Adjusting ACL test cases for DNX (J2c+) chipset on a T2 VoQ Chassis#6390
Adjusting ACL test cases for DNX (J2c+) chipset on a T2 VoQ Chassis#6390tjchadaga merged 4 commits intosonic-net:masterfrom
Conversation
|
|
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
There was a problem hiding this comment.
@sanjair-git - Since there is workaround for this limitation (sonic-net/sonic-swss#2178), these tests may not need to be skipped. Could you please check and update the PR?
There was a problem hiding this comment.
@tjchadaga - the fix in (sonic-net/sonic-swss#2178), allows us to run any of the egress ACL tests against DNX chipset. However, due to the limitation of DNX chipset with regards to IPv6 src and dst address present in the ACL rule ( BRCM CSP #CS00012257197), 8 tests 'test_icmp_match_forwarded' are throwing errors in counters not incremented for RULE_3. Therefore, we have expect these tests to fail on DNX chipset.
There was a problem hiding this comment.
@sanmalho-git - Is it possible to tweak the IP address to avoid this conflict with 64-bits?
Added tests that were commented out accidentally
|
The pre-commit check detected issues in the files touched by this pull request. For old issues, it is not mandatory to fix them because they were not caused by this change. It is unfair to blame Detailed pre-commit check results: To run the pre-commit checks locally, you can follow below steps:
|
|
Attaching the test run logs for reference,
|
…6390) * Adding xfail for ACL tests that fail on DNX * Supporting egress ACL on broadcom-dnx chipset Added tests that were commented out accidentally * Chaging comment from skipping to ignoring failure * Added unique source and destination IPV6 fields for ACL rules. Ref CSP CS00012257197 Co-authored-by: sanmalho <[email protected]>
…ic-mgmt into internal-202205 Fix merge conflicts. - [pre-commit] Fix style issues in test scripts under `tests/acl` folder (sonic-net#6679) - Moving check for reboot cause after interface status check (sonic-net#6721) - Adding watchdog timeout values for Cisco 8808 Supervisor and Different LCs (sonic-net#6776) - add Ether check in macsec_dp_poll (sonic-net#6828) - Disable PFC watchdog in test_cpu_memory_usage_counterpoll (sonic-net#6851) - Testcase to verify that lossless traffic is not dropped during congesion. (sonic-net#6853) - Ignore Broadcom sai sai unbind ERR log for now (sonic-net#6539) - [chassis][multi-asic] update the loganalyser regex for multi asic (sonic-net#6885) - [mx] Fix test_acl failed on mx topo (sonic-net#6971) (sonic-net#6983) - [202205][mx] Add support for mx in test_null_route_helper (sonic-net#6967) (sonic-net#6982) - [m0][everflow] Add m0 support for everflow and refactor everflow setup_info (sonic-net#6900) - [ACL] Add acl stress test (sonic-net#6903) - Enhance test_tor_ecn (sonic-net#6906) - Fix erros - Added unique IPV6 address for the missed ACL rules PR sonic-net#6390 (sonic-net#6909) - enabled bfd tests (sonic-net#6919) - Skip bgp speaker test on backend topo (sonic-net#6922) - [advanced-reboot] Handle logs in tmpfs: backup two log files before reboot (sonic-net#6923) - Fix missing definition (sonic-net#6930) - [Mellanox] Add minimal table definition for SN2201 (sonic-net#6943) - Update qos test param for dualtor topology (sonic-net#6948) - fix setup for single asic lc (sonic-net#6951) - Fix QoS sai test for running with python3 (sonic-net#6961) - Don't fail if logrotate cron job file isn't present (sonic-net#6964) - Disable post sanity check for vxlan test (sonic-net#6980) - Merge branch 'azure-202205' into dev/yaqiangzhu/202205_merge
5 participants
Description of PR
Summary:
Fixes # (issue)
This PR addresses the following:
Type of change
Back port request
Approach
What is the motivation for this PR?
Currently, ACL tests in egress direction are skipped for broadcom based chipsets. However, DNX chipset supports egress and ingress ACL's.
Due to the limitation of DNX chipset with regards to IPv6 src and dst address present in the ACL rule ( BRCM CSP #CS00012257197), 8 tests 'test_icmp_match_forwarded' are throwing errors in counters not incremented for RULE_3.
Hence, we added unique source and destination IPV6 address fields to the ACL rules used for the tests mentioned above.
How did you do it?
Added support for Egress ACL on broadcom-dnx chipset
Added unique 64 bit fields for the destination IPV6 addresses so that source and destination addresses won't match in the ACL rules being used.
How did you verify/test it?
Ran ACL tests against T2 chassis with linecards with J2c+ DNX chipset with PR# #5707 that allows to run ACL tests against a T2 chassis
Any platform specific information?
Supported testbed topology if it's a new test case?
Documentation