<?xml version="1.0"?>
<interfaceDefinition>
  <node name="high-availability" owner="${vyos_conf_scripts_dir}/high-availability.py">
    <properties>
      <priority>800</priority> <!-- after all interfaces and conntrack-sync -->
      <help>High availability settings</help>
    </properties>
    <children>
      #include <include/generic-disable-node.xml.i>
      <node name="vrrp">
        <properties>
          <help>Virtual Router Redundancy Protocol settings</help>
        </properties>
        <children>
          <leafNode name="snmp">
            <properties>
              <valueless/>
              <help>Enable SNMP</help>
            </properties>
          </leafNode>
          <node name="global-parameters">
            <properties>
              <help>VRRP global parameters</help>
            </properties>
            <children>
              #include <include/vrrp/garp.xml.i>
              <leafNode name="startup-delay">
                <properties>
                  <help>Time VRRP startup process (in seconds)</help>
                  <valueHelp>
                    <format>u32:1-600</format>
                    <description>Interval in seconds</description>
                  </valueHelp>
                  <constraint>
                    <validator name="numeric" argument="--range 1-600"/>
                  </constraint>
                </properties>
              </leafNode>
              <leafNode name="version">
                <properties>
                  <help>Default VRRP version to use, IPv6 always uses VRRP version 3</help>
                  <valueHelp>
                    <format>2</format>
                    <description>VRRP version 2</description>
                  </valueHelp>
                  <valueHelp>
                    <format>3</format>
                    <description>VRRP version 3</description>
                  </valueHelp>
                  <constraint>
                    <validator name="numeric" argument="--range 2-3"/>
                  </constraint>
                </properties>
              </leafNode>
            </children>
          </node>
          <tagNode name="group">
            <properties>
              <help>VRRP group</help>
            </properties>
            <children>
              #include <include/generic-interface-broadcast.xml.i>
              #include <include/vrrp/garp.xml.i>
              <leafNode name="advertise-interval">
                <properties>
                  <help>Advertise interval</help>
                  <valueHelp>
                    <format>u32:1-255</format>
                    <description>Advertise interval in seconds</description>
                  </valueHelp>
                  <constraint>
                    <validator name="numeric" argument="--range 1-255"/>
                  </constraint>
                </properties>
                <defaultValue>1</defaultValue>
              </leafNode>
              <node name="authentication">
                <properties>
                  <help>VRRP authentication</help>
                </properties>
                <children>
                  <leafNode name="password">
                    <properties>
                      <help>VRRP password</help>
                      <valueHelp>
                        <format>txt</format>
                        <description>Password string (up to 8 characters)</description>
                      </valueHelp>
                      <constraint>
                        <regex>.{1,8}</regex>
                      </constraint>
                      <constraintErrorMessage>Password must not be longer than 8 characters</constraintErrorMessage>
                    </properties>
                  </leafNode>
                  <leafNode name="type">
                    <properties>
                      <help>Authentication type</help>
                      <completionHelp>
                        <list>plaintext-password ah</list>
                      </completionHelp>
                      <valueHelp>
                        <format>plaintext-password</format>
                        <description>Simple password string</description>
                      </valueHelp>
                      <valueHelp>
                        <format>ah</format>
                        <description>AH - IPSEC (not recommended)</description>
                      </valueHelp>
                      <constraint>
                        <regex>(plaintext-password|ah)</regex>
                      </constraint>
                      <constraintErrorMessage>Authentication type must be plaintext-password or ah</constraintErrorMessage>
                    </properties>
                  </leafNode>
                </children>
              </node>
              #include <include/generic-description.xml.i>
              #include <include/generic-disable-node.xml.i>
              <node name="health-check">
                <properties>
                  <help>Health check</help>
                </properties>
                <children>
                  <leafNode name="failure-count">
                    <properties>
                      <help>Health check failure count required for transition to fault</help>
                      <constraint>
                        <validator name="numeric" argument="--positive" />
                      </constraint>
                    </properties>
                    <defaultValue>3</defaultValue>
                  </leafNode>
                  <leafNode name="interval">
                    <properties>
                      <help>Health check execution interval in seconds</help>
                      <constraint>
                        <validator name="numeric" argument="--positive"/>
                      </constraint>
                    </properties>
                    <defaultValue>60</defaultValue>
                  </leafNode>
                  <leafNode name="ping">
                    <properties>
                      <help>ICMP ping health check</help>
                      <valueHelp>
                        <format>ipv4</format>
                        <description>IPv4 ping target address</description>
                      </valueHelp>
                      <valueHelp>
                        <format>ipv6</format>
                        <description>IPv6 ping target address</description>
                      </valueHelp>
                      <constraint>
                        <validator name="ip-address"/>
                      </constraint>
                    </properties>
                  </leafNode>
                  <leafNode name="script">
                    <properties>
                      <help>Health check script file</help>
                      <constraint>
                        <validator name="script"/>
                      </constraint>
                    </properties>
                  </leafNode>
                </children>
              </node>
              <leafNode name="hello-source-address">
                <properties>
                  <help>VRRP hello source address</help>
                  <valueHelp>
                    <format>ipv4</format>
                    <description>IPv4 hello source address</description>
                  </valueHelp>
                  <valueHelp>
                    <format>ipv6</format>
                    <description>IPv6 hello source address</description>
                  </valueHelp>
                  <constraint>
                    <validator name="ip-address"/>
                  </constraint>
                </properties>
              </leafNode>
              <leafNode name="peer-address">
                <properties>
                  <help>Unicast VRRP peer address</help>
                  <valueHelp>
                    <format>ipv4</format>
                    <description>IPv4 unicast peer address</description>
                  </valueHelp>
                  <valueHelp>
                    <format>ipv6</format>
                    <description>IPv6 unicast peer address</description>
                  </valueHelp>
                  <constraint>
                    <validator name="ip-address"/>
                  </constraint>
                  <multi/>
                </properties>
              </leafNode>
              <leafNode name="no-preempt">
                <properties>
                  <valueless/>
                  <help>Disable master preemption</help>
                </properties>
              </leafNode>
              <leafNode name="preempt-delay">
                <properties>
                  <help>Preempt delay (in seconds)</help>
                  <valueHelp>
                    <format>u32:0-1000</format>
                    <description>preempt delay</description>
                  </valueHelp>
                  <constraint>
                    <validator name="numeric" argument="--range 0-1000"/>
                  </constraint>
                </properties>
                <defaultValue>0</defaultValue>
              </leafNode>
              <leafNode name="priority">
                <properties>
                  <help>Router priority</help>
                  <valueHelp>
                    <format>u32:1-255</format>
                    <description>Router priority</description>
                  </valueHelp>
                  <constraint>
                    <validator name="numeric" argument="--range 1-255"/>
                  </constraint>
                </properties>
                <defaultValue>100</defaultValue>
              </leafNode>
              <leafNode name="rfc3768-compatibility">
                <properties>
                  <help>Use VRRP virtual MAC address as per RFC3768</help>
                  <valueless/>
                </properties>
              </leafNode>
              <node name="track">
                <properties>
                  <help>Track settings</help>
                </properties>
                <children>
                  <leafNode name="exclude-vrrp-interface">
                    <properties>
                      <valueless/>
                      <help>Disable track state of main interface</help>
                    </properties>
                  </leafNode>
                  <leafNode name="interface">
                    <properties>
                      <help>Interface name state check</help>
                      <completionHelp>
                        <script>${vyos_completion_dir}/list_interfaces --broadcast</script>
                      </completionHelp>
                      <valueHelp>
                        <format>txt</format>
                        <description>Interface name</description>
                      </valueHelp>
                      <constraint>
                        #include <include/constraint/interface-name.xml.i>
                      </constraint>
                      <multi/>
                    </properties>
                  </leafNode>
                </children>
              </node>
              #include <include/vrrp-transition-script.xml.i>
              <tagNode name="address">
                <properties>
                  <help>Virtual IP address</help>
                  <valueHelp>
                    <format>ipv4net</format>
                    <description>IPv4 address and prefix length</description>
                  </valueHelp>
                  <valueHelp>
                    <format>ipv6net</format>
                    <description>IPv6 address and prefix length</description>
                  </valueHelp>
                  <valueHelp>
                    <format>ipv4</format>
                    <description>IPv4 address</description>
                  </valueHelp>
                  <valueHelp>
                    <format>ipv6</format>
                    <description>IPv6 address</description>
                  </valueHelp>
                  <constraint>
                    <validator name="ip-host"/>
                    <validator name="ip-address"/>
                  </constraint>
                </properties>
                <children>
                  #include <include/generic-interface-broadcast.xml.i>
                </children>
              </tagNode>
              <tagNode name="excluded-address">
                <properties>
                  <help>Virtual address (If you need additional IPv4 and IPv6 in same group)</help>
                  <valueHelp>
                    <format>ipv4net</format>
                    <description>IPv4 address and prefix length</description>
                  </valueHelp>
                  <valueHelp>
                    <format>ipv6net</format>
                    <description>IPv6 address and prefix length</description>
                  </valueHelp>
                  <valueHelp>
                    <format>ipv4</format>
                    <description>IPv4 address</description>
                  </valueHelp>
                  <valueHelp>
                    <format>ipv6</format>
                    <description>IPv6 address</description>
                  </valueHelp>
                  <constraint>
                    <validator name="ip-host"/>
                    <validator name="ip-address"/>
                  </constraint>
                </properties>
                <children>
                  #include <include/generic-interface-broadcast.xml.i>
                </children>
              </tagNode>
              <leafNode name="vrid">
                <properties>
                  <help>Virtual router identifier</help>
                  <valueHelp>
                    <format>u32:1-255</format>
                    <description>Virtual router identifier</description>
                  </valueHelp>
                  <constraint>
                    <validator name="numeric" argument="--range 1-255"/>
                  </constraint>
                </properties>
              </leafNode>
            </children>
          </tagNode>
          <tagNode name="sync-group">
            <properties>
              <help>VRRP sync group</help>
            </properties>
            <children>
              <leafNode name="member">
                <properties>
                  <multi/>
                  <help>Sync group member</help>
                  <valueHelp>
                    <format>txt</format>
                    <description>VRRP group name</description>
                  </valueHelp>
                  <completionHelp>
                    <path>high-availability vrrp group</path>
                  </completionHelp>
                </properties>
              </leafNode>
              <node name="health-check">
                <properties>
                  <help>Health check</help>
                </properties>
                <children>
                  <leafNode name="failure-count">
                    <properties>
                      <help>Health check failure count required for transition to fault</help>
                      <constraint>
                        <validator name="numeric" argument="--positive" />
                      </constraint>
                    </properties>
                    <defaultValue>3</defaultValue>
                  </leafNode>
                  <leafNode name="interval">
                    <properties>
                      <help>Health check execution interval in seconds</help>
                      <constraint>
                        <validator name="numeric" argument="--positive"/>
                      </constraint>
                    </properties>
                    <defaultValue>60</defaultValue>
                  </leafNode>
                  <leafNode name="ping">
                    <properties>
                      <help>ICMP ping health check</help>
                      <valueHelp>
                        <format>ipv4</format>
                        <description>IPv4 ping target address</description>
                      </valueHelp>
                      <valueHelp>
                        <format>ipv6</format>
                        <description>IPv6 ping target address</description>
                      </valueHelp>
                      <constraint>
                        <validator name="ip-address"/>
                      </constraint>
                    </properties>
                  </leafNode>
                  <leafNode name="script">
                    <properties>
                      <help>Health check script file</help>
                      <constraint>
                        <validator name="script"/>
                      </constraint>
                    </properties>
                  </leafNode>
                </children>
              </node>
              #include <include/vrrp-transition-script.xml.i>
            </children>
          </tagNode>
        </children>
      </node>
      <tagNode name="virtual-server">
        <properties>
          <help>Load-balancing virtual server alias</help>
        </properties>
        <children>
          #include <include/address-ipv4-ipv6-single.xml.i>
          <leafNode name="algorithm">
            <properties>
              <help>Schedule algorithm (default - least-connection)</help>
              <completionHelp>
                <list>round-robin weighted-round-robin least-connection weighted-least-connection source-hashing destination-hashing locality-based-least-connection</list>
              </completionHelp>
              <valueHelp>
                <format>round-robin</format>
                <description>Round robin</description>
              </valueHelp>
              <valueHelp>
                <format>weighted-round-robin</format>
                <description>Weighted round robin</description>
              </valueHelp>
              <valueHelp>
                <format>least-connection</format>
                <description>Least connection</description>
              </valueHelp>
              <valueHelp>
                <format>weighted-least-connection</format>
                <description>Weighted least connection</description>
              </valueHelp>
              <valueHelp>
                <format>source-hashing</format>
                <description>Source hashing</description>
              </valueHelp>
              <valueHelp>
                <format>destination-hashing</format>
                <description>Destination hashing</description>
              </valueHelp>
              <valueHelp>
                <format>locality-based-least-connection</format>
                <description>Locality-Based least connection</description>
              </valueHelp>
              <constraint>
                <regex>(round-robin|weighted-round-robin|least-connection|weighted-least-connection|source-hashing|destination-hashing|locality-based-least-connection)</regex>
              </constraint>
            </properties>
            <defaultValue>least-connection</defaultValue>
          </leafNode>
          <leafNode name="delay-loop">
            <properties>
              <help>Interval between health-checks (in seconds)</help>
              <valueHelp>
                <format>u32:1-600</format>
                <description>Interval in seconds</description>
              </valueHelp>
              <constraint>
                <validator name="numeric" argument="--range 1-3600"/>
              </constraint>
            </properties>
            <defaultValue>10</defaultValue>
          </leafNode>
          <leafNode name="forward-method">
            <properties>
              <help>Forwarding method</help>
              <completionHelp>
                <list>direct nat tunnel</list>
              </completionHelp>
              <valueHelp>
                <format>direct</format>
                <description>Direct routing</description>
              </valueHelp>
              <valueHelp>
                <format>nat</format>
                <description>NAT</description>
              </valueHelp>
              <valueHelp>
                <format>tunnel</format>
                <description>Tunneling</description>
              </valueHelp>
              <constraint>
                <regex>(direct|nat|tunnel)</regex>
              </constraint>
            </properties>
            <defaultValue>nat</defaultValue>
          </leafNode>
          #include <include/firewall/fwmark.xml.i>
          #include <include/port-number-start-zero.xml.i>
          <leafNode name="persistence-timeout">
            <properties>
              <help>Timeout for persistent connections</help>
              <valueHelp>
                <format>u32:1-86400</format>
                <description>Timeout for persistent connections</description>
              </valueHelp>
              <constraint>
                <validator name="numeric" argument="--range 1-86400"/>
              </constraint>
            </properties>
            <defaultValue>300</defaultValue>
          </leafNode>
          <leafNode name="protocol">
            <properties>
              <help>Protocol for port checks</help>
              <completionHelp>
                <list>tcp udp</list>
              </completionHelp>
              <valueHelp>
                <format>tcp</format>
                <description>TCP</description>
              </valueHelp>
              <valueHelp>
                <format>udp</format>
                <description>UDP</description>
              </valueHelp>
              <constraint>
                <regex>(tcp|udp)</regex>
              </constraint>
            </properties>
            <defaultValue>tcp</defaultValue>
          </leafNode>
          <tagNode name="real-server">
            <properties>
              <help>Real server address</help>
            </properties>
            <children>
              #include <include/port-number-start-zero.xml.i>
              <leafNode name="connection-timeout">
                <properties>
                  <help>Server connection timeout</help>
                  <valueHelp>
                    <format>u32:1-86400</format>
                    <description>Connection timeout to remote server</description>
                  </valueHelp>
                  <constraint>
                    <validator name="numeric" argument="--range 1-86400"/>
                  </constraint>
                </properties>
              </leafNode>
              <node name="health-check">
                <properties>
                  <help>Health check script</help>
                </properties>
                <children>
                  <leafNode name="script">
                    <properties>
                      <help>Health check script file</help>
                      <constraint>
                        <validator name="script"/>
                      </constraint>
                    </properties>
                  </leafNode>
                </children>
              </node>
            </children>
          </tagNode>
        </children>
      </tagNode>
    </children>
  </node>
</interfaceDefinition>