(+netmod mailing list)
Adrian,
Please see inline
> On Aug 22, 2016, at 2:27 AM, Adrian Pan <[email protected]> wrote:
>
> Dear authors,
>
> I have some questions about ietf acl model as below, your reply is
> appreciated.
>
> 1) In the model definition acl-type is one key of the acl, also in the
> description it says that the acl-type could be ethernet, IPv4, IPv6, mixed,
> in case the acl-type is mixed, what’s the identifier should be?
> Should it be augmented by different vendor? Since I don’t see the definition
> about it.
As mixed ACLs are not supported by all vendors, those are not part of the
standard model. Iit is up to the vendor to augment the ace-type and select an
identifier to their liking.
> 2) In the “mix” case, the “matches” the ace list can be the combination of
> Ethernet,ipv4,ipv6 for different ace, right?
Or another combination, again depends on what that particular vendor supports.
> 3) With the model definition, even the acl-type is configured as Ethernet,
> the operator still can configure the matches of ace under the acl as ipv4 or
> ipv6, right?
No, if ACL type is ethernet, then all ACEs are expected to be ethernet.
> is this the model design intention?
If acl-type is of one family, then only ace with match condition from that
family are expected to be in the acl. If you want to combine them, please use
mixed type.
Dean
> module: ietf-access-control-list
> +--rw access-lists
> +--rw acl* [acl-type acl-name]
> +--rw acl-name string
> +--rw acl-type acl-type
> +--ro acl-oper-data
> +--rw access-list-entries
> +--rw ace* [rule-name]
> +--rw rule-name string
> +--rw matches
> | +--rw (ace-type)?
>
> leaf acl-type {
>
> type acl-type;
>
> description
>
> "Type of access control list. Indicates the primary intended
>
> type of match criteria (e.g. ethernet, IPv4, IPv6, mixed, etc)
>
> used in the list instance.";
>
> }
>
>
> Thanks
> Adrian
_______________________________________________
netmod mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/netmod
