Open rajatiet opened 2 years ago
Please can you provide the relevant mappings to other implementations that show how this would be supported across different implementations?
Thanks, r.
ACL sharing is common across other vendors as well.
1) CISCO’s IOS XR Release 6.3.x, please refer to https://www.cisco.com/c/en/us/td/docs/iosxr/ncs5500/ip-addresses/63x/b-ip-addresses-configuration-guide-ncs5500-63x/b-ip-addresses-configuration-guide-ncs5500-63x_chapter_010.html#id_70758
2) Arista EOS 4.27, please refer to https://www.arista.com/um-eos/eos-acls-and-route-maps#xx1345935
Hi OC-Team,
Can you please revert back?
Thanks Rajat Rastogi
Hi OC-Team,
Gentle reminder.
Can you please revert back?
Thanks Rajat Rastogi
This issue is stale because it has been open 180 days with no activity. If you wish to keep this issue active, please remove the stale label or add a comment, otherwise will be closed in 14 days.
Hi OC-Team,
My name is Rajat Rastogi (Company: Juniper Networks)
While configuring ACL via openconfig-acl on Juniper Routers, the following problem was faced. Please go through the problem statement.
Problem Statement
In the present OC-ACL model, there is no knob to enable/disable sharing of acl-set across multiple interfaces. Due to this, a vendor has one of the two choices
Disable: Disable acl-set sharing by default. Using acl-set statistics will be available this per interface. On the flip side, more hardware resources will be consumed which may not be desired for scale scenarios or use cases.
Enable: Enable acl-set sharing by default. In this case, ACL-SET can be shared and reused. Less consumption of HW resources compared to a case when sharing was not done. This will helpful for scenarios where ACL-SET configuration can be shared across multiple interfaces (ingress/egress)
Proposed Solution
Knob to enable/disable sharing of acl-set. This knob will be at acl-set level.
Using this sharing of acl-set can be disabled/enabled as below
[edit] root@evovbrackla-RE0# set openconfig-acl:acl acl-sets acl-set f1 ACL_IPV4 config name F1 type ACL_IPV4 sharing-behavior ? Possible completions: ACL_SET_NOT_SHARED Applied ACL set instance will be unique per interface ACL_SET_SHARED Same ACL set instance will be applied across multiple interfaces [edit] root@evovbrackla-RE0#
Please let me know your inputs regarding this.
Thanks and regards Rajat Rastogi