def _test_route_reflector_cluster(self, backend='bird'):
"""
Run a multi-host test using a cluster of route reflectors and node
specific peerings.
"""
with DockerHost('host1',
additional_docker_options=CLUSTER_STORE_DOCKER_OPTIONS,
start_calico=False) as host1, \
DockerHost('host2',
additional_docker_options=CLUSTER_STORE_DOCKER_OPTIONS,
start_calico=False) as host2, \
DockerHost('host3',
additional_docker_options=CLUSTER_STORE_DOCKER_OPTIONS,
start_calico=False) as host3, \
RouteReflectorCluster(2, 2) as rrc:
# Start both hosts using specific backends.
host1.start_calico_node("--backend=%s" % backend)
host2.start_calico_node("--backend=%s" % backend)
host3.start_calico_node("--backend=%s" % backend)
# Set the default AS number - as this is used by the RR mesh, and
# turn off the node-to-node mesh (do this from any host).
update_bgp_config(host1, asNum=64513, nodeMesh=False)
# Create a workload on each host in the same network.
network1 = host1.create_network("subnet1")
workload_host1 = host1.create_workload("workload1", network=network1)
workload_host2 = host2.create_workload("workload2", network=network1)
workload_host3 = host3.create_workload("workload3", network=network1)
# Allow network to converge (which it won't)
self.assert_false(workload_host1.check_can_ping(workload_host2.ip, retries=5))
self.assert_true(workload_host1.check_cant_ping(workload_host3.ip))
self.assert_true(workload_host2.check_cant_ping(workload_host3.ip))
# Set distributed peerings between the hosts, each host peering
# with a different set of redundant route reflectors.
for host in [host1, host2, host3]:
for rr in rrc.get_redundancy_group():
create_bgp_peer(host, "node", rr.ip, 64513, metadata={'name': host.name + rr.name})
# Allow network to converge (which it now will).
self.assert_true(workload_host1.check_can_ping(workload_host2.ip, retries=10))
self.assert_true(workload_host1.check_can_ping(workload_host3.ip, retries=10))
self.assert_true(workload_host2.check_can_ping(workload_host3.ip, retries=10))
# And check connectivity in both directions.
self.assert_ip_connectivity(workload_list=[workload_host1,
workload_host2,
workload_host3],
ip_pass_list=[workload_host1.ip,
workload_host2.ip,
workload_host3.ip])
def test_route_reflector_cluster_resilience(self):
"""
Runs a cluster of route reflectors, brings one node down, and ensures that traffic still flows
"""
with DockerHost('host1',
additional_docker_options=CLUSTER_STORE_DOCKER_OPTIONS,
start_calico=False) as host1, \
DockerHost('host2',
additional_docker_options=CLUSTER_STORE_DOCKER_OPTIONS,
start_calico=False) as host2, \
RouteReflectorCluster(2, 1) as rrc:
# Start both hosts using specific backends.
host1.start_calico_node("--backend=bird")
host2.start_calico_node("--backend=bird")
update_bgp_config(host1, asNum=64513, nodeMesh=False)
# Create a workload on each host in the same network.
network1 = host1.create_network("subnet1")
workload_host1 = host1.create_workload("workload1",
network=network1)
workload_host2 = host2.create_workload("workload2",
network=network1)
# Assert no network connectivity
self.assert_false(
workload_host1.check_can_ping(workload_host2.ip, retries=5))
# Peer the hosts with the route reflectors
for host in [host1, host2]:
for rr in rrc.get_redundancy_group():
create_bgp_peer(
host,
"node",
rr.ip,
64513,
metadata={'name': host.name + rr.name.lower()})
# Assert network connectivity
self.assert_true(
workload_host1.check_can_ping(workload_host2.ip, retries=10))
self.assert_ip_connectivity(
workload_list=[workload_host1, workload_host2],
ip_pass_list=[workload_host1.ip, workload_host2.ip])
# Bring down a node
rrc.redundancy_groups[0][0].cleanup()
# Assert that network is still connected
self.assert_true(
workload_host1.check_can_ping(workload_host2.ip, retries=10))
self.assert_ip_connectivity(
workload_list=[workload_host1, workload_host2],
ip_pass_list=[workload_host1.ip, workload_host2.ip])
def _test_single_route_reflector(self,
backend='bird',
bgpconfig_as_num=64514,
peer_as_num=64514):
"""
Run a multi-host test using a single route reflector and global
peering.
"""
with DockerHost('host1',
additional_docker_options=CLUSTER_STORE_DOCKER_OPTIONS,
start_calico=False) as host1, \
DockerHost('host2',
additional_docker_options=CLUSTER_STORE_DOCKER_OPTIONS,
start_calico=False) as host2, \
RouteReflectorCluster(1, 1) as rrc:
# Start both hosts using specific backends.
host1.start_calico_node("--backend=%s" % backend)
host2.start_calico_node("--backend=%s" % backend)
# Set the default AS number - as this is used by the RR mesh, and
# turn off the node-to-node mesh (do this from any host).
update_bgp_config(host1, nodeMesh=False, asNum=bgpconfig_as_num)
# Create a workload on each host in the same network.
network1 = host1.create_network("subnet1")
workload_host1 = host1.create_workload("workload1",
network=network1)
workload_host2 = host2.create_workload("workload2",
network=network1)
# Allow network to converge (which it won't)
self.assert_false(
workload_host1.check_can_ping(workload_host2.ip, retries=5))
# Set global config telling all calico nodes to peer with the
# route reflector. This can be run from either host.
rg = rrc.get_redundancy_group()
assert len(rg) == 1
create_bgp_peer(host1, "global", rg[0].ip, peer_as_num)
# Allow network to converge (which it now will).
retry_until_success(host1.assert_is_ready, retries=30, felix=False)
retry_until_success(host2.assert_is_ready, retries=30, felix=False)
check_bird_status(host1, [("global", rg[0].ip, "Established")])
check_bird_status(host2, [("global", rg[0].ip, "Established")])
self.assert_true(
workload_host1.check_can_ping(workload_host2.ip, retries=20))
# And check connectivity in both directions.
self.assert_ip_connectivity(
workload_list=[workload_host1, workload_host2],
ip_pass_list=[workload_host1.ip, workload_host2.ip])
def test_single_route_reflector(self):
"""
Run a multi-host test using a single route reflector and global
peering.
"""
with DockerHost('host1') as host1, \
DockerHost('host2') as host2, \
RouteReflectorCluster(1, 1) as rrc:
# Turn off the node-to-node mesh (do this from any host), and
# change the default AS Number (arbitrary choice).
host1.calicoctl("bgp default-node-as 64514")
host1.calicoctl("bgp node-mesh off")
# Create a profile to associate with both workloads
host1.calicoctl("profile add TEST_GROUP")
workload_host1 = host1.create_workload("workload1")
workload_host2 = host2.create_workload("workload2")
# Add containers to Calico
host1.calicoctl("container add %s %s" %
(workload_host1, DEFAULT_IPV4_ADDR_1))
host2.calicoctl("container add %s %s" %
(workload_host2, DEFAULT_IPV4_ADDR_2))
# Now add the profiles - one using set and one using append
host1.calicoctl("container %s profile set TEST_GROUP" %
workload_host1)
host2.calicoctl("container %s profile append TEST_GROUP" %
workload_host2)
# Allow network to converge (which it won't)
try:
workload_host1.assert_can_ping(DEFAULT_IPV4_ADDR_2, retries=5)
except AssertionError:
pass
else:
raise AssertionError("Hosts can ping each other")
# Set global config telling all calico nodes to peer with the
# route reflector. This can be run from either host.
rg = rrc.get_redundancy_group()
assert len(rg) == 1
host1.calicoctl("bgp peer add %s as 64514" % rg[0].ip)
# Allow network to converge (which it now will).
workload_host1.assert_can_ping(DEFAULT_IPV4_ADDR_2, retries=10)
# And check connectivity in both directions.
self.assert_ip_connectivity(
workload_list=[workload_host1, workload_host2],
ip_pass_list=[DEFAULT_IPV4_ADDR_1, DEFAULT_IPV4_ADDR_2])
def test_gce_rr(self, with_ipip):
"""As test_gce except with a route reflector instead of mesh config."""
with DockerHost('host1',
additional_docker_options=CLUSTER_STORE_DOCKER_OPTIONS,
simulate_gce_routing=True,
start_calico=False) as host1, \
DockerHost('host2',
additional_docker_options=CLUSTER_STORE_DOCKER_OPTIONS,
simulate_gce_routing=True,
start_calico=False) as host2, \
RouteReflectorCluster(1, 1) as rrc:
self._test_gce_int(with_ipip, 'bird', host1, host2, rrc)
def test_route_reflector_cluster(self):
"""
Run a multi-host test using a cluster of route reflectors and node
specific peerings.
"""
with DockerHost('host1') as host1, \
DockerHost('host2') as host2, \
DockerHost('host3') as host3, \
RouteReflectorCluster(2, 2) as rrc:
# Create the network on host1, but it should be usable from all
# hosts.
net = host1.create_network(str(uuid.uuid4()))
# Set the default AS number - as this is used by the RR mesh, and
# turn off the node-to-node mesh (do this from any host).
host1.calicoctl("bgp default-node-as 64513")
host1.calicoctl("bgp node-mesh off")
workload_host1 = host1.create_workload("workload1", network=net)
workload_host2 = host2.create_workload("workload2", network=net)
workload_host3 = host3.create_workload("workload3", network=net)
# Allow network to converge (which it won't)
try:
workload_host1.assert_can_ping(workload_host2.ip, retries=5)
except AssertionError:
pass
else:
raise AssertionError("Hosts can ping each other")
workload_host1.assert_cant_ping(workload_host3.ip)
workload_host2.assert_cant_ping(workload_host3.ip)
# Set distributed peerings between the hosts, each host peering
# with a different set of redundant route reflectors.
for host in [host1, host2, host3]:
for rr in rrc.get_redundancy_group():
host.calicoctl("node bgp peer add %s as 64513" % rr.ip)
# Allow network to converge (which it now will).
workload_host1.assert_can_ping(workload_host2.ip, retries=10)
workload_host1.assert_can_ping(workload_host3.ip, retries=10)
workload_host2.assert_can_ping(workload_host3.ip, retries=10)
# And check connectivity in both directions.
self.assert_connectivity(pass_list=[workload_host1,
workload_host2,
workload_host3])
def test_single_route_reflector(self):
"""
Run a multi-host test using a single route reflector and global
peering.
"""
with DockerHost('host1',
additional_docker_options=ADDITIONAL_DOCKER_OPTIONS) as host1, \
DockerHost('host2',
additional_docker_options=ADDITIONAL_DOCKER_OPTIONS) as host2, \
RouteReflectorCluster(1, 1) as rrc:
# Set the default AS number - as this is used by the RR mesh, and
# turn off the node-to-node mesh (do this from any host).
host1.calicoctl("config set asNumber 64514")
host1.calicoctl("config set nodeToNodeMesh off")
# Create a workload on each host in the same network.
network1 = host1.create_network("subnet1")
workload_host1 = host1.create_workload("workload1",
network=network1)
workload_host2 = host2.create_workload("workload2",
network=network1)
# Allow network to converge (which it won't)
self.assert_false(
workload_host1.check_can_ping(workload_host2.ip, retries=5))
# Set global config telling all calico nodes to peer with the
# route reflector. This can be run from either host.
rg = rrc.get_redundancy_group()
assert len(rg) == 1
create_bgp_peer(host1, "global", rg[0].ip, 64514)
# Allow network to converge (which it now will).
self.assert_true(
workload_host1.check_can_ping(workload_host2.ip, retries=10))
# And check connectivity in both directions.
self.assert_ip_connectivity(
workload_list=[workload_host1, workload_host2],
ip_pass_list=[workload_host1.ip, workload_host2.ip])
def test_single_route_reflector(self):
"""
Run a multi-host test using a single route reflector and global
peering.
"""
with DockerHost('host1') as host1, \
DockerHost('host2') as host2, \
RouteReflectorCluster(1, 1) as rrc:
# Create the network on host1, but it should be usable from all
# hosts.
net = host1.create_network(str(uuid.uuid4()))
# Turn off the node-to-node mesh (do this from any host), and
# change the default AS Number (arbitrary choice).
host1.calicoctl("bgp default-node-as 64514")
host1.calicoctl("bgp node-mesh off")
workload_host1 = host1.create_workload("workload1", network=net)
workload_host2 = host2.create_workload("workload2", network=net)
# Allow network to converge (which it won't)
try:
workload_host1.assert_can_ping(workload_host2.ip, retries=5)
except AssertionError:
pass
else:
raise AssertionError("Hosts can ping each other")
# Set global config telling all calico nodes to peer with the
# route reflector. This can be run from either host.
rg = rrc.get_redundancy_group()
assert len(rg) == 1
host1.calicoctl("bgp peer add %s as 64514" % rg[0].ip)
# Allow network to converge (which it now will).
workload_host1.assert_can_ping(workload_host2.ip, retries=10)
# And check connectivity in both directions.
self.assert_connectivity(
pass_list=[workload_host1, workload_host2])
def test_route_reflector_cluster(self):
"""
Run a multi-host test using a cluster of route reflectors and node
specific peerings.
"""
with DockerHost('host1') as host1, \
DockerHost('host2') as host2, \
DockerHost('host3') as host3, \
RouteReflectorCluster(2, 2) as rrc:
# Set the default AS number - as this is used by the RR mesh, and
# turn off the node-to-node mesh (do this from any host).
host1.calicoctl("bgp default-node-as 64513")
host1.calicoctl("bgp node-mesh off")
# Create a profile to associate with all workloads
host1.calicoctl("profile add TEST_GROUP")
workload_host1 = host1.create_workload("workload1")
workload_host2 = host2.create_workload("workload2")
workload_host3 = host3.create_workload("workload3")
# Add containers to Calico
host1.calicoctl("container add %s %s" % (workload_host1,
DEFAULT_IPV4_ADDR_1))
host2.calicoctl("container add %s %s" % (workload_host2,
DEFAULT_IPV4_ADDR_2))
host3.calicoctl("container add %s %s" % (workload_host3,
DEFAULT_IPV4_ADDR_3))
# Now add the profiles
host1.calicoctl("container %s profile set TEST_GROUP" % workload_host1)
host2.calicoctl("container %s profile append TEST_GROUP" % workload_host2)
host3.calicoctl("container %s profile append TEST_GROUP" % workload_host3)
# Allow network to converge (which it won't)
try:
workload_host1.assert_can_ping(DEFAULT_IPV4_ADDR_2, retries=5)
except AssertionError:
pass
else:
raise AssertionError("Hosts can ping each other")
workload_host1.assert_cant_ping(DEFAULT_IPV4_ADDR_3)
workload_host2.assert_cant_ping(DEFAULT_IPV4_ADDR_3)
# Set distributed peerings between the hosts, each host peering
# with a different set of redundant route reflectors.
for host in [host1, host2, host3]:
for rr in rrc.get_redundancy_group():
host.calicoctl("node bgp peer add %s as 64513" % rr.ip)
# Allow network to converge (which it now will).
workload_host1.assert_can_ping(DEFAULT_IPV4_ADDR_2, retries=10)
workload_host1.assert_can_ping(DEFAULT_IPV4_ADDR_3, retries=10)
workload_host2.assert_can_ping(DEFAULT_IPV4_ADDR_3, retries=10)
# And check connectivity in both directions.
self.assert_ip_connectivity(workload_list=[workload_host1,
workload_host2,
workload_host3],
ip_pass_list=[DEFAULT_IPV4_ADDR_1,
DEFAULT_IPV4_ADDR_2,
DEFAULT_IPV4_ADDR_3])