Configuration to control ACL set/entry counter allocation #1122
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This code is a Contribution to the OpenConfig Public project (“Work”) made under the Google Software Grant and Corporate Contributor License Agreement (“CLA”) and governed by the Apache License 2.0. No other rights or licenses in or to any of Nokia’s intellectual property are granted for any other purpose. This code is provided on an “as is” basis without any warranties of any kind.
Change Scope
At present, the allocation of system resources needed to provide counters for packets matching ACL entries cannot be controlled through configuration. This PR aims to fill this gap by introducing the following new paths:
acl/acl-sets/acl-set/config/counter
acl/acl-sets/acl-set/state/counter
acl/acl-sets/acl-set/acl-entries/acl-entry/config/counter
acl/acl-sets/acl-set/acl-entries/acl-entry/state/counter
The permitted values are: NONE, INTERFACE_ONLY, AGGREGATE_ONLY and INTERFACE_AGGREGATE. These are the same values as supported by the existing ACL_COUNTER_CAPABILITY except now NONE has been added as well, in order to allow the operator to disable stats collection for specific ACL sets or ACL entries in order to conserve limited resources.
The description for /acl/state/counter-capability has been amended to recommend that no value should be returned in state if the support of counters is not uniformly configured for all ACL sets and all ACL entries.
Implementations
Many vendors support some form of configuration control for ACL counters.
Arista: https://www.arista.com/en/um-eos/eos-acls-and-route-maps
Nokia: https://documentation.nokia.com/srlinux/24-3/books/acl-policy-based-routing/access-control-lists.html