sonic-buildimage/files/build_templates/backend_acl.j2
Neetha John 26ee4ae4a4 Add backend acl template (#11220)
Why I did it
Storage backend has all vlan members tagged. If untagged packets are received on those links, they are accounted as RX_DROPS which can lead to false alarms in monitoring tools. Using this acl to hide these drops.

How I did it
Created a acl template which will be loaded during minigraph load for backend. This template will allow tagged vlan packets and dropped untagged

How to verify it
Unit tests

Signed-off-by: Neetha John <nejo@microsoft.com>
2022-07-08 21:39:39 +00:00

52 lines
2.6 KiB
Django/Jinja

{%- set vlan2ports = {} %}
{%- for vlan in VLAN %}
{% set portlist = [] %}
{%- for vlan_name, port in VLAN_MEMBER %}
{%- if vlan_name == vlan %}
{%- if portlist.append(port) %}{%- endif %}
{%- endif %}
{%- endfor %}
{%- set _ = vlan2ports.update({vlan: portlist| sort | join(',')}) %}
{%- endfor %}
{
"acl": {
"acl-sets": {
"acl-set": {
"DATAACL": {
"acl-entries": {
"acl-entry": {
{% for vlan, vlan_entries in VLAN.items() %}
"{{ loop.index }}": {
"config": {
"sequence-id": {{ loop.index }}
},
"actions": {
"config": {
"forwarding-action": "ACCEPT"
}
},
"l2": {
"config": {
"vlan_id": "{{ vlan_entries['vlanid'] }}"
}
},
"input_interface": {
"interface_ref": {
"config": {
"interface": "{{ vlan2ports[vlan] }}"
}
}
}
}{% if not loop.last %},{% endif %}
{% endfor -%}
}
}
}
}
}
}
}