open-switch / opx-nas-acl Goto Github PK
View Code? Open in Web Editor NEWHome Page: https://openswitch.net
Home Page: https://openswitch.net
After installing PKGS_OPX-3.0.0-rc1-installer-x86_64.bin on z9100 and s6010 platform , I need to fanout few ports. I update that to /etc/opx/dn_nas_fanout_init_config.xml file. That required restart of opx-create-interface.service. After restart the service , opx-acl-init.service failed.
Here is steps to recreate the issue.
I did manual install from onie in my z9100 and reboot the box. Everything was working.
root@OPX:~# opx-show-version
OS_NAME="OPX"
OS_VERSION="unstable"
PLATFORM="Z9100-ON"
ARCHITECTURE="x86_64"
INTERNAL_BUILD_ID="OpenSwitch blueprint for Dell 1.0.0"
BUILD_VERSION="unstable.0"
BUILD_DATE="2018-08-15T16:33:10+0000"
INSTALL_DATE="2018-08-15T21:33:45+00:00"
SYSTEM_STATE= running
UPGRADED_PACKAGES=no
ALTERED_PACKAGES=yes
root@OPX:~# opx-show-system-status
System State: running
No Failed Service
Modified Packages:
python-opx-snmp
root@OPX:~#
Then I change /etc/opx/dn_nas_fanout_init_config.xml file for all the ports that needed to be fanned out.
root@OPX:/mnt/onie-boot/admin# cat /etc/opx/dn_nas_fanout_init_config.xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- Copyright (c) 2015 Dell Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
THIS CODE IS PROVIDED ON AN *AS IS* BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT
LIMITATION ANY IMPLIED WARRANTIES OR CONDITIONS OF TITLE, FITNESS
FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR NON-INFRINGEMENT.
See the Apache Version 2.0 License for specific language governing
permissions and limitations under the License.
-->
<!--
This file is used to store default init configuration for
fanout interfaces
example
<interfaces>
<interface name="e101-001-0" fanout="4x1" speed="10G"/>
<interface name="e101-002-0" fanout="1x1" speed="40G"/>
</interfaces>
-->
<interfaces>
<interface name="e101-001-0" fanout="4x1" speed="10G"/>
<interface name="e101-002-0" fanout="4x1" speed="10G"/>
<interface name="e101-003-0" fanout="4x1" speed="10G"/>
<interface name="e101-004-0" fanout="4x1" speed="10G"/>
<interface name="e101-030-0" fanout="4x1" speed="10G"/>
</interfaces>
root@OPX:/mnt/onie-boot/admin#
That required a restart of opx-create-interface service. I did that.
root@OPX:/mnt/onie-boot/admin# systemctl restart opx-create-interface
root@OPX:/mnt/onie-boot/admin# opx-show-version
OS_NAME="OPX"
OS_VERSION="unstable"
PLATFORM="Z9100-ON"
ARCHITECTURE="x86_64"
INTERNAL_BUILD_ID="OpenSwitch blueprint for Dell 1.0.0"
BUILD_VERSION="unstable.0"
BUILD_DATE="2018-08-15T16:33:10+0000"
INSTALL_DATE="2018-08-15T21:33:45+00:00"
SYSTEM_UPTIME= 4 minutes
SYSTEM_STATE= degraded
UPGRADED_PACKAGES=no
ALTERED_PACKAGES=yes
root@OPX:/mnt/onie-boot/admin# opx-show-system-status
System State: degraded
Failed Services
opx-acl-init.service
Modified Packages:
opx-nas-interface
python-opx-snmp
root@OPX:/mnt/onie-boot/admin# systemctl status opx-acl-init.service
? opx-acl-init.service - Default ACL entries for Control Plane Protocol packets
Loaded: loaded (/lib/systemd/system/opx-acl-init.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2018-08-15 21:49:39 UTC; 2min 9s ago
Process: 2431 ExecStart=/usr/bin/python -u /usr/bin/base_create_acl_entries.py (code=exited, status=1/FAILURE)
Main PID: 2431 (code=exited, status=1/FAILURE)
Aug 15 21:49:39 OPX systemd[1]: Started Default ACL entries for Control Plane Protocol packets.
Aug 15 21:49:39 OPX python[2431]: ('Inside ', 'INGRESS')
Aug 15 21:49:39 OPX python[2431]: [DSAPI:COMMIT], Failed to commit request at 0 out of 1
Aug 15 21:49:39 OPX python[2431]: Runtime Error: ACL INIT - Table creation failed: system-flow
Aug 15 21:49:39 OPX systemd[1]: opx-acl-init.service: Main process exited, code=exited, status=1/FAILURE
Aug 15 21:49:39 OPX systemd[1]: opx-acl-init.service: Unit entered failed state.
Aug 15 21:49:39 OPX systemd[1]: opx-acl-init.service: Failed with result 'exit-code'.
root@OPX:/mnt/onie-boot/admin# opx-ethtool e101-001-1
Settings for e101-001-1:
Channel ID: 1
Transceiver Status: Disable
Media Type: QSFP 40GBASE CR4
Part Number: 616750001
Serial Number: CN05NP8R4BO7EGH
Qualified: Yes
Administrative State: DOWN
Operational State: DOWN
Supported Speed (in Mbps): [10000]
Auto Negotiation : off
Configured Speed : auto
Operating Speed : 0
Duplex : full
Workaround is to reboot the box after changing the fanout xml file rather than merely restarting the create-interface service.
When trying to create an ACL entry (via python cps api) which uses the REDIRECT_IP_NEXTHOP action opx-nas-daemon aborts with
opx_nas_daemon[572]: [ACL:NAS-ACL], Err_code: 0x94008000, fn: bool nas_acl_action_t::copy_action_ndi(ndi_acl_action_list_t&, npu_id_t, nas::mem_alloc_helper_t&) const (), ACTION_TYPE_REDIRECT_IP_NEXTHOP: Could not find object id for NPU 0
This happens probably, because the ip-address, set in the python cps_object,
{
'data': {
'base-acl/entry/match': {
...
},
'base-acl/entry/action': {
'0': {
'base-acl/entry/action/IP_NEXTHOP_GROUP_VALUE': {
'base-acl/entry/action/IP_NEXTHOP_GROUP_VALUE/data': bytearray(b'\x00'),
'base-acl/entry/action/IP_NEXTHOP_GROUP_VALUE/af': bytearray(b'\x02\x00\x00\x00'),
'base-acl/entry/action/IP_NEXTHOP_GROUP_VALUE/dest-addr': bytearray(b'\x0c\x0c\x0c\x0c'),
'base-acl/entry/action/IP_NEXTHOP_GROUP_VALUE/vrf_id': bytearray(b'\x00\x00\x00\x00')
},
'base-acl/entry/action/type': bytearray(b'\x02\x00\x00\x00')
}
},
'base-acl/entry/table-id': bytearray(b'\x04\x00\x00\x00\x00\x00\x00\x00'),
'base-acl/entry/priority': bytearray(b'\x02\x02\x00\x00')
},
'key': '1.47.3080337.3080194.3080195.'
}
is not written into the nas_acl_common_data_list_t& data_list
td::vector of length 5,
capacity 8 = {
{
{
u8 = 0 '\000',
u06 = 0,
u32 = 0,
u64 = 0,
obj_id = 0,
ifindex = 0
},
ifindex_list = std::vector of length 0,
capacity 0,
ndi_obj_id_table = std::unordered_map with 0 elements,
bytes = std::vector of length 0,
capacity 0,
obj_id_list = std::vector of length 0,
capacity 0
},
{
{
u8 = 2 '\002',
u16 = 2,
u32 = 2,
u64 = 2,
obj_id = 2,
ifindex = 2},
ifindex_list = std::vector of length 0,
capacity 0,
ndi_obj_id_table = std::unordered_map with 0 elements,
bytes = std::vector of length 0,
capacity 0,
obj_id_list = std::vector of length 0,
capacity 0
},
{
{
u8 = 0 '\000',
u16 = 0,
u32 = 0,
u64 = 0,
obj_id = 0,
ifindex = 0},
ifindex_list = std::vector of length 0,
capacity 0,
ndi_obj_id_table = std::unordered_map with 0 elements,
bytes = std::vector of length 4,
capacity 4 = {
255 '\377',
255 '\377',
255 '\377',
255 '\377'
},
obj_id_list = std::vector of length 0,
capacity 0},
{
{
u8 = 0 '\000',
u16 = 0,
u32 = 0,
u64 = 0,
obj_id = 0,
ifindex = 0
},
ifindex_list = std::vector of length 0,
capacity 0,
ndi_obj_id_table = std::unordered_map with 0 elements,
bytes = std::vector of length 16,
capacity 16 = {
255 '\377',
255 '\377',
255 '\377',
255 '\377',
255 '\377',
255 '\377',
255 '\377',
255 '\377',
255 '\377',
255 '\377',
255 '\377',
255 '\377',
255 '\377',
255 '\377',
255 '\377',
255 '\377'
},
obj_id_list = std::vector of length 0,
capacity 0
},
{
{
u8 = 0 '\000',
u16 = 0,
u32 = 0,
u64 = 0,
obj_id = 0,
ifindex = 0},
ifindex_list = std::vector of length 0,
capacity 0,
ndi_obj_id_table = std::unordered_map with 0 elements,
bytes = std::vector of length 0,
capacity 0,
obj_id_list = std::vector of length 0,
capacity 0
}
}
Concretely, in nas_acl_cps_utils.cpp
499 auto attr_val = cps_api_object_e_get (obj, attr_list.data (), attr_list.size ());
is NULL
, leading to
501 if (attr_val == NULL) {
...
513 return _fill_optional_attr (data_info, sub_obj_name);
514 }
for the ip-addr (ipv4 and ipv6). However, i could not get to know, why this happens exactly. For me, it seems that the data is not included in the cps_api_object_t obj
. I am aware that this could be an opx-cps issue, e.g, if the data is not written correctly, however, I did not want to file this twice.
Also, it might be possible that I did not build the pythen cps object correctly, however, changing the structure did not not help to solve the issue.
Simon
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.