-
Notifications
You must be signed in to change notification settings - Fork 520
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add mandatory ACL actions when creating mirror ACL table #2205
Closed
Closed
Changes from all commits
Commits
Show all changes
3 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AclTableType
was designed to be an immutable data structure, so you cannot change it after it has been created. This is due to the fact that matches, actions, bind point types are CREATE_ONLY SAI attributes. Adding mutable methods breaks this invariant. An object of typeAclTableType
may have been used to create tables already and changing the definition of a table type may cause divergence between software and hardware state.Instead, a builder
AclTableTypeBuilder
is used to createAclTableType
s.Why not adding neccessary actions in
initDefaultTableTypes
- https://github.com/Azure/sonic-swss/blob/master/orchagent/aclorch.cpp#L2895 ?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We also saw similar issue on broadcom paltform. Please see sonic-net/sonic-buildimage#10425.
We may have two options to workaround this issue
is_mandatory
toFalse
for the general ACL type, such asL3
,L3V6
What do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, I see, so the issue may be due to SAI telling that action list is mandatory even if it is not (because it worked without actions before ACL table types changes). In this case, hardcoding is_mandatory to be False for the types we know should work without explicitly passing action list should be a simpler workaround. Put a comment that this hardcode needs to be removed once SAI is fixed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Based on our communication with broadcom, action list is mandatory when creating mirror acl table. Otherwise, SAI acl table creation will fail. Can you elaborate how would hardcoding is_mandatory to be False work around the SAI limitation?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the easiest change may be bypass the below check for the known ACL types
https://github.com/Azure/sonic-swss/blob/bbbd5f44f2c55808785672177e44527f635204d6/orchagent/aclorch.cpp#L1881-L1888
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@stepanblyschak Mirroring probably worked in fixed box before. My PR is to get mirroring work in broadcom VOQ chassis.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ysmanman
Thanks for the update. Could you clarify why SAI call will fail if we bypass this check? Before this change, there is no check for action list existance. Is it a new feature of SAI?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@bingwang-ms @stepanblyschak Let me provide some context of this PR. We were testing mirroring in broadcom DNX or VOQ chassis with broadcom SAI 5.2 and observed orchagent failed to add ACL rule in mirroring ACL table. The failure is because the ACL actions is not provided at the time of mirror ACL table creation. Broadcom DNX devices need ACL action list at the time of ACL table creation. To address this issue, this PR adds required ACL actions to mirroring type ACL table if the action list is mandatory on table creation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @ysmanman .
I saw similar issues when testing on Broadcom XGS devices. Please see sonic-net/sonic-buildimage#10425.
Per your clarification, the action_list for ACL table is a must when we creating ACL table now? If that's the case, my by-pass solution will not work. The solution in this PR makes sense. We have to do similar change for other ACL table types (L3, L3V6, and etc.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ysmanman @bingwang-ms Thanks for explanation. This PR makes sense. I noticed you do not modify the acl table type in m_aclTableTypes but a copy in AclTable. That is fine to me. You can mark this as resolved