[caclmgrd]Allow Vxlan udp port on receiving vxlan tunnel configuration #50
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: dgsudharsan <sudharsand@nvidia.com>
volodymyrsamotiy
approved these changes
Mar 20, 2023
|
The coverage is not met due to the absence of mock for generic swss library components which is missing today. I have added tests to cover the APIs introduced. |
ZhaohuiS
reviewed
Mar 21, 2023
scripts/caclmgrd
Outdated
| iptables_cmds = [] | ||
|
|
||
| # Add iptables/ip6tables commands to allow VxLAN packets | ||
| if ":" in self.VxlanSrcIP: |
There was a problem hiding this comment.
@dgsudharsan Is it better to use this statement to check if it's ipv4 or ipv6?
if isinstance(ip_addr, ipaddress.IPv4Address):
ZhaohuiS
reviewed
Mar 21, 2023
scripts/caclmgrd
Outdated
| iptables_cmds = [] | ||
|
|
||
| # Remove iptables/ip6tables commands that allow VxLAN packets | ||
| if ":" in self.VxlanSrcIP: |
There was a problem hiding this comment.
@dgsudharsan Same comment as previous one.
|
@StormLiangMS Can you please create a new 202211 branch for sonic-host-services? |
|
@dgsudharsan cherry pick failed, could you submit a separate PR for 202211? |
StormLiangMS
pushed a commit
that referenced
this pull request
Apr 20, 2023
[caclmgrd]Allow Vxlan udp port on receiving vxlan tunnel configuration
lukasstockner
added a commit
to genesiscloud/sonic-buildimage
that referenced
this pull request
May 12, 2023
Original is here: sonic-net/sonic-host-services#50
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently VxLAN packets are dropped due to absence of rule in iptables. When there is L3 traffic on egress VTEP with no ARP entry, due to the absence of processing by kernel, the traffic gets dropped.
Instead the VxLAN packets should be processed and ARP request needs to be resolved by the kernel.
Made changes to allow VxLAN udp port when VxLAN tunnel is configured.
Note: This change doesn't consider the VxLAN_PORT configuration in the switch table. This use case is for the VNET and for EVPN the default value of 4789 is used.