Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[minigraph parser] Fix minigraph parser issue when handling LAG related ACL table configuration #1609

Merged
merged 2 commits into from
May 10, 2018

Conversation

keboliu
Copy link
Collaborator

@keboliu keboliu commented Apr 17, 2018

- What I did

Fix minigraph parser issue when handling LAG related case for ACL table:

  1. Previously when attach ACL to a LAG port, it will break the LAG into member ports and then add all these member ports to the ACL table, correct way shall add LAG interface direcly to ACL table.
  2. When handling 'erspan' table, it just add all the front panel interfaces to the ACL table, but in some topo like T1-LAG, some front panel interfaces already added to LAG port, attach ACL to these front panel ports will fail.
  3. Give a warning when detected trying to attach ACL to LAG member interface
  4. Update the "test_minigraph_acl" test expectation in test_cfggen.py

- How I did it

  1. Stop breaking LAG port into member ports when in the case to attach ACL to LAG port.
  2. When handling 'erspan' table, if front panel port already been added to LAG, add the LAG instead of the front panel port.
  3. Raise warning against configuration that attach ACL to LAG member interface.

- How to verify it

sonic-cfggen test during build.
run ACL and Everflow test on different topo.

- Description for the changelog

Changes to be committed:
modified: src/sonic-config-engine/minigraph.py
modified: src/sonic-config-engine/tests/test_cfggen.py

signed-off-by [email protected]

- A picture of a cute animal (not mandatory but encouraged)

…guration

  Changes to be committed:
	modified:   src/sonic-config-engine/minigraph.py
	modified:   src/sonic-config-engine/tests/test_cfggen.py

  signed-off-by [email protected]
elif vlans.has_key(member):
print >> sys.stderr, "Warning: ACL " + aclname + " is attached to a Vlan interface, which is currently not supported"
elif port_alias_map.has_key(member):
acl_intfs.append(port_alias_map[member])
# Give a warning if trying to attach ACL to a LAG member interface, correct way is to attach ACL to the LAG interface
if port_alias_map[member] in intfs_inpc:
print >> sys.stderr, "Warning: ACL " + aclname + " is attached to a LAG member interface " + port_alias_map[member] + ", shall attach to the LAG interface"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you rephrase this to something like below:

Warning: ACL DATAACL is attached to a LAG "member interface" Ethernet112, instead of LAG interface

Current message appears less understandable.

Warning: ACL DATAACL is attached to a LAG member interface Ethernet112, shall attach to the LAG interface

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rephrased the warning message.

@prsunny
Copy link
Contributor

prsunny commented Apr 23, 2018

Parser code changes looks fine to me. However, in some iterations of the test, it was observed ACL table creation failed if port-channel interface is not created by then. Suggest to handle this scenario by subscribing to STATE DB and create ACL Table when port-channel interfaces are created.

Apr 23 20:58:58.383154 str-z9100-acs-2 ERR orchagent: :- processPorts: Failed to process port. Port PortChannel0001 doesn't exist
Apr 23 20:58:58.383505 str-z9100-acs-2 ERR orchagent: :- doAclTableTask: Failed to process table ports for table DATAACL
Apr 23 20:58:58.383505 str-z9100-acs-2 ERR orchagent: :- doAclTableTask: Failed to create ACL table. Table configuration is invalid
Apr 23 20:58:58.383505 str-z9100-acs-2 ERR orchagent: :- processPorts: Failed to process port. Port PortChannel0001 doesn't exist
Apr 23 20:58:58.383505 str-z9100-acs-2 ERR orchagent: :- doAclTableTask: Failed to process table ports for table EVERFLOW
Apr 23 20:58:58.383950 str-z9100-acs-2 ERR orchagent: :- doAclTableTask: Failed to create ACL table. Table configuration is invalid

@keboliu
Copy link
Collaborator Author

keboliu commented Apr 24, 2018

@prsunny agree need to handle the case that portchannel interface go up later than ACL Table loaded.

@keboliu
Copy link
Collaborator Author

keboliu commented Apr 25, 2018

@prsunny @lguohan for the port-channel interface creation later than ACL table load case, do you think should also go to this PR or a separated PR?

@prsunny
Copy link
Contributor

prsunny commented Apr 25, 2018

You may have to make changes in sonic-swss for handling this case. IMO, that will be a separate PR and once ready, the two PRs can be merged along with submodule update.

@liatgrozovik
Copy link

The last comment was handled in sonic-net/sonic-swss#494

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants