Jon, ‘ordered-by user’ directive is useful to have on list of ACLs as/when they are applied. For example, in the latest published draft (-14) we added the 'ordered-by user’ statement to the list of ACLs when they are applied to the interfaces. You would not order the “global” ACLs list (under access-lists), because another interface may want a different order of ACLs.
Does that help? > On Oct 2, 2017, at 9:38 AM, Jon Shallow <supjps-i...@jpshallow.com> wrote: > > Hi there, > > I’m currently working on another draft ietf specification > (draft-ietf-dots-data-channel) which has a ordering requirement, but the > ‘ordered-by’ statement is not specified (missing?) for the ‘list acl’ in > container ‘access-lists’ in 4.1 IETF Access Control List > "ietf-access-control-l...@2017-09-12.yang > <mailto:ietf-access-control-l...@2017-09-12.yang>". > > Container ‘aces’ has the ‘ordered-by-user’ statement for the list ACE. > container aces { > description > "The access-list-entries container contains > a list of access-list-entries(ACE)."; > list ace { > key "rule-name"; > ordered-by user; > description > "List of access list entries(ACE)"; > ..... > > Container ‘access-lists’ does not have the ‘ordered-by-user’ statement for > the list ACL. > container access-lists { > description > "This is a top level container for Access Control Lists. > It can have one or more Access Control Lists."; > list acl { > key "acl-type acl-name"; > description > "An Access Control List(ACL) is an ordered list of > Access List Entries (ACE). Each Access Control Entry has a > list of match criteria and a list of actions. > Since there are several kinds of Access Control Lists > implemented with different attributes for > different vendors, this > model accommodates customizing Access Control Lists for > each kind and for each vendor."; > ....... > > Is there a good reason why ‘list acl’ is not defined as sortable? > - or is it defined elsewhere as being sortable? > - or is the intention that there can only be one ACL? > > We potentially have a requirement for multiple ACLs, each with its own set of > sorted ACEs where the ACLs cannot be configured in a random order and need to > know how to move forward. > > Regards > > Jon > _______________________________________________ > netmod mailing list > netmod@ietf.org <mailto:netmod@ietf.org> > https://www.ietf.org/mailman/listinfo/netmod > <https://www.ietf.org/mailman/listinfo/netmod> Mahesh Jethanandani mjethanand...@gmail.com
_______________________________________________ netmod mailing list netmod@ietf.org https://www.ietf.org/mailman/listinfo/netmod
