This file defines the Firewall (ACL) package for JUNOS.
Brief Description of the key concepts associated with this package and functionality is as follows:
ACL is an acronym to Access List which is a basic stateless forwarding construct to match on packet content and take a set of actions if packet passes the matching criteria.
An ACL is made up of a ordered set of ACL Entries, which defines how a packet is matched against configured criteria and be treated.
Each ACL Entry or ACE defines a set of packet matching criteria and a set of action to take on the packet if the matching criteria is true. A packets needs to match ALL the matches in an ACE to be considered a match.
A Match is defined by an operation, packet field and value to be matched against. For details on the operations supported and various packet fields that could be matched, refer the corresponding Enum/Message structure below.
An action determines what to do with the packet on meeting the matching criteria. There are two types of actions, viz. terminating and non-terminating. Each ACE can have zero or more non-terminating actions and zero or exactly one terminating action. A non-terminating action is one that does not stop the packet to undergo the rest of the ACL processing. An terminating action is one, that stops the packet to undergo any further ACL processing.
An attachment point or a bind point is the point in path of packet processing where the packet is subjected to ACL processing. An attachment point is defined by attachment entity and direction in which the ACL is applied. For eg. a typical bind point is an interface where a packet is subjected to ACL.
Diagram below depicts an object diagram for a typical ACL. Legends: ACE-1 is the ordered Access List Entry at position 1. ACE-n is the ordered Access List Entry at position n. M-n is the match number n in list of matching criteria in a given ACE. A-n is the action number n in the list of actions for a given ACE. No no more than 1 action could be a terminating action.
+-------+-------+-----+------+ ACL -> | ACE-1 | ACE-2 | ... | ACE-n| +-------+-------+-----+------+ | | | +-----+ +----->| M-1 | +-----+ | M-2 | +-----+ | ... | +-----+ | M-n | +-----+ | | +-----+ +---------->| A-1 | +-----+ | A-2 | +-----+ | ... | +-----+ | A-n | +-----+
ACL
| Field | Type | Label | Description |
| acl_name | string | optional | AccessList name |
| acl_type | AccessListTypes | optional | AccessList type |
| acl_family | AccessListFamilies | optional | AccessList family |
| acl_flag | AccessListFlags | optional | AccessList flag |
| ace_list | AclEntry | repeated | List of Destination addresses |
ACL bind object points
| Field | Type | Label | Description |
| intf | string | optional | Bind interface |
| fwd_table | string | optional | Bind object forwarding table name where the ACL is bound |
| vlan | AclBindObjVlan | optional | Bind VLAN |
| bd | AclBindObjBridgeDomain | optional | Bind object bridge domain |
ACL Counter
| Field | Type | Label | Description |
| acl | AccessList | optional | ACL name |
| counter_name | string | optional | Counter name |
ACL bulk counter
| Field | Type | Label | Description |
| acl | AccessList | optional | ACL name |
| starting_index | uint32 | optional | Starting index |
Return counter statistics
| Field | Type | Label | Description |
| counter_name | string | optional | Counter Name |
| status | AccessListReturnVal | optional | Error status |
| bytes | uint64 | optional | Byte count |
| packets | uint64 | optional | Packet count |
Per forwarding element ACL binding
| Field | Type | Label | Description |
| acl | AccessList | optional | ACL |
| obj_type | AccessListBindObjType | optional | Binding object type |
| bind_object | AccessListBindObjPoint | optional | Bind object name where the ACL is to be bound |
| bind_direction | AclBindDirection | optional | Bind direction |
| bind_family | AccessListFamilies | optional | Family on the bind object. Must match with the ACL family |
ACL Policer
| Field | Type | Label | Description |
| policer_name | string | optional | Policer name |
| policer_type | AclPolicerType | optional | Policer type |
| policer_flag | AclPolicerFlags | optional | Policer Flags |
| policer_params | AclPolicerParameter | optional | Policer Paremeter |
ACL return status
| Field | Type | Label | Description |
| status | AccessListReturnVal | optional |
A void message
| Field | Type | Label | Description |
| void | string | optional | VOID |
Copy To Client action
| Field | Type | Label | Description |
| client_name | string | optional | Client name (Maximum of 64 characters) |
Counter action
| Field | Type | Label | Description |
| counter_name | string | optional | Counter name (Maximum of 64 characters) |
Forwarding class id action
| Field | Type | Label | Description |
| fc | AclForwardingClass | optional | set forwarding class id |
Forwarding priority action
| Field | Type | Label | Description |
| priority | uint32 | optional | priority |
IFL Index or name in filter action
| Field | Type | Label | Description |
| ifl_name | string | optional | IFL Name |
| ifl_index | uint32 | optional | IFL Index |
Loss priority action
| Field | Type | Label | Description |
| lp | AclLossPriority | optional | Set loss priority |
Next hop
| Field | Type | Label | Description |
| nh_idx | uint32 | optional | Next hop index |
Next interface action
| Field | Type | Label | Description |
| rti_name | string | optional | routing-instance name |
| ifl | AclActionIflNameIndex | optional | IFL index or IFL name |
Next IP action
| Field | Type | Label | Description |
| rti_name | string | optional | routing-instance name |
| addr | IpAddress | optional | IP address |
| prefix_len | uint32 | optional | Destination prefix length |
Police the matching packets
| Field | Type | Label | Description |
| policer | AccessListPolicer | optional | The policer |
Police the matching packets with respect to template
| Field | Type | Label | Description |
| policer | AccessListPolicer | optional | The policer |
| policer_instance | string | optional | Policer Instance name |
Direct matching packets to a routing-instance
| Field | Type | Label | Description |
| rt_instance_name | string | optional |
Send To Client action
| Field | Type | Label | Description |
| client_name | string | optional | Client name (Maximum of 64 characters) |
Set DSCP action
| Field | Type | Label | Description |
| dscp | uint32 | optional | DSCP for IP and IPv6 |
Next hop action
| Field | Type | Label | Description |
| nh_idx | uint32 | optional | Set nh idx |
Redirect matching packets with respect to topology mentioned
| Field | Type | Label | Description |
| rt_instance_name | string | optional | |
| topology_name | string | optional |
Adjacency details of ACE placement
| Field | Type | Label | Description |
| type | AclAdjacencyType | optional | Type of adjacency placement |
| ace_name | string | optional | The previous or the next ACE |
ACL bind object bridge domain
| Field | Type | Label | Description |
| bd_name | string | optional | Bind object bridge domain name where the ACL is to be bound |
| rtb_name | string | optional | Bind object Routing Instance name of bd_name where the ACL is bound |
ACL bind object VLAN
| Field | Type | Label | Description |
| vlan_name | string | optional | Bind object VLAN name where the ACL is bound |
| rtb_name | string | optional | Bind object Routing Instance name of vlan_name where the ACL is bound |
CCC ACL entry
| Field | Type | Label | Description |
| ace_name | string | optional | AclEntry name |
| ace_op | AclEntryOperation | optional | AclEntry operation |
| adjacency | AclAdjacency | optional | Adjacency |
| matches | AclEntryMatchCcc | optional | Matches |
| actions | AclEntryCccAction | optional | Actions |
An ACL entry. It could be one of type of families.
| Field | Type | Label | Description |
| inet_entry | AclInetEntry | optional | For Inet family |
| es_entry | AclEsEntry | optional | For Ethernet Switching family |
| inet6_entry | AclInet6Entry | optional | For Inet6 family |
| vpls_entry | AclVplsEntry | optional | For vpls family |
| ccc_entry | AclCccEntry | optional | For ccc family |
| mservice_entry | AclMultiServiceEntry | optional | For multiservices family |
| mpls_entry | AclMplsEntry | optional | For mpls family |
ACL CCC Action
| Field | Type | Label | Description |
| actions_nt | AclEntryCccNonTerminatingAction | optional | List of non-terminating actions. |
| action_t | AclEntryCccTerminatingAction | optional | One terminating action |
Non-terminating ACL CCC Actions
| Field | Type | Label | Description |
| action_count | AclActionCounter | optional | Count the matching packets |
| action_log | AclBooleanType | optional | Log the matching packets |
| action_syslog | AclBooleanType | optional | Syslog the matching packets |
| action_policer | AclActionPolicer | optional | Police the matching packets. / Ensure that policer exists before it is used. |
| action_sample | AclBooleanType | optional | Sample |
| action_copy_to_host | AclActionCopyToHost | optional | Copy of matching packets to host / client name |
Terminating ACL CCC Actions
| Field | Type | Label | Description |
| action_accept | AclBooleanType | optional | Accept the matching packets |
| action_discard | AclBooleanType | optional | Discard the matching packets |
| action_send_to_client | AclActionSendToClient | optional | Direct matching packets to client / client name |
| action_send_to_host | AclBooleanType | optional | Direct matching packets to host |
ACL Action
| Field | Type | Label | Description |
| actions_nt | AclEntryEsNonTerminatingAction | optional | List of non-terminating actions. |
| action_t | AclEntryEsTerminatingAction | optional | One terminating action |
Non-terminating ACL Action
| Field | Type | Label | Description |
| action_count | AclActionCounter | optional | Count the matching packets |
| action_log | AclBooleanType | optional | Log the matching packets |
| action_syslog | AclBooleanType | optional | Syslog the matching packets |
| action_policer | AclActionPolicer | optional | Police the matching packets. / Ensure that policer exists before it is used. |
| action_next_term | AclBooleanType | optional | Next Term |
| action_lp | AclActionLossPriority | optional | Loss priority |
Terminating ACL Action
| Field | Type | Label | Description |
| action_accept | AclBooleanType | optional | Accept the matching packets |
| action_discard | AclBooleanType | optional | Discard the matching packets |
| action_nh | AclActionNextHop | optional | Next hop |
| action_send_to_host | AclBooleanType | optional | Send to host |
ACL inet6 Actions
| Field | Type | Label | Description |
| actions_nt | AclEntryInet6NonTerminatingAction | optional | List of non-terminating actions. |
| action_t | AclEntryInet6TerminatingAction | optional | One terminating action |
Non-terminating ACL inet6 Actions
| Field | Type | Label | Description |
| action_count | AclActionCounter | optional | Count the matching packets |
| action_log | AclBooleanType | optional | Log the matching packets |
| action_syslog | AclBooleanType | optional | Log the matching packets to syslog |
| action_policer | AclActionPolicer | optional | Police the matching packets. / Ensure that policer exists before it is used. |
| action_sample | AclBooleanType | optional | Sample |
| action_next_term | AclBooleanType | optional | Next Term |
| action_port_mirror | AclBooleanType | optional | Port mirror action |
| action_lp | AclActionLossPriority | optional | Set loss priority to matched packets |
| action_fwd_class | AclActionForwardingClass | optional | Set forwarding class to matched packets |
| action_fwd_priority | AclActionForwardingPriority | optional | set Forwarding Priority to matched packets |
| action_next_intf | AclActionNextInterface | optional | set Next interface to matched packets |
| action_next_ip | AclActionNextIp | optional | set Next IPv4 to matched packets |
| action_ip_dscp | AclActionSetIpDscp | optional | set IP DSCP to matched packets |
| action_copy_to_host | AclActionCopyToHost | optional | Copy of matching packets to host / client name |
| action_policer_inst | AclActionPolicerInstance | optional | Police the matching packets. / Ensure that policer exists before it is used. |
Terminating ACL inet6 Actions
| Field | Type | Label | Description |
| action_accept | AclBooleanType | optional | Accept the matching packets |
| action_discard | AclBooleanType | optional | Discard the matching packets |
| action_reject | AclEntryActionRejectReason | optional | Reject the matching packets |
| action_rt_inst | AclActionRoutingInstance | optional | Direct matching packets to a routing instance |
| action_topo_redirect | AclActionTopologyRedirect | optional | Direct matching packets to a routing instance |
| action_send_to_client | AclActionSendToClient | optional | Send to client |
| action_send_to_host | AclBooleanType | optional | Direct matching packets to host |
| action_nh | AclActionSetNexthop | optional | Set nexthop idx |
ACL Action
| Field | Type | Label | Description |
| actions_nt | AclEntryInetNonTerminatingAction | optional | List of non-terminating actions. |
| action_t | AclEntryInetTerminatingAction | optional | One terminating action |
Non-terminating ACL Action
| Field | Type | Label | Description |
| action_count | AclActionCounter | optional | Count the matching packets |
| action_log | AclBooleanType | optional | Log the matching packets |
| action_syslog | AclBooleanType | optional | Syslog the matching packets |
| action_policer | AclActionPolicer | optional | Police the matching packets. / Ensure that policer exists before it is used. |
| action_sample | AclBooleanType | optional | Sample |
| action_next_term | AclBooleanType | optional | Next Term |
Terminating ACL Action
| Field | Type | Label | Description |
| action_accept | AclBooleanType | optional | Accept the matching packets |
| action_discard | AclBooleanType | optional | Discard the matching packets |
| action_reject | AclEntryActionRejectReason | optional | Reject the matching packets |
| action_rt_inst | AclActionRoutingInstance | optional | Direct matching packets to a routing instance |
CCC Matches and Actions
| Field | Type | Label | Description |
| match_pkt_len | AclMatchPktLen | repeated | List of Packet lengths |
| ifl_names | AclMatchIflNameIndex | repeated | Logical interface name (IFL with unit e.g. ge-0/0/1.0 or IFL index) |
| ether_types | AclMatchEtherType | repeated | List of Ether type match |
| match_src_macs | AclMatchMacAddress | repeated | List Source MAC match |
| match_dst_macs | AclMatchMacAddress | repeated | List Destination MAC match |
| cfm_opcodes | AclMatchCfmOpcode | repeated | List of CFM Opcode match |
| cfm_levels | AclMatchCfmLevel | repeated | List of CFM Level match |
| match_flex_range | AclMatchFlexibleOffsetRange | optional | Flexible Ranges |
| match_flex_mask | AclMatchFlexibleOffsetMask | optional | Flexible Masks |
An ACL Match
| Field | Type | Label | Description |
| match_dst_mac_addrs | AclMatchMacAddress | repeated | List of destination MAC addresses |
| match_src_mac_addrs | AclMatchMacAddress | repeated | List of source MAC addresses |
| match_dst_ports | AclMatchPort | repeated | List of destination ports |
| match_src_ports | AclMatchPort | repeated | List of source ports |
| match_dscp_code | AclMatchDscpCode | repeated | List of DSCP code points |
| match_protocols | AclMatchProtocol | repeated | List of Protocols |
| match_icmp_type | AclMatchIcmpType | repeated | List of ICMP types |
| match_icmp_code | AclMatchIcmpCode | repeated | List of Icmp codes |
| ifl_names | AclMatchIflNameIndex | repeated | Interface name (IFL with unit e.g. ge-0/0/1.0 or IFL index) |
| match_ether_type | AclMatchEtherType | repeated | |
| match_learn_vlan_id | AclMatchLearnVlanId | repeated | |
| match_learn_vlan_priority | AclMatchLearnVlanPriority | repeated |
An ACL Match
| Field | Type | Label | Description |
| match_dst_addrs | AclMatchIpAddress | repeated | List of destination addresses |
| match_src_addrs | AclMatchIpAddress | repeated | List of source addresses |
| match_dst_ports | AclMatchPort | repeated | List of destination ports |
| match_src_ports | AclMatchPort | repeated | List of source ports |
| match_dscp_code | AclMatchDscpCode | repeated | List of DSCP code points |
| match_protocols | AclMatchProtocol | repeated | List of protocols |
| match_icmp_type | AclMatchIcmpType | repeated | List of ICMP types |
| match_icmp_code | AclMatchIcmpCode | repeated | List of ICMP codes |
| match_pkt_len | AclMatchPktLen | repeated | List of packet lengths |
| match_ttl | AclMatchTtl | repeated | List of TTLs |
| fragment_flags | AclFragmentFlags | optional | Fragment flag |
| match_frag_offset | AclMatchFragmentOffset | repeated | List of fragment offset range |
| ifl_names | AclMatchIflNameIndex | repeated | Interface name (IFL with unit e.g. ge-0/0/1.0 or IFL index) |
| match_ip_precedence | AclMatchIpPrecedence | repeated | List of ip precedence |
| match_addrs | AclMatchIpAddress | repeated | List of Addresses |
| match_ports | AclMatchPort | repeated | List of Ports |
| match_flex_range | AclMatchFlexibleOffsetRange | optional | Flexible Ranges |
| match_flex_mask | AclMatchFlexibleOffsetMask | optional | Flexible Masks |
Inet6 Matches and actions
| Field | Type | Label | Description |
| match_dst_addrs | AclMatchIpAddress | repeated | List of Destination addresses |
| match_src_addrs | AclMatchIpAddress | repeated | List of Source addresses |
| match_dst_ports | AclMatchPort | repeated | List of Destination ports |
| match_src_ports | AclMatchPort | repeated | List of Source ports |
| match_dscp_code | AclMatchDscpCode | repeated | List of Dscp code points |
| payload_protocols | AclMatchProtocol | repeated | List of Protocols |
| match_icmp_type | AclMatchIcmpType | repeated | List of Icmp types |
| match_icmp_code | AclMatchIcmpCode | repeated | List of Icmp codes |
| match_pkt_len | AclMatchPktLen | repeated | List of Packet lengths |
| fragment_flags | AclFragmentFlags | optional | Fragment flag |
| ifl_names | AclMatchIflNameIndex | repeated | Interface name (IFL with unit e.g. ge-0/0/1.0 or IFL index) |
| match_traffic_classes | AclMatchTrafficClass | repeated | List of traffic classes |
| match_addrs | AclMatchIpAddress | repeated | List of Addresses |
| match_flex_range | AclMatchFlexibleOffsetRange | optional | Flexible Ranges |
| match_flex_mask | AclMatchFlexibleOffsetMask | optional | Flexible Masks |
| ipv6_next_headers | AclMatchNextHeader | repeated | List of Next Header match |
| match_loss_priority | AclMatchLossPriority | repeated | List of Loss Priority |
| match_fwd_class | AclMatchForwardingClass | repeated | List of Forwarding Class |
| match_ports | AclMatchPort | repeated | List of Ports |
Mpls Matches and Actions
| Field | Type | Label | Description |
| match_label1 | AclMatchMplsLabel | repeated | Label-1 match |
| match_label2 | AclMatchMplsLabel | repeated | Label-2 match |
| match_label3 | AclMatchMplsLabel | repeated | Label-3 match |
| match_flex_range | AclMatchFlexibleOffsetRange | optional | Flexible Ranges |
| match_flex_mask | AclMatchFlexibleOffsetMask | optional | Flexible Masks |
multiservices Matches and Actions
| Field | Type | Label | Description |
| match_dst_addrs | AclMatchIpAddress | repeated | List of Destination addresses (V4) |
| match_src_addrs | AclMatchIpAddress | repeated | List of Source addresses (V4) |
| match_addrs | AclMatchIpAddress | repeated | List of addresses (V4) |
| match_dst_ports | AclMatchPort | repeated | List of Destination ports |
| match_src_ports | AclMatchPort | repeated | List of Source ports |
| match_ip_protocols | AclMatchProtocol | repeated | List of Protocols |
| payload_protocols | AclMatchProtocol | repeated | List of Protocols |
| match_icmp_type | AclMatchIcmpType | repeated | List of Icmp types |
| match_icmp_code | AclMatchIcmpCode | repeated | List of Icmp codes |
| ifl_names | AclMatchIflNameIndex | repeated | Interface name (IFL with unit e.g. ge-0/0/1.0 or IFL index) |
| ipv6_next_headers | AclMatchNextHeader | repeated | List of Next Header match |
| ether_types | AclMatchEtherType | repeated | List of Ether type match |
| match_src_macs | AclMatchMacAddress | repeated | List Source MAC match |
| match_dst_macs | AclMatchMacAddress | repeated | List Destination MAC match |
| vlan_ether_types | AclMatchEtherType | repeated | List of Ether type match |
| stp_state | AclStpMatchFlags | optional | STP state match |
| mesh_group_ids | AclMatchMeshGroup | repeated | List of mesh group id match |
| l2_tokens | AclMatchL2Token | repeated | List of L2 token match |
| match_pkt_len | AclMatchPktLen | repeated | List of Packet lengths |
VPLS Matches and Actions
| Field | Type | Label | Description |
| match_dst_addrs | AclMatchIpAddress | repeated | List of Destination addresses (V4) |
| match_src_addrs | AclMatchIpAddress | repeated | List of Source addresses (V4) |
| match_dst_v6_addrs | AclMatchIpAddress | repeated | List of Destination addresses (V6) |
| match_src_v6_addrs | AclMatchIpAddress | repeated | List of Source addresses (V6) |
| match_dst_ports | AclMatchPort | repeated | List of Destination ports |
| match_src_ports | AclMatchPort | repeated | List of Source ports |
| match_dscp_code | AclMatchDscpCode | repeated | List of Dscp code points |
| match_ip_protocols | AclMatchProtocol | repeated | List of Protocols |
| payload_protocols | AclMatchProtocol | repeated | List of Protocols |
| match_icmp_type | AclMatchIcmpType | repeated | List of Icmp types |
| match_icmp_code | AclMatchIcmpCode | repeated | List of Icmp codes |
| ifl_names | AclMatchIflNameIndex | repeated | Interface name (IFL with unit e.g. ge-0/0/1.0 or IFL index) |
| match_traffic_classes | AclMatchTrafficClass | repeated | List of traffic classes |
| ipv6_next_headers | AclMatchNextHeader | repeated | List of Next Header match |
| ether_types | AclMatchEtherType | repeated | List of Ether type match |
| match_src_macs | AclMatchMacAddress | repeated | List Source MAC match |
| match_dst_macs | AclMatchMacAddress | repeated | List Destination MAC match |
| vlan_ether_types | AclMatchEtherType | repeated | List of Ether type match |
| learn_vlan_ids | AclMatchVlanId | repeated | List of Vlan Id match |
| user_vlan_ids | AclMatchVlanId | repeated | List of Vlan Id match |
| learn_vlan_priority | AclMatchLearnVlanPriority | repeated | List of Vlan Id match |
| stp_state | AclStpMatchFlags | optional | STP state match |
| mesh_group_ids | AclMatchMeshGroup | repeated | List of mesh group id match |
| cfm_opcodes | AclMatchCfmOpcode | repeated | List of CFM Opcode match |
| cfm_levels | AclMatchCfmLevel | repeated | List of CFM Level match |
| l2_tokens | AclMatchL2Token | repeated | List of L2 token match |
| match_v6_addrs | AclMatchIpAddress | repeated | List of IPv6 addresses (V6) |
| match_flex_range | AclMatchFlexibleOffsetRange | optional | Flexible match ranges |
| match_flex_mask | AclMatchFlexibleOffsetMask | optional | Flexible match masks |
| match_pkt_len | AclMatchPktLen | repeated | List of Packet lengths |
ACL Mpls Action
| Field | Type | Label | Description |
| actions_nt | AclEntryMplsNonTerminatingAction | optional | List of non-terminating actions. |
| action_t | AclEntryMplsTerminatingAction | optional | One terminating action |
Non-terminating ACL MPLS Actions
| Field | Type | Label | Description |
| action_count | AclActionCounter | optional | Count the matching packets |
| action_policer | AclActionPolicer | optional | Police the matching packets. / Ensure that policer exists before it is used. |
Terminating ACL MPLS Actions
| Field | Type | Label | Description |
| action_accept | AclBooleanType | optional | Accept the matching packets |
| action_discard | AclBooleanType | optional | Discard the matching packets |
ACL Multi Service Actions
| Field | Type | Label | Description |
| actions_nt | AclEntryMultiServiceNonTerminatingAction | optional | List of non-terminating actions. |
| action_t | AclEntryMultiServiceTerminatingAction | optional | One terminating action |
Non-terminating ACL Multi Service Actions
| Field | Type | Label | Description |
| action_count | AclActionCounter | optional | Count the matching packets |
| action_log | AclBooleanType | optional | Log the matching packets |
| action_syslog | AclBooleanType | optional | Syslog the matching packets |
| action_policer | AclActionPolicer | optional | Police the matching packets. / Ensure that policer exists before it is used. |
| action_sample | AclBooleanType | optional | Sample |
| action_next_term | AclBooleanType | optional | Next Term |
| action_copy_to_host | AclActionCopyToHost | optional | Copy of matching packets to host |
Terminating ACL Multi Service Actions
| Field | Type | Label | Description |
| action_accept | AclBooleanType | optional | Accept the matching packets |
| action_discard | AclBooleanType | optional | Discard the matching packets |
| action_send_to_client | AclActionSendToClient | optional | Direct matching packets to client / client name |
| action_send_to_host | AclBooleanType | optional | Direct matching packets to host |
ACL VPLS Action
| Field | Type | Label | Description |
| actions_nt | AclEntryVplsNonTerminatingAction | optional | List of non-terminating actions |
| action_t | AclEntryVplsTerminatingAction | optional | One terminating action |
Non-terminating ACL VPLS Actions
| Field | Type | Label | Description |
| action_count | AclActionCounter | optional | Count the matching packets |
| action_log | AclBooleanType | optional | Log the matching packets |
| action_syslog | AclBooleanType | optional | Log the matching packets to syslog |
| action_policer | AclActionPolicer | optional | Police the matching packets. / Ensure that policer exists before it is used. |
| action_sample | AclBooleanType | optional | Sample matching packets |
| action_next_term | AclBooleanType | optional | Next term action |
| action_no_mac_learn | AclBooleanType | optional | No MAC Learn |
| action_copy_to_host | AclActionCopyToHost | optional | Copy of matching packets to host |
Terminating ACL VPLS Actions
| Field | Type | Label | Description |
| action_accept | AclBooleanType | optional | Accept the matching packets |
| action_discard | AclBooleanType | optional | Discard the matching packets |
| action_send_to_client | AclActionSendToClient | optional | Direct matching packets to client / client name |
| action_send_to_host | AclBooleanType | optional | Direct matching packets to host |
| action_nh | AclActionSetNexthop | optional | set nexthop idx |
An Inet ACL entry
| Field | Type | Label | Description |
| ace_name | string | optional | AclEntry name |
| ace_op | AclEntryOperation | optional | AclEntry operation |
| adjacency | AclAdjacency | optional | Adjacency |
| matches | AclEntryMatchEs | optional | Matches |
| actions | AclEntryEsAction | optional | Actions |
An Inet6 ACL entry
| Field | Type | Label | Description |
| ace_name | string | optional | AclEntry name |
| ace_op | AclEntryOperation | optional | AclEntry operation |
| adjacency | AclAdjacency | optional | Adjacency |
| matches | AclEntryMatchInet6 | optional | Matches |
| actions | AclEntryInet6Action | optional | Actions |
An Inet ACL entry
| Field | Type | Label | Description |
| ace_name | string | optional | AclEntry name |
| ace_op | AclEntryOperation | optional | AclEntry operation |
| adjacency | AclAdjacency | optional | Adjacency |
| matches | AclEntryMatchInet | optional | Matches |
| actions | AclEntryInetAction | optional | Actions |
CFM Level match condition
| Field | Type | Label | Description |
| cfm_level | uint32 | optional | cfm_level value |
| match_op | AclMatchOperation | optional | AclMatch op |
CFM opcode match condition
| Field | Type | Label | Description |
| min | uint32 | optional | Minimum cfm opcode value |
| max | uint32 | optional | Maximum cfm opcode Value |
| match_op | AclMatchOperation | optional | AclMatch op |
DSCP (diffserv code point) match condition
| Field | Type | Label | Description |
| min | uint32 | optional | Minimum Dscp code |
| max | uint32 | optional | Maximum Dscp code |
| match_op | AclMatchOperation | optional | AclMatch op |
ACL match EtherType
| Field | Type | Label | Description |
| min | uint32 | optional | Minimum EtherType |
| max | uint32 | optional | Maximum EtherType |
| match_op | AclMatchOperation | optional | AclMatch op |
Flexible Offset range matches
| Field | Type | Label | Description |
| min | uint32 | optional | Minimum range value |
| max | uint32 | optional | Maximum range value |
| match_op | AclMatchOperation | optional | AclMatch op |
ACL Flexible Match Mask
| Field | Type | Label | Description |
| start_offset | AclEntryMatchFlexStartOffest | optional | Flexible match start offset |
| bit_length | uint32 | optional | Flexible match bit length (0 - 32) |
| bit_offset | uint32 | optional | Flexible match bit offset (0 - 7) |
| byte_offset | uint32 | optional | Flexible match byte offset |
| mask | uint32 | optional | Flexible match mask |
| prefix_string | string | optional | 32 Bit, Flexible match value in hex format (0x12345678) |
ACL Flexible Match Offset Mask
| Field | Type | Label | Description |
| flex_mask_match | AclMatchFlexibleMask | optional | Flexible mask match |
ACL Flexible Match Offset Range
| Field | Type | Label | Description |
| flex_range_match | AclMatchFlexibleRange | optional | Flexible match offset range |
ACL Flexible Match Range
| Field | Type | Label | Description |
| start_offset | AclEntryMatchFlexStartOffest | optional | Flexible match start offset |
| bit_length | uint32 | optional | Flexible match bit length (0 - 32) |
| bit_offset | uint32 | optional | Flexible match bit offset (0 - 7) |
| byte_offset | uint32 | optional | Flexible match byte offset |
| range | AclMatchFlexOffset | optional | Flexible match range value |
Forwarding class match condition
| Field | Type | Label | Description |
| fwd_class | AclForwardingClass | optional | Loss Priority match |
| match_op | AclMatchOperation | optional | AclMatch op |
Fragment offset match
| Field | Type | Label | Description |
| min | uint32 | optional | Fragment offset range start |
| max | uint32 | optional | Fragment offset range end |
| match_op | AclMatchOperation | optional | AclMatch op |
ICMP code match condition
| Field | Type | Label | Description |
| min | uint32 | optional | Minimum Icmp code |
| max | uint32 | optional | Maximum Icmp code |
| match_op | AclMatchOperation | optional | AclMatch op |
ICMP type match condition
| Field | Type | Label | Description |
| min | uint32 | optional | Minimum Icmp type |
| max | uint32 | optional | Maximum Icmp type |
| match_op | AclMatchOperation | optional | AclMatch op |
IFL Index or name
| Field | Type | Label | Description |
| ifl_name | string | optional | IFL Name |
| ifl_index | uint32 | optional | IFL Index |
Destination Address match condition
| Field | Type | Label | Description |
| addr | IpAddress | optional | address |
| prefix_len | uint32 | optional | Destination prefix length |
| match_op | AclMatchOperation | optional | AclMatch op |
Ip Precedence match
| Field | Type | Label | Description |
| min | Precedence | optional | Minimum precedence |
| max | Precedence | optional | Maximum precedence |
| match_op | AclMatchOperation | optional | AclMatch op |
L2 token match condition
| Field | Type | Label | Description |
| token | uint32 | optional | L2 token value |
| match_op | AclMatchOperation | optional | AclMatch op |
ACL match learn VLAN ID
| Field | Type | Label | Description |
| min | uint32 | optional | Minimum Learn VLAN id |
| max | uint32 | optional | Maximum Learn VLAN id |
| match_op | AclMatchOperation | optional | AclMatch op |
ACL match learn VLAN priority
| Field | Type | Label | Description |
| min | uint32 | optional | Minimum Learn VLAN priority |
| max | uint32 | optional | Maximum Learn VLAN priority |
| match_op | AclMatchOperation | optional | AclMatch op |
Loss Priority match condition
| Field | Type | Label | Description |
| lp | AclLossPriority | optional | Loss Priority match |
| match_op | AclMatchOperation | optional | AclMatch op |
MAC address match condition
| Field | Type | Label | Description |
| addr | MacAddress | optional | Mac address |
| addr_len | uint32 | optional | Mac address length |
| match_op | AclMatchOperation | optional | AclMatch op |
Mesh Group match condition
| Field | Type | Label | Description |
| mesh_group_id | uint32 | optional | mesh_group_id value |
| match_op | AclMatchOperation | optional | AclMatch op |
Mpls label match condition
| Field | Type | Label | Description |
| min | uint32 | optional | Minimum Label value |
| max | uint32 | optional | Maximum Label Value |
| match_op | AclMatchOperation | optional | AclMatch op |
NextHeader match condition
| Field | Type | Label | Description |
| min | uint32 | optional | Minimum Label value |
| max | uint32 | optional | Maximum Label Value |
| match_op | AclMatchOperation | optional | AclMatch op |
Packet length match condition
| Field | Type | Label | Description |
| min | uint32 | optional | Minimum Packet length |
| max | uint32 | optional | Maximum Packet length |
| match_op | AclMatchOperation | optional | AclMatch op |
Port match condition
| Field | Type | Label | Description |
| min | int32 | optional | Minimum port |
| max | int32 | optional | Maximum port |
| match_op | AclMatchOperation | optional | AclMatch op |
IP Protocol match condition
| Field | Type | Label | Description |
| min | uint32 | optional | Minimum Protocol number |
| max | uint32 | optional | Maximum Protocol number |
| match_op | AclMatchOperation | optional | AclMatch op |
Traffic class match
| Field | Type | Label | Description |
| min | int32 | optional | Minimum value |
| max | int32 | optional | Maximum value |
| match_op | AclMatchOperation | optional | AclMatch op |
TTL (Time to live) match condition for IPv4
| Field | Type | Label | Description |
| min | uint32 | optional | Minimum Time to live |
| max | uint32 | optional | Maximum Time to live |
| match_op | AclMatchOperation | optional | AclMatch op |
VLAN ID match condition
| Field | Type | Label | Description |
| min | uint32 | optional | Minimum Label value |
| max | uint32 | optional | Maximum Label Value |
| match_op | AclMatchOperation | optional | AclMatch op |
MPLS ACL entry
| Field | Type | Label | Description |
| ace_name | string | optional | AclEntry name |
| ace_op | AclEntryOperation | optional | AclEntry operation |
| adjacency | AclAdjacency | optional | Adjacency |
| matches | AclEntryMatchMpls | optional | Matches |
| actions | AclEntryMplsAction | optional | Actions |
MultiServices ACL entry
| Field | Type | Label | Description |
| ace_name | string | optional | AclEntry name |
| ace_op | AclEntryOperation | optional | AclEntry operation |
| adjacency | AclAdjacency | optional | Adjacency |
| matches | AclEntryMatchMultiService | optional | Matches |
| actions | AclEntryMultiServiceAction | optional | Actions |
Heirarchical Policer parameters
| Field | Type | Label | Description |
| aggregate_rate_unit | AclPolicerRate | optional | Bandwidth unit |
| aggregate_rate | uint64 | optional | Bandwidth rate |
| aggregate_burst_size_unit | AclPolicerBurstSize | optional | Burst unit |
| aggregate_burst_size | uint64 | optional | Burst size |
| premium_rate_unit | AclPolicerRate | optional | Bandwidth unit |
| premium_rate | uint64 | optional | Bandwidth rate |
| premium_burst_size_unit | AclPolicerBurstSize | optional | Burst unit |
| premium_burst_size | uint64 | optional | Burst size |
| discard | AclBooleanType | optional | Discard action |
Policer Parameter
| Field | Type | Label | Description |
| two_color_parameter | AclPolicerTwoColor | optional | Two color |
| sr_three_color_parameter | AclPolicerSingleRateThreeColor | optional | Three color |
| tr_three_color_parameter | AclPolicerTwoRateThreeColor | optional | Three color |
| hierarchical_parameter | AclPolicerHierarchical | optional | Hierarchcical |
Policer parameter for single rate three color policer
| Field | Type | Label | Description |
| committed_rate_unit | AclPolicerRate | optional | Bandwidth unit |
| committed_rate | uint64 | optional | Bandwidth rate |
| committed_burst_unit | AclPolicerBurstSize | optional | Burst unit |
| committed_burst_size | uint64 | optional | Burst size |
| excess_burst_size | uint64 | optional | Burst size |
| excess_burst_unit | AclPolicerBurstSize | optional | Burst unit |
| discard | AclBooleanType | optional | Discard action |
| color_mode | AclColorModeType | optional |
Policer parameter for two color policer
| Field | Type | Label | Description |
| bw_unit | AclPolicerRate | optional | Bandwidth unit |
| bandwidth | uint64 | optional | Bandwidth rate |
| burst_unit | AclPolicerBurstSize | optional | Burst unit |
| burst_size | uint64 | optional | Burst size |
| lp | AclLossPriority | optional | Loss priority |
| fc_string | string | optional | Forwarding class. |
| discard | AclBooleanType | optional | Discard action |
Policer parameter for two rate three color policer
| Field | Type | Label | Description |
| committed_rate_unit | AclPolicerRate | optional | Bandwidth unit |
| committed_rate | uint64 | optional | Bandwidth rate |
| committed_burst_unit | AclPolicerBurstSize | optional | Burst unit |
| committed_burst_size | uint64 | optional | Burst size |
| excess_rate_unit | AclPolicerRate | optional | Bandwidth unit |
| excess_rate | uint64 | optional | Bandwidth rate |
| excess_burst_unit | AclPolicerBurstSize | optional | Burst unit |
| excess_burst_size | uint64 | optional | Burst size |
| discard | AclBooleanType | optional | Discard action |
| color_mode | AclColorModeType | optional |
VPLS ACL entry
| Field | Type | Label | Description |
| ace_name | string | optional | AclEntry name |
| ace_op | AclEntryOperation | optional | AclEntry operation |
| adjacency | AclAdjacency | optional | Adjacency |
| matches | AclEntryMatchVpls | optional | Matches |
| actions | AclEntryVplsAction | optional | Actions |
The forwarding element entities to which the ACL can be bound.
| Name | Number | Description |
| ACL_BIND_OBJ_TYPE_INVALID | 0 | Invalid |
| ACL_BIND_OBJ_TYPE_INTERFACE | 1 | Interface |
| ACL_BIND_OBJ_TYPE_FWD_TABLE | 2 | Forwarding table |
| ACL_BIND_OBJ_TYPE_VLAN | 3 | VLAN |
| ACL_BIND_OBJ_TYPE_BRG_DOMAIN | 4 | Bridge domain |
AccessList Families.
| Name | Number | Description |
| ACL_FAMILY_INVALID | 0 | Invalid |
| ACL_FAMILY_INET | 1 | IPv4 family |
| ACL_FAMILY_INET6 | 2 | IPv6 family |
| ACL_FAMILY_ES | 3 | Ethernet Switching family |
| ACL_FAMILY_VPLS | 4 | VPLS family |
| ACL_FAMILY_MULTISERVICE | 5 | MULTISERVICE family |
| ACL_FAMILY_CCC | 6 | CCC family |
| ACL_FAMILY_MPLS | 7 | MPLS family |
Any proprietary flag to be enabled at the ACL level.
| Name | Number | Description |
| ACL_FLAGS_NONE | 0 | None |
Return values for the RPCs.
| Name | Number | Description |
| ACL_STATUS_EOK | 0 | Success |
| ACL_STATUS_NULL_MESSAGE | 1 | The RPC was a NULL buffer |
| ACL_STATUS_EINVALID_MESSAGE | 2 | Wrong input |
| ACL_STATUS_EINTERNAL | 3 | Server Internal error |
| ACL_STATUS_EUNSUPPORTED_OP | 4 | Operation not supported |
| ACL_STATUS_NO_RESOURCE | 5 | Resource not available at server |
| ACL_STATUS_BS_TIMEOUT | 6 | Bulk Stats timeout |
AccessList types.
| Name | Number | Description |
| ACL_TYPE_INVALID | 0 | Invalid ACL type |
| ACL_TYPE_CLASSIC | 1 | Classic ACL type |
Adjacency Type which determines the ACE order in an ACL
| Name | Number | Description |
| ACL_ADJACENCY_NONE | 0 | For firstACE |
| ACL_ADJACENCY_AFTER | 1 | Add next to the given ACE |
| ACL_ADJACENCY_BEFORE | 2 | Add before the given ACE |
Direction in which an ACL is bound.
| Name | Number | Description |
| ACL_BIND_DIRECTION_INVALID | 0 | |
| ACL_BIND_DIRECTION_INPUT | 1 | Bind on ingress |
| ACL_BIND_DIRECTION_OUTPUT | 2 | Bind on egress |
Boolean types
| Name | Number | Description |
| ACL_FALSE | 0 | False |
| ACL_TRUE | 1 | True |
Color mode for SRTCM and TRTCM
| Name | Number | Description |
| ACL_COLOR_MODE_INVALID | 0 | Invalid color mode |
| ACL_COLOR_MODE_COLOR_BLIND | 1 | Color Blind |
| ACL_COLOR_MODE_COLOR_AWARE | 2 | Color Aware |
Various Reject Action Reasons.
| Name | Number | Description |
| ACL_ACTION_REJECT_ADMINISTRATIVELY_PROHIBITED | 0 | Send ICMP Administratively Prohibited message |
| ACL_ACTION_REJECT_BAD_HOST_TOS | 1 | Send ICMP Bad Host ToS message |
| ACL_ACTION_REJECT_BAD_NETWORK_TOS | 2 | Send ICMP Bad Network ToS message |
| ACL_ACTION_REJECT_FRAGMENTATION_NEEDED | 3 | Send ICMP Fragmentation Needed message |
| ACL_ACTION_REJECT_HOST_PROHIBITED | 4 | Send ICMP Host Prohibited message |
| ACL_ACTION_REJECT_HOST_UNKNOWN | 5 | Send ICMP Host Unknown message |
| ACL_ACTION_REJECT_HOST_UNREACHABLE | 6 | Send ICMP Host Unreachable message |
| ACL_ACTION_REJECT_NETWORK_PROHIBITED | 7 | Send ICMP Network Prohibited message |
| ACL_ACTION_REJECT_NETWORK_UNKNOWN | 8 | Send ICMP Network Unknown message |
| ACL_ACTION_REJECT_NETWORK_UNREACHABLE | 9 | Send ICMP Network Unreachable message |
| ACL_ACTION_REJECT_PORT_UNREACHABLE | 10 | Send ICMP Port Unreachable message |
| ACL_ACTION_REJECT_PRECEDENCE_CUTOFF | 11 | Send ICMP Precedence Cutoff message |
| ACL_ACTION_REJECT_PRECEDENCE_VIOLATION | 12 | Send ICMP Precedence Violation message |
| ACL_ACTION_REJECT_PROTOCOL_UNREACHABLE | 13 | Send ICMP Protocol Unreachable message |
| ACL_ACTION_REJECT_SOURCE_HOST_ISOLATED | 14 | Send ICMP Source Host Isolated message |
| ACL_ACTION_REJECT_SOURCE_ROUTE_FAILED | 15 | Send ICMP Source Route Failed message |
| ACL_ACTION_REJECT_TCP_RESET | 16 | Send TCP Reset message |
ACL Entry (ACE) Flexible Match Start Offset
| Name | Number | Description |
| ACL_FLEX_MATCH_OFFSET_INVALID | 0 | Invalid Flexible match start offset |
| ACL_FLEX_MATCH_OFFSET_LAYER_THREE | 1 | Layer-3 Flexible match start offset |
| ACL_FLEX_MATCH_OFFSET_LAYER_FOUR | 2 | Layer-4 Flexible match start offset |
| ACL_FLEX_MATCH_OFFSET_PAYLOAD | 3 | Payload Flexible match start offset |
ACL Entry operation
| Name | Number | Description |
| ACL_ENTRY_OPERATION_INVALID | 0 | Invalid ACE operation |
| ACL_ENTRY_OPERATION_ADD | 1 | Add a new ACE. / Can be used with Add ACL, Change ACL, replace ACL API's |
| ACL_ENTRY_OPERATION_DELETE | 2 | Delete a existing ace. / Can be used with change ACL API |
| ACL_ENTRY_OPERATION_REPLACE | 3 | Replace a existing ace. Must provide adjacency details to / preserve the order of the ace. Can be used with Change ACL API |
Forwarding Class Values
| Name | Number | Description |
| ACL_FORWARDING_CLASS_INVALID | 0 | Invalid forwarding class |
| ACL_FORWARDING_CLASS_ASSURED | 1 | Assured forwarding class |
| ACL_FORWARDING_CLASS_BEST_EFFORT | 2 | Best Effort forwarding class |
| ACL_FORWARDING_CLASS_EXPEDITED | 3 | Expedited forwarding class |
| ACL_FORWARDING_CLASS_NETWORK_CONTROL | 4 | Network Control forwarding class |
Fragment Flags
| Name | Number | Description |
| ACL_FRAGMENT_NONE | 0 | None |
| ACL_DONT_FRAGMENT | 1 | Dont fragment flag |
| ACL_IS_FRAGMENT | 2 | Is fragment flag |
| ACL_FIRST_FRAGMENT | 3 | First fragment flag |
| ACL_LAST_FRAGMENT | 4 | More last fragment flag |
Loss Priority Values
| Name | Number | Description |
| ACL_LOSS_PRIORITY_INVALID | 0 | Invalid loss priority |
| ACL_LOSS_PRIORITY_HIGH | 1 | Loss priority HIGH |
| ACL_LOSS_PRIORITY_MEDIUM_HIGH | 2 | Loss priority MEDIUM-HIGH |
| ACL_LOSS_PRIORITY_MEDIUM_LOW | 3 | Loss priority MEDIUM-LOW |
| ACL_LOSS_PRIORITY_LOW | 4 | Loss priority LOW |
Supported Match Operations
| Name | Number | Description |
| ACL_MATCH_OP_INVALID | 0 | Invalid match operation |
| ACL_MATCH_OP_EQUAL | 1 | Match operation equal |
| ACL_MATCH_OP_NOT_EQUAL | 2 | Match operation not equal |
Policer Burst Size
| Name | Number | Description |
| ACL_POLICER_BURST_SIZE_INVALID | 0 | Invalid policer burst size |
| ACL_POLICER_BURST_SIZE_BYTE | 1 | Bytes |
| ACL_POLICER_BURST_SIZE_KBYTE | 2 | KiloBytes |
| ACL_POLICER_BURST_SIZE_MBYTE | 3 | MegaBytes |
| ACL_POLICER_BURST_SIZE_GBYTE | 4 | GigaBytes |
Policer Flags
| Name | Number | Description |
| ACL_POLICER_FLAG_INVALID | 0 | Invalid policer flag |
| ACL_POLICER_FLAG_TERM_SPECIFIC | 1 | The policer instance is activated for each ACE referenced. |
| ACL_POLICER_FLAG_FILTER_SPECIFIC | 2 | The policer instance is activated at global ACL level. |
Policer Rate unit
| Name | Number | Description |
| ACL_POLICER_RATE_INVALID | 0 | Invalid policer rate |
| ACL_POLICER_RATE_BPS | 1 | Bits per second |
| ACL_POLICER_RATE_KBPS | 2 | Kilobits per second |
| ACL_POLICER_RATE_MBPS | 3 | Megabits per second |
| ACL_POLICER_RATE_GBPS | 4 | Gigabits per second |
Various ACL Policer Type
| Name | Number | Description |
| ACL_POLICER_INVALID | 0 | / Invalid policer type |
| ACL_TWO_COLOR_POLICER | 1 | / Single rate two color |
| ACL_SINGLE_RATE_THREE_COLOR_POLICER | 2 | / Singel rate three color |
| ACL_TWO_RATE_THREE_COLOR_POLICER | 3 | / Two rate three color |
| ACL_HIERARCHICAL_POLICER | 4 | Hierarchical |
STP match flags
| Name | Number | Description |
| ACL_MATCH_STP_FLAG_INVALID | 0 | Invalid STP match flag |
| ACL_MATCH_STP_FLAG_BLOCKING | 1 | Match blocking STP flag |
| ACL_MATCH_STP_FLAG_FORWARDING | 2 | Match forwarding STP flag |
Precedence
| Name | Number | Description |
| ACL_PRECENCE_ROUTINE | 0 | Routine precedence |
| ACL_PRECENCE_PRIORITY | 1 | Priority precedence |
| ACL_PRECENCE_IMMEDIATE | 2 | Immediate precedence |
| ACL_PRECENCE_FLASH | 3 | Flash precedence |
| ACL_PRECENCE_FLASH_OVERRIDE | 4 | Flash override precedence |
| ACL_PRECENCE_CRITICAL_ECP | 5 | Critical ecp precedence |
| ACL_PRECENCE_INTERNET_CONTROL | 6 | Internet control precedence |
| ACL_PRECENCE_NET_CONTROL | 7 | Network control precedence |
ACL Service APIs defines a set of simple RPCs to operate upon the various components, viz. - ACL - ACE - Policer - Attachment Points - Statistics.
Each of RPCs are named by concatenating the corresponding Acl object and the operation to be performed. This give a easy to understand semantics to the RPCs.
| Method Name | Request Type | Response Type | Description |
| AccessListAdd | AccessList | AccessListReturnStatus | Adds an ACL and returns the result. |
| AccessListDelete | AccessList | AccessListReturnStatus | Delete an ACL from the system and return the result. / For successful delete to happen, the ACL should not be bound to any object. |
| AccessListChange | AccessList | AccessListReturnStatus | Changes an ACL based on the list of ACL entries provided, and returns the result. / It is advisable to use this API to for small incremental changes. For wholesale / changes, it is recommended to use the 'Replace' version of the API. |
| AccessListBindAdd | AccessListObjBind | AccessListReturnStatus | Add a binding of an ACL with a bind object and return the result. |
| AccessListBindDelete | AccessListObjBind | AccessListReturnStatus | Deletes a binding of an ACL with a bind object and return the result. |
| AccessListPolicerAdd | AccessListPolicer | AccessListReturnStatus | Adds a policer and returns the result. |
| AccessListPolicerReplace | AccessListPolicer | AccessListReturnStatus | Changes a policer and returns the result. |
| AccessListPolicerDelete | AccessListPolicer | AccessListReturnStatus | Deletes a policer and returns the result. |
| AccessListPileupStart | AccessListVoid | AccessListReturnStatus | |
| AccessListPileupEnd | AccessListVoid | AccessListReturnStatus | |
| AccessListCounterGet | AccessListCounter | AccessListCounterVal | |
| AccessListPolicerCounterGet | AccessListCounter | AccessListCounterVal | |
| AccessListCounterClear | AccessListCounter | AccessListReturnStatus | |
| AccessListCounterBulkGet | AccessListCounterBulk | AccessListCounterVal | |
| AccessListPolicerCounterBulkGet | AccessListCounterBulk | AccessListCounterVal |
| .proto Type | Notes | C++ Type | Java Type | Python Type |
| double | double | double | float | |
| float | float | float | float | |
| int32 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead. | int32 | int | int |
| int64 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead. | int64 | long | int/long |
| uint32 | Uses variable-length encoding. | uint32 | int | int/long |
| uint64 | Uses variable-length encoding. | uint64 | long | int/long |
| sint32 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. | int32 | int | int |
| sint64 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. | int64 | long | int/long |
| fixed32 | Always four bytes. More efficient than uint32 if values are often greater than 2^28. | uint32 | int | int |
| fixed64 | Always eight bytes. More efficient than uint64 if values are often greater than 2^56. | uint64 | long | int/long |
| sfixed32 | Always four bytes. | int32 | int | int |
| sfixed64 | Always eight bytes. | int64 | long | int/long |
| bool | bool | boolean | boolean | |
| string | A string must always contain UTF-8 encoded or 7-bit ASCII text. | string | String | str/unicode |
| bytes | May contain any arbitrary sequence of bytes. | string | ByteString | str |