Closed Azarack closed 5 months ago
@judyjoseph would you be able to take a tab on this? Thanks.
@Azarack can you share the profile MSP1-AES-XPN-256 which you used. I shall take a look further as it is failing to parse the CAK key in profile.
@judyjoseph I don't have that profile handy, but I do have this one which encountered the same issue:
{'profile': {'priority': 64, 'cipher_suite': 'GCM-AES-XPN-256', 'primary_cak': '207b757a60617745504e5a20747a7c76725e524a450d0d01040a0c75297822227e07554155500e5d5157786d6c2a3d2031425a5e577e7e727f6b6c033124322627', 'primary_ckn': '6162636465666768696A6B6C6D6E6F707172737475767778797A303132333435', 'policy': 'security', 'send_sci': 'true', 'rekey_period': 240, 'name': '256_XPN_SCI'}, 'ctrl_links': defaultdict(<class 'dict'>, {'Ethernet16': {'name': 'ARISTA01T3', 'host':
Issue is resolved in 202305 build.
@judyjoseph I am still seeing the issue in latest 202305 branch with different vendor platforms on T0/T1 switches.
Jul 11 16:37:44.349180 sonic NOTICE macsec#macsecmgrd: :- loadProfile: The MACsec profile 'macsecdebug3' is loaded Jul 11 16:38:09.663608 sonic NOTICE python3: :- publish: EVENT_PUBLISHED: {"sonic-events-host:event-down-ctr":{"ctr_name":"gnmi","timestamp":"2024-07-11T16:38:09.662458Z"}} Jul 11 16:39:01.239133 sonic WARNING swss#orchagent: :- parsePortConfig: Unknown field(macsec): skipping ... Jul 11 16:39:01.260015 sonic NOTICE swss#portmgrd: :- doTask: Configure Ethernet64 MTU to 9100 Jul 11 16:39:01.273261 sonic NOTICE swss#portmgrd: :- doTask: Configure Ethernet64 admin status to up Jul 11 16:39:01.282037 sonic INFO macsec#supervisord: macsecmgrd Failed to connect to wpa_supplicant global interface: /var/run/Ethernet64 error: No such file or directory Jul 11 16:39:01.295881 sonic NOTICE macsec#wpa_supplicant[32]: Successfully initialized wpa_supplicant Jul 11 16:39:01.447411 sonic ERR macsec#wpa_supplicant[32]: Line 0: Invalid MKA-CAK 'eP##003Ӏˀ@#017k#016ퟻ�jO!-ïżTa6'. Jul 11 16:39:01.448059 sonic WARNING macsec#macsecmgrd: :- configureMACsec: Enable MACsec fail : Wpa_cli command : /sbin/wpa_cli -g /var/run/Ethernet64 IFNAME=Ethernet64 set_network 0 mka_cak eP##003Ӏˀ@#017k#016ퟻ�jO!-ïżTa6 Jul 11 16:39:01.448204 sonic WARNING macsec#macsecmgrd: :- enableMACsec: The MACsec profile 'macsecdebug3' on the port 'Ethernet64' loading fail Jul 11 16:39:01.509824 sonic NOTICE macsec#macsecmgrd: :- disableMACsec: The MACsec profile 'macsecdebug3' on the port 'Ethernet64' is removed
SONiC Software Version: SONiC.202305.592529-f2c7544bf SONiC OS Version: 11 Distribution: Debian 11.8 Kernel: 5.10.0-23-2-amd64 Build commit: f2c7544bf Build date: Thu Jul 11 12:52:33 UTC 2024 Built by: cloudtest@ac55a016c000007
@kamalsahu0001 The support for macsec was enabled for devices in SpineRouter role, i.e T2. Could you try it on a T2 device ?
@judyjoseph So, support is not available for T0/T1 switches?
Description
When configuring an interface to use macsec the macsec docker container is crashing causing unexpected behavior.
Steps to reproduce the issue:
Describe the results you received: Macsec docker crashes and further macsec commands fail.
Describe the results you expected: Interface to be configured and use macsec.
Additional information you deem important:
The same behavior was seen with the master image as well.
sonic_dump_vlab-t2-01_20240221_210623.tar.gz