Acl: source and destination match field data AND/OR clarification

openconfig / public

Repository for publishing OpenConfig models, documentation, and other material for the community.

Apache License 2.0

892 stars 645 forks source link

Acl: source and destination match field data AND/OR clarification #1157

Open steliosp-arista opened 1 month ago

steliosp-arista commented 1 month ago

Hello,

I would like to clarify if both source-mac/source-address/source-port and destination-mac/destination-address/destination-port are defined, are packets filtered if both fields match or if any match?

For example, if /acl/acl-set/acl-entries/acl-entry/transport/config/source-port=10, /acl/acl-set/acl-entries/acl-entry/transport/config/source-port/destination-port=20, should this match packets with

source-port=10 AND source-port=20 OR
source-port=10 OR source-port=20

dplore commented 1 month ago

Hi, the intent derived from the description of processing rules in order is: Separate entries == OR Because if there is no match, processing proceeds to the next entry.

By deduction, that leaves us with Single entry == AND

I see this is not explicitly called out in the description though. I'll raise a PR to clarify.