From e038e92d86fce2df7e50071436ceac5cf0a9ba24 Mon Sep 17 00:00:00 2001
From: Marek Gradzki <mgradzki@cisco.com>
Date: Tue, 18 Oct 2016 09:48:01 +0200
Subject: Make ip-version mandatory for all ACEs

- ip-version was mandatory only when mixing l2/l3 rules in one ACE
(vpp api limitation). It needs to be provided also in case of
ACEs that define l3 only rules (we allow mixing ip4/ip6 ACEs
in one list).

- updates postman collestion with example of L4 only acl

Change-Id: Ifb863208c21a504cd61843f7540341bc35a6174a
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
---
 v3po/api/src/main/yang/vpp-acl.yang | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

(limited to 'v3po/api')

diff --git a/v3po/api/src/main/yang/vpp-acl.yang b/v3po/api/src/main/yang/vpp-acl.yang
index d0d24c98a..f0c93f45e 100644
--- a/v3po/api/src/main/yang/vpp-acl.yang
+++ b/v3po/api/src/main/yang/vpp-acl.yang
@@ -82,14 +82,19 @@ module vpp-acl {
         Update/delete of ACL lists referenced here is not permitted (assignment needs to be removed first).
 
         Read is supported only for acls that were created and assigned by Honeycomb agent
-        (corresponding metadata are present).
+        (corresponding metadata is present).
+
+        Extensions:
+        - mixing ACEs of different type in one list is permited
+        - mixing L2/L3/L4 rules in one ACE is permited
 
         Limitations (due to vpp limitations):
         - egress rules are currently ignored (HONEYCOMB-234)
-        - L4 rules are currently not supported (limited support will by provided by HONEYCOMB-218)
-        - mixing L2 and L3 rules is possible only if ace-ip-version is provided
-          (vpp classfier api limitation: common header fields for IP4/IP6 have different offsets)
-        - L2 rules on L3 interfaces only to IP traffic (vpp classfier limitation)
+        - L4 rules support is limited (every <src,dst> port pair from provided ranges is translated to single classify
+        session; which can very slow or even crash vpp if ranges are big, see HONEYCOMB-260)
+        - ace-ip-version needs to be provided for all aces (consequence of posibility to mix ACEs of different types,
+          and vpp classfier api limitation: common header fields for IP4/IP6 have different offsets)
+        - L2 rules on L3 interfaces are applied only to IP traffic (vpp classfier limitation)
         - vlan tags are supported only for sub-interfaces defined as exact-match";
 
       list acl {
-- 
cgit 1.2.3-korg