[BFN] Fixed ipv6 settings for BMC interface #12
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Using SFP refactoring framework in PDDF sfp class * Fixing a typo error
# Why I did it Reduce the disk space taken up during bootup and runtime. # How I did it 1. Remove python package cache from the base image and from the containers. 2. During bootup, if logs are to be stored in memory, then don't create the `var-log.ext4` file just to delete it later during bootup. 3. For the partition containing `/host`, don't reserve any blocks for just the root user. This just makes sure all disk space is available for all users, if needed during upgrades (for example). * Remove pip2 and pip3 caches from some containers Only containers which appeared to have a significant pip cache size are included here. Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com> * Don't create var-log.ext4 if we're storing logs in memory Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com> * Run tune2fs on the device containing /host to not reserve any blocks for just the root user Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
…ocker container (sonic-net#10234) Why I did it Migration of sonic-mgmt codebase from Python 2 to Python 3 How I did it Added scapy dependencies to the env-python3 virtual environment. How to verify it Run test case: py.test --testbed=testbed-t0 --inventory=../ansible/lab --testbed_file=../ansible/testbed.csv --host-pattern=testbed-t0 -- module-path=../ansible/library lldp Signed-off-by: Oleksandr Kozodoi <oleksandrx.kozodoi@intel.com>
#### Why I did it ``` Update submodule sonic-restapi bd97dfe Fix urllib3 CVE-2021-33503 issue (sonic-net#104) f159bfa Upgrade the containers to be based on Debian Buster (sonic-net#103) a1830c1 (origin/201911) Fix OpenAPI spec to be readable by autorest (sonic-net#101) ```
…l values (sonic-net#10108) #### Why I did it Fixing issue sonic-net#9991 The ACL RULE table field ETHER_TYPE can accept both hex as well as decimal values. However yang model didn't allow decimal values. Fixed it to allow decimal values (same pattern as in hex (1536-65535) #### How I did it Updated yang model to handle decimal values #### How to verify it Added UT to verify it.
* Initial pass of EdgeCore platform changes. * Remove libevent dependency from lldpd. * Remove python2 dependencies python3.7 force from platform install script. * Include usbmount support changes. * Add missing 4630 install file. * Update a few file permissions. Add umask line to Makefile. Specify python3.9 in install script. * Misc platform updates: - Add missing fan drawer component to sonic_platform - Remove kernel version specification from Makefile - Update to 4630 utility * - Fix file permissions on source files - Fix compile issue with 4630 driver modules (set_fs, get_fs, no longer supported in kernel 5.10) * Fix missing/extra parens in 4630 util script. * Fix indentation in fanutil.py. * Integrate deltas from Edgecore to ec_platform branch. * Installer update from Edgecore to resolve smbus serial console errors. * Update stable_size for warm boot. * Fix SFP dictionary key to match xcvrd. * - Add missing define in event.py files needed for xcvrd - Fix SFP info dict key for 7xxx switches * 5835 platform file updates including installer and 5835 utility. * 5835 fix for DMAR errors on serial console. * Don't skip starting thermalctld in the pmon container. * Revert several changes that were not related to platform. * Run thermalctld in pmon container. * Don't disable thermalctld in the pmon container. * Fix prints/parens in 7816 install utility. * - Incorporate 7816 changes from Edgecore - Fix 7326 driver file using old kernel function * Update kernel modules to use kernel_read(). * Fix compile errors with 7816 and 7326 driver modules. * Fix some indents preventing platform files from loading. * Update 7816 platform sfp dictionary to match field names in xcvrd. * Add missing service and util files for 7816. * Update file names, etc. based on full SKU for 7816. * Delete pddf files not needed. These were causing conflicts with API2.0 implementation. * Remove pddf files suggested by Edgecore that were preventing API2.0 support from starting. * Install API2.0 file instead of pddf. * Update 7326 mac service file to not use pddf. Fix syntax errors in 7326 utility script. * Fix sonic_platform setup file for 7326. * Fix syntax errors in python scripts. * Updates to 7326 platform files. * Fix some tab errors pulled down from master merge. * Remove pddf files that were added from previous merge. * Updates for 5835. * Fix missing command byte for 5835 psu status. * Fix permission bits on 4630 service files. * Update platforms to use new SFP refactoring. * Fix unused var warnings.
…PIs (sonic-net#10213) Why I did it fan_drawer support was missing in PDDF common platform APIs. This resulted in 'thermalctld' not working and 'show platform fan' and 'show platfomr temperature' commands not working. _thermal_list array inside PSU class was not initialized. Made changes to attach the PSU related thermal sensors in the PSU instance. How I did it Added a common class pddf_fan_drawer.py. This class uses the PDDF JSON to fetch the platform specific data. A platform which uses PDDF would follow the below hierarchy. fan_drawer_base.py ---> pddf_fan_drawer.py ---> fan_drawer.py How to verify it Run the 'show platform fan' and 'show platform temperature' commands and check the o/p. o/p on AS7326: root@sonic:/home/admin# show platform fan s Drawer LED FAN Speed Direction Presence Status Timestamp -------- ----- ---------- ------- ----------- ---------- -------- ----------------- Fantray1 green Fantray1_1 38% EXHAUST Present OK 20220311 04:15:03 Fantray1 green Fantray1_2 38% EXHAUST Present OK 20220311 04:15:03 Fantray2 green Fantray2_1 38% EXHAUST Present OK 20220311 04:15:03 Fantray2 green Fantray2_2 38% EXHAUST Present OK 20220311 04:15:03 Fantray3 green Fantray3_1 38% EXHAUST Present OK 20220311 04:15:03 Fantray3 green Fantray3_2 38% EXHAUST Present OK 20220311 04:15:03 Fantray4 green Fantray4_1 38% EXHAUST Present OK 20220311 04:15:03 Fantray4 green Fantray4_2 38% EXHAUST Present OK 20220311 04:15:03 Fantray5 green Fantray5_1 38% EXHAUST Present OK 20220311 04:15:03 Fantray5 green Fantray5_2 38% EXHAUST Present OK 20220311 04:15:03 Fantray6 green Fantray6_1 38% EXHAUST Present OK 20220311 04:15:03 Fantray6 green Fantray6_2 38% EXHAUST Present OK 20220311 04:15:03 N/A off PSU1_FAN1 0% Present Not OK 20220311 04:15:05 N/A green PSU2_FAN1 34% EXHAUST Present OK 20220311 04:15:05 hroot@sonic:/home/admin# show platform temperature Sensor Temperature High TH Low TH Crit High TH Crit Low TH Warning Timestamp ---------- ------------- --------- -------- -------------- ------------- --------- ----------------- PSU1_TEMP1 0 N/A N/A N/A N/A False 20220311 04:15:05 PSU2_TEMP1 37 N/A N/A N/A N/A False 20220311 04:15:05 TEMP1 37 80.0 N/A N/A N/A False 20220311 04:15:05 TEMP2 27 80.0 N/A N/A N/A False 20220311 04:15:05 TEMP3 28.5 80.0 N/A N/A N/A False 20220311 04:15:05 TEMP4 30.5 80.0 N/A N/A N/A False 20220311 04:15:05 root@sonic:/home/admin# root@sonic:/home/admin# root@sonic:/home/admin# o/p on AS7726: root@as7726-32x-2:~# show platform fan Drawer LED FAN Speed Direction Presence Status Timestamp -------- ----- ---------- ------- ----------- ---------- -------- ----------------- Fantray1 green Fantray1_1 38% EXHAUST Present OK 20220311 08:13:04 Fantray1 green Fantray1_2 38% EXHAUST Present OK 20220311 08:13:04 Fantray2 green Fantray2_1 38% EXHAUST Present OK 20220311 08:13:04 Fantray2 green Fantray2_2 38% EXHAUST Present OK 20220311 08:13:04 Fantray3 green Fantray3_1 38% EXHAUST Present OK 20220311 08:13:04 Fantray3 green Fantray3_2 38% EXHAUST Present OK 20220311 08:13:04 Fantray4 green Fantray4_1 38% EXHAUST Present OK 20220311 08:13:04 Fantray4 green Fantray4_2 38% EXHAUST Present OK 20220311 08:13:04 Fantray5 green Fantray5_1 38% EXHAUST Present OK 20220311 08:13:04 Fantray5 green Fantray5_2 38% EXHAUST Present OK 20220311 08:13:04 Fantray6 green Fantray6_1 38% EXHAUST Present OK 20220311 08:13:04 Fantray6 green Fantray6_2 38% EXHAUST Present OK 20220311 08:13:04 N/A green PSU1_FAN1 23% EXHAUST Present OK 20220311 08:13:04 N/A green PSU2_FAN1 22% EXHAUST Present OK 20220311 08:13:04 root@as7726-32x-2:~# show platform temp Sensor Temperature High TH Low TH Crit High TH Crit Low TH Warning Timestamp ---------- ------------- --------- -------- -------------- ------------- --------- ----------------- PSU1_TEMP1 28 N/A N/A N/A N/A False 20220311 08:13:04 PSU2_TEMP1 25 N/A N/A N/A N/A False 20220311 08:13:04 TEMP1 23.5 80.0 N/A N/A N/A False 20220311 08:13:04 TEMP2 27 80.0 N/A N/A N/A False 20220311 08:13:04 TEMP3 24 80.0 N/A N/A N/A False 20220311 08:13:04 TEMP4 27 80.0 N/A N/A N/A False 20220311 08:13:04 TEMP5 24 80.0 N/A N/A N/A False 20220311 08:13:04
f00efef Longxiang Lyu Wed Mar 16 09:12:46 2022 +0800 Add a command line option to store logs into a separate file (sonic-net#41) ff2e67d Longxiang Lyu Tue Mar 15 09:10:59 2022 +0800 Add default port cable type (sonic-net#39) ebbb4d8 Jing Zhang Mon Mar 14 15:41:11 2022 -0700 Prevent switching MUX to "Unknown" (sonic-net#36) c779b8f Longxiang Lyu Thu Mar 10 21:35:11 2022 +0800 [nonfunctional] Use LinkProberStateMachineBase (sonic-net#38) b9fedd0 Longxiang Lyu Wed Mar 9 13:03:58 2022 +0800 [NONFUNCTIONAL] Add LinkProberStateMachineBase (sonic-net#37) bedd42b Longxiang Lyu Wed Mar 9 10:03:00 2022 +0800 Add .clang-format file to format code (sonic-net#28) 9fe4fc6 Guohan Lu Thu Mar 3 17:51:43 2022 -0800 [doc]: add lgtm badge in README.md c1249d9 Longxiang Lyu Wed Mar 2 18:05:18 2022 +0800 Enable lgtm (sonic-net#33) b8514c6 Longxiang Lyu Wed Mar 2 13:34:39 2022 +0800 Collect port cable type to use corresponding state machine (sonic-net#31) 9b59ef9 Longxiang Lyu Wed Mar 2 07:19:33 2022 +0800 Improve make clean (sonic-net#32)
- Fix i2c bus on crow cpu - Fix exception handling in logs - Improve linecard mgmt interface configuration - Add new PSU models for chassis - Misc fixes
) Update device-specific files for new platform SN2201, including: device/mellanox/x86_64-nvidia_sn2201-r0/ACS-SN2201/buffers_defaults_objects.j2 device/mellanox/x86_64-nvidia_sn2201-r0/ACS-SN2201/hwsku.json device/mellanox/x86_64-nvidia_sn2201-r0/default_sku device/mellanox/x86_64-nvidia_sn2201-r0/pcie.yaml device/mellanox/x86_64-nvidia_sn2201-r0/platform.json device/mellanox/x86_64-nvidia_sn2201-r0/platform_components.json device/mellanox/x86_64-nvidia_sn2201-r0/sensors.conf Signed-off-by: Kebo Liu <kebol@nvidia.com> Co-authored-by: Stephen Sun <stephens@nvidia.com>
…for GRE type (sonic-net#10140) #### Why I did it PR sonic-net/sonic-utilities#1825 added validation for the input of `config mirror session add`, and only decimal value is accepted. An issue sonic-net#10096 was raised to suggest accepting HEX value as well, and the suggestion makes sense to me. To accept HEX value for GRE type, and keep backward compatibility as well, I updated the YANG model to support both decimal and hexadecimal input for GRE type. #### How I did it Update the regex for GRE type. #### How to verify it Verified by UT ``` platform linux -- Python 3.9.2, pytest-6.0.2, py-1.10.0, pluggy-0.13.0 rootdir: /sonic/src/sonic-yang-models plugins: pyfakefs-4.5.4, cov-2.10.1 collected 3 items tests/test_sonic_yang_models.py .. [ 66%] tests/yang_model_tests/test_yang_model.py . [100%] ========================================================================================== 3 passed in 2.53s ========================================================================================== ``` #### Description for the changelog Update YANG model for mirror session to support decimal value for GRE type.
…onic-net#10278) Fix the warning message not printed as expected issue
…invalid voltage value (sonic-net#10231) - Why I did it Fix issue: psu might use wrong voltage sysfs which causes invalid voltage value. The flow is like: 1. User power off a PSU 2. All sysfs files related to this PSU are removed 3. User did a reboot/config reload 4. PSU will use wrong sysfs as voltage node - How I did it Always try find an existing sysfs. - How to verify it Manual test
Updating sonic-utilities sub module with the following commits
b00b870 [build] stop vstest in the Azure pipeline
2c56e92 [GCU] Marking fields under BGP_PEER_RANGE, BGP_MONITORS as create-only
6289987 Fix sonic-installer failure due to missing import
45e6ac1 [show] add support for hwstatus in show muxcable status
93384ed Try get port operational speed from STATE DB
483fc6e [techsupport] Added a lock to avoid running techsupport in parallel
398da58 Validation check correction while adding a member to PortChannel
a8a7edb [generate_dump] exclude mft and mlx folders from /etc
1cf1d03 Fix UT failed cause by change pycommon to use swsscommon
[Build]: Support to set jobFilters
Updating sonic-snmpagent submodule with the following commits
dae8146 [ci]: Support code diff coverage
6bd51c4 Fix: LAG counters, if LAG don't have L3 interface
2654f4a Fix snmp agent Initialize config DB multiple times issue
#### Why I did it
When change pycommon to use swsscommon UT failed in sonic-snmpagent, need submodule update with UT issue fix.
#### How I did it
#### How to verify it
#### Which release branch to backport (provide reason below if selected)
#### Description for the changelog
[ci]: Support code diff coverage
Fix: LAG counters, if LAG don't have L3 interface
Fix snmp agent Initialize config DB multiple times issue
#### A picture of a cute animal (not mandatory but encouraged)
Why I did it Use one debian mirror config. The empty config in https://github.com/Azure/sonic-buildimage/blob/master/files/image_config/apt/sources.list overrides the file https://github.com/Azure/sonic-buildimage/blob/master/files/apt/sources.list.amd64 (armhf/arm64), it does not make sense. All the content in files/image_config/apt is no use, any one wants to add mirror config, please add in files/apt. How I did it Remove files/image_config/apt and the reference.
…c-net#10287) Why I did it support to collect version when purging debian package Support to collect version multiple times How I did it Add the collection action before purging.
On some products the pci enumeration adds randomness into which nic gets initialized first. Because SONiC doesn't use deterministic interface naming but instead old style interface naming, this leads to eth0 not always being the management port. To make sure eth0 is always the management port (SONiC expectation) rename the interfaces in the initramfs for Arista products.
…ic-net#10091) Signed-off-by: mlok <marty.lok@nokia.com>
…ic-net#10276) Why I did it The current code assumes that the value part does not have whitespace. So everything after the whitespace will be ignored. The syseeprom values returned from platform API do not match the output of "show platform syseeprom" on dx010 and e1031 device. How I did it This change improved the regular expression for parsing syseeprom values to accommodate whitespaces in the value. PR 10021 provides the solution, but committed to the wrong place for dx010 and e1031. How to verify it Compile the sonic_platform wheel for dx010, then upload to device and install the wheel, verify the platform eeprom API. Signed-off-by: Eric Zhu <erzhu@celestica.com>
) Why I did it Add CPU thermal control for Nvidia platforms which will be enabled for platforms that have heavy CPU load. Now it is only enabled on 4800, and it will be enabled on future platforms. How I did it Check CPU pack temperature and update cooling level accordingly How to verify it Manual test Added sonic-mgmt test case, PR link will update later
…h which communication takes place between Sonic and openBMC (sonic-net#9941) Why I did it improvement of starting barefoot SDK How I did it restart of the interface for cleaning txquee through which communication takes place between Sonic and openBMC How to verify it run sonic autorestart tests
- Why I did it With the previous MFT 4.18.1-16 there is a bug in mstdump tool accessing wrong address. it is confirmed this issue does not exist in official 4.18.0-106. - How I did it Update the MFT version to 4.18.0-106 - How to verify it Run regression on Mellanox platforms
…nic-net#10224) #### Why I did it To fix sonic-net#9643 #### How I did it Instead of ast.literal_eval added python2 compat code for json strings unicode -> str convertion. We need python2 compatibility since py2 sonic config engine (buster/sonic_config_engine-1.0-py2-none-any.whl target) is still included into the build (ENABLE_PY2_MODULES flag is set for buster). Once we abandon buster and python2, this compat and ast.literal_eval could be cleaned up all through the code base. #### How to verify it run steps from the linked issue
Why I did it [Build]: Fix armhf mirrors not existing issue The mirror endpoint debian-archive.trafficmanager.net does not support armhf, change to use deb.debian.org and security.debian.org.
before: [ finished ] target/docker-base-buster.gz after: [ cached ] target/docker-base-buster.gz
…ANE ACLs (sonic-net#10248) #### Why I did it Fixes sonic-net/sonic-utilities#2049 from caclmgr: - PRIORITY is a required field [code](https://github.com/Azure/sonic-buildimage/blob/3fa18d18d4c06fe38164ebfefdc3187820fc7496/src/sonic-host-services/scripts/caclmgrd#L548) - PACKET_ACTION is a required field [code](https://github.com/Azure/sonic-buildimage/blob/3fa18d18d4c06fe38164ebfefdc3187820fc7496/src/sonic-host-services/scripts/caclmgrd#L581) I think PRIORITY is a required field for ACLs not only CTRLPLANE ACLs #### How I did it Check code. #### How to verify it Unit-test #### Which release branch to backport (provide reason below if selected) <!-- - Note we only backport fixes to a release branch, *not* features! - Please also provide a reason for the backporting below. - e.g. - [x] 202006 --> - [ ] 201811 - [ ] 201911 - [ ] 202006 - [ ] 202012 - [ ] 202106 - [ ] 202111 #### Description for the changelog <!-- Write a short (one line) summary that describes the changes in this pull request for inclusion in the changelog: --> #### Link to config_db schema for YANG module changes <!-- Provide a link to config_db schema for the table for which YANG model is defined Link should point to correct section on https://github.com/Azure/SONiC/wiki/Configuration. --> #### A picture of a cute animal (not mandatory but encouraged)
Signed-off-by: Ze Gan <ganze718@gmail.com> Existing pools cannot test MACsec scenario, So I add sonictest-sonic-t0 pool that can run MACsec testcases.
Why I did it To upgrade SSD firmware in initramfs while rebooting from SONiC to SONiC and during NOS to SONiC migration. How I did it New option 'ssd-upgrader-part’ is introduced in grub command line, to indicate the partition and its filesystem type in which the SSD firmware updater is present. ‘ssd-upgrader-part’ syntax is ssd-upgrader-part=<partition>,<filesystem type>. Example: ssd-upgrader-part=/dev/sda8,ext4 A new initramfs script ‘ssd-upgrade’ is included in init-premount and it invokes the SSD firmware updater (ssd-fw-upgrade) present in the partition indicated by the boot option 'ssd-upgrader-part' How to verify it In SONiC, the SSD firmware updater is copied to “/host/” directory. Fast-reboot is to be initiated with the ‘-u’ option ([scripts/fast-reboot] Add option to include ssd-upgrader-part boot option with SONiC partition sonic-utilities#2150) After reboot, while booting into SONiC the SSD firmware updater will be executed in initramfs.
…are status' (sonic-net#10493) Why I did it To include ONIE version in show platform firmware status command output in DellEMC S6100 and Z9332f platforms. How I did it Include ‘ONIE’ in the list of components provided by platform APIs in DellEMC S6100 and Z9332f. Unmount ONIE-BOOT if mounted using fast/soft/warm-reboot plugins in DellEMC S6100.
Why I did it Fixes sonic-net#10793 How I did it Removed the switch_type validation from the Yang model. How to verify it compile sonic_yang_mgmt-1.0-py3-none-any.whl and sonic_yang_mgmt-1.0-py3-none-any.whl Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
…onic-net#10806) - Why I did it Platform_reboot files for simx doesn't do aything different apart from calling /sbin/reboot. which is anyway done in the /usr/local/bin/reboot script i.e. the parent script which calls the platform specific reboot scripts if present. Moreover, /sbin/reboot invoked in the platform specific reboot script is a non-blocking call and thus it returns back to the original script (although /sbin/reboot does it job in the background) and we see messages like this. Signed-off-by: Vivek Reddy Karri <vkarri@nvidia.com>
…net#10792) Why I did it Previous subport unit tests uses port channel names like PortChannel01, so for subport name generated PortChannel01.10, it exceeds Linux network interface name 15 char limit. Signed-off-by: Longxiang Lyu lolv@microsoft.com How I did it Modify PortChannel01 to PortChannel1.
This is part of HLD sonic-net/SONiC#925 #### Why I did it Add link-training support #### How I did it Update SONiC YANG for port link-training support #### Description for the changelog Add "link_training" to sonic-port.yang #### Link to config_db schema for YANG module changes https://github.com/sonic-net/SONiC/wiki/Configuration#port
…to storage (sonic-net#10820) Why I did it Support to trigger a pipeline to download and publish artifacts to storage and container registry. Support to specify the patterns which docker images to upload. How I did it Pass the pipeline information and the artifact information by pipeline parameters to the pipeline which will be triggered a new build. It is to decouple the artifacts generation and the publish logic, how and where the artifacts/docker images will be published, depends on the triggered pipeline. How to verify it
Why I did it Config db schema generated by minigraph should run yang validation. How I did it Modify run_script to add yang validation. How to verify it Run sonic-config-engine unit test. Signed-off-by: Gang Lv ganglv@microsoft.com
* [swss]: Convert swss docker to bullseye Signed-off-by: Lawrence Lee <lawlee@microsoft.com>
… file removal issue (sonic-net#10751)" (sonic-net#10849) This reverts commit dee7655. Co-authored-by: Ubuntu <lizhuhua@lh-dev-vm-01.ziurp3vhri5utcxng1kcl2l1qa.xx.internal.cloudapp.net>
Apply scapy fix (secdev/scapy#3240) since it is not available in release yet Signed-off-by: Lawrence Lee <lawlee@microsoft.com>
Why I did it https://github.com/Azure/SONiC/blob/master/doc/vxlan/Overlay%20ECMP%20with%20BFD.md From the design, need to advertise the route with community string, the PR is to implement this. How I did it To use the route-map as the profile for the community string, all advertised routes can be associated with one route-map. Add one file, mangers_rm.py, which is to add/update/del the route-map. Modified the managers_advertise_rt.py file to associate profile with IP route. The route-map usage is very flexible, by this PR, we only support one fixed usage to add community string for route to simplify this design. How to verify it Implement new unit tests for mangers_rm.py and updated unit test for managers_advertise_rt.py. Manually verified the test case in the test plan section, will add testcase in sonic-mgmt later. sonic-net/sonic-mgmt#5581
#### Why I did it
To provide MACsec config and show CLI for manipulating MACsec
#### How I did it
Add `config macsec` and `show macsec`.
#### How to verify it
This PR includes unittest for MACsec CLI, check Azp status.
- Add MACsec profile
```
admin@sonic:~$ sudo config macsec profile add --help
Usage: config macsec profile add [OPTIONS] <profile_name>
Add MACsec profile
Options:
--priority <priority> For Key server election. In 0-255 range with
0 being the highest priority. [default:
255]
--cipher_suite <cipher_suite> The cipher suite for MACsec. [default: GCM-
AES-128]
--primary_cak <primary_cak> Primary Connectivity Association Key.
[required]
--primary_ckn <primary_cak> Primary CAK Name. [required]
--policy <policy> MACsec policy. INTEGRITY_ONLY: All traffic,
except EAPOL, will be converted to MACsec
packets without encryption. SECURITY: All
traffic, except EAPOL, will be encrypted by
SecY. [default: security]
--enable_replay_protect / --disable_replay_protect
Whether enable replay protect. [default:
False]
--replay_window <enable_replay_protect>
Replay window size that is the number of
packets that could be out of order. This
field works only if ENABLE_REPLAY_PROTECT is
true. [default: 0]
--send_sci / --no_send_sci Send SCI in SecTAG field of MACsec header.
[default: True]
--rekey_period <rekey_period> The period of proactively refresh (Unit
second). [default: 0]
-?, -h, --help Show this message and exit.
```
- Delete MACsec profile
```
admin@sonic:~$ sudo config macsec profile del --help
Usage: config macsec profile del [OPTIONS] <profile_name>
Delete MACsec profile
Options:
-?, -h, --help Show this message and exit.
```
- Enable MACsec on the port
```
admin@sonic:~$ sudo config macsec port add --help
Usage: config macsec port add [OPTIONS] <port_name> <profile_name>
Add MACsec port
Options:
-?, -h, --help Show this message and exit.
```
- Disable MACsec on the port
```
admin@sonic:~$ sudo config macsec port del --help
Usage: config macsec port del [OPTIONS] <port_name>
Delete MACsec port
Options:
-?, -h, --help Show this message and exit.
```
Show MACsec
```
MACsec port(Ethernet0)
--------------------- -----------
cipher_suite GCM-AES-256
enable true
enable_encrypt true
enable_protect true
enable_replay_protect false
replay_window 0
send_sci true
--------------------- -----------
MACsec Egress SC (5254008f4f1c0001)
----------- -
encoding_an 2
----------- -
MACsec Egress SA (1)
------------------------------------- ----------------------------------------------------------------
auth_key 849B69D363E2B0AA154BEBBD7C1D9487
next_pn 1
sak AE8C9BB36EA44B60375E84BC8E778596289E79240FDFA6D7BA33D3518E705A5E
salt 000000000000000000000000
ssci 0
SAI_MACSEC_SA_ATTR_CURRENT_XPN 179
SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0
SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0
SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED 0
SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED 0
------------------------------------- ----------------------------------------------------------------
MACsec Egress SA (2)
------------------------------------- ----------------------------------------------------------------
auth_key 5A8B8912139551D3678B43DD0F10FFA5
next_pn 1
sak 7F2651140F12C434F782EF9AD7791EE2CFE2BF315A568A48785E35FC803C9DB6
salt 000000000000000000000000
ssci 0
SAI_MACSEC_SA_ATTR_CURRENT_XPN 87185
SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0
SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0
SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED 0
SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED 0
------------------------------------- ----------------------------------------------------------------
MACsec Ingress SC (525400edac5b0001)
MACsec Ingress SA (1)
--------------------------------------- ----------------------------------------------------------------
active true
auth_key 849B69D363E2B0AA154BEBBD7C1D9487
lowest_acceptable_pn 1
sak AE8C9BB36EA44B60375E84BC8E778596289E79240FDFA6D7BA33D3518E705A5E
salt 000000000000000000000000
ssci 0
SAI_MACSEC_SA_ATTR_CURRENT_XPN 103
SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED 0
SAI_MACSEC_SA_STAT_IN_PKTS_INVALID 0
SAI_MACSEC_SA_STAT_IN_PKTS_LATE 0
SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA 0
SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID 0
SAI_MACSEC_SA_STAT_IN_PKTS_OK 0
SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED 0
SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA 0
SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0
SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0
--------------------------------------- ----------------------------------------------------------------
MACsec Ingress SA (2)
--------------------------------------- ----------------------------------------------------------------
active true
auth_key 5A8B8912139551D3678B43DD0F10FFA5
lowest_acceptable_pn 1
sak 7F2651140F12C434F782EF9AD7791EE2CFE2BF315A568A48785E35FC803C9DB6
salt 000000000000000000000000
ssci 0
SAI_MACSEC_SA_ATTR_CURRENT_XPN 91824
SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED 0
SAI_MACSEC_SA_STAT_IN_PKTS_INVALID 0
SAI_MACSEC_SA_STAT_IN_PKTS_LATE 0
SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA 0
SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID 0
SAI_MACSEC_SA_STAT_IN_PKTS_OK 0
SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED 0
SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA 0
SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0
SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0
--------------------------------------- ----------------------------------------------------------------
MACsec port(Ethernet1)
--------------------- -----------
cipher_suite GCM-AES-256
enable true
enable_encrypt true
enable_protect true
enable_replay_protect false
replay_window 0
send_sci true
--------------------- -----------
MACsec Egress SC (5254008f4f1c0001)
----------- -
encoding_an 1
----------- -
MACsec Egress SA (1)
------------------------------------- ----------------------------------------------------------------
auth_key 35FC8F2C81BCA28A95845A4D2A1EE6EF
next_pn 1
sak 1EC8572B75A840BA6B3833DC550C620D2C65BBDDAD372D27A1DFEB0CD786671B
salt 000000000000000000000000
ssci 0
SAI_MACSEC_SA_ATTR_CURRENT_XPN 4809
SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0
SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0
SAI_MACSEC_SA_STAT_OUT_PKTS_ENCRYPTED 0
SAI_MACSEC_SA_STAT_OUT_PKTS_PROTECTED 0
------------------------------------- ----------------------------------------------------------------
MACsec Ingress SC (525400edac5b0001)
MACsec Ingress SA (1)
--------------------------------------- ----------------------------------------------------------------
active true
auth_key 35FC8F2C81BCA28A95845A4D2A1EE6EF
lowest_acceptable_pn 1
sak 1EC8572B75A840BA6B3833DC550C620D2C65BBDDAD372D27A1DFEB0CD786671B
salt 000000000000000000000000
ssci 0
SAI_MACSEC_SA_ATTR_CURRENT_XPN 5033
SAI_MACSEC_SA_STAT_IN_PKTS_DELAYED 0
SAI_MACSEC_SA_STAT_IN_PKTS_INVALID 0
SAI_MACSEC_SA_STAT_IN_PKTS_LATE 0
SAI_MACSEC_SA_STAT_IN_PKTS_NOT_USING_SA 0
SAI_MACSEC_SA_STAT_IN_PKTS_NOT_VALID 0
SAI_MACSEC_SA_STAT_IN_PKTS_OK 0
SAI_MACSEC_SA_STAT_IN_PKTS_UNCHECKED 0
SAI_MACSEC_SA_STAT_IN_PKTS_UNUSED_SA 0
SAI_MACSEC_SA_STAT_OCTETS_ENCRYPTED 0
SAI_MACSEC_SA_STAT_OCTETS_PROTECTED 0
--------------------------------------- ----------------------------------------------------------------
```
…essage (sonic-net#10779) - Why I did it Script fails when there is an exception while reading - How I did it Add more logs and checks. Fix wrong variable naming and messages. - How to verify it Provoke exception while read_eeprom() and check that it is handled properly
…sonic-net#10842) Signed-off-by: Ze Gan <ganze718@gmail.com>
Updated libsaibcm to fix libsaithrift compile issue on BRCM image
…10595) Signed-off-by: mlok <marty.lok@nokia.com>
…setting tag (sonic-net#10731) What I did: Added support to create route-map action set tag <user define value> when the the allow prefix list matches. The tag can ben define by user in constants.yml. Why I did: Since for Allow List feature we call from base route-map allow-list route-map having set tag option provides way for base route-map to do match tag and take any further action if needed. Adding tag provide metadata that can used by base route-map
…ic-net#10847) Why I did it It is not necessary to trigger the publish pipeline when build is failed. How I did it Remove the condition in the azp task, change to use template condition.
Why I did it At present, there is no mechanism in an event driven model to know that the system is up with all the essential sonic services and also, all the docker apps are ready along with port ready status to start the network traffic. With the asynchronous architecture of SONiC, we will not be able to verify if the config has been applied all the way down to the HW. But we can get the closest up status of each app and arrive at the system readiness. How I did it A new python based system monitor tool is introduced under system-health framework to monitor all the essential system host services including docker wrapper services on an event based model and declare the system is ready. This framework gives provision for docker apps to notify its closest up status. CLIs are provided to fetch the current system status and also service running status and its app ready status along with failure reason if any. How to verify it "show system-health sysready-status" click CLI Syslogs for system ready
Add support for WolverineQCpu, WolverineQCpuMs, WolverineQCpuBk, WolverineQCpuBkMs Co-authored-by: Maxime Lorrillere <mlorrillere@arista.com>
* [ci] Add arm artifacts in common lib azure pipeline
taras-keryk
force-pushed
the
tkeryk/bmc_iface_setts4
branch
from
d7045a6
to
eb4e8b8
Compare
Signed-off-by: Taras Keryk <tarasx.keryk@intel.com>
taras-keryk
force-pushed
the
tkeryk/bmc_iface_setts4
branch
from
eb4e8b8
to
e3866df
Compare
Signed-off-by: Taras Keryk <tarasx.keryk@intel.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Signed-off-by: Taras Keryk tarasx.keryk@intel.com
Why I did it
In some situations, the connection to the BMC may be lost when the ipv6 settings differ on the BMC and CPU (SONiC) sides
How I did it
I changed ipv6 neighbor base_reachable_time_ms on the CPU (SONiC). Currently, base_reachable_time_ms on the CPU and BMC sides will be the same.
How to verify it
Which release branch to backport (provide reason below if selected)
Description for the changelog
Link to config_db schema for YANG module changes
A picture of a cute animal (not mandatory but encouraged)