summaryrefslogtreecommitdiffstats
path: root/v3po/api/src/main/yang
diff options
context:
space:
mode:
authorMarek Gradzki <mgradzki@cisco.com>2016-10-18 09:48:01 +0200
committerMarek Gradzki <mgradzki@cisco.com>2016-10-18 10:52:04 +0200
commitd5b62161bc45e5885de332f554eaa235d6bce347 (patch)
tree73a13233b5be2dfa87daf39706c1137bca993424 /v3po/api/src/main/yang
parentae735b4aacfc7008b0c12425367a419b47646350 (diff)
Make ip-version mandatory for all ACEs
- ip-version was mandatory only when mixing l2/l3 rules in one ACE (vpp api limitation). It needs to be provided also in case of ACEs that define l3 only rules (we allow mixing ip4/ip6 ACEs in one list). - updates postman collestion with example of L4 only acl Change-Id: Ifb863208c21a504cd61843f7540341bc35a6174a Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
Diffstat (limited to 'v3po/api/src/main/yang')
-rw-r--r--v3po/api/src/main/yang/vpp-acl.yang15
1 files changed, 10 insertions, 5 deletions
diff --git a/v3po/api/src/main/yang/vpp-acl.yang b/v3po/api/src/main/yang/vpp-acl.yang
index d0d24c98a..f0c93f45e 100644
--- a/v3po/api/src/main/yang/vpp-acl.yang
+++ b/v3po/api/src/main/yang/vpp-acl.yang
@@ -82,14 +82,19 @@ module vpp-acl {
Update/delete of ACL lists referenced here is not permitted (assignment needs to be removed first).
Read is supported only for acls that were created and assigned by Honeycomb agent
- (corresponding metadata are present).
+ (corresponding metadata is present).
+
+ Extensions:
+ - mixing ACEs of different type in one list is permited
+ - mixing L2/L3/L4 rules in one ACE is permited
Limitations (due to vpp limitations):
- egress rules are currently ignored (HONEYCOMB-234)
- - L4 rules are currently not supported (limited support will by provided by HONEYCOMB-218)
- - mixing L2 and L3 rules is possible only if ace-ip-version is provided
- (vpp classfier api limitation: common header fields for IP4/IP6 have different offsets)
- - L2 rules on L3 interfaces only to IP traffic (vpp classfier limitation)
+ - L4 rules support is limited (every <src,dst> port pair from provided ranges is translated to single classify
+ session; which can very slow or even crash vpp if ranges are big, see HONEYCOMB-260)
+ - ace-ip-version needs to be provided for all aces (consequence of posibility to mix ACEs of different types,
+ and vpp classfier api limitation: common header fields for IP4/IP6 have different offsets)
+ - L2 rules on L3 interfaces are applied only to IP traffic (vpp classfier limitation)
- vlan tags are supported only for sub-interfaces defined as exact-match";
list acl {