Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle minigraph.xml "OutAcl" keyword and support Acl on VlanInterface #3433

Closed
wants to merge 3 commits into from
Closed

Handle minigraph.xml "OutAcl" keyword and support Acl on VlanInterface #3433

wants to merge 3 commits into from

Conversation

rameshsanth
Copy link

- What I did
Parse OutAcl keyword. Config now adds "stage" keyword to generated config with Ingress for InAcl and egress for OutAcl
Also allow Vlan interfaces on Acl configuration

- How I did it
Updated minigraph.py in sonic-config-engine as well as associated test scripts

- How to verify it
Added below section in minigraph.xml and successfully parse it
<AclInterfaces> <AclInterface><ElementType>DataAcl</ElementType><Name i:nil="true"/><AttachTo>Vlan101</AttachTo><OutAcl>v4-A-Out</OutAcl><Type>DataPlane</Type><File i:nil="true"/></AclInterface> <AclInterface><ElementType>DataAcl</ElementType><Name i:nil="true"/><AttachTo>Vlan101</AttachTo><OutAcl>v6-A-Out</OutAcl><Type>DataPlane</Type><File i:nil="true"/></AclInterface> <AclInterface><ElementType>DataAcl</ElementType><Name i:nil="true"/><AttachTo>Vlan102</AttachTo><OutAcl>v4-b-Out</OutAcl><Type>DataPlane</Type><File i:nil="true"/></AclInterface> <AclInterface><ElementType>DataAcl</ElementType><Name i:nil="true"/><AttachTo>Vlan102</AttachTo><OutAcl>v6-b-Out</OutAcl><Type>DataPlane</Type><File i:nil="true"/></AclInterface> <AclInterface><ElementType>DataAcl</ElementType><Name i:nil="true"/><AttachTo>VTY_LINE</AttachTo><InAcl>ipv6-ssh-only</InAcl><Type>SSH</Type><File i:nil="true"/></AclInterface> </AclInterfaces>

/usr/local/bin/sonic-cfggen -H -m minigraph.xml -j /etc/sonic/init_cfg.json --print-data "ACL_TABLE": { "v4-b-Out": { "policy_desc": "v4-b-Out", "ports": [ "Vlan102" ], "stage": "egress", "type": "L3" }, "v6-b-Out": { "policy_desc": "v6-b-Out", "ports": [ "Vlan102" ], "stage": "egress", "type": "L3" }, "v4-A-out": { "policy_desc": "v4-A-out", "ports": [ "Vlan101" ], "stage": "egress", "type": "L3" }, "v6-A-out": { "policy_desc": "v6-A-out", "ports": [ "Vlan101" ], "stage": "egress", "type": "L3" },
- Description for the changelog

Handle "OutAcl" keyword in minigraph.xml for egress ACLs. Support Vlan interfaces for ACL configuration.

- A picture of a cute animal (not mandatory but encouraged)

@msftclas
Copy link

CLA assistant check
Thank you for your submission, we really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

❌ rameshsanth sign now
You have signed the CLA already but the status is still pending? Let us recheck it.

mssonicbld added a commit that referenced this pull request Sep 12, 2024
@mssonicbld
[submodule] Update submodule sonic-utilities to the latest HEAD autom…
8e3eee6 
…atically (#20236)

#### Why I did it
src/sonic-utilities
```
* da63e5b2 - (HEAD -> 202311, origin/202311) [sfputil] Configure the debug loopback mode only on the relevant lanes of the logical port (#3485) (59 minutes ago) [Xinyu Lin]
* b3ed805a - sonic-installer: enhance next image detection for Aboot (#3433) (19 hours ago) [Samuel Angebault]
```
#### How I did it
#### How to verify it
#### Description for the changelog
mssonicbld added a commit that referenced this pull request Sep 12, 2024
@mssonicbld
[submodule] Update submodule sonic-utilities to the latest HEAD autom…
0ed2e4f 
…atically (#20239)

#### Why I did it
src/sonic-utilities
```
* 59dbdc2f - (HEAD -> 202405, origin/202405) sonic-installer: enhance next image detection for Aboot (#3433) (19 hours ago) [Samuel Angebault]
```
#### How I did it
#### How to verify it
#### Description for the changelog
mssonicbld added a commit that referenced this pull request Sep 14, 2024
@mssonicbld
[submodule] Update submodule sonic-utilities to the latest HEAD autom…
35e87a6 
…atically (#20240)

#### Why I did it
src/sonic-utilities
```
* 2cb8cc65 - (HEAD -> master, origin/master, origin/HEAD) [sfputil] Configure the debug loopback mode only on the relevant lanes of the logical port (#3485) (2 days ago) [Xinyu Lin]
* 1aac5e2c - [VoQ chassis] : Script to debug packet drops (#3536) (2 days ago) [Vineet Mittal]
* ad5b0c0a - [Mellanox] Add SPC5 to generic config updater file (#3542) (3 days ago) [noaOrMlnx]
* 8fa076d2 - sonic-installer: enhance next image detection for Aboot (#3433) (3 days ago) [Samuel Angebault]
```
#### How I did it
#### How to verify it
#### Description for the changelog
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rameshsanth @msftclas @rameshms-work