Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Different ACL ingress bindings to different interfaces is creating different groups #42

Open
Tejaswi-Goel opened this issue Jul 24, 2019 · 2 comments
Open

Different ACL ingress bindings to different interfaces is creating different groups #42

Tejaswi-Goel opened this issue Jul 24, 2019 · 2 comments
Assignees
@abhishekd-brcm

Comments

@Tejaswi-Goel
Copy link
Collaborator

Tejaswi-Goel commented Jul 24, 2019
edited by jeff-yin
Loading

Different ACL ingress bindings to different interfaces is creating different groups in hardware but we expect them to be in one group:

a CLI COMMANDS:

sonic(config-ipv4-acl)# do show ip access-lists  
ip access-list test1
     1 permit tcp 4.4.4.4/24 5.5.5.5/24
ip access-list test2
     2 permit tcp 6.6.6.6/24 8.8.8.8/24

sonic(config-ipv4-acl)# do show ip access-group
Ingress IP access-list test1 on Ethernet1
Ingress IP access-list test2 on Ethernet2

b: HARDWARE CONFIG CHECK:

**GID          6: gid=0x6**, instance=0 mode=Single, stage=Ingress lookup=Enabled, ActionResId={-1}, pbmp={0x00000000000000000000000000000000000000000000000000000001ffffffff}^M
         qset={SrcIp, DstIp, InPorts, RangeCheck, L4SrcPort, L4DstPort, EtherType, IpProtocol, TcpControl, IpType, Stage, StageIngress, IcmpTypeCode, _RangeCheckBits24_31},^M
         selcodes[0]=^M
{^M
         FPF1=4^M
         FPF2=0^M
         FPF3=7^M
         InterfaceClassSelect=3^M
         TcpClassSelect=0^M
         Intraslice=Primary slice.^M
 {_RangeCheckBits24_31->IpType->InPorts->RangeCheck->Stage->StageIngress->DstIp->SrcIp->L4SrcPort->IcmpTypeCode->L4DstPort->TcpControl->EtherType->IpProtocol},^M
^M
         group_priority= -2147483647^M
         slice_primary =  {slice_number=3, Entry count=512(0x200), Entry free=511(0x1ff)},^M
         group_status={prio_min=65534, prio_max=2147483647, entries_total=2304, entries_free=2303,^M
                       counters_total=2304, counters_free=2303, meters_total=4096, meters_free=3584}^M
EID 0x00000096: gid=0x6,^M
         slice=3, slice_idx=0, part =0 prio=0xfffe, flags=0x210602, Installed, Enabled^M
              tcam: color_indep=1, ^M
 Stage ^M
 StageIngress ^M
 DstIp ^M
    Offset0: 72 Width0: 32 ^M
    DATA=0x05050500 ^M
    MASK=0xffffff00 ^M
 SrcIp ^M
    Offset0: 104 Width0: 32 ^M
    DATA=0x04040400 ^M
    MASK=0xffffff00 ^M
 IpProtocol ^M
    Offset0: 64 Width0: 8 ^M
    DATA=0x00000006 ^M
    MASK=0x000000ff ^M
         action={act=DropCancel, param0=0(0), param1=0(0), param2=0(0), param3=0(0)}^M
         policer=^M
         statistics={stat id 129  slice = 3 idx=0 entries=1}{Bytes}{Packets}^M
**GID          7: gid=0x7**, instance=0 mode=Single, stage=Ingress lookup=Enabled, ActionResId={-1}, pbmp={0x00000000000000000000000000000000000000000000000000000001ffffffff}^M
         qset={SrcIp, DstIp, InPorts, RangeCheck, L4SrcPort, L4DstPort, EtherType, IpProtocol, TcpControl, IpType, Stage, StageIngress, IcmpTypeCode, _RangeCheckBits24_31},^M
         selcodes[0]=^M
{^M
         FPF1=4^M
         FPF2=0^M
         FPF3=7^M
         InterfaceClassSelect=3^M
         TcpClassSelect=0^M
         Intraslice=Primary slice.^M
 {_RangeCheckBits24_31->IpType->InPorts->RangeCheck->Stage->StageIngress->DstIp->SrcIp->L4SrcPort->IcmpTypeCode->L4DstPort->TcpControl->EtherType->IpProtocol},^M
^M
         group_priority= -2147483647^M
         slice_primary =  {slice_number=4, Entry count=256(0x100), Entry free=255(0xff)},^M
         group_status={prio_min=65533, prio_max=2147483647, entries_total=2048, entries_free=2047,^M
                       counters_total=2048, counters_free=2047, meters_total=4096, meters_free=3584}^M
EID 0x00000097: gid=0x7,^M
         slice=4, slice_idx=0, part =0 prio=0xfffd, flags=0x210602, Installed, Enabled^M
              tcam: color_indep=1, ^M
 Stage ^M
 StageIngress ^M
 DstIp ^M
    Offset0: 72 Width0: 32 ^M
    DATA=0x08080800 ^M
    MASK=0xffffff00 ^M
 SrcIp ^M
    Offset0: 104 Width0: 32 ^M
    DATA=0x06060600 ^M
    MASK=0xffffff00 ^M
 IpProtocol ^M
    Offset0: 64 Width0: 8 ^M
    DATA=0x00000006 ^M
    MASK=0x000000ff ^M
         action={act=DropCancel, param0=0(0), param1=0(0), param2=0(0), param3=0(0)}^M
         policer=^M
         statistics={stat id 130  slice = 4 idx=0 entries=1}{Bytes}{Packets}^M
^M^M
@sachinholla
Copy link
Collaborator

Apparently this is how ACL orcagent behaves today.. It is written specifically for MSFT usecases. Broadcom team is targeting to revamp ACL infra in next release (Buzznik).

@jeff-yin
Copy link
Collaborator

Shouldn't we leave this issue open if the behavior isn't resolved? It'll just be open for a long time, but that's ok...

@jeff-yin jeff-yin reopened this Jul 25, 2019
dell-engops pushed a commit that referenced this issue Feb 18, 2022
@sameerlokray
Merge pull request #42 from e-sonic/merge-0217/broadcom_sonic_share-t…
f9edd88 
…o-dell_sonic_share

sync from broadcom_sonic_share to dell_sonic_share - 0217
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@abhishekd-brcm abhishekd-brcm

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Tejaswi-Goel @jeff-yin @abhishekd-brcm @sachinholla