Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

mgmt_vrf_namespace2: Repeating management vrf using namespace solutio… #2431

Closed
wants to merge 1 commit into from
Closed

mgmt_vrf_namespace2: Repeating management vrf using namespace solutio… #2431

wants to merge 1 commit into from

Conversation

kannankvs
Copy link
Collaborator

@kannankvs kannankvs commented Jan 10, 2019

- What I did
Added support for management VRF using namespace solution.
Requirements that are covered are explained in the design document. Enhancements required to support tacacs and snmptrap are also added. Enhanced the configuration for using --use-mgmt-vrf for tacacs server & snmptrap server configuration on top of namespace based solution for management VRF to configure the required rules for namespace solution.
Two PRs are raised, one for sonic-buildimage (this PR#2431) and other for sonic-utilities (sonic-net/sonic-utilities#431).
- How I did it
Added commands to enable/disable the management VRF. On enabling, it creates the management namespace, attached eth0 to management namespace, creates the required iptables rules and restarts the networking service. Detailed design is explained in the design document https://github.com/kannankvs/mvrf_namespace/blob/master/Management%20VRF%20Design%20Document%20Namespace.md. Namespace solution requires DNAT as explained in the design document. hostcfgd is enhanced to support maximum of 10 tacacs servers. Mapping between the user configured tacacs server IP/port and internally used local IP/port are maintained in this file for adding and deleting those NAT rules. For supporting snmptrap configuration, enhanced main.py & created sonic_snmp_trap_conf.py to configure the snmptrap server IP address/port and enhanced the file docker_image_ctl.j2 to create the required /usr/bin/snmp.sh script that adds the required DNAT rules during snmp service restart process.
- How to verify it
Use the following commands to enable/disable mgmt vrf and test the basic management VRF features.
config vrf add mgmt
config vrf del mgmt
config interface eth0 ip add ip/mask gatewayIP
Ex: config interface eth0 ip add 10.16.206.11/24 10.16.206.1
Using the above configuration, all applications like Ping, SSH, SCP, apt-get, etc., can be tested on management VRF using “ip netns exec mgmt COMMAND” as explained in the design document.
Use the following steps to test tacacs.

  1. First, checkout all the modified files and build an image with these changes.
  2. With the new image, enable mgmt vrf using command "config vrf add mgmt" and configure tacacs client using following commands.
    (a) config aaa authentication login tacacs+
    (b) config tacacs authtype login
    (c) config tacacs passkey testing123
    (d) config tacacs add --use-mgmt-vrf serveripaddress
  3. Configure the tacacs server accordingly.
  4. Then, do SSH to the device and verify that the user is authenticated using tacacs server via the management VRF port eth0.
    Use the following steps to test snmptrap.
  5. First, checkout all the modified files and build an image with these changes.
  6. Use the command “config snmptrap modify snmp_version snmptrapserver_ipaddress” (ex: config snmptrap modify 2 10.11.150.7) and listen for the traps in the trapserver.
  7. When the above command is configured, it restarts the snmp service. Netsnmp service sends few traps during bootup sequence that can be viewed in the trapserver.

@batmancn
Copy link

batmancn commented Jan 11, 2019

Added this patch,

  1. why I could not ssh onto SONiC, after restart by /usr/bin/interfaces-config.sh.
  • NOT work on kernel 3.16, which I fork from 201807, bellow is debug info.
  • Same patch works on kernel 4.9, which forked from 201811.
  • ping is OK
$ ping 172.18.8.213
PING 172.18.8.213 (172.18.8.213): 56 data bytes
64 bytes from 172.18.8.213: icmp_seq=0 ttl=62 time=4.716 ms
64 bytes from 172.18.8.213: icmp_seq=1 ttl=62 time=3.122 ms
  • This is sshd status
root@sonic:~# /etc/init.d/ssh status
� ssh.service - OpenBSD Secure Shell server
   Loaded: loaded (/lib/systemd/system/ssh.service; enabled)
   Active: active (running) since Thu 2016-11-10 18:42:51 UTC; 6min ago
  Process: 5496 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
  Process: 5910 ExecStartPre=/usr/local/bin/host-ssh-keygen.sh (code=exited, status=0/SUCCESS)
 Main PID: 5913 (sshd)
   CGroup: /system.slice/ssh.service

Nov 10 18:42:51 sonic systemd[1]: Started OpenBSD Secure Shell server.
Nov 10 18:42:51 sonic sshd[5913]: Server listening on 0.0.0.0 port 22.
  • This is sshd log
Nov 10 18:17:20.749788 sonic INFO sshd[354]: Server listening on 0.0.0.0 port 22.
Nov 10 18:17:21.962811 sonic INFO sshd[354]: Received SIGHUP; restarting.
Nov 10 18:17:21.973555 sonic INFO sshd[354]: Server listening on 0.0.0.0 port 22.
Nov 10 18:17:36.266890 sonic INFO sshd[354]: Received SIGHUP; restarting.
Nov 10 18:17:36.274502 sonic INFO sshd[354]: Server listening on 0.0.0.0 port 22.
Nov 10 18:17:37.518905 sonic INFO sshd[354]: Received SIGHUP; restarting.
Nov 10 18:17:37.527136 sonic INFO sshd[354]: Server listening on 0.0.0.0 port 22.
Nov 10 18:20:43.041321 sonic INFO sshd[354]: Received signal 15; terminating.
Nov 10 18:20:43.060297 sonic INFO sshd[5665]: Server listening on 0.0.0.0 port 22.
Nov 10 18:20:52.537150 sonic INFO sshd[5665]: Received signal 15; terminating.
Nov 10 18:20:52.563828 sonic INFO sshd[5684]: Server listening on 0.0.0.0 port 22.
Nov 10 18:41:38.805387 sonic INFO sshd[5684]: Received signal 15; terminating.
Nov 10 18:41:53.800973 sonic INFO sshd[5864]: Server listening on 0.0.0.0 port 22.
Nov 10 18:42:51.422850 sonic INFO sshd[5864]: Received signal 15; terminating.
Nov 10 18:42:51.441402 sonic INFO sshd[5913]: Server listening on 0.0.0.0 port 22.
  • This is some information
root@sonic:~# cat /etc/network/interfaces
auto if2
iface if2 inet manual
   peer-netns mgmt
   peer-iface if1
   configure-interfaces yes
   if1-ip 127.100.100.1
   if1-prefixlen 24
   if2-ip 127.100.100.2
   if2-prefixlen 24
   mgmt-vrf-chain MgmtVrfChain

root@sonic:~# ip netns exec mgmt iptables -L -t nat
target     prot opt source               destination
SNAT       tcp  --  anywhere             anywhere             to:127.100.100.1:62000-65000
SNAT       udp  --  anywhere             anywhere             to:127.100.100.1:62000-65000
MASQUERADE  all  --  anywhere             anywhere

Chain MgmtVrfChain (1 references)
target     prot opt source               destination
DNAT       tcp  --  anywhere             anywhere             tcp dpt:ssh to:127.100.100.2
DNAT       tcp  --  anywhere             anywhere             tcp dpt:ftp-data to:127.100.100.2
DNAT       tcp  --  anywhere             anywhere             tcp dpt:ftp to:127.100.100.2
DNAT       udp  --  anywhere             anywhere             udp dpt:snmp to:127.100.100.2
DNAT       udp  --  anywhere             anywhere             udp dpt:tftp to:127.100.100.2
DNAT       tcp  --  anywhere             anywhere             tcp dpt:http to:127.100.100.2
DNAT       tcp  --  anywhere             anywhere             tcp dpt:https to:127.100.100.2
root@sonic:~# ip netns exec mgmt ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 50:6b:4b:27:b1:8e brd ff:ff:ff:ff:ff:ff
64: if1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 66:33:24:f4:f0:38 brd ff:ff:ff:ff:ff:ff
  • tcpdump show only ssh request exist
root@sonic:~# tcpdump -i if2 -nneA
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on if2, link-type EN10MB (Ethernet), capture size 262144 bytes
19:18:33.265169 66:33:24:f4:f0:38 > b2:73:99:81:78:79, ethertype IPv4 (0x0800), length 78: 127.100.100.1.62004 > 127.100.100.2.22: Flags [S], seq 4038145727, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1406601665 ecr 0,sackOK,eol], length 0
E..@y.@.=..f.dd..dd..4....6........................
S.      .........
19:18:49.479845 66:33:24:f4:f0:38 > b2:73:99:81:78:79, ethertype IPv4 (0x0800), length 78: 127.100.100.1.62004 > 127.100.100.2.22: Flags [S], seq 4038145727, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1406617665 ecr 0,sackOK,eol], length 0
[email protected]@.=..v.dd..dd..4....6..........\.............
S.HA........
19:19:22.867428 66:33:24:f4:f0:38 > b2:73:99:81:78:79, ethertype IPv4 (0x0800), length 62: 127.100.100.1.62004 > 127.100.100.2.22: Flags [S], seq 4038145727, win 65535, options [mss 1460,sackOK,eol], length 0
E..0    .@.=.m..dd..dd..4....6.....p...............
^C
3 packets captured
3 packets received by filter
0 packets dropped by kernel
root@sonic:~#
  • Local iptables
root@sonic:~# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  --  anywhere            !loopback/8           ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  172.18.0.0/16        anywhere    # If it's here??????

Chain DOCKER (2 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
  1. why I could not ssh onto SONiC, after restart by reboot.
  • NOT work on kernel 3.16, which I fork from 201807.
  • Same patch works on kernel 4.9, which forked from 201811.
  • This is debug info
root@sonic:~# ip route
240.127.1.0/24 dev docker0  proto kernel  scope link  src 240.127.1.1
root@sonic:~# ip netns exec mgmt ip route
Cannot open network namespace "mgmt": No such file or directory
  1. I think this is a bug of vpair type netdevice (if1 - if2) in kernel. I suggest change vpair into linux bridge implementation.

  2. BTW, why add '$IF_MGMT_VRF_CHAIN' this chain, which is 'Chain MgmtVrfChain'. Why do not use PREROUTING directly.

@vharish02
Copy link
Contributor

Added this patch,

  1. why I could not ssh onto SONiC, after restart by /usr/bin/interfaces-config.sh.
  • NOT work on kernel 3.16, which I fork from 201807, bellow is debug info.

Feature was developed and tested only on 4.9 Kernel FYI.

  • Same patch works on kernel 4.9, which forked from 201811.
  • ping is OK
$ ping 172.18.8.213
PING 172.18.8.213 (172.18.8.213): 56 data bytes
64 bytes from 172.18.8.213: icmp_seq=0 ttl=62 time=4.716 ms
64 bytes from 172.18.8.213: icmp_seq=1 ttl=62 time=3.122 ms
  • This is sshd status
root@sonic:~# /etc/init.d/ssh status
� ssh.service - OpenBSD Secure Shell server
   Loaded: loaded (/lib/systemd/system/ssh.service; enabled)
   Active: active (running) since Thu 2016-11-10 18:42:51 UTC; 6min ago
  Process: 5496 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
  Process: 5910 ExecStartPre=/usr/local/bin/host-ssh-keygen.sh (code=exited, status=0/SUCCESS)
 Main PID: 5913 (sshd)
   CGroup: /system.slice/ssh.service

Nov 10 18:42:51 sonic systemd[1]: Started OpenBSD Secure Shell server.
Nov 10 18:42:51 sonic sshd[5913]: Server listening on 0.0.0.0 port 22.
  • This is sshd log
Nov 10 18:17:20.749788 sonic INFO sshd[354]: Server listening on 0.0.0.0 port 22.
Nov 10 18:17:21.962811 sonic INFO sshd[354]: Received SIGHUP; restarting.
Nov 10 18:17:21.973555 sonic INFO sshd[354]: Server listening on 0.0.0.0 port 22.
Nov 10 18:17:36.266890 sonic INFO sshd[354]: Received SIGHUP; restarting.
Nov 10 18:17:36.274502 sonic INFO sshd[354]: Server listening on 0.0.0.0 port 22.
Nov 10 18:17:37.518905 sonic INFO sshd[354]: Received SIGHUP; restarting.
Nov 10 18:17:37.527136 sonic INFO sshd[354]: Server listening on 0.0.0.0 port 22.
Nov 10 18:20:43.041321 sonic INFO sshd[354]: Received signal 15; terminating.
Nov 10 18:20:43.060297 sonic INFO sshd[5665]: Server listening on 0.0.0.0 port 22.
Nov 10 18:20:52.537150 sonic INFO sshd[5665]: Received signal 15; terminating.
Nov 10 18:20:52.563828 sonic INFO sshd[5684]: Server listening on 0.0.0.0 port 22.
Nov 10 18:41:38.805387 sonic INFO sshd[5684]: Received signal 15; terminating.
Nov 10 18:41:53.800973 sonic INFO sshd[5864]: Server listening on 0.0.0.0 port 22.
Nov 10 18:42:51.422850 sonic INFO sshd[5864]: Received signal 15; terminating.
Nov 10 18:42:51.441402 sonic INFO sshd[5913]: Server listening on 0.0.0.0 port 22.
  • This is some information
root@sonic:~# cat /etc/network/interfaces
auto if2
iface if2 inet manual
   peer-netns mgmt
   peer-iface if1
   configure-interfaces yes
   if1-ip 127.100.100.1
   if1-prefixlen 24
   if2-ip 127.100.100.2
   if2-prefixlen 24
   mgmt-vrf-chain MgmtVrfChain

root@sonic:~# ip netns exec mgmt iptables -L -t nat
target     prot opt source               destination
SNAT       tcp  --  anywhere             anywhere             to:127.100.100.1:62000-65000
SNAT       udp  --  anywhere             anywhere             to:127.100.100.1:62000-65000
MASQUERADE  all  --  anywhere             anywhere

Chain MgmtVrfChain (1 references)
target     prot opt source               destination
DNAT       tcp  --  anywhere             anywhere             tcp dpt:ssh to:127.100.100.2
DNAT       tcp  --  anywhere             anywhere             tcp dpt:ftp-data to:127.100.100.2
DNAT       tcp  --  anywhere             anywhere             tcp dpt:ftp to:127.100.100.2
DNAT       udp  --  anywhere             anywhere             udp dpt:snmp to:127.100.100.2
DNAT       udp  --  anywhere             anywhere             udp dpt:tftp to:127.100.100.2
DNAT       tcp  --  anywhere             anywhere             tcp dpt:http to:127.100.100.2
DNAT       tcp  --  anywhere             anywhere             tcp dpt:https to:127.100.100.2
root@sonic:~# ip netns exec mgmt ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 50:6b:4b:27:b1:8e brd ff:ff:ff:ff:ff:ff
64: if1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 66:33:24:f4:f0:38 brd ff:ff:ff:ff:ff:ff
  • tcpdump show only ssh request exist
root@sonic:~# tcpdump -i if2 -nneA
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on if2, link-type EN10MB (Ethernet), capture size 262144 bytes
19:18:33.265169 66:33:24:f4:f0:38 > b2:73:99:81:78:79, ethertype IPv4 (0x0800), length 78: 127.100.100.1.62004 > 127.100.100.2.22: Flags [S], seq 4038145727, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1406601665 ecr 0,sackOK,eol], length 0
E..@y.@.=..f.dd..dd..4....6........................
S.      .........
19:18:49.479845 66:33:24:f4:f0:38 > b2:73:99:81:78:79, ethertype IPv4 (0x0800), length 78: 127.100.100.1.62004 > 127.100.100.2.22: Flags [S], seq 4038145727, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 1406617665 ecr 0,sackOK,eol], length 0
[email protected]@.=..v.dd..dd..4....6..........\.............
S.HA........
19:19:22.867428 66:33:24:f4:f0:38 > b2:73:99:81:78:79, ethertype IPv4 (0x0800), length 62: 127.100.100.1.62004 > 127.100.100.2.22: Flags [S], seq 4038145727, win 65535, options [mss 1460,sackOK,eol], length 0
E..0    .@.=.m..dd..dd..4....6.....p...............
^C
3 packets captured
3 packets received by filter
0 packets dropped by kernel
root@sonic:~#
  • Local iptables
root@sonic:~# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  --  anywhere            !loopback/8           ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  172.18.0.0/16        anywhere    # If it's here??????

Chain DOCKER (2 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
  1. why I could not ssh onto SONiC, after restart by reboot.

After configuring VRF using the config commands specified in the management VRF design document mentioned above, you need to run 'config save' to save the configuration before reboot. Otherwise the configuration is not persistent across reboots.

  • NOT work on kernel 3.16, which I fork from 201807.
  • Same patch works on kernel 4.9, which forked from 201811.
  • This is debug info
root@sonic:~# ip route
240.127.1.0/24 dev docker0  proto kernel  scope link  src 240.127.1.1
root@sonic:~# ip netns exec mgmt ip route
Cannot open network namespace "mgmt": No such file or directory

Expected behavior if config is not saved before reboot.

  1. I think this is a bug of vpair type netdevice (if1 - if2) in kernel. I suggest change vpair into linux bridge implementation.
  2. BTW, why add '$IF_MGMT_VRF_CHAIN' this chain, which is 'Chain MgmtVrfChain'. Why do not use PREROUTING directly.

By having it in separate chain we are isolating the rules from rest of the PREROUTING rules and it would be easier to dump mgmt vrf specific rules and manage them. If it is part of the PREROUTING then managing would be difficult, PREROUTING will have mgmt vrf rules along with other rules. Dumping mgmt vrf specific rule will be difficult.

@lguohan
Copy link
Collaborator

lguohan commented May 10, 2019

taking vrf-lite approach

@lguohan lguohan closed this May 10, 2019
dgsudharsan added a commit to dgsudharsan/sonic-buildimage that referenced this pull request Sep 15, 2022
Update sonic-swss submodule pointer to include the following:
* f0138a2 [portmgr] Fixed the orchagent crash due to late arrival of notif (sonic-net#2431) ([sonic-net#2451](sonic-net/sonic-swss#2451))
* 7cfde48 Change the log messages in addKernelNeigh/Route from ERROR to INFO ([sonic-net#2437](sonic-net/sonic-swss#2437))
* 2c5116e [202205][counters] Improve performance by polling only configured ports buffer queue/pg counters ([sonic-net#2432](sonic-net/sonic-swss#2432))

Signed-off-by: dgsudharsan <[email protected]>
@zbud-msft zbud-msft mentioned this pull request Sep 15, 2022
7 tasks
dgsudharsan added a commit to dgsudharsan/sonic-buildimage that referenced this pull request Sep 16, 2022
Update sonic-swss submodule pointer to include the following:
* 04ce7be check state_db for po before sending ARP/ND pkts (sonic-net#2444) ([sonic-net#2450](sonic-net/sonic-swss#2450))
* f0138a2 [portmgr] Fixed the orchagent crash due to late arrival of notif (sonic-net#2431) ([sonic-net#2451](sonic-net/sonic-swss#2451))
* 7cfde48 Change the log messages in addKernelNeigh/Route from ERROR to INFO ([sonic-net#2437](sonic-net/sonic-swss#2437))
* 2c5116e [202205][counters] Improve performance by polling only configured ports buffer queue/pg counters ([sonic-net#2432](sonic-net/sonic-swss#2432))

Signed-off-by: dgsudharsan <[email protected]>
dgsudharsan added a commit to dgsudharsan/sonic-buildimage that referenced this pull request Sep 21, 2022
Update sonic-swss submodule pointer to include the following:
* 8eea92e [202205][counters] Revert PR sonic-net#2432 for the buffer queue/pg counters improvement ([sonic-net#2462](sonic-net/sonic-swss#2462))
* 5d8636a [202205] Enhance orchagent and buffer manager in error handling (sonic-net#2414) ([sonic-net#2449](sonic-net/sonic-swss#2449))
* aa22237 [Everflow/ERSPAN] Set correct destination port and mac address when the nexthop is updated for ERSPAN mirror destination (sonic-net#2392) ([sonic-net#2455](sonic-net/sonic-swss#2455))
* 04ce7be check state_db for po before sending ARP/ND pkts (sonic-net#2444) ([sonic-net#2450](sonic-net/sonic-swss#2450))
* f0138a2 [portmgr] Fixed the orchagent crash due to late arrival of notif (sonic-net#2431) ([sonic-net#2451](sonic-net/sonic-swss#2451))
* 7cfde48 Change the log messages in addKernelNeigh/Route from ERROR to INFO ([sonic-net#2437](sonic-net/sonic-swss#2437))
* 2c5116e [202205][counters] Improve performance by polling only configured ports buffer queue/pg counters ([sonic-net#2432](sonic-net/sonic-swss#2432))

Signed-off-by: dgsudharsan <[email protected]>
prsunny pushed a commit that referenced this pull request Sep 21, 2022
Update sonic-swss submodule pointer to include the following:
* 8eea92e [202205][counters] Revert PR #2432 for the buffer queue/pg counters improvement ([#2462](sonic-net/sonic-swss#2462))
* 5d8636a [202205] Enhance orchagent and buffer manager in error handling (#2414) ([#2449](sonic-net/sonic-swss#2449))
* aa22237 [Everflow/ERSPAN] Set correct destination port and mac address when the nexthop is updated for ERSPAN mirror destination (#2392) ([#2455](sonic-net/sonic-swss#2455))
* 04ce7be check state_db for po before sending ARP/ND pkts (#2444) ([#2450](sonic-net/sonic-swss#2450))
* f0138a2 [portmgr] Fixed the orchagent crash due to late arrival of notif (#2431) ([#2451](sonic-net/sonic-swss#2451))
* 7cfde48 Change the log messages in addKernelNeigh/Route from ERROR to INFO ([#2437](sonic-net/sonic-swss#2437))
* 2c5116e [202205][counters] Improve performance by polling only configured ports buffer queue/pg counters ([#2432](sonic-net/sonic-swss#2432))
theasianpianist added a commit to theasianpianist/sonic-buildimage that referenced this pull request Oct 5, 2022
Include:

df92fb7 Improve verbosity level and provide more info in the log (sonic-net#2472)
e81ed20 [intfmgr]: Enable `accept_untracked_na` kernel param (sonic-net#2436)
24d29f1 [orchdaemon]: Fixed sairedis record file rotation (sonic-net#2299)
b8ee07d [build] add missing package libyang-dev in lgtm.yml (sonic-net#2475)
e46dd29 [crm] Fix issue with continues EXCEEDED and CLEAR logs for ACL group/table counters (sonic-net#2463)
b61d24c [doc]: Update README.md (sonic-net#2456)
b9ade5d [orchagent] Fix issue: ip prefix shall be inited even if VRF/VNET is not ready (sonic-net#2461)
f0f1eb4 Revert "[counters] Improve performance by polling only configured ports buffer queue/pg counters (sonic-net#2360)" (sonic-net#2458)
3d757a8 [ci][asan] add DVS tests run with ASAN (sonic-net#2441)
04fbc8e [ci] Only when test stage succeeded or succeededwithissues, PR run Gcov (sonic-net#2460)
7cc035f [orchagent]: Publish identified events via structured-events channel (sonic-net#2446)
efa0f01 [QoS] Enforce drop probability only for colors whose WRED are enabled (sonic-net#2422)
05c5c2f [swss] Replace memset functions (sonic-net#2423)
9ff993d Modified the test file to remove click commands and do the REDIS-DB u… (sonic-net#2264)
9e376af Install libyang in azure pipeline. (sonic-net#2445)
c1eb99a check state_db for po before sending ARP/ND pkts (sonic-net#2444)
43cc486 [portmgr] Fixed the orchagent crash due to late arrival of notif (sonic-net#2431)
b62c716 Enhance orchagent and buffer manager in error handling (sonic-net#2414)
13bda3c [Everflow/ERSPAN] Set correct destination port and mac address when the nexthop is updated for ERSPAN mirror destination (sonic-net#2392)
0ccb315 Revert "[VS Test] Skip failing subport tests (sonic-net#2370)" (sonic-net#2421)
ac8a83f [UT] [Portsyncd] Added Unit Tests for portsyncd (sonic-net#2297)
83a186a Change the log messages in addKernelNeigh/Route from ERROR to INFO (sonic-net#2437)
9c23389 [BFD]Clean up state_db BFD entries on swss restart (sonic-net#2434)
d41aebf EntityBulker SIGSEGV when create_entry attr_count 0 (sonic-net#2224)
f52a7b1 Fix the Fec Mode Setting of gbsyncd (sonic-net#2430)
8cc0a45 [neighsyncd] Enabling ipv4 link local entries for non-dualtor (sonic-net#2427)
5624e87 Revert "[ci][asan] add DVS tests run with ASAN (sonic-net#2363)" (sonic-net#2433)
a26b26a Dynamic port configuration - add port buffer cfg to the port ref counter (sonic-net#2194)
486939a tlm_teamd: Filter portchannel subinterface events from STATE_DB LAG_TABLE (sonic-net#2408)
a4b8992 [counters] Improve performance by polling only configured ports buffer queue/pg counters (sonic-net#2360)
4aaeec9 added support for Xsight platform (sonic-net#2426)
ca9edca [ci][asan] add DVS tests run with ASAN (sonic-net#2363)
dec4570 Handle dual ToR neighbor miss scenario (sonic-net#2151)
9eb4422 Upstream new development on p4orch (sonic-net#2237)
e9be2c0 [lgtm] Fix dependency (sonic-net#2419)
c0168f3 [muxorch] Returning true if nbr in skip_neighbor_ in isNeighborActive() (sonic-net#2415)
cfcf3d8 [macsec]: Set MTU for MACsec (sonic-net#2398)
8346034 Delete Invalid if condition in intfsorch.cpp (sonic-net#2411)

Signed-off-by: Lawrence Lee <[email protected]>
theasianpianist added a commit that referenced this pull request Oct 7, 2022
Include:

df92fb7 Improve verbosity level and provide more info in the log (#2472)
e81ed20 [intfmgr]: Enable `accept_untracked_na` kernel param (#2436)
24d29f1 [orchdaemon]: Fixed sairedis record file rotation (#2299)
b8ee07d [build] add missing package libyang-dev in lgtm.yml (#2475)
e46dd29 [crm] Fix issue with continues EXCEEDED and CLEAR logs for ACL group/table counters (#2463)
b61d24c [doc]: Update README.md (#2456)
b9ade5d [orchagent] Fix issue: ip prefix shall be inited even if VRF/VNET is not ready (#2461)
f0f1eb4 Revert "[counters] Improve performance by polling only configured ports buffer queue/pg counters (#2360)" (#2458)
3d757a8 [ci][asan] add DVS tests run with ASAN (#2441)
04fbc8e [ci] Only when test stage succeeded or succeededwithissues, PR run Gcov (#2460)
7cc035f [orchagent]: Publish identified events via structured-events channel (#2446)
efa0f01 [QoS] Enforce drop probability only for colors whose WRED are enabled (#2422)
05c5c2f [swss] Replace memset functions (#2423)
9ff993d Modified the test file to remove click commands and do the REDIS-DB u… (#2264)
9e376af Install libyang in azure pipeline. (#2445)
c1eb99a check state_db for po before sending ARP/ND pkts (#2444)
43cc486 [portmgr] Fixed the orchagent crash due to late arrival of notif (#2431)
b62c716 Enhance orchagent and buffer manager in error handling (#2414)
13bda3c [Everflow/ERSPAN] Set correct destination port and mac address when the nexthop is updated for ERSPAN mirror destination (#2392)
0ccb315 Revert "[VS Test] Skip failing subport tests (#2370)" (#2421)
ac8a83f [UT] [Portsyncd] Added Unit Tests for portsyncd (#2297)
83a186a Change the log messages in addKernelNeigh/Route from ERROR to INFO (#2437)
9c23389 [BFD]Clean up state_db BFD entries on swss restart (#2434)
d41aebf EntityBulker SIGSEGV when create_entry attr_count 0 (#2224)
f52a7b1 Fix the Fec Mode Setting of gbsyncd (#2430)
8cc0a45 [neighsyncd] Enabling ipv4 link local entries for non-dualtor (#2427)
5624e87 Revert "[ci][asan] add DVS tests run with ASAN (#2363)" (#2433)
a26b26a Dynamic port configuration - add port buffer cfg to the port ref counter (#2194)
486939a tlm_teamd: Filter portchannel subinterface events from STATE_DB LAG_TABLE (#2408)
a4b8992 [counters] Improve performance by polling only configured ports buffer queue/pg counters (#2360)
4aaeec9 added support for Xsight platform (#2426)
ca9edca [ci][asan] add DVS tests run with ASAN (#2363)
dec4570 Handle dual ToR neighbor miss scenario (#2151)
9eb4422 Upstream new development on p4orch (#2237)
e9be2c0 [lgtm] Fix dependency (#2419)
c0168f3 [muxorch] Returning true if nbr in skip_neighbor_ in isNeighborActive() (#2415)
cfcf3d8 [macsec]: Set MTU for MACsec (#2398)
8346034 Delete Invalid if condition in intfsorch.cpp (#2411)

Signed-off-by: Lawrence Lee <[email protected]>
tshalvi pushed a commit to tshalvi/sonic-buildimage that referenced this pull request Dec 20, 2022
…ic-net#2431)

Signed-off-by: Vivek Reddy Karri <[email protected]>
Bulk write to APP_DB i.e. alias, lanes, speed must be read through one notification by orchagent during create_port
Handled a race condition in portmgrd which tries to immediately apply a mtu/admin_status SET notif after a DEL causing it to crash
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants