Hi Med, Please see below:
On 24.01.18 12:54, [email protected] wrote: > > My understanding from draft-ietf-netmod-acl-model-14 is that acl-type > remains acl-type. acl-name became name. But you're right- rule-name > became name as well. I will adjust the text accordingly. > > [Med] I guess you meant -15. I confirm that acl-type is to be changed > too. Below an excerpt of the acl tree structure: > > > > +--rw access-lists > > +--rw acl* [name] > > | +--rw name string > > | +--rw type? acl-type > > > > * This sentence should be carefully updated as well: “With the > exceptions of "name", "acl-type", "rule-name", and TCP and”. > * I guess the examples should be checked to align with the new ACL > structure. For example, > - “ipv6-acl” entries should be updated to “ipv6”. You're right. I stand corrected. And I spotted the error in the example. Will correct. > > > Which is the text I adjusted ;-) > > [Med] Yes. I was referring to the examples. > > - add “l3” entry before “ipv4” and “ipv6”. > > > I think this is done in the normative text but you're right- it needs > to be corrected in the examples. > > > * It would useful to add a justification why it is not recommended to > support 'reject' action. > > > Ok, I'll add some text. > > [Med] Thank you. BTW, wouldn’t you need a rate-limit action to > “protect” against exhausting Thing resources? > I don't think that's appropriate at this point. For one thing, it goes well beyond what many implementations can actually do. For another, it may be asking a bit much of the manufacturers to predict this sort of behavior, and it will be easy to get wrong. I would suggest this be handled later as we get some additional operational experience. Eliot
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
