Converge cEOSLab peer containers via VRFs (sonic-net#22171)

* Converge cEOSLab peer containers via VRFs

Converging the total number of peer switches into the fewest possible
number of cEOSLab containers reduces the overall resource constraints
required to run large numbers of peers. The basic premises behind
convergence are as follows:

Approach:

cEOSLab peers in docker containers may be converged into a smaller
number of host peers.  The SONiC-facing configuration of each BGP peer
may be separated in routing and bridging via the use of VRFs.  The
PTF-facing configuration of each BGP peer may be separated within each
VRF via VLAN tagging, enabling the use of a single backplane interface
on each host cEOSLab container.  Each VRF includes a number of
interfaces either facing the SONiC DUT or the backplane.  Changes should
be as transparent to the SONiC DUT as possible.  At the time of testbed
setup, the ansible topology file for the testbed is modified to include
new metadata specific to multi-vrf configuration, and the VMs list is
trimmed to only include those containers which will host multiple BGP
peerings, separated by VRF. The new metadata includes mappings between
host containers and VRFs, backplane VLAN mappings, and BGP session
parameters.

VLAN tag 2000 is used as the starting value for all VLANs between the
test infrastructure PTF container interfaces and cEOSLab device
interfaces.

The IP and IPv6 addresses used to connect the cEOSLab peer and
infrastructure PTF container are generated in order to make the
backplane connections clearer, more unique, and easier to implement. In
general, backplane L3 addresses used by the CEOSLab peer end in even
numbers, and those used by the PTF container end in odd numbers. All
addresses generated for use in backplane connections start with the
value 100 (0x64) in the least-significant octet or hextet (depending on
the family of the address). The address changes are mapped and stored in
the new multi-vrf metadata in the ansible topology file.

Multiple BGP features, such as local-as and next-hop-peer, are used in
order to aid in the resolution of routes. This is necessary to keep the
SONiC DUT multi-vrf-agnostic as possible.

Enabling multi-VRF mode:

Multi-VRF mode may be enabled by including the set attribute
use_converged_peers: true in the testbed definition found in
sonic-mgmt/ansible/testbed.yaml. This file is read the
TesbedProcessing.py script, which sets global variables indicating to
other ansible tasks and libraries that the testbed is to be started in
multi-VRF mode.

In addition, the value of max_fp_nums must be adjusted such that each
CEOSLab docker container has enough resources to run all the new BGP
sessions in each vrf. This can be done dynamically, of course, however
for the full-scale topologies the maximum supported by cEOSLab, 127,
must be used.

Known limitations:

cEOSLab instances do not allow for the creation of interfaces with
interface-IDs greater than 127, when interfaces are layed out
unidimensionally.

The use of multiple VRFs has not been tested in conjunction with
asynchronous ansible tasks.

Test library changes:

Test libraries needed to be made aware of the new underlying structure
of cEOSLab containers, VRFs, and BGP adjacencies.  In many cases this
was done by reference to the testbed topology YAML passed into library
functions.  In other cases, most notably BGP libraries, the nbrhosts
fixture was adjusted to include multi-VRF-specific metadata which
callers could leverage to navigate the relationship between containers,
VRFs, and BGP neighborship.

Signed-off-by: Will Rideout <wrideout@arista.com>
Signed-off-by: Abhishek <abhishek@nexthop.ai>

Author: wrideout-arista

ansible/TestbedProcessing.py

@@ -8,6 +8,8 @@
 from collections import OrderedDict
 import copy
 
+from ceos_topo_converger import converge_testbed
+
 """"
 Testbed Processing
 
@@ -297,7 +299,8 @@ def fill_missing_fields(data, template):
 
 
 def makeTestbed(data, outfile):
-    csv_columns = "# conf-name,group-name,topo,ptf_image_name,ptf,ptf_ip,ptf_ipv6,server,vm_base,dut,comment"
+    csv_columns = ("# conf-name,group-name,topo,ptf_image_name,ptf,ptf_ip,ptf_ipv6,server,vm_base,dut,comment,"
+                   "use_converged_peers")
     topology = data
     csv_file = outfile
 
@@ -316,6 +319,7 @@ def makeTestbed(data, outfile):
                 dut = groupDetails.get("dut")
                 ptf = groupDetails.get("ptf")
                 comment = groupDetails.get("comment")
+                use_converged_peers = str(groupDetails.get("use_converged_peers", False)).lower()
 
                 # catch empty types
                 if not groupName:
@@ -346,7 +350,7 @@ def makeTestbed(data, outfile):
 
                 row = confName + "," + groupName + "," + topo + "," + ptf_image_name + "," + ptf + \
                     "," + ptf_ip + "," + ptf_ipv6 + "," + server + \
-                    "," + vm_base + "," + dut + "," + comment
+                    "," + vm_base + "," + dut + "," + comment + "," + use_converged_peers
                 f.write(row + "\n")
     except IOError:
         print("I/O error: issue creating testbed.yaml")
@@ -1093,6 +1097,19 @@ def main():
     print("\tCREATING TEST BED: " + args.basedir + testbed_file)
     # Generate testbed.yaml (TESTBED)
     makeTestbed(testbed, args.basedir + testbed_file)
+    # If specified the testbed, overwrite the topology file the testbed will use with
+    # one which uses the fewest number of ceoslab peers possible.
+    for data in testbed.values():
+        topo = data.get("topo", "")
+        if topo and data.get("use_converged_peers", False):
+            topofile = os.path.join("vars", "topo_{}.yml".format(topo))
+            if os.path.exists(os.path.join(args.basedir, topofile)):
+                print("\tCONVERGING PEER INSTANCES: {}".format(topofile))
+                copyfile(topofile,
+                         os.path.join("/tmp/", "topo_{}.yml.orig".format(topo)))
+                converge_testbed(topofile, topofile)  # overwrites contents of topofile
+            else:
+                print("Error: could not locate original topo file at " + topofile)
     print("\tCREATING VM_HOST/CREDS: " + args.basedir + vmHostCreds_file)
     # Generate vm_host\creds.yml (CREDS)
     makeVMHostCreds(veos, args.basedir + vmHostCreds_file)

ansible/ceos_topo_converger.py

@@ -0,0 +1,268 @@
+#!/usr/bin/env python3
+
+'''Converts SONiC topologies to use fewer cEOSLab peers, based on the roles required
+in the topology
+'''
+
+from copy import deepcopy
+from ipaddress import ip_address
+from typing import Dict, List, Union
+import yaml
+
+CEOSLAB_INTF_LIMIT = 127  # 128, minus one for backplane interface
+BASE_VLAN_ID = 2000
+
+
+class ListIndentDumper(yaml.Dumper):
+    def increase_indent(self, flow: bool = False, indentless: bool = False) -> None:
+        return super().increase_indent(flow, False)
+
+
+class SonicTopoConverger:
+
+    def __init__(self, topology: Dict[str, Union[int, str]], file_out: str) -> None:
+        self.topo = topology
+        self.converged_topo = {
+                "topology": {},
+                "configuration_properties": {},
+                "configuration": {}}
+        self.file_out = file_out
+        self.prime_device_mapping = {}
+        self.prime_devices = []
+
+    def parse_properties(self) -> None:
+        '''
+        The base configuration items of the topology must be parsed first, as they
+        inform how other sections will be translated.  Most important of these items
+        is the roles that each cEOSLab docker peer may fulfill.  At minimum we need
+        one instance per role.  These instances are referred to as "prime" instances,
+        and will contain the converged configuration of all other instances in the
+        input topology.
+        '''
+        labels = []
+        roles_by_label = {}
+        config_properties = self.topo["configuration_properties"]
+        for label in config_properties:
+            if "swrole" in config_properties[label]:
+                labels.append(label)
+                roles_by_label[label] = config_properties[label]["swrole"]
+
+        # Select a prime device for each role (defined above) and unique BGP ASN
+        # combination.  The entire peer topology will be reduced into these devices.
+        #
+        # cEOSLab peers only support 128 interfaces (with LLDP running).  Each
+        # pre-converged peer in the topology will become a single BGP instance
+        # running inside a VRF on a primary peer device.  Each VRF will require an
+        # downstream link to PTF/exabgp instance/other test infrastructure, and an
+        # upstream link the DUT.  This is achieved by creating a backplane interface
+        # on each primary peer that is a trunk interface, with each VRF
+        # containing a backplane SVI.  So, if the pre-converged peer topology
+        # requires more than 127 peers in a single BGP AS, we distribute them across
+        # multiple primary peers.
+        config = self.topo["configuration"]
+        cur_prime_devs = {}
+        dev_count = 0
+        for device in config:
+            create_new_prime = False
+            device_properties = config[device]["properties"]
+
+            dev_count += 1
+
+            if dev_count == CEOSLAB_INTF_LIMIT:
+                create_new_prime = True
+                dev_count = 0
+
+            for label in device_properties:
+                if label in labels:
+                    if label not in cur_prime_devs or create_new_prime:
+                        cur_prime_devs[label] = device
+                        self.prime_devices.append(device)
+                    prime = cur_prime_devs[label]
+                    if prime not in self.prime_device_mapping:
+                        self.prime_device_mapping[prime] = []
+                    self.prime_device_mapping[prime].append(device)
+
+    def converge_vms(self) -> Dict[str, Union[int, str]]:
+        '''
+        Helper to converge the "VMs" section of the input topology, where vlans and
+        offsets are defined, per cEOSLab instance.
+        '''
+        prime_rev_map = {}
+        for key, names in self.prime_device_mapping.items():
+            for name in names:
+                prime_rev_map[name] = key
+
+        old_vms = self.topo["topology"]["VMs"]
+        vms = {}
+        for i, dev in enumerate(self.prime_devices):
+            vms[dev] = {"vlans": [], "vm_offset": i}
+
+        for vm_name, vm in old_vms.items():
+            prime = prime_rev_map[vm_name]
+            for vlan in vm["vlans"]:
+                vms[prime]["vlans"].append(vlan)
+
+        return vms
+
+    def modify_l3_address(self, address: str, offset: int) -> str:
+        delim = ":" if ":" in address else "."
+        octets = address.split(delim)
+        addr = octets[:-1] + ["0"]
+        addr = ip_address(delim.join(addr))
+        return str(addr + offset)
+
+    def converge_peers(self,
+                       if_index_mapping: Dict[str, List[int]],
+                       offset_mapping: Dict[str, int]) -> Dict[str, Union[int, str]]:
+        '''
+        Helper to converge the section of the input topology where the actual cEOSLab
+        instance configuration is laid out.  This is where interface and BGP
+        configuration is translated.
+        '''
+        peers = self.topo["configuration"]
+        convergence_data = {}
+        new_peers = {}
+        bp_addrs = {}
+        for dev in self.prime_devices:
+            properties = deepcopy(peers[dev]["properties"])
+            asn = peers[dev]["bgp"]["asn"]
+            new_peers[dev] = {"properties": properties,
+                              "vrf": {},
+                              "bgp": {"asn": asn},
+                              "intf_mapping": {}}
+
+        # Backplane L3 addresses are laid out for clarity-- addresses with odd
+        # least-signifcant octets or hextets are assigned to the interfaces of the
+        # PTF container, and those with even least-signifcant octets or hextets are
+        # assigned to the cEOSLab containers.  The addresses alternate.  We start at
+        # 100 as the IPv4 addresses used for backplane connections in most of the
+        # testbed topology files used with this conversion script lie in that range.
+        # We use a similar range for IPv6 for simplicity.
+        peer_bp_addr_offset = 100
+        ptf_bp_addr_offset = 101
+        base_v4_addr = "10.10.246.0"
+        base_v6_addr = "fc0a::"
+        for prime_dev, peer_list in self.prime_device_mapping.items():
+            intf_counter_base = 1
+            eth_intf_index = 1
+            offset = 0
+            for i, peer_name in enumerate(peer_list):
+                #  For simplicity, VRFs are just peer names.
+                vlan_id = BASE_VLAN_ID + offset_mapping[peer_name]
+                peer = peers[peer_name]
+                vrf_name = peer_name
+                peer_intfs = peer["interfaces"]
+                orig_intf_map = {}
+
+                intf_index = i + intf_counter_base
+                vrf = {f"Vlan{vlan_id}": {}}
+
+                for intf, config in peer_intfs.items():
+                    if "Ethernet" not in intf:
+                        continue
+                    eth_intf = f"Ethernet{eth_intf_index}"
+                    vrf[eth_intf] = deepcopy(peer_intfs[intf])
+                    orig_intf_map[intf] = eth_intf
+                    eth_intf_index += 1
+
+                if "Port-Channel1" in peer_intfs:
+                    po_intf = f"Port-Channel{intf_index}"
+                    orig_intf_map["Port-Channel1"] = po_intf
+                    vrf[po_intf] = deepcopy(
+                            peer_intfs["Port-Channel1"])
+                if "Loopback0" in peer_intfs:
+                    lo_intf = f"Loopback{intf_index}"
+                    orig_intf_map["Loopback0"] = lo_intf
+                    vrf[lo_intf] = deepcopy(peer_intfs["Loopback0"])
+
+                new_peers[prime_dev]["vrf"][vrf_name] = vrf
+
+                bp_addr_data = {}
+                if "ipv4" in peer["bp_interface"]:
+                    bp_addr_data["ipv4"] = f"{self.modify_l3_address(base_v4_addr, ptf_bp_addr_offset)}/31"
+                    vrf[f"Vlan{vlan_id}"]["ipv4"] = f"{self.modify_l3_address(base_v4_addr, peer_bp_addr_offset)}/31"
+                if "ipv6" in peer["bp_interface"]:
+                    bp_addr_data["ipv6"] = f"{self.modify_l3_address(base_v6_addr, ptf_bp_addr_offset)}/127"
+                    bp_addr_data["router-id"] = f"{self.modify_l3_address(base_v4_addr, ptf_bp_addr_offset)}"
+                    vrf[f"Vlan{vlan_id}"]["ipv6"] = f"{self.modify_l3_address(base_v6_addr, peer_bp_addr_offset)}/127"
+                if bp_addr_data:
+                    bp_addr_data["vlan"] = vlan_id
+                    bp_addrs[peer_name] = bp_addr_data
+
+                if not new_peers[prime_dev]["intf_mapping"]:
+                    # If we are filling in a prime_dev for the first time, reset the
+                    # offset
+                    offset = 0
+                new_peers[prime_dev]["intf_mapping"][vrf_name] = {"offset": offset, "orig_intf_map": orig_intf_map}
+                offset += 1
+                peer_bp_addr_offset += 2
+                ptf_bp_addr_offset += 2
+
+        convergence_data["converged_peers"] = new_peers
+        convergence_data["convergence_mapping"] = deepcopy(self.prime_device_mapping)
+        convergence_data["interface_index_mapping"] = if_index_mapping
+        convergence_data["vm_offset_mapping"] = offset_mapping
+        if bp_addrs:
+            convergence_data["ptf_backplane_addrs"] = bp_addrs
+        return convergence_data
+
+    def converge_topo(self) -> None:
+        '''
+        Converge the read DUT/cEOSLab topology into the fewest cEOSLab docker
+        instances as possible.  The number of containers is based on the roles
+        required by the topology
+
+        i.e. a topology with the "tor" and "spine" roles defined with be converged to
+        use two cEOSLab docker instances, one per role.
+        '''
+        new_topo = self.converged_topo["topology"]
+        old_topo = self.topo["topology"]
+
+        self.converged_topo["topo_is_multi_vrf"] = True
+
+        # We don't need to change the host_interfaces portion of the passed topo, so
+        # copy
+        # it over as is.
+        key = "host_interfaces"
+        if key in old_topo:
+            new_topo[key] = old_topo[key].copy()
+
+        key = "VMs"
+        # Save off which vm had which interface index as we will need this later
+        interface_indexes = {}
+        offsets = {}
+        for vm, data in self.topo["topology"]["VMs"].items():
+            interface_indexes[vm] = data["vlans"]
+            offsets[vm] = data["vm_offset"]
+        vms = self.converge_vms()
+        new_topo[key] = vms
+
+        # The DUT configuration and general configuration properties should be
+        # unchanged as well.
+        key = "DUT"
+        if key in old_topo:
+            new_topo[key] = old_topo[key].copy()
+
+        new_topo = self.converged_topo
+        old_topo = self.topo
+        key = "configuration_properties"
+        new_topo[key] = old_topo[key].copy()
+
+        # convergence metadata
+        key = "configuration"
+        new_topo[key] = old_topo[key].copy()
+        new_topo["convergence_data"] = self.converge_peers(interface_indexes, offsets)
+
+    def run(self) -> None:
+        self.parse_properties()
+        self.converge_topo()
+        with open(self.file_out, "w", encoding="utf-8") as out_file:
+            yaml.dump(self.converged_topo, out_file,
+                      Dumper=ListIndentDumper, sort_keys=False)
+
+
+def converge_testbed(input_file: str, output_file: str) -> None:
+    with open(input_file, "r", encoding="utf-8") as in_file:
+        topo = yaml.safe_load(in_file)
+    converger = SonicTopoConverger(topo, output_file)
+    converger.run()