* [device][accton]: Update for AS5835-54T
* [device][accton]: Update for AS5835-54T to delete its config.bcm off-loading to the self-brought up of the Broadcom SAI version, 3.5.2.3 due to SONiC not supported.
* [device][accton]: Add config.bcm for AS5835-54T
* Ran config_checker passed on our config.bcm, however, we off-loaded the needed MV2 SDK config setting to our self-brought up SAI libraries due to the compatibility of config_check among SONiC different branches.
[-] help_cli_enable=1
[-] ifp_inports_support_enable=1
[-] memlist_enable=1
[-] port_flex_enable=1
[-] reglist_enable=1
* [device][accton]: Update config.bcm for AS5835-54T based on the latest config_checker
Co-authored-by: Polly Hsu <pollyhsu2git@gmail.com>
- What I did
1. Rename the config.bcm to th2-as7816-64x25G-48x100G_row1.config.bcm,
due to that it just allow 1st row of TH2 to be breakout
2. Add port_flex_enable to support dynamic port breakout.
3. Remove the loopback port due to it would make syncd terminate.
=> The port_config.ini doesn't include the loopback ports.
When portsorch start, it would compare the ports in SDK and port_config.ini.
Portsorch would remove the loopback ports due to the loopback ports didn't been defined in port_config.ini
But the broadcom SAI doesn't support remove port for th2.
So it would return fail and syncd would terminate.
- How I did it
- How to verify it
Run with the new SONiC image and syncd would not terminate
Signed-off-by: chiourung_huang <chiourung_huang@edge-core.com>
- bug fix : Fixed an issue which the nps ko file was not loaded due to the wrong service file name
- Optimize the code to reduce changes due to the kernel upgrade
- Remove nephos ko file loaded in swss.service.j2 because it has loaded at syncd.service.j2
* Adding new BGP peer groups PEER_V4_INT and PEER_V6_INT. The internal BGP sessions
will be added to this peer group while the external BGP sessions will be added
to the exising PEER_V4 and PEER_V6 peer group.
* Check for "ASIC" keyword in the hostname to identify the internal neighbors.
* The following changes for multi-npu platforms are done
- Set the type in device_metadata for asic configuration to be same as host
- Set the admin-status of internal bgp sessions as up
Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
* Changes to support config-setup service for multi-npu
platforms. For Multi-npu we are not supporting as of
now config initializtion and ZTP. It will support creating
config db from minigraph or using config db from previous
file system
Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
* Address Review Comments.
* Address Review comments
* Address Review Comments of using pyhton based config load_minigraph/
config save/config reload from shell scripts so that we don't duplicate
code. Also while running from shell we will skip stop/start services
done by those commands.
* Updated to use python command so no code duplication.
For detecting transceiver change events through xcvrd in DellEMC S6000, S6100 and Z9100 platforms.
- In S6000, rename 'get_transceiver_change_event' in chassis.py to 'get_change_event' and return appropriate values.
- In S6100, implement 'get_change_event' through polling method (poll interval = 1 second) in chassis.py (Transceiver insertion/removal does not generate interrupts due to a CPLD bug)
- In Z9100, implement 'get_change_event' through interrupt method using select.epoll().
* [ntp] enable/disable NTP long jump according to reboot type
- Enable NTP long jump after cold reboot.
- Disable NTP long jump after warrm/fast reboot.
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
* fix typo
* further refactoring
* use sonic-db-cli instead
lldpmgrd listens for changes to the PORT table in the CONFIG_DB and APP_DB in order to handle alias/description config change. It checks if port is up or down by looking into the oper-status for in APP_DB PORT TABLE. If it cannot find it in the App DB, it will log error.
During initializing, it is possible that there is a port change in CONFIG_DB and but the not ready in APP_DB.
The change here is to only log error in is_port_up() after port init done.
Fix is_mgmt_vrf_enabled when MGMT_VRF_CONFIG is not present the config (#885)
Changes to support acl-loader command for multi-npu platforms. (#908)
Stop/Start restapi server upon config reload (#911)
[fanshow] Add column drawer name and led status to output of show
platform(#991)
[MultiDB] use sonic-db-cli instead of redis-cli in new added codes
(#907)
[show] Add `ntpstat` output to `show ntp` (#861)
[config] Log invocation of config commands to syslog (#259)
Remove dependency on click-default-group package (#903)
[config] Add 'interface transceiver' subgroup with 'lpmode' and 'rese…'
(#904)
[show] Add 'errors' and 'rates' subcommands to 'show interfaces
count…(#900)
[config] Support load_minigraph command for multi NPU platform (#896)
[Vnet] Fix NameError for 'swsssdk' and align output (#902)
* Moved utility functions for multi-npu platforms from
sonic-utilities config/main.py to here so that they can be used
any module
* Fix the issue with test run during compilation with acl-uploader
PR#908 of sonic-utilities.
* Fix get_num_npu as it was retuning string and not int
* Address Review Comments
* Address Review Comments
This patchset implement the following:
- Setting the FAN frequency
- Corrections to the EM policy with respect to platform
defined temperature / fan values
- Updates to the platform monitorng script logging
- Fixes to platform initialization script
Signed-off-by: Ciju Rajan K <crajank@juniper.net>
Since the introduction of VRF, interface-related tables in ConfigDB will have multiple entries, one of which only contains the interface name and no IP prefix. Thus, when iterating over the keys in the tables, we need to ignore the entries which do not contain IP prefixes.
and then we load image and reboot even if there was existing
config_db.json we will look for DHCP Service. we should disbale
update_graph in such cases. This behaviour is silimar to what we have in
201811 image.
* [sonic-buildimage] updated minigraph for ACL Table data and ACL Interface
binding update for multu-npu platform based on subrole as "Frontend" or
"Backend". For backend npu no ACL table is associated. For frontend npu
only front-panel interface are associated.
Updated with test case and fix typo in sample-mingraph for npu
Address Review comments
Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
* Fixed the logic as per preview comment. Interface Filter logic
only applies to Everflow/Mirror tables.
* Address Review Comments.
Modified caclmgrd behavior to enhance control plane security as follows:
Upon starting or receiving notification of ACL table/rule changes in Config DB:
1. Add iptables/ip6tables commands to allow all incoming packets from established TCP sessions or new TCP sessions which are related to established TCP sessions
2. Add iptables/ip6tables commands to allow bidirectional ICMPv4 ping and traceroute
3. Add iptables/ip6tables commands to allow bidirectional ICMPv6 ping and traceroute
4. Add iptables/ip6tables commands to allow all incoming Neighbor Discovery Protocol (NDP) NS/NA/RS/RA messages
5. Add iptables/ip6tables commands to allow all incoming IPv4 DHCP packets
6. Add iptables/ip6tables commands to allow all incoming IPv6 DHCP packets
7. Add iptables/ip6tables commands to allow all incoming BGP traffic
8. Add iptables/ip6tables commands for all ACL rules for recognized services (currently SSH, SNMP, NTP)
9. For all services which we did not find configured ACL rules, add iptables/ip6tables commands to allow all incoming packets for those services (allows the device to accept SSH connections before the device is configured)
10. Add iptables rules to drop all packets destined for loopback interface IP addresses
11. Add iptables rules to drop all packets destined for management interface IP addresses
12. Add iptables rules to drop all packets destined for point-to-point interface IP addresses
13. Add iptables rules to drop all packets destined for our VLAN interface gateway IP addresses
14. Add iptables/ip6tables commands to allow all incoming packets with TTL of 0 or 1 (This allows the device to respond to tools like tcptraceroute)
15. If we found control plane ACLs in the configuration and applied them, we lastly add iptables/ip6tables commands to drop all other incoming packets
* Changes for LLDP for Multi NPU Platoforms:-
a) Enable LLDP for Host namespace for Management Port
b) Make sure Management IP is avaliable in per asic namespace
needed for LLDP Chassis configuration
c) Make sure chassis mac-address is correct in per asic namespace
d) Do not run lldp on eth0 of per asic namespace and avoid chassis
configuration for same
e) Use Linux hostname instead from Device Metadata for lldp chassis
configuration since in multi-npu platforms device metadata hostname
will be differnt
Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
* Address Review Comment with following changes:
a) Use Device Metadata hostname even in per namespace conatiner.
updated minigraph parsing for same to have hostname as system
hostname and add new key for asic name
b) Minigraph changes to have MGMT_INTERFACE Key in per asic/namespace
config also as needed for LLDP for setting chassis management IP.
Signed-off-by: Abhishek Dosi <abdosi@microsoft.com>
* Address Review Comments
Dynamic threshold setting changed to 0 and WRED profile green min threshold set to 250000 for Tomahawk devices
Changed the dynamic threshold settings in pg_profile_lookup.ini
Added a macro for WRED profiles in qos.json.j2 for Tomahawk devices
Necessary changes made in qos.config.j2 to use the macro if present
Signed-off-by: Neetha John <nejo@microsoft.com>