Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add policy forwarding for next hop match and GUE encapsulation action #1208

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Add policy forwarding for next hop match and GUE encapsulation action #1208

wants to merge 5 commits into from
+544 −133

Conversation

danameme
Copy link
Contributor

@danameme danameme commented Oct 24, 2024
edited
Loading

Change Scope

  • Add support for policy forwarding match on next hop and GUE encapsulation action.
  • Move the encapsulation-header-type to a common module so it can be used more generally.

Platform Implementations

  • Arista support for GUE encapsulation.

Tree view

--- old-tree.txt	2024-10-25 23:25:47.846040655 +0000
+++ new-tree.txt	2024-10-25 23:22:50.010152815 +0000
@@ -3176,42 +3176,42 @@
         |                    |     +--ro out-labeled-pkts?     oc-yang:counter64
         |                    |     +--ro out-labeled-octets?   oc-yang:counter64
         |                    +--ro sids
         |                    |  +--ro sid* [index]
         |                    |     +--ro index    -> ../state/index
         |                    |     +--ro state
         |                    |        +--ro index?      uint64
         |                    |        +--ro value?      oc-srt:sr-sid-type
         |                    |        +--ro mpls-ttl?   uint8
         |                    |        +--ro mpls-tc?    uint8
         |                    +--ro next-hops
         |                       +--ro next-hop* [index]
         |                          +--ro index            -> ../state/index
         |                          +--ro state
         |                          |  +--ro index?                     uint64
         |                          |  +--ro programmed-index?          uint64
         |                          |  +--ro ip-address?                oc-inet:ip-address
         |                          |  +--ro mac-address?               oc-yang:mac-address
         |                          |  +--ro pop-top-label?             boolean
         |                          |  +--ro pushed-mpls-label-stack*   oc-mplst:mpls-label
-        |                          |  +--ro encapsulate-header?        oc-aftt:encapsulation-header-type
-        |                          |  +--ro decapsulate-header?        oc-aftt:encapsulation-header-type
+        |                          |  +--ro encapsulate-header?        oc-types:encapsulation-header-type
+        |                          |  +--ro decapsulate-header?        oc-types:encapsulation-header-type
         |                          |  +--ro origin-protocol?           identityref
         |                          |  +--ro counters
         |                          |     +--ro out-pkts?             oc-yang:counter64
         |                          |     +--ro out-octets?           oc-yang:counter64
         |                          |     +--ro out-labeled-pkts?     oc-yang:counter64
         |                          |     +--ro out-labeled-octets?   oc-yang:counter64
         |                          +--ro interface-ref
         |                             +--ro state
         |                                +--ro interface?      -> /oc-if:interfaces/interface/name
         |                                +--ro subinterface?   -> /oc-if:interfaces/interface[oc-if:name=current()/../interface]/subinterfaces/subinterface/index
         +--rw vlans
         |  +--rw vlan* [vlan-id]
         |     +--rw vlan-id    -> ../config/vlan-id
         |     +--rw config
         |     |  +--rw vlan-id?   oc-vlan-types:vlan-id
         |     |  +--rw name?      string
         |     |  +--rw status?    enumeration
         |     +--ro state
         |     |  +--ro vlan-id?   oc-vlan-types:vlan-id
         |     |  +--ro name?      string
@@ -3314,40 +3314,49 @@
         |  |           |        +--ro code?   identityref
         |  |           +--rw transport
         |  |           |  +--rw config
         |  |           |  |  +--rw source-port?                  oc-pkt-match-types:port-num-range
         |  |           |  |  +--rw source-port-set?              -> /oc-sets:defined-sets/port-sets/port-set/name
         |  |           |  |  +--rw destination-port?             oc-pkt-match-types:port-num-range
         |  |           |  |  +--rw destination-port-set?         -> /oc-sets:defined-sets/port-sets/port-set/name
         |  |           |  |  +--rw detail-mode?                  enumeration
         |  |           |  |  +--rw explicit-detail-match-mode?   enumeration
         |  |           |  |  +--rw explicit-tcp-flags*           identityref
         |  |           |  |  +--rw builtin-detail?               enumeration
         |  |           |  +--ro state
         |  |           |     +--ro source-port?                  oc-pkt-match-types:port-num-range
         |  |           |     +--ro source-port-set?              -> /oc-sets:defined-sets/port-sets/port-set/name
         |  |           |     +--ro destination-port?             oc-pkt-match-types:port-num-range
         |  |           |     +--ro destination-port-set?         -> /oc-sets:defined-sets/port-sets/port-set/name
         |  |           |     +--ro detail-mode?                  enumeration
         |  |           |     +--ro explicit-detail-match-mode?   enumeration
         |  |           |     +--ro explicit-tcp-flags*           identityref
         |  |           |     +--ro builtin-detail?               enumeration
+        |  |           +--rw next-hop-groups
+        |  |           |  +--rw next-hop-group* [index]
+        |  |           |     +--rw index     -> ../config/index
+        |  |           |     +--rw config
+        |  |           |     |  +--rw index?        uint8
+        |  |           |     |  +--rw ip-address?   oc-inet:ip-address
+        |  |           |     +--ro state
+        |  |           |        +--ro index?        uint8
+        |  |           |        +--ro ip-address?   oc-inet:ip-address
         |  |           +--rw action
         |  |           |  +--rw config
         |  |           |  |  +--rw discard?                           boolean
         |  |           |  |  +--rw decapsulate-gre?                   boolean
         |  |           |  |  +--rw decap-network-instance?            -> /network-instances/network-instance/config/name
         |  |           |  |  +--rw decap-fallback-network-instance?   -> /network-instances/network-instance/config/name
         |  |           |  |  +--rw post-decap-network-instance?       -> /network-instances/network-instance/config/name
         |  |           |  |  +--rw network-instance?                  -> /network-instances/network-instance/config/name
         |  |           |  |  +--rw path-selection-group?              -> ../../../../../../../path-selection-groups/path-selection-group/config/group-id
         |  |           |  |  +--rw next-hop?                          oc-inet:ip-address
         |  |           |  |  +--rw decapsulate-mpls-in-udp?           boolean
         |  |           |  |  +--rw decapsulate-gue?                   boolean
         |  |           |  +--ro state
         |  |           |  |  +--ro discard?                           boolean
         |  |           |  |  +--ro decapsulate-gre?                   boolean
         |  |           |  |  +--ro decap-network-instance?            -> /network-instances/network-instance/config/name
         |  |           |  |  +--ro decap-fallback-network-instance?   -> /network-instances/network-instance/config/name
         |  |           |  |  +--ro post-decap-network-instance?       -> /network-instances/network-instance/config/name
         |  |           |  |  +--ro network-instance?                  -> /network-instances/network-instance/config/name
         |  |           |  |  +--ro path-selection-group?              -> ../../../../../../../path-selection-groups/path-selection-group/config/group-id
@@ -3355,40 +3364,118 @@
         |  |           |  |  +--ro decapsulate-mpls-in-udp?           boolean
         |  |           |  |  +--ro decapsulate-gue?                   boolean
         |  |           |  +--rw encapsulate-gre
         |  |           |  |  +--rw config
         |  |           |  |  |  +--rw identifying-prefix?   oc-inet:ip-prefix
         |  |           |  |  +--ro state
         |  |           |  |  |  +--ro identifying-prefix?   oc-inet:ip-prefix
         |  |           |  |  +--rw targets
         |  |           |  |     +--rw target* [id]
         |  |           |  |        +--rw id        -> ../config/id
         |  |           |  |        +--rw config
         |  |           |  |        |  +--rw id?            string
         |  |           |  |        |  +--rw source?        oc-inet:ip-address
         |  |           |  |        |  +--rw destination?   oc-inet:ip-prefix
         |  |           |  |        |  +--rw ip-ttl?        uint8
         |  |           |  |        +--ro state
         |  |           |  |           +--ro id?            string
         |  |           |  |           +--ro source?        oc-inet:ip-address
         |  |           |  |           +--ro destination?   oc-inet:ip-prefix
         |  |           |  |           +--ro ip-ttl?        uint8
+        |  |           |  +--rw encap-headers
+        |  |           |  |  +--rw encap-header* [index]
+        |  |           |  |     +--rw index     -> ../config/index
+        |  |           |  |     +--rw config
+        |  |           |  |     |  +--rw index?   uint8
+        |  |           |  |     |  +--rw type?    oc-types:encapsulation-header-type
+        |  |           |  |     +--ro state
+        |  |           |  |     |  +--ro index?   uint8
+        |  |           |  |     |  +--ro type?    oc-types:encapsulation-header-type
+        |  |           |  |     +--rw gre
+        |  |           |  |     |  +--rw config
+        |  |           |  |     |  |  +--rw src-ip?   oc-inet:ip-address
+        |  |           |  |     |  |  +--rw dst-ip?   oc-inet:ip-address
+        |  |           |  |     |  |  +--rw ip-ttl?   uint8
+        |  |           |  |     |  +--ro state
+        |  |           |  |     |     +--ro src-ip?   oc-inet:ip-address
+        |  |           |  |     |     +--ro dst-ip?   oc-inet:ip-address
+        |  |           |  |     |     +--ro ip-ttl?   uint8
+        |  |           |  |     +--rw ipv4
+        |  |           |  |     |  +--rw config
+        |  |           |  |     |  |  +--rw src-ip?   oc-inet:ip-address
+        |  |           |  |     |  |  +--rw dst-ip?   oc-inet:ip-address
+        |  |           |  |     |  +--ro state
+        |  |           |  |     |     +--ro src-ip?   oc-inet:ip-address
+        |  |           |  |     |     +--ro dst-ip?   oc-inet:ip-address
+        |  |           |  |     +--rw ipv6
+        |  |           |  |     |  +--rw config
+        |  |           |  |     |  |  +--rw src-ip?   oc-inet:ip-address
+        |  |           |  |     |  |  +--rw dst-ip?   oc-inet:ip-address
+        |  |           |  |     |  +--ro state
+        |  |           |  |     |     +--ro src-ip?   oc-inet:ip-address
+        |  |           |  |     |     +--ro dst-ip?   oc-inet:ip-address
+        |  |           |  |     +--rw mpls
+        |  |           |  |     |  +--rw config
+        |  |           |  |     |  |  +--rw traffic-class?   oc-mplst:mpls-tc
+        |  |           |  |     |  |  +--rw label?           oc-mplst:mpls-label
+        |  |           |  |     |  |  +--rw mpls-ttl?        uint8
+        |  |           |  |     |  +--ro state
+        |  |           |  |     |     +--ro traffic-class?   oc-mplst:mpls-tc
+        |  |           |  |     |     +--ro label?           oc-mplst:mpls-label
+        |  |           |  |     |     +--ro mpls-ttl?        uint8
+        |  |           |  |     +--rw udp-v4
+        |  |           |  |     |  +--rw config
+        |  |           |  |     |  |  +--rw src-ip?         oc-inet:ip-address
+        |  |           |  |     |  |  +--rw dst-ip?         oc-inet:ip-address
+        |  |           |  |     |  |  +--rw dscp?           oc-inet:dscp
+        |  |           |  |     |  |  +--rw src-udp-port?   oc-inet:port-number
+        |  |           |  |     |  |  +--rw dst-udp-port?   oc-inet:port-number
+        |  |           |  |     |  |  +--rw ip-ttl?         uint8
+        |  |           |  |     |  +--ro state
+        |  |           |  |     |     +--ro src-ip?         oc-inet:ip-address
+        |  |           |  |     |     +--ro dst-ip?         oc-inet:ip-address
+        |  |           |  |     |     +--ro dscp?           oc-inet:dscp
+        |  |           |  |     |     +--ro src-udp-port?   oc-inet:port-number
+        |  |           |  |     |     +--ro dst-udp-port?   oc-inet:port-number
+        |  |           |  |     |     +--ro ip-ttl?         uint8
+        |  |           |  |     +--rw udp-v6
+        |  |           |  |     |  +--rw config
+        |  |           |  |     |  |  +--rw src-ip?         oc-inet:ip-address
+        |  |           |  |     |  |  +--rw dst-ip?         oc-inet:ip-address
+        |  |           |  |     |  |  +--rw dscp?           oc-inet:dscp
+        |  |           |  |     |  |  +--rw src-udp-port?   oc-inet:port-number
+        |  |           |  |     |  |  +--rw dst-udp-port?   oc-inet:port-number
+        |  |           |  |     |  |  +--rw ip-ttl?         uint8
+        |  |           |  |     |  +--ro state
+        |  |           |  |     |     +--ro src-ip?         oc-inet:ip-address
+        |  |           |  |     |     +--ro dst-ip?         oc-inet:ip-address
+        |  |           |  |     |     +--ro dscp?           oc-inet:dscp
+        |  |           |  |     |     +--ro src-udp-port?   oc-inet:port-number
+        |  |           |  |     |     +--ro dst-udp-port?   oc-inet:port-number
+        |  |           |  |     |     +--ro ip-ttl?         uint8
         |  |           |  +--rw oc-pf-srte:segment-lists
         |  |           |     +--rw oc-pf-srte:segment-list* [index]
         |  |           |        +--rw oc-pf-srte:index     -> ../config/index
         |  |           |        +--rw oc-pf-srte:config
         |  |           |        |  +--rw oc-pf-srte:index?    uint64
         |  |           |        |  +--rw oc-pf-srte:weight?   uint32
         |  |           |        +--ro oc-pf-srte:state
         |  |           |        |  +--ro oc-pf-srte:index?    uint64
         |  |           |        |  +--ro oc-pf-srte:weight?   uint32
         |  |           |        +--rw oc-pf-srte:sids
         |  |           |           +--rw oc-pf-srte:sid* [index]
         |  |           |              +--rw oc-pf-srte:index     -> ../config/index
         |  |           |              +--rw oc-pf-srte:config
         |  |           |              |  +--rw oc-pf-srte:index?      uint64
         |  |           |              |  +--rw oc-pf-srte:value?      oc-srt:sr-sid-type
         |  |           |              |  +--rw oc-pf-srte:mpls-ttl?   uint8
         |  |           |              |  +--rw oc-pf-srte:mpls-tc?    uint8
         |  |           |              +--ro oc-pf-srte:state
         |  |           |                 +--ro oc-pf-srte:index?      uint64
         |  |           |                 +--ro oc-pf-srte:value?      oc-srt:sr-sid-type
@@ -3428,57 +3515,57 @@
         |        +--rw group-id    -> ../config/group-id
         |        +--rw config
         |        |  +--rw group-id?   string
         |        |  +--rw mpls-lsp*   -> ../../../../../mpls/lsps/constrained-path/tunnels/tunnel/config/name
         |        +--ro state
         |           +--ro group-id?   string
         |           +--ro mpls-lsp*   -> ../../../../../mpls/lsps/constrained-path/tunnels/tunnel/config/name
         +--ro afts
         |  +--ro ipv4-unicast
         |  |  +--ro ipv4-entry* [prefix]
         |  |     +--ro prefix    -> ../state/prefix
         |  |     +--ro state
         |  |        +--ro prefix?                                     oc-inet:ipv4-prefix
         |  |        +--ro counters
         |  |        |  +--ro packets-forwarded?          oc-yang:counter64
         |  |        |  +--ro octets-forwarded?           oc-yang:counter64
         |  |        |  +--ro packets-forwarded-backup?   oc-yang:counter64
         |  |        |  +--ro octets-forwarded-backup?    oc-yang:counter64
         |  |        +--ro entry-metadata?                             binary
         |  |        +--ro origin-protocol?                            identityref
-        |  |        +--ro decapsulate-header?                         oc-aftt:encapsulation-header-type
+        |  |        +--ro decapsulate-header?                         oc-types:encapsulation-header-type
         |  |        +--ro oc-aftni:next-hop-group?                    -> /oc-ni:network-instances/network-instance/afts/next-hop-groups/next-hop-group/state/id
         |  |        +--ro oc-aftni:next-hop-group-network-instance?   oc-ni:network-instance-ref
         |  |        +--ro oc-aftni:origin-network-instance?           oc-ni:network-instance-ref
         |  +--ro ipv6-unicast
         |  |  +--ro ipv6-entry* [prefix]
         |  |     +--ro prefix    -> ../state/prefix
         |  |     +--ro state
         |  |        +--ro prefix?                                     oc-inet:ipv6-prefix
         |  |        +--ro counters
         |  |        |  +--ro packets-forwarded?          oc-yang:counter64
         |  |        |  +--ro octets-forwarded?           oc-yang:counter64
         |  |        |  +--ro packets-forwarded-backup?   oc-yang:counter64
         |  |        |  +--ro octets-forwarded-backup?    oc-yang:counter64
         |  |        +--ro entry-metadata?                             binary
         |  |        +--ro origin-protocol?                            identityref
-        |  |        +--ro decapsulate-header?                         oc-aftt:encapsulation-header-type
+        |  |        +--ro decapsulate-header?                         oc-types:encapsulation-header-type
         |  |        +--ro oc-aftni:next-hop-group?                    -> /oc-ni:network-instances/network-instance/afts/next-hop-groups/next-hop-group/state/id
         |  |        +--ro oc-aftni:next-hop-group-network-instance?   oc-ni:network-instance-ref
         |  |        +--ro oc-aftni:origin-network-instance?           oc-ni:network-instance-ref
         |  +--ro policy-forwarding
         |  |  +--ro policy-forwarding-entry* [index]
         |  |     +--ro index    -> ../state/index
         |  |     +--ro state
         |  |        +--ro index?                                      uint64
         |  |        +--ro ip-prefix?                                  oc-inet:ip-prefix
         |  |        +--ro mac-address?                                oc-yang:mac-address
         |  |        +--ro mpls-label?                                 oc-mplst:mpls-label
         |  |        +--ro mpls-tc?                                    oc-mplst:mpls-tc
         |  |        +--ro ip-dscp?                                    oc-inet:dscp
         |  |        +--ro ip-protocol?                                oc-pkt-match-types:ip-protocol-type
         |  |        +--ro l4-src-port?                                oc-inet:port-number
         |  |        +--ro l4-dst-port?                                oc-inet:port-number
         |  |        +--ro counters
         |  |        |  +--ro packets-forwarded?   oc-yang:counter64
         |  |        |  +--ro octets-forwarded?    oc-yang:counter64
         |  |        +--ro entry-metadata?                             binary
@@ -3534,65 +3621,65 @@
         |  |           |  +--ro id?               uint64
         |  |           |  +--ro dscp*             oc-inet:dscp
         |  |           |  +--ro next-hop-group?   -> ../../../../../next-hop-group/state/id
         |  |           +--ro input-interfaces
         |  |              +--ro input-interface* [id]
         |  |                 +--ro id       -> ../state/id
         |  |                 +--ro state
         |  |                    +--ro id?             string
         |  |                    +--ro interface?      -> /oc-if:interfaces/interface/name
         |  |                    +--ro subinterface?   -> /oc-if:interfaces/interface[oc-if:name=current()/../interface]/subinterfaces/subinterface/index
         |  +--ro next-hops
         |  |  +--ro next-hop* [index]
         |  |     +--ro index            -> ../state/index
         |  |     +--ro state
         |  |     |  +--ro index?                       uint64
         |  |     |  +--ro programmed-index?            uint64
         |  |     |  +--ro ip-address?                  oc-inet:ip-address
         |  |     |  +--ro mac-address?                 oc-yang:mac-address
         |  |     |  +--ro pop-top-label?               boolean
         |  |     |  +--ro pushed-mpls-label-stack*     oc-mplst:mpls-label
-        |  |     |  +--ro encapsulate-header?          oc-aftt:encapsulation-header-type
-        |  |     |  +--ro decapsulate-header?          oc-aftt:encapsulation-header-type
+        |  |     |  +--ro encapsulate-header?          oc-types:encapsulation-header-type
+        |  |     |  +--ro decapsulate-header?          oc-types:encapsulation-header-type
         |  |     |  +--ro origin-protocol?             identityref
         |  |     |  +--ro lsp-name?                    string
         |  |     |  +--ro counters
         |  |     |  |  +--ro packets-forwarded?   oc-yang:counter64
         |  |     |  |  +--ro octets-forwarded?    oc-yang:counter64
         |  |     |  +--ro vni-label?                   oc-evpn-types:evi-id
         |  |     |  +--ro tunnel-src-ip-address?       oc-inet:ip-address
         |  |     |  +--ro oc-aftni:network-instance?   oc-ni:network-instance-ref
         |  |     +--ro ip-in-ip
         |  |     |  +--ro state
         |  |     |     +--ro src-ip?   oc-inet:ip-address
         |  |     |     +--ro dst-ip?   oc-inet:ip-address
         |  |     +--ro gre
         |  |     |  +--ro state
         |  |     |     +--ro src-ip?   oc-inet:ip-address
         |  |     |     +--ro dst-ip?   oc-inet:ip-address
         |  |     |     +--ro ttl?      uint8
         |  |     +--ro encap-headers
         |  |     |  +--ro encap-header* [index]
         |  |     |     +--ro index     -> ../state/index
         |  |     |     +--ro state
         |  |     |     |  +--ro index?   uint8
-        |  |     |     |  +--ro type?    oc-aftt:encapsulation-header-type
+        |  |     |     |  +--ro type?    oc-types:encapsulation-header-type
         |  |     |     +--ro gre
         |  |     |     |  +--ro state
         |  |     |     |     +--ro src-ip?   oc-inet:ip-address
         |  |     |     |     +--ro dst-ip?   oc-inet:ip-address
         |  |     |     |     +--ro ttl?      uint8
         |  |     |     +--ro ipv4
         |  |     |     |  +--ro state
         |  |     |     |     +--ro src-ip?   oc-inet:ip-address
         |  |     |     |     +--ro dst-ip?   oc-inet:ip-address
         |  |     |     +--ro ipv6
         |  |     |     |  +--ro state
         |  |     |     |     +--ro src-ip?   oc-inet:ip-address
         |  |     |     |     +--ro dst-ip?   oc-inet:ip-address
         |  |     |     +--ro mpls
         |  |     |     |  +--ro state
         |  |     |     |     +--ro traffic-class?      oc-mplst:mpls-tc
         |  |     |     |     +--ro mpls-label-stack*   oc-mplst:mpls-label
         |  |     |     +--ro udp-v4
         |  |     |     |  +--ro state
         |  |     |     |     +--ro src-ip?         oc-inet:ip-address

@danameme danameme requested a review from a team as a code owner October 24, 2024 22:07
@danameme danameme mentioned this pull request Oct 24, 2024
Closed
@dplore
Copy link
Member

dplore commented Oct 24, 2024

/gcbrun

@OpenConfigBot
Copy link

OpenConfigBot commented Oct 24, 2024
edited
Loading

Major YANG version changes in commit dc39a8e:
openconfig-aft-types.yang: 1.2.0 -> ``

dplore
dplore reviewed Oct 30, 2024
View reviewed changes
Copy link
Member

@dplore dplore left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for making this PR @danameme. I have a couple of comments.

release/models/policy-forwarding/openconfig-pf-forwarding-policies.yang Outdated Show resolved Hide resolved
release/models/policy-forwarding/openconfig-pf-forwarding-policies.yang Outdated Show resolved Hide resolved
release/models/policy-forwarding/openconfig-pf-forwarding-policies.yang
"A pointer to an entry in an ordered list of next-hop-groups.";
}

leaf ip-address {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the operational scenario? Do you want to match on the name of a next-hop-group which is configured? Or the next-hop IP prefix?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Match on the next hop IP prefix, the GUE encapsulation action is based on the protocol next hop IP.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, SGTM

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to model next-hop here instead of next-hop group

@dplore dplore self-assigned this Oct 30, 2024
dplore
dplore approved these changes Oct 31, 2024
View reviewed changes
Copy link
Member

@dplore dplore left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Setting this to last call

@dplore
Copy link
Member

dplore commented Oct 31, 2024

/gcbrun

@dplore
Copy link
Member

dplore commented Oct 31, 2024

Regarding implementations for this policy language, we are pursing support for this from multiple vendors.

@dplore dplore added the last-call PR that is in final review before merging. label Oct 31, 2024
@dplore
Copy link
Member

dplore commented Nov 1, 2024

/gcbrun

@robshakir
Copy link
Contributor

Can we link another implementation here?

@dplore
Copy link
Member

dplore commented Nov 7, 2024

Can we link another implementation here?

There is only one known implementation. We are actively engaged with multiple vendors who have agreed that this is feasible to implement on their platforms. Finalizing the OC model helps complete the specification.

@LimeHat
Copy link

LimeHat commented Nov 7, 2024
edited
Loading

A few comments that I mentioned during the call today:

  1. arista reference does not describe the policy-based implementation with the NH match criteria
  2. it does, however, describe the encap based on statically configured NHG.

It would be good to
a) find a correct reference if one exists
b) explain the motivation of why do you want to do this via the policy instead of static config of NH/NHGs. From the current description it is not clear if there's a reason for it. (perhaps there is, something like a dependency on dynamic routing protocols?)

In addition, could you please elaborate on possible combinations of match/action rules? Some of the PF actions can affect the egress lookup (e.g. next-hop or network-instance actions), so I think we should clearly indicate which combinations are illegal (can i combine next-hop match with next-hop action?).
Would be nice to add (to the PR description) a few typical combinations to illustrate how this is supposed to be used as well.

Last but not least, I'm a slightly perplexed by the mix of NH and NHG constructs in the proposal.
If there's a desire to match on a next-hop IP address, what is the role of the NHG construct there? This doesn't seem to be well explained

@dplore dplore removed the last-call PR that is in final review before merging. label Nov 12, 2024
ncorran
ncorran suggested changes Nov 12, 2024
View reviewed changes
Copy link

@ncorran ncorran left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From a Cisco perspective, we have some concerns and questions with this propsed set of changes for GUE support.

We are discussing more internally to provide more feedback and potentially an alternative proposal, as we believe there are alternative ways to represent what is needed here with config fitting into other places in the OC models.

In particular the 'encapsulate' action under PF needs more discussion.

@dplore
Copy link
Member

dplore commented Nov 13, 2024

I discussed offline with @danameme and this will receive a major refactor. Please standby while Dan prepares it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dplore dplore dplore approved these changes

@ncorran ncorran ncorran requested changes

Assignees

@dplore dplore

Labels
breaking
Projects
OC Operator Review
Status: In Progress
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@danameme @dplore @OpenConfigBot @robshakir @LimeHat @ncorran