Jon,

‘ordered-by user’ directive is useful to have on list of ACLs as/when they are 
applied. For example, in the latest published draft (-14) we added the 
'ordered-by user’ statement to the list of ACLs when they are applied to the 
interfaces. You would not order the “global” ACLs list (under access-lists), 
because another interface may want a different order of ACLs. 

Does that help?


> On Oct 2, 2017, at 9:38 AM, Jon Shallow <supjps-i...@jpshallow.com> wrote:
> 
> Hi there,
>  
> I’m currently working on another draft ietf specification 
> (draft-ietf-dots-data-channel) which has a ordering requirement, but the 
> ‘ordered-by’ statement is not specified (missing?)  for the ‘list acl’ in 
> container ‘access-lists’ in 4.1 IETF Access Control List 
> "ietf-access-control-l...@2017-09-12.yang 
> <mailto:ietf-access-control-l...@2017-09-12.yang>". 
>  
> Container ‘aces’ has the ‘ordered-by-user’ statement for the list ACE.
>       container aces {
>         description
>           "The access-list-entries container contains
>            a list of access-list-entries(ACE).";
>         list ace {
>           key "rule-name";
>           ordered-by user;
>           description
>             "List of access list entries(ACE)";
>           .....           
>  
> Container ‘access-lists’ does not have the ‘ordered-by-user’ statement for 
> the list ACL.
>   container access-lists {
>     description
>       "This is a top level container for Access Control Lists.
>        It can have one or more Access Control Lists.";
>     list acl {
>       key "acl-type acl-name";
>       description
>         "An Access Control List(ACL) is an ordered list of
>          Access List Entries (ACE). Each Access Control Entry has a
>          list of match criteria and a list of actions.
>          Since there are several kinds of Access Control Lists
>          implemented with different attributes for
>          different vendors, this
>          model accommodates customizing Access Control Lists for
>          each kind and for each vendor.";
>       .......
>  
> Is there a good reason why ‘list acl’ is not defined as sortable?
> - or is it defined elsewhere as being sortable?
> - or is the intention that there can only be one ACL?
>  
> We potentially have a requirement for multiple ACLs, each with its own set of 
> sorted ACEs where the ACLs cannot be configured in a random order and need to 
> know how to move forward.
>  
> Regards
>  
> Jon
> _______________________________________________
> netmod mailing list
> netmod@ietf.org <mailto:netmod@ietf.org>
> https://www.ietf.org/mailman/listinfo/netmod 
> <https://www.ietf.org/mailman/listinfo/netmod>
Mahesh Jethanandani
mjethanand...@gmail.com



_______________________________________________
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod

Reply via email to