Hi,
let me check whether I understand your request correctly: I heard you
saying that you would like to have
leaf-list destination-ipv6-network {
type inet:ipv6-prefix;
description
"Destination IPv6 address prefix.";
}
instead of just
leaf destination-ipv6-network {
type inet:ipv6-prefix;
description
"Destination IPv6 address prefix.";
}
(and similar changes for the other IP prefix related leafs).
While such a direct change may be difficult, given that the header
fields are defined in a choice, it should be possible to add
additional choices for sets of prefixes. So from the YANG side, this
seems to be something possible to address without too much trouble.
Whether implementors are happy with supporting such a change is
something others have to comment on.
/js
On Wed, Mar 17, 2021 at 10:31:10AM +0000, Oscar González de Dios wrote:
> Dear netmod wg colleagues,
>
> The ietf-acl YANG model defined in RFC 8519 allows to create
> rules, and for each a rule, in case of IPv4/IPv6 you can specify in the match
> the source-network and destination-network. The source-network (or equally
> the destination network) is in the model an address prefix. In our use case
> in Telefonica we are specifying a prefix-list for source network and another
> prefix list for destination network. If you had to create this behavior using
> the ACL model, you would need to create NxM rules. Besides, the management of
> those rules would be more complex.
>
> The routing policy model has the concept of prefix-sets, but
> is a separate model (and a different use case).
>
> The functionality of specifying a prefix list for source and
> destination in access control lists is available in most vendors that I am
> aware today. Hence, it's a pretty standard functionality.
>
> Do you think it is useful to add this functionality to the
> ACL YANG model? If yes, what would be the procedure, given that ACL is
> already defined in an existing RFC?
>
> Best Regards,
>
> Oscar
>
>
>
>
>
> ________________________________
>
> Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario,
> puede contener información privilegiada o confidencial y es para uso
> exclusivo de la persona o entidad de destino. Si no es usted. el destinatario
> indicado, queda notificado de que la lectura, utilización, divulgación y/o
> copia sin autorización puede estar prohibida en virtud de la legislación
> vigente. Si ha recibido este mensaje por error, le rogamos que nos lo
> comunique inmediatamente por esta misma vía y proceda a su destrucción.
>
> The information contained in this transmission is privileged and confidential
> information intended only for the use of the individual or entity named
> above. If the reader of this message is not the intended recipient, you are
> hereby notified that any dissemination, distribution or copying of this
> communication is strictly prohibited. If you have received this transmission
> in error, do not read it. Please immediately reply to the sender that you
> have received this communication in error and then delete it.
>
> Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário,
> pode conter informação privilegiada ou confidencial e é para uso exclusivo da
> pessoa ou entidade de destino. Se não é vossa senhoria o destinatário
> indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia
> sem autorização pode estar proibida em virtude da legislação vigente. Se
> recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente
> por esta mesma via e proceda a sua destruição
> _______________________________________________
> netmod mailing list
> netmod@ietf.org
> https://www.ietf.org/mailman/listinfo/netmod
--
Juergen Schoenwaelder Jacobs University Bremen gGmbH
Phone: +49 421 200 3587 Campus Ring 1 | 28759 Bremen | Germany
Fax: +49 421 200 3103 <https://www.jacobs-university.de/>
_______________________________________________
netmod mailing list
netmod@ietf.org
https://www.ietf.org/mailman/listinfo/netmod
