Skip to Content.

rare-users - [gn4-3-wp6-t1-wb-RARE] hybrid and infra acl in rare...

Subject: RARE user and assistance email list

List archive


[gn4-3-wp6-t1-wb-RARE] hybrid and infra acl in rare...


Chronological Thread 
    < Chronological >      < Thread >
  • From: mc36 <>
  • To: ,
  • Subject: [gn4-3-wp6-t1-wb-RARE] hybrid and infra acl in rare...
  • Date: Fri, 11 Sep 2020 04:10:11 +0200
hi,
as there was such a huge interest in the infra acl, and i personally need the
hybrid acl to proceed,
please find the latest improvement below... it's clearly a control plane
solution and the p4 exporter
will just call this merger and unroller function before propagating it to the
dataplane...
btw i'll think about it further because i know that ncs5k does some magic
with both the
object groups and the infra acls and they not propagate it nor unrolled nor
merged, and
freertr also did not needed these functions to perform it in software...
floui: prepare yourself for the new acl test cases to arrive... :)
regards,
cs


sid#show config-differences
object-group network 1
sequence 10 1.1.1.0 255.255.255.0
sequence 20 2.2.0.0 255.255.0.0
exit
object-group network 2
sequence 10 3.3.3.0 255.255.255.128
sequence 20 4.4.0.0 255.255.128.0
sequence 30 5.0.0.0 255.128.0.0
exit
object-group port 1
sequence 10 11-22
sequence 20 33-44
exit
object-group port 2
sequence 10 55-66
sequence 20 77-88
sequence 30 111-222
exit
access-list 1
sequence 10 permit 1 any all any all
sequence 20 permit 2 any all any all
sequence 30 permit all any all any all
exit
access-list 2
sequence 10 permit 3 any all any all dscp 22-222
sequence 20 permit 4 any all any all flag 2-4
sequence 30 permit 5 obj 1 all any all log
sequence 40 permit 6 any obj 1 any all len 111-1111
sequence 50 permit 7 obj 1 obj 2 any all tos 33-123
sequence 60 deny 8 any all obj 2 all ttl 1-11
sequence 70 permit 9 any all obj 2 obj 1 log
sequence 80 permit 10 obj 1 obj 2 obj 2 obj 1 prec 12-23
exit

sid#test acl 1 2
sequence 10 permit 1 any all any all
sequence 20 permit 2 any all any all
sequence 30 permit 3 any all any all dscp 22-222
sequence 40 permit 4 any all any all flag 2-4
sequence 50 permit 5 1.1.1.0 255.255.255.0 all any all log
sequence 60 permit 5 2.2.0.0 255.255.0.0 all any all log
sequence 70 permit 6 any 11-22 any all len 111-1111
sequence 80 permit 6 any 33-44 any all len 111-1111
sequence 90 permit 7 1.1.1.0 255.255.255.0 55-66 any all tos 33-123
sequence 100 permit 7 1.1.1.0 255.255.255.0 77-88 any all tos 33-123
sequence 110 permit 7 1.1.1.0 255.255.255.0 111-222 any all tos 33-123
sequence 120 permit 7 2.2.0.0 255.255.0.0 55-66 any all tos 33-123
sequence 130 permit 7 2.2.0.0 255.255.0.0 77-88 any all tos 33-123
sequence 140 permit 7 2.2.0.0 255.255.0.0 111-222 any all tos 33-123
sequence 150 deny 8 any all 3.3.3.0 255.255.255.128 all ttl 1-11
sequence 160 deny 8 any all 4.4.0.0 255.255.128.0 all ttl 1-11
sequence 170 deny 8 any all 5.0.0.0 255.128.0.0 all ttl 1-11
sequence 180 permit 9 any all 3.3.3.0 255.255.255.128 11-22 log
sequence 190 permit 9 any all 3.3.3.0 255.255.255.128 33-44 log
sequence 200 permit 9 any all 4.4.0.0 255.255.128.0 11-22 log
sequence 210 permit 9 any all 4.4.0.0 255.255.128.0 33-44 log
sequence 220 permit 9 any all 5.0.0.0 255.128.0.0 11-22 log
sequence 230 permit 9 any all 5.0.0.0 255.128.0.0 33-44 log
sequence 240 permit 10 1.1.1.0 255.255.255.0 55-66 3.3.3.0 255.255.255.128
11-22 prec 12-23
sequence 250 permit 10 1.1.1.0 255.255.255.0 55-66 3.3.3.0 255.255.255.128
33-44 prec 12-23
sequence 260 permit 10 1.1.1.0 255.255.255.0 55-66 4.4.0.0 255.255.128.0
11-22 prec 12-23
sequence 270 permit 10 1.1.1.0 255.255.255.0 55-66 4.4.0.0 255.255.128.0
33-44 prec 12-23
sequence 280 permit 10 1.1.1.0 255.255.255.0 55-66 5.0.0.0 255.128.0.0 11-22
prec 12-23
sequence 290 permit 10 1.1.1.0 255.255.255.0 55-66 5.0.0.0 255.128.0.0 33-44
prec 12-23
sequence 300 permit 10 1.1.1.0 255.255.255.0 77-88 3.3.3.0 255.255.255.128
11-22 prec 12-23
sequence 310 permit 10 1.1.1.0 255.255.255.0 77-88 3.3.3.0 255.255.255.128
33-44 prec 12-23
sequence 320 permit 10 1.1.1.0 255.255.255.0 77-88 4.4.0.0 255.255.128.0
11-22 prec 12-23
sequence 330 permit 10 1.1.1.0 255.255.255.0 77-88 4.4.0.0 255.255.128.0
33-44 prec 12-23
sequence 340 permit 10 1.1.1.0 255.255.255.0 77-88 5.0.0.0 255.128.0.0 11-22
prec 12-23
sequence 350 permit 10 1.1.1.0 255.255.255.0 77-88 5.0.0.0 255.128.0.0 33-44
prec 12-23
sequence 360 permit 10 1.1.1.0 255.255.255.0 111-222 3.3.3.0 255.255.255.128
11-22 prec 12-23
sequence 370 permit 10 1.1.1.0 255.255.255.0 111-222 3.3.3.0 255.255.255.128
33-44 prec 12-23
sequence 380 permit 10 1.1.1.0 255.255.255.0 111-222 4.4.0.0 255.255.128.0
11-22 prec 12-23
sequence 390 permit 10 1.1.1.0 255.255.255.0 111-222 4.4.0.0 255.255.128.0
33-44 prec 12-23
sequence 400 permit 10 1.1.1.0 255.255.255.0 111-222 5.0.0.0 255.128.0.0
11-22 prec 12-23
sequence 410 permit 10 1.1.1.0 255.255.255.0 111-222 5.0.0.0 255.128.0.0
33-44 prec 12-23
sequence 420 permit 10 2.2.0.0 255.255.0.0 55-66 3.3.3.0 255.255.255.128
11-22 prec 12-23
sequence 430 permit 10 2.2.0.0 255.255.0.0 55-66 3.3.3.0 255.255.255.128
33-44 prec 12-23
sequence 440 permit 10 2.2.0.0 255.255.0.0 55-66 4.4.0.0 255.255.128.0 11-22
prec 12-23
sequence 450 permit 10 2.2.0.0 255.255.0.0 55-66 4.4.0.0 255.255.128.0 33-44
prec 12-23
sequence 460 permit 10 2.2.0.0 255.255.0.0 55-66 5.0.0.0 255.128.0.0 11-22
prec 12-23
sequence 470 permit 10 2.2.0.0 255.255.0.0 55-66 5.0.0.0 255.128.0.0 33-44
prec 12-23
sequence 480 permit 10 2.2.0.0 255.255.0.0 77-88 3.3.3.0 255.255.255.128
11-22 prec 12-23
sequence 490 permit 10 2.2.0.0 255.255.0.0 77-88 3.3.3.0 255.255.255.128
33-44 prec 12-23
sequence 500 permit 10 2.2.0.0 255.255.0.0 77-88 4.4.0.0 255.255.128.0 11-22
prec 12-23
sequence 510 permit 10 2.2.0.0 255.255.0.0 77-88 4.4.0.0 255.255.128.0 33-44
prec 12-23
sequence 520 permit 10 2.2.0.0 255.255.0.0 77-88 5.0.0.0 255.128.0.0 11-22
prec 12-23
sequence 530 permit 10 2.2.0.0 255.255.0.0 77-88 5.0.0.0 255.128.0.0 33-44
prec 12-23
sequence 540 permit 10 2.2.0.0 255.255.0.0 111-222 3.3.3.0 255.255.255.128
11-22 prec 12-23
sequence 550 permit 10 2.2.0.0 255.255.0.0 111-222 3.3.3.0 255.255.255.128
33-44 prec 12-23
sequence 560 permit 10 2.2.0.0 255.255.0.0 111-222 4.4.0.0 255.255.128.0
11-22 prec 12-23
sequence 570 permit 10 2.2.0.0 255.255.0.0 111-222 4.4.0.0 255.255.128.0
33-44 prec 12-23
sequence 580 permit 10 2.2.0.0 255.255.0.0 111-222 5.0.0.0 255.128.0.0 11-22
prec 12-23
sequence 590 permit 10 2.2.0.0 255.255.0.0 111-222 5.0.0.0 255.128.0.0 33-44
prec 12-23
sid#

Archive powered by MHonArc 2.6.19.

Top of Page