2 """ACL IRB Test Case HLD:
5 - L2 MAC learning enabled in l2bd
6 - 2 routed interfaces untagged, bvi (Bridge Virtual Interface)
7 - 2 bridged interfaces in l2bd with bvi
10 - sending ip4 eth pkts between routed interfaces
12 - 2 bridged interfaces
14 - 64B, 512B, 1518B, 9200B (ether_size)
16 - burst of pkts per interface
18 - routed pkts hitting different FIB entries
19 - bridged pkts hitting different MAC entries
22 - all packets received correctly
27 from socket import inet_pton, AF_INET, AF_INET6
28 from random import choice
29 from pprint import pprint
31 from scapy.packet import Raw
32 from scapy.layers.l2 import Ether
33 from scapy.layers.inet import IP, UDP, ICMP, TCP
34 from scapy.layers.inet6 import IPv6, ICMPv6Unknown, ICMPv6EchoRequest
35 from scapy.layers.inet6 import ICMPv6EchoReply, IPv6ExtHdrRouting
36 from scapy.layers.inet6 import IPv6ExtHdrFragment
38 from framework import VppTestCase, VppTestRunner
42 class TestIpIrb(VppTestCase):
48 #. Create BD with MAC learning enabled and put interfaces to this BD.
49 #. Configure IPv4 addresses on loopback interface and routed interface.
50 #. Configure MAC address binding to IPv4 neighbors on loop0.
51 #. Configure MAC address on pg2.
52 #. Loopback BVI interface has remote hosts, one half of hosts are
53 behind pg0 second behind pg1.
55 super(TestIpIrb, cls).setUpClass()
57 cls.pg_if_packet_sizes = [64, 512, 1518, 9018] # packet sizes
59 cls.remote_hosts_count = 250
61 # create 3 pg interfaces, 1 loopback interface
62 cls.create_pg_interfaces(range(3))
63 cls.create_loopback_interfaces(range(1))
65 cls.interfaces = list(cls.pg_interfaces)
66 cls.interfaces.extend(cls.lo_interfaces)
68 for i in cls.interfaces:
71 # Create BD with MAC learning enabled and put interfaces to this BD
72 cls.vapi.sw_interface_set_l2_bridge(
73 cls.loop0.sw_if_index, bd_id=cls.bd_id, bvi=1)
74 cls.vapi.sw_interface_set_l2_bridge(
75 cls.pg0.sw_if_index, bd_id=cls.bd_id)
76 cls.vapi.sw_interface_set_l2_bridge(
77 cls.pg1.sw_if_index, bd_id=cls.bd_id)
79 # Configure IPv4 addresses on loopback interface and routed interface
80 cls.loop0.config_ip4()
81 cls.loop0.config_ip6()
85 # Configure MAC address binding to IPv4 neighbors on loop0
86 cls.loop0.generate_remote_hosts(cls.remote_hosts_count)
87 cls.loop0.configure_ipv4_neighbors()
88 cls.loop0.configure_ipv6_neighbors()
89 # configure MAC address on pg2
93 cls.WITHOUT_EH = False
96 # Loopback BVI interface has remote hosts, one half of hosts are behind
97 # pg0 second behind pg1
98 half = cls.remote_hosts_count // 2
99 cls.pg0.remote_hosts = cls.loop0.remote_hosts[:half]
100 cls.pg1.remote_hosts = cls.loop0.remote_hosts[half:]
103 """Run standard test teardown and log ``show l2patch``,
104 ``show l2fib verbose``,``show bridge-domain <bd_id> detail``,
107 super(TestIpIrb, self).tearDown()
108 if not self.vpp_dead:
109 self.logger.info(self.vapi.cli("show l2patch"))
110 self.logger.info(self.vapi.cli("show classify tables"))
111 self.logger.info(self.vapi.cli("show vlib graph"))
112 self.logger.info(self.vapi.cli("show l2fib verbose"))
113 self.logger.info(self.vapi.cli("show bridge-domain %s detail" %
115 self.logger.info(self.vapi.cli("show ip arp"))
116 self.logger.info(self.vapi.cli("show ip6 neighbors"))
117 self.logger.info(self.vapi.cli("show acl-plugin sessions"))
119 def api_acl_add_replace(self, acl_index, r, count, tag="",
121 """Add/replace an ACL
123 :param int acl_index: ACL index to replace, 4294967295 to create new.
124 :param acl_rule r: ACL rules array.
125 :param str tag: symbolic tag (description) for this ACL.
126 :param int count: number of rules.
128 return self.vapi.api(self.vapi.papi.acl_add_replace,
129 {'acl_index': acl_index,
133 }, expected_retval=expected_retval)
135 def api_acl_interface_set_acl_list(self, sw_if_index, count, n_input, acls,
137 return self.vapi.api(self.vapi.papi.acl_interface_set_acl_list,
138 {'sw_if_index': sw_if_index,
142 }, expected_retval=expected_retval)
144 def api_acl_dump(self, acl_index, expected_retval=0):
145 return self.vapi.api(self.vapi.papi.acl_dump,
146 {'acl_index': acl_index},
147 expected_retval=expected_retval)
149 def create_stream(self, src_ip_if, dst_ip_if, reverse, packet_sizes,
150 is_ip6, expect_blocked, expect_established,
151 add_extension_header):
155 permit_and_reflect_rules = []
156 total_packet_count = 8
157 for i in range(0, total_packet_count):
159 can_reflect_this_packet = (modulo == 0)
161 remote_dst_index = i % len(dst_ip_if.remote_hosts)
162 remote_dst_host = dst_ip_if.remote_hosts[remote_dst_index]
164 info = self.create_packet_info(src_ip_if, dst_ip_if)
165 payload = self.info_to_payload(info)
167 to_be_blocked = False
168 if (expect_blocked and not expect_established):
170 if (not can_reflect_this_packet):
173 payload = "to be blocked"
175 info = self.create_packet_info(src_ip_if, dst_ip_if)
176 payload = self.info_to_payload(info)
178 dst_mac = 'de:ad:00:00:00:00'
179 src_mac = remote_dst_host._mac
180 dst_ip6 = src_ip_if.remote_ip6
181 src_ip6 = remote_dst_host.ip6
182 dst_ip4 = src_ip_if.remote_ip4
183 src_ip4 = remote_dst_host.ip4
187 dst_mac = src_ip_if.local_mac
188 src_mac = src_ip_if.remote_mac
189 src_ip6 = src_ip_if.remote_ip6
190 dst_ip6 = remote_dst_host.ip6
191 src_ip4 = src_ip_if.remote_ip4
192 dst_ip4 = remote_dst_host.ip4
196 # default ULP should be something we do not use in tests
197 ulp_l4 = TCP(sport=src_l4, dport=dst_l4)
198 # potentially a chain of protocols leading to ULP
201 if can_reflect_this_packet:
203 ulp_l4 = UDP(sport=src_l4, dport=dst_l4)
204 if add_extension_header:
205 # prepend some extension headers
206 ulp = (IPv6ExtHdrRouting() / IPv6ExtHdrRouting() /
207 IPv6ExtHdrFragment(offset=0, m=1) / ulp_l4)
208 # uncomment below to test invalid ones
209 # ulp = IPv6ExtHdrRouting(len = 200) / ulp_l4
212 p = (Ether(dst=dst_mac, src=src_mac) /
213 IPv6(src=src_ip6, dst=dst_ip6) /
217 ulp_l4 = UDP(sport=src_l4, dport=dst_l4)
218 # IPv4 does not allow extension headers,
219 # but we rather make it a first fragment
220 flags = 1 if add_extension_header else 0
222 p = (Ether(dst=dst_mac, src=src_mac) /
223 IP(src=src_ip4, dst=dst_ip4, frag=0, flags=flags) /
228 ulp_l4 = ICMPv6Unknown(type=128 + (i % 2), code=i % 2)
230 p = (Ether(dst=dst_mac, src=src_mac) /
231 IPv6(src=src_ip6, dst=dst_ip6) /
235 ulp_l4 = ICMP(type=8 + (i % 2), code=i % 2)
237 p = (Ether(dst=dst_mac, src=src_mac) /
238 IP(src=src_ip4, dst=dst_ip4) /
244 size = packet_sizes[(i // 2) % len(packet_sizes)]
245 self.extend_packet(p, size)
248 rule_family = AF_INET6 if p.haslayer(IPv6) else AF_INET
249 rule_prefix_len = 128 if p.haslayer(IPv6) else 32
250 rule_l3_layer = IPv6 if p.haslayer(IPv6) else IP
253 rule_l4_sport = p[UDP].sport
254 rule_l4_dport = p[UDP].dport
257 rule_l4_sport = p[ICMP].type
258 rule_l4_dport = p[ICMP].code
260 rule_l4_sport = p[ICMPv6Unknown].type
261 rule_l4_dport = p[ICMPv6Unknown].code
263 rule_l4_proto = ulp_l4.overload_fields[IPv6]['nh']
265 rule_l4_proto = p[IP].proto
268 'is_permit': is_permit,
269 'is_ipv6': p.haslayer(IPv6),
270 'src_ip_addr': inet_pton(rule_family,
271 p[rule_l3_layer].src),
272 'src_ip_prefix_len': rule_prefix_len,
273 'dst_ip_addr': inet_pton(rule_family,
274 p[rule_l3_layer].dst),
275 'dst_ip_prefix_len': rule_prefix_len,
276 'srcport_or_icmptype_first': rule_l4_sport,
277 'srcport_or_icmptype_last': rule_l4_sport,
278 'dstport_or_icmpcode_first': rule_l4_dport,
279 'dstport_or_icmpcode_last': rule_l4_dport,
280 'proto': rule_l4_proto,
282 rules.append(new_rule)
283 new_rule_permit = new_rule.copy()
284 new_rule_permit['is_permit'] = 1
285 permit_rules.append(new_rule_permit)
287 new_rule_permit_and_reflect = new_rule.copy()
288 if can_reflect_this_packet:
289 new_rule_permit_and_reflect['is_permit'] = 2
291 new_rule_permit_and_reflect['is_permit'] = is_permit
292 permit_and_reflect_rules.append(new_rule_permit_and_reflect)
294 return {'stream': pkts,
296 'permit_rules': permit_rules,
297 'permit_and_reflect_rules': permit_and_reflect_rules}
299 def verify_capture(self, dst_ip_if, src_ip_if, capture, reverse):
301 for i in self.interfaces:
302 last_info[i.sw_if_index] = None
304 dst_ip_sw_if_index = dst_ip_if.sw_if_index
307 for packet in capture:
308 l3 = IP if packet.haslayer(IP) else IPv6
310 if packet.haslayer(UDP):
313 if packet.haslayer(ICMP):
318 # Scapy IPv6 stuff is too smart for its own good.
319 # So we do this and coerce the ICMP into unknown type
320 if packet.haslayer(UDP):
321 data = str(packet[UDP][Raw])
324 data = str(ICMP(str(packet[l3].payload))[Raw])
326 data = str(ICMPv6Unknown(str(packet[l3].payload)).msgbody)
327 udp_or_icmp = packet[l3].payload
328 payload_info = self.payload_to_info(data)
329 packet_index = payload_info.index
331 self.assertEqual(payload_info.dst, dst_ip_sw_if_index)
333 next_info = self.get_next_packet_info_for_interface2(
334 payload_info.src, dst_ip_sw_if_index,
335 last_info[payload_info.src])
336 last_info[payload_info.src] = next_info
337 self.assertTrue(next_info is not None)
338 self.assertEqual(packet_index, next_info.index)
339 saved_packet = next_info.data
340 self.assertTrue(next_info is not None)
344 self.assertEqual(packet.src, dst_ip_if.local_mac)
345 host = dst_ip_if.host_by_mac(packet.dst)
348 # self.assertEqual(ip.src, src_ip_if.remote_ip4)
349 if saved_packet is not None:
350 self.assertEqual(ip.src, saved_packet[l3].src)
351 self.assertEqual(ip.dst, saved_packet[l3].dst)
353 self.assertEqual(udp_or_icmp.sport, saved_packet[l4].sport)
354 self.assertEqual(udp_or_icmp.dport, saved_packet[l4].dport)
356 print("Saved packet is none")
357 # self.assertEqual(ip.dst, host.ip4)
361 def create_acls_for_a_stream(self, stream_dict,
362 test_l2_action, is_reflect):
363 r = stream_dict['rules']
364 r_permit = stream_dict['permit_rules']
365 r_permit_reflect = stream_dict['permit_and_reflect_rules']
366 r_action = r_permit_reflect if is_reflect else r
367 reply = self.api_acl_add_replace(acl_index=4294967295, r=r_action,
368 count=len(r_action), tag="action acl")
369 action_acl_index = reply.acl_index
370 reply = self.api_acl_add_replace(acl_index=4294967295, r=r_permit,
371 count=len(r_permit), tag="permit acl")
372 permit_acl_index = reply.acl_index
373 return {'L2': action_acl_index if test_l2_action else permit_acl_index,
374 'L3': permit_acl_index if test_l2_action else action_acl_index,
375 'permit': permit_acl_index, 'action': action_acl_index}
377 def apply_acl_ip46_x_to_y(self, bridged_to_routed, test_l2_deny,
378 is_ip6, is_reflect, add_eh):
381 self.reset_packet_infos()
382 stream_dict = self.create_stream(
383 self.pg2, self.loop0,
385 self.pg_if_packet_sizes, is_ip6,
386 not is_reflect, False, add_eh)
387 stream = stream_dict['stream']
388 acl_idx = self.create_acls_for_a_stream(stream_dict, test_l2_deny,
390 n_input_l3 = 0 if bridged_to_routed else 1
391 n_input_l2 = 1 if bridged_to_routed else 0
392 self.api_acl_interface_set_acl_list(sw_if_index=self.pg2.sw_if_index,
395 acls=[acl_idx['L3']])
396 self.api_acl_interface_set_acl_list(sw_if_index=self.pg0.sw_if_index,
399 acls=[acl_idx['L2']])
400 self.api_acl_interface_set_acl_list(sw_if_index=self.pg1.sw_if_index,
403 acls=[acl_idx['L2']])
405 def apply_acl_ip46_both_directions_reflect(self,
406 primary_is_bridged_to_routed,
407 reflect_on_l2, is_ip6, add_eh):
408 primary_is_routed_to_bridged = not primary_is_bridged_to_routed
409 self.reset_packet_infos()
410 stream_dict_fwd = self.create_stream(self.pg2, self.loop0,
411 primary_is_bridged_to_routed,
412 self.pg_if_packet_sizes, is_ip6,
413 False, False, add_eh)
414 acl_idx_fwd = self.create_acls_for_a_stream(stream_dict_fwd,
417 stream_dict_rev = self.create_stream(self.pg2, self.loop0,
418 not primary_is_bridged_to_routed,
419 self.pg_if_packet_sizes, is_ip6,
421 # We want the primary action to be "deny" rather than reflect
422 acl_idx_rev = self.create_acls_for_a_stream(stream_dict_rev,
423 reflect_on_l2, False)
425 if primary_is_bridged_to_routed:
426 inbound_l2_acl = acl_idx_fwd['L2']
428 inbound_l2_acl = acl_idx_rev['L2']
430 if primary_is_routed_to_bridged:
431 outbound_l2_acl = acl_idx_fwd['L2']
433 outbound_l2_acl = acl_idx_rev['L2']
435 if primary_is_routed_to_bridged:
436 inbound_l3_acl = acl_idx_fwd['L3']
438 inbound_l3_acl = acl_idx_rev['L3']
440 if primary_is_bridged_to_routed:
441 outbound_l3_acl = acl_idx_fwd['L3']
443 outbound_l3_acl = acl_idx_rev['L3']
445 self.api_acl_interface_set_acl_list(sw_if_index=self.pg2.sw_if_index,
448 acls=[inbound_l3_acl,
450 self.api_acl_interface_set_acl_list(sw_if_index=self.pg0.sw_if_index,
453 acls=[inbound_l2_acl,
455 self.api_acl_interface_set_acl_list(sw_if_index=self.pg1.sw_if_index,
458 acls=[inbound_l2_acl,
461 def apply_acl_ip46_routed_to_bridged(self, test_l2_deny, is_ip6,
463 self.apply_acl_ip46_x_to_y(False, test_l2_deny, is_ip6,
466 def apply_acl_ip46_bridged_to_routed(self, test_l2_deny, is_ip6,
468 self.apply_acl_ip46_x_to_y(True, test_l2_deny, is_ip6,
471 def run_traffic_ip46_x_to_y(self, bridged_to_routed,
472 test_l2_deny, is_ip6,
473 is_reflect, is_established, add_eh):
474 self.reset_packet_infos()
475 stream_dict = self.create_stream(self.pg2, self.loop0,
477 self.pg_if_packet_sizes, is_ip6,
478 not is_reflect, is_established,
480 stream = stream_dict['stream']
482 tx_if = self.pg0 if bridged_to_routed else self.pg2
483 rx_if = self.pg2 if bridged_to_routed else self.pg0
485 tx_if.add_stream(stream)
486 self.pg_enable_capture(self.pg_interfaces)
488 packet_count = self.get_packet_count_for_if_idx(self.loop0.sw_if_index)
489 rcvd1 = rx_if.get_capture(packet_count)
490 self.verify_capture(self.loop0, self.pg2, rcvd1, bridged_to_routed)
492 def run_traffic_ip46_routed_to_bridged(self, test_l2_deny, is_ip6,
493 is_reflect, is_established, add_eh):
494 self.run_traffic_ip46_x_to_y(False, test_l2_deny, is_ip6,
495 is_reflect, is_established, add_eh)
497 def run_traffic_ip46_bridged_to_routed(self, test_l2_deny, is_ip6,
498 is_reflect, is_established, add_eh):
499 self.run_traffic_ip46_x_to_y(True, test_l2_deny, is_ip6,
500 is_reflect, is_established, add_eh)
502 def run_test_ip46_routed_to_bridged(self, test_l2_deny,
503 is_ip6, is_reflect, add_eh):
504 self.apply_acl_ip46_routed_to_bridged(test_l2_deny,
505 is_ip6, is_reflect, add_eh)
506 self.run_traffic_ip46_routed_to_bridged(test_l2_deny, is_ip6,
507 is_reflect, False, add_eh)
509 def run_test_ip46_bridged_to_routed(self, test_l2_deny,
510 is_ip6, is_reflect, add_eh):
511 self.apply_acl_ip46_bridged_to_routed(test_l2_deny,
512 is_ip6, is_reflect, add_eh)
513 self.run_traffic_ip46_bridged_to_routed(test_l2_deny, is_ip6,
514 is_reflect, False, add_eh)
516 def run_test_ip46_routed_to_bridged_and_back(self, test_l2_action,
518 self.apply_acl_ip46_both_directions_reflect(False, test_l2_action,
520 self.run_traffic_ip46_routed_to_bridged(test_l2_action, is_ip6,
522 self.run_traffic_ip46_bridged_to_routed(test_l2_action, is_ip6,
525 def run_test_ip46_bridged_to_routed_and_back(self, test_l2_action,
527 self.apply_acl_ip46_both_directions_reflect(True, test_l2_action,
529 self.run_traffic_ip46_bridged_to_routed(test_l2_action, is_ip6,
531 self.run_traffic_ip46_routed_to_bridged(test_l2_action, is_ip6,
534 def test_0000_ip6_irb_1(self):
535 """ ACL plugin prepare"""
536 if not self.vpp_dead:
537 cmd = "set acl-plugin session timeout udp idle 2000"
538 self.logger.info(self.vapi.ppcli(cmd))
539 # uncomment to not skip past the routing header
540 # and watch the EH tests fail
541 # self.logger.info(self.vapi.ppcli(
542 # "set acl-plugin skip-ipv6-extension-header 43 0"))
543 # uncomment to test the session limit (stateful tests will fail)
544 # self.logger.info(self.vapi.ppcli(
545 # "set acl-plugin session table max-entries 1"))
546 # new datapath is the default, but just in case
547 # self.logger.info(self.vapi.ppcli(
548 # "set acl-plugin l2-datapath new"))
549 # If you want to see some tests fail, uncomment the next line
550 # self.logger.info(self.vapi.ppcli(
551 # "set acl-plugin l2-datapath old"))
553 def test_0001_ip6_irb_1(self):
554 """ ACL IPv6 routed -> bridged, L2 ACL deny"""
555 self.run_test_ip46_routed_to_bridged(True, True, False,
558 def test_0002_ip6_irb_1(self):
559 """ ACL IPv6 routed -> bridged, L3 ACL deny"""
560 self.run_test_ip46_routed_to_bridged(False, True, False,
563 def test_0003_ip4_irb_1(self):
564 """ ACL IPv4 routed -> bridged, L2 ACL deny"""
565 self.run_test_ip46_routed_to_bridged(True, False, False,
568 def test_0004_ip4_irb_1(self):
569 """ ACL IPv4 routed -> bridged, L3 ACL deny"""
570 self.run_test_ip46_routed_to_bridged(False, False, False,
573 def test_0005_ip6_irb_1(self):
574 """ ACL IPv6 bridged -> routed, L2 ACL deny """
575 self.run_test_ip46_bridged_to_routed(True, True, False,
578 def test_0006_ip6_irb_1(self):
579 """ ACL IPv6 bridged -> routed, L3 ACL deny """
580 self.run_test_ip46_bridged_to_routed(False, True, False,
583 def test_0007_ip6_irb_1(self):
584 """ ACL IPv4 bridged -> routed, L2 ACL deny """
585 self.run_test_ip46_bridged_to_routed(True, False, False,
588 def test_0008_ip6_irb_1(self):
589 """ ACL IPv4 bridged -> routed, L3 ACL deny """
590 self.run_test_ip46_bridged_to_routed(False, False, False,
594 def test_0101_ip6_irb_1(self):
595 """ ACL IPv6 routed -> bridged, L2 ACL permit+reflect"""
596 self.run_test_ip46_routed_to_bridged_and_back(True, True,
599 def test_0102_ip6_irb_1(self):
600 """ ACL IPv6 bridged -> routed, L2 ACL permit+reflect"""
601 self.run_test_ip46_bridged_to_routed_and_back(True, True,
604 def test_0103_ip6_irb_1(self):
605 """ ACL IPv4 routed -> bridged, L2 ACL permit+reflect"""
606 self.run_test_ip46_routed_to_bridged_and_back(True, False,
609 def test_0104_ip6_irb_1(self):
610 """ ACL IPv4 bridged -> routed, L2 ACL permit+reflect"""
611 self.run_test_ip46_bridged_to_routed_and_back(True, False,
614 def test_0111_ip6_irb_1(self):
615 """ ACL IPv6 routed -> bridged, L3 ACL permit+reflect"""
616 self.run_test_ip46_routed_to_bridged_and_back(False, True,
619 def test_0112_ip6_irb_1(self):
620 """ ACL IPv6 bridged -> routed, L3 ACL permit+reflect"""
621 self.run_test_ip46_bridged_to_routed_and_back(False, True,
624 def test_0113_ip6_irb_1(self):
625 """ ACL IPv4 routed -> bridged, L3 ACL permit+reflect"""
626 self.run_test_ip46_routed_to_bridged_and_back(False, False,
629 def test_0114_ip6_irb_1(self):
630 """ ACL IPv4 bridged -> routed, L3 ACL permit+reflect"""
631 self.run_test_ip46_bridged_to_routed_and_back(False, False,
634 # A block of tests with extension headers
636 def test_1001_ip6_irb_1(self):
637 """ ACL IPv6+EH routed -> bridged, L2 ACL deny"""
638 self.run_test_ip46_routed_to_bridged(True, True, False,
641 def test_1002_ip6_irb_1(self):
642 """ ACL IPv6+EH routed -> bridged, L3 ACL deny"""
643 self.run_test_ip46_routed_to_bridged(False, True, False,
646 def test_1005_ip6_irb_1(self):
647 """ ACL IPv6+EH bridged -> routed, L2 ACL deny """
648 self.run_test_ip46_bridged_to_routed(True, True, False,
651 def test_1006_ip6_irb_1(self):
652 """ ACL IPv6+EH bridged -> routed, L3 ACL deny """
653 self.run_test_ip46_bridged_to_routed(False, True, False,
656 def test_1101_ip6_irb_1(self):
657 """ ACL IPv6+EH routed -> bridged, L2 ACL permit+reflect"""
658 self.run_test_ip46_routed_to_bridged_and_back(True, True,
661 def test_1102_ip6_irb_1(self):
662 """ ACL IPv6+EH bridged -> routed, L2 ACL permit+reflect"""
663 self.run_test_ip46_bridged_to_routed_and_back(True, True,
666 def test_1111_ip6_irb_1(self):
667 """ ACL IPv6+EH routed -> bridged, L3 ACL permit+reflect"""
668 self.run_test_ip46_routed_to_bridged_and_back(False, True,
671 def test_1112_ip6_irb_1(self):
672 """ ACL IPv6+EH bridged -> routed, L3 ACL permit+reflect"""
673 self.run_test_ip46_bridged_to_routed_and_back(False, True,
676 # IPv4 with "MF" bit set
678 def test_1201_ip6_irb_1(self):
679 """ ACL IPv4+MF routed -> bridged, L2 ACL deny"""
680 self.run_test_ip46_routed_to_bridged(True, False, False,
683 def test_1202_ip6_irb_1(self):
684 """ ACL IPv4+MF routed -> bridged, L3 ACL deny"""
685 self.run_test_ip46_routed_to_bridged(False, False, False,
688 def test_1205_ip6_irb_1(self):
689 """ ACL IPv4+MF bridged -> routed, L2 ACL deny """
690 self.run_test_ip46_bridged_to_routed(True, False, False,
693 def test_1206_ip6_irb_1(self):
694 """ ACL IPv4+MF bridged -> routed, L3 ACL deny """
695 self.run_test_ip46_bridged_to_routed(False, False, False,
698 def test_1301_ip6_irb_1(self):
699 """ ACL IPv4+MF routed -> bridged, L2 ACL permit+reflect"""
700 self.run_test_ip46_routed_to_bridged_and_back(True, False,
703 def test_1302_ip6_irb_1(self):
704 """ ACL IPv4+MF bridged -> routed, L2 ACL permit+reflect"""
705 self.run_test_ip46_bridged_to_routed_and_back(True, False,
708 def test_1311_ip6_irb_1(self):
709 """ ACL IPv4+MF routed -> bridged, L3 ACL permit+reflect"""
710 self.run_test_ip46_routed_to_bridged_and_back(False, False,
713 def test_1312_ip6_irb_1(self):
714 """ ACL IPv4+MF bridged -> routed, L3 ACL permit+reflect"""
715 self.run_test_ip46_bridged_to_routed_and_back(False, False,
718 if __name__ == '__main__':
719 unittest.main(testRunner=VppTestRunner)