-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[acl-loader]: acl-loader integration. #1000
Conversation
Cong! The No. 1000 pull request. |
conflicts? |
acl-loader was inplemented based on translate_acl source code. acl-loader can't be tested with unittest. Same testcases will be covered with testbed tests. - Remove translate_acl utility and tests. - Remove mirror template. - Do not run ACL rules and mirror configuration generators. - Adopt minigraph parser to work with acl-loader.
Enable ACL dynamic config feature.
@@ -77,15 +77,6 @@ def test_ipinip(self): | |||
|
|||
assert filecmp.cmp(sample_output_file, self.output_file) | |||
|
|||
def test_everflow(self): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why are we removing this test? We still need the minigraph parser to be able to generate mirror sessions from minigraph.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will update test
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To work with config DB format
@@ -1,174 +0,0 @@ | |||
#!/usr/bin/env python |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@taoyl-ms , we still need to generate config db acl from the openconfig acl format, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@lguohan ACL loader works with files in openconfig acl format.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@lguohan acl-loader input file example:
https://github.com/Azure/sonic-mgmt/pull/299/files#diff-b72b79c3178d5157ef088fe15870f99e
@@ -1,24 +0,0 @@ | |||
[ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
how are we going to create mirror session in the first place?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It will be created by sonic-cfggen utility. In the same way as ACL table.
Include fix for acl-loader incremental update command.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
I still think we might need some unit test for acl-loader to make sure the parsing logic is correct. Do you think that will be doable in sonic-utilities repo?
@taoyl-ms Yes, it is doable. But we need to bring up redis server in sonic-slave for this. If this is ok I can add unit tests. |
Is it possible to mock it? |
9f6efa0 [port/buffer] introduce a sync mechanism to protect port PG/queue from changes under PFC storm (sonic-net#1143) 823e426 [aclorch] Enable DSCP rules on IPv6 mirror tables (sonic-net#1146) b8745f8 [bitmap_vnet]: Fix removal flow for tunnel route (sonic-net#1139) 03be983 Increase ip2me CIR/CBR for faster in-band file transfers (sonic-net#1000) a4a1d3b [vnet]: Update VNET route table size to 40K for BITMAP implementation (sonic-net#1132) efe142a Fix bug: Wrong condition for mac address (sonic-net#1142) 7bf63a0 [teammgrd]during warm-reboot teamd need to recover system-id from saved lacp-pdu (sonic-net#1003) 8b4cfb6 Cleanup configure.ac from BFN specific code (sonic-net#1133) b931751 [teamsyncd]: Add retry logic in teamsyncd to avoid team handler init failure (sonic-net#854) Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>
9f6efa0 [port/buffer] introduce a sync mechanism to protect port PG/queue from changes under PFC storm (#1143) 823e426 [aclorch] Enable DSCP rules on IPv6 mirror tables (#1146) b8745f8 [bitmap_vnet]: Fix removal flow for tunnel route (#1139) 03be983 Increase ip2me CIR/CBR for faster in-band file transfers (#1000) a4a1d3b [vnet]: Update VNET route table size to 40K for BITMAP implementation (#1132) efe142a Fix bug: Wrong condition for mac address (#1142) 7bf63a0 [teammgrd]during warm-reboot teamd need to recover system-id from saved lacp-pdu (#1003) 8b4cfb6 Cleanup configure.ac from BFN specific code (#1133) b931751 [teamsyncd]: Add retry logic in teamsyncd to avoid team handler init failure (#854) Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>
Enable m_isCombinedMirrorV6Table for BFN platform (#1212) [vnet]: Update VNET route table size to 40K for BITMAP implementation (#1132) Default action for Egress ACL Table not poulated. (#1208) Add/Del lag_name_map item according to lag adding and removing (#1124) Increase ip2me CIR/CBR for faster in-band file transfers (#1000)
Enable m_isCombinedMirrorV6Table for BFN platform (sonic-net#1212) [vnet]: Update VNET route table size to 40K for BITMAP implementation (sonic-net#1132) Default action for Egress ACL Table not poulated. (sonic-net#1208) Add/Del lag_name_map item according to lag adding and removing (sonic-net#1124) Increase ip2me CIR/CBR for faster in-band file transfers (sonic-net#1000)
) Increase incoming packet rate on in-band interfaces to support faster download of large files. SONiC firmware image download over in-band can take a lot of time if the incoming packet rate is limited to 600pps. This, change increases it to 6000pps. Especially when used by Zero Touch Provisioning or by sonic_installer for firmware upgrade over in-band interfaces. Signed-off-by: Rajendra Dendukuri <rajendra.dendukuri@broadcom.com>
Enable m_isCombinedMirrorV6Table for BFN platform (sonic-net#1212) [vnet]: Update VNET route table size to 40K for BITMAP implementation (sonic-net#1132) Default action for Egress ACL Table not poulated. (sonic-net#1208) Add/Del lag_name_map item according to lag adding and removing (sonic-net#1124) Increase ip2me CIR/CBR for faster in-band file transfers (sonic-net#1000)
) Increase incoming packet rate on in-band interfaces to support faster download of large files. SONiC firmware image download over in-band can take a lot of time if the incoming packet rate is limited to 600pps. This, change increases it to 6000pps. Especially when used by Zero Touch Provisioning or by sonic_installer for firmware upgrade over in-band interfaces. Signed-off-by: Rajendra Dendukuri <rajendra.dendukuri@broadcom.com>
``` 57ed180 [configure.ac] implement SAI API version check (sonic-net#1000) 8894dc7 vslib: add support for read-only port capabilities (sonic-net#1038) 42af975 [vslib]: Update packet number of MACsec SA at runtime (sonic-net#1007) ``` Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>
* 48cccb4 2022-06-13 | do not use sai_query_api_version if vendor sai does not support in VendorSai.cpp (sonic-net#1064) (HEAD, origin/master, origin/HEAD) [Guohan Lu] * 9b0f773 2022-06-13 | [vslib]: Fixbug in cleanup MACsec device (sonic-net#1059) [Ze Gan] * cdf9427 2022-06-11 | No sai api version check if vendor sai does not support (sonic-net#1063) (HEAD, origin/master, origin/HEAD) [Guohan Lu] * 3964cf1 2022-06-09 | [counter] Fix port flex counter (sonic-net#1052) [Junhua Zhai] * 2231b7a 2022-06-03 | Purge package sonic-db-cli which depends on libswsscommon (sonic-net#1057) [Qi Luo] * 7aa09b9 2022-06-01 | Set PR diff code coverage threshold to 80% (sonic-net#1039) [Kamil Cudnik] * 66a29bc 2022-05-18 | [syncd] Use vendor SAI instead of direct SAI api (sonic-net#1042) [Kamil Cudnik] * 564bea7 2022-05-18 | [ci] Paralize azure pipeline (sonic-net#1040) [Shilong Liu] * 57ed180 2022-05-17 | [configure.ac] implement SAI API version check (sonic-net#1000) [Stepan Blyshchak] * 8894dc7 2022-05-17 | vslib: add support for read-only port capabilities (sonic-net#1038) [Dante (Kuo-Jung) Su] * 42af975 2022-04-29 | [vslib]: Update packet number of MACsec SA at runtime (sonic-net#1007) [Ze Gan] Signed-off-by: Guohan Lu <lguohan@gmail.com>
b13d7d2 [debian/rules] Fail on script error during package build (sonic-net#1050) 48cccb4 do not use sai_query_api_version if vendor sai does not support in VendorSai.cpp (sonic-net#1064) 9b0f773 [vslib]: Fixbug in cleanup MACsec device (sonic-net#1059) cdf9427 No sai api version check if vendor sai does not support (sonic-net#1063) 3964cf1 [counter] Fix port flex counter (sonic-net#1052) 2231b7a Purge package sonic-db-cli which depends on libswsscommon (sonic-net#1057) 7aa09b9 Set PR diff code coverage threshold to 80% (sonic-net#1039) 66a29bc [syncd] Use vendor SAI instead of direct SAI api (sonic-net#1042) 564bea7 [ci] Paralize azure pipeline (sonic-net#1040) 57ed180 [configure.ac] implement SAI API version check (sonic-net#1000) 8894dc7 vslib: add support for read-only port capabilities (sonic-net#1038) 42af975 [vslib]: Update packet number of MACsec SA at runtime (sonic-net#1007) Signed-off-by: Ze Gan <ganze718@gmail.com>
* 48cccb4 2022-06-13 | do not use sai_query_api_version if vendor sai does not support in VendorSai.cpp (#1064) (HEAD, origin/master, origin/HEAD) [Guohan Lu] * 9b0f773 2022-06-13 | [vslib]: Fixbug in cleanup MACsec device (#1059) [Ze Gan] * cdf9427 2022-06-11 | No sai api version check if vendor sai does not support (#1063) (HEAD, origin/master, origin/HEAD) [Guohan Lu] * 3964cf1 2022-06-09 | [counter] Fix port flex counter (#1052) [Junhua Zhai] * 2231b7a 2022-06-03 | Purge package sonic-db-cli which depends on libswsscommon (#1057) [Qi Luo] * 7aa09b9 2022-06-01 | Set PR diff code coverage threshold to 80% (#1039) [Kamil Cudnik] * 66a29bc 2022-05-18 | [syncd] Use vendor SAI instead of direct SAI api (#1042) [Kamil Cudnik] * 564bea7 2022-05-18 | [ci] Paralize azure pipeline (#1040) [Shilong Liu] * 57ed180 2022-05-17 | [configure.ac] implement SAI API version check (#1000) [Stepan Blyshchak] * 8894dc7 2022-05-17 | vslib: add support for read-only port capabilities (#1038) [Dante (Kuo-Jung) Su] * 42af975 2022-04-29 | [vslib]: Update packet number of MACsec SA at runtime (#1007) [Ze Gan] Signed-off-by: Guohan Lu <lguohan@gmail.com>
Signed-off-by: Stepan Blyschak stepanb@nvidia.com The motivation for this change is described in the proposal sonic-net/SONiC#935 and proposal in SAI opencomputeproject/SAI#1404 NOTE: Requires to update SAI once opencomputeproject/SAI#1404 is in.
acl-loader was inplemented based on translate_acl source code. acl-loader
can't be tested with unittest. Same testcases will be covered with testbed tests.