Hi Acee, > On Mar 31, 2016, at 8:17 AM, Acee Lindem (acee) <[email protected]> wrote: > > Hi Dean, > > From: netmod <[email protected] <mailto:[email protected]>> on > behalf of Dean Bogdanovic <[email protected] <mailto:[email protected]>> > Date: Thursday, March 31, 2016 at 5:26 AM > To: "Sterne, Jason (Nokia - CA)" <[email protected] > <mailto:[email protected]>> > Cc: netmod WG <[email protected] <mailto:[email protected]>> > Subject: Re: [netmod] Remove input-interface (metadata) from > netmod-acl-model-07 ? > > >> On Mar 30, 2016, at 9:36 PM, Sterne, Jason (Nokia - CA) >> <[email protected] <mailto:[email protected]>> wrote: >> >> Hi all, >> >> The ACL model is converging on a small core set of functionality that is >> fairly common. >> >> But I think the matching on input-interface should be removed from the model >> (or at the least put inside a feature flag). >> >> Matching on basic IPv4/IPv4/MAC header fields is common functionality. But >> having that input-interface match on metadata in the core model is out of >> place. It should be left to further extension drafts or vendor specific >> augmentations (along with whatever other metadata might be useful or >> vendor-specific). >> >> ACLs are typically assigned to interfaces as shown in section A.3. of the >> ACL draft. That is the most common use case. >> >> Actually matching on input-interface in the ACL rules themselves is not >> basic core ACL functionality. Nokia SR OS does not have that capability. >> Does IOS-XR ? Brocade ? others ? > > Cisco and Juniper support matching on input interface. It is useful when you > want to filter on general traffic coming from interface. > > Cisco > match input-interface > match input-vlan > > These are “class-map” sub-commands - not “access-list" sub-commands. So you > are referring to the general functionality rather than specifically > functionality supported by access-list?
According to the Cisco website (http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configuration/guide/3750xscg/swacl.html) Note The ACL must be an extended named ACL. <>– match input-interface interface-id-list <>– match ip dscp dscp-list <>– match ip precedence ip-precedence-list > > > > Junos > family any { > filter L2_filter { > term t1 { > from { > interface fe-0/0/0.0; > } > then { > policer p1; > count c1; > } > } > } > } > > Brocade supports matching based on interface, Dell supports VLAN matching, > Arista supports input interface matching, Redback supports matching against > input interface for logging, > > If you are referring to “log-input”, this indicates to include the > input-interface in the log message. Cisco supports this as well. > > Thanks, > Acee > > > so it is pretty standard across multiple vendors > > Dean > >> If some major implementations don’t do it, and it isn’t necessary for >> typical basic ACL use, then it should be removed (or feature flagged). >> >> Regards, >> Jason >> >> _______________________________________________ >> netmod mailing list >> [email protected] <mailto:[email protected]> >> https://www.ietf.org/mailman/listinfo/netmod >> <https://www.ietf.org/mailman/listinfo/netmod>
_______________________________________________ netmod mailing list [email protected] https://www.ietf.org/mailman/listinfo/netmod
