Configuration to control ACL set/entry counter allocation

[nokia1adam]

This code is a Contribution to the OpenConfig Public project (“Work”) made under the Google Software Grant and Corporate Contributor License Agreement (“CLA”) and governed by the Apache License 2.0. No other rights or licenses in or to any of Nokia’s intellectual property are granted for any other purpose. This code is provided on an “as is” basis without any warranties of any kind.

Change Scope

At present, the allocation of system resources needed to provide counters for packets matching ACL entries cannot be controlled through configuration. This PR aims to fill this gap by introducing the following new paths: acl/acl-sets/acl-set/config/counter acl/acl-sets/acl-set/state/counter acl/acl-sets/acl-set/acl-entries/acl-entry/config/counter acl/acl-sets/acl-set/acl-entries/acl-entry/state/counter

The permitted values are: NONE, INTERFACE_ONLY, AGGREGATE_ONLY and INTERFACE_AGGREGATE. These are the same values as supported by the existing ACL_COUNTER_CAPABILITY except now NONE has been added as well, in order to allow the operator to disable stats collection for specific ACL sets or ACL entries in order to conserve limited resources.

The description for /acl/state/counter-capability has been amended to recommend that no value should be returned in state if the support of counters is not uniformly configured for all ACL sets and all ACL entries.

Implementations

Many vendors support some form of configuration control for ACL counters. Arista: https://www.arista.com/en/um-eos/eos-acls-and-route-maps Nokia: https://documentation.nokia.com/srlinux/24-3/books/acl-policy-based-routing/access-control-lists.html