tking/kedge
SHA256
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
kedge/yang/models/sovereign-sdwan.yang
Tyler King 6058e62348 Initial commit: Kedge network automation platform 
Go-based network automation with YANG models, gRPC, Ansible,
Terraform, and Kubernetes integration.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 12:09:30 -05:00

184 lines
5.5 KiB
YANG
Raw Blame History

module sovereign-sdwan {
namespace "urn:sovereign:sdwan";
prefix ssdwan;
import ietf-inet-types {
prefix inet;
}
organization "Guildhouse Sovereign Infrastructure";
description
"Custom YANG module for sovereign SD-WAN site configuration.
Extends OpenConfig concepts with dual-mode (overlay/underlay)
site management, zone-based security policy, and WAN circuit
SLA definitions.";
revision 2024-01-01 {
description "Initial revision for Phase 1 homelab topology.";
}
container site {
description "Top-level site configuration.";
leaf site-id {
type string;
description "Unique site identifier.";
}
leaf sovereignty-domain {
type string;
description "Guildhouse sovereignty domain this site belongs to.";
}
container oob-mesh {
description "Overlay mode configuration — Kedge WireGuard mesh.";
leaf wireguard-pubkey {
type string;
description "This site's WireGuard public key.";
}
list cloud-anchors {
key "anchor-id";
description "Cloud anchor endpoints for overlay connectivity.";
leaf anchor-id {
type string;
description "Unique identifier for this cloud anchor.";
}
leaf endpoint {
type inet:host;
description "Cloud anchor WireGuard endpoint (host:port).";
}
leaf priority {
type uint8;
description "Priority for anchor selection (lower = preferred).";
}
}
}
}
container zone-policy {
description
"Underlay mode configuration — physical device zone-based
security policy programming.";
list zone {
key "name";
description "A network zone managed by this site.";
leaf name {
type string;
description "Zone name (e.g., transit, tyler-lab, dmz).";
}
leaf subnet {
type inet:ipv4-prefix;
description "IPv4 subnet for this zone.";
}
leaf vlan-id {
type uint16 {
range "1..4094";
}
description "VLAN ID associated with this zone.";
}
leaf owner-device {
type string;
description
"Device responsible for this zone's gateway
(e.g., fortigate.transit.local).";
}
list policy {
key "dst-zone";
description "Inter-zone policy rules.";
leaf dst-zone {
type string;
description "Destination zone name.";
}
leaf action {
type enumeration {
enum allow-stateful {
description "Allow stateful traffic.";
}
enum allow-restricted {
description "Allow restricted set of services.";
}
enum deny {
description "Deny all traffic.";
}
}
description "Policy action for traffic to the destination zone.";
}
leaf-list services {
type string;
description
"Allowed services when action is allow-restricted
(e.g., ssh, https, dns).";
}
}
}
}
container wan-circuits {
description "WAN circuit definitions for SD-WAN path selection.";
list circuit {
key "name";
description "A WAN circuit available at this site.";
leaf name {
type string;
description "Circuit name (e.g., fios-primary, lte-backup).";
}
leaf type {
type enumeration {
enum primary {
description "Primary WAN circuit.";
}
enum secondary {
description "Secondary/backup WAN circuit.";
}
enum oob {
description "Out-of-band management circuit.";
}
}
description "Circuit role in the WAN topology.";
}
leaf interface-name {
type string;
description "Network interface name for this circuit.";
}
container sla {
description "SLA targets for path selection.";
leaf latency-target-ms {
type uint32;
description "Maximum acceptable latency in milliseconds.";
}
leaf jitter-target-ms {
type uint32;
description "Maximum acceptable jitter in milliseconds.";
}
leaf loss-target-pct {
type decimal64 {
fraction-digits 2;
}
description "Maximum acceptable packet loss percentage.";
}
}
}
}
}
Reference in a new issue View git blame Copy permalink