Bug: ACL programming sequence out of order causing slownessย #22103
Description
Is it platform specific
generic
Importance or Severity
Low
Description of the bug
note: this is an optimization to make ACL programming faster, eventual consistency is still reached.
config acl update full ... does not behave as expected. ACL requested is not programmed in the order of priority. This causes lower priority entries to shift unnecessarily. Example can be seen in issue/21988 where the final ACL rules take significantly longer to program because they are higher priority.
Simply changing the naming from "RULE_1" -> "RULE_0001" can alleviate the issue partially since then it's somewhat more ordered properly.
Steps to Reproduce
Run config acl update full ... on any ACL json file with more than 10 ACL rules. The ACL rules will get programmed in alphabetical order
Observe in syslog that the ACL rules are programmed in alphabetical order
For example if there are 36 rules where the priority level is highest for the lowest numbered rule
RULE_1, RULE_10, RULE_11, ... RULE_19,
RULE_2, RULE_20, RULE_21, ...,
RULE_3, RULE_30, RULE_31, ..., RULE_36
RULE_4, RULE_5, RULE_6, ..., RULE_9
RULE_4 programming takes significantly longer because it has to reprogram ~30 rules due to shifting.
RULE_5, ..., RULE_9 do the same
Actual Behavior and Expected Behavior
Actual Behaviour ( out of order ): ~1.3s total
2026 Jan 23 00:23:06.791258 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_1 in table TEST_TABLE1
2026 Jan 23 00:23:06.801202 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_2 in table TEST_TABLE1
2026 Jan 23 00:23:06.811847 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_3 in table TEST_TABLE1
2026 Jan 23 00:23:06.821801 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_4 in table TEST_TABLE1
2026 Jan 23 00:23:06.831681 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_5 in table TEST_TABLE1
2026 Jan 23 00:23:06.841141 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_6 in table TEST_TABLE1
2026 Jan 23 00:23:06.852004 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule DEFAULT_RULE in table TEST_TABLE1
2026 Jan 23 00:23:06.867940 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_10 in table TEST_TABLE1
2026 Jan 23 00:23:06.883247 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_11 in table TEST_TABLE1
2026 Jan 23 00:23:06.898171 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_12 in table TEST_TABLE1
2026 Jan 23 00:23:06.912874 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_13 in table TEST_TABLE1
2026 Jan 23 00:23:06.927690 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_14 in table TEST_TABLE1
2026 Jan 23 00:23:06.942484 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_15 in table TEST_TABLE1
2026 Jan 23 00:23:06.957541 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_16 in table TEST_TABLE1
2026 Jan 23 00:23:06.972334 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_17 in table TEST_TABLE1
2026 Jan 23 00:23:06.987234 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_18 in table TEST_TABLE1
2026 Jan 23 00:23:07.002240 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_19 in table TEST_TABLE1
2026 Jan 23 00:23:07.019597 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_20 in table TEST_TABLE1
2026 Jan 23 00:23:07.037192 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_21 in table TEST_TABLE1
2026 Jan 23 00:23:07.071455 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_22 in table TEST_TABLE1
2026 Jan 23 00:23:07.092989 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_23 in table TEST_TABLE1
2026 Jan 23 00:23:07.108033 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_24 in table TEST_TABLE1
2026 Jan 23 00:23:07.123569 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_25 in table TEST_TABLE1
2026 Jan 23 00:23:07.139065 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_26 in table TEST_TABLE1
2026 Jan 23 00:23:07.154072 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_27 in table TEST_TABLE1
2026 Jan 23 00:23:07.169015 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_28 in table TEST_TABLE1
2026 Jan 23 00:23:07.184532 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_29 in table TEST_TABLE1
2026 Jan 23 00:23:07.199630 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_30 in table TEST_TABLE1
2026 Jan 23 00:23:07.215188 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_31 in table TEST_TABLE1
2026 Jan 23 00:23:07.230250 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_32 in table TEST_TABLE1
2026 Jan 23 00:23:07.245439 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_33 in table TEST_TABLE1
2026 Jan 23 00:23:07.260572 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_34 in table TEST_TABLE1
2026 Jan 23 00:23:07.276129 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_35 in table TEST_TABLE1
2026 Jan 23 00:23:07.291318 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_36 in table TEST_TABLE1
2026 Jan 23 00:23:07.307089 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_37 in table TEST_TABLE1
2026 Jan 23 00:23:07.322527 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_38 in table TEST_TABLE1
2026 Jan 23 00:23:07.338243 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_39 in table TEST_TABLE1
2026 Jan 23 00:23:07.353336 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_40 in table TEST_TABLE1
2026 Jan 23 00:23:07.369057 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_41 in table TEST_TABLE1
2026 Jan 23 00:23:07.384316 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_42 in table TEST_TABLE1
2026 Jan 23 00:23:07.399427 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_43 in table TEST_TABLE1
2026 Jan 23 00:23:07.415319 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_44 in table TEST_TABLE1
2026 Jan 23 00:23:07.430604 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_45 in table TEST_TABLE1
2026 Jan 23 00:23:07.651025 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_7 in table TEST_TABLE1
2026 Jan 23 00:23:07.871273 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_8 in table TEST_TABLE1
2026 Jan 23 00:23:08.094300 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_9 in table TEST_TABLE1
Expected behaviour ( in order of priority ): ~0.7s total
2026 Jan 23 00:25:35.598327 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0001 in table TEST_TABLE2
2026 Jan 23 00:25:35.607782 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0002 in table TEST_TABLE2
2026 Jan 23 00:25:35.618188 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0003 in table TEST_TABLE2
2026 Jan 23 00:25:35.628108 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0004 in table TEST_TABLE2
2026 Jan 23 00:25:35.639182 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule DEFAULT_RULE in table TEST_TABLE2
2026 Jan 23 00:25:35.655567 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0005 in table TEST_TABLE2
2026 Jan 23 00:25:35.673399 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0006 in table TEST_TABLE2
2026 Jan 23 00:25:35.692152 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0007 in table TEST_TABLE2
2026 Jan 23 00:25:35.706927 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0008 in table TEST_TABLE2
2026 Jan 23 00:25:35.721739 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0009 in table TEST_TABLE2
2026 Jan 23 00:25:35.737876 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0010 in table TEST_TABLE2
2026 Jan 23 00:25:35.753027 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0011 in table TEST_TABLE2
2026 Jan 23 00:25:35.768130 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0012 in table TEST_TABLE2
2026 Jan 23 00:25:35.783217 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0013 in table TEST_TABLE2
2026 Jan 23 00:25:35.797963 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0014 in table TEST_TABLE2
2026 Jan 23 00:25:35.812871 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0015 in table TEST_TABLE2
2026 Jan 23 00:25:35.827905 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0016 in table TEST_TABLE2
2026 Jan 23 00:25:35.866999 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0017 in table TEST_TABLE2
2026 Jan 23 00:25:35.882024 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0018 in table TEST_TABLE2
2026 Jan 23 00:25:35.896913 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0019 in table TEST_TABLE2
2026 Jan 23 00:25:35.911611 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0020 in table TEST_TABLE2
2026 Jan 23 00:25:35.926773 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0021 in table TEST_TABLE2
2026 Jan 23 00:25:35.942726 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0022 in table TEST_TABLE2
2026 Jan 23 00:25:35.958216 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0023 in table TEST_TABLE2
2026 Jan 23 00:25:35.973615 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0024 in table TEST_TABLE2
2026 Jan 23 00:25:35.989174 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0025 in table TEST_TABLE2
2026 Jan 23 00:25:36.004029 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0026 in table TEST_TABLE2
2026 Jan 23 00:25:36.018969 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0027 in table TEST_TABLE2
2026 Jan 23 00:25:36.033935 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0028 in table TEST_TABLE2
2026 Jan 23 00:25:36.049283 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0029 in table TEST_TABLE2
2026 Jan 23 00:25:36.064433 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0030 in table TEST_TABLE2
2026 Jan 23 00:25:36.079782 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0031 in table TEST_TABLE2
2026 Jan 23 00:25:36.095157 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0032 in table TEST_TABLE2
2026 Jan 23 00:25:36.110191 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0033 in table TEST_TABLE2
2026 Jan 23 00:25:36.125320 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0034 in table TEST_TABLE2
2026 Jan 23 00:25:36.140068 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0035 in table TEST_TABLE2
2026 Jan 23 00:25:36.156088 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0036 in table TEST_TABLE2
2026 Jan 23 00:25:36.172100 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0037 in table TEST_TABLE2
2026 Jan 23 00:25:36.187455 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0038 in table TEST_TABLE2
2026 Jan 23 00:25:36.203796 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0039 in table TEST_TABLE2
2026 Jan 23 00:25:36.219725 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0040 in table TEST_TABLE2
2026 Jan 23 00:25:36.235967 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0041 in table TEST_TABLE2
2026 Jan 23 00:25:36.263449 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0042 in table TEST_TABLE2
2026 Jan 23 00:25:36.293017 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0043 in table TEST_TABLE2
2026 Jan 23 00:25:36.307999 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0044 in table TEST_TABLE2
2026 Jan 23 00:25:36.323362 qzo204 NOTICE swss#orchagent: :- add: Successfully created ACL rule RULE_0045 in table TEST_TABLE2
Above syslogs were generated by just changing the ACL rule naming to include leading zeroes since it seems they are programmed approximately in alphabetical order. The difference in time can be more or less dramatic depending on the system. In the case of issue/21988 it could reduce the total time to program from ~60s -> ~20s
Changing the order of mod_entry to be by priority in full_update does NOT fix this. As somehow the events are still received in the same order on orcagent.
Diff to change to sort by priority:
acl_loader
/main.py
def full_update(self):
"""
Perform full update of ACL rules configuration. All existing rules
@@ -834,16 +835,29 @@ class AclLoader(object):
be removed and new rules in that table will be installed.
:return:
"""
- for key in self.rules_db_info:
- if self.current_table is None or self.current_table == key[0]:
- self.configdb.mod_entry(self.ACL_RULE, key, None)
- # Program for per front asic namespace also if present
- for namespace_configdb in self.per_npu_configdb.values():
- namespace_configdb.mod_entry(self.ACL_RULE, key, None)
-
+ sorted_rules_db_info = sorted( self.rules_db_info.keys(), key=lambda k: self.rules_db_info[k]["PRIORITY"], reverse=True )
+
+ # delete entries
+ if sorted_rules_db_info:
+ for key in reversed(sorted_rules_db_info):
+ if self.current_table is None or self.current_table == key[0]:
+ info( f"del {key}" )
+ self.configdb.mod_entry(self.ACL_RULE, key, None)
+ # Program for per front asic namespace also if present
+ for namespace_configdb in self.per_npu_configdb.values():
+ namespace_configdb.mod_entry(self.ACL_RULE, key, None)
+
+ # Should be almost equivalent to mod_config
+ for table_name, table_data in {self.ACL_RULE: self.rules_info}.items():
+ sorted_rules_info = sorted( self.rules_info.keys(), key = lambda k : self.rules_info[k]["PRIORITY"], reverse=True )
+ if table_data == None:
+ info( "delete table" )
+ self.configdb.delete_table(table_name)
+ continue
+ for key in sorted_rules_info:
+ info( f"mod_entry {key}" )
+ self.configdb.mod_entry(table_name, key, table_data[key])
- self.configdb.mod_config({self.ACL_RULE: self.rules_info})
- # Program for per front asic namespace also if present
Relevant log output
Output of show version
Attach files (if any)
No response
Metadata
Metadata
Assignees
Type
Projects
Status