def test_mgre6(self):
""" mGRE IPv6 tunnel Tests """
self.pg0.config_ip6()
self.pg0.resolve_ndp()
e = VppEnum.vl_api_tunnel_encap_decap_flags_t
for itf in self.pg_interfaces[3:]:
#
# one underlay nh for each overlay/tunnel peer
#
itf.config_ip6()
itf.generate_remote_hosts(4)
itf.configure_ipv6_neighbors()
#
# Create an L3 GRE tunnel.
# - set it admin up
# - assign an IP Addres
# - Add a route via the tunnel
#
gre_if = VppGreInterface(
self,
itf.local_ip6,
"::",
mode=(VppEnum.vl_api_tunnel_mode_t.
TUNNEL_API_MODE_MP),
flags=e.TUNNEL_API_ENCAP_DECAP_FLAG_ENCAP_COPY_DSCP)
gre_if.add_vpp_config()
gre_if.admin_up()
gre_if.config_ip6()
gre_if.generate_remote_hosts(4)
#
# for-each peer
#
for ii in range(1, 4):
route_addr = "4::%d" % ii
#
# Add a TEIB entry resolves the peer
#
teib = VppTeib(self, gre_if,
gre_if._remote_hosts[ii].ip6,
itf._remote_hosts[ii].ip6)
teib.add_vpp_config()
#
# route traffic via the peer
#
route_via_tun = VppIpRoute(
self, route_addr, 128,
[VppRoutePath(gre_if._remote_hosts[ii].ip6,
gre_if.sw_if_index)])
route_via_tun.add_vpp_config()
#
# Send a packet stream that is routed into the tunnel
# - packets are GRE encapped
#
tx_e = self.create_stream_ip6(self.pg0, "5::5", route_addr,
dscp=2, ecn=1)
rx = self.send_and_expect(self.pg0, tx_e, itf)
self.verify_tunneled_6o6(self.pg0, rx, tx_e,
itf.local_ip6,
itf._remote_hosts[ii].ip6,
dscp=2)
tx_i = self.create_tunnel_stream_6o6(self.pg0,
itf._remote_hosts[ii].ip6,
itf.local_ip6,
self.pg0.local_ip6,
self.pg0.remote_ip6)
rx = self.send_and_expect(self.pg0, tx_i, self.pg0)
self.verify_decapped_6o6(self.pg0, rx, tx_i)
#
# delete and re-add the TEIB
#
teib.remove_vpp_config()
self.send_and_assert_no_replies(self.pg0, tx_e)
teib.add_vpp_config()
rx = self.send_and_expect(self.pg0, tx_e, itf)
self.verify_tunneled_6o6(self.pg0, rx, tx_e,
itf.local_ip6,
itf._remote_hosts[ii].ip6,
dscp=2)
rx = self.send_and_expect(self.pg0, tx_i, self.pg0)
self.verify_decapped_6o6(self.pg0, rx, tx_i)
gre_if.admin_down()
gre_if.unconfig_ip4()
itf.unconfig_ip6()
self.pg0.unconfig_ip6()
class TestIpsecGreIfEsp(TemplateIpsec, IpsecTun4Tests):
""" Ipsec GRE ESP - TUN tests """
tun4_encrypt_node_name = "esp4-encrypt-tun"
tun4_decrypt_node_name = "esp4-decrypt-tun"
encryption_type = ESP
def gen_encrypt_pkts(self,
sa,
sw_intf,
src,
dst,
count=1,
payload_size=100):
return [
Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) / sa.encrypt(
IP(src=self.pg0.remote_ip4, dst=self.pg0.local_ip4) / GRE() /
IP(src=self.pg1.local_ip4, dst=self.pg1.remote_ip4) /
UDP(sport=1144, dport=2233) / Raw('X' * payload_size))
for i in range(count)
]
def gen_pkts(self, sw_intf, src, dst, count=1, payload_size=100):
return [
Ether(src=sw_intf.remote_mac, dst=sw_intf.local_mac) /
IP(src="1.1.1.1", dst="1.1.1.2") / UDP(sport=1144, dport=2233) /
Raw('X' * payload_size) for i in range(count)
]
def verify_decrypted(self, p, rxs):
for rx in rxs:
self.assert_equal(rx[Ether].dst, self.pg1.remote_mac)
self.assert_equal(rx[IP].dst, self.pg1.remote_ip4)
def verify_encrypted(self, p, sa, rxs):
for rx in rxs:
try:
pkt = sa.decrypt(rx[IP])
if not pkt.haslayer(IP):
pkt = IP(pkt[Raw].load)
self.assert_packet_checksums_valid(pkt)
self.assert_equal(pkt[IP].dst, self.pg0.remote_ip4)
self.assert_equal(pkt[IP].src, self.pg0.local_ip4)
self.assertTrue(pkt.haslayer(GRE))
e = pkt[GRE]
self.assertEqual(e[IP].dst, "1.1.1.2")
except (IndexError, AssertionError):
self.logger.debug(ppp("Unexpected packet:", rx))
try:
self.logger.debug(ppp("Decrypted packet:", pkt))
except:
pass
raise
def setUp(self):
super(TestIpsecGreIfEsp, self).setUp()
self.tun_if = self.pg0
p = self.ipv4_params
bd1 = VppBridgeDomain(self, 1)
bd1.add_vpp_config()
p.tun_sa_out = VppIpsecSA(self, p.scapy_tun_sa_id, p.scapy_tun_spi,
p.auth_algo_vpp_id, p.auth_key,
p.crypt_algo_vpp_id, p.crypt_key,
self.vpp_esp_protocol, self.pg0.local_ip4,
self.pg0.remote_ip4)
p.tun_sa_out.add_vpp_config()
p.tun_sa_in = VppIpsecSA(self, p.vpp_tun_sa_id, p.vpp_tun_spi,
p.auth_algo_vpp_id, p.auth_key,
p.crypt_algo_vpp_id, p.crypt_key,
self.vpp_esp_protocol, self.pg0.remote_ip4,
self.pg0.local_ip4)
p.tun_sa_in.add_vpp_config()
self.tun = VppGreInterface(self, self.pg0.local_ip4,
self.pg0.remote_ip4)
self.tun.add_vpp_config()
p.tun_protect = VppIpsecTunProtect(self, self.tun, p.tun_sa_out,
[p.tun_sa_in])
p.tun_protect.add_vpp_config()
self.tun.admin_up()
self.tun.config_ip4()
VppIpRoute(
self, "1.1.1.2", 32,
[VppRoutePath(self.tun.remote_ip4, 0xffffffff)]).add_vpp_config()
def tearDown(self):
self.tun.unconfig_ip4()
super(TestIpsecGreIfEsp, self).tearDown()
def test_mgre(self):
""" mGRE IPv4 tunnel Tests """
for itf in self.pg_interfaces[3:]:
#
# one underlay nh for each overlay/tunnel peer
#
itf.generate_remote_hosts(4)
itf.configure_ipv4_neighbors()
#
# Create an L3 GRE tunnel.
# - set it admin up
# - assign an IP Addres
# - Add a route via the tunnel
#
gre_if = VppGreInterface(self,
itf.local_ip4,
"0.0.0.0",
mode=(VppEnum.vl_api_tunnel_mode_t.
TUNNEL_API_MODE_MP))
gre_if.add_vpp_config()
gre_if.admin_up()
gre_if.config_ip4()
gre_if.generate_remote_hosts(4)
self.logger.info(self.vapi.cli("sh adj"))
self.logger.info(self.vapi.cli("sh ip fib"))
#
# ensure we don't match to the tunnel if the source address
# is all zeros
#
tx = self.create_tunnel_stream_4o4(self.pg0,
"0.0.0.0",
itf.local_ip4,
self.pg0.local_ip4,
self.pg0.remote_ip4)
self.send_and_assert_no_replies(self.pg0, tx)
#
# for-each peer
#
for ii in range(1, 4):
route_addr = "4.4.4.%d" % ii
#
# route traffic via the peer
#
route_via_tun = VppIpRoute(
self, route_addr, 32,
[VppRoutePath(gre_if._remote_hosts[ii].ip4,
gre_if.sw_if_index)])
route_via_tun.add_vpp_config()
#
# Add a TEIB entry resolves the peer
#
teib = VppTeib(self, gre_if,
gre_if._remote_hosts[ii].ip4,
itf._remote_hosts[ii].ip4)
teib.add_vpp_config()
#
# Send a packet stream that is routed into the tunnel
# - packets are GRE encapped
#
tx_e = self.create_stream_ip4(self.pg0, "5.5.5.5", route_addr)
rx = self.send_and_expect(self.pg0, tx_e, itf)
self.verify_tunneled_4o4(self.pg0, rx, tx_e,
itf.local_ip4,
itf._remote_hosts[ii].ip4)
tx_i = self.create_tunnel_stream_4o4(self.pg0,
itf._remote_hosts[ii].ip4,
itf.local_ip4,
self.pg0.local_ip4,
self.pg0.remote_ip4)
rx = self.send_and_expect(self.pg0, tx_i, self.pg0)
self.verify_decapped_4o4(self.pg0, rx, tx_i)
#
# delete and re-add the TEIB
#
teib.remove_vpp_config()
self.send_and_assert_no_replies(self.pg0, tx_e)
self.send_and_assert_no_replies(self.pg0, tx_i)
teib.add_vpp_config()
rx = self.send_and_expect(self.pg0, tx_e, itf)
self.verify_tunneled_4o4(self.pg0, rx, tx_e,
itf.local_ip4,
itf._remote_hosts[ii].ip4)
rx = self.send_and_expect(self.pg0, tx_i, self.pg0)
self.verify_decapped_4o4(self.pg0, rx, tx_i)
gre_if.admin_down()
gre_if.unconfig_ip4()
