[feature] ASIC-focused 1st draft of multicast PRE

[zeeshanlakhani]

Note: This mainly works for the tofinio_asic feature. Hence, I've created a multicast branch to plug updates/PRs into.

Includes:
* Multicast Group API management: add, modify, delete, reset, SSM handling
* sidecar.p4 tofino_asic updates to integrate multicast packet replication
* Table management for ASIC switch tables for multicast
* integration tests and test utility additions

[zeeshanlakhani]

I'll add some notes to the PR tomorrow morning (to explain through pieces).

[zeeshanlakhani]

I moved these functions in for use beyond the counters test (and having mcast tests all live in that module)

[zeeshanlakhani]

Note: client name changes to decipher.

[zeeshanlakhani]

Note: I did move this around to make MAX post the new drop additions.

[rcgoodfellow]

Thanks Zeeshan. I've provided some comments on the API and am about half way through the P4 code. Have to run, but wanted to get these initial comments in.

[rcgoodfellow]

Since we're changing quite a bit around link-local multicast, we need to test this e2e with ddm.

[FelixMcFelix]

Thanks for this Zeeshan, some notes so far. I haven't yet made it through dpd/src/mcast.rs and the table management code yet.

[zeeshanlakhani]

Got this back down to 14 stages.

[FelixMcFelix]

I think I've had a look over all the changes now, thanks for acting on the last round of feedback.

[FelixMcFelix]

I think this ties in with my confusion over why we're always following NAT ingress with NAT egress in the multicast case, given that the output packets are only different in their VLAN. I thought a bare frame would come out Geneve encapsulated onto the underlay network (integration_tests::nat::gen_geneve_packet)? The behaviour I had maybe expected would be:

• Multicast packet arrives on a front panel port, possibly on VLAN x.
  • Strip VLAN, Geneve encapsulate packet using fields in group_entry.nat_target.
  • Adjust TTL.
  • Replicate Geneve encapsulated frames out on all rear ports on the mcast group.
• Encapsulated multicast packet arrives on a rear panel port.
  • Adjust TTL.
  • Replicate frame, including Geneve, onto all other rear panel ports in the group.
  • Replicate frame, excluding Geneve, onto all front panel ports in the group. Insert VLAN x if required by link.

Am I coming at this the wrong way?

[zeeshanlakhani]

Yeah, I get your question (and we're chatting tmrw); however, I'm trying to map/orient how we should do this (vs unicast). Today, nat_egress is triggered when we match a switch_address (a v4/v6 address assigned to ports on the switch when configuring port settings on switch initialization). I definitely don't know enough (classic!), but for multicast group creation, there's nothing specifically tying multicast groups to ingress ports (so that we'd know if it's a front vs rear panel port or not), and it will dynamically change.

So, we'd need to explore an alternative approach to what we did for unicast before, though we could reuse the switch tables, possibly?

[zeeshanlakhani]

Ok, after discussion, we have a way forward in separating out ingress(encap)/egress(decap) ports for replication (and some minor changes to the .p4 code to avoid checks when necessary). I'll push the changes up later today.

[Nieuwejaar]

Why is all of this in this file? None of these are constants.

[zeeshanlakhani]

Ok, yeah, I'll move defines to the top of the sidecar.

[Nieuwejaar]

Elsewhere, we have different entry points for GETs returning all or one. e.g., /ndp/ and /ndp/{ip}.

[zeeshanlakhani]

yeah, that's why I made this a query param if you want to use the ID (vs the {ip} variant). But, maybe I should just remove the get by group_id entirely to avoid confusion.

[Nieuwejaar]

I think I'm saying the opposite of that. I'm asking you to add a second entry point rather than use a query param, so this is consistent with the other APIs. If you don't think there is a use case for getting a single group, then you can remove the query param and not add a second endpoint.

[zeeshanlakhani]

Yeah. With the updates coming for separating ingress/egress port members, I think it's less necessary.

Sadly, for a second entry point, I ran into issues with/ dropshot b/c it would error on having both /group/{ip} and /group/{id} (even with different types), so then the route names would have to be different. So, yeah, I'll remove it in the next push.

[Nieuwejaar]

Why add these new derives? It doesn't look like VlanId is part of the API.

[zeeshanlakhani]

I waas using it previously, but dropped it. Good catch, will remove.

[Nieuwejaar]

This should be table/mcast/mod.rs to keep with the style elsewhere in the repo.
I would also rename the sub-modules so they are unique, and we don't have two route.rs modules inside dpd. Maybe prefix them all with mcast_?

[zeeshanlakhani]

Yeah, I'll move to the "older style".

[Nieuwejaar]

I know it leads to a little code duplication, but I'd like to keep the table keys private to their modules.

[Nieuwejaar]

The only place this is used is when we're out of group IDs. You could just make that a specific error, rather than the vague "resource exhausted".

[zeeshanlakhani]

ResourceExhaused is for the next line, but I'll rename this to something more apt.

[Nieuwejaar]

Neither of these seem to be used anywhere.

[zeeshanlakhani]

Yep. I was initially setting these into the packet to copy over some mcast info. But, I'll remove this.

[Nieuwejaar]

This is an 8 bit field - why allow a 16 bit delta?

[zeeshanlakhani]

It was so I could update it to set it to 0 for a test:

ipv6::Ipv6Hdr::adjust_hlim(&mut to_send, -255);