[fix] Use the same storm detection condition for queue occupancy non-zero case as the zero case (#1111)
Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
a364614 2021-04-22 | [201911][acl] Use a list instead of a comma-separated string for ACL port list (#1576) [Danny Allen]
391e524 2021-04-15 | [201911] Fix Multi-ASIC show specific resursive route (#1563) [gechiang]
4a497407c8697a8c531ab999da95936ac1e71c9b (HEAD -> 201911, origin/201911) Fix the LLDP_LOC_CHASSIS not getting populated if no remote neighbors are present (#39)
Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
#### Why I did it
Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.
#### How I did it
Upgrade to 3.0.16
Feb 17 Fix tests failing due to duplicate vxlan tunnel creation (#75)
Mar 11 Update route api to specify limitation (#77)
Apr 01 Add host_ifname field while adding entry in VLAN table (#80)
Make sure Everflow always gets classified as Mirror table and not as Control Plane on multi-asic platforms.
Why I did:
In Multi-asic platforms we generate Everflow acl table data from minigraph for both host and namespace.
It is possible in multi-asic minigraph if there are no external port-channel (Only Router Port IP Interface) then Everflow table will have no binded interface in host and will gets classified as Control Plane ACL while in namespace gets classified as Mirror Table.
For ACL Rule generation we read global db as source of truth for acl table information and so for everflow rule generation if tables gets classified as Control plane we can generate rules with invalid action causing orchagent to throw runtime error.
How I did:
If the table is attach to erspan interface in minigraph then it always gets classified as mirror table.
ecc1f9b1bb0ad18843e0f969fe8564cf37bf2080 (HEAD -> 201911, origin/201911)
[acl_loader]: add iptype match to the rules for dataplane acl
Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
ad9022ebf9c13b59ef8dc47aaa1f89628e64315e (HEAD -> 201911, origin/201911) Reduce time taken by show commands on multi-asic platforms (#1544)
4993a3644bff689701aac2ee2b10c351a9d241ef [fast-reboot]: Fix fail to execute fast-reboot problem (#1047)
Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
Backport of https://github.com/Azure/sonic-buildimage/pull/7031 to the 201911 branch
#### Why I did it
To enable parsing the `AutoNegotiation` element from the LinkMetadata section of minigraph file
#### How I did it
Parse the value `AutoNegotiation` element from the `LinkMetadata` section of minigraph file. If the element is present, an `autoneg` key will be added to the port in the `PORT` table of Config DB with a value of either `0` or `1`
If an `autoneg` value is present in port_config.ini, the value from the minigraph will take precedence, overriding that value.
Also remove `AutoNegotiation` and `EnableAutoNegotiation` elements from the `DeviceInfo` section, as we will use this data in the `LinkMetadata` section to determine whether to enable auto-negotiation for a port.
Why I did it
It was observed that on a multi-asic DUT bootup, the BGP internal sessions between ASIC's was taking more time to get ESTABLISHED than external BGP sessions. The internal sessions was coming up almost exactly 120 secs later.
In multi-asic platform the bgp dockers ( which is per ASIC ) on switch start are bring brought up around the same time and they try to make the bgp sessions with neighbors (in peer ASIC's) which may be not be completely up. This results in BGP connect fail and the retry happens after 120sec which is the default Connect Retry Timer
How I did it
Add the command to set the bgp neighboring session retry timer to 10sec for internal bgp neighbors.
Included commits in sonic-py-swsssdk
```
63c75c1 2021-03-14 | Workaround Mellanox default vlan has no SAI_VLAN_ATTR_VLAN_ID attribute (#103) [Qi Luo]
```
Included commits in sonic-snmpagent
```
a8c6e36 2021-03-15 | Implement rfc4363 FdbUpdater for lag inside vlan (#204) [Qi Luo]
```
It is possible to have DHCP relay configuration with no servers/
helpers which result in DHCP container to crash. This PR fixes this
issue by not starting DHCP relay for vlans with no DHCP helpers.
resolves: #6931closes: #6931
Do not add program group for dhcp relay with not dhcp helpers
Unit test
d81828c6740f2d4fca59fe3ec1d0adb1088a9dbb (HEAD -> 201911, origin/201911) Updated lldpRemManAddrTable to use all the management ip address associated with interface. (#201)
093a3c2c5bc688ddc5e5362dc657f19175e12ce8 Fix fdb_vlanmac() on corner cases (#193)
Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
Included commits in sonic-py-swsssdk repo
```
4e0c561 2019-11-19 | read portchannel name from LAG_NAME_MAP_TABLE in COUNTERS_DB (#51) [anilkpandey]
```
Included commits in sonic-snmpagent repo
```
02dc2ce 2021-03-12 | add mock tables for LAG_NAME_MAP_TABLE in COUNTERS_DB (#202) [Qi Luo]
```
Closes issue #6982.
The issue was root caused as we were using the unix_socket for reading from DB as a default mechanism (#5250). The redis unix socket is created as follows.
admin@str--acs-1:~$ ls -lrt /var/run/redis/redis.sock
srwxrw---- 1 root redis 0 Mar 6 01:57 /var/run/redis/redis.sock
So it used to work fine for the user "root" or if user is part of redis group ( admin was made part of redis group by default )
Check if the user is with sudo permissions then use the redis unix socket, else fallback to tcp socket.
- [201911][acl] Expand VLAN into VLAN members when creating an ACL table (#1477)
- [201911][acl-loader] Add support for matching on ICMP and VLAN info (#1476)
- [201911][acl-loader] Improve input validation for acl_loader (#1481)
Signed-off-by: Danny Allen <daall@microsoft.com>
1. Made the command next-hop-self force only applicable on back-end asic bgp. This is done so that BGPL iBGP session running on backend can send e-BGP learn nexthop. Back end asic FRR is able to recursively resolve the eBGP nexthop in its routing table since it knows about all the connected routes advertise from front end asic.
2. Made all front-end asic bgp use global loopback ip (Loopback0) as router id and back end asic bgp use Loopbacl4096 as ruter-id and originator id for Route-Reflector. This is done so that routes learnt by external peer do not see Loopback4096 as router id in show ip bgp <route-prerfix> output.
3. To handle above change need to pass Loopback4096 from BGP manager for jinja2 template generation. This was missing and this change/fix is needed for this also https://github.com/Azure/sonic-buildimage/blob/master/dockers/docker-fpm-frr/frr/bgpd/templates/dynamic/instance.conf.j2#L27
4. Enhancement to add mult_asic specific bgpd template generation unit test cases.
Enable BBR config allowas-in 1 for internal peers
Why I did:
To advertise BBR routes learnt via e-BGP peer in one asic/namespace to another iBGP asic/namespace via Route Reflector.
