I'm not a fan of adding something like that in the base model. Let's get a basic model done and then we can consider an extension draft. I'd think that things like TCP flags, for example, would be a more natural & common thing to add to an ACL model than a host name match so I can't see host name being in there before TCP flags (which I'm not advocating for in the base model).
I also don't think the metadata interface match should be in this base model either. That is out of place IMO. The base model provides an ACL that can then get associated with objects like interfaces (as in the example in section A.3). I'd also suggest we consider making the actions 'deny' and 'permit' presence containers instead of empty leafs. That would allow easier augmentations (e.g. additional 'permit' parameters for policy based forwarding for example). Regards, Jason -----Original Message----- From: netmod [mailto:[email protected]] On Behalf Of Nadeau Thomas Sent: Thursday, December 17, 2015 10:53 To: Lear Eliot Cc: Benoit Claise; RTG YANG Design Team; netmod WG Subject: Re: [netmod] Working group Last Call: draft-ietf-netmod-acl-model-06 You raise a good point. Do the contributors/editors have any thoughts on this suggestion? —Tom > On Dec 17, 2015:9:44 AM, at 9:44 AM, Eliot Lear <[email protected]> wrote: > > > > On 12/17/15 2:45 PM, Nadeau Thomas wrote: >> Do you mean an ASCII DNS name (versus an IP address w a mask)? > > I was thinking of "host" in RFC 6021. > > Eliot > > _______________________________________________ netmod mailing list [email protected] https://www.ietf.org/mailman/listinfo/netmod _______________________________________________ netmod mailing list [email protected] https://www.ietf.org/mailman/listinfo/netmod
