matthew/sonic-buildimage
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

For egress ACL attaching to vlan, we break them into vlan members (#6898)

Browse Source 
Same as https://github.com/Azure/sonic-buildimage/pull/6895
But target against 201911 branch
This commit is contained in:
Qi Luo 2021-02-27 20:19:29 -08:00 committed by GitHub
parent 3a554794f2
commit 95ec75e24e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 34 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/sonic-config-engine/minigraph.py
View File

@ -347,7 +347,6 @@ def parse_dpg(dpg, hname):
pcs[pcintfname] = {'members': pcmbr_list, 'min_links': str(int(math.ceil(len(pcmbr_list) * 0.75)))} pcs[pcintfname] = {'members': pcmbr_list, 'min_links': str(int(math.ceil(len(pcmbr_list) * 0.75)))}
vlanintfs = child.find(str(QName(ns, "VlanInterfaces"))) vlanintfs = child.find(str(QName(ns, "VlanInterfaces")))
vlan_intfs = []
vlans = {} vlans = {}
vlan_members = {} vlan_members = {}
intf_vlan_mbr = defaultdict(list) intf_vlan_mbr = defaultdict(list)
@ -370,7 +369,7 @@ def parse_dpg(dpg, hname):
else: else:
vlan_members[(sonic_vlan_member_name, vmbr_list[i])] = {'tagging_mode': 'untagged'} vlan_members[(sonic_vlan_member_name, vmbr_list[i])] = {'tagging_mode': 'untagged'}
vlan_attributes = {'vlanid': vlanid} vlan_attributes = {'vlanid': vlanid, 'members': vmbr_list }
# If this VLAN requires a DHCP relay agent, it will contain a <DhcpRelays> element # If this VLAN requires a DHCP relay agent, it will contain a <DhcpRelays> element
# containing a list of DHCP server IPs # containing a list of DHCP server IPs
@ -394,7 +393,7 @@ def parse_dpg(dpg, hname):
aclname = aclintf.find(str(QName(ns, "OutAcl"))).text.upper().replace(" ", "_").replace("-", "_") aclname = aclintf.find(str(QName(ns, "OutAcl"))).text.upper().replace(" ", "_").replace("-", "_")
stage = "egress" stage = "egress"
else: else:
system.exit("Error: 'AclInterface' must contain either an 'InAcl' or 'OutAcl' subelement.") sys.exit("Error: 'AclInterface' must contain either an 'InAcl' or 'OutAcl' subelement.")
aclattach = aclintf.find(str(QName(ns, "AttachTo"))).text.split(';') aclattach = aclintf.find(str(QName(ns, "AttachTo"))).text.split(';')
acl_intfs = [] acl_intfs = []
is_mirror = False is_mirror = False
@ -411,7 +410,11 @@ def parse_dpg(dpg, hname):
# to LAG will be applied to all the LAG members internally by SAI/SDK # to LAG will be applied to all the LAG members internally by SAI/SDK
acl_intfs.append(member) acl_intfs.append(member)
elif vlans.has_key(member): elif vlans.has_key(member):
acl_intfs.append(member) # For egress ACL attaching to vlan, we break them into vlan members
if stage == "egress":
acl_intfs.extend(vlans[member]['members'])
else:
acl_intfs.append(member)
elif port_alias_map.has_key(member): elif port_alias_map.has_key(member):
acl_intfs.append(port_alias_map[member]) acl_intfs.append(port_alias_map[member])
# Give a warning if trying to attach ACL to a LAG member interface, correct way is to attach ACL to the LAG interface # Give a warning if trying to attach ACL to a LAG member interface, correct way is to attach ACL to the LAG interface
@ -435,9 +438,15 @@ def parse_dpg(dpg, hname):
acl_intfs.append(panel_port) acl_intfs.append(panel_port)
break break
if acl_intfs: if acl_intfs:
# Remove duplications
dedup_intfs = []
for intf in acl_intfs:
if intf not in dedup_intfs:
dedup_intfs.append(intf)
acls[aclname] = {'policy_desc': aclname, acls[aclname] = {'policy_desc': aclname,
'stage': stage, 'stage': stage,
'ports': acl_intfs} 'ports': dedup_intfs}
if is_mirror: if is_mirror:
acls[aclname]['type'] = 'MIRROR' acls[aclname]['type'] = 'MIRROR'
elif is_mirror_v6: elif is_mirror_v6:

16
src/sonic-config-engine/tests/t0-sample-graph.xml
View File

@ -260,6 +260,20 @@
<MacAddress i:nil="true"/> <MacAddress i:nil="true"/>
<SecondarySubnets/> <SecondarySubnets/>
</VlanInterface> </VlanInterface>
<VlanInterface>
<Name>Vlan98</Name>
<AttachTo>fortyGigE0/100;PortChannel01;PortChannel03</AttachTo>
<NoDhcpRelay>False</NoDhcpRelay>
<StaticDHCPRelay>0.0.0.0/0</StaticDHCPRelay>
<FhrpProtoType i:nil="true"/>
<Type>UserDefinedL2Vlan</Type>
<DhcpRelays>192.0.0.1;192.0.0.2</DhcpRelays>
<VlanID>98</VlanID>
<Tag>98</Tag>
<Subnets/>
<MacAddress i:nil="true"/>
<SecondarySubnets/>
</VlanInterface>
</VlanInterfaces> </VlanInterfaces>
<IPInterfaces> <IPInterfaces>
<IPInterface> <IPInterface>
@ -331,7 +345,7 @@
<Type>DataPlane</Type> <Type>DataPlane</Type>
</AclInterface> </AclInterface>
<AclInterface> <AclInterface>
<AttachTo>PortChannel01;PortChannel02</AttachTo> <AttachTo>PortChannel01;PortChannel02;Vlan98</AttachTo>
<OutAcl>DataAclEgress</OutAcl> <OutAcl>DataAclEgress</OutAcl>
<Type>DataPlane</Type> <Type>DataPlane</Type>
</AclInterface> </AclInterface>

8
src/sonic-config-engine/tests/test_cfggen.py
View File

@ -166,7 +166,7 @@ class TestCfgGen(TestCase):
"'DATAACLINGRESS': {'stage': 'ingress', 'type': 'L3', 'ports': ['PortChannel01', 'PortChannel02', 'PortChannel03', 'PortChannel04'], 'policy_desc': 'DATAACLINGRESS'}, " "'DATAACLINGRESS': {'stage': 'ingress', 'type': 'L3', 'ports': ['PortChannel01', 'PortChannel02', 'PortChannel03', 'PortChannel04'], 'policy_desc': 'DATAACLINGRESS'}, "
"'SNMP_ACL': {'services': ['SNMP'], 'type': 'CTRLPLANE', 'policy_desc': 'SNMP_ACL', 'stage': 'ingress'}, " "'SNMP_ACL': {'services': ['SNMP'], 'type': 'CTRLPLANE', 'policy_desc': 'SNMP_ACL', 'stage': 'ingress'}, "
"'SSH_ACL': {'services': ['SSH'], 'type': 'CTRLPLANE', 'policy_desc': 'SSH_ACL', 'stage': 'ingress'}, " "'SSH_ACL': {'services': ['SSH'], 'type': 'CTRLPLANE', 'policy_desc': 'SSH_ACL', 'stage': 'ingress'}, "
"'DATAACLEGRESS': {'stage': 'egress', 'type': 'L3', 'ports': ['PortChannel01', 'PortChannel02'], 'policy_desc': 'DATAACLEGRESS'}, " "'DATAACLEGRESS': {'stage': 'egress', 'type': 'L3', 'ports': ['PortChannel01', 'PortChannel02', 'Ethernet100', 'PortChannel03'], 'policy_desc': 'DATAACLEGRESS'}, "
"'EVERFLOWV6': {'stage': 'ingress', 'type': 'MIRRORV6', 'ports': ['PortChannel01', 'PortChannel02', 'PortChannel03', 'PortChannel04', 'Ethernet4', 'Ethernet100'], 'policy_desc': 'EVERFLOWV6'}}" "'EVERFLOWV6': {'stage': 'ingress', 'type': 'MIRRORV6', 'ports': ['PortChannel01', 'PortChannel02', 'PortChannel03', 'PortChannel04', 'Ethernet4', 'Ethernet100'], 'policy_desc': 'EVERFLOWV6'}}"
) )
) )
@ -196,9 +196,9 @@ class TestCfgGen(TestCase):
self.assertEqual( self.assertEqual(
utils.to_dict(output.strip()), utils.to_dict(output.strip()),
utils.to_dict( utils.to_dict(
"{'Vlan1000': {'alias': 'ab1', 'dhcp_servers': ['192.0.0.1', '192.0.0.2'], 'vlanid': '1000'}, " "{'Vlan1000': {'alias': 'ab1', 'dhcp_servers': ['192.0.0.1', '192.0.0.2'], 'vlanid': '1000', 'members': ['Ethernet8']}, "
"'Vlan2001': {'alias': 'ab3', 'dhcp_servers': ['192.0.0.1', '192.0.0.2'], 'vlanid': '2001'}," "'Vlan2001': {'alias': 'ab3', 'dhcp_servers': ['192.0.0.1', '192.0.0.2'], 'vlanid': '2001', 'members': ['Ethernet12']},"
"'Vlan2000': {'alias': 'ab2', 'dhcp_servers': ['192.0.0.1', '192.0.0.2'], 'vlanid': '2000'}}" "'Vlan2000': {'alias': 'ab2', 'dhcp_servers': ['192.0.0.1', '192.0.0.2'], 'vlanid': '2000', 'members': ['Ethernet12']}}"
) )
) )

2
src/sonic-config-engine/tests/test_minigraph_case.py
View File

@ -79,7 +79,7 @@ class TestCfgGenCaseInsensitive(TestCase):
output = self.run_script(argument) output = self.run_script(argument)
self.assertEqual( self.assertEqual(
utils.to_dict(output.strip()), utils.to_dict(output.strip()),
utils.to_dict("{'Vlan1000': {'alias': 'ab1', 'dhcp_servers': ['192.0.0.1', '192.0.0.2'], 'vlanid': '1000'}}") utils.to_dict("{'Vlan1000': {'alias': 'ab1', 'dhcp_servers': ['192.0.0.1', '192.0.0.2'], 'vlanid': '1000', 'members': ['Ethernet8'] }}")
) )
def test_minigraph_vlan_members(self): def test_minigraph_vlan_members(self):