Re: [netmod] WG Last Call: draft-ietf-netmod-acl-model-14
Sonal Agarwal <sagarwal12@gmail.com> Thu, 14 December 2017 08:21 UTC
Return-Path: <sagarwal12@gmail.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 242AE12708C for <netmod@ietfa.amsl.com>; Thu, 14 Dec 2017 00:21:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.748
X-Spam-Level:
X-Spam-Status: No, score=-0.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lKNG3YX8rpZn for <netmod@ietfa.amsl.com>; Thu, 14 Dec 2017 00:21:48 -0800 (PST)
Received: from mail-qt0-x22b.google.com (mail-qt0-x22b.google.com [IPv6:2607:f8b0:400d:c0d::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40AB5126E64 for <netmod@ietf.org>; Thu, 14 Dec 2017 00:21:48 -0800 (PST)
Received: by mail-qt0-x22b.google.com with SMTP id f2so6986572qtj.4 for <netmod@ietf.org>; Thu, 14 Dec 2017 00:21:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=rcehV3kulOI3gnRuXNsXaDUJR9lLst9HYCO/RBHnPVM=; b=f2aTehkfUnh8tzlR/mmH43ETl9iG8VefF1RLItBx9JXqk0jGqYGtiTGjxvpRX9FzCJ RTLfdo/zLu5BRE4NI41nWvAQ36Ner3sDqWzPWznrClFup3IcaSzrlgvX6AvSWUtYur+i nBIdt25JARnRb+QCONwpUI6ZSx1/0SmFoEfGaD8fN0qbzAEyCZTHONXqstRuWp+oJDt6 HCsCkTd+NVdTv1RfKctLwWxv7GNfXSXPJBV6AhxsJfJisJi41TBl1wnssz1kfKoXrdQ+ iILBraIN8oqa8XyaUvJnt8lfQHb65O+mbecQ8iD5rE8jC4cBaYTVvH7kRa6R0Vwj26Yq mIlA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=rcehV3kulOI3gnRuXNsXaDUJR9lLst9HYCO/RBHnPVM=; b=mW4jaWvUN+y/Cnw5Rhtv8D6g/hN1rXnfRSsjwQ5j/bBuGCE0VDUoyBHpSimuAYwCNL LSKkQS2APY6jRMAWJbTxB1kk3PHQF+F8D2KI7cQ8OLCBa3KurnN6dFy6MxKaUE5KOEQx puEA4GObCbiFb6SUSDkUlzTaFPnN4CiTUeY1+GVPu+kgeXtrcdvu2zmcSgMvIInvnXvx 79ihY2s85cwxVvWG4ZpByp2CZa2UiddAXhoAx7f09BQ0r8O1CaMsrNF2VhoNJ4pQAwx6 zBzoifxK2D8Ntx6vzbaFuVC/ccsU/4hFCwIqtJmfclgaoKttD4SSXf4Nc2A8w0znxlmb t/qg==
X-Gm-Message-State: AKGB3mI2UNF+iEj1KIsPI+TVRa/x4reQaft1xeO5tIMEtKd//Tf7qPVK ynkhWzoiLnpSxdDBAUAWbJ3WnYb89F0StpSiT84=
X-Google-Smtp-Source: ACJfBouBlUeUYnFTO2+tj08tpvG7mkxeRlO4fXPU0MAjRPJAl4SmytKQm492rvkrBGn4py0z9dTVIK07XwfoUkGotTk=
X-Received: by 10.200.54.236 with SMTP id b41mr16105114qtc.280.1513239707411; Thu, 14 Dec 2017 00:21:47 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.109.139 with HTTP; Thu, 14 Dec 2017 00:21:46 -0800 (PST)
In-Reply-To: <2C381B09-15D6-417D-A70D-7C6818306FFC@gmail.com>
References: <20171102074318.GC12688@spritelink.se> <6359CD50-0F0D-4315-A58B-1D4CF0583475@gmail.com> <ac9fc676-80f7-723d-9a85-c99fbb122476@cisco.com> <20171102.132634.1363976895007772742.mbj@tail-f.com> <c90aa6c1-340e-2225-f960-73c1395041c5@cisco.com> <20171102164149.GD12688@spritelink.se> <6d6a1b2a-23f8-8bff-a01e-6d13cc73d92f@cisco.com> <20171103084231.GE12688@spritelink.se> <B63D5700-C13B-4D2D-9439-0E4471906374@gmail.com> <a75cf59c-7f5e-0b3b-0ace-ec9be9f67116@cisco.com> <37FA28D8-6799-491C-94CB-04237766E4D3@cisco.com> <2C381B09-15D6-417D-A70D-7C6818306FFC@gmail.com>
From: Sonal Agarwal <sagarwal12@gmail.com>
Date: Thu, 14 Dec 2017 00:21:46 -0800
Message-ID: <CAMMHi8ge4cbrVgRK8=xtJLNYCG1+p+Jh6pFeCy9sEMZP674FHQ@mail.gmail.com>
To: Mahesh Jethanandani <mjethanandani@gmail.com>
Cc: "Einar Nilsen-Nygaard (einarnn)" <einarnn@cisco.com>, "netmod@ietf.org" <netmod@ietf.org>
Content-Type: multipart/alternative; boundary="001a113d07583867d10560489356"
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/DQGmXjkUqfyhXIcP_mbItcofyBE>
Subject: Re: [netmod] WG Last Call: draft-ietf-netmod-acl-model-14
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Dec 2017 08:21:50 -0000
Hi Einar, You had 3 questions for me on all the several e-mail threads. 1. Global attachment point 2. icmp-off 3. acl-aggregate-interface stats. For (1), my first preference is to have the model define attachment point for interfaces only. However, Kristian wants the global attachment point as well so that he can add the ACL to the linux tables. If an ACL is attached globally, does this mean it is per direction or does it mean it is across directions? This global ACL may not be applicable to any of Cisco's service provider routers as I don't see any platform actually replicating the ACL to all line cards and attaching it in ingress and egress directions across all interfaces. For (2), I am ok with removing icmp-off. For (3), this would have to be a combination of ACL stats across all interfaces for all ACL's. Something like this is possible on an XR box where ACES have counter names associated with it. Let's chat about this offline tomorrow. Sonal. On Wed, Dec 13, 2017 at 12:10 PM, Mahesh Jethanandani < mjethanandani@gmail.com> wrote: > We want to support “global” attachment point down the line, and that > “global” attachment point will be one of the choices (the other being the > interface), what would this augment look like. Note, as far as I know, you > cannot augment inside a choice node. > > On Dec 13, 2017, at 6:57 AM, Einar Nilsen-Nygaard (einarnn) < > einarnn@cisco.com> wrote: > > Perhaps like this, as an augmentation to the interface: > > augment /if:interfaces/if:interface: > +--rw ingress-acls > | +--rw acl-sets > | +--rw acl-set* [name] > | +--rw name -> /access-lists/acl/name > | +--rw type? -> /access-lists/acl/type > | +--ro ace-statistics* [name] {interface-stats}? > | +--ro name -> /access-lists/acl/aces/ace/ > name > | +--ro matched-packets? yang:counter64 > | +--ro matched-octets? yang:counter64 > +--rw egress-acls > +--rw acl-sets > +--rw acl-set* [name] > +--rw name -> /access-lists/acl/name > +--rw type? -> /access-lists/acl/type > +--ro ace-statistics* [name] {interface-stats}? > +--ro name -> /access-lists/acl/aces/ace/ > name > +--ro matched-packets? yang:counter64 > +--ro matched-octets? yang:counter64 > > > Could also put an “aces” container above both these & rename > “ingress-acls" to “ingress”, etc. to give a single root for the > augmentation if preferred. > > Cheers, > > Einar > > > On 6 Dec 2017, at 19:43, Eliot Lear <lear@cisco.com> wrote: > > > > On 12/6/17 7:23 PM, Mahesh Jethanandani wrote: > > How does one move the interface attachment point, currently an > 'interface-ref', to an augmentation of the if:interfaces/interface, > inside of the ‘acl’ container? Down the line we might need to have an > container for "attachment points" to accommodate the possibility of > attaching an ACL either to an interface or “globally”. > > > Keeping in mind that one use is that an ACL doesn't attach to an > interface at all. > > _______________________________________________ > netmod mailing list > netmod@ietf.org > https://www.ietf.org/mailman/listinfo/netmod > > > > Mahesh Jethanandani > mjethanandani@gmail.com > > > _______________________________________________ > netmod mailing list > netmod@ietf.org > https://www.ietf.org/mailman/listinfo/netmod > >
- [netmod] WG Last Call: draft-ietf-netmod-acl-mode… Kent Watsen
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Mahesh Jethanandani
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Eliot Lear
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Kent Watsen
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Eliot Lear
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Sonal Agarwal
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Acee Lindem (acee)
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Mahesh Jethanandani
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Acee Lindem (acee)
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Martin Bjorklund
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Einar Nilsen-Nygaard (einarnn)
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Kristian Larsson
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Eliot Lear
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Kristian Larsson
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Mahesh Jethanandani
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Juergen Schoenwaelder
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Kristian Larsson
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Kristian Larsson
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Mahesh Jethanandani
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Mahesh Jethanandani
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Kristian Larsson
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Juergen Schoenwaelder
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Mahesh Jethanandani
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Dean Bogdanovic
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Robert Wilton
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Martin Bjorklund
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Mahesh Jethanandani
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Robert Wilton
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Kristian Larsson
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Robert Wilton
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Kristian Larsson
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Kristian Larsson
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Kristian Larsson
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Kristian Larsson
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Robert Wilton
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Kristian Larsson
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Robert Wilton
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Mahesh Jethanandani
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Sonal Agarwal
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Sonal Agarwal
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Kent Watsen
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Eliot Lear
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Kristian Larsson
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Kristian Larsson
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Mahesh Jethanandani
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Eliot Lear
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Einar Nilsen-Nygaard (einarnn)
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Eliot Lear
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Mahesh Jethanandani
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Einar Nilsen-Nygaard (einarnn)
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Mahesh Jethanandani
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Einar Nilsen-Nygaard (einarnn)
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Mahesh Jethanandani
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Einar Nilsen-Nygaard (einarnn)
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Thomas Nadeau
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Einar Nilsen-Nygaard (einarnn)
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Sonal Agarwal
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Einar Nilsen-Nygaard (einarnn)
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Einar Nilsen-Nygaard (einarnn)
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Eliot Lear
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Juergen Schoenwaelder
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Eliot Lear
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Einar Nilsen-Nygaard (einarnn)
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Eliot Lear
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Eliot Lear
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Mahesh Jethanandani
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Eliot Lear
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Einar Nilsen-Nygaard (einarnn)
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Mahesh Jethanandani
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Mahesh Jethanandani
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Juergen Schoenwaelder
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Einar Nilsen-Nygaard (einarnn)
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Einar Nilsen-Nygaard (einarnn)
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Eliot Lear
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Mahesh Jethanandani
- Re: [netmod] WG Last Call: draft-ietf-netmod-acl-… Sonal Agarwal