IETF Logo Mail Archive

Re: [netmod] I-D Action: draft-ietf-netmod-acl-model-17.txt

Kent Watsen <kwatsen@juniper.net> Wed, 07 March 2018 21:55 UTC

Return-Path: <kwatsen@juniper.net>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A682712D7EF for <netmod@ietfa.amsl.com>; Wed, 7 Mar 2018 13:55:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Iag9codCPbZH for <netmod@ietfa.amsl.com>; Wed, 7 Mar 2018 13:55:16 -0800 (PST)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC1861205D3 for <netmod@ietf.org>; Wed, 7 Mar 2018 13:55:16 -0800 (PST)
Received: from pps.filterd (m0108156.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w27LtEjV019607; Wed, 7 Mar 2018 13:55:14 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=PPS1017; bh=KIQ3S5HKQeoHtZDE8+oEGwv8buecwM/xjOK0XQyTogg=; b=SpvzsV2NXxHxxkLTkGYcuQw+qOPsUY7fbLqC0QwaVBdxh68CKKqq0KtyEvJZ1nJIB157 v5iDo1ZpJiu0ZjruJjb2CsuzXFLCRjjRHO2FSFGd9DwAiKM1DMlw6RyrX/w7obf2ng/I Bl/iEOsjk+6RXReXlUE7goc/atNZIR1pLDNBWScsFBn1qlSLa0Y4ZBXLKPvzZFEhOORP Ps3R+KzahhIcx9oCjxgSYMQlhQbciomX87egpZfF5TnqS2HMvyZ3GAa2uiRpgwIuRTJ8 ZZAcCv6h9lfFSg+FxOeE3cDvI9/oRliYxiWdtGaQN5KVHzaF0gOI4aO5j97T1/Si/tUh TA==
Received: from nam03-by2-obe.outbound.protection.outlook.com (mail-by2nam03lp0054.outbound.protection.outlook.com [216.32.180.54]) by mx0a-00273201.pphosted.com with ESMTP id 2gjqpdg3fj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 07 Mar 2018 13:55:14 -0800
Received: from DM5PR05MB3484.namprd05.prod.outlook.com (10.174.240.147) by DM5PR05MB2908.namprd05.prod.outlook.com (10.168.176.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.567.6; Wed, 7 Mar 2018 21:55:12 +0000
Received: from DM5PR05MB3484.namprd05.prod.outlook.com ([fe80::d42c:9ad2:ced3:e377]) by DM5PR05MB3484.namprd05.prod.outlook.com ([fe80::d42c:9ad2:ced3:e377%2]) with mapi id 15.20.0567.012; Wed, 7 Mar 2018 21:55:12 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: Mahesh Jethanandani <mjethanandani@gmail.com>, NETMOD WG <netmod@ietf.org>
Thread-Topic: [netmod] I-D Action: draft-ietf-netmod-acl-model-17.txt
Thread-Index: AQHTszzPFGfywEAqkE2girWJpowDfKO/FKsAgAXu+AA=
Date: Wed, 07 Mar 2018 21:55:12 +0000
Message-ID: <18B0636C-36F2-4EF9-B518-04C29D2D3FDD@juniper.net>
References: <152011518004.12021.16209647205835091770@ietfa.amsl.com> <B961C87E-F925-4420-A23E-45BCB6AAA5AC@gmail.com>
In-Reply-To: <B961C87E-F925-4420-A23E-45BCB6AAA5AC@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
x-originating-ip: [66.129.241.14]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR05MB2908; 7:LAVeENw64K1K+DM6W3F6n1Pk+7/rvE7Gt90CZYmw5WTCfoFPjd3R+dnJeFNjgUiWSkwq79mlwiYqIBI0zfV4RH2488sOh/fYCkPFyXUqrtMrM06SnZ562bAF6M8qqkgnzDFZMJTo6MPj2ttwk1qZmjmbKsqmXAamaNYcfIi/nemECv2ez+d39NLLjZaqwlzNXz7kJi3KIxorJk0Wb2/lBW87CfuVAXBxvak4QQTx1dz3u54N5a20EezBr5/M5CDM
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: e768630d-3b14-4776-e4ac-08d584761a66
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:DM5PR05MB2908;
x-ms-traffictypediagnostic: DM5PR05MB2908:
x-microsoft-antispam-prvs: <DM5PR05MB290859AF3066483C3EBAC668A5D80@DM5PR05MB2908.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(10436049006162)(85827821059158)(788757137089);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(3231220)(944501244)(52105095)(10201501046)(6055026)(6041288)(20161123558120)(20161123562045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(6072148)(201708071742011); SRVR:DM5PR05MB2908; BCL:0; PCL:0; RULEID:; SRVR:DM5PR05MB2908;
x-forefront-prvs: 0604AFA86B
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(366004)(346002)(39860400002)(376002)(39380400002)(199004)(57704003)(189003)(51444003)(377424004)(51914003)(58126008)(105586002)(36756003)(3660700001)(102836004)(25786009)(186003)(110136005)(26005)(7736002)(53546011)(6506007)(59450400001)(229853002)(97736004)(83716003)(966005)(305945005)(99286004)(575784001)(86362001)(5250100002)(14454004)(3280700002)(316002)(6246003)(66066001)(3846002)(6116002)(76176011)(106356001)(82746002)(2950100002)(6436002)(2906002)(6486002)(81156014)(53936002)(33656002)(8676002)(2900100001)(39060400002)(68736007)(6512007)(8936002)(5660300001)(81166006)(6306002)(478600001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR05MB2908; H:DM5PR05MB3484.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-microsoft-antispam-message-info: YrU9nY7Mj2oxrfJbPMPSYMWLnbe6hzWtYBuTzALrNjn80VVR5y5UWchPpgcq28JdgyJIcbXoAXdFJFsz0fdYEKoX7f8jk81bGY1i7C/9xLYXwHBy439QMg+TCK6DBY2GOJ0RbxeW/gsy6JT76K0Jqs+L+ybLgoxdgf1PZ9szF8F7N4pDYZLAQ5TJG/P8c8h18oI+xVksUS4Um0icKG6qs8qK/iuJiT+h/lJ4eXhMN+k0QuXgmbO4SjU6a0fQmJlgDJd20mIRC/mAwjW1kHxRWecL8GzpU8E/9D9hc8UbyKVcKYtT0sgn1XW8n6abvl6bBJAzuKgwS6PXxWM5QIa/RQ==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <333A9472D277C246B772114B823ACF72@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: e768630d-3b14-4776-e4ac-08d584761a66
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Mar 2018 21:55:12.6438 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR05MB2908
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-03-07_10:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1803070248
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/2XqrN4fVQ1Cxi73Me5KyVRG1w-4>
Subject: Re: [netmod] I-D Action: draft-ietf-netmod-acl-model-17.txt
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Mar 2018 21:55:20 -0000

[To all those that said this draft was ready, really?]


Hi Mahesh,

Thanks for the update.  I found some more issues.  Some must be fixed, 
others are nits, and might be caught by the RFC Editor.  But I think
that it's embarrassing to receive comments for such things from the 
IESG, as is recently the case for the syslog draft, so please see 
what you can do.

Thanks,
Kent


From Idnits:

  ** There are 6 instances of too long lines in the document, the longest one
     being 7 characters in excess of 72.

  You wrote before that it was "Fixed", but it's still here?  Note: "**" is
  an error (idnits label)

  -- The document has examples using IPv4 documentation addresses according
     to RFC6890, but does not use any IPv6 documentation addresses.  Maybe
     there should be IPv6 examples, too?

  I don't feel strongly about this, but if it's easy enough to do...

In the Abstract:
  - I think the word "an" is missing (e.g., an ACL)

In the Introduction:
  - should "ordered-by-user" be "ordered-by user" to avoid confusion, or perhaps say it another way?
  - what does "a tuple of" mean?  Can this be restated?
  - s/In case vendor supports it/In case a vendor supports it/ ?
  - "The list of X is endless depending on...".  Is "endless" the right word, perhaps restate?
  - same sentence as above, should "networked devices" be "network" or "networking" devices?

In Section 3:
  - "A network system usually have a list of ACLs"  (s/system/systems/ or s/have/has/?)
  - "The match criteria consist of packet header matching" - is consist the right word?
  - "It as also possible for ACE to match on metadata"  s/as/is/ and s/ACE/an ACE/
  - "When applied to interfaces of a networked device, the ACL is applied in a direction
     which indicates if it should be applied to packet entering (input) or leaving the
     device (output)."  - restate to talk about "ingress" and "egress"?
  - "An example in the appendix shows how to express it in YANG model." - either this
    is not true, or the sentence should not be at the end of this paragraph

In Section 3.1:
  - s/and must statements/and 'must' statements/
  - s/define new "matches" choice/define a new "matches" choice/ ?

In Section 4.1:
  - "ietf-access-control-list" is the standard top level module for access lists
      - what does this mean?
  - The "access-lists" container stores a list of "acl". - s/stores/has or contains?/ 
  - "...that can be used to determine which rule was matched upon" - not sure if this
    part is needed, or maybe better restated ", which can later be used to determine..."?
  - s/ability for ACL's to be/ability for ACLs to be/

In Section 4.1 (in the YANG module):
  - A number of identities read "ACL that primarily matches...".  Is "primarily"
    an accurate word? - if so, then do we need to say anything about when it's
    not the case?  Separately, s/ACL/an ACL/?
  - A number of features read "Device can support..." - s/Device/The device/?
  - "It can have one or more Access Control Lists" - lists should be singular.
  - "An Access Control List(ACL)" - put a space before (ACL)
  - " Indicates the primary intended" - here's that word "primary" again...
  - s/a list of access-list-entries(ACE)/ a list of access-list-entry nodes (ACE)/?
  - s/List of access list entries(ACE)/List of access list entry nodes (ACE)/?
      - there is more than one instance of this in the model
  - "../../../../type" - still some long relative XPaths
  - " or referring to a group of source ports" - this isn't there yet.  I think you
    want to say something like "this is a choice so as to support future 'case'
    statements, such as one enabling a group of source ports to be referenced"
  - ditto for "or referring to a group of destination ports."
  - ditto on both of the above for the "udp" container
  - is it possible for both "egress-interface" and "ingress-interface" leafs to 
    be specified at the same time?  - if not, should there a 'must' statement to
    prevent that possibility? - or an explanation for what happens if it occurs?
  - s/The ACL's applied/The ACLs applied/   (this happens more than once in model)

In Section 4.2:
  - references them by "uses" --> references them by 'uses' statements  ???
  - not all your 'reference' statements have the title of the referenced document.
  - "then the datagram must be destroyed" - s/destroyed/dropped/?
  - "or referring to a group of ..."  - same comments as for previous module
  - "ece" is missing a 'reference' statement?  - 
  - "Indicates that the Urgent pointer field is significant" - urgent is
    capitalized, but there's no context as for why.  Perhaps missing a
    reference statement too?
  - in "window-size" leaf description, remove parentheses

In Section 4.3:
  - the text says that it drops traffic from X to Y, but the example seems to do
    the reverse.

In Section 4.4:
  - The "With the follow XML example:" <EXAMPLE> "This represents..." is 
    difficult to read.  How about just having "The following XML example ...:"?
  - does the second example provide any value of the first? - seems the same to me...
  - seems like example 3 could also be expressed as "<lower-port>21</lower-port>",
    right?  - the text at the beginning of the section says this construct is
    possible, but there is no example for it.  Maybe this makes a better ex #2?

In all your YANG modules:
  - replace "NETMOD (NETCONF Data Modeling Language)" with "NETMOD (Network 
    Modeling) Working Group"

In Section ??:
  In the examples, why did you add the "<?xml version="1.0" encoding="UTF-8"?>"
  line and the "config" element?  - the examples validate equally well when
  these are removed.

In Section 6:
  - s/three YANG module/three YANG modules/

In Section 6.1:
  - The first paragraph says "three URI", but it should be "three URIs"

In Section A.1:
  - "The following figure is the tree structure" - should say "tree diagram" and
    should reference the tree-diagrams draft, or else have a draft-wide "Tree
    Diagram Notation" section in the Introduction.
  - s/In other example/In another example/?
  - s/with new choice of actions/with a new choice of actions/?

In Section A.3;
  - some 'reference' statements are missing titles
  - some 'description' statements might benefit from a 'reference' statement
  - "The uint16 type placeholder type..." - is this a typo?


Kent


===== original message ======

This version of the draft addresses comments raised during LC, shepherd review and other comments received during that period.

> On Mar 3, 2018, at 2:13 PM, internet-drafts@ietf.org wrote:
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Network Modeling WG of the IETF.
> 
>        Title           : Network Access Control List (ACL) YANG Data Model
>        Authors         : Mahesh Jethanandani
>                          Lisa Huang
>                          Sonal Agarwal
>                          Dana Blair
> 	Filename        : draft-ietf-netmod-acl-model-17.txt
> 	Pages           : 57
> 	Date            : 2018-03-03
> 
> Abstract:
>   This document defines a data model for Access Control List (ACL).
>   ACL is a ordered-by-user set of rules, used to configure the
>   forwarding behavior in device.  Each rule is used to find a match on
>   a packet, and define actions that will be performed on the packet.
> 
> 
> The IETF datatracker status page for this draft is:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dietf-2Dnetmod-2Dacl-2Dmodel_&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=huBe-BRKk8B5XCRf7lG_gWUwZNr67SAA8GHfgYnyZoc&s=44GJlqxqB0YK5G9gb1TUzAobugMHxDWflaPCZ3IYpKA&e=
> 
> There are also htmlized versions available at:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dietf-2Dnetmod-2Dacl-2Dmodel-2D17&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=huBe-BRKk8B5XCRf7lG_gWUwZNr67SAA8GHfgYnyZoc&s=rbm91SSJ_0sxFxb692d0FH0G-dbBTAUCf2KRySyztJQ&e=
> https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_html_draft-2Dietf-2Dnetmod-2Dacl-2Dmodel-2D17&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=huBe-BRKk8B5XCRf7lG_gWUwZNr67SAA8GHfgYnyZoc&s=siypyBn3F8o6bsB3Z3E5qS0uaSq2EUGUPwirx_a_KDw&e=
> 
> A diff from the previous version is available at:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_rfcdiff-3Furl2-3Ddraft-2Dietf-2Dnetmod-2Dacl-2Dmodel-2D17&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=huBe-BRKk8B5XCRf7lG_gWUwZNr67SAA8GHfgYnyZoc&s=t2lpzSSW72BvQK1VjPoxX0ADxhb9ZD0fp3fXqcd80g8&e=
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> https://urldefense.proofpoint.com/v2/url?u=ftp-3A__ftp.ietf.org_internet-2Ddrafts_&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=huBe-BRKk8B5XCRf7lG_gWUwZNr67SAA8GHfgYnyZoc&s=xP7z9VxUgtOtSVIgqPF5RKIqTOi6wj-HEXvZKBRTiUw&e=
> 
> _______________________________________________
> netmod mailing list
> netmod@ietf.org
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_netmod&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=huBe-BRKk8B5XCRf7lG_gWUwZNr67SAA8GHfgYnyZoc&s=OKIVLXLo0Rsrf1DSoLWSyHj97DuE6vuaJ4Cqk_oi1HA&e=

Mahesh Jethanandani
mjethanandani@gmail.com

_______________________________________________
netmod mailing list
netmod@ietf.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_netmod&d=DwICAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=huBe-BRKk8B5XCRf7lG_gWUwZNr67SAA8GHfgYnyZoc&s=OKIVLXLo0Rsrf1DSoLWSyHj97DuE6vuaJ4Cqk_oi1HA&e=

v2.23.0 | Report a Bug | By Email