ACL in SONiC
High Level Design Document
Rev 0.4
Table of Contents
List of Tables
Revision
About this Manual
Scope
Definitions/Abbreviation
Table 2: Abbreviations
1 Sub-system Overview
1.1 System Chart
1.2 Modules description
1.2.1 swssconfig
1.2.2 App DB
1.2.3 Orchestration Agent
1.2.4 SAI Redis
1.2.5 SAI DB
1.2.6 syncd
1.2.7 SAI (Redis and Switch)
2 ACL Subsystem Requirements Overview
2.1 Functional requirements
2.2 Scalability requirements
2.3 Requirements implementation schedule
Table 3: Implementation schedule
3 Modules Design
3.1 Phase 1
3.1.1 swssconfig
3.1.2 App DB
3.1.2.1 App DB Schema Reference
3.1.2.1.1 ACL Tables Table
3.1.2.1.2 ACL Rules Table
3.1.2.2 ACL Table
3.1.2.3 ACL Rule
3.1.2.4 Table of type "L3"
Table 4: Matches allowed in the table of the type "L3"
Table 5: Actions allowed in the table of the type "L3"
3.1.2.5 Table of type "Mirror"
Table 6: Matches allowed in the table of the type "mirror"
Table 7: Actions allowed in the table of the type "mirror"
3.1.3 Orchestration Agent
3.1.3.1 Class AclOrch
3.1.3.2 Acl Table Create or Delete
3.1.3.3 Acl Rule Create or Delete
3.1.4 SAI Redis
3.1.5 SAI DB
3.1.6 syncd
3.1.7 General updates
3.2 Phase 2
3.2.1 Orchestration Agent
3.2.1.1 Counters
3.2.1.2 ACL Table Update
3.2.1.3 ACL Rule Update
3.2.1.4 Configuration update
3.3 Phase 3
3.3.1 Orchestration Agent
3.3.1.1 ACL Ranges support:
3.3.1.2 Binding ACL Table to Port
3.3.1.3 ACL and LAG
3.3.1.3 ACL mirroring
4 Flows
4.1 Creating of ACL Objects
4.2 Deleting of ACL Objects
4.3 Updating of ACL Objects
4.4 Creating of ACL Mirror rules
4.5 Deleting of ACL Mirror rules
4.6 Mirror state change handling
5 swssconfig input file format and restrictions
6 Testing
6.1 Testing environment
6.2 List of tests to cover basic functionality
6.3 Additional tests for Pase 2/3
Appendix A:Keywords for matches and actions
Table 8: Json file keywords
Appendix B: Sample input json file
Appendix C: Code sample