* Changes in sonic-buildimage for the NAT feature
- Docker for NAT
- installing the required tools iptables and conntrack for nat
Signed-off-by: kiran.kella@broadcom.com
* Add redis-tools dependencies in the docker nat compilation
* Addressed review comments
* add natsyncd to warm-boot finalizer list
* addressed review comments
* using swsscommon.DBConnector instead of swsssdk.SonicV2Connector
* Enable NAT application in docker-sonic-vs
* Add a monit config file for teamd container.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* Add a copy mechanism to put the monit config file in teamd container
into base image.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* Add a monit config file for snmp container.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* Add a copy mechanism to put the monit config file of snmp container into
the base image.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* Add a monit config file for dhcp_relay container in the dir
base_image_files.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* Add a copy mechanism to put the monit config file of dhcp_relay
container into base image under /etc/monit/conf.d.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* Add a monit config file for router advertiser container.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* Add a copy mechanism to put the monit config file of router advertiser
contianer into base image.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-Pmon] Add a monit config file for pmon container.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-Pmon] Add a copy mechanism to put the monit config file into the
base image.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-lldp] Add a monit config file for lldp container.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-lldp] Add a copy mechanism to put the monit config file into the
base image.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-bgp] Add a monit config file for BGP container.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-bgp] Add a copy mechanism to put monit config file into the base
image.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-swss] Add a monit config file for the swss container.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-swss] Add a copy mechanism to put monit config file into the
base image.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Add a monit config file for syncd container on barefoot
platform.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Add a copy mechanism to put the monit config file into
the base image on barefoot.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Add a monit config file for syncd container on broadcom.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Add a copy mechanism to put the monit config file into
the base image on broadcom.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Add a monit config file for syncd container on cavium.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Add a copy mechanism to put the monit config file into
the base image.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-centec] Add a monit config file for syncd container on centen
platform.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Add a copy mechanism to put the monit config file into
the base image.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Add a monit config file for syncd container on centen
platform.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Add a copy mechanism to put the monit config file into
the base image.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Add a monit config file for syncd container on marvell.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Add a copy mechanism to put the monit conifg file into
the base image.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Add a monit config file for syncd container on
marvell-arm64.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Add a copy mechanism to put the monit config file into
the base image on marvell-arm64.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Add a monit config file for syncd container on
marvell-armhf.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Add a copy mechanism to put the monit config file into
the base image.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Add a monit config file for syncd container on mellanox.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Add a copy mechanism to put the monit config file into
the base image.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Add a monit config file for syncd container on nephos.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Add a copy mechanism to put the monit config file into
the base image.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-sflow] Add a monit config file for sflow container.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-sflow] Add a copy mechanism to put the monit conifg file into
the base image.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-telemetry] Add a monit config file for telemetry container.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-telemetry] Add a copy mechanism to put the monit config file
into the base image.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-database] Add a monit config file for database container.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-database] Add a copy mechanism to put the monit config file into
the base image.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-Dhcprelay] Change a typo.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-Dhcprelay] Change the process name in monit config file to
dhcrelay.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] There is no desserve process in syncd container on
barefoot.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] There is no process desserve in syncd container on
cavium.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] There is no process named desserve in syncd on centec.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] There is no process named desserve in syncd on marvell.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Should not delete the process desserve in syncd container
on marvell.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Delete the process dsserve in syncd on marvell.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Delete the process dsserve in syncd container on
marvell-arm64.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Delete the process dsserve in syncd container on
marvell-armhf.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Delete the process dsserve in syncd container on
mellanox.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-Radv] Change the process name to radvd.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-telemetry] Correct a typo in monit_telemetry.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-teamd] Delete the monit config file for teamd.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-teamd] Delete the mechanism to copy the monit config file into
base image.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-dhcprelay] Delete the monit config file for dhcp_relay
container.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-dhcprelay] Delete the mechanism to copy the monit config file
into the base image.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-radv] Delete the monit config file foe radv container.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-radv] Delete the mechanism to copy the monit config file into
the base image.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-bgp] change the monit config file for BGP container such that
monit only generates alert if the process is not running for 5 minutes.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-snmp] Change the monit config file for snmp container such that
monit only generates alret if the process is not running for 5 minutes.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-pmon] Change the monit config file for pmon container such that
monit only generates alert if the processes are not running for 5
minutes.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-lldp] Change the monit config file for lldp container such that
monit only generates alerts if some processes are not running for 5
minutes.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-pmon] Delete the monit config file for pmon container since some
of processes are not running depended on the type of box.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-pmon] Delete the copy mechanism to copy the monit config file
into the base image.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-lldp] Change the matching name for the process lldpd.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-swss] Change the monit config file for swss container such that
monit only generates alerts if the processes are not running for 5
minutes.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Change the monit config file for syncd container on
barefoot such that monit only generates alerts if the process is not
running for 5 minutes.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Correct a typo in monit config file.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Change the monit config file for syncd container on
broadcom such that monit only generates alerts if the processes are not
running for 5 minutes.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Change the monit config file for syncd container on
cavium such that monit only generates alerts if the process is not
running for 5 minutes.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Change the monit config file for syncd container such
that monit only generates alerts if the process is not running for 5
minutes.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Change the monit config file for syncd container on
marvell such that monit only generates alerts if the process is not
running for 5 minutes.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Change the monit config file for syncd container on
marvell-arm64 such that monit only generates alerts if the process is
not running for 5 minutes.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Change the monit config file for syncd container on
marvell-armhf such that monit will generate alert if the process is not
running for 5 minutes.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Change the monit config file for syncd container on
mellanox such that monit only generates alerts if the process is not
running for 5 minutes.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-sycnd] Change the monit config file for syncd container such
that monit only generates alerts if the processes are not running for 5
minutes.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-sflow] Change the monit config file for sflow container such
that monit only generates alerts if the process is not running for 5
minutes.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-telemetry] Change the monit config file for telemetry container
such that monit only generates alerts if the processes are not running
for 5 minutes.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-database] Change the monit config file for database container
such that monit only generates alerts if the process is not running for
5 minutes.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-database] Use 4 spaces to replace 2 spaces in monit config file.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-bgp] Use 4 spcess to replace 2 spaces in monit config file.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-lldp] Use 4 spaces to replace 2 spaces in monit config file.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-swss] Use 4 spaces to replace 2 space in monit config file.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-sflow] Use 4 spaces to replace 2 spaces in monit config file.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-snmp] Use 4 spaces to replace 2 spaces in monit config file.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-telemetry] Use 4 spaces to replace 2 spaces in monit config
file.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Use 4 spaces to replace 2 spaces in the monit config file
on barefoot.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Use 4 spaces to replace 2 spaces in the monit config file
on broadcom.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Use 4 spaces to replace 2 spaces in the monit config file
on cavium.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Use 4 spaces to replace 2 spaces in the monit config file
on centec.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Use 4 spaces to replace 2 spaces in the monit config file
on marvell.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Use 4 spaces to replace 2 spaces in the monit config file
on mellanox.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-syncd] Use 4 spaces to repalce 2 spaces in the monit config file
on nephos.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
* [Docker-bgp] Remove the trailing extra spaces in monit config file.
Signed-off-by: Yong Zhao <yozhao@microsoft.com>
Put a flag for fast-reboot to the db using EXPIRE feature. Using this flag in other part of SONiC to start in Fast-reboot mode. If we reload a config, the state in the db will be removed.
ARM Architecture support in SONIC
make configure platform=[ASIC_VENDOR_ARCH] PLATFORM_ARCH=[ARM_ARCH]
SONIC_ARCH: default amd64
armhf - arm32bit
arm64 - arm64bit
Signed-off-by: Antony Rheneus <arheneus@marvell.com>
- create a dockerfile-marcros.j2 file with all common operations
written as j2 macro
- use single dockerfile instruction for COPY and RUN commands
when possible to improve build time
- reorganize dockerfile instructions to make more cache friendly
(in case someday we will remove --no-cache to build docker images)
Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>
* Set the default mac ageing time to 300 seconds
The current mac ageing was disabled, this could lead the mac address
table to increase over time and lead to resource and performance issues.
Signed-off-by: Zhenggen Xu <zxu@linkedin.com>
* Update the default HW ageing timer to be 600 seconds.
This is to be on the safer side where ARP update interval
is 300 seconds and SONiC does not flood when ARP is aged out.
Signed-off-by: Zhenggen Xu <zxu@linkedin.com>
* [service] Restart SwSS Docker container if orchagent exits unexpectedly
* Configure systemd to stop restarting swss if it attempts to restart more than 3 times in 20 minutes
* Move supervisor-proc-exit-listener script
* [docker-dhcp-relay] Enhance wait_for_intf.sh.j2 to utilize STATEDB
* Ensure dependent services stop/start/restart with SwSS
* Change 'StartLimitInterval' to 'StartLimitIntervalSec', as Stretch installs systemd 232 (>= v230)
* Also update journald.conf options
* Remove 'PartOf' option from unit files
* Add '$(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT)' to new shared docker-orchagent makefile
* Make supervisor-proc-exit-listener script read from 'critical_processes' file inside container
* Update critical_processes file for swss container
* Add bridge-utils to orchagent image
- Add vxlanmgrd to supervisorctl in docker -orchagent
Signed-off-by: Ze Gan zegan@microsoft.com
* Update submodule pointer for swss to include Vxlanmgrd changes
* Restore neighbor table to kernel during system warm-reboot
Added a service: "restore_neighbors" to restore neighbor table into
kernel during system warm reboot. The service is started by supervisord
in swss docker when the docker is started.
In case system warm reboot is enabled, it will try to restore the neighbor
table from appDB into kernel through netlink API calls and update the neighbor
table by sending arp/ns requests to all neighbor entries, then it sets the
stateDB flag for neighsyncd to continue the reconciliation process.
-- Added tcpdump python-scapy debian package into orchagent and vs dockers.
-- Added python module: pyroute2 netifaces into orchagent and vc dockers.
-- Workarounded tcpdump issue in the vs docker
Signed-off-by: Zhenggen Xu <zxu@linkedin.com>
* Move the restore_neighbors.py to sonic-swss submodule
Made changes to makefiles accordingly
Make dockerfile.j2 changes and supervisord config changes
Add python monotonic lib for time access
Signed-off-by: Zhenggen Xu <zxu@linkedin.com>
* Added PYTHON_SWSSCOMMON as swss runtime dependency
Signed-off-by: Zhenggen Xu <zxu@linkedin.com>
The default startsecs is 1 second. However, swssconfig.sh will quickly
exit with expected exit code 0 during warm starting. This case should
not be treated as a failure
* Adapt to the new WARM_RESTART_TABLE table schema: change from restart_count to restore_count
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
* Update variable and function name to match restore_count name change
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
* Update swss submodule for warm restart schema change
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
When there is HWSKU specific initialization needs to be performed, please
add hwsku-init script under device folder, it will be invoked by swss
before any subsequent initializations.
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
* [docker-orchagent]: Add vrfmgrd to supervisorctl
Signed-off-by: Marian Pritsak <marianp@mellanox.com>
* [sonic-vs]: Add vrfmgrd to supervisorctl
Signed-off-by: Marian Pritsak <marianp@mellanox.com>
* Don't load json conifg like copp, ininip, ports and switch again upon swss warm start
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
* double check DB data exists in case only swss warm restart is configured at system reboot
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
* Double check existence of db data before skipping json load, and format update
Signed-off-by: Jipan Yang <jipan.yang@alibaba-inc.com>
- Move front panel ports and port channels MTU and IP configurations out of
the current /etc/network/interfaces file and store them in the configuration
database.
- The default MTU value for both front panel ports and the port channels is
9100. They are set via the minigraph or 9100 by default.
- Introduce portmgrd which will pick up the MTU configurations from the
configuration database.
- The updated intfmgrd will pick up IP address changes from the configuration
database.
- Update sonic-swss submodule
Signed-off-by: Shu0T1an ChenG <shuche@microsoft.com>
Previously use / to separate container name and program name.
However, in rsyslogd:
Precisely, the programname is terminated by either (whichever occurs first):
end of tag
nonprintable character
‘:’
‘[‘
‘/’
The above definition has been taken from the FreeBSD syslogd sources.
Signed-off-by: Guohan Lu <gulv@microsoft.com>
* Fix potential blackholing/looping traffic and refresh ipv6 neighbor to avoid CPU hit
In case ipv6 global addresses were configured on L3 interfaces and used for peering,
and routing protocol was using link-local addresses on the same interfaces as prefered nexthops,
the link-local addresses could be aged out after a while due to no activities towards the link-local
addresses themselves. And when we receive new routes with the link-local nexthops, SONiC won't insert
them to the HW, and thus cause looping or blackholing traffic.
Global ipv6 addresses on L3 interfaces between switches are refreshed by BGP keeplive and other messages.
On server facing side, traffic may hit fowarding plane only, and no refresh for the ipv6 neighbor entries regularly.
This could age-out the linux kernel ipv6 neighbor entries, and HW neighbor table entries could be removed,
and thus traffic going to those neighbors would hit CPU, and cause traffic drop and temperary CPU high load.
Also, if link-local addresses were not learned, we may not get them at all later.
It is intended to fix all above issues.
Changes:
Add ndisc6 package in swss docker and use it for ipv6 ndp ping to update the neighbors' state on Vlan interfaces
Change the default ipv6 neighbor reachable timer to 30mins
Add periodical ipv6 multicast ping to ff02::11 to get/refresh link-local neighbor info.
* Fix review comments:
Add PORTCHANNEL_INTERFACE interface for ipv6 multicast ping
format issue
* Combine regular L3 interface and portchannel interface for looping
* Add ndisc6 package to vs docker
