Object Groups

sidebar_position: 6

You can use object groups to specify source and destination addresses in IPv4 ACL and IPv6 ACL rules.

Diagram

Classes

route_control (vxlan.overlay_extensions)

Name	Type	Constraint	Mandatory	Default Value
ipv4_object_groups	List	`[ipv4_object_groups]`	No
ipv6_object_groups	List	`[ipv6_object_groups]`	No

ipv4_object_groups (vxlan.overlay_extensions.route_control)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[A-Za-z0-9-_]{1,63}$`	Yes
entries	List	`[entries]`	No

ipv6_object_groups (vxlan.overlay_extensions.route_control)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[A-Za-z0-9-_]{1,63}$`	Yes
entries	List	`[entries]`	No

entries (vxlan.overlay_extensions.route_control.ipv4_object_groups)

Name	Type	Constraint	Mandatory
seq_number	Integer	min: `1`, max: `4294967295`	Yes
host	IP		No
ip	IP		No

entries (vxlan.overlay_extensions.route_control.ipv6_object_groups)

Name	Type	Constraint	Mandatory
seq_number	Integer	min: `1`, max: `4294967295`	Yes
host	IP		No
ip	IP		No

Examples

Example-1

In this example, we will create an IPv4 object-group named: web_server. This group has three entries. The entry in the sequence number 10 defined one host 10.0.0.1. The second entry in sequence 20 defined other host 10.0.0.2. The last entry 30 defined a subnet 10.0.0.4/30

This object-group is used in group objgrps_RCtrlGrp, which is used in the switch netascode-leaf1.

object-group ip address web_server
  10 host 10.0.0.1
  20 host 10.0.0.2
  30 10.0.0.4/30

---
vxlan:
  overlay_extensions:
    route_control:
      ipv4_object_groups:
        - name: web_server
          entries:
            - seq_number: 10
              host: 10.0.0.1
            - seq_number: 20
              host: 10.0.0.2
            - seq_number: 30
              ip: 10.0.0.4/30
      groups:
        - name: objgrps_RCtrlGrp
          ipv4_object_groups:
            - name: web_server
      switches:
        - name: netascode-leaf1
          groups:
            - objgrps_RCtrlGrp

Then this object-group could be used in an ACL.

ip access-list acl-addgroup
  10 permit ip addrgroup web_server any

Example-2

In this example, we will create an IPv6 object-group named: web_server6. This group has three entries. The entry in the sequence number 10 defined one host 2001:db8::1. The second entry in sequence 20 defined other host 2001:db8::2. The last entry 30 defined a subnet 2001:db8::4/126

This object-group is used in group objgrps_RCtrlGrp, which is used in the switch netascode-leaf1.

object-group ipv6 address web_server6
  10 host 2001:db8::1
  20 host 2001:db8::2
  30 2001:db8::4/126

---
vxlan:
  overlay_extensions:
    route_control:
      ipv6_object_groups:
        - name: web_server6
          entries:
            - seq_number: 10
              host: 2001:db8::1
            - seq_number: 20
              host: 2001:db8::2
            - seq_number: 30
              ip: 2001:db8::4/126
      groups:
        - name: objgrps_RCtrlGrp
          ipv6_object_groups:
            - name: web_server6
      switches:
        - name: netascode-leaf1
          groups:
            - objgrps_RCtrlGrp