Combine v4 and v6 L3 ACL rules on optimized platforms #1267

[rck-innovium]

What I did
Support a new ACL table type called L3V4V6.
This table supports both v4 and v6 Match types.
Add unit tests for this new ACL table type.
HLD: sonic-net/SONiC#1267

Signed-off-by: Ravi(Marvell) [email protected]

Why I did it
To optimise ACL TCAM usage in capable platforms.

How I verified it
Add unit tests for this new ACL table type.

sudo pytest -s test_acl_l3v4v6.py
collected 2 items

test_acl_l3v4v6.py ..

======================= 2 passed, 1 warning in 60.88s (0:01:00) 

[rck-innovium]

@bingwang-ms  I have addressed your comments and added corresponding UT as well. Please review and approve.

[bingwang-ms]

LGTM. Are you going to update acl loader to support this new type as well?

[rck-innovium]

LGTM. Are you going to update acl loader to support this new type as well?

Thank you, for the review. The acl-loader support is under review: sonic-net/sonic-utilities#2794

It is currently assigned to Prince and Qi Luo for review. But appreciate it if you can also review the acl-loader PR.

[rck-innovium]

@prsunny 

The PR has been reviewed by Bing. Can you please merge before 202305 fork.

[prsunny]

Why change VS platform to combined? Does it impact any current acl tests? @bingwang-ms

[bingwang-ms]

I think the change to VS makes no difference. AFAIK, We don't run acl test on VS. But even though, I think it doesn't make sense to change the behavior of VS. I suggest removing the change to VS_PLATFORM. @rck-innovium

[rck-innovium]

@bingwang-ms 

After removing the VS platform, I ran the tests that create ACL tables of the new L3V4V6 type and saw that the ACL table creation fails. 

marvell@cpss-testvm2:~/rck/sonic-dbg/sonic-buildimage/src/sonic-swss/tests$ sudo pytest -v  test_acl_l3v4v6.py
[sudo] password for marvell:
============================================================================================================================ test session starts =============================================================================================================================
:
:
test_acl_l3v4v6.py::TestAcl::test_L3V4V6AclTableCreationDeletion FAILED                                                                                                                                                                                                [ 20%]
:
:
=================================================================================================================================== ERRORS ===================================================================================================================================
________________________________________________________________________________________________________ ERROR at setup of TestAcl.test_ValidAclRuleCreation_sip_dip _________________________________________________________________________________________________________

self = <test_acl_l3v4v6.TestAcl object at 0x7f8141afba60>, dvs_acl = <dvslib.dvs_acl.DVSAcl object at 0x7f8141a564c0>

    @pytest.fixture
    def l3v4v6_acl_table(self, dvs_acl):
        try:
            dvs_acl.create_acl_table(L3V4V6_TABLE_NAME,
                                     L3V4V6_TABLE_TYPE,
                                     L3V4V6_BIND_PORTS)
>           yield dvs_acl.get_acl_table_ids(1)[0]

test_acl_l3v4v6.py:16:

The reason for the error is that the VS platform does NOT support the new ACL table type L3V4V6.

May 13 14:49:13.301367 e01c265b5ca5 ERR #orchagent: :- validate: Table L3_V4V6_TEST: table type L3V4V6 in stage 1 not supported on this platform.
May 13 14:49:13.301645 e01c265b5ca5 ERR #orchagent: :- doAclTableTask: Failed to create ACL table L3_V4V6_TEST, invalid configuration

@prsunny 

This change does not affect any other existing ACL  features since this capability check is used only for the newly introduced ACL table type L3V4V6. Also, I verified that all the current swss ACL tests pass as well as PTF test_acl.py.

[bingwang-ms]

@rck-innovium Probably we can mock the platform by setting DVS_FAKE_PLATFORM. Please search in existing test code.
Thanks

[rck-innovium]

@bingwang-ms 

I was not able to find DVS_FAKE_PLATFORM in existing swss test code

marvell@cpss-testvm2:/rck/sonic-dbg/sonic-buildimage/src/sonic-swss$ grep  -ir DVS_FAKE_PLATFORM *
marvell@cpss-testvm2:/rck/sonic-dbg/sonic-buildimage/src/sonic-swss$ grep  -r FAKE_PLATFORM *
marvell@cpss-testvm2:/rck/sonic-dbg/sonic-buildimage/src/sonic-swss$ cd ..
marvell@cpss-testvm2:/rck/sonic-dbg/sonic-buildimage/src$ grep  -r DVS_FAKE_PLATFORM *
marvell@cpss-testvm2:~/rck/sonic-dbg/sonic-buildimage/src$

[bingwang-ms]

@rck-innovium Sorry for the misleading. I just realize that the DVS_FAKE_PLATFORM has been removed from the latest testing code. I don't know if we have other method to mock the platform string. @prsunny Any suggestions?

[prsunny]

E.g:

DVS_FAKE_PLATFORM = "marvell"
fakeplatform = getattr(request.module, "DVS_FAKE_PLATFORM", None)
dvs = DockerVirtualSwitch(name, keeptb, fakeplatform)

[rck-innovium]

@prsunny @bingwang-ms

DVS_FAKE_PLATFORM has been removed from the entire SONiC codebase and in SWSS it has been replaced with DVS_ENV.

I digged through the past versions of SONiC to find that Nvidia has changed DVS_FAKE_PLATFORM to DVS_ENV = ["HWSKU=Mellanox-SN2700"]. The reason I presume is to support mimicking at a deeper HwSKU level instead of just the platform.

However, I see in today’s swss/tests, only Mellanox-SN2700 SKU is being faked. In fact, I ran into several issues when faking Marvell and Innovium platforms.
I have raised PR #2785 to track the issues.

[rck-innovium]

@prsunny
Coming back to the original question, the new checks do NOT affect any other feature since this capability check is only used by the new L3V4V6 ACL table feature.
So adding VS platform does not have any impact on any of the existing feature.