> On Jan 4, 2016, at 10:24 PM, Eliot Lear <[email protected]> wrote: > > Hi, > > I guess what I'm hearing is that we should do a hopefully very short > augmentation for domain names in the matches clause and standardize that > separately. Does that seem reasonable?
Yes, if you think there is a need for such a draft and IPR issue is cleared, WG adopts it, why not Dean > > Eliot > > On 12/19/15 2:05 PM, Dean Bogdanovic wrote: >> The basic design idea for the base model is structure that all vendors >> support. Some of the examples mentioned below, like FQDN, are not supported >> by all vendors and are protected by IPR (which I wasn’t aware of it). There >> are many possible match conditions that could be added to the base model, >> like Auth header in IPSec or IPSec encapsulation security payload to keep it >> with security. There are many match conditions in Class of Services as well. >> All these match conditions would have created more issues to come to >> consensus about the base model, so for that reason we went with the minimal >> model that would be easy for all vendors to implement. >> >> Dean >> >>> On Dec 18, 2015, at 5:21 PM, Sterne, Jason (Jason) >>> <[email protected]> wrote: >>> >>> I'm not a fan of adding something like that in the base model. Let's get a >>> basic model done and then we can consider an extension draft. I'd think >>> that things like TCP flags, for example, would be a more natural & common >>> thing to add to an ACL model than a host name match so I can't see host >>> name being in there before TCP flags (which I'm not advocating for in the >>> base model). >>> >>> I also don't think the metadata interface match should be in this base >>> model either. That is out of place IMO. The base model provides an ACL >>> that can then get associated with objects like interfaces (as in the >>> example in section A.3) >>> I'd also suggest we consider making the actions 'deny' and 'permit' >>> presence containers instead of empty leafs. That would allow easier >>> augmentations (e.g. additional 'permit' parameters for policy based >>> forwarding for example). >>> >>> Regards, >>> Jason >>> >>> -----Original Message----- >>> From: netmod [mailto:[email protected]] On Behalf Of Nadeau Thomas >>> Sent: Thursday, December 17, 2015 10:53 >>> To: Lear Eliot >>> Cc: Benoit Claise; RTG YANG Design Team; netmod WG >>> Subject: Re: [netmod] Working group Last Call: >>> draft-ietf-netmod-acl-model-06 >>> >>> >>> You raise a good point. Do the contributors/editors have any thoughts >>> on this suggestion? >>> >>> —Tom >>> >>> >>>> On Dec 17, 2015:9:44 AM, at 9:44 AM, Eliot Lear <[email protected]> wrote: >>>> >>>> >>>> >>>> On 12/17/15 2:45 PM, Nadeau Thomas wrote: >>>>> Do you mean an ASCII DNS name (versus an IP address w a mask)? >>>> I was thinking of "host" in RFC 6021. >>>> >>>> Eliot >>>> >>>> >>> _______________________________________________ >>> netmod mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/netmod >>> _______________________________________________ >>> Rtg-dt-yang-arch mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/rtg-dt-yang-arch >> > > _______________________________________________ netmod mailing list [email protected] https://www.ietf.org/mailman/listinfo/netmod
