Skip to content

Commit 33357ab

Browse files
lolyulolyu
committed
Fix comments
1. Update DB schema 2. Update workflows with new DB schema 3. Add warm-reboot and CLI sections Signed-off-by: Longxiang Lyu <[email protected]>
1 parent 5f9c839 commit 33357ab

File tree

3 files changed

+44
-16
lines changed

3 files changed

+44
-16
lines changed

doc/decap/image/subnet_decap_config_update.png

15.3 KB
Loading

doc/decap/image/vlan_decap_rule_gen_workflow.png

21 KB
Loading

doc/decap/subnet_decap_HLD.md

Lines changed: 44 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@ This document describes the subnet decapsulation feature on T0 SONiC that allows
5151

5252
## 4 Overview
5353

54-
In Azure, Netscan probes the network paths/devices by sending IPinIP traffic. The IPinIP packet crafted by the Netscan sender has the outer DIP equals the destination device Loopback address, and the inner DIP equals the IP address of the Netscan sender. When the IPinIP packet is routed to/received by the destination device, they will be decapsulated and the inner packet will be routed back to the Netscan sender.
54+
In Azure, Netscan probes the network paths/devices by sending IPinIP traffic. The IPinIP packet crafted by the Netscan sender has the outer DIP equals the destination device Loopback address, and the inner DIP equals the IP address of the Netscan sender. When the IPinIP packet is routed to/received by the destination device, they will be decapsulated and the inner packet will be routed back to the Netscan sender. With this probing, the Netscan sender has the awareness of any network link/device issues in the probe path by checking the receivement of the inner packets.
5555
As of today, Netscan uses this IP-decap based probing to detect route blackholes in the Azure network. The limitation is that Netscan is only able to probe the networking switches without the capability to detect any route blackholes for host nodes, especially VLAN subnet IPs. Due to the fact that the host nodes don’t have native IP-decap functionality, it is more appropriate to implement the IP-decap functionality on T0 SONiC as SONiC supports IPinIP decapsulation, and T0 SONiC will respond to the Netscan probes on behalf of the host nodes to decapsulate the Netscan IPinIP probe packets with DIP as any VLAN subnet IPs.
5656
In this design, subnet decap is introduced to enhance SONiC with the capability to generate the decap rules for the VLAN subnet so IPinIP packets from Netscan with DIP as either VLAN subnet IPs could be decapsulated and forwarded back to the Netscan sender to allow Netscan to have the awareness of any possible route blackholes to those destinations.
5757

@@ -78,13 +78,13 @@ In this design, we propose the subnet decap feature that has workflow to enable
7878
### 6.1 Tunnel Specification
7979

8080
The tunnels in this design will be generated with the following attributes:
81-
| Attribute | Value | Note |
82-
| --------------- | ----------------------------- | -------------------------------- |
83-
| name | IPINIP_VLAN or IPINIP_V6_VLAN | One IPv4 tunnel, one IPv6 tunnel |
84-
| tunnel type | IPinIP | |
85-
| decap ECN mode | copy_from_outer or standard | |
86-
| decap TTL mode | pipe | |
87-
| decap DSCP mode | uniform | |
81+
| Attribute | Value | Note |
82+
| --------------- | --------------------------------- | -------------------------------- |
83+
| name | IPINIP_SUBNET or IPINIP_V6_SUBNET | One IPv4 tunnel, one IPv6 tunnel |
84+
| tunnel type | IPinIP | |
85+
| decap ECN mode | copy_from_outer or standard | |
86+
| decap TTL mode | pipe | |
87+
| decap DSCP mode | uniform | |
8888

8989
The decapsulation termination entry will be created with the following attributes:
9090
| Attribute | Value | Note |
@@ -102,10 +102,14 @@ The decapsulation termination entry will be created with the following attribute
102102
```
103103
### SUBNET_DECAP
104104
; Stores subnet based decapsulation configurations
105-
key = SUBNET_DECAP|subnet_type ; SUBNET_DECAP|vlan
105+
key = SUBNET_DECAP|config_name
106106
status = "enable"/"disable" ; status of subnet based decapsulation
107-
src_ip = source IP prefix ; source IP prefix used for decap terms of IPv4 tunnel
108-
src_ip_v6 = source IP prefix ; source IPv6 prefix used for decap terms of IPv6 tunnel
107+
src_ip = source IP prefix ; source IP prefix used for tunnel
108+
src_ip_v6 = source IP prefix ; source IPv6 prefix used for tunnel_v6
109+
vlan = list of enable VLAN ; comma separated list of VLANs to enable
110+
; subnet decap, if status is enable and this
111+
; list is empty, subnet decap will apply to
112+
; all VLANs
109113
```
110114

111115
#### 6.2.2 APPL_DB
@@ -123,8 +127,11 @@ The decapsulation termination entry will be created with the following attribute
123127
### TUNNEL_DECAP_TERM_TABLE
124128
; Stores a list of decap terms.
125129
key = TUNNEL_DECAP_TERM_TABLE:tunnel_name:dst_ip ; tunnel name:dst IP prefix as key
126-
term_type = "P2P"/"P2MP"/"MP2MP" ; tunnel decap term type
127-
src_ip = source IP prefix
130+
term_type = "P2P"/"P2MP"/"MP2MP" ; tunnel decap term type
131+
src_ip = source IP prefix ; for decap terms of subnet decap, the
132+
; source IP is omitted
133+
subnet_type = "vlan"/"vip" ; the subnet type of the dst IP prefix, present
134+
; if this is a subnet decap term
128135
```
129136

130137
#### 6.2.3 STATE_DB
@@ -144,6 +151,8 @@ The decapsulation termination entry will be created with the following attribute
144151
key = TUNNEL_DECAP_TERM_TABLE:tunnel_name:dst_ip ; tunnel name:dst IP prefix as key
145152
term_type = "P2P"/"P2MP"/"MP2MP" ; tunnel decap term type
146153
src_ip = source IP prefix
154+
subnet_type = "vlan"/"vip" ; the subnet type of the dst IP prefix, present
155+
; if this is a subnet decap term
147156
```
148157

149158
### 6.3 Orchestration Agent
@@ -183,12 +192,31 @@ The following picture describes the workflow:
183192

184193
### 6.6 CLI
185194

186-
TBD
195+
* `show tunnel brief`: lists out the tunnels created.
196+
197+
```
198+
# show tunnel
199+
Tunnel Name Type Dscp Mode ECN Mode TTL Mode
200+
---------------- ------ ----------- --------------- ----------
201+
IPINIP_TUNNEL IPINIP uniform copy_from_outer pipe
202+
IPINIP_V6_TUNNEL IPINIP uniform copy_from_outer pipe
203+
IPINIP_SUBNET IPINIP uniform copy_from_outer pipe
204+
IPINIP_V6_SUBNET IPINIP uniform copy_from_outer pipe
205+
```
206+
207+
* `show tunnel decap`: lists out the tunnel decap terms created.
208+
209+
```
210+
Dst IP Src IP Tunnel Name Decap Term Type
211+
------------- ------------- ------------- -----------------
212+
192.168.0.1 N/A IPINIP_TUNNEL P2MP
213+
10.10.10.0/24 20.20.20.0/24 IPINIP_SUBNET MP2MP
214+
```
187215

188216
## 7 Warm Reboot Support
189217

190-
TBD
218+
Currently, SONiC doesn’t load `ipinip.json` after warm-reboot. As two new subnet decap tunnels (`IPINIP_SUBNET` and `IPINIP_V6_SUBNET`) are introduced by this design, `swssconfig.sh` shall be enhanced to write only those two extra tunnel entries from `ipinip.json` to APPL_DB TUNNEL_DECAP_TABLE without making duplicated writes to existing tunnels after warm-reboot.
191219

192220
## 8 Test Plan
193221

194-
TBD
222+
The test plan will be added later based on the requirement.

0 commit comments

Comments
 (0)