[Feature]: Add a way to represent group abstraction in ACLs #147
Labels
enhancement
New feature or request
Comments
|
Thanks for opening this Issue! We really appreciate the feedback & testing from users like you! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
NetBox version
v3.5.3
Feature type
New Model to plugin
Proposed functionality
Add (Security? Object?) Group model, that represent nested abstractions, allowing to describe ACLs, that linked to multiple VLANS/prefixes/IPs.
Use case
Network (L3) ACL modeling and provisioning (over API or config rendering).
For reference, examples of ACL models, used by our networking and hypervisors teams:
Cisco Object Groups
Huawei Security Groups
OpenStack Security Groups
vSphere Security Groups
We have ~50 groups, mainly formed by prefix grouping (Network object group), most of them joined to higher-level groups (like Site.Computers, AllSites.Computers). And more than 100 port/service groups (Service object group in Cisco, Security Group in Paloalto/Checkpoint).
We'd like to use Source-of-Truth approach to store them and adopt actual device-dependent syntaxis on external level (Ansible or our own python scripts). Also, we'd like to query stored rules over GraphQL to have table representation of actual rules in our Wiki.
Rules on initial level devices (~10k items) bumping limits of 32/64 pre-device, so assign or change them on each device using UI is impossible task. That's why assigning them by site (groups), device/port roles or tags have most sense.
But knowing about rule of thumb, I'll open another FR, if plugin author willing to deal with current request.
External dependencies
No response
The text was updated successfully, but these errors were encountered: