pm_intf_type) do arg.as(:arg) ( c( "next-hop" ( /* Address of next hop through which to send sampled traffic */ inet_next_hop_type /* Address of next hop through which to send sampled traffic */ ) ) ) end rule(:inet6_pm_family_output_type) do c( c( "interface" ( /* Interfaces through which to send sampled traffic */ inet6_pm_intf_type /* Interfaces through which to send sampled traffic */ ), "next-hop-group" arg /* Next-hop-group through which to send port-mirror traffic */ ), "policer" arg /* Name of policer to use to rate-limit traffic */, "forwarding-class" arg /* Forwarding-class for TOS */, "no-filter-check" /* Do not check for filters on port-mirroring interface */, "ipv6-address" ( /* ERSPAN Destination IPv6 Address */ ipv6addr /* ERSPAN Destination IPv6 Address */ ), "routing-instance" ( /* Routing instances */ inet6_pm_output_routing_instance_type /* Routing instances */ ), "server-profile" arg /* Server profile name */ ) end rule(:inet6_pm_intf_type) do arg.as(:arg) ( c( "next-hop" ( /* Address of next hop through which to send sampled traffic */ inet6_next_hop_type /* Address of next hop through which to send sampled traffic */ ) ) ) end rule(:inet6_next_hop_type) do arg.as(:arg) end rule(:inet6_pm_output_routing_instance_type) do arg.as(:arg) ( c( "ipv6-address" ( /* ERSPAN Destination IPv6 Address */ ipv6addr /* ERSPAN Destination IPv6 Address */ ) ) ) end rule(:inet_next_hop_type) do arg.as(:arg) end rule(:inet_pm_family_output_type) do c( c( "interface" ( /* Interfaces through which to send sampled traffic */ inet_pm_intf_type /* Interfaces through which to send sampled traffic */ ), "next-hop-group" arg /* Next-hop-group through which to send port-mirror traffic */ ), "no-filter-check" /* Do not check for filters on port-mirroring interface */, "ip-address" ( /* ERSPAN Destination IP Address */ ipv4addr /* ERSPAN Destination IP Address */ ), "routing-instance" ( /* Routing instances */ inet_pm_output_routing_instance_type /* Routing instances */ ), "server-profile" arg /* Server profile name */, "policer" arg /* Name of policer to use to rate-limit traffic */, "forwarding-class" arg /* Forwarding-class for TOS */ ) end rule(:inet_pm_intf_type) do arg.as(:arg) ( c( "next-hop" ( /* Address of next hop through which to send sampled traffic */ inet_next_hop_type /* Address of next hop through which to send sampled traffic */ ) ) ) end rule(:inet_pm_output_routing_instance_type) do arg.as(:arg) ( c( "ip-address" ( /* ERSPAN Destination IP Address */ ipv4addr /* ERSPAN Destination IP Address */ ) ) ) end rule(:inet_pm_output_type) do c( "ip-source-address" ( /* IP source address */ ipv4addr /* IP source address */ ), "ip-destination-address" ( /* IP destination address */ ipv4addr /* IP destination address */ ), "policer" arg /* Name of policer to use to rate-limit traffic */, "dscp" arg /* Numeric DSCP value in the range 0 to 63 */, "forwarding-class" arg /* Forwarding-class for TOS */ ) end rule(:juniper_protected_system_domain) do arg.as(:arg) ( c( "description" arg /* Description of protected system domain */, "fpcs" arg /* FPC associated with protected system domain */, "lcc" arg ( c( "fpcs" arg /* FPC associated with protected system domain */ ) ), "control-system-id" arg /* Control system identifier */, "control-slot-numbers" arg /* Slots associated with protected system domain */, "control-plane-bandwidth-percent" arg /* Percentage of control plane bandwidth */ ) ) end rule(:juniper_protected_system_domain_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("configuration" | "rtsock" | "ipc" | "init" | "psd" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:juniper_protocols) do c( "router-advertisement" ( /* IPv6 router advertisement options */ c( "traceoptions" ( /* Trace options for router advertisement */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) /* Tracing parameters */.as(:oneline) ) ), "interface" ("$junos-interface-name" | arg) ( /* Interfaces on which to configure router advertisement */ c( "preference" ( /* Set the Preference for Router Selection */ ("medium" | "high" | "low") ), "max-advertisement-interval" arg /* Maximum advertisement interval */, "min-advertisement-interval" arg /* Minimum advertisement interval */, "managed-configuration" /* Set managed address configuration */, "no-managed-configuration" /* Don't set managed address configuration */, "other-stateful-configuration" /* Set other stateful configuration */, "no-other-stateful-configuration" /* Don't set other stateful configuration */, "link-mtu" /* Link MTU */, "no-link-mtu" /* Don't link MTU */, "solicit-router-advertisement-unicast" /* Enbale solicited router advertisement as unicast */, "reachable-time" arg /* Reachable time */, "retransmit-timer" arg /* Retransmit timer */, "virtual-router-only" /* Send advertisemnets only for vrrp-inet6-group */, "current-hop-limit" arg /* Current hop limit */, "default-lifetime" arg /* Router lifetime */, "dns-server-address" ("$junos-ipv6-dns-server-address" | arg) ( /* Recursive DNS address configuration */ c( "lifetime" arg /* DNS address lifetime */ ) ), "prefix" arg ( /* Prefix configuration */ c( "valid-lifetime" arg /* Valid lifetime (fixed) */, "on-link" /* Set on-link flag */, "no-on-link" /* Don't set on-link flag */, "preferred-lifetime" arg /* Preferred lifetime (fixed) */, "autonomous" /* Set autonomous flag */, "no-autonomous" /* Don't set autonomous flag */ ) ), "dns-search-list" arg ( /* DNS search list configuration */ c( "lifetime" arg /* DNS search list lifetime */ ) ), "rio-prefix" arg ( /* Route information option configuration */ c( "rio-lifetime" arg /* Route information lifetime */, "rio-preference" ( /* Set the preference for route information */ ("medium" | "high" | "low") ) ) ) ) ), "ra-secure" ( /* Protect box against rogue incoming RA messages */ c( "accept-current-hop-limit-min" arg /* Current hop limit acceptable min for incoming RA */, "accept-current-hop-limit-max" arg /* Current hop acceptable min for incoming RA */, "accept-reachable-time-min" arg /* Reachable Time acceptable min for incoming RA */, "accept-reachable-time-max" arg /* Reachable Time acceptable max for incoming RA */, "accept-retransmit-time-min" arg /* Retransmit Time acceptable min for incoming RA */, "accept-retransmit-time-max" arg /* Retransmit Time acceptable min for incoming RA */ ) ) ) ), "neighbor-discovery" ( /* IPv6 neighbor discovery */ c( "onlink-subnet-only" /* Onlink subnet only knob */, "no-dad-on-state-change" /* Disable DAD on interface state change */, "ndp-proxy" ( /* Configure NDP PROXY behaviour */ c( "no-proxy-on-resolve" /* Disable proxy on unresolved address */ ) ), "dad-proxy" ( /* Configure DAD PROXY behaviour */ c( "no-proxy-on-resolve" /* Disable proxy on unresolved address */ ) ), "secure" ( /* SEND process configuration */ c( "security-level" ( /* Security level */ c( c( "default" /* Default level */, "secure-messages-only" /* Allow only secure messages */ ) ) ), "cryptographic-address" ( /* Cryptographic address configuration */ c( "key-length" arg /* RSA key length in bits */, "key-pair" arg /* Pathname of RSA key file */ ) ), "timestamp" ( /* Timestamp option configuration */ c( "new-peer-window" arg /* New peer window (delta) */, "known-peer-window" arg /* Known peer window (fuzz) */, "clock-drift" ( /* Clock drift */ unsigned_float /* Clock drift */ ) ) ), "traceoptions" ( /* Trace options for SEND */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("cryptographic-address" | "configuration" | "protocol" | "rsa" | "all")) /* Tracing parameters */.as(:oneline) ) ) ) ) ) ), "iccp" ( /* ICCP options */ c( "local-ip-addr" ( /* Local IP address to use by default for all peers */ ipv4addr /* Local IP address to use by default for all peers */ ), "session-establishment-hold-time" arg /* Time within which connection must succeed with peers */, "authentication-key" arg /* MD5 authentication key for all peers */, "peer" ( /* Redundancy Group Configuration */ peer_group /* Redundancy Group Configuration */ ), "traceoptions" ( /* Trace options for ICCP */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("error" | "event" | "packet" | "pipe" | "pipe-detail" | "all")) /* Trace flag information */.as(:oneline) ) ) ) ), "ilmi" ( /* Interim Local Management Interface Protocol configuration */ c( "traceoptions" ( /* ILMI trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("database" | "routing-socket" | "state" | "debug" | "event" | "packet" | "all")) /* Tracing parameters */.as(:oneline) ) ) ) ), "lacp" ( /* Link Aggregation Control Protocol configuration */ c( "traceoptions" ( /* LACP trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "routing-socket" | "process" | "startup" | "protocol" | "packet" | "ppm" | "bfd" | "mc-ae" | "all")) /* Events and packet types to include in the trace */.as(:oneline) ) ), "ppm" ( /* Force PPM processing */ ("centralized" | "inline") ), "fast-hello-issu" /* ISSU support for peer lacp configured in fast periodic */ ) ), "oam" ( /* Operation, Administration, and Management configuration */ c( "ethernet" ( /* OAM configuration for Ethernet */ c( "link-fault-management" ( /* 802.3ah Ethernet OAM configuration */ c( "hardware-assisted-keepalives" /* Enable delegating keepalives to hardware */, "traceoptions" ( /* Trace options for link-fault management */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "routing-socket" | "protocol" | "action-profile" | "all")) /* Tracing parameters */.as(:oneline) ) ), "action-profile" arg ( /* Define an action profile */ c( "event" ( /* Events this action profile will check */ c( "link-adjacency-loss" /* Loss of adjacency with OAM peer */, "protocol-down" /* Upper layer indication on protocol down */, "link-event-rate" ( c( "symbol-period" arg /* Rate of receiving symbol period events */, "frame-error" arg /* Rate of receiving frame error events */, "frame-period" arg /* Rate of receiving frame period events */, "frame-period-summary" arg /* Rate of receiving frame period summary events */ ) ) ) ), "action" ( /* Action to take on specified events */ c( "syslog" /* Generate syslog message */, "link-down" /* Mark the interface down for transit traffic */, "send-critical-event" /* Start sending OAM PDUs with critical event bit set */ ) ) ) ), "interface" arg ( /* Interface on which to set Ethernet OAM parameters */ c( "apply-action-profile" arg /* Apply the specified action profile on the interface */, "pdu-interval" arg /* Periodic OAM protocol data unit interval */, "loopback-tracking" /* Enable link down on loopback detection */, "detect-loc" /* Detects initial lack of adjacency formation */, "link-discovery" ( /* Mode of discovery */ ("active" | "passive") ), "pdu-threshold" arg /* Number of PDUs missed before declaring peer lost */, "remote-loopback" /* Put remote DTE into remote-loopback mode */, "negotiation-options" ( /* 802.3ah features supported on the interface */ c( "no-allow-link-events" /* Do not emit periodic PDUs detailing framing and symbol errors */, "allow-remote-loopback" /* Allow local port to be put into loopback mode */ ) ), "event-thresholds" ( /* Thresholds for sending 802.3ah events */ c( "symbol-period" arg /* Threshold for sending symbol period events */, "frame-error" arg /* Threshold for sending frame error events */, "frame-period" arg /* Threshold for sending frame period error events */, "frame-period-summary" arg /* Threshold for sending frame period summary error events */ ) ) ) ) ) ), "connectivity-fault-management" ( /* Configurations related to 802.1ag ethernet oam */ c( "performance-monitoring" ( /* Configurations related to ethernet performance monitoring */ c( "hardware-assisted-timestamping" /* Enable timestamping feature in hardware */, "delegate-server-processing" /* Delegate performance measurement request handling to PFE */, "hardware-assisted-keepalives" ( /* Enable/Disable delegating keepalives to hardware */ ("enable" | "disable") ), "hardware-assisted-pm" /* Enable inline support for performance monitoring */, "enhanced-sla-iterator" /* Enable Enhanced SLA Iterator Cycle-time */, "measurement-interval" ( /* Enables measurement-interval based PM (MEF 36 mode). Default 15 min in enhanced-cfm-mode */ ("2" | "5" | "15" | "30" | "60") ), "legacy-pm-display" /* Display Legacy PM output (for DM) in MEF mode. */, "sla-iterator-profiles" arg ( /* Configuration related to an sla monitoring iterator */ c( "disable" /* Disable the iterator profile */, "measurement-type" ( /* Choice of the type of Y.1731(SLA measurement) frame to be sent */ ("two-way-delay" | "loss" | "slm" | "statistical-frame-loss") ), "flap-trap-monitor" arg /* Configurable timer value 1-360 */, "cycle-time" arg /* Time period of an iterator profile */, "iteration-period" arg /* Maximum services under this iterator profile */, "calculation-weight" ( /* Configure delay and delay variation calculation weight */ c( "delay" arg /* Weight used in delay calculation */, "delay-variation" arg /* Weight used in delay-variation calculation */ ) ), "avg-flr-forward-threshold" ( /* Avg forward flr threshold */ c( arg, "flap-trap-monitor" arg /* Configurable timer value 1-360 */ ) ), "avg-flr-backward-threshold" ( /* Avg backward flr threshold */ c( arg, "flap-trap-monitor" arg /* Configurable timer value 1-360 */ ) ), "avg-fd-twoway-threshold" ( /* Avg frame delay threshold value */ c( arg, "flap-trap-monitor" arg /* Configurable timer value 1-360 */ ) ), "avg-fdv-twoway-threshold" ( /* Avg frame delay variance threshold */ c( arg, "flap-trap-monitor" arg /* Configurable timer value 1-360 */ ) ), "measurement-interval" ( /* Measurement-interval to be used for this PM session (MEF 36 mode) */ ("2" | "5" | "15" | "30" | "60") ), "frame-delay" ( /* Bin configuration for frame delay */ c( "num-bins" arg /* Max number of bins */, "two-way" ( /* Bin configuration for 2way frame delay */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ), "forward" ( /* Bin configuration for forward frame delay */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ), "backward" ( /* Bin configuration for backward frame delay */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ) ) ), "frame-delay-range" ( /* Bin configuration for frame delay range */ c( "num-bins" arg /* Max number of bins */, "two-way" ( /* Bin configuration for 2way frame delay range */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ), "forward" ( /* Bin configuration for forward frame delay range */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ), "backward" ( /* Bin configuration for backward frame delay range */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ) ) ), "ifdv" ( /* Bin configuration for IFDV */ c( "num-bins" arg /* Max number of bins */, "two-way" ( /* Bin configuration for 2way IFDV */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ), "forward" ( /* Bin configuration for forward IFDV */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ), "backward" ( /* Bin configuration for backward IFDV */ c( "lower-threshold-bin" arg /* Lower threshold bin configuration in ascending order */ ) ) ) ), "availability" ( /* Configuration of availabilty related parameters (MEF 36 mode) */ c( "num-consecutive-pdus" arg /* Number of consecutive LM/SLM PDUs to be used in availability measurement */, "flr-threshold" arg /* FLR threshold in milli-percent to be used for evaluating availability */, "num-consecutive-intervals" arg /* Number of consecutive availability indicators to detect change in availability */, "num-consecutive-highflr" arg /* Number of consecutive availability indicators to access CHLI */ ) ) ) ), "interface" arg ( /* Name of interface for the performance monitoring */ sc( "enable-multiclass-loss-measurement" /* Disable multiclass loss measurement in hardware */, "code-point-based-lm-accounting" /* Enable code point based loss measurement in hardware */, "priority-based-lm-accounting" /* Enable priority based loss measurement in hardware */ ) ).as(:oneline), "enable-multiclass-loss-measurement" /* Disable multiclass loss measurement in hardware */, "code-point-based-lm-accounting" /* Enable code point based loss measurement in hardware */, "priority-based-lm-accounting" /* Enable priority based loss measurement in hardware */, "colorless-loss-measurement" /* Enable colorless loss measurement in hardware */ ) ), "connection-protection" ( /* Configurations related to Carrier Ethernet Transport Mode */ c( "mark-connection-protection-tlv" /* Enable marking of Connection Protection TLV */, "uhp-label-lookup" /* Enable lookup for special UHP labels */ ) ), "no-aggregate-delegate-processing" /* Do not distribute aggregate session to pfe */, "enhanced-cfm-mode" /* Enables Enhanced CFM Mode */, "expected-defect" ( /* Configure Expected Defect Parameters */ c( "rx-enable" /* Enables Expected Defect PDU processing */, "rx-max-duration" arg /* Max duration that is allowed in EDM in secs */, "tx-enable" /* Enables Expected Defect PDU transmission */, "tx-duration" arg /* Duration value in secs for Peer to suppress alarms */ ) ), "traceoptions" ( /* Trace options for connectivity fault management */ cfm_traceoptions /* Trace options for connectivity fault management */ ), "action-profile" arg ( /* Action profiles to use when one or more remote maintenance association endpoints are down */ c( "event" ( /* Events that need to be monitored */ c( "interface-status-tlv" ( /* Values that need to be monitored in interface status TLV */ ("down" | "lower-layer-down") ), "port-status-tlv" ( /* Values that need to be monitored in port status TLV */ ("blocked") ), "adjacency-loss" /* Connectivity is lost */, "rdi" /* RDI received from some MEP */, "connection-protection-tlv" ( /* Values that need to be monitored in connection protection TLV */ ("using-working-path" | "using-protection-path") ), "server-mep-defects" ( /* Defects which are monitored by Server MEP */ ("link-loss-defect" | "l2circuit-defect" | "l2vpn-defect") ), "ais-trigger-condition" ( /* Defect condition that generates alarm indication signal */ ("all-defects" | "adjacency-loss" | "cross-connect-ccm" | "erroneous-ccm" | "receive-ais") ) ) ), "action" ( c( "interface-down" /* Mark the interface as down */, "revertive-interface-down" /* Wait for CC loss-threshold to bring back the interface up */, "non-revertive-interface-down" /* Interface will not be brought up when CC is received */, "propagate-remote-mac-flush" /* Remote mac-flush */, "interface-group-down" /* Mark the interface group as down */, "asynchronous-notification" /* Generate asynchronous notification (Laser-off for optical phys) */, "log-and-generate-ais" ( c( "level" arg /* Server maintenance domain levels range */, "interval" ( /* Interval between AIS messages */ ("1s" | "1m") ), "priority" arg /* 802.1p priority of AIS packet */ ) ) ) ), "clear-action" ( c( "interface-down" ( /* Mark the interface as down */ sc( "peer-interface" /* Mark the interface as down */ ) ).as(:oneline), "propagate-remote-mac-flush" /* Remote mac flush */ ) ), "default-actions" ( /* Action that needs to be taken */ c( "interface-down" /* Bring the interface down */ ) ) ) ), "server-mep" arg ( /* Server MEP to use when generation of AIS is required to monitor different services */ c( "protocol" ( /* Protocol that needs to be monitored by Server MEP */ c( c( "l2circuit" ( /* Protocol that need to be monitored is l2circuit protocol */ sc( "interface" ( /* Interface which is participating in l2circuit service */ sc( interface_name /* Interface name */ ) ).as(:oneline) ) ).as(:oneline), "l2vpn" ( /* Protocol that need to be monitored is l2vpn protocol */ sc( "interface" ( /* Interface which is participating in l2vpn service */ sc( interface_name /* Interface name */ ) ).as(:oneline) ) ).as(:oneline), "ethernet" ( /* Protocol that need to be monitored is physical ethernet service */ sc( "interface" ( /* Interface which is going to be monitored */ sc( interface_device /* Interface name */ ) ).as(:oneline) ) ).as(:oneline) ) ) ), "action-profile" ( /* Attached action profile for this Server MEP */ c( arg /* Name of the action profile */ ) ) ) ), "policer" ( /* Rate limit Ethernet OAM packets for all sessions */ c( "continuity-check" arg /* Policer to rate limit Continuity Check Ethernet OAM messages */, "other" arg /* Policer to rate limit non Continuity Check Ethernet OAM messages */, "all" arg /* Policer to rate limit all Ethernet OAM messages */ ) ), "linktrace" ( /* Linktrace protocol global options */ c( "path-database-size" arg /* Number of linktrace reply entries to be stored per linktrace request */, "age" ( /* Time after which a stale request-response entry is deleted */ ("10s" | "30s" | "1m" | "10m" | "30m") ) ) ), "maintenance-domain" ("default-0" | "default-1" | "default-2" | "default-3" | "default-4" | "default-5" | "default-6" | "default-7" | arg) ( /* Maintenance domain configuration */ c( "bridge-domain" arg ( /* Bridge-domain information for the default maintenance domain */ sc( "vlan-id" arg /* VLAN id */ ) ).as(:oneline), "vlan" arg /* VLAN information for the default maintenance domain */.as(:oneline), "virtual-switch" arg ( /* Virtual switch Bridge-domain information for the default maintenance domain */ c( "bridge-domain" arg ( sc( "vlan-id" arg /* VLAN id */ ) ).as(:oneline) ) ), "instance" arg /* VPLS instance name for the default maintenance domain */.as(:oneline), "interface" arg /* Name of interface for the default maintenance domain */.as(:oneline), "level" arg /* Level value for maintenance domain */, "name-format" ( /* Format of maintenance domain name */ ("none" | "dns" | "mac+2oct" | "character-string") ), "mip-half-function" ( /* Half function to be implemented by MIP */ ("none" | "default" | "explicit") ), "maintenance-association" arg ( /* Maintenance association configuration */ c( "debug-session" /* Debug the CFM session */, "short-name-format" ( /* Format of Maintenance Association Name */ ("2octet" | "rfc-2685-vpn-id" | "vlan" | "character-string" | "icc") ), "protect-maintenance-association" ( /* Maintenance association used for connection protection */ sc( arg, "aps-profile" arg /* Name of the automatic-protection-switching profile */, "detect-path-type" /* Enable detection of working and protect paths */ ) ).as(:oneline), "primary-vid" ( /* VLAN id */ ("none" | arg) ), "continuity-check" ( /* Continuity check configuration */ c( "interval" ( /* Interval between continuity-check messages */ ("10ms" | "100ms" | "1s" | "10s" | "1m" | "10m" | "3.3ms") ), "loss-threshold" arg /* Number of continuity-check messages lost before marking endpoint as down */, "hold-interval" arg /* Time before flushing MEP database if no updates occur */, "port-status-tlv" /* Include port status TLV in CCM */, "interface-status-tlv" /* Include interface status TLV in CCM */, "connection-protection-tlv" /* Include connection protection OUI TLV in CCM */, "convey-loss-threshold" /* Include Loss Threshold OUI TLV in CCM */, "interface-status-send-rdi" /* Send RDI on interface operation status down in CCM */, "sendid-tlv" ( /* Include sendid-tlv in CCM/LBM/LTM */ c( "send-chassis-tlv" /* Attach Chassis ID & Mgmt Addr to CCM/LBM/LTM */ ) ) ) ), "mip-half-function" ( /* Half function to be implemented by MIP */ ("none" | "default" | "explicit" | "defer") ), "mep" arg ( /* Maintenance association endpoint configuration */ c( "interface" ( /* Name of interface */ sc( interface_unit, "vlan" arg /* Trunk port interface VLAN identifier */, c( "working" /* Monitory the primary path */, "protect" /* Monitory the protect path */ ) ) ).as(:oneline), "direction" ( /* Direction of maintenance endpoint */ ("up" | "down") ), "priority" arg /* 802.1p priority of continuity-check and link-trace packet */, "auto-discovery" /* Accept continuity-check messages from all remote MEPs */, "action-profile" arg /* Name of the action profile */, "remote-mep" arg ( /* Remote maintenance association endpoint configuration */ c( "action-profile" arg /* Name of the action profile */, "interface-group" ( /* Mark this interface group down Profile configured with action interface-group-down */ c( interface_device /* Interface device name */, "unit-list" arg /* One or more logical interface unit numbers */ ) ), "sla-iterator-profile" arg ( /* Name of the iterator profile */ c( "iteration-count" arg /* Iterations to partake for acquiring SLA measurements */, "priority" arg /* The vlan pcp value to be sent in the Y.1731 frame */, "data-tlv-size" arg /* Size of the data-tlv portion of Y.1731 frame */ ) ), "detect-loc" /* Detects initial loss of connectivity with remote mep */ ) ), "lowest-priority-defect" ( /* Lowest priority defect that is allowed to generate a fault alarm */ ("all-defects" | "mac-rem-err-xcon" | "rem-err-xcon" | "err-xcon" | "xcon" | "no-defect") ) ) ), "policer" ( /* Rate limit Ethernet OAM packets for this session */ c( "continuity-check" arg /* Policer to rate limit Continuity Check Ethernet OAM messages */, "other" arg /* Policer to rate limit non Continuity Check Ethernet OAM messages */, "all" arg /* Policer to rate limit all Ethernet OAM messages */ ) ) ) ) ) ), "sendid-tlv" ( /* Include sendid-tlv in CCM/LBM/LTM */ c( "send-chassis-tlv" /* Attach Chassis ID & Mgmt Addr to CCM/LBM/LTM */ ) ) ) ), "evcs" arg ( /* Ethernet virtual circuits configuration */ c( "evc-protocol" ( /* Signaling protocol to monitor EVC status */ sc( c( "cfm" ( /* Connectivity fault management */ sc( "maintenance-domain" arg /* Maintenance domain name */, "maintenance-association" arg /* Maintenance association name */, "mep" arg /* Identifier for maintenance association endpoint */, "faults" ( /* CFM faults to trigger ELMI */ c( "rdi" /* RDI received from some MEP */ ) ) ) ).as(:oneline), "vpls" ( /* Virtual private LAN service (BGP/LDP) */ sc( "routing-instance" arg /* Routing instance name */ ) ).as(:oneline), "l2circuit" ( /* L2circuit */ c( "interface" ( /* Name of interface forming the Layer 2 circuit */ sc( interface_name ) ).as(:oneline) ) ), "l2vpn" ( /* L2vpn */ c( "interface" ( /* Name of interface forming the Layer 2 VPN */ sc( interface_name ) ).as(:oneline) ) ) ) ) ).as(:oneline), "remote-uni-count" arg /* Number of remote UNIs in the EVC */, "async-status-msg-transmit-interval" arg /* Time interval between E-LMI async status messages per EVC */, "multipoint-to-multipoint" /* Multipoint to Multipoint EVC */ ) ), "lmi" ( /* Ethernet local management interface configuration */ c( "traceoptions" ( /* Trace options for ethernet local management interface */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "routing-socket" | "protocol" | "init" | "error" | "packet" | "all")) /* Tracing parameters */.as(:oneline) ) ), "status-counter" arg /* E-LMI status counter (N393) */, "polling-verification-timer" arg /* Polling verification timer (T392) */, "interface" arg ( /* Interface options */ c( "uni-id" arg /* UNI identifier */, "status-counter" arg /* E-LMI status counter (N393) */, "polling-verification-timer" arg /* Polling verification timer (T392) */, "evc-map-type" ( /* CE-VLAN ID/EVC map type */ ("all-to-one-bundling" | "service-multiplexing" | "bundling") ), "evc" arg ( /* EVC configuration */ c( "default-evc" /* Default EVC */, "vlan-list" arg /* Vlans mapped to this EVC */ ) ) ) ) ) ), "fnp" ( /* Failure notification protocol configuration */ c( "traceoptions" ( /* Tracing options for FNP */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("events" | "pdu" | "timers" | "error" | "all")) /* Tracing parameters */.as(:oneline) ) ), "interval" ( /* Interval between FNP messages */ ("100ms" | "1s" | "10s" | "1m" | "10m") ), "loss-threshold" arg /* Number of FNP messages lost before clearing FNP state */, "interface" arg ( /* Interface configuration */ c( "domain-id" arg /* Ethernet domain identifier */ ) ) ) ) ) ), "gre-tunnel" ( c( "traceoptions" ( /* Trace options for GRE keepalives */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "routing-socket" | "protocol" | "snmp" | "all")) /* Tracing parameters */.as(:oneline) ) ), "interface" arg ( c( "keepalive-time" arg /* Keepalive time */, "hold-time" arg /* Hold time */ ) ) ) ) ) ), "ancp" ( /* Access Node Control Protocol options */ juniper_protocols_ancp /* Access Node Control Protocol options */ ), "bfd" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "traceoptions" ( /* Trace options for BFD */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("adjacency" | "event" | "error" | "rtsock" | "packet" | "ppm-packet" | "pipe" | "pipe-detail" | "state" | "timer" | "nsr-synchronization" | "nsr-packet" | "issu" | "slow-start" | "session" | "all")) /* Trace flag information */.as(:oneline) ) ), "no-issu-timer-negotiation" /* Disable ISSU timer negotiation */, "sbfd" ( /* Seamless BFD parameters */ c( "pool" arg /* List of seamless BFD endpoints */, "local-discriminator" arg ( /* Local discriminator for seamless BFD responder */ c( "minimum-receive-interval" arg /* Minimum receive interval for seamless BFD responder */, "local-ip-address" ( /* IPv4 source address */ ipv4addr /* IPv4 source address */ ) ) ) ) ) ) ), "ptp" ( /* Precision Time Protocol v2 options */ c( "acquiring-state-announce-grandmaster" /* Use grandmaster data set for announce messages when in acquiring state */, "clock-mode" ( /* Clock mode */ ("ordinary" | "boundary") ), "profile-type" ( /* PTP profile type */ ("ieee1588v2-custom" | "g.8275.1" | "g.8275.1.enh" | "g.8275.2" | "g.8275.2.enh" | "enterprise-profile" | "smpte" | "aes67" | "aes67-smpte") ), "e2e-transparent" /* Enable end-to-end IEEE1588 transparent clock functionality */, "syntonized-e2e-transparent" /* Enable end-to-end Syntonized IEEE1588 transparent clock functionality */, "timescale" ( /* The timescale of Master */ ("arbitrary") ), "priority1" arg /* Used in selecting best master clock */, "priority2" arg /* Tie-breaker in selecting best master clock */, "local-priority" arg /* Priority assigned to the local clock */, "domain" arg /* PTP domain number */, "path-trace" /* Enable path tracing */, "holdover-time-error-budget" arg /* PTP clock holdover in specification time error budget in ns */, "unicast-negotiation" /* Enable unicast negotiation */, "disable-lag-revertive-switchover" /* Disable revertive switchover for LAG */, "phy-timestamping" /* PHY time-stamping feature */, "ipv4-dscp" arg /* IPv4 dscp value to be used for PTP packets */, "ipv6-dscp" arg /* IPv6 dscp value to be used for PTP packets */, "performance-monitor" ( /* PTP packet delay metrics */ c( "threshold" ( /* Configure delay and jitter thresholds */ c( "min-outbound-delay" arg /* Configure minimum outbound delay */, "max-outbound-delay" arg /* Configure maximum outbound delay */, "min-inbound-delay" arg /* Configure minimum inbound delay */, "max-inbound-delay" arg /* Configure maximum inbound delay */, "max-inbound-jitter-neg" arg /* Configure max inbound negetive jitter */, "max-inbound-jitter-pos" arg /* Configure max inbound positive jitter */, "max-outbound-jitter-neg" arg /* Configure max outbound negetive jitter */, "max-outbound-jitter-pos" arg /* Configure max outbound positive jitter */ ) ) ) ), "utc-leap-seconds" arg /* UTC leap seconds offset */, "slave" ( /* PTP Slave parameters */ c( "frequency-only" /* Only for frequency syntonization */, "delay-request" arg /* Log mean interval between delay requests */, "announce-timeout" arg /* Timeout period for announce messages */, "announce-interval" arg /* Log mean interval between announce messages */, "sync-interval" arg /* Requested log mean interval between sync messages */, "grant-duration" arg /* Length of grants in seconds requested during unicast-negotiation */, "convert-clock-class-to-quality-level" /* Enable PTP clock class to ESMC quality level mapping */, "clock-class-to-quality-level-mapping" ( /* PTP clock class to ESMC quality level mapping */ c( "quality-level" enum(("prc" | "ssu-a" | "ssu-b" | "sec" | "prs" | "st2" | "tnc" | "st3e" | "st3" | "smc" | "st4" | "stu")) ( c( "clock-class" arg /* PTP clock class threshold value */ ) ) ) ), "interface" arg ( /* Interface on which to respond to upstream PTP master */ c( "unicast-mode" ( /* Configure upstream unicast PTP master clock sources */ c( "transport" ( /* Encapsulation for PTP packet transport */ ("ipv4" | "ipv6") ), "announce-timeout" arg /* Timeout period for announce messages */, "local-priority" arg /* Priority assigned to the port */, "clock-source" ( /* Configure PTP master parameters */ s( arg, "local-ip-address" arg /* Must be IP address on local interface */, c( "asymmetry" arg /* Adjust the slave-to-master delay by value specified in nanoseconds */, "primary-asymmetry" arg /* Adjust asymmetry for primary interface in slave-to-master delay */, "secondary-asymmetry" arg /* Adjust asymmetry for secondary interface in slave-to-master delay */, "announce-interval" arg /* Log mean interval between announce messages */, "delay-request" arg /* Log mean interval between delay requests */, "sync-interval" arg /* Requested log mean interval between sync messages */, "dscp" arg /* IP DSCP value for this stream */, "grant-duration" arg /* Length of grants in seconds requested during unicast-negotiation */ ) ) ) ) ), "multicast-mode" ( /* Configure PTP slave clock to use multicast frames */ c( "transport" ( /* Encapsulation for PTP packet transport */ c( c( "ieee-802.3" ( /* PTP over 802.3 frames */ sc( "link-local" /* Use link local 802.3 MAC address */ ) ).as(:oneline), "ipv4" /* Use IP as transport */.as(:oneline) ) ) ), "local-priority" arg /* Priority assigned to the port */, "asymmetry" arg /* Adjust the slave-to-master delay by value specified in nanoseconds */, "primary-asymmetry" arg /* Adjust asymmetry for primary interface in slave-to-master delay */, "secondary-asymmetry" arg /* Adjust asymmetry for secondary interface in slave-to-master delay */, "local-ip-address" ( /* IP address on local interface */ ipv4addr /* IP address on local interface */ ), "l2-ifl" arg /* Physical L2 IFL for forwarding on IRB */ ) ), "primary" arg /* Configure primary interface name for the ae bundle */, "secondary" arg /* Configure secondary interface name for the ae bundle */ ) ), "hybrid" ( /* Hybrid mode configuration options */ c( "periodic-alignment" ( /* PTP hybrid periodic phase re-alignment */ ("enable" | "disable") ), "re-alignment-threshold" arg, "synchronous-ethernet-mapping" ( /* PTP source to synchronous ethernet interface mapping */ c( "clock-source" arg ( /* PTP source being mapped */ c( "interface" (arg) /* Synchonous ethernet interface name */ ) ) ) ) ) ) ) ), "master" ( /* PTP Master parameters */ c( "announce-interval" arg /* Log mean interval between announce messages */, "sync-interval" arg /* Log mean interval between sync messages */, "min-announce-interval" arg /* Min log mean interval between announce messages */, "max-announce-interval" arg /* Max log mean interval between announce messages */, "min-sync-interval" arg /* Min log mean interval between sync messages */, "max-sync-interval" arg /* Max log mean interval between sync messages */, "min-delay-response-interval" arg /* Min log mean interval between delay-resp messages */, "max-delay-response-interval" arg /* Max log mean interval between delay-resp messages */, "delay-req-timeout" arg /* Max timeout(in secs) for delay request messages */, "clock-step" ( /* Type of clock step */ ("one-step" | "two-step") ), "interface" arg ( /* Interface on which to respond to downstream PTP slaves */ c( "unicast-mode" ( /* Configure downstream PTP clock slaves */ c( "transport" ( /* Encapsulation for PTP packet transport */ ("ipv4" | "ipv6") ), "clock-client" ( /* Configure PTP master parameters */ s( arg, "local-ip-address" arg /* IP address of local PTP master interface */, c( "manual" /* This slave does not use unicast negotiation */, "dscp" arg /* IP DSCP value for this stream */, "l2-ifl" ( c( interface_name /* L2 Interface name */, "primary" arg /* Configure primary interface name for the ae bundle */, "secondary" arg /* Configure secondary interface name for the ae bundle */ ) ) ) ) ) ) ), "multicast-mode" ( /* Configure PTP master clock to use multicast frames */ c( "transport" ( /* Encapsulation for PTP packet transport */ c( c( "ieee-802.3" ( /* PTP over 802.3 frames */ sc( "link-local" /* Use link local 802.3 MAC address */ ) ).as(:oneline), "ipv4" /* Use IP as transport */.as(:oneline) ) ) ), "local-priority" arg /* Priority assigned to the port */, "local-ip-address" ( /* IP address on local interface */ ipv4addr /* IP address on local interface */ ), "l2-ifl" arg /* Physical L2 IFL for forwarding on IRB */ ) ), "primary" arg /* Configure primary interface name for the ae bundle */, "secondary" arg /* Configure secondary interface name for the ae bundle */ ) ) ) ), "virtual-port" ( /* Virtual port for the profile */ c( "details" arg /* Description for the virtual port */, "local-priority" arg /* Priority assigned to the port */, "priority1" arg /* Priority1 assigned to the port */, "priority2" arg /* Priority2 assigned to the port */ ) ), "stateful" ( /* PTP stateful parameters */ c( "interface" arg ( /* Interfaces which will set to PTP stateful role */ c( "unicast-mode" ( /* Configure PTP stateful to use unicast frames */ c( "transport" ( /* Encapsulation for PTP packet transport */ ("ipv4" | "ipv6") ), "announce-timeout" arg /* Timeout period for announce messages */, "local-priority" arg /* Priority assigned to the port */, "master-only" /* This interface port cannot be a slave if master-only is set */, "grantor" /* This interface port can be a grantor */, "remote-ip-address" ( /* Configure PTP stateful parameters */ s( arg, "local-ip-address" arg /* Must be IP address on local interface */, c( "asymmetry" arg /* Adjust the slave-to-master delay by value specified in nanoseconds */, "announce-interval" arg /* Log mean interval between announce messages */, "delay-request" arg /* Log mean interval between delay requests */, "sync-interval" arg /* Requested log mean interval between sync messages */, "dscp" arg /* IP DSCP value for this stream */, "grant-duration" arg /* Length of grants in seconds requested during unicast-negotiation */ ) ) ) ) ), "multicast-mode" ( /* Configure PTP stateful clock to use multicast frames */ c( "details" arg /* Description for the interface port */, "slave-candidate" /* This interface port can be a slave candidate */, "transport" ( /* Encapsulation for PTP packet transport */ c( c( "ieee-802.3" ( /* PTP over 802.3 frames */ sc( "link-local" /* Use link local 802.3 MAC address */ ) ).as(:oneline) ) ) ), "announce-timeout" arg /* Timeout period for announce messages */, "announce-interval" arg /* Log mean interval between announce messages */, "delay-request" arg /* Log mean interval between delay requests */, "sync-interval" arg /* Log mean interval between sync messages */, "vlan-id" arg /* Outer VLAN ID to be used for this interface port of form 0xNNNN.vlan-id */, "inner-vlan-id" arg /* Inner VLAN ID to be used for this interface port of form 0xNNNN.vlan-id */, "priority" ( c( c( "dot1q" arg, "dot1ad" ( c( "outer" arg, "inner" arg ) ) ) ) ), "local-priority" arg /* Priority assigned to the port */, "asymmetry" arg /* Adjust the slave-to-master delay by value specified in nanoseconds */, "primary-asymmetry" arg /* Adjust asymmetry for primary interface in slave-to-master */, "secondary-asymmetry" arg /* Adjust asymmetry for secondary slave-to-master delay */ ) ), "primary" arg /* Configure primary interface name for the ae bundle */, "secondary" arg /* Configure secondary interface name for the ae bundle */ ) ) ) ) ) ), "centralized-timing" ( /* Configuring centralized timing options */ c( "traceoptions" ( /* Configure trace information for centralized timing */ timingd_traceoptions /* Configure trace information for centralized timing */ ) ) ), "clock-synchronization" ( /* Configuring parameters common to SyncE and PTP */ c( "traceoptions" ( /* Configure trace information for PTP and synce */ clksync_traceoptions /* Configure trace information for PTP and synce */ ) ) ), "dot1x" ( /* 802.1X options */ juniper_protocols_dot1x /* 802.1X options */ ), "ppp-service" ( /* Configure PPP service */ c( "traceoptions" ( /* Trace options for PPP service */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("accounting-statistics" | "authentication" | "chap" | "events" | "gres" | "init" | "interface-db" | "lcp" | "memory" | "ncp" | "packet-error" | "pap" | "parse" | "profile" | "receive-packets" | "routing-process" | "rtp" | "rtsock" | "session-db" | "smi-services-sentry" | "states" | "transmit-packets" | "tunnel" | "all")) /* Area of PPP service to enable debugging output */.as(:oneline), "filter" ( /* Trace filtering */ c( "aci" arg /* Regular expression to match ACI */, "ari" arg /* Regular expression to match ARI */, "service-name" arg /* Service name */, "underlying-interface" ( /* Underlying interface name */ ("$junos-underlying-interface" | arg) ), "user" ( /* Filter by user name */ c( arg ) ) ) ) ) ), "on-demand-ip-address" /* Enable On-Demand IPv4 address allocation and de-allocation */, "reject-unauthorized-ipv6cp" /* Reject IPv6 NCP if no appropriate IPv6 address or prefix is authorized */, "required-address" ( /* Session address requirement */ c( "ip" /* Terminate session if no appropriate IP address is authorized */ ) ), "pppoe-lcp-options-strict" /* Enforce RFC 2516 MUST requirements for FCS, ACFC and ACCM */, "source-interface-set-at-login" ( /* Generate interface-set name for use during login */ ("svlan") ) ) ), "overlay" ( /* Overlay protocol */ juniper_protocols_overlayd /* Overlay protocol */ ), "vrrp" ( /* VRRP options */ c( "traceoptions" ( /* Trace options for VRRP */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ), "microsecond-stamp" /* Timestamp with microsecond granularity */ ) ).as(:oneline), "flag" enum(("database" | "general" | "interfaces" | "normal" | "packets" | "state" | "timer" | "ppm" | "all")) /* Tracing parameters */.as(:oneline) ) ), "failover-delay" arg /* Additional failover delay timer */, "startup-silent-period" arg /* Period for ignoring master down timer at device startup */, "asymmetric-hold-time" /* Priority hold time asymmetric behaviour */, "delegate-processing" ( /* Switch to distributed PPMD */ c( "ae-irb" /* Enable distributed PPMD for vrrp over AE and IRB */ ) ), "skew-timer-disable" /* Disable the skew timer */, "global-advertisements-threshold" arg /* Number of vrrp advertisements missed before declaring master down */, "inherit-advertisement-interval" arg /* Advertisement interval for inherit sessions */, "version-3" /* VRRPv3 conformance */ ) ), "pgm" ( /* PGM options */ juniper_protocols_pgm /* PGM options */ ), "amt" ( /* AMT configuration */ juniper_protocols_amt /* AMT configuration */ ), "bgp" ( /* BGP options */ juniper_protocols_bgp /* BGP options */ ), "bgpmcast" ( /* BGP multicast options */ juniper_protocols_bgpmcast /* BGP multicast options */ ), "connections" ( /* Circuit cross-connect configuration */ c( "interface-switch" arg ( /* Bidirectional switch between interfaces */ c( "interface" arg /* Interface to be switched */ ) ), "remote-interface-switch" arg ( /* Bidirectional switch between a local and a remote interface */ c( "interface" ( /* Local interface name */ interface_name /* Local interface name */ ), "transmit-lsp" arg /* Name of outgoing label-switched path */, "receive-lsp" arg /* Name of incoming label-switched path */ ) ), "lsp-switch" arg ( /* Unidirectional switch between two label-switched paths */ c( "transmit-lsp" arg /* Name of outgoing label-switched path */, "receive-lsp" arg /* Name of incoming label-switched path */ ) ), "p2mp-transmit-switch" arg ( /* Local interface to point-to-multipoint LSP switch */ c( "input-interface" ( /* Input interface name */ interface_name /* Input interface name */ ), "transmit-p2mp-lsp" arg /* Point-to-multipoint LSP name on which to transmit */, "output-interface" ( /* Outgoing interface name */ interface_name /* Outgoing interface name */ ) ) ), "p2mp-receive-switch" arg ( /* Point-to-multipoint LSP to local interfaces switch */ c( "receive-p2mp-lsp" arg /* Point-to-multipoint LSP name on which to receive */, "output-interface" ( /* Next outgoing interface name */ interface_name /* Next outgoing interface name */ ) ) ) ) ), "dvmrp" ( /* DVMRP options */ c( ("disable"), "traceoptions" ( /* Trace options for DVMRP */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("route" | "poison" | "packets" | "probe" | "report" | "neighbor" | "prune" | "graft" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "rib-group" ( /* Routing table group */ rib_group_inet_type /* Routing table group */ ), "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "interface" arg ( /* DVMRP interface options */ c( ("disable"), "mode" ( /* Mode of interface */ ("forwarding" | "unicast-routing") ), "metric" arg /* DVMRP metric value */, "hold-time" arg /* When neighbors think the interface is down */ ) ) ) ), "esis" ( /* End system-intermediate system options */ juniper_protocols_esis /* End system-intermediate system options */ ), "evpn" ( /* Configuration EVPN default routing instance */ c( "traceoptions" ( /* Trace options for Layer 2 VPNs */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("error" | "topology" | "nlri" | "connections" | "automatic-site" | "oam" | "mac-database" | "nsr" | "egress-protection" | "instance" | "interface" | "l2aldsync" | "p2mp" | "esi" | "mcsn" | "vpws" | "irb" | "ar" | "etree" | "kernel" | "bd" | "pbb" | "infra" | "pfxdb" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "mac-history" arg /* Number of history entries to be maitained per mac */, "mac-list" arg ( /* Configure MAC lists */ c( "mac-address" ( /* MAC address */ mac_addr /* MAC address */ ) ) ), "mac-mobility" ( /* MAC mobility settings */ c( "no-sequence-numbers" /* Don't use sequence numbers for MAC mobility */ ) ), "no-core-isolation" /* Disable EVPN Core isolation */, "es-import-oldstyle" /* Enable noncompliant ES import route-target computation */, "es-label-oldstyle" /* Enable noncompliant ESI 24 bit label */, "encapsulation" ( /* Encapsulation type for EVPN */ ("mpls" | "vxlan" | "mpls-inet6") ), "extended-vlan-list" arg /* List of VLAN identifiers that are to be EVPN extended */, "assisted-replication" ( /* Option to enable Assisted Replication */ c( c( "leaf" ( /* Assisted Replicator Leaf */ c( "replicator-activation-delay" arg /* Dealy interval in starting replication */ ) ), "replicator" ( /* Assisted Replicator */ c( c( "inet" ( /* IPv4 source */ c( ipv4addr /* Assisted Replicator IP address */ ) ) ), "vxlan-encapsulation-source-ip" ( /* VXLAN encapsulation source IP for replicated traffic */ ("ingress-replication-ip") ) ) ) ) ) ), "default-gateway" ( /* Default gateway mode */ ("advertise" | "no-gateway-community" | "do-not-advertise") ), "designated-forwarder-election-hold-time" arg /* Time to wait before electing a DF(seconds) */, "duplicate-mac-detection" ( /* Duplicate MAC detection settings */ c( "detection-threshold" arg /* Number of moves to trigger duplicate MAC detection */, "detection-window" arg /* Time window for detection of duplicate MACs */, "auto-recovery-time" arg /* Automatically unblock duplicate MACs after a time delay */ ) ), "remote-ip-host-routes" ( /* Virtual machine traffic optimization(VMTO) for EVPN */ c( "import" ( /* Policy to control the creation of remote IP host routes */ policy_algebra /* Policy to control the creation of remote IP host routes */ ), "no-advertise-community" /* Don't advertise Type 2 route's community */ ) ), "pmsi-tunnel-endpoint" ( /* IM IR PMSI tunnel Endpoint for remote PE */ ipv4addr /* IM IR PMSI tunnel Endpoint for remote PE */ ), "label-allocation" ( /* Label allocation policy */ ("per-bridge-domain") ), "esi-resolution-per-bridge-domain" /* Enable ESI Resolution Per BD */, "interconnect" ( /* Interconnect */ juniper_protocols_evpn_interconnect /* Interconnect */ ), "multicast-mode" ( /* Multicast mode for EVPN */ ("ingress-replication") ), "vni-options" ( /* Vni options */ juniper_protocols_vni_options /* Vni options */ ), "extended-vni-list" arg /* List of VNI identifiers or all, that are to be EVPN extended */ ) ), "express-segments" ( /* Configuration for Express Segments */ c( "segment-template" arg ( /* Express Segments Template Definition */ c( "admin-group" arg /* Administrative groups */, "admin-group-extended" arg /* Extended administrative groups */, "srlg" arg /* SRLG Name */, "metric" ( /* Metric values for Express Segment Template */ c( "te" arg /* TE metric value */, "igp" arg /* IGP metric value */ ) ) ) ), "segment-set" arg ( /* Express Segments Set Definition */ c( "membership-policy" ( /* Policy for matching specific LSPs to this express segment */ policy_algebra /* Policy for matching specific LSPs to this express segment */ ), "template" ( /* Template for Express Segment Attribute Selection */ c( arg /* Name of Express Segment template */ ) ) ) ), "traffic-engineering" /* Enable Import of all Express Segments into TED */, "traceoptions" ( /* Trace options for Express Segment */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("all" | "error" | "route" | "state")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ) ) ), "igmp" ( /* IGMP options */ c( "traceoptions" ( /* Trace options for IGMP */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("packets" | "query" | "report" | "leave" | "mtrace" | "group" | "client-notification" | "host-notification" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "maximum-transmit-rate" arg /* Maximum transmission rate (packets per second) */, "accounting" /* Enable join and leave event notification */, "interface" ("$junos-interface-name" | arg) ( /* Interface options for IGMP */ c( ("disable"), "version" arg /* Set IGMP version number on this interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "group-increment" ( /* Mask for the incrementing group IP address */ ipv4addr /* Mask for the incrementing group IP address */ ), "group-count" arg /* Number of groups */, "exclude" /* Exclude sources */, "source" arg ( /* IP multicast source address */ c( "source-increment" ( /* Mask for the incrementing source IP address */ ipv4addr /* Mask for the incrementing source IP address */ ), "source-count" arg /* Number of sources */ ) ) ) ) ) ), "ssm-map" arg /* Map for SSM translation of IGMPv1 or IGMPv2 messages */, "ssm-map-policy" ( /* SSM map policy name */ policy_algebra /* SSM map policy name */ ), "immediate-leave" /* Group removed immediately, last membership query not sent */, "promiscuous-mode" /* Accept igmp messages coming from different subnet */, "accounting" /* Enable join and leave event notification */, "no-accounting" /* Don't enable join and leave event notification */, "group-policy" ( /* Group filter applied to incoming IGMP report messages */ policy_algebra /* Group filter applied to incoming IGMP report messages */ ), "group-limit" arg /* Maximum number of (source,group) per interface */, "group-threshold" arg /* Percentage of limit at which to generate warnings */, "log-interval" arg /* Time between consecutive log messages */, "passive" ( /* Suppress sending and receiving IGMP messages */ sc( "allow-receive" /* Allow receiving IGMP messages */, "send-general-query" /* Send IGMP general query messages */, "send-group-query" /* Send IGMP group query messages */ ) ).as(:oneline), "oif-map" ( /* Output interface map */ policy_algebra /* Output interface map */ ), "distributed" /* Distributed IGMP interface */ ) ), "amt" ( /* Automatic Multicast Tunnel options for IGMP */ c( "relay" ( /* AMT relay options for IGMP */ c( "defaults" ( /* Default AMT relay options for IGMP */ c( "version" arg /* Set IGMP version number on AMT interfaces */, "ssm-map" arg /* Map for SSM translation of IGMPv1 or IGMPv2 messages */, "ssm-map-policy" ( /* SSM map policy name */ policy_algebra /* SSM map policy name */ ), "accounting" /* Enable join and leave event notification */, "no-accounting" /* Don't enable join and leave event notification */, "group-policy" ( /* Group filter applied to incoming IGMP report messages */ policy_algebra /* Group filter applied to incoming IGMP report messages */ ), "group-limit" arg /* Maximum number of (source,group) per interface */, "group-threshold" arg /* Percentage of limit at which to generate warnings */, "log-interval" arg /* Time between consecutive log messages */, "robust-count" arg /* Expected packet loss on a subnet */, "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */ ) ) ) ) ) ) ) ), "router-discovery" ( /* ICMP router discovery options */ juniper_protocols_router_discovery /* ICMP router discovery options */ ), "isis" ( /* IS-IS options */ juniper_protocols_isis /* IS-IS options */ ), "isis-instance" arg ( /* Multi-instance IS-IS configuration */ c( "interface" arg ( /* Interface configuration */ c( "ldp-synchronization" ( /* Advertise maximum metric until LDP is operational */ ldp_sync_obj /* Advertise maximum metric until LDP is operational */ ), "level" arg ( /* Configure levels on this interface */ c( "te-metric" arg /* Traffic engineering metric */, "no-advertise-adjacency-segment" /* Do not advertise an adjacency segment for this level */, "ipv4-adjacency-segment" ( /* Configure ipv4 adjacency segment */ c( "protected" ( /* Adjacency SID is eligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline), "unprotected" ( /* Adjacency SID uneligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline) ) ), "ipv6-adjacency-segment" ( /* Configure ipv6 adjacency segment */ c( "protected" ( /* Adjacency SID is eligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline), "unprotected" ( /* Adjacency SID uneligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline) ) ), "srm6-adjacency-segment" ( /* Configure srm6 adjacency segment */ c( "unprotected" ( /* Adjacency SID uneligible for protection */ sc( "sid" arg /* Set Adjacency SID Value */ ) ).as(:oneline) ) ), "srv6-adjacency-segment" ( /* Configure srv6 adjacency segment */ c( "protected" ( /* SRv6 Adjacency segment is eligible for protection */ c( "locator" arg ( /* Locator to bind SRv6 adjacency segment */ c( "end-x-sid" arg ( /* Endpoint 128 bit address */ c( "flavor" ( c( "psp" /* Penultimate segment pop of the SRH */, "usp" /* Ultimate segment pop of the SRH */, "usd" /* Ultimate segment decapsulation */ ) ) ) ) ) ) ) ), "unprotected" ( /* SRv6 Adjacency segment is uneligible for protection */ c( "locator" arg ( /* Locator to bind SRv6 adjacency segment */ c( "end-x-sid" arg ( /* Endpoint 128 bit address */ c( "flavor" ( c( "psp" /* Penultimate segment pop of the SRH */, "usp" /* Ultimate segment pop of the SRH */, "usd" /* Ultimate segment decapsulation */ ) ) ) ) ) ) ) ) ) ), "lan-neighbor" arg ( /* Configuration specific to a LAN neighbor */ c( "ipv4-adjacency-segment" ( /* Configure ipv4 adjacency segment */ c( "protected" ( /* Adjacency SID is eligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline), "unprotected" ( /* Adjacency SID uneligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline) ) ), "ipv6-adjacency-segment" ( /* Configure ipv6 adjacency segment */ c( "protected" ( /* Adjacency SID is eligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline), "unprotected" ( /* Adjacency SID uneligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline) ) ), "srm6-adjacency-segment" ( /* Configure srm6 adjacency segment */ c( "unprotected" ( /* Adjacency SID uneligible for protection */ sc( "sid" arg /* Set Adjacency SID Value */ ) ).as(:oneline) ) ), "srv6-adjacency-segment" ( /* Configure srv6 adjacency segment */ c( "protected" ( /* SRv6 Adjacency segment is eligible for protection */ c( "locator" arg ( /* Locator to bind SRv6 adjacency segment */ c( "end-x-sid" arg ( /* Endpoint 128 bit address */ c( "flavor" ( c( "psp" /* Penultimate segment pop of the SRH */, "usp" /* Ultimate segment pop of the SRH */, "usd" /* Ultimate segment decapsulation */ ) ) ) ) ) ) ) ), "unprotected" ( /* SRv6 Adjacency segment is uneligible for protection */ c( "locator" arg ( /* Locator to bind SRv6 adjacency segment */ c( "end-x-sid" arg ( /* Endpoint 128 bit address */ c( "flavor" ( c( "psp" /* Penultimate segment pop of the SRH */, "usp" /* Ultimate segment pop of the SRH */, "usd" /* Ultimate segment decapsulation */ ) ) ) ) ) ) ) ) ) ) ) ), "post-convergence-lfa" ( /* Configure backup along post convergence on this interface */ c( "node-protection" ( /* Enable node protection */ c( "cost" arg /* Cost for node protection */ ) ), "srlg-protection" /* Enable srlg protection */, "fate-sharing-protection" /* Enable fate-sharing protection */ ) ), ("disable"), "metric" arg /* Metric for this level */, "ipv4-multicast-metric" arg /* IPv4 multicast metric for this level */, "ipv6-unicast-metric" arg /* IPv6 unicast metric for this level */, "ipv6-multicast-metric" arg /* IPv6 multicast metric for this level */, "topology" enum(("default" | "ipv4-multicast" | "ipv6-unicast" | "ipv6-multicast")) ( /* Topology specific attributes */ c( "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ), "authentication-key" ( /* Authentication key (password) */ unreadable /* Authentication key (password) */ ), "authentication-type" ( /* Authentication type */ ("md5" | "simple") ), "hello-authentication-key" ( /* Authentication key (password) for hello packets */ unreadable /* Authentication key (password) for hello packets */ ), "hello-authentication-type" ( /* Authentication type for hello packets */ ("md5" | "simple") ), "hello-authentication-key-chain" arg /* Key chain name */, "hello-interval" arg /* Interval between hello packet transmissions */, "hold-time" arg /* Time after which neighbors think the interface is down */, "priority" arg /* Designated router election priority */, "flood-reflector" ( /* Configure interface as flood-reflector */ c( "cluster-id" arg /* Cluster-ID */ ) ), "passive" ( /* Do not run IS-IS at this level, but advertise it */ c( "remote-node-iso" ( /* ISO System-ID of the remote node */ sysid /* ISO System-ID of the remote node */ ), "remote-node-id" ( /* Remote address of the link */ ipv4addr /* Remote address of the link */ ) ) ) ) ), "delay-metric" arg /* Delay metric */, "delay-measurement" ( /* Enable delay measurement */ c( "probe-interval" arg /* Probe interval */, "probe-count" arg /* Probe count */, "advertisement" ( /* Delay advertisement */ c( "periodic" ( /* Periodic advertisement parameters */ c( "threshold" arg /* Threshold */, "interval" arg /* Interval */ ) ), "accelerated" ( /* Accelerated advertisement parameters */ c( "threshold" arg /* Threshold */ ) ) ) ) ) ), "no-advertise-adjacency-segment" /* Do not advertise an adjacency segment for this interface */, "auto-bandwidth" ( /* Auto bandwidth configuration */ c( "template-name" arg /* Auto bandwidth template name */, ("disable") ) ), c( "link-protection" /* Protect interface from link faults only */, "node-link-protection" /* Protect interface from both link and node faults */ ), "no-eligible-backup" /* Not eligible for backup traffic from protected interfaces */, "no-eligible-remote-backup" /* Not eligible for Remote-LFA backup traffic from protected interfaces */, "link-degradation-threshold" ( /* Link up and down thresholds (in %) for proactive link protection */ sc( "link-down" arg /* Signal degradation threshold above which link marked down */, "link-up" arg /* Signal degradation threshold below which link is marked up. */ ) ).as(:oneline), ("disable"), "authentication-key" ( /* Authentication key (password) */ unreadable /* Authentication key (password) */ ), "authentication-type" ( /* Authentication type */ ("md5" | "simple") ), "flood-group" arg /* ISO Area that this interface should send LSPs to */, "hello-authentication-key" ( /* Authentication key (password) for hello packets */ unreadable /* Authentication key (password) for hello packets */ ), "hello-authentication-type" ( /* Authentication type for hello packets */ ("md5" | "simple") ), "hello-padding-type" ( /* Type of padding for hello packets */ ("strict" | "adaptive" | "loose" | "disable") ), "interface-group-holddown-delay" arg /* Time to wait before including in BBM calculation */, "layer2-map" /* Kernel ARP/ND creation for nexthops */, "no-layer2-map" /* Don't kernel ARP/ND creation for nexthops */, "max-hello-size" arg /* Maximum size allowed for ISIS Hello PDUs */, "lsp-interval" arg /* Interval between LSP transmissions */, "csnp-interval" ( /* Rate of CSN packets (for LAN interfaces only) */ sc( c( arg, "disable" /* Do not send CSN packets on this interface */ ) ) ).as(:oneline), "strict-dual-isis" ( /* Ensure both ipv4 and ipv6 connectivity for adjacencies on this interface */ c( "holdown" arg /* Set the holddown timer for strict spf computation */ ) ), "mesh-group" ( /* Add the interface to a mesh group */ sc( c( arg /* Mesh group number for this interface */, "blocked" /* Do not flood new LSPs on this interface */ ) ) ).as(:oneline), "point-to-point" /* Treat interface as point to point */, "passive" ( /* Do not run IS-IS, but advertise it */ c( "remote-node-iso" ( /* ISO System-ID of the remote node */ sysid /* ISO System-ID of the remote node */ ), "remote-node-id" ( /* Remote address of the link */ ipv4addr /* Remote address of the link */ ) ) ), "checksum" /* Enable checksum for packets on this interface */, "no-unicast-topology" /* Do not include this interface in the unicast topology */, "no-ipv4-multicast" /* Do not include this interface in the IPv4 multicast topology */, "no-ipv6-unicast" /* Do not include this interface in the IPv6 unicast topology */, "no-ipv6-multicast" /* Do not include this interface in the IPv6 multicast topology */, "no-adjacency-down-notification" /* Do not inform other protocols about adjacency down events */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ) ) ), "family" enum(("inet" | "inet6")) ( /* Address family specific interface attributes */ c( "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ) ) ) ) ) ) ), "source-packet-routing" ( /* Enable Source Packet Routing (SPRING) */ c( "adjacency-segment" ( /* Configure attributes for Adjacency Segments in SPRING */ c( "hold-time" arg /* Duration(ms) for which adjacency segments will be retained after isolating from an interface */ ) ), "udp-tunneling" ( /* Enable SR over UDP feature */ c( "encapsulation" /* Enable UDP Tunnel Encapsulation */, "decapsulation" /* Enable UDP Tunnel decapsulation */ ) ), "srgb" ( /* Set the SRGB global block in SPRING */ sc( "start-label" arg /* Start range for SRGB label block */, "index-range" arg /* Index to the SRGB start label block */ ) ).as(:oneline), "node-segment" ( /* Enable support for Node segments in SPRING */ c( "ipv4-index" arg /* Set IPv4 Node Segment index */, "ipv6-index" arg /* Set IPv6 Node Segment index */, "index-range" arg /* Set Range of Node Segment indices allowed */ ) ), "flex-algorithm" arg /* Flex-algorithms we would like to participate in */, "use-flex-algorithm-metric-always" /* Use flex-algo prefix metric whenever available */, "new-capability-subtlv" /* Advertise all ranges in single spring capability subtlv */, "explicit-null" /* Set E and P bits in all Prefix SID advertisements */, "mapping-server" arg /* Mapping server name */, "no-strict-spf" /* Disable strict spf algo 1 advertisement */, "ldp-stitching" /* Enable SR to LDP stitching */, "srv6" ( /* Enable IPv6 Segment Routing (SRv6) */ c( "locator" arg ( /* SRv6 Locator */ c( "end-sid" arg ( c( "flavor" ( c( "psp" /* Penultimate segment pop of the SRH */, "usp" /* Ultimate segment pop of the SRH */, "usd" /* Ultimate segment decapsulation */ ) ) ) ) ) ) ) ), "sensor-based-stats" ( /* Configure sensor based stats in SPRING */ c( "per-interface-per-member-link" ( /* Configure sensor based stats per nexthop */ sc( "ingress" /* Enable sensor based stats on ingress interface */, "egress" /* Enable sensor based stats on egress interface */ ) ).as(:oneline), "per-sid" ( /* Configure sensor based stats per spring route */ sc( "ingress" /* Enable sensor based stats for per-sid ingress accounting */, "egress" /* Enable sensor based stats for IP-MPLS egress accounting */ ) ).as(:oneline) ) ), "traffic-statistics" ( /* Enable support for traffic statistics in SPRING */ c( "statistics-granularity" ( /* Granularity for traffic statistics in SPRING */ c( "per-interface" /* Interface Based traffic statistics in SPRING */ ) ), "auto-bandwidth" arg /* Auto bandwidth name */ ) ) ) ), "srm6" ( /* Enable SRm6 */ c( "sid" ( /* Configure attributes for SID in srm6 */ c( arg, "address" ( /* IPv6 address corresponding to SID */ ipv6addr /* IPv6 address corresponding to SID */ ) ) ) ) ), "level" arg ( /* Configure global level attributes */ c( "labeled-preference" arg /* Preference of labeled IS-IS routes */, "srv6-preference" arg /* Preference of SRV6 IS-IS routes */, "flex-algorithm-preference" arg /* Preference of flex-algorithm L-ISIS routes */, "source-packet-routing" ( /* Enable Source Packet Routing (SPRING) */ c( ("disable"), "srms-preference" arg /* Set SRMS preference value */ ) ), ("disable"), "authentication-key" ( /* Authentication key (password) */ unreadable /* Authentication key (password) */ ), "authentication-type" ( /* Authentication type */ ("md5" | "simple") ), "purge-originator" ( /* Add Purge Originator information */ ("self" | "empty") ), "no-hello-authentication" /* Disable authentication for hello packets */, "no-csnp-authentication" /* Disable authentication for CSN packets */, "no-psnp-authentication" /* Disable authentication for PSN packets */, "authentication-key-chain" arg /* Key chain name */, "wide-metrics-only" /* Generate wide metrics only */, "preference" arg /* Preference of internal routes */, "external-preference" arg /* Preference of external routes */, "prefix-export-limit" arg /* Maximum number of external prefixes that can be exported */, "flood-reflector" ( /* Enable flood-reflector */ c( "reflector" ( /* Configure this as a flood-reflector */ c( "cluster-id" arg /* Cluster-ID */ ) ), "client" /* Configure interface as flood-reflector client */ ) ) ) ), "interface-group" arg ( /* Interface grouping configuration */ c( "level" arg ( /* Configure levels on this interface-group */ c( "ipv4-adjacency-segment" ( /* Configure ipv4 adjacency segment */ c( "protected" ( /* Adjacency SID is eligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline), "unprotected" ( /* Adjacency SID uneligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline) ) ), "ipv6-adjacency-segment" ( /* Configure ipv6 adjacency segment */ c( "protected" ( /* Adjacency SID is eligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline), "unprotected" ( /* Adjacency SID uneligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline) ) ), "srm6-adjacency-segment" ( /* Configure srm6 adjacency segment */ c( "unprotected" ( /* Adjacency SID uneligible for protection */ sc( "sid" arg /* Set Adjacency SID Value */ ) ).as(:oneline) ) ), "topology" enum(("default" | "ipv4-multicast" | "ipv6-unicast" | "ipv6-multicast")) ( /* Topology specific attributes */ c( "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ) ) ), "link-group-protection" ( /* Configure link group protection */ c( "minimum-bandwidth" arg /* Minimum bandwidth to carry traffic */, "revert-bandwidth" arg /* Revert bandwidth to carry traffic */ ) ), "interface" arg ( /* List interfaces for this group */ c( "weight" arg /* Interface weight for adjacency set */ ) ) ) ), "traceoptions" ( /* Trace options for IS-IS */ c( "flag" enum(("traffic-statistics" | "post-convergence-lfa" | "error" | "spf" | "packets" | "hello" | "lsp" | "psn" | "csn" | "layer2-map" | "lsp-generation" | "graceful-restart" | "ldp-synchronization" | "nsr-synchronization" | "spring" | "prefix-sid" | "flex-algorithm" | "adj-sid" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "srv6" | "rmopd" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline), "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline) ) ), "backup-spf-options" ( /* Configure backup SPF attributes */ c( "remote-backup-calculation" /* Calculate Remote LFA backup nexthops */, "use-post-convergence-lfa" ( /* Calculate Post Convergence Backup Nexthops */ c( "maximum-labels" arg /* Set maximum number of label supported for post convergence path calculations */, "maximum-backup-paths" arg /* Set maximum equal cost backup post convergence paths */ ) ), "use-source-packet-routing" /* Use SPRING routed paths for protection */, "per-prefix-calculation" /* Calculate backup nexthops for non-best prefix originators */, "node-link-degradation" /* Degrade to link protection when nodelink protection not available */ ) ), "context-identifier" arg ( /* Configuration for advertisement of a context-identifier */ c( "level" arg ( /* Configure global level attributes */ c( ("disable") ) ) ) ), "traffic-engineering" ( /* Configure traffic engineering attributes */ c( ("disable"), "l3-unicast-topology" /* Download IGP topology into TED */, "ipv6" /* Enable TEDv6 */, "credibility-protocol-preference" /* Follow IGP protocol preference for TED protocol credibility */, "ipv4-multicast-rpf-routes" /* Install IPv4 routes for multicast RPF checks into inet.2 */, "ignore-lsp-metrics" /* Ignore label-switched path metrics when doing shortcuts */, "tunnel-source-protocol" ( /* Protocols from which to pick label-switched paths */ c( "rsvp" ( /* Pick label-switched paths from rsvp */ c( "preference" arg /* Preference for label-switched paths from this protocol */ ) ), "spring-te" ( /* Pick label-switched paths from spring-te */ c( "preference" arg /* Preference for label-switched paths from this protocol */ ) ) ) ), "family" enum(("inet" | "inet6" | "inet-mpls" | "inet6-mpls")) ( /* Address family specific traffic-engineering attributes */ c( "shortcuts" ( /* Use label-switched paths as next hops, if possible */ c( "multicast-rpf-routes" /* Install routes for multicast RPF checks into multicast RIB */, "import" ( /* Import policy for shortcut */ policy_algebra /* Import policy for shortcut */ ) ) ) ) ), "shortcuts" ( /* Use label-switched paths as next hops, if possible */ c( "ignore-lsp-metrics" /* Ignore label-switched path metrics when doing shortcuts */ ) ), "multipath" ( /* Configure label-switched-path multipath behavior */ c( "lsp-equal-cost" /* Include equal cost label-switched-paths */ ) ), "advertisement" ( /* Configure traffic engineering attribute advertisements */ c( "always" /* Advertise applicable legacy TE attributes always */, "application-specific" ( /* Advertise application-specific TE attributes */ c( "all-applications" ( /* Advertise common application-specific link attributes */ c( "legacy" /* Use legacy TE attributes for this application */ ) ) ) ) ) ) ) ), "label-switched-path" arg ( /* Configuration for advertisement of a label-switched path */ c( "level" arg ( /* Configure global level attributes */ c( ("disable"), "metric" arg /* SPF metric for this level */ ) ) ) ), ("disable"), "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "reference-bandwidth" arg /* Bandwidth for calculating metric defaults */, "layer2-map" /* Kernel ARP/ND creation for nexthops */, "no-layer2-map" /* Don't kernel ARP/ND creation for nexthops */, "job-stats" /* Collect job statistics */, "lsp-lifetime" arg /* Lifetime of LSPs */, "max-lsp-size" arg /* Maximum size allowed for LSPs */, "max-hello-size" arg /* Maximum size allowed for ISIS Hello PDUs */, "max-snp-size" arg /* Maximum size allowed for Sequence Number (Complete/Partial) PDUs */, "spf-delay" arg /* Time to wait before running an SPF */, "authentication-key" ( /* Authentication key (password) */ unreadable /* Authentication key (password) */ ), "authentication-type" ( /* Authentication type */ ("md5" | "simple") ), "loose-authentication-check" /* Verify authentication only if PDU has authentication TLV */, "max-areas" arg /* Maximum number of advertised Areas */, "no-authentication-check" /* Disable authentication checking */, "no-ipv4-routing" /* Disable IPv4 routing */, "no-ipv6-routing" /* Disable IPv6 routing */, "clns-routing" /* Enable CLNS routing */, "clns-updown-compatibility" /* Set the Up/Down Bit in place of the I/E bit in CLNS TLVs */, "no-adjacency-holddown" /* Disable adjacency hold down */, "multicast-topology" /* Enable multicast topology */, "ignore-attached-bit" /* Ignore the attached bit in Level 1 LSPs */, "rib-group" ( /* Routing table group for importing IS-IS routes */ rib_group_type /* Routing table group for importing IS-IS routes */ ), "strict-dual-isis" ( /* Ensure both ipv4 and ipv6 connectivity for all adjacencies */ c( "holdown" arg /* Set the holddown timer for strict spf computation */ ) ), "spf-options" ( /* Configure SPF attributes */ c( "delay" arg /* Time to wait before running an SPF */, "holddown" arg /* Time to hold down before running an SPF */, "rapid-runs" arg /* Number of rapid SPF runs before SPF holddown */, "multipath" ( /* Configure multipath options */ c( "weighted" ( /* Weighted multipath options */ c( "one-hop" /* Enable load balancing on onehop multipath based on interface bandwidth */ ) ) ) ), "microloop-avoidance" ( /* Configure microloop avoidance mechanisms */ c( "post-convergence-path" ( /* Temporarily install post-convergence path for routes potentially affected by microloops */ c( "delay" arg /* Time after which temporary post-convergence paths are removed */ ) ) ) ) ) ), "topologies" ( /* Enable topologies */ c( "ipv4-multicast" /* Enable IPv4-multicast topology */, "ipv6-unicast" /* Enable IPv6-unicast topology */, "ipv6-multicast" /* Enable IPv6-multicast topology */ ) ), "overload" ( /* Set the overload bit (no transit traffic) */ c( "timeout" arg /* Time after which overload bit is reset */, "advertise-high-metrics" /* Advertise high metrics instead of setting the overload bit */, "allow-route-leaking" /* Allow routes to be leaked when overload is configured */, "internal-prefixes" /* Allow internal prefixes to be advertised with high metric */, "external-prefixes" /* Allow external prefixes to be advertised with high metric */ ) ), "graceful-restart" ( /* IS-IS graceful restart options */ sc( ("disable"), "helper-disable" /* Disable graceful restart helper capability */, "restart-duration" arg /* Maximum time for graceful restart to finish */ ) ).as(:oneline) ) ), "l2iw" ( /* Configuration for Layer 2 interworking */ c( "traceoptions" ( /* Trace options for Layer 2 circuits */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("error" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ) ) ), "l2circuit" ( /* Configuration for Layer 2 circuits over MPLS */ c( "traceoptions" ( /* Trace options for Layer 2 circuits */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("error" | "topology" | "fec" | "connections" | "oam" | "egress-protection" | "auto-sensing" | "sdb" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "neighbor" arg ( /* List of Layer 2 circuits to this neighbor */ c( "interface" arg ( /* Interface forming the Layer 2 circuit */ c( "static" ( /* Configuration of static Pseudowire */ c( "incoming-label" arg /* Layer 2 circuit incoming static label */, "outgoing-label" arg /* Layer 2 circuit outgoing static label */, "send-oam" /* Turn on sending of l2ckt ping */ ) ), "psn-tunnel-endpoint" ( /* Endpoint of the transport tunnel on the remote PE */ ipv4addr /* Endpoint of the transport tunnel on the remote PE */ ), "protect-interface" ( /* Name of protect interface */ interface_name /* Name of protect interface */ ), "virtual-circuit-id" arg /* Identifier for this Layer 2 circuit */, "description" arg /* Text description of Layer 2 circuit */, "control-word" /* Add control word to the Layer 2 encapsulation */, "no-control-word" /* Don't add control word to the Layer 2 encapsulation */, "flow-label-transmit" /* Advertise capability to push Flow Label in transmit direction to remote PE */, "flow-label-transmit-static" /* Push Flow Label on PW packets sent to remote PE */, "flow-label-receive" /* Advertise capability to pop Flow Label in receive direction to remote PE */, "flow-label-receive-static" /* Pop Flow Label from PW packets received from remote PE */, "community" arg /* Community associated with this Layer 2 circuit */, "mtu" arg /* MTU to be advertised for this Layer 2 circuit */, "encapsulation-type" ( /* Encapsulation type for VPN */ ("atm-aal5" | "atm-cell" | "atm-cell-port-mode" | "atm-cell-vp-mode" | "atm-cell-vc-mode" | "frame-relay" | "ppp" | "cisco-hdlc" | "ethernet-vlan" | "ethernet" | "interworking" | "frame-relay-port-mode" | "satop-t1" | "satop-e1" | "satop-t3" | "satop-e3" | "cesop") ), "ignore-encapsulation-mismatch" /* Allow different encapsulation types on local and remote end */, "ignore-mtu-mismatch" /* Allow different MTUs on interfaces */, "no-revert" /* Don't revert to primary-interface */, "bandwidth" ( /* Bandwidth to reserve (bps) */ bandwidth_type /* Bandwidth to reserve (bps) */ ), "send-ip-addr-list-tlv" /* Send IP ADDR LIST TLV to remote side */, "pseudowire-status-tlv" ( /* Send pseudowire status TLV */ c( "hot-standby-vc-on" /* Activate pseudowire upon arrival of 'hot-standby' status TLV message */ ) ), "switchover-delay" arg /* Layer 2 circuit switchover delay */, "revert-time" ( /* Enable pseudowire redundancy reversion */ sc( arg, "maximum" arg /* Maximum reversion interval to add over revert-time delay */ ) ).as(:oneline), "connection-protection" /* End-2-end protection via OAM failure detection */, "backup-neighbor" arg ( /* Configuration of redundant l2circuit */ c( "static" ( /* Configuration of static Pseudowire */ c( "incoming-label" arg /* Layer 2 circuit incoming static label */, "outgoing-label" arg /* Layer 2 circuit outgoing static label */ ) ), "virtual-circuit-id" arg /* Identifier for this Layer 2 circuit */, "community" arg /* Community associated with this Layer 2 circuit */, "psn-tunnel-endpoint" ( /* Endpoint of the transport tunnel on the remote PE */ ipv4addr /* Endpoint of the transport tunnel on the remote PE */ ), "standby" /* Keep backup pseudowire in continuous standby */, "hot-standby" /* Keep backup pseudowire in continuous standby mode and ready for traffic forwarding */ ) ), "oam" ( /* OAM Configuration for Layer 2 circuit */ c( "ping-interval" arg /* Time interval between ping messages */, "ping-multiplier" arg /* Number of ping reply missed before declaring BFD down */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ) ) ) ) ), "egress-protection" ( /* Egress protection for Layer 2 circuit */ c( c( "protector-interface" ( /* Name of the protector interface for local protection */ interface_name /* Name of the protector interface for local protection */ ), "protector-pe" ( /* Address of the protector PE */ sc( ipv4addr /* Address of the protector PE */, "context-identifier" ( /* Identifier of the context used for this protection */ ipv4addr /* Identifier of the context used for this protection */ ), "lsp" arg /* Name of the label-switched path used for the protection */ ) ).as(:oneline) ), "protected-l2circuit" ( /* Primary Layer 2 circuit to be protected */ sc( arg /* Name of the protected Layer 2 circuit */, "ingress-pe" ( /* Ingress PE address of the protected Layer 2 circuit */ ipv4addr /* Ingress PE address of the protected Layer 2 circuit */ ), "egress-pe" ( /* Egress PE address of the protected Layer 2 circuit */ ipv4addr /* Egress PE address of the protected Layer 2 circuit */ ), "virtual-circuit-id" arg /* Identifier of the protected Layer 2 circuit */ ) ).as(:oneline) ) ) ) ) ) ), "local-switching" ( /* Configuration of Layer 2 circuits local switching */ c( "interface" arg ( /* Interface forming the local Layer 2 circuit */ c( "no-revert" /* Do not revert to primary-interface */, "protect-interface" ( /* Name of protect interface */ interface_name /* Name of protect interface */ ), "connection-protection" /* End-2-end protection via OAM failure detection */, "neighbor" arg ( /* Configuration of Layer 2 circuit */ c( "virtual-circuit-id" arg /* Identifier for this Layer 2 circuit */, "community" arg /* Community associated with this Layer 2 circuit */, "psn-tunnel-endpoint" ( /* Endpoint of the transport tunnel on the neighbor PE */ ipv4addr /* Endpoint of the transport tunnel on the neighbor PE */ ), "mtu" arg /* MTU to be advertised for this Layer 2 circuit */ ) ), "backup-neighbor" arg ( /* Configuration of redundant l2circuit */ c( "virtual-circuit-id" arg /* Identifier for this Layer 2 circuit */, "psn-tunnel-endpoint" ( /* Endpoint of the transport tunnel on the backup neighbor PE */ ipv4addr /* Endpoint of the transport tunnel on the backup neighbor PE */ ), "community" arg /* Community associated with this Layer 2 circuit */, "mtu" arg /* MTU to be advertised for this Layer 2 circuit */ ) ), "end-interface" ( /* Interface name of the other end point */ c( "interface" ( /* Interface name */ interface_name /* Interface name */ ), "no-revert" /* Do not revert to primary-interface */, "protect-interface" ( /* Name of protect interface */ interface_name /* Name of protect interface */ ), "backup-interface" ( /* Name of backup interface */ interface_name /* Name of backup interface */ ) ) ), "description" arg /* Text description of Layer 2 circuit */, "encapsulation-type" ( /* Encapsulation type for VPN */ ("atm-aal5" | "atm-cell" | "atm-cell-port-mode" | "atm-cell-vp-mode" | "atm-cell-vc-mode" | "frame-relay" | "ppp" | "cisco-hdlc" | "ethernet-vlan" | "ethernet" | "interworking" | "frame-relay-port-mode" | "satop-t1" | "satop-e1" | "satop-t3" | "satop-e3" | "cesop") ), "ignore-encapsulation-mismatch" /* Allow different encapsulation types on local and remote end */, "ignore-mtu-mismatch" /* Allow different MTUs on interfaces */ ) ) ) ), "auto-sensing" ( /* Configuration of PW auto-sensing */ c( "password" ( /* Password for authentication with Radius server; 1 to 15 characters long */ unreadable /* Password for authentication with Radius server; 1 to 15 characters long */ ) ) ), "resolution" ( /* Configuration of PW nexthop resolution */ c( "preserve-nexthop-heirarchy" /* Install expanded heirarchy */ ) ) ) ), "l2vpn" ( /* Configuration for Layer 2 VPN circuits over MPLS */ c( "resolution" ( /* Configuration of PW nexthop resolution */ c( "preserve-nexthop-heirarchy" /* Install expanded heirarchy */ ) ) ) ), "vpls" ( /* Configuration for global vpls module */ c( "static-vpls" ( /* Enables static vpls configuration using no-tunnel-services */ c( "no-tunnel-services" /* Enables static partitioning of vpls labels */ ) ) ) ), "ldp" ( /* LDP options */ juniper_protocols_ldp /* LDP options */ ), "link-management" ( /* LMP options */ juniper_protocols_lmp /* LMP options */ ), "mld" ( /* MLD options */ c( "traceoptions" ( /* Trace options for MLD */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("packets" | "query" | "report" | "leave" | "mtrace" | "group" | "client-notification" | "host-notification" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "maximum-transmit-rate" arg /* Maximum transmission rate (packets per second) */, "accounting" /* Enable join and leave event notification */, "interface" ("$junos-interface-name" | arg) ( /* Interface options for MLD */ c( ("disable"), "version" arg /* Set mld version number on this interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "group-increment" ( /* Mask for the incrementing group IP address */ ipv6addr /* Mask for the incrementing group IP address */ ), "group-count" arg /* Number of groups */, "exclude" /* Exclude sources */, "source" arg ( /* IP multicast source address */ c( "source-increment" ( /* Mask for the incrementing source IP address */ ipv6addr /* Mask for the incrementing source IP address */ ), "source-count" arg /* Number of sources */ ) ) ) ) ) ), "ssm-map" arg /* Map for ssm translation of mld v1 messages */, "ssm-map-policy" ( /* SSM map policy name */ policy_algebra /* SSM map policy name */ ), "immediate-leave" /* Group removed immediately, last membership query not sent */, "group-policy" ( /* Group filter applied to incoming mld report messages */ policy_algebra /* Group filter applied to incoming mld report messages */ ), "group-limit" arg /* Maximum number of (source,group) per interface */, "group-threshold" arg /* Percentage of group-limit at which to start generating warnings */, "log-interval" arg /* Time between consecutive log messages */, "accounting" /* Enable join and leave event notification */, "no-accounting" /* Don't enable join and leave event notification */, "passive" ( /* Suppress sending and receiving mld messages */ sc( "allow-receive" /* Allow receiving mld messages */, "send-general-query" /* Send mld general query messages */, "send-group-query" /* Send mld group query messages */ ) ).as(:oneline), "oif-map" ( /* Output interface map */ policy_algebra /* Output interface map */ ), "distributed" /* Distributed MLD interface */ ) ) ) ), "mpls" ( /* Multiprotocol Label Switching options */ juniper_protocols_mpls /* Multiprotocol Label Switching options */ ), "msdp" ( /* MSDP configuration */ juniper_protocols_msdp /* MSDP configuration */ ), "mvpn" ( /* BGP-MVPN configuration */ juniper_protocols_mvpn /* BGP-MVPN configuration */ ), "ospf" ( /* OSPF configuration */ juniper_protocols_ospf /* OSPF configuration */ ), "ospf3" ( /* OSPFv3 configuration */ juniper_protocols_ospf3 /* OSPFv3 configuration */ ), "pim" ( /* PIM configuration */ juniper_protocols_pim /* PIM configuration */ ), "ripng" ( /* RIPng options */ juniper_protocols_ripng /* RIPng options */ ), "rip" ( /* RIP options */ juniper_protocols_rip /* RIP options */ ), "rsvp" ( /* RSVP options */ juniper_protocols_rsvp /* RSVP options */ ), "sap" ( /* Session Advertisement Protocol options */ c( ("disable"), "listen" arg ( /* Address for SAP and SDP to listen on */ sc( "port" arg /* Port to listen for session advertisements */ ) ).as(:oneline) ) ), "source-packet-routing" ( /* Enable source packet routing (SPRING) */ c( "traceoptions" ( /* Trace options for soure-packet-routing */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("controller" | "state" | "route" | "general" | "interface" | "dtm" | "bfd" | "translation" | "telemetry-statistics" | "compute" | "nsr-replication" | "all")) ( /* Tracing parameters */ sc( "detail" /* Trace detailed information */ ) ).as(:oneline) ) ), "lsp-external-controller" arg /* External path computing entity */, "preference" arg /* Route preference for SPRING-TE routes */, "sr-preference-override" arg /* SR-preference override for static SR-policies.Higher value is more preferred */, "sr-preference" arg /* SR-preference for static SR-policies.Higher value is more preferred */, "maximum-segment-list-depth" arg /* Maximum segment list depth for SR-TE policies */, "no-chained-composite-next-hop" /* Do not use chained composite next hops for SRTE routes */, "tunnel-tracking" /* Track route status for first hop label based tunnels */, "segment-list" arg ( /* Explicit path for SR-TE segments */ c( "inherit-label-nexthops" /* Inherit label nexthops for first hop in this segment list */, c( "auto-translate" ( /* Enable auto translation from IP address to labels */ c( c( "protected" ( /* Choose protected labels if available */ c( "mandatory" /* Mandatorily choose protected labels */ ) ), "unprotected" ( /* Choose unprotected labels if available */ c( "mandatory" /* Mandatorily choose unprotected labels */ ) ) ) ) ), "dynamic" ( /* Enable dynamic last hop computation */ c( c( "protected" ( /* Choose protected labels if available */ c( "mandatory" /* Mandatorily choose protected labels */ ) ), "unprotected" ( /* Choose unprotected labels if available */ c( "mandatory" /* Mandatorily choose unprotected labels */ ) ) ) ) ) ), "compute" /* Segment list used for specifying explicit path for computed paths */, "srm6" /* Segment list used for SRm6 */, c( "label" arg /* Next label in SR-TE segment-list */, "ip-address" ( /* IP address of the hop */ ipaddr /* IP address of the hop */ ), "sid" arg /* Next sid in SRm6 segment-list */, c( "strict" /* Strict hop */, "loose" /* Loose hop */ ), "label-type" ( /* Type of label for the hop */ c( "node" /* Hop represents a node */ ) ) ) ) ), "compute-profile" arg ( /* Compute profile for dynamically computed paths */ c( "admin-group" ( /* Administrative group policy */ admin_group_include_exclude /* Administrative group policy */ ), "maximum-segment-list-depth" arg /* Maximum depth of computed path */, "no-label-stack-compression" /* Provide fully expanded path, using adjacency segment identifiers */, c( "protected" ( /* Choose protected labels if available */ c( "mandatory" /* Mandatorily choose protected labels */ ) ), "unprotected" ( /* Choose unprotected labels if available */ c( "mandatory" /* Mandatorily choose unprotected labels */ ) ) ), "compute-segment-list" arg /* Name of the compute type segmentlist */, "maximum-computed-segment-lists" arg /* Maximum number of segment-lists(ECMP paths) to be computed */, "metric-type" ( /* Metric type used for computaion */ c( c( "te" /* TE metric */, "igp" /* IGP metric */ ) ) ) ) ), "preserve-nexthop-hierarchy" /* Enable preserve-nexthop-hierarchy for source-packet-routing */, "source-routing-path" arg ( /* Configure a source-routing-path */ c( "srm6" /* Tunnel type SRm6 */, "ldp-tunneling" /* Allow LDP to use this LSP for tunneling */, "use-for-shortcut" /* Allow this LSP to be used as a shortcut tunnel */, "to" ( /* Ip-address of the tunnel end-point */ ipaddr /* Ip-address of the tunnel end-point */ ), "from" ( /* Ip-address of the tunnel start-point */ ipaddr /* Ip-address of the tunnel start-point */ ), "color" arg /* Color identifier for the tunnel end-point */, "no-ingress" /* Disable ingress functionality for this tunnel */, "binding-sid" arg /* Specify the binding-label to enable transit functionality for this tunnel */, "install" arg /* Install prefix */.as(:oneline), "preference" arg /* Preference for routes downloaded for this tunnel */, "metric" arg /* Metric for routes downloaded for this tunnel */, "sr-preference" arg /* SR-preference for SPRING-TE routes. Higher value is more preferred */, "lsp-external-controller" arg /* Name of the external path computing entity */, "primary" arg ( /* Configure a primary segment list for this source-routing-path */ c( "weight" arg /* Specify the balance factor for this segment list in SR-TE tunnel */, "bfd-liveness-detection" ( /* Bidirectional forwarding detection options */ c( "sbfd" ( /* Seamless BFD parameters */ c( "remote-discriminator" arg /* Remote discriminator of reflector */ ) ), "minimum-interval" arg /* Minimum transmit and receive interval */, "multiplier" arg /* Detection time multiplier */, "no-router-alert-option" /* Do not set the router alert option in IP header */ ) ), "compute" ( /* Enable computation */ c( arg ) ), "lsp-external-controller" arg /* Name of the external path computing entity */ ) ), "secondary" arg ( /* Configure a secondary segment list for this source-routing-path */ c( "bfd-liveness-detection" ( /* Bidirectional forwarding detection options */ c( "sbfd" ( /* Seamless BFD parameters */ c( "remote-discriminator" arg /* Remote discriminator of reflector */ ) ), "minimum-interval" arg /* Minimum transmit and receive interval */, "multiplier" arg /* Detection time multiplier */, "no-router-alert-option" /* Do not set the router alert option in IP header */ ) ), "compute" ( /* Enable computation */ c( arg ) ) ) ) ) ), "source-routing-path-template" arg ( /* Configure a source-routing-path-template */ c( "no-ingress" /* Disable ingress functionality for this tunnel */, "use-for-shortcut" /* Allow this LSP to be used as a shortcut tunnel */, "metric" arg /* Metric for routes downloaded for this tunnel */, "sr-preference" arg /* SR-preference for SPRING-TE routes. Higher value is more preferred */, "ldp-tunneling" /* Allow LDP to use this LSP for tunneling */, "lsp-external-controller" arg /* Name of the external path computing entity */, "primary" arg ( /* Configure a primary segment list for this source-routing-path */ c( "weight" arg /* Specify the balance factor for this segment list in SR-TE tunnel */, "compute" ( /* Enable computation */ c( arg ) ), "lsp-external-controller" arg /* Name of the external path computing entity */ ) ), "secondary" arg ( /* Configure a secondary segment list for this source-routing-path */ c( "compute" ( /* Enable computation */ c( arg ) ) ) ), "bfd-liveness-detection" ( /* Bidirectional forwarding detection options */ c( "sbfd" ( /* Seamless BFD parameters */ c( "remote-discriminator" arg /* Remote discriminator of reflector */ ) ), "minimum-interval" arg /* Minimum transmit and receive interval */, "multiplier" arg /* Detection time multiplier */, "no-router-alert-option" /* Do not set the router alert option in IP header */ ) ) ) ), "inherit-label-nexthops" /* Inherit label nexthops for first hop in segment lists */, "rib-group" ( /* Enable rib-group import poilicies on SR-TE */ c( "ipv4" ( /* Import policy to be applied on ipv4 uncolored route */ c( arg ) ), "ipv6" ( /* Import policy to be applied on ipv6 uncolored route */ c( arg ) ), "ipv4-color" ( /* Import policy to be applied on ipv4 colored route */ c( arg ) ), "ipv6-color" ( /* Import policy to be applied on ipv6 colored route */ c( arg ) ), "tag" ( /* Import policy to be applied on mpls route */ c( arg ) ) ) ), "telemetry" ( /* Enable telemetry on SR-TE policies */ c( "statistics" ( /* Enable traffic-statistics collection on SR-TE policies */ c( "no-transit" /* Disable statistics collection on binding sid route */, "no-ingress" /* Disable statistics collection on destination route */, "per-source" ( /* Enable traffic-statistics collection per source */ c( "per-segment-list" /* Enable per path level traffic-statistics collection */ ) ) ) ) ) ), "use-transport-class" ( /* Enable transport class on SR-TE colored policies */ c( "fib-install" /* Install SRTE routes in FIB */, "inet3-install" /* Install SRTE routes in inet{6}.3 table */ ) ), "inet-color-append-explicit-null" /* Enable appending explicit NULL for inet SRTE policy */, "retry-timer" arg /* Time before retrying auto-translation failed paths */, "import-color-only-cross-af" /* Enable importing of Null Endpoint color route for cross address family */, "inet6-color-append-explicit-null" /* Enable appending explicit NULL for inet6 SRTE policy */, "ipv6-tunneling-append-explicit-null" /* Enable appending explicit NULL for v4ov6 SRTE routes */, "source-routing-path-template-map" ( /* Configure a source routing path template map */ c( "policy" ( /* Configure policy */ policy_algebra /* Configure policy */ ) ) ) ) ), "l2-learning" ( /* Layer 2 forwarding configuration */ juniper_protocols_bridge /* Layer 2 forwarding configuration */ ), "dcbx" ( c( "disable", "interface" ("all" | arg) ( c( "disable", "application-map" arg, "applications" ( c( "no-auto-negotiation" ) ), "enhanced-transmission-selection" ( c( "no-auto-negotiation", "no-recommendation-tlv", "recommendation-tlv" ( c( "no-auto-negotiation" ) ) ) ), "dcbx-version" ("auto-negotiate" | "ieee-dcbx" | "dcbx-version-1.01"), "priority-flow-control" ( c( "no-auto-negotiation" ) ) ) ) ) ), "lldp" ( /* Link Layer Detection Protocol */ c( ("disable"), "traceoptions" ( /* Trace options for LLDP */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("all" | "configuration" | "rtsock" | "packet" | "protocol" | "interface" | "vlan" | "snmp" | "jvision")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "management-address" ( /* LLDP management address */ ipaddr /* LLDP management address */ ), "advertisement-interval" arg /* Transmit interval for LLDP messages */, "transmit-delay" arg /* Transmit delay time interval for LLDP messages */, "hold-multiplier" arg /* Hold timer interval for LLDP messages */, "ptopo-configuration-trap-interval" arg /* Interval for physical topology configuration change trap */, "ptopo-configuration-maximum-hold-time" arg /* Hold time for physical topology connection entries */, "lldp-configuration-notification-interval" arg /* Time interval for LLDP notification */, "port-id-subtype" ( /* Sub-type to be used for Port ID TLV generation */ ("locally-assigned" | "interface-name") ), "port-description-type" ( /* The Interfaces Group MIB object to be used for Port Description TLV generation */ ("interface-alias" | "interface-description") ), "neighbour-port-info-display" ( /* Show lldp neighbors to display port-id or port-description */ ("port-id" | "port-description") ), "mau-type" /* Populate mau-type in lldp PDU */, "vlan-name-tlv-option" ( /* Vlan tlv options to transmit vlan name or vlan-id */ ("vlan-id" | "name") ), "lldp-tx-fast-init" arg /* Transmission count in fast transmission mode */, "fast-rx-processing" /* Start optimised processing of received pdu */, "tlv-select" ( /* Select TLVs to be sent */ enum(("port-description" | "system-name" | "system-description" | "system-capabilities" | "management-address" | "mac-phy-config-status" | "power-vi-mdi" | "link-aggregation" | "maximum-frame-size" | "jnpr-chassis-serial" | "jnpr-vcp" | "jnpr-mode-change" | "jnpr-mode-change-error" | "jnpr-mode-change-ip-address" | "jnpr-mode-change-image-name" | "jnpr-mode-change-ftp-login" | "jnpr-mode-change-image-md5" | "jnpr-mode-change-ftp-server" | "port-vid" | "port-protocol-vid" | "vlan-name" | "protocol-id" | "evb" | "power-via-mdi-measurements")) ), "tlv-filter" ( /* Filter TLVs to be sent */ enum(("all" | "port-description" | "system-name" | "system-description" | "system-capabilities" | "management-address" | "mac-phy-config-status" | "power-vi-mdi" | "link-aggregation" | "maximum-frame-size" | "jnpr-chassis-serial" | "jnpr-vcp" | "jnpr-mode-change" | "jnpr-mode-change-error" | "jnpr-mode-change-ip-address" | "jnpr-mode-change-image-name" | "jnpr-mode-change-ftp-login" | "jnpr-mode-change-image-md5" | "jnpr-mode-change-ftp-server" | "port-vid" | "port-protocol-vid" | "vlan-name" | "protocol-id" | "evb" | "power-via-mdi-measurements")) ), "interface" (arg | "all") ( /* Interface configuration */ c( ("disable"), "power-negotiation" ( /* LLDP power negotiation */ c( ("disable") ) ), "tlv-select" ( /* Select TLV(s) to be sent */ enum(("port-description" | "system-name" | "system-description" | "system-capabilities" | "management-address" | "mac-phy-config-status" | "power-vi-mdi" | "link-aggregation" | "maximum-frame-size" | "jnpr-chassis-serial" | "jnpr-vcp" | "jnpr-mode-change" | "jnpr-mode-change-error" | "jnpr-mode-change-ip-address" | "jnpr-mode-change-image-name" | "jnpr-mode-change-ftp-login" | "jnpr-mode-change-image-md5" | "jnpr-mode-change-ftp-server" | "port-vid" | "port-protocol-vid" | "vlan-name" | "protocol-id" | "evb" | "power-via-mdi-measurements")) ), "tlv-filter" ( /* Filter TLV(s) to be sent */ enum(("all" | "port-description" | "system-name" | "system-description" | "system-capabilities" | "management-address" | "mac-phy-config-status" | "power-vi-mdi" | "link-aggregation" | "maximum-frame-size" | "jnpr-chassis-serial" | "jnpr-vcp" | "jnpr-mode-change" | "jnpr-mode-change-error" | "jnpr-mode-change-ip-address" | "jnpr-mode-change-image-name" | "jnpr-mode-change-ftp-login" | "jnpr-mode-change-image-md5" | "jnpr-mode-change-ftp-server" | "port-vid" | "port-protocol-vid" | "vlan-name" | "protocol-id" | "evb" | "power-via-mdi-measurements")) ), "trap-notification" ( /* To enable or disable for lldp-trap notification */ ("enable" | "disable") ) ) ) ) ), "lldp-med" ( /* LLDP Media Endpoint Discovery */ c( "fast-start" arg /* Discovery count for MED */, "interface" (arg | "all") ( /* Interface configuration */ c( ("disable"), "location" ( c( c( "civic-based" ( /* Postal address */ civic_address_elements /* Postal address */ ), "elin" arg /* Emergency line identification (ELIN) string */, "co-ordinate" ( /* Address based on longitude and latitude coordinates */ co_ordinate_elements /* Address based on longitude and latitude coordinates */ ) ) ) ), "tlv-select" ( /* Select TLV(s) to be sent */ enum(("med-capabilities" | "network-policy" | "location-id" | "ext-power-via-mdi")) ), "tlv-filter" ( /* Filter TLV(s) to be sent */ enum(("all" | "med-capabilities" | "network-policy" | "location-id" | "ext-power-via-mdi")) ) ) ), "tlv-select" ( /* Select MED TLVs to be sent */ enum(("med-capabilities" | "network-policy" | "location-id" | "ext-power-via-mdi")) ), "tlv-filter" ( /* Filter MED TLVs to be sent */ enum(("all" | "med-capabilities" | "network-policy" | "location-id" | "ext-power-via-mdi")) ), "disable" ) ), "igmp-snooping" ( /* IGMP snooping configuration */ juniper_default_ri_protocols_igmp_snooping /* IGMP snooping configuration */ ), "mld-snooping" ( /* MLD snooping configuration */ juniper_default_ri_protocols_mld_snooping /* MLD snooping configuration */ ), "pcep" ( /* Path computation client configuration */ c( "message-rate-limit" arg /* Messages per minute rate that path computation client will handle at maximum. 0 - disabled */, "update-rate-limit" arg /* Updates per minute rate that path computation client will handle at maximum. 0 - disabled */, "max-provisioned-lsps" arg /* Defines max count of externally provisioned LSPs over all conected PCEs (default: 16000) */, "pce-group" arg ( /* PCE group definition */ c( "pce-type" ( /* Type of the PCE (e.g. stateful or stateless) */ sc( "active" /* The PCE can modify delegated LSPs */, c( "stateful" /* The PCE is stateful */ ) ) ).as(:oneline), "lsp-provisioning" /* The PCE is capable of provisioning LSPs */, "p2mp-lsp-report-capability" /* The PCE is capable of reporting P2MP LSPs */, "p2mp-lsp-update-capability" /* The PCE is capable of update P2MP LSPs */, "p2mp-lsp-init-capability" /* The PCE is capable of provisioning P2MP LSPs */, "lsp-cleanup-timer" arg /* LSP cleanup time (default: 60) */, "spring-capability" /* PCE is capable of supporting SPRING based provisioning */, "max-sid-depth" arg /* Max SID Depth (default: 5) */, "lsp-retry-delegation" /* Retry LSP delegation process is enabled */, "lsp-retry-delegation-timer" arg /* LSP retry delegation timer in case delegation failure or re-delegate (default: 3600) */, "request-timer" arg /* The amount of time path computation client waits for a reply before resending its requests */, "max-unknown-requests" arg /* Max unknown requests per minute after which the connection will be closed. 0 - disabled */, "max-unknown-messages" arg /* Max unknown messages per minute after which the connection will be closed. 0 - disabled */, "traceoptions" ( /* Path Computation Element Protocol trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("pcep" | "all")) /* Area of Path Computation Client Daemon to enable debugging output */.as(:oneline) ) ), "delegation-cleanup-timeout" arg /* Return control of LSPs or Re-delegation time after PCEP session disconnect (default: 30) */, "pce-traffic-steering" /* Enable PCE traffic steering (FlowSpec Capability) */ ) ), "pce" arg ( /* Per PCE configuration */ c( "local-address" ( /* Address of local end of PCEP session */ ipv4addr /* Address of local end of PCEP session */ ), "destination-ipv4-address" ( /* IPV4 Address of PCE */ ipv4addr /* IPV4 Address of PCE */ ), "destination-port" arg /* Destination TCP port PCE is listening on */, "delegation-priority" arg /* This PCE's priority among configured stateful PCEs in one pce-group */, "request-priority" arg /* This PCE's priority among configured stateless PCEs in one pce-group */, "pce-group" arg /* Assign this PCE to defined pce group. PCE will inherit default values from the pce-group */, "authentication-key" arg /* MD5 authentication key */, "authentication-algorithm" ( /* Authentication algorithm name */ ("md5") ), "authentication-key-chain" arg /* Key chain name */, "pce-type" ( /* Type of the PCE (e.g. stateful or stateless) */ sc( "active" /* The PCE can modify delegated LSPs */, c( "stateful" /* The PCE is stateful */ ) ) ).as(:oneline), "lsp-provisioning" /* The PCE is capable of provisioning LSPs */, "p2mp-lsp-report-capability" /* The PCE is capable of reporting P2MP LSPs */, "p2mp-lsp-update-capability" /* The PCE is capable of update P2MP LSPs */, "p2mp-lsp-init-capability" /* The PCE is capable of provisioning P2MP LSPs */, "lsp-cleanup-timer" arg /* LSP cleanup time (default: 60) */, "spring-capability" /* PCE is capable of supporting SPRING based provisioning */, "max-sid-depth" arg /* Max SID Depth (default: 5) */, "lsp-retry-delegation" /* Retry LSP delegation process is enabled */, "lsp-retry-delegation-timer" arg /* LSP retry delegation timer in case delegation failure or re-delegate (default: 3600) */, "request-timer" arg /* The amount of time path computation client waits for a reply before resending its requests */, "max-unknown-requests" arg /* Max unknown requests per minute after which the connection will be closed. 0 - disabled */, "max-unknown-messages" arg /* Max unknown messages per minute after which the connection will be closed. 0 - disabled */, "traceoptions" ( /* Path Computation Element Protocol trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("pcep" | "all")) /* Area of Path Computation Client Daemon to enable debugging output */.as(:oneline) ) ), "delegation-cleanup-timeout" arg /* Return control of LSPs or Re-delegation time after PCEP session disconnect (default: 30) */, "pce-traffic-steering" /* Enable PCE traffic steering (FlowSpec Capability) */ ) ), "traceoptions" ( /* Path Computation Client Daemon trace options */ pccd_traceoptions_type /* Path Computation Client Daemon trace options */ ) ) ), "ppp" ( /* Configure PPP process */ c( "traceoptions" ( /* PPP trace options */ ppp_traceoptions_type /* PPP trace options */ ), "monitor-session" ( /* Monitor packet exchange for PPP session */ s( ("all" | arg) ) ) ) ), "pppoe" ( /* Configure PPPoE process */ c( "traceoptions" ( /* PPPoE trace options */ pppoe_traceoptions_type /* PPPoE trace options */ ), "pado-advertise" /* Enable PADO advertising of PPPoE Service-Names */, "service-name-tables" arg ( /* PPPoE Service Name Tables */ c( "empty-service" ( /* Empty Service configuration */ c( c( "terminate" /* Service Action Terminate */, "drop" /* Service Action Drop */, "delay" arg /* Service Action Delay */ ) ) ), "service" arg ( /* One or more named PPPoE services */ c( c( "terminate" /* Service Action Terminate */, "drop" /* Service Action Drop */, "delay" arg /* Service Action Delay */ ), "dynamic-profile" arg /* Attach dynamic-profile to entry */, "routing-instance" arg /* Attach routing-instance to entry */, "max-sessions" arg /* Maximum sessions associated with Service */, "agent-specifier" ( /* One or more ACI/ARI entries */ s( "aci" arg /* Agent Circuit ID */, "ari" arg /* Agent Remote ID */, c( c( "terminate" /* Service Action Terminate */, "drop" /* Service Action Drop */, "delay" arg /* Service Action Delay */ ), "dynamic-profile" arg /* Attach dynamic-profile to entry */, "routing-instance" arg /* Attach routing-instance to entry */, "static-interface" ( /* Attach static-interface to entry */ interface_unit /* Attach static-interface to entry */ ) ) ) ) ) ) ) ) ) ), "r2cp" ( /* Radio-to-Router Control Protocol configuration */ c( ("disable"), "traceoptions" ( /* R2CP trace options */ r2cp_traceoptions_type /* R2CP trace options */ ), "server-port" arg /* R2CP server port number */, "client-port" ( /* R2CP client port number */ sc( c( arg, c( "any" /* Accept R2CP messages sent on any port */ ) ) ) ).as(:oneline), "node-terminate-count" arg /* Node Term retransmit count */, "node-terminate-interval" arg /* Node Terminate interval */, "session-terminate-count" arg /* Session Term retransmit count */, "session-terminate-interval" arg /* Session Term interval */, "radio" arg ( c( "interface" ( /* Interface listening for R2CP messages */ interface_unit /* Interface listening for R2CP messages */ ), "down-count" arg /* Number of missed keepalives before radio is assumed 'down' */, "virtual-channel-group" arg /* Virtual channel group name */, "radio-interface" arg ) ) ) ), "sflow" ( /* SFLOW protocol */ c( "traceoptions" ( /* Trace options for SFLOW */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("configuration" | "rtsock" | "interface" | "client-server" | "all")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "agent-id" ( /* Sflow agent id configuration */ sc( ipv4addr /* Sflow agent ipv4 address */, "inet6" ( /* Sflow agent ipv6 address */ ipv6addr /* Sflow agent ipv6 address */ ) ) ).as(:oneline), "polling-interval" arg /* Interval between port statistics */, "adaptive-sample-rate" ( /* Trigger adaptive sampling */ sc( arg, "fallback" /* Enable fallback to previous adapted sample rates */, "sample-limit-threshold" arg /* Per FPC Sample limits in pps */ ) ).as(:oneline), "inline-sampling" /* Enable inline sampling of packets */, "sample-rate" ( /* Sampling rate */ c( "ingress" arg /* Ingress direction */, "egress" arg /* Egress direction */ ) ), "source-ip" ( /* Sflow agent id configuration */ sc( ipv4addr /* Sflow datagram source ipv4 address */, "inet6" ( /* Sflow datagram source ipv6 address */ ipv6addr /* Sflow datagram source ipv6 address */ ) ) ).as(:oneline), "collector" arg ( /* SFLOW collector configuration */ c( "udp-port" arg /* Collector UDP port */, "dscp" arg /* Collector DSCP Value */, "forwarding-class" arg /* Forwarding class for exported sflow packets */ ) ), "interfaces" arg ( /* Enable SFLOW on this interface */ c( "polling-interval" arg /* Interval between port statistics */, "sample-rate" ( /* Sampling rate */ c( "ingress" arg /* Ingress direction */, "egress" arg /* Egress direction */ ) ) ) ), "disable-sw-rate-limiter" /* Disable sw rate limiter */ ) ), "layer2-control" ( /* Global options for layer 2 protocols */ juniper_protocols_l2control /* Global options for layer 2 protocols */ ), "rstp" ( /* Rapid Spanning Tree Protocol options */ juniper_protocols_stp /* Rapid Spanning Tree Protocol options */ ), "mstp" ( /* Multiple Spanning Tree Protocol options */ juniper_protocols_mstp /* Multiple Spanning Tree Protocol options */ ), "vstp" ( /* VLAN Spanning Tree Protocol options */ juniper_protocols_vstp /* VLAN Spanning Tree Protocol options */ ), "loop-detect" ( /* Layer2 Loop Detect on interface with non-IP L2 Multicast mac as destination mac */ c( "interface" (arg | "all-extended-ports") ( /* Interface name to block Loop Detect PDUs on */ c( "disable" /* Disable loop detect feature on a port */ ) ), "enhanced" ( /* Enhanced loop detect configuration */ c( "interface" (arg | "all") ( /* Name of interface */ c( "vlan-id" arg /* VLAN identifier for trunk interface */, "loop-detect-action" ( /* Action that needs to be taken */ ("interface-down" | "laser-off") ), "transmit-interval" ( /* Interval between loop-detect messages */ ("1s" | "10s" | "1m" | "10m") ), "revert-interval" arg /* Interval after which action will be reverted */ ) ) ) ), "destination-mac" ( /* Destination non-IP L2 multicast mac to be used for transmitting Loop Detect PDUs */ mac_multicast /* Destination non-IP L2 multicast mac to be used for transmitting Loop Detect PDUs */ ), "transmit-interval" arg /* Loop Detect PDU TX interval in sec --default 30s */ ) ), "protection-group" ( /* Protection group */ juniper_protocols_protection_group /* Protection group */ ), "mvrp" ( /* MVRP configuration */ juniper_protocols_mvrp /* MVRP configuration */ ), "ovsdb" ( /* OVSDB protocol */ juniper_protocols_vgd /* OVSDB protocol */ ), "openflow" ( /* OpenFlow protocol */ juniper_protocols_openflow /* OpenFlow protocol */ ) ) end rule(:admin_group_include_exclude) do c( c( "include-any" arg /* Groups, one or more of which must be present */ ), c( "include-all" arg /* Groups, all of which must be present */ ), c( "exclude" arg /* Groups, all of which must be absent */ ) ) end rule(:bandwidth_type) do c( arg /* Bandwidth to reserve */, "ct0" arg /* Bandwidth from traffic class 0 */, "ct1" arg /* Bandwidth from traffic class 1 */, "ct2" arg /* Bandwidth from traffic class 2 */, "ct3" arg /* Bandwidth from traffic class 3 */ ) end rule(:civic_address_elements) do c( "what" arg /* Type of address */, "country-code" arg /* Two-letter country code */, "ca-type" arg ( c( "ca-value" arg /* Address element value */ ) ) ) end rule(:clksync_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("init" | "routing-socket" | "synchronization" | "ptp" | "protocol" | "configuration" | "debug" | "ppm" | "error" | "hybrid" | "framer" | "ipc" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:co_ordinate_elements) do c( "longitude" arg /* Longitude value */, "lattitude" arg /* Lattitude value */ ) end rule(:juniper_default_ri_protocols_igmp_snooping) do c( "vlan" ("all" | arg) ( /* VLAN options */ c( "traceoptions" ( /* Trace options for IGMP Snooping */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("packets" | "query" | "report" | "leave" | "group" | "client-notification" | "route" | "normal" | "general" | "state" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "query-interval" arg /* When to send host query messages */, "l2-querier" ( /* Enable L2 querier mode */ c( "source-address" ( /* Source IP address to use for L2 querier */ ipv4addr /* Source IP address to use for L2 querier */ ) ) ), "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv4addr /* Source IP address to use for proxy */ ) ) ), "evpn-ssm-reports-only" /* Accept and process only reports of SSM groups */, "data-forwarding" ( /* MVR Data forwarding options */ c( c( "source" ( /* MVR source vlan */ c( "groups" ( /* Group range */ ipv4prefix /* Group range */ ) ) ), "receiver" ( /* MVR receiver vlan */ c( c( "translate" /* Translate vid of outgoing pkt to receiver vlan's tag */ ), "source-list" arg /* Source VLANs for this receiver vlan */, "install" /* Install forwarded bridging entires */, "mode" ( /* MVR Mode */ ("transparent" | "proxy") ) ) ) ) ) ), "interface" arg ( /* Interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interface */, "host-only-interface" /* Enable interface to be treated as host-side interface */, "group-limit" arg /* Maximum number of groups an interface can join */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "qualified-vlan" arg ( /* VLAN options for qualified-learning */ c( "query-interval" arg /* When to send host query messages */, "l2-querier" ( /* Enable L2 querier mode */ c( "source-address" ( /* Source IP address to use for L2 querier */ ipv4addr /* Source IP address to use for L2 querier */ ) ) ), "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv4addr /* Source IP address to use for proxy */ ) ) ), "evpn-ssm-reports-only" /* Accept and process only reports of SSM groups */, "interface" arg ( /* Interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interface */, "host-only-interface" /* Enable interface to be treated as host-side interface */, "group-limit" arg /* Maximum number of groups an interface can join */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ) ) ), "disable" ) ), "traceoptions" ( /* Trace options for IGMP Snooping */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("packets" | "query" | "report" | "leave" | "group" | "client-notification" | "host-notification" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "evpn-ssm-reports-only" /* Accept and process only reports of SSM groups */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv4addr /* Source IP address to use for proxy */ ), "irb" /* Proxy IGMP reports to IRB */ ) ), "interface" arg ( /* Interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ) ) end rule(:juniper_default_ri_protocols_mld_snooping) do c( "vlan" ("all" | arg) ( /* VLAN options */ c( "traceoptions" ( /* Trace options for MLD Snooping */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("packets" | "query" | "report" | "leave" | "group" | "client-notification" | "host-notification" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "query-interval" arg /* When to send host query messages */, "l2-querier" ( /* Enable L2 querier mode */ c( "source-address" ( /* Source IP address to use for L2 querier */ ipv6addr /* Source IP address to use for L2 querier */ ) ) ), "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv6addr /* Source IP address to use for proxy */ ) ) ), "evpn-ssm-reports-only" /* Accept and process only reports of SSM groups */, "interface" arg ( /* Interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of groups an interface can join */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "qualified-vlan" arg ( /* VLAN options for qualified-learning */ c( "query-interval" arg /* When to send host query messages */, "l2-querier" ( c( "source-address" ( /* Source IP address to use for L2 querier */ ipv6addr /* Source IP address to use for L2 querier */ ) ) ), "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv6addr /* Source IP address to use for proxy */ ) ) ), "evpn-ssm-reports-only" /* Accept and process only reports of SSM groups */, "interface" arg ( /* Interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of groups an interface can join */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ) ) ) ) ), "traceoptions" ( /* Trace options for MLD Snooping */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("packets" | "query" | "report" | "leave" | "group" | "client-notification" | "host-notification" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "evpn-ssm-reports-only" /* Accept and process only reports of SSM groups */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv6addr /* Source IP address to use for proxy */ ), "irb" /* Proxy IGMP reports to IRB */ ) ), "interface" arg ( /* Interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ) ) end rule(:juniper_protocols_amt) do c( "traceoptions" ( /* Trace options for AMT */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("packets" | "errors" | "tunnels" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "relay" ( /* AMT relay */ juniper_protocols_amt_relay /* AMT relay */ ) ) end rule(:juniper_protocols_amt_relay) do c( "family" ( /* Protocol family */ c( "inet" ( c( "anycast-prefix" ( /* IPv4 anycast prefix */ ipv4prefix /* IPv4 anycast prefix */ ), "local-address" ( /* IPv4 local address */ ipv4addr /* IPv4 local address */ ) ) ) ) ), "secret-key-timeout" arg /* Time interval for the secret key to expire */, "tunnel-limit" arg /* Number of AMT tunnels */, "unicast-stream-limit" arg /* Maximum number of AMT unicast streams(s,g,intf) */, "accounting" /* Enable AMT accounting */, "tunnel-devices" ( /* Tunnel devices to be used for creating ud interfaces */ interface_device /* Tunnel devices to be used for creating ud interfaces */ ) ) end rule(:juniper_protocols_ancp) do c( "traceoptions" ( /* Trace options for ANCP */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("config" | "cos" | "routing-socket" | "packet" | "protocol" | "process" | "startup" | "session" | "general" | "restart" | "subscriber" | "timer" | "all")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "qos-adjust" ( /* Enable QoS adjust for interfaces and interface-sets */ c( "sdsl-bytes" arg /* Set SDSL byte adjust value */, "sdsl-overhead-adjust" arg /* Set SDSL overhead adjusted */, "vdsl-bytes" arg /* Set VDSL byte adjust value */, "vdsl-overhead-adjust" arg /* Set VDSL overhead adjusted */, "vdsl2-bytes" arg /* Set VDSL2 byte adjust value */, "vdsl2-overhead-adjust" arg /* Set VDSL2 overhead adjusted */, "adsl-bytes" arg /* Set ADSL byte adjust value */, "adsl2-bytes" arg /* Set ADSL2 byte adjust value */, "adsl2-plus-bytes" arg /* Set ADSL-PLUS byte adjust value */, "other-bytes" arg /* Set OTHER byte adjust value */, "other-overhead-adjust" arg /* Set OTHER overhead adjusted */ ) ), "pre-ietf-mode" /* Enable backward compatibility mode */, "maximum-discovery-table-entries" arg /* Maximum number of discovery table entries per neighbor */, "adjacency-timer" arg /* Set adjacency timer in seconds */, "maximum-helper-restart-time" arg /* Set maximum helper restart timer */, "qos-adjust-adsl" arg /* Set ADSL QoS adjustment factor */, "qos-adjust-adsl2" arg /* Set ADSL2 QoS adjustment factor */, "qos-adjust-adsl2-plus" arg /* Set ADSL2+ QoS adjustment factor */, "qos-adjust-vdsl" arg /* Set VDSL QoS adjustment factor */, "qos-adjust-vdsl2" arg /* Set VDSL2 QoS adjustment factor */, "qos-adjust-sdsl" arg /* Set SDSL QoS adjustment factor */, "qos-adjust-other" arg /* Set OTHER QoS adjustment factor */, "gsmp-syn-wait" /* Enable partition ID learning */, "gsmp-syn-timeout" arg /* Set partition ID learning timeout */, "adjacency-loss-hold-time" arg /* Audit duration upon adjacency loss */, "interfaces" ( /* ANCP interface config options */ c( "interface-set" arg ( /* ANCP interface-set specific options */ c( "access-identifier" arg /* Subscriber specific access identifier information */, "neighbor" ( /* Neighbor IP address */ ipaddr /* Neighbor IP address */ ) ) ), ancp_interfaces_type ) ), "neighbor" arg ( /* ANCP neighbor config options */ c( "discovery-mode" /* Enable topology discovery */, c( "pre-ietf-mode" /* Enable backward compatibility mode */, "ietf-mode" /* Enable IETF mode */ ), "adjacency-timer" arg /* Set adjacency timer in seconds */, "maximum-discovery-table-entries" arg /* Maximum number of discovery table entries */, "auto-configure-trigger" ( /* Auto-configure trigger support */ c( "interface" ( interface_device ) ) ), "adjacency-loss-hold-time" arg /* Audit duration upon adjacency loss */ ) ) ) end rule(:ancp_interfaces_type) do arg.as(:arg) ( c( "access-identifier" arg /* Subscriber specific access identifier information */, "neighbor" ( /* Neighbor IP address */ ipaddr /* Neighbor IP address */ ), "overhead-accounting" /* Enable overhead accounting on per ACI basis */ ) ) end rule(:juniper_protocols_bd) do c( "mac-table-size" ( /* Size of MAC address forwarding table */ c( arg, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop") ) ) ), "mac-ip-table-size" ( /* Size of MAC+IP bindings table */ c( arg ) ), "interface-mac-limit" ( /* Maximum MAC address learned per interface */ c( arg, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop" | "log" | "shutdown" | "drop-and-log") ) ) ), "interface-mac-ip-limit" ( /* Maximum MAC+IP bindings learned per interface */ c( arg ) ), "mac-notification" ( /* MAC notification options */ c( "notification-interval" arg /* Interval for sending MAC notifications */ ) ), "mac-table-aging-time" arg /* Delay for discarding MAC address if no updates are received */, "no-mac-learning" /* Disable dynamic MAC address learning */, "no-normalization" /* Disable vlan id normalization for interfaces */, "mac-statistics" /* Enable MAC address statistics */, "mib" ( /* Snmp mib options */ c( "dot1q-mib" ( /* Dot1q MIB configuration options */ c( "port-list" ( /* Port list for staticegressports and staticuntaggedports MIB */ ("bit-map" | "string") ) ) ) ) ), "static-rvtep-mac" ( /* Configure Static MAC and remote VxLAN tunnel endpoint entries */ c( "mac" ( /* Unicast MAC address */ s( arg, "remote-vtep" arg /* Configure static remote VXLAN tunnel endpoints */ ) ).as(:oneline) ) ), "interface" arg ( /* Interface that connect this site to the VPN */ c( "interface-mac-limit" ( /* Maximum number of MAC addresses learned on the interface */ c( arg, "disable" /* Disable interface for interface-mac-limit */, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop" | "log" | "shutdown" | "drop-and-log") ) ) ), "action-priority" arg /* Blocking priority of this interface on mac move detection */, "static-mac" arg ( /* Static MAC addresses assigned to this interface */ c( "vlan-id" arg /* VLAN ID of learning VLAN */ ) ), "interface-mac-ip-limit" ( /* Maximum number of MAC+IP bindings learned on the interface */ c( arg ) ), "no-mac-learning" /* Disable dynamic MAC address learning */, "mac-pinning" /* Enable MAC pinning */, "persistent-learning" /* Enable persistent MAC learning on this interface */ ) ) ) end rule(:juniper_protocols_bgp) do c( "path-selection" ( /* Configure path selection strategy */ c( "l2vpn-use-bgp-rules" /* Use standard BGP rules during L2VPN path selection */, "cisco-non-deterministic" /* Use Cisco IOS nondeterministic path selection algorithm */, "always-compare-med" /* Always compare MED values, regardless of neighbor AS */, "med-plus-igp" ( /* Add IGP cost to next-hop to MED before comparing MED values */ c( "med-multiplier" arg /* Multiplier for MED */, "igp-multiplier" arg /* Multiplier for IGP cost to next-hop */ ) ), "external-router-id" /* Compare router ID on BGP externals */, "as-path-ignore" /* Ignore AS path comparison during path selection */ ) ), "accept-prpd-connection" /* Enable BGP to accept PRPD connections */.as(:oneline), "advertise-from-main-vpn-tables" /* Advertise VPN routes from bgp.Xvpn.0 tables in master instance */, "stale-labels-holddown-period" arg /* Duration (sec) MPLS labels allocated by BGP are kept after they go stale */, "holddown-all-stale-labels" /* Hold all BGP stale-labels, facilating make-before-break for new label advertisements */, "egress-te-backup-paths" ( /* Backup-path for Egress-TE peer interface failure */ c( "template" arg ( /* Backup-path template */ c( "peer" arg /* Egress peer TE backup exit path */, "remote-nexthop" ( /* Resolve and use tunnel to this next-hop as backup path */ c( ipaddr /* Address of remote-nexthop to use as backup path */ ) ), "ip-forward" ( /* Use IP-forward backup path for Egress TE */ c( arg /* Routing-instance to use as IP forward backup-path */ ) ) ) ) ) ), "sr-preference-override" arg /* Replace received segment routing traffic engineering preference value with override value */, "vpn-apply-export" /* Apply BGP export policy when exporting VPN routes */, "family" ( /* Protocol family for NLRIs in updates */ c( "inet" ( /* IPv4 NLRI parameters */ c( "labeled-unicast" ( /* Include labeled unicast NLRI */ bgp_afi_labeled /* Include labeled unicast NLRI */ ), "segment-routing-te" ( /* Include segment-routing TE policy */ bgp_afi_srte /* Include segment-routing TE policy */ ), "transport" ( /* Include Classful Transport NLRI */ bgp_afi_inet_transport /* Include Classful Transport NLRI */ ), "unicast" ( /* Include unicast NLRI */ bgp_afi_topo /* Include unicast NLRI */ ), "multicast" ( /* Include multicast NLRI */ bgp_afi_default /* Include multicast NLRI */ ), "flow" ( /* Include flow NLRI */ bgp_afi_flow_with_redirect_ip_action /* Include flow NLRI */ ), "any" ( /* Include unicast or multicast NLRI */ bgp_afi_default /* Include unicast or multicast NLRI */ ) ) ), "inet-vpn" ( /* IPv4 Layer 3 VPN NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_l3vpn /* Include unicast NLRI */ ), "multicast" ( /* Include multicast NLRI */ bgp_afi_vpn /* Include multicast NLRI */ ), "flow" ( /* Include flow VPN NLRI */ bgp_afi_flow_with_redirect_ip_action /* Include flow VPN NLRI */ ), "any" ( /* Include unicast or multicast NLRI */ bgp_afi_vpn /* Include unicast or multicast NLRI */ ) ) ), "inet6" ( /* IPv6 NLRI parameters */ c( "labeled-unicast" ( /* Include labeled unicast NLRI */ bgp_afi_inet6_labeled /* Include labeled unicast NLRI */ ), "segment-routing-te" ( /* Include segment-routing TE policy */ bgp_afi_srte /* Include segment-routing TE policy */ ), "transport" ( /* Include Classful Transport NLRI */ bgp_afi_inet6_transport /* Include Classful Transport NLRI */ ), "unicast" ( /* Include unicast NLRI */ bgp_afi_topo /* Include unicast NLRI */ ), "multicast" ( /* Include multicast NLRI */ bgp_afi_default /* Include multicast NLRI */ ), "flow" ( /* Include flow NLRI */ bgp_afi_flow /* Include flow NLRI */ ), "any" ( /* Include unicast or multicast NLRI */ bgp_afi_default /* Include unicast or multicast NLRI */ ) ) ), "inet6-vpn" ( /* IPv6 Layer 3 VPN NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_l3vpn /* Include unicast NLRI */ ), "multicast" ( /* Include multicast NLRI */ bgp_afi_vpn /* Include multicast NLRI */ ), "flow" ( /* Include flow VPN NLRI */ bgp_afi_flow /* Include flow VPN NLRI */ ), "any" ( /* Include unicast or multicast NLRI */ bgp_afi_vpn /* Include unicast or multicast NLRI */ ) ) ), "iso-vpn" ( /* ISO Layer 3 VPN NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_vpn_protection /* Include unicast NLRI */ ) ) ), "l2vpn" ( /* MPLS-based Layer 2 VPN and VPLS NLRI parameters */ c( "auto-discovery-only" ( /* Include auto-discovery NLRI for LDP Layer 2 VPN and VPLS */ bgp_afi_default /* Include auto-discovery NLRI for LDP Layer 2 VPN and VPLS */ ), "auto-discovery-mspw" ( /* Include auto-discovery NLRI for LDP Signalled MultiSegment PW */ bgp_afi_default /* Include auto-discovery NLRI for LDP Signalled MultiSegment PW */ ), "signaling" ( /* Include Layer 2 VPN and VPLS signaling NLRI */ bgp_afi_l2vpn /* Include Layer 2 VPN and VPLS signaling NLRI */ ) ) ), "evpn" ( /* EVPN NLRI parameters */ c( "signaling" ( /* Include EVPN signaling NLRI */ bgp_afi_default /* Include EVPN signaling NLRI */ ) ) ), "inet-mvpn" ( /* IPv4 MVPN NLRI parameters */ c( "signaling" ( /* Include IPv4 multicast VPN signaling NLRI */ bgp_afi_default /* Include IPv4 multicast VPN signaling NLRI */ ) ) ), "inet6-mvpn" ( /* IPv6 MVPN NLRI parameters */ c( "signaling" ( /* Include IPv6 multicast VPN signaling NLRI */ bgp_afi_default /* Include IPv6 multicast VPN signaling NLRI */ ) ) ), "inet-mdt" ( /* IPv4 Multicast Distribution Tree (MDT) NLRI parameters */ c( "signaling" ( /* Include IPv4 multicast VPN auto-discovery NLRI */ bgp_afi_default /* Include IPv4 multicast VPN auto-discovery NLRI */ ) ) ), "traffic-engineering" ( /* Traffic Engineering (BGP-TE) NLRI parameters */ c( "unicast" ( /* Include BGP-TE NLRI */ bgp_afi_default /* Include BGP-TE NLRI */ ) ) ), "route-target" ( /* Route target NLRI used for VPN route filtering */ c( "prefix-limit" ( /* Limit maximum number of prefixes from a peer */ bgpaf_prefix_limit /* Limit maximum number of prefixes from a peer */ ), "accepted-prefix-limit" ( /* Limit maximum number of prefixes accepted from a peer */ bgpaf_accepted_prefix_limit /* Limit maximum number of prefixes accepted from a peer */ ), "proxy-generate" ( /* Generate route target NLRI for peers that don't support it */ c( "route-target-policy" ( /* Limit VPN routes that are used to generate proxy route-target filters */ policy_algebra /* Limit VPN routes that are used to generate proxy route-target filters */ ) ) ), "external-paths" arg /* Number of external paths accepted for route filtering */, "advertise-default" /* Advertise default and suppress more specific routes */, "damping" /* Enable route flap damping */, "graceful-restart" ( /* BGP graceful restart options */ bgp_af_gr /* BGP graceful restart options */ ), "local-ipv4-address" ( /* Local IPv4 address */ ipv4addr /* Local IPv4 address */ ), "output-queue-priority" ( /* Default output-queue to assign updates to */ bgp_output_queue_priority_class /* Default output-queue to assign updates to */ ), "route-refresh-priority" ( /* Default output-queue to assign route refreshes to */ bgp_output_queue_priority_class /* Default output-queue to assign route refreshes to */ ), "withdraw-priority" ( /* Default output-queue to assign withdrawn routes to */ bgp_output_queue_priority_class /* Default output-queue to assign withdrawn routes to */ ) ) ), "fabric" ( /* Fabric NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_default /* Include unicast NLRI */ ) ) ), "bridge" ( /* Bridge NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_default /* Include unicast NLRI */ ) ) ), "bridge-vpn" ( /* Bridge VPN NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_vpn /* Include unicast NLRI */ ) ) ), "fabric-vpn" ( /* Fabric VPN NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_vpn /* Include unicast NLRI */ ) ) ), "inet-bgpmcast" ( /* IPv4 BGPMCAST NLRI parameters */ c( "signaling" ( /* Include IPv4 BGP multicast signaling NLRI */ bgp_afi_default /* Include IPv4 BGP multicast signaling NLRI */ ) ) ), "inet6-bgpmcast" ( /* IPv6 BGPMCAST NLRI parameters */ c( "signaling" ( /* Include IPv6 BGP multicast signaling NLRI */ bgp_afi_default /* Include IPv6 BGP multicast signaling NLRI */ ) ) ) ) ), "egress-te" ( /* Use Egress Peering traffic engineering */ c( "install-address" ( /* Address to use in egress-te created inet route */ ipaddr /* Address to use in egress-te created inet route */ ), "rib" ( /* Select primary table for Egress-TE routes */ c( "inet.0" /* Install Egress-TE routes in inet.0 */, "inet6.0" /* Install Egress-TE routes in inet6.0 */ ) ), "no-install" /* Avoid installation to FIB or resolving over */, "import" ( /* Import policy to set attributes */ policy_algebra /* Import policy to set attributes */ ), "backup-path" arg /* The 'egress-te-backup-paths template' to use for this peer */ ) ), "advertise-prefix-sid" /* Advertise prefix sid to E-BGP peers */, "accept-prefix-sid" /* Accept prefix sid from E-BGP peers */, "advertise-srgb" /* Advertise SRGB TLV */, "tcp-connect-port" arg /* TCP port number to connect with peer on */, "egress-te-sid-stats" /* Create BGP-Peer-SID sensor */, "egress-te-set-segment" arg ( /* Configure BGP-Peer-Set segment */ c( "label" ( /* BGP-Peer-Set SID label from static label pool */ c( arg ) ), "egress-te-backup-segment" ( /* Backup segment for FRR */ c( "label" ( /* Backup segment label from static label pool */ c( arg ) ) ) ), "egress-te-backup-ip-forward" ( /* Use IP-forward backup path for Egress TE */ c( arg /* Routing-instance to use as IP forward backup-path */ ) ) ) ), "group" arg ( /* Define a peer group */ c( "type" ( /* Type of peer group */ ("internal" | "external") ), "protocol" ( /* IGP to use to resolve the next hop */ ("rip" | "ospf" | "isis") ), "traceoptions" ( /* Trace options for BGP */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("damping" | "packets" | "open" | "update" | "keepalive" | "refresh" | "nsr-synchronization" | "bfd" | "4byte-as" | "add-path" | "graceful-restart" | "egress-te" | "thread-io" | "sharding" | "thread-update-io" | "route-validation" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */, "filter" ( /* Filter to apply to this flag */ bgp_filter_obj /* Filter to apply to this flag */ ) ) ).as(:oneline) ) ), "description" arg /* Text description */, "metric-out" ( /* Route metric sent in MED */ sc( c( arg, "minimum-igp" ( /* Track the minimum IGP metric */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "igp" ( /* Track the IGP metric */ sc( arg /* Metric offset for MED */, "delay-med-update" /* Delay updating MED when IGP metric increases */ ) ).as(:oneline), "effective-aigp" ( /* Track the effective AIGP metric */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "minimum-effective-aigp" ( /* Track the minimum effective AIGP metric */ sc( arg /* Metric offset for MED */ ) ).as(:oneline) ) ) ).as(:oneline), "multihop" ( /* Configure an EBGP multihop session */ c( "ttl" arg /* TTL value for the session */, "no-nexthop-change" /* Do not change next hop to self in advertisements */ ) ), "route-server-client" /* Enable route server client behavior */, "accept-remote-nexthop" /* Allow import policy to specify a non-directly connected next-hop */, "preference" arg /* Preference value */, "local-preference" arg /* Value of LOCAL_PREF path attribute */, "local-address" ( /* Address of local end of BGP session */ ipaddr /* Address of local end of BGP session */ ), "local-interface" ( /* Local interface for IPv6 link local EBGP peering */ interface_name /* Local interface for IPv6 link local EBGP peering */ ), "forwarding-context" arg /* Routing-instance used for data-forwarding and transport-session */, "hold-time" arg /* Hold time used when negotiating with a peer */, "minimum-hold-time" arg /* Minimum hold time accepted from the peer */, "passive" /* Do not send open messages to a peer */, "advertise-inactive" /* Advertise inactive routes */, "advertise-peer-as" /* Advertise routes received from the same autonomous system */, "no-advertise-peer-as" /* Don't advertise routes received from the same autonomous system */, "advertise-external" ( /* Advertise best external routes */ sc( "conditional" /* Route matches active route upto med-comparison rule */ ) ).as(:oneline), "keep" ( /* How to retain routes in the routing table */ ("all" | "none") ), "rfc6514-compliant-safi129" /* Compliant with RFC6514 SAFI129 format */, "no-aggregator-id" /* Set router ID in aggregator path attribute to 0 */, "mtu-discovery" /* Enable TCP path MTU discovery */, "enforce-first-as" /* Enforce first AS in AS-path is the neighbor's AS */, "out-delay" arg /* How long before exporting routes from routing table */, "ttl" ( /* TTL value for the single-hop peer */ ("1" | "255") ), "log-updown" /* Log a message for peer state transitions */, "damping" /* Enable route flap damping */, "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "nlri" ( /* NLRI type to include in updates */ ("unicast" | "multicast" | "any") ), "bgp-error-tolerance" ( /* Handle BGP malformed updates softly */ c( "malformed-update-log-interval" arg /* Time used when logging malformed update */, c( "malformed-route-limit" arg /* Maximum number of malformed routes from a peer */, "no-malformed-route-limit" /* No malformed route limit */ ) ) ), "family" ( /* Protocol family for NLRIs in updates */ c( "inet" ( /* IPv4 NLRI parameters */ c( "labeled-unicast" ( /* Include labeled unicast NLRI */ bgp_afi_labeled /* Include labeled unicast NLRI */ ), "segment-routing-te" ( /* Include segment-routing TE policy */ bgp_afi_srte /* Include segment-routing TE policy */ ), "transport" ( /* Include Classful Transport NLRI */ bgp_afi_inet_transport /* Include Classful Transport NLRI */ ), "unicast" ( /* Include unicast NLRI */ bgp_afi_topo /* Include unicast NLRI */ ), "multicast" ( /* Include multicast NLRI */ bgp_afi_default /* Include multicast NLRI */ ), "flow" ( /* Include flow NLRI */ bgp_afi_flow_with_redirect_ip_action /* Include flow NLRI */ ), "any" ( /* Include unicast or multicast NLRI */ bgp_afi_default /* Include unicast or multicast NLRI */ ) ) ), "inet-vpn" ( /* IPv4 Layer 3 VPN NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_l3vpn /* Include unicast NLRI */ ), "multicast" ( /* Include multicast NLRI */ bgp_afi_vpn /* Include multicast NLRI */ ), "flow" ( /* Include flow VPN NLRI */ bgp_afi_flow_with_redirect_ip_action /* Include flow VPN NLRI */ ), "any" ( /* Include unicast or multicast NLRI */ bgp_afi_vpn /* Include unicast or multicast NLRI */ ) ) ), "inet6" ( /* IPv6 NLRI parameters */ c( "labeled-unicast" ( /* Include labeled unicast NLRI */ bgp_afi_inet6_labeled /* Include labeled unicast NLRI */ ), "segment-routing-te" ( /* Include segment-routing TE policy */ bgp_afi_srte /* Include segment-routing TE policy */ ), "transport" ( /* Include Classful Transport NLRI */ bgp_afi_inet6_transport /* Include Classful Transport NLRI */ ), "unicast" ( /* Include unicast NLRI */ bgp_afi_topo /* Include unicast NLRI */ ), "multicast" ( /* Include multicast NLRI */ bgp_afi_default /* Include multicast NLRI */ ), "flow" ( /* Include flow NLRI */ bgp_afi_flow /* Include flow NLRI */ ), "any" ( /* Include unicast or multicast NLRI */ bgp_afi_default /* Include unicast or multicast NLRI */ ) ) ), "inet6-vpn" ( /* IPv6 Layer 3 VPN NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_l3vpn /* Include unicast NLRI */ ), "multicast" ( /* Include multicast NLRI */ bgp_afi_vpn /* Include multicast NLRI */ ), "flow" ( /* Include flow VPN NLRI */ bgp_afi_flow /* Include flow VPN NLRI */ ), "any" ( /* Include unicast or multicast NLRI */ bgp_afi_vpn /* Include unicast or multicast NLRI */ ) ) ), "iso-vpn" ( /* ISO Layer 3 VPN NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_vpn_protection /* Include unicast NLRI */ ) ) ), "l2vpn" ( /* MPLS-based Layer 2 VPN and VPLS NLRI parameters */ c( "auto-discovery-only" ( /* Include auto-discovery NLRI for LDP Layer 2 VPN and VPLS */ bgp_afi_default /* Include auto-discovery NLRI for LDP Layer 2 VPN and VPLS */ ), "auto-discovery-mspw" ( /* Include auto-discovery NLRI for LDP Signalled MultiSegment PW */ bgp_afi_default /* Include auto-discovery NLRI for LDP Signalled MultiSegment PW */ ), "signaling" ( /* Include Layer 2 VPN and VPLS signaling NLRI */ bgp_afi_l2vpn /* Include Layer 2 VPN and VPLS signaling NLRI */ ) ) ), "evpn" ( /* EVPN NLRI parameters */ c( "signaling" ( /* Include EVPN signaling NLRI */ bgp_afi_default /* Include EVPN signaling NLRI */ ) ) ), "inet-mvpn" ( /* IPv4 MVPN NLRI parameters */ c( "signaling" ( /* Include IPv4 multicast VPN signaling NLRI */ bgp_afi_default /* Include IPv4 multicast VPN signaling NLRI */ ) ) ), "inet6-mvpn" ( /* IPv6 MVPN NLRI parameters */ c( "signaling" ( /* Include IPv6 multicast VPN signaling NLRI */ bgp_afi_default /* Include IPv6 multicast VPN signaling NLRI */ ) ) ), "inet-mdt" ( /* IPv4 Multicast Distribution Tree (MDT) NLRI parameters */ c( "signaling" ( /* Include IPv4 multicast VPN auto-discovery NLRI */ bgp_afi_default /* Include IPv4 multicast VPN auto-discovery NLRI */ ) ) ), "traffic-engineering" ( /* Traffic Engineering (BGP-TE) NLRI parameters */ c( "unicast" ( /* Include BGP-TE NLRI */ bgp_afi_default /* Include BGP-TE NLRI */ ) ) ), "route-target" ( /* Route target NLRI used for VPN route filtering */ c( "prefix-limit" ( /* Limit maximum number of prefixes from a peer */ bgpaf_prefix_limit /* Limit maximum number of prefixes from a peer */ ), "accepted-prefix-limit" ( /* Limit maximum number of prefixes accepted from a peer */ bgpaf_accepted_prefix_limit /* Limit maximum number of prefixes accepted from a peer */ ), "proxy-generate" ( /* Generate route target NLRI for peers that don't support it */ c( "route-target-policy" ( /* Limit VPN routes that are used to generate proxy route-target filters */ policy_algebra /* Limit VPN routes that are used to generate proxy route-target filters */ ) ) ), "external-paths" arg /* Number of external paths accepted for route filtering */, "advertise-default" /* Advertise default and suppress more specific routes */, "damping" /* Enable route flap damping */, "graceful-restart" ( /* BGP graceful restart options */ bgp_af_gr /* BGP graceful restart options */ ), "local-ipv4-address" ( /* Local IPv4 address */ ipv4addr /* Local IPv4 address */ ), "output-queue-priority" ( /* Default output-queue to assign updates to */ bgp_output_queue_priority_class /* Default output-queue to assign updates to */ ), "route-refresh-priority" ( /* Default output-queue to assign route refreshes to */ bgp_output_queue_priority_class /* Default output-queue to assign route refreshes to */ ), "withdraw-priority" ( /* Default output-queue to assign withdrawn routes to */ bgp_output_queue_priority_class /* Default output-queue to assign withdrawn routes to */ ) ) ), "fabric" ( /* Fabric NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_default /* Include unicast NLRI */ ) ) ), "bridge" ( /* Bridge NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_default /* Include unicast NLRI */ ) ) ), "bridge-vpn" ( /* Bridge VPN NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_vpn /* Include unicast NLRI */ ) ) ), "fabric-vpn" ( /* Fabric VPN NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_vpn /* Include unicast NLRI */ ) ) ), "inet-bgpmcast" ( /* IPv4 BGPMCAST NLRI parameters */ c( "signaling" ( /* Include IPv4 BGP multicast signaling NLRI */ bgp_afi_default /* Include IPv4 BGP multicast signaling NLRI */ ) ) ), "inet6-bgpmcast" ( /* IPv6 BGPMCAST NLRI parameters */ c( "signaling" ( /* Include IPv6 BGP multicast signaling NLRI */ bgp_afi_default /* Include IPv6 BGP multicast signaling NLRI */ ) ) ) ) ), "authentication-key" arg /* MD5 authentication key */, "authentication-algorithm" ( /* Authentication algorithm name */ ("md5" | "hmac-sha-1-96" | "aes-128-cmac-96" | "ao") ), "tcpao-auth-mismatch" ( /* Continue without TCP-AO if any one TCP endpoint does not have TCP-AO configured */ ("allow-without-tcpao") ), "authentication-key-chain" arg /* Key chain name */, "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "remove-private" ( /* Remove well-known private AS numbers */ c( "all" ( /* Remove all private AS numbers and do not stop at the first public AS number */ sc( "replace" ( /* Replace private AS numbers with the BGP Group's local AS number */ sc( "nearest" /* Use closest public AS number to replace a private AS number */ ) ).as(:oneline) ) ).as(:oneline), "no-peer-loop-check" /* Remove peer loop-check */ ) ), "cluster" ( /* Cluster identifier */ areaid /* Cluster identifier */ ), "no-client-reflect" /* Disable intracluster route redistribution */, "peer-as" arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, "local-as" ( /* Local autonomous system number */ sc( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, "loops" arg /* Maximum number of times this AS can be in an AS path */, "private" /* Hide this local AS in paths learned from this peering */, "alias" /* Treat this AS as an alias to the system AS */, "no-prepend-global-as" /* Do not prepend global autonomous-system number in advertised paths */ ) ).as(:oneline), "ipsec-sa" arg /* IPSec SA name */, "graceful-shutdown" ( /* BGP peer graceful shutdown option */ c( "receiver" ( /* BGP peer graceful-shutdown receiver */ c( "disable" /* Disable graceful-shutdown receiver */, "local-preference" arg /* Value of receiver LOCAL_PREF path attribute */ ) ), "sender" ( /* BGP peer graceful-shutdown sender */ c( "local-preference" arg /* Value of sender LOCAL_PREF path attribute */ ) ) ) ), "shutdown" ( /* Shutdown */ c( "notify-message" arg /* Notification message */ ) ), "unconfigured-peer-graceful-restart" /* BGP unconfigured peer graceful restart options */, "graceful-restart" ( /* BGP graceful restart options */ c( ("disable"), "restart-time" arg /* Restart time used when negotiating with a peer */, "stale-routes-time" arg /* Maximum time for which stale routes are kept */, "long-lived" ( /* Long-lived graceful restart options */ c( "receiver" ( /* Long-lived graceful restart receiver (helper) options */ c( ("disable") ) ), "advertise-to-non-llgr-neighbor" ( /* Advertise stale routes to non-LLGR neighbors */ c( "omit-no-export" /* Do not attach no-export community to stale routes */ ) ) ) ), "disable-notification-extensions" /* Disable notification extensions */, "forwarding-state-bit" ( /* Control forwarding-state flag negotiation */ ("as-rr-client" | "from-fib") ), "dont-help-shared-fate-bfd-down" /* Honor BFD-Down(C=0) if GR-restart not in progress */ ) ), "include-mp-next-hop" /* Include NEXT-HOP attribute in multiprotocol updates */, "disable-4byte-as" /* Disable 4 byte AS capability advertisement */, "idle-after-switch-over" ( /* Stop peer session from coming up after nonstop-routing switch-over */ sc( c( "forever" /* Idle the peer until the user intervenes */, arg ) ) ).as(:oneline), "outbound-route-filter" ( /* Dynamically negotiated cooperative route filtering */ c( "bgp-orf-cisco-mode" /* Using BGP ORF capability code 130 and Prefix ORF type 128 */, "extended-community" ( /* Extended community filtering */ c( "accept" /* Honor remote requests for extended community ORF */, "no-accept" /* Don't honor remote requests for extended community ORF */, "vrf-filter" /* Request remote filtering using locally configured VRF import targets */ ) ), "prefix-based" ( /* Prefix-based outbound route filtering */ c( "accept" ( /* Honor Prefix-based ORFs from remote peers */ c( "inet" /* Honor IPv4 prefix filters */, "inet6" /* Honor IPv6 prefix filters */ ) ) ) ) ) ), "message-batching" ( /* DEPRECATED - Batching of outgoing messages */ c( ("enable" | "disable"), "interval" arg /* DEPRECATED - Interval over which to batch messages */ ) ), "multipath" ( /* Allow load sharing among multiple BGP paths */ c( "disable" /* Disable Multipath */, "multiple-as" /* Use paths received from different ASs */, "allow-protection" /* Allow protection for multipath legs */, "pause-computation-during-churn" /* Pause multipath job to absorb churn */, "list-nexthop" /* Use List-NH for homogenous nexthop-set also */ ) ), "tcp-mss" arg /* Maximum TCP segment size */, "bgp-identifier" ( /* BGP Identifier */ ipv4addr /* BGP Identifier */ ), "tcp-aggressive-transmission" /* Enable aggressive transmission of pure TCP ACKs and retransmissions */, "bmp" ( /* Specific settings to override the routing-options settings */ c( "monitor" ( /* Enable/Disable monitoring */ ("enable" | "disable") ), "route-monitoring" ( /* Control route monitoring settings */ c( "none" /* Do not send route monitoring messages */, "pre-policy" ( /* Send pre-policy route monitoring messages */ sc( "exclude-non-feasible" /* Exclude looped routes, etc */ ) ).as(:oneline), "post-policy" ( /* Send post-policy route monitoring messages */ sc( "exclude-non-eligible" /* Exclude unresolved routes, etc. */ ) ).as(:oneline), "rib-out" ( /* Send adj-ribs-out route monitoring messages */ sc( "pre-policy" /* Send pre-policy adj-ribs-out route monitoring messages */, "post-policy" /* Send post-policy adj-ribs-out route monitoring messages */ ) ).as(:oneline) ) ) ) ), "advertise-bgp-static" ( /* Advertise bgp-static routes */ c( "policy" ( /* Static route advertisement policy */ policy_algebra /* Static route advertisement policy */ ) ) ), "add-path-display-ipv4-address" /* Display add-path path-id in IPv4 address format */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "session-mode" ( /* BFD single-hop or multihop session-mode */ ("automatic" | "single-hop" | "multihop") ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */ ) ), "as-override" /* Replace neighbor AS number with our AS number */, "allow" ( /* Configure peer connections for specific networks */ ipprefix /* Configure peer connections for specific networks */ ), "dynamic-neighbor" arg ( /* Configure peer options for specific networks */ c( "allow" ( /* Configure peer connections for specific networks */ ipprefix /* Configure peer connections for specific networks */ ), "authentication-key" arg /* MD5 authentication key */, "authentication-algorithm" ( /* Authentication algorithm name */ ("md5" | "hmac-sha-1-96" | "aes-128-cmac-96" | "ao") ), "tcpao-auth-mismatch" ( /* Continue without TCP-AO if any one TCP endpoint does not have TCP-AO configured */ ("allow-without-tcpao") ), "authentication-key-chain" arg /* Key chain name */, "peer-auto-discovery" ( /* Configure auto-discovery options for BGP neighbors */ c( "family" ( /* Address family based neighbor auto-discovery parameters */ c( "inet6" ( c( c( "ipv6-nd" /* Use ipv6 neighbor discovery to learn neighbor address */ ) ) ) ) ), "interface" arg ) ) ) ), "optimal-route-reflection" ( /* Enable optimal route reflection for this client group */ c( "igp-primary" ( /* Primary node identifier for this client group */ ipv4addr /* Primary node identifier for this client group */ ), "igp-backup" ( /* Backup node identifier for this client group */ ipv4addr /* Backup node identifier for this client group */ ) ) ), "peer-as-list" arg /* Configure list of peer autonomous systems for unconfigured neighbors */, "mvpn-iana-rt-import" /* Use IANA assigned rt-import type value for MVPN */, "neighbor" arg ( /* Configure a neighbor */ c( "traceoptions" ( /* Trace options for BGP */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("damping" | "packets" | "open" | "update" | "keepalive" | "refresh" | "nsr-synchronization" | "bfd" | "4byte-as" | "add-path" | "graceful-restart" | "egress-te" | "thread-io" | "sharding" | "thread-update-io" | "route-validation" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */, "filter" ( /* Filter to apply to this flag */ bgp_filter_obj /* Filter to apply to this flag */ ) ) ).as(:oneline) ) ), "description" arg /* Text description */, "metric-out" ( /* Route metric sent in MED */ sc( c( arg, "minimum-igp" ( /* Track the minimum IGP metric */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "igp" ( /* Track the IGP metric */ sc( arg /* Metric offset for MED */, "delay-med-update" /* Delay updating MED when IGP metric increases */ ) ).as(:oneline), "effective-aigp" ( /* Track the effective AIGP metric */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "minimum-effective-aigp" ( /* Track the minimum effective AIGP metric */ sc( arg /* Metric offset for MED */ ) ).as(:oneline) ) ) ).as(:oneline), "multihop" ( /* Configure an EBGP multihop session */ c( "ttl" arg /* TTL value for the session */, "no-nexthop-change" /* Do not change next hop to self in advertisements */ ) ), "route-server-client" /* Enable route server client behavior */, "accept-remote-nexthop" /* Allow import policy to specify a non-directly connected next-hop */, "preference" arg /* Preference value */, "local-preference" arg /* Value of LOCAL_PREF path attribute */, "local-address" ( /* Address of local end of BGP session */ ipaddr /* Address of local end of BGP session */ ), "local-interface" ( /* Local interface for IPv6 link local EBGP peering */ interface_name /* Local interface for IPv6 link local EBGP peering */ ), "forwarding-context" arg /* Routing-instance used for data-forwarding and transport-session */, "hold-time" arg /* Hold time used when negotiating with a peer */, "minimum-hold-time" arg /* Minimum hold time accepted from the peer */, "passive" /* Do not send open messages to a peer */, "advertise-inactive" /* Advertise inactive routes */, "advertise-peer-as" /* Advertise routes received from the same autonomous system */, "no-advertise-peer-as" /* Don't advertise routes received from the same autonomous system */, "advertise-external" ( /* Advertise best external routes */ sc( "conditional" /* Route matches active route upto med-comparison rule */ ) ).as(:oneline), "keep" ( /* How to retain routes in the routing table */ ("all" | "none") ), "rfc6514-compliant-safi129" /* Compliant with RFC6514 SAFI129 format */, "no-aggregator-id" /* Set router ID in aggregator path attribute to 0 */, "mtu-discovery" /* Enable TCP path MTU discovery */, "enforce-first-as" /* Enforce first AS in AS-path is the neighbor's AS */, "out-delay" arg /* How long before exporting routes from routing table */, "ttl" ( /* TTL value for the single-hop peer */ ("1" | "255") ), "log-updown" /* Log a message for peer state transitions */, "damping" /* Enable route flap damping */, "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "nlri" ( /* NLRI type to include in updates */ ("unicast" | "multicast" | "any") ), "bgp-error-tolerance" ( /* Handle BGP malformed updates softly */ c( "malformed-update-log-interval" arg /* Time used when logging malformed update */, c( "malformed-route-limit" arg /* Maximum number of malformed routes from a peer */, "no-malformed-route-limit" /* No malformed route limit */ ) ) ), "family" ( /* Protocol family for NLRIs in updates */ c( "inet" ( /* IPv4 NLRI parameters */ c( "labeled-unicast" ( /* Include labeled unicast NLRI */ bgp_afi_labeled /* Include labeled unicast NLRI */ ), "segment-routing-te" ( /* Include segment-routing TE policy */ bgp_afi_srte /* Include segment-routing TE policy */ ), "transport" ( /* Include Classful Transport NLRI */ bgp_afi_inet_transport /* Include Classful Transport NLRI */ ), "unicast" ( /* Include unicast NLRI */ bgp_afi_topo /* Include unicast NLRI */ ), "multicast" ( /* Include multicast NLRI */ bgp_afi_default /* Include multicast NLRI */ ), "flow" ( /* Include flow NLRI */ bgp_afi_flow_with_redirect_ip_action /* Include flow NLRI */ ), "any" ( /* Include unicast or multicast NLRI */ bgp_afi_default /* Include unicast or multicast NLRI */ ) ) ), "inet-vpn" ( /* IPv4 Layer 3 VPN NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_l3vpn /* Include unicast NLRI */ ), "multicast" ( /* Include multicast NLRI */ bgp_afi_vpn /* Include multicast NLRI */ ), "flow" ( /* Include flow VPN NLRI */ bgp_afi_flow_with_redirect_ip_action /* Include flow VPN NLRI */ ), "any" ( /* Include unicast or multicast NLRI */ bgp_afi_vpn /* Include unicast or multicast NLRI */ ) ) ), "inet6" ( /* IPv6 NLRI parameters */ c( "labeled-unicast" ( /* Include labeled unicast NLRI */ bgp_afi_inet6_labeled /* Include labeled unicast NLRI */ ), "segment-routing-te" ( /* Include segment-routing TE policy */ bgp_afi_srte /* Include segment-routing TE policy */ ), "transport" ( /* Include Classful Transport NLRI */ bgp_afi_inet6_transport /* Include Classful Transport NLRI */ ), "unicast" ( /* Include unicast NLRI */ bgp_afi_topo /* Include unicast NLRI */ ), "multicast" ( /* Include multicast NLRI */ bgp_afi_default /* Include multicast NLRI */ ), "flow" ( /* Include flow NLRI */ bgp_afi_flow /* Include flow NLRI */ ), "any" ( /* Include unicast or multicast NLRI */ bgp_afi_default /* Include unicast or multicast NLRI */ ) ) ), "inet6-vpn" ( /* IPv6 Layer 3 VPN NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_l3vpn /* Include unicast NLRI */ ), "multicast" ( /* Include multicast NLRI */ bgp_afi_vpn /* Include multicast NLRI */ ), "flow" ( /* Include flow VPN NLRI */ bgp_afi_flow /* Include flow VPN NLRI */ ), "any" ( /* Include unicast or multicast NLRI */ bgp_afi_vpn /* Include unicast or multicast NLRI */ ) ) ), "iso-vpn" ( /* ISO Layer 3 VPN NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_vpn_protection /* Include unicast NLRI */ ) ) ), "l2vpn" ( /* MPLS-based Layer 2 VPN and VPLS NLRI parameters */ c( "auto-discovery-only" ( /* Include auto-discovery NLRI for LDP Layer 2 VPN and VPLS */ bgp_afi_default /* Include auto-discovery NLRI for LDP Layer 2 VPN and VPLS */ ), "auto-discovery-mspw" ( /* Include auto-discovery NLRI for LDP Signalled MultiSegment PW */ bgp_afi_default /* Include auto-discovery NLRI for LDP Signalled MultiSegment PW */ ), "signaling" ( /* Include Layer 2 VPN and VPLS signaling NLRI */ bgp_afi_l2vpn /* Include Layer 2 VPN and VPLS signaling NLRI */ ) ) ), "evpn" ( /* EVPN NLRI parameters */ c( "signaling" ( /* Include EVPN signaling NLRI */ bgp_afi_default /* Include EVPN signaling NLRI */ ) ) ), "inet-mvpn" ( /* IPv4 MVPN NLRI parameters */ c( "signaling" ( /* Include IPv4 multicast VPN signaling NLRI */ bgp_afi_default /* Include IPv4 multicast VPN signaling NLRI */ ) ) ), "inet6-mvpn" ( /* IPv6 MVPN NLRI parameters */ c( "signaling" ( /* Include IPv6 multicast VPN signaling NLRI */ bgp_afi_default /* Include IPv6 multicast VPN signaling NLRI */ ) ) ), "inet-mdt" ( /* IPv4 Multicast Distribution Tree (MDT) NLRI parameters */ c( "signaling" ( /* Include IPv4 multicast VPN auto-discovery NLRI */ bgp_afi_default /* Include IPv4 multicast VPN auto-discovery NLRI */ ) ) ), "traffic-engineering" ( /* Traffic Engineering (BGP-TE) NLRI parameters */ c( "unicast" ( /* Include BGP-TE NLRI */ bgp_afi_default /* Include BGP-TE NLRI */ ) ) ), "route-target" ( /* Route target NLRI used for VPN route filtering */ c( "prefix-limit" ( /* Limit maximum number of prefixes from a peer */ bgpaf_prefix_limit /* Limit maximum number of prefixes from a peer */ ), "accepted-prefix-limit" ( /* Limit maximum number of prefixes accepted from a peer */ bgpaf_accepted_prefix_limit /* Limit maximum number of prefixes accepted from a peer */ ), "proxy-generate" ( /* Generate route target NLRI for peers that don't support it */ c( "route-target-policy" ( /* Limit VPN routes that are used to generate proxy route-target filters */ policy_algebra /* Limit VPN routes that are used to generate proxy route-target filters */ ) ) ), "external-paths" arg /* Number of external paths accepted for route filtering */, "advertise-default" /* Advertise default and suppress more specific routes */, "damping" /* Enable route flap damping */, "graceful-restart" ( /* BGP graceful restart options */ bgp_af_gr /* BGP graceful restart options */ ), "local-ipv4-address" ( /* Local IPv4 address */ ipv4addr /* Local IPv4 address */ ), "output-queue-priority" ( /* Default output-queue to assign updates to */ bgp_output_queue_priority_class /* Default output-queue to assign updates to */ ), "route-refresh-priority" ( /* Default output-queue to assign route refreshes to */ bgp_output_queue_priority_class /* Default output-queue to assign route refreshes to */ ), "withdraw-priority" ( /* Default output-queue to assign withdrawn routes to */ bgp_output_queue_priority_class /* Default output-queue to assign withdrawn routes to */ ) ) ), "fabric" ( /* Fabric NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_default /* Include unicast NLRI */ ) ) ), "bridge" ( /* Bridge NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_default /* Include unicast NLRI */ ) ) ), "bridge-vpn" ( /* Bridge VPN NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_vpn /* Include unicast NLRI */ ) ) ), "fabric-vpn" ( /* Fabric VPN NLRI parameters */ c( "unicast" ( /* Include unicast NLRI */ bgp_afi_vpn /* Include unicast NLRI */ ) ) ), "inet-bgpmcast" ( /* IPv4 BGPMCAST NLRI parameters */ c( "signaling" ( /* Include IPv4 BGP multicast signaling NLRI */ bgp_afi_default /* Include IPv4 BGP multicast signaling NLRI */ ) ) ), "inet6-bgpmcast" ( /* IPv6 BGPMCAST NLRI parameters */ c( "signaling" ( /* Include IPv6 BGP multicast signaling NLRI */ bgp_afi_default /* Include IPv6 BGP multicast signaling NLRI */ ) ) ) ) ), "authentication-key" arg /* MD5 authentication key */, "authentication-algorithm" ( /* Authentication algorithm name */ ("md5" | "hmac-sha-1-96" | "aes-128-cmac-96" | "ao") ), "tcpao-auth-mismatch" ( /* Continue without TCP-AO if any one TCP endpoint does not have TCP-AO configured */ ("allow-without-tcpao") ), "authentication-key-chain" arg /* Key chain name */, "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "remove-private" ( /* Remove well-known private AS numbers */ c( "all" ( /* Remove all private AS numbers and do not stop at the first public AS number */ sc( "replace" ( /* Replace private AS numbers with the BGP Group's local AS number */ sc( "nearest" /* Use closest public AS number to replace a private AS number */ ) ).as(:oneline) ) ).as(:oneline), "no-peer-loop-check" /* Remove peer loop-check */ ) ), "cluster" ( /* Cluster identifier */ areaid /* Cluster identifier */ ), "no-client-reflect" /* Disable intracluster route redistribution */, "peer-as" arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, "local-as" ( /* Local autonomous system number */ sc( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, "loops" arg /* Maximum number of times this AS can be in an AS path */, "private" /* Hide this local AS in paths learned from this peering */, "alias" /* Treat this AS as an alias to the system AS */, "no-prepend-global-as" /* Do not prepend global autonomous-system number in advertised paths */ ) ).as(:oneline), "ipsec-sa" arg /* IPSec SA name */, "graceful-shutdown" ( /* BGP peer graceful shutdown option */ c( "receiver" ( /* BGP peer graceful-shutdown receiver */ c( "disable" /* Disable graceful-shutdown receiver */, "local-preference" arg /* Value of receiver LOCAL_PREF path attribute */ ) ), "sender" ( /* BGP peer graceful-shutdown sender */ c( "local-preference" arg /* Value of sender LOCAL_PREF path attribute */ ) ) ) ), "shutdown" ( /* Shutdown */ c( "notify-message" arg /* Notification message */ ) ), "unconfigured-peer-graceful-restart" /* BGP unconfigured peer graceful restart options */, "graceful-restart" ( /* BGP graceful restart options */ c( ("disable"), "restart-time" arg /* Restart time used when negotiating with a peer */, "stale-routes-time" arg /* Maximum time for which stale routes are kept */, "long-lived" ( /* Long-lived graceful restart options */ c( "receiver" ( /* Long-lived graceful restart receiver (helper) options */ c( ("disable") ) ), "advertise-to-non-llgr-neighbor" ( /* Advertise stale routes to non-LLGR neighbors */ c( "omit-no-export" /* Do not attach no-export community to stale routes */ ) ) ) ), "disable-notification-extensions" /* Disable notification extensions */, "forwarding-state-bit" ( /* Control forwarding-state flag negotiation */ ("as-rr-client" | "from-fib") ), "dont-help-shared-fate-bfd-down" /* Honor BFD-Down(C=0) if GR-restart not in progress */ ) ), "include-mp-next-hop" /* Include NEXT-HOP attribute in multiprotocol updates */, "disable-4byte-as" /* Disable 4 byte AS capability advertisement */, "idle-after-switch-over" ( /* Stop peer session from coming up after nonstop-routing switch-over */ sc( c( "forever" /* Idle the peer until the user intervenes */, arg ) ) ).as(:oneline), "outbound-route-filter" ( /* Dynamically negotiated cooperative route filtering */ c( "bgp-orf-cisco-mode" /* Using BGP ORF capability code 130 and Prefix ORF type 128 */, "extended-community" ( /* Extended community filtering */ c( "accept" /* Honor remote requests for extended community ORF */, "no-accept" /* Don't honor remote requests for extended community ORF */, "vrf-filter" /* Request remote filtering using locally configured VRF import targets */ ) ), "prefix-based" ( /* Prefix-based outbound route filtering */ c( "accept" ( /* Honor Prefix-based ORFs from remote peers */ c( "inet" /* Honor IPv4 prefix filters */, "inet6" /* Honor IPv6 prefix filters */ ) ) ) ) ) ), "message-batching" ( /* DEPRECATED - Batching of outgoing messages */ c( ("enable" | "disable"), "interval" arg /* DEPRECATED - Interval over which to batch messages */ ) ), "multipath" ( /* Allow load sharing among multiple BGP paths */ c( "disable" /* Disable Multipath */, "multiple-as" /* Use paths received from different ASs */, "allow-protection" /* Allow protection for multipath legs */, "pause-computation-during-churn" /* Pause multipath job to absorb churn */, "list-nexthop" /* Use List-NH for homogenous nexthop-set also */ ) ), "tcp-mss" arg /* Maximum TCP segment size */, "bgp-identifier" ( /* BGP Identifier */ ipv4addr /* BGP Identifier */ ), "tcp-aggressive-transmission" /* Enable aggressive transmission of pure TCP ACKs and retransmissions */, "bmp" ( /* Specific settings to override the routing-options settings */ c( "monitor" ( /* Enable/Disable monitoring */ ("enable" | "disable") ), "route-monitoring" ( /* Control route monitoring settings */ c( "none" /* Do not send route monitoring messages */, "pre-policy" ( /* Send pre-policy route monitoring messages */ sc( "exclude-non-feasible" /* Exclude looped routes, etc */ ) ).as(:oneline), "post-policy" ( /* Send post-policy route monitoring messages */ sc( "exclude-non-eligible" /* Exclude unresolved routes, etc. */ ) ).as(:oneline), "rib-out" ( /* Send adj-ribs-out route monitoring messages */ sc( "pre-policy" /* Send pre-policy adj-ribs-out route monitoring messages */, "post-policy" /* Send post-policy adj-ribs-out route monitoring messages */ ) ).as(:oneline) ) ) ) ), "advertise-bgp-static" ( /* Advertise bgp-static routes */ c( "policy" ( /* Static route advertisement policy */ policy_algebra /* Static route advertisement policy */ ) ) ), "add-path-display-ipv4-address" /* Display add-path path-id in IPv4 address format */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "session-mode" ( /* BFD single-hop or multihop session-mode */ ("automatic" | "single-hop" | "multihop") ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */ ) ), "as-override" /* Replace neighbor AS number with our AS number */, "egress-te-node-segment" ( /* Configure BGP-Peer-Node segment */ c( "label" ( /* BGP-Peer-Node SID label from static label pool */ c( arg ) ), "egress-te-set" ( /* Configure as a member of a SET segment */ c( arg /* Set name */, "weight" arg /* Weight for set segment */ ) ), "egress-te-backup-segment" ( /* Backup segment for FRR */ c( "label" ( /* Backup segment label from static label pool */ c( arg ) ) ) ), "egress-te-backup-ip-forward" ( /* Use IP-forward backup path for Egress TE */ c( arg /* Routing-instance to use as IP forward backup-path */ ) ) ) ), "egress-te-adj-segment" arg ( /* Configure BGP-Peer-Adj segment */ c( "label" ( /* BGP-Peer-Adj SID label from static label pool */ c( arg ) ), "next-hop" ( /* Address of directly connected next-hop to use */ c( ipaddr /* Address of directly connected next-hop */ ) ), "egress-te-set" ( /* Configure as a member of a SET segment */ c( arg /* Set name */, "weight" arg /* Weight for set segment */ ) ), "egress-te-backup-segment" ( /* Backup segment for FRR */ c( "label" ( /* Backup segment label from static label pool */ c( arg ) ) ) ), "egress-te-backup-ip-forward" ( /* Use IP-forward backup path for Egress TE */ c( arg /* Routing-instance to use as IP forward backup-path */ ) ), "te-link-attribute" ( /* Link attribute */ c( "te-metric" arg /* TE Metric value */, "igp-metric" arg /* IGP Metric value */, "admin-group" arg /* Administrative groups */ ) ) ) ), "vpn-apply-export" /* Apply BGP export policy when exporting VPN routes */, "egress-te" ( /* Use Egress Peering traffic engineering */ c( "install-address" ( /* Address to use in egress-te created inet route */ ipaddr /* Address to use in egress-te created inet route */ ), "rib" ( /* Select primary table for Egress-TE routes */ c( "inet.0" /* Install Egress-TE routes in inet.0 */, "inet6.0" /* Install Egress-TE routes in inet6.0 */ ) ), "no-install" /* Avoid installation to FIB or resolving over */, "import" ( /* Import policy to set attributes */ policy_algebra /* Import policy to set attributes */ ), "backup-path" arg /* The 'egress-te-backup-paths template' to use for this peer */ ) ), "advertise-prefix-sid" /* Advertise prefix sid to E-BGP peers */, "accept-prefix-sid" /* Accept prefix sid from E-BGP peers */, "advertise-srgb" /* Advertise SRGB TLV */, "tcp-connect-port" arg /* TCP port number to connect with peer on */ ) ), "vpn-apply-export" /* Apply BGP export policy when exporting VPN routes */, "egress-te" ( /* Use Egress Peering traffic engineering */ c( "install-address" ( /* Address to use in egress-te created inet route */ ipaddr /* Address to use in egress-te created inet route */ ), "rib" ( /* Select primary table for Egress-TE routes */ c( "inet.0" /* Install Egress-TE routes in inet.0 */, "inet6.0" /* Install Egress-TE routes in inet6.0 */ ) ), "no-install" /* Avoid installation to FIB or resolving over */, "import" ( /* Import policy to set attributes */ policy_algebra /* Import policy to set attributes */ ), "backup-path" arg /* The 'egress-te-backup-paths template' to use for this peer */ ) ), "advertise-prefix-sid" /* Advertise prefix sid to E-BGP peers */, "accept-prefix-sid" /* Accept prefix sid from E-BGP peers */, "advertise-srgb" /* Advertise SRGB TLV */, "tcp-connect-port" arg /* TCP port number to connect with peer on */ ) ), "traffic-statistics-labeled-path" ( /* Collect periodic ingress labeled statistics for BGP label-switched paths */ c( "file" ( /* Statistics file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "interval" arg /* Time interval to collect statistics */ ) ), "source-packet-routing" ( /* Enable Source Packet Routing (SPRING) */ c( "srgb" ( /* Set the SRGB global block in SPRING */ sc( "start-label" arg /* Start range for SRGB label block */, "index-range" arg /* Index to the SRGB start label block */ ) ).as(:oneline), "srv6" ( /* Enable IPv6 Segment Routing (SRv6) */ c( "locator" arg ( /* SRv6 Locator */ c( "end-dt4-sid" ( /* End dt4 sid with 128 bit address */ ipv6addr /* End dt4 sid with 128 bit address */ ), "end-dt6-sid" ( /* End dt6 sid with 128 bit address */ ipv6addr /* End dt6 sid with 128 bit address */ ) ) ) ) ) ) ), ("disable"), "precision-timers" /* Use precision timers for scheduling keepalives */, "no-precision-timers" /* Don't use precision timers for scheduling keepalives */, "snmp-options" ( /* Customize SNMP behaviors specifically for BGP MIBs */ c( "backward-traps-only-from-established" /* Limit traps for backward transitions to only those moving from Established state. */, "emit-inet-address-length-in-oid" /* Emit Length in OID for InetAddress MIB type. */ ) ), "route-age-bgp-view" /* Maintain BGP route's age based on Update messages only */, "prioritize-route-queueing" /* Let route-queue building happen without getting throttled */, "traceoptions" ( /* Trace options for BGP */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("damping" | "packets" | "open" | "update" | "keepalive" | "refresh" | "nsr-synchronization" | "bfd" | "4byte-as" | "add-path" | "graceful-restart" | "egress-te" | "thread-io" | "sharding" | "thread-update-io" | "route-validation" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */, "filter" ( /* Filter to apply to this flag */ bgp_filter_obj /* Filter to apply to this flag */ ) ) ).as(:oneline) ) ), "description" arg /* Text description */, "metric-out" ( /* Route metric sent in MED */ sc( c( arg, "minimum-igp" ( /* Track the minimum IGP metric */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "igp" ( /* Track the IGP metric */ sc( arg /* Metric offset for MED */, "delay-med-update" /* Delay updating MED when IGP metric increases */ ) ).as(:oneline), "effective-aigp" ( /* Track the effective AIGP metric */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "minimum-effective-aigp" ( /* Track the minimum effective AIGP metric */ sc( arg /* Metric offset for MED */ ) ).as(:oneline) ) ) ).as(:oneline), "multihop" ( /* Configure an EBGP multihop session */ c( "ttl" arg /* TTL value for the session */, "no-nexthop-change" /* Do not change next hop to self in advertisements */ ) ), "route-server-client" /* Enable route server client behavior */, "accept-remote-nexthop" /* Allow import policy to specify a non-directly connected next-hop */, "preference" arg /* Preference value */, "local-preference" arg /* Value of LOCAL_PREF path attribute */, "local-address" ( /* Address of local end of BGP session */ ipaddr /* Address of local end of BGP session */ ), "local-interface" ( /* Local interface for IPv6 link local EBGP peering */ interface_name /* Local interface for IPv6 link local EBGP peering */ ), "forwarding-context" arg /* Routing-instance used for data-forwarding and transport-session */, "hold-time" arg /* Hold time used when negotiating with a peer */, "minimum-hold-time" arg /* Minimum hold time accepted from the peer */, "passive" /* Do not send open messages to a peer */, "advertise-inactive" /* Advertise inactive routes */, "advertise-peer-as" /* Advertise routes received from the same autonomous system */, "no-advertise-peer-as" /* Don't advertise routes received from the same autonomous system */, "advertise-external" ( /* Advertise best external routes */ sc( "conditional" /* Route matches active route upto med-comparison rule */ ) ).as(:oneline), "keep" ( /* How to retain routes in the routing table */ ("all" | "none") ), "rfc6514-compliant-safi129" /* Compliant with RFC6514 SAFI129 format */, "no-aggregator-id" /* Set router ID in aggregator path attribute to 0 */, "mtu-discovery" /* Enable TCP path MTU discovery */, "enforce-first-as" /* Enforce first AS in AS-path is the neighbor's AS */, "out-delay" arg /* How long before exporting routes from routing table */, "ttl" ( /* TTL value for the single-hop peer */ ("1" | "255") ), "log-updown" /* Log a message for peer state transitions */, "damping" /* Enable route flap damping */, "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "nlri" ( /* NLRI type to include in updates */ ("unicast" | "multicast" | "any") ), "bgp-error-tolerance" ( /* Handle BGP malformed updates softly */ c( "malformed-update-log-interval" arg /* Time used when logging malformed update */, c( "malformed-route-limit" arg /* Maximum number of malformed routes from a peer */, "no-malformed-route-limit" /* No malformed route limit */ ) ) ), "authentication-key" arg /* MD5 authentication key */, "authentication-algorithm" ( /* Authentication algorithm name */ ("md5" | "hmac-sha-1-96" | "aes-128-cmac-96" | "ao") ), "tcpao-auth-mismatch" ( /* Continue without TCP-AO if any one TCP endpoint does not have TCP-AO configured */ ("allow-without-tcpao") ), "authentication-key-chain" arg /* Key chain name */, "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "remove-private" ( /* Remove well-known private AS numbers */ c( "all" ( /* Remove all private AS numbers and do not stop at the first public AS number */ sc( "replace" ( /* Replace private AS numbers with the BGP Group's local AS number */ sc( "nearest" /* Use closest public AS number to replace a private AS number */ ) ).as(:oneline) ) ).as(:oneline), "no-peer-loop-check" /* Remove peer loop-check */ ) ), "cluster" ( /* Cluster identifier */ areaid /* Cluster identifier */ ), "no-client-reflect" /* Disable intracluster route redistribution */, "peer-as" arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, "local-as" ( /* Local autonomous system number */ sc( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, "loops" arg /* Maximum number of times this AS can be in an AS path */, "private" /* Hide this local AS in paths learned from this peering */, "alias" /* Treat this AS as an alias to the system AS */, "no-prepend-global-as" /* Do not prepend global autonomous-system number in advertised paths */ ) ).as(:oneline), "ipsec-sa" arg /* IPSec SA name */, "graceful-shutdown" ( /* BGP peer graceful shutdown option */ c( "receiver" ( /* BGP peer graceful-shutdown receiver */ c( "disable" /* Disable graceful-shutdown receiver */, "local-preference" arg /* Value of receiver LOCAL_PREF path attribute */ ) ), "sender" ( /* BGP peer graceful-shutdown sender */ c( "local-preference" arg /* Value of sender LOCAL_PREF path attribute */ ) ) ) ), "shutdown" ( /* Shutdown */ c( "notify-message" arg /* Notification message */ ) ), "unconfigured-peer-graceful-restart" /* BGP unconfigured peer graceful restart options */, "graceful-restart" ( /* BGP graceful restart options */ c( ("disable"), "restart-time" arg /* Restart time used when negotiating with a peer */, "stale-routes-time" arg /* Maximum time for which stale routes are kept */, "long-lived" ( /* Long-lived graceful restart options */ c( "receiver" ( /* Long-lived graceful restart receiver (helper) options */ c( ("disable") ) ), "advertise-to-non-llgr-neighbor" ( /* Advertise stale routes to non-LLGR neighbors */ c( "omit-no-export" /* Do not attach no-export community to stale routes */ ) ) ) ), "disable-notification-extensions" /* Disable notification extensions */, "forwarding-state-bit" ( /* Control forwarding-state flag negotiation */ ("as-rr-client" | "from-fib") ), "dont-help-shared-fate-bfd-down" /* Honor BFD-Down(C=0) if GR-restart not in progress */ ) ), "include-mp-next-hop" /* Include NEXT-HOP attribute in multiprotocol updates */, "disable-4byte-as" /* Disable 4 byte AS capability advertisement */, "idle-after-switch-over" ( /* Stop peer session from coming up after nonstop-routing switch-over */ sc( c( "forever" /* Idle the peer until the user intervenes */, arg ) ) ).as(:oneline), "outbound-route-filter" ( /* Dynamically negotiated cooperative route filtering */ c( "bgp-orf-cisco-mode" /* Using BGP ORF capability code 130 and Prefix ORF type 128 */, "extended-community" ( /* Extended community filtering */ c( "accept" /* Honor remote requests for extended community ORF */, "no-accept" /* Don't honor remote requests for extended community ORF */, "vrf-filter" /* Request remote filtering using locally configured VRF import targets */ ) ), "prefix-based" ( /* Prefix-based outbound route filtering */ c( "accept" ( /* Honor Prefix-based ORFs from remote peers */ c( "inet" /* Honor IPv4 prefix filters */, "inet6" /* Honor IPv6 prefix filters */ ) ) ) ) ) ), "message-batching" ( /* DEPRECATED - Batching of outgoing messages */ c( ("enable" | "disable"), "interval" arg /* DEPRECATED - Interval over which to batch messages */ ) ), "multipath" ( /* Allow load sharing among multiple BGP paths */ c( "disable" /* Disable Multipath */, "multiple-as" /* Use paths received from different ASs */, "allow-protection" /* Allow protection for multipath legs */, "pause-computation-during-churn" /* Pause multipath job to absorb churn */, "list-nexthop" /* Use List-NH for homogenous nexthop-set also */ ) ), "tcp-mss" arg /* Maximum TCP segment size */, "bgp-identifier" ( /* BGP Identifier */ ipv4addr /* BGP Identifier */ ), "tcp-aggressive-transmission" /* Enable aggressive transmission of pure TCP ACKs and retransmissions */, "bmp" ( /* Specific settings to override the routing-options settings */ c( "monitor" ( /* Enable/Disable monitoring */ ("enable" | "disable") ), "route-monitoring" ( /* Control route monitoring settings */ c( "none" /* Do not send route monitoring messages */, "pre-policy" ( /* Send pre-policy route monitoring messages */ sc( "exclude-non-feasible" /* Exclude looped routes, etc */ ) ).as(:oneline), "post-policy" ( /* Send post-policy route monitoring messages */ sc( "exclude-non-eligible" /* Exclude unresolved routes, etc. */ ) ).as(:oneline), "rib-out" ( /* Send adj-ribs-out route monitoring messages */ sc( "pre-policy" /* Send pre-policy adj-ribs-out route monitoring messages */, "post-policy" /* Send post-policy adj-ribs-out route monitoring messages */ ) ).as(:oneline) ) ) ) ), "advertise-bgp-static" ( /* Advertise bgp-static routes */ c( "policy" ( /* Static route advertisement policy */ policy_algebra /* Static route advertisement policy */ ) ) ), "add-path-display-ipv4-address" /* Display add-path path-id in IPv4 address format */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "session-mode" ( /* BFD single-hop or multihop session-mode */ ("automatic" | "single-hop" | "multihop") ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */ ) ), "output-queue-priority" ( /* BGP output queue priority scheduler for updates */ c( "expedited" ( /* Expedited queue; highest priority */ sc( "update-tokens" arg /* Number of tokens */ ) ).as(:oneline), "priority" arg ( /* Output queue priority 1..16; higher is better */ sc( "update-tokens" arg /* Number of tokens */ ) ).as(:oneline), "defaults" ( /* Map policy's priority class and BGP output-queue */ c( "low" ( /* Assign the 'low' priority class to this output-queue */ bgp_output_queue_priority_class /* Assign the 'low' priority class to this output-queue */ ), "medium" ( /* Assign the 'medium' priority class to this output-queue */ bgp_output_queue_priority_class /* Assign the 'medium' priority class to this output-queue */ ), "high" ( /* Assign the 'high' priority class to this output-queue */ bgp_output_queue_priority_class /* Assign the 'high' priority class to this output-queue */ ) ) ) ) ), "multipath-build-priority" ( /* Configure the multipath build priority */ c( c( "low" /* Do multipath build with low priority */, "medium" /* Do multipath build with medium priority */ ) ) ), "send-addpath-optimization" /* Enable BGP addpath advertisement optimization */, "drop-path-attributes" arg, "minimum-hold-time" arg, "defaults" ( c( "ebgp" ( /* Options impacting external BGP default behaviors */ c( "no-policy" ( /* Default ebgp behaviors in the absence of configured policy */ c( "receive" ( /* Default ebgp receive behavior */ ("accept" | "reject" | "reject-always") ), "advertise" ( /* Default ebgp advertise behavior */ ("accept" | "reject" | "reject-always") ) ) ) ) ) ) ) ) end rule(:bgp_af_gr) do c( "long-lived" ( /* Long-lived graceful restart options */ c( "restarter" ( /* Long-lived graceful restart restarter options */ c( ("disable"), "stale-time" arg /* Stale time in seconds or dhms notation (1..16777215) */ ) ) ) ), "forwarding-state-bit" ( /* Control forwarding-state flag negotiation */ ("set" | "from-fib") ) ) end rule(:bgp_afi_default) do c( "prefix-limit" ( /* Limit maximum number of prefixes from a peer */ bgpaf_prefix_limit /* Limit maximum number of prefixes from a peer */ ), "accepted-prefix-limit" ( /* Limit maximum number of prefixes accepted from a peer */ bgpaf_accepted_prefix_limit /* Limit maximum number of prefixes accepted from a peer */ ), "rib-group" ( /* Routing table group */ rib_group_inet_type /* Routing table group */ ), "add-path" ( /* Advertise multiple paths to peer */ apath_options /* Advertise multiple paths to peer */ ), "aigp" ( /* Allow sending and receiving of AIGP attribute */ bgpaf_aigp_options /* Allow sending and receiving of AIGP attribute */ ), "damping" /* Enable route flap damping */, "local-ipv4-address" ( /* Local IPv4 address */ ipv4addr /* Local IPv4 address */ ), "loops" ( /* Allow local AS in received AS paths */ bgpaf_loops /* Allow local AS in received AS paths */ ).as(:oneline), "delay-route-advertisements" ( /* Delay route updates for this family until FIB-sync */ c( "always-wait-for-krt-drain" /* Wait for KRT-queue drain for more-specific prefixes */, "minimum-delay" ( /* Minumum-delay to ensure KRT sees the route flash */ c( "routing-uptime" arg /* Min delay(sec) advertisement after RPD start */, "inbound-convergence" arg /* Min delay(sec) advertisement after source-peer sent all routes */ ) ), "maximum-delay" ( /* Maximum delay deferring routes */ c( "route-age" arg /* Max delay(sec) advertisement route age */, "routing-uptime" arg /* Max delay(sec) advertisement after RPD start */ ) ) ) ), "nexthop-resolution" ( /* Configure nexthop resolution properties */ c( "no-resolution" /* Consider nexthop good without resolution attempt */, "preserve-nexthop-hierarchy" /* Attempt preserving resolved nexthop chain in forwarding */ ) ), "defer-initial-multipath-build" ( /* Defer initial multipath build until EOR is received */ c( "maximum-delay" arg /* Max delay(sec) multipath build after peer is up */ ) ), "graceful-restart" ( /* BGP graceful restart options */ bgp_af_gr /* BGP graceful restart options */ ), "extended-nexthop" /* Extended nexthop encoding */, "extended-nexthop-color" /* Resolve using extended color nexthop */, "extended-nexthop-tunnel" /* Use BGP tunnel attribute */, "no-install" /* Dont install received routes in forwarding */, "route-age-bgp-view" /* Maintain BGP route's age based on Update messages only */, "output-queue-priority" ( /* Default output-queue to assign updates to */ bgp_output_queue_priority_class /* Default output-queue to assign updates to */ ), "route-refresh-priority" ( /* Default output-queue to assign route refreshes to */ bgp_output_queue_priority_class /* Default output-queue to assign route refreshes to */ ), "withdraw-priority" ( /* Default output-queue to assign withdrawn routes to */ bgp_output_queue_priority_class /* Default output-queue to assign withdrawn routes to */ ), "advertise-srv6-service" /* Advertise SRv6 service */, "accept-srv6-service" /* Accept SRv6 service */ ) end rule(:apath_options) do c( "receive" /* Receive multiple paths from peer */, "send" ( /* Send multiple paths to peer */ c( "path-selection-mode" ( /* Configure how to select add-path routes */ c( c( "all-paths" /* Advertise all paths allowed by path count */, "equal-cost-paths" /* Advertise equal cost paths */ ) ) ), "prefix-policy" ( /* Perform add-path only for prefixes that match policy */ policy_algebra /* Perform add-path only for prefixes that match policy */ ), "path-count" arg /* Number of paths to advertise */, "include-backup-path" arg /* Number of backup paths to advertise */, "multipath" /* Include only multipath contributor routes */ ) ) ) end rule(:bgp_afi_flow) do c( "prefix-limit" ( /* Limit maximum number of prefixes from a peer */ bgpaf_prefix_limit /* Limit maximum number of prefixes from a peer */ ), "accepted-prefix-limit" ( /* Limit maximum number of prefixes accepted from a peer */ bgpaf_accepted_prefix_limit /* Limit maximum number of prefixes accepted from a peer */ ), "rib-group" ( /* Routing table group */ rib_group_inet_type /* Routing table group */ ), "add-path" ( /* Advertise multiple paths to peer */ apath_options /* Advertise multiple paths to peer */ ), "aigp" ( /* Allow sending and receiving of AIGP attribute */ bgpaf_aigp_options /* Allow sending and receiving of AIGP attribute */ ), "damping" /* Enable route flap damping */, "local-ipv4-address" ( /* Local IPv4 address */ ipv4addr /* Local IPv4 address */ ), "loops" ( /* Allow local AS in received AS paths */ bgpaf_loops /* Allow local AS in received AS paths */ ).as(:oneline), "delay-route-advertisements" ( /* Delay route updates for this family until FIB-sync */ c( "always-wait-for-krt-drain" /* Wait for KRT-queue drain for more-specific prefixes */, "minimum-delay" ( /* Minumum-delay to ensure KRT sees the route flash */ c( "routing-uptime" arg /* Min delay(sec) advertisement after RPD start */, "inbound-convergence" arg /* Min delay(sec) advertisement after source-peer sent all routes */ ) ), "maximum-delay" ( /* Maximum delay deferring routes */ c( "route-age" arg /* Max delay(sec) advertisement route age */, "routing-uptime" arg /* Max delay(sec) advertisement after RPD start */ ) ) ) ), "nexthop-resolution" ( /* Configure nexthop resolution properties */ c( "no-resolution" /* Consider nexthop good without resolution attempt */, "preserve-nexthop-hierarchy" /* Attempt preserving resolved nexthop chain in forwarding */ ) ), "defer-initial-multipath-build" ( /* Defer initial multipath build until EOR is received */ c( "maximum-delay" arg /* Max delay(sec) multipath build after peer is up */ ) ), "graceful-restart" ( /* BGP graceful restart options */ bgp_af_gr /* BGP graceful restart options */ ), "extended-nexthop" /* Extended nexthop encoding */, "extended-nexthop-color" /* Resolve using extended color nexthop */, "extended-nexthop-tunnel" /* Use BGP tunnel attribute */, "no-install" /* Dont install received routes in forwarding */, "route-age-bgp-view" /* Maintain BGP route's age based on Update messages only */, "output-queue-priority" ( /* Default output-queue to assign updates to */ bgp_output_queue_priority_class /* Default output-queue to assign updates to */ ), "route-refresh-priority" ( /* Default output-queue to assign route refreshes to */ bgp_output_queue_priority_class /* Default output-queue to assign route refreshes to */ ), "withdraw-priority" ( /* Default output-queue to assign withdrawn routes to */ bgp_output_queue_priority_class /* Default output-queue to assign withdrawn routes to */ ), "advertise-srv6-service" /* Advertise SRv6 service */, "accept-srv6-service" /* Accept SRv6 service */, "no-validate" ( /* Bypass validation procedure for routes that match policy */ policy_algebra /* Bypass validation procedure for routes that match policy */ ), "strip-nexthop" /* Strip the next-hop from the outgoing flow update */, "allow-policy-add-nexthop" /* Allow policy to add nexthop to a route without nexthop */ ) end rule(:bgp_afi_flow_with_redirect_ip_action) do c( "prefix-limit" ( /* Limit maximum number of prefixes from a peer */ bgpaf_prefix_limit /* Limit maximum number of prefixes from a peer */ ), "accepted-prefix-limit" ( /* Limit maximum number of prefixes accepted from a peer */ bgpaf_accepted_prefix_limit /* Limit maximum number of prefixes accepted from a peer */ ), "rib-group" ( /* Routing table group */ rib_group_inet_type /* Routing table group */ ), "add-path" ( /* Advertise multiple paths to peer */ apath_options /* Advertise multiple paths to peer */ ), "aigp" ( /* Allow sending and receiving of AIGP attribute */ bgpaf_aigp_options /* Allow sending and receiving of AIGP attribute */ ), "damping" /* Enable route flap damping */, "local-ipv4-address" ( /* Local IPv4 address */ ipv4addr /* Local IPv4 address */ ), "loops" ( /* Allow local AS in received AS paths */ bgpaf_loops /* Allow local AS in received AS paths */ ).as(:oneline), "delay-route-advertisements" ( /* Delay route updates for this family until FIB-sync */ c( "always-wait-for-krt-drain" /* Wait for KRT-queue drain for more-specific prefixes */, "minimum-delay" ( /* Minumum-delay to ensure KRT sees the route flash */ c( "routing-uptime" arg /* Min delay(sec) advertisement after RPD start */, "inbound-convergence" arg /* Min delay(sec) advertisement after source-peer sent all routes */ ) ), "maximum-delay" ( /* Maximum delay deferring routes */ c( "route-age" arg /* Max delay(sec) advertisement route age */, "routing-uptime" arg /* Max delay(sec) advertisement after RPD start */ ) ) ) ), "nexthop-resolution" ( /* Configure nexthop resolution properties */ c( "no-resolution" /* Consider nexthop good without resolution attempt */, "preserve-nexthop-hierarchy" /* Attempt preserving resolved nexthop chain in forwarding */ ) ), "defer-initial-multipath-build" ( /* Defer initial multipath build until EOR is received */ c( "maximum-delay" arg /* Max delay(sec) multipath build after peer is up */ ) ), "graceful-restart" ( /* BGP graceful restart options */ bgp_af_gr /* BGP graceful restart options */ ), "extended-nexthop" /* Extended nexthop encoding */, "extended-nexthop-color" /* Resolve using extended color nexthop */, "extended-nexthop-tunnel" /* Use BGP tunnel attribute */, "no-install" /* Dont install received routes in forwarding */, "route-age-bgp-view" /* Maintain BGP route's age based on Update messages only */, "output-queue-priority" ( /* Default output-queue to assign updates to */ bgp_output_queue_priority_class /* Default output-queue to assign updates to */ ), "route-refresh-priority" ( /* Default output-queue to assign route refreshes to */ bgp_output_queue_priority_class /* Default output-queue to assign route refreshes to */ ), "withdraw-priority" ( /* Default output-queue to assign withdrawn routes to */ bgp_output_queue_priority_class /* Default output-queue to assign withdrawn routes to */ ), "advertise-srv6-service" /* Advertise SRv6 service */, "accept-srv6-service" /* Accept SRv6 service */, "no-validate" ( /* Bypass validation procedure for routes that match policy */ policy_algebra /* Bypass validation procedure for routes that match policy */ ), "strip-nexthop" /* Strip the next-hop from the outgoing flow update */, "legacy-redirect-ip-action" ( /* Configure legacy redirect to IP support */ c( "receive" /* Accept legacy encoded redirect-to-ip action attribute */, "send" /* Advertise Redirect action as legacy redirect attribute */ ) ), "secondary-independent-resolution" /* Resolve FLOW routes in VRF table independent of VPN FLOW route */ ) end rule(:bgp_afi_inet_transport) do c( "prefix-limit" ( /* Limit maximum number of prefixes from a peer */ bgpaf_prefix_limit /* Limit maximum number of prefixes from a peer */ ), "accepted-prefix-limit" ( /* Limit maximum number of prefixes accepted from a peer */ bgpaf_accepted_prefix_limit /* Limit maximum number of prefixes accepted from a peer */ ), "rib-group" ( /* Routing table group */ rib_group_inet_type /* Routing table group */ ), "add-path" ( /* Advertise multiple paths to peer */ apath_options /* Advertise multiple paths to peer */ ), "aigp" ( /* Allow sending and receiving of AIGP attribute */ bgpaf_aigp_options /* Allow sending and receiving of AIGP attribute */ ), "damping" /* Enable route flap damping */, "local-ipv4-address" ( /* Local IPv4 address */ ipv4addr /* Local IPv4 address */ ), "loops" ( /* Allow local AS in received AS paths */ bgpaf_loops /* Allow local AS in received AS paths */ ).as(:oneline), "delay-route-advertisements" ( /* Delay route updates for this family until FIB-sync */ c( "always-wait-for-krt-drain" /* Wait for KRT-queue drain for more-specific prefixes */, "minimum-delay" ( /* Minumum-delay to ensure KRT sees the route flash */ c( "routing-uptime" arg /* Min delay(sec) advertisement after RPD start */, "inbound-convergence" arg /* Min delay(sec) advertisement after source-peer sent all routes */ ) ), "maximum-delay" ( /* Maximum delay deferring routes */ c( "route-age" arg /* Max delay(sec) advertisement route age */, "routing-uptime" arg /* Max delay(sec) advertisement after RPD start */ ) ) ) ), "nexthop-resolution" ( /* Configure nexthop resolution properties */ c( "no-resolution" /* Consider nexthop good without resolution attempt */, "preserve-nexthop-hierarchy" /* Attempt preserving resolved nexthop chain in forwarding */ ) ), "defer-initial-multipath-build" ( /* Defer initial multipath build until EOR is received */ c( "maximum-delay" arg /* Max delay(sec) multipath build after peer is up */ ) ), "graceful-restart" ( /* BGP graceful restart options */ bgp_af_gr /* BGP graceful restart options */ ), "extended-nexthop" /* Extended nexthop encoding */, "extended-nexthop-color" /* Resolve using extended color nexthop */, "extended-nexthop-tunnel" /* Use BGP tunnel attribute */, "no-install" /* Dont install received routes in forwarding */, "route-age-bgp-view" /* Maintain BGP route's age based on Update messages only */, "output-queue-priority" ( /* Default output-queue to assign updates to */ bgp_output_queue_priority_class /* Default output-queue to assign updates to */ ), "route-refresh-priority" ( /* Default output-queue to assign route refreshes to */ bgp_output_queue_priority_class /* Default output-queue to assign route refreshes to */ ), "withdraw-priority" ( /* Default output-queue to assign withdrawn routes to */ bgp_output_queue_priority_class /* Default output-queue to assign withdrawn routes to */ ), "advertise-srv6-service" /* Advertise SRv6 service */, "accept-srv6-service" /* Accept SRv6 service */, "aggregate-label" ( /* Aggregate labels of incoming routes with the same FEC */ c( "community" arg /* Community to identify the FEC of incoming routes */ ) ), "per-prefix-label" /* Allocate a unique label to each advertised prefix */, "per-group-label" /* Advertise prefixes with unique labels per group */, "traffic-statistics" ( /* Collect statistics for BGP label-switched paths */ bgpaf_traffic_statistics /* Collect statistics for BGP label-switched paths */ ), "protection" /* Compute backup path for active nexthop failure */.as(:oneline) ) end rule(:bgp_afi_inet6_labeled) do c( "prefix-limit" ( /* Limit maximum number of prefixes from a peer */ bgpaf_prefix_limit /* Limit maximum number of prefixes from a peer */ ), "accepted-prefix-limit" ( /* Limit maximum number of prefixes accepted from a peer */ bgpaf_accepted_prefix_limit /* Limit maximum number of prefixes accepted from a peer */ ), "rib-group" ( /* Routing table group */ rib_group_inet_type /* Routing table group */ ), "add-path" ( /* Advertise multiple paths to peer */ apath_options /* Advertise multiple paths to peer */ ), "aigp" ( /* Allow sending and receiving of AIGP attribute */ bgpaf_aigp_options /* Allow sending and receiving of AIGP attribute */ ), "damping" /* Enable route flap damping */, "local-ipv4-address" ( /* Local IPv4 address */ ipv4addr /* Local IPv4 address */ ), "loops" ( /* Allow local AS in received AS paths */ bgpaf_loops /* Allow local AS in received AS paths */ ).as(:oneline), "delay-route-advertisements" ( /* Delay route updates for this family until FIB-sync */ c( "always-wait-for-krt-drain" /* Wait for KRT-queue drain for more-specific prefixes */, "minimum-delay" ( /* Minumum-delay to ensure KRT sees the route flash */ c( "routing-uptime" arg /* Min delay(sec) advertisement after RPD start */, "inbound-convergence" arg /* Min delay(sec) advertisement after source-peer sent all routes */ ) ), "maximum-delay" ( /* Maximum delay deferring routes */ c( "route-age" arg /* Max delay(sec) advertisement route age */, "routing-uptime" arg /* Max delay(sec) advertisement after RPD start */ ) ) ) ), "nexthop-resolution" ( /* Configure nexthop resolution properties */ c( "no-resolution" /* Consider nexthop good without resolution attempt */, "preserve-nexthop-hierarchy" /* Attempt preserving resolved nexthop chain in forwarding */ ) ), "defer-initial-multipath-build" ( /* Defer initial multipath build until EOR is received */ c( "maximum-delay" arg /* Max delay(sec) multipath build after peer is up */ ) ), "graceful-restart" ( /* BGP graceful restart options */ bgp_af_gr /* BGP graceful restart options */ ), "extended-nexthop" /* Extended nexthop encoding */, "extended-nexthop-color" /* Resolve using extended color nexthop */, "extended-nexthop-tunnel" /* Use BGP tunnel attribute */, "no-install" /* Dont install received routes in forwarding */, "route-age-bgp-view" /* Maintain BGP route's age based on Update messages only */, "output-queue-priority" ( /* Default output-queue to assign updates to */ bgp_output_queue_priority_class /* Default output-queue to assign updates to */ ), "route-refresh-priority" ( /* Default output-queue to assign route refreshes to */ bgp_output_queue_priority_class /* Default output-queue to assign route refreshes to */ ), "withdraw-priority" ( /* Default output-queue to assign withdrawn routes to */ bgp_output_queue_priority_class /* Default output-queue to assign withdrawn routes to */ ), "advertise-srv6-service" /* Advertise SRv6 service */, "accept-srv6-service" /* Accept SRv6 service */, "aggregate-label" ( /* Aggregate labels of incoming routes with the same FEC */ c( "community" arg /* Community to identify the FEC of incoming routes */ ) ), "per-group-label" /* Advertise prefixes with unique labels per group */, "traffic-statistics" ( /* Collect statistics for BGP label-switched paths */ bgpaf_traffic_statistics /* Collect statistics for BGP label-switched paths */ ), "rib" ( /* Select table used by labeled unicast routes */ c( "inet6.3" /* Use inet6.3 to exchange labeled unicast routes */ ) ), "explicit-null" ( /* Advertise explicit null */ sc( "connected-only" /* Advertise explicit null only for connected routes */ ) ).as(:oneline), "protection" /* Compute backup path for active nexthop failure */.as(:oneline), "topology" arg ( /* Multi topology routing tables */ c( "community" arg /* Community to identify multi topology routes */ ) ) ) end rule(:bgp_afi_inet6_transport) do c( "prefix-limit" ( /* Limit maximum number of prefixes from a peer */ bgpaf_prefix_limit /* Limit maximum number of prefixes from a peer */ ), "accepted-prefix-limit" ( /* Limit maximum number of prefixes accepted from a peer */ bgpaf_accepted_prefix_limit /* Limit maximum number of prefixes accepted from a peer */ ), "rib-group" ( /* Routing table group */ rib_group_inet_type /* Routing table group */ ), "add-path" ( /* Advertise multiple paths to peer */ apath_options /* Advertise multiple paths to peer */ ), "aigp" ( /* Allow sending and receiving of AIGP attribute */ bgpaf_aigp_options /* Allow sending and receiving of AIGP attribute */ ), "damping" /* Enable route flap damping */, "local-ipv4-address" ( /* Local IPv4 address */ ipv4addr /* Local IPv4 address */ ), "loops" ( /* Allow local AS in received AS paths */ bgpaf_loops /* Allow local AS in received AS paths */ ).as(:oneline), "delay-route-advertisements" ( /* Delay route updates for this family until FIB-sync */ c( "always-wait-for-krt-drain" /* Wait for KRT-queue drain for more-specific prefixes */, "minimum-delay" ( /* Minumum-delay to ensure KRT sees the route flash */ c( "routing-uptime" arg /* Min delay(sec) advertisement after RPD start */, "inbound-convergence" arg /* Min delay(sec) advertisement after source-peer sent all routes */ ) ), "maximum-delay" ( /* Maximum delay deferring routes */ c( "route-age" arg /* Max delay(sec) advertisement route age */, "routing-uptime" arg /* Max delay(sec) advertisement after RPD start */ ) ) ) ), "nexthop-resolution" ( /* Configure nexthop resolution properties */ c( "no-resolution" /* Consider nexthop good without resolution attempt */, "preserve-nexthop-hierarchy" /* Attempt preserving resolved nexthop chain in forwarding */ ) ), "defer-initial-multipath-build" ( /* Defer initial multipath build until EOR is received */ c( "maximum-delay" arg /* Max delay(sec) multipath build after peer is up */ ) ), "graceful-restart" ( /* BGP graceful restart options */ bgp_af_gr /* BGP graceful restart options */ ), "extended-nexthop" /* Extended nexthop encoding */, "extended-nexthop-color" /* Resolve using extended color nexthop */, "extended-nexthop-tunnel" /* Use BGP tunnel attribute */, "no-install" /* Dont install received routes in forwarding */, "route-age-bgp-view" /* Maintain BGP route's age based on Update messages only */, "output-queue-priority" ( /* Default output-queue to assign updates to */ bgp_output_queue_priority_class /* Default output-queue to assign updates to */ ), "route-refresh-priority" ( /* Default output-queue to assign route refreshes to */ bgp_output_queue_priority_class /* Default output-queue to assign route refreshes to */ ), "withdraw-priority" ( /* Default output-queue to assign withdrawn routes to */ bgp_output_queue_priority_class /* Default output-queue to assign withdrawn routes to */ ), "advertise-srv6-service" /* Advertise SRv6 service */, "accept-srv6-service" /* Accept SRv6 service */, "aggregate-label" ( /* Aggregate labels of incoming routes with the same FEC */ c( "community" arg /* Community to identify the FEC of incoming routes */ ) ), "per-prefix-label" /* Allocate a unique label to each advertised prefix */, "per-group-label" /* Advertise prefixes with unique labels per group */, "traffic-statistics" ( /* Collect statistics for BGP label-switched paths */ bgpaf_traffic_statistics /* Collect statistics for BGP label-switched paths */ ), "lu-export" /* Install Classful Transport routes in inet6.3 */, "protection" /* Compute backup path for active nexthop failure */.as(:oneline) ) end rule(:bgp_afi_l2vpn) do c( "prefix-limit" ( /* Limit maximum number of prefixes from a peer */ bgpaf_prefix_limit /* Limit maximum number of prefixes from a peer */ ), "accepted-prefix-limit" ( /* Limit maximum number of prefixes accepted from a peer */ bgpaf_accepted_prefix_limit /* Limit maximum number of prefixes accepted from a peer */ ), "rib-group" ( /* Routing table group */ rib_group_inet_type /* Routing table group */ ), "add-path" ( /* Advertise multiple paths to peer */ apath_options /* Advertise multiple paths to peer */ ), "aigp" ( /* Allow sending and receiving of AIGP attribute */ bgpaf_aigp_options /* Allow sending and receiving of AIGP attribute */ ), "damping" /* Enable route flap damping */, "local-ipv4-address" ( /* Local IPv4 address */ ipv4addr /* Local IPv4 address */ ), "loops" ( /* Allow local AS in received AS paths */ bgpaf_loops /* Allow local AS in received AS paths */ ).as(:oneline), "delay-route-advertisements" ( /* Delay route updates for this family until FIB-sync */ c( "always-wait-for-krt-drain" /* Wait for KRT-queue drain for more-specific prefixes */, "minimum-delay" ( /* Minumum-delay to ensure KRT sees the route flash */ c( "routing-uptime" arg /* Min delay(sec) advertisement after RPD start */, "inbound-convergence" arg /* Min delay(sec) advertisement after source-peer sent all routes */ ) ), "maximum-delay" ( /* Maximum delay deferring routes */ c( "route-age" arg /* Max delay(sec) advertisement route age */, "routing-uptime" arg /* Max delay(sec) advertisement after RPD start */ ) ) ) ), "nexthop-resolution" ( /* Configure nexthop resolution properties */ c( "no-resolution" /* Consider nexthop good without resolution attempt */, "preserve-nexthop-hierarchy" /* Attempt preserving resolved nexthop chain in forwarding */ ) ), "defer-initial-multipath-build" ( /* Defer initial multipath build until EOR is received */ c( "maximum-delay" arg /* Max delay(sec) multipath build after peer is up */ ) ), "graceful-restart" ( /* BGP graceful restart options */ bgp_af_gr /* BGP graceful restart options */ ), "extended-nexthop" /* Extended nexthop encoding */, "extended-nexthop-color" /* Resolve using extended color nexthop */, "extended-nexthop-tunnel" /* Use BGP tunnel attribute */, "no-install" /* Dont install received routes in forwarding */, "route-age-bgp-view" /* Maintain BGP route's age based on Update messages only */, "output-queue-priority" ( /* Default output-queue to assign updates to */ bgp_output_queue_priority_class /* Default output-queue to assign updates to */ ), "route-refresh-priority" ( /* Default output-queue to assign route refreshes to */ bgp_output_queue_priority_class /* Default output-queue to assign route refreshes to */ ), "withdraw-priority" ( /* Default output-queue to assign withdrawn routes to */ bgp_output_queue_priority_class /* Default output-queue to assign withdrawn routes to */ ), "advertise-srv6-service" /* Advertise SRv6 service */, "accept-srv6-service" /* Accept SRv6 service */, "egress-protection" ( /* Egress router protection */ c( "context-identifier" ( /* Context identifier */ c( ipv4addr /* IP address */ ) ), "keep-import" ( /* Import policy */ policy_algebra /* Import policy */ ) ) ) ) end rule(:bgp_afi_l3vpn) do c( "prefix-limit" ( /* Limit maximum number of prefixes from a peer */ bgpaf_prefix_limit /* Limit maximum number of prefixes from a peer */ ), "accepted-prefix-limit" ( /* Limit maximum number of prefixes accepted from a peer */ bgpaf_accepted_prefix_limit /* Limit maximum number of prefixes accepted from a peer */ ), "rib-group" ( /* Routing table group */ rib_group_inet_type /* Routing table group */ ), "add-path" ( /* Advertise multiple paths to peer */ apath_options /* Advertise multiple paths to peer */ ), "aigp" ( /* Allow sending and receiving of AIGP attribute */ bgpaf_aigp_options /* Allow sending and receiving of AIGP attribute */ ), "damping" /* Enable route flap damping */, "local-ipv4-address" ( /* Local IPv4 address */ ipv4addr /* Local IPv4 address */ ), "loops" ( /* Allow local AS in received AS paths */ bgpaf_loops /* Allow local AS in received AS paths */ ).as(:oneline), "delay-route-advertisements" ( /* Delay route updates for this family until FIB-sync */ c( "always-wait-for-krt-drain" /* Wait for KRT-queue drain for more-specific prefixes */, "minimum-delay" ( /* Minumum-delay to ensure KRT sees the route flash */ c( "routing-uptime" arg /* Min delay(sec) advertisement after RPD start */, "inbound-convergence" arg /* Min delay(sec) advertisement after source-peer sent all routes */ ) ), "maximum-delay" ( /* Maximum delay deferring routes */ c( "route-age" arg /* Max delay(sec) advertisement route age */, "routing-uptime" arg /* Max delay(sec) advertisement after RPD start */ ) ) ) ), "nexthop-resolution" ( /* Configure nexthop resolution properties */ c( "no-resolution" /* Consider nexthop good without resolution attempt */, "preserve-nexthop-hierarchy" /* Attempt preserving resolved nexthop chain in forwarding */ ) ), "defer-initial-multipath-build" ( /* Defer initial multipath build until EOR is received */ c( "maximum-delay" arg /* Max delay(sec) multipath build after peer is up */ ) ), "graceful-restart" ( /* BGP graceful restart options */ bgp_af_gr /* BGP graceful restart options */ ), "extended-nexthop" /* Extended nexthop encoding */, "extended-nexthop-color" /* Resolve using extended color nexthop */, "extended-nexthop-tunnel" /* Use BGP tunnel attribute */, "no-install" /* Dont install received routes in forwarding */, "route-age-bgp-view" /* Maintain BGP route's age based on Update messages only */, "output-queue-priority" ( /* Default output-queue to assign updates to */ bgp_output_queue_priority_class /* Default output-queue to assign updates to */ ), "route-refresh-priority" ( /* Default output-queue to assign route refreshes to */ bgp_output_queue_priority_class /* Default output-queue to assign route refreshes to */ ), "withdraw-priority" ( /* Default output-queue to assign withdrawn routes to */ bgp_output_queue_priority_class /* Default output-queue to assign withdrawn routes to */ ), "advertise-srv6-service" /* Advertise SRv6 service */, "accept-srv6-service" /* Accept SRv6 service */, "aggregate-label" ( /* Aggregate labels of incoming routes with the same FEC */ c( "community" arg /* Community to identify the FEC of incoming routes */ ) ), "egress-protection" ( /* Egress router protection */ c( "context-identifier" ( /* Context identifier */ c( ipv4addr /* IP address */ ) ), "keep-import" ( /* Import policy */ policy_algebra /* Import policy */ ) ) ), "accept-local-nexthop" /* Enable processing of routes with own nexthop */ ) end rule(:bgp_afi_labeled) do c( "prefix-limit" ( /* Limit maximum number of prefixes from a peer */ bgpaf_prefix_limit /* Limit maximum number of prefixes from a peer */ ), "accepted-prefix-limit" ( /* Limit maximum number of prefixes accepted from a peer */ bgpaf_accepted_prefix_limit /* Limit maximum number of prefixes accepted from a peer */ ), "rib-group" ( /* Routing table group */ rib_group_inet_type /* Routing table group */ ), "add-path" ( /* Advertise multiple paths to peer */ apath_options /* Advertise multiple paths to peer */ ), "aigp" ( /* Allow sending and receiving of AIGP attribute */ bgpaf_aigp_options /* Allow sending and receiving of AIGP attribute */ ), "damping" /* Enable route flap damping */, "local-ipv4-address" ( /* Local IPv4 address */ ipv4addr /* Local IPv4 address */ ), "loops" ( /* Allow local AS in received AS paths */ bgpaf_loops /* Allow local AS in received AS paths */ ).as(:oneline), "delay-route-advertisements" ( /* Delay route updates for this family until FIB-sync */ c( "always-wait-for-krt-drain" /* Wait for KRT-queue drain for more-specific prefixes */, "minimum-delay" ( /* Minumum-delay to ensure KRT sees the route flash */ c( "routing-uptime" arg /* Min delay(sec) advertisement after RPD start */, "inbound-convergence" arg /* Min delay(sec) advertisement after source-peer sent all routes */ ) ), "maximum-delay" ( /* Maximum delay deferring routes */ c( "route-age" arg /* Max delay(sec) advertisement route age */, "routing-uptime" arg /* Max delay(sec) advertisement after RPD start */ ) ) ) ), "nexthop-resolution" ( /* Configure nexthop resolution properties */ c( "no-resolution" /* Consider nexthop good without resolution attempt */, "preserve-nexthop-hierarchy" /* Attempt preserving resolved nexthop chain in forwarding */ ) ), "defer-initial-multipath-build" ( /* Defer initial multipath build until EOR is received */ c( "maximum-delay" arg /* Max delay(sec) multipath build after peer is up */ ) ), "graceful-restart" ( /* BGP graceful restart options */ bgp_af_gr /* BGP graceful restart options */ ), "extended-nexthop" /* Extended nexthop encoding */, "extended-nexthop-color" /* Resolve using extended color nexthop */, "extended-nexthop-tunnel" /* Use BGP tunnel attribute */, "no-install" /* Dont install received routes in forwarding */, "route-age-bgp-view" /* Maintain BGP route's age based on Update messages only */, "output-queue-priority" ( /* Default output-queue to assign updates to */ bgp_output_queue_priority_class /* Default output-queue to assign updates to */ ), "route-refresh-priority" ( /* Default output-queue to assign route refreshes to */ bgp_output_queue_priority_class /* Default output-queue to assign route refreshes to */ ), "withdraw-priority" ( /* Default output-queue to assign withdrawn routes to */ bgp_output_queue_priority_class /* Default output-queue to assign withdrawn routes to */ ), "advertise-srv6-service" /* Advertise SRv6 service */, "accept-srv6-service" /* Accept SRv6 service */, "aggregate-label" ( /* Aggregate labels of incoming routes with the same FEC */ c( "community" arg /* Community to identify the FEC of incoming routes */ ) ), "per-prefix-label" /* Allocate a unique label to each advertised prefix */, "per-group-label" /* Advertise prefixes with unique labels per group */, "traffic-statistics" ( /* Collect statistics for BGP label-switched paths */ bgpaf_traffic_statistics /* Collect statistics for BGP label-switched paths */ ), "topology" arg ( /* Multi topology routing tables */ c( "community" arg /* Community to identify multi topology routes */ ) ), "rib" ( /* Select table used by labeled unicast routes */ rib_inet3 /* Select table used by labeled unicast routes */ ), "explicit-null" ( /* Advertise explicit null */ sc( "connected-only" /* Advertise explicit null only for connected routes */ ) ).as(:oneline), "protection" /* Compute backup path for active nexthop failure */, "egress-protection" ( /* Egress router protection */ c( "context-identifier" ( /* Context identifier */ c( ipv4addr /* IP address */ ) ), "keep-import" ( /* Import policy */ policy_algebra /* Import policy */ ) ) ), "resolve-vpn" /* Install received NLRI in inet.3 also */, "entropy-label" ( /* Use entropy label for entropy label capable BGP LSPs */ c( "import" ( /* Policy to select BGP LSPs to use entropy label */ policy_algebra /* Policy to select BGP LSPs to use entropy label */ ), "no-next-hop-validation" /* Don't validate next hop field against route next hop */ ) ) ) end rule(:bgp_afi_srte) do c( "prefix-limit" ( /* Limit maximum number of prefixes from a peer */ bgpaf_prefix_limit /* Limit maximum number of prefixes from a peer */ ), "accepted-prefix-limit" ( /* Limit maximum number of prefixes accepted from a peer */ bgpaf_accepted_prefix_limit /* Limit maximum number of prefixes accepted from a peer */ ), "damping" /* Enable route flap damping */, "loops" ( /* Allow local AS in received AS paths */ bgpaf_loops /* Allow local AS in received AS paths */ ).as(:oneline), "graceful-restart" ( /* BGP graceful restart options */ bgp_af_gr /* BGP graceful restart options */ ), "no-install" /* Dont install received routes in forwarding */, "output-queue-priority" ( /* Default output-queue to assign updates to */ bgp_output_queue_priority_class /* Default output-queue to assign updates to */ ), "route-refresh-priority" ( /* Default output-queue to assign route refreshes to */ bgp_output_queue_priority_class /* Default output-queue to assign route refreshes to */ ), "withdraw-priority" ( /* Default output-queue to assign withdrawn routes to */ bgp_output_queue_priority_class /* Default output-queue to assign withdrawn routes to */ ) ) end rule(:bgp_afi_topo) do c( "prefix-limit" ( /* Limit maximum number of prefixes from a peer */ bgpaf_prefix_limit /* Limit maximum number of prefixes from a peer */ ), "accepted-prefix-limit" ( /* Limit maximum number of prefixes accepted from a peer */ bgpaf_accepted_prefix_limit /* Limit maximum number of prefixes accepted from a peer */ ), "rib-group" ( /* Routing table group */ rib_group_inet_type /* Routing table group */ ), "add-path" ( /* Advertise multiple paths to peer */ apath_options /* Advertise multiple paths to peer */ ), "aigp" ( /* Allow sending and receiving of AIGP attribute */ bgpaf_aigp_options /* Allow sending and receiving of AIGP attribute */ ), "damping" /* Enable route flap damping */, "local-ipv4-address" ( /* Local IPv4 address */ ipv4addr /* Local IPv4 address */ ), "loops" ( /* Allow local AS in received AS paths */ bgpaf_loops /* Allow local AS in received AS paths */ ).as(:oneline), "delay-route-advertisements" ( /* Delay route updates for this family until FIB-sync */ c( "always-wait-for-krt-drain" /* Wait for KRT-queue drain for more-specific prefixes */, "minimum-delay" ( /* Minumum-delay to ensure KRT sees the route flash */ c( "routing-uptime" arg /* Min delay(sec) advertisement after RPD start */, "inbound-convergence" arg /* Min delay(sec) advertisement after source-peer sent all routes */ ) ), "maximum-delay" ( /* Maximum delay deferring routes */ c( "route-age" arg /* Max delay(sec) advertisement route age */, "routing-uptime" arg /* Max delay(sec) advertisement after RPD start */ ) ) ) ), "nexthop-resolution" ( /* Configure nexthop resolution properties */ c( "no-resolution" /* Consider nexthop good without resolution attempt */, "preserve-nexthop-hierarchy" /* Attempt preserving resolved nexthop chain in forwarding */ ) ), "defer-initial-multipath-build" ( /* Defer initial multipath build until EOR is received */ c( "maximum-delay" arg /* Max delay(sec) multipath build after peer is up */ ) ), "graceful-restart" ( /* BGP graceful restart options */ bgp_af_gr /* BGP graceful restart options */ ), "extended-nexthop" /* Extended nexthop encoding */, "extended-nexthop-color" /* Resolve using extended color nexthop */, "extended-nexthop-tunnel" /* Use BGP tunnel attribute */, "no-install" /* Dont install received routes in forwarding */, "route-age-bgp-view" /* Maintain BGP route's age based on Update messages only */, "output-queue-priority" ( /* Default output-queue to assign updates to */ bgp_output_queue_priority_class /* Default output-queue to assign updates to */ ), "route-refresh-priority" ( /* Default output-queue to assign route refreshes to */ bgp_output_queue_priority_class /* Default output-queue to assign route refreshes to */ ), "withdraw-priority" ( /* Default output-queue to assign withdrawn routes to */ bgp_output_queue_priority_class /* Default output-queue to assign withdrawn routes to */ ), "advertise-srv6-service" /* Advertise SRv6 service */, "accept-srv6-service" /* Accept SRv6 service */, "protection" /* Compute backup path for active nexthop failure */.as(:oneline), "topology" arg ( /* Multi topology routing tables */ c( "community" arg /* Community to identify multi topology routes */ ) ) ) end rule(:bgp_afi_vpn) do c( "prefix-limit" ( /* Limit maximum number of prefixes from a peer */ bgpaf_prefix_limit /* Limit maximum number of prefixes from a peer */ ), "accepted-prefix-limit" ( /* Limit maximum number of prefixes accepted from a peer */ bgpaf_accepted_prefix_limit /* Limit maximum number of prefixes accepted from a peer */ ), "rib-group" ( /* Routing table group */ rib_group_inet_type /* Routing table group */ ), "add-path" ( /* Advertise multiple paths to peer */ apath_options /* Advertise multiple paths to peer */ ), "aigp" ( /* Allow sending and receiving of AIGP attribute */ bgpaf_aigp_options /* Allow sending and receiving of AIGP attribute */ ), "damping" /* Enable route flap damping */, "local-ipv4-address" ( /* Local IPv4 address */ ipv4addr /* Local IPv4 address */ ), "loops" ( /* Allow local AS in received AS paths */ bgpaf_loops /* Allow local AS in received AS paths */ ).as(:oneline), "delay-route-advertisements" ( /* Delay route updates for this family until FIB-sync */ c( "always-wait-for-krt-drain" /* Wait for KRT-queue drain for more-specific prefixes */, "minimum-delay" ( /* Minumum-delay to ensure KRT sees the route flash */ c( "routing-uptime" arg /* Min delay(sec) advertisement after RPD start */, "inbound-convergence" arg /* Min delay(sec) advertisement after source-peer sent all routes */ ) ), "maximum-delay" ( /* Maximum delay deferring routes */ c( "route-age" arg /* Max delay(sec) advertisement route age */, "routing-uptime" arg /* Max delay(sec) advertisement after RPD start */ ) ) ) ), "nexthop-resolution" ( /* Configure nexthop resolution properties */ c( "no-resolution" /* Consider nexthop good without resolution attempt */, "preserve-nexthop-hierarchy" /* Attempt preserving resolved nexthop chain in forwarding */ ) ), "defer-initial-multipath-build" ( /* Defer initial multipath build until EOR is received */ c( "maximum-delay" arg /* Max delay(sec) multipath build after peer is up */ ) ), "graceful-restart" ( /* BGP graceful restart options */ bgp_af_gr /* BGP graceful restart options */ ), "extended-nexthop" /* Extended nexthop encoding */, "extended-nexthop-color" /* Resolve using extended color nexthop */, "extended-nexthop-tunnel" /* Use BGP tunnel attribute */, "no-install" /* Dont install received routes in forwarding */, "route-age-bgp-view" /* Maintain BGP route's age based on Update messages only */, "output-queue-priority" ( /* Default output-queue to assign updates to */ bgp_output_queue_priority_class /* Default output-queue to assign updates to */ ), "route-refresh-priority" ( /* Default output-queue to assign route refreshes to */ bgp_output_queue_priority_class /* Default output-queue to assign route refreshes to */ ), "withdraw-priority" ( /* Default output-queue to assign withdrawn routes to */ bgp_output_queue_priority_class /* Default output-queue to assign withdrawn routes to */ ), "advertise-srv6-service" /* Advertise SRv6 service */, "accept-srv6-service" /* Accept SRv6 service */, "aggregate-label" ( /* Aggregate labels of incoming routes with the same FEC */ c( "community" arg /* Community to identify the FEC of incoming routes */ ) ) ) end rule(:bgp_afi_vpn_protection) do c( "prefix-limit" ( /* Limit maximum number of prefixes from a peer */ bgpaf_prefix_limit /* Limit maximum number of prefixes from a peer */ ), "accepted-prefix-limit" ( /* Limit maximum number of prefixes accepted from a peer */ bgpaf_accepted_prefix_limit /* Limit maximum number of prefixes accepted from a peer */ ), "rib-group" ( /* Routing table group */ rib_group_inet_type /* Routing table group */ ), "add-path" ( /* Advertise multiple paths to peer */ apath_options /* Advertise multiple paths to peer */ ), "aigp" ( /* Allow sending and receiving of AIGP attribute */ bgpaf_aigp_options /* Allow sending and receiving of AIGP attribute */ ), "damping" /* Enable route flap damping */, "local-ipv4-address" ( /* Local IPv4 address */ ipv4addr /* Local IPv4 address */ ), "loops" ( /* Allow local AS in received AS paths */ bgpaf_loops /* Allow local AS in received AS paths */ ).as(:oneline), "delay-route-advertisements" ( /* Delay route updates for this family until FIB-sync */ c( "always-wait-for-krt-drain" /* Wait for KRT-queue drain for more-specific prefixes */, "minimum-delay" ( /* Minumum-delay to ensure KRT sees the route flash */ c( "routing-uptime" arg /* Min delay(sec) advertisement after RPD start */, "inbound-convergence" arg /* Min delay(sec) advertisement after source-peer sent all routes */ ) ), "maximum-delay" ( /* Maximum delay deferring routes */ c( "route-age" arg /* Max delay(sec) advertisement route age */, "routing-uptime" arg /* Max delay(sec) advertisement after RPD start */ ) ) ) ), "nexthop-resolution" ( /* Configure nexthop resolution properties */ c( "no-resolution" /* Consider nexthop good without resolution attempt */, "preserve-nexthop-hierarchy" /* Attempt preserving resolved nexthop chain in forwarding */ ) ), "defer-initial-multipath-build" ( /* Defer initial multipath build until EOR is received */ c( "maximum-delay" arg /* Max delay(sec) multipath build after peer is up */ ) ), "graceful-restart" ( /* BGP graceful restart options */ bgp_af_gr /* BGP graceful restart options */ ), "extended-nexthop" /* Extended nexthop encoding */, "extended-nexthop-color" /* Resolve using extended color nexthop */, "extended-nexthop-tunnel" /* Use BGP tunnel attribute */, "no-install" /* Dont install received routes in forwarding */, "route-age-bgp-view" /* Maintain BGP route's age based on Update messages only */, "output-queue-priority" ( /* Default output-queue to assign updates to */ bgp_output_queue_priority_class /* Default output-queue to assign updates to */ ), "route-refresh-priority" ( /* Default output-queue to assign route refreshes to */ bgp_output_queue_priority_class /* Default output-queue to assign route refreshes to */ ), "withdraw-priority" ( /* Default output-queue to assign withdrawn routes to */ bgp_output_queue_priority_class /* Default output-queue to assign withdrawn routes to */ ), "advertise-srv6-service" /* Advertise SRv6 service */, "accept-srv6-service" /* Accept SRv6 service */, "aggregate-label" ( /* Aggregate labels of incoming routes with the same FEC */ c( "community" arg /* Community to identify the FEC of incoming routes */ ) ), "egress-protection" ( /* Egress router protection */ c( "context-identifier" ( /* Context identifier */ c( ipv4addr /* IP address */ ) ), "keep-import" ( /* Import policy */ policy_algebra /* Import policy */ ) ) ) ) end rule(:bgp_output_queue_priority_class) do c( c( "priority" arg /* Output queue priority; higher is better */, "expedited" /* Expedited queue; highest priority */ ) ).as(:oneline) end rule(:bgp_filter_obj) do c( "match-on" ( /* Argument on which to match */ ("prefix") ), "policy" ( /* Filter policy */ policy_algebra /* Filter policy */ ) ).as(:oneline) end rule(:bgpaf_accepted_prefix_limit) do c( "maximum" arg /* Maximum number of prefixes accepted from a peer */, "teardown" ( /* Clear peer connection on reaching limit */ c( arg, "idle-timeout" ( /* Timeout before attempting to restart peer */ sc( c( "forever" /* Idle the peer until the user intervenes */, arg ) ) ).as(:oneline) ) ), "drop-excess" ( /* Drop routes from peer on reaching limit */ c( arg ) ), "hide-excess" ( /* Hide routes from peer on reaching limit */ c( arg ) ) ) end rule(:bgpaf_aigp_options) do c( "disable" /* Disable sending and receiving of AIGP attribute */ ) end rule(:bgpaf_loops) do c( arg ).as(:oneline) end rule(:bgpaf_prefix_limit) do c( "maximum" arg /* Maximum number of prefixes from a peer */, "teardown" ( /* Clear peer connection on reaching limit */ c( arg, "idle-timeout" ( /* Timeout before attempting to restart peer */ sc( c( "forever" /* Idle the peer until the user intervenes */, arg ) ) ).as(:oneline) ) ), "drop-excess" ( /* Drop routes from peer on reaching limit */ c( arg ) ), "hide-excess" ( /* Hide routes from peer on reaching limit */ c( arg ) ) ) end rule(:bgpaf_traffic_statistics) do c( "labeled-path" /* Ingress labeled path statistics */, "file" ( /* Statistics file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "interval" arg /* Time to collect statistics (seconds) */ ) end rule(:juniper_protocols_bgpmcast) do c( "traceoptions" ( /* Trace options for BGP Multicast */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ) ) end rule(:juniper_protocols_bridge) do c( "traceoptions" ( /* Trace options for Layer 2 address service */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("configuration" | "routing-socket" | "interface-device" | "interface-logical" | "interface-family" | "bridging-domain" | "routing-instance" | "bridge-interface" | "learning-domain" | "ipc" | "mac-learning" | "initialization" | "flood-next-hop" | "irb" | "vpls-ping" | "vpls-loop-prev" | "logical-system" | "bmac-next-hop" | "bridge-bmac-next-hop" | "isid" | "mc-ae" | "kack" | "storm-control" | "redundant-trunk-group" | "unknown-unicast-forwarding" | "vxlan" | "l2-license" | "telemetry" | "network-isolation" | "all")) /* Type of operation or event to include in trace */.as(:oneline), "in-memory-debug" /* Enable trace parameters in the memory */ ) ), "global-mac-move" ( /* Enable mac move related options at global level */ c( "notification-time" arg /* Periodical time interval in secs during which MAC move notification occurs */, "threshold-time" arg /* Time during which if certain number of MAC moves happen warrant recording */, "reopen-time" arg /* Time after which a blocked interface is reopened */, "threshold-count" arg /* Count of MAC moves which warrant recording when happen in certain time */, "traceoptions" ( /* Enable logging for the MAC moves */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline) ) ), "log" /* Syslog all the MAC moves as stored in the mac-move-buffer */, "disable-action" /* Disable mac move action globally */, "cooloff-time" arg /* Time interval in secs during which no further actions are taken */, "statistical-approach-wait-time" arg /* Time during which MAC moves are monitored to collect statistics */, "interface-recovery-time" arg /* Time interval after which interface is made operationally up */, "exclusive-mac" arg /* MAC addresses to be excluded in mac-move-limit or in VPLS loop prevention algorithm */ ) ), "global-mac-table-aging-time" arg /* System level MAC table aging time */, "global-mac-ip-table-aging-time" arg /* System level MAC+IP table aging time */, "global-mode" ( /* Global L2 Mode */ ("transparent-bridge" | "switching") ), "global-le-aging-time" arg /* Set LE aging time */, "global-le-bridge-domain-aging-time" arg /* Set LE bridge-domain aging time */, "mclag-arpreq-sync" /* Enable syncing ARP REQ packets to peer MCLAG PE */, "global-mac-pinning-discard-notification-interval" arg /* Set interval for MAC Pinning discard notification */, "global-ctx-limit" ( /* Debug context history limit */ c( arg ) ), "global-mac-limit" ( /* System level MAC limit options */ c( arg, "packet-action" ( ("drop") ) ) ), "global-mac-ip-limit" ( /* System level MAC+IP limit options */ c( arg ) ), "global-mac-statistics" /* Enable MAC address statistics at system level */, "global-static-mac-move-drop-log" /* Set global static mac move drop and log notification. */, "decapsulate-accept-inner-vlan" /* Accept VxLAN packets with inner VLAN disabled by default */, "destination-udp-port" arg /* VXLAN destination UDP port */, "source-udp-port" arg /* VXLAN source UDP port */, "disable-vxlan-multicast-transit" ( /* VXLAN multicast group configuration */ c( "vxlan-multicast-group" ("all" | "multicast-group-ip") /* VXLAN multicast group that requires multicast transit disabled */ ) ), "telemetry" ( /* Streaming Telemetry Data */ c( "enable-remote-entries" /* Enable Remote mac and mac-ip entries */ ) ), "global-no-mac-learning" /* Disable dynamic MAC address learning at system level */, "global-no-hw-mac-learning" /* Disable hardware MAC-address learning at system level */, "global-no-control-mac-aging" /* Disable control MAC-address aging from software */, "mclag-arp-nd-sync" /* Arp and ND entry sync from peer device. */, "no-mclag-ifa-sync" /* IFA entry disable sync from/to peer device. */, "crb-proxy-mac" ( /* Configure proxy MAC address to be used in MAC-IP refresh */ c( "family" ( /* Address family */ c( "inet" ( /* Inet version 4 family */ c( mac_unicast /* Proxy MAC address */ ) ), "inet6" ( /* Inet version 6 family */ c( mac_unicast /* Proxy MAC address */ ) ) ) ) ) ) ) end rule(:juniper_protocols_dot1x) do c( "traceoptions" ( /* Trace options for 802.1X */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("dot1x-debug" | "parse" | "esw-if" | "eapol" | "config-internal" | "normal" | "general" | "state" | "task" | "timer" | "vlan" | "all" | "dot1x-ipc" | "dot1x-event" | "iccp")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "ssl-certificate-path" arg /* Load SSL certificates for authentication */, "authenticator" ( /* 802.1X authenticator options */ c( "authentication-profile-name" arg /* Access profile name to use for authentication */, "no-mac-table-binding" /* Disable association between mac table and dot1x */, "ip-mac-session-binding" /* DHCP or DHCPv6 or SLAAC snooping checking for mac ageout */, "dynamic-vlan-cleanup-interval" arg /* Dynamic vlan cleanup interval */, "radius-options" ( /* Info sent to radius server */ c( "add-interface-text-description" /* Appends interface text description to NAS-Port-Id */, c( "use-vlan-name" /* Vlan name */, "use-vlan-id" /* Vlan id */ ) ) ), "static" arg ( /* Static MAC configuration needed to bypass 802.1X */ c( "vlan-assignment" arg /* VLAN name or 802.1q tag for the MAC address */, "bridge-domain-assignment" arg /* Bridge-domain name or 802.1q tag for the MAC address */, "interface" ( /* Interface on which authentication is bypassed */ interface_name /* Interface on which authentication is bypassed */ ) ) ), "interface" ("all" | arg) ( /* 802.1X interface specific options */ c( "ignore-port-bounce" /* To ignore the port-bounce request received from RADIUS server */, "authentication-order" ( /* Flexible authentication order */ ("dot1x" | "mac-radius" | "captive-portal") ), "disable" /* Disable 802.1X on this interface */, "supplicant" ( /* Set supplicant mode for this interface */ ("single" | "single-secure" | "multiple") ), "retries" arg /* Number of retries after which port is placed into wait state */, "quiet-period" arg /* Time to wait after an authentication failure */, "transmit-period" arg /* Interval before retransmitting initial EAPOL PDUs */, "multi-domain" ( /* Enable multi domain authentication */ c( "packet-action" ( /* Set packet action for this interface */ ("drop-and-log" | "shutdown") ), "max-data-session" arg /* Data session limit in multi domain authentication */, "recovery-timeout" arg /* Multi domain recovery timeout */ ) ), "mac-radius" ( /* Enable MAC-RADIUS */ c( "restrict" /* Bypass dot1x authentication, use MAC RADIUS only */, "flap-on-disconnect" /* Reset an interface on receiving a disconnect request */, "authentication-protocol" ( /* Set mac-radius authentication method */ c( c( "eap-md5" /* Authentication protocol EAP-MD5 */, "pap" /* Authentication protocol PAP */, "eap-peap" ( /* Authentication protocol EAP-PEAP */ c( "resume" /* Enable resume functionality for faster authentication */ ) ) ) ) ) ) ), c( "no-reauthentication" /* Disable reauthentication */, "reauthentication" arg /* Reauthentication interval */ ), "supplicant-timeout" arg /* Time to wait for a client response */, "server-timeout" arg /* Authentication server timeout interval */, "maximum-requests" arg /* Number of EAPOL RequestIDs to send before timing out */, "request-retry-count" arg /* Number of requests to send before timing out */, "guest-vlan" arg /* VLAN name or 802.1q tag for unauthenticated or non-responsive hosts */, "guest-bridge-domain" arg /* Bridge-domain name or 802.1q tag for unauthenticated or non-responsive hosts */, "server-reject-vlan" ( /* VLAN name or 802.1q tag for authentication rejected clients */ sc( arg /* VLAN name or VLAN Tag (1..4095) */, "block-interval" arg /* Interval for authenticator to ignore the EAP-Start packets. */, "eapol-block" /* Force the authenticator to ignore EAPOL-Start packets. */ ) ).as(:oneline), "server-reject-bridge-domain" ( /* VLAN name or 802.1q tag for authentication rejected clients */ sc( arg /* Bridge-domain name or VLAN Tag (1..4095) */, "block-interval" arg /* Interval for authenticator to ignore the EAP-Start packets. */, "eapol-block" /* Force the authenticator to ignore EAPOL-Start packets. */ ) ).as(:oneline), "eapol-block" ( /* Force the authenticator to ignore EAPOL-Start packets */ c( "server-fail" ( /* Block EAPOL-Start during RADIUS Timeout */ c( arg ) ), "mac-radius" /* Block EAPOL-Start when client is authenticated in mac-radius mode */, "captive-portal" /* Block EAPOL-Start when client is authenticated in captive-portal mode */ ) ), "lldp-med-bypass" /* Bypass dot1x authentication, use lldp-med based authentication */, "server-fail" ( /* Action to be taken when server is inaccessible */ sc( c( "deny" /* Force client authentication to fail */, "permit" /* Force client authentication to succeed */, "vlan-name" arg /* VLAN name or 802.1q tag for unreachable servers */, "bridge-domain" arg /* Bridge-domain name or 802.1q tag for unreachable servers */, "use-cache" /* Use the previous state of the client */ ) ) ).as(:oneline), "server-fail-voip" ( /* Action to be taken for VOIP client when server is inaccessible */ sc( c( "deny" /* Force VoIP client authentication to fail */, "permit" /* Force VoIP client authentication to succeed */, "vlan-name" arg /* Configured VoIP VLAN name or 802.1q tag for unreachable servers */, "use-cache" /* Use the previous state of the VoIP client */ ) ) ).as(:oneline), "redirect-url" arg /* CWA redirect URL to be used for unauthenticated users */, "no-tagged-mac-authentication" /* Don't allow tagged mac for radius authentication */, "retain-mac-aged-session" /* Retain mac aged out session */ ) ) ) ) ) end rule(:juniper_protocols_esis) do c( ("disable"), "traceoptions" ( /* Trace options for ES-IS */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("error" | "esh" | "ish" | "graceful-restart" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "preference" arg /* Preference of routes */, "graceful-restart" ( /* ES-IS graceful restart options */ sc( ("disable"), "restart-duration" arg /* Maximum time for graceful restart to finish */ ) ).as(:oneline), "interface" arg ( /* Interface configuration */ c( "hold-time" arg /* Time after which neighbors think the interface is down */, "end-system-configuration-timer" arg /* Suggested end system configuration timer */, ("disable") ) ) ) end rule(:juniper_protocols_evpn_interconnect) do c( "vrf-import" ( /* Import policy for Interconnect */ policy_algebra /* Import policy for Interconnect */ ), "vrf-export" ( /* Export policy for Interconnect */ policy_algebra /* Export policy for Interconnect */ ), "vrf-target" ( /* Interconnect target community configuration */ c( arg /* Target community to use in import and export */, "import" arg /* Target community to use when filtering on import */, "export" arg /* Target community to use when marking routes on export */ ) ), "route-distinguisher" ( /* Route distinguisher for this interconnect */ sc( arg /* Number in (16 bit:32 bit) or (32 bit 'L':16 bit) or (IP address:16 bit) format */ ) ).as(:oneline), "esi" ( /* ESI configuration of interconnect */ c( esi /* ESI value for interconnect */, c( "all-active" /* All-active mode */ ), "df-election-type" ( /* DF Election Type */ c( c( "preference" ( /* Preference based DF election */ c( "value" arg /* Preference value for EVPN Multihoming DF election */ ) ) ), c( "mod" /* MOD based DF election */ ) ) ) ) ), "interconnected-vni-list" arg /* List of translated VNIs (1..16777214) or all, that are to be EVPN interconnected */ ) end rule(:juniper_protocols_isis) do c( "interface" arg ( /* Interface configuration */ c( "ldp-synchronization" ( /* Advertise maximum metric until LDP is operational */ ldp_sync_obj /* Advertise maximum metric until LDP is operational */ ), "level" arg ( /* Configure levels on this interface */ c( "te-metric" arg /* Traffic engineering metric */, "no-advertise-adjacency-segment" /* Do not advertise an adjacency segment for this level */, "ipv4-adjacency-segment" ( /* Configure ipv4 adjacency segment */ c( "protected" ( /* Adjacency SID is eligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline), "unprotected" ( /* Adjacency SID uneligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline) ) ), "ipv6-adjacency-segment" ( /* Configure ipv6 adjacency segment */ c( "protected" ( /* Adjacency SID is eligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline), "unprotected" ( /* Adjacency SID uneligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline) ) ), "srm6-adjacency-segment" ( /* Configure srm6 adjacency segment */ c( "unprotected" ( /* Adjacency SID uneligible for protection */ sc( "sid" arg /* Set Adjacency SID Value */ ) ).as(:oneline) ) ), "srv6-adjacency-segment" ( /* Configure srv6 adjacency segment */ c( "protected" ( /* SRv6 Adjacency segment is eligible for protection */ c( "locator" arg ( /* Locator to bind SRv6 adjacency segment */ c( "end-x-sid" arg ( /* Endpoint 128 bit address */ c( "flavor" ( c( "psp" /* Penultimate segment pop of the SRH */, "usp" /* Ultimate segment pop of the SRH */, "usd" /* Ultimate segment decapsulation */ ) ) ) ) ) ) ) ), "unprotected" ( /* SRv6 Adjacency segment is uneligible for protection */ c( "locator" arg ( /* Locator to bind SRv6 adjacency segment */ c( "end-x-sid" arg ( /* Endpoint 128 bit address */ c( "flavor" ( c( "psp" /* Penultimate segment pop of the SRH */, "usp" /* Ultimate segment pop of the SRH */, "usd" /* Ultimate segment decapsulation */ ) ) ) ) ) ) ) ) ) ), "lan-neighbor" arg ( /* Configuration specific to a LAN neighbor */ c( "ipv4-adjacency-segment" ( /* Configure ipv4 adjacency segment */ c( "protected" ( /* Adjacency SID is eligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline), "unprotected" ( /* Adjacency SID uneligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline) ) ), "ipv6-adjacency-segment" ( /* Configure ipv6 adjacency segment */ c( "protected" ( /* Adjacency SID is eligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline), "unprotected" ( /* Adjacency SID uneligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline) ) ), "srm6-adjacency-segment" ( /* Configure srm6 adjacency segment */ c( "unprotected" ( /* Adjacency SID uneligible for protection */ sc( "sid" arg /* Set Adjacency SID Value */ ) ).as(:oneline) ) ), "srv6-adjacency-segment" ( /* Configure srv6 adjacency segment */ c( "protected" ( /* SRv6 Adjacency segment is eligible for protection */ c( "locator" arg ( /* Locator to bind SRv6 adjacency segment */ c( "end-x-sid" arg ( /* Endpoint 128 bit address */ c( "flavor" ( c( "psp" /* Penultimate segment pop of the SRH */, "usp" /* Ultimate segment pop of the SRH */, "usd" /* Ultimate segment decapsulation */ ) ) ) ) ) ) ) ), "unprotected" ( /* SRv6 Adjacency segment is uneligible for protection */ c( "locator" arg ( /* Locator to bind SRv6 adjacency segment */ c( "end-x-sid" arg ( /* Endpoint 128 bit address */ c( "flavor" ( c( "psp" /* Penultimate segment pop of the SRH */, "usp" /* Ultimate segment pop of the SRH */, "usd" /* Ultimate segment decapsulation */ ) ) ) ) ) ) ) ) ) ) ) ), "post-convergence-lfa" ( /* Configure backup along post convergence on this interface */ c( "node-protection" ( /* Enable node protection */ c( "cost" arg /* Cost for node protection */ ) ), "srlg-protection" /* Enable srlg protection */, "fate-sharing-protection" /* Enable fate-sharing protection */ ) ), ("disable"), "metric" arg /* Metric for this level */, "ipv4-multicast-metric" arg /* IPv4 multicast metric for this level */, "ipv6-unicast-metric" arg /* IPv6 unicast metric for this level */, "ipv6-multicast-metric" arg /* IPv6 multicast metric for this level */, "topology" enum(("default" | "ipv4-multicast" | "ipv6-unicast" | "ipv6-multicast")) ( /* Topology specific attributes */ c( "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ), "authentication-key" ( /* Authentication key (password) */ unreadable /* Authentication key (password) */ ), "authentication-type" ( /* Authentication type */ ("md5" | "simple") ), "hello-authentication-key" ( /* Authentication key (password) for hello packets */ unreadable /* Authentication key (password) for hello packets */ ), "hello-authentication-type" ( /* Authentication type for hello packets */ ("md5" | "simple") ), "hello-authentication-key-chain" arg /* Key chain name */, "hello-interval" arg /* Interval between hello packet transmissions */, "hold-time" arg /* Time after which neighbors think the interface is down */, "priority" arg /* Designated router election priority */, "flood-reflector" ( /* Configure interface as flood-reflector */ c( "cluster-id" arg /* Cluster-ID */ ) ), "passive" ( /* Do not run IS-IS at this level, but advertise it */ c( "remote-node-iso" ( /* ISO System-ID of the remote node */ sysid /* ISO System-ID of the remote node */ ), "remote-node-id" ( /* Remote address of the link */ ipv4addr /* Remote address of the link */ ) ) ) ) ), "delay-metric" arg /* Delay metric */, "delay-measurement" ( /* Enable delay measurement */ c( "probe-interval" arg /* Probe interval */, "probe-count" arg /* Probe count */, "advertisement" ( /* Delay advertisement */ c( "periodic" ( /* Periodic advertisement parameters */ c( "threshold" arg /* Threshold */, "interval" arg /* Interval */ ) ), "accelerated" ( /* Accelerated advertisement parameters */ c( "threshold" arg /* Threshold */ ) ) ) ) ) ), "no-advertise-adjacency-segment" /* Do not advertise an adjacency segment for this interface */, "auto-bandwidth" ( /* Auto bandwidth configuration */ c( "template-name" arg /* Auto bandwidth template name */, ("disable") ) ), c( "link-protection" /* Protect interface from link faults only */, "node-link-protection" /* Protect interface from both link and node faults */ ), "no-eligible-backup" /* Not eligible for backup traffic from protected interfaces */, "no-eligible-remote-backup" /* Not eligible for Remote-LFA backup traffic from protected interfaces */, "link-degradation-threshold" ( /* Link up and down thresholds (in %) for proactive link protection */ sc( "link-down" arg /* Signal degradation threshold above which link marked down */, "link-up" arg /* Signal degradation threshold below which link is marked up. */ ) ).as(:oneline), ("disable"), "authentication-key" ( /* Authentication key (password) */ unreadable /* Authentication key (password) */ ), "authentication-type" ( /* Authentication type */ ("md5" | "simple") ), "flood-group" arg /* ISO Area that this interface should send LSPs to */, "hello-authentication-key" ( /* Authentication key (password) for hello packets */ unreadable /* Authentication key (password) for hello packets */ ), "hello-authentication-type" ( /* Authentication type for hello packets */ ("md5" | "simple") ), "hello-padding-type" ( /* Type of padding for hello packets */ ("strict" | "adaptive" | "loose" | "disable") ), "interface-group-holddown-delay" arg /* Time to wait before including in BBM calculation */, "layer2-map" /* Kernel ARP/ND creation for nexthops */, "no-layer2-map" /* Don't kernel ARP/ND creation for nexthops */, "max-hello-size" arg /* Maximum size allowed for ISIS Hello PDUs */, "lsp-interval" arg /* Interval between LSP transmissions */, "csnp-interval" ( /* Rate of CSN packets (for LAN interfaces only) */ sc( c( arg, "disable" /* Do not send CSN packets on this interface */ ) ) ).as(:oneline), "strict-dual-isis" ( /* Ensure both ipv4 and ipv6 connectivity for adjacencies on this interface */ c( "holdown" arg /* Set the holddown timer for strict spf computation */ ) ), "mesh-group" ( /* Add the interface to a mesh group */ sc( c( arg /* Mesh group number for this interface */, "blocked" /* Do not flood new LSPs on this interface */ ) ) ).as(:oneline), "point-to-point" /* Treat interface as point to point */, "passive" ( /* Do not run IS-IS, but advertise it */ c( "remote-node-iso" ( /* ISO System-ID of the remote node */ sysid /* ISO System-ID of the remote node */ ), "remote-node-id" ( /* Remote address of the link */ ipv4addr /* Remote address of the link */ ) ) ), "checksum" /* Enable checksum for packets on this interface */, "no-unicast-topology" /* Do not include this interface in the unicast topology */, "no-ipv4-multicast" /* Do not include this interface in the IPv4 multicast topology */, "no-ipv6-unicast" /* Do not include this interface in the IPv6 unicast topology */, "no-ipv6-multicast" /* Do not include this interface in the IPv6 multicast topology */, "no-adjacency-down-notification" /* Do not inform other protocols about adjacency down events */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ) ) ), "family" enum(("inet" | "inet6")) ( /* Address family specific interface attributes */ c( "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ) ) ) ) ) ) ), "source-packet-routing" ( /* Enable Source Packet Routing (SPRING) */ c( "adjacency-segment" ( /* Configure attributes for Adjacency Segments in SPRING */ c( "hold-time" arg /* Duration(ms) for which adjacency segments will be retained after isolating from an interface */ ) ), "udp-tunneling" ( /* Enable SR over UDP feature */ c( "encapsulation" /* Enable UDP Tunnel Encapsulation */, "decapsulation" /* Enable UDP Tunnel decapsulation */ ) ), "srgb" ( /* Set the SRGB global block in SPRING */ sc( "start-label" arg /* Start range for SRGB label block */, "index-range" arg /* Index to the SRGB start label block */ ) ).as(:oneline), "node-segment" ( /* Enable support for Node segments in SPRING */ c( "ipv4-index" arg /* Set IPv4 Node Segment index */, "ipv6-index" arg /* Set IPv6 Node Segment index */, "index-range" arg /* Set Range of Node Segment indices allowed */ ) ), "flex-algorithm" arg /* Flex-algorithms we would like to participate in */, "use-flex-algorithm-metric-always" /* Use flex-algo prefix metric whenever available */, "new-capability-subtlv" /* Advertise all ranges in single spring capability subtlv */, "explicit-null" /* Set E and P bits in all Prefix SID advertisements */, "mapping-server" arg /* Mapping server name */, "no-strict-spf" /* Disable strict spf algo 1 advertisement */, "ldp-stitching" /* Enable SR to LDP stitching */, "srv6" ( /* Enable IPv6 Segment Routing (SRv6) */ c( "locator" arg ( /* SRv6 Locator */ c( "end-sid" arg ( c( "flavor" ( c( "psp" /* Penultimate segment pop of the SRH */, "usp" /* Ultimate segment pop of the SRH */, "usd" /* Ultimate segment decapsulation */ ) ) ) ) ) ) ) ), "sensor-based-stats" ( /* Configure sensor based stats in SPRING */ c( "per-interface-per-member-link" ( /* Configure sensor based stats per nexthop */ sc( "ingress" /* Enable sensor based stats on ingress interface */, "egress" /* Enable sensor based stats on egress interface */ ) ).as(:oneline), "per-sid" ( /* Configure sensor based stats per spring route */ sc( "ingress" /* Enable sensor based stats for per-sid ingress accounting */, "egress" /* Enable sensor based stats for IP-MPLS egress accounting */ ) ).as(:oneline) ) ), "traffic-statistics" ( /* Enable support for traffic statistics in SPRING */ c( "statistics-granularity" ( /* Granularity for traffic statistics in SPRING */ c( "per-interface" /* Interface Based traffic statistics in SPRING */ ) ), "auto-bandwidth" arg /* Auto bandwidth name */ ) ) ) ), "srm6" ( /* Enable SRm6 */ c( "sid" ( /* Configure attributes for SID in srm6 */ c( arg, "address" ( /* IPv6 address corresponding to SID */ ipv6addr /* IPv6 address corresponding to SID */ ) ) ) ) ), "level" arg ( /* Configure global level attributes */ c( "labeled-preference" arg /* Preference of labeled IS-IS routes */, "srv6-preference" arg /* Preference of SRV6 IS-IS routes */, "flex-algorithm-preference" arg /* Preference of flex-algorithm L-ISIS routes */, "source-packet-routing" ( /* Enable Source Packet Routing (SPRING) */ c( ("disable"), "srms-preference" arg /* Set SRMS preference value */ ) ), ("disable"), "authentication-key" ( /* Authentication key (password) */ unreadable /* Authentication key (password) */ ), "authentication-type" ( /* Authentication type */ ("md5" | "simple") ), "purge-originator" ( /* Add Purge Originator information */ ("self" | "empty") ), "no-hello-authentication" /* Disable authentication for hello packets */, "no-csnp-authentication" /* Disable authentication for CSN packets */, "no-psnp-authentication" /* Disable authentication for PSN packets */, "authentication-key-chain" arg /* Key chain name */, "wide-metrics-only" /* Generate wide metrics only */, "preference" arg /* Preference of internal routes */, "external-preference" arg /* Preference of external routes */, "prefix-export-limit" arg /* Maximum number of external prefixes that can be exported */, "flood-reflector" ( /* Enable flood-reflector */ c( "reflector" ( /* Configure this as a flood-reflector */ c( "cluster-id" arg /* Cluster-ID */ ) ), "client" /* Configure interface as flood-reflector client */ ) ) ) ), "interface-group" arg ( /* Interface grouping configuration */ c( "level" arg ( /* Configure levels on this interface-group */ c( "ipv4-adjacency-segment" ( /* Configure ipv4 adjacency segment */ c( "protected" ( /* Adjacency SID is eligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline), "unprotected" ( /* Adjacency SID uneligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline) ) ), "ipv6-adjacency-segment" ( /* Configure ipv6 adjacency segment */ c( "protected" ( /* Adjacency SID is eligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline), "unprotected" ( /* Adjacency SID uneligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline) ) ), "srm6-adjacency-segment" ( /* Configure srm6 adjacency segment */ c( "unprotected" ( /* Adjacency SID uneligible for protection */ sc( "sid" arg /* Set Adjacency SID Value */ ) ).as(:oneline) ) ), "topology" enum(("default" | "ipv4-multicast" | "ipv6-unicast" | "ipv6-multicast")) ( /* Topology specific attributes */ c( "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ) ) ), "link-group-protection" ( /* Configure link group protection */ c( "minimum-bandwidth" arg /* Minimum bandwidth to carry traffic */, "revert-bandwidth" arg /* Revert bandwidth to carry traffic */ ) ), "interface" arg ( /* List interfaces for this group */ c( "weight" arg /* Interface weight for adjacency set */ ) ) ) ), "traceoptions" ( /* Trace options for IS-IS */ c( "flag" enum(("traffic-statistics" | "post-convergence-lfa" | "error" | "spf" | "packets" | "hello" | "lsp" | "psn" | "csn" | "layer2-map" | "lsp-generation" | "graceful-restart" | "ldp-synchronization" | "nsr-synchronization" | "spring" | "prefix-sid" | "flex-algorithm" | "adj-sid" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "srv6" | "rmopd" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline), "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline) ) ), "backup-spf-options" ( /* Configure backup SPF attributes */ c( "remote-backup-calculation" /* Calculate Remote LFA backup nexthops */, "use-post-convergence-lfa" ( /* Calculate Post Convergence Backup Nexthops */ c( "maximum-labels" arg /* Set maximum number of label supported for post convergence path calculations */, "maximum-backup-paths" arg /* Set maximum equal cost backup post convergence paths */ ) ), "use-source-packet-routing" /* Use SPRING routed paths for protection */, "per-prefix-calculation" /* Calculate backup nexthops for non-best prefix originators */, "node-link-degradation" /* Degrade to link protection when nodelink protection not available */ ) ), "context-identifier" arg ( /* Configuration for advertisement of a context-identifier */ c( "level" arg ( /* Configure global level attributes */ c( ("disable") ) ) ) ), "traffic-engineering" ( /* Configure traffic engineering attributes */ c( ("disable"), "l3-unicast-topology" /* Download IGP topology into TED */, "ipv6" /* Enable TEDv6 */, "credibility-protocol-preference" /* Follow IGP protocol preference for TED protocol credibility */, "ipv4-multicast-rpf-routes" /* Install IPv4 routes for multicast RPF checks into inet.2 */, "ignore-lsp-metrics" /* Ignore label-switched path metrics when doing shortcuts */, "tunnel-source-protocol" ( /* Protocols from which to pick label-switched paths */ c( "rsvp" ( /* Pick label-switched paths from rsvp */ c( "preference" arg /* Preference for label-switched paths from this protocol */ ) ), "spring-te" ( /* Pick label-switched paths from spring-te */ c( "preference" arg /* Preference for label-switched paths from this protocol */ ) ) ) ), "family" enum(("inet" | "inet6" | "inet-mpls" | "inet6-mpls")) ( /* Address family specific traffic-engineering attributes */ c( "shortcuts" ( /* Use label-switched paths as next hops, if possible */ c( "multicast-rpf-routes" /* Install routes for multicast RPF checks into multicast RIB */, "import" ( /* Import policy for shortcut */ policy_algebra /* Import policy for shortcut */ ) ) ) ) ), "shortcuts" ( /* Use label-switched paths as next hops, if possible */ c( "ignore-lsp-metrics" /* Ignore label-switched path metrics when doing shortcuts */ ) ), "multipath" ( /* Configure label-switched-path multipath behavior */ c( "lsp-equal-cost" /* Include equal cost label-switched-paths */ ) ), "advertisement" ( /* Configure traffic engineering attribute advertisements */ c( "always" /* Advertise applicable legacy TE attributes always */, "application-specific" ( /* Advertise application-specific TE attributes */ c( "all-applications" ( /* Advertise common application-specific link attributes */ c( "legacy" /* Use legacy TE attributes for this application */ ) ) ) ) ) ) ) ), "label-switched-path" arg ( /* Configuration for advertisement of a label-switched path */ c( "level" arg ( /* Configure global level attributes */ c( ("disable"), "metric" arg /* SPF metric for this level */ ) ) ) ), ("disable"), "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "reference-bandwidth" arg /* Bandwidth for calculating metric defaults */, "layer2-map" /* Kernel ARP/ND creation for nexthops */, "no-layer2-map" /* Don't kernel ARP/ND creation for nexthops */, "job-stats" /* Collect job statistics */, "lsp-lifetime" arg /* Lifetime of LSPs */, "max-lsp-size" arg /* Maximum size allowed for LSPs */, "max-hello-size" arg /* Maximum size allowed for ISIS Hello PDUs */, "max-snp-size" arg /* Maximum size allowed for Sequence Number (Complete/Partial) PDUs */, "spf-delay" arg /* Time to wait before running an SPF */, "authentication-key" ( /* Authentication key (password) */ unreadable /* Authentication key (password) */ ), "authentication-type" ( /* Authentication type */ ("md5" | "simple") ), "loose-authentication-check" /* Verify authentication only if PDU has authentication TLV */, "max-areas" arg /* Maximum number of advertised Areas */, "no-authentication-check" /* Disable authentication checking */, "no-ipv4-routing" /* Disable IPv4 routing */, "no-ipv6-routing" /* Disable IPv6 routing */, "clns-routing" /* Enable CLNS routing */, "clns-updown-compatibility" /* Set the Up/Down Bit in place of the I/E bit in CLNS TLVs */, "no-adjacency-holddown" /* Disable adjacency hold down */, "multicast-topology" /* Enable multicast topology */, "ignore-attached-bit" /* Ignore the attached bit in Level 1 LSPs */, "rib-group" ( /* Routing table group for importing IS-IS routes */ rib_group_type /* Routing table group for importing IS-IS routes */ ), "strict-dual-isis" ( /* Ensure both ipv4 and ipv6 connectivity for all adjacencies */ c( "holdown" arg /* Set the holddown timer for strict spf computation */ ) ), "spf-options" ( /* Configure SPF attributes */ c( "delay" arg /* Time to wait before running an SPF */, "holddown" arg /* Time to hold down before running an SPF */, "rapid-runs" arg /* Number of rapid SPF runs before SPF holddown */, "multipath" ( /* Configure multipath options */ c( "weighted" ( /* Weighted multipath options */ c( "one-hop" /* Enable load balancing on onehop multipath based on interface bandwidth */ ) ) ) ), "microloop-avoidance" ( /* Configure microloop avoidance mechanisms */ c( "post-convergence-path" ( /* Temporarily install post-convergence path for routes potentially affected by microloops */ c( "delay" arg /* Time after which temporary post-convergence paths are removed */ ) ) ) ) ) ), "topologies" ( /* Enable topologies */ c( "ipv4-multicast" /* Enable IPv4-multicast topology */, "ipv6-unicast" /* Enable IPv6-unicast topology */, "ipv6-multicast" /* Enable IPv6-multicast topology */ ) ), "overload" ( /* Set the overload bit (no transit traffic) */ c( "timeout" arg /* Time after which overload bit is reset */, "advertise-high-metrics" /* Advertise high metrics instead of setting the overload bit */, "allow-route-leaking" /* Allow routes to be leaked when overload is configured */, "internal-prefixes" /* Allow internal prefixes to be advertised with high metric */, "external-prefixes" /* Allow external prefixes to be advertised with high metric */ ) ), "graceful-restart" ( /* IS-IS graceful restart options */ sc( ("disable"), "helper-disable" /* Disable graceful restart helper capability */, "restart-duration" arg /* Maximum time for graceful restart to finish */ ) ).as(:oneline) ) end rule(:juniper_protocols_l2control) do c( "traceoptions" ( /* Global tracing options for STP */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("parse" | "regex-parse" | "config-internal" | "normal" | "general" | "state" | "task" | "timer" | "ppmlite" | "all")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "nonstop-bridging" /* Enable nonstop operation */, "options" ( /* Layer2 control options */ c( "nsb-extended-timers" ( /* Extend expiration of timers during switchover */ c( ("disable") ) ), "nsb-optimized-config-read" ( /* Optimize config re-prasing during switchover */ c( ("disable") ) ) ) ), "bpdu-block" ( /* Block BPDU on interface (BPDU Protect) */ c( "interface" (arg | "all") ( /* Interface name to block BPDU on */ c( "disable" /* Disable bpdu-block on a port */, "drop" /* Drop xSTP BPDUs */ ) ), "disable-timeout" arg /* Disable timeout for BPDU Protect */ ) ), "mac-rewrite" ( /* Mac rewrite functionality */ c( "interface" arg ( c( "enable-all-ifl" /* Enable tunneling for all the IFLs under the interface */, "protocol" ( /* Protocols for which mac rewrite need to be enabled */ c( "stp" /* Enable mac rewrite for STP */, "vtp" /* Enable mac rewrite for VTP */, "cdp" /* Enable mac rewrite for CDP */, "ieee8021x" /* Enable mac rewrite for 8021X */, "ieee8023ah" /* Enable mac rewrite for 8023AH */, "elmi" /* Enable mac rewrite for ELMI */, "lacp" /* Enable mac rewrite for LACP */, "lldp" /* Enable mac rewrite for LLDP */, "mmrp" /* Enable mac rewrite for MMRP */, "mvrp" /* Enable mac rewrite for MVRP */, "pvstp" /* Enable mac rewrite for PVSTP+ */, "gvrp" /* Enable mac rewrite for GVRP */, "vstp" /* Enable mac rewrite for VSTP */, "udld" /* Enable mac rewrite for UDLD */ ) ) ) ) ) ) ) end rule(:juniper_protocols_ldp) do c( "traceoptions" ( /* Trace options for LDP */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("error" | "event" | "packet-dump" | "packets" | "periodic" | "initialization" | "notification" | "address" | "label" | "binding" | "path" | "ppmd" | "nsr-synchronization" | "link-protection" | "p2mp-nsr-synchronization" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */, "filter" ( /* Filter to apply to this flag */ ldp_filter_obj /* Filter to apply to this flag */ ) ) ).as(:oneline) ) ), "traffic-statistics" ( /* Collect statistics for LDP label-switched paths */ c( "file" ( /* Statistics file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "interval" arg /* Time to collect statistics (seconds) */, "sensor-based-stats" /* Enable sensor based statistics collection */, "no-penultimate-hop" /* No penultimate hop statistics collection */ ) ), "graceful-restart" ( /* Configure graceful restart attributes */ c( ("disable"), "helper-disable" /* Disable the graceful restart helper capability */, "recovery-time" arg /* Time required for recovery */, "maximum-neighbor-recovery-time" arg /* Maximum time stale mappings are maintained */, "reconnect-time" arg /* Time required to reestablish session after graceful restart */, "maximum-neighbor-reconnect-time" arg /* Maximum reconnect time allowed from a restarting neighbor */ ) ), "auto-targeted-session" ( /* Configure auto targeted session parameters */ c( "teardown-delay" arg /* Auto targeted session tear down delay */, "maximum-sessions" arg /* Auto targeted maximum sessions */, "no-rlfa" /* Do not allow RLFA in auto targeted sessions */, "no-dynamic-tunnels" /* Do not allow dynamic tunnels in auto targeted sessions */ ) ), "preference" arg /* Route preference */, "no-forwarding" /* Do not use LDP ingress routes for forwarding */, "rib-group" arg /* Routing table group for importing ingress routes */, "rib-group6" arg /* Routing table group for importing ingress v6 routes */, "l2-smart-policy" /* Do not export or import Layer 3 FECs for Layer 2 sessions */, "track-igp-metric" /* Track the IGP metric */, "strict-targeted-hellos" /* Do not send targeted hellos to unconfigured neighbors */, "longest-match" ( /* Configure longest match */ c( arg ) ), "color-import-policy" ( /* Import color policy */ policy_algebra /* Import color policy */ ), "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "egress-policy" ( /* Configure LSP egress policy */ policy_algebra /* Configure LSP egress policy */ ), "dod-request-policy" ( /* Configure DoD label request policy */ policy_algebra /* Configure DoD label request policy */ ), "next-hop" ( /* LDP next-hop control */ c( "merged" ( /* Merged next hop */ c( "policy" ( /* Merged next-hop policy */ policy_algebra /* Merged next-hop policy */ ) ) ), "no-rsvp-tunneling" ( /* No rsvp tunneling */ c( "policy" ( /* No rsvp tunneling next-hop policy */ policy_algebra /* No rsvp tunneling next-hop policy */ ) ) ) ) ), "mtu-discovery" /* Enable TCP path MTU discovery */, "no-mtu-discovery" /* Don't enable TCP path MTU discovery */, "deaggregate" /* Deaggregate FECs into separate labels */, "no-deaggregate" /* Don't deaggregate FECs into separate labels */, "explicit-null" /* Advertise the EXPLICIT_NULL label for egress FECs */, "label-withdrawal-delay" arg /* Delay label withdrawal for FECs to avoid label churn */, "make-before-break" ( /* Configure make before break */ c( "timeout" arg /* Make before break timeout */, "switchover-delay" arg /* Make before break switchover delay */ ) ), "transport-address" ( /* Address used for TCP sessions */ sc( c( "router-id" /* Use router ID for TCP connections */, "interface" /* Use interface address for TCP connections */, ipaddr /* Use specified address for TCP connections */ ) ) ).as(:oneline), "keepalive-interval" arg /* Keepalive interval (seconds) */, "keepalive-timeout" arg /* Keepalive timeout (seconds) */, "interface" arg ( /* Enable LDP on this interface */ c( ("disable"), "hello-interval" arg /* Hello interval (seconds) */, "hold-time" arg /* Hello hold time (seconds) */, "link-protection" ( /* Enable link protection to protect interface for link faults only */ c( ("disable"), "dynamic-rsvp-lsp" /* Enable setup of dynamic rsvp lsp for link protection */ ) ), "transport-address" ( /* Address used for TCP sessions */ sc( c( "router-id" /* Use router ID for TCP connections */, "interface" /* Use interface address for TCP connections */, ipaddr /* Use specified address for TCP connections */ ) ) ).as(:oneline), "allow-subnet-mismatch" /* Allow subnet mismatch for source address in hello packet */, "no-allow-subnet-mismatch" /* Don't allow subnet mismatch for source address in hello packet */ ) ), "neighbor" arg /* Configure a remote LDP neighbor */, "session" arg ( /* Configure session parameters */ c( "authentication-key" arg /* MD5 authentication key */, "authentication-algorithm" ( /* Authentication algorithm name */ ("md5" | "hmac-sha-1-96" | "aes-128-cmac-96" | "ao") ), "tcpao-auth-mismatch" ( /* Continue without TCP-AO if any one TCP endpoint does not have TCP-AO configured */ ("allow-without-tcpao") ), "authentication-key-chain" arg /* Key chain name */, "downstream-on-demand" /* Configure downstream on demand label distribution mode */, "transport-address" ( /* Address used for TCP sessions to the neighbor */ ipaddr /* Address used for TCP sessions to the neighbor */ ), "mtu-discovery" /* Enable TCP path MTU discovery */, "no-mtu-discovery" /* Don't enable TCP path MTU discovery */ ) ), "session-group" arg ( /* Configure session group parameters */ c( "authentication-key" arg /* MD5 authentication key */, "authentication-algorithm" ( /* Authentication algorithm name */ ("md5" | "hmac-sha-1-96" | "aes-128-cmac-96" | "ao") ), "tcpao-auth-mismatch" ( /* Continue without TCP-AO if any one TCP endpoint does not have TCP-AO configured */ ("allow-without-tcpao") ), "authentication-key-chain" arg /* Key chain name */, "downstream-on-demand" /* Configure downstream on demand label distribution mode */, "transport-address" ( /* Address used for TCP sessions to the neighbor */ ipaddr /* Address used for TCP sessions to the neighbor */ ), "mtu-discovery" /* Enable TCP path MTU discovery */, "no-mtu-discovery" /* Don't enable TCP path MTU discovery */ ) ), "session-protection" ( /* Configure session protection */ sc( "timeout" arg /* Session protection timeout */ ) ).as(:oneline), "igp-synchronization" ( /* Configure IGP synchronization parameters */ c( "holddown-interval" arg /* Time to hold the up notification to the IGPs */ ) ), "log-updown" ( /* Logging actions for LSP up/down events */ c( "trap" ( /* SNMP traps options */ sc( ("disable") ) ).as(:oneline) ) ), "policing" ( /* Configure policing for an LDP FEC */ c( "fec" arg ( /* Forwarding equivalence class */ c( "ingress-traffic" arg /* Name of filter to use for policing ingress LDP traffic */, "transit-traffic" arg /* Name of filter to use for policing transit LDP traffic */ ) ) ) ), "entropy-label" ( /* Insert entropy label for a LDP FEC */ c( "ingress-policy" ( /* Entropy label ingress policy */ policy_algebra /* Entropy label ingress policy */ ) ) ), "oam" ( /* Configure periodic OAM for a LDP FEC */ c( "ingress-policy" ( /* OAM ingress policy */ policy_algebra /* OAM ingress policy */ ), "bfd-port-egress-policy" ( /* OAM egress policy */ policy_algebra /* OAM egress policy */ ), "fec" arg ( /* Forwarding equivalence class */ c( c( "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "ecmp" /* Enable equal cost multipath (ECMP) support for BFD */, "failure-action" ( /* Action to take when BFD session goes down */ sc( c( "remove-route" /* Remove LDP route from the ribs */, "remove-nexthop" /* Remove LDP nexthop from the route */ ) ) ).as(:oneline), "holddown-interval" arg /* Time to hold the session-UP notification to the client */, "no-router-alert-option" /* Do not set Router-Alert options in IP header for MPLS-BFD */, "use-ip-ttl-1" /* Set TTL value to 1 in IP header for MPLS-BFD */ ) ), "no-bfd-liveness-detection" /* Disable BFD liveness detection */ ), "periodic-traceroute" ( /* Configure periodic traceroute */ c( "frequency" arg /* Time between traceroute attempts */, "ttl" arg /* Maximum time-to-live value */, "retries" arg /* Number of times to resend probe */, "wait" arg /* Time to wait before resending probe */, "paths" arg /* Maximum number of paths to traverse */, "source" ( /* Source address to use when sending probes */ ipv4addr /* Source address to use when sending probes */ ), "exp" arg /* Class-of-service value to use when sending probes */, "fanout" arg /* Maximum number of nexthops to search per node */, "disable" /* Disable periodic traceroute for a FEC */ ) ) ) ), "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "ecmp" /* Enable equal cost multipath (ECMP) support for BFD */, "failure-action" ( /* Action to take when BFD session goes down */ sc( c( "remove-route" /* Remove LDP route from the ribs */, "remove-nexthop" /* Remove LDP nexthop from the route */ ) ) ).as(:oneline), "holddown-interval" arg /* Time to hold the session-UP notification to the client */, "no-router-alert-option" /* Do not set Router-Alert options in IP header for MPLS-BFD */, "use-ip-ttl-1" /* Set TTL value to 1 in IP header for MPLS-BFD */ ) ), "periodic-traceroute" ( /* Configure periodic traceroute */ c( "frequency" arg /* Time between traceroute attempts */, "ttl" arg /* Maximum time-to-live value */, "retries" arg /* Number of times to resend probe */, "wait" arg /* Time to wait before resending probe */, "paths" arg /* Maximum number of paths to traverse */, "source" ( /* Source address to use when sending probes */ ipv4addr /* Source address to use when sending probes */ ), "exp" arg /* Class-of-service value to use when sending probes */, "fanout" arg /* Maximum number of nexthops to search per node */ ) ), "lsp-ping-interval" arg /* Time interval between LSP ping messages */, "lsp-ping-multiplier" arg /* Number of ping reply missed before declaring BFD down */ ) ), "targeted-hello" ( /* Configure targeted hello parameters */ c( "hello-interval" arg /* Hello interval (seconds) */, "hold-time" arg /* Hold interval (seconds) */ ) ), "p2mp" ( /* Advertise P2MP capability to peers */ c( "recursive" ( /* Configure P2MP recursive parameters */ c( "route" /* Allow recursive route resolution to signal P2MP FEC */ ) ), "root-address" arg ( /* Configure the root address of P2MP LSP */ c( "lsp-id" arg /* Configure the generic LSP identifier */, "group-address" arg ( /* IPv4/Ipv6 group address for mLDP LSP */ c( "source-address" arg /* IPv4/Ipv6 source address */ ) ) ) ), "no-rsvp-tunneling" /* Do not allow LDP P2MP to use RSVP-TE LSPs for tunneling */ ) ), "sr-mapping-client" ( /* Enable LDP to SR mapping-client functionality */ c( "policy" ( /* SR mapping-client policy */ policy_algebra /* SR mapping-client policy */ ) ) ), "upstream-label-assignment" /* Allow Upstream Label Assignment capability */, "family" enum(("inet" | "inet6")) /* Address family */, "transport-preference" ( /* TCP transport preference */ ("ipv4" | "ipv6") ), "dual-transport" ( /* Use separate IPv4 and IPv6 TCP transport */ c( "inet-lsr-id" ( /* LSR identifier for address family inet */ ipv4addr /* LSR identifier for address family inet */ ), "inet6-lsr-id" ( /* LSR identifier for address family inet6 */ ipv4addr /* LSR identifier for address family inet6 */ ) ) ) ) end rule(:juniper_protocols_lmp) do c( "te-link" arg ( /* Traffic engineering link */ c( "local-address" ( /* Address of the local end of the link */ ipaddr /* Address of the local end of the link */ ), "remote-address" ( /* Address of the remote end of the link */ ipaddr /* Address of the remote end of the link */ ), "remote-id" arg /* Link ID for the remote end of the link */, "te-metric" arg /* Traffic engineering metric of the link */, ("disable"), "ethernet-vlan" ( /* TE link used for setup of L2 VLAN LSP */ c( "vlan-id-range" arg /* VLAN id */ ) ), c( "interface" arg ( /* Member interface of TE link */ c( "local-address" ( /* Local address of the resource */ ipaddr /* Local address of the resource */ ), "remote-address" ( /* Remote address of the resource */ ipaddr /* Remote address of the resource */ ), "remote-id" arg /* Interface ID for the remote end of the resource */, ("disable") ) ), "label-switched-path" arg ( /* Member forwarding adjacency LSP of TE link */ c( "local-address" ( /* Local address of the resource */ ipaddr /* Local address of the resource */ ), "remote-address" ( /* Remote address of the resource */ ipaddr /* Remote address of the resource */ ), "remote-id" arg /* Interface ID for the remote end of the resource */, ("disable") ) ) ) ) ), "peer" arg ( /* Define a network or LMP peer */ c( "address" ( /* Address of peer */ ipaddr /* Address of peer */ ), "lmp-protocol" ( /* LMP protocol attributes */ c( "hello-interval" arg /* Interval between Hello messages */, "hello-dead-interval" arg /* Delay for control channel shutdown when no Hello received */, "retransmission-interval" arg /* Minimum time before retransmitting a message */, "retry-limit" arg /* Number of times to retransmit a message */, "passive" /* Do not send Config messages to peer */ ) ), "control-channel" ( /* Control channel interfaces by priority */ interface_name /* Control channel interfaces by priority */ ), "lmp-control-channel" ( /* Control channel IDs */ lmp_control_channel_type /* Control channel IDs */ ), "te-link" arg /* List of TE links managed by this peer */ ) ), "traceoptions" ( /* LMP trace options */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("init" | "show" | "route-socket" | "parse" | "process" | "server" | "routing" | "packets" | "hello-packets" | "state" | "nsr-synchronization" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ) ) end rule(:juniper_protocols_mpls) do c( "lsp-external-controller" arg ( /* External path computing entity */ c( "label-switched-path-template" ( /* Template for externally provisioned LSP parameters */ c( c( arg, "default-template" /* Use default parameters */ ) ) ), "label-switched-path-p2mp-template" ( /* Template for externally provisioned P2MP LSP parameters */ c( c( arg, "default-template" /* Use default parameters */ ) ) ), "pce-controlled-lsp" arg ( /* Template for externally provisioned LSP using regular expression */ c( "label-switched-path-template" ( /* Template for externally provisioned LSP parameters */ c( arg ) ), "label-switched-path-p2mp-template" ( /* Template for externally provisioned P2MP LSP parameters */ c( arg ) ) ) ) ) ), "path-mtu" ( /* Path MTU configuration */ c( "allow-fragmentation" /* If needed, fragment IP before encapsulating in MPLS */, "rsvp" ( /* RSVP-specific path MTU options */ c( "mtu-signaling" /* Enable RSVP path MTU signaling */ ) ) ) ), "diffserv-te" ( /* Global diffserv-traffic-engineering options */ c( "bandwidth-model" ( /* Bandwidth constraint model supported */ ("extended-mam" | "mam" | "rdm") ), "te-class-matrix" ( /* Supported combinations of traffic-class and preemption */ c( "te0" ( /* Definition for traffic-engineering class te0 */ te_class_object /* Definition for traffic-engineering class te0 */ ).as(:oneline), "te1" ( /* Definition for traffic-engineering class te1 */ te_class_object /* Definition for traffic-engineering class te1 */ ).as(:oneline), "te2" ( /* Definition for traffic-engineering class te2 */ te_class_object /* Definition for traffic-engineering class te2 */ ).as(:oneline), "te3" ( /* Definition for traffic-engineering class te3 */ te_class_object /* Definition for traffic-engineering class te3 */ ).as(:oneline), "te4" ( /* Definition for traffic-engineering class te4 */ te_class_object /* Definition for traffic-engineering class te4 */ ).as(:oneline), "te5" ( /* Definition for traffic-engineering class te5 */ te_class_object /* Definition for traffic-engineering class te5 */ ).as(:oneline), "te6" ( /* Definition for traffic-engineering class te6 */ te_class_object /* Definition for traffic-engineering class te6 */ ).as(:oneline), "te7" ( /* Definition for traffic-engineering class te7 */ te_class_object /* Definition for traffic-engineering class te7 */ ).as(:oneline) ) ) ) ), "auto-policing" ( /* Automatic policing of LSPs */ c( "class" enum(("all" | "ct0" | "ct1" | "ct2" | "ct3")) ( /* Forwarding class */ c( c( "drop" /* Drop packets if bandwidth is exceeded */, "loss-priority-high" /* Set loss priority to high if bandwidth is exceeded */, "loss-priority-low" /* Set loss priority to low if bandwidth is exceeded */ ) ) ) ) ), "statistics" ( /* Collect statistics for signaled label-switched paths */ c( "file" ( /* Statistics file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "interval" arg /* Time to collect statistics (seconds) */, "auto-bandwidth" /* Enable auto bandwidth allocation */, "no-transit-statistics" /* Disable transit LSP statistics collection */, c( "no-transit-statistics-polling" /* Disable polling and display of transit lsp statistics */, "transit-statistics-polling" /* Enable polling and display of transit lsp statistics */ ), "no-bypass-statistics-polling" /* Disable polling and display of bypass lsp statistics */, "statistics-query-batch-size" arg /* Number of LSPs for which statistics will be queried together */, "traffic-class-statistics" /* Create per traffic class statistics sensors for LSPs */ ) ), "p2mp-lsp" ( /* P2MP LSP control configuration */ c( "single-abr" /* Try to use same exit node for all inter-domain sub LSPs */, "no-re-merge" /* Avoid LSP CSPF creating remerge */ ) ), "log-updown" ( /* Logging actions for LSP up/down events */ c( "syslog" /* Send syslog messages */, "no-syslog" /* Don't send syslog messages */, c( "trap" /* Send SNMP traps */, "no-trap" ( /* Don't send SNMP traps */ c( "mpls-lsp-traps" /* Dont send mpls lsp up/down traps */, "rfc3812-traps" /* Dont send rfc3812 traps */ ) ) ), "trap-path-down" /* Send SNMP traps when a path goes down */, "trap-path-up" /* Send SNMP traps when a path goes up */ ) ), "optimize-adaptive-teardown" ( /* Post make before break adaptive teardown */ c( "p2p" /* Turn on post make before break adaptive teardown for p2p */, "timeout" arg /* Timeout for adaptive teardown to clean up LSP */, "delay" ( /* Delay tearing down old optimized path after adaptive-teardown kicks in */ c( arg ) ) ) ), "traffic-engineering" ( /* Traffic-engineering control */ c( c( "bgp" /* BGP destinations only */, "bgp-igp" /* BGP and IGP destinations */, "bgp-igp-both-ribs" /* BGP and IGP destinations with routes in both routing tables */, "mpls-forwarding" /* Use MPLS routes for forwarding, not routing */ ), "database" ( /* Traffic engineering database */ c( "import" ( /* Configure TED import parameters */ c( "l3-unicast-topology" ( /* Download L3-Unicast topology into RIB */ c( "bgp-link-state" /* Export L3-Unicast topology, instead of TE topology, into BGP-LS */ ) ), "policy" ( /* Configure import policy */ policy_algebra /* Configure import policy */ ), "identifier" arg /* BGP-TE identifier */, "bgp-ls-identifier" arg /* BGP-TE domain identifier */, "ipv6" /* Import ipv6 addresses */ ) ), "export" ( /* Configure TED export related parameters */ c( "policy" ( /* Export policy */ policy_algebra /* Export policy */ ), "credibility" ( /* TED credibility value for entries from BGP-TE */ c( "unknown" arg /* Entries sourced from unknown entities */, "direct" arg /* Entries sourced from directly connected links */, "static" arg /* Entries sourced from static configuration */, "ospf" arg /* Entries sourced from ospf */, "isis-level-1" arg /* Entries sourced from ISIS Level 1 */, "isis-level-2" arg /* Entries sourced from ISIS Level 2 */, "bgp" arg /* Entries sourced from BGP */ ) ), "l3-unicast-topology" /* Download RIB entries into L3-Unicast topology */ ) ) ) ) ) ), "admin-groups" arg ( /* Administrative groups */ c( arg ) ), "advertisement-hold-time" arg /* Time that an 'LSP down' advertisement will be delayed */, "rsvp-error-hold-time" arg /* Time that RSVP PathErr events will be remembered */, "optimize-aggressive" /* Run aggressive optimization algorithm based on IGP metric only */, "smart-optimize-timer" arg /* Path optimization interval after a link traversed by the path goes down */, "optimize-switchover-delay" arg /* Delay before switching LSP to newly optimized path */, "no-propagate-ttl" /* Disable TTL propagation from IP to MPLS (on push) and MPLS to IP (on pop) */, "sensor-based-stats" /* Enable sensor based statistics collection */, "explicit-null" /* Advertise the EXPLICIT_NULL label when the router is the egress */, "icmp-tunneling" /* Allow MPLS LSPs to be used for tunneling ICMP error packets */, "revert-timer" arg /* Hold-down window before reverting back to primary path, 0 means disable */, "optimize-hold-dead-delay" arg /* Delay before tearing down the old optimized path */, "cspf-backoff-time" arg /* Delay before CSPF, when there is PathErr on backup path */, "expand-loose-hop" /* Perform CSPF path computation to expand loose hops */, "mib-mpls-show-p2mp" /* Show p2mp tunnels entries in mpls mib walk */, "bandwidth" ( /* Bandwidth to reserve (bps) */ bandwidth_type /* Bandwidth to reserve (bps) */ ), "admin-group" ( /* Administrative group policy */ admin_group_include_exclude /* Administrative group policy */ ), "admin-group-extended" ( /* Extended administrative group policy */ admin_group_include_exclude /* Extended administrative group policy */ ), "priority" ( /* Preemption priorities */ c( arg, arg ) ), "oam" ( /* Periodic OAM */ periodic_oam /* Periodic OAM */ ), "class-of-service" arg /* Class-of-service value */, "no-decrement-ttl" /* Do not decrement the TTL within an LSP */, "hop-limit" arg /* Maximum allowed router hops */, "no-cspf" /* Disable automatic path computation */, "admin-down" /* Set GMPLS LSP to administrative down state */, "optimize-timer" arg /* Periodical path reoptimizations */, "preference" arg /* Preference value */, "record" /* Record transit routers */, "no-record" /* Don't record transit routers */, "standby" /* Keep backup paths in continuous standby */, "exclude-srlg" /* Exclude SRLG links for secondary path */, "ultimate-hop-popping" /* Request ultimate hop popping from egress */, "sync-active-path-bandwidth" /* Signal standby path with bandwidth obtained from active path */, "cross-credibility-cspf" /* Compute paths across multi-protocol links and nodes */, "label-switched-path" arg ( /* Label-switched path */ c( ("disable"), "traceoptions" ( /* Trace options for MPLS label-switched path */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("cspf" | "cspf-node" | "cspf-link" | "cspf-abstract" | "state" | "all")) /* Tracing parameters */.as(:oneline) ) ), "no-install-to-address" /* Don't install host route 'to' address into routing tables */, "backup" /* Use LSP for IGP backup */, "from" ( /* Address of ingress router */ ipv4addr /* Address of ingress router */ ), "pop-and-forward" /* Enable LSP as pop-and-forward with auto-delegation */, c( "to" ( /* Address of egress router */ ipv4addr /* Address of egress router */ ), "template" /* Template for dynamic lsp paramaters */ ), "corouted-bidirectional" /* Setup the LSP as a corouted bidirectional LSP */, "corouted-bidirectional-passive" /* Associate LSP with incoming corouted bidirectional LSP */, "metric" arg /* Metric value */, "ldp-tunneling" /* Allow LDP to use this LSP for tunneling */, "soft-preemption" /* Attempt make-before-break service while preempting this LSP */, "install" arg ( /* Install prefix */ sc( "active" /* Install prefix into forwarding table */ ) ).as(:oneline), "retry-timer" arg /* Time before retrying the primary path */, "retry-limit" arg /* Maximum number of times to retry primary path */, "lsp-attributes" ( /* Attributes for generalized LSP */ c( "signal-bandwidth" ( /* Signal bandwidth for the LSP */ ("ds1" | "vt1-5" | "e1" | "vt2" | "ethernet" | "e3" | "ds3" | "sts-1" | "fastether" | "stm-1" | "stm-4" | "gigether" | "stm-16" | "stm-64" | "10gigether" | "stm-256" | "100gige") ), "switching-type" ( /* LSP switching type desired */ ("psc-1" | "lambda" | "fiber" | "tdm" | "ethernet-vlan") ), "encoding-type" ( /* LSP encoding type desired */ ("packet" | "ethernet" | "pdh" | "sonet-sdh") ), "gpid" ( /* Generalized PID */ ("ipv4" | "ethernet" | "ppp" | "hdlc" | "pos-no-scrambling-crc-16" | "pos-no-scrambling-crc-32" | "pos-scrambling-crc-16" | "pos-scrambling-crc-32") ), "upstream-label" ( /* Upstream Label for the bidirectional label-switched path */ c( "vlan-id" arg /* VLAN ID label for the label-switched path */ ) ) ) ), "revert-timer" arg /* Hold-down window before reverting back to primary path, 0 means disable */, "optimize-hold-dead-delay" arg /* Delay before tearing down the old optimized path */, "cspf-backoff-time" arg /* Delay before CSPF, when there is PathErr on backup path */, "bandwidth" ( /* Bandwidth to reserve (bps) */ bandwidth_type /* Bandwidth to reserve (bps) */ ), "admin-group" ( /* Administrative group policy */ admin_group_include_exclude /* Administrative group policy */ ), "admin-group-extended" ( /* Extended administrative group policy */ admin_group_include_exclude /* Extended administrative group policy */ ), "priority" ( /* Preemption priorities */ c( arg, arg ) ), "oam" ( /* Periodic OAM */ periodic_oam /* Periodic OAM */ ), "class-of-service" arg /* Class-of-service value */, "no-decrement-ttl" /* Do not decrement the TTL within an LSP */, "hop-limit" arg /* Maximum allowed router hops */, "no-cspf" /* Disable automatic path computation */, "admin-down" /* Set GMPLS LSP to administrative down state */, "optimize-timer" arg /* Periodical path reoptimizations */, "preference" arg /* Preference value */, "record" /* Record transit routers */, "no-record" /* Don't record transit routers */, "standby" /* Keep backup paths in continuous standby */, "exclude-srlg" /* Exclude SRLG links for secondary path */, "ultimate-hop-popping" /* Request ultimate hop popping from egress */, "sync-active-path-bandwidth" /* Signal standby path with bandwidth obtained from active path */, "cross-credibility-cspf" /* Compute paths across multi-protocol links and nodes */, "entropy-label" /* Enable entropy label */, "self-ping-duration" arg /* Duration over which to run self-ping (65535 = until success). Default = 1800s */, "no-self-ping" /* Do not run self-ping for this LSP */, c( "random" /* Randomly select among equal-cost paths */, "least-fill" /* Select the least filled among equal-cost paths */, "most-fill" /* Select the most filled among equal-cost paths */ ), "description" arg /* Text description of label-switched path */, c( "link-protection" /* Protect LSP from link faults only */, "node-link-protection" /* Protect LSP from both link and node faults */ ), "intra-domain" /* Intra-domain LSP */, "inter-domain" /* Inter-domain LSP */, "adaptive" /* Have the LSP smoothly cut over to new routes */, "in-place-lsp-bandwidth-update" /* Update LSP in-place re-using the same LSP identifier */, "fast-reroute" ( /* Fast reroute */ c( "hop-limit" arg /* Maximum allowed router hops */, c( "bandwidth" arg /* Bandwidth to reserve (bps) */, "bandwidth-percent" arg /* Percentage of main path bandwidth to reserve */ ), c( "no-include-any" /* Disable include-any checking */, "include-any" arg /* Groups, one or more of which must be present */ ), c( "no-include-all" /* Disable include-all checking */, "include-all" arg /* Groups, all of which must be present */ ), c( "no-exclude" /* Disable exclude checking */, "exclude" arg /* Groups, all of which must be absent */ ) ) ), "p2mp" ( /* Point-to-multipoint label-switched path */ sc( arg /* Name of point-to-multipoint LSP */ ) ).as(:oneline), "auto-bandwidth" ( /* Do auto bandwidth allocation for this LSP */ c( "adjust-interval" arg /* Time to adjust LSP bandwidth */, "adjust-threshold" arg /* Percentage change in average LSP utilization to trigger auto-adjustment */, "adjust-threshold-absolute" arg /* Change in average LSP utilization to trigger auto-adjustment */, "adjust-threshold-activate-bandwidth" arg /* Adjusts signaled bw if greater than this value */, "minimum-bandwidth" arg /* Minimum LSP bandwidth */, "maximum-bandwidth" arg /* Maximum LSP bandwidth */, "minimum-bandwidth-adjust-interval" arg /* Duration for which minimum bandwidth will be frozen */, "minimum-bandwidth-adjust-threshold-change" arg /* Change in max average bandwidth to freeze min bandwidth */, "minimum-bandwidth-adjust-threshold-value" arg /* Freeze min bandwidth if max average bandwidth falls below this bw */, "monitor-bandwidth" /* Monitor LSP bandwidth without adjustments */, "adjust-threshold-overflow-limit" arg /* Number of consecutive overflow samples to trigger auto-adjustment */, "adjust-threshold-underflow-limit" arg /* Number of consecutive underflow samples to trigger auto-adjustment */, "resignal-minimum-bandwidth" /* Resignal the LSP using minimum-bandwidth */, "sync-active-path-bandwidth" /* Signal standby path with bandwidth obtained from active path */ ) ), "optimize-on-change" ( /* Specify additional re-optimization triggers for this LSP */ c( "link-congestion" /* Optimize when a link becomes congested */ ) ), "deselect-on-bandwidth-failure" ( /* Deselect active path if it cannot meet the bandwidth constraint */ c( "tear-lsp" /* Bring down active path when all paths fail to reserve required bandwidth */ ) ), "track-igp-metric" ( /* Track IGP metric for LSP install prefixes */ c( "install-v4-prefixes" /* Track IGP metric for IPV4 prefixes */, "install-v6-prefixes" /* Track IGP metric for IPV6 prefixes */ ) ), "associate-lsp" ( /* Associate the LSP for OAM */ c( arg /* Name of assocation LSP */, "from" ( /* Address of ingress router of associated LSP */ ipv4addr /* Address of ingress router of associated LSP */ ) ) ), "primary" arg ( /* Preferred path */ c( "bandwidth" ( /* Bandwidth to reserve (bps) */ bandwidth_type /* Bandwidth to reserve (bps) */ ), "admin-group" ( /* Administrative group policy */ admin_group_include_exclude /* Administrative group policy */ ), "admin-group-extended" ( /* Extended administrative group policy */ admin_group_include_exclude /* Extended administrative group policy */ ), "priority" ( /* Preemption priorities */ c( arg, arg ) ), "oam" ( /* Periodic OAM */ periodic_oam /* Periodic OAM */ ), "class-of-service" arg /* Class-of-service value */, "no-decrement-ttl" /* Do not decrement the TTL within an LSP */, "hop-limit" arg /* Maximum allowed router hops */, "no-cspf" /* Disable automatic path computation */, "admin-down" /* Set GMPLS LSP to administrative down state */, "optimize-timer" arg /* Periodical path reoptimizations */, "preference" arg /* Preference value */, "record" /* Record transit routers */, "no-record" /* Don't record transit routers */, "standby" /* Keep backup paths in continuous standby */, "exclude-srlg" /* Exclude SRLG links for secondary path */, "ultimate-hop-popping" /* Request ultimate hop popping from egress */, "sync-active-path-bandwidth" /* Signal standby path with bandwidth obtained from active path */, "cross-credibility-cspf" /* Compute paths across multi-protocol links and nodes */, "adaptive" /* Have the LSP smoothly cut over to new routes */, "select" ( ("manual" | "unconditional") ), "upstream-label" ( /* Upstream Label for the bidirectional label-switched path */ c( "vlan-id" arg /* VLAN ID label for the label-switched path */ ) ), "optimize-on-change" ( /* Specify additional re-optimization triggers for this path */ c( "link-congestion" /* Optimize when a link becomes congested */ ) ) ) ), "secondary" arg ( /* Backup path */ c( "bandwidth" ( /* Bandwidth to reserve (bps) */ bandwidth_type /* Bandwidth to reserve (bps) */ ), "admin-group" ( /* Administrative group policy */ admin_group_include_exclude /* Administrative group policy */ ), "admin-group-extended" ( /* Extended administrative group policy */ admin_group_include_exclude /* Extended administrative group policy */ ), "priority" ( /* Preemption priorities */ c( arg, arg ) ), "oam" ( /* Periodic OAM */ periodic_oam /* Periodic OAM */ ), "class-of-service" arg /* Class-of-service value */, "no-decrement-ttl" /* Do not decrement the TTL within an LSP */, "hop-limit" arg /* Maximum allowed router hops */, "no-cspf" /* Disable automatic path computation */, "admin-down" /* Set GMPLS LSP to administrative down state */, "optimize-timer" arg /* Periodical path reoptimizations */, "preference" arg /* Preference value */, "record" /* Record transit routers */, "no-record" /* Don't record transit routers */, "standby" /* Keep backup paths in continuous standby */, "exclude-srlg" /* Exclude SRLG links for secondary path */, "ultimate-hop-popping" /* Request ultimate hop popping from egress */, "sync-active-path-bandwidth" /* Signal standby path with bandwidth obtained from active path */, "cross-credibility-cspf" /* Compute paths across multi-protocol links and nodes */, "adaptive" /* Have the LSP smoothly cut over to new routes */, "select" ( ("manual" | "unconditional") ), "upstream-label" ( /* Upstream Label for the bidirectional label-switched path */ c( "vlan-id" arg /* VLAN ID label for the label-switched path */ ) ), "optimize-on-change" ( /* Specify additional re-optimization triggers for this path */ c( "link-congestion" /* Optimize when a link becomes congested */ ) ), "non-active-hold-priority" ( /* Non-active hold priority */ sc( arg ) ).as(:oneline) ) ), "policing" ( /* Traffic policing for this LSP */ sc( "filter" arg /* Name of filter to use for policing LSP traffic */, "no-auto-policing" /* Turn off automatic policing for this LSP */ ) ).as(:oneline), "lsp-external-controller" arg /* Name of the external path computing entity */, "associate-backup-pe-groups" /* Associate this LSP with backup-pe groups */, "egress-protection" /* Use this LSP for egress protection data transport */, "transport-class" arg /* Transport class this LSP belongs to */ ) ), "deselect-on-bandwidth-failure" ( /* Deselect active path if it cannot meet the bandwidth constraint */ c( "tear-lsp" /* Bring down active path when all paths fail to reserve required bandwidth */ ) ), "track-igp-metric" ( /* Track IGP metric for LSP install prefixes */ c( "install-v4-prefixes" /* Track IGP metric for IPV4 prefixes */, "install-v6-prefixes" /* Track IGP metric for IPV6 prefixes */ ) ), "container-label-switched-path" arg ( c( ("disable"), "description" arg /* Text description of label-switched path */, "label-switched-path-template" ( /* Template for dynamic point-to-point LSP parameters */ c( c( arg, "default-template" /* Use default parameters */ ) ) ), "to" ( /* Address of egress router */ ipv4addr /* Address of egress router */ ), "suffix" arg /* Suffix to generate names of members of container LSP */, "splitting-merging" ( /* Do splitting and merging */ c( "maximum-member-lsps" arg /* Maximum number of LSPs */, "minimum-member-lsps" arg /* Minimum number of LSPs */, "splitting-bandwidth" arg /* Maximum bandwidth threshold for splitting */, "merging-bandwidth" arg /* Minimum bandwidth threshold for merging */, "maximum-signaling-bandwidth" arg /* Maximum bandwidth for signaling during normalization */, "minimum-signaling-bandwidth" arg /* Minimum bandwidth for signaling during normalization */, "splitting-merging-threshold" arg /* Change in aggregate LSP utilization to trigger splitting or merging */, "normalization" ( /* Do normalization */ c( "normalize-interval" arg /* Time to normalize container LSP */, "failover-normalization" /* Do pre-mature normalization in case some LSPs go down before next normalization */, "no-incremental-normalize" /* Do not normalize unless all LSPs are successfully signaled */, "normalization-retry-duration" arg /* Time before retrying the container LSP normalization */, "normalization-retry-limits" arg /* Maximum number of times to retry container LSP normalization */ ) ), "sampling" ( /* Sampling information */ c( "cut-off-threshold" arg /* Cut-off percentile to remove outliers from aggregate samples */, c( "use-average-aggregate" /* Use average of the samples */, "use-percentile" arg /* Use a percentile of the samples */ ) ) ) ) ), "lsp-external-controller" arg /* Name of the external path computing entity */ ) ), "transit-lsp-association" arg ( /* Transit label switch path assoication */ c( "lsp-name-1" arg /* Name of assocation LSP 1 */, "from-1" ( /* Address of associated LSP 1 */ ipv4addr /* Address of associated LSP 1 */ ), "lsp-name-2" arg /* Name of assocation LSP 2 */, "from-2" ( /* Address of associated LSP 2 */ ipv4addr /* Address of associated LSP 2 */ ) ) ), "path" arg ( /* Route of a label-switched path */ c( sc( "abstract" /* Next system in path is abstract */, c( "loose" /* Next hop might not be adjacent */, "loose-link" /* Next hop link might not be adjacent */, "strict" /* Next hop must be adjacent */ ) ).as(:oneline) ) ), "constituent-list" arg ( /* MPLS constituent list for abstract hops */ c( "srlg" arg /* SRLG Name */, "admin-group" arg /* Administrative groups */, "admin-group-extended" arg /* Extended administrative groups */ ) ), "abstract-hop" arg ( /* MPLS abstract hop */ c( "operator" ( /* Operation among constituent lists */ ("AND" | "OR") ), "constituent-list" arg ( /* Building abstract hop using constituent lists */ c( c( "include-any-list" /* Include any */, "include-all-list" /* Include all */, "exclude-any-list" /* Exclude any */, "exclude-all-list" /* Exclude all */ ) ) ) ) ), "egress-protection" ( /* Egress router protection */ c( "context-identifier" arg ( /* Context identifier */ c( c( "primary" /* Primary */, "protector" /* Protector */ ), "metric" arg /* IGP metric */, "advertise-mode" ( /* Advertise mode */ ("stub-proxy" | "stub-alias") ), "admin-group" arg /* Administrative groups */ ) ), "traceoptions" ( /* Trace options for egress-protection */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("state" | "route" | "error" | "all")) /* Tracing parameters */.as(:oneline) ) ) ) ), "label-range" ( /* MPLS labels ranges */ c( "lsi-label-range" arg ( /* LSI-label-range */ sc( arg ) ).as(:oneline), "dynamic-label-range" arg ( /* Dynamic-label-range */ sc( arg ) ).as(:oneline), "block-label-range" arg ( /* Block-label-range */ sc( arg ) ).as(:oneline), "srgb-label-range" arg ( /* SRGB-label-range */ sc( arg ) ).as(:oneline), "label-limit" arg /* Limit for the number of concurrent active labels */, "static-label-range" arg ( /* Static-label-range */ sc( arg ) ).as(:oneline) ) ), ("disable"), "label-history" ( /* MPLS label history recording */ c( "max-entries" arg /* Limit for the number of history entry per label */ ) ), "traceoptions" ( /* Trace options for MPLS */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("connection" | "connection-detail" | "cspf" | "cspf-node" | "cspf-link" | "cspf-abstract" | "state" | "error" | "lsping" | "graceful-restart" | "nsr-synchronization" | "nsr-synchronization-detail" | "static" | "egress-protection" | "all" | "autobw-state" | "externally-controlled-lsp" | "ted-import" | "ted-export" | "lsp-history" | "abstract-hop")) /* Tracing parameters */.as(:oneline) ) ), "ipv6-tunneling" /* Allow MPLS LSPs to be used for tunneling IPv6 traffic */, "interface" ( /* MPLS interface options */ juniper_protocols_mpls_interface /* MPLS interface options */ ), "static-label-switched-path" arg ( /* Static label-switched path */ c( c( "bypass" ( /* Bypass ingress label-switched path */ c( "bandwidth" arg /* Bandwidth to reserve */, "description" arg /* Text description of label-switched path */, "next-hop" ( /* IPv4 or IPv6 address or interface of next-hop router */ ipaddr_or_interface /* IPv4 or IPv6 address or interface of next-hop router */ ), "next-table" arg /* Next-table for lookup */, "push" arg /* Label to push */, "to" ( /* Address of egress router */ ipaddr /* Address of egress router */ ) ) ), "transit" arg ( /* Transit label-switched path */ c( "bandwidth" arg /* Bandwidth to reserve */, "description" arg /* Text description of label-switched path */, "link-protection" ( /* Bypass link protection */ sc( "bypass-name" arg /* Bypass label-switched path name */ ) ).as(:oneline), "next-hop" ( /* IPv4 or IPv6 address or interface of next-hop router */ ipaddr_or_interface /* IPv4 or IPv6 address or interface of next-hop router */ ), "member-interface" ( /* AE member interface name */ interface_unit /* AE member interface name */ ), "node-protection" ( /* Bypass node protection */ sc( "bypass-name" arg /* Bypass label-switched path name */, "next-next-label" arg /* Label expected by next-next-hop */ ) ).as(:oneline), c( "swap" arg /* Swap top label with this label */, "pop" /* Pop the top label */, "stitch" /* Swap top label with the resolved LSP */ ) ) ), "ingress" ( /* Ingress LSR configuration for a static LSP */ c( "bandwidth" arg /* Bandwidth to reserve */, "class-of-service" arg /* Class-of-service value */, "description" arg /* Text description of label-switched path */, "install" arg ( /* Install prefix */ sc( "active" /* Install prefix into forwarding table */ ) ).as(:oneline), "metric" arg /* Metric value */, "next-hop" ( /* IPv4 address or interface of next-hop router */ ipv4addr_or_interface /* IPv4 address or interface of next-hop router */ ), "link-protection" ( /* Bypass link protection */ sc( "bypass-name" arg /* Bypass label-switched path name */ ) ).as(:oneline), "node-protection" ( /* Bypass node protection */ sc( "bypass-name" arg /* Bypass label-switched path name */, "next-next-label" arg /* Label expected by next-next-hop */ ) ).as(:oneline), "no-install-to-address" /* Don't install host route 'to' address into routing tables */, "policing" ( /* Traffic policing for this LSP */ sc( "filter" arg /* Name of filter to use for policing LSP traffic */, "no-auto-policing" /* Turn off automatic policing for this LSP */ ) ).as(:oneline), "preference" arg /* Preference value */, "to" ( /* Address of egress router */ ipv4addr /* Address of egress router */ ), "push" arg /* Label to push */, "entropy-label" /* Enable entropy label */ ) ), "segment" ( /* Segment for segment routing */ c( arg, "description" arg /* Text description of label-switched path */, "next-hop" ( /* IPv4 address or interface of next-hop router */ ipv4addr_or_interface /* IPv4 address or interface of next-hop router */ ), c( "swap" arg /* Swap the SID label to this label */, "pop" /* Pop the SID label */ ) ) ) ) ) ) ) end rule(:juniper_protocols_mpls_interface) do arg.as(:arg) ( c( ("disable"), "srlg" arg /* SRLG Name */, "always-mark-connection-protection-tlv" /* Mark connection protection tlv on this interface */, "switch-away-lsps" /* Switch away protected LSPs to their bypass LSPs */, "admin-group" arg /* Administrative groups */, "admin-group-extended" arg /* Extended administrative groups */, "static" ( /* Static label-switch path related configurations */ c( "protection-revert-time" arg /* FRR revert wait time, 0 means disable */ ) ) ) ) end rule(:juniper_protocols_msdp) do c( "data-encapsulation" ( /* Set encapsulation of data packets */ ("disable" | "enable") ), "rib-group" ( /* Routing table group */ rib_group_inet_type /* Routing table group */ ), "active-source-limit" ( /* Limit the number of active sources accepted */ c( "maximum" arg /* Maximum number of active sources accepted */, "threshold" arg /* RED threshold for active source acceptance */, "log-warning" arg /* Percentage of maximum at which to start generating warnings */, "log-interval" arg /* Time between log messages */ ) ), ("disable"), "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "local-address" ( /* Local address */ ipv4addr /* Local address */ ), "traceoptions" ( /* Trace options for MSDP */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("packets" | "route" | "nsr-synchronization" | "source-active" | "source-active-request" | "source-active-response" | "keepalive" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "peer" arg ( /* Configure an MSDP peer */ c( ("disable"), "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "local-address" ( /* Local address */ ipv4addr /* Local address */ ), "traceoptions" ( /* Trace options for MSDP */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("packets" | "route" | "nsr-synchronization" | "source-active" | "source-active-request" | "source-active-response" | "keepalive" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "active-source-limit" ( /* Limit the number of active sources accepted */ c( "maximum" arg /* Maximum number of active sources accepted */, "threshold" arg /* RED threshold for active source acceptance */, "log-warning" arg /* Percentage of maximum at which to start generating warnings */, "log-interval" arg /* Time between log messages */ ) ), "keep-alive" arg /* Time limit for sending out periodic keep alive to peer */, "hold-time" arg /* Max time to terminating a peer for having not received any message from */, "sa-hold-time" arg /* Max time for holding a sa message before timing out */, "default-peer" /* Default RPF peer */, "authentication-key" arg /* MD5 authentication key */ ) ), "keep-alive" arg /* Time limit for sending out periodic keep alive to peer */, "hold-time" arg /* Max time to terminating a peer for having not received any message from */, "sa-hold-time" arg /* Max time for holding a sa message before timing out */, "source" arg ( /* Configure parameters for each source */ c( "active-source-limit" ( /* Limit the number of active sources accepted */ c( "maximum" arg /* Maximum number of active sources accepted */, "threshold" arg /* RED threshold for active source acceptance */, "log-warning" arg /* Percentage of maximum at which to start generating warnings */, "log-interval" arg /* Time between log messages */ ) ) ) ), "group" arg ( /* Configure MSDP peer groups */ c( "mode" ( /* MSDP group source-active flooding mode */ ("standard" | "mesh-group") ), ("disable"), "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "local-address" ( /* Local address */ ipv4addr /* Local address */ ), "traceoptions" ( /* Trace options for MSDP */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("packets" | "route" | "nsr-synchronization" | "source-active" | "source-active-request" | "source-active-response" | "keepalive" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "peer" arg ( /* Configure an MSDP peer */ c( ("disable"), "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "local-address" ( /* Local address */ ipv4addr /* Local address */ ), "traceoptions" ( /* Trace options for MSDP */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("packets" | "route" | "nsr-synchronization" | "source-active" | "source-active-request" | "source-active-response" | "keepalive" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "active-source-limit" ( /* Limit the number of active sources accepted */ c( "maximum" arg /* Maximum number of active sources accepted */, "threshold" arg /* RED threshold for active source acceptance */, "log-warning" arg /* Percentage of maximum at which to start generating warnings */, "log-interval" arg /* Time between log messages */ ) ), "keep-alive" arg /* Time limit for sending out periodic keep alive to peer */, "hold-time" arg /* Max time to terminating a peer for having not received any message from */, "sa-hold-time" arg /* Max time for holding a sa message before timing out */, "default-peer" /* Default RPF peer */, "authentication-key" arg /* MD5 authentication key */ ) ) ) ) ) end rule(:juniper_protocols_mstp) do c( ("disable"), "bpdu-destination-mac-address" ( /* Destination MAC address in the spanning tree BPDUs */ ("provider-bridge-group") ), "configuration-name" arg /* Configuration name (part of MST configuration identifier) */, "revision-level" arg /* Revision level (part of MST configuration identifier) */, "max-hops" arg /* Maximum number of hops */, "max-age" arg /* Maximum age of received protocol bpdu */, "hello-time" arg /* Time interval between configuration BPDUs */, "forward-delay" arg /* Time spent in listening or learning state */, "system-identifier" ( /* Sytem identifier to represent this node */ mac_unicast /* Sytem identifier to represent this node */ ), "traceoptions" ( /* Tracing options for debugging protocol operation */ stp_trace_options /* Tracing options for debugging protocol operation */ ), "bridge-priority" arg /* Priority of the bridge (in increments of 4k - 0,4k,8k,..60k) */, "backup-bridge-priority" arg /* Priority of the bridge (in increments of 4k - 4k,8k,..60k) */, "bpdu-block-on-edge" /* Block BPDU on all interfaces configured as edge (BPDU Protect) */, "vpls-flush-on-topology-change" /* Enable VPLS MAC flush on root protected CE interface receving topology change */, "priority-hold-time" arg /* Hold time before switching to primary priority when core domain becomes up */, "system-id" ( /* System ID to IP mapping */ system_id_ip_map /* System ID to IP mapping */ ), "interface" ( /* Interface options */ mstp_interface /* Interface options */ ), "msti" arg ( /* Per-MSTI options */ c( "bridge-priority" arg /* Priority of the bridge (in increments of 4k - 0,4k,8k,..60k) */, "backup-bridge-priority" arg /* Priority of the bridge (in increments of 4k - 4k,8k,..60k) */, "vlan" arg /* VLAN ID or VLAN ID range [1..4094] */, "interface" ( /* Interface options */ mstp_interface /* Interface options */ ) ) ) ) end rule(:juniper_protocols_mvpn) do c( "traceoptions" ( /* Trace options for BGP-MVPN */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("error" | "nlri" | "topology" | "tunnel" | "umh" | "intra-as-ad" | "inter-as-ad" | "spmsi-ad" | "leaf-ad" | "source-active" | "cmcast-join" | "mdt-safi-ad" | "mvpn-limit" | "nsr-synchronization" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "autodiscovery-only" ( /* Use MVPN exclusively for PE router autodiscovery */ c( "intra-as" ( /* Intra-AS autodiscovery options */ c( "inclusive" /* Inclusive provider tunnel autodiscovery */ ) ) ) ), "family" ( /* BGP-MVPN address family */ c( "any" ( /* BGP-MVPN properties for all families */ c( "disable" /* Disable all families */ ) ), "inet" ( /* IPv4 BGP-MVPN properties */ c( "autodiscovery-only" ( /* Use MVPN exclusively for PE router autodiscovery */ c( "intra-as" ( /* Intra-AS autodiscovery options */ c( "inclusive" /* Inclusive provider tunnel autodiscovery */ ) ) ) ), "disable" /* Disable family IPv4 */ ) ), "inet6" ( /* IPv6 BGP-MVPN properties */ c( "autodiscovery-only" ( /* Use MVPN exclusively for PE router autodiscovery */ c( "intra-as" ( /* Intra-AS autodiscovery options */ c( "inclusive" /* Inclusive provider tunnel autodiscovery */ ) ) ) ), "disable" /* Disable family IPv6 */ ) ) ) ), c( "receiver-site" /* MVPN instance has sites only with multicast receivers */, "sender-site" /* MVPN instance has sites only with multicast sources */ ), "unicast-umh-election" /* Upstream Multicast Hop election based on unicast route preference */, "static-umh" ( /* Upstream Multicast Hop election based on static configuration */ c( "primary" ( /* Primary Upstream Multicast Hop */ ipv4addr /* Primary Upstream Multicast Hop */ ), "backup" ( /* Secondary Upstream Multicast Hop */ ipv4addr /* Secondary Upstream Multicast Hop */ ), c( "source-tree" /* Mandatory attribute - static-umh applies only to MVPN source-tree c-multicast joins */ ) ) ), "cmcast-joins-limit-inet" arg /* Maximum number of cmcast entries for v4 */, "cmcast-joins-limit-inet6" arg /* Maximum number of cmcast entries for v6 */, "mvpn-mode" ( /* MVPN mode of operation */ c( c( "rpt-spt" ( /* MVPN works in multicast RPT and SPT mode */ c( "spt-switch-timer" arg /* Timeout before a PE router switches between RPT and SPT */ ) ), "spt-only" ( /* MVPN works in multicast SPT only mode (default mode) */ c( "source-active-advertisement" ( /* Attributes associated with advertising Source-Active A-D routes */ c( "dampen" arg /* Time to wait before re-advertising source-active route */, "min-rate" arg /* Minimum traffic rate required to advertise Source-Active route */ ) ), "convert-sa-to-msdp" /* Turn on MVPN SA route to MSDP SA conversion */ ) ) ) ) ), "route-target" ( /* Configure route-targets for MVPN routes */ c( "import-target" ( /* Target communities used when importing routes */ c( "unicast" ( /* Use the same target community as configured for unicast */ sc( c( "receiver" /* Target community used when importing receiver site routes */, "sender" /* Target community used when importing sender site routes */ ) ) ).as(:oneline), "target" ( /* Target community */ sc( arg, c( "receiver" /* Target community used when importing receiver site routes */, "sender" /* Target community used when importing sender site routes */ ) ) ).as(:oneline) ) ), "export-target" ( /* Target communities used when exporting routes */ c( "unicast" /* Use the same target community as configured for unicast */, "target" arg /* Target community */ ) ) ) ), "mvpn-join-load-balance" ( /* MVPN Join Load Balancing Algorithm */ c( c( "bytewise-xor-hash" /* Upstream selection using bytewise XOR hash */ ) ) ), "install-discard" /* Install MVPN discard forwarding entries */, "sender-based-rpf" /* Forward multicast traffic only from a selected sender PE */, "hot-root-standby" ( /* MVPN live-live - hot root standby */ c( c( "source-tree" /* MVPN live-live - hot root standby for source tree */ ), "min-rate" ( /* Minimum traffic rate for the provider tunnel below which switchover is initiated (in bps) */ c( "rate" arg /* Minium traffic rate for the provider tunnel below which switchover is initiated (in bps) */, "revert-delay" arg /* Time to delay updating of multicast routes to allow for multicast convergence */ ) ) ) ), "hierarchical-nexthop" /* Enable hierarchical nexthop usage */, "no-nexthop-sharing-for-selective-tunnel" /* Disable Tunnel nexthops from getting shared for selective tunnel */, "inter-region-template" ( /* MVPN inter-region tunnel mapping template */ c( "template" arg ( /* Define a inter-region template */ c( "region" arg ( /* BGP peer group names used as region */ c( c( "rsvp-te" ( /* RSVP-TE point-to-multipoint LSP for flooding */ c( c( "static-lsp" arg /* Name of point-to-multipoint LSP */, "label-switched-path-template" ( /* Template for dynamic point-to-multipoint LSP parameters */ c( c( arg /* Name of point-to-multipoint LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ), "ldp-p2mp" /* LDP point-to-multipoint LSP for flooding */, "ingress-replication" ( /* Ingress replication tunnel */ c( "create-new-ucast-tunnel" /* Create new unicast tunnel for ingress replication */, "label-switched-path" ( /* Point-to-point LSP unicast tunnel */ c( "label-switched-path-template" ( /* Template for dynamic point-to-point LSP parameters */ c( c( arg /* Name of point-to-point LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ) ), "incoming" /* Same as incoming provider tunnel */ ) ) ), "all-regions" ( /* Used for all regions not specified */ c( c( "rsvp-te" ( /* RSVP-TE point-to-multipoint LSP for flooding */ c( c( "static-lsp" arg /* Name of point-to-multipoint LSP */, "label-switched-path-template" ( /* Template for dynamic point-to-multipoint LSP parameters */ c( c( arg /* Name of point-to-multipoint LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ), "ldp-p2mp" /* LDP point-to-multipoint LSP for flooding */, "ingress-replication" ( /* Ingress replication tunnel */ c( "create-new-ucast-tunnel" /* Create new unicast tunnel for ingress replication */, "label-switched-path" ( /* Point-to-point LSP unicast tunnel */ c( "label-switched-path-template" ( /* Template for dynamic point-to-point LSP parameters */ c( c( arg /* Name of point-to-point LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ) ), "incoming" /* Same as incoming provider tunnel */ ) ) ) ) ) ) ), "source-redundancy" /* Assume all the sources for a particular group is sending same data */, "umh-selection-additional-input" ( /* Additional parameters to consider during UMH */ c( "source-active-preference" /* Use the preference set in the source active route */, "tunnel-status" /* Use the RSVP tunnel status */ ) ) ) end rule(:juniper_protocols_mvrp) do c( "traceoptions" ( /* Tracing options for MVRP */ mrp_trace_options /* Tracing options for MVRP */ ), "join-timer" arg /* Join timer interval */, "leave-timer" arg /* Leave timer interval */, "leaveall-timer" arg /* Leaveall timer interval */, "no-dynamic-vlan" /* Disable dynamic VLAN creation */, "no-attribute-length-in-pdu" /* No attribute length while sending pdu */, "bpdu-destination-mac-address" ( /* Destination MAC address in the MVRP BPDUs */ ("provider-bridge-group") ), "interface" arg ( /* Configure interface options */ c( "join-timer" arg /* Join timer interval */, "leave-timer" arg /* Leave timer interval */, "leaveall-timer" arg /* Leaveall timer interval */, "point-to-point" /* Port is point to point */, "registration" ( /* Registration mode */ ("normal" | "restricted" | "forbidden") ) ) ) ) end rule(:juniper_protocols_openflow) do c( "switch" arg ( /* OpenFlow switch */ c( "default-action" ( /* Action for packets that not have a matching flow entry */ c( c( "drop" /* Drop all packets that do not have a matching flow entry */, "packet-in" /* Send packets to client if no matching flow entry */ ) ) ), "interfaces" arg ( /* Interfaces configured for use with Openflow */ sc( "port-id" arg /* Openflow port ID */ ) ).as(:oneline), "purge-flow-timer" arg /* Purge timer value for invalid flows */, "controller" ( /* OpenFlow controller's IP address, port and protocol */ c( "protocol" ( /* Protocol type for controller connection */ c( "tcp" ( /* Set protocol type to 'TCP' (default) */ c( "port" arg /* Controller's port number (default 6633) */ ) ) ) ), "role" ( /* Controller role */ ("equal") ), "address" ( /* Controller's IPv4 address */ ipaddr /* Controller's IPv4 address */ ), "id" arg /* Controller id */ ) ) ) ), "traceoptions" ( /* OpenFlow switch daemon trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("switch" | "configuration" | "flow" | "filter" | "function" | "packet-io" | "statistics" | "interface" | "packets" | "barrier" | "nh" | "group" | "all")) /* Tracing flag parameters */.as(:oneline) ) ) ) end rule(:juniper_protocols_ospf) do c( "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology parameters */ c( "disable" /* Disable this topology */, "topology-id" arg /* Topology identifier */, "overload" /* Set the overload mode (repel transit traffic) */, "rib-group" arg /* Routing table group for importing routes */, "spf-options" ( /* Configure options for SPF */ c( "delay" arg /* Time to wait before running an SPF */, "holddown" arg /* Time to hold down before running an SPF */, "rapid-runs" arg /* Number of maximum rapid SPF runs before holddown */, "no-ignore-our-externals" /* Do not ignore self-generated external and NSSA LSAs */ ) ), "backup-spf-options" ( /* Configure options for backup SPF */ c( "remote-backup-calculation" ( /* Calculate Remote LFA backup nexthops */ c( "pq-nodes-nearest-to-source" ( /* PQ nodes selection based upon nearest to source */ c( "percent" arg /* Selection percentage for nearest to source */ ) ) ) ), "use-post-convergence-lfa" ( /* Calculate post-convergence backup paths */ c( "maximum-labels" arg /* Maximum number of labels installed for post-convergence paths */, "maximum-backup-paths" arg /* Maximum number of equal-cost post-convergence paths installed */ ) ), "use-source-packet-routing" /* Use spring backup paths for inet.0 routes */, "disable" /* Do not run backup SPF */, "no-install" /* Do not install backup nexthops into the RIB */, "downstream-paths-only" /* Use only downstream backup paths */, "per-prefix-calculation" ( /* Calculate backup nexthops for non-best prefix originators */ c( "stubs" /* Per prefix calculation for stubs only */, "summary" /* Per prefix calculation for summary originators only */, "externals" /* Per prefix calculation for externals */, "all" /* Per prefix calculation for all */ ) ), "node-link-degradation" /* Degrade to link protection when nodelink protection not available */ ) ), "prefix-export-limit" arg /* Maximum number of prefixes that can be exported */ ) ), "backup-spf-options" ( /* Configure options for backup SPF */ c( "remote-backup-calculation" ( /* Calculate Remote LFA backup nexthops */ c( "pq-nodes-nearest-to-source" ( /* PQ nodes selection based upon nearest to source */ c( "percent" arg /* Selection percentage for nearest to source */ ) ) ) ), "use-post-convergence-lfa" ( /* Calculate post-convergence backup paths */ c( "maximum-labels" arg /* Maximum number of labels installed for post-convergence paths */, "maximum-backup-paths" arg /* Maximum number of equal-cost post-convergence paths installed */ ) ), "use-source-packet-routing" /* Use spring backup paths for inet.0 routes */, "disable" /* Do not run backup SPF */, "no-install" /* Do not install backup nexthops into the RIB */, "downstream-paths-only" /* Use only downstream backup paths */, "per-prefix-calculation" ( /* Calculate backup nexthops for non-best prefix originators */ c( "stubs" /* Per prefix calculation for stubs only */, "summary" /* Per prefix calculation for summary originators only */, "externals" /* Per prefix calculation for externals */, "all" /* Per prefix calculation for all */ ) ), "node-link-degradation" /* Degrade to link protection when nodelink protection not available */ ) ), "traffic-engineering" ( /* Configure traffic engineering attributes */ c( "no-topology" /* Disable dissemination of TE link-state topology information */, "multicast-rpf-routes" /* Install routes for multicast RPF checks into inet.2 */, "l3-unicast-topology" /* Download IGP topology into TED */, "ignore-lsp-metrics" ( /* Ignore label-switched path metrics when doing shortcuts */ c( "unconfigured-only" /* Ignore lsp metrics for unconfigured only */ ) ), "shortcuts" ( /* Use label-switched paths as next hops, if possible */ c( "ignore-lsp-metrics" /* Ignore label-switched path metrics when doing shortcuts */, "lsp-metric-into-summary" /* Advertise LSP metric into summary LSAs */, "family" enum(("inet" | "inet-mpls")) /* Address family specific traffic-engineering attributes */ ) ), "advertise-unnumbered-interfaces" /* Advertise unnumbered interfaces */, "credibility-protocol-preference" /* TED protocol credibility follows protocol preference */, "advertisement" ( /* Advertise TE parameters even if RSVP is not turned on */ c( "always" /* Advertise TE parameters in TE LSAs */ ) ) ) ), "source-packet-routing" ( /* Enable source packet routing (SPRING) */ c( "adjacency-segment" ( /* Attributes for adjacency segments in spring */ c( "hold-time" arg /* Retain time of Adjacency segment after isolating from an interface */ ) ), "prefix-segment" ( /* Prefix Segment policy */ policy_algebra /* Prefix Segment policy */ ), "explicit-null" /* Set E and P bits in all Prefix SID advertisements */, "node-segment" ( /* Enable support for Node segments in SPRING */ c( "ipv4-index" arg /* Set ipv4 node segment index */, "index-range" arg /* Set range of node segment indices allowed */ ) ), "srgb" ( /* Set the SRGB global block in SPRING */ sc( "start-label" arg /* Start range for SRGB label block */, "index-range" arg /* Index to the SRGB start label block */ ) ).as(:oneline), "mapping-server" arg /* Mapping server name */, "install-prefix-sid-for-best-route" /* For best route install a exact prefix sid route */, "ldp-stitching" /* Enable SR to LDP stitching */, "flex-algorithm" arg /* Flex-algorithms we would like to participate in */ ) ), "area" arg ( /* Configure an OSPF area */ c( c( "stub" ( /* Configure a stub area */ sc( "default-metric" arg /* Metric for the default route in this stub area */, "summaries" /* Flood summary LSAs into this stub area */, "no-summaries" /* Don't flood summary LSAs into this stub area */ ) ).as(:oneline), "nssa" ( /* Configure a not-so-stubby area */ c( "default-lsa" ( /* Configure a default LSA */ c( "default-metric" arg /* Metric for the default route in this area */, "metric-type" arg /* External metric type for the default type 7 LSA */, "type-7" /* Flood type 7 default LSA if no-summaries is configured */ ) ), "default-metric" arg /* Metric for the default route in this area */, "metric-type" arg /* External metric type for the default type 7 LSA */, "summaries" /* Flood summary LSAs into this NSSA area */, "no-summaries" /* Don't flood summary LSAs into this NSSA area */, "area-range" arg ( /* Configure NSSA area ranges */ c( "restrict" /* Restrict advertisement of this area range */, "exact" /* Enforce exact match for advertisement of this area range */, "override-metric" ( /* Override the dynamic metric for this area-range */ c( arg, "metric-type" arg /* Set the metric type for the override metric */ ) ) ) ) ) ) ), "area-range" arg ( /* Configure area ranges */ c( "restrict" /* Restrict advertisement of this area range */, "exact" /* Enforce exact match for advertisement of this area range */, "override-metric" arg /* Override the dynamic metric for this area-range */ ) ), "network-summary-export" ( /* Export policy for Type 3 Summary LSAs */ policy_algebra /* Export policy for Type 3 Summary LSAs */ ), "network-summary-import" ( /* Import policy for Type 3 Summary LSAs */ policy_algebra /* Import policy for Type 3 Summary LSAs */ ), "inter-area-prefix-export" ( /* Export policy for Inter Area Prefix LSAs */ policy_algebra /* Export policy for Inter Area Prefix LSAs */ ), "inter-area-prefix-import" ( /* Import policy for Inter Area Prefix LSAs */ policy_algebra /* Import policy for Inter Area Prefix LSAs */ ), "authentication-type" ( /* Authentication type */ ("none" | "simple" | "md5") ), "virtual-link" ( /* Configure virtual links */ s( "neighbor-id" arg /* Router ID of a virtual neighbor */, "transit-area" arg /* Transit area in common with virtual neighbor */, c( ("disable"), "retransmit-interval" arg /* Retransmission interval (seconds) */, "transit-delay" arg /* Transit delay (seconds) */, "hello-interval" arg /* Hello interval (seconds) */, "dead-interval" arg /* Dead interval (seconds) */, "mtu" arg /* Maximum OSPF packet size */, c( "authentication" ( juniper_ospf_authentication ), "authentication-key" ( /* Authentication key */ sc( unreadable /* Authentication key value */, "key-id" arg /* Key ID for MD5 authentication */ ) ).as(:oneline) ), "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "no-neighbor-down-notification" /* Don't inform other protocols about neighbor down events */, "ipsec-sa" arg /* IPSec security association name */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ) ) ) ), "sham-link-remote" arg ( /* Configure parameters for remote sham link endpoint */ c( "metric" arg /* Sham link metric */, "ipsec-sa" arg /* IPSec security association name */, "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ) ) ), "interface" arg ( /* Include an interface in this area */ c( ("disable"), "interface-type" ( /* Type of interface */ ("nbma" | "p2mp" | "p2p" | "p2mp-over-lan") ), c( "link-protection" /* Protect interface from link faults only */, "node-link-protection" /* Protect interface from both link and node faults */ ), "no-eligible-backup" /* Not eligible to backup traffic from protected interfaces */, "no-eligible-remote-backup" /* Not eligible for Remote-LFA backup traffic from protected interfaces */, "passive" ( /* Do not run OSPF, but advertise it */ c( "traffic-engineering" ( /* Advertise TE link information */ c( "remote-node-id" ( /* Remote address of the link */ ipaddr /* Remote address of the link */ ), "remote-node-router-id" ( /* TE Router-ID of the remote node */ ipv4addr /* TE Router-ID of the remote node */ ) ) ) ) ), "secondary" /* Treat interface as secondary */, "own-router-lsa" /* Generate a separate router LSA for this interface */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ), "metric" arg /* Interface metric */, "priority" arg /* Designated router priority */, "retransmit-interval" arg /* Retransmission interval (seconds) */, "transit-delay" arg /* Transit delay (seconds) */, "hello-interval" arg /* Hello interval (seconds) */, "dead-interval" arg /* Dead interval (seconds) */, "mtu" arg /* Maximum OSPF packet size */, c( "authentication" ( juniper_ospf_authentication ), "authentication-key" ( /* Authentication key */ sc( unreadable /* Authentication key value */, "key-id" arg /* Key ID for MD5 authentication */ ) ).as(:oneline) ), "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "no-neighbor-down-notification" /* Don't inform other protocols about neighbor down events */, "ipsec-sa" arg /* IPSec security association name */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ), "transmit-interval" arg /* OSPF packet transmit interval (milliseconds) */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "full-neighbors-only" /* Setup BFD sessions only to Full neighbors */, "holddown-interval" arg /* Time to hold the session-UP notification to the client */ ) ), "dynamic-neighbors" /* Learn neighbors dynamically on a p2mp interface */, "no-advertise-adjacency-segment" /* Do not advertise an adjacency segment for this interface */, "neighbor" arg ( /* NBMA neighbor */ sc( "eligible" /* Eligible to be DR on an NBMA network */ ) ).as(:oneline), "poll-interval" arg /* Poll interval for NBMA interfaces */, "no-interface-state-traps" /* Do not send interface state change traps */, "strict-bfd" /* Enable strict bfd over this interface */, "post-convergence-lfa" ( /* Protect interface using post-convergence backup path */ c( "node-protection" ( /* Compute backup path assuming node failure */ c( "cost" arg /* Cost for node protection */ ) ), "srlg-protection" /* Compute backup path assuming SRLG failure */, "fate-sharing-protection" /* Compute backup path assuming fate-sharing group failure */ ) ), "te-metric" arg /* Traffic engineering metric */, "ldp-synchronization" ( /* Advertise maximum metric until LDP is operational */ ldp_sync_obj /* Advertise maximum metric until LDP is operational */ ), "ipv4-adjacency-segment" ( /* Configure ipv4 adjacency segment */ c( "protected" ( /* Adjacency SID is eligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline), "unprotected" ( /* Adjacency SID uneligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline) ) ), "lan-neighbor" arg ( /* Configuration specific to a LAN neighbor */ c( "ipv4-adjacency-segment" ( /* Configure ipv4 adjacency segment */ c( "protected" ( /* Adjacency SID is eligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline), "unprotected" ( /* Adjacency SID uneligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline) ) ) ) ) ) ), "no-context-identifier-advertisement" /* Disable context identifier advertisments in this area */, "peer-interface" arg ( /* Configuration for peer interface */ c( ("disable"), "retransmit-interval" arg /* Retransmission interval (seconds) */, "transit-delay" arg /* Transit delay (seconds) */, "hello-interval" arg /* Hello interval (seconds) */, "dead-interval" arg /* Dead interval (seconds) */, "mtu" arg /* Maximum OSPF packet size */, c( "authentication" ( juniper_ospf_authentication ), "authentication-key" ( /* Authentication key */ sc( unreadable /* Authentication key value */, "key-id" arg /* Key ID for MD5 authentication */ ) ).as(:oneline) ), "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "no-neighbor-down-notification" /* Don't inform other protocols about neighbor down events */ ) ), "no-source-packet-routing" /* Disable SPRING in this area */, "context-identifier" arg /* Configure context identifier in support of edge protection */, "label-switched-path" arg ( /* Configuration for advertisement of a label-switched path */ c( ("disable"), "metric" arg /* Interface metric */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ) ) ) ) ), ("disable"), "traceoptions" ( /* Trace options for OSPF */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("spf" | "error" | "event" | "packet-dump" | "flooding" | "lsa-analysis" | "packets" | "hello" | "database-description" | "lsa-request" | "lsa-update" | "lsa-ack" | "ldp-synchronization" | "on-demand" | "nsr-synchronization" | "graceful-restart" | "restart-signaling" | "backup-spf" | "source-packet-routing" | "post-convergence-lfa" | "flex-algorithm" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "spf-options" ( /* Configure options for SPF */ c( "delay" arg /* Time to wait before running an SPF */, "holddown" arg /* Time to hold down before running an SPF */, "rapid-runs" arg /* Number of maximum rapid SPF runs before holddown */, "no-ignore-our-externals" /* Do not ignore self-generated external and NSSA LSAs */ ) ), "prefix-export-limit" arg /* Maximum number of prefixes that can be exported */, "rib-groups" ( /* Routing table groups for importing OSPF routes */ c( "inet" arg /* Name of the IPv4/v6 routing table group */, "inet3" arg /* Name of the IPv4/v6 inet.3 routing table group */ ) ), "job-stats" /* Collect job statistics */, "overload" ( /* Set the overload mode (repel transit traffic) */ c( "timeout" arg /* Time after which overload mode is reset */, "allow-route-leaking" /* Allow routes to be leaked when overload is configured */, "stub-network" /* Advertise Stub Network with maximum metric */, "intra-area-prefix" /* Advertise Intra Area Prefix with maximum metric */, "as-external" /* Advertise As External with maximum usable metric */ ) ), "database-protection" ( /* Configure database protection attributes */ c( "maximum-lsa" arg /* Maximum allowed non self-generated LSAs */, "warning-only" /* Emit only a warning when LSA maximum limit is exceeded */, "warning-threshold" arg /* Percentage of LSA maximum above which to trigger warning */, "ignore-count" arg /* Maximum number of times to go into ignore state */, "ignore-time" arg /* Time to stay in ignore state and ignore all neighbors */, "reset-time" arg /* Time after which the ignore count gets reset to zero */ ) ), "graceful-restart" ( /* Configure graceful restart attributes */ c( ("disable"), "restart-duration" arg /* Time for all neighbors to become full */, "notify-duration" arg /* Time to send all max-aged grace LSAs */, "helper-disable" ( /* Disable graceful restart helper capability */ c( c( "standard" /* Disable helper-mode for rfc3623 based GR */, "restart-signaling" /* Disable helper mode for restart-signaling */, "both" /* Disable helper mode for both the types of GR */ ) ) ), "no-strict-lsa-checking" /* Do not abort graceful helper mode upon LSA changes */ ) ), "route-type-community" ( /* Specify BGP extended community value to encode OSPF route type */ ("iana" | "vendor") ), "domain-id" ( /* Configure domain ID */ sc( c( arg /* Domain ID */, "disable" /* Disable domain ID */ ) ) ).as(:oneline), c( "domain-vpn-tag" arg /* Domain VPN tag for external LSA */, "no-domain-vpn-tag" /* Disable domain VPN tag */ ), "preference" arg /* Preference of internal routes */, "external-preference" arg /* Preference of external routes */, "labeled-preference" arg /* Preference of labeled routes */, "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "import" ( /* Import policy (for external routes or setting priority) */ policy_algebra /* Import policy (for external routes or setting priority) */ ), "reference-bandwidth" arg /* Bandwidth for calculating metric defaults */, "lsa-refresh-interval" arg /* LSA refresh interval (minutes) */, "spf-delay" arg /* Time to wait before running an SPF */, "no-rfc-1583" /* Disable RFC1583 compatibility */, "forwarding-address-to-broadcast" /* Set forwarding address in Type 5 LSA in broadcast network */, c( "no-nssa-abr" /* Disable full NSSA functionality at ABR */ ), "sham-link" ( /* Configure parameters for sham links */ c( "local" ( /* Local sham link endpoint address */ ipaddr /* Local sham link endpoint address */ ), "no-advertise-local" /* Don't advertise local sham link endpoint as stub in router LSA */ ) ) ) end rule(:juniper_ospf_authentication) do c( c( "simple-password" ( /* Authentication key */ unreadable /* Authentication key */ ), "md5" arg ( /* MD5 authentication key */ sc( "key" ( /* MD5 authentication key value */ unreadable /* MD5 authentication key value */ ), "start-time" ( /* Start time for key transmission (YYYY-MM-DD.HH:MM) */ time /* Start time for key transmission (YYYY-MM-DD.HH:MM) */ ) ) ).as(:oneline) ) ) end rule(:juniper_protocols_ospf3) do c( "realm" ("ipv6-unicast" | "ipv6-multicast" | "ipv4-unicast" | "ipv4-multicast") ( /* OSPFv3 realm configuration */ c( "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology parameters */ c( "disable" /* Disable this topology */, "topology-id" arg /* Topology identifier */, "overload" /* Set the overload mode (repel transit traffic) */, "rib-group" arg /* Routing table group for importing routes */, "spf-options" ( /* Configure options for SPF */ c( "delay" arg /* Time to wait before running an SPF */, "holddown" arg /* Time to hold down before running an SPF */, "rapid-runs" arg /* Number of maximum rapid SPF runs before holddown */, "no-ignore-our-externals" /* Do not ignore self-generated external and NSSA LSAs */ ) ), "backup-spf-options" ( /* Configure options for backup SPF */ c( "remote-backup-calculation" ( /* Calculate Remote LFA backup nexthops */ c( "pq-nodes-nearest-to-source" ( /* PQ nodes selection based upon nearest to source */ c( "percent" arg /* Selection percentage for nearest to source */ ) ) ) ), "use-post-convergence-lfa" ( /* Calculate post-convergence backup paths */ c( "maximum-labels" arg /* Maximum number of labels installed for post-convergence paths */, "maximum-backup-paths" arg /* Maximum number of equal-cost post-convergence paths installed */ ) ), "use-source-packet-routing" /* Use spring backup paths for inet.0 routes */, "disable" /* Do not run backup SPF */, "no-install" /* Do not install backup nexthops into the RIB */, "downstream-paths-only" /* Use only downstream backup paths */, "per-prefix-calculation" ( /* Calculate backup nexthops for non-best prefix originators */ c( "stubs" /* Per prefix calculation for stubs only */, "summary" /* Per prefix calculation for summary originators only */, "externals" /* Per prefix calculation for externals */, "all" /* Per prefix calculation for all */ ) ), "node-link-degradation" /* Degrade to link protection when nodelink protection not available */ ) ), "prefix-export-limit" arg /* Maximum number of prefixes that can be exported */ ) ), "backup-spf-options" ( /* Configure options for backup SPF */ c( "remote-backup-calculation" ( /* Calculate Remote LFA backup nexthops */ c( "pq-nodes-nearest-to-source" ( /* PQ nodes selection based upon nearest to source */ c( "percent" arg /* Selection percentage for nearest to source */ ) ) ) ), "use-post-convergence-lfa" ( /* Calculate post-convergence backup paths */ c( "maximum-labels" arg /* Maximum number of labels installed for post-convergence paths */, "maximum-backup-paths" arg /* Maximum number of equal-cost post-convergence paths installed */ ) ), "use-source-packet-routing" /* Use spring backup paths for inet.0 routes */, "disable" /* Do not run backup SPF */, "no-install" /* Do not install backup nexthops into the RIB */, "downstream-paths-only" /* Use only downstream backup paths */, "per-prefix-calculation" ( /* Calculate backup nexthops for non-best prefix originators */ c( "stubs" /* Per prefix calculation for stubs only */, "summary" /* Per prefix calculation for summary originators only */, "externals" /* Per prefix calculation for externals */, "all" /* Per prefix calculation for all */ ) ), "node-link-degradation" /* Degrade to link protection when nodelink protection not available */ ) ), "traffic-engineering" ( /* Configure traffic engineering attributes */ c( "no-topology" /* Disable dissemination of TE link-state topology information */, "multicast-rpf-routes" /* Install routes for multicast RPF checks into inet.2 */, "l3-unicast-topology" /* Download IGP topology into TED */, "ignore-lsp-metrics" ( /* Ignore label-switched path metrics when doing shortcuts */ c( "unconfigured-only" /* Ignore lsp metrics for unconfigured only */ ) ), "shortcuts" ( /* Use label-switched paths as next hops, if possible */ c( "ignore-lsp-metrics" /* Ignore label-switched path metrics when doing shortcuts */, "lsp-metric-into-summary" /* Advertise LSP metric into summary LSAs */, "family" enum(("inet" | "inet-mpls")) /* Address family specific traffic-engineering attributes */ ) ), "advertise-unnumbered-interfaces" /* Advertise unnumbered interfaces */, "credibility-protocol-preference" /* TED protocol credibility follows protocol preference */, "advertisement" ( /* Advertise TE parameters even if RSVP is not turned on */ c( "always" /* Advertise TE parameters in TE LSAs */ ) ) ) ), "source-packet-routing" ( /* Enable source packet routing (SPRING) */ c( "adjacency-segment" ( /* Attributes for adjacency segments in spring */ c( "hold-time" arg /* Retain time of Adjacency segment after isolating from an interface */ ) ), "prefix-segment" ( /* Prefix Segment policy */ policy_algebra /* Prefix Segment policy */ ), "explicit-null" /* Set E and P bits in all Prefix SID advertisements */, "node-segment" ( /* Enable support for Node segments in SPRING */ c( "ipv4-index" arg /* Set ipv4 node segment index */, "index-range" arg /* Set range of node segment indices allowed */ ) ), "srgb" ( /* Set the SRGB global block in SPRING */ sc( "start-label" arg /* Start range for SRGB label block */, "index-range" arg /* Index to the SRGB start label block */ ) ).as(:oneline), "mapping-server" arg /* Mapping server name */, "install-prefix-sid-for-best-route" /* For best route install a exact prefix sid route */, "ldp-stitching" /* Enable SR to LDP stitching */, "flex-algorithm" arg /* Flex-algorithms we would like to participate in */ ) ), "area" arg ( /* Configure an OSPF area */ c( c( "stub" ( /* Configure a stub area */ sc( "default-metric" arg /* Metric for the default route in this stub area */, "summaries" /* Flood summary LSAs into this stub area */, "no-summaries" /* Don't flood summary LSAs into this stub area */ ) ).as(:oneline), "nssa" ( /* Configure a not-so-stubby area */ c( "default-lsa" ( /* Configure a default LSA */ c( "default-metric" arg /* Metric for the default route in this area */, "metric-type" arg /* External metric type for the default type 7 LSA */, "type-7" /* Flood type 7 default LSA if no-summaries is configured */ ) ), "default-metric" arg /* Metric for the default route in this area */, "metric-type" arg /* External metric type for the default type 7 LSA */, "summaries" /* Flood summary LSAs into this NSSA area */, "no-summaries" /* Don't flood summary LSAs into this NSSA area */, "area-range" arg ( /* Configure NSSA area ranges */ c( "restrict" /* Restrict advertisement of this area range */, "exact" /* Enforce exact match for advertisement of this area range */, "override-metric" ( /* Override the dynamic metric for this area-range */ c( arg, "metric-type" arg /* Set the metric type for the override metric */ ) ) ) ) ) ) ), "area-range" arg ( /* Configure area ranges */ c( "restrict" /* Restrict advertisement of this area range */, "exact" /* Enforce exact match for advertisement of this area range */, "override-metric" arg /* Override the dynamic metric for this area-range */ ) ), "network-summary-export" ( /* Export policy for Type 3 Summary LSAs */ policy_algebra /* Export policy for Type 3 Summary LSAs */ ), "network-summary-import" ( /* Import policy for Type 3 Summary LSAs */ policy_algebra /* Import policy for Type 3 Summary LSAs */ ), "inter-area-prefix-export" ( /* Export policy for Inter Area Prefix LSAs */ policy_algebra /* Export policy for Inter Area Prefix LSAs */ ), "inter-area-prefix-import" ( /* Import policy for Inter Area Prefix LSAs */ policy_algebra /* Import policy for Inter Area Prefix LSAs */ ), "authentication-type" ( /* Authentication type */ ("none" | "simple" | "md5") ), "virtual-link" ( /* Configure virtual links */ s( "neighbor-id" arg /* Router ID of a virtual neighbor */, "transit-area" arg /* Transit area in common with virtual neighbor */, c( ("disable"), "retransmit-interval" arg /* Retransmission interval (seconds) */, "transit-delay" arg /* Transit delay (seconds) */, "hello-interval" arg /* Hello interval (seconds) */, "dead-interval" arg /* Dead interval (seconds) */, "mtu" arg /* Maximum OSPF packet size */, c( "authentication" ( juniper_ospf_authentication ), "authentication-key" ( /* Authentication key */ sc( unreadable /* Authentication key value */, "key-id" arg /* Key ID for MD5 authentication */ ) ).as(:oneline) ), "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "no-neighbor-down-notification" /* Don't inform other protocols about neighbor down events */, "ipsec-sa" arg /* IPSec security association name */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ) ) ) ), "sham-link-remote" arg ( /* Configure parameters for remote sham link endpoint */ c( "metric" arg /* Sham link metric */, "ipsec-sa" arg /* IPSec security association name */, "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ) ) ), "interface" arg ( /* Include an interface in this area */ c( ("disable"), "interface-type" ( /* Type of interface */ ("nbma" | "p2mp" | "p2p" | "p2mp-over-lan") ), c( "link-protection" /* Protect interface from link faults only */, "node-link-protection" /* Protect interface from both link and node faults */ ), "no-eligible-backup" /* Not eligible to backup traffic from protected interfaces */, "no-eligible-remote-backup" /* Not eligible for Remote-LFA backup traffic from protected interfaces */, "passive" ( /* Do not run OSPF, but advertise it */ c( "traffic-engineering" ( /* Advertise TE link information */ c( "remote-node-id" ( /* Remote address of the link */ ipaddr /* Remote address of the link */ ), "remote-node-router-id" ( /* TE Router-ID of the remote node */ ipv4addr /* TE Router-ID of the remote node */ ) ) ) ) ), "secondary" /* Treat interface as secondary */, "own-router-lsa" /* Generate a separate router LSA for this interface */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ), "metric" arg /* Interface metric */, "priority" arg /* Designated router priority */, "retransmit-interval" arg /* Retransmission interval (seconds) */, "transit-delay" arg /* Transit delay (seconds) */, "hello-interval" arg /* Hello interval (seconds) */, "dead-interval" arg /* Dead interval (seconds) */, "mtu" arg /* Maximum OSPF packet size */, c( "authentication" ( juniper_ospf_authentication ), "authentication-key" ( /* Authentication key */ sc( unreadable /* Authentication key value */, "key-id" arg /* Key ID for MD5 authentication */ ) ).as(:oneline) ), "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "no-neighbor-down-notification" /* Don't inform other protocols about neighbor down events */, "ipsec-sa" arg /* IPSec security association name */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ), "transmit-interval" arg /* OSPF packet transmit interval (milliseconds) */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "full-neighbors-only" /* Setup BFD sessions only to Full neighbors */, "holddown-interval" arg /* Time to hold the session-UP notification to the client */ ) ), "dynamic-neighbors" /* Learn neighbors dynamically on a p2mp interface */, "no-advertise-adjacency-segment" /* Do not advertise an adjacency segment for this interface */, "neighbor" arg ( /* NBMA neighbor */ sc( "eligible" /* Eligible to be DR on an NBMA network */ ) ).as(:oneline), "poll-interval" arg /* Poll interval for NBMA interfaces */, "no-interface-state-traps" /* Do not send interface state change traps */, "strict-bfd" /* Enable strict bfd over this interface */, "post-convergence-lfa" ( /* Protect interface using post-convergence backup path */ c( "node-protection" ( /* Compute backup path assuming node failure */ c( "cost" arg /* Cost for node protection */ ) ), "srlg-protection" /* Compute backup path assuming SRLG failure */, "fate-sharing-protection" /* Compute backup path assuming fate-sharing group failure */ ) ), "te-metric" arg /* Traffic engineering metric */, "ldp-synchronization" ( /* Advertise maximum metric until LDP is operational */ ldp_sync_obj /* Advertise maximum metric until LDP is operational */ ), "ipv4-adjacency-segment" ( /* Configure ipv4 adjacency segment */ c( "protected" ( /* Adjacency SID is eligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline), "unprotected" ( /* Adjacency SID uneligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline) ) ), "lan-neighbor" arg ( /* Configuration specific to a LAN neighbor */ c( "ipv4-adjacency-segment" ( /* Configure ipv4 adjacency segment */ c( "protected" ( /* Adjacency SID is eligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline), "unprotected" ( /* Adjacency SID uneligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline) ) ) ) ) ) ), "no-context-identifier-advertisement" /* Disable context identifier advertisments in this area */, "peer-interface" arg ( /* Configuration for peer interface */ c( ("disable"), "retransmit-interval" arg /* Retransmission interval (seconds) */, "transit-delay" arg /* Transit delay (seconds) */, "hello-interval" arg /* Hello interval (seconds) */, "dead-interval" arg /* Dead interval (seconds) */, "mtu" arg /* Maximum OSPF packet size */, c( "authentication" ( juniper_ospf_authentication ), "authentication-key" ( /* Authentication key */ sc( unreadable /* Authentication key value */, "key-id" arg /* Key ID for MD5 authentication */ ) ).as(:oneline) ), "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "no-neighbor-down-notification" /* Don't inform other protocols about neighbor down events */ ) ), "no-source-packet-routing" /* Disable SPRING in this area */, "context-identifier" arg /* Configure context identifier in support of edge protection */, "label-switched-path" arg ( /* Configuration for advertisement of a label-switched path */ c( ("disable"), "metric" arg /* Interface metric */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ) ) ) ) ), ("disable"), "traceoptions" ( /* Trace options for OSPF */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("spf" | "error" | "event" | "packet-dump" | "flooding" | "lsa-analysis" | "packets" | "hello" | "database-description" | "lsa-request" | "lsa-update" | "lsa-ack" | "ldp-synchronization" | "on-demand" | "nsr-synchronization" | "graceful-restart" | "restart-signaling" | "backup-spf" | "source-packet-routing" | "post-convergence-lfa" | "flex-algorithm" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "spf-options" ( /* Configure options for SPF */ c( "delay" arg /* Time to wait before running an SPF */, "holddown" arg /* Time to hold down before running an SPF */, "rapid-runs" arg /* Number of maximum rapid SPF runs before holddown */, "no-ignore-our-externals" /* Do not ignore self-generated external and NSSA LSAs */ ) ), "prefix-export-limit" arg /* Maximum number of prefixes that can be exported */, "rib-groups" ( /* Routing table groups for importing OSPF routes */ c( "inet" arg /* Name of the IPv4/v6 routing table group */, "inet3" arg /* Name of the IPv4/v6 inet.3 routing table group */ ) ), "job-stats" /* Collect job statistics */, "overload" ( /* Set the overload mode (repel transit traffic) */ c( "timeout" arg /* Time after which overload mode is reset */, "allow-route-leaking" /* Allow routes to be leaked when overload is configured */, "stub-network" /* Advertise Stub Network with maximum metric */, "intra-area-prefix" /* Advertise Intra Area Prefix with maximum metric */, "as-external" /* Advertise As External with maximum usable metric */ ) ), "database-protection" ( /* Configure database protection attributes */ c( "maximum-lsa" arg /* Maximum allowed non self-generated LSAs */, "warning-only" /* Emit only a warning when LSA maximum limit is exceeded */, "warning-threshold" arg /* Percentage of LSA maximum above which to trigger warning */, "ignore-count" arg /* Maximum number of times to go into ignore state */, "ignore-time" arg /* Time to stay in ignore state and ignore all neighbors */, "reset-time" arg /* Time after which the ignore count gets reset to zero */ ) ), "graceful-restart" ( /* Configure graceful restart attributes */ c( ("disable"), "restart-duration" arg /* Time for all neighbors to become full */, "notify-duration" arg /* Time to send all max-aged grace LSAs */, "helper-disable" ( /* Disable graceful restart helper capability */ c( c( "standard" /* Disable helper-mode for rfc3623 based GR */, "restart-signaling" /* Disable helper mode for restart-signaling */, "both" /* Disable helper mode for both the types of GR */ ) ) ), "no-strict-lsa-checking" /* Do not abort graceful helper mode upon LSA changes */ ) ), "route-type-community" ( /* Specify BGP extended community value to encode OSPF route type */ ("iana" | "vendor") ), "domain-id" ( /* Configure domain ID */ sc( c( arg /* Domain ID */, "disable" /* Disable domain ID */ ) ) ).as(:oneline), c( "domain-vpn-tag" arg /* Domain VPN tag for external LSA */, "no-domain-vpn-tag" /* Disable domain VPN tag */ ), "preference" arg /* Preference of internal routes */, "external-preference" arg /* Preference of external routes */, "labeled-preference" arg /* Preference of labeled routes */, "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "import" ( /* Import policy (for external routes or setting priority) */ policy_algebra /* Import policy (for external routes or setting priority) */ ), "reference-bandwidth" arg /* Bandwidth for calculating metric defaults */, "lsa-refresh-interval" arg /* LSA refresh interval (minutes) */, "spf-delay" arg /* Time to wait before running an SPF */, "no-rfc-1583" /* Disable RFC1583 compatibility */, "forwarding-address-to-broadcast" /* Set forwarding address in Type 5 LSA in broadcast network */, c( "no-nssa-abr" /* Disable full NSSA functionality at ABR */ ), "sham-link" ( /* Configure parameters for sham links */ c( "local" ( /* Local sham link endpoint address */ ipaddr /* Local sham link endpoint address */ ), "no-advertise-local" /* Don't advertise local sham link endpoint as stub in router LSA */ ) ) ) ), "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology parameters */ c( "disable" /* Disable this topology */, "topology-id" arg /* Topology identifier */, "overload" /* Set the overload mode (repel transit traffic) */, "rib-group" arg /* Routing table group for importing routes */, "spf-options" ( /* Configure options for SPF */ c( "delay" arg /* Time to wait before running an SPF */, "holddown" arg /* Time to hold down before running an SPF */, "rapid-runs" arg /* Number of maximum rapid SPF runs before holddown */, "no-ignore-our-externals" /* Do not ignore self-generated external and NSSA LSAs */ ) ), "backup-spf-options" ( /* Configure options for backup SPF */ c( "remote-backup-calculation" ( /* Calculate Remote LFA backup nexthops */ c( "pq-nodes-nearest-to-source" ( /* PQ nodes selection based upon nearest to source */ c( "percent" arg /* Selection percentage for nearest to source */ ) ) ) ), "use-post-convergence-lfa" ( /* Calculate post-convergence backup paths */ c( "maximum-labels" arg /* Maximum number of labels installed for post-convergence paths */, "maximum-backup-paths" arg /* Maximum number of equal-cost post-convergence paths installed */ ) ), "use-source-packet-routing" /* Use spring backup paths for inet.0 routes */, "disable" /* Do not run backup SPF */, "no-install" /* Do not install backup nexthops into the RIB */, "downstream-paths-only" /* Use only downstream backup paths */, "per-prefix-calculation" ( /* Calculate backup nexthops for non-best prefix originators */ c( "stubs" /* Per prefix calculation for stubs only */, "summary" /* Per prefix calculation for summary originators only */, "externals" /* Per prefix calculation for externals */, "all" /* Per prefix calculation for all */ ) ), "node-link-degradation" /* Degrade to link protection when nodelink protection not available */ ) ), "prefix-export-limit" arg /* Maximum number of prefixes that can be exported */ ) ), "backup-spf-options" ( /* Configure options for backup SPF */ c( "remote-backup-calculation" ( /* Calculate Remote LFA backup nexthops */ c( "pq-nodes-nearest-to-source" ( /* PQ nodes selection based upon nearest to source */ c( "percent" arg /* Selection percentage for nearest to source */ ) ) ) ), "use-post-convergence-lfa" ( /* Calculate post-convergence backup paths */ c( "maximum-labels" arg /* Maximum number of labels installed for post-convergence paths */, "maximum-backup-paths" arg /* Maximum number of equal-cost post-convergence paths installed */ ) ), "use-source-packet-routing" /* Use spring backup paths for inet.0 routes */, "disable" /* Do not run backup SPF */, "no-install" /* Do not install backup nexthops into the RIB */, "downstream-paths-only" /* Use only downstream backup paths */, "per-prefix-calculation" ( /* Calculate backup nexthops for non-best prefix originators */ c( "stubs" /* Per prefix calculation for stubs only */, "summary" /* Per prefix calculation for summary originators only */, "externals" /* Per prefix calculation for externals */, "all" /* Per prefix calculation for all */ ) ), "node-link-degradation" /* Degrade to link protection when nodelink protection not available */ ) ), "traffic-engineering" ( /* Configure traffic engineering attributes */ c( "no-topology" /* Disable dissemination of TE link-state topology information */, "multicast-rpf-routes" /* Install routes for multicast RPF checks into inet.2 */, "l3-unicast-topology" /* Download IGP topology into TED */, "ignore-lsp-metrics" ( /* Ignore label-switched path metrics when doing shortcuts */ c( "unconfigured-only" /* Ignore lsp metrics for unconfigured only */ ) ), "shortcuts" ( /* Use label-switched paths as next hops, if possible */ c( "ignore-lsp-metrics" /* Ignore label-switched path metrics when doing shortcuts */, "lsp-metric-into-summary" /* Advertise LSP metric into summary LSAs */, "family" enum(("inet" | "inet-mpls")) /* Address family specific traffic-engineering attributes */ ) ), "advertise-unnumbered-interfaces" /* Advertise unnumbered interfaces */, "credibility-protocol-preference" /* TED protocol credibility follows protocol preference */, "advertisement" ( /* Advertise TE parameters even if RSVP is not turned on */ c( "always" /* Advertise TE parameters in TE LSAs */ ) ) ) ), "source-packet-routing" ( /* Enable source packet routing (SPRING) */ c( "adjacency-segment" ( /* Attributes for adjacency segments in spring */ c( "hold-time" arg /* Retain time of Adjacency segment after isolating from an interface */ ) ), "prefix-segment" ( /* Prefix Segment policy */ policy_algebra /* Prefix Segment policy */ ), "explicit-null" /* Set E and P bits in all Prefix SID advertisements */, "node-segment" ( /* Enable support for Node segments in SPRING */ c( "ipv4-index" arg /* Set ipv4 node segment index */, "index-range" arg /* Set range of node segment indices allowed */ ) ), "srgb" ( /* Set the SRGB global block in SPRING */ sc( "start-label" arg /* Start range for SRGB label block */, "index-range" arg /* Index to the SRGB start label block */ ) ).as(:oneline), "mapping-server" arg /* Mapping server name */, "install-prefix-sid-for-best-route" /* For best route install a exact prefix sid route */, "ldp-stitching" /* Enable SR to LDP stitching */, "flex-algorithm" arg /* Flex-algorithms we would like to participate in */ ) ), "area" arg ( /* Configure an OSPF area */ c( c( "stub" ( /* Configure a stub area */ sc( "default-metric" arg /* Metric for the default route in this stub area */, "summaries" /* Flood summary LSAs into this stub area */, "no-summaries" /* Don't flood summary LSAs into this stub area */ ) ).as(:oneline), "nssa" ( /* Configure a not-so-stubby area */ c( "default-lsa" ( /* Configure a default LSA */ c( "default-metric" arg /* Metric for the default route in this area */, "metric-type" arg /* External metric type for the default type 7 LSA */, "type-7" /* Flood type 7 default LSA if no-summaries is configured */ ) ), "default-metric" arg /* Metric for the default route in this area */, "metric-type" arg /* External metric type for the default type 7 LSA */, "summaries" /* Flood summary LSAs into this NSSA area */, "no-summaries" /* Don't flood summary LSAs into this NSSA area */, "area-range" arg ( /* Configure NSSA area ranges */ c( "restrict" /* Restrict advertisement of this area range */, "exact" /* Enforce exact match for advertisement of this area range */, "override-metric" ( /* Override the dynamic metric for this area-range */ c( arg, "metric-type" arg /* Set the metric type for the override metric */ ) ) ) ) ) ) ), "area-range" arg ( /* Configure area ranges */ c( "restrict" /* Restrict advertisement of this area range */, "exact" /* Enforce exact match for advertisement of this area range */, "override-metric" arg /* Override the dynamic metric for this area-range */ ) ), "network-summary-export" ( /* Export policy for Type 3 Summary LSAs */ policy_algebra /* Export policy for Type 3 Summary LSAs */ ), "network-summary-import" ( /* Import policy for Type 3 Summary LSAs */ policy_algebra /* Import policy for Type 3 Summary LSAs */ ), "inter-area-prefix-export" ( /* Export policy for Inter Area Prefix LSAs */ policy_algebra /* Export policy for Inter Area Prefix LSAs */ ), "inter-area-prefix-import" ( /* Import policy for Inter Area Prefix LSAs */ policy_algebra /* Import policy for Inter Area Prefix LSAs */ ), "authentication-type" ( /* Authentication type */ ("none" | "simple" | "md5") ), "virtual-link" ( /* Configure virtual links */ s( "neighbor-id" arg /* Router ID of a virtual neighbor */, "transit-area" arg /* Transit area in common with virtual neighbor */, c( ("disable"), "retransmit-interval" arg /* Retransmission interval (seconds) */, "transit-delay" arg /* Transit delay (seconds) */, "hello-interval" arg /* Hello interval (seconds) */, "dead-interval" arg /* Dead interval (seconds) */, "mtu" arg /* Maximum OSPF packet size */, c( "authentication" ( juniper_ospf_authentication ), "authentication-key" ( /* Authentication key */ sc( unreadable /* Authentication key value */, "key-id" arg /* Key ID for MD5 authentication */ ) ).as(:oneline) ), "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "no-neighbor-down-notification" /* Don't inform other protocols about neighbor down events */, "ipsec-sa" arg /* IPSec security association name */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ) ) ) ), "sham-link-remote" arg ( /* Configure parameters for remote sham link endpoint */ c( "metric" arg /* Sham link metric */, "ipsec-sa" arg /* IPSec security association name */, "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ) ) ), "interface" arg ( /* Include an interface in this area */ c( ("disable"), "interface-type" ( /* Type of interface */ ("nbma" | "p2mp" | "p2p" | "p2mp-over-lan") ), c( "link-protection" /* Protect interface from link faults only */, "node-link-protection" /* Protect interface from both link and node faults */ ), "no-eligible-backup" /* Not eligible to backup traffic from protected interfaces */, "no-eligible-remote-backup" /* Not eligible for Remote-LFA backup traffic from protected interfaces */, "passive" ( /* Do not run OSPF, but advertise it */ c( "traffic-engineering" ( /* Advertise TE link information */ c( "remote-node-id" ( /* Remote address of the link */ ipaddr /* Remote address of the link */ ), "remote-node-router-id" ( /* TE Router-ID of the remote node */ ipv4addr /* TE Router-ID of the remote node */ ) ) ) ) ), "secondary" /* Treat interface as secondary */, "own-router-lsa" /* Generate a separate router LSA for this interface */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ), "metric" arg /* Interface metric */, "priority" arg /* Designated router priority */, "retransmit-interval" arg /* Retransmission interval (seconds) */, "transit-delay" arg /* Transit delay (seconds) */, "hello-interval" arg /* Hello interval (seconds) */, "dead-interval" arg /* Dead interval (seconds) */, "mtu" arg /* Maximum OSPF packet size */, c( "authentication" ( juniper_ospf_authentication ), "authentication-key" ( /* Authentication key */ sc( unreadable /* Authentication key value */, "key-id" arg /* Key ID for MD5 authentication */ ) ).as(:oneline) ), "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "no-neighbor-down-notification" /* Don't inform other protocols about neighbor down events */, "ipsec-sa" arg /* IPSec security association name */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ), "transmit-interval" arg /* OSPF packet transmit interval (milliseconds) */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "full-neighbors-only" /* Setup BFD sessions only to Full neighbors */, "holddown-interval" arg /* Time to hold the session-UP notification to the client */ ) ), "dynamic-neighbors" /* Learn neighbors dynamically on a p2mp interface */, "no-advertise-adjacency-segment" /* Do not advertise an adjacency segment for this interface */, "neighbor" arg ( /* NBMA neighbor */ sc( "eligible" /* Eligible to be DR on an NBMA network */ ) ).as(:oneline), "poll-interval" arg /* Poll interval for NBMA interfaces */, "no-interface-state-traps" /* Do not send interface state change traps */, "strict-bfd" /* Enable strict bfd over this interface */, "post-convergence-lfa" ( /* Protect interface using post-convergence backup path */ c( "node-protection" ( /* Compute backup path assuming node failure */ c( "cost" arg /* Cost for node protection */ ) ), "srlg-protection" /* Compute backup path assuming SRLG failure */, "fate-sharing-protection" /* Compute backup path assuming fate-sharing group failure */ ) ), "te-metric" arg /* Traffic engineering metric */, "ldp-synchronization" ( /* Advertise maximum metric until LDP is operational */ ldp_sync_obj /* Advertise maximum metric until LDP is operational */ ), "ipv4-adjacency-segment" ( /* Configure ipv4 adjacency segment */ c( "protected" ( /* Adjacency SID is eligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline), "unprotected" ( /* Adjacency SID uneligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline) ) ), "lan-neighbor" arg ( /* Configuration specific to a LAN neighbor */ c( "ipv4-adjacency-segment" ( /* Configure ipv4 adjacency segment */ c( "protected" ( /* Adjacency SID is eligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline), "unprotected" ( /* Adjacency SID uneligible for protection */ sc( c( "index" ( /* Adjacency SID indexed from SRGB */ sc( arg ) ).as(:oneline), "label" arg /* Adjacency SID from static label pool */, "dynamic" /* Dynamically allocate an adjacency segment */ ) ) ).as(:oneline) ) ) ) ) ) ), "no-context-identifier-advertisement" /* Disable context identifier advertisments in this area */, "peer-interface" arg ( /* Configuration for peer interface */ c( ("disable"), "retransmit-interval" arg /* Retransmission interval (seconds) */, "transit-delay" arg /* Transit delay (seconds) */, "hello-interval" arg /* Hello interval (seconds) */, "dead-interval" arg /* Dead interval (seconds) */, "mtu" arg /* Maximum OSPF packet size */, c( "authentication" ( juniper_ospf_authentication ), "authentication-key" ( /* Authentication key */ sc( unreadable /* Authentication key value */, "key-id" arg /* Key ID for MD5 authentication */ ) ).as(:oneline) ), "demand-circuit" /* Interface functions as a demand circuit */, "flood-reduction" /* Enable flood reduction */, "no-neighbor-down-notification" /* Don't inform other protocols about neighbor down events */ ) ), "no-source-packet-routing" /* Disable SPRING in this area */, "context-identifier" arg /* Configure context identifier in support of edge protection */, "label-switched-path" arg ( /* Configuration for advertisement of a label-switched path */ c( ("disable"), "metric" arg /* Interface metric */, "topology" ("default" | "ipv4-multicast" | arg) ( /* Topology specific attributes */ c( "disable" /* Disable this topology */, "metric" arg /* Topology metric */, "bandwidth-based-metrics" ( /* Configure bandwidth based metrics */ c( "bandwidth" arg ( /* Bandwidth threshold */ sc( "metric" arg /* Metric associated with specified bandwidth */ ) ).as(:oneline) ) ) ) ) ) ) ) ), ("disable"), "traceoptions" ( /* Trace options for OSPF */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("spf" | "error" | "event" | "packet-dump" | "flooding" | "lsa-analysis" | "packets" | "hello" | "database-description" | "lsa-request" | "lsa-update" | "lsa-ack" | "ldp-synchronization" | "on-demand" | "nsr-synchronization" | "graceful-restart" | "restart-signaling" | "backup-spf" | "source-packet-routing" | "post-convergence-lfa" | "flex-algorithm" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "spf-options" ( /* Configure options for SPF */ c( "delay" arg /* Time to wait before running an SPF */, "holddown" arg /* Time to hold down before running an SPF */, "rapid-runs" arg /* Number of maximum rapid SPF runs before holddown */, "no-ignore-our-externals" /* Do not ignore self-generated external and NSSA LSAs */ ) ), "prefix-export-limit" arg /* Maximum number of prefixes that can be exported */, "rib-groups" ( /* Routing table groups for importing OSPF routes */ c( "inet" arg /* Name of the IPv4/v6 routing table group */, "inet3" arg /* Name of the IPv4/v6 inet.3 routing table group */ ) ), "job-stats" /* Collect job statistics */, "overload" ( /* Set the overload mode (repel transit traffic) */ c( "timeout" arg /* Time after which overload mode is reset */, "allow-route-leaking" /* Allow routes to be leaked when overload is configured */, "stub-network" /* Advertise Stub Network with maximum metric */, "intra-area-prefix" /* Advertise Intra Area Prefix with maximum metric */, "as-external" /* Advertise As External with maximum usable metric */ ) ), "database-protection" ( /* Configure database protection attributes */ c( "maximum-lsa" arg /* Maximum allowed non self-generated LSAs */, "warning-only" /* Emit only a warning when LSA maximum limit is exceeded */, "warning-threshold" arg /* Percentage of LSA maximum above which to trigger warning */, "ignore-count" arg /* Maximum number of times to go into ignore state */, "ignore-time" arg /* Time to stay in ignore state and ignore all neighbors */, "reset-time" arg /* Time after which the ignore count gets reset to zero */ ) ), "graceful-restart" ( /* Configure graceful restart attributes */ c( ("disable"), "restart-duration" arg /* Time for all neighbors to become full */, "notify-duration" arg /* Time to send all max-aged grace LSAs */, "helper-disable" ( /* Disable graceful restart helper capability */ c( c( "standard" /* Disable helper-mode for rfc3623 based GR */, "restart-signaling" /* Disable helper mode for restart-signaling */, "both" /* Disable helper mode for both the types of GR */ ) ) ), "no-strict-lsa-checking" /* Do not abort graceful helper mode upon LSA changes */ ) ), "route-type-community" ( /* Specify BGP extended community value to encode OSPF route type */ ("iana" | "vendor") ), "domain-id" ( /* Configure domain ID */ sc( c( arg /* Domain ID */, "disable" /* Disable domain ID */ ) ) ).as(:oneline), c( "domain-vpn-tag" arg /* Domain VPN tag for external LSA */, "no-domain-vpn-tag" /* Disable domain VPN tag */ ), "preference" arg /* Preference of internal routes */, "external-preference" arg /* Preference of external routes */, "labeled-preference" arg /* Preference of labeled routes */, "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "import" ( /* Import policy (for external routes or setting priority) */ policy_algebra /* Import policy (for external routes or setting priority) */ ), "reference-bandwidth" arg /* Bandwidth for calculating metric defaults */, "lsa-refresh-interval" arg /* LSA refresh interval (minutes) */, "spf-delay" arg /* Time to wait before running an SPF */, "no-rfc-1583" /* Disable RFC1583 compatibility */, "forwarding-address-to-broadcast" /* Set forwarding address in Type 5 LSA in broadcast network */, c( "no-nssa-abr" /* Disable full NSSA functionality at ABR */ ), "sham-link" ( /* Configure parameters for sham links */ c( "local" ( /* Local sham link endpoint address */ ipaddr /* Local sham link endpoint address */ ), "no-advertise-local" /* Don't advertise local sham link endpoint as stub in router LSA */ ) ) ) end rule(:juniper_protocols_overlayd) do c( "traceoptions" ( /* Overlayd trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("socket" | "rtsock" | "config" | "all")) /* Tracing flag parameters */.as(:oneline) ) ) ) end rule(:juniper_protocols_pgm) do c( "traceoptions" ( /* PGM trace options */ c( "flag" enum(("init" | "show" | "route-socket" | "parse" | "state" | "packets" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ) ) end rule(:juniper_protocols_pim) do c( "family" ( /* Local address family */ c( "any" ( /* Default properties for all address families */ c( "disable" /* Disable all families */ ) ), "inet" ( /* IPv4 specific properties */ c( ("disable") ) ), "inet6" ( /* IPv6 specific properties */ c( ("disable") ) ) ) ), ("disable"), "nonstop-routing" ( /* Configure PIM nonstop-routing attributes */ c( ("disable") ) ), "traceoptions" ( /* Trace options for PIM */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("route" | "packets" | "hello" | "register" | "join" | "prune" | "graft" | "bootstrap" | "rp" | "autorp" | "assert" | "mdt" | "nsr-synchronization" | "bidirectional-df-election" | "mofrr" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */, "filter" ( /* Filter to apply to this flag */ pim_filter_obj /* Filter to apply to this flag */ ) ) ).as(:oneline) ) ), "dense-groups" ( /* Dense mode groups for sparse-dense mode */ c( "dynamic-reject" /* Reject dynamic autorp negative dense-mode prefixes learnt from network */, sc( ("reject" | "announce") ).as(:oneline) ) ), "vpn-tunnel-source" ( /* Source address for the provider space mGRE tunnel */ ipv4addr /* Source address for the provider space mGRE tunnel */ ), "vpn-group-address" ( /* Group address for the VPN in provider space */ ipv4addr /* Group address for the VPN in provider space */ ), "tunnel-devices" ( /* Tunnel devices to be used for creating mt interfaces */ interface_device /* Tunnel devices to be used for creating mt interfaces */ ), "rpf-selection" ( /* Select RPF neighbor */ c( "group" arg ( /* IP prefix of multicast group */ c( "wildcard-source" ( /* Select RPF for (*,g) and unspecified (s,g) joins */ c( "next-hop" ( /* Next-hop address */ ipaddr /* Next-hop address */ ) ) ), "source" arg ( /* IP prefix of one or more multicast sources */ c( "next-hop" ( /* Next-hop address */ ipaddr /* Next-hop address */ ) ) ) ) ), "prefix-list" arg ( /* Multicast group prefix list */ c( "wildcard-source" ( /* Select RPF for (*,g) and unspecified (s,g) joins */ c( "next-hop" ( /* Next-hop address */ ipaddr /* Next-hop address */ ) ) ), "source" arg ( /* IP prefix of one or more multicast sources */ c( "next-hop" ( /* Next-hop address */ ipaddr /* Next-hop address */ ) ) ) ) ) ) ), "mvpn" ( /* PIM MVPN control-plane options */ c( "autodiscovery" ( /* PE router autodiscovery options for SSM MDTs */ c( "inet-mdt" /* MDT-SAFI PE autodiscovery for SSM MDTs */ ) ), "family" ( /* PIM MVPN address family */ c( "inet" ( /* IPv4 PIM MVPN specific properties */ c( "rosen-mvpn", "ngen-mvpn", "autodiscovery" ( /* PE router autodiscovery options for SSM MDTs */ c( "inet-mdt" /* MDT-SAFI PE autodiscovery for SSM MDTs */ ) ), "disable" /* Disable family IPv4 */ ) ), "inet6" ( /* IPv6 PIM MVPN specific properties */ c( "rosen-mvpn", "ngen-mvpn", "autodiscovery" ( /* PE router autodiscovery options for SSM MDTs */ c( "inet-mdt" /* MDT-SAFI PE autodiscovery for SSM MDTs */ ) ), "disable" /* Disable family IPv6 */ ) ) ) ) ) ), "rib-group" ( /* Routing table group */ rib_group_type /* Routing table group */ ), "import" ( /* PIM sparse import join policy */ policy_algebra /* PIM sparse import join policy */ ), "export" ( /* PIM sparse export join policy */ policy_algebra /* PIM sparse export join policy */ ), "mldp-inband-signalling" ( c( "policy" ( /* PIM MLDP join translation filter policy */ policy_algebra /* PIM MLDP join translation filter policy */ ) ) ), "rpf-vector" ( /* RPF vector TLV */ c( "policy" ( /* RPF vector TLV include policy */ policy_algebra /* RPF vector TLV include policy */ ) ) ), "assert-timeout" arg /* Set assert timeout */, "assert-robust-count" arg /* Number of assert messages an assert winner sends in one cycle */, "join-prune-timeout" arg /* Set join/prune timeout */, "spt-threshold" ( /* Set shortest-path-tree threshold policy */ c( "infinity" ( /* Apply policy to always remain on shared tree */ policy_algebra /* Apply policy to always remain on shared tree */ ) ) ), "sglimit" ( /* Set limit on number of (S,G) states */ c( "family" enum(("inet" | "inet6")) ( /* Protocol family */ c( "maximum" arg /* Maximum limit above which additional entries are not accepted */, "threshold" arg /* Percentage of maximum at which to start generating warnings */, "log-interval" arg /* Time between successive log messages */ ) ), "maximum" arg /* Maximum limit above which additional entries are not accepted */, "threshold" arg /* Percentage of maximum at which to start generating warnings */, "log-interval" arg /* Time between successive log messages */ ) ), "rp" ( /* Router's rendezvous point properties */ c( "bootstrap-priority" arg /* Eligibility to be the bootstrap router (IPv4 only) */, "bootstrap-import" ( /* Bootstrap import policy (IPv4 only) */ policy_algebra /* Bootstrap import policy (IPv4 only) */ ), "bootstrap-export" ( /* Bootstrap export policy (IPv4 only) */ policy_algebra /* Bootstrap export policy (IPv4 only) */ ), "bootstrap" ( /* Bootstrap properties */ c( "family" ( /* Bootstrap address family */ c( "inet" ( /* IPv4 bootstrap properties */ pim_bootstrap_options_type /* IPv4 bootstrap properties */ ), "inet6" ( /* IPv6 bootstrap properties */ pim_bootstrap_options_type /* IPv6 bootstrap properties */ ) ) ) ) ), "register-limit" ( /* Set limit on incoming registers that create (S,G) state */ c( "family" enum(("inet" | "inet6")) ( /* Protocol family */ c( "maximum" arg /* Maximum limit above which additional entries are not accepted */, "threshold" arg /* Percentage of maximum at which to start generating warnings */, "log-interval" arg /* Time between successive log messages */ ) ), "maximum" arg /* Maximum limit above which additional entries are not accepted */, "threshold" arg /* Percentage of maximum at which to start generating warnings */, "log-interval" arg /* Time between successive log messages */ ) ), "group-rp-mapping" ( /* Group-rp-mapping */ c( "family" enum(("inet" | "inet6")) ( /* Protocol family */ c( "maximum" arg /* Maximum limit above which additional entries are not accepted */, "threshold" arg /* Percentage of maximum at which to start generating warnings */, "log-interval" arg /* Time between successive log messages */ ) ), "maximum" arg /* Maximum limit above which additional entries are not accepted */, "threshold" arg /* Percentage of maximum at which to start generating warnings */, "log-interval" arg /* Time between successive log messages */ ) ), "rp-register-policy" ( /* RP policy applied to incoming register messages */ policy_algebra /* RP policy applied to incoming register messages */ ), "dr-register-policy" ( /* DR policy applied to outgoing register messages */ policy_algebra /* DR policy applied to outgoing register messages */ ), "local" ( /* Router's local RP properties */ c( "address" ( /* Local RP address (IPv4 only) */ ipv4addr /* Local RP address (IPv4 only) */ ), ("disable"), "priority" arg /* Router's priority for becoming an RP (IPv4 only) */, "hold-time" arg /* How long neighbor considers this router to be up, in seconds (IPv4 only) */, "group-ranges" arg /* Group address range for which this router can be an RP (IPv4 only) */, "override" /* Static RP mapping will take precedence over dynamic */, "process-non-null-as-null-register" /* Process incoming non null registers as null registers */, "family" ( /* Local RP address family */ c( "inet" ( /* IPv4 local RP properties */ c( "address" ( /* Local RP address */ ipv4addr /* Local RP address */ ), ("disable"), "priority" arg /* Router's priority for becoming an RP */, "hold-time" arg /* How long neighbor considers this router to be up, in seconds */, "group-ranges" arg /* Group address range for which this router can be an RP */, "override" /* Static RP mapping will take precedence over dynamic */, "anycast-pim" ( /* Attributes for IPv4 anycast PIM */ c( "rp-set" ( /* Rendezvous points belonging to anycast RP set */ c( "address" arg ( /* IPv4 address of one or more remote anycast RPs */ c( "forward-msdp-sa" /* Forward SAs learned from MSDP to this RP */ ) ) ) ), "local-address" ( /* Local address for replicating register messages to other RPs */ ipaddr /* Local address for replicating register messages to other RPs */ ) ) ) ) ), "inet6" ( /* IPv6 local RP properties */ c( "address" ( /* Local RP address */ ipv6addr /* Local RP address */ ), ("disable"), "priority" arg /* Router's priority for becoming an RP */, "hold-time" arg /* How long neighbor considers this router to be up, in seconds */, "group-ranges" arg /* Group address range for which this router can be an RP */, "override" /* Static RP mapping will take precedence over dynamic */, "anycast-pim" ( /* Attributes for IPv6 anycast PIM */ c( "rp-set" ( /* Rendezvous points belonging to anycast RP set */ c( "address" arg /* IPv6 address of one or more remote anycast RPs */ ) ), "local-address" ( /* Local address for replicating register messages to other RPs */ ipv6addr /* Local address for replicating register messages to other RPs */ ) ) ) ) ) ) ) ) ), "embedded-rp" ( /* Set embedded-RP mode (IPv6 only) */ c( "group-ranges" ( /* Group address range of RP */ pim_rp_group_range_type /* Group address range of RP */ ), "maximum-rps" arg /* Maximum number of embedded RPs */ ) ), "auto-rp" ( /* Set auto-RP mode (IPv4 only) */ c( ("discovery" | "announce" | "mapping"), "mapping-agent-election" /* Consider higher-addressed mapping agents as authoritative */, "no-mapping-agent-election" /* Don't consider higher-addressed mapping agents as authoritative */ ) ), "static" ( /* Configure static PIM RPs */ c( "address" arg ( /* RP address */ c( "version" arg /* PIM version of RP */, "group-ranges" ( /* Group address range of RP */ pim_rp_group_range_type /* Group address range of RP */ ), "override" /* Static RP mapping will take precedence over dynamic */ ) ) ) ), "bidirectional" ( /* Configure PIM bidirectional-mode RPs */ c( "address" arg ( /* RP address */ c( "priority" arg /* Router's priority for becoming an RP */, "hold-time" arg /* How long neighbor considers this router to be up */, "group-ranges" ( /* Group address range of RP */ pim_rp_group_range_type /* Group address range of RP */ ) ) ) ) ), "register-probe-time" arg /* Register probe time */ ) ), "passive" /* Configure PIM protocol in passive mode */, "interface" ("$junos-interface-name" | arg) ( /* PIM interface options */ c( "family" ( /* Local address family */ c( "any" ( /* Default properties for all families */ c( "disable" /* Disable all families */ ) ), "inet" ( /* IPv4 specific properties */ c( "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ) ) ), "mcae-mac-synchronize" /* Mclag mac synchronization */, ("disable") ) ), "inet6" ( /* IPv6 specific properties */ c( "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ) ) ), ("disable") ) ) ) ), ("disable"), "bidirectional" ( /* PIM bidirectional mode properties */ c( "df-election" ( /* Bidir designated forwarder properties */ c( "robustness-count" arg /* Election robustness count */, "offer-period" arg /* Election offer message period */, "backoff-period" arg /* Election backoff period */ ) ) ) ), "mode" ( /* Mode of interface */ ("dense" | "sparse" | "sparse-dense" | "bidirectional-sparse" | "bidirectional-sparse-dense") ), "priority" arg /* Hello option DR priority */, "stickydr" /* Make DR sticky */, "multiple-triggered-joins" ( /* Send multiple pim triggered joins in quick intervals */ c( "count" arg /* Set number of triggered joins to be sent */, "interval" arg /* Set interval between multiple triggered joins to be sent in milliseconds */ ) ), "version" arg /* Force PIM version */, "hello-interval" arg /* Hello interval */, "neighbor-policy" ( /* PIM neighbor policy applied to incoming hello messages */ policy_algebra /* PIM neighbor policy applied to incoming hello messages */ ), "accept-join-always-from" ( /* Accept pim join/prune messages based on the policy configured */ policy_algebra /* Accept pim join/prune messages based on the policy configured */ ), "accept-remote-source" /* Accept traffic from remote source */, "dual-dr" ( /* Configure PIM Dual DR */ c( "enhanced" /* Enable enhanced PIM Dual DR */ ) ), "distributed-dr" /* PIM Distributed DR */, "reset-tracking-bit" /* Clear tracking-bit in PIM Hello LAN Prune Delay Option */, "propagation-delay" arg /* Propagation delay value */, "override-interval" arg /* Override interval value */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection options (ipv4 only) */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ) ) ) ) ), "mdt" ( /* Configure multicast data tunnel parameters */ c( "threshold" ( /* Threshold for creation of multicast tunnels */ c( "group" arg ( /* IP prefix of multicast group */ c( "source" arg ( /* IP prefix of one or more multicast sources */ c( "rate" arg /* Data threshold to create new tunnel */ ) ) ) ) ) ), "data-mdt-reuse" /* Allow multiple customer streams to be transmitted over one data tunnel */, "tunnel-limit" arg /* Maximum multicast data tunnels */, "group-range" ( /* Group address range for multicast data tunnels */ ipprefix /* Group address range for multicast data tunnels */ ) ) ), "graceful-restart" ( /* Configure graceful restart attributes */ c( ("disable"), "restart-duration" arg /* Maximum time for graceful restart to finish (seconds) */, "no-bidirectional-mode" /* Disable PIM graceful restart for bidirectional mode */, "restart-complete-duration" arg /* Maximum time for graceful restart to complete (seconds) */ ) ), "join-load-balance" ( /* Configure PIM join load balancing */ c( "automatic" /* Enable automatic PIM join load balancing */ ) ), "standby-path-creation-delay" arg /* Amount of time to wait before creating standby path */, "idle-standby-path-switchover-delay" arg /* Amount of time to wait before switching over to idle standby path */, "dr-election-on-p2p" /* Enable DR election on Point-to-Point Interfaces */, "no-wildcard-register-stop" /* Disable sending of wildcard register stop message */, "nexthop-hold-time" arg /* Nexthop hold time in milliseconds */, "mpls-internet-multicast" /* Enable support for Internet Multicast over MPLS */, "join-make-before-break" ( /* Enable PIM Join Make-Before-Break during RPF neighbor change */ c( ("disable") ) ), "reset-tracking-bit" /* Clear tracking-bit in PIM Hello LAN Prune Delay Option */, "propagation-delay" arg /* Propagation delay value */, "override-interval" arg /* Override interval value */, "default-vpn-source" ( /* Let all VRFs use master loopback address for mt interfaces */ c( "interface-name" ( /* Master loopback interface name */ interface_unit /* Master loopback interface name */ ) ) ) ) end rule(:juniper_protocols_protection_group) do c( "ethernet-aps" ( /* Ethernet APS configuration */ juniper_protocols_protection_group_eaps /* Ethernet APS configuration */ ), "traceoptions" ( /* Tracing options for debugging protocol operation */ erp_trace_options /* Tracing options for debugging protocol operation */ ), "restore-interval" arg /* Wait to restore interval */, "guard-interval" arg /* Guard timer interval in 10ms steps */, "hold-interval" arg /* Hold off timer interval in 100ms steps */, "ethernet-ring" ( /* Ethernet ring */ juniper_protocols_protection_group_ethernet_ring /* Ethernet ring */ ) ) end rule(:erp_trace_options) do c( "flag" enum(("events" | "pdu" | "timers" | "state-machine" | "periodic-packet-management" | "config" | "normal" | "debug" | "all")) /* Tracing parameters */.as(:oneline), "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline) ) end rule(:juniper_protocols_protection_group_eaps) do c( juniper_protocols_protection_group_eaps_profile ) end rule(:juniper_protocols_protection_group_eaps_profile) do arg.as(:arg) ( c( "protocol" ( /* Protocol value */ ("ccm" | "G.8031") ), "revert-time" arg /* Reversion time in minutes, 0 would mean no reversion */, "hold-time" arg /* Hold time in seconds */, "local-request" ( /* Local APS request */ ("lockout") ) ) ) end rule(:juniper_protocols_protection_group_ethernet_ring) do arg.as(:arg) ( c( "node-id" ( /* Node ID of the protection group, by default bridge's MAC */ mac_unicast /* Node ID of the protection group, by default bridge's MAC */ ), "ring-protection-link-owner" /* Ring protection link owner flag, one ring should have only one node as a ring protection link owner */, "level" arg /* MPG Level value for R-APS PDU */, "restore-interval" arg /* Wait to restore interval */, "guard-interval" arg /* Guard timer interval in 10ms */, "hold-interval" arg /* Hold off timer interval in 100ms steps */, "non-revertive" /* Non-revertive mode of operation */, "wait-to-block-interval" arg /* Wait to block interval */, "major-ring-name" arg /* Name of major-ring to which this sub-ring node attached */, "propagate-tc" /* Enable Topology Change Propagation to major-ring from the sub-ring */, "compatibility-version" arg /* G.8032 compatibility version */, "ring-id" arg /* Ethernet Ring ID of protection group */, "non-vc-mode" /* Node is operating in non virtual channel mode */, "dot1p-priority" arg /* IEEE 802.1p priority of transmitted R-APS */, "east-interface" ( /* East interface configuration */ erp_interface /* East interface configuration */ ), "west-interface" ( /* West interface configuration */ erp_interface /* West interface configuration */ ), "control-vlan" arg /* Dedicated VLAN identifier - VLAN id or VLAN name */, "data-channel" ( /* Ring instance data channel */ erp_data_channel /* Ring instance data channel */ ) ) ) end rule(:erp_data_channel) do c( "vlan" arg /* VLAN ID or VLAN ID range [1..4094] */ ) end rule(:erp_interface) do c( "control-channel" ( /* Control channel of ring port */ c( "vlan" arg /* Dedicated VLAN identifier */, interface_name ) ), "ring-protection-link-end" /* Port is connecting to ring protection link */, "interface-none" /* Port is not used */ ) end rule(:juniper_protocols_rip) do c( "traceoptions" ( /* Trace options for RIP */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("auth" | "error" | "expiration" | "holddown" | "packets" | "request" | "trigger" | "update" | "nsr-synchronization" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */, "filter" ( /* Filter to apply to this flag */ rip_filter_obj /* Filter to apply to this flag */ ) ) ).as(:oneline) ) ), "rib-group" ( /* Routing table group for importing RIP routes */ rib_group_inet_type /* Routing table group for importing RIP routes */ ), "metric-in" arg /* Metric value to add to incoming routes */, "send" ( /* Configure RIP send options */ sc( c( "broadcast" /* Broadcast RIPv2 packets (RIPv1 compatible) */, "multicast" /* Multicast RIPv2 packets */, "none" /* Do not send RIP updates */, "version-1" /* Broadcast RIPv1 packets */ ) ) ).as(:oneline), "receive" ( /* Configure RIP receive options */ sc( c( "both" /* Accept both RIPv1 and RIPv2 packets */, "none" /* Do not receive RIP packets */, "version-1" /* Accept RIPv1 packets only */, "version-2" /* Accept only RIPv2 packets */ ) ) ).as(:oneline), "check-zero" /* Check reserved fields on incoming RIPv2 packets */, "no-check-zero" /* Don't check reserved fields on incoming RIPv2 packets */, "message-size" arg /* Number of route entries per update message */, "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "holddown" arg /* Hold-down time */, "route-timeout" arg /* Delay before routes time out */, "update-interval" arg /* Interval between regular route updates */, c( "authentication-type" ( ("none" | "simple" | "md5") ), "authentication-selective-md5" arg ( /* MD5 authentication with one or more keys */ sc( "key" ( /* MD5 authentication key value */ unreadable /* MD5 authentication key value */ ), "start-time" ( /* Start time for key transmission (YYYY-MM-DD.HH:MM) */ time /* Start time for key transmission (YYYY-MM-DD.HH:MM) */ ) ) ).as(:oneline) ), "authentication-key" ( /* Authentication key (password) */ unreadable /* Authentication key (password) */ ), "group" arg ( /* Instance configuration */ c( "route-timeout" arg /* Delay before routes time out */, "update-interval" arg /* Interval between regular route updates */, "preference" arg /* Preference of routes learned by this group */, "metric-out" arg /* Default metric of exported routes */, "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "demand-circuit" /* Enable demand circuit on this interface */, "max-retrans-time" arg /* Maximum time to re-transmit a message in demand-circuit */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ) ) ), "neighbor" arg ( /* Neighbor configuration */ c( "route-timeout" arg /* Delay before routes time out */, "update-interval" arg /* Interval between regular route updates */, "interface-type" ( /* Interface type for the neighbor */ ("p2mp") ), "dynamic-peers" /* Learn peers dynamically on a p2mp interface */, "peer" arg /* P2MP peer */.as(:oneline), "metric-in" arg /* Metric value to add to incoming routes */, "send" ( /* Configure RIP send options */ sc( c( "broadcast" /* Broadcast RIPv2 packets (RIPv1 compatible) */, "multicast" /* Multicast RIPv2 packets */, "none" /* Do not send RIP updates */, "version-1" /* Broadcast RIPv1 packets */ ) ) ).as(:oneline), "receive" ( /* Configure RIP receive options */ sc( c( "both" /* Accept both RIPv1 and RIPv2 packets */, "none" /* Do not receive RIP packets */, "version-1" /* Accept RIPv1 packets only */, "version-2" /* Accept only RIPv2 packets */ ) ) ).as(:oneline), "demand-circuit" /* Enable demand circuit on this interface */, "max-retrans-time" arg /* Maximum time to re-transmit a msg in demand-circuit */, "check-zero" /* Check reserved fields on incoming RIPv1 packets */, "no-check-zero" /* Don't check reserved fields on incoming RIPv1 packets */, "any-sender" /* Disable strict checks on sender address */, "message-size" arg /* Number of route entries per update message */, "import" ( /* Import policy */ policy_algebra /* Import policy */ ), c( "authentication-type" ( ("none" | "simple" | "md5") ), "authentication-selective-md5" arg ( /* MD5 authentication with one or more keys */ sc( "key" ( /* MD5 authentication key value */ unreadable /* MD5 authentication key value */ ), "start-time" ( /* Start time for key transmission (YYYY-MM-DD.HH:MM) */ time /* Start time for key transmission (YYYY-MM-DD.HH:MM) */ ) ) ).as(:oneline) ), "authentication-key" ( /* Authentication key (password) */ unreadable /* Authentication key (password) */ ), "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ) ) ) ) ) ) ), "graceful-restart" ( /* RIP graceful restart options */ c( ("disable"), "restart-time" arg /* Time after which RIP is declared out of restart */ ) ) ) end rule(:juniper_protocols_ripng) do c( "traceoptions" ( /* Trace options for RIPng */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("error" | "expiration" | "holddown" | "packets" | "request" | "trigger" | "update" | "nsr-synchronization" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "metric-in" arg /* Metric value to add to incoming routes */, "send" ( /* Configure RIPng send options */ sc( c( "none" /* Do not send RIPng updates */ ) ) ).as(:oneline), "receive" ( /* Configure RIPng receive options */ sc( c( "none" /* Do not receive RIPng packets */ ) ) ).as(:oneline), "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "holddown" arg /* Hold-down time */, "route-timeout" arg /* Delay before routes time out */, "update-interval" arg /* Interval between regular route updates */, "group" arg ( /* Instance configuration */ c( "route-timeout" arg /* Delay before routes time out */, "update-interval" arg /* Interval between regular route updates */, "preference" arg /* Preference of routes learned by this group */, "metric-out" arg /* Default metric of exported routes */, "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "neighbor" arg ( /* Neighbor configuration */ c( "route-timeout" arg /* Delay before routes time out */, "update-interval" arg /* Interval between regular route updates */, "metric-in" arg /* Metric value to add to incoming routes */, "send" ( /* Configure RIPng send options */ sc( c( "none" /* Do not send RIPng updates */ ) ) ).as(:oneline), "receive" ( /* Configure RIPng receive options */ sc( c( "none" /* Do not receive RIPng packets */ ) ) ).as(:oneline), "import" ( /* Import policy */ policy_algebra /* Import policy */ ) ) ) ) ), "graceful-restart" ( /* RIPng graceful restart options */ c( ("disable"), "restart-time" arg /* Time after which RIPng is declared out of restart */ ) ) ) end rule(:juniper_protocols_router_discovery) do c( ("disable"), "traceoptions" ( /* Trace options for router discovery */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) /* Tracing parameters */.as(:oneline) ) ), "interface" arg ( /* Interfaces on which to configure router discovery */ c( "max-advertisement-interval" arg /* Maximum time before sending advertisements */, "min-advertisement-interval" arg /* Minimum time before sending advertisements */, "lifetime" arg /* How long addresses in advertisements are valid */ ) ), "address" arg ( /* IP addresses to include in advertisements */ c( "advertise" /* Advertise the IP address in advertisements */, "ignore" /* Do not advertise the IP address in advertisements */, "broadcast" /* Include IP address only in broadcast advertisements */, "multicast" /* Include IP address only in multicast advertisements */, "ineligible" /* IP address can never become a default router */, "priority" arg /* Preference of the address to become a default router */ ) ) ) end rule(:juniper_protocols_rsvp) do c( ("disable"), "graceful-restart" ( /* Configure graceful restart attributes */ c( ("disable"), "helper-disable" /* Disable graceful restart helper capability */, "maximum-helper-restart-time" arg /* Maximum wait time from down event to neighbor dead */, "maximum-helper-recovery-time" arg /* Maximum time restarting neighbor states are kept */ ) ), "tunnel-services" ( /* Use tunnel services for P2MP LSP ultimate-hop popping */ c( "devices" ( /* Tunnel services devices to use for P2MP LSPs */ interface_device /* Tunnel services devices to use for P2MP LSPs */ ) ) ), "no-p2mp-sublsp" /* Disable P2MP sub-LSP object generation */, "no-node-id-subobject" /* Do not include the node-id sub-object in the RRO */, "no-interface-hello" /* Disble interface Hellos on all RSVP interfaces */, "pop-and-forward" ( /* RSVP pop-and-forward specific global parameters */ c( "application-label" ( /* Number of application labels under the RSVP transport */ c( "depth" arg /* Application label depth */ ) ) ) ), "hello-acknowledgements" /* Acknowledge Hellos on RSVP interfaces not having sessions */, "no-hello-acknowledgements" /* Do not ack Hellos on RSVP interfaces not having sessions */, "node-hello" ( /* Enable node-ID based Hellos on all RSVP interfaces */ sc( "hello-interval" arg /* Hello interval */ ) ).as(:oneline), "no-node-hello" /* Disable node-ID based Hellos on the router */, "allow-bidirectional" /* Enable bidirectional support in RSVP */, "local-reversion" /* Enable local reversion at this Point of Local Repair */, "no-local-reversion" /* Disable local reversion at this Point of Local Repair */, "rfc6510-lsp-attributes" /* Use RFC6510 compliant LSP_ATTRIBUTES */, "fast-reroute" ( /* One-to-one fast-reroute protection mechanism */ c( "optimize-timer" arg /* Frequency of reoptimization for fast-reroute detour */ ) ), "load-balance" ( /* Per-packet load-balancing algorithm */ c( "bandwidth" /* Per-packet load balancing proportional to LSP bandwidth */ ) ), "traceoptions" ( /* Trace options for RSVP */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("io-event" | "io-packets" | "packets" | "path" | "resv" | "pathtear" | "resvtear" | "state" | "error" | "route" | "lmp" | "event" | "nsr-synchronization" | "lsp-prefix" | "enhanced-frr" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "refresh-time" arg /* Refresh time in seconds */, "keep-multiplier" arg /* Keep multiplier */, "graceful-deletion-timeout" arg /* Time to complete graceful deletion signaling */, "setup-protection" /* Enable setup protection */, "no-p2mp-re-merge" /* Enable p2mp remerge */, "cross-credibility-cspf" /* Compute CSPF paths spanning protocols for bypass LSP, detour LSP and loose hop expansion */, "preemption" ( /* Set RSVP session preemption attributes */ c( c( "disabled" /* No RSVP session preemption */, "normal" /* Run RSVP session preemption to accommodate new sessions */, "aggressive" /* Run RSVP session preemption whenever necessary */ ), "soft-preemption" ( /* Options for establishing new path before tearing down a preempted LSP */ c( "cleanup-timer" arg /* Time a soft-preempted LSP will be maintained */ ) ) ) ), "authentication-key" ( /* Authentication password */ unreadable /* Authentication password */ ), "no-authentication-check" /* Skip authentication check for received messages */, "associated-bidirectional-lsp" ( /* Set associated bidirectional LSP attributes */ c( "single-sided-provisioning" /* Enable unidirectional reverse LSP setup for single sided provisioned forward LSP */ ) ), "no-enhanced-frr-bypass" /* Disable enhanced facility backup FRR */, "expand-flood-reflector-hop" /* Control expansion of flood reflector ERO strict hops */.as(:oneline), "interface" arg ( /* RSVP interface options */ c( ("disable"), "authentication-key" ( /* Authentication password */ unreadable /* Authentication password */ ), "aggregate" /* Permit refresh reduction extensions on the interface */, "no-aggregate" /* Don't permit refresh reduction extensions on the interface */, "reliable" /* Permit reliable message delivery on the interface */, "no-reliable" /* Don't permit reliable message delivery on the interface */, "hello-interval" arg /* Hello interval */, "subscription" ( /* Link bandwidth percentage for RSVP reservation */ subscription_type /* Link bandwidth percentage for RSVP reservation */ ), "bandwidth" arg /* Available bandwidth for the interface units bps */, "update-threshold" ( /* Change in reserved bandwidth to trigger IGP update */ c( arg, "threshold-value" arg /* Change in reserved bandwidth to trigger IGP update (will be capped at 20% of link BW) */ ) ), "update-threshold-max-reservable" ( /* Change in non-rsvp bandwidth to trigger IGP update */ c( arg /* Change in non-rsvp bandwidth to trigger IGP update units bps */, "percent" arg /* Percentage change in max-reservable bandwidth to trigger IGP update */ ) ), "non-rsvp-bandwdith" ( /* Config knobs relating to non-rsvp bandwidth */ c( "local-bw-override-threshold" /* Overide threshold and update local bandwidth with non-rsvp bandwidth usage */ ) ), "link-protection" ( /* Protect traffic with a label-stacked LSP */ c( ("disable"), "bandwidth" ( /* Bandwidth for each bypass */ bandwidth_type /* Bandwidth for each bypass */ ), "max-bypasses" arg /* Max number of bypasses permitted for protecting this interface */, "subscription" arg /* Percent of bandwidth guaranteed when admitting protected LSPs into bypasses */, "no-node-protection" /* Disallow node protection on this interface */, "optimize-timer" arg /* Interval between bypass reoptimizations */, "class-of-service" arg /* Class of service for the bypass LSP */, "hop-limit" arg /* Maximum allowed router hops for bypass */, "no-cspf" /* Disable automatic path computation */, "exclude-srlg" /* Exclude SRLG links */, "priority" ( /* Preemption priorities for the bypass LSP */ c( arg, arg ) ), "path" arg ( /* Explicit route of bypass path */ sc( c( "loose" /* Next hop might not be adjacent */, "strict" /* Next hop must be adjacent */ ) ) ).as(:oneline), "admin-group" ( /* Administrative group policy */ admin_group_include_exclude /* Administrative group policy */ ), "bypass" arg ( /* Bypass with specific constraints */ c( "to" ( /* Address of egress router */ ipv4addr /* Address of egress router */ ), "bandwidth" ( /* Bandwidth for each bypass */ bandwidth_type /* Bandwidth for each bypass */ ), "subscription" ( /* Bandwidth percent available on bypass for protected LSPs */ bypass_subscription_type /* Bandwidth percent available on bypass for protected LSPs */ ), "description" arg /* Text description of bypass */, "priority" ( /* Preemption priorities for bypass */ c( arg, arg ) ), "class-of-service" arg /* Class of service for the bypass LSP */, "hop-limit" arg /* Maximum allowed router hops for bypass */, "no-cspf" /* Disable automatic path computation */, "exclude-srlg" /* Exclude SRLG links */, "path" arg ( /* Explicit route of bypass path */ sc( c( "loose" /* Next hop might not be adjacent */, "strict" /* Next hop must be adjacent */ ) ) ).as(:oneline), "admin-group" ( /* Administrative group policy */ admin_group_include_exclude /* Administrative group policy */ ) ) ) ) ) ) ), "peer-interface" arg ( /* Configuration for peer interface */ c( ("disable"), "authentication-key" ( /* Authentication password */ unreadable /* Authentication password */ ), "aggregate" /* Permit refresh reduction extensions on the interface */, "no-aggregate" /* Don't permit refresh reduction extensions on the interface */, "reliable" /* Permit reliable message delivery on the interface */, "no-reliable" /* Don't permit reliable message delivery on the interface */, "hello-interval" arg /* Hello interval */, "dynamic-bidirectional-transport" ( /* Enable dynamic setup of bidirectional packet LSP for transporting non-packet GMPLS LSP */ c( "template" arg /* Template for the dynamic bidirectional packet LSP */ ) ) ) ), "lsp-set" arg ( /* Configuration for lsp set */ c( ("disable"), "match-criteria" ( /* Match criteria for this lsp set */ lsp_set_match_type /* Match criteria for this lsp set */ ), "traceoptions" ( /* Trace options for this lsp set */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("io-event" | "io-packets" | "packets" | "path" | "resv" | "pathtear" | "resvtear" | "state" | "error" | "route" | "lmp" | "event" | "nsr-synchronization" | "lsp-prefix" | "enhanced-frr" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ) ) ) ) end rule(:bypass_subscription_type) do c( arg /* Subscription percentage for bandwidth protection */ ) end rule(:juniper_protocols_stp) do c( ("disable"), "bpdu-destination-mac-address" ( /* Destination MAC address in the spanning tree BPDUs */ ("provider-bridge-group") ), "bridge-priority" arg /* Priority of the bridge (in increments of 4k - 0,4k,8k,..60k) */, "backup-bridge-priority" arg /* Priority of the bridge (in increments of 4k - 4k,8k,..60k) */, "max-age" arg /* Maximum age of received protocol bpdu */, "hello-time" arg /* Time interval between configuration BPDUs */, "forward-delay" arg /* Time spent in listening or learning state */, "system-identifier" ( /* Sytem identifier to represent this node */ mac_unicast /* Sytem identifier to represent this node */ ), "traceoptions" ( /* Tracing options for debugging protocol operation */ stp_trace_options /* Tracing options for debugging protocol operation */ ), "vpls-flush-on-topology-change" /* Enable VPLS MAC flush on root protected CE interface receving topology change */, "priority-hold-time" arg /* Hold time before switching to primary priority when core domain becomes up */, "system-id" ( /* System ID to IP mapping */ system_id_ip_map /* System ID to IP mapping */ ), "interface" ( /* Interface options */ stp_interface /* Interface options */ ), "extended-system-id" arg /* Extended system identifier */, "force-version" ( /* Force protocol version */ ("stp") ), "bpdu-block-on-edge" /* Block BPDU on all interfaces configured as edge (BPDU Protect) */ ) end rule(:juniper_protocols_vgd) do c( "traceoptions" ( /* OVSDB trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ), "microsecond-stamp" /* Timestamp with microsecond granularity */ ) ).as(:oneline), "flag" enum(("interface" | "configuration" | "core" | "l2-client" | "ovs-client" | "function" | "netconf-client" | "all")) /* Tracing flag parameters */.as(:oneline) ) ), "interfaces" arg /* Interfaces configured to be controlled by OVSDB */, "controller" arg ( /* Controller's IP address and port */ c( "protocol" ( /* Protocol type for controller connection */ c( "tcp" ( /* Set protocol type to 'TCP' */ c( "port" arg /* Controller's port number */ ) ), "ssl" ( /* Set protocol type to 'SSL' (default) */ c( "port" arg /* Controller's port number */ ) ) ) ), "maximum-backoff-duration" arg /* Maximum duration to wait between connection attempts */, "inactivity-probe-duration" arg /* Maximum idle duration before sending inactivity probe */ ) ), "copy-ovsdatabase-to-backup-ram" /* Copying the OVSDatabase to backup RE RAM storage. */ ) end rule(:juniper_protocols_vni_options) do c( "vni" arg ( /* Per-vni options */ c( "vrf-target" ( /* VRF target community configuration */ c( "export" arg /* Target community to use when marking routes on export */, arg /* Target community */ ) ) ) ) ) end rule(:juniper_protocols_vstp) do c( ("disable"), "force-version" ( /* Force protocol version */ ("stp") ), "bpdu-block-on-edge" /* Block BPDU on all interfaces configured as edge (BPDU Protect) */, "vpls-flush-on-topology-change" /* Enable VPLS MAC flush on root protected CE interface receving topology change */, "priority-hold-time" arg /* Hold time before switching to primary priority when core domain becomes up */, "system-id" ( /* System ID to IP mapping */ system_id_ip_map /* System ID to IP mapping */ ), "interface" ( /* Interface options */ stp_interface /* Interface options */ ), "vlan" (arg | "all") ( /* VLAN spanning tree options */ c( "bridge-priority" arg /* Priority of the bridge (in increments of 4k - 0,4k,8k,..60k) */, "backup-bridge-priority" arg /* Priority of the bridge (in increments of 4k - 4k,8k,..60k) */, "max-age" arg /* Maximum age of received protocol bpdu */, "hello-time" arg /* Time interval between configuration BPDUs */, "forward-delay" arg /* Time spent in listening or learning state */, "system-identifier" ( /* Sytem identifier to represent this node */ mac_unicast /* Sytem identifier to represent this node */ ), "traceoptions" ( /* Tracing options for debugging protocol operation */ stp_trace_options /* Tracing options for debugging protocol operation */ ), "interface" ( /* Interface options */ stp_interface /* Interface options */ ) ) ), "vlan-group" ( /* Spanning tree options for group of VLANs */ c( "group" arg ( /* Name if VLAN group */ c( "vlan" arg /* VLAN ID or VLAN ID range [1..4094] */, "bridge-priority" arg /* Priority of the bridge (in increments of 4k - 0,4k,8k,..60k) */, "backup-bridge-priority" arg /* Priority of the bridge (in increments of 4k - 4k,8k,..60k) */, "max-age" arg /* Maximum age of received protocol bpdu */, "hello-time" arg /* Time interval between configuration BPDUs */, "forward-delay" arg /* Time spent in listening or learning state */, "system-identifier" ( /* Sytem identifier to represent this node */ mac_unicast /* Sytem identifier to represent this node */ ), "traceoptions" ( /* Tracing options for debugging protocol operation */ stp_trace_options /* Tracing options for debugging protocol operation */ ), "interface" ( /* Interface options */ stp_interface /* Interface options */ ) ) ) ) ) ) end rule(:juniper_radius) do c( "traceoptions" ( /* Trace options related to RADIUS servers */ radius_traceoptions /* Trace options related to RADIUS servers */ ), "servers" ( /* RADIUS server configuration */ juniper_radius_server /* RADIUS server configuration */ ), "clients" ( /* RADIUS client configuration */ juniper_radius_client /* RADIUS client configuration */ ), "network-elements" ( /* Network element configuration */ juniper_radius_network_element /* Network element configuration */ ), "network-element-groups" ( /* Network element group configuration */ juniper_radius_network_element_group /* Network element group configuration */ ), "snoop-segments" ( /* Radius snooping segments */ juniper_radius_snoop_segment /* Radius snooping segments */ ) ) end rule(:juniper_radius_client) do arg.as(:arg) ( c( "address" ( /* RADIUS client ipv4address/prefix */ ipv4prefix /* RADIUS client ipv4address/prefix */ ), "source-interface" ( /* Source interface in which RADIUS packets will be rcvd */ sc( interface_name /* Interface name */, "ipv4-address" ( /* Source IPv4 address to be used */ ipv4addr /* Source IPv4 address to be used */ ) ) ).as(:oneline), "prefer-framed-ip-address" /* Prefer framed-ip-address/framed-netmask attributes over framed-route attribute */, "prefer-framed-ipv6-prefix" /* Prefer framed-ipv6-prefix attrbiute over delegated-ipv6-prefix attribute */, "accounting" ( /* Accounting parameters */ c( "secret" arg /* Shared secret with RADIUS client for accounting */, "response-cache-timeout" arg /* Accounting response Cache timeout period */, "port" arg /* Radius clients accounting server port number */ ) ) ) ) end rule(:juniper_radius_network_element) do arg.as(:arg) ( c( "server" arg ( /* RADIUS server and its priority */ sc( "priority" arg /* Server priority */ ) ).as(:oneline), "maximum-pending-reqs-limit" arg /* Maximum number of pending requests queued to the network-element */, "pending-queue-watermark" arg /* Watermark in percentage at which flow-control for pending queue of this network-element is turned on */, "pending-queue-watermark-abate" arg /* Watermark in percentage at which flow-control for pending queue of this network-element is turned off */ ) ) end rule(:juniper_radius_network_element_group) do arg.as(:arg) ( c( "network-element" arg ( /* Specify the network-elements in this group */ sc( "mandatory" /* This network-element must respond to the request */ ) ).as(:oneline), "broadcast" /* Send the request to all network-elements in the group */ ) ) end rule(:juniper_radius_server) do arg.as(:arg) ( c( "address" ( /* RADIUS server address */ ipv4addr /* RADIUS server address */ ), "port" arg /* RADIUS server authentication port number */, "preauthentication-port" arg /* RADIUS server preauthentication port number */, "accounting-port" arg /* RADIUS server accounting port number */, "dynamic-request-port" arg /* RADIUS client dynamic request port number */, "secret" arg /* Shared secret with RADIUS server */, "accounting-secret" arg /* Shared secret with RADIUS server for accounting */, "allow-dynamic-requests" /* Allows dynamic-requests to be received from the radius server */, "dynamic-request-secret" arg /* Shared secret with RADIUS client for dynamic-requests */, "timeout" arg /* Request timeout period */, "retry" arg /* Retry attempts */, "dead-criteria" ( /* Dead server detection criteria */ sc( "retries" arg /* Number of retransmits before marking the server dead */, "interval" arg /* Interval during which the number of retries are tracked */, "revert-interval" arg /* Rervert-interval period */ ) ).as(:oneline), "source-interface" ( /* Source interface from which RADIUS packets will be sent */ sc( interface_name /* Interface name */, "ipv4-address" ( /* Source IPv4 address to be used */ ipv4addr /* Source IPv4 address to be used */ ) ) ).as(:oneline) ) ) end rule(:juniper_radius_snoop_segment) do arg.as(:arg) ( c( "destination-ip-address" ( /* Destination address of snoop segment */ ipv4addr /* Destination address of snoop segment */ ), "source-ip-address" ( /* Source address of snoop segment */ ipv4addr /* Source address of snoop segment */ ), "destination-port" arg /* Destination port of snoop segment */, "shared-secret" arg /* Shared secret between source and destination of snoop segment */, "source-interface" ( /* Source interface on which packets have to be snooped */ sc( interface_name /* Interface name */ ) ).as(:oneline), "request-cache-timeout" arg /* Time duration to cache request */ ) ) end rule(:juniper_routing_instance) do arg.as(:arg) ( c( "instance-type" ( /* Type of routing instance */ ("virtual-switch" | "layer2-control" | "mac-vrf" | "forwarding" | "no-forwarding" | "l2vpn" | "vpls" | "virtual-router" | "l2backhaul-vpn" | "mpls-internet-multicast" | "evpn" | "mpls-forwarding" | "evpn-vpws" | "vrf") ), "l2vpn-id" ( /* Layer-2 vpn-id for this instance */ c( arg /* L2VPN ID community for FEC129 VPLS/VPWS with BGP auto-discovery */ ) ), "routing-options" ( /* Protocol-independent routing option configuration */ juniper_routing_options /* Protocol-independent routing option configuration */ ), "egress-protection" ( /* Egress instance protection */ c( "protector" /* Enable Edge Protector functionality for this VPN */, "context-identifier" ( /* Context identifier */ c( ipv4addr /* IP address */ ) ) ) ), "protocols" ( /* Routing protocol configuration */ c( "bfd" ( juniper_ri_protocols_bfd ), "igmp-snooping" ( /* IGMP snooping configuration */ juniper_ri_protocols_igmp_snooping /* IGMP snooping configuration */ ), "mld-snooping" ( /* MLD snooping configuration */ juniper_ri_protocols_mld_snooping /* MLD snooping configuration */ ), "amt" ( /* AMT relay configuration */ juniper_protocols_amt /* AMT relay configuration */ ), "bgp" ( /* BGP options */ juniper_protocols_bgp /* BGP options */ ), "esis" ( /* ES-IS configuration */ juniper_protocols_esis /* ES-IS configuration */ ), "evpn" ( /* EVPN configuration */ juniper_protocols_l2vpn /* EVPN configuration */ ), "router-discovery" ( /* ICMP router discovery options */ juniper_protocols_router_discovery /* ICMP router discovery options */ ), "isis" ( /* IS-IS configuration */ juniper_protocols_isis /* IS-IS configuration */ ), "l2vpn" ( /* Layer 2 VPN configuration */ juniper_protocols_l2vpn /* Layer 2 VPN configuration */ ), "vpls" ( /* VPLS configuration */ juniper_protocols_l2vpn /* VPLS configuration */ ), "ldp" ( /* LDP configuration */ juniper_protocols_ldp /* LDP configuration */ ), "mpls" ( /* MPLS configuration */ juniper_protocols_mpls /* MPLS configuration */ ), "msdp" ( /* MSDP configuration */ juniper_protocols_msdp /* MSDP configuration */ ), "mvpn" ( /* BGP-MVPN configuration */ juniper_protocols_mvpn /* BGP-MVPN configuration */ ), "ospf" ( /* OSPF configuration */ juniper_protocols_ospf /* OSPF configuration */ ), "ospf3" ( /* OSPF3 configuration */ juniper_protocols_ospf3 /* OSPF3 configuration */ ), "pim" ( /* PIM configuration */ juniper_protocols_pim /* PIM configuration */ ), "ripng" ( /* RIPng options */ juniper_protocols_ripng /* RIPng options */ ), "rip" ( /* RIP options */ juniper_protocols_rip /* RIP options */ ), "rsvp" ( /* RSVP configuration */ juniper_protocols_rsvp /* RSVP configuration */ ), "pim-snooping" ( /* PIM snooping configuration */ juniper_protocols_pim_snooping /* PIM snooping configuration */ ), "rstp" ( /* RSTP configuration */ juniper_protocols_stp /* RSTP configuration */ ), "mstp" ( /* MSTP configuration */ juniper_protocols_mstp /* MSTP configuration */ ), "vstp" ( /* VSTP configuration */ juniper_protocols_vstp /* VSTP configuration */ ), "mvrp" ( /* MVRP configuration */ juniper_protocols_mvrp /* MVRP configuration */ ) ) ), "description" arg /* Text description of routing instance */, "vlan-model" ( /* Subscriber vlan-model in L2Wholesale framework */ ("one-to-one") ), "vtep-source-interface" ( /* Source layer-3 IFL for VXLAN */ sc( interface_name, c( "inet" /* IPv4 source */, "inet6" /* IPv6 source */ ) ) ).as(:oneline), "vtep-remote-interface" ( /* Remote VTEP interface */ c( "remote-ip" arg ( /* Remote VTEP IP address */ c( "dynamic-profile" arg /* Define associate dynamic profile */ ) ), "default" ( /* To all remote vtep interface */ c( "dynamic-profile" arg /* Define associate dynamic profile */ ) ) ) ), "remote-vtep-list" ( /* Configure static remote VXLAN tunnel endpoints */ ipaddr /* Configure static remote VXLAN tunnel endpoints */ ), "remote-vtep-v6-list" ( /* Configurate static ipv6 remote VXLAN tunnel endpoints */ ipv6addr /* Configurate static ipv6 remote VXLAN tunnel endpoints */ ), "instance-role" ( /* Primary role of L2Backhaul-vpn router */ ("access" | "nni") ), c( "vlan-id" ( /* IEEE 802.1q VLAN identifier for bridging domain */ ("all" | "none" | "inner-all" | arg) ), "vlan-tags" ( /* IEEE 802.1q VLAN tags for bridging domain */ sc( "outer" arg /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */, "inner" arg /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */ ) ).as(:oneline) ), "system" ( /* System parameters */ c( "services" ( /* System services */ c( "dhcp-local-server" ( /* Dynamic Host Configuration Protocol server configuration */ jdhcp_local_server_type /* Dynamic Host Configuration Protocol server configuration */ ), "dhcp-proxy-client" ( /* Dynamic Host Configuration Protocol Proxy client configuration */ jdhcp_proxy_client_type /* Dynamic Host Configuration Protocol Proxy client configuration */ ), "static-subscribers" ( /* Static Subscriber Client configuration */ jsscd_static_subscribers_type /* Static Subscriber Client configuration */ ), "remote-device-management" ( /* Remote device management configuration */ c( "service-device" ( /* Service device configuraiton */ service_device_object /* Service device configuraiton */ ) ) ), "tcp-forwarding" ( /* TCP forwarding configuration */ c( "listening-port" ( /* TCP listener configuration */ s( arg, "listening-address" arg /* Listening address */, c( "forwarding-address" ( /* Forwarding address */ ipv4addr /* Forwarding address */ ), "forwarding-port" arg /* Forwarding port */, "max-connections" arg /* Maxmimum allowed connections */, "allowed-source" arg /* Allowed source prefix */ ) ) ) ) ) ) ) ) ), "access" ( /* Network access configuration */ c( "address-assignment" ( /* Address assignment configuration */ address_assignment_type /* Address assignment configuration */ ), "address-protection" ( /* Initiate Duplicate Address Protection */ c( "reassign-on-match" /* Disconnect owning session and reassign to this session */ ) ) ) ), "access-profile" ( /* Access profile for this instance */ sc( arg /* Profile name */ ) ).as(:oneline), "routing-interface" ( /* Routing interface name for this routing-instance */ interface_unit /* Routing interface name for this routing-instance */ ), "vxlan" ( /* VXLAN options */ c( "ovsdb-managed" /* Managed remotely via VXLAN OVSDB Controller */, "vni" arg /* VXLAN identifier */, "translation-vni" arg /* Translated VXLAN identifier */, "multicast-group" ( /* Multicast group registered for VXLAN segment */ ipv4addr /* Multicast group registered for VXLAN segment */ ), "multicast-v6-group" ( /* Multicast IPv6 group registered for VXLAN segment */ ipv6addr /* Multicast IPv6 group registered for VXLAN segment */ ), "encapsulate-inner-vlan" /* Retain inner VLAN in the packet */, "decapsulate-accept-inner-vlan" /* Accept VXLAN packets with inner VLAN */, "unreachable-vtep-aging-timer" arg /* Unreachable VXLAN tunnel endpoint removal timer */, "ingress-node-replication" /* Enable ingress node replication */ ) ), "l3-interface" ( /* L3 interface name for this routing-instance */ interface_unit /* L3 interface name for this routing-instance */ ), "no-local-switching" /* Disable local switching within CE-facing interfaces */, "no-normalization" /* Disable vlan id normalization for interfaces */, "qualified-bum-pruning-mode" /* Enable BUM pruning for VPLS instance */, "no-irb-layer-2-copy" /* Disable transmission of layer-2 copy of packets of irb routing-interface */, "connector-id-advertise" /* Advertise connector-id attribute */, "forwarding-options" ( /* Forwarding options configuration */ juniper_forwarding_options /* Forwarding options configuration */ ), "bridge-domains" ( /* Bridge domain configuration */ c( juniper_bridge_domains ) ), "switch-options" ( /* L2 options for routing-instance of type virtual-switch */ juniper_routing_instance_switch_options /* L2 options for routing-instance of type virtual-switch */ ), "pbb-options" ( /* Provider backbone bridging options for routing-instance */ juniper_routing_instance_pbb_options /* Provider backbone bridging options for routing-instance */ ), "service-groups" ( /* Service group configuration for routing-instance */ juniper_routing_instance_service_groups /* Service group configuration for routing-instance */ ), "layer3-domain-identifier" arg /* Layer3 domain identifier */, "l2-domain-id-for-l3" arg /* Layer2 domain identifier for L3 */, "forwarding-instance" ( /* Forwarding instance parameters for a mac-vrf instance */ sc( "identifier" arg /* Forwarding instance identifier */ ) ).as(:oneline), "service-type" ( /* Sevice type */ ("vlan-based" | "vlan-bundle" | "vlan-aware") ), "interface" ("$junos-interface-name" | arg) ( /* Interface name for this routing instance */ c( c( "any" /* Interface used for both unicast and multicast traffic */, "unicast" /* Interface used for unicast traffic only */, "multicast" /* Interface used for multicast traffic only */ ), "primary" /* Preferred multicast vt interface for the routing-instance */, "protect-interface" ( /* Name of protect interface */ interface_name /* Name of protect interface */ ) ) ), "route-distinguisher" ( /* Route distinguisher for this instance */ sc( arg /* Number in (16 bit:32 bit) or (32 bit 'L':16 bit) or (IP address:16 bit) format */ ) ).as(:oneline), "vrf-import" ( /* Import policy for VRF instance RIBs */ policy_algebra /* Import policy for VRF instance RIBs */ ), "vrf-export" ( /* Export policy for VRF instance RIBs */ policy_algebra /* Export policy for VRF instance RIBs */ ), "vrf-target" ( /* VRF target community configuration */ c( arg /* Target community to use in import and export */, "import" arg /* Target community to use when filtering on import */, "export" arg /* Target community to use when marking routes on export */, "auto" /* Auto derive import and export target community from BGP AS & L2 */ ) ), "no-vrf-advertise" /* Don't advertise this instance to remote PEs */, "non-forwarding-vrf" /* Don't create VRF forwarding table for local or transit routes belonging to this VPN */, "vrf-advertise-selective" ( /* Override no-vrf-advertise knob for the specified address family */ c( "family" ( /* Protocol family to be selectively advertised */ c( "inet-mvpn" /* IPv4 MVPN Address Family */, "inet6-mvpn" /* IPv6 MVPN Address Family */ ) ) ) ), "vrf-table-label" ( /* Advertise a single VPN label for all routes in the VRF */ sc( "static" arg /* Specify label value to be used */, "source-class-usage" /* Enable source class usage */ ) ).as(:oneline), c( "no-vrf-propagate-ttl" /* Disable TTL propagation from IP to MPLS (on push) and MPLS to IP (on pop) */, "vrf-propagate-ttl" /* Enable TTL propagation from IP to MPLS (on push) and MPLS to IP (on pop) */ ), "provider-tunnel" ( /* Provider tunnel configuration */ c( "external-controller" ( /* External point-to-multipoint LSP provider for flooding */ c( c( "pccd" /* Use PCCD for external point-to-multipoint LSP computation entity */ ) ) ), c( "rsvp-te" ( /* RSVP-TE point-to-multipoint LSP for flooding */ c( c( "static-lsp" arg /* Name of point-to-multipoint LSP */, "label-switched-path-template" ( /* Template for dynamic point-to-multipoint LSP parameters */ c( c( arg /* Name of point-to-multipoint LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ), "ldp-p2mp" /* LDP point-to-multipoint LSP for flooding */, "ingress-replication" ( /* Ingress replication tunnel */ c( "create-new-ucast-tunnel" /* Create new unicast tunnel for ingress replication */, "label-switched-path" ( /* Point-to-point LSP unicast tunnel */ c( "label-switched-path-template" ( /* Template for dynamic point-to-point LSP parameters */ c( c( arg /* Name of point-to-point LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ) ), "pim-asm" ( /* PIM-SM provider tunnel */ c( "group-address" ( /* PIM-SM provider tunnel group address */ ipv4addr /* PIM-SM provider tunnel group address */ ), "family" ( /* PIM-SM provider tunnel address family */ c( "inet" ( /* IPv4 PIM-SM provider tunnel */ c( "group-address" ( /* PIM-SM provider tunnel group address for IPV4 */ ipv4addr /* PIM-SM provider tunnel group address for IPV4 */ ), "tunnel-source" ( /* Source address for the provider space mGRE tunnel */ ipv4addr /* Source address for the provider space mGRE tunnel */ ) ) ), "inet6" ( /* IPv6 PIM-SM provider tunnel */ c( "group-address" ( /* PIM-SM provider tunnel group address for IPV6 */ ipv4addr /* PIM-SM provider tunnel group address for IPV6 */ ), "tunnel-source" ( /* Source address for the provider space mGRE tunnel */ ipv4addr /* Source address for the provider space mGRE tunnel */ ) ) ) ) ) ) ), "pim-ssm" ( /* PIM-SSM provider tunnel */ c( "group-address" ( /* PIM-SSM provider tunnel group address */ ipv4addr /* PIM-SSM provider tunnel group address */ ), "family" ( /* PIM-SSM provider tunnel address family */ c( "inet" ( /* IPv4 PIM-SSM provider tunnel */ c( "group-address" ( /* PIM-SSM provider tunnel group address for IPV4 */ ipv4addr /* PIM-SSM provider tunnel group address for IPV4 */ ), "tunnel-source" ( /* Source address for the provider space mGRE tunnel */ ipv4addr /* Source address for the provider space mGRE tunnel */ ) ) ), "inet6" ( /* IPv6 PIM-SSM provider tunnel */ c( "group-address" ( /* PIM-SSM provider tunnel group address for IPV6 */ ipv4addr /* PIM-SSM provider tunnel group address for IPV6 */ ), "tunnel-source" ( /* Source address for the provider space mGRE tunnel */ ipv4addr /* Source address for the provider space mGRE tunnel */ ) ) ) ) ) ) ) ), "inter-as" ( /* Inter-AS segmented tunnels */ c( c( "ingress-replication" ( /* Ingress replication tunnel */ c( "create-new-ucast-tunnel" /* Create new unicast tunnel for ingress replication */, "label-switched-path" ( /* Point-to-point LSP unicast tunnel */ c( "label-switched-path-template" ( /* Template for dynamic point-to-point LSP parameters */ c( c( arg /* Name of point-to-point LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ) ), "rsvp-te" ( /* RSVP-TE point-to-multipoint LSP for flooding */ c( c( "label-switched-path-template" ( /* Template for dynamic point-to-multipoint LSP parameters */ c( c( arg /* Name of point-to-multipoint LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ), "ldp-p2mp" /* LDP point-to-multipoint LSP for flooding */ ), "inter-region-segmented" ( /* Inter-Region Segmented LSP triggered by threshold rate and/or fan-out */ c( "threshold" arg /* Data threshold rate to trigger segmentation */, "fan-out" arg /* Number of remote Leaf-AD routes */ ) ) ) ), "inter-region" ( /* Inter-region segmented tunnels */ c( c( "template" arg /* Use inter-region segmentation template */, "no-inter-region-segmentation" /* Do not participate in inter-region segmentation */ ) ) ), "inter-region-segmented" ( /* Inter-Region Segmented LSP triggered by fan-out factor only */ c( "fan-out" arg /* Number of remote Leaf-AD routes */ ) ), "selective" ( /* Selective tunnels */ c( "tunnel-limit" arg /* Maximum number of selective tunnels */, "leaf-tunnel-limit-inet" arg /* Maximum number of selective leaf tunnels for v4 */, "leaf-tunnel-limit-inet6" arg /* Maximum number of selective leaf tunnels for v6 */, "wildcard-group-inet" ( /* IPv4 wilcard group matching any group address */ c( "wildcard-source" ( /* Use Selective-Tunnel for wildcard-source (*,G) joins */ c( "threshold-rate" arg /* Data threshold to create new tunnel */, c( "ingress-replication" ( /* Ingress replication tunnel */ c( "create-new-ucast-tunnel" /* Create new unicast tunnel for ingress replication */, "label-switched-path" ( /* Point-to-point LSP unicast tunnel */ c( "label-switched-path-template" ( /* Template for dynamic point-to-point LSP parameters */ c( c( arg /* Name of point-to-point LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ) ), "rsvp-te" ( /* RSVP-TE point-to-multipoint LSP for flooding */ c( c( "static-lsp" arg /* Name of point-to-multipoint LSP */, "label-switched-path-template" ( /* Template for dynamic point-to-multipoint LSP parameters */ c( c( arg /* Name of point-to-multipoint LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ), "ldp-p2mp" /* LDP point-to-multipoint LSP for flooding */, "pim-ssm" ( /* PIM-SSM provider tunnel */ c( "group-range" ( /* PIM-SSM provider tunnel group range */ ipv4prefix /* PIM-SSM provider tunnel group range */ ) ) ) ), "inter-region-segmented" ( /* Inter-Region Segmented LSP triggered by fan-out factor only */ c( "fan-out" arg /* Number of remote Leaf-AD routes */ ) ) ) ) ) ), "wildcard-group-inet6" ( /* IPv6 wilcard group matching any group address */ c( "wildcard-source" ( /* Use Selective-Tunnel for wildcard-source (*,G) joins */ c( "threshold-rate" arg /* Data threshold to create new tunnel */, c( "ingress-replication" ( /* Ingress replication tunnel */ c( "create-new-ucast-tunnel" /* Create new unicast tunnel for ingress replication */, "label-switched-path" ( /* Point-to-point LSP unicast tunnel */ c( "label-switched-path-template" ( /* Template for dynamic point-to-point LSP parameters */ c( c( arg /* Name of point-to-point LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ) ), "rsvp-te" ( /* RSVP-TE point-to-multipoint LSP for flooding */ c( c( "static-lsp" arg /* Name of point-to-multipoint LSP */, "label-switched-path-template" ( /* Template for dynamic point-to-multipoint LSP parameters */ c( c( arg /* Name of point-to-multipoint LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ), "ldp-p2mp" /* LDP point-to-multipoint LSP for flooding */, "pim-ssm" ( /* PIM-SSM provider tunnel */ c( "group-range" ( /* PIM-SSM provider tunnel group range */ ipv4prefix /* PIM-SSM provider tunnel group range */ ) ) ) ), "inter-region-segmented" ( /* Inter-Region Segmented LSP triggered by fan-out factor only */ c( "fan-out" arg /* Number of remote Leaf-AD routes */ ) ) ) ) ) ), "group" arg ( /* IP prefix of multicast group */ c( "wildcard-source" ( /* Use Selective-Tunnel for wildcard-source (*,G) joins */ c( "threshold-rate" arg /* Data threshold to create new tunnel */, c( "ingress-replication" ( /* Ingress replication tunnel */ c( "create-new-ucast-tunnel" /* Create new unicast tunnel for ingress replication */, "label-switched-path" ( /* Point-to-point LSP unicast tunnel */ c( "label-switched-path-template" ( /* Template for dynamic point-to-point LSP parameters */ c( c( arg /* Name of point-to-point LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ) ), "rsvp-te" ( /* RSVP-TE point-to-multipoint LSP for flooding */ c( c( "static-lsp" arg /* Name of point-to-multipoint LSP */, "label-switched-path-template" ( /* Template for dynamic point-to-multipoint LSP parameters */ c( c( arg /* Name of point-to-multipoint LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ), "ldp-p2mp" /* LDP point-to-multipoint LSP for flooding */, "pim-ssm" ( /* PIM-SSM provider tunnel */ c( "group-range" ( /* PIM-SSM provider tunnel group range */ ipv4prefix /* PIM-SSM provider tunnel group range */ ) ) ) ), "inter-region-segmented" ( /* Inter-Region Segmented LSP triggered by threshold rate and/or fan-out */ c( "threshold" arg /* Data threshold rate to trigger segmentation */, "fan-out" arg /* Number of remote Leaf-AD routes */ ) ) ) ), "source" arg ( /* IP prefix of one or more multicast sources */ c( c( "ingress-replication" ( /* Ingress replication tunnel */ c( "create-new-ucast-tunnel" /* Create new unicast tunnel for ingress replication */, "label-switched-path" ( /* Point-to-point LSP unicast tunnel */ c( "label-switched-path-template" ( /* Template for dynamic point-to-point LSP parameters */ c( c( arg /* Name of point-to-point LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ) ), "rsvp-te" ( /* RSVP-TE point-to-multipoint LSP for flooding */ c( c( "static-lsp" arg /* Name of point-to-multipoint LSP */, "label-switched-path-template" ( /* Template for dynamic point-to-multipoint LSP parameters */ c( c( arg /* Name of point-to-multipoint LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ), "pim-ssm" ( /* PIM-SSM provider tunnel */ c( "group-range" ( /* PIM-SSM provider tunnel group range */ ipv4prefix /* PIM-SSM provider tunnel group range */ ) ) ), "ldp-p2mp" /* LDP point-to-multipoint LSP for flooding */ ), "threshold-rate" arg /* Data threshold to create new tunnel */, "inter-region-segmented" ( /* Inter-Region Segmented LSP triggered by threshold rate and/or fan-out */ c( "threshold" arg /* Data threshold rate to trigger segmentation */, "fan-out" arg /* Number of remote Leaf-AD routes */ ) ) ) ) ) ) ) ), "mdt" ( /* Data MDT tunnels for PIM MVPN */ c( "threshold" ( /* Threshold for creation of multicast tunnels */ c( "group" arg ( /* IP prefix of multicast group */ c( "source" arg ( /* IP prefix of one or more multicast sources */ c( "rate" arg /* Data threshold to create new tunnel */ ) ) ) ) ) ), "data-mdt-reuse" /* Allow multiple customer streams to be transmitted over one data tunnel */, "tunnel-limit" arg /* Maximum multicast data tunnels */, "group-range" ( /* Group address range for multicast data tunnels */ ipprefix /* Group address range for multicast data tunnels */ ) ) ), "family" ( c( "inet" ( c( c( "rsvp-te" ( /* RSVP-TE point-to-multipoint LSP for flooding */ c( c( "static-lsp" arg /* Name of point-to-multipoint LSP */, "label-switched-path-template" ( /* Template for dynamic point-to-multipoint LSP parameters */ c( c( arg /* Name of point-to-multipoint LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ), "ldp-p2mp" /* LDP point-to-multipoint LSP for flooding */, "ingress-replication" ( /* Ingress replication tunnel */ c( "create-new-ucast-tunnel" /* Create new unicast tunnel for ingress replication */, "label-switched-path" ( /* Point-to-point LSP unicast tunnel */ c( "label-switched-path-template" ( /* Template for dynamic point-to-point LSP parameters */ c( c( arg /* Name of point-to-point LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ) ), "pim-asm" ( /* PIM-SM provider tunnel */ c( "group-address" ( /* PIM-SM provider tunnel group address */ ipv4addr /* PIM-SM provider tunnel group address */ ), "tunnel-source" ( /* Source address for the provider space mGRE tunnel */ ipv4addr /* Source address for the provider space mGRE tunnel */ ) ) ), "pim-ssm" ( /* PIM-SSM provider tunnel */ c( "group-address" ( /* PIM-SSM provider tunnel group address */ ipv4addr /* PIM-SSM provider tunnel group address */ ), "tunnel-source" ( /* Source address for the provider space mGRE tunnel */ ipv4addr /* Source address for the provider space mGRE tunnel */ ) ) ) ), "mdt" ( /* IPv4 Data MDT tunnels for PIM MVPN */ c( "threshold" ( /* Threshold for creation of multicast tunnels */ c( "group" arg ( /* IP prefix of multicast group */ c( "source" arg ( /* IP prefix of one or more multicast sources */ c( "rate" arg /* Data threshold to create new tunnel */ ) ) ) ) ) ), "data-mdt-reuse" /* Allow multiple customer streams to be transmitted over one data tunnel */, "tunnel-limit" arg /* Maximum multicast data tunnels */, "group-range" ( /* Group address range for multicast data tunnels */ ipprefix /* Group address range for multicast data tunnels */ ) ) ) ) ), "inet6" ( c( c( "rsvp-te" ( /* RSVP-TE point-to-multipoint LSP for flooding */ c( c( "static-lsp" arg /* Name of point-to-multipoint LSP */, "label-switched-path-template" ( /* Template for dynamic point-to-multipoint LSP parameters */ c( c( arg /* Name of point-to-multipoint LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ), "ldp-p2mp" /* LDP point-to-multipoint LSP for flooding */, "ingress-replication" ( /* Ingress replication tunnel */ c( "create-new-ucast-tunnel" /* Create new unicast tunnel for ingress replication */, "label-switched-path" ( /* Point-to-point LSP unicast tunnel */ c( "label-switched-path-template" ( /* Template for dynamic point-to-point LSP parameters */ c( c( arg /* Name of point-to-point LSP template */, "default-template" /* Use default parameters */ ) ) ) ) ) ) ), "pim-asm" ( /* PIM-SM provider tunnel */ c( "group-address" ( /* PIM-SM provider tunnel group address */ ipv4addr /* PIM-SM provider tunnel group address */ ), "tunnel-source" ( /* Source address for the provider space mGRE tunnel */ ipv4addr /* Source address for the provider space mGRE tunnel */ ) ) ), "pim-ssm" ( /* PIM-SSM provider tunnel */ c( "group-address" ( /* PIM-SSM provider tunnel group address */ ipv4addr /* PIM-SSM provider tunnel group address */ ), "tunnel-source" ( /* Source address for the provider space mGRE tunnel */ ipv4addr /* Source address for the provider space mGRE tunnel */ ) ) ) ), "mdt" ( /* IPv6 Data MDT tunnels for PIM MVPN */ c( "threshold" ( /* Threshold for creation of multicast tunnels */ c( "group" arg ( /* IP prefix of multicast group */ c( "source" arg ( /* IP prefix of one or more multicast sources */ c( "rate" arg /* Data threshold to create new tunnel */ ) ) ) ) ) ), "data-mdt-reuse" /* Allow multiple customer streams to be transmitted over one data tunnel */, "tunnel-limit" arg /* Maximum multicast data tunnels */, "group-range" ( /* Group address range for multicast data tunnels */ ipprefix /* Group address range for multicast data tunnels */ ) ) ) ) ) ) ) ) ), "multicast-snooping-options" ( /* Multicast snooping option configuration */ juniper_multicast_snooping_options /* Multicast snooping option configuration */ ), "igmp-snooping-options" ( /* IGMP snooping option configuration */ juniper_igmp_snooping_options /* IGMP snooping option configuration */ ), "mld-snooping-options" ( /* MLD snooping option configuration */ juniper_mld_snooping_options /* MLD snooping option configuration */ ), "vlans" ( /* VLAN configuration */ c( vlan_types /* Virtual LAN */ ) ) ) ) end rule(:juniper_igmp_snooping_options) do c( "use-p2mp-lsp" /* P2MP will be used to forward traffic instead of PW */, "snoop-pseudowires" /* VPLS PE would send traffic selectively to PE's having interest */ ) end rule(:juniper_mld_snooping_options) do c( "use-p2mp-lsp" /* P2MP will be used to forward traffic instead of PW */, "snoop-pseudowires" /* VPLS PE would send traffic selectively to PE's having interest */ ) end rule(:juniper_protocols_l2vpn) do c( "bum-hashing" /* Enable BUM hashing feature in the instance */, "enable-mac-move-action" /* Enable VPLS loop prevention feature in the instance */, "mac-pinning" /* Enable MAC pinning */, "mac-table-size" ( /* Size of MAC address forwarding table */ c( arg, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop") ) ) ), "mac-ip-table-size" ( /* Size of MAC+IP bindings table */ c( arg ) ), "interface-mac-limit" ( /* Maximum MAC address learned per interface */ c( arg, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop" | "log" | "shutdown" | "drop-and-log") ) ) ), "interface-mac-ip-limit" ( /* Maximum MAC+IP bindings learned per interface */ c( arg ) ), "mac-notification" ( /* MAC notification options */ c( "notification-interval" arg /* Interval for sending MAC notifications */ ) ), "mac-table-aging-time" arg /* Delay for discarding MAC address if no updates are received */, "no-mac-learning" /* Disable dynamic MAC address learning */, "no-normalization" /* Disable vlan id normalization for interfaces */, "mac-statistics" /* Enable MAC address statistics */, "mib" ( /* Snmp mib options */ c( "dot1q-mib" ( /* Dot1q MIB configuration options */ c( "port-list" ( /* Port list for staticegressports and staticuntaggedports MIB */ ("bit-map" | "string") ) ) ) ) ), "static-rvtep-mac" ( /* Configure Static MAC and remote VxLAN tunnel endpoint entries */ c( "mac" ( /* Unicast MAC address */ s( arg, "remote-vtep" arg /* Configure static remote VXLAN tunnel endpoints */ ) ).as(:oneline) ) ), "interface" arg ( /* Interface that connect this site to the VPN */ c( "interface-mac-limit" ( /* Maximum number of MAC addresses learned on the interface */ c( arg, "disable" /* Disable interface for interface-mac-limit */, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop" | "log" | "shutdown" | "drop-and-log") ) ) ), "action-priority" arg /* Blocking priority of this interface on mac move detection */, "static-mac" arg ( /* Static MAC addresses assigned to this interface */ c( "vlan-id" arg /* VLAN ID of learning VLAN */ ) ), "interface-mac-ip-limit" ( /* Maximum number of MAC+IP bindings learned on the interface */ c( arg ) ), "no-mac-learning" /* Disable dynamic MAC address learning */, "mac-pinning" /* Enable MAC pinning */, "persistent-learning" /* Enable persistent MAC learning on this interface */, "vpws-service-id" ( /* Service-id for EVPN VPWS routing instance */ c( "local" arg /* Local EVPN VPWS service id */, "remote" arg /* Remote EVPN VPWS service id */ ) ), "flow-label-transmit-static" /* Push Flow Label on PW packets sent to remote PE */, "flow-label-receive-static" /* Pop Flow Label from PW packets received from remote PE */, "protect-interface" ( /* Name of protect interface */ interface_name /* Name of protect interface */ ), "remote-site-id" arg /* Site identifier associated with this interface */, "target-attachment-identifier" arg /* FEC 129 VPWS target attachment identifier */, "flow-label-transmit" /* Advertise capability to push Flow Label in transmit direction to remote PE */, "flow-label-receive" /* Advertise capability to pop Flow Label in receive direction to remote PE */, "encapsulation-type" ( /* Encapsulation type for VPN */ ("atm-aal5" | "atm-cell" | "atm-cell-port-mode" | "atm-cell-vp-mode" | "atm-cell-vc-mode" | "frame-relay" | "ppp" | "cisco-hdlc" | "ethernet-vlan" | "ethernet" | "interworking" | "frame-relay-port-mode" | "satop-t1" | "satop-e1" | "satop-t3" | "satop-e3" | "cesop") ), "ignore-encapsulation-mismatch" /* Allow different encapsulation types on local and remote end */, "mtu" arg /* MTU to be advertised to the remote end */, "ignore-mtu-mismatch" /* Allow different MTU values on local and remote end */, c( "control-word" /* Adds control-word to the Layer 2 encapsulation */, "no-control-word" /* Disables control-word to the Layer 2 encapsulation */ ), "pseudowire-status-tlv" /* Send pseudowire status TLV */, "oam" ( /* OAM Configuration for VPN */ c( "ping-interval" arg /* Time interval between ping messages */, "ping-multiplier" arg /* Number of ping reply missed before declaring BFD down */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ) ) ) ) ), "community" arg /* Community associated with this interface */, "description" arg /* Text description */ ) ), "site" arg ( /* Sites connected to this provider equipment */ c( "mac-pinning" /* Enable MAC pinning */, "mesh-group" arg /* Mesh-groups that are part of this site */, "interface" arg ( /* Interface that connect this site to the VPN */ c( "interface-mac-limit" ( /* Maximum number of MAC addresses learned on the interface */ c( arg, "disable" /* Disable interface for interface-mac-limit */, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop" | "log" | "shutdown" | "drop-and-log") ) ) ), "action-priority" arg /* Blocking priority of this interface on mac move detection */, "static-mac" arg ( /* Static MAC addresses assigned to this interface */ c( "vlan-id" arg /* VLAN ID of learning VLAN */ ) ), "interface-mac-ip-limit" ( /* Maximum number of MAC+IP bindings learned on the interface */ c( arg ) ), "no-mac-learning" /* Disable dynamic MAC address learning */, "mac-pinning" /* Enable MAC pinning */, "persistent-learning" /* Enable persistent MAC learning on this interface */, "remote-site-id" arg /* Site identifier associated with this interface */, "target-attachment-identifier" arg /* FEC 129 VPWS target attachment identifier */, "flow-label-transmit" /* Advertise capability to push Flow Label in transmit direction to remote PE */, "flow-label-receive" /* Advertise capability to pop Flow Label in receive direction to remote PE */, "encapsulation-type" ( /* Encapsulation type for VPN */ ("atm-aal5" | "atm-cell" | "atm-cell-port-mode" | "atm-cell-vp-mode" | "atm-cell-vc-mode" | "frame-relay" | "ppp" | "cisco-hdlc" | "ethernet-vlan" | "ethernet" | "interworking" | "frame-relay-port-mode" | "satop-t1" | "satop-e1" | "satop-t3" | "satop-e3" | "cesop") ), "ignore-encapsulation-mismatch" /* Allow different encapsulation types on local and remote end */, "mtu" arg /* MTU to be advertised to the remote end */, "ignore-mtu-mismatch" /* Allow different MTU values on local and remote end */, c( "control-word" /* Adds control-word to the Layer 2 encapsulation */, "no-control-word" /* Disables control-word to the Layer 2 encapsulation */ ), "pseudowire-status-tlv" /* Send pseudowire status TLV */, "oam" ( /* OAM Configuration for VPN */ c( "ping-interval" arg /* Time interval between ping messages */, "ping-multiplier" arg /* Number of ping reply missed before declaring BFD down */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ) ) ) ) ), "community" arg /* Community associated with this interface */, "description" arg /* Text description */ ) ), c( "site-identifier" arg /* Layer 2 VPN or VPLS site identifier (unique in the VPN) */, "automatic-site-id" ( /* Enable automatic assignment of site identifier */ c( "startup-wait-time" arg /* Time to wait at startup before claming a site identifier (seconds) */, "new-site-wait-time" arg /* Time to wait before claiming a site identifier */, "collision-detect-time" arg /* Time to wait for detecting a collision */, "reclaim-wait-time" ( /* Time to wait for reclaiming a site identifier */ sc( "minimum" arg /* Minimum wait time */, "maximum" arg /* Maximum wait time */ ) ).as(:oneline) ) ) ), "source-attachment-identifier" arg /* FEC 129 VPWS source attachment identifier */, "flow-label-transmit" /* Advertise capability to push Flow Label in transmit direction to remote PE */, "flow-label-receive" /* Advertise capability to push Flow Label in receive direction to remote PE */, "encapsulation-type" ( /* Encapsulation type for VPN */ ("atm-aal5" | "atm-cell" | "atm-cell-port-mode" | "atm-cell-vp-mode" | "atm-cell-vc-mode" | "frame-relay" | "ppp" | "cisco-hdlc" | "ethernet-vlan" | "ethernet" | "interworking" | "frame-relay-port-mode" | "satop-t1" | "satop-e1" | "satop-t3" | "satop-e3" | "cesop") ), "ignore-encapsulation-mismatch" /* Allow different encapsulation types on local and remote end */, c( "control-word" /* Adds control-word to the Layer 2 encapsulation */, "no-control-word" /* Disables control-word to the Layer 2 encapsulation */ ), "pseudowire-status-tlv" /* Send pseudowire status TLV */, "oam" ( /* OAM Configuration for VPN */ c( "ping-interval" arg /* Time interval between ping messages */, "ping-multiplier" arg /* Number of ping reply missed before declaring BFD down */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ) ) ) ) ), "community" arg /* Community associated with this site */, "multi-homing" ( /* Enable multi-homing functionality for this site */ c( "hold-time" arg /* Enable multi-homing non-designated forwarder hold time (seconds) */ ) ), "site-preference" ( /* Layer 2 VPN or VPLS site preference */ ("primary" | "backup" | arg) ), "hot-standby" /* Keep backup pseudowire in continuous standby mode and ready for traffic forwarding */, "mtu" arg /* MTU to be advertised to the remote end */, "ignore-mtu-mismatch" /* Allow different MTU values on local and remote end */, "active-interface" ( /* Configure interface to designate as active */ sc( c( "any" /* One configured interface is designated active at random */, "primary" ( /* Interface to designate as active if it is operational */ interface_name /* Interface to designate as active if it is operational */ ) ) ) ).as(:oneline), "best-site" /* Activates best-site functionality for this instance */ ) ), "neighbor" arg ( /* Neighbor for this VPLS instance */ c( "mac-pinning" /* Enable MAC pinning */, "static" ( /* Configuration of static vpls */ c( "incoming-label" arg /* VPLS incoming static label [1000000 - 1048575] or [29696 - 41983] */, "outgoing-label" arg /* VPLS outgoing static label */, c( "control-word" /* Adds control-word to the Layer 2 encapsulation */, "no-control-word" /* Disables control-word to the Layer 2 encapsulation */ ) ) ), "associate-profile" ( /* Associate profile options for dynamic IFL */ c( arg, "profile-variable-set" arg /* Associate dynamic variable set with the profile */ ) ), "psn-tunnel-endpoint" ( /* Endpoint of the transport tunnel on the remote PE */ ipv4addr /* Endpoint of the transport tunnel on the remote PE */ ), "community" arg /* Community associated with this neighbor */, "encapsulation-type" ( /* Encapsulation type for VPN */ ("ethernet-vlan" | "ethernet") ), "ignore-encapsulation-mismatch" /* Allow different encapsulation types on local and remote end */, "pseudowire-status-tlv" ( /* Send pseudowire status TLV */ c( "hot-standby-vc-on" /* Activate pseudowire upon arrival of 'hot-standby' status TLV message */ ) ), "switchover-delay" arg /* Pseudowire switchover delay */, "revert-time" ( /* Enable pseudowire redundancy reversion (seconds) */ sc( arg, "maximum" arg /* Maximum reversion interval to add over revert-time delay */ ) ).as(:oneline), "connection-protection" /* End-2-end protection via OAM failure detection */, "backup-neighbor" arg ( /* Configuration of redundant l2circuit */ c( "static" ( /* Configuration of static vpls */ c( "incoming-label" arg /* VPLS incoming static label [1000000 - 1048575] or [29696 - 41983] */, "outgoing-label" arg /* VPLS outgoing static label */ ) ), "community" arg /* Community associated with this Layer 2 circuit */, "psn-tunnel-endpoint" ( /* Endpoint of the transport tunnel on the remote PE */ ipv4addr /* Endpoint of the transport tunnel on the remote PE */ ), "standby" /* Keep backup pseudowire in continuous standby */, "hot-standby" /* Keep backup pseudowire in continuous standby mode and ready for traffic forwarding */ ) ), "oam" ( /* OAM Configuration for VPN */ c( "ping-interval" arg /* Time interval between ping messages */, "ping-multiplier" arg /* Number of ping reply missed before declaring BFD down */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ) ) ) ) ) ) ), "mesh-group" arg ( /* Mesh-group under this VPLS instance */ c( "local-switching" /* Allow local-switching within interfaces in this mesh-group */, "neighbor" arg ( /* Neighbor belonging to this mesh-group */ c( "mac-pinning" /* Enable MAC pinning */, "static" ( /* Configuration of static vpls */ c( "incoming-label" arg /* VPLS incoming static label [1000000 - 1048575] or [29696 - 41983] */, "outgoing-label" arg /* VPLS outgoing static label */, c( "control-word" /* Adds control-word to the Layer 2 encapsulation */, "no-control-word" /* Disables control-word to the Layer 2 encapsulation */ ) ) ), "associate-profile" ( /* Associate profile options for dynamic IFL */ c( arg, "profile-variable-set" arg /* Associate dynamic variable set with the profile */ ) ), "psn-tunnel-endpoint" ( /* Endpoint of the transport tunnel on the remote PE */ ipv4addr /* Endpoint of the transport tunnel on the remote PE */ ), "community" arg /* Community associated with this neighbor */, "encapsulation-type" ( /* Encapsulation type for VPN */ ("ethernet-vlan" | "ethernet") ), "ignore-encapsulation-mismatch" /* Allow different encapsulation types on local and remote end */, "pseudowire-status-tlv" ( /* Send pseudowire status TLV */ c( "hot-standby-vc-on" /* Activate pseudowire upon arrival of 'hot-standby' status TLV message */ ) ), "switchover-delay" arg /* Pseudowire switchover delay */, "revert-time" ( /* Enable pseudowire redundancy reversion (seconds) */ sc( arg, "maximum" arg /* Maximum reversion interval to add over revert-time delay */ ) ).as(:oneline), "connection-protection" /* End-2-end protection via OAM failure detection */, "backup-neighbor" arg ( /* Configuration of redundant l2circuit */ c( "static" ( /* Configuration of static vpls */ c( "incoming-label" arg /* VPLS incoming static label [1000000 - 1048575] or [29696 - 41983] */, "outgoing-label" arg /* VPLS outgoing static label */ ) ), "community" arg /* Community associated with this Layer 2 circuit */, "psn-tunnel-endpoint" ( /* Endpoint of the transport tunnel on the remote PE */ ipv4addr /* Endpoint of the transport tunnel on the remote PE */ ), "standby" /* Keep backup pseudowire in continuous standby */, "hot-standby" /* Keep backup pseudowire in continuous standby mode and ready for traffic forwarding */ ) ), "oam" ( /* OAM Configuration for VPN */ c( "ping-interval" arg /* Time interval between ping messages */, "ping-multiplier" arg /* Number of ping reply missed before declaring BFD down */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ) ) ) ) ), "vpls-id-list" arg /* LDP VPLS Identifier list for this neighbor */ ) ), "interface" arg /* Interfaces belonging to this flood group */, "associate-profile" ( /* Associate profile options for dynamic IFL */ c( arg, "profile-variable-set" arg /* Associate dynamic variable set with the profile */ ) ), c( "peer-as" ( /* Autonomous system of the peer */ c( "all" /* Include peers from all autonomous systems */ ) ) ), "vpls-id" arg /* LDP VPLS Identifier for this mesh-group */, "vrf-import" ( /* Import policy for VPLS instance mesh-group */ policy_algebra /* Import policy for VPLS instance mesh-group */ ), "vrf-export" ( /* Export policy for VPLS instance mesh-group */ policy_algebra /* Export policy for VPLS instance mesh-group */ ), "vrf-target" ( /* VPLS mesh-group target community configuration */ c( arg /* Target community to use in import and export */, "import" arg /* Target community to use when filtering on import */, "export" arg /* Target community to use when marking routes on export */ ) ), "mac-flush" ( /* Enables mac-flush processing */ c( "any-interface" /* Send mac-flush when any AC interface goes down */, "any-spoke" /* Send mac-flush when any spoke pseudo wire goes down */, "propagate" /* Propagate mac-flush to the core */ ) ), "route-distinguisher" ( /* Route distinguisher for this mesh-group */ sc( arg /* Number in (16 bit:32 bit) or (32 bit 'L':16 bit) or (IP address:16 bit) format */ ) ).as(:oneline) ) ), "proxy-mac" ( /* Proxy MAC settings */ c( "irb" /* Reply with virtual-gateway MAC or IRB MAC */, mac_unicast /* Reply with configured MAC for all requests */ ) ), "mclag" ( /* EVPN with MC-LAG support */ c( "bgp-peer" ( /* Configure IP address of BGP neighbor, which is also MC-LAG peer */ ipaddr /* Configure IP address of BGP neighbor, which is also MC-LAG peer */ ), "source-vtep-peer" ( /* Confiugure IP address of MC-LAG peer's source vtep IP address */ ipaddr /* Confiugure IP address of MC-LAG peer's source vtep IP address */ ) ) ), "service-type" ( /* Specify service type for vpls */ ("single") ), "designated-forwarder-election-hold-time" arg /* Time to wait before electing a DF(seconds) */, "designated-forwarder-preference-least" /* Use least preference in DF election */, "encapsulation" ( /* Encapsulation type for EVPN */ ("mpls" | "vxlan" | "mpls-inet6") ), "default-gateway" ( /* Default gateway mode */ ("advertise" | "no-gateway-community" | "do-not-advertise") ), "duplicate-mac-detection" ( /* Duplicate MAC detection settings */ c( "detection-threshold" arg /* Number of moves to trigger duplicate MAC detection */, "detection-window" arg /* Time window for detection of duplicate MACs */, "auto-recovery-time" arg /* Automatically unblock duplicate MACs after a time delay */ ) ), c( "extended-vlan-list" arg /* List of VLAN identifiers that are to be EVPN extended */, "extended-vni-list" arg /* List of VNI identifiers (1..16777214) or all, that are to be EVPN extended */, "extended-isid-list" arg /* Configure list of isids or all for extending to PBB EVPN */ ), "evi-options" ( /* EVI options */ juniper_protocols_evi_options /* EVI options */ ), "p2mp-bud-support" /* Enable EVPN to act as P2MP transit and egress PE (bud) */, "remote-ip-host-routes" ( /* Virtual machine traffic optimization(VMTO) for EVPN */ c( "import" ( /* Policy to control the creation of remote IP host routes */ policy_algebra /* Policy to control the creation of remote IP host routes */ ), "no-advertise-community" /* Don't advertise Type 2 route's community */ ) ), "pbb-evpn-core" /* Configure PBB EVPN core */, "label-allocation" ( /* Label allocation policy */ ("per-instance") ), "evpn-etree" /* Evpn etree mode */, "assisted-replication" ( /* Option to enable Assisted Replication */ c( c( "leaf" ( /* Assisted Replicator Leaf */ c( "replicator-activation-delay" arg /* Dealy interval in starting replication */ ) ), "replicator" ( /* Assisted Replicator */ c( c( "inet" ( /* IPv4 source */ c( ipv4addr /* Assisted Replicator IP address */ ) ) ), "vxlan-encapsulation-source-ip" ( /* VXLAN encapsulation source IP for replicated traffic */ ("ingress-replication-ip") ) ) ) ) ) ), "vrf-target" ( /* VRF target community configuration */ c( arg /* Target community to use in import and export */ ) ), "interconnect" ( /* Interconnect */ juniper_protocols_evpn_interconnect /* Interconnect */ ), "pmsi-tunnel-endpoint" ( /* IM IR PMSI tunnel Endpoint for remote PE */ ipv4addr /* IM IR PMSI tunnel Endpoint for remote PE */ ), "pmsi-tunnel-endpoint-inet6" ( /* IM IR PMSI IPv6 tunnel Endpoint for remote PE */ ipv6addr /* IM IR PMSI IPv6 tunnel Endpoint for remote PE */ ), "normalization" /* Enable vlan id normalization for interfaces */, "ip-prefix-routes" ( /* Advertise IP prefixes through EVPN */ c( "advertise" ( /* Advertisement attributes for IP prefixes */ ("gateway-address" | "direct-nexthop") ), "gateway-interface" ( /* Gateway interface used when gateway address is advertised */ interface_unit /* Gateway interface used when gateway address is advertised */ ), "encapsulation" ( /* Encapsulation used for IP prefixes */ ("mpls" | "vxlan") ), "vni" arg /* VXLAN network identifier used for IP prefixes */, "import" ( /* Policy to control import of IP prefixes from EVPN */ policy_algebra /* Policy to control import of IP prefixes from EVPN */ ), "export" ( /* Policy to control export of IP prefixes through EVPN */ policy_algebra /* Policy to control export of IP prefixes through EVPN */ ), "route-attributes" ( /* Route Attribute Import Export Option */ c( "as-path" ( /* AS-PATH Attribute */ c( "import-action" ( /* AS-PATH Attribute Inherit Option on Import */ ("allow" | "skip") ), "export-action" ( /* AS-PATH Attribute Inherit Option on Export */ ("allow" | "skip") ) ) ), "preference" ( /* Preference Attribute */ c( "import-action" ( /* Preference Attribute Inerit Option on Import */ ("allow" | "skip") ), "export-action" ( /* Preference Attribute Inherit Option on Export */ ("allow" | "skip") ) ) ), "community" ( /* Community Attribute */ c( "import-action" ( /* Community Attribute Inherit Option on Import */ ("allow" | "skip") ), "export-action" ( /* Community Attribute Inherit Option on Export */ ("allow" | "skip") ) ) ) ) ) ) ), "igmp-id" arg /* EVPN IGMP Identifier value */, "multicast-mode" ( /* Multicast mode for EVPN */ ("ingress-replication") ), "oism" ( /* EVPN Multicast OISM features */ c( "supplemental-bridge-domain-irb" ( /* OISM SBD irb interface address */ interface_unit /* OISM SBD irb interface address */ ), "originate-smet-on-revenue-vlan-too" /* Originate smet route on revenue vlan too */, "pim-evpn-gateway" ( /* Configure PIM EVPN Gateway PEG parameters */ c( "external-irb" arg /* List of IRBs for external connectivity */ ) ) ) ), c( "flexible-cross-connect-vlan-aware" /* Enable EVPN flexible cross-connect VLAN aware Service */, "flexible-cross-connect-vlan-unaware" /* Enable EVPN flexible cross-connect VLAN unaware Service */ ), "auto-service-id" /* Enable auto-derivation of VPWS service instance identifier */, "hot-standby-on" /* Activate evpn vpws upon becoming DF */, "group" arg ( /* Enable EVPN flexible cross-connect VLAN unaware Service */ c( "esi" ( /* ESI configuration to group vlan unaware cross connects */ c( esi /* ESI value for grouping of vlan unaware cross connects */ ) ), "interface" arg /* Name of the interface part of vlan unaware fxc */, "service-id" ( /* Service-id for vlan unaware cross connects for EVPN VPWS */ c( "local" arg /* Local service id for vlan unaware service */, "remote" arg /* Remote service id for vlan unaware service */ ) ) ) ), "vni-options" ( /* VNI options */ c( "vni" arg ( /* Per-vni options */ c( "vrf-target" ( /* VRF target community configuration */ c( "export" arg /* Target community to use when marking routes on export */, arg /* Target community */ ) ) ) ) ) ), "traceoptions" ( /* Trace options for Layer 2 VPNs */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("error" | "topology" | "nlri" | "connections" | "automatic-site" | "oam" | "mac-database" | "nsr" | "egress-protection" | "instance" | "interface" | "l2aldsync" | "p2mp" | "esi" | "mcsn" | "vpws" | "irb" | "ar" | "etree" | "kernel" | "bd" | "pbb" | "infra" | "pfxdb" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "encapsulation-type" ( /* Encapsulation type for VPN */ ("atm-aal5" | "atm-cell" | "atm-cell-port-mode" | "atm-cell-vp-mode" | "atm-cell-vc-mode" | "frame-relay" | "ppp" | "cisco-hdlc" | "ethernet-vlan" | "ethernet" | "interworking" | "frame-relay-port-mode" | "satop-t1" | "satop-e1" | "satop-t3" | "satop-e3" | "cesop") ), "control-word" /* Add control word to the Layer 2 encapsulation */, "no-control-word" /* Disables control word on the Layer 2 encapsulation */, "site-range" arg /* Maximum site identifier in this VPLS domain */, "label-block-size" ( /* Label block size for this VPLS instance */ ("2" | "4" | "8" | "16") ), c( "tunnel-services" ( /* Use tunnel services for this VPLS instance */ c( "devices" ( /* Tunnel services devices to use for this VPLS instance */ interface_device /* Tunnel services devices to use for this VPLS instance */ ), "primary" ( /* Primary tunnel services device to use for VPLS instance */ interface_device /* Primary tunnel services device to use for VPLS instance */ ) ) ), "no-tunnel-services" /* Do not use tunnel services for this VPLS instance */ ), "community" arg /* Community associated with this VPLS instance */, "vpls-id" arg /* Identifier for this VPLS instance */, "mtu" arg /* MTU to be advertised to the remote end */, "ignore-mtu-mismatch" /* Allow different MTU values on local and remote end */, "mac-flush" ( /* Enables mac-flush processing */ c( "any-interface" /* Send mac-flush when any AC interface goes down */, "any-spoke" /* Send mac-flush when any spoke pseudo wire goes down */, "propagate" /* Propagate mac-flush to the core */ ) ), "ignore-encapsulation-mismatch" /* Allow different encapsulation types on local and remote end */, "pseudowire-status-tlv" /* Send pseudowire status TLV */, "flow-label-transmit" /* Advertise capability to push Flow Label in transmit direction to remote PE */, "flow-label-receive" /* Advertise capability to pop Flow Label in receive direction to remote PE */, "flow-label-transmit-static" /* Push Flow Label on PW packets sent to remote PE */, "flow-label-receive-static" /* Pop Flow Label from PW packets received from remote PE */, "associate-profile" ( /* Associate profile options for dynamic IFL */ c( arg, "profile-variable-set" arg /* Associate dynamic variable set with the profile */ ) ), "connectivity-type" ( /* Specify type of interface sufficient to bring vpls connection up */ ("ce" | "irb" | "permanent") ), "import-labeled-routes" arg /* Import ingress label route to instance.mpls.0 from mpls.0 */.as(:oneline), "oam" ( /* OAM Configuration for VPN */ c( "ping-interval" arg /* Time interval between ping messages */, "ping-multiplier" arg /* Number of ping reply missed before declaring BFD down */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ) ) ), "control-channel" ( /* Supported control channel type */ c( c( "pwe3-control-word" /* For BGP based PW send oam packets with control word, with 0001b as first nibble */, "router-alert-label" /* For BGP based PW send oam packets with router alert label */, "pw-label-ttl-1" /* For BGP based PW send oam packets with MPLS pw label TTL = 1 */ ) ) ) ) ), "multi-homing" ( /* Multi-homing configuration for FEC129 VPLS */ c( "peer-active" /* Keep CE interfaces in up state when all BGP peers go down */, "site" arg ( /* Sites connected to this provider equipment */ c( "identifier" arg /* Layer 2 VPN or VPLS multi-homing identifier */, "preference" ( /* Layer 2 VPN or VPLS multi-homing preference */ ("primary" | "backup" | arg) ), "active-interface" ( /* Configure interface to designate as active */ c( c( "any" /* One configured interface is designated active at random */, "primary" ( /* Interface to designate as active if it is operational */ interface_name /* Interface to designate as active if it is operational */ ) ) ) ), "interface" arg ( /* Interface that connects this site to the VPN */ c( "preference" arg /* Layer 2 VPN or VPLS multi-homing preference for the interface */ ) ), "peer-active" /* Keep CE interfaces in up state when all BGP peers go down */ ) ) ) ) ) end rule(:juniper_protocols_evi_options) do c( "isid" arg ( /* Per-evi options */ c( "vrf-target" ( /* VRF target community configuration */ c( arg /* Target community */ ) ) ) ) ) end rule(:juniper_protocols_pim_snooping) do c( "traceoptions" ( /* Trace options for PIM Snooping */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("packets" | "hello" | "join" | "prune" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "no-dr-flood" /* Disable default flooding of multicast data on the PIM designated router port */, "vlan" arg ( /* Vlan options */ c( "no-dr-flood" /* Disable default flooding of multicast data on the PIM DR port */ ) ) ) end rule(:juniper_ri_protocols_bfd) do c( "sbfd" ( /* Seamless BFD parameters */ c( "pool" arg /* List of seamless BFD endpoints */, "local-discriminator" arg ( /* Local discriminator for seamless BFD responder */ c( "minimum-receive-interval" arg /* Minimum receive interval for seamless BFD responder */, "local-ip-address" ( /* IPv4 source address */ ipv4addr /* IPv4 source address */ ) ) ) ) ) ) end rule(:juniper_ri_protocols_igmp_snooping) do c( "traceoptions" ( /* Trace options for IGMP Snooping */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("packets" | "query" | "report" | "leave" | "group" | "client-notification" | "host-notification" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "query-interval" arg /* When to send host query messages */, "l2-querier" ( /* Enable L2 querier mode */ c( "source-address" ( /* Source IP address to use for L2 querier */ ipv4addr /* Source IP address to use for L2 querier */ ) ) ), "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "learn-pim-router" /* Learn PIM router interfaces from PIM hellos */, "immediate-leave" /* Enable immediate group leave on interfaces */, "evpn-ssm-reports-only" /* Accept and process only reports of SSM groups */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv4addr /* Source IP address to use for proxy */ ), "irb" /* Proxy IGMP reports to IRB */ ) ), "interface" arg ( /* Interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "pseudowire-remote-address" arg ( /* Pseudowire interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */ ) ), "qualified-vlan" arg ( /* VLAN options for qualified-learning */ c( "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv4addr /* Source IP address to use for proxy */ ) ) ), "evpn-ssm-reports-only" /* Accept and process only reports of SSM groups */, "interface" arg ( /* Interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "pseudowire-remote-address" arg ( /* Pseudowire interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */ ) ) ) ), "vlan" arg ( /* Vlan options */ c( "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv4addr /* Source IP address to use for proxy */ ) ) ), "evpn-ssm-reports-only" /* Accept and process only reports of SSM groups */, "interface" arg ( /* Interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "pseudowire-remote-address" arg ( /* Pseudowire interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */ ) ), "qualified-vlan" arg ( /* VLAN options for qualified-learning */ c( "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv4addr /* Source IP address to use for proxy */ ) ) ), "evpn-ssm-reports-only" /* Accept and process only reports of SSM groups */, "interface" arg ( /* Interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "pseudowire-remote-address" arg ( /* Pseudowire interface options for IGMP */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */ ) ) ) ), "disable" ) ) ) end rule(:juniper_ri_protocols_mld_snooping) do c( "traceoptions" ( /* Trace options for MLD Snooping */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("packets" | "query" | "report" | "leave" | "group" | "client-notification" | "host-notification" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "query-interval" arg /* When to send host query messages */, "l2-querier" ( /* Enable L2 querier mode */ c( "source-address" ( /* Source IP address to use for L2 querier */ ipv6addr /* Source IP address to use for L2 querier */ ) ) ), "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "evpn-ssm-reports-only" /* Accept and process only reports of SSM groups */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv6addr /* Source IP address to use for proxy */ ), "irb" /* Proxy IGMP reports to IRB */ ) ), "interface" arg ( /* Interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "pseudowire-remote-address" arg ( /* Pseudowire interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */ ) ), "qualified-vlan" arg ( /* VLAN options for qualified-learning */ c( "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv6addr /* Source IP address to use for proxy */ ) ) ), "evpn-ssm-reports-only" /* Accept and process only reports of SSM groups */, "interface" arg ( /* Interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "pseudowire-remote-address" arg ( /* Pseudowire interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */ ) ) ) ), "vlan" arg ( /* Vlan options */ c( "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv6addr /* Source IP address to use for proxy */ ) ) ), "evpn-ssm-reports-only" /* Accept and process only reports of SSM groups */, "interface" arg ( /* Interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "pseudowire-remote-address" arg ( /* Pseudowire interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */ ) ), "qualified-vlan" arg ( /* VLAN options for qualified-learning */ c( "query-interval" arg /* When to send host query messages */, "query-response-interval" arg /* How long to wait for a host query response */, "query-last-member-interval" arg /* When to send group query messages */, "robust-count" arg /* Expected packet loss on a subnet */, "immediate-leave" /* Enable immediate group leave on interfaces */, "proxy" ( /* Enable proxy mode */ c( "source-address" ( /* Source IP address to use for proxy */ ipv6addr /* Source IP address to use for proxy */ ) ) ), "evpn-ssm-reports-only" /* Accept and process only reports of SSM groups */, "interface" arg ( /* Interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */, "host-only-interface" /* Enable interfaces to be treated as host-side interfaces */, "group-limit" arg /* Maximum number of (source,group) per interface */, "static" ( /* Static group or source membership */ c( "group" arg ( /* IP multicast group address */ c( "source" arg /* IP multicast source address */ ) ) ) ) ) ), "pseudowire-remote-address" arg ( /* Pseudowire interface options for MLD */ c( "multicast-router-interface" /* Enabling multicast-router-interface on the interface */, "immediate-leave" /* Enable immediate group leave on interfaces */ ) ) ) ) ) ) ) end rule(:juniper_routing_instance_pbb_options) do c( "peer-instance" arg /* Set the peer-pbbn routing instance */, "vlan-id" arg ( /* Set B-VLAN to ISID mapping */ sc( "isid-list" arg /* Configure ISID(Valid Range:256..16777214) for the B-VLAN */ ) ).as(:oneline), "default-bvlan" arg /* Default B-VLAN for all un-mapped ISIDs */ ) end rule(:juniper_routing_instance_service_groups) do arg.as(:arg) ( c( "service-type" ( /* Service type as ethernet LAN or point-to-point */ ("eline" | "elan") ), "pbb-service-options" ( /* Provider backbone instance service options */ c( "isid" arg ( /* ISID to S-VLAN configuration */ sc( c( "vlan-id-list" arg /* List of S-VLANs */, "interface" ( /* Point to point interface name */ interface_name /* Point to point interface name */ ) ) ) ).as(:oneline), "default-isid" arg /* Default ISID for all un-mapped S-VLANs */, "mac-address" ( /* Unicast or multicast mac address */ mac_addr /* Unicast or multicast mac address */ ), "source-bmac" ( /* Unicast Source B Mac address */ mac_addr /* Unicast Source B Mac address */ ) ) ) ) ) end rule(:juniper_routing_instance_switch_options) do c( "mac-table-size" ( /* Size of MAC address forwarding table */ c( arg, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop") ) ) ), "mac-ip-table-size" ( /* Size of MAC+IP bindings table */ c( arg ) ), "interface-mac-limit" ( /* Maximum MAC address learned per interface */ c( arg, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop" | "log" | "shutdown" | "drop-and-log") ) ) ), "interface-mac-ip-limit" ( /* Maximum MAC+IP bindings learned per interface */ c( arg ) ), "mac-notification" ( /* MAC notification options */ c( "notification-interval" arg /* Interval for sending MAC notifications */ ) ), "mac-table-aging-time" arg /* Delay for discarding MAC address if no updates are received */, "no-mac-learning" /* Disable dynamic MAC address learning */, "no-normalization" /* Disable vlan id normalization for interfaces */, "mac-statistics" /* Enable MAC address statistics */, "mib" ( /* Snmp mib options */ c( "dot1q-mib" ( /* Dot1q MIB configuration options */ c( "port-list" ( /* Port list for staticegressports and staticuntaggedports MIB */ ("bit-map" | "string") ) ) ) ) ), "static-rvtep-mac" ( /* Configure Static MAC and remote VxLAN tunnel endpoint entries */ c( "mac" ( /* Unicast MAC address */ s( arg, "remote-vtep" arg /* Configure static remote VXLAN tunnel endpoints */ ) ).as(:oneline) ) ), "service-id" arg /* Service ID required if multi-chassis AE is part of a bridge-domain */, "ovsdb-managed" /* All vxlan bridge domains in routing instance are remote managed */, "interface" arg ( /* Interface that connect this site to the VPN */ c( "interface-mac-limit" ( /* Maximum number of MAC addresses learned on the interface */ c( arg, "disable" /* Disable interface for interface-mac-limit */, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop" | "log" | "shutdown" | "drop-and-log") ) ) ), "action-priority" arg /* Blocking priority of this interface on mac move detection */, "static-mac" arg ( /* Static MAC addresses assigned to this interface */ c( "vlan-id" arg /* VLAN ID of learning VLAN */ ) ), "interface-mac-ip-limit" ( /* Maximum number of MAC+IP bindings learned on the interface */ c( arg ) ), "no-mac-learning" /* Disable dynamic MAC address learning */, "mac-pinning" /* Enable MAC pinning */, "persistent-learning" /* Enable persistent MAC learning on this interface */ ) ), "traceoptions" ( /* Layer 2 trace options for this routing instance */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("configuration" | "routing-socket" | "interface-device" | "interface-logical" | "interface-family" | "bridging-domain" | "bridge-interface" | "learning-domain" | "ipc" | "mac-learning" | "initialization" | "flood-next-hop" | "irb" | "vpls-ping" | "vpls-loop-prev" | "storm-control" | "unknown-unicast-forwarding" | "vxlan" | "all")) /* Type of operation or event to include in trace */.as(:oneline) ) ), "voip" ( /* Voice-over-IP configuration */ c( "interface" (arg | "access-ports") ( /* Enable voice over IP on this port */ c( "vlan" arg /* VLAN for voice over IP */, "forwarding-class" arg /* Forwarding class */ ) ) ) ), "unknown-unicast-forwarding" ( /* Set interface for forwarding of unknown unicast packets */ c( "vlan" arg ( /* VLAN for the unknown unicast packets */ c( "interface" ( /* Interface to send unknown unicast packets for the VLAN */ interface_name /* Interface to send unknown unicast packets for the VLAN */ ) ) ) ) ), "authentication-whitelist" arg ( /* MAC authentication-whitelist configuration needed to bypass Authentication */ c( "vlan-assignment" arg /* VLAN name or 802.1q tag for the MAC address */, "bridge-domain-assignment" arg /* Bridge-domain name or 802.1q tag for the MAC address */, "interface" ( /* Interface on which authentication is bypassed */ interface_name /* Interface on which authentication is bypassed */ ) ) ) ) end rule(:juniper_routing_options) do c( "rpm-tracking" ( /* RPM static route tracking options */ c( "route" arg ( /* Static Route */ c( "next-hop" ( /* Next hop to destination */ rpm_next_hop /* Next hop to destination */ ), "metric" arg /* Metric value */, "preference" arg /* Preference value */, "tag" arg /* Tag value */, "rpm-probe" arg ( sc( "rpm-test" arg /* RPM test to track */ ) ).as(:oneline) ) ) ) ), "logical-system-mux" ( /* Logical system control daemon information */ c( "traceoptions" ( /* Trace options */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("debug" | "parse" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ) ) ), "auto-bandwidth" ( /* Auto bandwidth */ c( "template" arg ( /* Auto bandwidth template */ c( "adjust-interval" arg /* Adjust interval */, "adjust-threshold" arg /* Percentage threshhold */, "statistic-collection-interval" arg /* Collection interval */, "auto-bandwidth-subscription" arg /* Percentage threshhold for subscription */ ) ), "traceoptions" ( /* Trace options for sr stats */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("all" | "timer" | "state")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ) ) ), "backup-selection" ( /* Backup selection options */ c( "destination" arg ( /* IP/IPv6 prefix for which backup selection policy is configured */ c( "interface" arg ( /* Primary nexthop interface for which backup selection policy is configured */ c( "admin-group" ( /* Administrative group policies for backup-selection */ c( "exclude" arg /* Do not use interface if any admin group available */, "include-all" arg /* Use interface if admin groups available entirely */, "include-any" arg /* Use interface if any admin group is available */, "preference" arg /* Administrative groups in descending preference order */ ) ), "srlg" ( /* Evaluate Shared Risk Link Group(SRLG) characteristics for backup selection */ ("loose" | "strict") ), "protection-type" ( /* Type of protection to be considered */ ("link" | "node" | "node-link") ), "downstream-paths-only" /* Choose only the downstream nodes for backup */, "bandwidth-greater-equal-primary" /* Use backup nexthop only if bandwidth is >= bandwidth of primary nexthop */, "backup-neighbor" ( /* Backup Neighbor ID based policies for backup selection */ c( "exclude" ( /* List of backup neighbors to be excluded */ ipv4addr /* List of backup neighbors to be excluded */ ), "preference" ( /* List of backup neighbors in descending order preference */ ipv4addr /* List of backup neighbors in descending order preference */ ) ) ), "node" ( /* Node ID based policies for backup selection */ c( "exclude" ( /* List of nodes to be excluded */ ipv4addr /* List of nodes to be excluded */ ), "preference" ( /* List of nodes in the descending order of preference */ ipv4addr /* List of nodes in the descending order of preference */ ) ) ), "node-tag" ( /* Node tag policies */ c( "exclude" arg /* The set of node tags to be excluded */, "preference" arg /* The set of node tags in the descending order of preference */ ) ), "root-metric" ( /* Root metric */ ("lowest" | "highest") ), "dest-metric" ( /* Destination metric */ ("lowest" | "highest") ), "metric-order" ( /* Metric evaluation order */ ("root" | "dest") ), "evaluation-order" ( /* Interface policy criteria evaluation order */ ("admin-group" | "srlg" | "bandwidth" | "protection-type" | "backup-neighbor" | "node" | "node-tag" | "metric") ) ) ) ) ) ) ), "flex-algorithm" arg ( /* Configure flex-algorithms supported by this node. */ c( "definition" ( /* Configure flex-algorithm definition. */ c( "metric-type" ( ("igp-metric" | "te-metric" | "delay-metric") ), c( "spf" /* Normal SPF of type 0 */, "strict-spf" /* Strict SPF */ ), "use-flex-algorithm-prefix-metric" /* Set M flag in the flex-algorithm definition flags */, "priority" arg /* Priority of the flex-algorithm advertisement. */, "admin-group" ( /* Administrative group policy */ admin_group_include_exclude /* Administrative group policy */ ) ) ), "color" arg /* Color to be associated with this flex-algorithm */, "use-transport-class" /* Install ingress routes via transport class RIBs */ ) ), "source-packet-routing" ( /* Source packet routing (SPRING) */ c( "mapping-server-entry" arg ( /* Mapping server entry */ c( "prefix-segment" arg ( /* Prefix segment */ c( "index" arg /* Prefix segment index */, "attached" /* Set attached flag in IS-IS mapping server advertisement */, "domain-wide-flooding" /* Set S-flag in IS-IS mapping server advertisement */, "no-node-segment" /* Clear node segment flag in mapping server prefix segment */ ) ), "prefix-segment-range" arg ( /* Prefix segment range */ c( "start-prefix" ( /* Start prefix */ ipprefix /* Start prefix */ ), "start-index" arg /* Start index */, "size" arg /* Size of prefix segment range */, "attached" /* Set attached flag in IS-IS mapping server advertisement */, "domain-wide-flooding" /* Set S-flag in IS-IS mapping server advertisement */, "no-node-segment" /* Clear node segment flag in mapping server prefix segment */ ) ) ) ), "srv6" ( /* SRv6 source-packet-routing */ c( "locator" arg ( c( "algorithm" arg /* Algorithm associated with this locator */, ipv6prefix /* Configure Locator Service for SRv6 */ ) ), "no-reduced-srh" /* SRv6 Encapsulation mode non reduced SRH */, "transit-srh-insert" /* SRv6 SRH insert mode on transit */ ) ) ) ), "route-distinguisher-id" ( /* Identifier used in route distinguishers for routing instances */ ipv4addr /* Identifier used in route distinguishers for routing instances */ ), "rib" arg ( /* Routing table options */ c( "static" ( /* Static routes */ c( "rib-group" arg /* Routing table group */, "defaults" ( /* Global route options */ c( "retain" /* Always keep route in forwarding table */, "no-retain" /* Don't always keep route in forwarding table */, "install" /* Install route into forwarding table */, "no-install" /* Don't install route into forwarding table */, "readvertise" /* Mark route as eligible to be readvertised */, "no-readvertise" /* Don't mark route as eligible to be readvertised */, "resolve" /* Allow resolution of indirectly connected next hops */, "no-resolve" /* Don't allow resolution of indirectly connected next hops */, "longest-match" /* Always use longest prefix match to resolve next hops */, "no-longest-match" /* Don't always use longest prefix match to resolve next hops */, c( "active" /* Remove inactive route from forwarding table */, "passive" /* Retain inactive route in forwarding table */ ), "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ) ) ), "route" arg ( /* Static route */ c( c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "reject" /* Drop packets to destination; send ICMP unreachables */, "discard" /* Drop packets to destination; send no ICMP unreachables */, "receive" /* Install a receive route for the destination */, "next-table" arg /* Next hop to another table */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ), "backup-pe-group" arg /* Multicast source redundancy group */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "neighbor" ( /* BFD neighbor address */ ipaddr /* BFD neighbor address */ ), "local-address" ( /* BFD local address (for multihop only) */ ipaddr /* BFD local address (for multihop only) */ ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */, "minimum-receive-ttl" arg /* Minimum receive TTL below which to drop */ ) ), "retain" /* Always keep route in forwarding table */, "no-retain" /* Don't always keep route in forwarding table */, "install" /* Install route into forwarding table */, "no-install" /* Don't install route into forwarding table */, "readvertise" /* Mark route as eligible to be readvertised */, "no-readvertise" /* Don't mark route as eligible to be readvertised */, "resolve" /* Allow resolution of indirectly connected next hops */, "no-resolve" /* Don't allow resolution of indirectly connected next hops */, "longest-match" /* Always use longest prefix match to resolve next hops */, "no-longest-match" /* Don't always use longest prefix match to resolve next hops */, c( "active" /* Remove inactive route from forwarding table */, "passive" /* Retain inactive route in forwarding table */ ), "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ), "lsp-next-hop" ( /* LSP next hop */ lsp_nh_obj /* LSP next hop */ ), "p2mp-lsp-next-hop" ( /* Point-to-multipoint LSP next hop */ lsp_nh_obj /* Point-to-multipoint LSP next hop */ ), "spring-te-lsp-next-hop" ( /* SPRING-TE LSP next hop */ springte_lsp_nh_obj /* SPRING-TE LSP next hop */ ), "p2mp-ldp-next-hop" ( /* Point-to-multipoint LDP LSP next hop */ p2mp_ldp_lsp_nh_obj /* Point-to-multipoint LDP LSP next hop */ ), "static-lsp-next-hop" ( /* Static LSP next hop */ lsp_nh_obj /* Static LSP next hop */ ) ) ), "static-route" ( /* Static route Status */ sc( "bfd-admin-down" ( /* Static route State on BFD ADMIN DOWN */ ("active" | "passive") ) ) ).as(:oneline), "iso-route" arg ( /* ISO family static route */ c( c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "reject" /* Drop packets to destination; send ICMP unreachables */, "discard" /* Drop packets to destination; send no ICMP unreachables */, "receive" /* Install a receive route for the destination */, "next-table" arg /* Next hop to another table */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ), "backup-pe-group" arg /* Multicast source redundancy group */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "neighbor" ( /* BFD neighbor address */ ipaddr /* BFD neighbor address */ ), "local-address" ( /* BFD local address (for multihop only) */ ipaddr /* BFD local address (for multihop only) */ ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */, "minimum-receive-ttl" arg /* Minimum receive TTL below which to drop */ ) ), "retain" /* Always keep route in forwarding table */, "no-retain" /* Don't always keep route in forwarding table */, "install" /* Install route into forwarding table */, "no-install" /* Don't install route into forwarding table */, "readvertise" /* Mark route as eligible to be readvertised */, "no-readvertise" /* Don't mark route as eligible to be readvertised */, "resolve" /* Allow resolution of indirectly connected next hops */, "no-resolve" /* Don't allow resolution of indirectly connected next hops */, "longest-match" /* Always use longest prefix match to resolve next hops */, "no-longest-match" /* Don't always use longest prefix match to resolve next hops */, c( "active" /* Remove inactive route from forwarding table */, "passive" /* Retain inactive route in forwarding table */ ), "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ), "lsp-next-hop" ( /* LSP next hop */ lsp_nh_obj /* LSP next hop */ ), "p2mp-lsp-next-hop" ( /* Point-to-multipoint LSP next hop */ lsp_nh_obj /* Point-to-multipoint LSP next hop */ ), "spring-te-lsp-next-hop" ( /* SPRING-TE LSP next hop */ springte_lsp_nh_obj /* SPRING-TE LSP next hop */ ), "p2mp-ldp-next-hop" ( /* Point-to-multipoint LDP LSP next hop */ p2mp_ldp_lsp_nh_obj /* Point-to-multipoint LDP LSP next hop */ ) ) ), "route-target-filter" arg ( /* Route-target-filter route */ c( "neighbor" arg /* BGP peers for filter */, "group" arg /* BGP groups for filter */, "local" /* Locally originated filter */ ) ) ) ), "martians" ( /* Invalid routes */ martian_type /* Invalid routes */ ), "aggregate" ( /* Coalesced routes */ rib_aggregate_type /* Coalesced routes */ ), "generate" ( /* Route of last resort */ rib_aggregate_type /* Route of last resort */ ), c( "maximum-routes" ( /* Maximum number of routes */ sc( arg, c( "threshold" arg /* Percentage of limit at which to start generating warnings */, "log-only" /* Generate warning messages only */ ), "log-interval" arg /* Minimum interval between log messages */ ) ).as(:oneline), "maximum-paths" ( /* Maximum number of paths */ sc( arg, c( "threshold" arg /* Percentage of limit at which to start generating warnings */, "log-only" /* Generate warning messages only */ ), "log-interval" arg /* Minimum interval between log messages */ ) ).as(:oneline) ), "maximum-prefixes" ( /* Maximum number of prefixes */ sc( arg, c( "threshold" arg /* Percentage of limit at which to start generating warnings */, "log-only" /* Generate warning messages only */ ), "log-interval" arg /* Minimum interval between log messages */ ) ).as(:oneline), "multipath" ( /* Protocol-independent load balancing */ c( "vpn-unequal-cost" ( /* Include VPN routes with unequal IGP metrics */ sc( "equal-external-internal" /* Include external and internal VPN routes */ ) ).as(:oneline), "as-path-compare" /* Compare AS path sequences in addition to AS path length */, "preserve-nexthop-hierarchy" /* Force multipath to create List nexthop */ ) ), "policy-multipath" ( /* Policy based multipath */ c( "policy" ( /* Import policy to create policy based multipath */ policy_algebra /* Import policy to create policy based multipath */ ), "traceoptions" ( /* Trace options */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("route")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ) ) ), "protect" ( /* Protocol-independent protection */ sc( "core" /* Protect against unreachability to service-edge router */ ) ).as(:oneline), "access" ( /* Access routes */ c( "route" arg ( /* Access route */ c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ), "metric" arg /* Metric value */, "preference" arg /* Preference value */, "tag" arg /* Tag string */, "tag2" arg /* Tag2 string */ ) ) ) ), "access-internal" ( /* Access-internal routes */ c( "route" arg ( /* Access-internal route */ c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ) ) ) ) ), "bgp-static" ( /* Routes for BGP static advertisements */ c( "route" arg ( /* BGP-static route */ c( "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ) ) ) ) ), "flow" ( /* Locally defined flow routing information */ c( "validation" ( /* Flow route validation options */ flow_validation /* Flow route validation options */ ), "route" ( /* Flow route */ flow_route_inet6 /* Flow route */ ), "security-group" arg ( /* Security groups */ c( "rule" ( /* Flow route */ flow_rule_inet6 /* Flow route */ ) ) ), "interface-group" ( /* Interface-group for applying flow-spec filter */ flow_interface_group /* Interface-group for applying flow-spec filter */ ), "discard-action-for-unresolved-redir-addr" /* For action redirect IP if redirect address is unresolved install discard action filter */, "per-route-accounting" /* Enable traffic accounting per flowspec route */, "no-per-route-accounting" /* Don't enable traffic accounting per flowspec route */ ) ), "label" ( /* Label processing */ c( "allocation" ( /* Label allocation policy */ policy_algebra /* Label allocation policy */ ), "substitution" ( /* Label substitution policy */ policy_algebra /* Label substitution policy */ ) ) ) ) ), "label" ( /* Label processing */ c( "allocation" ( /* Label allocation policy */ policy_algebra /* Label allocation policy */ ), "substitution" ( /* Label substitution policy */ policy_algebra /* Label substitution policy */ ) ) ), "options" ( /* Miscellaneous options */ c( "no-send" /* Listen only; do not send protocol packets */, "no-resolve" /* Do not use DNS name resolution */, "syslog" ( /* Set system logging level */ c( "level" ( /* Logging level */ sc( "emergency" /* Emergency level */, "alert" /* Alert level */, "critical" /* Critical level */, "error" /* Error level */, "warning" /* Warning level */, "notice" /* Notice level */, "info" /* Informational level */, "debug" /* Debugging level */ ) ).as(:oneline), "upto" ( /* Log up to a particular logging level */ ("emergency" | "alert" | "critical" | "error" | "warning" | "notice" | "info" | "debug") ) ) ), "mark" arg /* Periodically mark the trace file */ ) ), "resolution" ( /* Route next-hop resolution options */ c( "tracefilter" ( /* Filter policy */ policy_algebra /* Filter policy */ ), "traceoptions" ( /* Trace options */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("event" | "flash" | "kernel" | "indirect" | "task" | "igp-frr" | "igp-frr-extensive" | "tunnel" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "preserve-nexthop-hierarchy" /* Preserve nexthop hierarchy when installing nexthop to forwarding plane */, "no-preserve-nexthop-hierarchy" /* Don't preserve nexthop hierarchy when installing nexthop to forwarding plane */, "rib" arg ( /* Routing table resolution options */ c( "resolution-family" arg /* Family of resultion tree */, "resolution-ribs" arg /* Routing tables to use for default routing table family resolution */, "inet-resolution-ribs" arg /* Routing tables to use for ipv4 family protocol-next-hop resolution */, "inet6-resolution-ribs" arg /* Routing tables to use for ipv6 family protocol-next-hop resolution */, "iso-resolution-ribs" arg /* Routing tables to use for iso family protocol-next-hop resolution */, "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "inet-import" ( /* Import policy for IPV4 family resolution tree */ policy_algebra /* Import policy for IPV4 family resolution tree */ ), "inet6-import" ( /* Import policy for IPV6 family resolution tree */ policy_algebra /* Import policy for IPV6 family resolution tree */ ), "iso-import" ( /* Import policy for ISO family resolution tree */ policy_algebra /* Import policy for ISO family resolution tree */ ), "inetcolor-import" ( /* Import policy for INETCOLOR family resolution tree */ policy_algebra /* Import policy for INETCOLOR family resolution tree */ ), "inet6color-import" ( /* Import policy for INET6COLOR family resolution tree */ policy_algebra /* Import policy for INET6COLOR family resolution tree */ ) ) ), "prefer-recursive-primary-path" /* Prefer primary path to resolve nexthop during recursive-resolution */, "no-prefer-recursive-primary-path" /* Don't prefer primary path to resolve nexthop during recursive-resolution */, "scheme" arg ( /* Nexthop resolution fallback */ c( "resolution-ribs" arg /* Routing tables to use for nexthop resolution, in fallback order */, "mapping-community" ( /* Community on service-route that maps to this transport */ community /* Community on service-route that maps to this transport */ ) ) ) ) ), "interface-routes" ( /* Define routing table groups for interface routes */ c( "rib-group" ( /* Routing table group */ rib_group_type /* Routing table group */ ), "family" enum(("inet" | "inet6")) ( /* Address family */ c( "import" ( /* Import policy */ policy_algebra /* Import policy */ ), "export" ( /* Control exportability of local routes */ c( "point-to-point" /* Make point-to-point routes exportable */, "lan" /* Make LAN routes exportable */ ) ) ) ) ) ), "loopback-strict-disable" /* Completely disable lo0 host prefix when in admin-down state */, "traceoptions" ( /* Global routing protocol trace options */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("parse" | "regex-parse" | "config-internal" | "nsr-synchronization" | "condition-manager" | "graceful-restart" | "session" | "hfrr-fsm" | "hfrr-route" | "statistics-id-group" | "route-record" | "jvision-lsp" | "dyn-nh-template" | "read-route" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "topologies" ( /* Define routing topologies */ c( "family" enum(("inet" | "inet6")) ( /* Address family */ c( "topology" arg ( /* Topology information */ c( "table-id" arg /* Table-id */ ) ) ) ) ) ), "router-id" ( /* Router identifier */ ipv4addr /* Router identifier */ ), "autonomous-system" ( /* Autonomous system number */ sc( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, "loops" arg /* Maximum number of times this AS can be in an AS path */, "asdot-notation" /* Use AS-Dot notation to display true 4 byte AS numbers */, "independent-domain" ( /* Independent autonomous-system domain from master instance */ sc( "no-attrset" /* Do not tunnel ce bgp attributes across provider network */.as(:oneline) ) ).as(:oneline) ) ).as(:oneline), "confederation" ( /* Confederation autonomous system number */ sc( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, "members" arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */ ) ).as(:oneline), "ipv6-router-id" arg /* IPv6 router identifier */, "graceful-restart" ( /* Graceful or hitless routing restart options */ c( ("disable"), "restart-duration" arg /* Maximum time for which router is in graceful restart */ ) ), "flow" ( /* Locally defined flow routing information */ c( "firewall-install-disable" /* Disable installing flowspec firewall filters in dfwd */, "per-route-accounting" /* Enable traffic accounting per flowspec route */, "no-per-route-accounting" /* Don't enable traffic accounting per flowspec route */, "validation" ( /* Flow route validation options */ flow_validation /* Flow route validation options */ ), "interface-group" ( /* Interface-group for applying flow-spec filter */ flow_interface_group /* Interface-group for applying flow-spec filter */ ), "route" ( /* Flow route */ flow_route_inet /* Flow route */ ), "term-order" ( /* Term evaluation order for flow routes */ ("legacy" | "standard") ), "discard-action-for-unresolved-redir-addr" /* For action redirect IP if redirect address is unresolved install discard action filter */, "security-group" arg ( /* Security groups */ c( "rule" ( /* Flow route */ flow_rule_inet /* Flow route */ ) ) ) ) ), "no-soft-core" /* Disable soft assert to generate core and just log the event */, "med-igp-update-interval" arg /* Delay (in minutes) in updating MED IGP for bgp groups with 'delay-med-update' */, "bmp" ( /* BGP Monitoring Protocol (BMP) configuration */ c( "authentication-key" arg /* MD5 authentication key */, "authentication-algorithm" ( /* Authentication algorithm name */ ("md5" | "hmac-sha-1-96" | "aes-128-cmac-96" | "ao") ), "tcpao-auth-mismatch" ( /* Continue without TCP-AO if any one TCP endpoint does not have TCP-AO configured */ ("allow-without-tcpao") ), "authentication-key-chain" arg /* Key chain name */, "hold-down" ( sc( arg, "flaps" arg /* Number of flaps before damping */, "period" arg /* Time period for flaps */ ) ).as(:oneline), "initiation-message" arg /* User string sent with the initiation message */, "local-address" ( /* Address of local end of BMP session */ ipaddr /* Address of local end of BMP session */ ), "local-port" arg /* Local port for listening */, "connection-mode" ( /* Specify active or passive */ ("active" | "passive") ), "priority" ( /* Relative dispatch priority */ ("low" | "medium" | "high") ), "monitor" ( /* Enable/Disable monitoring */ ("enable" | "disable") ), "route-monitoring" ( /* Control route monitoring settings */ c( "none" /* Do not send route monitoring messages */, "loc-rib" /* Send local-rib route monitoring messages */, "pre-policy" ( /* Send pre policy route monitoring messages */ sc( "exclude-non-feasible" /* Exclude looped routes, etc */ ) ).as(:oneline), "post-policy" ( /* Send post policy route monitoring messages */ sc( "exclude-non-eligible" /* Exclude unresolved routes, etc. */ ) ).as(:oneline), "rib-out" ( /* Send adj-ribs-out route monitoring messages */ sc( "pre-policy" /* Send pre-policy adj-ribs-out route monitoring messages */, "post-policy" /* Send post-policy adj-ribs-out route monitoring messages */ ) ).as(:oneline) ) ), "max-loc-rib-buffer-count" arg /* Max number of loc-rib outstanding buffers before blocking */, "station-address" ( /* Address/name of monitoring station */ ipaddr /* Address/name of monitoring station */ ), "routing-instance" ( /* Routing-instance through which BMP station is reachable */ ("default" | arg) ), "station-port" arg /* Port of monitoring station */, "statistics-timeout" arg /* Statistics message timer, 15-65535, or 0 for no messages */, "traceoptions" ( /* Trace options */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("packets" | "up" | "down" | "statistics" | "route-monitoring" | "event" | "error" | "write" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Trace flag information */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "station" arg ( /* Define a BMP station */ c( "authentication-key" arg /* MD5 authentication key */, "authentication-algorithm" ( /* Authentication algorithm name */ ("md5" | "hmac-sha-1-96" | "aes-128-cmac-96" | "ao") ), "tcpao-auth-mismatch" ( /* Continue without TCP-AO if any one TCP endpoint does not have TCP-AO configured */ ("allow-without-tcpao") ), "authentication-key-chain" arg /* Key chain name */, "hold-down" ( sc( arg, "flaps" arg /* Number of flaps before damping */, "period" arg /* Time period for flaps */ ) ).as(:oneline), "initiation-message" arg /* User string sent with the initiation message */, "local-address" ( /* Address of local end of BMP session */ ipaddr /* Address of local end of BMP session */ ), "local-port" arg /* Local port for listening */, "connection-mode" ( /* Specify active or passive */ ("active" | "passive") ), "priority" ( /* Relative dispatch priority */ ("low" | "medium" | "high") ), "monitor" ( /* Enable/Disable monitoring */ ("enable" | "disable") ), "route-monitoring" ( /* Control route monitoring settings */ c( "none" /* Do not send route monitoring messages */, "loc-rib" /* Send local-rib route monitoring messages */, "pre-policy" ( /* Send pre policy route monitoring messages */ sc( "exclude-non-feasible" /* Exclude looped routes, etc */ ) ).as(:oneline), "post-policy" ( /* Send post policy route monitoring messages */ sc( "exclude-non-eligible" /* Exclude unresolved routes, etc. */ ) ).as(:oneline), "rib-out" ( /* Send adj-ribs-out route monitoring messages */ sc( "pre-policy" /* Send pre-policy adj-ribs-out route monitoring messages */, "post-policy" /* Send post-policy adj-ribs-out route monitoring messages */ ) ).as(:oneline) ) ), "max-loc-rib-buffer-count" arg /* Max number of loc-rib outstanding buffers before blocking */, "station-address" ( /* Address/name of monitoring station */ ipaddr /* Address/name of monitoring station */ ), "routing-instance" ( /* Routing-instance through which BMP station is reachable */ ("default" | arg) ), "station-port" arg /* Port of monitoring station */, "statistics-timeout" arg /* Statistics message timer, 15-65535, or 0 for no messages */, "traceoptions" ( /* Trace options */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("packets" | "up" | "down" | "statistics" | "route-monitoring" | "event" | "error" | "write" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Trace flag information */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ) ) ) ) ), "bgp-orf-cisco-mode" /* Using BGP ORF capability code 130 and Prefix ORF type 128 */, "highwatermark-log-interval" arg /* High watermark log interval (default 30 seconds) */, "time-averaged-watermark-interval" arg /* For calculating average watermark */, "ppm" ( /* Set periodic packet management properties */ c( "delegate-processing" /* Enable distribution of PPM sessions */, "no-delegate-processing" /* Disable PPM sessions distribution */, "inline-processing-enable" /* Enable PPM session inline distribution */, "inline-ae-processing-enable" /* Enable PPM session inline distribution on AE */, "redistribution-timer" arg /* Time to wait after switchover before starting timers */ ) ), "no-bfd-triggered-local-repair" /* Disable bfd triggered local repair */, "enable-sensors" /* Enable Sensor for MX/PTX/QFX/EX/ACX */, "maximum-ecmp" ( /* Maximum ECMP limit for nexthops */ ("16" | "32" | "64" | "96" | "128" | "160" | "192" | "224" | "256" | "288" | "320" | "352" | "384" | "416" | "448" | "480" | "512") ), "static" ( /* Static routes */ c( "rib-group" arg /* Routing table group */, "defaults" ( /* Global route options */ c( "retain" /* Always keep route in forwarding table */, "no-retain" /* Don't always keep route in forwarding table */, "install" /* Install route into forwarding table */, "no-install" /* Don't install route into forwarding table */, "readvertise" /* Mark route as eligible to be readvertised */, "no-readvertise" /* Don't mark route as eligible to be readvertised */, "resolve" /* Allow resolution of indirectly connected next hops */, "no-resolve" /* Don't allow resolution of indirectly connected next hops */, "longest-match" /* Always use longest prefix match to resolve next hops */, "no-longest-match" /* Don't always use longest prefix match to resolve next hops */, c( "active" /* Remove inactive route from forwarding table */, "passive" /* Retain inactive route in forwarding table */ ), "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ) ) ), "route" arg ( /* Static route */ c( c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "reject" /* Drop packets to destination; send ICMP unreachables */, "discard" /* Drop packets to destination; send no ICMP unreachables */, "receive" /* Install a receive route for the destination */, "next-table" arg /* Next hop to another table */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ), "backup-pe-group" arg /* Multicast source redundancy group */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "neighbor" ( /* BFD neighbor address */ ipaddr /* BFD neighbor address */ ), "local-address" ( /* BFD local address (for multihop only) */ ipaddr /* BFD local address (for multihop only) */ ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */, "minimum-receive-ttl" arg /* Minimum receive TTL below which to drop */ ) ), "retain" /* Always keep route in forwarding table */, "no-retain" /* Don't always keep route in forwarding table */, "install" /* Install route into forwarding table */, "no-install" /* Don't install route into forwarding table */, "readvertise" /* Mark route as eligible to be readvertised */, "no-readvertise" /* Don't mark route as eligible to be readvertised */, "resolve" /* Allow resolution of indirectly connected next hops */, "no-resolve" /* Don't allow resolution of indirectly connected next hops */, "longest-match" /* Always use longest prefix match to resolve next hops */, "no-longest-match" /* Don't always use longest prefix match to resolve next hops */, c( "active" /* Remove inactive route from forwarding table */, "passive" /* Retain inactive route in forwarding table */ ), "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ), "lsp-next-hop" ( /* LSP next hop */ lsp_nh_obj /* LSP next hop */ ), "p2mp-lsp-next-hop" ( /* Point-to-multipoint LSP next hop */ lsp_nh_obj /* Point-to-multipoint LSP next hop */ ), "spring-te-lsp-next-hop" ( /* SPRING-TE LSP next hop */ springte_lsp_nh_obj /* SPRING-TE LSP next hop */ ), "p2mp-ldp-next-hop" ( /* Point-to-multipoint LDP LSP next hop */ p2mp_ldp_lsp_nh_obj /* Point-to-multipoint LDP LSP next hop */ ), "static-lsp-next-hop" ( /* Static LSP next hop */ lsp_nh_obj /* Static LSP next hop */ ) ) ), "static-route" ( /* Static route Status */ sc( "bfd-admin-down" ( /* Static route State on BFD ADMIN DOWN */ ("active" | "passive") ) ) ).as(:oneline), "iso-route" arg ( /* ISO family static route */ c( c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "reject" /* Drop packets to destination; send ICMP unreachables */, "discard" /* Drop packets to destination; send no ICMP unreachables */, "receive" /* Install a receive route for the destination */, "next-table" arg /* Next hop to another table */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ), "backup-pe-group" arg /* Multicast source redundancy group */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "neighbor" ( /* BFD neighbor address */ ipaddr /* BFD neighbor address */ ), "local-address" ( /* BFD local address (for multihop only) */ ipaddr /* BFD local address (for multihop only) */ ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */, "minimum-receive-ttl" arg /* Minimum receive TTL below which to drop */ ) ), "retain" /* Always keep route in forwarding table */, "no-retain" /* Don't always keep route in forwarding table */, "install" /* Install route into forwarding table */, "no-install" /* Don't install route into forwarding table */, "readvertise" /* Mark route as eligible to be readvertised */, "no-readvertise" /* Don't mark route as eligible to be readvertised */, "resolve" /* Allow resolution of indirectly connected next hops */, "no-resolve" /* Don't allow resolution of indirectly connected next hops */, "longest-match" /* Always use longest prefix match to resolve next hops */, "no-longest-match" /* Don't always use longest prefix match to resolve next hops */, c( "active" /* Remove inactive route from forwarding table */, "passive" /* Retain inactive route in forwarding table */ ), "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ), "lsp-next-hop" ( /* LSP next hop */ lsp_nh_obj /* LSP next hop */ ), "p2mp-lsp-next-hop" ( /* Point-to-multipoint LSP next hop */ lsp_nh_obj /* Point-to-multipoint LSP next hop */ ), "spring-te-lsp-next-hop" ( /* SPRING-TE LSP next hop */ springte_lsp_nh_obj /* SPRING-TE LSP next hop */ ), "p2mp-ldp-next-hop" ( /* Point-to-multipoint LDP LSP next hop */ p2mp_ldp_lsp_nh_obj /* Point-to-multipoint LDP LSP next hop */ ) ) ), "route-target-filter" arg ( /* Route-target-filter route */ c( "neighbor" arg /* BGP peers for filter */, "group" arg /* BGP groups for filter */, "local" /* Locally originated filter */ ) ) ) ), "martians" ( /* Invalid routes */ martian_type /* Invalid routes */ ), "aggregate" ( /* Coalesced routes */ rib_aggregate_type /* Coalesced routes */ ), "generate" ( /* Route of last resort */ rib_aggregate_type /* Route of last resort */ ), c( "maximum-routes" ( /* Maximum number of routes */ sc( arg, c( "threshold" arg /* Percentage of limit at which to start generating warnings */, "log-only" /* Generate warning messages only */ ), "log-interval" arg /* Minimum interval between log messages */ ) ).as(:oneline), "maximum-paths" ( /* Maximum number of paths */ sc( arg, c( "threshold" arg /* Percentage of limit at which to start generating warnings */, "log-only" /* Generate warning messages only */ ), "log-interval" arg /* Minimum interval between log messages */ ) ).as(:oneline) ), "maximum-prefixes" ( /* Maximum number of prefixes */ sc( arg, c( "threshold" arg /* Percentage of limit at which to start generating warnings */, "log-only" /* Generate warning messages only */ ), "log-interval" arg /* Minimum interval between log messages */ ) ).as(:oneline), "multipath" ( /* Protocol-independent load balancing */ c( "vpn-unequal-cost" ( /* Include VPN routes with unequal IGP metrics */ sc( "equal-external-internal" /* Include external and internal VPN routes */ ) ).as(:oneline), "as-path-compare" /* Compare AS path sequences in addition to AS path length */, "preserve-nexthop-hierarchy" /* Force multipath to create List nexthop */ ) ), "policy-multipath" ( /* Policy based multipath */ c( "policy" ( /* Import policy to create policy based multipath */ policy_algebra /* Import policy to create policy based multipath */ ), "traceoptions" ( /* Trace options */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("route")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ) ) ), "protect" ( /* Protocol-independent protection */ sc( "core" /* Protect against unreachability to service-edge router */ ) ).as(:oneline), "access" ( /* Access routes */ c( "route" arg ( /* Access route */ c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ), "metric" arg /* Metric value */, "preference" arg /* Preference value */, "tag" arg /* Tag string */, "tag2" arg /* Tag2 string */ ) ) ) ), "access-internal" ( /* Access-internal routes */ c( "route" arg ( /* Access-internal route */ c( "next-hop" ( /* Next hop to destination */ ipaddr_or_interface /* Next hop to destination */ ), "qualified-next-hop" ( /* Next hop with qualifiers */ qualified_nh_obj /* Next hop with qualifiers */ ) ) ) ) ), "bgp-static" ( /* Routes for BGP static advertisements */ c( "route" arg ( /* BGP-static route */ c( "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ) ) ) ) ), "rib-groups" ( /* Group of routing tables */ rpd_rib_group_type /* Group of routing tables */ ), "route-record" /* Enable route recording */, "localized-fib" ( /* Localize vrf routing-instance routes to specific FPC hardware */ c( "fpc-slot" arg /* Local FPC list */ ) ), "instance-import" ( /* Import policy for instance RIBs */ policy_algebra /* Import policy for instance RIBs */ ), "instance-export" ( /* Export policy for instance RIBs */ policy_algebra /* Export policy for instance RIBs */ ), "auto-export" ( /* Export routes between routing instances */ c( ("disable"), "traceoptions" ( /* Trace options */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("export" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "family" ( c( "inet" ( /* IPv4 parameters */ export_af_obj /* IPv4 parameters */ ), "inet6" ( /* IPv6 parameters */ export_af_obj /* IPv6 parameters */ ), "iso" ( /* ISO parameters */ export_af_obj /* ISO parameters */ ) ) ) ) ), "transport-class" ( /* Transport layer options */ c( "auto-create" /* Auto create on color discovery */, "name" arg ( /* Transport layer collecting Tunnels with similar characteristics */ c( "color" arg /* Color(0..4294967295). This auto derives the Mapping Community and Route Target */ ) ) ) ), "dynamic-tunnels" ( /* Dynamic tunnel definitions */ c( "tunnel-attributes" arg ( /* Dynamic tunnel attributes definition */ c( "dynamic-tunnel-source-prefix" ( /* Tunnel source address */ ipaddr /* Tunnel source address */ ), "dynamic-tunnel-type" ( ("GRE" | "V4oV6" | "UDP" | "BGP-SIGNAL") ), "dynamic-tunnel-mtu" arg /* Dynamic Tunnel MTU value */, "dynamic-tunnel-gre-key" arg /* RFC 2890 Dynamic Tunnel GRE Key */, "dynamic-tunnel-anchor-pfe" arg /* Dynamic Tunnel anchor PFE name of format pfe-x/y/z */, "dynamic-tunnel-anti-spoof" ( ("on" | "off") ), "dynamic-tunnel-reassembly" ( ("on" | "off") ) ) ), "forwarding-rib" arg ( /* Forwarding routing table for dynamic-tunnel */ c( "inet-import" ( /* Import policy for V4 dynamic-tunnel */ policy_algebra /* Import policy for V4 dynamic-tunnel */ ) ) ), "statistics" ( /* Fetch traffic statistics for dynamic tunnels */ c( "interval" arg /* Time after which statistics has to be fetched */ ) ), "traceoptions" ( /* Trace options */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("kernel" | "tunnel" | "task" | "tunnel-event" | "flash-event" | "stats-job" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "v4ov6" ( /* Enable dynamic tunnel V4oV6 mode */ ("ipv6-anycast-source-duplication") ), "gre" ( /* Enable dynamic gre tunnel mode */ ("next-hop-based-tunnel") ), "signal-tunnel-preference" ( /* Set tunnel preference for signalled tunnels */ c( "gre" arg /* Preference of GRE signalled tunnels */, "udp" arg /* Preference of UDP signalled tunnels */, "ipip" arg /* Preference of IPIP signalled tunnels */ ) ), dynamic_tunnel_type ) ), "interface" arg ( /* Direct/Host route FRR protection */ c( "arp-prefix-limit" arg /* Max ARP/Host FRR routes allowed */, "supplementary-blackout-timer" arg /* ARP plimit blackout timer = kernel ARP timeout + supplementary-blackout-timer minutes. */, c( "link-protection" /* Protect interface from link faults only */ ) ) ), "host-fast-reroute" ( /* Host Fast Re-route global values. Applies to all host FRR profiles. */ c( "global-arp-prefix-limit" arg /* Max ARP/Host FRR routes allowed per protected IFL */, "global-supplementary-blackout-timer" arg /* ARP plimit global blackout timer = kernel ARP timeout + global-supplementary-blackout-timer minutes. */ ) ), "warm-standby" /* Enable warm-standby */, "nonstop-routing" /* Enable nonstop routing */, "nonstop-routing-options" ( /* Nonstop routing options */ c( "precision-timers-max-period" arg /* Set Max period for precision timer support from kernel after switchover */ ) ), "nsr-phantom-holdtime" arg /* Set NSR phantom route hold time */, "srlg" arg ( /* SRLG configuration */ c( "srlg-value" arg /* Group id */, "srlg-cost" arg /* Cost value */ ) ), "admin-groups-extended-range" ( /* Extended administrative groups range */ c( "minimum" arg /* Minimum value of the range for extended administrative groups */, "maximum" arg /* Maximum value of the range for extended administrative groups */ ) ), "admin-groups-extended" arg ( /* Extended administrative groups */ c( "group-value" arg /* Group id */ ) ), "lsp-telemetry" /* Turn on Jvision LSP telemetry */, "l3vpn-composite-nexthop" /* Enable composite nexthop for l3vpn */, "source-routing" ( /* Source-routing options */ c( "ip" /* Enable IP Source Routing */, "ipv6" /* Enable Type 0 RouteHeader processing */ ) ), "forwarding-table" ( forwarding_table_type ), "fate-sharing" ( /* Fate-sharing links or nodes database */ c( "group" arg ( /* Group of objects sharing common characteristics */ c( "cost" arg /* Cost value */, "use-for-post-convergence-lfa" /* Use this fate-sharing group as a constraint for post-convergence-lfa */, "from" ( fate_sharing_links ) ) ) ) ), "multicast" ( /* Global multicast options */ c( "traceoptions" ( /* Global multicast trace options */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("parse" | "config-internal" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "rpf" arg, "scope" arg ( /* Multicast address scope */ c( "prefix" ( /* Administratively scoped address */ ipprefix /* Administratively scoped address */ ), "interface" ( /* Interface on which to configure scoping */ interface_name /* Interface on which to configure scoping */ ) ) ), "scope-policy" ( /* Scoping policy */ policy_algebra /* Scoping policy */ ), "flow-map" arg ( /* Multicast flow map configuration */ c( "policy" ( /* Policy for matched flows */ policy_algebra /* Policy for matched flows */ ), "bandwidth" ( /* Bandwidth properties for matched flows */ sc( arg /* Static or default bandwidth for the matched flows */, "adaptive" /* Auto-sense bandwidth for matched flows */ ) ).as(:oneline), "redundant-sources" ( /* Redundant source addresses */ ipaddr /* Redundant source addresses */ ), "forwarding-cache" ( /* Forwarding cache properties for matched flows */ c( "timeout" ( /* Timeout properties for matched flows */ sc( c( arg, "never" ( /* Forwarding cache entries never time out */ c( "non-discard-entry-only" /* Apply only to non-discard entries */ ) ) ) ) ).as(:oneline) ) ) ) ), "resolve-filter" ( /* Multicast resolve policy filter */ policy_algebra /* Multicast resolve policy filter */ ), "ssm-groups" ( /* Source-specific multicast group ranges */ ipprefix /* Source-specific multicast group ranges */ ), "cont-stats-collection-interval" arg /* IGMP/MLD continuous statistics collection interval */, "asm-override-ssm" /* Allow ASM state for SSM group ranges */, "rpf-check-policy" ( /* Disable RPF check for a source group pair */ policy_algebra /* Disable RPF check for a source group pair */ ), "pim-to-igmp-proxy" ( /* PIM-to-IGMP proxy */ c( "upstream-interface" ( /* Upstream interface list */ interface_name /* Upstream interface list */ ) ) ), "pim-to-mld-proxy" ( /* PIM-to-MLD proxy */ c( "upstream-interface" ( /* Upstream interface list */ interface_name /* Upstream interface list */ ) ) ), "forwarding-cache" ( /* Multicast forwarding cache */ c( "allow-maximum" /* Allow maximum of global and family level threshold values for suppress and reuse */, "family" enum(("inet" | "inet6")) ( /* Protocol family */ c( "threshold" ( /* Multicast forwarding cache suppress threshold */ c( "suppress" arg /* Suppress threshold */, "reuse" arg /* Reuse threshold */, "mvpn-rpt-suppress" arg /* MVPN RP tree entry suppress threshold */, "mvpn-rpt-reuse" arg /* MVPN RP tree entry reuse threshold */, "log-warning" arg /* Percentage at which to start generating warnings */ ) ) ) ), "threshold" ( /* Threshold */ c( "suppress" arg /* Suppress threshold */, "reuse" arg /* Reuse threshold */, "mvpn-rpt-suppress" arg /* MVPN RP tree entry suppress threshold */, "mvpn-rpt-reuse" arg /* MVPN RP tree entry reuse threshold */, "log-warning" arg /* Percentage at which to start generating warnings */ ) ), "timeout" arg /* Forwarding cache entry timeout in minutes */ ) ), "interface" ( /* Multicast interface options */ multicast_interface_options_type /* Multicast interface options */ ), "ssm-map" arg ( /* SSM map definitions */ c( "policy" ( /* Policy for matching group */ policy_algebra /* Policy for matching group */ ), "source" ( /* One or more source addresses */ ipaddr /* One or more source addresses */ ) ) ), "stream-protection" ( /* Multicast only Fast Re-Route */ c( "mofrr-primary-path-selection-by-routing" /* Multicast only Fast Re-Route primary path by Routing */, "mofrr-disjoint-upstream-only" /* Multicast only Fast Re-Route disjoint upstream only */, "mofrr-no-backup-join" /* Multicast only Fast Re-Route no backup join */, "mofrr-asm-starg" /* Multicast only Fast Re-Route asm (*,G) */, "policy" ( /* MoFRR Policy */ policy_algebra /* MoFRR Policy */ ) ) ), "backup-pe-group" arg ( /* Backup PE group definitions */ c( "backups" ( /* One or more IP addresses */ ipaddr /* One or more IP addresses */ ), "local-address" ( /* Address to be used as local-address for this group */ ipaddr /* Address to be used as local-address for this group */ ) ) ), "omit-wildcard-address" /* Omit wildcard source/group fields in SPMSI AD NLRI */, "local-address" ( /* Local address for PIM and MVPN sessions */ ipv4addr /* Local address for PIM and MVPN sessions */ ) ) ), "programmable-rpd" ( /* RPD Server module management options */ programmable_rpd_type /* RPD Server module management options */ ), "validation" ( /* Define Route validation */ c( "traceoptions" ( /* Trace options for route validation */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("error" | "packets" | "keepalive" | "update" | "nsr-synchronization" | "state" | "policy" | "task" | "timer" | "client" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "notification-rib" arg /* Define routing tables that get notified upon validation state change */, "group" arg ( /* Define a group of sessions */ c( "authentication-key" arg /* MD5 authentication key */, "authentication-algorithm" ( /* Authentication algorithm name */ ("md5" | "hmac-sha-1-96" | "aes-128-cmac-96" | "ao") ), "tcpao-auth-mismatch" ( /* Continue without TCP-AO if any one TCP endpoint does not have TCP-AO configured */ ("allow-without-tcpao") ), "authentication-key-chain" arg /* Key chain name */, "max-sessions" arg /* Maximum connected session in this group */, "session" arg ( /* Configure a session */ c( "traceoptions" ( /* Trace options for route validation */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("error" | "packets" | "keepalive" | "update" | "state" | "task" | "timer" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "authentication-key" arg /* MD5 authentication key */, "authentication-algorithm" ( /* Authentication algorithm name */ ("md5" | "hmac-sha-1-96" | "aes-128-cmac-96" | "ao") ), "tcpao-auth-mismatch" ( /* Continue without TCP-AO if any one TCP endpoint does not have TCP-AO configured */ ("allow-without-tcpao") ), "authentication-key-chain" arg /* Key chain name */, "refresh-time" arg /* Interval between keepalive packet transmissions */, "hold-time" arg /* Time after which the session is declared down. */, "record-lifetime" arg /* Lifetime of route validation records */, "preference" arg /* Preference for session establishment */, "port" arg /* Portnumber to connect */, "local-address" ( ipaddr ) ) ) ) ), "static" ( /* Define static route validation record */ c( "record" arg ( /* Static route validation record */ c( "maximum-length" arg ( c( "origin-autonomous-system" arg ( c( "validation-state" ( /* Validation state for route validation record */ ("invalid" | "valid") ) ) ) ) ) ) ) ) ) ) ) ) end rule(:dynamic_tunnel_type) do arg.as(:arg) ( c( "source-address" ( /* Tunnel source address */ ipaddr /* Tunnel source address */ ), c( "rsvp-te" arg ( /* RSVP-TE point-to-point LSP */ c( "label-switched-path-template" ( /* Template for dynamic point-to-point LSP parameters */ c( c( arg /* Name of point-to-point LSP template */, "default-template" /* Use default parameters */ ) ) ), "destination-networks" ( /* Create tunnels for routes in these destination networks */ app_network_type /* Create tunnels for routes in these destination networks */ ) ) ), "spring-te" ( /* SPRING-TE LSP's */ c( "source-routing-path-template" ( /* Template color mapping for SPRING-TE dynamic LSP parameters */ spring_te_template_map /* Template color mapping for SPRING-TE dynamic LSP parameters */ ), "destination-networks" ( /* Create tunnels for routes in these destination networks */ app_network_type /* Create tunnels for routes in these destination networks */ ) ) ), "gre" /* Generic routing encapsulation type for IPv4 */, "udp" /* UDP encapsulation type for IPv4 */, "bgp-signal" /* BGP signals the encapsulation type for IPv4 */, "ipip" /* IPIP encapsulation type for IPv4 */ ), "destination-networks" ( /* Create tunnels for routes in these destination networks */ network_type /* Create tunnels for routes in these destination networks */ ) ) ) end rule(:app_network_type) do arg.as(:arg) end rule(:export_af_obj) do c( ("disable"), "unicast" ( /* Unicast routing information */ export_subaf_obj /* Unicast routing information */ ), "multicast" ( /* Multicast routing information */ export_subaf_obj /* Multicast routing information */ ), "flow" ( /* Flow routing information */ export_subaf_obj /* Flow routing information */ ) ) end rule(:export_subaf_obj) do c( ("disable"), "rib-group" arg /* Auxiliary rib-group of additional RIBs to consider */ ) end rule(:fate_sharing_links) do arg.as(:arg) ( c( "to" ( /* Point-to-point links */ ipv4addr /* Point-to-point links */ ) ) ).as(:oneline) end rule(:flow_route_inet) do arg.as(:arg) ( c( "no-install" /* Don't install firewall filter in forwarding */, "match" ( /* Flow definition */ flow_route_qualifier_inet /* Flow definition */ ), "then" ( /* Actions to take for this flow */ flow_route_op /* Actions to take for this flow */ ) ) ) end rule(:flow_route_qualifier_inet) do c( "protocol" ( /* IP protocol value */ ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | arg) ), "port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "tcp-flags" ( /* TCP flags */ ("fin" | "syn" | "rst" | "push" | "ack" | "urgent" | arg) ), "packet-length" ( /* Packet length (0-65535) */ policy_algebra /* Packet length (0-65535) */ ), "dscp" ( /* Differentiated Services (DiffServ) code point (DSCP) (0-63) */ policy_algebra /* Differentiated Services (DiffServ) code point (DSCP) (0-63) */ ), "fragment" ( ("dont-fragment" | "not-a-fragment" | "is-fragment" | "first-fragment" | "last-fragment") ), "destination" ( /* Destination prefix for this traffic flow */ ipv4prefix /* Destination prefix for this traffic flow */ ), "source" ( /* Source prefix for this traffic flow */ ipv4prefix /* Source prefix for this traffic flow */ ), "icmp-code" ( /* ICMP message code */ ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ), "icmp-type" ( /* ICMP message type */ ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ) ) end rule(:flow_rule_inet) do arg.as(:arg) ( c( "no-install" /* Don't install firewall filter in forwarding */, "match" ( /* Flow definition */ flow_rule_qualifier_inet /* Flow definition */ ), "then" ( /* Actions to take for this flow */ flow_rule_op /* Actions to take for this flow */ ) ) ) end rule(:flow_rule_qualifier_inet) do c( "protocol" ( /* IP protocol value */ ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | arg) ), "port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination" ( /* Destination prefix for this traffic flow */ ipv4prefix /* Destination prefix for this traffic flow */ ), "source" ( /* Source prefix for this traffic flow */ ipv4prefix /* Source prefix for this traffic flow */ ) ) end rule(:forwarding_table_type) do c( "remnant-holdtime" arg /* Time to hold inherited routes from FIB */, "chain-composite-max-label-count" arg /* Maximum labels inside chain composite for the platform. */, "krt-nexthop-ack" /* Enable kernel nexthop ack */, "krt-nexthop-ack-timeout" arg /* Kernel nexthop ack timeout interval */, "consistency-checking" ( /* RIB/FIB consistency checking */ c( ("enable" | "disable"), "period" arg /* Periodicity of scan in seconds */, "threshold" arg /* Mismatch threshold until complaint */ ) ), "export" ( /* Export policy */ policy_algebra /* Export policy */ ), "dynamic-list-next-hop" /* Dynamic next-hop mode for EVPN */, "evpn-egress-link-protection" /* EVPN PE-CE egress link failure protection */, "egress-chaining" ( /* Enable egress-chaining */ c( "spring-te" /* Enable egress-chaining for SPRING-TE routes */ ) ), "evpn-aliasing-optimize" /* EVPN Aliasing convergence improvement */, "ecmp-fast-reroute" /* Enable fast reroute for ECMP next hops */, "no-ecmp-fast-reroute" /* Don't enable fast reroute for ECMP next hops */, "indirect-next-hop" /* Install indirect next hops in Packet Forwarding Engine */, "no-indirect-next-hop" /* Don't install indirect next hops in Packet Forwarding Engine */, "route-ack-converge" /* Enable the route ack convergence feature */, "no-route-ack-converge" /* Don't enable the route ack convergence feature */, "indirect-next-hop-change-acknowledgements" /* Request acknowledgements for Indirect next hop changes */, "no-indirect-next-hop-change-acknowledgements" /* Don't request acknowledgements for Indirect next hop changes */, "rib" arg.as(:oneline), "unicast-reverse-path" ( /* Unicast reverse path (RP) verification */ ("active-paths" | "feasible-paths") ), "ip-tunnel-rpf-check" ( /* IP tunnel Reverse Path Forwarding Check */ c( "mode" ( ("strict" | "loose") ), "fail-filter" arg /* Fail filter name for RPF check(family inet|inet6|any) */ ) ), "source-class" ( /* Source class filters */ source_class_filters /* Source class filters */ ), "destination-class" ( /* Destination class filters */ destination_class_filters /* Destination class filters */ ), "transit-lsp-statistics-from-route" /* Enable LSP statistics collection from the route */, "chained-composite-next-hop" ( /* Next-hop chaining mode */ c( "ingress" ( /* Ingress LSP nexthop settings */ c( "l2vpn" /* Create composite-chained nexthops for ingress l2vpn LSPs */, "no-l2vpn" /* Don't create composite-chained nexthops for ingress l2vpn LSPs */, "l2ckt" /* Create composite-chained nexthops for ingress l2ckt LSPs */, "no-l2ckt" /* Don't create composite-chained nexthops for ingress l2ckt LSPs */, "fec129-vpws" /* Create composite-chained nexthops for ingress fec129-vpws LSPs */, "no-fec129-vpws" /* Don't create composite-chained nexthops for ingress fec129-vpws LSPs */, "evpn" /* Create composite-chained nexthops for ingress EVPN LSPs */, "no-evpn" /* Don't create composite-chained nexthops for ingress EVPN LSPs */, "labeled-bgp" ( /* Create composite-chained nexthops for ingress labeled-bgp LSPs */ c( "inet" /* Enable inet labeled-bgp composite nexthop creation */, "no-inet" /* Don't enable inet labeled-bgp composite nexthop creation */, "inet6" /* Enable inet6 labeled-bgp composite nexthop creation */, "no-inet6" /* Don't enable inet6 labeled-bgp composite nexthop creation */ ) ), "l3vpn" ( /* Create composite-chained nexthops for ingress l3vpn LSPs */ sc( "extended-space" /* Allocate in extended-space for scalability */ ) ).as(:oneline), "ldp" /* Create chained-composite nexthops to support segmentation LDP tunnels */, "no-ldp" /* Don't create chained-composite nexthops to support segmentation LDP tunnels */ ) ), "transit" ( /* Transit LSP nexthops settings */ c( "l2vpn" /* Create composite-chained nexthops for transit l2vpn LSPs */, "no-l2vpn" /* Don't create composite-chained nexthops for transit l2vpn LSPs */, "l3vpn" /* Create composite-chained nexthops for transit l3vpn LSPs */, "no-l3vpn" /* Don't create composite-chained nexthops for transit l3vpn LSPs */, "labeled-bgp" /* Create composite-chained nexthops for transit labeled BGP routes */, "no-labeled-bgp" /* Don't create composite-chained nexthops for transit labeled BGP routes */, "static" /* Create composite-chained nexthops for static LSPs */, "no-static" /* Don't create composite-chained nexthops for static LSPs */, "rsvp" /* Create composite-chained nexthops for RSVP LSPs */, "no-rsvp" /* Don't create composite-chained nexthops for RSVP LSPs */, "rsvp-p2mp" /* Create composite-chained nexthops for RSVP p2mp LSPs */, "no-rsvp-p2mp" /* Don't create composite-chained nexthops for RSVP p2mp LSPs */, "express-segments" /* Create composite-chained nexthops for Express Segments */, "no-express-segments" /* Don't create composite-chained nexthops for Express Segments */, "ldp" /* Create composite-chained nexthops for LDP LSPs */, "no-ldp" /* Don't create composite-chained nexthops for LDP LSPs */, "ldp-p2mp" /* Create composite-chained nexthops for LDP P2MP LSPs */, "no-ldp-p2mp" /* Don't create composite-chained nexthops for LDP P2MP LSPs */, "labeled-isis" /* Create composite-chained nexthops for labeled ISIS routes */, "no-labeled-isis" /* Don't create composite-chained nexthops for labeled ISIS routes */ ) ) ) ), "fib-next-hop-split" ( /* Split nexthop to chain nexthop when installing fom rib to fib */ c( "labeled-isis" /* Create composite-chained nexthops for labeled ISIS routes */ ) ), "fib-agent" ( /* Configure fib-agent parameters */ c( "address" ( /* IP address of the FIB agent */ ipaddr /* IP address of the FIB agent */ ), "port" arg /* TCP port of the FIB agent */, "protocol-id" arg /* Protocol ID to be used for programming routes */ ) ), "channel" arg ( /* Configure fib-channel parameters */ c( "protocol" ( /* Configure fib-channel protocol */ c( "protocol-type" ( ("netlink-fpm" | "gRPC") ), "destination" arg /* Destination of the FIB */, "source-id" arg /* Source ID to be used for programming routes */ ) ), "export" ( /* Export policy */ policy_algebra /* Export policy */ ) ) ) ) end rule(:destination_class_filters) do arg.as(:arg) ( c( "family" ( /* Protocol family */ c( "inet" ( /* Protocol family IPv4 for firewall filter */ c( "filter" ( /* Packet filtering */ c( arg /* Inet Filter name */ ) ) ) ), "inet6" ( /* Protocol family IPv6 for firewall filter */ c( "filter" ( /* Packet filtering */ c( arg /* Inet6 Filter name */ ) ) ) ) ) ) ) ) end rule(:juniper_sampling_options) do c( ("disable"), "traceoptions" ( /* Traffic sampling trace options */ sampling_traceoptions_type /* Traffic sampling trace options */ ), "sample-once" /* Sample the packet for active-monitoring only once */, "pre-rewrite-tos" /* Sample the packet retaining tos value before normalization */, "input" ( /* Traffic Sampling data acquisition */ sampling_input_type /* Traffic Sampling data acquisition */ ), "output" ( /* Traffic sampling data disposition */ sampling_output_type /* Traffic sampling data disposition */ ), "family" ( /* Address family of packets to sample */ c( "inet" ( /* Sample IPv4 packets */ c( ("disable"), "input" ( /* Settings for sampling of input packets */ sampling_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* Traffic sampling data disposition */ sampling_instance_inet_global_output_type /* Traffic sampling data disposition */ ) ) ), "inet6" ( /* Sample IPv6 packets */ c( ("disable"), "input" ( /* Settings for sampling of input packets */ sampling_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* Traffic sampling data disposition */ sampling_family_inet6_output_type /* Traffic sampling data disposition */ ) ) ), "mpls" ( /* Sample mpls packets */ c( ("disable"), "input" ( /* Settings for sampling of input packets */ sampling_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* Traffic sampling data disposition */ sampling_global_mpls_output_type /* Traffic sampling data disposition */ ) ) ) ) ), "instance" arg ( /* Instance of sampling parameters */ c( ("disable"), "input" ( /* Traffic Sampling data acquisition */ sampling_instance_input_type /* Traffic Sampling data acquisition */ ), "family" ( /* Address family of packets to sample */ c( "inet" ( /* Sample IPv4 packets */ c( ("disable"), "input" ( /* Settings for sampling of input packets */ sampling_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* Traffic sampling data disposition */ sampling_instance_inet_output_type /* Traffic sampling data disposition */ ) ) ), "inet6" ( /* Sample IPv6 packets */ c( ("disable"), "input" ( /* Settings for sampling of input packets */ sampling_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* Traffic sampling data disposition */ sampling_instance_inet6_output_type /* Traffic sampling data disposition */ ) ) ), "mpls" ( /* Sample mpls packets */ c( ("disable"), "input" ( /* Settings for sampling of input packets */ sampling_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* Traffic sampling data disposition */ sampling_instance_mpls_output_type /* Traffic sampling data disposition */ ) ) ), "vpls" ( /* Sample vpls packets */ c( ("disable"), "input" ( /* Settings for sampling of input packets */ sampling_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* Traffic sampling data disposition */ sampling_instance_vpls_output_type /* Traffic sampling data disposition */ ) ) ), "bridge" ( /* Sample bridge packets */ c( ("disable"), "input" ( /* Settings for sampling of input packets */ sampling_family_input_type /* Settings for sampling of input packets */ ), "output" ( /* Traffic sampling data disposition */ sampling_instance_bridge_output_type /* Traffic sampling data disposition */ ) ) ) ) ) ) ), "jflow-service" ( /* Jflow service configuration */ c( "traceoptions" ( /* Jflow service trace options */ jflow_service_traceoptions /* Jflow service trace options */ ) ) ), "route-record" ( /* Sampling route record configuration */ c( "traceoptions" ( /* Sampling route record trace options */ route_record_traceoptions /* Sampling route record trace options */ ) ) ) ) end rule(:jflow_service_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("parse" | "rtsock" | "sm" | "all")) /* Area of jflow-service to enable debuging output */.as(:oneline) ) end rule(:juniper_services_captive_portal) do c( "authentication-profile-name" arg /* Access profile name to use for authentication */, "traceoptions" ( /* Trace options for CAPTIVE PORTAL */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("dot1x-debug" | "parse" | "esw-if" | "config-internal" | "normal" | "general" | "state" | "task" | "timer" | "all" | "dot1x-ipc" | "dot1x-event")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "interface" ("all" | arg) ( /* Captive Portal interface specific options */ c( "supplicant" ( /* Set supplicant mode for this interface */ ("single" | "single-secure" | "multiple") ), "retries" arg /* Number of retries after which port is placed into wait state */, "quiet-period" arg /* Time to wait after an authentication failure */, "server-timeout" arg /* Authentication server timeout interval */, "session-expiry" arg /* Session Expiry Timeout */, "user-keepalive" arg /* Session keepalive after mac-flush */ ) ), "secure-authentication" ( /* Set secure authentication using encrypted HTTPS or insecure authentication using plain-text HTTP */ ("http" | "https") ), "custom-options" ( /* Captive Portal html user interface customization options */ c( "header-logo" arg /* Path to logo image file */, "header-bgcolor" arg /* Background color of the html header in hex html format */, "header-text-color" arg /* Text color of the html header in hex html format */, "header-message" arg /* Message to be displayed in the html header */, "banner-message" arg /* Terms and Conditions of usage message */, "form-header-message" arg /* Message to be displayed in the login form header */, "form-header-bgcolor" arg /* Background color of the login form header in hex html format */, "form-header-text-color" arg /* Text color of the login form header in hex html format */, "form-submit-label" arg /* Label to be displayed for the login form submit button */, "form-reset-label" arg /* Label to be displayed for the login form reset button */, "footer-message" arg /* Message to be displayed in the html footer */, "footer-bgcolor" arg /* Background color of the html footer in hex html format */, "footer-text-color" arg /* Text color of the footer in hex html format */, "post-authentication-url" arg /* Post authentication redirection URL */ ) ) ) end rule(:juniper_system) do c( "host-name" arg /* Hostname for this router */, "root-authentication" ( /* Authentication information for the root login */ authentication_object /* Authentication information for the root login */ ), "commit" ( /* Configuration commit management */ c( "commit-synchronize-server" ( /* Commit synchronize server configuration */ c( "traceoptions" ( /* Traceoptions for commit synchronize server */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "microsecond-stamp" /* Timestamp with microsecond granularity */ ) ).as(:oneline), "flag" enum(("ephemeral-commit" | "operational-command" | "debug" | "all")) /* Tracing parameters */.as(:oneline) ) ) ) ), c( "persist-groups-inheritance" /* Build configuration groups inheritance path */, "no-persist-groups-inheritance" /* Don't build configuration groups inheritance path */ ), "ignore-xpath-failure" /* Ignore xpath failures during commit */, "server" ( /* Commit server (batch commit) */ c( "maximum-aggregate-pool" arg /* Maximum number of transactions to aggregate */, "maximum-entries" arg /* Maximum number of transactions allowed in queue */, "commit-interval" arg /* Number of seconds between commits */, "retry-attempts" arg /* Retry attempts for commit failure due to db lock error */, "retry-interval" arg /* Retry interval in seconds for commit failure */, "days-to-keep-error-logs" arg /* Number of day to keep error log entries */, "redirect-completion-status" arg /* Redirect Async commit status to server configured here */, "commit-schedule-profile" arg ( /* Scheduling profile for asynchronous low priority commits */ c( "start-time" arg /* Time when the schedule starts processing low priority jobs (hh:mm) */, "end-time" arg /* Time when the schedule stops processing low priority jobs (hh:mm) */, "interruptible" /* Allow the low priority jobs to be interrupted during the schedule */, "load-average" ( /* Max load average of system at which schedule starts (last 1 min) */ unsigned_float /* Max load average of system at which schedule starts (last 1 min) */ ) ) ), "traceoptions" ( /* Trace options for commit server */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "microsecond-stamp" /* Timestamp with microsecond granularity */ ) ).as(:oneline), "flag" enum(("all" | "commit-server" | "batch" | "configuration")) /* Tracing parameters */.as(:oneline) ) ) ) ), "fast-synchronize" /* Parallelized commit synchronizing multiple routing-engines */, "synchronize" /* Synchronize commit on both Routing Engines by default */, "delta-export" /* Export only delta configuration during commit */, "notification" /* Notify applications upon commit complete */, "peers-synchronize" /* Synchronize commit on remote peers by default */, "peers" ( /* Commit peers-synchronize details */ peers_type /* Commit peers-synchronize details */ ) ) ), "configuration-database" ( /* Configuration database parameters */ c( "ephemeral" ( /* Configure ephemeral database */ c( "instance" arg /* Configure ephemeral instances */, "commit-synchronize-model" ( /* Select commit synchronize model for ephemeral */ ("asynchronous" | "synchronous") ), "ignore-ephemeral-default" /* Ignore ephemeral default database */, "delete-ephemeral-default" /* Delete ephemeral default database */, "allow-commit-synchronize-with-gres" /* Allow ephemeral commit synchronize with GRES */ ) ), "virtual-memory-mapping" ( /* Virtual memory mapping configuration */ c( "process" arg ( /* Per process configuration */ c( "fixed-size" arg /* Fixed memory mapped size in kilobytes */, "page-pooling-size" arg /* Page pooling memory mapped size in kilobytes */, "page-leak-debug" /* Page leak detection */ ) ), "process-set" ( /* Set of processes using page pool */ c( "subscriber-management" ( /* Subscriber management processes will use page pooling */ c( "fixed-size" arg /* Fixed memory mapped size */, "page-pooling-size" arg /* Page pooling memory mapped size */ ) ) ) ) ) ), "extend-size" /* Extend configuration database upto 1.5G */, "resize" ( /* Resize configuration database */ c( "database-size-on-disk" arg /* Minimum configuration database size on disk */, "database-size-diff" arg /* Difference between database size and actual usage */ ) ), "max-db-size" arg /* Max database size */ ) ), "scripts" ( /* Scripting mechanisms */ scripts_type /* Scripting mechanisms */ ), "login" ( /* Names, login classes, and passwords for users */ c( "retry-options" ( /* Configure password retry options */ c( "tries-before-disconnect" arg /* Number of times user is allowed to try password */, "backoff-threshold" arg /* Number of password failures before delay is introduced */, "backoff-factor" arg /* Delay factor after 'backoff-threshold' password failures */, "minimum-time" arg /* Minimum total connection time if all attempts fail */, "maximum-time" arg /* Maximum time the connection will remain for user to enter username and password */, "lockout-period" arg /* Amount of time user account is locked after 'tries-before-disconnect' failures */ ) ), "idle-timeout" arg /* Maximum idle time before logout */, "class" ( /* Login class */ login_class_object /* Login class */ ), "user" ( /* Username */ login_user_object /* Username */ ), "password" ( /* Password configuration */ c( "minimum-character-changes" arg /* Minimum number of character changes between old and new passwords */, "minimum-reuse" arg /* Minimum number of old passwords which should not be same as the new password */, "maximum-lifetime" arg /* Maximum password lifetime in days */, "minimum-lifetime" arg /* Minimum password lifetime in days */, "minimum-length" arg /* Minimum password length for all users */, "maximum-length" arg /* Maximum password length for all users */, "change-type" ( /* Password change type */ ("character-sets" | "set-transitions") ), "minimum-changes" arg /* Minimum number of changes in password */, "minimum-numerics" arg /* Minimum number of numeric class characters in password */, "minimum-upper-cases" arg /* Minimum number of upper-case class characters in password */, "minimum-lower-cases" arg /* Minimum number of lower-case class characters in password */, "minimum-punctuations" arg /* Minimum number of punctuation class characters in password */, "format" ( /* Encryption method to use for password */ ("sha1" | "sha256" | "sha512" | "md5" | "des") ) ) ), "deny-sources" ( /* Sources from which logins are denied */ c( "address" ( /* IPv4/IPv6 addresses, prefix length optional, or hostnames */ ipprefix_optional /* IPv4/IPv6 addresses, prefix length optional, or hostnames */ ) ) ), "announcement" arg /* System announcement message (displayed after login) */, "message" arg /* System login message */ ) ), "export-format" ( /* Setting the properties related to exporting the data */ c( "json" ( /* Set the type of JSON format */ c( c( "verbose" /* All the objects will be emitted as JSON arrays */, "ietf" /* JSON format will be emitted as per ietf draft */ ) ) ), "state-data" ( /* Setting the properties with respect to state data */ c( "json" ( /* Set the type of JSON format for state data rendering */ c( c( "compact" /* Display JSON in compact format */ ) ) ) ) ) ) ), "max-cli-sessions" arg /* Maximum number of cli sessions */, "autoinstallation" /* Autoinstallation configuration */, "services" ( /* System services */ c( "netproxy" /* Netproxy configuration */, "finger" ( /* Allow finger requests from remote systems */ c( "connection-limit" arg /* Maximum number of allowed connections */, "rate-limit" arg /* Maximum number of connections per minute */ ) ), "ftp" ( /* Allow FTP file transfers */ c( "connection-limit" arg /* Maximum number of allowed connections */, "rate-limit" arg /* Maximum number of connections per minute */, "authentication-order" ( ("radius" | "tacplus" | "password") ) ) ), "ssh" ( /* Allow ssh access */ c( "authentication-order" ( ("radius" | "tacplus" | "password") ), "root-login" ( /* Configure root access via ssh */ ("allow" | "deny" | "deny-password") ), "no-challenge-response" /* Disables ssh challenge-response based authentication methods */, "no-password-authentication" /* Disables ssh password based authentication methods */, "no-passwords" /* Disables ssh password and challenge-response based authentication */, "no-public-keys" /* Disables ssh public key based authentication */, c( "tcp-forwarding" /* Allow forwarding TCP connections via SSH */, "no-tcp-forwarding" /* Do not allow forwarding TCP connections via SSH */ ), "protocol-version" ( /* Specify ssh protocol versions supported */ ("v2") ), "max-sessions-per-connection" arg /* Maximum number of sessions per single SSH connection */, "max-pre-authentication-packets" arg /* Maximum number of pre-authentication SSH packets per single SSH connection */, "sftp-server" /* Globally enable incoming SFTP connections */, "ciphers" ( /* Specify the ciphers allowed for protocol version 2 */ ("3des-cbc" | "aes128-cbc" | "aes192-cbc" | "aes256-cbc" | "aes128-ctr" | "aes192-ctr" | "aes256-ctr" | "aes128-gcm@openssh.com" | "aes256-gcm@openssh.com" | "chacha20-poly1305@openssh.com" | "arcfour128" | "arcfour256" | "arcfour" | "blowfish-cbc" | "cast128-cbc") ), "macs" ( /* Message Authentication Code algorithms allowed (SSHv2) */ ("hmac-md5" | "hmac-md5-etm@openssh.com" | "hmac-sha1" | "hmac-sha1-etm@openssh.com" | "umac-64@openssh.com" | "umac-128@openssh.com" | "umac-64-etm@openssh.com" | "umac-128-etm@openssh.com" | "hmac-sha2-256" | "hmac-sha2-256-etm@openssh.com" | "hmac-sha2-256-96" | "hmac-sha2-512" | "hmac-sha2-512-etm@openssh.com" | "hmac-sha2-512-96" | "hmac-ripemd160" | "hmac-ripemd160-etm@openssh.com" | "hmac-sha1-96" | "hmac-sha1-96-etm@openssh.com" | "hmac-md5-96" | "hmac-md5-96-etm@openssh.com") ), "key-exchange" ( /* Specify ssh key-exchange for Diffie-Hellman keys */ ("curve25519-sha256" | "ecdh-sha2-nistp256" | "ecdh-sha2-nistp384" | "ecdh-sha2-nistp521" | "group-exchange-sha2" | "group-exchange-sha1" | "dh-group14-sha1" | "dh-group1-sha1") ), "client-alive-count-max" arg /* Threshold of missing client-alive responses that triggers a disconnect */, "client-alive-interval" arg /* Frequency of client-alive requests */, "hostkey-algorithm" ( /* Specify permissible SSH host-key algorithms */ c( c( "no-ssh-dss" /* Disallow generation of 1024-bit DSA host-key */, "ssh-dss" ( /* Allow generation of 1024-bit DSA host-key */ c( c( "allow" /* Allow generation of 1024-bit DSA host-key */, "deny" /* Disallow generation of 1024-bit DSA host-key */ ) ) ) ), c( "no-ssh-rsa" /* Disallow generation of RSA host-key */, "ssh-rsa" ( /* Allow generation of RSA host-key */ c( c( "allow" /* Allow generation of RSA host-key */, "deny" /* Disallow generation of RSA host-key */ ) ) ) ), c( "no-ssh-ecdsa" /* Disallow generation of ECDSA host-key */, "ssh-ecdsa" ( /* Allow generation of ECDSA host-key */ c( c( "allow" /* Allow generation of ECDSA host-key */, "deny" /* Disallow generation of ECDSA host-key */ ) ) ) ), c( "no-ssh-ed25519" /* Disallow generation of ED25519 host-key */, "ssh-ed25519" /* Allow generation of ED25519 host-key */ ) ) ), "fingerprint-hash" ( /* Configure hash algorithm used when displaying key fingerprints */ ("sha2-256" | "md5") ), "authorized-keys-command" arg /* Specifies a command string to be used to look up the user's public keys */, "authorized-keys-command-user" arg /* Specifies the user under whose account the authorized-keys-command is run */, "rekey" ( /* Limits before session keys are renegotiated */ c( "data-limit" arg /* Data limit before renegotiating session keys */, "time-limit" arg /* Time limit before renegotiating session keys */ ) ), "port" arg /* Port number to accept incoming connections */, "log-key-changes" /* Log changes to authorized keys to syslog */, "connection-limit" arg /* Maximum number of allowed connections */, "rate-limit" arg /* Maximum number of connections per minute */ ) ), "telnet" ( /* Allow telnet login */ c( "connection-limit" arg /* Maximum number of allowed connections */, "rate-limit" arg /* Maximum number of connections per minute */, "authentication-order" ( ("radius" | "tacplus" | "password") ) ) ), "xnm-clear-text" ( /* Allow clear text-based JUNOScript connections */ c( "connection-limit" arg /* Maximum number of allowed connections */, "rate-limit" arg /* Maximum number of connections per minute */ ) ), "xnm-ssl" ( /* Allow SSL-based JUNOScript connections */ c( "local-certificate" arg /* Name of local X.509 certificate to use */, "ssl-renegotiation" /* Allow SSL renegotiation */, "no-ssl-renegotiation" /* Don't allow SSL renegotiation */, "connection-limit" arg /* Maximum number of allowed connections */, "rate-limit" arg /* Maximum number of connections per minute */ ) ), "jeb" ( /* Configure the Juniper Juniper Entropy Beacon service */ c( "port" arg /* JEB Service port */, "rbg" ( /* Random Bit Generator */ ("default-rng" | "hmac-drbg" | "jrbc") ), "max-seed-size" arg /* Maximum allowed size for a requested seed */, "tls" ( /* Configure TLS Attributes for JEB Service */ c( "cert-bundle" arg /* Certificate Bundle File */, "certificate" arg /* TLS Server Certificate */, "key" arg /* Private Key File */ ) ) ) ), "extension-service" ( /* Enable JUNOS extension services */ c( "remote-telemetry-service" ( /* Remote telemetry as a service */ c( "host" arg /* Remote taas host name */, "port" arg /* Remote taas port number */, "user" arg /* SSH user name for login into the taas host */, "password" ( /* SSH passphrase for login into the taas host */ unreadable /* SSH passphrase for login into the taas host */ ) ) ), "request-response" ( /* Allow request-response API execution */ c( "grpc" ( /* Grpc server configuration */ c( c( "ssl" ( /* SSL based API connection settings */ c( "address" ( /* Address to listen for incoming connections */ ipaddr /* Address to listen for incoming connections */ ), "port" arg /* Port number to accept incoming connections */, "local-certificate" arg /* Name of local X.509 certificate to use */, "mutual-authentication" ( /* Enable TLS mutual authentication */ c( "certificate-authority" arg /* Certificate authority profile */, "client-certificate-request" ( /* Specify requirements for client certificate */ ("no-certificate" | "request-certificate" | "request-certificate-and-verify" | "require-certificate" | "require-certificate-and-verify") ) ) ), "hot-reloading" /* Enable certificate reload without terminating existing gRPC sessions */ ) ) ), "max-connections" arg /* Maximum number of connections */, "routing-instance" arg /* Routing instance for grpc */, "clear-text" ( c( "address" ipaddr, "port" arg ) ), "skip-authentication" ) ) ) ), "notification" ( /* Enable Notification Services */ c( "port" arg /* Port number to accept incoming connections */, "max-connections" arg /* Maximum number of connections */, "broker-socket-send-buffer-size" arg /* Socket send buffer size for the broker to publish the messages */, "allow-clients" ( /* Client IPs from which notifications are allowed */ c( "address" ( /* IPv4/IPv6 addresses, prefix length optional, or hostnames */ ipprefix_optional /* IPv4/IPv6 addresses, prefix length optional, or hostnames */ ) ) ) ) ), "traceoptions" ( /* Trace options for JSD */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Trace verbosity level */ sc( c( "error" /* Only trace error events */ ) ) ).as(:oneline), "flag" enum(("timer" | "timeouts" | "routing-socket" | "general" | "config" | "grpc" | "libgrpc-debug" | "libgrpc-errors" | "libgrpc-info" | "notification" | "all")) /* Tracing parameters */.as(:oneline) ) ) ) ), "netconf" ( /* Allow NETCONF connections */ c( "ssh" ( /* Allow NETCONF over SSH */ c( "connection-limit" arg /* Maximum number of allowed connections */, "rate-limit" arg /* Maximum number of connections per minute */, "client-alive-count-max" arg /* Threshold of missing client-alive responses that triggers a disconnect */, "client-alive-interval" arg /* Frequency of client-alive requests */, "port" arg /* Service port number */ ) ), "tls" ( /* Allow NETCONF over TLS */ c( "local-certificate" arg /* Local Certificate ID */, "client-identity" arg ( /* Individual TLS/NETCONF client information */ c( "fingerprint" arg /* Client certificate fingerprint in x509c2n:tls-fingerprint format */, "map-type" ( /* Map Type */ ("specified" | "san-dirname-cn") ), "username" arg /* NETCONF username if the map-type is specified */ ) ), "default-client-identity" ( /* Default TLS/NETCONF client information */ c( "map-type" ( /* Map Type */ ("specified" | "san-dirname-cn") ), "username" arg /* NETCONF username if the map-type is specified */ ) ), "traceoptions" ( /* NETCONF over TLS trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("general" | "pki" | "plugin" | "app" | "all")) /* Tracing parameters */.as(:oneline) ) ) ) ), "unified" ( /* Schema options for unified netconf */ c( "unhide" /* Unhide unified netconf get from CLI */ ) ), "hello-message" ( /* Configuration for NETCONF 'hello' message */ c( "yang-module-capabilities" ( /* Advertise YANG module capabilities of the device */ c( "advertise-native-yang-modules" /* Advertise Junos native YANG modules */, "advertise-custom-yang-modules" /* Advertise custom YANG modules installed on the device */, "advertise-standard-yang-modules" /* Advertise standard YANG modules supported by the device */ ) ) ) ), "netconf-monitoring" ( /* NETCONF monitoring feature (RFC 6022) related configuration */ c( "netconf-state-schemas" ( /* Configuration to retrieve the schemas supported by the NETCONF server */ c( "retrieve-custom-yang-modules" /* Retrieve the custom YANG modules installed on the device */, "retrieve-standard-yang-modules" /* Retrieve the standard YANG modules supported by the device */ ) ) ) ), "rfc-compliant" /* Make the NETCONF sessions compliant to RFC 4741 */, "yang-compliant" /* Make the NETCONF sessions compliant to yang schemas */, "flatten-commit-results" /* Suppress the 'commit-results' XML subtree in 'commit' rpc response */, "yang-modules" ( /* Tweak settings for YANG modules served on this device */ c( "device-specific" /* Serve YANG modules specific to this device */, "emit-extensions" /* Enable serving of Junos YANG extension modules */ ) ), "traceoptions" ( /* NETCONF trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("all" | "incoming" | "outgoing" | "debug")) /* Tracing parameters */.as(:oneline), "on-demand" /* Enable on-demand tracing */ ) ), "notification" ( /* Enable Netconf notification service */ c( "interleave" /* Enable interleaving */ ) ) ) ), "tftp-server" ( /* Enable TFTP file transfers */ c( "connection-limit" arg /* Maximum number of allowed connections */, "rate-limit" arg /* Maximum number of connections per minute */ ) ), "flow-tap-dtcp" ( /* Configure DTCP-based Flow-tap service */ c( "ssh" ( /* Allow flow-tap-dtcp service over SSH */ c( "connection-limit" arg /* Maximum number of allowed connections */, "rate-limit" arg /* Maximum number of connections per minute */ ) ) ) ), "dtcp-only" /* Allow subscriber DTCP based lawful intercept only */, "reverse" ( /* Allow connections to device connected to the AUX port */ c( "telnet" ( /* Allow reverse telnet connections (over AUX port) */ c( "port" arg /* Port number to accept reverse telnet connections */ ) ), "ssh" ( /* Allow reverse SSH connections (over AUX port) */ c( "port" arg /* Port number to accept reverse SSH connections */ ) ) ) ), "dns" ( /* Enable Name server */ c( "max-cache-ttl" arg /* Max TTL for cached responses */, "max-ncache-ttl" arg /* Max TTL for cached negative responses */, "traceoptions" ( /* DNS server trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "debug-level" arg /* Debug level */, "category" ("default" | "general" | "database" | "security" | "config" | "resolver" | "xfer-in" | "xfer-out" | "notify" | "client" | "unmatched" | "network" | "update" | "update-security" | "queries" | "dispatch" | "dnssec" | "lame-servers" | "delegation-only" | "edns-disabled") /* Logging category */.as(:oneline) ) ), "forwarders" arg /* Server IPs to DNS query will be forwarded */, "dnssec" ( /* Configure DNSSEC */ c( "disable" /* Disable DNSSEC */, "trusted-keys" ( /* Trusted keys */ c( "key" arg /* Trusted key */ ) ), "dlv" ( /* Configure DLV (DNS Lookaside Validation) */ s( "domain" arg /* Name of the domain */, "trusted-anchor" arg /* Trusted DLV anchor */ ) ).as(:oneline), "secure-domains" arg /* Domains for which only signed responses are accepted */ ) ) ) ), "rest" ( /* Allow RPC execution over HTTP(S) connection */ c( "http" ( /* Unencrypted HTTP connection settings */ c( "port" arg /* Port number to accept HTTP connections */, "addresses" ( /* List of addresses to listen for incoming connections */ ipv4addr /* List of addresses to listen for incoming connections */ ) ) ), "https" ( /* Encrypted HTTPS connections */ c( "port" arg /* Port number to accept HTTPS connections */, "addresses" ( /* List of addresses to listen for incoming connections */ ipv4addr /* List of addresses to listen for incoming connections */ ), "server-certificate" arg /* Local certificate identifier */, "ca-chain" arg /* Certificate authority chain profile */, "cipher-list" ( /* List of allowed cipher suites in order of preference */ ("rsa-with-rc4-128-md5" | "rsa-with-rc4-128-sha" | "rsa-with-3des-ede-cbc-sha" | "dhe-rsa-with-3des-ede-cbc-sha" | "rsa-with-aes-128-cbc-sha" | "dhe-rsa-with-aes-128-cbc-sha" | "rsa-with-aes-256-cbc-sha" | "dhe-rsa-with-aes-256-cbc-sha" | "ecdhe-rsa-with-rc4-128-sha" | "ecdhe-rsa-with-3des-ede-cbc-sha" | "ecdhe-rsa-with-aes-128-cbc-sha" | "ecdhe-rsa-with-aes-256-cbc-sha" | "rsa-with-aes-128-cbc-sha256" | "rsa-with-aes-256-cbc-sha256" | "dhe-rsa-with-aes-128-cbc-sha256" | "dhe-rsa-with-aes-256-cbc-sha256" | "rsa-with-aes-128-gcm-sha256" | "rsa-with-aes-256-gcm-sha384" | "dhe-rsa-with-aes-128-gcm-sha256" | "dhe-rsa-with-aes-256-gcm-sha384" | "ecdhe-rsa-with-aes-128-cbc-sha256" | "ecdhe-rsa-with-aes-256-cbc-sha384" | "ecdhe-rsa-with-aes-128-gcm-sha256" | "ecdhe-rsa-with-aes-256-gcm-sha384") ), "mutual-authentication" ( /* Enable TLS mutual authentication */ c( "certificate-authority" arg /* Certificate authority profile */ ) ) ) ), "control" ( /* Control of the rest-api process */ c( "allowed-sources" ( /* List of allowed source IP addresses */ ipv4addr /* List of allowed source IP addresses */ ), "connection-limit" arg /* Maximum number of simultaneous connections */ ) ), "traceoptions" ( /* Trace options for rest-api service */ c( "flag" ( /* Area to enable tracing */ ("lighttpd" | "juise" | "all") ) ) ), "enable-explorer" /* Enable REST API explorer tool */, "routing-instance" arg /* Routing instance */ ) ), "subscriber-management-helper" ( /* Subscriber management helper configuration */ smihelperd_type /* Subscriber management helper configuration */ ), "dhcp-local-server" ( /* Dynamic Host Configuration Protocol server configuration */ jdhcp_local_server_type /* Dynamic Host Configuration Protocol server configuration */ ), "dhcp-proxy-client" ( /* Dynamic Host Configuration Protocol Proxy client configuration */ jdhcp_proxy_client_type /* Dynamic Host Configuration Protocol Proxy client configuration */ ), "database-replication" ( /* Database replication configuration */ bdbrepd_type /* Database replication configuration */ ), "web-management" ( /* Web management configuration */ c( "traceoptions" ( /* Web management trace options */ httpd_traceoptions_type /* Web management trace options */ ), "management-url" arg /* URL path for web management access */, "https" ( /* Encrypted HTTPS connections */ c( "port" arg /* TCP port for incoming HTTPS connections */, c( "local-certificate" arg /* X.509 certificate to use (from configuration) */, "pki-local-certificate" arg /* X.509 certificate to use (from PKI local store) */, "system-generated-certificate" /* X.509 certificate generated automatically by system */ ), "interface" ( /* Interfaces that accept HTTPS access */ interface_name /* Interfaces that accept HTTPS access */ ) ) ), "control" ( /* Control of the web management process */ c( "max-threads" arg /* Maximum simultaneous threads to handle requests */ ) ), "session" ( /* Session parameters */ c( "idle-timeout" arg /* Default timeout of web-management sessions */, "session-limit" arg /* Maximum number of web-management sessions to allow */ ) ) ) ), "static-subscribers" ( /* Static Subscriber Client configuration */ jsscd_static_subscribers_type /* Static Subscriber Client configuration */ ), "subscriber-management" ( /* Subscriber management configuration */ smid_type /* Subscriber management configuration */ ), "resource-monitor" ( /* Resource monitor configuration */ resource_monitor_type /* Resource monitor configuration */ ), "bbe-stats-service" ( /* Bbe statistics configuration */ bbe_stats_type /* Bbe statistics configuration */ ), "extensible-subscriber-services" ( /* Extensible Subscriber Services Configuration */ c( "maximum-subscribers" ( /* Maximum number of subscribers */ c( arg ) ), "commit-interval" ( /* Script configuration commit interval */ c( arg ) ), "flat-file-accounting-interval" ( /* Flat file accounting collection interval */ c( arg ) ), "flat-file-rollover-interval" ( /* Flat file accounting rollover interval */ c( arg ) ), "logical-interface-unit-range" ( /* Logical interface unit range */ c( "low" arg /* Lower limit of logical interface unit range */, "high" arg /* Upper limit of logical interface unit range */ ) ), "dictionary" ( /* Dictionary Information */ c( filename /* Complete path with dictionary name */ ) ), "flat-file-accounting-format" ( /* Flat file accounting format */ c( c( "ipdr" /* IPDR format */, "csv" /* CSV format */ ) ) ), "access-profile" ( /* Access profile reference */ c( arg ) ), "flat-file-profile" arg /* Flat file profile name */ ) ), "dhcp" ( /* Configure DHCP server */ c( "maximum-lease-time" ( /* Maximum lease time advertised to clients */ ("infinite" | arg) ), "default-lease-time" ( /* Default lease time advertised to clients */ ("infinite" | arg) ), "domain-name" arg /* Domain name advertised to clients */, "name-server" arg /* Domain name servers available to the client */, "domain-search" arg /* Domain search list used to resolve hostnames */, "wins-server" arg /* NetBIOS name servers */, "router" arg /* Routers advertised to clients */, "boot-file" arg /* Boot filename advertised to clients */, "boot-server" arg /* Boot server advertised to clients */, "next-server" ( /* Next server that clients need to contact */ ipv4addr /* Next server that clients need to contact */ ), "server-identifier" ( /* DHCP server identifier advertised to clients */ ipv4addr /* DHCP server identifier advertised to clients */ ), "option" arg ( /* DHCP option */ sc( c( "flag" ( /* Boolean flag value */ ("true" | "false" | "on" | "off") ), "byte" arg /* Unsigned 8-bit value */, "short" arg /* Signed 16-bit numeric value */, "unsigned-short" arg /* Unsigned 16-bit numeric value */, "integer" arg /* Signed 32-bit numeric value */, "unsigned-integer" arg /* Unsigned 32-bit numeric value */, "string" arg /* Character string value */, "ip-address" ( /* IP address value */ ipv4addr /* IP address value */ ), "array" ( /* Array of values */ c( c( "flag" ( /* Array of boolean flag values */ ("true" | "false" | "on" | "off") ), "byte" arg /* Array of unsigned 8-bit values */, "short" arg /* Array of signed 16-bit numeric values */, "unsigned-short" arg /* Array of 16-bit numeric values */, "integer" arg /* Array of signed 32-bit numeric values */, "unsigned-integer" arg /* Array of unsigned 32-bit numeric values */, "string" arg /* Array of character string values */, "ip-address" ( /* Array of IP address values */ ipv4addr /* Array of IP address values */ ) ) ) ), "byte-stream" arg /* Stream of unsigned 8-bit values within quotes */ ) ) ).as(:oneline), "sip-server" ( /* SIP servers to clients */ c( "name" arg /* Names of SIP servers */, "address" arg /* IP addresses of SIP servers */ ) ), "traceoptions" ( /* DHCP server trace options */ dhcp_traceoptions_type /* DHCP server trace options */ ), "pool" arg ( /* DHCP address pool */ c( "address-range" ( /* Range of addresses to choose from */ sc( "low" ( /* Lowest address in the range */ ipv4addr /* Lowest address in the range */ ), "high" ( /* Highest address in the range */ ipv4addr /* Highest address in the range */ ) ) ).as(:oneline), "exclude-address" arg /* Address to exclude from pool */, "maximum-lease-time" ( /* Maximum lease time advertised to clients */ ("infinite" | arg) ), "default-lease-time" ( /* Default lease time advertised to clients */ ("infinite" | arg) ), "domain-name" arg /* Domain name advertised to clients */, "name-server" arg /* Domain name servers available to the client */, "domain-search" arg /* Domain search list used to resolve hostnames */, "wins-server" arg /* NetBIOS name servers */, "router" arg /* Routers advertised to clients */, "boot-file" arg /* Boot filename advertised to clients */, "boot-server" arg /* Boot server advertised to clients */, "next-server" ( /* Next server that clients need to contact */ ipv4addr /* Next server that clients need to contact */ ), "server-identifier" ( /* DHCP server identifier advertised to clients */ ipv4addr /* DHCP server identifier advertised to clients */ ), "option" arg ( /* DHCP option */ sc( c( "flag" ( /* Boolean flag value */ ("true" | "false" | "on" | "off") ), "byte" arg /* Unsigned 8-bit value */, "short" arg /* Signed 16-bit numeric value */, "unsigned-short" arg /* Unsigned 16-bit numeric value */, "integer" arg /* Signed 32-bit numeric value */, "unsigned-integer" arg /* Unsigned 32-bit numeric value */, "string" arg /* Character string value */, "ip-address" ( /* IP address value */ ipv4addr /* IP address value */ ), "array" ( /* Array of values */ c( c( "flag" ( /* Array of boolean flag values */ ("true" | "false" | "on" | "off") ), "byte" arg /* Array of unsigned 8-bit values */, "short" arg /* Array of signed 16-bit numeric values */, "unsigned-short" arg /* Array of 16-bit numeric values */, "integer" arg /* Array of signed 32-bit numeric values */, "unsigned-integer" arg /* Array of unsigned 32-bit numeric values */, "string" arg /* Array of character string values */, "ip-address" ( /* Array of IP address values */ ipv4addr /* Array of IP address values */ ) ) ) ), "byte-stream" arg /* Stream of unsigned 8-bit values within quotes */ ) ) ).as(:oneline), "sip-server" ( /* SIP servers to clients */ c( "name" arg /* Names of SIP servers */, "address" arg /* IP addresses of SIP servers */ ) ) ) ), "static-binding" arg ( /* DHCP client's hardware address */ c( "fixed-address" arg /* Possible IP addresses to assign to host */, "host-name" arg /* Hostname for this client */, "client-identifier" ( /* Client identifier option */ sc( c( "ascii" arg /* Client identifier as an ASCII string */, "hexadecimal" arg /* Client identifier as a hexadecimal string */ ) ) ).as(:oneline), "domain-name" arg /* Domain name advertised to clients */, "name-server" arg /* Domain name servers available to the client */, "domain-search" arg /* Domain search list used to resolve hostnames */, "wins-server" arg /* NetBIOS name servers */, "router" arg /* Routers advertised to clients */, "boot-file" arg /* Boot filename advertised to clients */, "boot-server" arg /* Boot server advertised to clients */, "next-server" ( /* Next server that clients need to contact */ ipv4addr /* Next server that clients need to contact */ ), "server-identifier" ( /* DHCP server identifier advertised to clients */ ipv4addr /* DHCP server identifier advertised to clients */ ), "option" arg ( /* DHCP option */ sc( c( "flag" ( /* Boolean flag value */ ("true" | "false" | "on" | "off") ), "byte" arg /* Unsigned 8-bit value */, "short" arg /* Signed 16-bit numeric value */, "unsigned-short" arg /* Unsigned 16-bit numeric value */, "integer" arg /* Signed 32-bit numeric value */, "unsigned-integer" arg /* Unsigned 32-bit numeric value */, "string" arg /* Character string value */, "ip-address" ( /* IP address value */ ipv4addr /* IP address value */ ), "array" ( /* Array of values */ c( c( "flag" ( /* Array of boolean flag values */ ("true" | "false" | "on" | "off") ), "byte" arg /* Array of unsigned 8-bit values */, "short" arg /* Array of signed 16-bit numeric values */, "unsigned-short" arg /* Array of 16-bit numeric values */, "integer" arg /* Array of signed 32-bit numeric values */, "unsigned-integer" arg /* Array of unsigned 32-bit numeric values */, "string" arg /* Array of character string values */, "ip-address" ( /* Array of IP address values */ ipv4addr /* Array of IP address values */ ) ) ) ), "byte-stream" arg /* Stream of unsigned 8-bit values within quotes */ ) ) ).as(:oneline), "sip-server" ( /* SIP servers to clients */ c( "name" arg /* Names of SIP servers */, "address" arg /* IP addresses of SIP servers */ ) ) ) ) ) ), "outbound-https" ( /* Initiate outbound HTTPS connection */ c( "client" arg ( /* Define a device initiated outbound https connection */ c( "device-id" arg /* Unique ID used by client to identify this device */, "secret" ( /* Shared secret between client and this device */ unreadable /* Shared secret between client and this device */ ), "waittime" arg /* Wait time to retry if none of the gRPC servers are available */, "reconnect-strategy" ( /* Strategy used to reconnect to a gRPC server in the list */ ("sticky" | "in-order") ), c( "port" arg /* GRPC server port */, "trusted-cert" arg /* Certificate chain content without newlines */ ) ) ) ) ), "service-deployment" ( /* Configuration for Service Deployment (SDXD) management application */ c( "local-certificate" arg /* Name of local X.509 certificate to use */, "source-address" ( /* Local IPv4 address to be used as source address for traffic to SDX */ ipv4addr /* Local IPv4 address to be used as source address for traffic to SDX */ ), "servers" arg ( /* Service deployment system configuration */ c( "port" arg /* TCP port of SDX server */, "user" arg /* Username used by SDX when logging into the router */, "security-options" ( /* Specify mechanism to secure the connection */ c( c( "tls" /* Use TLS for transport layer security */, "ssl3" /* Use SSLv3 for transport layer security */ ) ) ) ) ), "traceoptions" ( /* Service deployment daemon trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("beep" | "profile" | "application" | "io" | "all")) /* Tracing options */.as(:oneline) ) ) ) ), "outbound-ssh" ( /* Initiate outbound SSH connection */ c( "routing-instance" arg /* Routing instance through which client is reachable */, "traceoptions" ( /* Outbound SSH trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "connectivity" | "all")) /* Tracing parameters */.as(:oneline) ) ), "client" arg ( /* Define a device initiated SSH connection */ c( "disable-ssh-security-settings" /* Disable ssh security parameter defined under [system services ssh] */, "device-id" arg /* Unique ID used by client to identify this device */, "secret" ( /* Shared secret between client and this device */ unreadable /* Shared secret between client and this device */ ), "keep-alive" ( c( "retry" arg /* Maximum number of connection attempts */, "timeout" arg /* Timeout value for conection attempts */ ) ), "reconnect-strategy" ( /* Strategy used to reconnect to a server */ ("sticky" | "in-order") ), "services" ( /* The subsystem(s) that can be invoked */ ("netconf") ), c( "port" arg /* Client port to connect to */, "retry" arg /* Maximum number of connection attempts */, "timeout" arg /* Timeout value for conection attempts */ ) ) ) ) ), "remote-device-management" ( /* Remote device management configuration */ c( "service-device" ( /* Service device configuraiton */ service_device_object /* Service device configuraiton */ ) ) ), "tcp-forwarding" ( /* TCP forwarding configuration */ c( "listening-port" ( /* TCP listener configuration */ s( arg, "listening-address" arg /* Listening address */, c( "forwarding-address" ( /* Forwarding address */ ipv4addr /* Forwarding address */ ), "forwarding-port" arg /* Forwarding port */, "max-connections" arg /* Maxmimum allowed connections */, "allowed-source" arg /* Allowed source prefix */ ) ) ) ) ), "transport" /* Transport configuration */ ) ), "auto-snapshot" /* Enable auto-snapshot when boots from alternate slice */, "unattended-boot" /* Enable Unattended Boot mode */, "jdos" /* Enable Juniper Diagnostics Operating System */, "dgasp-int" /* Enable Dying Gasp Interrupt */, "dgasp-usb" /* Enable USB reset in Dying Gasp Interrupt */, "domain-name" arg /* Domain name for this router */, "domain-search" arg /* List of domain names to search */, "no-hidden-commands" /* Deny hidden commands for all users except root */, "statistics-timeout" ( /* Statistics - Configurable Timeout */ c( "statistics-timeout-value" arg /* Statistics - Configurable Timeout value in milliseconds(1000 to 60000) */ ) ), "backup-router" ( /* IPv4 router to use while booting */ sc( ipv4addr /* Address of router to use while booting */, "destination" ( /* Destination network reachable through the router */ ipv4prefix /* Destination network reachable through the router */ ) ) ).as(:oneline), "inet6-backup-router" ( /* IPv6 router to use while booting */ sc( "destination" ( /* Destination network reachable through the router */ ipv6prefix /* Destination network reachable through the router */ ), ipv6addr /* Address of router to use while booting */ ) ).as(:oneline), "time-zone" arg /* Time zone name or POSIX-compliant time zone string */, "use-imported-time-zones" /* Use locally generated time-zone database */, "regex-additive-logic" /* Set regex-additive-logic */, "switchover-on-routing-crash" /* On failure, switch mastership to other Routing Engine */, "default-address-selection" /* Use system address for locally originated traffic */, "ndcpp-compliant" /* Enable NDcPP compliance */, "nd-maxmcast-solicit" arg /* Set Maximum multicast solicit */, "nd-maxucast-retry" arg /* Set Maximum unicast retry count */, "nd-retransmit-timer" arg /* Set retransmit timer */, "nd-system-cache-limit" arg /* Set max system cache size for IPv6 nexthops */, "arp-system-cache-limit" arg /* Set max system cache size for ARP nexthops */, "arp-enhanced-scale" /* Support enhanced ARP/ND scale */, "no-arp-enhanced" /* Disable enhanced ARP/ND scale */, "no-neighbor-learn" /* Disable neighbor address learning */, "no-multicast-echo" /* Disable ICMP echo on multicast addresses */, "extended-echo" /* Enable ICMP extended echo processing */, "no-redirects" /* Disable ICMP redirects */, "no-redirects-ipv6" /* Disable IPV6 ICMP redirects */, "nd-override-preferred-src" /* Do not use preferred source address for unnumbered interface as the source of NA/NS */, "no-ping-record-route" /* Do not insert IP address in ping replies */, "no-ping-time-stamp" /* Do not insert time stamp in ping replies */, "dump-device" ( /* Device to record memory snapshots on operating system failure */ (arg | "boot-device" | "usb" | "compact-flash" | "removable-compact-flash") ), "arp" ( /* ARP settings */ c( "aging-timer" arg /* Change the ARP aging time value */, "interfaces" ( /* Logical interface on which to specify ARP aging timer */ c( arp_interface_type ) ), "passive-learning" /* ARP passive learning */, "purging" /* ARP purging when link goes down */, "gratuitous-arp-on-ifup" /* Gratuitous ARP announcement on interface up */, "gratuitous-arp-delay" arg /* Delay gratuitous ARP request */, "non-subscriber-no-reply" /* Do not reply to ARP requests from non-subscribers */, "proactive-arp-detection" /* Proactive ARP Detection */, "unicast-mode-on-expire" /* Send unicast ARP request on expiry timer */ ) ), "personality-file-list-of-directories" arg /* List of Optional directories for personality-tarball of device */, "saved-core-files" arg /* Number of saved core files per executable */, "saved-core-context" /* Save context information for core files */, "no-saved-core-context" /* Don't save context information for core files */, "kernel-replication" ( /* Kernel replication */ c( "system-reboot" ( /* Reboot standby routing engine */ ("recovery-failure") ), "no-syscall-trace" /* Disable syscall trace script capture */, "no-multithreading" /* Disable kernel-replication multithreading */ ) ), "mirror-flash-on-disk" /* Mirror contents of the flash drive onto hard drive */, "icmp-rate-limit" ( /* Rate-limiting parameters for ICMP messages */ sc( "packet-rate" arg /* ICMP rate-limiting packets earned per second */, "bucket-size" arg /* ICMP rate-limiting maximum bucket size */ ) ).as(:oneline), "tcp-ack-rst-syn" /* Send ACKs for in-window RSTs and SYN packets on TCP connections */, "management-instance" /* Enable Management VRF Instance */, "demux-options" ( /* Tunable options for demux link local address generation */ c( "use-underlying-interface-mac" /* Use underlying interface MAC for link local address */ ) ), "internet-options" ( /* Tunable options for Internet operation */ c( "icmpv4-rate-limit" ( /* Rate-limiting parameters for ICMPv4 messages */ sc( "packet-rate" arg /* ICMP rate-limiting packets earned per second */, "bucket-size" arg /* ICMP rate-limiting maximum bucket size */ ) ).as(:oneline), "icmpv6-rate-limit" ( /* Rate-limiting parameters for ICMPv6 messages */ sc( "packet-rate" arg /* ICMPv6 rate-limiting packets earned per second */, "bucket-size" arg /* ICMPv6 rate-limiting maximum bucket size */ ) ).as(:oneline), "path-mtu-discovery" /* Enable Path MTU discovery on TCP connections */, "no-path-mtu-discovery" /* Don't enable Path MTU discovery on TCP connections */, "gre-path-mtu-discovery" /* Enable path MTU discovery for GRE tunnels */, "no-gre-path-mtu-discovery" /* Don't enable path MTU discovery for GRE tunnels */, "ipip-path-mtu-discovery" /* Enable path MTU discovery for IP-IP tunnels */, "no-ipip-path-mtu-discovery" /* Don't enable path MTU discovery for IP-IP tunnels */, "source-port" ( /* Source port selection parameters */ c( "upper-limit" arg /* Specify upper limit of source port selection range */ ) ), "source-quench" /* React to incoming ICMP Source Quench messages */, "no-source-quench" /* Don't react to incoming ICMP Source Quench messages */, "tcp-mss" arg /* Maximum value of TCP MSS for IPV4 traffic */, "tcp-drop-synfin-set" /* Drop TCP packets that have both SYN and FIN flags */, "no-tcp-rfc1323" /* Disable RFC 1323 TCP extensions */, "no-tcp-rfc1323-paws" /* Disable RFC 1323 Protection Against Wrapped Sequence Number extension */, "ipv6-reject-zero-hop-limit" /* Enable dropping IPv6 packets with zero hop-limit */, "no-ipv6-reject-zero-hop-limit" /* Don't enable dropping IPv6 packets with zero hop-limit */, "ipv6-duplicate-addr-detection-transmits" arg /* IPv6 Duplicate address detection transmits */, "ipv6-path-mtu-discovery" /* Enable IPv6 Path MTU discovery */, "no-ipv6-path-mtu-discovery" /* Don't enable IPv6 Path MTU discovery */, "ipv6-path-mtu-discovery-timeout" arg /* IPv6 Path MTU Discovery timeout */, "no-tcp-reset" ( /* Do not send RST TCP packet for packets sent to non-listening ports */ ("drop-tcp-with-syn-only" | "drop-all-tcp") ) ) ), "authentication-order" ( ("radius" | "tacplus" | "password") ), "location" ( /* Location of the system, in various forms */ location_type /* Location of the system, in various forms */ ), "ports" ( /* Craft interface RS-232 ports */ c( "console" ( /* Console port */ tty_port_object /* Console port */ ), "auxiliary" ( /* Auxiliary port */ tty_port_object /* Auxiliary port */ ) ) ), "diag-port-authentication" ( /* Authentication for the diagnostic port */ c( "plain-text-password-value" arg /* Plain text password */, "encrypted-password" arg /* Encrypted password string */ ) ), "pic-console-authentication" ( /* Authentication for the console port on PICs */ c( "plain-text-password-value" arg /* Plain text password */, "encrypted-password" arg /* Encrypted password string */ ) ), "boot-loader-authentication" ( /* Authentication for the boot loader */ c( "plain-text-password-value" arg /* Plain text password */, "encrypted-password" arg /* Encrypted password string */ ) ), "name-server" ( /* DNS name servers */ nameserver_object /* DNS name servers */ ), "radius-server" ( /* RADIUS server configuration */ radius_server_object /* RADIUS server configuration */ ), "dynamic-profile-options" ( /* Dynamic profile options */ dynamic_profile_option_object /* Dynamic profile options */ ), "tacplus-server" ( /* TACACS+ server configuration */ tacplus_server_object /* TACACS+ server configuration */ ), "password-options" ( /* Local password options, password should be configured at [system authentication-order] */ c( "tacplus-authorization" /* TACACS+ authorization for locally authenticated users */ ) ), "ldap-server" ( /* LDAP server configuration */ c( "address" ( /* LDAP authentication server address */ hostname /* LDAP authentication server address */ ), "port" arg /* LDAP authentication server port number */, "base" arg /* LDAP base */, "binddn" arg /* LDAP binddn */, "bindpw" arg /* LDAP bindpw */, "routing-instance" arg /* LDAP routing instance */, "ldaps-cert" arg /* LDAPS client certificate id */ ) ), "radius-options" ( /* RADIUS options */ c( "password-protocol" ( /* Specify password protocol used in RADIUS packets */ ("mschap-v2") ), "enhanced-accounting" /* Include authentication method, remote port and user-privileges in 'login' accounting */, "attributes" ( /* Configure RADIUS attributes */ c( "nas-ip-address" ( /* Value of NAS-IP-Address in outgoing RADIUS packets */ ipaddr /* Value of NAS-IP-Address in outgoing RADIUS packets */ ), "nas-id" arg /* Value of NAS-ID in outgoing RADIUS packets */ ) ) ) ), "tacplus-options" ( /* TACACS+ options */ c( "service-name" arg /* TACACS+ service name */, "authorization-time-interval" arg /* TACACS+ authorization refresh time interval */, "strict-authorization" /* Deny login if authorization request fails */, "no-strict-authorization" /* Don't deny login if authorization request fails */, c( "no-cmd-attribute-value" /* In start/stop requests, set 'cmd' attribute value to empty string */, "exclude-cmd-attribute" /* In start/stop requests, do not include 'cmd' attribute */ ), "enhanced-accounting" /* Include authentication method, remote port and user-privileges in 'login' accounting */, "timestamp-and-timezone" /* In start/stop accounting packets, include 'start-time', 'stop-time' and 'timezone' attributes */ ) ), "accounting" ( /* System accounting configuration */ c( "events" ( /* Events to be logged */ ("login" | "change-log" | "interactive-commands") ), "enhanced-avs-max" arg /* No. of AV pairs each of which can store a max of 250 Bytes */, "traceoptions" ( /* Trace options for system accounting */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("all" | "events" | "config" | "radius" | "tacplus")) /* Tracing parameters */.as(:oneline) ) ), "destination" ( /* Destination for system accounting records */ c( "radius" ( /* Configure RADIUS accounting */ c( "server" ( /* RADIUS accounting server configuration */ radius_server_object /* RADIUS accounting server configuration */ ) ) ), "tacplus" ( /* Send TACACS+ accounting records */ c( "server" ( /* TACACS+ server configuration */ tacplus_server_object /* TACACS+ server configuration */ ) ) ) ) ) ) ), "allow-v4mapped-packets" /* Allow processing for packets with V4 mapped address */, "allow-6pe-traceroute" /* Allow IPv4-mapped v6 address in tag icmp6 TTL expired packet */, "allow-l3vpn-traceroute-src-select" /* Select best src addr for icmp ttl expiry error in case l3vpn */, "allow-6vpe-traceroute-src-select" /* Select best src addr for icmp6 ttl expiry error in case 6vpe */, "donot-disable-ip6op-ondad" /* Do not disable IP operation on interface, if DAD fails on EUI-64 link local address */, "schema" ( /* System schema */ c( "openconfig" ( /* Openconfig schema options */ c( "unhide" /* Unhide openconfig from CLI */ ) ) ) ), "static-host-mapping" arg ( /* Static hostname database mapping */ c( "inet" ( /* IP address */ ipv4addr /* IP address */ ), "inet6" ( /* IPv6 address */ ipv6addr /* IPv6 address */ ), "sysid" ( /* ISO/IS-IS system identifier */ sysid /* ISO/IS-IS system identifier */ ), "alias" arg /* Hostname alias */ ) ), "syslog" ( /* System logging facility */ c( "archive" ( /* Archive file information */ archive_object /* Archive file information */ ), "user" arg ( /* Notify a user of the event */ c( syslog_object.as(:oneline), "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ), "allow-duplicates" /* Do not suppress the repeated message */, "match-strings" arg /* Matching string(s) for lines to be logged */ ) ), "host" ("other-routing-engine" | "scc-master" | "sfc0-master" | arg) ( /* Host to be notified */ c( syslog_object.as(:oneline), "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ), "allow-duplicates" /* Do not suppress the repeated message */, "port" arg /* Port number */, "facility-override" ( /* Alternate facility for logging to remote host */ ("authorization" | "daemon" | "ftp" | "kernel" | "user" | "local0" | "local1" | "local2" | "local3" | "local4" | "local5" | "local6" | "local7") ), "log-prefix" arg /* Prefix for all logging to this host */, "source-address" ( /* Use specified address as source address */ ipaddr /* Use specified address as source address */ ), "routing-instance" arg /* Routing instance */, "explicit-priority" /* Include priority and facility in messages */, "exclude-hostname" /* Exclude hostname field in messages */, "transport" ( /* Transport type */ ("tcp" | "udp" | "tls") ), "tlsdetails" ( /* TLS for TCP */ c( "local-certificate" arg /* Local Certificate ID */, "mutual-authentication" ( /* Enable TLS mutual authentication */ c( "certificate-authority" arg /* Certificate authority profile */ ) ), "trusted-ca-group" arg ( /* Trusted Certificate Authority group configuration */ c( "ca-profiles" arg /* Name of the CA profiles (maximum 20) */ ) ) ) ), "match-strings" arg /* Matching string(s) for lines to be logged */, "structured-data" ( /* Log system message in structured format */ c( c( "brief" /* Omit English-language text from end of logged message */ ) ) ) ) ), "allow-duplicates" /* Do not suppress the repeated message for all targets */, "file" arg ( /* File in which to log data */ c( syslog_object.as(:oneline), "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ), "allow-duplicates" /* Do not suppress the repeated message */, "archive" ( /* Archive file information */ archive_object /* Archive file information */ ), "explicit-priority" /* Include priority and facility in messages */, "match-strings" arg /* Matching string(s) for lines to be logged */, "structured-data" ( /* Log system message in structured format */ c( c( "brief" /* Omit English-language text from end of logged message */ ) ) ) ) ), "console" enum(("any" | "authorization" | "daemon" | "ftp" | "ntp" | "security" | "kernel" | "user" | "dfc" | "external" | "firewall" | "pfe" | "conflict-log" | "change-log" | "interactive-commands")) ( /* Console logging */ sc( c( "any" /* All levels */, "emergency" /* Panic conditions */, "alert" /* Conditions that should be corrected immediately */, "critical" /* Critical conditions */, "error" /* Error conditions */, "warning" /* Warning messages */, "notice" /* Conditions that should be handled specially */, "info" /* Informational messages */, "none" /* No messages */ ) ) ).as(:oneline), "time-format" ( /* Additional information to include in system log timestamp */ sc( "year" /* Include year in timestamp */, "millisecond" /* Include milliseconds in timestamp */ ) ).as(:oneline), "source-address" ( /* Use specified address as source address */ ipaddr /* Use specified address as source address */ ), "routing-instance" arg /* Routing instance */, "log-rotate-frequency" arg /* Rotate log frequency */, "server" ( /* Enable syslog server */ c( "routing-instances" ("all" | "default" | arg) ( /* Enable/disable syslog server in routing-instances */ c( "disable" /* Disable syslog server in this routing instance */ ) ) ) ), "alternate-format" /* Append node name with daemon name instead of hostname(default) in the log entries */, "grpc-replay" ( /* GRPC streaming */ c( syslog_object.as(:oneline), "match-strings" arg /* Matching string(s) for lines to be logged */, "last" arg /* Store last x minutes events */ ) ) ) ), "tracing" ( /* System wide option for remote tracing */ sc( "destination-override" ( /* Override tracing destination */ sc( "syslog" ( /* Send trace messages to remote syslog server */ sc( "host" ( /* IPv4 address of remote syslog server */ ipv4addr /* IPv4 address of remote syslog server */ ) ) ).as(:oneline) ) ).as(:oneline) ) ).as(:oneline), "encrypt-configuration-files" /* Encrypt the router configuration files */, "compress-configuration-files" /* Compress the router configuration files */, "no-compress-configuration-files" /* Don't compress the router configuration files */, "max-configurations-on-flash" arg /* Number of configuration files stored on flash */, "max-configuration-rollbacks" arg /* Number of rollback configuration files */, "archival" ( /* System archival management */ c( "configuration" ( /* Automatic configuration uploads to host(s) */ c( c( "transfer-interval" arg /* Frequency at which file transfer happens */, "transfer-on-commit" /* Transfer after each commit */ ), "routing-instance" arg /* Routing instance through which server is reachable */, "archive-sites" arg ( /* List of archive destinations */ sc( "password" ( /* Password for login into the archive site */ unreadable /* Password for login into the archive site */ ) ) ).as(:oneline) ) ) ) ), "extensions" ( /* Configuration for extensions to JUNOS */ c( "providers" arg ( c( "license-type" arg ( sc( "deployment-scope" arg ) ).as(:oneline) ) ), "extension-service" ( /* Enable JUNOS extension service */ c( "application" ( /* JUNOS extension service application */ c( "refresh" /* Refresh all operation scripts from their source */, "refresh-from" arg /* Refresh all operation scripts from a given base URL */, "file" ( /* Configuration for each extension-service application */ jet_scripts_file_type /* Configuration for each extension-service application */ ), "traceoptions" ( /* Trace options for extension-service applications */ script_traceoptions /* Trace options for extension-service applications */ ), "max-datasize" arg /* Maximum data segment size for apps execution */ ) ) ) ), "resource-limits" ( /* Process resource limits */ c( "process" arg ( c( "resources" ( /* Resource limits */ resources_type /* Resource limits */ ) ) ), "package" arg ( c( "resources" ( /* Resource limits */ resources_type /* Resource limits */ ) ) ) ) ) ) ), "license" ( /* License information for the router */ license_object /* License information for the router */ ), "proxy" ( /* Proxy information for the router */ proxy_object /* Proxy information for the router */ ), "kernel-options" ( /* Kernel options: selectively enable few knobs */ c( "select-active-unilist-member" /* Select active unilist member for host path forwarding */ ) ), "fips" ( /* FIPS configuration */ c( "chassis" ( /* FIPS chassis boundary configuration */ c( "level" arg /* FIPS chassis level configuration */ ) ), "level" arg /* FIPS 140 level */, "self-test" ( /* Configure FIPS self-test execution */ c( "after-key-generation" ( /* FIPS self-test after cryptographic key generation */ ("enable" | "disable") ), "periodic" ( /* Configure periodic FIPS self-test */ c( "start-time" arg /* Time when the periodic FIPS self-tests are to be executed (hh:mm) */, "day-of-month" arg /* Day of the month when FIPS self-tests are to be executed */, "month" arg /* The month when FIPS self-tests are to be executed */, "day-of-week" arg /* Day of the week when the FIPS self-tests are to be executed (where 1 - Monday, 7 - Sunday) */ ) ) ) ) ) ), "rng" ( /* Configure system CSPRNG */ c( c( "fortuna" /* Fortuna */, "hmac-drbg" /* HMAC DRBG, NIST SP800-90A */, "dyce" /* DYCE Randomizer */ ) ) ), "health-monitor" ( /* Kernel health monitoring system */ c( "ifstate-clients" ( /* Configure health monitor for ifstate clients on ifstate consumption */ c( "peer-stuck" ( /* PFE/RE/Smart PIC peers ifstate consumption */ c( "threshold-level" ( /* Threshold level to categorize peers as stuck */ ("low" | "medium" | "high") ), "action" ( /* Set an action on stuck peers */ ("alarm" | "alarm-with-cores" | "restart") ) ) ), "non-peer-stuck" ( /* Non-peer clients(daemons) on ifstate consumption */ c( "threshold-level" ( /* Threshold level to categorize non-peer ifstate clients as stuck */ ("low" | "medium" | "high") ), "action" ( /* Set an action on stuck non-peer ifstate clients */ ("alarm" | "alarm-with-cores" | "restart") ) ) ), "all-clients-stuck" ( /* All ifstate clients on ifstate consumption */ c( "threshold-level" ( /* Threshold level to categorize all ifsate clients as stuck */ ("low" | "medium" | "high") ), "action" ( /* Set an action on all stuck ifstate clients */ ("alarm" | "alarm-with-cores" | "restart") ) ) ) ) ) ) ), "packet-forwarding-options" ( /* Packet Forwarding engine options */ c( "multicast-statistics" /* Enable Multicast statistics support */, "flow-export-timer" arg /* Flow export period in seconds */, "observation-domain-id" arg /* Observation domain id */, "warm-boot" /* Enable warm boot support */, "eracl-ip6-match" ( /* Ip6 match for eracl. default is destip6 */ c( c( "srcip6-only" /* Match on srcip6 only */, "srcip6-and-destip6" /* Match on both srcip6 and destip6 */ ) ) ), "firewall" ( /* PFE options for firewall */ c( "profiles" ( /* List of firewall profiles */ c( "inet" ( /* Profile options for family inet and inet6 filters */ c( c( "profile1" /* Selects matches of profile1 (refer 'show pfe filter hw profile-info'); restarts PFE */, "profile2" /* Selects matches of profile2 (refer 'show pfe filter hw profile-info'); restarts PFE */ ) ) ), "ethernet-switching" ( /* Profile options for family ethernet-switching filters */ c( c( "profile1" /* Selects mathces of profile1 (refer 'show pfe filter hw profile-info'); restarts PFE */, "profile2" /* Selects mathces of profile2 (refer 'show pfe filter hw profile-info'); restarts PFE */ ) ) ) ) ), "eracl-profile" ( /* Profile options for ERACL filters */ c( c( "eracl-scale" /* Egress Route ACL rules installed with Ingress combination for scale */ ) ) ) ) ), "forwarding-profile" ( /* Configure profile for Unified Forwarding Table */ c( c( "lpm-profile" /* MAC: 32K L3-host: 32K LPM: 1.24M ARP: 61K FP-Compression: 0 Tunnels: 0, restarts PFE */, "host-profile" /* MAC: 160K L3-host: 160K LPM: 72K FP-Compression: 0, restarts PFE */, "host-acl-profile" /* MAC: 160K L3-host: 160K LPM: 65K FP-Compression: 18K, restarts PFE */, "default-profile" /* MAC: 32K L3-host: 32K LPM: 720K FP-Compression: 18K, restarts PFE */ ) ) ), "packet-format-match" ( /* Packet format match based on vlan tags and mpls labels.Default-untagged-one-two-label */ c( c( "mpls-packet-format-2" /* Untagged packet with one label */, "mpls-packet-format-3" /* Untagged packet with two labels */, "mpls-packet-format-4" /* Single Tagged packet with one and two labels */, "mpls-packet-format-5" /* Single Tagged packet with one label */, "mpls-packet-format-6" /* Single Tagged packet with two labels */, "mpls-packet-format-7" /* Untagged and single tagged packet with one label */, "mpls-packet-format-8" /* Untagged and single tagged packet with two labels */ ) ) ), "l2-profile" ( /* Set the L2 profile. */ c( "fast-flush-profile" /* Set the profile to support fast flush */ ) ), "firewall-profile" ( /* Set the firewall profile. */ c( c( "evpn-mh-profile" /* Set the profile to support evpn-mh */, "default-profile" /* Set the profile to support default services. */ ), c( "profile-one" /* Selects profile one feature set. */, "profile-two" /* Selects profile two feature set. */ ) ) ), "multicast-profile" ( /* Set the Multicast profile. */ c( "strict-ttl-check-profile" /* Set the profile to support strict ttl check for multicast */ ) ), "hw-db-profile" ( /* Set the HW-DB profile */ c( c( "balanced" /* Selects Balanced DB profile, restarts PFE */, "balanced-exem" /* Selects Balanced-Exem DB profile, restarts PFE */, "balanced-p-and-p" /* Selects the balanced-p-and-p DB profile, restarts PFE */, "l2-xl" /* Selects L2-XL DB profile, restarts PFE */, "l3-xl" /* Selects L3-XL DB profile, restarts PFE */ ), "lpm-distribution" ( /* Specify route distribution between public and private(vrf/vpn) routes in lpm.Default is 1 */ ("1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "200") ) ) ), "mcast-repl-type" ( /* Set Multicast replication Type */ c( c( "ingress-only" /* Full ingress replication, restarts PFE */, "ingress-egress-recycle" /* Selects ingress-egress Recycle replication, restarts PFE */ ) ) ), "lag-profile" ( /* Set LAG configuration mode. */ c( c( "lag-mode-high" /* Allow to create 1024 LAG and Maximum 16 Member per LAG */, "lag-mode-medium" /* Allow to create 512 LAG and Maximum 32 Member per LAG */, "default-profile" /* Allow to create 256 LAG and Maximum 64 Member per LAG */ ) ) ) ) ), "netlink-async-mode" /* Enable async mode in nlsd */, "auto-configuration" ( /* System Autoconfiguration */ c( "traceoptions" ( /* Autoconfiguration trace options */ autoconf_traceoptions_type /* Autoconfiguration trace options */ ) ) ), "processes" ( /* Process control */ c( "routing" ( /* Routing process */ c( ("disable"), "failover" ( /* How to handle failure of routing process */ ("other-routing-engine" | "alternate-media") ), c( "force-32-bit" /* Always use 32-bit mode */, "force-64-bit" /* Always use 64-bit mode */, "auto-64-bit" /* Use 64-bit mode if RE memory is sufficient */ ), "bgp" ( /* BGP protocol control */ c( "rib-sharding" ( /* Enable BGP RIB sharding */ c( "number-of-shards" arg /* Set number of sharding threads */ ) ), "update-threading" ( /* Enable BGP update threading */ c( "number-of-threads" arg /* Set number of update threads */, "group-split-size" arg /* Threshold value to assign a new update thread for group */ ) ), "tcp-listen-port" arg /* TCP port number to accept incoming BGP connections */ ) ) ) ), "software-forwarding" ( /* Software forwarding process */ sc( ("disable") ) ).as(:oneline), "packet-forwarding-engine" ( /* Packet forwarding engine process */ sc( ("disable") ) ).as(:oneline), "chassis-control" ( /* Chassis control process */ sc( ("disable"), "failover" ( /* How to handle failure of chassis control process */ ("alternate-media") ) ) ).as(:oneline), "service-pics" ( /* Service PICs process */ sc( ("disable"), "failover" ( /* How to handle failure of service PICs process */ ("other-routing-engine" | "alternate-media") ) ) ).as(:oneline), "ntp" ( /* Network time process */ sc( ("disable"), "failover" ( /* How to handle failure of network time process */ ("other-routing-engine" | "alternate-media") ) ) ).as(:oneline), "watchdog" ( /* Watchdog timer */ sc( ("enable" | "disable"), "timeout" arg /* Watchdog timer value */ ) ).as(:oneline), "process-monitor" ( /* Process health monitor process */ c( ("disable"), "traceoptions" ( /* Process health monitor trace options */ pmond_traceoptions_type /* Process health monitor trace options */ ) ) ), "resource-cleanup" ( /* Resource cleanup process */ c( ("disable"), "traceoptions" ( /* Resource cleanup process trace options */ res_cleanupd_traceoptions_type /* Resource cleanup process trace options */ ) ) ), "routing-socket-proxy" ( /* Routing socket proxy process */ sc( ("disable"), "failover" ( /* How to handle failure of routing socket proxy process */ ("other-routing-engine" | "alternate-media") ) ) ).as(:oneline), "web-management" ( /* Web management process */ sc( ("disable"), "failover" ( /* How to handle failure of web management process */ ("other-routing-engine" | "alternate-media") ) ) ).as(:oneline), "named-service" ( /* DNS server process */ c( ("disable"), "failover" ( /* How to handle failure of dns server process */ ("other-routing-engine" | "alternate-media") ) ) ), "cfm" ( /* Ethernet OAM connectivity fault management process */ sc( ("disable") ) ).as(:oneline), "general-authentication-service" ( /* General authentication service process */ c( ("disable"), "traceoptions" ( /* General authentication service trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "filter" ( /* Filter to control trace messages */ c( "user" ( /* Filter by user name */ c( arg ) ) ) ), "flag" enum(("configuration" | "framework" | "radius" | "local-authentication" | "ldap" | "address-assignment" | "jsrc" | "gx-plus" | "session-db" | "profile-db" | "lib-stats" | "user-access" | "nasreq" | "ocs-backup" | "s6a" | "nas-5g" | "all")) /* Tracing parameters */.as(:oneline) ) ) ) ), "smg-service" ( /* Enhanced session management process */ c( ("disable"), "failover" ( /* How to handle failure of Enhanced Session Manager process */ ("other-routing-engine" | "alternate-media") ), "traceoptions" ( /* Enhanced session management process trace options */ bbe_smgd_traceoptions_type /* Enhanced session management process trace options */ ) ) ), "up-smg-service" ( /* Enhanced session management user plane process */ c( ("disable"), "failover" ( /* How to handle failure of Enhanced Session Manager User Plane process */ ("other-routing-engine" | "alternate-media") ), "traceoptions" ( /* Enhanced session management user plane process trace options */ bbe_smg_upd_traceoptions_type /* Enhanced session management user plane process trace options */ ) ) ), "bbe-mib-daemon" ( /* Enhanced Session Management MIB Daemon process */ c( ("disable"), "failover" ( /* How to handle failure of Enhanced Session Manager process */ ("other-routing-engine" | "alternate-media") ), "traceoptions" ( /* Bbe mib daemon trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("framework" | "all")) /* Tracing Parameters */.as(:oneline) ) ) ) ), "bbe-stats-daemon" ( /* Enhanced Session Management Statistics Daemon process */ c( ("disable"), "failover" ( /* How to handle failure of Enhanced Session Management Statistics process */ ("other-routing-engine" | "alternate-media") ), "traceoptions" ( /* Bbe stats daemon trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("framework" | "general" | "push-collector" | "get-collector" | "manager" | "all")) /* Tracing Parameters */.as(:oneline) ) ) ) ), "bbe-upm-daemon" ( /* User Plane Manager Daemon process for dBNG */ c( ("disable"), "failover" ( /* How to handle failure of User Plane Manager Daemon */ ("other-routing-engine" | "alternate-media") ) ) ), "dhcp-service" ( /* Dynamic Host Configuration Protocol general configuration */ c( ("disable"), "failover" ( /* How to handle failure of dhcp service process */ ("other-routing-engine" | "alternate-media") ), "persistent-storage" ( /* DHCP persistent storage configuration parameters */ c( arg, "backup-interval" arg /* Number of hours after which backup file will be created */ ) ), "traceoptions" ( /* Trace options for DHCP */ jdhcp_traceoptions_level_type /* Trace options for DHCP */ ), "interface-traceoptions" ( /* Interface trace options for DHCP */ jdhcp_interface_traceoptions_level_type /* Interface trace options for DHCP */ ), "log" ( /* Output the logs */ c( "session" ( /* Logs of sessions */ c( "client" /* Logs of the client */, "server" /* Logs of the server */, "relay" /* Logs of the relay */, "all" /* Logs of the cleint, server and relay */, "dhcpv6" ( /* Logs of DHCPv6 */ c( "client" /* Logs of the client */, "server" /* Logs of the server */, "relay" /* Logs of the relay */, "dynamic-server" /* Logs of the dynamic-server */, "all" /* Logs of the cleint, server, relay and dynamic-server */ ) ) ) ) ) ), "dhcp-snooping-file" ( /* DHCP snooping persistence file, write-interval and timeout */ c( filename /* Location of DHCP snooping entries file */, "write-interval" arg /* Time interval for writing DHCP snooping entries */ ) ), "dhcpv6-snooping-file" ( /* DHCPv6 snooping persistence file and write-interval timeout */ c( filename /* Location of DHCPv6 snooping entries file */, "write-interval" arg /* Time interval in seconds for writing DHCPv6 snooping entries */ ) ), "ltv-syslog-interval" ( /* Lease time violation syslog interval */ c( arg ) ), "accept-max-tcp-connections" arg /* Max TCP connections served globally at a time */, "request-max-tcp-connections" arg /* Max TCP connections requested globally at a time */, "max-clients-supported" ( /* Enbale limitation of maximum clients of jdhcp server */ c( "threshold" arg /* Supported maximum clients of jdhcp server */ ) ) ) ), "diameter-service" ( /* Diameter process */ c( ("disable"), "traceoptions" ( /* Diameter service trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("framework" | "configuration" | "memory-management" | "daemon" | "application" | "node" | "diameter-instance" | "dne" | "peer" | "messages" | "all")) /* Aread to enabe debugging output */.as(:oneline) ) ) ) ), "mac-validation" ( /* Process mac validation process */ c( ("disable"), "traceoptions" ( /* Process mac validation trace options */ jsavald_traceoptions_type /* Process mac validation trace options */ ) ) ), "sbc-configuration-process" ( /* SBC configuration process */ c( ("disable"), "failover" ( /* How to handle failure of SBC configuration process */ ("other-routing-engine" | "alternate-media") ), "traceoptions" ( /* SBC configuration process trace options */ sbc_traceoptions /* SBC configuration process trace options */ ) ) ), "sdk-service" ( /* SDK Service Daemon */ c( ("disable"), "traceoptions" ( /* SDK Service Daemon trace options */ ssd_traceoptions_type /* SDK Service Daemon trace options */ ) ) ), "aaad" ( /* AAAD process */ c( ("disable"), "traceoptions" ( /* AAA trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("send" | "send-detail" | "receive" | "receive-detail" | "timeout" | "state" | "all")) /* Tracing parameters */.as(:oneline), "peer" arg /* Trace packet sent to or received from the peer[s] */ ) ) ) ), "app-engine-virtual-machine-management-service" ( /* App-engine Virtual Machine Management */ c( ("disable"), "traceoptions" ( /* App-engine virtual machine management trace options */ sdk_vmmd_traceoptions_type /* App-engine virtual machine management trace options */ ) ) ), "app-engine-management-service" ( /* App-engine Management Daemon */ c( ("disable"), "traceoptions" ( /* App-engine management daemon trace options */ sdk_mgmtd_traceoptions_type /* App-engine management daemon trace options */ ) ) ), "datapath-trace-service" ( /* Datapath Trace process */ c( ("disable"), "traceoptions" ( /* DATAPATH Trace process trace options */ datapath_traced_traceoptions_type /* DATAPATH Trace process trace options */ ) ) ), "send" ( /* Secure Neighbor Discovery Protocol process */ sc( ("disable") ) ).as(:oneline), "static-subscribers" ( /* Static subscribers process */ c( ("disable"), "traceoptions" ( /* Trace options for Static Subscriber Client */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("configuration" | "database" | "general" | "message" | "rtsock" | "statistics" | "subscriber" | "gres" | "issu" | "authentication" | "profile" | "all")) /* Operations to include in debugging trace */.as(:oneline) ) ) ) ), "extensible-subscriber-services" ( /* Extensible Subscriber Services Manager Daemon */ c( ("disable"), "traceoptions" ( /* Trace options for Extensible Subscriber Services Daemon */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ), "microsecond-stamp" /* Timestamp with microsecond granularity */ ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("authentication" | "configuration" | "database" | "dictionary" | "dynamic" | "fsm" | "general" | "kernel" | "op-script" | "statistics" | "all")) /* Operations to include in debugging trace */.as(:oneline) ) ) ) ), "kernel-offload-service" ( /* Kernel offload Service */ c( ("disable"), "traceoptions" ( /* Kernel offload service trace options */ kod_trace_type /* Kernel offload service trace options */ ) ) ), "kernel-health-monitoring" ( /* Junos Kernel Health Monitoring Daemon */ c( ("disable"), "traceoptions" ( /* Junos kernel health trace options */ jkhmd_trace_type /* Junos kernel health trace options */ ) ) ), daemon_process, "video-monitoring" ( /* Video Monitoring Process */ sc( ("disable"), "traceoptions" ( /* Trace options for VMOND */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline) ) ) ) ).as(:oneline), "remote-device-management" ( /* Remote device management daemon */ c( ("disable"), "traceoptions" ( /* Trace options for Remote Device Management Daemon */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ), "microsecond-stamp" /* Timestamp with microsecond granularity */ ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("out-of-band" | "configuration" | "dictionary" | "dynamic-profile" | "general" | "high-availability" | "netconf" | "service-manager" | "all")) /* Operations to include in debugging trace */.as(:oneline) ) ) ) ), "slaac-snoopd-service" ( /* Stateless Address Auto Configuration snooping process */ c( "persistent-file" ( /* Persistent storage configuration parameters */ c( filename /* Filename (URL, local, remote, or floppy) */, "write-interval" arg /* Time interval for writing Slaac Snooping entries */ ) ) ) ), "up-helper-service" ( /* Enhanced BBE helper user plane process */ c( ("disable"), "failover" ( /* How to handle failure of Enhanced Session Manager User Plane process */ ("other-routing-engine" | "alternate-media") ) ) ), "tcp-forwarding" ( /* TCP Forwarding Daemon */ c( ("disable"), "traceoptions" ( /* Trace options for TCP Forwarding Daemon */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ), "microsecond-stamp" /* Timestamp with microsecond granularity */ ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("configuration" | "connection" | "init" | "message" | "all")) /* Operations to include in debugging trace */.as(:oneline) ) ) ) ) ) ), "ddos-protection" ( /* Configure DDOS process */ c( "traceoptions" ( /* DDOS trace options */ ddos_traceoptions_type /* DDOS trace options */ ), "global" ( /* DDOS global configurations */ c( "disable-routing-engine" /* Disable Routing Engine policing for all protocols */, "disable-fpc" /* Disable FPC policing for all protocols */, "disable-logging" /* Disable event logging for all protocols */, "flow-detection" /* Enable flow detection for all protocols */, "violation-report-rate" arg /* Set the rate of reporting protocol violations for all FPC's */, "flow-report-rate" arg /* Set the rate of reporting flows for all FPC's */, "flow-detection-mode" ( /* Default flow detection mode for all packet types */ ("automatic" | "on" | "off") ), "flow-level-control" ( /* Default control action for all flow aggregation levels */ ("drop" | "keep" | "police") ) ) ), "protocols" ( /* DDOS protocol parameters */ c( "ipv4-unclassified" ( /* Configure unclassified host-bound IPv4 traffic */ c( "aggregate" ( /* Configure aggregate for all unclassified host-bound IPv4 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ipv6-unclassified" ( /* Configure unclassified host-bound IPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all unclassified host-bound IPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "resolve" ( /* Configure resolve traffic */ c( "aggregate" ( /* Configure aggregate for all resolve traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "other" ( /* Configure all other unclassified resolve packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "ucast-v4" ( /* Configure ipv4 unicast resolve packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "mcast-v4" ( /* Configure ipv4 multicast resolve packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "ucast-v6" ( /* Configure ipv6 unicast resolve packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "mcast-v6" ( /* Configure ipv6 multicast resolve packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "filter-action" ( /* Configure filter action traffic (none-dhcp) */ c( "aggregate" ( /* Configure aggregate for all filter action traffic (none-dhcp) */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "other" ( /* Configure non v4/v6 firewall action packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "filter-v4" ( /* Configure v4 filter action packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "filter-v6" ( /* Configure v6 filter action packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "dynamic-vlan" ( /* Configure dynamic vlan exceptions */ c( "aggregate" ( /* Configure aggregate for all dynamic vlan exceptions */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ppp" ( /* Configure PPP control traffic */ c( "aggregate" ( /* Configure aggregate for all PPP control traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "unclassified" ( /* Configure unclassified PPP control traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "lcp" ( /* Configure Link Control Protocol */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "authentication" ( /* Configure Authentication Protocol */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "ipcp" ( /* Configure IP Control Protocol */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "ipv6cp" ( /* Configure IPv6 Control Protocol */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "mplscp" ( /* Configure MPLS Control Protocol */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "isis" ( /* Configure ISIS Protocol */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "echo-req" ( /* Configure LCP Echo Request */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "echo-rep" ( /* Configure LCP Echo Reply */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "mlppp-lcp" ( /* Configure MLPPP LCP */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "pppoe" ( /* Configure PPPoE control traffic */ c( "aggregate" ( /* Configure aggregate for all PPPoE control traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "padi" ( /* Configure PPPoE PADI */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "pado" ( /* Configure PPPoE PADO */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "padr" ( /* Configure PPPoE PADR */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "pads" ( /* Configure PPPoE PADS */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "padt" ( /* Configure PPPoE PADT */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "padm" ( /* Configure PPPoE PADM */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "padn" ( /* Configure PPPoE PADN */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "dhcpv4" ( /* Configure DHCPv4 traffic */ c( "aggregate" ( /* Configure aggregate for all DHCPv4 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "unclassified" ( /* Configure unclassified DHCPv4 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "discover" ( /* Configure DHCPv4 DHCPDISCOVER */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "offer" ( /* Configure DHCPv4 DHCPOFFER */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "request" ( /* Configure DHCPv4 DHCPREQUEST */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "decline" ( /* Configure DHCPv4 DHCPDECLINE */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "ack" ( /* Configure DHCPv4 DHCPACK */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "nak" ( /* Configure DHCPv4 DHCPNAK */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "release" ( /* Configure DHCPv4 DHCPRELEASE */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "inform" ( /* Configure DHCPv4 DHCPINFORM */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "renew" ( /* Configure DHCPv4 DHCPRENEW */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "force-renew" ( /* Configure DHCPv4 DHCPFORCERENEW */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "lease-query" ( /* Configure DHCPv4 DHCPLEASEQUERY */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "lease-unassigned" ( /* Configure DHCPv4 DHCPLEASEUNASSIGNED */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "lease-unknown" ( /* Configure DHCPv4 DHCPLEASEUNKOWN */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "lease-active" ( /* Configure DHCPv4 DHCPLEASEACTIVE */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "bootp" ( /* Configure DHCPv4 DHCPBOOTP */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "rebind" ( /* Configure DHCPv4 DHCPREBIND */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "no-message-type" ( /* Configure DHCPv4 traffic with missing message type */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "bad-packets" ( /* Configure DHCPv4 traffic with bad format */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ) ) ), "dhcpv6" ( /* Configure DHCPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all DHCPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "unclassified" ( /* Configure unclassified DHCPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "solicit" ( /* Configure DHCPv6 SOLICIT */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "advertise" ( /* Configure DHCPv6 ADVERTISE */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "request" ( /* Configure DHCPv6 REQUEST */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "confirm" ( /* Configure DHCPv6 CONFIRM */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "renew" ( /* Configure DHCPv6 RENEW */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "rebind" ( /* Configure DHCPv6 REBIND */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "reply" ( /* Configure DHCPv6 REPLY */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "release" ( /* Configure DHCPv6 RELEASE */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "decline" ( /* Configure DHCPv6 DECLINE */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "reconfigure" ( /* Configure DHCPv6 RECONFIGURE */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "information-request" ( /* Configure DHCPv6 INFORMATION-REQUEST */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "relay-forward" ( /* Configure DHCPv6 RELAY-FORW */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "relay-reply" ( /* Configure DHCPv6 RELAY-REPL */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "leasequery" ( /* Configure DHCPv6 LEASEQUERY */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "leasequery-reply" ( /* Configure DHCPv6 LEASEQUERY-REPLY */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "leasequery-done" ( /* Configure DHCPv6 LEASEQUERY-DONE */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "leasequery-data" ( /* Configure DHCPv6 LEASEQUERY-DATA */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "virtual-chassis" ( /* Configure virtual chassis traffic */ c( "aggregate" ( /* Configure aggregate for all virtual chassis traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "unclassified" ( /* Configure unclassified virtual chassis traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "control-high" ( /* Configure high priority control traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "control-low" ( /* Configure low priority control traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "vc-packets" ( /* Configure all exception packets on vc link */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "vc-ttl-errors" ( /* Configure ttl errors */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "icmp" ( /* Configure ICMP traffic */ c( "aggregate" ( /* Configure aggregate for all ICMP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "igmp" ( /* Configure IGMP traffic */ c( "aggregate" ( /* Configure aggregate for all IGMP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "query" ( /* Configure IGMP Query traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "report" ( /* Configure IGMP Report traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "mld" ( /* Configure MLD traffic */ c( "aggregate" ( /* Configure aggregate for all MLD traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ospf" ( /* Configure OSPF traffic */ c( "aggregate" ( /* Configure aggregate for all OSPF traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "rsvp" ( /* Configure RSVP traffic */ c( "aggregate" ( /* Configure aggregate for all RSVP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "pim" ( /* Configure PIM traffic */ c( "aggregate" ( /* Configure aggregate for all PIM traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "rip" ( /* Configure RIP traffic */ c( "aggregate" ( /* Configure aggregate for all RIP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ptp" ( /* Configure PTP traffic */ c( "aggregate" ( /* Configure aggregate for all PTP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "bfd" ( /* Configure BFD traffic */ c( "aggregate" ( /* Configure aggregate for all BFD traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "unclassified" ( /* Configure unclassified Unclassified BFD traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "multihop-bfd" ( /* Configure Multihop BFD traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "lmp" ( /* Configure LMP traffic */ c( "aggregate" ( /* Configure aggregate for all LMP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ldp" ( /* Configure LDP traffic */ c( "aggregate" ( /* Configure aggregate for all LDP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "unclassified" ( /* Configure unclassified Unclassified LDP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "ldp-hello" ( /* Configure LDP Hello traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "msdp" ( /* Configure MSDP traffic */ c( "aggregate" ( /* Configure aggregate for all MSDP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "bgp" ( /* Configure BGP traffic */ c( "aggregate" ( /* Configure aggregate for all BGP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "vrrp" ( /* Configure VRRP traffic */ c( "aggregate" ( /* Configure aggregate for all VRRP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "telnet" ( /* Configure telnet traffic */ c( "aggregate" ( /* Configure aggregate for all telnet traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ftp" ( /* Configure FTP traffic */ c( "aggregate" ( /* Configure aggregate for all FTP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ssh" ( /* Configure SSH traffic */ c( "aggregate" ( /* Configure aggregate for all SSH traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "snmp" ( /* Configure SNMP traffic */ c( "aggregate" ( /* Configure aggregate for all SNMP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ancp" ( /* Configure ANCP traffic */ c( "aggregate" ( /* Configure aggregate for all ANCP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "igmpv6" ( /* Configure IGMPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all IGMPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "unclassified" ( /* Configure unclassified Unclassified IGMPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "mld" ( /* Configure MLD traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "mld-query" ( /* Configure MLD Query traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "mld-report" ( /* Configure MLD Report traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "egpv6" ( /* Configure EGPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all EGPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "rsvpv6" ( /* Configure RSVPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all RSVPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "igmpv4v6" ( /* Configure IGMPv4-v6 traffic */ c( "aggregate" ( /* Configure aggregate for all IGMPv4-v6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ripv6" ( /* Configure RIPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all RIPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "bfdv6" ( /* Configure BFDv6 traffic */ c( "aggregate" ( /* Configure aggregate for all BFDv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "lmpv6" ( /* Configure LMPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all LMPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ldpv6" ( /* Configure LDPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all LDPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "msdpv6" ( /* Configure MSDPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all MSDPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "bgpv6" ( /* Configure BGPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all BGPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "vrrpv6" ( /* Configure VRRPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all VRRPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "telnetv6" ( /* Configure telnet-v6 traffic */ c( "aggregate" ( /* Configure aggregate for all telnet-v6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ftpv6" ( /* Configure FTPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all FTPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "sshv6" ( /* Configure SSHv6 traffic */ c( "aggregate" ( /* Configure aggregate for all SSHv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "snmpv6" ( /* Configure SNMPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all SNMPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ancpv6" ( /* Configure ANCPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all ANCPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ospfv3v6" ( /* Configure OSPFv3v6 traffic */ c( "aggregate" ( /* Configure aggregate for all OSPFv3v6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "lacp" ( /* Configure LACP traffic */ c( "aggregate" ( /* Configure aggregate for all LACP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "stp" ( /* Configure STP traffic */ c( "aggregate" ( /* Configure aggregate for all STP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "esmc" ( /* Configure ESMC traffic */ c( "aggregate" ( /* Configure aggregate for all ESMC traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "oam-lfm" ( /* Configure OAM-LFM traffic */ c( "aggregate" ( /* Configure aggregate for all OAM-LFM traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "eoam" ( /* Configure EOAM traffic */ c( "aggregate" ( /* Configure aggregate for all EOAM traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "unclassified" ( /* Configure unclassified Unclassified EOAM traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "oam-cfm" ( /* Configure OAM-CFM traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "lldp" ( /* Configure LLDP traffic */ c( "aggregate" ( /* Configure aggregate for all LLDP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "mvrp" ( /* Configure MVRP traffic */ c( "aggregate" ( /* Configure aggregate for all MVRP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "pmvrp" ( /* Configure PMVRP traffic */ c( "aggregate" ( /* Configure aggregate for all PMVRP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "arp" ( /* Configure ARP traffic */ c( "aggregate" ( /* Configure aggregate for all ARP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "unclassified" ( /* Configure unclassified ARP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "arp" ( /* Configure ARP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "pvstp" ( /* Configure PVSTP traffic */ c( "aggregate" ( /* Configure aggregate for all PVSTP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "isis" ( /* Configure ISIS Data traffic */ c( "aggregate" ( /* Configure aggregate for all ISIS Data traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "unclassified" ( /* Configure unclassified Unclassified ISIS traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "isis-hello" ( /* Configure ISIS Hello traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "pos" ( /* Configure POS traffic */ c( "aggregate" ( /* Configure aggregate for all POS traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "mlp" ( /* Configure MLP traffic */ c( "aggregate" ( /* Configure aggregate for all MLP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "unclassified" ( /* Configure unclassified MLP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "lookup" ( /* Configure MLP lookup request */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "add" ( /* Configure MLP add request */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "delete" ( /* Configure MLP delete request */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "macpin-exception" ( /* Configure MAC-pinning exceptions */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "jfm" ( /* Configure JFM traffic */ c( "aggregate" ( /* Configure aggregate for all JFM traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "atm" ( /* Configure ATM traffic */ c( "aggregate" ( /* Configure aggregate for all ATM traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "pfe-alive" ( /* Configure pfe alive traffic */ c( "aggregate" ( /* Configure aggregate for all pfe alive traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ttl" ( /* Configure ttl traffic */ c( "aggregate" ( /* Configure aggregate for all ttl traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ip-options" ( /* Configure ip options traffic */ c( "aggregate" ( /* Configure aggregate for all ip options traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "unclassified" ( /* Configure Unclassified options traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "router-alert" ( /* Configure Router alert options traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "non-v4v6" ( /* Configure Non IPv4/v6 options traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "redirect" ( /* Configure packets to trigger ICMP redirect */ c( "aggregate" ( /* Configure aggregate for all packets to trigger ICMP redirect */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "multicast-copy" ( /* Configure host copy due to multicast routing */ c( "aggregate" ( /* Configure aggregate for all host copy due to multicast routing */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "exceptions" ( /* Configure exception traffic sent to host */ c( "aggregate" ( /* Configure aggregate for all exception traffic sent to host */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "unclassified" ( /* Configure all unclassified discards */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "mtu-exceeded" ( /* Configure packets exceeded MTU */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "mcast-rpf-err" ( /* Configure packets failed the multicast RPF check */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "mac-host" ( /* Configure L2-MAC configured 'send-to-host' */ c( "aggregate" ( /* Configure aggregate for all L2-MAC configured 'send-to-host' */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "tunnel-fragment" ( /* Configure tunnel fragment */ c( "aggregate" ( /* Configure aggregate for all tunnel fragment */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "mcast-snoop" ( /* Configure snooped multicast control traffic */ c( "aggregate" ( /* Configure aggregate for all snooped multicast control traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "igmp" ( /* Configure snooped igmp traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "pim" ( /* Configure snooped pim traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "mld" ( /* Configure snooped mld traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "services" ( /* Configure services */ c( "aggregate" ( /* Configure aggregate for all services */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "packet" ( /* Configure Service packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "bsdt" ( /* Configure Test packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "demux-autosense" ( /* Configure demux autosense traffic */ c( "aggregate" ( /* Configure aggregate for all demux autosense traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "reject" ( /* Configure packets via 'reject' action */ c( "aggregate" ( /* Configure aggregate for all packets via 'reject' action */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "firewall-host" ( /* Configure packets via firewall 'send-to-host' action */ c( "aggregate" ( /* Configure aggregate for all packets via firewall 'send-to-host' action */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "tcp-flags" ( /* Configure packets with tcp flags */ c( "aggregate" ( /* Configure aggregate for all packets with tcp flags */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "unclassified" ( /* Configure TCP packets with other tcp flags */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "initial" ( /* Configure First packets of TCP sessions (SYN & !ACK) */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "established" ( /* Configure Non-first packets of TCP sessions (ACK | RST) */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "dtcp" ( /* Configure dtcp traffic */ c( "aggregate" ( /* Configure aggregate for all dtcp traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "radius" ( /* Configure Radius traffic */ c( "aggregate" ( /* Configure aggregate for all Radius traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "server" ( /* Configure Radius server traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "accounting" ( /* Configure Radius accounting traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "authorization" ( /* Configure Radius authorization traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ntp" ( /* Configure NTP traffic */ c( "aggregate" ( /* Configure aggregate for all NTP traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "tacacs" ( /* Configure TACACS traffic */ c( "aggregate" ( /* Configure aggregate for all TACACS traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "dns" ( /* Configure DNS traffic */ c( "aggregate" ( /* Configure aggregate for all DNS traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "diameter" ( /* Configure Diameter/Gx+ traffic */ c( "aggregate" ( /* Configure aggregate for all Diameter/Gx+ traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ip-fragments" ( /* Configure IP-Fragments */ c( "aggregate" ( /* Configure aggregate for all IP-Fragments */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "first-fragment" ( /* Configure First IP fragment */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "trail-fragment" ( /* Configure Trailing IP fragment */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "l2tp" ( /* Configure l2tp traffic */ c( "aggregate" ( /* Configure aggregate for all l2tp traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "gre" ( /* Configure GRE traffic */ c( "aggregate" ( /* Configure aggregate for all GRE traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "hbc" ( /* Configure Host GRE traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "punt" ( /* Configure PFE GRE traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "hag" ( /* Configure PFE GRE HAG Hello traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ipsec" ( /* Configure IPSEC traffic */ c( "aggregate" ( /* Configure aggregate for all IPSEC traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "unclassified" ( /* Configure unclassified IPSEC traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "ike" ( /* Configure IPSEC IKE via datapath */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "spi-inval" ( /* Configure IPSEC SPI invalid packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "sn-alarm" ( /* Configure IPSEC SN threshold alarms */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "mtu-error" ( /* Configure IPSEC MTU exceeded packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "tx-alarm" ( /* Configure IPSEC Tunnel TX disable alarms */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "on-trigger" ( /* Configure IPSEC Tunnel creation trigger */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "pimv6" ( /* Configure PIMv6 traffic */ c( "aggregate" ( /* Configure aggregate for all PIMv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "icmpv6" ( /* Configure ICMPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all ICMPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ndpv6" ( /* Configure NDPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all NDPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "router-solicitation" ( /* Configure NDPv6 router-solicitation */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "router-advertisement" ( /* Configure NDPv6 router-advertisement */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "neighbor-solicitation" ( /* Configure NDPv6 neighbor-solicitation */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "neighbor-advertisement" ( /* Configure NDPv6 neighbor-advertisement */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "redirect" ( /* Configure NDPv6 redirect */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "invalid-hop-limit" ( /* Configure NDPv6 with invalid hop limit */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "sample" ( /* Configure sampled traffic */ c( "aggregate" ( /* Configure aggregate for all sampled traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "syslog" ( /* Configure Syslog sample traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "host" ( /* Configure Host sample traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "pfe" ( /* Configure PFE sample traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "tap" ( /* Configure Tap sample traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "sflow" ( /* Configure Sflow sample traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "re-services" ( /* Configure RE Services IPv4 traffic */ c( "aggregate" ( /* Configure aggregate for all RE Services IPv4 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "captive-portal" ( /* Configure Captive Portal IPv4 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "re-services-v6" ( /* Configure RE Services IPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all RE Services IPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "captive-portal" ( /* Configure Captive Portal IPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "fab-probe" ( /* Configure fab out probe packets */ c( "aggregate" ( /* Configure aggregate for all fab out probe packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "unclassified" ( /* Configure unclassified host-bound traffic */ c( "aggregate" ( /* Configure aggregate for all unclassified host-bound traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "other" ( /* Configure all other unclassified packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "resolve-v4" ( /* Configure unclassified v4 resolve packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "resolve-v6" ( /* Configure unclassified v6 resolve packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "control-v4" ( /* Configure unclassified v4 control packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "control-v6" ( /* Configure unclassified v6 control packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "host-route-v4" ( /* Configure unclassified v4 hostbound packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "host-route-v6" ( /* Configure unclassified v6 hostbound packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "filter-v4" ( /* Configure unclassified v4 filter action packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "filter-v6" ( /* Configure unclassified v6 filter action packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ) ) ), "control-layer2" ( /* Configure unclassified layer2 control packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "fw-host" ( /* Configure Unclassified send to host fw traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "mcast-copy" ( /* Configure Unclassified host copy due to multicast routing */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "rejectv6" ( /* Configure packets via 'rejectv6' action */ c( "aggregate" ( /* Configure aggregate for all packets via 'rejectv6' action */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "l2pt" ( /* Configure Layer 2 protocol tunneling */ c( "aggregate" ( /* Configure aggregate for all Layer 2 protocol tunneling */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "tunnel-ka" ( /* Configure tunnel keepalive packets */ c( "aggregate" ( /* Configure aggregate for all tunnel keepalive packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "inline-ka" ( /* Configure inline keepalive packets */ c( "aggregate" ( /* Configure aggregate for all inline keepalive packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "inline-svcs" ( /* Configure inline services */ c( "aggregate" ( /* Configure aggregate for all inline services */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "frame-relay" ( /* Configure frame relay control packets */ c( "aggregate" ( /* Configure aggregate for all frame relay control packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ), "frf15" ( /* Configure Multilink frame relay FRF.15 ctrl packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "frf16" ( /* Configure Multilink frame relay FRF.16 ctrl packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "amtv4" ( /* Configure AMT v4 control packets */ c( "aggregate" ( /* Configure aggregate for all AMT v4 control packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "amtv6" ( /* Configure AMT v6 control packets */ c( "aggregate" ( /* Configure aggregate for all AMT v6 control packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "syslog" ( /* Configure syslog traffic */ c( "aggregate" ( /* Configure aggregate for all syslog traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "pim-ctrl" ( /* Configure PIM control packets */ c( "aggregate" ( /* Configure aggregate for all PIM control packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "hello" ( /* Configure PIM Control Hello Traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "join" ( /* Configure PIM Control Join Traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ospf-hello" ( /* Configure OSPF hello packets */ c( "aggregate" ( /* Configure aggregate for all OSPF hello packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "pim-data" ( /* Configure PIM data */ c( "aggregate" ( /* Configure aggregate for all PIM data */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "fip-snooping" ( /* Configure FIP snooping */ c( "aggregate" ( /* Configure aggregate for all FIP snooping */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "unknown-l2mc" ( /* Configure Unknown layer 2 multicast */ c( "aggregate" ( /* Configure aggregate for all Unknown layer 2 multicast */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "nonucast-switch" ( /* Configure Non unicast switched */ c( "aggregate" ( /* Configure aggregate for all Non unicast switched */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ipmcast-miss" ( /* Configure IP multicast miss */ c( "aggregate" ( /* Configure aggregate for all IP multicast miss */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "urpf-fail" ( /* Configure Unicast reverse path forwarding failure */ c( "aggregate" ( /* Configure aggregate for all Unicast reverse path forwarding failure */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "l3nhop" ( /* Configure Layer 3 next hop to CPU */ c( "aggregate" ( /* Configure aggregate for all Layer 3 next hop to CPU */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "martian-address" ( /* Configure Martian address */ c( "aggregate" ( /* Configure aggregate for all Martian address */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "l3mc-sgv-hit-icl" ( /* Configure Layer 3 multicast (*,G) hit ICL */ c( "aggregate" ( /* Configure aggregate for all Layer 3 multicast (*,G) hit ICL */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "l3dest-miss" ( /* Configure Layer 3 destination miss */ c( "aggregate" ( /* Configure aggregate for all Layer 3 destination miss */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ipmc-reserved" ( /* Configure IP multicast reserved */ c( "aggregate" ( /* Configure aggregate for all IP multicast reserved */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "garp-reply" ( /* Configure Gratuitous ARP reply */ c( "aggregate" ( /* Configure aggregate for all Gratuitous ARP reply */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "l3mtu-fail" ( /* Configure Layer 3 mtu failure */ c( "aggregate" ( /* Configure aggregate for all Layer 3 mtu failure */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "sample-dest" ( /* Configure Sample at egress */ c( "aggregate" ( /* Configure aggregate for all Sample at egress */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "sample-source" ( /* Configure Sample at ingress */ c( "aggregate" ( /* Configure aggregate for all Sample at ingress */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "vcipc-udp" ( /* Configure VC UDP packets */ c( "aggregate" ( /* Configure aggregate for all VC UDP packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "vxlan" ( /* Configure VXLAN L2/L3 packets */ c( "aggregate" ( /* Configure aggregate for all VXLAN L2/L3 packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "bfd" ( /* Configure VXLAN BFD packets */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "dhcpv4v6" ( /* Configure DHCPv4/v6 traffic */ c( "aggregate" ( /* Configure aggregate for all DHCPv4/v6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "localnh" ( /* Configure Local nh hit ssh telnet ftp etc */ c( "aggregate" ( /* Configure aggregate for all Local nh hit ssh telnet ftp etc */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "proto-802-1x" ( /* Configure 802.1X traffic */ c( "aggregate" ( /* Configure aggregate for all 802.1X traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "all-fiber-channel-enode" ( /* Configure ALL_FC_ENODE traffic */ c( "aggregate" ( /* Configure aggregate for all ALL_FC_ENODE traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "tcc" ( /* Configure TCC traffic */ c( "aggregate" ( /* Configure aggregate for all TCC traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "unclassified" ( /* Configure unclassified Unclassified TCC traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "ethernet-tcc" ( /* Configure Ethernet TCC traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ), "iso-tcc" ( /* Configure ISO TCC traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "bypass-aggregate" /* Bypass aggregate policer */, "priority" ( /* Priority */ ("high" | "medium" | "low") ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "pkt-inject" ( /* Configure Packet Inject traffic */ c( "aggregate" ( /* Configure aggregate for all Packet Inject traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "ptpv6" ( /* Configure PTPv6 traffic */ c( "aggregate" ( /* Configure aggregate for all PTPv6 traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */, "hostbound-queue" arg /* Hostbound queue number */ ) ), "hostbound-queue" arg /* Hostbound queue number */ ) ) ) ), "pfcp" ( /* Configure PFCP control traffic */ c( "aggregate" ( /* Configure aggregate for all PFCP control traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ) ) ), "gtp-path-mgmt" ( /* Configure GTP path mgmt traffic */ c( "aggregate" ( /* Configure aggregate for all GTP path mgmt traffic */ c( "bandwidth" arg /* Policer bandwidth */, "burst" arg /* Policer burst size */, "recover-time" arg /* Time for protocol to return to normal */, "disable-routing-engine" /* Turn off policing on routing engine */, "disable-fpc" /* Turn off policing on all fpc's */, "disable-logging" /* Disable event logging for protocol violation */, "violation" ( /* DDOS response to policer violation */ c( "disable-logging" /* Disable event logging for protocol violation */ ) ), "flow-detection-mode" ( /* Flow detection mode for the packet type */ ("automatic" | "on" | "off") ), "flow-level-bandwidth" ( /* Bandwidth for flows at various levels */ c( "subscriber" arg /* Bandwidth for subscriber flows */, "logical-interface" arg /* Bandwidth for logical interface flows */, "physical-interface" arg /* Bandwidth for physical interface flows */ ) ), "flow-level-detection" ( /* Specify detection mode at various levels */ c( "subscriber" ( /* Specify detection mode at subscriber level */ ("automatic" | "on" | "off") ), "logical-interface" ( /* Specify detection mode at logical-interface level */ ("automatic" | "on" | "off") ), "physical-interface" ( /* Specify detection mode at physical-interface level */ ("automatic" | "on" | "off") ) ) ), "flow-level-control" ( /* Specify how discovered flows are controlled */ c( "subscriber" ( /* Specify how subscriber flows are controlled */ ("drop" | "keep" | "police") ), "logical-interface" ( /* Specify how logical-interface flows are controlled */ ("drop" | "keep" | "police") ), "physical-interface" ( /* Specify how physical-interface flows are controlled */ ("drop" | "keep" | "police") ) ) ), "no-flow-logging" /* Disable logging of violating flows */, "timeout-active-flows" /* Allow timeout active violating flows */, "flow-detect-time" arg /* Time to determine a flow is bad */, "flow-recover-time" arg /* Time to return to normal after last violation */, "flow-timeout-time" arg /* Time to timeout the flow since found */, "fpc" arg ( /* Flexible PIC Concentrator parameters */ c( "disable-fpc" /* Turn off policing on this slot */, "bandwidth-scale" arg /* Bandwidth scale from 1% to 100% */, "burst-scale" arg /* Burst scale from 1% to 100% */ ) ) ) ) ) ) ) ) ) ), "ntp" ( /* Network Time Protocol services */ c( "boot-server" ( /* Server to query during boot sequence */ ipaddr /* Server to query during boot sequence */ ), "interval-range" ( /* Set the minpoll and maxpoll interval range */ sc( arg ) ).as(:oneline), "authentication-key" arg ( /* Authentication key information */ sc( "type" ( /* Authentication key type */ ("md5" | "des" | "sha1" | "sha256") ), "value" ( /* Authentication key value */ unreadable /* Authentication key value */ ) ) ).as(:oneline), "peer" arg ( /* Peer parameters */ sc( "key" arg /* Authentication key */, "version" arg /* NTP version to use */, "prefer" /* Prefer this peer_serv */ ) ).as(:oneline), "server" arg ( /* Server parameters */ sc( "key" arg /* Authentication key */, "version" arg /* NTP version to use */, "prefer" /* Prefer this peer_serv */, "routing-instance" arg /* Routing instance through which server is reachable */ ) ).as(:oneline), "broadcast" arg ( /* Broadcast parameters */ sc( "routing-instance-name" arg /* Routing intance name in which interface has address in broadcast subnet */, "key" arg /* Authentication key */, "version" arg /* NTP version to use */, "ttl" arg /* TTL value to transmit */ ) ).as(:oneline), "broadcast-client" /* Listen to broadcast NTP */, "multicast-client" ( /* Listen to multicast NTP */ sc( ipaddr /* Multicast address to listen to */ ) ).as(:oneline), "trusted-key" arg /* List of trusted authentication keys */, "restrict" arg ( /* Restrict options */ sc( "mask" arg /* Mask address of host or network */, "noquery" /* Deny ntpq and ntpdc queries */ ) ).as(:oneline), "threshold" ( /* Set the maximum threshold(sec) allowed for NTP adjustment */ sc( arg, "action" ( /* Select actions for NTP abnormal adjustment */ ("accept" | "reject") ) ) ).as(:oneline), "source-address" arg ( /* Source-Address parameters */ sc( "routing-instance" arg /* Routing intance name in which source address is defined */ ) ).as(:oneline) ) ), "monitor" ( /* Monitoring system for system and daemons */ c( "traceoptions" ( /* System monitoring daemon trace options */ c( "level" ( ("error" | "warning" | "debug" | "info" | "critical" | "all") ), "file" ( /* Monitoring system for system and daemons */ c( "size" arg /* Size of the each log file in MB(s) */, "files" arg /* Number of log files */ ) ) ) ), "memory" ( /* Memory monitoring system */ c( "system" ( /* System level memory monitoring */ c( "frequency" ( /* Frequency of system monitoring */ c( c( "days" arg /* In days */, "hours" arg /* In hours */, "minutes" arg /* In minutes */ ) ) ), "critical-event" ( /* Critical event - high attention */ c( "threshold" ( /* System threshold level for critical event */ c( "swap-usage" arg /* Swap usage in percentage */ ) ), "actions" ( /* Actions on a critical event */ ("snmp-trap" | "live-vmcore" | "re-switchover" | "re-restart") ) ) ), "major-event" ( /* Major event - medium attention */ c( "threshold" ( /* System threshold level for major event */ c( "swap-usage" arg /* Swap usage in percentage */ ) ), "actions" ( /* Actions on a Major event */ ("snmp-trap" | "live-vmcore") ) ) ), "minor-event" ( /* Minor event - low attention */ c( "threshold" ( /* System threshold level for minor event */ c( "swap-usage" arg /* Swap usage in percentage */ ) ), "actions" ( /* Actions on a minor event */ ("snmp-trap") ) ) ) ) ), "process" ( /* Process level memory monitoring */ c( "frequency" ( /* Frequency of process monitoring */ c( c( "days" arg /* In days */, "hours" arg /* In hours */, "minutes" arg /* In minutes */ ) ) ), "critical-event" ( /* Critical event - high attention */ c( "threshold" arg ( /* Process threshold level for critical event */ c( "memory-limit" arg /* Memory limit */ ) ), "actions" ( /* Actions on a critical event */ ("snmp-trap" | "live-core" | "terminate-process-force" | "terminate-process") ) ) ), "major-event" ( /* Major event - medium attention */ c( "threshold" arg ( /* Process threshold level for major event */ c( "memory-limit" arg /* Memory limit */ ) ), "actions" ( /* Actions on a Major event */ ("snmp-trap" | "live-core" | "terminate-process-force" | "terminate-process") ) ) ), "minor-event" ( /* Minor event - low attention */ c( "threshold" arg ( /* Process threshold level for minor event */ c( "memory-limit" arg /* Memory limit */ ) ), "actions" ( /* Actions on a minor event */ ("snmp-trap") ) ) ) ) ) ) ) ) ), "node-health-monitor" ( /* Node Health Monitoring Configuration */ c( "refresh-interval" arg /* Node Health Monitoring Refresh Interval */ ) ), "fib-streaming" ( /* Launch Fib Streaming Daemon */ c( "traceoptions" ( /* Fib Streaming Daemon Trace options */ fibtd_trace_type /* Fib Streaming Daemon Trace options */ ) ) ), "access-line" ( /* Access Node Control Protocol options */ c( "adsl-overhead-bytes" arg /* Set ADSL byte adjust value */, "adsl-total-adjust" arg /* Set ADSL total adjustment factor */, "adsl2-overhead-bytes" arg /* Set ADSL2 byte adjust value */, "adsl2-total-adjust" arg /* Set ADSL2 total adjustment factor */, "adsl2-plus-overhead-bytes" arg /* Set ADSL2-PLUS byte adjust value */, "adsl2-plus-total-adjust" arg /* Set ADSL2-PLUS total adjustment factor */, "sdsl-overhead-bytes" arg /* Set SDSL byte adjust value */, "sdsl-overhead-adjust" arg /* Set SDSL overhead adjustment */, "sdsl-total-adjust" arg /* Set SDSL total adjustment factor */, "vdsl-overhead-bytes" arg /* Set VDSL byte adjust value */, "vdsl-overhead-adjust" arg /* Set VDSL overhead adjustment */, "vdsl-total-adjust" arg /* Set VDSL total adjustment factor */, "vdsl2-overhead-bytes" arg /* Set VDSL2 byte adjust value */, "vdsl2-overhead-adjust" arg /* Set VDSL2 overhead adjustment */, "vdsl2-total-adjust" arg /* Set VDSL2 total adjustment factor */, "other-overhead-bytes" arg /* Set OTHER byte adjust value */, "other-overhead-adjust" arg /* Set OTHER overhead adjustment */, "other-total-adjust" arg /* Set OTHER total adjustment factor */, "gfast-overhead-bytes" arg /* Set G.fast byte adjust value */, "gfast-overhead-adjust" arg /* Set G.fast overhead adjustment */, "gfast-total-adjust" arg /* Set G.fast total adjustment factor */, "vdsl2-annex-q-overhead-bytes" arg /* Set VDSL2 Annex Q byte adjust value */, "vdsl2-annex-q-overhead-adjust" arg /* Set VDSL2 Annex Q overhead adjustment */, "vdsl2-annex-q-total-adjust" arg /* Set VDSL2 Annex Q total adjustment factor */, "sdsl-bonded-overhead-bytes" arg /* Set SDSL bonded byte adjust value */, "sdsl-bonded-overhead-adjust" arg /* Set SDSL bonded overhead adjustment */, "sdsl-bonded-total-adjust" arg /* Set SDSL total adjustment factor */, "vdsl2-bonded-overhead-bytes" arg /* Set VDSL2 bonded byte adjust value */, "vdsl2-bonded-overhead-adjust" arg /* Set VDSL2 bonded overhead adjustment */, "vdsl2-bonded-total-adjust" arg /* Set VDSL2 bonded total adjustment factor */, "gfast-bonded-overhead-bytes" arg /* Set G.fast bonded byte adjust value */, "gfast-bonded-overhead-adjust" arg /* Set G.fast bonded overhead adjustment */, "gfast-bonded-total-adjust" arg /* Set G.fast bonded total adjustment factor */, "vdsl2-annex-q-bonded-overhead-bytes" arg /* Set VDSL2 Annex Q bonded byte adjust value */, "vdsl2-annex-q-bonded-overhead-adjust" arg /* Set VDSL2 Annex Q bonded overhead adjustment */, "vdsl2-annex-q-bonded-total-adjust" arg /* Set VDSL2 Annex Q bonded total adjustment factor */, "dsl" ( c( "adsl" ( /* Set ADSL attributes */ c( "overhead-bytes" arg /* Set adsl byte adjust value */, "total-adjust" arg /* Set adsl total adjustment factor */ ) ), "adsl2" ( /* Set ADSL2 attributes */ c( "overhead-bytes" arg /* Set adsl2 byte adjust value */, "total-adjust" arg /* Set adsl2 total adjustment factor */ ) ), "adsl2-plus" ( /* Set ADSL2+ attributes */ c( "overhead-bytes" arg /* Set adsl2-plus byte adjust value */, "total-adjust" arg /* Set adsl2-plus total adjustment factor */ ) ), "sdsl" ( /* Set SDSL attributes */ c( "overhead-bytes" arg /* Set sdsl byte adjust value */, "overhead-adjust" arg /* Set sdsl overhead adjustment factor */, "total-adjust" arg /* Set sdsl total adjustment factor */ ) ), "vdsl" ( /* Set VDSL attributes */ c( "overhead-bytes" arg /* Set vdsl byte adjust value */, "overhead-adjust" arg /* Set vdsl overhead adjustment factor */, "total-adjust" arg /* Set vdsl total adjustment factor */ ) ), "vdsl2" ( /* Set VDSL2 attributes */ c( "overhead-bytes" arg /* Set vdsl2 byte adjust value */, "overhead-adjust" arg /* Set vdsl2 overhead adjustment factor */, "total-adjust" arg /* Set vdsl2 total adjustment factor */ ) ), "other" ( /* Set OTHER attributes */ c( "overhead-bytes" arg /* Set other byte adjust value */, "overhead-adjust" arg /* Set other overhead adjustment factor */, "total-adjust" arg /* Set other total adjustment factor */ ) ), "gfast" ( /* Set G.fast attributes */ c( "overhead-bytes" arg /* Set gfast byte adjust value */, "overhead-adjust" arg /* Set gfast overhead adjustment factor */, "total-adjust" arg /* Set gfast total adjustment factor */ ) ), "vdsl2-annex-q" ( /* Set VDSL2-annex-q attributes */ c( "overhead-bytes" arg /* Set vdsl2-annex-q byte adjust value */, "overhead-adjust" arg /* Set vdsl2-annex-q overhead adjustment factor */, "total-adjust" arg /* Set vdsl2-annex-q total adjustment factor */ ) ), "sdsl-bonded" ( /* Set SDSL-bonded attributes */ c( "overhead-bytes" arg /* Set sdsl-bonded byte adjust value */, "overhead-adjust" arg /* Set sdsl-bonded overhead adjustment factor */, "total-adjust" arg /* Set sdsl-bonded total adjustment factor */ ) ), "vdsl2-bonded" ( /* Set VDSL2-bonded attributes */ c( "overhead-bytes" arg /* Set vdsl2-bonded byte adjust value */, "overhead-adjust" arg /* Set vdsl2-bonded overhead adjustment factor */, "total-adjust" arg /* Set vdsl2-bonded total adjustment factor */ ) ), "gfast-bonded" ( /* Set G.fast-bonded attributes */ c( "overhead-bytes" arg /* Set gfast-bonded byte adjust value */, "overhead-adjust" arg /* Set gfast-bonded overhead adjustment factor */, "total-adjust" arg /* Set gfast-bonded total adjustment factor */ ) ), "vdsl2-annex-q-bonded" ( /* Set VDSL2-annex-q-bonded attributes */ c( "overhead-bytes" arg /* Set vdsl2-annex-q-bonded byte adjust value */, "overhead-adjust" arg /* Set vdsl2-annex-q-bonded overhead adjustment factor */, "total-adjust" arg /* Set vdsl2-annex-q-bonded total adjustment factor */ ) ), "type" arg ( /* Set generic DSL type attributes */ c( "overhead-bytes" arg /* Set type byte adjust value */, "overhead-adjust" arg /* Set type overhead adjustment factor */, "total-adjust" arg /* Set type total adjustment factor */ ) ) ) ), "pon" ( c( "other" ( /* Set OTHER attributes */ c( "overhead-bytes" arg /* Set other byte adjust value */, "overhead-adjust" arg /* Set other overhead adjustment factor */, "total-adjust" arg /* Set other total adjustment factor */ ) ), "gpon" ( /* Set GPON attributes */ c( "overhead-bytes" arg /* Set gpon byte adjust value */, "overhead-adjust" arg /* Set gpon overhead adjustment factor */, "total-adjust" arg /* Set gpon total adjustment factor */ ) ), "xg-pon1" ( /* Set XG-PON1 attributes */ c( "overhead-bytes" arg /* Set xg-pon1 byte adjust value */, "overhead-adjust" arg /* Set xg-pon1 overhead adjustment factor */, "total-adjust" arg /* Set xg-pon1 total adjustment factor */ ) ), "twdm-pon" ( /* Set TWDM-PON1 attributes */ c( "overhead-bytes" arg /* Set twdm-pon byte adjust value */, "overhead-adjust" arg /* Set twdm-pon overhead adjustment factor */, "total-adjust" arg /* Set twdm-pon total adjustment factor */ ) ), "xgs-pon" ( /* Set XGS-PON attributes */ c( "overhead-bytes" arg /* Set xgs-pon byte adjust value */, "overhead-adjust" arg /* Set xgs-pon overhead adjustment factor */, "total-adjust" arg /* Set xgs-pon total adjustment factor */ ) ), "wdm-pon" ( /* Set WDM-PON attributes */ c( "overhead-bytes" arg /* Set wdm-pon byte adjust value */, "overhead-adjust" arg /* Set wdm-pon overhead adjustment factor */, "total-adjust" arg /* Set wdm-pon total adjustment factor */ ) ), "type" arg ( /* Set generic PON type attributes */ c( "overhead-bytes" arg /* Set type byte adjust value */, "overhead-adjust" arg /* Set type overhead adjustment factor */, "total-adjust" arg /* Set type total adjustment factor */ ) ) ) ), "hierarchical-access-network-detection" /* Hierarchical access network detection */, "attributes" ( c( "preference" ( /* Preference when multiple access types available */ ("pon" | "dsl") ) ) ) ) ), "master-password" ( /* Master password for $8$ password-encryption */ c( "iteration-count" arg /* Define PBKDF2 iteration count */, "pseudorandom-function" ( /* Define PBKDF2 PRF */ ("hmac-sha2-256" | "hmac-sha1" | "hmac-sha2-512") ) ) ), "resiliency" ( /* Resiliency exceptions */ c( "traceoptions" ( /* Resiliency trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("error" | "state" | "telemetry")) /* Tracing parameters */.as(:oneline) ) ), "exceptions" ( /* Subscribe to JUNOS exceptions */ c( "routing" /* Subscribe to routing exceptions */.as(:oneline), "os" /* Subscribe to os exceptions */.as(:oneline), "forwarding" /* Subscribe to forwarding exceptions */ ) ), "store" ( /* Store Exceptions */ c( "database" /* Store Exceptions in SQLite Database, File default */, "file" ( /* Telemetry Exceptions file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "fwding-file" ( /* Forwarding IPFIX Exceptions file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline) ) ) ) ), "dump-on-panic" ) end rule(:archive_object) do c( "size" arg /* Size of files to be archived */, "files" arg /* Number of files to be archived */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "binary-data" /* Mark file as if it contains binary data */, "no-binary-data" /* Don't mark file as if it contains binary data */, "transfer-interval" arg /* Frequency at which to transfer files to archive sites */, "start-time" ( /* Start time for file transmission (yyyy-mm-dd.hh:mm) */ time /* Start time for file transmission (yyyy-mm-dd.hh:mm) */ ), "archive-sites" arg ( sc( "password" ( /* Password for login into the archive site */ unreadable /* Password for login into the archive site */ ), "routing-instance" arg /* Routing instance */ ) ).as(:oneline) ).as(:oneline) end rule(:authentication_object) do c( "plain-text-password-value" arg /* Plain text password */, "encrypted-password" arg /* Encrypted password string */, "no-public-keys" /* Disables ssh public key based authentication */, "ssh-rsa" arg ( /* Secure shell (ssh) RSA public key string */ sc( "from" arg /* Pattern-list of allowed hosts */ ) ).as(:oneline), "ssh-dsa" arg ( /* Secure shell (ssh) DSA public key string */ sc( "from" arg /* Pattern-list of allowed hosts */ ) ).as(:oneline), "ssh-ecdsa" arg ( /* Secure shell (ssh) ECDSA public key string */ sc( "from" arg /* Pattern-list of allowed hosts */ ) ).as(:oneline), "ssh-ed25519" arg ( /* Secure shell (ssh) ED25519 public key string */ sc( "from" arg /* Pattern-list of allowed hosts */ ) ).as(:oneline) ) end rule(:autoconf_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("configuration" | "interfaces" | "io" | "rtsock" | "ui" | "auth" | "all")) /* Area of autoconfiguration to enable debugging output */.as(:oneline) ) end rule(:bbe_smg_upd_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("config" | "main" | "interface" | "rpd" | "vbf" | "all")) /* Specific SMGD area to include in debugging trace */.as(:oneline) ) end rule(:bbe_smgd_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("config" | "main" | "interface" | "rpd" | "service" | "net" | "autoconf" | "demux" | "session" | "io" | "vbf" | "dhcp" | "cpcd" | "pppoe" | "ppp" | "rtsock" | "ui" | "l2tp" | "dprof" | "auth" | "stats" | "ucac" | "snmp" | "ancp" | "jssc" | "gre" | "hag" | "agf" | "redundancy" | "all")) /* Specific SMGD area to include in debugging trace */.as(:oneline) ) end rule(:bbe_stats_type) do end rule(:bdbrepd_type) do c( "traceoptions" ( /* Database replication trace options */ bdbrepd_traceoptions_type /* Database replication trace options */ ) ) end rule(:bdbrepd_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("database" | "mirror" | "replication" | "ui" | "general" | "session-db" | "server" | "all")) /* Database replication operations to include in debugging trace */.as(:oneline) ) end rule(:daemon_process) do arg.as(:arg) ( c( ("disable"), "failover" ( /* How to handle failure of parameter */ ("other-routing-engine" | "alternate-media") ), "command" arg /* Path to binary for process */ ) ).as(:oneline) end rule(:datapath_traced_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("datapath-traced-infrastructure" | "datapath-traced-server" | "client-management" | "all")) /* Area of DATAPATH Trace process to enable debugging output */.as(:oneline) ) end rule(:ddos_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("config" | "events" | "gres" | "init" | "memory" | "protocol" | "rtsock" | "signal" | "state" | "timer" | "ui" | "ipc" | "socket" | "all")) /* Area of DDOS process to enable debugging output */.as(:oneline) ) end rule(:dhcp_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("binding" | "config" | "conflict" | "event" | "ifdb" | "io" | "lease" | "main" | "misc" | "option" | "packet" | "pool" | "protocol" | "relay" | "rtsock" | "scope" | "signal" | "trace" | "ui" | "all")) /* Area of DHCP server process to enable debugging output */.as(:oneline) ) end rule(:dynamic_profile_option_object) do c( "versioning" /* Enable dynamic profile versioning */ ) end rule(:fibtd_trace_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("infra" | "database" | "streaming" | "cli" | "cos" | "all")) /* Tracing paramters */.as(:oneline) ) end rule(:httpd_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("configuration" | "mgd" | "webauth" | "dynamic-vpn" | "init" | "all")) /* Area of HTTPD process to enable debugging output */.as(:oneline) ) end rule(:jdhcp_interface_traceoptions_level_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("state" | "packet" | "flow" | "packet-option" | "dhcpv6-state" | "dhcpv6-packet" | "dhcpv6-packet-option" | "all")) /* Interface trace categories */.as(:oneline) ) end rule(:jdhcp_traceoptions_level_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("state" | "packet" | "flow" | "packet-option" | "dhcpv6-state" | "dhcpv6-packet" | "dhcpv6-packet-option" | "all" | "database" | "persistent" | "lockout-db" | "interface" | "rtsock" | "flow-notify" | "io" | "ha" | "ui" | "general" | "fwd" | "rpd" | "auth" | "profile" | "session-db" | "performance" | "statistics" | "dhcpv6-io" | "dhcpv6-rpd" | "dhcpv6-session-db" | "dhcpv6-general" | "liveness-detection" | "security-persistence" | "mclag" | "ra-guard" | "era")) /* DHCP operations to include in debugging trace */.as(:oneline) ) end rule(:jet_scripts_file_type) do arg.as(:arg) ( c( "checksum" ( /* Checksum of this script */ c( "sha-256" arg /* SHA-256 checksum of this script */ ) ), "arguments" arg /* Command line arguments to JET application */, "daemonize" /* Runs application as daemon */, "interpreter" ( /* Runs application using on-box */ ("python" | "python3" | "bash") ), "respawn-on-normal-exit" /* Respawn application on normal exit */, "username" arg /* User under whose privileges extension service will execute */, "source" arg /* URL of source for this script */, "cert-file" arg /* Specify the certificate file name */, "routing-instance" arg /* Routing instance */, "traceoptions" ( /* Trace options per application */ script_traceoptions /* Trace options per application */ ), "refresh" /* Refresh all operation scripts from their source */, "refresh-from" arg /* Refresh all operation scripts from a given base URL */ ) ) end rule(:jkhmd_trace_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("infra" | "sysctl" | "jti" | "ipc" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:jsavald_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("rtsock" | "general" | "firewall" | "database" | "all")) /* Area of process mac validation to enable debugging output */.as(:oneline) ) end rule(:juniper_tenant) do arg.as(:arg) ( c( "interfaces" ( /* Interface configuration */ c( tenant_interfaces_type ) ), "routing-instances" ( /* Routing instance configuration */ c( juniper_routing_instance ) ) ) ) end rule(:juniper_transport_profiles) do arg.as(:arg) ( c( "description" arg /* Text description of this profile */, "online" ( /* Online charging configuration in transport profile */ c( "tx-timeout" arg /* Timeout value waiting for response */, "session-failover-not-supported" /* Disable online charging sessions failover to alternate server */, "diameter-profile" arg /* Gy diameter profile name */, "service-context-id" arg /* Service Context ID . If not configured, default service-context-id is 9.32251@3gpp.org */, "charging-function-name" arg /* Charging Function Name corresponds to PCRF referred online charging function name */, "single-mscc" /* Include only one MSCC AVP in CCR message */, "no-mscc-in-ccrt" /* Do not include MSCC AVP in CCR-T message */, "no-initiate-session-on-activation" /* Do not initiate diameter session on activation */, "quota-request-on-activation" /* Request quota only on activation */, "all-rgs-on-termination" /* Report all (active/non-active) RGs on termination to OCS */ ) ), "offline" ( /* Offline charging in the transport profile */ c( "charging-gateways" ( /* Charging gateway group information */ c( "cdr-release" ( /* CDR Release type */ ("r99" | "r7" | "r8" | "r9") ), "peer-order" ( /* Charging servers order */ c( "peer" arg /* Charging server name */ ) ), "persistent-storage-order" ( /* Offline charging persistent storage order */ c( "local-storage" /* Local persistant storage */ ) ), "switch-back-time" arg /* Switch back time interval value */, "cdr-aggregation-limit" arg /* The number of CDRs in one DRT message, default value is 5 */, "mtu" arg /* The MTU of the DRT message */ ) ), "charging-function-name" arg /* Charging Function Name corresponds to PCRF referred offline charging function name */, "container-limit" arg /* The maximum number of container in each CDR */, "sgsn-mme-change-limit" arg /* Number of SGSN or SGW changes before CDR is closed */ ) ), "service-mode" ( /* Service mode */ ("maintenance") ) ) ) end rule(:juniper_trigger_profiles) do arg.as(:arg) ( c( "description" arg /* Text description of this profile */, "tariff-time-list" arg /* Input a list of tariff time changes within a day in 15 minute increments (time in sec will be ignored) */, "offline" ( /* Offline charging in the trigger profile */ c( "volume-limit" ( /* Specify volume limit trigger for container closing */ sc( arg /* Volume limit in bytes */, "direction" ( /* Specific volume trigger traffic direction */ ("uplink" | "both") ) ) ).as(:oneline), "time-limit" arg /* The time-limit for container closure */, "exclude" ( /* Specify excluded signal triggers */ c( "plmn-change" /* No charging data updates on PLMN change */, "qos-change" /* No charging data updates on QOS change */, "rat-change" /* No charging data updates on RAT change */, "sgsn-sgw-change" /* No charging data updates on SGW change */, "user-location-change" /* No charging data updates on user location information change */, "ms-timezone-change" /* No charging data updates on MS-timezone change */, "dcca-events" /* No CDR generation on dcca-events like quota-exhaustion, threshold, etc */ ) ) ) ), "charging-method" ( /* Default charging method if not provided by PCEF */ ("none" | "online" | "offline" | "both") ), "online" ( c( "reporting-level" ( /* Default Reporting level for offline and online usage report */ c( c( "rating-group" /* Rating group level reporting */, "service-identifier" /* Service identifier level reporting */ ), "override" /* Override reporting level provided by PCEF */ ) ), "measurement-method" ( /* Default measurement method to use if not provided by PCEF */ ("none" | "volume" | "time" | "volume-and-time") ), "quota-threshold" ( /* Calculate quota threshold value as a percentage of total quota allocated */ c( arg, "override" /* Override threshold value provided by OCS */ ) ), "quota-validity-time" arg /* Configure quota validity time if one is not provided by OCS */, "quota-holding-time" arg /* Configure quota holding time if one is not provided by OCS */, "grant-quota" ( /* Configure grace-quota to be allocated in case of failure */ c( "cc-time" arg /* Configure time quota */, "cc-octet-uplink" arg /* Configure input volume quota */, "cc-octet-downlink" arg /* Configure output volume quota */, "cc-octet-both" arg /* Configure volume quota */ ) ), "requested-service-unit" ( /* Determine the requested service unit AVP behavior */ c( "include-quota-holding-time" /* Include RSU when reporting reason is quota holding time */, "cc-time" arg /* Configure the time quota requested in CCR */, "cc-octet-uplink" arg /* Configure input volume quota */, "cc-octet-downlink" arg /* Configure output volume quota */, "cc-octet-both" arg /* Configure volume quota */ ) ), "cc-failure-handling" ( /* Configure MobileNext handling during credit-control failure */ c( "block-traffic-pending-reauth-no-quota" /* Block traffic for a RG pending re-auth during quota exhaustion */, "override" /* Overrides charging failure-method provided by OCS */, "result-code-based-action" ( /* Perform action based on diamter result-code AVP */ c( "authorization-rejected" ( /* Diameter-authorization-rejected - default Terminate */ c( c( "blacklist" ( /* Put rating-group in blacklist */ sc( arg ) ).as(:oneline) ) ) ), "credit-control-not-applicable" ( /* Diameter-credit-control-not-applicable - default disable online charging */ c( c( "convert-to-offline" ( /* Convert to offline in case of failure */ c( "grant-grace-quota" /* Use offline charging till grace quota period */ ) ) ) ) ), "end-user-service-denied" ( /* Diameter-end-user-service-denied - default terminate */ c( c( "disable-online-charging" /* Disable online charging. Continue to use offline charging if enabled otherwise no charging is applied */, "convert-to-offline" ( /* Convert to offline in case of failure */ c( "grant-grace-quota" /* Use offline charging till grace quota period */ ) ) ) ) ), "user-unknown" ( /* User-unknown - default terminate */ c( c( "disable-online-charging" /* Disable online charging. Continue to use offline charging if enabled otherwise no charging is applied */, "convert-to-offline" ( /* Convert to offline in case of failure */ c( "grant-grace-quota" /* Use offline charging till grace quota period */ ) ) ) ) ), "credit-limit-reached" ( /* Diameter-credit-limit-reached - default terminate */ c( c( "blacklist" ( /* Put rating-group in blacklist */ sc( arg ) ).as(:oneline) ) ) ) ) ), "initial-request" ( /* Failure action for initial cc request - default terminate */ c( c( "grant-grace-quota" /* Grant grace quota and continue online session */, "disable-online-charging" /* Disable online charging. Continue to use offline charging if enabled otherwise no charging is applied */, "convert-to-offline" ( /* Convert to offline in case of failure */ c( "grant-grace-quota" /* Use offline charging till grace quota period */ ) ) ) ) ), "update-request" ( /* Failure action for update cc request - default terminate */ c( c( "grant-grace-quota" /* Grant grace quota and continue online session */, "disable-online-charging" /* Disable online charging. Continue to use offline charging if enabled otherwise no charging is applied */, "convert-to-offline" ( /* Convert to offline in case of failure */ c( "grant-grace-quota" /* Use offline charging till grace quota period */ ) ) ) ) ) ) ) ) ) ) ) end rule(:juniper_unified_edge_cos_options) do c( "classifier-profiles" arg ( /* Classifier tables for mobile subscribers (UMTS/EPS) */ c( "description" arg /* Text description of classifier profile */, "qos-class-identifier" arg ( /* QCI mapping to forwarding class and loss priority */ sc( "forwarding-class" arg /* Forwarding class */, "loss-priority" ( /* Loss priority value */ ("low" | "high") ) ) ).as(:oneline) ) ), "gbr-bandwidth-pools" arg ( /* GBR bandwith pools configuration */ c( "maximum-bandwidth" arg /* Bandwidth for pool */, "downgrade-gtp-v1-gbr-bearers" /* Downgrade GTPv1 GBR bearer traffic class to background traffic class */ ) ), "resource-threshold-profiles" arg ( /* Resource threshold profiles */ c( "description" arg /* Text description of resource threshold profile */, "bearers-load" ( /* Number of bearers load configurations */ c( "low" ( /* Low threshold configuration */ c( "percentage" arg /* Low threshold */, "priority-level" arg /* Priority level - default 10 */ ) ), "high" ( /* High threshold configuration */ c( "percentage" arg /* High threshold */, "priority-level" arg /* Priority level - default 5 */ ) ) ) ), "memory" ( /* Memory load configurations */ c( "low" ( /* Low threshold configuration */ c( "percentage" arg /* Low threshold */, "priority-level" arg /* Priority level - default 10 */ ) ), "high" ( /* High threshold configuration */ c( "percentage" arg /* High threshold */, "priority-level" arg /* Priority level - default 5 */ ) ) ) ), "cpu" ( /* CPU load configurations */ c( "low" ( /* Low threshold configuration */ c( "percentage" arg /* Low threshold */, "priority-level" arg /* Priority level - default 10 */ ) ), "high" ( /* High threshold configuration */ c( "percentage" arg /* High threshold */, "priority-level" arg /* Priority level - default 5 */ ) ) ) ) ) ), "cos-policy-profiles" arg ( /* QoS policy profile */ c( "description" arg /* Text description of cos policy */, "default-bearer-qci" ( /* Default bearer qci value */ sc( arg, "upgrade" /* Override qci value */, "reject" /* Reject calls with numerially lower qci */ ) ).as(:oneline), "allocation-retention-priority" ( /* ARP local policy */ sc( arg, "reject" /* Reject calls with higher priority value */ ) ).as(:oneline), "aggregated-qos-control" ( /* Aggregated qos control policy */ c( "maximum-bit-rate-uplink" ( /* Maximum bit rate uplink */ sc( arg, "upgrade" /* Override maximum-bit-rate uplink value */, "reject" /* Reject calls with higher uplink maximum-bit-rate */ ) ).as(:oneline), "maximum-bit-rate-downlink" ( /* Maximum bit rate downlink */ sc( arg, "upgrade" /* Override maximum-bit-rate downlink value */, "reject" /* Reject calls with higher downlink maximum-bit-rate */ ) ).as(:oneline) ) ), "pdp-qos-control" ( /* PDP qos control */ c( "maximum-bit-rate-uplink" ( /* Maximum bit rate uplink */ sc( arg, "upgrade" /* Override maximum-bit-rate uplink value */, "reject" /* Reject calls with higher uplink maximum-bit-rate */ ) ).as(:oneline), "maximum-bit-rate-downlink" ( /* Maximum bit rate downlink */ sc( arg, "upgrade" /* Override maximum-bit-rate downlink value */, "reject" /* Reject calls with higher downlink maximum-bit-rate */ ) ).as(:oneline), "guaranteed-bit-rate-uplink" ( /* Guaranteed bit rate uplink */ sc( arg, "upgrade" /* Override guaranteed-bit-rate uplink value */, "reject" /* Reject calls with higher uplink guaranteed-bit-rate */ ) ).as(:oneline), "guaranteed-bit-rate-downlink" ( /* Guaranteed bit rate downlink */ sc( arg, "upgrade" /* Override guaranteed-bit-rate downlink value */, "reject" /* Reject calls with higher downlink guaranteed-bit-rate */ ) ).as(:oneline), "qci" arg ( /* PDP qos control per qci */ c( "maximum-bit-rate-uplink" ( /* Maximum bit rate uplink */ sc( arg, "upgrade" /* Override maximum-bit-rate uplink value */, "reject" /* Reject calls with higher uplink maximum-bit-rate */ ) ).as(:oneline), "maximum-bit-rate-downlink" ( /* Maximum bit rate downlink */ sc( arg, "upgrade" /* Override maximum-bit-rate downlink value */, "reject" /* Reject calls with higher downlink maximum-bit-rate */ ) ).as(:oneline) ) ) ) ), "policer-action" ( /* Policer actions */ c( "non-gbr-bearer" ( /* Policer actions for non gbr bearers */ c( "violate-action" ( /* PDP policer violate action */ ("set-loss-priority-high" | "transmit") ) ) ), "gbr-bearer" ( /* Policer actions for gbr bearers */ c( "exceed-action" ( /* PDP policer exceed action */ ("drop" | "transmit") ), "violate-action" ( /* PDP policer violate action */ ("set-loss-priority-high" | "transmit") ) ) ) ) ) ) ) ) end rule(:juniper_virtual_chassis_traceoptions) do c( "file" ( /* Trace file options */ vchassis_trace_file_type /* Trace file options */ ), "flag" enum(("parse" | "hello" | "psn" | "csn" | "lsp" | "normal" | "task" | "krt" | "spf" | "me" | "packets" | "lsp-generation" | "error" | "route" | "state" | "auto-configuration" | "graceful-restart" | "dcp-infra" | "dcp-dev-state" | "heartbeat" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) end rule(:juniper_accounting_options) do c( "selective-aggregate-interface-stats" ( /* Toggle selective aggregate interface statistics collection */ sc( ("disable") ) ).as(:oneline), "periodic-refresh" ( /* Toggle periodic statistics collection */ sc( ("disable") ) ).as(:oneline), "file" arg ( /* Accounting data file configuration */ c( "nonpersistent" /* File does not persist across reboot */, "size" arg /* Maximum accounting data file size */, "files" arg /* Maximum number of files for this profile */, "transfer-interval" arg /* Frequency at which to transfer files to archive sites */, "start-time" ( /* Start time for file transmission (yyyy-mm-dd.hh:mm) in local time format */ time /* Start time for file transmission (yyyy-mm-dd.hh:mm) in local time format */ ), "compress" /* Transfer file in compressed format */, "backup-on-failure" ( /* Backup on transfer failure */ c( c( "master-only" /* Backup on master only */, "master-and-slave" /* Backup on both master and slave */ ) ) ), "push-backup-to-master" /* Push backup files to master RE */, "archive-sites" arg ( /* List of archive destinations */ sc( "password" ( /* Password for login into the archive site */ unreadable /* Password for login into the archive site */ ) ) ).as(:oneline) ) ), "interface-profile" arg ( /* Interface profile for accounting data */ c( "file" arg /* Name of file for accounting data */, "interval" arg /* Polling interval */, "start-time" ( /* Profile start time (yyyy-mm-dd.hh:mm) in local time format */ time /* Profile start time (yyyy-mm-dd.hh:mm) in local time format */ ), "fields" ( /* Statistics to log to file */ c( "input-bytes" /* Input bytes */, "output-bytes" /* Output bytes */, "input-packets" /* Input packets */, "output-packets" /* Output packets */, "input-errors" /* Generic input error packets */, "output-errors" /* Generic output error packets */, "input-multicast" /* Input packets arriving by multicast */, "output-multicast" /* Output packets sent by multicast */, "input-unicast" /* Input unicast packets */, "output-unicast" /* Output unicast packets */, "unsupported-protocol" /* Packets for unsupported protocol */, "rpf-check-bytes" /* Bytes failing IPv4 reverse-path-forwarding check */, "rpf-check-packets" /* Packets failing IPv4 reverse-path-forwarding check */, "rpf-check6-bytes" /* Bytes failing IPv6 reverse-path-forwarding check */, "rpf-check6-packets" /* Packets failing IPv6 reverse-path-forwarding check */, "rpf-check-total-bytes" /* Total Bytes failing reverse-path-forwarding check */, "rpf-check-total-packets" /* Total Packets failing reverse-path-forwarding check */ ) ) ) ), "filter-profile" arg ( /* Filter profile for accounting data */ c( "file" arg /* Name of file for accounting data */, "interval" arg /* Polling interval */, "counters" ( /* Name of counter */ counter_object /* Name of counter */ ), "start-time" ( /* Profile start time (yyyy-mm-dd.hh:mm) in local time format */ time /* Profile start time (yyyy-mm-dd.hh:mm) in local time format */ ) ) ), "class-usage-profile" arg ( /* Class usage profile for accounting data */ c( "file" arg /* Name of file for accounting data */, "interval" arg /* Polling interval */, "start-time" ( /* Profile start time (yyyy-mm-dd.hh:mm) in local time format */ time /* Profile start time (yyyy-mm-dd.hh:mm) in local time format */ ), c( "destination-classes" ( /* Name of destination class */ dest_class_name_object /* Name of destination class */ ), "source-classes" ( /* Name of source class */ source_class_name_object /* Name of source class */ ) ) ) ), "routing-engine-profile" arg ( /* Routing Engine profile for accounting data */ c( "file" arg /* Name of file for accounting data */, "interval" arg /* Polling interval */, "start-time" ( /* Profile start time (yyyy-mm-dd.hh:mm) in local time format */ time /* Profile start time (yyyy-mm-dd.hh:mm) in local time format */ ), "fields" ( /* Information to log to file */ c( "host-name" /* Hostname for this router */, "date" /* Date */, "time-of-day" /* Time of day */, "uptime" /* Time since last reboot */, "cpu-load-1" /* Average system load over last 1 minute */, "cpu-load-5" /* Average system load over last 5 minutes */, "cpu-load-15" /* Average system load over last 15 minutes */, "memory-usage" /* Instantaneous active memory usage */, "total-cpu-usage" /* Total CPU usage percentage */, "cpu-usage-5sec" /* System CPU usage for last 5 seconds */, "cpu-usage-1min" /* System CPU usage for the last minute */, "cpu-usage-5min" /* System CPU usage for the 5 minutes */, "free-mem" /* Total free memory available */, "total-mem" /* Total memory available */ ) ) ) ), "mib-profile" arg ( /* MIB profile for accounting data */ c( "file" arg /* Name of file for accounting data */, "interval" arg /* Polling interval */, "start-time" ( /* Profile start time (yyyy-mm-dd.hh:mm) in local time format */ time /* Profile start time (yyyy-mm-dd.hh:mm) in local time format */ ), "operation" ( /* SNMP operation */ ("get" | "get-next" | "walk") ), "object-names" ( /* Names of MIB objects */ mib_variable_name_object /* Names of MIB objects */ ) ) ), "flat-file-profile" arg ( /* Flat file profile for accounting data */ c( "file" arg /* Name of file for accounting data */, "interval" arg /* Polling interval */, "schema-version" arg /* Name of the schema */, "start-time" ( /* Profile start time (yyyy-mm-dd.hh:mm) in local time format */ time /* Profile start time (yyyy-mm-dd.hh:mm) in local time format */ ), "use-fc-ingress-stats" /* Use Ingress stats for reporting forwarding class counters */, "fields" ( /* Statistics to log to file */ c( "all-fields" /* All parameters */, "service-accounting" /* Service accounting for filters - obsolete config */, "general-param" ( /* General interface parameters */ c( "all-fields" /* All general interface parameters */, "timestamp" /* Timestamp */, "accounting-type" /* Accounting status type */, "descr" /* Description */, "routing-instances" /* Routing Instances where interface belongs */, "nas-port-id" /* NAS port id */, "line-id" /* Line id */, "vlan-id" /* Vlan-id */, "logical-interface" /* Logical-Interface */, "physical-interface" /* Physical Interface name */, "user-name" /* User name of the subscriber */ ) ), "overall-packet" ( /* Overall packet statistics */ c( "all-fields" /* All overall packet statistics */, "input-bytes" /* Input bytes */, "input-packets" /* Input packets */, "input-v6-bytes" /* Input IPV6 bytes */, "input-v6-packets" /* Input IPV6 packets */, "output-bytes" /* Output bytes */, "output-packets" /* Output packets */, "output-v6-bytes" /* Output IPV6 bytes */, "output-v6-packets" /* Output IPV6 packets */, "input-errors" /* Total input errors */, "output-errors" /* Total output errors */, "input-discards" /* Total input discards */, "input-v4-bytes" /* Input IPV4 bytes */, "input-v4-packets" /* Input IPV4 packets */, "output-v4-bytes" /* Output IPV4 bytes */, "output-v4-packets" /* Output IPV4 packets */, "input-bytes-per-sec" /* Input bytes per second */, "input-packets-per-sec" /* Input packets per second */ ) ), "l2-stats" ( /* Layer2 statistics */ c( "all-fields" /* All Layer2 statistics */, "input-mcast-bytes" /* L2 multicast bytes from input side */, "input-mcast-packets" /* L2 multicast packets from input side */ ) ), "ingress-stats" ( /* Ingress queue statistics */ c( "all-fields" /* All ingress queue statistics */, "queue-id" /* Queue ID */, "input-packets" /* Total input packets on the queue */, "input-bytes" /* Total input bytes on the queue */, "output-packets" /* Total output packet on the queue */, "output-bytes" /* Total output bytes on the queue */, "drop-packets" /* Ingress queue dropped packets */ ) ), "egress-stats" ( /* Egress queue statistics */ c( "all-fields" /* All egress queue statistics */, "queue-id" /* Queue ID */, "input-packets" /* Total input packets on the queue */, "input-bytes" /* Total input bytes on the queue */, "output-packets" /* Total output packet on the queue */, "output-bytes" /* Total output bytes on the queue */, "tail-drop-packets" /* Egress queue tail dropped packets */, "red-drop-packets" /* Egress queue red dropped packets */, "red-drop-bytes" /* Egress queue red drop bytes */, "total-drop-packets" /* Egress queue total drop packets */ ) ) ) ), "format" ( /* Flat file accounting format */ c( c( "ipdr" /* IPDR format */, "csv" /* CSV format */ ) ) ) ) ), "cleanup-interval" ( /* Backup files cleanup interval */ c( "interval" arg /* Cleanup interval in days */ ) ) ) end rule(:counter_object) do arg.as(:arg).as(:oneline) end rule(:dest_class_name_object) do arg.as(:arg).as(:oneline) end rule(:junos_hash_key) do c( "family" ( /* Protocol family */ c( "fcoe" ( /* FCoE protocol family */ c( "ethernet-interfaces" ( /* FCoE hash-key configuration on ethernet interfaces */ c( "oxid" ( /* Originator Exchange ID */ ("enable" | "disable") ) ) ), "fabric-interfaces" ( /* FCoE hash-key configuration on fabric interfaces */ c( "oxid" ( /* Originator Exchange ID */ ("enable" | "disable") ) ) ), "oxid" ( /* Originator Exchange ID */ ("enable" | "disable") ) ) ), "inet" ( /* IPv4 protocol family */ c( "layer-3" ( /* Include Layer 3 (IP) data in the hash key */ c( "destination-address" /* Include IP destination address in the hash key */ ) ), "layer-4" ( /* Include Layer 4 (TCP or UDP) data in the hash key */ c( "gtp-tunnel-endpoint-identifier" /* Include GTP TEID in the hash key */ ) ), "session-id" /* Include session ID in the hash key */, "symmetric-hash" ( /* Create symmetric hash-key with source & destination ports */ c( "complement" /* Create complement of symmetric hash-key */ ) ), "no-incoming-port" /* Exclude incoming port from the hash key */ ) ), "inet6" ( /* IPv6 protocol family */ c( "layer-3" ( /* Include Layer 3 (IP) data in the hash key */ c( "destination-address" /* Include IP destination address in the hash key */, "incoming-interface-index" /* Include incoming interface index in the hash key */, "next-header" /* Include IP Next Header field in the hash key */, "source-address" /* Include IP source address in the hash key */, "traffic-class" /* Include Traffic Class field in the hash key */, "ipv6-flow-label" /* Include IPV6 flow label field in the hash key */ ) ), "layer-4" ( /* Include Layer 4 (TCP or UDP) data in the hash key */ c( "destination-port" /* Include IP destination port in the hash key */, "source-port" /* Include IP source port in the hash key */, "gtp-tunnel-endpoint-identifier" /* Include GTP TEID in the hash key */ ) ), "session-id" /* Include session ID in the hash key */, "no-incoming-port" /* Exclude incoming port from the hash key */ ) ), "mpls" ( /* MPLS protocol family */ c( c( "label-1" /* Include the first MPLS label in the hash key */, "all-labels" /* Include all MPLS labels in hash key */, "no-labels" /* Exclude all MPLS labels from hash key */, "bottom-label-1" /* Include the first MPLS label from bottom-of-stack in the hash key */ ), "label-2" /* Include the second MPLS label in the hash key */, "label-3" /* Include the third MPLS label in the hash key */, "bottom-label-2" /* Include the second MPLS label from bottom-of-stack in the hash key */, "bottom-label-3" /* Include the third MPLS label from bottom-of-stack in the hash key */, "no-label-1-exp" /* Omit EXP bits of first MPLS label from the hash key */, "payload" ( /* Include payload data in the hash key */ c( "ether-pseudowire" ( /* Load-balance IP over ethernet PW */ c( "zero-control-word" /* MPLS ether-pseudowire payload with zero-control-word preceding ethernet packet */ ) ), "ip" ( /* Include IPv4 or IPv6 payload data in the hash key */ c( c( c( "layer-3-only" /* Include only layer-3 IP information */, "enable" /* Include layer3/4 IP payload in the hash key */, "disable" /* Exclude layer3/4 IP payload in the hash key */ ), "port-data" ( c( "source-msb" /* Include the most significant byte of the source port */, "source-lsb" /* Include the least significant byte of the source port */, "destination-msb" /* Include the most significant byte of the destination port */, "destination-lsb" /* Include the least significant byte of the destination port */ ) ) ) ) ) ) ) ) ), "multiservice" ( /* Multiservice protocol family */ c( "source-mac" /* Include source MAC address in hash key */, "destination-mac" /* Include destination MAC address in hash key */, "label-1" /* Include the first MPLS label in the hash key */, "label-2" /* Include the second MPLS label in the hash key */, "payload" ( /* Include payload data in the hash key */ c( "ip" ( /* Include IPv4 payload data in the hash key */ c( "layer-3" ( /* Include layer-3 ip info for VPLS/Bridge */ c( c( "source-ip-only" /* Include source IP only in hash-key */, "destination-ip-only" /* Include desintation IP only in hash-key */ ) ) ), "layer-4" /* Include layer-4 IP information for VPLS/Bridge */, "layer-3-only" /* Include only layer-3 IP information */ ) ) ) ), "symmetric-hash" ( /* Create a/symmetric hash-key with any attributes */ c( "complement" /* Create complement of symmetric hash-key */ ) ) ) ) ) ), "resilient-hash-seed" ( /* Resilient hash seed */ c( arg ) ) ) end rule(:keepalives_type) do c( "interval" arg /* Keepalive period */, "up-count" arg /* Keepalive received to bring link up */, "down-count" arg /* Keepalive missed to bring link down */ ).as(:oneline) end rule(:kod_trace_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("main" | "vpn-localization-config" | "vpn-localization-replay" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:l2tp_access_line_object) do c( "connection-speed-update" /* Support connection speed updates */ ) end rule(:l2tp_destination_object) do c( "lockout-timeout" arg /* The lockout timeout in seconds */, "lockout-result-code" enum(("1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9" | "10" | "11")) ( /* The lockout result code */ c( "error-code" enum(("1" | "2" | "3" | "4" | "5" | "6" | "7" | "8")) /* The lockout error code */ ) ), "address" arg ( sc( "access-line-information" ( /* Enable sending access-line attributes */ c( "connection-speed-update" /* Support connection speed updates */ ) ), "routing-instance" arg ( /* Routing instance in which destination exists */ sc( "drain" /* Prevents creation of tunnels and sessions at destination */ ) ).as(:oneline), "drain" /* Prevents creation of tunnels and sessions at destination */ ) ).as(:oneline), "name" arg ( sc( "drain" /* Prevents tunnels and sessions at destination */ ) ).as(:oneline) ) end rule(:l2tp_interface_traceoptions) do arg.as(:arg) ( c( "flag" enum(("ipc" | "protocol" | "packet-dump" | "system" | "all")) /* Tracing parameters */.as(:oneline), "debug-level" ( /* Trace level for PIC */ ("error" | "detail" | "extensive") ) ) ) end rule(:l2tp_tunnel_group_object) do arg.as(:arg) ( c( "l2tp-access-profile" arg /* Tunnel profile name */, "ppp-access-profile" arg /* User profile name */, "aaa-access-profile" arg /* AAA profile name */, "receive-window" arg /* Maximum receive window size */, "maximum-send-window" arg /* Limits the other end receive window size */, "retransmit-interval" arg /* Retransmit interval */, "hello-interval" arg /* Hello interval for tunnel keepalive */, "hide-avps" /* Hide L2TP AVPs */, "no-tos-reflect" /* Disable ToS bit reflect onto outer L2TP header */, "tos-reflect" /* Enable ToS bit reflect onto outer L2TP header */, "tunnel-timeout" arg /* Time to tear down tunnel when a connection is lost */, "local-gateway" ( c( "address" ( /* L2TP network server IP address */ ipv4addr /* L2TP network server IP address */ ), "gateway-name" arg /* L2TP network server name for use with remote host */ ) ), c( "service-interface" arg /* Services interface to use */, "service-device-pool" arg /* Service interface pool name to use */ ), "dynamic-profile" arg /* dynamic profile for interface to use */, "tunnel-switch-profile" arg /* Tunnel switch profile name */, "syslog" ( /* Define system logging parameters */ log_object /* Define system logging parameters */ ), "maximum-sessions" arg /* Maximum number of sessions per tunnel-group */, "service-profile" arg /* Dynamic service profile(s) to be applied to this session */ ) ) end rule(:layer2_pm_family_output_type) do c( c( "interface" ( /* Interface through which to send sampled traffic */ interface_name /* Interface through which to send sampled traffic */ ), "next-hop-group" arg /* Next-hop-group through which to send port-mirror traffic */, "routing-instance" ( /* Routing instances */ layer2_pm_output_routing_instance_type /* Routing instances */ ), "vlan" ( /* Outgoing VLAN for mirrored packets */ pm_rspan_vlan /* Outgoing VLAN for mirrored packets */ ), "bridge-domain" ( /* Outgoing bridge-domain for mirrored packets */ pm_rspan_bridge_domain /* Outgoing bridge-domain for mirrored packets */ ) ), "no-filter-check" /* Do not check for filters on port-mirroring interface */ ) end rule(:layer2_pm_output_routing_instance_type) do arg.as(:arg) ( c( "vlan" ( /* Outgoing VLAN for mirrored packets */ pm_rspan_vlan /* Outgoing VLAN for mirrored packets */ ), "bridge-domain" ( /* Outgoing bridge-domain for mirrored packets */ pm_rspan_bridge_domain /* Outgoing bridge-domain for mirrored packets */ ) ) ) end rule(:ldap_server_object) do arg.as(:arg) ( c( "port" arg /* LDAP server port number */, "source-address" ( /* Use specified address as source address */ ipv4addr /* Use specified address as source address */ ), "routing-instance" arg /* Use specified routing instance */, "retry" arg /* Number of times to resend requests */, "timeout" arg /* Delay before resending unacknowledged request */, "tls-type" ( ("start-tls") ), "tls-timeout" arg /* Limit on tls handshake time */, "tls-min-version" ( ("v1.1" | "v1.2") ), "no-tls-certificate-check" /* Do not validate peer certificate */, "tls-peer-name" arg /* Expected peer fdqn */ ) ) end rule(:ldp_sync_obj) do c( ("disable"), "hold-time" arg /* Time during which maximum metric is advertised */ ) end rule(:ldp_filter_obj) do c( "match-on" ( /* Argument on which to match */ ("fec" | "address") ), "policy" ( /* Filter policy */ policy_algebra /* Filter policy */ ) ).as(:oneline) end rule(:li_policy_addr6_simple_object) do c( ipv6prefix /* Prefix to match */ ) end rule(:li_policy_addr_simple_object) do c( ipv4prefix /* Prefix to match */ ) end rule(:license_object) do c( "traceoptions" ( /* Trace options for licenses */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("all" | "events" | "config")) /* Tracing parameters */.as(:oneline) ) ), "keys" ( /* License keys */ c( "key" arg /* License key */ ) ), c( "standalone-mode" /* Forcing the node to standalone licensing */ ) ) end rule(:lmp_control_channel_type) do arg.as(:arg) ( c( "remote-address" ( /* Control channel remote address */ ipaddr /* Control channel remote address */ ) ) ) end rule(:localauth_subscriber_object) do arg.as(:arg) ( c( "password" arg /* Password for the subscriber */, "framed-ip-address" ( /* IP address to assign to the subscriber */ ipv4addr /* IP address to assign to the subscriber */ ), "framed-pool" arg /* Pool name to assign an IP address to the subscriber */, "delegated-pool" arg /* Pool name to assign an IPv6 delegated prefix to the subscriber */, "framed-ipv6-pool" arg /* Pool name to assign an IPv6 address or NDRA prefix to the subscriber */, c( "target-routing-instance" ( /* Routing instance to be assigned to the subscriber */ ("default" | arg) ), "target-logical-system" ( /* Logical system to be assigned to the subscriber */ c( arg /* Logical system name */, "target-routing-instance" ( /* Routing instance */ ("default" | arg) ) ) ) ) ) ) end rule(:location_type) do c( "country-code" arg /* Two-letter country code */, "postal-code" arg /* Zip code or postal code */, "npa-nxx" arg /* First six digits of phone number (area code plus exchange) */, "latitude" arg /* Latitude in degree format */, "longitude" arg /* Longitude in degree format */, "altitude" arg /* Feet above (or below) sea level */, "lata" arg /* Local access transport area */, "vcoord" arg /* Bellcore vertical coordinate */, "hcoord" arg /* Bellcore horizontal coordinate */, "building" arg /* Building name */, "floor" arg /* Floor of the building */, "rack" arg /* Rack number */, "lcc" arg ( /* Line-card chassis location */ c( "floor" arg /* Floor of the building */, "rack" arg /* Rack number */ ) ) ) end rule(:log_object) do c( "exclude" arg ( /* List of security log criteria to exclude from the audit log */ c( "destination-address" ( /* Destination address */ ipaddr /* Destination address */ ), "destination-port" arg /* Destination port */, "event-id" arg /* Event ID filter */, "failure" /* Event was a failure */, "interface-name" arg /* Name of interface */, "policy-name" arg /* Policy name filter */, "process" arg /* Process that generated the event */, "protocol" arg /* Protocol filter */, "source-address" ( /* Source address */ ipaddr /* Source address */ ), "source-port" arg /* Source port */, "success" /* Event was successful */, "username" arg /* Username filter */ ) ), "limit" arg /* Limit number of security log entries to keep in memory */, "cache" ( /* Cache security log events in the audit log buffer */ c( "exclude" arg ( /* List of security log criteria to exclude from the audit log */ c( "destination-address" ( /* Destination address */ ipaddr /* Destination address */ ), "destination-port" arg /* Destination port */, "event-id" arg /* Event ID filter */, "failure" /* Event was a failure */, "interface-name" arg /* Name of interface */, "policy-name" arg /* Policy name filter */, "process" arg /* Process that generated the event */, "protocol" arg /* Protocol filter */, "source-address" ( /* Source address */ ipaddr /* Source address */ ), "source-port" arg /* Source port */, "success" /* Event was successful */, "username" arg /* Username filter */ ) ), "limit" arg /* Limit number of security log entries to keep in memory */ ) ), "host" arg ( c( sc( c( "any" /* All levels */, "emergency" /* Panic conditions */, "alert" /* Conditions that should be corrected immediately */, "critical" /* Critical conditions */, "error" /* Error conditions */, "warning" /* Warning messages */, "notice" /* Conditions that should be handled specially */, "info" /* Informational messages */, "none" /* No messages */ ) ).as(:oneline), "facility-override" ( /* Alternate facility for logging to remote host */ ("authorization" | "daemon" | "ftp" | "kernel" | "user" | "local0" | "local1" | "local2" | "local3" | "local4" | "local5" | "local6" | "local7") ), "log-prefix" arg /* Prefix for all logging to this host */, "port" arg /* UDP port for syslogd on the host */, "class" ( /* Syslog messages classes */ c( "session-logs" ( /* Allow syslog messages for session events */ c( "open" /* Allow syslog messages for session open events */, "close" /* Allow syslog messages for session close events */ ) ), "packet-logs" /* Allow syslog messages for packet related events */, "stateful-firewall-logs" /* Allow syslog messages for stateful firewall events */, "alg-logs" /* Allow syslog messages for ALG events */, "nat-logs" ( /* Allow syslog messages for NAT events */ c( "deterministic-nat-configuration-log" /* Allow syslog messages for Determinisitic NAT config events */ ) ), "ids-logs" /* Allow syslog messages for IDS events */, "pcp-logs" ( /* PCP logs */ sc( "map" /* Allow syslog messages for PCP */, "debug" /* Allow PCP debug syslogs */ ) ).as(:oneline), "ha-logs" ( /* Stateful high availability logs */ c( "open-synchronized" /* Allow syslog message for session open events */, "close-synchronized" /* Allow syslog message for session close events */ ) ), "urlf-logs" /* Allow syslog messages for URLF events */ ) ), "source-address" ( /* Use specified address as source address */ ipv4addr /* Use specified address as source address */ ), "tcp-log" ( /* Enable tcp log for this service-set */ c( "source-address" ( /* Source address for tcp logging */ ipaddr /* Source address for tcp logging */ ), "vrf-name" arg /* Routing instance name for tcp logging */, "ssl-profile" arg /* SSL profile name for tcp logging */ ) ) ) ), "message-rate-limit" arg /* Maximum syslog messages per second allowed from this interface. Applies per member if set at aggregate level */ ) end rule(:login_class_object) do arg.as(:arg) ( c( "allowed-days" ( /* Day(s) of week when access is allowed. */ ("sunday" | "monday" | "tuesday" | "wednesday" | "thursday" | "friday" | "saturday") ), "access-start" ( /* Start time for remote access (hh:mm) */ date /* Start time for remote access (hh:mm) */ ), "access-end" ( /* End time for remote access (hh:mm) */ date /* End time for remote access (hh:mm) */ ), "idle-timeout" arg /* Maximum idle time before logout */, "logical-system" arg /* Logical system associated with login */, "tenant" arg /* Tenant associated with this login */, "login-alarms" /* Display system alarms when logging in */, "login-script" arg /* Execute this login-script when logging in */, "login-tip" /* Display tip when logging in */, "no-scp-server" /* Disable incoming SCP connections */, "no-sftp-server" /* Disable incoming SFTP connections */, "permissions" arg, "allow-commands" ( /* Regular expression for commands to allow explicitly */ regular_expression /* Regular expression for commands to allow explicitly */ ), "deny-commands" ( /* Regular expression for commands to deny explicitly */ regular_expression /* Regular expression for commands to deny explicitly */ ), "allow-configuration" ( /* Regular expression for configure to allow explicitly */ regular_expression /* Regular expression for configure to allow explicitly */ ), "deny-configuration" ( /* Regular expression for configure to deny explicitly */ regular_expression /* Regular expression for configure to deny explicitly */ ), "allow-commands-regexps" arg /* Object path regular expressions to allow commands */, "deny-commands-regexps" arg /* Object path regular expressions to deny commands */, "allow-configuration-regexps" arg /* Object path regular expressions to allow */, "deny-configuration-regexps" arg /* Object path regular expressions to deny */, "configuration-breadcrumbs" /* Enable breadcrumbs during display of configuration */, "confirm-commands" arg ( /* List of commands to be confirmed explicitly */ c( arg /* Message to be displayed during confirmation */ ) ), c( "allow-hidden-commands" /* Allow all hidden commands to be executed */, "no-hidden-commands" ( /* Deny all hidden commands with exemptions */ c( "except" arg /* Specify the list of hidden command to be exempted */ ) ) ), "cli" ( c( "prompt" arg /* Cli prompt name for this class */, "timestamp" ( /* Cli Timestamp for this class (default format is '%b %d %T') */ c( "format" arg /* Timestamp format (default is '%b %d %T') */ ) ) ) ), "security-role" ( /* Common Criteria security role */ ("audit-administrator" | "crypto-administrator" | "ids-administrator" | "security-administrator") ), "satellite" ( /* Login access to satellite devices */ ("all") ) ) ) end rule(:login_user_object) do arg.as(:arg) ( c( "full-name" arg /* Full name */, "cli" ( c( "prompt" arg /* Cli prompt name for this user */, "timestamp" ( /* Cli Timestamp for this class (default format is '%b %d %T') */ c( "format" arg /* Timestamp format (default is '%b %d %T') */ ) ) ) ), "uid" arg /* User identifier (uid) */, "class" arg /* Login class */, "authentication" ( /* Authentication method */ authentication_object /* Authentication method */ ) ) ) end rule(:lr_interfaces_type) do arg.as(:arg) ( c( "unit" enum(("$junos-underlying-interface-unit" | "$junos-interface-unit" | arg)) ( /* Logical interface */ c( "policer-overhead" ( /* Policer overhead adjustment for this unit */ c( arg, "ingress" arg /* Ingress value in bytes */, "egress" arg /* Egress value in bytes */ ) ), "alias" arg /* Interface alias */, "enhanced-convergence" /* Optimize convergence time for L3 */, "proxy-macip-advertisement" /* Proxy advertisement of type 2 MAC+IP route for EVPN */, "virtual-gateway-accept-data" /* Accept packets destined for virtual gateway address */, "peer-psd" ( /* Peer psd */ sc( arg /* Peer psd name */ ) ).as(:oneline), "peer-interface" ( /* Peer interface */ c( interface_unit /* Peer interface name */ ) ), "interface-shared-with" ( /* Specify which PSD owns this logical interface */ c( arg /* Name of protected system domain (psd[1-31], ex. psd2) */ ) ), ("disable"), "passive-monitor-mode" /* Use interface to tap packets from another router */, "per-session-scheduler" /* Enable per-session queuing on an IQ2 interface */, "account-layer2-overhead" ( /* Account layer2 overhead in IFL byte statistics */ c( arg, "ingress" arg /* Layer2 overhead bytes to be accounted in ingress */, "egress" arg /* Layer2 overhead bytes to be accounted in egress */ ) ), "forwarding-class-accounting" ( /* Configure Forwarding-class-accounting parameters for IFL */ c( "direction" ( /* Direction of the traffic to be accounted for IFL */ ("ingress" | "egress" | "both") ), "enhanced" ( c( "traffic-type" ( /* Traffic-type to be accounted for forwarding-class-accounting for IFL */ ("unicast-statistics" | "multicast-statistics") ), "family" ( /* Protocol traffic to be accounted for forwarding-class-accounting for IFL */ ("inet" | "inet6" | "both") ), "direction" ( /* Direction of the traffic to be accounted for forwarding-class-accounting for IFL */ ("ingress" | "egress" | "both") ), "overhead-bytes" arg /* Per octet overhead bytes to be accounted for forwarding-class-accounting for IFL */ ) ) ) ), "clear-dont-fragment-bit" /* Clear DF bit in packet (AS PIC and J-series only as well as MIF) */, "packet-inject-enable" /* Enable packet inject functionality on this IFL */, "reassemble-packets" /* Do reassembly of fragmented tunnel packets */, "services-options" /* Services interface-specific options */, "rpm" ( /* Enable RPM service on this interface */ c( c( c( "client" /* Client mode */, "server" /* Server mode */, "client-delegate-probes" /* Client delegate probe mode */ ), "twamp-server" /* Set TWAMP server mode on this interface */, "twamp-client" /* Set TWAMP client mode on this interface */ ) ) ), "description" arg /* Text description of interface */, "metadata" arg /* Text metadata attached to interface */, "dial-options" ( /* Dial options */ c( c( "l2tp-interface-id" arg /* Identifier for group of PPP sessions */, "ipsec-interface-id" arg /* Identifier for group of dynamic peers */ ), c( "dedicated" /* Use this unit for only one PPP/IPSec session */, "shared" /* Share this unit for multiple PPP/IPSec sessions */ ) ) ), "actual-transit-statistics" /* Actual transit statistics */, "demux-source" ( enum(("inet" | "inet6")) ), "demux-destination" ( enum(("inet" | "inet6")) ), "demux" ( /* Demux based on source or destination address */ c( "inet" ( /* Family inet */ c( "address" ( /* Address type */ ("source" | "destination") ), "auto-configure" ( /* Auto configuration */ dynamic_ipv4_type /* Auto configuration */ ) ) ), "inet6" ( /* Family inet6 */ c( "address" ( /* Address type */ ("source" | "destination") ), "auto-configure" ( /* Auto configuration */ dynamic_ipv6_type /* Auto configuration */ ) ) ) ) ), "encapsulation" ( /* Logical link-layer encapsulation */ ("atm-nlpid" | "atm-cisco-nlpid" | "atm-snap" | "atm-vc-mux" | "atm-ccc-vc-mux" | "atm-tcc-vc-mux" | "atm-tcc-snap" | "atm-ccc-cell-relay" | "vlan-vci-ccc" | "ether-over-atm-llc" | "ether-vpls-over-atm-llc" | "ppp-over-ether-over-atm-llc" | "ppp-over-ether" | "atm-ppp-vc-mux" | "atm-ppp-llc" | "atm-mlppp-llc" | "frame-relay-ppp" | "frame-relay-ccc" | "frame-relay" | "frame-relay-tcc" | "frame-relay-ether-type" | "frame-relay-ether-type-tcc" | "ether-vpls-fr" | "vlan-ccc" | "ethernet-ccc" | "vlan-vpls" | "vlan-bridge" | "ethernet-tcc" | "dix" | "ethernet" | "ethernet-vpls" | "ethernet-bridge" | "vlan" | "vlan-tcc" | "multilink-ppp" | "multilink-frame-relay-end-to-end" | "ppp-ccc") ), "gre" /* Allow GRE packets */, "mtu" arg /* Maximum transmission unit packet size */, c( "point-to-point" /* Point-to-point connection */, "multipoint" /* Multipoint connection */ ), "bandwidth" arg /* Logical unit bandwidth (informational only) */, "global-layer2-domainid" arg /* Global Layer-2 Identifier for this interface */, "radio-router" ( /* Parameters for dynamic link cost management */ dynamic_ifbw_parms_type /* Parameters for dynamic link cost management */ ), "traps" /* Enable SNMP notifications on state changes */, "no-traps" /* Don't enable SNMP notifications on state changes */, "routing-services" /* Enable routing services */, "no-routing-services" /* Don't enable routing services */, "routing-service" ( /* Routing Services on this interface */ c( ("enable" | "disable") ) ), "arp-resp" ( /* Knob to control ARP response on the interface, default is restricted */ sc( c( "unrestricted" /* Enable unrestricted ARP respone on the interface */, "restricted" /* Enable restricted proxy ARP response on the interface */ ) ) ).as(:oneline), "proxy-arp" ( /* Enable proxy ARP on the interface, default is unrestricted */ sc( c( "unrestricted" /* Enable unrestricted proxy ARP on the interface */, "restricted" /* Enable restricted proxy ARP on the interface */ ) ) ).as(:oneline), c( "vlan-id" ( /* Virtual LAN identifier value for 802.1q VLAN tags */ ("none" | arg) ), "vlan-id-range" arg /* Virtual LAN identifier range of form vid1-vid2 */, "inner-vlan-id-swap-ranges" arg /* Inner vlan-id swap range(s) of form vid1-vid2 for dynamic L2 VLANs */, "vlan-id-list" arg /* List of VLAN identifiers */, "vlan-tag" arg /* IEEE 802.1q tag list for VLAN tagged frames */, "vlan-tags" ( /* IEEE 802.1q tags */ sc( "outer" ( /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */ ("$junos-stacked-vlan-id" | "$junos-vlan-id" | arg) ), c( "inner" ( /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */ ("$junos-vlan-id" | arg) ), "inner-range" arg /* [tpid.]vid1-vid2, tpid format is 0xNNNN and is optional */, "inner-list" arg /* List of VLAN identifiers */ ) ) ).as(:oneline) ), "deep-vlan-qualified-learning" arg /* Enable qualified MAC-address learning on the specified vlan tag */, "native-inner-vlan-id" arg /* Native virtual LAN identifier for singly tagged frames */, "inner-vlan-id-range" ( /* Inner vlan-id range start end */ sc( "start" arg /* Inner vlan-id range's start value */, "end" arg /* Inner vlan-id range's end value */ ) ).as(:oneline), "accept-source-mac" ( /* Remote media access control address to/from which to accept traffic */ c( "mac-address" ( /* Remote MAC address */ mac_list /* Remote MAC address */ ) ) ), "input-vlan-map" ( /* VLAN map operation on input */ vlan_map /* VLAN map operation on input */ ), "output-vlan-map" ( /* VLAN map operation on output */ vlan_map /* VLAN map operation on output */ ), "swap-by-poppush" /* Pop original vlan tag and then push a new vlan tag */, "receive-lsp" arg /* Name of incoming label-switched path */, "transmit-lsp" arg /* Name of outgoing label-switched path */, "dlci" arg /* Frame Relay data-link control identifier */, "multicast-dlci" arg /* Frame Relay data-link control identifier for multicast packets */, c( "vci" ( /* ATM point-to-point virtual circuit identifier ([vpi.]vci) */ atm_vci /* ATM point-to-point virtual circuit identifier ([vpi.]vci) */ ), "allow-any-vci" /* Allow all VCIs to open in atm-ccc-cell-relay mode */, "vpi" arg /* ATM point-to-point virtual path identifier (vpi) */, "trunk-id" arg /* ATM trunk identifier */ ), "no-vpivci-swapping" /* Do not swap VPI/VCI for Cell Relay */, c( "psn-vci" ( /* PSN VCI */ atm_vci /* PSN VCI */ ), "psn-vpi" arg /* PSN VPI */ ), "atm-l2circuit-mode" ( /* Select ATM Layer 2 circuit transport mode */ sc( c( "cell" /* ATM Layer 2 circuit cell mode */, "aal5" /* ATM Layer 2 circuit AAL5 mode */ ) ) ).as(:oneline), "vci-range" ( /* ATM VCI range start end */ sc( "start" arg /* ATM VCI range's start value */, "end" arg /* ATM VCI range's end value */ ) ).as(:oneline), "trunk-bandwidth" arg /* ATM trunk bandwidth */, "multicast-vci" ( /* ATM virtual circuit identifier for multicast packets */ atm_vci /* ATM virtual circuit identifier for multicast packets */ ), "shaping" ( /* Virtual circuit traffic-shaping options */ dcd_shaping_config /* Virtual circuit traffic-shaping options */ ), "oam-period" ( /* OAM cell period */ sc( c( arg, "disable" /* Disable F5 OAM loopback */.as(:oneline) ) ) ).as(:oneline), "oam-liveness" ( /* OAM virtual circuit liveness parameters */ c( "up-count" arg /* Number of OAM cells to consider VC up */, "down-count" arg /* Number of OAM cells to consider VC down */ ) ), "ppp-options" ( /* Point-to-Point Protocol interface-specific options */ ppp_options_type /* Point-to-Point Protocol interface-specific options */ ), "pppoe-options" ( /* PPP over Ethernet interface-specific options */ pppoe_options_type /* PPP over Ethernet interface-specific options */ ), "pppoe-underlying-options" ( /* PPP over Ethernet underlying interface-specific options */ pppoe_underlying_options_type /* PPP over Ethernet underlying interface-specific options */ ), "advisory-options" ( /* Interface-specific recommendations */ advisory_options_type /* Interface-specific recommendations */ ), "auto-configure" ( /* Auto configuration */ auto_configure_vlan_type /* Auto configuration */ ), "demux-options" ( /* IP demux interface-specific options */ demux_options_type /* IP demux interface-specific options */ ), "targeted-distribution" ( /* Interface participates in targeted-distribution */ c( "primary-list" arg /* Primary targeted distribution list */, "backup-list" arg /* Backup targeted distribution list */, "standby-list" arg /* Standby targeted distribution list */ ) ), "targeted-options" ( /* Targeting specific options */ c( "weight" ( /* Targeting weight for subscriber */ ("$junos-interface-target-weight" | arg) ), "primary" ( /* Primary link for the subscriber */ interface_device /* Primary link for the subscriber */ ), "backup" ( /* Backup link for the subscriber */ interface_device /* Backup link for the subscriber */ ), "group" arg /* Group name to which the subscriber is associated */ ) ), c( "keepalives" ( /* Send or demand keepalive messages */ keepalives_type /* Send or demand keepalive messages */ ).as(:oneline), "no-keepalives" /* Do not send or demand keepalive messages */ ), "inverse-arp" /* Enable inverse ARP */, "transmit-weight" arg /* ATM2 transmit weight for VC under VP tunnel */, "epd-threshold" ( /* Early packet discard threshold for ATM2 */ epd_threshold_config /* Early packet discard threshold for ATM2 */ ).as(:oneline), "cell-bundle-size" arg /* L2 circuit cell bundle size */, "cell-bundle-timeout" arg /* L2 circuit cell bundle timeout */, "plp-to-clp" /* Enable ATM2 PLP to CLP copy */, "atm-scheduler-map" arg /* Assign ATM2 CoS scheduling map */, "mrru" arg /* Maximum received reconstructed unit */, "short-sequence" /* Short sequence number header format (MLPPP only) */, "fragment-threshold" arg /* Fragmentation threshold */, "drop-timeout" arg /* Drop timeout */, "disable-mlppp-inner-ppp-pfc" /* Disable compression for inner PPP header in MLPPP payload */, "minimum-links" arg /* Minimum number of links to sustain the bundle */, "multilink-max-classes" arg /* Number of multilink classes */, "compression" ( /* Various packet header compressions */ c( "rtp" ( /* Compress and decompress RTP */ c( "f-max-period" arg /* Maximum number of compressed packets between transmission of full headers */, "queues" ( /* Queue holding RTP packets. Default is queue 1 */ ("q0" | "q1" | "q2" | "q3") ), "port" ( /* UDP destination ports reserved for RTP packets */ sc( "minimum" arg, "maximum" arg ) ).as(:oneline), "maximum-contexts" ( /* Maximum number of simultaneous RTP contexts */ sc( arg ) ).as(:oneline) ) ) ) ), "interleave-fragments" /* Interleave long packets with high priority ones */, "link-layer-overhead" ( /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ unsigned_float /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ ), "accounting-profile" arg /* Accounting profile name */, "peer-unit" arg /* Peer unit number */, "tunnel" ( /* Tunnel parameters */ c( "encapsulation" ( /* Encapsulation over tunnel */ c( "vxlan-gpe" ( c( "source" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ), "mac-address" ( /* Interface source mac address */ mac_addr /* Interface source mac address */ ), "interface" ( /* Name of the interface */ interface_name /* Name of the interface */ ) ) ), "destination" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ), "mac-address" ( /* Interface destination mac address */ mac_addr /* Interface destination mac address */ ) ) ), "tunnel-endpoint" ( /* Tunnel end point type */ ("vxlan") ), "destination-udp-port" arg /* Value to write to the destination-udp-port field */, "vni" arg /* Value to write to the vni field */ ) ), "udp" ( /* Family for tunnel encapsulation udp */ c( "source" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ), "interface" ( /* Name of the interface */ interface_name /* Name of the interface */ ) ) ), "destination" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ) ) ) ) ), "ipip" ( /* Family for tunnel encapsulation ipip */ c( "source" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ), "interface" ( /* Name of the interface */ interface_name /* Name of the interface */ ) ) ), "destination" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ) ) ) ) ) ) ), "source" ( /* Tunnel source */ ipaddr /* Tunnel source */ ), "destination" ( /* Tunnel destination */ ipaddr /* Tunnel destination */ ), "key" arg /* Tunnel key */, "backup-destination" ( /* Backup tunnel destination */ ipaddr /* Backup tunnel destination */ ), c( "allow-fragmentation" /* Do not set DF bit on packets */, "do-not-fragment" /* Set DF bit on packets */ ), "ttl" arg /* Time to live */, "traffic-class" arg /* TOS/Traffic class field of IP-header */, "flow-label" arg /* Flow label field of IP6-header */, "path-mtu-discovery" /* Enable path MTU discovery for tunnels */, "no-path-mtu-discovery" /* Don't enable path MTU discovery for tunnels */, "routing-instance" ( /* Routing instance to which tunnel ends belong */ c( "destination" arg /* Routing instance of tunnel destination */ ) ) ) ), "compression-device" ( /* Logical interface used for compression */ interface_unit /* Logical interface used for compression */ ), "atm-policer" ( /* ATM policing for logical interface */ c( "input-atm-policer" arg /* Input atm policer */ ) ), "layer2-policer" ( /* Layer2 policing for logical interface */ c( c( "input-policer" arg /* Two-color policer for received packets */, "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "input-three-color" arg /* Color-blind three-color policer for received packets */ ), c( "output-policer" ( /* Two-color policer for transmitted packets */ ("$junos-layer2-output-policer" | arg) ), "output-three-color" ( /* Three-color policer for transmitted packets */ ("$junos-layer2-output-policer" | arg) ) ) ) ), "filter" ( /* Filters to apply to all families configured under this logical interface */ c( c( "input" ( /* Name of filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline) ), c( "output" ( /* Name of filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline) ) ) ), "multi-chassis-protection" ( /* Inter-Chassis protection configuration */ multi_chassis_protection_group_ifl /* Inter-Chassis protection configuration */ ), "statistics" /* Enable statistics collection in PFE */, "esi" ( /* ESI configuration of logical interface */ c( "auto-derive" ( /* Auto-derive ESI value for the interface */ c( c( "lacp" /* Auto-derive ESI from lacp */ ) ) ), esi /* ESI value for the interface */, c( "single-active" /* Single-active mode */, "all-active" /* All-active mode */ ), "df-election-granularity" ( /* DF Election Granularity Selection */ c( c( "per-esi" ( /* DF Election Granularity Per Esi */ c( "lacp-oos-on-ndf" /* Lacp Oos */ ) ), "per-esi-vlan" /* Per Esi Vlan */ ) ) ), "df-election-type" ( /* DF Election Type */ c( c( "preference" ( /* Preference based DF election */ c( "value" arg /* Preference value for EVPN Multihoming DF election */ ) ) ), c( "mod" /* MOD based DF election */ ) ) ), "source-bmac" ( /* Unicast Source B-MAC address per ESI for PBB-EVPN */ mac_unicast /* Unicast Source B-MAC address per ESI for PBB-EVPN */ ) ) ), c( "no-auto-virtual-gateway-esi" /* Disable auto ESI generation for virtual gateway address */, "virtual-gateway-esi" ( /* ESI configuration of virtual gateway */ c( esi /* ESI value for the interface */, c( "single-active" /* Single-active mode */, "all-active" /* All-active mode */ ) ) ) ), "service" ( /* Service operations */ c( "pcef" arg ( /* PCEF configuration */ c( "activate-all" /* Activate all rules and rulebases in the pcef profile */, "activate" arg /* Name of pcef profile rule or rulebase to activate */ ) ) ) ), "generate-eui64" /* To generate Link Local EUI-64 addresses */, "no-generate-eui64" /* Don't to generate Link Local EUI-64 addresses */, "family" ( /* Protocol family */ c( "inet" ( /* IPv4 parameters */ c( "dhcp" ( /* Dynamic Host Configuration Protocol client configuration */ dhcp_client_type /* Dynamic Host Configuration Protocol client configuration */ ), "targeted-broadcast" ( /* Directed broadcast */ c( c( "forward-and-send-to-re" /* Allow packets to be forwarded and sent to re */, "forward-only" /* Allow packets only to be forwarded */ ) ) ), "destination-class-usage" /* Enable destination class usage on this interface */, "transit-options-packets" /* Transit IP options packets (don't send to Routing Engine) */, "transit-ttl-exceeded" /* Transit IP TTL-exceeded packets (don't send to Routing Engine) */, "receive-options-packets" /* Receive IP options packets (don't send to Routing Engine) */, "receive-ttl-exceeded" /* Receive IP TTL-exceeded packets (don't send to Routing Engine) */, "accounting" ( /* Configure interface-based accounting options */ c( "source-class-usage" ( /* Enable source class usage on this interface */ c( "input" /* Specify this interface for source-class-usage input */, "output" /* Specify this interface for source-class-usage output */ ) ), "destination-class-usage" /* Enable destination class usage on this interface */ ) ), "mac-validate" ( /* Validate source MAC address */ ("strict" | "loose") ), "rpf-check" ( /* Enable reverse-path-forwarding checks on this interface */ c( "fail-filter" arg /* Name of filter applied to packets failing RPF check */, "mode" ( /* Mode for reverse path forwarding */ sc( "loose" /* Reverse-path-forwarding loose mode */ ) ).as(:oneline) ) ), "mtu" arg /* Protocol family maximum transmission unit */, "arp-max-cache" arg /* Max interface ARP nexthop cache size */, "arp-new-hold-limit" arg /* Max no. of new unresolved nexthops */, "tcp-mss" arg /* Protocol family tcp maximum segment size */, "no-redirects" /* Do not redirect traffic */, "no-neighbor-learn" /* Disable neighbor address learning on interface */, "unconditional-src-learn" /* Glean from arp packets even when source cannot be validated */, "multicast-only" /* Allow only multicast traffic (tunnels only) */, "primary" /* Candidate for primary interface in system */, "ipsec-sa" arg /* Name of security association */, "allow-filter-on-re" /* Enable kernel filter on network ports */, "demux-source" ("$junos-subscriber-ip-address" | arg) /* Demux based on source prefix */, "demux-destination" ("$junos-subscriber-ip-address" | arg) /* Demux based on destination prefix */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, "output-chain" arg /* List of filter modules applied to transmitted packets */, c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "iq-policing-filter" ( /* Protocol family ingress-queuing-policing-filter */ sc( arg /* Name of the ingress-queuing-policing-filter */ ) ).as(:oneline), "simple-filter" ( /* Filter for doing multifield classification */ c( "input" arg /* Name of simple filter applied to received packets */ ) ), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "arp" arg /* Name of policer applied to received ARP packets */, "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ), "service" ( /* Service operations */ c( "input" ( /* Service sets to consider for received packets */ c( "service-set" arg ( /* Service set to consider for received packets */ c( "service-filter" arg /* Name of service filter */ ) ), "post-service-filter" arg /* Post-service filter to apply to received packets */ ) ), "output" ( /* Service sets to consider for transmitted packets */ c( "service-set" arg ( /* Service set to consider for transmitted packets */ c( "service-filter" arg /* Name of service filter */ ) ) ) ) ) ), "next-hop-tunnel" arg ( /* One or more next-hop tunnel tables */ c( "ipsec-vpn" arg /* Name of IPSec VPN */ ) ), "tunnel-termination" /* Tunnel termination */, "address" arg ( /* Interface address/destination prefix */ c( "destination" ( /* Destination address */ ipv4addr /* Destination address */ ), "destination-profile" arg /* Profile to use for destination address */, "broadcast" ( /* Broadcast address */ ipv4addr /* Broadcast address */ ), "primary" /* Candidate for primary address in system */, "preferred" /* Preferred address on interface */, "master-only" /* Master management IP address for router */, "multipoint-destination" arg ( /* Multipoint NBMA destination */ c( c( "dlci" arg /* Frame Relay data-link control identifier */, "vci" ( /* ATM virtual circuit identifier ([vpi.]vci) */ atm_vci /* ATM virtual circuit identifier ([vpi.]vci) */ ) ), "shaping" ( /* Virtual circuit traffic-shaping options */ dcd_shaping_config /* Virtual circuit traffic-shaping options */ ), "oam-period" ( /* OAM cell period */ sc( c( arg, "disable" /* Disable OAM loopback */.as(:oneline) ) ) ).as(:oneline), "oam-liveness" ( /* OAM virtual circuit liveness parameters */ c( "up-count" arg /* Number of OAM cells to consider VC up */, "down-count" arg /* Number of OAM cells to consider VC down */ ) ), "inverse-arp" /* Enable inverse ARP reply messages */, "transmit-weight" arg /* ATM2 transmit weight for VC under VP tunnel */, "epd-threshold" ( /* Early packet discard threshold for ATM2 */ epd_threshold_config /* Early packet discard threshold for ATM2 */ ).as(:oneline) ) ), "arp" arg ( /* Static Address Resolution Protocol entries */ sc( "l2-interface" ( /* Layer 2 interface name for ARP entry */ interface_name /* Layer 2 interface name for ARP entry */ ), c( "mac" ( /* MAC address */ mac_unicast /* MAC address */ ), "multicast-mac" ( /* Multicast MAC address */ mac_multicast /* Multicast MAC address */ ) ), "publish" /* Reply to ARP requests for this entry */ ) ).as(:oneline), "host-discovery" arg ( /* Discover servers IP based on subnet range */ sc( "aging-timer" arg /* ARP aging timer */, "discovery-interval" arg /* ARP proactive discovery time */ ) ).as(:oneline), "web-authentication" ( /* Parameters for web-based firewall-user authentication */ c( "http" /* Enable authentication via HTTP */, "https" /* Enable authentication via HTTPS */, "redirect-to-https" /* Web authentication redirect to HTTPS */ ) ), "vrrp-group" ( /* VRRP group */ vrrp_group /* VRRP group */ ), "virtual-gateway-address" ( /* Virtual Gateway IP address */ ipv4addr /* Virtual Gateway IP address */ ) ) ), "unnumbered-address" ( /* Unnumbered interface address/destination prefix */ sc( interface_unit /* Interface from which to take local address */, "preferred-source-address" ( /* Preferred address on the donor interface */ ("$junos-preferred-source-address" | arg) ), "destination" ( /* Destination address */ ipv4addr /* Destination address */ ), "destination-profile" arg /* Profile to use for destination address */ ) ).as(:oneline), "location-pool-address" ( /* Location-based IP address pool */ c( arg ) ), "negotiate-address" /* Negotiate address with remote */, "destination-udp-port" arg /* Choose destination UDP port number */ ) ), "iso" ( /* OSI ISO protocol parameters */ c( "address" arg /* Interface address */, "mtu" arg /* Protocol family maximum transmission unit */, "destination-udp-port" arg /* Choose destination UDP port number */ ) ), "inet6" ( /* IPv6 protocol parameters */ c( "dhcpv6-client" ( /* Dynamic Host Configuration Protocol DHCPv6 client configuration */ c( "client-type" ( /* DHCPv6 client type */ ("stateful" | "autoconfig") ), "client-ia-type" enum(("ia-na" | "ia-pd")) /* DHCPv6 client identity association type */, "rapid-commit" /* Option is used to signal the use of the two message exchange for address assignment */, "prefix-delegating" ( /* Prefix delegating parameters */ c( "preferred-prefix-length" arg /* Client preferred prefix length */, "sub-prefix-length" arg /* The sub prefix length for LAN interfaces */ ) ), "client-identifier" ( /* DHCP Server identifies a client by client-identifier value */ sc( "duid-type" ( /* DUID identifying a client */ ("duid-llt" | "vendor" | "duid-ll") ) ) ).as(:oneline), "vendor-id" arg /* Vendor class id for the dhcpv6 client */, "req-option" enum(("dns-server" | "domain" | "ntp-server" | "time-zone" | "sip-server" | "sip-domain" | "nis-server" | "nis-domain" | "fqdn" | "vendor-spec" | "zero-touch-redirect" | "bootfile-url" | "bootfile-param")) /* DHCPV6 client requested option configuration */, "options" ( /* DHCP options */ c( "number" arg ( /* DHCP option code */ sc( c( "hex-string" arg /* Hexadecimal string */ ) ) ).as(:oneline) ) ), "retransmission-attempt" arg /* Number of attempts to retransmit the DHCPV6 client protocol packet */, "no-dns-install" /* Not propagate DNS to kernel */, "update-router-advertisement" ( /* Dhcpv6 client update rpd for prefix delegation */ c( "interface" arg ( /* Interfaces on which to delegate prefix */ c( "managed-configuration" /* Set managed address configuration */, "no-managed-configuration" /* Don't set managed address configuration */, "other-stateful-configuration" /* Set other stateful configuration */, "no-other-stateful-configuration" /* Don't set other stateful configuration */, "max-advertisement-interval" arg /* Maximum advertisement interval */, "min-advertisement-interval" arg /* Minimum advertisement interval */, "enable-recursive-dns-server-option" /* Enables the recursive DNS server option */, "no-enable-recursive-dns-server-option" /* Don't enables the recursive DNS server option */ ) ) ) ), "update-server" /* Propagate TCP/IP settings to DHCP server */ ) ), "rpf-check" ( /* Enable reverse-path-forwarding checks on this interface */ c( "fail-filter" arg /* Name of filter applied to packets failing RPF check */, "mode" ( /* Mode for reverse path forwarding */ sc( "loose" /* Reverse-path-forwarding loose mode */ ) ).as(:oneline) ) ), "accounting" ( /* Interface-based accounting options */ c( "source-class-usage" ( c( "input" /* Interface for source-class-usage input */, "output" /* Interface for source-class-usage output */ ) ), "destination-class-usage" /* Enable destination class usage on this interface */ ) ), "mtu" arg /* Protocol family maximum transmission unit */, "tcp-mss" arg /* Protocol family tcp maximum segment size */, "nd6-stale-time" arg /* Stale time to reconfirm reachability with inet6 neighbour */, "no-neighbor-learn" /* Disable neighbor address learning on interface */, "slaac-enable" /* Enable slaac on management interface */, "ndp-proxy" ( /* Enable ndp proxy on interface */ c( "interface-restricted" /* Enable ndp interface proxy restricted to interface */ ) ), "dad-proxy" ( /* DAD proxy on interface */ c( "interface-restricted" /* Enable DAD interface proxy restricted to interface */ ) ), "nd6-max-cache" arg /* Max interface ND nexthop cache size */, "nd6-new-hold-limit" arg /* Max no. of new unresolved nexthops */, "no-redirects" /* Do not redirect traffic */, "allow-filter-on-re" /* Enable kernel filter on network ports */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, "output-chain" arg /* List of filter modules applied to transmitted packets */, "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ), "service" ( /* Service operations */ c( "input" ( /* Service sets to consider for received packets */ c( "service-set" arg ( /* Service set to consider for received packets */ c( "service-filter" arg /* Name of service filter */ ) ), "post-service-filter" arg /* Post-service filter to apply to received packets */ ) ), "output" ( /* Service sets to consider for transmitted packets */ c( "service-set" arg ( /* Service set to consider for transmitted packets */ c( "service-filter" arg /* Name of service filter */ ) ) ) ) ) ), "tunnel-termination" /* Tunnel termination */, "address" arg ( /* Interface address or destination prefix */ c( "destination" ( /* Destination address */ ipv6addr /* Destination address */ ), "eui-64" /* Generate EUI-64 interface ID */, "primary" /* Candidate for primary address in system */, "preferred" /* Preferred address on interface */, "master-only" /* Master management IP address for router */, "ndp" arg ( /* Static Neighbor Discovery Protocol entries */ sc( "l2-interface" ( /* Layer 2 interface name for NDP entry */ interface_name /* Layer 2 interface name for NDP entry */ ), c( "mac" ( /* MAC address */ mac_unicast /* MAC address */ ), "multicast-mac" ( /* Multicast MAC address */ mac_multicast /* Multicast MAC address */ ) ), "publish" /* Reply to NDP requests for this entry */ ) ).as(:oneline), "vrrp-inet6-group" ( /* VRRP group */ vrrp_group /* VRRP group */ ), "web-authentication" ( /* Parameters for web-based firewall-user authentication */ c( "http" /* Enable authentication via HTTP */, "https" /* Enable authentication via HTTPS */, "redirect-to-https" /* Web authentication redirect to HTTPS */ ) ), "virtual-gateway-address" ( /* Virtual Gateway IP address */ ipv6addr /* Virtual Gateway IP address */ ), "subnet-router-anycast" /* Create a subnet roter anycast address for this address. */ ) ), "demux-source" ("$junos-subscriber-ipv6-address" | arg | "$junos-subscriber-ipv6-multi-address") /* Demux based on source prefix */, "demux-destination" ("$junos-subscriber-ipv6-address" | arg) /* Demux based on destination prefix */, "unnumbered-address" ( /* Unnumbered interface address/destination prefix */ sc( interface_unit /* Interface from which to take local address */, "preferred-source-address" ( /* Preferred address on the donor interface */ ("$junos-preferred-source-ipv6-address" | arg) ) ) ).as(:oneline), "dad-disable" /* Disable duplicate-address-detection */, "no-dad-disable" /* Don't disable duplicate-address-detection */, "destination-udp-port" arg /* Choose destination UDP port number */ ) ), "mpls" ( /* MPLS protocol parameters */ c( "mtu" arg /* Protocol family maximum transmission unit */, "maximum-labels" arg /* Protocol family maximum number of labels */, "filter" ( /* Packet filtering */ c( c( "input" arg /* Name of filter applied to received packets */, "input-list" arg /* List of filter modules applied to received packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, c( "output" arg /* Name of filter applied to transmitted packets */, "output-list" arg /* List of filter modules applied to transmitted packets */ ), "output-chain" arg /* List of filter modules applied to transmitted packets */, "group" arg /* Interface group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "destination-udp-port" arg /* Choose destination UDP port number */ ) ), "mlppp" ( /* Multilink PPP protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ ("$junos-bundle-interface-name" | arg) ), c( "service-interface" ( /* Services interface to use */ interface_device /* Services interface to use */ ), "service-device-pool" arg /* Service interface pool name to use */ ), "dynamic-profile" arg /* dynamic profile for interface to use */ ) ), "mlfr-end-to-end" ( /* Multilink Frame Relay end-to-end protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ interface_unit /* Logical interface name this link will join */ ) ) ), "mlfr-uni-nni" ( /* Multilink Frame Relay UNI NNI protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ interface_unit /* Logical interface name this link will join */ ) ) ), "ccc" ( /* Circuit cross-connect parameters */ c( "mtu" arg /* Protocol family maximum transmission unit */, "filter" ( /* Packet filtering */ c( c( "input" arg /* Name of filter applied to received packets */, "input-list" arg /* List of filter modules applied to received packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, c( "output" arg /* Name of filter applied to transmitted packets */, "output-list" arg /* List of filter modules applied to transmitted packets */ ), "output-chain" arg /* List of filter modules applied to transmitted packets */, "group" arg /* Interface group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "translate-fecn-and-becn" /* Translate FECN and BECN bits */, c( "translate-discard-eligible" /* Translate DE bit */, "translate-plp-control-word-de" /* Translate PLP to/from Martini Control DE bit */ ), "keep-address-and-control" /* Don't strip PPP address and control bytes */ ) ), "tcc" ( /* Translational cross-connect parameters */ c( "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "proxy" ( c( "inet-address" ( /* Remote host address on non-Ethernet side of Ethernet TCC */ ipv4addr /* Remote host address on non-Ethernet side of Ethernet TCC */ ) ) ), "remote" ( c( "inet-address" ( /* Remote host address on Ethernet side of Ethernet TCC */ ipv4addr /* Remote host address on Ethernet side of Ethernet TCC */ ), "mac-address" ( /* Remote host MAC address on Ethernet side of Ethernet TCC */ mac_addr /* Remote host MAC address on Ethernet side of Ethernet TCC */ ) ) ), "protocols" ( /* Protocols supported on TCC interface */ ("mpls" | "inet" | "iso" | "inet6") ) ) ), "vpls" ( /* Virtual private LAN service parameters */ c( "core-facing" /* Interface is core facing */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, "output-chain" arg /* List of filter modules applied to transmitted packets */, c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "iq-policing-filter" ( /* Protocol family ingress-queuing-policing-filter */ sc( arg /* Name of the ingress-queuing-policing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ) ) ), "bridge" ( /* Layer-2 bridging parameters */ c( "core-facing" /* Interface is core facing */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, "output-chain" arg /* List of filter modules applied to transmitted packets */, c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "iq-policing-filter" ( /* Protocol family ingress-queuing-policing-filter */ sc( arg /* Name of the ingress-queuing-policing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "interface-mode" ( /* Interface mode (access or trunk) */ ("access" | "trunk") ), "vlan-auto-sense" /* Enable VLAN auto sense on this interface */, "bridge-domain-type" ( /* Bridge domain type (svlan or bvlan) */ ("svlan" | "bvlan") ), "inter-switch-link" /* PVLAN inter switch link */, c( "vlan-id" arg /* Access mode and trunk mode VLAN membership */, "vlan-id-list" arg /* Trunk mode VLAN membership for this interface */, "inner-vlan-id-list" arg /* Trunk mode VLAN membership for this interface based on inner VLAN tag */ ), "vlan-rewrite" ( /* Specify vlan translation */ c( "translate" arg ( /* Translate incoming VLAN tag */ sc( arg ) ).as(:oneline) ) ), c( "isid-list" ( /* Specify the ISID list */ ("all-service-groups" | "all") ) ), "storm-control" ( /* Storm control profile name to bind */ c( arg /* Profile name */ ) ), "recovery-timeout" ( /* Recovery timeout for this interface */ sc( arg ) ).as(:oneline), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ) ) ), "ethernet-switching" ( /* Ethernet switching parameters */ ethernet_switching_type /* Ethernet switching parameters */ ), "fibre-channel" ( /* Fibre channel switching parameters */ fibre_channel_type /* Fibre channel switching parameters */ ), "pppoe" ( /* PPP over Ethernet underlying interface-specific options */ pppoe_underlying_options_type /* PPP over Ethernet underlying interface-specific options */ ), "any" ( /* Parameters for 'any' family */ c( "filter" ( /* Layer 2 packet filtering */ c( "input" arg /* Name of filter applied to received packets */, "group" arg /* Group to which interface belongs */ ) ) ) ) ) ), "service-domain" ( /* Service domain to which interface belongs */ ("inside" | "outside") ), "copy-tos-to-outer-ip-header" /* Copy IP payload header's ToS field to GRE delivery header */, "copy-tos-to-outer-ip-header-transit" /* Copy IP ToS field to GRE header for transit packets */, "force-control-packets-on-transit-path" /* Force control packets to follow transit path */, "load-balancing-options" ( /* AMS subunit load balancing options */ c( "preferred-active" ( /* Preferred active Interface name */ interface_device /* Preferred active Interface name */ ), "disable-hash" /* Hash based distribution is not needed for this subunit */, "hash-keys" ( c( "ingress-key" ( /* Hash Key for the ingress direction */ enum(("source-ip" | "destination-ip" | "protocol" | "iif")) ), "egress-key" ( /* Hash Key for the egress direction */ enum(("source-ip" | "destination-ip" | "protocol" | "oif")) ), "ipv6-source-prefix-length" ( /* IPv6 source prefix length for hash computation */ ("56" | "64" | "96" | "128") ) ) ) ) ), "mac" ( /* Configure logical interface MAC address */ mac_unicast /* Configure logical interface MAC address */ ), "virtual-gateway-v4-mac" ( /* Configure virtual gateway IPV4 virtual MAC address */ mac_unicast /* Configure virtual gateway IPV4 virtual MAC address */ ), "virtual-gateway-v6-mac" ( /* Configure virtual gateway IPV6 virtual MAC address */ mac_unicast /* Configure virtual gateway IPV6 virtual MAC address */ ), "forwarding-options" ( /* Aggregated Ethernet interface forwarding-options */ c( "load-balance-stateful" ( /* Stateful load balancing */ c( "per-flow" /* Enable feature */, "rebalance" arg /* Rebalancing interval */, "load-type" ( /* Load - defines the flows */ ("high" | "medium" | "low") ) ) ) ) ), "etree-ac-role" ( /* ETREE attachment circuit role */ ("root" | "leaf") ) ) ) ) ) end rule(:lrf_profile_object) do arg.as(:arg) ( c( "policy-based-logging" /* Set rule based on policy */, "http-log-multiple-transactions" /* Log http multiple transactions */, "rule" ( /* One or more LRF rules */ lrf_rule_object /* One or more LRF rules */ ), "collector" ( /* One or more LRF collectors */ lrf_collector_object /* One or more LRF collectors */ ), "vendor-support" ( /* LRF 3rd party vendor support sub-template */ ("ibm") ), "template" ( /* LRF template */ lrf_template_object /* LRF template */ ), "performance-mode" ( /* Enable performance mode knob for LRF performance */ lrf_perf_object /* Enable performance mode knob for LRF performance */ ) ) ) end rule(:lrf_template_object) do arg.as(:arg) ( c( "format" ( /* Template format */ ("ipfix") ), "template-type" ( /* Template type */ ("ipv4" | "ipv4-extended" | "ipv6" | "ipv6-extended" | "transport-layer" | "flow-id" | "ipflow" | "ipflow-ts" | "ipflow-extended" | "device-data" | "l7-app" | "http" | "subscriber-data" | "mobile-subscriber" | "ifl-subscriber" | "wireline-subscriber" | "ipflow-tcp-ts" | "ipflow-tcp" | "video" | "dns" | "status-code-distribution" | "pcc") ), "trigger-type" ( /* Trigger type */ ("session-close" | "volume" | "time") ), "template-tx-interval" arg /* Template export interval */ ) ) end rule(:lrf_collector_object) do arg.as(:arg) ( c( "destination" ( /* Destination collector configuration */ c( "address" ( /* Destination IPv4 address of collector */ ipv4addr /* Destination IPv4 address of collector */ ), "port" arg /* Destination port of collector */ ) ), "source-address" ( /* Source address to be used in the export packets */ ipv4addr /* Source address to be used in the export packets */ ) ) ) end rule(:lrf_perf_object) do c( "packet-count" arg /* Max packet inspection threshold including both c2s and s2c direction packets */ ) end rule(:lrf_rule_object) do arg.as(:arg) ( c( "match-direction" ( /* Match direction */ ("client-to-server" | "server-to-client" | "both") ), "from" ( /* Match criteria */ lrf_match_object /* Match criteria */ ), "then" ( /* Action to take for matched condition */ c( "report" ( /* Report action */ lrf_report_object /* Report action */ ) ) ) ) ) end rule(:lrf_match_object) do c( "source-prefix-list" arg ( /* One or more named lists of source prefixes to match */ sc( "except" /* Name of prefix list not to match against */ ) ).as(:oneline), "destination-prefix-list" arg ( /* One or more named lists of destination prefixes to match */ sc( "except" /* Name of prefix list not to match against */ ) ).as(:oneline), "source-ports" arg /* Source port list specification */, "destination-ports" arg /* Destination port list specification */, "app-unknown" /* Use to specify unknown application as the match criteria */, "application-names" ( /* Match one or more applications */ c( arg ) ), "application-groups" ( /* Match one or more application groups */ c( arg ) ) ) end rule(:lrf_report_object) do c( "volume-limit" arg /* Volume limit */, "time-limit" arg /* Time limit */, "template" arg /* Template to be used for export */, "collector" arg /* List of collectors that receive the export packets */ ) end rule(:lsp_set_match_type) do c( "lsp-name" arg /* LSP name that matches this string */, "lsp-regex" arg /* All LSPs that match this regular expression pattern */, "p2mp-name" arg /* P2MP names that match this string */, "p2mp-regex" arg /* P2MP names that match this regular expression pattern */, c( "egress" /* All LSPs for which this router is egress */, "ingress" /* All LSPs for which this router is ingress */, "transit" /* All LSPs for which this router is transit */ ) ) end rule(:lsp_nh_obj) do arg.as(:arg) ( c( "preference" arg /* Preference of LSP next hop */, "metric" arg /* Metric of LSP next hop */ ) ) end rule(:mac_addr_list_items) do arg.as(:arg) end rule(:mac_list) do arg.as(:arg) ( c( "policer" ( /* MAC policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ) ) ) end rule(:mape_object) do arg.as(:arg) ( c( "softwire-address" ( /* Softwire concentrator IPV6 Address */ ipv6addr /* Softwire concentrator IPV6 Address */ ), "ipv4-prefix" ( /* MAP-E domains's rule IPv4 prefix/len */ ipv4prefix /* MAP-E domains's rule IPv4 prefix/len */ ), "mape-prefix" ( /* MAP-E domain's rule IPV6 prefix/len */ ipv6prefix /* MAP-E domain's rule IPV6 prefix/len */ ), "ea-bits-len" arg /* MAP-E domain's rule EA (Embedded Address) len */, "psid-offset" arg /* MAP-E domain's PSID offset */, "psid-length" arg /* MAP-E domain's PSID length */, "mtu-v6" arg /* MTU for the MAP-E softwire tunnel */, "version-03" /* MAP-E map-03 support */, "v4-reassembly" /* MAP-E IPv4 reassembly support */, "v6-reassembly" /* MAP-E IPv6 reassembly support */, "disable-auto-route" /* MAP-E Disable Auto Route */ ) ) end rule(:martian_type) do s( arg, c( "exact" arg /* Exactly match the prefix length */, "longer" arg /* Mask is greater than the prefix length */, "orlonger" arg /* Mask is greater than or equal to the prefix length */, "upto" arg /* Mask falls between two prefix lengths */, "through" arg /* Route falls between two prefixes */, "prefix-length-range" arg /* Mask falls between two prefix lengths */ ), c( "allow" ) ).as(:oneline) end rule(:match_l2_flexible_mask) do c( "match-start" ( /* Start point to match in packet */ ("layer-2" | "layer-3" | "layer-4" | "payload") ), "byte-offset" arg /* Byte offset after the match start point */, "bit-offset" arg /* Bit offset after the (match-start + byte) offset */, "bit-length" arg /* Length of integer input (1..32 bits), Optional length of string input (1..128 bits) */, "mask-in-hex" arg /* Mask out bits in the packet data to be matched */, "prefix" arg /* Value data/string to be matched */, "flexible-mask-name" arg /* Select a flexible match from predefined template field */ ) end rule(:match_l2_flexible_range) do c( "match-start" ( /* Start point to match in packet */ ("layer-2" | "layer-3" | "layer-4" | "payload") ), "byte-offset" arg /* Byte offset after the match start point */, "bit-offset" arg /* Bit offset after the (match-start + byte) offset */, "bit-length" arg /* Length of the data to be matched in bits */, c( "range" arg /* Range of values to be matched */, "range-except" arg /* Range of values to be not matched */ ), "flexible-range-name" arg /* Select a flexible match from predefined template field */ ) end rule(:match_l3_flexible_mask) do c( "match-start" ( /* Start point to match in packet */ ("layer-3" | "layer-4" | "payload") ), "byte-offset" arg /* Byte offset after the match start point */, "bit-offset" arg /* Bit offset after the (match-start + byte) offset */, "bit-length" arg /* Length of integer input (1..32 bits), Optional length of string input (1..128 bits) */, "mask-in-hex" arg /* Mask out bits in the packet data to be matched */, "prefix" arg /* Value data/string to be matched */, "flexible-mask-name" arg /* Select a flexible match from predefined template field */ ) end rule(:match_l3_flexible_range) do c( "match-start" ( /* Start point to match in packet */ ("layer-3" | "layer-4" | "payload") ), "byte-offset" arg /* Byte offset after the match start point */, "bit-offset" arg /* Bit offset after the (match-start + byte) offset */, "bit-length" arg /* Length of the data to be matched in bits */, c( "range" arg /* Range of values to be matched */, "range-except" arg /* Range of values to be not matched */ ), "flexible-range-name" arg /* Select a flexible match from predefined template field */ ) end rule(:match_flags_value) do c( arg /* Value data to be matched */, "mask-in-hex" arg /* Mask out bits in the packet data to be matched */ ) end rule(:match_interface_object) do arg.as(:arg).as(:oneline) end rule(:match_interface_object_oam) do arg.as(:arg).as(:oneline) end rule(:match_interface_set_object) do arg.as(:arg).as(:oneline) end rule(:match_li_simple_dscp_value) do c( c( "af11" /* Assured Forwarding Class 1, Low Drop Precedence */, "af12" /* Assured Forwarding Class 1, Medium Drop Precedence */, "af13" /* Assured Forwarding Class 1, High Drop Precedence */, "af21" /* Assured Forwarding Class 2, Low Drop Precedence */, "af22" /* Assured Forwarding Class 2, Medium Drop Precedence */, "af23" /* Assured Forwarding Class 2, High Drop Precedence */, "af31" /* Assured Forwarding Class 3, Low Drop Precedence */, "af32" /* Assured Forwarding Class 3, Medium Drop Precedence */, "af33" /* Assured Forwarding Class 3, High Drop Precedence */, "af41" /* Assured Forwarding Class 4, Low Drop Precedence */, "af42" /* Assured Forwarding Class 4, Medium Drop Precedence */, "af43" /* Assured Forwarding Class 4, High Drop precedence */, "ef" /* Expedited Forwarding */, "cs0" /* Class Selector 0 */, "cs1" /* Class Selector 1 */, "cs2" /* Class Selector 2 */, "cs3" /* Class Selector 3 */, "cs4" /* Class Selector 4 */, "cs5" /* Class Selector 5 */, "cs6" /* Class Selector 6 */, "cs7" /* Class Selector 7 */, "be" /* Best effort (default) */, arg /* Range of values */ ) ) end rule(:match_li_simple_port_value) do c( c( "ftp-data" /* FTP Data */, "ftp" /* FTP */, "ssh" /* Secure Shell */, "telnet" /* Telnet */, "smtp" /* Simple Mail Transfer Protocol */, "tacacs" /* TACACS or TACACS+ */, "tacacs-ds" /* TACACS-DS */, "domain" /* Domain Name System (DNS) */, "dhcp" /* Dynamic Host Configuration Protocol */, "bootps" /* Bootstrap Protocol Server */, "bootpc" /* Bootstrap Protocol Client */, "tftp" /* Trivial FTP */, "finger" /* Finger */, "http" /* Hypertext Transfer Protocol */, "kerberos-sec" /* Kerberos Security */, "pop3" /* Post Office Protocol 3 */, "sunrpc" /* Sun Microsystems Remote Procedure Call */, "ident" /* Ident */, "nntp" /* Network News Transport Protocol */, "ntp" /* Network Time Protocol */, "netbios-ns" /* NetBIOS Name Service */, "netbios-dgm" /* NetBIOS DGM */, "netbios-ssn" /* NetBIOS Session Service */, "imap" /* Internet Message Access Protocol */, "snmp" /* Simple Network Management Protocol */, "snmptrap" /* Simple Network Management Protocol Traps */, "xdmcp" /* X Display Manager Control Protocol */, "bgp" /* Border Gateway Protocol */, "ldap" /* Lightweight Directory Access Protocol */, "mobileip-agent" /* Mobile IP agent */, "mobilip-mn" /* Mobile IP MN */, "msdp" /* Multicast Source Discovery Protocol */, "https" /* Secure HTTP */, "snpp" /* Simple Paging Protocol */, "biff" /* Biff/Comsat */, "exec" /* UNIX rexec */, "login" /* UNIX rlogin */, "who" /* UNIX rwho */, "cmd" /* UNIX rsh */, "syslog" /* System Log */, "printer" /* Printer */, "talk" /* UNIX Talk */, "ntalk" /* New Talk */, "rip" /* Routing Information Protocol */, "timed" /* UNIX Time Daemon */, "klogin" /* Kerberos rlogin */, "kshell" /* Kerberos rsh */, "ldp" /* Label Distribution Protocol */, "krb-prop" /* Kerberos Database Propagation */, "krbupdate" /* Kerberos Database Update */, "kpasswd" /* Kerberos passwd */, "socks" /* Socks */, "afs" /* AFS */, "pptp" /* Point-to-Point Tunneling Protocol */, "radius" /* RADIUS Authentication */, "radacct" /* RADIUS Accounting */, "zephyr-srv" /* Zephyr Server */, "zephyr-clt" /* Zephyr serv-hm Connection */, "zephyr-hm" /* Zephyr hostmanager */, "nfsd" /* Network File System */, "eklogin" /* Encrypted Kerberos rlogin */, "ekshell" /* Encrypted Kerberos rsh */, "rkinit" /* Kerberos remote kinit */, "cvspserver" /* CVS pserver */, arg /* Range of values */ ) ) end rule(:match_li_simple_protocol_value) do c( c( "icmp" /* Internet Control Message Protocol */, "igmp" /* Internet Group Management Protocol */, "ipip" /* IP in IP */, "tcp" /* Transmission Control Protocol */, "egp" /* Exterior Gateway Protocol */, "udp" /* User Datagram Protocol */, "rsvp" /* Resource Reservation Protocol */, "gre" /* Generic Routing Encapsulation */, "esp" /* IPSec Encapsulating Security Payload */, "ah" /* IP Security Authentication Header */, "icmp6" /* Internet Control Message Protocol version 6 */, "ospf" /* Open Shortest Path First */, "pim" /* Protocol Independent Multicast */, "sctp" /* Stream Control Transmission Protocol */, "ipv6" /* IPv6 in IP */, "dstopts" /* IPv6 Destination Options */, "routing" /* IPv6 Routing Header */, "fragment" /* IPv6 Fragment Header */, "no-next-header" /* IPv6 No Next Header */, "hop-by-hop" /* IPv6 Hop-By-Hop options */, "vrrp" /* Virtual Router Redundancy Protocol */, arg /* Range of values */ ) ) end rule(:match_simple_dscp_value) do c( c( "af11" /* Assured forwarding class 1, low drop precedence */, "af12" /* Assured forwarding class 1, medium drop precedence */, "af13" /* Assured forwarding class 1, high drop precedence */, "af21" /* Assured forwarding class 2, low drop precedence */, "af22" /* Assured forwarding class 2, medium drop precedence */, "af23" /* Assured forwarding class 2, high drop precedence */, "af31" /* Assured forwarding class 3, low drop precedence */, "af32" /* Assured forwarding class 3, medium drop precedence */, "af33" /* Assured forwarding class 3, high drop precedence */, "af41" /* Assured forwarding class 4, low drop precedence */, "af42" /* Assured forwarding class 4, medium drop precedence */, "af43" /* Assured forwarding class 4, high drop precedence */, "ef" /* Expedited forwarding */, "cs0" /* Class selector 0 */, "cs1" /* Class selector 1 */, "cs2" /* Class selector 2 */, "cs3" /* Class selector 3 */, "cs4" /* Class selector 4 */, "cs5" /* Class selector 5 */, "cs6" /* Class selector 6 */, "cs7" /* Class selector 7 */, "be" /* Best effort (default) */, arg /* Range of values */ ) ) end rule(:match_simple_payload_protocol_value) do c( c( "icmp" /* Internet Control Message Protocol */, "igmp" /* Internet Group Management Protocol */, "ipip" /* IP in IP */, "tcp" /* Transmission Control Protocol */, "egp" /* Exterior gateway protocol */, "udp" /* User Datagram Protocol */, "rsvp" /* Resource Reservation Protocol */, "gre" /* Generic routing encapsulation */, "esp" /* IPSec Encapsulating Security Payload */, "ah" /* IP Security authentication header */, "icmp6" /* Internet Control Message Protocol Version 6 */, "ospf" /* Open Shortest Path First */, "pim" /* Protocol Independent Multicast */, "sctp" /* Stream Control Transmission Protocol */, "ipv6" /* IPv6 in IP */, "no-next-header" /* IPv6 no next header */, "vrrp" /* Virtual Router Redundancy Protocol */, arg /* Range of values */ ) ) end rule(:match_simple_port_value) do c( c( "ftp-data" /* FTP data */, "ftp" /* FTP */, "ssh" /* Secure shell */, "telnet" /* Telnet */, "smtp" /* Simple Mail Transfer Protocol */, "tacacs" /* TACACS or TACACS+ */, "tacacs-ds" /* TACACS-DS */, "domain" /* Domain Name System (DNS) */, "dhcp" /* Dynamic Host Configuration Protocol */, "bootps" /* Bootstrap protocol server */, "bootpc" /* Bootstrap protocol client */, "tftp" /* Trivial FTP */, "finger" /* Finger */, "http" /* Hypertext Transfer Protocol */, "kerberos-sec" /* Kerberos Security */, "pop3" /* Post Office Protocol 3 */, "sunrpc" /* Sun Microsystems remote procedure call */, "ident" /* Ident */, "nntp" /* Network News Transport Protocol */, "ntp" /* Network Time Protocol */, "netbios-ns" /* NetBIOS name service */, "netbios-dgm" /* NetBIOS DGM */, "netbios-ssn" /* NetBIOS session service */, "imap" /* Internet Message Access Protocol */, "snmp" /* Simple Network Management Protocol */, "snmptrap" /* SNMP traps */, "xdmcp" /* X Display Manager Control Protocol */, "bgp" /* Border Gateway Protocol */, "ldap" /* Lightweight Directory Access Protocol */, "mobileip-agent" /* Mobile IP agent */, "mobilip-mn" /* Mobile IP MN */, "msdp" /* Multicast Source Discovery Protocol */, "https" /* Secure HTTP */, "snpp" /* Simple paging protocol */, "biff" /* Biff/Comsat */, "exec" /* UNIX rexec */, "login" /* UNIX rlogin */, "who" /* UNIX rwho */, "cmd" /* UNIX rsh */, "syslog" /* System log */, "printer" /* Printer */, "talk" /* UNIX Talk */, "ntalk" /* New Talk */, "rip" /* Routing Information Protocol */, "timed" /* UNIX time daemon */, "klogin" /* Kerberos rlogin */, "kshell" /* Kerberos rsh */, "ldp" /* Label Distribution Protocol */, "krb-prop" /* Kerberos database propagation */, "krbupdate" /* Kerberos database update */, "kpasswd" /* Kerberos passwd */, "socks" /* Socks */, "afs" /* AFS */, "pptp" /* Point-to-Point Tunneling Protocol */, "radius" /* RADIUS authentication */, "radacct" /* RADIUS accounting */, "zephyr-srv" /* Zephyr server */, "zephyr-clt" /* Zephyr serv-hm connection */, "zephyr-hm" /* Zephyr hostmanager */, "nfsd" /* Network File System */, "eklogin" /* Encrypted Kerberos rlogin */, "ekshell" /* Encrypted Kerberos rsh */, "rkinit" /* Kerberos remote kinit */, "cvspserver" /* CVS pserver */, arg /* Range of values */ ) ) end rule(:match_simple_protocol_value) do c( c( "icmp" /* Internet Control Message Protocol */, "igmp" /* Internet Group Management Protocol */, "ipip" /* IP in IP */, "tcp" /* Transmission Control Protocol */, "egp" /* Exterior gateway protocol */, "udp" /* User Datagram Protocol */, "rsvp" /* Resource Reservation Protocol */, "gre" /* Generic routing encapsulation */, "esp" /* IPSec Encapsulating Security Payload */, "ah" /* IP Security authentication header */, "icmp6" /* Internet Control Message Protocol Version 6 */, "ospf" /* Open Shortest Path First */, "pim" /* Protocol Independent Multicast */, "sctp" /* Stream Control Transmission Protocol */, "dstopts" /* IPv6 destination options */, "routing" /* IPv6 routing header */, "fragment" /* IPv6 fragment header */, "hop-by-hop" /* IPv6 hop by hop options */, "ipv6" /* IPv6 in IP */, "no-next-header" /* IPv6 no next header */, "vrrp" /* Virtual Router Redundancy Protocol */, arg /* Range of values */ ) ) end rule(:metric_expression_type) do c( "metric" ( /* Parameters for metric attribute */ sc( "multiplier" ( /* Coefficient for metric attribute */ float /* Coefficient for metric attribute */ ), "offset" arg /* Offset for metric attribute */ ) ).as(:oneline), "metric2" ( /* Parameters for metric2 attribute */ sc( "multiplier" ( /* Coefficient for metric2 attribute */ float /* Coefficient for metric2 attribute */ ), "offset" arg /* Offset for metric2 attribute */ ) ).as(:oneline) ) end rule(:mib_variable_name_object) do arg.as(:arg).as(:oneline) end rule(:mirror_profile_attributes) do arg.as(:arg) ( c( "ptp-packet-timestamp" /* Enable precision-time-protocol packet timestamp */, "collector" ( /* Send mirrored traffic to collector */ c( "ip-address" ( /* Collector destination ip-address */ ipaddr /* Collector destination ip-address */ ), "l4-port" arg /* Layer 4 UDP/TCP port number of the collector */, "routing-instance" ( /* Routing instances */ c( arg /* Routing instance name */, "ip-address" ( /* Collector destination ip-address */ ipaddr /* Collector destination ip-address */ ), "l4-port" arg /* Layer 4 UDP/TCP port number of the collector */ ) ) ) ), "observation-domain-id" arg /* Observation domain Id */ ) ) end rule(:mobile_diameter_profiles) do c( "gy-profile" ( /* Diameter Gy application profile configuration */ mobile_diameter_profile_type_gy /* Diameter Gy application profile configuration */ ), "gx-profile" ( /* Diameter Gx application profile configuration */ mobile_diameter_profile_type_gx /* Diameter Gx application profile configuration */ ) ) end rule(:mobile_diameter_profile_type_gx) do arg.as(:arg) ( c( "targets" ( /* Mobile diameter target configurations */ mobile_diameter_target /* Mobile diameter target configurations */ ), "request-timeout" arg /* Profile request timeout */, "attributes" ( /* Diameter AVP attributes for Gx application */ mobile_diameter_gx_profile_attr_type /* Diameter AVP attributes for Gx application */ ) ) ) end rule(:mobile_diameter_gx_profile_attr_type) do c( "include" ( /* Specify AVP options to be included */ c( "gx-capability-list" arg /* Include Gx Capability list AVP */, "rule-suggestion" arg /* Include Rule-suggestion AVP */, "rai" /* Include RAI AVP */, "qos-negotiation" /* Include QoS Negotiation AVP */, "qos-upgrade" /* Include QoS Upgrade AVP */ ) ), "exclude" ( /* Specify AVP options to be excluded */ c( "packet-filter-information" /* Exclude Packet Filter Information AVP */, "packet-filter-operation" /* Exclude Packet Filter Operation AVP */, "rat-type" /* Exclude Rat-Type AVP */, "default-eps-bearer-qos" /* Exclude Default EPS Bearer QOS AVP */, "an-gw-address" /* Exclude AN-GW-Address AVP */, "network-request-support" /* Exclude Network Request Support AVP */, "event-trigger" /* Exclude Event Trigger AVP */, "threegpp-rat-type" /* Exclude 3GPP-RAT-Type AVP */, "offline" /* Exclude Offline AVP */, "qos-negotiation" /* Exclude QoS Negotiation AVP */, "qos-upgrade" /* Exclude QoS Upgrade AVP */ ) ) ) end rule(:mobile_diameter_profile_type_gy) do arg.as(:arg) ( c( "targets" ( /* Mobile diameter target configurations */ mobile_diameter_target /* Mobile diameter target configurations */ ), "request-timeout" arg /* Profile request timeout */, "attributes" ( /* Diameter AVP attributes for Gy application */ mobile_diameter_gy_profile_attr_type /* Diameter AVP attributes for Gy application */ ) ) ) end rule(:mobile_diameter_gy_profile_attr_type) do c( "include" ( /* Specify AVP options to be included */ c( "cumulative-used-service-unit" /* Include cumulative-used-service-unit AVP */, "credit-instance-id" /* Include credit-instance-id AVP */, "service-start-timestamp" /* Include service-start-timestamp AVP */, "mscc-qos-information" /* Include mscc-qos-information AVP */, "framed-ip-address" /* Include framed ip address AVP */, "framed-ipv6-prefix" /* Include framed IPV6 Prefix AVP */, "gprs-negotiated-qos" /* Include GPRS negotiated QOS AVP */ ) ), "exclude" ( /* Specify AVP options to be excluded */ c( "ps-information" /* Exclude PS Information AVP. If excluded, all the 3GPP AVPs will be sent at command level */, "username" /* Exclude Username AVP */, "user-equipment-info" /* Exclude user equipment info AVP */, "all-3gpp-avps" /* Exclude all 3GPP AVPs */, "qos-information" /* Exclude QOS information AVP */, "pdn-connection-id" /* Exclude PDN connection id AVP */, "dynamic-address-flag" /* Exclude dynamic address flag AVP */, "serving-node-type" /* Exclude serving node type AVP */, "cc-selection-mode" /* Exclude charging characteristics selection mode AVP */, "start-time" /* Exclude start time AVP */, "stop-time" /* Exclude stop time AVP */, "user-location-information" /* Exclude user location information AVP */ ) ) ) end rule(:mobile_diameter_target) do arg.as(:arg) ( c( "destination-realm" arg /* Destination realm associated with this target */, "destination-host" arg /* Destination host associated with this target */, "priority" arg /* Target priority */, "network-element" arg /* Specify the diameter network element for this target */ ) ) end rule(:mobile_gateway_config_gtp) do c( "peer-history" arg /* Maximum number of peer stats stored in history */, "interface" ( /* Interface name used for all 3GPP interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "control" ( /* Configure 3GPP GTP control plane options */ c( "interface" ( /* Interface name used for all 3GPP control interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "forwarding-class" arg /* Classification of host traffic to forwarding engine */, "n3-requests" arg /* Number of retries of GTP messages upon timeout */, "t3-response" arg /* Response timeout value for GTP request message */, "dscp-code-point" arg /* Static DSCP code point of egress host traffic */, "no-response-cache" /* Disable GTP response cache */, "response-cache-timeout" arg /* GTP response cache timeout interval */, "no-piggyback-support" /* Disable GTPv2 piggyback support */ ) ), "data" ( /* Configure 3GPP GTP data plane options */ c( "interface" ( /* Interface name used for all 3GPP data interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "error-indication-interval" arg /* Error indication transmit interval per bearer */ ) ), "gn" ( /* Configure 3GPP Gn interface */ c( "interface" ( /* Interface name used */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "control" ( /* Configure 3GPP control plane options */ c( "interface" ( /* Interface name used for control interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "forwarding-class" arg /* Classification of host traffic to forwarding engine */, "n3-requests" arg /* Number of retries of GTP messages upon timeout */, "t3-response" arg /* Response timeout value for GTP request message */, "dscp-code-point" arg /* Static DSCP code point of egress host traffic */ ) ), "data" ( /* Configure 3GPP data plane options */ c( "interface" ( /* Interface name used for data interface */ sc( "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */ ) ) ) ), "gp" ( /* Configure 3GPP Gp interface */ c( "interface" ( /* Interface name used */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "control" ( /* Configure 3GPP control plane options */ c( "interface" ( /* Interface name used for control interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "forwarding-class" arg /* Classification of host traffic to forwarding engine */, "n3-requests" arg /* Number of retries of GTP messages upon timeout */, "t3-response" arg /* Response timeout value for GTP request message */, "dscp-code-point" arg /* Static DSCP code point of egress host traffic */ ) ), "data" ( /* Configure 3GPP data plane options */ c( "interface" ( /* Interface name used for data interface */ sc( "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */ ) ) ) ), "s5" ( /* Configure 3GPP S5 interface */ c( "interface" ( /* Interface name used */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "control" ( /* Configure 3GPP control plane options */ c( "interface" ( /* Interface name used for control interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "forwarding-class" arg /* Classification of host traffic to forwarding engine */, "n3-requests" arg /* Number of retries of GTP messages upon timeout */, "t3-response" arg /* Response timeout value for GTP request message */, "dscp-code-point" arg /* Static DSCP code point of egress host traffic */, "support-16-bit-sequence" /* Enable 16 bit sequence number support */ ) ), "data" ( /* Configure 3GPP data plane options */ c( "interface" ( /* Interface name used for data interface */ sc( "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */ ) ) ) ), "s8" ( /* Configure 3GPP S8 interface */ c( "interface" ( /* Interface name used */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "control" ( /* Configure 3GPP control plane options */ c( "interface" ( /* Interface name used for control interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "forwarding-class" arg /* Classification of host traffic to forwarding engine */, "n3-requests" arg /* Number of retries of GTP messages upon timeout */, "t3-response" arg /* Response timeout value for GTP request message */, "dscp-code-point" arg /* Static DSCP code point of egress host traffic */, "support-16-bit-sequence" /* Enable 16 bit sequence number support */ ) ), "data" ( /* Configure 3GPP data plane options */ c( "interface" ( /* Interface name used for data interface */ sc( "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */ ) ) ) ), "peer-group" arg ( /* 3GPP GTP peer group configuration */ c( "routing-instance" arg /* Routing instance of peer group */, "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "control" ( /* 3GPP GTP peer group control plane options */ c( "support-16-bit-sequence" /* Enable 16 bit sequence number support */, "no-piggyback-support" /* Disable GTPv2 piggyback support */ ) ), "gn" /* 3GPP GTP peer group Gn interface options */, "gp" /* 3GPP GTP peer group Gp interface options */, "peer" arg /* Peer IP address configuration */.as(:oneline) ) ), "traceoptions" ( /* Configure trace options */ gtp_traceoptions /* Configure trace options */ ) ) end rule(:gtp_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("error" | "warning" | "debug" | "encode" | "decode" | "config" | "events" | "packet-io" | "tracker" | "peer" | "pathfailure" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:mobile_gateways_ipv6_router_advertisement) do c( "disable" /* Disable IPv6 router advertisements - default is enable */, "maximum-advertisement-interval" arg /* Maximum interval between router advertisements */, "minimum-advertisement-interval" arg /* Minimum interval between router advertisements */, "maximum-initial-advertisement-interval" arg /* Maximum interval between initial router advertisements */, "maximum-initial-advertisements" arg /* Maximum number of initial router advertisements */, "reachable-time" arg /* Value to be placed in reachable time field */, "retransmission-timer" arg /* Value to be placed in retransmit timer field */, "router-lifetime" arg /* Value to be placed in router lifetime field */, "current-hop-limit" arg /* Value to be placed in current hop limit field */ ) end rule(:mobile_smd_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "level" ( /* Level of debugging output */ ("critical" | "error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("init" | "config" | "ctxt" | "svcpic" | "fsm" | "ha" | "waitq" | "pfem" | "stats" | "bulkjob" | "cos-cac" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:monitor_threshold) do c( arg, arg ).as(:oneline) end rule(:monitoring_input_type) do c( "interface" arg ) end rule(:monitoring_output_type) do c( "export-format" ( /* Format for sending monitoring information */ ("cflowd-version-5") ), "destination-address" ( /* Address to which monitored packets will be sent */ ipv4addr /* Address to which monitored packets will be sent */ ), "destination-port" arg /* Port to which monitored packets will be sent */, "source-address" ( /* Address to use for generating monitored packets */ ipv4addr /* Address to use for generating monitored packets */ ), "flow-active-timeout" arg /* Interval after which an active flow is exported */, "flow-inactive-timeout" arg /* Interval of inactivity that marks a flow inactive */, "flow-export-destination" ( /* Destination for flow export */ ("collector-pic" | "cflowd-collector") ), "cflowd" ( /* Collector destination where flow records are sent */ cflowd_monitoring_type /* Collector destination where flow records are sent */ ), "interface" ( /* Interfaces used to send monitored information */ monitor_export_intf_type /* Interfaces used to send monitored information */ ) ) end rule(:cflowd_monitoring_type) do arg.as(:arg) ( c( "port" arg /* UDP port number on host collecting cflowd packets */, "dscp" arg /* Numeric DSCP value in the range 0 to 63 */, "forwarding-class" arg /* Forwarding-class for exported jflow packets, applicable only for inline-jflow */, "routing-instance" arg /* Name of routing instance on which flow collector is reachable */ ) ) end rule(:monitor_export_intf_type) do arg.as(:arg) ( c( "engine-id" arg /* Identity (number) of this monitoring interface */, "engine-type" arg /* Type (number) of this monitoring interface */, "input-interface-index" arg /* Input interface index for records from this interface */, "output-interface-index" arg /* Output interface index for records from this interface */, "source-address" ( /* Address to use for generating monitored packets */ ipv4addr /* Address to use for generating monitored packets */ ) ) ) end rule(:mpls_dialer_filter) do arg.as(:arg) ( c( "accounting-profile" arg /* Accounting profile name */, "term" arg ( /* Define a firewall term */ c( "from" ( /* Define match criteria */ c( c( "exp" arg, "exp-except" arg ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( "log" /* Log the packet */, "syslog" /* System log (syslog) information about the packet */, "sample" /* Sample the packet */, c( "note" /* Interested ISDN packet */, "ignore" /* Non-interested ISDN packet */ ) ) ) ) ) ) ) end rule(:mpls_filter) do arg.as(:arg) ( c( "accounting-profile" arg /* Accounting profile name */, "interface-specific" /* Defined counters are interface specific */, "physical-interface-filter" /* Filter is physical interface filter */, "instance-shared" /* Filter is routing-instance shared */, "term" arg ( /* Define a firewall term */ c( "filter" arg /* Filter to include */, "from" ( /* Define match criteria */ c( c( "interface-group" arg, "interface-group-except" arg ), "ip-version" ( /* Specify inner IP version */ c( "ipv4" ( /* Define L4 match items to match IPv4 packets */ c( "protocol" ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | arg) ( /* Specify inner IPv4 protocol */ c( c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ) ) ), "source-address" ( /* Match IPv4 source address */ firewall_addr_object /* Match IPv4 source address */ ), "destination-address" ( /* Match IPv4 destination address */ firewall_addr_object /* Match IPv4 destination address */ ), "ip-address" ( /* Match IPv4 source or destination addres */ firewall_addr_object /* Match IPv4 source or destination addres */ ), "ip-source-address" ( /* Match IPv4 source address */ firewall_addr_object /* Match IPv4 source address */ ), "ip-destination-address" ( /* Match IPv4 destination address */ firewall_addr_object /* Match IPv4 destination address */ ), "source-prefix-list" ( /* Match IPv4 source prefixes in named list */ firewall_prefix_list /* Match IPv4 source prefixes in named list */ ), "destination-prefix-list" ( /* Match IPv4 destination prefixes in named list */ firewall_prefix_list /* Match IPv4 destination prefixes in named list */ ), c( "icmp-type" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ), "icmp-type-except" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ) ), c( "icmp-code" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ), "icmp-code-except" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), "tcp-flags" arg /* Match TCP flags */, c( "ip-protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "ip-protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ) ) ), "ipv6" ( /* Define L3/L4 match items to match IPv6 packets */ c( "protocol" ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | arg) ( /* Specify inner IPv6 next-header */ c( c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ) ) ), c( "next-header" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "next-header-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), "ip6-source-address" ( /* Match IPv6 source address */ firewall_addr6_object /* Match IPv6 source address */ ), "ip6-destination-address" ( /* Match IPv6 destination address */ firewall_addr6_object /* Match IPv6 destination address */ ), "ip6-address" ( /* Match IPv6 source or destination address */ firewall_addr6_object /* Match IPv6 source or destination address */ ), "source-address" ( /* Match IPv6 source address */ firewall_addr6_object /* Match IPv6 source address */ ), "destination-address" ( /* Match IPv6 destination address */ firewall_addr6_object /* Match IPv6 destination address */ ), "source-prefix-list" ( /* Match IPv4 source prefixes in named list */ firewall_prefix_list /* Match IPv4 source prefixes in named list */ ), "destination-prefix-list" ( /* Match IPv4 destination prefixes in named list */ firewall_prefix_list /* Match IPv4 destination prefixes in named list */ ), c( "icmp-type" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ), "icmp-type-except" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ) ), c( "icmp-code" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ), "icmp-code-except" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), "tcp-flags" arg /* Match TCP flags */ ) ) ) ), "label" arg /* MPLS label bits */, c( "ttl" arg, "ttl-except" arg ), "interface" ( /* Match interface name */ match_interface_object /* Match interface name */ ), "interface-set" ( /* Match interface in set */ match_interface_set_object /* Match interface in set */ ), c( "exp" arg, "exp-except" arg ), c( "forwarding-class" arg, "forwarding-class-except" arg ), c( "loss-priority" ( ("low" | "high" | "medium-low" | "medium-high") ), "loss-priority-except" ( ("low" | "high" | "medium-low" | "medium-high") ) ), c( "flexible-match-mask" ( /* Match flexible mask */ match_mpls_flexible_mask /* Match flexible mask */ ) ), c( "flexible-match-range" ( /* Match flexible range */ match_mpls_flexible_range /* Match flexible range */ ) ), c( "policy-map" arg, "policy-map-except" arg ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "policer" arg /* Name of policer to use to rate-limit traffic */, "three-color-policer" ( /* Police the packet using a three-color-policer */ c( c( "single-rate" arg /* Name of single-rate three-color policer to use to rate-limit traffic */, "single-packet-rate" arg /* Name of single-packet-rate three-color policer to use to rate-limit traffic */, "two-rate" arg /* Name of two-rate three-color policer to use to rate-limit traffic */, "two-packet-rate" arg /* Name of two-packet-rate three-color policer to use to rate-limit traffic */ ) ) ), "hierarchical-policer" arg /* Name of hierarchical policer to use to rate-limit traffic */ ), c( "clear-policy-map" /* Clear the policy marking */, "policy-map" arg /* Policy map action */ ), "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */, "topology" arg /* Packets are directed to specified topology */ ) ).as(:oneline), c( "traffic-class-count" arg /* Count the packet in the named traffic-class counter */, "count" arg /* Count the packet in the named counter */ ), "sample" /* Sample the packet */, "loss-priority" ( /* Classify packet to loss-priority */ ("low" | "high" | "medium-low" | "medium-high") ), "forwarding-class" arg /* Classify packet to forwarding class */, "port-mirror-instance" arg /* Port-mirror the packet to specified instance */, "port-mirror" /* Port-mirror the packet */, "inline-monitoring-instance" arg /* Inline monitoring to specified instance */, "packet-mode" /* Bypass flow mode for the packet */, c( "encapsulate" ( /* Send to a tunnel */ sc( arg /* Name of the tunnel end point */ ) ).as(:oneline), "accept" /* Accept the packet */, "discard" /* Discard the packet */, "next" ( /* Continue to next term in a filter */ ("term") ) ) ) ), "template" ( /* Refer a template */ c( arg /* Template name */ ) ) ) ) ) ) end rule(:match_mpls_flexible_mask) do c( "match-start" ( /* Start point to match in packet */ ("layer-3" | "payload") ), "byte-offset" arg /* Byte offset after the match start point */, "bit-offset" arg /* Bit offset after the (match-start + byte) offset */, "bit-length" arg /* Length of integer input (1..32 bits), Optional length of string input (1..128 bits) */, "mask-in-hex" arg /* Mask out bits in the packet data to be matched */, "prefix" arg /* Value data/string to be matched */, "flexible-mask-name" arg /* Select a flexible match from predefined template field */ ) end rule(:match_mpls_flexible_range) do c( "match-start" ( /* Start point to match in packet */ ("layer-3" | "payload") ), "byte-offset" arg /* Byte offset after the match start point */, "bit-offset" arg /* Bit offset after the (match-start + byte) offset */, "bit-length" arg /* Length of the data to be matched in bits */, c( "range" arg /* Range of values to be matched */, "range-except" arg /* Range of values to be not matched */ ), "flexible-range-name" arg /* Select a flexible match from predefined template field */ ) end rule(:mpls_ifd_options) do c( "pop-all-labels" ( /* Pop all MPLS labels off incoming packets */ c( "required-depth" ( /* Required label depth of packet to pop all labels */ ("all" | "1" | "2") ) ) ) ) end rule(:mpls_pm_family_output_type) do c( "server-profile" arg /* Server profile name */ ) end rule(:mpls_template) do arg.as(:arg) ( c( "attributes" ( /* Template attributes */ c( "exp" /* Match MPLS EXP bits */, "exp-except" /* Do not match MPLS EXP bits */, "flexible-match-mask" /* Match flexible mask */, "flexible-match-range" /* Match flexible range */, "forwarding-class" /* Match forwarding class */, "forwarding-class-except" /* Do not match forwarding class */, "interface" /* Match interface name */, "interface-group" /* Match interface group */, "interface-set" /* Match interface in set */, "loss-priority" /* Match Loss Priority */, "loss-priority-except" /* Do not match Loss Priority */, "label" /* MPLS label bits */, "ttl" /* Match MPLS ttl type */ ) ) ) ) end rule(:mrp_trace_options) do c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("events" | "pdu" | "timers" | "state-machine" | "socket" | "error" | "all")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) end rule(:mstp_interface) do (arg | "all").as(:arg) ( c( "priority" arg /* Interface priority (in increments of 16 - 0,16,..240) */, "cost" arg /* Cost of the interface */, "mode" ( /* Interface mode (P2P or shared) */ ("point-to-point" | "shared") ), "edge" /* Port is an edge port */, "access-trunk" /* Send/Receive untagged RSTP BPDUs on this interface */, "bpdu-timeout-action" ( /* Define action on BPDU expiry (Loop Protect) */ c( "block" /* Block the interface */, "alarm" /* Generate an alarm */ ) ), "no-root-port" /* Do not allow the interface to become root (Root Protect) */, "disable" /* Disable Spanning Tree on port */ ) ) end rule(:multi_chassis_protection_group) do arg.as(:arg) ( c( "interface" arg /* Inter-Chassis protection link */, "icl-down-delay" arg /* Time in seconds between ICL down and MCAEs moving to standby */ ) ) end rule(:multi_chassis_protection_group_ifl) do arg.as(:arg) ( c( "interface" arg /* Inter-Chassis protection link */, "icl-down-delay" arg /* Time in seconds between ICL down and MCAEs moving to standby */ ) ) end rule(:multicast_interface_options_type) do arg.as(:arg) ( c( "maximum-bandwidth" ( /* Maximum multicast bandwidth for the interface */ sc( arg /* Maximum multicast bandwidth on the interface */ ) ).as(:oneline), ("enable" | "disable"), "reverse-oif-mapping" ( /* Enable reverse OIF mapping on the multicast interface */ c( "no-qos-adjust" /* Disable reverse OIF mapping QoS adjustment */ ) ), "subscriber-leave-timer" arg /* Timeout in seconds to credit back the bandwidth on the subscriber interface */, "no-qos-adjust" /* Disable QoS adjustment for this interface */ ) ) end rule(:multilink_object) do c( "fragment-threshold" arg /* Fragmentation threshold */, "drop-timeout" arg /* Drop timeout */ ) end rule(:name_resolution_cache_type) do c( "maximum-time-in-cache" ( /* Maximum time a DNS response may be held in the cache */ sc( c( "unlimited" /* Cache according to TTL */, arg ) ) ).as(:oneline), "maximum-records-in-cache" arg /* Maximum number of DNS responses that may be held in the cache */, "blacklist-period" arg /* Time (in seconds) a record will be held in the blacklist */, "accelerations" ( /* Mechanisms for accelerating DNS resolving */ c( "no-refresh-before-ttl-expiry" /* Don't send a new query for records that are about to expire */, "initiate-next-queries" /* Immediately initiate queries for referenced entries (e.g A entries referenced from SRV ones) */, "initiate-alternative-queries" /* Initiate NAPTR, SRV and A record queries, in parallel, for every new SIP URI */ ) ) ) end rule(:nameserver_object) do arg.as(:arg) ( c( "routing-instance" arg /* Routing instance through which server is reachable */, "source-address" ( /* Source address for requests to this DNS server */ ipaddr /* Source address for requests to this DNS server */ ) ) ).as(:oneline) end rule(:nas_5g_definition) do c( "max-outstanding-requests" arg /* Number of unanswered NAS-5G signalling requests */, "request-retry" arg /* Number of times to retry a NAS-5G signalling request that fails or times-out */, "timeout" arg /* Time period that a NAS-5G signalling request waits before failing */ ) end rule(:nasreq_definition) do c( "partition" arg ( /* NASREQ partition definition */ c( "diameter-instance" arg /* NASREQ diameter instance */, "destination-realm" arg /* NASREQ destination realm */, "destination-host" arg /* NASREQ destination host */ ) ), "timeout" arg /* Time period that a NASREQ request waits on the transmit queue before failing */, "request-retry" arg /* Number of times to retry NASREQ request when DIAMETER fails with timeout. */, "max-outstanding-requests" arg /* Number of unanswered NASREQ requests sent to server */ ) end rule(:nat_pool_object) do arg.as(:arg) ( c( "pgcp" ( /* NAT pool should be used exclusive by the pgcp service */ c( "remotely-controlled" /* Remotely controlled NAT pool allocation */, "ports-per-session" arg /* Number of ports to allocate in each call setup */, "hint" arg /* NAT hints */, ("tcp" | "udp" | "rtp-avp") ) ), "address" arg /* Address or address prefix for NAT */, "interface" ( /* Interface for nat pool */ sc( interface_unit ) ).as(:oneline), "address-overload" /* Nat pool address overload with JunOS */, "address-range" ( /* Range of addresses for NAT */ s( "low" arg /* Lower limit of address range */, "high" arg /* Upper limit of address range */ ) ).as(:oneline), "port" ( /* Specify ports for NAT */ c( c( "automatic" ( c( c( "auto" /* Automatically choose ports */, "sequential" /* Allocate ports in sequence */, "random-allocation" /* Allocate ports randomly */ ) ) ), "range" ( /* Range of ports */ sc( "low" arg /* Lower limit of port range */, "high" arg /* Upper limit of port range */, "random-allocation" /* Allocate ports randomly */ ) ).as(:oneline) ), c( "secured-port-block-allocation" ( /* Secured Port block allocation */ sc( "block-size" arg /* Number of port per block. */, "max-blocks-per-address" arg /* Max block per address */, "active-block-timeout" arg /* Active block timeout */ ) ).as(:oneline), "deterministic-port-block-allocation" ( /* Deterministic Port Block Allocation */ sc( "block-size" arg /* Number of ports per block */, "include-boundary-addresses" /* Include network and broadcast in 'from' src-addresses */ ) ).as(:oneline) ), "preserve-parity" /* Allocate port with same parity as original port */, "preserve-range" /* Preserve privileged port range after NAT */ ) ), "address-allocation" ( /* Address allocation method for NAPT */ c( "round-robin" /* Round robin method of allocation */ ) ), "mapping-timeout" arg /* Address-pooling paired and endpoint-independent mapping timeout (120..86400) */, "flow-timeout" arg /* Default flow timeout for NAT flows */, "ei-mapping-timeout" arg /* Endpoint-independent mapping timeout (120..86400) */, "app-mapping-timeout" arg /* Address-pooling paired mapping timeout (120..86400) */, "limit-ports-per-address" arg /* Limit number of ports allocated per host (IP address) */, "snmp-trap-thresholds" ( /* Define snmp traps for service sets */ c( "address-port" ( /* Nat pool address and port usage trap threshold range */ sc( "low" arg /* Lower limit of pool trap threshold */, "high" arg /* Upper limit of pool trap threshold */ ) ).as(:oneline) ) ) ) ) end rule(:nat_rule_object) do arg.as(:arg) ( c( "match-direction" ( /* Direction for which the rule match is applied */ ("input" | "output" | "input-output") ), "term" arg ( /* Define a NAT term */ c( "nat-type" ( /* NAT type (symmetric/full-cone) */ ("symmetric" | "full-cone") ), "from" ( /* Define match criteria */ sfw_match_object /* Define match criteria */ ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "no-translation" /* Do not perform translation */ ), c( "port-forwarding-mappings" arg /* Port forwarding mappings */ ), "translated" ( /* Define translation parameters */ c( c( "source-pool" arg /* NAT pool for source translation */, "source-prefix" ( /* NAT prefix for source translation */ ipprefix_only /* NAT prefix for source translation */ ) ), "clat-prefix" ( /* Clat-prefix to be used for 464 translation type */ ipprefix_only /* Clat-prefix to be used for 464 translation type */ ), "clat-ipv6-prefix-length" ( /* The ipv6 prefix length for CLAT source address */ ("32" | "40" | "48" | "56" | "64" | "96") ), c( "destination-pool" arg /* NAT pool for destination translation */, "destination-prefix" ( /* NAT prefix for destination translation */ ipprefix_only /* NAT prefix for destination translation */ ) ), c( "dns-alg-pool" arg /* NAT pool for dns alg mappings */, "dns-alg-prefix" ( /* DNS ALG 96 bit prefix for mapping IPv4 addresses to IPv6 addresses */ ipprefix_only /* DNS ALG 96 bit prefix for mapping IPv4 addresses to IPv6 addresses */ ) ), c( "use-dns-map-for-destination-translation" /* Use dns alg address map for destination translation */ ), c( "overload-pool" arg /* NAT pool to be used when source pool is overloaded */, "overload-prefix" ( /* NAT prefix to be used when source pool is overloaded */ ipprefix_only /* NAT prefix to be used when source pool is overloaded */ ) ), "translation-type" ( /* Type of translation to perform */ c( "source" ( /* Type of source translation */ ("static" | "dynamic") ), "destination" ( /* Type of destination translation */ ("static") ), "basic-nat44" /* Static source address (IPv4 to IPv4) translation */, "dynamic-nat44" /* Dynamic source address only (IPv4 to IPv4) translation */, "napt-44" /* Source address (IPv4 to IPv4) and port translation */, "dnat-44" /* Static Destination address (IPv4 to IPv4) translation */, "stateful-nat64" /* Dynamic source address (IPv6 to IPv4) and prefix removal for destination address (IPv6 to IPv4)translation */, "stateful-nat464" /* Prefix removal for Src and Dest address (IPv6 to IPv4) translation */, "basic-nat-pt" /* NAT-PT (static source address (IPv6 to IPv4) and prefix removal for destination address (IPv6 to IPv4) translation) */, "napt-pt" /* NAT-PT (source address (IPv6 to IPv4) and source port and prefix removal for destination address (IPv6 to IPv4) translation) */, "basic-nat66" /* Static source address (IPv6 to IPv6) translation [same as basic-nat44 but for IPv6 address family] */, "nptv6" /* Stateless source address (IPv6 to IPv6) translation */, "napt-66" /* Source address (IPv6 to IPv6) and port translation [same as napt-44 but for IPv6 address family] */, "twice-napt-44" /* Source NAPT and destination static translation for IPv4 address family */, "twice-basic-nat-44" /* Source static and destination static translation for IPv4 address family */, "twice-dynamic-nat-44" /* Source dynamic and destination static translation for IPv4 address family */, "deterministic-napt44" /* Deterministic source NAPT for IPv4 family */, "deterministic-napt64" /* Deterministic source NAPT for IPv6 family */ ) ), "mapping-type" ( /* Source NAT mapping type */ ("endpoint-independent") ), "flow-type" ( /* Source NAT flow type */ ("endpoint-independent") ), "ignore-dst-nat-1to1-limitation" /* Ignore destination NAT 1:1 limitation */, "secure-nat-mapping" ( /* Mapping options for enhanced security */ c( "eif-flow-limit" arg /* Number of inbound flows to be allowed for a EIF mapping */, "mapping-refresh" ( /* Enable timer refresh option */ ("inbound" | "outbound" | "inbound-outbound") ), "flow-refresh" ( /* Enable timer refresh option */ ("inbound" | "outbound" | "inbound-outbound") ) ) ), "filtering-type" ( /* Source NAT filtering type */ c( "endpoint-independent" ( /* Endpoint independent filtering */ c( "prefix-list" arg ( /* One or more named lists of source prefixes to match */ sc( "except" /* Name of prefix list not to match against */ ) ).as(:oneline) ) ) ) ), "address-pooling" ( /* Address pooling behavior for source NAT */ ("paired") ) ) ), "syslog" /* System log information about the packet */ ) ) ) ) ) ) end rule(:network_type) do arg.as(:arg) ( c( "dyn-tunnel-attribute-policy" ( /* Import policy for dynamic-tunnel under this destination network */ policy_algebra /* Import policy for dynamic-tunnel under this destination network */ ), "preference" arg /* Preference of tunnel route under this destination network */, "colors" arg /* Set of color list that will be supported for tunnel creation */ ) ) end rule(:new_call_then_type) do c( "trace" /* Trace messages accepted on this policy */, "media-policy" ( /* Media policy parameters */ c( c( "no-anchoring" /* Setting this would bypass media packet gateway processing */, "media-release" /* Release media - media will not be anchored */ ), "nat-traversal" ( /* Choose when to perform NAT traversal */ c( "nat-traversal-strategy" ( /* Choose when to perform NAT traversal */ ("never" | "always" | "same-as-signaling") ), "force-bidirectional-media" /* Force bidirectional media */ ) ), "data-inactivity-detection" ( /* Configuration of data inactivity indicators */ c( "inactivity-duration" arg /* The amount of time in seconds a stream is inactive before a notification is sent to the SPDF */ ) ), "service-class" arg /* Rate limiting and dscp marking based on the media type */ ) ) ) end rule(:new_call_usage_set_type) do arg.as(:arg) ( c( arg ) ) end rule(:new_registration_set_type) do arg.as(:arg) ( c( arg ) ) end rule(:new_transaction_set_type) do arg.as(:arg) ( c( arg ) ) end rule(:next_hop_group_intf_type) do arg.as(:arg) ( c( "next-hop" ( /* Address of next hop through which to send sampled traffic */ next_hop_type /* Address of next hop through which to send sampled traffic */ ) ) ) end rule(:next_hop_subgroup_intf_type) do arg.as(:arg) ( c( "next-hop" ( /* Address of next hop through which to send sampled traffic */ next_hop_type /* Address of next hop through which to send sampled traffic */ ) ) ) end rule(:next_hop_type) do arg.as(:arg) end rule(:och_attributes) do c( "rate" ( /* Data rate of the OCH payload */ ("100g") ), "modulation" ( /* Optical modulation format */ ("qpsk") ), "encoding" ( /* Optical encoding */ ("differential") ), c( "wavelength" ( /* Optical channel wavelength in nanometers */ ("1568.77" | "1568.36" | "1568.31" | "1568.26" | "1568.21" | "1568.16" | "1568.11" | "1568.05" | "1568.00" | "1567.95" | "1567.90" | "1567.85" | "1567.80" | "1567.75" | "1567.70" | "1567.64" | "1567.59" | "1567.54" | "1567.49" | "1567.44" | "1567.39" | "1567.34" | "1567.29" | "1567.23" | "1567.18" | "1567.13" | "1567.08" | "1567.03" | "1566.98" | "1566.93" | "1566.88" | "1566.83" | "1566.77" | "1566.72" | "1566.67" | "1566.62" | "1566.57" | "1566.52" | "1566.47" | "1566.42" | "1566.36" | "1566.31" | "1566.26" | "1566.21" | "1566.16" | "1566.11" | "1566.06" | "1566.01" | "1565.96" | "1565.90" | "1565.85" | "1565.80" | "1565.75" | "1565.70" | "1565.65" | "1565.60" | "1565.55" | "1565.50" | "1565.44" | "1565.39" | "1565.34" | "1565.29" | "1565.24" | "1565.19" | "1565.14" | "1565.09" | "1565.04" | "1564.99" | "1564.93" | "1564.88" | "1564.83" | "1564.78" | "1564.73" | "1564.68" | "1564.63" | "1564.58" | "1564.53" | "1564.47" | "1564.42" | "1564.37" | "1564.32" | "1564.27" | "1564.22" | "1564.17" | "1564.12" | "1564.07" | "1564.02" | "1563.96" | "1563.91" | "1563.86" | "1563.81" | "1563.76" | "1563.71" | "1563.66" | "1563.61" | "1563.56" | "1563.51" | "1563.45" | "1563.40" | "1563.35" | "1563.30" | "1563.25" | "1563.20" | "1563.15" | "1563.10" | "1563.05" | "1563.00" | "1562.95" | "1562.89" | "1562.84" | "1562.79" | "1562.74" | "1562.69" | "1562.64" | "1562.59" | "1562.54" | "1562.49" | "1562.44" | "1562.39" | "1562.33" | "1562.28" | "1562.23" | "1562.18" | "1562.13" | "1562.08" | "1562.03" | "1561.98" | "1561.93" | "1561.88" | "1561.83" | "1561.77" | "1561.72" | "1561.67" | "1561.62" | "1561.57" | "1561.52" | "1561.47" | "1561.42" | "1561.37" | "1561.32" | "1561.27" | "1561.22" | "1561.16" | "1561.11" | "1561.06" | "1561.01" | "1560.96" | "1560.91" | "1560.86" | "1560.81" | "1560.76" | "1560.71" | "1560.66" | "1560.61" | "1560.56" | "1560.50" | "1560.45" | "1560.40" | "1560.35" | "1560.30" | "1560.25" | "1560.20" | "1560.15" | "1560.10" | "1560.05" | "1560.00" | "1559.95" | "1559.90" | "1559.84" | "1559.79" | "1559.74" | "1559.69" | "1559.64" | "1559.59" | "1559.54" | "1559.49" | "1559.44" | "1559.39" | "1559.34" | "1559.29" | "1559.24" | "1559.19" | "1559.14" | "1559.08" | "1559.03" | "1558.98" | "1558.93" | "1558.88" | "1558.83" | "1558.78" | "1558.73" | "1558.68" | "1558.63" | "1558.58" | "1558.53" | "1558.48" | "1558.43" | "1558.38" | "1558.32" | "1558.27" | "1558.22" | "1558.17" | "1558.12" | "1558.07" | "1558.02" | "1557.97" | "1557.92" | "1557.87" | "1557.82" | "1557.77" | "1557.72" | "1557.67" | "1557.62" | "1557.57" | "1557.52" | "1557.46" | "1557.41" | "1557.36" | "1557.31" | "1557.26" | "1557.21" | "1557.16" | "1557.11" | "1557.06" | "1557.01" | "1556.96" | "1556.91" | "1556.86" | "1556.81" | "1556.76" | "1556.71" | "1556.66" | "1556.61" | "1556.55" | "1556.50" | "1556.45" | "1556.40" | "1556.35" | "1556.30" | "1556.25" | "1556.20" | "1556.15" | "1556.10" | "1556.05" | "1556.00" | "1555.95" | "1555.90" | "1555.85" | "1555.80" | "1555.75" | "1555.70" | "1555.65" | "1555.60" | "1555.55" | "1555.49" | "1555.44" | "1555.39" | "1555.34" | "1555.29" | "1555.24" | "1555.19" | "1555.14" | "1555.09" | "1555.04" | "1554.99" | "1554.94" | "1554.89" | "1554.84" | "1554.79" | "1554.74" | "1554.69" | "1554.64" | "1554.59" | "1554.54" | "1554.49" | "1554.44" | "1554.39" | "1554.34" | "1554.29" | "1554.23" | "1554.18" | "1554.13" | "1554.08" | "1554.03" | "1553.98" | "1553.93" | "1553.88" | "1553.83" | "1553.78" | "1553.73" | "1553.68" | "1553.63" | "1553.58" | "1553.53" | "1553.48" | "1553.43" | "1553.38" | "1553.33" | "1553.28" | "1553.23" | "1553.18" | "1553.13" | "1553.08" | "1553.03" | "1552.98" | "1552.93" | "1552.88" | "1552.83" | "1552.78" | "1552.73" | "1552.68" | "1552.62" | "1552.57" | "1552.52" | "1552.47" | "1552.42" | "1552.37" | "1552.32" | "1552.27" | "1552.22" | "1552.17" | "1552.12" | "1552.07" | "1552.02" | "1551.97" | "1551.92" | "1551.87" | "1551.82" | "1551.77" | "1551.72" | "1551.67" | "1551.62" | "1551.57" | "1551.52" | "1551.47" | "1551.42" | "1551.37" | "1551.32" | "1551.27" | "1551.22" | "1551.17" | "1551.12" | "1551.07" | "1551.02" | "1550.97" | "1550.92" | "1550.87" | "1550.82" | "1550.77" | "1550.72" | "1550.67" | "1550.62" | "1550.57" | "1550.52" | "1550.47" | "1550.42" | "1550.37" | "1550.32" | "1550.27" | "1550.22" | "1550.17" | "1550.12" | "1550.07" | "1550.02" | "1549.97" | "1549.92" | "1549.87" | "1549.82" | "1549.77" | "1549.72" | "1549.67" | "1549.62" | "1549.57" | "1549.52" | "1549.47" | "1549.42" | "1549.37" | "1549.32" | "1549.26" | "1549.21" | "1549.16" | "1549.11" | "1549.06" | "1549.01" | "1548.96" | "1548.91" | "1548.86" | "1548.81" | "1548.76" | "1548.71" | "1548.66" | "1548.61" | "1548.56" | "1548.51" | "1548.46" | "1548.41" | "1548.36" | "1548.31" | "1548.26" | "1548.21" | "1548.16" | "1548.11" | "1548.06" | "1548.02" | "1547.97" | "1547.92" | "1547.87" | "1547.82" | "1547.77" | "1547.72" | "1547.67" | "1547.62" | "1547.57" | "1547.52" | "1547.47" | "1547.42" | "1547.37" | "1547.32" | "1547.27" | "1547.22" | "1547.17" | "1547.12" | "1547.07" | "1547.02" | "1546.97" | "1546.92" | "1546.87" | "1546.82" | "1546.77" | "1546.72" | "1546.67" | "1546.62" | "1546.57" | "1546.52" | "1546.47" | "1546.42" | "1546.37" | "1546.32" | "1546.27" | "1546.22" | "1546.17" | "1546.12" | "1546.07" | "1546.02" | "1545.97" | "1545.92" | "1545.87" | "1545.82" | "1545.77" | "1545.72" | "1545.67" | "1545.62" | "1545.57" | "1545.52" | "1545.47" | "1545.42" | "1545.37" | "1545.32" | "1545.27" | "1545.22" | "1545.17" | "1545.12" | "1545.07" | "1545.02" | "1544.97" | "1544.92" | "1544.87" | "1544.82" | "1544.77" | "1544.72" | "1544.68" | "1544.63" | "1544.58" | "1544.53" | "1544.48" | "1544.43" | "1544.38" | "1544.33" | "1544.28" | "1544.23" | "1544.18" | "1544.13" | "1544.08" | "1544.03" | "1543.98" | "1543.93" | "1543.88" | "1543.83" | "1543.78" | "1543.73" | "1543.68" | "1543.63" | "1543.58" | "1543.53" | "1543.48" | "1543.43" | "1543.38" | "1543.33" | "1543.28" | "1543.23" | "1543.18" | "1543.13" | "1543.08" | "1543.04" | "1542.99" | "1542.94" | "1542.89" | "1542.84" | "1542.79" | "1542.74" | "1542.69" | "1542.64" | "1542.59" | "1542.54" | "1542.49" | "1542.44" | "1542.39" | "1542.34" | "1542.29" | "1542.24" | "1542.19" | "1542.14" | "1542.09" | "1542.04" | "1541.99" | "1541.94" | "1541.89" | "1541.84" | "1541.80" | "1541.75" | "1541.70" | "1541.65" | "1541.60" | "1541.55" | "1541.50" | "1541.45" | "1541.40" | "1541.35" | "1541.30" | "1541.25" | "1541.20" | "1541.15" | "1541.10" | "1541.05" | "1541.00" | "1540.95" | "1540.90" | "1540.85" | "1540.80" | "1540.76" | "1540.71" | "1540.66" | "1540.61" | "1540.56" | "1540.51" | "1540.46" | "1540.41" | "1540.36" | "1540.31" | "1540.26" | "1540.21" | "1540.16" | "1540.11" | "1540.06" | "1540.01" | "1539.96" | "1539.91" | "1539.86" | "1539.82" | "1539.77" | "1539.72" | "1539.67" | "1539.62" | "1539.57" | "1539.52" | "1539.47" | "1539.42" | "1539.37" | "1539.32" | "1539.27" | "1539.22" | "1539.17" | "1539.12" | "1539.07" | "1539.03" | "1538.98" | "1538.93" | "1538.88" | "1538.83" | "1538.78" | "1538.73" | "1538.68" | "1538.63" | "1538.58" | "1538.53" | "1538.48" | "1538.43" | "1538.38" | "1538.33" | "1538.28" | "1538.24" | "1538.19" | "1538.14" | "1538.09" | "1538.04" | "1537.99" | "1537.94" | "1537.89" | "1537.84" | "1537.79" | "1537.74" | "1537.69" | "1537.64" | "1537.59" | "1537.55" | "1537.50" | "1537.45" | "1537.40" | "1537.35" | "1537.30" | "1537.25" | "1537.20" | "1537.15" | "1537.10" | "1537.05" | "1537.00" | "1536.95" | "1536.90" | "1536.86" | "1536.81" | "1536.76" | "1536.71" | "1536.66" | "1536.61" | "1536.56" | "1536.51" | "1536.46" | "1536.41" | "1536.36" | "1536.31" | "1536.26" | "1536.22" | "1536.17" | "1536.12" | "1536.07" | "1536.02" | "1535.97" | "1535.92" | "1535.87" | "1535.82" | "1535.77" | "1535.72" | "1535.67" | "1535.63" | "1535.58" | "1535.53" | "1535.48" | "1535.43" | "1535.38" | "1535.33" | "1535.28" | "1535.23" | "1535.18" | "1535.13" | "1535.08" | "1535.04" | "1534.99" | "1534.94" | "1534.89" | "1534.84" | "1534.79" | "1534.74" | "1534.69" | "1534.64" | "1534.59" | "1534.54" | "1534.50" | "1534.45" | "1534.40" | "1534.35" | "1534.30" | "1534.25" | "1534.20" | "1534.15" | "1534.10" | "1534.05" | "1534.00" | "1533.96" | "1533.91" | "1533.86" | "1533.81" | "1533.76" | "1533.71" | "1533.66" | "1533.61" | "1533.56" | "1533.51" | "1533.47" | "1533.42" | "1533.37" | "1533.32" | "1533.27" | "1533.22" | "1533.17" | "1533.12" | "1533.07" | "1533.02" | "1532.98" | "1532.93" | "1532.88" | "1532.83" | "1532.78" | "1532.73" | "1532.68" | "1532.63" | "1532.58" | "1532.53" | "1532.49" | "1532.44" | "1532.39" | "1532.34" | "1532.29" | "1532.24" | "1532.19" | "1532.14" | "1532.09" | "1532.04" | "1532.00" | "1531.95" | "1531.90" | "1531.85" | "1531.80" | "1531.75" | "1531.70" | "1531.65" | "1531.60" | "1531.56" | "1531.51" | "1531.46" | "1531.41" | "1531.36" | "1531.31" | "1531.26" | "1531.21" | "1531.16" | "1531.12" | "1531.07" | "1531.02" | "1530.97" | "1530.92" | "1530.87" | "1530.82" | "1530.77" | "1530.72" | "1530.68" | "1530.63" | "1530.58" | "1530.53" | "1530.48" | "1530.43" | "1530.38" | "1530.33" | "1530.29" | "1530.24" | "1530.19" | "1530.14" | "1530.09" | "1530.04" | "1529.99" | "1529.94" | "1529.89" | "1529.85" | "1529.80" | "1529.75" | "1529.70" | "1529.65" | "1529.60" | "1529.55" | "1529.50" | "1529.46" | "1529.41" | "1529.36" | "1529.31" | "1529.26" | "1529.21" | "1529.16" | "1529.11" | "1529.07" | "1529.02" | "1528.97" | "1528.92" | "1528.87" | "1528.82" | "1528.77" | "1528.38") ), "frequency" ( /* Optical channel frequency in terahertz */ ("191.1003" | "191.15000" | "191.15625" | "191.16250" | "191.16875" | "191.17500" | "191.18125" | "191.18750" | "191.19375" | "191.20000" | "191.20625" | "191.21250" | "191.21875" | "191.22500" | "191.23125" | "191.23750" | "191.24375" | "191.25000" | "191.25625" | "191.26250" | "191.26875" | "191.27500" | "191.28125" | "191.28750" | "191.29375" | "191.30000" | "191.30625" | "191.31250" | "191.31875" | "191.32500" | "191.33125" | "191.33750" | "191.34375" | "191.35000" | "191.35625" | "191.36250" | "191.36875" | "191.37500" | "191.38125" | "191.38750" | "191.39375" | "191.40000" | "191.40625" | "191.41250" | "191.41875" | "191.42500" | "191.43125" | "191.43750" | "191.44375" | "191.45000" | "191.45625" | "191.46250" | "191.46875" | "191.47500" | "191.48125" | "191.48750" | "191.49375" | "191.50000" | "191.50625" | "191.51250" | "191.51875" | "191.52500" | "191.53125" | "191.53750" | "191.54375" | "191.55000" | "191.55625" | "191.56250" | "191.56875" | "191.57500" | "191.58125" | "191.58750" | "191.59375" | "191.60000" | "191.60625" | "191.61250" | "191.61875" | "191.62500" | "191.63125" | "191.63750" | "191.64375" | "191.65000" | "191.65625" | "191.66250" | "191.66875" | "191.67500" | "191.68125" | "191.68750" | "191.69375" | "191.70000" | "191.70625" | "191.71250" | "191.71875" | "191.72500" | "191.73125" | "191.73750" | "191.74375" | "191.75000" | "191.75625" | "191.76250" | "191.76875" | "191.77500" | "191.78125" | "191.78750" | "191.79375" | "191.80000" | "191.80625" | "191.81250" | "191.81875" | "191.82500" | "191.83125" | "191.83750" | "191.84375" | "191.85000" | "191.85625" | "191.86250" | "191.86875" | "191.87500" | "191.88125" | "191.88750" | "191.89375" | "191.90000" | "191.90625" | "191.91250" | "191.91875" | "191.92500" | "191.93125" | "191.93750" | "191.94375" | "191.95000" | "191.95625" | "191.96250" | "191.96875" | "191.97500" | "191.98125" | "191.98750" | "191.99375" | "192.00000" | "192.00625" | "192.01250" | "192.01875" | "192.02500" | "192.03125" | "192.03750" | "192.04375" | "192.05000" | "192.05625" | "192.06250" | "192.06875" | "192.07500" | "192.08125" | "192.08750" | "192.09375" | "192.10000" | "192.10625" | "192.11250" | "192.11875" | "192.12500" | "192.13125" | "192.13750" | "192.14375" | "192.15000" | "192.15625" | "192.16250" | "192.16875" | "192.17500" | "192.18125" | "192.18750" | "192.19375" | "192.20000" | "192.20625" | "192.21250" | "192.21875" | "192.22500" | "192.23125" | "192.23750" | "192.24375" | "192.25000" | "192.25625" | "192.26250" | "192.26875" | "192.27500" | "192.28125" | "192.28750" | "192.29375" | "192.30000" | "192.30625" | "192.31250" | "192.31875" | "192.32500" | "192.33125" | "192.33750" | "192.34375" | "192.35000" | "192.35625" | "192.36250" | "192.36875" | "192.37500" | "192.38125" | "192.38750" | "192.39375" | "192.40000" | "192.40625" | "192.41250" | "192.41875" | "192.42500" | "192.43125" | "192.43750" | "192.44375" | "192.45000" | "192.45625" | "192.46250" | "192.46875" | "192.47500" | "192.48125" | "192.48750" | "192.49375" | "192.50000" | "192.50625" | "192.51250" | "192.51875" | "192.52500" | "192.53125" | "192.53750" | "192.54375" | "192.55000" | "192.55625" | "192.56250" | "192.56875" | "192.57500" | "192.58125" | "192.58750" | "192.59375" | "192.60000" | "192.60625" | "192.61250" | "192.61875" | "192.62500" | "192.63125" | "192.63750" | "192.64375" | "192.65000" | "192.65625" | "192.66250" | "192.66875" | "192.67500" | "192.68125" | "192.68750" | "192.69375" | "192.70000" | "192.70625" | "192.71250" | "192.71875" | "192.72500" | "192.73125" | "192.73750" | "192.74375" | "192.75000" | "192.75625" | "192.76250" | "192.76875" | "192.77500" | "192.78125" | "192.78750" | "192.79375" | "192.80000" | "192.80625" | "192.81250" | "192.81875" | "192.82500" | "192.83125" | "192.83750" | "192.84375" | "192.85000" | "192.85625" | "192.86250" | "192.86875" | "192.87500" | "192.88125" | "192.88750" | "192.89375" | "192.90000" | "192.90625" | "192.91250" | "192.91875" | "192.92500" | "192.93125" | "192.93750" | "192.94375" | "192.95000" | "192.95625" | "192.96250" | "192.96875" | "192.97500" | "192.98125" | "192.98750" | "192.99375" | "193.00000" | "193.00625" | "193.01250" | "193.01875" | "193.02500" | "193.03125" | "193.03750" | "193.04375" | "193.05000" | "193.05625" | "193.06250" | "193.06875" | "193.07500" | "193.08125" | "193.08750" | "193.09375" | "193.10000" | "193.10625" | "193.11250" | "193.11875" | "193.12500" | "193.13125" | "193.13750" | "193.14375" | "193.15000" | "193.15625" | "193.16250" | "193.16875" | "193.17500" | "193.18125" | "193.18750" | "193.19375" | "193.20000" | "193.20625" | "193.21250" | "193.21875" | "193.22500" | "193.23125" | "193.23750" | "193.24375" | "193.25000" | "193.25625" | "193.26250" | "193.26875" | "193.27500" | "193.28125" | "193.28750" | "193.29375" | "193.30000" | "193.30625" | "193.31250" | "193.31875" | "193.32500" | "193.33125" | "193.33750" | "193.34375" | "193.35000" | "193.35625" | "193.36250" | "193.36875" | "193.37500" | "193.38125" | "193.38750" | "193.39375" | "193.40000" | "193.40625" | "193.41250" | "193.41875" | "193.42500" | "193.43125" | "193.43750" | "193.44375" | "193.45000" | "193.45625" | "193.46250" | "193.46875" | "193.47500" | "193.48125" | "193.48750" | "193.49375" | "193.50000" | "193.50625" | "193.51250" | "193.51875" | "193.52500" | "193.53125" | "193.53750" | "193.54375" | "193.55000" | "193.55625" | "193.56250" | "193.56875" | "193.57500" | "193.58125" | "193.58750" | "193.59375" | "193.60000" | "193.60625" | "193.61250" | "193.61875" | "193.62500" | "193.63125" | "193.63750" | "193.64375" | "193.65000" | "193.65625" | "193.66250" | "193.66875" | "193.67500" | "193.68125" | "193.68750" | "193.69375" | "193.70000" | "193.70625" | "193.71250" | "193.71875" | "193.72500" | "193.73125" | "193.73750" | "193.74375" | "193.75000" | "193.75625" | "193.76250" | "193.76875" | "193.77500" | "193.78125" | "193.78750" | "193.79375" | "193.80000" | "193.80625" | "193.81250" | "193.81875" | "193.82500" | "193.83125" | "193.83750" | "193.84375" | "193.85000" | "193.85625" | "193.86250" | "193.86875" | "193.87500" | "193.88125" | "193.88750" | "193.89375" | "193.90000" | "193.90625" | "193.91250" | "193.91875" | "193.92500" | "193.93125" | "193.93750" | "193.94375" | "193.95000" | "193.95625" | "193.96250" | "193.96875" | "193.97500" | "193.98125" | "193.98750" | "193.99375" | "194.00000" | "194.00625" | "194.01250" | "194.01875" | "194.02500" | "194.03125" | "194.03750" | "194.04375" | "194.05000" | "194.05625" | "194.06250" | "194.06875" | "194.07500" | "194.08125" | "194.08750" | "194.09375" | "194.10000" | "194.10625" | "194.11250" | "194.11875" | "194.12500" | "194.13125" | "194.13750" | "194.14375" | "194.15000" | "194.15625" | "194.16250" | "194.16875" | "194.17500" | "194.18125" | "194.18750" | "194.19375" | "194.20000" | "194.20625" | "194.21250" | "194.21875" | "194.22500" | "194.23125" | "194.23750" | "194.24375" | "194.25000" | "194.25625" | "194.26250" | "194.26875" | "194.27500" | "194.28125" | "194.28750" | "194.29375" | "194.30000" | "194.30625" | "194.31250" | "194.31875" | "194.32500" | "194.33125" | "194.33750" | "194.34375" | "194.35000" | "194.35625" | "194.36250" | "194.36875" | "194.37500" | "194.38125" | "194.38750" | "194.39375" | "194.40000" | "194.40625" | "194.41250" | "194.41875" | "194.42500" | "194.43125" | "194.43750" | "194.44375" | "194.45000" | "194.45625" | "194.46250" | "194.46875" | "194.47500" | "194.48125" | "194.48750" | "194.49375" | "194.50000" | "194.50625" | "194.51250" | "194.51875" | "194.52500" | "194.53125" | "194.53750" | "194.54375" | "194.55000" | "194.55625" | "194.56250" | "194.56875" | "194.57500" | "194.58125" | "194.58750" | "194.59375" | "194.60000" | "194.60625" | "194.61250" | "194.61875" | "194.62500" | "194.63125" | "194.63750" | "194.64375" | "194.65000" | "194.65625" | "194.66250" | "194.66875" | "194.67500" | "194.68125" | "194.68750" | "194.69375" | "194.70000" | "194.70625" | "194.71250" | "194.71875" | "194.72500" | "194.73125" | "194.73750" | "194.74375" | "194.75000" | "194.75625" | "194.76250" | "194.76875" | "194.77500" | "194.78125" | "194.78750" | "194.79375" | "194.80000" | "194.80625" | "194.81250" | "194.81875" | "194.82500" | "194.83125" | "194.83750" | "194.84375" | "194.85000" | "194.85625" | "194.86250" | "194.86875" | "194.87500" | "194.88125" | "194.88750" | "194.89375" | "194.90000" | "194.90625" | "194.91250" | "194.91875" | "194.92500" | "194.93125" | "194.93750" | "194.94375" | "194.95000" | "194.95625" | "194.96250" | "194.96875" | "194.97500" | "194.98125" | "194.98750" | "194.99375" | "195.00000" | "195.00625" | "195.01250" | "195.01875" | "195.02500" | "195.03125" | "195.03750" | "195.04375" | "195.05000" | "195.05625" | "195.06250" | "195.06875" | "195.07500" | "195.08125" | "195.08750" | "195.09375" | "195.10000" | "195.10625" | "195.11250" | "195.11875" | "195.12500" | "195.13125" | "195.13750" | "195.14375" | "195.15000" | "195.15625" | "195.16250" | "195.16875" | "195.17500" | "195.18125" | "195.18750" | "195.19375" | "195.20000" | "195.20625" | "195.21250" | "195.21875" | "195.22500" | "195.23125" | "195.23750" | "195.24375" | "195.25000" | "195.25625" | "195.26250" | "195.26875" | "195.27500" | "195.28125" | "195.28750" | "195.29375" | "195.30000" | "195.30625" | "195.31250" | "195.31875" | "195.32500" | "195.33125" | "195.33750" | "195.34375" | "195.35000" | "195.35625" | "195.36250" | "195.36875" | "195.37500" | "195.38125" | "195.38750" | "195.39375" | "195.40000" | "195.40625" | "195.41250" | "195.41875" | "195.42500" | "195.43125" | "195.43750" | "195.44375" | "195.45000" | "195.45625" | "195.46250" | "195.46875" | "195.47500" | "195.48125" | "195.48750" | "195.49375" | "195.50000" | "195.50625" | "195.51250" | "195.51875" | "195.52500" | "195.53125" | "195.53750" | "195.54375" | "195.55000" | "195.55625" | "195.56250" | "195.56875" | "195.57500" | "195.58125" | "195.58750" | "195.59375" | "195.60000" | "195.60625" | "195.61250" | "195.61875" | "195.62500" | "195.63125" | "195.63750" | "195.64375" | "195.65000" | "195.65625" | "195.66250" | "195.66875" | "195.67500" | "195.68125" | "195.68750" | "195.69375" | "195.70000" | "195.70625" | "195.71250" | "195.71875" | "195.72500" | "195.73125" | "195.73750" | "195.74375" | "195.75000" | "195.75625" | "195.76250" | "195.76875" | "195.77500" | "195.78125" | "195.78750" | "195.79375" | "195.80000" | "195.80625" | "195.81250" | "195.81875" | "195.82500" | "195.83125" | "195.83750" | "195.84375" | "195.85000" | "195.85625" | "195.86250" | "195.86875" | "195.87500" | "195.88125" | "195.88750" | "195.89375" | "195.90000" | "195.90625" | "195.91250" | "195.91875" | "195.92500" | "195.93125" | "195.93750" | "195.94375" | "195.95000" | "195.95625" | "195.96250" | "195.96875" | "195.97500" | "195.98125" | "195.98750" | "195.99375" | "196.00000" | "196.00625" | "196.01250" | "196.01875" | "196.02500" | "196.03125" | "196.03750" | "196.04375" | "196.05000" | "196.05625" | "196.06250" | "196.06875" | "196.07500" | "196.08125" | "196.08750" | "196.09375" | "196.10000" | "196.15040") ) ), "tx-power" arg /* Transmit laser output power */, "laser-enable" /* Enable transmit laser */, "no-laser-enable" /* Don't enable transmit laser */ ) end rule(:ocs_definition) do c( "partition" arg ( /* OCS partition configuration */ c( "alternative-partition-name" arg /* Alternative diameter partition */, "called-station-id" arg /* OCS called station id */, "backup" ( /* OCS Backup feature */ c( "limit" arg /* Maximium number of subscriber in backup */, "overflow" ( /* Backup overflow action */ ("deny-login" | "drop-oldest") ), "timeout" arg /* Backup timeout */ ) ), "charging-id" arg /* OCS charging id */, "destination-realm" arg /* OCS destination realm */, "destination-host" arg /* OCS destination host */, "diameter-instance" arg /* OCS diameter instance */, "draining" /* Set this PCRF partiton to draining state */, "draining-response-timeout" arg /* Final response timeout in draining mode */, "force-continue" /* Expect/force 'continue' as cc-failure-handling value */, "ggsn-address" ( /* Value of ggsn-address avp reported to ocs */ ipaddr /* Value of ggsn-address avp reported to ocs */ ), "ggsn-mcc-mnc" arg /* Value of 3gpp-ggsn-mcc-mnc avp reported to ocs */, "final-response-timeout" arg /* Final response timeout */, "max-outstanding-requests" arg /* Maximum number of outstanding requests */, "send-origin-state-id" /* Include origin-state-id avp */, "sftp-backup" ( /* Add sftp-backup options */ c( "address" ( /* IP address of sftp server */ ipaddr /* IP address of sftp server */ ), "accumulation-count" arg /* Number of CCR-Ts accumulated before file transmission */, "accumulation-size" arg /* Max size of sftp file */, "accumulation-timeout" arg /* Accumulation delay before stfp file transmission */, "directory" arg /* Configure directory */, "file-name-prefix" arg /* File for sftp destination */, c( "logical-system" ( /* Logical system to be used by sftp */ sc( arg /* Name of logical system */, "routing-instance" arg /* Routing instance to be used by sftp */ ) ).as(:oneline), "routing-instance" arg /* Routing instance to be used by sftp */ ), "node-ipv4-address" ( /* IPv4 address of sending node to be included in the file */ ipv4addr /* IPv4 address of sending node to be included in the file */ ), "node-ipv6-address" ( /* IPv6 address of sending node to be included in the file */ ipv6addr /* IPv6 address of sending node to be included in the file */ ), "port" arg /* Port on sftp server */, "response-timeout" arg /* Timeout for sftp command response */, "retry-interval" arg /* Interval for retry after failed stfp file transmission */, "ssh-connection-linger" arg /* Underlying ssh session connection linger */, "ssh-login" arg /* Ssh login name */, "ssh-passphrase" arg /* Passphrase for underlying ssh session */, "ssh-log-verbose" /* Run ssh subprocess with verbose log */ ) ), "user-name-include" ( /* Add user-name options */ c( "delimiter" arg /* Change delimiter/separator character */, "domain-name" arg /* Domain name */, "interface-name" /* Include interface-name */, "base-interface-name" /* Include base-interface-name */, "mac-address" /* Include MAC address */, "nas-port-id" /* Include nas-port-id */, "origin-host" /* Include origin-host */, "origin-realm" /* Include origin-host */, "user-prefix" arg /* Add user defined prefix */, "user-name" /* Include user-name */ ) ) ) ), "global" ( /* OCS global parameters */ c( "service-context-id" arg /* Service context-id for OCS */ ) ) ) end rule(:odu_attributes) do c( "rate" ( /* Specific type of ODU, according to data rate */ ("odu4") ), "is-ma" /* Link is enabled for maintenance tasks, alarms are masked */, "no-is-ma" /* Don't link is enabled for maintenance tasks, alarms are masked */, "tti" ( /* Configuration of OTU trail trace identifier */ otn_tti_attributes /* Configuration of OTU trail trace identifier */ ), "degrade" ( /* Configuration of OTU degrade defect detection */ otn_degrade /* Configuration of OTU degrade defect detection */ ), "exp-payload-type" arg /* Expected OPU payload type */, "prbs" ( /* Configuration of framed pseudorandom binary sequence test signal */ prbs_config /* Configuration of framed pseudorandom binary sequence test signal */ ) ) end rule(:otn_degrade) do c( "degm" arg /* Number of consecutive intervals error rate above threshold */, "degthr" arg /* Threshold - percentage errored blocks, ex. 1.23 = 1.23% */ ) end rule(:otn_tti_attributes) do c( "sapi" arg /* Transmitted source access point identifier field */, "dapi" arg /* Transmitted destination access point identifier field */, "operator" arg /* Transmitted operator field */, "exp-sapi" arg /* Expected received source access point identifier field */, "exp-dapi" arg /* Expected received destination access point identifier field */, "tim-detect-mode" ( /* Trace input mismatch defect detection mode */ ("disabled" | "sapi-only" | "dapi-only" | "sapi-and-dapi") ), "tim-act-enable" /* Enable trace input mismatch consequential actions */, "no-tim-act-enable" /* Don't enable trace input mismatch consequential actions */ ) end rule(:otn_options_type) do c( "laser-enable" /* Enable Laser */, "no-laser-enable" /* Don't enable Laser */, "is-ma" /* Link is enabled with alarms masked */, "no-is-ma" /* Don't link is enabled with alarms masked */, "line-loopback" /* Enable line loopback */, "no-line-loopback" /* Don't enable line loopback */, "local-loopback" /* Enable local host loopback */, "no-local-loopback" /* Don't enable local host loopback */, "prbs" /* Enable otn payload prbs */, "no-prbs" /* Don't enable otn payload prbs */, "odu-ttim-action-enable" /* Enable consequent action for ODU TTIM */, "no-odu-ttim-action-enable" /* Don't enable consequent action for ODU TTIM */, "otu-ttim-action-enable" /* Enable consequent action for OTU TTIM */, "no-otu-ttim-action-enable" /* Don't enable consequent action for OTU TTIM */, "transport-monitoring" /* Enable transport monitoring */, "no-transport-monitoring" /* Don't enable transport monitoring */, "odu-delay-management" ( /* Set odu delay management */ c( "monitor-end-point" /* Originate connection monitor end point */, "no-monitor-end-point" /* Don't originate connection monitor end point */, "start-measurement" /* Enable to start a dm measurement */, "no-start-measurement" /* Don't enable to start a dm measurement */, "bypass" /* Act as tandem passing dm value through node */, "no-bypass" /* Don't act as tandem passing dm value through node */, "number-of-frames" arg /* Number of consequent frames to declare dm done */, "remote-loop-enable" /* Enable remote DM loop on remote end */, "no-remote-loop-enable" /* Don't enable remote DM loop on remote end */ ) ), "signal-degrade" ( /* Signal degrade thresholds */ c( "interval" arg /* Time interval */, "ber-threshold-clear" arg /* Ber threshold for signal degrade clear (format: xe-n, example: 4.5e-3) */, "ber-threshold-signal-degrade" arg /* Ber threshold for signal-degrade (format: xe-n, example: 4.5e-3) */, "q-threshold-signal-degrade-clear" arg /* Q threshold for signal-degrade clear (e.g. 14.26) */, "q-threshold-signal-degrade" arg /* Q threshold for signal-degrade (e.g. 9.26) */ ) ), "odu-signal-degrade" ( /* Signal degrade thresholds for ODU */ c( "interval" arg /* Time interval */, "ber-threshold-clear" arg /* Ber th for sd clear (format: xe-n, example: 4.5e-3) */, "ber-threshold-signal-degrade" arg /* Ber th for sd (format: xe-n, example: 4.5e-3) */ ) ), "preemptive-fast-reroute" ( /* Preemptive fast reroute */ c( "odu-signal-degrade-monitor-enable" /* Enable ODU signal degrade monitoring */, "no-odu-signal-degrade-monitor-enable" /* Don't enable ODU signal degrade monitoring */, "odu-backward-frr-enable" /* Enable ODU backward frr insertion */, "no-odu-backward-frr-enable" /* Don't enable ODU backward frr insertion */, "signal-degrade-monitor-enable" /* Enable signal degrade monitoring */, "no-signal-degrade-monitor-enable" /* Don't enable signal degrade monitoring */, "backward-frr-enable" /* Enable backward frr insertion */, "no-backward-frr-enable" /* Don't enable backward frr insertion */ ) ), "fec" ( /* Forward Error Correction mode */ ("none" | "gfec" | "efec" | "gfec-sdfec" | "ufec" | "sdfec" | "hgfec" | "sdfec15") ), "insert-odu-oci" /* Force odu open connection indication */, "no-insert-odu-oci" /* Don't force odu open connection indication */, "insert-odu-lck" /* Force odu locked maintenance signal */, "no-insert-odu-lck" /* Don't force odu locked maintenance signal */, "rate" ( /* Optical Transmission Network mode */ ("pass-thru" | "fixed-stuff-bytes" | "no-fixed-stuff-bytes" | "oc192" | "otu3" | "otu4") ), "bytes" ( /* Set OTN header bytes */ c( "transmit-payload-type" arg /* Transmit payload type */ ) ), "tti" ( /* Trace Identifier */ c( "otu-dapi" arg /* OTU Destination Access Point Identifier */, "otu-sapi" arg /* OTU Source Access Point Identifier */, "otu-expected-receive-dapi" arg /* OTU Expected Receive Destination Access Point Identifier */, "otu-expected-receive-sapi" arg /* OTU Expected Receive Source Access Point Identifier */, "odu-dapi" arg /* ODU Destination Access Point Identifier */, "odu-sapi" arg /* ODU Source Access Point Identifier */, "odu-expected-receive-dapi" arg /* ODU Expected Receive Destination Access Point Identifier */, "odu-expected-receive-sapi" arg /* ODU Expected Receive Source Access Point Identifier */, "otu-dapi-first-byte-nul" /* Insert all-0s to first byte */, "no-otu-dapi-first-byte-nul" /* Don't insert all-0s to first byte */, "otu-sapi-first-byte-nul" /* Insert all-0s to first byte */, "no-otu-sapi-first-byte-nul" /* Don't insert all-0s to first byte */, "otu-expected-receive-dapi-first-byte-nul" /* Insert all-0s to first byte */, "no-otu-expected-receive-dapi-first-byte-nul" /* Don't insert all-0s to first byte */, "otu-expected-receive-sapi-first-byte-nul" /* Insert all-0s to first byte */, "no-otu-expected-receive-sapi-first-byte-nul" /* Don't insert all-0s to first byte */, "odu-dapi-first-byte-nul" /* Insert all-0s to first byte */, "no-odu-dapi-first-byte-nul" /* Don't insert all-0s to first byte */, "odu-sapi-first-byte-nul" /* Insert all-0s to first byte */, "no-odu-sapi-first-byte-nul" /* Don't insert all-0s to first byte */, "odu-expected-receive-dapi-first-byte-nul" /* Insert all-0s to first byte */, "no-odu-expected-receive-dapi-first-byte-nul" /* Don't insert all-0s to first byte */, "odu-expected-receive-sapi-first-byte-nul" /* Insert all-0s to first byte */, "no-odu-expected-receive-sapi-first-byte-nul" /* Don't insert all-0s to first byte */ ) ), "trigger" ( /* Defect triggers */ c( "oc-los" ( /* OC Loss Of Signal defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "oc-lof" ( /* OC Loss Of Frame defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "oc-lom" ( /* OC Loss Of Multiframe defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "oc-wavelength-lock" ( /* OC Wavelength Lock defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "oc-tsf" ( /* Oc tsf defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "otu-ais" ( /* OTU Alarm Indication Signal defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "otu-bdi" ( /* OTU Backward Defect Indication defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "otu-iae" ( /* OTU Incoming Alignment defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "otu-ttim" ( /* OTU Trail Trace Identifier Mismatch defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "otu-sd" ( /* OTU Signal Degrade defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "otu-fec-deg" ( /* OTU FEC Degrade defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "otu-fec-exe" ( /* OTU FEC Excessive Error defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "odu-ais" ( /* ODU Alarm Indication Signal defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "odu-bdi" ( /* ODU Backward Defect Indication defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "odu-iae" ( /* Odu iae defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "odu-bei" ( /* Odu backward error indication defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "odu-oci" ( /* ODU Open Connection Indication defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "odu-lck" ( /* ODU Locked defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "odu-ttim" ( /* ODU Trail Trace Identifier Mismatch defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "odu-sd" ( /* ODU Signal Degrade defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "opu-ptim" ( /* Payload Type Mismatch defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before clearing or raising the alarm for defect */ sc( "up" arg /* Delay before clearing the alarm when the defect is absent */, "down" arg /* Delay before raising the alarm when the defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline) ) ), "tca" ( /* TCA - threshold crossing alerts */ c( "otu-tca-es" ( /* OTU Errored Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the OTU errored seconds threshold crossing alert */, "no-enable-tca" /* Don't enable the OTU errored seconds threshold crossing alert */, "threshold" arg /* TCA threshold for OTU errored seconds in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for OTU errored seconds in 24 hours */ ) ).as(:oneline), "otu-tca-ses" ( /* OTU Severely Errored Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the OTU severely errored seconds threshold crossing alert */, "no-enable-tca" /* Don't enable the OTU severely errored seconds threshold crossing alert */, "threshold" arg /* TCA threshold for OTU severely errored seconds in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for OTU severely errored seconds in 24 hours */ ) ).as(:oneline), "otu-tca-uas" ( /* OTU Unavailable Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the OTU unavailable seconds threshold crossing alert */, "no-enable-tca" /* Don't enable the OTU unavailable seconds threshold crossing alert */, "threshold" arg /* TCA threshold for OTU unavailable seconds in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for OTU unavailable seconds in 24 hours */ ) ).as(:oneline), "otu-tca-bbe" ( /* OTU Background Block Error Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the OTU BBE threshold crossing alert */, "no-enable-tca" /* Don't enable the OTU BBE threshold crossing alert */, "threshold" arg /* TCA threshold for OTU BBE in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for OTU BBE in 24 hours */ ) ).as(:oneline), "otu-tca-es-fe" ( /* OTU far-end Errored Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the OTU far-end errored seconds threshold crossing alert */, "no-enable-tca" /* Don't enable the OTU far-end errored seconds threshold crossing alert */, "threshold" arg /* TCA threshold for OTU far-end errored seconds in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for OTU far-end errored seconds in 24 hours */ ) ).as(:oneline), "otu-tca-ses-fe" ( /* OTU far-end Severely Errored Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the OTU far-end Unavailable Seconds threshold crossing alert */, "no-enable-tca" /* Don't enable the OTU far-end Unavailable Seconds threshold crossing alert */, "threshold" arg /* TCA threshold for OTU far-end severely errored seconds in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for OTU far-end severely errored seconds in 24 hours */ ) ).as(:oneline), "otu-tca-uas-fe" ( /* OTU far-end Unavailable Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the OTU far end unavailabe second threshold crossing alert */, "no-enable-tca" /* Don't enable the OTU far end unavailabe second threshold crossing alert */, "threshold" arg /* TCA threshold for OTU far-end unavailable seconds in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for OTU far-end unavailable seconds in 24 hours */ ) ).as(:oneline), "otu-tca-bbe-fe" ( /* OTU far-end Background Block Error (BEI) Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the OTU BBE (BEI) threshold crossing alert */, "no-enable-tca" /* Don't enable the OTU BBE (BEI) threshold crossing alert */, "threshold" arg /* TCA threshold for OTU far-end BBE (BEI) in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for OTU far-end BBE (BEI) in 24 hours */ ) ).as(:oneline), "odu-tca-es" ( /* ODU Errored Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the ODU errored seconds threshold crossing alert */, "no-enable-tca" /* Don't enable the ODU errored seconds threshold crossing alert */, "threshold" arg /* TCA threshold for ODU errored seconds in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for ODU errored seconds in 24 hours */ ) ).as(:oneline), "odu-tca-ses" ( /* ODU Severely Errored Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the ODU severely errored seconds threshold crossing alert */, "no-enable-tca" /* Don't enable the ODU severely errored seconds threshold crossing alert */, "threshold" arg /* TCA threshold for ODU severely errored seconds in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for ODU severely-errored seconds in 24 hours */ ) ).as(:oneline), "odu-tca-uas" ( /* ODU Unavailable Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the ODU unavailable seconds threshold crossing alert */, "no-enable-tca" /* Don't enable the ODU unavailable seconds threshold crossing alert */, "threshold" arg /* TCA threshold for ODU unavailable seconds in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for ODU unavailable seconds in 24 hours */ ) ).as(:oneline), "odu-tca-bbe" ( /* ODU Background Block Error Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the ODU BBE threshold crossing alert */, "no-enable-tca" /* Don't enable the ODU BBE threshold crossing alert */, "threshold" arg /* TCA threshold for ODU BBE in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for ODU backgrand block error in 24 hours */ ) ).as(:oneline), "odu-tca-es-fe" ( /* ODU far-end Errored Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the ODU far-end errored seconds threshold crossing alert */, "no-enable-tca" /* Don't enable the ODU far-end errored seconds threshold crossing alert */, "threshold" arg /* TCA threshold for ODU far-end errored seconds in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for ODU far-end errored seconds in 24 hours */ ) ).as(:oneline), "odu-tca-ses-fe" ( /* ODU far-end Severely Errored Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the ODU far-end Unavailable Seconds threshold crossing alert */, "no-enable-tca" /* Don't enable the ODU far-end Unavailable Seconds threshold crossing alert */, "threshold" arg /* TCA threshold for ODU far-end severely errored seconds in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for ODU severely-errored seconds in 24 hours */ ) ).as(:oneline), "odu-tca-uas-fe" ( /* ODU far-end Unavailable Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the ODU far end unavailabe second threshold crossing alert */, "no-enable-tca" /* Don't enable the ODU far end unavailabe second threshold crossing alert */, "threshold" arg /* TCA threshold for ODU far-end unavailable seconds in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for ODU far-end unavailable seconds in 24 hours */ ) ).as(:oneline), "odu-tca-bbe-fe" ( /* ODU far-end Background Block Error (BEI) Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the ODU BBE (BEI) threshold crossing alert */, "no-enable-tca" /* Don't enable the ODU BBE (BEI) threshold crossing alert */, "threshold" arg /* TCA threshold for ODU far-end BBE (BEI) in 15 minutes */, "threshold-24hrs" arg /* TCA threshold for ODU far-end backgrand block error in 24 hours */ ) ).as(:oneline), "otu-tca-fec-ber" ( /* OTU Errored Seconds Threshold crossing defect trigger */ sc( "enable-tca" /* Enable the OTU errored seconds threshold crossing alert */, "no-enable-tca" /* Don't enable the OTU errored seconds threshold crossing alert */, "threshold" arg /* TCA threshold for BER value in format: xe-n, x is an integer or decimal number, n = 0..9 */, "threshold-24hrs" arg /* TCA threshold for BER value in format: xe-n, x is an integer or decimal number, n = 0..9 */ ) ).as(:oneline) ) ) ) end rule(:otu_attributes) do c( "rate" ( /* Specific type of OTU, according to data rate */ ("otu4") ), "is-ma" /* Link is enabled for maintenance tasks, alarms are masked */, "no-is-ma" /* Don't link is enabled for maintenance tasks, alarms are masked */, "fec" ( /* Forward error correction type */ ("none" | "gfec" | "hgfec") ), "loopback" ( /* Enabled loopback mode */ ("none" | "local" | "line") ), "tti" ( /* Configuration of OTU trail trace identifier */ otn_tti_attributes /* Configuration of OTU trail trace identifier */ ), "degrade" ( /* Configuration of OTU degrade defect detection */ otn_degrade /* Configuration of OTU degrade defect detection */ ) ) end rule(:output_plugin) do arg.as(:arg) ( c( "parameters" ( /* List of key:value parameters for plugin */ parameter_pair /* List of key:value parameters for plugin */ ) ) ) end rule(:override_local_server_type) do c( "interface-client-limit" arg /* Limit the number of clients allowed on an interface */, "no-arp" /* Disable DHCP ARP table population */, "bootp-support" /* Allow processing of bootp requests */, "client-discover-match" ( /* Use secondary match criteria for DISCOVER PDU */ sc( c( "option60-and-option82" /* Use option 60 and option 82 */, "incoming-interface" /* Use incoming interface */ ) ) ).as(:oneline), "delay-offer" ( /* Filter options for dhcp-server */ dhcpv4_filter_option /* Filter options for dhcp-server */ ), "process-inform" ( /* Process INFORM PDUs */ c( "pool" arg /* Pool name for family inet */ ) ), "include-option-82" ( /* Include option-82 in reply packets */ c( "nak" /* Include option-82 in NAK */, "forcerenew" /* Include option-82 in FORCERENEW */ ) ), "delete-binding-on-renegotiation" /* Delete binding on renegotiation */, "allow-no-end-option" /* Allow packets without end-of-option */, "asymmetric-lease-time" arg /* Use a reduced lease time for the client. In seconds */, "protocol-attributes" arg /* DHCPv4 attributes to use as defined under access protocol-attributes */, "dual-stack" arg /* Dual stack group to use */ ) end rule(:dhcpv4_filter_option) do c( "delay-time" arg /* Time delay between discover and offer */, "based-on" ( /* Option number */ c( "option-82" ( /* Option 82 */ c( "equals" ( /* Generic option equals */ server_v6_option_ascii_hex /* Generic option equals */ ), "not-equals" ( /* Generic option not equals */ server_v6_option_ascii_hex /* Generic option not equals */ ), "starts-with" ( /* Generic option starts-with */ server_v6_option_ascii_hex /* Generic option starts-with */ ) ) ), "option-60" ( /* Option 60 */ c( "equals" ( /* Generic option equals */ server_v6_option_ascii_hex /* Generic option equals */ ), "not-equals" ( /* Generic option not equals */ server_v6_option_ascii_hex /* Generic option not equals */ ), "starts-with" ( /* Generic option starts-with */ server_v6_option_ascii_hex /* Generic option starts-with */ ) ) ), "option-77" ( /* Option 77 */ c( "equals" ( /* Generic option equals */ server_v6_option_ascii_hex /* Generic option equals */ ), "not-equals" ( /* Generic option not equals */ server_v6_option_ascii_hex /* Generic option not equals */ ), "starts-with" ( /* Generic option starts-with */ server_v6_option_ascii_hex /* Generic option starts-with */ ) ) ) ) ) ) end rule(:override_type) do c( "no-unicast-replies" /* Overwrite unicast bit in incoming packet, when present */, "allow-snooped-clients" /* Allow client creation from snooped PDUs */, "no-allow-snooped-clients" /* Don't allow client creation from snooped PDUs */, "allow-no-end-option" /* Allow packets without end-of-option */, "always-write-giaddr" /* Overwrite existing 'giaddr' field, when present */, "always-write-option-82" ( /* Overwrite existing value of option 82, when present */ write_option_82_type /* Overwrite existing value of option 82, when present */ ), "user-defined-option-82" arg /* Set user defined description for option-82 */, "layer2-unicast-replies" /* Do not broadcast client responses */, "trust-option-82" /* Trust options-82 option */, "delay-authentication" /* Delay subscriber authentication in DHCP protocol processing until request packet */, "disable-relay" /* Disable DHCP relay processing */, "no-bind-on-request" /* Do not bind if stray DHCP request is received */, "interface-client-limit" arg /* Limit the number of client allowed on an interface */, "no-arp" /* Disable DHCP ARP table population */, "bootp-support" /* Allows relay of bootp req and reply */, "dual-stack" arg /* Dual stack group to use. */, "client-discover-match" ( /* Use secondary match criteria for DISCOVER PDU */ sc( c( "option60-and-option82" /* Use option 60 and option 82 */, "incoming-interface" /* Use incoming interface */ ) ) ).as(:oneline), "proxy-mode" /* Put the relay in proxy mode */.as(:oneline), "asymmetric-lease-time" arg /* Use a reduced lease time for the client. In seconds */, "replace-ip-source-with" ( /* Replace IP source address in request and release packets */ sc( c( "giaddr" /* Replace IP source address with giaddr */ ) ) ).as(:oneline), "send-release-on-delete" /* Always send RELEASE to the server when a binding is deleted */, "apply-secondary-as-giaddr" /* Enable DHCP relay to use secondary gateway ip for relay interfaces */, "relay-source" ( /* Interface for relay source */ interface_name /* Interface for relay source */ ), "delete-binding-on-renegotiation" /* Delete binding on rengotiation */ ) end rule(:p2mp_ldp_lsp_nh_obj) do c( "root-address" arg ( /* Configure the root address of P2MP LSP */ c( "lsp-id" arg /* Configure the generic LSP identifier */, "group-address" arg ( /* IPv4/Ipv6 group address for mLDP LSP */ c( "source-address" arg /* IPv4/Ipv6 source address */ ) ) ) ) ) end rule(:packet_capture_egress_intf_type) do c( "interface" arg /* Interface options */ ) end rule(:packet_accounting_output_type) do c( "aggregate-export-interval" arg /* Interval of exporting aggregate accounting information */, "flow-inactive-timeout" arg /* Interval of inactivity that marks a flow inactive */, "flow-active-timeout" arg /* Interval after which an active flow is exported */, "cflowd" ( /* Cflowd collector where flow records are sent */ cflowd_packet_accounting_type /* Cflowd collector where flow records are sent */ ), "interface" ( /* Interfaces used to send monitored information */ packet_export_intf_type /* Interfaces used to send monitored information */ ) ) end rule(:cflowd_packet_accounting_type) do arg.as(:arg) ( c( "port" arg /* UDP port number on host collecting cflowd packets */, "dscp" arg /* Numeric DSCP value in the range 0 to 63 */, "forwarding-class" arg /* Forwarding-class for exported jflow packets, applicable only for inline-jflow */, "routing-instance" arg /* Name of routing instance on which flow collector is reachable */, "version" ( /* Format of exported cflowd aggregates */ ("5" | "8") ), "autonomous-system-type" ( /* Type of autonomous system number to export */ ("origin" | "peer") ), "aggregation" ( /* Aggregations to perform for exported flows (version 8 only) */ aggregation_type /* Aggregations to perform for exported flows (version 8 only) */ ) ) ) end rule(:packet_export_intf_type) do arg.as(:arg) ( c( "engine-id" arg /* Identity (number) of this accounting interface */, "engine-type" arg /* Type (number) of this accounting interface */, "source-address" ( /* Address to use for generating monitored packets */ ipaddr /* Address to use for generating monitored packets */ ), "export-port" ( /* Jflow export port configuration */ export_port_address_type /* Jflow export port configuration */ ) ) ) end rule(:export_port_address_type) do c( "address" ( /* Address to use for jflow export port */ ipv4prefix /* Address to use for jflow export port */ ), "gateway" ( /* Gateway address to reach jflow server */ ipv4addr /* Gateway address to reach jflow server */ ) ) end rule(:parameter_pair) do arg.as(:arg) ( c( arg /* Parameter value */ ) ) end rule(:pccd_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("pccd-main" | "pccd-config" | "pccd-core" | "pccd-ui" | "pccd-rpd" | "pccd-functions" | "pccd-nsr" | "all")) /* Area of PCCD to enable debugging output */.as(:oneline) ) end rule(:pcp_object) do c( "traceoptions" ( /* Trace options for PCP-LOG */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "flow" | "all")) /* Tracing parameters */.as(:oneline) ) ), "server" ( /* Define a PCP server */ pcp_server_object /* Define a PCP server */ ), "rule" ( /* Define a PCP rule */ pcp_rule_object /* Define a PCP rule */ ), "rule-set" arg ( /* Defines a set of PCP rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ) ) end rule(:pcp_rule_object) do arg.as(:arg) ( c( "match-direction" ( /* Define direction for which the rule match is applied */ ("input" | "output") ), "term" arg ( /* Define a PCP term */ c( "from" ( /* Define match criteria */ sfw_match_object /* Define match criteria */ ), "then" ( /* Action to take if the 'from' condition is matched */ c( "pcp-server" arg /* Define PCP server */ ) ) ) ), "match" ( /* Define match criteria */ sfw_match_object /* Define match criteria */ ), "then" ( /* Action to take if the 'from' condition is matched */ c( "pcp-server" arg /* Define PCP server */ ) ) ) ) end rule(:pcp_server_object) do arg.as(:arg) ( c( "ipv4-address" ( /* Configure IPv4 address for this PCP server */ ipv4addr /* Configure IPv4 address for this PCP server */ ), "ipv6-address" ( /* Configure IPv6 address for this PCP server */ ipv6addr /* Configure IPv6 address for this PCP server */ ), "softwire-concentrator" arg /* Softwire ds-lite concentrator */, "softwire-concentrator-name" arg /* Softwire ds-lite concentrator */, "mapping-lifetime-minimum" arg /* Configure the minimum lifetime for any mapping */, "mapping-lifetime-maximum" arg /* Configure the maximum lifetime for any mapping */, "short-lifetime-error" arg /* Configure duration of a short-lifetime error */, "long-lifetime-error" arg /* Configure duration of a long-lifetime error */, "max-mappings-per-client" arg /* Configure maximum mappings permitted per client */, "pcp-options" ( /* Configure PCP options supported by this server */ sc( "third-party" /* Enable Third Party option */, "prefer-failure" /* Enable Prefer Failure option */ ) ).as(:oneline), "nat-options" ( /* NAT options of this PCP server */ c( "pool" arg /* One or more nat pools */ ) ), "nat-option" ( /* NAT option of this PCP server */ c( "pool" arg /* One or more nat pools */ ) ) ) ) end rule(:pcrf_definition) do c( "partition" arg ( /* PCRF partition configuration */ c( "accept-sdr" /* Accept service discovery requests */, "destination-realm" arg /* PCRF destination realm */, "destination-host" arg /* PCRF destination host */, "diameter-instance" arg /* PCRF diameter instance */, "draining" /* Set this PCRF partiton to draining state */, "draining-response-timeout" arg /* Logout response timeout in draining mode */, "ip-can-type" arg /* Value of IP-CAN-Type AVP for this PCRF partition */, "local-decision" ( /* Local decision configuration */ c( c( "grant" /* Grant user connection by default */, "deny" /* Deny user connection by default */ ), "reinit-on-failure" /* Reinit from local-active state on receiving result 5012 */, "reinit-on-rar" /* Reinit from local-active state on received rar */, "reinit-timeout" arg /* Local reinit timeout */, "timeout" arg /* Local decision timeout */ ) ), "logout-response-timeout" arg /* Logout response timeout */, "max-outstanding-requests" arg /* Maximum number of outstanding requests */, "report-local-rule" /* Report installed local rule to PCRF */, "report-resource-allocation" /* Report rule installation failuresto PCRF */, "report-successful-resource-allocation" /* Report rule installation successes to PCRF */, "send-dyn-subscription-indicator" /* Include Juniper-Dyn-Subscription-Indidicator into ccr-i */, "send-network-family-indicator" /* Include Juniper-Network-Family-Indidicator into ccr-i */, "send-origin-state-id" /* Include origin-state-id avp */, "subscription-id-type" arg /* Value of subscription-id-type AVP for this PCRF partition */, "subscription-id-data-include" ( /* Add subscription-id-data options */ c( "delimiter" arg /* Change delimiter/separator character */, "domain-name" arg /* Domain name */, "interface-name" /* Include interface-name */, "vlan-tags" /* Include interface vlan tags (svlan-vlan) */, "base-interface-name" /* Include base-interface-name */, "mac-address" /* Include MAC address */, "nas-port-id" /* Include nas-port-id */, "origin-host" /* Include origin-host */, "origin-realm" /* Include origin-host */, "user-prefix" arg /* Add user defined prefix */, "user-name" /* Include user-name */ ) ), "use-session-stamp" /* Use session init timestamp as part of session-id */, "update-response-timeout" arg /* Update response timeout */ ) ), "global" ( /* PCRF global parameters */ c( "rule-param" arg ( /* Charging juniper-param avp configuraion */ c( "param-name" arg /* Name associatated with this juniper-param avp */, "log-name" arg /* Log-name associatated with this juniper-param avp */ ) ) ) ) ) end rule(:peer_group) do arg.as(:arg) ( c( "local-ip-addr" ( /* Local IP address to use for this peer alone. */ ipv4addr /* Local IP address to use for this peer alone. */ ), "session-establishment-hold-time" arg /* Time within which connection must succeed with this peer */, "redundancy-group-id-list" arg /* List of redundacy groups this peer is part of */, "backup-liveness-detection" ( /* Backup liveness detection */ c( "backup-peer-ip" ( /* Backup livelness detection peer's IP address */ ipv4addr /* Backup livelness detection peer's IP address */ ) ) ), "liveness-detection" ( /* Bidirectional Forwarding Detection options for the peer */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ) ) ), "authentication-key" arg /* MD5 authentication key */ ) ) end rule(:peers_type) do arg.as(:arg) ( c( "user" arg /* User name */, "authentication" ( /* Authentication string */ unreadable /* Authentication string */ ), "routing-instance" arg /* Specific routing instance for connectivity to remote peer */ ) ) end rule(:periodic_oam) do c( "mpls-tp-mode" ( /* MPLS-TP Mode, Do not use IP addressing for OAM */ c( "lsping-channel-type" ( /* Supported Control-channel types for MPLS-TP mode.... */ c( c( "ipv4" /* Use channel-type IPv4(0x0021), With IP-UDP encapsulation */, "on-demand-cv" /* Use channel-type On-Demand-CV(0x0025), Without IP-UDP encapsulation */ ) ) ) ) ), "bfd-port" ( /* Egress knob to select MHOP-BFD port for MPLS BFD */ c( "import" ( /* Import policy */ policy_algebra /* Import policy */ ) ) ), "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "failure-action" ( /* Action to take when BFD session goes down */ sc( c( "teardown" /* Teardown label switched path and resignal */, "make-before-break" ( /* Resignal the label switched path before teardown */ c( "teardown-timeout" arg /* Time to wait before teardown */ ) ) ) ) ).as(:oneline), "no-router-alert-option" /* Do not set Router-Alert options in IP header for MPLS-BFD */, "use-ip-ttl-1" /* Set TTL value to 1 in IP header for MPLS-BFD */ ) ), "performance-monitoring" ( /* Performance monitoring options */ c( "traceoptions" ( /* Trace options for PM */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("init" | "error" | "event" | "general" | "packet" | "timer" | "all")) /* Tracing parameters */.as(:oneline) ) ), "querier" ( /* Querier options */ c( "loss" ( /* Loss measurement options */ c( "traffic-class" enum(("tc-0" | "tc-1" | "tc-2" | "tc-3" | "tc-4" | "tc-5" | "tc-6" | "tc-7" | "all" | "none")) ( /* Traffic class specific options */ c( "query-interval" arg /* Minimum transmit interval */, "measurement-quantity" ( /* Loss measurement quantity */ ("bytes" | "packets") ), "average-sample-size" arg /* Number of samples used in average calculation */, "loss-threshold" arg /* Loss threshold value */, "loss-threshold-window" arg /* Number of samples for loss threshold calculation */ ) ) ) ), "delay" ( /* Delay measurement options */ c( "traffic-class" enum(("tc-0" | "tc-1" | "tc-2" | "tc-3" | "tc-4" | "tc-5" | "tc-6" | "tc-7" | "all")) ( /* Traffic class specific options */ c( "query-interval" arg /* Minimum transmit interval */, "padding-size" arg /* Size of padding */, "average-sample-size" arg /* Number of samples used in average calculation */, "twcd-delay-threshold" arg /* Two way channel delay threshold value */, "rtt-delay-threshold" arg /* Round trip delay threshold value */ ) ) ) ), "loss-delay" ( /* Combined loss-delay measurement options */ c( "traffic-class" enum(("tc-0" | "tc-1" | "tc-2" | "tc-3" | "tc-4" | "tc-5" | "tc-6" | "tc-7" | "all" | "none")) ( /* Traffic class specific options */ c( "query-interval" arg /* Minimum transmit interval */, "measurement-quantity" ( /* Loss measurement quantity */ ("bytes" | "packets") ), "padding-size" arg /* Size of padding */, "average-sample-size" arg /* Number of samples used in average calculation */, "loss-threshold" arg /* Loss threshold value */, "loss-threshold-window" arg /* Number of samples for loss threshold calculation */, "twcd-delay-threshold" arg /* Two way channel delay threshold value */, "rtt-delay-threshold" arg /* Round trip delay threshold value */ ) ) ) ) ) ), "responder" ( /* Responder options */ c( "loss" ( /* Loss measurement options */ c( "min-query-interval" arg /* Minimum query interval */ ) ), "delay" ( /* Delay measurement options */ c( "min-query-interval" arg /* Minimum query interval */ ) ) ) ) ) ), "lsp-ping-interval" arg /* Time interval between LSP ping messages */, "lsp-ping-multiplier" arg /* Number of ping reply missed before declaring BFD down */, "traceoptions" ( /* Trace options for MPLSOAM process */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "pipe" | "rpc-packet-details" | "database" | "network" | "traceroute" | "all")) /* Tracing parameters */.as(:oneline) ) ) ) end rule(:pf_mapping) do arg.as(:arg) ( c( "destined-port" ( /* Port forwarding mappings */ s( arg, "translated-port" arg /* Translated port */ ) ).as(:oneline) ) ) end rule(:pfcp_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("configuration" | "decode" | "encode" | "general" | "heartbeat" | "request-cache" | "operational-commands" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:pgcp_gateway_object) do arg.as(:arg) ( c( "gateway-address" ( /* Local Gateway IP address */ ipv4addr /* Local Gateway IP address */ ), "routing-instance" ( /* Routing instance */ (arg | "inet.0") ), "gateway-port" arg /* Local Gateway transport port */, "cleanup-timeout" arg /* When expires the PG will clean its gate state (Applicable in disconnections) */, "service-state" ( /* Service state */ ("in-service" | "out-of-service-forced" | "out-of-service-graceful") ), "h248-timers" ( pgcp_h248_timers_object ), "h248-properties" ( pgcp_h248_properties_object ), "h248-options" ( pgcp_h248_options_object ), "max-concurrent-calls" arg /* Maximum number of concurrent calls */, "gateway-controller" ( pgcp_controller_object ), "monitor" ( /* Monitor voice traffic */ c( "media" ( /* Monitor media traffic */ c( "rtp" /* Monitor RTP traffic */, "rtcp" /* Monitor RTCP traffic */ ) ) ) ), "graceful-restart" ( c( "maximum-synchronization-time" arg /* Maximum time for synchronization procedure with the PIC */, "maximum-synchronization-mismatches" arg /* Maximum number of mismatches for synchronization procedure with the PIC */, "no-synchronization" /* Disable the synchronization procedure with the PIC */, "catchup-replication-delay" arg /* Delay between replication of new updates and catch-up */ ) ), "fast-update-filters" ( c( "maximum-terms" arg /* Maximum gate rate-limit terms to install at PFE */, "maximum-term-percentage" arg /* Maximum percentage of gates with rate-limit terms at PFE */ ) ), "session-mirroring" ( pgcp_gateway_session_mirroring_object ), "data-inactivity-detection" ( c( "inactivity-delay" arg /* Delay before data inactivity detection starts */, "latch-deadlock-delay" arg /* Delay value used for gates employing NAPT traversal */, "send-notification-on-delay" /* Send inactivity notification when delay expires */, "inactivity-duration" arg /* Default data inactivity duration (Q-MI) */, "stop-detection-on-drop" /* Stop detection when gate action is set to drop */, "no-rtcp-check" /* Do not detect data inactivity on rtcp stream */, "report-service-change" ( /* Configure the data-inactivity service-change behavior */ c( "service-change-type" ( /* Configure the service-change type to be sent upon data-inactivity */ ("forced-910" | "forced-906") ) ) ) ) ), "overload-control" ( c( "queue-limit-percentage" arg /* Overload control queue limit percentage */, "reject-new-calls-threshold" arg /* Overload control reject new calls threshold */, "reject-all-commands-threshold" arg /* Overload control reject all commands threshold */, "queue-maximum-length" arg /* Overload control queue maximum length */, "error-code" arg /* Overload control error code */ ) ), "platform" ( /* Define the platform on which the gateway should be activated */ c( c( "routing-engine" /* The gateway should be activated on the RE */, "device" ( /* The gateway should be activated on a services device */ interface_device /* The gateway should be activated on a services device */ ) ) ) ), "ipsec-transport-security-association" arg /* IPsec transport security association name */ ) ) end rule(:pgcp_controller_object) do arg.as(:arg) ( c( "controller-address" ( /* Gateway controller IP address */ ipv4addr /* Gateway controller IP address */ ), "controller-port" arg /* Gateway controller port */, "interim-ah-scheme" ( pgcp_interim_ah_scheme_object ), c( "remote-controller" /* The gateway controller is remote */, "local-controller" arg /* The gateway controller is local */ ) ) ) end rule(:pgcp_gateway_session_mirroring_object) do c( "delivery-function" arg /* Session-mirroring delivery functions */, "disable-session-mirroring" /* Disable session mirroring for this gateway */ ) end rule(:pgcp_h248_options_object) do c( "service-change" ( pgcp_h248_service_change_object ), "audit-observed-events-returns" /* Activation of history buffer for audit observed events */, "encoding" ( c( "no-octet-string-bit-mirroring" /* No octet string bit mirroring */, "no-dscp-bit-mirroring" /* No DSCP bit mirroring */, "use-lower-case" /* Encode H248 message in lower case */ ) ), "h248-profile" ( c( "profile-name" arg /* The H.248 profile declared by the BGF */, "profile-version" arg /* The H.248 profile-version declared by the BGF */ ) ), "accept-emergency-calls-while-graceful" /* Accept emergency calls while BGF is in OOS gracefull state */, "implicit-tcp-latch" /* Latch implicitly upon TCP transport usage */, "implicit-tcp-source-filter" /* Implicitly filter TCP source addresses */ ) end rule(:pgcp_h248_service_change_object) do c( "control-association-indications" ( /* Control association indications */ control_association_indications_object /* Control association indications */ ), "virtual-interface-indications" ( /* Virtual interface indications */ virtual_interface_indications_object /* Virtual interface indications */ ), "context-indications" ( /* Context indications */ context_indications_object /* Context indications */ ), "use-wildcard-response" /* Request short response to service-change messages */ ) end rule(:context_indications_object) do c( "state-loss" ( /* Configure state loss service change */ ("forced-915" | "forced-910" | "none") ) ) end rule(:control_association_indications_object) do c( "up" ( pgcp_association_up_object ), "down" ( pgcp_association_down_object ), "disconnect" ( pgcp_association_disconnect_object ) ) end rule(:pgcp_association_disconnect_object) do c( "reconnect" ( /* Configure reconnect service change */ ("disconnected-900" | "restart-902") ), "controller-failure" ( /* Configure controller failure service change */ ("restart-902" | "failover-909") ) ) end rule(:pgcp_association_down_object) do c( "administrative" ( /* Configure administrative service change */ ("forced-905" | "forced-908" | "none") ), "failure" ( /* Configure failure service change */ ("forced-904" | "forced-908" | "none") ), "graceful" ( /* Configure graceful service change */ ("none" | "graceful-905") ) ) end rule(:pgcp_association_up_object) do c( "failover-cold" ( /* Configure failover-cold service change */ ("restart-901" | "failover-920") ), "failover-warm" ( /* Configure failover-warm service change */ ("restart-902" | "failover-919") ), "cancel-graceful" ( /* Configure cancel-graceful service change */ ("none" | "restart-918") ) ) end rule(:pgcp_h248_properties_object) do c( "base-root" ( /* Setting H248 mg-mgc transaction time values */ pgcp_h248_base_root_object /* Setting H248 mg-mgc transaction time values */ ), "segmentation" ( pgcp_h248_segmentation_object ), "diffserv" ( pgcp_h248_diffserv_object ), "hanging-termination-detection" ( /* Enabling Hanging termination detection */ pgcp_h248_hangterm_object /* Enabling Hanging termination detection */ ), "traffic-management" ( /* Setting of h248 traffic management default values */ pgcp_h248_traffic_management_object /* Setting of h248 traffic management default values */ ), "notification-behavior" ( /* Setting of h248 Notify behavior values */ pgcp_h248_notification_behavior_object /* Setting of h248 Notify behavior values */ ), "application-data-inactivity-detection" ( /* Setting application data inactivity detection */ pgcp_h248_application_data_inactivity_detection_object /* Setting application data inactivity detection */ ), "event-timestamp-notification" ( /* Setting event timestamp notification */ pgcp_h248_event_timestamp_notification_object /* Setting event timestamp notification */ ), "inactivity-timer" ( /* Default values for inactivity timeout */ pgcp_h248_inactivity_timer_object /* Default values for inactivity timeout */ ) ) end rule(:pgcp_h248_application_data_inactivity_detection_object) do c( "ip-flow-stop-detection" ( /* Setting ip flow stop detection */ ("immediate-notify" | "regulated-notify") ) ) end rule(:pgcp_h248_event_timestamp_notification_object) do c( "request-timestamp" ( /* Notification timestamp */ ("requested" | "suppressed" | "autonomous") ) ) end rule(:pgcp_h248_hangterm_object) do c( "timerx" arg /* Setting timerx value */ ) end rule(:pgcp_h248_inactivity_timer_object) do c( "inactivity-timeout" ( c( "detect" /* Enable/Disable inactivity timer detection */, "maximum-inactivity-time" ( c( "default" arg /* Default maximum inactivity timeout */, "minimum" arg /* Minimum range for maximum inactivity timeout */, "maximum" arg /* Maximum range for maximum inactivity timeout */ ) ) ) ) ) end rule(:pgcp_h248_notification_behavior_object) do c( "notification-regulation" ( c( "default" arg /* Default suppression percentage of Notification behavior Regulation */ ) ) ) end rule(:pgcp_h248_base_root_object) do c( "normal-mg-execution-time" ( /* MG transaction response time expected by MGC. */ c( "default" arg, "minimum" arg /* Minimum range of execution time value */, "maximum" arg /* Maximum range of execution time value */ ) ), "mg-provisional-response-timer-value" ( /* MG pending response time upon incomplete transaction. */ c( "default" arg, "minimum" arg /* Minimum range of timers value */, "maximum" arg /* Maximum range of timer value */ ) ), "mg-originated-pending-limit" ( /* Max MG TransactionPendings num recieved. */ c( "default" arg, "minimum" arg /* Minimum range of pending limit value */, "maximum" arg /* Maximum range of pending limit value */ ) ), "normal-mgc-execution-time" ( /* MGC transaction response time expected by MG. */ c( "default" arg, "minimum" arg /* Minimum range of execution time value */, "maximum" arg /* Maximum range of execution time value */ ) ), "mgc-provisional-response-timer-value" ( /* MGC pending response time upon incomplete transaction. */ c( "default" arg, "minimum" arg /* Minimum range of timers value */, "maximum" arg /* Maximum range of timers value */ ) ), "mgc-originated-pending-limit" ( /* Max MGC TransactionPendings num recieved. */ c( "default" arg, "minimum" arg /* Minimum range of pending limit value */, "maximum" arg /* Maximum range of pending limit value */ ) ) ) end rule(:pgcp_h248_diffserv_object) do c( "dscp" ( /* Differentiated Services Code Point (DSCP) */ c( "default" ( ("do-not-change" | "af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "nc1" | "nc2" | "be" | arg) ), "ignore-signaled-value" /* Ignore property value appearing in H.248 signaling */ ) ) ) end rule(:pgcp_h248_segmentation_object) do c( "mgc-segmentation-timer" ( /* Time the MG waits for remaining segments from MGC */ c( "default" arg, "minimum" arg /* Minimum range of timer value */, "maximum" arg /* Maximum range of timer value */ ) ), "mgc-maximum-pdu-size" ( /* Maximum size of the MGC's incoming messages from MG */ c( "default" arg, "minimum" arg /* Minimum range of pdu size value */, "maximum" arg /* Maximum range of pdu size value */ ) ), "mg-segmentation-timer" ( /* Time the MGC waits for remaining segments from MGC */ c( "default" arg, "minimum" arg /* Minimum range of timer value */, "maximum" arg /* Maximum range of timer value */ ) ), "mg-maximum-pdu-size" ( /* Maximum size of the MG's incoming messages from MGC */ c( "default" arg, "minimum" arg /* Minimum range of pdu size value */, "maximum" arg /* Maximum range of pdu size value */ ) ) ) end rule(:pgcp_h248_timers_object) do c( "maximum-waiting-delay" arg /* Randomly determined delay before retraversing PGC list (MWD) */, "tmax-retransmission-delay" arg /* Delay before PGC is considered down (T-MAX) */, "initial-average-ack-delay" arg /* Assumed initial average reply time (for retransmission rate) (I-AAD) */, "maximum-net-propagation-delay" arg /* Worst case network propagation delay (M-NPD), used for calculating LONG-TIMER */ ) end rule(:pgcp_h248_traffic_management_object) do c( "sustained-data-rate" ( /* SDR permitted for the stream */ c( "default" arg /* Default rate value */, "minimum" arg /* Minimum range of rate value */, "maximum" ( /* Maximum range of rate value */ enum(arg) ), "rtcp" ( /* Default rtcp rate */ pgcp_h248_rtcp_rate_units_object /* Default rtcp rate */ ), "rtcp-include" /* TMAN SDR includes RTCP bandwidth */ ) ), "peak-data-rate" ( /* PDR permitted for the stream */ c( "default" arg /* Default rate value */, "minimum" arg /* Minimum range of rate value */, "maximum" ( /* Maximum range of rate value */ enum(arg) ), "rtcp" ( /* Default rtcp rate */ pgcp_h248_rtcp_rate_units_object /* Default rtcp rate */ ) ) ), "max-burst-size" ( /* MBS for the stream */ c( "default" arg /* Default rate value */, "minimum" arg /* Minimum range of rate value */, "maximum" ( /* Maximum range of rate value */ enum(arg) ), "rtcp" ( /* Default rtcp rate */ pgcp_h248_rtcp_burst_units_object /* Default rtcp rate */ ) ) ) ) end rule(:pgcp_h248_rtcp_burst_units_object) do c( c( "percentage" arg /* Value entered is percentage of RTP's parallel value */, "fixed-value" arg /* Value entered is a fixed one */ ) ) end rule(:pgcp_h248_rtcp_rate_units_object) do c( c( "percentage" arg /* Value entered is percentage of RTP's parallel value */, "fixed-value" arg /* Value entered is a fixed one */ ) ) end rule(:pgcp_interim_ah_scheme_object) do c( "algorithm" ( /* Define authentication algorithm */ ("hmac-null") ) ) end rule(:pgcp_media_service_object) do arg.as(:arg) ( c( "nat-pool" arg /* Pool name */ ) ) end rule(:pgcp_rule_object) do arg.as(:arg) ( c( "gateway" arg /* Gateway Name */, c( "media-service" arg /* One or more PGCP media service */, "nat-pool" arg /* One or more nat pools */ ) ) ) end rule(:pgcp_session_mirroring_object) do c( "delivery-function" ( /* Interface for delivering mirrored packets */ pgcp_delivery_function_object /* Interface for delivering mirrored packets */ ), "disable-session-mirroring" /* Disable PGCP session mirroring */ ) end rule(:pgcp_delivery_function_object) do arg.as(:arg) ( c( "destination-address" ( /* Delivery function destination IP address */ ipv4addr /* Delivery function destination IP address */ ), "destination-port" arg /* Delivery function destination port */, "network-operator-id" arg /* Network operator ID */, "source-address" ( /* Network-element-id */ ipv4addr /* Network-element-id */ ), "source-port" arg /* Network-element-port */, "memory-managment" ( /* Measure memory usage */ pgcp_debug_mem_mgmt_object /* Measure memory usage */ ) ) ) end rule(:pgcp_debug_mem_mgmt_object) do c( "operational-mode" ( /* Memory managment operation mode */ ("fast" | "type-tracking" | "location-tracking") ) ) end rule(:pgcp_virtual_interface_object) do arg.as(:arg) ( c( "routing-instance" ( /* Routing instance of server to which to forward */ (arg | "inet.0") ), "service-state" ( /* Service state */ ("in-service" | "out-of-service-forced" | "out-of-service-graceful") ), c( "media-service" arg /* One or more PGCP media service */, "nat-pool" arg /* One or more nat pools */ ), "interface" ( /* Interface name */ interface_name /* Interface name */ ) ) ) end rule(:pim_bootstrap_options_type) do c( "priority" arg /* Eligibility to be the bootstrap router */, "import" ( /* Bootstrap import policy */ policy_algebra /* Bootstrap import policy */ ), "export" ( /* Bootstrap export policy */ policy_algebra /* Bootstrap export policy */ ) ) end rule(:pim_filter_obj) do c( "match-on" ( /* Argument on which to match */ ("prefix") ), "policy" ( /* Filter policy */ policy_algebra /* Filter policy */ ) ).as(:oneline) end rule(:pim_rp_group_range_type) do arg.as(:arg) ( c( "nexthop-hold-time" arg /* Nexthop hold time in milliseconds */ ) ) end rule(:pm_rspan_bridge_domain) do arg.as(:arg) end rule(:pm_rspan_vlan) do arg.as(:arg) ( c( "no-tag" /* Removes extra RSPAN tag from mirrored packets */ ) ) end rule(:pm_family_input_type) do c( "rate" arg /* Ratio of packets to be sampled (1 out of N) */, "run-length" arg /* Number of samples after initial trigger */, "maximum-packet-length" arg /* Maximum length of the mirrored packet */ ) end rule(:pmond_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("events" | "heartbeat" | "process-tracking" | "ui" | "all")) /* Area of process health monitor to enable debugging output */.as(:oneline) ) end rule(:port_range) do arg.as(:arg) ( c( "maximum-port" arg /* Maximum port in the port range */ ) ).as(:oneline) end rule(:ppp_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("access" | "address-pool" | "auth" | "chap" | "pap" | "config" | "ifdb" | "lcp" | "memory" | "message" | "mlppp" | "ncp" | "ppp" | "radius" | "redundancy" | "rtsock" | "session" | "signal" | "timer" | "ui" | "ci" | "all")) /* Area of PPP process to enable debugging output */.as(:oneline) ) end rule(:ppp_options_type) do c( "dynamic-profile" arg /* Dynamic profile name */, "chap" ( /* Challenge Handshake Authentication Protocol options */ c( c( "access-profile" arg /* Profile containing client list and access parameters */, "default-chap-secret" ( /* Default CHAP secret to be used when no matching access profile exists */ unreadable /* Default CHAP secret to be used when no matching access profile exists */ ) ), "local-name" arg /* Name sent in CHAP-Challenge and CHAP-Response */, "no-rfc2486" /* RFC2486 compliance is not enforced */, "passive" /* Handle incoming CHAP requests only */, "challenge-length" ( /* CHAP challenge length */ sc( "minimum" arg /* Minimum CHAP challenge length */, "maximum" arg /* Maximum CHAP challenge length */ ) ).as(:oneline) ) ), "pap" ( /* Password Authentication Protocol options */ c( c( "access-profile" arg /* Profile containing client list and access parameters */, "default-password" ( /* Default PAP password used in the absence of matching profile */ unreadable /* Default PAP password used in the absence of matching profile */ ) ), "local-name" arg /* Name sent in PAP request packet */, "no-rfc2486" /* RFC2486 compliance is not enforced */, "local-password" ( /* Password sent in PAP request packet */ unreadable /* Password sent in PAP request packet */ ), "passive" /* Do not handle PAP authentication requests */ ) ), "authentication" ( /* Order in which PPP authentication protocols are negotiated */ ("pap" | "chap") ), "compression" ( /* Set compression options */ sc( "acfc" /* Negotiate Address/Control field compression */, "pfc" /* Negotiate Protocol field compression */ ) ).as(:oneline), "lcp-restart-timer" arg /* LCP restart timer */, "ncp-restart-timer" arg /* NCP restart timer */, "no-termination-request" /* Don't send PPP termination requests */, "loopback-clear-timer" arg /* Loopback clear timer */, "lcp-max-conf-req" arg /* Maximum LCP Conf-Req to be sent, 0 means infinite */, "ncp-max-conf-req" arg /* Maximum NCP Conf-Req to be sent, 0 means infinite */, "on-demand-ip-address" /* Enable On-Demand IPv4 address allocation and de-allocation */, "aaa-options" arg /* Attach AAA options name to dynamic-profile */, "initiate-ncp" ( /* Enable server initiated NCP */ c( "ip" /* Enable server initiated IPNCP */, "ipv6" /* Enable server initiated IPv6NCP */, "dual-stack-passive" /* Disable server initiated IPNCP/IPv6NCP for dual-stack client */ ) ), "mru" arg /* The Maximum Receive Unit size in bytes */, "mtu" ( /* The Maximum Transfer Unit size in bytes */ ("use-lower-layer" | arg) ), "peer-ip-address-optional" /* Set Peer IP Address Optional in IP NCP Negotiations */, "ipcp-suggest-dns-option" /* Suggest peer to negotiate with DNS Addresses options */, "ignore-magic-number-mismatch" /* Ignore magic-number validation failure in LCP keepalive */, "local-authentication" ( /* Local Authentication Protocol options */ local_auth_type /* Local Authentication Protocol options */ ), "lcp-connection-update" /* Enable LCP connection update request to peer */ ) end rule(:local_auth_type) do c( "password" arg /* Username password */, "username-include" ( /* Add username options */ c( "mac-address" /* Include MAC address */, "circuit-id" /* Include circuit-id */, "remote-id" /* Include remote-id */, "domain-name" arg /* Domain name */, "delimiter" arg /* Delimiter/separator character */ ) ) ) end rule(:pppoe_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("config" | "events" | "gres" | "init" | "interface-db" | "memory" | "protocol" | "rtsock" | "session-db" | "signal" | "state" | "stats" | "timer" | "ui" | "all")) /* Area of PPPoE process to enable debugging output */.as(:oneline), "filter" ( /* Trace filtering */ c( "aci" arg /* Regular expression to match ACI */, "ari" arg /* Regular expression to match ARI */, "service-name" arg /* Service name */, "underlying-interface" ( /* Underlying interface name */ ("$junos-underlying-interface" | arg) ), "user" ( /* Filter by user name */ c( arg ) ) ) ) ) end rule(:pppoe_options_type) do c( "underlying-interface" ( /* Underlying interface name */ ("$junos-underlying-interface" | arg) ), "idle-timeout" arg /* Time for which session can be idle (0 = forever) */, "access-concentrator" arg /* Name of the access concentrator (PPPoE server) */, "service-name" arg /* Service to be requested (from PPPoE server) */, "auto-reconnect" arg /* Time to reconnect after session terminates (0 = never) */, c( "server" /* PPPoE operates in server mode */, "client" /* PPPoE operates in client mode */ ), "ppp-max-payload" arg /* Specify the value of ppp-max-payload tag */ ) end rule(:pppoe_underlying_options_type) do c( "access-concentrator" arg /* Name of the access concentrator (PPPoE server) */, "direct-connect" /* Ignore received VS tags for PPPoE sessions */, "duplicate-protection" /* Disallow multiple PPPoE sessions to a single client */, "dynamic-profile" arg /* Attach dynamic-profile to interface */, "max-sessions" arg /* Maximum number of PPPoE sessions allowed on underlying interface */, "max-sessions-vsa-ignore" /* Ignore the max-sessions VSA */, "service-name-table" arg /* Attach Service Name Table to interface */, "short-cycle-protection" ( /* Enable short cycle protection on underlying interface */ c( "lockout-time-min" arg /* Minimum lockout time */, "lockout-time-max" arg /* Maximum lockout time */, "filter" ( /* Granularity of blocking filter */ ("aci") ) ) ) ) end rule(:prbs_config) do c( "enable-prbs" /* Enable PRBS test pattern generation and monitoring */, "no-enable-prbs" /* Don't enable PRBS test pattern generation and monitoring */, "direction" ( /* Direction of generated and received PRBS test signal */ ("local" | "line") ), "pattern" ( /* Pattern to use for PRBS test signal */ ("prbs-31" | "prbs-23" | "prbs-15" | "prbs-7") ), "invert" /* Invert the test pattern */, "no-invert" /* Don't invert the test pattern */ ) end rule(:prefix_action) do arg.as(:arg) ( c( "policer" arg /* Police the packet using a set of named policer */, "count" /* Enable counters */, "filter-specific" /* Filter specific, else term specific */, "subnet-prefix-length" arg /* Prefix length for the total address range */, c( "source-prefix-length" arg /* Source prefix range */, "destination-prefix-length" arg /* Destination prefix range */ ) ) ) end rule(:prefix_list_items) do arg.as(:arg) end rule(:profile_radius_server_name_object) do arg.as(:arg) ( c( "dns-query-interval" arg /* Frequency of RADIUS server name resolution */, "accounting-port" arg /* RADIUS server accounting port number */, "radsec-destination" arg /* RADSEC destination */, "port" arg /* RADIUS server authentication port number */, "preauthentication-port" arg /* RADIUS server preauthentication port number */, "dynamic-request-port" arg /* RADIUS client dynamic request port number */, "secret" ( /* Shared secret with the RADIUS server */ unreadable /* Shared secret with the RADIUS server */ ), "preauthentication-secret" ( /* Shared secret with the RADIUS server */ unreadable /* Shared secret with the RADIUS server */ ), "timeout" arg /* Request timeout period */, "retry" arg /* Retry attempts */, "accounting-timeout" arg /* Accounting request timeout period */, "accounting-retry" arg /* Accounting retry attempts */, "max-outstanding-requests" arg /* Maximum requests in flight to server */, "source-address" ( /* Use specified address as source address */ ipaddr /* Use specified address as source address */ ), "routing-instance" arg /* Use specified routing instance */ ) ) end rule(:profile_radius_server_object) do arg.as(:arg) ( c( "port" arg /* RADIUS server authentication port number */, "preauthentication-port" arg /* RADIUS server preauthentication port number */, "accounting-port" arg /* Port number to which to send RADIUS accounting messages */, "dynamic-request-port" arg /* RADIUS client dynamic request port number */, "secret" ( /* Shared secret with the RADIUS server */ unreadable /* Shared secret with the RADIUS server */ ), "preauthentication-secret" ( /* Shared secret with the RADIUS server */ unreadable /* Shared secret with the RADIUS server */ ), "timeout" arg /* Request timeout period */, "retry" arg /* Retry attempts */, "accounting-timeout" arg /* Accounting request timeout period */, "accounting-retry" arg /* Accounting retry attempts */, "max-outstanding-requests" arg /* Maximum requests in flight to server */, "source-address" ( /* Use specified address as source address */ ipaddr /* Use specified address as source address */ ), "routing-instance" arg /* Use specified routing instance */, "radsec-destination" arg /* RADSEC destination */ ) ) end rule(:programmable_rpd_type) do c( "traceoptions" ( /* Trace options */ c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("client" | "japi" | "routing-interface" | "route" | "normal" | "general" | "state" | "policy" | "task" | "timer" | "all")) /* Tracing parameters */.as(:oneline) ) ), "purge-timeout" ( /* Purge timeout for all programmable-rpd clients in seconds */ sc( c( "never" /* Client programmed objects are never purged */, arg ) ) ).as(:oneline), "client" arg ( /* Programmable-rpd client options */ c( "interface-notification" arg /* Interfaces for notification */ ) ), "rib-service" ( /* RIB service API options */ c( "dynamic-next-hop-interface" ( /* Update routes for next-hop interface changes */ c( ("disable") ) ) ) ) ) end rule(:proto_object) do arg.as(:arg) ( c( "tunable-name" ( /* Protocol tunable name */ tunable_object /* Protocol tunable name */ ) ) ) end rule(:protocol_attribute_type) do arg.as(:arg) ( c( "dhcp" ( /* DHCPv4 configurable attributes */ dhcp_attribute_type /* DHCPv4 configurable attributes */ ), "dhcpv6" ( /* DHCPv6 configurable attributes */ dhcp_attribute_type /* DHCPv6 configurable attributes */ ) ) ) end rule(:proxy_object) do c( "server" arg /* URL or IP address of the proxy server host */, "port" arg /* Proxy server port */, "username" arg /* Username as configured in the proxy server */, "password" ( /* Password as configured in the proxy server */ unreadable /* Password as configured in the proxy server */ ) ) end rule(:qualified_nh_obj) do arg.as(:arg) ( c( "preference" arg /* Preference of qualified next hop */, "metric" arg /* Metric of qualified next hop */, "interface" ( /* Interface of qualified next hop */ interface_name /* Interface of qualified next hop */ ), "mac-address" ( /* Next-hop Mac Address */ mac_unicast /* Next-hop Mac Address */ ), "tag" arg /* Tag string */, "bfd-liveness-detection" ( /* Bidirectional Forwarding Detection (BFD) options */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ), "authentication" ( /* Authentication options */ c( "key-chain" arg /* Key chain name */, "algorithm" ( /* Algorithm name */ ("simple-password" | "keyed-md5" | "meticulous-keyed-md5" | "keyed-sha-1" | "meticulous-keyed-sha-1") ), "loose-check" /* Verify authentication only if authentication is negotiated */ ) ), "neighbor" ( /* BFD neighbor address */ ipaddr /* BFD neighbor address */ ), "local-address" ( /* BFD local address (for multihop only) */ ipaddr /* BFD local address (for multihop only) */ ), "holddown-interval" arg /* Time to hold the session-UP notification to the client */, "minimum-receive-ttl" arg /* Minimum receive TTL below which to drop */ ) ) ) ) end rule(:r2cp_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("configuration" | "event" | "interface" | "node" | "packet" | "rtsock" | "session" | "socket" | "timer" | "virtual-channel" | "all")) /* Area of R2CP process to enable debugging output */.as(:oneline) ) end rule(:radius_disconnect_object) do arg.as(:arg) ( c( "secret" ( /* Secret with which to authenticate RADIUS client sending disconnect requests */ unreadable /* Secret with which to authenticate RADIUS client sending disconnect requests */ ) ) ) end rule(:radius_server_object) do arg.as(:arg) ( c( "routing-instance" arg /* Routing instance */, "port" arg /* RADIUS server authentication port number */, "preauthentication-port" arg /* RADIUS server preauthentication port number */, "accounting-port" arg /* RADIUS server accounting port number */, "dynamic-request-port" arg /* RADIUS client dynamic request port number */, "secret" ( /* Shared secret with the RADIUS server */ unreadable /* Shared secret with the RADIUS server */ ), "preauthentication-secret" ( /* Shared secret with the RADIUS server */ unreadable /* Shared secret with the RADIUS server */ ), "timeout" arg /* Request timeout period */, "retry" arg /* Retry attempts */, "accounting-timeout" arg /* Accounting request timeout period */, "accounting-retry" arg /* Accounting retry attempts */, "max-outstanding-requests" arg /* Maximum requests in flight to server */, "source-address" ( /* Use specified address as source address */ ipaddr /* Use specified address as source address */ ) ) ) end rule(:radius_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("send" | "send-detail" | "receive" | "receive-detail" | "timeout" | "state" | "all")) /* Tracing parameters */.as(:oneline), "server" arg /* Trace packet sent to or received from the server[s] */, "client" arg /* Trace packet sent to or received from the client[s] */, "snoop-segment" arg /* Trace packet related to snoop-segment */ ) end rule(:radius_options_vlan_type) do c( "nas-port-options" arg ( /* Attach NAS Port options to VLAN/SVLAN ranges */ c( "nas-port-type" ( /* Configure NAS port type */ ("async" | "sync" | "isdn-sync" | "isdn-v120" | "isdn-v110" | "virtual" | "piafs" | "hdlc-clear-channel" | "x25" | "x75" | "g3-fax" | "sdsl" | "adsl-cap" | "adsl-dmt" | "idsl" | "ethernet" | "xdsl" | "cable" | "wireless" | "wireless-ieee80211" | "token-ring" | "fddi" | "wireless-cdma2000" | "wireless-umts" | "wireless-1x-ev" | "iapp" | arg) ), "nas-port-extended-format" ( /* Configure NAS port format */ c( "ae-width" arg /* Number of bits for the aggregated ethernet identifier field */, "slot" arg /* Value to write to the slot field */, "slot-width" arg /* Number of bits for the slot field */, "adapter" arg /* Value to write to the adapter field */, "adapter-width" arg /* Number of bits for the adapter field */, "port" arg /* Value to write to the port field */, "port-width" arg /* Number of bits for the port field */, "pw-width" arg /* Number of bits for the pseudo-wire field */, "stacked-vlan-width" arg /* Number of bits for the S-VLAN subinterface field */, "vlan-width" arg /* Number of bits for the VLAN subinterface field */, "stacked" /* Include the S-VLAN ID for subscribers on interfaces */, "vpi-width" arg /* Number of bits for the ATM VPI field */, "vci-width" arg /* Number of bits for the ATM VCI field */ ) ), "stacked-vlan-ranges" arg /* Configure interface based on stacked-vlan range */, "vlan-ranges" arg /* Configure interface based on vlan range */ ) ) ) end rule(:radsec_definition) do c( "destination" arg ( /* RADSEC destination configuration */ c( "address" ( /* Destination IP address */ ipaddr /* Destination IP address */ ), "dynamic-requests" ( /* Accept dynamic requests */ c( "source-address" ( /* Source address for dynamic requests */ ipaddr /* Source address for dynamic requests */ ), "source-port" arg /* Source port for dynamic requests */, c( "logical-system" ( /* Logical system for dynamic requests */ sc( arg /* Name of logical system for dynamic requests */, "routing-instance" arg /* Routing instance for dynamic requests */ ) ).as(:oneline), "routing-instance" arg /* Routing instance for dynamic requests */ ) ) ), "id-reuse-timeout" arg /* Radius id may be reused after this timeout */, c( "logical-system" ( /* Logical system to be used */ sc( arg /* Name of logical system */, "routing-instance" arg /* Routing instance to be used */ ) ).as(:oneline), "routing-instance" arg /* Routing instance to be used */ ), "max-tx-buffers" arg /* Maximum number of tx-buffers */, "port" arg /* Desitnaion port */, "source-address" ( /* Source IP address for destination */ ipaddr /* Source IP address for destination */ ), "tls-certificate" arg /* TLS certificate */, "tls-force-ciphers" ( ("medium" | "low") ), "tls-min-version" ( ("v1.1" | "v1.2") ), "tls-peer-name" arg /* Expected peer fdqn */, "tls-timeout" arg /* Limit on tls handshake time */ ) ) ) end rule(:reconfigure_trigger_type) do c( "radius-disconnect" /* Trigger DHCP reconfigure by radius initiated disconnect */ ) end rule(:reconfigure_type) do c( "clear-on-abort" /* Delete client on reconfiguration abort */, "attempts" arg /* Number of reconfigure attempts before aborting */, "timeout" arg /* Initial timeout value for retry */, "token" arg /* Reconfigure token */, "trigger" ( /* DHCP reconfigure trigger */ reconfigure_trigger_type /* DHCP reconfigure trigger */ ), "support-option-pd-exclude" /* Request prefix exclude option in reconfigure message */ ) end rule(:redundancy_group_type) do arg.as(:arg) ( c( "redundancy-group-id" arg /* Redundancy Group ID */, "protocol" ( /* Redundancy-group Protocol */ c( "evpn" ( /* EVPN Redundancy Group */ c( "peer-ip" ( /* Peer chassis IPs for EVPN Cluster */ ipv4addr /* Peer chassis IPs for EVPN Cluster */ ), "local-ip" ( /* Local chassis IP for EVPN Cluster */ ipv4addr /* Local chassis IP for EVPN Cluster */ ), "routing-instance" arg /* Name of routing instance for EVPN Cluster */ ) ) ) ), "peer-chassis-id" arg ( /* Peer Chassis ID */ c( "no-auto-vlan-provisioning" /* Disable auto VLAN provisioning on inter-chassis-link */, "inter-chassis-link" ( /* ICL interface name */ interface_device /* ICL interface name */ ), "no-auto-iccp-provisioning" /* Disable auto ICCP provisioning */, "session-establishment-hold-time" arg /* Time within which connection must succeed with this peer */, "liveness-detection" ( /* Bidirectional Forwarding Detection options for the peer */ c( "version" ( /* BFD protocol version number */ ("0" | "1" | "automatic") ), "minimum-interval" arg /* Minimum transmit and receive interval */, "minimum-transmit-interval" arg /* Minimum transmit interval */, "minimum-receive-interval" arg /* Minimum receive interval */, "multiplier" arg /* Detection time multiplier */, c( "no-adaptation" /* Disable adaptation */ ), "transmit-interval" ( /* Transmit-interval options */ c( "minimum-interval" arg /* Minimum transmit interval */, "threshold" arg /* High transmit interval triggering a trap */ ) ), "detection-time" ( /* Detection-time options */ c( "threshold" arg /* High detection-time triggering a trap */ ) ) ) ), "authentication-key" arg /* MD5 authentication key */, "traceoptions" ( /* Trace options for ICCP */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("error" | "event" | "packet" | "pipe" | "pipe-detail" | "all")) /* Trace flag information */.as(:oneline) ) ) ) ), "satellite" arg /* Satellite slot-id or range or all */, "system-mac-address" ( /* System MAC address */ mac_unicast /* System MAC address */ ), "cluster" arg /* Cluster member of redundancy-group */ ) ) end rule(:registration_policy_type) do arg.as(:arg) ( c( "term" arg ( /* Term definition */ c( "from" ( /* From action */ new_transaction_from_type /* From action */ ), "then" ( /* Action */ new_registration_then_type /* Action */ ) ) ) ) ) end rule(:new_registration_then_type) do c( "nat-traversal" ( /* How to traverse NAT devices */ nat_traversal_action /* How to traverse NAT devices */ ) ) end rule(:nat_traversal_action) do c( "nat-traversal-strategy" ( /* Choose when to perform NAT traversal */ ("never" | "always" | "by-via") ), "keepalive-interval" arg /* Keepalive interval */, "minimum-registration-interval" arg /* Minimum registration interval allowed in register packet */, "keepalive-mechanisms" ( /* A prioritized list of keepalive mechanisms */ c( "register-fast-expiration" /* Reduce the expiration interval in REGISTER responses */ ) ) ) end rule(:new_transaction_from_type) do c( "source-address" ( /* Source addresses and masks */ ipaddr /* Source addresses and masks */ ), "method" ( /* Methods */ transaction_method_type /* Methods */ ), "request-uri" ( /* Request URI field */ sc( "regular-expression" ( /* Regular expression matched on incoming Request-URI */ regular_expression /* Regular expression matched on incoming Request-URI */ ), "registration-state" ( /* Registration state */ ("registered" | "not-registered") ), "uri-hiding" ( /* URI hidden */ ("hidden-uri" | "not-hidden-uri") ) ) ).as(:oneline), "contact" ( /* Contact field */ sc( "regular-expression" ( /* Regular expression matched on incoming contact */ regular_expression /* Regular expression matched on incoming contact */ ), "registration-state" ( /* Registration state */ ("registered" | "not-registered") ), "uri-hiding" ( /* URI hidden */ ("hidden-uri" | "not-hidden-uri") ) ) ).as(:oneline) ) end rule(:relay_active_leasequery_v4_type) do c( "topology-discover" /* Topology discovery */, "peer-address" arg /* Server ip address */, "timeout" arg /* Read/write timeout in seconds */, "idle-timeout" arg /* Idle timeout in seconds */ ) end rule(:relay_active_leasequery_v6_type) do c( "topology-discover" /* Topology discovery */, "timeout" arg /* Read/write timeout in seconds */, "idle-timeout" arg /* Idle timeout in seconds */, "peer-address" arg /* Peer ipv6 address */ ) end rule(:relay_bulk_leasequery_v4_type) do c( "attempts" arg /* Number of retry attempts */, "timeout" arg /* Number of seconds */ ) end rule(:relay_bulk_leasequery_v6_type) do c( "attempts" arg /* Number of retry attempts */, "timeout" arg /* Number of seconds */, "trigger" ( /* Trigger for bulk leasequery */ sc( "automatic" /* Trigger automatically */ ) ).as(:oneline) ) end rule(:relay_leasequery_type) do c( "attempts" arg /* Number of retry attempts */, "timeout" arg /* Number of seconds */ ) end rule(:relay_option_60_type_group) do c( "vendor-option" ( /* Add vendor option */ c( "equals" ( /* Option 60 equals */ relay_option_60_match_group /* Option 60 equals */ ), "not-equals" ( /* Option 60 does not equal */ relay_option_60_match_group /* Option 60 does not equal */ ), "starts-with" ( /* Option 60 starts with */ relay_option_60_match_group /* Option 60 starts with */ ), c( "default-relay-server-group" arg /* Name of DHCP relay server group when match is not made */, "default-local-server-group" arg /* Name of DHCP local server group when match is not made */, "drop" /* Discard when a match is not made */, "forward-only" /* Forward without subscriber services when a match is not made */ ) ) ) ) end rule(:relay_option_60_match_group) do c( "ascii" arg ( /* ASCII string */ c( c( "relay-server-group" arg /* Name of DHCP relay server group when match is made */, "local-server-group" arg /* Name of DHCP local server group when match is made */, "drop" /* Discard when a match is made */, "forward-only" /* Forward without subscriber services when a match is made */ ) ) ), "hexadecimal" arg ( /* Hexadecimal string */ c( c( "relay-server-group" arg /* Name of DHCP relay server group when match is made */, "local-server-group" arg /* Name of DHCP local server group when match is made */, "drop" /* Discard when a match is made */, "forward-only" /* Forward without subscriber services when a match is made */ ) ) ) ) end rule(:relay_option_60_type_top) do c( "vendor-option" ( /* Add vendor option */ c( "equals" ( /* Option 60 equals */ relay_option_60_match_top /* Option 60 equals */ ), "not-equals" ( /* Option 60 does not equal */ relay_option_60_match_top /* Option 60 does not equal */ ), "starts-with" ( /* Option 60 starts with */ relay_option_60_match_top /* Option 60 starts with */ ), c( "default-relay-server-group" arg /* Name of DHCP relay server group when match is not made */, "default-local-server-group" arg /* Name of DHCP local server group when match is not made */, "drop" /* Discard when a match is not made */, "forward-only" /* Forward without subscriber services when a match is not made */ ) ) ) ) end rule(:relay_option_60_match_top) do c( "ascii" arg ( /* ASCII string */ c( c( "relay-server-group" arg /* Name of DHCP relay server group when match is made */, "local-server-group" arg /* Name of DHCP local server group when match is made */, "drop" /* Discard when a match is made */, "forward-only" /* Forward without subscriber services when a match is made */ ) ) ), "hexadecimal" arg ( /* Hexadecimal string */ c( c( "relay-server-group" arg /* Name of DHCP relay server group when match is made */, "local-server-group" arg /* Name of DHCP local server group when match is made */, "drop" /* Discard when a match is made */, "forward-only" /* Forward without subscriber services when a match is made */ ) ) ) ) end rule(:relay_option_82_type) do c( "circuit-id" ( /* Add circuit identifier */ c( "prefix" ( /* Add prefix to circuit/interface-id or remote-id */ c( "host-name" /* Add router host name to circuit / interface-id or remote-id */, "logical-system-name" /* Add logical system name to circuit / interface-id or remote-id */, "routing-instance-name" /* Add routing instance name to circuit / interface-id or remote-id */ ) ), "use-interface-description" ( /* Use interface description instead of circuit identifier */ ("logical" | "device") ), "use-vlan-id" /* Use VLAN id instead of name */, "vlan-id-only" /* Use only VLAN id */, "no-vlan-interface-name" /* Not include vlan or interface name */, "include-irb-and-l2" /* Include IRB and L2 interface name */, "user-defined" /* Include user defined string */, "keep-incoming-circuit-id" /* Keep incoming circuit identifier */ ) ), "remote-id" ( /* Add remote identifier */ c( "prefix" ( /* Add prefix to circuit/interface-id or remote-id */ c( "host-name" /* Add router host name to circuit / interface-id or remote-id */, "logical-system-name" /* Add logical system name to circuit / interface-id or remote-id */, "routing-instance-name" /* Add routing instance name to circuit / interface-id or remote-id */ ) ), "use-interface-description" ( /* Use interface description instead of circuit identifier */ ("logical" | "device") ), "use-vlan-id" /* Use VLAN id instead of name */, "no-vlan-interface-name" /* Not include vlan or interface name */, "include-irb-and-l2" /* Include IRB and L2 interface name */, "hostname-only" /* Include hostname only */, "keep-incoming-remote-id" /* Keep incoming remote identifier */, "use-string" arg /* Use raw string instead of the default remote id */ ) ), "server-id-override" /* Add link-selection and server-id sub-options on packets to server */, "link-selection" /* Add link-selection suboption on packets to server */, "exclude-relay-agent-identifier" /* Exclude relay agent identifier from packets to server */, "vendor-specific" ( /* Add vendor-specific information */ jdhcp_vendor_specific_type /* Add vendor-specific information */ ).as(:oneline) ) end rule(:relay_v4_option_ascii_hex) do c( "ascii" arg ( /* ASCII string */ c( c( "relay-server-group" arg /* Name of DHCP relay server group when match is made */, "local-server-group" arg /* Name of DHCP local server group when match is made */, "drop" /* Discard when a match is made */, "forward-only" /* Forward without subscriber services when a match is made */ ) ) ), "hexadecimal" arg ( /* Hexadecimal string */ c( c( "relay-server-group" arg /* Name of DHCP relay server group when match is made */, "local-server-group" arg /* Name of DHCP local server group when match is made */, "drop" /* Discard when a match is made */, "forward-only" /* Forward without subscriber services when a match is made */ ) ) ) ) end rule(:relay_v6_option_ascii_hex) do c( "ascii" arg ( /* ASCII string */ c( c( "relay-server-group" arg /* Name of DHCP relay server group when match is made */, "drop" /* Discard when a match is made */, "forward-only" /* Forward without subscriber services when a match is made */ ) ) ), "hexadecimal" arg ( /* Hexadecimal string */ c( c( "relay-server-group" arg /* Name of DHCP relay server group when match is made */, "drop" /* Discard when a match is made */, "forward-only" /* Forward without subscriber services when a match is made */ ) ) ) ) end rule(:res_cleanupd_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("events" | "gencfg" | "module" | "sysvsem" | "sysvshm" | "tracking" | "ui" | "all")) /* Area of resource cleanup process to enable debugging output */.as(:oneline) ) end rule(:resource_monitor_type) do c( "resource-category" enum(("jtree")) ( /* Resource category */ c( "resource-type" enum(("free-pages" | "free-dwords" | "contiguous-pages")) ( /* Resource type */ c( "low-watermark" arg /* Low watermark limit percentage */, "high-watermark" arg /* High watermark limit percentage */ ) ) ) ), "traceoptions" ( /* Resource monitor trace options */ resource_monitor_traceoptions_type /* Resource monitor trace options */ ), "no-throttle" /* Disable throttling of subscribers and services based on resource utilization */, "no-load-throttle" /* Disable throttling of subscribers and services based on PFE load */, "no-logging" /* Disable logging of warning or error messages resource levels exceeded */, "high-threshold" arg /* High threshold percentage for resource utilization */, "high-cos-queue-threshold" arg /* High threshold percentage for cos queue utilization per scheduler */, "free-heap-memory-watermark" arg /* Watermark percentage for ukern heap resource utilization */, "free-nh-memory-watermark" arg /* Watermark percentage for NH resource utilization */, "free-fw-memory-watermark" arg /* Watermark percentage for Filter / Firewall resource utilization */, "subscribers-limit" ( /* Limit number of subscribers allowed to login */ c( "client-type" enum(("pppoe" | "dhcp" | "l2tp" | "any")) ( /* Subscriber client type */ c( "chassis" ( /* Max subscriers allowed in chassis */ c( "limit" arg /* Number of subscribers allowed */ ) ), "fpc" ( /* Limiting subscriber on fpc */ rsmon_fpc_type /* Limiting subscriber on fpc */ ) ) ) ) ) ) end rule(:resource_monitor_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("all")) /* Resource monitor operations to include in debugging trace */.as(:oneline) ) end rule(:resources_type) do c( "cpu" ( c( "priority" arg /* Highest priority (nice level) process can run at */, "time" arg /* Maximum amount of CPU time that can be accumulated */ ) ), "memory" ( c( "data-size" arg /* Maximum size of the data segment */, "locked-in" arg /* Maximum bytes that can be locked into memory */, "resident-set-size" arg /* Maximum amount of private physical memory at any given moment */, "socket-buffers" arg /* Maximum amount of physical memory that may be dedicated to socket buffers */, "stack-size" arg /* Maximum size of the stack segment */ ) ), "file" ( c( "size" arg /* Maximum size of a file that can be created */, "open" arg /* Maximum number of simultaneous open files */, "core-size" arg /* Maximum size of a core file that can be created */ ) ) ) end rule(:rib_inet3) do c( "inet.3" /* Use inet.3 to exchange labeled unicast routes */ ) end rule(:rib_aggregate_type) do c( "defaults" ( /* Global route options */ c( "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ), "discard" /* Drop packets to destination; send no ICMP unreachables */, "next-table" arg /* Next hop to another table */, c( "brief" /* Include longest common sequences from contributing paths */, "full" /* Include all AS numbers from all contributing paths */ ), c( "active" /* Remove inactive route from forwarding table */, "passive" /* Retain inactive route in forwarding table */ ) ) ), "route" arg ( /* Individual route options */ c( "policy" ( /* Policy filter */ policy_algebra /* Policy filter */ ), "metric" ( /* Metric value */ rib_static_metric_type /* Metric value */ ), "metric2" ( /* Metric value 2 */ rib_static_metric_type /* Metric value 2 */ ), "metric3" ( /* Metric value 3 */ rib_static_metric_type /* Metric value 3 */ ), "metric4" ( /* Metric value 4 */ rib_static_metric_type /* Metric value 4 */ ), "tag" ( /* Tag string */ rib_static_metric_type /* Tag string */ ), "tag2" ( /* Tag string 2 */ rib_static_metric_type /* Tag string 2 */ ), "preference" ( /* Preference value */ rib_static_metric_type /* Preference value */ ), "preference2" ( /* Preference value 2 */ rib_static_metric_type /* Preference value 2 */ ), "color" ( /* Color (preference) value */ rib_static_metric_type /* Color (preference) value */ ), "color2" ( /* Color (preference) value 2 */ rib_static_metric_type /* Color (preference) value 2 */ ), "community" ( /* BGP community identifier */ community /* BGP community identifier */ ), "as-path" ( /* Autonomous system path */ c( "path" arg /* Autonomous system path */, "origin" ( ("igp" | "egp" | "incomplete") ), "atomic-aggregate" /* Add ATOMIC_AGGREGATE path attribute to route */, "aggregator" ( /* Add AGGREGATOR path attribute to route */ c( arg /* Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format */, ipv4addr /* Address of BGP system that formed the route */ ) ) ) ), "discard" /* Drop packets to destination; send no ICMP unreachables */, "next-table" arg /* Next hop to another table */, c( "brief" /* Include longest common sequences from contributing paths */, "full" /* Include all AS numbers from all contributing paths */ ), c( "active" /* Remove inactive route from forwarding table */, "passive" /* Retain inactive route in forwarding table */ ) ) ) ) end rule(:rib_group_inet_type) do c( arg /* Name of the routing table group */ ).as(:oneline) end rule(:rib_group_type) do c( arg /* Name of the IPv4 routing table group */, "inet" arg /* Name of the IPv4 routing table group */, "inet3" arg /* Name of the IPv4 inet.3 routing table group */, "inet6" arg /* Name of the IPv6 routing table group */, "inet63" arg /* Name of the IPv6 inet6.3 routing table group */ ) end rule(:rib_static_metric_type) do c( arg /* Metric value */, "type" arg /* Metric type */ ).as(:oneline) end rule(:rip_filter_obj) do c( "match-on" ( /* Argument on which to match */ ("prefix") ), "policy" ( /* Filter policy */ policy_algebra /* Filter policy */ ) ).as(:oneline) end rule(:rmopd_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("configuration" | "ipc" | "ppm" | "rpd" | "info" | "statistics" | "error" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:rmps_clnt_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("infra" | "memory" | "communication" | "resource-tables" | "info-tables" | "redundancy" | "all")) /* Resource Management Packet Steering Client to trace */.as(:oneline) ) end rule(:rmpsd_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("config" | "gres" | "init" | "memory" | "communication" | "license-management" | "signal" | "state" | "timer" | "ui" | "resource-manager" | "info-manager" | "packet-steering" | "all")) /* Resource Management Packet Steering Area to trace */.as(:oneline) ) end rule(:route_filter_list_items) do s( arg, c( "exact" arg /* Exactly match the prefix length */, "longer" arg /* Mask is greater than the prefix length */, "orlonger" arg /* Mask is greater than or equal to the prefix length */, "upto" arg /* Mask falls between two prefix lengths */, "through" arg /* Route falls between two prefixes */, "prefix-length-range" arg /* Mask falls between two prefix lengths */, "address-mask" arg /* Mask applied to prefix address */ ), c( "label" ( /* Set label for BGP LU label allocation */ sc( c( "range" ( /* Label range */ sc( c( arg /* Label range in : format */ ) ) ).as(:oneline), arg ) ) ).as(:oneline), "get-route-range" /* Get the range */, "metric" ( /* Metric value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */, "igp" ( /* Track the IGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "minimum-igp" ( /* Track the minimum IGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "expression" ( /* Calculate value based on route metric and metric2 */ metric_expression_type /* Calculate value based on route metric and metric2 */ ), "aigp" /* Use aigp, if it exists, to set the IGP metric */, "effective-aigp" ( /* Track the effective AIGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "minimum-effective-aigp" ( /* Track the minimum effective AIGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline) ) ) ), "metric2" ( /* Metric value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "metric3" ( /* Metric value 3 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "metric4" ( /* Metric value 4 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "tag" ( /* Tag string */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "tag2" ( /* Tag string 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "preference" ( /* Preference value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "preference2" ( /* Preference value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "color" ( /* Color (preference) value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "color2" ( /* Color (preference) value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "local-preference" ( /* Local preference associated with a route */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "priority" ( /* Set priority for route installation */ ("high" | "medium" | "low") ), "prefix-segment" ( /* Set prefix segment attributes */ c( "algorithm" arg ( /* Set prefix segment attributes for strict/flex algorithm */ sc( "index" arg /* Set prefix segment index id */, "node-segment" /* Set node segment flag for this prefix segment */ ) ).as(:oneline), "index" arg /* Set prefix segment index id */, "node-segment" /* Set node segment flag for default prefix segment */ ) ), "label-allocation" ( /* Set label allocation mode */ ("per-table" | "per-nexthop" | "per-table-localize") ), "add-path" ( /* Set BGP add-path attributes */ sc( "send-count" arg /* Number of add-paths sent */ ) ).as(:oneline), "validation-state" ( /* Set validation-state of a route */ ("valid" | "invalid" | "unknown") ), "origin" ( /* BGP path origin */ ("igp" | "egp" | "incomplete") ), "aigp-originate" ( /* Originate a BGP AIGP attribute */ sc( "distance" arg /* AIGP distance */ ) ).as(:oneline), "aigp-adjust" ( /* Adjust a BGP AIGP attribute */ sc( c( "add", "subtract", "multiply", "divide" ), c( arg /* Adjustment value */, "distance-to-protocol-nexthop" /* Metric2 */ ) ) ).as(:oneline), "community" ( /* BGP community properties associated with a route */ s( c( "equal-literal" arg /* Set the BGP communities in the route */, "set" arg /* Set the BGP communities in the route */, "plus-literal" arg /* Add BGP communities to the route */, "add" arg /* Add BGP communities to the route */, "minus-literal" arg /* Remove BGP communities from the route */, "delete" arg /* Remove BGP communities from the route */ ), arg ) ).as(:oneline), "tunnel-attribute" ( /* BGP tunnel attribute associated with a route */ s( c( "set" arg /* Set BGP tunnel attribute in the route */, "remove" arg /* Remove BGP tunnel attribute from the route */ ), arg ) ).as(:oneline), "damping" arg /* Define BGP route flap damping parameters */, "aggregate-bandwidth" /* Advertise aggregate outbound link bandwidth */, "limit-bandwidth" arg /* Limit advertised aggregate outbound link bandwidth */, "no-entropy-label-capability" /* Don't advertise entropy label capability */, "as-path-prepend" arg /* Prepend AS numbers to an AS path (BGP only) */, "as-path-expand" ( /* Prepend AS numbers prior to adding local-as (BGP only) */ sc( c( "last-as" ( /* Prepend last AS */ sc( "count" arg /* Repeat count */ ) ).as(:oneline), arg /* AS path string */ ) ) ).as(:oneline), "next-hop" ( /* Set the address of the next-hop router */ sc( c( "self" /* Use a local address as the next-hop address */, "peer-address" /* Use the remote peer address as the next-hop address */, "reject" /* Use a reject next hop */, "discard" /* Use a discard next hop */, "next-table" arg /* Perform a forwarding lookup in the specified table */, ipaddr /* Next-hop address */ ) ) ).as(:oneline), "install-nexthop" ( /* Choose the next hop to be used for forwarding */ sc( c( "strict" /* Do not use any other available next hops */, "strict-named-lsp" /* Do not use any other non-lsp next hops */ ), c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "fallback" ( /* Backup option */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ) ) ) ) ) ) ), "fallback" ( /* Backup option */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ) ) ) ) ) ) ).as(:oneline), "trace" /* Log matches to a trace file */, "external" ( /* External route */ c( "type" arg /* OSPF external metric type */, "nssa-only" /* Clear P-bit on lsa type 7 */ ) ), "load-balance" ( /* Type of load balancing in forwarding table */ sc( c( "per-packet" /* Load balance on a per-packet basis */, "random" /* Load balance using packet random spray */, "per-prefix" /* Load balance on a per-prefix basis */, "consistent-hash" /* Give a prefix consistent load-balancing */, "source-ip-only" /* Give a source based ip load-balancing */, "destination-ip-only" /* Give a destination based ip load-balancing */ ) ) ).as(:oneline), "no-route-localize" /* Force route install on all fib-remote PFEs */, "install-to-fib" /* Install route to fib */, "no-install-to-fib" /* Don't install route to fib */, "analyze" /* Send to registered controllers for analysis */, "class" arg /* Set class-of-service parameters */, "destination-class" arg /* Set destination class in forwarding table */, "source-class" arg /* Set source class in forwarding table */, "forwarding-class" arg /* Set source or destination class in forwarding table */, "map-to-interface" ( /* Set output logical interface */ sc( c( "self" /* Map the interface to itself */, interface_name /* Output logical interface */ ) ) ).as(:oneline), "ssm-source" ( /* List of Sources for SSM mapping */ ipaddr /* List of Sources for SSM mapping */ ), "p2mp-lsp-root" ( /* P2mp lsp root address */ c( "address" ( /* Ipv4 root address */ ipv4addr /* Ipv4 root address */ ) ) ), "cos-next-hop-map" arg /* Set CoS-based next-hop map in forwarding table */, "dynamic-tunnel-attributes" arg /* Choose the dynamic tunnel attributes used for forwarding */, "tunnel-end-point-address" ( /* Set tunnel end-point address of tunnel */ ipaddr /* Set tunnel end-point address of tunnel */ ), "selected-mldp-egress" /* This node should act as egress node for MLDP inband signalling */, "mhop-bfd-port" /* Use port number 4784 for MPLS-BFD as per RFC5884 */, "no-backup" /* This prefix should not have backup */, "default-action" ( /* Set default policy action */ ("accept" | "reject") ), "next" ( /* Skip to next policy or term */ ("policy" | "term") ), c( "accept" /* Accept a route */, "reject" /* Reject a route */ ), "bgp-output-queue-priority" ( /* Set the BGP Update output queue priority. */ sc( c( "priority" arg /* Output queue priority; higher is better */, "expedited" /* Expedited queue; highest priority */ ) ) ).as(:oneline), "multipath-resolve" /* Use all paths for resolution over this prefix */, "source-routing-path-template" arg /* Spring-te template to apply */, "label-allocation-fallback-reject" /* Suppress prefix export when label allocation fails */, "resolution-map" arg /* Set resolution map modes */, "ignore-service-label" /* Ignore service labels */, "request-long-lived-ack" /* Advertise route after forwarding is programmed */, "send-withdrawal-on-route-change" /* Withdraw route if change is not acked from forwarding */ ) ) end rule(:route_record_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("parse" | "all")) /* Area of route-record to enable debuging output */.as(:oneline) ) end rule(:routing_destinations) do c( "default-availability-check-profile" arg /* Profile that will be used if no other profile was attached to a server */, "availability-check-profiles" ( /* Definitions of servers availability check profiles */ availability_check_profile /* Definitions of servers availability check profiles */ ), "servers" ( /* Servers definitions */ routing_destination_server /* Servers definitions */ ), "clusters" ( /* Clusters definitions */ routing_destination_cluster /* Clusters definitions */ ) ) end rule(:availability_check_profile) do arg.as(:arg) ( c( "keepalive-method" ( /* How will availability check be done */ sc( c( "sip-options" /* Check availability by sending a SIP OPTIONS message */ ) ) ).as(:oneline), "keepalive-strategy" ( /* When will the server be checked for availability */ sc( c( "send-always" ( /* Always check the server availability */ c( "failures-before-unavailable" arg /* A server is assumed to be unavailable when a keepalive message was not answered this number of times */, "successes-before-available" arg /* A server is assumed to be available when a keepalive message was successfully answered this number of times */ ) ), "send-when-unavailable" ( /* Check the server availability only when it is marked as unavailable */ sc( "successes-before-available" arg /* A server is assumed to be available when a keepalive message was successfully answered this number of times */ ) ).as(:oneline), "do-not-send" ( /* Never perform availability checks of the server */ sc( "blackout-period" arg /* Time a server will be considered unavailable */ ) ).as(:oneline) ) ) ).as(:oneline), "keepalive-interval" ( /* How often should the server be checked for availability */ c( "available-server" arg /* How often should a server that is marked as available be checked for availablility */, "unavailable-server" arg /* How often should a server that is marked as unavailable be checked for availablility */ ) ), "transaction-timeout" arg /* A server is assumed to be unavailable when a keepalive message was not answered in this time */ ) ) end rule(:routing_destination_cluster) do arg.as(:arg) ( c( "server" arg ( c( "priority" arg /* Defines the redundency order */, "weight" arg /* Defines the load balancing ratio */ ) ) ) ) end rule(:routing_destination_server) do arg.as(:arg) ( c( "address" ( /* Server's address */ routing_destination_address /* Server's address */ ), "service-point" arg /* Exit point */, "admission-control" arg /* Admission control profile for the server */, "availability-check-profile" arg /* Availability check profile for the server */ ) ) end rule(:routing_destination_address) do c( "port" arg /* Port number */, "transport-protocol" ( /* Transport protocol */ transport_protocol /* Transport protocol */ ), ipaddr /* IP address */ ).as(:oneline) end rule(:rpd_rib_group_type) do arg.as(:arg) ( c( "export-rib" arg /* Export routing table */, "import-rib" arg /* Import routing table */, "import-policy" ( /* Import policy */ policy_algebra /* Import policy */ ) ) ) end rule(:rpm_next_hop) do arg.as(:arg) ( c( "rpm-probe" arg ( sc( "rpm-test" arg /* RPM test to track */ ) ).as(:oneline) ) ) end rule(:rsmon_fpc_type) do arg.as(:arg) ( c( "pic" ( /* Limiting subscriber on fpc */ rsmon_pic_type /* Limiting subscriber on fpc */ ), "limit" arg /* Number of subscribers allowed */ ) ) end rule(:rsmon_pic_type) do arg.as(:arg) ( c( "port" ( /* Limiting subscriber on port */ rsmon_port_type /* Limiting subscriber on port */ ), "limit" arg /* Number of subscribers allowed */ ) ) end rule(:rsmon_port_type) do arg.as(:arg) ( c( "limit" arg /* Number of subscribers allowed */ ) ) end rule(:rtf_prefix_list_items) do arg.as(:arg) end rule(:s6a_definition) do c( "partition" arg ( /* S6A partition configuration */ c( "destination-realm" arg /* S6A destination realm */, "destination-host" arg /* S6A destination host */, "diameter-instance" arg /* S6A diameter instance */, "max-outstanding-requests" arg /* Maximum number of outstanding requests */, "response-timeout" arg /* Response timeout */ ) ) ) end rule(:saegw_names) do arg.as(:arg) ( c( "system" ( /* System resource configuration */ c( "anchor-pfes" ( anchor_pfes_type ) ) ), "control-plane-peers" ( /* Control plane peers */ c( "local-address" ( /* IPv6 or IPv4 or both addresses of the local end of the PFCP connection */ ipaddr /* IPv6 or IPv4 or both addresses of the local end of the PFCP connection */ ), "routing-instance" arg /* Local routing instance of the PFCP */, "heartbeat-interval" arg /* Time between two successive heartbeat requests */, "path-management" ( /* Enable/disable origination of heartbeat message requests to control peers */ ("enable" | "disable") ), "n3-requests" arg /* Number of retries of PFCP request messages upon t3-response timeout */, "t3-response" arg /* Waiting time of gateway before retrying a PFCP signaling-request upon response timeout */, "response-cache-timeout" arg /* Configure the timeout for the PFCP response cache */, "apn-services" ( /* Access point name services name */ c( "apns" ( apn_services_names ) ) ), "peer-groups" ( /* Peer groups name */ control_peer_groups /* Peer groups name */ ) ) ), "access-network-peers" ( /* Data plane peers */ c( "local-address" ( /* IPv4 address of the local end of the GTP-U connection */ ipv4addr /* IPv4 address of the local end of the GTP-U connection */ ), "routing-instance" arg /* Local routing instance of the GTP-U */, "echo-interval" arg /* Time between origination of two successive echo requests */, "path-management" ( /* Enable/disable origination of echo requests to access peers */ ("enable" | "disable") ), "n3-requests" arg /* Number of retries of peer management request messages upon t3-response timeout */, "t3-response" arg /* Waiting time of gateway before retrying peer management request upon response timeout */, "peer-groups" ( /* Peer groups name */ access_peer_groups /* Peer groups name */ ) ) ), "core-network-peers" ( /* Core-side GTP-U peers */ c( "local-address" ( /* IPv4 address of the local end of the GTP-U connection */ ipv4addr /* IPv4 address of the local end of the GTP-U connection */ ), "routing-instance" arg /* Local routing instance of the GTP-U connection */, "echo-interval" arg /* Time between origination of two echo requests */, "path-management" ( /* Enable/disable origination of echo requests to core peers */ ("enable" | "disable") ), "n3-requests" arg /* Number of unanswered echo requests for path failure */, "t3-response" arg /* Time between resending unanswered echo requests */, "peer-groups" ( /* Peer groups name */ core_peer_groups /* Peer groups name */ ) ) ) ) ) end rule(:access_peer_groups) do arg.as(:arg) ( c( "peer" ( c( "address" ( /* IPv4 address or prefix value of access network peer */ ipv4prefix /* IPv4 address or prefix value of access network peer */ ), "hostname" arg /* Name of the access network peer */ ) ), "routing-instance" arg /* Routing-instance of GPT-U connection */ ) ) end rule(:anchor_pfes_type) do c( "interface" arg /* Anchor PFE interface configuration */ ) end rule(:apn_services_names) do arg.as(:arg) ( c( "mobile-interface" arg /* Mobile interface name */ ) ) end rule(:control_peer_groups) do arg.as(:arg) ( c( "peer" ( /* Peer address and hostname */ c( "address" ( /* IPv4 or IPv6 address or prefix value of control plane peer */ ipprefix /* IPv4 or IPv6 address or prefix value of control plane peer */ ), "hostname" arg /* Name of the control plane peer */ ) ), "initiate-association" /* Start node association message to control plane peer */, "routing-instance" arg /* Local routing instance of the PFCP */, "heartbeat-interval" arg /* Time between origination of two successive heartbeat requests */, "path-management" ( /* Enable/disable origination of heartbeat message requests to control peers */ ("enable" | "disable") ), "n3-requests" arg /* Number of retries of PFCP request messages upon t3-response timeout */, "t3-response" arg /* Waiting time of gateway before retrying a PFCP signaling-request upon response timeout */ ) ) end rule(:core_peer_groups) do arg.as(:arg) ( c( "peer" ( c( "address" ( /* IPv4 address or prefix value of core network peer */ ipv4prefix /* IPv4 address or prefix value of core network peer */ ), "hostname" arg /* Name of the core network peer */ ) ), "routing-instance" arg /* Routing-instance of GPT-U connection */ ) ) end rule(:sampling_family_inet6_output_type) do c( "aggregate-export-interval" arg /* Interval of exporting aggregate accounting information */, "flow-inactive-timeout" arg /* Interval of inactivity that marks a flow inactive */, "flow-active-timeout" arg /* Interval after which an active flow is exported */, "flow-server" ( /* Configure sending traffic aggregates in cflowd format */ cflowd_sampling_inet6_sampling_type /* Configure sending traffic aggregates in cflowd format */ ), "interface" ( /* Interfaces used to send monitored information */ packet_export_intf_type /* Interfaces used to send monitored information */ ), "inline-jflow" ( /* Inline processing of sampled packets */ packet_export_inline /* Inline processing of sampled packets */ ), "extension-service" arg /* Define the customer specific sampling configuration */ ) end rule(:cflowd_sampling_inet6_sampling_type) do arg.as(:arg) ( c( "port" arg /* UDP port number on host collecting cflowd packets */, "dscp" arg /* Numeric DSCP value in the range 0 to 63 */, "forwarding-class" arg /* Forwarding-class for exported jflow packets, applicable only for inline-jflow */, "routing-instance" arg /* Name of routing instance on which flow collector is reachable */, "autonomous-system-type" ( /* Type of autonomous system number to export */ ("origin" | "peer") ), "aggregation" ( /* Aggregations to perform for exported flows (version 8 only) */ aggregation_type /* Aggregations to perform for exported flows (version 8 only) */ ), "local-dump" /* Dump cflowd records to log file before exporting */, "no-local-dump" /* Don't dump cflowd records to log file before exporting */, "source-address" ( /* Source IPv4 address for cflowd packets */ ipv4addr /* Source IPv4 address for cflowd packets */ ), "version9" ( /* Export data in version 9 format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ) ) ) end rule(:packet_export_inline) do c( "source-address" ( /* Address to use for generating monitored packets */ ipaddr /* Address to use for generating monitored packets */ ), "flow-export-rate" arg /* Flow export rate of monitored packets in kpps */ ) end rule(:sampling_family_input_type) do c( "rate" arg /* Ratio of packets to be sampled (1 out of N) */, "run-length" arg /* Number of samples after initial trigger */, "max-packets-per-second" arg /* Threshold of samples per second before dropping */, "maximum-packet-length" arg /* Maximum length of the sampled packet */ ) end rule(:sampling_global_mpls_output_type) do c( "aggregate-export-interval" arg /* Interval of exporting aggregate accounting information */, "flow-inactive-timeout" arg /* Interval of inactivity that marks a flow inactive */, "flow-active-timeout" arg /* Interval after which an active flow is exported */, "flow-server" ( /* Configure sending traffic aggregates in cflowd format */ cflowd_global_mpls_sampling_type /* Configure sending traffic aggregates in cflowd format */ ), "interface" ( /* Interfaces used to send monitored information */ packet_export_intf_type /* Interfaces used to send monitored information */ ) ) end rule(:cflowd_global_mpls_sampling_type) do arg.as(:arg) ( c( "port" arg /* UDP port number on host collecting cflowd packets */, "dscp" arg /* Numeric DSCP value in the range 0 to 63 */, "forwarding-class" arg /* Forwarding-class for exported jflow packets, applicable only for inline-jflow */, "routing-instance" arg /* Name of routing instance on which flow collector is reachable */, "autonomous-system-type" ( /* Type of autonomous system number to export */ ("origin" | "peer") ), "aggregation" ( /* Aggregations to perform for exported flows (version 8 only) */ aggregation_type /* Aggregations to perform for exported flows (version 8 only) */ ), "local-dump" /* Dump cflowd records to log file before exporting */, "no-local-dump" /* Don't dump cflowd records to log file before exporting */, "source-address" ( /* Source IPv4 address for cflowd packets */ ipv4addr /* Source IPv4 address for cflowd packets */ ), "version9" ( /* Export data in version 9 format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ) ) ) end rule(:sampling_input_type) do c( "rate" arg /* Ratio of packets to be sampled (1 out of N) */, "run-length" arg /* Number of samples after initial trigger */, "max-packets-per-second" arg /* Threshold of samples per second before dropping */, "maximum-packet-length" arg /* Maximum length of the sampled packet */, "family" ( /* Protocol family */ c( "inet" ( /* Sampling parameters for IPv4 */ c( "rate" arg /* Ratio of packets to be sampled (1 out of N) */, "run-length" arg /* Number of samples after initial trigger */, "max-packets-per-second" arg /* Threshold of samples per second before dropping */, "maximum-packet-length" arg /* Maximum length of the sampled packet */ ) ), "mpls" ( /* Sampling parameters for MPLS */ c( "rate" arg /* Ratio of packets to be sampled (1 out of N) */, "run-length" arg /* Number of samples after initial trigger */, "max-packets-per-second" arg /* Threshold of samples per second before dropping */, "maximum-packet-length" arg /* Maximum length of the sampled packet */ ) ), "inet6" ( /* Sampling parameters for IPv6 */ c( "rate" arg /* Ratio of packets to be sampled (1 out of N) */, "run-length" arg /* Number of samples after initial trigger */, "max-packets-per-second" arg /* Threshold of samples per second before dropping */, "maximum-packet-length" arg /* Maximum length of the sampled packet */ ) ) ) ) ) end rule(:sampling_instance_bridge_output_type) do c( "flow-server" ( /* Configure sending traffic aggregates in cflowd format */ cflowd_instance_bridge_sampling_type /* Configure sending traffic aggregates in cflowd format */ ), "inline-jflow" ( /* Inline processing of sampled packets */ packet_export_inline_instance /* Inline processing of sampled packets */ ) ) end rule(:cflowd_instance_bridge_sampling_type) do arg.as(:arg) ( c( "port" arg /* UDP port number on host collecting cflowd packets */, "dscp" arg /* Numeric DSCP value in the range 0 to 63 */, "forwarding-class" arg /* Forwarding-class for exported jflow packets, applicable only for inline-jflow */, "routing-instance" arg /* Name of routing instance on which flow collector is reachable */, "version9" ( /* Export data in version 9 format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ), "version-ipfix" ( /* Export data in version ipfix format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ) ) ) end rule(:packet_export_inline_instance) do c( "source-address" ( /* Address to use for generating monitored packets */ ipaddr /* Address to use for generating monitored packets */ ), "flow-export-rate" arg /* Flow export rate of monitored packets in kpps */ ) end rule(:sampling_instance_inet6_output_type) do c( "aggregate-export-interval" arg /* Interval of exporting aggregate accounting information */, "flow-inactive-timeout" arg /* Interval of inactivity that marks a flow inactive */, "flow-active-timeout" arg /* Interval after which an active flow is exported */, "flow-server" ( /* Configure sending traffic aggregates in cflowd format */ cflowd_instance_inet6_sampling_type /* Configure sending traffic aggregates in cflowd format */ ), "interface" ( /* Interfaces used to send monitored information */ packet_export_intf_type /* Interfaces used to send monitored information */ ), "inline-jflow" ( /* Inline processing of sampled packets */ packet_export_inline_instance /* Inline processing of sampled packets */ ), "extension-service" arg /* Define the customer specific sampling configuration */ ) end rule(:cflowd_instance_inet6_sampling_type) do arg.as(:arg) ( c( "port" arg /* UDP port number on host collecting cflowd packets */, "dscp" arg /* Numeric DSCP value in the range 0 to 63 */, "forwarding-class" arg /* Forwarding-class for exported jflow packets, applicable only for inline-jflow */, "routing-instance" arg /* Name of routing instance on which flow collector is reachable */, "autonomous-system-type" ( /* Type of autonomous system number to export */ ("origin" | "peer") ), "aggregation" ( /* Aggregations to perform for exported flows (version 8 only) */ aggregation_type /* Aggregations to perform for exported flows (version 8 only) */ ), "local-dump" /* Dump cflowd records to log file before exporting */, "no-local-dump" /* Don't dump cflowd records to log file before exporting */, "source-address" ( /* Source IPv4 address for cflowd packets */ ipv4addr /* Source IPv4 address for cflowd packets */ ), "version9" ( /* Export data in version 9 format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ), "version-ipfix" ( /* Export data in version ipfix format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ) ) ) end rule(:sampling_instance_inet_global_output_type) do c( "aggregate-export-interval" arg /* Interval of exporting aggregate accounting information */, "flow-inactive-timeout" arg /* Interval of inactivity that marks a flow inactive */, "flow-active-timeout" arg /* Interval after which an active flow is exported */, "file" ( /* Configure parameters for dumping sampled packets */ sc( ("disable"), "filename" arg /* Name of file to contain sampled packet dumps */, "files" arg /* Maximum number of sampled packet dump files */, "size" arg /* Maximum sample dump file size */, "world-readable" /* Allow any user to read the sampled dump */, "no-world-readable" /* Don't allow any user to read the sampled dump */, "stamp" /* Timestamp every packet in the dump */, "no-stamp" /* Don't timestamp every packet in the dump */ ) ).as(:oneline), "port-mirroring" ( /* Configure sending sampled traffic out through an interface */ inet_pm_family_output_type /* Configure sending sampled traffic out through an interface */ ), "flow-server" ( /* Configure sending traffic aggregates in cflowd format */ cflowd_sampling_inet_type /* Configure sending traffic aggregates in cflowd format */ ), "interface" ( /* Interfaces used to send monitored information */ packet_export_intf_type /* Interfaces used to send monitored information */ ), "inline-jflow" ( /* Inline processing of sampled packets */ packet_export_inline /* Inline processing of sampled packets */ ), "extension-service" arg /* Define the customer specific sampling configuration */ ) end rule(:cflowd_sampling_inet_type) do arg.as(:arg) ( c( "port" arg /* UDP port number on host collecting cflowd packets */, "dscp" arg /* Numeric DSCP value in the range 0 to 63 */, "forwarding-class" arg /* Forwarding-class for exported jflow packets, applicable only for inline-jflow */, "routing-instance" arg /* Name of routing instance on which flow collector is reachable */, "autonomous-system-type" ( /* Type of autonomous system number to export */ ("origin" | "peer") ), "aggregation" ( /* Aggregations to perform for exported flows (version 8 only) */ aggregation_type /* Aggregations to perform for exported flows (version 8 only) */ ), "local-dump" /* Dump cflowd records to log file before exporting */, "no-local-dump" /* Don't dump cflowd records to log file before exporting */, "source-address" ( /* Source IPv4 address for cflowd packets */ ipv4addr /* Source IPv4 address for cflowd packets */ ), "version9" ( /* Export data in version 9 format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ), "version-ipfix" ( /* Export data in version ipfix format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ), "version" ( /* Format of exported cflowd aggregates */ ("5" | "8" | "500") ) ) ) end rule(:sampling_instance_inet_output_type) do c( "aggregate-export-interval" arg /* Interval of exporting aggregate accounting information */, "flow-inactive-timeout" arg /* Interval of inactivity that marks a flow inactive */, "flow-active-timeout" arg /* Interval after which an active flow is exported */, "flow-server" ( /* Configure sending traffic aggregates in cflowd format */ cflowd_instance_inet_sampling_type /* Configure sending traffic aggregates in cflowd format */ ), "interface" ( /* Interfaces used to send monitored information */ packet_export_intf_type /* Interfaces used to send monitored information */ ), "inline-jflow" ( /* Inline processing of sampled packets */ packet_export_inline_instance /* Inline processing of sampled packets */ ), "extension-service" arg /* Define the customer specific sampling configuration */ ) end rule(:cflowd_instance_inet_sampling_type) do arg.as(:arg) ( c( "port" arg /* UDP port number on host collecting cflowd packets */, "dscp" arg /* Numeric DSCP value in the range 0 to 63 */, "forwarding-class" arg /* Forwarding-class for exported jflow packets, applicable only for inline-jflow */, "routing-instance" arg /* Name of routing instance on which flow collector is reachable */, "autonomous-system-type" ( /* Type of autonomous system number to export */ ("origin" | "peer") ), "aggregation" ( /* Aggregations to perform for exported flows (version 8 only) */ aggregation_type /* Aggregations to perform for exported flows (version 8 only) */ ), "local-dump" /* Dump cflowd records to log file before exporting */, "no-local-dump" /* Don't dump cflowd records to log file before exporting */, "source-address" ( /* Source IPv4 address for cflowd packets */ ipv4addr /* Source IPv4 address for cflowd packets */ ), "version9" ( /* Export data in version 9 format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ), "version-ipfix" ( /* Export data in version ipfix format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ), "version" ( /* Format of exported cflowd aggregates */ ("5" | "8") ) ) ) end rule(:sampling_instance_input_type) do c( "rate" arg /* Ratio of packets to be sampled (1 out of N) */, "run-length" arg /* Number of samples after initial trigger */, "max-packets-per-second" arg /* Threshold of samples per second before dropping */, "maximum-packet-length" arg /* Maximum length of the sampled packet */ ) end rule(:sampling_instance_mpls_output_type) do c( "aggregate-export-interval" arg /* Interval of exporting aggregate accounting information */, "flow-inactive-timeout" arg /* Interval of inactivity that marks a flow inactive */, "flow-active-timeout" arg /* Interval after which an active flow is exported */, "flow-server" ( /* Configure sending traffic aggregates in cflowd format */ cflowd_instance_mpls_sampling_type /* Configure sending traffic aggregates in cflowd format */ ), "interface" ( /* Interfaces used to send monitored information */ packet_export_intf_type /* Interfaces used to send monitored information */ ), "inline-jflow" ( /* Inline processing of sampled packets */ packet_export_inline_instance /* Inline processing of sampled packets */ ) ) end rule(:cflowd_instance_mpls_sampling_type) do arg.as(:arg) ( c( "port" arg /* UDP port number on host collecting cflowd packets */, "dscp" arg /* Numeric DSCP value in the range 0 to 63 */, "forwarding-class" arg /* Forwarding-class for exported jflow packets, applicable only for inline-jflow */, "routing-instance" arg /* Name of routing instance on which flow collector is reachable */, "autonomous-system-type" ( /* Type of autonomous system number to export */ ("origin" | "peer") ), "aggregation" ( /* Aggregations to perform for exported flows (version 8 only) */ aggregation_type /* Aggregations to perform for exported flows (version 8 only) */ ), "local-dump" /* Dump cflowd records to log file before exporting */, "no-local-dump" /* Don't dump cflowd records to log file before exporting */, "source-address" ( /* Source IPv4 address for cflowd packets */ ipv4addr /* Source IPv4 address for cflowd packets */ ), "version9" ( /* Export data in version 9 format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ), "version-ipfix" ( /* Export data in version ipfix format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ) ) ) end rule(:sampling_instance_vpls_output_type) do c( "flow-server" ( /* Configure sending traffic aggregates in cflowd format */ cflowd_instance_vpls_sampling_type /* Configure sending traffic aggregates in cflowd format */ ), "inline-jflow" ( /* Inline processing of sampled packets */ packet_export_inline_instance /* Inline processing of sampled packets */ ) ) end rule(:cflowd_instance_vpls_sampling_type) do arg.as(:arg) ( c( "port" arg /* UDP port number on host collecting cflowd packets */, "dscp" arg /* Numeric DSCP value in the range 0 to 63 */, "forwarding-class" arg /* Forwarding-class for exported jflow packets, applicable only for inline-jflow */, "routing-instance" arg /* Name of routing instance on which flow collector is reachable */, "version9" ( /* Export data in version 9 format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ), "version-ipfix" ( /* Export data in version ipfix format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ) ) ) end rule(:sampling_output_type) do c( "aggregate-export-interval" arg /* Interval of exporting aggregate accounting information */, "flow-inactive-timeout" arg /* Interval of inactivity that marks a flow inactive */, "flow-active-timeout" arg /* Interval after which an active flow is exported */, "file" ( /* Configure parameters for dumping sampled packets */ sc( ("disable"), "filename" arg /* Name of file to contain sampled packet dumps */, "files" arg /* Maximum number of sampled packet dump files */, "size" arg /* Maximum sample dump file size */, "world-readable" /* Allow any user to read the sampled dump */, "no-world-readable" /* Don't allow any user to read the sampled dump */, "stamp" /* Timestamp every packet in the dump */, "no-stamp" /* Don't timestamp every packet in the dump */ ) ).as(:oneline), "port-mirroring" ( /* Configure sending sampled traffic out through an interface */ inet_pm_family_output_type /* Configure sending sampled traffic out through an interface */ ), "flow-server" ( /* Configure sending traffic aggregates in cflowd format */ cflowd_sampling_type /* Configure sending traffic aggregates in cflowd format */ ), "interface" ( /* Interfaces used to send monitored information */ packet_export_intf_type /* Interfaces used to send monitored information */ ), "inline-jflow" ( /* Inline processing of sampled packets */ packet_export_inline /* Inline processing of sampled packets */ ), "extension-service" arg /* Define the customer specific sampling configuration */ ) end rule(:cflowd_sampling_type) do arg.as(:arg) ( c( "port" arg /* UDP port number on host collecting cflowd packets */, "dscp" arg /* Numeric DSCP value in the range 0 to 63 */, "forwarding-class" arg /* Forwarding-class for exported jflow packets, applicable only for inline-jflow */, "routing-instance" arg /* Name of routing instance on which flow collector is reachable */, "autonomous-system-type" ( /* Type of autonomous system number to export */ ("origin" | "peer") ), "aggregation" ( /* Aggregations to perform for exported flows (version 8 only) */ aggregation_type /* Aggregations to perform for exported flows (version 8 only) */ ), "local-dump" /* Dump cflowd records to log file before exporting */, "no-local-dump" /* Don't dump cflowd records to log file before exporting */, "source-address" ( /* Source IPv4 address for cflowd packets */ ipv4addr /* Source IPv4 address for cflowd packets */ ), "version9" ( /* Export data in version 9 format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ), "version-ipfix" ( /* Export data in version ipfix format */ c( "template" ( /* Template configuration */ c( arg /* Template name */ ) ) ) ), "version" ( /* Format of exported cflowd aggregates */ ("5" | "8" | "500") ) ) ) end rule(:sampling_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline) ) end rule(:satellite_bridge_filter) do arg.as(:arg) ( c( "term" arg ( /* Define a firewall term */ c( "from" ( /* Define match criteria */ c( "source-mac-address" ( /* Match MAC source address */ firewall_mac_addr_object /* Match MAC source address */ ), "destination-mac-address" ( /* Match MAC destination address */ firewall_mac_addr_object /* Match MAC destination address */ ), "ip-source-address" ( /* Match IP source address */ firewall_addr_object /* Match IP source address */ ), "ip-destination-address" ( /* Match IP destination address */ firewall_addr_object /* Match IP destination address */ ), c( "ip-protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "ip-protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "user-vlan-id" arg, "user-vlan-id-except" arg ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "accept" /* Accept the packet */, "discard" /* Discard the packets */ ), "next-hop-group" arg /* Use specified next-hop group */ ) ) ) ) ) ) end rule(:satellite_policy_options) do c( "extended-ports-template" arg ( /* Extended ports template */ c( "pic" ( /* PIC attributes */ satellite_pic_type /* PIC attributes */ ) ) ), "port-group-alias" arg ( /* Port group alias */ c( "pic" arg ( /* Satellite PIC information */ c( "port" arg /* Port id or range or all */ ) ) ) ), "chassis-group-alias" arg ( /* Chassis group alias */ c( "prefer-primary" /* Primary mode chassis will be preferred */, "chassis-id" arg ( /* List of chassis-ids */ c( "mode" ( /* Mode Primary or Backup */ c( c( "primary" /* Primary Mode */, "backup" /* Backup Mode */ ) ) ), "core-interface" arg /* Core interface */ ) ) ) ), "extended-ports-policy" arg ( /* Define a extended-ports-policy */ c( "term" arg ( /* Policy term */ c( "from" ( /* Condition to match the satellite */ c( "product-model" arg /* Product Model Name */, "extended-ports-template" arg /* Apply extended ports template to satellite matching conditions defined in this term */ ) ) ) ) ) ), "candidate-uplink-port-policy" arg ( /* Define a candidate uplink-port policy */ c( "uplink-port-group" arg /* Uplink port group alias name */, "minimum-links" arg /* Minimum child links to keep extended-ports UP */, "holddown" arg /* Time to hold down after uplink failure */, "term" arg ( /* Policy term */ c( "from" ( /* Condition to match the satellite */ c( "product-model" arg /* Product Model Name */, "uplink-port-group" arg /* Uplink port group alias name */, "minimum-links" arg /* Minimum child links to keep extended-ports UP */, "holddown" arg /* Time to hold down after uplink failure */ ) ) ) ) ) ), "environment-monitoring-policy" arg ( /* Define a environment monitoring policy */ c( "alarm" ( /* Policy default alarm policy */ c( "linkdown" ( /* Policy default linkdown alarm */ ("ignore" | "red" | "yellow") ) ) ), "term" arg ( /* Policy term */ c( "from" ( /* Condition to match the satellite */ c( "product-model" arg /* Product Model Name */, "alarm" ( /* Term alarm policy */ c( "linkdown" ( /* Set linkdown alarm */ ("ignore" | "red" | "yellow") ) ) ) ) ) ) ) ) ), "forwarding-policy" arg ( /* Define forwarding policy for extended ports */ c( "port-group-extended" ( /* Define a extend port group mapping */ port_extend_type /* Define a extend port group mapping */ ), "term" arg ( /* Policy term */ c( "from" ( /* Condition to match the satellite */ c( "product-model" arg /* Product Model Name */, "port-group-extended" ( /* Define a extend port group mapping */ port_extend_type /* Define a extend port group mapping */ ) ) ) ) ) ) ) ) end rule(:port_extend_type) do arg.as(:arg) ( c( "filter" arg /* Assign a filter for uplink selection */, "port-group-uplink" ( /* Define a uplink port group mapping */ c( arg /* Uplink port group alias name used for uplink pinning mode */, "minimum-links" arg /* Minimum child links to keep extended-ports UP */, "holddown" arg /* Time to hold down after uplink failure */ ) ), "mirror-ingress" ( /* Define a ingress port mirror */ c( "port-group-mirror" arg /* Mirror port group alias name for local port mirroring */ ) ), "mirror-egress" ( /* Define a egress port mirror */ c( "port-group-mirror" arg /* Mirror port group alias name for local port mirroring */ ) ) ) ) end rule(:satellite_pic_type) do arg.as(:arg) ( c( "port" ( /* Port number */ satellite_pic_port_attr /* Port number */ ), "port-range" ( /* Physical ports to channelize */ s( arg, arg, c( "channel-speed" ( /* Port channel speed */ ("10g" | "disable-auto-speed-detection") ) ) ) ) ) ) end rule(:satellite_pic_port_attr) do arg.as(:arg) ( c( "channel-speed" ( /* Port channel speed */ ("10g" | "25g" | "50g" | "disable-auto-speed-detection") ) ) ) end rule(:sbc_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" ( /* Tracing parameters */ c( "configuration" ( /* Trace configuration events */ ("trace" | "debug" | "info" | "warning" | "error") ), "ipc" ( /* Trace IPC events */ ("trace" | "debug" | "info" | "warning" | "error") ), "device-monitor" ( /* Trace device monitor events */ ("trace" | "debug" | "info" | "warning" | "error") ), "ui" ( /* Trace ui events */ ("trace" | "debug" | "info" | "warning" | "error") ), "common" ( /* Trace common events */ ("trace" | "debug" | "info" | "warning" | "error") ), "memory-pool" ( /* Trace memory-pool events */ ("trace" | "debug" | "info" | "warning" | "error") ), "packet-capture" ( /* Trace packet capture events */ ("trace" | "debug" | "info" | "warning" | "error") ), "all" ( /* Minimal trace level for all components */ ("trace" | "debug" | "info" | "warning" | "error") ) ) ) ) end rule(:script_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("all" | "events" | "input" | "offline" | "output" | "rpc" | "xslt")) /* Tracing parameters */.as(:oneline) ) end rule(:scripts_type) do c( "commit" ( /* Commit-time scripting mechanism */ c( "allow-transients" /* Allow loading of transient configuration changes */, "traceoptions" ( /* Trace options for commit scripts */ script_traceoptions /* Trace options for commit scripts */ ), "refresh" /* Refresh all operation scripts from their source */, "refresh-from" arg /* Refresh all operation scripts from a given base URL */, "max-datasize" arg /* Maximum data segment size for scripts execution */, "direct-access" /* Access the configuration directly from database */, "dampen" ( /* Dampen execution of commit scripts */ c( "dampen-options" ( /* Dampen options for commit scripts */ c( "cpu-factor" arg /* CPU factor at which to pause */, "line-interval" arg /* Line interval at which to pause */, "time-interval" arg /* Time to pause */ ) ) ) ), "file" ( /* Commit script file */ commit_scripts_file_type /* Commit script file */ ) ) ), "op" ( /* Operations scripting */ c( "refresh" /* Refresh all operation scripts from their source */, "refresh-from" arg /* Refresh all operation scripts from a given base URL */, "traceoptions" ( /* Trace options for operation scripts */ script_traceoptions /* Trace options for operation scripts */ ), "file" ( /* Configuration for each operation script */ op_scripts_file_type /* Configuration for each operation script */ ), "no-allow-url" /* Do not allow the remote execution of op scripts */, "allow-url-for-python" /* Allow the remote execution of Python op scripts */, "max-datasize" arg /* Maximum data segment size for scripts execution */, "dampen" ( /* Dampen execution of op scripts */ c( "dampen-options" ( /* Dampen options for op scripts */ c( "cpu-factor" arg /* CPU factor at which to pause */, "line-interval" arg /* Line interval at which to pause */, "time-interval" arg /* Time to pause */ ) ) ) ) ) ), "translation" ( /* Translation scripts */ c( "max-datasize" arg /* Maximum data segment size for translation scripts execution */ ) ), "load-scripts-from-flash" /* Load scripts from flash */, "language" ( /* Allow/Disallow Python scripts on-box */ ("python" | "python3") ), "synchronize" /* Push all scripts to other RE on commit synchronize */, "snmp" ( /* Snmp scripts */ c( "refresh" /* Refresh all snmp scripts from their source */, "refresh-from" arg /* Refresh all snmp scripts from a given base URL */, "file" ( /* Configuration for each snmp script */ snmp_scripts_file_type /* Configuration for each snmp script */ ), "traceoptions" ( /* Trace options for snmp scripts */ script_traceoptions /* Trace options for snmp scripts */ ), "max-datasize" arg /* Maximum data segment size for scripts execution */ ) ) ) end rule(:commit_scripts_file_type) do arg.as(:arg) ( c( "optional" /* Allow commit to succeed if the script is missing */, "source" arg /* URL of source for this script */, "cert-file" arg /* Specify the certificate file name */, "routing-instance" arg /* Routing instance */, "refresh" /* Refresh all operation scripts from their source */, "refresh-from" arg /* Refresh all operation scripts from a given base URL */, "checksum" ( /* Checksum of this script */ c( "sha-256" arg /* SHA-256 checksum of this script */ ) ) ) ) end rule(:op_scripts_file_type) do arg.as(:arg) ( c( "command" arg /* Command alias for the script file */, "dampen" ( /* Dampen execution of the script */ c( "dampen-options" ( /* Dampen options for the script */ c( "cpu-factor" arg /* CPU factor at which to pause */, "line-interval" arg /* Line interval at which to pause */, "time-interval" arg /* Time to pause */ ) ) ) ), "description" arg /* Description of the script */, "source" arg /* URL of source for this script */, "cert-file" arg /* Specify the certificate file name */, "routing-instance" arg /* Routing instance */, "allow-commands" ( /* Regular expression for commands to allow explicitly */ regular_expression /* Regular expression for commands to allow explicitly */ ), "refresh" /* Refresh all operation scripts from their source */, "refresh-from" arg /* Refresh all operation scripts from a given base URL */, "arguments" arg ( /* Command line argument to the script */ c( "description" arg /* Description of the argument */ ) ), "checksum" ( /* Checksum of this script */ c( "sha-256" arg /* SHA-256 checksum of this script */ ) ) ) ) end rule(:sdk_mgmtd_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("service-infrastructure" | "routing-instance" | "config-handling" | "command-handling" | "cli-show-commands" | "all")) /* Area of daemon to enable debugging output */.as(:oneline) ) end rule(:sdk_vmmd_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("init" | "configuration" | "ccif" | "pxe" | "platform" | "heartbeat" | "routing-instances" | "snmp" | "miscellaneous" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:sec_object) do c( "security-name" arg /* Specify v3 security-name */, "context" arg /* Specify context name associated to this security-name */ ) end rule(:secintel_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("all" | "feed" | "ipc")) /* Trace flags */.as(:oneline) ) end rule(:securid_server_object) do arg.as(:arg) ( c( "configuration-file" arg /* Path to the SecurID server configuration (sdconf.rec) file */ ) ) end rule(:security_authentication_key_chains) do c( "key-chain" arg ( /* Key chain configuration */ c( "description" arg /* Text description of this authentication-key-chain */, "tolerance" arg /* Clock skew tolerance */, "key" arg ( /* Authentication element configuration */ c( "secret" arg /* Authentication key */, "key-name" arg /* Key name in hexadecimal format used for macsec */, "start-time" ( /* Start time for key transmission (YYYY-MM-DD.HH:MM) */ time /* Start time for key transmission (YYYY-MM-DD.HH:MM) */ ), "algorithm" ( /* Authentication algorithm */ ("md5" | "hmac-sha-1" | "ao") ), "options" ( /* Protocol's transmission encoding format */ ("basic" | "isis-enhanced") ), "ao-attribute" ( /* TCP Authentication option attributes */ c( "send-id" arg /* Send id for TCP-AO entry */, "recv-id" arg /* Recv id for TCP-AO entry */, "tcp-ao-option" ( /* Include TCP-AO option within message header */ ("enabled" | "disabled") ), "cryptographic-algorithm" ( /* Cryptographic algorithm for TCP-AO Traffic key and MAC digest generation */ ("hmac-sha-1-96" | "aes-128-cmac-96") ) ) ) ) ) ) ) ) end rule(:security_dhcpv6_options_type) do c( "option-37" ( /* Configure DHCPv6 remote identifier option */ c( "prefix" ( /* Configure DHCPv6 remote identifier prefix */ c( "host-name" /* Prefix router host name to DHCPv6 remote identifier */, "logical-system-name" /* Prefix logical system name to DHCPv6 remote identifier */, "routing-instance-name" /* Prefix routing instance name to DHCPv6 remote identifier */, "vlan-name" /* Prefix vlan name to DHCPv6 remote identifier */, "vlan-id" /* Prefix vlan tag to DHCPv6 remote identifier */ ) ), "use-interface-mac" /* Add incoming interface's MAC address to DHCPv6 remote identifier */, "use-interface-index" ( /* Add interface index to DHCPv6 remote identifier */ ("logical" | "device") ), "use-interface-name" ( /* Add interface name to DHCPv6 remote identifier */ ("logical" | "device") ), "use-interface-description" ( /* Add interface description to DHCPv6 remote identifier */ ("logical" | "device") ), "use-string" arg /* Add custom string to DHCPv6 remote identifier */ ) ), "option-18" ( /* Configure DHCPv6 interface identifier option */ c( "prefix" ( /* Configure DHCPv6 interface identifier prefix */ c( "host-name" /* Prefix router host name to DHCPv6 interface identifier */, "logical-system-name" /* Prefix logical system name to DHCPv6 interface identifier */, "routing-instance-name" /* Prefix routing instance name to DHCPv6 interface identifier */, "vlan-name" /* Prefix vlan name to DHCPv6 interface identifier */, "vlan-id" /* Prefix vlan tag to DHCPv6 interface identifier */ ) ), "use-interface-mac" /* Add incoming interface's MAC address to DHCPv6 circuit identifier */, "use-interface-index" ( /* Add interface index to DHCPv6 interface identifier */ ("logical" | "device") ), "use-interface-name" ( /* Add interface name to DHCPv6 remote identifier */ ("logical" | "device") ), "use-interface-description" ( /* Add interface description to DHCPv6 interface identifier */ ("logical" | "device") ), "use-string" arg /* Add custom string to DHCPv6 interface identifier */ ) ), "option-16" ( /* Configure DHCPv6 vendor class identifier option. Overwrite if exists */ c( "use-string" arg /* Add custom string to DHCPv6 vendor identifier */ ) ), "option-79" /* Configure DHCPv6 client link layer address option */ ) end rule(:security_group_vpn) do c( "member" ( /* Group VPN member configuration */ gvpn_member /* Group VPN member configuration */ ) ) end rule(:gvpn_member) do c( "ike" ( /* Group VPN IKE configuration */ gvpn_member_ike /* Group VPN IKE configuration */ ), "ipsec" ( /* Group VPN IPsec configuration */ gvpn_member_ipsec_vpn /* Group VPN IPsec configuration */ ) ) end rule(:gvpn_ike_policy) do arg.as(:arg) ( c( "mode" ( /* Define the IKE mode for Phase 1 */ ("main" | "aggressive") ), "description" arg /* Text description of IKE policy */, "proposals" arg, "certificate" ( /* Certificate configuration */ c( "local-certificate" arg /* Local certificate identifier */, "trusted-ca" ( /* Specify the CA to use */ sc( c( arg /* Index of the preferred CA to use */, "use-all" /* Use all configured CAs */ ) ) ).as(:oneline), "peer-certificate-type" ( /* Preferred type of certificate from peer */ ("pkcs7" | "x509-signature") ) ) ), "proposal-set" ( /* Types of default IKE proposal-set */ ("basic" | "compatible" | "standard") ), "pre-shared-key" ( /* Define a preshared key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline) ) ) end rule(:gvpn_member_ipsec_vpn) do c( "vpn" ( /* Define an IPSec VPN */ ipsec_gvpn_member_template /* Define an IPSec VPN */ ) ) end rule(:ipsec_gvpn_fail_open_rule_object) do c( "rule" ( /* Define fail open rules upto 10 */ ipsec_gvpn_rule_address_object /* Define fail open rules upto 10 */ ) ) end rule(:ipsec_gvpn_addr_object) do c( ipv4prefix_only /* Prefix to match */ ) end rule(:ipsec_sa) do arg.as(:arg) ( c( "description" arg /* Text description of security association */, "mode" ( /* Define security association mode */ ("transport" | "tunnel") ), c( "manual" ( /* Define a manual security association */ c( "direction" enum(("inbound" | "outbound" | "bidirectional")) ( /* Define the direction of the security association */ c( "protocol" ( /* Define an IPSec protocol for the security association */ ("ah" | "esp" | "bundle") ), "spi" arg /* Define security parameter index */, "auxiliary-spi" arg /* ESP security parameter index for IPSec SA bundle */, "authentication" ( /* Define authentication parameters */ c( "algorithm" ( /* Define authentication algorithm */ ("hmac-md5-96" | "hmac-sha1-96" | "hmac-sha2-256" | "hmac-sha-256-128") ), "key" ( /* Define an authentication key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline) ) ), "encryption" ( /* Define encryption parameters */ c( "algorithm" ( /* Define encryption algorithm */ ("des-cbc" | "3des-cbc" | "aes-128-cbc" | "aes-192-cbc" | "aes-256-cbc") ), "key" ( /* Define an encryption key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline) ) ) ) ) ) ), "dynamic" ( /* Define a dynamic security association */ c( "replay-window-size" ( /* Define replay protection window size */ ("32" | "64") ), "ipsec-policy" arg /* Name of the IPSec policy */ ) ) ) ) ) end rule(:ipsec_trusted_channel_sa) do c( "description" arg /* Text description of trusted channel security association */, "manual" ( /* Define a manual security association */ c( "direction" enum(("inbound" | "outbound" | "bidirectional")) ( /* Define the direction of the security association */ c( "protocol" ( /* Define an IPSec protocol for the security association */ ("ah" | "esp" | "bundle") ), "spi" arg /* Define security parameter index */, "auxiliary-spi" arg /* ESP security parameter index for IPSec SA bundle */, "authentication" ( /* Define authentication parameters */ c( "algorithm" ( /* Define authentication algorithm */ ("hmac-md5-96" | "hmac-sha1-96" | "hmac-sha2-256" | "hmac-sha-256-128") ), "key" ( /* Define an authentication key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline) ) ), "encryption" ( /* Define encryption parameters */ c( "algorithm" ( /* Define encryption algorithm */ ("des-cbc" | "3des-cbc" | "aes-128-cbc" | "aes-192-cbc" | "aes-256-cbc") ), "key" ( /* Define an encryption key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline) ) ) ) ) ) ) ) end rule(:security_macsec) do c( "traceoptions" ( /* Tracing options for debugging protocol operation */ macsec_trace_options /* Tracing options for debugging protocol operation */ ), "connectivity-association" arg ( /* Configure connectivity association properties */ c( "cipher-suite" ( /* Cipher suite to be used for encryption */ ("gcm-aes-128" | "gcm-aes-256" | "gcm-aes-xpn-128" | "gcm-aes-xpn-256") ), "security-mode" ( /* Connectivity association mode */ ("dynamic" | "static-sak" | "static-cak") ), "sak-hash-128" /* Configure to generate 128bit SAK hash to program HW */, "secure-channel" arg ( /* Configure secure channel properties */ c( "id" ( /* Secure channel identifier */ c( "mac-address" ( /* MAC addresses */ mac_addr /* MAC addresses */ ), "port-id" arg /* Port identifier */ ) ), "direction" ( /* Secure channel direction */ ("inbound" | "outbound") ), "encryption" /* Enable Encryption */, "offset" ( /* Confidentiality offset */ ("0" | "30" | "50") ), "include-sci" /* Include secure channel identifier in MAC Security PDU */, "security-association" arg ( /* Security association */ c( "key" arg /* Security association key in hexadecimal format of length 32 */ ) ) ) ), "mka" ( /* Configure MAC Security Key Agreement protocol properties */ c( "transmit-interval" arg /* Configure MKA periodic transmit interval */, "sak-rekey-interval" arg /* Configure SAK rekeying interval */, "bounded-delay" /* Configure Bounded Hello Time */, "suspend-on-request" /* Configure on key-server to accept suspend-on-request during gres or issu */, "suspend-for" /* Configure to suspend MKA during gres or issu */, "key-server-priority" arg /* Configure MKA key server priority */, "must-secure" /* Allow only secure dot1x traffic */, "should-secure" /* Configure fail open mode for MKA protocol */, "eapol-address" ( /* Configure EAPOL destination group address */ ("pae" | "provider-bridge" | "lldp-multicast" | arg) ) ) ), "replay-protect" ( /* Configure replay protection */ c( "replay-window-size" arg /* Configure replay protection window size */ ) ), "no-encryption" /* Disable encryption */, "disable-preceding-key" /* Disable CA preceding key duing key switch-over */, "offset" ( /* Confidentiality offset */ ("0" | "30" | "50") ), "include-sci" /* Include secure channel identifier in MAC Security PDU */, "pre-shared-key" ( /* Configure pre-shared connectivity association key */ c( "ckn" arg /* Connectivity association key name in hexadecimal format */, "cak" arg /* Connectivity association key in hexadecimal format */ ) ), "fallback-key" ( /* Configure fallback key for connectivity association */ c( "ckn" arg /* Connectivity association fallback key name in hexadecimal format */, "cak" arg /* Connectivity association fallback key secret in hexadecimal format */ ) ), "pre-shared-key-chain" arg /* Pre-shared key chain name for connectivity association */, "exclude-protocol" enum(("cdp" | "lldp" | "lacp")) /* Configure protocols to exclude from MAC Security */.as(:oneline) ) ), "interfaces" arg ( /* Interfaces on which macsec configuration is applied */ c( "unit" arg ( /* Logical interface */ c( "connectivity-association" arg /* Connectivity association name */, "traceoptions" ( /* Tracing options of MKA protocol */ mka_trace_options /* Tracing options of MKA protocol */ ) ) ), "connectivity-association" arg /* Connectivity association name */, "traceoptions" ( /* Tracing options of MKA protocol */ mka_trace_options /* Tracing options of MKA protocol */ ) ) ), "cluster-control-port" arg ( /* Cluster control port on which macsec configuration is applied */ c( "connectivity-association" arg /* Connectivity association name */, "traceoptions" ( /* Tracing options of MKA protocol */ mka_trace_options /* Tracing options of MKA protocol */ ) ) ), "cluster-data-port" arg ( /* Cluster data port on which macsec configuration is applied */ c( "connectivity-association" arg /* Connectivity association name */, "traceoptions" ( /* Tracing options of MKA protocol */ mka_trace_options /* Tracing options of MKA protocol */ ) ) ) ) end rule(:macsec_trace_options) do c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("config" | "debug" | "normal" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:mka_trace_options) do c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("mka-packets" | "state" | "to-secy" | "keys" | "normal" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:security_model_access) do enum(("any" | "usm" | "v1" | "v2c")).as(:arg) ( c( "security-level" enum(("none" | "authentication" | "privacy")) ( /* Security level access configuration */ c( "context-match" ( /* Type of match to perform on context-prefix */ ("exact" | "prefix") ), "read-view" arg /* View used for read access */, "write-view" arg /* View used for write access */, "notify-view" arg /* View used to notifications */ ) ) ) ) end rule(:security_option_82_type) do c( "circuit-id" ( /* Configure DHCP option 82 circuit id */ c( "prefix" ( /* Configure DHCP option 82 circuit id prefix */ c( "host-name" /* Add router host name to DHCP option-82 circuit id */, "logical-system-name" /* Add logical system name to DHCP option-82 circuit id */, "routing-instance-name" /* Add routing instance name to DHCP option-82 circuit id */ ) ), "use-interface-description" ( /* Use interface description instead of circuit identifier */ ("logical" | "device") ), "use-vlan-id" /* Use VLAN id instead of name */ ) ), "remote-id" ( /* Configure DHCP option 82 remote id */ c( "host-name" /* Add router host name to DHCP option-82 remote id */, "use-interface-description" ( /* Use interface description instead of interface name */ ("logical" | "device") ), "use-string" arg /* Use raw string instead of the default remote id */, "mac" /* Add chassis MAC Address to DHCP option-82 remote id */ ) ), "vendor-id" ( /* Configure DHCP option 82 vendor id */ c( "use-string" arg /* Use raw string instead of the default vendor id */ ) ) ) end rule(:security_pki) do c( "ca-profile" arg ( /* Certificate authority profile configuration */ c( "ca-identity" arg /* Certificate authority identifier */, "source-address" ( /* Use specified address as source address */ ipaddr /* Use specified address as source address */ ), "proxy-profile" arg /* Use specified proxy server */, "routing-instance" arg /* Use specified routing instance */, "enrollment" ( /* Enrollment parameters for certificate authority */ c( "url" arg /* Enrollment URL of certificate authority */, "retry" arg /* Number of enrollment retry attempts before aborting */, "retry-interval" arg /* Interval in seconds between the enrollment retries */ ) ), "revocation-check" ( /* Method for checking certificate revocations */ c( c( "use-crl" /* Use CRL for revocation check */, "use-ocsp" /* Use OCSP for revocation check */, "disable" /* Disable revocation check */ ), "ocsp" ( /* Online Certificate Status Protocol (OCSP) configuration */ c( "url" arg, "nonce-payload" ( /* Include nonce payload in OCSP requests */ ("enable" | "disable") ), "disable-responder-revocation-check" /* Disable OCSP responder certificate revocation check */, "accept-unknown-status" /* Accept certificates with unknown status */, "connection-failure" ( /* Actions on failure to connect to OCSP Responder */ c( c( "fallback-crl" /* Use CRL for revocation check */, "disable" /* Disable OCSP check on connection failure */ ) ) ) ) ), "crl" ( /* Certificate revocation list configuration */ c( "disable" ( sc( "on-download-failure" /* Check revocation status with existing CRL file if present, otherwise skip. This feature must be enabled for manual CRL download. */ ) ).as(:oneline), "url" arg ( c( "password" ( /* Password for authentication with the server */ unreadable /* Password for authentication with the server */ ) ) ), "refresh-interval" arg /* CRL refresh interval */ ) ) ) ), "administrator" ( /* Administrator information */ c( "email-address" arg /* Administrator e-mail to which to send certificate requests */ ) ) ) ), "trusted-ca-group" arg ( /* Trusted Certificate Authority group configuration */ c( "ca-profiles" arg /* Name of the CA profiles (maximum 20) */ ) ), "trap" ( /* Trap options for PKI certificates */ c( "certificate-id" arg ( /* Local certificate identifier */ c( arg ) ), "ca-identity" arg ( /* CA identity */ c( arg ) ), "all-certificates" ( /* Trap config for all certificates */ c( arg ) ) ) ), "auto-re-enrollment" ( /* Auto re-enroll of certificate */ c( "cmpv2" ( /* CMPv2 auto re-enrollment configuration */ c( "certificate-id" arg ( /* CMPv2 auto re-enrollment configuration for certificate-id */ c( "ca-profile-name" arg /* Name of certificate authority profile */, "re-enroll-trigger-time-percentage" arg /* Re-enrollment trigger time before expiration as percentage */, "re-generate-keypair" /* Generate new key-pair for auto-re-enrollment */ ) ) ) ), "scep" ( /* SCEP auto re-enrollment configuration */ c( "certificate-id" arg ( /* SCEP auto re-enrollment configuration for certificate-id */ c( "ca-profile-name" arg /* Name of certificate authority profile */, "re-generate-keypair" /* Generate new key-pair for auto-re-enrollment */, "re-enroll-trigger-time-percentage" arg /* Re-enrollment trigger time before expiration as percentage */, "challenge-password" ( /* Password used by CA for enrollment and revocation */ unreadable /* Password used by CA for enrollment and revocation */ ), "scep-encryption-algorithm" ( /* SCEP encryption algorithm */ c( c( "des" /* Use DES as SCEP encryption algorithm */, "des3" /* Use DES3 as SCEP encryption algorithm */ ) ) ), "scep-digest-algorithm" ( /* SCEP digest algorithm */ c( c( "md5" /* Use MD5 as SCEP digest algorithm */, "sha1" /* Use SHA1 as SCEP digest algorithm */ ) ) ) ) ) ) ), "certificate-id" arg ( /* Auto re-enrollment configuration for certificate-id */ c( "ca-profile-name" arg /* Name of certificate authority profile */, "re-generate-keypair" /* Generate new key-pair for auto-re-enrollment */, "re-enroll-trigger-time-percentage" arg /* Re-enrollment trigger time before expiration as percentage */, "challenge-password" ( /* Password used by CA for enrollment and revocation */ unreadable /* Password used by CA for enrollment and revocation */ ), "scep-encryption-algorithm" ( /* SCEP encryption algorithm */ c( c( "des" /* Use DES as SCEP encryption algorithm */, "des3" /* Use DES3 as SCEP encryption algorithm */ ) ) ), "scep-digest-algorithm" ( /* SCEP digest algorithm */ c( c( "md5" /* Use MD5 as SCEP digest algorithm */, "sha1" /* Use SHA1 as SCEP digest algorithm */ ) ) ), "validity-period" arg /* Certificate validity period in days from enrollment start date */ ) ) ) ), "traceoptions" ( /* PKI trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("certificate-verification" | "online-crl-check" | "enrollment" | "all")) /* Tracing parameters */.as(:oneline) ) ) ) end rule(:security_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "rate-limit" arg /* Limit the incoming rate of trace messages */, "filter" ( /* Filter parameters for IKE traceoptions */ c( "fpc" arg /* FPC slot number */, "pic" arg /* PIC slot number */ ) ), "flag" enum(("timer" | "routing-socket" | "parse" | "config" | "ike" | "policy-manager" | "general" | "database" | "certificates" | "snmp" | "thread" | "high-availability" | "next-hop-tunnels" | "all" | "ams" | "lic")) /* Tracing parameters */.as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ) ) end rule(:server_active_leasequery_type) do c( "timeout" arg /* Read/write timeout in seconds */, "idle-timeout" arg /* Idle-timeout in seconds */ ) end rule(:server_bulk_leasequery_type) do c( "max-connections" arg /* Max TCP connections allowed at a time */, "timeout" arg /* Timeout for blocked connection */, "max-empty-replies" arg /* Maximum number of empty replies for a connection */, "restricted-requestor" /* Allow bulk leasequery only from restricted requestors */ ) end rule(:server_group_type) do c( c( arg /* IP Address of one or more DHCP servers */ ) ) end rule(:server_leasequery_type) do c( "restricted-requestor" /* Allow leasequery only from restricted requestors */ ) end rule(:server_match_action_choice) do c( c( "forward-only" /* Forward without subscriber services */, "create-relay-entry" /* Create relay entry and allow subscriber services */ ) ) end rule(:server_match_v6_ascii_hex) do c( "ascii" arg ( /* ASCII string */ c( c( "forward-only" /* Forward without subscriber services when a match is made */, "create-relay-entry" /* Create relay entry and allow subscriber services */ ) ) ), "hexadecimal" arg ( /* Hexadecimal string */ c( c( "forward-only" /* Forward without subscriber services when a match is made */, "create-relay-entry" /* Create relay entry and allow subscriber services */ ) ) ) ) end rule(:server_v6_option_ascii_hex) do c( "ascii" arg /* ASCII string */, "hexadecimal" arg /* Hexadecimal string */ ) end rule(:service_device_object) do arg.as(:arg) ( c( "address" ( /* Service device ip address */ ipv4addr /* Service device ip address */ ), "access-domain" ( /* Subscriber access configuration */ c( "vlan-id-list" arg /* List of access VLAN identifiers */ ) ), "provisioning-method" ( /* Provisioning method configuration */ c( c( "netconf" ( /* Netconf provisioning method */ netconf_object /* Netconf provisioning method */ ) ) ) ), "dictionary" ( /* Dictionary file path */ c( filename /* Complete path with dictionary name */ ) ) ) ) end rule(:netconf_object) do c( "user-name" arg /* User name for netconf */, "password" arg /* Password for netconf */, "connection-retry-interval" arg /* Retry interval for connection establishment */, "response-timeout" arg /* Timeout for provisioning response */, "response-timeout-count" arg /* Consecutive timeout failures before taking action */, "bulk-interval" arg /* Bulked services time interval per commit */, "bulk-limit" arg /* Maximum number of bulked services per commit */, "reconfigure-bulk-limit" arg /* Maximum number of bulked services per reconfiguration */, "port" arg /* Tcp port number for netconf */ ) end rule(:service_device_pool_object) do arg.as(:arg) ( c( "interface" arg /* Service device name */ ) ) end rule(:service_interface_pool_object) do arg.as(:arg) ( c( "interface" arg /* Service interface name */ ) ) end rule(:service_point_type) do arg.as(:arg) ( c( "service-point-type" ( /* Service point type */ ("sip") ), "transport-details" ( /* IP address, port number and transport-protocols for the service-point */ sc( "port-number" arg /* Port number */, "ip-address" ( /* IP address */ ipaddr /* IP address */ ), "tcp" /* Transport protocol - TCP */, "udp" /* Transport protocol - UDP */, "fqdn" arg /* Fully Qualified Domain Name */ ) ).as(:oneline), "service-interface" ( /* Associated service interface */ interface_unit /* Associated service interface */ ), "service-policies" ( service_policies_type ), "default-media-realm" arg /* Use this realm for allocating media resources for calls initiated to/from this service-point */ ) ) end rule(:service_policies_type) do c( "new-transaction-input-policies" arg /* New transaction input policy name */, "new-transaction-output-policies" arg /* New transaction output policy name */, "new-registration-input-policies" arg /* New registration input policy name */, "new-call-usage-input-policies" arg /* New call usage input policy name */, "new-call-usage-output-policies" arg /* New call usage output policy name */ ) end rule(:service_set_ipsec_vpn_options_object) do c( "trusted-ca" arg /* List of trusted certificate authority profiles */, "local-gateway" ( /* Address and routing instance for local gateway */ sc( "routing-instance" arg /* Name of routing instance that hosts local gateway */, "interface" ( /* Interface as local gateway */ interface_unit /* Interface as local gateway */ ), "gw-interface" ( /* Interface as local gateway */ interface_unit /* Interface as local gateway */ ), ipaddr /* Local gateway address */ ) ).as(:oneline), "ike-access-profile" arg /* IKE access profile for dynamic peers */, "passive-mode-tunneling" /* No active IP packet checks before IPSec encapsulation */, "clear-dont-fragment-bit" /* Clear the do not fragment bit */, "copy-dont-fragment-bit" /* Copy the do not fragment bit */, "set-dont-fragment-bit" /* Set the do not fragment bit */, "tunnel-mtu" arg /* Maximum transmit packet size */, "no-anti-replay" /* Disable the anti-replay check */, "anti-replay-window-size" arg /* Size of the anti-replay window */, "udp-encapsulate" ( /* UDP encapsulation of IPsec data traffic */ sc( "dest-port" arg /* UDP destination port */ ) ).as(:oneline), "no-nat-traversal" /* Disable NAT traversal for this service-set even if NAT is detected */, "nat-keepalive" arg /* NAT-T keepalive interval in secs */, "no-certificate-chain-in-ike" /* Send only end-entity certificates */ ) end rule(:services_ike) do c( "proposal" ( /* Define an IKE proposal */ ike_proposal /* Define an IKE proposal */ ), "policy" ( /* Define an IKE policy */ svc_ike_policy /* Define an IKE policy */ ) ) end rule(:services_ipsec) do c( "proposal" ( /* Define an IPSec proposal */ ipsec_proposal /* Define an IPSec proposal */ ), "policy" ( /* Define an IPSec policy */ ipsec_policy /* Define an IPSec policy */ ) ) end rule(:services_pcef) do c( "traceoptions" ( /* Trace options related to PCEF */ pcef_traceoptions /* Trace options related to PCEF */ ), "event-trigger-profiles" ( /* Event trigger profiles */ c( evt_trigger_profile ) ), "flow-descriptions" ( /* PCC flow descriptions */ c( pcc_flow ) ), "pcc-action-profiles" ( /* PCC action profiles */ c( pcc_action_profile ) ), "pcc-rules" ( /* PCC rules */ c( pcc_rule ) ), "pcc-rulebases" ( /* PCC rulebases */ c( pcc_rulebase ) ), "profile" ( /* PCEF profiles */ c( pcef_profiles ) ) ) end rule(:evt_trigger_profile) do arg.as(:arg) ( c( "rat-change" /* RAT change trigger */, "sgsn-change" /* SGSN change trigger */, "plmn-change" /* PLMN change trigger */, "ip-can-change" /* IP-CAN change trigger */, "tft-change" /* TFT change trigger */, "rai-change" /* RAI change trigger */, "user-location-change" /* User location change */, "ue-timezone-change" /* UE timezone change */ ) ) end rule(:pcc_action_profile) do arg.as(:arg) ( c( "logging-rule" arg /* Policy based logging rule name */, "maximum-bit-rate" ( /* Maximum bit rate */ sc( "uplink" arg /* Maximum bit rate uplink */, "downlink" arg /* Maximum bit rate downlink */ ) ).as(:oneline), "burst-size" ( /* Burst Size */ c( "uplink" arg /* Burst size uplink */, "downlink" arg /* Burst size downlink */ ) ), "gate-status" ( /* Control gate status */ ("uplink" | "downlink" | "uplink-downlink" | "disable-both") ), "charging" ( /* Charing related configuration */ c( "rating-group" arg /* Rating group */, "service-identifier" arg /* Service identifier */, "charging-method" ( /* Charging method */ ("online" | "offline" | "both" | "none") ), "measurement-method" ( /* Charging measure method */ ("none" | "volume" | "time" | "volume-time" | "event") ), "application-function-record-info" ( /* Application function record information */ c( "af-charging-identifier" arg /* Application function charging identifier */ ) ), "service-id-level-reporting" /* Toggle service-id level reporting */ ) ), "redirect" ( /* Redirect to different destination */ c( "url" arg /* Redirect url name */ ) ), "forwarding-class" ( /* Classify packet to forwarding class */ c( arg /* Forwarding class name */ ) ), "steering" ( /* Steering information */ c( "routing-instance" ( /* Routing instance information */ sc( "uplink" arg /* Instance name uplink */, "downlink" arg /* Instance name downlink */ ) ).as(:oneline), "path" ( /* HTTP steering information */ sc( c( "ipv4-address" ( /* IPv4 address of the steering destination */ ipv4prefix /* IPv4 address of the steering destination */ ), "ipv6-address" ( /* IPv6 address of the steering destination */ ipv6prefix /* IPv6 address of the steering destination */ ) ) ) ).as(:oneline), "keep-existing-steering" /* Keep existing steering */ ) ), "hcm-profile" ( /* HCM Profile */ c( arg /* HCM Profile Name */ ) ), "monitoring-key" arg /* Usage Monitoring key */ ) ) end rule(:pcc_flow) do arg.as(:arg) ( c( "direction" ( /* PCC flow direction */ ("downlink" | "uplink" | "both") ), "protocol" arg /* PCC flow IPv4 protocol */, "local-ports" arg /* Local port or port list */, "local-port-range" ( /* Local port range */ s( "low" arg /* Lower limit of port range */, "high" arg /* Upper limit of port range */ ) ).as(:oneline), "remote-ports" arg /* Remote port or port list */, "remote-port-range" ( /* Remote port range */ s( "low" arg /* Lower limit of port range */, "high" arg /* Upper limit of port range */ ) ).as(:oneline), "remote-address" ( /* Remote address */ sc( c( "ipv4-address" ( /* IPv4 address for the flow */ ipv4prefix /* IPv4 address for the flow */ ), "ipv6-address" ( /* IPv6 address for the flow */ ipv6prefix /* IPv6 address for the flow */ ) ) ) ).as(:oneline) ) ) end rule(:pcc_rule) do arg.as(:arg) ( c( "from" ( /* Aggregate of flows using same pcc-action-profile */ c( "flows" arg /* Associate PCC Flows */, "applications" arg /* Associated application signature names */, "nested-applications" arg /* Associated nested application signature names */, "application-groups" arg /* Application Group signature names */ ) ), "then" ( /* Specified pcc-action-profile */ c( "pcc-action-profile" arg /* PCC Action profile name */ ) ) ) ) end rule(:pcc_rulebase) do arg.as(:arg) ( c( "pcc-rule" arg ( sc( "precedence" arg /* PCC rule precedence */ ) ).as(:oneline) ) ) end rule(:pcef_profiles) do arg.as(:arg) ( c( "control-byte-rating-group" arg /* Rating group id */, "unresolved-flow-action" ( /* Flow action */ ("forward" | "drop") ), "maximum-per-pdn-service-flows" ( /* Max service flows per PDN */ sc( arg /* Value */ ) ).as(:oneline), "dynamic-policy-control" ( /* Dynamic policy control */ c( "pcc-rules" ( /* PCC rules association */ c( profile_rule_assoc ) ), "pcc-rulebases" arg /* PCC rulebase association */, "diameter-profile" arg /* Diameter profile name */, "event-trigger-profile" arg /* Event trigger profile name */, "session-failover-not-supported" /* Session failover not supported */, "release" ( /* To override Gx release to R8|R9 */ ("r8" | "r9") ) ) ), "static-policy-control" ( /* Static policy control */ c( "pcc-rules" ( /* PCC rules association */ c( profile_static_rule_association ) ), "pcc-rulebases" arg ( /* PCC rulebase association */ c( "time-of-day-profile" arg /* Time of day profile name */ ) ), "activate-dedicated-bearers" arg /* Enable dedicated bearer activation on initial attach with qci */ ) ), "aaa-policy-control" ( /* AAA policy control */ c( "profile" arg /* AAA profile name */, "user-password" arg /* User password */, "pcc-rulebases" arg /* PCC rulebase association */ ) ) ) ) end rule(:pcef_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("init" | "config" | "general" | "high-availability" | "debug" | "fsm" | "tftmgr" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:profile_rule_assoc) do arg.as(:arg) ( c( "precedence" arg /* PCC rule precedence */ ) ).as(:oneline) end rule(:profile_static_rule_association) do arg.as(:arg) ( c( "precedence" arg /* PCC rule precedence */, "time-of-day-profile" arg /* Time of day profile name */, "pcc-action-profile" ( /* PCC action profile association */ sc( arg ) ).as(:oneline) ) ).as(:oneline) end rule(:sfw_addr_object) do ("any-unicast" | "any-ipv4" | "any-ipv6" | arg).as(:arg) ( c( "except" /* Match address not in this prefix */ ) ).as(:oneline) end rule(:sfw_match_object) do c( "source-address" ( /* Match IP source address */ sfw_addr_object /* Match IP source address */ ), "destination-address" ( /* Match IP destination address */ sfw_addr_object /* Match IP destination address */ ), "destination-port" ( c( c( "range" ( /* Range of ports */ sc( "low" arg /* Lower limit of port range */, "high" arg /* Upper limit of port range */ ) ).as(:oneline) ) ) ), "source-address-range" ( /* Match IP source address range */ s( "low" arg /* Lower limit of address range */, "high" arg /* Upper limit of address range */, c( "except" /* Match address not in this prefix */ ) ) ).as(:oneline), "source-prefix-list" arg ( /* One or more named lists of source prefixes to match */ sc( "except" /* Name of prefix list not to match against */ ) ).as(:oneline), "destination-address-range" ( /* Match IP destination address range */ s( "low" arg /* Lower limit of address range */, "high" arg /* Upper limit of address range */, c( "except" /* Match address not in this prefix */ ) ) ).as(:oneline), "destination-prefix-list" arg ( /* One or more named lists of destination prefixes to match */ sc( "except" /* Name of prefix list not to match against */ ) ).as(:oneline), "applications" arg /* Match one or more applications */, "application-sets" arg /* Match one or more application sets */, "application" arg ) end rule(:sfw_rule_object) do arg.as(:arg) ( c( "match-direction" ( /* Direction for which the rule match is applied */ ("input" | "output" | "input-output") ), "term" arg ( /* Define a stateful firewall term */ c( "from" ( /* Define match criteria */ sfw_match_object /* Define match criteria */ ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "accept" /* Accept the packet */, "discard" /* Discard the packet */, "reject" /* Reject the packet */ ), "allow-ip-options" ( ("any" | "strict-source-route" | "loose-source-route" | "route-record" | "timestamp" | "router-alert" | "security" | "stream-id" | arg) ), "syslog" /* System log information about the packet */, "skip-ids" /* No IDS processing will be done on a matching packet */ ) ) ) ) ) ) end rule(:sgw_config_gtp) do c( "peer-history" arg /* Maximum number of peer stats stored in history */, "interface" ( /* Interface name used for all 3GPP interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "control" ( /* Configure 3GPP GTP control plane options */ c( "interface" ( /* Interface name used for all 3GPP control interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "forwarding-class" arg /* Classification of host traffic to forwarding engine */, "n3-requests" arg /* Number of retries of GTP messages upon timeout */, "t3-response" arg /* Response timeout value for GTP request message */, "dscp-code-point" arg /* Static DSCP code point of egress host traffic */, "ttl-value" arg /* Time To Live value for GTP messages */, "ddn-delay-sync" ( /* Enable/disable downlink data notification delay sync */ ("enable" | "disable") ), "no-response-cache" /* Disable GTP response cache */, "response-cache-timeout" arg /* GTP response cache timeout interval */, "no-piggyback-support" /* Disable GTPv2 piggyback support */ ) ), "data" ( /* Configure 3GPP GTP data plane options */ c( "interface" ( /* Interface name used for all 3GPP data interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "num-gtpu-end-markers" arg /* Number of GTPU end marker pkts to be sent. range:1..10 */, "indirect-tunnel" ( /* Enable/disable indirect tunnel */ ("enable" | "disable") ), "error-indication-interval" arg /* Error indication transmit interval per bearer */ ) ), "s1u" ( /* Configure 3GPP S1U interface */ c( "interface" ( /* Interface name used for S1U data interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ) ) ), "s11" ( /* Configure 3GPP S11 interface */ c( "interface" ( /* Interface name used for S11 control interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "forwarding-class" arg /* Classification of host traffic to forwarding engine */, "n3-requests" arg /* Number of retries of GTP messages upon timeout */, "t3-response" arg /* Response timeout value for GTP request message */, "dscp-code-point" arg /* Static DSCP code point of egress host traffic */, "ttl-value" arg /* Time To Live value for GTP messages */ ) ), "s12" ( /* Configure 3GPP S12 interface */ c( "interface" ( /* Interface name used for S12 data interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ) ) ), "s4" ( /* Configure 3GPP S4 interface */ c( "interface" ( /* Interface name used */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "control" ( /* Configure 3GPP control plane options */ c( "interface" ( /* Interface name used for control interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "forwarding-class" arg /* Classification of host traffic to forwarding engine */, "n3-requests" arg /* Number of retries of GTP messages upon timeout */, "t3-response" arg /* Response timeout value for GTP request message */, "dscp-code-point" arg /* Static DSCP code point of egress host traffic */, "ttl-value" arg /* Time To Live value for GTP messages */ ) ), "data" ( /* Configure 3GPP data plane options */ c( "interface" ( /* Interface name used for data interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ) ) ) ) ), "s5" ( /* Configure 3GPP S5 interface */ c( "interface" ( /* Interface name used */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "control" ( /* Configure 3GPP control plane options */ c( "interface" ( /* Interface name used for control interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "forwarding-class" arg /* Classification of host traffic to forwarding engine */, "n3-requests" arg /* Number of retries of GTP messages upon timeout */, "t3-response" arg /* Response timeout value for GTP request message */, "dscp-code-point" arg /* Static DSCP code point of egress host traffic */, "ttl-value" arg /* Time To Live value for GTP messages */ ) ), "data" ( /* Configure 3GPP data plane options */ c( "interface" ( /* Interface name used for data interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ) ) ) ) ), "s8" ( /* Configure 3GPP S8 interface */ c( "interface" ( /* Interface name used */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "control" ( /* Configure 3GPP control plane options */ c( "interface" ( /* Interface name used for control interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ), "number-of-msgs-for-response-time" arg /* Number of msgs used for calculating peer response times */, "forwarding-class" arg /* Classification of host traffic to forwarding engine */, "n3-requests" arg /* Number of retries of GTP messages upon timeout */, "t3-response" arg /* Response timeout value for GTP request message */, "dscp-code-point" arg /* Static DSCP code point of egress host traffic */, "ttl-value" arg /* Time To Live value for GTP messages */ ) ), "data" ( /* Configure 3GPP data plane options */ c( "interface" ( /* Interface name used for data interface */ sc( interface_name /* Interface name */, "v4-address" ( /* IPv4 address if multiple addresses configured on interface */ ipv4addr /* IPv4 address if multiple addresses configured on interface */ ) ) ).as(:oneline), "echo-interval" arg /* Echo Request interval value for path management */, "path-management" ( /* Enable/disable path management */ ("enable" | "disable") ), "echo-n3-requests" arg /* Number of retries of GTP echo messages upon timeout */, "echo-t3-response" arg /* Response timeout value for GTP echo request message */, "path-failure" ( /* Enable/disable path failure */ ("enable" | "disable") ) ) ) ) ), "traceoptions" ( /* Configure trace options */ gtp_traceoptions /* Configure trace options */ ) ) end rule(:sgw_idle_mode_buffering) do c( "disable" /* Disable idle mode buffering */, "expire-timer" arg /* Expire timer */ ) end rule(:signaling_realm) do arg.as(:arg) end rule(:sip_timers_type) do c( "inactive-call" arg /* Maximum time for signaling inactivity */, "timer-c" arg /* Maximum time to wait for final response on invite */ ) end rule(:slaacd_config_type) do c( "vlans" ( /* Slaac config on vlan */ c( vlan_slaacd /* Virtual LAN configuration */ ) ), "interface" ( /* Slaac config on interface */ c( slaacd_interface /* Interface configuration */ ) ), "link-local-expiry-interval" ( /* Link local address expiry interval */ c( arg ) ), "traceoptions" ( /* Slaac Snooping trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "init" | "state" | "rtsock" | "packet" | "fsm" | "io" | "verbose" | "task" | "all")) /* Tracing parameters */.as(:oneline) ) ) ) end rule(:slaacd_interface) do (arg | "all").as(:arg) ( c( "mark-interface" ( /* Mark interface */ c( "trusted" /* Mark interface trusted */ ) ), "max-allowed-contention" ( /* Maximum allowed contention count(will be valid only for un-trusted ports) */ c( "count" arg /* Contention count */, "duration" arg /* Contention duration */ ) ), "auto-dad" ( /* Auto duplicate address detection */ c( "retries" arg /* DAD retry value */, "retrans-interval" arg /* DAD re-transmission interval */ ) ) ) ) end rule(:sm_ippool_pool) do arg.as(:arg) ( c( "service-mode" ( /* Service mode */ ("maintenance") ), "family" ( /* Address family */ c( c( "inet" ( /* IPv4 address pool configuration */ c( "network" arg ( /* Specify IPv4 network prefix */ c( "external-assigned" /* Assigned by an external authority */, "allocation-prefix-length" arg /* Size of address allocation block */, "range" arg ( /* Specify ranges within the prefix */ c( "low" ( /* Lower limit of the range */ ipv4addr /* Lower limit of the range */ ), "high" ( /* Upper limit of the range */ ipv4addr /* Upper limit of the range */ ), "external-assigned" /* Assigned by an external authority */ ) ) ) ) ) ), "inet6" ( /* IPv6 address pool configuration */ c( "network" arg ( /* Specify IPv6 network prefix */ c( "external-assigned" /* Assigned by an external authority */, "allocation-prefix-length" arg /* Size of address allocation block */, "range" arg ( /* Specify ranges within the prefix */ c( "low" ( /* Lower limit of the range */ ipv6prefix_only /* Lower limit of the range */ ), "high" ( /* Upper limit of the range */ ipv6prefix_only /* Upper limit of the range */ ), "external-assigned" /* Addresses in this range are assigned to the client by an external authority */ ) ) ) ) ) ) ) ) ), "ageing-window" arg /* Time in sec when the address should not be re-used */, "pool-prefetch-threshold" arg /* Pool usage threshold to prefetch more addresses */, "pool-snmp-trap-threshold" arg /* Pool usage threshold to generate SNMP trap */, "default-pool" /* Pool usage as one of default pools or APN(s) specific */ ) ) end rule(:sm_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("general" | "state-machine" | "mirroring" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:smid_type) do c( "traceoptions" ( /* Subscriber management trace options */ smid_traceoptions_type /* Subscriber management trace options */ ), "maintain-subscriber" ( /* Options to maintain subscriber */ smid_maintain_subscriber_type /* Options to maintain subscriber */ ), "gres-route-flush-delay" /* Delay flushing routes after RE switchover */, "enforce-strict-scale-limit-license" /* Options to enforce strict scale limit license */, "overrides" ( /* Subscriber management configuration */ c( "no-unsolicited-ra" /* Disable all unsolicited router advertisement packets */, "interfaces" ( c( "family" ( c( "inet6" ( c( "layer2-liveness-detection" /* Enabled ipv6-nud liveness detection */ ) ), "inet" ( c( "layer2-liveness-detection" /* Enabled arp-ping liveness detection */, "receive-gratuitous-arp" /* Enable receieve gratuitous arp packet processing */, "ipoe-dynamic-arp-enable" /* Enable IPOE dynamic ARP */ ) ) ) ) ) ), "shmlog" ( /* Subscriber management shmlog configuration */ c( "disable" /* Disable shmlogs */, "filtering" ( /* Subscriber management shmlog filtering */ c( "enable" /* Enable shmlog filtering */ ) ), "file" ( sc( arg, "size" arg /* Maximum file size */, "files" arg /* Maximum number of files */ ) ).as(:oneline), "log-name" (arg | "all") ( /* The log name(s) to override */ c( c( "none" /* Shmlog verbosity null */, "terse" /* Shmlog verbosity terse */, "brief" /* Shmlog verbosity brief */, "detail" /* Shmlog verbosity detail */, "extensive" /* Shmlog verbosity extensive */ ), c( "file-logging" /* Enable file write for the log(s) */, "no-file-logging" /* Disable file write for the log(s) */ ) ) ), "log-type" enum(("debug" | "info" | "notice")) ( /* The log type to override */ c( c( "none" /* Shmlog verbosity null */, "terse" /* Shmlog verbosity terse */, "brief" /* Shmlog verbosity brief */, "detail" /* Shmlog verbosity detail */, "extensive" /* Shmlog verbosity extensive */ ), c( "file-logging" /* Enable file write for the log(s) */, "no-file-logging" /* Disable file write for the log(s) */ ) ) ) ) ), "event" ( /* Event handling */ c( "catastrophic-failure" ( /* Catastrophic failure event actions */ c( "reboot" ( /* Reboot RE action */ c( "routing-engine-specifiers" ( ("master" | "standby") ) ) ) ) ) ) ) ) ), "enable" /* Enable subscriber management features */, "mode" ( /* Configure the operational role of this system (control-plane or user-plane) */ c( c( "control-plane" ( /* Control-plane mode (DBNG) */ c( "control-plane-name" arg /* Control-plane name */, "transport" ( /* Control plane transport address information */ c( "inet" ( /* The IPv4 address on which to listen for UP association */ ipv4addr /* The IPv4 address on which to listen for UP association */ ), "inet6" ( /* The IPv6 address on which to listen for UP associations */ ipv6addr /* The IPv6 address on which to listen for UP associations */ ), "port" arg /* The port on which to listen for UP associations */ ) ), "user-plane" arg ( /* User-plane definition */ c( c( "inet" ( /* The IPv4 address */ ipv4addr /* The IPv4 address */ ), "inet6" ( /* The IPv6 address */ ipv6addr /* The IPv6 address */ ) ) ) ), "pfcp" ( c( "retransmission-timer" arg /* The retransmission interval after no response from peer */, "retries" arg /* The number of retransmission attempts */, "heartbeat-interval" arg /* The time interval between successive heartbeat requests */ ) ), "external-resources" ( /* External resources */ c( "database-server" arg ( /* Database server configuration */ c( c( "inet" ( /* The IPv4 address */ ipv4addr /* The IPv4 address */ ) ), "port" arg /* The port number */ ) ) ) ) ) ), "user-plane" ( /* User-plane mode (DBNG) */ c( "user-plane-name" arg /* User-plane name */, "transport" ( c( c( "inet" ( /* Use IPv4 addressing */ ipv4addr /* Use IPv4 addressing */ ), "inet6" ( /* Use IPv6 addressing */ ipv6addr /* Use IPv6 addressing */ ) ) ) ), "pfcp" ( c( "retransmission-timer" arg /* The time interval between message re-transmissions */, "retries" arg /* The number of retransmission attempts */, "heartbeat-interval" arg /* The time interval between successive heartbeat requests */ ) ), "control-plane" ( c( "control-plane-name" arg /* Control-plane name */, "transport" ( c( c( "inet" ( /* The IPv4 address */ ipv4addr /* The IPv4 address */ ), "inet6" ( /* The IPv6 address */ ipv6addr /* The IPv6 address */ ) ), "port" arg /* The port number */ ) ) ) ), "selection-function" ( /* User-plane selection function */ c( "cluster" arg /* Cluster for user-plane */, "service-group" arg /* Service-group supported by user-plane */ ) ), "capabilities" ( /* Local capabilities control */ c( "function-features" ( /* Features to exclude from capabilities */ c( "exclude-lac" /* Exclude L2TP access concentrator feature */, "exclude-lns" /* Exclude L2TP network server feature */, "exclude-lcp-keepalive-offload" /* Exclude PPP LCP echo feature */ ) ) ) ) ) ) ) ) ), "redundancy" ( /* Interface level redundancy configuration */ c( "interface" arg ( /* One or more interfaces */ c( "virtual-inet-address" ( /* Virtual ipv4 Address for this interface (Used with GE / XE Interfaces for VRRP protocol) */ ipaddr /* Virtual ipv4 Address for this interface (Used with GE / XE Interfaces for VRRP protocol) */ ), "virtual-inet6-address" ( /* Virtual ipv6 Address for this interface (Used with GE / XE Interfaces for VRRP protocol) */ ipaddr /* Virtual ipv6 Address for this interface (Used with GE / XE Interfaces for VRRP protocol) */ ), "local-inet-address" ( /* Local ipv4 Address for this interface (Used with PS Interfaces for Pseudo-Wire protocol) */ ipaddr /* Local ipv4 Address for this interface (Used with PS Interfaces for Pseudo-Wire protocol) */ ), "local-inet6-address" ( /* Local ipv6 Address for this interface (Used with PS Interfaces for Pseudo-Wire protocol) */ ipaddr /* Local ipv6 Address for this interface (Used with PS Interfaces for Pseudo-Wire protocol) */ ), "shared-key" arg /* Shared Key for topology discovery match (Used with PS Interfaces for Pseudo-Wire protocol) */ ) ), "protocol" ( /* Underlying redundancy protocol */ c( "vrrp" /* Use vrrp as redundancy protocol */, "pseudo-wire" /* Use Pseudo Wire as redundancy protocol */ ) ), "re-authenticate-on-failover" /* Re-authenticate the subscribers on interface fail over */, "no-advertise-routes-on-backup" /* Do not advertise subscriber routes on redundancy backup */ ) ), "interfaces" arg ( /* Interface configuration */ c( "unit" arg ( /* Logical interface */ c( "pppoe-underlying-options" ( /* PPP over Ethernet underlying interface-specific options */ pppoe_underlying_options_type /* PPP over Ethernet underlying interface-specific options */ ) ) ), "auto-configure" ( /* Auto configuration */ auto_configure_vlan_type /* Auto configuration */ ) ) ) ) end rule(:smid_maintain_subscriber_type) do c( "interface-delete" /* Maintain subscriber on interface delete events */ ) end rule(:smid_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("database" | "ui" | "general" | "session-db" | "server" | "issu" | "all")) /* Subscriber management replication operations to include in debugging trace */.as(:oneline) ) end rule(:smihelperd_type) do c( "traceoptions" ( /* Subscriber management helper trace options */ smihelperd_traceoptions_type /* Subscriber management helper trace options */ ) ) end rule(:smihelperd_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("sdb" | "general" | "ui" | "snmp" | "all")) /* Subscriber management replication operations to include in debugging trace */.as(:oneline) ) end rule(:smpl_analyzer_type) do arg.as(:arg) ( c( "input" ( /* Ports and VLANs to monitor */ smpl_analyzer_input_type /* Ports and VLANs to monitor */ ), "output" ( /* Outgoing port or VLAN for mirrored packets */ smpl_analyzer_output_type /* Outgoing port or VLAN for mirrored packets */ ) ) ) end rule(:smpl_analyzer_input_type) do c( "rate" arg /* Ratio of packets to be sampled (1 out of N) */, "maximum-packet-length" arg /* Maximum length of the mirrored packet */, "ingress" ( /* Ports and VLANs to monitor incoming traffic */ smpl_analyzer_ingress_type /* Ports and VLANs to monitor incoming traffic */ ), "egress" ( /* Ports and VLANs to monitor outgoing traffic */ smpl_analyzer_egress_type /* Ports and VLANs to monitor outgoing traffic */ ) ) end rule(:smpl_analyzer_egress_type) do c( "interface" ( /* Port to monitor outgoing traffic */ analyzer_egress_interface_type /* Port to monitor outgoing traffic */ ), "routing-instance" ( /* Routing instances */ analyzer_egress_routing_instance_type /* Routing instances */ ), "vlan" ( /* VLAN to monitor outgoing traffic */ analyzer_egress_vlan_type /* VLAN to monitor outgoing traffic */ ), "bridge-domain" ( /* Bridge-domain to monitor outgoing traffic */ analyzer_egress_bridge_domain_type /* Bridge-domain to monitor outgoing traffic */ ) ) end rule(:analyzer_egress_bridge_domain_type) do arg.as(:arg) end rule(:analyzer_egress_interface_type) do (arg | "all").as(:arg) end rule(:analyzer_egress_routing_instance_type) do arg.as(:arg) ( c( "vlan" ( /* VLAN to monitor outgoing traffic */ analyzer_egress_vlan_type /* VLAN to monitor outgoing traffic */ ), "bridge-domain" ( /* Bridge-domain to monitor outgoing traffic */ analyzer_egress_bridge_domain_type /* Bridge-domain to monitor outgoing traffic */ ) ) ) end rule(:analyzer_egress_vlan_type) do arg.as(:arg) end rule(:smpl_analyzer_ingress_type) do c( "interface" ( /* Port to monitor incoming traffic */ analyzer_ingress_interface_type /* Port to monitor incoming traffic */ ), "routing-instance" ( /* Routing instances */ analyzer_ingress_routing_instance_type /* Routing instances */ ), "vlan" ( /* VLAN to monitor incoming traffic */ analyzer_ingress_vlan_type /* VLAN to monitor incoming traffic */ ), "bridge-domain" ( /* Bridge-domain to monitor incoming traffic */ analyzer_ingress_bridge_domain_type /* Bridge-domain to monitor incoming traffic */ ) ) end rule(:analyzer_ingress_bridge_domain_type) do arg.as(:arg) end rule(:analyzer_ingress_interface_type) do (arg | "all").as(:arg) end rule(:analyzer_ingress_routing_instance_type) do arg.as(:arg) ( c( "vlan" ( /* VLAN to monitor incoming traffic */ analyzer_ingress_vlan_type /* VLAN to monitor incoming traffic */ ), "bridge-domain" ( /* Bridge-domain to monitor incoming traffic */ analyzer_ingress_bridge_domain_type /* Bridge-domain to monitor incoming traffic */ ) ) ) end rule(:analyzer_ingress_vlan_type) do arg.as(:arg) end rule(:smpl_analyzer_output_type) do c( c( "interface" ( /* Outgoing port for mirrored packets */ interface_name /* Outgoing port for mirrored packets */ ), "ip-address" ( /* ERSPAN Destination IP Address */ ipv4addr /* ERSPAN Destination IP Address */ ), "ipv6-address" ( /* ERSPAN Destination IPv6 Address */ ipv6addr /* ERSPAN Destination IPv6 Address */ ), "next-hop-group" arg /* Next-hop-group through which to send port-mirror traffic */, "routing-instance" ( /* Routing instances */ output_routing_instance_type /* Routing instances */ ), "vlan" ( /* Outgoing VLAN for mirrored packets */ pm_rspan_vlan /* Outgoing VLAN for mirrored packets */ ), "bridge-domain" ( /* Outgoing bridge-domain for mirrored packets */ pm_rspan_bridge_domain /* Outgoing bridge-domain for mirrored packets */ ) ) ) end rule(:output_routing_instance_type) do arg.as(:arg) ( c( c( "ip-address" ( /* ERSPAN Destination IP Address */ ipv4addr /* ERSPAN Destination IP Address */ ), "ipv6-address" ( /* ERSPAN Destination IPv6 Address */ ipv6addr /* ERSPAN Destination IPv6 Address */ ), "vlan" ( /* Outgoing VLAN for mirrored packets */ pm_rspan_vlan /* Outgoing VLAN for mirrored packets */ ), "bridge-domain" ( /* Outgoing bridge-domain for mirrored packets */ pm_rspan_bridge_domain /* Outgoing bridge-domain for mirrored packets */ ) ) ) ) end rule(:snmp_scripts_file_type) do arg.as(:arg) ( c( "oid" arg ( /* Oid implemented by this script */ c( "priority" arg /* Registration priority */ ) ), "source" arg /* URL of source for this script */, "cert-file" arg /* Specify the certificate file name */, "routing-instance" arg /* Routing instance */, "python-script-user" arg /* Run the python snmp script with privileges of user */, "refresh" /* Refresh all snmp scripts from their source */, "refresh-from" arg /* Refresh all snmp scripts from a given base URL */, "checksum" ( /* Checksum of this script */ c( "sha-256" arg /* SHA-256 checksum of this script */ ) ) ) ) end rule(:soft_gre_tunnel_group_object) do arg.as(:arg) ( c( "source-address" ( /* Local address of tunnel */ ipaddr /* Local address of tunnel */ ), "destination-networks" ( /* Create tunnels for routes in these destination networks */ soft_gre_destination_network_object /* Create tunnels for routes in these destination networks */ ), "service-interface" ( /* Pseudowire interface to use */ interface_unit /* Pseudowire interface to use */ ), "tunnel-idle-timeout" arg /* Time to tear down tunnel when idle */, "dynamic-profile" arg /* Dynamic profile for tunnel interface */ ) ) end rule(:soft_gre_destination_network_object) do arg.as(:arg) end rule(:software_datapath_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("ager" | "commands" | "configuration" | "flow" | "init" | "ipv6-router-advertisement" | "memory" | "redundancy" | "reassembly" | "buffering" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:sonet_options_type) do c( "vtmapping" ( /* VT mapping mode */ ("klm" | "itu-t") ), "fcs" ( /* Frame checksum */ ("32" | "16") ), "path-trace" arg /* Path trace string */, "loopback" ( /* Loopback mode */ ("local" | "remote") ), "trigger" ( /* Defect triggers */ c( "lol" ( /* LOL defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before marking interface up or down for defect */ sc( "up" arg /* Delay before marking interface up when defect is absent */, "down" arg /* Delay before marking interface down when defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "pll" ( /* PLL defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before marking interface up or down for defect */ sc( "up" arg /* Delay before marking interface up when defect is absent */, "down" arg /* Delay before marking interface down when defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "lof" ( /* LOF defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before marking interface up or down for defect */ sc( "up" arg /* Delay before marking interface up when defect is absent */, "down" arg /* Delay before marking interface down when defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "los" ( /* LOS defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before marking interface up or down for defect */ sc( "up" arg /* Delay before marking interface up when defect is absent */, "down" arg /* Delay before marking interface down when defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "ais-l" ( /* AIS-L defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before marking interface up or down for defect */ sc( "up" arg /* Delay before marking interface up when defect is absent */, "down" arg /* Delay before marking interface down when defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "rfi-l" ( /* RFI-L defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before marking interface up or down for defect */ sc( "up" arg /* Delay before marking interface up when defect is absent */, "down" arg /* Delay before marking interface down when defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "ber-sd" ( /* BER-SD defect trigger */ c( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before marking interface up or down for defect */ sc( "up" arg /* Delay before marking interface up when defect is absent */, "down" arg /* Delay before marking interface down when defect occurs */ ) ).as(:oneline) ) ) ), "ber-sf" ( /* BER-SF defect trigger */ c( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before marking interface up or down for defect */ sc( "up" arg /* Delay before marking interface up when defect is absent */, "down" arg /* Delay before marking interface down when defect occurs */ ) ).as(:oneline) ) ) ), "ais-p" ( /* AIS-P defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before marking interface up or down for defect */ sc( "up" arg /* Delay before marking interface up when defect is absent */, "down" arg /* Delay before marking interface down when defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "lop-p" ( /* LOP-P defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before marking interface up or down for defect */ sc( "up" arg /* Delay before marking interface up when defect is absent */, "down" arg /* Delay before marking interface down when defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "rfi-p" ( /* RFI-P defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before marking interface up or down for defect */ sc( "up" arg /* Delay before marking interface up when defect is absent */, "down" arg /* Delay before marking interface down when defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "uneq-p" ( /* UNEQ-P defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before marking interface up or down for defect */ sc( "up" arg /* Delay before marking interface up when defect is absent */, "down" arg /* Delay before marking interface down when defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "plm-p" ( /* PLM-P defect trigger */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before marking interface up or down for defect */ sc( "up" arg /* Delay before marking interface up when defect is absent */, "down" arg /* Delay before marking interface down when defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "locd" ( /* LOCD defect trigger (ATM only) */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before marking interface up or down for defect */ sc( "up" arg /* Delay before marking interface up when defect is absent */, "down" arg /* Delay before marking interface down when defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline), "lcdp" ( /* LCD-P defect trigger (Ethernet WAN only) */ sc( c( "ignore" /* Ignore the defect */, "hold-time" ( /* Delay before marking interface up or down for defect */ sc( "up" arg /* Delay before marking interface up when defect is absent */, "down" arg /* Delay before marking interface down when defect occurs */ ) ).as(:oneline) ) ) ).as(:oneline) ) ), "aps" ( /* Automatic Protection Switching */ aps_type /* Automatic Protection Switching */ ), c( "payload-scrambler" ( /* Enable payload scrambling */ sc( arg ) ).as(:oneline), "no-payload-scrambler" /* Do not enable payload scrambling */ ), "z0-increment" /* Increment Z0 in SDH mode */, "no-z0-increment" /* Don't increment Z0 in SDH mode */, "loop-timing" /* Set loop timing for STM-1 */, "no-loop-timing" /* Don't set loop timing for STM-1 */, "bytes" ( /* Set SONET header bytes */ c( "e1-quiet" arg /* E1-quiet value */, "f1" arg /* F1 user value */, "f2" arg /* F2 user value */, "s1" arg /* S1/Z1 value (stratum clock by convention) */, "z3" arg /* Z3 user value */, "z4" arg /* Z4 user value */, "c2" arg /* C2 user value */ ) ), "rfc-2615" /* RFC 2615 compliance */, "aggregate" ( /* Join a SONET aggregate */ interface_device /* Join a SONET aggregate */ ), "mpls" ( /* MPLS options */ mpls_ifd_options /* MPLS options */ ) ) end rule(:source_class_filters) do arg.as(:arg) ( c( "family" ( /* Protocol family */ c( "inet" ( /* Protocol family IPv4 for firewall filter */ c( "filter" ( /* Packet filtering */ c( arg /* Inet Filter name */ ) ) ) ), "inet6" ( /* Protocol family IPv6 for firewall filter */ c( "filter" ( /* Packet filtering */ c( arg /* Inet6 Filter name */ ) ) ) ) ) ) ) ) end rule(:source_class_name_object) do arg.as(:arg).as(:oneline) end rule(:source_address_filter_list_items) do s( arg, c( "exact" arg /* Exactly match the prefix length */, "longer" arg /* Mask is greater than the prefix length */, "orlonger" arg /* Mask is greater than or equal to the prefix length */, "upto" arg /* Mask falls between two prefix lengths */, "through" arg /* Route falls between two prefixes */, "prefix-length-range" arg /* Mask falls between two prefix lengths */ ), c( "metric" ( /* Metric value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */, "igp" ( /* Track the IGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "minimum-igp" ( /* Track the minimum IGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "expression" ( /* Calculate value based on route metric and metric2 */ metric_expression_type /* Calculate value based on route metric and metric2 */ ), "aigp" /* Use aigp, if it exists, to set the IGP metric */, "effective-aigp" ( /* Track the effective AIGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline), "minimum-effective-aigp" ( /* Track the minimum effective AIGP metric (BGP only) */ sc( arg /* Metric offset for MED */ ) ).as(:oneline) ) ) ), "metric2" ( /* Metric value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "metric3" ( /* Metric value 3 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "metric4" ( /* Metric value 4 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "tag" ( /* Tag string */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "tag2" ( /* Tag string 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "preference" ( /* Preference value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "preference2" ( /* Preference value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "color" ( /* Color (preference) value */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "color2" ( /* Color (preference) value 2 */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "local-preference" ( /* Local preference associated with a route */ c( c( arg, "add" arg /* Add constant to attribute */, "subtract" arg /* Subtract constant from attribute */ ) ) ), "priority" ( /* Set priority for route installation */ ("high" | "medium" | "low") ), "prefix-segment" ( /* Set prefix segment attributes */ c( "algorithm" arg ( /* Set prefix segment attributes for strict/flex algorithm */ sc( "index" arg /* Set prefix segment index id */, "node-segment" /* Set node segment flag for this prefix segment */ ) ).as(:oneline), "index" arg /* Set prefix segment index id */, "node-segment" /* Set node segment flag for default prefix segment */ ) ), "label-allocation" ( /* Set label allocation mode */ ("per-table" | "per-nexthop" | "per-table-localize") ), "add-path" ( /* Set BGP add-path attributes */ sc( "send-count" arg /* Number of add-paths sent */ ) ).as(:oneline), "validation-state" ( /* Set validation-state of a route */ ("valid" | "invalid" | "unknown") ), "origin" ( /* BGP path origin */ ("igp" | "egp" | "incomplete") ), "aigp-originate" ( /* Originate a BGP AIGP attribute */ sc( "distance" arg /* AIGP distance */ ) ).as(:oneline), "aigp-adjust" ( /* Adjust a BGP AIGP attribute */ sc( c( "add", "subtract", "multiply", "divide" ), c( arg /* Adjustment value */, "distance-to-protocol-nexthop" /* Metric2 */ ) ) ).as(:oneline), "community" ( /* BGP community properties associated with a route */ s( c( "equal-literal" arg /* Set the BGP communities in the route */, "set" arg /* Set the BGP communities in the route */, "plus-literal" arg /* Add BGP communities to the route */, "add" arg /* Add BGP communities to the route */, "minus-literal" arg /* Remove BGP communities from the route */, "delete" arg /* Remove BGP communities from the route */ ), arg ) ).as(:oneline), "tunnel-attribute" ( /* BGP tunnel attribute associated with a route */ s( c( "set" arg /* Set BGP tunnel attribute in the route */, "remove" arg /* Remove BGP tunnel attribute from the route */ ), arg ) ).as(:oneline), "damping" arg /* Define BGP route flap damping parameters */, "aggregate-bandwidth" /* Advertise aggregate outbound link bandwidth */, "limit-bandwidth" arg /* Limit advertised aggregate outbound link bandwidth */, "no-entropy-label-capability" /* Don't advertise entropy label capability */, "as-path-prepend" arg /* Prepend AS numbers to an AS path (BGP only) */, "as-path-expand" ( /* Prepend AS numbers prior to adding local-as (BGP only) */ sc( c( "last-as" ( /* Prepend last AS */ sc( "count" arg /* Repeat count */ ) ).as(:oneline), arg /* AS path string */ ) ) ).as(:oneline), "next-hop" ( /* Set the address of the next-hop router */ sc( c( "self" /* Use a local address as the next-hop address */, "peer-address" /* Use the remote peer address as the next-hop address */, "reject" /* Use a reject next hop */, "discard" /* Use a discard next hop */, "next-table" arg /* Perform a forwarding lookup in the specified table */, ipaddr /* Next-hop address */ ) ) ).as(:oneline), "install-nexthop" ( /* Choose the next hop to be used for forwarding */ sc( c( "strict" /* Do not use any other available next hops */, "strict-named-lsp" /* Do not use any other non-lsp next hops */ ), c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "fallback" ( /* Backup option */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ) ) ) ) ) ) ), "fallback" ( /* Backup option */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ), "except" ( /* Do not choose to install matching next hops */ c( c( "lsp" arg /* Next-hop LSP name */, "lsp-regex" arg /* Next-hop LSP name regular expression */, "static-lsp" arg /* Next-hop static LSP name */, "static-lsp-regex" arg /* Next-hop static LSP name regular expression */, "non-lsp-nexthop" /* Next-hop with non-lsp */, "non-labelled-nexthop" /* Next-hop without tag */ ) ) ) ) ) ) ).as(:oneline), "trace" /* Log matches to a trace file */, "external" ( /* External route */ c( "type" arg /* OSPF external metric type */, "nssa-only" /* Clear P-bit on lsa type 7 */ ) ), "load-balance" ( /* Type of load balancing in forwarding table */ sc( c( "per-packet" /* Load balance on a per-packet basis */, "random" /* Load balance using packet random spray */, "per-prefix" /* Load balance on a per-prefix basis */, "consistent-hash" /* Give a prefix consistent load-balancing */, "source-ip-only" /* Give a source based ip load-balancing */, "destination-ip-only" /* Give a destination based ip load-balancing */ ) ) ).as(:oneline), "no-route-localize" /* Force route install on all fib-remote PFEs */, "install-to-fib" /* Install route to fib */, "no-install-to-fib" /* Don't install route to fib */, "analyze" /* Send to registered controllers for analysis */, "class" arg /* Set class-of-service parameters */, "destination-class" arg /* Set destination class in forwarding table */, "source-class" arg /* Set source class in forwarding table */, "forwarding-class" arg /* Set source or destination class in forwarding table */, "map-to-interface" ( /* Set output logical interface */ sc( c( "self" /* Map the interface to itself */, interface_name /* Output logical interface */ ) ) ).as(:oneline), "ssm-source" ( /* List of Sources for SSM mapping */ ipaddr /* List of Sources for SSM mapping */ ), "p2mp-lsp-root" ( /* P2mp lsp root address */ c( "address" ( /* Ipv4 root address */ ipv4addr /* Ipv4 root address */ ) ) ), "cos-next-hop-map" arg /* Set CoS-based next-hop map in forwarding table */, "dynamic-tunnel-attributes" arg /* Choose the dynamic tunnel attributes used for forwarding */, "tunnel-end-point-address" ( /* Set tunnel end-point address of tunnel */ ipaddr /* Set tunnel end-point address of tunnel */ ), "selected-mldp-egress" /* This node should act as egress node for MLDP inband signalling */, "mhop-bfd-port" /* Use port number 4784 for MPLS-BFD as per RFC5884 */, "no-backup" /* This prefix should not have backup */, "default-action" ( /* Set default policy action */ ("accept" | "reject") ), "next" ( /* Skip to next policy or term */ ("policy" | "term") ), c( "accept" /* Accept a route */, "reject" /* Reject a route */ ), "bgp-output-queue-priority" ( /* Set the BGP Update output queue priority. */ sc( c( "priority" arg /* Output queue priority; higher is better */, "expedited" /* Expedited queue; highest priority */ ) ) ).as(:oneline), "multipath-resolve" /* Use all paths for resolution over this prefix */, "source-routing-path-template" arg /* Spring-te template to apply */, "label-allocation-fallback-reject" /* Suppress prefix export when label allocation fails */, "resolution-map" arg /* Set resolution map modes */, "ignore-service-label" /* Ignore service labels */, "request-long-lived-ack" /* Advertise route after forwarding is programmed */, "send-withdrawal-on-route-change" /* Withdraw route if change is not acked from forwarding */ ) ) end rule(:spring_te_template_map) do arg.as(:arg) ( c( c( "color" arg /* Set of color list to be mapped to corresponding SPRING-TE template */, "color-any" /* Map any color to corresponding SPRING-TE template */ ) ) ) end rule(:springte_lsp_nh_obj) do c( arg, "lsp-source" ( /* Source of tunnel creation */ c( c( "pcep" /* Path computation element protocol */, "static" /* Static configuration */, "dtm" /* Dynamic tunnel module */, "bgp" /* BGP SRTE */ ) ) ) ) end rule(:srd_ev_action_object) do c( c( "acquire-mastership" /* Attempt to acquire mastership */, "release-mastership" /* Attempt to release mastership */, "release-mastership-force" /* Attempt to release mastership */, "release-mastership-if-standby-clear" /* Attempt to release mastership if standby has no warning */, "broadcast-warning" /* Attempt to release mastership */ ), "add-static-route" ( /* Add a static route in the specified routing table */ srd_route_add_object /* Add a static route in the specified routing table */ ), "delete-static-route" ( /* Delete a static route in the specified routing table */ srd_route_delete_object /* Delete a static route in the specified routing table */ ) ) end rule(:srd_events_object) do arg.as(:arg) ( c( "monitor" ( /* Interfaces to be tracked */ c( "link-down" arg /* Interfaces to be monitored for link-down events */, "process" ( /* Processes related events */ c( "routing" ( /* Routing process related events */ c( "restart" /* Routing protocol restart event */, "abort" /* Routing protocol abort event */ ) ) ) ), "peer" ( /* Events from remote peers */ c( c( "mastership-release" /* Received mastership-release message from peer */, "mastership-acquire" /* Received mastership-acquire message from peer */ ) ) ) ) ) ) ) end rule(:srd_route_add_object) do arg.as(:arg) ( c( c( "next-hop" arg /* Next-hop (interface) to destination */, "receive" /* Install a receive route for the destination */ ), "routing-instance" arg /* Routing instance where the route should be added */ ) ) end rule(:srd_route_delete_object) do arg.as(:arg) ( c( "routing-instance" arg /* Routing instance where the route should be added */ ) ) end rule(:srd_rs_id_object) do arg.as(:arg) ( c( "redundancy-group" arg /* Name of redundancy-group */, "redundancy-policy" arg /* Redundancy-policy list */, "keepalive" arg /* Frequency of SRD hello messages */, "hold-time" arg /* Time before SRD peer is declared down */, "healthcheck-timer-interval" arg /* Healthcheck timer interval */ ) ) end rule(:srd_traceoptions_object) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("config" | "connect" | "route" | "ssd" | "snmp" | "system" | "opcmd" | "state-machine" | "kcom" | "database" | "swithover" | "stateful-sync" | "redundancy-group" | "all")) /* Tracing flag parameters */.as(:oneline) ) end rule(:ssd_traceoptions_type) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("infrastructure" | "server" | "routing-instance" | "client-management" | "interfaces-management" | "route-management" | "nexthop-management" | "firewall-management" | "nexthop-group-management" | "cli" | "cfg" | "all")) /* Area of sdk-service daemon to enable debugging output */.as(:oneline) ) end rule(:ssl_initiation_config) do c( "profile" arg ( /* SSL client profile */ c( "enable-flow-tracing" /* Enable flow tracing for the profile */, "protocol-version" ( /* Protocol SSL version accepted */ ("all" | "ssl3" | "tls1" | "tls11" | "tls12" | "tls13" | "tls12-and-lower") ), "preferred-ciphers" ( /* Select preferred ciphers */ ("strong" | "medium" | "weak" | "custom") ), "custom-ciphers" ( /* Custom cipher list */ ("tls12-rsa-aes-128-cbc-sha" | "tls12-rsa-aes-256-cbc-sha" | "tls12-rsa-aes-256-gcm-sha384" | "tls12-rsa-aes-256-cbc-sha256" | "tls12-rsa-aes-128-gcm-sha256" | "tls12-rsa-aes-128-cbc-sha256" | "tls12-ecdhe-rsa-aes-256-gcm-sha384" | "tls12-ecdhe-rsa-aes-256-cbc-sha" | "tls12-ecdhe-rsa-aes-256-cbc-sha384" | "tls12-ecdhe-rsa-3des-ede-cbc-sha" | "tls12-ecdhe-rsa-aes-128-gcm-sha256" | "tls12-ecdhe-rsa-aes-128-cbc-sha" | "tls12-ecdhe-rsa-aes-128-cbc-sha256" | "tls12-ecdhe-ecdsa-aes-256-gcm-sha384" | "tls12-ecdhe-ecdsa-aes-256-cbc-sha" | "tls12-ecdhe-ecdsa-aes-256-cbc-sha384" | "tls12-ecdhe-ecdsa-aes-128-gcm-sha256" | "tls12-ecdhe-ecdsa-aes-128-cbc-sha" | "tls12-ecdhe-ecdsa-aes-128-cbc-sha256" | "tls12-ecdhe-ecdsa-3des-ede-cbc-sha" | "tls13-with-aes-256-gcm-sha384" | "tls13-with-aes-128-gcm-sha256" | "tls13-with-chacha20-poly1305-sha256" | "tls13-with-aes-128-ccm-sha256" | "tls13-with-aes-128-ccm8-sha256" | "rsa-with-rc4-128-md5" | "rsa-with-rc4-128-sha" | "rsa-with-des-cbc-sha" | "rsa-with-3des-ede-cbc-sha" | "rsa-with-aes-128-cbc-sha" | "rsa-with-aes-256-cbc-sha" | "rsa-export-with-rc4-40-md5" | "rsa-export-with-des40-cbc-sha" | "rsa-export1024-with-des-cbc-sha" | "rsa-export1024-with-rc4-56-md5" | "rsa-export1024-with-rc4-56-sha" | "rsa-with-aes-256-gcm-sha384" | "rsa-with-aes-256-cbc-sha256" | "rsa-with-aes-128-gcm-sha256" | "rsa-with-aes-128-cbc-sha256" | "ecdhe-rsa-with-aes-256-gcm-sha384" | "ecdhe-rsa-with-aes-256-cbc-sha" | "ecdhe-rsa-with-aes-256-cbc-sha384" | "ecdhe-rsa-with-3des-ede-cbc-sha" | "ecdhe-rsa-with-aes-128-gcm-sha256" | "ecdhe-rsa-with-aes-128-cbc-sha" | "ecdhe-rsa-with-aes-128-cbc-sha256" | "ecdhe-ecdsa-with-aes-256-gcm-sha384" | "ecdhe-ecdsa-with-aes-256-cbc-sha" | "ecdhe-ecdsa-with-aes-256-cbc-sha384" | "ecdhe-ecdsa-with-aes-128-gcm-sha256" | "ecdhe-ecdsa-with-aes-128-cbc-sha" | "ecdhe-ecdsa-with-aes-128-cbc-sha256" | "ecdhe-ecdsa-with-3des-ede-cbc-sha" | "dhe-rsa-with-aes-256-gcm-sha384" | "dhe-rsa-with-aes-256-cbc-sha" | "dhe-rsa-with-aes-256-cbc-sha256" | "dhe-rsa-with-3des-ede-cbc-sha" | "dhe-rsa-with-aes-128-gcm-sha256" | "dhe-rsa-with-aes-128-cbc-sha" | "dhe-rsa-with-aes-128-cbc-sha256") ), "enable-session-cache" /* Enable SSL session cache */, "trusted-ca" ( /* List of trusted certificate authority profiles */ ("all" | arg) ), "client-certificate" arg /* Local certificate identifier */, "actions" ( /* Traffic related actions */ c( "ignore-server-auth-failure" /* Ignore server authentication failure */, "crl" ( /* Certificate Revocation actions. */ c( "disable" /* Disable CRL validation. */, "if-not-present" ( /* Action if CRL information is not present. */ ("allow" | "drop") ), "ignore-hold-instruction-code" /* Ignore 'Hold Instruction Code' present in the CRL entry. */ ) ), "unsupported-cipher-on-hw" ( /* Unsupported cipher processing on hardware mode */ ("drop" | "software-inspection") ) ) ) ) ) ) end rule(:ssl_proxy_config) do c( "global-config" ( /* Global proxy configuration */ c( "session-cache-timeout" arg /* Session cache timeout */, "disable-cert-cache" /* Disable proxy mode certificate cache */, "certificate-cache-timeout" arg /* Certificate cache timeout */, "invalidate-cache-on-crl-update" /* Invalidate certificate cache on crl update */, "cache-usage-enforcement-threshold" arg /* Percentage of total cache size after which per lsys limits will be enforced */, "disable-deferred-profile-selection" /* Disable the deferred profile selection mechanism */ ) ), "profile" arg ( /* SSL Proxy profile */ c( "enable-flow-tracing" /* Enable flow tracing for the profile */, "protocol-version" ( /* Protocol SSL version accepted */ ("all" | "ssl3" | "tls1" | "tls11" | "tls12" | "tls13" | "tls12-and-lower") ), "preferred-ciphers" ( /* Select preferred ciphers */ ("strong" | "medium" | "weak" | "custom") ), "custom-ciphers" ( /* Custom cipher list */ ("tls12-rsa-aes-128-cbc-sha" | "tls12-rsa-aes-256-cbc-sha" | "tls12-rsa-aes-256-gcm-sha384" | "tls12-rsa-aes-256-cbc-sha256" | "tls12-rsa-aes-128-gcm-sha256" | "tls12-rsa-aes-128-cbc-sha256" | "tls12-ecdhe-rsa-aes-256-gcm-sha384" | "tls12-ecdhe-rsa-aes-256-cbc-sha" | "tls12-ecdhe-rsa-aes-256-cbc-sha384" | "tls12-ecdhe-rsa-3des-ede-cbc-sha" | "tls12-ecdhe-rsa-aes-128-gcm-sha256" | "tls12-ecdhe-rsa-aes-128-cbc-sha" | "tls12-ecdhe-rsa-aes-128-cbc-sha256" | "tls12-ecdhe-ecdsa-aes-256-gcm-sha384" | "tls12-ecdhe-ecdsa-aes-256-cbc-sha" | "tls12-ecdhe-ecdsa-aes-256-cbc-sha384" | "tls12-ecdhe-ecdsa-aes-128-gcm-sha256" | "tls12-ecdhe-ecdsa-aes-128-cbc-sha" | "tls12-ecdhe-ecdsa-aes-128-cbc-sha256" | "tls12-ecdhe-ecdsa-3des-ede-cbc-sha" | "tls13-with-aes-256-gcm-sha384" | "tls13-with-aes-128-gcm-sha256" | "tls13-with-chacha20-poly1305-sha256" | "tls13-with-aes-128-ccm-sha256" | "tls13-with-aes-128-ccm8-sha256" | "rsa-with-rc4-128-md5" | "rsa-with-rc4-128-sha" | "rsa-with-des-cbc-sha" | "rsa-with-3des-ede-cbc-sha" | "rsa-with-aes-128-cbc-sha" | "rsa-with-aes-256-cbc-sha" | "rsa-export-with-rc4-40-md5" | "rsa-export-with-des40-cbc-sha" | "rsa-export1024-with-des-cbc-sha" | "rsa-export1024-with-rc4-56-md5" | "rsa-export1024-with-rc4-56-sha" | "rsa-with-aes-256-gcm-sha384" | "rsa-with-aes-256-cbc-sha256" | "rsa-with-aes-128-gcm-sha256" | "rsa-with-aes-128-cbc-sha256" | "ecdhe-rsa-with-aes-256-gcm-sha384" | "ecdhe-rsa-with-aes-256-cbc-sha" | "ecdhe-rsa-with-aes-256-cbc-sha384" | "ecdhe-rsa-with-3des-ede-cbc-sha" | "ecdhe-rsa-with-aes-128-gcm-sha256" | "ecdhe-rsa-with-aes-128-cbc-sha" | "ecdhe-rsa-with-aes-128-cbc-sha256" | "ecdhe-ecdsa-with-aes-256-gcm-sha384" | "ecdhe-ecdsa-with-aes-256-cbc-sha" | "ecdhe-ecdsa-with-aes-256-cbc-sha384" | "ecdhe-ecdsa-with-aes-128-gcm-sha256" | "ecdhe-ecdsa-with-aes-128-cbc-sha" | "ecdhe-ecdsa-with-aes-128-cbc-sha256" | "ecdhe-ecdsa-with-3des-ede-cbc-sha" | "dhe-rsa-with-aes-256-gcm-sha384" | "dhe-rsa-with-aes-256-cbc-sha" | "dhe-rsa-with-aes-256-cbc-sha256" | "dhe-rsa-with-3des-ede-cbc-sha" | "dhe-rsa-with-aes-128-gcm-sha256" | "dhe-rsa-with-aes-128-cbc-sha" | "dhe-rsa-with-aes-128-cbc-sha256") ), "enable-session-cache" /* Enable SSL session cache */, "trusted-ca" ( /* List of trusted certificate authority profiles */ ("all" | arg) ), c( "root-ca" arg /* Root certificate for interdicting server certificates in proxy mode */, "server-certificate" arg /* Local certificate identifier */ ), "mirror-decrypt-traffic" ( /* Configure mirror interface and Destination MAC address */ c( "interface" ( /* Interface on which SSL decrypted traffic is mirrored */ interface_name /* Interface on which SSL decrypted traffic is mirrored */ ), "destination-mac-address" ( /* Mac address of host/server to which decrypted traffic is mirrored */ mac_addr /* Mac address of host/server to which decrypted traffic is mirrored */ ), "only-after-security-policies-enforcement" /* Enables decrypted Traffic mirroring after policy enforcement */ ) ), "whitelist" arg /* Addresses exempted from SSL Proxy */, "whitelist-url-categories" arg, "actions" ( /* Logging and traffic related actions */ c( "ignore-server-auth-failure" /* Ignore server authentication failure */, "log" ( /* Logging actions */ c( "all" /* Log all events */, "sessions-dropped" /* Log only ssl session drop events */, "sessions-allowed" /* Log ssl session allow events after an error */, "sessions-ignored" /* Log session ignore events */, "sessions-whitelisted" /* Log ssl session whitelist events */, "errors" /* Log all error events */, "warning" /* Log all warning events */, "info" /* Log all information events */ ) ), "crl" ( /* Certificate Revocation actions. */ c( "disable" /* Disable CRL validation. */, "if-not-present" ( /* Action if CRL information is not present. */ ("allow" | "drop") ), "ignore-hold-instruction-code" /* Ignore 'Hold Instruction Code' present in the CRL entry. */ ) ), "renegotiation" ( /* Renegotiation options */ ("allow" | "allow-secure" | "drop") ), "disable-session-resumption" /* Disable session resumption */, "unsupported-cipher-on-hw" ( /* Unsupported cipher processing on hardware mode */ ("drop" | "software-inspection") ), "allow-strong-certificate" /* Certificate till 4K key-size processing on standalone SRX300/SRX320 platform */ ) ), "disable-deferred-profile-selection" /* Disable the deferred profile selection mechanism at profile level */ ) ) ) end rule(:ssl_termination_config) do c( "profile" arg ( /* SSL server profile */ c( "enable-flow-tracing" /* Enable flow tracing for the profile */, "protocol-version" ( /* Protocol SSL version accepted */ ("all" | "ssl3" | "tls1" | "tls11" | "tls12" | "tls13" | "tls12-and-lower") ), "preferred-ciphers" ( /* Select preferred ciphers */ ("strong" | "medium" | "weak" | "custom") ), "custom-ciphers" ( /* Custom cipher list */ ("tls12-rsa-aes-128-cbc-sha" | "tls12-rsa-aes-256-cbc-sha" | "tls12-rsa-aes-256-gcm-sha384" | "tls12-rsa-aes-256-cbc-sha256" | "tls12-rsa-aes-128-gcm-sha256" | "tls12-rsa-aes-128-cbc-sha256" | "tls12-ecdhe-rsa-aes-256-gcm-sha384" | "tls12-ecdhe-rsa-aes-256-cbc-sha" | "tls12-ecdhe-rsa-aes-256-cbc-sha384" | "tls12-ecdhe-rsa-3des-ede-cbc-sha" | "tls12-ecdhe-rsa-aes-128-gcm-sha256" | "tls12-ecdhe-rsa-aes-128-cbc-sha" | "tls12-ecdhe-rsa-aes-128-cbc-sha256" | "tls12-ecdhe-ecdsa-aes-256-gcm-sha384" | "tls12-ecdhe-ecdsa-aes-256-cbc-sha" | "tls12-ecdhe-ecdsa-aes-256-cbc-sha384" | "tls12-ecdhe-ecdsa-aes-128-gcm-sha256" | "tls12-ecdhe-ecdsa-aes-128-cbc-sha" | "tls12-ecdhe-ecdsa-aes-128-cbc-sha256" | "tls12-ecdhe-ecdsa-3des-ede-cbc-sha" | "tls13-with-aes-256-gcm-sha384" | "tls13-with-aes-128-gcm-sha256" | "tls13-with-chacha20-poly1305-sha256" | "tls13-with-aes-128-ccm-sha256" | "tls13-with-aes-128-ccm8-sha256" | "rsa-with-rc4-128-md5" | "rsa-with-rc4-128-sha" | "rsa-with-des-cbc-sha" | "rsa-with-3des-ede-cbc-sha" | "rsa-with-aes-128-cbc-sha" | "rsa-with-aes-256-cbc-sha" | "rsa-export-with-rc4-40-md5" | "rsa-export-with-des40-cbc-sha" | "rsa-export1024-with-des-cbc-sha" | "rsa-export1024-with-rc4-56-md5" | "rsa-export1024-with-rc4-56-sha" | "rsa-with-aes-256-gcm-sha384" | "rsa-with-aes-256-cbc-sha256" | "rsa-with-aes-128-gcm-sha256" | "rsa-with-aes-128-cbc-sha256" | "ecdhe-rsa-with-aes-256-gcm-sha384" | "ecdhe-rsa-with-aes-256-cbc-sha" | "ecdhe-rsa-with-aes-256-cbc-sha384" | "ecdhe-rsa-with-3des-ede-cbc-sha" | "ecdhe-rsa-with-aes-128-gcm-sha256" | "ecdhe-rsa-with-aes-128-cbc-sha" | "ecdhe-rsa-with-aes-128-cbc-sha256" | "ecdhe-ecdsa-with-aes-256-gcm-sha384" | "ecdhe-ecdsa-with-aes-256-cbc-sha" | "ecdhe-ecdsa-with-aes-256-cbc-sha384" | "ecdhe-ecdsa-with-aes-128-gcm-sha256" | "ecdhe-ecdsa-with-aes-128-cbc-sha" | "ecdhe-ecdsa-with-aes-128-cbc-sha256" | "ecdhe-ecdsa-with-3des-ede-cbc-sha" | "dhe-rsa-with-aes-256-gcm-sha384" | "dhe-rsa-with-aes-256-cbc-sha" | "dhe-rsa-with-aes-256-cbc-sha256" | "dhe-rsa-with-3des-ede-cbc-sha" | "dhe-rsa-with-aes-128-gcm-sha256" | "dhe-rsa-with-aes-128-cbc-sha" | "dhe-rsa-with-aes-128-cbc-sha256") ), "enable-session-cache" /* Enable SSL session cache */, "trusted-ca" ( /* List of trusted certificate authority profiles */ ("all" | arg) ), "server-certificate" arg /* Local certificate identifier */ ) ) ) end rule(:ssl_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("brief" | "detail" | "extensive" | "verbose") ), "flag" enum(("cli-configuration" | "termination" | "initiation" | "proxy" | "selected-profile" | "all")) /* Tracing parameters */.as(:oneline), "packet-filter" ( /* SSL Packet filter */ c( "source-ip" ( /* Source IP address */ ipaddr /* Source IP address */ ), "destination-ip" ( /* Destination IP address */ ipaddr /* Destination IP address */ ), "source-port" arg /* Source port */, "destination-port" arg /* Destination port */ ) ) ) end rule(:stp_interface) do (arg | "all").as(:arg) ( c( "priority" arg /* Interface priority (in increments of 16 - 0,16,..240) */, "cost" arg /* Cost of the interface */, "mode" ( /* Interface mode (P2P or shared) */ ("point-to-point" | "shared") ), "edge" /* Port is an edge port */, "access-trunk" /* Send/Receive untagged RSTP BPDUs on this interface */, "bpdu-timeout-action" ( /* Define action on BPDU expiry (Loop Protect) */ c( "block" /* Block the interface */, "alarm" /* Generate an alarm */ ) ), "no-root-port" /* Do not allow the interface to become root (Root Protect) */, "disable" /* Disable Spanning Tree on port */ ) ) end rule(:stp_trace_options) do c( "file" ( /* Trace file options */ sc( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "flag" enum(("events" | "bpdu" | "timers" | "port-information-state-machine" | "port-receive-state-machine" | "port-role-select-state-machine" | "port-role-transit-state-machine" | "port-state-transit-state-machine" | "port-migration-state-machine" | "port-transmit-state-machine" | "topology-change-state-machine" | "bridge-detection-state-machine" | "state-machine-variables" | "ppmd" | "all-failures" | "all")) ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) end rule(:subscription_type) do c( arg /* Link bandwidth percentage for RSVP reservation */, "ct0" arg /* Subscription percentage for traffic class 0 */, "ct1" arg /* Subscription percentage for traffic class 1 */, "ct2" arg /* Subscription percentage for traffic class 2 */, "ct3" arg /* Subscription percentage for traffic class 3 */, "priority" ( /* Subscription percentage for a specific priority */ s( arg, c( "percent" arg /* Subscription percent for the specific priority */ ) ) ) ) end rule(:svc_ike_policy) do arg.as(:arg) ( c( "description" arg /* Text description of IKE policy */, "mode" ( /* Define the IKE first phase mode */ ("main" | "aggressive") ), "version" ( /* Define the IKE version to use for the negotiation */ ("1" | "2") ), "proposals" arg, "local-id" ( /* Define local identification */ sc( c( "ipv4_addr" ( /* One or more IPv4 address identification values */ ipv4addr /* One or more IPv4 address identification values */ ), "distinguished-name" /* Use a distinguished name specified in local certificate */, "fqdn" arg /* One or more fully qualified domain name values */, "key-id" arg /* One or more key ID identification values */, "ipv6-addr" ( /* One or more IPv6 address identification values */ ipv6addr /* One or more IPv6 address identification values */ ) ) ) ).as(:oneline), "certificate-policy-oids" arg /* Allowed certificate policy object identifiers (maximum 5) */, "local-certificate" arg /* Local certificate identifier */, "peer-certificate-type" ( /* Preferred type of certificate from peer */ ("pkcs7" | "x509-signature") ), "remote-id" ( /* Define remote identification */ c( "any-remote-id" /* Allow any remote ID */, "ipv4_addr" ( /* One or more IPv4 address identification values */ ipv4addr /* One or more IPv4 address identification values */ ), "distinguished-name" ( /* One or more distinguished name values */ c( "container" arg /* One or more distinguished name container string */, "wildcard" arg /* One or more distinguished name wildcard string */, "exact-match" arg /* One or more distinguished name to do full length exact match */ ) ), "fqdn" arg /* One or more fully qualified domain name values */, "key-id" arg /* One or more key ID identification values */, "ipv6-addr" ( /* One or more IPv6 address identification values */ ipv6addr /* One or more IPv6 address identification values */ ) ) ), "pre-shared-key" ( /* Define a preshared key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline), "respond-bad-spi" ( /* Respond to IPSec packets with bad SPI values */ sc( arg ) ).as(:oneline) ) ) end rule(:sw_rule_object) do arg.as(:arg) ( c( "match-direction" ( /* Direction for which the rule match is applied */ ("input" | "output") ), "term" arg ( /* Define a softwire term */ c( "then" ( /* Action to take if the 'from' condition is matched */ c( c( "ds-lite" arg /* Apply DS-Lite softwire */, "v6rd" arg /* Apply 6rd softwire */, "map-e" arg /* Apply map-e softwire */ ) ) ) ) ) ) ) end rule(:syslog_object) do enum(("any" | "authorization" | "daemon" | "ftp" | "ntp" | "security" | "kernel" | "user" | "dfc" | "external" | "firewall" | "pfe" | "conflict-log" | "change-log" | "interactive-commands")).as(:arg) ( c( c( "any" /* All levels */, "emergency" /* Panic conditions */, "alert" /* Conditions that should be corrected immediately */, "critical" /* Critical conditions */, "error" /* Error conditions */, "warning" /* Warning messages */, "notice" /* Conditions that should be handled specially */, "info" /* Informational messages */, "none" /* No messages */ ) ) ).as(:oneline) end rule(:system_id_ip_map) do arg.as(:arg) ( c( "ip-address" ( /* Peer ID (IP Address) */ ipv4prefix /* Peer ID (IP Address) */ ) ) ) end rule(:tacplus_server_object) do arg.as(:arg) ( c( "routing-instance" arg /* Routing instance */, "port" arg /* TACACS+ authentication server port number */, "secret" ( /* Shared secret with the authentication server */ unreadable /* Shared secret with the authentication server */ ), "timeout" arg /* Request timeout period */, "single-connection" /* Optimize TCP connection attempts */, "source-address" ( /* Use specified address as source address */ hostname /* Use specified address as source address */ ) ) ) end rule(:tdir_netmon_object) do c( "traceoptions" ( /* Net Monitoring trace options */ tdir_netmon_traceoptions_object /* Net Monitoring trace options */ ), "profile" ( /* Network monitoring probe profile configuration */ tdir_netmon_profile_object /* Network monitoring probe profile configuration */ ), "source-interface" ( /* Network monitoring probe sending interface */ tdir_netmon_src_iface /* Network monitoring probe sending interface */ ) ) end rule(:tdir_netmon_profile_object) do arg.as(:arg) ( c( c( "http" ( /* HTTP probe options */ tdir_http_probe_object /* HTTP probe options */ ), "icmp" /* ICMP probe options */, "tcp" ( /* TCP probe options */ tdir_tcp_probe_object /* TCP probe options */ ), "ssl-hello" ( /* SSL hello probe options */ tdir_ssl_hello_probe_object /* SSL hello probe options */ ), "custom" ( /* Custom probe options */ tdir_netmon_custom_probe_object /* Custom probe options */ ) ), "probe-interval" arg /* Probe interval */, "failure-retries" arg /* Probe failure retries */, "recovery-retries" arg /* Probe recovery retries */ ) ) end rule(:tdir_http_probe_object) do c( "port" arg /* Port number */, "url" arg /* URL name */, "method" ( /* HTTP method */ ("get" | "options") ), "hostname" arg /* Hostname */ ) end rule(:tdir_netmon_custom_probe_object) do c( "protocol" ( /* Custom protocol */ ("tcp" | "udp") ), "cmd" ( /* Custom probe command configuration */ tdir_netmon_custom_probe_command_object /* Custom probe command configuration */ ) ) end rule(:tdir_netmon_custom_probe_command_object) do arg.as(:arg) ( c( "port" arg /* Port number */, "default-real-service-status" ( /* Default status of real service */ ("down" | "up") ), "send" ( /* Send ASCII string or binary buffer */ tdir_netmon_custom_probe_send_object /* Send ASCII string or binary buffer */ ), "expect" ( /* Expect ASCII string or binary buffer */ tdir_netmon_custom_probe_expect_object /* Expect ASCII string or binary buffer */ ).as(:oneline) ) ) end rule(:tdir_netmon_custom_probe_expect_object) do c( c( "ascii" ( /* Expect ASCII string */ tdir_netmon_cust_probe_ascii_expect_obj /* Expect ASCII string */ ).as(:oneline), "binary" ( /* Expect binary buffer */ tdir_netmon_cust_probe_binary_expect_obj /* Expect binary buffer */ ).as(:oneline) ) ).as(:oneline) end rule(:tdir_netmon_cust_probe_ascii_expect_obj) do c( arg, "offset" ( /* Expect buffer offset */ tdir_netmon_cust_probe_expect_offset_obj /* Expect buffer offset */ ), "real-service-action" ( /* Action on expect match */ ("up" | "down") ) ).as(:oneline) end rule(:tdir_netmon_cust_probe_binary_expect_obj) do c( arg, "offset" ( /* Expect buffer offset */ tdir_netmon_cust_probe_expect_offset_obj /* Expect buffer offset */ ), "real-service-action" ( /* Action on expect match */ ("up" | "down") ) ).as(:oneline) end rule(:tdir_netmon_cust_probe_expect_offset_obj) do c( arg, "length" arg /* Expect buffer offset length */ ).as(:oneline) end rule(:tdir_netmon_custom_probe_send_object) do c( c( "ascii" arg /* Send ASCII string */, "binary" arg /* Send binary buffer */ ) ).as(:oneline) end rule(:tdir_netmon_src_iface) do arg.as(:arg) ( c( "family" ( /* Address family */ c( "inet" ( /* Address family IPv4 */ c( "address" ( /* Address family IPv4 address */ ipv4addr /* Address family IPv4 address */ ) ) ), "inet6" ( /* Address family IPv6 */ c( "address" ( /* Address family IPv6 address */ ipv6addr /* Address family IPv6 address */ ) ) ) ) ) ) ) end rule(:tdir_netmon_traceoptions_object) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("all-real-services" | "messages" | "probe" | "inter-thread" | "database" | "file-descriptor-queue" | "probe-infra" | "all")) /* Tracing flag parameters */.as(:oneline), "monitor" arg ( c( "group-name" arg /* Group name */, "real-services-name" arg /* Real service */ ) ) ) end rule(:tdir_service_load_balance_object) do c( "traceoptions" ( /* Traffic load balance trace options */ tdir_traceoptions_object /* Traffic load balance trace options */ ), "route-hold-timer" arg /* Route hold timer, when PIC is down */, "instance" ( /* Traffic load balance instance configuration */ tdir_slb_instance_object /* Traffic load balance instance configuration */ ) ) end rule(:tdir_slb_instance_object) do arg.as(:arg) ( c( "interface" ( /* Interface name */ interface_name /* Interface name */ ), "server-inet-bypass-filter" arg /* Server Implicit inet bypass filter reference */, "server-inet6-bypass-filter" arg /* Server Implicit inet6 bypass filter reference */, "client-interface" ( /* Client facing interface name */ interface_unit /* Client facing interface name */ ), "server-interface" ( /* Server facing interface name */ interface_unit /* Server facing interface name */ ), "client-vrf" arg /* Client-side VRF */, "server-vrf" arg /* Server-side VRF */, "group" ( /* Group configuration */ tdir_slb_group_object /* Group configuration */ ), "real-service" ( /* Real service configuration */ tdir_real_service_object /* Real service configuration */ ), "virtual-service" ( /* Virtual service configuration */ tdir_virtual_service_object /* Virtual service configuration */ ) ) ) end rule(:tdir_real_service_object) do arg.as(:arg) ( c( "address" ( /* IP address */ ipaddr /* IP address */ ), "admin-down" /* Set the real service to DOWN state */ ) ) end rule(:tdir_slb_group_object) do arg.as(:arg) ( c( "real-services" arg /* Real services group association */, "routing-instance" arg /* Routing instance name */, "health-check-interface-subunit" arg /* Subunit on which the health-check is to be initiated */, "network-monitoring-profile" arg /* Network monitoring profile name */, "real-service-rejoin-options" ( /* Real service rejoin options */ tdir_auto_rejoin_object /* Real service rejoin options */ ) ) ) end rule(:tdir_auto_rejoin_object) do c( "no-auto-rejoin" /* Disable real service auto-rejoin, when it comes up */ ) end rule(:tdir_ssl_hello_probe_object) do c( "port" arg /* Port number */, "version" ( /* SSL version */ ("2" | "3") ) ) end rule(:tdir_tcp_probe_object) do c( "port" arg /* Port number */ ) end rule(:tdir_traceoptions_object) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("normal" | "config" | "connect" | "health" | "parse" | "probe" | "route" | "snmp" | "statistics" | "system" | "operational-commands" | "filter" | "batch" | "all")) /* Tracing flag parameters */.as(:oneline), "monitor" arg ( c( "virtual-svc-name" arg /* Virtual service name */, "instance-name" arg /* Instance name */ ) ), "in-memory-tracing" ( sc( "max-lines" arg /* Number of max lines in memory tracing */ ) ).as(:oneline) ) end rule(:tdir_virtual_service_object) do arg.as(:arg) ( c( "mode" ( /* Virtual service mode */ ("layer2-direct-server-return" | "direct-server-return" | "translated") ), "address" ( /* IP address */ ipaddr /* IP address */ ), "route-metric" arg /* Route metric */, "rebalance-threshold" arg /* Rebalance threshold */, "routing-instance" arg /* Routing instance name */, "service" ( /* Listening service configuration */ tdir_virtual_service_svc_object /* Listening service configuration */ ), "server-interface" ( /* Server facing interface name */ interface_unit /* Server facing interface name */ ), "group" arg /* Group name */, "load-balance-method" ( /* Load balance method */ c( c( "hash" ( /* Load balance hash method */ c( "hash-key" ( /* Hash-key type */ tdir_virtual_service_lb_hash_method_obj /* Hash-key type */ ) ) ), "random" /* Load balance random method */ ) ) ) ) ) end rule(:tdir_virtual_service_lb_hash_method_obj) do c( "source-ip" /* Source-address based hashing */, "destination-ip" /* Destination-address based hashing */, "protocol" /* Protocol based hashing */ ) end rule(:tdir_virtual_service_svc_object) do arg.as(:arg) ( c( "virtual-port" arg /* Virtual port number */, "server-listening-port" arg /* Server listening port */, "protocol" arg /* Service transport portocol */, "include-real-server-ips-in-server-filter" /* Includes list of all real server ip address in server filter */ ) ) end rule(:tdm_options_type) do c( "sfp-type" ( /* Smart SFP type */ ("T1" | "E1" | "DS3" | "STM1" | "STM4" | "STM16") ), "tdm-in-loop" /* Configure port in TDM IN-LOOP mode */, "tdm-out-loop" /* Configure port in TDM OUT-LOOP mode */, "ces-psn-port-dmac-check-enable" /* Enable DMAC check on smart SFP */, "iwf-params" ( /* TDM interworking functionality (IWF) parameters */ c( "decap-ecid" arg /* ECID for decapsulation */, "encap-ecid" arg /* ECID for encapsulation */ ) ), "ces-psn-channel" ( /* CES PSN channel parameters */ c( "dmac-address" ( /* Destination MAC-address to be paired with the Smart SFP */ mac_addr /* Destination MAC-address to be paired with the Smart SFP */ ), "mode" ( /* PSN encapsulation mode */ ("MEF8" | "MPLS") ), "vlan-id-1" arg /* VLAN ID for encapsulation */, "vlan-id-2" arg /* Outer VLAN ID for encapsulation */ ) ) ) end rule(:te_class_object) do c( "traffic-class" ( /* Traffic class */ ("ct0" | "ct1" | "ct2" | "ct3") ), "priority" arg /* Preemption priority for this class */ ).as(:oneline) end rule(:tenant_system_type) do arg.as(:arg) ( c( "max-sessions" arg /* Max number of IDP sessions */ ) ) end rule(:tenant_interfaces_type) do arg.as(:arg) ( c( "unit" enum(("$junos-underlying-interface-unit" | "$junos-interface-unit" | arg)) ( /* Logical interface */ c( "policer-overhead" ( /* Policer overhead adjustment for this unit */ c( arg, "ingress" arg /* Ingress value in bytes */, "egress" arg /* Egress value in bytes */ ) ), "alias" arg /* Interface alias */, "enhanced-convergence" /* Optimize convergence time for L3 */, "proxy-macip-advertisement" /* Proxy advertisement of type 2 MAC+IP route for EVPN */, "virtual-gateway-accept-data" /* Accept packets destined for virtual gateway address */, "peer-psd" ( /* Peer psd */ sc( arg /* Peer psd name */ ) ).as(:oneline), "peer-interface" ( /* Peer interface */ c( interface_unit /* Peer interface name */ ) ), "interface-shared-with" ( /* Specify which PSD owns this logical interface */ c( arg /* Name of protected system domain (psd[1-31], ex. psd2) */ ) ), ("disable"), "passive-monitor-mode" /* Use interface to tap packets from another router */, "per-session-scheduler" /* Enable per-session queuing on an IQ2 interface */, "account-layer2-overhead" ( /* Account layer2 overhead in IFL byte statistics */ c( arg, "ingress" arg /* Layer2 overhead bytes to be accounted in ingress */, "egress" arg /* Layer2 overhead bytes to be accounted in egress */ ) ), "forwarding-class-accounting" ( /* Configure Forwarding-class-accounting parameters for IFL */ c( "direction" ( /* Direction of the traffic to be accounted for IFL */ ("ingress" | "egress" | "both") ), "enhanced" ( c( "traffic-type" ( /* Traffic-type to be accounted for forwarding-class-accounting for IFL */ ("unicast-statistics" | "multicast-statistics") ), "family" ( /* Protocol traffic to be accounted for forwarding-class-accounting for IFL */ ("inet" | "inet6" | "both") ), "direction" ( /* Direction of the traffic to be accounted for forwarding-class-accounting for IFL */ ("ingress" | "egress" | "both") ), "overhead-bytes" arg /* Per octet overhead bytes to be accounted for forwarding-class-accounting for IFL */ ) ) ) ), "clear-dont-fragment-bit" /* Clear DF bit in packet (AS PIC and J-series only as well as MIF) */, "packet-inject-enable" /* Enable packet inject functionality on this IFL */, "reassemble-packets" /* Do reassembly of fragmented tunnel packets */, "services-options" /* Services interface-specific options */, "rpm" ( /* Enable RPM service on this interface */ c( c( c( "client" /* Client mode */, "server" /* Server mode */, "client-delegate-probes" /* Client delegate probe mode */ ), "twamp-server" /* Set TWAMP server mode on this interface */, "twamp-client" /* Set TWAMP client mode on this interface */ ) ) ), "description" arg /* Text description of interface */, "metadata" arg /* Text metadata attached to interface */, "dial-options" ( /* Dial options */ c( c( "l2tp-interface-id" arg /* Identifier for group of PPP sessions */, "ipsec-interface-id" arg /* Identifier for group of dynamic peers */ ), c( "dedicated" /* Use this unit for only one PPP/IPSec session */, "shared" /* Share this unit for multiple PPP/IPSec sessions */ ) ) ), "actual-transit-statistics" /* Actual transit statistics */, "demux-source" ( enum(("inet" | "inet6")) ), "demux-destination" ( enum(("inet" | "inet6")) ), "demux" ( /* Demux based on source or destination address */ c( "inet" ( /* Family inet */ c( "address" ( /* Address type */ ("source" | "destination") ), "auto-configure" ( /* Auto configuration */ dynamic_ipv4_type /* Auto configuration */ ) ) ), "inet6" ( /* Family inet6 */ c( "address" ( /* Address type */ ("source" | "destination") ), "auto-configure" ( /* Auto configuration */ dynamic_ipv6_type /* Auto configuration */ ) ) ) ) ), "encapsulation" ( /* Logical link-layer encapsulation */ ("atm-nlpid" | "atm-cisco-nlpid" | "atm-snap" | "atm-vc-mux" | "atm-ccc-vc-mux" | "atm-tcc-vc-mux" | "atm-tcc-snap" | "atm-ccc-cell-relay" | "vlan-vci-ccc" | "ether-over-atm-llc" | "ether-vpls-over-atm-llc" | "ppp-over-ether-over-atm-llc" | "ppp-over-ether" | "atm-ppp-vc-mux" | "atm-ppp-llc" | "atm-mlppp-llc" | "frame-relay-ppp" | "frame-relay-ccc" | "frame-relay" | "frame-relay-tcc" | "frame-relay-ether-type" | "frame-relay-ether-type-tcc" | "ether-vpls-fr" | "vlan-ccc" | "ethernet-ccc" | "vlan-vpls" | "vlan-bridge" | "ethernet-tcc" | "dix" | "ethernet" | "ethernet-vpls" | "ethernet-bridge" | "vlan" | "vlan-tcc" | "multilink-ppp" | "multilink-frame-relay-end-to-end" | "ppp-ccc") ), "gre" /* Allow GRE packets */, "mtu" arg /* Maximum transmission unit packet size */, c( "point-to-point" /* Point-to-point connection */, "multipoint" /* Multipoint connection */ ), "bandwidth" arg /* Logical unit bandwidth (informational only) */, "global-layer2-domainid" arg /* Global Layer-2 Identifier for this interface */, "radio-router" ( /* Parameters for dynamic link cost management */ dynamic_ifbw_parms_type /* Parameters for dynamic link cost management */ ), "traps" /* Enable SNMP notifications on state changes */, "no-traps" /* Don't enable SNMP notifications on state changes */, "routing-services" /* Enable routing services */, "no-routing-services" /* Don't enable routing services */, "routing-service" ( /* Routing Services on this interface */ c( ("enable" | "disable") ) ), "arp-resp" ( /* Knob to control ARP response on the interface, default is restricted */ sc( c( "unrestricted" /* Enable unrestricted ARP respone on the interface */, "restricted" /* Enable restricted proxy ARP response on the interface */ ) ) ).as(:oneline), "proxy-arp" ( /* Enable proxy ARP on the interface, default is unrestricted */ sc( c( "unrestricted" /* Enable unrestricted proxy ARP on the interface */, "restricted" /* Enable restricted proxy ARP on the interface */ ) ) ).as(:oneline), c( "vlan-id" ( /* Virtual LAN identifier value for 802.1q VLAN tags */ ("none" | arg) ), "vlan-id-range" arg /* Virtual LAN identifier range of form vid1-vid2 */, "inner-vlan-id-swap-ranges" arg /* Inner vlan-id swap range(s) of form vid1-vid2 for dynamic L2 VLANs */, "vlan-id-list" arg /* List of VLAN identifiers */, "vlan-tag" arg /* IEEE 802.1q tag list for VLAN tagged frames */, "vlan-tags" ( /* IEEE 802.1q tags */ sc( "outer" ( /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */ ("$junos-stacked-vlan-id" | "$junos-vlan-id" | arg) ), c( "inner" ( /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */ ("$junos-vlan-id" | arg) ), "inner-range" arg /* [tpid.]vid1-vid2, tpid format is 0xNNNN and is optional */, "inner-list" arg /* List of VLAN identifiers */ ) ) ).as(:oneline) ), "deep-vlan-qualified-learning" arg /* Enable qualified MAC-address learning on the specified vlan tag */, "native-inner-vlan-id" arg /* Native virtual LAN identifier for singly tagged frames */, "inner-vlan-id-range" ( /* Inner vlan-id range start end */ sc( "start" arg /* Inner vlan-id range's start value */, "end" arg /* Inner vlan-id range's end value */ ) ).as(:oneline), "accept-source-mac" ( /* Remote media access control address to/from which to accept traffic */ c( "mac-address" ( /* Remote MAC address */ mac_list /* Remote MAC address */ ) ) ), "input-vlan-map" ( /* VLAN map operation on input */ vlan_map /* VLAN map operation on input */ ), "output-vlan-map" ( /* VLAN map operation on output */ vlan_map /* VLAN map operation on output */ ), "swap-by-poppush" /* Pop original vlan tag and then push a new vlan tag */, "receive-lsp" arg /* Name of incoming label-switched path */, "transmit-lsp" arg /* Name of outgoing label-switched path */, "dlci" arg /* Frame Relay data-link control identifier */, "multicast-dlci" arg /* Frame Relay data-link control identifier for multicast packets */, c( "vci" ( /* ATM point-to-point virtual circuit identifier ([vpi.]vci) */ atm_vci /* ATM point-to-point virtual circuit identifier ([vpi.]vci) */ ), "allow-any-vci" /* Allow all VCIs to open in atm-ccc-cell-relay mode */, "vpi" arg /* ATM point-to-point virtual path identifier (vpi) */, "trunk-id" arg /* ATM trunk identifier */ ), "no-vpivci-swapping" /* Do not swap VPI/VCI for Cell Relay */, c( "psn-vci" ( /* PSN VCI */ atm_vci /* PSN VCI */ ), "psn-vpi" arg /* PSN VPI */ ), "atm-l2circuit-mode" ( /* Select ATM Layer 2 circuit transport mode */ sc( c( "cell" /* ATM Layer 2 circuit cell mode */, "aal5" /* ATM Layer 2 circuit AAL5 mode */ ) ) ).as(:oneline), "vci-range" ( /* ATM VCI range start end */ sc( "start" arg /* ATM VCI range's start value */, "end" arg /* ATM VCI range's end value */ ) ).as(:oneline), "trunk-bandwidth" arg /* ATM trunk bandwidth */, "multicast-vci" ( /* ATM virtual circuit identifier for multicast packets */ atm_vci /* ATM virtual circuit identifier for multicast packets */ ), "shaping" ( /* Virtual circuit traffic-shaping options */ dcd_shaping_config /* Virtual circuit traffic-shaping options */ ), "oam-period" ( /* OAM cell period */ sc( c( arg, "disable" /* Disable F5 OAM loopback */.as(:oneline) ) ) ).as(:oneline), "oam-liveness" ( /* OAM virtual circuit liveness parameters */ c( "up-count" arg /* Number of OAM cells to consider VC up */, "down-count" arg /* Number of OAM cells to consider VC down */ ) ), "ppp-options" ( /* Point-to-Point Protocol interface-specific options */ ppp_options_type /* Point-to-Point Protocol interface-specific options */ ), "pppoe-options" ( /* PPP over Ethernet interface-specific options */ pppoe_options_type /* PPP over Ethernet interface-specific options */ ), "pppoe-underlying-options" ( /* PPP over Ethernet underlying interface-specific options */ pppoe_underlying_options_type /* PPP over Ethernet underlying interface-specific options */ ), "advisory-options" ( /* Interface-specific recommendations */ advisory_options_type /* Interface-specific recommendations */ ), "auto-configure" ( /* Auto configuration */ auto_configure_vlan_type /* Auto configuration */ ), "demux-options" ( /* IP demux interface-specific options */ demux_options_type /* IP demux interface-specific options */ ), "targeted-distribution" ( /* Interface participates in targeted-distribution */ c( "primary-list" arg /* Primary targeted distribution list */, "backup-list" arg /* Backup targeted distribution list */, "standby-list" arg /* Standby targeted distribution list */ ) ), "targeted-options" ( /* Targeting specific options */ c( "weight" ( /* Targeting weight for subscriber */ ("$junos-interface-target-weight" | arg) ), "primary" ( /* Primary link for the subscriber */ interface_device /* Primary link for the subscriber */ ), "backup" ( /* Backup link for the subscriber */ interface_device /* Backup link for the subscriber */ ), "group" arg /* Group name to which the subscriber is associated */ ) ), c( "keepalives" ( /* Send or demand keepalive messages */ keepalives_type /* Send or demand keepalive messages */ ).as(:oneline), "no-keepalives" /* Do not send or demand keepalive messages */ ), "inverse-arp" /* Enable inverse ARP */, "transmit-weight" arg /* ATM2 transmit weight for VC under VP tunnel */, "epd-threshold" ( /* Early packet discard threshold for ATM2 */ epd_threshold_config /* Early packet discard threshold for ATM2 */ ).as(:oneline), "cell-bundle-size" arg /* L2 circuit cell bundle size */, "cell-bundle-timeout" arg /* L2 circuit cell bundle timeout */, "plp-to-clp" /* Enable ATM2 PLP to CLP copy */, "atm-scheduler-map" arg /* Assign ATM2 CoS scheduling map */, "mrru" arg /* Maximum received reconstructed unit */, "short-sequence" /* Short sequence number header format (MLPPP only) */, "fragment-threshold" arg /* Fragmentation threshold */, "drop-timeout" arg /* Drop timeout */, "disable-mlppp-inner-ppp-pfc" /* Disable compression for inner PPP header in MLPPP payload */, "minimum-links" arg /* Minimum number of links to sustain the bundle */, "multilink-max-classes" arg /* Number of multilink classes */, "compression" ( /* Various packet header compressions */ c( "rtp" ( /* Compress and decompress RTP */ c( "f-max-period" arg /* Maximum number of compressed packets between transmission of full headers */, "queues" ( /* Queue holding RTP packets. Default is queue 1 */ ("q0" | "q1" | "q2" | "q3") ), "port" ( /* UDP destination ports reserved for RTP packets */ sc( "minimum" arg, "maximum" arg ) ).as(:oneline), "maximum-contexts" ( /* Maximum number of simultaneous RTP contexts */ sc( arg ) ).as(:oneline) ) ) ) ), "interleave-fragments" /* Interleave long packets with high priority ones */, "link-layer-overhead" ( /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ unsigned_float /* Link layer bit stuffing overhead (0.0 .. 50.0 percent) */ ), "accounting-profile" arg /* Accounting profile name */, "peer-unit" arg /* Peer unit number */, "tunnel" ( /* Tunnel parameters */ c( "encapsulation" ( /* Encapsulation over tunnel */ c( "vxlan-gpe" ( c( "source" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ), "mac-address" ( /* Interface source mac address */ mac_addr /* Interface source mac address */ ), "interface" ( /* Name of the interface */ interface_name /* Name of the interface */ ) ) ), "destination" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ), "mac-address" ( /* Interface destination mac address */ mac_addr /* Interface destination mac address */ ) ) ), "tunnel-endpoint" ( /* Tunnel end point type */ ("vxlan") ), "destination-udp-port" arg /* Value to write to the destination-udp-port field */, "vni" arg /* Value to write to the vni field */ ) ), "udp" ( /* Family for tunnel encapsulation udp */ c( "source" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ), "interface" ( /* Name of the interface */ interface_name /* Name of the interface */ ) ) ), "destination" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ) ) ) ) ), "ipip" ( /* Family for tunnel encapsulation ipip */ c( "source" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ), "interface" ( /* Name of the interface */ interface_name /* Name of the interface */ ) ) ), "destination" ( c( "address" ( /* Interface address prefix */ ipv4addr /* Interface address prefix */ ) ) ) ) ) ) ), "source" ( /* Tunnel source */ ipaddr /* Tunnel source */ ), "destination" ( /* Tunnel destination */ ipaddr /* Tunnel destination */ ), "key" arg /* Tunnel key */, "backup-destination" ( /* Backup tunnel destination */ ipaddr /* Backup tunnel destination */ ), c( "allow-fragmentation" /* Do not set DF bit on packets */, "do-not-fragment" /* Set DF bit on packets */ ), "ttl" arg /* Time to live */, "traffic-class" arg /* TOS/Traffic class field of IP-header */, "flow-label" arg /* Flow label field of IP6-header */, "path-mtu-discovery" /* Enable path MTU discovery for tunnels */, "no-path-mtu-discovery" /* Don't enable path MTU discovery for tunnels */, "routing-instance" ( /* Routing instance to which tunnel ends belong */ c( "destination" arg /* Routing instance of tunnel destination */ ) ) ) ), "compression-device" ( /* Logical interface used for compression */ interface_unit /* Logical interface used for compression */ ), "atm-policer" ( /* ATM policing for logical interface */ c( "input-atm-policer" arg /* Input atm policer */ ) ), "layer2-policer" ( /* Layer2 policing for logical interface */ c( c( "input-policer" arg /* Two-color policer for received packets */, "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "input-three-color" arg /* Color-blind three-color policer for received packets */ ), c( "output-policer" ( /* Two-color policer for transmitted packets */ ("$junos-layer2-output-policer" | arg) ), "output-three-color" ( /* Three-color policer for transmitted packets */ ("$junos-layer2-output-policer" | arg) ) ) ) ), "filter" ( /* Filters to apply to all families configured under this logical interface */ c( c( "input" ( /* Name of filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline) ), c( "output" ( /* Name of filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline) ) ) ), "multi-chassis-protection" ( /* Inter-Chassis protection configuration */ multi_chassis_protection_group_ifl /* Inter-Chassis protection configuration */ ), "statistics" /* Enable statistics collection in PFE */, "esi" ( /* ESI configuration of logical interface */ c( "auto-derive" ( /* Auto-derive ESI value for the interface */ c( c( "lacp" /* Auto-derive ESI from lacp */ ) ) ), esi /* ESI value for the interface */, c( "single-active" /* Single-active mode */, "all-active" /* All-active mode */ ), "df-election-granularity" ( /* DF Election Granularity Selection */ c( c( "per-esi" ( /* DF Election Granularity Per Esi */ c( "lacp-oos-on-ndf" /* Lacp Oos */ ) ), "per-esi-vlan" /* Per Esi Vlan */ ) ) ), "df-election-type" ( /* DF Election Type */ c( c( "preference" ( /* Preference based DF election */ c( "value" arg /* Preference value for EVPN Multihoming DF election */ ) ) ), c( "mod" /* MOD based DF election */ ) ) ), "source-bmac" ( /* Unicast Source B-MAC address per ESI for PBB-EVPN */ mac_unicast /* Unicast Source B-MAC address per ESI for PBB-EVPN */ ) ) ), c( "no-auto-virtual-gateway-esi" /* Disable auto ESI generation for virtual gateway address */, "virtual-gateway-esi" ( /* ESI configuration of virtual gateway */ c( esi /* ESI value for the interface */, c( "single-active" /* Single-active mode */, "all-active" /* All-active mode */ ) ) ) ), "service" ( /* Service operations */ c( "pcef" arg ( /* PCEF configuration */ c( "activate-all" /* Activate all rules and rulebases in the pcef profile */, "activate" arg /* Name of pcef profile rule or rulebase to activate */ ) ) ) ), "generate-eui64" /* To generate Link Local EUI-64 addresses */, "no-generate-eui64" /* Don't to generate Link Local EUI-64 addresses */, "family" ( /* Protocol family */ c( "inet" ( /* IPv4 parameters */ c( "dhcp" ( /* Dynamic Host Configuration Protocol client configuration */ dhcp_client_type /* Dynamic Host Configuration Protocol client configuration */ ), "targeted-broadcast" ( /* Directed broadcast */ c( c( "forward-and-send-to-re" /* Allow packets to be forwarded and sent to re */, "forward-only" /* Allow packets only to be forwarded */ ) ) ), "destination-class-usage" /* Enable destination class usage on this interface */, "transit-options-packets" /* Transit IP options packets (don't send to Routing Engine) */, "transit-ttl-exceeded" /* Transit IP TTL-exceeded packets (don't send to Routing Engine) */, "receive-options-packets" /* Receive IP options packets (don't send to Routing Engine) */, "receive-ttl-exceeded" /* Receive IP TTL-exceeded packets (don't send to Routing Engine) */, "accounting" ( /* Configure interface-based accounting options */ c( "source-class-usage" ( /* Enable source class usage on this interface */ c( "input" /* Specify this interface for source-class-usage input */, "output" /* Specify this interface for source-class-usage output */ ) ), "destination-class-usage" /* Enable destination class usage on this interface */ ) ), "mac-validate" ( /* Validate source MAC address */ ("strict" | "loose") ), "rpf-check" ( /* Enable reverse-path-forwarding checks on this interface */ c( "fail-filter" arg /* Name of filter applied to packets failing RPF check */, "mode" ( /* Mode for reverse path forwarding */ sc( "loose" /* Reverse-path-forwarding loose mode */ ) ).as(:oneline) ) ), "mtu" arg /* Protocol family maximum transmission unit */, "arp-max-cache" arg /* Max interface ARP nexthop cache size */, "arp-new-hold-limit" arg /* Max no. of new unresolved nexthops */, "tcp-mss" arg /* Protocol family tcp maximum segment size */, "no-redirects" /* Do not redirect traffic */, "no-neighbor-learn" /* Disable neighbor address learning on interface */, "unconditional-src-learn" /* Glean from arp packets even when source cannot be validated */, "multicast-only" /* Allow only multicast traffic (tunnels only) */, "primary" /* Candidate for primary interface in system */, "ipsec-sa" arg /* Name of security association */, "allow-filter-on-re" /* Enable kernel filter on network ports */, "demux-source" ("$junos-subscriber-ip-address" | arg) /* Demux based on source prefix */, "demux-destination" ("$junos-subscriber-ip-address" | arg) /* Demux based on destination prefix */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, "output-chain" arg /* List of filter modules applied to transmitted packets */, c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "iq-policing-filter" ( /* Protocol family ingress-queuing-policing-filter */ sc( arg /* Name of the ingress-queuing-policing-filter */ ) ).as(:oneline), "simple-filter" ( /* Filter for doing multifield classification */ c( "input" arg /* Name of simple filter applied to received packets */ ) ), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "arp" arg /* Name of policer applied to received ARP packets */, "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ), "service" ( /* Service operations */ c( "input" ( /* Service sets to consider for received packets */ c( "service-set" arg ( /* Service set to consider for received packets */ c( "service-filter" arg /* Name of service filter */ ) ), "post-service-filter" arg /* Post-service filter to apply to received packets */ ) ), "output" ( /* Service sets to consider for transmitted packets */ c( "service-set" arg ( /* Service set to consider for transmitted packets */ c( "service-filter" arg /* Name of service filter */ ) ) ) ) ) ), "next-hop-tunnel" arg ( /* One or more next-hop tunnel tables */ c( "ipsec-vpn" arg /* Name of IPSec VPN */ ) ), "tunnel-termination" /* Tunnel termination */, "address" arg ( /* Interface address/destination prefix */ c( "destination" ( /* Destination address */ ipv4addr /* Destination address */ ), "destination-profile" arg /* Profile to use for destination address */, "broadcast" ( /* Broadcast address */ ipv4addr /* Broadcast address */ ), "primary" /* Candidate for primary address in system */, "preferred" /* Preferred address on interface */, "master-only" /* Master management IP address for router */, "multipoint-destination" arg ( /* Multipoint NBMA destination */ c( c( "dlci" arg /* Frame Relay data-link control identifier */, "vci" ( /* ATM virtual circuit identifier ([vpi.]vci) */ atm_vci /* ATM virtual circuit identifier ([vpi.]vci) */ ) ), "shaping" ( /* Virtual circuit traffic-shaping options */ dcd_shaping_config /* Virtual circuit traffic-shaping options */ ), "oam-period" ( /* OAM cell period */ sc( c( arg, "disable" /* Disable OAM loopback */.as(:oneline) ) ) ).as(:oneline), "oam-liveness" ( /* OAM virtual circuit liveness parameters */ c( "up-count" arg /* Number of OAM cells to consider VC up */, "down-count" arg /* Number of OAM cells to consider VC down */ ) ), "inverse-arp" /* Enable inverse ARP reply messages */, "transmit-weight" arg /* ATM2 transmit weight for VC under VP tunnel */, "epd-threshold" ( /* Early packet discard threshold for ATM2 */ epd_threshold_config /* Early packet discard threshold for ATM2 */ ).as(:oneline) ) ), "arp" arg ( /* Static Address Resolution Protocol entries */ sc( "l2-interface" ( /* Layer 2 interface name for ARP entry */ interface_name /* Layer 2 interface name for ARP entry */ ), c( "mac" ( /* MAC address */ mac_unicast /* MAC address */ ), "multicast-mac" ( /* Multicast MAC address */ mac_multicast /* Multicast MAC address */ ) ), "publish" /* Reply to ARP requests for this entry */ ) ).as(:oneline), "host-discovery" arg ( /* Discover servers IP based on subnet range */ sc( "aging-timer" arg /* ARP aging timer */, "discovery-interval" arg /* ARP proactive discovery time */ ) ).as(:oneline), "web-authentication" ( /* Parameters for web-based firewall-user authentication */ c( "http" /* Enable authentication via HTTP */, "https" /* Enable authentication via HTTPS */, "redirect-to-https" /* Web authentication redirect to HTTPS */ ) ), "vrrp-group" ( /* VRRP group */ vrrp_group /* VRRP group */ ), "virtual-gateway-address" ( /* Virtual Gateway IP address */ ipv4addr /* Virtual Gateway IP address */ ) ) ), "unnumbered-address" ( /* Unnumbered interface address/destination prefix */ sc( interface_unit /* Interface from which to take local address */, "preferred-source-address" ( /* Preferred address on the donor interface */ ("$junos-preferred-source-address" | arg) ), "destination" ( /* Destination address */ ipv4addr /* Destination address */ ), "destination-profile" arg /* Profile to use for destination address */ ) ).as(:oneline), "location-pool-address" ( /* Location-based IP address pool */ c( arg ) ), "negotiate-address" /* Negotiate address with remote */, "destination-udp-port" arg /* Choose destination UDP port number */ ) ), "iso" ( /* OSI ISO protocol parameters */ c( "address" arg /* Interface address */, "mtu" arg /* Protocol family maximum transmission unit */, "destination-udp-port" arg /* Choose destination UDP port number */ ) ), "inet6" ( /* IPv6 protocol parameters */ c( "dhcpv6-client" ( /* Dynamic Host Configuration Protocol DHCPv6 client configuration */ c( "client-type" ( /* DHCPv6 client type */ ("stateful" | "autoconfig") ), "client-ia-type" enum(("ia-na" | "ia-pd")) /* DHCPv6 client identity association type */, "rapid-commit" /* Option is used to signal the use of the two message exchange for address assignment */, "prefix-delegating" ( /* Prefix delegating parameters */ c( "preferred-prefix-length" arg /* Client preferred prefix length */, "sub-prefix-length" arg /* The sub prefix length for LAN interfaces */ ) ), "client-identifier" ( /* DHCP Server identifies a client by client-identifier value */ sc( "duid-type" ( /* DUID identifying a client */ ("duid-llt" | "vendor" | "duid-ll") ) ) ).as(:oneline), "vendor-id" arg /* Vendor class id for the dhcpv6 client */, "req-option" enum(("dns-server" | "domain" | "ntp-server" | "time-zone" | "sip-server" | "sip-domain" | "nis-server" | "nis-domain" | "fqdn" | "vendor-spec" | "zero-touch-redirect" | "bootfile-url" | "bootfile-param")) /* DHCPV6 client requested option configuration */, "options" ( /* DHCP options */ c( "number" arg ( /* DHCP option code */ sc( c( "hex-string" arg /* Hexadecimal string */ ) ) ).as(:oneline) ) ), "retransmission-attempt" arg /* Number of attempts to retransmit the DHCPV6 client protocol packet */, "no-dns-install" /* Not propagate DNS to kernel */, "update-router-advertisement" ( /* Dhcpv6 client update rpd for prefix delegation */ c( "interface" arg ( /* Interfaces on which to delegate prefix */ c( "managed-configuration" /* Set managed address configuration */, "no-managed-configuration" /* Don't set managed address configuration */, "other-stateful-configuration" /* Set other stateful configuration */, "no-other-stateful-configuration" /* Don't set other stateful configuration */, "max-advertisement-interval" arg /* Maximum advertisement interval */, "min-advertisement-interval" arg /* Minimum advertisement interval */, "enable-recursive-dns-server-option" /* Enables the recursive DNS server option */, "no-enable-recursive-dns-server-option" /* Don't enables the recursive DNS server option */ ) ) ) ), "update-server" /* Propagate TCP/IP settings to DHCP server */ ) ), "rpf-check" ( /* Enable reverse-path-forwarding checks on this interface */ c( "fail-filter" arg /* Name of filter applied to packets failing RPF check */, "mode" ( /* Mode for reverse path forwarding */ sc( "loose" /* Reverse-path-forwarding loose mode */ ) ).as(:oneline) ) ), "accounting" ( /* Interface-based accounting options */ c( "source-class-usage" ( c( "input" /* Interface for source-class-usage input */, "output" /* Interface for source-class-usage output */ ) ), "destination-class-usage" /* Enable destination class usage on this interface */ ) ), "mtu" arg /* Protocol family maximum transmission unit */, "tcp-mss" arg /* Protocol family tcp maximum segment size */, "nd6-stale-time" arg /* Stale time to reconfirm reachability with inet6 neighbour */, "no-neighbor-learn" /* Disable neighbor address learning on interface */, "slaac-enable" /* Enable slaac on management interface */, "ndp-proxy" ( /* Enable ndp proxy on interface */ c( "interface-restricted" /* Enable ndp interface proxy restricted to interface */ ) ), "dad-proxy" ( /* DAD proxy on interface */ c( "interface-restricted" /* Enable DAD interface proxy restricted to interface */ ) ), "nd6-max-cache" arg /* Max interface ND nexthop cache size */, "nd6-new-hold-limit" arg /* Max no. of new unresolved nexthops */, "no-redirects" /* Do not redirect traffic */, "allow-filter-on-re" /* Enable kernel filter on network ports */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, "output-chain" arg /* List of filter modules applied to transmitted packets */, "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ), "service" ( /* Service operations */ c( "input" ( /* Service sets to consider for received packets */ c( "service-set" arg ( /* Service set to consider for received packets */ c( "service-filter" arg /* Name of service filter */ ) ), "post-service-filter" arg /* Post-service filter to apply to received packets */ ) ), "output" ( /* Service sets to consider for transmitted packets */ c( "service-set" arg ( /* Service set to consider for transmitted packets */ c( "service-filter" arg /* Name of service filter */ ) ) ) ) ) ), "tunnel-termination" /* Tunnel termination */, "address" arg ( /* Interface address or destination prefix */ c( "destination" ( /* Destination address */ ipv6addr /* Destination address */ ), "eui-64" /* Generate EUI-64 interface ID */, "primary" /* Candidate for primary address in system */, "preferred" /* Preferred address on interface */, "master-only" /* Master management IP address for router */, "ndp" arg ( /* Static Neighbor Discovery Protocol entries */ sc( "l2-interface" ( /* Layer 2 interface name for NDP entry */ interface_name /* Layer 2 interface name for NDP entry */ ), c( "mac" ( /* MAC address */ mac_unicast /* MAC address */ ), "multicast-mac" ( /* Multicast MAC address */ mac_multicast /* Multicast MAC address */ ) ), "publish" /* Reply to NDP requests for this entry */ ) ).as(:oneline), "vrrp-inet6-group" ( /* VRRP group */ vrrp_group /* VRRP group */ ), "web-authentication" ( /* Parameters for web-based firewall-user authentication */ c( "http" /* Enable authentication via HTTP */, "https" /* Enable authentication via HTTPS */, "redirect-to-https" /* Web authentication redirect to HTTPS */ ) ), "virtual-gateway-address" ( /* Virtual Gateway IP address */ ipv6addr /* Virtual Gateway IP address */ ), "subnet-router-anycast" /* Create a subnet roter anycast address for this address. */ ) ), "demux-source" ("$junos-subscriber-ipv6-address" | arg | "$junos-subscriber-ipv6-multi-address") /* Demux based on source prefix */, "demux-destination" ("$junos-subscriber-ipv6-address" | arg) /* Demux based on destination prefix */, "unnumbered-address" ( /* Unnumbered interface address/destination prefix */ sc( interface_unit /* Interface from which to take local address */, "preferred-source-address" ( /* Preferred address on the donor interface */ ("$junos-preferred-source-ipv6-address" | arg) ) ) ).as(:oneline), "dad-disable" /* Disable duplicate-address-detection */, "no-dad-disable" /* Don't disable duplicate-address-detection */, "destination-udp-port" arg /* Choose destination UDP port number */ ) ), "mpls" ( /* MPLS protocol parameters */ c( "mtu" arg /* Protocol family maximum transmission unit */, "maximum-labels" arg /* Protocol family maximum number of labels */, "filter" ( /* Packet filtering */ c( c( "input" arg /* Name of filter applied to received packets */, "input-list" arg /* List of filter modules applied to received packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, c( "output" arg /* Name of filter applied to transmitted packets */, "output-list" arg /* List of filter modules applied to transmitted packets */ ), "output-chain" arg /* List of filter modules applied to transmitted packets */, "group" arg /* Interface group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "input-hierarchical-policer" arg /* Hierarchical policer for received packets */, "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "destination-udp-port" arg /* Choose destination UDP port number */ ) ), "mlppp" ( /* Multilink PPP protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ ("$junos-bundle-interface-name" | arg) ), c( "service-interface" ( /* Services interface to use */ interface_device /* Services interface to use */ ), "service-device-pool" arg /* Service interface pool name to use */ ), "dynamic-profile" arg /* dynamic profile for interface to use */ ) ), "mlfr-end-to-end" ( /* Multilink Frame Relay end-to-end protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ interface_unit /* Logical interface name this link will join */ ) ) ), "mlfr-uni-nni" ( /* Multilink Frame Relay UNI NNI protocol parameters */ c( "bundle" ( /* Logical interface name this link will join */ interface_unit /* Logical interface name this link will join */ ) ) ), "ccc" ( /* Circuit cross-connect parameters */ c( "mtu" arg /* Protocol family maximum transmission unit */, "filter" ( /* Packet filtering */ c( c( "input" arg /* Name of filter applied to received packets */, "input-list" arg /* List of filter modules applied to received packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, c( "output" arg /* Name of filter applied to transmitted packets */, "output-list" arg /* List of filter modules applied to transmitted packets */ ), "output-chain" arg /* List of filter modules applied to transmitted packets */, "group" arg /* Interface group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "translate-fecn-and-becn" /* Translate FECN and BECN bits */, c( "translate-discard-eligible" /* Translate DE bit */, "translate-plp-control-word-de" /* Translate PLP to/from Martini Control DE bit */ ), "keep-address-and-control" /* Don't strip PPP address and control bytes */ ) ), "tcc" ( /* Translational cross-connect parameters */ c( "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "proxy" ( c( "inet-address" ( /* Remote host address on non-Ethernet side of Ethernet TCC */ ipv4addr /* Remote host address on non-Ethernet side of Ethernet TCC */ ) ) ), "remote" ( c( "inet-address" ( /* Remote host address on Ethernet side of Ethernet TCC */ ipv4addr /* Remote host address on Ethernet side of Ethernet TCC */ ), "mac-address" ( /* Remote host MAC address on Ethernet side of Ethernet TCC */ mac_addr /* Remote host MAC address on Ethernet side of Ethernet TCC */ ) ) ), "protocols" ( /* Protocols supported on TCC interface */ ("mpls" | "inet" | "iso" | "inet6") ) ) ), "vpls" ( /* Virtual private LAN service parameters */ c( "core-facing" /* Interface is core facing */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, "output-chain" arg /* List of filter modules applied to transmitted packets */, c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "iq-policing-filter" ( /* Protocol family ingress-queuing-policing-filter */ sc( arg /* Name of the ingress-queuing-policing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ) ) ), "bridge" ( /* Layer-2 bridging parameters */ c( "core-facing" /* Interface is core facing */, "filter" ( /* Packet filtering */ c( c( "input" ( /* Filter to be applied to received packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "input-list" arg /* List of filter modules applied to received packets */ ), "input-chain" arg /* List of filter modules applied to received packets */, "output-chain" arg /* List of filter modules applied to transmitted packets */, c( "output" ( /* Filter to be applied to transmitted packets */ sc( arg /* Name of the filter */, "shared-name" arg /* Filter shared-name of instances of interface-shared filter */, "precedence" arg /* Precedence of the filter */ ) ).as(:oneline), "output-list" arg /* List of filter modules applied to transmitted packets */ ), "adf" ( /* Ascend Data Filter definition */ c( "rule" arg /* Set of ADF rules */, "counter" /* Add a counter to each rule */, "input-precedence" arg /* Precedence of the input rules */, "not-mandatory" /* No errors will be reported if no rules are present */, "output-precedence" arg /* Precedence of the output rules */ ) ), "group" arg /* Group to which interface belongs */ ) ), "ingress-queuing-filter" ( /* Protocol family ingress-queuing-filter */ sc( arg /* Name of the ingress-queuing-filter */ ) ).as(:oneline), "iq-policing-filter" ( /* Protocol family ingress-queuing-policing-filter */ sc( arg /* Name of the ingress-queuing-policing-filter */ ) ).as(:oneline), "policer" ( /* Interface policing */ c( "input" arg /* Name of policer applied to received packets */, "output" arg /* Name of policer applied to transmitted packets */ ) ), "interface-mode" ( /* Interface mode (access or trunk) */ ("access" | "trunk") ), "vlan-auto-sense" /* Enable VLAN auto sense on this interface */, "bridge-domain-type" ( /* Bridge domain type (svlan or bvlan) */ ("svlan" | "bvlan") ), "inter-switch-link" /* PVLAN inter switch link */, c( "vlan-id" arg /* Access mode and trunk mode VLAN membership */, "vlan-id-list" arg /* Trunk mode VLAN membership for this interface */, "inner-vlan-id-list" arg /* Trunk mode VLAN membership for this interface based on inner VLAN tag */ ), "vlan-rewrite" ( /* Specify vlan translation */ c( "translate" arg ( /* Translate incoming VLAN tag */ sc( arg ) ).as(:oneline) ) ), c( "isid-list" ( /* Specify the ISID list */ ("all-service-groups" | "all") ) ), "storm-control" ( /* Storm control profile name to bind */ c( arg /* Profile name */ ) ), "recovery-timeout" ( /* Recovery timeout for this interface */ sc( arg ) ).as(:oneline), "sampling" ( /* Interface sampling */ c( "input" /* Sample all packets input on this interface */, "output" /* Sample all packets output on this interface */ ) ) ) ), "ethernet-switching" ( /* Ethernet switching parameters */ ethernet_switching_type /* Ethernet switching parameters */ ), "fibre-channel" ( /* Fibre channel switching parameters */ fibre_channel_type /* Fibre channel switching parameters */ ), "pppoe" ( /* PPP over Ethernet underlying interface-specific options */ pppoe_underlying_options_type /* PPP over Ethernet underlying interface-specific options */ ), "any" ( /* Parameters for 'any' family */ c( "filter" ( /* Layer 2 packet filtering */ c( "input" arg /* Name of filter applied to received packets */, "group" arg /* Group to which interface belongs */ ) ) ) ) ) ), "service-domain" ( /* Service domain to which interface belongs */ ("inside" | "outside") ), "copy-tos-to-outer-ip-header" /* Copy IP payload header's ToS field to GRE delivery header */, "copy-tos-to-outer-ip-header-transit" /* Copy IP ToS field to GRE header for transit packets */, "force-control-packets-on-transit-path" /* Force control packets to follow transit path */, "load-balancing-options" ( /* AMS subunit load balancing options */ c( "preferred-active" ( /* Preferred active Interface name */ interface_device /* Preferred active Interface name */ ), "disable-hash" /* Hash based distribution is not needed for this subunit */, "hash-keys" ( c( "ingress-key" ( /* Hash Key for the ingress direction */ enum(("source-ip" | "destination-ip" | "protocol" | "iif")) ), "egress-key" ( /* Hash Key for the egress direction */ enum(("source-ip" | "destination-ip" | "protocol" | "oif")) ), "ipv6-source-prefix-length" ( /* IPv6 source prefix length for hash computation */ ("56" | "64" | "96" | "128") ) ) ) ) ), "mac" ( /* Configure logical interface MAC address */ mac_unicast /* Configure logical interface MAC address */ ), "virtual-gateway-v4-mac" ( /* Configure virtual gateway IPV4 virtual MAC address */ mac_unicast /* Configure virtual gateway IPV4 virtual MAC address */ ), "virtual-gateway-v6-mac" ( /* Configure virtual gateway IPV6 virtual MAC address */ mac_unicast /* Configure virtual gateway IPV6 virtual MAC address */ ), "forwarding-options" ( /* Aggregated Ethernet interface forwarding-options */ c( "load-balance-stateful" ( /* Stateful load balancing */ c( "per-flow" /* Enable feature */, "rebalance" arg /* Rebalancing interval */, "load-type" ( /* Load - defines the flows */ ("high" | "medium" | "low") ) ) ) ) ), "etree-ac-role" ( /* ETREE attachment circuit role */ ("root" | "leaf") ) ) ) ) ) end rule(:three_color_policer_type) do arg.as(:arg) ( c( "filter-specific" /* Three color policer is filter-specific */, "logical-interface-policer" /* Policer is logical interface policer */, "physical-interface-policer" /* Policer is physical interface policer */, "shared-bandwidth-policer" /* Share policer bandwidth among bundle links */, "action" ( /* Action for three-color policer */ c( "loss-priority" ( /* Loss priority for packet */ three_color_policer_action /* Loss priority for packet */ ).as(:oneline) ) ), c( "single-rate" ( /* Single-rate policer */ c( c( "color-blind" /* Color-blind mode */, "color-aware" /* Color-aware mode */ ), "committed-information-rate" arg /* Bandwidth allowed for committed traffic */, "committed-burst-size" arg /* Burst size allowed for committed traffic */, "excess-burst-size" arg /* Burst size allowed for excess traffic */ ) ), "single-packet-rate" ( /* Single-rate packet policer */ c( c( "color-blind" /* Color-blind mode */, "color-aware" /* Color-aware mode */ ), "committed-information-pps" arg /* PPS allowed for committed traffic */, "committed-packet-burst" arg /* Packet burst allowed for committed traffic */, "excess-packet-burst" arg /* Packet burst allowed for excess traffic */ ) ), "two-rate" ( /* Two-rate policer */ c( c( "color-blind" /* Color-blind mode */, "color-aware" /* Color-aware mode */ ), "committed-information-rate" arg /* Bandwidth allowed for committed traffic */, "committed-burst-size" arg /* Burst size allowed for committed traffic */, "peak-information-rate" arg /* Bandwidth allowed for peak traffic */, "peak-burst-size" arg /* Burst size allowed for peak traffic */, "aggregate-policing" ( /* Configure Aggregate Policer */ c( "policer" arg ( /* Two-color policer to be used as aggregate */ c( "aggregate-sharing-mode" ( /* Hierarchical Metering model */ ("hybrid") ) ) ) ) ) ) ), "two-packet-rate" ( /* Two-rate packet policer */ c( c( "color-blind" /* Color-blind mode */, "color-aware" /* Color-aware mode */ ), "committed-information-pps" arg /* PPS allowed for committed traffic */, "committed-packet-burst" arg /* Packet burst allowed for committed traffic */, "peak-information-pps" arg /* PPS allowed for peak traffic */, "peak-packet-burst" arg /* Packet burst allowed for peak traffic */ ) ) ) ) ) end rule(:three_color_policer_action) do ("high").as(:arg) ( c( "then" ( /* Action to take if the rate limits are exceeded */ c( "discard" /* Discard the packet */ ) ) ) ).as(:oneline) end rule(:timingd_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("init" | "routing-socket" | "ipc" | "configuration" | "timer" | "event" | "ptp-bmc" | "ptp-tp" | "ptp-sig" | "ptp-mgmt" | "ptp-servo" | "ptp-config" | "ptp-announce" | "ptp-sync" | "ptp-delay-req" | "ptp-delay-resp" | "ptp-sig-announce" | "ptp-sig-sync" | "ptp-sig-delay" | "ptp-tie" | "ptp-tc" | "ptp-learned-sl" | "pkt-io" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:to_fabric_object) do c( "except" /* Match traffic switched locally and not going to fabric */ ) end rule(:transaction_method_type) do enum(("method-invite" | "method-options" | "method-refer" | "method-subscribe" | "method-publish" | "method-message" | "method-register")).as(:arg) end rule(:transaction_policy_type) do arg.as(:arg) ( c( "term" arg ( /* Term definition */ c( "from" ( /* From action */ new_transaction_from_type /* From action */ ), "then" ( /* Action */ new_transaction_then_type /* Action */ ) ) ) ) ) end rule(:new_transaction_then_type) do c( "accept" /* Accept the request */, "reject" /* Reject the request */, "route" ( /* How to route the request */ route_action /* How to route the request */ ), "trace" /* Trace messages accepted on this policy */, "admission-control" arg /* Admission controller for the request */, "message-manipulation" ( /* Definitions of forward and reverse manipulations */ c( "forward-manipulation" arg, "reverse-manipulation" arg ) ), "signaling-realm" arg /* Signaling realm */, "on-3xx-response" ( /* Behavior on receiving a 3XX Response */ c( c( "recursion-limit" arg /* The number of recursion to manage */ ) ) ) ) end rule(:route_action) do c( "next-hop" ( c( c( "address" ( /* Static route by IP address */ routing_destination_address /* Static route by IP address */ ), "request-uri" /* Route by request-uri */, "sip-based" /* Routing based on the SIP procedures */ ) ) ), "egress-service-point" arg /* Exit point */, "server-cluster" arg /* Cluster name */ ) end rule(:transport_protocol) do c( c( "udp", "tcp" ) ) end rule(:tty_port_object) do c( "authentication-order" ( ("radius" | "tacplus" | "password") ), "log-out-on-disconnect" /* Log out the console session when cable is unplugged */, "port-type" ( /* Switch console between RJ45 and mini-USB */ ("rj45" | "mini-usb") ), "disable" /* Disable console */, "insecure" /* Disallow superuser access */, "speed" ( /* Speed of the port */ ("1200" | "2400" | "4800" | "9600" | "19200" | "38400" | "57600" | "115200") ), "type" ( /* Terminal type */ ("ansi" | "vt100" | "small-xterm" | "xterm") ), "silent-with-modem" /* Make the console silent if modem is connected and no call is present on the modem */ ) end rule(:tunable_object) do arg.as(:arg) ( c( "tunable-value" arg /* Protocol tunable value */ ) ) end rule(:tunnel_end_point) do arg.as(:arg) ( c( c( "ipv6" ( /* Enter an IPv6 tunnel */ c( "source-address" ( /* Tunnel source address */ ipv6addr /* Tunnel source address */ ), "destination-address" ( /* Tunnel destination address */ ipv6prefix /* Tunnel destination address */ ) ) ), "ipv4" ( /* Enter an IPv4 tunnel */ c( "source-address" ( /* Tunnel source address */ ipv4addr /* Tunnel source address */ ), "destination-address" ( /* Tunnel destination address */ ipv4prefix /* Tunnel destination address */ ) ) ) ), c( "gre" ( /* Tunnel is GRE */ c( "key" arg /* Key for authentication */ ) ), "gre-in-udp" ( /* Tunnel is GRE-in-UDP */ c( "source-port" arg /* UDP source port */, "destination-port" arg /* UDP destination port */, "key" arg /* GRE key for authentication */ ) ) ) ) ) end rule(:tunnel_interface_type) do arg.as(:arg) end rule(:twamp_authentication_key_chain) do arg.as(:arg) ( c( "key-id" arg ( /* Authentication element configuration */ c( "secret" arg /* Authentication key */ ) ) ) ) end rule(:unified_edge_gateway_diameter) do c( "network-element" arg ( /* Diameter network element configuration per mobile gateway */ c( "session-pics" ( /* Session MS-PICs to serve this Diameter network element */ unified_edge_gateway_diameter_ne_session_pics /* Session MS-PICs to serve this Diameter network element */ ) ) ) ) end rule(:unified_edge_gateway_diameter_ne_session_pics) do c( "group" arg ( /* Diameter network element Multiservice PIC group */ c( "session-pic" arg /* Multiservice PICs serving the Diameter network element in this group */ ) ) ) end rule(:unified_edge_ggsn_pgw_system) do c( "pfes" ( /* Packet forwarding engines used for anchoring */ c( "interface" arg ( /* Interface representing packet forwarding engine */ c( "service-mode" ( /* Service mode */ ("maintenance") ) ) ) ) ), "session-pics" ( /* Multiservice PICs used for anchoring control sessions */ c( "interface" arg ( /* Interface representing multiservice PIC */ c( "service-mode" ( /* Service mode */ ("maintenance") ) ) ) ) ), "service-pics" ( /* Multiservice PICs used for anchoring service related data sessions */ c( "interface" arg ( /* Interface representing multiservice PIC */ c( "service-mode" ( /* Service mode */ ("maintenance") ) ) ) ) ) ) end rule(:unified_edge_mobile_options) do c( "traceoptions" ( /* Mobility config and operational command daemon trace options */ mobiled_traceoptions /* Mobility config and operational command daemon trace options */ ) ) end rule(:mobiled_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "protocol" | "init" | "error" | "all")) ( /* Tracing parameters */ sc( "send" /* Trace transmitted packets */, "receive" /* Trace received packets */, "detail" /* Trace detailed information */, "disable" /* Disable this trace flag */ ) ).as(:oneline) ) end rule(:unified_edge_pcef) do c( "traceoptions" ( /* Trace options related to PCEF */ pcef_traceoptions /* Trace options related to PCEF */ ), "event-trigger-profiles" ( /* Event trigger profiles */ c( evt_trigger_profile ) ), "flow-descriptions" ( /* PCC flow descriptions */ c( pcc_flow ) ), "pcc-action-profiles" ( /* PCC action profiles */ c( pcc_action_profile ) ), "pcc-rules" ( /* PCC rules */ c( pcc_rule ) ), "pcc-rulebases" ( /* PCC rulebases */ c( pcc_rulebase ) ), "profiles" ( /* PCEF profiles */ c( pcef_profiles ) ), "pcc-time-of-day-profiles" ( /* PCEF Time Of Day profiles */ c( pcef_time_of_day_profile ) ) ) end rule(:pcef_time_of_day_profile) do arg.as(:arg) ( c( "rule-activation-time" ( /* Rule Activation Time of this profile */ pcef_tod_time_type /* Rule Activation Time of this profile */ ), "rule-deactivation-time" ( /* Rule Dectivation Time of this profile */ pcef_tod_time_type /* Rule Dectivation Time of this profile */ ) ) ) end rule(:pcef_tod_time_type) do c( c( "SUNDAY" /* Sunday */, "MONDAY" /* Monday */, "TUESDAY" /* Tuesday */, "WEDNESDAY" /* Wednesday */, "THURSDAY" /* Thursday */, "FRIDAY" /* Friday */, "SATURDAY" /* Saturday */, "DAY1" /* 1st of the month */, "DAY2" /* 2nd of the month */, "DAY3" /* 3rd of the month */, "DAY4" /* 4th of the month */, "DAY5" /* 5th of the month */, "DAY6" /* 6th of the month */, "DAY7" /* 7th of the month */, "DAY8" /* 8th of the month */, "DAY9" /* 9th of the month */, "DAY10" /* 10th of the month */, "DAY11" /* 11th of the month */, "DAY12" /* 12th of the month */, "DAY13" /* 13th of the month */, "DAY14" /* 14th of the month */, "DAY15" /* 15th of the month */, "DAY16" /* 16th of the month */, "DAY17" /* 17th of the month */, "DAY18" /* 18th of the month */, "DAY19" /* 19th of the month */, "DAY20" /* 20th of the month */, "DAY21" /* 21st of the month */, "DAY22" /* 22nd of the month */, "DAY23" /* 23rd of the month */, "DAY24" /* 24th of the month */, "DAY25" /* 25th of the month */, "DAY26" /* 26th of the month */, "DAY27" /* 27th of the month */, "Last-day-of-month" /* Last day of the month */ ), c( "JANUARY" /* January */, "FEBRUARY" /* February */, "MARCH" /* March */, "APRIL" /* April */, "MAY" /* May */, "JUNE" /* June */, "JULY" /* July */, "AUGUST" /* August */, "SEPTEMBER" /* September */, "OCTOBER" /* October */, "NOVEMBER" /* November */, "DECEMBER" /* December */ ), date /* Time of the day in hh:mm format */ ) end rule(:unified_edge_sgw_system) do c( "pfes" ( /* Packet forwarding engines used for anchoring */ c( "interface" arg ( /* Interface representing packet forwarding engine */ c( "service-mode" ( /* Service mode */ ("maintenance") ) ) ) ) ), "session-pics" ( /* Multiservice PICs used for anchoring control sessions */ c( "interface" arg ( /* Interface representing multiservice PIC */ c( "service-mode" ( /* Service mode */ ("maintenance") ) ) ) ) ) ) end rule(:unified_edge_tdf) do arg.as(:arg) ( c( "service-mode" ( /* Service mode */ ("maintenance") ), "system" ( /* System parameters */ unified_edge_tdf_system /* System parameters */ ), "call-rate-statistics" ( /* Call-rate-statistics options */ c( "interval" arg /* Time interval in minutes */, "history" arg /* Number of intervals */ ) ), "traceoptions" ( /* Trace options related to subscriber management */ mobile_smd_traceoptions /* Trace options related to subscriber management */ ), "cac" ( /* TDF cac configuration */ c( "maximum-subscribers" arg /* Maximum number of TDF subscribers */, "maximum-subscribers-trap-percentage" arg /* Percentage of Maximum subscribers */, "memory" ( /* Memory threshold configuration */ c( "percentage" arg /* Memory threshold */ ) ), "cpu" ( /* CPU threshold configuration */ c( "percentage" arg /* CPU threshold */ ) ) ) ), "charging" ( /* TDF charging profile definitions */ c( "traceoptions" ( /* Charging trace options */ charging_traceoptions /* Charging trace options */ ), "charging-profiles" ( /* Charging profile */ c( juniper_charging_profiles ) ), "transport-profiles" ( /* Transport profile definition */ c( juniper_transport_profiles ) ) ) ), "domains" ( /* TDF domains configuration */ c( tdf_domain ) ), "domain-selection" ( /* TDF domain selection */ c( "term" arg ( /* Define a domain selection term */ c( "from" ( /* Define match criteria */ domain_sel_match_object /* Define match criteria */ ), "then" ( /* Action to take if the 'from' condition is matched */ c( "domain" arg /* TDF domain name */, "pcef-profile" arg /* PCEF profile name */ ) ) ) ) ) ), "aaa" ( /* AAA related configuration */ c( "clients" ( /* AAA radius clients */ c( arg /* AAA radius client */ ) ), "snoop-segments" ( /* AAA radius snoop segments */ c( arg /* AAA radius snoop segment */ ) ) ) ) ) ) end rule(:domain_sel_match_object) do c( "client" arg /* AAA Radius client */, "snoop-segment" arg /* AAA Radius snoop-segment */, "user-name" ( /* Radius avp user-name */ sc( c( "equals" ( /* Attribute match options */ c( arg ) ), "has-prefix" ( /* Attribute match options */ c( arg ) ), "has-suffix" ( /* Attribute match options */ c( arg ) ), "matches" ( /* Attribute match options */ c( arg ) ) ) ) ).as(:oneline), "nas-ip-address" ( /* Radius avp nas-ip-address */ sc( "equals" ( /* Attribute match options */ c( ipv4prefix /* IPv4 address/prefix value */ ) ) ) ).as(:oneline), "calling-station-id" ( /* Radius avp calling-station-id */ sc( c( "equals" ( /* Attribute match options */ c( arg ) ), "has-prefix" ( /* Attribute match options */ c( arg ) ), "has-suffix" ( /* Attribute match options */ c( arg ) ), "matches" ( /* Attribute match options */ c( arg ) ) ) ) ).as(:oneline), "called-station-id" ( /* Radius avp called-station-id */ sc( c( "equals" ( /* Attribute match options */ c( arg ) ), "has-prefix" ( /* Attribute match options */ c( arg ) ), "has-suffix" ( /* Attribute match options */ c( arg ) ), "matches" ( /* Attribute match options */ c( arg ) ) ) ) ).as(:oneline), "class" ( /* Radius avp class */ sc( c( "equals" ( /* Attribute match options */ c( arg ) ), "has-prefix" ( /* Attribute match options */ c( arg ) ), "has-suffix" ( /* Attribute match options */ c( arg ) ), "matches" ( /* Attribute match options */ c( arg ) ) ) ) ).as(:oneline), "threegpp-imsi" ( /* Radius avp 3gpp-imsi */ sc( c( "equals" ( /* Attribute match options */ c( arg ) ), "has-prefix" ( /* Attribute match options */ c( arg ) ), "has-suffix" ( /* Attribute match options */ c( arg ) ), "matches" ( /* Attribute match options */ c( arg ) ) ) ) ).as(:oneline), "framed-ip-address" ( /* Radius avp framed-ip-address */ sc( "equals" ( /* Attribute match options */ c( ipv4prefix /* IPv4 address/prefix value */ ) ) ) ).as(:oneline), "framed-ipv6-prefix" ( /* Radius avp framed-ipv6-prefix */ sc( "equals" ( /* Attribute match options */ c( ipv6prefix /* IPv6 address/prefix value */ ) ) ) ).as(:oneline), "attribute" arg ( /* Custom radius attributes */ c( "code" arg /* Attribute code */, "vendor-id" arg /* Attribute vendor-id */, "format" ( /* Attribute format */ sc( c( "string" ( /* Format string */ c( c( "equals" ( /* Attribute match options */ c( arg ) ), "has-prefix" ( /* Attribute match options */ c( arg ) ), "has-suffix" ( /* Attribute match options */ c( arg ) ), "matches" ( /* Attribute match options */ c( arg ) ) ) ) ), "time" ( /* Format time */ c( c( "equals" ( /* Attribute match options */ c( time /* Time value */ ) ), "greater-than" ( /* Attribute match options */ c( time /* Time value */ ) ), "less-than" ( /* Attribute match options */ c( time /* Time value */ ) ) ) ) ), "integer" ( /* Format integer */ c( c( "equals" ( /* Attribute match options */ c( arg /* Integer value */ ) ), "greater-than" ( /* Attribute match options */ c( arg /* Integer value */ ) ), "less-than" ( /* Attribute match options */ c( arg /* Integer value */ ) ) ) ) ), "v4address" ( /* Format v4address */ c( "equals" ( /* Attribute match options */ c( ipv4prefix /* IPv4 address/prefix value */ ) ) ) ), "v6prefix" ( /* Format v6prefix */ c( "equals" ( /* Attribute match options */ c( ipv6prefix /* IPv6 address/prefix value */ ) ) ) ), "v6address" ( /* Format v6address */ c( "equals" ( /* Attribute match options */ c( ipv6prefix /* IPv6 address/prefix value */ ) ) ) ) ) ) ).as(:oneline) ) ) ) end rule(:tdf_domain) do arg.as(:arg) ( c( "subscriber-type" ( /* Specify subscriber type */ ("ip" | "ifl") ), "subscriber-exclude-prefix" ( /* Exclude subscriber address prefix */ c( "family" ( /* Address family */ c( "inet" ( /* IPv4 address configuration */ c( "network" arg /* Specify IPv4 network prefix */ ) ), "inet6" ( /* IPv6 address pool configuration */ c( "network" arg /* Specify IPv6 network prefix */ ) ) ) ) ) ), "pcef-profile" arg /* PCEF profile for the TDF domain */, "tdf-interface" ( /* TDF interface */ interface_unit /* TDF interface */ ), "maximum-bit-rate" ( /* Default subscriber policy for TDF traffic */ c( "uplink" arg /* Maximum bit rate uplink */, "downlink" arg /* Maximum bit rate downlink */ ) ), "burst-size" ( /* Default Subscriber Burst Size for TDF traffic */ c( "uplink" arg /* Subscriber burst size uplink */, "downlink" arg /* Subscriber burst size downlink */ ) ), "charging-profile" arg /* Charging profile for the domain */, "service-mode" ( /* Service mode */ ("maintenance") ), "call-rate-statistics" ( /* Call-rate-statistics options */ c( "interval" arg /* Time interval in minutes */, "history" arg /* Number of intervals */ ) ), "ip-subscriber" ( /* Configure ip subscriber */ c( "access-interfaces" arg /* Access facing interfaces */, "subscriber-attach-method" ( /* Specify subscriber attach method */ ("radius-accounting" | "packet-triggered" | "pcrf-initiated") ), "subscription-id" ( /* Specify subscription id options */ c( "subscription-id-options" ( /* Subscription id options sets */ subscription_id_set /* Subscription id options sets */ ), "constant" ( /* Constant string for subscription-id */ sc( arg ) ).as(:oneline), "use-class-regular-expression" arg /* Regular expression for Class attribute parsing */, "use-class" ( c( "regex" arg /* Regular expression for Class attribute parsing */, "pattern" arg /* Substitution template to use with regular expression */, "subscription-id-type" ( /* Subscription id type */ ("imsi" | "msisdn" | "nai" | "sip-uri" | "private") ) ) ) ) ), "immediate-accounting-response" ( /* Enable/disable immediate RADIUS response message */ ("enable" | "disable") ), "subscriber-address" ( /* Specify the subscriber address information */ c( "inet" ( /* Specify address pool name for IPv4 */ c( "pool" arg ) ), "inet6" ( /* Specify address pool name for IPv6 */ c( "pool" arg ) ) ) ), "maximum-subscribers" arg /* Maximum TDF subscribers */, "idle-timeout" arg /* Session idle timeout value */, "default-local-policy" ( /* Default local policy for TDF traffic */ c( "flow-action" ( /* Flow action */ ("forward" | "drop") ), "maximum-bit-rate" ( /* Maximum bit rate */ sc( "uplink" arg /* Maximum bit rate uplink */, "downlink" arg /* Maximum bit rate downlink */ ) ).as(:oneline), "burst-size" ( /* Burst Size for TDF traffic */ c( "uplink" arg /* Burst size uplink */, "downlink" arg /* Burst size downlink */ ) ) ) ) ) ), "ifl-subscriber" ( /* IFL subscriber configuration */ c( tdf_ifl_subscriber ) ) ) ) end rule(:subscription_id_set) do arg.as(:arg) ( c( "id-components" ( /* Subscription id components */ ("use-imsi" | "use-msisdn" | "use-nai" | "use-username" | "use-realm" | "use-nas-port" | "use-nas-port-id" | "use-class") ) ) ) end rule(:tdf_ifl_subscriber) do arg.as(:arg) ( c( "access-interfaces" arg /* Access facing interfaces */ ) ) end rule(:unified_edge_tdf_system) do c( "session-pics" ( /* Multiservice PICs used for anchoring control sessions */ c( "interface" arg ( /* Interface representing multiservice PIC */ c( "service-mode" ( /* Service mode */ ("maintenance") ) ) ) ) ), "service-pics" ( /* Multiservice PICs used for anchoring service related data sessions */ c( "interface" arg ( /* Interface representing multiservice PIC */ c( "service-mode" ( /* Service mode */ ("maintenance") ) ) ) ) ) ) end rule(:upgrade_group_fpcs) do arg.as(:arg) ( c( "fpcs" arg /* FPCs to be upgraded as a group in this member */ ) ) end rule(:upgrade_group_type) do arg.as(:arg) ( c( "satellite" arg /* Satellite slot-id or range or all */ ) ) end rule(:urlf_profile_object) do arg.as(:arg) ( c( "feed-name" arg /* Name of feed */, "url-filter-database" arg /* Full path of the file */, "global-dns-filter-stats-log-timer" arg /* Global DNS filtering statistics log timer in minutes */, "security-intelligence-policy" ( /* Use the database supplied by security intelligence for blacklisted traffic. */ c( "file-type" ( ("txt" | "json") ), "threat-level" ( /* Define a URL filtering threat level */ threat_level_object /* Define a URL filtering threat level */ ) ) ), "dns-filter" ( /* DNS filter information */ dns_filter_object /* DNS filter information */ ), "url-filter-template" ( /* URL filter template */ urlf_template_object /* URL filter template */ ), "dns-filter-template" ( /* DNS filter template */ dnsf_template_object /* DNS filter template */ ) ) ) end rule(:dns_filter_object) do c( "database-file" arg /* Full path of the DNS filter database file */, "dns-server" ( /* One or more DNS servers addresses */ ipaddr /* One or more DNS servers addresses */ ), "hash-key" ( /* Define hash key for domains key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline), "hash-method" ( /* Define authentication algorithm */ ("hmac-sha2-256") ), "statistics-log-timer" arg /* DNS log timer in minutes */, "dns-resp-ttl" arg /* TTL to be used in DNS response */, "wildcarding-level" arg /* Wildcarding level for exact match */, "txt-resp-err-code" ( /* Text response error code */ ("Noerror" | "Refused") ), "srv-resp-err-code" ( /* Server response error code */ ("Noerror" | "Refused") ) ) end rule(:dnsf_template_object) do arg.as(:arg) ( c( "feed-name" arg /* Name of feed */, "dns-filter" ( /* DNS filter information */ dns_filter_object /* DNS filter information */ ), "client-interfaces" ( /* Client facing interfaces on which the dns filtering is applied */ interface_unit /* Client facing interfaces on which the dns filtering is applied */ ), "server-interfaces" ( /* Server facing interfaces to which traffic destined to */ interface_unit /* Server facing interfaces to which traffic destined to */ ), "client-routing-instance" ( /* Routing instance name */ (arg | "inet.0") ), "server-routing-instance" ( /* Routing instance name */ (arg | "inet.0") ), "term" arg ( /* Define a DNS filtering term */ c( "feed-name" arg /* Name of feed */, "from" ( /* Define match criteria */ dnsf_match_object /* Define match criteria */ ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "dns-sinkhole" /* DNS sinkhole */ ) ) ) ) ) ) ) end rule(:dnsf_match_object) do c( "src-ip-prefix" ( /* Source IP Prefix list specification */ ipprefix /* Source IP Prefix list specification */ ) ) end rule(:threat_level_object) do arg.as(:arg) ( c( "threat-action" ( /* Action to be taken for the given threat level */ c( c( "accept" /* Accept */, "log" /* Log */, "drop" /* Drop */, "drop-and-log" /* Drop and log */, "drop-and-sample" /* Drop and sample */, "drop-log-and-sample" /* Drop log and sample */, "log-and-sample" /* Log and sample */, "sample" /* Push packets to sampling collector */ ) ) ) ) ) end rule(:urlf_template_object) do arg.as(:arg) ( c( "client-interfaces" ( /* Client facing interfaces on which the url filtering is applied */ interface_unit /* Client facing interfaces on which the url filtering is applied */ ), "server-interfaces" ( /* Server facing interfaces to which traffic destined to */ interface_unit /* Server facing interfaces to which traffic destined to */ ), "dns-source-interface" ( /* Interface on which the DNS queries are originated */ interface_unit /* Interface on which the DNS queries are originated */ ), "dns-routing-instance" ( /* Routing instance for DNS queries */ (arg | "inet.0") ), "client-routing-instance" ( /* Routing instance name */ (arg | "inet.0") ), "dns-server" ( /* One or more DNS servers addresses */ ipaddr /* One or more DNS servers addresses */ ), "dns-resolution-interval" arg /* DNS resolution timer in minutes */, "dns-retries" arg /* DNS resolution attempts */, "dns-resolution-rate" arg /* DNS resolution rate per chunk interval */, "url-filter-database" arg /* Full path of the file */, "disable-url-ip-filtering" /* Disable filtering of IPs belonging to blocklisted domains */, "security-intelligence-policy" ( /* Use the database supplied by security intelligence */ c( "threat-level" ( /* Define a URL filtering threat level */ template_threat_level_object /* Define a URL filtering threat level */ ) ) ), "term" arg ( /* Define a url filtering term */ c( "from" ( /* Define match criteria */ urlf_match_object /* Define match criteria */ ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "redirect-url" arg /* Redirect URL */, "custom-page" arg /* Custome page string */, "http-status-code" arg /* HTTP status code value */, "tcp-reset" /* TCP Reset */, "accept" /* Accept */ ) ) ) ) ) ) ) end rule(:template_threat_level_object) do arg.as(:arg) ( c( "threat-action" ( /* Action to be taken for the given threat level */ c( c( "drop-and-sample" /* Drop and sample */, "sample" /* Push packets to sampling collector */ ) ) ) ) ) end rule(:urlf_match_object) do c( "src-ip-prefix" ( /* Source IP Prefix list specification */ ipprefix /* Source IP Prefix list specification */ ), "dest-ports" arg /* Destination port list specification */ ) end rule(:urlf_traceoptions_object) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("normal" | "config" | "dns" | "timer" | "connect" | "parse" | "statistics" | "system" | "operational-commands" | "filter" | "gencfg" | "routing" | "snmp" | "all")) /* Tracing flag parameters */.as(:oneline) ) end rule(:v3_user_config) do arg.as(:arg) ( c( c( "authentication-md5" ( /* Configure MD5 authentication */ auth_object /* Configure MD5 authentication */ ), "authentication-sha" ( /* Configure SHA authentication */ auth_object /* Configure SHA authentication */ ), "authentication-sha224" ( /* Configure SHA224 authentication */ auth_object /* Configure SHA224 authentication */ ), "authentication-sha256" ( /* Configure SHA256 authentication */ auth_object /* Configure SHA256 authentication */ ), "authentication-sha384" ( /* Configure SHA384 authentication */ auth_object /* Configure SHA384 authentication */ ), "authentication-sha512" ( /* Configure SHA512 authentication */ auth_object /* Configure SHA512 authentication */ ), "authentication-none" /* Set no authentication for the user */ ), c( "privacy-des" ( /* Configure DES privacy */ priv_object /* Configure DES privacy */ ), "privacy-3des" ( /* Configure Triple DES privacy */ priv_object /* Configure Triple DES privacy */ ), "privacy-aes128" ( /* Configure AES128 privacy */ priv_object /* Configure AES128 privacy */ ), "privacy-none" /* Set no privacy for the user */ ) ) ) end rule(:auth_object) do c( "authentication-password" arg /* User's authentication password */, "authentication-key" ( /* Encrypted key used for user authentication */ unreadable /* Encrypted key used for user authentication */ ) ) end rule(:priv_object) do c( "privacy-password" arg /* User's privacy password */, "privacy-key" ( /* Encrypted key used for user privacy */ unreadable /* Encrypted key used for user privacy */ ) ) end rule(:v6_relay_option_interface_id_type) do c( "prefix" ( /* Add prefix to circuit/interface-id or remote-id */ c( "host-name" /* Add router host name to circuit / interface-id or remote-id */, "logical-system-name" /* Add logical system name to circuit / interface-id or remote-id */, "routing-instance-name" /* Add routing instance name to circuit / interface-id or remote-id */ ) ), "use-interface-description" ( /* Use interface description instead of circuit identifier */ ("logical" | "device") ), "use-vlan-id" /* Use VLAN id instead of name */, "no-vlan-interface-name" /* Not include vlan or interface name */, "include-irb-and-l2" /* Include IRB and L2 interface name */, "use-option-82" ( /* Use option-82 circuit-id for interface-id */ v6_relay_option_cid_rid_action /* Use option-82 circuit-id for interface-id */ ), "keep-incoming-interface-id" ( /* Keep incoming interface identifier */ v6_relay_option_cid_rid_action /* Keep incoming interface identifier */ ) ) end rule(:v6_relay_option_cid_rid_action) do c( "strict" /* Drop packet if id not present */ ) end rule(:v6_relay_option_remote_id_type) do c( "prefix" ( /* Add prefix to circuit/interface-id or remote-id */ c( "host-name" /* Add router host name to circuit / interface-id or remote-id */, "logical-system-name" /* Add logical system name to circuit / interface-id or remote-id */, "routing-instance-name" /* Add routing instance name to circuit / interface-id or remote-id */ ) ), "use-interface-description" ( /* Use interface description instead of circuit identifier */ ("logical" | "device") ), "use-vlan-id" /* Use VLAN id instead of name */, "no-vlan-interface-name" /* Not include vlan or interface name */, "include-irb-and-l2" /* Include IRB and L2 interface name */, "use-option-82" ( /* Use option-82 remote-id for v6 remote-id */ v6_relay_option_cid_rid_action /* Use option-82 remote-id for v6 remote-id */ ), "keep-incoming-remote-id" /* Keep incoming remote identifier */ ) end rule(:v6_server_group_type) do c( c( arg /* IP Address of one or more DHCP servers */ ) ) end rule(:v6rd_object) do arg.as(:arg) ( c( "softwire-address" ( /* Softwire concentrator IPV4 prefix */ ipv4addr /* Softwire concentrator IPV4 prefix */ ), "ipv4-prefix" ( /* 6rd customer edge IPV4 prefix */ ipv4prefix /* 6rd customer edge IPV4 prefix */ ), "v6rd-prefix" ( /* 6rd domain's IPV6 prefix */ ipv6prefix /* 6rd domain's IPV6 prefix */ ), "mtu-v4" arg /* MTU for the softwire tunnel */ ) ) end rule(:vchassis_trace_file_type) do c( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ).as(:oneline) end rule(:vendor_object) do arg.as(:arg) ( c( "product-name" arg /* Values for product field */ ) ) end rule(:version_ipfix_template) do arg.as(:arg) ( c( "flow-active-timeout" arg /* Interval after which active flow is exported */, "flow-inactive-timeout" arg /* Period of inactivity that marks a flow inactive */, "template-id" arg /* Template id */, "option-template-id" arg /* Options template id */, "observation-domain-id" arg /* Observation Domain Id */, "nexthop-learning" ( /* Nexthop learning parameter. Valid ONLY for INLINE-JFLOW */ c( ("enable" | "disable") ) ), "template-refresh-rate" ( /* Template refresh rate */ c( "packets" arg /* In number of packets */, "seconds" arg /* In number of seconds */ ) ), "option-refresh-rate" ( /* Option template refresh rate */ c( "packets" arg /* In number of packets */, "seconds" arg /* In number of seconds */ ) ), c( "ipv4-template" ( /* IPv4 template configuration */ c( "export-extension" ( /* IPv4 template configuration with extra fields added to the template */ c( c( "flow-dir" /* Flow-direction field type */, "app-id" /* Applicationid field type */ ) ) ) ) ), "ipv6-template" ( /* IPv6 template configuration */ c( "export-extension" ( /* IPv6 template configuration with extra fields added to the template */ c( c( "flow-dir" /* Flow-direction field type */, "app-id" /* Applicationid field type */ ) ) ) ) ), "vpls-template" /* VPLS template configuration */, "bridge-template" /* BRIDGE template configuration */, "mpls-template" ( /* MPLS template configuration */ c( "label-position" arg /* One or more MPLS label positions */ ) ), "mpls-ipv4-template" ( /* MPLS-IPv4 template must be configured only for MS-MIC and MS-MPC based line cards */ c( "label-position" arg /* One or more MPLS label positions */ ) ) ), "tunnel-observation" ( /* Tunnel observation */ c( "mpls-over-udp" /* Mpls-over-udp */, "ipv4" /* IPv4 */, "ipv6" /* IPv6 */ ) ), "flow-key" ( /* Flow key for the template. Valid ONLY for INLINE-JFLOW */ c( "flow-direction" /* Include flow direction */, "vlan-id" /* Include vlan ID */, "output-interface" /* Include output interface */ ) ) ) ) end rule(:version9_template) do arg.as(:arg) ( c( "flow-active-timeout" arg /* Interval after which active flow is exported */, "flow-inactive-timeout" arg /* Period of inactivity that marks a flow inactive */, "template-id" arg /* Template id */, "option-template-id" arg /* Options template id */, "source-id" arg /* Source Id */, "nexthop-learning" ( /* Nexthop learning parameter. Valid ONLY for INLINE-JFLOW */ c( ("enable" | "disable") ) ), "template-refresh-rate" ( /* Template refresh rate */ c( "packets" arg /* In number of packets */, "seconds" arg /* In number of seconds */ ) ), "option-refresh-rate" ( /* Option template refresh rate */ c( "packets" arg /* In number of packets */, "seconds" arg /* In number of seconds */ ) ), c( "mpls-ipv4-template" ( /* MPLS-IPv4 template must be configured only for MS-MIC and MS-MPC based line cards */ c( "label-position" arg /* One or more MPLS label positions */ ) ), "mpls-template" ( /* MPLS template configuration */ c( "label-position" arg /* One or more MPLS label positions */ ) ), "ipv6-template" ( /* IPv6 template configuration */ c( "export-extension" ( /* IPv6 template configuration with extra fields added to the template */ c( c( "flow-dir" /* Applicationid field type */, "app-id" /* Applicationid field type */ ) ) ), "nexthop-options" ( /* Additional information retrieved from nexthop */ c( c( "mpls" ( /* MPLS information retrieved from nexthop */ c( "label-position" arg /* One or more MPLS label positions */ ) ) ) ) ) ) ), "peer-as-billing-template" /* Peer AS billing template configuration */, "ipv4-template" ( /* IPv4 template configuration */ c( "export-extension" ( /* IPv4 template configuration with extra fields added to the template */ c( c( "flow-dir" /* Applicationid field type */, "app-id" /* Applicationid field type */ ) ) ), "nexthop-options" ( /* Additional information retrieved from nexthop */ c( c( "mpls" ( /* MPLS information retrieved from nexthop */ c( "label-position" arg /* One or more MPLS label positions */ ) ) ) ) ) ) ), "vpls-template" /* VPLS template configuration */, "bridge-template" /* BRIDGE template configuration */ ), "tunnel-observation" ( /* Tunnel observation */ c( "mpls-over-udp" /* Mpls-over-udp */, "ipv4" /* IPv4 */, "ipv6" /* IPv6 */ ) ), "flow-key" ( /* Flow key for the template. Valid ONLY for INLINE-JFLOW */ c( "flow-direction" /* Include flow direction */, "vlan-id" /* Include vlan ID */, "output-interface" /* Include output interface */ ) ) ) ) end rule(:virtual_interface_indications_object) do c( "virtual-interface-up" ( pgcp_virtual_interface_up_object ), "virtual-interface-down" ( pgcp_virtual_interface_down_object ) ) end rule(:pgcp_virtual_interface_down_object) do c( "graceful" ( /* Configure graceful service change */ ("none" | "graceful-905") ), "administrative" ( /* Configure administrative service change */ ("forced-905" | "forced-906" | "none") ), "failure" ( /* Configure failure service change */ ("forced-904" | "forced-906" | "none") ), "link-loss" ( /* Configure link-loss service change */ ("forced-906" | "none") ) ) end rule(:pgcp_virtual_interface_up_object) do c( "warm" ( /* Configure warm-boot service change */ ("restart-900" | "none") ), "cancel-graceful" ( /* Configure cancel-graceful service change */ ("none" | "restart-918") ) ) end rule(:vlan_policy) do (arg | "all").as(:arg) ( c( "policy" ( /* Attach policy */ c( arg /* Router Advertisement Guard policy name */, c( "stateful" /* Stateful router advertisement guard */, "stateless" /* Stateless router advertisement guard */ ) ) ) ) ) end rule(:vlan_slaacd) do (arg | "all").as(:arg) end rule(:vlan_types) do arg.as(:arg) ( c( "description" arg /* Text description of VLANs */, c( "vlan-id" ( /* IEEE 802.1q VLAN identifier for VLAN */ ("all" | "none" | arg) ), "vlan-id-list" arg /* Create VLAN for each of the vlan-id specified in the vlan-id-list */, "vlan-tags" ( /* IEEE 802.1q VLAN tags for VLANs */ sc( "outer" arg /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */, "inner" arg /* [tpid.]vlan-id, tpid format is 0xNNNN and is optional */ ) ).as(:oneline) ), "interface" ("$junos-interface-name" | arg) /* Interface name for this VLAN */, "l3-interface" ( /* L3 interface name for this vlans */ interface_unit /* L3 interface name for this vlans */ ), "no-local-switching" /* Disable local switching within CE-facing interfaces */, "forwarding-options" ( /* Forwarding options configuration */ juniper_ethernet_switching_forwarding_options /* Forwarding options configuration */ ), "multicast-snooping-options" ( /* Multicast snooping option configuration */ juniper_multicast_snooping_options /* Multicast snooping option configuration */ ), "switch-options" ( /* VLANs switch-options configuration */ juniper_protocols_vlan /* VLANs switch-options configuration */ ), "domain-type" ( /* Type of VLANs SVLAN/DVLAN */ ("bridge") ), "no-irb-layer-2-copy" /* Disable transmission of layer-2 copy of packets of IRB routing-interface */, "service-id" arg /* Service id required if VLAN is of type MC-AE, and vlan-id all or vlan-id none or vlan-tags is configured */, "domain-id" arg /* Domain-id for auto derived Route Target */, "mcae-mac-synchronize" /* Enable IRB MAC synchronization in this VLAN */, "proxy-mac" ( /* Proxy MAC settings */ c( "irb" /* Reply with virtual-gateway MAC or IRB MAC */, mac_unicast /* Reply with configured MAC for all requests */ ) ), "mcae-mac-flush" /* Enable IRB MAC flush in a/s mode for this VLAN on MCAE link up */, "private-vlan" ( /* Type of secondary vlan for private vlan */ ("isolated" | "community") ), "isolated-vlan" arg /* VLAN id or name */, "community-vlans" arg /* List of VLAN id or name */, "vxlan" ( c( "ovsdb-managed" /* Bridge-domain is managed remotely via VXLAN OVSDB Controller */, "vni" arg /* VXLAN identifier */, "translation-vni" arg /* Translated VXLAN identifier */, "multicast-group" ( /* Multicast group registered for VXLAN segment */ ipv4addr /* Multicast group registered for VXLAN segment */ ), "encapsulate-inner-vlan" /* Retain inner VLAN in the packet */, "decapsulate-accept-inner-vlan" /* Accept VXLAN packets with inner VLAN */, "unreachable-vtep-aging-timer" arg /* Unreachable VXLAN tunnel endpoint removal timer */, "ingress-node-replication" /* Enable ingress node replication */, "static-remote-vtep-list" ( /* Configure vlan specific static remote VXLAN tunnel endpoints */ ipaddr /* Configure vlan specific static remote VXLAN tunnel endpoints */ ) ) ) ) ) end rule(:juniper_ethernet_switching_forwarding_options) do c( "filter" ( /* Filtering for ethernet switching forwarding table */ c( "input" arg /* Name of input filter to apply for forwarded packets */, "output" arg /* Name of output filter to apply for forwarded packets */ ) ), "flood" ( /* Filtering for ethernet switching flood table */ c( "input" arg /* Name of input filter to apply for ethernet switching flood packets */ ) ), "dhcp-relay" ( /* Dynamic Host Configuration Protocol relay configuration */ jdhcp_relay_type /* Dynamic Host Configuration Protocol relay configuration */ ), "dhcp-security" ( /* DHCP access security configuration */ jdhcp_security_type /* DHCP access security configuration */ ), "fip-security" ( /* FCoE Initiation Protocol security configuration */ fip_security_type /* FCoE Initiation Protocol security configuration */ ) ) end rule(:fip_security_type) do c( "interface" arg ( /* Configure access port security for this interface */ c( "fcoe-trusted" /* Make this interface trusted for FCoE */, "no-fcoe-trusted" /* Don't make this interface trusted for FCoE */ ) ), "fc-map" arg /* FCoE MAC address prefix */, "examine-vn2vf" ( /* Enable FIP snooping on this VLAN */ c( "satellite" /* FIP snooping enabled for extended port */ ) ), "examine-vn2vn" ( /* Enable VN2VN FIP snooping on this VLAN */ c( "beacon-period" arg /* FCoE VN2VN beacon period */ ) ) ) end rule(:juniper_protocols_vlan) do c( "mac-table-size" ( /* Size of MAC address forwarding table */ c( arg, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop") ) ) ), "mac-ip-table-size" ( /* Size of MAC+IP bindings table */ c( arg ) ), "interface-mac-limit" ( /* Maximum MAC address learned per interface */ c( arg, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop" | "log" | "shutdown" | "drop-and-log") ) ) ), "interface-mac-ip-limit" ( /* Maximum number of MAC+IP bindings learned on the interface */ c( arg ) ), "mac-move-limit" ( /* Number of MAC movements allowed on this VLAN */ c( arg, "packet-action" ( /* Action to be taken in case the MAC movement limit is exceeded */ ("none" | "drop" | "log" | "shutdown" | "drop-and-log" | "vlan-member-shutdown") ), "interface" arg ( /* Interface that connect this site to the VPN */ c( "action-priority" arg /* Blocking priority of this interface on mac move detection */ ) ) ) ), "mac-table-aging-time" arg /* Delay for discarding MAC address if no updates are received */, "no-mac-learning" /* Disable dynamic MAC address learning */, "no-normalization" /* Disable vlan id normalization for interfaces */, "mac-statistics" /* Enable MAC address statistics */, "static-rvtep-mac" ( /* Configure Static MAC and remote VxLAN tunnel endpoint entries */ c( "mac" ( /* Unicast MAC address */ s( arg, "remote-vtep" arg /* Configure static remote VXLAN tunnel endpoints */ ) ).as(:oneline) ) ), "interface" arg ( /* Interface that connect this site to the VPN */ c( "interface-mac-limit" ( /* Maximum number of MAC addresses learned on the interface */ c( arg, "disable" /* Disable interface for interface-mac-limit */, "packet-action" ( /* Action when MAC limit is reached */ ("none" | "drop" | "log" | "shutdown" | "drop-and-log") ) ) ), "action-priority" arg /* Blocking priority of this interface on mac move detection */, "static-mac" arg ( /* Static MAC addresses assigned to this interface */ c( "vlan-id" arg /* VLAN ID of learning VLAN */ ) ), "interface-mac-ip-limit" ( /* Maximum number of MAC+IP bindings learned on the interface */ c( arg ) ), "no-mac-learning" /* Disable dynamic MAC address learning */, "mac-pinning" /* Enable MAC pinning */, "persistent-learning" /* Enable persistent MAC learning on this interface */ ) ), "traceoptions" ( /* Trace options for this bridge domain */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("configuration" | "routing-socket" | "interface-device" | "interface-logical" | "interface-family" | "learning-domain" | "ipc" | "mac-learning" | "initialization" | "flood-next-hop" | "storm-control" | "unknown-unicast-forwarding" | "all")) /* Type of operation or event to include in trace */.as(:oneline) ) ) ) end rule(:vlan_map) do c( c( "push" /* Push a VLAN tag */, "swap" /* Swap a VLAN tag */, "pop" /* Pop a VLAN tag */, "push-push" /* Push two VLAN tags */, "swap-push" /* Swap VLAN tag and push a new VLAN tag */, "swap-swap" /* Swap both outer and inner VLAN tags */, "pop-swap" /* Pop outer VLAN tag and swap inner VLAN tag */, "pop-pop" /* Pop both outer and inner VLAN tags */ ), "tag-protocol-id" arg /* IEEE 802.1q Tag Protocol Identifier to rewrite */, "inner-tag-protocol-id" ( /* IEEE 802.1q Tag Protocol ID to rewrite for inner tag */ ("$junos-inner-vlan-tag-protocol-id" | arg) ), "vlan-id" ( /* VLAN ID to rewrite */ ("$junos-vlan-map-id" | arg) ), "inner-vlan-id" ( /* VLAN ID to rewrite for inner tag */ ("$junos-inner-vlan-map-id" | arg) ) ) end rule(:vpls_filter) do arg.as(:arg) ( c( "accounting-profile" arg /* Accounting profile name */, "interface-specific" /* Defined counters are interface specific */, "physical-interface-filter" /* Filter is physical interface filter */, "instance-shared" /* Filter is routing-instance shared */, "term" arg ( /* Define a firewall term */ c( "filter" arg /* Filter to include */, "from" ( /* Define match criteria */ c( c( "interface-group" arg, "interface-group-except" arg ), c( "ether-type" ( ("ipv4" | "ipv6" | "arp" | "appletalk" | "sna" | "aarp" | "ppp" | "mpls-unicast" | "mpls-multicast" | "pppoe-discovery" | "pppoe-session" | "oam" | "fcoe" | "fip" | "vlan" | arg) ), "ether-type-except" ( ("ipv4" | "ipv6" | "arp" | "appletalk" | "sna" | "aarp" | "ppp" | "mpls-unicast" | "mpls-multicast" | "pppoe-discovery" | "pppoe-session" | "oam" | "fcoe" | "fip" | "vlan" | arg) ) ), c( "vlan-ether-type" ( ("ipv4" | "ipv6" | "arp" | "appletalk" | "sna" | "aarp" | "ppp" | "mpls-unicast" | "mpls-multicast" | "pppoe-discovery" | "pppoe-session" | "oam" | "fcoe" | "fip" | "vlan" | arg) ), "vlan-ether-type-except" ( ("ipv4" | "ipv6" | "arp" | "appletalk" | "sna" | "aarp" | "ppp" | "mpls-unicast" | "mpls-multicast" | "pppoe-discovery" | "pppoe-session" | "oam" | "fcoe" | "fip" | "vlan" | arg) ) ), "destination-mac-address" ( /* Destination MAC address */ firewall_mac_addr_object /* Destination MAC address */ ), "source-mac-address" ( /* Source MAC address */ firewall_mac_addr_object /* Source MAC address */ ), c( "forwarding-class" arg, "forwarding-class-except" arg ), c( "loss-priority" ( ("low" | "high" | "medium-low" | "medium-high") ), "loss-priority-except" ( ("low" | "high" | "medium-low" | "medium-high") ) ), c( "learn-vlan-id" arg, "learn-vlan-id-except" arg ), c( "learn-vlan-1p-priority" arg, "learn-vlan-1p-priority-except" arg ), c( "user-vlan-id" arg, "user-vlan-id-except" arg ), c( "user-vlan-1p-priority" arg, "user-vlan-1p-priority-except" arg ), c( "learn-vlan-dei" arg, "learn-vlan-dei-except" arg ), c( "traffic-type" ( ("broadcast" | "multicast" | "unknown-unicast" | "known-unicast") ), "traffic-type-except" ( ("broadcast" | "multicast" | "unknown-unicast" | "known-unicast") ) ), "ip-source-address" ( /* Match IP source address */ firewall_addr_object /* Match IP source address */ ), "ip-destination-address" ( /* Match IP destination address */ firewall_addr_object /* Match IP destination address */ ), "ip-address" ( /* Match IP source or destination address */ firewall_addr_object /* Match IP source or destination address */ ), c( "ip-protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "ip-protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "dscp" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "dscp-except" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ) ), c( "ip-precedence" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ), "ip-precedence-except" ( ("net-control" | "internet-control" | "critical-ecp" | "flash-override" | "flash" | "immediate" | "priority" | "routine" | arg) ) ), c( "source-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "source-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "destination-port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), c( "port" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "port-except" ( ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ) ), "tcp-flags" arg /* Match TCP flags */, c( "icmp-code" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ), "icmp-code-except" ( ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ) ), c( "icmp-type" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ), "icmp-type-except" ( ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ) ), "interface" ( /* Match interface name */ match_interface_object /* Match interface name */ ), "interface-set" ( /* Match interface in set */ match_interface_set_object /* Match interface in set */ ), "source-prefix-list" ( /* Match IP source prefixes in named list */ firewall_prefix_list /* Match IP source prefixes in named list */ ), "destination-prefix-list" ( /* Match IP destination prefixes in named list */ firewall_prefix_list /* Match IP destination prefixes in named list */ ), "prefix-list" ( /* Match IP source or destination prefixes in named list */ firewall_prefix_list /* Match IP source or destination prefixes in named list */ ), "ipv6-destination-address" ( /* Match IPv6 destination address */ firewall_addr6_object /* Match IPv6 destination address */ ), "ipv6-source-address" ( /* Match IPv6 source address */ firewall_addr6_object /* Match IPv6 source address */ ), "ipv6-address" ( /* Match IPv6 address */ firewall_addr6_object /* Match IPv6 address */ ), c( "ipv6-next-header" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "ipv6-next-header-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "dstopts" | "routing" | "fragment" | "hop-by-hop" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "ipv6-payload-protocol" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "ipv6" | "no-next-header" | "vrrp" | arg) ), "ipv6-payload-protocol-except" ( ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | "ipv6" | "no-next-header" | "vrrp" | arg) ) ), c( "ipv6-traffic-class" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ), "ipv6-traffic-class-except" ( ("af11" | "af12" | "af13" | "af21" | "af22" | "af23" | "af31" | "af32" | "af33" | "af41" | "af42" | "af43" | "ef" | "cs0" | "cs1" | "cs2" | "cs3" | "cs4" | "cs5" | "cs6" | "cs7" | "be" | arg) ) ), "ipv6-source-prefix-list" ( /* Match IPV6 source prefixes in named list */ firewall_prefix_list /* Match IPV6 source prefixes in named list */ ), "ipv6-destination-prefix-list" ( /* Match IPV6 destination prefixes in named list */ firewall_prefix_list /* Match IPV6 destination prefixes in named list */ ), "ipv6-prefix-list" ( /* Match IP source or destination prefixes in named list */ firewall_prefix_list /* Match IP source or destination prefixes in named list */ ), c( "flexible-match-mask" ( /* Match flexible mask */ match_l2_flexible_mask /* Match flexible mask */ ) ), c( "flexible-match-range" ( /* Match flexible range */ match_l2_flexible_range /* Match flexible range */ ) ), c( "policy-map" arg, "policy-map-except" arg ) ) ), "then" ( /* Action to take if the 'from' condition is matched */ c( c( "policer" arg /* Name of policer to use to rate-limit traffic */, "three-color-policer" ( /* Police the packet using a three-color-policer */ c( c( "single-rate" arg /* Name of single-rate three-color policer to use to rate-limit traffic */, "single-packet-rate" arg /* Name of single-packet-rate three-color policer to use to rate-limit traffic */, "two-rate" arg /* Name of two-rate three-color policer to use to rate-limit traffic */, "two-packet-rate" arg /* Name of two-packet-rate three-color policer to use to rate-limit traffic */ ) ) ), "hierarchical-policer" arg /* Name of hierarchical policer to use to rate-limit traffic */ ), c( "clear-policy-map" /* Clear the policy marking */, "policy-map" arg /* Policy map action */ ), "count" arg /* Count the packet in the named counter */, "loss-priority" ( /* Packet's loss priority */ ("low" | "high" | "medium-low" | "medium-high") ), "forwarding-class" arg /* Classify packet to forwarding class */, "port-mirror-instance" arg /* Port-mirror the packet to specified instance */, "port-mirror" /* Port-mirror the packet */, "inline-monitoring-instance" arg /* Inline monitoring to specified instance */, c( "accept" /* Accept the packet */, "discard" /* Discard the packet */, "next" ( /* Continue to next term in a filter */ ("term") ) ), "next-hop-group" arg /* Use specified next-hop group */, "sample" /* Sample the packet */, "log" /* Log the packet */, "syslog" /* System log (syslog) information about the packet */ ) ) ) ) ) ) end rule(:vrrp_group) do arg.as(:arg) ( c( c( "virtual-address" ( /* One or more virtual IPv4 addresses */ ipv4addr /* One or more virtual IPv4 addresses */ ), "virtual-inet6-address" ( /* One or more virtual inet6 addresses */ ipv6addr /* One or more virtual inet6 addresses */ ) ), "virtual-link-local-address" ( /* Virtual link-local addresses */ ipv6addr /* Virtual link-local addresses */ ), "priority" arg /* Virtual router election priority */, "preferred" /* Preferred group on subnet */, c( "advertise-interval" arg /* Advertisement interval */, "fast-interval" arg /* Fast advertisement interval */, "inet6-advertise-interval" arg /* Inet6 advertisement interval */ ), c( "preempt" ( /* Allow preemption */ c( "hold-time" arg /* Preemption hold time */ ) ), "no-preempt" /* Don't allow preemption */ ), c( "accept-data" /* Accept packets destined for virtual IP address */, "no-accept-data" /* Don't accept packets destined for virtual IP address */ ), "authentication-type" ( /* Authentication type */ ("md5" | "simple") ), "authentication-key" ( /* Authentication key */ unreadable /* Authentication key */ ), "track" ( /* Interfaces to track for VRRP group */ c( "priority-hold-time" arg /* Priority hold time */, "interface" arg ( /* Interface to track in VRRP group */ c( "bandwidth-threshold" arg ( /* Track bandwidth of interface */ sc( "priority-cost" arg /* Value subtracted from priority when bandwidth is below threshold */ ) ).as(:oneline), "priority-cost" arg /* Value to subtract from priority when interface is down */ ) ), "route" ( /* Route to track in VRRP group */ s( arg, "routing-instance" arg /* Routing instance to which route belongs, or 'default' */, c( "priority-cost" arg /* Value to subtract from priority when route is down */ ) ) ).as(:oneline) ) ), "vrrp-inherit-from" ( /* VRRP group to follow for this VRRP group */ c( "active-interface" ( /* Interface name of VRRP active group */ interface_unit /* Interface name of VRRP active group */ ), "active-group" arg /* Identifier for VRRP active group */ ) ), "advertisements-threshold" arg /* Number of vrrp advertisements missed before declaring master down */ ) ) end rule(:web_config) do c( "profile" arg ( /* Configure web secure proxy profile */ c( "proxy-address" arg ( /* Proxy server addresses */ c( "ip" ( /* IP address and prefix-length */ ipprefix /* IP address and prefix-length */ ), "port" arg /* Port number */ ) ), "dynamic-web-application" ( ("any" | arg) ), "dynamic-web-application-group" ( (arg | "any") ), "drop-on-dns-error" /* Drop Web Proxy Session on DNS error */ ) ) ) end rule(:web_proxy_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("brief" | "detail" | "extensive" | "verbose") ), "flag" enum(("cli-configuration" | "ipc" | "svc-config" | "flow-session" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:write_option_82_type) do end rule(:juniper_ethernet_options) do c( "traceoptions" ( /* Global tracing options for access security */ c( "file" ( /* Trace file options */ esp_trace_file_type /* Trace file options */ ), "flag" ("parse" | "regex-parse" | "config-internal" | "normal" | "general" | "state" | "task" | "timer" | "krt" | "vlan" | "forwarding-database" | "nexthop" | "interface" | "lib" | "stp" | "filter" | "access-security" | "rtg" | "ip-source-guard" | "analyzer" | "layer2-protocol-tunneling" | "unknown-unicast-forwarding" | "all") ( /* Tracing parameters */ sc( "disable" /* Disable this trace flag */ ) ).as(:oneline) ) ), "voip" ( /* Voice-over-IP configuration */ c( "interface" ("name" | "access-ports") ( /* Enable voice over IP on this port */ c( "vlan" arg /* VLAN for voice over IP */, "forwarding-class" arg /* Forwarding class */ ) ) ) ), "unknown-unicast-forwarding" ( /* Set interface for forwarding of unknown unicast packets */ c( "vlan" arg ( /* VLAN for the unknown unicast packets */ c( "interface" ( /* Interface to send unknown unicast packets for the VLAN */ interface_name /* Interface to send unknown unicast packets for the VLAN */ ) ) ) ) ), "dot1q-tunneling" ( /* Dot1q tunneling global options */ c( "ether-type" ( /* Dot1q Ether-type value */ ("0x8100" | "0x9100" | "0x88a8") ) ) ), "mac-notification" ( /* MAC notification options */ c( "notification-interval" arg /* Interval for sending MAC notifications */ ) ), "interfaces" ( /* Ethernet switching family interface names */ c( "esw-interface" ( /* Interface name */ esw_interface_type /* Interface name */ ) ) ), "mac-table-aging-time" ( /* MAC aging time configuration */ mac_aging_time_config /* MAC aging time configuration */ ), "nonstop-bridging" /* Enable Non stop operation */, "static" ( /* Static forwarding entries */ c( "vlan" arg ( /* VLAN static MAC entries */ c( "mac" arg ( /* Static MAC */ sc( "next-hop" ( /* Logical next-hop interface */ interface_name /* Logical next-hop interface */ ) ) ).as(:oneline) ) ) ) ), "secure-access-port" ( /* Access port security options */ c( "interface" arg ( /* Configure access port security for this interface */ c( "mac-limit" ( /* Number of MAC addresses allowed on this interface */ sc( "limit" arg /* Number of MAC addresses allowed on this interface */, "action" ( /* Action to take if limit is exceeded */ ("none" | "drop" | "log" | "shutdown") ) ) ).as(:oneline), "static-ip" ( /* Static IP address configuration */ juniper_ip_mac_static /* Static IP address configuration */ ), "allowed-mac" ( /* Allowed MAC address on this interface */ mac_addr /* Allowed MAC address on this interface */ ), "no-allowed-mac-log" /* Do not log violation of allowed MAC on this interface */, "dhcp-trusted" /* Make this interface trusted for DHCP */, "no-dhcp-trusted" /* Don't make this interface trusted for DHCP */, "fcoe-trusted" /* Make this interface trusted for FCoE */, "no-fcoe-trusted" /* Don't make this interface trusted for FCoE */, "persistent-learning" /* Enable persistent MAC learning on this interface */ ) ), "vlan" ("all" | "vlan-name") ( /* Configure access port security for this VLAN */ c( c( "arp-inspection" ( /* Enable Dynamic ARP inspection on this VLAN */ sc( "forwarding-class" arg /* Forwarding class assigned to re-injected ARP packets */ ) ).as(:oneline), "no-arp-inspection" /* Disable Dynamic ARP inspection on this VLAN */ ), c( "examine-dhcp" ( /* Enable DHCP snooping on this VLAN */ sc( "forwarding-class" arg /* Forwarding class assigned to re-injected DHCP packets */ ) ).as(:oneline), "no-examine-dhcp" /* Disable DHCP snooping on this VLAN */ ), "examine-fip" /* Enable FIP snooping on this VLAN */, "mac-move-limit" ( /* Number of MAC movements allowed on this VLAN */ sc( "limit" arg /* Number of MAC movements allowed on this VLAN */, "action" ( /* Action to be taken in case the MAC movement limit is exceeded */ ("none" | "drop" | "log" | "shutdown") ) ) ).as(:oneline), "ip-source-guard" /* Enable IP source guard on this VLAN */, "no-ip-source-guard" /* Don't enable IP source guard on this VLAN */, "dhcp-option82" ( /* Configure DHCP option 82 on this VLAN */ dhcp_option82_type /* Configure DHCP option 82 on this VLAN */ ) ) ), "dhcp-snooping-file" ( /* Configure DHCP snooping persistence file, write-interval and timeout */ c( "location" ( /* Location of DHCP snooping entries file */ filename /* Location of DHCP snooping entries file */ ), "write-interval" arg /* Time interval for writing DHCP snooping entries */, "timeout" arg /* Timeout for remote read and write operations */ ) ) ) ), "authentication-whitelist" arg ( /* MAC authentication-whitelist configuration needed to bypass Authentication */ c( "vlan-assignment" arg /* VLAN name or 802.1q tag for the MAC address */, "interface" ( /* Interface on which authentication is bypassed */ interface_name /* Interface on which authentication is bypassed */ ) ) ), "analyzer" ( /* Analyzer options */ analyzer_type /* Analyzer options */ ), "port-error-disable" ( /* Port error disable options */ c( "disable-timeout" arg /* Timeout for which the port is disabled */ ) ), "bpdu-block" ( /* Block BPDU on interface (BPDU Protect) */ c( "interface" ("all" | "name") /* Interface name to block BPDU on */, "disable-timeout" arg /* Disable timeout for BPDU Protect */ ) ), "redundant-trunk-group" ( /* Redundant trunk group */ c( "group" arg ( /* Name of Redundant trunk group */ c( "preempt-cutover-timer" arg /* Hold timer for primary interface before preempting secondary interface */, "description" arg /* Text description of the RTG */, "interface" arg ( /* Interfaces that are part of this redundant trunk group */ c( "primary" /* Set Primary Redundant Trunk Group interface */ ) ) ) ) ) ), "storm-control" ( /* Storm control configuration */ c( "action-shutdown" /* Port is disabled for excessive storm control errors */, "interface" ("all" | "name") ( /* Configure storm control for this interface */ c( "bandwidth" arg /* Link bandwidth */, "no-broadcast" /* Disable broadcast storm control */, "no-unknown-unicast" /* Disable unknown unicast storm control */, "level" arg, c( "multicast" /* Enable multicast storm control */, "no-multicast" /* Don't enable multicast storm control */, "no-registered-multicast" /* Disable registered multicast storm control */, "no-unregistered-multicast" /* Disable unregistered multicast storm control */ ) ) ) ) ) ) end rule(:analyzer_type) do arg.as(:arg) ( c( "ratio" arg /* Packet ratio */, "loss-priority" ( /* Loss priority of mirrored packets */ ("low" | "high") ), "input" ( /* Ports and VLANs to monitor */ analyzer_input_type /* Ports and VLANs to monitor */ ), "output" ( /* Outgoing port or VLAN for mirrored packets */ analyzer_output_type /* Outgoing port or VLAN for mirrored packets */ ) ) ) end rule(:analyzer_input_type) do c( "ingress" ( /* Ports and VLANs to monitor incoming traffic */ analyzer_ingress_type /* Ports and VLANs to monitor incoming traffic */ ), "egress" ( /* Ports and VLANs to monitor outgoing traffic */ analyzer_egress_type /* Ports and VLANs to monitor outgoing traffic */ ) ) end rule(:analyzer_egress_type) do c( "interface" ( /* Port to monitor outgoing traffic */ analyzer_egress_interface_type /* Port to monitor outgoing traffic */ ), "vlan" ( /* VLAN to monitor outgoing traffic */ analyzer_vlan_type /* VLAN to monitor outgoing traffic */ ) ) end rule(:analyzer_ingress_type) do c( "interface" ( /* Port to monitor incoming traffic */ analyzer_ingress_interface_type /* Port to monitor incoming traffic */ ), "vlan" ( /* VLAN to monitor incoming traffic */ analyzer_vlan_type /* VLAN to monitor incoming traffic */ ) ) end rule(:analyzer_output_type) do c( "interface" arg /* Outgoing port for mirrored packets */, "vlan" arg ( /* Outgoing VLAN for mirrored packets */ c( "no-tag" /* Removes extra RSAPN tag from mirrored packets */ ) ) ) end rule(:analyzer_vlan_type) do arg.as(:arg) end rule(:esw_interface_type) do arg.as(:arg) ( c( "no-mac-learning" /* Disable mac learning for this interface */ ) ) end rule(:mac_aging_time_config) do c( c( "time" arg /* Time in seconds */, "unlimited" /* Disable MAC-aging */ ) ) end rule(:juniper_ip_mac_static) do arg.as(:arg) ( c( "vlan" arg /* VLAN name or VLAN Tag (1..4095) */, "mac" ( /* MAC address */ mac_addr /* MAC address */ ) ) ).as(:oneline) end rule(:esp_trace_file_type) do c( "filename" arg /* Name of file in which to write trace information */, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ).as(:oneline) end # Ported from vSRX 18.3R1.9 rule(:alg_object) do c( "traceoptions" ( /* ALG trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Set level of tracing output */ ("brief" | "detail" | "extensive" | "verbose") ) ) ), "alg-manager" ( /* Configure ALG-MANAGER */ sc( "traceoptions" ( /* ALG-MANAGER trace options */ c( "flag" enum(("all")) ( /* ALG-MANAGER trace flags */ sc( c( "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ).as(:oneline), "alg-support-lib" ( /* Configure ALG-SUPPORT-LIB */ sc( "traceoptions" ( /* ALG-SUPPORT-LIB trace options */ c( "flag" enum(("all")) ( /* ALG-SUPPORT-LIB trace flags */ sc( c( "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ).as(:oneline), "dns" ( /* Configure DNS ALG */ c( "disable" /* Disable DNS ALG */, "maximum-message-length" arg /* Set maximum message length */, "oversize-message-drop" /* Drop oversized DNS packets */, "doctoring" ( /* Configure DNS ALG doctoring */ c( c( "none" /* Disable all DNS ALG Doctoring */, "sanity-check" /* Perform only DNS ALG sanity checks */ ) ) ), "traceoptions" ( /* DNS ALG trace options */ c( "flag" enum(("all")) ( /* DNS ALG trace flags */ sc( c( "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ), "ftp" ( /* Configure FTP ALG */ sc( "disable" /* Disable FTP ALG */, "ftps-extension" /* Enable secure FTP and FTP-ssl protocols */, "line-break-extension" /* Enable CR+LF line termination */, "allow-mismatch-ip-address" /* Pass FTP packets with mismatched ip address headers and payload */, "traceoptions" ( /* FTP ALG trace options */ c( "flag" enum(("all")) ( /* FTP ALG trace flags */ sc( c( "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ).as(:oneline), "h323" ( /* Configure H.323 ALG */ c( "disable" /* Disable H.323 ALG */, "endpoint-registration-timeout" arg /* Timeout for endpoints */, "media-source-port-any" /* Permit media from any source port on the endpoint */, "application-screen" ( /* Configure application screens */ c( "unknown-message" ( /* Configure ALG action on receiving an unknown message */ c( "permit-nat-applied" /* Permit unknown messages on packets that are NATed */, "permit-routed" /* Permit unknown messages on routed packets */ ) ), "message-flood" ( /* Configure Message flood ALG options */ c( "gatekeeper" ( /* Set options for gatekeeper messages */ sc( "threshold" arg /* Message flood gatekeeper threshold */ ) ).as(:oneline) ) ) ) ), "dscp-rewrite" ( /* DSCP code rewrite */ c( "code-point" arg /* Set dscp codepoint 6-bit string */ ) ), "traceoptions" ( /* H.323 ALG trace options */ c( "flag" enum(("q931" | "h245" | "ras" | "h225-asn1" | "h245-asn1" | "ras-asn1" | "chassis-cluster" | "all")) ( /* H.323 ALG trace flags */ sc( c( "terse" /* Set trace verbosity level to terse */, "detail" /* Set trace verbosity level to detail */, "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ), "mgcp" ( /* Configure MGCP ALG */ c( "disable" /* Disable MGCP ALG */, "inactive-media-timeout" arg /* Set inactive media timeout */, "transaction-timeout" arg /* Set transaction timeout */, "maximum-call-duration" arg /* Set maximum call duration */, "application-screen" ( /* Configure application screens */ c( "unknown-message" ( /* Configure ALG action on receiving an unknown message */ c( "permit-nat-applied" /* Permit unknown messages on packets that are NATed */, "permit-routed" /* Permit unknown messages on routed packets */ ) ), "message-flood" ( /* Set message flood ALG options */ sc( "threshold" arg /* Message flood threshold */ ) ).as(:oneline), "connection-flood" ( /* Set connection flood options */ sc( "threshold" arg /* Connection flood threshold */ ) ).as(:oneline) ) ), "dscp-rewrite" ( /* DSCP code rewrite */ c( "code-point" arg /* Set dscp codepoint 6-bit string */ ) ), "traceoptions" ( /* MGCP ALG trace options */ c( "flag" enum(("call" | "decode" | "error" | "chassis-cluster" | "nat" | "packet" | "rm" | "all")) ( /* MGCP ALG trace flags */ sc( c( "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ), "msrpc" ( /* Configure MSRPC ALG */ sc( "disable" /* Disable MSRPC ALG */, "group-max-usage" arg /* Set maximum group usage percentage, default 80 */, "map-entry-timeout" arg /* Set entry timeout, default 8hour */, "traceoptions" ( /* MSRPC ALG trace options */ c( "flag" enum(("all")) ( /* MSRPC ALG trace flags */ sc( c( "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ).as(:oneline), "sunrpc" ( /* Configure SUNRPC ALG */ sc( "disable" /* Disable SUNRPC ALG */, "group-max-usage" arg /* Set maximum group usage percentage, default 80 */, "map-entry-timeout" arg /* Set entry timeout, default 8hour */, "traceoptions" ( /* SUNRPC ALG trace options */ c( "flag" enum(("all")) ( /* SUNRPC ALG trace flags */ sc( c( "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ).as(:oneline), "rsh" ( /* Configure RSH ALG */ c( "disable" /* Disable RSH ALG */, "traceoptions" ( /* RSH ALG trace options */ c( "flag" enum(("all")) ( /* RSH ALG trace flags */ sc( c( "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ), "rtsp" ( /* Configure RTSP ALG */ sc( "disable" /* Disable RTSP ALG */, "traceoptions" ( /* RTSP ALG trace options */ c( "flag" enum(("all")) ( /* RTSP ALG trace flags */ sc( c( "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ).as(:oneline), "sccp" ( /* Configure SCCP ALG */ c( "disable" /* Disable SCCP ALG */, "inactive-media-timeout" arg /* Set inactive media timeout */, "application-screen" ( /* Configure application screens */ c( "unknown-message" ( /* Configure ALG action on receiving an unknown message */ c( "permit-nat-applied" /* Permit unknown messages on packets that are NATed */, "permit-routed" /* Permit unknown messages on routed packets */ ) ), "call-flood" ( /* Configure call flood thresholds */ sc( "threshold" arg /* Calls per second per client */ ) ).as(:oneline) ) ), "dscp-rewrite" ( /* DSCP code rewrite */ c( "code-point" arg /* Set dscp codepoint 6-bit string */ ) ), "traceoptions" ( /* SCCP ALG trace options */ c( "flag" enum(("call" | "cli" | "decode" | "error" | "chassis-cluster" | "init" | "nat" | "rm" | "all")) ( /* SCCP ALG trace flags */ sc( c( "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ), "sip" ( /* Configure SIP ALG */ c( "disable" /* Disable SIP ALG */, "inactive-media-timeout" arg /* Set inactive media timeout */, "maximum-call-duration" arg /* Set maximum call duration */, "t1-interval" arg /* Set T1 interval */, "t4-interval" arg /* Set T4 interval */, "c-timeout" arg /* Set C timeout */, "disable-call-id-hiding" /* Disable translation of host IP in Call-ID header */, "retain-hold-resource" /* Retain SDP resources during call hold */, "hide-via-headers" ( /* Hide via headers options */ c( "disable" /* Disable hide via headers function */ ) ), "distribution-ip" /* Configure SIP distribute server IPV6 or IPV4 ip */, "application-screen" ( /* Configure application screens */ c( "unknown-message" ( /* Configure ALG action on receiving an unknown message */ c( "permit-nat-applied" /* Permit unknown messages on packets that are NATed */, "permit-routed" /* Permit unknown messages on routed packets */ ) ), "protect" ( /* Configure Protect options */ c( "deny" ( /* Protect deny options */ c( c( "destination-ip" arg /* List of protected destination server IP */, "all" /* Enable attack protection for all servers */ ), "timeout" arg /* Timeout value for SIP INVITE attack table entry */ ) ) ) ) ) ), "dscp-rewrite" ( /* DSCP code rewrite */ c( "code-point" arg /* Set dscp codepoint 6-bit string */ ) ), "traceoptions" ( /* SIP ALG trace options */ c( "flag" enum(("call" | "chassis-cluster" | "nat" | "parser" | "rm" | "all")) ( /* SIP ALG trace flags */ sc( c( "terse" /* Set trace verbosity level to terse */, "detail" /* Set trace verbosity level to detail */, "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ), "sql" ( /* Configure SQL ALG */ sc( "disable" /* Disable SQL ALG */, "traceoptions" ( /* SQL ALG trace options */ c( "flag" enum(("all")) ( /* SQL ALG trace flags */ sc( c( "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ).as(:oneline), "talk" ( /* Configure Talk ALG */ sc( "disable" /* Disable Talk ALG */, "traceoptions" ( /* TALK ALG trace options */ c( "flag" enum(("all")) ( /* TALK ALG trace flags */ sc( c( "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ).as(:oneline), "tftp" ( /* Configure TFTP ALG */ sc( "disable" /* Disable TFTP ALG */, "traceoptions" ( /* TFTP ALG trace options */ c( "flag" enum(("all")) ( /* TFTP ALG trace flags */ sc( c( "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ).as(:oneline), "pptp" ( /* Configure PPTP ALG */ sc( "disable" /* Disable PPTP ALG */, "traceoptions" ( /* PPTP ALG trace options */ c( "flag" enum(("all")) ( /* PPTP ALG trace flags */ sc( c( "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ).as(:oneline), "ike-esp-nat" ( /* Configure IKE-ESP ALG with NAT */ c( "enable" /* Enable IKE-ESP ALG */, "esp-gate-timeout" arg /* Set ESP gate timeout */, "esp-session-timeout" arg /* Set ESP session timeout */, "state-timeout" arg /* Set ALG state timeout */, "traceoptions" ( /* IKE-ESP ALG trace options */ c( "flag" enum(("all")) ( /* IKE-ESP ALG trace flags */ sc( c( "extensive" /* Set trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ), "twamp" ( /* Configure TWAMP ALG */ c( "traceoptions" ( /* TWAMP ALG trace options */ c( "flag" enum(("all")) ( /* TWAMP ALG trace flags */ sc( c( "extensive" /* Trace verbosity level to extensive */ ) ) ).as(:oneline) ) ) ) ) ) end rule(:anti_spam_feature) do c( "sbl" ( /* SBL settings */ sbl_type /* SBL settings */ ) ) end rule(:anti_virus_feature) do c( "sophos-engine" ( /* Anti-virus sophos-engine */ c( "profile" arg ( /* Anti-virus sophos-engine profile */ c( "fallback-options" ( /* Anti-virus sophos-engine fallback options */ sophos_fallback_settings /* Anti-virus sophos-engine fallback options */ ), "scan-options" ( /* Anti-virus sophos-engine scan options */ sophos_scan_options /* Anti-virus sophos-engine scan options */ ), "trickling" ( /* Anti-virus trickling */ anti_virus_trickling /* Anti-virus trickling */ ), "notification-options" ( /* Anti-virus notification options */ anti_virus_notification_options /* Anti-virus notification options */ ), "mime-whitelist" ( /* Anti-virus MIME whitelist */ c( "list" arg /* MIME list */, "exception" arg /* Exception settings for MIME white list */ ) ), "url-whitelist" arg /* Anti-virus URL white list */ ) ) ) ) ) end rule(:anti_virus_notification_options) do c( "virus-detection" ( /* Virus detection notification */ c( "type" ( /* Virus detection notification type */ ("protocol-only" | "message") ), "notify-mail-sender" /* Notify mail sender */, "no-notify-mail-sender" /* Don't notify mail sender */, "custom-message" arg /* Custom message for notification */, "custom-message-subject" arg /* Custom message subject for notification */ ) ), "fallback-block" ( /* Fallback block notification */ c( "type" ( /* Fallback block notification type */ ("protocol-only" | "message") ), "notify-mail-sender" /* Notify mail sender */, "no-notify-mail-sender" /* Don't notify mail sender */, "custom-message" arg /* Custom message for notification */, "custom-message-subject" arg /* Custom message subject for notification */ ) ), "fallback-non-block" ( /* Fallback non block notification */ c( "notify-mail-recipient" /* Notify mail recipient */, "no-notify-mail-recipient" /* Don't notify mail recipient */, "custom-message" arg /* Custom message for notification */, "custom-message-subject" arg /* Custom message subject for notification */ ) ) ) end rule(:anti_virus_trickling) do c( "timeout" arg /* Trickling timeout */ ).as(:oneline) end rule(:apbr_rule_type) do arg.as(:arg) ( c( "match" ( /* Specify security rule match-criteria */ c( "dynamic-application" ( (arg | "junos:UNKNOWN") ), "dynamic-application-group" ( (arg | "junos:unassigned") ), "category" ( (arg | arg) ) ) ), "then" ( /* Specify rule action to take when packet match criteria */ c( "routing-instance" ( /* Packets are directed to specified routing instance */ sc( arg /* Name of routing instance */ ) ).as(:oneline), "sla-rule" ( /* SLA Rule */ c( arg /* SLA rule name */ ) ) ) ) ) ) end rule(:appfw_rule_type) do arg.as(:arg) ( c( "match" ( /* Specify security rule match-criteria */ c( "dynamic-application" ( (arg | "junos:UNKNOWN") ), "dynamic-application-group" ( (arg | "junos:unassigned") ), "ssl-encryption" ( /* Select SSL encryption rules */ ("any" | "yes" | "no") ) ) ), "then" ( /* Specify rule action to take when packet match criteria */ c( c( "permit" /* Permit packets */, "deny" ( /* Deny packets */ c( "block-message" /* Redirect sessions */ ) ), "reject" ( /* Reject packets */ c( "block-message" /* Redirect sessions */ ) ) ) ) ) ) ) end rule(:appqoe_probe_params) do c( "data-fill" ( /* Probe Data Payload content */ c( arg ) ), "data-size" ( /* Probe data size */ c( arg ) ), "probe-interval" ( /* Time interval between 2 consecutive probes */ c( arg ) ), "probe-count" ( /* Minimum number of samples to be collected to evaluate SLA measurement */ c( arg ) ), "burst-size" ( /* Number of probes out of probe count to be sent as a burst */ c( arg ) ), "sla-export-interval" ( /* Enabled time based SLA exporting */ c( arg ) ), "dscp-code-points" ( /* Mapping of code point aliases to bit strings */ c( arg /* DSCP */ ) ) ) end rule(:appqoe_probe_path) do c( "local" ( /* Local node's info */ appqoe_node /* Local node's info */ ), "remote" ( /* Remote node's info */ appqoe_node /* Remote node's info */ ) ) end rule(:appqoe_node) do c( "ip-address" ( /* Set IP address */ c( ipv4addr /* IP address */ ) ) ) end rule(:appqoe_sla_metric_profile) do c( "delay-round-trip" ( /* Maximum acceptable delay */ c( arg ) ), "jitter" ( /* Maximum acceptable jitter */ c( arg ) ), "jitter-type" ( /* Type of Jitter */ c( c( "two-way-jitter" /* Two-way-jitter-type */, "egress-jitter" /* Egress-jitter-type */, "ingress-jitter" /* Ingress-jitter-type */ ) ) ), "packet-loss" ( /* Maximum acceptable packet-loss */ c( arg ) ), "match" ( /* Type of SLA match */ c( c( "any-one" /* Match any one strings */, "all" /* Match all metrics */ ) ) ) ) end rule(:authentication_source_type) do ("local-authentication-table" | "unified-access-control" | "firewall-authentication" | "active-directory-authentication-table" | "aruba-clearpass").as(:arg) ( c( c( "priority" arg /* Larger number means lower priority, 0 for disable */ ) ) ) end rule(:category_list_type) do arg.as(:arg) ( c( "value" arg /* Configure value of category-list object */ ) ) end rule(:command_list_type) do arg.as(:arg) ( c( "value" arg /* Configure value of command-list object */ ) ) end rule(:content_filtering_feature) do c( "profile" arg ( /* Content filtering profile */ c( "permit-command" arg /* Permit command list */, "block-command" arg /* Block command list */, "block-extension" arg /* Block extension list */, "block-mime" ( /* Content-filtering feature block MIME */ c( "list" arg /* Block MIME list */, "exception" arg /* Exception of block MIME list */ ) ), "block-content-type" ( /* Content-filtering feature block content type */ c( "activex" /* Block activex */, "java-applet" /* Block Java-applet */, "exe" /* Block Windows/dos exe file */, "zip" /* Block zip file */, "http-cookie" /* Block HTTP cookie */ ) ), "notification-options" ( /* Notification options */ c( "type" ( /* Notification options type */ ("protocol-only" | "message") ), "notify-mail-sender" /* Notifiy mail sender */, "no-notify-mail-sender" /* Don't notifiy mail sender */, "custom-message" arg /* Custom notification message */ ) ) ) ) ) end rule(:custom_message_type) do arg.as(:arg) ( c( "type" ( /* Type of custom message */ ("redirect-url" | "user-message") ), "content" arg /* Content of custom message */ ) ) end rule(:default_anti_spam_feature) do c( "type" ( /* Anti-spam type */ ("sbl" | "anti-spam-none") ), "address-whitelist" arg /* Anti-spam whitelist */, "address-blacklist" arg /* Anti-spam blacklist */, "traceoptions" ( /* Trace options for anti-spam feature */ anti_spam_traceoptions /* Trace options for anti-spam feature */ ), "sbl" ( /* SBL settings */ default_sbl_type /* SBL settings */ ) ) end rule(:anti_spam_traceoptions) do c( "flag" enum(("manager" | "sbl" | "all")) /* Trace options for anti-spam feature flag */.as(:oneline) ) end rule(:default_anti_virus_feature) do c( "mime-whitelist" ( /* Anti-virus MIME whitelist */ c( "list" arg /* MIME list */, "exception" arg /* Exception settings for MIME white list */ ) ), "url-whitelist" arg /* Anti-virus URL white list */, "type" ( /* Anti-virus engine type */ ("sophos-engine" | "anti-virus-none") ), "traceoptions" ( /* Trace options for anti-virus feature */ anti_virus_traceoptions /* Trace options for anti-virus feature */ ), "sophos-engine" ( /* Anti-virus sophos-engine */ c( "server" ( /* SAV and Anti-Spam first hop DNS server */ c( "routing-instance" arg /* Routing instance name */, ipaddr /* SAV and Anti-Spam first hop DNS server ip */ ) ), "sxl-timeout" arg /* Sxl sophos anti-virus engine timeout */, "sxl-retry" arg /* Sxl sophos anti-virus engine query retry (number of times) */, "pattern-update" ( /* Anti-virus sophos-engine pattern update */ anti_virus_pattern_update /* Anti-virus sophos-engine pattern update */ ), "fallback-options" ( /* Anti-virus sophos-engine fallback options */ sophos_fallback_settings /* Anti-virus sophos-engine fallback options */ ), "scan-options" ( /* Anti-virus sophos-engine scan options */ default_sophos_scan_options /* Anti-virus sophos-engine scan options */ ), "trickling" ( /* Anti-virus trickling */ anti_virus_trickling /* Anti-virus trickling */ ), "notification-options" ( /* Anti-virus notification options */ anti_virus_notification_options /* Anti-virus notification options */ ) ) ) ) end rule(:anti_virus_pattern_update) do c( "email-notify" ( /* Virus pattern file updated notification */ c( "admin-email" arg /* Admin emails to be notified about pattern file update */, "custom-message" arg /* Custom message for notification */, "custom-message-subject" arg /* Custom message subject for notification */ ) ), "url" arg /* Server URL */, "proxy-profile" arg /* Proxy profile */, "routing-instance" arg /* Routing instance name */, "interval" arg /* Interval to check the update */, "no-autoupdate" /* Don't automatically update anti-virus pattern */ ) end rule(:anti_virus_traceoptions) do c( "flag" enum(("basic" | "detail" | "engine" | "pattern" | "updater" | "manager" | "worker" | "sendmail" | "ipc" | "event" | "statistics" | "all")) /* Trace options for anti-virus feature flag */.as(:oneline) ) end rule(:default_content_filtering_feature) do c( "type" ( /* Content-filtering type */ ("local" | "content-filtering-none") ), "traceoptions" ( /* Trace options for content-filtering feature */ content_filtering_traceoptions /* Trace options for content-filtering feature */ ), "permit-command" arg /* Permit command list */, "block-command" arg /* Block command list */, "block-extension" arg /* Block extension list */, "block-mime" ( /* Content-filtering feature block MIME */ c( "list" arg /* Block MIME list */, "exception" arg /* Exception of block MIME list */ ) ), "block-content-type" ( /* Content-filtering feature block content type */ c( "activex" /* Block activex */, "java-applet" /* Block Java-applet */, "exe" /* Block Windows/dos exe file */, "zip" /* Block zip file */, "http-cookie" /* Block HTTP cookie */ ) ), "notification-options" ( /* Notification options */ c( "type" ( /* Notification options type */ ("protocol-only" | "message") ), "notify-mail-sender" /* Notifiy mail sender */, "no-notify-mail-sender" /* Don't notifiy mail sender */, "custom-message" arg /* Custom notification message */ ) ) ) end rule(:content_filtering_traceoptions) do c( "flag" enum(("basic" | "detail" | "all")) /* Trace options for content-filtering feature flag */.as(:oneline) ) end rule(:default_sbl_type) do c( "sbl-default-server" /* Default SBL server */, "no-sbl-default-server" /* Don't default SBL server */, "spam-action" ( /* Anti-spam actions */ ("block" | "tag-header" | "tag-subject") ), "custom-tag-string" arg /* Custom tag string */ ) end rule(:default_sophos_scan_options) do c( "uri-check" /* Anti-virus uri-check */, "no-uri-check" /* Don't anti-virus uri-check */, "content-size-limit" arg /* Content size limit */, "timeout" arg /* Scan engine timeout */ ) end rule(:default_webfilter_feature) do c( "url-whitelist" arg /* Configure custom URL for whitelist category */, "url-blacklist" arg /* Configure custom URL for blacklist category */, "http-reassemble" /* Reassemble HTTP request segments */, "http-persist" /* Check all HTTP request in a connection */, "type" ( /* Configure web-filtering engine type */ ("websense-redirect" | "juniper-local" | "juniper-enhanced" | "web-filtering-none") ), "traceoptions" ( /* Trace options for web-filtering feature */ web_filtering_traceoptions /* Trace options for web-filtering feature */ ), "websense-redirect" ( /* Configure web-filtering websense redirect engine */ default_websense_type /* Configure web-filtering websense redirect engine */ ), "juniper-local" ( /* Configure web-filtering juniper local engine */ default_juniper_local_type /* Configure web-filtering juniper local engine */ ), "juniper-enhanced" ( /* Configure web-filtering juniper enhanced engine */ default_juniper_enhanced_type /* Configure web-filtering juniper enhanced engine */ ) ) end rule(:default_juniper_enhanced_type) do c( "cache" ( c( "timeout" arg /* Juniper enhanced cache timeout */, "size" arg /* Juniper enhanced cache size */ ) ), "server" ( /* Juniper enhanced server */ juniper_enhanced_server /* Juniper enhanced server */ ), "reputation" ( /* Customize reputation level */ c( "reputation-very-safe" arg /* Base-reputation-value */, "reputation-moderately-safe" arg /* Base-reputation-value */, "reputation-fairly-safe" arg /* Base-reputation-value */, "reputation-suspicious" arg /* Base-reputation-value */ ) ), "base-filter" arg /* Juniper base filter */, "category" ( /* Juniper enhanced category */ juniper_enhanced_category_type /* Juniper enhanced category */ ), "site-reputation-action" ( /* Juniper enhanced site reputation action */ juniper_enhanced_site_reputation_setting /* Juniper enhanced site reputation action */ ), "default" ( /* Juniper enhanced profile default */ ("permit" | "block" | "log-and-permit" | "quarantine") ), "custom-block-message" arg /* Juniper enhanced custom block message sent to HTTP client */, "quarantine-custom-message" arg /* Juniper enhanced quarantine custom message */, "fallback-settings" ( /* Juniper enhanced fallback settings */ web_filtering_fallback_setting /* Juniper enhanced fallback settings */ ), "timeout" arg /* Juniper enhanced timeout */, "no-safe-search" /* Do not perform safe-search for Juniper enhanced protocol */, "block-message" ( /* Juniper enhanced block message settings */ web_filtering_block_message /* Juniper enhanced block message settings */ ), "quarantine-message" ( /* Juniper enhanced quarantine message settings */ web_filtering_quarantine_message /* Juniper enhanced quarantine message settings */ ) ) end rule(:default_juniper_local_type) do c( "default" ( /* Juniper local profile default */ ("permit" | "block" | "log-and-permit") ), "category" ( /* Custom category */ custom_category_type /* Custom category */ ), "custom-block-message" arg /* Juniper local custom block message */, "quarantine-custom-message" arg /* Juniper local quarantine custom message */, "block-message" ( /* Juniper local block message settings */ web_filtering_block_message /* Juniper local block message settings */ ), "quarantine-message" ( /* Juniper local quarantine message settings */ web_filtering_quarantine_message /* Juniper local quarantine message settings */ ), "fallback-settings" ( /* Juniper local fallback settings */ web_filtering_fallback_setting /* Juniper local fallback settings */ ), "timeout" arg /* Juniper local timeout */ ) end rule(:custom_category_type) do arg.as(:arg) ( c( "action" ( /* Action to perform when web traffic matches category */ ("permit" | "log-and-permit" | "block" | "quarantine") ), "custom-message" arg /* Custom message */ ) ) end rule(:default_websense_type) do c( "server" ( /* Websense redirect server */ server /* Websense redirect server */ ), "category" ( /* Custom category */ custom_category_type /* Custom category */ ), "custom-block-message" arg /* Websense redirect custom block message */, "quarantine-custom-message" arg /* Websense redirect quarantine custom message */, "block-message" ( /* Websense redirect block message settings */ web_filtering_block_message /* Websense redirect block message settings */ ), "quarantine-message" ( /* Websense redirect quarantine message settings */ web_filtering_quarantine_message /* Websense redirect quarantine message settings */ ), "fallback-settings" ( /* Websense redirect fallback settings */ web_filtering_fallback_setting /* Websense redirect fallback settings */ ), "timeout" arg /* Websense redirect timeout */, "sockets" arg /* Websense redirect sockets number */, "account" arg /* Websense redirect account */ ) end rule(:e2e_action_profile) do arg.as(:arg) ( c( "preserve-trace-order" /* Preserve trace order (has performance overhead) */, "record-pic-history" /* Record the PIC(s) in which the packet has been processed */, "event" ( e2e_event ), "module" ( e2e_module ) ) ) end rule(:e2e_event) do ("np-ingress" | "np-egress" | "mac-ingress" | "mac-egress" | "lbt" | "pot" | "jexec" | "lt-enter" | "lt-leave").as(:arg) ( c( "trace" /* Trace action */, "count" /* Count action */, "packet-summary" /* Packet summary action */, "packet-dump" /* Packet dump action */ ) ) end rule(:e2e_module) do ("flow").as(:arg) ( c( "flag" enum(("all")) /* Events and other information to include in trace output */.as(:oneline) ) ) end rule(:end_to_end_debug_filter) do arg.as(:arg) ( c( "action-profile" ( /* Actions to take with this filter */ ("default" | arg) ), "protocol" ( /* Match IP protocol type */ ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | arg) ), "source-prefix" ( /* Source IPv4/IPv6 address prefix */ ipprefix /* Source IPv4/IPv6 address prefix */ ), "destination-prefix" ( /* Destination IPv4/IPv6 address prefix */ ipprefix /* Destination IPv4/IPv6 address prefix */ ), "source-port" ( /* Match TCP/UDP source port */ ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port" ( /* Match TCP/UDP destination port */ ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "interface" ( /* Logical interface */ interface_name /* Logical interface */ ) ) ) end rule(:extension_list_type) do arg.as(:arg) ( c( "value" arg /* Configure value of extension-list object */ ) ) end rule(:flow_filter_type) do arg.as(:arg) ( c( "protocol" ( /* Match IP protocol type */ ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | arg) ), "source-prefix" ( /* Source IP address prefix */ ipprefix /* Source IP address prefix */ ), "destination-prefix" ( /* Destination IP address prefix */ ipprefix /* Destination IP address prefix */ ), "conn-tag" arg /* Session connection tag */, "logical-system" arg /* Logical system */, "source-port" ( /* Match TCP/UDP source port */ ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port" ( /* Match TCP/UDP destination port */ ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "interface" ( /* Source logical interface */ interface_name /* Source logical interface */ ) ) ) end rule(:host_object) do c( "port" arg /* Host port number */, "routing-instance" arg /* Routing-instance name */, ipaddr /* IP address */ ) end rule(:ids_option_type) do arg.as(:arg) ( c( "description" arg /* Text description of screen */, "alarm-without-drop" /* Do not drop packet, only generate alarm */, "match-direction" ( /* Match direction */ ("input" | "output" | "input-output") ), "icmp" ( /* Configure ICMP ids options */ c( "ip-sweep" ( /* Configure ip sweep ids option */ sc( "threshold" arg /* Threshold */ ) ).as(:oneline), "fragment" /* Enable ICMP fragment ids option */, "large" /* Enable large ICMP packet (size > 1024) ids option */, "flood" ( /* Configure icmp flood ids option */ sc( "threshold" arg /* Threshold */ ) ).as(:oneline), "ping-death" /* Enable ping of death ids option */, "icmpv6-malformed" /* Enable icmpv6 malformed ids option */ ) ), "ip" ( /* Configure IP layer ids options */ c( "bad-option" /* Enable ip with bad option ids option */, "record-route-option" /* Enable ip with record route option ids option */, "timestamp-option" /* Enable ip with timestamp option ids option */, "security-option" /* Enable ip with security option ids option */, "stream-option" /* Enable ip with stream option ids option */, "spoofing" /* Enable IP address spoofing ids option */, "source-route-option" /* Enable ip source route ids option */, "loose-source-route-option" /* Enable ip with loose source route ids option */, "strict-source-route-option" /* Enable ip with strict source route ids option */, "unknown-protocol" /* Enable ip unknown protocol ids option */, "block-frag" /* Enable ip fragment blocking ids option */, "tear-drop" /* Enable tear drop ids option */, "ipv6-extension-header" ( /* Configure ipv6 extension header ids option */ c( "hop-by-hop-header" ( /* Enable ipv6 hop by hop option header ids option */ c( "jumbo-payload-option" /* Enable jumbo payload option ids option */, "router-alert-option" /* Enable router alert option ids option */, "quick-start-option" /* Enable quick start option ids option */, "CALIPSO-option" /* Enable Common Architecture Label ipv6 Security Option ids option */, "SMF-DPD-option" /* Enable Simplified Multicast Forwarding ipv6 Duplicate Packet Detection option ids option */, "RPL-option" /* Enable Routing Protocol for Low-power and Lossy networks option ids option */, "user-defined-option-type" arg ( /* User-defined option type range */ sc( "to" ( /* Upper limit of option type range */ c( arg ) ) ) ).as(:oneline) ) ), "routing-header" /* Enable ipv6 routing header ids option */, "fragment-header" /* Enable ipv6 fragment header ids option */, "ESP-header" /* Enable ipv6 Encapsulating Security Payload header ids option */, "AH-header" /* Enable ipv6 Authentication Header ids option */, "no-next-header" /* Enable ipv6 no next header ids option */, "destination-header" ( /* Enable ipv6 destination option header ids option */ c( "tunnel-encapsulation-limit-option" /* Enable tunnel encapsulation limit option ids option */, "home-address-option" /* Enable home address option ids option */, "ILNP-nonce-option" /* Enable Identifier-Locator Network Protocol Nonce option ids option */, "line-identification-option" /* Enable line identification option ids option */, "user-defined-option-type" arg ( /* User-defined option type range */ sc( "to" ( /* Upper limit of option type range */ c( arg ) ) ) ).as(:oneline) ) ), "shim6-header" /* Enable ipv6 shim header ids option */, "mobility-header" /* Enable ipv6 mobility header ids option */, "HIP-header" /* Enable ipv6 Host Identify Protocol header ids option */, "user-defined-header-type" arg ( /* User-defined header type range */ sc( "to" ( /* Upper limit of header type range */ c( arg ) ) ) ).as(:oneline) ) ), "ipv6-extension-header-limit" arg /* Enable ipv6 extension header limit ids option */, "ipv6-malformed-header" /* Enable ipv6 malformed header ids option */, "tunnel" ( /* Configure IP tunnel ids options */ c( "bad-inner-header" /* Enable IP tunnel bad inner header ids option */, "gre" ( /* Configure IP tunnel GRE ids option */ c( "gre-6in4" /* Enable IP tunnel GRE 6in4 ids option */, "gre-4in6" /* Enable IP tunnel GRE 4in6 ids option */, "gre-6in6" /* Enable IP tunnel GRE 6in6 ids option */, "gre-4in4" /* Enable IP tunnel GRE 4in4 ids option */ ) ), "ip-in-udp" ( /* Configure IP tunnel IPinUDP ids option */ c( "teredo" /* Enable IP tunnel IPinUDP Teredo ids option */ ) ), "ipip" ( /* Configure IP tunnel IPIP ids option */ c( "ipip-6to4relay" /* Enable IP tunnel IPIP 6to4 Relay ids option */, "ipip-6in4" /* Enable IP tunnel IPIP 6in4 ids option */, "ipip-4in6" /* Enable IP tunnel IPIP 4in6 ids option */, "ipip-4in4" /* Enable IP tunnel IPIP 4in4 ids option */, "ipip-6in6" /* Enable IP tunnel IPIP 6in6 ids option */, "ipip-6over4" /* Enable IP tunnel IPIP 6over4 ids option */, "isatap" /* Enable IP tunnel IPIP ISATAP ids option */, "dslite" /* Enable IP tunnel IPIP DS-Lite ids option */ ) ) ) ) ) ), "tcp" ( /* Configure TCP Layer ids options */ c( "syn-fin" /* Enable SYN and FIN bits set attack ids option */, "fin-no-ack" /* Enable Fin bit with no ACK bit ids option */, "tcp-no-flag" /* Enable TCP packet without flag ids option */, "syn-frag" /* Enable SYN fragment ids option */, "port-scan" ( /* Configure TCP port scan ids option */ sc( "threshold" arg /* Threshold */ ) ).as(:oneline), "syn-ack-ack-proxy" ( /* Configure syn-ack-ack proxy ids option */ sc( "threshold" arg /* Threshold */ ) ).as(:oneline), "syn-flood" ( /* Configure SYN flood ids option */ c( "alarm-threshold" arg /* Alarm threshold */, "attack-threshold" arg /* Attack threshold */, "source-threshold" arg /* Source threshold */, "destination-threshold" arg /* Destination threshold */, "queue-size" arg /* Queue size */, "timeout" arg /* SYN flood ager timeout */, "white-list" arg ( /* Set of IP addresses that will not trigger a screen */ c( "source-address" ( /* Source address */ ipprefix /* Source address */ ), "destination-address" ( /* Destination address */ ipprefix /* Destination address */ ) ) ) ) ), "land" /* Enable land attack ids option */, "winnuke" /* Enable winnuke attack ids option */, "tcp-sweep" ( /* Configure TCP sweep ids option */ sc( "threshold" arg /* Threshold */ ) ).as(:oneline) ) ), "udp" ( /* Configure UDP layer ids options */ c( "flood" ( /* Configure UDP flood ids option */ c( "threshold" arg /* Threshold */, "white-list" arg /* Configure UDP flood white list group name */ ) ), "udp-sweep" ( /* Configure UDP sweep ids option */ sc( "threshold" arg /* Threshold */ ) ).as(:oneline), "port-scan" ( /* Configure UDP port scan ids option */ sc( "threshold" arg /* Threshold */ ) ).as(:oneline) ) ), "limit-session" ( /* Limit sessions */ c( "source-ip-based" arg /* Limit sessions from the same source IP */, "destination-ip-based" arg /* Limit sessions to the same destination IP */, "by-source" ( /* Limit sessions from the same source IP or subnet */ c( "maximum-sessions" arg /* Limit sessions on the basis of maximum concurrent sessions */, "packet-rate" arg /* Limit sessions on the basis of packet rate */, "session-rate" arg /* Limit sessions on the basis of session rate */, "by-protocol" ( /* Limit sessions on the basis of protocol */ by_protocol_object_type /* Limit sessions on the basis of protocol */ ) ) ), "by-destination" ( /* Limit sessions to the same destination IP or subnet */ c( "maximum-sessions" arg /* Limit sessions on the basis of maximum concurrent sessions */, "packet-rate" arg /* Limit sessions on the basis of packet rate */, "session-rate" arg /* Limit sessions on the basis of session rate */, "by-protocol" ( /* Limit sessions on the basis of protocol */ by_protocol_object_type /* Limit sessions on the basis of protocol */ ) ) ) ) ) ) ) end rule(:by_protocol_object_type) do c( "tcp" ( /* Configure limit-session on the basis of TCP */ c( "maximum-sessions" arg /* Limit sessions on the basis of maximum concurrent sessions */, "packet-rate" arg /* Limit sessions on the basis of packet rate */, "session-rate" arg /* Limit sessions on the basis of session rate */ ) ), "udp" ( /* Configure limit-session on the basis of UDP */ c( "maximum-sessions" arg /* Limit sessions on the basis of maximum concurrent sessions */, "packet-rate" arg /* Limit sessions on the basis of packet rate */, "session-rate" arg /* Limit sessions on the basis of session rate */ ) ), "icmp" ( /* Configure limit-session on the basis of ICMP */ c( "maximum-sessions" arg /* Limit sessions on the basis of maximum concurrent sessions */, "packet-rate" arg /* Limit sessions on the basis of packet rate */, "session-rate" arg /* Limit sessions on the basis of session rate */ ) ) ) end rule(:ids_wlist_type) do arg.as(:arg) ( c( "address" ( /* Address */ ipprefix /* Address */ ) ) ) end rule(:jsf_application_traffic_control_rule_set_type) do c( "rule-set" arg /* Service rule-set name */ ) end rule(:juniper_enhanced_category_type) do arg.as(:arg) ( c( "action" ( /* Action to perform when web traffic matches category */ ("permit" | "log-and-permit" | "block" | "quarantine") ), "custom-message" arg /* Custom message */ ) ) end rule(:juniper_enhanced_server) do c( "host" arg /* Server host IP address or string host name */, "port" arg /* Server port */, "proxy-profile" arg /* Proxy profile */, "routing-instance" arg /* Routing instance name */ ) end rule(:juniper_enhanced_site_reputation_setting) do c( "very-safe" ( /* Action when site reputation is very safe */ ("permit" | "log-and-permit" | "block" | "quarantine") ), "moderately-safe" ( /* Action when site reputation is moderately safe */ ("permit" | "log-and-permit" | "block" | "quarantine") ), "fairly-safe" ( /* Action when site reputation is fairly safe */ ("permit" | "log-and-permit" | "block" | "quarantine") ), "suspicious" ( /* Action when site reputation is suspicious */ ("permit" | "log-and-permit" | "block" | "quarantine") ), "harmful" ( /* Action when site reputation is harmful */ ("permit" | "log-and-permit" | "block" | "quarantine") ) ) end rule(:logical_system_type) do arg.as(:arg) ( c( "max-sessions" arg /* Max number of IDP sessions */ ) ) end rule(:mime_list_type) do arg.as(:arg) ( c( "value" arg /* Configure MIME value */ ) ) end rule(:mirror_filter_type) do arg.as(:arg) ( c( "protocol" ( /* Match IP protocol type */ ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | arg) ), "source-prefix" ( /* Source IP address prefix */ ipprefix /* Source IP address prefix */ ), "destination-prefix" ( /* Destination IP address prefix */ ipprefix /* Destination IP address prefix */ ), "source-port" ( /* Match TCP/UDP source port */ ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port" ( /* Match TCP/UDP destination port */ ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "interface-in" ( /* Incoming Logical interface */ interface_name /* Incoming Logical interface */ ), "interface-out" ( /* Outgoing Logical interface */ interface_name /* Outgoing Logical interface */ ), "output" ( /* Configure output interface and MAC address */ c( "interface" ( /* Outgoing Logical interface */ interface_name /* Outgoing Logical interface */ ), "destination-mac" arg /* MAC address to match */ ) ) ) ) end rule(:named_address_book_type) do ("global" | arg).as(:arg) ( c( "description" arg /* Text description of address book */, "address" ( /* Define a security address */ address_type /* Define a security address */ ), "address-set" ( /* Define a security address set */ address_set_type /* Define a security address set */ ), "attach" ( /* Attach this address book to interface, zone or routing-instance */ c( "zone" arg /* Define a zone to be attached */ ) ) ) ) end rule(:address_set_type) do arg.as(:arg) ( c( "description" arg /* Text description of address set */, "address" arg /* Address to be included in this set */, "address-set" arg /* Define an address-set name */ ) ) end rule(:address_type) do arg.as(:arg) ( c( "description" arg /* Text description of address */, c( "dns-name" ( /* DNS address name */ dns_name_type /* DNS address name */ ), "wildcard-address" ( /* Numeric IPv4 wildcard address with in the form of a.d.d.r/netmask */ wildcard_address_type /* Numeric IPv4 wildcard address with in the form of a.d.d.r/netmask */ ), "range-address" ( /* Address range */ range_address_type /* Address range */ ), ipprefix /* Numeric IPv4 or IPv6 address with prefix */ ) ) ) end rule(:dns_name_type) do arg.as(:arg) ( c( "ipv4-only" /* IPv4 dns address */, "ipv6-only" /* IPv6 dns address */ ) ) end rule(:nat_object) do c( "source" ( /* Configure Source NAT */ ssg_source_nat_object /* Configure Source NAT */ ), "destination" ( /* Configure Destination NAT */ ssg_destination_nat_object /* Configure Destination NAT */ ), "static" ( /* Configure Static NAT */ ssg_static_nat_object /* Configure Static NAT */ ), "proxy-arp" ( /* Configure Proxy ARP */ ssg_proxy_arp_object /* Configure Proxy ARP */ ), "proxy-ndp" ( /* Configure Proxy NDP */ ssg_proxy_ndp_object /* Configure Proxy NDP */ ), "natv6v4" ( /* Configure NAT between IPv6 and IPv4 options */ c( "no-v6-frag-header" /* V6 packet does not always add fragment header when performing nat translation from v4 side to v6 side */ ) ), "allow-overlapping-pools" /* IP addresses of NAT pools can overlap with other pool */, "traceoptions" ( /* NAT trace options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "flow" | "routing-socket" | "routing-protocol" | "all" | "source-nat-re" | "source-nat-rt" | "source-nat-pfe" | "destination-nat-re" | "destination-nat-rt" | "destination-nat-pfe" | "static-nat-re" | "static-nat-rt" | "static-nat-pfe" | "nat-svc-set-re")) ( /* Tracing parameters */ sc( "syslog" /* Write NAT flow traces to system log also */ ) ).as(:oneline) ) ), "pool" ( /* Define a NAT pool */ nat_pool_object /* Define a NAT pool */ ), "ipv6-multicast-interfaces" ("all" | "interface-name") ( /* Enable IPv6 multicast filter for IPv6 NAT */ c( "disable" /* Disable IPv6 multicast filter for IPv6 NAT */ ) ), "ipv6-multicast-interfaces" /* Enable IPv6 multicast filter for IPv6 NAT */, "allow-overlapping-nat-pools" /* Allow usage of overlapping and same nat pools in multiple service sets */, "rule" ( /* Define a NAT rule */ nat_rule_object /* Define a NAT rule */ ), "port-forwarding" ( /* Define a port-forwarding pool */ pf_mapping /* Define a port-forwarding pool */ ), "rule-set" arg ( /* Defines a set of NAT rules */ c( "rule" arg /* Rule to be included in this rule set */ ) ) ) end rule(:policy_object_type) do c( "traceoptions" ( /* Network Security Policy Tracing Options */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "routing-socket" | "compilation" | "ipc" | "rules" | "lookup" | "all")) /* Tracing parameters */.as(:oneline) ) ), "policy" ( /* Define a policy context from this zone */ s( arg, "to-zone-name" arg /* Destination zone */, c( "policy" ( /* Define security policy in specified zone-to-zone direction */ policy_type /* Define security policy in specified zone-to-zone direction */ ) ) ) ), "global" ( /* Define a global policy context */ c( "policy" ( /* Define security policy in global context */ policy_type /* Define security policy in global context */ ) ) ), "default-policy" ( /* Configure default action when no user-defined policy match */ c( c( "permit-all" /* Permit all traffic if no policy match */, "deny-all" /* Deny all traffic if no policy match */ ) ) ), "policy-rematch" ( /* Re-evaluate the policy when changed */ sc( "extensive" /* Perform policy extensive rematch */ ) ).as(:oneline), "policy-stats" ( /* Parameters for policy statistics */ c( "system-wide" ( /* Enable/Disable system-wide policy statistics */ ("enable" | "disable") ) ) ), "pre-id-default-policy" ( /* Configure default policy action before dynamic application is finally identified */ c( "then" ( /* Specify policy action to take when packet match criteria */ c( "log" ( /* Enable log */ log_type /* Enable log */ ), "session-timeout" ( /* Session timeout */ session_timeout_type /* Session timeout */ ) ) ) ) ), "stateful-firewall-rule" arg ( /* Define a stateful-firewall-rule */ c( "match-direction" ( /* Direction for which the rule match is applied */ ("input" | "output" | "input-output") ), "policy" ( /* Define a stateful-firewall policy */ policy_type /* Define a stateful-firewall policy */ ) ) ), "stateful-firewall-rule-set" arg ( /* Defines a set of stateful firewall rules */ c( "stateful-firewall-rule" arg /* Rule to be included in this stateful firewall rule set */ ) ) ) end rule(:log_type) do c( "session-init" /* Log at session init time */, "session-close" /* Log at session close time */ ) end rule(:policy_type) do arg.as(:arg) ( c( "description" arg /* Text description of policy */, "match" ( /* Specify security policy match-criteria */ c( c( "source-address" ( ("any" | "any-ipv4" | "any-ipv6" | arg) ) ), c( "destination-address" ( ("any" | "any-ipv4" | "any-ipv6" | arg) ) ), "source-address-excluded" /* Exclude source addresses */, "destination-address-excluded" /* Exclude destination addresses */, c( "application" ( (arg | "junos-defaults") ) ), c( "source-identity" ( ("any" | "authenticated-user" | "unauthenticated-user" | "unknown-user" | arg) ) ), c( "source-end-user-profile" ( /* Match source end user profile */ match_source_end_user_profile_value /* Match source end user profile */ ) ), c( "dynamic-application" ( (arg | "junos:UNKNOWN" | "junos:unassigned" | "any" | "none") ) ), c( "from-zone" ( ("any" | arg) ) ), c( "to-zone" ( ("any" | arg) ) ) ) ), "then" ( /* Specify policy action to take when packet match criteria */ c( c( "deny" /* Deny packets */, "reject" ( /* Reject packets */ c( "profile" arg /* Profile for redirect HTTP/S traffic */, "ssl-proxy" ( /* SSL proxy services */ c( "profile-name" arg /* Specify SSL proxy service profile name */ ) ) ) ), "permit" ( /* Permit packets */ c( "tunnel" ( /* Tunnel packets */ tunnel_type /* Tunnel packets */ ), "firewall-authentication" ( /* Enable authentication for this policy if permit or tunnel */ firewall_authentication_type /* Enable authentication for this policy if permit or tunnel */ ), "destination-address" ( /* Enable destination address translation */ destination_nat_enable_type /* Enable destination address translation */ ), "application-services" ( /* Application Services */ application_services_type /* Application Services */ ), "tcp-options" ( /* Transmission Control Protocol session configuration */ c( "syn-check-required" /* Enable per policy SYN-flag check */, "sequence-check-required" /* Enable per policy sequence-number checking */, "initial-tcp-mss" arg /* Override MSS value for initial direction */, "reverse-tcp-mss" arg /* Override MSS value for reverse direction */, "window-scale" /* Enable per policy window-scale */ ) ), "services-offload" /* Enable services offloading */ ) ) ), "log" ( /* Enable log */ log_type /* Enable log */ ), "count" ( /* Enable count */ count_type /* Enable count */ ) ) ), "scheduler-name" arg /* Name of scheduler */ ) ) end rule(:application_services_type) do c( "gprs-gtp-profile" arg /* Specify GPRS Tunneling Protocol profile name */, "gprs-sctp-profile" arg /* Specify GPRS stream control protocol profile name */, "idp" /* Intrusion detection and prevention */, "idp-policy" arg /* Specify idp policy name */, "ssl-proxy" ( /* SSL proxy services */ c( "profile-name" arg /* Specify SSL proxy service profile name */ ) ), "uac-policy" ( /* Enable unified access control enforcement of policy */ c( "captive-portal" arg ) ), "utm-policy" arg /* Specify utm policy name */, "icap-redirect" arg /* Specify icap redirect profile name */, "application-firewall" ( /* Application firewall services */ jsf_service_rule_set_type /* Application firewall services */ ), "application-traffic-control" ( /* Application traffic control services */ jsf_application_traffic_control_rule_set_type /* Application traffic control services */ ), c( "redirect-wx" /* Set WX redirection */, "reverse-redirect-wx" /* Set WX reverse redirection */ ), "security-intelligence-policy" arg /* Specify security-intelligence policy name */, "advanced-anti-malware-policy" arg /* Specify advanced-anti-malware policy name */ ) end rule(:count_type) do end rule(:destination_nat_enable_type) do c( c( "drop-translated" /* Drop the policy if NAT translated */, "drop-untranslated" /* Drop the policy if NAT untranslated */ ) ) end rule(:firewall_authentication_type) do c( c( "pass-through" ( /* Pass-through firewall authentication settings */ c( "access-profile" arg /* Specify access profile name */, "client-match" arg, "web-redirect" /* Redirect unauthenticated HTTP requests to the device's internal web server */, "web-redirect-to-https" /* Redirect unauthenticated HTTP requests to the device's internal HTTPS web server */, "ssl-termination-profile" arg /* Specify SSL termination profile used to the SSL offload */, "auth-only-browser" /* Authenticate only browser traffic */, "auth-user-agent" arg /* Authenticate HTTP traffic with specified user agent */ ) ), "web-authentication" ( /* Web-authentication settings */ c( "client-match" arg ) ), "user-firewall" ( /* User-firewall firewall authentication settings */ c( "access-profile" arg /* Specify access profile name */, "web-redirect" /* Redirect unauthenticated HTTP req to web server */, "web-redirect-to-https" /* Redirect unauthenticated HTTP req to HTTPS web server */, "ssl-termination-profile" arg /* Specify SSL termination profile used to the SSL offload */, "auth-only-browser" /* Authenticate only browser traffic */, "auth-user-agent" arg /* Authenticate HTTP traffic with specified user agent */, "domain" arg /* Specify domain name */ ) ) ), "push-to-identity-management" /* Push auth entry to identity management server */ ) end rule(:jsf_service_rule_set_type) do c( "rule-set" arg /* Service rule set name */ ) end rule(:match_source_end_user_profile_value) do c( arg /* Specify source-end-user-profile name from list to match */ ) end rule(:profile_setting) do arg.as(:arg) ( c( "anti-virus" ( /* UTM policy anti-virus profile */ c( "http-profile" arg /* Anti-virus profile */, "ftp" ( /* FTP profile */ c( "upload-profile" arg /* Anti-virus profile */, "download-profile" arg /* Anti-virus profile */ ) ), "smtp-profile" arg /* Anti-virus profile */, "pop3-profile" arg /* Anti-virus profile */, "imap-profile" arg /* Anti-virus profile */ ) ), "content-filtering" ( /* Content-filtering profile */ c( "http-profile" arg /* Content-filtering profile */, "ftp" ( /* FTP profile */ c( "upload-profile" arg /* Content-filtering FTP upload profile */, "download-profile" arg /* Content-filtering FTP download profile */ ) ), "smtp-profile" arg /* Content-filtering SMTP profile */, "pop3-profile" arg /* Content-filtering POP3 profile */, "imap-profile" arg /* Content-filtering IMAP profile */ ) ), "web-filtering" ( /* Web-filtering profile */ c( "http-profile" arg /* Web-filtering HTTP profile */ ) ), "anti-spam" ( /* Anti-spam profile */ c( "smtp-profile" arg /* Anti-spam profile */ ) ), "traffic-options" ( /* Traffic options */ c( "sessions-per-client" ( /* Sessions per client */ c( "limit" arg /* Sessions limit */, "over-limit" ( /* Over limit number */ ("log-and-permit" | "block") ) ) ) ) ) ) ) end rule(:ragw_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("brief" | "detail" | "extensive" | "verbose") ), "flag" enum(("configuration" | "tunnel" | "session" | "all")) /* Tracing parameters */.as(:oneline) ) end rule(:range_address_type) do arg.as(:arg) ( c( "to" ( /* Port range upper limit */ c( ipv4addr /* Upper limit of address range */ ) ) ) ) end rule(:sbl_type) do c( "profile" arg ( /* SBL profile */ c( "sbl-default-server" /* Default SBL server */, "no-sbl-default-server" /* Don't default SBL server */, "spam-action" ( /* Anti-spam actions */ ("block" | "tag-header" | "tag-subject") ), "custom-tag-string" arg /* Custom tag string */, "address-whitelist" arg /* Anti-spam whitelist */, "address-blacklist" arg /* Anti-spam blacklist */ ) ) ) end rule(:secure_wire_type) do arg.as(:arg) ( c( "interface" ( /* Secure-wire logical interface */ interface_unit /* Secure-wire logical interface */ ) ) ) end rule(:security_ipsec_policies) do c( "from-zone" ( /* Define ipsec policy context */ security_ipsec_policy /* Define ipsec policy context */ ) ) end rule(:security_ipsec_policy) do s( arg, "to-zone" arg /* Outgoing zone */, c( "ipsec-group-vpn" arg /* Group VPN name */ ) ) end rule(:ipsec_traceoptions) do c( "flag" enum(("packet-processing" | "packet-drops" | "security-associations" | "next-hop-tunnel-binding" | "all")) /* Events to include in data-plane IPSec trace output */.as(:oneline) ) end rule(:ipsec_vpn_monitor) do c( "interval" arg /* Monitor interval in seconds */, "threshold" arg /* Number of consecutive failures to determine connectivity */ ) end rule(:ipsec_vpn_template) do arg.as(:arg) ( c( "bind-interface" ( /* Bind to tunnel interface (route-based VPN) */ interface_name /* Bind to tunnel interface (route-based VPN) */ ), "df-bit" ( /* Specifies how to handle the Don't Fragment bit */ ("clear" | "set" | "copy") ), "multi-sa" ( /* Negotiate multiple SAs based on configuration choice */ c( c( "forwarding-class" arg ) ) ), "copy-outer-dscp" /* Enable copying outer IP header DSCP and ECN to inner IP header */, "vpn-monitor" ( /* Monitor VPN liveliness */ ipsec_template_monitor /* Monitor VPN liveliness */ ), c( "manual" ( /* Define a manual security association */ c( "gateway" ( /* Define the IPSec peer */ hostname /* Define the IPSec peer */ ), "external-interface" ( /* External interface for the security association */ interface_unit /* External interface for the security association */ ), "protocol" ( /* Define an IPSec protocol for the security association */ ("ah" | "esp") ), "spi" arg /* Define security parameter index */, "authentication" ( /* Define authentication parameters */ c( "algorithm" ( /* Define authentication algorithm */ ("hmac-md5-96" | "hmac-sha1-96" | "hmac-sha-256-128" | "hmac-sha-256-96") ), "key" ( /* Define an authentication key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline) ) ), "encryption" ( /* Define encryption parameters */ c( "algorithm" ( /* Define encryption algorithm */ ("des-cbc" | "3des-cbc" | "aes-128-cbc" | "aes-192-cbc" | "aes-256-cbc" | "aes-128-gcm" | "aes-256-gcm") ), "key" ( /* Define an encryption key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline) ) ) ) ), "ike" ( /* Define an IKE-keyed IPSec vpn */ c( "gateway" arg /* Name of remote gateway */, "idle-time" arg /* Idle time to delete SA */, "no-anti-replay" /* Disable the anti-replay check */, "proxy-identity" ( /* IPSec proxy-id to use in IKE negotiations */ ipsec_template_proxy_id /* IPSec proxy-id to use in IKE negotiations */ ), "ipsec-policy" arg /* Name of the IPSec policy */, "install-interval" arg /* Delay installation of rekeyed outbound SAs on initiator */ ) ) ), "traffic-selector" arg ( /* Traffic selector */ c( "local-ip" ( /* IP address of local traffic-selector */ ipprefix_mandatory /* IP address of local traffic-selector */ ), "remote-ip" ( /* IP address of remote traffic-selector */ ipprefix_mandatory /* IP address of remote traffic-selector */ ) ) ), "establish-tunnels" ( /* Define the criteria to establish tunnels */ ("immediately" | "on-traffic") ), "passive-mode-tunneling" /* No active IP packet checks before IPSec encapsulation */, "match-direction" arg /* Direction for which the rule match is applied */, "tunnel-mtu" arg /* Maximum transmit packet size */, "udp-encapsulate" ( /* UDP encapsulation of IPsec data traffic */ sc( "dest-port" arg /* UDP destination port */ ) ).as(:oneline) ) ) end rule(:ipsec_template_monitor) do c( "optimized" /* Optimize for scalability */, "source-interface" ( /* Source interface for monitor message */ interface_unit /* Source interface for monitor message */ ), "destination-ip" ( /* Destination IP addres for monitor message */ ipaddr /* Destination IP addres for monitor message */ ), "verify-path" ( /* Verify IPSec path using vpn-monitor before bring up st0 state */ c( "destination-ip" ( /* Destination IP addres for verify IPSec path */ ipaddr /* Destination IP addres for verify IPSec path */ ), "packet-size" arg /* Size of the packet */ ) ) ) end rule(:ipsec_template_proxy_id) do c( "local" ( /* Local IP address/prefix length */ ipprefix_mandatory /* Local IP address/prefix length */ ), "remote" ( /* Remote IP address/prefix length */ ipprefix_mandatory /* Remote IP address/prefix length */ ), "service" arg /* Name of serivce that passes through, any enables all services */ ) end rule(:security_zone_type) do arg.as(:arg) ( c( "description" arg /* Text description of zone */, "tcp-rst" /* Send RST for NON-SYN packet not matching TCP session */, "address-book" ( /* Address book entries */ address_book_type /* Address book entries */ ), "screen" arg /* Name of ids option object applied to the zone */, "host-inbound-traffic" ( /* Allowed system services & protocols */ zone_host_inbound_traffic_t /* Allowed system services & protocols */ ), "interfaces" ( /* Interfaces that are part of this zone */ zone_interface_list_type /* Interfaces that are part of this zone */ ), "application-tracking" /* Enable Application tracking support for this zone */, "source-identity-log" /* Show user and group info in session log for this zone */, "advance-policy-based-routing-profile" ( /* Enable Advance Policy Based Routing on this zone */ c( arg ) ), "enable-reverse-reroute" /* Enable Reverse route lookup when there is change in ingress interface */ ) ) end rule(:address_book_type) do c( "address" ( /* Define a security address */ address_type /* Define a security address */ ), "address-set" ( /* Define a security address set */ address_set_type /* Define a security address set */ ) ) end rule(:server) do c( "host" arg /* Server host IP address or string host name */, "port" arg /* Server port */, "routing-instance" arg /* Routing instance name */ ) end rule(:session_timeout_type) do c( "tcp" arg /* Timeout value for tcp sessions */, "udp" arg /* Timeout value for udp sessions */, "ospf" arg /* Timeout value for ospf sessions */, "icmp" arg /* Timeout value for icmp sessions */, "icmp6" arg /* Timeout value for icmp6 sessions */, "others" arg /* Timeout value for other sessions */ ) end rule(:sla_policy_type) do arg.as(:arg) ( c( "description" arg /* Text description of policy */, "match" ( /* Specify sla policy match-criteria */ c( c( "source-address" ( ("any" | "any-ipv4" | "any-ipv6" | arg) ) ), c( "destination-address" ( ("any" | "any-ipv4" | "any-ipv6" | arg) ) ), "source-address-excluded" /* Exclude source addresses */, "destination-address-excluded" /* Exclude destination addresses */, c( "application" arg ) ) ), "then" ( /* Specify policy action to take when packet match criteria */ c( c( "application-services" ( /* Application Services */ sla_application_services_type /* Application Services */ ) ) ) ) ) ) end rule(:sla_application_services_type) do c( "advance-policy-based-routing-profile" arg /* Specify APBR profile name */ ) end rule(:softwires_object) do c( "softwire-name" ( /* Configure softwire object */ softwire_option_type /* Configure softwire object */ ), "traceoptions" ( /* Trace options for Network Security DS-Lite */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "flag" enum(("configuration" | "flow" | "all")) /* Tracing parameters */.as(:oneline) ) ), "rule-set" ( /* Define a softwire rule set */ sw_rule_set_object /* Define a softwire rule set */ ) ) end rule(:softwire_option_type) do arg.as(:arg) ( c( "softwire-concentrator" ( /* Concentrator address */ ipaddr /* Concentrator address */ ), "softwire-type" ( /* Softwire-type */ ("IPv4-in-IPv6" | "v6rd") ), "ipv4-prefix" ( /* 6rd customer edge IPV4 prefix */ ipv4prefix /* 6rd customer edge IPV4 prefix */ ), "v6rd-prefix" ( /* 6rd domain's IPV6 prefix */ ipv6prefix /* 6rd domain's IPV6 prefix */ ), "mtu-v4" arg /* MTU for the softwire tunnel */ ) ) end rule(:sophos_fallback_settings) do c( "default" ( /* Default action */ ("permit" | "log-and-permit" | "block") ), "content-size" ( /* Fallback action for over content size */ ("permit" | "log-and-permit" | "block") ), "engine-not-ready" ( /* Fallback action for engine not ready */ ("permit" | "log-and-permit" | "block") ), "timeout" ( /* Fallback action for engine scan timeout */ ("permit" | "log-and-permit" | "block") ), "out-of-resources" ( /* Fallback action for out of resources */ ("permit" | "log-and-permit" | "block") ), "too-many-requests" ( /* Fallback action for requests exceed engine limit */ ("permit" | "log-and-permit" | "block") ) ) end rule(:sophos_scan_options) do c( "uri-check" /* Anti-virus uri-check */, "no-uri-check" /* Don't anti-virus uri-check */, "content-size-limit" arg /* Content size limit */, "timeout" arg /* Scan engine timeout */ ) end rule(:ssg_destination_nat_object) do c( "pool" arg ( /* Define a destination address pool */ c( "description" arg /* Text description of pool */, "routing-instance" ( /* Routing instance */ c( c( "default" /* Default routing-instance */, arg ) ) ), "address" ( /* Add address or address range to pool */ sc( c( "to" ( /* Upper limit of address range */ c( ipprefix /* IPv4 or IPv6 upper limit of address range */ ) ), "port" arg /* Specify the port value */ ), ipprefix /* IPv4 or IPv6 address or address range */ ) ).as(:oneline) ) ), "port-forwarding" arg ( /* Define a port-forwarding mapping pool */ c( "description" arg /* Text description of port forwarding mapping */, "destined-port" ( /* Port forwarding mappings */ s( arg, "translated-port" arg /* Translated port */ ) ).as(:oneline) ) ), "rule-set" arg ( /* Configurate a set of rules */ c( "description" arg /* Text description of rule set */, "from" ( /* Where is the traffic from */ sc( c( "routing-instance" ( /* Source routing instance list */ ("default" | arg) ), "zone" arg /* Source zone list */, "interface" ( /* Source interface list */ interface_name /* Source interface list */ ) ) ) ).as(:oneline), "rule" ( /* Destination NAT rule */ dest_nat_rule_object /* Destination NAT rule */ ), "match-direction" ( /* Match direction */ ("input" | "output") ) ) ) ) end rule(:dest_nat_rule_object) do arg.as(:arg) ( c( "description" arg /* Text description of rule */, "dest-nat-rule-match" ( /* Specify Destination NAT rule match criteria */ c( "source-address" ( /* Source address */ ipprefix /* Source address */ ), "source-address-name" arg /* Address/address-set from address book */, c( "destination-address" ( /* Destination address */ sc( ipprefix /* IPv4 or IPv6 destination address */ ) ).as(:oneline), "destination-address-name" ( /* Address from address book */ sc( arg ) ).as(:oneline) ), "destination-port" arg ( /* Destination port */ sc( "to" ( /* Port range upper limit */ c( arg /* Upper limit of port range */ ) ) ) ).as(:oneline), "protocol" ( /* IP Protocol */ ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | arg) ), "application" arg ) ), "then" ( /* Then action */ c( "destination-nat" ( /* Destination NAT action */ c( c( "off" /* No action */, "pool" ( /* Use Destination NAT pool */ c( arg ) ), "destination-prefix" ( /* Destination prefix to be used for NAT64 and 464 translation type */ ipprefix_only /* Destination prefix to be used for NAT64 and 464 translation type */ ) ), "port-forwarding-mappings" ( /* Use Destination NAT port forwarding mapping pool */ c( arg ) ), "rule-session-count-alarm" ( /* Config rule-session-count-alarm to destination rule */ nat_rule_session_count_alarm_object /* Config rule-session-count-alarm to destination rule */ ).as(:oneline) ) ) ) ) ) ) end rule(:nat_rule_session_count_alarm_object) do c( "raise-threshold" arg /* Raise threshold for rule session count alarm */, "clear-threshold" arg /* Clear threshold for session count hit alarm */ ).as(:oneline) end rule(:ssg_proxy_arp_object) do c( "interface" ( /* Interface with proxy arp configured */ ssg_interface_object /* Interface with proxy arp configured */ ) ) end rule(:ssg_interface_object) do arg.as(:arg) ( c( "address" arg ( /* Proxy ARP address */ sc( "to" ( /* Upper limit of address range */ c( ipv4prefix /* Upper limit of address range */ ) ) ) ).as(:oneline) ) ) end rule(:ssg_proxy_ndp_object) do c( "interface" ( /* Interface with proxy arp configured */ ssg_proxy_ndp_interface_object /* Interface with proxy arp configured */ ) ) end rule(:ssg_proxy_ndp_interface_object) do arg.as(:arg) ( c( "address" arg ( /* Proxy ndp address */ sc( "to" ( /* Upper limit of address range */ c( ipv6addr /* Upper limit of address range */ ) ) ) ).as(:oneline) ) ) end rule(:ssg_source_nat_object) do c( "pool" arg ( /* Define a source address pool */ c( "description" arg /* Text description of pool */, "routing-instance" ( /* Routing instance */ c( arg ) ), "address" arg ( /* Add address to pool */ sc( "to" ( /* Upper limit of address range */ c( ipprefix /* IPv4 or IPv6 upper limit of address range */ ) ) ) ).as(:oneline), "host-address-base" ( /* The base of host address */ sc( ipprefix /* IPv4 or IPv6 base address */ ) ).as(:oneline), "port" ( /* Config port attribute to pool */ c( c( "no-translation" /* Do not perform port translation */, "range" ( /* Port range */ c( arg, "to" ( /* Port range upper limit */ c( arg ) ), "twin-port" ( /* Twin port range */ c( arg, "to" ( /* Twin port range upper limit */ c( arg ) ) ) ) ) ) ), "port-overloading-factor" arg /* Port overloading factor for each IP */, "block-allocation" ( /* Port block allocation */ block_allocation_object /* Port block allocation */ ), "deterministic" ( /* Deterministic nat allocation */ deterministic_object /* Deterministic nat allocation */ ), "preserve-parity" /* Allocate port as the same parity as incoming port */, "preserve-range" /* Allocate port from the same port range as incoming port */, "automatic" ( /* Port assignment */ c( c( "random-allocation" /* Allocate port randomly */, "round-robin" /* Allocate port by round-robin */ ) ) ) ) ), "overflow-pool" ( /* Specify an overflow pool */ sc( c( arg, "interface" /* Allow interface pool to support overflow */ ) ) ).as(:oneline), "address-shared" /* Allow multiple hosts to share an externel address */, "address-pooling" ( /* Specify the address-pooling behavior */ sc( c( "paired" /* Allow address-pooling paired for a source pool with port translation */, "no-paired" /* Allow address-pooling no-paired for a source pool without port translation */ ) ) ).as(:oneline), "address-persistent" ( /* Specify the address-persistent behavior */ sc( "subscriber" ( /* Configure address persistent for subscriber */ sc( "ipv6-prefix-length" arg /* Ipv6 prefix length for address persistent */ ) ).as(:oneline) ) ).as(:oneline), "pool-utilization-alarm" ( /* Config pool-utilization-alarm to pool */ source_nat_pool_utilization_alarm_object /* Config pool-utilization-alarm to pool */ ).as(:oneline), "ei-mapping-timeout" arg /* Endpoint-independent mapping timeout */, "mapping-timeout" arg /* Address-pooling paired and endpoint-independent mapping timeout */, "limit-ports-per-host" arg /* Number of ports allocated per host */ ) ), "address-persistent" /* Allow source address to maintain same translation */, "session-persistence-scan" /* Allow source to maintain session when session scan */, "session-drop-hold-down" arg /* Session drop hold down time */, "pool-utilization-alarm" ( /* Configure pool utilization alarm */ source_nat_pool_utilization_alarm_object /* Configure pool utilization alarm */ ).as(:oneline), "port-randomization" ( /* Configure Source NAT port randomization */ sc( ("disable") ) ).as(:oneline), "port-round-robin" /* Configure Source NAT port randomization */.as(:oneline), "port-scaling-enlargement" /* Configure source port scaling to 2.4G only for NGSPC */, "pool-distribution" /* Configure Source pool distribution, the APPCP bottleneck of NAT CPS can be alleviated. */, "pool-default-port-range" ( /* Configure Source NAT default port range */ sc( arg, "to" ( /* Port range upper limit */ c( arg ) ) ) ).as(:oneline), "pool-default-twin-port-range" ( /* Configure Source NAT default twin port range */ sc( arg, "to" ( /* Twin port range upper limit */ c( arg ) ) ) ).as(:oneline), "interface" ( /* Configure interface port overloading for persistent NAT */ c( c( "port-overloading" ( /* Configure port overloading */ sc( "off" /* Turn off interface port over-loading */ ) ).as(:oneline), "port-overloading-factor" arg /* Port overloading factor for interface NAT */ ) ) ), "rule-set" arg ( /* Configurate a set of rules */ c( "description" arg /* Text description of rule set */, "from" ( /* Where is the traffic from */ sc( c( "routing-instance" ( /* Source routing instance list */ ("default" | arg) ), "zone" arg /* Source zone list */, "interface" ( /* Source interface list */ interface_name /* Source interface list */ ) ) ) ).as(:oneline), "to" ( /* Where is the traffic to */ sc( c( "routing-instance" ( /* Destination routing instance list */ ("default" | arg) ), "zone" arg /* Destination zone list */, "interface" ( /* Destination interface list */ interface_name /* Destination interface list */ ) ) ) ).as(:oneline), "rule" ( /* Source NAT rule */ src_nat_rule_object /* Source NAT rule */ ), "match-direction" ( /* Match direction */ ("input" | "output") ) ) ) ) end rule(:block_allocation_object) do c( "block-size" arg /* Block size */, "maximum-blocks-per-host" arg /* Maximum block number per host */, "active-block-timeout" arg /* Active block timeout interval */, "interim-logging-interval" arg /* Interim Logging interval */, "last-block-recycle-timeout" arg /* Last Block recycle timeout interval */, "log" ( /* Configure port block log */ sc( ("disable") ) ).as(:oneline) ) end rule(:deterministic_object) do c( "block-size" arg /* Block size */, "det-nat-configuration-log-interval" arg /* Deterministic nat configuration logging interval */, "host" ( /* Host address */ sc( "address" ( /* Host ip address */ ipprefix /* Host ip address */ ), "address-name" arg /* Host address/address-set from address book */ ) ).as(:oneline), "include-boundary-addresses" /* Include network and broadcast in 'match' source address */ ) end rule(:source_nat_pool_utilization_alarm_object) do c( "raise-threshold" arg /* Raise threshold for pool utilization alarm */, "clear-threshold" arg /* Clear threshold for pool utilization alarm */ ).as(:oneline) end rule(:src_nat_rule_object) do arg.as(:arg) ( c( "description" arg /* Text description of rule */, "src-nat-rule-match" ( /* Specify Source NAT rule match criteria */ c( "source-address" ( /* Source address */ ipprefix /* Source address */ ), "source-address-name" arg /* Address/address-set from address book */, "source-port" arg ( /* Source port */ sc( "to" ( /* Port range upper limit */ c( arg /* Upper limit of port range */ ) ) ) ).as(:oneline), "destination-address" ( /* Destination address */ ipprefix /* Destination address */ ), "destination-address-name" arg /* Address/address-set from address book */, "destination-port" arg ( /* Destination port */ sc( "to" ( /* Port range upper limit */ c( arg /* Upper limit of port range */ ) ) ) ).as(:oneline), "protocol" ( /* IP Protocol */ ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | arg) ), "application" arg ) ), "then" ( /* Then action */ c( "source-nat" ( /* Source NAT action */ c( c( "off" /* No action */, "pool" ( /* Use Source NAT pool */ c( arg, "persistent-nat" ( /* Persistent NAT info */ persistent_nat_object /* Persistent NAT info */ ) ) ), "interface" ( /* Use egress interface address */ c( "persistent-nat" ( /* Persistent NAT info */ persistent_nat_object /* Persistent NAT info */ ) ) ) ), "clat-prefix" ( /* An IPv6 prefix to be used for XLAT464 and prefix length can only be 32/40/48/56/64/96 */ ipprefix_only /* An IPv6 prefix to be used for XLAT464 and prefix length can only be 32/40/48/56/64/96 */ ), "rule-session-count-alarm" ( /* Config rule-session-count-alarm to source rule */ nat_rule_session_count_alarm_object /* Config rule-session-count-alarm to source rule */ ).as(:oneline), "mapping-type" ( /* Source nat mapping type */ sc( "endpoint-independent" /* Endpoint independent mapping */ ) ).as(:oneline), "secure-nat-mapping" ( /* Mapping options for enhanced security */ sc( "eif-flow-limit" arg /* Number of inbound flows to be allowed for a EIF mapping */, "mapping-refresh" ( /* Enable timer refresh option */ sc( c( "inbound" /* Enable timer refresh for inbound connections only */, "outbound" /* Enable timer refresh for outbound connections only */, "inbound-outbound" /* Enable timer refresh for inbound & outbound connections */ ) ) ).as(:oneline) ) ).as(:oneline), "filtering-type" ( /* Source NAT filtering type */ c( "endpoint-independent" ( /* Endpoint independent filtering */ c( "prefix-list" arg ( /* One or more named lists of source prefixes to match */ sc( "except" /* Name of prefix list not to match against */ ) ).as(:oneline) ) ) ) ) ) ) ) ) ) ) end rule(:persistent_nat_object) do c( "permit" ( /* Persistent NAT permit configure */ sc( c( "any-remote-host" /* Permit any remote host */, "target-host" /* Permit target host */, "target-host-port" /* Permit target host port */ ) ) ).as(:oneline), "address-mapping" /* Address-to-address mapping */, "inactivity-timeout" arg /* Inactivity timeout value */, "max-session-number" arg /* The maximum session number value */ ) end rule(:ssg_static_nat_object) do c( "rule-set" arg ( /* Configurate a set of rules */ c( "description" arg /* Text description of rule set */, "from" ( /* Where is the traffic from */ sc( c( "routing-instance" ( /* Source routing instance list */ ("default" | arg) ), "zone" arg /* Source zone list */, "interface" ( /* Source interface list */ interface_name /* Source interface list */ ) ) ) ).as(:oneline), "rule" ( /* Static NAT rule */ static_nat_rule_object /* Static NAT rule */ ) ) ) ) end rule(:static_nat_rule_object) do arg.as(:arg) ( c( "description" arg /* Text description of rule */, "static-nat-rule-match" ( /* Specify Static NAT rule match criteria */ c( "source-address" ( /* Source address */ ipprefix /* Source address */ ), "source-address-name" arg /* Address from address book */, "source-port" arg ( /* Source port */ sc( "to" ( /* Port range upper limit */ c( arg /* Upper limit of port range */ ) ) ) ).as(:oneline), c( "destination-address" ( /* Destination address */ sc( ipprefix /* IPv4 or IPv6 Destination address prefix */ ) ).as(:oneline), "destination-address-name" ( /* Address from address book */ sc( arg ) ).as(:oneline) ), "destination-port" ( /* Destination port */ sc( arg /* Port or lower limit of port range */, "to" ( /* Port range upper limit */ c( arg /* Upper limit of port range */ ) ) ) ).as(:oneline) ) ), "then" ( /* Then action */ c( "static-nat" ( /* Static NAT action */ c( c( "inet" ( /* Translated to IPv4 address */ c( "routing-instance" ( /* Routing instance */ ("default" | arg) ) ) ), "prefix" ( /* Address prefix */ c( "mapped-port" ( /* Mapped port */ static_nat_rule_mapped_port_object /* Mapped port */ ).as(:oneline), "routing-instance" ( /* Routing instance */ ("default" | arg) ), ipprefix /* IPv4 or IPv6 address prefix value */ ) ), "prefix-name" ( /* Address from address book */ c( arg, "mapped-port" ( /* Mapped port */ static_nat_rule_mapped_port_object /* Mapped port */ ).as(:oneline), "routing-instance" ( /* Routing instance */ ("default" | arg) ) ) ), "nptv6-prefix" ( /* NPTv6 address prefix, the longest prefix will be supported is /64 */ c( "routing-instance" ( /* Routing instance */ ("default" | arg) ), ipprefix /* IPv6 address prefix value, the longest prefix will be supported is /64 */ ) ), "nptv6-prefix-name" ( /* NPTv6 address from address book */ c( arg, "routing-instance" ( /* Routing instance */ ("default" | arg) ) ) ) ), "rule-session-count-alarm" ( /* Config rule-session-count-alarm to static rule */ nat_rule_session_count_alarm_object /* Config rule-session-count-alarm to static rule */ ).as(:oneline) ) ) ) ) ) ) end rule(:static_nat_rule_mapped_port_object) do c( arg /* Port or lower limit of port range */, "to" ( /* Port range upper limit */ c( arg /* Upper limit of port range */ ) ) ).as(:oneline) end rule(:sw_rule_set_object) do arg.as(:arg) ( c( "rule" arg ( /* Define a rule term */ c( "then" ( /* Action to take if the condition is matched */ c( c( "v6rd" arg /* Apply 6rd softwire */ ) ) ) ) ), "match-direction" ( /* Match direction */ ("input" | "output") ) ) ) end rule(:tunnel_type) do c( c( "ipsec-vpn" arg /* Enable VPN with name */, "ipsec-group-vpn" arg /* Enable dynamic IPSEC group with name */ ), "pair-policy" arg /* Policy in the reverse direction, to form a pair */ ) end rule(:url_list_type) do arg.as(:arg) ( c( "value" arg /* Configure value of url-list object */ ) ) end rule(:utm_apppxy_traceoptions) do c( "flag" enum(("abort" | "application-objects" | "utm-realtime" | "anti-virus" | "basic" | "buffer" | "detail" | "ftp-data" | "ftp-control" | "http" | "imap" | "memory" | "parser" | "pfe" | "pop3" | "queue" | "smtp" | "tcp" | "timer" | "connection-rating" | "mime" | "regex-engine" | "sophos-anti-virus" | "all")) /* Tracing parameters for utm application proxy */.as(:oneline) ) end rule(:utm_ipc_traceoptions) do c( "flag" enum(("basic" | "detail" | "connection-manager" | "connection-status" | "pfe" | "utm-realtime" | "all")) /* Traceoptions for utm IPC flag */.as(:oneline) ) end rule(:utm_traceoptions) do c( "flag" enum(("cli" | "daemon" | "ipc" | "pfe" | "all")) /* Tracing UTM information */.as(:oneline) ) end rule(:web_filtering_block_message) do c( "type" ( /* Type of block message desired */ ("custom-redirect-url") ), "url" arg /* URL of block message */ ) end rule(:web_filtering_fallback_setting) do c( "default" ( /* Fallback default settings */ ("log-and-permit" | "block") ), "server-connectivity" ( /* Fallback action when device cannot connect to server */ ("log-and-permit" | "block") ), "timeout" ( /* Fallback action when connection to server timeout */ ("log-and-permit" | "block") ), "too-many-requests" ( /* Fallback action when requests exceed the limit of engine */ ("log-and-permit" | "block") ) ) end rule(:web_filtering_quarantine_message) do c( "type" ( /* Type of quarantine message desired */ ("custom-redirect-url") ), "url" arg /* URL of quarantine message */ ) end rule(:web_filtering_traceoptions) do c( "flag" enum(("basic" | "session-manager" | "heartbeat" | "packet" | "profile" | "requests" | "response" | "socket" | "timer" | "ipc" | "cache" | "enhanced" | "all")) /* Trace options for web-filtering feature trace flag */.as(:oneline) ) end rule(:webfilter_feature) do c( "surf-control-integrated" ( /* Configure web-filtering surf-control integrated engine */ surf_control_integrated_type /* Configure web-filtering surf-control integrated engine */ ), "websense-redirect" ( /* Configure web-filtering websense redirect engine */ websense_type /* Configure web-filtering websense redirect engine */ ), "juniper-local" ( /* Configure web-filtering juniper local engine */ juniper_local_type /* Configure web-filtering juniper local engine */ ), "juniper-enhanced" ( /* Configure web-filtering juniper enhanced engine */ juniper_enhanced_type /* Configure web-filtering juniper enhanced engine */ ) ) end rule(:juniper_enhanced_type) do c( "profile" arg ( /* Juniper enhanced profile */ c( "base-filter" arg /* Juniper base filter */, "category" ( /* Juniper enhanced category */ juniper_enhanced_category_type /* Juniper enhanced category */ ), "site-reputation-action" ( /* Juniper enhanced site reputation action */ juniper_enhanced_site_reputation_setting /* Juniper enhanced site reputation action */ ), "default" ( /* Juniper enhanced profile default */ ("permit" | "block" | "log-and-permit" | "quarantine") ), "custom-block-message" arg /* Juniper enhanced custom block message sent to HTTP client */, "quarantine-custom-message" arg /* Juniper enhanced quarantine custom message */, "fallback-settings" ( /* Juniper enhanced fallback settings */ web_filtering_fallback_setting /* Juniper enhanced fallback settings */ ), "timeout" arg /* Juniper enhanced timeout */, "no-safe-search" /* Do not perform safe-search for Juniper enhanced protocol */, "block-message" ( /* Juniper enhanced block message settings */ web_filtering_block_message /* Juniper enhanced block message settings */ ), "quarantine-message" ( /* Juniper enhanced quarantine message settings */ web_filtering_quarantine_message /* Juniper enhanced quarantine message settings */ ) ) ) ) end rule(:juniper_local_type) do c( "profile" arg ( /* Juniper local profile */ c( "default" ( /* Juniper local profile default */ ("permit" | "block" | "log-and-permit") ), "category" ( /* Custom category */ custom_category_type /* Custom category */ ), "custom-block-message" arg /* Juniper local custom block message */, "quarantine-custom-message" arg /* Juniper local quarantine custom message */, "block-message" ( /* Juniper local block message settings */ web_filtering_block_message /* Juniper local block message settings */ ), "quarantine-message" ( /* Juniper local quarantine message settings */ web_filtering_quarantine_message /* Juniper local quarantine message settings */ ), "fallback-settings" ( /* Juniper local fallback settings */ web_filtering_fallback_setting /* Juniper local fallback settings */ ), "timeout" arg /* Juniper local timeout */ ) ) ) end rule(:surf_control_integrated_type) do c( "cache" ( c( "timeout" arg /* Surf control integrated cache timeout */, "size" arg /* Surf control integrated cache size */ ) ), "server" ( /* Surf control server */ server /* Surf control server */ ), "profile" arg ( /* Surf control integrated profile */ c( "category" ( /* Surf control integrated category */ surf_control_integrated_category_type /* Surf control integrated category */ ), "default" ( /* Surf control integrated profile default */ ("permit" | "block" | "log-and-permit") ), "custom-block-message" arg /* Surf control integrated custom block message */, "fallback-settings" ( /* Surf control integrated fallback settings */ web_filtering_fallback_setting /* Surf control integrated fallback settings */ ), "timeout" arg /* Surf control integrated timeout */ ) ) ) end rule(:surf_control_integrated_category_type) do arg.as(:arg) ( c( "action" ( /* Surf control integrated category type action */ ("permit" | "block" | "log-and-permit") ) ) ) end rule(:websense_type) do c( "profile" arg ( /* Websense redirect profile */ c( "server" ( /* Websense redirect server */ server /* Websense redirect server */ ), "category" ( /* Custom category */ custom_category_type /* Custom category */ ), "custom-block-message" arg /* Websense redirect custom block message */, "quarantine-custom-message" arg /* Websense redirect quarantine custom message */, "block-message" ( /* Websense redirect block message settings */ web_filtering_block_message /* Websense redirect block message settings */ ), "quarantine-message" ( /* Websense redirect quarantine message settings */ web_filtering_quarantine_message /* Websense redirect quarantine message settings */ ), "fallback-settings" ( /* Websense redirect fallback settings */ web_filtering_fallback_setting /* Websense redirect fallback settings */ ), "timeout" arg /* Websense redirect timeout */, "sockets" arg /* Websense redirect sockets number */, "account" arg /* Websense redirect account */ ) ) ) end rule(:wildcard_address_type) do arg.as(:arg) end rule(:zone_interface_list_type) do arg.as(:arg) ( c( "host-inbound-traffic" ( interface_host_inbound_traffic_t ) ) ) end rule(:interface_host_inbound_traffic_t) do c( "system-services" ( /* Type of incoming system-service traffic to accept */ interface_system_services_object_type /* Type of incoming system-service traffic to accept */ ), "protocols" ( /* Protocol type of incoming traffic to accept */ host_inbound_protocols_object_type /* Protocol type of incoming traffic to accept */ ) ) end rule(:host_inbound_protocols_object_type) do enum(("all" | "bfd" | "bgp" | "dvmrp" | "igmp" | "ldp" | "msdp" | "ndp" | "nhrp" | "ospf" | "ospf3" | "pgm" | "pim" | "rip" | "ripng" | "router-discovery" | "rsvp" | "sap" | "vrrp")).as(:arg) ( c( "except" /* Protocol type of incoming traffic to disallow */ ) ) end rule(:interface_system_services_object_type) do enum(("all" | "bootp" | "dhcp" | "dhcpv6" | "dns" | "finger" | "ftp" | "ident-reset" | "http" | "https" | "ike" | "netconf" | "ping" | "rlogin" | "reverse-telnet" | "reverse-ssh" | "rpm" | "rsh" | "snmp" | "snmp-trap" | "ssh" | "telnet" | "traceroute" | "xnm-ssl" | "xnm-clear-text" | "tftp" | "lsping" | "ntp" | "sip" | "r2cp" | "webapi-clear-text" | "webapi-ssl" | "tcp-encap" | "appqoe" | "any-service")).as(:arg) ( c( "except" /* Type of incoming system-service traffic to disallow */ ) ) end rule(:zone_host_inbound_traffic_t) do c( "system-services" ( /* Type of incoming system-service traffic to accept */ zone_system_services_object_type /* Type of incoming system-service traffic to accept */ ), "protocols" ( /* Protocol type of incoming traffic to accept */ host_inbound_protocols_object_type /* Protocol type of incoming traffic to accept */ ) ) end rule(:zone_system_services_object_type) do enum(("all" | "bootp" | "dhcp" | "dhcpv6" | "dns" | "finger" | "ftp" | "ident-reset" | "http" | "https" | "ike" | "netconf" | "ping" | "rlogin" | "reverse-telnet" | "reverse-ssh" | "rpm" | "rsh" | "snmp" | "snmp-trap" | "ssh" | "telnet" | "traceroute" | "xnm-ssl" | "xnm-clear-text" | "tftp" | "lsping" | "ntp" | "sip" | "r2cp" | "webapi-clear-text" | "webapi-ssl" | "tcp-encap" | "appqoe" | "any-service")).as(:arg) ( c( "except" /* Type of incoming system-service traffic to disallow */ ) ) end rule(:application_object) do arg.as(:arg) ( c( "description" arg /* Text description of application */, "term" ( /* Define individual application protocols */ term_object /* Define individual application protocols */ ), "application-protocol" ( /* Application protocol type */ ("bootp" | "dce-rpc" | "dce-rpc-portmap" | "dns" | "exec" | "ftp" | "ftp-data" | "gprs-gtp-c" | "gprs-gtp-u" | "gprs-gtp-v0" | "gprs-sctp" | "h323" | "icmp" | "icmpv6" | "ignore" | "iiop" | "ike-esp-nat" | "ip" | "login" | "mgcp-ca" | "mgcp-ua" | "ms-rpc" | "netbios" | "netshow" | "none" | "pptp" | "q931" | "ras" | "realaudio" | "rpc" | "rpc-portmap" | "rsh" | "rtsp" | "sccp" | "sip" | "shell" | "snmp" | "sqlnet" | "sqlnet-v2" | "sun-rpc" | "talk" | "tftp" | "traceroute" | "http" | "winframe" | "https" | "imap" | "smtp" | "ssh" | "telnet" | "twamp" | "pop3" | "smtps" | "imaps" | "pop3s") ), "protocol" ( /* Match IP protocol type */ ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | arg) ), "source-port" ( /* Match TCP/UDP source port */ ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port" ( /* Match TCP/UDP destination port */ ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "ether-type" arg /* Match ether type */, "snmp-command" ( /* Match SNMP command */ ("get" | "get-next" | "get-response" | "set" | "trap") ), "icmp-type" ( /* Match ICMP message type */ ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ), "icmp6-type" ( /* Match ICMP6 message type */ ("echo-request" | "echo-reply" | "destination-unreachable" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "packet-too-big" | "membership-query" | "membership-report" | "membership-termination" | "redirect" | "neighbor-solicit" | "neighbor-advertisement" | "router-renumbering" | "node-information-request" | "node-information-reply" | arg) ), "icmp-code" ( /* Match ICMP message code */ ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ), "icmp6-code" ( /* Match ICMP6 message code */ ("no-route-to-destination" | "administratively-prohibited" | "address-unreachable" | "port-unreachable" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip6-header-bad" | "unrecognized-next-header" | "unrecognized-option" | arg) ), "ttl-threshold" arg /* Traceroute TTL threshold */, "rpc-program-number" arg /* Match range of RPC program numbers */, "uuid" arg /* Match universal unique identifier for DCE RPC objects */, "inactivity-timeout" ( /* Application-specific inactivity timeout */ ("never" | arg) ), "gate-timeout" arg /* Application-specific gate timeout */, "child-inactivity-timeout" arg /* Application-specific child session inactivity timeout */, "learn-sip-register" /* Learn potential incoming SIP calls by inspecting the SIP register method */, "sip-call-hold-timeout" arg /* SIP flow timeout when call is put on hold */, c( "do-not-translate-AAAA-query-to-A-query" /* Knob to control the translation of AAAA query to A query */, "do-not-translate-A-query-to-AAAA-query" /* Knob to control the translation of A query to AAAA query */ ) ) ) end rule(:term_object) do arg.as(:arg) ( c( "alg" ( /* Application Layer Gateway */ ("bootp" | "dce-rpc" | "dce-rpc-portmap" | "dns" | "exec" | "ftp" | "ftp-data" | "gprs-gtp-c" | "gprs-gtp-u" | "gprs-gtp-v0" | "gprs-sctp" | "h323" | "icmp" | "icmpv6" | "ignore" | "iiop" | "ike-esp-nat" | "ip" | "login" | "mgcp-ca" | "mgcp-ua" | "ms-rpc" | "netbios" | "netshow" | "none" | "pptp" | "q931" | "ras" | "realaudio" | "rpc" | "rpc-portmap" | "rsh" | "rtsp" | "sccp" | "sip" | "shell" | "snmp" | "sqlnet" | "sqlnet-v2" | "sun-rpc" | "talk" | "tftp" | "traceroute" | "http" | "winframe" | "https" | "imap" | "smtp" | "ssh" | "telnet" | "twamp") ), "protocol" ( /* Match IP protocol type */ ("icmp" | "igmp" | "ipip" | "tcp" | "egp" | "udp" | "rsvp" | "gre" | "esp" | "ah" | "icmp6" | "ospf" | "pim" | "sctp" | arg) ), "source-port" ( /* Match TCP/UDP source port */ ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "destination-port" ( /* Match TCP/UDP destination port */ ("ftp-data" | "ftp" | "ssh" | "telnet" | "smtp" | "tacacs" | "tacacs-ds" | "domain" | "dhcp" | "bootps" | "bootpc" | "tftp" | "finger" | "http" | "kerberos-sec" | "pop3" | "sunrpc" | "ident" | "nntp" | "ntp" | "netbios-ns" | "netbios-dgm" | "netbios-ssn" | "imap" | "snmp" | "snmptrap" | "xdmcp" | "bgp" | "ldap" | "mobileip-agent" | "mobilip-mn" | "msdp" | "https" | "snpp" | "biff" | "exec" | "login" | "who" | "cmd" | "syslog" | "printer" | "talk" | "ntalk" | "rip" | "timed" | "klogin" | "kshell" | "ldp" | "krb-prop" | "krbupdate" | "kpasswd" | "socks" | "afs" | "pptp" | "radius" | "radacct" | "zephyr-srv" | "zephyr-clt" | "zephyr-hm" | "nfsd" | "eklogin" | "ekshell" | "rkinit" | "cvspserver" | arg) ), "icmp-type" ( /* Match ICMP message type */ ("echo-request" | "echo-reply" | "unreachable" | "source-quench" | "redirect" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "timestamp" | "timestamp-reply" | "info-request" | "info-reply" | "mask-request" | "mask-reply" | arg) ), "icmp-code" ( /* Match ICMP message code */ ("network-unreachable" | "host-unreachable" | "protocol-unreachable" | "port-unreachable" | "fragmentation-needed" | "source-route-failed" | "destination-network-unknown" | "destination-host-unknown" | "source-host-isolated" | "destination-network-prohibited" | "destination-host-prohibited" | "network-unreachable-for-tos" | "host-unreachable-for-tos" | "communication-prohibited-by-filtering" | "host-precedence-violation" | "precedence-cutoff-in-effect" | "redirect-for-network" | "redirect-for-host" | "redirect-for-tos-and-net" | "redirect-for-tos-and-host" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip-header-bad" | "required-option-missing" | arg) ), "icmp6-type" ( /* Match ICMP6 message type */ ("echo-request" | "echo-reply" | "destination-unreachable" | "router-advertisement" | "router-solicit" | "time-exceeded" | "parameter-problem" | "packet-too-big" | "membership-query" | "membership-report" | "membership-termination" | "redirect" | "neighbor-solicit" | "neighbor-advertisement" | "router-renumbering" | "node-information-request" | "node-information-reply" | arg) ), "icmp6-code" ( /* Match ICMP6 message code */ ("no-route-to-destination" | "administratively-prohibited" | "address-unreachable" | "port-unreachable" | "ttl-eq-zero-during-transit" | "ttl-eq-zero-during-reassembly" | "ip6-header-bad" | "unrecognized-next-header" | "unrecognized-option" | arg) ), "rpc-program-number" arg /* Match range of RPC program numbers */, "uuid" arg /* Match universal unique identifier for DCE RPC objects */, "inactivity-timeout" ( /* Application-specific inactivity timeout */ ("never" | arg) ) ) ).as(:oneline) end rule(:gvpn_member_ike) do c( "traceoptions" ( /* Trace options for Group VPN Member */ c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("timer" | "routing-socket" | "parse" | "config" | "ike" | "policy-manager" | "general" | "database" | "certificates" | "snmp" | "thread" | "high-availability" | "next-hop-tunnels" | "all")) /* Tracing parameters */.as(:oneline), "gateway-filter" ( /* Set gateway filter for trace */ c( "local-address" ( /* Use an IP address to identify the local gateway */ ipv4addr /* Use an IP address to identify the local gateway */ ), "remote-address" ( /* Use an IP address to identify the remote gateway */ ipv4addr /* Use an IP address to identify the remote gateway */ ) ) ) ) ), "proposal" ( /* Define an IKE proposal */ gvpn_member_ike_proposal /* Define an IKE proposal */ ), "policy" ( /* Define an IKE policy */ gvpn_ike_policy /* Define an IKE policy */ ), "gateway" arg ( /* Define an IKE gateway */ c( "ike-policy" arg /* Name of the IKE policy */, "address" ( /* Addresses or hostnames of peer:1 primary, upto 4 backups */ hostname /* Addresses or hostnames of peer:1 primary, upto 4 backups */ ), "server-address" ( /* Server Addresses upto 4 */ ipv4addr /* Server Addresses upto 4 */ ), "local-identity" ( /* Set the local IKE identity */ sc( c( "inet" ( /* Use an IPv4 address */ c( ipv4addr /* The local IPv4 identity */ ) ), "hostname" ( /* Use a fully-qualified domain name */ c( arg /* The local hostname */ ) ), "user-at-hostname" ( /* Use an e-mail address */ c( arg /* The local user-FQDN */ ) ), "distinguished-name" /* Use a distinguished name specified in local certificate */ ) ) ).as(:oneline), "remote-identity" ( /* Set the remote IKE identity */ sc( c( "inet" ( /* Use an IPv4 address */ c( ipv4addr /* The remote IPv4 identity */ ) ), "hostname" ( /* Use a fully-qualified domain name */ c( arg /* The remote hostname */ ) ), "user-at-hostname" ( /* Use an e-mail address */ c( arg /* The remote user-FQDN */ ) ) ) ) ).as(:oneline), "local-address" ( /* Local IPv4 address for group member */ ipv4addr /* Local IPv4 address for group member */ ), "routing-instance" arg /* Name of routing instance that hosts local address */ ) ) ) end rule(:gvpn_member_ike_proposal) do arg.as(:arg) ( c( "description" arg /* Text description of IKE proposal */, "authentication-method" ( /* Define authentication method */ ("pre-shared-keys" | "rsa-signatures" | "dsa-signatures") ), "dh-group" ( /* Define Diffie-Hellman group */ ("group1" | "group2" | "group5" | "group14" | "group24") ), "authentication-algorithm" ( /* Define authentication algorithm */ ("md5" | "sha1" | "sha-256" | "sha-384") ), "encryption-algorithm" ( /* Define encryption algorithm */ ("des-cbc" | "3des-cbc" | "aes-128-cbc" | "aes-192-cbc" | "aes-256-cbc") ), "lifetime-seconds" arg /* Lifetime, in seconds */ ) ) end rule(:ike_policy) do arg.as(:arg) ( c( "mode" ( /* Define the IKE first phase mode */ ("main" | "aggressive") ), "reauth-frequency" arg /* Re-auth Peer after reauth-frequency times hard lifetime. (0-100) Default:0=Disabled */, "description" arg /* Text description of IKE policy */, "proposals" arg, "certificate" ( /* Certificate configuration */ c( "local-certificate" arg /* Local certificate identifier */, "trusted-ca" ( /* Specify the CA to use */ sc( c( arg /* Index of the preferred CA to use */, "use-all" /* Use all configured CAs */, "ca-profile" arg /* Name of the preferred CA to use */, "trusted-ca-group" arg /* Name of the preferred CA group to use */ ) ) ).as(:oneline), "peer-certificate-type" ( /* Preferred type of certificate from peer */ ("pkcs7" | "x509-signature") ), "policy-oids" arg /* Certificate policy object identifiers (maximum 5) */ ) ), "proposal-set" ( /* Types of default IKE proposal-set */ ("basic" | "compatible" | "standard" | "suiteb-gcm-128" | "suiteb-gcm-256") ), "local-certificate" arg /* File to read certificate from */, "local-key-pair" arg /* File to read key-pair from */, "encoding" ( /* Encoding to use for certificate or CRL on disk */ ("binary" | "pem") ), "identity" arg /* Define the remote certificate name */, "pre-shared-key" ( /* Define a preshared key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline) ) ) end rule(:ike_proposal) do arg.as(:arg) ( c( "description" arg /* Text description of IKE proposal */, "authentication-method" ( /* Define authentication method */ ("pre-shared-keys" | "rsa-signatures" | "dsa-signatures" | "ecdsa-signatures-256" | "ecdsa-signatures-384") ), "dh-group" ( /* Define Diffie-Hellman group */ ("group1" | "group2" | "group5" | "group14" | "group15" | "group16" | "group19" | "group20" | "group24") ), "authentication-algorithm" ( /* Define authentication algorithm */ ("md5" | "sha1" | "sha-256" | "sha-384") ), "encryption-algorithm" ( /* Define encryption algorithm */ ("des-cbc" | "3des-cbc" | "aes-128-cbc" | "aes-192-cbc" | "aes-256-cbc" | "aes-128-gcm" | "aes-256-gcm") ), "lifetime-seconds" arg /* Lifetime, in seconds */ ) ) end rule(:ipsec_gvpn_member_template) do arg.as(:arg) ( c( "ike-gateway" arg /* Name of IKE gateway */, "group-vpn-external-interface" ( /* MPLS-facing interface used for Group VPN */ interface_name /* MPLS-facing interface used for Group VPN */ ), "group" arg /* Enable Group VPN by defining group id */, "heartbeat-threshold" arg /* Define heartbeat threshold for Group VPN */, "match-direction" ( /* Direction for which the rule match is applied */ ("input" | "output") ), "tunnel-mtu" arg /* Maximum transmit packet size */, "recovery-probe" /* Enable triggering recovery probe mechanism */, "df-bit" ( /* Specifies how to handle the Don't Fragment bit */ ("clear" | "set" | "copy") ), "forward-policy-mismatch" /* Enables forwarding of policy mismatch packets */, "fail-open" ( /* List of fail open rules */ ipsec_gvpn_fail_open_rule_object /* List of fail open rules */ ), "exclude" ( /* List of exclude rules */ ipsec_gvpn_exclude_rule_object /* List of exclude rules */ ) ) ) end rule(:ipsec_gvpn_rule_address_object) do arg.as(:arg) ( c( "source-address" ( /* Match IP source address */ ipsec_gvpn_addr_object /* Match IP source address */ ), "destination-address" ( /* Match IP destination address */ ipsec_gvpn_addr_object /* Match IP destination address */ ), "application" arg /* Match application */ ) ) end rule(:ipsec_internal_sa) do c( "description" arg /* Text description of internal security association */, "manual" ( /* Define a manual security association */ c( "encryption" ( /* Define encryption parameters */ c( "algorithm" ( /* Define encryption algorithm */ ("3des-cbc") ), "ike-ha-link-encryption" ( /* Enable HA link encryption IKE internal messages */ ("enable") ), "key" ( /* Define an encryption key */ sc( c( "ascii-text" ( /* Format as text */ unreadable /* Format as text */ ) ) ) ).as(:oneline) ) ), "direction" enum(("inbound" | "outbound" | "bidirectional")) ( /* Define the direction of the security association */ c( "protocol" ( /* Define an IPSec protocol for the security association */ ("ah" | "esp" | "bundle") ), "spi" arg /* Define security parameter index */, "auxiliary-spi" arg /* ESP security parameter index for IPSec SA bundle */, "authentication" ( /* Define authentication parameters */ c( "algorithm" ( /* Define authentication algorithm */ ("hmac-md5-96" | "hmac-sha1-96" | "hmac-sha2-256" | "hmac-sha-256-128") ), "key" ( /* Define an authentication key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline) ) ), "encryption" ( /* Define encryption parameters */ c( "algorithm" ( /* Define encryption algorithm */ ("des-cbc" | "3des-cbc" | "aes-128-cbc" | "aes-192-cbc" | "aes-256-cbc") ), "key" ( /* Define an encryption key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline) ) ) ) ) ) ) ) end rule(:ipsec_policy) do arg.as(:arg) ( c( "description" arg /* Text description of IPSec policy */, "perfect-forward-secrecy" ( /* Define perfect forward secrecy */ c( "keys" ( /* Define Diffie-Hellman group */ ("group1" | "group2" | "group5" | "group14" | "group15" | "group16" | "group19" | "group20" | "group24") ) ) ), "proposals" arg, "proposal-set" ( /* Types of default IPSEC proposal-set */ ("basic" | "compatible" | "standard" | "suiteb-gcm-128" | "suiteb-gcm-256" | "prime-128" | "prime-256") ) ) ) end rule(:ipsec_proposal) do arg.as(:arg) ( c( "description" arg /* Text description of IPSec proposal */, "protocol" ( /* Define an IPSec protocol for the proposal */ ("ah" | "esp" | "bundle") ), "authentication-algorithm" ( /* Define authentication algorithm */ ("hmac-md5-96" | "hmac-sha1-96" | "hmac-sha-256-128" | "hmac-sha-256-96" | "hmac-sha2-256") ), "encryption-algorithm" ( /* Define encryption algorithm */ ("des-cbc" | "3des-cbc" | "aes-128-cbc" | "aes-192-cbc" | "aes-256-cbc" | "aes-128-gcm" | "aes-192-gcm" | "aes-256-gcm") ), "lifetime-seconds" arg /* Lifetime, in seconds */, "lifetime-kilobytes" arg /* Lifetime, in kilobytes */ ) ) end rule(:security_ike) do c( "traceoptions" ( /* Trace options for IPSec key management */ security_traceoptions /* Trace options for IPSec key management */ ), "respond-bad-spi" ( /* Respond to IPSec packets with bad SPI values */ sc( arg ) ).as(:oneline), "proposal" ( /* Define an IKE proposal */ ike_proposal /* Define an IKE proposal */ ), "policy" ( /* Define an IKE policy */ ike_policy /* Define an IKE policy */ ), "gateway" arg ( /* Define an IKE gateway */ c( "ike-policy" arg /* Name of the IKE policy */, c( "address" ( /* Addresses or hostnames of peer:1 primary, upto 4 backups */ (arg) ), "dynamic" ( /* Site to site peer with dynamic IP address */ c( c( "distinguished-name" ( /* Use a distinguished name: */ c( c( "container" arg /* Specify the container string */, "wildcard" arg /* Specify the wildcard string */ ) ) ), "hostname" arg /* Use a fully-qualified domain name */, "inet" ( /* Use an IPV4 address to identify the dynamic peer */ ipv4addr /* Use an IPV4 address to identify the dynamic peer */ ), "inet6" ( /* Use an IPV6 address to identify the dynamic peer */ ipv6addr /* Use an IPV6 address to identify the dynamic peer */ ), "user-at-hostname" arg /* Use an e-mail address */ ), "connections-limit" arg /* Maximum number of users connected to gateway */, "ike-user-type" ( /* Type of the IKE ID */ ("group-ike-id" | "shared-ike-id") ), "reject-duplicate-connection" /* Reject new connection from duplicate IKE-id */ ) ) ), "dead-peer-detection" ( /* Enable RFC-3706 DPD */ c( "optimized" /* Send probes only when there is outgoing and no incoming data traffic - RFC3706 (Default mode) */, "probe-idle-tunnel" /* Send probes same as in optimized mode and also when there is no outgoing & incoming data traffic */, "always-send" /* Send DPD messages periodically, regardless of traffic */, "interval" arg /* The interval at which to send DPD messages */, "threshold" arg /* Maximum number of DPD retransmissions */ ) ), "no-nat-traversal" /* Disable IPSec NAT traversal */, "nat-keepalive" arg /* Interval at which to send NAT keepalives */, "local-identity" ( /* Set the local IKE identity */ sc( c( "inet" ( /* Use an IPv4 address */ c( ipv4addr /* The local IPv4 identity */ ) ), "inet6" ( /* Use an IPv6 address */ c( ipv6addr /* The local IPv6 identity */ ) ), "hostname" ( /* Use a fully-qualified domain name */ c( arg /* The local hostname */ ) ), "user-at-hostname" ( /* Use an e-mail address */ c( arg /* The local user-FQDN */ ) ), "distinguished-name" /* Use a distinguished name specified in local certificate */, "key-id" ( /* Key ID identification values in ASCII string */ c( arg ) ) ) ) ).as(:oneline), "remote-identity" ( /* Set the remote IKE identity */ sc( c( "inet" ( /* Use an IPv4 address */ c( ipv4addr /* The remote IPv4 identity */ ) ), "inet6" ( /* Use an IPv6 address */ c( ipv6addr /* The remote IPv6 identity */ ) ), "hostname" ( /* Use a fully-qualified domain name */ c( arg /* The remote hostname */ ) ), "user-at-hostname" ( /* Use an e-mail address */ c( arg /* The remote user-FQDN */ ) ), "distinguished-name" ( /* Use a distinguished name: */ c( "container" arg /* Specify the container string */, "wildcard" arg /* Specify the wildcard string */ ) ), "key-id" ( /* Key ID identification values in string */ c( arg ) ) ) ) ).as(:oneline), "external-interface" ( /* External interface for IKE negotiations */ interface_unit /* External interface for IKE negotiations */ ), "local-address" ( /* Local IP address for IKE negotiations */ ipaddr /* Local IP address for IKE negotiations */ ), "aaa" ( /* Use extended authentication */ c( "access-profile" arg /* Access profile that contains authentication information */, "client" ( /* AAA client info for authentication */ sc( "username" arg /* AAA client username with 1 to 128 characters */, "password" arg /* AAA client password with 1 to 128 characters */ ) ).as(:oneline) ) ), "xauth" ( /* Use extended authentication */ c( "access-profile" arg /* Access profile that contains authentication information */, "client" ( /* Xauth client info for authentication */ sc( "username" arg /* XAuth client username with 1 to 128 characters */, "password" arg /* XAuth client password with 1 to 128 characters */ ) ).as(:oneline) ) ), "general-ikeid" /* Accept peer IKE-ID in general */, "advpn" ( /* Enable Auto Discovery VPN */ advpn_suggester_partner /* Enable Auto Discovery VPN */ ), "version" ( /* Negotiate using either IKE v1 or IKE v2 protocol */ ("v1-only" | "v2-only") ), "fragmentation" ( /* IKEv2 fragmentation configuration */ c( "disable" /* Disable IKEv2 fragmentation */, "size" arg /* Default 576 bytes for ipv4 and 1280 bytes for ipv6 */ ) ), "tcp-encap-profile" arg /* Ike over tcp profile name */ ) ) ) end rule(:security_ipsec_vpn) do c( "internal" ( /* Define an IPSec SA for internal RE-RE communication */ c( "security-association" ( /* Define an IPsec security association */ ipsec_internal_sa /* Define an IPsec security association */ ) ) ), "traceoptions" ( /* Trace options for IPSec data-plane debug */ ipsec_traceoptions /* Trace options for IPSec data-plane debug */ ), "vpn-monitor-options" ( /* Global options for VPN liveliness monitoring */ ipsec_vpn_monitor /* Global options for VPN liveliness monitoring */ ), "proposal" ( /* Define an IPSec proposal */ ipsec_proposal /* Define an IPSec proposal */ ), "policy" ( /* Define an IPSec policy */ ipsec_policy /* Define an IPSec policy */ ), "vpn" ( /* Define an IPSec VPN */ ipsec_vpn_template /* Define an IPSec VPN */ ), "security-association" ( /* Define an IPSec security association */ ipsec_sa /* Define an IPSec security association */ ), "internal" ( /* Define an IPSec SA for internal RE-RE communication */ c( "security-association" ( /* Define an IPSec security association */ ipsec_internal_sa /* Define an IPSec security association */ ) ) ), "trusted-channel" ( /* Define an IPSec SA for trusted-channel communication */ c( "security-association" ( /* Define an IPSec security association */ ipsec_trusted_channel_sa /* Define an IPSec security association */ ), "port-exclusion-list" arg /* Define port exlusion list */ ) ) ) end rule(:advpn_suggester_partner) do c( "suggester" ( /* Configure Shortcut Suggester parameters */ c( "disable" /* Disable Suggester capability */ ) ), "partner" ( /* Configure Shortcut Partner parameters */ c( "connection-limit" arg /* Maximum number of shortcut connections (default: varies per platform) */, "idle-time" arg /* The duration (in sec) after which shortcut is torn down (default: 300 sec) */, "idle-threshold" arg /* The packet rate below which shortcut is torn down (default: 5 packets/sec) */, "disable" /* Disable Partner capability */ ) ) ) end rule(:gvpn_server) do c( "traceoptions" ( /* Trace options for Group VPN debug */ gvpn_server_traceoptions /* Trace options for Group VPN debug */ ), "ike" ( /* Group VPN IKE configuration */ gvpn_server_ike /* Group VPN IKE configuration */ ), "ipsec" ( /* Group VPN IPsec configuration */ gvpn_server_ipsec_vpn /* Group VPN IPsec configuration */ ), "group" ( /* Define a Group VPN group */ gvpn_server_group_template /* Define a Group VPN group */ ) ) end rule(:gvpn_server_cluster) do c( "server-role" ( /* Primary or backup server */ ("root-server" | "sub-server") ), "ike-gateway" ( /* Name of the IKE gateway */ gvpn_server_ike_gateway_sc /* Name of the IKE gateway */ ), "retransmission-period" arg /* Configure retransmission period in seconds Default :10 */ ) end rule(:gvpn_server_group_ipsecsa) do arg.as(:arg) ( c( "proposal" arg /* Name of the IPsec proposal */, "match-policy" ( /* Configure a Group VPN group SA */ gvpn_server_group_ipsecsa_match /* Configure a Group VPN group SA */ ) ) ) end rule(:gvpn_server_group_ipsecsa_match) do arg.as(:arg) ( c( "source" ( /* Specify the source IP address to be matched (0.0.0.0/0 for any) */ ipv4prefix_mandatory /* Specify the source IP address to be matched (0.0.0.0/0 for any) */ ), "destination" ( /* Specify the destination IP address to be matched (0.0.0.0/0 for any) */ ipv4prefix_mandatory /* Specify the destination IP address to be matched (0.0.0.0/0 for any) */ ), "source-port" arg /* Specify the source port to be matched (0 for any) */, "destination-port" arg /* Specify the destination port to be matched (0 for any) */, "protocol" arg /* Specify the protocol number to be matched (0 for any) */ ) ) end rule(:gvpn_server_group_template) do arg.as(:arg) ( c( "description" arg /* Text description of Group VPN group */, "group-id" arg /* Enable Group VPN by defining group id */, "member-threshold" arg /* Maximum number of members in this group */, "server-cluster" ( /* Enable server cluster for this group */ gvpn_server_cluster /* Enable server cluster for this group */ ), "ike-gateway" ( /* Name of the IKE gateway */ gvpn_server_ike_gateway /* Name of the IKE gateway */ ), "activation-time-delay" arg /* Configure delay in seconds for Group VPN key activation */, "anti-replay-time-window" arg /* Configure Anti Replay time in milliseconds */, "server-member-communication" ( /* Configure Server to Member communication parameters */ gvpn_server_member_communication /* Configure Server to Member communication parameters */ ), "ipsec-sa" ( /* Define a Group VPN group SA */ gvpn_server_group_ipsecsa /* Define a Group VPN group SA */ ) ) ) end rule(:gvpn_server_ike) do c( "proposal" ( /* Define an IKE proposal */ gvpn_server_ike_proposal /* Define an IKE proposal */ ), "policy" ( /* Define an IKE policy */ gvpn_ike_policy /* Define an IKE policy */ ), "gateway" arg ( /* Define an IKE gateway */ c( "ike-policy" arg /* Name of the IKE policy */, c( "address" arg /* IP address of peer */, "dynamic" ( /* Site to site peer with dynamic IP address */ c( c( "hostname" arg /* Use a fully-qualified domain name */, "inet" ( /* Use an IPV4 address to identify the dynamic peer */ ipv4addr /* Use an IPV4 address to identify the dynamic peer */ ), "user-at-hostname" arg /* Use an e-mail address */ ) ) ) ), "dead-peer-detection" ( /* Enable Dead Peer Detection between group-server-cluster servers */ c( c( "always-send" /* Send probes periodically regardless of incoming and outgoing data traffic */ ), "interval" arg /* The time between DPD probe messages Default :10 */, "threshold" arg /* Maximum number of DPD retransmissions Default :5 */ ) ), "local-identity" ( /* Set the local IKE identity */ sc( c( "inet" ( /* Use an IPv4 address */ c( ipv4addr /* The local IPv4 identity */ ) ), "hostname" ( /* Use a fully-qualified domain name */ c( arg /* The local hostname */ ) ), "user-at-hostname" ( /* Use an e-mail address */ c( arg /* The local user-FQDN */ ) ) ) ) ).as(:oneline), "remote-identity" ( /* Set the remote IKE identity */ sc( c( "inet" ( /* Use an IPv4 address */ c( ipv4addr /* The remote IPv4 identity */ ) ), "hostname" ( /* Use a fully-qualified domain name */ c( arg /* The remote hostname */ ) ), "user-at-hostname" ( /* Use an e-mail address */ c( arg /* The remote user-FQDN */ ) ) ) ) ).as(:oneline), "local-address" ( /* Local IP address for IKE negotiations */ ipaddr /* Local IP address for IKE negotiations */ ), "routing-instance" arg /* Name of routing instance that hosts local address */ ) ) ) end rule(:gvpn_server_ike_gateway) do arg.as(:arg) end rule(:gvpn_server_ike_gateway_sc) do arg.as(:arg) end rule(:gvpn_server_ike_proposal) do arg.as(:arg) ( c( "description" arg /* Text description of IKE proposal */, "authentication-method" ( /* Define authentication method */ ("pre-shared-keys") ), "authentication-algorithm" ( /* Define authentication algorithm */ ("sha-256" | "sha-384") ), "dh-group" ( /* Define Diffie-Hellman group */ ("group14" | "group24") ), "encryption-algorithm" ( /* Define encryption algorithm */ ("aes-128-cbc" | "aes-192-cbc" | "aes-256-cbc") ) ) ) end rule(:gvpn_server_ipsec_vpn) do c( "proposal" ( /* Define an IPSec proposal */ gvpn_server_ipsec_proposal /* Define an IPSec proposal */ ) ) end rule(:gvpn_server_member_communication) do c( "communication-type" ( /* Define type of server member communication */ ("unicast") ), "lifetime-seconds" arg /* Configure lifetime in seconds */, "retransmission-period" arg /* Configure retransmission period in seconds */, "number-of-retransmission" arg /* Configure maximum number of retransmission attempts */, "heartbeat" arg /* Configure heartbeat period in seconds */, "encryption-algorithm" ( /* Define encryption algorithm */ ("aes-128-cbc" | "aes-192-cbc" | "aes-256-cbc") ), "sig-hash-algorithm" ( /* Define sig-hash algorithm */ ("sha-256" | "sha-384") ), "certificate" arg /* Certificate identifier */ ) end rule(:gvpn_server_traceoptions) do c( "no-remote-trace" /* Disable remote tracing */, "file" ( /* Trace file information */ sc( arg, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */, "match" ( /* Regular expression for lines to be logged */ regular_expression /* Regular expression for lines to be logged */ ) ) ).as(:oneline), "level" ( /* Level of debugging output */ ("error" | "warning" | "notice" | "info" | "verbose" | "all") ), "flag" enum(("timer" | "routing-socket" | "parse" | "config" | "ike" | "policy-manager" | "general" | "database" | "certificates" | "snmp" | "thread" | "high-availability" | "next-hop-tunnels" | "all")) /* Tracing parameters for GKSD */.as(:oneline), "gateway-filter" ( /* Set gateway filter for trace */ c( "local-address" ( /* Use an IPV4 address to identify the local gateway */ ipv4addr /* Use an IPV4 address to identify the local gateway */ ), "remote-address" ( /* Use an IPV4 address to identify the remote gateway */ ipv4addr /* Use an IPV4 address to identify the remote gateway */ ) ) ) ) end rule(:ipsec_gvpn_exclude_rule_object) do c( "rule" ( /* Define exlude rules upto 10 */ ipsec_gvpn_rule_address_object /* Define exlude rules upto 10 */ ) ) end rule(:security_association_manual) do c( "direction" enum(("bidirectional")) ( /* Define the direction of the security association */ c( "protocol" ( /* Define an IPSec protocol for the security association */ ("ah" | "esp") ), "spi" arg /* Define security parameter index */, "authentication" ( /* Define authentication parameters */ c( "algorithm" ( /* Define authentication algorithm */ ("hmac-md5-96" | "hmac-sha1-96") ), "key" ( /* Define an authentication key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline) ) ), "encryption" ( /* Define encryption parameters */ c( "algorithm" ( /* Define encryption algorithm */ ("des-cbc" | "3des-cbc") ), "key" ( /* Define an encryption key */ sc( c( "ascii-text" arg /* Format as text */, "hexadecimal" arg /* Format as hexadecimal */ ) ) ).as(:oneline) ) ) ) ) ) end rule(:trace_file_type) do c( arg, "replace" /* Replace trace file rather than appending to it */, "size" arg /* Maximum trace file size */, "files" arg /* Maximum number of trace files */, "no-stamp" /* Do not timestamp trace file */, "world-readable" /* Allow any user to read the log file */, "no-world-readable" /* Don't allow any user to read the log file */ ).as(:oneline) end # End of vSRX 18.3R1.9