diff --git a/src/sonic-config-engine/minigraph.py b/src/sonic-config-engine/minigraph.py
index 7293f02f8c20..b94a7f7b1571 100644
--- a/src/sonic-config-engine/minigraph.py
+++ b/src/sonic-config-engine/minigraph.py
@@ -1048,7 +1048,26 @@ def parse_spine_chassis_fe(results, vni, lo_intfs, phyport_intfs, pc_intfs, pc_m
#
###############################################################################
-def filter_acl_table_bindings(acls, neighbors, port_channels, sub_role):
+def filter_acl_table_for_backend(acls, vlan_members):
+ filter_acls = {}
+ for acl_name, value in acls.items():
+ if 'everflow' not in acl_name.lower():
+ filter_acls[acl_name] = value
+
+ ports = set()
+ for vlan, member in vlan_members:
+ ports.add(member)
+ filter_acls['DATAACL'] = { 'policy_desc': 'DATAACL',
+ 'stage': 'ingress',
+ 'type': 'L3',
+ 'ports': list(ports)
+ }
+ return filter_acls
+
+def filter_acl_table_bindings(acls, neighbors, port_channels, sub_role, device_type, is_storage_device, vlan_members):
+ if device_type == 'BackEndToRRouter' and is_storage_device:
+ return filter_acl_table_for_backend(acls, vlan_members)
+
filter_acls = {}
# If the asic role is BackEnd no ACL Table (Ctrl/Data/Everflow) is binded.
@@ -1566,7 +1585,7 @@ def parse_xml(filename, platform=None, port_config_file=None, asic_name=None, hw
results['DHCP_RELAY'] = dhcp_relay_table
results['NTP_SERVER'] = dict((item, {}) for item in ntp_servers)
results['TACPLUS_SERVER'] = dict((item, {'priority': '1', 'tcp_port': '49'}) for item in tacacs_servers)
- results['ACL_TABLE'] = filter_acl_table_bindings(acls, neighbors, pcs, sub_role)
+ results['ACL_TABLE'] = filter_acl_table_bindings(acls, neighbors, pcs, sub_role, current_device['type'], is_storage_device, vlan_members)
results['FEATURE'] = {
'telemetry': {
'status': 'enabled'
diff --git a/src/sonic-config-engine/tests/sample-graph-storage-backend.xml b/src/sonic-config-engine/tests/sample-graph-storage-backend.xml
new file mode 100644
index 000000000000..5333c073c8be
--- /dev/null
+++ b/src/sonic-config-engine/tests/sample-graph-storage-backend.xml
@@ -0,0 +1,440 @@
+
+
+
+
+
+ switch-t0
+ 10.1.0.32
+ BGPMonitor
+ 10.20.30.40
+ 30
+ 10
+ 3
+
+
+ false
+ switch-t0
+ 10.0.0.56
+ ARISTA01T1
+ 10.0.0.57
+ 1
+ 180
+ 60
+
+
+ switch-t0
+ FC00::71
+ ARISTA01T1
+ FC00::72
+ 1
+ 180
+ 60
+
+
+ false
+ switch-t0
+ 10.0.0.58
+ ARISTA02T1
+ 10.0.0.59
+ 1
+ 180
+ 60
+
+
+ switch-t0
+ FC00::75
+ ARISTA02T1
+ FC00::76
+ 1
+ 180
+ 60
+
+
+
+
+ 0
+
+ BGPMonitor
+
+
+ BGPPeer
+ 10.1.0.32
+
+
+
+
+
+
+
+
+ 65100
+ switch-t0
+
+
+ 10.0.0.59
+
+
+
+
+
+
+
+
+ 64600
+ ARISTA01T1
+
+
+
+ 64600
+ ARISTA02T1
+
+
+
+ 64600
+ ARISTA03T1
+
+
+
+ 64600
+ ARISTA04T1
+
+
+
+
+
+
+
+
+
+ HostIP
+ Loopback0
+
+ 10.1.0.32/32
+
+ 10.1.0.32/32
+
+
+ HostIP1
+ Loopback0
+
+ FC00:1::32/128
+
+ FC00:1::32/128
+
+
+
+
+ HostIP
+ eth0
+
+ 10.0.0.100/24
+
+ 10.0.0.100/24
+
+
+
+
+
+
+ switch-t0
+
+
+ PortChannel01
+ fortyGigE0/4
+
+
+
+
+
+ ab1
+ fortyGigE0/8
+ 192.0.0.1;192.0.0.2
+ 1000
+ 1000
+ 192.168.0.0/27
+
+
+ ab4
+ fortyGigE0/8
+ 192.0.0.1;192.0.0.2
+ 1001
+ 1001
+ 192.168.0.32/27
+
+
+ kk1
+ fortyGigE0/12
+ 192.0.0.1;192.0.0.2
+ 2020
+ 2020
+ Tagged
+ 192.168.0.0/28
+
+
+ ab2
+ fortyGigE0/12
+ 192.0.0.1;192.0.0.2
+ 2000
+ 2000
+ Tagged
+ 192.168.0.240/27
+
+
+ ab3
+ fortyGigE0/12
+ 192.0.0.1;192.0.0.2
+ 2001
+ 2001
+ 192.168.0.240/27
+
+
+
+
+
+ PortChannel01
+ 10.0.0.56/31
+
+
+
+ PortChannel01
+ FC00::71/126
+
+
+
+ fortyGigE0/0
+ 10.0.0.58/31
+
+
+
+ fortyGigE0/0
+ FC00::75/126
+
+
+
+ ab1
+ 192.168.0.1/27
+
+
+
+
+
+ DataAcl
+
+ ERSPAN
+ everflow
+ Everflow
+ 0
+ everflow.xml
+
+
+ DataAcl
+
+ ERSPANv6
+ everflowV6
+ Everflow
+ 0
+ everflow.xml
+
+
+ DataAcl
+
+ Loopback0
+ ipv6-mgmt-only
+ Management
+ 0
+
+
+
+ DataAcl
+
+ Loopback0
+ mgmt-only
+ Management
+ 0
+
+
+
+ DataAcl
+
+ StaticERSPAN
+ everflowStatic
+ Everflow
+ 0
+ everflow.xml
+
+
+
+
+
+
+
+
+
+ DeviceInterfaceLink
+ 1000
+ ARISTA01T1
+ et1
+ true
+ switch-t0
+ fortyGigE0/8
+ true
+
+
+ DeviceMgmtLink
+ 1000
+ switch-t0
+ fortyGigE0/16
+ true
+ ChassisMTS1
+ mgmt0
+ true
+
+
+
+
+ switch-t0
+ Arista-7050-QX-32S
+ AAA00PrdStr00
+
+
+ ARISTA01T1
+ Arista
+
+
+ ARISTA02T1
+ Arista
+
+
+ ARISTA03T1
+ Arista
+
+
+ ARISTA04T1
+ Arista
+
+
+
+
+
+
+
+ DeviceInterface
+
+ true
+ 1
+ fortyGigE0/0
+
+ false
+ 0
+ 0
+ 10000
+
+
+ DeviceInterface
+
+ true
+ 1
+ Ethernet1
+
+ false
+ 0
+ 0
+ 10000
+
+
+ DeviceInterface
+
+ true
+ 1
+ Ethernet2
+
+ false
+ 0
+ 0
+ 10000
+
+
+ DeviceInterface
+
+ true
+ 1
+ fortyGigE0/4
+
+ false
+ 0
+ 0
+ 25000
+
+
+ DeviceInterface
+
+ true
+ 1
+ fortyGigE0/8
+
+ false
+ 0
+ 0
+ 40000
+ Interface description
+
+
+ DeviceInterface
+
+ true
+ 1
+ fortyGigE0/12
+
+ false
+ 0
+ 0
+ 100000
+ Interface description
+
+
+ DeviceInterface
+
+ true
+ 1
+ fortyGigE0/16
+
+ false
+ 0
+ 0
+ 100000
+
+
+ true
+ 0
+ Arista-7050-QX-32S
+
+
+ DeviceInterface
+
+ 1
+ Management1
+ false
+ mgmt1
+ 1000
+
+
+
+
+
+
+
+ switch-t0
+
+
+ ResourceType
+
+ Storage
+
+
+
+
+
+
+ switch-t0
+ Arista-7050-QX-32S
+
diff --git a/src/sonic-config-engine/tests/sample-graph-subintf.xml b/src/sonic-config-engine/tests/sample-graph-subintf.xml
index 8940297e7488..a5db5f55aac8 100644
--- a/src/sonic-config-engine/tests/sample-graph-subintf.xml
+++ b/src/sonic-config-engine/tests/sample-graph-subintf.xml
@@ -11,25 +11,6 @@
10
3
-
- false
- switch-t0
- 10.0.0.56
- ARISTA01T1
- 10.0.0.57
- 1
- 180
- 60
-
-
- switch-t0
- FC00::71
- ARISTA01T1
- FC00::72
- 1
- 180
- 60
-
false
switch-t0
@@ -70,12 +51,6 @@
65100
switch-t0
-
- 10.0.0.57
-
-
-
-
10.0.0.59
@@ -149,11 +124,6 @@
fortyGigE0/4
-
- PortChannel1001
- fortyGigE0/1;fortyGigE0/2
-
-
@@ -227,16 +197,6 @@
PortChannel01
FC00::71/126
-
-
- PortChannel1001
- 10.0.0.57/31
-
-
-
- PortChannel1001
- FC00::72/126
-
ab1
@@ -272,26 +232,6 @@
fortyGigE0/8
true
-
- DeviceInterfaceLink
- 10000
- switch-t0
- fortyGigE0/1
- true
- ARISTA05T1
- Ethernet1/32
- true
-
-
- DeviceInterfaceLink
- 10000
- switch-t0
- fortyGigE0/2
- true
- ARISTA06T1
- Ethernet1/33
- true
-
DeviceMgmtLink
1000
@@ -302,15 +242,6 @@
mgmt0
true
-
- DeviceMgmtLink
- 1000
- switch-t0
- Management1
- switch-m0
- Management1
- true
-
diff --git a/src/sonic-config-engine/tests/test_cfggen.py b/src/sonic-config-engine/tests/test_cfggen.py
index 5702841ceea4..87189bef27d2 100644
--- a/src/sonic-config-engine/tests/test_cfggen.py
+++ b/src/sonic-config-engine/tests/test_cfggen.py
@@ -32,6 +32,7 @@ def setUp(self):
self.ecmp_graph = os.path.join(self.test_dir, 'fg-ecmp-sample-minigraph.xml')
self.sample_resource_graph = os.path.join(self.test_dir, 'sample-graph-resource-type.xml')
self.sample_subintf_graph = os.path.join(self.test_dir, 'sample-graph-subintf.xml')
+ self.sample_backend_graph = os.path.join(self.test_dir, 'sample-graph-storage-backend.xml')
# To ensure that mock config_db data is used for unit-test cases
os.environ["CFGGEN_UNIT_TESTING"] = "2"
@@ -674,14 +675,11 @@ def test_minigraph_bgp_mon(self):
utils.to_dict("{'10.20.30.40': {'rrclient': 0, 'name': 'BGPMonitor', 'local_addr': '10.1.0.32', 'nhopself': 0, 'holdtime': '10', 'asn': '0', 'keepalive': '3'}}")
)
- def test_minigraph_sub_port_interfaces(self, check_stderr=True):
- self.verify_sub_intf(check_stderr=check_stderr)
-
def test_minigraph_sub_port_intf_resource_type_non_backend_tor(self, check_stderr=True):
self.verify_sub_intf_non_backend_tor(graph_file=self.sample_resource_graph, check_stderr=check_stderr)
- def test_minigraph_sub_port_intf_resource_type(self, check_stderr=True):
- self.verify_sub_intf(graph_file=self.sample_resource_graph, check_stderr=check_stderr)
+ def test_minigraph_sub_port_intf_hwsku(self, check_stderr=True):
+ self.verify_sub_intf(graph_file=self.sample_backend_graph, check_stderr=check_stderr)
def test_minigraph_sub_port_intf_sub(self, check_stderr=True):
self.verify_sub_intf(graph_file=self.sample_subintf_graph, check_stderr=check_stderr)
@@ -689,6 +687,32 @@ def test_minigraph_sub_port_intf_sub(self, check_stderr=True):
def test_minigraph_no_vlan_member(self, check_stderr=True):
self.verify_no_vlan_member()
+ def test_minigraph_backend_acl_leaf(self, check_stderr=True):
+ try:
+ print('\n Change device type to %s' % (BACKEND_LEAF_ROUTER))
+ if check_stderr:
+ output = subprocess.check_output("sed -i \'s/%s/%s/g\' %s" % (TOR_ROUTER, BACKEND_LEAF_ROUTER, self.sample_backend_graph), stderr=subprocess.STDOUT, shell=True)
+ else:
+ output = subprocess.check_output("sed -i \'s/%s/%s/g\' %s" % (TOR_ROUTER, BACKEND_LEAF_ROUTER, self.sample_backend_graph), shell=True)
+
+ self.test_jinja_expression(self.sample_backend_graph, BACKEND_LEAF_ROUTER)
+
+ # ACL_TABLE should contain EVERFLOW related entries
+ argument = '-m "' + self.sample_backend_graph + '" -p "' + self.port_config + '" -v "ACL_TABLE"'
+ output = self.run_script(argument)
+ sample_output = utils.to_dict(output.strip()).keys()
+ assert 'DATAACL' not in sample_output, sample_output
+ assert 'EVERFLOW' in sample_output, sample_output
+
+ finally:
+ print('\n Change device type back to %s' % (TOR_ROUTER))
+ if check_stderr:
+ output = subprocess.check_output("sed -i \'s/%s/%s/g\' %s" % (BACKEND_LEAF_ROUTER, TOR_ROUTER, self.sample_backend_graph), stderr=subprocess.STDOUT, shell=True)
+ else:
+ output = subprocess.check_output("sed -i \'s/%s/%s/g\' %s" % (BACKEND_LEAF_ROUTER, TOR_ROUTER, self.sample_backend_graph), shell=True)
+
+ self.test_jinja_expression(self.sample_backend_graph, TOR_ROUTER)
+
def test_minigraph_sub_port_no_vlan_member(self, check_stderr=True):
try:
print('\n Change device type to %s' % (BACKEND_LEAF_ROUTER))
@@ -743,6 +767,13 @@ def verify_sub_intf(self, **kwargs):
output = self.run_script(argument)
self.assertEqual(output.strip(), "")
+ # ACL_TABLE should not contain EVERFLOW related entries
+ argument = '-m "' + graph_file + '" -p "' + self.port_config + '" -v "ACL_TABLE"'
+ output = self.run_script(argument)
+ sample_output = utils.to_dict(output.strip()).keys()
+ assert 'DATAACL' in sample_output, sample_output
+ assert 'EVERFLOW' not in sample_output, sample_output
+
# All the other tables stay unchanged
self.test_minigraph_vlans(graph_file=graph_file)
self.test_minigraph_vlan_interfaces(graph_file=graph_file)