sonic-mgmt-common: Support for L2 match fields for L2 ACL table #66
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Added support for L2_TABLE related match fields for configuring rules to ACL L2 TABLE
sonic-net/sonic-swss#2554
[https://github.com/sonic-net/sonic-utilities/pull/2516
Why I did it
ACL supports only L3 and L3V6 table type. There is no support for matching L2 fields.
When user wants to match fields like SRC_MAC, DST_MAC, VLAN_ID, VLAN_PCP, VLAN_DEI we do not have support for these fields in sonic yang.
Added support for these fields in sonic-acl.yang.
How I verified it
Create L2 Table from CLICK
"config acl add table -s ingress -p <table_name> L2"
Add rules using CONFIG_DB format
add rules src mac, dst mac, ether type, pcp, dei & vlan id
"L2_TABLE|RULE_2": {
"SRC_MAC": "00:00:00:11:11:11/00:00:00:ff:ff:ff",
"DST_MAC": "00:00:00:22:22:22/00:00:00:ff:ff:ff",
"ETHER_TYPE": "0x0800",
"VLAN_ID": "100",
"VLAN_PCP": "5/7",
"VLAN_DEI": "1",
"PRIORITY": "5",
"PACKET_ACTION": "DROP"
}
Validate commands "show acl table"
Validate commands and fields in "show acl rule"
Validate commands "aclshow -a" /* Ensured that the counters are hitting the relevant rule */
Add rules using openconfig json format for supported fields "config acl update full/incremental <file.json>"
"source-mac": "00:00:00:11:11:12",
"source-mac-mask": "00:00:00:ff:ff:ff",
"destination-mac": "00:00:00:11:11:13",
"destination-mac-mask": "00:00:00:ff:ff:ff",
"ethertype": "ETHERTYPE_ARP"
All the rules are added for each field and combinations as well. and each field tested with traffic in Broadcom based platform.