78 files changed, 1305 insertions, 500 deletions

diff --git a/interface-definitions/container.xml.in b/interface-definitions/container.xml.in
index 04318a7c9..434bf7528 100644
--- a/interface-definitions/container.xml.in
+++ b/interface-definitions/container.xml.in
@@ -31,7 +31,7 @@
             <properties>
               <help>Grant individual Linux capability to container instance</help>
               <completionHelp>
-                <list>net-admin net-bind-service net-raw setpcap sys-admin sys-module sys-nice sys-time</list>
+                <list>net-admin net-bind-service net-raw mknod setpcap sys-admin sys-module sys-nice sys-time</list>
               </completionHelp>
               <valueHelp>
                 <format>net-admin</format>
@@ -46,6 +46,10 @@
                 <description>Permission to create raw network sockets</description>
               </valueHelp>
               <valueHelp>
+                <format>mknod</format>
+                <description>Permission to create special files</description>
+              </valueHelp>
+              <valueHelp>
                 <format>setpcap</format>
                 <description>Capability sets (from bounded or inherited set)</description>
               </valueHelp>
@@ -66,11 +70,17 @@
                 <description>Permission to set system clock</description>
               </valueHelp>
               <constraint>
-                <regex>(net-admin|net-bind-service|net-raw|setpcap|sys-admin|sys-module|sys-nice|sys-time)</regex>
+                <regex>(net-admin|net-bind-service|net-raw|mknod|setpcap|sys-admin|sys-module|sys-nice|sys-time)</regex>
               </constraint>
               <multi/>
             </properties>
           </leafNode>
+          <leafNode name="privileged">
+             <properties>
+               <help>Grant root capabilities to the container</help>
+               <valueless/>
+             </properties>
+           </leafNode>
           <node name="sysctl">
             <properties>
               <help>Configure namespaced kernel parameters of the container</help>
@@ -412,6 +422,35 @@
               </constraint>
             </properties>
           </leafNode>
+          <tagNode name="tmpfs">
+            <properties>
+              <help>Mount a tmpfs filesystem into the container</help>
+            </properties>
+            <children>
+              <leafNode name="destination">
+                <properties>
+                  <help>Destination container directory</help>
+                  <valueHelp>
+                    <format>txt</format>
+                    <description>Destination container directory</description>
+                  </valueHelp>
+                </properties>
+              </leafNode>
+              <leafNode name="size">
+                <properties>
+                  <help>tmpfs filesystem size in MB</help>
+                  <valueHelp>
+                    <format>u32:1-65536</format>
+                    <description>tmpfs filesystem size in MB</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 1-65535"/>
+                  </constraint>
+                  <constraintErrorMessage>Container tmpfs size must be between 1 and 65535 MB</constraintErrorMessage>
+                </properties>
+              </leafNode>
+            </children>
+          </tagNode>
           <tagNode name="volume">
             <properties>
               <help>Mount a volume into the container</help>
@@ -538,8 +577,75 @@
         <children>
           #include <include/interface/authentication.xml.i>
           #include <include/generic-disable-node.xml.i>
+          <leafNode name="insecure">
+            <properties>
+              <help>Allow registry access over unencrypted HTTP or TLS connections with untrusted certificates</help>
+              <valueless/>
+            </properties>
+          </leafNode>
+          <node name="mirror">
+            <properties>
+              <help>Registry mirror, use host-name|address[:port][/path]</help>
+            </properties>
+            <children>
+              <leafNode name="address">
+                <properties>
+                  <help>IP address of container registry mirror</help>
+                  <valueHelp>
+                    <format>ipv4</format>
+                    <description>IPv4 address of container registry mirror</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>ipv6</format>
+                    <description>IPv6 address of container registry mirror</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="ip-address"/>
+                    <validator name="ipv6-link-local"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="host-name">
+                <properties>
+                  <help>Hostname of container registry mirror</help>
+                  <valueHelp>
+                    <format>hostname</format>
+                    <description>FQDN of container registry mirror</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="fqdn"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+              #include <include/port-number.xml.i>
+              <leafNode name="path">
+                <properties>
+                  <help>Path of container registry mirror, optional, must be start with '/' if not empty</help>
+                </properties>
+              </leafNode>
+            </children>
+          </node>
         </children>
       </tagNode>
+      <leafNode name="log-driver">
+        <properties>
+          <help>Configure container log driver</help>
+          <completionHelp>
+            <list>k8s-file journald</list>
+          </completionHelp>
+          <valueHelp>
+            <format>k8s-file</format>
+            <description>Logs to plain-text json file</description>
+          </valueHelp>
+          <valueHelp>
+            <format>journald</format>
+            <description>Logs to systemd's journal</description>
+          </valueHelp>
+          <constraint>
+            <regex>(k8s-file|journald)</regex>
+          </constraint>
+        </properties>
+      </leafNode>
     </children>
   </node>
 </interfaceDefinition>
diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in
index e4fe9a508..7538c3cc5 100644
--- a/interface-definitions/firewall.xml.in
+++ b/interface-definitions/firewall.xml.in
@@ -138,6 +138,19 @@
               </tagNode>
             </children>
           </node>
+          <tagNode name="remote-group">
+            <properties>
+              <help>Firewall remote-group</help>
+              <constraint>
+                #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
+              </constraint>
+              <constraintErrorMessage>Name of firewall group can only contain alphanumeric letters, hyphen, underscores and dot</constraintErrorMessage>
+            </properties>
+            <children>
+              #include <include/url-http-https.xml.i>
+              #include <include/generic-description.xml.i>
+            </children>
+          </tagNode>
           <tagNode name="interface-group">
             <properties>
               <help>Firewall interface-group</help>
diff --git a/interface-definitions/include/babel/redistribute-common.xml.i b/interface-definitions/include/babel/redistribute-common.xml.i
index 93efe68dd..e988cc0d0 100644
--- a/interface-definitions/include/babel/redistribute-common.xml.i
+++ b/interface-definitions/include/babel/redistribute-common.xml.i
@@ -23,6 +23,12 @@
       <valueless/>
     </properties>
   </leafNode>
+  <leafNode name="nhrp">
+    <properties>
+      <help>Redistribute NHRP routes</help>
+      <valueless/>
+    </properties>
+  </leafNode>
   <leafNode name="openfabric">
     <properties>
       <help>OpenFabric Routing Protocol</help>
diff --git a/interface-definitions/include/bgp/afi-redistribute-common-protocols.xml.i b/interface-definitions/include/bgp/afi-redistribute-common-protocols.xml.i
new file mode 100644
index 000000000..3f6517d03
--- /dev/null
+++ b/interface-definitions/include/bgp/afi-redistribute-common-protocols.xml.i
@@ -0,0 +1,62 @@
+<!-- include start from bgp/afi-redistribute-common-protocols.xml.i -->
+<node name="babel">
+  <properties>
+    <help>Redistribute Babel routes into BGP</help>
+  </properties>
+  <children>
+    #include <include/bgp/afi-redistribute-metric-route-map.xml.i>
+  </children>
+</node>
+<node name="connected">
+  <properties>
+    <help>Redistribute connected routes into BGP</help>
+  </properties>
+  <children>
+    #include <include/bgp/afi-redistribute-metric-route-map.xml.i>
+  </children>
+</node>
+<node name="isis">
+  <properties>
+    <help>Redistribute IS-IS routes into BGP</help>
+  </properties>
+  <children>
+    #include <include/bgp/afi-redistribute-metric-route-map.xml.i>
+  </children>
+</node>
+<node name="kernel">
+  <properties>
+    <help>Redistribute kernel routes into BGP</help>
+  </properties>
+  <children>
+    #include <include/bgp/afi-redistribute-metric-route-map.xml.i>
+  </children>
+</node>
+<node name="nhrp">
+  <properties>
+    <help>Redistribute NHRP routes into BGP</help>
+  </properties>
+  <children>
+    #include <include/bgp/afi-redistribute-metric-route-map.xml.i>
+  </children>
+</node>
+<node name="static">
+  <properties>
+    <help>Redistribute static routes into BGP</help>
+  </properties>
+  <children>
+    #include <include/bgp/afi-redistribute-metric-route-map.xml.i>
+  </children>
+</node>
+<tagNode name="table">
+  <properties>
+    <help>Redistribute non-main Kernel Routing Table</help>
+    <completionHelp>
+      <path>protocols static table</path>
+    </completionHelp>
+    #include <include/constraint/protocols-static-table.xml.i>
+  </properties>
+  <children>
+    #include <include/bgp/afi-redistribute-metric-route-map.xml.i>
+  </children>
+</tagNode>
+<!-- include end -->
diff --git a/interface-definitions/include/bgp/afi-route-map-export-import.xml.i b/interface-definitions/include/bgp/afi-route-map-export-import.xml.i
deleted file mode 100644
index 388991241..000000000
--- a/interface-definitions/include/bgp/afi-route-map-export-import.xml.i
+++ /dev/null
@@ -1,34 +0,0 @@
-<!-- include start from bgp/afi-route-map.xml.i -->
-<leafNode name="export">
-  <properties>
-    <help>Route-map to filter outgoing route updates</help>
-    <completionHelp>
-      <path>policy route-map</path>
-    </completionHelp>
-    <valueHelp>
-      <format>txt</format>
-      <description>Route map name</description>
-    </valueHelp>
-    <constraint>
-      #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
-    </constraint>
-    <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
-  </properties>
-</leafNode>
-<leafNode name="import">
-  <properties>
-    <help>Route-map to filter incoming route updates</help>
-    <completionHelp>
-      <path>policy route-map</path>
-    </completionHelp>
-    <valueHelp>
-      <format>txt</format>
-      <description>Route map name</description>
-    </valueHelp>
-    <constraint>
-      #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
-    </constraint>
-    <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
-  </properties>
-</leafNode>
-<!-- include end -->
diff --git a/interface-definitions/include/bgp/afi-route-map-export.xml.i b/interface-definitions/include/bgp/afi-route-map-export.xml.i
new file mode 100644
index 000000000..94d77caf2
--- /dev/null
+++ b/interface-definitions/include/bgp/afi-route-map-export.xml.i
@@ -0,0 +1,18 @@
+<!-- include start from bgp/afi-route-map-export.xml.i -->
+<leafNode name="export">
+  <properties>
+    <help>Route-map to filter outgoing route updates</help>
+    <completionHelp>
+      <path>policy route-map</path>
+    </completionHelp>
+    <valueHelp>
+      <format>txt</format>
+      <description>Route map name</description>
+    </valueHelp>
+    <constraint>
+      #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
+    </constraint>
+    <constraintErrorMessage>Route map names can only contain alphanumeric characters, hyphens, and underscores</constraintErrorMessage>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/bgp/afi-route-map-import.xml.i b/interface-definitions/include/bgp/afi-route-map-import.xml.i
new file mode 100644
index 000000000..a1b154fcd
--- /dev/null
+++ b/interface-definitions/include/bgp/afi-route-map-import.xml.i
@@ -0,0 +1,18 @@
+<!-- include start from bgp/afi-route-map-import.xml.i -->
+<leafNode name="import">
+  <properties>
+    <help>Route-map to filter incoming route updates</help>
+    <completionHelp>
+      <path>policy route-map</path>
+    </completionHelp>
+    <valueHelp>
+      <format>txt</format>
+      <description>Route map name</description>
+    </valueHelp>
+    <constraint>
+      #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
+    </constraint>
+    <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/bgp/afi-route-map-vpn.xml.i b/interface-definitions/include/bgp/afi-route-map-vpn.xml.i
index e6be113c5..ac7b55af6 100644
--- a/interface-definitions/include/bgp/afi-route-map-vpn.xml.i
+++ b/interface-definitions/include/bgp/afi-route-map-vpn.xml.i
@@ -9,7 +9,8 @@
         <help>Between current address-family and VPN</help>
       </properties>
       <children>
-        #include <include/bgp/afi-route-map-export-import.xml.i>
+        #include <include/bgp/afi-route-map-export.xml.i>
+        #include <include/bgp/afi-route-map-import.xml.i>
       </children>
     </node>
   </children>
diff --git a/interface-definitions/include/bgp/afi-route-map-vrf.xml.i b/interface-definitions/include/bgp/afi-route-map-vrf.xml.i
new file mode 100644
index 000000000..5c1783bda
--- /dev/null
+++ b/interface-definitions/include/bgp/afi-route-map-vrf.xml.i
@@ -0,0 +1,17 @@
+<!-- include start from bgp/afi-route-map-vrf.xml.i -->
+<node name="route-map">
+  <properties>
+    <help>Route-map to filter route updates to/from this peer</help>
+  </properties>
+  <children>
+    <node name="vrf">
+      <properties>
+        <help>Between current address-family and VRF</help>
+      </properties>
+      <children>
+        #include <include/bgp/afi-route-map-import.xml.i>
+      </children>
+    </node>
+  </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/include/bgp/afi-route-map.xml.i b/interface-definitions/include/bgp/afi-route-map.xml.i
index 0b6178176..f8e1d7033 100644
--- a/interface-definitions/include/bgp/afi-route-map.xml.i
+++ b/interface-definitions/include/bgp/afi-route-map.xml.i
@@ -4,7 +4,8 @@
     <help>Route-map to filter route updates to/from this peer</help>
   </properties>
   <children>
-    #include <include/bgp/afi-route-map-export-import.xml.i>
+    #include <include/bgp/afi-route-map-export.xml.i>
+    #include <include/bgp/afi-route-map-import.xml.i>
   </children>
 </node>
 <!-- include end -->
diff --git a/interface-definitions/include/bgp/protocol-common-config.xml.i b/interface-definitions/include/bgp/protocol-common-config.xml.i
index 4953251c5..31c8cafea 100644
--- a/interface-definitions/include/bgp/protocol-common-config.xml.i
+++ b/interface-definitions/include/bgp/protocol-common-config.xml.i
@@ -119,6 +119,7 @@
         </tagNode>
         #include <include/bgp/afi-rd.xml.i>
         #include <include/bgp/afi-route-map-vpn.xml.i>
+        #include <include/bgp/afi-route-map-vrf.xml.i>
         #include <include/bgp/afi-route-target-vpn.xml.i>
         #include <include/bgp/afi-nexthop-vpn-export.xml.i>
         <node name="redistribute">
@@ -126,30 +127,7 @@
             <help>Redistribute routes from other protocols into BGP</help>
           </properties>
           <children>
-            <node name="connected">
-              <properties>
-                <help>Redistribute connected routes into BGP</help>
-              </properties>
-              <children>
-                #include <include/bgp/afi-redistribute-metric-route-map.xml.i>
-              </children>
-            </node>
-            <node name="isis">
-              <properties>
-                <help>Redistribute IS-IS routes into BGP</help>
-              </properties>
-              <children>
-                #include <include/bgp/afi-redistribute-metric-route-map.xml.i>
-              </children>
-            </node>
-            <node name="kernel">
-              <properties>
-                <help>Redistribute kernel routes into BGP</help>
-              </properties>
-              <children>
-                #include <include/bgp/afi-redistribute-metric-route-map.xml.i>
-              </children>
-            </node>
+            #include <include/bgp/afi-redistribute-common-protocols.xml.i>
             <node name="ospf">
               <properties>
                 <help>Redistribute OSPF routes into BGP</help>
@@ -166,27 +144,6 @@
                 #include <include/bgp/afi-redistribute-metric-route-map.xml.i>
               </children>
             </node>
-            <node name="babel">
-              <properties>
-                <help>Redistribute Babel routes into BGP</help>
-              </properties>
-              <children>
-                #include <include/bgp/afi-redistribute-metric-route-map.xml.i>
-              </children>
-            </node>
-            <node name="static">
-              <properties>
-                <help>Redistribute static routes into BGP</help>
-              </properties>
-              <children>
-                #include <include/bgp/afi-redistribute-metric-route-map.xml.i>
-              </children>
-            </node>
-            <leafNode name="table">
-              <properties>
-                <help>Redistribute non-main Kernel Routing Table</help>
-              </properties>
-            </leafNode>
           </children>
         </node>
         #include <include/bgp/afi-sid.xml.i>
@@ -503,22 +460,7 @@
             <help>Redistribute routes from other protocols into BGP</help>
           </properties>
           <children>
-            <node name="connected">
-              <properties>
-                <help>Redistribute connected routes into BGP</help>
-              </properties>
-              <children>
-                #include <include/bgp/afi-redistribute-metric-route-map.xml.i>
-              </children>
-            </node>
-            <node name="kernel">
-              <properties>
-                <help>Redistribute kernel routes into BGP</help>
-              </properties>
-              <children>
-                #include <include/bgp/afi-redistribute-metric-route-map.xml.i>
-              </children>
-            </node>
+            #include <include/bgp/afi-redistribute-common-protocols.xml.i>
             <node name="ospfv3">
               <properties>
                 <help>Redistribute OSPFv3 routes into BGP</help>
@@ -535,27 +477,6 @@
                 #include <include/bgp/afi-redistribute-metric-route-map.xml.i>
               </children>
             </node>
-            <node name="babel">
-              <properties>
-                <help>Redistribute Babel routes into BGP</help>
-              </properties>
-              <children>
-                #include <include/bgp/afi-redistribute-metric-route-map.xml.i>
-              </children>
-            </node>
-            <node name="static">
-              <properties>
-                <help>Redistribute static routes into BGP</help>
-              </properties>
-              <children>
-                #include <include/bgp/afi-redistribute-metric-route-map.xml.i>
-              </children>
-            </node>
-            <leafNode name="table">
-              <properties>
-                <help>Redistribute non-main Kernel Routing Table</help>
-              </properties>
-            </leafNode>
           </children>
         </node>
         #include <include/bgp/afi-sid.xml.i>
diff --git a/interface-definitions/include/constraint/interface-name.xml.i b/interface-definitions/include/constraint/interface-name.xml.i
index 3e7c4e667..f64ea86f5 100644
--- a/interface-definitions/include/constraint/interface-name.xml.i
+++ b/interface-definitions/include/constraint/interface-name.xml.i
@@ -1,4 +1,4 @@
 <!-- include start from constraint/interface-name.xml.i -->
-<regex>(bond|br|dum|en|ersp|eth|gnv|ifb|ipoe|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|sstpc|tun|veth|vti|vtun|vxlan|wg|wlan|wwan)[0-9]+(.\d+)?|lo</regex>
+<regex>(bond|br|dum|en|ersp|eth|gnv|ifb|ipoe|lan|l2tp|l2tpeth|macsec|peth|ppp|pppoe|pptp|sstp|sstpc|tun|veth|vpptap|vpptun|vti|vtun|vxlan|wg|wlan|wwan)[0-9]+(.\d+)?|pod-[-_a-zA-Z0-9]{1,11}|lo</regex>
 <validator name="file-path --lookup-path /sys/class/net --directory"/>
 <!-- include end -->
diff --git a/interface-definitions/include/constraint/protocols-static-table.xml.i b/interface-definitions/include/constraint/protocols-static-table.xml.i
new file mode 100644
index 000000000..2d8b067a4
--- /dev/null
+++ b/interface-definitions/include/constraint/protocols-static-table.xml.i
@@ -0,0 +1,9 @@
+<!-- include start from constraint/host-name.xml.i -->
+<valueHelp>
+  <format>u32:1-200</format>
+  <description>Policy route table number</description>
+</valueHelp>
+<constraint>
+  <validator name="numeric" argument="--range 1-200"/>
+</constraint>
+<!-- include end -->
diff --git a/interface-definitions/include/constraint/wireguard-keys.xml.i b/interface-definitions/include/constraint/wireguard-keys.xml.i
new file mode 100644
index 000000000..f59c86087
--- /dev/null
+++ b/interface-definitions/include/constraint/wireguard-keys.xml.i
@@ -0,0 +1,6 @@
+<!-- include start from constraint/wireguard-keys.xml.i -->
+<constraint>
+  <validator name="base64" argument="--decoded-len 32"/>
+</constraint>
+<constraintErrorMessage>Key must be Base64-encoded with 32 bytes in length</constraintErrorMessage>
+<!-- include end -->
diff --git a/interface-definitions/include/dhcp/ddns-dns-server.xml.i b/interface-definitions/include/dhcp/ddns-dns-server.xml.i
new file mode 100644
index 000000000..ba9f186d0
--- /dev/null
+++ b/interface-definitions/include/dhcp/ddns-dns-server.xml.i
@@ -0,0 +1,19 @@
+<!-- include start from dhcp/ddns-dns-server.xml.i -->
+<tagNode name="dns-server">
+  <properties>
+    <help>DNS server specification</help>
+    <valueHelp>
+      <format>u32:1-999999</format>
+      <description>Number for this DNS server</description>
+    </valueHelp>
+    <constraint>
+      <validator name="numeric" argument="--range 1-999999"/>
+    </constraint>
+    <constraintErrorMessage>DNS server number must be between 1 and 999999</constraintErrorMessage>
+  </properties>
+  <children>
+    #include <include/address-ipv4-ipv6-single.xml.i>
+    #include <include/port-number.xml.i>
+  </children>
+</tagNode>
+<!-- include end -->
diff --git a/interface-definitions/include/dhcp/ddns-settings.xml.i b/interface-definitions/include/dhcp/ddns-settings.xml.i
new file mode 100644
index 000000000..3e202685e
--- /dev/null
+++ b/interface-definitions/include/dhcp/ddns-settings.xml.i
@@ -0,0 +1,172 @@
+<!-- include start from dhcp/ddns-settings.xml.i -->
+<leafNode name="send-updates">
+    <properties>
+        <help>Enable or disable updates for this scope</help>
+        <completionHelp>
+            <list>enable disable</list>
+        </completionHelp>
+        <valueHelp>
+            <format>enable</format>
+            <description>Enable updates for this scope</description>
+        </valueHelp>
+        <valueHelp>
+            <format>disable</format>
+            <description>Disable updates for this scope</description>
+        </valueHelp>
+        <constraint>
+            <regex>(enable|disable)</regex>
+        </constraint>
+        <constraintErrorMessage>Set it to either enable or disable</constraintErrorMessage>
+    </properties>
+</leafNode>
+<leafNode name="override-client-update">
+    <properties>
+        <help>Always update both forward and reverse DNS data, regardless of the client's request</help>
+        <completionHelp>
+            <list>enable disable</list>
+        </completionHelp>
+        <valueHelp>
+            <format>enable</format>
+            <description>Force update both forward and reverse DNS records</description>
+        </valueHelp>
+        <valueHelp>
+            <format>disable</format>
+            <description>Respect client request settings</description>
+        </valueHelp>
+        <constraint>
+            <regex>(enable|disable)</regex>
+        </constraint>
+        <constraintErrorMessage>Set it to either enable or disable</constraintErrorMessage>
+    </properties>
+</leafNode>
+<leafNode name="override-no-update">
+    <properties>
+        <help>Perform a DDNS update, even if the client instructs the server not to</help>
+        <completionHelp>
+            <list>enable disable</list>
+        </completionHelp>
+        <valueHelp>
+            <format>enable</format>
+            <description>Force DDNS updates regardless of client request</description>
+        </valueHelp>
+        <valueHelp>
+            <format>disable</format>
+            <description>Respect client request settings</description>
+        </valueHelp>
+        <constraint>
+            <regex>(enable|disable)</regex>
+        </constraint>
+        <constraintErrorMessage>Set it to either enable or disable</constraintErrorMessage>
+    </properties>
+</leafNode>
+<leafNode name="replace-client-name">
+    <properties>
+        <help>Replace client name mode</help>
+        <completionHelp>
+            <list>never always when-present when-not-present</list>
+        </completionHelp>
+        <valueHelp>
+            <format>never</format>
+            <description>Use the name the client sent. If the client sent no name, do not generate
+                one</description>
+        </valueHelp>
+        <valueHelp>
+            <format>always</format>
+            <description>Replace the name the client sent. If the client sent no name, generate one
+                for the client</description>
+        </valueHelp>
+        <valueHelp>
+            <format>when-present</format>
+            <description>Replace the name the client sent. If the client sent no name, do not
+                generate one</description>
+        </valueHelp>
+        <valueHelp>
+            <format>when-not-present</format>
+            <description>Use the name the client sent. If the client sent no name, generate one for
+                the client</description>
+        </valueHelp>
+        <constraint>
+            <regex>(never|always|when-present|when-not-present)</regex>
+        </constraint>
+        <constraintErrorMessage>Invalid replace client name mode</constraintErrorMessage>
+    </properties>
+</leafNode>
+<leafNode name="generated-prefix">
+    <properties>
+        <help>The prefix used in the generation of an FQDN</help>
+        <constraint>
+            <validator name="fqdn" />
+        </constraint>
+        <constraintErrorMessage>Invalid generated prefix</constraintErrorMessage>
+    </properties>
+</leafNode>
+<leafNode name="qualifying-suffix">
+    <properties>
+        <help>The suffix used when generating an FQDN, or when qualifying a partial name</help>
+        <constraint>
+            <validator name="fqdn" />
+        </constraint>
+        <constraintErrorMessage>Invalid qualifying suffix</constraintErrorMessage>
+    </properties>
+</leafNode>
+<leafNode name="update-on-renew">
+    <properties>
+        <help>Update DNS record on lease renew</help>
+        <completionHelp>
+            <list>enable disable</list>
+        </completionHelp>
+        <valueHelp>
+            <format>enable</format>
+            <description>Update DNS record on lease renew</description>
+        </valueHelp>
+        <valueHelp>
+            <format>disable</format>
+            <description>Do not update DNS record on lease renew</description>
+        </valueHelp>
+        <constraint>
+            <regex>(enable|disable)</regex>
+        </constraint>
+        <constraintErrorMessage>Set it to either enable or disable</constraintErrorMessage>
+    </properties>
+</leafNode>
+<leafNode name="conflict-resolution">
+    <properties>
+        <help>DNS conflict resolution behavior</help>
+        <completionHelp>
+            <list>enable disable</list>
+        </completionHelp>
+        <valueHelp>
+            <format>enable</format>
+            <description>Enable DNS conflict resolution</description>
+        </valueHelp>
+        <valueHelp>
+            <format>disable</format>
+            <description>Disable DNS conflict resolution</description>
+        </valueHelp>
+        <constraint>
+            <regex>(enable|disable)</regex>
+        </constraint>
+        <constraintErrorMessage>Set it to either enable or disable</constraintErrorMessage>
+    </properties>
+</leafNode>
+<leafNode name="ttl-percent">
+    <properties>
+        <help>Calculate TTL of the DNS record as a percentage of the lease lifetime</help>
+        <constraint>
+            <validator name="numeric" argument="--range 1-100" />
+        </constraint>
+        <constraintErrorMessage>Invalid qualifying suffix</constraintErrorMessage>
+    </properties>
+</leafNode>
+<leafNode name="hostname-char-set">
+    <properties>
+        <help>A regular expression describing the invalid character set in the host name</help>
+    </properties>
+</leafNode>
+<leafNode name="hostname-char-replacement">
+    <properties>
+        <help>A string of zero or more characters with which to replace each invalid character in
+            the host name</help>
+    </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/dhcp/option-v4.xml.i b/interface-definitions/include/dhcp/option-v4.xml.i
index bd6fc6043..08fbcca4a 100644
--- a/interface-definitions/include/dhcp/option-v4.xml.i
+++ b/interface-definitions/include/dhcp/option-v4.xml.i
@@ -59,6 +59,18 @@
         <constraintErrorMessage>DHCP client prefix length must be 0 to 32</constraintErrorMessage>
       </properties>
     </leafNode>
+    <leafNode name="capwap-controller">
+      <properties>
+        <help>IP address of CAPWAP access controller (Option 138)</help>
+        <valueHelp>
+          <format>ipv4</format>
+          <description>CAPWAP AC controller</description>
+        </valueHelp>
+        <constraint>
+          <validator name="ipv4-address"/>
+        </constraint>
+      </properties>
+    </leafNode>
     <leafNode name="default-router">
       <properties>
         <help>IP address of default router</help>
diff --git a/interface-definitions/include/dhcp/option-v6.xml.i b/interface-definitions/include/dhcp/option-v6.xml.i
index e1897f52d..202843ddf 100644
--- a/interface-definitions/include/dhcp/option-v6.xml.i
+++ b/interface-definitions/include/dhcp/option-v6.xml.i
@@ -7,6 +7,18 @@
     #include <include/dhcp/captive-portal.xml.i>
     #include <include/dhcp/domain-search.xml.i>
     #include <include/name-server-ipv6.xml.i>
+    <leafNode name="capwap-controller">
+      <properties>
+        <help>IP address of CAPWAP access controller (Option 52)</help>
+        <valueHelp>
+          <format>ipv6</format>
+          <description>CAPWAP AC controller</description>
+        </valueHelp>
+        <constraint>
+          <validator name="ipv6-address"/>
+        </constraint>
+      </properties>
+    </leafNode>
     <leafNode name="nis-domain">
       <properties>
         <help>NIS domain name for client to use</help>
diff --git a/interface-definitions/include/dhcp/ping-check.xml.i b/interface-definitions/include/dhcp/ping-check.xml.i
new file mode 100644
index 000000000..a506f68e4
--- /dev/null
+++ b/interface-definitions/include/dhcp/ping-check.xml.i
@@ -0,0 +1,8 @@
+<!-- include start from dhcp/ping-check.xml.i -->
+<leafNode name="ping-check">
+  <properties>
+    <help>Sends ICMP Echo request to the address being assigned</help>
+    <valueless/>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/common-rule-ipv4.xml.i b/interface-definitions/include/firewall/common-rule-ipv4.xml.i
index 803b94b06..b67ef25dc 100644
--- a/interface-definitions/include/firewall/common-rule-ipv4.xml.i
+++ b/interface-definitions/include/firewall/common-rule-ipv4.xml.i
@@ -16,6 +16,7 @@
     #include <include/firewall/port.xml.i>
     #include <include/firewall/source-destination-group.xml.i>
     #include <include/firewall/source-destination-dynamic-group.xml.i>
+    #include <include/firewall/source-destination-remote-group.xml.i>
   </children>
 </node>
 <leafNode name="jump-target">
@@ -39,6 +40,7 @@
     #include <include/firewall/port.xml.i>
     #include <include/firewall/source-destination-group.xml.i>
     #include <include/firewall/source-destination-dynamic-group.xml.i>
+    #include <include/firewall/source-destination-remote-group.xml.i>
   </children>
 </node>
 <!-- include end -->
\ No newline at end of file
diff --git a/interface-definitions/include/firewall/common-rule-ipv6.xml.i b/interface-definitions/include/firewall/common-rule-ipv6.xml.i
index bb176fe71..65ec415fb 100644
--- a/interface-definitions/include/firewall/common-rule-ipv6.xml.i
+++ b/interface-definitions/include/firewall/common-rule-ipv6.xml.i
@@ -16,6 +16,7 @@
     #include <include/firewall/port.xml.i>
     #include <include/firewall/source-destination-group-ipv6.xml.i>
     #include <include/firewall/source-destination-dynamic-group-ipv6.xml.i>
+    #include <include/firewall/source-destination-remote-group.xml.i>
   </children>
 </node>
 <leafNode name="jump-target">
@@ -39,6 +40,7 @@
     #include <include/firewall/port.xml.i>
     #include <include/firewall/source-destination-group-ipv6.xml.i>
     #include <include/firewall/source-destination-dynamic-group-ipv6.xml.i>
+    #include <include/firewall/source-destination-remote-group.xml.i>
   </children>
 </node>
-<!-- include end -->
\ No newline at end of file
+<!-- include end -->
diff --git a/interface-definitions/include/firewall/global-options.xml.i b/interface-definitions/include/firewall/global-options.xml.i
index 355b41fde..7393ff5c9 100644
--- a/interface-definitions/include/firewall/global-options.xml.i
+++ b/interface-definitions/include/firewall/global-options.xml.i
@@ -217,6 +217,14 @@
         <help>Global firewall state-policy</help>
       </properties>
       <children>
+        <node name="offload">
+          <properties>
+            <help>All stateful forward traffic is offloaded to a flowtable</help>
+          </properties>
+          <children>
+            #include <include/firewall/offload-target.xml.i>
+          </children>
+        </node>
         <node name="established">
           <properties>
             <help>Global firewall policy for packets part of an established connection</help>
diff --git a/interface-definitions/include/firewall/source-destination-remote-group.xml.i b/interface-definitions/include/firewall/source-destination-remote-group.xml.i
new file mode 100644
index 000000000..16463c8eb
--- /dev/null
+++ b/interface-definitions/include/firewall/source-destination-remote-group.xml.i
@@ -0,0 +1,17 @@
+<!-- include start from firewall/source-destination-remote-group.xml.i -->
+<node name="group">
+  <properties>
+    <help>Group</help>
+  </properties>
+  <children>
+    <leafNode name="remote-group">
+      <properties>
+        <help>Group of remote addresses</help>
+        <completionHelp>
+          <path>firewall group remote-group</path>
+        </completionHelp>
+      </properties>
+    </leafNode>
+  </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/include/haproxy/logging.xml.i b/interface-definitions/include/haproxy/logging.xml.i
index e0af54fa4..315c959bf 100644
--- a/interface-definitions/include/haproxy/logging.xml.i
+++ b/interface-definitions/include/haproxy/logging.xml.i
@@ -4,7 +4,137 @@
     <help>Logging parameters</help>
   </properties>
   <children>
-    #include <include/syslog-facility.xml.i>
+    <tagNode name="facility">
+      <properties>
+        <help>Facility for logging</help>
+        <completionHelp>
+          <list>auth cron daemon kern lpr mail news syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7</list>
+        </completionHelp>
+        <constraint>
+          <regex>(auth|cron|daemon|kern|lpr|mail|news|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7)</regex>
+        </constraint>
+        <constraintErrorMessage>Invalid facility type</constraintErrorMessage>
+        <valueHelp>
+          <format>auth</format>
+          <description>Authentication and authorization</description>
+        </valueHelp>
+        <valueHelp>
+          <format>cron</format>
+          <description>Cron daemon</description>
+        </valueHelp>
+        <valueHelp>
+          <format>daemon</format>
+          <description>System daemons</description>
+        </valueHelp>
+        <valueHelp>
+          <format>kern</format>
+          <description>Kernel</description>
+        </valueHelp>
+        <valueHelp>
+          <format>lpr</format>
+          <description>Line printer spooler</description>
+        </valueHelp>
+        <valueHelp>
+          <format>mail</format>
+          <description>Mail subsystem</description>
+        </valueHelp>
+        <valueHelp>
+          <format>news</format>
+          <description>USENET subsystem</description>
+        </valueHelp>
+        <valueHelp>
+          <format>syslog</format>
+          <description>Authentication and authorization</description>
+        </valueHelp>
+        <valueHelp>
+          <format>user</format>
+          <description>Application processes</description>
+        </valueHelp>
+        <valueHelp>
+          <format>uucp</format>
+          <description>UUCP subsystem</description>
+        </valueHelp>
+        <valueHelp>
+          <format>local0</format>
+          <description>Local facility 0</description>
+        </valueHelp>
+        <valueHelp>
+          <format>local1</format>
+          <description>Local facility 1</description>
+        </valueHelp>
+        <valueHelp>
+          <format>local2</format>
+          <description>Local facility 2</description>
+        </valueHelp>
+        <valueHelp>
+          <format>local3</format>
+          <description>Local facility 3</description>
+        </valueHelp>
+        <valueHelp>
+          <format>local4</format>
+          <description>Local facility 4</description>
+        </valueHelp>
+        <valueHelp>
+          <format>local5</format>
+          <description>Local facility 5</description>
+        </valueHelp>
+        <valueHelp>
+          <format>local6</format>
+          <description>Local facility 6</description>
+        </valueHelp>
+        <valueHelp>
+          <format>local7</format>
+          <description>Local facility 7</description>
+        </valueHelp>
+      </properties>
+      <children>
+        <leafNode name="level">
+          <properties>
+            <help>Logging level</help>
+            <completionHelp>
+              <list>emerg alert crit err warning notice info debug</list>
+            </completionHelp>
+            <valueHelp>
+              <format>emerg</format>
+              <description>Emergency messages</description>
+            </valueHelp>
+            <valueHelp>
+              <format>alert</format>
+              <description>Urgent messages</description>
+            </valueHelp>
+            <valueHelp>
+              <format>crit</format>
+              <description>Critical messages</description>
+            </valueHelp>
+            <valueHelp>
+              <format>err</format>
+              <description>Error messages</description>
+            </valueHelp>
+            <valueHelp>
+              <format>warning</format>
+              <description>Warning messages</description>
+            </valueHelp>
+            <valueHelp>
+              <format>notice</format>
+              <description>Messages for further investigation</description>
+            </valueHelp>
+            <valueHelp>
+              <format>info</format>
+              <description>Informational messages</description>
+            </valueHelp>
+            <valueHelp>
+              <format>debug</format>
+              <description>Debug messages</description>
+            </valueHelp>
+            <constraint>
+              <regex>(emerg|alert|crit|err|warning|notice|info|debug)</regex>
+            </constraint>
+            <constraintErrorMessage>Invalid loglevel</constraintErrorMessage>
+          </properties>
+          <defaultValue>err</defaultValue>
+        </leafNode>
+      </children>
+    </tagNode>
   </children>
 </node>
 <!-- include end -->
diff --git a/interface-definitions/include/haproxy/timeout-check.xml.i b/interface-definitions/include/haproxy/timeout-check.xml.i
new file mode 100644
index 000000000..d1217fac3
--- /dev/null
+++ b/interface-definitions/include/haproxy/timeout-check.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from haproxy/timeout-check.xml.i -->
+<leafNode name="check">
+  <properties>
+    <help>Timeout in seconds for established connections</help>
+    <valueHelp>
+      <format>u32:1-3600</format>
+      <description>Check timeout in seconds</description>
+    </valueHelp>
+    <constraint>
+      <validator name="numeric" argument="--range 1-3600"/>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/haproxy/timeout-client.xml.i b/interface-definitions/include/haproxy/timeout-client.xml.i
new file mode 100644
index 000000000..2250ccdef
--- /dev/null
+++ b/interface-definitions/include/haproxy/timeout-client.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from haproxy/timeout-client.xml.i -->
+<leafNode name="client">
+  <properties>
+    <help>Maximum inactivity time on the client side</help>
+    <valueHelp>
+      <format>u32:1-3600</format>
+      <description>Timeout in seconds</description>
+    </valueHelp>
+    <constraint>
+      <validator name="numeric" argument="--range 1-3600"/>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/haproxy/timeout-connect.xml.i b/interface-definitions/include/haproxy/timeout-connect.xml.i
new file mode 100644
index 000000000..da4f983af
--- /dev/null
+++ b/interface-definitions/include/haproxy/timeout-connect.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from haproxy/timeout-connect.xml.i -->
+<leafNode name="connect">
+  <properties>
+    <help>Set the maximum time to wait for a connection attempt to a server to succeed</help>
+    <valueHelp>
+      <format>u32:1-3600</format>
+      <description>Connect timeout in seconds</description>
+    </valueHelp>
+    <constraint>
+      <validator name="numeric" argument="--range 1-3600"/>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/haproxy/timeout-server.xml.i b/interface-definitions/include/haproxy/timeout-server.xml.i
new file mode 100644
index 000000000..f27d415c1
--- /dev/null
+++ b/interface-definitions/include/haproxy/timeout-server.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from haproxy/timeout-server.xml.i -->
+<leafNode name="server">
+  <properties>
+    <help>Set the maximum inactivity time on the server side</help>
+    <valueHelp>
+      <format>u32:1-3600</format>
+      <description>Server timeout in seconds</description>
+    </valueHelp>
+    <constraint>
+      <validator name="numeric" argument="--range 1-3600"/>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/haproxy/timeout.xml.i b/interface-definitions/include/haproxy/timeout.xml.i
index 79e7303b1..a3a5a8a3e 100644
--- a/interface-definitions/include/haproxy/timeout.xml.i
+++ b/interface-definitions/include/haproxy/timeout.xml.i
@@ -4,42 +4,9 @@
     <help>Timeout options</help>
   </properties>
   <children>
-    <leafNode name="check">
-      <properties>
-        <help>Timeout in seconds for established connections</help>
-        <valueHelp>
-          <format>u32:1-3600</format>
-          <description>Check timeout in seconds</description>
-        </valueHelp>
-        <constraint>
-          <validator name="numeric" argument="--range 1-3600"/>
-        </constraint>
-      </properties>
-    </leafNode>
-    <leafNode name="connect">
-      <properties>
-        <help>Set the maximum time to wait for a connection attempt to a server to succeed</help>
-        <valueHelp>
-          <format>u32:1-3600</format>
-          <description>Connect timeout in seconds</description>
-        </valueHelp>
-        <constraint>
-          <validator name="numeric" argument="--range 1-3600"/>
-        </constraint>
-      </properties>
-    </leafNode>
-    <leafNode name="server">
-      <properties>
-        <help>Set the maximum inactivity time on the server side</help>
-        <valueHelp>
-          <format>u32:1-3600</format>
-          <description>Server timeout in seconds</description>
-        </valueHelp>
-        <constraint>
-          <validator name="numeric" argument="--range 1-3600"/>
-        </constraint>
-      </properties>
-    </leafNode>
+    #include <include/haproxy/timeout-check.xml.i>
+    #include <include/haproxy/timeout-connect.xml.i>
+    #include <include/haproxy/timeout-server.xml.i>
   </children>
 </node>
 <!-- include end -->
diff --git a/interface-definitions/include/interface/ipv6-address-interface-identifier.xml.i b/interface-definitions/include/interface/ipv6-address-interface-identifier.xml.i
new file mode 100644
index 000000000..d173dfdb8
--- /dev/null
+++ b/interface-definitions/include/interface/ipv6-address-interface-identifier.xml.i
@@ -0,0 +1,15 @@
+<!-- include start from interface/ipv6-address-interface-identifier.xml.i -->
+<leafNode name="interface-identifier">
+  <properties>
+    <help>SLAAC interface identifier</help>
+    <valueHelp>
+      <format>::h:h:h:h</format>
+      <description>Interface identifier</description>
+    </valueHelp>
+    <constraint>
+      <regex>::([0-9a-fA-F]{1,4}(:[0-9a-fA-F]{1,4}){0,3})</regex>
+    </constraint>
+    <constraintErrorMessage>Interface identifier format must start with :: and may contain up four hextets (::h:h:h:h)</constraintErrorMessage>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/interface/ipv6-address.xml.i b/interface-definitions/include/interface/ipv6-address.xml.i
deleted file mode 100644
index e1bdf02fd..000000000
--- a/interface-definitions/include/interface/ipv6-address.xml.i
+++ /dev/null
@@ -1,12 +0,0 @@
-<!-- include start from interface/ipv6-address.xml.i -->
-<node name="address">
-  <properties>
-    <help>IPv6 address configuration modes</help>
-  </properties>
-  <children>
-    #include <include/interface/ipv6-address-autoconf.xml.i>
-    #include <include/interface/ipv6-address-eui64.xml.i>
-    #include <include/interface/ipv6-address-no-default-link-local.xml.i>
-  </children>
-</node>
-<!-- include end -->
diff --git a/interface-definitions/include/interface/ipv6-options-with-nd.xml.i b/interface-definitions/include/interface/ipv6-options-with-nd.xml.i
new file mode 100644
index 000000000..5894104b3
--- /dev/null
+++ b/interface-definitions/include/interface/ipv6-options-with-nd.xml.i
@@ -0,0 +1,9 @@
+          <node name="ipv6">
+            <children>
+              <node name="address">
+                <children>
+                  #include <include/interface/ipv6-address-interface-identifier.xml.i>
+                </children>
+              </node>
+            </children>
+          </node>
diff --git a/interface-definitions/include/interface/ipv6-options.xml.i b/interface-definitions/include/interface/ipv6-options.xml.i
index ec6ec64ee..f84a9f2cd 100644
--- a/interface-definitions/include/interface/ipv6-options.xml.i
+++ b/interface-definitions/include/interface/ipv6-options.xml.i
@@ -8,9 +8,18 @@
     #include <include/interface/base-reachable-time.xml.i>
     #include <include/interface/disable-forwarding.xml.i>
     #include <include/interface/ipv6-accept-dad.xml.i>
-    #include <include/interface/ipv6-address.xml.i>
     #include <include/interface/ipv6-dup-addr-detect-transmits.xml.i>
     #include <include/interface/source-validation.xml.i>
+    <node name="address">
+      <properties>
+        <help>IPv6 address configuration modes</help>
+      </properties>
+      <children>
+        #include <include/interface/ipv6-address-autoconf.xml.i>
+        #include <include/interface/ipv6-address-eui64.xml.i>
+        #include <include/interface/ipv6-address-no-default-link-local.xml.i>
+      </children>
+    </node>
   </children>
 </node>
 <!-- include end -->
diff --git a/interface-definitions/include/interface/vif-s.xml.i b/interface-definitions/include/interface/vif-s.xml.i
index 02e7ab057..65ca10207 100644
--- a/interface-definitions/include/interface/vif-s.xml.i
+++ b/interface-definitions/include/interface/vif-s.xml.i
@@ -21,6 +21,7 @@
     #include <include/interface/vlan-protocol.xml.i>
     #include <include/interface/ipv4-options.xml.i>
     #include <include/interface/ipv6-options.xml.i>
+    #include <include/interface/ipv6-options-with-nd.xml.i>
     #include <include/interface/mac.xml.i>
     #include <include/interface/mirror.xml.i>
     #include <include/interface/mtu-68-16000.xml.i>
@@ -41,6 +42,7 @@
         #include <include/interface/disable.xml.i>
         #include <include/interface/ipv4-options.xml.i>
         #include <include/interface/ipv6-options.xml.i>
+        #include <include/interface/ipv6-options-with-nd.xml.i>
         #include <include/interface/mac.xml.i>
         #include <include/interface/mirror.xml.i>
         #include <include/interface/mtu-68-16000.xml.i>
diff --git a/interface-definitions/include/interface/vif.xml.i b/interface-definitions/include/interface/vif.xml.i
index ec3921bf6..87f91c5ce 100644
--- a/interface-definitions/include/interface/vif.xml.i
+++ b/interface-definitions/include/interface/vif.xml.i
@@ -46,6 +46,7 @@
     </leafNode>
     #include <include/interface/ipv4-options.xml.i>
     #include <include/interface/ipv6-options.xml.i>
+    #include <include/interface/ipv6-options-with-nd.xml.i>
     #include <include/interface/mac.xml.i>
     #include <include/interface/mirror.xml.i>
     #include <include/interface/mtu-68-16000.xml.i>
diff --git a/interface-definitions/include/ip-address.xml.i b/interface-definitions/include/ip-address.xml.i
new file mode 100644
index 000000000..6027e97ee
--- /dev/null
+++ b/interface-definitions/include/ip-address.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from ip-address.xml.i -->
+<leafNode name="ip-address">
+  <properties>
+    <help>Fixed IP address of static mapping</help>
+    <valueHelp>
+      <format>ipv4</format>
+      <description>IPv4 address used in static mapping</description>
+    </valueHelp>
+    <constraint>
+      <validator name="ipv4-address"/>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/isis/protocol-common-config.xml.i b/interface-definitions/include/isis/protocol-common-config.xml.i
index 35ce80be9..e0a7e62b6 100644
--- a/interface-definitions/include/isis/protocol-common-config.xml.i
+++ b/interface-definitions/include/isis/protocol-common-config.xml.i
@@ -418,6 +418,14 @@
             #include <include/isis/redistribute-level-1-2.xml.i>
           </children>
         </node>
+        <node name="nhrp">
+          <properties>
+            <help>Redistribute NHRP routes into IS-IS</help>
+          </properties>
+          <children>
+            #include <include/isis/redistribute-level-1-2.xml.i>
+          </children>
+        </node>
         <node name="ospf">
           <properties>
             <help>Redistribute OSPF routes into IS-IS</help>
diff --git a/interface-definitions/include/ospf/protocol-common-config.xml.i b/interface-definitions/include/ospf/protocol-common-config.xml.i
index cef832381..f597be64e 100644
--- a/interface-definitions/include/ospf/protocol-common-config.xml.i
+++ b/interface-definitions/include/ospf/protocol-common-config.xml.i
@@ -798,6 +798,16 @@
         #include <include/route-map.xml.i>
       </children>
     </node>
+    <node name="nhrp">
+      <properties>
+        <help>Redistribute NHRP routes</help>
+      </properties>
+      <children>
+        #include <include/ospf/metric.xml.i>
+        #include <include/ospf/metric-type.xml.i>
+        #include <include/route-map.xml.i>
+      </children>
+    </node>
     <node name="rip">
       <properties>
         <help>Redistribute RIP routes</help>
diff --git a/interface-definitions/include/policy/community-value-list.xml.i b/interface-definitions/include/policy/community-value-list.xml.i
index 8c665c5f0..b1499440a 100644
--- a/interface-definitions/include/policy/community-value-list.xml.i
+++ b/interface-definitions/include/policy/community-value-list.xml.i
@@ -4,7 +4,6 @@
       local-as
       no-advertise
       no-export
-      internet
       graceful-shutdown
       accept-own
       route-filter-translated-v4
@@ -35,10 +34,6 @@
     <description>Well-known communities value NO_EXPORT 0xFFFFFF01</description>
 </valueHelp>
 <valueHelp>
-    <format>internet</format>
-    <description>Well-known communities value 0</description>
-</valueHelp>
-<valueHelp>
     <format>graceful-shutdown</format>
     <description>Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000</description>
 </valueHelp>
@@ -84,7 +79,7 @@
 </valueHelp>
 <multi/>
 <constraint>
-    <regex>local-as|no-advertise|no-export|internet|graceful-shutdown|accept-own|route-filter-translated-v4|route-filter-v4|route-filter-translated-v6|route-filter-v6|llgr-stale|no-llgr|accept-own-nexthop|blackhole|no-peer</regex>
+    <regex>local-as|no-advertise|no-export|graceful-shutdown|accept-own|route-filter-translated-v4|route-filter-v4|route-filter-translated-v6|route-filter-v6|llgr-stale|no-llgr|accept-own-nexthop|blackhole|no-peer</regex>
     <validator name="bgp-regular-community"/>
 </constraint>
         <!-- include end -->
diff --git a/interface-definitions/include/version/bgp-version.xml.i b/interface-definitions/include/version/bgp-version.xml.i
index 6bed7189f..c90276151 100644
--- a/interface-definitions/include/version/bgp-version.xml.i
+++ b/interface-definitions/include/version/bgp-version.xml.i
@@ -1,3 +1,3 @@
 <!-- include start from include/version/bgp-version.xml.i -->
-<syntaxVersion component='bgp' version='5'></syntaxVersion>
+<syntaxVersion component='bgp' version='6'></syntaxVersion>
 <!-- include end -->
diff --git a/interface-definitions/include/version/ids-version.xml.i b/interface-definitions/include/version/ids-version.xml.i
index 9133be02b..6d4e92c21 100644
--- a/interface-definitions/include/version/ids-version.xml.i
+++ b/interface-definitions/include/version/ids-version.xml.i
@@ -1,3 +1,3 @@
 <!-- include start from include/version/ids-version.xml.i -->
-<syntaxVersion component='ids' version='1'></syntaxVersion>
+<syntaxVersion component='ids' version='2'></syntaxVersion>
 <!-- include end -->
diff --git a/interface-definitions/include/version/lldp-version.xml.i b/interface-definitions/include/version/lldp-version.xml.i
index b41d80451..a7110691a 100644
--- a/interface-definitions/include/version/lldp-version.xml.i
+++ b/interface-definitions/include/version/lldp-version.xml.i
@@ -1,3 +1,3 @@
 <!-- include start from include/version/lldp-version.xml.i -->
-<syntaxVersion component='lldp' version='2'></syntaxVersion>
+<syntaxVersion component='lldp' version='3'></syntaxVersion>
 <!-- include end -->
diff --git a/interface-definitions/include/version/policy-version.xml.i b/interface-definitions/include/version/policy-version.xml.i
index db727fea9..5c53a4032 100644
--- a/interface-definitions/include/version/policy-version.xml.i
+++ b/interface-definitions/include/version/policy-version.xml.i
@@ -1,3 +1,3 @@
 <!-- include start from include/version/policy-version.xml.i -->
-<syntaxVersion component='policy' version='8'></syntaxVersion>
+<syntaxVersion component='policy' version='9'></syntaxVersion>
 <!-- include end -->
diff --git a/interface-definitions/include/version/reverseproxy-version.xml.i b/interface-definitions/include/version/reverseproxy-version.xml.i
index 4f09f2848..71f7def1a 100644
--- a/interface-definitions/include/version/reverseproxy-version.xml.i
+++ b/interface-definitions/include/version/reverseproxy-version.xml.i
@@ -1,3 +1,3 @@
 <!-- include start from include/version/reverseproxy-version.xml.i -->
-<syntaxVersion component='reverse-proxy' version='2'></syntaxVersion>
+<syntaxVersion component='reverse-proxy' version='3'></syntaxVersion>
 <!-- include end -->
diff --git a/interface-definitions/include/version/system-version.xml.i b/interface-definitions/include/version/system-version.xml.i
index 3ecf124c7..5cdece74a 100644
--- a/interface-definitions/include/version/system-version.xml.i
+++ b/interface-definitions/include/version/system-version.xml.i
@@ -1,3 +1,3 @@
 <!-- include start from include/version/system-version.xml.i -->
-<syntaxVersion component='system' version='28'></syntaxVersion>
+<syntaxVersion component='system' version='29'></syntaxVersion>
 <!-- include end -->
diff --git a/interface-definitions/include/version/wanloadbalance-version.xml.i b/interface-definitions/include/version/wanloadbalance-version.xml.i
index 59f8729cc..34c3c76ff 100644
--- a/interface-definitions/include/version/wanloadbalance-version.xml.i
+++ b/interface-definitions/include/version/wanloadbalance-version.xml.i
@@ -1,3 +1,3 @@
 <!-- include start from include/version/wanloadbalance-version.xml.i -->
-<syntaxVersion component='wanloadbalance' version='3'></syntaxVersion>
+<syntaxVersion component='wanloadbalance' version='4'></syntaxVersion>
 <!-- include end -->
diff --git a/interface-definitions/interfaces_bonding.xml.in b/interface-definitions/interfaces_bonding.xml.in
index b17cad478..cdacae2d0 100644
--- a/interface-definitions/interfaces_bonding.xml.in
+++ b/interface-definitions/interfaces_bonding.xml.in
@@ -141,6 +141,7 @@
           </leafNode>
           #include <include/interface/ipv4-options.xml.i>
           #include <include/interface/ipv6-options.xml.i>
+          #include <include/interface/ipv6-options-with-nd.xml.i>
           #include <include/interface/mac.xml.i>
           <leafNode name="mii-mon-interval">
             <properties>
diff --git a/interface-definitions/interfaces_bridge.xml.in b/interface-definitions/interfaces_bridge.xml.in
index 29dd61df5..667ae3b19 100644
--- a/interface-definitions/interfaces_bridge.xml.in
+++ b/interface-definitions/interfaces_bridge.xml.in
@@ -93,6 +93,7 @@
           </node>
           #include <include/interface/ipv4-options.xml.i>
           #include <include/interface/ipv6-options.xml.i>
+          #include <include/interface/ipv6-options-with-nd.xml.i>
           #include <include/interface/mac.xml.i>
           #include <include/interface/mirror.xml.i>
           <leafNode name="enable-vlan">
diff --git a/interface-definitions/interfaces_ethernet.xml.in b/interface-definitions/interfaces_ethernet.xml.in
index b3559a626..819ceb2cb 100644
--- a/interface-definitions/interfaces_ethernet.xml.in
+++ b/interface-definitions/interfaces_ethernet.xml.in
@@ -74,6 +74,7 @@
           #include <include/interface/hw-id.xml.i>
           #include <include/interface/ipv4-options.xml.i>
           #include <include/interface/ipv6-options.xml.i>
+          #include <include/interface/ipv6-options-with-nd.xml.i>
           #include <include/interface/mac.xml.i>
           #include <include/interface/mtu-68-16000.xml.i>
           #include <include/interface/mirror.xml.i>
diff --git a/interface-definitions/interfaces_geneve.xml.in b/interface-definitions/interfaces_geneve.xml.in
index 990c5bd91..b85bd3b9e 100644
--- a/interface-definitions/interfaces_geneve.xml.in
+++ b/interface-definitions/interfaces_geneve.xml.in
@@ -21,8 +21,13 @@
           #include <include/interface/disable.xml.i>
           #include <include/interface/ipv4-options.xml.i>
           #include <include/interface/ipv6-options.xml.i>
+          #include <include/interface/ipv6-options-with-nd.xml.i>
           #include <include/interface/mac.xml.i>
           #include <include/interface/mtu-1200-16000.xml.i>
+          #include <include/port-number.xml.i>
+          <leafNode name="port">
+            <defaultValue>6081</defaultValue>
+          </leafNode>
           <node name="parameters">
             <properties>
               <help>GENEVE tunnel parameters</help>
diff --git a/interface-definitions/interfaces_l2tpv3.xml.in b/interface-definitions/interfaces_l2tpv3.xml.in
index 5f816c956..381e86bd0 100644
--- a/interface-definitions/interfaces_l2tpv3.xml.in
+++ b/interface-definitions/interfaces_l2tpv3.xml.in
@@ -55,6 +55,7 @@
           </leafNode>
           #include <include/interface/ipv4-options.xml.i>
           #include <include/interface/ipv6-options.xml.i>
+          #include <include/interface/ipv6-options-with-nd.xml.i>
           #include <include/source-address-ipv4-ipv6.xml.i>
           #include <include/interface/mirror.xml.i>
           #include <include/interface/mtu-68-16000.xml.i>
diff --git a/interface-definitions/interfaces_macsec.xml.in b/interface-definitions/interfaces_macsec.xml.in
index d825f8262..5279a9495 100644
--- a/interface-definitions/interfaces_macsec.xml.in
+++ b/interface-definitions/interfaces_macsec.xml.in
@@ -21,6 +21,7 @@
           #include <include/interface/dhcpv6-options.xml.i>
           #include <include/interface/ipv4-options.xml.i>
           #include <include/interface/ipv6-options.xml.i>
+          #include <include/interface/ipv6-options-with-nd.xml.i>
           #include <include/interface/mirror.xml.i>
           <node name="security">
             <properties>
diff --git a/interface-definitions/interfaces_openvpn.xml.in b/interface-definitions/interfaces_openvpn.xml.in
index 3c844107e..6510ed733 100644
--- a/interface-definitions/interfaces_openvpn.xml.in
+++ b/interface-definitions/interfaces_openvpn.xml.in
@@ -135,6 +135,7 @@
           </node>
           #include <include/interface/ipv4-options.xml.i>
           #include <include/interface/ipv6-options.xml.i>
+          #include <include/interface/ipv6-options-with-nd.xml.i>
           #include <include/interface/mirror.xml.i>
           <leafNode name="hash">
             <properties>
diff --git a/interface-definitions/interfaces_pppoe.xml.in b/interface-definitions/interfaces_pppoe.xml.in
index f24bc41d8..66a774e21 100644
--- a/interface-definitions/interfaces_pppoe.xml.in
+++ b/interface-definitions/interfaces_pppoe.xml.in
@@ -88,6 +88,7 @@
                 </properties>
                 <children>
                   #include <include/interface/ipv6-address-autoconf.xml.i>
+                  #include <include/interface/ipv6-address-interface-identifier.xml.i>
                 </children>
               </node>
               #include <include/interface/adjust-mss.xml.i>
diff --git a/interface-definitions/interfaces_pseudo-ethernet.xml.in b/interface-definitions/interfaces_pseudo-ethernet.xml.in
index 031af3563..f13144bed 100644
--- a/interface-definitions/interfaces_pseudo-ethernet.xml.in
+++ b/interface-definitions/interfaces_pseudo-ethernet.xml.in
@@ -25,6 +25,7 @@
           #include <include/interface/vrf.xml.i>
           #include <include/interface/ipv4-options.xml.i>
           #include <include/interface/ipv6-options.xml.i>
+          #include <include/interface/ipv6-options-with-nd.xml.i>
           #include <include/source-interface-ethernet.xml.i>
           #include <include/interface/mac.xml.i>
           #include <include/interface/mirror.xml.i>
diff --git a/interface-definitions/interfaces_virtual-ethernet.xml.in b/interface-definitions/interfaces_virtual-ethernet.xml.in
index c4610feec..2dfbd50b8 100644
--- a/interface-definitions/interfaces_virtual-ethernet.xml.in
+++ b/interface-definitions/interfaces_virtual-ethernet.xml.in
@@ -21,6 +21,10 @@
           #include <include/interface/dhcp-options.xml.i>
           #include <include/interface/dhcpv6-options.xml.i>
           #include <include/interface/disable.xml.i>
+          #include <include/interface/mtu-68-16000.xml.i>
+          <leafNode name="mtu">
+            <defaultValue>1500</defaultValue>
+          </leafNode>
           #include <include/interface/netns.xml.i>
           #include <include/interface/vif-s.xml.i>
           #include <include/interface/vif.xml.i>
diff --git a/interface-definitions/interfaces_vxlan.xml.in b/interface-definitions/interfaces_vxlan.xml.in
index 937acb123..f4cd4fcd2 100644
--- a/interface-definitions/interfaces_vxlan.xml.in
+++ b/interface-definitions/interfaces_vxlan.xml.in
@@ -45,6 +45,7 @@
           </leafNode>
           #include <include/interface/ipv4-options.xml.i>
           #include <include/interface/ipv6-options.xml.i>
+          #include <include/interface/ipv6-options-with-nd.xml.i>
           #include <include/interface/mac.xml.i>
           #include <include/interface/mtu-1200-16000.xml.i>
           #include <include/interface/mirror.xml.i>
diff --git a/interface-definitions/interfaces_wireguard.xml.in b/interface-definitions/interfaces_wireguard.xml.in
index 4f8b6c751..33cb5864a 100644
--- a/interface-definitions/interfaces_wireguard.xml.in
+++ b/interface-definitions/interfaces_wireguard.xml.in
@@ -56,10 +56,7 @@
           <leafNode name="private-key">
             <properties>
               <help>Base64 encoded private key</help>
-              <constraint>
-                <validator name="base64"/>
-              </constraint>
-              <constraintErrorMessage>Key is not base64-encoded</constraintErrorMessage>
+              #include <include/constraint/wireguard-keys.xml.i>
             </properties>
           </leafNode>
           <tagNode name="peer">
@@ -75,20 +72,14 @@
               #include <include/generic-description.xml.i>
               <leafNode name="public-key">
                 <properties>
-                  <help>base64 encoded public key</help>
-                  <constraint>
-                    <validator name="base64"/>
-                  </constraint>
-                  <constraintErrorMessage>Key is not base64-encoded</constraintErrorMessage>
+                  <help>Base64 encoded public key</help>
+                  #include <include/constraint/wireguard-keys.xml.i>
                 </properties>
               </leafNode>
               <leafNode name="preshared-key">
                 <properties>
-                  <help>base64 encoded preshared key</help>
-                  <constraint>
-                    <validator name="base64"/>
-                  </constraint>
-                  <constraintErrorMessage>Key is not base64-encoded</constraintErrorMessage>
+                  <help>Base64 encoded preshared key</help>
+                  #include <include/constraint/wireguard-keys.xml.i>
                 </properties>
               </leafNode>
               <leafNode name="allowed-ips">
diff --git a/interface-definitions/interfaces_wireless.xml.in b/interface-definitions/interfaces_wireless.xml.in
index 474953500..1b5356caa 100644
--- a/interface-definitions/interfaces_wireless.xml.in
+++ b/interface-definitions/interfaces_wireless.xml.in
@@ -626,6 +626,7 @@
           </leafNode>
           #include <include/interface/ipv4-options.xml.i>
           #include <include/interface/ipv6-options.xml.i>
+          #include <include/interface/ipv6-options-with-nd.xml.i>
           #include <include/interface/hw-id.xml.i>
           <leafNode name="isolate-stations">
             <properties>
diff --git a/interface-definitions/interfaces_wwan.xml.in b/interface-definitions/interfaces_wwan.xml.in
index 1580c3bcb..552806d4e 100644
--- a/interface-definitions/interfaces_wwan.xml.in
+++ b/interface-definitions/interfaces_wwan.xml.in
@@ -38,6 +38,7 @@
           </leafNode>
           #include <include/interface/ipv4-options.xml.i>
           #include <include/interface/ipv6-options.xml.i>
+          #include <include/interface/ipv6-options-with-nd.xml.i>
           #include <include/interface/dial-on-demand.xml.i>
           #include <include/interface/redirect.xml.i>
           #include <include/interface/vrf.xml.i>
diff --git a/interface-definitions/load-balancing_haproxy.xml.in b/interface-definitions/load-balancing_haproxy.xml.in
index ca089d3f0..f0f64e75a 100644
--- a/interface-definitions/load-balancing_haproxy.xml.in
+++ b/interface-definitions/load-balancing_haproxy.xml.in
@@ -4,7 +4,7 @@
     <children>
       <node name="haproxy" owner="${vyos_conf_scripts_dir}/load-balancing_haproxy.py">
         <properties>
-          <help>Configure haproxy</help>
+          <help>HAProxy TCP/HTTP Load Balancer</help>
           <priority>900</priority>
         </properties>
         <children>
@@ -26,7 +26,7 @@
                   <constraintErrorMessage>Backend name must be alphanumeric and can contain hyphen and underscores</constraintErrorMessage>
                   <valueHelp>
                     <format>txt</format>
-                    <description>Name of haproxy backend system</description>
+                    <description>HAProxy backend system name</description>
                   </valueHelp>
                   <completionHelp>
                     <path>load-balancing haproxy backend</path>
@@ -48,6 +48,14 @@
                   <valueless/>
                 </properties>
               </leafNode>
+              <node name="timeout">
+                <properties>
+                  <help>Timeout options</help>
+                </properties>
+                <children>
+                  #include <include/haproxy/timeout-client.xml.i>
+                </children>
+              </node>
               <node name="http-compression">
                 <properties>
                   <help>Compress HTTP responses</help>
@@ -368,6 +376,29 @@
               </leafNode>
             </children>
           </node>
+          <node name="timeout">
+            <properties>
+              <help>Timeout options</help>
+            </properties>
+            <children>
+              #include <include/haproxy/timeout-check.xml.i>
+              <leafNode name="check">
+                <defaultValue>5</defaultValue>
+              </leafNode>
+              #include <include/haproxy/timeout-connect.xml.i>
+              <leafNode name="connect">
+                <defaultValue>10</defaultValue>
+              </leafNode>
+              #include <include/haproxy/timeout-client.xml.i>
+              <leafNode name="client">
+                <defaultValue>50</defaultValue>
+              </leafNode>
+              #include <include/haproxy/timeout-server.xml.i>
+              <leafNode name="server">
+                <defaultValue>50</defaultValue>
+              </leafNode>
+            </children>
+          </node>
           #include <include/interface/vrf.xml.i>
         </children>
       </node>
diff --git a/interface-definitions/load-balancing_wan.xml.in b/interface-definitions/load-balancing_wan.xml.in
index 310aa0343..f80440411 100644
--- a/interface-definitions/load-balancing_wan.xml.in
+++ b/interface-definitions/load-balancing_wan.xml.in
@@ -7,7 +7,7 @@
     <children>
       <node name="wan" owner="${vyos_conf_scripts_dir}/load-balancing_wan.py">
         <properties>
-          <help>Configure Wide Area Network (WAN) load-balancing</help>
+          <help>Wide Area Network (WAN) load-balancing</help>
           <priority>900</priority>
         </properties>
         <children>
diff --git a/interface-definitions/nat66.xml.in b/interface-definitions/nat66.xml.in
index c59725c53..2c1babd5a 100644
--- a/interface-definitions/nat66.xml.in
+++ b/interface-definitions/nat66.xml.in
@@ -53,6 +53,7 @@
                     </properties>
                   </leafNode>
                   #include <include/nat-port.xml.i>
+                  #include <include/firewall/source-destination-group-ipv6.xml.i>
                 </children>
               </node>
               <node name="source">
diff --git a/interface-definitions/policy.xml.in b/interface-definitions/policy.xml.in
index cbab6173f..25dbf5581 100644
--- a/interface-definitions/policy.xml.in
+++ b/interface-definitions/policy.xml.in
@@ -202,7 +202,7 @@
                 <properties>
                   <help>Regular expression to match against a community-list</help>
                   <completionHelp>
-                    <list>local-AS no-advertise no-export internet graceful-shutdown accept-own-nexthop accept-own route-filter-translated-v4 route-filter-v4 route-filter-translated-v6 route-filter-v6 llgr-stale no-llgr blackhole no-peer additive</list>
+                    <list>local-AS no-advertise no-export graceful-shutdown accept-own-nexthop accept-own route-filter-translated-v4 route-filter-v4 route-filter-translated-v6 route-filter-v6 llgr-stale no-llgr blackhole no-peer additive</list>
                   </completionHelp>
                   <valueHelp>
                     <format>&lt;aa:nn&gt;</format>
@@ -221,10 +221,6 @@
                     <description>Well-known communities value NO_EXPORT 0xFFFFFF01</description>
                   </valueHelp>
                   <valueHelp>
-                    <format>internet</format>
-                    <description>Well-known communities value 0</description>
-                  </valueHelp>
-                  <valueHelp>
                     <format>graceful-shutdown</format>
                     <description>Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000</description>
                   </valueHelp>
@@ -1096,6 +1092,20 @@
                       </constraint>
                     </properties>
                   </leafNode>
+                  <leafNode name="source-vrf">
+                    <properties>
+                      <help>Source vrf</help>
+                      #include <include/constraint/vrf.xml.i>
+                      <valueHelp>
+                        <format>txt</format>
+                        <description>VRF instance name</description>
+                      </valueHelp>
+                      <completionHelp>
+                        <path>vrf name</path>
+                        <list>default</list>
+                      </completionHelp>
+                    </properties>
+                  </leafNode>
                   #include <include/policy/tag.xml.i>
                 </children>
               </node>
diff --git a/interface-definitions/policy_route.xml.in b/interface-definitions/policy_route.xml.in
index 9cc22540b..48f728923 100644
--- a/interface-definitions/policy_route.xml.in
+++ b/interface-definitions/policy_route.xml.in
@@ -35,6 +35,7 @@
                   #include <include/firewall/address-ipv6.xml.i>
                   #include <include/firewall/source-destination-group-ipv6.xml.i>
                   #include <include/firewall/port.xml.i>
+                  #include <include/firewall/geoip.xml.i>
                 </children>
               </node>
               <node name="source">
@@ -45,6 +46,7 @@
                   #include <include/firewall/address-ipv6.xml.i>
                   #include <include/firewall/source-destination-group-ipv6.xml.i>
                   #include <include/firewall/port.xml.i>
+                  #include <include/firewall/geoip.xml.i>
                 </children>
               </node>
               #include <include/policy/route-common.xml.i>
@@ -90,6 +92,7 @@
                   #include <include/firewall/address.xml.i>
                   #include <include/firewall/source-destination-group.xml.i>
                   #include <include/firewall/port.xml.i>
+                  #include <include/firewall/geoip.xml.i>
                 </children>
               </node>
               <node name="source">
@@ -100,6 +103,7 @@
                   #include <include/firewall/address.xml.i>
                   #include <include/firewall/source-destination-group.xml.i>
                   #include <include/firewall/port.xml.i>
+                  #include <include/firewall/geoip.xml.i>
                 </children>
               </node>
               #include <include/policy/route-common.xml.i>
diff --git a/interface-definitions/protocols_mpls.xml.in b/interface-definitions/protocols_mpls.xml.in
index 831601fc6..fc1864f38 100644
--- a/interface-definitions/protocols_mpls.xml.in
+++ b/interface-definitions/protocols_mpls.xml.in
@@ -524,7 +524,29 @@
                   </node>
                 </children>
               </node>
-              #include <include/generic-interface-multi.xml.i>
+              <tagNode name="interface">
+                <properties>
+                  <help>Interface</help>
+                  <completionHelp>
+                    <script>${vyos_completion_dir}/list_interfaces</script>
+                  </completionHelp>
+                  <valueHelp>
+                    <format>txt</format>
+                    <description>Interface name</description>
+                  </valueHelp>
+                  <constraint>
+                    #include <include/constraint/interface-name.xml.i>
+                  </constraint>
+                </properties>
+                <children>
+                  <leafNode name="disable-establish-hello">
+                    <properties>
+                      <help>Disable response to hello packet with an additional hello LDP packet</help>
+                      <valueless/>
+                    </properties>
+                  </leafNode>
+                </children>
+              </tagNode>
             </children>
           </node>
           <node name="parameters">
diff --git a/interface-definitions/protocols_rip.xml.in b/interface-definitions/protocols_rip.xml.in
index 0edd8f2ce..745280fd7 100644
--- a/interface-definitions/protocols_rip.xml.in
+++ b/interface-definitions/protocols_rip.xml.in
@@ -209,6 +209,14 @@
                   #include <include/rip/redistribute.xml.i>
                 </children>
               </node>
+              <node name="nhrp">
+                <properties>
+                  <help>Redistribute NHRP routes</help>
+                </properties>
+                <children>
+                  #include <include/rip/redistribute.xml.i>
+                </children>
+              </node>
               <node name="ospf">
                 <properties>
                   <help>Redistribute OSPF routes</help>
diff --git a/interface-definitions/protocols_rpki.xml.in b/interface-definitions/protocols_rpki.xml.in
index 54d69eadb..9e2e84717 100644
--- a/interface-definitions/protocols_rpki.xml.in
+++ b/interface-definitions/protocols_rpki.xml.in
@@ -42,6 +42,7 @@
                   </constraint>
                 </properties>
               </leafNode>
+              #include <include/source-address-ipv4.xml.i>
               <node name="ssh">
                 <properties>
                   <help>RPKI SSH connection settings</help>
diff --git a/interface-definitions/protocols_static.xml.in b/interface-definitions/protocols_static.xml.in
index d8e0ee56b..c721bb3fc 100644
--- a/interface-definitions/protocols_static.xml.in
+++ b/interface-definitions/protocols_static.xml.in
@@ -65,14 +65,8 @@
           #include <include/static/static-route6.xml.i>
           <tagNode name="table">
             <properties>
-              <help>Policy route table number</help>
-              <valueHelp>
-                <format>u32:1-200</format>
-                <description>Policy route table number</description>
-              </valueHelp>
-              <constraint>
-                <validator name="numeric" argument="--range 1-200"/>
-              </constraint>
+              <help>Non-main Kernel Routing Table</help>
+              #include <include/constraint/protocols-static-table.xml.i>
             </properties>
             <children>
               <!--
diff --git a/interface-definitions/service_dhcp-server.xml.in b/interface-definitions/service_dhcp-server.xml.in
index cb5f9a804..78f1cea4e 100644
--- a/interface-definitions/service_dhcp-server.xml.in
+++ b/interface-definitions/service_dhcp-server.xml.in
@@ -10,12 +10,111 @@
         </properties>
         <children>
           #include <include/generic-disable-node.xml.i>
-          <leafNode name="dynamic-dns-update">
+          <node name="dynamic-dns-update">
             <properties>
               <help>Dynamically update Domain Name System (RFC4702)</help>
-              <valueless/>
             </properties>
-          </leafNode>
+            <children>
+              #include <include/dhcp/ddns-settings.xml.i>
+              <tagNode name="tsig-key">
+                <properties>
+                  <help>TSIG key definition for DNS updates</help>
+                  <constraint>
+                    #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i>
+                  </constraint>
+                  <constraintErrorMessage>Invalid TSIG key name. May only contain letters, numbers, hyphen and underscore</constraintErrorMessage>
+                </properties>
+                <children>
+                  <leafNode name="algorithm">
+                    <properties>
+                      <help>TSIG key algorithm</help>
+                      <completionHelp>
+                        <list>md5 sha1 sha224 sha256 sha384 sha512</list>
+                      </completionHelp>
+                      <valueHelp>
+                        <format>md5</format>
+                        <description>MD5 HMAC algorithm</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>sha1</format>
+                        <description>SHA1 HMAC algorithm</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>sha224</format>
+                        <description>SHA224 HMAC algorithm</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>sha256</format>
+                        <description>SHA256 HMAC algorithm</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>sha384</format>
+                        <description>SHA384 HMAC algorithm</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>sha512</format>
+                        <description>SHA512 HMAC algorithm</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>(md5|sha1|sha224|sha256|sha384|sha512)</regex>
+                      </constraint>
+                      <constraintErrorMessage>Invalid TSIG key algorithm</constraintErrorMessage>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="secret">
+                    <properties>
+                      <help>TSIG key secret (base64-encoded)</help>
+                      <constraint>
+                        <validator name="base64"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                </children>
+              </tagNode>
+              <tagNode name="forward-domain">
+                <properties>
+                  <help>Forward DNS domain name</help>
+                  <constraint>
+                    <validator name="fqdn"/>
+                  </constraint>
+                  <constraintErrorMessage>Invalid forward DNS domain name</constraintErrorMessage>
+                </properties>
+                <children>
+                  <leafNode name="key-name">
+                    <properties>
+                      <help>TSIG key name for forward DNS updates</help>
+                      <constraint>
+                        #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i>
+                      </constraint>
+                      <constraintErrorMessage>Invalid TSIG key name. May only contain letters, numbers, numbers, hyphen and underscore</constraintErrorMessage>
+                    </properties>
+                  </leafNode>
+                  #include <include/dhcp/ddns-dns-server.xml.i>
+                </children>
+              </tagNode>
+              <tagNode name="reverse-domain">
+                <properties>
+                  <help>Reverse DNS domain name</help>
+                  <constraint>
+                    <validator name="fqdn"/>
+                  </constraint>
+                  <constraintErrorMessage>Invalid reverse DNS domain name</constraintErrorMessage>
+                </properties>
+                <children>
+                  <leafNode name="key-name">
+                    <properties>
+                      <help>TSIG key name for reverse DNS updates</help>
+                      <constraint>
+                        #include <include/constraint/alpha-numeric-hyphen-underscore.xml.i>
+                      </constraint>
+                      <constraintErrorMessage>Invalid TSIG key name. May only contain letters, numbers, numbers, hyphen and underscore</constraintErrorMessage>
+                    </properties>
+                  </leafNode>
+                  #include <include/dhcp/ddns-dns-server.xml.i>
+                </children>
+              </tagNode>
+            </children>
+          </node>
           <node name="high-availability">
             <properties>
               <help>DHCP high availability configuration</help>
@@ -105,6 +204,14 @@
               <constraintErrorMessage>Invalid shared network name. May only contain letters, numbers and .-_</constraintErrorMessage>
             </properties>
             <children>
+              <node name="dynamic-dns-update">
+                <properties>
+                  <help>Dynamically update Domain Name System (RFC4702)</help>
+                </properties>
+                <children>
+                  #include <include/dhcp/ddns-settings.xml.i>
+                </children>
+              </node>
               <leafNode name="authoritative">
                 <properties>
                   <help>Option to make DHCP server authoritative for this physical network</help>
@@ -112,6 +219,7 @@
                 </properties>
               </leafNode>
               #include <include/dhcp/option-v4.xml.i>
+              #include <include/dhcp/ping-check.xml.i>
               #include <include/generic-description.xml.i>
               #include <include/generic-disable-node.xml.i>
               <tagNode name="subnet">
@@ -128,8 +236,17 @@
                 </properties>
                 <children>
                   #include <include/dhcp/option-v4.xml.i>
+                  #include <include/dhcp/ping-check.xml.i>
                   #include <include/generic-description.xml.i>
                   #include <include/generic-disable-node.xml.i>
+                  <node name="dynamic-dns-update">
+                    <properties>
+                      <help>Dynamically update Domain Name System (RFC4702)</help>
+                    </properties>
+                    <children>
+                      #include <include/dhcp/ddns-settings.xml.i>
+                    </children>
+                  </node>
                   <leafNode name="exclude">
                     <properties>
                       <help>IP address to exclude from DHCP lease range</help>
@@ -211,18 +328,7 @@
                       #include <include/dhcp/option-v4.xml.i>
                       #include <include/generic-description.xml.i>
                       #include <include/generic-disable-node.xml.i>
-                      <leafNode name="ip-address">
-                        <properties>
-                          <help>Fixed IP address of static mapping</help>
-                          <valueHelp>
-                            <format>ipv4</format>
-                            <description>IPv4 address used in static mapping</description>
-                          </valueHelp>
-                          <constraint>
-                            <validator name="ipv4-address"/>
-                          </constraint>
-                        </properties>
-                      </leafNode>
+                      #include <include/ip-address.xml.i>
                       #include <include/interface/mac.xml.i>
                       #include <include/interface/duid.xml.i>
                     </children>
diff --git a/interface-definitions/service_ids_ddos-protection.xml.in b/interface-definitions/service_ids_ddos-protection.xml.in
deleted file mode 100644
index 3ef2640b3..000000000
--- a/interface-definitions/service_ids_ddos-protection.xml.in
+++ /dev/null
@@ -1,167 +0,0 @@
-<?xml version="1.0"?>
-<interfaceDefinition>
-  <node name="service">
-    <children>
-      <node name="ids">
-        <properties>
-          <help>Intrusion Detection System</help>
-        </properties>
-        <children>
-          <node name="ddos-protection" owner="${vyos_conf_scripts_dir}/service_ids_ddos-protection.py">
-            <properties>
-              <help>FastNetMon detection and protection parameters</help>
-              <priority>731</priority>
-            </properties>
-            <children>
-              <leafNode name="alert-script">
-                <properties>
-                  <help>Path to fastnetmon alert script</help>
-                </properties>
-              </leafNode>
-              <leafNode name="ban-time">
-                <properties>
-                  <help>How long we should keep an IP in blocked state</help>
-                  <valueHelp>
-                    <format>u32:1-4294967294</format>
-                    <description>Time in seconds</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="numeric" argument="--range 1-4294967294"/>
-                  </constraint>
-                </properties>
-                <defaultValue>1900</defaultValue>
-              </leafNode>
-              <leafNode name="direction">
-                <properties>
-                  <help>Direction for processing traffic</help>
-                  <completionHelp>
-                    <list>in out</list>
-                  </completionHelp>
-                  <constraint>
-                    <regex>(in|out)</regex>
-                  </constraint>
-                  <multi/>
-                </properties>
-              </leafNode>
-              <leafNode name="excluded-network">
-                <properties>
-                  <help>Specify IPv4 and IPv6 networks which are going to be excluded from protection</help>
-                  <valueHelp>
-                    <format>ipv4net</format>
-                    <description>IPv4 prefix(es) to exclude</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>ipv6net</format>
-                    <description>IPv6 prefix(es) to exclude</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="ipv4-prefix"/>
-                    <validator name="ipv6-prefix"/>
-                  </constraint>
-                  <multi/>
-                </properties>
-              </leafNode>
-              <leafNode name="listen-interface">
-                <properties>
-                  <help>Listen interface for mirroring traffic</help>
-                  <completionHelp>
-                    <script>${vyos_completion_dir}/list_interfaces</script>
-                  </completionHelp>
-                  <multi/>
-                </properties>
-              </leafNode>
-              <leafNode name="mode">
-                <properties>
-                  <help>Traffic capture mode</help>
-                  <completionHelp>
-                    <list>mirror sflow</list>
-                  </completionHelp>
-                  <valueHelp>
-                    <format>mirror</format>
-                    <description>Listen to mirrored traffic</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>sflow</format>
-                    <description>Capture sFlow flows</description>
-                  </valueHelp>
-                  <constraint>
-                    <regex>(mirror|sflow)</regex>
-                  </constraint>
-                </properties>
-              </leafNode>
-              <node name="sflow">
-                <properties>
-                  <help>Sflow settings</help>
-                </properties>
-                <children>
-                  #include <include/listen-address-ipv4-single.xml.i>
-                  #include <include/port-number.xml.i>
-                  <leafNode name="port">
-                    <defaultValue>6343</defaultValue>
-                  </leafNode>
-                </children>
-              </node>
-              <leafNode name="network">
-                <properties>
-                  <help>Specify IPv4 and IPv6 networks which belong to you</help>
-                  <valueHelp>
-                    <format>ipv4net</format>
-                    <description>Your IPv4 prefix(es)</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>ipv6net</format>
-                    <description>Your IPv6 prefix(es)</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="ipv4-prefix"/>
-                    <validator name="ipv6-prefix"/>
-                  </constraint>
-                  <multi/>
-                </properties>
-              </leafNode>
-              <node name="threshold">
-                <properties>
-                  <help>Attack limits thresholds</help>
-                </properties>
-                <children>
-                  <node name="general">
-                    <properties>
-                      <help>General threshold</help>
-                    </properties>
-                    <children>
-                      #include <include/ids/threshold.xml.i>
-                    </children>
-                  </node>
-                  <node name="tcp">
-                    <properties>
-                      <help>TCP threshold</help>
-                    </properties>
-                    <children>
-                      #include <include/ids/threshold.xml.i>
-                    </children>
-                  </node>
-                  <node name="udp">
-                    <properties>
-                      <help>UDP threshold</help>
-                    </properties>
-                    <children>
-                      #include <include/ids/threshold.xml.i>
-                    </children>
-                  </node>
-                  <node name="icmp">
-                    <properties>
-                      <help>ICMP threshold</help>
-                    </properties>
-                    <children>
-                      #include <include/ids/threshold.xml.i>
-                    </children>
-                  </node>
-                </children>
-              </node>
-            </children>
-          </node>
-        </children>
-      </node>
-    </children>
-  </node>
-</interfaceDefinition>
diff --git a/interface-definitions/service_ipoe-server.xml.in b/interface-definitions/service_ipoe-server.xml.in
index 6cc4471af..fe9d32bbd 100644
--- a/interface-definitions/service_ipoe-server.xml.in
+++ b/interface-definitions/service_ipoe-server.xml.in
@@ -70,18 +70,7 @@
                           <constraintErrorMessage>VLAN IDs need to be in range 1-4094</constraintErrorMessage>
                         </properties>
                       </leafNode>
-                      <leafNode name="static-ip">
-                        <properties>
-                          <help>Static client IP address</help>
-                          <valueHelp>
-                            <format>ipv4</format>
-                            <description>IPv4 address</description>
-                          </valueHelp>
-                          <constraint>
-                            <validator name="ipv4-address"/>
-                          </constraint>
-                        </properties>
-                      </leafNode>
+                      #include <include/ip-address.xml.i>
                     </children>
                   </tagNode>
                 </children>
diff --git a/interface-definitions/service_lldp.xml.in b/interface-definitions/service_lldp.xml.in
index 51a9f9cce..a189cc13b 100644
--- a/interface-definitions/service_lldp.xml.in
+++ b/interface-definitions/service_lldp.xml.in
@@ -29,7 +29,34 @@
               </constraint>
             </properties>
             <children>
-              #include <include/generic-disable-node.xml.i>
+              <leafNode name="mode">
+                <properties>
+                  <help>Set LLDP receive/transmit operation mode of this interface</help>
+                  <completionHelp>
+                    <list>disable rx-tx tx rx</list>
+                  </completionHelp>
+                  <valueHelp>
+                    <format>disable</format>
+                    <description>Do not process or send LLDP messages</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>rx-tx</format>
+                    <description>Send and process LLDP messages</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>rx</format>
+                    <description>Process incoming LLDP messages</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>tx</format>
+                    <description>Send LLDP messages</description>
+                  </valueHelp>
+                  <constraint>
+                    <regex>(disable|rx-tx|tx|rx)</regex>
+                  </constraint>
+                </properties>
+                <defaultValue>rx-tx</defaultValue>
+              </leafNode>
               <node name="location">
                 <properties>
                   <help>LLDP-MED location data</help>
diff --git a/interface-definitions/service_router-advert.xml.in b/interface-definitions/service_router-advert.xml.in
index 3fd33540a..7f96cdb19 100644
--- a/interface-definitions/service_router-advert.xml.in
+++ b/interface-definitions/service_router-advert.xml.in
@@ -255,6 +255,19 @@
                   </leafNode>
                 </children>
               </tagNode>
+              <leafNode name="auto-ignore">
+                <properties>
+                  <help>IPv6 prefix to be excluded in Router Advertisements (RAs) - use in conjunction with the ::/64 wildcard prefix</help>
+                  <valueHelp>
+                    <format>ipv6net</format>
+                    <description>IPv6 prefix to be excluded</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="ipv6-prefix"/>
+                  </constraint>
+                  <multi/>
+                </properties>
+              </leafNode>
               <tagNode name="prefix">
                 <properties>
                   <help>IPv6 prefix to be advertised in Router Advertisements (RAs)</help>
diff --git a/interface-definitions/service_snmp.xml.in b/interface-definitions/service_snmp.xml.in
index f23151ef9..cc21f5b8b 100644
--- a/interface-definitions/service_snmp.xml.in
+++ b/interface-definitions/service_snmp.xml.in
@@ -304,7 +304,6 @@
                   </constraint>
                   <constraintErrorMessage>ID must contain an even number (from 2 to 36) of hex digits</constraintErrorMessage>
                 </properties>
-                <defaultValue></defaultValue>
               </leafNode>
               <tagNode name="group">
                 <properties>
diff --git a/interface-definitions/system_option.xml.in b/interface-definitions/system_option.xml.in
index 638ac1a3d..c0ea958a2 100644
--- a/interface-definitions/system_option.xml.in
+++ b/interface-definitions/system_option.xml.in
@@ -37,7 +37,145 @@
                <help>Kernel boot parameters</help>
              </properties>
              <children>
-               <leafNode name="disable-mitigations">
+              <node name="cpu">
+                <properties>
+                  <help>CPU settings</help>
+                </properties>
+                <children>
+                  <leafNode name="disable-nmi-watchdog">
+                    <properties>
+                      <help>Disable the NMI watchdog for detecting hard CPU lockups</help>
+                      <valueless/>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="isolate-cpus">
+                    <properties>
+                      <help>Isolate specified CPUs from the scheduler</help>
+                      <valueHelp>
+                        <format>u32:0-511</format>
+                        <description>CPU core</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>&lt;start-end&gt;</format>
+                        <description>CPU core range (examples: "1", "4-7", "1,2-5,7")</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="cpu"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="nohz-full">
+                    <properties>
+                      <help>Enable full tickless mode for specified CPUs</help>
+                      <valueHelp>
+                        <format>u32:0-511</format>
+                        <description>CPU core</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>&lt;start-end&gt;</format>
+                        <description>CPU core range (examples: "1", "4-7", "1,2-5,7")</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="cpu"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="rcu-no-cbs">
+                    <properties>
+                      <help>Offload Read-Copy-Update (RCU) callback processing to specified CPUs</help>
+                      <valueHelp>
+                        <format>u32:0-511</format>
+                        <description>CPU core</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>&lt;start-end&gt;</format>
+                        <description>CPU core range (examples: "1", "4-7", "1,2-5,7")</description>
+                      </valueHelp>
+                      <constraint>
+                        <validator name="cpu"/>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+              <node name="memory">
+                <properties>
+                  <help>Memory settings</help>
+                </properties>
+                <children>
+                  <leafNode name="disable-numa-balancing">
+                    <properties>
+                      <help>Disable automatic NUMA memory balancing</help>
+                      <valueless/>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="default-hugepage-size">
+                    <properties>
+                      <help>Set default hugepage size (e.g., 2M, 1G)</help>
+                      <completionHelp>
+                        <list>2M 1G</list>
+                      </completionHelp>
+                      <valueHelp>
+                        <format>2M</format>
+                        <description>2 megabytes</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>1G</format>
+                        <description>1 gigabyte</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>(2M|1G)</regex>
+                      </constraint>
+                    </properties>
+                  </leafNode>
+                  <tagNode name="hugepage-size">
+                    <properties>
+                      <help>Set hugepage size for allocation (e.g., 2M, 1G)</help>
+                      <completionHelp>
+                        <list>2M 1G</list>
+                      </completionHelp>
+                      <valueHelp>
+                        <format>2M</format>
+                        <description>2 megabytes</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>1G</format>
+                        <description>1 gigabyte</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>(2M|1G)</regex>
+                      </constraint>
+                    </properties>
+                    <children>
+                      <leafNode name="hugepage-count">
+                        <properties>
+                          <help>Allocate number of hugepages for system use</help>
+                          <valueHelp>
+                            <format>u32</format>
+                            <description>Number of hugepages</description>
+                          </valueHelp>
+                          <constraint>
+                            <validator name="numeric" argument="--range 1-100000"/>
+                          </constraint>
+                        </properties>
+                      </leafNode>
+                    </children>
+                  </tagNode>
+                </children>
+              </node>
+              <leafNode name="disable-hpet">
+                 <properties>
+                   <help>Disable High Precision Event Timer (HPET)</help>
+                   <valueless/>
+                 </properties>
+               </leafNode>
+              <leafNode name="disable-mce">
+                 <properties>
+                   <help>Disable Machine Check Exceptions (MCE) reporting and handling</help>
+                   <valueless/>
+                 </properties>
+               </leafNode>
+              <leafNode name="disable-mitigations">
                  <properties>
                    <help>Disable all optional CPU mitigations</help>
                    <valueless/>
@@ -69,6 +207,18 @@
                   </valueHelp>
                 </properties>
               </leafNode>
+              <leafNode name="disable-softlockup">
+                <properties>
+                  <help>Disable soft lockup detector for kernel threads</help>
+                  <valueless/>
+                </properties>
+              </leafNode>
+              <leafNode name="quiet">
+                <properties>
+                  <help>Disable most log messages</help>
+                  <valueless/>
+                </properties>
+              </leafNode>
               <node name="debug">
                 <properties>
                   <help>Dynamic debugging for kernel module</help>
diff --git a/interface-definitions/system_syslog.xml.in b/interface-definitions/system_syslog.xml.in
index 0a9a00572..116cbde73 100644
--- a/interface-definitions/system_syslog.xml.in
+++ b/interface-definitions/system_syslog.xml.in
@@ -8,28 +8,17 @@
           <priority>400</priority>
         </properties>
         <children>
-          <tagNode name="user">
+          <node name="console">
             <properties>
-              <help>Logging to specific terminal of given user</help>
-              <completionHelp>
-                <path>system login user</path>
-              </completionHelp>
-              <valueHelp>
-                <format>txt</format>
-                <description>Local user account</description>
-              </valueHelp>
-              <constraint>
-                #include <include/constraint/login-username.xml.i>
-              </constraint>
-              <constraintErrorMessage>illegal characters in user</constraintErrorMessage>
+              <help>Log to system console (/dev/console)</help>
             </properties>
             <children>
               #include <include/syslog-facility.xml.i>
             </children>
-          </tagNode>
-          <tagNode name="host">
+          </node>
+          <tagNode name="remote">
             <properties>
-              <help>Logging to remote host</help>
+              <help>Log to remote host</help>
               <constraint>
                 <validator name="ip-address"/>
                 <validator name="fqdn"/>
@@ -49,11 +38,6 @@
               </valueHelp>
             </properties>
             <children>
-              #include <include/port-number.xml.i>
-              <leafNode name="port">
-                <defaultValue>514</defaultValue>
-              </leafNode>
-              #include <include/protocol-tcp-udp.xml.i>
               #include <include/syslog-facility.xml.i>
               <node name="format">
                 <properties>
@@ -62,98 +46,63 @@
                 <children>
                   <leafNode name="octet-counted">
                     <properties>
-                      <help>Allows for the transmission of all characters inside a syslog message</help>
+                      <help>Allows for the transmission of multi-line messages (TCP only)</help>
                       <valueless/>
                     </properties>
                   </leafNode>
                   <leafNode name="include-timezone">
                     <properties>
-                      <help>Include system timezone in syslog message</help>
+                      <help>Use RFC 5424 format (with RFC 3339 timestamp and timezone)</help>
                       <valueless/>
                     </properties>
                   </leafNode>
                 </children>
               </node>
+              #include <include/port-number.xml.i>
+              <leafNode name="port">
+                <defaultValue>514</defaultValue>
+              </leafNode>
+              #include <include/protocol-tcp-udp.xml.i>
+              #include <include/source-address-ipv4-ipv6.xml.i>
+              #include <include/interface/vrf.xml.i>
             </children>
           </tagNode>
-          <node name="global">
+          <node name="local">
             <properties>
-              <help>Logging to system standard location</help>
+              <help>Log to standard system location /var/log/messages</help>
             </properties>
             <children>
               #include <include/syslog-facility.xml.i>
-              <node name="marker">
-                <properties>
-                  <help>mark messages sent to syslog</help>
-                </properties>
-                <children>
-                  <leafNode name="interval">
-                    <properties>
-                      <help>time interval how often a mark message is being sent in seconds</help>
-                      <constraint>
-                        <validator name="numeric" argument="--positive"/>
-                      </constraint>
-                    </properties>
-                    <defaultValue>1200</defaultValue>
-                  </leafNode>
-                </children>
-              </node>
-              <leafNode name="preserve-fqdn">
-                <properties>
-                  <help>uses FQDN for logging</help>
-                  <valueless/>
-                </properties>
-              </leafNode>
             </children>
           </node>
-          <tagNode name="file">
+          <node name="marker">
             <properties>
-              <help>Logging to a file</help>
-              <constraint>
-                <regex>[a-zA-Z0-9\-_.]{1,255}</regex>
-              </constraint>
-              <constraintErrorMessage>illegal characters in filename or filename longer than 255 characters</constraintErrorMessage>
+              <help>Mark messages sent to syslog</help>
             </properties>
             <children>
-              <node name="archive">
+              #include <include/generic-disable-node.xml.i>
+              <leafNode name="interval">
                 <properties>
-                  <help>Log file size and rotation characteristics</help>
+                  <help>Mark message interval</help>
+                  <valueHelp>
+                    <format>u32:1-65535</format>
+                    <description>Time in seconds</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 1-65535"/>
+                  </constraint>
+                  <constraintErrorMessage>Port number must be in range 1 to 65535</constraintErrorMessage>
                 </properties>
-                <children>
-                  <leafNode name="file">
-                    <properties>
-                      <help>Number of saved files</help>
-                      <constraint>
-                        <regex>[0-9]+</regex>
-                      </constraint>
-                      <constraintErrorMessage>illegal characters in number of files</constraintErrorMessage>
-                    </properties>
-                    <defaultValue>5</defaultValue>
-                  </leafNode>
-                  <leafNode name="size">
-                    <properties>
-                      <help>Size of log files in kbytes</help>
-                      <constraint>
-                        <regex>[0-9]+</regex>
-                      </constraint>
-                      <constraintErrorMessage>illegal characters in size</constraintErrorMessage>
-                    </properties>
-                    <defaultValue>256</defaultValue>
-                  </leafNode>
-                </children>
-              </node>
-              #include <include/syslog-facility.xml.i>
+                <defaultValue>1200</defaultValue>
+              </leafNode>
             </children>
-          </tagNode>
-          <node name="console">
+          </node>
+          <leafNode name="preserve-fqdn">
             <properties>
-              <help>logging to serial console</help>
+              <help>Always include domain portion in hostname</help>
+              <valueless/>
             </properties>
-            <children>
-              #include <include/syslog-facility.xml.i>
-            </children>
-          </node>
-          #include <include/interface/vrf.xml.i>
+          </leafNode>
         </children>
       </node>
     </children>
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
index 0cf526fad..873a4f882 100644
--- a/interface-definitions/vpn_ipsec.xml.in
+++ b/interface-definitions/vpn_ipsec.xml.in
@@ -1244,6 +1244,63 @@
                     <children>
                       #include <include/ipsec/bind.xml.i>
                       #include <include/ipsec/esp-group.xml.i>
+                      <node name="traffic-selector">
+                        <properties>
+                          <help>Traffic-selectors parameters</help>
+                        </properties>
+                        <children>
+                          <node name="local">
+                            <properties>
+                              <help>Local parameters for interesting traffic</help>
+                            </properties>
+                            <children>
+                              <leafNode name="prefix">
+                                <properties>
+                                  <help>Local IPv4 or IPv6 prefix</help>
+                                  <valueHelp>
+                                    <format>ipv4net</format>
+                                    <description>Local IPv4 prefix</description>
+                                  </valueHelp>
+                                  <valueHelp>
+                                    <format>ipv6net</format>
+                                    <description>Local IPv6 prefix</description>
+                                  </valueHelp>
+                                  <constraint>
+                                    <validator name="ipv4-prefix"/>
+                                    <validator name="ipv6-prefix"/>
+                                  </constraint>
+                                  <multi/>
+                                </properties>
+                              </leafNode>
+                            </children>
+                          </node>
+                          <node name="remote">
+                            <properties>
+                              <help>Remote parameters for interesting traffic</help>
+                            </properties>
+                            <children>
+                              <leafNode name="prefix">
+                                <properties>
+                                  <help>Remote IPv4 or IPv6 prefix</help>
+                                  <valueHelp>
+                                    <format>ipv4net</format>
+                                    <description>Remote IPv4 prefix</description>
+                                  </valueHelp>
+                                  <valueHelp>
+                                    <format>ipv6net</format>
+                                    <description>Remote IPv6 prefix</description>
+                                  </valueHelp>
+                                  <constraint>
+                                    <validator name="ipv4-prefix"/>
+                                    <validator name="ipv6-prefix"/>
+                                  </constraint>
+                                  <multi/>
+                                </properties>
+                              </leafNode>
+                            </children>
+                          </node>
+                        </children>
+                      </node>
                     </children>
                   </node>
                 </children>