|
35 | 35 | VLAN_SUB_INTERFACE_SEPARATOR = '.' |
36 | 36 | VLAN_SUB_INTERFACE_VLAN_ID = '10' |
37 | 37 |
|
| 38 | +FRONTEND_ASIC_SUB_ROLE = 'FrontEnd' |
| 39 | +BACKEND_ASIC_SUB_ROLE = 'BackEnd' |
| 40 | +BACKEND_ASIC_INTERFACE_NAME_PREFIX = 'Ethernet-BP' |
| 41 | + |
38 | 42 | # Default Virtual Network Index (VNI) |
39 | 43 | vni_default = 8000 |
40 | 44 |
|
@@ -392,7 +396,9 @@ def parse_dpg(dpg, hname): |
392 | 396 | # later after the rest of the minigraph has been parsed. |
393 | 397 | acl_intfs = pc_intfs[:] |
394 | 398 | for panel_port in port_alias_map.values(): |
395 | | - if panel_port not in intfs_inpc: |
| 399 | + # because of port_alias_asic_map we can have duplicate in port_alias_map |
| 400 | + # so check if already present do not add |
| 401 | + if panel_port not in intfs_inpc and panel_port not in acl_intfs: |
396 | 402 | acl_intfs.append(panel_port) |
397 | 403 | break |
398 | 404 | if acl_intfs: |
@@ -645,27 +651,61 @@ def parse_spine_chassis_fe(results, vni, lo_intfs, phyport_intfs, pc_intfs, pc_m |
645 | 651 | # |
646 | 652 | ############################################################################### |
647 | 653 |
|
648 | | -def filter_acl_mirror_table_bindings(acls, neighbors, port_channels): |
649 | | - """ |
650 | | - Filters out inactive front-panel ports from the binding list for mirror |
651 | | - ACL tables. We define an "active" port as one that is a member of a |
652 | | - port channel or one that is connected to a neighboring device. |
653 | | - """ |
| 654 | +def filter_acl_table_bindings(acls, neighbors, port_channels, sub_role): |
| 655 | + filter_acls = {} |
| 656 | + |
| 657 | + # If the asic role is BackEnd no ACL Table (Ctrl/Data/Everflow) is binded. |
| 658 | + # This will be applicable in Multi-NPU Platforms. |
| 659 | + |
| 660 | + if sub_role == BACKEND_ASIC_SUB_ROLE: |
| 661 | + return filter_acls |
| 662 | + |
| 663 | + front_port_channel_intf = [] |
| 664 | + |
| 665 | + # Get the front panel port channel. It will use port_alias_asic_map |
| 666 | + # which will get populated from port_config.ini for Multi-NPU |
| 667 | + # architecture |
| 668 | + for port_channel_intf in port_channels: |
| 669 | + backend_port_channel = any(lag_member in port_alias_asic_map \ |
| 670 | + and lag_member.startswith(BACKEND_ASIC_INTERFACE_NAME_PREFIX) \ |
| 671 | + for lag_member in port_channels[port_channel_intf]['members']) |
| 672 | + if not backend_port_channel: |
| 673 | + front_port_channel_intf.append(port_channel_intf) |
654 | 674 |
|
655 | 675 | for acl_table, group_params in acls.iteritems(): |
656 | 676 | group_type = group_params.get('type', None) |
| 677 | + filter_acls[acl_table] = acls[acl_table] |
657 | 678 |
|
| 679 | + # For Control Plane and Data ACL no filtering is needed |
| 680 | + # Control Plane ACL has no Interface associated and |
| 681 | + # Data Plane ACL Interface are attached via minigraph |
| 682 | + # AclInterface. |
658 | 683 | if group_type != 'MIRROR' and group_type != 'MIRRORV6': |
659 | 684 | continue |
660 | 685 |
|
661 | | - active_ports = [ port for port in group_params.get('ports', []) if port in neighbors.keys() or port in port_channels ] |
662 | | - |
| 686 | + # Filters out back-panel ports from the binding list for Everflow (Mirror) |
| 687 | + # ACL tables. We define an "back-panel" port as one that is a member of a |
| 688 | + # port channel connected to back asic or directly connected to back asic. |
| 689 | + # This will be applicable in Multi-NPU Platforms. |
| 690 | + front_panel_ports = [] |
| 691 | + for port in group_params.get('ports', []): |
| 692 | + if port in port_alias_asic_map and port.startswith(BACKEND_ASIC_INTERFACE_NAME_PREFIX): |
| 693 | + continue |
| 694 | + if port in port_channels and port not in front_port_channel_intf: |
| 695 | + continue |
| 696 | + front_panel_ports.append(port) |
| 697 | + |
| 698 | + # Filters out inactive front-panel ports from the binding list for mirror |
| 699 | + # ACL tables. We define an "active" port as one that is a member of a |
| 700 | + # front pannel port channel or one that is connected to a neighboring device via front panel port. |
| 701 | + active_ports = [port for port in front_panel_ports if port in neighbors.keys() or port in front_port_channel_intf] |
| 702 | + |
663 | 703 | if not active_ports: |
664 | 704 | print >> sys.stderr, 'Warning: mirror table {} in ACL_TABLE does not have any ports bound to it'.format(acl_table) |
665 | 705 |
|
666 | | - acls[acl_table]['ports'] = active_ports |
| 706 | + filter_acls[acl_table]['ports'] = active_ports |
667 | 707 |
|
668 | | - return acls |
| 708 | + return filter_acls |
669 | 709 |
|
670 | 710 | ############################################################################### |
671 | 711 | # |
@@ -968,7 +1008,7 @@ def parse_xml(filename, platform=None, port_config_file=None, asic_name=None): |
968 | 1008 | results['DHCP_SERVER'] = dict((item, {}) for item in dhcp_servers) |
969 | 1009 | results['NTP_SERVER'] = dict((item, {}) for item in ntp_servers) |
970 | 1010 | results['TACPLUS_SERVER'] = dict((item, {'priority': '1', 'tcp_port': '49'}) for item in tacacs_servers) |
971 | | - results['ACL_TABLE'] = filter_acl_mirror_table_bindings(acls, neighbors, pcs) |
| 1011 | + results['ACL_TABLE'] = filter_acl_table_bindings(acls, neighbors, pcs, sub_role) |
972 | 1012 | results['FEATURE'] = { |
973 | 1013 | 'telemetry': { |
974 | 1014 | 'status': 'enabled' |
|
0 commit comments