Hi Jason, > On Apr 1, 2016, at 6:54 PM, Sterne, Jason (Nokia - CA) > <[email protected]> wrote: > > Hi Dean, > > From what Acee mentions it doesn’t seem that IOS-XR supports matching on > interface for ACLs.
I replied to Acee’s comment in separate email, as I found some examples on the web, but it looks as older versions of software. > > When I look at Brocade I don’t see it either. Maybe someone from Brocade > could provide an example of the config if it is supported ? > https://github.com/YangModels/yang/blob/master/vendor/brocade/brocade-ip-access-list.yang > > <https://github.com/YangModels/yang/blob/master/vendor/brocade/brocade-ip-access-list.yang> > (I also checked their user guides) Brocade gives examples of using ACLs in route-maps and provide examples http://www.brocade.com/content/html/en/configuration-guide/netiron-05900-routingguide/GUID-83F457B7-4CFB-4852-AC08-59BCD9E2AF7C.html > > I think it is more relevant to look at ACL functionality for this (not log > filtering or other misc. filtering capabilities in areas outside of ACLs). I > really don’t think this has widespread support and it isn’t core > functionality -> assigning an ACL to an interface is how it is normally done. I’ll add this item to the open issue and will ask WG at the meeting for opinion. > > Regards, > Jason > > From: EXT Dean Bogdanovic [mailto:[email protected] > <mailto:[email protected]>] > Sent: Thursday, March 31, 2016 2:26 > To: Sterne, Jason (Nokia - CA) > Cc: netmod WG > Subject: Re: [netmod] Remove input-interface (metadata) from > netmod-acl-model-07 ? > > > On Mar 30, 2016, at 9:36 PM, Sterne, Jason (Nokia - CA) > <[email protected] <mailto:[email protected]>> wrote: > > Hi all, > > The ACL model is converging on a small core set of functionality that is > fairly common. > > But I think the matching on input-interface should be removed from the model > (or at the least put inside a feature flag). > > Matching on basic IPv4/IPv4/MAC header fields is common functionality. But > having that input-interface match on metadata in the core model is out of > place. It should be left to further extension drafts or vendor specific > augmentations (along with whatever other metadata might be useful or > vendor-specific). > > ACLs are typically assigned to interfaces as shown in section A.3. of the ACL > draft. That is the most common use case. > > Actually matching on input-interface in the ACL rules themselves is not basic > core ACL functionality. Nokia SR OS does not have that capability. Does > IOS-XR ? Brocade ? others ? > > Cisco and Juniper support matching on input interface. It is useful when you > want to filter on general traffic coming from interface. > > Cisco > match input-interface > match input-vlan > > > Junos > family any { > filter L2_filter { > term t1 { > from { > interface fe-0/0/0.0; > } > then { > policer p1; > count c1; > } > } > } > } > > Brocade supports matching based on interface, Dell supports VLAN matching, > Arista supports input interface matching, Redback supports matching against > input interface for logging, so it is pretty standard across multiple vendors > > Dean > > If some major implementations don’t do it, and it isn’t necessary for > typical basic ACL use, then it should be removed (or feature flagged). > > Regards, > Jason > > _______________________________________________ > netmod mailing list > [email protected] <mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/netmod > <https://www.ietf.org/mailman/listinfo/netmod>
_______________________________________________ netmod mailing list [email protected] https://www.ietf.org/mailman/listinfo/netmod
