Add everflow test plan updated for egress acl and mirroring #3
Conversation
| Combinations | ACL table stage: ingress | ACL table stage: egress | ||
| -|-|- | ||
| ACL Rule MIRROR_INGRESS_ACTION | [x] | N/A | ||
| ACL Rule MIRROR_EGRESS_ACTION | [x] | [x] |
There was a problem hiding this comment.
For which platform is this table?
There was a problem hiding this comment.
This table listed all the possible combinations for all platforms. As you suggested, on a specific platform, we can query its SWITCH_CAPABILITY to decide which combinations to cover and skip unsupported combinations.
| ACL Rule MIRROR_INGRESS_ACTION | [x] | N/A | ||
| ACL Rule MIRROR_EGRESS_ACTION | [x] | [x] | ||
|
|
||
| Totally there are 3 possible combinations. Not all the combinations are supported by all platforms. The actual combinations to be tested are determined the actual DUT platform. |
There was a problem hiding this comment.
I think of two options:
- Query SWITCH_CAPABILITY table and decide which test cases to run and which to skip
- Make user define this in some .yml configuration file per platform/hwsku/asic vendor
I am Ok with both. Since correctness of SWITCH_CAPABILITY table is verified by VS test I think you can rely on that during system level testing.
I am also Ok with .yml with configuration per platform/hwsku/asic.
Which one would you choose?
doc/acl/Everflow-test-plan.md
Outdated
|
|
||
| Each test case will run traffic for persistent and dynamic Everflow ACL rules. | ||
|
|
||
| Each test case will analyze Everflow packet header and payload (if mirrored packet is equal to original). |
There was a problem hiding this comment.
In case of egress mirror are you planning to validate that this is indeed an egress mirrored packet?
e.g for simple case - routed packet ttl decremented? and on ingress tll is the same?
There was a problem hiding this comment.
I didn't think of that. But it is a very good idea. I'll update the test plan to add that validation.
| - Send packets that matches each Everflow ACL rule. | ||
| - Verify that packet mirrored to appropriate port. | ||
| - Analyze mirrored packet header. | ||
| - Verify that mirrored packet payload is equal to sent packet. |
There was a problem hiding this comment.
What does it mean 'equal to sent packet'? It depends on ingress/egress stage. Please refer to above comment.
There was a problem hiding this comment.
Sure, I'll update it to make it more accurate.
There was a problem hiding this comment.
The check here is for payload of mirrored packet. This part should always be equal to sent packet.
|
was this ever published with the test code? |
|
@liat-grozovik No, it was not published. |
This test plan is based on https://github.com/Azure/SONiC/wiki/Everflow-test-plan
After sonic-net#411 and egress ACL are supported, the everflow testing need to be extended to cover these two new features.
The extended everflow testing also plan to cover IPv6.
A new ACL rule option "IN_PORTS" is added too.