Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[backend] Update backend acl template and unit tests #18659

Merged
merged 1 commit into from
Apr 15, 2024
Merged

[backend] Update backend acl template and unit tests #18659

merged 1 commit into from
Apr 15, 2024

Conversation

neethajohn
Copy link
Contributor

@neethajohn neethajohn commented Apr 11, 2024
edited
Loading

Why I did it

Backend acl load is failing since IN_PORTS qualifier is no longer supported. Changing the template to match only on vlan since the only the vlan ports are bound to the DATAACL for backend (https://github.com/sonic-net/sonic-buildimage/blob/master/src/sonic-config-engine/minigraph.py#L1346)

Work item tracking
  • Microsoft ADO: 27172619

How to verify it

Unit test to validate the template rendering
Tested on 202305 branch. Acl loaded successfully after this change.

admin@str2-7050qx-32s-acs-02:~$ sudo systemctl restart backend-acl.service 
admin@str2-7050qx-32s-acs-02:/usr/share/sonic/templates$ show acl rule
Table    Rule          Priority    Action    Match             Status
-------  ------------  ----------  --------  ----------------  --------
DATAACL  RULE_1        9999        FORWARD   ETHER_TYPE: 2048  Active
                                             VLAN_ID: 1000
DATAACL  RULE_2        9998        FORWARD   ETHER_TYPE: 2048  Active
                                             VLAN_ID: 1100
DATAACL  DEFAULT_RULE  1           DROP      ETHER_TYPE: 2048  Active

Cannot test on internal branch since the slim image is too big to load on 7050qx and this change is only applicable to 7050qx.

Which release branch to backport (provide reason below if selected)

  • 201811
  • 201911
  • 202006
  • 202012
  • 202106
  • 202111
  • 202205
  • 202211
  • 202305

Tested branch (Please provide the tested image version)

20230531.24 with the patch

@neethajohn neethajohn marked this pull request as ready for review April 12, 2024 16:39
@neethajohn neethajohn requested a review from lguohan as a code owner April 12, 2024 16:39
@bingwang-ms bingwang-ms self-requested a review April 12, 2024 21:54
@bingwang-ms
Copy link
Contributor

I noticed there are two vlans in some Backend T0 devices. The change may break this scenario.

~$ show acl rule DATAACL
Table    Rule                Priority    Action    Match
-------  ------------------  ----------  --------  ---------------------------------------------------------------------------
DATAACL  RULE_1              9999        FORWARD   ETHER_TYPE: 2048
                                                   IN_PORTS: Ethernet32,Ethernet36,Ethernet40,Ethernet44,Ethernet48,Ethernet52
                                                   VLAN_ID: 1008
DATAACL  RULE_2              9998        FORWARD   ETHER_TYPE: 2048
                                                   IN_PORTS: Ethernet12,Ethernet16,Ethernet8
                                                   VLAN_ID: 1108
DATAACL  DEFAULT_RULE        1           DROP      ETHER_TYPE: 2048

@bingwang-ms
Copy link
Contributor

bingwang-ms commented Apr 12, 2024
edited
Loading

Discussed offline, the behavior is not changed even in two-vlan scenario. In two-vlan scenario, the packets with both vlan_ids are accepted, but it will be dropped on the ports with different VLAN_ID.

@neethajohn
Copy link
Contributor Author

@yxieca , please help merge

@yxieca yxieca merged commit 81d0b16 into sonic-net:master Apr 15, 2024
19 checks passed
mssonicbld pushed a commit to mssonicbld/sonic-buildimage that referenced this pull request Apr 15, 2024
@neethajohn @mssonicbld
Update backend acl template and unit tests (sonic-net#18659)
fe91dd5 
Signed-off-by: Neetha John <[email protected]>
@mssonicbld mssonicbld mentioned this pull request Apr 15, 2024
Merged
@mssonicbld
Copy link
Collaborator

Cherry-pick PR to 202311: #18685

mssonicbld pushed a commit to mssonicbld/sonic-buildimage that referenced this pull request Apr 15, 2024
@neethajohn @mssonicbld
Update backend acl template and unit tests (sonic-net#18659)
e99b024 
Signed-off-by: Neetha John <[email protected]>
@mssonicbld mssonicbld mentioned this pull request Apr 15, 2024
Merged
@mssonicbld
Copy link
Collaborator

Cherry-pick PR to 202305: #18686

mssonicbld pushed a commit that referenced this pull request Apr 15, 2024
@neethajohn @mssonicbld
Update backend acl template and unit tests (#18659)
e0f8753 
Signed-off-by: Neetha John <[email protected]>
mssonicbld pushed a commit that referenced this pull request Apr 15, 2024
@neethajohn @mssonicbld
Update backend acl template and unit tests (#18659)
d56e64b 
Signed-off-by: Neetha John <[email protected]>
@neethajohn neethajohn mentioned this pull request Apr 18, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bingwang-ms bingwang-ms bingwang-ms approved these changes

@prsunny prsunny prsunny approved these changes

@lguohan lguohan Awaiting requested review from lguohan lguohan is a code owner

Assignees
No one assigned
Labels
Approved for 202305 Branch Approved for 202311 Branch Included in 202305 Branch Included in 202311 Branch Request for 202305 Branch Request for 202311 Branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@neethajohn @bingwang-ms @mssonicbld @prsunny @yxieca