Applying ACL rule causes BGP neighbor to go down #21183
Comments
|
@arlakshm for vis |
|
after this change sonic-net/sonic-mgmt#15921. If any the bgp sessions are down, the test is marked as failed. |
|
@arista-nwolfe, @kenneth-arista, @saksarav-nokia, @sanjair-git do you see these failures as well? |
I'll try out the manual steps @Javier-Tan outlined with the |
|
Thanks @arista-nwolfe, are you using the latest sonic-mgmt code for 202405. As I mentioned earlier after this change sonic-net/sonic-mgmt#15921. We check if all the bgp session are up after appling the ACLs |
Yeah this last weekend's run has this change and we didn't see any failures due to |
I see the same behavior @Javier-Tan sees when I put a It's just the 1 neighbor down that goes down strangely. |
|
Sorry, I wasn't clear enough in the description but it was just that 1 BGP neighbor "fc00::a" that goes down @arista-nwolfe , so this is the same bug we see |
|
CS00012383871 |
<!-- Please make sure you've read and understood our contributing guidelines; https://github.com/sonic-net/SONiC/blob/gh-pages/CONTRIBUTING.md Please provide following information to help code review process a bit easier: --> ### Description of PR <!-- - Please include a summary of the change and which issue is fixed. - Please also include relevant motivation and context. Where should reviewer start? background context? - List any dependencies that are required for this change. --> Summary: Fixes sonic-net/sonic-buildimage#21183 ### Type of change <!-- - Fill x for your type of change. - e.g. - [x] Bug fix --> - [x] Bug fix - [ ] Testbed and Framework(new/improvement) - [ ] New Test case - [ ] Skipped for non-supported platforms - [ ] Test case improvement ### Back port request - [ ] 202012 - [ ] 202205 - [ ] 202305 - [ ] 202311 - [ ] 202405 - [ ] 202411 ### Approach #### What is the motivation for this PR? Prevent T2 BGP neighbors going down during ACL tests #### How did you do it? Prevent last 64 bits of a DROP rule IP from being the same as a BGP neighbor #### How did you verify/test it? Run on T2 devices T1 regression test: https://elastictest.org/scheduler/testplan/679c3507f5a74203a8e1b10b #### Any platform specific information? N/A #### Supported testbed topology if it's a new test case? N/A ### Documentation <!-- (If it's a new feature, new test case) Did you update documentation/Wiki relevant to your implementation? Link to the wiki page? -->
Description of PR Summary: Fixes sonic-net/sonic-buildimage#21183 Approach What is the motivation for this PR? Prevent T2 BGP neighbors going down during ACL tests How did you do it? Prevent last 64 bits of a DROP rule IP from being the same as a BGP neighbor How did you verify/test it? Run on T2 devices T1 regression test: https://elastictest.org/scheduler/testplan/679c3507f5a74203a8e1b10b
Description
We noticed that applying a specific ACL rules causes one specific BGP neighbor to go down (fc00::a) during ACL tests (specifically those with "IPV6" and "INGRESS" parameters). Removing it brings it back up.
Steps to reproduce the issue:
acl/test_acl.py::TestBasicAcl::test_ingress_unmatched_blocked[ipv6-ingress-downlink->uplink-default-no_vlan]with breakpoint after ACL rules are appliedNOTE: BGP neighbor fc00::a will always go down when the rule is applied during ipv6+ingress test runs, however, only tests that fail is
acl/test_acl.py::TestAclWithReboot...[ipv6-ingress...]as there are explicit BGP neighbor up checks.Describe the results you received:
ACL rule 15 causes BGP neighbor fc00::a to go down when they are seeminly unrelated.
Describe the results you expected:
BGP neighbor fc00::a should stay up.
Output of
show version:Output of
show techsupport:Additional information you deem important (e.g. issue happens only occasionally):
Rules applied can be found at
sonic-mgmt-int/tests/acl/templates/acltb_v6_test_rules.j2The text was updated successfully, but these errors were encountered: