Re: [netmod] Question about acl-type in draft-ietf-netmod-acl-model-08
Dean Bogdanovic <ivandean@gmail.com> Mon, 22 August 2016 09:38 UTC
Return-Path: <ivandean@gmail.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7AE7C12B049 for <netmod@ietfa.amsl.com>; Mon, 22 Aug 2016 02:38:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.09
X-Spam-Level:
X-Spam-Status: No, score=-0.09 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qdKHnAvpnzbZ for <netmod@ietfa.amsl.com>; Mon, 22 Aug 2016 02:38:39 -0700 (PDT)
Received: from mail-qk0-x229.google.com (mail-qk0-x229.google.com [IPv6:2607:f8b0:400d:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8452712B044 for <netmod@ietf.org>; Mon, 22 Aug 2016 02:38:39 -0700 (PDT)
Received: by mail-qk0-x229.google.com with SMTP id z190so80358188qkc.0 for <netmod@ietf.org>; Mon, 22 Aug 2016 02:38:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc:message-id:references :to; bh=EMRBAX1eLznOVgUrAcl1bITgbkoMhXjhKjPLjb4898I=; b=vyy5eSF3xlOFWD1g6xTUBXnz8nPDdWZaRr1tx2SNybE+QCcFjuBMYpYelFN0DONQSP EXwlrYflmBWxcnpN0OCleHsIPeoSDpHBCmXLu4hH6IsgTuChuu8u+3uuHHi7UBaoDtFa DvFQyn24joiX/iUYAV0E/8b6SYH7d6kxGM7pyQBNEWpZt9mw5tGonvRS/5TfOBFbPt1j 3DluzuajmpWoTlbGfG95AOn6G/I66TTYdRsHON6zjpzSI09F9by7SaK6S728TjF4aadI vykJdaisXJvfY3D+0/5ZZJU75t0uJbXMM4LKkq9ooiP1dvL8MHqlXSAmpXM1WU5FpXBO oLGg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=EMRBAX1eLznOVgUrAcl1bITgbkoMhXjhKjPLjb4898I=; b=F4ljl6mNs5htk6uT+Qtm33QBLTR7wtB7B4OIPlbcG65gMXBmRb3JyVwI1Mz0p/GvYc 8FAOY5piEN9zgTmznQdrx+lUEXrUwan58QAKzPgD2wSvlc+mF/FDkHOUzDkj3FlHbfYQ hGpwXQWUfQgpO3h99FwADAfL9llY7T6mcLObLkuxV/yxoK37m7rFxYPWWYqX1PWFeFg0 qLm3VKWnM00IhaHcIF7eoyrLd0ZdzJJko5xijoU1bQjm5wLRIRQTxaq9G6GjirnfjExH 0+OFUzJtrLceqeft7EgSIaCxuCWrU6qBkHMhN5IXfM/1yXiwlMq92Zmp4jeM8QJ+jpl+ 2vyg==
X-Gm-Message-State: AE9vXwN5r94vPdwAsUlucd5TtCENEArrddPj8zxFnp9EP73GrLCcCb03A8x29jZh7x5BFg==
X-Received: by 10.55.56.141 with SMTP id f135mr8212479qka.73.1471858718583; Mon, 22 Aug 2016 02:38:38 -0700 (PDT)
Received: from [10.0.1.12] (c-75-68-179-118.hsd1.ma.comcast.net. [75.68.179.118]) by smtp.gmail.com with ESMTPSA id r100sm10704630qkh.10.2016.08.22.02.38.36 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 22 Aug 2016 02:38:38 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_2789972B-285B-41DD-96BB-4A5FA48157C7"
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
From: Dean Bogdanovic <ivandean@gmail.com>
In-Reply-To: <7F859F89F9B4DD4DB902232F9E2DAC083873C373@ESGSCMB103.ericsson.se>
Date: Mon, 22 Aug 2016 05:38:35 -0400
Message-Id: <B4BF42A6-9642-457D-9CA6-B22B3303A3FD@gmail.com>
References: <7F859F89F9B4DD4DB902232F9E2DAC083873C373@ESGSCMB103.ericsson.se>
To: Adrian Pan <adrian.pan@ericsson.com>
X-Mailer: Apple Mail (2.3112)
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/DvjmdIZt5S1U_QvGuPNCv46YkWM>
Cc: "kkoushik@cisco.com" <kkoushik@cisco.com>, netmod WG <netmod@ietf.org>
Subject: Re: [netmod] Question about acl-type in draft-ietf-netmod-acl-model-08
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Aug 2016 09:38:41 -0000
(+netmod mailing list) Adrian, Please see inline > On Aug 22, 2016, at 2:27 AM, Adrian Pan <adrian.pan@ericsson.com> wrote: > > Dear authors, > > I have some questions about ietf acl model as below, your reply is appreciated. > > 1) In the model definition acl-type is one key of the acl, also in the description it says that the acl-type could be ethernet, IPv4, IPv6, mixed, in case the acl-type is mixed, what’s the identifier should be? > Should it be augmented by different vendor? Since I don’t see the definition about it. As mixed ACLs are not supported by all vendors, those are not part of the standard model. Iit is up to the vendor to augment the ace-type and select an identifier to their liking. > 2) In the “mix” case, the “matches” the ace list can be the combination of Ethernet,ipv4,ipv6 for different ace, right? Or another combination, again depends on what that particular vendor supports. > 3) With the model definition, even the acl-type is configured as Ethernet, the operator still can configure the matches of ace under the acl as ipv4 or ipv6, right? No, if ACL type is ethernet, then all ACEs are expected to be ethernet. > is this the model design intention? If acl-type is of one family, then only ace with match condition from that family are expected to be in the acl. If you want to combine them, please use mixed type. Dean > module: ietf-access-control-list > +--rw access-lists > +--rw acl* [acl-type acl-name] > +--rw acl-name string > +--rw acl-type acl-type > +--ro acl-oper-data > +--rw access-list-entries > +--rw ace* [rule-name] > +--rw rule-name string > +--rw matches > | +--rw (ace-type)? > > leaf acl-type { > > type acl-type; > > description > > "Type of access control list. Indicates the primary intended > > type of match criteria (e.g. ethernet, IPv4, IPv6, mixed, etc) > > used in the list instance."; > > } > > > Thanks > Adrian
- Re: [netmod] Question about acl-type in draft-iet… Dean Bogdanovic
- Re: [netmod] Question about acl-type in draft-iet… Adrian Pan
- Re: [netmod] Question about acl-type in draft-iet… Sam Aldrin
- Re: [netmod] Question about acl-type in draft-iet… Jeff Tantsura