Closed idanhac closed 1 year ago
In dflt_params.py for example: 'ACL_NSG_COUNT': 5, # 5 (per direction per ENI) 'ACL_RULES_NSG': 5, # 1000 'IP_PER_ACL_RULE': 7, # 128
'IP_MAPPED_PER_ACL_RULE': 7, 'IP_ROUTE_DIVIDER_PER_ACL_RULE': 2, # 16 (must be 2^N)
Issue 1: Expected to create 5 rules per stage according to this parameter ACL_RULES_NSG but instead it creates 6
Issue 2: Expected to create 7 prefixes per direction but create 8 instead
"DASH_ACL_RULE_TABLE:2005:rule1004": { "priority": 1004, "action": "deny", "terminating": "true", "src_addrs": "1.76.2.2/32,1.76.2.4/32,1.76.2.6/32,1.76.2.8/32,1.76.2.10/32,1.76.2.12/32,1.76.2.14/32,1.65.0.1/32", "dst_addrs": "1.76.2.2/32,1.76.2.4/32,1.76.2.6/32,1.76.2.8/32,1.76.2.10/32,1.76.2.12/32,1.76.2.14/32,1.65.0.1/32" }, "OP": "SET"
last NSG table in outbound and inbound have one extra rule, dash states minimum requirements 1000, having 2 extra rules per ENI should be no problem.
In dflt_params.py for example: 'ACL_NSG_COUNT': 5, # 5 (per direction per ENI) 'ACL_RULES_NSG': 5, # 1000 'IP_PER_ACL_RULE': 7, # 128
128 (must be equal with IP_PER_ACL_RULE) TODO: not implemented
Issue 1: Expected to create 5 rules per stage according to this parameter ACL_RULES_NSG but instead it creates 6
Issue 2: Expected to create 7 prefixes per direction but create 8 instead