Update SmartSwitch HA HLD#2180
Merged
Merged
Conversation
Signed-off-by: BYGX-wcr <wcr@live.cn>
Collaborator
|
/azp run |
|
No pipelines are associated with this pull request. |
zjswhhh
reviewed
Jan 13, 2026
| Although the state machine is driven by HAmgrd running on the NPU, the health signals that triggers the unplanned state machine transition are still expected to be driven by the DPU. | ||
| Specifically, we expect the DPU to perform the following two health monitoring mechanisms: | ||
| 1. DPU-to-DPU liveness probing: The data path and packet format of the DPU-to-DPU probe will be the same as the one defined in the main HA design doc. Please refer to the [DPU-to-DPU data plane channel design](./smart-switch-ha-hld.md#4352-dpu-to-dpu-data-plane-channel). Upon detecting remote DPU failure events, the local DPU should notify the local HAmgrd via [DASH SAI event notification API](https://github.com/opencomputeproject/SAI/blob/master/experimental/saiswitchextensions.h). | ||
| 2. DPU self health check: The DPU should monitor the health of itself and try to report failures via pmon if it can. No newline at end of file |
Contributor
There was a problem hiding this comment.
Can we add details about these health checkers? I.e. what exact DB entries are we checking?
Contributor
Author
There was a problem hiding this comment.
The self-health check is meant to be implemented by the vendors. Yet, we certainly should define a uniform PMON messaging format.
|
|
||
| The state transition graph for DPU-scope-NPU-driven HA is shown as below: | ||
|
|
||
| <p align="center"><img alt="HA state transition" src="./images/dpu-scope-npu-driven-ha-state-transition.svg"></p> |
Contributor
There was a problem hiding this comment.
Instead of wording like "problem detected", can we put in more details, i.e. PeerLost SAI notification?
Can we have a full picture of what exact events will trigger what transition?
Signed-off-by: BYGX-wcr <wcr@live.cn>
Collaborator
|
/azp run |
|
No pipelines are associated with this pull request. |
Signed-off-by: BYGX-wcr <wcr@live.cn>
Collaborator
|
/azp run |
|
No pipelines are associated with this pull request. |
Signed-off-by: BYGX-wcr <wcr@live.cn>
Collaborator
|
/azp run |
|
No pipelines are associated with this pull request. |
…ents Signed-off-by: BYGX-wcr <wcr@live.cn>
Collaborator
|
/azp run |
|
No pipelines are associated with this pull request. |
Signed-off-by: BYGX-wcr <wcr@live.cn>
Collaborator
|
/azp run |
|
No pipelines are associated with this pull request. |
Signed-off-by: BYGX-wcr <wcr@live.cn>
Collaborator
|
/azp run |
|
No pipelines are associated with this pull request. |
r12f
requested changes
Jan 24, 2026
|
|
||
| Hence, to summarize, we are skipping designing ENI-level pipeline probe here. | ||
|
|
||
| #### 6.3.3. Failure Notication |
|
|
||
| #### 7.2.2 State: Connecting | ||
|
|
||
| - Iniate connections to the peer DPU |
|
|
||
| - Iniate connections to the peer DPU | ||
| - On successful connection to the peer DPU, transition to *Connected* | ||
| - On connection failures, follow the standard procedure to transition to *Standalone* |
Contributor
There was a problem hiding this comment.
we need to do retry here on connection failure.
| - On acquiring the voting result, perform the following state changes: | ||
| * transition to *InitializingToActive* if won the vote | ||
| * transition to *InitializingToStandby* if lost the vote | ||
| - If failed to get the voting result, follow the standard procedure to transition to *Standalone* |
Contributor
There was a problem hiding this comment.
replace standard procedure to transition to *Standalone* with [Entering standalone setup](#1014-entering-standalone-setup)
Standalone is a state. This will be misleading, as it could end up with state that is not standalone.
| - Listening for `PlannedSwitchover` and `PlannedShutdown` | ||
| * On receiving `PlannedSwitchover`, transition to *SwitchingToActive* | ||
| * On receiving `PlannedShutdown`, transition to *Destroying* | ||
| - Listening for health signals |
Contributor
There was a problem hiding this comment.
maybe we should just refer to unplanned events handling.
Contributor
There was a problem hiding this comment.
there can be many ways to fail unplanned.
Contributor
Author
There was a problem hiding this comment.
if that is the case, there is no need to list this in every single item.
| - Request the approval to be active DPU from SDN controller | ||
| - Wait until received the approval, transition to *Active* | ||
|
|
||
| #### 7.2.7 State: PendingStandbyRoleActivation |
Contributor
There was a problem hiding this comment.
also need to update the switch over and launch process below.
Contributor
Author
There was a problem hiding this comment.
updated launch process. Not seen any changes needed in switchover.
zjswhhh
reviewed
Jan 26, 2026
|
|
||
| #### 6.3.3. Failure Notication | ||
|
|
||
| Although we let the vendors to design their own probing mechanism, we specify a uniform failure event notification interface: [DASH SAI event notification API](https://github.com/opencomputeproject/SAI/blob/master/experimental/saiswitchextensions.h). The health signal will be reflected in `dp_channel_is_alive` field in `DASH_HA_SET_STATE` table of `STATE_DB` (per-DPU). |
Contributor
There was a problem hiding this comment.
It should be DPU_STATE_DB, instead of DPU's STATE_DB.
zjswhhh
reviewed
Jan 26, 2026
| | Standalone | Heartbeat to pair is lost. Acting like a standalone setup. | Yes | Yes | Yes | Yes | No | No | Acting like the peer doesn’t exist, hence skip all data syncs. <br/><br/>However, the peer can be still connected, because in certain failure cases, we have to drive the DPU to standalone mode for mitigation. | | ||
| | SwitchingToActive | Connected and preparing to switch over to active. | No | Yes | Yes | Yes | Yes | No | SwitchingToActive state is a transient state to help old active moving to standby, hence it accepts flow sync from old active, as well as making decision and sync flow back, when old active moved to standby.<br/><br/>Bulk sync is not used in SwitchOver at all. | | ||
| | SwitchingToStandby | Connected, leaving active state and preparing to become standby. | Yes | Tunneled to pair | Tunneled to pair | Yes | No | No | SwitchingToStandby is a transient state to help new active moving from SwitchingToActive state to active state. It is identical to standby except responding NPU probe to tunneling traffic. This is needed to make sure we always only have 1 decider at any moment during the transition.<br/><br/>Bulk sync is not used in SwitchOver at all. | | ||
| | PendingActiveRoleActivation | Connected, waiting for approval to become active. | No | Drop | Drop | No | No | No | PendingActiveRoleActivation is an intermediate state where we allow the SDN controller to block the DPU until the flow programming has been completed. | |
Contributor
There was a problem hiding this comment.
Why InitializingToActive can init flow sync but PendingActiveRoleActivation can't?
According to the state transition, we enter PendingActiveRoleActivation from InitializingToActive when standby is ready. So it seems to be an even more advanced/ready state?
Contributor
Author
There was a problem hiding this comment.
InitializingToActive can only initiate bulk sync. Initiating flow sync is only allowed in Active state.
Collaborator
|
/azp run |
|
No pipelines are associated with this pull request. |
Signed-off-by: BYGX-wcr <wcr@live.cn>
BYGX-wcr
force-pushed
the
NPU-driven-hamgrd
branch
from
61a83db to
9a9c81e
Compare
Collaborator
|
/azp run |
|
No pipelines are associated with this pull request. |
Signed-off-by: BYGX-wcr <wcr@live.cn>
Collaborator
|
/azp run |
|
No pipelines are associated with this pull request. |
Signed-off-by: BYGX-wcr <wcr@live.cn>
Collaborator
|
/azp run |
|
No pipelines are associated with this pull request. |
Signed-off-by: BYGX-wcr <wcr@live.cn>
Signed-off-by: BYGX-wcr <wcr@live.cn>
Collaborator
|
/azp run |
|
No pipelines are associated with this pull request. |
Signed-off-by: BYGX-wcr <wcr@live.cn>
Collaborator
|
/azp run |
|
No pipelines are associated with this pull request. |
Signed-off-by: BYGX-wcr <wcr@live.cn>
Collaborator
|
/azp run |
|
No pipelines are associated with this pull request. |
Signed-off-by: BYGX-wcr <wcr@live.cn>
Signed-off-by: BYGX-wcr <wcr@live.cn>
Collaborator
|
/azp run |
|
No pipelines are associated with this pull request. |
zjswhhh
approved these changes
Apr 14, 2026
r12f
approved these changes
Apr 17, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Update HA HLD with a new state transition graph.
Related Code PRs:
sonic-net/sonic-dash-ha#145
sonic-net/sonic-dash-ha#155
sonic-net/sonic-dash-ha#156
sonic-net/sonic-dash-ha#157
sonic-net/sonic-dash-ha#159
sonic-net/sonic-dash-ha#160