Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OPENCONFIG-gNMI - gnmi_get of a specific ACL fails when ACL is created through config load #94

Open
sachin-brm opened this issue Sep 10, 2019 · 3 comments
Open

OPENCONFIG-gNMI - gnmi_get of a specific ACL fails when ACL is created through config load #94

sachin-brm opened this issue Sep 10, 2019 · 3 comments
Assignees
@a-barboza @sachinholla @maheshwari-mayank @anand-kumar-subramanian
Labels
bug Something isn't working

Comments

@sachin-brm
Copy link
Collaborator

sachin-brm commented Sep 10, 2019
edited by jeff-yin
Loading

OPENCONFIG-gNMI

Problem Description/Summary :

OPENCONFIG-gNMI - gnmi_get of a specific ACL fails when ACL is created through config load

Expected Behavior :

gNMI get operation to get specific ACL should be success when ACL is created through config load
Topology :

DUT
Steps to Repro :

  1. Configure ACL config (2 ACL tables with rules) trough config load command.
    ============================================================
root@sonic:/home/admin# show acl table

Name Type Binding Description

A L3 Ethernet20 Counter
B L3 Ethernet36 Counter
root@sonic:/home/admin# show acl rule
Table Rule Priority Action Match

A 1 55 forward DST_IP: 10.10.1.26/32
IP_TYPE: ipv4any
SRC_IP: 10.10.0.26/32
B 1 2 forward DST_IP: 10.10.3.26/32
IP_TYPE: ipv4any
SRC_IP: 10.10.2.26/32
  1. Go to telemetry docker docker exec -it telemetry bash
  2. through gNMI get operation get all acl details as below
gnmi_get -xpath /openconfig-acl:acl/ -target_addr 127.0.0.1:8080 -insecure 
getRequest:
prefix: <
>
path: <
elem: <
name: "openconfig-acl:acl"
>
>
encoding: JSON_IETF
== getResponse:
notification: <
timestamp: 1567770852121992630
prefix: <
>
update: <
path: <
elem: <
name: "openconfig-acl:acl"
>
>
val: <
json_ietf_val: "{\"openconfig-acl:acl\":{\"acl-sets\":{\"acl-set\":[{\"acl-entries\":{\"acl-entry\":[\{\"actions\":\{\"config\":\{\"forwarding-action\":\"openconfig-acl:DROP\"},\"state\":\{\"forwarding-action\":\"openconfig-acl:DROP\"}},\"config\":\{\"sequence-id\":65480},\"ipv4\":\{\"config\":\{\"destination-address\":\"10.10.1.26/32\",\"source-address\":\"10.10.0.26/32\"},\"state\":\{\"destination-address\":\"10.10.1.26/32\",\"source-address\":\"10.10.0.26/32\"}},\"sequence-id\":65480,\"state\":\{\"matched-octets\":\"0\",\"matched-packets\":\"0\",\"sequence-id\":65480}}]},\"config\":{\"description\":\"Counter\",\"name\":\"A\",\"type\":\"openconfig-acl:ACL_IPV4\"},\"name\":\"A\",\"state\":{\"description\":\"Counter\",\"name\":\"A\",\"type\":\"openconfig-acl:ACL_IPV4\"},\"type\":\"openconfig-acl:ACL_IPV4\"},{\"acl-entries\":{\"acl-entry\":[\{\"actions\":\{\"config\":\{\"forwarding-action\":\"openconfig-acl:DROP\"},\"state\":\{\"forwarding-action\":\"openconfig-acl:DROP\"}},\"config\":\{\"sequence-id\":65533},\"ipv4\":\{\"config\":\{\"destination-address\":\"10.10.3.26/32\",\"source-address\":\"10.10.2.26/32\"},\"state\":\{\"destination-address\":\"10.10.3.26/32\",\"source-address\":\"10.10.2.26/32\"}},\"sequence-id\":65533,\"state\":\{\"matched-octets\":\"0\",\"matched-packets\":\"0\",\"sequence-id\":65533}}]},\"config\":{\"description\":\"Counter\",\"name\":\"B\",\"type\":\"openconfig-acl:ACL_IPV4\"},\"name\":\"B\",\"state\":{\"description\":\"Counter\",\"name\":\"B\",\"type\":\"openconfig-acl:ACL_IPV4\"},\"type\":\"openconfig-acl:ACL_IPV4\"}]}}}"
>
>
>
  1. through gnmi get try to get specific acl details and observe the rpc error
root@sonic:/#gnmi_get -xpath /openconfig-acl:acl/acl-sets/acl-set[name=A][type=ACL_IPV4]/acl-entries/acl-entry[sequence-id=65480] -target_addr 127.0.0.1:8080 -insecure
== getRequest:
prefix: <
>
path: <
elem: <
name: "openconfig-acl:acl"
>
elem: <
name: "acl-sets"
>
elem: <
name: "acl-set"
key: <
key: "name"
value: "A"
>
key: <
key: "type"
value: "ACL_IPV4"
>
>
elem: <
name: "acl-entries"
>
elem: <
name: "acl-entry"
key: <
key: "sequence-id"
value: "65480"
>
>
>
encoding: JSON_IETF
F0909 06:41:59.143741 436 gnmi_get.go:137] Get failed: rpc error: code = NotFound desc = GET failed for this message

Note:when ACL configured through gNMI set operation, able to perform gnmi get operation on specific acl successfully
When ACL configured through gNMI set operation , "_ACL_IPV4" string is getting appended to ACL names as below

root@sonic:/home/admin# show acl rule
Table Rule Priority Action Match

MyACL2_ACL_IPV4 RULE_1 65534 FORWARD DSCP: 1
DST_IP: 22.1.1.1/32
IP_PROTOCOL: 6
L4_DST_PORT: 201
L4_SRC_PORT: 101
SRC_IP: 12.1.1.1/32
MyACL1_ACL_IPV4 RULE_1 65534 FORWARD DSCP: 1
DST_IP: 21.1.1.1/32
IP_PROTOCOL: 6
L4_DST_PORT: 201
L4_SRC_PORT: 101
SRC_IP: 11.1.1.1/32

Reproducibility ( Ex:- 3 out of 3 attempts ) Please also update "Reproducible" field :

3
@sachin-brm sachin-brm added the bug Something isn't working label Sep 10, 2019
@jeff-yin jeff-yin assigned seiferteric and unassigned jeff-yin Sep 10, 2019
@jeff-yin
Copy link
Collaborator

@seiferteric -- I'm not sure if this one is a gNMI issue, or if the owner(s) of the ACL app module should look at it.

@seiferteric
Copy link

@jeff-yin Yes, I don't see how this could be a gNMI specific issue. The name having _ACL_IPV4 append to it is odd though.

@jeff-yin
Copy link
Collaborator

@sachin-brm re-assigned to the contributors of the acl_app.go code. Thinking this may be an issue with the app module backend.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@a-barboza a-barboza

@sachinholla sachinholla

@maheshwari-mayank maheshwari-mayank

@anand-kumar-subramanian anand-kumar-subramanian

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@seiferteric @jeff-yin @a-barboza @sachinholla @maheshwari-mayank @anand-kumar-subramanian @sachin-brm