Presentation is loading. Please wait.

Presentation is loading. Please wait.

IETF ACL YANG Enhancements

Published byNeil Benson Modified over 6 years ago

Similar presentations

Presentation on theme: "IETF ACL YANG Enhancements"— Presentation transcript:

1 IETF ACL YANG Enhancements
Sonal Agarwal Mahesh Jethanandani

2 Agenda Support for combinations of ACL address family types
Inclusion of match & action parameters Open Issues found on further review

3 Support for combinations of ACL address family types
What’s in the current model? Draft 10 allowed different types of ACEs (IPv4, IPv6, L2) to be configured within a single ACL What is the problem with that? Model is error prone because it does not perform strict type checks of the ACL Extending the model to include additional types would modify the main model Lacks flexibility as it supported only IPv4, IPv6 & L2

4 Support for combinations of ACL address family types
identity ipv4-acl { base acl:acl-base; } feature ipv4-acl { description "Layer 3 IPv4 ACL supported"; container ipv4-acl { if-feature ipv4-acl; must "../../../../acl-type = 'ipv4-acl'"; uses packet-fields:acl-ip-header-fields; uses packet-fields:acl-ipv4-header-fields; description "Rule set that supports IPv4 headers."; } What is the enhancement in Draft 11? Identified all possible L2 & L3 ACL combinations Added identity/feature/container statements for the above types What are the benefits of this enhancement? Stricter ACL type checks Only supports parts of the model identified by the feature and removes all other parts of model Easy to extend ACL types by adding new identity, feature and container statements

5 Support for combinations of ACL address family types
What are the different ACL types supported in draft 11? acl_base ipv4-acl ipv6-acl eth-acl mixed-l2-l3-ipv6-acl mixed-l2-l3-ipv4-acl mixed-l2-l3-ipv4-ipv6-acl any-acl

6 Inclusion of more match & action parameters
feature tcp-acl {} container tcp-acl { if-feature tcp-acl; uses packet-fields: acl-tcp-header-fields; } feature udp-acl {} container udp-acl { if-feature udp-acl; uses packet-fields: acl-udp-header-fields; } feature icmp-acl {} container icmp-acl { if-feature icmp-acl; uses packet-fields: acl-icmp-header-fields; } leaf logging {type boolean;}

7 Open issues

Download ppt "IETF ACL YANG Enhancements"

Similar presentations

Ch. 2 Protocol Architecture. 2.1 The Need for a Protocol Architecture Same set of layered functions need to exist in the two communicating systems. Key.

Ch. 2 Protocol Architecture. 2.1 The Need for a Protocol Architecture Same set of layered functions need to exist in the two communicating systems. Key.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Access Control Lists John Mowry.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Access Control Lists John Mowry.
Chapter 9: Access Control Lists

Chapter 9: Access Control Lists
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.
Policy Based Routing using ACL & Route Map By Group 7 Nischal (304360958) Pranali (304378534)

Policy Based Routing using ACL & Route Map By Group 7 Nischal ( ) Pranali ( )
1 Access Lists. 2 Introduction ACL (access list)  a list of conditions that categorize packets. Rules:  Sequential order.  Until a match is made. 

1 Access Lists. 2 Introduction ACL (access list)  a list of conditions that categorize packets. Rules:  Sequential order.  Until a match is made. 
ARP and RARP The left side of this slide gives an ARP message in hexadecimal format, identify the ARP header fields, and work out their corresponding values.

ARP and RARP The left side of this slide gives an ARP message in hexadecimal format, identify the ARP header fields, and work out their corresponding values.
CCNA 2 v3.1 Module 11.

CCNA 2 v3.1 Module 11.
Circuit & Application Level Gateways CS-431 Dick Steflik.

Circuit & Application Level Gateways CS-431 Dick Steflik.
1 Semester 2 Module 11 Access Control Lists (ACLs) Yuda college of business James Chen

1 Semester 2 Module 11 Access Control Lists (ACLs) Yuda college of business James Chen
Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. CCNA ACLs Deepdive February, 2012 Jaskaran Kalsi Assoc. Technical Manager.

Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. CCNA ACLs Deepdive February, 2012 Jaskaran Kalsi Assoc. Technical Manager.
The OSI Reference Model Key concepts: Layers Communications between two adjacent layers Encapsulation Multiplexing and demultiplexing Tunneling.

The OSI Reference Model Key concepts: Layers Communications between two adjacent layers Encapsulation Multiplexing and demultiplexing Tunneling.
Access Control Lists Written by Bill Reed 03/11/05.

Access Control Lists Written by Bill Reed 03/11/05.
Professor OKAMURA Laboratory. Othman Othman M.M. 1.

Professor OKAMURA Laboratory. Othman Othman M.M. 1.
Network Certification Preparation. Module - 5 Basic troubleshooting of IP addressing issues Basic troubleshooting of RIP and IGRP Basic troubleshooting.

Network Certification Preparation. Module - 5 Basic troubleshooting of IP addressing issues Basic troubleshooting of RIP and IGRP Basic troubleshooting.
Network Admin Course Plan Accede Institute Of Science & Technology.

Network Admin Course Plan Accede Institute Of Science & Technology.
Protocols and the TCP/IP Suite

Protocols and the TCP/IP Suite
Session 2 Security Monitoring Identify Device Status Traffic Analysis Routing Protocol Status Configuration & Log Classification.

Session 2 Security Monitoring Identify Device Status Traffic Analysis Routing Protocol Status Configuration & Log Classification.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.

Similar presentations

Ads by Google