Various markups identified in review.

joemarshallmsft · joemarshallmsft · commit c35502a148fe · 2024-02-21T17:21:30.000Z
diff --git a/articles/operator-nexus/TOC.yml b/articles/operator-nexus/TOC.yml
@@ -22,10 +22,12 @@
           href: concepts-network-fabric-controller.md
         - name: Network Fabric Services
           href: concepts-network-fabric-services.md
+        - name: Access Control Lists
+          href: concepts-access-control-lists.md
     - name: Nexus Kubernetes
       href: concepts-nexus-kubernetes-cluster.md
     - name: Observability
-      href: concepts-observability.md 
+      href: concepts-observability.md
     - name: Security
       href: concepts-security.md
     - name: Control Plane Resiliency
@@ -55,7 +57,7 @@
         - name: Use Bicep file
           href: quickstarts-virtual-machine-deployment-bicep.md
         - name: Use Azure PowerShell
-          href: quickstarts-virtual-machine-deployment-ps.md 
+          href: quickstarts-virtual-machine-deployment-ps.md
 - name: How-To Guides
   items:
     - name: Operator Nexus Instance Deployment and Upgrade
@@ -93,12 +95,12 @@
         - name: Network Fabric
           expanded: false
           items:
-          - name: Isolation Domain
-            href: howto-configure-isolation-domain.md
-          - name: Network Fabric Route Policy
-            href: how-to-route-policy.md  
-          - name: Network Packet Broker
-            href: howto-configure-network-packet-broker.md
+            - name: Isolation Domain
+              href: howto-configure-isolation-domain.md
+            - name: Network Fabric Route Policy
+              href: how-to-route-policy.md
+            - name: Network Packet Broker
+              href: howto-configure-network-packet-broker.md
     - name: Nexus Kubernetes cluster
       expanded: false
       items:
@@ -211,3 +213,10 @@
       href: reference-near-edge-storage.md
     - name: Limits & quotas
       href: reference-limits-and-quotas.md
+    - name: Access Control Lists
+      expanded: false
+      items:
+        - name: Access Control List configuration
+          href: reference-acl-configuration.md
+        - name: Access Control List configuration examples
+          href: reference-acl-examples.md
diff --git a/articles/operator-nexus/concepts-access-control-lists.md b/articles/operator-nexus/concepts-access-control-lists.md
@@ -31,7 +31,7 @@ ACLs can be either static or dynamic. Static ACLs are processed in order, beginn
 
 ACLs can be applied to Network to Network interconnect (NNI) or External Network resources. An NNI is a child resource of a Network Fabric. ACLs can be created and linked to an NNI before the Network Fabric is provisioned. ACLs can be updated or deleted after the Network Fabric is deprovisioned.
 
-This table summarises the resources that can be associated with an ACL:
+This table summarizes the resources that can be associated with an ACL:
 
 
 | Resource Name                         | Supported                            | Default               |
@@ -40,7 +40,7 @@ This table summarises the resources that can be associated with an ACL:
 | Isolation Domain                      | Yes on External Network with optionA | NA                    |
 | Network to network interconnect(NNI) | Yes                                  | NA                    |
 
-## Traffic Policy
+## Traffic policy
 
 A traffic policy is a set of rules that control the flow of packets in and out of a network interface. This section explains the match criteria and actions available for distinct types of network resources.
 
diff --git a/articles/operator-nexus/reference-acl-configuration.md b/articles/operator-nexus/reference-acl-configuration.md
@@ -28,7 +28,7 @@ A traffic policy MATCHING CONFIGURATION defines the conditions and parameters fo
 
 -   **dscp**: the differentiated services code point (DSCP) value in the IP header.
 
-## Example Match Conditions
+## Example match conditions
 
 -   **Match on source and destination IP prefixes**: You can use the source prefix and destination prefix conditions to match on the IP addresses of a packet. For example, `source prefix 10.0.0.0/24` matches any packet with a source IP address in the range of 10.0.0.0 to 10.0.0.255. You can also use the longest prefix option to match the most specific prefix. For example, `destination longest-prefix 10.0.0.0/24 10.0.0.128/25` will match any packet with a destination IP address in the range of 10.0.0.128 to 10.0.0.255, but not 10.0.0.0. to 10.0.0.127.
 
diff --git a/articles/operator-nexus/reference-acl-examples.md b/articles/operator-nexus/reference-acl-examples.md
@@ -10,7 +10,9 @@ ms.date: 02/09/2024
 
 # Access Control List Creation and Configuration Examples
 
-## Overview of the ACL Create Flow
+This article gives examples of how to create and update Access Control Lists (ACLS).
+
+## Overview of the ACL create flow
 
 Creating an Access Control List (ACL) associated with a Network-to-Network Interconnect (NNI) involves these steps:
 
@@ -22,7 +24,7 @@ Creating an Access Control List (ACL) associated with a Network-to-Network Inter
 
 -   Provision the Network Fabric resource using the `az networkfabric fabric provision` command. This generates the base configuration and the dynamic match configuration for the ACLs and sends them to the devices.
 
-## Overview of the ACL Update Flow
+## Overview of the ACL update flow
 
 -   Create ingress and egress ACL resources using `az networkfabric acl create` as described in the previous section.
 
@@ -42,7 +44,7 @@ This example shows you how to create an NNI with two ACLs - one for ingress and
 
 The ACLs must be applied before provisioning the Network Fabric. This limitation is temporary and will be removed in future release. The ingress and egress ACLs are created before the NNI resource and referenced when the NNI is created, which also triggers the creation of the ACLs. This configuration must be done before provisioning the network fabric.
 
-#### Create Ingress ACL: Example Command
+#### Create ingress ACL: example command
 
 ```azurecli
 az networkfabric acl create \
@@ -55,7 +57,7 @@ az networkfabric acl create \
     --match-configurations "[{matchConfigurationName:'example-match',sequenceNumber:123,ipAddressType:IPv4,matchConditions:[{etherTypes:['0x1'],fragments:['0xff00-0xffff'],ipLengths:['4094-9214'],ttlValues:[23],dscpMarkings:[32],portCondition:{flags:[established],portType:SourcePort,layer4Protocol:TCP,ports:['1-20']},protocolTypes:[TCP],vlanMatchCondition:{vlans:['20-30'],innerVlans:[30]},ipCondition:{type:SourceIP,prefixType:Prefix,ipPrefixValues:['10.20.20.20/12']}}],actions:[{type:Count,counterName:'example-counter'}]}]"
 ```
 
-#### Create Egress ACL: Example Command
+#### Create egress ACL: example command
 
 ```azurecli
 az networkfabric acl create \
@@ -68,7 +70,7 @@ az networkfabric acl create \
     --dynamic-match-configurations "[{ipGroups:[{name:'example-ipGroup',ipAddressType:IPv4,ipPrefixes:['10.20.3.1/20']}],vlanGroups:[{name:'example-vlanGroup',vlans:['20-30']}],portGroups:[{name:'example-portGroup',ports:['100-200']}]}]"
 ```
 
-### Access Control List on an Isolation Domain External Network
+### Access Control List on an isolation domain external network
 
 Use the `az networkfabric acl create` command to create ingress and egress ACLs for the external network. In the example, we specify the resource group, name, location, network fabric ID, external network ID, and other parameters. You can also specify the match conditions and actions for the ACL rules using the `--match` and `--action` parameters.
 
