26ee4ae4a4
Why I did it Storage backend has all vlan members tagged. If untagged packets are received on those links, they are accounted as RX_DROPS which can lead to false alarms in monitoring tools. Using this acl to hide these drops. How I did it Created a acl template which will be loaded during minigraph load for backend. This template will allow tagged vlan packets and dropped untagged How to verify it Unit tests Signed-off-by: Neetha John <nejo@microsoft.com>
52 lines
2.6 KiB
Django/Jinja
52 lines
2.6 KiB
Django/Jinja
{%- set vlan2ports = {} %}
|
|
{%- for vlan in VLAN %}
|
|
{% set portlist = [] %}
|
|
{%- for vlan_name, port in VLAN_MEMBER %}
|
|
{%- if vlan_name == vlan %}
|
|
{%- if portlist.append(port) %}{%- endif %}
|
|
{%- endif %}
|
|
{%- endfor %}
|
|
{%- set _ = vlan2ports.update({vlan: portlist| sort | join(',')}) %}
|
|
{%- endfor %}
|
|
|
|
|
|
{
|
|
"acl": {
|
|
"acl-sets": {
|
|
"acl-set": {
|
|
"DATAACL": {
|
|
"acl-entries": {
|
|
"acl-entry": {
|
|
{% for vlan, vlan_entries in VLAN.items() %}
|
|
"{{ loop.index }}": {
|
|
"config": {
|
|
"sequence-id": {{ loop.index }}
|
|
},
|
|
"actions": {
|
|
"config": {
|
|
"forwarding-action": "ACCEPT"
|
|
}
|
|
},
|
|
"l2": {
|
|
"config": {
|
|
"vlan_id": "{{ vlan_entries['vlanid'] }}"
|
|
}
|
|
},
|
|
"input_interface": {
|
|
"interface_ref": {
|
|
"config": {
|
|
"interface": "{{ vlan2ports[vlan] }}"
|
|
}
|
|
}
|
|
}
|
|
|
|
}{% if not loop.last %},{% endif %}
|
|
{% endfor -%}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|