Re: [netmod] Questions to draft-ietf-netmod-acl-model-00
Dean Bogdanovic <deanb@juniper.net> Tue, 13 January 2015 16:20 UTC
Return-Path: <deanb@juniper.net>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7A2F1A8AF8 for <netmod@ietfa.amsl.com>; Tue, 13 Jan 2015 08:20:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vNbyGD-DqO-o for <netmod@ietfa.amsl.com>; Tue, 13 Jan 2015 08:20:38 -0800 (PST)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0119.outbound.protection.outlook.com [207.46.100.119]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B02541A8AAC for <netmod@ietf.org>; Tue, 13 Jan 2015 08:20:38 -0800 (PST)
Received: from BN1PR05MB424.namprd05.prod.outlook.com (10.141.58.148) by BN1PR05MB423.namprd05.prod.outlook.com (10.141.58.146) with Microsoft SMTP Server (TLS) id 15.1.49.12; Tue, 13 Jan 2015 16:20:35 +0000
Received: from BN1PR05MB424.namprd05.prod.outlook.com ([169.254.8.224]) by BN1PR05MB424.namprd05.prod.outlook.com ([169.254.8.224]) with mapi id 15.01.0049.002; Tue, 13 Jan 2015 16:20:35 +0000
From: Dean Bogdanovic <deanb@juniper.net>
To: Linda Dunbar <linda.dunbar@huawei.com>
Thread-Topic: Questions to draft-ietf-netmod-acl-model-00
Thread-Index: AdAsX9CwibQXa732QGuEkrDUKZcJngC7QoyA
Date: Tue, 13 Jan 2015 16:20:35 +0000
Message-ID: <378B6DFC-AD6A-4C6D-BB21-D17765876ED7@juniper.net>
References: <4A95BA014132FF49AE685FAB4B9F17F645E8E3DD@dfweml701-chm>
In-Reply-To: <4A95BA014132FF49AE685FAB4B9F17F645E8E3DD@dfweml701-chm>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.1510)
x-originating-ip: [66.129.241.11]
authentication-results: spf=none (sender IP is ) smtp.mailfrom=deanb@juniper.net;
x-dmarcaction-test: None
x-microsoft-antispam: BCL:0;PCL:0;RULEID:(3005003);SRVR:BN1PR05MB423;
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:;SRVR:BN1PR05MB423;
x-forefront-prvs: 045584D28C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(24454002)(377454003)(189002)(199003)(164054003)(97736003)(66066001)(16236675004)(77156002)(87936001)(83716003)(57306001)(106356001)(46102003)(99286002)(122556002)(64706001)(36756003)(68736005)(62966003)(230783001)(102836002)(40100003)(19580395003)(19580405001)(50986999)(101416001)(50226001)(2900100001)(82746002)(2950100001)(2656002)(33656002)(76176999)(110136001)(92566002)(105586002)(86362001)(104396002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN1PR05MB423; H:BN1PR05MB424.namprd05.prod.outlook.com; FPR:; SPF:None; MLV:sfv; PTR:InfoNoRecords; MX:3; A:1; LANG:en;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
Content-Type: multipart/alternative; boundary="_000_378B6DFCAD6A4C6DBB21D17765876ED7junipernet_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Jan 2015 16:20:35.1508 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1PR05MB423
Archived-At: <http://mailarchive.ietf.org/arch/msg/netmod/MU-LLFm1Pt2E2ApYtlOScT8Lsuo>
Cc: "netmod@ietf.org" <netmod@ietf.org>
Subject: Re: [netmod] Questions to draft-ietf-netmod-acl-model-00
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jan 2015 16:20:46 -0000
Linda, please see inline On Jan 9, 2015, at 5:58 PM, Linda Dunbar <linda.dunbar@huawei.com<mailto:linda.dunbar@huawei.com>> wrote: Dean, et al, On Page 15, the definition of “metadata” missed potential matching criteria of “packet length”, which is described in the “metadata” definition. Is it possible to add more constraints, such as “apply ACL when there is congestion”, etc? What is currently in the draft, is just an example how to extend the model, so what you are proposing is allowed, but we, authors, believe that the current examples give the way to to add standard and proprietary extensions to the model. We are trying to keep the basic ACL model as simple as possible, where extensions would go into other drafts. On Page 12, the “acl-transport-header-fields” only allows port range. If the matching criteria is a specific port number, is it still necessary to have both “lower-port” and “upper-port” specified? If it is just specific port number, you specify only lower-port (as this is mandatory), upper port doesn't have to be specified. On Figure 2 (Page 18), the “<actions/>” below “<deny/>” should really be “</action>”, isn’t it? Thank you for the catch. It is a typo. Dean Thanks, Linda Dunbar
- [netmod] Questions to draft-ietf-netmod-acl-model… Linda Dunbar
- Re: [netmod] Questions to draft-ietf-netmod-acl-m… Dean Bogdanovic