[portsorch]: Prevent LAG member configuration when port has active ACL binding by nazariig · Pull Request #2165 · sonic-net/sonic-swss

nazariig · 2022-03-02T21:24:47Z

Signed-off-by: Nazarii Hnydyn nazariig@nvidia.com

Add some extra validation to make sure that port can't be made a LAG member when ingress/egress ACL binding is configured.
Before moving port to LAG, user should disable active ACL binding, since LAG uses a different dedicated attributes

fixes sonic-net/sonic-buildimage#10233

What I did

Prevent LAG member configuration when port has active ACL binding

Why I did it

To fix ACL PORT/LAG config divergency

How I verified it

Deploy t0 topology
Create LAG interface
Remove arbitrary port from VLAN
Make port LAG member

Details if related

root@sonic:/home/admin# show acl table
Name        Type       Binding         Description    Stage
----------  ---------  --------------  -------------  -------
DATAACL     L3         PortChannel101  DATAACL        ingress
                       PortChannel102
                       PortChannel103
                       PortChannel104
EVERFLOW    MIRROR     Ethernet2       EVERFLOW       ingress
                       Ethernet4
                       Ethernet6
                       Ethernet8
                       Ethernet10
                       Ethernet12
                       Ethernet14
                       Ethernet16
                       Ethernet18
                       Ethernet20
                       Ethernet22
                       Ethernet24
                       Ethernet28
                       Ethernet32
                       Ethernet36
                       Ethernet40
                       Ethernet42
                       Ethernet44
                       Ethernet46
                       Ethernet48
                       Ethernet50
                       Ethernet52
                       Ethernet54
                       Ethernet56
                       PortChannel101
                       PortChannel102
                       PortChannel103
                       PortChannel104
EVERFLOWV6  MIRRORV6   Ethernet2       EVERFLOWV6     ingress
                       Ethernet4
                       Ethernet6
                       Ethernet8
                       Ethernet10
                       Ethernet12
                       Ethernet14
                       Ethernet16
                       Ethernet18
                       Ethernet20
                       Ethernet22
                       Ethernet24
                       Ethernet28
                       Ethernet32
                       Ethernet36
                       Ethernet40
                       Ethernet42
                       Ethernet44
                       Ethernet46
                       Ethernet48
                       Ethernet50
                       Ethernet52
                       Ethernet54
                       Ethernet56
                       PortChannel101
                       PortChannel102
                       PortChannel103
                       PortChannel104
NTP_ACL     CTRLPLANE  NTP             NTP_ACL        ingress
SNMP_ACL    CTRLPLANE  SNMP            SNMP_ACL       ingress
SSH_ONLY    CTRLPLANE  SSH             SSH_ONLY       ingress

root@sonic-vs-ut:~/sonic-swss/tests# pytest --dvsname=vs --log-cli-level=info test_acl_portchannel.py::TestAclInterfaceBinding -v
========================================================================= test session starts =========================================================================
platform linux -- Python 3.8.10, pytest-6.2.4, py-1.10.0, pluggy-0.13.1 -- /usr/bin/python3
cachedir: .pytest_cache
rootdir: /root/sonic-swss/tests
plugins: flaky-3.7.0
collected 2 items

test_acl_portchannel.py::TestAclInterfaceBinding::test_AclTablePortChannelMemberBinding[ingress]
--------------------------------------------------------------------------- live log setup ----------------------------------------------------------------------------
INFO     test_acl_portchannel:test_acl_portchannel.py:18 Initialize DVS API: ACL
---------------------------------------------------------------------------- live log call ----------------------------------------------------------------------------
INFO     test_acl_portchannel:test_acl_portchannel.py:30 Create ACL table: acl_table
INFO     test_acl_portchannel:test_acl_portchannel.py:39 Create LAG: PortChannel0001
INFO     test_acl_portchannel:test_acl_portchannel.py:43 Create LAG member: Ethernet120
INFO     test_acl_portchannel:test_acl_portchannel.py:47 Create LAG member: Ethernet124
INFO     test_acl_portchannel:test_acl_portchannel.py:55 Verify LAG member hasn't been created: Ethernet124
INFO     test_acl_portchannel:test_acl_portchannel.py:51 Remove LAG member: Ethernet124
INFO     test_acl_portchannel:test_acl_portchannel.py:55 Remove LAG member: Ethernet120
INFO     test_acl_portchannel:test_acl_portchannel.py:59 Remove LAG: PortChannel0001
INFO     test_acl_portchannel:test_acl_portchannel.py:63 Remove ACL table: acl_table
PASSED                                                                                                                                                          [ 50%]
test_acl_portchannel.py::TestAclInterfaceBinding::test_AclTablePortChannelMemberBinding[egress]
---------------------------------------------------------------------------- live log call ----------------------------------------------------------------------------
INFO     test_acl_portchannel:test_acl_portchannel.py:30 Create ACL table: acl_table
INFO     test_acl_portchannel:test_acl_portchannel.py:39 Create LAG: PortChannel0001
INFO     test_acl_portchannel:test_acl_portchannel.py:43 Create LAG member: Ethernet120
INFO     test_acl_portchannel:test_acl_portchannel.py:47 Create LAG member: Ethernet124
INFO     test_acl_portchannel:test_acl_portchannel.py:55 Verify LAG member hasn't been created: Ethernet124
INFO     test_acl_portchannel:test_acl_portchannel.py:51 Remove LAG member: Ethernet124
INFO     test_acl_portchannel:test_acl_portchannel.py:55 Remove LAG member: Ethernet120
INFO     test_acl_portchannel:test_acl_portchannel.py:59 Remove LAG: PortChannel0001
INFO     test_acl_portchannel:test_acl_portchannel.py:63 Remove ACL table: acl_table
PASSED                                                                                                                                                          [100%]
-------------------------------------------------------------------------- live log teardown --------------------------------------------------------------------------
INFO     test_acl_portchannel:test_acl_portchannel.py:21 Deinitialize DVS API: ACL


-- Docs: https://docs.pytest.org/en/stable/warnings.html
============================================================== 2 passed, 8 warnings in 73.15s (0:01:13) ===============================================================

nazariig · 2022-03-07T11:16:54Z

/azpw run

mssonicbld · 2022-03-07T11:16:56Z

/AzurePipelines run

azure-pipelines · 2022-03-07T11:17:07Z

Azure Pipelines successfully started running 1 pipeline(s).

nazariig · 2022-03-14T14:17:26Z

/azpw run

mssonicbld · 2022-03-14T14:17:28Z

/AzurePipelines run

azure-pipelines · 2022-03-14T14:17:39Z

Azure Pipelines successfully started running 1 pipeline(s).

orchagent/portsorch.cpp

liat-grozovik

please also add test cases to verify the new check/flow

nazariig · 2022-03-22T16:22:21Z

please also add test cases to verify the new check/flow

@liat-grozovik done

lgtm-com · 2022-03-22T18:24:36Z

This pull request fixes 1 alert when merging 8b4dd6a into d80094b - view on LGTM.com

fixed alerts:

1 for Unused import

nazariig · 2022-03-22T22:36:15Z

/azpw run

mssonicbld · 2022-03-22T22:36:17Z

/AzurePipelines run

azure-pipelines · 2022-03-22T22:36:27Z

Azure Pipelines successfully started running 1 pipeline(s).

nazariig · 2022-03-23T17:29:04Z

/azpw run

mssonicbld · 2022-03-23T17:30:31Z

/AzurePipelines run

azure-pipelines · 2022-03-23T17:32:34Z

Azure Pipelines successfully started running 1 pipeline(s).

lgtm-com · 2022-03-24T15:10:32Z

This pull request fixes 1 alert when merging 623bfc8 into 6eda965 - view on LGTM.com

fixed alerts:

1 for Unused import

nazariig · 2022-03-24T19:57:56Z

/azpw run

mssonicbld · 2022-03-24T19:57:58Z

/AzurePipelines run

nazariig · 2022-03-25T11:55:03Z

/azpw run

mssonicbld · 2022-03-25T11:55:04Z

/AzurePipelines run

azure-pipelines · 2022-03-25T11:55:14Z

Azure Pipelines successfully started running 1 pipeline(s).

nazariig · 2022-03-25T19:20:40Z

/azpw run

mssonicbld · 2022-03-25T19:20:41Z

/AzurePipelines run

azure-pipelines · 2022-03-25T19:20:51Z

Azure Pipelines successfully started running 1 pipeline(s).

nazariig · 2022-03-27T13:41:32Z

/azpw run

mssonicbld · 2022-03-27T13:41:33Z

/AzurePipelines run

azure-pipelines · 2022-03-27T13:41:44Z

Azure Pipelines successfully started running 1 pipeline(s).

…L binding. Signed-off-by: Nazarii Hnydyn <nazariig@nvidia.com>

Signed-off-by: Nazarii Hnydyn <nazariig@nvidia.com>

lgtm-com · 2022-03-28T09:52:26Z

This pull request fixes 1 alert when merging 99778d1 into 7350d49 - view on LGTM.com

fixed alerts:

1 for Unused import

nazariig · 2022-03-28T13:51:25Z

/azpw run

mssonicbld · 2022-03-28T13:51:27Z

/AzurePipelines run

azure-pipelines · 2022-03-28T13:51:37Z

Azure Pipelines successfully started running 1 pipeline(s).

…L binding (#2165) * [portsorch]: Prevent LAG member configuration when port has active ACL binding. Signed-off-by: Nazarii Hnydyn <nazariig@nvidia.com>

…ctive ACL binding (#2165)" This reverts commit 390cae1.

…ctive ACL binding (#2165)" (#2306) This reverts commit 390cae1.

…L binding (sonic-net#2165) * [portsorch]: Prevent LAG member configuration when port has active ACL binding. Signed-off-by: Nazarii Hnydyn <nazariig@nvidia.com>

…ctive ACL binding (sonic-net#2165)" (sonic-net#2306) This reverts commit 390cae1.

…L binding (sonic-net#2165) * [portsorch]: Prevent LAG member configuration when port has active ACL binding. Signed-off-by: Nazarii Hnydyn <nazariig@nvidia.com>

…ctive ACL binding (sonic-net#2165)" (sonic-net#2306) This reverts commit 390cae1.

nazariig requested a review from prsunny as a code owner March 2, 2022 21:24

nazariig added the Bug 🐛 label Mar 2, 2022

nazariig force-pushed the master-lag-member-validation branch from 07bb29d to 3eadcfb Compare March 14, 2022 09:35

dprital added the Request for 202111 Branch label Mar 15, 2022

nazariig force-pushed the master-lag-member-validation branch from 3eadcfb to d5c5b97 Compare March 17, 2022 15:58

prsunny requested a review from bingwang-ms March 17, 2022 15:59

prsunny reviewed Mar 17, 2022

View reviewed changes

orchagent/portsorch.cpp Show resolved Hide resolved

liat-grozovik reviewed Mar 20, 2022

View reviewed changes

nazariig force-pushed the master-lag-member-validation branch from d5c5b97 to 84053d4 Compare March 22, 2022 16:21

nazariig force-pushed the master-lag-member-validation branch from 84053d4 to 8b4dd6a Compare March 22, 2022 16:52

prsunny previously approved these changes Mar 23, 2022

View reviewed changes

nazariig dismissed prsunny’s stale review via 623bfc8 March 24, 2022 13:44

nazariig force-pushed the master-lag-member-validation branch from 8b4dd6a to 623bfc8 Compare March 24, 2022 13:44

nazariig added 2 commits March 28, 2022 08:23

[portsorch]: Prevent LAG member configuration when port has active AC…

ab01d85

…L binding. Signed-off-by: Nazarii Hnydyn <nazariig@nvidia.com>

[portsorch]: Add VS UTs.

99778d1

Signed-off-by: Nazarii Hnydyn <nazariig@nvidia.com>

nazariig force-pushed the master-lag-member-validation branch from 623bfc8 to 99778d1 Compare March 28, 2022 08:23

prsunny approved these changes Mar 30, 2022

View reviewed changes

prsunny merged commit 390cae1 into sonic-net:master Mar 30, 2022

judyjoseph added the Included in 202111 Branch label Apr 4, 2022

OleksandrKozodoi mentioned this pull request Apr 20, 2022

Added function for removing ACL table in sub-ports TC sonic-net/sonic-mgmt#5543

Merged

5 tasks

bingwang-ms mentioned this pull request Jun 2, 2022

Failed to add port to LAG because the port is bound to ACL table sonic-net/sonic-buildimage#11006

Open

bingwang-ms added a commit that referenced this pull request Jun 2, 2022

Revert "[portsorch]: Prevent LAG member configuration when port has a…

4941f61

…ctive ACL binding (#2165)" This reverts commit 390cae1.

bingwang-ms mentioned this pull request Jun 2, 2022

Revert "[portsorch]: Prevent LAG member configuration when port has active ACL binding" #2306

Merged

yxieca pushed a commit that referenced this pull request Jun 2, 2022

Revert "[portsorch]: Prevent LAG member configuration when port has a…

4944f0f

…ctive ACL binding (#2165)" (#2306) This reverts commit 390cae1.

yxieca pushed a commit that referenced this pull request Jun 2, 2022

Revert "[portsorch]: Prevent LAG member configuration when port has a…

7ff8f75

…ctive ACL binding (#2165)" (#2306) This reverts commit 390cae1.

preetham-singh pushed a commit to preetham-singh/sonic-swss that referenced this pull request Aug 6, 2022

Revert "[portsorch]: Prevent LAG member configuration when port has a…

0569a46

…ctive ACL binding (sonic-net#2165)" (sonic-net#2306) This reverts commit 390cae1.

Janetxxx pushed a commit to Janetxxx/sonic-swss that referenced this pull request Nov 10, 2025

Revert "[portsorch]: Prevent LAG member configuration when port has a…

8f6b91e

…ctive ACL binding (sonic-net#2165)" (sonic-net#2306) This reverts commit 390cae1.

Conversation

nazariig commented Mar 2, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

nazariig commented Mar 7, 2022

Uh oh!

mssonicbld commented Mar 7, 2022

Uh oh!

azure-pipelines bot commented Mar 7, 2022

Uh oh!

nazariig commented Mar 14, 2022

Uh oh!

mssonicbld commented Mar 14, 2022

Uh oh!

azure-pipelines bot commented Mar 14, 2022

Uh oh!

Uh oh!

liat-grozovik left a comment

Choose a reason for hiding this comment

Uh oh!

nazariig commented Mar 22, 2022

Uh oh!

lgtm-com bot commented Mar 22, 2022

Uh oh!

nazariig commented Mar 22, 2022

Uh oh!

mssonicbld commented Mar 22, 2022

Uh oh!

azure-pipelines bot commented Mar 22, 2022

Uh oh!

nazariig commented Mar 23, 2022

Uh oh!

mssonicbld commented Mar 23, 2022

Uh oh!

azure-pipelines bot commented Mar 23, 2022

Uh oh!

lgtm-com bot commented Mar 24, 2022

Uh oh!

nazariig commented Mar 24, 2022

Uh oh!

mssonicbld commented Mar 24, 2022

Uh oh!

nazariig commented Mar 25, 2022

Uh oh!

mssonicbld commented Mar 25, 2022

Uh oh!

azure-pipelines bot commented Mar 25, 2022

Uh oh!

nazariig commented Mar 25, 2022

Uh oh!

mssonicbld commented Mar 25, 2022

Uh oh!

azure-pipelines bot commented Mar 25, 2022

Uh oh!

nazariig commented Mar 27, 2022

Uh oh!

mssonicbld commented Mar 27, 2022

Uh oh!

azure-pipelines bot commented Mar 27, 2022

Uh oh!

lgtm-com bot commented Mar 28, 2022

Uh oh!

nazariig commented Mar 28, 2022

Uh oh!

mssonicbld commented Mar 28, 2022

Uh oh!

azure-pipelines bot commented Mar 28, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

nazariig commented Mar 2, 2022 •

edited

Loading