Skip to main content

YANG Data Model for Network Access Control Lists (ACLs)
RFC 8519

Revision differences

Document history

Date Rev. By Action
2019-06-24
21 (System) Received changes through RFC Editor sync (added Errata tag)
2019-03-12
21 (System)
Received changes through RFC Editor sync (created alias RFC 8519, changed title to 'YANG Data Model for Network Access Control Lists (ACLs)', changed abstract …
Received changes through RFC Editor sync (created alias RFC 8519, changed title to 'YANG Data Model for Network Access Control Lists (ACLs)', changed abstract to 'This document defines a data model for Access Control Lists (ACLs).  An ACL is a user-ordered set of rules used to configure the forwarding behavior in a device.  Each rule is used to find a match on a packet and define actions that will be performed on the packet.', changed standardization level to Proposed Standard, changed state to RFC, added RFC published event at 2019-03-12, changed IESG state to RFC Published)
2019-03-12
21 (System) RFC published
2019-03-06
21 (System) RFC Editor state changed to <a href="http://www.rfc-editor.org/auth48/rfc8519">AUTH48-DONE</a> from AUTH48
2019-03-04
21 (System) RFC Editor state changed to <a href="http://www.rfc-editor.org/auth48/rfc8519">AUTH48</a> from AUTH48-DONE
2019-02-19
21 (System) RFC Editor state changed to <a href="http://www.rfc-editor.org/auth48/rfc8519">AUTH48-DONE</a> from AUTH48
2019-01-28
21 (System) RFC Editor state changed to <a href="http://www.rfc-editor.org/auth48/rfc8519">AUTH48</a> from RFC-EDITOR
2018-12-17
21 (System) RFC Editor state changed to RFC-EDITOR from EDIT
2018-11-09
21 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on Authors
2018-11-08
21 (System) IANA Action state changed to Waiting on Authors from In Progress
2018-11-08
21 (System) IANA Action state changed to In Progress from Waiting on Authors
2018-11-08
21 (System) IANA Action state changed to Waiting on Authors from In Progress
2018-11-07
21 (System) IANA Action state changed to In Progress
2018-11-07
21 (System) RFC Editor state changed to EDIT
2018-11-07
21 (System) IESG state changed to RFC Ed Queue from Approved-announcement sent
2018-11-07
21 (System) Announcement was received by RFC Editor
2018-11-06
21 Cindy Morgan IESG state changed to Approved-announcement sent from Approved-announcement to be sent
2018-11-06
21 Cindy Morgan IESG has approved the document
2018-11-06
21 Cindy Morgan Closed "Approve" ballot
2018-11-06
21 Cindy Morgan Ballot approval text was generated
2018-11-06
21 Ignas Bagdonas IESG state changed to Approved-announcement to be sent from IESG Evaluation::AD Followup
2018-11-06
21 Mirja Kühlewind [Ballot comment]
Thanks for addressing my discuss!
2018-11-06
21 Mirja Kühlewind [Ballot Position Update] Position for Mirja Kühlewind has been changed to No Objection from Discuss
2018-11-06
21 Mahesh Jethanandani New version available: draft-ietf-netmod-acl-model-21.txt
2018-11-06
21 (System) New version approved
2018-11-06
21 (System)
Request for posting confirmation emailed to previous authors: Lisa Huang <huangyi_99@yahoo.com>, Mahesh Jethanandani <mjethanandani@gmail.com>, Sonal Agarwal <sagarwal12@gmail.com>, Dana Blair …
Request for posting confirmation emailed to previous authors: Lisa Huang <huangyi_99@yahoo.com>, Mahesh Jethanandani <mjethanandani@gmail.com>, Sonal Agarwal <sagarwal12@gmail.com>, Dana Blair <dana@blairhome.com>
2018-11-06
21 Mahesh Jethanandani Uploaded new revision
2018-10-01
20 Suresh Krishnan [Ballot comment]
Thanks for addressing my DISCUSS point.
2018-10-01
20 Suresh Krishnan [Ballot Position Update] Position for Suresh Krishnan has been changed to No Objection from Discuss
2018-10-01
20 (System) Sub state has been changed to AD Followup from Revised ID Needed
2018-10-01
20 (System) IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed
2018-10-01
20 Mahesh Jethanandani New version available: draft-ietf-netmod-acl-model-20.txt
2018-10-01
20 (System) New version approved
2018-10-01
20 (System)
Request for posting confirmation emailed to previous authors: netmod-chairs@ietf.org, Dana Blair <dblair@cisco.com>, Lisa Huang <lyihuang16@gmail.com>, Mahesh Jethanandani <mjethanandani@gmail.com>, …
Request for posting confirmation emailed to previous authors: netmod-chairs@ietf.org, Dana Blair <dblair@cisco.com>, Lisa Huang <lyihuang16@gmail.com>, Mahesh Jethanandani <mjethanandani@gmail.com>, Sonal Agarwal <sagarwal12@gmail.com>
2018-10-01
20 Mahesh Jethanandani Uploaded new revision
2018-09-28
19 Benjamin Kaduk
[Ballot comment]
Thank you for quickly (and, partially, preemptively!) addressing my Discuss points.
Original comments preserved below.

I tried to call out the editorial nits …
[Ballot comment]
Thank you for quickly (and, partially, preemptively!) addressing my Discuss points.
Original comments preserved below.

I tried to call out the editorial nits as such; there are a couple non-editorial
comments embedded within.

Section 1

  The match criteria allows for definition of packet headers and
  metadata, all of which must be true for the match to occur.

nit: Is this missing a word like "contents"?

  The matching of filters and actions in an ACE/ACL are triggered only
  after application/attachment of the ACL to an interface, VRF, vty/tty
  session, QoS policy, routing protocols amongst various other config
  attachment points.

nit: I think the end of this list needs some clarification/termination,
like "and routing protocols, amongst"

Section 3

                                                                  The
  match criteria allows for definition of packet headers or metadata,
  if supported by the vendor.  [...]

(same nit as above re "contents")

  Metadata matching applies to fields associated with the packet, but
  not in the packet header such as input interface, packet length, or
  source or destination prefix length.  The actions can be any sort of

nit: comma after "not in the packet header"

Section 4.1

nit: The feature match-on-udp and -icmp descriptions should probably use
the plural "headers" to match the other features' descriptions.

The mixed-<blah> features seem to implicitly assume that if features X and
Y are individually supported, then the combination is also supported.  I
could imagine that there might exist hardware for which that assumption is
not true, but don't know if there actually is any such hardware or it's
common enough to be worth caring about here.

  grouping acl-counters {
    leaf matched-packets {
      [...]
          An implementation should provide this counter on a
          per-interface per-ACL-entry if possible.

nit: missing "basis"?  (Also in subsequent instances.)

Section A.1

It's unclear that using abc@newco.com (in particular, the @newco.com part)
in an example is reasonable; @newco.example would be better.
2018-09-28
19 Benjamin Kaduk [Ballot Position Update] Position for Benjamin Kaduk has been changed to No Objection from Discuss
2018-09-28
19 Alissa Cooper
[Ballot comment]
Thanks all for getting my question about the IEEE answered.

Original COMMENT:

Sec 1:

s/Policy Based Routing, Firewalls etc./policy-based routing, firewalls, etc./

"The …
[Ballot comment]
Thanks all for getting my question about the IEEE answered.

Original COMMENT:

Sec 1:

s/Policy Based Routing, Firewalls etc./policy-based routing, firewalls, etc./

"The matching of filters and actions in an ACE/ACL are triggered only
  after application/attachment of the ACL to an interface, VRF, vty/tty
  session, QoS policy, routing protocols amongst various other config
  attachment points."

This is a sentence fragment.

s/in the ACE's/in the ACEs/

Sec 3.1:

"There are two YANG modules in the model."

Is this technically correct, given that ietf-ethertypes is also defined here?

Also, I don't think the definition of ietf-ethertypes belongs in an appendix under the heading "Extending ACL model examples." I can imagine that other modules will want to import this module and that seems like a strange place to put it.

Sec 4.1:

For avoidance of confusion, I would suggest replacing "l2," "l3," and "l4" with "layer2," "layer3," and "layer4," respectively.

s/Definitions of action for this ace entry/Definitions of action for this ACE entry/

s/Specifies the forwarding action per ace entry/Specifies the forwarding action per ACE entry/

Sec 4.2:

"This module imports definitions from Common YANG Data Types [RFC6991]
  and references IP [RFC0791], ICMP [RFC0792], Definition of the
  Differentiated Services Field in the IPv4 and IPv6 Headers [RFC2474],
  The Addition of Explicit Congestion Notification (ECN) to IP
  [RFC3168], , IPv6 Scoped Address Architecture [RFC4007], IPv6
  Addressing Architecture [RFC4291], A Recommendation for IPv6 Address
  Text Representation [RFC5952], IPv6 [RFC8200]."

It looks like something is missing from this list, possibly RFC 793.

Sec 5:

In this section or elsewhere it would be nice to see a sentence noting that this YANG model allows the configuration of packet logging, which if used would additionally warrant protections against unauthorized log access and a logs retention policy.
2018-09-28
19 Alissa Cooper [Ballot Position Update] Position for Alissa Cooper has been changed to No Objection from Discuss
2018-09-27
19 Jean Mahoney Request for Telechat review by GENART Completed: Ready. Reviewer: Meral Shirazipour.
2018-09-27
19 Cindy Morgan IESG state changed to IESG Evaluation::Revised I-D Needed from IESG Evaluation
2018-09-27
19 Alexey Melnikov [Ballot comment]
I would have been "Yes" if I read the document more attentively.

Agreeing with Mirja's and Benjamin's DISCUSS points.
2018-09-27
19 Alexey Melnikov Ballot comment text updated for Alexey Melnikov
2018-09-26
19 Adam Roach
[Ballot comment]
Thanks to everyone who contributed their time and knowledge to this document. I
have two minor comments.

Throughout the data module, the terms …
[Ballot comment]
Thanks to everyone who contributed their time and knowledge to this document. I
have two minor comments.

Throughout the data module, the terms "ace" and "ACE" are used interchangeably.
It would probably be good to rationalize these (I would suggest "ACE").

---------------------------------------------------------------------------

§4.3 and 4.4:

These examples use IPv4 addresses exclusively. Please update to use IPv6 or a
mix of IPv4 and IPv6. See https://www.iab.org/2016/11/07/iab-statement-on-ipv6/
for additional information.
2018-09-26
19 Adam Roach [Ballot Position Update] New position, No Objection, has been recorded for Adam Roach
2018-09-26
19 Suresh Krishnan
[Ballot discuss]
This document is missing ACL handling for ICMPv6 (RFC4443) completely. As the ICMP types and codes are different for ICMP and …
[Ballot discuss]
This document is missing ACL handling for ICMPv6 (RFC4443) completely. As the ICMP types and codes are different for ICMP and ICMPv6 I think this model should be included to cover ICMPv6.
2018-09-26
19 Suresh Krishnan [Ballot Position Update] New position, Discuss, has been recorded for Suresh Krishnan
2018-09-26
19 Terry Manderson [Ballot Position Update] New position, No Objection, has been recorded for Terry Manderson
2018-09-26
19 Warren Kumari
[Ballot comment]
--- original DISCUSS for archives ----

Be ye not afraid -- this DISCUSS is easily cleared, but sufficiently important that I thought it …
[Ballot comment]
--- original DISCUSS for archives ----

Be ye not afraid -- this DISCUSS is easily cleared, but sufficiently important that I thought it worth making, and making sure it didn't slip through the cracks.

The description for match-on-ipv4 says: "The device can support matching on IPv4 headers.", but the description for 'match-on-tcp', 'match-on-udp', 'match-on-icmp' say: "The device can support <protocol> headers." I really think that these need to be "The device can support matching on <protocol> headers."

------


Section 1:
"In case a vendor supports it, metadata matches apply to fields associated with the packet but not in the packet header such as input interface or overall packet length".
I don't have a suggested replacement, but seeing as this is introductory text, I figured it was aimed at people not familiar with how forwarding / filtering works. I'm slightly concerned that some people will get confused, because almost all protocols include a "packet length" in the header.  Perhaps just dropping the "or overall packet length"? (Yes, we could get into a long thing on protocol packet length, and overall length, etc, but that's likely to not be helpful in the document).

Section 2:
Nit: "It is very important that model can be used easily by applications/attachments."
models.

Section 3:
"Packet header matching applies to fields visible in the packet such as address or CoS or port numbers."
CoS isn't expanded, and isn't in the well known acronyms list. RFC2474 perhaps?

Section 3:
"These include features such as "Device can support ethernet headers" or "Device can support of IPv4 headers".
"can support of" makes no sense. Also, I *think* Ethernet is uppercase. This is a nit.
2018-09-26
19 Warren Kumari [Ballot Position Update] Position for Warren Kumari has been changed to No Objection from Discuss
2018-09-26
19 Alissa Cooper
[Ballot discuss]
We previously had a work item we were tracking with the IEEE leadership around the IEEE writing a YANG module for ethertypes. I …
[Ballot discuss]
We previously had a work item we were tracking with the IEEE leadership around the IEEE writing a YANG module for ethertypes. I just wanted to check that the IEEE is aware that this document is defining a placeholder module for ethertypes until such time that they define one.
2018-09-26
19 Alissa Cooper
[Ballot comment]
Sec 1:

s/Policy Based Routing, Firewalls etc./policy-based routing, firewalls, etc./

"The matching of filters and actions in an ACE/ACL are triggered only
  …
[Ballot comment]
Sec 1:

s/Policy Based Routing, Firewalls etc./policy-based routing, firewalls, etc./

"The matching of filters and actions in an ACE/ACL are triggered only
  after application/attachment of the ACL to an interface, VRF, vty/tty
  session, QoS policy, routing protocols amongst various other config
  attachment points."

This is a sentence fragment.

s/in the ACE's/in the ACEs/

Sec 3.1:

"There are two YANG modules in the model."

Is this technically correct, given that ietf-ethertypes is also defined here?

Also, I don't think the definition of ietf-ethertypes belongs in an appendix under the heading "Extending ACL model examples." I can imagine that other modules will want to import this module and that seems like a strange place to put it.

Sec 4.1:

For avoidance of confusion, I would suggest replacing "l2," "l3," and "l4" with "layer2," "layer3," and "layer4," respectively.

s/Definitions of action for this ace entry/Definitions of action for this ACE entry/

s/Specifies the forwarding action per ace entry/Specifies the forwarding action per ACE entry/

Sec 4.2:

"This module imports definitions from Common YANG Data Types [RFC6991]
  and references IP [RFC0791], ICMP [RFC0792], Definition of the
  Differentiated Services Field in the IPv4 and IPv6 Headers [RFC2474],
  The Addition of Explicit Congestion Notification (ECN) to IP
  [RFC3168], , IPv6 Scoped Address Architecture [RFC4007], IPv6
  Addressing Architecture [RFC4291], A Recommendation for IPv6 Address
  Text Representation [RFC5952], IPv6 [RFC8200]."

It looks like something is missing from this list, possibly RFC 793.

Sec 5:

In this section or elsewhere it would be nice to see a sentence noting that this YANG model allows the configuration of packet logging, which if used would additionally warrant protections against unauthorized log access and a logs retention policy.
2018-09-26
19 Alissa Cooper [Ballot Position Update] New position, Discuss, has been recorded for Alissa Cooper
2018-09-26
19 Warren Kumari
[Ballot discuss]
Be ye not afraid -- this DISCUSS is easily cleared, but sufficiently important that I thought it worth making, and making sure it …
[Ballot discuss]
Be ye not afraid -- this DISCUSS is easily cleared, but sufficiently important that I thought it worth making, and making sure it didn't slip through the cracks.

The description for match-on-ipv4 says: "The device can support matching on IPv4 headers.", but the description for 'match-on-tcp', 'match-on-udp', 'match-on-icmp' say: "The device can support <protocol> headers." I really think that these need to be "The device can support matching on <protocol> headers."
2018-09-26
19 Warren Kumari
[Ballot comment]
Section 1:
"In case a vendor supports it, metadata matches apply to fields associated with the packet but not in the packet header …
[Ballot comment]
Section 1:
"In case a vendor supports it, metadata matches apply to fields associated with the packet but not in the packet header such as input interface or overall packet length".
I don't have a suggested replacement, but seeing as this is introductory text, I figured it was aimed at people not familiar with how forwarding / filtering works. I'm slightly concerned that some people will get confused, because almost all protocols include a "packet length" in the header.  Perhaps just dropping the "or overall packet length"? (Yes, we could get into a long thing on protocol packet length, and overall length, etc, but that's likely to not be helpful in the document).

Section 2:
Nit: "It is very important that model can be used easily by applications/attachments."
models.

Section 3:
"Packet header matching applies to fields visible in the packet such as address or CoS or port numbers."
CoS isn't expanded, and isn't in the well known acronyms list. RFC2474 perhaps?

Section 3:
"These include features such as "Device can support ethernet headers" or "Device can support of IPv4 headers".
"can support of" makes no sense. Also, I *think* Ethernet is uppercase. This is a nit.
2018-09-26
19 Warren Kumari [Ballot Position Update] New position, Discuss, has been recorded for Warren Kumari
2018-09-26
19 Ben Campbell [Ballot comment]
I support Benjamin’s and Mirja’s DISCUSS points.
2018-09-26
19 Ben Campbell [Ballot Position Update] New position, No Objection, has been recorded for Ben Campbell
2018-09-26
19 Benjamin Kaduk
[Ballot discuss]
I think this is good work to have, overall, and the document pretty easy to read.
That said, I think the Security Considerations …
[Ballot discuss]
I think this is good work to have, overall, and the document pretty easy to read.
That said, I think the Security Considerations need to be expanded a bit more before
this document get published:

                                  Write operations (e.g., <edit-config>)
  to these data nodes without proper protection can have a negative
  effect on network operations.

I think the effects can be on more than just *network* operations, there
can be negative effects for end systems that (e.g.) experience DoS attacks
that would otherwise have been blocked, receive maliciously crafted packets
that trigger application bugs, are used as part of (e.g.) UDP amplification
attacks, etc.

      /acls/acl/aces: This list specifies all the configured access
      control entries on the device.  Unauthorized write access to this
      list can allow intruders to access and control the system.
      Unauthorized read access to this list can allow intruders to spoof
      packets with authorized addresses thereby compromising the system.

I agree with the secdir reviewer that "the system" needs to be clarified,
and that the consequences of unauthorized write and read access need to be
more clearly described.
His proposed text is much better than the present text, though there are
other ways to convey the needed information.
2018-09-26
19 Benjamin Kaduk
[Ballot comment]
I tried to call out the editorial nits as such; there are a couple non-editorial
comments embedded within.

Section 1

  The match …
[Ballot comment]
I tried to call out the editorial nits as such; there are a couple non-editorial
comments embedded within.

Section 1

  The match criteria allows for definition of packet headers and
  metadata, all of which must be true for the match to occur.

nit: Is this missing a word like "contents"?

  The matching of filters and actions in an ACE/ACL are triggered only
  after application/attachment of the ACL to an interface, VRF, vty/tty
  session, QoS policy, routing protocols amongst various other config
  attachment points.

nit: I think the end of this list needs some clarification/termination,
like "and routing protocols, amongst"

Section 3

                                                                  The
  match criteria allows for definition of packet headers or metadata,
  if supported by the vendor.  [...]

(same nit as above re "contents")

  Metadata matching applies to fields associated with the packet, but
  not in the packet header such as input interface, packet length, or
  source or destination prefix length.  The actions can be any sort of

nit: comma after "not in the packet header"

Section 4.1

nit: The feature match-on-udp and -icmp descriptions should probably use
the plural "headers" to match the other features' descriptions.

The mixed-<blah> features seem to implicitly assume that if features X and
Y are individually supported, then the combination is also supported.  I
could imagine that there might exist hardware for which that assumption is
not true, but don't know if there actually is any such hardware or it's
common enough to be worth caring about here.

  grouping acl-counters {
    leaf matched-packets {
      [...]
          An implementation should provide this counter on a
          per-interface per-ACL-entry if possible.

nit: missing "basis"?  (Also in subsequent instances.)

Section A.1

It's unclear that using abc@newco.com (in particular, the @newco.com part)
in an example is reasonable; @newco.example would be better.
2018-09-26
19 Benjamin Kaduk [Ballot Position Update] New position, Discuss, has been recorded for Benjamin Kaduk
2018-09-26
19 Alexey Melnikov [Ballot comment]
I would have been "Yes" if I read the document more attentively.

Agreeing with Mirja's DISCUSS points.
2018-09-26
19 Alexey Melnikov [Ballot Position Update] New position, No Objection, has been recorded for Alexey Melnikov
2018-09-25
19 Alvaro Retana [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana
2018-09-25
19 Deborah Brungard [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard
2018-09-25
19 Joe Clarke Request for Telechat review by OPSDIR Completed: Has Nits. Reviewer: Joe Clarke. Sent review to list.
2018-09-21
19 Gunter Van de Velde Request for Telechat review by OPSDIR is assigned to Joe Clarke
2018-09-21
19 Gunter Van de Velde Request for Telechat review by OPSDIR is assigned to Joe Clarke
2018-09-21
19 Mirja Kühlewind
[Ballot discuss]
1) The tcp options element is type uint32, however, the option field in the TCP header can be up to 40 bytes.

2) …
[Ballot discuss]
1) The tcp options element is type uint32, however, the option field in the TCP header can be up to 40 bytes.

2) Why are only TCP and UDP supported? What's about SCTP and DCCP?

3) The icmp rest-of-header can also be larger than 4 bytes but the type is uint32 again.
2018-09-21
19 Mirja Kühlewind [Ballot Position Update] New position, Discuss, has been recorded for Mirja Kühlewind
2018-09-13
19 Jean Mahoney Request for Telechat review by GENART is assigned to Meral Shirazipour
2018-09-13
19 Jean Mahoney Request for Telechat review by GENART is assigned to Meral Shirazipour
2018-09-11
19 Ignas Bagdonas IESG state changed to IESG Evaluation from Waiting for AD Go-Ahead
2018-09-11
19 Ignas Bagdonas IESG state changed to Waiting for AD Go-Ahead from Waiting for Writeup
2018-09-10
19 Amanda Baber IANA Review state changed to IANA OK - Actions Needed from IANA - Not OK
2018-09-10
19 Amy Vezza Placed on agenda for telechat - 2018-09-27
2018-09-10
19 Ignas Bagdonas Ballot has been issued
2018-09-10
19 Ignas Bagdonas [Ballot Position Update] New position, Yes, has been recorded for Ignas Bagdonas
2018-09-10
19 Ignas Bagdonas Created "Approve" ballot
2018-09-10
19 Ignas Bagdonas Ballot writeup was changed
2018-08-29
19 Jean Mahoney Closed request for Last Call review by GENART with state 'No Response'
2018-07-17
19 Min Ye Request for Telechat review by RTGDIR Completed: Ready. Reviewer: Manav Bhatia.
2018-07-11
19 Allison Mankin Request for Last Call review by TSVART Completed: Almost Ready. Reviewer: Allison Mankin.
2018-07-09
19 (System) IESG state changed to Waiting for Writeup from In Last Call
2018-07-05
19 (System) IANA Review state changed to IANA - Not OK from IANA - Review Needed
2018-07-05
19 Sabrina Tanamal
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has completed its review of draft-ietf-netmod-acl-model-19. If any part of this review is inaccurate, please let …
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has completed its review of draft-ietf-netmod-acl-model-19. If any part of this review is inaccurate, please let us know.

The IANA Functions Operator has a question about one of the actions requested in the IANA Considerations section of this document.

The IANA Functions Operator understands that, upon approval of this document, there are two actions which we must complete.

First, in the ns registry on the IETF XML Registry page located at:

https://www.iana.org/assignments/xml-registry/

three, new namespaces will be registered as follows:

ID: yang:ietf-access-control-list
URI: urn:ietf:params:xml:ns:yang:ietf-access-control-list
Filename: [ TBD-at-Registration ]
Reference: [ RFC-to-be ]

ID: yang:ietf-packet-fields
URI: urn:ietf:params:xml:ns:yang:ietf-packet-fields
Filename: [ TBD-at-Registration ]
Reference: [ RFC-to-be ]

ID: yang:ietf-ethertypes
URI: uurn:ietf:params:xml:ns:yang:ietf-ethertypes
Filename: [ TBD-at-Registration ]
Reference: [ RFC-to-be ]

As this document requests registrations in a Specification Required (see RFC 8126) registry, we will initiate the required Expert Review via a separate request. Expert review will need to be completed before your document can be approved for publication as an RFC.

Second, in the YANG Module Names registry on the YANG Parameters registry page located at:

https://www.iana.org/assignments/yang-parameters/

three, new YANG modules will be registered as follows:

Name: ietf-access-control-list
File: [ TBD-at-Registration ]
Maintained by IANA?
Namespace: urn:ietf:params:xml:ns:yang:ietf-access-control-list
Prefix: acl
Module:
Reference: [ RFC-to-be ]

Name: ietf-packet-fields
File: [ TBD-at-Registration ]
Maintained by IANA?
Namespace: urn:ietf:params:xml:ns:yang:ietf-packet-fields
Prefix: packet-fields
Module:
Reference: [ RFC-to-be ]

Name: ietf-ethertypes
File: [ TBD-at-Registration ]
Maintained by IANA?
Namespace: urn:ietf:params:xml:ns:yang:ietf-ethertypes
Prefix: ethertypes
Module:
Reference: [ RFC-to-be ]

IANA Question --> What should be the entry for the registry value "Maintained by IANA?" for these new YANG modules?

While the YANG module names will be registered after the IESG approves the document, the YANG module files will be posted after the RFC Editor notifies us that the document has been published.

The IANA Functions Operator understands that these are the only actions required to be completed upon approval of this document.

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

Thank you,

Sabrina Tanamal
Senior IANA Services Specialist
2018-07-05
19 Tero Kivinen Request for Last Call review by SECDIR Completed: Has Issues. Reviewer: Steve Hanna.
2018-07-04
19 Min Ye Request for Telechat review by RTGDIR is assigned to Manav Bhatia
2018-07-04
19 Min Ye Request for Telechat review by RTGDIR is assigned to Manav Bhatia
2018-07-04
19 Min Ye Request for Telechat review by RTGDIR is assigned to Ron Bonica
2018-07-04
19 Min Ye Request for Telechat review by RTGDIR is assigned to Ron Bonica
2018-07-04
19 Min Ye Request for Telechat review by RTGDIR is assigned to Matthew Bocci
2018-07-04
19 Min Ye Request for Telechat review by RTGDIR is assigned to Matthew Bocci
2018-07-03
19 Magnus Westerlund Request for Last Call review by TSVART is assigned to Allison Mankin
2018-07-03
19 Magnus Westerlund Request for Last Call review by TSVART is assigned to Allison Mankin
2018-06-28
19 Min Ye Request for Telechat review by RTGDIR is assigned to Manav Bhatia
2018-06-28
19 Min Ye Request for Telechat review by RTGDIR is assigned to Manav Bhatia
2018-06-28
19 Jean Mahoney Request for Last Call review by GENART is assigned to Jouni Korhonen
2018-06-28
19 Jean Mahoney Request for Last Call review by GENART is assigned to Jouni Korhonen
2018-06-27
19 Tero Kivinen Request for Last Call review by SECDIR is assigned to Steve Hanna
2018-06-27
19 Tero Kivinen Request for Last Call review by SECDIR is assigned to Steve Hanna
2018-06-27
19 Alvaro Retana Requested Telechat review by RTGDIR
2018-06-25
19 Amy Vezza IANA Review state changed to IANA - Review Needed
2018-06-25
19 Amy Vezza
The following Last Call announcement was sent out (ends 2018-07-09):<br><br>From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
CC: ibagdona@gmail.com, netmod-chairs@ietf.org, …
The following Last Call announcement was sent out (ends 2018-07-09):<br><br>From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
CC: ibagdona@gmail.com, netmod-chairs@ietf.org, kwatsen@juniper.net, netmod@ietf.org, Kent Watsen <kwatsen@juniper.net>, draft-ietf-netmod-acl-model@ietf.org
Reply-To: ietf@ietf.org
Sender: <iesg-secretary@ietf.org>
Subject: Last Call: <draft-ietf-netmod-acl-model-19.txt> (Network Access Control List (ACL) YANG Data Model) to Proposed Standard


The IESG has received a request from the Network Modeling WG (netmod) to
consider the following document: - 'Network Access Control List (ACL) YANG
Data Model'
  <draft-ietf-netmod-acl-model-19.txt> as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2018-07-09. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the beginning of
the Subject line to allow automated sorting.

Abstract


  This document defines a data model for Access Control List (ACL).  An
  ACL is a user-ordered set of rules, used to configure the forwarding
  behavior in device.  Each rule is used to find a match on a packet,
  and define actions that will be performed on the packet.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-netmod-acl-model/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-netmod-acl-model/ballot/


No IPR declarations have been submitted directly on this I-D.




2018-06-25
19 Amy Vezza IESG state changed to In Last Call from Last Call Requested
2018-06-25
19 Amy Vezza Last call announcement was changed
2018-06-24
19 Ignas Bagdonas Last call was requested
2018-06-24
19 Ignas Bagdonas Last call announcement was generated
2018-06-24
19 Ignas Bagdonas Ballot approval text was generated
2018-06-24
19 Ignas Bagdonas Ballot writeup was generated
2018-06-24
19 Ignas Bagdonas IESG state changed to Last Call Requested from AD Evaluation
2018-06-12
19 Ignas Bagdonas IESG state changed to AD Evaluation from Publication Requested
2018-05-21
19 Kent Watsen
As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up.

Changes are expected over time. This version is dated …
As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up.

Changes are expected over time. This version is dated 24 February 2012.

(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)?  Why
is this the proper type of RFC?  Is this type of RFC indicated in the
title page header?

A Proposed Standard is being requested.  A proposed standard is needed
to ensure interoperability.  The title page header indicates that it is
a Standards Track document.

(2) The IESG approval announcement includes a Document Announcement
Write-Up. Please provide such a Document Announcement Write-Up. Recent
examples can be found in the "Action" announcements for approved
documents. The approval announcement contains the following sections:

Technical Summary

  Relevant content can frequently be found in the abstract
  and/or introduction of the document. If not, this may be
  an indication that there are deficiencies in the abstract
  or introduction.

  From the Abstract:

    This document defines a data model for Access Control List (ACL).  An
    ACL is a user-ordered set of rules, used to configure the forwarding
    behavior in device.  Each rule is used to find a match on a packet,
    and define actions that will be performed on the packet.

Working Group Summary

  Was there anything in WG process that is worth noting? For
  example, was there controversy about particular points or
  were there decisions where the consensus was particularly
  rough?

  The document was originally had a different primary author
  (see doc history if name is important) but then, when issues
  were raised, the author didn't have time to work on them,
  and a new set of authors came in, and decided on a different
  solution in order to resolve the issues raised.  The original
  author didn't agree with the changes and asked to be removed.
  At the moment, the document appears to have strong WG
  consensus.  The authors have been attentive to addressing
  the many issues raised over time.

Document Quality

  Are there existing implementations of the protocol? Have a
  significant number of vendors indicated their plan to
  implement the specification? Are there any reviewers that
  merit special mention as having done a thorough review,
  e.g., one that resulted in important changes or a
  conclusion that the document had no substantive issues? If
  there was a MIB Doctor, Media Type or other expert review,
  what was its course (briefly)? In the case of a Media Type
  review, on what date was the request posted?

  There have been no implementations of this YANG module as
  of yet, as far as I'm aware.  That said, the lead developer of
  firewalls at a large vendor is an author, and has been attentive
  to implementability throughout the effort.


Personnel

  Who is the Document Shepherd? Who is the Responsible Area
  Director?

  The Shepherd is Kent Watsen.  The AD is Ignas Bagdonas.

(3) Briefly describe the review of this document that was performed by
the Document Shepherd.  If this version of the document is not ready
for publication, please explain why the document is being forwarded to
the IESG.

  The Document Shepherd went through the "checklist" listed here:
  http://trac.tools.ietf.org/group/iesg/trac/wiki/DraftShepherdWriteupWgAlternate


(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?

  Plenty of input from operators.  The shepherd wishes that there was more
  involvement from vendors but, given how long the draft has been a
  work-in-progress, one can only conclude that it's not something the
  vendors prioritized working on.

(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization? If so, describe the review that
took place.

  There was a YANG doctor review a while back, and YANG doctors additionally
  participated during the Last Call.  Beyond YANG, there isn't a need for any
  review from a particular or broader perspective.

(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the
IESG should be aware of? For example, perhaps he or she is uncomfortable
with certain parts of the document, or has concerns whether there really
is a need for it. In any event, if the WG has discussed those issues and
has indicated that it still wishes to advance the document, detail those
concerns here.

  The shepherd has heard that some view the solution defined here as being
  particular to firewalls, and yet ACLs are used for other features too, thus
  using the acronym "acl" might be over-reaching a bit.

(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed. If not, explain why.

[UPDATED 5/22] IPR responses have now been received from all the authors.
  Mailman: https://mailarchive.ietf.org/arch/msg/netmod/rGGvgA_mfmIZn4qX7zopdZWCue0
  MHonArc: https://www.ietf.org/mail-archive/web/netmod/current/msg20881.html

(8) Has an IPR disclosure been filed that references this document?
If so, summarize any WG discussion and conclusion regarding the IPR
disclosures.

    No IPR disclosures have been filed that reference this document.

(9) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with others
being silent, or does the WG as a whole understand and agree with it? 

  Strong concurrence of a few individuals, with others being silent

(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director. (It should be in a
separate email because this questionnaire is publicly available.)

  No one has threatened an appeal, but the aforementioned former
  author expressed extreme discontent, though not having cycles to
  actually engage in discussion, leaves us to thinking that the author
  is in the rough.


(11) Identify any ID nits the Document Shepherd has found in this
document. (See https://www.ietf.org/tools/idnits/ and the Internet-Drafts
Checklist). Boilerplate checks are not enough; this check needs to be
thorough.

  No meaningful IDnits are found with the current version (-19).  There are
  four "weird spacing" warnings, but they are non-issues as they appear
  inside the YANG-based artwork.


(12) Describe how the document meets any required formal review
criteria, such as the MIB Doctor, media type, and URI type reviews.

  There was a YANG doctor review a while back, and YANG doctors
  additionally participated during the Last Call.


(13) Have all references within this document been identified as
either normative or informative?

  Yes, but isn't this always the case?  Perhaps the question is if they have
  been *correctly* identified, in which case the shepherd thinks that they
  are in -19.


(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative
references exist, what is the plan for their completion?

  All normative references have already advanced to RFC status.


(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in
the Last Call procedure.

  There are no downward normative references.


(16) Will publication of this document change the status of any
existing RFCs? Are those RFCs listed on the title page header, listed
in the abstract, and discussed in the introduction? If the RFCs are not
listed in the Abstract and Introduction, explain why, and point to the
part of the document where the relationship of this document to the
other RFCs is discussed. If this information is not in the document,
explain why the WG considers it unnecessary.

  The publication of this document will NOT change the status of any
  existing RFCs.


(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document. Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly
identified. Confirm that newly created IANA registries include a
detailed specification of the initial contents for the registry, that
allocations procedures for future registrations are defined, and a
reasonable name for the new registry has been suggested (see RFC 5226).

  Yes, the IANA Considerations section appears complete and accurate.


(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find
useful in selecting the IANA Experts for these new registries.

  This document does not define any new IANA registries.


(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.

The shepherd validated all yang modules using both the `pyang` and `yanglint`
tools.  The shepherd also validated the five XML examples in Section 4 of the
document using the `yanglint` tool.

2018-04-27
19 Kent Watsen
As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up.

Changes are expected over time. This version is dated …
As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up.

Changes are expected over time. This version is dated 24 February 2012.

(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)?  Why
is this the proper type of RFC?  Is this type of RFC indicated in the
title page header?

A Proposed Standard is being requested.  A proposed standard is needed
to ensure interoperability.  The title page header indicates that it is
a Standards Track document.

(2) The IESG approval announcement includes a Document Announcement
Write-Up. Please provide such a Document Announcement Write-Up. Recent
examples can be found in the "Action" announcements for approved
documents. The approval announcement contains the following sections:

Technical Summary

  Relevant content can frequently be found in the abstract
  and/or introduction of the document. If not, this may be
  an indication that there are deficiencies in the abstract
  or introduction.

  From the Abstract:

    This document defines a data model for Access Control List (ACL).  An
    ACL is a user-ordered set of rules, used to configure the forwarding
    behavior in device.  Each rule is used to find a match on a packet,
    and define actions that will be performed on the packet.

Working Group Summary

  Was there anything in WG process that is worth noting? For
  example, was there controversy about particular points or
  were there decisions where the consensus was particularly
  rough?

  The document was originally had a different primary author
  (see doc history if name is important) but then, when issues
  were raised, the author didn't have time to work on them,
  and a new set of authors came in, and decided on a different
  solution in order to resolve the issues raised.  The original
  author didn't agree with the changes and asked to be removed.
  At the moment, the document appears to have strong WG
  consensus.  The authors have been attentive to addressing
  the many issues raised over time.

Document Quality

  Are there existing implementations of the protocol? Have a
  significant number of vendors indicated their plan to
  implement the specification? Are there any reviewers that
  merit special mention as having done a thorough review,
  e.g., one that resulted in important changes or a
  conclusion that the document had no substantive issues? If
  there was a MIB Doctor, Media Type or other expert review,
  what was its course (briefly)? In the case of a Media Type
  review, on what date was the request posted?

  There have been no implementations of this YANG module as
  of yet, as far as I'm aware.  That said, the lead developer of
  firewalls at a large vendor is an author, and has been attentive
  to implementability throughout the effort.


Personnel

  Who is the Document Shepherd? Who is the Responsible Area
  Director?

  The Shepherd is Kent Watsen.  The AD is Ignas Bagdonas.

(3) Briefly describe the review of this document that was performed by
the Document Shepherd.  If this version of the document is not ready
for publication, please explain why the document is being forwarded to
the IESG.

  The Document Shepherd went through the "checklist" listed here:
  http://trac.tools.ietf.org/group/iesg/trac/wiki/DraftShepherdWriteupWgAlternate


(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?

  Plenty of input from operators.  The shepherd wishes that there was more
  involvement from vendors but, given how long the draft has been a
  work-in-progress, one can only conclude that it's not something the
  vendors prioritized working on.

(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization? If so, describe the review that
took place.

  There was a YANG doctor review a while back, and YANG doctors additionally
  participated during the Last Call.  Beyond YANG, there isn't a need for any
  review from a particular or broader perspective.

(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the
IESG should be aware of? For example, perhaps he or she is uncomfortable
with certain parts of the document, or has concerns whether there really
is a need for it. In any event, if the WG has discussed those issues and
has indicated that it still wishes to advance the document, detail those
concerns here.

  The shepherd has heard that some view the solution defined here as being
  particular to firewalls, and yet ACLs are used for other features too, thus
  using the acronym "acl" might be over-reaching a bit.

(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed. If not, explain why.

  IPR responses have been received only from the active authors.
  Mailman: https://mailarchive.ietf.org/arch/msg/netmod/rGGvgA_mfmIZn4qX7zopdZWCue0
  MHonArc: https://www.ietf.org/mail-archive/web/netmod/current/msg20881.html

  IPR responses have not been received from the inactive authors, who have
  not been heard from in almost two years, back before the draft was, for the
  most part, rewritten.  One of the inactive's author's email has been returning
  bounced messages for a few months, no one seems to know his current email
  address.  An email sent to co-chairs and AD yesterday regarding what to do
  has not yet received a reply...

(8) Has an IPR disclosure been filed that references this document?
If so, summarize any WG discussion and conclusion regarding the IPR
disclosures.

    No IPR disclosures have been filed that reference this document.

(9) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with others
being silent, or does the WG as a whole understand and agree with it? 

  Strong concurrence of a few individuals, with others being silent

(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director. (It should be in a
separate email because this questionnaire is publicly available.)

  No one has threatened an appeal, but the aforementioned former
  author expressed extreme discontent, though not having cycles to
  actually engage in discussion, leaves us to thinking that the author
  is in the rough.


(11) Identify any ID nits the Document Shepherd has found in this
document. (See https://www.ietf.org/tools/idnits/ and the Internet-Drafts
Checklist). Boilerplate checks are not enough; this check needs to be
thorough.

  No meaningful IDnits are found with the current version (-19).  There are
  four "weird spacing" warnings, but they are non-issues as they appear
  inside the YANG-based artwork.


(12) Describe how the document meets any required formal review
criteria, such as the MIB Doctor, media type, and URI type reviews.

  There was a YANG doctor review a while back, and YANG doctors
  additionally participated during the Last Call.


(13) Have all references within this document been identified as
either normative or informative?

  Yes, but isn't this always the case?  Perhaps the question is if they have
  been *correctly* identified, in which case the shepherd thinks that they
  are in -19.


(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative
references exist, what is the plan for their completion?

  All normative references have already advanced to RFC status.


(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in
the Last Call procedure.

  There are no downward normative references.


(16) Will publication of this document change the status of any
existing RFCs? Are those RFCs listed on the title page header, listed
in the abstract, and discussed in the introduction? If the RFCs are not
listed in the Abstract and Introduction, explain why, and point to the
part of the document where the relationship of this document to the
other RFCs is discussed. If this information is not in the document,
explain why the WG considers it unnecessary.

  The publication of this document will NOT change the status of any
  existing RFCs.


(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document. Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly
identified. Confirm that newly created IANA registries include a
detailed specification of the initial contents for the registry, that
allocations procedures for future registrations are defined, and a
reasonable name for the new registry has been suggested (see RFC 5226).

  Yes, the IANA Considerations section appears complete and accurate.


(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find
useful in selecting the IANA Experts for these new registries.

  This document does not define any new IANA registries.


(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.

The shepherd validated all yang modules using both the `pyang` and `yanglint`
tools.  The shepherd also validated the five XML examples in Section 4 of the
document using the `yanglint` tool.

2018-04-27
19 Mahesh Jethanandani New version available: draft-ietf-netmod-acl-model-19.txt
2018-04-27
19 (System) New version approved
2018-04-27
19 (System)
Request for posting confirmation emailed to previous authors: Dana Blair <dblair@cisco.com>, Lisa Huang <lyihuang16@gmail.com>, Mahesh Jethanandani <mjethanandani@gmail.com>, Sonal Agarwal …
Request for posting confirmation emailed to previous authors: Dana Blair <dblair@cisco.com>, Lisa Huang <lyihuang16@gmail.com>, Mahesh Jethanandani <mjethanandani@gmail.com>, Sonal Agarwal <sagarwal12@gmail.com>
2018-04-27
19 Mahesh Jethanandani Uploaded new revision
2018-04-26
18 Kent Watsen
[Hi Ignas.  There are some minor updates needed, per https://mailarchive.ietf.org/arch/msg/netmod/tzZEsmGJBIcU7EP0pF8wvMjA9wI.  You can go ahead are start processing this document now (if so inclined) with …
[Hi Ignas.  There are some minor updates needed, per https://mailarchive.ietf.org/arch/msg/netmod/tzZEsmGJBIcU7EP0pF8wvMjA9wI.  You can go ahead are start processing this document now (if so inclined) with the assumption that an updated draft will be posted to address said issues, and that I'll come back and edit this shepherd writeup to remove this note and some of the comments below.  I imagine all this happening before you put this document up on the Tele-Chat.  Kent]


As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up.

Changes are expected over time. This version is dated 24 February 2012.

(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)?  Why
is this the proper type of RFC?  Is this type of RFC indicated in the
title page header?

A Proposed Standard is being requested.  A proposed standard is needed
to ensure interoperability.  The title page header indicates that it is
a Standards Track document.

(2) The IESG approval announcement includes a Document Announcement
Write-Up. Please provide such a Document Announcement Write-Up. Recent
examples can be found in the "Action" announcements for approved
documents. The approval announcement contains the following sections:

Technical Summary

  Relevant content can frequently be found in the abstract
  and/or introduction of the document. If not, this may be
  an indication that there are deficiencies in the abstract
  or introduction.

  From the Abstract:

    This document defines a data model for Access Control List (ACL).  An
    ACL is a user-ordered set of rules, used to configure the forwarding
    behavior in device.  Each rule is used to find a match on a packet,
    and define actions that will be performed on the packet.

Working Group Summary

  Was there anything in WG process that is worth noting? For
  example, was there controversy about particular points or
  were there decisions where the consensus was particularly
  rough?

  The document was originally had a different primary author
  (see doc history if name is important) but then, when issues
  were raised, the author didn't have time to work on them,
  and a new set of authors came in, and decided on a different
  solution in order to resolve the issues raised.  The original
  author didn't agree with the changes and asked to be removed.
  At the moment, the document appears to have strong WG
  consensus.  The authors have been attentive to addressing
  the many issues raised over time.

Document Quality

  Are there existing implementations of the protocol? Have a
  significant number of vendors indicated their plan to
  implement the specification? Are there any reviewers that
  merit special mention as having done a thorough review,
  e.g., one that resulted in important changes or a
  conclusion that the document had no substantive issues? If
  there was a MIB Doctor, Media Type or other expert review,
  what was its course (briefly)? In the case of a Media Type
  review, on what date was the request posted?

  There have been no implementations of this YANG module as
  of yet, as far as I'm aware.  That said, the lead developer of
  firewalls at a large vendor is an author, and has been attentive
  to implementability throughout the effort.


Personnel

  Who is the Document Shepherd? Who is the Responsible Area
  Director?

  The Shepherd is Kent Watsen.  The AD is Ignas Bagdonas.

(3) Briefly describe the review of this document that was performed by
the Document Shepherd.  If this version of the document is not ready
for publication, please explain why the document is being forwarded to
the IESG.

  The Document Shepherd went through the "checklist" listed here:
  http://trac.tools.ietf.org/group/iesg/trac/wiki/DraftShepherdWriteupWgAlternate


(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?

  Plenty of input from operators.  The shepherd wishes that there was more
  involvement from vendors but, given how long the draft has been a
  work-in-progress, one can only conclude that it's not something the
  vendors prioritized working on.

(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization? If so, describe the review that
took place.

  There was a YANG doctor review a while back, and YANG doctors additionally
  participated during the Last Call.  Beyond YANG, there isn't a need for any
  review from a particular or broader perspective.

(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the
IESG should be aware of? For example, perhaps he or she is uncomfortable
with certain parts of the document, or has concerns whether there really
is a need for it. In any event, if the WG has discussed those issues and
has indicated that it still wishes to advance the document, detail those
concerns here.

  The shepherd has heard that some view the solution defined here as being
  particular to firewalls, and yet ACLs are used for other features too, thus
  using the acronym "acl" might be over-reaching a bit.

(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed. If not, explain why.

[Waiting for all responses to come in]

(8) Has an IPR disclosure been filed that references this document?
If so, summarize any WG discussion and conclusion regarding the IPR
disclosures.

[Waiting for all responses to come in]

(9) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with others
being silent, or does the WG as a whole understand and agree with it? 

  strong concurrence of a few individuals, with others being silent

(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director. (It should be in a
separate email because this questionnaire is publicly available.)

  no one has threatened an appeal, but the aforementioned former
  author expressed extreme discontent, though not having cycles to
  actually engage in discussion, leaves us to thinking that the author
  is in the rough.


(11) Identify any ID nits the Document Shepherd has found in this
document. (See https://www.ietf.org/tools/idnits/ and the Internet-Drafts
Checklist). Boilerplate checks are not enough; this check needs to be
thorough.

IDnits found four items, all of which are being fixed now:
  - Obsolete normative reference: RFC 6536 should be RFC 8341
  - Outdated reference: draft-ietf-netmod-rfc7223bis has been published
    as RFC 8343
  - Outdated reference: draft-ietf-netmod-yang-tree-diagrams has been
    published as RFC 8340
  - The document has examples using IPv4 documentation addresses according
    to RFC6890, but does not use any IPv6 documentation addresses.  Maybe
    there should be IPv6 examples, too?

  Other IDnits found issues are non-issues.


(12) Describe how the document meets any required formal review
criteria, such as the MIB Doctor, media type, and URI type reviews.

  There was a YANG doctor review a while back, and YANG doctors
  additionally participated during the Last Call.


(13) Have all references within this document been identified as
either normative or informative?

  Yes, though the shepherd feels that some Normative could be
  Informative.  Email sent to authors.


(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative
references exist, what is the plan for their completion?

  All normative references have already advanced to RFC status.


(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in
the Last Call procedure.

  There are no downward normative references.

(16) Will publication of this document change the status of any
existing RFCs? Are those RFCs listed on the title page header, listed
in the abstract, and discussed in the introduction? If the RFCs are not
listed in the Abstract and Introduction, explain why, and point to the
part of the document where the relationship of this document to the
other RFCs is discussed. If this information is not in the document,
explain why the WG considers it unnecessary.

  The publication of this document will NOT change the status of any
  existing RFCs.

(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document. Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly
identified. Confirm that newly created IANA registries include a
detailed specification of the initial contents for the registry, that
allocations procedures for future registrations are defined, and a
reasonable name for the new registry has been suggested (see RFC 5226).

  Yes, the IANA Considerations section appears complete and accurate.


(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find
useful in selecting the IANA Experts for these new registries.

  This document does not define any new IANA registries.


(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.

The shepherd validated all yang modules using both the `pyang` and `yanglint`
tools.  The shepherd also validated the five XML examples in Section 4 of the
document using the `yanglint` tool.


2018-04-26
18 Kent Watsen Responsible AD changed to Ignas Bagdonas
2018-04-26
18 Kent Watsen IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up
2018-04-26
18 Kent Watsen IESG state changed to Publication Requested
2018-04-26
18 Kent Watsen IESG process started in state Publication Requested
2018-04-26
18 Kent Watsen Changed document writeup
2018-04-26
18 Kent Watsen Changed document writeup
2018-04-25
18 Kent Watsen Changed document writeup
2018-03-16
18 Cindy Morgan New version available: draft-ietf-netmod-acl-model-18.txt
2018-03-16
18 (System) Secretariat manually posting. Approvals already received
2018-03-16
18 Cindy Morgan Uploaded new revision
2018-03-03
17 Mahesh Jethanandani New version available: draft-ietf-netmod-acl-model-17.txt
2018-03-03
17 (System) New version approved
2018-03-03
17 (System)
Request for posting confirmation emailed to previous authors: Dana Blair <dblair@cisco.com>, Lisa Huang <lyihuang16@gmail.com>, Mahesh Jethanandani <mjethanandani@gmail.com>, Sonal Agarwal …
Request for posting confirmation emailed to previous authors: Dana Blair <dblair@cisco.com>, Lisa Huang <lyihuang16@gmail.com>, Mahesh Jethanandani <mjethanandani@gmail.com>, Sonal Agarwal <sagarwal12@gmail.com>
2018-03-03
17 Mahesh Jethanandani Uploaded new revision
2018-02-12
16 Kent Watsen IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call
2018-02-02
16 Mahesh Jethanandani New version available: draft-ietf-netmod-acl-model-16.txt
2018-02-02
16 (System) New version approved
2018-02-02
16 (System)
Request for posting confirmation emailed to previous authors: Dana Blair <dblair@cisco.com>, Lisa Huang <lyihuang16@gmail.com>, Mahesh Jethanandani <mjethanandani@gmail.com>, Sonal Agarwal …
Request for posting confirmation emailed to previous authors: Dana Blair <dblair@cisco.com>, Lisa Huang <lyihuang16@gmail.com>, Mahesh Jethanandani <mjethanandani@gmail.com>, Sonal Agarwal <sagarwal12@gmail.com>
2018-02-02
16 Mahesh Jethanandani Uploaded new revision
2018-01-17
15 Kent Watsen IETF WG state changed to In WG Last Call from WG Document
2018-01-17
15 Kent Watsen Changed consensus to Yes from Unknown
2018-01-17
15 Kent Watsen Intended Status changed to Proposed Standard from None
2018-01-16
15 Mahesh Jethanandani New version available: draft-ietf-netmod-acl-model-15.txt
2018-01-16
15 (System) New version approved
2018-01-16
15 (System)
Request for posting confirmation emailed to previous authors: netmod-chairs@ietf.org, Dana Blair <dblair@cisco.com>, Lisa Huang <lyihuang16@gmail.com>, Mahesh Jethanandani <mjethanandani@gmail.com>, …
Request for posting confirmation emailed to previous authors: netmod-chairs@ietf.org, Dana Blair <dblair@cisco.com>, Lisa Huang <lyihuang16@gmail.com>, Mahesh Jethanandani <mjethanandani@gmail.com>, Sonal Agarwal <agarwaso@cisco.com>
2018-01-16
15 Mahesh Jethanandani Uploaded new revision
2017-11-09
14 Zitao Wang Added to session: IETF-100: netmod  Wed-1330
2017-10-03
14 Sonal Agarwal New version available: draft-ietf-netmod-acl-model-14.txt
2017-10-03
14 (System) New version approved
2017-10-03
14 (System)
Request for posting confirmation emailed to previous authors: Dana Blair <dblair@cisco.com>, Lisa Huang <lyihuang16@gmail.com>, Mahesh Jethanandani <mjethanandani@gmail.com>, Sonal Agarwal …
Request for posting confirmation emailed to previous authors: Dana Blair <dblair@cisco.com>, Lisa Huang <lyihuang16@gmail.com>, Mahesh Jethanandani <mjethanandani@gmail.com>, Sonal Agarwal <agarwaso@cisco.com>
2017-10-03
14 Sonal Agarwal Uploaded new revision
2017-09-12
13 Mahesh Jethanandani New version available: draft-ietf-netmod-acl-model-13.txt
2017-09-12
13 (System) New version approved
2017-09-12
13 (System)
Request for posting confirmation emailed to previous authors: Sonal Agarwal <agarwaso@cisco.com>, Lisa Huang <lyihuang16@gmail.com>, Mahesh Jethanandani <mjethanandani@gmail.com>, Dana Blair …
Request for posting confirmation emailed to previous authors: Sonal Agarwal <agarwaso@cisco.com>, Lisa Huang <lyihuang16@gmail.com>, Mahesh Jethanandani <mjethanandani@gmail.com>, Dana Blair <dblair@cisco.com>
2017-09-12
13 Mahesh Jethanandani Uploaded new revision
2017-09-01
12 Mahesh Jethanandani New version available: draft-ietf-netmod-acl-model-12.txt
2017-09-01
12 (System) New version approved
2017-09-01
12 (System)
Request for posting confirmation emailed to previous authors: netmod-chairs@ietf.org, Sonal Agarwal <agarwaso@cisco.com>, Mahesh Jethanandani <mjethanandani@gmail.com>, Lisa Huang <lyihuang16@gmail.com>, …
Request for posting confirmation emailed to previous authors: netmod-chairs@ietf.org, Sonal Agarwal <agarwaso@cisco.com>, Mahesh Jethanandani <mjethanandani@gmail.com>, Lisa Huang <lyihuang16@gmail.com>, Dean Bogdanovic <ivandean@gmail.com>, Dana Blair <dblair@cisco.com>
2017-09-01
12 Mahesh Jethanandani Uploaded new revision
2017-07-18
11 Zitao Wang Added to session: IETF-99: netmod  Wed-1330
2017-07-18
11 Zitao Wang Removed from session: IETF-99: netmod  Wed-1330
2017-07-18
11 Zitao Wang Added to session: IETF-99: netmod  Wed-1330
2017-07-18
11 Zitao Wang Removed from session: IETF-99: netmod  Wed-1330
2017-07-16
11 Zitao Wang Added to session: IETF-99: netmod  Wed-1330
2017-06-16
11 Dean Bogdanović New version available: draft-ietf-netmod-acl-model-11.txt
2017-06-16
11 (System) New version approved
2017-06-16
11 (System)
Request for posting confirmation emailed to previous authors: netmod-chairs@ietf.org, Dana Blair <dblair@cisco.com>, Lisa Huang <lyihuang16@gmail.com>, Dean Bogdanovic <ivandean@gmail.com>, …
Request for posting confirmation emailed to previous authors: netmod-chairs@ietf.org, Dana Blair <dblair@cisco.com>, Lisa Huang <lyihuang16@gmail.com>, Dean Bogdanovic <ivandean@gmail.com>, Kiran Koushik <kkoushik@cisco.com>
2017-06-16
11 Dean Bogdanović Uploaded new revision
2017-03-17
10 Mehmet Ersue Request for Early review by YANGDOCTORS Completed: Ready with Issues. Reviewer: Mahesh Jethanandani.
2017-03-17
10 Mehmet Ersue Request for Early review by YANGDOCTORS is assigned to Mahesh Jethanandani
2017-03-17
10 Mehmet Ersue Request for Early review by YANGDOCTORS is assigned to Mahesh Jethanandani
2017-03-17
10 Mehmet Ersue Requested Early review by YANGDOCTORS
2017-03-13
10 Dean Bogdanović New version available: draft-ietf-netmod-acl-model-10.txt
2017-03-13
10 (System) New version approved
2017-03-13
10 (System)
Request for posting confirmation emailed to previous authors: netmod-chairs@ietf.org, Dana Blair <dblair@cisco.com>, Lisa Huang <lyihuang16@gmail.com>, Dean Bogdanovic <ivandean@gmail.com>, …
Request for posting confirmation emailed to previous authors: netmod-chairs@ietf.org, Dana Blair <dblair@cisco.com>, Lisa Huang <lyihuang16@gmail.com>, Dean Bogdanovic <ivandean@gmail.com>, Kiran Koushik <kkoushik@cisco.com>
2017-03-13
10 Dean Bogdanović Uploaded new revision
2016-10-13
09 Dean Bogdanović New version available: draft-ietf-netmod-acl-model-09.txt
2016-10-13
09 (System) New version approved
2016-10-13
08 (System)
Request for posting confirmation emailed to previous authors: netmod-chairs@ietf.org, "Kiran Koushik" <kkoushik@cisco.com>, "Dana Blair" <dblair@cisco.com>, "Lisa Huang" <lyihuang16@gmail.com>, …
Request for posting confirmation emailed to previous authors: netmod-chairs@ietf.org, "Kiran Koushik" <kkoushik@cisco.com>, "Dana Blair" <dblair@cisco.com>, "Lisa Huang" <lyihuang16@gmail.com>, "Dean Bogdanovic" <ivandean@gmail.com>
2016-10-13
08 Dean Bogdanović Uploaded new revision
2016-07-08
08 Dean Bogdanović New version available: draft-ietf-netmod-acl-model-08.txt
2016-06-27
07 Lou Berger Notification list changed to "Kent Watsen" <kwatsen@juniper.net>
2016-06-27
07 Lou Berger Document shepherd changed to Kent Watsen
2016-03-11
07 Lisa Huang New version available: draft-ietf-netmod-acl-model-07.txt
2015-12-09
06 Dean Bogdanović New version available: draft-ietf-netmod-acl-model-06.txt
2015-10-19
05 Dean Bogdanović New version available: draft-ietf-netmod-acl-model-05.txt
2015-10-19
04 Dean Bogdanović New version available: draft-ietf-netmod-acl-model-04.txt
2015-10-14
03 (System) Notify list changed from "Thomas Nadeau" <tnadeau@lucidvision.com> to (None)
2015-06-25
03 Lisa Huang New version available: draft-ietf-netmod-acl-model-03.txt
2015-05-22
02 Jürgen Schönwälder Notification list changed to "Thomas Nadeau" <tnadeau@lucidvision.com>
2015-05-22
02 Jürgen Schönwälder Document shepherd changed to Thomas Nadeau
2015-03-05
02 Dean Bogdanović New version available: draft-ietf-netmod-acl-model-02.txt
2015-02-06
01 Lisa Huang New version available: draft-ietf-netmod-acl-model-01.txt
2014-11-11
00 Lisa Huang New version available: draft-ietf-netmod-acl-model-00.txt