Fix test_acl.py [ipv6-ingress-uplink->downlink-*] cases for v6 topo#21760
Merged
bingwang-ms merged 2 commits intosonic-net:masterfrom Feb 25, 2026
Merged
Conversation
Signed-off-by: markxiao <markxiao@arista.com>
Collaborator
|
/azp run |
github-actions
bot
requested review from
abdosi,
stepanblyschak and
xwjiang-ms
|
Azure Pipelines successfully started running 1 pipeline(s). |
Contributor
Contributor
|
hey @r12f , @markx-arista, I see there is conflict to cherry pick to 202412, can you please cherry pick the change manually to 202412 repo? |
7 tasks
Contributor
Author
Hi, it is done: Azure/sonic-mgmt.msft#942 |
davidm-arista
added
the
Request for 202511 branch
This was referenced Jan 21, 2026
Collaborator
|
/azp run |
With extra ACL rules for V6 topo, some topos need longer timeout Signed-off-by: markxiao <markxiao@arista.com>
|
Azure Pipelines successfully started running 1 pipeline(s). |
markx-arista
force-pushed
the
master-fix-acl-ingress-uplink-to-downlink-v6-topo
branch
from
f5e69f8 to
6078d3c
Compare
Collaborator
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Collaborator
|
@bingwang-ms would you help to take a look? |
r12f
approved these changes
Feb 5, 2026
r12f
pushed a commit
to Azure/sonic-mgmt.msft
that referenced
this pull request
Feb 5, 2026
…v6 topo (#942) <!-- Please make sure you've read and understood our contributing guidelines; https://github.com/sonic-net/SONiC/blob/gh-pages/CONTRIBUTING.md Please provide following information to help code review process a bit easier: --> ### Description of PR <!-- - Please include a summary of the change and which issue is fixed. - Please also include relevant motivation and context. Where should reviewer start? background context? - List any dependencies that are required for this change. --> Summary: t0-isolated-v6-*: Downstream neighbors are servers connected to VLAN interface. Use DOWNSTREAM_DST_IP_VLAN as dest ips. IPv6 cases have been skipped for t0 since beginning, only fix it for v6 topos now. t1-isolated-v6-*: V6 topo files set ipv6_address_pattern: 2064:100:0::%02X%02X:%02X%02X:0/120. announce_routes.py uses the pattern to generate routes for PTF and pass them to VMs. If it is not set, default pattern 20%02X:%02X%02X:0:%02X::/64 is used. acl tests use hardcoded dest ip 20c0:a800::1 that is not covered by v6 topo pattern, so packets are forwarded with the default route to upstream VM. Fix it by changing dest ip for v6 topos, also add acl rules for these dest ips. With extra ACL rules for v6 topos, also increase timeout for check_rule_counters. Manual cherry pick of sonic-net/sonic-mgmt#21760 ### Type of change <!-- - Fill x for your type of change. - e.g. - [x] Bug fix --> - [ ] Bug fix - [ ] Testbed and Framework(new/improvement) - [ ] New Test case - [ ] Skipped for non-supported platforms - [x] Test case improvement ### Back port request - [x] 202412 - [x] 202505 ### Approach #### What is the motivation for this PR? test_acl.py [ipv6-ingress-uplink->downlink-*] cases failed on v6 topo #### How did you do it? Correct DOWNSTREAM_DST_IP for t0/t1-isolated-v6-*. topos, and add corresponding acl rules #### How did you verify/test it? Test passed on t0/t1-isolated-v6-*. topos #### Any platform specific information? #### Supported testbed topology if it's a new test case? ### Documentation <!-- (If it's a new feature, new test case) Did you update documentation/Wiki relevant to your implementation? Link to the wiki page? --> --------- Signed-off-by: markxiao <markxiao@arista.com>
r12f
added
Approved for msft-202412 Branch
Included in msft-202412 Branch
and removed
Cherry Pick Conflict_msft-202412
labels
Collaborator
|
Pick to 202412: Azure/sonic-mgmt.msft#942 |
12 tasks
mssonicbld
pushed a commit
to mssonicbld/sonic-mgmt
that referenced
this pull request
Feb 25, 2026
…onic-net#21760) * Fix acl [ipv6-ingress-uplink->downlink-*] cases for v6 topo Signed-off-by: mssonicbld <sonicbld@microsoft.com>
Collaborator
|
Cherry-pick PR to 202511: #22617 |
Collaborator
|
Cherry-pick PR to msft-202412: |
Merged
7 tasks
aronovic
pushed a commit
to aronovic/sonic-mgmt
that referenced
this pull request
Mar 3, 2026
…onic-net#21760) * Fix acl [ipv6-ingress-uplink->downlink-*] cases for v6 topo Signed-off-by: Mihut Aronovici <aronovic@cisco.com>
rraghav-cisco
pushed a commit
to rraghav-cisco/sonic-mgmt
that referenced
this pull request
Mar 3, 2026
…onic-net#21760) * Fix acl [ipv6-ingress-uplink->downlink-*] cases for v6 topo Signed-off-by: Raghavendran Ramanathan <rraghav@cisco.com>
kazinator-arista
pushed a commit
to kazinator-arista/sonic-mgmt
that referenced
this pull request
Mar 4, 2026
[202411][Mellanox] Update SDK/FW Version to 4.7.2202/2014.2202
mssonicbld
pushed a commit
that referenced
this pull request
Mar 11, 2026
…21760) * Fix acl [ipv6-ingress-uplink->downlink-*] cases for v6 topo Signed-off-by: mssonicbld <sonicbld@microsoft.com>
mssonicbld
added
Included in 202511 branch
and removed
Created PR to 202511 branch
labels
abhishek-nexthop
pushed a commit
to nexthop-ai/sonic-mgmt
that referenced
this pull request
Mar 17, 2026
…onic-net#21760) * Fix acl [ipv6-ingress-uplink->downlink-*] cases for v6 topo Signed-off-by: Abhishek <abhishek@nexthop.ai>
vrajeshe
pushed a commit
to vrajeshe/sonic-mgmt
that referenced
this pull request
Mar 23, 2026
…onic-net#21760) * Fix acl [ipv6-ingress-uplink->downlink-*] cases for v6 topo Signed-off-by: Venkata Gouri Rajesh Etla <vrajeshe@cisco.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description of PR
Summary:
t0-isolated-v6-*:
Downstream neighbors are servers connected to VLAN interface. Use DOWNSTREAM_DST_IP_VLAN as dest ips. IPv6 cases have been skipped for t0 since beginning, only fix it for v6 topos now.
t1-isolated-v6-*:
V6 topo files set ipv6_address_pattern: 2064:100:0::%02X%02X:%02X%02X:0/120.
announce_routes.py uses the pattern to generate routes for PTF and pass them to VMs. If it is not set, default pattern 20%02X:%02X%02X:0:%02X::/64 is used.
acl tests use hardcoded dest ip 20c0:a800::1 that is not covered by v6 topo pattern, so packets are forwarded with the default route to upstream VM.
Fix it by changing dest ip for v6 topos, also add acl rules for these dest ips.
With extra ACL rules for v6 topos, also increase timeout for check_rule_counters.
Fixes #21770
Type of change
Back port request
Approach
What is the motivation for this PR?
test_acl.py [ipv6-ingress-uplink->downlink-*] cases failed on v6 topo
How did you do it?
Correct DOWNSTREAM_DST_IP for t0/t1-isolated-v6-*. topos, and add corresponding acl rules
How did you verify/test it?
Test passed on t0/t1-isolated-v6-*. topos
Any platform specific information?
Supported testbed topology if it's a new test case?
Documentation