search

openconfig / public

Repository for publishing OpenConfig models, documentation, and other material for the community.
Apache License 2.0
875 stars 643 forks source link

[OC-ACL Enhancement Request] Sharing of ACL-SET #499

Open rajatiet opened 2 years ago

rajatiet commented 2 years ago

Hi OC-Team,

My name is Rajat Rastogi (Company: Juniper Networks)

While configuring ACL via openconfig-acl on Juniper Routers, the following problem was faced. Please go through the problem statement.

Problem Statement

In the present OC-ACL model, there is no knob to enable/disable sharing of acl-set across multiple interfaces. Due to this, a vendor has one of the two choices

Disable: Disable acl-set sharing by default. Using acl-set statistics will be available this per interface. On the flip side, more hardware resources will be consumed which may not be desired for scale scenarios or use cases.

Enable: Enable acl-set sharing by default. In this case, ACL-SET can be shared and reused. Less consumption of HW resources compared to a case when sharing was not done. This will helpful for scenarios where ACL-SET configuration can be shared across multiple interfaces (ingress/egress)

Proposed Solution

Knob to enable/disable sharing of acl-set. This knob will be at acl-set level.

Using this sharing of acl-set can be disabled/enabled as below

[edit] root@evovbrackla-RE0# set openconfig-acl:acl acl-sets acl-set f1 ACL_IPV4 config name F1 type ACL_IPV4 sharing-behavior ? Possible completions: ACL_SET_NOT_SHARED Applied ACL set instance will be unique per interface ACL_SET_SHARED Same ACL set instance will be applied across multiple interfaces [edit] root@evovbrackla-RE0#

Please let me know your inputs regarding this.

Thanks and regards Rajat Rastogi

robshakir commented 2 years ago

Please can you provide the relevant mappings to other implementations that show how this would be supported across different implementations?

Thanks, r.

rajatiet commented 2 years ago

ACL sharing is common across other vendors as well.

1) CISCO’s IOS XR Release 6.3.x, please refer to https://www.cisco.com/c/en/us/td/docs/iosxr/ncs5500/ip-addresses/63x/b-ip-addresses-configuration-guide-ncs5500-63x/b-ip-addresses-configuration-guide-ncs5500-63x_chapter_010.html#id_70758

2) Arista EOS 4.27, please refer to https://www.arista.com/um-eos/eos-acls-and-route-maps#xx1345935

rajatiet commented 2 years ago

Hi OC-Team,

Can you please revert back?

Thanks Rajat Rastogi

rajatiet commented 2 years ago

Hi OC-Team,

Gentle reminder.

Can you please revert back?

Thanks Rajat Rastogi

github-actions[bot] commented 1 month ago

This issue is stale because it has been open 180 days with no activity. If you wish to keep this issue active, please remove the stale label or add a comment, otherwise will be closed in 14 days.