-
Notifications
You must be signed in to change notification settings - Fork 543
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[DASH] add PA Validation orch #3357
base: master
Are you sure you want to change the base?
Conversation
/azp run |
Azure Pipelines successfully started running 1 pipeline(s). |
753af75
to
4a61327
Compare
a087597
to
e7cb0bc
Compare
new_entry = true; | ||
vni_addresses[entry.address] = 1; | ||
} else { | ||
vni_addresses[entry.address]++; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can this condition happen? PA validation entry addition for same {VNI, IpAddress}??
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, as part of DASH_VNET_MAPPING_TABLE processing:
sonic-swss/orchagent/dash/dashvnetorch.cpp
Line 373 in 1847195
auto it = pa_refcount_table_.find(pa_ref_key); |
statuses.emplace_back(); | ||
bulker.create_entry(&statuses.back(), &sai_entry, attr_count, &attr); | ||
|
||
gCrmOrch->incCrmResUsedCounter(entry.address.isV4() ? CrmResourceType::CRM_DASH_IPV4_PA_VALIDATION : CrmResourceType::CRM_DASH_IPV6_PA_VALIDATION); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this CRM_DASH_IPV4_PA_VALIDATION and CRM_DASH_IPV6_PA_VALIDATION include both outbound and inbound direction entries?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Currently, there is no distinction between inbound/outbound PA Validation entries on SAI/DASH level.
attr.value.u32 = SAI_PA_VALIDATION_ENTRY_ACTION_PERMIT; | ||
|
||
statuses.emplace_back(); | ||
bulker.create_entry(&statuses.back(), &sai_entry, attr_count, &attr); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How do we decrement vni_map refcount if there is any failure in SAI addition?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The SAI failure leads to the abort(), so reverting the refcount/CRM right before that doesn't have a lot of value.
sonic-swss/orchagent/saihelper.cpp
Line 621 in 1847195
handleSaiFailure(true); |
If you prefer to have it (for consistency/clarity) please let me know, and I'll add it.
|
||
SWSS_LOG_ENTER(); | ||
|
||
statuses.reserve(toCreate.size() + toRemove.size()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should we check PA validation CRM before calling bulk addition?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The CRM checks are done by the CRM Orch, while the Orchs that are adding/removing the resources just update the usage. The API of CRM Orch:
sonic-swss/orchagent/crmorch.h
Lines 73 to 90 in 1847195
void incCrmResUsedCounter(CrmResourceType resource); | |
void decCrmResUsedCounter(CrmResourceType resource); | |
// Increment "used" counter for the ACL table/group CRM resources | |
void incCrmAclUsedCounter(CrmResourceType resource, sai_acl_stage_t stage, sai_acl_bind_point_type_t point); | |
// Decrement "used" counter for the ACL table/group CRM resources | |
void decCrmAclUsedCounter(CrmResourceType resource, sai_acl_stage_t stage, sai_acl_bind_point_type_t point, sai_object_id_t oid); | |
// Increment "used" counter for the per ACL table CRM resources (ACL entry/counter) | |
void incCrmAclTableUsedCounter(CrmResourceType resource, sai_object_id_t tableId); | |
// Decrement "used" counter for the per ACL table CRM resources (ACL entry/counter) | |
void decCrmAclTableUsedCounter(CrmResourceType resource, sai_object_id_t tableId); | |
// Increment "used" counter for the EXT table CRM resources | |
void incCrmExtTableUsedCounter(CrmResourceType resource, std::string table_name); | |
// Decrement "used" counter for the EXT table CRM resources | |
void decCrmExtTableUsedCounter(CrmResourceType resource, std::string table_name); | |
// Increment "used" counter for the per DASH ACL CRM resources (ACL group/rule) | |
void incCrmDashAclUsedCounter(CrmResourceType resource, sai_object_id_t groupId); | |
// Decrement "used" counter for the per DASH ACL CRM resources (ACL group/rule) | |
void decCrmDashAclUsedCounter(CrmResourceType resource, sai_object_id_t groupId); |
} | ||
|
||
SWSS_LOG_ERROR("Failed to create PA validation entry for VNI %u IP %s", entry.vni, entry.address.to_string().c_str()); | ||
task_process_status handle_status = handleSaiCreateStatus((sai_api_t) SAI_API_DASH_PA_VALIDATION, status); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
handle refcount here for any failures?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The same as above, if you prefer to revert the refcount/CRM before the abort(), let me know.
@@ -310,7 +325,7 @@ bool DashVnetOrch::addOutboundCaToPa(const string& key, VnetMapBulkContext& ctxt | |||
else | |||
{ | |||
SWSS_LOG_ERROR("Invalid encap type %d for %s", action.encap_type(), key.c_str()); | |||
return false; | |||
return true; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why true?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The true
means "error", so it will be removed from m_toSync.
While false
means "ok, proceed" or "wait for another resource that is not yet available", not removing from the m_toSync.
sonic-swss/orchagent/dash/dashvnetorch.cpp
Lines 737 to 744 in 1847195
if (addVnetMap(key, ctxt)) | |
{ | |
it = consumer.m_toSync.erase(it); | |
} | |
else | |
{ | |
it++; | |
} |
// Remove all the entries for 100, the one created by VnetOrch should still be active | ||
config = PaValidaionConfig {"100", {}}; | ||
doConfig(pa, { }, { config }); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we add CRM test as well?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added
This fixes a bug when adding a VNET map doesn't go to the addVnetMapPost() flow. The reason is that the addVnetMap() returns 'true' for normal flow, while it should return 'false' to keep the task is in the m_toSync for a post processing flow. Signed-off-by: Yakiv Huryk <[email protected]>
* new DASH PA Validation orch is responsible for PA Validation table processing * VnetOrch now uses the new orch to create/remove PA Validation entries * update sai mock infrastructure to support dash api * add mock tests for DASH PA Validation orch
5b4c5d0
to
9b7a7f6
Compare
What I did
Why I did it
To support DASH PA Validation table configuration
How I verified it
Added new unit test (dashpavalidation_ut)
Details if related