Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added support for EVPN L3 VXLAN as described in the PR Azure/SONiC#437 #1267

Merged
merged 9 commits into from
Dec 18, 2020

Conversation

tapashdas
Copy link
Contributor

@tapashdas tapashdas commented Apr 21, 2020

Added support for EVPN L3 VXLAN as described in the PR sonic-net/SONiC#437

What I did
VRFMgr Changes to update VRF VNI Map information and notify VRFOrch.
Neighbor Orch changes to Add and Remove Tunnel Nexthops.
Nexthop Key changes to accommodate VNI and Router MAC.
Route Orch changes to Add and Remove Overlay routes, Create and Delete Overlay Nexthops.
Port Orch changes to bring Up / Down Router Interface (IRB Vlan interface) on VRF - VNI Bind / Unbind.

Signed-off-by: Tapash Das tapash.das@broadcom.com

Why I did it

How I verified it

Details if related

@tapashdas tapashdas marked this pull request as ready for review June 24, 2020 07:43
Copy link
Collaborator

@prsunny prsunny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As a general comment, almost all the logs are in NOTICE level and seems to be for debugging. Kindly change it to INFO or DEBUG levels to avoid cluttering the syslog.

cfgmgr/vrfmgr.h Outdated
void doTask(Consumer &consumer);

std::map<std::string, uint32_t> m_vrfTableMap;
std::set<uint32_t> m_freeTables;
VRFNameVNIMapTable vrf_vni_map_table_;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please follow the same naming convention as in the rest of the class

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok. Will do.

cfgmgr/vrfmgr.h Outdated
class VrfMgr : public Orch
{
public:
VrfMgr(DBConnector *cfgDb, DBConnector *appDb, DBConnector *stateDb, const std::vector<std::string> &tableNames);
using Orch::doTask;
std::string m_evpnVxlanTunnel;

uint32_t getVRFmappedVNI(const std::string& vrf_name) const
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please have {} for if/else and move this to .cpp file

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok. will do.

}
}

if(m_evpnVxlanTunnel.empty()) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please open { in new line. Also for the rest of the if in this PR

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok. will do.


old_vni = getVRFmappedVNI(vrf_name);
SWSS_LOG_NOTICE("VRF VNI map update vrf %s, vni %d, old_vni %d", vrf_name.c_str(), vni, old_vni);
if (vni != old_vni)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So what triggers this value change? VRF_TABLE is part of config_db right? so is this some user config that they change the vni value?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. VRF VNI Map is stored in CONFIG DB VRF_TABLE, This takes care of scenario if VRF VNI mapping is changed.

SWSS_LOG_ENTER();
string key;

if(m_evpnVxlanTunnel.empty()) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

space after if

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok. will do.

@@ -1021,7 +1147,7 @@ bool RouteOrch::addRoute(sai_object_id_t vrf_id, const IpPrefix &ipPrefix, const

/* Increase the ref_count for the next hop (group) entry */
increaseNextHopRefCount(nextHops);
SWSS_LOG_INFO("Create route %s with next hop(s) %s",
SWSS_LOG_NOTICE("Create route %s with next hop(s) %s",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please change this to INFO

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok. Will do.

}
SWSS_LOG_INFO("Set route %s with next hop(s) %s",
SWSS_LOG_NOTICE("Set route %s with next hop(s) %s",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please change this to INFO

Copy link
Contributor Author

@tapashdas tapashdas Oct 9, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok. Will do.

EvpnNvoOrch* evpn_orch = gDirectory.get<EvpnNvoOrch*>();
VxlanTunnelOrch* tunnel_orch = gDirectory.get<VxlanTunnelOrch*>();
bool status = false;
int ip_refcnt = -2;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this initialized to -2? Can we have it as 0?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok. Will do. Used it for debug purpose.

bool status = false;
int ip_refcnt = -2;

SWSS_LOG_NOTICE("Routeorch Add Remote VTEP %s, VNI %d, VR_ID %lx",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You could remove this log as it is same as one below

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok. Will do.


SWSS_LOG_NOTICE("Routeorch Add Remote VTEP %s, VNI %d, VR_ID %lx",
nextHop.ip_address.to_string().c_str(), nextHop.vni, vrf_id);
status = tunnel_orch->addTunnelUser(nextHop.ip_address.to_string(), nextHop.vni, 0, TNL_SRC_IP, vrf_id);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where is TNL_SRC_IP defined?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is defined in PR 1264.
https://github.com/Azure/sonic-swss/pull/1264/files : orchagent/vxlanorch.h

m_appVnetTableProducer.set(vrfName, kfvFieldsValues(t));
if (!setLink(vrfName))
{
SWSS_LOG_ERROR("Failed to create vrf netdev %s", vrfName.c_str());

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How would we recover from Vrf creation failures?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is existing vrfmgr code in base/master branch. Not changed due to EVPN changes. Need to address this separately.

m_evpnVxlanTunnel = "";
}

SWSS_LOG_NOTICE("Removed evpn nvo tunnel %s", m_evpnVxlanTunnel.c_str());

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If m_evpnVxlanTunnel is empty, this log wouldnt print anything.

If m_evpnVxlanTunnel is not empty
m_evpnVxlanTunnel will be empty after m_evpnVxlanTunnel = "";

Finally this log wouldnt print anything for m_evpnVxlanTunnel ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok. Will update.


}

if ((vni == 0) && add)

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What will be this case, where VNI is 0 and is still an 'add' condition?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is to take care of the scenario when VRF is configured but VRF to VNI Mapping is not configured.

}

SWSS_LOG_NOTICE("VRF VNI map update vrf %s, s_vni %s, add %d", vrf_name.c_str(), s_vni.c_str(), add);
doVrfVxlanTableUpdate(vrf_name, s_vni, add);

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There could be VNIs which are only mapped to VLANs but not VRFs. How do we make sure that, we are using unique VNIs here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

VNI can be both L2 + L3. For the case where Vlan associated with VNI is tenant Vlan as well.
So L3 VNI need not be unique.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Didnt quite understand this. An L2 VNI between 2 leafs for a given Tenant, could also be a L3 VNI for different Tenant?
My understanding is that, either L2 or L3 VNI, they have to be unique in a given system.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

VLAN-X +VNI-X -- L2 VXLAN
VLAN-Y + VNI-Y + VRF-Y -- L3 VXLAN (for TYPE-5)
Where do we verify if VNI-X and VNI-Y are not overlapping?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently it is taken care in CLI Validation.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tapashdas If the configuration is done directly in config_db, we would need to check the validity of the global VLAN/VRF-->VNI mapping. It will be better to maintain or validate global vlan/vrf<-->VNI mapping in the cfgmgr.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tapashdas In vxlanmgr.cpp, if the vni is already mapped to a vlan, mapper entry is rejected. But here the mapping entry is updated. Can we reject the config similar to vxlanmgr?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok. Will do.

@prvattem
Copy link

Type-5 routes are applicable only for non-default VRF Tenants right? Could you please let me know, where do we block this for default VRF?

@prvattem
Copy link

For remote Type-5 Prefixes, the routes need to be programmed with ONLINK attribute right? Are those changes, part of this pull request? or please point me to that PR, if that is different.

@prvattem
Copy link

Are local Static Route Prefixes supported?

@tapashdas
Copy link
Contributor Author

Are local Static Route Prefixes supported?

No. Static route over tunnel is currently not supported. This is EVPN L3 VXLAN PR so out of scope of this PR.

@tapashdas
Copy link
Contributor Author

Type-5 routes are applicable only for non-default VRF Tenants right? Could you please let me know, where do we block this for default VRF?

Yes Type-5 routes are applicable only for non-default VRF. FRR will update APP DB route table only for non-default VRF.

@kishorekunal01
Copy link
Contributor

For remote Type-5 Prefixes, the routes need to be programmed with ONLINK attribute right? Are those changes, part of this pull request? or please point me to that PR, if that is different.

ONLINK is programmed only in the Kernel not in the hardware. Hardware is programed with VLAN, VNI, RMAC with the prefix.

@prvattem
Copy link

For remote Type-5 Prefixes, the routes need to be programmed with ONLINK attribute right? Are those changes, part of this pull request? or please point me to that PR, if that is different.

ONLINK is programmed only in the Kernel not in the hardware. Hardware is programed with VLAN, VNI, RMAC with the prefix.

I understand that it is programmed in Kernel. What I was asking is, to point me to the PR where it is done.

@prvattem
Copy link

Are local Static Route Prefixes supported?

No. Static route over tunnel is currently not supported. This is EVPN L3 VXLAN PR so out of scope of this PR.

If it is not currently supported, I agree to that. I dont agree if we say it is not a EVPN feature.
It is very well a supported feature for EVPN L3 VXLAN in other implementations. If user wants to advertise a prefix that is not learnt by any host subnets, we should allow that to happen.

@tapashdas
Copy link
Contributor Author

retest vs please

1 similar comment
@tapashdas
Copy link
Contributor Author

retest vs please

}

SWSS_LOG_NOTICE("VRF VNI map update vrf %s, s_vni %s, add %d", vrf_name.c_str(), s_vni.c_str(), add);
doVrfVxlanTableUpdate(vrf_name, s_vni, add);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tapashdas If the configuration is done directly in config_db, we would need to check the validity of the global VLAN/VRF-->VNI mapping. It will be better to maintain or validate global vlan/vrf<-->VNI mapping in the cfgmgr.

}

SWSS_LOG_NOTICE("VRF VNI map update vrf %s, s_vni %s, add %d", vrf_name.c_str(), s_vni.c_str(), add);
doVrfVxlanTableUpdate(vrf_name, s_vni, add);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tapashdas In vxlanmgr.cpp, if the vni is already mapped to a vlan, mapper entry is rejected. But here the mapping entry is updated. Can we reject the config similar to vxlanmgr?

SWSS_LOG_NOTICE("Failed to create remote vtep %s", nexthop.to_string(overlay_nh).c_str());
return false;
}
next_hop_id = m_neighOrch->addTunnelNextHop(nexthop);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NULL object-id for tunnel-nhop failure is not checked.

We could change this API to return status instead of returning the object-id and check the status for success/failure

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok. Will do.

status = deleteRemoteVtep(vrf_id, tunnel_nh);
if (status == false)
{
SWSS_LOG_NOTICE("Failed to delete remote vtep %s ecmp", tunnel_nh.to_string(true).c_str());
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

error log and return false? Please check the error status in the caller methods as well

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok. Will do.

@tapashdas
Copy link
Contributor Author

Will take care of the comments in cfgmgr/vrfmgr.cpp. Currently all validation checks are at CLI level.

prvattem
prvattem previously approved these changes Dec 18, 2020
@@ -45,19 +49,44 @@ struct NextHopKey
throw std::invalid_argument(err);
}
}
NextHopKey(const std::string &str, bool overlay_nh)
{
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please fix alignment

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

const std::string to_string() const
{
return ip_address.to_string() + NH_DELIMITER + alias;
}

const std::string to_string(bool overlay_nh) const
{
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please fix alignment

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

@@ -133,9 +156,99 @@ bool VRFOrch::delOperation(const Request& request)

vrf_table_.erase(vrf_name);
vrf_id_table_.erase(router_id);
error = delVrfVNIMap(vrf_name, 0);
if (error == false)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please add {

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

old_vni = getVRFmappedVNI(vrf_name);
SWSS_LOG_INFO("VRF '%s' vni %d old_vni %d", vrf_name.c_str(), vni, old_vni);

if (old_vni != vni) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

{ -> next line

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

@@ -2132,7 +2134,7 @@ bool EvpnNvoOrch::addOperation(const Request& request)
source_vtep_ptr = tunnel_orch->getVxlanTunnel(vtep_name);

SWSS_LOG_INFO("evpnnvo: %s vtep : %s \n",nvo_name.c_str(), vtep_name.c_str());

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think tab space is added here

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

@@ -84,6 +95,12 @@ bool VRFOrch::addOperation(const Request& request)
vrf_table_[vrf_name].vrf_id = router_id;
vrf_table_[vrf_name].ref_count = 0;
vrf_id_table_[router_id] = vrf_name;
if (vni != 0) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

{ -> new line

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.


if (m_syncdRoutes.find(vrf_id) == m_syncdRoutes.end())
{
m_syncdRoutes.emplace(vrf_id, RouteTable());
m_vrfOrch->increaseVrfRefCount(vrf_id);
}

if(nextHops.is_overlay_nexthop())
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

space after if

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

auto it_route = m_syncdRoutes.at(vrf_id).find(ipPrefix);

/* The route is pointing to a next hop */
if (nextHops.getSize() == 1)
{
NextHopKey nexthop(nextHops.to_string());
NextHopKey nexthop;
if (overlay_nh) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

{ -> next line

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

@@ -1212,13 +1320,55 @@ bool RouteOrch::addRoute(RouteBulkContext& ctx, const NextHopGroupKey &nextHops)
/* Try to create a new next hop group */
if (!addNextHopGroup(nextHops))
{
/* NextHopGroup is in "Ip1|alias1,Ip2|alias2,..." format*/
std::vector<std::string> nhops = tokenize(nextHops.to_string(), ',');
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please explain this flow.

@prsunny prsunny merged commit b369bb2 into sonic-net:master Dec 18, 2020
EdenGri pushed a commit to EdenGri/sonic-swss that referenced this pull request Feb 28, 2022
…nic-net#1267)

Add subcommand to show midplane status for modular chassis and related unit tests
rck-innovium added a commit to rck-innovium/sonic-swss that referenced this pull request Apr 14, 2023
Support a new ACL table type called L3V4V6.
This table supports both v4 and v6 Match types.
Add unit tests for this new ACL table type.

HLD: sonic-net/SONiC#1267

Signed-off-by: Ravi(Marvell) rck@innovium.com
rck-innovium added a commit to rck-innovium/sonic-swss that referenced this pull request Apr 22, 2023
Support a new ACL table type called L3V4V6.
This table supports both v4 and v6 Match types.
Add unit tests for this new ACL table type.

HLD: sonic-net/SONiC#1267

Signed-off-by: Ravi(Marvell) rck@innovium.com
prsunny pushed a commit that referenced this pull request May 25, 2023
* Combine v4 and v6 L3 ACL rules on optimized platforms #1267
theasianpianist pushed a commit to theasianpianist/sonic-swss that referenced this pull request Jul 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants