I’m trying to validate the case statement from a standard yang. In my case I want to allow only 10 ace rules for both cases(ace-ipv4 and ace-ipv6) and each case has two leaf nodes.
Yang Snippet:
container matches {
description
“Definitions for match criteria for this Access List
Entry.”;
choice ace-type {
description
“Type of access list entry.”;
case ace-ip {
description
“IP Access List Entry.”;
choice ace-ip-version {
description
“IP version used in this Acess List Entry.”;
case ace-ipv4 {
uses packet-fields:acl-ipv4-header-fields;
}
case ace-ipv6 {
uses packet-fields:acl-ipv6-header-fields;
}
I am able to handle validation for only one case using the following annotation:
tailf:annotate “/acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:matches” {
must “(count(/acl:access-lists/acl:acl/acl:access-list-entries/acl:ace[.]) <=10)” +
“and (count(/acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:matches/acl:destination-ipv4-network) <=10)” +
“and (count(/acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:matches/acl:source-ipv4-network) <=10)” +
“and (count(/acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:matches/acl:destination-ipv6-network) <=10)” +
“and (count(/acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:matches/acl:source-ipv6-network) <=10)” {
error-message “Exceeding limit”;
}
}
This is working fine for “ipv4 or ipv6” but I want to enable this for “ipv4 and ipv6” any suggestion?
I want to implement “(count(/acl:access-lists/acl:acl/acl:access-list-entries/acl:ace[.]) <=10)” check for ipv4 separately and ipv6 separately.
Can someone help understand how to validate both the cases?