Skip to content

[acl] Extend the ACL scripts to cover egress ACL#806

Merged
liat-grozovik merged 4 commits intosonic-net:masterfrom
wangxin:acl-pr
May 21, 2019
Merged

[acl] Extend the ACL scripts to cover egress ACL#806
liat-grozovik merged 4 commits intosonic-net:masterfrom
wangxin:acl-pr

Conversation

@wangxin
Copy link
Copy Markdown
Collaborator

@wangxin wangxin commented Feb 12, 2019

  1. Extended the ACL scripts to cover egress ACL testing:
    • Added new code to cover egress ACL configuration and testing
    • Added a acl_facts module for collecting ACL facts including ACL
      counters
    • Added code for checking ACL counters after PTF run
  2. Improved the existing ACL scripts:

Signed-off-by: Xin Wang xinw@mellanox.com

Description of PR

Summary:
Fixes # (issue)

This is a big change of the existing ACL scripts:

  1. Added case for testing egress ACL
  2. Made a lot of improvements to the existing ACL

For more detailed information about this change, please refer to this document for now: https://github.com/wangxin/SONiC/blob/acl/doc/acl/ACL-egress-test-plan.md

Type of change

  • [] Bug fix
  • [] Testbed and Framework(new/improvement)
  • [*] Test case(new/improvement)

Approach

How did you do it?

  • Made significant changes to the existing ansible and PTF scripts.
  • Added new ACL rules. Optimized the values of the ACL rules.
  • Added a new acl_facts ansible module for collecting ACL facts including ACL counters

How did you verify/test it?

Tested ingress ACL on mellanox platform using public image.
Tested egress ACL on mellanox platform using internally built image. The public image from master branch will support egress ACL soon. Merging of the PR for adding egress capability is in progress.

Any platform specific information?

Supported testbed topology if it's a new test case?

Same as existing ACL scripts, supported topology: t1, t1-lag, t1-64-lag

Documentation

For more details, please refer to this document for now: https://github.com/wangxin/SONiC/blob/acl/doc/acl/ACL-egress-test-plan.md

I will update this document to the SONiC wiki.

[acl] Extend the ACL scripts to cover egress ACL
b8cde6e 
1. Extended the ACL scripts to cover egress ACL testing:
   * Added new code to cover egress ACL configuration and testing
   * Added a acl_facts module for collecting ACL facts including ACL
     counters
   * Added code for checking ACL counters after PTF run
2. Improved the existing ACL scripts:
   * Added more ACL rules and cases for testing the drop action
   * Fixed issue #708
   * Improved the logging and reporting of the PTF script
   * Covered adding ACL table

Signed-off-by: Xin Wang <xinw@mellanox.com>
@stcheng stcheng self-requested a review February 13, 2019 21:35
@liat-grozovik
Copy link
Copy Markdown
Collaborator

liat-grozovik commented Feb 25, 2019

@lguohan anyone can review the PR? this is a feature as part of 03/2019 release which was merged and ansible test is required for full functionality guarantee.

@wangxin wangxin mentioned this pull request Feb 25, 2019
Merged
@liat-grozovik liat-grozovik requested a review from lguohan March 13, 2019 17:05
stcheng
stcheng reviewed Apr 1, 2019
View reviewed changes
ansible/roles/test/files/acstests/acltb_test.py
exp_pkt = exp_pkt0.copy()
direction = ", " + direction

print("\nPort to sent packets to:")
Copy link
Copy Markdown
Contributor

@stcheng stcheng Apr 1, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

make these two outputs in one line

@stcheng
Copy link
Copy Markdown
Contributor

stcheng commented Apr 1, 2019

the change looks good to me. still I wonder if it is possible to split the test into at least three parts:

  1. regular ACL test
  2. test with interface toggle
  3. test with switch reboot

This will make each sub test shorter and easy for re-run. It could be adding some arguments to pick which one or all three to run at the same time.

could you also provide the test result for mellanox platforms for all various topologies?

stcheng
stcheng suggested changes Apr 1, 2019
View reviewed changes
Copy link
Copy Markdown
Contributor

@stcheng stcheng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

split the whole test into three smaller pieces

@wangxin
Copy link
Copy Markdown
Collaborator Author

wangxin commented Apr 1, 2019

Thanks Shuotian for the review! Splitting the test into 3 parts is a good idea. I'll update according and push new commits. Test results on Mellanox platforms for various topologies will be attached after I completed the changing.

Xin Wang and others added 3 commits April 10, 2019 10:43
[acl] Update the acl_facts module for new output format of 'aclshow'
6fa18fd 
Output format of 'aclshow' command has been changed. Two columns are
removed: TYPE, ACTION. The acl_facts module need to be updated
accordingly.

Signed-off-by: Xin Wang <xinw@mellanox.com>
[acl] Split the acl testing into 3 pieces
71b7306 
The acl testing is split into 3 pieces:
* basic: basic acl testing
* port_toggle: toggle the ports and run acl testing
* reboot: reboot the dut and run acl testing
Parameters can be passed in to specify which piece to run

Added acl rules allowing BGP in config part1 to avoid BGP flapping

Signed-off-by: Xin Wang <xinw@mellanox.com>
@wangxin
Merge branch 'master' into acl-pr
47691a6
@wangxin
Copy link
Copy Markdown
Collaborator Author

wangxin commented Apr 10, 2019

@stcheng I have updated the acl scripts and splitted into 3 pieces. Could you please help review again?
Attached test results on Mellanox platforms for t1 and t1-lag topologies.

acl_ansible_log_ingress_egress_t1.log
acl_ansible_log_ingress_egress_t1-lag.log

@liat-grozovik liat-grozovik merged commit f485596 into sonic-net:master May 21, 2019
@wangxin wangxin deleted the acl-pr branch May 24, 2019 03:32
deerao02 pushed a commit to deerao02/sonic-mgmt that referenced this pull request Dec 18, 2025
@mssonicbld
[action] [PR:21109] [everflow][sn5640]: Add Mellanox ASIC skip condit…
e439373 
…ion for everflow IPv6 erspan_ipv6-default test (sonic-net#806)

<!--
Please make sure you've read and understood our contributing guidelines;
https://github.com/sonic-net/SONiC/blob/gh-pages/CONTRIBUTING.md

Please provide following information to help code review process a bit easier:
-->
### Description of PR
<!--
- Please include a summary of the change and which issue is fixed.
- Please also include relevant motivation and context. Where should reviewer start? background context?
- List any dependencies that are required for this change.
-->

Summary: Add Mellanox ASIC skip condition to the exact match rule for test_everflow_per_interface[ipv6-erspan_ipv6-default] because exact match rules have higher priority than prefix match rules, causing the test to ignore the Mellanox skip condition in the prefix match configuration.

Fixes # (issue)

### Type of change

<!--
- Fill x for your type of change.
- e.g.
- [x] Bug fix
-->

- [ ] Bug fix
- [ ] Testbed and Framework(new/improvement)
- [ ] New Test case
 - [x] Skipped for non-supported platforms
- [ ] Test case improvement

### Back port request
- [ ] 202205
- [ ] 202305
- [ ] 202311
- [ ] 202405
- [x] 202411
- [ ] 202505

### Approach
#### What is the motivation for this PR?
Skip everflow per interface IPv6 test on Mellanox ASICs
#### How did you do it?
Add Mellanox ASIC skip condition to the exact match rule for test_everflow_per_interface[ipv6-erspan_ipv6-default] because exact match rules have higher priority than prefix match rules, causing the test to ignore the Mellanox skip condition in the prefix match configuration.

#### How did you verify/test it?
```
================================================== short test summary info ===================================================
SKIPPED [1] everflow/test_everflow_per_interface.py: SAI_STATUS_NOT_SUPPORTED for everflow over IPv6 on Arista-7260CX3 and Arista-7060CX. Skip everflow per interface IPv6 test on unsupported platforms
=============================================== 1 skipped, 1 warning in 54.18s ===============================================
```
#### Any platform specific information?
str5-sn5640-2
#### Supported testbed topology if it's a new test case?
t0-isolated-d32u32s2
### Documentation
<!--
(If it's a new feature, new test case)
Did you update documentation/Wiki relevant to your implementation?
Link to the wiki page?
-->
kazinator-arista pushed a commit to kazinator-arista/sonic-mgmt that referenced this pull request Mar 4, 2026
@shi-su @daall
[sonic-sairedis] Update submodule (sonic-net#7202)
3e8022c 
1906fdf [pyext] Update Makefile to disable warning Wconversion for older swig (sonic-net#817)
1dbcaeb Remove gbsyncd_startup.py (sonic-net#813)
0372615 [vslib] Refresh queue pause status (sonic-net#814)
00d883c [sairedis] Add sai_dbg_generate_dump api to redis interface (sonic-net#811)
8585803 [sairedis] Unlock api mutex for communication mode (sonic-net#812)
c69549a [pyext] Add SWIG sairedis python submodule (sonic-net#806)
kazinator-arista pushed a commit to kazinator-arista/sonic-mgmt that referenced this pull request Mar 4, 2026
@yxieca
[201811 sub module] update swss, swss-common sub modules (sonic-net#2652
898a5ac 
)

Submodule src/sonic-swss 4b489ce..90eb25d:
  > [portsorch] fix bug in speed set (sonic-net#806)

Submodule src/sonic-swss-common 2592b0c..c674e64:
  > Add multiple fields hdel support (sonic-net#267)
  > Update PFC_WD table name in CONFIG_DB (sonic-net#266)

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lguohan lguohan Awaiting requested review from lguohan

1 more reviewer

@stcheng stcheng stcheng approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

Enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@wangxin @liat-grozovik @stcheng