Hi Linda,
I think that having the base identity makes the model safer and more
extensible in future. I think that the general idea of a base identity
is fairly standard and is perhaps a bit like defining an abstract base
class in an OO language.
So, in YANG, rather than a when statement having to explicitly check for
ipv4-acl or ipv6-acl it can just check for any type derived from
acl-base, which allows for new types of ACL to be defined in future
(potentially in different modules).
Conversely, it also helps prevent someone from using a completely
inappropriate identity, e.g. say trying to use an interface type
identity such as ift:ethernetCsmacd where a type of ACL identity is
required.
Thanks,
Rob
On 10/05/2016 17:55, Linda Dunbar wrote:
Juergen,
Of course, it is not confusing to you because you are in the box (vs. many of
us are outside the box looking in).
RFC 6020 doesn't say all identities have to have a sub-identity.
My opinion only.
Linda
-----Original Message-----
From: Juergen Schoenwaelder [mailto:[email protected]]
Sent: Tuesday, May 10, 2016 10:38 AM
To: Linda Dunbar
Cc: [email protected]; '[email protected]'; Thomas D. Nadeau
Subject: Re: Can you remove the "Identity acl-base" defined in
draft-ietf-netmod-acl-model-07
On Tue, May 10, 2016 at 03:07:30PM +0000, Linda Dunbar wrote:
Juergen,
If "acl-base" has some content more than the comment (i.e. the description),
then it makes sense.
The comments in the "identity ipv4-acl" is enough to describe the identity.
Same with the identity ipv6-acl.
I find it is very confusing to have the recursive reference of identity (all of
them are simply the description).
I fail to see anything confusing here. Did you read the relevant sections of
RFC 6020? What is unclear about identities and how they work?
/js
_______________________________________________
netmod mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/netmod
