search

sonic-net / SONiC

Landing page for Software for Open Networking in the Cloud (SONiC) - https://sonic-net.github.io/SONiC/
2.18k stars 1.1k forks source link

Interfaces are going down (Operational status) when we mention the ACL stage as "EGRESS", where as respective port status on IXIA (External Traffic Generator) is UP. #270

Open chaitanc opened 5 years ago

chaitanc commented 5 years ago

I am working on configuring ACL (IPV4 / IPV6). I am able to verify the behavior of ACL's at INGRESS stage, when I am trying to verify at EGRESS stage, all the interfaces on the device are going down even though they are physically UP (LED glowing) and also at IXIA.

I am using below configuration in my config_db.json,

Configuration:

"ACL_TABLE": {
        "1": {
            "stage": "EGRESS",
            "type": "L3",
            "ports": "Ethernet20",
            "policy_desc": "Counter"
        },
        "3": {
            "stage": "EGRESS",
            "type": "L3V6",
            "ports": "Ethernet36",
            "policy_desc": "L3V6 ACL"
        }
    },
"ACL_RULE": {
        "1|1": {
            "PRIORITY": "55",
            "IP_TYPE": "ipv4any",
            "SRC_IP": "10.10.0.26/32",
            "PACKET_ACTION": "forward",
            "DST_IP": "10.10.1.26/32"
        },
        "3|1": {
            "PRIORITY": "55",
            "IP_TYPE": "ipv6any",
            "SRC_IPV6": "2001:0:3238:DFE1:63:0:0:FEFB/128",
            "PACKET_ACTION": "forward",
            "DST_IPV6": "3001:0:3238:DFE1:63:0:0:FEFB/128"
        }
    },

If it is not supported then SONiC should show some log as unsupported. If my configuration is wrong, let me know the correct configuration.

SONiC Version:

admin@sonic-testing:~$ show version
SONiC Software Version: SONiC.HEAD.748-dirty-20181021.115113
Distribution: Debian 9.5
Kernel: 4.9.0-7-amd64
Build commit: 5c65c77
Build date: Sun Oct 21 14:57:29 UTC 2018
Built by: johnar@jenkins-worker-3
CLUDev commented 5 years ago

Have a similar issue with Portchannel. After applying "config load_minigraph -y", the ports went up

By checking "/var/log/syslog", the "port state change notification" was not triggered so the port status is not updated until "config load_minigraph"

CLUDev commented 5 years ago

In my case of portchannel, eventually found that it is caused by the switch SAI where it failed to create ACL TABLE with egress stage, and so that syncd has no way to update the operational port status.