[multi-asic] Make sure Everflow tables always gets classified as Mirror table (#7241)

Make sure Everflow always gets classified as Mirror table and not as Control Plane on multi-asic platforms. Why I did: In Multi-asic platforms we generate Everflow acl table data from minigraph for both host and namespace. It is possible in multi-asic minigraph if there are no external port-channel (Only Router Port IP Interface) then Everflow table will have no binded interface in host and will gets classified as Control Plane ACL while in namespace gets classified as Mirror Table. For ACL Rule generation we read global db as source of truth for acl table information and so for everflow rule generation if tables gets classified as Control plane we can generate rules with invalid action causing orchagent to throw runtime error. How I did: If the table is attach to erspan interface in minigraph then it always gets classified as mirror table.
2021-04-07 13:35:34 -07:00 · 2021-04-07 13:35:34 -07:00 · 16b97f1859
commit 16b97f1859
parent 840f19af18
3 changed files with 1338 additions and 1 deletions
--- a/src/sonic-config-engine/minigraph.py
+++ b/src/sonic-config-engine/minigraph.py
@ -437,7 +437,11 @@ def parse_dpg(dpg, hname):
                        if panel_port not in intfs_inpc and panel_port not in acl_intfs:
                            acl_intfs.append(panel_port)
                    break
-            if acl_intfs:
+            # if acl is classified as mirror (erpsan) or acl interface 
+            # are binded then do not classify as Control plane.
+            # For multi-asic platforms it's possible there is no
+            # interface are binded to everflow in host namespace.
+            if acl_intfs or is_mirror_v6 or is_mirror:
                # Remove duplications
                dedup_intfs = []
                for intf in acl_intfs:
--- a/src/sonic-config-engine/tests/multi_npu_data/sample-minigraph-noportchannel.xml
+++ b/src/sonic-config-engine/tests/multi_npu_data/sample-minigraph-noportchannel.xml
--- a/src/sonic-config-engine/tests/test_multinpu_cfggen.py
+++ b/src/sonic-config-engine/tests/test_multinpu_cfggen.py
@ -24,6 +24,7 @@ class TestMultiNpuCfgGen(TestCase):
        self.test_data_dir = os.path.join(self.test_dir,  'multi_npu_data')
        self.script_file = os.path.join(self.test_dir, '..', 'sonic-cfggen')
        self.sample_graph = os.path.join(self.test_data_dir, 'sample-minigraph.xml')
+        self.sample_graph1 = os.path.join(self.test_data_dir, 'sample-minigraph-noportchannel.xml')
        self.port_config = []
        for asic in range(NUM_ASIC):
            self.port_config.append(os.path.join(self.test_data_dir, "sample_port_config-{}.ini".format(asic)))
@ -180,6 +181,14 @@ class TestMultiNpuCfgGen(TestCase):
            utils.liststr_to_dict("['PortChannel4001|10.1.0.1/31', 'PortChannel0002|FC00::1/126', 'PortChannel4002|10.1.0.3/31', 'PortChannel0002', 'PortChannel0002|10.0.0.0/31', 'PortChannel4001', 'PortChannel4002']")
        )

+    def test_frontend_asic_routerport_intf(self):
+        argument = "-m {} -p {} -n asic0 -v \"INTERFACE.keys()|list\"".format(self.sample_graph1, self.port_config[0])
+        output = self.run_script(argument)
+        self.assertEqual(
+            utils.liststr_to_dict(output.strip()),
+            utils.liststr_to_dict("['Ethernet0', ('Ethernet0', '10.0.0.0/31'), 'Ethernet4', ('Ethernet0', 'FC00::1/126'), ('Ethernet4', 'FC00::2/126'), ('Ethernet4', '10.0.0.2/31')]")
+        )
+
    def test_backend_asic_portchannel_intf(self):
        argument = "-m {} -p {} -n asic3 --var-json \"PORTCHANNEL_INTERFACE\"".format(self.sample_graph, self.port_config[3])
        output = self.run_script(argument)
@ -279,6 +288,15 @@ class TestMultiNpuCfgGen(TestCase):
                             'EVERFLOWV6':{'policy_desc': 'EVERFLOWV6', 'ports': ['PortChannel0002','PortChannel0008'], 'stage': 'ingress', 'type': 'MIRRORV6'},
                             'SNMP_ACL':  {'policy_desc': 'SNMP_ACL',    'services': ['SNMP'],        'stage': 'ingress', 'type': 'CTRLPLANE'},
                             'SSH_ONLY':  {'policy_desc': 'SSH_ONLY',    'services': ['SSH'],         'stage': 'ingress', 'type': 'CTRLPLANE'}})
+    def test_global_asic_acl1(self):
+        argument = "-m {} --var-json \"ACL_TABLE\"".format(self.sample_graph1)
+        output = json.loads(self.run_script(argument))
+        self.assertDictEqual(output, {\
+                             'EVERFLOW':  {'policy_desc': 'EVERFLOW',   'ports': [], 'stage': 'ingress', 'type': 'MIRROR'},
+                             'EVERFLOWV6':{'policy_desc': 'EVERFLOWV6', 'ports': [], 'stage': 'ingress', 'type': 'MIRRORV6'},
+                             'SNMP_ACL':  {'policy_desc': 'SNMP_ACL',    'services': ['SNMP'],        'stage': 'ingress', 'type': 'CTRLPLANE'},
+                             'SSH_ONLY':  {'policy_desc': 'SSH_ONLY',    'services': ['SSH'],         'stage': 'ingress', 'type': 'CTRLPLANE'}})
+

    def test_front_end_asic_acl(self):
        argument = "-m {} -p {} -n asic0 --var-json \"ACL_TABLE\"".format(self.sample_graph, self.port_config[0])
@ -290,11 +308,27 @@ class TestMultiNpuCfgGen(TestCase):
                             'SNMP_ACL':  {'policy_desc': 'SNMP_ACL',    'services': ['SNMP'],        'stage': 'ingress', 'type': 'CTRLPLANE'},
                             'SSH_ONLY':  {'policy_desc': 'SSH_ONLY',    'services': ['SSH'],         'stage': 'ingress', 'type': 'CTRLPLANE'}})

+    def test_front_end_asic_acl1(self):
+        argument = "-m {} -p {} -n asic0 --var-json \"ACL_TABLE\"".format(self.sample_graph1, self.port_config[0])
+        output = json.loads(self.run_script(argument))
+        self.assertDictEqual(output, {\
+                             'EVERFLOW':  {'policy_desc': 'EVERFLOW',   'ports': ['Ethernet0','Ethernet4'], 'stage': 'ingress', 'type': 'MIRROR'},
+                             'EVERFLOWV6':{'policy_desc': 'EVERFLOWV6', 'ports': ['Ethernet0','Ethernet4'], 'stage': 'ingress', 'type': 'MIRRORV6'},
+                             'SNMP_ACL':  {'policy_desc': 'SNMP_ACL',    'services': ['SNMP'],        'stage': 'ingress', 'type': 'CTRLPLANE'},
+                             'SSH_ONLY':  {'policy_desc': 'SSH_ONLY',    'services': ['SSH'],         'stage': 'ingress', 'type': 'CTRLPLANE'}})
+
+
    def test_back_end_asic_acl(self):
        argument = "-m {} -p {} -n asic3 --var-json \"ACL_TABLE\"".format(self.sample_graph, self.port_config[3])
        output = json.loads(self.run_script(argument))
        self.assertDictEqual(output, {})

+    def test_back_end_asic_acl1(self):
+        argument = "-m {} -p {} -n asic3 --var-json \"ACL_TABLE\"".format(self.sample_graph1, self.port_config[3])
+        output = json.loads(self.run_script(argument))
+        self.assertDictEqual(output, {})
+
+
    def test_loopback_intfs(self):
        argument = "-m {} --var-json \"LOOPBACK_INTERFACE\"".format(self.sample_graph)
        output = json.loads(self.run_script(argument))