diff options
author | Marek Gradzki <mgradzki@cisco.com> | 2016-10-18 09:48:01 +0200 |
---|---|---|
committer | Marek Gradzki <mgradzki@cisco.com> | 2016-10-18 10:52:04 +0200 |
commit | d5b62161bc45e5885de332f554eaa235d6bce347 (patch) | |
tree | 73a13233b5be2dfa87daf39706c1137bca993424 /v3po/api/src/main/yang | |
parent | ae735b4aacfc7008b0c12425367a419b47646350 (diff) |
Make ip-version mandatory for all ACEs
- ip-version was mandatory only when mixing l2/l3 rules in one ACE
(vpp api limitation). It needs to be provided also in case of
ACEs that define l3 only rules (we allow mixing ip4/ip6 ACEs
in one list).
- updates postman collestion with example of L4 only acl
Change-Id: Ifb863208c21a504cd61843f7540341bc35a6174a
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
Diffstat (limited to 'v3po/api/src/main/yang')
-rw-r--r-- | v3po/api/src/main/yang/vpp-acl.yang | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/v3po/api/src/main/yang/vpp-acl.yang b/v3po/api/src/main/yang/vpp-acl.yang index d0d24c98a..f0c93f45e 100644 --- a/v3po/api/src/main/yang/vpp-acl.yang +++ b/v3po/api/src/main/yang/vpp-acl.yang @@ -82,14 +82,19 @@ module vpp-acl { Update/delete of ACL lists referenced here is not permitted (assignment needs to be removed first). Read is supported only for acls that were created and assigned by Honeycomb agent - (corresponding metadata are present). + (corresponding metadata is present). + + Extensions: + - mixing ACEs of different type in one list is permited + - mixing L2/L3/L4 rules in one ACE is permited Limitations (due to vpp limitations): - egress rules are currently ignored (HONEYCOMB-234) - - L4 rules are currently not supported (limited support will by provided by HONEYCOMB-218) - - mixing L2 and L3 rules is possible only if ace-ip-version is provided - (vpp classfier api limitation: common header fields for IP4/IP6 have different offsets) - - L2 rules on L3 interfaces only to IP traffic (vpp classfier limitation) + - L4 rules support is limited (every <src,dst> port pair from provided ranges is translated to single classify + session; which can very slow or even crash vpp if ranges are big, see HONEYCOMB-260) + - ace-ip-version needs to be provided for all aces (consequence of posibility to mix ACEs of different types, + and vpp classfier api limitation: common header fields for IP4/IP6 have different offsets) + - L2 rules on L3 interfaces are applied only to IP traffic (vpp classfier limitation) - vlan tags are supported only for sub-interfaces defined as exact-match"; list acl { |