[HLD] User Defined Fields(UDF) feature in SONiC#2299
[HLD] User Defined Fields(UDF) feature in SONiC#2299srodd-nexthop wants to merge 5 commits intosonic-net:masterfrom
Conversation
|
/azp run |
|
No pipelines are associated with this pull request. |
srodd-nexthop
force-pushed
the
srodd.nexthopai-udf
branch
from
9ffbae4 to
b2df6c0
Compare
|
/azp run |
|
No pipelines are associated with this pull request. |
|
|
||
| ### Object Roles(one-liner) | ||
|
|
||
| - **UDF** = WHERE and how big (udf_field position/length in ACL key) |
There was a problem hiding this comment.
Where is position defined?
There was a problem hiding this comment.
"Position" here means the slot index in the ACL key where the extracted udf_field bytes are written, not a property of the UDF object itself. Hence its called out as position in acl key
| { | ||
| // UDF definition | ||
| "UDF": { "BTH_RESERVED": { "field_type": "GENERIC", "length": "1" } }, | ||
| "UDF_SELECTOR": { "BTH_RESERVED|roce_v1": { "match": { "l2_type": "0x8915", "l2_type_mask": "0xFFFF", "priority": "100" }, "select": { "base": "L2", "offset": "22" } }, |
There was a problem hiding this comment.
I suppose base defined the start point of UDF object. But I think L2, L3 or L4 could be misleading sometimes. For example, there could be encapsulated frames, including VXLAN, IPinIP, and different IP hearers.
There was a problem hiding this comment.
What's the difference between GENERIC and hash?
There was a problem hiding this comment.
the base here are looking for the outer headers and for inner header we have to rely on the offset. Its been documented as an example in sonic-sairedis/SAI/doc/ACL/UDF-based-ACL.md
There was a problem hiding this comment.
GENERIC is used for ACL integration
HASH is to define fields for ECMP hashing.
srodd-nexthop
force-pushed
the
srodd.nexthopai-udf
branch
from
b2df6c0 to
800d9cc
Compare
|
/azp run |
|
No pipelines are associated with this pull request. |
| // UDF definition | ||
| "UDF": { "BTH_RESERVED": { "field_type": "GENERIC", "length": "1" } }, | ||
| "UDF_SELECTOR": { "BTH_RESERVED|roce_v1": { "match": { "l2_type": "0x8915", "l2_type_mask": "0xFFFF", "priority": "100" }, "select": { "base": "L2", "offset": "22" } }, | ||
| "BTH_RESERVED|roce_v2": { "match": { "l3_type": "0x11", "l3_type_mask": "0xFF", "priority": "100" }, "select": { "base": "L4", "offset": "16" } } }, |
There was a problem hiding this comment.
Can you please clarify how match and select work together?
I suppose match + select = When this packet type appears, extract bytes from HERE. Is that correct?
There was a problem hiding this comment.
yes, match acts as a filter and select acts as a pointer from where the field has to be extracted.
|
|
||
| ### 8.2 CLI | ||
|
|
||
| CLI configuration for UDF is **not implemented**. Configuration is applied directly via CONFIG_DB using `sonic-cfggen` or `redis-cli`: |
There was a problem hiding this comment.
GCU (Generic Config Update) should be the preferred mechanism if CLI is not in plan.
There was a problem hiding this comment.
Thanks — your json-in-config_db comment pushed me to drop the JSON-string model. select and match are now flat CONFIG_DB fields (select_base, select_offset, match_l2_type, …), so GCU, sonic-cfggen, and YANG all work natively.
|
|
||
| #### Why `select` and `match` are JSON values rather than flat fields | ||
|
|
||
| CONFIG_DB stores each row as a flat Redis hash — one key, string-valued fields. Modeling `select` and `match` as nested containers would require splitting them into separate tables (e.g., `UDF_SELECTOR_SELECT`, `UDF_SELECTOR_MATCH`) keyed by the same `<udf>|<selector>`. We chose to keep the selector as a single atomic row so that a SET/DEL on one key represents one complete selector, and `match`/`select` cannot drift out of sync across tables. The tradeoff is that their internal structure lives inside a JSON value instead of the YANG tree. |
There was a problem hiding this comment.
Need to confirm and verify this json-in-config_db model is supported by GCU and other CLI, like sonic-cfggen.
YANG model validation can be another challenge as the json value will be handled as a pure string.
| // UDF definition | ||
| "UDF": { "BTH_RESERVED": { "field_type": "GENERIC", "length": "1" } }, | ||
| "UDF_SELECTOR": { "BTH_RESERVED|roce_v1": { "match": { "l2_type": "0x8915", "l2_type_mask": "0xFFFF", "priority": "100" }, "select": { "base": "L2", "offset": "22" } }, | ||
| "BTH_RESERVED|roce_v2": { "match": { "l3_type": "0x11", "l3_type_mask": "0xFF", "priority": "100" }, "select": { "base": "L4", "offset": "16" } } }, |
There was a problem hiding this comment.
May need some clarification on the priority, including
- Is higher number = higher priority or lower?
- What happens when two selectors have the SAME priority and both match?
- Is priority globally unique required, or just per-field?
There was a problem hiding this comment.
Thanks for the question, I'll validate the behavior on HW and update the HLD with concrete answers.
srodd-nexthop
force-pushed
the
srodd.nexthopai-udf
branch
from
800d9cc to
f3f9670
Compare
|
/azp run |
|
No pipelines are associated with this pull request. |
Signed-off-by: satishkumar rodd <srodd@nexthop.ai>
Signed-off-by: satishkumar rodd <srodd@nexthop.ai>
srodd-nexthop
force-pushed
the
srodd.nexthopai-udf
branch
from
f3f9670 to
4efbcde
Compare
|
/azp run |
|
No pipelines are associated with this pull request. |
srodd-nexthop
force-pushed
the
srodd.nexthopai-udf
branch
from
4efbcde to
42e0539
Compare
|
/azp run |
|
No pipelines are associated with this pull request. |
Signed-off-by: satishkumar rodd <srodd@nexthop.ai>
srodd-nexthop
force-pushed
the
srodd.nexthopai-udf
branch
from
42e0539 to
3b6d857
Compare
|
/azp run |
|
No pipelines are associated with this pull request. |
| - Udf: Dependency handling, offset/base validation | ||
| - UdfOrch: CONFIG_DB subscription, group OID resolution, ref-count tracking | ||
|
|
||
| ### 10.2 System Tests |
There was a problem hiding this comment.
can you elaborate this with scenarios and expectation. Also, please update PR link for sonic-mgmt tests.
|
/azp run |
|
No pipelines are associated with this pull request. |
Replaces the high-level test categories in section 10 with explicit
test scenarios drawn from the sonic-mgmt UDF suite, following the
Step / Goal / Expected results format used in the Overlay ECMP HLD.
10.2 System Tests now covers:
- Baseline programming
- End-to-end traffic
- UDF/ACL dependency and teardown order
- ACL rule priority
- Forward reference resolution
- Multiple selectors per group
- SAI attribute correctness (all 4 match types, 3 bases, auto-mask,
match-presence regressions)
- Match-type traffic filtering (L2 / L4 / IPv6)
- Reference counting (UDF_MATCH dedup, UDF_GROUP refcount layers,
ACL_RULE refcount on selectors)
- Immutability and idempotency
- Validation edge cases
10.3 Negative Tests:
- Invalid CONFIG_DB
- Selector field validation
Each subsection references the corresponding test class(es) in the
sonic-mgmt suite (tests/udf/test_udf.py, parallel PR -- Open Item #9).
Addresses prsunny review comment.
Signed-off-by: Satishkumar Rodd <srodd@nexthop.ai>
srodd-nexthop
force-pushed
the
srodd.nexthopai-udf
branch
from
320c343 to
bcd2d5d
Compare
4 participants
Description:
Adds HLD for the UDF feature in SONiC, covering:
CONFIG_DB schema for UDF and UDF_SELECTOR tables
UdfOrch orchestration for SAI UDF Group, Match, and UDF object lifecycle
ACL integration with udf_field name resolution
YANG model validation, match deduplication, and dependency ordering
Yang changes: sonic-net/sonic-buildimage#26874
Swss changes: sonic-net/sonic-swss#4493
sairedis changes: sonic-net/sonic-sairedis#1856