sonic-swss icon indicating copy to clipboard operation
sonic-swss copied to clipboard

Published 20 hours ago verified publisher icon sonic-net

[ACL] Inconsistency between ASIC and config DB

Open liorghub opened this issue 3 years ago • 1 comments

Performing the bellow commands will cause to inconsistency between ASIC and config DB.

config acl add table -p Ethernet72 -s ingress DATAACL L3 config acl update full /tmp/56521_acl_file.json config acl add table -p Ethernet72 -s egress DATAACL L3

At this point, ASIC is configured with ACL table DATAACL with no rules but in config DB, table DATAACL exist with rules.

redis-cli -n 4 keys *ACL*

  1. "ACL_RULE|DATAACL|DEFAULT_RULE"
  2. "ACL_RULE|DATAACL|RULE_2"
  3. "ACL_RULE|DATAACL|RULE_1"
  4. "ACL_TABLE|DATAACL"
  5. "FLEX_COUNTER_TABLE|ACL"

redis-cli -n 4 hgetall "ACL_RULE|DATAACL|RULE_2"

  1. "ETHER_TYPE"
  2. "2048"
  3. "PACKET_ACTION"
  4. "FORWARD"
  5. "PRIORITY"
  6. "9998"
  7. "SRC_IP"
  8. "0.0.0.0/0"

redis-cli -n 4 hgetall "ACL_RULE|DATAACL|RULE_1"

  1. "ETHER_TYPE"
  2. "2048"
  3. "PACKET_ACTION"
  4. "DROP"
  5. "PRIORITY"
  6. "9999"
  7. "SRC_IP"
  8. "1.0.1.1/32"

liorghub avatar Mar 16 '22 15:03 liorghub

56521_acl_file.json.txt

liorghub avatar Mar 16 '22 15:03 liorghub