Skip to content

[ebtables] install ebtables in base image and install filter rules#2805

Merged
yxieca merged 1 commit intosonic-net:masterfrom
yxieca:ebtables
May 9, 2019
Merged

[ebtables] install ebtables in base image and install filter rules#2805
yxieca merged 1 commit intosonic-net:masterfrom
yxieca:ebtables

Conversation

@yxieca
Copy link
Copy Markdown
Contributor

@yxieca yxieca commented Apr 19, 2019
edited
Loading

- What I did

  • Add ebtables package, and install some filter rules:
    1. ebtables -A FORWARD -d BGA -j DROP
    2. ebtables -A FORWARD -p ARP -j DROP

Basically, we let the ARP packets in the VLAN being forwarded by the ASIC,
kernel gets a copy of these ARP packets and the forwarding from Kenerl gets
dropped. So there is always only one copy of ARP/response in the VLAN.

Signed-off-by: Ying Xie ying.xie@microsoft.com

- Dependencies

- General information
This PR changes how SONiC handles ARP/response packet in VLAN. All vendor SAIs should move to SAI head version v1.3.7 (tag) or later, and make sure that trap action 'copy' is supported.

- How to verify it

  • warm reboot test keeps track of number of ARP packets get forwarded in the VLAN. The number should be always one(1) before/during/after warm reboot.

@yxieca
[ebtables] install ebtables in base image and install filter rules
0e841a5 
- Add ebtables package, and install some filter rules:
  1. ebtables -A FORWARD -d BGA -j DROP
  2. ebtables -A FORWARD -p ARP -j DROP

Basically, we let the ARP packets in the VLAN being forwarded by the ASIC,
kernel gets a copy of these ARP packets and the forwarding from Kenerl gets
dropped. So there is always only one copy of ARP/response in the VLAN.

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
@lguohan
Copy link
Copy Markdown
Collaborator

lguohan commented Apr 19, 2019

it needs SAI supports.

@yxieca yxieca merged commit 9efcf17 into sonic-net:master May 9, 2019
@yxieca yxieca deleted the ebtables branch May 9, 2019 16:44
MichelMoriniaux pushed a commit to criteo-forks/sonic-buildimage that referenced this pull request May 28, 2019
@yxieca @MichelMoriniaux
[ebtables] install ebtables in base image and install filter rules (s…
4cf8457 
…onic-net#2805)

- Add ebtables package, and install some filter rules:
  1. ebtables -A FORWARD -d BGA -j DROP
  2. ebtables -A FORWARD -p ARP -j DROP

Basically, we let the ARP packets in the VLAN being forwarded by the ASIC,
kernel gets a copy of these ARP packets and the forwarding from Kenerl gets
dropped. So there is always only one copy of ARP/response in the VLAN.

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
@prsunny prsunny mentioned this pull request Feb 8, 2020
Merged
mssonicbld added a commit that referenced this pull request Jun 13, 2023
@mssonicbld
[submodule] Update submodule sonic-swss to the latest HEAD automatica…
4098a90 
…lly (#15441)

#### Why I did it
src/sonic-swss
```
* bccb1cc - (HEAD -> 202211, origin/202211) [202211] [sflowmgrd] Infer sampling rate dynamically based on oper speed (#2805) (4 hours ago) [Vivek]
```
#### How I did it
#### How to verify it
#### Description for the changelog
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lguohan lguohan lguohan approved these changes

@prsunny prsunny prsunny approved these changes

+1 more reviewer

@andriymoroz-mlnx andriymoroz-mlnx andriymoroz-mlnx approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

Enhancement ➕ Included in 201811 Branch Request for 201811 Branch :shipit:

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@yxieca @lguohan @prsunny @andriymoroz-mlnx