Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Macsec type7 support for CAK keys #9812

Merged
merged 3 commits into from
Sep 26, 2023
Merged

Macsec type7 support for CAK keys #9812

merged 3 commits into from
Sep 26, 2023

Conversation

judyjoseph
Copy link
Contributor

@judyjoseph judyjoseph commented Sep 2, 2023
edited
Loading

Approach

What is the motivation for this PR?

Following this PR : sonic-net/sonic-swss#2892.
MSFT ADO : 25046448

How did you do it?

Updated the profile.json files and macsec config helper eos macsec key configuration to start using type 7 keys

How did you verify/test it?

Ran the sonic-mgmt testsuite using azure pipeline : https://dev.azure.com/mssonic/internal/_build/results?buildId=355362&view=results


256 cipher suite
---------------------

2023-09-05T21:28:49.8247891Z macsec/test_controlplane.py::TestControlPlane::test_wpa_supplicant_processes[256_XPN_SCI] PASSED [ 25%]
2023-09-05T21:29:40.7325077Z macsec/test_controlplane.py::TestControlPlane::test_appl_db[256_XPN_SCI] PASSED [ 50%]
2023-09-05T21:30:42.5996584Z macsec/test_controlplane.py::TestControlPlane::test_mka_session[256_XPN_SCI] PASSED [ 75%]
2023-09-05T21:40:10.1442889Z macsec/test_dataplane.py::TestDataPlane::test_server_to_neighbor[256_XPN_SCI] SKIPPED [ 25%]
2023-09-05T21:46:07.3679940Z macsec/test_dataplane.py::TestDataPlane::test_neighbor_to_neighbor[256_XPN_SCI] PASSED [ 75%]
2023-09-05T21:46:40.9046519Z macsec/test_dataplane.py::TestDataPlane::test_counters[256_XPN_SCI] SKIPPED [100%]
2023-09-05T21:56:02.9546015Z macsec/test_deployment.py::TestDeployment::test_config_reload[256_XPN_SCI] PASSED [100%]
2023-09-05T22:02:37.7583207Z macsec/test_fault_handling.py::TestFaultHandling::test_link_flap[256_XPN_SCI] PASSED [ 50%]
2023-09-05T22:05:49.2488586Z macsec/test_fault_handling.py::TestFaultHandling::test_mismatch_macsec_configuration[256_XPN_SCI] PASSED [100%]
2023-09-05T22:10:11.2433992Z macsec/test_interop_protocol.py::TestInteropProtocol::test_port_channel[256_XPN_SCI] PASSED [ 25%]
2023-09-05T22:12:23.9622315Z macsec/test_interop_protocol.py::TestInteropProtocol::test_lldp[256_XPN_SCI] PASSED [ 50%]
2023-09-05T22:12:23.9652391Z macsec/test_interop_protocol.py::TestInteropProtocol::test_bgp[256_XPN_SCI] SKIPPED [ 75%]

macsec/test_controlplane.py::TestControlPlane::test_rekey_by_period[256_XPN_SCI]  and
macsec/test_dataplane.py::TestDataPlane::test_dut_to_neighbor[256_XPN_SCI]  PASSED when ran separately.


128  cipher suite
---------------------


2023-09-06T14:46:57.3394106Z macsec/test_controlplane.py::TestControlPlane::test_wpa_supplicant_processes[128_SCI] PASSED [ 25%]
2023-09-06T14:47:47.4097240Z macsec/test_controlplane.py::TestControlPlane::test_appl_db[128_SCI] PASSED [ 50%]
2023-09-06T14:48:47.9331774Z macsec/test_controlplane.py::TestControlPlane::test_mka_session[128_SCI] PASSED [ 75%]
2023-09-06T14:49:20.4008634Z macsec/test_controlplane.py::TestControlPlane::test_rekey_by_period[128_SCI] SKIPPED [100%]
2023-09-06T14:49:23.8751921Z macsec/test_dataplane.py::TestDataPlane::test_server_to_neighbor[128_SCI] SKIPPED [ 25%]
2023-09-06T14:54:18.9892866Z macsec/test_dataplane.py::TestDataPlane::test_dut_to_neighbor[128_SCI] PASSED [ 50%]
2023-09-06T14:55:16.6903328Z macsec/test_dataplane.py::TestDataPlane::test_neighbor_to_neighbor[128_SCI] PASSED [ 75%]
2023-09-06T14:56:26.1174068Z macsec/test_dataplane.py::TestDataPlane::test_counters[128_SCI] PASSED   [100%]
2023-09-06T15:05:52.8857911Z macsec/test_deployment.py::TestDeployment::test_config_reload[128_SCI] PASSED [100%]
2023-09-06T15:12:34.1145445Z macsec/test_fault_handling.py::TestFaultHandling::test_link_flap[128_SCI] PASSED [ 50%]
2023-09-06T15:15:47.0048553Z macsec/test_fault_handling.py::TestFaultHandling::test_mismatch_macsec_configuration[128_SCI] PASSED [100%]
2023-09-06T15:20:08.2761009Z macsec/test_interop_protocol.py::TestInteropProtocol::test_port_channel[128_SCI] PASSED      [ 25%]
2023-09-06T15:22:21.9127964Z macsec/test_interop_protocol.py::TestInteropProtocol::test_lldp[128_SCI] PASSED [ 50%]
2023-09-06T15:22:21.9154379Z macsec/test_interop_protocol.py::TestInteropProtocol::test_bgp[128_SCI] SKIPPED [ 75%]
2023-09-06T15:23:00.6891816Z macsec/test_interop_protocol.py::TestInteropProtocol::test_snmp[128_SCI] SKIPPED [100%]

Any platform specific information?

Supported testbed topology if it's a new test case?

Documentation

@judyjoseph judyjoseph requested a review from Pterosaur September 2, 2023 00:23
Pterosaur
Pterosaur previously approved these changes Sep 2, 2023
View reviewed changes
@judyjoseph
Copy link
Contributor Author

Add more details of macsec pipeline run with T2

@judyjoseph judyjoseph requested a review from Pterosaur September 6, 2023 16:18
This was referenced Sep 6, 2023
Merged
Merged
yejianquan pushed a commit that referenced this pull request Sep 8, 2023
@judyjoseph
Macsec profiles to accept type 7 encoded keys (#9873)
d2875c3 
What is the motivation for this PR?
PR : #9812 in branch 202205

How did you do it?
All details in #9812

How did you verify/test it?
All details in #9812

co-authorized by: [email protected]
This was referenced Sep 8, 2023
Merged
Merged
@mssonicbld mssonicbld mentioned this pull request Sep 21, 2023
Merged
11 tasks
@Pterosaur Pterosaur mentioned this pull request Sep 22, 2023
Closed
11 tasks
@judyjoseph
Copy link
Contributor Author

/AzurePipelines run Azure.sonic-buildimage

@azure-pipelines
Copy link

Azure Pipelines could not run because the pipeline triggers exclude this branch/path.

@judyjoseph
Copy link
Contributor Author

/azp run

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@judyjoseph
Copy link
Contributor Author

@yejianquan, please merge this PR for master -- before we revert the macsec test bypass

@judyjoseph judyjoseph merged commit 32cdfcd into sonic-net:master Sep 26, 2023
@judyjoseph judyjoseph deleted the macsec_type7 branch September 26, 2023 05:16
@mssonicbld
Copy link
Collaborator

@judyjoseph PR conflicts with 202205 branch

@mssonicbld
Copy link
Collaborator

Cherry-pick PR to 202305: #10775

mssonicbld pushed a commit to mssonicbld/sonic-mgmt that referenced this pull request Nov 18, 2023
@judyjoseph @mssonicbld
Macsec type7 support for CAK keys (sonic-net#9812)
a4f3fd8 
* Macsec profiles to accept type 7 encoded keys
* Add type 7 even to eos configs as macsec profilejson now has type 7 keys
@mssonicbld mssonicbld mentioned this pull request Nov 18, 2023
Merged
mssonicbld pushed a commit that referenced this pull request Nov 18, 2023
@judyjoseph @mssonicbld
Macsec type7 support for CAK keys (#9812)
62906af 
* Macsec profiles to accept type 7 encoded keys
* Add type 7 even to eos configs as macsec profilejson now has type 7 keys
AharonMalkin pushed a commit to AharonMalkin/sonic-mgmt that referenced this pull request Jan 25, 2024
@judyjoseph @AharonMalkin
Macsec type7 support for CAK keys (sonic-net#9812)
9bda496 
* Macsec profiles to accept type 7 encoded keys
* Add type 7 even to eos configs as macsec profilejson now has type 7 keys
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Pterosaur Pterosaur Pterosaur approved these changes

Assignees
No one assigned
Labels
Approved for 202205 branch Approved for 202305 branch Cherry Pick Conflict_202205 Included in 202305 branch Request for 202305 branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@judyjoseph @mssonicbld @Pterosaur @StormLiangMS