public icon indicating copy to clipboard operation
public copied to clipboard
verified publisher icon openconfig

[OC-ACL Enhancement Request] Sharing of ACL-SET

Open rajatiet opened this issue 4 years ago • 4 comments

Hi OC-Team,

My name is Rajat Rastogi (Company: Juniper Networks)

While configuring ACL via openconfig-acl on Juniper Routers, the following problem was faced. Please go through the problem statement.

Problem Statement

In the present OC-ACL model, there is no knob to enable/disable sharing of acl-set across multiple interfaces. Due to this, a vendor has one of the two choices

#Disable: Disable acl-set sharing by default. Using acl-set statistics will be available this per interface. On the flip side, more hardware resources will be consumed which may not be desired for scale scenarios or use cases.

#Enable: Enable acl-set sharing by default. In this case, ACL-SET can be shared and reused. Less consumption of HW resources compared to a case when sharing was not done. This will helpful for scenarios where ACL-SET configuration can be shared across multiple interfaces (ingress/egress)

Proposed Solution

Knob to enable/disable sharing of acl-set. This knob will be at acl-set level.

Using this sharing of acl-set can be disabled/enabled as below

[edit] root@evovbrackla-RE0# set openconfig-acl:acl acl-sets acl-set f1 ACL_IPV4 config name F1 type ACL_IPV4 sharing-behavior ? Possible completions: ACL_SET_NOT_SHARED Applied ACL set instance will be unique per interface ACL_SET_SHARED Same ACL set instance will be applied across multiple interfaces [edit] root@evovbrackla-RE0#

Please let me know your inputs regarding this.

Thanks and regards Rajat Rastogi

rajatiet avatar Oct 11 '21 10:10 rajatiet

Please can you provide the relevant mappings to other implementations that show how this would be supported across different implementations?

Thanks, r.

robshakir avatar Oct 19 '21 06:10 robshakir

ACL sharing is common across other vendors as well.

  1. CISCO’s IOS XR Release 6.3.x, please refer to https://www.cisco.com/c/en/us/td/docs/iosxr/ncs5500/ip-addresses/63x/b-ip-addresses-configuration-guide-ncs5500-63x/b-ip-addresses-configuration-guide-ncs5500-63x_chapter_010.html#id_70758

  2. Arista EOS 4.27, please refer to https://www.arista.com/um-eos/eos-acls-and-route-maps#xx1345935

rajatiet avatar Nov 16 '21 04:11 rajatiet

Hi OC-Team,

Can you please revert back?

Thanks Rajat Rastogi

rajatiet avatar Nov 30 '21 03:11 rajatiet

Hi OC-Team,

Gentle reminder.

Can you please revert back?

Thanks Rajat Rastogi

rajatiet avatar Dec 08 '21 06:12 rajatiet

This issue is stale because it has been open 180 days with no activity. If you wish to keep this issue active, please remove the stale label or add a comment, otherwise will be closed in 14 days.

github-actions[bot] avatar May 24 '24 02:05 github-actions[bot]