def setUp(self):
super(TestGSO, self).setUp()
for i in self.pg_interfaces:
i.admin_up()
i.config_ip4()
i.config_ip6()
i.disable_ipv6_ra()
i.resolve_arp()
i.resolve_ndp()
self.single_tunnel_bd = 10
self.vxlan = VppVxlanTunnel(self,
src=self.pg0.local_ip4,
dst=self.pg0.remote_ip4,
vni=self.single_tunnel_bd)
self.vxlan2 = VppVxlanTunnel(self,
src=self.pg0.local_ip6,
dst=self.pg0.remote_ip6,
vni=self.single_tunnel_bd)
self.ipip4 = VppIpIpTunInterface(self, self.pg0, self.pg0.local_ip4,
self.pg0.remote_ip4)
self.ipip6 = VppIpIpTunInterface(self, self.pg0, self.pg0.local_ip6,
self.pg0.remote_ip6)
def config_network(self, p):
p.tun_if = VppIpIpTunInterface(self, self.pg0, self.pg0.local_ip4,
self.pg0.remote_ip4)
p.tun_if.add_vpp_config()
p.tun_if.admin_up()
p.tun_if.config_ip4()
p.route = VppIpRoute(self, p.remote_tun_if_host, 32,
[VppRoutePath(p.tun_if.remote_ip4, 0xffffffff)])
p.route.add_vpp_config()
def config_network(self, p):
p.tun_if = VppIpIpTunInterface(self, self.pg0, self.pg0.local_ip6,
self.pg0.remote_ip6)
p.tun_if.add_vpp_config()
p.tun_if.admin_up()
p.tun_if.config_ip6()
p.route = VppIpRoute(self, p.remote_tun_if_host, 128, [
VppRoutePath(
p.tun_if.remote_ip6, 0xffffffff, proto=DpoProto.DPO_PROTO_IP6)
])
p.route.add_vpp_config()
def test_ipip6(self):
""" ip{v4,v6} over ip6 test """
# that's annoying
self.destroy_tunnel()
self.pg1.generate_remote_hosts(5)
self.pg1.configure_ipv6_neighbors()
e = VppEnum.vl_api_tunnel_encap_decap_flags_t
d = VppEnum.vl_api_ip_dscp_t
self.p_ether = Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac)
self.p_payload = UDP(sport=1234, dport=1234) / Raw(b'X' * 100)
# create a TOS byte by shifting a DSCP code point 2 bits. those 2 bits
# are for the ECN.
dscp = d.IP_API_DSCP_AF31 << 2
ecn = 3
dscp_ecn = d.IP_API_DSCP_AF31 << 2 | ecn
# IPv4 transport that copies the DCSP from the payload
tun_dscp = VppIpIpTunInterface(
self,
self.pg0,
self.pg0.local_ip6,
self.pg1.remote_hosts[0].ip6,
flags=e.TUNNEL_API_ENCAP_DECAP_FLAG_ENCAP_COPY_DSCP)
tun_dscp.add_vpp_config()
# IPv4 transport that copies the DCSP and ECN from the payload
tun_dscp_ecn = VppIpIpTunInterface(
self,
self.pg0,
self.pg0.local_ip6,
self.pg1.remote_hosts[1].ip6,
flags=(e.TUNNEL_API_ENCAP_DECAP_FLAG_ENCAP_COPY_DSCP
| e.TUNNEL_API_ENCAP_DECAP_FLAG_ENCAP_COPY_ECN))
tun_dscp_ecn.add_vpp_config()
# IPv4 transport that copies the ECN from the payload and sets the
# DF bit on encap. copies the ECN on decap
tun_ecn = VppIpIpTunInterface(
self,
self.pg0,
self.pg0.local_ip6,
self.pg1.remote_hosts[2].ip6,
flags=(e.TUNNEL_API_ENCAP_DECAP_FLAG_ENCAP_COPY_ECN
| e.TUNNEL_API_ENCAP_DECAP_FLAG_ENCAP_SET_DF
| e.TUNNEL_API_ENCAP_DECAP_FLAG_DECAP_COPY_ECN))
tun_ecn.add_vpp_config()
# IPv4 transport that sets a fixed DSCP in the encap and copies
# the DF bit
tun = VppIpIpTunInterface(
self,
self.pg0,
self.pg0.local_ip6,
self.pg1.remote_hosts[3].ip6,
dscp=d.IP_API_DSCP_AF11,
flags=e.TUNNEL_API_ENCAP_DECAP_FLAG_ENCAP_COPY_DF)
tun.add_vpp_config()
# array of all the tunnels
tuns = [tun_dscp, tun_dscp_ecn, tun_ecn, tun]
# addresses for prefixes routed via each tunnel
a4s = ["" for i in range(len(tuns))]
a6s = ["" for i in range(len(tuns))]
# IP headers for inner packets with each combination of DSCp/ECN tested
p_ip6s = [
IPv6(src="1::1", dst="DEAD::1", nh='UDP', tc=dscp),
IPv6(src="1::1", dst="DEAD::1", nh='UDP', tc=dscp_ecn),
IPv6(src="1::1", dst="DEAD::1", nh='UDP', tc=ecn),
IPv6(src="1::1", dst="DEAD::1", nh='UDP', tc=0xff)
]
p_ip4s = [
IP(src="1.2.3.4", dst="130.67.0.1", tos=dscp, flags='DF'),
IP(src="1.2.3.4", dst="130.67.0.1", tos=dscp_ecn),
IP(src="1.2.3.4", dst="130.67.0.1", tos=ecn),
IP(src="1.2.3.4", dst="130.67.0.1", tos=0xff)
]
# Configure each tunnel
for i, t in enumerate(tuns):
# Set interface up and enable IP on it
self.vapi.sw_interface_set_flags(t.sw_if_index, 1)
self.vapi.sw_interface_set_unnumbered(
sw_if_index=self.pg0.sw_if_index,
unnumbered_sw_if_index=t.sw_if_index)
# prefix for route / destination address for packets
a4s[i] = "130.67.%d.0" % i
a6s[i] = "dead:%d::" % i
# Add IPv4 and IPv6 routes via tunnel interface
ip4_via_tunnel = VppIpRoute(self, a4s[i], 24, [
VppRoutePath("0.0.0.0",
t.sw_if_index,
proto=FibPathProto.FIB_PATH_NH_PROTO_IP4)
])
ip4_via_tunnel.add_vpp_config()
ip6_via_tunnel = VppIpRoute(self, a6s[i], 64, [
VppRoutePath("::",
t.sw_if_index,
proto=FibPathProto.FIB_PATH_NH_PROTO_IP6)
])
ip6_via_tunnel.add_vpp_config()
#
# Encapsulation
#
# tun_dscp copies only the dscp
# expected TC values are thus only the DCSP value is present from the
# inner
exp_tcs = [dscp, dscp, 0, 0xfc]
p_ip6_encaps = [
IPv6(src=self.pg0.local_ip6, dst=tun_dscp.dst, tc=tc)
for tc in exp_tcs
]
# IPv4 in to IPv4 tunnel
self.verify_ip4ip6_encaps(a4s[0], p_ip4s, p_ip6_encaps)
# IPv6 in to IPv4 tunnel
self.verify_ip6ip6_encaps(a6s[0], p_ip6s, p_ip6_encaps)
# tun_dscp_ecn copies the dscp and the ecn
exp_tcs = [dscp, dscp_ecn, ecn, 0xff]
p_ip6_encaps = [
IPv6(src=self.pg0.local_ip6, dst=tun_dscp_ecn.dst, tc=tc)
for tc in exp_tcs
]
self.verify_ip4ip6_encaps(a4s[1], p_ip4s, p_ip6_encaps)
self.verify_ip6ip6_encaps(a6s[1], p_ip6s, p_ip6_encaps)
# tun_ecn copies only the ecn and always sets DF
exp_tcs = [0, ecn, ecn, ecn]
p_ip6_encaps = [
IPv6(src=self.pg0.local_ip6, dst=tun_ecn.dst, tc=tc)
for tc in exp_tcs
]
self.verify_ip4ip6_encaps(a4s[2], p_ip4s, p_ip6_encaps)
self.verify_ip6ip6_encaps(a6s[2], p_ip6s, p_ip6_encaps)
# tun sets a fixed dscp
fixed_dscp = tun.dscp << 2
p_ip6_encaps = [
IPv6(src=self.pg0.local_ip6, dst=tun.dst, tc=fixed_dscp)
for i in range(len(p_ip4s))
]
self.verify_ip4ip6_encaps(a4s[3], p_ip4s, p_ip6_encaps)
self.verify_ip6ip6_encaps(a6s[3], p_ip6s, p_ip6_encaps)
#
# Decapsulation
#
n_packets_decapped = self.statistics.get_err_counter(
'/err/ipip6-input/packets decapsulated')
self.p_ether = Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac)
# IPv6 tunnel to IPv4
tcs = [0, dscp, dscp_ecn, ecn]
# one overlay packet and all combinations of its encap
p_ip4 = IP(src="1.2.3.4", dst=self.pg0.remote_ip4)
p_ip6_encaps = [
IPv6(src=tun.dst, dst=self.pg0.local_ip6, tc=tc) for tc in tcs
]
# for each encap tun will produce the same inner packet because it does
# not copy up fields from the payload
for p_ip6_encap in p_ip6_encaps:
p6 = (self.p_ether / p_ip6_encap / p_ip4 / self.p_payload)
p4_reply = (p_ip4 / self.p_payload)
p4_reply.ttl -= 1
rx = self.send_and_expect(self.pg1, p6 * N_PACKETS, self.pg0)
n_packets_decapped += N_PACKETS
for p in rx:
self.validate(p[1], p4_reply)
self.assert_packet_checksums_valid(p)
err = self.statistics.get_err_counter(
'/err/ipip6-input/packets decapsulated')
self.assertEqual(err, n_packets_decapped)
# tun_ecn copies the ECN bits from the encap to the inner
p_ip6_encaps = [
IPv6(src=tun_ecn.dst, dst=self.pg0.local_ip6, tc=tc) for tc in tcs
]
p_ip4_replys = [p_ip4.copy() for i in range(len(p_ip6_encaps))]
p_ip4_replys[2].tos = ecn
p_ip4_replys[3].tos = ecn
for i, p_ip6_encap in enumerate(p_ip6_encaps):
p6 = (self.p_ether / p_ip6_encap / p_ip4 / self.p_payload)
p4_reply = (p_ip4_replys[i] / self.p_payload)
p4_reply.ttl -= 1
rx = self.send_and_expect(self.pg1, p6 * N_PACKETS, self.pg0)
n_packets_decapped += N_PACKETS
for p in rx:
self.validate(p[1], p4_reply)
self.assert_packet_checksums_valid(p)
err = self.statistics.get_err_counter(
'/err/ipip6-input/packets decapsulated')
self.assertEqual(err, n_packets_decapped)
# IPv6 tunnel to IPv6
# for each encap tun will produce the same inner packet because it does
# not copy up fields from the payload
p_ip6_encaps = [
IPv6(src=tun.dst, dst=self.pg0.local_ip6, tc=tc) for tc in tcs
]
p_ip6 = IPv6(src="1:2:3::4", dst=self.pg0.remote_ip6)
for p_ip6_encap in p_ip6_encaps:
p6 = (self.p_ether / p_ip6_encap / p_ip6 / self.p_payload)
p6_reply = (p_ip6 / self.p_payload)
p6_reply.hlim = 63
rx = self.send_and_expect(self.pg1, p6 * N_PACKETS, self.pg0)
n_packets_decapped += N_PACKETS
for p in rx:
self.validate(p[1], p6_reply)
self.assert_packet_checksums_valid(p)
err = self.statistics.get_err_counter(
'/err/ipip6-input/packets decapsulated')
self.assertEqual(err, n_packets_decapped)
# IPv6 tunnel to IPv6
# tun_ecn copies the ECN bits from the encap to the inner
p_ip6_encaps = [
IPv6(src=tun_ecn.dst, dst=self.pg0.local_ip6, tc=tc) for tc in tcs
]
p_ip6 = IPv6(src="1:2:3::4", dst=self.pg0.remote_ip6)
p_ip6_replys = [p_ip6.copy() for i in range(len(p_ip6_encaps))]
p_ip6_replys[2].tc = ecn
p_ip6_replys[3].tc = ecn
for i, p_ip6_encap in enumerate(p_ip6_encaps):
p6 = (self.p_ether / p_ip6_encap / p_ip6 / self.p_payload)
p6_reply = (p_ip6_replys[i] / self.p_payload)
p6_reply.hlim = 63
rx = self.send_and_expect(self.pg1, p6 * N_PACKETS, self.pg0)
n_packets_decapped += N_PACKETS
for p in rx:
self.validate(p[1], p6_reply)
self.assert_packet_checksums_valid(p)
err = self.statistics.get_err_counter(
'/err/ipip6-input/packets decapsulated')
self.assertEqual(err, n_packets_decapped)
def test_mipip4(self):
""" p2mp IPv4 tunnel Tests """
for itf in self.pg_interfaces:
#
# one underlay nh for each overlay/tunnel peer
#
itf.generate_remote_hosts(4)
itf.configure_ipv4_neighbors()
#
# Create an p2mo IPIP tunnel.
# - set it admin up
# - assign an IP Addres
# - Add a route via the tunnel
#
ipip_if = VppIpIpTunInterface(
self,
itf,
itf.local_ip4,
"0.0.0.0",
mode=(VppEnum.vl_api_tunnel_mode_t.TUNNEL_API_MODE_MP))
ipip_if.add_vpp_config()
ipip_if.admin_up()
ipip_if.config_ip4()
ipip_if.generate_remote_hosts(4)
self.logger.info(self.vapi.cli("sh adj"))
self.logger.info(self.vapi.cli("sh ip fib"))
#
# ensure we don't match to the tunnel if the source address
# is all zeros
#
# tx = self.create_tunnel_stream_4o4(self.pg0,
# "0.0.0.0",
# itf.local_ip4,
# self.pg0.local_ip4,
# self.pg0.remote_ip4)
# self.send_and_assert_no_replies(self.pg0, tx)
#
# for-each peer
#
for ii in range(1, 4):
route_addr = "4.4.4.%d" % ii
#
# route traffic via the peer
#
route_via_tun = VppIpRoute(self, route_addr, 32, [
VppRoutePath(ipip_if._remote_hosts[ii].ip4,
ipip_if.sw_if_index)
])
route_via_tun.add_vpp_config()
#
# Add a TEIB entry resolves the peer
#
teib = VppTeib(self, ipip_if, ipip_if._remote_hosts[ii].ip4,
itf._remote_hosts[ii].ip4)
teib.add_vpp_config()
self.logger.info(
self.vapi.cli("sh adj nbr ipip0 %s" %
ipip_if._remote_hosts[ii].ip4))
#
# Send a packet stream that is routed into the tunnel
# - packets are IPIP encapped
#
inner = (IP(dst=route_addr, src="5.5.5.5") /
UDP(sport=1234, dport=1234) / Raw(b'0x44' * 100))
tx_e = [
(Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
inner) for x in range(63)
]
rxs = self.send_and_expect(self.pg0, tx_e, itf)
for rx in rxs:
self.assertEqual(rx[IP].src, itf.local_ip4)
self.assertEqual(rx[IP].dst, itf._remote_hosts[ii].ip4)
tx_i = [
(Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(src=itf._remote_hosts[ii].ip4, dst=itf.local_ip4) /
IP(src=self.pg0.local_ip4, dst=self.pg0.remote_ip4) /
UDP(sport=1234, dport=1234) / Raw(b'0x44' * 100))
for x in range(63)
]
self.logger.info(self.vapi.cli("sh ipip tunnel-hash"))
rx = self.send_and_expect(self.pg0, tx_i, self.pg0)
#
# delete and re-add the TEIB
#
teib.remove_vpp_config()
self.send_and_assert_no_replies(self.pg0, tx_e)
self.send_and_assert_no_replies(self.pg0, tx_i)
teib.add_vpp_config()
rx = self.send_and_expect(self.pg0, tx_e, itf)
for rx in rxs:
self.assertEqual(rx[IP].src, itf.local_ip4)
self.assertEqual(rx[IP].dst, itf._remote_hosts[ii].ip4)
rx = self.send_and_expect(self.pg0, tx_i, self.pg0)
ipip_if.admin_down()
ipip_if.unconfig_ip4()
def test_ipip4(self):
""" ip{v4,v6} over ip4 test """
self.pg1.generate_remote_hosts(5)
self.pg1.configure_ipv4_neighbors()
e = VppEnum.vl_api_tunnel_encap_decap_flags_t
d = VppEnum.vl_api_ip_dscp_t
self.p_ether = Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac)
self.p_payload = UDP(sport=1234, dport=1234) / Raw(b'X' * 100)
# create a TOS byte by shifting a DSCP code point 2 bits. those 2 bits
# are for the ECN.
dscp = d.IP_API_DSCP_AF31 << 2
ecn = 3
dscp_ecn = d.IP_API_DSCP_AF31 << 2 | ecn
# IPv4 transport that copies the DCSP from the payload
tun_dscp = VppIpIpTunInterface(
self,
self.pg0,
self.pg0.local_ip4,
self.pg1.remote_hosts[0].ip4,
flags=e.TUNNEL_API_ENCAP_DECAP_FLAG_ENCAP_COPY_DSCP)
tun_dscp.add_vpp_config()
# IPv4 transport that copies the DCSP and ECN from the payload
tun_dscp_ecn = VppIpIpTunInterface(
self,
self.pg0,
self.pg0.local_ip4,
self.pg1.remote_hosts[1].ip4,
flags=(e.TUNNEL_API_ENCAP_DECAP_FLAG_ENCAP_COPY_DSCP
| e.TUNNEL_API_ENCAP_DECAP_FLAG_ENCAP_COPY_ECN))
tun_dscp_ecn.add_vpp_config()
# IPv4 transport that copies the ECN from the payload and sets the
# DF bit on encap. copies the ECN on decap
tun_ecn = VppIpIpTunInterface(
self,
self.pg0,
self.pg0.local_ip4,
self.pg1.remote_hosts[2].ip4,
flags=(e.TUNNEL_API_ENCAP_DECAP_FLAG_ENCAP_COPY_ECN
| e.TUNNEL_API_ENCAP_DECAP_FLAG_ENCAP_SET_DF
| e.TUNNEL_API_ENCAP_DECAP_FLAG_DECAP_COPY_ECN))
tun_ecn.add_vpp_config()
# IPv4 transport that sets a fixed DSCP in the encap and copies
# the DF bit
tun = VppIpIpTunInterface(
self,
self.pg0,
self.pg0.local_ip4,
self.pg1.remote_hosts[3].ip4,
dscp=d.IP_API_DSCP_AF11,
flags=e.TUNNEL_API_ENCAP_DECAP_FLAG_ENCAP_COPY_DF)
tun.add_vpp_config()
# array of all the tunnels
tuns = [tun_dscp, tun_dscp_ecn, tun_ecn, tun]
# addresses for prefixes routed via each tunnel
a4s = ["" for i in range(len(tuns))]
a6s = ["" for i in range(len(tuns))]
# IP headers with each combination of DSCp/ECN tested
p_ip6s = [
IPv6(src="1::1", dst="DEAD::1", nh='UDP', tc=dscp),
IPv6(src="1::1", dst="DEAD::1", nh='UDP', tc=dscp_ecn),
IPv6(src="1::1", dst="DEAD::1", nh='UDP', tc=ecn),
IPv6(src="1::1", dst="DEAD::1", nh='UDP', tc=0xff)
]
p_ip4s = [
IP(src="1.2.3.4", dst="130.67.0.1", tos=dscp, flags='DF'),
IP(src="1.2.3.4", dst="130.67.0.1", tos=dscp_ecn),
IP(src="1.2.3.4", dst="130.67.0.1", tos=ecn),
IP(src="1.2.3.4", dst="130.67.0.1", tos=0xff)
]
# Configure each tunnel
for i, t in enumerate(tuns):
# Set interface up and enable IP on it
self.vapi.sw_interface_set_flags(t.sw_if_index, 1)
self.vapi.sw_interface_set_unnumbered(
sw_if_index=self.pg0.sw_if_index,
unnumbered_sw_if_index=t.sw_if_index)
# prefix for route / destination address for packets
a4s[i] = "130.67.%d.0" % i
a6s[i] = "dead:%d::" % i
# Add IPv4 and IPv6 routes via tunnel interface
ip4_via_tunnel = VppIpRoute(self, a4s[i], 24, [
VppRoutePath("0.0.0.0",
t.sw_if_index,
proto=FibPathProto.FIB_PATH_NH_PROTO_IP4)
])
ip4_via_tunnel.add_vpp_config()
ip6_via_tunnel = VppIpRoute(self, a6s[i], 64, [
VppRoutePath("::",
t.sw_if_index,
proto=FibPathProto.FIB_PATH_NH_PROTO_IP6)
])
ip6_via_tunnel.add_vpp_config()
#
# Encapsulation
#
# tun_dscp copies only the dscp
# expected TC values are thus only the DCSP value is present from the
# inner
exp_tcs = [dscp, dscp, 0, 0xfc]
p_ip44_encaps = [
IP(src=self.pg0.local_ip4, dst=tun_dscp.dst, tos=tc)
for tc in exp_tcs
]
p_ip64_encaps = [
IP(src=self.pg0.local_ip4,
dst=tun_dscp.dst,
proto='ipv6',
id=0,
tos=tc) for tc in exp_tcs
]
# IPv4 in to IPv4 tunnel
self.verify_ip4ip4_encaps(a4s[0], p_ip4s, p_ip44_encaps)
# IPv6 in to IPv4 tunnel
self.verify_ip6ip4_encaps(a6s[0], p_ip6s, p_ip64_encaps)
# tun_dscp_ecn copies the dscp and the ecn
exp_tcs = [dscp, dscp_ecn, ecn, 0xff]
p_ip44_encaps = [
IP(src=self.pg0.local_ip4, dst=tun_dscp_ecn.dst, tos=tc)
for tc in exp_tcs
]
p_ip64_encaps = [
IP(src=self.pg0.local_ip4,
dst=tun_dscp_ecn.dst,
proto='ipv6',
id=0,
tos=tc) for tc in exp_tcs
]
self.verify_ip4ip4_encaps(a4s[1], p_ip4s, p_ip44_encaps)
self.verify_ip6ip4_encaps(a6s[1], p_ip6s, p_ip64_encaps)
# tun_ecn copies only the ecn and always sets DF
exp_tcs = [0, ecn, ecn, ecn]
p_ip44_encaps = [
IP(src=self.pg0.local_ip4, dst=tun_ecn.dst, flags='DF', tos=tc)
for tc in exp_tcs
]
p_ip64_encaps = [
IP(src=self.pg0.local_ip4,
dst=tun_ecn.dst,
flags='DF',
proto='ipv6',
id=0,
tos=tc) for tc in exp_tcs
]
self.verify_ip4ip4_encaps(a4s[2], p_ip4s, p_ip44_encaps)
self.verify_ip6ip4_encaps(a6s[2], p_ip6s, p_ip64_encaps)
# tun sets a fixed dscp and copies DF
fixed_dscp = tun.dscp << 2
flags = ['DF', 0, 0, 0]
p_ip44_encaps = [
IP(src=self.pg0.local_ip4, dst=tun.dst, flags=f, tos=fixed_dscp)
for f in flags
]
p_ip64_encaps = [
IP(src=self.pg0.local_ip4,
dst=tun.dst,
proto='ipv6',
id=0,
tos=fixed_dscp) for i in range(len(p_ip4s))
]
self.verify_ip4ip4_encaps(a4s[3], p_ip4s, p_ip44_encaps)
self.verify_ip6ip4_encaps(a6s[3], p_ip6s, p_ip64_encaps)
#
# Decapsulation
#
n_packets_decapped = 0
self.p_ether = Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac)
# IPv4 tunnel to IPv4
tcs = [0, dscp, dscp_ecn, ecn]
# one overlay packet and all combinations of its encap
p_ip4 = IP(src="1.2.3.4", dst=self.pg0.remote_ip4)
p_ip4_encaps = [
IP(src=tun.dst, dst=self.pg0.local_ip4, tos=tc) for tc in tcs
]
# for each encap tun will produce the same inner packet because it does
# not copy up fields from the payload
for p_ip4_encap in p_ip4_encaps:
p4 = (self.p_ether / p_ip4_encap / p_ip4 / self.p_payload)
p4_reply = (p_ip4 / self.p_payload)
p4_reply.ttl -= 1
rx = self.send_and_expect(self.pg1, p4 * N_PACKETS, self.pg0)
n_packets_decapped += N_PACKETS
for p in rx:
self.validate(p[1], p4_reply)
self.assert_packet_checksums_valid(p)
err = self.statistics.get_err_counter(
'/err/ipip4-input/packets decapsulated')
self.assertEqual(err, n_packets_decapped)
# tun_ecn copies the ECN bits from the encap to the inner
p_ip4_encaps = [
IP(src=tun_ecn.dst, dst=self.pg0.local_ip4, tos=tc) for tc in tcs
]
p_ip4_replys = [p_ip4.copy() for i in range(len(p_ip4_encaps))]
p_ip4_replys[2].tos = ecn
p_ip4_replys[3].tos = ecn
for i, p_ip4_encap in enumerate(p_ip4_encaps):
p4 = (self.p_ether / p_ip4_encap / p_ip4 / self.p_payload)
p4_reply = (p_ip4_replys[i] / self.p_payload)
p4_reply.ttl -= 1
rx = self.send_and_expect(self.pg1, p4 * N_PACKETS, self.pg0)
n_packets_decapped += N_PACKETS
for p in rx:
self.validate(p[1], p4_reply)
self.assert_packet_checksums_valid(p)
err = self.statistics.get_err_counter(
'/err/ipip4-input/packets decapsulated')
self.assertEqual(err, n_packets_decapped)
# IPv4 tunnel to IPv6
# for each encap tun will produce the same inner packet because it does
# not copy up fields from the payload
p_ip4_encaps = [
IP(src=tun.dst, dst=self.pg0.local_ip4, tos=tc) for tc in tcs
]
p_ip6 = IPv6(src="1:2:3::4", dst=self.pg0.remote_ip6)
for p_ip4_encap in p_ip4_encaps:
p6 = (self.p_ether / p_ip4_encap / p_ip6 / self.p_payload)
p6_reply = (p_ip6 / self.p_payload)
p6_reply.hlim = 63
rx = self.send_and_expect(self.pg1, p6 * N_PACKETS, self.pg0)
n_packets_decapped += N_PACKETS
for p in rx:
self.validate(p[1], p6_reply)
self.assert_packet_checksums_valid(p)
err = self.statistics.get_err_counter(
'/err/ipip4-input/packets decapsulated')
self.assertEqual(err, n_packets_decapped)
# IPv4 tunnel to IPv6
# tun_ecn copies the ECN bits from the encap to the inner
p_ip4_encaps = [
IP(src=tun_ecn.dst, dst=self.pg0.local_ip4, tos=tc) for tc in tcs
]
p_ip6 = IPv6(src="1:2:3::4", dst=self.pg0.remote_ip6)
p_ip6_replys = [p_ip6.copy() for i in range(len(p_ip4_encaps))]
p_ip6_replys[2].tc = ecn
p_ip6_replys[3].tc = ecn
for i, p_ip4_encap in enumerate(p_ip4_encaps):
p6 = (self.p_ether / p_ip4_encap / p_ip6 / self.p_payload)
p6_reply = (p_ip6_replys[i] / self.p_payload)
p6_reply.hlim = 63
rx = self.send_and_expect(self.pg1, p6 * N_PACKETS, self.pg0)
n_packets_decapped += N_PACKETS
for p in rx:
self.validate(p[1], p6_reply)
self.assert_packet_checksums_valid(p)
err = self.statistics.get_err_counter(
'/err/ipip4-input/packets decapsulated')
self.assertEqual(err, n_packets_decapped)
#
# Fragmentation / Reassembly and Re-fragmentation
#
rv = self.vapi.ip_reassembly_enable_disable(
sw_if_index=self.pg1.sw_if_index, enable_ip4=1)
self.vapi.ip_reassembly_set(timeout_ms=1000,
max_reassemblies=1000,
max_reassembly_length=1000,
expire_walk_interval_ms=10000,
is_ip6=0)
# Send lots of fragments, verify reassembled packet
frags, p4_reply = self.generate_ip4_frags(3131, 1400)
f = []
for i in range(0, 1000):
f.extend(frags)
self.pg1.add_stream(f)
self.pg_enable_capture()
self.pg_start()
rx = self.pg0.get_capture(1000)
n_packets_decapped += 1000
for p in rx:
self.validate(p[1], p4_reply)
err = self.statistics.get_err_counter(
'/err/ipip4-input/packets decapsulated')
self.assertEqual(err, n_packets_decapped)
f = []
r = []
for i in range(1, 90):
frags, p4_reply = self.generate_ip4_frags(i * 100, 1000)
f.extend(frags)
r.extend(p4_reply)
self.pg_enable_capture()
self.pg1.add_stream(f)
self.pg_start()
rx = self.pg0.get_capture(89)
i = 0
for p in rx:
self.validate(p[1], r[i])
i += 1
# Now try with re-fragmentation
#
# Send fragments to tunnel head-end, for the tunnel head end
# to reassemble and then refragment
#
self.vapi.sw_interface_set_mtu(self.pg0.sw_if_index, [576, 0, 0, 0])
frags, p4_reply = self.generate_ip4_frags(3123, 1200)
self.pg_enable_capture()
self.pg1.add_stream(frags)
self.pg_start()
rx = self.pg0.get_capture(6)
reass_pkt = reassemble4(rx)
p4_reply.id = 256
self.validate(reass_pkt, p4_reply)
self.vapi.sw_interface_set_mtu(self.pg0.sw_if_index, [1600, 0, 0, 0])
frags, p4_reply = self.generate_ip4_frags(3123, 1200)
self.pg_enable_capture()
self.pg1.add_stream(frags)
self.pg_start()
rx = self.pg0.get_capture(2)
reass_pkt = reassemble4(rx)
p4_reply.id = 512
self.validate(reass_pkt, p4_reply)
# send large packets through the tunnel, expect them to be fragmented
self.vapi.sw_interface_set_mtu(tun_dscp.sw_if_index, [600, 0, 0, 0])
p4 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
IP(src="1.2.3.4", dst="130.67.0.1", tos=42) /
UDP(sport=1234, dport=1234) / Raw(b'Q' * 1000))
rx = self.send_and_expect(self.pg0, p4 * 15, self.pg1, 30)
inners = []
for p in rx:
inners.append(p[IP].payload)
reass_pkt = reassemble4(inners)
for p in reass_pkt:
self.assert_packet_checksums_valid(p)
self.assertEqual(p[IP].ttl, 63)
def test_mpls(self):
""" MPLS over ip{6,4} test """
tbl = VppMplsTable(self, 0)
tbl.add_vpp_config()
self.p_ether = Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac)
self.p_payload = UDP(sport=1234, dport=1234) / Raw(b'X' * 100)
f = FibPathProto
# IPv4 transport
tun4 = VppIpIpTunInterface(self, self.pg1, self.pg1.local_ip4,
self.pg1.remote_ip4).add_vpp_config()
tun4.admin_up()
tun4.config_ip4()
tun4.enable_mpls()
# IPv6 transport
tun6 = VppIpIpTunInterface(self, self.pg1, self.pg1.local_ip6,
self.pg1.remote_ip6).add_vpp_config()
tun6.admin_up()
tun6.config_ip6()
tun6.enable_mpls()
# ip routes into the tunnels with output labels
r4 = VppIpRoute(self, "1.1.1.1", 32, [
VppRoutePath(
tun4.remote_ip4, tun4.sw_if_index, labels=[VppMplsLabel(44)])
]).add_vpp_config()
r6 = VppIpRoute(self, "1::1", 128, [
VppRoutePath(
tun6.remote_ip6, tun6.sw_if_index, labels=[VppMplsLabel(66)])
]).add_vpp_config()
# deag MPLS routes from the tunnel
r4 = VppMplsRoute(
self, 44, 1,
[VppRoutePath(self.pg0.remote_ip4, self.pg0.sw_if_index)
]).add_vpp_config()
r6 = VppMplsRoute(
self,
66,
1, [VppRoutePath(self.pg0.remote_ip6, self.pg0.sw_if_index)],
eos_proto=f.FIB_PATH_NH_PROTO_IP6).add_vpp_config()
#
# Tunnel Encap
#
p4 = (self.p_ether / IP(src="2.2.2.2", dst="1.1.1.1") / self.p_payload)
rxs = self.send_and_expect(self.pg0, p4 * N_PACKETS, self.pg1)
for rx in rxs:
self.assertEqual(rx[IP].src, self.pg1.local_ip4)
self.assertEqual(rx[IP].dst, self.pg1.remote_ip4)
self.assertEqual(rx[MPLS].label, 44)
inner = rx[MPLS].payload
self.assertEqual(inner.src, "2.2.2.2")
self.assertEqual(inner.dst, "1.1.1.1")
p6 = (self.p_ether / IPv6(src="2::2", dst="1::1") / self.p_payload)
rxs = self.send_and_expect(self.pg0, p6 * N_PACKETS, self.pg1)
for rx in rxs:
self.assertEqual(rx[IPv6].src, self.pg1.local_ip6)
self.assertEqual(rx[IPv6].dst, self.pg1.remote_ip6)
self.assertEqual(rx[MPLS].label, 66)
inner = rx[MPLS].payload
self.assertEqual(inner.src, "2::2")
self.assertEqual(inner.dst, "1::1")
#
# Tunnel Decap
#
p4 = (self.p_ether /
IP(src=self.pg1.remote_ip4, dst=self.pg1.local_ip4) /
MPLS(label=44, ttl=4) / IP(src="1.1.1.1", dst="2.2.2.2") /
self.p_payload)
rxs = self.send_and_expect(self.pg1, p4 * N_PACKETS, self.pg0)
for rx in rxs:
self.assertEqual(rx[IP].src, "1.1.1.1")
self.assertEqual(rx[IP].dst, "2.2.2.2")
p6 = (self.p_ether /
IPv6(src=self.pg1.remote_ip6, dst=self.pg1.local_ip6) /
MPLS(label=66, ttl=4) / IPv6(src="1::1", dst="2::2") /
self.p_payload)
rxs = self.send_and_expect(self.pg1, p6 * N_PACKETS, self.pg0)
for rx in rxs:
self.assertEqual(rx[IPv6].src, "1::1")
self.assertEqual(rx[IPv6].dst, "2::2")
tun4.disable_mpls()
tun6.disable_mpls()
def test_linux_cp_tun(self):
""" Linux CP TUN """
#
# Setup
#
N_PKTS = 31
# create two pairs, wihch a bunch of hots on the phys
hosts = [self.pg4, self.pg5]
phy = self.pg2
phy.config_ip4()
phy.config_ip6()
phy.resolve_arp()
phy.resolve_ndp()
tun4 = VppIpIpTunInterface(
self,
phy,
phy.local_ip4,
phy.remote_ip4).add_vpp_config()
tun6 = VppIpIpTunInterface(
self,
phy,
phy.local_ip6,
phy.remote_ip6).add_vpp_config()
tuns = [tun4, tun6]
tun4.admin_up()
tun4.config_ip4()
tun6.admin_up()
tun6.config_ip6()
pair1 = VppLcpPair(self, tuns[0], hosts[0]).add_vpp_config()
pair2 = VppLcpPair(self, tuns[1], hosts[1]).add_vpp_config()
self.logger.info(self.vapi.cli("sh lcp adj verbose"))
self.logger.info(self.vapi.cli("sh lcp"))
self.logger.info(self.vapi.cli("sh ip punt redirect"))
#
# Traffic Tests
#
# host to phy for v4
p = (IP(src=tun4.local_ip4, dst="2.2.2.2") /
UDP(sport=1234, dport=1234) /
Raw())
rxs = self.send_and_expect(self.pg4, p * N_PKTS, phy)
# verify inner packet is unchanged and has the tunnel encap
for rx in rxs:
self.assertEqual(rx[Ether].dst, phy.remote_mac)
self.assertEqual(rx[IP].dst, phy.remote_ip4)
self.assertEqual(rx[IP].src, phy.local_ip4)
inner = IP(rx[IP].payload)
self.assertEqual(inner.src, tun4.local_ip4)
self.assertEqual(inner.dst, "2.2.2.2")
# host to phy for v6
p = (IPv6(src=tun6.local_ip6, dst="2::2") /
UDP(sport=1234, dport=1234) /
Raw())
rxs = self.send_and_expect(self.pg5, p * N_PKTS, phy)
# verify inner packet is unchanged and has the tunnel encap
for rx in rxs:
self.assertEqual(rx[IPv6].dst, phy.remote_ip6)
self.assertEqual(rx[IPv6].src, phy.local_ip6)
inner = IPv6(rx[IPv6].payload)
self.assertEqual(inner.src, tun6.local_ip6)
self.assertEqual(inner.dst, "2::2")
# phy to host v4
p = (Ether(dst=phy.local_mac, src=phy.remote_mac) /
IP(dst=phy.local_ip4, src=phy.remote_ip4) /
IP(dst=tun4.local_ip4, src=tun4.remote_ip4) /
UDP(sport=1234, dport=1234) /
Raw())
rxs = self.send_and_expect(phy, p * N_PKTS, self.pg4)
for rx in rxs:
rx = IP(rx)
self.assertEqual(rx[IP].dst, tun4.local_ip4)
self.assertEqual(rx[IP].src, tun4.remote_ip4)
# phy to host v6
p = (Ether(dst=phy.local_mac, src=phy.remote_mac) /
IPv6(dst=phy.local_ip6, src=phy.remote_ip6) /
IPv6(dst=tun6.local_ip6, src=tun6.remote_ip6) /
UDP(sport=1234, dport=1234) /
Raw())
rxs = self.send_and_expect(phy, p * N_PKTS, self.pg5)
for rx in rxs:
rx = IPv6(rx)
self.assertEqual(rx[IPv6].dst, tun6.local_ip6)
self.assertEqual(rx[IPv6].src, tun6.remote_ip6)
# cleanup
phy.unconfig_ip4()
phy.unconfig_ip6()
tun4.unconfig_ip4()
tun6.unconfig_ip6()