4 from socket import inet_pton, inet_ntop
7 from parameterized import parameterized
9 import scapy.layers.inet6 as inet6
10 from scapy.layers.inet import UDP, IP
11 from scapy.contrib.mpls import MPLS
12 from scapy.layers.inet6 import IPv6, ICMPv6ND_NS, ICMPv6ND_RS, \
13 ICMPv6ND_RA, ICMPv6NDOptMTU, ICMPv6NDOptSrcLLAddr, ICMPv6NDOptPrefixInfo, \
14 ICMPv6ND_NA, ICMPv6NDOptDstLLAddr, ICMPv6DestUnreach, icmp6types, \
15 ICMPv6TimeExceeded, ICMPv6EchoRequest, ICMPv6EchoReply, \
16 IPv6ExtHdrHopByHop, ICMPv6MLReport2, ICMPv6MLDMultAddrRec
17 from scapy.layers.l2 import Ether, Dot1Q, GRE
18 from scapy.packet import Raw
19 from scapy.utils6 import in6_getnsma, in6_getnsmac, in6_ptop, in6_islladdr, \
23 from framework import VppTestCase, VppTestRunner, tag_run_solo
24 from util import ppp, ip6_normalize, mk_ll_addr
25 from vpp_papi import VppEnum
26 from vpp_ip import DpoProto, VppIpPuntPolicer, VppIpPuntRedirect, VppIpPathMtu
27 from vpp_ip_route import VppIpRoute, VppRoutePath, find_route, VppIpMRoute, \
28 VppMRoutePath, VppMplsIpBind, \
29 VppMplsRoute, VppMplsTable, VppIpTable, FibPathType, FibPathProto, \
30 VppIpInterfaceAddress, find_route_in_dump, find_mroute_in_dump, \
31 VppIp6LinkLocalAddress, VppIpRouteV2
32 from vpp_neighbor import find_nbr, VppNeighbor
33 from vpp_ipip_tun_interface import VppIpIpTunInterface
34 from vpp_pg_interface import is_ipv6_misc
35 from vpp_sub_interface import VppSubInterface, VppDot1QSubint
36 from vpp_policer import VppPolicer, PolicerAction
37 from ipaddress import IPv6Network, IPv6Address
38 from vpp_gre_interface import VppGreInterface
39 from vpp_teib import VppTeib
41 AF_INET6 = socket.AF_INET6
51 class TestIPv6ND(VppTestCase):
52 def validate_ra(self, intf, rx, dst_ip=None):
54 dst_ip = intf.remote_ip6
56 # unicasted packets must come to the unicast mac
57 self.assertEqual(rx[Ether].dst, intf.remote_mac)
59 # and from the router's MAC
60 self.assertEqual(rx[Ether].src, intf.local_mac)
62 # the rx'd RA should be addressed to the sender's source
63 self.assertTrue(rx.haslayer(ICMPv6ND_RA))
64 self.assertEqual(in6_ptop(rx[IPv6].dst),
67 # and come from the router's link local
68 self.assertTrue(in6_islladdr(rx[IPv6].src))
69 self.assertEqual(in6_ptop(rx[IPv6].src),
70 in6_ptop(mk_ll_addr(intf.local_mac)))
72 def validate_na(self, intf, rx, dst_ip=None, tgt_ip=None):
74 dst_ip = intf.remote_ip6
76 dst_ip = intf.local_ip6
78 # unicasted packets must come to the unicast mac
79 self.assertEqual(rx[Ether].dst, intf.remote_mac)
81 # and from the router's MAC
82 self.assertEqual(rx[Ether].src, intf.local_mac)
84 # the rx'd NA should be addressed to the sender's source
85 self.assertTrue(rx.haslayer(ICMPv6ND_NA))
86 self.assertEqual(in6_ptop(rx[IPv6].dst),
89 # and come from the target address
91 in6_ptop(rx[IPv6].src), in6_ptop(tgt_ip))
93 # Dest link-layer options should have the router's MAC
94 dll = rx[ICMPv6NDOptDstLLAddr]
95 self.assertEqual(dll.lladdr, intf.local_mac)
97 def validate_ns(self, intf, rx, tgt_ip):
98 nsma = in6_getnsma(inet_pton(AF_INET6, tgt_ip))
99 dst_ip = inet_ntop(AF_INET6, nsma)
102 self.assertEqual(rx[Ether].dst, in6_getnsmac(nsma))
104 # and from the router's MAC
105 self.assertEqual(rx[Ether].src, intf.local_mac)
107 # the rx'd NS should be addressed to an mcast address
108 # derived from the target address
110 in6_ptop(rx[IPv6].dst), in6_ptop(dst_ip))
112 # expect the tgt IP in the NS header
114 self.assertEqual(in6_ptop(ns.tgt), in6_ptop(tgt_ip))
116 # packet is from the router's local address
118 in6_ptop(rx[IPv6].src), intf.local_ip6)
120 # Src link-layer options should have the router's MAC
121 sll = rx[ICMPv6NDOptSrcLLAddr]
122 self.assertEqual(sll.lladdr, intf.local_mac)
124 def send_and_expect_ra(self, intf, pkts, remark, dst_ip=None,
125 filter_out_fn=is_ipv6_misc):
126 intf.add_stream(pkts)
127 self.pg_enable_capture(self.pg_interfaces)
129 rx = intf.get_capture(1, filter_out_fn=filter_out_fn)
131 self.assertEqual(len(rx), 1)
133 self.validate_ra(intf, rx, dst_ip)
135 def send_and_expect_na(self, intf, pkts, remark, dst_ip=None,
137 filter_out_fn=is_ipv6_misc):
138 intf.add_stream(pkts)
139 self.pg_enable_capture(self.pg_interfaces)
141 rx = intf.get_capture(1, filter_out_fn=filter_out_fn)
143 self.assertEqual(len(rx), 1)
145 self.validate_na(intf, rx, dst_ip, tgt_ip)
147 def send_and_expect_ns(self, tx_intf, rx_intf, pkts, tgt_ip,
148 filter_out_fn=is_ipv6_misc):
149 self.vapi.cli("clear trace")
150 tx_intf.add_stream(pkts)
151 self.pg_enable_capture(self.pg_interfaces)
153 rx = rx_intf.get_capture(1, filter_out_fn=filter_out_fn)
155 self.assertEqual(len(rx), 1)
157 self.validate_ns(rx_intf, rx, tgt_ip)
159 def verify_ip(self, rx, smac, dmac, sip, dip):
161 self.assertEqual(ether.dst, dmac)
162 self.assertEqual(ether.src, smac)
165 self.assertEqual(ip.src, sip)
166 self.assertEqual(ip.dst, dip)
170 class TestIPv6(TestIPv6ND):
171 """ IPv6 Test Case """
175 super(TestIPv6, cls).setUpClass()
178 def tearDownClass(cls):
179 super(TestIPv6, cls).tearDownClass()
183 Perform test setup before test case.
186 - create 3 pg interfaces
187 - untagged pg0 interface
188 - Dot1Q subinterface on pg1
189 - Dot1AD subinterface on pg2
191 - put it into UP state
193 - resolve neighbor address using NDP
194 - configure 200 fib entries
196 :ivar list interfaces: pg interfaces and subinterfaces.
197 :ivar dict flows: IPv4 packet flows in test.
199 *TODO:* Create AD sub interface
201 super(TestIPv6, self).setUp()
203 # create 3 pg interfaces
204 self.create_pg_interfaces(range(3))
206 # create 2 subinterfaces for p1 and pg2
207 self.sub_interfaces = [
208 VppDot1QSubint(self, self.pg1, 100),
209 VppDot1QSubint(self, self.pg2, 200)
210 # TODO: VppDot1ADSubint(self, self.pg2, 200, 300, 400)
213 # packet flows mapping pg0 -> pg1.sub, pg2.sub, etc.
215 self.flows[self.pg0] = [self.pg1.sub_if, self.pg2.sub_if]
216 self.flows[self.pg1.sub_if] = [self.pg0, self.pg2.sub_if]
217 self.flows[self.pg2.sub_if] = [self.pg0, self.pg1.sub_if]
220 self.pg_if_packet_sizes = [64, 1500, 9020]
222 self.interfaces = list(self.pg_interfaces)
223 self.interfaces.extend(self.sub_interfaces)
225 # setup all interfaces
226 for i in self.interfaces:
232 """Run standard test teardown and log ``show ip6 neighbors``."""
233 for i in self.interfaces:
236 for i in self.sub_interfaces:
237 i.remove_vpp_config()
239 super(TestIPv6, self).tearDown()
240 if not self.vpp_dead:
241 self.logger.info(self.vapi.cli("show ip6 neighbors"))
242 # info(self.vapi.cli("show ip6 fib")) # many entries
244 def modify_packet(self, src_if, packet_size, pkt):
245 """Add load, set destination IP and extend packet to required packet
246 size for defined interface.
248 :param VppInterface src_if: Interface to create packet for.
249 :param int packet_size: Required packet size.
250 :param Scapy pkt: Packet to be modified.
252 dst_if_idx = int(packet_size / 10 % 2)
253 dst_if = self.flows[src_if][dst_if_idx]
254 info = self.create_packet_info(src_if, dst_if)
255 payload = self.info_to_payload(info)
256 p = pkt / Raw(payload)
257 p[IPv6].dst = dst_if.remote_ip6
259 if isinstance(src_if, VppSubInterface):
260 p = src_if.add_dot1_layer(p)
261 self.extend_packet(p, packet_size)
265 def create_stream(self, src_if):
266 """Create input packet stream for defined interface.
268 :param VppInterface src_if: Interface to create packet stream for.
270 hdr_ext = 4 if isinstance(src_if, VppSubInterface) else 0
271 pkt_tmpl = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) /
272 IPv6(src=src_if.remote_ip6) /
273 inet6.UDP(sport=1234, dport=1234))
275 pkts = [self.modify_packet(src_if, i, pkt_tmpl)
276 for i in moves.range(self.pg_if_packet_sizes[0],
277 self.pg_if_packet_sizes[1], 10)]
278 pkts_b = [self.modify_packet(src_if, i, pkt_tmpl)
279 for i in moves.range(self.pg_if_packet_sizes[1] + hdr_ext,
280 self.pg_if_packet_sizes[2] + hdr_ext,
286 def verify_capture(self, dst_if, capture):
287 """Verify captured input packet stream for defined interface.
289 :param VppInterface dst_if: Interface to verify captured packet stream
291 :param list capture: Captured packet stream.
293 self.logger.info("Verifying capture on interface %s" % dst_if.name)
295 for i in self.interfaces:
296 last_info[i.sw_if_index] = None
298 dst_sw_if_index = dst_if.sw_if_index
299 if hasattr(dst_if, 'parent'):
301 for packet in capture:
303 # Check VLAN tags and Ethernet header
304 packet = dst_if.remove_dot1_layer(packet)
305 self.assertTrue(Dot1Q not in packet)
308 udp = packet[inet6.UDP]
309 payload_info = self.payload_to_info(packet[Raw])
310 packet_index = payload_info.index
311 self.assertEqual(payload_info.dst, dst_sw_if_index)
313 "Got packet on port %s: src=%u (id=%u)" %
314 (dst_if.name, payload_info.src, packet_index))
315 next_info = self.get_next_packet_info_for_interface2(
316 payload_info.src, dst_sw_if_index,
317 last_info[payload_info.src])
318 last_info[payload_info.src] = next_info
319 self.assertTrue(next_info is not None)
320 self.assertEqual(packet_index, next_info.index)
321 saved_packet = next_info.data
322 # Check standard fields
324 ip.src, saved_packet[IPv6].src)
326 ip.dst, saved_packet[IPv6].dst)
328 udp.sport, saved_packet[inet6.UDP].sport)
330 udp.dport, saved_packet[inet6.UDP].dport)
332 self.logger.error(ppp("Unexpected or invalid packet:", packet))
334 for i in self.interfaces:
335 remaining_packet = self.get_next_packet_info_for_interface2(
336 i.sw_if_index, dst_sw_if_index, last_info[i.sw_if_index])
337 self.assertTrue(remaining_packet is None,
338 "Interface %s: Packet expected from interface %s "
339 "didn't arrive" % (dst_if.name, i.name))
341 def test_next_header_anomaly(self):
342 """ IPv6 next header anomaly test
345 - ipv6 next header field = Fragment Header (44)
346 - next header is ICMPv6 Echo Request
347 - wait for reassembly
349 pkt = (Ether(src=self.pg0.local_mac, dst=self.pg0.remote_mac) /
350 IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6, nh=44) /
353 self.pg0.add_stream(pkt)
356 # wait for reassembly
363 - Create IPv6 stream for pg0 interface
364 - Create IPv6 tagged streams for pg1's and pg2's subinterface.
365 - Send and verify received packets on each interface.
368 pkts = self.create_stream(self.pg0)
369 self.pg0.add_stream(pkts)
371 for i in self.sub_interfaces:
372 pkts = self.create_stream(i)
373 i.parent.add_stream(pkts)
375 self.pg_enable_capture(self.pg_interfaces)
378 pkts = self.pg0.get_capture()
379 self.verify_capture(self.pg0, pkts)
381 for i in self.sub_interfaces:
382 pkts = i.parent.get_capture()
383 self.verify_capture(i, pkts)
386 """ IPv6 Neighbour Solicitation Exceptions
389 - Send an NS Sourced from an address not covered by the link sub-net
390 - Send an NS to an mcast address the router has not joined
391 - Send NS for a target address the router does not onn.
395 # An NS from a non link source address
397 nsma = in6_getnsma(inet_pton(AF_INET6, self.pg0.local_ip6))
398 d = inet_ntop(AF_INET6, nsma)
400 p = (Ether(dst=in6_getnsmac(nsma)) /
401 IPv6(dst=d, src="2002::2") /
402 ICMPv6ND_NS(tgt=self.pg0.local_ip6) /
403 ICMPv6NDOptSrcLLAddr(
404 lladdr=self.pg0.remote_mac))
407 self.send_and_assert_no_replies(
409 "No response to NS source by address not on sub-net")
412 # An NS for sent to a solicited mcast group the router is
413 # not a member of FAILS
416 nsma = in6_getnsma(inet_pton(AF_INET6, "fd::ffff"))
417 d = inet_ntop(AF_INET6, nsma)
419 p = (Ether(dst=in6_getnsmac(nsma)) /
420 IPv6(dst=d, src=self.pg0.remote_ip6) /
421 ICMPv6ND_NS(tgt=self.pg0.local_ip6) /
422 ICMPv6NDOptSrcLLAddr(
423 lladdr=self.pg0.remote_mac))
426 self.send_and_assert_no_replies(
428 "No response to NS sent to unjoined mcast address")
431 # An NS whose target address is one the router does not own
433 nsma = in6_getnsma(inet_pton(AF_INET6, self.pg0.local_ip6))
434 d = inet_ntop(AF_INET6, nsma)
436 p = (Ether(dst=in6_getnsmac(nsma)) /
437 IPv6(dst=d, src=self.pg0.remote_ip6) /
438 ICMPv6ND_NS(tgt="fd::ffff") /
439 ICMPv6NDOptSrcLLAddr(
440 lladdr=self.pg0.remote_mac))
443 self.send_and_assert_no_replies(self.pg0, pkts,
444 "No response to NS for unknown target")
447 # A neighbor entry that has no associated FIB-entry
449 self.pg0.generate_remote_hosts(4)
450 nd_entry = VppNeighbor(self,
451 self.pg0.sw_if_index,
452 self.pg0.remote_hosts[2].mac,
453 self.pg0.remote_hosts[2].ip6,
455 nd_entry.add_vpp_config()
458 # check we have the neighbor, but no route
460 self.assertTrue(find_nbr(self,
461 self.pg0.sw_if_index,
462 self.pg0._remote_hosts[2].ip6))
463 self.assertFalse(find_route(self,
464 self.pg0._remote_hosts[2].ip6,
468 # send an NS from a link local address to the interface's global
471 p = (Ether(dst=in6_getnsmac(nsma), src=self.pg0.remote_mac) /
473 dst=d, src=self.pg0._remote_hosts[2].ip6_ll) /
474 ICMPv6ND_NS(tgt=self.pg0.local_ip6) /
475 ICMPv6NDOptSrcLLAddr(
476 lladdr=self.pg0.remote_mac))
478 self.send_and_expect_na(self.pg0, p,
479 "NS from link-local",
480 dst_ip=self.pg0._remote_hosts[2].ip6_ll,
481 tgt_ip=self.pg0.local_ip6)
484 # we should have learned an ND entry for the peer's link-local
485 # but not inserted a route to it in the FIB
487 self.assertTrue(find_nbr(self,
488 self.pg0.sw_if_index,
489 self.pg0._remote_hosts[2].ip6_ll))
490 self.assertFalse(find_route(self,
491 self.pg0._remote_hosts[2].ip6_ll,
495 # An NS to the router's own Link-local
497 p = (Ether(dst=in6_getnsmac(nsma), src=self.pg0.remote_mac) /
499 dst=d, src=self.pg0._remote_hosts[3].ip6_ll) /
500 ICMPv6ND_NS(tgt=self.pg0.local_ip6_ll) /
501 ICMPv6NDOptSrcLLAddr(
502 lladdr=self.pg0.remote_mac))
504 self.send_and_expect_na(self.pg0, p,
505 "NS to/from link-local",
506 dst_ip=self.pg0._remote_hosts[3].ip6_ll,
507 tgt_ip=self.pg0.local_ip6_ll)
510 # do not respond to a NS for the peer's address
512 p = (Ether(dst=in6_getnsmac(nsma), src=self.pg0.remote_mac) /
514 src=self.pg0._remote_hosts[3].ip6_ll) /
515 ICMPv6ND_NS(tgt=self.pg0._remote_hosts[3].ip6_ll) /
516 ICMPv6NDOptSrcLLAddr(
517 lladdr=self.pg0.remote_mac))
519 self.send_and_assert_no_replies(self.pg0, p)
522 # we should have learned an ND entry for the peer's link-local
523 # but not inserted a route to it in the FIB
525 self.assertTrue(find_nbr(self,
526 self.pg0.sw_if_index,
527 self.pg0._remote_hosts[3].ip6_ll))
528 self.assertFalse(find_route(self,
529 self.pg0._remote_hosts[3].ip6_ll,
532 def test_ns_duplicates(self):
536 # Generate some hosts on the LAN
538 self.pg1.generate_remote_hosts(3)
541 # Add host 1 on pg1 and pg2
543 ns_pg1 = VppNeighbor(self,
544 self.pg1.sw_if_index,
545 self.pg1.remote_hosts[1].mac,
546 self.pg1.remote_hosts[1].ip6)
547 ns_pg1.add_vpp_config()
548 ns_pg2 = VppNeighbor(self,
549 self.pg2.sw_if_index,
551 self.pg1.remote_hosts[1].ip6)
552 ns_pg2.add_vpp_config()
555 # IP packet destined for pg1 remote host arrives on pg1 again.
557 p = (Ether(dst=self.pg0.local_mac,
558 src=self.pg0.remote_mac) /
559 IPv6(src=self.pg0.remote_ip6,
560 dst=self.pg1.remote_hosts[1].ip6) /
561 inet6.UDP(sport=1234, dport=1234) /
564 self.pg0.add_stream(p)
565 self.pg_enable_capture(self.pg_interfaces)
568 rx1 = self.pg1.get_capture(1)
570 self.verify_ip(rx1[0],
572 self.pg1.remote_hosts[1].mac,
574 self.pg1.remote_hosts[1].ip6)
577 # remove the duplicate on pg1
578 # packet stream should generate NSs out of pg1
580 ns_pg1.remove_vpp_config()
582 self.send_and_expect_ns(self.pg0, self.pg1,
583 p, self.pg1.remote_hosts[1].ip6)
588 ns_pg1.add_vpp_config()
590 self.pg0.add_stream(p)
591 self.pg_enable_capture(self.pg_interfaces)
594 rx1 = self.pg1.get_capture(1)
596 self.verify_ip(rx1[0],
598 self.pg1.remote_hosts[1].mac,
600 self.pg1.remote_hosts[1].ip6)
602 def validate_ra(self, intf, rx, dst_ip=None, src_ip=None,
603 mtu=9000, pi_opt=None):
605 dst_ip = intf.remote_ip6
607 src_ip = mk_ll_addr(intf.local_mac)
609 # unicasted packets must come to the unicast mac
610 self.assertEqual(rx[Ether].dst, intf.remote_mac)
612 # and from the router's MAC
613 self.assertEqual(rx[Ether].src, intf.local_mac)
615 # the rx'd RA should be addressed to the sender's source
616 self.assertTrue(rx.haslayer(ICMPv6ND_RA))
617 self.assertEqual(in6_ptop(rx[IPv6].dst),
620 # and come from the router's link local
621 self.assertTrue(in6_islladdr(rx[IPv6].src))
622 self.assertEqual(in6_ptop(rx[IPv6].src), in6_ptop(src_ip))
624 # it should contain the links MTU
626 self.assertEqual(ra[ICMPv6NDOptMTU].mtu, mtu)
628 # it should contain the source's link layer address option
629 sll = ra[ICMPv6NDOptSrcLLAddr]
630 self.assertEqual(sll.lladdr, intf.local_mac)
633 # the RA should not contain prefix information
634 self.assertFalse(ra.haslayer(
635 ICMPv6NDOptPrefixInfo))
637 raos = rx.getlayer(ICMPv6NDOptPrefixInfo, 1)
639 # the options are nested in the scapy packet in way that i cannot
640 # decipher how to decode. this 1st layer of option always returns
641 # nested classes, so a direct obj1=obj2 comparison always fails.
642 # however, the getlayer(.., 2) does give one instance.
643 # so we cheat here and construct a new opt instance for comparison
644 rd = ICMPv6NDOptPrefixInfo(
645 prefixlen=raos.prefixlen,
649 if type(pi_opt) is list:
650 for ii in range(len(pi_opt)):
651 self.assertEqual(pi_opt[ii], rd)
653 ICMPv6NDOptPrefixInfo, ii + 2)
655 self.assertEqual(pi_opt, raos, 'Expected: %s, received: %s'
656 % (pi_opt.show(dump=True),
657 raos.show(dump=True)))
659 def send_and_expect_ra(self, intf, pkts, remark, dst_ip=None,
660 filter_out_fn=is_ipv6_misc,
663 self.vapi.cli("clear trace")
664 intf.add_stream(pkts)
665 self.pg_enable_capture(self.pg_interfaces)
667 rx = intf.get_capture(1, filter_out_fn=filter_out_fn)
669 self.assertEqual(len(rx), 1)
671 self.validate_ra(intf, rx, dst_ip, src_ip=src_ip, pi_opt=opt)
674 """ IPv6 Router Solicitation Exceptions
680 # Before we begin change the IPv6 RA responses to use the unicast
681 # address - that way we will not confuse them with the periodic
682 # RAs which go to the mcast address
683 # Sit and wait for the first periodic RA.
687 self.pg0.ip6_ra_config(send_unicast=1)
690 # An RS from a link source address
691 # - expect an RA in return
693 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
694 IPv6(dst=self.pg0.local_ip6, src=self.pg0.remote_ip6) /
697 self.send_and_expect_ra(self.pg0, pkts, "Genuine RS")
700 # For the next RS sent the RA should be rate limited
702 self.send_and_assert_no_replies(self.pg0, pkts, "RA rate limited")
705 # When we reconfigure the IPv6 RA config,
706 # we reset the RA rate limiting,
707 # so we need to do this before each test below so as not to drop
708 # packets for rate limiting reasons. Test this works here.
710 self.pg0.ip6_ra_config(send_unicast=1)
711 self.send_and_expect_ra(self.pg0, pkts, "Rate limit reset RS")
714 # An RS sent from a non-link local source
716 self.pg0.ip6_ra_config(send_unicast=1)
717 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
718 IPv6(dst=self.pg0.local_ip6,
722 self.send_and_assert_no_replies(self.pg0, pkts,
723 "RS from non-link source")
726 # Source an RS from a link local address
728 self.pg0.ip6_ra_config(send_unicast=1)
729 ll = mk_ll_addr(self.pg0.remote_mac)
730 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
731 IPv6(dst=self.pg0.local_ip6, src=ll) /
734 self.send_and_expect_ra(self.pg0, pkts,
735 "RS sourced from link-local",
739 # Source an RS from a link local address
740 # Ensure suppress also applies to solicited RS
742 self.pg0.ip6_ra_config(send_unicast=1, suppress=1)
743 ll = mk_ll_addr(self.pg0.remote_mac)
744 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
745 IPv6(dst=self.pg0.local_ip6, src=ll) /
748 self.send_and_assert_no_replies(self.pg0, pkts,
749 "Suppressed RS from link-local")
752 # Send the RS multicast
754 self.pg0.ip6_ra_config(no=1, suppress=1) # Reset suppress flag to zero
755 self.pg0.ip6_ra_config(send_unicast=1)
756 dmac = in6_getnsmac(inet_pton(AF_INET6, "ff02::2"))
757 ll = mk_ll_addr(self.pg0.remote_mac)
758 p = (Ether(dst=dmac, src=self.pg0.remote_mac) /
759 IPv6(dst="ff02::2", src=ll) /
762 self.send_and_expect_ra(self.pg0, pkts,
763 "RS sourced from link-local",
767 # Source from the unspecified address ::. This happens when the RS
768 # is sent before the host has a configured address/sub-net,
769 # i.e. auto-config. Since the sender has no IP address, the reply
770 # comes back mcast - so the capture needs to not filter this.
771 # If we happen to pick up the periodic RA at this point then so be it,
774 self.pg0.ip6_ra_config(send_unicast=1, suppress=0)
775 p = (Ether(dst=dmac, src=self.pg0.remote_mac) /
776 IPv6(dst="ff02::2", src="::") /
779 self.send_and_expect_ra(self.pg0, pkts,
780 "RS sourced from unspecified",
785 # Configure The RA to announce the links prefix
787 self.pg0.ip6_ra_prefix('%s/%s' % (self.pg0.local_ip6,
788 self.pg0.local_ip6_prefix_len))
791 # RAs should now contain the prefix information option
793 opt = ICMPv6NDOptPrefixInfo(
794 prefixlen=self.pg0.local_ip6_prefix_len,
795 prefix=self.pg0.local_ip6,
799 self.pg0.ip6_ra_config(send_unicast=1)
800 ll = mk_ll_addr(self.pg0.remote_mac)
801 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
802 IPv6(dst=self.pg0.local_ip6, src=ll) /
804 self.send_and_expect_ra(self.pg0, p,
805 "RA with prefix-info",
810 # Change the prefix info to not off-link
813 self.pg0.ip6_ra_prefix('%s/%s' % (self.pg0.local_ip6,
814 self.pg0.local_ip6_prefix_len),
817 opt = ICMPv6NDOptPrefixInfo(
818 prefixlen=self.pg0.local_ip6_prefix_len,
819 prefix=self.pg0.local_ip6,
823 self.pg0.ip6_ra_config(send_unicast=1)
824 self.send_and_expect_ra(self.pg0, p,
825 "RA with Prefix info with L-flag=0",
830 # Change the prefix info to not off-link, no-autoconfig
831 # L and A flag are clear in the advert
833 self.pg0.ip6_ra_prefix('%s/%s' % (self.pg0.local_ip6,
834 self.pg0.local_ip6_prefix_len),
838 opt = ICMPv6NDOptPrefixInfo(
839 prefixlen=self.pg0.local_ip6_prefix_len,
840 prefix=self.pg0.local_ip6,
844 self.pg0.ip6_ra_config(send_unicast=1)
845 self.send_and_expect_ra(self.pg0, p,
846 "RA with Prefix info with A & L-flag=0",
851 # Change the flag settings back to the defaults
852 # L and A flag are set in the advert
854 self.pg0.ip6_ra_prefix('%s/%s' % (self.pg0.local_ip6,
855 self.pg0.local_ip6_prefix_len))
857 opt = ICMPv6NDOptPrefixInfo(
858 prefixlen=self.pg0.local_ip6_prefix_len,
859 prefix=self.pg0.local_ip6,
863 self.pg0.ip6_ra_config(send_unicast=1)
864 self.send_and_expect_ra(self.pg0, p,
865 "RA with Prefix info",
870 # Change the prefix info to not off-link, no-autoconfig
871 # L and A flag are clear in the advert
873 self.pg0.ip6_ra_prefix('%s/%s' % (self.pg0.local_ip6,
874 self.pg0.local_ip6_prefix_len),
878 opt = ICMPv6NDOptPrefixInfo(
879 prefixlen=self.pg0.local_ip6_prefix_len,
880 prefix=self.pg0.local_ip6,
884 self.pg0.ip6_ra_config(send_unicast=1)
885 self.send_and_expect_ra(self.pg0, p,
886 "RA with Prefix info with A & L-flag=0",
891 # Use the reset to defaults option to revert to defaults
892 # L and A flag are clear in the advert
894 self.pg0.ip6_ra_prefix('%s/%s' % (self.pg0.local_ip6,
895 self.pg0.local_ip6_prefix_len),
898 opt = ICMPv6NDOptPrefixInfo(
899 prefixlen=self.pg0.local_ip6_prefix_len,
900 prefix=self.pg0.local_ip6,
904 self.pg0.ip6_ra_config(send_unicast=1)
905 self.send_and_expect_ra(self.pg0, p,
906 "RA with Prefix reverted to defaults",
911 # Advertise Another prefix. With no L-flag/A-flag
913 self.pg0.ip6_ra_prefix('%s/%s' % (self.pg1.local_ip6,
914 self.pg1.local_ip6_prefix_len),
918 opt = [ICMPv6NDOptPrefixInfo(
919 prefixlen=self.pg0.local_ip6_prefix_len,
920 prefix=self.pg0.local_ip6,
923 ICMPv6NDOptPrefixInfo(
924 prefixlen=self.pg1.local_ip6_prefix_len,
925 prefix=self.pg1.local_ip6,
929 self.pg0.ip6_ra_config(send_unicast=1)
930 ll = mk_ll_addr(self.pg0.remote_mac)
931 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
932 IPv6(dst=self.pg0.local_ip6, src=ll) /
934 self.send_and_expect_ra(self.pg0, p,
935 "RA with multiple Prefix infos",
940 # Remove the first prefix-info - expect the second is still in the
943 self.pg0.ip6_ra_prefix('%s/%s' % (self.pg0.local_ip6,
944 self.pg0.local_ip6_prefix_len),
947 opt = ICMPv6NDOptPrefixInfo(
948 prefixlen=self.pg1.local_ip6_prefix_len,
949 prefix=self.pg1.local_ip6,
953 self.pg0.ip6_ra_config(send_unicast=1)
954 self.send_and_expect_ra(self.pg0, p,
955 "RA with Prefix reverted to defaults",
960 # Remove the second prefix-info - expect no prefix-info in the adverts
962 self.pg0.ip6_ra_prefix('%s/%s' % (self.pg1.local_ip6,
963 self.pg1.local_ip6_prefix_len),
967 # change the link's link local, so we know that works too.
969 self.vapi.sw_interface_ip6_set_link_local_address(
970 sw_if_index=self.pg0.sw_if_index,
973 self.pg0.ip6_ra_config(send_unicast=1)
974 self.send_and_expect_ra(self.pg0, p,
975 "RA with Prefix reverted to defaults",
980 # Reset the periodic advertisements back to default values
982 self.pg0.ip6_ra_config(no=1, suppress=1, send_unicast=0)
987 # test one MLD is sent after applying an IPv6 Address on an interface
989 self.pg_enable_capture(self.pg_interfaces)
992 subitf = VppDot1QSubint(self, self.pg1, 99)
997 rxs = self.pg1._get_capture(timeout=4, filter_out_fn=None)
1000 # hunt for the MLD on vlan 99
1003 # make sure ipv6 packets with hop by hop options have
1005 self.assert_packet_checksums_valid(rx)
1006 if rx.haslayer(IPv6ExtHdrHopByHop) and \
1007 rx.haslayer(Dot1Q) and \
1008 rx[Dot1Q].vlan == 99:
1009 mld = rx[ICMPv6MLReport2]
1011 self.assertEqual(mld.records_number, 4)
1014 class TestIPv6RouteLookup(VppTestCase):
1015 """ IPv6 Route Lookup Test Case """
1018 def route_lookup(self, prefix, exact):
1019 return self.vapi.api(self.vapi.papi.ip_route_lookup,
1027 def setUpClass(cls):
1028 super(TestIPv6RouteLookup, cls).setUpClass()
1031 def tearDownClass(cls):
1032 super(TestIPv6RouteLookup, cls).tearDownClass()
1035 super(TestIPv6RouteLookup, self).setUp()
1037 drop_nh = VppRoutePath("::1", 0xffffffff,
1038 type=FibPathType.FIB_PATH_TYPE_DROP)
1041 r = VppIpRoute(self, "2001:1111::", 32, [drop_nh])
1043 self.routes.append(r)
1045 r = VppIpRoute(self, "2001:1111:2222::", 48, [drop_nh])
1047 self.routes.append(r)
1049 r = VppIpRoute(self, "2001:1111:2222::1", 128, [drop_nh])
1051 self.routes.append(r)
1054 # Remove the routes we added
1055 for r in self.routes:
1056 r.remove_vpp_config()
1058 super(TestIPv6RouteLookup, self).tearDown()
1060 def test_exact_match(self):
1061 # Verify we find the host route
1062 prefix = "2001:1111:2222::1/128"
1063 result = self.route_lookup(prefix, True)
1064 assert (prefix == str(result.route.prefix))
1066 # Verify we find a middle prefix route
1067 prefix = "2001:1111:2222::/48"
1068 result = self.route_lookup(prefix, True)
1069 assert (prefix == str(result.route.prefix))
1071 # Verify we do not find an available LPM.
1072 with self.vapi.assert_negative_api_retval():
1073 self.route_lookup("2001::2/128", True)
1075 def test_longest_prefix_match(self):
1076 # verify we find lpm
1077 lpm_prefix = "2001:1111:2222::/48"
1078 result = self.route_lookup("2001:1111:2222::2/128", False)
1079 assert (lpm_prefix == str(result.route.prefix))
1081 # Verify we find the exact when not requested
1082 result = self.route_lookup(lpm_prefix, False)
1083 assert (lpm_prefix == str(result.route.prefix))
1085 # Can't seem to delete the default route so no negative LPM test.
1088 class TestIPv6IfAddrRoute(VppTestCase):
1089 """ IPv6 Interface Addr Route Test Case """
1092 def setUpClass(cls):
1093 super(TestIPv6IfAddrRoute, cls).setUpClass()
1096 def tearDownClass(cls):
1097 super(TestIPv6IfAddrRoute, cls).tearDownClass()
1100 super(TestIPv6IfAddrRoute, self).setUp()
1102 # create 1 pg interface
1103 self.create_pg_interfaces(range(1))
1105 for i in self.pg_interfaces:
1111 super(TestIPv6IfAddrRoute, self).tearDown()
1112 for i in self.pg_interfaces:
1116 def test_ipv6_ifaddrs_same_prefix(self):
1117 """ IPv6 Interface Addresses Same Prefix test
1121 - Verify no route in FIB for prefix 2001:10::/64
1122 - Configure IPv4 address 2001:10::10/64 on an interface
1123 - Verify route in FIB for prefix 2001:10::/64
1124 - Configure IPv4 address 2001:10::20/64 on an interface
1125 - Delete 2001:10::10/64 from interface
1126 - Verify route in FIB for prefix 2001:10::/64
1127 - Delete 2001:10::20/64 from interface
1128 - Verify no route in FIB for prefix 2001:10::/64
1131 addr1 = "2001:10::10"
1132 addr2 = "2001:10::20"
1134 if_addr1 = VppIpInterfaceAddress(self, self.pg0, addr1, 64)
1135 if_addr2 = VppIpInterfaceAddress(self, self.pg0, addr2, 64)
1136 self.assertFalse(if_addr1.query_vpp_config())
1137 self.assertFalse(find_route(self, addr1, 128))
1138 self.assertFalse(find_route(self, addr2, 128))
1140 # configure first address, verify route present
1141 if_addr1.add_vpp_config()
1142 self.assertTrue(if_addr1.query_vpp_config())
1143 self.assertTrue(find_route(self, addr1, 128))
1144 self.assertFalse(find_route(self, addr2, 128))
1146 # configure second address, delete first, verify route not removed
1147 if_addr2.add_vpp_config()
1148 if_addr1.remove_vpp_config()
1149 self.assertFalse(if_addr1.query_vpp_config())
1150 self.assertTrue(if_addr2.query_vpp_config())
1151 self.assertFalse(find_route(self, addr1, 128))
1152 self.assertTrue(find_route(self, addr2, 128))
1154 # delete second address, verify route removed
1155 if_addr2.remove_vpp_config()
1156 self.assertFalse(if_addr1.query_vpp_config())
1157 self.assertFalse(find_route(self, addr1, 128))
1158 self.assertFalse(find_route(self, addr2, 128))
1160 def test_ipv6_ifaddr_del(self):
1161 """ Delete an interface address that does not exist """
1163 loopbacks = self.create_loopback_interfaces(1)
1164 lo = self.lo_interfaces[0]
1170 # try and remove pg0's subnet from lo
1172 with self.vapi.assert_negative_api_retval():
1173 self.vapi.sw_interface_add_del_address(
1174 sw_if_index=lo.sw_if_index,
1175 prefix=self.pg0.local_ip6_prefix,
1179 class TestICMPv6Echo(VppTestCase):
1180 """ ICMPv6 Echo Test Case """
1183 def setUpClass(cls):
1184 super(TestICMPv6Echo, cls).setUpClass()
1187 def tearDownClass(cls):
1188 super(TestICMPv6Echo, cls).tearDownClass()
1191 super(TestICMPv6Echo, self).setUp()
1193 # create 1 pg interface
1194 self.create_pg_interfaces(range(1))
1196 for i in self.pg_interfaces:
1199 i.resolve_ndp(link_layer=True)
1203 super(TestICMPv6Echo, self).tearDown()
1204 for i in self.pg_interfaces:
1208 def test_icmpv6_echo(self):
1209 """ VPP replies to ICMPv6 Echo Request
1213 - Receive ICMPv6 Echo Request message on pg0 interface.
1214 - Check outgoing ICMPv6 Echo Reply message on pg0 interface.
1217 # test both with global and local ipv6 addresses
1218 dsts = (self.pg0.local_ip6, self.pg0.local_ip6_ll)
1224 p.append((Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
1225 IPv6(src=self.pg0.remote_ip6, dst=dst) /
1226 ICMPv6EchoRequest(id=id, seq=seq, data=data)))
1228 self.pg0.add_stream(p)
1229 self.pg_enable_capture(self.pg_interfaces)
1231 rxs = self.pg0.get_capture(len(dsts))
1233 for rx, dst in zip(rxs, dsts):
1236 icmpv6 = rx[ICMPv6EchoReply]
1237 self.assertEqual(ether.src, self.pg0.local_mac)
1238 self.assertEqual(ether.dst, self.pg0.remote_mac)
1239 self.assertEqual(ipv6.src, dst)
1240 self.assertEqual(ipv6.dst, self.pg0.remote_ip6)
1241 self.assertEqual(icmp6types[icmpv6.type], "Echo Reply")
1242 self.assertEqual(icmpv6.id, id)
1243 self.assertEqual(icmpv6.seq, seq)
1244 self.assertEqual(icmpv6.data, data)
1247 class TestIPv6RD(TestIPv6ND):
1248 """ IPv6 Router Discovery Test Case """
1251 def setUpClass(cls):
1252 super(TestIPv6RD, cls).setUpClass()
1255 def tearDownClass(cls):
1256 super(TestIPv6RD, cls).tearDownClass()
1259 super(TestIPv6RD, self).setUp()
1261 # create 2 pg interfaces
1262 self.create_pg_interfaces(range(2))
1264 self.interfaces = list(self.pg_interfaces)
1266 # setup all interfaces
1267 for i in self.interfaces:
1272 for i in self.interfaces:
1275 super(TestIPv6RD, self).tearDown()
1277 def test_rd_send_router_solicitation(self):
1278 """ Verify router solicitation packets """
1281 self.pg_enable_capture(self.pg_interfaces)
1283 self.vapi.ip6nd_send_router_solicitation(self.pg1.sw_if_index,
1285 rx_list = self.pg1.get_capture(count, timeout=3)
1286 self.assertEqual(len(rx_list), count)
1287 for packet in rx_list:
1288 self.assertEqual(packet.haslayer(IPv6), 1)
1289 self.assertEqual(packet[IPv6].haslayer(
1291 dst = ip6_normalize(packet[IPv6].dst)
1292 dst2 = ip6_normalize("ff02::2")
1293 self.assert_equal(dst, dst2)
1294 src = ip6_normalize(packet[IPv6].src)
1295 src2 = ip6_normalize(self.pg1.local_ip6_ll)
1296 self.assert_equal(src, src2)
1298 bool(packet[ICMPv6ND_RS].haslayer(
1299 ICMPv6NDOptSrcLLAddr)))
1301 packet[ICMPv6NDOptSrcLLAddr].lladdr,
1304 def verify_prefix_info(self, reported_prefix, prefix_option):
1305 prefix = IPv6Network(
1306 text_type(prefix_option.getfieldval("prefix") +
1308 text_type(prefix_option.getfieldval("prefixlen"))),
1310 self.assert_equal(reported_prefix.prefix.network_address,
1311 prefix.network_address)
1312 L = prefix_option.getfieldval("L")
1313 A = prefix_option.getfieldval("A")
1314 option_flags = (L << 7) | (A << 6)
1315 self.assert_equal(reported_prefix.flags, option_flags)
1316 self.assert_equal(reported_prefix.valid_time,
1317 prefix_option.getfieldval("validlifetime"))
1318 self.assert_equal(reported_prefix.preferred_time,
1319 prefix_option.getfieldval("preferredlifetime"))
1321 def test_rd_receive_router_advertisement(self):
1322 """ Verify events triggered by received RA packets """
1324 self.vapi.want_ip6_ra_events(enable=1)
1326 prefix_info_1 = ICMPv6NDOptPrefixInfo(
1330 preferredlifetime=500,
1335 prefix_info_2 = ICMPv6NDOptPrefixInfo(
1339 preferredlifetime=1000,
1344 p = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
1345 IPv6(dst=self.pg1.local_ip6_ll,
1346 src=mk_ll_addr(self.pg1.remote_mac)) /
1350 self.pg1.add_stream([p])
1353 ev = self.vapi.wait_for_event(10, "ip6_ra_event")
1355 self.assert_equal(ev.current_hop_limit, 0)
1356 self.assert_equal(ev.flags, 8)
1357 self.assert_equal(ev.router_lifetime_in_sec, 1800)
1358 self.assert_equal(ev.neighbor_reachable_time_in_msec, 0)
1360 ev.time_in_msec_between_retransmitted_neighbor_solicitations, 0)
1362 self.assert_equal(ev.n_prefixes, 2)
1364 self.verify_prefix_info(ev.prefixes[0], prefix_info_1)
1365 self.verify_prefix_info(ev.prefixes[1], prefix_info_2)
1368 class TestIPv6RDControlPlane(TestIPv6ND):
1369 """ IPv6 Router Discovery Control Plane Test Case """
1372 def setUpClass(cls):
1373 super(TestIPv6RDControlPlane, cls).setUpClass()
1376 def tearDownClass(cls):
1377 super(TestIPv6RDControlPlane, cls).tearDownClass()
1380 super(TestIPv6RDControlPlane, self).setUp()
1382 # create 1 pg interface
1383 self.create_pg_interfaces(range(1))
1385 self.interfaces = list(self.pg_interfaces)
1387 # setup all interfaces
1388 for i in self.interfaces:
1393 super(TestIPv6RDControlPlane, self).tearDown()
1396 def create_ra_packet(pg, routerlifetime=None):
1397 src_ip = pg.remote_ip6_ll
1398 dst_ip = pg.local_ip6
1399 if routerlifetime is not None:
1400 ra = ICMPv6ND_RA(routerlifetime=routerlifetime)
1403 p = (Ether(dst=pg.local_mac, src=pg.remote_mac) /
1404 IPv6(dst=dst_ip, src=src_ip) / ra)
1408 def get_default_routes(fib):
1411 if entry.route.prefix.prefixlen == 0:
1412 for path in entry.route.paths:
1413 if path.sw_if_index != 0xFFFFFFFF:
1415 defaut_route['sw_if_index'] = path.sw_if_index
1416 defaut_route['next_hop'] = path.nh.address.ip6
1417 list.append(defaut_route)
1421 def get_interface_addresses(fib, pg):
1424 if entry.route.prefix.prefixlen == 128:
1425 path = entry.route.paths[0]
1426 if path.sw_if_index == pg.sw_if_index:
1427 list.append(str(entry.route.prefix.network_address))
1430 def wait_for_no_default_route(self, n_tries=50, s_time=1):
1432 fib = self.vapi.ip_route_dump(0, True)
1433 default_routes = self.get_default_routes(fib)
1434 if 0 == len(default_routes):
1436 n_tries = n_tries - 1
1442 """ Test handling of SLAAC addresses and default routes """
1444 fib = self.vapi.ip_route_dump(0, True)
1445 default_routes = self.get_default_routes(fib)
1446 initial_addresses = set(self.get_interface_addresses(fib, self.pg0))
1447 self.assertEqual(default_routes, [])
1448 router_address = IPv6Address(text_type(self.pg0.remote_ip6_ll))
1450 self.vapi.ip6_nd_address_autoconfig(self.pg0.sw_if_index, 1, 1)
1455 packet = (self.create_ra_packet(
1456 self.pg0) / ICMPv6NDOptPrefixInfo(
1460 preferredlifetime=2,
1463 ) / ICMPv6NDOptPrefixInfo(
1467 preferredlifetime=1000,
1471 self.pg0.add_stream([packet])
1474 self.sleep_on_vpp_time(0.1)
1476 fib = self.vapi.ip_route_dump(0, True)
1478 # check FIB for new address
1479 addresses = set(self.get_interface_addresses(fib, self.pg0))
1480 new_addresses = addresses.difference(initial_addresses)
1481 self.assertEqual(len(new_addresses), 1)
1482 prefix = IPv6Network(text_type("%s/%d" % (list(new_addresses)[0], 20)),
1484 self.assertEqual(prefix, IPv6Network(text_type('1::/20')))
1486 # check FIB for new default route
1487 default_routes = self.get_default_routes(fib)
1488 self.assertEqual(len(default_routes), 1)
1489 dr = default_routes[0]
1490 self.assertEqual(dr['sw_if_index'], self.pg0.sw_if_index)
1491 self.assertEqual(dr['next_hop'], router_address)
1493 # send RA to delete default route
1494 packet = self.create_ra_packet(self.pg0, routerlifetime=0)
1495 self.pg0.add_stream([packet])
1498 self.sleep_on_vpp_time(0.1)
1500 # check that default route is deleted
1501 fib = self.vapi.ip_route_dump(0, True)
1502 default_routes = self.get_default_routes(fib)
1503 self.assertEqual(len(default_routes), 0)
1505 self.sleep_on_vpp_time(0.1)
1508 packet = self.create_ra_packet(self.pg0)
1509 self.pg0.add_stream([packet])
1512 self.sleep_on_vpp_time(0.1)
1514 # check FIB for new default route
1515 fib = self.vapi.ip_route_dump(0, True)
1516 default_routes = self.get_default_routes(fib)
1517 self.assertEqual(len(default_routes), 1)
1518 dr = default_routes[0]
1519 self.assertEqual(dr['sw_if_index'], self.pg0.sw_if_index)
1520 self.assertEqual(dr['next_hop'], router_address)
1522 # send RA, updating router lifetime to 1s
1523 packet = self.create_ra_packet(self.pg0, 1)
1524 self.pg0.add_stream([packet])
1527 self.sleep_on_vpp_time(0.1)
1529 # check that default route still exists
1530 fib = self.vapi.ip_route_dump(0, True)
1531 default_routes = self.get_default_routes(fib)
1532 self.assertEqual(len(default_routes), 1)
1533 dr = default_routes[0]
1534 self.assertEqual(dr['sw_if_index'], self.pg0.sw_if_index)
1535 self.assertEqual(dr['next_hop'], router_address)
1537 self.sleep_on_vpp_time(1)
1539 # check that default route is deleted
1540 self.assertTrue(self.wait_for_no_default_route())
1542 # check FIB still contains the SLAAC address
1543 addresses = set(self.get_interface_addresses(fib, self.pg0))
1544 new_addresses = addresses.difference(initial_addresses)
1546 self.assertEqual(len(new_addresses), 1)
1547 prefix = IPv6Network(text_type("%s/%d" % (list(new_addresses)[0], 20)),
1549 self.assertEqual(prefix, IPv6Network(text_type('1::/20')))
1551 self.sleep_on_vpp_time(1)
1553 # check that SLAAC address is deleted
1554 fib = self.vapi.ip_route_dump(0, True)
1555 addresses = set(self.get_interface_addresses(fib, self.pg0))
1556 new_addresses = addresses.difference(initial_addresses)
1557 self.assertEqual(len(new_addresses), 0)
1560 class IPv6NDProxyTest(TestIPv6ND):
1561 """ IPv6 ND ProxyTest Case """
1564 def setUpClass(cls):
1565 super(IPv6NDProxyTest, cls).setUpClass()
1568 def tearDownClass(cls):
1569 super(IPv6NDProxyTest, cls).tearDownClass()
1572 super(IPv6NDProxyTest, self).setUp()
1574 # create 3 pg interfaces
1575 self.create_pg_interfaces(range(3))
1577 # pg0 is the master interface, with the configured subnet
1579 self.pg0.config_ip6()
1580 self.pg0.resolve_ndp()
1582 self.pg1.ip6_enable()
1583 self.pg2.ip6_enable()
1586 super(IPv6NDProxyTest, self).tearDown()
1588 def test_nd_proxy(self):
1589 """ IPv6 Proxy ND """
1592 # Generate some hosts in the subnet that we are proxying
1594 self.pg0.generate_remote_hosts(8)
1596 nsma = in6_getnsma(inet_pton(AF_INET6, self.pg0.local_ip6))
1597 d = inet_ntop(AF_INET6, nsma)
1600 # Send an NS for one of those remote hosts on one of the proxy links
1601 # expect no response since it's from an address that is not
1602 # on the link that has the prefix configured
1604 ns_pg1 = (Ether(dst=in6_getnsmac(nsma), src=self.pg1.remote_mac) /
1606 src=self.pg0._remote_hosts[2].ip6) /
1607 ICMPv6ND_NS(tgt=self.pg0.local_ip6) /
1608 ICMPv6NDOptSrcLLAddr(
1609 lladdr=self.pg0._remote_hosts[2].mac))
1611 self.send_and_assert_no_replies(self.pg1, ns_pg1, "Off link NS")
1614 # Add proxy support for the host
1616 self.vapi.ip6nd_proxy_add_del(
1617 is_add=1, ip=inet_pton(AF_INET6, self.pg0._remote_hosts[2].ip6),
1618 sw_if_index=self.pg1.sw_if_index)
1621 # try that NS again. this time we expect an NA back
1623 self.send_and_expect_na(self.pg1, ns_pg1,
1624 "NS to proxy entry",
1625 dst_ip=self.pg0._remote_hosts[2].ip6,
1626 tgt_ip=self.pg0.local_ip6)
1629 # ... and that we have an entry in the ND cache
1631 self.assertTrue(find_nbr(self,
1632 self.pg1.sw_if_index,
1633 self.pg0._remote_hosts[2].ip6))
1636 # ... and we can route traffic to it
1638 t = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
1639 IPv6(dst=self.pg0._remote_hosts[2].ip6,
1640 src=self.pg0.remote_ip6) /
1641 inet6.UDP(sport=10000, dport=20000) /
1644 self.pg0.add_stream(t)
1645 self.pg_enable_capture(self.pg_interfaces)
1647 rx = self.pg1.get_capture(1)
1650 self.assertEqual(rx[Ether].dst, self.pg0._remote_hosts[2].mac)
1651 self.assertEqual(rx[Ether].src, self.pg1.local_mac)
1653 self.assertEqual(rx[IPv6].src,
1655 self.assertEqual(rx[IPv6].dst,
1659 # Test we proxy for the host on the main interface
1661 ns_pg0 = (Ether(dst=in6_getnsmac(nsma), src=self.pg0.remote_mac) /
1662 IPv6(dst=d, src=self.pg0.remote_ip6) /
1664 tgt=self.pg0._remote_hosts[2].ip6) /
1665 ICMPv6NDOptSrcLLAddr(
1666 lladdr=self.pg0.remote_mac))
1668 self.send_and_expect_na(self.pg0, ns_pg0,
1669 "NS to proxy entry on main",
1670 tgt_ip=self.pg0._remote_hosts[2].ip6,
1671 dst_ip=self.pg0.remote_ip6)
1674 # Setup and resolve proxy for another host on another interface
1676 ns_pg2 = (Ether(dst=in6_getnsmac(nsma), src=self.pg2.remote_mac) /
1678 src=self.pg0._remote_hosts[3].ip6) /
1679 ICMPv6ND_NS(tgt=self.pg0.local_ip6) /
1680 ICMPv6NDOptSrcLLAddr(
1681 lladdr=self.pg0._remote_hosts[2].mac))
1683 self.vapi.ip6nd_proxy_add_del(
1684 is_add=1, ip=inet_pton(AF_INET6, self.pg0._remote_hosts[3].ip6),
1685 sw_if_index=self.pg2.sw_if_index)
1687 self.send_and_expect_na(self.pg2, ns_pg2,
1688 "NS to proxy entry other interface",
1689 dst_ip=self.pg0._remote_hosts[3].ip6,
1690 tgt_ip=self.pg0.local_ip6)
1692 self.assertTrue(find_nbr(self,
1693 self.pg2.sw_if_index,
1694 self.pg0._remote_hosts[3].ip6))
1697 # hosts can communicate. pg2->pg1
1699 t2 = (Ether(dst=self.pg2.local_mac,
1700 src=self.pg0.remote_hosts[3].mac) /
1701 IPv6(dst=self.pg0._remote_hosts[2].ip6,
1702 src=self.pg0._remote_hosts[3].ip6) /
1703 inet6.UDP(sport=10000, dport=20000) /
1706 self.pg2.add_stream(t2)
1707 self.pg_enable_capture(self.pg_interfaces)
1709 rx = self.pg1.get_capture(1)
1712 self.assertEqual(rx[Ether].dst, self.pg0._remote_hosts[2].mac)
1713 self.assertEqual(rx[Ether].src, self.pg1.local_mac)
1715 self.assertEqual(rx[IPv6].src,
1717 self.assertEqual(rx[IPv6].dst,
1721 # remove the proxy configs
1723 self.vapi.ip6nd_proxy_add_del(
1724 ip=inet_pton(AF_INET6, self.pg0._remote_hosts[2].ip6),
1725 sw_if_index=self.pg1.sw_if_index, is_add=0)
1726 self.vapi.ip6nd_proxy_add_del(
1727 ip=inet_pton(AF_INET6, self.pg0._remote_hosts[3].ip6),
1728 sw_if_index=self.pg2.sw_if_index, is_add=0)
1730 self.assertFalse(find_nbr(self,
1731 self.pg2.sw_if_index,
1732 self.pg0._remote_hosts[3].ip6))
1733 self.assertFalse(find_nbr(self,
1734 self.pg1.sw_if_index,
1735 self.pg0._remote_hosts[2].ip6))
1738 # no longer proxy-ing...
1740 self.send_and_assert_no_replies(self.pg0, ns_pg0, "Proxy unconfigured")
1741 self.send_and_assert_no_replies(self.pg1, ns_pg1, "Proxy unconfigured")
1742 self.send_and_assert_no_replies(self.pg2, ns_pg2, "Proxy unconfigured")
1745 # no longer forwarding. traffic generates NS out of the glean/main
1748 self.pg2.add_stream(t2)
1749 self.pg_enable_capture(self.pg_interfaces)
1752 rx = self.pg0.get_capture(1)
1754 self.assertTrue(rx[0].haslayer(ICMPv6ND_NS))
1757 class TestIP6Null(VppTestCase):
1758 """ IPv6 routes via NULL """
1761 def setUpClass(cls):
1762 super(TestIP6Null, cls).setUpClass()
1765 def tearDownClass(cls):
1766 super(TestIP6Null, cls).tearDownClass()
1769 super(TestIP6Null, self).setUp()
1771 # create 2 pg interfaces
1772 self.create_pg_interfaces(range(1))
1774 for i in self.pg_interfaces:
1780 super(TestIP6Null, self).tearDown()
1781 for i in self.pg_interfaces:
1785 def test_ip_null(self):
1786 """ IP NULL route """
1788 p = (Ether(src=self.pg0.remote_mac,
1789 dst=self.pg0.local_mac) /
1790 IPv6(src=self.pg0.remote_ip6, dst="2001::1") /
1791 inet6.UDP(sport=1234, dport=1234) /
1795 # A route via IP NULL that will reply with ICMP unreachables
1797 ip_unreach = VppIpRoute(
1799 [VppRoutePath("::", 0xffffffff,
1800 type=FibPathType.FIB_PATH_TYPE_ICMP_UNREACH)])
1801 ip_unreach.add_vpp_config()
1803 self.pg0.add_stream(p)
1804 self.pg_enable_capture(self.pg_interfaces)
1807 rx = self.pg0.get_capture(1)
1809 icmp = rx[ICMPv6DestUnreach]
1811 # 0 = "No route to destination"
1812 self.assertEqual(icmp.code, 0)
1814 # ICMP is rate limited. pause a bit
1818 # A route via IP NULL that will reply with ICMP prohibited
1820 ip_prohibit = VppIpRoute(
1821 self, "2001::1", 128,
1822 [VppRoutePath("::", 0xffffffff,
1823 type=FibPathType.FIB_PATH_TYPE_ICMP_PROHIBIT)])
1824 ip_prohibit.add_vpp_config()
1826 self.pg0.add_stream(p)
1827 self.pg_enable_capture(self.pg_interfaces)
1830 rx = self.pg0.get_capture(1)
1832 icmp = rx[ICMPv6DestUnreach]
1834 # 1 = "Communication with destination administratively prohibited"
1835 self.assertEqual(icmp.code, 1)
1838 class TestIP6Disabled(VppTestCase):
1839 """ IPv6 disabled """
1842 def setUpClass(cls):
1843 super(TestIP6Disabled, cls).setUpClass()
1846 def tearDownClass(cls):
1847 super(TestIP6Disabled, cls).tearDownClass()
1850 super(TestIP6Disabled, self).setUp()
1852 # create 2 pg interfaces
1853 self.create_pg_interfaces(range(2))
1857 self.pg0.config_ip6()
1858 self.pg0.resolve_ndp()
1860 # PG 1 is not IP enabled
1864 super(TestIP6Disabled, self).tearDown()
1865 for i in self.pg_interfaces:
1869 def test_ip_disabled(self):
1872 MRouteItfFlags = VppEnum.vl_api_mfib_itf_flags_t
1873 MRouteEntryFlags = VppEnum.vl_api_mfib_entry_flags_t
1876 # one accepting interface, pg0, 2 forwarding interfaces
1878 route_ff_01 = VppIpMRoute(
1882 MRouteEntryFlags.MFIB_API_ENTRY_FLAG_NONE,
1883 [VppMRoutePath(self.pg1.sw_if_index,
1884 MRouteItfFlags.MFIB_API_ITF_FLAG_ACCEPT),
1885 VppMRoutePath(self.pg0.sw_if_index,
1886 MRouteItfFlags.MFIB_API_ITF_FLAG_FORWARD)])
1887 route_ff_01.add_vpp_config()
1889 pu = (Ether(src=self.pg1.remote_mac,
1890 dst=self.pg1.local_mac) /
1891 IPv6(src="2001::1", dst=self.pg0.remote_ip6) /
1892 inet6.UDP(sport=1234, dport=1234) /
1894 pm = (Ether(src=self.pg1.remote_mac,
1895 dst=self.pg1.local_mac) /
1896 IPv6(src="2001::1", dst="ffef::1") /
1897 inet6.UDP(sport=1234, dport=1234) /
1901 # PG1 does not forward IP traffic
1903 self.send_and_assert_no_replies(self.pg1, pu, "IPv6 disabled")
1904 self.send_and_assert_no_replies(self.pg1, pm, "IPv6 disabled")
1909 self.pg1.config_ip6()
1912 # Now we get packets through
1914 self.pg1.add_stream(pu)
1915 self.pg_enable_capture(self.pg_interfaces)
1917 rx = self.pg0.get_capture(1)
1919 self.pg1.add_stream(pm)
1920 self.pg_enable_capture(self.pg_interfaces)
1922 rx = self.pg0.get_capture(1)
1927 self.pg1.unconfig_ip6()
1930 # PG1 does not forward IP traffic
1932 self.send_and_assert_no_replies(self.pg1, pu, "IPv6 disabled")
1933 self.send_and_assert_no_replies(self.pg1, pm, "IPv6 disabled")
1936 class TestIP6LoadBalance(VppTestCase):
1937 """ IPv6 Load-Balancing """
1940 def setUpClass(cls):
1941 super(TestIP6LoadBalance, cls).setUpClass()
1944 def tearDownClass(cls):
1945 super(TestIP6LoadBalance, cls).tearDownClass()
1948 super(TestIP6LoadBalance, self).setUp()
1950 self.create_pg_interfaces(range(5))
1952 mpls_tbl = VppMplsTable(self, 0)
1953 mpls_tbl.add_vpp_config()
1955 for i in self.pg_interfaces:
1962 for i in self.pg_interfaces:
1966 super(TestIP6LoadBalance, self).tearDown()
1968 def test_ip6_load_balance(self):
1969 """ IPv6 Load-Balancing """
1972 # An array of packets that differ only in the destination port
1976 # - MPLS non-EOS with an entropy label
1980 port_mpls_neos_pkts = []
1984 # An array of packets that differ only in the source address
1989 for ii in range(NUM_PKTS):
1991 IPv6(dst="3000::1", src="3000:1::1") /
1992 inet6.UDP(sport=1234, dport=1234 + ii) /
1994 port_ip_pkts.append((Ether(src=self.pg0.remote_mac,
1995 dst=self.pg0.local_mac) /
1997 port_mpls_pkts.append((Ether(src=self.pg0.remote_mac,
1998 dst=self.pg0.local_mac) /
1999 MPLS(label=66, ttl=2) /
2001 port_mpls_neos_pkts.append((Ether(src=self.pg0.remote_mac,
2002 dst=self.pg0.local_mac) /
2003 MPLS(label=67, ttl=2) /
2004 MPLS(label=77, ttl=2) /
2006 port_ent_pkts.append((Ether(src=self.pg0.remote_mac,
2007 dst=self.pg0.local_mac) /
2008 MPLS(label=67, ttl=2) /
2009 MPLS(label=14, ttl=2) /
2010 MPLS(label=999, ttl=2) /
2013 IPv6(dst="3000::1", src="3000:1::%d" % ii) /
2014 inet6.UDP(sport=1234, dport=1234) /
2016 src_ip_pkts.append((Ether(src=self.pg0.remote_mac,
2017 dst=self.pg0.local_mac) /
2019 src_mpls_pkts.append((Ether(src=self.pg0.remote_mac,
2020 dst=self.pg0.local_mac) /
2021 MPLS(label=66, ttl=2) /
2025 # A route for the IP packets
2027 route_3000_1 = VppIpRoute(self, "3000::1", 128,
2028 [VppRoutePath(self.pg1.remote_ip6,
2029 self.pg1.sw_if_index),
2030 VppRoutePath(self.pg2.remote_ip6,
2031 self.pg2.sw_if_index)])
2032 route_3000_1.add_vpp_config()
2035 # a local-label for the EOS packets
2037 binding = VppMplsIpBind(self, 66, "3000::1", 128, is_ip6=1)
2038 binding.add_vpp_config()
2041 # An MPLS route for the non-EOS packets
2043 route_67 = VppMplsRoute(self, 67, 0,
2044 [VppRoutePath(self.pg1.remote_ip6,
2045 self.pg1.sw_if_index,
2047 VppRoutePath(self.pg2.remote_ip6,
2048 self.pg2.sw_if_index,
2050 route_67.add_vpp_config()
2053 # inject the packet on pg0 - expect load-balancing across the 2 paths
2054 # - since the default hash config is to use IP src,dst and port
2056 # We are not going to ensure equal amounts of packets across each link,
2057 # since the hash algorithm is statistical and therefore this can never
2058 # be guaranteed. But with 64 different packets we do expect some
2059 # balancing. So instead just ensure there is traffic on each link.
2061 rx = self.send_and_expect_load_balancing(self.pg0, port_ip_pkts,
2062 [self.pg1, self.pg2])
2063 n_ip_pg0 = len(rx[0])
2064 self.send_and_expect_load_balancing(self.pg0, src_ip_pkts,
2065 [self.pg1, self.pg2])
2066 self.send_and_expect_load_balancing(self.pg0, port_mpls_pkts,
2067 [self.pg1, self.pg2])
2068 self.send_and_expect_load_balancing(self.pg0, src_mpls_pkts,
2069 [self.pg1, self.pg2])
2070 rx = self.send_and_expect_load_balancing(self.pg0, port_mpls_neos_pkts,
2071 [self.pg1, self.pg2])
2072 n_mpls_pg0 = len(rx[0])
2075 # change the router ID and expect the distribution changes
2077 self.vapi.set_ip_flow_hash_router_id(router_id=0x11111111)
2079 rx = self.send_and_expect_load_balancing(self.pg0, port_ip_pkts,
2080 [self.pg1, self.pg2])
2081 self.assertNotEqual(n_ip_pg0, len(rx[0]))
2083 rx = self.send_and_expect_load_balancing(self.pg0, src_mpls_pkts,
2084 [self.pg1, self.pg2])
2085 self.assertNotEqual(n_mpls_pg0, len(rx[0]))
2088 # The packets with Entropy label in should not load-balance,
2089 # since the Entropy value is fixed.
2091 self.send_and_expect_only(self.pg0, port_ent_pkts, self.pg1)
2094 # change the flow hash config so it's only IP src,dst
2095 # - now only the stream with differing source address will
2098 self.vapi.set_ip_flow_hash(vrf_id=0, src=1, dst=1, proto=1,
2099 sport=0, dport=0, is_ipv6=1)
2101 self.send_and_expect_load_balancing(self.pg0, src_ip_pkts,
2102 [self.pg1, self.pg2])
2103 self.send_and_expect_load_balancing(self.pg0, src_mpls_pkts,
2104 [self.pg1, self.pg2])
2105 self.send_and_expect_only(self.pg0, port_ip_pkts, self.pg2)
2108 # change the flow hash config back to defaults
2110 self.vapi.set_ip_flow_hash(vrf_id=0, src=1, dst=1, sport=1, dport=1,
2114 # Recursive prefixes
2115 # - testing that 2 stages of load-balancing occurs and there is no
2116 # polarisation (i.e. only 2 of 4 paths are used)
2121 for ii in range(257):
2122 port_pkts.append((Ether(src=self.pg0.remote_mac,
2123 dst=self.pg0.local_mac) /
2126 inet6.UDP(sport=1234,
2128 Raw(b'\xa5' * 100)))
2129 src_pkts.append((Ether(src=self.pg0.remote_mac,
2130 dst=self.pg0.local_mac) /
2132 src="4000:1::%d" % ii) /
2133 inet6.UDP(sport=1234, dport=1234) /
2134 Raw(b'\xa5' * 100)))
2136 route_3000_2 = VppIpRoute(self, "3000::2", 128,
2137 [VppRoutePath(self.pg3.remote_ip6,
2138 self.pg3.sw_if_index),
2139 VppRoutePath(self.pg4.remote_ip6,
2140 self.pg4.sw_if_index)])
2141 route_3000_2.add_vpp_config()
2143 route_4000_1 = VppIpRoute(self, "4000::1", 128,
2144 [VppRoutePath("3000::1",
2146 VppRoutePath("3000::2",
2148 route_4000_1.add_vpp_config()
2151 # inject the packet on pg0 - expect load-balancing across all 4 paths
2153 self.vapi.cli("clear trace")
2154 self.send_and_expect_load_balancing(self.pg0, port_pkts,
2155 [self.pg1, self.pg2,
2156 self.pg3, self.pg4])
2157 self.send_and_expect_load_balancing(self.pg0, src_pkts,
2158 [self.pg1, self.pg2,
2159 self.pg3, self.pg4])
2162 # Recursive prefixes
2163 # - testing that 2 stages of load-balancing no choices
2167 for ii in range(257):
2168 port_pkts.append((Ether(src=self.pg0.remote_mac,
2169 dst=self.pg0.local_mac) /
2172 inet6.UDP(sport=1234,
2174 Raw(b'\xa5' * 100)))
2176 route_5000_2 = VppIpRoute(self, "5000::2", 128,
2177 [VppRoutePath(self.pg3.remote_ip6,
2178 self.pg3.sw_if_index)])
2179 route_5000_2.add_vpp_config()
2181 route_6000_1 = VppIpRoute(self, "6000::1", 128,
2182 [VppRoutePath("5000::2",
2184 route_6000_1.add_vpp_config()
2187 # inject the packet on pg0 - expect load-balancing across all 4 paths
2189 self.vapi.cli("clear trace")
2190 self.send_and_expect_only(self.pg0, port_pkts, self.pg3)
2193 class IP6PuntSetup(object):
2194 """ Setup for IPv6 Punt Police/Redirect """
2196 def punt_setup(self):
2197 self.create_pg_interfaces(range(4))
2199 for i in self.pg_interfaces:
2204 self.pkt = (Ether(src=self.pg0.remote_mac,
2205 dst=self.pg0.local_mac) /
2206 IPv6(src=self.pg0.remote_ip6,
2207 dst=self.pg0.local_ip6) /
2208 inet6.TCP(sport=1234, dport=1234) /
2211 def punt_teardown(self):
2212 for i in self.pg_interfaces:
2217 class TestIP6Punt(IP6PuntSetup, VppTestCase):
2218 """ IPv6 Punt Police/Redirect """
2221 super(TestIP6Punt, self).setUp()
2222 super(TestIP6Punt, self).punt_setup()
2225 super(TestIP6Punt, self).punt_teardown()
2226 super(TestIP6Punt, self).tearDown()
2228 def test_ip_punt(self):
2229 """ IP6 punt police and redirect """
2231 pkts = self.pkt * 1025
2234 # Configure a punt redirect via pg1.
2236 nh_addr = self.pg1.remote_ip6
2237 ip_punt_redirect = VppIpPuntRedirect(self, self.pg0.sw_if_index,
2238 self.pg1.sw_if_index, nh_addr)
2239 ip_punt_redirect.add_vpp_config()
2241 self.send_and_expect(self.pg0, pkts, self.pg1)
2246 policer = VppPolicer(self, "ip6-punt", 400, 0, 10, 0, rate_type=1)
2247 policer.add_vpp_config()
2248 ip_punt_policer = VppIpPuntPolicer(self, policer.policer_index,
2250 ip_punt_policer.add_vpp_config()
2252 self.vapi.cli("clear trace")
2253 self.pg0.add_stream(pkts)
2254 self.pg_enable_capture(self.pg_interfaces)
2258 # the number of packet received should be greater than 0,
2259 # but not equal to the number sent, since some were policed
2261 rx = self.pg1._get_capture(1)
2262 stats = policer.get_stats()
2264 # Single rate policer - expect conform, violate but no exceed
2265 self.assertGreater(stats['conform_packets'], 0)
2266 self.assertEqual(stats['exceed_packets'], 0)
2267 self.assertGreater(stats['violate_packets'], 0)
2269 self.assertGreater(len(rx), 0)
2270 self.assertLess(len(rx), len(pkts))
2273 # remove the policer. back to full rx
2275 ip_punt_policer.remove_vpp_config()
2276 policer.remove_vpp_config()
2277 self.send_and_expect(self.pg0, pkts, self.pg1)
2280 # remove the redirect. expect full drop.
2282 ip_punt_redirect.remove_vpp_config()
2283 self.send_and_assert_no_replies(self.pg0, pkts,
2284 "IP no punt config")
2287 # Add a redirect that is not input port selective
2289 ip_punt_redirect = VppIpPuntRedirect(self, 0xffffffff,
2290 self.pg1.sw_if_index, nh_addr)
2291 ip_punt_redirect.add_vpp_config()
2292 self.send_and_expect(self.pg0, pkts, self.pg1)
2293 ip_punt_redirect.remove_vpp_config()
2295 def test_ip_punt_dump(self):
2296 """ IP6 punt redirect dump"""
2299 # Configure a punt redirects
2301 nh_address = self.pg3.remote_ip6
2302 ipr_03 = VppIpPuntRedirect(self, self.pg0.sw_if_index,
2303 self.pg3.sw_if_index, nh_address)
2304 ipr_13 = VppIpPuntRedirect(self, self.pg1.sw_if_index,
2305 self.pg3.sw_if_index, nh_address)
2306 ipr_23 = VppIpPuntRedirect(self, self.pg2.sw_if_index,
2307 self.pg3.sw_if_index, '0::0')
2308 ipr_03.add_vpp_config()
2309 ipr_13.add_vpp_config()
2310 ipr_23.add_vpp_config()
2313 # Dump pg0 punt redirects
2315 self.assertTrue(ipr_03.query_vpp_config())
2316 self.assertTrue(ipr_13.query_vpp_config())
2317 self.assertTrue(ipr_23.query_vpp_config())
2320 # Dump punt redirects for all interfaces
2322 punts = self.vapi.ip_punt_redirect_dump(0xffffffff, is_ipv6=1)
2323 self.assertEqual(len(punts), 3)
2325 self.assertEqual(p.punt.tx_sw_if_index, self.pg3.sw_if_index)
2326 self.assertNotEqual(punts[1].punt.nh, self.pg3.remote_ip6)
2327 self.assertEqual(str(punts[2].punt.nh), '::')
2330 class TestIP6PuntHandoff(IP6PuntSetup, VppTestCase):
2331 """ IPv6 Punt Police/Redirect """
2332 vpp_worker_count = 2
2335 super(TestIP6PuntHandoff, self).setUp()
2336 super(TestIP6PuntHandoff, self).punt_setup()
2339 super(TestIP6PuntHandoff, self).punt_teardown()
2340 super(TestIP6PuntHandoff, self).tearDown()
2342 def test_ip_punt(self):
2343 """ IP6 punt policer thread handoff """
2344 pkts = self.pkt * NUM_PKTS
2347 # Configure a punt redirect via pg1.
2349 nh_addr = self.pg1.remote_ip6
2350 ip_punt_redirect = VppIpPuntRedirect(self, self.pg0.sw_if_index,
2351 self.pg1.sw_if_index, nh_addr)
2352 ip_punt_redirect.add_vpp_config()
2354 action_tx = PolicerAction(
2355 VppEnum.vl_api_sse2_qos_action_type_t.SSE2_QOS_ACTION_API_TRANSMIT,
2358 # This policer drops no packets, we are just
2359 # testing that they get to the right thread.
2361 policer = VppPolicer(self, "ip6-punt", 400, 0, 10, 0, 1,
2362 0, 0, False, action_tx, action_tx, action_tx)
2363 policer.add_vpp_config()
2364 ip_punt_policer = VppIpPuntPolicer(self, policer.policer_index,
2366 ip_punt_policer.add_vpp_config()
2368 for worker in [0, 1]:
2369 self.send_and_expect(self.pg0, pkts, self.pg1, worker=worker)
2371 self.logger.debug(self.vapi.cli("show trace max 100"))
2373 # Combined stats, all threads
2374 stats = policer.get_stats()
2376 # Single rate policer - expect conform, violate but no exceed
2377 self.assertGreater(stats['conform_packets'], 0)
2378 self.assertEqual(stats['exceed_packets'], 0)
2379 self.assertGreater(stats['violate_packets'], 0)
2381 # Worker 0, should have done all the policing
2382 stats0 = policer.get_stats(worker=0)
2383 self.assertEqual(stats, stats0)
2385 # Worker 1, should have handed everything off
2386 stats1 = policer.get_stats(worker=1)
2387 self.assertEqual(stats1['conform_packets'], 0)
2388 self.assertEqual(stats1['exceed_packets'], 0)
2389 self.assertEqual(stats1['violate_packets'], 0)
2391 # Bind the policer to worker 1 and repeat
2392 policer.bind_vpp_config(1, True)
2393 for worker in [0, 1]:
2394 self.send_and_expect(self.pg0, pkts, self.pg1, worker=worker)
2395 self.logger.debug(self.vapi.cli("show trace max 100"))
2397 # The 2 workers should now have policed the same amount
2398 stats = policer.get_stats()
2399 stats0 = policer.get_stats(worker=0)
2400 stats1 = policer.get_stats(worker=1)
2402 self.assertGreater(stats0['conform_packets'], 0)
2403 self.assertEqual(stats0['exceed_packets'], 0)
2404 self.assertGreater(stats0['violate_packets'], 0)
2406 self.assertGreater(stats1['conform_packets'], 0)
2407 self.assertEqual(stats1['exceed_packets'], 0)
2408 self.assertGreater(stats1['violate_packets'], 0)
2410 self.assertEqual(stats0['conform_packets'] + stats1['conform_packets'],
2411 stats['conform_packets'])
2413 self.assertEqual(stats0['violate_packets'] + stats1['violate_packets'],
2414 stats['violate_packets'])
2416 # Unbind the policer and repeat
2417 policer.bind_vpp_config(1, False)
2418 for worker in [0, 1]:
2419 self.send_and_expect(self.pg0, pkts, self.pg1, worker=worker)
2420 self.logger.debug(self.vapi.cli("show trace max 100"))
2422 # The policer should auto-bind to worker 0 when packets arrive
2423 stats = policer.get_stats()
2424 stats0new = policer.get_stats(worker=0)
2425 stats1new = policer.get_stats(worker=1)
2427 self.assertGreater(stats0new['conform_packets'],
2428 stats0['conform_packets'])
2429 self.assertEqual(stats0new['exceed_packets'], 0)
2430 self.assertGreater(stats0new['violate_packets'],
2431 stats0['violate_packets'])
2433 self.assertEqual(stats1, stats1new)
2438 ip_punt_policer.remove_vpp_config()
2439 policer.remove_vpp_config()
2440 ip_punt_redirect.remove_vpp_config()
2443 class TestIP6Deag(VppTestCase):
2444 """ IPv6 Deaggregate Routes """
2447 def setUpClass(cls):
2448 super(TestIP6Deag, cls).setUpClass()
2451 def tearDownClass(cls):
2452 super(TestIP6Deag, cls).tearDownClass()
2455 super(TestIP6Deag, self).setUp()
2457 self.create_pg_interfaces(range(3))
2459 for i in self.pg_interfaces:
2465 super(TestIP6Deag, self).tearDown()
2466 for i in self.pg_interfaces:
2470 def test_ip_deag(self):
2471 """ IP Deag Routes """
2474 # Create a table to be used for:
2475 # 1 - another destination address lookup
2476 # 2 - a source address lookup
2478 table_dst = VppIpTable(self, 1, is_ip6=1)
2479 table_src = VppIpTable(self, 2, is_ip6=1)
2480 table_dst.add_vpp_config()
2481 table_src.add_vpp_config()
2484 # Add a route in the default table to point to a deag/
2485 # second lookup in each of these tables
2487 route_to_dst = VppIpRoute(self, "1::1", 128,
2491 route_to_src = VppIpRoute(
2496 type=FibPathType.FIB_PATH_TYPE_SOURCE_LOOKUP)])
2498 route_to_dst.add_vpp_config()
2499 route_to_src.add_vpp_config()
2502 # packets to these destination are dropped, since they'll
2503 # hit the respective default routes in the second table
2505 p_dst = (Ether(src=self.pg0.remote_mac,
2506 dst=self.pg0.local_mac) /
2507 IPv6(src="5::5", dst="1::1") /
2508 inet6.TCP(sport=1234, dport=1234) /
2510 p_src = (Ether(src=self.pg0.remote_mac,
2511 dst=self.pg0.local_mac) /
2512 IPv6(src="2::2", dst="1::2") /
2513 inet6.TCP(sport=1234, dport=1234) /
2515 pkts_dst = p_dst * 257
2516 pkts_src = p_src * 257
2518 self.send_and_assert_no_replies(self.pg0, pkts_dst,
2520 self.send_and_assert_no_replies(self.pg0, pkts_src,
2524 # add a route in the dst table to forward via pg1
2526 route_in_dst = VppIpRoute(self, "1::1", 128,
2527 [VppRoutePath(self.pg1.remote_ip6,
2528 self.pg1.sw_if_index)],
2530 route_in_dst.add_vpp_config()
2532 self.send_and_expect(self.pg0, pkts_dst, self.pg1)
2535 # add a route in the src table to forward via pg2
2537 route_in_src = VppIpRoute(self, "2::2", 128,
2538 [VppRoutePath(self.pg2.remote_ip6,
2539 self.pg2.sw_if_index)],
2541 route_in_src.add_vpp_config()
2542 self.send_and_expect(self.pg0, pkts_src, self.pg2)
2545 # loop in the lookup DP
2547 route_loop = VppIpRoute(self, "3::3", 128,
2550 route_loop.add_vpp_config()
2552 p_l = (Ether(src=self.pg0.remote_mac,
2553 dst=self.pg0.local_mac) /
2554 IPv6(src="3::4", dst="3::3") /
2555 inet6.TCP(sport=1234, dport=1234) /
2558 self.send_and_assert_no_replies(self.pg0, p_l * 257,
2562 class TestIP6Input(VppTestCase):
2563 """ IPv6 Input Exception Test Cases """
2566 def setUpClass(cls):
2567 super(TestIP6Input, cls).setUpClass()
2570 def tearDownClass(cls):
2571 super(TestIP6Input, cls).tearDownClass()
2574 super(TestIP6Input, self).setUp()
2576 self.create_pg_interfaces(range(2))
2578 for i in self.pg_interfaces:
2584 super(TestIP6Input, self).tearDown()
2585 for i in self.pg_interfaces:
2589 def test_ip_input_icmp_reply(self):
2590 """ IP6 Input Exception - Return ICMP (3,0) """
2592 # hop limit - ICMP replies
2594 p_version = (Ether(src=self.pg0.remote_mac,
2595 dst=self.pg0.local_mac) /
2596 IPv6(src=self.pg0.remote_ip6,
2597 dst=self.pg1.remote_ip6,
2599 inet6.UDP(sport=1234, dport=1234) /
2602 rxs = self.send_and_expect_some(self.pg0,
2603 p_version * NUM_PKTS,
2607 icmp = rx[ICMPv6TimeExceeded]
2608 # 0: "hop limit exceeded in transit",
2609 self.assertEqual((icmp.type, icmp.code), (3, 0))
2611 icmpv6_data = '\x0a' * 18
2613 all_1s = "FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF"
2615 @parameterized.expand([
2616 # Name, src, dst, l4proto, msg, timeout
2617 ("src='iface', dst='iface'", None, None,
2618 inet6.UDP(sport=1234, dport=1234), "funky version", None),
2619 ("src='All 0's', dst='iface'", all_0s, None,
2620 ICMPv6EchoRequest(id=0xb, seq=5, data=icmpv6_data), None, 0.1),
2621 ("src='iface', dst='All 0's'", None, all_0s,
2622 ICMPv6EchoRequest(id=0xb, seq=5, data=icmpv6_data), None, 0.1),
2623 ("src='All 1's', dst='iface'", all_1s, None,
2624 ICMPv6EchoRequest(id=0xb, seq=5, data=icmpv6_data), None, 0.1),
2625 ("src='iface', dst='All 1's'", None, all_1s,
2626 ICMPv6EchoRequest(id=0xb, seq=5, data=icmpv6_data), None, 0.1),
2627 ("src='All 1's', dst='All 1's'", all_1s, all_1s,
2628 ICMPv6EchoRequest(id=0xb, seq=5, data=icmpv6_data), None, 0.1),
2631 def test_ip_input_no_replies(self, name, src, dst, l4, msg, timeout):
2633 self._testMethodDoc = 'IPv6 Input Exception - %s' % name
2635 p_version = (Ether(src=self.pg0.remote_mac,
2636 dst=self.pg0.local_mac) /
2637 IPv6(src=src or self.pg0.remote_ip6,
2638 dst=dst or self.pg1.remote_ip6,
2643 self.send_and_assert_no_replies(self.pg0, p_version * NUM_PKTS,
2647 def test_hop_by_hop(self):
2648 """ Hop-by-hop header test """
2650 p = (Ether(src=self.pg0.remote_mac,
2651 dst=self.pg0.local_mac) /
2652 IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6) /
2653 IPv6ExtHdrHopByHop() /
2654 inet6.UDP(sport=1234, dport=1234) /
2657 self.pg0.add_stream(p)
2658 self.pg_enable_capture(self.pg_interfaces)
2662 class TestIP6Replace(VppTestCase):
2663 """ IPv6 Table Replace """
2666 def setUpClass(cls):
2667 super(TestIP6Replace, cls).setUpClass()
2670 def tearDownClass(cls):
2671 super(TestIP6Replace, cls).tearDownClass()
2674 super(TestIP6Replace, self).setUp()
2676 self.create_pg_interfaces(range(4))
2681 for i in self.pg_interfaces:
2684 i.generate_remote_hosts(2)
2685 self.tables.append(VppIpTable(self, table_id,
2686 True).add_vpp_config())
2690 super(TestIP6Replace, self).tearDown()
2691 for i in self.pg_interfaces:
2695 def test_replace(self):
2696 """ IP Table Replace """
2698 MRouteItfFlags = VppEnum.vl_api_mfib_itf_flags_t
2699 MRouteEntryFlags = VppEnum.vl_api_mfib_entry_flags_t
2701 links = [self.pg0, self.pg1, self.pg2, self.pg3]
2702 routes = [[], [], [], []]
2704 # the sizes of 'empty' tables
2705 for t in self.tables:
2706 self.assertEqual(len(t.dump()), 2)
2707 self.assertEqual(len(t.mdump()), 5)
2709 # load up the tables with some routes
2710 for ii, t in enumerate(self.tables):
2711 for jj in range(1, N_ROUTES):
2713 self, "2001::%d" % jj if jj != 0 else "2001::", 128,
2714 [VppRoutePath(links[ii].remote_hosts[0].ip6,
2715 links[ii].sw_if_index),
2716 VppRoutePath(links[ii].remote_hosts[1].ip6,
2717 links[ii].sw_if_index)],
2718 table_id=t.table_id).add_vpp_config()
2719 multi = VppIpMRoute(
2721 "ff:2001::%d" % jj, 128,
2722 MRouteEntryFlags.MFIB_API_ENTRY_FLAG_NONE,
2723 [VppMRoutePath(self.pg0.sw_if_index,
2724 MRouteItfFlags.MFIB_API_ITF_FLAG_ACCEPT,
2725 proto=FibPathProto.FIB_PATH_NH_PROTO_IP6),
2726 VppMRoutePath(self.pg1.sw_if_index,
2727 MRouteItfFlags.MFIB_API_ITF_FLAG_FORWARD,
2728 proto=FibPathProto.FIB_PATH_NH_PROTO_IP6),
2729 VppMRoutePath(self.pg2.sw_if_index,
2730 MRouteItfFlags.MFIB_API_ITF_FLAG_FORWARD,
2731 proto=FibPathProto.FIB_PATH_NH_PROTO_IP6),
2732 VppMRoutePath(self.pg3.sw_if_index,
2733 MRouteItfFlags.MFIB_API_ITF_FLAG_FORWARD,
2734 proto=FibPathProto.FIB_PATH_NH_PROTO_IP6)],
2735 table_id=t.table_id).add_vpp_config()
2736 routes[ii].append({'uni': uni,
2740 # replace the tables a few times
2743 # replace each table
2744 for t in self.tables:
2747 # all the routes are still there
2748 for ii, t in enumerate(self.tables):
2751 for r in routes[ii]:
2752 self.assertTrue(find_route_in_dump(dump, r['uni'], t))
2753 self.assertTrue(find_mroute_in_dump(mdump, r['multi'], t))
2755 # redownload the even numbered routes
2756 for ii, t in enumerate(self.tables):
2757 for jj in range(0, N_ROUTES, 2):
2758 routes[ii][jj]['uni'].add_vpp_config()
2759 routes[ii][jj]['multi'].add_vpp_config()
2761 # signal each table converged
2762 for t in self.tables:
2765 # we should find the even routes, but not the odd
2766 for ii, t in enumerate(self.tables):
2769 for jj in range(0, N_ROUTES, 2):
2770 self.assertTrue(find_route_in_dump(
2771 dump, routes[ii][jj]['uni'], t))
2772 self.assertTrue(find_mroute_in_dump(
2773 mdump, routes[ii][jj]['multi'], t))
2774 for jj in range(1, N_ROUTES - 1, 2):
2775 self.assertFalse(find_route_in_dump(
2776 dump, routes[ii][jj]['uni'], t))
2777 self.assertFalse(find_mroute_in_dump(
2778 mdump, routes[ii][jj]['multi'], t))
2780 # reload all the routes
2781 for ii, t in enumerate(self.tables):
2782 for r in routes[ii]:
2783 r['uni'].add_vpp_config()
2784 r['multi'].add_vpp_config()
2786 # all the routes are still there
2787 for ii, t in enumerate(self.tables):
2790 for r in routes[ii]:
2791 self.assertTrue(find_route_in_dump(dump, r['uni'], t))
2792 self.assertTrue(find_mroute_in_dump(mdump, r['multi'], t))
2795 # finally flush the tables for good measure
2797 for t in self.tables:
2799 self.assertEqual(len(t.dump()), 2)
2800 self.assertEqual(len(t.mdump()), 5)
2803 class TestIP6AddrReplace(VppTestCase):
2804 """ IPv6 Interface Address Replace """
2807 def setUpClass(cls):
2808 super(TestIP6AddrReplace, cls).setUpClass()
2811 def tearDownClass(cls):
2812 super(TestIP6AddrReplace, cls).tearDownClass()
2815 super(TestIP6AddrReplace, self).setUp()
2817 self.create_pg_interfaces(range(4))
2819 for i in self.pg_interfaces:
2823 super(TestIP6AddrReplace, self).tearDown()
2824 for i in self.pg_interfaces:
2827 def get_n_pfxs(self, intf):
2828 return len(self.vapi.ip_address_dump(intf.sw_if_index, True))
2830 def test_replace(self):
2831 """ IP interface address replace """
2833 intf_pfxs = [[], [], [], []]
2835 # add prefixes to each of the interfaces
2836 for i in range(len(self.pg_interfaces)):
2837 intf = self.pg_interfaces[i]
2840 addr = "2001:16:%d::1" % intf.sw_if_index
2841 a = VppIpInterfaceAddress(self, intf, addr, 64).add_vpp_config()
2842 intf_pfxs[i].append(a)
2844 # 2001:16:x::2/64 - a different address in the same subnet as above
2845 addr = "2001:16:%d::2" % intf.sw_if_index
2846 a = VppIpInterfaceAddress(self, intf, addr, 64).add_vpp_config()
2847 intf_pfxs[i].append(a)
2849 # 2001:15:x::2/64 - a different address and subnet
2850 addr = "2001:15:%d::2" % intf.sw_if_index
2851 a = VppIpInterfaceAddress(self, intf, addr, 64).add_vpp_config()
2852 intf_pfxs[i].append(a)
2854 # a dump should n_address in it
2855 for intf in self.pg_interfaces:
2856 self.assertEqual(self.get_n_pfxs(intf), 3)
2859 # remove all the address thru a replace
2861 self.vapi.sw_interface_address_replace_begin()
2862 self.vapi.sw_interface_address_replace_end()
2863 for intf in self.pg_interfaces:
2864 self.assertEqual(self.get_n_pfxs(intf), 0)
2867 # add all the interface addresses back
2872 for intf in self.pg_interfaces:
2873 self.assertEqual(self.get_n_pfxs(intf), 3)
2876 # replace again, but this time update/re-add the address on the first
2879 self.vapi.sw_interface_address_replace_begin()
2881 for p in intf_pfxs[:2]:
2885 self.vapi.sw_interface_address_replace_end()
2887 # on the first two the address still exist,
2888 # on the other two they do not
2889 for intf in self.pg_interfaces[:2]:
2890 self.assertEqual(self.get_n_pfxs(intf), 3)
2891 for p in intf_pfxs[:2]:
2893 self.assertTrue(v.query_vpp_config())
2894 for intf in self.pg_interfaces[2:]:
2895 self.assertEqual(self.get_n_pfxs(intf), 0)
2898 # add all the interface addresses back on the last two
2900 for p in intf_pfxs[2:]:
2903 for intf in self.pg_interfaces:
2904 self.assertEqual(self.get_n_pfxs(intf), 3)
2907 # replace again, this time add different prefixes on all the interfaces
2909 self.vapi.sw_interface_address_replace_begin()
2912 for intf in self.pg_interfaces:
2914 addr = "2001:18:%d::1" % intf.sw_if_index
2915 pfxs.append(VppIpInterfaceAddress(self, intf, addr,
2916 64).add_vpp_config())
2918 self.vapi.sw_interface_address_replace_end()
2920 # only .18 should exist on each interface
2921 for intf in self.pg_interfaces:
2922 self.assertEqual(self.get_n_pfxs(intf), 1)
2924 self.assertTrue(pfx.query_vpp_config())
2929 self.vapi.sw_interface_address_replace_begin()
2930 self.vapi.sw_interface_address_replace_end()
2931 for intf in self.pg_interfaces:
2932 self.assertEqual(self.get_n_pfxs(intf), 0)
2935 # add prefixes to each interface. post-begin add the prefix from
2936 # interface X onto interface Y. this would normally be an error
2937 # since it would generate a 'duplicate address' warning. but in
2938 # this case, since what is newly downloaded is sane, it's ok
2940 for intf in self.pg_interfaces:
2942 addr = "2001:18:%d::1" % intf.sw_if_index
2943 VppIpInterfaceAddress(self, intf, addr, 64).add_vpp_config()
2945 self.vapi.sw_interface_address_replace_begin()
2948 for intf in self.pg_interfaces:
2950 addr = "2001:18:%d::1" % (intf.sw_if_index + 1)
2951 pfxs.append(VppIpInterfaceAddress(self, intf,
2952 addr, 64).add_vpp_config())
2954 self.vapi.sw_interface_address_replace_end()
2956 self.logger.info(self.vapi.cli("sh int addr"))
2958 for intf in self.pg_interfaces:
2959 self.assertEqual(self.get_n_pfxs(intf), 1)
2961 self.assertTrue(pfx.query_vpp_config())
2964 class TestIP6LinkLocal(VppTestCase):
2965 """ IPv6 Link Local """
2968 def setUpClass(cls):
2969 super(TestIP6LinkLocal, cls).setUpClass()
2972 def tearDownClass(cls):
2973 super(TestIP6LinkLocal, cls).tearDownClass()
2976 super(TestIP6LinkLocal, self).setUp()
2978 self.create_pg_interfaces(range(2))
2980 for i in self.pg_interfaces:
2984 super(TestIP6LinkLocal, self).tearDown()
2985 for i in self.pg_interfaces:
2988 def test_ip6_ll(self):
2989 """ IPv6 Link Local """
2992 # two APIs to add a link local address.
2993 # 1 - just like any other prefix
2994 # 2 - with the special set LL API
2998 # First with the API to set a 'normal' prefix
3005 self.pg0.sw_if_index,
3006 self.pg0.remote_mac,
3007 ll2).add_vpp_config()
3009 VppIpInterfaceAddress(self, self.pg0, ll1, 128).add_vpp_config()
3012 # should be able to ping the ll
3014 p_echo_request_1 = (Ether(src=self.pg0.remote_mac,
3015 dst=self.pg0.local_mac) /
3018 ICMPv6EchoRequest())
3020 self.send_and_expect(self.pg0, [p_echo_request_1], self.pg0)
3023 # change the link-local on pg0
3025 v_ll3 = VppIpInterfaceAddress(self, self.pg0,
3026 ll3, 128).add_vpp_config()
3028 p_echo_request_3 = (Ether(src=self.pg0.remote_mac,
3029 dst=self.pg0.local_mac) /
3032 ICMPv6EchoRequest())
3034 self.send_and_expect(self.pg0, [p_echo_request_3], self.pg0)
3037 # set a normal v6 prefix on the link
3039 self.pg0.config_ip6()
3041 self.send_and_expect(self.pg0, [p_echo_request_3], self.pg0)
3043 # the link-local cannot be removed
3044 with self.vapi.assert_negative_api_retval():
3045 v_ll3.remove_vpp_config()
3048 # Use the specific link-local API on pg1
3050 VppIp6LinkLocalAddress(self, self.pg1, ll1).add_vpp_config()
3051 self.send_and_expect(self.pg1, [p_echo_request_1], self.pg1)
3053 VppIp6LinkLocalAddress(self, self.pg1, ll3).add_vpp_config()
3054 self.send_and_expect(self.pg1, [p_echo_request_3], self.pg1)
3056 def test_ip6_ll_p2p(self):
3057 """ IPv6 Link Local P2P (GRE)"""
3059 self.pg0.config_ip4()
3060 self.pg0.resolve_arp()
3061 gre_if = VppGreInterface(self,
3063 self.pg0.remote_ip4).add_vpp_config()
3069 VppIpInterfaceAddress(self, gre_if, ll1, 128).add_vpp_config()
3071 self.logger.info(self.vapi.cli("sh ip6-ll gre0 fe80:2::2"))
3073 p_echo_request_1 = (Ether(src=self.pg0.remote_mac,
3074 dst=self.pg0.local_mac) /
3075 IP(src=self.pg0.remote_ip4,
3076 dst=self.pg0.local_ip4) /
3078 IPv6(src=ll2, dst=ll1) /
3079 ICMPv6EchoRequest())
3080 self.send_and_expect(self.pg0, [p_echo_request_1], self.pg0)
3082 self.pg0.unconfig_ip4()
3083 gre_if.remove_vpp_config()
3085 def test_ip6_ll_p2mp(self):
3086 """ IPv6 Link Local P2MP (GRE)"""
3088 self.pg0.config_ip4()
3089 self.pg0.resolve_arp()
3091 gre_if = VppGreInterface(
3095 mode=(VppEnum.vl_api_tunnel_mode_t.
3096 TUNNEL_API_MODE_MP)).add_vpp_config()
3102 VppIpInterfaceAddress(self, gre_if, ll1, 128).add_vpp_config()
3104 p_echo_request_1 = (Ether(src=self.pg0.remote_mac,
3105 dst=self.pg0.local_mac) /
3106 IP(src=self.pg0.remote_ip4,
3107 dst=self.pg0.local_ip4) /
3109 IPv6(src=ll2, dst=ll1) /
3110 ICMPv6EchoRequest())
3112 # no route back at this point
3113 self.send_and_assert_no_replies(self.pg0, [p_echo_request_1])
3115 # add teib entry for the peer
3116 teib = VppTeib(self, gre_if, ll2, self.pg0.remote_ip4)
3117 teib.add_vpp_config()
3119 self.logger.info(self.vapi.cli("sh ip6-ll gre0 %s" % ll2))
3120 self.send_and_expect(self.pg0, [p_echo_request_1], self.pg0)
3123 self.pg0.unconfig_ip4()
3126 class TestIPv6PathMTU(VppTestCase):
3127 """ IPv6 Path MTU """
3130 super(TestIPv6PathMTU, self).setUp()
3132 self.create_pg_interfaces(range(2))
3134 # setup all interfaces
3135 for i in self.pg_interfaces:
3141 super(TestIPv6PathMTU, self).tearDown()
3142 for i in self.pg_interfaces:
3146 def test_path_mtu_local(self):
3147 """ Path MTU for attached neighbour """
3149 self.vapi.cli("set log class ip level debug")
3151 # The goal here is not test that fragmentation works correctly,
3152 # that's done elsewhere, the intent is to ensure that the Path MTU
3153 # settings are honoured.
3157 # IPv6 will only frag locally generated packets, so use tunnelled
3158 # packets post encap
3160 tun = VppIpIpTunInterface(
3164 self.pg1.remote_ip6)
3165 tun.add_vpp_config()
3169 # set the interface MTU to a reasonable value
3170 self.vapi.sw_interface_set_mtu(self.pg1.sw_if_index,
3173 p_6k = (Ether(dst=self.pg0.local_mac,
3174 src=self.pg0.remote_mac) /
3175 IPv6(src=self.pg0.remote_ip6,
3176 dst=tun.remote_ip6) /
3177 UDP(sport=1234, dport=5678) /
3179 p_2k = (Ether(dst=self.pg0.local_mac,
3180 src=self.pg0.remote_mac) /
3181 IPv6(src=self.pg0.remote_ip6,
3182 dst=tun.remote_ip6) /
3183 UDP(sport=1234, dport=5678) /
3185 p_1k = (Ether(dst=self.pg0.local_mac,
3186 src=self.pg0.remote_mac) /
3187 IPv6(src=self.pg0.remote_ip6,
3188 dst=tun.remote_ip6) /
3189 UDP(sport=1234, dport=5678) /
3192 nbr = VppNeighbor(self,
3193 self.pg1.sw_if_index,
3194 self.pg1.remote_mac,
3195 self.pg1.remote_ip6).add_vpp_config()
3197 # this is now the interface MTU frags
3198 self.send_and_expect(self.pg0, [p_6k], self.pg1, n_rx=4)
3199 self.send_and_expect(self.pg0, [p_2k], self.pg1, n_rx=2)
3200 self.send_and_expect(self.pg0, [p_1k], self.pg1)
3202 # drop the path MTU for this neighbour to below the interface MTU
3204 pmtu = VppIpPathMtu(self, self.pg1.remote_ip6, 1300).add_vpp_config()
3206 # print/format the adj delegate and trackers
3207 self.logger.info(self.vapi.cli("sh ip pmtu"))
3208 self.logger.info(self.vapi.cli("sh adj 7"))
3210 self.send_and_expect(self.pg0, [p_2k], self.pg1, n_rx=3)
3211 self.send_and_expect(self.pg0, [p_1k], self.pg1, n_rx=2)
3213 # increase the path MTU to more than the interface
3214 # expect to use the interface MTU
3217 self.send_and_expect(self.pg0, [p_2k], self.pg1, n_rx=2)
3218 self.send_and_expect(self.pg0, [p_1k], self.pg1)
3220 # go back to an MTU from the path
3223 self.send_and_expect(self.pg0, [p_2k], self.pg1, n_rx=3)
3224 self.send_and_expect(self.pg0, [p_1k], self.pg1, n_rx=2)
3226 # raise the interface's MTU
3227 # should still use that of the path
3228 self.vapi.sw_interface_set_mtu(self.pg1.sw_if_index,
3230 self.send_and_expect(self.pg0, [p_2k], self.pg1, n_rx=3)
3231 self.send_and_expect(self.pg0, [p_1k], self.pg1, n_rx=2)
3233 # set path high and interface low
3235 self.vapi.sw_interface_set_mtu(self.pg1.sw_if_index,
3237 self.send_and_expect(self.pg0, [p_2k], self.pg1, n_rx=3)
3238 self.send_and_expect(self.pg0, [p_1k], self.pg1, n_rx=2)
3240 # remove the path MTU
3241 self.vapi.sw_interface_set_mtu(self.pg1.sw_if_index,
3245 self.send_and_expect(self.pg0, [p_2k], self.pg1, n_rx=2)
3246 self.send_and_expect(self.pg0, [p_1k], self.pg1)
3248 def test_path_mtu_remote(self):
3249 """ Path MTU for remote neighbour """
3251 self.vapi.cli("set log class ip level debug")
3253 # The goal here is not test that fragmentation works correctly,
3254 # that's done elsewhere, the intent is to ensure that the Path MTU
3255 # settings are honoured.
3261 [VppRoutePath(self.pg1.remote_ip6,
3262 self.pg1.sw_if_index)]).add_vpp_config()
3265 # IPv6 will only frag locally generated packets, so use tunnelled
3266 # packets post encap
3268 tun = VppIpIpTunInterface(
3273 tun.add_vpp_config()
3277 # set the interface MTU to a reasonable value
3278 self.vapi.sw_interface_set_mtu(self.pg1.sw_if_index,
3281 p_2k = (Ether(dst=self.pg0.local_mac,
3282 src=self.pg0.remote_mac) /
3283 IPv6(src=self.pg0.remote_ip6,
3284 dst=tun.remote_ip6) /
3285 UDP(sport=1234, dport=5678) /
3287 p_1k = (Ether(dst=self.pg0.local_mac,
3288 src=self.pg0.remote_mac) /
3289 IPv6(src=self.pg0.remote_ip6,
3290 dst=tun.remote_ip6) /
3291 UDP(sport=1234, dport=5678) /
3294 nbr = VppNeighbor(self,
3295 self.pg1.sw_if_index,
3296 self.pg1.remote_mac,
3297 self.pg1.remote_ip6).add_vpp_config()
3299 # this is now the interface MTU frags
3300 self.send_and_expect(self.pg0, [p_2k], self.pg1, n_rx=2)
3301 self.send_and_expect(self.pg0, [p_1k], self.pg1)
3303 # drop the path MTU for this neighbour to below the interface MTU
3305 pmtu = VppIpPathMtu(self, tun_dst, 1300).add_vpp_config()
3307 # print/format the fib entry/dpo
3308 self.logger.info(self.vapi.cli("sh ip6 fib 2001::1"))
3310 self.send_and_expect(self.pg0, [p_2k], self.pg1, n_rx=3)
3311 self.send_and_expect(self.pg0, [p_1k], self.pg1, n_rx=2)
3313 # increase the path MTU to more than the interface
3314 # expect to use the interface MTU
3317 self.send_and_expect(self.pg0, [p_2k], self.pg1, n_rx=2)
3318 self.send_and_expect(self.pg0, [p_1k], self.pg1)
3320 # go back to an MTU from the path
3323 self.send_and_expect(self.pg0, [p_2k], self.pg1, n_rx=3)
3324 self.send_and_expect(self.pg0, [p_1k], self.pg1, n_rx=2)
3326 # raise the interface's MTU
3327 # should still use that of the path
3328 self.vapi.sw_interface_set_mtu(self.pg1.sw_if_index,
3330 self.send_and_expect(self.pg0, [p_2k], self.pg1, n_rx=3)
3331 self.send_and_expect(self.pg0, [p_1k], self.pg1, n_rx=2)
3333 # turn the tun_dst into an attached neighbour
3334 route.modify([VppRoutePath("::",
3335 self.pg1.sw_if_index)])
3336 nbr2 = VppNeighbor(self,
3337 self.pg1.sw_if_index,
3338 self.pg1.remote_mac,
3339 tun_dst).add_vpp_config()
3341 self.send_and_expect(self.pg0, [p_2k], self.pg1, n_rx=3)
3342 self.send_and_expect(self.pg0, [p_1k], self.pg1, n_rx=2)
3344 # add back to not attached
3345 nbr2.remove_vpp_config()
3346 route.modify([VppRoutePath(self.pg1.remote_ip6,
3347 self.pg1.sw_if_index)])
3349 # set path high and interface low
3351 self.vapi.sw_interface_set_mtu(self.pg1.sw_if_index,
3353 self.send_and_expect(self.pg0, [p_2k], self.pg1, n_rx=3)
3354 self.send_and_expect(self.pg0, [p_1k], self.pg1, n_rx=2)
3356 # remove the path MTU
3357 self.vapi.sw_interface_set_mtu(self.pg1.sw_if_index,
3359 pmtu.remove_vpp_config()
3360 self.send_and_expect(self.pg0, [p_2k], self.pg1, n_rx=2)
3361 self.send_and_expect(self.pg0, [p_1k], self.pg1)
3364 class TestIPFibSource(VppTestCase):
3365 """ IPv6 Table FibSource """
3368 def setUpClass(cls):
3369 super(TestIPFibSource, cls).setUpClass()
3372 def tearDownClass(cls):
3373 super(TestIPFibSource, cls).tearDownClass()
3376 super(TestIPFibSource, self).setUp()
3378 self.create_pg_interfaces(range(2))
3380 for i in self.pg_interfaces:
3384 i.generate_remote_hosts(2)
3385 i.configure_ipv6_neighbors()
3388 super(TestIPFibSource, self).tearDown()
3389 for i in self.pg_interfaces:
3393 def test_fib_source(self):
3394 """ IP Table FibSource """
3396 routes = self.vapi.ip_route_v2_dump(0, True)
3398 # 2 interfaces (4 routes) + 2 specials + 4 neighbours = 10 routes
3399 self.assertEqual(len(routes), 10)
3401 # dump all the sources in the FIB
3402 sources = self.vapi.fib_source_dump()
3403 for source in sources:
3404 if (source.src.name == "API"):
3405 api_source = source.src
3406 if (source.src.name == "interface"):
3407 intf_source = source.src
3408 if (source.src.name == "adjacency"):
3409 adj_source = source.src
3410 if (source.src.name == "special"):
3411 special_source = source.src
3412 if (source.src.name == "default-route"):
3413 dr_source = source.src
3415 # dump the individual route types
3416 routes = self.vapi.ip_route_v2_dump(0, True, src=adj_source.id)
3417 self.assertEqual(len(routes), 4)
3418 routes = self.vapi.ip_route_v2_dump(0, True, src=intf_source.id)
3419 self.assertEqual(len(routes), 4)
3420 routes = self.vapi.ip_route_v2_dump(0, True, src=special_source.id)
3421 self.assertEqual(len(routes), 1)
3422 routes = self.vapi.ip_route_v2_dump(0, True, src=dr_source.id)
3423 self.assertEqual(len(routes), 1)
3425 # add a new soure that'a better than the API
3426 self.vapi.fib_source_add(src={'name': "bgp",
3427 "priority": api_source.priority - 1})
3429 # dump all the sources to check our new one is there
3430 sources = self.vapi.fib_source_dump()
3432 for source in sources:
3433 if (source.src.name == "bgp"):
3434 bgp_source = source.src
3436 self.assertTrue(bgp_source)
3437 self.assertEqual(bgp_source.priority,
3438 api_source.priority - 1)
3440 # add a route with the default API source
3442 self, "2001::1", 128,
3443 [VppRoutePath(self.pg0.remote_ip6,
3444 self.pg0.sw_if_index)]).add_vpp_config()
3446 r2 = VppIpRouteV2(self, "2001::1", 128,
3447 [VppRoutePath(self.pg1.remote_ip6,
3448 self.pg1.sw_if_index)],
3449 src=bgp_source.id).add_vpp_config()
3451 # ensure the BGP source takes priority
3452 p = (Ether(src=self.pg0.remote_mac,
3453 dst=self.pg0.local_mac) /
3454 IPv6(src=self.pg0.remote_ip6, dst="2001::1") /
3455 inet6.UDP(sport=1234, dport=1234) /
3458 self.send_and_expect(self.pg0, [p], self.pg1)
3460 r2.remove_vpp_config()
3461 r1.remove_vpp_config()
3463 self.assertFalse(find_route(self, "2001::1", 128))
3466 class TestIPxAF(VppTestCase):
3470 def setUpClass(cls):
3471 super(TestIPxAF, cls).setUpClass()
3474 def tearDownClass(cls):
3475 super(TestIPxAF, cls).tearDownClass()
3478 super(TestIPxAF, self).setUp()
3480 self.create_pg_interfaces(range(2))
3482 for i in self.pg_interfaces:
3490 super(TestIPxAF, self).tearDown()
3491 for i in self.pg_interfaces:
3496 def test_x_af(self):
3497 """ Cross AF routing """
3500 # a v4 route via a v6 attached next-hop
3502 self, "1.1.1.1", 32,
3503 [VppRoutePath(self.pg1.remote_ip6,
3504 self.pg1.sw_if_index)]).add_vpp_config()
3506 p = (Ether(src=self.pg0.remote_mac,
3507 dst=self.pg0.local_mac) /
3508 IP(src=self.pg0.remote_ip4, dst="1.1.1.1") /
3509 UDP(sport=1234, dport=1234) /
3511 rxs = self.send_and_expect(self.pg0, p * N_PKTS, self.pg1)
3514 self.assertEqual(rx[IP].dst, "1.1.1.1")
3516 # a v6 route via a v4 attached next-hop
3518 self, "2001::1", 128,
3519 [VppRoutePath(self.pg1.remote_ip4,
3520 self.pg1.sw_if_index)]).add_vpp_config()
3522 p = (Ether(src=self.pg0.remote_mac,
3523 dst=self.pg0.local_mac) /
3524 IPv6(src=self.pg0.remote_ip6, dst="2001::1") /
3525 UDP(sport=1234, dport=1234) /
3527 rxs = self.send_and_expect(self.pg0, p * N_PKTS, self.pg1)
3530 self.assertEqual(rx[IPv6].dst, "2001::1")
3532 # a recursive v4 route via a v6 next-hop (from above)
3534 self, "2.2.2.2", 32,
3535 [VppRoutePath("2001::1",
3536 0xffffffff)]).add_vpp_config()
3538 p = (Ether(src=self.pg0.remote_mac,
3539 dst=self.pg0.local_mac) /
3540 IP(src=self.pg0.remote_ip4, dst="2.2.2.2") /
3541 UDP(sport=1234, dport=1234) /
3543 rxs = self.send_and_expect(self.pg0, p * N_PKTS, self.pg1)
3545 # a recursive v4 route via a v6 next-hop
3547 self, "2.2.2.3", 32,
3548 [VppRoutePath(self.pg1.remote_ip6,
3549 0xffffffff)]).add_vpp_config()
3551 p = (Ether(src=self.pg0.remote_mac,
3552 dst=self.pg0.local_mac) /
3553 IP(src=self.pg0.remote_ip4, dst="2.2.2.3") /
3554 UDP(sport=1234, dport=1234) /
3556 rxs = self.send_and_expect(self.pg0, p * N_PKTS, self.pg1)
3558 # a recursive v6 route via a v4 next-hop
3560 self, "3001::1", 128,
3561 [VppRoutePath(self.pg1.remote_ip4,
3562 0xffffffff)]).add_vpp_config()
3564 p = (Ether(src=self.pg0.remote_mac,
3565 dst=self.pg0.local_mac) /
3566 IPv6(src=self.pg0.remote_ip6, dst="3001::1") /
3567 UDP(sport=1234, dport=1234) /
3569 rxs = self.send_and_expect(self.pg0, p * N_PKTS, self.pg1)
3572 self.assertEqual(rx[IPv6].dst, "3001::1")
3575 self, "3001::2", 128,
3576 [VppRoutePath("1.1.1.1",
3577 0xffffffff)]).add_vpp_config()
3579 p = (Ether(src=self.pg0.remote_mac,
3580 dst=self.pg0.local_mac) /
3581 IPv6(src=self.pg0.remote_ip6, dst="3001::2") /
3582 UDP(sport=1234, dport=1234) /
3584 rxs = self.send_and_expect(self.pg0, p * N_PKTS, self.pg1)
3587 self.assertEqual(rx[IPv6].dst, "3001::2")
3590 class TestIPv6Punt(VppTestCase):
3591 """ IPv6 Punt Police/Redirect """
3594 super(TestIPv6Punt, self).setUp()
3595 self.create_pg_interfaces(range(4))
3597 for i in self.pg_interfaces:
3603 super(TestIPv6Punt, self).tearDown()
3604 for i in self.pg_interfaces:
3608 def test_ip6_punt(self):
3609 """ IPv6 punt police and redirect """
3611 # use UDP packet that have a port we need to explicitly
3612 # register to get punted.
3613 pt_l4 = VppEnum.vl_api_punt_type_t.PUNT_API_TYPE_L4
3614 af_ip6 = VppEnum.vl_api_address_family_t.ADDRESS_IP6
3615 udp_proto = VppEnum.vl_api_ip_proto_t.IP_API_PROTO_UDP
3621 'protocol': udp_proto,
3627 self.vapi.set_punt(is_add=1, punt=punt_udp)
3629 pkts = (Ether(src=self.pg0.remote_mac,
3630 dst=self.pg0.local_mac) /
3631 IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6) /
3632 UDP(sport=1234, dport=7654) /
3633 Raw(b'\xa5' * 100)) * 1025
3636 # Configure a punt redirect via pg1.
3638 nh_addr = self.pg1.remote_ip6
3639 ip_punt_redirect = VppIpPuntRedirect(self, self.pg0.sw_if_index,
3640 self.pg1.sw_if_index, nh_addr)
3641 ip_punt_redirect.add_vpp_config()
3643 self.send_and_expect(self.pg0, pkts, self.pg1)
3648 policer = VppPolicer(self, "ip6-punt", 400, 0, 10, 0, rate_type=1)
3649 policer.add_vpp_config()
3650 ip_punt_policer = VppIpPuntPolicer(self, policer.policer_index,
3652 ip_punt_policer.add_vpp_config()
3654 self.vapi.cli("clear trace")
3655 self.pg0.add_stream(pkts)
3656 self.pg_enable_capture(self.pg_interfaces)
3660 # the number of packet received should be greater than 0,
3661 # but not equal to the number sent, since some were policed
3663 rx = self.pg1._get_capture(1)
3665 stats = policer.get_stats()
3667 # Single rate policer - expect conform, violate but no exceed
3668 self.assertGreater(stats['conform_packets'], 0)
3669 self.assertEqual(stats['exceed_packets'], 0)
3670 self.assertGreater(stats['violate_packets'], 0)
3672 self.assertGreater(len(rx), 0)
3673 self.assertLess(len(rx), len(pkts))
3676 # remove the policer. back to full rx
3678 ip_punt_policer.remove_vpp_config()
3679 policer.remove_vpp_config()
3680 self.send_and_expect(self.pg0, pkts, self.pg1)
3683 # remove the redirect. expect full drop.
3685 ip_punt_redirect.remove_vpp_config()
3686 self.send_and_assert_no_replies(self.pg0, pkts,
3687 "IP no punt config")
3690 # Add a redirect that is not input port selective
3692 ip_punt_redirect = VppIpPuntRedirect(self, 0xffffffff,
3693 self.pg1.sw_if_index, nh_addr)
3694 ip_punt_redirect.add_vpp_config()
3695 self.send_and_expect(self.pg0, pkts, self.pg1)
3696 ip_punt_redirect.remove_vpp_config()
3698 def test_ip6_punt_dump(self):
3699 """ IPv6 punt redirect dump"""
3702 # Configure a punt redirects
3704 nh_address = self.pg3.remote_ip6
3705 ipr_03 = VppIpPuntRedirect(self, self.pg0.sw_if_index,
3706 self.pg3.sw_if_index, nh_address)
3707 ipr_13 = VppIpPuntRedirect(self, self.pg1.sw_if_index,
3708 self.pg3.sw_if_index, nh_address)
3709 ipr_23 = VppIpPuntRedirect(self, self.pg2.sw_if_index,
3710 self.pg3.sw_if_index, "::")
3711 ipr_03.add_vpp_config()
3712 ipr_13.add_vpp_config()
3713 ipr_23.add_vpp_config()
3716 # Dump pg0 punt redirects
3718 self.assertTrue(ipr_03.query_vpp_config())
3719 self.assertTrue(ipr_13.query_vpp_config())
3720 self.assertTrue(ipr_23.query_vpp_config())
3723 # Dump punt redirects for all interfaces
3725 punts = self.vapi.ip_punt_redirect_dump(sw_if_index=0xffffffff,
3727 self.assertEqual(len(punts), 3)
3729 self.assertEqual(p.punt.tx_sw_if_index, self.pg3.sw_if_index)
3730 self.assertNotEqual(punts[1].punt.nh, self.pg3.remote_ip6)
3731 self.assertEqual(str(punts[2].punt.nh), '::')
3734 if __name__ == '__main__':
3735 unittest.main(testRunner=VppTestRunner)