HLD - Deterministic MACsec backend selection for gearbox ports#2072
Open
rajshekhar-nexthop wants to merge 1 commit intosonic-net:masterfrom
Open
HLD - Deterministic MACsec backend selection for gearbox ports#2072rajshekhar-nexthop wants to merge 1 commit intosonic-net:masterfrom
rajshekhar-nexthop wants to merge 1 commit intosonic-net:masterfrom
Conversation
Collaborator
|
/azp run |
|
No pipelines are associated with this pull request. |
rajshekhar-nexthop
force-pushed
the
rajshekhar.no-iss.macsec_gearbox_hld
branch
from
7e40f37 to
2f78a99
Compare
Collaborator
|
/azp run |
|
No pipelines are associated with this pull request. |
rajshekhar-nexthop
changed the title
Collaborator
|
/azp run |
|
No pipelines are associated with this pull request. |
rajshekhar-nexthop
force-pushed
the
rajshekhar.no-iss.macsec_gearbox_hld
branch
from
c6995a9 to
c8767f2
Compare
Collaborator
|
/azp run |
|
No pipelines are associated with this pull request. |
rajshekhar-nexthop
force-pushed
the
rajshekhar.no-iss.macsec_gearbox_hld
branch
from
c8767f2 to
5711c3b
Compare
Collaborator
|
/azp run |
|
No pipelines are associated with this pull request. |
Author
|
Code changes associated with this HLD has been merged. Can we get this HLD also merged please? Thanks |
mssonicbld
added a commit
to mssonicbld/sonic-swss
that referenced
this pull request
Jan 12, 2026
…x ports <!-- Please make sure you have read and understood the contribution guildlines: https://github.com/Azure/SONiC/blob/gh-pages/CONTRIBUTING.md 1. Make sure your commit includes a signature generted with `git commit -s` 2. Make sure your commit title follows the correct format: [component]: description 3. Make sure your commit message contains enough details about the change and related tests 4. Make sure your pull request adds related reviewers, asignees, labels Please also provide the following information in this pull request: --> **What I did** Introduce a platform capability flag in the gearbox config to determine, per PHY, whether MACsec is supported (applies to all ports mapped to that PHY). MACsec orchestration will: - Use PHY switch by default on gearbox ports - Use NPU/global switch only when the platform marks the PHY as not supporting MACsec Have added three DVS testcases: test_macsec_phy_switch_default: This tests the scenario when the macsec_supported field is absent in the gearbox_config.json test_macsec_phy_switch_explicit: This tests the scenario when the macsec_supported field is set as true in the gearbox_config.json test_macsec_npu_switch: This tests the scenario when the macsec_supported field is set as false in the gearbox_config.json **Why I did it** On gearbox ports, creating MACsec on the PHY switch fails (SAI_STATUS_NOT_IMPLEMENTED) if gearbox PHY does not have the MACsec engine. **How I verified it** Manually verified on DUT by adding macsec_supported=false in gearbox_config.json and configuring the macsec on the PHY port. Also ran the dvs testcase and made sure it is passing `sudo pytest -v tests/test_macsec_gearbox.py` **Details if related** HLD: sonic-net/SONiC#2072 gearbox_config.json changes are posted here: https://github.com/sonic-net/sonic-buildimage/pull/24169/files#diff-737ea59a7eba8ea0ed71a15a052868815f7faad351fd353736ad196932bed57a Co-authored by @shreyansh-nexthop
mssonicbld
added a commit
to sonic-net/sonic-swss
that referenced
this pull request
Jan 12, 2026
…x ports (#4126) <!-- Please make sure you have read and understood the contribution guildlines: https://github.com/Azure/SONiC/blob/gh-pages/CONTRIBUTING.md 1. Make sure your commit includes a signature generted with `git commit -s` 2. Make sure your commit title follows the correct format: [component]: description 3. Make sure your commit message contains enough details about the change and related tests 4. Make sure your pull request adds related reviewers, asignees, labels Please also provide the following information in this pull request: --> **What I did** Introduce a platform capability flag in the gearbox config to determine, per PHY, whether MACsec is supported (applies to all ports mapped to that PHY). MACsec orchestration will: - Use PHY switch by default on gearbox ports - Use NPU/global switch only when the platform marks the PHY as not supporting MACsec Have added three DVS testcases: test_macsec_phy_switch_default: This tests the scenario when the macsec_supported field is absent in the gearbox_config.json test_macsec_phy_switch_explicit: This tests the scenario when the macsec_supported field is set as true in the gearbox_config.json test_macsec_npu_switch: This tests the scenario when the macsec_supported field is set as false in the gearbox_config.json **Why I did it** On gearbox ports, creating MACsec on the PHY switch fails (SAI_STATUS_NOT_IMPLEMENTED) if gearbox PHY does not have the MACsec engine. **How I verified it** Manually verified on DUT by adding macsec_supported=false in gearbox_config.json and configuring the macsec on the PHY port. Also ran the dvs testcase and made sure it is passing `sudo pytest -v tests/test_macsec_gearbox.py` **Details if related** HLD: sonic-net/SONiC#2072 gearbox_config.json changes are posted here: https://github.com/sonic-net/sonic-buildimage/pull/24169/files#diff-737ea59a7eba8ea0ed71a15a052868815f7faad351fd353736ad196932bed57a Co-authored by @shreyansh-nexthop
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
On gearbox ports, creating MACsec on the PHY switch fails (SAI_STATUS_NOT_IMPLEMENTED) if gearbox PHY does not have the MACsec engine. To resolve this, introduce a platform capability flag in the gearbox config to determine, per PHY, whether MACsec is supported (applies to all ports mapped to that PHY).
MACsec orchestration will:
Code changes PR: sonic-net/sonic-swss#3926