summaryrefslogtreecommitdiffstats
path: root/examples/ncclient/acl
diff options
context:
space:
mode:
authorMarek Gradzki <mgradzki@cisco.com>2018-04-18 08:19:36 +0200
committerMarek Gradzki <mgradzki@cisco.com>2018-05-02 10:00:35 +0000
commit9f9d2614ff5bd0d2a1729d1793a9bd6ca3def717 (patch)
treeef26ca2c2b20f58b77244f8dafec75a5f3346e2d /examples/ncclient/acl
parent52ca7c2e86cf982bf1cd4aaea8869555fea0aa4a (diff)
HC2VPP-313: <copy-config> examples using nnclient library
Shows how to configure VPP using nnclient library. Requires following changes to ODL Netconf (HC2VPP-312): - <copy-config> support: https://git.opendaylight.org/gerrit/#/c/69606/ - various fixes to make ODL Netconf compatible with nnclient: https://git.opendaylight.org/gerrit/#/c/71181/ and ncclient library with the following change: https://github.com/marekgr/ncclient/commit/fbc31b06daf114c11dcb6bf1bcfac9127b2e0062 Change-Id: I3dceb8ead6e6f558a3c76f6c1c3b0ba5f7c52f93 Signed-off-by: Marek Gradzki <mgradzki@cisco.com> (cherry picked from commit 2e96f3423a2619cd2aa9d188de513723416c15e6)
Diffstat (limited to 'examples/ncclient/acl')
-rw-r--r--examples/ncclient/acl/copy_config_acl.xml182
-rw-r--r--examples/ncclient/acl/copy_config_acl_update.xml209
-rw-r--r--examples/ncclient/acl/expected_config_acl.xml183
-rw-r--r--examples/ncclient/acl/expected_config_acl_update.xml209
-rwxr-xr-xexamples/ncclient/acl/test_acl.sh18
-rwxr-xr-xexamples/ncclient/acl/test_acl_update.sh20
6 files changed, 821 insertions, 0 deletions
diff --git a/examples/ncclient/acl/copy_config_acl.xml b/examples/ncclient/acl/copy_config_acl.xml
new file mode 100644
index 000000000..d2177d643
--- /dev/null
+++ b/examples/ncclient/acl/copy_config_acl.xml
@@ -0,0 +1,182 @@
+<!--
+ ~ Copyright (c) 2018 Cisco Systems, Inc. and others. All rights reserved.
+ ~
+ ~ This program and the accompanying materials are made available under the
+ ~ terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ ~ and is available at http://www.eclipse.org/legal/epl-v10.html
+ -->
+<config>
+ <nat-config xmlns="urn:ietf:params:xml:ns:yang:ietf-nat">
+ <nat-instances>
+ <nat-instance>
+ <id>0</id>
+ </nat-instance>
+ </nat-instances>
+ </nat-config>
+ <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
+ <interface>
+ <name>local0</name>
+ <type xmlns:x="urn:ietf:params:xml:ns:yang:iana-if-type">x:ethernetCsmacd</type>
+ <enabled>false</enabled>
+ </interface>
+ <interface>
+ <name>loop1</name>
+ <description>for testing purposes</description>
+ <type xmlns:x="urn:opendaylight:params:xml:ns:yang:v3po">x:loopback</type>
+ <loopback xmlns="urn:opendaylight:params:xml:ns:yang:v3po">
+ <mac>00:ff:ff:ff:ff:ff</mac>
+ </loopback>
+ <acl xmlns="urn:opendaylight:params:xml:ns:yang:interface:acl">
+ <ingress>
+ <vpp-acls>
+ <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</type>
+ <name>tcp-acl</name>
+ </vpp-acls>
+ <vpp-acls>
+ <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</type>
+ <name>udp-acl</name>
+ </vpp-acls>
+ <vpp-macip-acl>
+ <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-macip-acl</type>
+ <name>macip-acl</name>
+ </vpp-macip-acl>
+ </ingress>
+ </acl>
+ </interface>
+ </interfaces>
+ <access-lists xmlns="urn:ietf:params:xml:ns:yang:ietf-access-control-list">
+ <acl>
+ <acl-name>macip-acl</acl-name>
+ <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-macip-acl</acl-type>
+ <access-list-entries>
+ <ace>
+ <rule-name>macip-rule</rule-name>
+ <matches>
+ <vpp-macip-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
+ <source-mac-address>aa:aa:aa:aa:aa:aa</source-mac-address>
+ <source-mac-address-mask>ff:00:00:00:00:00</source-mac-address-mask>
+ </vpp-macip-ace-nodes>
+ </matches>
+ <actions>
+ <permit/>
+ </actions>
+ </ace>
+ </access-list-entries>
+ </acl>
+ <acl>
+ <acl-name>icmp-v6-acl</acl-name>
+ <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
+ <access-list-entries>
+ <ace>
+ <rule-name>imcp-v6-rule</rule-name>
+ <matches>
+ <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <destination-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0001/64</destination-ipv6-network>
+ <source-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0002/48</source-ipv6-network>
+ <icmp-v6-nodes>
+ <icmp-type-range>
+ <last>8</last>
+ <first>5</first>
+ </icmp-type-range>
+ <icmp-code-range>
+ <last>3</last>
+ <first>1</first>
+ </icmp-code-range>
+ </icmp-v6-nodes>
+ </vpp-ace-nodes>
+ </matches>
+ <actions>
+ <permit/>
+ </actions>
+ </ace>
+ </access-list-entries>
+ </acl>
+ <acl>
+ <acl-name>udp-acl</acl-name>
+ <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
+ <access-list-entries>
+ <ace>
+ <rule-name>udp-rule</rule-name>
+ <matches>
+ <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
+ <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
+ <udp-nodes>
+ <source-port-range>
+ <upper-port>5487</upper-port>
+ <lower-port>1</lower-port>
+ </source-port-range>
+ <destination-port-range>
+ <upper-port>6745</upper-port>
+ <lower-port>87</lower-port>
+ </destination-port-range>
+ </udp-nodes>
+ </vpp-ace-nodes>
+ </matches>
+ <actions>
+ <permit/>
+ </actions>
+ </ace>
+ </access-list-entries>
+ </acl>
+ <acl>
+ <acl-name>tcp-acl</acl-name>
+ <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
+ <access-list-entries>
+ <ace>
+ <rule-name>tcp-rule</rule-name>
+ <matches>
+ <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
+ <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
+ <tcp-nodes>
+ <source-port-range>
+ <upper-port>5487</upper-port>
+ <lower-port>1</lower-port>
+ </source-port-range>
+ <destination-port-range>
+ <upper-port>6745</upper-port>
+ <lower-port>87</lower-port>
+ </destination-port-range>
+ <tcp-flags-mask>1</tcp-flags-mask>
+ <tcp-flags-value>7</tcp-flags-value>
+ </tcp-nodes>
+ </vpp-ace-nodes>
+ </matches>
+ <actions>
+ <permit/>
+ </actions>
+ </ace>
+ </access-list-entries>
+ </acl>
+ <acl>
+ <acl-name>icmp-acl</acl-name>
+ <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
+ <access-list-entries>
+ <ace>
+ <rule-name>imcp-rule</rule-name>
+ <matches>
+ <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
+ <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
+ <icmp-nodes>
+ <icmp-type-range>
+ <last>8</last>
+ <first>5</first>
+ </icmp-type-range>
+ <icmp-code-range>
+ <last>3</last>
+ <first>1</first>
+ </icmp-code-range>
+ </icmp-nodes>
+ </vpp-ace-nodes>
+ </matches>
+ <actions>
+ <permit/>
+ </actions>
+ </ace>
+ </access-list-entries>
+ </acl>
+ </access-lists>
+</config>
diff --git a/examples/ncclient/acl/copy_config_acl_update.xml b/examples/ncclient/acl/copy_config_acl_update.xml
new file mode 100644
index 000000000..1a30ece94
--- /dev/null
+++ b/examples/ncclient/acl/copy_config_acl_update.xml
@@ -0,0 +1,209 @@
+<!--
+ ~ Copyright (c) 2018 Cisco Systems, Inc. and others. All rights reserved.
+ ~
+ ~ This program and the accompanying materials are made available under the
+ ~ terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ ~ and is available at http://www.eclipse.org/legal/epl-v10.html
+ -->
+<config>
+ <nat-config xmlns="urn:ietf:params:xml:ns:yang:ietf-nat">
+ <nat-instances>
+ <nat-instance>
+ <id>0</id>
+ </nat-instance>
+ </nat-instances>
+ </nat-config>
+ <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
+ <interface>
+ <name>local0</name>
+ <type xmlns:x="urn:ietf:params:xml:ns:yang:iana-if-type">x:ethernetCsmacd</type>
+ <enabled>false</enabled>
+ </interface>
+ <interface>
+ <name>loop1</name>
+ <description>for testing purposes</description>
+ <type xmlns:x="urn:opendaylight:params:xml:ns:yang:v3po">x:loopback</type>
+ <loopback xmlns="urn:opendaylight:params:xml:ns:yang:v3po">
+ <mac>00:ff:ff:ff:ff:ff</mac>
+ </loopback>
+ <acl xmlns="urn:opendaylight:params:xml:ns:yang:interface:acl">
+ <ingress>
+ <vpp-macip-acl>
+ <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-macip-acl</type>
+ <name>macip-acl</name>
+ </vpp-macip-acl>
+ </ingress>
+ </acl>
+ </interface>
+ <interface>
+ <name>loop2</name>
+ <description>for testing purposes</description>
+ <type xmlns:x="urn:opendaylight:params:xml:ns:yang:v3po">x:loopback</type>
+ <loopback xmlns="urn:opendaylight:params:xml:ns:yang:v3po">
+ <mac>aa:ff:ff:ff:ff:ff</mac>
+ </loopback>
+ <acl xmlns="urn:opendaylight:params:xml:ns:yang:interface:acl">
+ <ingress>
+ <vpp-acls>
+ <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</type>
+ <name>tcp-acl2</name>
+ </vpp-acls>
+ <vpp-acls>
+ <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</type>
+ <name>udp-acl</name>
+ </vpp-acls>
+ </ingress>
+ </acl>
+ </interface>
+ </interfaces>
+ <access-lists xmlns="urn:ietf:params:xml:ns:yang:ietf-access-control-list">
+ <acl>
+ <acl-name>macip-acl</acl-name>
+ <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-macip-acl</acl-type>
+ <access-list-entries>
+ <ace>
+ <rule-name>macip-rule</rule-name>
+ <matches>
+ <vpp-macip-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
+ <source-mac-address>aa:aa:aa:aa:aa:aa</source-mac-address>
+ <source-mac-address-mask>ff:00:00:00:00:00</source-mac-address-mask>
+ </vpp-macip-ace-nodes>
+ </matches>
+ <actions>
+ <permit/>
+ </actions>
+ </ace>
+ </access-list-entries>
+ </acl>
+ <acl>
+ <acl-name>icmp-v6-acl</acl-name>
+ <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
+ <access-list-entries>
+ <ace>
+ <rule-name>imcp-v6-rule</rule-name>
+ <matches>
+ <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <destination-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0001/64
+ </destination-ipv6-network>
+ <source-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0002/48</source-ipv6-network>
+ <icmp-v6-nodes>
+ <icmp-type-range>
+ <last>8</last>
+ <first>5</first>
+ </icmp-type-range>
+ <icmp-code-range>
+ <last>3</last>
+ <first>1</first>
+ </icmp-code-range>
+ </icmp-v6-nodes>
+ </vpp-ace-nodes>
+ </matches>
+ <actions>
+ <permit/>
+ </actions>
+ </ace>
+ </access-list-entries>
+ </acl>
+ <acl>
+ <acl-name>udp-acl</acl-name>
+ <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
+ <access-list-entries>
+ <ace>
+ <rule-name>udp-rule</rule-name>
+ <matches>
+ <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
+ <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
+ <udp-nodes>
+ <source-port-range>
+ <upper-port>5486</upper-port>
+ <lower-port>11</lower-port>
+ </source-port-range>
+ </udp-nodes>
+ </vpp-ace-nodes>
+ </matches>
+ <actions>
+ <permit/>
+ </actions>
+ </ace>
+ </access-list-entries>
+ </acl>
+ <acl>
+ <acl-name>tcp-acl2</acl-name>
+ <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
+ <access-list-entries>
+ <ace>
+ <rule-name>tcp-rule</rule-name>
+ <matches>
+ <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
+ <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
+ <tcp-nodes>
+ <source-port-range>
+ <upper-port>5487</upper-port>
+ <lower-port>1</lower-port>
+ </source-port-range>
+ <destination-port-range>
+ <upper-port>6745</upper-port>
+ <lower-port>87</lower-port>
+ </destination-port-range>
+ <tcp-flags-mask>1</tcp-flags-mask>
+ <tcp-flags-value>7</tcp-flags-value>
+ </tcp-nodes>
+ </vpp-ace-nodes>
+ </matches>
+ <actions>
+ <permit/>
+ </actions>
+ </ace>
+ </access-list-entries>
+ </acl>
+ <acl>
+ <acl-name>icmp-acl</acl-name>
+ <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
+ <access-list-entries>
+ <ace>
+ <rule-name>renamed-imcp-rule</rule-name>
+ <matches>
+ <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
+ <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
+ <icmp-nodes>
+ <icmp-type-range>
+ <last>8</last>
+ <first>5</first>
+ </icmp-type-range>
+ <icmp-code-range>
+ <last>3</last>
+ <first>1</first>
+ </icmp-code-range>
+ </icmp-nodes>
+ </vpp-ace-nodes>
+ </matches>
+ <actions>
+ <permit/>
+ </actions>
+ </ace>
+ <ace>
+ <rule-name>new-icmp-rule</rule-name>
+ <matches>
+ <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <destination-ipv4-network>10.1.1.1/24</destination-ipv4-network>
+ <source-ipv4-network>10.2.2.2/32</source-ipv4-network>
+ <icmp-nodes>
+ <icmp-type-range>
+ <first>4</first>
+ <last>9</last>
+ </icmp-type-range>
+ </icmp-nodes>
+ </vpp-ace-nodes>
+ </matches>
+ <actions>
+ <permit/>
+ </actions>
+ </ace>
+ </access-list-entries>
+ </acl>
+ </access-lists>
+</config>
diff --git a/examples/ncclient/acl/expected_config_acl.xml b/examples/ncclient/acl/expected_config_acl.xml
new file mode 100644
index 000000000..735e0f43d
--- /dev/null
+++ b/examples/ncclient/acl/expected_config_acl.xml
@@ -0,0 +1,183 @@
+<!--
+ ~ Copyright (c) 2018 Cisco Systems, Inc. and others. All rights reserved.
+ ~
+ ~ This program and the accompanying materials are made available under the
+ ~ terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ ~ and is available at http://www.eclipse.org/legal/epl-v10.html
+ -->
+<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
+ <nat-config xmlns="urn:ietf:params:xml:ns:yang:ietf-nat">
+ <nat-instances>
+ <nat-instance>
+ <id>0</id>
+ </nat-instance>
+ </nat-instances>
+ </nat-config>
+ <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
+ <interface>
+ <name>local0</name>
+ <type xmlns:x="urn:ietf:params:xml:ns:yang:iana-if-type">x:ethernetCsmacd</type>
+ <enabled>false</enabled>
+ </interface>
+ <interface>
+ <name>loop1</name>
+ <description>for testing purposes</description>
+ <type xmlns:x="urn:opendaylight:params:xml:ns:yang:v3po">x:loopback</type>
+ <loopback xmlns="urn:opendaylight:params:xml:ns:yang:v3po">
+ <mac>00:ff:ff:ff:ff:ff</mac>
+ </loopback>
+ <acl xmlns="urn:opendaylight:params:xml:ns:yang:interface:acl">
+ <ingress>
+ <vpp-acls>
+ <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</type>
+ <name>tcp-acl</name>
+ </vpp-acls>
+ <vpp-acls>
+ <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</type>
+ <name>udp-acl</name>
+ </vpp-acls>
+ <vpp-macip-acl>
+ <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-macip-acl</type>
+ <name>macip-acl</name>
+ </vpp-macip-acl>
+ </ingress>
+ </acl>
+ </interface>
+ </interfaces>
+ <access-lists xmlns="urn:ietf:params:xml:ns:yang:ietf-access-control-list">
+ <acl>
+ <acl-name>macip-acl</acl-name>
+ <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-macip-acl</acl-type>
+ <access-list-entries>
+ <ace>
+ <rule-name>macip-rule</rule-name>
+ <matches>
+ <vpp-macip-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
+ <source-mac-address>aa:aa:aa:aa:aa:aa</source-mac-address>
+ <source-mac-address-mask>ff:00:00:00:00:00</source-mac-address-mask>
+ </vpp-macip-ace-nodes>
+ </matches>
+ <actions>
+ <permit/>
+ </actions>
+ </ace>
+ </access-list-entries>
+ </acl>
+ <acl>
+ <acl-name>icmp-v6-acl</acl-name>
+ <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
+ <access-list-entries>
+ <ace>
+ <rule-name>imcp-v6-rule</rule-name>
+ <matches>
+ <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <destination-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0001/64
+ </destination-ipv6-network>
+ <source-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0002/48</source-ipv6-network>
+ <icmp-v6-nodes>
+ <icmp-type-range>
+ <last>8</last>
+ <first>5</first>
+ </icmp-type-range>
+ <icmp-code-range>
+ <last>3</last>
+ <first>1</first>
+ </icmp-code-range>
+ </icmp-v6-nodes>
+ </vpp-ace-nodes>
+ </matches>
+ <actions>
+ <permit/>
+ </actions>
+ </ace>
+ </access-list-entries>
+ </acl>
+ <acl>
+ <acl-name>udp-acl</acl-name>
+ <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
+ <access-list-entries>
+ <ace>
+ <rule-name>udp-rule</rule-name>
+ <matches>
+ <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
+ <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
+ <udp-nodes>
+ <source-port-range>
+ <upper-port>5487</upper-port>
+ <lower-port>1</lower-port>
+ </source-port-range>
+ <destination-port-range>
+ <upper-port>6745</upper-port>
+ <lower-port>87</lower-port>
+ </destination-port-range>
+ </udp-nodes>
+ </vpp-ace-nodes>
+ </matches>
+ <actions>
+ <permit/>
+ </actions>
+ </ace>
+ </access-list-entries>
+ </acl>
+ <acl>
+ <acl-name>tcp-acl</acl-name>
+ <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
+ <access-list-entries>
+ <ace>
+ <rule-name>tcp-rule</rule-name>
+ <matches>
+ <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
+ <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
+ <tcp-nodes>
+ <source-port-range>
+ <upper-port>5487</upper-port>
+ <lower-port>1</lower-port>
+ </source-port-range>
+ <destination-port-range>
+ <upper-port>6745</upper-port>
+ <lower-port>87</lower-port>
+ </destination-port-range>
+ <tcp-flags-mask>1</tcp-flags-mask>
+ <tcp-flags-value>7</tcp-flags-value>
+ </tcp-nodes>
+ </vpp-ace-nodes>
+ </matches>
+ <actions>
+ <permit/>
+ </actions>
+ </ace>
+ </access-list-entries>
+ </acl>
+ <acl>
+ <acl-name>icmp-acl</acl-name>
+ <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
+ <access-list-entries>
+ <ace>
+ <rule-name>imcp-rule</rule-name>
+ <matches>
+ <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
+ <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
+ <icmp-nodes>
+ <icmp-type-range>
+ <last>8</last>
+ <first>5</first>
+ </icmp-type-range>
+ <icmp-code-range>
+ <last>3</last>
+ <first>1</first>
+ </icmp-code-range>
+ </icmp-nodes>
+ </vpp-ace-nodes>
+ </matches>
+ <actions>
+ <permit/>
+ </actions>
+ </ace>
+ </access-list-entries>
+ </acl>
+ </access-lists>
+</data>
diff --git a/examples/ncclient/acl/expected_config_acl_update.xml b/examples/ncclient/acl/expected_config_acl_update.xml
new file mode 100644
index 000000000..17f76ff69
--- /dev/null
+++ b/examples/ncclient/acl/expected_config_acl_update.xml
@@ -0,0 +1,209 @@
+<!--
+ ~ Copyright (c) 2018 Cisco Systems, Inc. and others. All rights reserved.
+ ~
+ ~ This program and the accompanying materials are made available under the
+ ~ terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ ~ and is available at http://www.eclipse.org/legal/epl-v10.html
+ -->
+<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
+ <nat-config xmlns="urn:ietf:params:xml:ns:yang:ietf-nat">
+ <nat-instances>
+ <nat-instance>
+ <id>0</id>
+ </nat-instance>
+ </nat-instances>
+ </nat-config>
+ <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
+ <interface>
+ <name>local0</name>
+ <type xmlns:x="urn:ietf:params:xml:ns:yang:iana-if-type">x:ethernetCsmacd</type>
+ <enabled>false</enabled>
+ </interface>
+ <interface>
+ <name>loop1</name>
+ <description>for testing purposes</description>
+ <type xmlns:x="urn:opendaylight:params:xml:ns:yang:v3po">x:loopback</type>
+ <loopback xmlns="urn:opendaylight:params:xml:ns:yang:v3po">
+ <mac>00:ff:ff:ff:ff:ff</mac>
+ </loopback>
+ <acl xmlns="urn:opendaylight:params:xml:ns:yang:interface:acl">
+ <ingress>
+ <vpp-macip-acl>
+ <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-macip-acl</type>
+ <name>macip-acl</name>
+ </vpp-macip-acl>
+ </ingress>
+ </acl>
+ </interface>
+ <interface>
+ <name>loop2</name>
+ <description>for testing purposes</description>
+ <type xmlns:x="urn:opendaylight:params:xml:ns:yang:v3po">x:loopback</type>
+ <loopback xmlns="urn:opendaylight:params:xml:ns:yang:v3po">
+ <mac>aa:ff:ff:ff:ff:ff</mac>
+ </loopback>
+ <acl xmlns="urn:opendaylight:params:xml:ns:yang:interface:acl">
+ <ingress>
+ <vpp-acls>
+ <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</type>
+ <name>tcp-acl2</name>
+ </vpp-acls>
+ <vpp-acls>
+ <type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</type>
+ <name>udp-acl</name>
+ </vpp-acls>
+ </ingress>
+ </acl>
+ </interface>
+ </interfaces>
+ <access-lists xmlns="urn:ietf:params:xml:ns:yang:ietf-access-control-list">
+ <acl>
+ <acl-name>macip-acl</acl-name>
+ <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-macip-acl</acl-type>
+ <access-list-entries>
+ <ace>
+ <rule-name>macip-rule</rule-name>
+ <matches>
+ <vpp-macip-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
+ <source-mac-address>aa:aa:aa:aa:aa:aa</source-mac-address>
+ <source-mac-address-mask>ff:00:00:00:00:00</source-mac-address-mask>
+ </vpp-macip-ace-nodes>
+ </matches>
+ <actions>
+ <permit/>
+ </actions>
+ </ace>
+ </access-list-entries>
+ </acl>
+ <acl>
+ <acl-name>icmp-v6-acl</acl-name>
+ <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
+ <access-list-entries>
+ <ace>
+ <rule-name>imcp-v6-rule</rule-name>
+ <matches>
+ <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <destination-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0001/64
+ </destination-ipv6-network>
+ <source-ipv6-network>2001:0db8:0a0b:12f0:0000:0000:0000:0002/48</source-ipv6-network>
+ <icmp-v6-nodes>
+ <icmp-type-range>
+ <last>8</last>
+ <first>5</first>
+ </icmp-type-range>
+ <icmp-code-range>
+ <last>3</last>
+ <first>1</first>
+ </icmp-code-range>
+ </icmp-v6-nodes>
+ </vpp-ace-nodes>
+ </matches>
+ <actions>
+ <permit/>
+ </actions>
+ </ace>
+ </access-list-entries>
+ </acl>
+ <acl>
+ <acl-name>udp-acl</acl-name>
+ <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
+ <access-list-entries>
+ <ace>
+ <rule-name>udp-rule</rule-name>
+ <matches>
+ <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
+ <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
+ <udp-nodes>
+ <source-port-range>
+ <upper-port>5486</upper-port>
+ <lower-port>11</lower-port>
+ </source-port-range>
+ </udp-nodes>
+ </vpp-ace-nodes>
+ </matches>
+ <actions>
+ <permit/>
+ </actions>
+ </ace>
+ </access-list-entries>
+ </acl>
+ <acl>
+ <acl-name>tcp-acl2</acl-name>
+ <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
+ <access-list-entries>
+ <ace>
+ <rule-name>tcp-rule</rule-name>
+ <matches>
+ <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
+ <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
+ <tcp-nodes>
+ <source-port-range>
+ <upper-port>5487</upper-port>
+ <lower-port>1</lower-port>
+ </source-port-range>
+ <destination-port-range>
+ <upper-port>6745</upper-port>
+ <lower-port>87</lower-port>
+ </destination-port-range>
+ <tcp-flags-mask>1</tcp-flags-mask>
+ <tcp-flags-value>7</tcp-flags-value>
+ </tcp-nodes>
+ </vpp-ace-nodes>
+ </matches>
+ <actions>
+ <permit/>
+ </actions>
+ </ace>
+ </access-list-entries>
+ </acl>
+ <acl>
+ <acl-name>icmp-acl</acl-name>
+ <acl-type xmlns:x="urn:opendaylight:params:xml:ns:yang:vpp:acl">x:vpp-acl</acl-type>
+ <access-list-entries>
+ <ace>
+ <rule-name>renamed-imcp-rule</rule-name>
+ <matches>
+ <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <destination-ipv4-network>192.168.2.1/24</destination-ipv4-network>
+ <source-ipv4-network>192.168.2.2/32</source-ipv4-network>
+ <icmp-nodes>
+ <icmp-type-range>
+ <last>8</last>
+ <first>5</first>
+ </icmp-type-range>
+ <icmp-code-range>
+ <last>3</last>
+ <first>1</first>
+ </icmp-code-range>
+ </icmp-nodes>
+ </vpp-ace-nodes>
+ </matches>
+ <actions>
+ <permit/>
+ </actions>
+ </ace>
+ <ace>
+ <rule-name>new-icmp-rule</rule-name>
+ <matches>
+ <vpp-ace-nodes xmlns="urn:opendaylight:params:xml:ns:yang:vpp:acl">
+ <destination-ipv4-network>10.1.1.1/24</destination-ipv4-network>
+ <source-ipv4-network>10.2.2.2/32</source-ipv4-network>
+ <icmp-nodes>
+ <icmp-type-range>
+ <first>4</first>
+ <last>9</last>
+ </icmp-type-range>
+ </icmp-nodes>
+ </vpp-ace-nodes>
+ </matches>
+ <actions>
+ <permit/>
+ </actions>
+ </ace>
+ </access-list-entries>
+ </acl>
+ </access-lists>
+</data>
diff --git a/examples/ncclient/acl/test_acl.sh b/examples/ncclient/acl/test_acl.sh
new file mode 100755
index 000000000..aedb842af
--- /dev/null
+++ b/examples/ncclient/acl/test_acl.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+#
+# Copyright (c) 2018 Cisco and/or its affiliates.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+DIR_NAME=$(dirname $0)
+
+${DIR_NAME}/../test_copy_config.sh ${DIR_NAME}/copy_config_acl.xml ${DIR_NAME}/expected_config_acl.xml
diff --git a/examples/ncclient/acl/test_acl_update.sh b/examples/ncclient/acl/test_acl_update.sh
new file mode 100755
index 000000000..6dedbfeaa
--- /dev/null
+++ b/examples/ncclient/acl/test_acl_update.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+#
+# Copyright (c) 2018 Cisco and/or its affiliates.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+DIR_NAME=$(dirname $0)
+
+${DIR_NAME}/../test_copy_config.sh ${DIR_NAME}/copy_config_acl.xml ${DIR_NAME}/expected_config_acl.xml
+
+${DIR_NAME}/../test_copy_config.sh ${DIR_NAME}/copy_config_acl_update.xml ${DIR_NAME}/expected_config_acl_update.xml