Re: [netmod] IETF ACL model

This PR tries to address what are hopefully the last set of comments before we publish the draft for LC. Unless I hear objections, I will roll in these changes by the end of the week (Dec. 15). > On Nov 29, 2017, at 12:11 PM, Mahesh Jethanandani

Re: [netmod] IETF ACL model

Robert Wilton writes: > On 27/11/2017 13:17, Kristian Larsson wrote: >> Robert Wilton writes: >> >>> Thinking about this some more. I'm not sure what it means for the "ACL >>> Type" to be "any-acl". It seems that the "match any packet" should be a >>> type of ACE, e.g. perhaps as the last entry

Re: [netmod] IETF ACL model

gt; >> Cc: "Robert Wilton -X (rwilton - ENSOFT LIMITED at Cisco)" >> mailto:rwil...@cisco.com>>, Jeffrey Haas >> mailto:jh...@juniper.net>>, Cisco Employee >> mailto:agarw...@cisco.com>>, Kristian Larsson >> mailto:k...@spritelink.net>>, Kr

Re: [netmod] IETF ACL model

cisco.com>>, Kristian Larsson <mailto:k...@spritelink.net>>, Kristian Larsson <mailto:k...@dev.terastrm.net>>, Martin Bjorklund <mailto:m...@tail-f.com>> > Subject: Re: [netmod] IETF ACL model > > The updated commit here > <https://github.com/n

Re: [netmod] IETF ACL model

The updated commit here takes care of restoring “type" to "acl-type", fixes some indentation issues, adds a choice for “l3" where either “ipv4" or “ipv6" can be selected, and a similar choice at “l

Re: [netmod] IETF ACL model

Mahesh Jethanandani wrote: > An updated version of the model has been posted as part of the PR here > . > > The particular change removes any-acl from the model, expands on eth > (to ethernet), removes acl- pr

Re: [netmod] IETF ACL model

An updated version of the model has been posted as part of the PR here . The particular change removes any-acl from the model, expands on eth (to ethernet), removes acl- prefix for things like acl-type and ac

Re: [netmod] IETF ACL model

On 27/11/2017 13:17, Kristian Larsson wrote: Robert Wilton writes: Thinking about this some more. I'm not sure what it means for the "ACL Type" to be "any-acl". It seems that the "match any packet" should be a type of ACE, e.g. perhaps as the last entry of an ACL, rather than a type of ACL.

Re: [netmod] IETF ACL model

Robert Wilton writes: > Thinking about this some more. I'm not sure what it means for the "ACL > Type" to be "any-acl". It seems that the "match any packet" should be a > type of ACE, e.g. perhaps as the last entry of an ACL, rather than a > type of ACL. Yes, I agree as so far that any-acl m

Re: [netmod] IETF ACL model

Thinking about this some more.  I'm not sure what it means for the "ACL Type" to be "any-acl".  It seems that the "match any packet" should be a type of ACE, e.g. perhaps as the last entry of an ACL, rather than a type of ACL. Otherwise if the ACL type is "any-acl" then this only allows two ty

Re: [netmod] IETF ACL model

Mahesh Jethanandani wrote: > [Taking the discussion to the mailing list] > > The summary of the discussion happening on a private thread has to > do with the ‘any’ container (now leaf) definition in the ACL model > for something that matches anything, much like a ‘*’ would do in > regex. The disc

Re: [netmod] IETF ACL model

On 21/11/2017 16:25, Mahesh Jethanandani wrote: [Taking the discussion to the mailing list] The summary of the discussion happening on a private thread has to do with the ‘any’ container (now leaf) definition in the ACL model for something that matches anything, much like a ‘*’ would do in reg

Re: [netmod] IETF ACL model

[Taking the discussion to the mailing list] The summary of the discussion happening on a private thread has to do with the ‘any’ container (now leaf) definition in the ACL model for something that matches anything, much like a ‘*’ would do in regex. The discussion has come down to: - leave the