IETF Logo Mail Archive

[netmod] Fwd: WG Last Call for draft-ietf-netmod-acl-model-09 (until Oct 27, 2016)

David Bannister <dpb@netflix.com> Tue, 28 March 2017 21:39 UTC

Return-Path: <dbannister@netflix.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B9141294B0 for <netmod@ietfa.amsl.com>; Tue, 28 Mar 2017 14:39:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netflix.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n7SZZok0BbE3 for <netmod@ietfa.amsl.com>; Tue, 28 Mar 2017 14:39:13 -0700 (PDT)
Received: from mail-vk0-x234.google.com (mail-vk0-x234.google.com [IPv6:2607:f8b0:400c:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C0D8126C0F for <netmod@ietf.org>; Tue, 28 Mar 2017 14:39:13 -0700 (PDT)
Received: by mail-vk0-x234.google.com with SMTP id s68so104488438vke.3 for <netmod@ietf.org>; Tue, 28 Mar 2017 14:39:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netflix.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=zjJymy0bK/p3rDAo6Z58YKzQPcJgz/c09fFZwqPeUhA=; b=Nir+o5rRoV85vyPyb7GegcGzQi0HGKikgKqlYz9SgN42BCzNz86miOq35Kwjg9W6/D 0kd7HwzaaJX/V0aDel+4bEJVrA4o0k8u4pnvEv12+qkpWHXUXYk3vPVC44nBiqE4W5Xu hbx7kD3nXpz12cqjIwnvJSBjbxYo4gAt17n1M=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=zjJymy0bK/p3rDAo6Z58YKzQPcJgz/c09fFZwqPeUhA=; b=hNLJ4gyD6yszto60DRBycbsKqdCi74WDR4YdUGDynvnO8CiHwYO4MVQO//keYgDz0Y VmXn1hi2Azmond21kB4lLZOGn2VBX7yFfK8RfrwziH6/HdQetIkJ/ImndNYjqhOXoSy5 His/nGB1cksjZcp8U29ka/X3VhvypzmWL+MNEQsMmMqICEgnsNumDQS/L7jhBXH9Q9bd 9iafPqrUxzkhwvuA4BX+AL0xti9Lqrcfk4CO77LJ+H4fbTZyPaNu8B/ZF5/6MOqqty8a nb5DnmrBBQgqk779Owswct+jiIdZp3PSO4V5vIPFHI5vNb8mmuLW1SvL7Hiy0d3HK37S siJw==
X-Gm-Message-State: AFeK/H2nvVaSPaqeyOXjOyyJwbbYfGKT1dCJ7U7yAjK7idS8bNv/ohHdklGNhUoUDs7GbYhs6DSiVBeY77uuzhnZ
X-Received: by 10.31.140.205 with SMTP id o196mr13794262vkd.7.1490737152017; Tue, 28 Mar 2017 14:39:12 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.31.33.72 with HTTP; Tue, 28 Mar 2017 14:39:11 -0700 (PDT)
In-Reply-To: <CAPhzzaYaDfp8E+Su-HV=RzJRA1nP69S8XBdQyNkxbviVQrLLYg@mail.gmail.com>
References: <D99D54F3-C0D3-471C-81C5-9D534C316B66@juniper.net> <C48CCBEA-3E40-4052-A4C6-84D28E3F11F9@juniper.net> <AACD7EE0-AA45-48F6-8468-99DB7FC96A7C@gmail.com> <BE435BCA-5894-40F8-9690-09E52C3C010A@juniper.net> <3B8DC570-FB2D-4EE9-98BA-EEED20F2DBC0@gmail.com> <1061F93A-2D1F-41FB-9A21-A3D92188E7E2@gmail.com> <D455285C.8A1A2%acee@cisco.com> <179f5eb2-0de9-42cb-f291-738f16dab568@cisco.com> <CAPhzzaaJ9WwarfHeqQzjsU8RrBCA=iCBrS-f=4NscKS2hCkdPA@mail.gmail.com> <4ab7ace4-e6aa-1fc5-a259-ad196a8b882c@cisco.com> <C2E53E11-BD5F-48EF-9034-7218BFA571F0@juniper.net> <7635AD99-C245-41FA-8622-4ABA220DEF47@juniper.net> <CAPhzzaYaDfp8E+Su-HV=RzJRA1nP69S8XBdQyNkxbviVQrLLYg@mail.gmail.com>
From: David Bannister <dpb@netflix.com>
Date: Tue, 28 Mar 2017 17:39:11 -0400
Message-ID: <CAPhzzaaT6=k-dPnJCBSHEj-mmmqcQdY7DA7FN_5iU+_VGj6ShA@mail.gmail.com>
To: NetMod WG <netmod@ietf.org>
Content-Type: multipart/alternative; boundary="001a11425722665ff3054bd14aa3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/JNxwxt-Gj1b1z0Zlz0Gjtwri4pw>
Subject: [netmod] Fwd: WG Last Call for draft-ietf-netmod-acl-model-09 (until Oct 27, 2016)
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Mar 2017 21:39:16 -0000

I was asked to resend this to the list.

---------- Forwarded message ----------
From: David Bannister <dpb@netflix.com>
Date: Sat, Dec 17, 2016 at 1:06 PM
Subject: Re: [netmod] WG Last Call for draft-ietf-netmod-acl-model-09
(until Oct 27, 2016)
To: Kent Watsen <kwatsen@juniper.net>
Cc: Dean Bogdanovic <ivandean@gmail.com>, "netmod@ietf.org" <netmod@ietf.org
>


I would like to see a model which is a standardized and contains the basic
L2, L3 and L4 fields to make it useful for for data plane, control plane,
management plane and day-to-day troubleshooting.  The current iteration of
the draft does not meet these requirements. Vendor augmentation is not an
acceptable answer for fields which are well defined, well understood and
standardized by the IETF.  Vendors do not standardize amongst themselves
willingly. This leads the network operator to deal with multiple versions
of the same model if augmentation is used.  As a network operator we want
to reduce complexity in network management, not increase.  If we need a
feature which only one vendor has we accept the fact we must augment from
that vendor's proprietary model.  For vendors or devices that cannot
support all pieces of a proposed model a deviation can be provided.


L2
Given that the IEEE has yet to define an Ethernet model makes the ACL
draft, and others, somewhat problematic.  However, it is well known, well
understood and standardized elsewhere.  Each ethertype should have an
associated node which represents the data for that ethertype to allow for
matching in the ACL.  The following list of ethertypes is considered
mandatory: IPv6-uni, IPv6-multi, IPv4-uni, IPv4-multi, MPLS-uni,
MPLS-multi,  802.1q and if you feel something is missing please add.

All the L3 and L4 fields below are well defined, well understood and
standardized by the IETF.
L3
The layer 3 portion of the ACL draft needs to add the following for IPv4:
TTL, Len, IHL, ECN, Ident, Flags, offset.  IPv6 add traffic class, len,
next header and hop limit.

L4
For TCP add sequence, ack#, offset, Resv, TCP-flags, window size, urgent
pointer and options.  For UDP add Length.  ICMP add type, code and rest of
header.

v2.23.0 | Report a Bug | By Email