liat-grozovik
commented
4 years ago Mellanox team will review and provide a fix. Need to close the expected behaviour first and later on we will describe the solution.
Open mkovnir opened 4 years ago
liat-grozovik
commented
4 years ago Mellanox team will review and provide a fix. Need to close the expected behaviour first and later on we will describe the solution.
Description
ACL_TABLE_L3V6 table on Mellanox switches cant be created due to unsupported ETHERTYPE field.
Steps to reproduce the issue:
Configure section ACL_TABLE with type "L3V6" and section ACL_RULE with one rule. Example: { "ACL_TABLE": { "port29-v6-in": { "policy_desc": "ingress v6 acl for port29", "type": "L3V6", "ports": ["Ethernet112"], "stage": "ingress" } }, "ACL_RULE": { "port29-v6-in|default": { "PRIORITY": "1", "SRC_IPV6": "0:0:0:0:0:0:0:0/0", "PACKET_ACTION": "DROP" } } }
Check logs from syncd and swss with keyword "ACL"
Describe the results you received: Syncd and swss reports errors about ACL_TABLE creation failure:
INFO syncd#supervisord: syncd Jan 16 09:31:18 ERROR ACL: Failed calculating key blocks. INFO swss#supervisord: orchagent what(): parse error - unexpected end of input ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_ACL_BIND_POINT_TYPE_LIST: 2:SAI_ACL_BIND_POINT_TYPE_PORT,SAI_ACL_BIND_POINT_TYPE_LAG ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_ETHER_TYPE: true ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_ACL_IP_TYPE: true ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_IP_PROTOCOL: true ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_SRC_IPV6: true ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_DST_IPV6: true ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_ICMPV6_TYPE: true ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_ICMPV6_CODE: true ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_L4_SRC_PORT: true ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_L4_DST_PORT: true ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_TCP_FLAGS: true ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_FIELD_ACL_RANGE_TYPE: 2:SAI_ACL_RANGE_TYPE_L4_DST_PORT_RANGE,SAI_ACL_RANGE_TYPE_L4_SRC_PORT_RANGE ERR syncd#syncd: :- processEvent: attr: SAI_ACL_TABLE_ATTR_ACL_STAGE: SAI_ACL_STAGE_INGRESS ERR syncd#syncd: :- processEvent: failed to execute api: create, key: SAI_OBJECT_TYPE_ACL_TABLE:oid:0x70000000005a7, status: SAI_STATUS_FAILURE INFO syncd#supervisord: syncd Jan 16 09:31:18 ERROR SAI_ACL: mlnx_sai_acl.c[11234]- mlnx_create_acl_table: Failed to create flex key - Internal Error. ERR syncd#syncd: :- syncd_main: Runtime error: :- processEvent: failed to execute api: create, key: SAI_OBJECT_TYPE_ACL_TABLE:oid:0x70000000005a7, status: SAI_STATUS_FAILURE
Describe the results you expected: ACL IPv6 table should be created and populated with rules, no SAI errors should be generated.
Output of
show version: SONiC Software Version: SONiC.HEAD.129-0c9040de Distribution: Debian 9.11 Kernel: 4.9.0-9-2-amd64 Build commit: 0c9040de Build date: Thu Nov 21 12:50:41 UTC 2019 Built by: johnar@jenkins-worker-4Platform: x86_64-mlnx_msn2700-r0 HwSKU: Mellanox-SN2700 ASIC: mellanox