Firewall Service API
firewall_service.proto
This file defines the ACL package for JUNOS.
Brief Description of the key concepts associated with this package and functionality is as follows:
ACL is an acronym for Access Control List which is a basic stateless forwarding construct to match on packet content and take a set of actions if packet passes the matching criteria.
An ACL is made up of an ordered set of ACL Entries, which defines how a packet is matched against configured criteria and how it is treated in the event of a match.
Each ACL Entry or ACE defines a set of packet matching criteria and a set of actions to take on the packet if the matching criteria is true. A packet needs to match ALL the matches in an ACE to be considered a match.
A Match is defined by an operation, packet field and value to be matched against. For details on the operations supported and various packet fields that could be matched, refer to the corresponding Enum or Message structure below.
An action determines what to do with the packet when it matches the matching criteria. There are two types of actions, terminating actions and non-terminating actions. Each ACE can have zero or more non-terminating actions and zero or exactly one terminating action. A non-terminating action is one that does not stop the packet from undergoing the rest of the ACL processing. A terminating action is one, that stops the packet from undergoing any further ACL processing.
An attachment point or a bind point is the point in the path of packet processing where the packet is subjected to ACL processing. An attachment point is defined by attachment entity and direction in which the ACL is applied. For example, a typical bind point is an interface where a packet is subjected to ACL.
The diagram below depicts an object diagram for a typical ACL. Legends: ACE-1 is the ordered Access List Entry at position 1. ACE-n is the ordered Access List Entry at position n. M-n is the match number n in list of matching criteria in a given ACE. A-n is the action number n in the list of actions for a given ACE. No more than 1 action could be a terminating action.
+-------+-------+-----+------+ ACL -> | ACE-1 | ACE-2 | ... | ACE-n| +-------+-------+-----+------+ | | | +-----+ +----->| M-1 | +-----+ | M-2 | +-----+ | ... | +-----+ | M-n | +-----+ | | +-----+ +---------->| A-1 | +-----+ | A-2 | +-----+ | ... | +-----+ | A-n | +-----+
AccessList
ACL
| Field | Type | Label | Description |
|---|---|---|---|
| acl_name | string | optional | AccessList name |
| acl_type | AccessListTypes | optional | AccessList type |
| acl_family | AccessListFamilies | optional | AccessList family |
| acl_flag | AccessListFlags | optional | AccessList flag |
| ace_list | AclEntry | repeated | List of Destination addresses |
AccessListBindObjPoint
ACL Bind Points
| Field | Type | Label | Description |
|---|---|---|---|
| intf | string | optional | Bind object - Interface |
| fwd_table | string | optional | Bind object - Forwarding Table |
| vlan | AclBindObjVlan | optional | Bind object - VLAN |
| bd | AclBindObjBridgeDomain | optional | Bind object - Bridge Domain |
AccessListCounter
An ACL Counter
| Field | Type | Label | Description |
|---|---|---|---|
| acl | AccessList | optional | Access list |
| counter_name | string | optional | Counter name |
AccessListCounterBulk
Bulk ACL Counter
| Field | Type | Label | Description |
|---|---|---|---|
| acl | AccessList | optional | Access list |
| starting_index | uint32 | optional | Starting Index |
AccessListCounterVal
Return counter statistics
| Field | Type | Label | Description |
|---|---|---|---|
| counter_name | string | optional | Counter Name |
| status | AccessListReturnVal | optional | Error status |
| bytes | uint64 | optional | Byte count |
| packets | uint64 | optional | Packet count |
AccessListObjBind
Per forwarding element ACL binding
| Field | Type | Label | Description |
|---|---|---|---|
| acl | AccessList | optional | ACL |
| obj_type | AccessListBindObjType | optional | Binding object type |
| bind_object | AccessListBindObjPoint | optional | Bind object name where the ACL is to be bound |
| bind_direction | AclBindDirection | optional | Bind direction |
| bind_family | AccessListFamilies | optional | Family on the bind object. Must match with the ACL family |
AccessListPolicer
ACL Policer
| Field | Type | Label | Description |
|---|---|---|---|
| policer_name | string | optional | Policer name |
| policer_type | AclPolicerType | optional | Policer type |
| policer_flag | AclPolicerFlags | optional | Policer Flags |
| policer_params | AclPolicerParameter | optional | Policer Paremeter |
AccessListReturnStatus
ACL Return Status
| Field | Type | Label | Description |
|---|---|---|---|
| status | AccessListReturnVal | optional | ACL return status value |
AccessListVoid
A void message
| Field | Type | Label | Description |
|---|---|---|---|
| void | string | optional |
AclActionCopyToHost
Copy To Client action
| Field | Type | Label | Description |
|---|---|---|---|
| client_name | string | optional | Client name (upto 64 characters) |
AclActionCounter
Counter action
| Field | Type | Label | Description |
|---|---|---|---|
| counter_name | string | optional | Counter name (upto 64 characters) |
AclActionForwardingClass
Action forwarding class by id
| Field | Type | Label | Description |
|---|---|---|---|
| fc | AclForwardingClass | optional | set forwarding class id |
AclActionForwardingPriority
action forwarding priority
| Field | Type | Label | Description |
|---|---|---|---|
| priority | uint32 | optional | priority |
AclActionIflNameIndex
Ifl Index or name in filter action
| Field | Type | Label | Description |
|---|---|---|---|
| ifl_name | string | optional | Ifl Name |
| ifl_index | uint32 | optional | Ifl Index |
AclActionLossPriority
action losspriority
| Field | Type | Label | Description |
|---|---|---|---|
| lp | AclLossPriority | optional | Set loss priority |
AclActionNextHop
Next hop
| Field | Type | Label | Description |
|---|---|---|---|
| nh_idx | uint32 | optional | Next hop index |
AclActionNextInterface
action next interface
| Field | Type | Label | Description |
|---|---|---|---|
| rti_name | string | optional | routing-instance name |
| ifl | AclActionIflNameIndex | optional | ifl index or ifl name |
AclActionNextIp
action next interface
| Field | Type | Label | Description |
|---|---|---|---|
| rti_name | string | optional | routing-instance name |
| addr | IpAddress | optional | address |
| prefix_len | uint32 | optional | Destination prefix length |
AclActionPolicer
Police the matching packets
| Field | Type | Label | Description |
|---|---|---|---|
| policer | AccessListPolicer | optional | The policer |
AclActionPolicerInstance
Police the matching packets with respect to template
| Field | Type | Label | Description |
|---|---|---|---|
| policer | AccessListPolicer | optional | The policer |
| policer_instance | string | optional | Policer Instance name |
AclActionRoutingInstance
Direct matching packets to a routing-instance
| Field | Type | Label | Description |
|---|---|---|---|
| rt_instance_name | string | optional |
AclActionSendToClient
Send To Client action
| Field | Type | Label | Description |
|---|---|---|---|
| client_name | string | optional | Client name (upto 64 characters) |
AclActionSetIpDscp
action set dscp
| Field | Type | Label | Description |
|---|---|---|---|
| dscp | uint32 | optional | DSCP for IP and IPv6 |
AclActionSetNexthop
Next hop action
| Field | Type | Label | Description |
|---|---|---|---|
| nh_idx | uint32 | optional | Set nh idx |
AclActionTopologyRedirect
Redirect matching packets with respect to topology mentioned
| Field | Type | Label | Description |
|---|---|---|---|
| rt_instance_name | string | optional | RT instance name |
| topology_name | string | optional | Topology name |
AclAdjacency
Adjacency details of ace placement
| Field | Type | Label | Description |
|---|---|---|---|
| type | AclAdjacencyType | optional | Type of adjacency placement |
| ace_name | string | optional | The previous or the next AC |
AclBindObjBridgeDomain
Bridge Domain Elements
| Field | Type | Label | Description |
|---|---|---|---|
| bd_name | string | optional | Bind object bd name where the ACL is to be bound |
| rtb_name | string | optional | Bind object Routing Instance name of bd_name where the ACL is to be bound |
AclBindObjVlan
The VLAN objects to which the ACL can be bound
| Field | Type | Label | Description |
|---|---|---|---|
| vlan_name | string | optional | Bind object VLAN name where the ACL is to be bound |
| rtb_name | string | optional | Bind object Routing Instance name of vlan_name where the ACL is to be bound |
AclCccEntry
CCC ACL entry
| Field | Type | Label | Description |
|---|---|---|---|
| ace_name | string | optional | AclEntry name |
| ace_op | AclEntryOperation | optional | AclEntry operation |
| adjacency | AclAdjacency | optional | Adjacency |
| matches | AclEntryMatchCcc | optional | Matches |
| actions | AclEntryCccAction | optional | Actions |
AclEntry
An ACL entry. It could be one of type of families.
| Field | Type | Label | Description |
|---|---|---|---|
| inet_entry | AclInetEntry | optional | For Inet family |
| es_entry | AclEsEntry | optional | For Ethernet Switching family |
| inet6_entry | AclInet6Entry | optional | For Inet6 family |
| vpls_entry | AclVplsEntry | optional | For vpls family |
| ccc_entry | AclCccEntry | optional | For ccc family |
| mservice_entry | AclMultiServiceEntry | optional | For multiservices family |
| mpls_entry | AclMplsEntry | optional | For mpls family |
AclEntryCccAction
ACL CCC Action
| Field | Type | Label | Description |
|---|---|---|---|
| actions_nt | AclEntryCccNonTerminatingAction | optional | List of non-terminating actions. |
| action_t | AclEntryCccTerminatingAction | optional | One terminating action |
AclEntryCccNonTerminatingAction
Non-terminating ACL CCC Actions
| Field | Type | Label | Description |
|---|---|---|---|
| action_count | AclActionCounter | optional | Count the matching packets |
| action_log | AclBooleanType | optional | Log the matching packets |
| action_syslog | AclBooleanType | optional | Syslog the matching packets |
| action_policer | AclActionPolicer | optional | Police the matching packets. Ensure that policer exists before using it. |
| action_sample | AclBooleanType | optional | Sample |
| action_copy_to_host | AclActionCopyToHost | optional | Copy of matching packets to host client name |
AclEntryCccTerminatingAction
Terminating ACL CCC Actions
| Field | Type | Label | Description |
|---|---|---|---|
| action_accept | AclBooleanType | optional | Accept the matching packets |
| action_discard | AclBooleanType | optional | Discard the matching packets |
| action_send_to_client | AclActionSendToClient | optional | Direct matching packets to client name |
| action_send_to_host | AclBooleanType | optional | Direct matching packets to host |
AclEntryEsAction
ACL Action
| Field | Type | Label | Description |
|---|---|---|---|
| actions_nt | AclEntryEsNonTerminatingAction | optional | List of non-terminating actions. |
| action_t | AclEntryEsTerminatingAction | optional | One terminating action |
AclEntryEsNonTerminatingAction
Non-terminating ACL Action
| Field | Type | Label | Description |
|---|---|---|---|
| action_count | AclActionCounter | optional | Count the matching packets |
| action_log | AclBooleanType | optional | Log the matching packets |
| action_syslog | AclBooleanType | optional | Syslog the matching packets |
| action_policer | AclActionPolicer | optional | Police the matching packets. Ensure that policer exists before using it. |
| action_next_term | AclBooleanType | optional | Next Term |
| action_lp | AclActionLossPriority | optional | Loss priority |
AclEntryEsTerminatingAction
Terminating ACL Action
| Field | Type | Label | Description |
|---|---|---|---|
| action_accept | AclBooleanType | optional | Accept the matching packets |
| action_discard | AclBooleanType | optional | Discard the matching packets |
| action_nh | AclActionNextHop | optional | Next hop |
| action_send_to_host | AclBooleanType | optional | Send to host |
AclEntryInet6Action
ACL inet6 Actions
| Field | Type | Label | Description |
|---|---|---|---|
| actions_nt | AclEntryInet6NonTerminatingAction | optional | List of non-terminating actions. |
| action_t | AclEntryInet6TerminatingAction | optional | One terminating action |
AclEntryInet6NonTerminatingAction
Non-terminating ACL inet6 Actions
| Field | Type | Label | Description |
|---|---|---|---|
| action_count | AclActionCounter | optional | Count the matching packets |
| action_log | AclBooleanType | optional | Log the matching packets |
| action_syslog | AclBooleanType | optional | Syslog the matching packets |
| action_policer | AclActionPolicer | optional | Police the matching packets. Ensure that policer exists before using it. |
| action_sample | AclBooleanType | optional | Sample |
| action_next_term | AclBooleanType | optional | Next Term |
| action_port_mirror | AclBooleanType | optional | port mirror action |
| action_lp | AclActionLossPriority | optional | set loss priority to matched packets |
| action_fwd_class | AclActionForwardingClass | optional | set Forwarding class to matched packets |
| action_fwd_priority | AclActionForwardingPriority | optional | set Forwarding Priority to matched packets |
| action_next_intf | AclActionNextInterface | optional | set Next interface to matched packets |
| action_next_ip | AclActionNextIp | optional | set Next IPv4 to matched packets |
| action_ip_dscp | AclActionSetIpDscp | optional | set IP DSCP to matched packets |
| action_copy_to_host | AclActionCopyToHost | optional | Copy of matching packets to host client name |
| action_policer_inst | AclActionPolicerInstance | optional | Police the matching packets. Ensure that policer exists before using it. |
AclEntryInet6TerminatingAction
Terminating ACL inet6 Actions
| Field | Type | Label | Description |
|---|---|---|---|
| action_accept | AclBooleanType | optional | Accept the matching packets |
| action_discard | AclBooleanType | optional | Discard the matching packets |
| action_reject | AclEntryActionRejectReason | optional | Reject the matching packets |
| action_rt_inst | AclActionRoutingInstance | optional | Direct matching packets to a routing instance |
| action_topo_redirect | AclActionTopologyRedirect | optional | Direct matching packets to a routing instance |
| action_send_to_client | AclActionSendToClient | optional | client name |
| action_send_to_host | AclBooleanType | optional | Direct matching packets to host |
| action_nh | AclActionSetNexthop | optional | set nexthop idx |
AclEntryInetAction
ACL Action
| Field | Type | Label | Description |
|---|---|---|---|
| actions_nt | AclEntryInetNonTerminatingAction | optional | List of non-terminating actions. |
| action_t | AclEntryInetTerminatingAction | optional | One terminating action |
AclEntryInetNonTerminatingAction
Non-terminating ACL Action
| Field | Type | Label | Description |
|---|---|---|---|
| action_count | AclActionCounter | optional | Count the matching packets |
| action_log | AclBooleanType | optional | Log the matching packets |
| action_syslog | AclBooleanType | optional | Syslog the matching packets |
| action_policer | AclActionPolicer | optional | Police the matching packets. / Ensure that policer exists before using it. |
| action_sample | AclBooleanType | optional | Sample |
| action_next_term | AclBooleanType | optional | Next Term |
AclEntryInetTerminatingAction
Terminating ACL Action
| Field | Type | Label | Description |
|---|---|---|---|
| action_accept | AclBooleanType | optional | Accept the matching packets |
| action_discard | AclBooleanType | optional | Discard the matching packets |
| action_reject | AclEntryActionRejectReason | optional | Reject the matching packets |
| action_rt_inst | AclActionRoutingInstance | optional | Direct matching packets to a routing instance |
AclEntryMatchCcc
CCC Matches and Actions
| Field | Type | Label | Description |
|---|---|---|---|
| match_pkt_len | AclMatchPktLen | repeated | List of Packet lengths |
| ifl_names | AclMatchIflNameIndex | repeated | Interface name (IFL with unit like ge-0/0/1.0 or IFL index) |
| ether_types | AclMatchEtherType | repeated | List of Ether type match |
| match_src_macs | AclMatchMacAddress | repeated | List Source MAC match |
| match_dst_macs | AclMatchMacAddress | repeated | List Destination MAC match |
| cfm_opcodes | AclMatchCfmOpcode | repeated | List of CFM Opcode match |
| cfm_levels | AclMatchCfmLevel | repeated | List of CFM Level match |
| match_flex_range | AclMatchFlexibleOffsetRange | optional | Flex Ranges |
| match_flex_mask | AclMatchFlexibleOffsetMask | optional | Flex Masks |
AclEntryMatchEs
An ACL Match
| Field | Type | Label | Description |
|---|---|---|---|
| match_dst_mac_addrs | AclMatchMacAddress | repeated | List of Destination mac addresses |
| match_src_mac_addrs | AclMatchMacAddress | repeated | List of Source mac addresses |
| match_dst_ports | AclMatchPort | repeated | List of Destination ports |
| match_src_ports | AclMatchPort | repeated | List of Source ports |
| match_dscp_code | AclMatchDscpCode | repeated | List of Dscp code points |
| match_protocols | AclMatchProtocol | repeated | List of Protocols |
| match_icmp_type | AclMatchIcmpType | repeated | List of Icmp types |
| match_icmp_code | AclMatchIcmpCode | repeated | List of Icmp codes |
| ifl_names | AclMatchIflNameIndex | repeated | Interface name (IFL with unit, for example: ge-0/0/1.0 or IFL index) |
| match_ether_type | AclMatchEtherType | repeated | |
| match_learn_vlan_id | AclMatchLearnVlanId | repeated | |
| match_learn_vlan_priority | AclMatchLearnVlanPriority | repeated |
AclEntryMatchInet
An ACL Match
| Field | Type | Label | Description |
|---|---|---|---|
| match_dst_addrs | AclMatchIpAddress | repeated | List of Destination addresses |
| match_src_addrs | AclMatchIpAddress | repeated | List of Source addresses |
| match_dst_ports | AclMatchPort | repeated | List of Destination ports |
| match_src_ports | AclMatchPort | repeated | List of Source ports |
| match_dscp_code | AclMatchDscpCode | repeated | List of Dscp code points |
| match_protocols | AclMatchProtocol | repeated | List of Protocols |
| match_icmp_type | AclMatchIcmpType | repeated | List of Icmp types |
| match_icmp_code | AclMatchIcmpCode | repeated | List of Icmp codes |
| match_pkt_len | AclMatchPktLen | repeated | List of Packet lengths |
| match_ttl | AclMatchTtl | repeated | List of Ttl's |
| fragment_flags | AclFragmentFlags | optional | Fragment flag |
| match_frag_offset | AclMatchFragmentOffset | repeated | List of fragment offset range |
| ifl_names | AclMatchIflNameIndex | repeated | Interface name (IFL with unit, for example: ge-0/0/1.0 or IFL index) |
| match_ip_precedence | AclMatchIpPrecedence | repeated | List of ip precedence |
| match_addrs | AclMatchIpAddress | repeated | List of Addresses |
| match_ports | AclMatchPort | repeated | List of Ports |
| match_flex_range | AclMatchFlexibleOffsetRange | optional | Flex Ranges |
| match_flex_mask | AclMatchFlexibleOffsetMask | optional | Flex Masks |
AclEntryMatchInet6
Inet6 Matches and actions
| Field | Type | Label | Description |
|---|---|---|---|
| match_dst_addrs | AclMatchIpAddress | repeated | List of Destination addresses |
| match_src_addrs | AclMatchIpAddress | repeated | List of Source addresses |
| match_dst_ports | AclMatchPort | repeated | List of Destination ports |
| match_src_ports | AclMatchPort | repeated | List of Source ports |
| match_dscp_code | AclMatchDscpCode | repeated | List of Dscp code points |
| payload_protocols | AclMatchProtocol | repeated | List of Protocols |
| match_icmp_type | AclMatchIcmpType | repeated | List of Icmp types |
| match_icmp_code | AclMatchIcmpCode | repeated | List of Icmp codes |
| match_pkt_len | AclMatchPktLen | repeated | List of Packet lengths |
| fragment_flags | AclFragmentFlags | optional | Fragment flag |
| ifl_names | AclMatchIflNameIndex | repeated | Interface name (IFL with unit, for example: ge-0/0/1.0 or IFL index) |
| match_traffic_classes | AclMatchTrafficClass | repeated | List of traffic classes |
| match_addrs | AclMatchIpAddress | repeated | List of Addresses |
| match_flex_range | AclMatchFlexibleOffsetRange | optional | Flex Ranges |
| match_flex_mask | AclMatchFlexibleOffsetMask | optional | Flex Masks |
| ipv6_next_headers | AclMatchNextHeader | repeated | List of Next Header match |
| match_loss_priority | AclMatchLossPriority | repeated | List of Loss Priority |
| match_fwd_class | AclMatchForwardingClass | repeated | List of Forwarding Class |
| match_ports | AclMatchPort | repeated | List of Ports |
AclEntryMatchMpls
Mpls Matches and Actions
| Field | Type | Label | Description |
|---|---|---|---|
| match_label1 | AclMatchMplsLabel | repeated | Label-1 match |
| match_label2 | AclMatchMplsLabel | repeated | Label-2 match |
| match_label3 | AclMatchMplsLabel | repeated | Label-3 match |
| match_flex_range | AclMatchFlexibleOffsetRange | optional | Flex Ranges |
| match_flex_mask | AclMatchFlexibleOffsetMask | optional | Flex Masks |
AclEntryMatchMultiService
multiservices Matches and Actions
| Field | Type | Label | Description |
|---|---|---|---|
| match_dst_addrs | AclMatchIpAddress | repeated | List of Destination addresses (V4) |
| match_src_addrs | AclMatchIpAddress | repeated | List of Source addresses (V4) |
| match_addrs | AclMatchIpAddress | repeated | List of addresses (V4) |
| match_dst_ports | AclMatchPort | repeated | List of Destination ports |
| match_src_ports | AclMatchPort | repeated | List of Source ports |
| match_ip_protocols | AclMatchProtocol | repeated | List of Protocols |
| payload_protocols | AclMatchProtocol | repeated | List of Protocols |
| match_icmp_type | AclMatchIcmpType | repeated | List of Icmp types |
| match_icmp_code | AclMatchIcmpCode | repeated | List of Icmp codes |
| ifl_names | AclMatchIflNameIndex | repeated | Interface name (IFL with unit like ge-0/0/1.0 or IFL index) |
| ipv6_next_headers | AclMatchNextHeader | repeated | List of Next Header match |
| ether_types | AclMatchEtherType | repeated | List of Ether type match |
| match_src_macs | AclMatchMacAddress | repeated | List Source MAC match |
| match_dst_macs | AclMatchMacAddress | repeated | List Destination MAC match |
| vlan_ether_types | AclMatchEtherType | repeated | List of Ether type match |
| stp_state | AclStpMatchFlags | optional | STP state match |
| mesh_group_ids | AclMatchMeshGroup | repeated | List of mesh group id match |
| l2_tokens | AclMatchL2Token | repeated | List of L2 token match |
| match_pkt_len | AclMatchPktLen | repeated | List of Packet lengths |
AclEntryMatchVpls
VPLS Matches and Actions
| Field | Type | Label | Description |
|---|---|---|---|
| match_dst_addrs | AclMatchIpAddress | repeated | List of Destination addresses (V4) |
| match_src_addrs | AclMatchIpAddress | repeated | List of Source addresses (V4) |
| match_dst_v6_addrs | AclMatchIpAddress | repeated | List of Destination addresses (V6) |
| match_src_v6_addrs | AclMatchIpAddress | repeated | List of Source addresses (V6) |
| match_dst_ports | AclMatchPort | repeated | List of Destination ports |
| match_src_ports | AclMatchPort | repeated | List of Source ports |
| match_dscp_code | AclMatchDscpCode | repeated | List of Dscp code points |
| match_ip_protocols | AclMatchProtocol | repeated | List of Protocols |
| payload_protocols | AclMatchProtocol | repeated | List of Protocols |
| match_icmp_type | AclMatchIcmpType | repeated | List of Icmp types |
| match_icmp_code | AclMatchIcmpCode | repeated | List of Icmp codes |
| ifl_names | AclMatchIflNameIndex | repeated | Interface name (IFL with unit, for example: ge-0/0/1.0 or IFL index) |
| match_traffic_classes | AclMatchTrafficClass | repeated | List of traffic classes |
| ipv6_next_headers | AclMatchNextHeader | repeated | List of Next Header match |
| ether_types | AclMatchEtherType | repeated | List of Ether type match |
| match_src_macs | AclMatchMacAddress | repeated | List Source MAC match |
| match_dst_macs | AclMatchMacAddress | repeated | List Destination MAC match |
| vlan_ether_types | AclMatchEtherType | repeated | List of Ether type match |
| learn_vlan_ids | AclMatchVlanId | repeated | List of Vlan Id match |
| user_vlan_ids | AclMatchVlanId | repeated | List of Vlan Id match |
| learn_vlan_priority | AclMatchLearnVlanPriority | repeated | List of Vlan Id match |
| stp_state | AclStpMatchFlags | optional | STP state match |
| mesh_group_ids | AclMatchMeshGroup | repeated | List of mesh group id match |
| cfm_opcodes | AclMatchCfmOpcode | repeated | List of CFM Opcode match |
| cfm_levels | AclMatchCfmLevel | repeated | List of CFM Level match |
| l2_tokens | AclMatchL2Token | repeated | List of L2 token match |
| match_v6_addrs | AclMatchIpAddress | repeated | List of Ipv6 addresses (V6) |
| match_flex_range | AclMatchFlexibleOffsetRange | optional | Flex Ranges |
| match_flex_mask | AclMatchFlexibleOffsetMask | optional | Flex Masks |
| match_pkt_len | AclMatchPktLen | repeated | List of Packet lengths |
AclEntryMplsAction
ACL Mpls Action
| Field | Type | Label | Description |
|---|---|---|---|
| actions_nt | AclEntryMplsNonTerminatingAction | optional | List of non-terminating actions. |
| action_t | AclEntryMplsTerminatingAction | optional | One terminating action |
AclEntryMplsNonTerminatingAction
Non-terminating ACL MPLS Actions
| Field | Type | Label | Description |
|---|---|---|---|
| action_count | AclActionCounter | optional | Count the matching packets |
| action_policer | AclActionPolicer | optional | Police the matching packets. Ensure that policer exists before using it. |
AclEntryMplsTerminatingAction
Terminating ACL MPLS Actions
| Field | Type | Label | Description |
|---|---|---|---|
| action_accept | AclBooleanType | optional | Accept the matching packets |
| action_discard | AclBooleanType | optional | Discard the matching packets |
AclEntryMultiServiceAction
ACL Multi Service Actions
| Field | Type | Label | Description |
|---|---|---|---|
| actions_nt | AclEntryMultiServiceNonTerminatingAction | optional | List of non-terminating actions. |
| action_t | AclEntryMultiServiceTerminatingAction | optional | One terminating action |
AclEntryMultiServiceNonTerminatingAction
Non-terminating ACL Multi Service Actions
| Field | Type | Label | Description |
|---|---|---|---|
| action_count | AclActionCounter | optional | Count the matching packets |
| action_log | AclBooleanType | optional | Log the matching packets |
| action_syslog | AclBooleanType | optional | Syslog the matching packets |
| action_policer | AclActionPolicer | optional | Police the matching packets. Ensure that policer exists before using it. |
| action_sample | AclBooleanType | optional | Sample |
| action_next_term | AclBooleanType | optional | Next Term |
| action_copy_to_host | AclActionCopyToHost | optional | Copy of matching packets to host |
AclEntryMultiServiceTerminatingAction
Terminating ACL Multi Service Actions
| Field | Type | Label | Description |
|---|---|---|---|
| action_accept | AclBooleanType | optional | Accept the matching packets |
| action_discard | AclBooleanType | optional | Discard the matching packets |
| action_send_to_client | AclActionSendToClient | optional | Direct matching packets to client name |
| action_send_to_host | AclBooleanType | optional | Direct matching packets to host |
AclEntryVplsAction
ACL VPLS Action
| Field | Type | Label | Description |
|---|---|---|---|
| actions_nt | AclEntryVplsNonTerminatingAction | optional | List of non-terminating actions. |
| action_t | AclEntryVplsTerminatingAction | optional | One terminating action |
AclEntryVplsNonTerminatingAction
Non-terminating ACL Vpls Actions
| Field | Type | Label | Description |
|---|---|---|---|
| action_count | AclActionCounter | optional | Count the matching packets |
| action_log | AclBooleanType | optional | Log the matching packets |
| action_syslog | AclBooleanType | optional | Syslog the matching packets |
| action_policer | AclActionPolicer | optional | Police the matching packets. Ensure that policer exists before using it. |
| action_sample | AclBooleanType | optional | Sample |
| action_next_term | AclBooleanType | optional | Next Term |
| action_no_mac_learn | AclBooleanType | optional | No Mac Learn |
| action_copy_to_host | AclActionCopyToHost | optional | Copy of matching packets to host client name |
AclEntryVplsTerminatingAction
Terminating ACL Vpls Actions
| Field | Type | Label | Description |
|---|---|---|---|
| action_accept | AclBooleanType | optional | Accept the matching packets |
| action_discard | AclBooleanType | optional | Discard the matching packets |
| action_send_to_client | AclActionSendToClient | optional | Direct matching packets to client name |
| action_send_to_host | AclBooleanType | optional | Direct matching packets to host |
| action_nh | AclActionSetNexthop | optional | set nexthop idx |
AclEsEntry
An Inet ACL entry
| Field | Type | Label | Description |
|---|---|---|---|
| ace_name | string | optional | AclEntry name |
| ace_op | AclEntryOperation | optional | AclEntry operation |
| adjacency | AclAdjacency | optional | Adjacency |
| matches | AclEntryMatchEs | optional | Matches |
| actions | AclEntryEsAction | optional | Actions |
AclInet6Entry
An Inet6 ACL entry
| Field | Type | Label | Description |
|---|---|---|---|
| ace_name | string | optional | AclEntry name |
| ace_op | AclEntryOperation | optional | AclEntry operation |
| adjacency | AclAdjacency | optional | Adjacency |
| matches | AclEntryMatchInet6 | optional | Matches |
| actions | AclEntryInet6Action | optional | Actions |
AclInetEntry
An Inet ACL entry
| Field | Type | Label | Description |
|---|---|---|---|
| ace_name | string | optional | AclEntry name |
| ace_op | AclEntryOperation | optional | AclEntry operation |
| adjacency | AclAdjacency | optional | Adjacency |
| matches | AclEntryMatchInet | optional | Matches |
| actions | AclEntryInetAction | optional | Actions |
AclMatchCfmLevel
CFM Level match condition
| Field | Type | Label | Description |
|---|---|---|---|
| cfm_level | uint32 | optional | cfm_level value |
| match_op | AclMatchOperation | optional | AclMatch op |
AclMatchCfmOpcode
CFM opcode match condition
| Field | Type | Label | Description |
|---|---|---|---|
| min | uint32 | optional | Minimum cfm opcode value |
| max | uint32 | optional | Maximum cfm opcode Value |
| match_op | AclMatchOperation | optional | AclMatch op |
AclMatchDscpCode
DSCP (diffserv code point) match condition
| Field | Type | Label | Description |
|---|---|---|---|
| min | uint32 | optional | Minimum Dscp code |
| max | uint32 | optional | Maximum Dscp code |
| match_op | AclMatchOperation | optional | AclMatch op |
AclMatchEtherType
EtherType Match
| Field | Type | Label | Description |
|---|---|---|---|
| min | uint32 | optional | Minimum Ether type |
| max | uint32 | optional | Maximum Ether type |
| match_op | AclMatchOperation | optional | AclMatch op |
AclMatchFlexOffset
Flex Offset range matches
| Field | Type | Label | Description |
|---|---|---|---|
| min | uint32 | optional | Minimum range value |
| max | uint32 | optional | Maximum range value |
| match_op | AclMatchOperation | optional | AclMatch op |
AclMatchFlexibleMask
A Flexible Mask Match
| Field | Type | Label | Description |
|---|---|---|---|
| start_offset | AclEntryMatchFlexStartOffest | optional | Flex match start offset |
| bit_length | uint32 | optional | Flex match bit length (0 - 32) |
| bit_offset | uint32 | optional | Flex match bit offset (0 - 7) |
| byte_offset | uint32 | optional | Flex match byte offset |
| mask | uint32 | optional | Flex match mask |
| prefix_string | string | optional | 32 Bit, Flex match value in hex format (0x12345678) |
AclMatchFlexibleOffsetMask
A Flexible Offset Mask Match
| Field | Type | Label | Description |
|---|---|---|---|
| flex_mask_match | AclMatchFlexibleMask | optional | Flexible mask match |
AclMatchFlexibleOffsetRange
A Flexible Offset Range Match
| Field | Type | Label | Description |
|---|---|---|---|
| flex_range_match | AclMatchFlexibleRange | optional | Flexible range match |
AclMatchFlexibleRange
A Flexible Range Match
| Field | Type | Label | Description |
|---|---|---|---|
| start_offset | AclEntryMatchFlexStartOffest | optional | Flex match start offset |
| bit_length | uint32 | optional | Flex match bit length (0 - 32) |
| bit_offset | uint32 | optional | Flex match bit offset (0 - 7) |
| byte_offset | uint32 | optional | Flex match byte offset |
| range | AclMatchFlexOffset | optional | Flex match range value |
AclMatchForwardingClass
Forwarding class match condition
| Field | Type | Label | Description |
|---|---|---|---|
| fwd_class | AclForwardingClass | optional | Loss Priority match |
| match_op | AclMatchOperation | optional | AclMatch op |
AclMatchFragmentOffset
Fragment offset match condition for IPv4
| Field | Type | Label | Description |
|---|---|---|---|
| min | uint32 | optional | Fragment offset range start |
| max | uint32 | optional | Fragment offset range start |
| match_op | AclMatchOperation | optional | AclMatch op |
AclMatchIcmpCode
ICMP code match condition
| Field | Type | Label | Description |
|---|---|---|---|
| min | uint32 | optional | Minimum Icmp code |
| max | uint32 | optional | Maximum Icmp code |
| match_op | AclMatchOperation | optional | AclMatch op |
AclMatchIcmpType
ICMP type match condition
| Field | Type | Label | Description |
|---|---|---|---|
| min | uint32 | optional | Minimum Icmp type |
| max | uint32 | optional | Maximum Icmp type |
| match_op | AclMatchOperation | optional | AclMatch op |
AclMatchIflNameIndex
Ifl Index or name
| Field | Type | Label | Description |
|---|---|---|---|
| ifl_name | string | optional | Ifl Name |
| ifl_index | uint32 | optional | Ifl Index |
AclMatchIpAddress
Destination Address match condition
| Field | Type | Label | Description |
|---|---|---|---|
| addr | IpAddress | optional | address |
| prefix_len | uint32 | optional | Destination prefix length |
| match_op | AclMatchOperation | optional | AclMatch op |
AclMatchIpPrecedence
Ip Precedence match
| Field | Type | Label | Description |
|---|---|---|---|
| min | Precedence | optional | Minimum precedence |
| max | Precedence | optional | Maximum precedence |
| match_op | AclMatchOperation | optional | AclMatch op |
AclMatchL2Token
L2 token match condition
| Field | Type | Label | Description |
|---|---|---|---|
| token | uint32 | optional | L2 token value |
| match_op | AclMatchOperation | optional | AclMatch op |
AclMatchLearnVlanId
Learn VLAN ID Match
| Field | Type | Label | Description |
|---|---|---|---|
| min | uint32 | optional | Minimum Learn vlan id |
| max | uint32 | optional | Maximum Learn vLan id |
| match_op | AclMatchOperation | optional | AclMatch op |
AclMatchLearnVlanPriority
Learn VLAN Priority Match
| Field | Type | Label | Description |
|---|---|---|---|
| min | uint32 | optional | Minimum Learn vlan priority |
| max | uint32 | optional | Maximum Learn vLan priority |
| match_op | AclMatchOperation | optional | AclMatch op |
AclMatchLossPriority
Loss Priority match condition
| Field | Type | Label | Description |
|---|---|---|---|
| lp | AclLossPriority | optional | Loss Priority match |
| match_op | AclMatchOperation | optional | AclMatch op |
AclMatchMacAddress
Mac Address match condition
| Field | Type | Label | Description |
|---|---|---|---|
| addr | MacAddress | optional | Mac address |
| addr_len | uint32 | optional | Mac address length |
| match_op | AclMatchOperation | optional | AclMatch op |
AclMatchMeshGroup
Mesh Group match condition
| Field | Type | Label | Description |
|---|---|---|---|
| mesh_group_id | uint32 | optional | mesh_group_id value |
| match_op | AclMatchOperation | optional | AclMatch op |
AclMatchMplsLabel
Mpls label match condition
| Field | Type | Label | Description |
|---|---|---|---|
| min | uint32 | optional | Minimum Label value |
| max | uint32 | optional | Maximum Label Value |
| match_op | AclMatchOperation | optional | AclMatch op |
AclMatchNextHeader
NextHeader match condition
| Field | Type | Label | Description |
|---|---|---|---|
| min | uint32 | optional | Minimum Label value |
| max | uint32 | optional | Maximum Label Value |
| match_op | AclMatchOperation | optional | AclMatch op |
AclMatchPktLen
Packet length match condition
| Field | Type | Label | Description |
|---|---|---|---|
| min | uint32 | optional | Minimum Packet length |
| max | uint32 | optional | Maximum Packet length |
| match_op | AclMatchOperation | optional | AclMatch op |
AclMatchPort
Port match condition
| Field | Type | Label | Description |
|---|---|---|---|
| min | int32 | optional | Minimum port |
| max | int32 | optional | Maximum port |
| match_op | AclMatchOperation | optional | AclMatch op |
AclMatchProtocol
IP Protocol match condition
| Field | Type | Label | Description |
|---|---|---|---|
| min | uint32 | optional | Minimum Protocol number |
| max | uint32 | optional | Maximum Protocol number |
| match_op | AclMatchOperation | optional | AclMatch op |
AclMatchTrafficClass
Traffic class match
| Field | Type | Label | Description |
|---|---|---|---|
| min | int32 | optional | Minimum value |
| max | int32 | optional | Maximum value |
| match_op | AclMatchOperation | optional | AclMatch op |
AclMatchTtl
TTL (Time to live) match condition for IPv4
| Field | Type | Label | Description |
|---|---|---|---|
| min | uint32 | optional | Minimum Time to live |
| max | uint32 | optional | Maximum Time to live |
| match_op | AclMatchOperation | optional | AclMatch op |
AclMatchVlanId
VlanId match condition
| Field | Type | Label | Description |
|---|---|---|---|
| min | uint32 | optional | Minimum Label value |
| max | uint32 | optional | Maximum Label Value |
| match_op | AclMatchOperation | optional | AclMatch op |
AclMplsEntry
MPLS ACL entry
| Field | Type | Label | Description |
|---|---|---|---|
| ace_name | string | optional | AclEntry name |
| ace_op | AclEntryOperation | optional | AclEntry operation |
| adjacency | AclAdjacency | optional | Adjacency |
| matches | AclEntryMatchMpls | optional | Matches |
| actions | AclEntryMplsAction | optional | Actions |
AclMultiServiceEntry
MultiServices ACL entry
| Field | Type | Label | Description |
|---|---|---|---|
| ace_name | string | optional | AclEntry name |
| ace_op | AclEntryOperation | optional | AclEntry operation |
| adjacency | AclAdjacency | optional | Adjacency |
| matches | AclEntryMatchMultiService | optional | Matches |
| actions | AclEntryMultiServiceAction | optional | Actions |
AclPolicerHierarchical
Hierarchical Policer parameters
| Field | Type | Label | Description |
|---|---|---|---|
| aggregate_rate_unit | AclPolicerRate | optional | Bandwidth unit |
| aggregate_rate | uint64 | optional | Bandwidth rate |
| aggregate_burst_size_unit | AclPolicerBurstSize | optional | Burst unit |
| aggregate_burst_size | uint64 | optional | Burst size |
| premium_rate_unit | AclPolicerRate | optional | Bandwidth unit |
| premium_rate | uint64 | optional | Bandwidth rate |
| premium_burst_size_unit | AclPolicerBurstSize | optional | Burst unit |
| premium_burst_size | uint64 | optional | Burst size |
| discard | AclBooleanType | optional | Discard action |
AclPolicerParameter
Policer Parameter
| Field | Type | Label | Description |
|---|---|---|---|
| two_color_parameter | AclPolicerTwoColor | optional | Two color |
| sr_three_color_parameter | AclPolicerSingleRateThreeColor | optional | Three color |
| tr_three_color_parameter | AclPolicerTwoRateThreeColor | optional | Three color |
| hierarchical_parameter | AclPolicerHierarchical | optional | Hierarchical |
AclPolicerSingleRateThreeColor
Policer parameter for single rate three color policer
| Field | Type | Label | Description |
|---|---|---|---|
| committed_rate_unit | AclPolicerRate | optional | Bandwidth unit |
| committed_rate | uint64 | optional | Bandwidth rate |
| committed_burst_unit | AclPolicerBurstSize | optional | Burst unit |
| committed_burst_size | uint64 | optional | Burst size |
| excess_burst_size | uint64 | optional | Burst size |
| excess_burst_unit | AclPolicerBurstSize | optional | Burst unit |
| discard | AclBooleanType | optional | Discard action |
| color_mode | AclColorModeType | optional | Color mode |
AclPolicerTwoColor
Policer parameter for two color policer
| Field | Type | Label | Description |
|---|---|---|---|
| bw_unit | AclPolicerRate | optional | Bandwidth unit |
| bandwidth | uint64 | optional | Bandwidth rate |
| burst_unit | AclPolicerBurstSize | optional | Burst unit |
| burst_size | uint64 | optional | Burst size |
| lp | AclLossPriority | optional | Loss priority |
| fc_string | string | optional | Forwarding class. |
| discard | AclBooleanType | optional | Discard action |
AclPolicerTwoRateThreeColor
Policer parameter for two rate three color policer
| Field | Type | Label | Description |
|---|---|---|---|
| committed_rate_unit | AclPolicerRate | optional | Bandwidth unit |
| committed_rate | uint64 | optional | Bandwidth rate |
| committed_burst_unit | AclPolicerBurstSize | optional | Burst unit |
| committed_burst_size | uint64 | optional | Burst size |
| excess_rate_unit | AclPolicerRate | optional | Bandwidth unit |
| excess_rate | uint64 | optional | Bandwidth rate |
| excess_burst_unit | AclPolicerBurstSize | optional | Burst unit |
| excess_burst_size | uint64 | optional | Burst size |
| discard | AclBooleanType | optional | Discard action |
| color_mode | AclColorModeType | optional |
AclVplsEntry
VPLS ACL entry
| Field | Type | Label | Description |
|---|---|---|---|
| ace_name | string | optional | AclEntry name |
| ace_op | AclEntryOperation | optional | AclEntry operation |
| adjacency | AclAdjacency | optional | Adjacency |
| matches | AclEntryMatchVpls | optional | Matches |
| actions | AclEntryVplsAction | optional | Actions |
AccessListBindObjType
The forwarding element entities to which the ACL can be bound.
| Name | Number | Description |
|---|---|---|
| ACL_BIND_OBJ_TYPE_INVALID | 0 | Invalid |
| ACL_BIND_OBJ_TYPE_INTERFACE | 1 | Interface |
| ACL_BIND_OBJ_TYPE_FWD_TABLE | 2 | Forwarding table |
| ACL_BIND_OBJ_TYPE_VLAN | 3 | Forwarding table |
| ACL_BIND_OBJ_TYPE_BRG_DOMAIN | 4 | Bridge domain |
AccessListFamilies
AccessList Families.
| Name | Number | Description |
|---|---|---|
| ACL_FAMILY_INVALID | 0 | Invalid |
| ACL_FAMILY_INET | 1 | IPv4 family |
| ACL_FAMILY_INET6 | 2 | IPv6 family |
| ACL_FAMILY_ES | 3 | Ethernet Switching family |
| ACL_FAMILY_VPLS | 4 | VPLS family |
| ACL_FAMILY_MULTISERVICE | 5 | MULTISERVICE family |
| ACL_FAMILY_CCC | 6 | CCC family |
| ACL_FAMILY_MPLS | 7 | MPLS family |
AccessListFlags
Any proprietory flag to be enabled at the ACL level.
| Name | Number | Description |
|---|---|---|
| ACL_FLAGS_NONE | 0 | None |
AccessListReturnVal
Return values for the RPCs.
| Name | Number | Description |
|---|---|---|
| ACL_STATUS_EOK | 0 | Success |
| ACL_STATUS_NULL_MESSAGE | 1 | The RPC was a NULL buffer |
| ACL_STATUS_EINVALID_MESSAGE | 2 | Wrong input |
| ACL_STATUS_EINTERNAL | 3 | Server Internal error |
| ACL_STATUS_EUNSUPPORTED_OP | 4 | Operation not supported |
| ACL_STATUS_NO_RESOURCE | 5 | Resource not available at server |
| ACL_STATUS_BS_TIMEOUT | 6 | Bulk Stats timeout |
AccessListTypes
AccessList types.
| Name | Number | Description |
|---|---|---|
| ACL_TYPE_INVALID | 0 | Invalid ACL type |
| ACL_TYPE_CLASSIC | 1 | Classic ACL type |
AclAdjacencyType
Adjacency Type which determines the ACE order in an ACL
| Name | Number | Description |
|---|---|---|
| ACL_ADJACENCY_NONE | 0 | For first ace |
| ACL_ADJACENCY_AFTER | 1 | Add next to the given ace |
| ACL_ADJACENCY_BEFORE | 2 | Add before the given ace |
AclBindDirection
Direction in which an ACL is bound.
| Name | Number | Description |
|---|---|---|
| ACL_BIND_DIRECTION_INVALID | 0 | Invalid bind direction |
| ACL_BIND_DIRECTION_INPUT | 1 | Bind on ingress |
| ACL_BIND_DIRECTION_OUTPUT | 2 | Bind on egress |
AclBooleanType
Boolean types
| Name | Number | Description |
|---|---|---|
| ACL_FALSE | 0 | |
| ACL_TRUE | 1 |
AclColorModeType
Color mode for SRTCM and TRTCM
| Name | Number | Description |
|---|---|---|
| ACL_COLOR_MODE_INVALID | 0 | Invalid Color Mode |
| ACL_COLOR_MODE_COLOR_BLIND | 1 | Color Blind |
| ACL_COLOR_MODE_COLOR_AWARE | 2 | Color Aware |
AclEntryActionRejectReason
| Name | Number | Description |
|---|---|---|
| ACL_ACTION_REJECT_ADMINISTRATIVELY_PROHIBITED | 0 | Send ICMP Administratively Prohibited message |
| ACL_ACTION_REJECT_BAD_HOST_TOS | 1 | Send ICMP Bad Host ToS message |
| ACL_ACTION_REJECT_BAD_NETWORK_TOS | 2 | Send ICMP Bad Network ToS message |
| ACL_ACTION_REJECT_FRAGMENTATION_NEEDED | 3 | Send ICMP Fragmentation Needed message |
| ACL_ACTION_REJECT_HOST_PROHIBITED | 4 | Send ICMP Host Prohibited message |
| ACL_ACTION_REJECT_HOST_UNKNOWN | 5 | Send ICMP Host Unknown message |
| ACL_ACTION_REJECT_HOST_UNREACHABLE | 6 | Send ICMP Host Unreachable message |
| ACL_ACTION_REJECT_NETWORK_PROHIBITED | 7 | Send ICMP Network Prohibited message |
| ACL_ACTION_REJECT_NETWORK_UNKNOWN | 8 | Send ICMP Network Unknown message |
| ACL_ACTION_REJECT_NETWORK_UNREACHABLE | 9 | Send ICMP Network Unreachable message |
| ACL_ACTION_REJECT_PORT_UNREACHABLE | 10 | Send ICMP Port Unreachable message |
| ACL_ACTION_REJECT_PRECEDENCE_CUTOFF | 11 | Send ICMP Precedence Cutoff message |
| ACL_ACTION_REJECT_PRECEDENCE_VIOLATION | 12 | Send ICMP Precedence Violation message |
| ACL_ACTION_REJECT_PROTOCOL_UNREACHABLE | 13 | Send ICMP Protocol Unreachable message |
| ACL_ACTION_REJECT_SOURCE_HOST_ISOLATED | 14 | Send ICMP Source Host Isolated message |
| ACL_ACTION_REJECT_SOURCE_ROUTE_FAILED | 15 | Send ICMP Source Route Failed message |
| ACL_ACTION_REJECT_TCP_RESET | 16 | Send TCP Reset message |
AclEntryMatchFlexStartOffest
Flexible Start Offset Match Conditions
| Name | Number | Description |
|---|---|---|
| ACL_FLEX_MATCH_OFFSET_INVALID | 0 | Invalid Flex match start offset |
| ACL_FLEX_MATCH_OFFSET_LAYER_THREE | 1 | Layer-3 Flex match start offset |
| ACL_FLEX_MATCH_OFFSET_LAYER_FOUR | 2 | Layer-4 Flex match start offset |
| ACL_FLEX_MATCH_OFFSET_PAYLOAD | 3 | Payload Flex match start offset |
AclEntryOperation
ACL Entry operation
| Name | Number | Description |
|---|---|---|
| ACL_ENTRY_OPERATION_INVALID | 0 | Invalid ACE operation |
| ACL_ENTRY_OPERATION_ADD | 1 | Add a new ACE. Can be used with Add ACL, Change ACL, replace ACL API's |
| ACL_ENTRY_OPERATION_DELETE | 2 | Delete an existing ace. Can be used with change ACL API |
| ACL_ENTRY_OPERATION_REPLACE | 3 | Replace an existing ace. Must provide adjacency details to preserve the order of the ace. Can be used with Change ACL API |
AclForwardingClass
Forwarding Class
| Name | Number | Description |
|---|---|---|
| ACL_FORWARDING_CLASS_INVALID | 0 | Invalid ACL forwarding class |
| ACL_FORWARDING_CLASS_ASSURED | 1 | Assured |
| ACL_FORWARDING_CLASS_BEST_EFFORT | 2 | Best effort |
| ACL_FORWARDING_CLASS_EXPEDITED | 3 | Expedited |
| ACL_FORWARDING_CLASS_NETWORK_CONTROL | 4 | Network Control |
AclFragmentFlags
Fragment Flags
| Name | Number | Description |
|---|---|---|
| ACL_FRAGMENT_NONE | 0 | None |
| ACL_DONT_FRAGMENT | 1 | Dont fragment flag |
| ACL_IS_FRAGMENT | 2 | Is fragment flag |
| ACL_FIRST_FRAGMENT | 3 | First fragment flag |
| ACL_LAST_FRAGMENT | 4 | More last fragment flag |
AclLossPriority
Loss Priority
| Name | Number | Description |
|---|---|---|
| ACL_LOSS_PRIORITY_INVALID | 0 | Invalid Loss Priority |
| ACL_LOSS_PRIORITY_HIGH | 1 | Loss Priority HIGH |
| ACL_LOSS_PRIORITY_MEDIUM_HIGH | 2 | Loss Priority MEDIUM-HIGH |
| ACL_LOSS_PRIORITY_MEDIUM_LOW | 3 | Loss priority - MEDIUM-LOW |
| ACL_LOSS_PRIORITY_LOW | 4 | Loss priority - LOW |
AclMatchOperation
Supported Match Operations
| Name | Number | Description |
|---|---|---|
| ACL_MATCH_OP_INVALID | 0 | Invalid match operation |
| ACL_MATCH_OP_EQUAL | 1 | Match operation equal |
| ACL_MATCH_OP_NOT_EQUAL | 2 | Match operation not equal |
AclPolicerBurstSize
Policer Burst Size
| Name | Number | Description |
|---|---|---|
| ACL_POLICER_BURST_SIZE_INVALID | 0 | Invalid Policer Burst Size |
| ACL_POLICER_BURST_SIZE_BYTE | 1 | Bytes |
| ACL_POLICER_BURST_SIZE_KBYTE | 2 | KiloBytes |
| ACL_POLICER_BURST_SIZE_MBYTE | 3 | MegaBytes |
| ACL_POLICER_BURST_SIZE_GBYTE | 4 | GigaBytes |
AclPolicerFlags
Policer Flags
| Name | Number | Description |
|---|---|---|
| ACL_POLICER_FLAG_INVALID | 0 | Invalid Policer Flag |
| ACL_POLICER_FLAG_TERM_SPECIFIC | 1 | The policer instance is activated for each ACE it is referenced. |
| ACL_POLICER_FLAG_FILTER_SPECIFIC | 2 | The policer instance is activated at global ACL level. |
AclPolicerRate
Policer Rate unit
| Name | Number | Description |
|---|---|---|
| ACL_POLICER_RATE_INVALID | 0 | Invalid Policer Rate |
| ACL_POLICER_RATE_BPS | 1 | Bits per second |
| ACL_POLICER_RATE_KBPS | 2 | Kilobits per second |
| ACL_POLICER_RATE_MBPS | 3 | Megabits per second |
| ACL_POLICER_RATE_GBPS | 4 | Gigabits per second |
AclPolicerType
Various ACL Policer Type
| Name | Number | Description |
|---|---|---|
| ACL_POLICER_INVALID | 0 | Invalid policer type |
| ACL_TWO_COLOR_POLICER | 1 | Single rate two color |
| ACL_SINGLE_RATE_THREE_COLOR_POLICER | 2 | Single rate three color |
| ACL_TWO_RATE_THREE_COLOR_POLICER | 3 | Two rate three color |
| ACL_HIERARCHICAL_POLICER | 4 | Hierarchical |
AclStpMatchFlags
STP match Flags
| Name | Number | Description |
|---|---|---|
| ACL_MATCH_STP_FLAG_INVALID | 0 | Invalid STP flag |
| ACL_MATCH_STP_FLAG_BLOCKING | 1 | Match BLOCKING STP flag |
| ACL_MATCH_STP_FLAG_FORWARDING | 2 | Match FORWARDING STP flag |
Precedence
Precedence
| Name | Number | Description |
|---|---|---|
| ACL_PRECENCE_ROUTINE | 0 | Routine precedence |
| ACL_PRECENCE_PRIORITY | 1 | Priority precedence |
| ACL_PRECENCE_IMMEDIATE | 2 | Immediate precedence |
| ACL_PRECENCE_FLASH | 3 | Flash precedence |
| ACL_PRECENCE_FLASH_OVERRIDE | 4 | Flash override precedence |
| ACL_PRECENCE_CRITICAL_ECP | 5 | Critical ecp precedence |
| ACL_PRECENCE_INTERNET_CONTROL | 6 | Internet control precedence |
| ACL_PRECENCE_NET_CONTROL | 7 | Network control precedence |
AclService
ACL Service APIs defines a set of simple RPCs to operate upon the various components, viz. - ACL
ACE
Policer
Attachment Points
Statistics
Each of RPCs are named by concatenating the corresponding ACL object and the operation to be performed. This gives an easy to understand semantics to the RPCs.
| Method Name | Request Type | Response Type | Description |
|---|---|---|---|
| AccessListAdd | AccessList | AccessListReturnStatus | Adds an ACL and returns the result. |
| AccessListDelete | AccessList | AccessListReturnStatus | Delete an ACL from the system and return the result. For successful delete to happen, the ACL should not be bound to any object. |
| AccessListChange | AccessList | AccessListReturnStatus | Changes an ACL based on the list of ACL entries provided, and returns the result. It is advisable to use this API to for small incremental changes. For wholesale changes, it is recommended to use the 'Replace' version of the API. |
| AccessListBindAdd | AccessListObjBind | AccessListReturnStatus | Add a binding of an ACL with a bind object and return the result. |
| AccessListBindDelete | AccessListObjBind | AccessListReturnStatus | Deletes a binding of an ACL with a bind object and return the result. |
| AccessListPolicerAdd | AccessListPolicer | AccessListReturnStatus | Adds a policer and returns the result. |
| AccessListPolicerReplace | AccessListPolicer | AccessListReturnStatus | Changes a policer and returns the result. |
| AccessListPolicerDelete | AccessListPolicer | AccessListReturnStatus | Deletes a policer and returns the result. |
| AccessListPileupStart | AccessListVoid | AccessListReturnStatus | Following are optimized command to let the server know to accumulate the Access List Entries and configure on when AccessListPileupEnd is received. For every AccessList RPC invocation, the entire ACL is applied to the system For application which wants to do batching for better performance, the AccessListPileupStart and AccessListPileupEnd will help achieve that. |
| AccessListPileupEnd | AccessListVoid | AccessListReturnStatus | Following are optimized command to let the server know to accumulate the ace_list and configure on when AccessListPileupEnd is received. For every AccessList RPC invocation, the entire ACL is applied to the system For application which wants to do batching for better performance, the AccessListPileupStart and AccessListPileupEnd will help achieve that. |
| AccessListCounterGet | AccessListCounter | AccessListCounterVal | Few points to note with this API. The call is going to be blocking for worst case of 10 seconds which is non configurable. The counter name is expected to be fully resolved. For example: for term specific policer counter it is expected to be passed to full counter name. |
| AccessListPolicerCounterGet | AccessListCounter | AccessListCounterVal | |
| AccessListCounterClear | AccessListCounter | AccessListReturnStatus | Clears a particular counter whose fully qualified name is provided, associated with an ACL. Few points to note with this API. Currently only 1 counter get is supported. The counter name is expected to be fully resolved. For example: for term specific policer counter it is expected to be passed to full counter name. |
| AccessListCounterBulkGet | AccessListCounterBulk | AccessListCounterVal | Get all the counters associated with an ACL. Each call to this API will return 10 counters from the starting_index specified in AccessListCounterBulk message. The client is expected to run this API in loop which should stop in either one of the following condition: a. The targeted number of counters are retrieved. b. An error is returned. c. The API returns less than 10 counters. |
| AccessListPolicerCounterBulkGet | AccessListCounterBulk | AccessListCounterVal | Get all the policer counters associated with an ACL. Each call to this API will return 10 counters from the starting_index specified in AccessListCounterBulk message. The client is expected to run this API in loop which should stop in either one of the following condition: a. The targeted number of counters are retrieved. b. An error is returned. c. The API returns less than 10 counters. |