Skip to content

Add vxlan source port security attribute#5

Open
gpunathilell wants to merge 2 commits intomasterfrom
vxlan_src_port
Open

Add vxlan source port security attribute#5
gpunathilell wants to merge 2 commits intomasterfrom
vxlan_src_port

Conversation

@gpunathilell
Copy link
Owner

@gpunathilell gpunathilell commented Feb 23, 2026
edited
Loading

Introduction of VxLAN switch tunnel params (vxlan_security)

What I did

  • Introduced VxLAN switch tunnel parameter support (vxlan_security) via setSwitchTunnelVxlanParams() and SWITCH_TABLE / swssconfig (e.g. vxlan.json), including the vxlan_security boolean attribute.
  • Parse vxlan_security inline in setSwitchTunnelVxlanParams(): accept only the strings "true" or "false". If the value is neither (e.g. empty or invalid), log SWSS_LOG_ERROR and default to false (same pattern as qosorch convertBool).

Why I did it

  • Enable VxLAN switch tunnel parameters (vxlan_sport, vxlan_mask, vxlan_security) to be configured via SWITCH_TABLE / swssconfig (e.g. vxlan.json).
  • Boolean attributes from swssconfig use string values "true"/"false"; vxlan_security is parsed explicitly and invalid values are logged.

How I verified it

  • Verified SWITCH_TABLE config with vxlan_security "true" or "false" is applied correctly.
  • Verified vxlan_security parsing: "true" → true, "false" → false; invalid/empty value logs ERROR and defaults to false.
  • Ensured existing behavior for vxlan_sport and vxlan_mask is unchanged.

Details if related

  • Config format: Use the string "true" or "false" in JSON/config for boolean attributes (e.g. "vxlan_security": "true"). Using JSON boolean true/false can result in an empty value once stored in Redis, so string form is recommended.
  • sonic-buildimage: The vxlan.json.j2 template / JSON format now supports the vxlan_security attribute.

@gpunathilell
Add vxlan security
9135c12 
Signed-off-by: gpunathilell <gpunathilell@nvidia.com>
@gpunathilell gpunathilell changed the title Add vxlan security Add vxlan src port security feature Mar 4, 2026
@gpunathilell gpunathilell changed the title Add vxlan src port security feature Add vxlan source port security attribute Mar 4, 2026
@vivekrnv
Copy link

vivekrnv commented Mar 6, 2026

The description says this PR added support for vxlan_sport, vxlan_mask, vxlan_security.

Seems to be only vxlan_security is added. Please update the description

@vivekrnv
Copy link

vivekrnv commented Mar 6, 2026

LGTM otherwise

dgsudharsan
dgsudharsan suggested changes Mar 18, 2026
View reviewed changes
orchagent/switchorch.cpp
attr.value.u8 = to_uint<uint8_t>(value);
break;
case SAI_SWITCH_TUNNEL_ATTR_VXLAN_UDP_SPORT_SECURITY:
// Config must use string "true" or "false"
Copy link

@dgsudharsan dgsudharsan Mar 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please remove this comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@dgsudharsan dgsudharsan dgsudharsan requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gpunathilell @vivekrnv @dgsudharsan