2 """ACL IRB Test Case HLD:
5 - L2 MAC learning enabled in l2bd
6 - 2 routed interfaces untagged, bvi (Bridge Virtual Interface)
7 - 2 bridged interfaces in l2bd with bvi
10 - sending ip4 eth pkts between routed interfaces
12 - 2 bridged interfaces
14 - 64B, 512B, 1518B, 9200B (ether_size)
16 - burst of pkts per interface
18 - routed pkts hitting different FIB entries
19 - bridged pkts hitting different MAC entries
22 - all packets received correctly
27 from socket import inet_pton, AF_INET, AF_INET6
28 from random import choice
29 from pprint import pprint
31 from scapy.packet import Raw
32 from scapy.layers.l2 import Ether
33 from scapy.layers.inet import IP, UDP, ICMP, TCP
34 from scapy.layers.inet6 import IPv6, ICMPv6Unknown, ICMPv6EchoRequest
35 from scapy.layers.inet6 import ICMPv6EchoReply, IPv6ExtHdrRouting
36 from scapy.layers.inet6 import IPv6ExtHdrFragment
38 from framework import VppTestCase, VppTestRunner
42 class TestIpIrb(VppTestCase):
48 #. Create BD with MAC learning enabled and put interfaces to this BD.
49 #. Configure IPv4 addresses on loopback interface and routed interface.
50 #. Configure MAC address binding to IPv4 neighbors on loop0.
51 #. Configure MAC address on pg2.
52 #. Loopback BVI interface has remote hosts, one half of hosts are
53 behind pg0 second behind pg1.
55 super(TestIpIrb, cls).setUpClass()
57 cls.pg_if_packet_sizes = [64, 512, 1518, 9018] # packet sizes
59 cls.remote_hosts_count = 250
61 # create 3 pg interfaces, 1 loopback interface
62 cls.create_pg_interfaces(range(3))
63 cls.create_loopback_interfaces(range(1))
65 cls.interfaces = list(cls.pg_interfaces)
66 cls.interfaces.extend(cls.lo_interfaces)
68 for i in cls.interfaces:
71 # Create BD with MAC learning enabled and put interfaces to this BD
72 cls.vapi.sw_interface_set_l2_bridge(
73 cls.loop0.sw_if_index, bd_id=cls.bd_id, bvi=1)
74 cls.vapi.sw_interface_set_l2_bridge(
75 cls.pg0.sw_if_index, bd_id=cls.bd_id)
76 cls.vapi.sw_interface_set_l2_bridge(
77 cls.pg1.sw_if_index, bd_id=cls.bd_id)
79 # Configure IPv4 addresses on loopback interface and routed interface
80 cls.loop0.config_ip4()
81 cls.loop0.config_ip6()
85 # Configure MAC address binding to IPv4 neighbors on loop0
86 cls.loop0.generate_remote_hosts(cls.remote_hosts_count)
87 cls.loop0.configure_ipv4_neighbors()
88 cls.loop0.configure_ipv6_neighbors()
89 # configure MAC address on pg2
93 cls.WITHOUT_EH = False
96 # Loopback BVI interface has remote hosts, one half of hosts are behind
97 # pg0 second behind pg1
98 half = cls.remote_hosts_count // 2
99 cls.pg0.remote_hosts = cls.loop0.remote_hosts[:half]
100 cls.pg1.remote_hosts = cls.loop0.remote_hosts[half:]
103 """Run standard test teardown and log ``show l2patch``,
104 ``show l2fib verbose``,``show bridge-domain <bd_id> detail``,
107 super(TestIpIrb, self).tearDown()
108 if not self.vpp_dead:
109 self.logger.info(self.vapi.cli("show l2patch"))
110 self.logger.info(self.vapi.cli("show classify tables"))
111 self.logger.info(self.vapi.cli("show vlib graph"))
112 self.logger.info(self.vapi.cli("show l2fib verbose"))
113 self.logger.info(self.vapi.cli("show bridge-domain %s detail" %
115 self.logger.info(self.vapi.cli("show ip arp"))
116 self.logger.info(self.vapi.cli("show ip6 neighbors"))
117 self.logger.info(self.vapi.cli("show acl-plugin sessions"))
118 self.logger.info(self.vapi.cli("show acl-plugin acl"))
119 self.logger.info(self.vapi.cli("show acl-plugin interface"))
120 self.logger.info(self.vapi.cli("show acl-plugin tables"))
122 def create_stream(self, src_ip_if, dst_ip_if, reverse, packet_sizes,
123 is_ip6, expect_blocked, expect_established,
124 add_extension_header):
128 permit_and_reflect_rules = []
129 total_packet_count = 8
130 for i in range(0, total_packet_count):
132 can_reflect_this_packet = (modulo == 0)
134 remote_dst_index = i % len(dst_ip_if.remote_hosts)
135 remote_dst_host = dst_ip_if.remote_hosts[remote_dst_index]
137 info = self.create_packet_info(src_ip_if, dst_ip_if)
138 payload = self.info_to_payload(info)
140 to_be_blocked = False
141 if (expect_blocked and not expect_established):
143 if (not can_reflect_this_packet):
146 payload = "to be blocked"
148 info = self.create_packet_info(src_ip_if, dst_ip_if)
149 payload = self.info_to_payload(info)
151 dst_mac = 'de:ad:00:00:00:00'
152 src_mac = remote_dst_host._mac
153 dst_ip6 = src_ip_if.remote_ip6
154 src_ip6 = remote_dst_host.ip6
155 dst_ip4 = src_ip_if.remote_ip4
156 src_ip4 = remote_dst_host.ip4
160 dst_mac = src_ip_if.local_mac
161 src_mac = src_ip_if.remote_mac
162 src_ip6 = src_ip_if.remote_ip6
163 dst_ip6 = remote_dst_host.ip6
164 src_ip4 = src_ip_if.remote_ip4
165 dst_ip4 = remote_dst_host.ip4
169 # default ULP should be something we do not use in tests
170 ulp_l4 = TCP(sport=src_l4, dport=dst_l4)
171 # potentially a chain of protocols leading to ULP
174 if can_reflect_this_packet:
176 ulp_l4 = UDP(sport=src_l4, dport=dst_l4)
177 if add_extension_header:
178 # prepend some extension headers
179 ulp = (IPv6ExtHdrRouting() / IPv6ExtHdrRouting() /
180 IPv6ExtHdrFragment(offset=0, m=1) / ulp_l4)
181 # uncomment below to test invalid ones
182 # ulp = IPv6ExtHdrRouting(len = 200) / ulp_l4
185 p = (Ether(dst=dst_mac, src=src_mac) /
186 IPv6(src=src_ip6, dst=dst_ip6) /
190 ulp_l4 = UDP(sport=src_l4, dport=dst_l4)
191 # IPv4 does not allow extension headers,
192 # but we rather make it a first fragment
193 flags = 1 if add_extension_header else 0
195 p = (Ether(dst=dst_mac, src=src_mac) /
196 IP(src=src_ip4, dst=dst_ip4, frag=0, flags=flags) /
201 ulp_l4 = ICMPv6Unknown(type=128 + (i % 2), code=i % 2)
203 p = (Ether(dst=dst_mac, src=src_mac) /
204 IPv6(src=src_ip6, dst=dst_ip6) /
208 ulp_l4 = ICMP(type=8 + (i % 2), code=i % 2)
210 p = (Ether(dst=dst_mac, src=src_mac) /
211 IP(src=src_ip4, dst=dst_ip4) /
217 size = packet_sizes[(i // 2) % len(packet_sizes)]
218 self.extend_packet(p, size)
221 rule_family = AF_INET6 if p.haslayer(IPv6) else AF_INET
222 rule_prefix_len = 128 if p.haslayer(IPv6) else 32
223 rule_l3_layer = IPv6 if p.haslayer(IPv6) else IP
226 rule_l4_sport = p[UDP].sport
227 rule_l4_dport = p[UDP].dport
230 rule_l4_sport = p[ICMP].type
231 rule_l4_dport = p[ICMP].code
233 rule_l4_sport = p[ICMPv6Unknown].type
234 rule_l4_dport = p[ICMPv6Unknown].code
236 rule_l4_proto = ulp_l4.overload_fields[IPv6]['nh']
238 rule_l4_proto = p[IP].proto
241 'is_permit': is_permit,
242 'is_ipv6': p.haslayer(IPv6),
243 'src_ip_addr': inet_pton(rule_family,
244 p[rule_l3_layer].src),
245 'src_ip_prefix_len': rule_prefix_len,
246 'dst_ip_addr': inet_pton(rule_family,
247 p[rule_l3_layer].dst),
248 'dst_ip_prefix_len': rule_prefix_len,
249 'srcport_or_icmptype_first': rule_l4_sport,
250 'srcport_or_icmptype_last': rule_l4_sport,
251 'dstport_or_icmpcode_first': rule_l4_dport,
252 'dstport_or_icmpcode_last': rule_l4_dport,
253 'proto': rule_l4_proto,
255 rules.append(new_rule)
256 new_rule_permit = new_rule.copy()
257 new_rule_permit['is_permit'] = 1
258 permit_rules.append(new_rule_permit)
260 new_rule_permit_and_reflect = new_rule.copy()
261 if can_reflect_this_packet:
262 new_rule_permit_and_reflect['is_permit'] = 2
264 new_rule_permit_and_reflect['is_permit'] = is_permit
265 permit_and_reflect_rules.append(new_rule_permit_and_reflect)
267 return {'stream': pkts,
269 'permit_rules': permit_rules,
270 'permit_and_reflect_rules': permit_and_reflect_rules}
272 def verify_capture(self, dst_ip_if, src_ip_if, capture, reverse):
274 for i in self.interfaces:
275 last_info[i.sw_if_index] = None
277 dst_ip_sw_if_index = dst_ip_if.sw_if_index
280 for packet in capture:
281 l3 = IP if packet.haslayer(IP) else IPv6
283 if packet.haslayer(UDP):
286 if packet.haslayer(ICMP):
291 # Scapy IPv6 stuff is too smart for its own good.
292 # So we do this and coerce the ICMP into unknown type
293 if packet.haslayer(UDP):
294 data = str(packet[UDP][Raw])
297 data = str(ICMP(str(packet[l3].payload))[Raw])
299 data = str(ICMPv6Unknown(str(packet[l3].payload)).msgbody)
300 udp_or_icmp = packet[l3].payload
301 payload_info = self.payload_to_info(data)
302 packet_index = payload_info.index
304 self.assertEqual(payload_info.dst, dst_ip_sw_if_index)
306 next_info = self.get_next_packet_info_for_interface2(
307 payload_info.src, dst_ip_sw_if_index,
308 last_info[payload_info.src])
309 last_info[payload_info.src] = next_info
310 self.assertTrue(next_info is not None)
311 self.assertEqual(packet_index, next_info.index)
312 saved_packet = next_info.data
313 self.assertTrue(next_info is not None)
317 self.assertEqual(packet.src, dst_ip_if.local_mac)
318 host = dst_ip_if.host_by_mac(packet.dst)
321 # self.assertEqual(ip.src, src_ip_if.remote_ip4)
322 if saved_packet is not None:
323 self.assertEqual(ip.src, saved_packet[l3].src)
324 self.assertEqual(ip.dst, saved_packet[l3].dst)
326 self.assertEqual(udp_or_icmp.sport, saved_packet[l4].sport)
327 self.assertEqual(udp_or_icmp.dport, saved_packet[l4].dport)
329 print("Saved packet is none")
330 # self.assertEqual(ip.dst, host.ip4)
334 def create_acls_for_a_stream(self, stream_dict,
335 test_l2_action, is_reflect):
336 r = stream_dict['rules']
337 r_permit = stream_dict['permit_rules']
338 r_permit_reflect = stream_dict['permit_and_reflect_rules']
339 r_action = r_permit_reflect if is_reflect else r
340 reply = self.vapi.acl_add_replace(acl_index=4294967295, r=r_action,
342 action_acl_index = reply.acl_index
343 reply = self.vapi.acl_add_replace(acl_index=4294967295, r=r_permit,
345 permit_acl_index = reply.acl_index
346 return {'L2': action_acl_index if test_l2_action else permit_acl_index,
347 'L3': permit_acl_index if test_l2_action else action_acl_index,
348 'permit': permit_acl_index, 'action': action_acl_index}
350 def apply_acl_ip46_x_to_y(self, bridged_to_routed, test_l2_deny,
351 is_ip6, is_reflect, add_eh):
354 self.reset_packet_infos()
355 stream_dict = self.create_stream(
356 self.pg2, self.loop0,
358 self.pg_if_packet_sizes, is_ip6,
359 not is_reflect, False, add_eh)
360 stream = stream_dict['stream']
361 acl_idx = self.create_acls_for_a_stream(stream_dict, test_l2_deny,
363 n_input_l3 = 0 if bridged_to_routed else 1
364 n_input_l2 = 1 if bridged_to_routed else 0
365 self.vapi.acl_interface_set_acl_list(sw_if_index=self.pg2.sw_if_index,
367 acls=[acl_idx['L3']])
368 self.vapi.acl_interface_set_acl_list(sw_if_index=self.pg0.sw_if_index,
370 acls=[acl_idx['L2']])
371 self.vapi.acl_interface_set_acl_list(sw_if_index=self.pg1.sw_if_index,
373 acls=[acl_idx['L2']])
375 def apply_acl_ip46_both_directions_reflect(self,
376 primary_is_bridged_to_routed,
377 reflect_on_l2, is_ip6, add_eh):
378 primary_is_routed_to_bridged = not primary_is_bridged_to_routed
379 self.reset_packet_infos()
380 stream_dict_fwd = self.create_stream(self.pg2, self.loop0,
381 primary_is_bridged_to_routed,
382 self.pg_if_packet_sizes, is_ip6,
383 False, False, add_eh)
384 acl_idx_fwd = self.create_acls_for_a_stream(stream_dict_fwd,
387 stream_dict_rev = self.create_stream(self.pg2, self.loop0,
388 not primary_is_bridged_to_routed,
389 self.pg_if_packet_sizes, is_ip6,
391 # We want the primary action to be "deny" rather than reflect
392 acl_idx_rev = self.create_acls_for_a_stream(stream_dict_rev,
393 reflect_on_l2, False)
395 if primary_is_bridged_to_routed:
396 inbound_l2_acl = acl_idx_fwd['L2']
398 inbound_l2_acl = acl_idx_rev['L2']
400 if primary_is_routed_to_bridged:
401 outbound_l2_acl = acl_idx_fwd['L2']
403 outbound_l2_acl = acl_idx_rev['L2']
405 if primary_is_routed_to_bridged:
406 inbound_l3_acl = acl_idx_fwd['L3']
408 inbound_l3_acl = acl_idx_rev['L3']
410 if primary_is_bridged_to_routed:
411 outbound_l3_acl = acl_idx_fwd['L3']
413 outbound_l3_acl = acl_idx_rev['L3']
415 self.vapi.acl_interface_set_acl_list(sw_if_index=self.pg2.sw_if_index,
417 acls=[inbound_l3_acl,
419 self.vapi.acl_interface_set_acl_list(sw_if_index=self.pg0.sw_if_index,
421 acls=[inbound_l2_acl,
423 self.vapi.acl_interface_set_acl_list(sw_if_index=self.pg1.sw_if_index,
425 acls=[inbound_l2_acl,
428 def apply_acl_ip46_routed_to_bridged(self, test_l2_deny, is_ip6,
430 self.apply_acl_ip46_x_to_y(False, test_l2_deny, is_ip6,
433 def apply_acl_ip46_bridged_to_routed(self, test_l2_deny, is_ip6,
435 self.apply_acl_ip46_x_to_y(True, test_l2_deny, is_ip6,
438 def run_traffic_ip46_x_to_y(self, bridged_to_routed,
439 test_l2_deny, is_ip6,
440 is_reflect, is_established, add_eh):
441 self.reset_packet_infos()
442 stream_dict = self.create_stream(self.pg2, self.loop0,
444 self.pg_if_packet_sizes, is_ip6,
445 not is_reflect, is_established,
447 stream = stream_dict['stream']
449 tx_if = self.pg0 if bridged_to_routed else self.pg2
450 rx_if = self.pg2 if bridged_to_routed else self.pg0
452 tx_if.add_stream(stream)
453 self.pg_enable_capture(self.pg_interfaces)
455 packet_count = self.get_packet_count_for_if_idx(self.loop0.sw_if_index)
456 rcvd1 = rx_if.get_capture(packet_count)
457 self.verify_capture(self.loop0, self.pg2, rcvd1, bridged_to_routed)
459 def run_traffic_ip46_routed_to_bridged(self, test_l2_deny, is_ip6,
460 is_reflect, is_established, add_eh):
461 self.run_traffic_ip46_x_to_y(False, test_l2_deny, is_ip6,
462 is_reflect, is_established, add_eh)
464 def run_traffic_ip46_bridged_to_routed(self, test_l2_deny, is_ip6,
465 is_reflect, is_established, add_eh):
466 self.run_traffic_ip46_x_to_y(True, test_l2_deny, is_ip6,
467 is_reflect, is_established, add_eh)
469 def run_test_ip46_routed_to_bridged(self, test_l2_deny,
470 is_ip6, is_reflect, add_eh):
471 self.apply_acl_ip46_routed_to_bridged(test_l2_deny,
472 is_ip6, is_reflect, add_eh)
473 self.run_traffic_ip46_routed_to_bridged(test_l2_deny, is_ip6,
474 is_reflect, False, add_eh)
476 def run_test_ip46_bridged_to_routed(self, test_l2_deny,
477 is_ip6, is_reflect, add_eh):
478 self.apply_acl_ip46_bridged_to_routed(test_l2_deny,
479 is_ip6, is_reflect, add_eh)
480 self.run_traffic_ip46_bridged_to_routed(test_l2_deny, is_ip6,
481 is_reflect, False, add_eh)
483 def run_test_ip46_routed_to_bridged_and_back(self, test_l2_action,
485 self.apply_acl_ip46_both_directions_reflect(False, test_l2_action,
487 self.run_traffic_ip46_routed_to_bridged(test_l2_action, is_ip6,
489 self.run_traffic_ip46_bridged_to_routed(test_l2_action, is_ip6,
492 def run_test_ip46_bridged_to_routed_and_back(self, test_l2_action,
494 self.apply_acl_ip46_both_directions_reflect(True, test_l2_action,
496 self.run_traffic_ip46_bridged_to_routed(test_l2_action, is_ip6,
498 self.run_traffic_ip46_routed_to_bridged(test_l2_action, is_ip6,
501 def test_0000_ip6_irb_1(self):
502 """ ACL plugin prepare"""
503 if not self.vpp_dead:
504 cmd = "set acl-plugin session timeout udp idle 2000"
505 self.logger.info(self.vapi.ppcli(cmd))
506 # uncomment to not skip past the routing header
507 # and watch the EH tests fail
508 # self.logger.info(self.vapi.ppcli(
509 # "set acl-plugin skip-ipv6-extension-header 43 0"))
510 # uncomment to test the session limit (stateful tests will fail)
511 # self.logger.info(self.vapi.ppcli(
512 # "set acl-plugin session table max-entries 1"))
513 # new datapath is the default, but just in case
514 # self.logger.info(self.vapi.ppcli(
515 # "set acl-plugin l2-datapath new"))
516 # If you want to see some tests fail, uncomment the next line
517 # self.logger.info(self.vapi.ppcli(
518 # "set acl-plugin l2-datapath old"))
520 def test_0001_ip6_irb_1(self):
521 """ ACL IPv6 routed -> bridged, L2 ACL deny"""
522 self.run_test_ip46_routed_to_bridged(True, True, False,
525 def test_0002_ip6_irb_1(self):
526 """ ACL IPv6 routed -> bridged, L3 ACL deny"""
527 self.run_test_ip46_routed_to_bridged(False, True, False,
530 def test_0003_ip4_irb_1(self):
531 """ ACL IPv4 routed -> bridged, L2 ACL deny"""
532 self.run_test_ip46_routed_to_bridged(True, False, False,
535 def test_0004_ip4_irb_1(self):
536 """ ACL IPv4 routed -> bridged, L3 ACL deny"""
537 self.run_test_ip46_routed_to_bridged(False, False, False,
540 def test_0005_ip6_irb_1(self):
541 """ ACL IPv6 bridged -> routed, L2 ACL deny """
542 self.run_test_ip46_bridged_to_routed(True, True, False,
545 def test_0006_ip6_irb_1(self):
546 """ ACL IPv6 bridged -> routed, L3 ACL deny """
547 self.run_test_ip46_bridged_to_routed(False, True, False,
550 def test_0007_ip6_irb_1(self):
551 """ ACL IPv4 bridged -> routed, L2 ACL deny """
552 self.run_test_ip46_bridged_to_routed(True, False, False,
555 def test_0008_ip6_irb_1(self):
556 """ ACL IPv4 bridged -> routed, L3 ACL deny """
557 self.run_test_ip46_bridged_to_routed(False, False, False,
561 def test_0101_ip6_irb_1(self):
562 """ ACL IPv6 routed -> bridged, L2 ACL permit+reflect"""
563 self.run_test_ip46_routed_to_bridged_and_back(True, True,
566 def test_0102_ip6_irb_1(self):
567 """ ACL IPv6 bridged -> routed, L2 ACL permit+reflect"""
568 self.run_test_ip46_bridged_to_routed_and_back(True, True,
571 def test_0103_ip6_irb_1(self):
572 """ ACL IPv4 routed -> bridged, L2 ACL permit+reflect"""
573 self.run_test_ip46_routed_to_bridged_and_back(True, False,
576 def test_0104_ip6_irb_1(self):
577 """ ACL IPv4 bridged -> routed, L2 ACL permit+reflect"""
578 self.run_test_ip46_bridged_to_routed_and_back(True, False,
581 def test_0111_ip6_irb_1(self):
582 """ ACL IPv6 routed -> bridged, L3 ACL permit+reflect"""
583 self.run_test_ip46_routed_to_bridged_and_back(False, True,
586 def test_0112_ip6_irb_1(self):
587 """ ACL IPv6 bridged -> routed, L3 ACL permit+reflect"""
588 self.run_test_ip46_bridged_to_routed_and_back(False, True,
591 def test_0113_ip6_irb_1(self):
592 """ ACL IPv4 routed -> bridged, L3 ACL permit+reflect"""
593 self.run_test_ip46_routed_to_bridged_and_back(False, False,
596 def test_0114_ip6_irb_1(self):
597 """ ACL IPv4 bridged -> routed, L3 ACL permit+reflect"""
598 self.run_test_ip46_bridged_to_routed_and_back(False, False,
601 # A block of tests with extension headers
603 def test_1001_ip6_irb_1(self):
604 """ ACL IPv6+EH routed -> bridged, L2 ACL deny"""
605 self.run_test_ip46_routed_to_bridged(True, True, False,
608 def test_1002_ip6_irb_1(self):
609 """ ACL IPv6+EH routed -> bridged, L3 ACL deny"""
610 self.run_test_ip46_routed_to_bridged(False, True, False,
613 def test_1005_ip6_irb_1(self):
614 """ ACL IPv6+EH bridged -> routed, L2 ACL deny """
615 self.run_test_ip46_bridged_to_routed(True, True, False,
618 def test_1006_ip6_irb_1(self):
619 """ ACL IPv6+EH bridged -> routed, L3 ACL deny """
620 self.run_test_ip46_bridged_to_routed(False, True, False,
623 def test_1101_ip6_irb_1(self):
624 """ ACL IPv6+EH routed -> bridged, L2 ACL permit+reflect"""
625 self.run_test_ip46_routed_to_bridged_and_back(True, True,
628 def test_1102_ip6_irb_1(self):
629 """ ACL IPv6+EH bridged -> routed, L2 ACL permit+reflect"""
630 self.run_test_ip46_bridged_to_routed_and_back(True, True,
633 def test_1111_ip6_irb_1(self):
634 """ ACL IPv6+EH routed -> bridged, L3 ACL permit+reflect"""
635 self.run_test_ip46_routed_to_bridged_and_back(False, True,
638 def test_1112_ip6_irb_1(self):
639 """ ACL IPv6+EH bridged -> routed, L3 ACL permit+reflect"""
640 self.run_test_ip46_bridged_to_routed_and_back(False, True,
643 # IPv4 with "MF" bit set
645 def test_1201_ip6_irb_1(self):
646 """ ACL IPv4+MF routed -> bridged, L2 ACL deny"""
647 self.run_test_ip46_routed_to_bridged(True, False, False,
650 def test_1202_ip6_irb_1(self):
651 """ ACL IPv4+MF routed -> bridged, L3 ACL deny"""
652 self.run_test_ip46_routed_to_bridged(False, False, False,
655 def test_1205_ip6_irb_1(self):
656 """ ACL IPv4+MF bridged -> routed, L2 ACL deny """
657 self.run_test_ip46_bridged_to_routed(True, False, False,
660 def test_1206_ip6_irb_1(self):
661 """ ACL IPv4+MF bridged -> routed, L3 ACL deny """
662 self.run_test_ip46_bridged_to_routed(False, False, False,
665 def test_1301_ip6_irb_1(self):
666 """ ACL IPv4+MF routed -> bridged, L2 ACL permit+reflect"""
667 self.run_test_ip46_routed_to_bridged_and_back(True, False,
670 def test_1302_ip6_irb_1(self):
671 """ ACL IPv4+MF bridged -> routed, L2 ACL permit+reflect"""
672 self.run_test_ip46_bridged_to_routed_and_back(True, False,
675 def test_1311_ip6_irb_1(self):
676 """ ACL IPv4+MF routed -> bridged, L3 ACL permit+reflect"""
677 self.run_test_ip46_routed_to_bridged_and_back(False, False,
680 def test_1312_ip6_irb_1(self):
681 """ ACL IPv4+MF bridged -> routed, L3 ACL permit+reflect"""
682 self.run_test_ip46_bridged_to_routed_and_back(False, False,
685 if __name__ == '__main__':
686 unittest.main(testRunner=VppTestRunner)