[doc] Add HLD for Private Link Redirect Map #664
Conversation
|
/azp run |
|
Commenter does not have sufficient privileges for PR 664 in repo sonic-net/DASH |
|
/azp run |
|
Commenter does not have sufficient privileges for PR 664 in repo sonic-net/DASH |
jimmyzhai
force-pushed
the
pl_redirect_map_hld
branch
from
7ef1f8e to
deb4fc3
Compare
|
/azp run |
|
Commenter does not have sufficient privileges for PR 664 in repo sonic-net/DASH |
jimmyzhai
force-pushed
the
pl_redirect_map_hld
branch
from
deb4fc3 to
4b2a85d
Compare
|
/azp run |
|
Commenter does not have sufficient privileges for PR 664 in repo sonic-net/DASH |
jimmyzhai
force-pushed
the
pl_redirect_map_hld
branch
from
4b2a85d to
ba72c71
Compare
|
/azp run |
|
Commenter does not have sufficient privileges for PR 664 in repo sonic-net/DASH |
jimmyzhai
force-pushed
the
pl_redirect_map_hld
branch
from
ba72c71 to
0fb019e
Compare
|
/azp run |
|
Commenter does not have sufficient privileges for PR 664 in repo sonic-net/DASH |
|
|
||
| #### 5.1.1 Private Link | ||
| 1. **VNI Lookup**: First, we will look up the VNI to determine the packet direction. In this case, we consider all the packets from on-premises network as outbound direction from the floating NIC perspective. | ||
| ```json |
There was a problem hiding this comment.
it will be better to describe the things in the form of SAI API in DASH, and leaving the SONiC dash tables into the SONiC-DASH HLD as DB schema and etc.
| ## 4. Resource modeling, requirement, and SLA | ||
| ### 4.1 Scaling requirement | ||
| The scaling requirement for PL redirect map are listed as below. The metrics are based on a 200Gbps DPU: | ||
| | Metric | Requirement | |
There was a problem hiding this comment.
Update to refer to SONiC DASH HLD.
|
/azp run |
|
Commenter does not have sufficient privileges for PR 664 in repo sonic-net/DASH |
jimmyzhai
force-pushed
the
pl_redirect_map_hld
branch
from
1bf5eca to
0f872fc
Compare
|
/azp run |
|
Commenter does not have sufficient privileges for PR 664 in repo sonic-net/DASH |
|
hi @jimmyzhai and @r12f - is this one ready to go? |
|
|
||
| The only difference is that the IP address used in underlay routing and 4to6 action will be specified by a port-based service mapping – for a specified port range, different IP or destination port can be used for crafting the packet. | ||
|
|
||
|  |
There was a problem hiding this comment.
will be better to export svg using this setting:
| When PL NSG is enabled, the extra encap for tunneling the packet to NSG will still be added on top the original PL encap. And the return packet will be exactly the same as the regular case without PL NSG. | ||
|
|
||
| ### 3.3 Redirect map with fast path | ||
| The Fast Path here is not ER Fast Path, but the fast path that required by PLS. Fast path ICMP flow redirection will still take effect when redirect map is used. |
There was a problem hiding this comment.
The Fast Path here is not ER Fast Path, but the fast path that required by PLS.
We have defined LB fast path in DASH, we can add link and refer to the doc.
|
|
||
| | Attribute name | Type | Description | | ||
| | --- | --- | --- | | ||
| | SAI_OUTBOUND_PORT_MAP_ATTR_COUNTER_ID | sai_object_id_t | Attach a counter. | |
There was a problem hiding this comment.
what does this counter actually do?
| | --- | --- | --- | | ||
| | SAI_OUTBOUND_PORT_MAP_ATTR_COUNTER_ID | sai_object_id_t | Attach a counter. | | ||
|
|
||
| NOTE: More attributes could be added in the future for SNAT/DNAT scenarios. |
There was a problem hiding this comment.
this is not defined, so better removing it to avoid confusion.
| The Fast Path here is not ER Fast Path, but the fast path that required by PLS. Fast path ICMP flow redirection will still take effect when redirect map is used. | ||
|
|
||
| - If PL NSG is not used, it changes the flow just like regular PL case. | ||
|
|
There was a problem hiding this comment.
install markdownlint extension and fix the format.
| | --- | --- | --- | | ||
| | entry.port_map_id | `sai_object_id_t` | (SAI object ID of the port map) | | ||
|
|
||
| Later in the stage of outbound port map, the port map id and inner packet destination port consists of a match key to look up table outbound_port_map_port_range, the matched table entry contains a rewrite info for the redirect map. |
There was a problem hiding this comment.
will be better to split the section into 2:
6.1.1. Mapping - VNET
6.1.2. Mapping - Port Mapping
| ### 6.1 VM-to-PLS direction (Outbound) | ||
|
|
||
| **Mapping - VNET**: | ||
| Each mapping will be associated with a port map object: |
There was a problem hiding this comment.
here, it will be better to add a bit more context on what mapping it is.
| | entry_attr.SAI_OUTBOUND_PORT_MAP_PORT_RANGE_ENTRY_ATTR_BACKEND_PORT_BASE | `sai_uint16_t` | `11000` | | ||
|
|
||
| ### 6.2. PLS-to-VM direction | ||
| None of changes. |
There was a problem hiding this comment.
Missing the PL NSG case explanation here, although it works the same way.
| SAI_OUTBOUND_PORT_MAP_PORT_RANGE_ENTRY_ACTION_SKIP_MAPPING, | ||
| SAI_OUTBOUND_PORT_MAP_PORT_RANGE_ENTRY_ACTION_MAP_TO_PRIVATE_LINK_SERVICE, | ||
| } sai_outbound_port_map_port_range_entry_action_t; | ||
| ``` |
There was a problem hiding this comment.
if the packet is not hit any mapping, it should be skipped the mapping by default.
| | SAI_OUTBOUND_CA_TO_PA_ENTRY_ATTR_OUTBOUND_PORT_MAP_ID | sai_object_id_t | Outbound port map id. | | ||
|
|
||
| ## 6. DASH pipeline behavior | ||
| Following [DASH pipeline behavior of private link service](https://github.com/sonic-net/DASH/blob/main/documentation/private-link-service/private-link-service.md#6-dash-pipeline-behavior), it adds updates for redirect map. |
There was a problem hiding this comment.
need to explain more clearly where the redirect map is added.
| | ER | [ExpressRoute]( https://learn.microsoft.com/en-gb/azure/expressroute/expressroute-introduction)| | ||
| | MSEE | Microsoft Enterprise Edge | | ||
| | CE | Customer Edge | | ||
| | MSEE/CE routers | Microsoft Enterprise Edge / Customer Edge routers. CE and MSEE routers are directly connected and forming pairs. | |
There was a problem hiding this comment.
MSEE/CE are not required here for PL redirect map doc
|
|
||
| | Attribute name | Type | Description | | ||
| | --- | --- | --- | | ||
| | SAI_OUTBOUND_PORT_MAP_ATTR_COUNTER_ID | sai_object_id_t | Attach a counter. | |
There was a problem hiding this comment.
svc rewrite info is missing in the port map attributes, such as src prefix, dst prefix.
| | entry_attr.SAI_OUTBOUND_PORT_MAP_PORT_RANGE_ENTRY_ATTR_BACKEND_IP | `sai_ip_address_t` | `3.3.3.1` | | ||
| | entry_attr.SAI_OUTBOUND_PORT_MAP_PORT_RANGE_ENTRY_ATTR_MATCH_PORT_BASE | `sai_uint16_t` | `2000` | | ||
| | entry_attr.SAI_OUTBOUND_PORT_MAP_PORT_RANGE_ENTRY_ATTR_BACKEND_PORT_BASE | `sai_uint16_t` | `11000` | | ||
|
|
There was a problem hiding this comment.
better add a clarification of metering. it follows the CA-PA mapping one, and currently doesn't have any special action in port map.
No description provided.