[muxorch] Skip programming ACL for standby active-active ports (son…

…ic-net#2569) What I did Skip adding ACL for active-active ports. Why I did it Please refer to the HLD for more details: sonic-net/SONiC#1180 Signed-off-by: Longxiang Lyu <lolv@microsoft.com>
vivekrnv · Dec 15, 2022 · 577f696 · 577f696
1 parent 242ee11
commit 577f696
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 23 deletions.
diff --git a/orchagent/muxorch.cpp b/orchagent/muxorch.cpp
@@ -359,8 +359,8 @@ static bool remove_nh_tunnel(sai_object_id_t nh_id, IpAddress& ipAddr)
     return true;
 }
 
-MuxCable::MuxCable(string name, IpPrefix& srv_ip4, IpPrefix& srv_ip6, IpAddress peer_ip)
-         :mux_name_(name), srv_ip4_(srv_ip4), srv_ip6_(srv_ip6), peer_ip4_(peer_ip)
+MuxCable::MuxCable(string name, IpPrefix& srv_ip4, IpPrefix& srv_ip6, IpAddress peer_ip, MuxCableType cable_type)
+         :mux_name_(name), srv_ip4_(srv_ip4), srv_ip6_(srv_ip6), peer_ip4_(peer_ip), cable_type_(cable_type)
 {
     mux_orch_ = gDirectory.get<MuxOrch*>();
     mux_cb_orch_ = gDirectory.get<MuxCableOrch*>();
@@ -503,6 +503,11 @@ string MuxCable::getState()
 
 bool MuxCable::aclHandler(sai_object_id_t port, string alias, bool add)
 {
+    if (cable_type_ == MuxCableType::ACTIVE_ACTIVE)
+    {
+        SWSS_LOG_INFO("Skip programming ACL for mux port %s, cable type %d, add %d", alias.c_str(), cable_type_, add);
+        return true;
+    }
     if (add)
     {
         acl_handler_ = make_shared<MuxAclHandler>(port, alias);
@@ -1272,6 +1277,7 @@ bool MuxOrch::handleMuxCfg(const Request& request)
     auto srv_ip = request.getAttrIpPrefix("server_ipv4");
     auto srv_ip6 = request.getAttrIpPrefix("server_ipv6");
 
+    MuxCableType cable_type = MuxCableType::ACTIVE_STANDBY;
     std::set<IpAddress> skip_neighbors;
 
     const auto& port_name = request.getKeyString(0);
@@ -1291,6 +1297,14 @@ bool MuxOrch::handleMuxCfg(const Request& request)
             SWSS_LOG_NOTICE("%s: %s was added to ignored neighbor list", port_name.c_str(), soc_ip6.getIp().to_string().c_str());
             skip_neighbors.insert(soc_ip6.getIp());
         }
+        else if (name == "cable_type")
+        {
+            auto cable_type_str = request.getAttrString("cable_type");
+            if (cable_type_str == "active-active")
+            {
+                cable_type = MuxCableType::ACTIVE_ACTIVE;
+            }
+        }
     }
 
     if (op == SET_COMMAND)
@@ -1308,10 +1322,10 @@ bool MuxOrch::handleMuxCfg(const Request& request)
         }
 
         mux_cable_tb_[port_name] = std::make_unique<MuxCable>
-                                   (MuxCable(port_name, srv_ip, srv_ip6, mux_peer_switch_));
+                                   (MuxCable(port_name, srv_ip, srv_ip6, mux_peer_switch_, cable_type));
         addSkipNeighbors(skip_neighbors);
 
-        SWSS_LOG_NOTICE("Mux entry for port '%s' was added", port_name.c_str());
+        SWSS_LOG_NOTICE("Mux entry for port '%s' was added, cable type %d", port_name.c_str(), cable_type);
     }
     else
     {

diff --git a/orchagent/muxorch.h b/orchagent/muxorch.h
@@ -29,6 +29,12 @@ enum MuxStateChange
     MUX_STATE_UNKNOWN_STATE
 };
 
+enum MuxCableType
+{
+    ACTIVE_STANDBY,
+    ACTIVE_ACTIVE
+};
+
 // Forward Declarations
 class MuxOrch;
 class MuxCableOrch;
@@ -79,7 +85,7 @@ class MuxNbrHandler
 class MuxCable
 {
 public:
-    MuxCable(string name, IpPrefix& srv_ip4, IpPrefix& srv_ip6, IpAddress peer_ip);
+    MuxCable(string name, IpPrefix& srv_ip4, IpPrefix& srv_ip6, IpAddress peer_ip, MuxCableType cable_type);
 
     bool isActive() const
     {
@@ -110,6 +116,7 @@ class MuxCable
     bool nbrHandler(bool enable, bool update_routes = true);
 
     string mux_name_;
+    MuxCableType cable_type_;
 
     MuxState state_ = MuxState::MUX_STATE_INIT;
     bool st_chg_in_progress_ = false;

diff --git a/tests/test_mux.py b/tests/test_mux.py
@@ -554,46 +554,54 @@ def create_and_test_acl(self, appdb, dvs_acl):
 
         dvs_acl.verify_no_acl_rules()
 
-        # Set one mux port to standby, verify ACL rule with inport bitmap (1 port)
+        # Set mux port in active-active cable type, no ACL rules programmed
         self.set_mux_state(appdb, "Ethernet0", "standby")
-        sai_qualifier = self.get_expected_sai_qualifiers(["Ethernet0"], dvs_acl)
+        dvs_acl.verify_no_acl_rules()
+
+        # Set one mux port to standby, verify ACL rule with inport bitmap (1 port)
+        self.set_mux_state(appdb, "Ethernet4", "standby")
+        sai_qualifier = self.get_expected_sai_qualifiers(["Ethernet4"], dvs_acl)
         dvs_acl.verify_acl_rule(sai_qualifier, action="DROP", priority=self.ACL_PRIORITY)
 
         # Set two mux ports to standby, verify ACL rule with inport bitmap (2 ports)
-        self.set_mux_state(appdb, "Ethernet4", "standby")
-        sai_qualifier = self.get_expected_sai_qualifiers(["Ethernet0", "Ethernet4"], dvs_acl)
+        self.set_mux_state(appdb, "Ethernet8", "standby")
+        sai_qualifier = self.get_expected_sai_qualifiers(["Ethernet4", "Ethernet8"], dvs_acl)
         dvs_acl.verify_acl_rule(sai_qualifier, action="DROP", priority=self.ACL_PRIORITY)
 
-        # Set one mux port to active, verify ACL rule with inport bitmap (1 port)
         self.set_mux_state(appdb, "Ethernet0", "active")
-        sai_qualifier = self.get_expected_sai_qualifiers(["Ethernet4"], dvs_acl)
+        sai_qualifier = self.get_expected_sai_qualifiers(["Ethernet4", "Ethernet8"], dvs_acl)
         dvs_acl.verify_acl_rule(sai_qualifier, action="DROP", priority=self.ACL_PRIORITY)
 
-        # Set last mux port to active, verify ACL rule is deleted
+        # Set one mux port to active, verify ACL rule with inport bitmap (1 port)
         self.set_mux_state(appdb, "Ethernet4", "active")
+        sai_qualifier = self.get_expected_sai_qualifiers(["Ethernet8"], dvs_acl)
+        dvs_acl.verify_acl_rule(sai_qualifier, action="DROP", priority=self.ACL_PRIORITY)
+
+        # Set last mux port to active, verify ACL rule is deleted
+        self.set_mux_state(appdb, "Ethernet8", "active")
         dvs_acl.verify_no_acl_rules()
 
         # Set unknown state and verify the behavior as standby
-        self.set_mux_state(appdb, "Ethernet0", "unknown")
-        sai_qualifier = self.get_expected_sai_qualifiers(["Ethernet0"], dvs_acl)
+        self.set_mux_state(appdb, "Ethernet4", "unknown")
+        sai_qualifier = self.get_expected_sai_qualifiers(["Ethernet4"], dvs_acl)
         dvs_acl.verify_acl_rule(sai_qualifier, action="DROP", priority=self.ACL_PRIORITY)
 
         # Verify change while setting unknown from active
-        self.set_mux_state(appdb, "Ethernet4", "unknown")
-        sai_qualifier = self.get_expected_sai_qualifiers(["Ethernet0", "Ethernet4"], dvs_acl)
+        self.set_mux_state(appdb, "Ethernet8", "unknown")
+        sai_qualifier = self.get_expected_sai_qualifiers(["Ethernet4", "Ethernet8"], dvs_acl)
         dvs_acl.verify_acl_rule(sai_qualifier, action="DROP", priority=self.ACL_PRIORITY)
 
-        self.set_mux_state(appdb, "Ethernet0", "active")
-        sai_qualifier = self.get_expected_sai_qualifiers(["Ethernet4"], dvs_acl)
+        self.set_mux_state(appdb, "Ethernet4", "active")
+        sai_qualifier = self.get_expected_sai_qualifiers(["Ethernet8"], dvs_acl)
         dvs_acl.verify_acl_rule(sai_qualifier, action="DROP", priority=self.ACL_PRIORITY)
 
-        self.set_mux_state(appdb, "Ethernet0", "standby")
-        sai_qualifier = self.get_expected_sai_qualifiers(["Ethernet0", "Ethernet4"], dvs_acl)
+        self.set_mux_state(appdb, "Ethernet4", "standby")
+        sai_qualifier = self.get_expected_sai_qualifiers(["Ethernet4", "Ethernet8"], dvs_acl)
         dvs_acl.verify_acl_rule(sai_qualifier, action="DROP", priority=self.ACL_PRIORITY)
 
         # Verify no change while setting unknown from standby
-        self.set_mux_state(appdb, "Ethernet0", "unknown")
-        sai_qualifier = self.get_expected_sai_qualifiers(["Ethernet0", "Ethernet4"], dvs_acl)
+        self.set_mux_state(appdb, "Ethernet4", "unknown")
+        sai_qualifier = self.get_expected_sai_qualifiers(["Ethernet4", "Ethernet8"], dvs_acl)
         dvs_acl.verify_acl_rule(sai_qualifier, action="DROP", priority=self.ACL_PRIORITY)
 
     def create_and_test_metrics(self, appdb, statedb):
@@ -1096,7 +1104,13 @@ def test_acl(self, dvs, dvs_acl, testlog):
 
         appdb = swsscommon.DBConnector(swsscommon.APPL_DB, dvs.redis_sock, 0)
 
-        self.create_and_test_acl(appdb, dvs_acl)
+        try:
+            self.create_and_test_acl(appdb, dvs_acl)
+        finally:
+            self.set_mux_state(appdb, "Ethernet0", "active")
+            self.set_mux_state(appdb, "Ethernet4", "active")
+            self.set_mux_state(appdb, "Ethernet8", "active")
+            dvs_acl.verify_no_acl_rules()
 
     def test_mux_metrics(self, dvs, testlog):
         """ test metrics for mux state change """