-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ebtables] Add multicast drop rule to ebtables #18064
Conversation
Adding rule to ebtables to drop multicast packets in kernel. This was done to address a bug where NS packets were flooding ports with duplicate packets. Signed-off-by: Nikola Dancejic <[email protected]>
@Ndancejic , please provide link to sonic-mgmt test PR when ready |
@Ndancejic what test has been done with this change? Other than the packet forwarding one you mentioned? Did it impact any other control plane feature? |
Adding rule to ebtables to drop multicast packets in kernel. This was done to address a bug where NS packets were flooding ports with duplicate packets. Signed-off-by: Nikola Dancejic <[email protected]>
Cherry-pick PR to 202311: #18192 |
Adding rule to ebtables to drop multicast packets in kernel. This was done to address a bug where NS packets were flooding ports with duplicate packets. Signed-off-by: Nikola Dancejic <[email protected]>
I checked again at the test coverage and it looks like test_proxy_arp is already covering ipv6 proxy case. And it's currently failing in nightly tests. After this + swss change we should see this case pass example: TfsGit_Schedule_PR_None_BUILD_486526_JOB_3800.t0.202305.NightlyTest_by_Elastictest I should also mention, this test case already checks that the ToR Mac NS packet is the only one we receive. It's currently failing because we are receiving the 2 packets with different source Macs. |
Mostly ad-hoc testing, I ensured that ndp table entries were being correctly filled in, and that dst interface on ptf still received ns packets from the ToR Mac. I didn't notice any impact on control plane. |
https://github.com/sonic-net/sonic-mgmt/blob/0a3acb73addac635e25ec6f120c193ce8795b0b4/tests/arp/test_arp_extended.py#L55 <- sonic-mgmt test covers this case |
Adding rule to ebtables to drop multicast packets in kernel. This was done to address a bug where NS packets were flooding ports with duplicate packets. Signed-off-by: Nikola Dancejic <[email protected]>
Cherry-pick PR to 202305: #18193 |
Adding rule to ebtables to drop multicast packets in kernel. This was done to address a bug where NS packets were flooding ports with duplicate packets. Signed-off-by: Nikola Dancejic <[email protected]>
Adding rule to ebtables to drop multicast packets in kernel. This was done to address a bug where NS packets were flooding ports with duplicate packets. Signed-off-by: Nikola Dancejic <[email protected]>
Adding rule to ebtables to drop multicast packets in kernel. This was done to address a bug where NS packets were flooding ports with duplicate packets. Signed-off-by: Nikola Dancejic <[email protected]>
Adding rule to ebtables to drop multicast packets in kernel. This was done to address a bug where NS packets were flooding ports with duplicate packets. Signed-off-by: Nikola Dancejic <[email protected]>
What is the motivation for this PR? DHCP broadcast flooding was resolved by this PR: sonic-net/sonic-buildimage#18064. Hence interfaces under Vlan would not received broadcast flooding packets. Remove this verification. How did you do it? Removed verification of receiving of DHCP broadcast flooding packets in other_client_ports. How did you verify/test it? Run tests.
…et#11935) What is the motivation for this PR? DHCP broadcast flooding was resolved by this PR: sonic-net/sonic-buildimage#18064. Hence interfaces under Vlan would not received broadcast flooding packets. Remove this verification. How did you do it? Removed verification of receiving of DHCP broadcast flooding packets in other_client_ports. How did you verify/test it? Run tests.
…et#11935) What is the motivation for this PR? DHCP broadcast flooding was resolved by this PR: sonic-net/sonic-buildimage#18064. Hence interfaces under Vlan would not received broadcast flooding packets. Remove this verification. How did you do it? Removed verification of receiving of DHCP broadcast flooding packets in other_client_ports. How did you verify/test it? Run tests.
What is the motivation for this PR? DHCP broadcast flooding was resolved by this PR: sonic-net/sonic-buildimage#18064. Hence interfaces under Vlan would not received broadcast flooding packets. Remove this verification. How did you do it? Removed verification of receiving of DHCP broadcast flooding packets in other_client_ports. How did you verify/test it? Run tests.
What is the motivation for this PR? DHCP broadcast flooding was resolved by this PR: sonic-net/sonic-buildimage#18064. Hence interfaces under Vlan would not received broadcast flooding packets. Remove this verification. How did you do it? Removed verification of receiving of DHCP broadcast flooding packets in other_client_ports. How did you verify/test it? Run tests.
Adding rule to ebtables to drop multicast packets in kernel. This was done to address a bug where NS packets were flooding ports with duplicate packets.
Why I did it
ADO: 26395587
Fixes bug where NS packets were flooding ports with duplicate packets
Work item tracking
How I did it
Added ebtables rule to drop multicast packets
How to verify it
before this fix, we saw 2 packets received on the tcpdump port. After this fix, we will only see one coming from the basic forwarding
Which release branch to backport (provide reason below if selected)
Tested branch (Please provide the tested image version)
Description for the changelog
Adding ebtables rule to drop multicast packets.
A picture of a cute animal (not mandatory but encouraged)