Testcase and pipeline updates for supporting nightly run with macsec enabled topology.#17087
Merged
judyjoseph merged 27 commits intosonic-net:masterfrom May 15, 2025
Merged
Conversation
Collaborator
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Collaborator
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Collaborator
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Collaborator
|
/azp run |
|
Pull request contains merge conflicts. |
Collaborator
|
/azp run |
|
Pull request contains merge conflicts. |
… if macsec is anebled, introduce the force_reload option if we need to reload macsec config for a port
…ec case in t2 topo
judyjoseph
requested review from
StormLiangMS,
prgeor,
wangxin and
yxieca
as code owners
Collaborator
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
judyjoseph
force-pushed
the
macsec_nightly_run_fixes
branch
from
4967786 to
4fbc9b3
Compare
Collaborator
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Collaborator
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
abdosi
previously approved these changes
May 9, 2025
Contributor
Author
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Collaborator
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Contributor
Author
|
Resolved a conflict with master branch, I am keeping change in master branch itself |
Contributor
Author
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Contributor
Author
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Collaborator
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
abdosi
approved these changes
May 15, 2025
arlakshm
pushed a commit
to Azure/sonic-mgmt.msft
that referenced
this pull request
Jun 24, 2025
This PR is to cherry-pick macsec changes done in master to get the macsec nightly pipeline run. Below are the commits included. sonic-net/sonic-mgmt#15905 sonic-net/sonic-mgmt#16048 sonic-net/sonic-mgmt#16978 sonic-net/sonic-mgmt#17087 --------- Co-authored-by: Tejaswini Chadaga <[email protected]>
opcoder0
pushed a commit
to opcoder0/sonic-mgmt
that referenced
this pull request
Dec 8, 2025
…enabled topology. (sonic-net#17087) * Fixes found during nightly run with macsec enabled topology * Ffix for copp pfc voq ptftests * Fix the port_number to port_id things again * Fixes for acl tests, changes in config reload to pass override option if macsec is anebled, introduce the force_reload option if we need to reload macsec config for a port * Fixes to get generate_golden_config work when this run for a non macsec case in t2 topo * Add macsec support in acstests and saitests * Loop for count of packets to be sent as we need to increment PN * We need to import macsec to override send_packet and dp_poll * Changes moved to a different PR : sonic-net#17530 * Remove redundant macsec.py files - make it all point to ansible/roles/test/files/ptftests/macsec.py * Take care of T0 macsec tests as well, so that t0-sonic is fine * Additional fix to support multiple profile names given as input * Use the right command KEYS instead of HGET * Update comment, use macsec_card to set MacSecEnabled in DeviceMetadata * Skip ACL egress tests when run on macsec enabled toplogy with braodcom DNX Signed-off-by: opcoder0 <[email protected]>
AharonMalkin
pushed a commit
to AharonMalkin/sonic-mgmt
that referenced
this pull request
Dec 16, 2025
…enabled topology. (sonic-net#17087) * Fixes found during nightly run with macsec enabled topology * Ffix for copp pfc voq ptftests * Fix the port_number to port_id things again * Fixes for acl tests, changes in config reload to pass override option if macsec is anebled, introduce the force_reload option if we need to reload macsec config for a port * Fixes to get generate_golden_config work when this run for a non macsec case in t2 topo * Add macsec support in acstests and saitests * Loop for count of packets to be sent as we need to increment PN * We need to import macsec to override send_packet and dp_poll * Changes moved to a different PR : sonic-net#17530 * Remove redundant macsec.py files - make it all point to ansible/roles/test/files/ptftests/macsec.py * Take care of T0 macsec tests as well, so that t0-sonic is fine * Additional fix to support multiple profile names given as input * Use the right command KEYS instead of HGET * Update comment, use macsec_card to set MacSecEnabled in DeviceMetadata * Skip ACL egress tests when run on macsec enabled toplogy with braodcom DNX Signed-off-by: Aharon Malkin <[email protected]>
gshemesh2
pushed a commit
to gshemesh2/sonic-mgmt
that referenced
this pull request
Dec 21, 2025
…enabled topology. (sonic-net#17087) * Fixes found during nightly run with macsec enabled topology * Ffix for copp pfc voq ptftests * Fix the port_number to port_id things again * Fixes for acl tests, changes in config reload to pass override option if macsec is anebled, introduce the force_reload option if we need to reload macsec config for a port * Fixes to get generate_golden_config work when this run for a non macsec case in t2 topo * Add macsec support in acstests and saitests * Loop for count of packets to be sent as we need to increment PN * We need to import macsec to override send_packet and dp_poll * Changes moved to a different PR : sonic-net#17530 * Remove redundant macsec.py files - make it all point to ansible/roles/test/files/ptftests/macsec.py * Take care of T0 macsec tests as well, so that t0-sonic is fine * Additional fix to support multiple profile names given as input * Use the right command KEYS instead of HGET * Update comment, use macsec_card to set MacSecEnabled in DeviceMetadata * Skip ACL egress tests when run on macsec enabled toplogy with braodcom DNX Signed-off-by: Guy Shemesh <[email protected]>
gshemesh2
pushed a commit
to gshemesh2/sonic-mgmt
that referenced
this pull request
Jan 26, 2026
…enabled topology. (sonic-net#17087) * Fixes found during nightly run with macsec enabled topology * Ffix for copp pfc voq ptftests * Fix the port_number to port_id things again * Fixes for acl tests, changes in config reload to pass override option if macsec is anebled, introduce the force_reload option if we need to reload macsec config for a port * Fixes to get generate_golden_config work when this run for a non macsec case in t2 topo * Add macsec support in acstests and saitests * Loop for count of packets to be sent as we need to increment PN * We need to import macsec to override send_packet and dp_poll * Changes moved to a different PR : sonic-net#17530 * Remove redundant macsec.py files - make it all point to ansible/roles/test/files/ptftests/macsec.py * Take care of T0 macsec tests as well, so that t0-sonic is fine * Additional fix to support multiple profile names given as input * Use the right command KEYS instead of HGET * Update comment, use macsec_card to set MacSecEnabled in DeviceMetadata * Skip ACL egress tests when run on macsec enabled toplogy with braodcom DNX Signed-off-by: Guy Shemesh <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What is the motivation for this PR?
This PR has a set of fixes during the macsec nightly run.
How did you do it?
Following are the changes
Add the macsec.py to the acstests so that the tests which depends on this folder eg: lag_test.py passes
updates in ptftests/macsec.py, macsec/macsec_helper.py to handle the following
Add "import macsec.py" to all py3/* tests so that we get the global variable defined in ptftests/macsec.py
tests/acl/test_acl.py, force reload the masec key to make sure we get the updated macsec keys. This was needed as in acl testsuite there are cases when one of the test reboots the linecard, the following test will fail if we use the old key which is stored.
tests/acl/test_acl.py, skip the egress ACLI tests when macsec is enabled on topology - with broadcom DNX ASIC. since there is limitation in number of egress ACL groups (CS00012393192)
if the pipeline is run with enable-macsec option, use the override option always when load_minigraph is called to make sure we use the MACSEC_PROFILE defined in golden config
Remove autouse from macsec_setup() as the macsec sessions are already setup with add-topo and deploy-mg commands. So no need to setup here. Instead we set the auto_use=true to function load_macsec_info() which will make sure the macsec info is loaded
Add macsec.py in saitests/ dir. This is needed for qos testcases.
Outstanding issue:
I am still not able to pass a few tests in qos, and all copp tests where we have to send packets at a high rate. macsec_Send() function cannot send frames at a high rate since it does scapy.encap and scapy.encrypt. Need to find a solution.
How did you verify/test it?
The entire pipeline was run with the option "-e enable_macsec=True -e macsec_profile=MACSEC_PROFILE " with a good pass rate.
Any platform specific information?
Supported testbed topology if it's a new test case?
Documentation