diff --git a/build_debian.sh b/build_debian.sh index 7f059d68dcb9..908d8b8201ce 100755 --- a/build_debian.sh +++ b/build_debian.sh @@ -382,6 +382,7 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in mtr-tiny \ locales \ cgroup-tools \ + ipmitool \ ndisc6 \ makedumpfile \ conntrack \ diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/general/policies.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/general/policies.conf.j2 index 3dc9447f75bb..8db76a69f848 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/general/policies.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/general/policies.conf.j2 @@ -2,6 +2,8 @@ ! template: bgpd/templates/general/policies.conf.j2 ! ! +ip prefix-list DEFAULT_IPV4 permit 0.0.0.0/0 +ipv6 prefix-list DEFAULT_IPV6 permit ::/0 ! {% if constants.bgp.allow_list is defined and constants.bgp.allow_list.enabled is defined and constants.bgp.allow_list.enabled and constants.bgp.allow_list.drop_community is defined %} ! @@ -35,6 +37,22 @@ route-map FROM_BGP_PEER_V4 permit 10 ! route-map FROM_BGP_PEER_V4 permit 11 match community allow_list_default_community +{% if CONFIG_DB__DEVICE_METADATA and 'localhost' in CONFIG_DB__DEVICE_METADATA and 'type' in CONFIG_DB__DEVICE_METADATA['localhost'] and 'subtype' in CONFIG_DB__DEVICE_METADATA['localhost'] %} +{% if CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'SpineRouter' and CONFIG_DB__DEVICE_METADATA['localhost']['subtype'] == 'UpstreamLC' %} + on-match next +! +route-map FROM_BGP_PEER_V4 permit 12 + match ip address prefix-list DEFAULT_IPV4 +! +route-map FROM_BGP_PEER_V4 permit 13 +{% if CONFIG_DB__DEVICE_METADATA['localhost']['switch_type'] != 'chassis-packet' %} + set tag {{ constants.bgp.route_do_not_send_appdb_tag }} +{% else %} + set tag {{ constants.bgp.route_eligible_for_fallback_to_default_tag }} +{% endif %} + set community {{ constants.bgp.internal_fallback_community }} additive +{% endif %} +{% endif %} ! route-map FROM_BGP_PEER_V6 permit 10 call ALLOW_LIST_DEPLOYMENT_ID_0_V6 @@ -42,6 +60,21 @@ route-map FROM_BGP_PEER_V6 permit 10 ! route-map FROM_BGP_PEER_V6 permit 11 match community allow_list_default_community +{% if CONFIG_DB__DEVICE_METADATA and 'localhost' in CONFIG_DB__DEVICE_METADATA and 'type' in CONFIG_DB__DEVICE_METADATA['localhost'] and 'subtype' in CONFIG_DB__DEVICE_METADATA['localhost'] %} +{% if CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'SpineRouter' and CONFIG_DB__DEVICE_METADATA['localhost']['subtype'] == 'UpstreamLC' %} + on-match next +! +route-map FROM_BGP_PEER_V6 permit 12 + match ipv6 address prefix-list DEFAULT_IPV6 +! +route-map FROM_BGP_PEER_V6 permit 13 +{% if CONFIG_DB__DEVICE_METADATA['localhost']['switch_type'] != 'chassis-packet' %} + set tag {{ constants.bgp.route_do_not_send_appdb_tag }} +{% else %} + set tag {{ constants.bgp.route_eligible_for_fallback_to_default_tag }} +{% endif %} + set community {{ constants.bgp.internal_fallback_community }} additive {% endif %} +{% endif %} ! {% endif %} ! diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 index bd341e70d7f4..e6eccc75fae4 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/internal/policies.conf.j2 @@ -25,6 +25,7 @@ route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 {% endif %} {% elif CONFIG_DB__DEVICE_METADATA['localhost']['switch_type'] == 'chassis-packet' %} bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit {{ constants.bgp.internal_community }} +bgp community-list standard DEVICE_INTERNAL_FALLBACK_COMMUNITY permit {{ constants.bgp.internal_fallback_community }} bgp community-list standard NO_EXPORT permit no-export ! route-map FROM_BGP_INTERNAL_PEER_V4 permit 1 @@ -35,6 +36,17 @@ route-map FROM_BGP_INTERNAL_PEER_V4 permit 1 route-map FROM_BGP_INTERNAL_PEER_V4 permit 2 match community NO_EXPORT set local-preference 80 + on-match next +! +{% if CONFIG_DB__DEVICE_METADATA['localhost']['subtype'] == 'DownstreamLC' %} +route-map FROM_BGP_INTERNAL_PEER_V4 deny 3 + match community DEVICE_INTERNAL_FALLBACK_COMMUNITY +{% else %} +route-map FROM_BGP_INTERNAL_PEER_V4 permit 3 + match community DEVICE_INTERNAL_FALLBACK_COMMUNITY + set comm-list DEVICE_INTERNAL_FALLBACK_COMMUNITY delete + set tag {{ constants.bgp.route_eligible_for_fallback_to_default_tag }} +{% endif %} ! route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 set ipv6 next-hop prefer-global @@ -48,6 +60,17 @@ route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 route-map FROM_BGP_INTERNAL_PEER_V6 permit 3 match community NO_EXPORT set local-preference 80 + on-match next +! +{% if CONFIG_DB__DEVICE_METADATA['localhost']['subtype'] == 'DownstreamLC' %} +route-map FROM_BGP_INTERNAL_PEER_V6 deny 4 + match community DEVICE_INTERNAL_FALLBACK_COMMUNITY +{% else %} +route-map FROM_BGP_INTERNAL_PEER_V6 permit 4 + match community DEVICE_INTERNAL_FALLBACK_COMMUNITY + set comm-list DEVICE_INTERNAL_FALLBACK_COMMUNITY delete + set tag {{ constants.bgp.route_eligible_for_fallback_to_default_tag }} +{% endif %} ! route-map TO_BGP_INTERNAL_PEER_V4 permit 1 match ip address prefix-list PL_LoopbackV4 diff --git a/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/policies.conf.j2 b/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/policies.conf.j2 index 7002a0ac1a41..961587c6ebb7 100644 --- a/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/policies.conf.j2 +++ b/dockers/docker-fpm-frr/frr/bgpd/templates/voq_chassis/policies.conf.j2 @@ -2,6 +2,7 @@ ! template: bgpd/templates/voq_chassis/policies.conf.j2 ! bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit {{ constants.bgp.internal_community }} +bgp community-list standard DEVICE_INTERNAL_FALLBACK_COMMUNITY permit {{ constants.bgp.internal_fallback_community }} bgp community-list standard NO_EXPORT permit no-export ! route-map FROM_VOQ_CHASSIS_V4_PEER permit 1 @@ -12,6 +13,17 @@ route-map FROM_VOQ_CHASSIS_V4_PEER permit 1 route-map FROM_VOQ_CHASSIS_V4_PEER permit 2 match community NO_EXPORT set local-preference 80 + on-match next +! +{% if CONFIG_DB__DEVICE_METADATA['localhost']['subtype'] == 'UpstreamLC' %} +route-map FROM_VOQ_CHASSIS_V4_PEER deny 3 + match community DEVICE_INTERNAL_FALLBACK_COMMUNITY +{% else %} +route-map FROM_VOQ_CHASSIS_V4_PEER permit 3 + match community DEVICE_INTERNAL_FALLBACK_COMMUNITY + set comm-list DEVICE_INTERNAL_FALLBACK_COMMUNITY delete + set tag {{ constants.bgp.route_eligible_for_fallback_to_default_tag }} +{% endif %} ! route-map FROM_VOQ_CHASSIS_V4_PEER permit 100 ! @@ -21,7 +33,6 @@ route-map TO_VOQ_CHASSIS_V4_PEER permit 1 ! route-map TO_VOQ_CHASSIS_V4_PEER permit 100 ! -! route-map FROM_VOQ_CHASSIS_V6_PEER permit 1 set ipv6 next-hop prefer-global on-match next @@ -34,6 +45,17 @@ route-map FROM_VOQ_CHASSIS_V6_PEER permit 2 route-map FROM_VOQ_CHASSIS_V6_PEER permit 3 match community NO_EXPORT set local-preference 80 + on-match next +! +{% if CONFIG_DB__DEVICE_METADATA['localhost']['subtype'] == 'UpstreamLC' %} +route-map FROM_VOQ_CHASSIS_V6_PEER deny 4 + match community DEVICE_INTERNAL_FALLBACK_COMMUNITY +{% else %} +route-map FROM_VOQ_CHASSIS_V6_PEER permit 4 + match community DEVICE_INTERNAL_FALLBACK_COMMUNITY + set comm-list DEVICE_INTERNAL_FALLBACK_COMMUNITY delete + set tag {{ constants.bgp.route_eligible_for_fallback_to_default_tag }} +{% endif %} ! route-map FROM_VOQ_CHASSIS_V6_PEER permit 100 ! diff --git a/files/build_templates/sonic_debian_extension.j2 b/files/build_templates/sonic_debian_extension.j2 index ed2abd39fec0..9531fdc42805 100644 --- a/files/build_templates/sonic_debian_extension.j2 +++ b/files/build_templates/sonic_debian_extension.j2 @@ -103,10 +103,6 @@ sudo mkdir -p $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/ifupdown2_*.deb || \ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f -# Install a patched version of ipmitool (and its dependencies via 'apt-get -y install -f') -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/ipmitool_*.deb || \ - sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f - # Install a patched version of ntp (and its dependencies via 'apt-get -y install -f') sudo dpkg --root=$FILESYSTEM_ROOT --force-confdef --force-confold -i $debs_path/ntp_*.deb || \ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y \ diff --git a/files/image_config/constants/constants.yml b/files/image_config/constants/constants.yml index bb4aeb62ab92..01fb02deadf4 100644 --- a/files/image_config/constants/constants.yml +++ b/files/image_config/constants/constants.yml @@ -5,8 +5,11 @@ constants: bgp: traffic_shift_community: 12345:12345 internal_community: 11111:11111 - internal_community_match_tag: 1002 + internal_fallback_community: 22222:22222 sentinel_community: 12345:12346 + internal_community_match_tag: 201 + route_do_not_send_appdb_tag: 202 + route_eligible_for_fallback_to_default_tag: 203 families: - ipv4 - ipv6 diff --git a/platform/innovium/invm-sai.mk b/platform/innovium/invm-sai.mk index fa3e8abad9ad..b240e3fad47f 100755 --- a/platform/innovium/invm-sai.mk +++ b/platform/innovium/invm-sai.mk @@ -1,6 +1,6 @@ # INVM SAI -INVM_SAI_ONLINE = https://github.com/Innovium/SONiC/raw/master/debian/master +INVM_SAI_ONLINE = https://github.com/Innovium/SONiC/raw/master/debian/202405 INVM_LIBSAI = isai.deb INVM_HSAI = saihdr.deb diff --git a/platform/marvell/sai.mk b/platform/marvell/sai.mk index 44c1f92e8737..5c1c015e1269 100644 --- a/platform/marvell/sai.mk +++ b/platform/marvell/sai.mk @@ -2,11 +2,11 @@ BRANCH = 202405 ifeq ($(CONFIGURED_ARCH),arm64) -MRVL_SAI_VERSION = 1.14.0-2 +MRVL_SAI_VERSION = 1.14.0-3 else ifeq ($(CONFIGURED_ARCH),armhf) -MRVL_SAI_VERSION = 1.14.0-1 +MRVL_SAI_VERSION = 1.14.0-2 else -MRVL_SAI_VERSION = 1.14.0-1 +MRVL_SAI_VERSION = 1.14.0-2 endif MRVL_SAI_URL_PREFIX = https://github.com/Marvell-switching/sonic-marvell-binaries/raw/master/$(CONFIGURED_ARCH)/sai-plugin/$(BRANCH)/ diff --git a/rules/ipmitool.dep b/rules/ipmitool.dep deleted file mode 100644 index 7643d2477b59..000000000000 --- a/rules/ipmitool.dep +++ /dev/null @@ -1,11 +0,0 @@ - -SPATH := $($(IPMITOOL)_SRC_PATH) -DEP_FILES := $(SONIC_COMMON_FILES_LIST) rules/ipmitool.mk rules/ipmitool.dep -DEP_FILES += $(SONIC_COMMON_BASE_FILES_LIST) -DEP_FILES += $(shell git ls-files $(SPATH)) - -$(IPMITOOL)_CACHE_MODE := GIT_CONTENT_SHA -$(IPMITOOL)_DEP_FLAGS := $(SONIC_COMMON_FLAGS_LIST) -$(IPMITOOL)_DEP_FILES := $(DEP_FILES) - - diff --git a/rules/ipmitool.mk b/rules/ipmitool.mk deleted file mode 100644 index a3d08452473f..000000000000 --- a/rules/ipmitool.mk +++ /dev/null @@ -1,17 +0,0 @@ -# ipmitool packages -IPMITOOL_VERSION = 1.8.19 -IPMITOOL_VERSION_SUFFIX = 4+deb12u1 -IPMITOOL_VERSION_FULL = $(IPMITOOL_VERSION)-$(IPMITOOL_VERSION_SUFFIX) -IPMITOOL = ipmitool_$(IPMITOOL_VERSION_FULL)_$(CONFIGURED_ARCH).deb -$(IPMITOOL)_SRC_PATH = $(SRC_PATH)/ipmitool -SONIC_MAKE_DEBS += $(IPMITOOL) -IPMITOOL_DBG = ipmitool-dbgsym_$(IPMITOOL_VERSION_FULL)_$(CONFIGURED_ARCH).deb -$(eval $(call add_derived_package,$(IPMITOOL),$(IPMITOOL_DBG))) -DBG_SRC_ARCHIVE += ipmitool -# The .c, .cpp, .h & .hpp files under src/{$DBG_SRC_ARCHIVE list} -# are archived into debug one image to facilitate debugging. -# Export these variables so they can be used in a sub-make -export IPMITOOL_VERSION -export IPMITOOL_VERSION_FULL -export IPMITOOL -export IPMITOOL_DBG diff --git a/slave.mk b/slave.mk index f65a4b28b666..030923f60d7d 100644 --- a/slave.mk +++ b/slave.mk @@ -1360,7 +1360,6 @@ $(addprefix $(TARGET_PATH)/, $(SONIC_INSTALLERS)) : $(TARGET_PATH)/% : \ $(LINUX_KERNEL) \ $(SONIC_DEVICE_DATA) \ $(IFUPDOWN2) \ - $(IPMITOOL) \ $(KDUMP_TOOLS) \ $(LIBPAM_RADIUS) \ $(LIBNSS_RADIUS) \ diff --git a/src/ipmitool/Makefile b/src/ipmitool/Makefile deleted file mode 100644 index dc8b9c05ca53..000000000000 --- a/src/ipmitool/Makefile +++ /dev/null @@ -1,28 +0,0 @@ -.ONESHELL: -SHELL = /bin/bash -.SHELLFLAGS += -e - -MAIN_TARGET = $(IPMITOOL) -DERIVED_TARGETS = $(IPMITOOL_DBG) - -$(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% : - # Remove any stale files - rm -rf ./ipmitool-$(IPMITOOL_VERSION) ./ipmitool*.{deb,udeb,dsc,gz,xz} - # Obtain ipmitool - dget https://deb.debian.org/debian/pool/main/i/ipmitool/ipmitool_$(IPMITOOL_VERSION_FULL).dsc - # Build source and Debian packages - pushd ipmitool-$(IPMITOOL_VERSION) - - git init - git add -f * - git commit -m "unmodified ipmitool source" - - # Apply patches - stg init - stg import -s ../patch/series - dpkg-buildpackage -rfakeroot -d -b -us -uc -j$(SONIC_CONFIG_MAKE_JOBS) --admindir $(SONIC_DPKG_ADMINDIR) - popd - mv $* $(DERIVED_TARGETS) $(DEST)/ - -$(addprefix $(DEST)/, $(DERIVED_TARGETS)): $(DEST)/% : $(DEST)/$(MAIN_TARGET) - diff --git a/src/ipmitool/patch/0001-Changes-needed-to-install-enterprise.txt.patch b/src/ipmitool/patch/0001-Changes-needed-to-install-enterprise.txt.patch deleted file mode 100644 index dcaab247a9a1..000000000000 --- a/src/ipmitool/patch/0001-Changes-needed-to-install-enterprise.txt.patch +++ /dev/null @@ -1,113 +0,0 @@ -From 719292c4800054ead278affc2972d8f77babd227 Mon Sep 17 00:00:00 2001 -From: rajib-dutta1 -Date: Wed, 10 Jan 2024 20:51:03 -0800 -Subject: [PATCH] Changes needed to install enterprise.txt - ---- - Makefile.am | 40 ++++++++++++++++++++-------------------- - configure.ac | 30 +++++++++++++++--------------- - 2 files changed, 35 insertions(+), 35 deletions(-) - -diff --git a/Makefile.am b/Makefile.am -index 355d3f0..ec9605c 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -49,25 +49,25 @@ dist-hook: - .PHONY: install-pen-database uninstall-pen-database - .INTERMEDIATE: %.o %.la enterprise-numbers - --#if DOWNLOAD -- --#enterprise-numbers: --# @echo Downloading IANA PEN database... --# @$(DOWNLOAD) "$(IANA_PEN)" > tmpfile.$$PPID || {\ --# echo "FAILED to download the IANA PEN database"; \ --# rm tmpfile.$$PPID; \ --# false; \ --# } --# @mv tmpfile.$$PPID $@ --# --#install-pen-database: enterprise-numbers --# mkdir -m 755 -p $(DESTDIR)$(IANADIR) --# $(INSTALL_DATA) $< $(DESTDIR)$(IANADIR)/ --# --#uninstall-pen-database: --# -rm -rf $(DESTDIR)$(IANADIR)/enterprise-numbers --# --#else -+if DOWNLOAD -+ -+enterprise-numbers.txt: -+ @echo Downloading IANA PEN database... -+ @$(DOWNLOAD) "$(IANA_PEN)" > tmpfile.$$PPID || {\ -+ echo "FAILED to download the IANA PEN database"; \ -+ rm tmpfile.$$PPID; \ -+ false; \ -+ } -+ @mv tmpfile.$$PPID $@ -+ -+install-pen-database: enterprise-numbers.txt -+ mkdir -m 755 -p $(DESTDIR)$(IANADIR) -+ $(INSTALL_DATA) $< $(DESTDIR)$(IANADIR)/ -+ -+uninstall-pen-database: -+ -rm -rf $(DESTDIR)$(IANADIR)/enterprise-numbers.txt -+ -+else - - install-pen-database: - @echo "*** NOT installing the IANA PEN database." -@@ -77,7 +77,7 @@ uninstall-pen-database: - @echo "*** NOT uninstalling the IANA PEN database." - @echo "*** It was installed manually (if ever)." - --#endif -+endif - - install-data-local: install-pen-database - mkdir -p $(DESTDIR)$(DOCDIR) -diff --git a/configure.ac b/configure.ac -index b4321c6..d6ba62b 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -56,22 +56,22 @@ if test "x$exec_prefix" = "xNONE"; then - exec_prefix="$prefix" - fi - --#if test "x$WGET" = "x"; then --# if test "x$CURL" = "x"; then --# AC_MSG_WARN([** Neither wget nor curl could be found.]) --# AC_MSG_WARN([** IANA PEN database will not be installed by `make install` !]) --# else --# DOWNLOAD="$CURL --location --progress-bar" --# AM_CONDITIONAL([DOWNLOAD], [true]) --# fi --#else --# DOWNLOAD="$WGET -c -nd -O -" --# AM_CONDITIONAL([DOWNLOAD], [true]) --#fi -+if test "x$WGET" = "x"; then -+ if test "x$CURL" = "x"; then -+ AC_MSG_WARN([** Neither wget nor curl could be found.]) -+ AC_MSG_WARN([** IANA PEN database will not be installed by `make install` !]) -+ else -+ DOWNLOAD="$CURL --location --progress-bar" -+ AM_CONDITIONAL([DOWNLOAD], [true]) -+ fi -+else -+ DOWNLOAD="$WGET -c -nd -O -" -+ AM_CONDITIONAL([DOWNLOAD], [true]) -+fi - --#AC_MSG_WARN([** Download is:]) --#AC_MSG_WARN($DOWNLOAD) --#AC_SUBST(DOWNLOAD, $DOWNLOAD) -+AC_MSG_WARN([** Download is:]) -+AC_MSG_WARN($DOWNLOAD) -+AC_SUBST(DOWNLOAD, $DOWNLOAD) - - dnl - dnl set default option values --- -2.25.1 - diff --git a/src/ipmitool/patch/series b/src/ipmitool/patch/series deleted file mode 100644 index df9c99f748fa..000000000000 --- a/src/ipmitool/patch/series +++ /dev/null @@ -1 +0,0 @@ -0001-Changes-needed-to-install-enterprise.txt.patch diff --git a/src/sonic-bgpcfgd/tests/data/general/policies.conf/param_all_chassis_pkt.json b/src/sonic-bgpcfgd/tests/data/general/policies.conf/param_all_chassis_pkt.json new file mode 100644 index 000000000000..0a96a1cacfd6 --- /dev/null +++ b/src/sonic-bgpcfgd/tests/data/general/policies.conf/param_all_chassis_pkt.json @@ -0,0 +1,22 @@ +{ + "loopback0_ipv4": "10.10.10.10/32", + "constants": { + "bgp": { + "allow_list": { + "enabled": true, + "drop_community": "12345:12345" + }, + "route_eligible_for_fallback_to_default_tag": "203", + "route_do_not_send_appdb_tag" : "202", + "internal_fallback_community": "1111:2222" + } + }, + "allow_list_default_action": "permit", + "CONFIG_DB__DEVICE_METADATA": { + "localhost": { + "type": "SpineRouter", + "subtype": "UpstreamLC", + "switch_type": "chassis-packet" + } + } +} diff --git a/src/sonic-bgpcfgd/tests/data/general/policies.conf/param_all_chassis_pkt_down.json b/src/sonic-bgpcfgd/tests/data/general/policies.conf/param_all_chassis_pkt_down.json new file mode 100644 index 000000000000..103e5a1fdcac --- /dev/null +++ b/src/sonic-bgpcfgd/tests/data/general/policies.conf/param_all_chassis_pkt_down.json @@ -0,0 +1,22 @@ +{ + "loopback0_ipv4": "10.10.10.10/32", + "constants": { + "bgp": { + "allow_list": { + "enabled": true, + "drop_community": "12345:12345" + }, + "route_eligible_for_fallback_to_default_tag": "203", + "route_do_not_send_appdb_tag" : "202", + "internal_fallback_community": "1111:2222" + } + }, + "allow_list_default_action": "permit", + "CONFIG_DB__DEVICE_METADATA": { + "localhost": { + "type": "SpineRouter", + "subtype": "DownstreamLC", + "switch_type": "chassis-packet" + } + } +} diff --git a/src/sonic-bgpcfgd/tests/data/general/policies.conf/param_all_voq.json b/src/sonic-bgpcfgd/tests/data/general/policies.conf/param_all_voq.json new file mode 100644 index 000000000000..a940effc8463 --- /dev/null +++ b/src/sonic-bgpcfgd/tests/data/general/policies.conf/param_all_voq.json @@ -0,0 +1,22 @@ +{ + "loopback0_ipv4": "10.10.10.10/32", + "constants": { + "bgp": { + "allow_list": { + "enabled": true, + "drop_community": "12345:12345" + }, + "route_eligible_for_fallback_to_default_tag": "203", + "route_do_not_send_appdb_tag" : "202", + "internal_fallback_community": "1111:2222" + } + }, + "allow_list_default_action": "permit", + "CONFIG_DB__DEVICE_METADATA": { + "localhost": { + "type": "SpineRouter", + "subtype": "UpstreamLC", + "switch_type": "voq" + } + } +} diff --git a/src/sonic-bgpcfgd/tests/data/general/policies.conf/param_all_voq_down.json b/src/sonic-bgpcfgd/tests/data/general/policies.conf/param_all_voq_down.json new file mode 100644 index 000000000000..9671b7fcf25c --- /dev/null +++ b/src/sonic-bgpcfgd/tests/data/general/policies.conf/param_all_voq_down.json @@ -0,0 +1,22 @@ +{ + "loopback0_ipv4": "10.10.10.10/32", + "constants": { + "bgp": { + "allow_list": { + "enabled": true, + "drop_community": "12345:12345" + }, + "route_eligible_for_fallback_to_default_tag": "203", + "route_do_not_send_appdb_tag" : "202", + "internal_fallback_community": "1111:2222" + } + }, + "allow_list_default_action": "permit", + "CONFIG_DB__DEVICE_METADATA": { + "localhost": { + "type": "SpineRouter", + "subtype": "DownstreamLC", + "switch_type": "voq" + } + } +} diff --git a/src/sonic-bgpcfgd/tests/data/general/policies.conf/result_all.conf b/src/sonic-bgpcfgd/tests/data/general/policies.conf/result_all.conf index f19b98a859c8..fb51eadeb01f 100644 --- a/src/sonic-bgpcfgd/tests/data/general/policies.conf/result_all.conf +++ b/src/sonic-bgpcfgd/tests/data/general/policies.conf/result_all.conf @@ -1,6 +1,9 @@ ! ! template: bgpd/templates/general/policies.conf.j2 ! +ip prefix-list DEFAULT_IPV4 permit 0.0.0.0/0 +ipv6 prefix-list DEFAULT_IPV6 permit ::/0 +! ! please don't remove. 65535 entries are default rules ! which works when allow_list is enabled, but new configuration ! is not applied diff --git a/src/sonic-bgpcfgd/tests/data/general/policies.conf/result_all_chassis_pkt.conf b/src/sonic-bgpcfgd/tests/data/general/policies.conf/result_all_chassis_pkt.conf new file mode 100644 index 000000000000..7262a0c857d1 --- /dev/null +++ b/src/sonic-bgpcfgd/tests/data/general/policies.conf/result_all_chassis_pkt.conf @@ -0,0 +1,67 @@ +! +! template: bgpd/templates/general/policies.conf.j2 +! +ip prefix-list DEFAULT_IPV4 permit 0.0.0.0/0 +ipv6 prefix-list DEFAULT_IPV6 permit ::/0 +! +! please don't remove. 65535 entries are default rules +! which works when allow_list is enabled, but new configuration +! is not applied +! +route-map ALLOW_LIST_DEPLOYMENT_ID_0_V4 permit 65535 + set community 12345:12345 additive +! +route-map ALLOW_LIST_DEPLOYMENT_ID_0_V6 permit 65535 + set community 12345:12345 additive +! +bgp community-list standard allow_list_default_community permit no-export +bgp community-list standard allow_list_default_community permit 12345:12345 +! +route-map FROM_BGP_PEER_V4 permit 10 + call ALLOW_LIST_DEPLOYMENT_ID_0_V4 + on-match next +! +route-map FROM_BGP_PEER_V4 permit 11 + match community allow_list_default_community + on-match next +! +route-map FROM_BGP_PEER_V4 permit 12 + match ip address prefix-list DEFAULT_IPV4 +! +route-map FROM_BGP_PEER_V4 permit 13 + set tag 203 + set community 1111:2222 additive +! +route-map FROM_BGP_PEER_V6 permit 10 + call ALLOW_LIST_DEPLOYMENT_ID_0_V6 + on-match next +! +route-map FROM_BGP_PEER_V6 permit 11 + match community allow_list_default_community + on-match next +! +route-map FROM_BGP_PEER_V6 permit 12 + match ipv6 address prefix-list DEFAULT_IPV6 +! +route-map FROM_BGP_PEER_V6 permit 13 + set tag 203 + set community 1111:2222 additive +! +route-map FROM_BGP_PEER_V4 permit 100 +! +route-map TO_BGP_PEER_V4 permit 100 + call CHECK_IDF_ISOLATION +! +route-map FROM_BGP_PEER_V6 permit 1 + on-match next + set ipv6 next-hop prefer-global +! +route-map FROM_BGP_PEER_V6 permit 100 +! +route-map TO_BGP_PEER_V6 permit 100 + call CHECK_IDF_ISOLATION +! +route-map CHECK_IDF_ISOLATION permit 10 +! +! end of template: bgpd/templates/general/policies.conf.j2 +! diff --git a/src/sonic-bgpcfgd/tests/data/general/policies.conf/result_all_chassis_pkt_down.conf b/src/sonic-bgpcfgd/tests/data/general/policies.conf/result_all_chassis_pkt_down.conf new file mode 100644 index 000000000000..fb51eadeb01f --- /dev/null +++ b/src/sonic-bgpcfgd/tests/data/general/policies.conf/result_all_chassis_pkt_down.conf @@ -0,0 +1,51 @@ +! +! template: bgpd/templates/general/policies.conf.j2 +! +ip prefix-list DEFAULT_IPV4 permit 0.0.0.0/0 +ipv6 prefix-list DEFAULT_IPV6 permit ::/0 +! +! please don't remove. 65535 entries are default rules +! which works when allow_list is enabled, but new configuration +! is not applied +! +route-map ALLOW_LIST_DEPLOYMENT_ID_0_V4 permit 65535 + set community 12345:12345 additive +! +route-map ALLOW_LIST_DEPLOYMENT_ID_0_V6 permit 65535 + set community 12345:12345 additive +! +bgp community-list standard allow_list_default_community permit no-export +bgp community-list standard allow_list_default_community permit 12345:12345 +! +route-map FROM_BGP_PEER_V4 permit 10 + call ALLOW_LIST_DEPLOYMENT_ID_0_V4 + on-match next +! +route-map FROM_BGP_PEER_V4 permit 11 + match community allow_list_default_community +! +route-map FROM_BGP_PEER_V6 permit 10 + call ALLOW_LIST_DEPLOYMENT_ID_0_V6 + on-match next +! +route-map FROM_BGP_PEER_V6 permit 11 + match community allow_list_default_community +! +route-map FROM_BGP_PEER_V4 permit 100 +! +route-map TO_BGP_PEER_V4 permit 100 + call CHECK_IDF_ISOLATION +! +route-map FROM_BGP_PEER_V6 permit 1 + on-match next + set ipv6 next-hop prefer-global +! +route-map FROM_BGP_PEER_V6 permit 100 +! +route-map TO_BGP_PEER_V6 permit 100 + call CHECK_IDF_ISOLATION +! +route-map CHECK_IDF_ISOLATION permit 10 +! +! end of template: bgpd/templates/general/policies.conf.j2 +! diff --git a/src/sonic-bgpcfgd/tests/data/general/policies.conf/result_all_voq.conf b/src/sonic-bgpcfgd/tests/data/general/policies.conf/result_all_voq.conf new file mode 100644 index 000000000000..9c6b1fc28422 --- /dev/null +++ b/src/sonic-bgpcfgd/tests/data/general/policies.conf/result_all_voq.conf @@ -0,0 +1,67 @@ +! +! template: bgpd/templates/general/policies.conf.j2 +! +ip prefix-list DEFAULT_IPV4 permit 0.0.0.0/0 +ipv6 prefix-list DEFAULT_IPV6 permit ::/0 +! +! please don't remove. 65535 entries are default rules +! which works when allow_list is enabled, but new configuration +! is not applied +! +route-map ALLOW_LIST_DEPLOYMENT_ID_0_V4 permit 65535 + set community 12345:12345 additive +! +route-map ALLOW_LIST_DEPLOYMENT_ID_0_V6 permit 65535 + set community 12345:12345 additive +! +bgp community-list standard allow_list_default_community permit no-export +bgp community-list standard allow_list_default_community permit 12345:12345 +! +route-map FROM_BGP_PEER_V4 permit 10 + call ALLOW_LIST_DEPLOYMENT_ID_0_V4 + on-match next +! +route-map FROM_BGP_PEER_V4 permit 11 + match community allow_list_default_community + on-match next +! +route-map FROM_BGP_PEER_V4 permit 12 + match ip address prefix-list DEFAULT_IPV4 +! +route-map FROM_BGP_PEER_V4 permit 13 + set tag 202 + set community 1111:2222 additive +! +route-map FROM_BGP_PEER_V6 permit 10 + call ALLOW_LIST_DEPLOYMENT_ID_0_V6 + on-match next +! +route-map FROM_BGP_PEER_V6 permit 11 + match community allow_list_default_community + on-match next +! +route-map FROM_BGP_PEER_V6 permit 12 + match ipv6 address prefix-list DEFAULT_IPV6 +! +route-map FROM_BGP_PEER_V6 permit 13 + set tag 202 + set community 1111:2222 additive +! +route-map FROM_BGP_PEER_V4 permit 100 +! +route-map TO_BGP_PEER_V4 permit 100 + call CHECK_IDF_ISOLATION +! +route-map FROM_BGP_PEER_V6 permit 1 + on-match next + set ipv6 next-hop prefer-global +! +route-map FROM_BGP_PEER_V6 permit 100 +! +route-map TO_BGP_PEER_V6 permit 100 + call CHECK_IDF_ISOLATION +! +route-map CHECK_IDF_ISOLATION permit 10 +! +! end of template: bgpd/templates/general/policies.conf.j2 +! diff --git a/src/sonic-bgpcfgd/tests/data/general/policies.conf/result_all_voq_down.conf b/src/sonic-bgpcfgd/tests/data/general/policies.conf/result_all_voq_down.conf new file mode 100644 index 000000000000..fb51eadeb01f --- /dev/null +++ b/src/sonic-bgpcfgd/tests/data/general/policies.conf/result_all_voq_down.conf @@ -0,0 +1,51 @@ +! +! template: bgpd/templates/general/policies.conf.j2 +! +ip prefix-list DEFAULT_IPV4 permit 0.0.0.0/0 +ipv6 prefix-list DEFAULT_IPV6 permit ::/0 +! +! please don't remove. 65535 entries are default rules +! which works when allow_list is enabled, but new configuration +! is not applied +! +route-map ALLOW_LIST_DEPLOYMENT_ID_0_V4 permit 65535 + set community 12345:12345 additive +! +route-map ALLOW_LIST_DEPLOYMENT_ID_0_V6 permit 65535 + set community 12345:12345 additive +! +bgp community-list standard allow_list_default_community permit no-export +bgp community-list standard allow_list_default_community permit 12345:12345 +! +route-map FROM_BGP_PEER_V4 permit 10 + call ALLOW_LIST_DEPLOYMENT_ID_0_V4 + on-match next +! +route-map FROM_BGP_PEER_V4 permit 11 + match community allow_list_default_community +! +route-map FROM_BGP_PEER_V6 permit 10 + call ALLOW_LIST_DEPLOYMENT_ID_0_V6 + on-match next +! +route-map FROM_BGP_PEER_V6 permit 11 + match community allow_list_default_community +! +route-map FROM_BGP_PEER_V4 permit 100 +! +route-map TO_BGP_PEER_V4 permit 100 + call CHECK_IDF_ISOLATION +! +route-map FROM_BGP_PEER_V6 permit 1 + on-match next + set ipv6 next-hop prefer-global +! +route-map FROM_BGP_PEER_V6 permit 100 +! +route-map TO_BGP_PEER_V6 permit 100 + call CHECK_IDF_ISOLATION +! +route-map CHECK_IDF_ISOLATION permit 10 +! +! end of template: bgpd/templates/general/policies.conf.j2 +! diff --git a/src/sonic-bgpcfgd/tests/data/general/policies.conf/result_base.conf b/src/sonic-bgpcfgd/tests/data/general/policies.conf/result_base.conf index 671eea007cf9..b7fa74f98b5c 100644 --- a/src/sonic-bgpcfgd/tests/data/general/policies.conf/result_base.conf +++ b/src/sonic-bgpcfgd/tests/data/general/policies.conf/result_base.conf @@ -1,6 +1,9 @@ ! ! template: bgpd/templates/general/policies.conf.j2 ! +ip prefix-list DEFAULT_IPV4 permit 0.0.0.0/0 +ipv6 prefix-list DEFAULT_IPV6 permit ::/0 +! route-map FROM_BGP_PEER_V4 permit 100 ! route-map TO_BGP_PEER_V4 permit 100 diff --git a/src/sonic-bgpcfgd/tests/data/general/policies.conf/result_deny.conf b/src/sonic-bgpcfgd/tests/data/general/policies.conf/result_deny.conf index fdc10b84bf8f..08d768fd41e3 100644 --- a/src/sonic-bgpcfgd/tests/data/general/policies.conf/result_deny.conf +++ b/src/sonic-bgpcfgd/tests/data/general/policies.conf/result_deny.conf @@ -1,6 +1,9 @@ ! ! template: bgpd/templates/general/policies.conf.j2 ! +ip prefix-list DEFAULT_IPV4 permit 0.0.0.0/0 +ipv6 prefix-list DEFAULT_IPV6 permit ::/0 +! ! please don't remove. 65535 entries are default rules ! which works when allow_list is enabled, but new configuration ! is not applied diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_chasiss_packet.json b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_chasiss_packet.json index 1e600cc9d72b..c0031457c05c 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_chasiss_packet.json +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/param_chasiss_packet.json @@ -3,13 +3,16 @@ "localhost": { "type": "SpineRouter", "sub_role": "FrontEnd", - "switch_type": "chassis-packet" + "switch_type": "chassis-packet", + "subtype": "DownstreamLC" } }, "constants": { "bgp": { "internal_community": "12345:556", - "internal_community_match_tag": "101" + "internal_community_match_tag": "101", + "route_eligible_for_fallback_to_default_tag": "203", + "internal_fallback_community": "1111:2222" } }, "loopback0_ipv4": "10.10.10.10/32" diff --git a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_chasiss_packet.conf b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_chasiss_packet.conf index 4b346d635975..5569f3a5d392 100644 --- a/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_chasiss_packet.conf +++ b/src/sonic-bgpcfgd/tests/data/internal/policies.conf/result_chasiss_packet.conf @@ -2,6 +2,7 @@ ! template: bgpd/templates/internal/policies.conf.j2 ! bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit 12345:556 +bgp community-list standard DEVICE_INTERNAL_FALLBACK_COMMUNITY permit 1111:2222 bgp community-list standard NO_EXPORT permit no-export ! route-map FROM_BGP_INTERNAL_PEER_V4 permit 1 @@ -12,6 +13,10 @@ route-map FROM_BGP_INTERNAL_PEER_V4 permit 1 route-map FROM_BGP_INTERNAL_PEER_V4 permit 2 match community NO_EXPORT set local-preference 80 + on-match next +! +route-map FROM_BGP_INTERNAL_PEER_V4 deny 3 + match community DEVICE_INTERNAL_FALLBACK_COMMUNITY ! route-map FROM_BGP_INTERNAL_PEER_V6 permit 1 set ipv6 next-hop prefer-global @@ -25,6 +30,10 @@ route-map FROM_BGP_INTERNAL_PEER_V6 permit 2 route-map FROM_BGP_INTERNAL_PEER_V6 permit 3 match community NO_EXPORT set local-preference 80 + on-match next +! +route-map FROM_BGP_INTERNAL_PEER_V6 deny 4 + match community DEVICE_INTERNAL_FALLBACK_COMMUNITY ! route-map TO_BGP_INTERNAL_PEER_V4 permit 1 match ip address prefix-list PL_LoopbackV4 diff --git a/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/param_base.json b/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/param_base.json index 483cc938c59d..1d2f80eed337 100644 --- a/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/param_base.json +++ b/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/param_base.json @@ -1,11 +1,16 @@ { "CONFIG_DB__DEVICE_METADATA": { - "localhost": {} + "localhost": { + "type": "SpineRouter", + "subtype": "DownstreamLC" + } }, "constants": { "bgp": { "internal_community": "12345:556", - "internal_community_match_tag": "101" + "internal_community_match_tag": "101", + "route_eligible_for_fallback_to_default_tag": "203", + "internal_fallback_community": "1111:2222" } } } diff --git a/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/result_base.conf b/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/result_base.conf index f0e3771d1a39..10fe3c832655 100644 --- a/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/result_base.conf +++ b/src/sonic-bgpcfgd/tests/data/voq_chassis/policies.conf/result_base.conf @@ -2,6 +2,7 @@ ! template: bgpd/templates/voq_chassis/policies.conf.j2 ! bgp community-list standard DEVICE_INTERNAL_COMMUNITY permit 12345:556 +bgp community-list standard DEVICE_INTERNAL_FALLBACK_COMMUNITY permit 1111:2222 bgp community-list standard NO_EXPORT permit no-export ! route-map FROM_VOQ_CHASSIS_V4_PEER permit 1 @@ -12,6 +13,12 @@ route-map FROM_VOQ_CHASSIS_V4_PEER permit 1 route-map FROM_VOQ_CHASSIS_V4_PEER permit 2 match community NO_EXPORT set local-preference 80 + on-match next +! +route-map FROM_VOQ_CHASSIS_V4_PEER permit 3 + match community DEVICE_INTERNAL_FALLBACK_COMMUNITY + set comm-list DEVICE_INTERNAL_FALLBACK_COMMUNITY delete + set tag 203 ! route-map FROM_VOQ_CHASSIS_V4_PEER permit 100 ! @@ -33,6 +40,12 @@ route-map FROM_VOQ_CHASSIS_V6_PEER permit 2 route-map FROM_VOQ_CHASSIS_V6_PEER permit 3 match community NO_EXPORT set local-preference 80 + on-match next +! +route-map FROM_VOQ_CHASSIS_V6_PEER permit 4 + match community DEVICE_INTERNAL_FALLBACK_COMMUNITY + set comm-list DEVICE_INTERNAL_FALLBACK_COMMUNITY delete + set tag 203 ! route-map FROM_VOQ_CHASSIS_V6_PEER permit 100 ! diff --git a/src/sonic-platform-daemons b/src/sonic-platform-daemons index 8f506ed903ad..ff07eeba0853 160000 --- a/src/sonic-platform-daemons +++ b/src/sonic-platform-daemons @@ -1 +1 @@ -Subproject commit 8f506ed903ad3f65c3affc358aa27cd0ce85cecf +Subproject commit ff07eeba0853de9f8797deba223c8ad6685a6635 diff --git a/src/sonic-sairedis b/src/sonic-sairedis index 17e893c5bf54..a00e89d58425 160000 --- a/src/sonic-sairedis +++ b/src/sonic-sairedis @@ -1 +1 @@ -Subproject commit 17e893c5bf54b2bbf092769866ebad46827da06d +Subproject commit a00e89d5842531f7bd5081ffcae33935c6727fb4 diff --git a/src/sonic-swss b/src/sonic-swss index fcd9d9ebc726..1918744c8bc5 160000 --- a/src/sonic-swss +++ b/src/sonic-swss @@ -1 +1 @@ -Subproject commit fcd9d9ebc726156b083780bdd6c2ed9b52a7a963 +Subproject commit 1918744c8bc56e9f08e255a76ccca05e8018c2a6