[macsec]: Set MTU for MACsec #2398
Conversation
Pterosaur
force-pushed
the
fix_mtu_macsec
branch
5 times, most recently
from
8edfd13
to
dd12a28
Compare
Signed-off-by: Ze Gan <ganze718@gmail.com>
Pterosaur
force-pushed
the
fix_mtu_macsec
branch
from
dd12a28
to
16cae21
Compare
orchagent/portsorch.cpp
Outdated
| @@ -1144,6 +1172,11 @@ bool PortsOrch::setPortMtu(sai_object_id_t id, sai_uint32_t mtu) | |||
| /* mtu + 14 + 4 + 4 = 22 bytes */ | |||
| attr.value.u32 = (uint32_t)(mtu + sizeof(struct ether_header) + FCS_LEN + VLAN_TAG_LEN); | |||
|
|
|||
| if (isMACsecPort(id)) | |||
There was a problem hiding this comment.
This is definitely needed for non-gearbox based devices.
As discussed, do we need this additional 32 bytes to be added for the gbsyncd based devices as well ?
There was a problem hiding this comment.
Yes, we also needed it for line_side_port for gearbox. @jimmyzhai will add more on this PR for adapting gearbox mode.
There was a problem hiding this comment.
Have updated the fix to update port (w/o gearbox) MTU for MACsec.
Pterosaur
force-pushed
the
fix_mtu_macsec
branch
5 times, most recently
from
c88d845
to
28cfb2b
Compare
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Signed-off-by: Ze Gan <ganze718@gmail.com>
Pterosaur
force-pushed
the
fix_mtu_macsec
branch
from
28cfb2b
to
9ec471a
Compare
|
/easycla |
|
@prsunny could you take a quick look too. thanks. |
| return true; | ||
| } | ||
|
|
||
| bool PortsOrch::setPortMtu(const Port& port, sai_uint32_t mtu) |
There was a problem hiding this comment.
Why are we changing this API? Please have it as the original one and have the caller pass the extra value.
There was a problem hiding this comment.
Due to the Gearbox architecture support, the original function cannot semantically support the functionality of set MTU. We just follow other existing functions, like set Speed, set Fec and so on, that are needed by Gearbox platform.
sonic-swss/orchagent/portsorch.cpp
Lines 2191 to 2209 in 9ec471a
sonic-swss/orchagent/portsorch.cpp
Lines 1253 to 1277 in 9ec471a
There was a problem hiding this comment.
ok, from the changes I still think you can reuse the existing function. But I see your point as making it consistent across other set functions. Approving from my side.
| return true; | ||
| } | ||
|
|
||
| bool PortsOrch::setPortMtu(const Port& port, sai_uint32_t mtu) |
There was a problem hiding this comment.
ok, from the changes I still think you can reuse the existing function. But I see your point as making it consistent across other set functions. Approving from my side.
What I did Set extra MTU for MACsec enabled port. Why I did it MACsec frame will expend the packet with MACsec SecTAG, Otherwise if a packet length equals the MTU which will be dropped by SAI port. Signed-off-by: Ze Gan <ganze718@gmail.com> Co-authored-by: Junhua Zhai <junhua.zhai@outlook.com>
What I did Set extra MTU for MACsec enabled port. Why I did it MACsec frame will expend the packet with MACsec SecTAG, Otherwise if a packet length equals the MTU which will be dropped by SAI port. Signed-off-by: Ze Gan <ganze718@gmail.com> Co-authored-by: Junhua Zhai <junhua.zhai@outlook.com>
|
This change causes 202205 PR test to fail. |
This PR: sonic-net/sonic-sairedis#1107 is for fixing the failure. |
Update sonic-swss submodule pointer to include the following: * Dynamic port configuration - add port buffer cfg to the port ref counter ([sonic-net#2194](sonic-net/sonic-swss#2194)) * tlm_teamd: Filter portchannel subinterface events from STATE_DB LAG_TABLE ([sonic-net#2408](sonic-net/sonic-swss#2408)) * [counters] Improve performance by polling only configured ports buffer queue/pg counters ([sonic-net#2360](sonic-net/sonic-swss#2360)) * added support for Xsight platform ([sonic-net#2426](sonic-net/sonic-swss#2426)) * [ci][asan] add DVS tests run with ASAN ([sonic-net#2363](sonic-net/sonic-swss#2363)) * Handle dual ToR neighbor miss scenario ([sonic-net#2151](sonic-net/sonic-swss#2151)) * Upstream new development on p4orch ([sonic-net#2237](sonic-net/sonic-swss#2237)) * [lgtm] Fix dependency ([sonic-net#2419](sonic-net/sonic-swss#2419)) * [muxorch] Returning true if nbr in skip_neighbor_ in isNeighborActive() ([sonic-net#2415](sonic-net/sonic-swss#2415)) * [macsec]: Set MTU for MACsec ([sonic-net#2398](sonic-net/sonic-swss#2398)) * Delete Invalid if condition in intfsorch.cpp ([sonic-net#2411](sonic-net/sonic-swss#2411)) Signed-off-by: dprital <drorp@nvidia.com>
What I did Set extra MTU for MACsec enabled port. Why I did it MACsec frame will expend the packet with MACsec SecTAG, Otherwise if a packet length equals the MTU which will be dropped by SAI port. Signed-off-by: Ze Gan <ganze718@gmail.com> Co-authored-by: Junhua Zhai <junhua.zhai@outlook.com>
**What I did** Set extra MTU for MACsec enabled port. **Why I did it** MACsec frame will expend the packet with MACsec SecTAG, Otherwise if a packet length equals the MTU which will be dropped by SAI port. **How I verified it** Assume 9100 is the MTU, Check by the command `ping -s 9100 10.0.0.57` **Details if related** Cherry-pick from #2398 Signed-off-by: Ze Gan <ganze718@gmail.com> Co-authored-by: Junhua Zhai <junhua.zhai@outlook.com>
Signed-off-by: Ze Gan ganze718@gmail.com
What I did
Set extra MTU for MACsec enabled port.
Why I did it
MACsec frame will expend the packet with MACsec SecTAG, Otherwise if a packet length equals the MTU which will be dropped by SAI port.
How I verified it
Assume 9100 is the MTU, Check by the command
ping -s 9100 10.0.0.57Details if related