forked from sonic-net/sonic-swss
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[teammgr]: Waiting MACsec ready before doLagMemberTask (sonic-net#2286)
Signed-off-by: Ze Gan [email protected], Judy Joseph [email protected] What I did If a member of portchannel has macsec profile attached in config, enable MACsec on the port before it's been added as a member of portchannel. Why I did it Due to some hardware limitation, cannot enable MACsec on a member of portchannel. So we enable the macsec on interface first and then add it as part of portchannel. Note: This is a work around which will be removed when h/w supports it future releases. The approach taken in this PR is In the teamdMgr when an interface is added as part of the LAG, we wait for the macsecPort creation done in SAI and Ingress SA creation complete (if macsec is enabled on the interface) The above takes care of config reload, reboot scenario's where we cannot guarantee the sequence of macsec attach to interface, add interface as part of portchannel. If we do a manual removal of port from portchannel, or remove macsec config from the interface, Please follow this steps First remove the portchannel member out of portchannel Remove the macsec profile attached to interface. How I verified it Verified with config reload, reboot with the macsec profile attached to portchannel member interfaces. Verified case when SAK rekey is enabled on macsec on portchannel members Verified case when member interface link flaps
- Loading branch information
1 parent
b30f97a
commit 1f13d1a
Showing
3 changed files
with
150 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters