Hi Rob, Probably a stupid question but how would you write a 'when' statement that checks identity type? What XPATH function / expression would allow you to access the YANG type?
Thanks, William -----Original Message----- From: netmod [mailto:[email protected]] On Behalf Of Robert Wilton Sent: 10 May 2016 18:27 To: Linda Dunbar <[email protected]> Cc: [email protected]; '[email protected]' <[email protected]> Subject: Re: [netmod] Can you remove the "Identity acl-base" defined in draft-ietf-netmod-acl-model-07 Hi Linda, I think that having the base identity makes the model safer and more extensible in future. I think that the general idea of a base identity is fairly standard and is perhaps a bit like defining an abstract base class in an OO language. So, in YANG, rather than a when statement having to explicitly check for ipv4-acl or ipv6-acl it can just check for any type derived from acl-base, which allows for new types of ACL to be defined in future (potentially in different modules). Conversely, it also helps prevent someone from using a completely inappropriate identity, e.g. say trying to use an interface type identity such as ift:ethernetCsmacd where a type of ACL identity is required. Thanks, Rob On 10/05/2016 17:55, Linda Dunbar wrote: > Juergen, > > Of course, it is not confusing to you because you are in the box (vs. many of > us are outside the box looking in). > > RFC 6020 doesn't say all identities have to have a sub-identity. > > > My opinion only. > > > Linda > > > -----Original Message----- > From: Juergen Schoenwaelder > [mailto:[email protected]] > Sent: Tuesday, May 10, 2016 10:38 AM > To: Linda Dunbar > Cc: [email protected]; '[email protected]'; Thomas D. > Nadeau > Subject: Re: Can you remove the "Identity acl-base" defined in > draft-ietf-netmod-acl-model-07 > > On Tue, May 10, 2016 at 03:07:30PM +0000, Linda Dunbar wrote: >> Juergen, >> >> If "acl-base" has some content more than the comment (i.e. the description), >> then it makes sense. >> >> The comments in the "identity ipv4-acl" is enough to describe the identity. >> Same with the identity ipv6-acl. >> >> I find it is very confusing to have the recursive reference of identity (all >> of them are simply the description). >> > I fail to see anything confusing here. Did you read the relevant sections of > RFC 6020? What is unclear about identities and how they work? > > /js > _______________________________________________ netmod mailing list [email protected] https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_netmod&d=CwICAg&c=IL_XqQWOjubgfqINi2jTzg&r=GByLeg9jZvOv_AlgBo9uvdDrxizlOR7l_SnTXowyJU8&m=MlQZEKdXoP4IwlPcElVo_hIsmcgPxkS1AvAc3uGRU_E&s=iht1ryWsM95ONkVXCHgLCn-rGgsZVjmO0P_Hnhg2llM&e= _______________________________________________ netmod mailing list [email protected] https://www.ietf.org/mailman/listinfo/netmod
