def test_ip6_rx_p2p_subif_route(self):
"""route rx ip6 packet not matching p2p subinterface"""
self.logger.info("FFP_TEST_START_0003")
self.pg0.config_ip6()
route_3 = VppIpRoute(self, "9000::", 64,
[VppRoutePath(self.pg1._remote_hosts[0].ip6,
self.pg1.sw_if_index,
proto=DpoProto.DPO_PROTO_IP6)],
is_ip6=1)
route_3.add_vpp_config()
self.packets.append(
self.create_stream(src_mac="02:03:00:00:ff:ff",
dst_mac=self.pg0.local_mac,
src_ip="a000::100",
dst_ip="9000::100"))
self.send_packets(self.pg0, self.pg1)
self.pg0.unconfig_ip6()
route_3.remove_vpp_config()
self.logger.info("FFP_TEST_FINISH_0003")
def setup_tunnel(self):
# IPv6 transport
rv = self.vapi.ipip_add_tunnel(
src_address=self.pg0.local_ip6n,
dst_address=self.pg1.remote_ip6n, tc_tos=255)
sw_if_index = rv.sw_if_index
self.tunnel_if_index = sw_if_index
self.vapi.sw_interface_set_flags(sw_if_index, 1)
self.vapi.sw_interface_set_unnumbered(
sw_if_index=self.pg0.sw_if_index,
unnumbered_sw_if_index=sw_if_index)
# Add IPv4 and IPv6 routes via tunnel interface
ip4_via_tunnel = VppIpRoute(
self, "130.67.0.0", 16,
[VppRoutePath("0.0.0.0",
sw_if_index,
proto=DpoProto.DPO_PROTO_IP4)], is_ip6=0)
ip4_via_tunnel.add_vpp_config()
ip6_via_tunnel = VppIpRoute(
self, "dead::", 16,
[VppRoutePath("::",
sw_if_index,
proto=DpoProto.DPO_PROTO_IP6)], is_ip6=1)
ip6_via_tunnel.add_vpp_config()
self.tunnel_ip6_via_tunnel = ip6_via_tunnel
self.tunnel_ip4_via_tunnel = ip4_via_tunnel
def test_tcp_transfer(self):
""" TCP echo client/server transfer """
# Add inter-table routes
ip_t01 = VppIpRoute(self, self.loop1.local_ip4, 32,
[VppRoutePath("0.0.0.0",
0xffffffff,
nh_table_id=1)])
ip_t10 = VppIpRoute(self, self.loop0.local_ip4, 32,
[VppRoutePath("0.0.0.0",
0xffffffff,
nh_table_id=0)], table_id=1)
ip_t01.add_vpp_config()
ip_t10.add_vpp_config()
# Start builtin server and client
uri = "tcp://" + self.loop0.local_ip4 + "/1234"
error = self.vapi.cli("test echo server appns 0 fifo-size 4 uri " +
uri)
if error:
self.logger.critical(error)
self.assertNotIn("failed", error)
error = self.vapi.cli("test echo client mbytes 10 appns 1 " +
"fifo-size 4 no-output test-bytes " +
"syn-timeout 2 uri " + uri)
if error:
self.logger.critical(error)
self.assertNotIn("failed", error)
# Delete inter-table routes
ip_t01.remove_vpp_config()
ip_t10.remove_vpp_config()
def test_quic_transfer(self):
""" QUIC echo client/server transfer """
# Add inter-table routes
ip_t01 = VppIpRoute(self, self.loop1.local_ip4, 32,
[VppRoutePath("0.0.0.0",
0xffffffff,
nh_table_id=2)], table_id=1)
ip_t10 = VppIpRoute(self, self.loop0.local_ip4, 32,
[VppRoutePath("0.0.0.0",
0xffffffff,
nh_table_id=1)], table_id=2)
ip_t01.add_vpp_config()
ip_t10.add_vpp_config()
self.logger.debug(self.vapi.cli("show ip fib"))
# Start builtin server and client
uri = "quic://%s/1234" % self.loop0.local_ip4
error = self.vapi.cli("test echo server appns 1 fifo-size 4 uri %s" %
uri)
if error:
self.logger.critical(error)
self.assertNotIn("failed", error)
error = self.vapi.cli("test echo client bytes 1024 appns 2 " +
"fifo-size 4 test-bytes no-output " +
"uri %s" % uri)
self.logger.critical(error)
if error:
self.logger.critical(error)
self.assertNotIn("failed", error)
# Delete inter-table routes
ip_t01.remove_vpp_config()
ip_t10.remove_vpp_config()
def thru_host_stack_setup(self):
self.vapi.session_enable_disable(is_enabled=1)
self.create_loopback_interfaces(2)
table_id = 1
for i in self.lo_interfaces:
i.admin_up()
if table_id != 0:
tbl = VppIpTable(self, table_id)
tbl.add_vpp_config()
i.set_table_ip4(table_id)
i.config_ip4()
table_id += 1
# Configure namespaces
self.vapi.app_namespace_add_del(namespace_id=b"1", secret=1234,
sw_if_index=self.loop0.sw_if_index)
self.vapi.app_namespace_add_del(namespace_id=b"2", secret=5678,
sw_if_index=self.loop1.sw_if_index)
# Add inter-table routes
ip_t01 = VppIpRoute(self, self.loop1.local_ip4, 32,
[VppRoutePath("0.0.0.0",
0xffffffff,
nh_table_id=2)], table_id=1)
ip_t10 = VppIpRoute(self, self.loop0.local_ip4, 32,
[VppRoutePath("0.0.0.0",
0xffffffff,
nh_table_id=1)], table_id=2)
ip_t01.add_vpp_config()
ip_t10.add_vpp_config()
self.logger.debug(self.vapi.cli("show ip fib"))
def test_PPPoE_Del_Twice(self):
""" PPPoE Delete Same Session Twice Test """
self.vapi.cli("clear trace")
#
# Add a route that resolves the server's destination
#
route_sever_dst = VppIpRoute(self, "100.1.1.100", 32,
[VppRoutePath(self.pg1.remote_ip4,
self.pg1.sw_if_index)])
route_sever_dst.add_vpp_config()
# Send PPPoE Discovery
tx0 = self.create_stream_pppoe_discovery(self.pg0, self.pg1,
self.pg0.remote_mac)
self.pg0.add_stream(tx0)
self.pg_start()
# Send PPPoE PPP LCP
tx1 = self.create_stream_pppoe_lcp(self.pg0, self.pg1,
self.pg0.remote_mac,
self.session_id)
self.pg0.add_stream(tx1)
self.pg_start()
# Create PPPoE session
pppoe_if = VppPppoeInterface(self,
self.pg0.remote_ip4,
self.pg0.remote_mac,
self.session_id)
pppoe_if.add_vpp_config()
# Delete PPPoE session
pppoe_if.remove_vpp_config()
#
# The double del (del the same session twice) should fail,
# and we should still be able to use the original
#
try:
pppoe_if.remove_vpp_config()
except Exception:
pass
else:
self.fail("Double GRE tunnel del does not fail")
#
# test case cleanup
#
# Delete a route that resolves the server's destination
route_sever_dst.remove_vpp_config()
def test_6rd_bgp_tunnel(self):
""" 6rd BGP tunnel """
rv = self.vapi.ipip_6rd_add_tunnel(0, 0, inet_pton(AF_INET6, '2002::'),
inet_pton(AF_INET, '0.0.0.0'),
self.pg0.local_ip4n, 16, 0, False)
self.tunnel_index = rv.sw_if_index
default_route = VppIpRoute(
self, "DEAD::", 16, [VppRoutePath("2002:0808:0808::",
self.tunnel_index,
proto=DpoProto.DPO_PROTO_IP6)],
is_ip6=1)
default_route.add_vpp_config()
ip4_route = VppIpRoute(self, "8.0.0.0", 8,
[VppRoutePath(self.pg1.remote_ip4, 0xFFFFFFFF)])
ip4_route.add_vpp_config()
# Via recursive route 6 -> 4
p = (Ether(src=self.pg0.remote_mac,
dst=self.pg0.local_mac) /
IPv6(src="1::1", dst="DEAD:BEEF::1") /
UDP(sport=1234, dport=1234))
p_reply = (IP(src=self.pg0.local_ip4, dst="8.8.8.8",
proto='ipv6') /
IPv6(src='1::1', dst='DEAD:BEEF::1', nh='UDP'))
rx = self.send_and_expect(self.pg0, p * 10, self.pg1)
for p in rx:
self.validate_6in4(p, p_reply)
# Via recursive route 4 -> 6 (Security check must be disabled)
p_ip6 = (IPv6(src="DEAD:BEEF::1", dst=self.pg1.remote_ip6) /
UDP(sport=1234, dport=1234))
p = (Ether(src=self.pg0.remote_mac,
dst=self.pg0.local_mac) /
IP(src="8.8.8.8", dst=self.pg0.local_ip4) /
p_ip6)
p_reply = p_ip6
rx = self.send_and_expect(self.pg0, p * 10, self.pg1)
for p in rx:
self.validate_4in6(p, p_reply)
ip4_route.remove_vpp_config()
default_route.remove_vpp_config()
self.vapi.ipip_6rd_del_tunnel(self.tunnel_index)
def test_no_p2p_subif(self):
"""standard routing without p2p subinterfaces"""
self.logger.info("FFP_TEST_START_0001")
route_8000 = VppIpRoute(self, "8000::", 64,
[VppRoutePath(self.pg0.remote_ip6,
self.pg0.sw_if_index,
proto=DpoProto.DPO_PROTO_IP6)],
is_ip6=1)
route_8000.add_vpp_config()
self.packets = [(Ether(dst=self.pg1.local_mac,
src=self.pg1.remote_mac) /
IPv6(src="3001::1", dst="8000::100") /
UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))]
self.send_packets(self.pg1, self.pg0)
self.logger.info("FFP_TEST_FINISH_0001")
def test_ip6_rx_p2p_subif_drop(self):
"""drop rx packet not matching p2p subinterface"""
self.logger.info("FFP_TEST_START_0004")
route_9001 = VppIpRoute(self, "9000::", 64,
[VppRoutePath(self.pg1._remote_hosts[0].ip6,
self.pg1.sw_if_index,
proto=DpoProto.DPO_PROTO_IP6)],
is_ip6=1)
route_9001.add_vpp_config()
self.packets.append(
self.create_stream(src_mac="02:03:00:00:ff:ff",
dst_mac=self.pg0.local_mac,
src_ip="a000::100",
dst_ip="9000::100"))
# no packet received
self.send_packets(self.pg0, self.pg1, count=0)
self.logger.info("FFP_TEST_FINISH_0004")
def test_ip4_rx_p2p_subif_route(self):
"""route rx packet not matching p2p subinterface"""
self.logger.info("FFP_TEST_START_0003")
route_9001 = VppIpRoute(self, "9.0.0.0", 24,
[VppRoutePath(self.pg1.remote_ip4,
self.pg1.sw_if_index)])
route_9001.add_vpp_config()
self.packets.append(
self.create_stream(src_mac="02:01:00:00:ff:ff",
dst_mac=self.pg0.local_mac,
src_ip="8.0.0.100",
dst_ip="9.0.0.100"))
self.send_packets(self.pg0, self.pg1)
route_9001.remove_vpp_config()
self.logger.info("FFP_TEST_FINISH_0003")
def test_ip4_rx_p2p_subif(self):
"""receive ipv4 packet via p2p subinterface"""
self.logger.info("FFP_TEST_START_0002")
route_9000 = VppIpRoute(self, "9.0.0.0", 16,
[VppRoutePath(self.pg1.remote_ip4,
self.pg1.sw_if_index)])
route_9000.add_vpp_config()
self.packets.append(
self.create_stream(src_mac=self.pg0._remote_hosts[0].mac,
dst_mac=self.pg0.local_mac,
src_ip=self.p2p_sub_ifs[0].remote_ip4,
dst_ip="9.0.0.100"))
self.send_packets(self.pg0, self.pg1, self.packets)
self.assert_packet_counter_equal('p2p-ethernet-input', 1)
route_9000.remove_vpp_config()
self.logger.info("FFP_TEST_FINISH_0002")
def test_gre_loop(self):
""" GRE tunnel loop Tests """
#
# Create an L3 GRE tunnel.
# - set it admin up
# - assign an IP Addres
#
gre_if = VppGreInterface(self,
self.pg0.local_ip4,
"1.1.1.2")
gre_if.add_vpp_config()
gre_if.admin_up()
gre_if.config_ip4()
#
# add a route to the tunnel's destination that points
# through the tunnel, hence forming a loop in the forwarding
# graph
#
route_dst = VppIpRoute(self, "1.1.1.2", 32,
[VppRoutePath("0.0.0.0",
gre_if.sw_if_index)])
route_dst.add_vpp_config()
#
# packets to the tunnels destination should be dropped
#
tx = self.create_stream_ip4(self.pg0, "1.1.1.1", "1.1.1.2")
self.send_and_assert_no_replies(self.pg2, tx)
self.logger.info(self.vapi.ppcli("sh adj 7"))
#
# break the loop
#
route_dst.modify([VppRoutePath(self.pg1.remote_ip4,
self.pg1.sw_if_index)])
route_dst.add_vpp_config()
rx = self.send_and_expect(self.pg0, tx, self.pg1)
#
# a good route throught the tunnel to check it restacked
#
route_via_tun_2 = VppIpRoute(self, "2.2.2.2", 32,
[VppRoutePath("0.0.0.0",
gre_if.sw_if_index)])
route_via_tun_2.add_vpp_config()
tx = self.create_stream_ip4(self.pg0, "2.2.2.3", "2.2.2.2")
rx = self.send_and_expect(self.pg0, tx, self.pg1)
self.verify_tunneled_4o4(self.pg1, rx, tx,
self.pg0.local_ip4, "1.1.1.2")
#
# cleanup
#
route_via_tun_2.remove_vpp_config()
gre_if.remove_vpp_config()
def test_ip4_tx_p2p_subif(self):
"""send ip4 packet via p2p subinterface"""
self.logger.info("FFP_TEST_START_0005")
route_9100 = VppIpRoute(self, "9.1.0.100", 24,
[VppRoutePath(self.pg0.remote_ip4,
self.pg0.sw_if_index,
)])
route_9100.add_vpp_config()
route_9200 = VppIpRoute(self, "9.2.0.100", 24,
[VppRoutePath(self.p2p_sub_ifs[0].remote_ip4,
self.p2p_sub_ifs[0].sw_if_index,
)])
route_9200.add_vpp_config()
route_9300 = VppIpRoute(self, "9.3.0.100", 24,
[VppRoutePath(self.p2p_sub_ifs[1].remote_ip4,
self.p2p_sub_ifs[1].sw_if_index
)])
route_9300.add_vpp_config()
for i in range(0, 3):
self.packets.append(
self.create_stream(src_mac=self.pg1.remote_mac,
dst_mac=self.pg1.local_mac,
src_ip=self.pg1.remote_ip4,
dst_ip="9.%d.0.100" % (i+1)))
self.send_packets(self.pg1, self.pg0)
# route_7000.remove_vpp_config()
route_9100.remove_vpp_config()
route_9200.remove_vpp_config()
route_9300.remove_vpp_config()
self.logger.info("FFP_TEST_FINISH_0005")
def test_ip6_rx_p2p_subif(self):
"""receive ipv6 packet via p2p subinterface"""
self.logger.info("FFP_TEST_START_0002")
route_9001 = VppIpRoute(self, "9001::", 64,
[VppRoutePath(self.pg1.remote_ip6,
self.pg1.sw_if_index,
proto=DpoProto.DPO_PROTO_IP6)],
is_ip6=1)
route_9001.add_vpp_config()
self.packets.append(
self.create_stream(src_mac=self.pg0._remote_hosts[0].mac,
dst_mac=self.pg0.local_mac,
src_ip=self.p2p_sub_ifs[0].remote_ip6,
dst_ip="9001::100"))
self.send_packets(self.pg0, self.pg1, self.packets)
self.assert_packet_counter_equal('p2p-ethernet-input', 1)
route_9001.remove_vpp_config()
self.logger.info("FFP_TEST_FINISH_0002")
def config_network(self, params):
self.net_objs = []
self.tun_if = self.pg0
self.tra_if = self.pg2
self.logger.info(self.vapi.ppcli("show int addr"))
self.tra_spd = VppIpsecSpd(self, self.tra_spd_id)
self.tra_spd.add_vpp_config()
self.net_objs.append(self.tra_spd)
self.tun_spd = VppIpsecSpd(self, self.tun_spd_id)
self.tun_spd.add_vpp_config()
self.net_objs.append(self.tun_spd)
b = VppIpsecSpdItfBinding(self, self.tra_spd,
self.tra_if)
b.add_vpp_config()
self.net_objs.append(b)
b = VppIpsecSpdItfBinding(self, self.tun_spd,
self.tun_if)
b.add_vpp_config()
self.net_objs.append(b)
for p in params:
self.config_ah_tra(p)
config_tra_params(p, self.encryption_type)
for p in params:
self.config_ah_tun(p)
for p in params:
d = DpoProto.DPO_PROTO_IP6 if p.is_ipv6 else DpoProto.DPO_PROTO_IP4
r = VppIpRoute(self, p.remote_tun_if_host, p.addr_len,
[VppRoutePath(self.tun_if.remote_addr[p.addr_type],
0xffffffff,
proto=d)],
is_ip6=p.is_ipv6)
r.add_vpp_config()
self.net_objs.append(r)
self.logger.info(self.vapi.ppcli("show ipsec all"))
def config_network(self, params):
self.net_objs = []
self.tun_if = self.pg0
self.tra_if = self.pg2
self.logger.info(self.vapi.ppcli("show int addr"))
self.tra_spd = VppIpsecSpd(self, self.tra_spd_id)
self.tra_spd.add_vpp_config()
self.net_objs.append(self.tra_spd)
self.tun_spd = VppIpsecSpd(self, self.tun_spd_id)
self.tun_spd.add_vpp_config()
self.net_objs.append(self.tun_spd)
b = VppIpsecSpdItfBinding(self, self.tun_spd, self.tun_if)
b.add_vpp_config()
self.net_objs.append(b)
b = VppIpsecSpdItfBinding(self, self.tra_spd, self.tra_if)
b.add_vpp_config()
self.net_objs.append(b)
for p in params:
self.config_esp_tra(p)
config_tra_params(p, self.encryption_type)
for p in params:
self.config_esp_tun(p)
config_tun_params(p, self.encryption_type, self.tun_if)
for p in params:
d = DpoProto.DPO_PROTO_IP6 if p.is_ipv6 else DpoProto.DPO_PROTO_IP4
r = VppIpRoute(self, p.remote_tun_if_host, p.addr_len, [
VppRoutePath(
self.tun_if.remote_addr[p.addr_type], 0xffffffff, proto=d)
])
r.add_vpp_config()
self.net_objs.append(r)
self.logger.info(self.vapi.ppcli("show ipsec all"))
def test_tcp_transfer(self):
"""TCP echo client/server transfer"""
# Add inter-table routes
ip_t01 = VppIpRoute(
self,
self.loop1.local_ip4,
32,
[VppRoutePath("0.0.0.0", 0xFFFFFFFF, nh_table_id=1)],
)
ip_t10 = VppIpRoute(
self,
self.loop0.local_ip4,
32,
[VppRoutePath("0.0.0.0", 0xFFFFFFFF, nh_table_id=0)],
table_id=1,
)
ip_t01.add_vpp_config()
ip_t10.add_vpp_config()
# Start builtin server and client
uri = "tcp://" + self.loop0.local_ip4 + "/1234"
error = self.vapi.cli("test echo server appns 0 fifo-size 4 uri " +
uri)
if error:
self.logger.critical(error)
self.assertNotIn("failed", error)
error = self.vapi.cli("test echo client mbytes 10 appns 1 " +
"fifo-size 4 no-output test-bytes " +
"syn-timeout 2 uri " + uri)
if error:
self.logger.critical(error)
self.assertNotIn("failed", error)
# Delete inter-table routes
ip_t01.remove_vpp_config()
ip_t10.remove_vpp_config()
def test_ip6_rx_p2p_subif_drop(self):
"""drop rx packet not matching p2p subinterface"""
self.logger.info("FFP_TEST_START_0004")
route_9001 = VppIpRoute(self,
"9000::",
64, [
VppRoutePath(self.pg1._remote_hosts[0].ip6,
self.pg1.sw_if_index,
proto=DpoProto.DPO_PROTO_IP6)
],
is_ip6=1)
route_9001.add_vpp_config()
self.packets.append(
self.create_stream(src_mac="02:03:00:00:ff:ff",
dst_mac=self.pg0.local_mac,
src_ip="a000::100",
dst_ip="9000::100"))
# no packet received
self.send_packets(self.pg0, self.pg1, count=0)
self.logger.info("FFP_TEST_FINISH_0004")
def create_vxlan_flood_test_bd(cls, vni, n_ucast_tunnels, port):
# Create 10 ucast vxlan tunnels under bd
ip_range_start = 10
ip_range_end = ip_range_start + n_ucast_tunnels
next_hop_address = cls.pg0.remote_ip4
for dest_ip4 in ip4_range(next_hop_address, ip_range_start,
ip_range_end):
# add host route so dest_ip4 will not be resolved
rip = VppIpRoute(cls,
dest_ip4,
32,
[VppRoutePath(next_hop_address, INVALID_INDEX)],
register=False)
rip.add_vpp_config()
r = VppVxlanTunnel(cls,
src=cls.pg0.local_ip4,
src_port=port,
dst_port=port,
dst=dest_ip4,
vni=vni)
r.add_vpp_config()
cls.vapi.sw_interface_set_l2_bridge(r.sw_if_index, bd_id=vni)
def create_ip_routes(self, dst_ip_net, dst_prefix_len, is_ipv6=0):
"""
Create IP routes for defined destination IP network.
:param str dst_ip_net: Destination IP network.
:param int dst_prefix_len: IP address prefix length.
:param int is_ipv6: 0 if an ip4 route, else ip6
"""
paths = []
for pg_if in self.pg_interfaces[1:]:
for nh_host in pg_if.remote_hosts:
nh_host_ip = nh_host.ip4 if is_ipv6 == 0 else nh_host.ip6
paths.append(VppRoutePath(nh_host_ip,
pg_if.sw_if_index))
rip = VppIpRoute(self, dst_ip_net, dst_prefix_len, paths)
rip.add_vpp_config()
self.logger.info("Route via %s on %s created" %
(nh_host_ip, pg_if.name))
self.logger.debug(self.vapi.ppcli("show ip fib"))
self.logger.debug(self.vapi.ppcli("show ip6 fib"))
def thru_host_stack_ipv6_setup(self):
self.vapi.session_enable_disable(is_enabled=1)
self.create_loopback_interfaces(2)
table_id = 1
for i in self.lo_interfaces:
i.admin_up()
tbl = VppIpTable(self, table_id, is_ip6=1)
tbl.add_vpp_config()
i.set_table_ip6(table_id)
i.config_ip6()
table_id += 1
# Configure namespaces
self.vapi.app_namespace_add_del(namespace_id=b"1", secret=1234,
sw_if_index=self.loop0.sw_if_index)
self.vapi.app_namespace_add_del(namespace_id=b"2", secret=5678,
sw_if_index=self.loop1.sw_if_index)
# Add inter-table routes
ip_t01 = VppIpRoute(self, self.loop1.local_ip6, 128,
[VppRoutePath("::0", 0xffffffff,
nh_table_id=2,
proto=DpoProto.DPO_PROTO_IP6)],
table_id=1, is_ip6=1)
ip_t10 = VppIpRoute(self, self.loop0.local_ip6, 128,
[VppRoutePath("::0", 0xffffffff,
nh_table_id=1,
proto=DpoProto.DPO_PROTO_IP6)],
table_id=2, is_ip6=1)
ip_t01.add_vpp_config()
ip_t10.add_vpp_config()
self.logger.debug(self.vapi.cli("show interface addr"))
self.logger.debug(self.vapi.cli("show ip6 fib"))
def thru_host_stack_ipv6_setup(self):
self.vapi.session_enable_disable(is_enabled=1)
self.create_loopback_interfaces(2)
table_id = 1
for i in self.lo_interfaces:
i.admin_up()
tbl = VppIpTable(self, table_id, is_ip6=1)
tbl.add_vpp_config()
i.set_table_ip6(table_id)
i.config_ip6()
table_id += 1
# Configure namespaces
self.vapi.app_namespace_add_del(namespace_id=b"1", secret=1234,
sw_if_index=self.loop0.sw_if_index)
self.vapi.app_namespace_add_del(namespace_id=b"2", secret=5678,
sw_if_index=self.loop1.sw_if_index)
# Add inter-table routes
ip_t01 = VppIpRoute(self, self.loop1.local_ip6, 128,
[VppRoutePath("::0", 0xffffffff,
nh_table_id=2,
proto=DpoProto.DPO_PROTO_IP6)],
table_id=1, is_ip6=1)
ip_t10 = VppIpRoute(self, self.loop0.local_ip6, 128,
[VppRoutePath("::0", 0xffffffff,
nh_table_id=1,
proto=DpoProto.DPO_PROTO_IP6)],
table_id=2, is_ip6=1)
ip_t01.add_vpp_config()
ip_t10.add_vpp_config()
self.logger.debug(self.vapi.cli("show interface addr"))
self.logger.debug(self.vapi.cli("show ip6 fib"))
def test_quic_transfer(self):
""" QUIC echo client/server transfer """
# Add inter-table routes
ip_t01 = VppIpRoute(
self,
self.loop1.local_ip4,
32, [VppRoutePath("0.0.0.0", 0xffffffff, nh_table_id=2)],
table_id=1)
ip_t10 = VppIpRoute(
self,
self.loop0.local_ip4,
32, [VppRoutePath("0.0.0.0", 0xffffffff, nh_table_id=1)],
table_id=2)
ip_t01.add_vpp_config()
ip_t10.add_vpp_config()
self.logger.debug(self.vapi.cli("show ip fib"))
# Start builtin server and client
uri = "quic://%s/1234" % self.loop0.local_ip4
error = self.vapi.cli("test echo server appns 1 fifo-size 4 uri %s" %
uri)
if error:
self.logger.critical(error)
self.assertNotIn("failed", error)
error = self.vapi.cli("test echo client bytes 1024 appns 2 " +
"fifo-size 4 test-bytes no-output " +
"uri %s" % uri)
self.logger.critical(error)
if error:
self.logger.critical(error)
self.assertNotIn("failed", error)
# Delete inter-table routes
ip_t01.remove_vpp_config()
ip_t10.remove_vpp_config()
def test_segment_manager_alloc(self):
""" Session Segment Manager Multiple Segment Allocation """
# Add inter-table routes
ip_t01 = VppIpRoute(self, self.loop1.local_ip4, 32,
[VppRoutePath("0.0.0.0",
0xffffffff,
nh_table_id=1)])
ip_t10 = VppIpRoute(self, self.loop0.local_ip4, 32,
[VppRoutePath("0.0.0.0",
0xffffffff,
nh_table_id=0)], table_id=1)
ip_t01.add_vpp_config()
ip_t10.add_vpp_config()
# Start builtin server and client with small private segments
uri = "tcp://" + self.loop0.local_ip4 + "/1234"
error = self.vapi.cli("test echo server appns 0 fifo-size 64 " +
"private-segment-size 1m uri " + uri)
if error:
self.logger.critical(error)
self.assertNotIn("failed", error)
error = self.vapi.cli("test echo client nclients 100 appns 1 " +
"no-output fifo-size 64 syn-timeout 2 " +
"private-segment-size 1m uri " + uri)
if error:
self.logger.critical(error)
self.assertNotIn("failed", error)
if self.vpp_dead:
self.assert_equal(0)
# Delete inter-table routes
ip_t01.remove_vpp_config()
ip_t10.remove_vpp_config()
def create_vxlan_flood_test_bd(cls, vni, n_ucast_tunnels, port):
# Create 10 ucast vxlan tunnels under bd
start = 10
end = start + n_ucast_tunnels
for dest_ip6 in cls.ip_range(start, end):
# add host route so dest ip will not be resolved
rip = VppIpRoute(
cls,
dest_ip6,
128,
[VppRoutePath(cls.pg0.remote_ip6, INVALID_INDEX)],
register=False,
)
rip.add_vpp_config()
r = VppVxlanTunnel(
cls,
src=cls.pg0.local_ip6,
src_port=port,
dst_port=port,
dst=dest_ip6,
vni=vni,
)
r.add_vpp_config()
cls.vapi.sw_interface_set_l2_bridge(r.sw_if_index, bd_id=vni)
def test_ip6_rx_p2p_subif_route(self):
"""route rx ip6 packet not matching p2p subinterface"""
self.logger.info("FFP_TEST_START_0003")
self.pg0.config_ip6()
route_3 = VppIpRoute(self, "9000::", 64, [
VppRoutePath(self.pg1._remote_hosts[0].ip6, self.pg1.sw_if_index)
])
route_3.add_vpp_config()
self.packets.append(
self.create_stream(src_mac="02:03:00:00:ff:ff",
dst_mac=self.pg0.local_mac,
src_ip="a000::100",
dst_ip="9000::100"))
self.send_packets(self.pg0, self.pg1)
self.pg0.unconfig_ip6()
route_3.remove_vpp_config()
self.logger.info("FFP_TEST_FINISH_0003")
def test_tunnel(self):
""" MPLS Tunnel Tests """
#
# Create a tunnel with a single out label
#
nh_addr = socket.inet_pton(socket.AF_INET, self.pg0.remote_ip4)
reply = self.vapi.mpls_tunnel_add_del(
0xffffffff, # don't know the if index yet
1, # IPv4 next-hop
nh_addr,
self.pg0.sw_if_index,
0, # next-hop-table-id
1, # next-hop-weight
2, # num-out-labels,
[44, 46])
self.vapi.sw_interface_set_flags(reply.sw_if_index, admin_up_down=1)
#
# add an unlabelled route through the new tunnel
#
route_10_0_0_3 = VppIpRoute(self, "10.0.0.3", 32,
[VppRoutePath("0.0.0.0",
reply.sw_if_index)])
route_10_0_0_3.add_vpp_config()
self.vapi.cli("clear trace")
tx = self.create_stream_ip4(self.pg0, "10.0.0.3")
self.pg0.add_stream(tx)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx = self.pg0.get_capture()
self.verify_capture_tunneled_ip4(self.pg0, rx, tx, [44, 46])
def test_segment_manager_alloc(self):
""" Session Segment Manager Multiple Segment Allocation """
# Add inter-table routes
ip_t01 = VppIpRoute(
self, self.loop1.local_ip4, 32,
[VppRoutePath("0.0.0.0", 0xffffffff, nh_table_id=1)])
ip_t10 = VppIpRoute(
self,
self.loop0.local_ip4,
32, [VppRoutePath("0.0.0.0", 0xffffffff, nh_table_id=0)],
table_id=1)
ip_t01.add_vpp_config()
ip_t10.add_vpp_config()
# Start builtin server and client with small private segments
uri = "tcp://" + self.loop0.local_ip4 + "/1234"
error = self.vapi.cli("test echo server appns 0 fifo-size 64 " +
"private-segment-size 1m uri " + uri)
if error:
self.logger.critical(error)
self.assertNotIn("failed", error)
error = self.vapi.cli("test echo client nclients 100 appns 1 " +
"no-output fifo-size 64 syn-timeout 2 " +
"private-segment-size 1m uri " + uri)
if error:
self.logger.critical(error)
self.assertNotIn("failed", error)
if self.vpp_dead:
self.assert_equal(0)
# Delete inter-table routes
ip_t01.remove_vpp_config()
ip_t10.remove_vpp_config()
def test_gre_loop(self):
""" GRE tunnel loop Tests """
#
# Create an L3 GRE tunnel.
# - set it admin up
# - assign an IP Addres
#
gre_if = VppGreInterface(self, self.pg0.local_ip4, "1.1.1.2")
gre_if.add_vpp_config()
gre_if.admin_up()
gre_if.config_ip4()
#
# add a route to the tunnel's destination that points
# through the tunnel, hence forming a loop in the forwarding
# graph
#
route_dst = VppIpRoute(self, "1.1.1.2", 32,
[VppRoutePath("0.0.0.0", gre_if.sw_if_index)])
route_dst.add_vpp_config()
#
# packets to the tunnels destination should be dropped
#
tx = self.create_stream_ip4(self.pg0, "1.1.1.1", "1.1.1.2")
self.send_and_assert_no_replies(self.pg2, tx)
self.logger.info(self.vapi.ppcli("sh adj 7"))
#
# break the loop
#
route_dst.modify(
[VppRoutePath(self.pg1.remote_ip4, self.pg1.sw_if_index)])
route_dst.add_vpp_config()
rx = self.send_and_expect(self.pg0, tx, self.pg1)
#
# a good route throught the tunnel to check it restacked
#
route_via_tun_2 = VppIpRoute(
self, "2.2.2.2", 32, [VppRoutePath("0.0.0.0", gre_if.sw_if_index)])
route_via_tun_2.add_vpp_config()
tx = self.create_stream_ip4(self.pg0, "2.2.2.3", "2.2.2.2")
rx = self.send_and_expect(self.pg0, tx, self.pg1)
self.verify_tunneled_4o4(self.pg1, rx, tx, self.pg0.local_ip4,
"1.1.1.2")
#
# cleanup
#
route_via_tun_2.remove_vpp_config()
gre_if.remove_vpp_config()
def thru_host_stack_setup(self):
self.vapi.session_enable_disable(is_enabled=1)
self.create_loopback_interfaces(range(2))
table_id = 0
for i in self.lo_interfaces:
i.admin_up()
if table_id != 0:
tbl = VppIpTable(self, table_id)
tbl.add_vpp_config()
i.set_table_ip4(table_id)
i.config_ip4()
table_id += 1
# Configure namespaces
self.vapi.app_namespace_add(namespace_id="0",
secret=1234,
sw_if_index=self.loop0.sw_if_index)
self.vapi.app_namespace_add(namespace_id="1",
secret=5678,
sw_if_index=self.loop1.sw_if_index)
# Add inter-table routes
ip_t01 = VppIpRoute(
self, self.loop1.local_ip4, 32,
[VppRoutePath("0.0.0.0", 0xffffffff, nh_table_id=1)])
ip_t10 = VppIpRoute(
self,
self.loop0.local_ip4,
32, [VppRoutePath("0.0.0.0", 0xffffffff, nh_table_id=0)],
table_id=1)
ip_t01.add_vpp_config()
ip_t10.add_vpp_config()
def test_ip4_tx_p2p_subif(self):
"""send ip4 packet via p2p subinterface"""
self.logger.info("FFP_TEST_START_0005")
route_9100 = VppIpRoute(
self,
"9.1.0.100",
24,
[VppRoutePath(
self.pg0.remote_ip4,
self.pg0.sw_if_index,
)],
)
route_9100.add_vpp_config()
route_9200 = VppIpRoute(
self,
"9.2.0.100",
24,
[
VppRoutePath(
self.p2p_sub_ifs[0].remote_ip4,
self.p2p_sub_ifs[0].sw_if_index,
)
],
)
route_9200.add_vpp_config()
route_9300 = VppIpRoute(
self,
"9.3.0.100",
24,
[
VppRoutePath(self.p2p_sub_ifs[1].remote_ip4,
self.p2p_sub_ifs[1].sw_if_index)
],
)
route_9300.add_vpp_config()
for i in range(0, 3):
self.packets.append(
self.create_stream(
src_mac=self.pg1.remote_mac,
dst_mac=self.pg1.local_mac,
src_ip=self.pg1.remote_ip4,
dst_ip="9.%d.0.100" % (i + 1),
))
self.send_packets(self.pg1, self.pg0)
# route_7000.remove_vpp_config()
route_9100.remove_vpp_config()
route_9200.remove_vpp_config()
route_9300.remove_vpp_config()
self.logger.info("FFP_TEST_FINISH_0005")
def test_ip6_tx_p2p_subif(self):
"""send packet via p2p subinterface"""
self.logger.info("FFP_TEST_START_0005")
self.pg0.config_ip6()
route_8000 = VppIpRoute(
self,
"8000::",
64,
[VppRoutePath(self.pg0.remote_hosts[0].ip6, self.pg0.sw_if_index)],
)
route_8000.add_vpp_config()
route_8001 = VppIpRoute(
self,
"8001::",
64,
[
VppRoutePath(self.p2p_sub_ifs[0].remote_ip6,
self.p2p_sub_ifs[0].sw_if_index)
],
)
route_8001.add_vpp_config()
route_8002 = VppIpRoute(
self,
"8002::",
64,
[
VppRoutePath(self.p2p_sub_ifs[1].remote_ip6,
self.p2p_sub_ifs[1].sw_if_index)
],
)
route_8002.add_vpp_config()
for i in range(0, 3):
self.packets.append(
self.create_stream(
src_mac=self.pg1.remote_mac,
dst_mac=self.pg1.local_mac,
src_ip=self.pg1.remote_ip6,
dst_ip="800%d::100" % i,
))
self.send_packets(self.pg1, self.pg0, count=3)
route_8000.remove_vpp_config()
route_8001.remove_vpp_config()
route_8002.remove_vpp_config()
self.pg0.unconfig_ip6()
self.logger.info("FFP_TEST_FINISH_0005")
def test_ip6_tx_p2p_subif(self):
"""send packet via p2p subinterface"""
self.logger.info("FFP_TEST_START_0005")
route_8000 = VppIpRoute(self, "8000::", 64,
[VppRoutePath(self.pg0.remote_ip6,
self.pg0.sw_if_index,
proto=DpoProto.DPO_PROTO_IP6)],
is_ip6=1)
route_8000.add_vpp_config()
route_8001 = VppIpRoute(self, "8001::", 64,
[VppRoutePath(self.p2p_sub_ifs[0].remote_ip6,
self.p2p_sub_ifs[0].sw_if_index,
proto=DpoProto.DPO_PROTO_IP6)],
is_ip6=1)
route_8001.add_vpp_config()
route_8002 = VppIpRoute(self, "8002::", 64,
[VppRoutePath(self.p2p_sub_ifs[1].remote_ip6,
self.p2p_sub_ifs[1].sw_if_index,
proto=DpoProto.DPO_PROTO_IP6)],
is_ip6=1)
route_8002.add_vpp_config()
for i in range(0, 3):
self.packets.append(
self.create_stream(src_mac=self.pg1.remote_mac,
dst_mac=self.pg1.local_mac,
src_ip=self.pg1.remote_ip6,
dst_ip="800%d::100" % i))
self.send_packets(self.pg1, self.pg0, count=3)
route_8000.remove_vpp_config()
route_8001.remove_vpp_config()
route_8002.remove_vpp_config()
self.logger.info("FFP_TEST_FINISH_0005")
def test_l2_emulation(self):
""" L2 Emulation """
#
# non distinct L3 packets, in the tag/non-tag combos
#
pkt_no_tag = (Ether(src=self.pg0.remote_mac, dst=self.pg1.remote_mac) /
IP(src="2.2.2.2", dst="1.1.1.1") /
UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
pkt_to_tag = (Ether(src=self.pg0.remote_mac, dst=self.pg2.remote_mac) /
IP(src="2.2.2.2", dst="1.1.1.2") /
UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
pkt_from_tag = (
Ether(src=self.pg3.remote_mac, dst=self.pg2.remote_mac) /
Dot1Q(vlan=93) / IP(src="2.2.2.2", dst="1.1.1.1") /
UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
pkt_from_to_tag = (
Ether(src=self.pg3.remote_mac, dst=self.pg2.remote_mac) /
Dot1Q(vlan=93) / IP(src="2.2.2.2", dst="1.1.1.2") /
UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
pkt_bcast = (Ether(src=self.pg0.remote_mac, dst="ff:ff:ff:ff:ff:ff") /
IP(src="2.2.2.2", dst="255.255.255.255") /
UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
#
# A couple of sub-interfaces for tags
#
sub_if_on_pg2 = VppDot1QSubint(self, self.pg2, 92)
sub_if_on_pg3 = VppDot1QSubint(self, self.pg3, 93)
sub_if_on_pg2.admin_up()
sub_if_on_pg3.admin_up()
#
# Put all the interfaces into a new bridge domain
#
self.vapi.sw_interface_set_l2_bridge(self.pg0.sw_if_index, 1)
self.vapi.sw_interface_set_l2_bridge(self.pg1.sw_if_index, 1)
self.vapi.sw_interface_set_l2_bridge(sub_if_on_pg2.sw_if_index, 1)
self.vapi.sw_interface_set_l2_bridge(sub_if_on_pg3.sw_if_index, 1)
self.vapi.sw_interface_set_l2_tag_rewrite(sub_if_on_pg2.sw_if_index,
L2_VTR_OP.L2_POP_1, 92)
self.vapi.sw_interface_set_l2_tag_rewrite(sub_if_on_pg3.sw_if_index,
L2_VTR_OP.L2_POP_1, 93)
#
# Disable UU flooding, learning and ARP terminaation. makes this test
# easier as unicast packets are dropped if not extracted.
#
self.vapi.bridge_flags(1, 0, (1 << 0) | (1 << 3) | (1 << 4))
#
# Add a DVR route to steer traffic at L3
#
route_1 = VppIpRoute(
self, "1.1.1.1", 32,
[VppRoutePath("0.0.0.0", self.pg1.sw_if_index, is_dvr=1)])
route_2 = VppIpRoute(
self, "1.1.1.2", 32,
[VppRoutePath("0.0.0.0", sub_if_on_pg2.sw_if_index, is_dvr=1)])
route_1.add_vpp_config()
route_2.add_vpp_config()
#
# packets are dropped because bridge does not flood unkown unicast
#
self.send_and_assert_no_replies(self.pg0, pkt_no_tag)
#
# Enable L3 extraction on pgs
#
self.vapi.sw_interface_set_l2_emulation(self.pg0.sw_if_index)
self.vapi.sw_interface_set_l2_emulation(self.pg1.sw_if_index)
self.vapi.sw_interface_set_l2_emulation(sub_if_on_pg2.sw_if_index)
self.vapi.sw_interface_set_l2_emulation(sub_if_on_pg3.sw_if_index)
#
# now we expect the packet forward according to the DVR route
#
rx = self.send_and_expect(self.pg0, pkt_no_tag * 65, self.pg1)
self.assert_same_mac_addr(pkt_no_tag, rx)
self.assert_has_no_tag(rx)
rx = self.send_and_expect(self.pg0, pkt_to_tag * 65, self.pg2)
self.assert_same_mac_addr(pkt_to_tag, rx)
self.assert_has_vlan_tag(92, rx)
rx = self.send_and_expect(self.pg3, pkt_from_tag * 65, self.pg1)
self.assert_same_mac_addr(pkt_from_tag, rx)
self.assert_has_no_tag(rx)
rx = self.send_and_expect(self.pg3, pkt_from_to_tag * 65, self.pg2)
self.assert_same_mac_addr(pkt_from_tag, rx)
self.assert_has_vlan_tag(92, rx)
#
# but broadcast packets are still flooded
#
self.send_and_expect(self.pg0, pkt_bcast * 33, self.pg2)
#
# cleanup
#
self.vapi.sw_interface_set_l2_emulation(self.pg0.sw_if_index, enable=0)
self.vapi.sw_interface_set_l2_emulation(self.pg1.sw_if_index, enable=0)
self.vapi.sw_interface_set_l2_emulation(sub_if_on_pg2.sw_if_index,
enable=0)
self.vapi.sw_interface_set_l2_emulation(sub_if_on_pg3.sw_if_index,
enable=0)
self.vapi.sw_interface_set_l2_bridge(self.pg0.sw_if_index, 1, enable=0)
self.vapi.sw_interface_set_l2_bridge(self.pg1.sw_if_index, 1, enable=0)
self.vapi.sw_interface_set_l2_bridge(sub_if_on_pg2.sw_if_index,
1,
enable=0)
self.vapi.sw_interface_set_l2_bridge(sub_if_on_pg3.sw_if_index,
1,
enable=0)
route_1.remove_vpp_config()
route_2.remove_vpp_config()
sub_if_on_pg3.remove_vpp_config()
sub_if_on_pg2.remove_vpp_config()
def test_l2_emulation(self):
""" L2 Emulation """
#
# non distinct L3 packets, in the tag/non-tag combos
#
pkt_no_tag = (Ether(src=self.pg0.remote_mac,
dst=self.pg1.remote_mac) /
IP(src="2.2.2.2",
dst="1.1.1.1") /
UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
pkt_to_tag = (Ether(src=self.pg0.remote_mac,
dst=self.pg2.remote_mac) /
IP(src="2.2.2.2",
dst="1.1.1.2") /
UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
pkt_from_tag = (Ether(src=self.pg3.remote_mac,
dst=self.pg2.remote_mac) /
Dot1Q(vlan=93) /
IP(src="2.2.2.2",
dst="1.1.1.1") /
UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
pkt_from_to_tag = (Ether(src=self.pg3.remote_mac,
dst=self.pg2.remote_mac) /
Dot1Q(vlan=93) /
IP(src="2.2.2.2",
dst="1.1.1.2") /
UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
pkt_bcast = (Ether(src=self.pg0.remote_mac,
dst="ff:ff:ff:ff:ff:ff") /
IP(src="2.2.2.2",
dst="255.255.255.255") /
UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
#
# A couple of sub-interfaces for tags
#
sub_if_on_pg2 = VppDot1QSubint(self, self.pg2, 92)
sub_if_on_pg3 = VppDot1QSubint(self, self.pg3, 93)
sub_if_on_pg2.admin_up()
sub_if_on_pg3.admin_up()
#
# Put all the interfaces into a new bridge domain
#
self.vapi.sw_interface_set_l2_bridge(
rx_sw_if_index=self.pg0.sw_if_index, bd_id=1)
self.vapi.sw_interface_set_l2_bridge(
rx_sw_if_index=self.pg1.sw_if_index, bd_id=1)
self.vapi.sw_interface_set_l2_bridge(
rx_sw_if_index=sub_if_on_pg2.sw_if_index, bd_id=1)
self.vapi.sw_interface_set_l2_bridge(
rx_sw_if_index=sub_if_on_pg3.sw_if_index, bd_id=1)
self.vapi.l2_interface_vlan_tag_rewrite(
sw_if_index=sub_if_on_pg2.sw_if_index, vtr_op=L2_VTR_OP.L2_POP_1,
push_dot1q=92)
self.vapi.l2_interface_vlan_tag_rewrite(
sw_if_index=sub_if_on_pg3.sw_if_index, vtr_op=L2_VTR_OP.L2_POP_1,
push_dot1q=93)
#
# Disable UU flooding, learning and ARP termination. makes this test
# easier as unicast packets are dropped if not extracted.
#
self.vapi.bridge_flags(bd_id=1, is_set=0,
flags=(1 << 0) | (1 << 3) | (1 << 4))
#
# Add a DVR route to steer traffic at L3
#
route_1 = VppIpRoute(self, "1.1.1.1", 32,
[VppRoutePath("0.0.0.0",
self.pg1.sw_if_index,
is_dvr=1)])
route_2 = VppIpRoute(self, "1.1.1.2", 32,
[VppRoutePath("0.0.0.0",
sub_if_on_pg2.sw_if_index,
is_dvr=1)])
route_1.add_vpp_config()
route_2.add_vpp_config()
#
# packets are dropped because bridge does not flood unknown unicast
#
self.send_and_assert_no_replies(self.pg0, pkt_no_tag)
#
# Enable L3 extraction on pgs
#
self.vapi.l2_emulation(self.pg0.sw_if_index)
self.vapi.l2_emulation(self.pg1.sw_if_index)
self.vapi.l2_emulation(sub_if_on_pg2.sw_if_index)
self.vapi.l2_emulation(sub_if_on_pg3.sw_if_index)
#
# now we expect the packet forward according to the DVR route
#
rx = self.send_and_expect(self.pg0, pkt_no_tag * 65, self.pg1)
self.assert_same_mac_addr(pkt_no_tag, rx)
self.assert_has_no_tag(rx)
rx = self.send_and_expect(self.pg0, pkt_to_tag * 65, self.pg2)
self.assert_same_mac_addr(pkt_to_tag, rx)
self.assert_has_vlan_tag(92, rx)
rx = self.send_and_expect(self.pg3, pkt_from_tag * 65, self.pg1)
self.assert_same_mac_addr(pkt_from_tag, rx)
self.assert_has_no_tag(rx)
rx = self.send_and_expect(self.pg3, pkt_from_to_tag * 65, self.pg2)
self.assert_same_mac_addr(pkt_from_tag, rx)
self.assert_has_vlan_tag(92, rx)
#
# but broadcast packets are still flooded
#
self.send_and_expect(self.pg0, pkt_bcast * 33, self.pg2)
#
# cleanup
#
self.vapi.l2_emulation(self.pg0.sw_if_index,
enable=0)
self.vapi.l2_emulation(self.pg1.sw_if_index,
enable=0)
self.vapi.l2_emulation(sub_if_on_pg2.sw_if_index,
enable=0)
self.vapi.l2_emulation(sub_if_on_pg3.sw_if_index,
enable=0)
self.vapi.sw_interface_set_l2_bridge(
rx_sw_if_index=self.pg0.sw_if_index, bd_id=1, enable=0)
self.vapi.sw_interface_set_l2_bridge(
rx_sw_if_index=self.pg1.sw_if_index, bd_id=1, enable=0)
self.vapi.sw_interface_set_l2_bridge(
rx_sw_if_index=sub_if_on_pg2.sw_if_index, bd_id=1, enable=0)
self.vapi.sw_interface_set_l2_bridge(
rx_sw_if_index=sub_if_on_pg3.sw_if_index, bd_id=1, enable=0)
route_1.remove_vpp_config()
route_2.remove_vpp_config()
sub_if_on_pg3.remove_vpp_config()
sub_if_on_pg2.remove_vpp_config()
def test_bier_load_balance(self):
"""BIER load-balance"""
#
# Add a BIER table for sub-domain 0, set 0, and BSL 256
#
bti = VppBierTableID(0, 0, BIERLength.BIER_LEN_64)
bt = VppBierTable(self, bti, 77)
bt.add_vpp_config()
#
# packets with varying entropy
#
pkts = []
for ii in range(257):
pkts.append((Ether(dst=self.pg0.local_mac,
src=self.pg0.remote_mac) /
MPLS(label=77, ttl=255) /
BIER(length=BIERLength.BIER_LEN_64,
entropy=ii,
BitString=scapy.compat.chb(255)*16) /
IPv6(src=self.pg0.remote_ip6,
dst=self.pg0.remote_ip6) /
UDP(sport=1234, dport=1234) /
Raw()))
#
# 4 next hops
#
nhs = [{'ip': "10.0.0.1", 'label': 201},
{'ip': "10.0.0.2", 'label': 202},
{'ip': "10.0.0.3", 'label': 203},
{'ip': "10.0.0.4", 'label': 204}]
for nh in nhs:
ipr = VppIpRoute(
self, nh['ip'], 32,
[VppRoutePath(self.pg1.remote_ip4,
self.pg1.sw_if_index,
labels=[VppMplsLabel(nh['label'])])])
ipr.add_vpp_config()
bier_route = VppBierRoute(
self, bti, 1,
[VppRoutePath(nhs[0]['ip'], 0xffffffff,
labels=[VppMplsLabel(101)]),
VppRoutePath(nhs[1]['ip'], 0xffffffff,
labels=[VppMplsLabel(101)])])
bier_route.add_vpp_config()
rx = self.send_and_expect(self.pg0, pkts, self.pg1)
#
# we should have recieved a packet from each neighbor
#
for nh in nhs[:2]:
self.assertTrue(sum(p[MPLS].label == nh['label'] for p in rx))
#
# add the other paths
#
bier_route.update_paths(
[VppRoutePath(nhs[0]['ip'], 0xffffffff,
labels=[VppMplsLabel(101)]),
VppRoutePath(nhs[1]['ip'], 0xffffffff,
labels=[VppMplsLabel(101)]),
VppRoutePath(nhs[2]['ip'], 0xffffffff,
labels=[VppMplsLabel(101)]),
VppRoutePath(nhs[3]['ip'], 0xffffffff,
labels=[VppMplsLabel(101)])])
rx = self.send_and_expect(self.pg0, pkts, self.pg1)
for nh in nhs:
self.assertTrue(sum(p[MPLS].label == nh['label'] for p in rx))
#
# remove first two paths
#
bier_route.remove_path(VppRoutePath(nhs[0]['ip'], 0xffffffff,
labels=[VppMplsLabel(101)]))
bier_route.remove_path(VppRoutePath(nhs[1]['ip'], 0xffffffff,
labels=[VppMplsLabel(101)]))
rx = self.send_and_expect(self.pg0, pkts, self.pg1)
for nh in nhs[2:]:
self.assertTrue(sum(p[MPLS].label == nh['label'] for p in rx))
#
# remove the last of the paths, deleteing the entry
#
bier_route.remove_all_paths()
self.send_and_assert_no_replies(self.pg0, pkts)
def test_map_e(self):
""" MAP-E """
#
# Add a route to the MAP-BR
#
map_br_pfx = "2001::"
map_br_pfx_len = 64
map_route = VppIpRoute(self,
map_br_pfx,
map_br_pfx_len,
[VppRoutePath(self.pg1.remote_ip6,
self.pg1.sw_if_index,
proto=DpoProto.DPO_PROTO_IP6)],
is_ip6=1)
map_route.add_vpp_config()
#
# Add a domain that maps from pg0 to pg1
#
map_dst = '2001::/64'
map_src = '3000::1/128'
client_pfx = '192.168.0.0/16'
self.vapi.map_add_domain(map_dst, client_pfx, map_src)
# Enable MAP on interface.
self.vapi.map_if_enable_disable(is_enable=1,
sw_if_index=self.pg0.sw_if_index,
is_translation=0)
# Ensure MAP doesn't steal all packets!
v4 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(src=self.pg0.remote_ip4, dst=self.pg0.remote_ip4) /
UDP(sport=20000, dport=10000) /
Raw('\xa5' * 100))
rx = self.send_and_expect(self.pg0, v4*1, self.pg0)
v4_reply = v4[1]
v4_reply.ttl -= 1
for p in rx:
self.validate(p[1], v4_reply)
#
# Fire in a v4 packet that will be encapped to the BR
#
v4 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(src=self.pg0.remote_ip4, dst='192.168.1.1') /
UDP(sport=20000, dport=10000) /
Raw('\xa5' * 100))
self.send_and_assert_encapped(v4, "3000::1", "2001::c0a8:0:0")
# Enable MAP on interface.
self.vapi.map_if_enable_disable(is_enable=1,
sw_if_index=self.pg1.sw_if_index,
is_translation=0)
# Ensure MAP doesn't steal all packets
v6 = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
IPv6(src=self.pg1.remote_ip6, dst=self.pg1.remote_ip6) /
UDP(sport=20000, dport=10000) /
Raw('\xa5' * 100))
rx = self.send_and_expect(self.pg1, v6*1, self.pg1)
v6_reply = v6[1]
v6_reply.hlim -= 1
for p in rx:
self.validate(p[1], v6_reply)
#
# Fire in a V6 encapped packet.
# expect a decapped packet on the inside ip4 link
#
p = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
IPv6(dst='3000::1', src="2001::1") /
IP(dst=self.pg0.remote_ip4, src='192.168.1.1') /
UDP(sport=20000, dport=10000) /
Raw('\xa5' * 100))
self.pg1.add_stream(p)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx = self.pg0.get_capture(1)
rx = rx[0]
self.assertFalse(rx.haslayer(IPv6))
self.assertEqual(rx[IP].src, p[IP].src)
self.assertEqual(rx[IP].dst, p[IP].dst)
#
# Pre-resolve. No API for this!!
#
self.vapi.ppcli("map params pre-resolve ip6-nh 4001::1")
self.send_and_assert_no_replies(self.pg0, v4,
"resovled via default route")
#
# Add a route to 4001::1. Expect the encapped traffic to be
# sent via that routes next-hop
#
pre_res_route = VppIpRoute(
self, "4001::1", 128,
[VppRoutePath(self.pg1.remote_hosts[2].ip6,
self.pg1.sw_if_index,
proto=DpoProto.DPO_PROTO_IP6)],
is_ip6=1)
pre_res_route.add_vpp_config()
self.send_and_assert_encapped(v4, "3000::1",
"2001::c0a8:0:0",
dmac=self.pg1.remote_hosts[2].mac)
#
# change the route to the pre-solved next-hop
#
pre_res_route.modify([VppRoutePath(self.pg1.remote_hosts[3].ip6,
self.pg1.sw_if_index,
proto=DpoProto.DPO_PROTO_IP6)])
pre_res_route.add_vpp_config()
self.send_and_assert_encapped(v4, "3000::1",
"2001::c0a8:0:0",
dmac=self.pg1.remote_hosts[3].mac)
#
# cleanup. The test infra's object registry will ensure
# the route is really gone and thus that the unresolve worked.
#
pre_res_route.remove_vpp_config()
self.vapi.ppcli("map params pre-resolve del ip6-nh 4001::1")
class QUICTestCase(VppTestCase):
""" QUIC Test Case """
@classmethod
def setUpClass(cls):
cls.extra_vpp_plugin_config.append("plugin quic_plugin.so { enable }")
super(QUICTestCase, cls).setUpClass()
def setUp(self):
super(QUICTestCase, self).setUp()
var = "VPP_BUILD_DIR"
self.build_dir = os.getenv(var, None)
if self.build_dir is None:
raise Exception("Environment variable `%s' not set" % var)
self.vppDebug = 'vpp_debug' in self.build_dir
self.timeout = 20
self.vapi.session_enable_disable(is_enabled=1)
self.pre_test_sleep = 0.3
self.post_test_sleep = 0.2
self.create_loopback_interfaces(2)
self.uri = "quic://%s/1234" % self.loop0.local_ip4
table_id = 1
for i in self.lo_interfaces:
i.admin_up()
if table_id != 0:
tbl = VppIpTable(self, table_id)
tbl.add_vpp_config()
i.set_table_ip4(table_id)
i.config_ip4()
table_id += 1
# Configure namespaces
self.vapi.app_namespace_add_del(namespace_id=b"server",
sw_if_index=self.loop0.sw_if_index)
self.vapi.app_namespace_add_del(namespace_id=b"client",
sw_if_index=self.loop1.sw_if_index)
# Add inter-table routes
self.ip_t01 = VppIpRoute(
self,
self.loop1.local_ip4,
32, [VppRoutePath("0.0.0.0", 0xffffffff, nh_table_id=2)],
table_id=1)
self.ip_t10 = VppIpRoute(
self,
self.loop0.local_ip4,
32, [VppRoutePath("0.0.0.0", 0xffffffff, nh_table_id=1)],
table_id=2)
self.ip_t01.add_vpp_config()
self.ip_t10.add_vpp_config()
self.logger.debug(self.vapi.cli("show ip fib"))
def tearDown(self):
self.vapi.session_enable_disable(is_enabled=0)
# Delete inter-table routes
self.ip_t01.remove_vpp_config()
self.ip_t10.remove_vpp_config()
for i in self.lo_interfaces:
i.unconfig_ip4()
i.set_table_ip4(0)
i.admin_down()
super(QUICTestCase, self).tearDown()
def test_qos_mpls(self):
""" QoS Mark/Record MPLS """
#
# 255 QoS for all input values
#
from_ext = 7
from_ip = 6
from_mpls = 5
from_vlan = 4
output = [scapy.compat.chb(from_ext)] * 256
os1 = b''.join(output)
output = [scapy.compat.chb(from_vlan)] * 256
os2 = b''.join(output)
output = [scapy.compat.chb(from_mpls)] * 256
os3 = b''.join(output)
output = [scapy.compat.chb(from_ip)] * 256
os4 = b''.join(output)
rows = [{'outputs': os1},
{'outputs': os2},
{'outputs': os3},
{'outputs': os4}]
self.vapi.qos_egress_map_update(1, rows)
#
# a route with 1 MPLS label
#
route_10_0_0_1 = VppIpRoute(self, "10.0.0.1", 32,
[VppRoutePath(self.pg1.remote_ip4,
self.pg1.sw_if_index,
labels=[32])])
route_10_0_0_1.add_vpp_config()
#
# a route with 3 MPLS labels
#
route_10_0_0_3 = VppIpRoute(self, "10.0.0.3", 32,
[VppRoutePath(self.pg1.remote_ip4,
self.pg1.sw_if_index,
labels=[63, 33, 34])])
route_10_0_0_3.add_vpp_config()
#
# enable IP QoS recording on the input Pg0 and MPLS egress marking
# on Pg1
#
self.vapi.qos_record_enable_disable(self.pg0.sw_if_index,
self.QOS_SOURCE.QOS_API_SOURCE_IP,
1)
self.vapi.qos_mark_enable_disable(self.pg1.sw_if_index,
self.QOS_SOURCE.QOS_API_SOURCE_MPLS,
1,
1)
#
# packet that will get one label added and 3 labels added resp.
#
p_1 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
IP(src=self.pg0.remote_ip4, dst="10.0.0.1", tos=1) /
UDP(sport=1234, dport=1234) /
Raw(scapy.compat.chb(100) * NUM_PKTS))
p_3 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
IP(src=self.pg0.remote_ip4, dst="10.0.0.3", tos=1) /
UDP(sport=1234, dport=1234) /
Raw(scapy.compat.chb(100) * NUM_PKTS))
rx = self.send_and_expect(self.pg0, p_1 * NUM_PKTS, self.pg1)
#
# only 3 bits of ToS value in MPLS make sure tos is correct
# and the label and EOS bit have not been corrupted
#
for p in rx:
self.assertEqual(p[MPLS].cos, from_ip)
self.assertEqual(p[MPLS].label, 32)
self.assertEqual(p[MPLS].s, 1)
rx = self.send_and_expect(self.pg0, p_3 * NUM_PKTS, self.pg1)
for p in rx:
self.assertEqual(p[MPLS].cos, from_ip)
self.assertEqual(p[MPLS].label, 63)
self.assertEqual(p[MPLS].s, 0)
h = p[MPLS].payload
self.assertEqual(h[MPLS].cos, from_ip)
self.assertEqual(h[MPLS].label, 33)
self.assertEqual(h[MPLS].s, 0)
h = h[MPLS].payload
self.assertEqual(h[MPLS].cos, from_ip)
self.assertEqual(h[MPLS].label, 34)
self.assertEqual(h[MPLS].s, 1)
#
# enable MPLS QoS recording on the input Pg0 and IP egress marking
# on Pg1
#
self.vapi.qos_record_enable_disable(
self.pg0.sw_if_index,
self.QOS_SOURCE.QOS_API_SOURCE_MPLS,
1)
self.vapi.qos_mark_enable_disable(self.pg1.sw_if_index,
self.QOS_SOURCE.QOS_API_SOURCE_IP,
1,
1)
#
# MPLS x-connect - COS according to pg1 map
#
route_32_eos = VppMplsRoute(self, 32, 1,
[VppRoutePath(self.pg1.remote_ip4,
self.pg1.sw_if_index,
labels=[VppMplsLabel(33)])])
route_32_eos.add_vpp_config()
p_m1 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
MPLS(label=32, cos=3, ttl=2) /
IP(src=self.pg0.remote_ip4, dst="10.0.0.1", tos=1) /
UDP(sport=1234, dport=1234) /
Raw(scapy.compat.chb(100) * NUM_PKTS))
rx = self.send_and_expect(self.pg0, p_m1 * NUM_PKTS, self.pg1)
for p in rx:
self.assertEqual(p[MPLS].cos, from_mpls)
self.assertEqual(p[MPLS].label, 33)
self.assertEqual(p[MPLS].s, 1)
#
# MPLS deag - COS is copied from MPLS to IP
#
route_33_eos = VppMplsRoute(self, 33, 1,
[VppRoutePath("0.0.0.0",
0xffffffff,
nh_table_id=0)])
route_33_eos.add_vpp_config()
route_10_0_0_4 = VppIpRoute(self, "10.0.0.4", 32,
[VppRoutePath(self.pg1.remote_ip4,
self.pg1.sw_if_index)])
route_10_0_0_4.add_vpp_config()
p_m2 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
MPLS(label=33, ttl=2, cos=3) /
IP(src=self.pg0.remote_ip4, dst="10.0.0.4", tos=1) /
UDP(sport=1234, dport=1234) /
Raw(scapy.compat.chb(100) * NUM_PKTS))
rx = self.send_and_expect(self.pg0, p_m2 * NUM_PKTS, self.pg1)
for p in rx:
self.assertEqual(p[IP].tos, from_mpls)
#
# cleanup
#
self.vapi.qos_record_enable_disable(self.pg0.sw_if_index,
self.QOS_SOURCE.QOS_API_SOURCE_IP,
0)
self.vapi.qos_mark_enable_disable(self.pg1.sw_if_index,
self.QOS_SOURCE.QOS_API_SOURCE_MPLS,
1,
0)
self.vapi.qos_record_enable_disable(
self.pg0.sw_if_index,
self.QOS_SOURCE.QOS_API_SOURCE_MPLS,
0)
self.vapi.qos_mark_enable_disable(self.pg1.sw_if_index,
self.QOS_SOURCE.QOS_API_SOURCE_IP,
1,
0)
self.vapi.qos_egress_map_delete(1)
def test_dvr(self):
""" Distributed Virtual Router """
#
# A packet destined to an IP address that is L2 bridged via
# a non-tag interface
#
ip_non_tag_bridged = "10.10.10.10"
ip_tag_bridged = "10.10.10.11"
any_src_addr = "1.1.1.1"
pkt_no_tag = (Ether(src=self.pg0.remote_mac,
dst=self.loop0.local_mac) /
IP(src=any_src_addr,
dst=ip_non_tag_bridged) /
UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
pkt_tag = (Ether(src=self.pg0.remote_mac,
dst=self.loop0.local_mac) /
IP(src=any_src_addr,
dst=ip_tag_bridged) /
UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
#
# Two sub-interfaces so we can test VLAN tag push/pop
#
sub_if_on_pg2 = VppDot1QSubint(self, self.pg2, 92)
sub_if_on_pg3 = VppDot1QSubint(self, self.pg3, 93)
sub_if_on_pg2.admin_up()
sub_if_on_pg3.admin_up()
#
# Put all the interfaces into a new bridge domain
#
self.vapi.sw_interface_set_l2_bridge(
rx_sw_if_index=self.pg0.sw_if_index, bd_id=1)
self.vapi.sw_interface_set_l2_bridge(
rx_sw_if_index=self.pg1.sw_if_index, bd_id=1)
self.vapi.sw_interface_set_l2_bridge(
rx_sw_if_index=sub_if_on_pg2.sw_if_index, bd_id=1)
self.vapi.sw_interface_set_l2_bridge(
rx_sw_if_index=sub_if_on_pg3.sw_if_index, bd_id=1)
self.vapi.sw_interface_set_l2_bridge(
rx_sw_if_index=self.loop0.sw_if_index, bd_id=1,
port_type=L2_PORT_TYPE.BVI)
self.vapi.l2_interface_vlan_tag_rewrite(
sw_if_index=sub_if_on_pg2.sw_if_index, vtr_op=L2_VTR_OP.L2_POP_1,
push_dot1q=92)
self.vapi.l2_interface_vlan_tag_rewrite(
sw_if_index=sub_if_on_pg3.sw_if_index, vtr_op=L2_VTR_OP.L2_POP_1,
push_dot1q=93)
#
# Add routes to bridge the traffic via a tagged an nontagged interface
#
route_no_tag = VppIpRoute(
self, ip_non_tag_bridged, 32,
[VppRoutePath("0.0.0.0",
self.pg1.sw_if_index,
is_dvr=1)])
route_no_tag.add_vpp_config()
#
# Inject the packet that arrives and leaves on a non-tagged interface
# Since it's 'bridged' expect that the MAC headed is unchanged.
#
rx = self.send_and_expect(self.pg0, pkt_no_tag * 65, self.pg1)
self.assert_same_mac_addr(pkt_no_tag, rx)
self.assert_has_no_tag(rx)
#
# Add routes to bridge the traffic via a tagged interface
#
route_with_tag = VppIpRoute(
self, ip_tag_bridged, 32,
[VppRoutePath("0.0.0.0",
sub_if_on_pg3.sw_if_index,
is_dvr=1)])
route_with_tag.add_vpp_config()
#
# Inject the packet that arrives non-tag and leaves on a tagged
# interface
#
rx = self.send_and_expect(self.pg0, pkt_tag * 65, self.pg3)
self.assert_same_mac_addr(pkt_tag, rx)
self.assert_has_vlan_tag(93, rx)
#
# Tag to tag
#
pkt_tag_to_tag = (Ether(src=self.pg2.remote_mac,
dst=self.loop0.local_mac) /
Dot1Q(vlan=92) /
IP(src=any_src_addr,
dst=ip_tag_bridged) /
UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
rx = self.send_and_expect(self.pg2, pkt_tag_to_tag * 65, self.pg3)
self.assert_same_mac_addr(pkt_tag_to_tag, rx)
self.assert_has_vlan_tag(93, rx)
#
# Tag to non-Tag
#
pkt_tag_to_non_tag = (Ether(src=self.pg2.remote_mac,
dst=self.loop0.local_mac) /
Dot1Q(vlan=92) /
IP(src=any_src_addr,
dst=ip_non_tag_bridged) /
UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
rx = self.send_and_expect(self.pg2, pkt_tag_to_non_tag * 65, self.pg1)
self.assert_same_mac_addr(pkt_tag_to_tag, rx)
self.assert_has_no_tag(rx)
#
# Add an output L3 ACL that will block the traffic
#
rule_1 = ({'is_permit': 0,
'is_ipv6': 0,
'proto': 17,
'srcport_or_icmptype_first': 1234,
'srcport_or_icmptype_last': 1234,
'src_ip_prefix_len': 32,
'src_ip_addr': inet_pton(AF_INET, any_src_addr),
'dstport_or_icmpcode_first': 1234,
'dstport_or_icmpcode_last': 1234,
'dst_ip_prefix_len': 32,
'dst_ip_addr': inet_pton(AF_INET, ip_non_tag_bridged)})
acl = self.vapi.acl_add_replace(acl_index=4294967295,
r=[rule_1])
#
# Apply the ACL on the output interface
#
self.vapi.acl_interface_set_acl_list(self.pg1.sw_if_index,
0,
[acl.acl_index])
#
# Send packet's that should match the ACL and be dropped
#
rx = self.send_and_assert_no_replies(self.pg2, pkt_tag_to_non_tag * 65)
#
# cleanup
#
self.vapi.acl_interface_set_acl_list(self.pg1.sw_if_index,
0, [])
self.vapi.acl_del(acl.acl_index)
self.vapi.sw_interface_set_l2_bridge(
rx_sw_if_index=self.pg0.sw_if_index, bd_id=1, enable=0)
self.vapi.sw_interface_set_l2_bridge(
rx_sw_if_index=self.pg1.sw_if_index, bd_id=1, enable=0)
self.vapi.sw_interface_set_l2_bridge(
rx_sw_if_index=sub_if_on_pg2.sw_if_index, bd_id=1, enable=0)
self.vapi.sw_interface_set_l2_bridge(
rx_sw_if_index=sub_if_on_pg3.sw_if_index, bd_id=1, enable=0)
self.vapi.sw_interface_set_l2_bridge(
rx_sw_if_index=self.loop0.sw_if_index, bd_id=1,
port_type=L2_PORT_TYPE.BVI, enable=0)
#
# Do a FIB dump to make sure the paths are correctly reported as DVR
#
routes = self.vapi.ip_fib_dump()
for r in routes:
if (inet_pton(AF_INET, ip_tag_bridged) == r.address):
self.assertEqual(r.path[0].sw_if_index,
sub_if_on_pg3.sw_if_index)
self.assertEqual(r.path[0].is_dvr, 1)
if (inet_pton(AF_INET, ip_non_tag_bridged) == r.address):
self.assertEqual(r.path[0].sw_if_index,
self.pg1.sw_if_index)
self.assertEqual(r.path[0].is_dvr, 1)
#
# the explicit route delete is require so it happens before
# the sbu-interface delete. subinterface delete is required
# because that object type does not use the object registry
#
route_no_tag.remove_vpp_config()
route_with_tag.remove_vpp_config()
sub_if_on_pg3.remove_vpp_config()
sub_if_on_pg2.remove_vpp_config()
def test_qos_vlan(self):
"""QoS mark/record VLAN """
#
# QoS for all input values
#
output = [scapy.compat.chb(0)] * 256
for i in range(0, 255):
output[i] = scapy.compat.chb(255 - i)
os = b''.join(output)
rows = [{'outputs': os},
{'outputs': os},
{'outputs': os},
{'outputs': os}]
self.vapi.qos_egress_map_update(1, rows)
sub_if = VppDot1QSubint(self, self.pg0, 11)
sub_if.admin_up()
sub_if.config_ip4()
sub_if.resolve_arp()
sub_if.config_ip6()
sub_if.resolve_ndp()
#
# enable VLAN QoS recording/marking on the input Pg0 subinterface and
#
self.vapi.qos_record_enable_disable(sub_if.sw_if_index,
QOS_SOURCE.VLAN,
1)
self.vapi.qos_mark_enable_disable(sub_if.sw_if_index,
QOS_SOURCE.VLAN,
1,
1)
#
# IP marking/recording on pg1
#
self.vapi.qos_record_enable_disable(self.pg1.sw_if_index,
QOS_SOURCE.IP,
1)
self.vapi.qos_mark_enable_disable(self.pg1.sw_if_index,
QOS_SOURCE.IP,
1,
1)
#
# a routes to/from sub-interface
#
route_10_0_0_1 = VppIpRoute(self, "10.0.0.1", 32,
[VppRoutePath(sub_if.remote_ip4,
sub_if.sw_if_index)])
route_10_0_0_1.add_vpp_config()
route_10_0_0_2 = VppIpRoute(self, "10.0.0.2", 32,
[VppRoutePath(self.pg1.remote_ip4,
self.pg1.sw_if_index)])
route_10_0_0_2.add_vpp_config()
route_2001_1 = VppIpRoute(self, "2001::1", 128,
[VppRoutePath(sub_if.remote_ip6,
sub_if.sw_if_index,
proto=DpoProto.DPO_PROTO_IP6)],
is_ip6=1)
route_2001_1.add_vpp_config()
route_2001_2 = VppIpRoute(self, "2001::2", 128,
[VppRoutePath(self.pg1.remote_ip6,
self.pg1.sw_if_index,
proto=DpoProto.DPO_PROTO_IP6)],
is_ip6=1)
route_2001_2.add_vpp_config()
p_v1 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
Dot1Q(vlan=11, prio=1) /
IP(src="1.1.1.1", dst="10.0.0.2", tos=1) /
UDP(sport=1234, dport=1234) /
Raw(scapy.compat.chb(100) * 65))
p_v2 = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) /
IP(src="1.1.1.1", dst="10.0.0.1", tos=1) /
UDP(sport=1234, dport=1234) /
Raw(scapy.compat.chb(100) * 65))
rx = self.send_and_expect(self.pg1, p_v2 * 65, self.pg0)
for p in rx:
self.assertEqual(p[Dot1Q].prio, 6)
rx = self.send_and_expect(self.pg0, p_v1 * 65, self.pg1)
for p in rx:
self.assertEqual(p[IP].tos, 254)
p_v1 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
Dot1Q(vlan=11, prio=2) /
IPv6(src="2001::1", dst="2001::2", tc=1) /
UDP(sport=1234, dport=1234) /
Raw(scapy.compat.chb(100) * 65))
p_v2 = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) /
IPv6(src="3001::1", dst="2001::1", tc=1) /
UDP(sport=1234, dport=1234) /
Raw(scapy.compat.chb(100) * 65))
rx = self.send_and_expect(self.pg1, p_v2 * 65, self.pg0)
for p in rx:
self.assertEqual(p[Dot1Q].prio, 6)
rx = self.send_and_expect(self.pg0, p_v1 * 65, self.pg1)
for p in rx:
self.assertEqual(p[IPv6].tc, 253)
#
# cleanup
#
sub_if.unconfig_ip4()
sub_if.unconfig_ip6()
self.vapi.qos_record_enable_disable(sub_if.sw_if_index,
QOS_SOURCE.VLAN,
0)
self.vapi.qos_mark_enable_disable(sub_if.sw_if_index,
QOS_SOURCE.VLAN,
1,
0)
self.vapi.qos_record_enable_disable(self.pg1.sw_if_index,
QOS_SOURCE.IP,
0)
self.vapi.qos_mark_enable_disable(self.pg1.sw_if_index,
QOS_SOURCE.IP,
1,
0)
def test_qos_mpls(self):
""" QoS Mark/Record MPLS """
#
# 255 QoS for all input values
#
from_ext = 7
from_ip = 6
from_mpls = 5
from_vlan = 4
output = [scapy.compat.chb(from_ext)] * 256
os1 = b''.join(output)
output = [scapy.compat.chb(from_vlan)] * 256
os2 = b''.join(output)
output = [scapy.compat.chb(from_mpls)] * 256
os3 = b''.join(output)
output = [scapy.compat.chb(from_ip)] * 256
os4 = b''.join(output)
rows = [{'outputs': os1},
{'outputs': os2},
{'outputs': os3},
{'outputs': os4}]
self.vapi.qos_egress_map_update(1, rows)
#
# a route with 1 MPLS label
#
route_10_0_0_1 = VppIpRoute(self, "10.0.0.1", 32,
[VppRoutePath(self.pg1.remote_ip4,
self.pg1.sw_if_index,
labels=[32])])
route_10_0_0_1.add_vpp_config()
#
# a route with 3 MPLS labels
#
route_10_0_0_3 = VppIpRoute(self, "10.0.0.3", 32,
[VppRoutePath(self.pg1.remote_ip4,
self.pg1.sw_if_index,
labels=[63, 33, 34])])
route_10_0_0_3.add_vpp_config()
#
# enable IP QoS recording on the input Pg0 and MPLS egress marking
# on Pg1
#
self.vapi.qos_record_enable_disable(self.pg0.sw_if_index,
QOS_SOURCE.IP,
1)
self.vapi.qos_mark_enable_disable(self.pg1.sw_if_index,
QOS_SOURCE.MPLS,
1,
1)
#
# packet that will get one label added and 3 labels added resp.
#
p_1 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
IP(src=self.pg0.remote_ip4, dst="10.0.0.1", tos=1) /
UDP(sport=1234, dport=1234) /
Raw(scapy.compat.chb(100) * 65))
p_3 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
IP(src=self.pg0.remote_ip4, dst="10.0.0.3", tos=1) /
UDP(sport=1234, dport=1234) /
Raw(scapy.compat.chb(100) * 65))
rx = self.send_and_expect(self.pg0, p_1 * 65, self.pg1)
#
# only 3 bits of ToS value in MPLS make sure tos is correct
# and the label and EOS bit have not been corrupted
#
for p in rx:
self.assertEqual(p[MPLS].cos, from_ip)
self.assertEqual(p[MPLS].label, 32)
self.assertEqual(p[MPLS].s, 1)
rx = self.send_and_expect(self.pg0, p_3 * 65, self.pg1)
for p in rx:
self.assertEqual(p[MPLS].cos, from_ip)
self.assertEqual(p[MPLS].label, 63)
self.assertEqual(p[MPLS].s, 0)
h = p[MPLS].payload
self.assertEqual(h[MPLS].cos, from_ip)
self.assertEqual(h[MPLS].label, 33)
self.assertEqual(h[MPLS].s, 0)
h = h[MPLS].payload
self.assertEqual(h[MPLS].cos, from_ip)
self.assertEqual(h[MPLS].label, 34)
self.assertEqual(h[MPLS].s, 1)
#
# enable MPLS QoS recording on the input Pg0 and IP egress marking
# on Pg1
#
self.vapi.qos_record_enable_disable(self.pg0.sw_if_index,
QOS_SOURCE.MPLS,
1)
self.vapi.qos_mark_enable_disable(self.pg1.sw_if_index,
QOS_SOURCE.IP,
1,
1)
#
# MPLS x-connect - COS according to pg1 map
#
route_32_eos = VppMplsRoute(self, 32, 1,
[VppRoutePath(self.pg1.remote_ip4,
self.pg1.sw_if_index,
labels=[VppMplsLabel(33)])])
route_32_eos.add_vpp_config()
p_m1 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
MPLS(label=32, cos=3, ttl=2) /
IP(src=self.pg0.remote_ip4, dst="10.0.0.1", tos=1) /
UDP(sport=1234, dport=1234) /
Raw(scapy.compat.chb(100) * 65))
rx = self.send_and_expect(self.pg0, p_m1 * 65, self.pg1)
for p in rx:
self.assertEqual(p[MPLS].cos, from_mpls)
self.assertEqual(p[MPLS].label, 33)
self.assertEqual(p[MPLS].s, 1)
#
# MPLS deag - COS is copied from MPLS to IP
#
route_33_eos = VppMplsRoute(self, 33, 1,
[VppRoutePath("0.0.0.0",
0xffffffff,
nh_table_id=0)])
route_33_eos.add_vpp_config()
route_10_0_0_4 = VppIpRoute(self, "10.0.0.4", 32,
[VppRoutePath(self.pg1.remote_ip4,
self.pg1.sw_if_index)])
route_10_0_0_4.add_vpp_config()
p_m2 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
MPLS(label=33, ttl=2, cos=3) /
IP(src=self.pg0.remote_ip4, dst="10.0.0.4", tos=1) /
UDP(sport=1234, dport=1234) /
Raw(scapy.compat.chb(100) * 65))
rx = self.send_and_expect(self.pg0, p_m2 * 65, self.pg1)
for p in rx:
self.assertEqual(p[IP].tos, from_mpls)
#
# cleanup
#
self.vapi.qos_record_enable_disable(self.pg0.sw_if_index,
QOS_SOURCE.IP,
0)
self.vapi.qos_mark_enable_disable(self.pg1.sw_if_index,
QOS_SOURCE.MPLS,
1,
0)
self.vapi.qos_record_enable_disable(self.pg0.sw_if_index,
QOS_SOURCE.MPLS,
0)
self.vapi.qos_mark_enable_disable(self.pg1.sw_if_index,
QOS_SOURCE.IP,
1,
0)
self.vapi.qos_egress_map_delete(1)
def test_dvr(self):
""" Distributed Virtual Router """
#
# A packet destined to an IP address that is L2 bridged via
# a non-tag interface
#
ip_non_tag_bridged = "10.10.10.10"
ip_tag_bridged = "10.10.10.11"
any_src_addr = "1.1.1.1"
pkt_no_tag = (
Ether(src=self.pg0.remote_mac, dst=self.loop0.local_mac) /
IP(src=any_src_addr, dst=ip_non_tag_bridged) /
UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
pkt_tag = (Ether(src=self.pg0.remote_mac, dst=self.loop0.local_mac) /
IP(src=any_src_addr, dst=ip_tag_bridged) /
UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
#
# Two sub-interfaces so we can test VLAN tag push/pop
#
sub_if_on_pg2 = VppDot1QSubint(self, self.pg2, 92)
sub_if_on_pg3 = VppDot1QSubint(self, self.pg3, 93)
sub_if_on_pg2.admin_up()
sub_if_on_pg3.admin_up()
#
# Put all the interfaces into a new bridge domain
#
self.vapi.sw_interface_set_l2_bridge(self.pg0.sw_if_index, 1)
self.vapi.sw_interface_set_l2_bridge(self.pg1.sw_if_index, 1)
self.vapi.sw_interface_set_l2_bridge(sub_if_on_pg2.sw_if_index, 1)
self.vapi.sw_interface_set_l2_bridge(sub_if_on_pg3.sw_if_index, 1)
self.vapi.sw_interface_set_l2_bridge(self.loop0.sw_if_index, 1, bvi=1)
self.vapi.sw_interface_set_l2_tag_rewrite(sub_if_on_pg2.sw_if_index,
L2_VTR_OP.L2_POP_1, 92)
self.vapi.sw_interface_set_l2_tag_rewrite(sub_if_on_pg3.sw_if_index,
L2_VTR_OP.L2_POP_1, 93)
#
# Add routes to bridge the traffic via a tagged an nontagged interface
#
route_no_tag = VppIpRoute(
self, ip_non_tag_bridged, 32,
[VppRoutePath("0.0.0.0", self.pg1.sw_if_index, is_dvr=1)])
route_no_tag.add_vpp_config()
#
# Inject the packet that arrives and leaves on a non-tagged interface
# Since it's 'bridged' expect that the MAC headed is unchanged.
#
rx = self.send_and_expect(self.pg0, pkt_no_tag * 65, self.pg1)
self.assert_same_mac_addr(pkt_no_tag, rx)
self.assert_has_no_tag(rx)
#
# Add routes to bridge the traffic via a tagged interface
#
route_with_tag = VppIpRoute(
self, ip_tag_bridged, 32,
[VppRoutePath("0.0.0.0", sub_if_on_pg3.sw_if_index, is_dvr=1)])
route_with_tag.add_vpp_config()
#
# Inject the packet that arrives non-tag and leaves on a tagged
# interface
#
rx = self.send_and_expect(self.pg0, pkt_tag * 65, self.pg3)
self.assert_same_mac_addr(pkt_tag, rx)
self.assert_has_vlan_tag(93, rx)
#
# Tag to tag
#
pkt_tag_to_tag = (
Ether(src=self.pg2.remote_mac, dst=self.loop0.local_mac) /
Dot1Q(vlan=92) / IP(src=any_src_addr, dst=ip_tag_bridged) /
UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
rx = self.send_and_expect(self.pg2, pkt_tag_to_tag * 65, self.pg3)
self.assert_same_mac_addr(pkt_tag_to_tag, rx)
self.assert_has_vlan_tag(93, rx)
#
# Tag to non-Tag
#
pkt_tag_to_non_tag = (
Ether(src=self.pg2.remote_mac, dst=self.loop0.local_mac) /
Dot1Q(vlan=92) / IP(src=any_src_addr, dst=ip_non_tag_bridged) /
UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
rx = self.send_and_expect(self.pg2, pkt_tag_to_non_tag * 65, self.pg1)
self.assert_same_mac_addr(pkt_tag_to_tag, rx)
self.assert_has_no_tag(rx)
#
# Add an output L3 ACL that will block the traffic
#
rule_1 = ({
'is_permit': 0,
'is_ipv6': 0,
'proto': 17,
'srcport_or_icmptype_first': 1234,
'srcport_or_icmptype_last': 1234,
'src_ip_prefix_len': 32,
'src_ip_addr': inet_pton(AF_INET, any_src_addr),
'dstport_or_icmpcode_first': 1234,
'dstport_or_icmpcode_last': 1234,
'dst_ip_prefix_len': 32,
'dst_ip_addr': inet_pton(AF_INET, ip_non_tag_bridged)
})
acl = self.vapi.acl_add_replace(acl_index=4294967295, r=[rule_1])
#
# Apply the ACL on the output interface
#
self.vapi.acl_interface_set_acl_list(self.pg1.sw_if_index, 0,
[acl.acl_index])
#
# Send packet's that should match the ACL and be dropped
#
rx = self.send_and_assert_no_replies(self.pg2, pkt_tag_to_non_tag * 65)
#
# cleanup
#
self.vapi.acl_interface_set_acl_list(self.pg1.sw_if_index, 0, [])
self.vapi.acl_del(acl.acl_index)
self.vapi.sw_interface_set_l2_bridge(self.pg0.sw_if_index, 1, enable=0)
self.vapi.sw_interface_set_l2_bridge(self.pg1.sw_if_index, 1, enable=0)
self.vapi.sw_interface_set_l2_bridge(sub_if_on_pg2.sw_if_index,
1,
enable=0)
self.vapi.sw_interface_set_l2_bridge(sub_if_on_pg3.sw_if_index,
1,
enable=0)
self.vapi.sw_interface_set_l2_bridge(self.loop0.sw_if_index,
1,
bvi=1,
enable=0)
#
# Do a FIB dump to make sure the paths are correctly reported as DVR
#
routes = self.vapi.ip_fib_dump()
for r in routes:
if (inet_pton(AF_INET, ip_tag_bridged) == r.address):
self.assertEqual(r.path[0].sw_if_index,
sub_if_on_pg3.sw_if_index)
self.assertEqual(r.path[0].is_dvr, 1)
if (inet_pton(AF_INET, ip_non_tag_bridged) == r.address):
self.assertEqual(r.path[0].sw_if_index, self.pg1.sw_if_index)
self.assertEqual(r.path[0].is_dvr, 1)
#
# the explicit route delete is require so it happens before
# the sbu-interface delete. subinterface delete is required
# because that object type does not use the object registry
#
route_no_tag.remove_vpp_config()
route_with_tag.remove_vpp_config()
sub_if_on_pg3.remove_vpp_config()
sub_if_on_pg2.remove_vpp_config()
class TestFIFReassembly(VppTestCase):
""" Fragments in fragments reassembly """
@classmethod
def setUpClass(cls):
super(TestFIFReassembly, cls).setUpClass()
cls.create_pg_interfaces([0, 1])
cls.src_if = cls.pg0
cls.dst_if = cls.pg1
for i in cls.pg_interfaces:
i.admin_up()
i.config_ip4()
i.resolve_arp()
i.config_ip6()
i.resolve_ndp()
cls.packet_sizes = [64, 512, 1518, 9018]
cls.padding = " abcdefghijklmn"
@classmethod
def tearDownClass(cls):
super(TestFIFReassembly, cls).tearDownClass()
def setUp(self):
""" Test setup - force timeout on existing reassemblies """
super(TestFIFReassembly, self).setUp()
self.vapi.ip_reassembly_enable_disable(
sw_if_index=self.src_if.sw_if_index,
enable_ip4=True,
enable_ip6=True)
self.vapi.ip_reassembly_enable_disable(
sw_if_index=self.dst_if.sw_if_index,
enable_ip4=True,
enable_ip6=True)
self.vapi.ip_reassembly_set(timeout_ms=0,
max_reassemblies=1000,
expire_walk_interval_ms=10)
self.vapi.ip_reassembly_set(timeout_ms=0,
max_reassemblies=1000,
expire_walk_interval_ms=10,
is_ip6=1)
self.sleep(.25)
self.vapi.ip_reassembly_set(timeout_ms=1000000,
max_reassemblies=1000,
expire_walk_interval_ms=10000)
self.vapi.ip_reassembly_set(timeout_ms=1000000,
max_reassemblies=1000,
expire_walk_interval_ms=10000,
is_ip6=1)
def tearDown(self):
super(TestFIFReassembly, self).tearDown()
def show_commands_at_teardown(self):
self.logger.debug(self.vapi.ppcli("show ip4-reassembly details"))
self.logger.debug(self.vapi.ppcli("show ip6-reassembly details"))
self.logger.debug(self.vapi.ppcli("show buffers"))
def verify_capture(self, capture, ip_class, dropped_packet_indexes=[]):
"""Verify captured packet stream.
:param list capture: Captured packet stream.
"""
info = None
seen = set()
for packet in capture:
try:
self.logger.debug(ppp("Got packet:", packet))
ip = packet[ip_class]
udp = packet[UDP]
payload_info = self.payload_to_info(packet[Raw])
packet_index = payload_info.index
self.assertTrue(
packet_index not in dropped_packet_indexes,
ppp("Packet received, but should be dropped:", packet))
if packet_index in seen:
raise Exception(ppp("Duplicate packet received", packet))
seen.add(packet_index)
self.assertEqual(payload_info.dst, self.dst_if.sw_if_index)
info = self._packet_infos[packet_index]
self.assertTrue(info is not None)
self.assertEqual(packet_index, info.index)
saved_packet = info.data
self.assertEqual(ip.src, saved_packet[ip_class].src)
self.assertEqual(ip.dst, saved_packet[ip_class].dst)
self.assertEqual(udp.payload, saved_packet[UDP].payload)
except Exception:
self.logger.error(ppp("Unexpected or invalid packet:", packet))
raise
for index in self._packet_infos:
self.assertTrue(index in seen or index in dropped_packet_indexes,
"Packet with packet_index %d not received" % index)
def test_fif4(self):
""" Fragments in fragments (4o4) """
# TODO this should be ideally in setUpClass, but then we hit a bug
# with VppIpRoute incorrectly reporting it's present when it's not
# so we need to manually remove the vpp config, thus we cannot have
# it shared for multiple test cases
self.tun_ip4 = "1.1.1.2"
self.gre4 = VppGreInterface(self, self.src_if.local_ip4, self.tun_ip4)
self.gre4.add_vpp_config()
self.gre4.admin_up()
self.gre4.config_ip4()
self.vapi.ip_reassembly_enable_disable(
sw_if_index=self.gre4.sw_if_index, enable_ip4=True)
self.route4 = VppIpRoute(
self, self.tun_ip4, 32,
[VppRoutePath(self.src_if.remote_ip4, self.src_if.sw_if_index)])
self.route4.add_vpp_config()
self.reset_packet_infos()
for i in range(test_packet_count):
info = self.create_packet_info(self.src_if, self.dst_if)
payload = self.info_to_payload(info)
# Ethernet header here is only for size calculation, thus it
# doesn't matter how it's initialized. This is to ensure that
# reassembled packet is not > 9000 bytes, so that it's not dropped
p = (Ether() / IP(
id=i, src=self.src_if.remote_ip4, dst=self.dst_if.remote_ip4) /
UDP(sport=1234, dport=5678) / Raw(payload))
size = self.packet_sizes[(i // 2) % len(self.packet_sizes)]
self.extend_packet(p, size, self.padding)
info.data = p[IP] # use only IP part, without ethernet header
fragments = [
x for _, p in six.iteritems(self._packet_infos)
for x in fragment_rfc791(p.data, 400)
]
encapped_fragments = \
[Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) /
IP(src=self.tun_ip4, dst=self.src_if.local_ip4) /
GRE() /
p
for p in fragments]
fragmented_encapped_fragments = \
[x for p in encapped_fragments
for x in fragment_rfc791(p, 200)]
self.src_if.add_stream(fragmented_encapped_fragments)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
self.src_if.assert_nothing_captured()
packets = self.dst_if.get_capture(len(self._packet_infos))
self.verify_capture(packets, IP)
# TODO remove gre vpp config by hand until VppIpRoute gets fixed
# so that it's query_vpp_config() works as it should
self.gre4.remove_vpp_config()
self.logger.debug(self.vapi.ppcli("show interface"))
def test_fif6(self):
""" Fragments in fragments (6o6) """
# TODO this should be ideally in setUpClass, but then we hit a bug
# with VppIpRoute incorrectly reporting it's present when it's not
# so we need to manually remove the vpp config, thus we cannot have
# it shared for multiple test cases
self.tun_ip6 = "1002::1"
self.gre6 = VppGreInterface(self, self.src_if.local_ip6, self.tun_ip6)
self.gre6.add_vpp_config()
self.gre6.admin_up()
self.gre6.config_ip6()
self.vapi.ip_reassembly_enable_disable(
sw_if_index=self.gre6.sw_if_index, enable_ip6=True)
self.route6 = VppIpRoute(self,
self.tun_ip6,
128, [
VppRoutePath(self.src_if.remote_ip6,
self.src_if.sw_if_index,
proto=DpoProto.DPO_PROTO_IP6)
],
is_ip6=1)
self.route6.add_vpp_config()
self.reset_packet_infos()
for i in range(test_packet_count):
info = self.create_packet_info(self.src_if, self.dst_if)
payload = self.info_to_payload(info)
# Ethernet header here is only for size calculation, thus it
# doesn't matter how it's initialized. This is to ensure that
# reassembled packet is not > 9000 bytes, so that it's not dropped
p = (Ether() /
IPv6(src=self.src_if.remote_ip6, dst=self.dst_if.remote_ip6) /
UDP(sport=1234, dport=5678) / Raw(payload))
size = self.packet_sizes[(i // 2) % len(self.packet_sizes)]
self.extend_packet(p, size, self.padding)
info.data = p[IPv6] # use only IPv6 part, without ethernet header
fragments = [
x for _, i in six.iteritems(self._packet_infos)
for x in fragment_rfc8200(i.data, i.index, 400)
]
encapped_fragments = \
[Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) /
IPv6(src=self.tun_ip6, dst=self.src_if.local_ip6) /
GRE() /
p
for p in fragments]
fragmented_encapped_fragments = \
[x for p in encapped_fragments for x in (
fragment_rfc8200(
p,
2 * len(self._packet_infos) + p[IPv6ExtHdrFragment].id,
200)
if IPv6ExtHdrFragment in p else [p]
)
]
self.src_if.add_stream(fragmented_encapped_fragments)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
self.src_if.assert_nothing_captured()
packets = self.dst_if.get_capture(len(self._packet_infos))
self.verify_capture(packets, IPv6)
# TODO remove gre vpp config by hand until VppIpRoute gets fixed
# so that it's query_vpp_config() works as it should
self.gre6.remove_vpp_config()
def test_sr_mpls(self):
""" SR MPLS """
#
# A simple MPLS xconnect - neos label in label out
#
route_32_eos = VppMplsRoute(self, 32, 0,
[VppRoutePath(self.pg0.remote_ip4,
self.pg0.sw_if_index,
labels=[VppMplsLabel(32)])])
route_32_eos.add_vpp_config()
#
# A binding SID with only one label
#
self.vapi.sr_mpls_policy_add(999, 1, 0, [32])
#
# A labeled IP route that resolves thru the binding SID
#
ip_10_0_0_1 = VppIpRoute(self, "10.0.0.1", 32,
[VppRoutePath("0.0.0.0",
0xffffffff,
nh_via_label=999,
labels=[VppMplsLabel(55)])])
ip_10_0_0_1.add_vpp_config()
tx = self.create_stream_ip4(self.pg1, "10.0.0.1")
rx = self.send_and_expect(self.pg1, tx, self.pg0)
self.verify_capture_labelled_ip4(self.pg0, rx, tx,
[VppMplsLabel(32),
VppMplsLabel(55)])
#
# An unlabeled IP route that resolves thru the binding SID
#
ip_10_0_0_1 = VppIpRoute(self, "10.0.0.2", 32,
[VppRoutePath("0.0.0.0",
0xffffffff,
nh_via_label=999)])
ip_10_0_0_1.add_vpp_config()
tx = self.create_stream_ip4(self.pg1, "10.0.0.2")
rx = self.send_and_expect(self.pg1, tx, self.pg0)
self.verify_capture_labelled_ip4(self.pg0, rx, tx,
[VppMplsLabel(32)])
self.vapi.sr_mpls_policy_del(999)
#
# this time the SID has many labels pushed
#
self.vapi.sr_mpls_policy_add(999, 1, 0, [32, 33, 34])
tx = self.create_stream_ip4(self.pg1, "10.0.0.1")
rx = self.send_and_expect(self.pg1, tx, self.pg0)
self.verify_capture_labelled_ip4(self.pg0, rx, tx,
[VppMplsLabel(32),
VppMplsLabel(33),
VppMplsLabel(34),
VppMplsLabel(55)])
tx = self.create_stream_ip4(self.pg1, "10.0.0.2")
rx = self.send_and_expect(self.pg1, tx, self.pg0)
self.verify_capture_labelled_ip4(self.pg0, rx, tx,
[VppMplsLabel(32),
VppMplsLabel(33),
VppMplsLabel(34)])
#
# Resolve an MPLS tunnel via the SID
#
mpls_tun = VppMPLSTunnelInterface(
self,
[VppRoutePath("0.0.0.0",
0xffffffff,
nh_via_label=999,
labels=[VppMplsLabel(44),
VppMplsLabel(46)])])
mpls_tun.add_vpp_config()
mpls_tun.admin_up()
#
# add an unlabelled route through the new tunnel
#
route_10_0_0_3 = VppIpRoute(self, "10.0.0.3", 32,
[VppRoutePath("0.0.0.0",
mpls_tun._sw_if_index)])
route_10_0_0_3.add_vpp_config()
self.logger.info(self.vapi.cli("sh mpls tun 0"))
self.logger.info(self.vapi.cli("sh adj 21"))
tx = self.create_stream_ip4(self.pg1, "10.0.0.3")
rx = self.send_and_expect(self.pg1, tx, self.pg0)
self.verify_capture_tunneled_ip4(self.pg0, rx, tx,
[VppMplsLabel(32),
VppMplsLabel(33),
VppMplsLabel(34),
VppMplsLabel(44),
VppMplsLabel(46)])
#
# add a labelled route through the new tunnel
#
route_10_0_0_3 = VppIpRoute(self, "10.0.0.4", 32,
[VppRoutePath("0.0.0.0",
mpls_tun._sw_if_index,
labels=[VppMplsLabel(55)])])
route_10_0_0_3.add_vpp_config()
tx = self.create_stream_ip4(self.pg1, "10.0.0.4")
rx = self.send_and_expect(self.pg1, tx, self.pg0)
self.verify_capture_tunneled_ip4(self.pg0, rx, tx,
[VppMplsLabel(32),
VppMplsLabel(33),
VppMplsLabel(34),
VppMplsLabel(44),
VppMplsLabel(46),
VppMplsLabel(55)])
self.vapi.sr_mpls_policy_del(999)
def test_qos_vlan(self):
"""QoS mark/record VLAN """
#
# QoS for all input values
#
output = [scapy.compat.chb(0)] * 256
for i in range(0, 255):
output[i] = scapy.compat.chb(255 - i)
os = b''.join(output)
rows = [{'outputs': os},
{'outputs': os},
{'outputs': os},
{'outputs': os}]
self.vapi.qos_egress_map_update(1, rows)
sub_if = VppDot1QSubint(self, self.pg0, 11)
sub_if.admin_up()
sub_if.config_ip4()
sub_if.resolve_arp()
sub_if.config_ip6()
sub_if.resolve_ndp()
#
# enable VLAN QoS recording/marking on the input Pg0 subinterface and
#
self.vapi.qos_record_enable_disable(
sub_if.sw_if_index,
self.QOS_SOURCE.QOS_API_SOURCE_VLAN,
1)
self.vapi.qos_mark_enable_disable(sub_if.sw_if_index,
self.QOS_SOURCE.QOS_API_SOURCE_VLAN,
1,
1)
#
# IP marking/recording on pg1
#
self.vapi.qos_record_enable_disable(self.pg1.sw_if_index,
self.QOS_SOURCE.QOS_API_SOURCE_IP,
1)
self.vapi.qos_mark_enable_disable(self.pg1.sw_if_index,
self.QOS_SOURCE.QOS_API_SOURCE_IP,
1,
1)
#
# a routes to/from sub-interface
#
route_10_0_0_1 = VppIpRoute(self, "10.0.0.1", 32,
[VppRoutePath(sub_if.remote_ip4,
sub_if.sw_if_index)])
route_10_0_0_1.add_vpp_config()
route_10_0_0_2 = VppIpRoute(self, "10.0.0.2", 32,
[VppRoutePath(self.pg1.remote_ip4,
self.pg1.sw_if_index)])
route_10_0_0_2.add_vpp_config()
route_2001_1 = VppIpRoute(self, "2001::1", 128,
[VppRoutePath(sub_if.remote_ip6,
sub_if.sw_if_index)])
route_2001_1.add_vpp_config()
route_2001_2 = VppIpRoute(self, "2001::2", 128,
[VppRoutePath(self.pg1.remote_ip6,
self.pg1.sw_if_index)])
route_2001_2.add_vpp_config()
p_v1 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
Dot1Q(vlan=11, prio=1) /
IP(src="1.1.1.1", dst="10.0.0.2", tos=1) /
UDP(sport=1234, dport=1234) /
Raw(scapy.compat.chb(100) * NUM_PKTS))
p_v2 = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) /
IP(src="1.1.1.1", dst="10.0.0.1", tos=1) /
UDP(sport=1234, dport=1234) /
Raw(scapy.compat.chb(100) * NUM_PKTS))
rx = self.send_and_expect(self.pg1, p_v2 * NUM_PKTS, self.pg0)
for p in rx:
self.assertEqual(p[Dot1Q].prio, 6)
rx = self.send_and_expect(self.pg0, p_v1 * NUM_PKTS, self.pg1)
for p in rx:
self.assertEqual(p[IP].tos, 254)
p_v1 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
Dot1Q(vlan=11, prio=2) /
IPv6(src="2001::1", dst="2001::2", tc=1) /
UDP(sport=1234, dport=1234) /
Raw(scapy.compat.chb(100) * NUM_PKTS))
p_v2 = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) /
IPv6(src="3001::1", dst="2001::1", tc=1) /
UDP(sport=1234, dport=1234) /
Raw(scapy.compat.chb(100) * NUM_PKTS))
rx = self.send_and_expect(self.pg1, p_v2 * NUM_PKTS, self.pg0)
for p in rx:
self.assertEqual(p[Dot1Q].prio, 6)
rx = self.send_and_expect(self.pg0, p_v1 * NUM_PKTS, self.pg1)
for p in rx:
self.assertEqual(p[IPv6].tc, 253)
#
# cleanup
#
sub_if.unconfig_ip4()
sub_if.unconfig_ip6()
self.vapi.qos_record_enable_disable(
sub_if.sw_if_index,
self.QOS_SOURCE.QOS_API_SOURCE_VLAN,
0)
self.vapi.qos_mark_enable_disable(sub_if.sw_if_index,
self.QOS_SOURCE.QOS_API_SOURCE_VLAN,
1,
0)
self.vapi.qos_record_enable_disable(self.pg1.sw_if_index,
self.QOS_SOURCE.QOS_API_SOURCE_IP,
0)
self.vapi.qos_mark_enable_disable(self.pg1.sw_if_index,
self.QOS_SOURCE.QOS_API_SOURCE_IP,
1,
0)
def test_map_e_inner_frag(self):
""" MAP-E Inner fragmentation """
#
# Add a route to the MAP-BR
#
map_br_pfx = "2001::"
map_br_pfx_len = 32
map_route = VppIpRoute(
self, map_br_pfx, map_br_pfx_len,
[VppRoutePath(self.pg1.remote_ip6, self.pg1.sw_if_index)])
map_route.add_vpp_config()
#
# Add a domain that maps from pg0 to pg1
#
map_dst = '2001::/32'
map_src = '3000::1/128'
client_pfx = '192.168.0.0/16'
map_translated_addr = '2001:0:101:7000:0:c0a8:101:7'
tag = 'MAP-E tag.'
self.vapi.map_add_domain(ip4_prefix=client_pfx,
ip6_prefix=map_dst,
ip6_src=map_src,
ea_bits_len=20,
psid_offset=4,
psid_length=4,
mtu=1000,
tag=tag)
# Enable MAP on interface.
self.vapi.map_if_enable_disable(is_enable=1,
sw_if_index=self.pg0.sw_if_index,
is_translation=0)
# Enable inner fragmentation
self.vapi.map_param_set_fragmentation(inner=1)
v4 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(src=self.pg0.remote_ip4, dst='192.168.1.1') /
UDP(sport=20000, dport=10000) / Raw(b'\xa5' * 1300))
self.pg_send(self.pg0, v4 * 1)
rx = self.pg1.get_capture(2)
frags = fragment_rfc791(v4[1], 1000)
frags[0].id = 0
frags[1].id = 0
frags[0].ttl -= 1
frags[1].ttl -= 1
frags[0].chksum = 0
frags[1].chksum = 0
v6_reply1 = (IPv6(src='3000::1', dst=map_translated_addr, hlim=63) /
frags[0])
v6_reply2 = (IPv6(src='3000::1', dst=map_translated_addr, hlim=63) /
frags[1])
rx[0][1].fl = 0
rx[1][1].fl = 0
rx[0][1][IP].id = 0
rx[1][1][IP].id = 0
rx[0][1][IP].chksum = 0
rx[1][1][IP].chksum = 0
self.validate(rx[0][1], v6_reply1)
self.validate(rx[1][1], v6_reply2)
def test_map_t(self):
""" MAP-T """
#
# Add a domain that maps from pg0 to pg1
#
map_dst = '2001:db8::/32'
map_src = '1234:5678:90ab:cdef::/64'
ip4_pfx = '192.168.0.0/24'
self.vapi.map_add_domain(map_dst, ip4_pfx, map_src,
16, 6, 4, mtu=1500)
# Enable MAP-T on interfaces.
self.vapi.map_if_enable_disable(is_enable=1,
sw_if_index=self.pg0.sw_if_index,
is_translation=1)
self.vapi.map_if_enable_disable(is_enable=1,
sw_if_index=self.pg1.sw_if_index,
is_translation=1)
# Ensure MAP doesn't steal all packets!
v4 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(src=self.pg0.remote_ip4, dst=self.pg0.remote_ip4) /
UDP(sport=20000, dport=10000) /
Raw('\xa5' * 100))
rx = self.send_and_expect(self.pg0, v4*1, self.pg0)
v4_reply = v4[1]
v4_reply.ttl -= 1
for p in rx:
self.validate(p[1], v4_reply)
# Ensure MAP doesn't steal all packets
v6 = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
IPv6(src=self.pg1.remote_ip6, dst=self.pg1.remote_ip6) /
UDP(sport=20000, dport=10000) /
Raw('\xa5' * 100))
rx = self.send_and_expect(self.pg1, v6*1, self.pg1)
v6_reply = v6[1]
v6_reply.hlim -= 1
for p in rx:
self.validate(p[1], v6_reply)
map_route = VppIpRoute(self,
"2001:db8::",
32,
[VppRoutePath(self.pg1.remote_ip6,
self.pg1.sw_if_index,
proto=DpoProto.DPO_PROTO_IP6)],
is_ip6=1)
map_route.add_vpp_config()
#
# Send a v4 packet that will be translated
#
p_ether = Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac)
p_ip4 = IP(src=self.pg0.remote_ip4, dst='192.168.0.1')
payload = TCP(sport=0xabcd, dport=0xabcd)
p4 = (p_ether / p_ip4 / payload)
p6_translated = (IPv6(src="1234:5678:90ab:cdef:ac:1001:200:0",
dst="2001:db8:1f0::c0a8:1:f") / payload)
p6_translated.hlim -= 1
rx = self.send_and_expect(self.pg0, p4*1, self.pg1)
for p in rx:
self.validate(p[1], p6_translated)
# Send back an IPv6 packet that will be "untranslated"
p_ether6 = Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac)
p_ip6 = IPv6(src='2001:db8:1f0::c0a8:1:f',
dst='1234:5678:90ab:cdef:ac:1001:200:0')
p6 = (p_ether6 / p_ip6 / payload)
p4_translated = (IP(src='192.168.0.1',
dst=self.pg0.remote_ip4) / payload)
p4_translated.id = 0
p4_translated.ttl -= 1
rx = self.send_and_expect(self.pg1, p6*1, self.pg0)
for p in rx:
self.validate(p[1], p4_translated)
# IPv4 TTL
ip4_ttl_expired = IP(src=self.pg0.remote_ip4, dst='192.168.0.1', ttl=0)
p4 = (p_ether / ip4_ttl_expired / payload)
icmp4_reply = (IP(id=0, ttl=254, src=self.pg0.local_ip4,
dst=self.pg0.remote_ip4) /
ICMP(type='time-exceeded',
code='ttl-zero-during-transit') /
IP(src=self.pg0.remote_ip4,
dst='192.168.0.1', ttl=0) / payload)
rx = self.send_and_expect(self.pg0, p4*1, self.pg0)
for p in rx:
self.validate(p[1], icmp4_reply)
'''
This one is broken, cause it would require hairpinning...
# IPv4 TTL TTL1
ip4_ttl_expired = IP(src=self.pg0.remote_ip4, dst='192.168.0.1', ttl=1)
p4 = (p_ether / ip4_ttl_expired / payload)
icmp4_reply = IP(id=0, ttl=254, src=self.pg0.local_ip4,
dst=self.pg0.remote_ip4) / \
ICMP(type='time-exceeded', code='ttl-zero-during-transit' ) / \
IP(src=self.pg0.remote_ip4, dst='192.168.0.1', ttl=0) / payload
rx = self.send_and_expect(self.pg0, p4*1, self.pg0)
for p in rx:
self.validate(p[1], icmp4_reply)
'''
# IPv6 Hop limit
ip6_hlim_expired = IPv6(hlim=0, src='2001:db8:1ab::c0a8:1:ab',
dst='1234:5678:90ab:cdef:ac:1001:200:0')
p6 = (p_ether6 / ip6_hlim_expired / payload)
icmp6_reply = (IPv6(hlim=255, src=self.pg1.local_ip6,
dst="2001:db8:1ab::c0a8:1:ab") /
ICMPv6TimeExceeded(code=0) /
IPv6(src="2001:db8:1ab::c0a8:1:ab",
dst='1234:5678:90ab:cdef:ac:1001:200:0',
hlim=0) / payload)
rx = self.send_and_expect(self.pg1, p6*1, self.pg1)
for p in rx:
self.validate(p[1], icmp6_reply)
# IPv4 Well-known port
p_ip4 = IP(src=self.pg0.remote_ip4, dst='192.168.0.1')
payload = UDP(sport=200, dport=200)
p4 = (p_ether / p_ip4 / payload)
self.send_and_assert_no_replies(self.pg0, p4*1)
# IPv6 Well-known port
payload = UDP(sport=200, dport=200)
p6 = (p_ether6 / p_ip6 / payload)
self.send_and_assert_no_replies(self.pg1, p6*1)
# Packet fragmentation
payload = UDP(sport=40000, dport=4000) / self.payload(1453)
p4 = (p_ether / p_ip4 / payload)
self.pg_enable_capture()
self.pg0.add_stream(p4)
self.pg_start()
rx = self.pg1.get_capture(2)
for p in rx:
pass
# TODO: Manual validation
# self.validate(p[1], icmp4_reply)
# Packet fragmentation send fragments
payload = UDP(sport=40000, dport=4000) / self.payload(1453)
p4 = (p_ether / p_ip4 / payload)
frags = fragment(p4, fragsize=1000)
self.pg_enable_capture()
self.pg0.add_stream(frags)
self.pg_start()
rx = self.pg1.get_capture(2)
for p in rx:
pass
# p.show2()
# reass_pkt = reassemble(rx)
# p4_reply.ttl -= 1
# p4_reply.id = 256
# self.validate(reass_pkt, p4_reply)
# TCP MSS clamping
self.vapi.map_param_set_tcp(1300)
#
# Send a v4 TCP SYN packet that will be translated and MSS clamped
#
p_ether = Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac)
p_ip4 = IP(src=self.pg0.remote_ip4, dst='192.168.0.1')
payload = TCP(sport=0xabcd, dport=0xabcd, flags="S",
options=[('MSS', 1460)])
p4 = (p_ether / p_ip4 / payload)
p6_translated = (IPv6(src="1234:5678:90ab:cdef:ac:1001:200:0",
dst="2001:db8:1f0::c0a8:1:f") / payload)
p6_translated.hlim -= 1
p6_translated[TCP].options = [('MSS', 1300)]
rx = self.send_and_expect(self.pg0, p4*1, self.pg1)
for p in rx:
self.validate(p[1], p6_translated)
# Send back an IPv6 packet that will be "untranslated"
p_ether6 = Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac)
p_ip6 = IPv6(src='2001:db8:1f0::c0a8:1:f',
dst='1234:5678:90ab:cdef:ac:1001:200:0')
p6 = (p_ether6 / p_ip6 / payload)
p4_translated = (IP(src='192.168.0.1',
dst=self.pg0.remote_ip4) / payload)
p4_translated.id = 0
p4_translated.ttl -= 1
p4_translated[TCP].options = [('MSS', 1300)]
rx = self.send_and_expect(self.pg1, p6*1, self.pg0)
for p in rx:
self.validate(p[1], p4_translated)
def test_map_e(self):
""" MAP-E """
#
# Add a route to the MAP-BR
#
map_br_pfx = "2001::"
map_br_pfx_len = 32
map_route = VppIpRoute(
self, map_br_pfx, map_br_pfx_len,
[VppRoutePath(self.pg1.remote_ip6, self.pg1.sw_if_index)])
map_route.add_vpp_config()
#
# Add a domain that maps from pg0 to pg1
#
map_dst = '2001::/32'
map_src = '3000::1/128'
client_pfx = '192.168.0.0/16'
map_translated_addr = '2001:0:101:7000:0:c0a8:101:7'
tag = 'MAP-E tag.'
self.vapi.map_add_domain(ip4_prefix=client_pfx,
ip6_prefix=map_dst,
ip6_src=map_src,
ea_bits_len=20,
psid_offset=4,
psid_length=4,
tag=tag)
self.vapi.map_param_set_security_check(enable=1, fragments=1)
# Enable MAP on interface.
self.vapi.map_if_enable_disable(is_enable=1,
sw_if_index=self.pg0.sw_if_index,
is_translation=0)
# Ensure MAP doesn't steal all packets!
v4 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(src=self.pg0.remote_ip4, dst=self.pg0.remote_ip4) /
UDP(sport=20000, dport=10000) / Raw(b'\xa5' * 100))
rx = self.send_and_expect(self.pg0, v4 * 1, self.pg0)
v4_reply = v4[1]
v4_reply.ttl -= 1
for p in rx:
self.validate(p[1], v4_reply)
#
# Fire in a v4 packet that will be encapped to the BR
#
v4 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(src=self.pg0.remote_ip4, dst='192.168.1.1') /
UDP(sport=20000, dport=10000) / Raw(b'\xa5' * 100))
self.send_and_assert_encapped_one(v4, "3000::1", map_translated_addr)
#
# Verify reordered fragments are able to pass as well
#
v4 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(id=1, src=self.pg0.remote_ip4, dst='192.168.1.1') /
UDP(sport=20000, dport=10000) / Raw(b'\xa5' * 1000))
frags = fragment_rfc791(v4, 400)
frags.reverse()
self.send_and_assert_encapped(frags, "3000::1", map_translated_addr)
# Enable MAP on interface.
self.vapi.map_if_enable_disable(is_enable=1,
sw_if_index=self.pg1.sw_if_index,
is_translation=0)
# Ensure MAP doesn't steal all packets
v6 = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
IPv6(src=self.pg1.remote_ip6, dst=self.pg1.remote_ip6) /
UDP(sport=20000, dport=10000) / Raw(b'\xa5' * 100))
rx = self.send_and_expect(self.pg1, v6 * 1, self.pg1)
v6_reply = v6[1]
v6_reply.hlim -= 1
for p in rx:
self.validate(p[1], v6_reply)
#
# Fire in a V6 encapped packet.
# expect a decapped packet on the inside ip4 link
#
p = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
IPv6(dst='3000::1', src=map_translated_addr) /
IP(dst=self.pg0.remote_ip4, src='192.168.1.1') /
UDP(sport=10000, dport=20000) / Raw(b'\xa5' * 100))
self.pg1.add_stream(p)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx = self.pg0.get_capture(1)
rx = rx[0]
self.assertFalse(rx.haslayer(IPv6))
self.assertEqual(rx[IP].src, p[IP].src)
self.assertEqual(rx[IP].dst, p[IP].dst)
#
# Verify encapped reordered fragments pass as well
#
p = (IP(id=1, dst=self.pg0.remote_ip4, src='192.168.1.1') /
UDP(sport=10000, dport=20000) / Raw(b'\xa5' * 1500))
frags = fragment_rfc791(p, 400)
frags.reverse()
stream = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
IPv6(dst='3000::1', src=map_translated_addr) / x
for x in frags)
self.pg1.add_stream(stream)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx = self.pg0.get_capture(len(frags))
for r in rx:
self.assertFalse(r.haslayer(IPv6))
self.assertEqual(r[IP].src, p[IP].src)
self.assertEqual(r[IP].dst, p[IP].dst)
# Verify that fragments pass even if ipv6 layer is fragmented
stream = (IPv6(dst='3000::1', src=map_translated_addr) / x
for x in frags)
v6_stream = [
Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) / x
for i in range(len(frags)) for x in fragment_rfc8200(
IPv6(dst='3000::1', src=map_translated_addr) /
frags[i], i, 200)
]
self.pg1.add_stream(v6_stream)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx = self.pg0.get_capture(len(frags))
for r in rx:
self.assertFalse(r.haslayer(IPv6))
self.assertEqual(r[IP].src, p[IP].src)
self.assertEqual(r[IP].dst, p[IP].dst)
#
# Pre-resolve. No API for this!!
#
self.vapi.ppcli("map params pre-resolve ip6-nh 4001::1")
self.send_and_assert_no_replies(self.pg0, v4,
"resolved via default route")
#
# Add a route to 4001::1. Expect the encapped traffic to be
# sent via that routes next-hop
#
pre_res_route = VppIpRoute(
self, "4001::1", 128,
[VppRoutePath(self.pg1.remote_hosts[2].ip6, self.pg1.sw_if_index)])
pre_res_route.add_vpp_config()
self.send_and_assert_encapped_one(v4,
"3000::1",
map_translated_addr,
dmac=self.pg1.remote_hosts[2].mac)
#
# change the route to the pre-solved next-hop
#
pre_res_route.modify(
[VppRoutePath(self.pg1.remote_hosts[3].ip6, self.pg1.sw_if_index)])
pre_res_route.add_vpp_config()
self.send_and_assert_encapped_one(v4,
"3000::1",
map_translated_addr,
dmac=self.pg1.remote_hosts[3].mac)
#
# cleanup. The test infra's object registry will ensure
# the route is really gone and thus that the unresolve worked.
#
pre_res_route.remove_vpp_config()
self.vapi.ppcli("map params pre-resolve del ip6-nh 4001::1")
def test_punt(self):
"""Exception Path testing"""
#
# dump the punt registered reasons
# search for a few we know should be there
#
rs = self.vapi.punt_reason_dump()
reasons = [
"ipsec6-no-such-tunnel",
"ipsec4-no-such-tunnel",
"ipsec4-spi-o-udp-0",
]
for reason in reasons:
found = False
for r in rs:
if r.reason.name == reason:
found = True
break
self.assertTrue(found)
#
# Using the test CLI we will hook in a exception path to
# send ACL deny packets out of pg0 and pg1.
# the ACL is src,dst = 1.1.1.1,1.1.1.2
#
ip_1_1_1_2 = VppIpRoute(
self,
"1.1.1.2",
32,
[VppRoutePath(self.pg3.remote_ip4, self.pg3.sw_if_index)],
)
ip_1_1_1_2.add_vpp_config()
ip_1_2 = VppIpRoute(
self,
"1::2",
128,
[
VppRoutePath(
self.pg3.remote_ip6,
self.pg3.sw_if_index,
proto=DpoProto.DPO_PROTO_IP6,
)
],
)
ip_1_2.add_vpp_config()
p4 = (Ether(src=self.pg2.remote_mac, dst=self.pg2.local_mac) /
IP(src="1.1.1.1", dst="1.1.1.2") / UDP(sport=1234, dport=1234) /
Raw(b"\xa5" * 100))
p6 = (Ether(src=self.pg2.remote_mac, dst=self.pg2.local_mac) /
IPv6(src="1::1", dst="1::2") / UDP(sport=1234, dport=1234) /
Raw(b"\xa5" * 100))
self.send_and_expect(self.pg2, p4 * 1, self.pg3)
self.send_and_expect(self.pg2, p6 * 1, self.pg3)
#
# apply the punting features
#
self.vapi.cli("test punt pg2")
#
# dump the punt reasons to learn the IDs assigned
#
rs = self.vapi.punt_reason_dump(reason={"name": "reason-v4"})
r4 = rs[0].reason.id
rs = self.vapi.punt_reason_dump(reason={"name": "reason-v6"})
r6 = rs[0].reason.id
#
# pkts now dropped
#
self.send_and_assert_no_replies(self.pg2, p4 * NUM_PKTS)
self.send_and_assert_no_replies(self.pg2, p6 * NUM_PKTS)
#
# Check state:
# 1 - node error counters
# 2 - per-reason counters
# 2, 3 are the index of the assigned punt reason
#
stats = self.statistics.get_err_counter(
"/err/punt-dispatch/No registrations")
self.assertEqual(stats, 2 * NUM_PKTS)
stats = self.statistics.get_counter("/net/punt")
self.assertEqual(stats[0][r4]["packets"], NUM_PKTS)
self.assertEqual(stats[0][r6]["packets"], NUM_PKTS)
#
# use the test CLI to test a client that punts exception
# packets out of pg0
#
self.vapi.cli("test punt pg0 %s" % self.pg0.remote_ip4)
self.vapi.cli("test punt pg0 %s" % self.pg0.remote_ip6)
rx4s = self.send_and_expect(self.pg2, p4 * NUM_PKTS, self.pg0)
rx6s = self.send_and_expect(self.pg2, p6 * NUM_PKTS, self.pg0)
#
# check the packets come out IP unmodified but destined to pg0 host
#
for rx in rx4s:
self.assertEqual(rx[Ether].dst, self.pg0.remote_mac)
self.assertEqual(rx[Ether].src, self.pg0.local_mac)
self.assertEqual(p4[IP].dst, rx[IP].dst)
self.assertEqual(p4[IP].ttl, rx[IP].ttl)
for rx in rx6s:
self.assertEqual(rx[Ether].dst, self.pg0.remote_mac)
self.assertEqual(rx[Ether].src, self.pg0.local_mac)
self.assertEqual(p6[IPv6].dst, rx[IPv6].dst)
self.assertEqual(p6[IPv6].hlim, rx[IPv6].hlim)
stats = self.statistics.get_counter("/net/punt")
self.assertEqual(stats[0][r4]["packets"], 2 * NUM_PKTS)
self.assertEqual(stats[0][r6]["packets"], 2 * NUM_PKTS)
#
# add another registration for the same reason to send packets
# out of pg1
#
self.vapi.cli("test punt pg1 %s" % self.pg1.remote_ip4)
self.vapi.cli("test punt pg1 %s" % self.pg1.remote_ip6)
self.vapi.cli("clear trace")
self.pg2.add_stream(p4 * NUM_PKTS)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rxd = self.pg0.get_capture(NUM_PKTS)
for rx in rxd:
self.assertEqual(rx[Ether].dst, self.pg0.remote_mac)
self.assertEqual(rx[Ether].src, self.pg0.local_mac)
self.assertEqual(p4[IP].dst, rx[IP].dst)
self.assertEqual(p4[IP].ttl, rx[IP].ttl)
rxd = self.pg1.get_capture(NUM_PKTS)
for rx in rxd:
self.assertEqual(rx[Ether].dst, self.pg1.remote_mac)
self.assertEqual(rx[Ether].src, self.pg1.local_mac)
self.assertEqual(p4[IP].dst, rx[IP].dst)
self.assertEqual(p4[IP].ttl, rx[IP].ttl)
self.vapi.cli("clear trace")
self.pg2.add_stream(p6 * NUM_PKTS)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rxd = self.pg0.get_capture(NUM_PKTS)
for rx in rxd:
self.assertEqual(rx[Ether].dst, self.pg0.remote_mac)
self.assertEqual(rx[Ether].src, self.pg0.local_mac)
self.assertEqual(p6[IPv6].dst, rx[IPv6].dst)
self.assertEqual(p6[IPv6].hlim, rx[IPv6].hlim)
rxd = self.pg1.get_capture(NUM_PKTS)
for rx in rxd:
self.assertEqual(rx[Ether].dst, self.pg1.remote_mac)
self.assertEqual(rx[Ether].src, self.pg1.local_mac)
self.assertEqual(p6[IPv6].dst, rx[IPv6].dst)
self.assertEqual(p6[IPv6].hlim, rx[IPv6].hlim)
stats = self.statistics.get_counter("/net/punt")
self.assertEqual(stats[0][r4]["packets"], 3 * NUM_PKTS)
self.assertEqual(stats[0][r6]["packets"], 3 * NUM_PKTS)
self.logger.info(self.vapi.cli("show vlib graph punt-dispatch"))
self.logger.info(self.vapi.cli("show punt client"))
self.logger.info(self.vapi.cli("show punt reason"))
self.logger.info(self.vapi.cli("show punt stats"))
self.logger.info(self.vapi.cli("show punt db"))
def test_bier_head_o_udp(self):
"""BIER head over UDP"""
#
# Add a BIER table for sub-domain 1, set 0, and BSL 256
#
bti = VppBierTableID(1, 0, BIERLength.BIER_LEN_256)
bt = VppBierTable(self, bti, 77)
bt.add_vpp_config()
#
# 1 bit positions via 1 next hops
#
nh1 = "10.0.0.1"
ip_route = VppIpRoute(self, nh1, 32,
[VppRoutePath(self.pg1.remote_ip4,
self.pg1.sw_if_index,
labels=[VppMplsLabel(2001)])])
ip_route.add_vpp_config()
udp_encap = VppUdpEncap(self,
self.pg0.local_ip4,
nh1,
330, 8138)
udp_encap.add_vpp_config()
bier_route = VppBierRoute(
self, bti, 1,
[VppRoutePath("0.0.0.0",
0xFFFFFFFF,
is_udp_encap=1,
next_hop_id=udp_encap.id)])
bier_route.add_vpp_config()
#
# An 2 imposition objects with all bit-positions set
# only use the second, but creating 2 tests with a non-zero
# value index in the route add
#
bi = VppBierImp(self, bti, 333, scapy.compat.chb(0xff) * 32)
bi.add_vpp_config()
bi2 = VppBierImp(self, bti, 334, scapy.compat.chb(0xff) * 32)
bi2.add_vpp_config()
#
# Add a multicast route that will forward into the BIER doamin
#
route_ing_232_1_1_1 = VppIpMRoute(
self,
"0.0.0.0",
"232.1.1.1", 32,
MRouteEntryFlags.MFIB_ENTRY_FLAG_NONE,
paths=[VppMRoutePath(self.pg0.sw_if_index,
MRouteItfFlags.MFIB_ITF_FLAG_ACCEPT),
VppMRoutePath(0xffffffff,
MRouteItfFlags.MFIB_ITF_FLAG_FORWARD,
proto=DpoProto.DPO_PROTO_BIER,
bier_imp=bi2.bi_index)])
route_ing_232_1_1_1.add_vpp_config()
#
# inject a packet an IP. We expect it to be BIER and UDP encapped,
#
p = (Ether(dst=self.pg0.local_mac,
src=self.pg0.remote_mac) /
IP(src="1.1.1.1", dst="232.1.1.1") /
UDP(sport=1234, dport=1234))
self.pg0.add_stream([p])
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx = self.pg1.get_capture(1)
#
# Encap Stack is, eth, IP, UDP, BIFT, BIER
#
self.assertEqual(rx[0][IP].src, self.pg0.local_ip4)
self.assertEqual(rx[0][IP].dst, nh1)
self.assertEqual(rx[0][UDP].sport, 330)
self.assertEqual(rx[0][UDP].dport, 8138)
self.assertEqual(rx[0][BIFT].bsl, BIERLength.BIER_LEN_256)
self.assertEqual(rx[0][BIFT].sd, 1)
self.assertEqual(rx[0][BIFT].set, 0)
self.assertEqual(rx[0][BIFT].ttl, 64)
self.assertEqual(rx[0][BIER].length, 2)
def test_map_e_tcp_mss(self):
""" MAP-E TCP MSS"""
#
# Add a route to the MAP-BR
#
map_br_pfx = "2001::"
map_br_pfx_len = 32
map_route = VppIpRoute(
self, map_br_pfx, map_br_pfx_len,
[VppRoutePath(self.pg1.remote_ip6, self.pg1.sw_if_index)])
map_route.add_vpp_config()
#
# Add a domain that maps from pg0 to pg1
#
map_dst = '2001::/32'
map_src = '3000::1/128'
client_pfx = '192.168.0.0/16'
map_translated_addr = '2001:0:101:5000:0:c0a8:101:5'
tag = 'MAP-E TCP tag.'
self.vapi.map_add_domain(ip4_prefix=client_pfx,
ip6_prefix=map_dst,
ip6_src=map_src,
ea_bits_len=20,
psid_offset=4,
psid_length=4,
tag=tag)
# Enable MAP on pg0 interface.
self.vapi.map_if_enable_disable(is_enable=1,
sw_if_index=self.pg0.sw_if_index,
is_translation=0)
# Enable MAP on pg1 interface.
self.vapi.map_if_enable_disable(is_enable=1,
sw_if_index=self.pg1.sw_if_index,
is_translation=0)
# TCP MSS clamping
mss_clamp = 1300
self.vapi.map_param_set_tcp(mss_clamp)
#
# Send a v4 packet that will be encapped.
#
p_ether = Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac)
p_ip4 = IP(src=self.pg0.remote_ip4, dst='192.168.1.1')
p_tcp = TCP(sport=20000,
dport=30000,
flags="S",
options=[("MSS", 1455)])
p4 = p_ether / p_ip4 / p_tcp
self.pg1.add_stream(p4)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx = self.pg1.get_capture(1)
rx = rx[0]
self.assertTrue(rx.haslayer(IPv6))
self.assertEqual(rx[IP].src, p4[IP].src)
self.assertEqual(rx[IP].dst, p4[IP].dst)
self.assertEqual(rx[IPv6].src, "3000::1")
self.assertEqual(rx[TCP].options,
TCP(options=[('MSS', mss_clamp)]).options)
def test_arp(self):
""" ARP """
#
# Generate some hosts on the LAN
#
self.pg1.generate_remote_hosts(11)
#
# Send IP traffic to one of these unresolved hosts.
# expect the generation of an ARP request
#
p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(src=self.pg0.remote_ip4, dst=self.pg1._remote_hosts[1].ip4) /
UDP(sport=1234, dport=1234) / Raw())
self.pg0.add_stream(p)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx = self.pg1.get_capture(1)
self.verify_arp_req(rx[0], self.pg1.local_mac, self.pg1.local_ip4,
self.pg1._remote_hosts[1].ip4)
#
# And a dynamic ARP entry for host 1
#
dyn_arp = VppNeighbor(self, self.pg1.sw_if_index,
self.pg1.remote_hosts[1].mac,
self.pg1.remote_hosts[1].ip4)
dyn_arp.add_vpp_config()
#
# now we expect IP traffic forwarded
#
dyn_p = (
Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(src=self.pg0.remote_ip4, dst=self.pg1._remote_hosts[1].ip4) /
UDP(sport=1234, dport=1234) / Raw())
self.pg0.add_stream(dyn_p)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx = self.pg1.get_capture(1)
self.verify_ip(rx[0], self.pg1.local_mac, self.pg1.remote_hosts[1].mac,
self.pg0.remote_ip4, self.pg1._remote_hosts[1].ip4)
#
# And a Static ARP entry for host 2
#
static_arp = VppNeighbor(self,
self.pg1.sw_if_index,
self.pg1.remote_hosts[2].mac,
self.pg1.remote_hosts[2].ip4,
is_static=1)
static_arp.add_vpp_config()
static_p = (
Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(src=self.pg0.remote_ip4, dst=self.pg1._remote_hosts[2].ip4) /
UDP(sport=1234, dport=1234) / Raw())
self.pg0.add_stream(static_p)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx = self.pg1.get_capture(1)
self.verify_ip(rx[0], self.pg1.local_mac, self.pg1.remote_hosts[2].mac,
self.pg0.remote_ip4, self.pg1._remote_hosts[2].ip4)
#
# flap the link. dynamic ARPs get flush, statics don't
#
self.pg1.admin_down()
self.pg1.admin_up()
self.pg0.add_stream(static_p)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx = self.pg1.get_capture(1)
self.verify_ip(rx[0], self.pg1.local_mac, self.pg1.remote_hosts[2].mac,
self.pg0.remote_ip4, self.pg1._remote_hosts[2].ip4)
self.pg0.add_stream(dyn_p)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx = self.pg1.get_capture(1)
self.verify_arp_req(rx[0], self.pg1.local_mac, self.pg1.local_ip4,
self.pg1._remote_hosts[1].ip4)
#
# Send an ARP request from one of the so-far unlearned remote hosts
#
p = (
Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg1._remote_hosts[3].mac) /
ARP(op="who-has",
hwsrc=self.pg1._remote_hosts[3].mac,
pdst=self.pg1.local_ip4,
psrc=self.pg1._remote_hosts[3].ip4))
self.pg1.add_stream(p)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx = self.pg1.get_capture(1)
self.verify_arp_resp(rx[0], self.pg1.local_mac,
self.pg1._remote_hosts[3].mac, self.pg1.local_ip4,
self.pg1._remote_hosts[3].ip4)
#
# VPP should have learned the mapping for the remote host
#
self.assertTrue(
find_nbr(self, self.pg1.sw_if_index,
self.pg1._remote_hosts[3].ip4))
#
# Fire in an ARP request before the interface becomes IP enabled
#
self.pg2.generate_remote_hosts(4)
p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg2.remote_mac) /
ARP(op="who-has",
hwsrc=self.pg2.remote_mac,
pdst=self.pg1.local_ip4,
psrc=self.pg2.remote_hosts[3].ip4))
pt = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg2.remote_mac) /
Dot1Q(vlan=0) / ARP(op="who-has",
hwsrc=self.pg2.remote_mac,
pdst=self.pg1.local_ip4,
psrc=self.pg2.remote_hosts[3].ip4))
self.send_and_assert_no_replies(self.pg2, p,
"interface not IP enabled")
#
# Make pg2 un-numbered to pg1
#
self.pg2.set_unnumbered(self.pg1.sw_if_index)
#
# We should respond to ARP requests for the unnumbered to address
# once an attached route to the source is known
#
self.send_and_assert_no_replies(
self.pg2, p, "ARP req for unnumbered address - no source")
attached_host = VppIpRoute(
self, self.pg2.remote_hosts[3].ip4, 32,
[VppRoutePath("0.0.0.0", self.pg2.sw_if_index)])
attached_host.add_vpp_config()
self.pg2.add_stream(p)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx = self.pg2.get_capture(1)
self.verify_arp_resp(rx[0], self.pg2.local_mac, self.pg2.remote_mac,
self.pg1.local_ip4, self.pg2.remote_hosts[3].ip4)
self.pg2.add_stream(pt)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx = self.pg2.get_capture(1)
self.verify_arp_resp(rx[0], self.pg2.local_mac, self.pg2.remote_mac,
self.pg1.local_ip4, self.pg2.remote_hosts[3].ip4)
#
# A neighbor entry that has no associated FIB-entry
#
arp_no_fib = VppNeighbor(self,
self.pg1.sw_if_index,
self.pg1.remote_hosts[4].mac,
self.pg1.remote_hosts[4].ip4,
is_no_fib_entry=1)
arp_no_fib.add_vpp_config()
#
# check we have the neighbor, but no route
#
self.assertTrue(
find_nbr(self, self.pg1.sw_if_index,
self.pg1._remote_hosts[4].ip4))
self.assertFalse(find_route(self, self.pg1._remote_hosts[4].ip4, 32))
#
# pg2 is unnumbered to pg1, so we can form adjacencies out of pg2
# from within pg1's subnet
#
arp_unnum = VppNeighbor(self, self.pg2.sw_if_index,
self.pg1.remote_hosts[5].mac,
self.pg1.remote_hosts[5].ip4)
arp_unnum.add_vpp_config()
p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(src=self.pg0.remote_ip4, dst=self.pg1._remote_hosts[5].ip4) /
UDP(sport=1234, dport=1234) / Raw())
self.pg0.add_stream(p)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx = self.pg2.get_capture(1)
self.verify_ip(rx[0], self.pg2.local_mac, self.pg1.remote_hosts[5].mac,
self.pg0.remote_ip4, self.pg1._remote_hosts[5].ip4)
#
# ARP requests from hosts in pg1's subnet sent on pg2 are replied to
# with the unnumbered interface's address as the source
#
p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg2.remote_mac) /
ARP(op="who-has",
hwsrc=self.pg2.remote_mac,
pdst=self.pg1.local_ip4,
psrc=self.pg1.remote_hosts[6].ip4))
self.pg2.add_stream(p)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx = self.pg2.get_capture(1)
self.verify_arp_resp(rx[0], self.pg2.local_mac, self.pg2.remote_mac,
self.pg1.local_ip4, self.pg1.remote_hosts[6].ip4)
#
# An attached host route out of pg2 for an undiscovered hosts generates
# an ARP request with the unnumbered address as the source
#
att_unnum = VppIpRoute(self, self.pg1.remote_hosts[7].ip4, 32,
[VppRoutePath("0.0.0.0", self.pg2.sw_if_index)])
att_unnum.add_vpp_config()
p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(src=self.pg0.remote_ip4, dst=self.pg1._remote_hosts[7].ip4) /
UDP(sport=1234, dport=1234) / Raw())
self.pg0.add_stream(p)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx = self.pg2.get_capture(1)
self.verify_arp_req(rx[0], self.pg2.local_mac, self.pg1.local_ip4,
self.pg1._remote_hosts[7].ip4)
p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg2.remote_mac) /
ARP(op="who-has",
hwsrc=self.pg2.remote_mac,
pdst=self.pg1.local_ip4,
psrc=self.pg1.remote_hosts[7].ip4))
self.pg2.add_stream(p)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx = self.pg2.get_capture(1)
self.verify_arp_resp(rx[0], self.pg2.local_mac, self.pg2.remote_mac,
self.pg1.local_ip4, self.pg1.remote_hosts[7].ip4)
#
# An attached host route as yet unresolved out of pg2 for an
# undiscovered host, an ARP requests begets a response.
#
att_unnum1 = VppIpRoute(
self, self.pg1.remote_hosts[8].ip4, 32,
[VppRoutePath("0.0.0.0", self.pg2.sw_if_index)])
att_unnum1.add_vpp_config()
p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg2.remote_mac) /
ARP(op="who-has",
hwsrc=self.pg2.remote_mac,
pdst=self.pg1.local_ip4,
psrc=self.pg1.remote_hosts[8].ip4))
self.pg2.add_stream(p)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx = self.pg2.get_capture(1)
self.verify_arp_resp(rx[0], self.pg2.local_mac, self.pg2.remote_mac,
self.pg1.local_ip4, self.pg1.remote_hosts[8].ip4)
#
# Send an ARP request from one of the so-far unlearned remote hosts
# with a VLAN0 tag
#
p = (
Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg1._remote_hosts[9].mac) /
Dot1Q(vlan=0) / ARP(op="who-has",
hwsrc=self.pg1._remote_hosts[9].mac,
pdst=self.pg1.local_ip4,
psrc=self.pg1._remote_hosts[9].ip4))
self.pg1.add_stream(p)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx = self.pg1.get_capture(1)
self.verify_arp_resp(rx[0], self.pg1.local_mac,
self.pg1._remote_hosts[9].mac, self.pg1.local_ip4,
self.pg1._remote_hosts[9].ip4)
#
# Add a hierachy of routes for a host in the sub-net.
# Should still get an ARP resp since the cover is attached
#
p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg1.remote_mac) /
ARP(op="who-has",
hwsrc=self.pg1.remote_mac,
pdst=self.pg1.local_ip4,
psrc=self.pg1.remote_hosts[10].ip4))
r1 = VppIpRoute(self, self.pg1.remote_hosts[10].ip4, 30, [
VppRoutePath(self.pg1.remote_hosts[10].ip4, self.pg1.sw_if_index)
])
r1.add_vpp_config()
self.pg1.add_stream(p)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx = self.pg1.get_capture(1)
self.verify_arp_resp(rx[0], self.pg1.local_mac, self.pg1.remote_mac,
self.pg1.local_ip4, self.pg1.remote_hosts[10].ip4)
r2 = VppIpRoute(self, self.pg1.remote_hosts[10].ip4, 32, [
VppRoutePath(self.pg1.remote_hosts[10].ip4, self.pg1.sw_if_index)
])
r2.add_vpp_config()
self.pg1.add_stream(p)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx = self.pg1.get_capture(1)
self.verify_arp_resp(rx[0], self.pg1.local_mac, self.pg1.remote_mac,
self.pg1.local_ip4, self.pg1.remote_hosts[10].ip4)
#
# add an ARP entry that's not on the sub-net and so whose
# adj-fib fails the refinement check. then send an ARP request
# from that source
#
a1 = VppNeighbor(self, self.pg0.sw_if_index, self.pg0.remote_mac,
"100.100.100.50")
a1.add_vpp_config()
p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
ARP(op="who-has",
hwsrc=self.pg0.remote_mac,
psrc="100.100.100.50",
pdst=self.pg0.remote_ip4))
self.send_and_assert_no_replies(self.pg0, p,
"ARP req for from failed adj-fib")
#
# ERROR Cases
# 1 - don't respond to ARP request for address not within the
# interface's sub-net
# 1b - nor within the unnumbered subnet
# 1c - nor within the subnet of a different interface
#
p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
ARP(op="who-has",
hwsrc=self.pg0.remote_mac,
pdst="10.10.10.3",
psrc=self.pg0.remote_ip4))
self.send_and_assert_no_replies(self.pg0, p,
"ARP req for non-local destination")
self.assertFalse(find_nbr(self, self.pg0.sw_if_index, "10.10.10.3"))
p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg2.remote_mac) /
ARP(op="who-has",
hwsrc=self.pg2.remote_mac,
pdst="10.10.10.3",
psrc=self.pg1.remote_hosts[7].ip4))
self.send_and_assert_no_replies(
self.pg0, p, "ARP req for non-local destination - unnum")
p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
ARP(op="who-has",
hwsrc=self.pg0.remote_mac,
pdst=self.pg1.local_ip4,
psrc=self.pg1.remote_ip4))
self.send_and_assert_no_replies(self.pg0, p, "ARP req diff sub-net")
self.assertFalse(
find_nbr(self, self.pg0.sw_if_index, self.pg1.remote_ip4))
#
# 2 - don't respond to ARP request from an address not within the
# interface's sub-net
# 2b - to a prxied address
# 2c - not within a differents interface's sub-net
p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
ARP(op="who-has",
hwsrc=self.pg0.remote_mac,
psrc="10.10.10.3",
pdst=self.pg0.local_ip4))
self.send_and_assert_no_replies(self.pg0, p,
"ARP req for non-local source")
p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg2.remote_mac) /
ARP(op="who-has",
hwsrc=self.pg2.remote_mac,
psrc="10.10.10.3",
pdst=self.pg0.local_ip4))
self.send_and_assert_no_replies(
self.pg0, p, "ARP req for non-local source - unnum")
p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
ARP(op="who-has",
hwsrc=self.pg0.remote_mac,
psrc=self.pg1.remote_ip4,
pdst=self.pg0.local_ip4))
self.send_and_assert_no_replies(self.pg0, p,
"ARP req for non-local source 2c")
#
# 3 - don't respond to ARP request from an address that belongs to
# the router
#
p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
ARP(op="who-has",
hwsrc=self.pg0.remote_mac,
psrc=self.pg0.local_ip4,
pdst=self.pg0.local_ip4))
self.send_and_assert_no_replies(self.pg0, p,
"ARP req for non-local source")
#
# 4 - don't respond to ARP requests that has mac source different
# from ARP request HW source
#
p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
ARP(op="who-has",
hwsrc="00:00:00:DE:AD:BE",
psrc=self.pg0.remote_ip4,
pdst=self.pg0.local_ip4))
self.send_and_assert_no_replies(self.pg0, p,
"ARP req for non-local source")
#
# 5 - don't respond to ARP requests for address within the
# interface's sub-net but not the interface's address
#
self.pg0.generate_remote_hosts(2)
p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
ARP(op="who-has",
hwsrc=self.pg0.remote_mac,
psrc=self.pg0.remote_hosts[0].ip4,
pdst=self.pg0.remote_hosts[1].ip4))
self.send_and_assert_no_replies(self.pg0, p,
"ARP req for non-local destination")
#
# cleanup
#
dyn_arp.remove_vpp_config()
static_arp.remove_vpp_config()
self.pg2.unset_unnumbered(self.pg1.sw_if_index)
# need this to flush the adj-fibs
self.pg2.unset_unnumbered(self.pg1.sw_if_index)
self.pg2.admin_down()
self.pg1.admin_down()
def test_map_t(self):
""" MAP-T """
#
# Add a domain that maps from pg0 to pg1
#
map_dst = '2001:db8::/32'
map_src = '1234:5678:90ab:cdef::/64'
ip4_pfx = '192.168.0.0/24'
tag = 'MAP-T Tag.'
self.vapi.map_add_domain(ip6_prefix=map_dst,
ip4_prefix=ip4_pfx,
ip6_src=map_src,
ea_bits_len=16,
psid_offset=6,
psid_length=4,
mtu=1500,
tag=tag)
# Enable MAP-T on interfaces.
self.vapi.map_if_enable_disable(is_enable=1,
sw_if_index=self.pg0.sw_if_index,
is_translation=1)
self.vapi.map_if_enable_disable(is_enable=1,
sw_if_index=self.pg1.sw_if_index,
is_translation=1)
# Ensure MAP doesn't steal all packets!
v4 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(src=self.pg0.remote_ip4, dst=self.pg0.remote_ip4) /
UDP(sport=20000, dport=10000) / Raw(b'\xa5' * 100))
rx = self.send_and_expect(self.pg0, v4 * 1, self.pg0)
v4_reply = v4[1]
v4_reply.ttl -= 1
for p in rx:
self.validate(p[1], v4_reply)
# Ensure MAP doesn't steal all packets
v6 = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
IPv6(src=self.pg1.remote_ip6, dst=self.pg1.remote_ip6) /
UDP(sport=20000, dport=10000) / Raw(b'\xa5' * 100))
rx = self.send_and_expect(self.pg1, v6 * 1, self.pg1)
v6_reply = v6[1]
v6_reply.hlim -= 1
for p in rx:
self.validate(p[1], v6_reply)
map_route = VppIpRoute(self, "2001:db8::", 32, [
VppRoutePath(self.pg1.remote_ip6,
self.pg1.sw_if_index,
proto=DpoProto.DPO_PROTO_IP6)
])
map_route.add_vpp_config()
#
# Send a v4 packet that will be translated
#
p_ether = Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac)
p_ip4 = IP(src=self.pg0.remote_ip4, dst='192.168.0.1')
payload = TCP(sport=0xabcd, dport=0xabcd)
p4 = (p_ether / p_ip4 / payload)
p6_translated = (IPv6(src="1234:5678:90ab:cdef:ac:1001:200:0",
dst="2001:db8:1f0::c0a8:1:f") / payload)
p6_translated.hlim -= 1
rx = self.send_and_expect(self.pg0, p4 * 1, self.pg1)
for p in rx:
self.validate(p[1], p6_translated)
# Send back an IPv6 packet that will be "untranslated"
p_ether6 = Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac)
p_ip6 = IPv6(src='2001:db8:1f0::c0a8:1:f',
dst='1234:5678:90ab:cdef:ac:1001:200:0')
p6 = (p_ether6 / p_ip6 / payload)
p4_translated = (IP(src='192.168.0.1', dst=self.pg0.remote_ip4) /
payload)
p4_translated.id = 0
p4_translated.ttl -= 1
rx = self.send_and_expect(self.pg1, p6 * 1, self.pg0)
for p in rx:
self.validate(p[1], p4_translated)
# IPv4 TTL
ip4_ttl_expired = IP(src=self.pg0.remote_ip4, dst='192.168.0.1', ttl=0)
p4 = (p_ether / ip4_ttl_expired / payload)
icmp4_reply = (
IP(id=0, ttl=254, src=self.pg0.local_ip4, dst=self.pg0.remote_ip4)
/ ICMP(type='time-exceeded', code='ttl-zero-during-transit') /
IP(src=self.pg0.remote_ip4, dst='192.168.0.1', ttl=0) / payload)
rx = self.send_and_expect(self.pg0, p4 * 1, self.pg0)
for p in rx:
self.validate(p[1], icmp4_reply)
'''
This one is broken, cause it would require hairpinning...
# IPv4 TTL TTL1
ip4_ttl_expired = IP(src=self.pg0.remote_ip4, dst='192.168.0.1', ttl=1)
p4 = (p_ether / ip4_ttl_expired / payload)
icmp4_reply = IP(id=0, ttl=254, src=self.pg0.local_ip4,
dst=self.pg0.remote_ip4) / \
ICMP(type='time-exceeded', code='ttl-zero-during-transit' ) / \
IP(src=self.pg0.remote_ip4, dst='192.168.0.1', ttl=0) / payload
rx = self.send_and_expect(self.pg0, p4*1, self.pg0)
for p in rx:
self.validate(p[1], icmp4_reply)
'''
# IPv6 Hop limit
ip6_hlim_expired = IPv6(hlim=0,
src='2001:db8:1ab::c0a8:1:ab',
dst='1234:5678:90ab:cdef:ac:1001:200:0')
p6 = (p_ether6 / ip6_hlim_expired / payload)
icmp6_reply = (IPv6(
hlim=255, src=self.pg1.local_ip6, dst="2001:db8:1ab::c0a8:1:ab") /
ICMPv6TimeExceeded(code=0) /
IPv6(src="2001:db8:1ab::c0a8:1:ab",
dst='1234:5678:90ab:cdef:ac:1001:200:0',
hlim=0) / payload)
rx = self.send_and_expect(self.pg1, p6 * 1, self.pg1)
for p in rx:
self.validate(p[1], icmp6_reply)
# IPv4 Well-known port
p_ip4 = IP(src=self.pg0.remote_ip4, dst='192.168.0.1')
payload = UDP(sport=200, dport=200)
p4 = (p_ether / p_ip4 / payload)
self.send_and_assert_no_replies(self.pg0, p4 * 1)
# IPv6 Well-known port
payload = UDP(sport=200, dport=200)
p6 = (p_ether6 / p_ip6 / payload)
self.send_and_assert_no_replies(self.pg1, p6 * 1)
# Packet fragmentation
payload = UDP(sport=40000, dport=4000) / self.payload(1453)
p4 = (p_ether / p_ip4 / payload)
self.pg_enable_capture()
self.pg0.add_stream(p4)
self.pg_start()
rx = self.pg1.get_capture(2)
for p in rx:
pass
# TODO: Manual validation
# self.validate(p[1], icmp4_reply)
# Packet fragmentation send fragments
payload = UDP(sport=40000, dport=4000) / self.payload(1453)
p4 = (p_ether / p_ip4 / payload)
frags = fragment(p4, fragsize=1000)
self.pg_enable_capture()
self.pg0.add_stream(frags)
self.pg_start()
rx = self.pg1.get_capture(2)
for p in rx:
pass
# p.show2()
# reass_pkt = reassemble(rx)
# p4_reply.ttl -= 1
# p4_reply.id = 256
# self.validate(reass_pkt, p4_reply)
# TCP MSS clamping
self.vapi.map_param_set_tcp(1300)
#
# Send a v4 TCP SYN packet that will be translated and MSS clamped
#
p_ether = Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac)
p_ip4 = IP(src=self.pg0.remote_ip4, dst='192.168.0.1')
payload = TCP(sport=0xabcd,
dport=0xabcd,
flags="S",
options=[('MSS', 1460)])
p4 = (p_ether / p_ip4 / payload)
p6_translated = (IPv6(src="1234:5678:90ab:cdef:ac:1001:200:0",
dst="2001:db8:1f0::c0a8:1:f") / payload)
p6_translated.hlim -= 1
p6_translated[TCP].options = [('MSS', 1300)]
rx = self.send_and_expect(self.pg0, p4 * 1, self.pg1)
for p in rx:
self.validate(p[1], p6_translated)
# Send back an IPv6 packet that will be "untranslated"
p_ether6 = Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac)
p_ip6 = IPv6(src='2001:db8:1f0::c0a8:1:f',
dst='1234:5678:90ab:cdef:ac:1001:200:0')
p6 = (p_ether6 / p_ip6 / payload)
p4_translated = (IP(src='192.168.0.1', dst=self.pg0.remote_ip4) /
payload)
p4_translated.id = 0
p4_translated.ttl -= 1
p4_translated[TCP].options = [('MSS', 1300)]
rx = self.send_and_expect(self.pg1, p6 * 1, self.pg0)
for p in rx:
self.validate(p[1], p4_translated)
def test_sr_mpls(self):
""" SR MPLS """
#
# A simple MPLS xconnect - neos label in label out
#
route_32_eos = VppMplsRoute(self, 32, 0, [
VppRoutePath(self.pg0.remote_ip4,
self.pg0.sw_if_index,
labels=[VppMplsLabel(32)])
])
route_32_eos.add_vpp_config()
#
# A binding SID with only one label
#
self.vapi.sr_mpls_policy_add(999, 1, 0, [32])
#
# A labeled IP route that resolves thru the binding SID
#
ip_10_0_0_1 = VppIpRoute(self, "10.0.0.1", 32, [
VppRoutePath("0.0.0.0",
0xffffffff,
nh_via_label=999,
labels=[VppMplsLabel(55)])
])
ip_10_0_0_1.add_vpp_config()
tx = self.create_stream_ip4(self.pg1, "10.0.0.1")
rx = self.send_and_expect(self.pg1, tx, self.pg0)
self.verify_capture_labelled_ip4(
self.pg0, rx, tx,
[VppMplsLabel(32), VppMplsLabel(55)])
#
# An unlabeled IP route that resolves thru the binding SID
#
ip_10_0_0_1 = VppIpRoute(
self, "10.0.0.2", 32,
[VppRoutePath("0.0.0.0", 0xffffffff, nh_via_label=999)])
ip_10_0_0_1.add_vpp_config()
tx = self.create_stream_ip4(self.pg1, "10.0.0.2")
rx = self.send_and_expect(self.pg1, tx, self.pg0)
self.verify_capture_labelled_ip4(self.pg0, rx, tx, [VppMplsLabel(32)])
self.vapi.sr_mpls_policy_del(999)
#
# this time the SID has many labels pushed
#
self.vapi.sr_mpls_policy_add(999, 1, 0, [32, 33, 34])
tx = self.create_stream_ip4(self.pg1, "10.0.0.1")
rx = self.send_and_expect(self.pg1, tx, self.pg0)
self.verify_capture_labelled_ip4(self.pg0, rx, tx, [
VppMplsLabel(32),
VppMplsLabel(33),
VppMplsLabel(34),
VppMplsLabel(55)
])
tx = self.create_stream_ip4(self.pg1, "10.0.0.2")
rx = self.send_and_expect(self.pg1, tx, self.pg0)
self.verify_capture_labelled_ip4(
self.pg0, rx, tx,
[VppMplsLabel(32),
VppMplsLabel(33),
VppMplsLabel(34)])
#
# Resolve an MPLS tunnel via the SID
#
mpls_tun = VppMPLSTunnelInterface(self, [
VppRoutePath("0.0.0.0",
0xffffffff,
nh_via_label=999,
labels=[VppMplsLabel(44),
VppMplsLabel(46)])
])
mpls_tun.add_vpp_config()
mpls_tun.admin_up()
#
# add an unlabelled route through the new tunnel
#
route_10_0_0_3 = VppIpRoute(
self, "10.0.0.3", 32,
[VppRoutePath("0.0.0.0", mpls_tun._sw_if_index)])
route_10_0_0_3.add_vpp_config()
self.logger.info(self.vapi.cli("sh mpls tun 0"))
self.logger.info(self.vapi.cli("sh adj 21"))
tx = self.create_stream_ip4(self.pg1, "10.0.0.3")
rx = self.send_and_expect(self.pg1, tx, self.pg0)
self.verify_capture_tunneled_ip4(self.pg0, rx, tx, [
VppMplsLabel(32),
VppMplsLabel(33),
VppMplsLabel(34),
VppMplsLabel(44),
VppMplsLabel(46)
])
#
# add a labelled route through the new tunnel
#
route_10_0_0_3 = VppIpRoute(self, "10.0.0.4", 32, [
VppRoutePath(
"0.0.0.0", mpls_tun._sw_if_index, labels=[VppMplsLabel(55)])
])
route_10_0_0_3.add_vpp_config()
tx = self.create_stream_ip4(self.pg1, "10.0.0.4")
rx = self.send_and_expect(self.pg1, tx, self.pg0)
self.verify_capture_tunneled_ip4(self.pg0, rx, tx, [
VppMplsLabel(32),
VppMplsLabel(33),
VppMplsLabel(34),
VppMplsLabel(44),
VppMplsLabel(46),
VppMplsLabel(55)
])
self.vapi.sr_mpls_policy_del(999)
def test_bier_head(self):
"""BIER head"""
#
# Add a BIER table for sub-domain 0, set 0, and BSL 256
#
bti = VppBierTableID(0, 0, BIERLength.BIER_LEN_256)
bt = VppBierTable(self, bti, 77)
bt.add_vpp_config()
#
# 2 bit positions via two next hops
#
nh1 = "10.0.0.1"
nh2 = "10.0.0.2"
ip_route_1 = VppIpRoute(self, nh1, 32,
[VppRoutePath(self.pg1.remote_ip4,
self.pg1.sw_if_index,
labels=[VppMplsLabel(2001)])])
ip_route_2 = VppIpRoute(self, nh2, 32,
[VppRoutePath(self.pg1.remote_ip4,
self.pg1.sw_if_index,
labels=[VppMplsLabel(2002)])])
ip_route_1.add_vpp_config()
ip_route_2.add_vpp_config()
bier_route_1 = VppBierRoute(self, bti, 1,
[VppRoutePath(nh1, 0xffffffff,
labels=[VppMplsLabel(101)])])
bier_route_2 = VppBierRoute(self, bti, 2,
[VppRoutePath(nh2, 0xffffffff,
labels=[VppMplsLabel(102)])])
bier_route_1.add_vpp_config()
bier_route_2.add_vpp_config()
#
# An imposition object with both bit-positions set
#
bi = VppBierImp(self, bti, 333, scapy.compat.chb(0x3) * 32)
bi.add_vpp_config()
#
# Add a multicast route that will forward into the BIER doamin
#
route_ing_232_1_1_1 = VppIpMRoute(
self,
"0.0.0.0",
"232.1.1.1", 32,
MRouteEntryFlags.MFIB_ENTRY_FLAG_NONE,
paths=[VppMRoutePath(self.pg0.sw_if_index,
MRouteItfFlags.MFIB_ITF_FLAG_ACCEPT),
VppMRoutePath(0xffffffff,
MRouteItfFlags.MFIB_ITF_FLAG_FORWARD,
proto=DpoProto.DPO_PROTO_BIER,
bier_imp=bi.bi_index)])
route_ing_232_1_1_1.add_vpp_config()
#
# inject an IP packet. We expect it to be BIER encapped and
# replicated.
#
p = (Ether(dst=self.pg0.local_mac,
src=self.pg0.remote_mac) /
IP(src="1.1.1.1", dst="232.1.1.1") /
UDP(sport=1234, dport=1234))
self.pg0.add_stream([p])
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx = self.pg1.get_capture(2)
#
# Encap Stack is; eth, MPLS, MPLS, BIER
#
igp_mpls = rx[0][MPLS]
self.assertEqual(igp_mpls.label, 2001)
self.assertEqual(igp_mpls.ttl, 64)
self.assertEqual(igp_mpls.s, 0)
bier_mpls = igp_mpls[MPLS].payload
self.assertEqual(bier_mpls.label, 101)
self.assertEqual(bier_mpls.ttl, 64)
self.assertEqual(bier_mpls.s, 1)
self.assertEqual(rx[0][BIER].length, 2)
igp_mpls = rx[1][MPLS]
self.assertEqual(igp_mpls.label, 2002)
self.assertEqual(igp_mpls.ttl, 64)
self.assertEqual(igp_mpls.s, 0)
bier_mpls = igp_mpls[MPLS].payload
self.assertEqual(bier_mpls.label, 102)
self.assertEqual(bier_mpls.ttl, 64)
self.assertEqual(bier_mpls.s, 1)
self.assertEqual(rx[0][BIER].length, 2)
def test_flood(self):
""" L2 Flood Tests """
#
# Create a single bridge Domain
#
self.vapi.bridge_domain_add_del(bd_id=1)
#
# add each interface to the BD. 3 interfaces per split horizon group
#
for i in self.pg_interfaces[0:4]:
self.vapi.sw_interface_set_l2_bridge(rx_sw_if_index=i.sw_if_index,
bd_id=1, shg=0)
for i in self.pg_interfaces[4:8]:
self.vapi.sw_interface_set_l2_bridge(rx_sw_if_index=i.sw_if_index,
bd_id=1, shg=1)
for i in self.pg_interfaces[8:12]:
self.vapi.sw_interface_set_l2_bridge(rx_sw_if_index=i.sw_if_index,
bd_id=1, shg=2)
for i in self.bvi_interfaces:
self.vapi.sw_interface_set_l2_bridge(rx_sw_if_index=i.sw_if_index,
bd_id=1, shg=2,
port_type=L2_PORT_TYPE.BVI)
p = (Ether(dst="ff:ff:ff:ff:ff:ff",
src="00:00:de:ad:be:ef") /
IP(src="10.10.10.10", dst="1.1.1.1") /
UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
#
# input on pg0 expect copies on pg1->11
# this is in SHG=0 so its flooded to all, expect the pg0 since that's
# the ingress link
#
self.pg0.add_stream(p*65)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
for i in self.pg_interfaces[1:12]:
rx0 = i.get_capture(65, timeout=1)
#
# input on pg4 (SHG=1) expect copies on pg0->3 (SHG=0)
# and pg8->11 (SHG=2)
#
self.pg4.add_stream(p*65)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
for i in self.pg_interfaces[:4]:
rx0 = i.get_capture(65, timeout=1)
for i in self.pg_interfaces[8:12]:
rx0 = i.get_capture(65, timeout=1)
for i in self.pg_interfaces[4:8]:
i.assert_nothing_captured(remark="Different SH group")
#
# An IP route so the packet that hits the BVI is sent out of pg12
#
ip_route = VppIpRoute(self, "1.1.1.1", 32,
[VppRoutePath(self.pg12.remote_ip4,
self.pg12.sw_if_index)])
ip_route.add_vpp_config()
self.logger.info(self.vapi.cli("sh bridge 1 detail"))
#
# input on pg0 expect copies on pg1->12
# this is in SHG=0 so its flooded to all, expect the pg0 since that's
# the ingress link
#
self.pg0.add_stream(p*65)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
for i in self.pg_interfaces[1:]:
rx0 = i.get_capture(65, timeout=1)
#
# input on pg4 (SHG=1) expect copies on pg0->3 (SHG=0)
# and pg8->12 (SHG=2)
#
self.pg4.add_stream(p*65)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
for i in self.pg_interfaces[:4]:
rx0 = i.get_capture(65, timeout=1)
for i in self.pg_interfaces[8:13]:
rx0 = i.get_capture(65, timeout=1)
for i in self.pg_interfaces[4:8]:
i.assert_nothing_captured(remark="Different SH group")
#
# cleanup
#
for i in self.pg_interfaces[:12]:
self.vapi.sw_interface_set_l2_bridge(rx_sw_if_index=i.sw_if_index,
bd_id=1, enable=0)
for i in self.bvi_interfaces:
self.vapi.sw_interface_set_l2_bridge(rx_sw_if_index=i.sw_if_index,
bd_id=1, shg=2,
port_type=L2_PORT_TYPE.BVI,
enable=0)
self.vapi.bridge_domain_add_del(bd_id=1, is_add=0)
def test_gbp(self):
""" Group Based Policy """
nat_table = VppIpTable(self, 20)
nat_table.add_vpp_config()
nat_table = VppIpTable(self, 20, is_ip6=True)
nat_table.add_vpp_config()
#
# Bridge Domains
#
self.vapi.bridge_domain_add_del(1,
flood=1,
uu_flood=1,
forward=1,
learn=0,
arp_term=1,
is_add=1)
self.vapi.bridge_domain_add_del(2,
flood=1,
uu_flood=1,
forward=1,
learn=0,
arp_term=1,
is_add=1)
self.vapi.bridge_domain_add_del(20,
flood=1,
uu_flood=1,
forward=1,
learn=0,
arp_term=1,
is_add=1)
#
# 3 EPGs, 2 of which share a BD.
#
epgs = []
recircs = []
epgs.append(
VppGbpEndpointGroup(self, 220, 0, 1, self.pg4, self.loop0,
"10.0.0.128", "2001:10::128"))
recircs.append(VppGbpRecirc(self, epgs[0], self.loop3))
epgs.append(
VppGbpEndpointGroup(self, 221, 0, 1, self.pg5, self.loop0,
"10.0.1.128", "2001:10:1::128"))
recircs.append(VppGbpRecirc(self, epgs[1], self.loop4))
epgs.append(
VppGbpEndpointGroup(self, 222, 0, 2, self.pg6, self.loop1,
"10.0.2.128", "2001:10:2::128"))
recircs.append(VppGbpRecirc(self, epgs[2], self.loop5))
#
# 2 NAT EPGs, one for floating-IP subnets, the other for internet
#
epgs.append(
VppGbpEndpointGroup(self, 333, 20, 20, self.pg7, self.loop2,
"11.0.0.128", "3001::128"))
recircs.append(VppGbpRecirc(self, epgs[3], self.loop6, is_ext=True))
epgs.append(
VppGbpEndpointGroup(self, 444, 20, 20, self.pg8, self.loop2,
"11.0.0.129", "3001::129"))
recircs.append(VppGbpRecirc(self, epgs[4], self.loop8, is_ext=True))
epg_nat = epgs[3]
recirc_nat = recircs[3]
#
# 4 end-points, 2 in the same subnet, 3 in the same BD
#
eps = []
eps.append(
VppGbpEndpoint(self, self.pg0, epgs[0], recircs[0], "10.0.0.1",
"11.0.0.1"))
eps.append(
VppGbpEndpoint(self, self.pg1, epgs[0], recircs[0], "10.0.0.2",
"11.0.0.2"))
eps.append(
VppGbpEndpoint(self, self.pg2, epgs[1], recircs[1], "10.0.1.1",
"11.0.0.3"))
eps.append(
VppGbpEndpoint(self, self.pg3, epgs[2], recircs[2], "10.0.2.1",
"11.0.0.4"))
eps.append(
VppGbpEndpoint(self,
self.pg0,
epgs[0],
recircs[0],
"2001:10::1",
"3001::1",
is_ip6=True))
eps.append(
VppGbpEndpoint(self,
self.pg1,
epgs[0],
recircs[0],
"2001:10::2",
"3001::2",
is_ip6=True))
eps.append(
VppGbpEndpoint(self,
self.pg2,
epgs[1],
recircs[1],
"2001:10:1::1",
"3001::3",
is_ip6=True))
eps.append(
VppGbpEndpoint(self,
self.pg3,
epgs[2],
recircs[2],
"2001:10:2::1",
"3001::4",
is_ip6=True))
#
# Config related to each of the EPGs
#
for epg in epgs:
# IP config on the BVI interfaces
if epg != epgs[1] and epg != epgs[4]:
epg.bvi.set_table_ip4(epg.rd)
epg.bvi.set_table_ip6(epg.rd)
# The BVIs are NAT inside interfaces
self.vapi.nat44_interface_add_del_feature(epg.bvi.sw_if_index,
is_inside=1,
is_add=1)
self.vapi.nat66_add_del_interface(epg.bvi.sw_if_index,
is_inside=1,
is_add=1)
self.vapi.sw_interface_add_del_address(epg.bvi.sw_if_index,
epg.bvi_ip4_n, 32)
self.vapi.sw_interface_add_del_address(epg.bvi.sw_if_index,
epg.bvi_ip6_n,
128,
is_ipv6=True)
# EPG uplink interfaces in the BD
epg.uplink.set_table_ip4(epg.rd)
epg.uplink.set_table_ip6(epg.rd)
self.vapi.sw_interface_set_l2_bridge(epg.uplink.sw_if_index,
epg.bd)
# add the BD ARP termination entry for BVI IP
self.vapi.bd_ip_mac_add_del(bd_id=epg.bd,
mac=mactobinary(self.router_mac),
ip=epg.bvi_ip4_n,
is_ipv6=0,
is_add=1)
self.vapi.bd_ip_mac_add_del(bd_id=epg.bd,
mac=mactobinary(self.router_mac),
ip=epg.bvi_ip6_n,
is_ipv6=1,
is_add=1)
# epg[1] shares the same BVI to epg[0]
if epg != epgs[1] and epg != epgs[4]:
# BVI in BD
self.vapi.sw_interface_set_l2_bridge(epg.bvi.sw_if_index,
epg.bd,
bvi=1)
# BVI L2 FIB entry
self.vapi.l2fib_add_del(self.router_mac,
epg.bd,
epg.bvi.sw_if_index,
is_add=1,
bvi_mac=1)
# EPG in VPP
epg.add_vpp_config()
for recirc in recircs:
# EPG's ingress recirculation interface maps to its RD
recirc.recirc.set_table_ip4(recirc.epg.rd)
recirc.recirc.set_table_ip6(recirc.epg.rd)
# in the bridge to allow DVR. L2 emulation to punt to L3
self.vapi.sw_interface_set_l2_bridge(recirc.recirc.sw_if_index,
recirc.epg.bd)
self.vapi.sw_interface_set_l2_emulation(recirc.recirc.sw_if_index)
self.vapi.nat44_interface_add_del_feature(
recirc.recirc.sw_if_index, is_inside=0, is_add=1)
self.vapi.nat66_add_del_interface(recirc.recirc.sw_if_index,
is_inside=0,
is_add=1)
recirc.add_vpp_config()
ep_routes = []
ep_arps = []
for ep in eps:
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
#
# routes to the endpoints. We need these since there are no
# adj-fibs due to the fact the the BVI address has /32 and
# the subnet is not attached.
#
r = VppIpRoute(
self,
ep.ip,
ep.ip_len,
[VppRoutePath(ep.ip, ep.epg.bvi.sw_if_index, proto=ep.proto)],
is_ip6=ep.is_ip6)
r.add_vpp_config()
ep_routes.append(r)
#
# ARP entries for the endpoints
#
a = VppNeighbor(self,
ep.epg.bvi.sw_if_index,
ep.itf.remote_mac,
ep.ip,
af=ep.af)
a.add_vpp_config()
ep_arps.append(a)
# add each EP itf to the its BD
self.vapi.sw_interface_set_l2_bridge(ep.itf.sw_if_index, ep.epg.bd)
# add the BD ARP termination entry
self.vapi.bd_ip_mac_add_del(bd_id=ep.epg.bd,
mac=ep.bin_mac,
ip=ep.ip_n,
is_ipv6=0,
is_add=1)
# L2 FIB entry
self.vapi.l2fib_add_del(ep.mac,
ep.epg.bd,
ep.itf.sw_if_index,
is_add=1)
# Add static mappings for each EP from the 10/8 to 11/8 network
if ep.af == AF_INET:
self.vapi.nat44_add_del_static_mapping(ep.ip_n,
ep.floating_ip_n,
vrf_id=0,
addr_only=1)
else:
self.vapi.nat66_add_del_static_mapping(ep.ip_n,
ep.floating_ip_n,
vrf_id=0)
# VPP EP create ...
ep.add_vpp_config()
# ... results in a Gratuitous ARP/ND on the EPG's uplink
rx = ep.epg.uplink.get_capture(1, timeout=0.2)
if ep.is_ip6:
self.assertTrue(rx[0].haslayer(ICMPv6ND_NA))
self.assertEqual(rx[0][ICMPv6ND_NA].tgt, ep.ip)
else:
self.assertTrue(rx[0].haslayer(ARP))
self.assertEqual(rx[0][ARP].psrc, ep.ip)
self.assertEqual(rx[0][ARP].pdst, ep.ip)
# add the BD ARP termination entry for floating IP
self.vapi.bd_ip_mac_add_del(bd_id=epg_nat.bd,
mac=ep.bin_mac,
ip=ep.floating_ip_n,
is_ipv6=ep.is_ip6,
is_add=1)
# floating IPs route via EPG recirc
r = VppIpRoute(self,
ep.floating_ip,
ep.ip_len, [
VppRoutePath(ep.floating_ip,
ep.recirc.recirc.sw_if_index,
is_dvr=1,
proto=ep.proto)
],
table_id=20,
is_ip6=ep.is_ip6)
r.add_vpp_config()
ep_routes.append(r)
# L2 FIB entries in the NAT EPG BD to bridge the packets from
# the outside direct to the internal EPG
self.vapi.l2fib_add_del(ep.mac,
epg_nat.bd,
ep.recirc.recirc.sw_if_index,
is_add=1)
#
# ARP packets for unknown IP are flooded
#
pkt_arp = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
ARP(op="who-has",
hwdst="ff:ff:ff:ff:ff:ff",
hwsrc=self.pg0.remote_mac,
pdst=epgs[0].bvi_ip4,
psrc="10.0.0.88"))
self.send_and_expect(self.pg0, [pkt_arp], self.pg0)
#
# ARP/ND packets get a response
#
pkt_arp = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
ARP(op="who-has",
hwdst="ff:ff:ff:ff:ff:ff",
hwsrc=self.pg0.remote_mac,
pdst=epgs[0].bvi_ip4,
psrc=eps[0].ip))
self.send_and_expect(self.pg0, [pkt_arp], self.pg0)
nsma = in6_getnsma(inet_pton(AF_INET6, eps[4].ip))
d = inet_ntop(AF_INET6, nsma)
pkt_nd = (Ether(dst=in6_getnsmac(nsma)) / IPv6(dst=d, src=eps[4].ip) /
ICMPv6ND_NS(tgt=epgs[0].bvi_ip6) /
ICMPv6NDOptSrcLLAddr(lladdr=self.pg0.remote_mac))
self.send_and_expect(self.pg0, [pkt_nd], self.pg0)
#
# broadcast packets are flooded
#
pkt_bcast = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
IP(src=eps[0].ip, dst="232.1.1.1") /
UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
self.vapi.cli("clear trace")
self.pg0.add_stream(pkt_bcast)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rxd = eps[1].itf.get_capture(1)
self.assertEqual(rxd[0][Ether].dst, pkt_bcast[Ether].dst)
rxd = epgs[0].uplink.get_capture(1)
self.assertEqual(rxd[0][Ether].dst, pkt_bcast[Ether].dst)
#
# packets to non-local L3 destinations dropped
#
pkt_intra_epg_220_ip4 = (
Ether(src=self.pg0.remote_mac, dst=self.router_mac) /
IP(src=eps[0].ip, dst="10.0.0.99") / UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
pkt_inter_epg_222_ip4 = (
Ether(src=self.pg0.remote_mac, dst=self.router_mac) /
IP(src=eps[0].ip, dst="10.0.1.99") / UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
self.send_and_assert_no_replies(self.pg0, pkt_intra_epg_220_ip4 * 65)
pkt_inter_epg_222_ip6 = (
Ether(src=self.pg0.remote_mac, dst=self.router_mac) /
IPv6(src=eps[4].ip, dst="2001:10::99") /
UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
self.send_and_assert_no_replies(self.pg0, pkt_inter_epg_222_ip6 * 65)
#
# Add the subnet routes
#
s41 = VppGbpSubnet(self, 0, "10.0.0.0", 24)
s42 = VppGbpSubnet(self, 0, "10.0.1.0", 24)
s43 = VppGbpSubnet(self, 0, "10.0.2.0", 24)
s41.add_vpp_config()
s42.add_vpp_config()
s43.add_vpp_config()
s61 = VppGbpSubnet(self, 0, "2001:10::1", 64, is_ip6=True)
s62 = VppGbpSubnet(self, 0, "2001:10:1::1", 64, is_ip6=True)
s63 = VppGbpSubnet(self, 0, "2001:10:2::1", 64, is_ip6=True)
s61.add_vpp_config()
s62.add_vpp_config()
s63.add_vpp_config()
self.send_and_expect_bridged(self.pg0, pkt_intra_epg_220_ip4 * 65,
self.pg4)
self.send_and_expect_bridged(self.pg3, pkt_inter_epg_222_ip4 * 65,
self.pg6)
self.send_and_expect_bridged6(self.pg3, pkt_inter_epg_222_ip6 * 65,
self.pg6)
self.logger.info(self.vapi.cli("sh ip fib 11.0.0.2"))
self.logger.info(self.vapi.cli("sh gbp endpoint-group"))
self.logger.info(self.vapi.cli("sh gbp endpoint"))
self.logger.info(self.vapi.cli("sh gbp recirc"))
self.logger.info(self.vapi.cli("sh int"))
self.logger.info(self.vapi.cli("sh int addr"))
self.logger.info(self.vapi.cli("sh int feat loop6"))
self.logger.info(self.vapi.cli("sh vlib graph ip4-gbp-src-classify"))
self.logger.info(self.vapi.cli("sh int feat loop3"))
#
# Packet destined to unknown unicast is sent on the epg uplink ...
#
pkt_intra_epg_220_to_uplink = (
Ether(src=self.pg0.remote_mac, dst="00:00:00:33:44:55") /
IP(src=eps[0].ip, dst="10.0.0.99") / UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
self.send_and_expect_bridged(self.pg0,
pkt_intra_epg_220_to_uplink * 65,
self.pg4)
# ... and nowhere else
self.pg1.get_capture(0, timeout=0.1)
self.pg1.assert_nothing_captured(remark="Flood onto other VMS")
pkt_intra_epg_221_to_uplink = (
Ether(src=self.pg2.remote_mac, dst="00:00:00:33:44:66") /
IP(src=eps[0].ip, dst="10.0.0.99") / UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
self.send_and_expect_bridged(self.pg2,
pkt_intra_epg_221_to_uplink * 65,
self.pg5)
#
# Packets from the uplink are forwarded in the absence of a contract
#
pkt_intra_epg_220_from_uplink = (
Ether(src="00:00:00:33:44:55", dst=self.pg0.remote_mac) /
IP(src=eps[0].ip, dst="10.0.0.99") / UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
self.send_and_expect_bridged(self.pg4,
pkt_intra_epg_220_from_uplink * 65,
self.pg0)
#
# in the absence of policy, endpoints in the same EPG
# can communicate
#
pkt_intra_epg = (
Ether(src=self.pg0.remote_mac, dst=self.pg1.remote_mac) /
IP(src=eps[0].ip, dst=eps[1].ip) / UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
self.send_and_expect_bridged(self.pg0, pkt_intra_epg * 65, self.pg1)
#
# in the abscense of policy, endpoints in the different EPG
# cannot communicate
#
pkt_inter_epg_220_to_221 = (
Ether(src=self.pg0.remote_mac, dst=self.pg2.remote_mac) /
IP(src=eps[0].ip, dst=eps[2].ip) / UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
pkt_inter_epg_221_to_220 = (
Ether(src=self.pg2.remote_mac, dst=self.pg0.remote_mac) /
IP(src=eps[2].ip, dst=eps[0].ip) / UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
pkt_inter_epg_220_to_222 = (
Ether(src=self.pg0.remote_mac, dst=self.router_mac) /
IP(src=eps[0].ip, dst=eps[3].ip) / UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
self.send_and_assert_no_replies(self.pg0,
pkt_inter_epg_220_to_221 * 65)
self.send_and_assert_no_replies(self.pg0,
pkt_inter_epg_220_to_222 * 65)
#
# A uni-directional contract from EPG 220 -> 221
#
c1 = VppGbpContract(self, 220, 221, 0)
c1.add_vpp_config()
self.send_and_expect_bridged(self.pg0, pkt_inter_epg_220_to_221 * 65,
self.pg2)
self.send_and_assert_no_replies(self.pg0,
pkt_inter_epg_220_to_222 * 65)
#
# contract for the return direction
#
c2 = VppGbpContract(self, 221, 220, 0)
c2.add_vpp_config()
self.send_and_expect_bridged(self.pg0, pkt_inter_epg_220_to_221 * 65,
self.pg2)
self.send_and_expect_bridged(self.pg2, pkt_inter_epg_221_to_220 * 65,
self.pg0)
#
# check that inter group is still disabled for the groups
# not in the contract.
#
self.send_and_assert_no_replies(self.pg0,
pkt_inter_epg_220_to_222 * 65)
#
# A uni-directional contract from EPG 220 -> 222 'L3 routed'
#
c3 = VppGbpContract(self, 220, 222, 0)
c3.add_vpp_config()
self.logger.info(self.vapi.cli("sh gbp contract"))
self.send_and_expect_routed(self.pg0, pkt_inter_epg_220_to_222 * 65,
self.pg3, self.router_mac)
#
# remove both contracts, traffic stops in both directions
#
c2.remove_vpp_config()
c1.remove_vpp_config()
c3.remove_vpp_config()
self.send_and_assert_no_replies(self.pg2,
pkt_inter_epg_221_to_220 * 65)
self.send_and_assert_no_replies(self.pg0,
pkt_inter_epg_220_to_221 * 65)
self.send_and_expect_bridged(self.pg0, pkt_intra_epg * 65, self.pg1)
#
# EPs to the outside world
#
# in the EP's RD an external subnet via the NAT EPG's recirc
se1 = VppGbpSubnet(self,
0,
"0.0.0.0",
0,
is_internal=False,
sw_if_index=recirc_nat.recirc.sw_if_index,
epg=epg_nat.epg)
se1.add_vpp_config()
se2 = VppGbpSubnet(self,
0,
"11.0.0.0",
8,
is_internal=False,
sw_if_index=recirc_nat.recirc.sw_if_index,
epg=epg_nat.epg)
se2.add_vpp_config()
se16 = VppGbpSubnet(self,
0,
"::",
0,
is_internal=False,
sw_if_index=recirc_nat.recirc.sw_if_index,
epg=epg_nat.epg,
is_ip6=True)
se16.add_vpp_config()
# in the NAT RD an external subnet via the NAT EPG's uplink
se3 = VppGbpSubnet(self,
20,
"0.0.0.0",
0,
is_internal=False,
sw_if_index=epg_nat.uplink.sw_if_index,
epg=epg_nat.epg)
se36 = VppGbpSubnet(self,
20,
"::",
0,
is_internal=False,
sw_if_index=epg_nat.uplink.sw_if_index,
epg=epg_nat.epg,
is_ip6=True)
se4 = VppGbpSubnet(self,
20,
"11.0.0.0",
8,
is_internal=False,
sw_if_index=epg_nat.uplink.sw_if_index,
epg=epg_nat.epg)
se3.add_vpp_config()
se36.add_vpp_config()
se4.add_vpp_config()
self.logger.info(self.vapi.cli("sh ip fib 0.0.0.0/0"))
self.logger.info(self.vapi.cli("sh ip fib 11.0.0.1"))
self.logger.info(self.vapi.cli("sh ip6 fib ::/0"))
self.logger.info(self.vapi.cli("sh ip6 fib %s" % eps[4].floating_ip))
#
# From an EP to an outside addess: IN2OUT
#
pkt_inter_epg_220_to_global = (
Ether(src=self.pg0.remote_mac, dst=self.router_mac) /
IP(src=eps[0].ip, dst="1.1.1.1") / UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
# no policy yet
self.send_and_assert_no_replies(self.pg0,
pkt_inter_epg_220_to_global * 65)
c4 = VppGbpContract(self, 220, 333, 0)
c4.add_vpp_config()
self.send_and_expect_natted(self.pg0, pkt_inter_epg_220_to_global * 65,
self.pg7, eps[0].floating_ip)
pkt_inter_epg_220_to_global = (
Ether(src=self.pg0.remote_mac, dst=self.router_mac) /
IPv6(src=eps[4].ip, dst="6001::1") / UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
self.send_and_expect_natted6(self.pg0,
pkt_inter_epg_220_to_global * 65,
self.pg7, eps[4].floating_ip)
#
# From a global address to an EP: OUT2IN
#
pkt_inter_epg_220_from_global = (
Ether(src=self.router_mac, dst=self.pg0.remote_mac) /
IP(dst=eps[0].floating_ip, src="1.1.1.1") /
UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
self.send_and_assert_no_replies(self.pg7,
pkt_inter_epg_220_from_global * 65)
c5 = VppGbpContract(self, 333, 220, 0)
c5.add_vpp_config()
self.send_and_expect_unnatted(self.pg7,
pkt_inter_epg_220_from_global * 65,
eps[0].itf, eps[0].ip)
pkt_inter_epg_220_from_global = (
Ether(src=self.router_mac, dst=self.pg0.remote_mac) /
IPv6(dst=eps[4].floating_ip, src="6001::1") /
UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
self.send_and_expect_unnatted6(self.pg7,
pkt_inter_epg_220_from_global * 65,
eps[4].itf, eps[4].ip)
#
# From a local VM to another local VM using resp. public addresses:
# IN2OUT2IN
#
pkt_intra_epg_220_global = (
Ether(src=self.pg0.remote_mac, dst=self.router_mac) /
IP(src=eps[0].ip, dst=eps[1].floating_ip) /
UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
self.send_and_expect_double_natted(eps[0].itf,
pkt_intra_epg_220_global * 65,
eps[1].itf, eps[0].floating_ip,
eps[1].ip)
pkt_intra_epg_220_global = (
Ether(src=self.pg4.remote_mac, dst=self.router_mac) /
IPv6(src=eps[4].ip, dst=eps[5].floating_ip) /
UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
self.send_and_expect_double_natted6(eps[4].itf,
pkt_intra_epg_220_global * 65,
eps[5].itf, eps[4].floating_ip,
eps[5].ip)
#
# cleanup
#
for ep in eps:
# del static mappings for each EP from the 10/8 to 11/8 network
if ep.af == AF_INET:
self.vapi.nat44_add_del_static_mapping(ep.ip_n,
ep.floating_ip_n,
vrf_id=0,
addr_only=1,
is_add=0)
else:
self.vapi.nat66_add_del_static_mapping(ep.ip_n,
ep.floating_ip_n,
vrf_id=0,
is_add=0)
for epg in epgs:
# IP config on the BVI interfaces
self.vapi.sw_interface_add_del_address(epg.bvi.sw_if_index,
epg.bvi_ip4_n,
32,
is_add=0)
self.vapi.sw_interface_add_del_address(epg.bvi.sw_if_index,
epg.bvi_ip6_n,
128,
is_add=0,
is_ipv6=True)
self.logger.info(self.vapi.cli("sh int addr"))
epg.uplink.set_table_ip4(0)
epg.uplink.set_table_ip6(0)
if epg != epgs[0] and epg != epgs[3]:
epg.bvi.set_table_ip4(0)
epg.bvi.set_table_ip6(0)
self.vapi.nat44_interface_add_del_feature(epg.bvi.sw_if_index,
is_inside=1,
is_add=0)
self.vapi.nat66_add_del_interface(epg.bvi.sw_if_index,
is_inside=1,
is_add=0)
for recirc in recircs:
recirc.recirc.set_table_ip4(0)
recirc.recirc.set_table_ip6(0)
self.vapi.nat44_interface_add_del_feature(
recirc.recirc.sw_if_index, is_inside=0, is_add=0)
self.vapi.nat66_add_del_interface(recirc.recirc.sw_if_index,
is_inside=0,
is_add=0)
def test_abf6(self):
""" IPv6 ACL Based Forwarding
"""
#
# Simple test for matching IPv6 packets
#
#
# Rule 1
#
rule_1 = ({'is_permit': 1,
'is_ipv6': 1,
'proto': 17,
'srcport_or_icmptype_first': 1234,
'srcport_or_icmptype_last': 1234,
'src_ip_prefix_len': 128,
'src_ip_addr': inet_pton(AF_INET6, "2001::2"),
'dstport_or_icmpcode_first': 1234,
'dstport_or_icmpcode_last': 1234,
'dst_ip_prefix_len': 128,
'dst_ip_addr': inet_pton(AF_INET6, "2001::1")})
acl_1 = self.vapi.acl_add_replace(acl_index=4294967295,
r=[rule_1])
#
# ABF policy for ACL 1 - path via interface 1
#
abf_1 = VppAbfPolicy(self, 10, acl_1,
[VppRoutePath("3001::1",
0xffffffff,
proto=DpoProto.DPO_PROTO_IP6)])
abf_1.add_vpp_config()
attach_1 = VppAbfAttach(self, 10, self.pg0.sw_if_index,
45, is_ipv6=True)
attach_1.add_vpp_config()
#
# a packet matching the rule
#
p = (Ether(src=self.pg0.remote_mac,
dst=self.pg0.local_mac) /
IPv6(src="2001::2", dst="2001::1") /
UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
#
# packets are dropped because there is no route to the policy's
# next hop
#
self.send_and_assert_no_replies(self.pg1, p * 65, "no route")
#
# add a route resolving the next-hop
#
route = VppIpRoute(self, "3001::1", 32,
[VppRoutePath(self.pg1.remote_ip6,
self.pg1.sw_if_index,
proto=DpoProto.DPO_PROTO_IP6)],
is_ip6=1)
route.add_vpp_config()
#
# now expect packets forwarded.
#
self.send_and_expect(self.pg0, p * 65, self.pg1)
