-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Dual-ToR] add default value for ACL rule for mellanox platform (Standby ToR) #13547
[Dual-ToR] add default value for ACL rule for mellanox platform (Standby ToR) #13547
Conversation
Signed-off-by: Andriy Yurkiv <ayurkiv@nvidia.com>
@@ -133,5 +133,16 @@ | |||
"digits_class": "true", | |||
"special_class": "true" | |||
} | |||
}, | |||
"SYSTEM_DEFAULTS" : { | |||
{%- if include_mux == "y" %} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it better to generate the SYSTEM_DEFAULTS
table only when sonic_asic_platform == "mellanox"
, and include_mux == "y"
? In this way, there will be no change for other platforms.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for your remark.
I thought about it previously. But I decided that it may look confusing that SYSTEM_DEFAULT table (that is generic table) is under "mellanox" and "mux" condition.
What do you think about it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Make sense. Please also consider when we are upgrading from previous version, the mux_tunnel_egress_acl
is absent. Our code should be handle that exception.
@bingwang-ms can you please review and approve? |
@ayurkiv-nvda please clarify to which branch the fix should be taken? |
It should be merged to 202205 also |
…c-net#13547) - Why I did it Need to add the possibility to choose between dropping packets (using ACL) on ingress or egress in Dual ToR scenario - How I did it Add new attribute "mux_tunnel_ingress_acl" to SYSTEM_DEFAULTS table - How to verify it check that new attribute exists in redis: admin@sonic:~$ redis-cli -n 4 127.0.0.1:6379[4]> HGETALL SYSTEM_DEFAULTS|mux_tunnel_ingress_acl 1."state" 2."false" Signed-off-by: Andriy Yurkiv <ayurkiv@nvidia.com>
Cherry-pick PR to 202211: #14139 |
- Why I did it Need to add the possibility to choose between dropping packets (using ACL) on ingress or egress in Dual ToR scenario - How I did it Add new attribute "mux_tunnel_ingress_acl" to SYSTEM_DEFAULTS table - How to verify it check that new attribute exists in redis: admin@sonic:~$ redis-cli -n 4 127.0.0.1:6379[4]> HGETALL SYSTEM_DEFAULTS|mux_tunnel_ingress_acl 1."state" 2."false" Signed-off-by: Andriy Yurkiv <ayurkiv@nvidia.com>
Related work items: sonic-net#276, sonic-net#305, sonic-net#332, sonic-net#338, sonic-net#339, sonic-net#1188, sonic-net#1192, sonic-net#1197, sonic-net#1206, sonic-net#1685, sonic-net#1690, sonic-net#1696, sonic-net#1699, sonic-net#1709, sonic-net#1727, sonic-net#1737, sonic-net#1741, sonic-net#1742, sonic-net#2511, sonic-net#2512, sonic-net#2532, sonic-net#2559, sonic-net#2626, sonic-net#2638, sonic-net#2645, sonic-net#2649, sonic-net#2660, sonic-net#2669, sonic-net#2670, sonic-net#2678, sonic-net#10084, sonic-net#11442, sonic-net#11873, sonic-net#12047, sonic-net#12110, sonic-net#12207, sonic-net#12529, sonic-net#12678, sonic-net#13235, sonic-net#13287, sonic-net#13372, sonic-net#13395, sonic-net#13456, sonic-net#13497, sonic-net#13522, sonic-net#13545, sonic-net#13547, sonic-net#13552, sonic-net#13569, sonic-net#13572, sonic-net#13578, sonic-net#13591, sonic-net#13611, sonic-net#13647, sonic-net#13649, sonic-net#13660, sonic-net#13710, sonic-net#13716, sonic-net#13724, sonic-net#13726, sonic-net#13732, sonic-net#13735, sonic-net#13739, sonic-net#13757, sonic-net#13786, sonic-net#13792, sonic-net#13800, sonic-net#13801, sonic-net#13802, sonic-net#13805, sonic-net#13806, sonic-net#13812, sonic-net#13814, sonic-net#13822, sonic-net#13831, sonic-net#13834, sonic-net#13847, sonic-net#13870, sonic-net#13882, sonic-net#13884, sonic-net#13885, sonic-net#13894, sonic-net#13895, sonic-net#13926, sonic-net#13932, sonic-net#13935, sonic-net#13942, sonic-net#13951, sonic-net#13953, sonic-net#13964
Why I did it
Need to add the possibility to choose between dropping packets (using ACL) on ingress or egress in Dual ToR scenario
How I did it
Add new attribute "mux_tunnel_ingress_acl" to SYSTEM_DEFAULTS table
How to verify it
check that new attribute exists in redis:
admin@sonic:~$ redis-cli -n 4
127.0.0.1:6379[4]> HGETALL SYSTEM_DEFAULTS|mux_tunnel_ingress_acl
1."state"
2."false"
Which release branch to backport (provide reason below if selected)
Description for the changelog
Ensure to add label/tag for the feature raised. example - PR#2174 under sonic-utilities repo. where, Generic Config and Update feature has been labelled as GCU.
Link to config_db schema for YANG module changes
A picture of a cute animal (not mandatory but encouraged)