sonic-utilities
sonic-utilities copied to clipboard
sonic-net
[ACL-Multi NPU] Config ACL add table with an Ethernet interface, without NameSpace is failing.
Description
Configuring ACL table and associating it with an Ethernet interface, without NameSpace is failing.
The issue is specific to Multi NPU/T2 topology. Base configuration is deployed using Minigraph.
Steps to reproduce the issue
switch@sfd-vt2-lc0:~$ sudo config acl add table DATA_INGRESS_IPV4_TEST L3 -s ingress -p PortChannel1010,PortChannel1012,PortChannel104,PortChannel106,PortChannel102,PortChannel108,PortChannel1020,PortChannel1016,Ethernet18 Usage: config acl add table [OPTIONS] <table_name> <table_type> Try "config acl add table -h" for help. Error: Failed to parse ACL table config: exception=Cannot bind ACL to specified port Ethernet18
switch@sfd-vt2-lc0:~$
Describe the results you received
The config/main.py script pulls the interfaces from the config DB and checks the list of valid interface including Portchannels and Ethernet Interfaces. The Ethernet interfaces pulled from the config db is in “Eth0/x/y” alias format, and it is compared with “Ethernet18” and the config script fails with the error “Failed to parse ACL table config: exception=Cannot bind ACL to specified port Ethernet18”.
Describe the results you expected
Additional information you deem important (e.g. issue happens only occasionally)
Code Snippet: /usr/local/lib/python3.9/dist-packages/config/main.py
….def table try: table_info = parse_acl_table_info(table_name, table_type, description, ports, stage) except ValueError as e: ctx.fail("Failed to parse ACL table config: exception={}".format(e))
….def parse_acl_table_info
for port in port_list:
if port not in valid_acl_ports:
raise ValueError("Cannot bind ACL to specified port {}".format(port))
Snippet from the interfaces pulled from DB: printed below are the interfaces from valid_acl_ports list… ['Eth0/1/12', 'PortChannel1012', 'Ethernet-BP2260', 'Ethernet-BP2222', 'Ethernet-BP2254', 'PortChannel102', 'Ethernet-BP2214', 'Ethernet-BP2274', 'Ethernet-BP2286', 'Ethernet-BP2184', 'Ethernet-BP2244', 'Ethernet-BP2210', 'PortChannel1020', 'Ethernet-BP2252', 'Ethernet-BP2198', 'Ethernet-BP2186', 'Eth0/1/21', 'Ethernet-BP2294', 'Ethernet-BP2262', 'Eth0/1/22', 'Ethernet-BP2226', 'PortChannel1016', 'Eth0/1/18', 'Ethernet-BP2236', 'Ethernet-BP2194',
It works fine when we have a namespace/ASIC instance associated with the configuration, issue Is seen only when trying to configure globally without Namespace/ASIC instance.
Output of show version
switch@localhost:~$ show version
SONiC Software Version: SONiC.azure_cisco_master.817-dirty-20220512.061558
Distribution: Debian 11.3
Kernel: 5.10.0-8-2-amd64
Build commit: 8af3b298e
Build date: Thu May 12 16:18:50 UTC 2022
Built by: jenkins@sonic-ci-15-lnx
Platform: x86_64-88_lc0_36fh_mo-r0
HwSKU: 88-LC0-36FH-MO
ASIC: cisco-8000
ASIC Count: 3
Serial Number: FOC2504PJ79; FOC2504PJ79
Model Number: 88-LC0-36FH-MO; 88-LC0-36FH-MO
Hardware Revision: 0.60; 0.60
Uptime: 21:19:19 up 1:24, 1 user, load average: 0.18, 0.71, 0.96
Date: Sun 20 Mar 2022 21:19:19
Docker images:
REPOSITORY TAG IMAGE ID SIZE
docker-dhcp-relay latest 4135b034eeb1 444MB
docker-sonic-telemetry azure_cisco_master.817-dirty-20220512.061558 891c67f41b42 515MB
docker-sonic-telemetry latest 891c67f41b42 515MB
docker-router-advertiser azure_cisco_master.817-dirty-20220512.061558 d755b06a99f1 435MB
docker-router-advertiser latest d755b06a99f1 435MB
docker-platform-monitor azure_cisco_master.817-dirty-20220512.061558 b3d21b9d8640 558MB
docker-platform-monitor latest b3d21b9d8640 558MB
docker-mux azure_cisco_master.817-dirty-20220512.061558 de780fa1b3a5 483MB
docker-mux latest de780fa1b3a5 483MB
docker-macsec azure_cisco_master.817-dirty-20220512.061558 a4b93fe6f8d1 453MB
docker-macsec latest a4b93fe6f8d1 453MB
docker-database azure_cisco_master.817-dirty-20220512.061558 93a24347fa67 435MB
docker-database latest 93a24347fa67 435MB
docker-teamd azure_cisco_master.817-dirty-20220512.061558 949a972295ea 420MB
docker-teamd latest 949a972295ea 420MB
docker-syncd azure_cisco_master.817-dirty-20220512.061558 5a29389db8fc 927MB
docker-syncd latest 5a29389db8fc 927MB
docker-sonic-mgmt-framework azure_cisco_master.817-dirty-20220512.061558 fe6ec36e904b 550MB
docker-sonic-mgmt-framework latest fe6ec36e904b 550MB
docker-snmp azure_cisco_master.817-dirty-20220512.061558 301caa576dd4 449MB
docker-snmp latest 301caa576dd4 449MB
docker-sflow azure_cisco_master.817-dirty-20220512.061558 2682786c1459 421MB
docker-sflow latest 2682786c1459 421MB
docker-orchagent azure_cisco_master.817-dirty-20220512.061558 7683f8bd4e63 439MB
docker-orchagent latest 7683f8bd4e63 439MB
docker-nat azure_cisco_master.817-dirty-20220512.061558 566d4e9eb33b 423MB
docker-nat latest 566d4e9eb33b 423MB
docker-lldp azure_cisco_master.817-dirty-20220512.061558 0943ace03eef 446MB
docker-lldp latest 0943ace03eef 446MB
docker-gbsyncd-cisco azure_cisco_master.817-dirty-20220512.061558 1b1d4fb223a5 427MB
docker-gbsyncd-cisco latest 1b1d4fb223a5 427MB
docker-fpm-frr azure_cisco_master.817-dirty-20220512.061558 af5c3959eb1b 439MB
docker-fpm-frr latest af5c3959eb1b 439MB
switch@localhost:~$
