Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue. #17281

Merged

Conversation

liuh-80
Copy link
Contributor

@liuh-80 liuh-80 commented Nov 23, 2023

Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue.

Why I did it

When device set with IPV6 TACACS server address, and shutdown all BGP, device can't connect to TACACS server via management interface.

After investigation, I found the IPV6 'default' route table does not add to route lookup:

admin@vlab-01:$ ip -6 rule list
1001: from all lookup local
32765: from fec0::ffff:afa:1 lookup default
32766: from all lookup main
admin@vlab-01:
$

As compare:
admin@vlab-01:~$ ip -4 rule list
1001: from all lookup local
32764: from all to 172.17.0.1/24 lookup default
32765: from 10.250.0.101 lookup default
32766: from all lookup main
32767: from all lookup default <== 'default' route table exist in IPV4 route lookup

Issue fix by add 'default' route table to route lookup with following command:
admin@vlab-01:$ sudo ip -6 rule add pref 32767 lookup default
admin@vlab-01:
$ ip -6 rule list
1001: from all lookup local
32765: from fec0::ffff:afa:1 lookup default
32766: from all lookup main
32767: from all lookup default <== 'default' route table been added to IPV6 route lookup
admin@vlab-01:~$

Work item tracking
  • Microsoft ADO: 25798732

How I did it

When management interface using 'default' route table, add 'default' route table to IPV6 route lookup.

How to verify it

Pass all UT.
Add new UT to cover this change.
Manually verify issue fixed:

Which release branch to backport (provide reason below if selected)

  • 201811
  • 201911
  • 202006
  • 202012
  • 202106
  • 202111
  • [] 202205
  • [] 202211
  • [] 202305

Tested branch (Please provide the tested image version)

  • master-17281.417570-2133d58fa
  • SONiC.202305-17658.446964-c9b5bb179

Description for the changelog

Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue.

Link to config_db schema for YANG module changes

A picture of a cute animal (not mandatory but encouraged)

@liuh-80 liuh-80 changed the title Fix IPV6 mgmt route not work because vrf table not add to route lookup issue [POC] Fix IPV6 mgmt route not work because vrf table not add to route lookup issue Nov 23, 2023
@liuh-80 liuh-80 changed the title [POC] Fix IPV6 mgmt route not work because vrf table not add to route lookup issue [POC] Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue. Nov 24, 2023
@liuh-80 liuh-80 changed the title [POC] Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue. Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue. Nov 24, 2023
@liuh-80
Copy link
Contributor Author

liuh-80 commented Nov 24, 2023

Created UT for this change: sonic-net/sonic-mgmt#10842

@liuh-80 liuh-80 marked this pull request as ready for review November 24, 2023 03:10
@@ -94,6 +94,11 @@ iface {{ name }} {{ 'inet' if prefix | ipv4 else 'inet6' }} static
{% for route in MGMT_INTERFACE[(name, prefix)]['forced_mgmt_routes'] %}
pre-down ip rule delete pref 32764 to {{ route }} table {{ vrf_table }}
{% endfor %}
{% if prefix | ipv6 and vrf_table == 'default'%}
# IPV6 default table not add to lookup by default, management server need this to access IPV6 address when BGP shutdown
up ip -6 rule add pref 32767 lookup {{ vrf_table }}
Copy link
Collaborator

@qiluo-msft qiluo-msft Nov 29, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

32767

How do you get the magic number? #Closed

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The number is based on IPV4 default route table priority:

admin@vlab-01:~$ ip -4 rule list
1001: from all lookup local
32764: from all to 172.17.0.1/24 lookup default
32765: from 10.250.0.101 lookup default
32766: from all lookup main
32767: from all lookup default

The default route table need have lowest priority so when can' find route from 'local' and 'main' table the rules from 'default' table will be use.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems we need to define a named constant for 32764, and +3 here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed.

@qiluo-msft
Copy link
Collaborator

@prsunny Could you review this PR?

@@ -42,6 +42,9 @@ iface eth0 inet6 static
pre-down ip -6 route delete default via 2603:10e2:0:2902::1 dev eth0 table default
pre-down ip -6 route delete 2603:10e2:0:2902::/64 dev eth0 table default
pre-down ip -6 rule delete pref 32765 from 2603:10e2:0:2902::8/128 table default
# IPV6 default table not add to lookup by default, management server need this to access IPV6 address when BGP shutdown
up ip -6 rule add pref 32767 lookup default
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you please move this to 'up' section - line 40

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

@@ -57,6 +57,9 @@ iface eth1 inet6 static
pre-down ip -6 route delete default via 2603:10e2:0:abcd::1 dev eth1 table default
pre-down ip -6 route delete 2603:10e2:0:abcd::/64 dev eth1 table default
pre-down ip -6 rule delete pref 32765 from 2603:10e2:0:abcd::8/128 table default
# IPV6 default table not add to lookup by default, management server need this to access IPV6 address when BGP shutdown
up ip -6 rule add pref 32767 lookup default
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same here. please keep 'up' and 'pre-down' separate

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

@StormLiangMS
Copy link
Contributor

hi @liuh-80 could you help to run test on 202305 image with this PR? We'd like to avoid regression at this stage.

liuh-80 added a commit to liuh-80/sonic-buildimage that referenced this pull request Jan 3, 2024
…lt' route table does not add to route lookup issue. (sonic-net#17281)

Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue.

#### Why I did it
When device set with IPV6 TACACS server address, and shutdown all BGP, device can't connect to TACACS server via management interface.

After investigation, I found the IPV6 'default' route table does not add to route lookup:

admin@vlab-01:~$ ip -6 rule list
1001:   from all lookup local
32765:  from fec0::ffff:afa:1 lookup default
32766:  from all lookup main
admin@vlab-01:~$

As compare:
admin@vlab-01:~$ ip -4 rule list
1001:   from all lookup local
32764:  from all to 172.17.0.1/24 lookup default
32765:  from 10.250.0.101 lookup default
32766:  from all lookup main
32767:  from all lookup default <== 'default' route table exist in IPV4 route lookup

Issue fix by add 'default' route table to route lookup with following command:
admin@vlab-01:~$ sudo ip -6 rule add pref 32767 lookup default
admin@vlab-01:~$ ip -6 rule list
1001:   from all lookup local
32765:  from fec0::ffff:afa:1 lookup default
32766:  from all lookup main
32767:  from all lookup default <== 'default' route table been added to IPV6 route lookup
admin@vlab-01:~$

##### Work item tracking
- Microsoft ADO: 25798732

#### How I did it
When management interface using 'default' route table, add 'default' route table to IPV6 route lookup.

#### How to verify it
Pass all UT.
Add new UT to cover this change.
Manually verify issue fixed:

### Tested branch (Please provide the tested image version)

- [x]  master-17281.417570-2133d58fa

#### Description for the changelog
Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue.
@liuh-80
Copy link
Contributor Author

liuh-80 commented Jan 4, 2024

ip -6 rule list

hi @liuh-80 could you help to run test on 202305 image with this PR? We'd like to avoid regression at this stage.

@StormLiangMS , I verified with SONiC.202305-17658.446964-c9b5bb179, after cherry-pick, the issue fixed:

admin@vlab-01:~$ ip -6 rule list
1001: from all lookup local
32765: from fec0::ffff:afa:1 lookup default
32766: from all lookup main
32767: from all lookup default <== IPV6 default table added

mssonicbld pushed a commit to mssonicbld/sonic-buildimage that referenced this pull request Jan 4, 2024
…lt' route table does not add to route lookup issue. (sonic-net#17281)

Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue.

#### Why I did it
When device set with IPV6 TACACS server address, and shutdown all BGP, device can't connect to TACACS server via management interface.

After investigation, I found the IPV6 'default' route table does not add to route lookup:

admin@vlab-01:~$ ip -6 rule list
1001:   from all lookup local
32765:  from fec0::ffff:afa:1 lookup default
32766:  from all lookup main
admin@vlab-01:~$

As compare:
admin@vlab-01:~$ ip -4 rule list
1001:   from all lookup local
32764:  from all to 172.17.0.1/24 lookup default
32765:  from 10.250.0.101 lookup default
32766:  from all lookup main
32767:  from all lookup default <== 'default' route table exist in IPV4 route lookup

Issue fix by add 'default' route table to route lookup with following command:
admin@vlab-01:~$ sudo ip -6 rule add pref 32767 lookup default
admin@vlab-01:~$ ip -6 rule list
1001:   from all lookup local
32765:  from fec0::ffff:afa:1 lookup default
32766:  from all lookup main
32767:  from all lookup default <== 'default' route table been added to IPV6 route lookup
admin@vlab-01:~$

##### Work item tracking
- Microsoft ADO: 25798732

#### How I did it
When management interface using 'default' route table, add 'default' route table to IPV6 route lookup.

#### How to verify it
Pass all UT.
Add new UT to cover this change.
Manually verify issue fixed:

### Tested branch (Please provide the tested image version)

- [x]  master-17281.417570-2133d58fa

#### Description for the changelog
Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue.
@mssonicbld
Copy link
Collaborator

Cherry-pick PR to 202305: #17676

mssonicbld added a commit that referenced this pull request Jan 4, 2024
…lt' route table does not add to route lookup issue. (#17281) (#17676)
lguohan pushed a commit that referenced this pull request Jan 22, 2024
ix IPV6 forced-mgmt-route not work issue

Why I did it
IPV6 forced-mgmt-route not work

When add a IPV6 route, should use 'ip -6 rule add pref 32764 address' command, but currently in the template the '-6' parameter are missing, so the IPV6 route been add to IPV4 route table.

Also this PR depends on #17281 , which will fix the IPV6 'default' route table missing in IPV6 route lookup issue. 

Microsoft ADO (number only):24719238
nonodark added a commit to nonodark/sonic-buildimage that referenced this pull request Jan 29, 2024
Signed-off-by: nonodark <ef67891@yahoo.com.tw>

Squashed commit of the following:

commit 335ebaa
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Wed Jan 24 16:35:00 2024 +0800

    [submodule] Update submodule sonic-platform-daemons to the latest HEAD automatically (sonic-net#17891)
    src/sonic-platform-daemons
    ```
    * 824c20a - (HEAD -> 202305, origin/202305) Support 800G ifname in xcvrd (sonic-net#420) (20 hours ago) [Anoop Kamath]
    ```

commit 78e211c
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Sun Jan 21 16:32:35 2024 +0800

    [submodule] Update submodule sonic-utilities to the latest HEAD automatically (sonic-net#17868)
    src/sonic-utilities
    ```
    * 83a548de - (HEAD -> 202305, origin/202305) Disable Key Validation feature during sonic-installation for Cisco Platforms (sonic-net#3115) (22 hours ago) [selvipal]
    ```

commit 5d30151
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Sat Jan 20 16:32:45 2024 +0800

    [submodule] Update submodule sonic-snmpagent to the latest HEAD automatically (sonic-net#17863)
    src/sonic-snmpagent
    ```
    * 6f59d29 - (HEAD -> 202305, origin/202305) Fix SNMP dropping some of the queue counter when create_only_config_db_buffers is set to true (sonic-net#303) (sonic-net#309) (33 minutes ago) [mssonicbld]
    ```

commit 208c170
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Sat Jan 20 04:32:37 2024 +0800

    [submodule] Update submodule sonic-snmpagent to the latest HEAD automatically (sonic-net#17859)
    src/sonic-snmpagent
    ```
    * 2efaf2e - (HEAD -> 202305, origin/202305) Revert "[action] [PR:303] Fix SNMP dropping some of the queue counter when create_only_config_db_buffers is set to true (sonic-net#303)" (sonic-net#308) (4 minutes ago) [StormLiangMS]
    ```

commit 306175b
Author: Saikrishna Arcot <sarcot@microsoft.com>
Date:   Fri Jan 19 03:16:04 2024 -0800

    dhcrelay: Don't look up the ifindex for the fallback interface (sonic-net#17797) (sonic-net#17840)

    Currently, whenever isc-dhcp-relay forwards a packet upstream,
    internally, it will try to send it on a "fallback" interface. My
    understanding is that this isn't meant to be a real interface, but
    instead is basically saying to use Linux's regular routing stack to
    route the packet appropriately (rather than having isc-dhcp-relay
    specify specifically which interface to use).

    The problem is that on systems with a weak CPU, a large number of
    interfaces, and many upstream servers specified, this can introduce a
    noticeable delay in packets getting sent. The delay comes from trying to
    get the ifindex of the fallback interface. In one test case, it got to
    the point that only 2 packets could be processed per second. Because of
    this, dhcrelay will easily get backlogged and likely get to a point
    where packets get dropped in the kernel.

    Fix this by adding a check saying if we're using the fallback interface,
    then don't try to get the ifindex of this interface. We're never going
    to have an interface named this in SONiC.

    Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>

commit fc7a1ac
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Fri Jan 19 18:36:00 2024 +0800

    [submodule] Update submodule sonic-snmpagent to the latest HEAD automatically (sonic-net#17853)
    src/sonic-snmpagent
    ```
    * b0a4bcc - (HEAD -> 202305, origin/202305) Set the execute bit on sysDescr_pass.py (sonic-net#306) (22 hours ago) [Andre Kostur]
    ```

commit 30b1f05
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Fri Jan 19 16:34:55 2024 +0800

    [submodule] Update submodule linkmgrd to the latest HEAD automatically (sonic-net#17851)
    src/linkmgrd
    ```
    * f5e9b54 - (HEAD -> 202305, origin/202305) [CodeQL] fix unmet build dependency (sonic-net#222) (10 hours ago) [Jing Zhang]
    * 2282cc5 - [active-standby] Probe the link in suspend timeout (sonic-net#235) (22 hours ago) [Longxiang Lyu]
    ```

commit 66ce739
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Fri Jan 19 16:34:46 2024 +0800

    [submodule] Update submodule sonic-utilities to the latest HEAD automatically (sonic-net#17855)
    src/sonic-utilities
    ```
    * 93c42272 - (HEAD -> 202305, origin/202305) [chassis]: Support show ip bgp summary to display without error when no external neighbors are configured on chassis LC (sonic-net#3099) (22 hours ago) [Arvindsrinivasan Lakshmi Narasimhan]
    ```

commit 076b6c3
Author: zitingguo-ms <zitingguo@microsoft.com>
Date:   Fri Jan 19 14:56:01 2024 +0800

    upgrade xgs SAI to 8.4.39.2 (sonic-net#17842)

    Why I did it
    Upgrade the xgs SAI version to 8.4.39.2 to include the following fix:

    8.4.36.0: [submodule upgrade] [SAI_BRANCH rel_ocp_sai_8_4] SID: SDK-381039 Cosq control dynamic type changes
    8.4.37.0: SID: MMU cosq control configuration with Dynamic Type Check
    8.4.38.0: [sbumodule upgrade] [CSP 0001232212][SAI_BRANCH rel_ocp_sai_8_4]back-porting SONIC-82415 to SAI 8.4
    8.4.39.0: [CSP CS00012320979] Port SONIC-81867 sai spec compliance for get SAI_SWITCH_ATTR_SWITCH_HARDWARE_INFO
    8.4.39.1: changes for phy-re-init of 40G ports for TH platforms CS00012327470
    8.4.39.2: fix capability for Hostif queue by change SET operation of SAI_HOSTIF_ATTR_QUEUE to be true
    Work item tracking
    Microsoft ADO (number only): 26491005
    How I did it
    Upgrade xgs SAI version in sai.mk file.

    How to verify it
    Run basic SONiC test using SAI release pipeline, all cases passed.
    https://dev.azure.com/mssonic/internal/_build/results?buildId=457869&view=results

commit 6d767e5
Author: abdosi <58047199+abdosi@users.noreply.github.com>
Date:   Thu Jan 18 20:53:26 2024 -0800

    [chassis] Support advertisement of Loopback0 of all LC's across all e-BGP peers in TSA mode (sonic-net#16714) (sonic-net#17837)

    What I did:
    In Chassis TSA mode Loopback0 Ip's of each LC's should be advertise through e-BGP peers of each remote LC's

    How I did:

    - Route-map policy to Advertise own/self Loopback IP to other internal iBGP peers with a community internal_community as define in constants.yml
    - Route-map policy to match on above internal_community when route is received from internal iBGP peers and set a internal tag as define in constants.yml and also delete the internal_community so we don't send to any of e-BGP peers
    - In TSA new route-map match on above internal tag and permit the route (Loopback0 IP's of remote LC's) and set the community to traffic_shift_community.
    - In TSB delete the above new route-map.

    How I verify:

    Manual Verification

    UT updated.
    sonic-mgmt PR: sonic-net/sonic-mgmt#10239

    Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>

commit 898f126
Author: Baorong Liu <baorliu@cisco.com>
Date:   Thu Jan 18 04:08:29 2024 -0800

    [staticroutebfd]double commit PR-16450, change bfd to singlehop (sonic-net#17549)

    Why I did it
    double commit PR-16450 because of cherry pick conflict for PR#202305

    Work item tracking
    Microsoft ADO (number only):
    How I did it
    How to verify it

commit d81780b
Author: ganglv <88995770+ganglyu@users.noreply.github.com>
Date:   Thu Jan 18 20:07:40 2024 +0800

    Fix host service for 202305 branch (sonic-net#17781)

    Why I did it
    When we disable telemetry.service, sonic-hostservice will not start. And root cause is sonic-hostservice is only wanted by telemetry.service.

    Work item tracking
    Microsoft ADO (number only):
    How I did it
    Add dependency for gnmi.service.

    How to verify it
    Disable telemetry.service and build new image, and then check sonic-hostservice with new image.

commit b99c46e
Author: Liu Shilong <shilongliu@microsoft.com>
Date:   Thu Jan 18 20:05:04 2024 +0800

    [build] Add gpg keys for sonic-slave-bullseye in arm64 cross build on amd64. (sonic-net#17182) (sonic-net#17828)

    Fix sonic-net#16204

    Microsoft ADO (number only): 25746782

    How I did it
    multiarch/debian-debootstrap:arm64-bullseye is too old.
    It needs to add some gpg keys before 'apt-get update'

commit f460347
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Thu Jan 18 16:34:00 2024 +0800

    [submodule] Update submodule sonic-swss to the latest HEAD automatically (sonic-net#17821)
    src/sonic-swss
    ```
    * ac94f0b7 - (HEAD -> 202305, origin/202305) [202305][routeorch] Fixing bug with multiple routes pointing to nhg (sonic-net#3002) (2 hours ago) [Nikola Dancejic]
    ```

commit ed71c12
Author: abdosi <58047199+abdosi@users.noreply.github.com>
Date:   Fri Jul 7 11:10:35 2023 -0700

    Enable BFD for Static Route for chassis-packet. (sonic-net#15383)

    *What I did:
    Enable BFD for Static Route for chassis-packet. This will trigger the use of the feature as defined in here: sonic-net#13789

    Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>

commit aa01630
Author: abdosi <58047199+abdosi@users.noreply.github.com>
Date:   Tue Aug 29 13:41:01 2023 -0700

    [build]: Added flag in sonic_version.yml to see if image is secured or non-secured (sonic-net#16191)

    What I did:

    Added flag in sonic_version.yml to see if compiled image is secured or non-secured. This is done using build/compile time environmental variable SECURE_UPGRADE_MODE as define in HLD: https://github.com/sonic-net/SONiC/blob/master/doc/secure_boot/hld_secure_boot.md

    This flag does not provide the runtime status of whether the image has booted securely or not. It's possible that compile time signed image (secured image) can boot on non secure platform.

    Why I did:
    Flag can be used for manual check or by the test case.

    ADO: 24319390

    How I verify:
    Manual Verification

    ---
    build_version: 'master-16191.346262-cdc5e72a3'
    debian_version: '11.7'
    kernel_version: '5.10.0-18-2-amd64'
    asic_type: broadcom
    asic_subtype: 'broadcom'
    commit_id: 'cdc5e72a3'
    branch: 'master-16191'
    release: 'none'
    build_date: Fri Aug 25 03:15:45 UTC 2023
    build_number: 346262
    built_by: AzDevOps@vmss-soni001UR5
    libswsscommon: 1.0.0
    sonic_utilities: 1.2
    sonic_os_version: 11
    secure_boot_image: 'no'

    Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>

commit 9f81d9d
Author: snider-nokia <76123698+snider-nokia@users.noreply.github.com>
Date:   Mon Jan 8 14:38:46 2024 -0500

    [Nokia][sonic-platform] Update Nokia sonic-platform submodule and device data (sonic-net#17378)

    These changes, in conjunction with NDK version >= 22.9.17 address the thermal logging issues discussed at Nokia-ION/ndk#27. While the changes contained at this PR do not require coupling to NDK version >= 22.9.17, thermal logging enhancements will not be available without updated NDK >= 22.9.17. Thus, coupling with NDK >=22.9.17 is preferred and recommended.

    Why I did it
    To address thermal logging deficiencies.

    Work item tracking
    Microsoft ADO (number only): 26365734
    How I did it
    The following changes are included:

    Threshold configuration values are provided in the associated device data .json files. There is also a change included to better handle the condition where an SFP module read fails.

    Modify the module.py reboot to support reboot linecard from Supervisor

     - Modify reboot to call _reboot_imm for single IMM card reboot
     - Add log to the ndk_cmd to log the operation of "reboot-linecard" and "shutdown/satrtup the sfm"
    Add new nokia_cmd set command and modify show ndk-status output

     - Add a new function reboot_imm() to nokia_common.py to support reboot a single IMM slot from CPM
     - Added new command: nokia_cmd set reboot-linecard <slot> [forece] for CPM
     - Append a new column "RebootStatus" at the end of output of "nokia_cmd show ndk-status"
     - Provide ability for IMM to disable all transceiver module TX at reboot time
     - Remove defunct xcvr-resync service

commit 2f8630c
Author: Marty Y. Lok <76118573+mlok-nokia@users.noreply.github.com>
Date:   Mon Jan 8 14:39:30 2024 -0500

    [Nokia-IXR7250E] Modify the platform_reboot on the IXR7250E for PMON API reboot and Disable all SFPs (sonic-net#17483)

    Why I did it
    When Supervisor card is rebooted by using PMON API, it takes about 90 seconds to trigger the shutdown in down path. At this time linecards have been up. This delays linecards database initialization which is trying to PING/PONG the database-chassis. To address this issue, we modified the NDK to use the system call with "sudo reboot" when the request is from PMON API on Supervisor case. The NDK version is 22.9.20 and greater. This new NDK requires this modifcaiton of platform_reboot to work with.

    Work item tracking
    Microsoft ADO (number only): 26365734
    How I did it
    Modify the platform_reboot In Supervisor not to reboot all IMMs since it has been done in the function reboot() in module.py. Also handle the reboot-cause.txt for on the Supervisor when the reboot is request from PMON API.
    Modify the Nokia platform specific platform_reboot in linecard to disable all SPFs.
    This PR works with NDK version 22.9.20 and above

    Signed-off-by: mlok <marty.lok@nokia.com>

commit 6926171
Author: Liu Shilong <shilongliu@microsoft.com>
Date:   Mon Jan 15 14:59:21 2024 +0800

    [build] Fix a bash script some times called by sh issue. (sonic-net#17761)

    Why I did it
    Fix a bug that sometimes the script runs in sh not bash.

    Work item tracking
    Microsoft ADO (number only): 26297955
    How I did it

commit a262306
Author: vdahiya12 <67608553+vdahiya12@users.noreply.github.com>
Date:   Tue Jan 16 11:34:19 2024 -0800

    [Arista] Update config.bcm of 7060_cx32s for handling 40g optics with unreliable los settings (sonic-net#17768)

    For 40G optics there is SAI handling of T0 facing ports to be set with SR4 type and unreliable los set for a fixed set of ports. For this property to be invoked the requirement is set
    phy_unlos_msft=1 in config.bcm.
    This change is to meet the requirement and once this property is set, the los/interface type settings is applied by SAI on the required ports.

    Why I did it
    For Arista-7060CX-32S-Q32 T1, 40G ports RX_ERR minimalization during connected device reboot
    can be achieved by turning on Unreliable LOS and SR4 media_type for all ports which are connected to T0.

    The property phy_unlos_msft=1 is to exclusively enable this property.

    Microsoft ADO: 25941176

    How I did it
    Changes in SAI and turning on property

    How to verify it
    Ran the changes on a testbed and verified configurations are as intended.

    with property

    admin@sonic2:~$ bcmcmd "phy diag xe8 dsc config" | grep -C 2 "LOS"
    Brdfe_on                    = 0
    Media Type                  = 2
    Unreliable LOS              = 1
    Scrambling Disable          = 0
    Lane Config from PCS        = 0

    without property

    admin@sonic:~$ bcmcmd "phy diag xe8 dsc config" | grep -C 2 "LOS"
    Brdfe_on                    = 0
    Media Type                  = 0
    Unreliable LOS              = 0
    Scrambling Disable          = 0
    Lane Config from PCS        = 0

    Signed-off-by: vaibhav-dahiya <vdahiya@microsoft.com>

commit 245f337
Author: Feng-msft <fenpan@microsoft.com>
Date:   Fri Jan 12 10:51:48 2024 +0800

    Fix dialout build flag issue. (sonic-net#17715)
    Fix ENABLE_DIALOUT flag issue.
    - Microsoft ADO **(number only)**: 21326000
    Update Makefile.work and add debug string.
    ![image](https://github.com/sonic-net/sonic-buildimage/assets/97083744/960d75d1-618c-4734-acb5-7a32a28c262b)

commit b53a890
Author: Liping Xu <108326363+lipxu@users.noreply.github.com>
Date:   Fri Jan 12 15:26:06 2024 +0800

    disable restapi for leafRouter in slim image (sonic-net#17713)

    Why I did it
    For some devices with small memory, after upgrading to the latest image, the available memory is not enough.

    Work item tracking
    Microsoft ADO (number only):
    26324242
    How I did it
    Disable restapi feature for LeafRouter which with slim image.

    How to verify it
    verified on 7050qx T1 (slim image), restapi disabled
    verified on 7050qx T0 (slim image), restapi enabled
    verified on 7260 T1 (normal image), restapi enabled

commit 8561fa6
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Fri Jan 12 16:34:35 2024 +0800

    [submodule] Update submodule sonic-utilities to the latest HEAD automatically (sonic-net#17757)
    src/sonic-utilities
    ```
    * 651a80b1 - (HEAD -> 202305, origin/202305) Modify teamd retry count script to base BGP status on default BGP status (sonic-net#3069) (22 hours ago) [Saikrishna Arcot]
    ```

commit 9f66a7d
Author: Lawrence Lee <lawlee@microsoft.com>
Date:   Wed Jan 10 14:40:15 2024 -0800

    add timeout to ping6 command (sonic-net#17729)

    Signed-off-by: Lawrence Lee <lawlee@microsoft.com>

commit 13aa19a
Author: Nazarii Hnydyn <nazariig@nvidia.com>
Date:   Wed Jan 10 15:15:55 2024 +0200

    [swss/syncd]: Remove dependency on interfaces-config.service (sonic-net#17649)

    Signed-off-by: Nazarii Hnydyn nazariig@nvidia.com

    This improvement does not bring any warm-reboot degradation, since the database availability (tcp/ip access over the loopback interface) was fixed by these PRs:

    Re-add 127.0.0.1/8 when bringing down the interfaces sonic-net#15080
    Fix potentially not having any loopback address on lo interface sonic-net#16490
    Why I did it
    Removed dependency on interfaces-config.service to speed up the boot, because interfaces-config.service takes a lot of time on init
    Work item tracking
    N/A
    How I did it
    Changed service files for swss/syncd
    How to verify it
    Boot and check swss/syncd start time comparing to interfaces-config

commit f4c15b8
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Wed Jan 10 16:34:10 2024 +0800

    [submodule] Update submodule linkmgrd to the latest HEAD automatically (sonic-net#17731)
    src/linkmgrd
    ```
    * 2f5971f - (HEAD -> 202305, origin/202305) [warmboot] use config_db connector to update mux mode config instead of CLI (sonic-net#223) (4 hours ago) [Jing Zhang]
    ```

commit a3b5ea9
Author: Nazarii Hnydyn <nazariig@nvidia.com>
Date:   Wed Jan 10 02:56:20 2024 +0200

    [sonic-cfggen]: Optimize template rendering and database access. (sonic-net#17650)

    Signed-off-by: Nazarii Hnydyn nazariig@nvidia.com

    Why I did it
    Improved switch init time
    Work item tracking
    N/A
    How I did it
    Replaced: sonic-cfggen -> sonic-db-cli
    Aggregated template list for sonic-cfggen
    How to verify it
    Run warm-reboot

commit 44bc291
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Wed Jan 10 04:32:40 2024 +0800

    [submodule] Update submodule linkmgrd to the latest HEAD automatically (sonic-net#17721)
    src/linkmgrd
    ```
    * 2089ab6 - (HEAD -> 202305, origin/202305) Exclude DbInterface in PR coverage check (sonic-net#224) (3 hours ago) [Jing Zhang]
    ```

commit 1337597
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Wed Jan 10 02:32:19 2024 +0800

    [submodule] Update submodule sonic-snmpagent to the latest HEAD automatically (sonic-net#17722)
    src/sonic-snmpagent
    ```
    * e5fd192 - (HEAD -> 202305, origin/202305) Fix SNMP dropping some of the queue counter when create_only_config_db_buffers is set to true (sonic-net#303) (9 hours ago) [DavidZagury]
    ```

commit bb23f7b
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Sat Jan 6 16:42:00 2024 +0800

    [submodule] Update submodule sonic-gnmi to the latest HEAD automatically (sonic-net#17696)

commit 7ccef97
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Sat Jan 6 03:37:17 2024 +0800

    [YANG] Enable Yang model for BGP_BBR config entry (sonic-net#17622) (sonic-net#17692)

commit 8defdfe
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Sat Jan 6 01:15:01 2024 +0800

    [submodule] Update submodule sonic-sairedis to the latest HEAD automatically (sonic-net#17691)

commit b549962
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Sat Jan 6 01:00:55 2024 +0800

    [submodule] Update submodule sonic-gnmi to the latest HEAD automatically (sonic-net#17690)

commit 02dc49a
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Fri Jan 5 15:14:43 2024 +0800

    [submodule] Update submodule linkmgrd to the latest HEAD automatically (sonic-net#17687)

commit 0d31ee8
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Fri Jan 5 02:39:03 2024 +0800

    Update TELEMETRY_CLIENT YANG model (sonic-net#16861) (sonic-net#17679)

commit df22ca9
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Fri Jan 5 01:04:39 2024 +0800

    [Arista] Remove aggregate port config files for multi-asic devices (sonic-net#16923) (sonic-net#17678)

commit ca2695f
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Fri Jan 5 00:44:19 2024 +0800

    password-hardening: Add support to disable expiration date like in Linux (PAM) (sonic-net#17426) (sonic-net#17674)

commit 388457a
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Fri Jan 5 00:35:07 2024 +0800

    [arp_update]: Flush neighbors with incorrect MAC info (sonic-net#17238) (sonic-net#17677)

commit 38c5e68
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Fri Jan 5 00:32:38 2024 +0800

    Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue. (sonic-net#17281) (sonic-net#17676)

commit 76d8ff0
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Thu Jan 4 23:10:28 2024 +0800

    Update backend_acl.py to specify ACL table name (sonic-net#17553) (sonic-net#17673)

commit b72a740
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Thu Jan 4 22:37:26 2024 +0800

    [docker_image_ctl.j2]: swss docker initialization improvements (sonic-net#17628) (sonic-net#17672)

commit 609b3a7
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Thu Jan 4 22:29:00 2024 +0800

    [image_config]: Update DHCP rate-limit for mgmt TOR devices (sonic-net#17630) (sonic-net#17671)

commit 8362c09
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Tue Jan 2 15:13:53 2024 +0800

    [submodule] Update submodule sonic-swss to the latest HEAD automatically (sonic-net#17642)

commit 3cb6343
Author: Stepan Blyshchak <38952541+stepanblyschak@users.noreply.github.com>
Date:   Tue Jan 2 02:59:17 2024 +0200

    [202305] Revert bgp suppress fib pending (sonic-net#17578)

    DEPENDS ON: sonic-net/sonic-swss#2997 sonic-net/sonic-utilities#3093

    What I did

    Revert the feature.

    Why I did it

    Revert bgp suppress FIB functionality due to found FRR memory consumption issues and bugs.

    How I verified it

    Basic sanity check on t1-lag, regression in progress.

commit 64ed3d5
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Mon Jan 1 10:31:33 2024 +0800

    Fix system-health hardware_checker to consume fan tolerance details (sonic-net#16689) (sonic-net#17640)

commit 98ad3b0
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Sun Dec 31 17:01:53 2023 +0800

    [submodule] Update submodule sonic-utilities to the latest HEAD automatically (sonic-net#17643)

commit 1398daa
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Sun Dec 31 15:20:25 2023 +0800

    [submodule] Update submodule sonic-platform-daemons to the latest HEAD automatically (sonic-net#17641)

commit fb83d4d
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Fri Dec 29 01:07:45 2023 +0800

    [Mellanox] wait until hw-management watchdog files ready (sonic-net#17618) (sonic-net#17633)

commit a8ad19d
Author: Junchao-Mellanox <57339448+Junchao-Mellanox@users.noreply.github.com>
Date:   Thu Dec 28 20:53:49 2023 +0800

    [202305] Optimize syslog rate limit feature for fast and warm boot (sonic-net#17478)

    Backport PR sonic-net#17458 due to conflict.

    Why I did it
    Optimize syslog rate limit feature for fast and warm boot

    Work item tracking
    Microsoft ADO (number only):
    How I did it
    Optimize redis start time
    Don't render rsyslog.conf in container startup script
    Disable containercfgd by default. There is a new CLI to enable it (in another PR)
    How to verify it
    Manual test
    Regression test
nonodark added a commit to nonodark/sonic-buildimage that referenced this pull request Jan 29, 2024
Squashed commit of the following:

commit 335ebaa
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Wed Jan 24 16:35:00 2024 +0800

    [submodule] Update submodule sonic-platform-daemons to the latest HEAD automatically (sonic-net#17891)

    #### Why I did it
    src/sonic-platform-daemons
    ```
    * 824c20a - (HEAD -> 202305, origin/202305) Support 800G ifname in xcvrd (sonic-net#420) (20 hours ago) [Anoop Kamath]
    ```
    #### How I did it
    #### How to verify it
    #### Description for the changelog

commit 78e211c
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Sun Jan 21 16:32:35 2024 +0800

    [submodule] Update submodule sonic-utilities to the latest HEAD automatically (sonic-net#17868)

    #### Why I did it
    src/sonic-utilities
    ```
    * 83a548de - (HEAD -> 202305, origin/202305) Disable Key Validation feature during sonic-installation for Cisco Platforms (sonic-net#3115) (22 hours ago) [selvipal]
    ```
    #### How I did it
    #### How to verify it
    #### Description for the changelog

commit 5d30151
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Sat Jan 20 16:32:45 2024 +0800

    [submodule] Update submodule sonic-snmpagent to the latest HEAD automatically (sonic-net#17863)

    #### Why I did it
    src/sonic-snmpagent
    ```
    * 6f59d29 - (HEAD -> 202305, origin/202305) Fix SNMP dropping some of the queue counter when create_only_config_db_buffers is set to true (sonic-net#303) (sonic-net#309) (33 minutes ago) [mssonicbld]
    ```
    #### How I did it
    #### How to verify it
    #### Description for the changelog

commit 208c170
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Sat Jan 20 04:32:37 2024 +0800

    [submodule] Update submodule sonic-snmpagent to the latest HEAD automatically (sonic-net#17859)

    #### Why I did it
    src/sonic-snmpagent
    ```
    * 2efaf2e - (HEAD -> 202305, origin/202305) Revert "[action] [PR:303] Fix SNMP dropping some of the queue counter when create_only_config_db_buffers is set to true (sonic-net#303)" (sonic-net#308) (4 minutes ago) [StormLiangMS]
    ```
    #### How I did it
    #### How to verify it
    #### Description for the changelog

commit 306175b
Author: Saikrishna Arcot <sarcot@microsoft.com>
Date:   Fri Jan 19 03:16:04 2024 -0800

    dhcrelay: Don't look up the ifindex for the fallback interface (sonic-net#17797) (sonic-net#17840)

    Currently, whenever isc-dhcp-relay forwards a packet upstream,
    internally, it will try to send it on a "fallback" interface. My
    understanding is that this isn't meant to be a real interface, but
    instead is basically saying to use Linux's regular routing stack to
    route the packet appropriately (rather than having isc-dhcp-relay
    specify specifically which interface to use).

    The problem is that on systems with a weak CPU, a large number of
    interfaces, and many upstream servers specified, this can introduce a
    noticeable delay in packets getting sent. The delay comes from trying to
    get the ifindex of the fallback interface. In one test case, it got to
    the point that only 2 packets could be processed per second. Because of
    this, dhcrelay will easily get backlogged and likely get to a point
    where packets get dropped in the kernel.

    Fix this by adding a check saying if we're using the fallback interface,
    then don't try to get the ifindex of this interface. We're never going
    to have an interface named this in SONiC.

    Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>

commit fc7a1ac
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Fri Jan 19 18:36:00 2024 +0800

    [submodule] Update submodule sonic-snmpagent to the latest HEAD automatically (sonic-net#17853)

    #### Why I did it
    src/sonic-snmpagent
    ```
    * b0a4bcc - (HEAD -> 202305, origin/202305) Set the execute bit on sysDescr_pass.py (sonic-net#306) (22 hours ago) [Andre Kostur]
    ```
    #### How I did it
    #### How to verify it
    #### Description for the changelog

commit 30b1f05
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Fri Jan 19 16:34:55 2024 +0800

    [submodule] Update submodule linkmgrd to the latest HEAD automatically (sonic-net#17851)

    #### Why I did it
    src/linkmgrd
    ```
    * f5e9b54 - (HEAD -> 202305, origin/202305) [CodeQL] fix unmet build dependency (sonic-net#222) (10 hours ago) [Jing Zhang]
    * 2282cc5 - [active-standby] Probe the link in suspend timeout (sonic-net#235) (22 hours ago) [Longxiang Lyu]
    ```
    #### How I did it
    #### How to verify it
    #### Description for the changelog

commit 66ce739
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Fri Jan 19 16:34:46 2024 +0800

    [submodule] Update submodule sonic-utilities to the latest HEAD automatically (sonic-net#17855)

    #### Why I did it
    src/sonic-utilities
    ```
    * 93c42272 - (HEAD -> 202305, origin/202305) [chassis]: Support show ip bgp summary to display without error when no external neighbors are configured on chassis LC (sonic-net#3099) (22 hours ago) [Arvindsrinivasan Lakshmi Narasimhan]
    ```
    #### How I did it
    #### How to verify it
    #### Description for the changelog

commit 076b6c3
Author: zitingguo-ms <zitingguo@microsoft.com>
Date:   Fri Jan 19 14:56:01 2024 +0800

    upgrade xgs SAI to 8.4.39.2 (sonic-net#17842)

    Why I did it
    Upgrade the xgs SAI version to 8.4.39.2 to include the following fix:

    8.4.36.0: [submodule upgrade] [SAI_BRANCH rel_ocp_sai_8_4] SID: SDK-381039 Cosq control dynamic type changes
    8.4.37.0: SID: MMU cosq control configuration with Dynamic Type Check
    8.4.38.0: [sbumodule upgrade] [CSP 0001232212][SAI_BRANCH rel_ocp_sai_8_4]back-porting SONIC-82415 to SAI 8.4
    8.4.39.0: [CSP CS00012320979] Port SONIC-81867 sai spec compliance for get SAI_SWITCH_ATTR_SWITCH_HARDWARE_INFO
    8.4.39.1: changes for phy-re-init of 40G ports for TH platforms CS00012327470
    8.4.39.2: fix capability for Hostif queue by change SET operation of SAI_HOSTIF_ATTR_QUEUE to be true
    Work item tracking
    Microsoft ADO (number only): 26491005
    How I did it
    Upgrade xgs SAI version in sai.mk file.

    How to verify it
    Run basic SONiC test using SAI release pipeline, all cases passed.
    https://dev.azure.com/mssonic/internal/_build/results?buildId=457869&view=results

commit 6d767e5
Author: abdosi <58047199+abdosi@users.noreply.github.com>
Date:   Thu Jan 18 20:53:26 2024 -0800

    [chassis] Support advertisement of Loopback0 of all LC's across all e-BGP peers in TSA mode (sonic-net#16714) (sonic-net#17837)

    What I did:
    In Chassis TSA mode Loopback0 Ip's of each LC's should be advertise through e-BGP peers of each remote LC's

    How I did:

    - Route-map policy to Advertise own/self Loopback IP to other internal iBGP peers with a community internal_community as define in constants.yml
    - Route-map policy to match on above internal_community when route is received from internal iBGP peers and set a internal tag as define in constants.yml and also delete the internal_community so we don't send to any of e-BGP peers
    - In TSA new route-map match on above internal tag and permit the route (Loopback0 IP's of remote LC's) and set the community to traffic_shift_community.
    - In TSB delete the above new route-map.

    How I verify:

    Manual Verification

    UT updated.
    sonic-mgmt PR: sonic-net/sonic-mgmt#10239

    Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>

commit 898f126
Author: Baorong Liu <baorliu@cisco.com>
Date:   Thu Jan 18 04:08:29 2024 -0800

    [staticroutebfd]double commit PR-16450, change bfd to singlehop (sonic-net#17549)

    Why I did it
    double commit PR-16450 because of cherry pick conflict for PR#202305

    Work item tracking
    Microsoft ADO (number only):
    How I did it
    How to verify it

commit d81780b
Author: ganglv <88995770+ganglyu@users.noreply.github.com>
Date:   Thu Jan 18 20:07:40 2024 +0800

    Fix host service for 202305 branch (sonic-net#17781)

    Why I did it
    When we disable telemetry.service, sonic-hostservice will not start. And root cause is sonic-hostservice is only wanted by telemetry.service.

    Work item tracking
    Microsoft ADO (number only):
    How I did it
    Add dependency for gnmi.service.

    How to verify it
    Disable telemetry.service and build new image, and then check sonic-hostservice with new image.

commit b99c46e
Author: Liu Shilong <shilongliu@microsoft.com>
Date:   Thu Jan 18 20:05:04 2024 +0800

    [build] Add gpg keys for sonic-slave-bullseye in arm64 cross build on amd64. (sonic-net#17182) (sonic-net#17828)

    Fix sonic-net#16204

    Microsoft ADO (number only): 25746782

    How I did it
    multiarch/debian-debootstrap:arm64-bullseye is too old.
    It needs to add some gpg keys before 'apt-get update'

commit f460347
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Thu Jan 18 16:34:00 2024 +0800

    [submodule] Update submodule sonic-swss to the latest HEAD automatically (sonic-net#17821)

    #### Why I did it
    src/sonic-swss
    ```
    * ac94f0b7 - (HEAD -> 202305, origin/202305) [202305][routeorch] Fixing bug with multiple routes pointing to nhg (sonic-net#3002) (2 hours ago) [Nikola Dancejic]
    ```
    #### How I did it
    #### How to verify it
    #### Description for the changelog

commit ed71c12
Author: abdosi <58047199+abdosi@users.noreply.github.com>
Date:   Fri Jul 7 11:10:35 2023 -0700

    Enable BFD for Static Route for chassis-packet. (sonic-net#15383)

    *What I did:
    Enable BFD for Static Route for chassis-packet. This will trigger the use of the feature as defined in here: sonic-net#13789

    Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>

commit aa01630
Author: abdosi <58047199+abdosi@users.noreply.github.com>
Date:   Tue Aug 29 13:41:01 2023 -0700

    [build]: Added flag in sonic_version.yml to see if image is secured or non-secured (sonic-net#16191)

    What I did:

    Added flag in sonic_version.yml to see if compiled image is secured or non-secured. This is done using build/compile time environmental variable SECURE_UPGRADE_MODE as define in HLD: https://github.com/sonic-net/SONiC/blob/master/doc/secure_boot/hld_secure_boot.md

    This flag does not provide the runtime status of whether the image has booted securely or not. It's possible that compile time signed image (secured image) can boot on non secure platform.

    Why I did:
    Flag can be used for manual check or by the test case.

    ADO: 24319390

    How I verify:
    Manual Verification

    ---
    build_version: 'master-16191.346262-cdc5e72a3'
    debian_version: '11.7'
    kernel_version: '5.10.0-18-2-amd64'
    asic_type: broadcom
    asic_subtype: 'broadcom'
    commit_id: 'cdc5e72a3'
    branch: 'master-16191'
    release: 'none'
    build_date: Fri Aug 25 03:15:45 UTC 2023
    build_number: 346262
    built_by: AzDevOps@vmss-soni001UR5
    libswsscommon: 1.0.0
    sonic_utilities: 1.2
    sonic_os_version: 11
    secure_boot_image: 'no'

    Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>

commit 9f81d9d
Author: snider-nokia <76123698+snider-nokia@users.noreply.github.com>
Date:   Mon Jan 8 14:38:46 2024 -0500

    [Nokia][sonic-platform] Update Nokia sonic-platform submodule and device data (sonic-net#17378)

    These changes, in conjunction with NDK version >= 22.9.17 address the thermal logging issues discussed at Nokia-ION/ndk#27. While the changes contained at this PR do not require coupling to NDK version >= 22.9.17, thermal logging enhancements will not be available without updated NDK >= 22.9.17. Thus, coupling with NDK >=22.9.17 is preferred and recommended.

    Why I did it
    To address thermal logging deficiencies.

    Work item tracking
    Microsoft ADO (number only): 26365734
    How I did it
    The following changes are included:

    Threshold configuration values are provided in the associated device data .json files. There is also a change included to better handle the condition where an SFP module read fails.

    Modify the module.py reboot to support reboot linecard from Supervisor

     - Modify reboot to call _reboot_imm for single IMM card reboot
     - Add log to the ndk_cmd to log the operation of "reboot-linecard" and "shutdown/satrtup the sfm"
    Add new nokia_cmd set command and modify show ndk-status output

     - Add a new function reboot_imm() to nokia_common.py to support reboot a single IMM slot from CPM
     - Added new command: nokia_cmd set reboot-linecard <slot> [forece] for CPM
     - Append a new column "RebootStatus" at the end of output of "nokia_cmd show ndk-status"
     - Provide ability for IMM to disable all transceiver module TX at reboot time
     - Remove defunct xcvr-resync service

commit 2f8630c
Author: Marty Y. Lok <76118573+mlok-nokia@users.noreply.github.com>
Date:   Mon Jan 8 14:39:30 2024 -0500

    [Nokia-IXR7250E] Modify the platform_reboot on the IXR7250E for PMON API reboot and Disable all SFPs (sonic-net#17483)

    Why I did it
    When Supervisor card is rebooted by using PMON API, it takes about 90 seconds to trigger the shutdown in down path. At this time linecards have been up. This delays linecards database initialization which is trying to PING/PONG the database-chassis. To address this issue, we modified the NDK to use the system call with "sudo reboot" when the request is from PMON API on Supervisor case. The NDK version is 22.9.20 and greater. This new NDK requires this modifcaiton of platform_reboot to work with.

    Work item tracking
    Microsoft ADO (number only): 26365734
    How I did it
    Modify the platform_reboot In Supervisor not to reboot all IMMs since it has been done in the function reboot() in module.py. Also handle the reboot-cause.txt for on the Supervisor when the reboot is request from PMON API.
    Modify the Nokia platform specific platform_reboot in linecard to disable all SPFs.
    This PR works with NDK version 22.9.20 and above

    Signed-off-by: mlok <marty.lok@nokia.com>

commit 6926171
Author: Liu Shilong <shilongliu@microsoft.com>
Date:   Mon Jan 15 14:59:21 2024 +0800

    [build] Fix a bash script some times called by sh issue. (sonic-net#17761)

    Why I did it
    Fix a bug that sometimes the script runs in sh not bash.

    Work item tracking
    Microsoft ADO (number only): 26297955
    How I did it

commit a262306
Author: vdahiya12 <67608553+vdahiya12@users.noreply.github.com>
Date:   Tue Jan 16 11:34:19 2024 -0800

    [Arista] Update config.bcm of 7060_cx32s for handling 40g optics with unreliable los settings (sonic-net#17768)

    For 40G optics there is SAI handling of T0 facing ports to be set with SR4 type and unreliable los set for a fixed set of ports. For this property to be invoked the requirement is set
    phy_unlos_msft=1 in config.bcm.
    This change is to meet the requirement and once this property is set, the los/interface type settings is applied by SAI on the required ports.

    Why I did it
    For Arista-7060CX-32S-Q32 T1, 40G ports RX_ERR minimalization during connected device reboot
    can be achieved by turning on Unreliable LOS and SR4 media_type for all ports which are connected to T0.

    The property phy_unlos_msft=1 is to exclusively enable this property.

    Microsoft ADO: 25941176

    How I did it
    Changes in SAI and turning on property

    How to verify it
    Ran the changes on a testbed and verified configurations are as intended.

    with property

    admin@sonic2:~$ bcmcmd "phy diag xe8 dsc config" | grep -C 2 "LOS"
    Brdfe_on                    = 0
    Media Type                  = 2
    Unreliable LOS              = 1
    Scrambling Disable          = 0
    Lane Config from PCS        = 0

    without property

    admin@sonic:~$ bcmcmd "phy diag xe8 dsc config" | grep -C 2 "LOS"
    Brdfe_on                    = 0
    Media Type                  = 0
    Unreliable LOS              = 0
    Scrambling Disable          = 0
    Lane Config from PCS        = 0

    Signed-off-by: vaibhav-dahiya <vdahiya@microsoft.com>

commit 245f337
Author: Feng-msft <fenpan@microsoft.com>
Date:   Fri Jan 12 10:51:48 2024 +0800

    Fix dialout build flag issue. (sonic-net#17715)

    ### Why I did it
    Fix ENABLE_DIALOUT flag issue.

    ##### Work item tracking
    - Microsoft ADO **(number only)**: 21326000

    #### How I did it
    Update Makefile.work and add debug string.

    #### How to verify it
    ![image](https://github.com/sonic-net/sonic-buildimage/assets/97083744/960d75d1-618c-4734-acb5-7a32a28c262b)

commit b53a890
Author: Liping Xu <108326363+lipxu@users.noreply.github.com>
Date:   Fri Jan 12 15:26:06 2024 +0800

    disable restapi for leafRouter in slim image (sonic-net#17713)

    Why I did it
    For some devices with small memory, after upgrading to the latest image, the available memory is not enough.

    Work item tracking
    Microsoft ADO (number only):
    26324242
    How I did it
    Disable restapi feature for LeafRouter which with slim image.

    How to verify it
    verified on 7050qx T1 (slim image), restapi disabled
    verified on 7050qx T0 (slim image), restapi enabled
    verified on 7260 T1 (normal image), restapi enabled

commit 8561fa6
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Fri Jan 12 16:34:35 2024 +0800

    [submodule] Update submodule sonic-utilities to the latest HEAD automatically (sonic-net#17757)

    #### Why I did it
    src/sonic-utilities
    ```
    * 651a80b1 - (HEAD -> 202305, origin/202305) Modify teamd retry count script to base BGP status on default BGP status (sonic-net#3069) (22 hours ago) [Saikrishna Arcot]
    ```
    #### How I did it
    #### How to verify it
    #### Description for the changelog

commit 9f66a7d
Author: Lawrence Lee <lawlee@microsoft.com>
Date:   Wed Jan 10 14:40:15 2024 -0800

    add timeout to ping6 command (sonic-net#17729)

    Signed-off-by: Lawrence Lee <lawlee@microsoft.com>

commit 13aa19a
Author: Nazarii Hnydyn <nazariig@nvidia.com>
Date:   Wed Jan 10 15:15:55 2024 +0200

    [swss/syncd]: Remove dependency on interfaces-config.service (sonic-net#17649)

    Signed-off-by: Nazarii Hnydyn nazariig@nvidia.com

    This improvement does not bring any warm-reboot degradation, since the database availability (tcp/ip access over the loopback interface) was fixed by these PRs:

    Re-add 127.0.0.1/8 when bringing down the interfaces sonic-net#15080
    Fix potentially not having any loopback address on lo interface sonic-net#16490
    Why I did it
    Removed dependency on interfaces-config.service to speed up the boot, because interfaces-config.service takes a lot of time on init
    Work item tracking
    N/A
    How I did it
    Changed service files for swss/syncd
    How to verify it
    Boot and check swss/syncd start time comparing to interfaces-config

commit f4c15b8
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Wed Jan 10 16:34:10 2024 +0800

    [submodule] Update submodule linkmgrd to the latest HEAD automatically (sonic-net#17731)

    #### Why I did it
    src/linkmgrd
    ```
    * 2f5971f - (HEAD -> 202305, origin/202305) [warmboot] use config_db connector to update mux mode config instead of CLI (sonic-net#223) (4 hours ago) [Jing Zhang]
    ```
    #### How I did it
    #### How to verify it
    #### Description for the changelog

commit a3b5ea9
Author: Nazarii Hnydyn <nazariig@nvidia.com>
Date:   Wed Jan 10 02:56:20 2024 +0200

    [sonic-cfggen]: Optimize template rendering and database access. (sonic-net#17650)

    Signed-off-by: Nazarii Hnydyn nazariig@nvidia.com

    Why I did it
    Improved switch init time
    Work item tracking
    N/A
    How I did it
    Replaced: sonic-cfggen -> sonic-db-cli
    Aggregated template list for sonic-cfggen
    How to verify it
    Run warm-reboot

commit 44bc291
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Wed Jan 10 04:32:40 2024 +0800

    [submodule] Update submodule linkmgrd to the latest HEAD automatically (sonic-net#17721)

    #### Why I did it
    src/linkmgrd
    ```
    * 2089ab6 - (HEAD -> 202305, origin/202305) Exclude DbInterface in PR coverage check (sonic-net#224) (3 hours ago) [Jing Zhang]
    ```
    #### How I did it
    #### How to verify it
    #### Description for the changelog

commit 1337597
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Wed Jan 10 02:32:19 2024 +0800

    [submodule] Update submodule sonic-snmpagent to the latest HEAD automatically (sonic-net#17722)

    #### Why I did it
    src/sonic-snmpagent
    ```
    * e5fd192 - (HEAD -> 202305, origin/202305) Fix SNMP dropping some of the queue counter when create_only_config_db_buffers is set to true (sonic-net#303) (9 hours ago) [DavidZagury]
    ```
    #### How I did it
    #### How to verify it
    #### Description for the changelog

commit bb23f7b
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Sat Jan 6 16:42:00 2024 +0800

    [submodule] Update submodule sonic-gnmi to the latest HEAD automatically (sonic-net#17696)

commit 7ccef97
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Sat Jan 6 03:37:17 2024 +0800

    [YANG] Enable Yang model for BGP_BBR config entry (sonic-net#17622) (sonic-net#17692)

commit 8defdfe
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Sat Jan 6 01:15:01 2024 +0800

    [submodule] Update submodule sonic-sairedis to the latest HEAD automatically (sonic-net#17691)

commit b549962
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Sat Jan 6 01:00:55 2024 +0800

    [submodule] Update submodule sonic-gnmi to the latest HEAD automatically (sonic-net#17690)

commit 02dc49a
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Fri Jan 5 15:14:43 2024 +0800

    [submodule] Update submodule linkmgrd to the latest HEAD automatically (sonic-net#17687)

commit 0d31ee8
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Fri Jan 5 02:39:03 2024 +0800

    Update TELEMETRY_CLIENT YANG model (sonic-net#16861) (sonic-net#17679)

commit df22ca9
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Fri Jan 5 01:04:39 2024 +0800

    [Arista] Remove aggregate port config files for multi-asic devices (sonic-net#16923) (sonic-net#17678)

commit ca2695f
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Fri Jan 5 00:44:19 2024 +0800

    password-hardening: Add support to disable expiration date like in Linux (PAM) (sonic-net#17426) (sonic-net#17674)

commit 388457a
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Fri Jan 5 00:35:07 2024 +0800

    [arp_update]: Flush neighbors with incorrect MAC info (sonic-net#17238) (sonic-net#17677)

commit 38c5e68
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Fri Jan 5 00:32:38 2024 +0800

    Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue. (sonic-net#17281) (sonic-net#17676)

commit 76d8ff0
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Thu Jan 4 23:10:28 2024 +0800

    Update backend_acl.py to specify ACL table name (sonic-net#17553) (sonic-net#17673)

commit b72a740
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Thu Jan 4 22:37:26 2024 +0800

    [docker_image_ctl.j2]: swss docker initialization improvements (sonic-net#17628) (sonic-net#17672)

commit 609b3a7
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Thu Jan 4 22:29:00 2024 +0800

    [image_config]: Update DHCP rate-limit for mgmt TOR devices (sonic-net#17630) (sonic-net#17671)

commit 8362c09
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Tue Jan 2 15:13:53 2024 +0800

    [submodule] Update submodule sonic-swss to the latest HEAD automatically (sonic-net#17642)

commit 3cb6343
Author: Stepan Blyshchak <38952541+stepanblyschak@users.noreply.github.com>
Date:   Tue Jan 2 02:59:17 2024 +0200

    [202305] Revert bgp suppress fib pending (sonic-net#17578)

    DEPENDS ON: sonic-net/sonic-swss#2997 sonic-net/sonic-utilities#3093

    What I did

    Revert the feature.

    Why I did it

    Revert bgp suppress FIB functionality due to found FRR memory consumption issues and bugs.

    How I verified it

    Basic sanity check on t1-lag, regression in progress.

commit 64ed3d5
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Mon Jan 1 10:31:33 2024 +0800

    Fix system-health hardware_checker to consume fan tolerance details (sonic-net#16689) (sonic-net#17640)

commit 98ad3b0
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Sun Dec 31 17:01:53 2023 +0800

    [submodule] Update submodule sonic-utilities to the latest HEAD automatically (sonic-net#17643)

commit 1398daa
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Sun Dec 31 15:20:25 2023 +0800

    [submodule] Update submodule sonic-platform-daemons to the latest HEAD automatically (sonic-net#17641)

commit fb83d4d
Author: mssonicbld <79238446+mssonicbld@users.noreply.github.com>
Date:   Fri Dec 29 01:07:45 2023 +0800

    [Mellanox] wait until hw-management watchdog files ready (sonic-net#17618) (sonic-net#17633)

commit a8ad19d
Author: Junchao-Mellanox <57339448+Junchao-Mellanox@users.noreply.github.com>
Date:   Thu Dec 28 20:53:49 2023 +0800

    [202305] Optimize syslog rate limit feature for fast and warm boot (sonic-net#17478)

    Backport PR sonic-net#17458 due to conflict.

    Why I did it
    Optimize syslog rate limit feature for fast and warm boot

    Work item tracking
    Microsoft ADO (number only):
    How I did it
    Optimize redis start time
    Don't render rsyslog.conf in container startup script
    Disable containercfgd by default. There is a new CLI to enable it (in another PR)
    How to verify it
    Manual test
    Regression test
mssonicbld pushed a commit to mssonicbld/sonic-buildimage that referenced this pull request Feb 2, 2024
…lt' route table does not add to route lookup issue. (sonic-net#17281)

Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue.

#### Why I did it
When device set with IPV6 TACACS server address, and shutdown all BGP, device can't connect to TACACS server via management interface.

After investigation, I found the IPV6 'default' route table does not add to route lookup:

admin@vlab-01:~$ ip -6 rule list
1001:   from all lookup local
32765:  from fec0::ffff:afa:1 lookup default
32766:  from all lookup main
admin@vlab-01:~$

As compare:
admin@vlab-01:~$ ip -4 rule list
1001:   from all lookup local
32764:  from all to 172.17.0.1/24 lookup default
32765:  from 10.250.0.101 lookup default
32766:  from all lookup main
32767:  from all lookup default <== 'default' route table exist in IPV4 route lookup

Issue fix by add 'default' route table to route lookup with following command:
admin@vlab-01:~$ sudo ip -6 rule add pref 32767 lookup default
admin@vlab-01:~$ ip -6 rule list
1001:   from all lookup local
32765:  from fec0::ffff:afa:1 lookup default
32766:  from all lookup main
32767:  from all lookup default <== 'default' route table been added to IPV6 route lookup
admin@vlab-01:~$

##### Work item tracking
- Microsoft ADO: 25798732

#### How I did it
When management interface using 'default' route table, add 'default' route table to IPV6 route lookup.

#### How to verify it
Pass all UT.
Add new UT to cover this change.
Manually verify issue fixed:

### Tested branch (Please provide the tested image version)

- [x]  master-17281.417570-2133d58fa

#### Description for the changelog
Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue.
@mssonicbld
Copy link
Collaborator

Cherry-pick PR to 202311: #17991

mssonicbld pushed a commit that referenced this pull request Feb 2, 2024
…lt' route table does not add to route lookup issue. (#17281)

Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue.

#### Why I did it
When device set with IPV6 TACACS server address, and shutdown all BGP, device can't connect to TACACS server via management interface.

After investigation, I found the IPV6 'default' route table does not add to route lookup:

admin@vlab-01:~$ ip -6 rule list
1001:   from all lookup local
32765:  from fec0::ffff:afa:1 lookup default
32766:  from all lookup main
admin@vlab-01:~$

As compare:
admin@vlab-01:~$ ip -4 rule list
1001:   from all lookup local
32764:  from all to 172.17.0.1/24 lookup default
32765:  from 10.250.0.101 lookup default
32766:  from all lookup main
32767:  from all lookup default <== 'default' route table exist in IPV4 route lookup

Issue fix by add 'default' route table to route lookup with following command:
admin@vlab-01:~$ sudo ip -6 rule add pref 32767 lookup default
admin@vlab-01:~$ ip -6 rule list
1001:   from all lookup local
32765:  from fec0::ffff:afa:1 lookup default
32766:  from all lookup main
32767:  from all lookup default <== 'default' route table been added to IPV6 route lookup
admin@vlab-01:~$

##### Work item tracking
- Microsoft ADO: 25798732

#### How I did it
When management interface using 'default' route table, add 'default' route table to IPV6 route lookup.

#### How to verify it
Pass all UT.
Add new UT to cover this change.
Manually verify issue fixed:

### Tested branch (Please provide the tested image version)

- [x]  master-17281.417570-2133d58fa

#### Description for the changelog
Fix can't access IPV6 address via management interface because 'default' route table does not add to route lookup issue.
liuh-80 added a commit to liuh-80/sonic-buildimage that referenced this pull request Feb 6, 2024
ix IPV6 forced-mgmt-route not work issue

Why I did it
IPV6 forced-mgmt-route not work

When add a IPV6 route, should use 'ip -6 rule add pref 32764 address' command, but currently in the template the '-6' parameter are missing, so the IPV6 route been add to IPV4 route table.

Also this PR depends on sonic-net#17281 , which will fix the IPV6 'default' route table missing in IPV6 route lookup issue. 

Microsoft ADO (number only):24719238
mssonicbld pushed a commit to mssonicbld/sonic-buildimage that referenced this pull request Feb 7, 2024
ix IPV6 forced-mgmt-route not work issue

Why I did it
IPV6 forced-mgmt-route not work

When add a IPV6 route, should use 'ip -6 rule add pref 32764 address' command, but currently in the template the '-6' parameter are missing, so the IPV6 route been add to IPV4 route table.

Also this PR depends on sonic-net#17281 , which will fix the IPV6 'default' route table missing in IPV6 route lookup issue. 

Microsoft ADO (number only):24719238
mssonicbld pushed a commit to mssonicbld/sonic-buildimage that referenced this pull request Feb 7, 2024
ix IPV6 forced-mgmt-route not work issue

Why I did it
IPV6 forced-mgmt-route not work

When add a IPV6 route, should use 'ip -6 rule add pref 32764 address' command, but currently in the template the '-6' parameter are missing, so the IPV6 route been add to IPV4 route table.

Also this PR depends on sonic-net#17281 , which will fix the IPV6 'default' route table missing in IPV6 route lookup issue. 

Microsoft ADO (number only):24719238
mssonicbld pushed a commit that referenced this pull request Feb 7, 2024
ix IPV6 forced-mgmt-route not work issue

Why I did it
IPV6 forced-mgmt-route not work

When add a IPV6 route, should use 'ip -6 rule add pref 32764 address' command, but currently in the template the '-6' parameter are missing, so the IPV6 route been add to IPV4 route table.

Also this PR depends on #17281 , which will fix the IPV6 'default' route table missing in IPV6 route lookup issue. 

Microsoft ADO (number only):24719238
yxieca pushed a commit that referenced this pull request Feb 7, 2024
Fix IPV6 forced-mgmt-route not work issue

Why I did it
IPV6 forced-mgmt-route not work

When add a IPV6 route, should use 'ip -6 rule add pref 32764 address' command, but currently in the template the '-6' parameter are missing, so the IPV6 route been add to IPV4 route table.

Also this PR depends on #17281 , which will fix the IPV6 'default' route table missing in IPV6 route lookup issue. 

Microsoft ADO (number only):24719238
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants