Vlanmgr and Fdborch changes for PAC #3143
Conversation
Added Vlanmgr and Fdborch changes to support PAC.
|
The following PR needs to be merged to resolve the compilation error: |
| @@ -1410,7 +1416,9 @@ bool FdbOrch::addFdbEntry(const FdbEntry& entry, const string& port_name, | |||
| attrs.push_back(attr); | |||
| } | |||
| } | |||
|
|
|||
| attr.id = SAI_FDB_ENTRY_ATTR_PACKET_ACTION; | |||
There was a problem hiding this comment.
Should there be changes in fdborch to push the packet to PACD socket? https://github.com/sonic-net/SONiC/blob/master/doc/pac/Port%20Access%20Control.md#313-mab-packet-receive-flow. How are the packets delivered for authentication when MAB is enabled on the interface please?
There was a problem hiding this comment.
These packets that come to CPU are received by PACD as it registers socket for the same. If MAB is enabled, then PACD informs , the information that is required for authentication, such as mac address and the interface to MAB process. The communication between the PACD and MABD uses simple client-server socket communication.
Added Vlanmgr and Fdborch changes to support PAC.
|
@sutharsansr pls review and sign off if you have no further comments |
|
/azpw run Azure.sonic-swss |
|
/AzurePipelines run Azure.sonic-swss |
|
Azure Pipelines successfully started running 1 pipeline(s). |
| @@ -30,6 +30,20 @@ Orch::Orch(DBConnector *db, const vector<string> &tableNames) | |||
| } | |||
| } | |||
|
|
|||
| Orch::Orch(swss::DBConnector *db1, swss::DBConnector *db2, | |||
There was a problem hiding this comment.
What is this change? Seems not related to feature. Please remove
There was a problem hiding this comment.
This change is needed, as Vlanmgr needs to process updates from 2 db's now, config db and state db.
There was a problem hiding this comment.
Please explain which tables. and where is it added in Vlanmgr code?
There was a problem hiding this comment.
Currently, Vlanmgr processes updates only from the config db. PAC sends updates to Vlanmgr through the following tables in the state db:
#define STATE_OPER_VLAN_TABLE_NAME "OPER_VLAN"
#define STATE_OPER_VLAN_MEMBER_TABLE_NAME "OPER_VLAN_MEMBER"
#define STATE_OPER_FDB_TABLE_NAME "OPER_FDB"
#define STATE_OPER_PORT_TABLE_NAME "OPER_PORT"
To process these updates, Vlanmgr needs to add the state db tables as well to the Orch list:
VlanMgr::VlanMgr(DBConnector *cfgDb, DBConnector *appDb, DBConnector *stateDb, const vector &tableNames,
const vector &stateTableNames) :
Orch(cfgDb, stateDb, tableNames, stateTableNames),
So, in addition to cfgDb, we also add stateDb in the Orch list. The PAC related tables are in stateTableNames
|
/azpw run Azure.sonic-swss |
|
/AzurePipelines run Azure.sonic-swss |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azpw run Azure.sonic-swss |
|
/AzurePipelines run Azure.sonic-swss |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Added Vlanmgr and Fdborch changes to support PAC.
The following PAC operations are supported to be passed down from Vlanmgr to OA for updating the ASIC DB:
PAC HLD: https://github.com/sonic-net/SONiC/blob/master/doc/pac/Port%20Access%20Control.md