Re: [netmod] Can you remove the "Identity acl-base" defined in draft-ietf-netmod-acl-model-07

2016-05-10 Thread Nadeau Thomas 

Yea, I agree that its probably worth giving a little more latitude when 
helping people with models. 8)

—Tom


> On May 10, 2016:12:55 PM, at 12:55 PM, Linda Dunbar  
> wrote:
> 
> Juergen, 
> 
> Of course, it is not confusing to you because you are in the box (vs. many of 
> us are outside the box looking in). 
> 
> RFC 6020 doesn't say all identities have to have a sub-identity. 
> 
> 
> My opinion only. 
> 
> 
> Linda 
> 
> 
> -Original Message-
> From: Juergen Schoenwaelder [mailto:j.schoenwael...@jacobs-university.de] 
> Sent: Tuesday, May 10, 2016 10:38 AM
> To: Linda Dunbar
> Cc: draft-ietf-netmod-acl-mo...@ietf.org; 'netmod@ietf.org'; Thomas D. Nadeau
> Subject: Re: Can you remove the "Identity acl-base" defined in 
> draft-ietf-netmod-acl-model-07
> 
> On Tue, May 10, 2016 at 03:07:30PM +, Linda Dunbar wrote:
>> Juergen,
>> 
>> If "acl-base" has some content more than the comment (i.e. the description), 
>> then it makes sense.  
>> 
>> The comments in the "identity ipv4-acl" is enough to describe the identity. 
>> Same with the identity ipv6-acl. 
>> 
>> I find it is very confusing to have the recursive reference of identity (all 
>> of them are simply the description). 
>> 
> 
> I fail to see anything confusing here. Did you read the relevant sections of 
> RFC 6020? What is unclear about identities and how they work?
> 
> /js
> 
> -- 
> Juergen Schoenwaelder   Jacobs University Bremen gGmbH
> Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany
> Fax:   +49 421 200 3103 

___
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod

Re: [netmod] Can you remove the "Identity acl-base" defined in draft-ietf-netmod-acl-model-07

2016-05-10 Thread Linda Dunbar 
Lisa, 

My difficulty was not being able to see the value of one comment based on 
another comment. 

Now I understand it is really just personal preference. Having an extra step 
doesn't hurt the bottom line end result. It is Ok. 

Linda

-Original Message-
From: Lisa (Yi) Huang [mailto:lyihu...@juniper.net] 
Sent: Tuesday, May 10, 2016 12:06 PM
To: Linda Dunbar; Juergen Schoenwaelder
Cc: draft-ietf-netmod-acl-mo...@ietf.org; 'netmod@ietf.org'; Thomas D. Nadeau
Subject: Re: Can you remove the "Identity acl-base" defined in 
draft-ietf-netmod-acl-model-07

Linda,

Could you elaborate what difficulty you are facing?

The draft defines

typedef acl-type {
  type identityref {
   base acl-base;
  }
 }

This allows the acl-type to be ipv4-acl or ipv6-acl, or other new types that 
inherit from acl-type.


Hope this helps.

Thanks,
Lisa

On 5/10/16, 9:55 AM, "Linda Dunbar"  wrote:

>Juergen,
>
>Of course, it is not confusing to you because you are in the box (vs.
>many of us are outside the box looking in).
>
>RFC 6020 doesn't say all identities have to have a sub-identity.
>
>
>My opinion only. 
>
>
>Linda
> 
>
>-Original Message-
>From: Juergen Schoenwaelder 
>[mailto:j.schoenwael...@jacobs-university.de]
>Sent: Tuesday, May 10, 2016 10:38 AM
>To: Linda Dunbar
>Cc: draft-ietf-netmod-acl-mo...@ietf.org; 'netmod@ietf.org'; Thomas D.
>Nadeau
>Subject: Re: Can you remove the "Identity acl-base" defined in
>draft-ietf-netmod-acl-model-07
>
>On Tue, May 10, 2016 at 03:07:30PM +, Linda Dunbar wrote:
>> Juergen,
>> 
>> If "acl-base" has some content more than the comment (i.e. the 
>>description), then it makes sense.
>> 
>> The comments in the "identity ipv4-acl" is enough to describe the 
>>identity. Same with the identity ipv6-acl.
>> 
>> I find it is very confusing to have the recursive reference of 
>>identity (all of them are simply the description).
>>
>
>I fail to see anything confusing here. Did you read the relevant 
>sections of RFC 6020? What is unclear about identities and how they work?
>
>/js
>
>-- 
>Juergen Schoenwaelder   Jacobs University Bremen gGmbH
>Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany
>Fax:   +49 421 200 3103 

___
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod

Re: [netmod] Can you remove the "Identity acl-base" defined in draft-ietf-netmod-acl-model-07

2016-05-10 Thread Robert Wilton 

Hi Linda,

I think that having the base identity makes the model safer and more 
extensible in future.  I think that the general idea of a base identity 
is fairly standard and is perhaps a bit like defining an abstract base 
class in an OO language.


So, in YANG, rather than a when statement having to explicitly check for 
ipv4-acl or ipv6-acl it can just check for any type derived from 
acl-base, which allows for new types of ACL to be defined in future 
(potentially in different modules).


Conversely, it also helps prevent someone from using a completely 
inappropriate identity, e.g. say trying to use an interface type 
identity such as ift:ethernetCsmacd where a type of ACL identity is 
required.


Thanks,
Rob


On 10/05/2016 17:55, Linda Dunbar wrote:

Juergen,

Of course, it is not confusing to you because you are in the box (vs. many of 
us are outside the box looking in).

RFC 6020 doesn't say all identities have to have a sub-identity.


My opinion only.


Linda
  


-Original Message-
From: Juergen Schoenwaelder [mailto:j.schoenwael...@jacobs-university.de]
Sent: Tuesday, May 10, 2016 10:38 AM
To: Linda Dunbar
Cc: draft-ietf-netmod-acl-mo...@ietf.org; 'netmod@ietf.org'; Thomas D. Nadeau
Subject: Re: Can you remove the "Identity acl-base" defined in 
draft-ietf-netmod-acl-model-07

On Tue, May 10, 2016 at 03:07:30PM +, Linda Dunbar wrote:

Juergen,

If "acl-base" has some content more than the comment (i.e. the description), 
then it makes sense.

The comments in the "identity ipv4-acl" is enough to describe the identity. 
Same with the identity ipv6-acl.

I find it is very confusing to have the recursive reference of identity (all of 
them are simply the description).


I fail to see anything confusing here. Did you read the relevant sections of 
RFC 6020? What is unclear about identities and how they work?

/js



___
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod

Re: [netmod] Can you remove the "Identity acl-base" defined in draft-ietf-netmod-acl-model-07

2016-05-10 Thread Andy Bierman 
On Tue, May 10, 2016 at 9:55 AM, Linda Dunbar 
wrote:

> Juergen,
>
> Of course, it is not confusing to you because you are in the box (vs. many
> of us are outside the box looking in).
>
> RFC 6020 doesn't say all identities have to have a sub-identity.
>
>
>

This is how YANG does strong typing for identities.
It allows the compiler to check the identity being used for a given
identityref leaf.   Otherwise the identities meant for completely different
purposes could not be screened by the compiler

 leaf transport {
type identityref {
   base transport-protocol;
 }
  }

 leaf toast-type {
type identityref {
   base bread-type;
 }
  }



> My opinion only.
>
>
> Linda
>
>
>

Andy


> -Original Message-
> From: Juergen Schoenwaelder [mailto:j.schoenwael...@jacobs-university.de]
> Sent: Tuesday, May 10, 2016 10:38 AM
> To: Linda Dunbar
> Cc: draft-ietf-netmod-acl-mo...@ietf.org; 'netmod@ietf.org'; Thomas D.
> Nadeau
> Subject: Re: Can you remove the "Identity acl-base" defined in
> draft-ietf-netmod-acl-model-07
>
> On Tue, May 10, 2016 at 03:07:30PM +, Linda Dunbar wrote:
> > Juergen,
> >
> > If "acl-base" has some content more than the comment (i.e. the
> description), then it makes sense.
> >
> > The comments in the "identity ipv4-acl" is enough to describe the
> identity. Same with the identity ipv6-acl.
> >
> > I find it is very confusing to have the recursive reference of identity
> (all of them are simply the description).
> >
>
> I fail to see anything confusing here. Did you read the relevant sections
> of RFC 6020? What is unclear about identities and how they work?
>
> /js
>
> --
> Juergen Schoenwaelder   Jacobs University Bremen gGmbH
> Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany
> Fax:   +49 421 200 3103 
>
> ___
> netmod mailing list
> netmod@ietf.org
> https://www.ietf.org/mailman/listinfo/netmod
>
___
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod

Re: [netmod] Can you remove the "Identity acl-base" defined in draft-ietf-netmod-acl-model-07

2016-05-10 Thread Lisa (Yi) Huang 
Linda,

Could you elaborate what difficulty you are facing?

The draft defines

typedef acl-type {
  type identityref {
   base acl-base;
  }
 }

This allows the acl-type to be ipv4-acl or ipv6-acl, or other new types
that inherit from acl-type.


Hope this helps.

Thanks,
Lisa

On 5/10/16, 9:55 AM, "Linda Dunbar"  wrote:

>Juergen, 
>
>Of course, it is not confusing to you because you are in the box (vs.
>many of us are outside the box looking in).
>
>RFC 6020 doesn't say all identities have to have a sub-identity.
>
>
>My opinion only. 
>
>
>Linda 
> 
>
>-Original Message-
>From: Juergen Schoenwaelder [mailto:j.schoenwael...@jacobs-university.de]
>Sent: Tuesday, May 10, 2016 10:38 AM
>To: Linda Dunbar
>Cc: draft-ietf-netmod-acl-mo...@ietf.org; 'netmod@ietf.org'; Thomas D.
>Nadeau
>Subject: Re: Can you remove the "Identity acl-base" defined in
>draft-ietf-netmod-acl-model-07
>
>On Tue, May 10, 2016 at 03:07:30PM +, Linda Dunbar wrote:
>> Juergen,
>> 
>> If "acl-base" has some content more than the comment (i.e. the
>>description), then it makes sense.
>> 
>> The comments in the "identity ipv4-acl" is enough to describe the
>>identity. Same with the identity ipv6-acl.
>> 
>> I find it is very confusing to have the recursive reference of identity
>>(all of them are simply the description).
>>
>
>I fail to see anything confusing here. Did you read the relevant sections
>of RFC 6020? What is unclear about identities and how they work?
>
>/js
>
>-- 
>Juergen Schoenwaelder   Jacobs University Bremen gGmbH
>Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany
>Fax:   +49 421 200 3103 

___
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod

Re: [netmod] Is there any common module (like library module) for matching all IPv4 or IPv6 header fields?

2016-05-10 Thread Dean Bogdanovic 
Linda,

If you need additional fields in ACL, it is easy to extend the existing base 
model. The intention of the draft authors was to create base common model that 
can be then extended for different uses. 

Saying that, there is nothing out there that could be used for your purposes, 
but using the ACL model, you should be able to augment it for your use case.

Dean

> On May 5, 2016, at 11:48 PM, Linda Dunbar  wrote:
> 
> Dear YANG Model experts: 
>  
> Draft-ietf-netmod-acl-model-07 has matching criteria for Destination Address 
> and Source for IPv4 and IPv6 respectively, like:
>  
> 
>  
> IDR FlowSpec also has  defined YANG model for matching criteria for IPv6/ 
> IPv4-prefix plus other header fields. I2RS Filter Based RIB also define 
> various header matching.
>  
> Is there a common library module that can be called when any IP header fields 
> need to be used as matching criteria?
>  
> Thanks, Linda Dunbar

___
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod