[dash-p4] Add ENI mode and trusted vni stage #672
Conversation
|
/azp run |
|
Commenter does not have sufficient privileges for PR 672 in repo sonic-net/DASH |
|
/azp run |
|
Commenter does not have sufficient privileges for PR 672 in repo sonic-net/DASH |
|
/azp run |
|
Commenter does not have sufficient privileges for PR 672 in repo sonic-net/DASH |
|
/azp run |
|
Commenter does not have sufficient privileges for PR 672 in repo sonic-net/DASH |
| @@ -16,6 +16,10 @@ sai_apis: | |||
| name: SAI_DIRECTION_LOOKUP_ENTRY_ACTION_SET_OUTBOUND_DIRECTION | |||
There was a problem hiding this comment.
Will be great to update the title to cover all changes in this PR.
dash-pipeline/bmv2/dash_pipeline.p4
Outdated
| @@ -134,6 +137,9 @@ control dash_eni_stage( | |||
| if (!eni.apply().hit) { | |||
| UPDATE_COUNTER(eni_miss_drop, 0); | |||
| } | |||
| else if (meta.eni_data.eni_mode == dash_eni_mode_t.FNIC) { | |||
| trusted_vni_stage.apply(hdr, meta); | |||
There was a problem hiding this comment.
this one should be in global, shared by all ENIs.
| } | ||
|
|
||
| @SaiTable[single_match_priority = "true", api = "dash_trusted_vni"] | ||
| table trusted_vni { |
| { | ||
| action permit() {} | ||
|
|
||
| action deny() { |
There was a problem hiding this comment.
iirc, we have a global deny function and maybe we can use that instead.
There was a problem hiding this comment.
Use global deny function
| return; | ||
| } | ||
|
|
||
| trusted_vni.apply(); |
There was a problem hiding this comment.
need counter to track the drops.
There was a problem hiding this comment.
Add counter eni_trusted_vni_entry_miss_drop
jimmyzhai
changed the title
|
/azp run |
|
Commenter does not have sufficient privileges for PR 672 in repo sonic-net/DASH |
|
/azp run |
|
Commenter does not have sufficient privileges for PR 672 in repo sonic-net/DASH |
| } | ||
| } | ||
|
|
||
| @SaiTable[single_match_priority = "true", api = "dash_trusted_vni"] |
| @@ -278,6 +277,7 @@ control dash_ingress( | |||
| (meta.flow_sync_state == dash_flow_sync_state_t.FLOW_MISS && | |||
| hdr.packet_meta.packet_source == dash_packet_source_t.EXTERNAL)) | |||
| { | |||
| trusted_vni_stage.apply(hdr, meta); | |||
There was a problem hiding this comment.
maybe we missed the inbound routing table for the VNI matching, if we simply return it here.
There was a problem hiding this comment.
Add a TODO comment and will revisit it after inbound routing HLD done.
|
/azp run |
|
Commenter does not have sufficient privileges for PR 672 in repo sonic-net/DASH |
| return; | ||
| } | ||
|
|
||
| if (!eni_trusted_vni.apply().hit) { |
There was a problem hiding this comment.
better add a TODO comment to make sure the pipeline can capture the behavior right.
There was a problem hiding this comment.
Have added TODO comment before trusted_vni_stage.apply(hdr, meta).
|
/azp run |
|
Commenter does not have sufficient privileges for PR 672 in repo sonic-net/DASH |
|
/azp run |
|
Commenter does not have sufficient privileges for PR 672 in repo sonic-net/DASH |
Referring to sonic-net/SONiC#1911 and #665, to support FNIC pipeline, this PR adds the followings:
eni_trusted_vni_entry_miss_dropset_inbound_directionis not defaultonly at tabledirection_lookupglobal_trusted_vniandeni_trusted_vni