Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[dualtor][active-active] Add Skip adding ingress drop ACL section #1180

Merged
merged 3 commits into from
Dec 13, 2022
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions doc/dualtor/active_active_hld.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ Active-active dual ToR link manager is an evolution of active-standby dual ToR l
| 0.1 | 05/23/22 | Jing Zhang | Initial version |
| 0.2 | 12/02/22 | Longxiang Lyu | Add Traffic Forwarding section |
| 0.3 | 12/08/22 | Longxiang Lyu | Add BGP update delay section |
| 0.4 | 12/13/22 | Longxiang Lyu | Add skip ACL section |

## Scope
This document provides the high level design of SONiC dual toR solution, supporting active-active setup.
Expand Down Expand Up @@ -50,6 +51,7 @@ This document provides the high level design of SONiC dual toR solution, support
- [3.8.1 Advertise updated routes to T1](#381-advertise-updated-routes-to-t1)
- [3.8.2 Server Servicing & ToR Upgrade](#382-server-servicing--tor-upgrade)
- [3.8.3 BGP update delay](#383-bgp-update-delay)
- [3.8.4 Skip adding ingress drop ACL](#384-skip-adding-ingress-drop-acl)
- [3.9 Command Line](#39-command-line)

[4 Warm Reboot Support](#4-warm-reboot-support)
Expand Down Expand Up @@ -478,6 +480,11 @@ When the BGP neighbors are started on an active-active T0 switch, the T0 will tr

So for the active-active T0s, a BGP update delay of 10 seconds is introduced to the BGP configurations to postpone sending BGP update after BGP session establishment. In this case, the T0 could learn routes from the T1s before the T1s learn any routes from the T0. So when the T1 could send any downstream traffic to the T0, the T0 will have default routes ready.

#### 3.8.4 Skip adding ingress drop ACL
Previously, at a high level, when the mux port comes to standby, the MuxOrch add ingress ACL to drop packets on the mux port. And when the mux port comes to active, the MuxOrch remove the ingress ACL. As described in [3.6], the MuxOrch is acted an intermediate agent between LinkMgrd and the transceiver daemon. Before the NiC receives gRPC request to toggle standby, the ingress drop ACL has already been programmed by MuxOrch. In this period, the server NiC still regard this ToR as active and could send upstream traffic to this ToR, but the upstream traffic will be dropped by the installed ingress drop ACL rule.

A change to skip the installation of ingress drop ACL rule when toggling standby is introduced to forward the upstream traffic with best effort. This is because that, though the mux port is already in standby state in this period, the removal of the ingress drop ACL could allow the upstream traffic to reach the ToR and to be possibly forwarded by the ToR.

### 3.9 Command Line
TBD

Expand Down