draft-ietf-netmod-acl-model-04.txt   draft-ietf-netmod-acl-model-05.txt 
skipping to change at page 1, line 14 skipping to change at page 1, line 14
Internet-Draft Internet-Draft
Intended status: Standards Track K. Sreenivasa Intended status: Standards Track K. Sreenivasa
Expires: April 19, 2016 Brocade Communications System Expires: April 19, 2016 Brocade Communications System
L. Huang L. Huang
Juniper Networks Juniper Networks
D. Blair D. Blair
Cisco Systems Cisco Systems
October 17, 2015 October 17, 2015
Network Access Control List (ACL) YANG Data Model Network Access Control List (ACL) YANG Data Model
draft-ietf-netmod-acl-model-04 draft-ietf-netmod-acl-model-05
Abstract Abstract
This document describes a data model of Access Control List (ACL) This document describes a data model of Access Control List (ACL)
basic building blocks. basic building blocks.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
skipping to change at page 20, line 48 skipping to change at page 20, line 48
prefixes. Much like ACLs, they include some match criteria and prefixes. Much like ACLs, they include some match criteria and
corresponding match action(s). For that reason, it is very simple to corresponding match action(s). For that reason, it is very simple to
extend existing ACL model with route filtering. The combination of a extend existing ACL model with route filtering. The combination of a
route prefix and prefix length along with the type of match route prefix and prefix length along with the type of match
determines how route filters are evaluated against incoming routes. determines how route filters are evaluated against incoming routes.
Different vendors have different match types and in this model we are Different vendors have different match types and in this model we are
using only ones that are common across all vendors participating in using only ones that are common across all vendors participating in
this draft. As in this example, the base ACL model can be extended this draft. As in this example, the base ACL model can be extended
with company proprietary extensions, described in the next section. with company proprietary extensions, described in the next section.
file "example-ext-route-filter@2015-02-14.yang" file "ietf-example-ext-route-filter@2015-02-14.yang"
module example-ext-route-filter { module ietf-example-ext-route-filter {
yang-version 1; yang-version 1;
namespace "urn:ietf:params:xml:ns:yang:example-ext-route-filter"; namespace "urn:ietf:params:xml:ns:yang:ietf-example-ext-route-filter";
prefix example-ext-route-filter; prefix ietf-example-ext-route-filter;
import ietf-inet-types { import ietf-inet-types {
prefix "inet"; prefix "inet";
} }
import ietf-access-control-list { import ietf-access-control-list {
prefix "ietf-acl"; prefix "ietf-acl";
} }
organization organization
"Route modele group."; "Route modele group.";
contact contact
"abc@abc.com"; "abc@abc.com";
description " description "
This module describes route filter as a collection of This module describes route filter as a collection of
match prefixes. When specifying a match prefix, you match prefixes. When specifying a match prefix, you
can specify an exact match with a particular route or can specify an exact match with a particular route or
a less precise match. You can configure either a a less precise match. You can configure either a
common action that applies to the entire list or an common action that applies to the entire list or an
action associated with each prefix. action associated with each prefix.
"; ";
revision 2015-05-03 { revision 2015-05-03 {
description description
"Creating Route-Filter extension model based on "Creating Route-Filter extension model based on
ietf-access-control-list model"; ietf-access-control-list model";
reference " "; reference " ";
} }
augment "/ietf-acl:access-lists/ietf-acl:acl/ augment "/ietf-acl:access-lists/ietf-acl:acl/
ietf-acl:access-list-entries/ietf-acl:ace/ietf-acl:matches"{ ietf-acl:access-list-entries/ietf-acl:ace/ietf-acl:matches"{
description " description "
This module augments the matches container in the ietf-acl This module augments the matches container in the ietf-acl
module with route filter specific actions module with route filter specific actions
"; ";
choice route-prefix{ choice route-prefix{
description "Define route filter match criteria"; description "Define route filter match criteria";
case range { case range {
description description
" Route falls between the lower prefix/prefix-length " Route falls between the lower prefix/prefix-length
and the upperprefix/prefix-length."; and the upperprefix/prefix-length.";
choice ipv4-range { choice ipv4-range {
description "Defines the IPv4 prefix range"; description "Defines the IPv4 prefix range";
leaf v4-lower-bound { leaf v4-lower-bound {
type inet:ipv4-prefix; type inet:ipv4-prefix;
description description
"Defines the lower IPv4 prefix/prefix length"; "Defines the lower IPv4 prefix/prefix length";
} }
leaf v4-upper-bound { leaf v4-upper-bound {
type inet:ipv4-prefix; type inet:ipv4-prefix;
description description
"Defines the upper IPv4 prefix/prefix length"; "Defines the upper IPv4 prefix/prefix length";
} }
} }
choice ipv6-range { choice ipv6-range {
description "Defines the IPv6 prefix/prefix range"; description "Defines the IPv6 prefix/prefix range";
leaf v6-lower-bound { leaf v6-lower-bound {
type inet:ipv6-prefix; type inet:ipv6-prefix;
description description
"Defines the lower IPv6 prefix/prefix length"; "Defines the lower IPv6 prefix/prefix length";
} }
leaf v6-upper-bound { leaf v6-upper-bound {
type inet:ipv6-prefix; type inet:ipv6-prefix;
description description
"Defines the upper IPv6 prefix/prefix length"; "Defines the upper IPv6 prefix/prefix length";
} }
} }
} }
} }
} }
} }
A.2. A company proprietary module example A.2. A company proprietary module example
Module "example-newco-acl" is an example of company proprietary model Module "example-newco-acl" is an example of company proprietary model
that augments "ietf-acl" module. It shows how to use 'augment' with that augments "ietf-acl" module. It shows how to use 'augment' with
an XPath expression to add additional match criteria, action an XPath expression to add additional match criteria, action
criteria, and default actions when no ACE matches found. All these criteria, and default actions when no ACE matches found. All these
are company proprietary extensions or system feature extensions. are company proprietary extensions or system feature extensions.
"example-newco-acl" is just an example and it is expected from "example-newco-acl" is just an example and it is expected from
vendors to create their own proprietary models. vendors to create their own proprietary models.
 End of changes. 5 change blocks. 
72 lines changed or deleted 72 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/