Skip to content

Commit

Permalink
Update model
Browse files Browse the repository at this point in the history
  • Loading branch information
@rszarecki
rszarecki committed Nov 17, 2023
1 parent a6b7710 commit 29cb4e1
Showing 1 changed file with 145 additions and 118 deletions.
263 changes: 145 additions & 118 deletions release/models/acl/openconfig-acl.yang
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,13 @@ module openconfig-acl {
packets should be handled. Entries have a type that indicates
the type of match criteria, e.g., MAC layer, IPv4, IPv6, etc.";

oc-ext:openconfig-version "1.3.3";
oc-ext:openconfig-version "1.4.0";

revision "2023-11-17" {
description
"Add rate-limit and counter actions to ACL model";
reference "1.4.0";
}

revision "2023-02-06" {
description
Expand Down Expand Up @@ -228,19 +234,20 @@ module openconfig-acl {
counting, rate-limiting acl-set and it's entries";
}

identity CNTR_RL_NONE {
base CNTR_RL_SCOPE;
description " No counting, rate-limiting is applied for traffic matching
given ACL entry";
}
// [TODO rszarecki] Cleanup
// identity CNTR_RL_NONE {
// base CNTR_RL_SCOPE;
// description " No counting, rate-limiting is applied for traffic matching
// given ACL entry";
// }

identity CNTR_RL_TERM {
identity CNTR_RL_ENTRY_ATTACH {
base CNTR_RL_SCOPE;
description "The counter, rte-limit instance is created per (entry,
description "The counter, rate-limit instance is created per (entry,
acl-set, acl-set attachment point)";
}

identity CNTR_RL_ACL_SET {
identity CNTR_RL_ACL_SET_ATTACH {
base CNTR_RL_SCOPE;
description
"The counter, rte-limit instance is created per (
Expand All @@ -249,7 +256,7 @@ module openconfig-acl {
counter, rate-limit is provided";
}

identity CNTR_RL_ATTACHMENT {
identity CNTR_RL_ATTACH {
base CNTR_RL_SCOPE;
description
"The counter, rte-limit instance is created per acl-set attachment point.
Expand All @@ -259,6 +266,22 @@ module openconfig-acl {
counter, rate-limit is provided";
}

identity CNTR_RL_ENTRY {
base CNTR_RL_SCOPE;
description "The counter, rate-limit instance is created per (entry,
acl-set). Hence it aggregates acroll all attachment points of given
asl-set";
}

identity CNTR_RL_ACL_SET {
base CNTR_RL_SCOPE;
description
"The counter, rte-limit instance is created per (
acl-set). For all entries of same acl-set
referencing same counter name or rate-limit name in action, shared
counter, rate-limit is provided";
}

identity CNTR_RL_SYSTEM {
base CNTR_RL_SCOPE;
description
Expand Down Expand Up @@ -368,8 +391,8 @@ module openconfig-acl {
must be specified for each ACL entry";
}

continer rate-limit {
description: "";
container rate-limit {
description "attachment point for rate limit action";
leaf name {
description "name of rate limit to be applied";
mandatory true;
Expand All @@ -388,7 +411,7 @@ module openconfig-acl {
reason for shared rate-limit is INTEGRATED_CIRCUIT resource
conservation.
Default value .";
defult CNTR_RL_TERM;
defult CNTR_RL_ENTRY_ATTACH;
type identityref {
base CNTR_RL_SCOPE;
}
Expand Down Expand Up @@ -423,18 +446,23 @@ module openconfig-acl {
packet.";
}

//leaf traffic-group {
// description "";
// leafref ; TODO_RJS
//}

container counter {
description "";
leaf name {
description "Name of counter; for counters of CNTR_RL_TERM scoper
can be omitted and if specified shallbe ignored.
";
type string;
// [TODO rszarecki] Cleanup. Not needed.
// leaf name {
// description "Name of counter; for counters of CNTR_RL_ENTRY_ATTACH scope
// can be omitted and if specified shallbe ignored.
// ";
// type string;
// }

leaf enabled {
descriptyoon
"Controls if counters are instantiated at all. May be usfull for
hardware resource control";
type boolean;
// default of TRUE allows for backward compatibility
default TRUE;
}

leaf scope {
Expand All @@ -443,7 +471,7 @@ module openconfig-acl {
of packet form multiple terms of multiple filters. Primary reason for
shared counters is INTEGRATED_CIRCUIT resource conservation.
Default value disables counting.";
default CNTR_RL_NONE;
default CNTR_RL_ENTRY_ATTACH;
identityref {
base CNTR_RL_SCOPE;
}
Expand Down Expand Up @@ -757,28 +785,21 @@ module openconfig-acl {
}
}

grouping interface-acl-entries-config {
grouping interface-acl-entries-rl-state {
description
"Configuration data for per-interface ACLs";
leaf rate-limit-name{
description "";
type string;
}

leaf forwarding-action {
description "";
type identityref {
base FORWARDING_ACTION;
}
}

leaf rate-limit-scope{
description "";
type identityref {
base CNTR_RL_SCOPE;
}
default CNTR_RL_ENTRY_ATTACH;
}

}

grouping interface-acl-entries-state {
Expand All @@ -797,6 +818,14 @@ module openconfig-acl {
interface";
}

leaf forwarding-action {
description "";
type identityref {
base FORWARDING_ACTION;
}
}

uses interface-acl-entries-rl-state;
uses acl-counters-state;

}
Expand Down Expand Up @@ -833,7 +862,6 @@ module openconfig-acl {
description
"Operational state data for per-interface ACL entries";

uses interface-acl-entries-config;
uses interface-acl-entries-state;
}
}
Expand Down Expand Up @@ -1081,95 +1109,95 @@ module openconfig-acl {
type identityref {
base RL_TYPE;
}
leaf cir {
type uint64;
units bps;
description
"Committed information rate for commited token
bucket. This value represents the rate at which
tokens are added to the commited bucket.";
}
leaf cbs {
type uint32;
units bytes;
}
leaf cir {
type uint64;
units bps;
description
"Committed information rate for commited token
bucket. This value represents the rate at which
tokens are added to the commited bucket.";
}
leaf cbs {
type uint32;
units bytes;
description
"Committed burst size for the commited token bucket.
This value represents the depth of the token
bucket.";
}
leaf pir {
type uint64;
units bps;
description
"Peak information rate for commited token
bucket. This value represents the rate at which
tokens are added to the commited bucket.
The rate-limit/type must be RL_2R3C";
}
leaf pbs {
type uint32;
units bytes;
description
"Peak burst size for the peak token bucket.
This value represents the depth of the token
bucket.
The rate-limit/type must be RL_2R3C";
}
container conform-action {
description
"Action to be applied to the packets that are served within the CIR
of the policer.
All packets that receive a token from this commited bucket have
all actions specified applied to them";
leaf forwarding-action {
type identityref {
base FORWARDING_ACTION;
}
mandatory true;
default ACCEPT;
description
"Committed burst size for the commited token bucket.
This value represents the depth of the token
bucket.";
"Specifies the forwarding action. Only one forwarding action
can be specified. Only ACCEPT, REJECT or DENY acions are allowed";
}
leaf pir {
type uint64;
units bps;
uses action-modifier-config;
}
container exceed-action {
description
"Action to be applied to the packets that are served above CIR but,
if rate-limit type is RL_2R3C, within the PIR of the policer.
All packets that do not receive token from commited bucket and
receive a token from peak bucket have all actions specified
applied to them";
leaf forwarding-action {
type identityref {
base FORWARDING_ACTION;
}
mandatory true;
default ACCEPT;
description
"Peak information rate for commited token
bucket. This value represents the rate at which
tokens are added to the commited bucket.
The rate-limit/type must be RL_2R3C";
"Specifies the forwarding action. Only one forwarding action
can be specified. Only ACCEPT, REJECT or DENY acions are allowed";
}
leaf pbs {
type uint32;
units bytes;
description
"Peak burst size for the peak token bucket.
This value represents the depth of the token
bucket.
uses action-modifier-config;
}
container violate-action {
description
"Action to be applied to the packets that are served above PIR
of the policer.
All packets that receive a token from this peak bucket have
all actions specified applied to them.
The rate-limit/type must be RL_2R3C";
}
container conform-action {
description
"Action to be applied to the packets that are served within the CIR
of the policer.
All packets that receive a token from this commited bucket have
all actions specified applied to them";
leaf forwarding-action {
type identityref {
base FORWARDING_ACTION;
}
mandatory true;
default ACCEPT;
description
"Specifies the forwarding action. Only one forwarding action
can be specified. Only ACCEPT, REJECT or DENY acions are allowed";
}
uses action-modifier-config;
}
container exceed-action {
description
"Action to be applied to the packets that are served above CIR but,
if rate-limit type is RL_2R3C, within the PIR of the policer.
All packets that do not receive token from commited bucket and
receive a token from peak bucket have all actions specified
applied to them";
leaf forwarding-action {
type identityref {
base FORWARDING_ACTION;
}
mandatory true;
default ACCEPT;
description
"Specifies the forwarding action. Only one forwarding action
can be specified. Only ACCEPT, REJECT or DENY acions are allowed";
leaf forwarding-action {
type identityref {
base FORWARDING_ACTION;
}
uses action-modifier-config;
}
container violate-action {
default ACCEPT;
description
"Action to be applied to the packets that are served above PIR
of the policer.
All packets that receive a token from this peak bucket have
all actions specified applied to them.
The rate-limit/type must be RL_2R3C";
leaf forwarding-action {
type identityref {
base FORWARDING_ACTION;
}
default ACCEPT;
description
"Specifies the forwarding action. Only one forwarding action
can be specified. Only ACCEPT, REJECT or DENY acions are allowed";
}
uses action-modifier-config;
"Specifies the forwarding action. Only one forwarding action
can be specified. Only ACCEPT, REJECT or DENY acions are allowed";
}
uses action-modifier-config;
}
}

Expand All @@ -1182,7 +1210,7 @@ module openconfig-acl {
list rate-limit{
description
"";
key: "name"
key "name";
leaf name {
type leafref {
path "../config/name";
Expand All @@ -1198,8 +1226,7 @@ module openconfig-acl {
"";
uses rate-limit-config;
}
};

}
}
}

Expand Down

0 comments on commit 29cb4e1

Please sign in to comment.