IETF Logo Mail Archive

Re: [netmod] WG Last Call: draft-ietf-netmod-acl-model-15

Mahesh Jethanandani <mjethanandani@gmail.com> Fri, 02 February 2018 18:35 UTC

Return-Path: <mjethanandani@gmail.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0591112D82D for <netmod@ietfa.amsl.com>; Fri, 2 Feb 2018 10:35:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.01
X-Spam-Level:
X-Spam-Status: No, score=-0.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s7B37ZnpdzTp for <netmod@ietfa.amsl.com>; Fri, 2 Feb 2018 10:35:53 -0800 (PST)
Received: from mail-io0-x230.google.com (mail-io0-x230.google.com [IPv6:2607:f8b0:4001:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C80D1252BA for <netmod@ietf.org>; Fri, 2 Feb 2018 10:35:53 -0800 (PST)
Received: by mail-io0-x230.google.com with SMTP id p188so23881261ioe.12 for <netmod@ietf.org>; Fri, 02 Feb 2018 10:35:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=KH8flky5tGTWU+sQ7+7lotrISVyidXHmsWH4ll/SRJ4=; b=WLF1pQo75MkIE5mlMpNfr/JS4ul3kn2G4h/G2jv2XZmIuK8JGBiobNWwKpfrsqX/7d JPd9pLdAkYhtDUyJAQOP1N+OqG9As5IdcA42y/SuLifzxnhce9FuxSks7bPvWQW1Y47y cJPfOBq4hC64zSY6mv68qw9r//9Z1Uz2PO6geIh+vAXnp7swQLJ2BcxUmpVPHfxmRjDB bgFXTkfnhlEy0k4lnwDwCIvCXYlrR04o6K9mSfP0rIzFgHWhPKkO+pHagCkgfodk6l4r Xr/1oqpfdQaI5Eug8efp3TVsbEifNGmjnCrvnh+uSJE6cJ72p2v84RVmdNLHru59vZzO 1mKA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=KH8flky5tGTWU+sQ7+7lotrISVyidXHmsWH4ll/SRJ4=; b=GNUiQDn19ohoRmRs/ywfvM69q4oFXSE2OAj4y0mW7Ks3Cd9jonzP76GMA04mxxl24N 16ISNoXu7TrLKcLmuuQGjBknwmIIKLzwravoZmoiVDLCJN+GC1K+aErv/KoMaTK/5qtu d7/IXt2qEBgXZyv+RW144PqyeCtA0BmR2I3UiVzLhs4iYJvuatbwU8YC0pR+qq1KMyWw skM2x0X573hWFEYWkldu4jhUOsy0ftfgCXKVv7Th6XCBpnL/hzgwYqV2HGxUifQVH4mW V1IJZyQAe9JV7fWOUHz188sUhupElfGncdlqp7tPzu5l7JVXrwSnJQPu1+fOw6LvhZI+ nN/g==
X-Gm-Message-State: AKwxytdKj5wMkMA2kSS2Lv1fHTF7eJkeTBZXbU7tk8dqAaedPW6rTbSk MSauOpPiEHdUdYZz3xpyatH95J//
X-Google-Smtp-Source: AH8x226GTXR+a8xUedCK+lLggIwtsfuTkhMyJJZ0/F/aIU2Bg2d4T/Wlviw+k6g7heR7y2HJfbfKAw==
X-Received: by 10.107.9.213 with SMTP id 82mr45226242ioj.295.1517596552353; Fri, 02 Feb 2018 10:35:52 -0800 (PST)
Received: from mahesh-m-m8d1.attlocal.net ([2600:1700:edb0:8fd0:1c3b:9228:ac55:4210]) by smtp.gmail.com with ESMTPSA id i83sm1595485iod.82.2018.02.02.10.35.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 02 Feb 2018 10:35:50 -0800 (PST)
From: Mahesh Jethanandani <mjethanandani@gmail.com>
Message-Id: <DA8AF8D2-9BB1-496F-9F71-4F7B524CCD4C@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_4DC644E7-4C35-41B0-9662-C9A4876EB821"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Date: Fri, 02 Feb 2018 10:35:48 -0800
In-Reply-To: <543B7D01-A491-4BFB-B74B-786002F31022@juniper.net>
Cc: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>, "netmod@ietf.org" <netmod@ietf.org>
To: Kent Watsen <kwatsen@juniper.net>
References: <8C19AD4C-0DCA-4D96-A070-0D76BE92BFA4@juniper.net> <20180117224916.4xtwnxgsw3snzwvf@elstar.local> <B3AAE9DB-1F4B-40F5-91BC-7A283B6E5F8B@gmail.com> <BA276029-048F-4B80-A104-924DD1C488F1@juniper.net> <4EB04703-CD66-43D3-8653-BFC62B2C0FA1@gmail.com> <B1BA5D27-FF55-4DBB-B4FA-2697896F5F12@juniper.net> <788291A3-8BB6-494A-A7CF-D68B3FC70F98@gmail.com> <543B7D01-A491-4BFB-B74B-786002F31022@juniper.net>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/V0bXAPZbhn8Mgv68TK7AWIDqyPo>
Subject: Re: [netmod] WG Last Call: draft-ietf-netmod-acl-model-15
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Feb 2018 18:35:56 -0000


> On Jan 22, 2018, at 7:50 AM, Kent Watsen <kwatsen@juniper.net> wrote:
> 
> Hi Mahesh,
>  
> Thanks, it doesn't get much more concrete then a pull request  ;)
>  
> Okay, so from a chair/shepherd perspective, can folks please consider this update to -15 as the LC solution to removing the open issue Juergen found in the draft?
>  
> As a contributor, I don't think the name of the groupings or their description statements should allude to something that doesn't exist yet.  Rather than e.g. "source-or-group", could it be instead something like "source-type"?    Also, the update seems to be for both when specifying networks as well as when specifying port-ranges, but the original issue (see below) only mentioned addresses - is the pull-request actually what's needed and the description of the issue in Section 8 is incomplete?
>  
>     8.  Open Issues
>  
>        o  The current model does not support the concept of "containers"
>             used to contain multiple addresses per rule entry.

I have updated the description of the issue on GitHub to refer to IP addresses and ports, the two thing object groups are used for, and removed the Open Issues section in the draft. The PR(#23) has the capability to add this in the future. 

Thanks.

>  
> Thanks,
> Kent
>  
>  
> On 1/21/18, 12:32 AM, "Mahesh Jethanandani" <mjethanandani@gmail.com <mailto:mjethanandani@gmail.com>> wrote:
>  
>  
> 
> 
>> On Jan 20, 2018, at 7:21 AM, Kent Watsen <kwatsen@juniper.net <mailto:kwatsen@juniper.net>> wrote:
>>  
>> Hi Mahesh,
>> 
>> I'm okay not adding the ability to reference an external rulebase now, or are you saying that you'd also like to defer priming the YANG model now so that it can be added later in a backwards compatible manner?
>> 
>> If you plan to prime the YANG model so that the ability to reference an external rulebase can added later in a backwards compatible manner, can you please send a concrete proposal to the list so that we can better understand the impact?  
>> 
>> My expectation is that it merely adds a 'choice' statement around the existing rulebase container, thereby enabling something other than a rulebase container to exist some day in the future.  
>  
> That is correct. The proposal is to add a ‘choice’ statement in parts of the model that will allow an external rulebase to be added in the future as another case statement.
>  
> Here is the concrete proposal of what those changes will look like:
>  
> https://github.com/netmod-wg/acl-model/pull/23 <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_netmod-2Dwg_acl-2Dmodel_pull_23&d=DwMFaQ&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=9zkP0xnJUvZGJ9EPoOH7Yhqn2gsBYaGTvjISlaJdcZo&m=TTcVNmD-pP5Jg3P0iLLmNN-oThtmLiDD-i-cfmml-d4&s=9amd15fEoT406blmduaLuqGo7l1Mi0jt86nidbOJ2fU&e=>
>  
> Thanks
>  
> 
>> 
>> If the addition is indeed just this, then I don't believe that it materially changes the ACL model and therefore can be added as a LC comment.  Of course, the WG will want to review the addition for correctness, but otherwise should be alright.
>> 
>> Thanks,
>> Kent // co-chair and shepherd
>> 
>> 
>> ===== original message =====
>> 
>> Kent,
>> 
>> I have not heard a strong requirement to have the open issue fixed in this version of the RFC. We would therefore like to defer it to a bis document.
>> 
>> I will wait for the LC to complete, and update the draft to address all the comments received during the LC.
>> 
>> Thanks.
>> 
>> 
>>> On Jan 17, 2018, at 3:33 PM, Kent Watsen <kwatsen@juniper.net <mailto:kwatsen@juniper.net>> wrote:
>>> 
>>> 
>>> H Mahesh,
>>> 
>>> 
>>>>> - There is an open issue in the document (section 8) - are we going
>>>>> to resolve that during WG last call or is this a leftover?
>>>> 
>>>> This will be resolved in the next version of the module. It is
>>>> documented under Issues tab in GitHub. Should we remove it from
>>>> the draft?
>>> 
>>> Most of Juergen's comments are editorial in nature and can truly be handled as part of the LC process, but this open issue has me worried, as it may result in a significant technical change.  
>>> 
>>> What will it take to close this open issue?  Is it just a matter of the getting the WG to agree that it's not an issue, or do we already know that it is a real issue and only the solution is pending?
>>> 
>>> Thanks,
>>> Kent
>>> 
>>> 
>>> 
>>> 
>> 
>> Mahesh Jethanandani
>> mjethanandani@gmail.com <mailto:mjethanandani@gmail.com>
>> 
>> 
> 
>  
> Mahesh Jethanandani
> mjethanandani@gmail.com <mailto:mjethanandani@gmail.com>
> 
> 

Mahesh Jethanandani
mjethanandani@gmail.com

v2.23.0 | Report a Bug | By Email