-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue. #17281
Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue. #17281
Conversation
Created UT for this change: sonic-net/sonic-mgmt#10842 |
@@ -94,6 +94,11 @@ iface {{ name }} {{ 'inet' if prefix | ipv4 else 'inet6' }} static | |||
{% for route in MGMT_INTERFACE[(name, prefix)]['forced_mgmt_routes'] %} | |||
pre-down ip rule delete pref 32764 to {{ route }} table {{ vrf_table }} | |||
{% endfor %} | |||
{% if prefix | ipv6 and vrf_table == 'default'%} | |||
# IPV6 default table not add to lookup by default, management server need this to access IPV6 address when BGP shutdown | |||
up ip -6 rule add pref 32767 lookup {{ vrf_table }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The number is based on IPV4 default route table priority:
admin@vlab-01:~$ ip -4 rule list
1001: from all lookup local
32764: from all to 172.17.0.1/24 lookup default
32765: from 10.250.0.101 lookup default
32766: from all lookup main
32767: from all lookup default
The default route table need have lowest priority so when can' find route from 'local' and 'main' table the rules from 'default' table will be use.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems we need to define a named constant for 32764, and +3 here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
@prsunny Could you review this PR? |
@@ -42,6 +42,9 @@ iface eth0 inet6 static | |||
pre-down ip -6 route delete default via 2603:10e2:0:2902::1 dev eth0 table default | |||
pre-down ip -6 route delete 2603:10e2:0:2902::/64 dev eth0 table default | |||
pre-down ip -6 rule delete pref 32765 from 2603:10e2:0:2902::8/128 table default | |||
# IPV6 default table not add to lookup by default, management server need this to access IPV6 address when BGP shutdown | |||
up ip -6 rule add pref 32767 lookup default |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you please move this to 'up' section - line 40
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed
@@ -57,6 +57,9 @@ iface eth1 inet6 static | |||
pre-down ip -6 route delete default via 2603:10e2:0:abcd::1 dev eth1 table default | |||
pre-down ip -6 route delete 2603:10e2:0:abcd::/64 dev eth1 table default | |||
pre-down ip -6 rule delete pref 32765 from 2603:10e2:0:abcd::8/128 table default | |||
# IPV6 default table not add to lookup by default, management server need this to access IPV6 address when BGP shutdown | |||
up ip -6 rule add pref 32767 lookup default |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same here. please keep 'up' and 'pre-down' separate
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed
hi @liuh-80 could you help to run test on 202305 image with this PR? We'd like to avoid regression at this stage. |
…lt' route table does not add to route lookup issue. (sonic-net#17281) Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue. #### Why I did it When device set with IPV6 TACACS server address, and shutdown all BGP, device can't connect to TACACS server via management interface. After investigation, I found the IPV6 'default' route table does not add to route lookup: admin@vlab-01:~$ ip -6 rule list 1001: from all lookup local 32765: from fec0::ffff:afa:1 lookup default 32766: from all lookup main admin@vlab-01:~$ As compare: admin@vlab-01:~$ ip -4 rule list 1001: from all lookup local 32764: from all to 172.17.0.1/24 lookup default 32765: from 10.250.0.101 lookup default 32766: from all lookup main 32767: from all lookup default <== 'default' route table exist in IPV4 route lookup Issue fix by add 'default' route table to route lookup with following command: admin@vlab-01:~$ sudo ip -6 rule add pref 32767 lookup default admin@vlab-01:~$ ip -6 rule list 1001: from all lookup local 32765: from fec0::ffff:afa:1 lookup default 32766: from all lookup main 32767: from all lookup default <== 'default' route table been added to IPV6 route lookup admin@vlab-01:~$ ##### Work item tracking - Microsoft ADO: 25798732 #### How I did it When management interface using 'default' route table, add 'default' route table to IPV6 route lookup. #### How to verify it Pass all UT. Add new UT to cover this change. Manually verify issue fixed: ### Tested branch (Please provide the tested image version) - [x] master-17281.417570-2133d58fa #### Description for the changelog Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue.
@StormLiangMS , I verified with SONiC.202305-17658.446964-c9b5bb179, after cherry-pick, the issue fixed: admin@vlab-01:~$ ip -6 rule list |
…lt' route table does not add to route lookup issue. (sonic-net#17281) Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue. #### Why I did it When device set with IPV6 TACACS server address, and shutdown all BGP, device can't connect to TACACS server via management interface. After investigation, I found the IPV6 'default' route table does not add to route lookup: admin@vlab-01:~$ ip -6 rule list 1001: from all lookup local 32765: from fec0::ffff:afa:1 lookup default 32766: from all lookup main admin@vlab-01:~$ As compare: admin@vlab-01:~$ ip -4 rule list 1001: from all lookup local 32764: from all to 172.17.0.1/24 lookup default 32765: from 10.250.0.101 lookup default 32766: from all lookup main 32767: from all lookup default <== 'default' route table exist in IPV4 route lookup Issue fix by add 'default' route table to route lookup with following command: admin@vlab-01:~$ sudo ip -6 rule add pref 32767 lookup default admin@vlab-01:~$ ip -6 rule list 1001: from all lookup local 32765: from fec0::ffff:afa:1 lookup default 32766: from all lookup main 32767: from all lookup default <== 'default' route table been added to IPV6 route lookup admin@vlab-01:~$ ##### Work item tracking - Microsoft ADO: 25798732 #### How I did it When management interface using 'default' route table, add 'default' route table to IPV6 route lookup. #### How to verify it Pass all UT. Add new UT to cover this change. Manually verify issue fixed: ### Tested branch (Please provide the tested image version) - [x] master-17281.417570-2133d58fa #### Description for the changelog Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue.
Cherry-pick PR to 202305: #17676 |
ix IPV6 forced-mgmt-route not work issue Why I did it IPV6 forced-mgmt-route not work When add a IPV6 route, should use 'ip -6 rule add pref 32764 address' command, but currently in the template the '-6' parameter are missing, so the IPV6 route been add to IPV4 route table. Also this PR depends on #17281 , which will fix the IPV6 'default' route table missing in IPV6 route lookup issue. Microsoft ADO (number only):24719238
Signed-off-by: nonodark <[email protected]> Squashed commit of the following: commit 335ebaa Author: mssonicbld <[email protected]> Date: Wed Jan 24 16:35:00 2024 +0800 [submodule] Update submodule sonic-platform-daemons to the latest HEAD automatically (sonic-net#17891) src/sonic-platform-daemons ``` * 824c20a - (HEAD -> 202305, origin/202305) Support 800G ifname in xcvrd (sonic-net#420) (20 hours ago) [Anoop Kamath] ``` commit 78e211c Author: mssonicbld <[email protected]> Date: Sun Jan 21 16:32:35 2024 +0800 [submodule] Update submodule sonic-utilities to the latest HEAD automatically (sonic-net#17868) src/sonic-utilities ``` * 83a548de - (HEAD -> 202305, origin/202305) Disable Key Validation feature during sonic-installation for Cisco Platforms (sonic-net#3115) (22 hours ago) [selvipal] ``` commit 5d30151 Author: mssonicbld <[email protected]> Date: Sat Jan 20 16:32:45 2024 +0800 [submodule] Update submodule sonic-snmpagent to the latest HEAD automatically (sonic-net#17863) src/sonic-snmpagent ``` * 6f59d29 - (HEAD -> 202305, origin/202305) Fix SNMP dropping some of the queue counter when create_only_config_db_buffers is set to true (sonic-net#303) (sonic-net#309) (33 minutes ago) [mssonicbld] ``` commit 208c170 Author: mssonicbld <[email protected]> Date: Sat Jan 20 04:32:37 2024 +0800 [submodule] Update submodule sonic-snmpagent to the latest HEAD automatically (sonic-net#17859) src/sonic-snmpagent ``` * 2efaf2e - (HEAD -> 202305, origin/202305) Revert "[action] [PR:303] Fix SNMP dropping some of the queue counter when create_only_config_db_buffers is set to true (sonic-net#303)" (sonic-net#308) (4 minutes ago) [StormLiangMS] ``` commit 306175b Author: Saikrishna Arcot <[email protected]> Date: Fri Jan 19 03:16:04 2024 -0800 dhcrelay: Don't look up the ifindex for the fallback interface (sonic-net#17797) (sonic-net#17840) Currently, whenever isc-dhcp-relay forwards a packet upstream, internally, it will try to send it on a "fallback" interface. My understanding is that this isn't meant to be a real interface, but instead is basically saying to use Linux's regular routing stack to route the packet appropriately (rather than having isc-dhcp-relay specify specifically which interface to use). The problem is that on systems with a weak CPU, a large number of interfaces, and many upstream servers specified, this can introduce a noticeable delay in packets getting sent. The delay comes from trying to get the ifindex of the fallback interface. In one test case, it got to the point that only 2 packets could be processed per second. Because of this, dhcrelay will easily get backlogged and likely get to a point where packets get dropped in the kernel. Fix this by adding a check saying if we're using the fallback interface, then don't try to get the ifindex of this interface. We're never going to have an interface named this in SONiC. Signed-off-by: Saikrishna Arcot <[email protected]> commit fc7a1ac Author: mssonicbld <[email protected]> Date: Fri Jan 19 18:36:00 2024 +0800 [submodule] Update submodule sonic-snmpagent to the latest HEAD automatically (sonic-net#17853) src/sonic-snmpagent ``` * b0a4bcc - (HEAD -> 202305, origin/202305) Set the execute bit on sysDescr_pass.py (sonic-net#306) (22 hours ago) [Andre Kostur] ``` commit 30b1f05 Author: mssonicbld <[email protected]> Date: Fri Jan 19 16:34:55 2024 +0800 [submodule] Update submodule linkmgrd to the latest HEAD automatically (sonic-net#17851) src/linkmgrd ``` * f5e9b54 - (HEAD -> 202305, origin/202305) [CodeQL] fix unmet build dependency (sonic-net#222) (10 hours ago) [Jing Zhang] * 2282cc5 - [active-standby] Probe the link in suspend timeout (sonic-net#235) (22 hours ago) [Longxiang Lyu] ``` commit 66ce739 Author: mssonicbld <[email protected]> Date: Fri Jan 19 16:34:46 2024 +0800 [submodule] Update submodule sonic-utilities to the latest HEAD automatically (sonic-net#17855) src/sonic-utilities ``` * 93c42272 - (HEAD -> 202305, origin/202305) [chassis]: Support show ip bgp summary to display without error when no external neighbors are configured on chassis LC (sonic-net#3099) (22 hours ago) [Arvindsrinivasan Lakshmi Narasimhan] ``` commit 076b6c3 Author: zitingguo-ms <[email protected]> Date: Fri Jan 19 14:56:01 2024 +0800 upgrade xgs SAI to 8.4.39.2 (sonic-net#17842) Why I did it Upgrade the xgs SAI version to 8.4.39.2 to include the following fix: 8.4.36.0: [submodule upgrade] [SAI_BRANCH rel_ocp_sai_8_4] SID: SDK-381039 Cosq control dynamic type changes 8.4.37.0: SID: MMU cosq control configuration with Dynamic Type Check 8.4.38.0: [sbumodule upgrade] [CSP 0001232212][SAI_BRANCH rel_ocp_sai_8_4]back-porting SONIC-82415 to SAI 8.4 8.4.39.0: [CSP CS00012320979] Port SONIC-81867 sai spec compliance for get SAI_SWITCH_ATTR_SWITCH_HARDWARE_INFO 8.4.39.1: changes for phy-re-init of 40G ports for TH platforms CS00012327470 8.4.39.2: fix capability for Hostif queue by change SET operation of SAI_HOSTIF_ATTR_QUEUE to be true Work item tracking Microsoft ADO (number only): 26491005 How I did it Upgrade xgs SAI version in sai.mk file. How to verify it Run basic SONiC test using SAI release pipeline, all cases passed. https://dev.azure.com/mssonic/internal/_build/results?buildId=457869&view=results commit 6d767e5 Author: abdosi <[email protected]> Date: Thu Jan 18 20:53:26 2024 -0800 [chassis] Support advertisement of Loopback0 of all LC's across all e-BGP peers in TSA mode (sonic-net#16714) (sonic-net#17837) What I did: In Chassis TSA mode Loopback0 Ip's of each LC's should be advertise through e-BGP peers of each remote LC's How I did: - Route-map policy to Advertise own/self Loopback IP to other internal iBGP peers with a community internal_community as define in constants.yml - Route-map policy to match on above internal_community when route is received from internal iBGP peers and set a internal tag as define in constants.yml and also delete the internal_community so we don't send to any of e-BGP peers - In TSA new route-map match on above internal tag and permit the route (Loopback0 IP's of remote LC's) and set the community to traffic_shift_community. - In TSB delete the above new route-map. How I verify: Manual Verification UT updated. sonic-mgmt PR: sonic-net/sonic-mgmt#10239 Signed-off-by: Abhishek Dosi <[email protected]> commit 898f126 Author: Baorong Liu <[email protected]> Date: Thu Jan 18 04:08:29 2024 -0800 [staticroutebfd]double commit PR-16450, change bfd to singlehop (sonic-net#17549) Why I did it double commit PR-16450 because of cherry pick conflict for PR#202305 Work item tracking Microsoft ADO (number only): How I did it How to verify it commit d81780b Author: ganglv <[email protected]> Date: Thu Jan 18 20:07:40 2024 +0800 Fix host service for 202305 branch (sonic-net#17781) Why I did it When we disable telemetry.service, sonic-hostservice will not start. And root cause is sonic-hostservice is only wanted by telemetry.service. Work item tracking Microsoft ADO (number only): How I did it Add dependency for gnmi.service. How to verify it Disable telemetry.service and build new image, and then check sonic-hostservice with new image. commit b99c46e Author: Liu Shilong <[email protected]> Date: Thu Jan 18 20:05:04 2024 +0800 [build] Add gpg keys for sonic-slave-bullseye in arm64 cross build on amd64. (sonic-net#17182) (sonic-net#17828) Fix sonic-net#16204 Microsoft ADO (number only): 25746782 How I did it multiarch/debian-debootstrap:arm64-bullseye is too old. It needs to add some gpg keys before 'apt-get update' commit f460347 Author: mssonicbld <[email protected]> Date: Thu Jan 18 16:34:00 2024 +0800 [submodule] Update submodule sonic-swss to the latest HEAD automatically (sonic-net#17821) src/sonic-swss ``` * ac94f0b7 - (HEAD -> 202305, origin/202305) [202305][routeorch] Fixing bug with multiple routes pointing to nhg (sonic-net#3002) (2 hours ago) [Nikola Dancejic] ``` commit ed71c12 Author: abdosi <[email protected]> Date: Fri Jul 7 11:10:35 2023 -0700 Enable BFD for Static Route for chassis-packet. (sonic-net#15383) *What I did: Enable BFD for Static Route for chassis-packet. This will trigger the use of the feature as defined in here: sonic-net#13789 Signed-off-by: Abhishek Dosi <[email protected]> commit aa01630 Author: abdosi <[email protected]> Date: Tue Aug 29 13:41:01 2023 -0700 [build]: Added flag in sonic_version.yml to see if image is secured or non-secured (sonic-net#16191) What I did: Added flag in sonic_version.yml to see if compiled image is secured or non-secured. This is done using build/compile time environmental variable SECURE_UPGRADE_MODE as define in HLD: https://github.com/sonic-net/SONiC/blob/master/doc/secure_boot/hld_secure_boot.md This flag does not provide the runtime status of whether the image has booted securely or not. It's possible that compile time signed image (secured image) can boot on non secure platform. Why I did: Flag can be used for manual check or by the test case. ADO: 24319390 How I verify: Manual Verification --- build_version: 'master-16191.346262-cdc5e72a3' debian_version: '11.7' kernel_version: '5.10.0-18-2-amd64' asic_type: broadcom asic_subtype: 'broadcom' commit_id: 'cdc5e72a3' branch: 'master-16191' release: 'none' build_date: Fri Aug 25 03:15:45 UTC 2023 build_number: 346262 built_by: AzDevOps@vmss-soni001UR5 libswsscommon: 1.0.0 sonic_utilities: 1.2 sonic_os_version: 11 secure_boot_image: 'no' Signed-off-by: Abhishek Dosi <[email protected]> commit 9f81d9d Author: snider-nokia <[email protected]> Date: Mon Jan 8 14:38:46 2024 -0500 [Nokia][sonic-platform] Update Nokia sonic-platform submodule and device data (sonic-net#17378) These changes, in conjunction with NDK version >= 22.9.17 address the thermal logging issues discussed at Nokia-ION/ndk#27. While the changes contained at this PR do not require coupling to NDK version >= 22.9.17, thermal logging enhancements will not be available without updated NDK >= 22.9.17. Thus, coupling with NDK >=22.9.17 is preferred and recommended. Why I did it To address thermal logging deficiencies. Work item tracking Microsoft ADO (number only): 26365734 How I did it The following changes are included: Threshold configuration values are provided in the associated device data .json files. There is also a change included to better handle the condition where an SFP module read fails. Modify the module.py reboot to support reboot linecard from Supervisor - Modify reboot to call _reboot_imm for single IMM card reboot - Add log to the ndk_cmd to log the operation of "reboot-linecard" and "shutdown/satrtup the sfm" Add new nokia_cmd set command and modify show ndk-status output - Add a new function reboot_imm() to nokia_common.py to support reboot a single IMM slot from CPM - Added new command: nokia_cmd set reboot-linecard <slot> [forece] for CPM - Append a new column "RebootStatus" at the end of output of "nokia_cmd show ndk-status" - Provide ability for IMM to disable all transceiver module TX at reboot time - Remove defunct xcvr-resync service commit 2f8630c Author: Marty Y. Lok <[email protected]> Date: Mon Jan 8 14:39:30 2024 -0500 [Nokia-IXR7250E] Modify the platform_reboot on the IXR7250E for PMON API reboot and Disable all SFPs (sonic-net#17483) Why I did it When Supervisor card is rebooted by using PMON API, it takes about 90 seconds to trigger the shutdown in down path. At this time linecards have been up. This delays linecards database initialization which is trying to PING/PONG the database-chassis. To address this issue, we modified the NDK to use the system call with "sudo reboot" when the request is from PMON API on Supervisor case. The NDK version is 22.9.20 and greater. This new NDK requires this modifcaiton of platform_reboot to work with. Work item tracking Microsoft ADO (number only): 26365734 How I did it Modify the platform_reboot In Supervisor not to reboot all IMMs since it has been done in the function reboot() in module.py. Also handle the reboot-cause.txt for on the Supervisor when the reboot is request from PMON API. Modify the Nokia platform specific platform_reboot in linecard to disable all SPFs. This PR works with NDK version 22.9.20 and above Signed-off-by: mlok <[email protected]> commit 6926171 Author: Liu Shilong <[email protected]> Date: Mon Jan 15 14:59:21 2024 +0800 [build] Fix a bash script some times called by sh issue. (sonic-net#17761) Why I did it Fix a bug that sometimes the script runs in sh not bash. Work item tracking Microsoft ADO (number only): 26297955 How I did it commit a262306 Author: vdahiya12 <[email protected]> Date: Tue Jan 16 11:34:19 2024 -0800 [Arista] Update config.bcm of 7060_cx32s for handling 40g optics with unreliable los settings (sonic-net#17768) For 40G optics there is SAI handling of T0 facing ports to be set with SR4 type and unreliable los set for a fixed set of ports. For this property to be invoked the requirement is set phy_unlos_msft=1 in config.bcm. This change is to meet the requirement and once this property is set, the los/interface type settings is applied by SAI on the required ports. Why I did it For Arista-7060CX-32S-Q32 T1, 40G ports RX_ERR minimalization during connected device reboot can be achieved by turning on Unreliable LOS and SR4 media_type for all ports which are connected to T0. The property phy_unlos_msft=1 is to exclusively enable this property. Microsoft ADO: 25941176 How I did it Changes in SAI and turning on property How to verify it Ran the changes on a testbed and verified configurations are as intended. with property admin@sonic2:~$ bcmcmd "phy diag xe8 dsc config" | grep -C 2 "LOS" Brdfe_on = 0 Media Type = 2 Unreliable LOS = 1 Scrambling Disable = 0 Lane Config from PCS = 0 without property admin@sonic:~$ bcmcmd "phy diag xe8 dsc config" | grep -C 2 "LOS" Brdfe_on = 0 Media Type = 0 Unreliable LOS = 0 Scrambling Disable = 0 Lane Config from PCS = 0 Signed-off-by: vaibhav-dahiya <[email protected]> commit 245f337 Author: Feng-msft <[email protected]> Date: Fri Jan 12 10:51:48 2024 +0800 Fix dialout build flag issue. (sonic-net#17715) Fix ENABLE_DIALOUT flag issue. - Microsoft ADO **(number only)**: 21326000 Update Makefile.work and add debug string. ![image](https://github.com/sonic-net/sonic-buildimage/assets/97083744/960d75d1-618c-4734-acb5-7a32a28c262b) commit b53a890 Author: Liping Xu <[email protected]> Date: Fri Jan 12 15:26:06 2024 +0800 disable restapi for leafRouter in slim image (sonic-net#17713) Why I did it For some devices with small memory, after upgrading to the latest image, the available memory is not enough. Work item tracking Microsoft ADO (number only): 26324242 How I did it Disable restapi feature for LeafRouter which with slim image. How to verify it verified on 7050qx T1 (slim image), restapi disabled verified on 7050qx T0 (slim image), restapi enabled verified on 7260 T1 (normal image), restapi enabled commit 8561fa6 Author: mssonicbld <[email protected]> Date: Fri Jan 12 16:34:35 2024 +0800 [submodule] Update submodule sonic-utilities to the latest HEAD automatically (sonic-net#17757) src/sonic-utilities ``` * 651a80b1 - (HEAD -> 202305, origin/202305) Modify teamd retry count script to base BGP status on default BGP status (sonic-net#3069) (22 hours ago) [Saikrishna Arcot] ``` commit 9f66a7d Author: Lawrence Lee <[email protected]> Date: Wed Jan 10 14:40:15 2024 -0800 add timeout to ping6 command (sonic-net#17729) Signed-off-by: Lawrence Lee <[email protected]> commit 13aa19a Author: Nazarii Hnydyn <[email protected]> Date: Wed Jan 10 15:15:55 2024 +0200 [swss/syncd]: Remove dependency on interfaces-config.service (sonic-net#17649) Signed-off-by: Nazarii Hnydyn [email protected] This improvement does not bring any warm-reboot degradation, since the database availability (tcp/ip access over the loopback interface) was fixed by these PRs: Re-add 127.0.0.1/8 when bringing down the interfaces sonic-net#15080 Fix potentially not having any loopback address on lo interface sonic-net#16490 Why I did it Removed dependency on interfaces-config.service to speed up the boot, because interfaces-config.service takes a lot of time on init Work item tracking N/A How I did it Changed service files for swss/syncd How to verify it Boot and check swss/syncd start time comparing to interfaces-config commit f4c15b8 Author: mssonicbld <[email protected]> Date: Wed Jan 10 16:34:10 2024 +0800 [submodule] Update submodule linkmgrd to the latest HEAD automatically (sonic-net#17731) src/linkmgrd ``` * 2f5971f - (HEAD -> 202305, origin/202305) [warmboot] use config_db connector to update mux mode config instead of CLI (sonic-net#223) (4 hours ago) [Jing Zhang] ``` commit a3b5ea9 Author: Nazarii Hnydyn <[email protected]> Date: Wed Jan 10 02:56:20 2024 +0200 [sonic-cfggen]: Optimize template rendering and database access. (sonic-net#17650) Signed-off-by: Nazarii Hnydyn [email protected] Why I did it Improved switch init time Work item tracking N/A How I did it Replaced: sonic-cfggen -> sonic-db-cli Aggregated template list for sonic-cfggen How to verify it Run warm-reboot commit 44bc291 Author: mssonicbld <[email protected]> Date: Wed Jan 10 04:32:40 2024 +0800 [submodule] Update submodule linkmgrd to the latest HEAD automatically (sonic-net#17721) src/linkmgrd ``` * 2089ab6 - (HEAD -> 202305, origin/202305) Exclude DbInterface in PR coverage check (sonic-net#224) (3 hours ago) [Jing Zhang] ``` commit 1337597 Author: mssonicbld <[email protected]> Date: Wed Jan 10 02:32:19 2024 +0800 [submodule] Update submodule sonic-snmpagent to the latest HEAD automatically (sonic-net#17722) src/sonic-snmpagent ``` * e5fd192 - (HEAD -> 202305, origin/202305) Fix SNMP dropping some of the queue counter when create_only_config_db_buffers is set to true (sonic-net#303) (9 hours ago) [DavidZagury] ``` commit bb23f7b Author: mssonicbld <[email protected]> Date: Sat Jan 6 16:42:00 2024 +0800 [submodule] Update submodule sonic-gnmi to the latest HEAD automatically (sonic-net#17696) commit 7ccef97 Author: mssonicbld <[email protected]> Date: Sat Jan 6 03:37:17 2024 +0800 [YANG] Enable Yang model for BGP_BBR config entry (sonic-net#17622) (sonic-net#17692) commit 8defdfe Author: mssonicbld <[email protected]> Date: Sat Jan 6 01:15:01 2024 +0800 [submodule] Update submodule sonic-sairedis to the latest HEAD automatically (sonic-net#17691) commit b549962 Author: mssonicbld <[email protected]> Date: Sat Jan 6 01:00:55 2024 +0800 [submodule] Update submodule sonic-gnmi to the latest HEAD automatically (sonic-net#17690) commit 02dc49a Author: mssonicbld <[email protected]> Date: Fri Jan 5 15:14:43 2024 +0800 [submodule] Update submodule linkmgrd to the latest HEAD automatically (sonic-net#17687) commit 0d31ee8 Author: mssonicbld <[email protected]> Date: Fri Jan 5 02:39:03 2024 +0800 Update TELEMETRY_CLIENT YANG model (sonic-net#16861) (sonic-net#17679) commit df22ca9 Author: mssonicbld <[email protected]> Date: Fri Jan 5 01:04:39 2024 +0800 [Arista] Remove aggregate port config files for multi-asic devices (sonic-net#16923) (sonic-net#17678) commit ca2695f Author: mssonicbld <[email protected]> Date: Fri Jan 5 00:44:19 2024 +0800 password-hardening: Add support to disable expiration date like in Linux (PAM) (sonic-net#17426) (sonic-net#17674) commit 388457a Author: mssonicbld <[email protected]> Date: Fri Jan 5 00:35:07 2024 +0800 [arp_update]: Flush neighbors with incorrect MAC info (sonic-net#17238) (sonic-net#17677) commit 38c5e68 Author: mssonicbld <[email protected]> Date: Fri Jan 5 00:32:38 2024 +0800 Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue. (sonic-net#17281) (sonic-net#17676) commit 76d8ff0 Author: mssonicbld <[email protected]> Date: Thu Jan 4 23:10:28 2024 +0800 Update backend_acl.py to specify ACL table name (sonic-net#17553) (sonic-net#17673) commit b72a740 Author: mssonicbld <[email protected]> Date: Thu Jan 4 22:37:26 2024 +0800 [docker_image_ctl.j2]: swss docker initialization improvements (sonic-net#17628) (sonic-net#17672) commit 609b3a7 Author: mssonicbld <[email protected]> Date: Thu Jan 4 22:29:00 2024 +0800 [image_config]: Update DHCP rate-limit for mgmt TOR devices (sonic-net#17630) (sonic-net#17671) commit 8362c09 Author: mssonicbld <[email protected]> Date: Tue Jan 2 15:13:53 2024 +0800 [submodule] Update submodule sonic-swss to the latest HEAD automatically (sonic-net#17642) commit 3cb6343 Author: Stepan Blyshchak <[email protected]> Date: Tue Jan 2 02:59:17 2024 +0200 [202305] Revert bgp suppress fib pending (sonic-net#17578) DEPENDS ON: sonic-net/sonic-swss#2997 sonic-net/sonic-utilities#3093 What I did Revert the feature. Why I did it Revert bgp suppress FIB functionality due to found FRR memory consumption issues and bugs. How I verified it Basic sanity check on t1-lag, regression in progress. commit 64ed3d5 Author: mssonicbld <[email protected]> Date: Mon Jan 1 10:31:33 2024 +0800 Fix system-health hardware_checker to consume fan tolerance details (sonic-net#16689) (sonic-net#17640) commit 98ad3b0 Author: mssonicbld <[email protected]> Date: Sun Dec 31 17:01:53 2023 +0800 [submodule] Update submodule sonic-utilities to the latest HEAD automatically (sonic-net#17643) commit 1398daa Author: mssonicbld <[email protected]> Date: Sun Dec 31 15:20:25 2023 +0800 [submodule] Update submodule sonic-platform-daemons to the latest HEAD automatically (sonic-net#17641) commit fb83d4d Author: mssonicbld <[email protected]> Date: Fri Dec 29 01:07:45 2023 +0800 [Mellanox] wait until hw-management watchdog files ready (sonic-net#17618) (sonic-net#17633) commit a8ad19d Author: Junchao-Mellanox <[email protected]> Date: Thu Dec 28 20:53:49 2023 +0800 [202305] Optimize syslog rate limit feature for fast and warm boot (sonic-net#17478) Backport PR sonic-net#17458 due to conflict. Why I did it Optimize syslog rate limit feature for fast and warm boot Work item tracking Microsoft ADO (number only): How I did it Optimize redis start time Don't render rsyslog.conf in container startup script Disable containercfgd by default. There is a new CLI to enable it (in another PR) How to verify it Manual test Regression test
Squashed commit of the following: commit 335ebaa Author: mssonicbld <[email protected]> Date: Wed Jan 24 16:35:00 2024 +0800 [submodule] Update submodule sonic-platform-daemons to the latest HEAD automatically (sonic-net#17891) #### Why I did it src/sonic-platform-daemons ``` * 824c20a - (HEAD -> 202305, origin/202305) Support 800G ifname in xcvrd (sonic-net#420) (20 hours ago) [Anoop Kamath] ``` #### How I did it #### How to verify it #### Description for the changelog commit 78e211c Author: mssonicbld <[email protected]> Date: Sun Jan 21 16:32:35 2024 +0800 [submodule] Update submodule sonic-utilities to the latest HEAD automatically (sonic-net#17868) #### Why I did it src/sonic-utilities ``` * 83a548de - (HEAD -> 202305, origin/202305) Disable Key Validation feature during sonic-installation for Cisco Platforms (sonic-net#3115) (22 hours ago) [selvipal] ``` #### How I did it #### How to verify it #### Description for the changelog commit 5d30151 Author: mssonicbld <[email protected]> Date: Sat Jan 20 16:32:45 2024 +0800 [submodule] Update submodule sonic-snmpagent to the latest HEAD automatically (sonic-net#17863) #### Why I did it src/sonic-snmpagent ``` * 6f59d29 - (HEAD -> 202305, origin/202305) Fix SNMP dropping some of the queue counter when create_only_config_db_buffers is set to true (sonic-net#303) (sonic-net#309) (33 minutes ago) [mssonicbld] ``` #### How I did it #### How to verify it #### Description for the changelog commit 208c170 Author: mssonicbld <[email protected]> Date: Sat Jan 20 04:32:37 2024 +0800 [submodule] Update submodule sonic-snmpagent to the latest HEAD automatically (sonic-net#17859) #### Why I did it src/sonic-snmpagent ``` * 2efaf2e - (HEAD -> 202305, origin/202305) Revert "[action] [PR:303] Fix SNMP dropping some of the queue counter when create_only_config_db_buffers is set to true (sonic-net#303)" (sonic-net#308) (4 minutes ago) [StormLiangMS] ``` #### How I did it #### How to verify it #### Description for the changelog commit 306175b Author: Saikrishna Arcot <[email protected]> Date: Fri Jan 19 03:16:04 2024 -0800 dhcrelay: Don't look up the ifindex for the fallback interface (sonic-net#17797) (sonic-net#17840) Currently, whenever isc-dhcp-relay forwards a packet upstream, internally, it will try to send it on a "fallback" interface. My understanding is that this isn't meant to be a real interface, but instead is basically saying to use Linux's regular routing stack to route the packet appropriately (rather than having isc-dhcp-relay specify specifically which interface to use). The problem is that on systems with a weak CPU, a large number of interfaces, and many upstream servers specified, this can introduce a noticeable delay in packets getting sent. The delay comes from trying to get the ifindex of the fallback interface. In one test case, it got to the point that only 2 packets could be processed per second. Because of this, dhcrelay will easily get backlogged and likely get to a point where packets get dropped in the kernel. Fix this by adding a check saying if we're using the fallback interface, then don't try to get the ifindex of this interface. We're never going to have an interface named this in SONiC. Signed-off-by: Saikrishna Arcot <[email protected]> commit fc7a1ac Author: mssonicbld <[email protected]> Date: Fri Jan 19 18:36:00 2024 +0800 [submodule] Update submodule sonic-snmpagent to the latest HEAD automatically (sonic-net#17853) #### Why I did it src/sonic-snmpagent ``` * b0a4bcc - (HEAD -> 202305, origin/202305) Set the execute bit on sysDescr_pass.py (sonic-net#306) (22 hours ago) [Andre Kostur] ``` #### How I did it #### How to verify it #### Description for the changelog commit 30b1f05 Author: mssonicbld <[email protected]> Date: Fri Jan 19 16:34:55 2024 +0800 [submodule] Update submodule linkmgrd to the latest HEAD automatically (sonic-net#17851) #### Why I did it src/linkmgrd ``` * f5e9b54 - (HEAD -> 202305, origin/202305) [CodeQL] fix unmet build dependency (sonic-net#222) (10 hours ago) [Jing Zhang] * 2282cc5 - [active-standby] Probe the link in suspend timeout (sonic-net#235) (22 hours ago) [Longxiang Lyu] ``` #### How I did it #### How to verify it #### Description for the changelog commit 66ce739 Author: mssonicbld <[email protected]> Date: Fri Jan 19 16:34:46 2024 +0800 [submodule] Update submodule sonic-utilities to the latest HEAD automatically (sonic-net#17855) #### Why I did it src/sonic-utilities ``` * 93c42272 - (HEAD -> 202305, origin/202305) [chassis]: Support show ip bgp summary to display without error when no external neighbors are configured on chassis LC (sonic-net#3099) (22 hours ago) [Arvindsrinivasan Lakshmi Narasimhan] ``` #### How I did it #### How to verify it #### Description for the changelog commit 076b6c3 Author: zitingguo-ms <[email protected]> Date: Fri Jan 19 14:56:01 2024 +0800 upgrade xgs SAI to 8.4.39.2 (sonic-net#17842) Why I did it Upgrade the xgs SAI version to 8.4.39.2 to include the following fix: 8.4.36.0: [submodule upgrade] [SAI_BRANCH rel_ocp_sai_8_4] SID: SDK-381039 Cosq control dynamic type changes 8.4.37.0: SID: MMU cosq control configuration with Dynamic Type Check 8.4.38.0: [sbumodule upgrade] [CSP 0001232212][SAI_BRANCH rel_ocp_sai_8_4]back-porting SONIC-82415 to SAI 8.4 8.4.39.0: [CSP CS00012320979] Port SONIC-81867 sai spec compliance for get SAI_SWITCH_ATTR_SWITCH_HARDWARE_INFO 8.4.39.1: changes for phy-re-init of 40G ports for TH platforms CS00012327470 8.4.39.2: fix capability for Hostif queue by change SET operation of SAI_HOSTIF_ATTR_QUEUE to be true Work item tracking Microsoft ADO (number only): 26491005 How I did it Upgrade xgs SAI version in sai.mk file. How to verify it Run basic SONiC test using SAI release pipeline, all cases passed. https://dev.azure.com/mssonic/internal/_build/results?buildId=457869&view=results commit 6d767e5 Author: abdosi <[email protected]> Date: Thu Jan 18 20:53:26 2024 -0800 [chassis] Support advertisement of Loopback0 of all LC's across all e-BGP peers in TSA mode (sonic-net#16714) (sonic-net#17837) What I did: In Chassis TSA mode Loopback0 Ip's of each LC's should be advertise through e-BGP peers of each remote LC's How I did: - Route-map policy to Advertise own/self Loopback IP to other internal iBGP peers with a community internal_community as define in constants.yml - Route-map policy to match on above internal_community when route is received from internal iBGP peers and set a internal tag as define in constants.yml and also delete the internal_community so we don't send to any of e-BGP peers - In TSA new route-map match on above internal tag and permit the route (Loopback0 IP's of remote LC's) and set the community to traffic_shift_community. - In TSB delete the above new route-map. How I verify: Manual Verification UT updated. sonic-mgmt PR: sonic-net/sonic-mgmt#10239 Signed-off-by: Abhishek Dosi <[email protected]> commit 898f126 Author: Baorong Liu <[email protected]> Date: Thu Jan 18 04:08:29 2024 -0800 [staticroutebfd]double commit PR-16450, change bfd to singlehop (sonic-net#17549) Why I did it double commit PR-16450 because of cherry pick conflict for PR#202305 Work item tracking Microsoft ADO (number only): How I did it How to verify it commit d81780b Author: ganglv <[email protected]> Date: Thu Jan 18 20:07:40 2024 +0800 Fix host service for 202305 branch (sonic-net#17781) Why I did it When we disable telemetry.service, sonic-hostservice will not start. And root cause is sonic-hostservice is only wanted by telemetry.service. Work item tracking Microsoft ADO (number only): How I did it Add dependency for gnmi.service. How to verify it Disable telemetry.service and build new image, and then check sonic-hostservice with new image. commit b99c46e Author: Liu Shilong <[email protected]> Date: Thu Jan 18 20:05:04 2024 +0800 [build] Add gpg keys for sonic-slave-bullseye in arm64 cross build on amd64. (sonic-net#17182) (sonic-net#17828) Fix sonic-net#16204 Microsoft ADO (number only): 25746782 How I did it multiarch/debian-debootstrap:arm64-bullseye is too old. It needs to add some gpg keys before 'apt-get update' commit f460347 Author: mssonicbld <[email protected]> Date: Thu Jan 18 16:34:00 2024 +0800 [submodule] Update submodule sonic-swss to the latest HEAD automatically (sonic-net#17821) #### Why I did it src/sonic-swss ``` * ac94f0b7 - (HEAD -> 202305, origin/202305) [202305][routeorch] Fixing bug with multiple routes pointing to nhg (sonic-net#3002) (2 hours ago) [Nikola Dancejic] ``` #### How I did it #### How to verify it #### Description for the changelog commit ed71c12 Author: abdosi <[email protected]> Date: Fri Jul 7 11:10:35 2023 -0700 Enable BFD for Static Route for chassis-packet. (sonic-net#15383) *What I did: Enable BFD for Static Route for chassis-packet. This will trigger the use of the feature as defined in here: sonic-net#13789 Signed-off-by: Abhishek Dosi <[email protected]> commit aa01630 Author: abdosi <[email protected]> Date: Tue Aug 29 13:41:01 2023 -0700 [build]: Added flag in sonic_version.yml to see if image is secured or non-secured (sonic-net#16191) What I did: Added flag in sonic_version.yml to see if compiled image is secured or non-secured. This is done using build/compile time environmental variable SECURE_UPGRADE_MODE as define in HLD: https://github.com/sonic-net/SONiC/blob/master/doc/secure_boot/hld_secure_boot.md This flag does not provide the runtime status of whether the image has booted securely or not. It's possible that compile time signed image (secured image) can boot on non secure platform. Why I did: Flag can be used for manual check or by the test case. ADO: 24319390 How I verify: Manual Verification --- build_version: 'master-16191.346262-cdc5e72a3' debian_version: '11.7' kernel_version: '5.10.0-18-2-amd64' asic_type: broadcom asic_subtype: 'broadcom' commit_id: 'cdc5e72a3' branch: 'master-16191' release: 'none' build_date: Fri Aug 25 03:15:45 UTC 2023 build_number: 346262 built_by: AzDevOps@vmss-soni001UR5 libswsscommon: 1.0.0 sonic_utilities: 1.2 sonic_os_version: 11 secure_boot_image: 'no' Signed-off-by: Abhishek Dosi <[email protected]> commit 9f81d9d Author: snider-nokia <[email protected]> Date: Mon Jan 8 14:38:46 2024 -0500 [Nokia][sonic-platform] Update Nokia sonic-platform submodule and device data (sonic-net#17378) These changes, in conjunction with NDK version >= 22.9.17 address the thermal logging issues discussed at Nokia-ION/ndk#27. While the changes contained at this PR do not require coupling to NDK version >= 22.9.17, thermal logging enhancements will not be available without updated NDK >= 22.9.17. Thus, coupling with NDK >=22.9.17 is preferred and recommended. Why I did it To address thermal logging deficiencies. Work item tracking Microsoft ADO (number only): 26365734 How I did it The following changes are included: Threshold configuration values are provided in the associated device data .json files. There is also a change included to better handle the condition where an SFP module read fails. Modify the module.py reboot to support reboot linecard from Supervisor - Modify reboot to call _reboot_imm for single IMM card reboot - Add log to the ndk_cmd to log the operation of "reboot-linecard" and "shutdown/satrtup the sfm" Add new nokia_cmd set command and modify show ndk-status output - Add a new function reboot_imm() to nokia_common.py to support reboot a single IMM slot from CPM - Added new command: nokia_cmd set reboot-linecard <slot> [forece] for CPM - Append a new column "RebootStatus" at the end of output of "nokia_cmd show ndk-status" - Provide ability for IMM to disable all transceiver module TX at reboot time - Remove defunct xcvr-resync service commit 2f8630c Author: Marty Y. Lok <[email protected]> Date: Mon Jan 8 14:39:30 2024 -0500 [Nokia-IXR7250E] Modify the platform_reboot on the IXR7250E for PMON API reboot and Disable all SFPs (sonic-net#17483) Why I did it When Supervisor card is rebooted by using PMON API, it takes about 90 seconds to trigger the shutdown in down path. At this time linecards have been up. This delays linecards database initialization which is trying to PING/PONG the database-chassis. To address this issue, we modified the NDK to use the system call with "sudo reboot" when the request is from PMON API on Supervisor case. The NDK version is 22.9.20 and greater. This new NDK requires this modifcaiton of platform_reboot to work with. Work item tracking Microsoft ADO (number only): 26365734 How I did it Modify the platform_reboot In Supervisor not to reboot all IMMs since it has been done in the function reboot() in module.py. Also handle the reboot-cause.txt for on the Supervisor when the reboot is request from PMON API. Modify the Nokia platform specific platform_reboot in linecard to disable all SPFs. This PR works with NDK version 22.9.20 and above Signed-off-by: mlok <[email protected]> commit 6926171 Author: Liu Shilong <[email protected]> Date: Mon Jan 15 14:59:21 2024 +0800 [build] Fix a bash script some times called by sh issue. (sonic-net#17761) Why I did it Fix a bug that sometimes the script runs in sh not bash. Work item tracking Microsoft ADO (number only): 26297955 How I did it commit a262306 Author: vdahiya12 <[email protected]> Date: Tue Jan 16 11:34:19 2024 -0800 [Arista] Update config.bcm of 7060_cx32s for handling 40g optics with unreliable los settings (sonic-net#17768) For 40G optics there is SAI handling of T0 facing ports to be set with SR4 type and unreliable los set for a fixed set of ports. For this property to be invoked the requirement is set phy_unlos_msft=1 in config.bcm. This change is to meet the requirement and once this property is set, the los/interface type settings is applied by SAI on the required ports. Why I did it For Arista-7060CX-32S-Q32 T1, 40G ports RX_ERR minimalization during connected device reboot can be achieved by turning on Unreliable LOS and SR4 media_type for all ports which are connected to T0. The property phy_unlos_msft=1 is to exclusively enable this property. Microsoft ADO: 25941176 How I did it Changes in SAI and turning on property How to verify it Ran the changes on a testbed and verified configurations are as intended. with property admin@sonic2:~$ bcmcmd "phy diag xe8 dsc config" | grep -C 2 "LOS" Brdfe_on = 0 Media Type = 2 Unreliable LOS = 1 Scrambling Disable = 0 Lane Config from PCS = 0 without property admin@sonic:~$ bcmcmd "phy diag xe8 dsc config" | grep -C 2 "LOS" Brdfe_on = 0 Media Type = 0 Unreliable LOS = 0 Scrambling Disable = 0 Lane Config from PCS = 0 Signed-off-by: vaibhav-dahiya <[email protected]> commit 245f337 Author: Feng-msft <[email protected]> Date: Fri Jan 12 10:51:48 2024 +0800 Fix dialout build flag issue. (sonic-net#17715) ### Why I did it Fix ENABLE_DIALOUT flag issue. ##### Work item tracking - Microsoft ADO **(number only)**: 21326000 #### How I did it Update Makefile.work and add debug string. #### How to verify it ![image](https://github.com/sonic-net/sonic-buildimage/assets/97083744/960d75d1-618c-4734-acb5-7a32a28c262b) commit b53a890 Author: Liping Xu <[email protected]> Date: Fri Jan 12 15:26:06 2024 +0800 disable restapi for leafRouter in slim image (sonic-net#17713) Why I did it For some devices with small memory, after upgrading to the latest image, the available memory is not enough. Work item tracking Microsoft ADO (number only): 26324242 How I did it Disable restapi feature for LeafRouter which with slim image. How to verify it verified on 7050qx T1 (slim image), restapi disabled verified on 7050qx T0 (slim image), restapi enabled verified on 7260 T1 (normal image), restapi enabled commit 8561fa6 Author: mssonicbld <[email protected]> Date: Fri Jan 12 16:34:35 2024 +0800 [submodule] Update submodule sonic-utilities to the latest HEAD automatically (sonic-net#17757) #### Why I did it src/sonic-utilities ``` * 651a80b1 - (HEAD -> 202305, origin/202305) Modify teamd retry count script to base BGP status on default BGP status (sonic-net#3069) (22 hours ago) [Saikrishna Arcot] ``` #### How I did it #### How to verify it #### Description for the changelog commit 9f66a7d Author: Lawrence Lee <[email protected]> Date: Wed Jan 10 14:40:15 2024 -0800 add timeout to ping6 command (sonic-net#17729) Signed-off-by: Lawrence Lee <[email protected]> commit 13aa19a Author: Nazarii Hnydyn <[email protected]> Date: Wed Jan 10 15:15:55 2024 +0200 [swss/syncd]: Remove dependency on interfaces-config.service (sonic-net#17649) Signed-off-by: Nazarii Hnydyn [email protected] This improvement does not bring any warm-reboot degradation, since the database availability (tcp/ip access over the loopback interface) was fixed by these PRs: Re-add 127.0.0.1/8 when bringing down the interfaces sonic-net#15080 Fix potentially not having any loopback address on lo interface sonic-net#16490 Why I did it Removed dependency on interfaces-config.service to speed up the boot, because interfaces-config.service takes a lot of time on init Work item tracking N/A How I did it Changed service files for swss/syncd How to verify it Boot and check swss/syncd start time comparing to interfaces-config commit f4c15b8 Author: mssonicbld <[email protected]> Date: Wed Jan 10 16:34:10 2024 +0800 [submodule] Update submodule linkmgrd to the latest HEAD automatically (sonic-net#17731) #### Why I did it src/linkmgrd ``` * 2f5971f - (HEAD -> 202305, origin/202305) [warmboot] use config_db connector to update mux mode config instead of CLI (sonic-net#223) (4 hours ago) [Jing Zhang] ``` #### How I did it #### How to verify it #### Description for the changelog commit a3b5ea9 Author: Nazarii Hnydyn <[email protected]> Date: Wed Jan 10 02:56:20 2024 +0200 [sonic-cfggen]: Optimize template rendering and database access. (sonic-net#17650) Signed-off-by: Nazarii Hnydyn [email protected] Why I did it Improved switch init time Work item tracking N/A How I did it Replaced: sonic-cfggen -> sonic-db-cli Aggregated template list for sonic-cfggen How to verify it Run warm-reboot commit 44bc291 Author: mssonicbld <[email protected]> Date: Wed Jan 10 04:32:40 2024 +0800 [submodule] Update submodule linkmgrd to the latest HEAD automatically (sonic-net#17721) #### Why I did it src/linkmgrd ``` * 2089ab6 - (HEAD -> 202305, origin/202305) Exclude DbInterface in PR coverage check (sonic-net#224) (3 hours ago) [Jing Zhang] ``` #### How I did it #### How to verify it #### Description for the changelog commit 1337597 Author: mssonicbld <[email protected]> Date: Wed Jan 10 02:32:19 2024 +0800 [submodule] Update submodule sonic-snmpagent to the latest HEAD automatically (sonic-net#17722) #### Why I did it src/sonic-snmpagent ``` * e5fd192 - (HEAD -> 202305, origin/202305) Fix SNMP dropping some of the queue counter when create_only_config_db_buffers is set to true (sonic-net#303) (9 hours ago) [DavidZagury] ``` #### How I did it #### How to verify it #### Description for the changelog commit bb23f7b Author: mssonicbld <[email protected]> Date: Sat Jan 6 16:42:00 2024 +0800 [submodule] Update submodule sonic-gnmi to the latest HEAD automatically (sonic-net#17696) commit 7ccef97 Author: mssonicbld <[email protected]> Date: Sat Jan 6 03:37:17 2024 +0800 [YANG] Enable Yang model for BGP_BBR config entry (sonic-net#17622) (sonic-net#17692) commit 8defdfe Author: mssonicbld <[email protected]> Date: Sat Jan 6 01:15:01 2024 +0800 [submodule] Update submodule sonic-sairedis to the latest HEAD automatically (sonic-net#17691) commit b549962 Author: mssonicbld <[email protected]> Date: Sat Jan 6 01:00:55 2024 +0800 [submodule] Update submodule sonic-gnmi to the latest HEAD automatically (sonic-net#17690) commit 02dc49a Author: mssonicbld <[email protected]> Date: Fri Jan 5 15:14:43 2024 +0800 [submodule] Update submodule linkmgrd to the latest HEAD automatically (sonic-net#17687) commit 0d31ee8 Author: mssonicbld <[email protected]> Date: Fri Jan 5 02:39:03 2024 +0800 Update TELEMETRY_CLIENT YANG model (sonic-net#16861) (sonic-net#17679) commit df22ca9 Author: mssonicbld <[email protected]> Date: Fri Jan 5 01:04:39 2024 +0800 [Arista] Remove aggregate port config files for multi-asic devices (sonic-net#16923) (sonic-net#17678) commit ca2695f Author: mssonicbld <[email protected]> Date: Fri Jan 5 00:44:19 2024 +0800 password-hardening: Add support to disable expiration date like in Linux (PAM) (sonic-net#17426) (sonic-net#17674) commit 388457a Author: mssonicbld <[email protected]> Date: Fri Jan 5 00:35:07 2024 +0800 [arp_update]: Flush neighbors with incorrect MAC info (sonic-net#17238) (sonic-net#17677) commit 38c5e68 Author: mssonicbld <[email protected]> Date: Fri Jan 5 00:32:38 2024 +0800 Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue. (sonic-net#17281) (sonic-net#17676) commit 76d8ff0 Author: mssonicbld <[email protected]> Date: Thu Jan 4 23:10:28 2024 +0800 Update backend_acl.py to specify ACL table name (sonic-net#17553) (sonic-net#17673) commit b72a740 Author: mssonicbld <[email protected]> Date: Thu Jan 4 22:37:26 2024 +0800 [docker_image_ctl.j2]: swss docker initialization improvements (sonic-net#17628) (sonic-net#17672) commit 609b3a7 Author: mssonicbld <[email protected]> Date: Thu Jan 4 22:29:00 2024 +0800 [image_config]: Update DHCP rate-limit for mgmt TOR devices (sonic-net#17630) (sonic-net#17671) commit 8362c09 Author: mssonicbld <[email protected]> Date: Tue Jan 2 15:13:53 2024 +0800 [submodule] Update submodule sonic-swss to the latest HEAD automatically (sonic-net#17642) commit 3cb6343 Author: Stepan Blyshchak <[email protected]> Date: Tue Jan 2 02:59:17 2024 +0200 [202305] Revert bgp suppress fib pending (sonic-net#17578) DEPENDS ON: sonic-net/sonic-swss#2997 sonic-net/sonic-utilities#3093 What I did Revert the feature. Why I did it Revert bgp suppress FIB functionality due to found FRR memory consumption issues and bugs. How I verified it Basic sanity check on t1-lag, regression in progress. commit 64ed3d5 Author: mssonicbld <[email protected]> Date: Mon Jan 1 10:31:33 2024 +0800 Fix system-health hardware_checker to consume fan tolerance details (sonic-net#16689) (sonic-net#17640) commit 98ad3b0 Author: mssonicbld <[email protected]> Date: Sun Dec 31 17:01:53 2023 +0800 [submodule] Update submodule sonic-utilities to the latest HEAD automatically (sonic-net#17643) commit 1398daa Author: mssonicbld <[email protected]> Date: Sun Dec 31 15:20:25 2023 +0800 [submodule] Update submodule sonic-platform-daemons to the latest HEAD automatically (sonic-net#17641) commit fb83d4d Author: mssonicbld <[email protected]> Date: Fri Dec 29 01:07:45 2023 +0800 [Mellanox] wait until hw-management watchdog files ready (sonic-net#17618) (sonic-net#17633) commit a8ad19d Author: Junchao-Mellanox <[email protected]> Date: Thu Dec 28 20:53:49 2023 +0800 [202305] Optimize syslog rate limit feature for fast and warm boot (sonic-net#17478) Backport PR sonic-net#17458 due to conflict. Why I did it Optimize syslog rate limit feature for fast and warm boot Work item tracking Microsoft ADO (number only): How I did it Optimize redis start time Don't render rsyslog.conf in container startup script Disable containercfgd by default. There is a new CLI to enable it (in another PR) How to verify it Manual test Regression test
…lt' route table does not add to route lookup issue. (sonic-net#17281) Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue. #### Why I did it When device set with IPV6 TACACS server address, and shutdown all BGP, device can't connect to TACACS server via management interface. After investigation, I found the IPV6 'default' route table does not add to route lookup: admin@vlab-01:~$ ip -6 rule list 1001: from all lookup local 32765: from fec0::ffff:afa:1 lookup default 32766: from all lookup main admin@vlab-01:~$ As compare: admin@vlab-01:~$ ip -4 rule list 1001: from all lookup local 32764: from all to 172.17.0.1/24 lookup default 32765: from 10.250.0.101 lookup default 32766: from all lookup main 32767: from all lookup default <== 'default' route table exist in IPV4 route lookup Issue fix by add 'default' route table to route lookup with following command: admin@vlab-01:~$ sudo ip -6 rule add pref 32767 lookup default admin@vlab-01:~$ ip -6 rule list 1001: from all lookup local 32765: from fec0::ffff:afa:1 lookup default 32766: from all lookup main 32767: from all lookup default <== 'default' route table been added to IPV6 route lookup admin@vlab-01:~$ ##### Work item tracking - Microsoft ADO: 25798732 #### How I did it When management interface using 'default' route table, add 'default' route table to IPV6 route lookup. #### How to verify it Pass all UT. Add new UT to cover this change. Manually verify issue fixed: ### Tested branch (Please provide the tested image version) - [x] master-17281.417570-2133d58fa #### Description for the changelog Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue.
Cherry-pick PR to 202311: #17991 |
…lt' route table does not add to route lookup issue. (#17281) Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue. #### Why I did it When device set with IPV6 TACACS server address, and shutdown all BGP, device can't connect to TACACS server via management interface. After investigation, I found the IPV6 'default' route table does not add to route lookup: admin@vlab-01:~$ ip -6 rule list 1001: from all lookup local 32765: from fec0::ffff:afa:1 lookup default 32766: from all lookup main admin@vlab-01:~$ As compare: admin@vlab-01:~$ ip -4 rule list 1001: from all lookup local 32764: from all to 172.17.0.1/24 lookup default 32765: from 10.250.0.101 lookup default 32766: from all lookup main 32767: from all lookup default <== 'default' route table exist in IPV4 route lookup Issue fix by add 'default' route table to route lookup with following command: admin@vlab-01:~$ sudo ip -6 rule add pref 32767 lookup default admin@vlab-01:~$ ip -6 rule list 1001: from all lookup local 32765: from fec0::ffff:afa:1 lookup default 32766: from all lookup main 32767: from all lookup default <== 'default' route table been added to IPV6 route lookup admin@vlab-01:~$ ##### Work item tracking - Microsoft ADO: 25798732 #### How I did it When management interface using 'default' route table, add 'default' route table to IPV6 route lookup. #### How to verify it Pass all UT. Add new UT to cover this change. Manually verify issue fixed: ### Tested branch (Please provide the tested image version) - [x] master-17281.417570-2133d58fa #### Description for the changelog Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue.
ix IPV6 forced-mgmt-route not work issue Why I did it IPV6 forced-mgmt-route not work When add a IPV6 route, should use 'ip -6 rule add pref 32764 address' command, but currently in the template the '-6' parameter are missing, so the IPV6 route been add to IPV4 route table. Also this PR depends on sonic-net#17281 , which will fix the IPV6 'default' route table missing in IPV6 route lookup issue. Microsoft ADO (number only):24719238
ix IPV6 forced-mgmt-route not work issue Why I did it IPV6 forced-mgmt-route not work When add a IPV6 route, should use 'ip -6 rule add pref 32764 address' command, but currently in the template the '-6' parameter are missing, so the IPV6 route been add to IPV4 route table. Also this PR depends on sonic-net#17281 , which will fix the IPV6 'default' route table missing in IPV6 route lookup issue. Microsoft ADO (number only):24719238
ix IPV6 forced-mgmt-route not work issue Why I did it IPV6 forced-mgmt-route not work When add a IPV6 route, should use 'ip -6 rule add pref 32764 address' command, but currently in the template the '-6' parameter are missing, so the IPV6 route been add to IPV4 route table. Also this PR depends on sonic-net#17281 , which will fix the IPV6 'default' route table missing in IPV6 route lookup issue. Microsoft ADO (number only):24719238
ix IPV6 forced-mgmt-route not work issue Why I did it IPV6 forced-mgmt-route not work When add a IPV6 route, should use 'ip -6 rule add pref 32764 address' command, but currently in the template the '-6' parameter are missing, so the IPV6 route been add to IPV4 route table. Also this PR depends on #17281 , which will fix the IPV6 'default' route table missing in IPV6 route lookup issue. Microsoft ADO (number only):24719238
Fix IPV6 forced-mgmt-route not work issue Why I did it IPV6 forced-mgmt-route not work When add a IPV6 route, should use 'ip -6 rule add pref 32764 address' command, but currently in the template the '-6' parameter are missing, so the IPV6 route been add to IPV4 route table. Also this PR depends on #17281 , which will fix the IPV6 'default' route table missing in IPV6 route lookup issue. Microsoft ADO (number only):24719238
Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue.
Why I did it
When device set with IPV6 TACACS server address, and shutdown all BGP, device can't connect to TACACS server via management interface.
After investigation, I found the IPV6 'default' route table does not add to route lookup:
admin@vlab-01:
$ ip -6 rule list$1001: from all lookup local
32765: from fec0::ffff:afa:1 lookup default
32766: from all lookup main
admin@vlab-01:
As compare:
admin@vlab-01:~$ ip -4 rule list
1001: from all lookup local
32764: from all to 172.17.0.1/24 lookup default
32765: from 10.250.0.101 lookup default
32766: from all lookup main
32767: from all lookup default <== 'default' route table exist in IPV4 route lookup
Issue fix by add 'default' route table to route lookup with following command:
admin@vlab-01:
$ sudo ip -6 rule add pref 32767 lookup default$ ip -6 rule listadmin@vlab-01:
1001: from all lookup local
32765: from fec0::ffff:afa:1 lookup default
32766: from all lookup main
32767: from all lookup default <== 'default' route table been added to IPV6 route lookup
admin@vlab-01:~$
Work item tracking
How I did it
When management interface using 'default' route table, add 'default' route table to IPV6 route lookup.
How to verify it
Pass all UT.
Add new UT to cover this change.
Manually verify issue fixed:
Which release branch to backport (provide reason below if selected)
Tested branch (Please provide the tested image version)
Description for the changelog
Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue.
Link to config_db schema for YANG module changes
A picture of a cute animal (not mandatory but encouraged)