Access List (ACL) model, compatible with existing network implementations

Plugin must operate with adequate abstractions like network groups, and not only existing IPs/prefixes, but with other masking types existing in software.

It must represent real scenarios for most type of ACLs in different parts of infrastructure.

Resulted ACLs must be assignable to different part of infrastructure:

To Site
To VLAN
To Device
To Prefix?
To VM
To Device/VM interface
To tags

This way, different usage scenarios can use same interface, filtering their own target objects.

Use case Network (L3) ACL modeling and provisioning (over API or config rendering). For reference, examples of ACL models, used by our networking and hypervisors teams: Cisco Object Groups Huawei Security Groups OpenStack Security Groups vSphere Security Groups
Open items List of initial modeling targets Decomposition to granular objects, that can be rendered in universal readable formats (table?) Ways to connect objects to each other Ways to assign ACL to basic Netbox objects (multiple selectors similar to Config Context?) Ways to render assigned ALC and correspondent configs

Attach files

Enter a subject

Daniel Anner

Reply
| Jun 13, 2023

Is this netbox-acl plugin suitable for your idea? Maybe you could pose any additions/modifications to Ryan if it is missing something

2 replies Hide replies

NetBox | Plugins | GitHub

Please enter your email address

RELATED IDEAS

Access List (ACL) model, compatible with existing network implementations