4 from socket import inet_pton, inet_ntop
7 from parameterized import parameterized
9 import scapy.layers.inet6 as inet6
10 from scapy.layers.inet import UDP, IP
11 from scapy.contrib.mpls import MPLS
12 from scapy.layers.inet6 import IPv6, ICMPv6ND_NS, ICMPv6ND_RS, \
13 ICMPv6ND_RA, ICMPv6NDOptMTU, ICMPv6NDOptSrcLLAddr, ICMPv6NDOptPrefixInfo, \
14 ICMPv6ND_NA, ICMPv6NDOptDstLLAddr, ICMPv6DestUnreach, icmp6types, \
15 ICMPv6TimeExceeded, ICMPv6EchoRequest, ICMPv6EchoReply, \
16 IPv6ExtHdrHopByHop, ICMPv6MLReport2, ICMPv6MLDMultAddrRec
17 from scapy.layers.l2 import Ether, Dot1Q, GRE
18 from scapy.packet import Raw
19 from scapy.utils6 import in6_getnsma, in6_getnsmac, in6_ptop, in6_islladdr, \
23 from framework import VppTestCase, VppTestRunner, tag_run_solo
24 from util import ppp, ip6_normalize, mk_ll_addr
25 from vpp_papi import VppEnum
26 from vpp_ip import DpoProto, VppIpPuntPolicer, VppIpPuntRedirect, VppIpPathMtu
27 from vpp_ip_route import VppIpRoute, VppRoutePath, find_route, VppIpMRoute, \
28 VppMRoutePath, VppMplsIpBind, \
29 VppMplsRoute, VppMplsTable, VppIpTable, FibPathType, FibPathProto, \
30 VppIpInterfaceAddress, find_route_in_dump, find_mroute_in_dump, \
31 VppIp6LinkLocalAddress, VppIpRouteV2
32 from vpp_neighbor import find_nbr, VppNeighbor
33 from vpp_ipip_tun_interface import VppIpIpTunInterface
34 from vpp_pg_interface import is_ipv6_misc
35 from vpp_sub_interface import VppSubInterface, VppDot1QSubint
36 from vpp_policer import VppPolicer, PolicerAction
37 from ipaddress import IPv6Network, IPv6Address
38 from vpp_gre_interface import VppGreInterface
39 from vpp_teib import VppTeib
41 AF_INET6 = socket.AF_INET6
51 class TestIPv6ND(VppTestCase):
52 def validate_ra(self, intf, rx, dst_ip=None):
54 dst_ip = intf.remote_ip6
56 # unicasted packets must come to the unicast mac
57 self.assertEqual(rx[Ether].dst, intf.remote_mac)
59 # and from the router's MAC
60 self.assertEqual(rx[Ether].src, intf.local_mac)
62 # the rx'd RA should be addressed to the sender's source
63 self.assertTrue(rx.haslayer(ICMPv6ND_RA))
64 self.assertEqual(in6_ptop(rx[IPv6].dst),
67 # and come from the router's link local
68 self.assertTrue(in6_islladdr(rx[IPv6].src))
69 self.assertEqual(in6_ptop(rx[IPv6].src),
70 in6_ptop(mk_ll_addr(intf.local_mac)))
72 def validate_na(self, intf, rx, dst_ip=None, tgt_ip=None):
74 dst_ip = intf.remote_ip6
76 dst_ip = intf.local_ip6
78 # unicasted packets must come to the unicast mac
79 self.assertEqual(rx[Ether].dst, intf.remote_mac)
81 # and from the router's MAC
82 self.assertEqual(rx[Ether].src, intf.local_mac)
84 # the rx'd NA should be addressed to the sender's source
85 self.assertTrue(rx.haslayer(ICMPv6ND_NA))
86 self.assertEqual(in6_ptop(rx[IPv6].dst),
89 # and come from the target address
91 in6_ptop(rx[IPv6].src), in6_ptop(tgt_ip))
93 # Dest link-layer options should have the router's MAC
94 dll = rx[ICMPv6NDOptDstLLAddr]
95 self.assertEqual(dll.lladdr, intf.local_mac)
97 def validate_ns(self, intf, rx, tgt_ip):
98 nsma = in6_getnsma(inet_pton(AF_INET6, tgt_ip))
99 dst_ip = inet_ntop(AF_INET6, nsma)
102 self.assertEqual(rx[Ether].dst, in6_getnsmac(nsma))
104 # and from the router's MAC
105 self.assertEqual(rx[Ether].src, intf.local_mac)
107 # the rx'd NS should be addressed to an mcast address
108 # derived from the target address
110 in6_ptop(rx[IPv6].dst), in6_ptop(dst_ip))
112 # expect the tgt IP in the NS header
114 self.assertEqual(in6_ptop(ns.tgt), in6_ptop(tgt_ip))
116 # packet is from the router's local address
118 in6_ptop(rx[IPv6].src), intf.local_ip6)
120 # Src link-layer options should have the router's MAC
121 sll = rx[ICMPv6NDOptSrcLLAddr]
122 self.assertEqual(sll.lladdr, intf.local_mac)
124 def send_and_expect_ra(self, intf, pkts, remark, dst_ip=None,
125 filter_out_fn=is_ipv6_misc):
126 intf.add_stream(pkts)
127 self.pg_enable_capture(self.pg_interfaces)
129 rx = intf.get_capture(1, filter_out_fn=filter_out_fn)
131 self.assertEqual(len(rx), 1)
133 self.validate_ra(intf, rx, dst_ip)
135 def send_and_expect_na(self, intf, pkts, remark, dst_ip=None,
137 filter_out_fn=is_ipv6_misc):
138 intf.add_stream(pkts)
139 self.pg_enable_capture(self.pg_interfaces)
141 rx = intf.get_capture(1, filter_out_fn=filter_out_fn)
143 self.assertEqual(len(rx), 1)
145 self.validate_na(intf, rx, dst_ip, tgt_ip)
147 def send_and_expect_ns(self, tx_intf, rx_intf, pkts, tgt_ip,
148 filter_out_fn=is_ipv6_misc):
149 self.vapi.cli("clear trace")
150 tx_intf.add_stream(pkts)
151 self.pg_enable_capture(self.pg_interfaces)
153 rx = rx_intf.get_capture(1, filter_out_fn=filter_out_fn)
155 self.assertEqual(len(rx), 1)
157 self.validate_ns(rx_intf, rx, tgt_ip)
159 def verify_ip(self, rx, smac, dmac, sip, dip):
161 self.assertEqual(ether.dst, dmac)
162 self.assertEqual(ether.src, smac)
165 self.assertEqual(ip.src, sip)
166 self.assertEqual(ip.dst, dip)
170 class TestIPv6(TestIPv6ND):
171 """ IPv6 Test Case """
175 super(TestIPv6, cls).setUpClass()
178 def tearDownClass(cls):
179 super(TestIPv6, cls).tearDownClass()
183 Perform test setup before test case.
186 - create 3 pg interfaces
187 - untagged pg0 interface
188 - Dot1Q subinterface on pg1
189 - Dot1AD subinterface on pg2
191 - put it into UP state
193 - resolve neighbor address using NDP
194 - configure 200 fib entries
196 :ivar list interfaces: pg interfaces and subinterfaces.
197 :ivar dict flows: IPv4 packet flows in test.
199 *TODO:* Create AD sub interface
201 super(TestIPv6, self).setUp()
203 # create 3 pg interfaces
204 self.create_pg_interfaces(range(3))
206 # create 2 subinterfaces for p1 and pg2
207 self.sub_interfaces = [
208 VppDot1QSubint(self, self.pg1, 100),
209 VppDot1QSubint(self, self.pg2, 200)
210 # TODO: VppDot1ADSubint(self, self.pg2, 200, 300, 400)
213 # packet flows mapping pg0 -> pg1.sub, pg2.sub, etc.
215 self.flows[self.pg0] = [self.pg1.sub_if, self.pg2.sub_if]
216 self.flows[self.pg1.sub_if] = [self.pg0, self.pg2.sub_if]
217 self.flows[self.pg2.sub_if] = [self.pg0, self.pg1.sub_if]
220 self.pg_if_packet_sizes = [64, 1500, 9020]
222 self.interfaces = list(self.pg_interfaces)
223 self.interfaces.extend(self.sub_interfaces)
225 # setup all interfaces
226 for i in self.interfaces:
232 """Run standard test teardown and log ``show ip6 neighbors``."""
233 for i in self.interfaces:
236 for i in self.sub_interfaces:
237 i.remove_vpp_config()
239 super(TestIPv6, self).tearDown()
240 if not self.vpp_dead:
241 self.logger.info(self.vapi.cli("show ip6 neighbors"))
242 # info(self.vapi.cli("show ip6 fib")) # many entries
244 def modify_packet(self, src_if, packet_size, pkt):
245 """Add load, set destination IP and extend packet to required packet
246 size for defined interface.
248 :param VppInterface src_if: Interface to create packet for.
249 :param int packet_size: Required packet size.
250 :param Scapy pkt: Packet to be modified.
252 dst_if_idx = int(packet_size / 10 % 2)
253 dst_if = self.flows[src_if][dst_if_idx]
254 info = self.create_packet_info(src_if, dst_if)
255 payload = self.info_to_payload(info)
256 p = pkt / Raw(payload)
257 p[IPv6].dst = dst_if.remote_ip6
259 if isinstance(src_if, VppSubInterface):
260 p = src_if.add_dot1_layer(p)
261 self.extend_packet(p, packet_size)
265 def create_stream(self, src_if):
266 """Create input packet stream for defined interface.
268 :param VppInterface src_if: Interface to create packet stream for.
270 hdr_ext = 4 if isinstance(src_if, VppSubInterface) else 0
271 pkt_tmpl = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) /
272 IPv6(src=src_if.remote_ip6) /
273 inet6.UDP(sport=1234, dport=1234))
275 pkts = [self.modify_packet(src_if, i, pkt_tmpl)
276 for i in moves.range(self.pg_if_packet_sizes[0],
277 self.pg_if_packet_sizes[1], 10)]
278 pkts_b = [self.modify_packet(src_if, i, pkt_tmpl)
279 for i in moves.range(self.pg_if_packet_sizes[1] + hdr_ext,
280 self.pg_if_packet_sizes[2] + hdr_ext,
286 def verify_capture(self, dst_if, capture):
287 """Verify captured input packet stream for defined interface.
289 :param VppInterface dst_if: Interface to verify captured packet stream
291 :param list capture: Captured packet stream.
293 self.logger.info("Verifying capture on interface %s" % dst_if.name)
295 for i in self.interfaces:
296 last_info[i.sw_if_index] = None
298 dst_sw_if_index = dst_if.sw_if_index
299 if hasattr(dst_if, 'parent'):
301 for packet in capture:
303 # Check VLAN tags and Ethernet header
304 packet = dst_if.remove_dot1_layer(packet)
305 self.assertTrue(Dot1Q not in packet)
308 udp = packet[inet6.UDP]
309 payload_info = self.payload_to_info(packet[Raw])
310 packet_index = payload_info.index
311 self.assertEqual(payload_info.dst, dst_sw_if_index)
313 "Got packet on port %s: src=%u (id=%u)" %
314 (dst_if.name, payload_info.src, packet_index))
315 next_info = self.get_next_packet_info_for_interface2(
316 payload_info.src, dst_sw_if_index,
317 last_info[payload_info.src])
318 last_info[payload_info.src] = next_info
319 self.assertTrue(next_info is not None)
320 self.assertEqual(packet_index, next_info.index)
321 saved_packet = next_info.data
322 # Check standard fields
324 ip.src, saved_packet[IPv6].src)
326 ip.dst, saved_packet[IPv6].dst)
328 udp.sport, saved_packet[inet6.UDP].sport)
330 udp.dport, saved_packet[inet6.UDP].dport)
332 self.logger.error(ppp("Unexpected or invalid packet:", packet))
334 for i in self.interfaces:
335 remaining_packet = self.get_next_packet_info_for_interface2(
336 i.sw_if_index, dst_sw_if_index, last_info[i.sw_if_index])
337 self.assertTrue(remaining_packet is None,
338 "Interface %s: Packet expected from interface %s "
339 "didn't arrive" % (dst_if.name, i.name))
341 def test_next_header_anomaly(self):
342 """ IPv6 next header anomaly test
345 - ipv6 next header field = Fragment Header (44)
346 - next header is ICMPv6 Echo Request
347 - wait for reassembly
349 pkt = (Ether(src=self.pg0.local_mac, dst=self.pg0.remote_mac) /
350 IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6, nh=44) /
353 self.pg0.add_stream(pkt)
356 # wait for reassembly
363 - Create IPv6 stream for pg0 interface
364 - Create IPv6 tagged streams for pg1's and pg2's subinterface.
365 - Send and verify received packets on each interface.
368 pkts = self.create_stream(self.pg0)
369 self.pg0.add_stream(pkts)
371 for i in self.sub_interfaces:
372 pkts = self.create_stream(i)
373 i.parent.add_stream(pkts)
375 self.pg_enable_capture(self.pg_interfaces)
378 pkts = self.pg0.get_capture()
379 self.verify_capture(self.pg0, pkts)
381 for i in self.sub_interfaces:
382 pkts = i.parent.get_capture()
383 self.verify_capture(i, pkts)
386 """ IPv6 Neighbour Solicitation Exceptions
389 - Send an NS Sourced from an address not covered by the link sub-net
390 - Send an NS to an mcast address the router has not joined
391 - Send NS for a target address the router does not onn.
395 # An NS from a non link source address
397 nsma = in6_getnsma(inet_pton(AF_INET6, self.pg0.local_ip6))
398 d = inet_ntop(AF_INET6, nsma)
400 p = (Ether(dst=in6_getnsmac(nsma)) /
401 IPv6(dst=d, src="2002::2") /
402 ICMPv6ND_NS(tgt=self.pg0.local_ip6) /
403 ICMPv6NDOptSrcLLAddr(
404 lladdr=self.pg0.remote_mac))
407 self.send_and_assert_no_replies(
409 "No response to NS source by address not on sub-net")
412 # An NS for sent to a solicited mcast group the router is
413 # not a member of FAILS
416 nsma = in6_getnsma(inet_pton(AF_INET6, "fd::ffff"))
417 d = inet_ntop(AF_INET6, nsma)
419 p = (Ether(dst=in6_getnsmac(nsma)) /
420 IPv6(dst=d, src=self.pg0.remote_ip6) /
421 ICMPv6ND_NS(tgt=self.pg0.local_ip6) /
422 ICMPv6NDOptSrcLLAddr(
423 lladdr=self.pg0.remote_mac))
426 self.send_and_assert_no_replies(
428 "No response to NS sent to unjoined mcast address")
431 # An NS whose target address is one the router does not own
433 nsma = in6_getnsma(inet_pton(AF_INET6, self.pg0.local_ip6))
434 d = inet_ntop(AF_INET6, nsma)
436 p = (Ether(dst=in6_getnsmac(nsma)) /
437 IPv6(dst=d, src=self.pg0.remote_ip6) /
438 ICMPv6ND_NS(tgt="fd::ffff") /
439 ICMPv6NDOptSrcLLAddr(
440 lladdr=self.pg0.remote_mac))
443 self.send_and_assert_no_replies(self.pg0, pkts,
444 "No response to NS for unknown target")
447 # A neighbor entry that has no associated FIB-entry
449 self.pg0.generate_remote_hosts(4)
450 nd_entry = VppNeighbor(self,
451 self.pg0.sw_if_index,
452 self.pg0.remote_hosts[2].mac,
453 self.pg0.remote_hosts[2].ip6,
455 nd_entry.add_vpp_config()
458 # check we have the neighbor, but no route
460 self.assertTrue(find_nbr(self,
461 self.pg0.sw_if_index,
462 self.pg0._remote_hosts[2].ip6))
463 self.assertFalse(find_route(self,
464 self.pg0._remote_hosts[2].ip6,
468 # send an NS from a link local address to the interface's global
471 p = (Ether(dst=in6_getnsmac(nsma), src=self.pg0.remote_mac) /
473 dst=d, src=self.pg0._remote_hosts[2].ip6_ll) /
474 ICMPv6ND_NS(tgt=self.pg0.local_ip6) /
475 ICMPv6NDOptSrcLLAddr(
476 lladdr=self.pg0.remote_mac))
478 self.send_and_expect_na(self.pg0, p,
479 "NS from link-local",
480 dst_ip=self.pg0._remote_hosts[2].ip6_ll,
481 tgt_ip=self.pg0.local_ip6)
484 # we should have learned an ND entry for the peer's link-local
485 # but not inserted a route to it in the FIB
487 self.assertTrue(find_nbr(self,
488 self.pg0.sw_if_index,
489 self.pg0._remote_hosts[2].ip6_ll))
490 self.assertFalse(find_route(self,
491 self.pg0._remote_hosts[2].ip6_ll,
495 # An NS to the router's own Link-local
497 p = (Ether(dst=in6_getnsmac(nsma), src=self.pg0.remote_mac) /
499 dst=d, src=self.pg0._remote_hosts[3].ip6_ll) /
500 ICMPv6ND_NS(tgt=self.pg0.local_ip6_ll) /
501 ICMPv6NDOptSrcLLAddr(
502 lladdr=self.pg0.remote_mac))
504 self.send_and_expect_na(self.pg0, p,
505 "NS to/from link-local",
506 dst_ip=self.pg0._remote_hosts[3].ip6_ll,
507 tgt_ip=self.pg0.local_ip6_ll)
510 # do not respond to a NS for the peer's address
512 p = (Ether(dst=in6_getnsmac(nsma), src=self.pg0.remote_mac) /
514 src=self.pg0._remote_hosts[3].ip6_ll) /
515 ICMPv6ND_NS(tgt=self.pg0._remote_hosts[3].ip6_ll) /
516 ICMPv6NDOptSrcLLAddr(
517 lladdr=self.pg0.remote_mac))
519 self.send_and_assert_no_replies(self.pg0, p)
522 # we should have learned an ND entry for the peer's link-local
523 # but not inserted a route to it in the FIB
525 self.assertTrue(find_nbr(self,
526 self.pg0.sw_if_index,
527 self.pg0._remote_hosts[3].ip6_ll))
528 self.assertFalse(find_route(self,
529 self.pg0._remote_hosts[3].ip6_ll,
532 def test_ns_duplicates(self):
536 # Generate some hosts on the LAN
538 self.pg1.generate_remote_hosts(3)
541 # Add host 1 on pg1 and pg2
543 ns_pg1 = VppNeighbor(self,
544 self.pg1.sw_if_index,
545 self.pg1.remote_hosts[1].mac,
546 self.pg1.remote_hosts[1].ip6)
547 ns_pg1.add_vpp_config()
548 ns_pg2 = VppNeighbor(self,
549 self.pg2.sw_if_index,
551 self.pg1.remote_hosts[1].ip6)
552 ns_pg2.add_vpp_config()
555 # IP packet destined for pg1 remote host arrives on pg1 again.
557 p = (Ether(dst=self.pg0.local_mac,
558 src=self.pg0.remote_mac) /
559 IPv6(src=self.pg0.remote_ip6,
560 dst=self.pg1.remote_hosts[1].ip6) /
561 inet6.UDP(sport=1234, dport=1234) /
564 self.pg0.add_stream(p)
565 self.pg_enable_capture(self.pg_interfaces)
568 rx1 = self.pg1.get_capture(1)
570 self.verify_ip(rx1[0],
572 self.pg1.remote_hosts[1].mac,
574 self.pg1.remote_hosts[1].ip6)
577 # remove the duplicate on pg1
578 # packet stream should generate NSs out of pg1
580 ns_pg1.remove_vpp_config()
582 self.send_and_expect_ns(self.pg0, self.pg1,
583 p, self.pg1.remote_hosts[1].ip6)
588 ns_pg1.add_vpp_config()
590 self.pg0.add_stream(p)
591 self.pg_enable_capture(self.pg_interfaces)
594 rx1 = self.pg1.get_capture(1)
596 self.verify_ip(rx1[0],
598 self.pg1.remote_hosts[1].mac,
600 self.pg1.remote_hosts[1].ip6)
602 def validate_ra(self, intf, rx, dst_ip=None, src_ip=None,
603 mtu=9000, pi_opt=None):
605 dst_ip = intf.remote_ip6
607 src_ip = mk_ll_addr(intf.local_mac)
609 # unicasted packets must come to the unicast mac
610 self.assertEqual(rx[Ether].dst, intf.remote_mac)
612 # and from the router's MAC
613 self.assertEqual(rx[Ether].src, intf.local_mac)
615 # the rx'd RA should be addressed to the sender's source
616 self.assertTrue(rx.haslayer(ICMPv6ND_RA))
617 self.assertEqual(in6_ptop(rx[IPv6].dst),
620 # and come from the router's link local
621 self.assertTrue(in6_islladdr(rx[IPv6].src))
622 self.assertEqual(in6_ptop(rx[IPv6].src), in6_ptop(src_ip))
624 # it should contain the links MTU
626 self.assertEqual(ra[ICMPv6NDOptMTU].mtu, mtu)
628 # it should contain the source's link layer address option
629 sll = ra[ICMPv6NDOptSrcLLAddr]
630 self.assertEqual(sll.lladdr, intf.local_mac)
633 # the RA should not contain prefix information
634 self.assertFalse(ra.haslayer(
635 ICMPv6NDOptPrefixInfo))
637 raos = rx.getlayer(ICMPv6NDOptPrefixInfo, 1)
639 # the options are nested in the scapy packet in way that i cannot
640 # decipher how to decode. this 1st layer of option always returns
641 # nested classes, so a direct obj1=obj2 comparison always fails.
642 # however, the getlayer(.., 2) does give one instance.
643 # so we cheat here and construct a new opt instance for comparison
644 rd = ICMPv6NDOptPrefixInfo(
645 prefixlen=raos.prefixlen,
649 if type(pi_opt) is list:
650 for ii in range(len(pi_opt)):
651 self.assertEqual(pi_opt[ii], rd)
653 ICMPv6NDOptPrefixInfo, ii + 2)
655 self.assertEqual(pi_opt, raos, 'Expected: %s, received: %s'
656 % (pi_opt.show(dump=True),
657 raos.show(dump=True)))
659 def send_and_expect_ra(self, intf, pkts, remark, dst_ip=None,
660 filter_out_fn=is_ipv6_misc,
663 self.vapi.cli("clear trace")
664 intf.add_stream(pkts)
665 self.pg_enable_capture(self.pg_interfaces)
667 rx = intf.get_capture(1, filter_out_fn=filter_out_fn)
669 self.assertEqual(len(rx), 1)
671 self.validate_ra(intf, rx, dst_ip, src_ip=src_ip, pi_opt=opt)
674 """ IPv6 Router Solicitation Exceptions
679 self.pg0.ip6_ra_config(no=1, suppress=1)
682 # Before we begin change the IPv6 RA responses to use the unicast
683 # address - that way we will not confuse them with the periodic
684 # RAs which go to the mcast address
685 # Sit and wait for the first periodic RA.
689 self.pg0.ip6_ra_config(send_unicast=1)
692 # An RS from a link source address
693 # - expect an RA in return
695 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
696 IPv6(dst=self.pg0.local_ip6, src=self.pg0.remote_ip6) /
699 self.send_and_expect_ra(self.pg0, pkts, "Genuine RS")
702 # For the next RS sent the RA should be rate limited
704 self.send_and_assert_no_replies(self.pg0, pkts, "RA rate limited")
707 # When we reconfigure the IPv6 RA config,
708 # we reset the RA rate limiting,
709 # so we need to do this before each test below so as not to drop
710 # packets for rate limiting reasons. Test this works here.
712 self.pg0.ip6_ra_config(send_unicast=1)
713 self.send_and_expect_ra(self.pg0, pkts, "Rate limit reset RS")
716 # An RS sent from a non-link local source
718 self.pg0.ip6_ra_config(send_unicast=1)
719 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
720 IPv6(dst=self.pg0.local_ip6,
724 self.send_and_assert_no_replies(self.pg0, pkts,
725 "RS from non-link source")
728 # Source an RS from a link local address
730 self.pg0.ip6_ra_config(send_unicast=1)
731 ll = mk_ll_addr(self.pg0.remote_mac)
732 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
733 IPv6(dst=self.pg0.local_ip6, src=ll) /
736 self.send_and_expect_ra(self.pg0, pkts,
737 "RS sourced from link-local",
741 # Source an RS from a link local address
742 # Ensure suppress also applies to solicited RS
744 self.pg0.ip6_ra_config(send_unicast=1, suppress=1)
745 ll = mk_ll_addr(self.pg0.remote_mac)
746 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
747 IPv6(dst=self.pg0.local_ip6, src=ll) /
750 self.send_and_assert_no_replies(self.pg0, pkts,
751 "Suppressed RS from link-local")
754 # Send the RS multicast
756 self.pg0.ip6_ra_config(no=1, suppress=1) # Reset suppress flag to zero
757 self.pg0.ip6_ra_config(send_unicast=1)
758 dmac = in6_getnsmac(inet_pton(AF_INET6, "ff02::2"))
759 ll = mk_ll_addr(self.pg0.remote_mac)
760 p = (Ether(dst=dmac, src=self.pg0.remote_mac) /
761 IPv6(dst="ff02::2", src=ll) /
764 self.send_and_expect_ra(self.pg0, pkts,
765 "RS sourced from link-local",
769 # Source from the unspecified address ::. This happens when the RS
770 # is sent before the host has a configured address/sub-net,
771 # i.e. auto-config. Since the sender has no IP address, the reply
772 # comes back mcast - so the capture needs to not filter this.
773 # If we happen to pick up the periodic RA at this point then so be it,
776 self.pg0.ip6_ra_config(send_unicast=1)
777 p = (Ether(dst=dmac, src=self.pg0.remote_mac) /
778 IPv6(dst="ff02::2", src="::") /
781 self.send_and_expect_ra(self.pg0, pkts,
782 "RS sourced from unspecified",
787 # Configure The RA to announce the links prefix
789 self.pg0.ip6_ra_prefix('%s/%s' % (self.pg0.local_ip6,
790 self.pg0.local_ip6_prefix_len))
793 # RAs should now contain the prefix information option
795 opt = ICMPv6NDOptPrefixInfo(
796 prefixlen=self.pg0.local_ip6_prefix_len,
797 prefix=self.pg0.local_ip6,
801 self.pg0.ip6_ra_config(send_unicast=1)
802 ll = mk_ll_addr(self.pg0.remote_mac)
803 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
804 IPv6(dst=self.pg0.local_ip6, src=ll) /
806 self.send_and_expect_ra(self.pg0, p,
807 "RA with prefix-info",
812 # Change the prefix info to not off-link
815 self.pg0.ip6_ra_prefix('%s/%s' % (self.pg0.local_ip6,
816 self.pg0.local_ip6_prefix_len),
819 opt = ICMPv6NDOptPrefixInfo(
820 prefixlen=self.pg0.local_ip6_prefix_len,
821 prefix=self.pg0.local_ip6,
825 self.pg0.ip6_ra_config(send_unicast=1)
826 self.send_and_expect_ra(self.pg0, p,
827 "RA with Prefix info with L-flag=0",
832 # Change the prefix info to not off-link, no-autoconfig
833 # L and A flag are clear in the advert
835 self.pg0.ip6_ra_prefix('%s/%s' % (self.pg0.local_ip6,
836 self.pg0.local_ip6_prefix_len),
840 opt = ICMPv6NDOptPrefixInfo(
841 prefixlen=self.pg0.local_ip6_prefix_len,
842 prefix=self.pg0.local_ip6,
846 self.pg0.ip6_ra_config(send_unicast=1)
847 self.send_and_expect_ra(self.pg0, p,
848 "RA with Prefix info with A & L-flag=0",
853 # Change the flag settings back to the defaults
854 # L and A flag are set in the advert
856 self.pg0.ip6_ra_prefix('%s/%s' % (self.pg0.local_ip6,
857 self.pg0.local_ip6_prefix_len))
859 opt = ICMPv6NDOptPrefixInfo(
860 prefixlen=self.pg0.local_ip6_prefix_len,
861 prefix=self.pg0.local_ip6,
865 self.pg0.ip6_ra_config(send_unicast=1)
866 self.send_and_expect_ra(self.pg0, p,
867 "RA with Prefix info",
872 # Change the prefix info to not off-link, no-autoconfig
873 # L and A flag are clear in the advert
875 self.pg0.ip6_ra_prefix('%s/%s' % (self.pg0.local_ip6,
876 self.pg0.local_ip6_prefix_len),
880 opt = ICMPv6NDOptPrefixInfo(
881 prefixlen=self.pg0.local_ip6_prefix_len,
882 prefix=self.pg0.local_ip6,
886 self.pg0.ip6_ra_config(send_unicast=1)
887 self.send_and_expect_ra(self.pg0, p,
888 "RA with Prefix info with A & L-flag=0",
893 # Use the reset to defaults option to revert to defaults
894 # L and A flag are clear in the advert
896 self.pg0.ip6_ra_prefix('%s/%s' % (self.pg0.local_ip6,
897 self.pg0.local_ip6_prefix_len),
900 opt = ICMPv6NDOptPrefixInfo(
901 prefixlen=self.pg0.local_ip6_prefix_len,
902 prefix=self.pg0.local_ip6,
906 self.pg0.ip6_ra_config(send_unicast=1)
907 self.send_and_expect_ra(self.pg0, p,
908 "RA with Prefix reverted to defaults",
913 # Advertise Another prefix. With no L-flag/A-flag
915 self.pg0.ip6_ra_prefix('%s/%s' % (self.pg1.local_ip6,
916 self.pg1.local_ip6_prefix_len),
920 opt = [ICMPv6NDOptPrefixInfo(
921 prefixlen=self.pg0.local_ip6_prefix_len,
922 prefix=self.pg0.local_ip6,
925 ICMPv6NDOptPrefixInfo(
926 prefixlen=self.pg1.local_ip6_prefix_len,
927 prefix=self.pg1.local_ip6,
931 self.pg0.ip6_ra_config(send_unicast=1)
932 ll = mk_ll_addr(self.pg0.remote_mac)
933 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
934 IPv6(dst=self.pg0.local_ip6, src=ll) /
936 self.send_and_expect_ra(self.pg0, p,
937 "RA with multiple Prefix infos",
942 # Remove the first prefix-info - expect the second is still in the
945 self.pg0.ip6_ra_prefix('%s/%s' % (self.pg0.local_ip6,
946 self.pg0.local_ip6_prefix_len),
949 opt = ICMPv6NDOptPrefixInfo(
950 prefixlen=self.pg1.local_ip6_prefix_len,
951 prefix=self.pg1.local_ip6,
955 self.pg0.ip6_ra_config(send_unicast=1)
956 self.send_and_expect_ra(self.pg0, p,
957 "RA with Prefix reverted to defaults",
962 # Remove the second prefix-info - expect no prefix-info in the adverts
964 self.pg0.ip6_ra_prefix('%s/%s' % (self.pg1.local_ip6,
965 self.pg1.local_ip6_prefix_len),
969 # change the link's link local, so we know that works too.
971 self.vapi.sw_interface_ip6_set_link_local_address(
972 sw_if_index=self.pg0.sw_if_index,
975 self.pg0.ip6_ra_config(send_unicast=1)
976 self.send_and_expect_ra(self.pg0, p,
977 "RA with Prefix reverted to defaults",
982 # Reset the periodic advertisements back to default values
984 self.pg0.ip6_ra_config(suppress=1)
985 self.pg0.ip6_ra_config(no=1, send_unicast=1)
990 # test one MLD is sent after applying an IPv6 Address on an interface
992 self.pg_enable_capture(self.pg_interfaces)
995 subitf = VppDot1QSubint(self, self.pg1, 99)
1000 rxs = self.pg1._get_capture(timeout=4, filter_out_fn=None)
1003 # hunt for the MLD on vlan 99
1006 # make sure ipv6 packets with hop by hop options have
1008 self.assert_packet_checksums_valid(rx)
1009 if rx.haslayer(IPv6ExtHdrHopByHop) and \
1010 rx.haslayer(Dot1Q) and \
1011 rx[Dot1Q].vlan == 99:
1012 mld = rx[ICMPv6MLReport2]
1014 self.assertEqual(mld.records_number, 4)
1017 class TestIPv6RouteLookup(VppTestCase):
1018 """ IPv6 Route Lookup Test Case """
1021 def route_lookup(self, prefix, exact):
1022 return self.vapi.api(self.vapi.papi.ip_route_lookup,
1030 def setUpClass(cls):
1031 super(TestIPv6RouteLookup, cls).setUpClass()
1034 def tearDownClass(cls):
1035 super(TestIPv6RouteLookup, cls).tearDownClass()
1038 super(TestIPv6RouteLookup, self).setUp()
1040 drop_nh = VppRoutePath("::1", 0xffffffff,
1041 type=FibPathType.FIB_PATH_TYPE_DROP)
1044 r = VppIpRoute(self, "2001:1111::", 32, [drop_nh])
1046 self.routes.append(r)
1048 r = VppIpRoute(self, "2001:1111:2222::", 48, [drop_nh])
1050 self.routes.append(r)
1052 r = VppIpRoute(self, "2001:1111:2222::1", 128, [drop_nh])
1054 self.routes.append(r)
1057 # Remove the routes we added
1058 for r in self.routes:
1059 r.remove_vpp_config()
1061 super(TestIPv6RouteLookup, self).tearDown()
1063 def test_exact_match(self):
1064 # Verify we find the host route
1065 prefix = "2001:1111:2222::1/128"
1066 result = self.route_lookup(prefix, True)
1067 assert (prefix == str(result.route.prefix))
1069 # Verify we find a middle prefix route
1070 prefix = "2001:1111:2222::/48"
1071 result = self.route_lookup(prefix, True)
1072 assert (prefix == str(result.route.prefix))
1074 # Verify we do not find an available LPM.
1075 with self.vapi.assert_negative_api_retval():
1076 self.route_lookup("2001::2/128", True)
1078 def test_longest_prefix_match(self):
1079 # verify we find lpm
1080 lpm_prefix = "2001:1111:2222::/48"
1081 result = self.route_lookup("2001:1111:2222::2/128", False)
1082 assert (lpm_prefix == str(result.route.prefix))
1084 # Verify we find the exact when not requested
1085 result = self.route_lookup(lpm_prefix, False)
1086 assert (lpm_prefix == str(result.route.prefix))
1088 # Can't seem to delete the default route so no negative LPM test.
1091 class TestIPv6IfAddrRoute(VppTestCase):
1092 """ IPv6 Interface Addr Route Test Case """
1095 def setUpClass(cls):
1096 super(TestIPv6IfAddrRoute, cls).setUpClass()
1099 def tearDownClass(cls):
1100 super(TestIPv6IfAddrRoute, cls).tearDownClass()
1103 super(TestIPv6IfAddrRoute, self).setUp()
1105 # create 1 pg interface
1106 self.create_pg_interfaces(range(1))
1108 for i in self.pg_interfaces:
1114 super(TestIPv6IfAddrRoute, self).tearDown()
1115 for i in self.pg_interfaces:
1119 def test_ipv6_ifaddrs_same_prefix(self):
1120 """ IPv6 Interface Addresses Same Prefix test
1124 - Verify no route in FIB for prefix 2001:10::/64
1125 - Configure IPv4 address 2001:10::10/64 on an interface
1126 - Verify route in FIB for prefix 2001:10::/64
1127 - Configure IPv4 address 2001:10::20/64 on an interface
1128 - Delete 2001:10::10/64 from interface
1129 - Verify route in FIB for prefix 2001:10::/64
1130 - Delete 2001:10::20/64 from interface
1131 - Verify no route in FIB for prefix 2001:10::/64
1134 addr1 = "2001:10::10"
1135 addr2 = "2001:10::20"
1137 if_addr1 = VppIpInterfaceAddress(self, self.pg0, addr1, 64)
1138 if_addr2 = VppIpInterfaceAddress(self, self.pg0, addr2, 64)
1139 self.assertFalse(if_addr1.query_vpp_config())
1140 self.assertFalse(find_route(self, addr1, 128))
1141 self.assertFalse(find_route(self, addr2, 128))
1143 # configure first address, verify route present
1144 if_addr1.add_vpp_config()
1145 self.assertTrue(if_addr1.query_vpp_config())
1146 self.assertTrue(find_route(self, addr1, 128))
1147 self.assertFalse(find_route(self, addr2, 128))
1149 # configure second address, delete first, verify route not removed
1150 if_addr2.add_vpp_config()
1151 if_addr1.remove_vpp_config()
1152 self.assertFalse(if_addr1.query_vpp_config())
1153 self.assertTrue(if_addr2.query_vpp_config())
1154 self.assertFalse(find_route(self, addr1, 128))
1155 self.assertTrue(find_route(self, addr2, 128))
1157 # delete second address, verify route removed
1158 if_addr2.remove_vpp_config()
1159 self.assertFalse(if_addr1.query_vpp_config())
1160 self.assertFalse(find_route(self, addr1, 128))
1161 self.assertFalse(find_route(self, addr2, 128))
1163 def test_ipv6_ifaddr_del(self):
1164 """ Delete an interface address that does not exist """
1166 loopbacks = self.create_loopback_interfaces(1)
1167 lo = self.lo_interfaces[0]
1173 # try and remove pg0's subnet from lo
1175 with self.vapi.assert_negative_api_retval():
1176 self.vapi.sw_interface_add_del_address(
1177 sw_if_index=lo.sw_if_index,
1178 prefix=self.pg0.local_ip6_prefix,
1182 class TestICMPv6Echo(VppTestCase):
1183 """ ICMPv6 Echo Test Case """
1186 def setUpClass(cls):
1187 super(TestICMPv6Echo, cls).setUpClass()
1190 def tearDownClass(cls):
1191 super(TestICMPv6Echo, cls).tearDownClass()
1194 super(TestICMPv6Echo, self).setUp()
1196 # create 1 pg interface
1197 self.create_pg_interfaces(range(1))
1199 for i in self.pg_interfaces:
1202 i.resolve_ndp(link_layer=True)
1206 super(TestICMPv6Echo, self).tearDown()
1207 for i in self.pg_interfaces:
1211 def test_icmpv6_echo(self):
1212 """ VPP replies to ICMPv6 Echo Request
1216 - Receive ICMPv6 Echo Request message on pg0 interface.
1217 - Check outgoing ICMPv6 Echo Reply message on pg0 interface.
1220 # test both with global and local ipv6 addresses
1221 dsts = (self.pg0.local_ip6, self.pg0.local_ip6_ll)
1227 p.append((Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
1228 IPv6(src=self.pg0.remote_ip6, dst=dst) /
1229 ICMPv6EchoRequest(id=id, seq=seq, data=data)))
1231 self.pg0.add_stream(p)
1232 self.pg_enable_capture(self.pg_interfaces)
1234 rxs = self.pg0.get_capture(len(dsts))
1236 for rx, dst in zip(rxs, dsts):
1239 icmpv6 = rx[ICMPv6EchoReply]
1240 self.assertEqual(ether.src, self.pg0.local_mac)
1241 self.assertEqual(ether.dst, self.pg0.remote_mac)
1242 self.assertEqual(ipv6.src, dst)
1243 self.assertEqual(ipv6.dst, self.pg0.remote_ip6)
1244 self.assertEqual(icmp6types[icmpv6.type], "Echo Reply")
1245 self.assertEqual(icmpv6.id, id)
1246 self.assertEqual(icmpv6.seq, seq)
1247 self.assertEqual(icmpv6.data, data)
1250 class TestIPv6RD(TestIPv6ND):
1251 """ IPv6 Router Discovery Test Case """
1254 def setUpClass(cls):
1255 super(TestIPv6RD, cls).setUpClass()
1258 def tearDownClass(cls):
1259 super(TestIPv6RD, cls).tearDownClass()
1262 super(TestIPv6RD, self).setUp()
1264 # create 2 pg interfaces
1265 self.create_pg_interfaces(range(2))
1267 self.interfaces = list(self.pg_interfaces)
1269 # setup all interfaces
1270 for i in self.interfaces:
1275 for i in self.interfaces:
1278 super(TestIPv6RD, self).tearDown()
1280 def test_rd_send_router_solicitation(self):
1281 """ Verify router solicitation packets """
1284 self.pg_enable_capture(self.pg_interfaces)
1286 self.vapi.ip6nd_send_router_solicitation(self.pg1.sw_if_index,
1288 rx_list = self.pg1.get_capture(count, timeout=3)
1289 self.assertEqual(len(rx_list), count)
1290 for packet in rx_list:
1291 self.assertEqual(packet.haslayer(IPv6), 1)
1292 self.assertEqual(packet[IPv6].haslayer(
1294 dst = ip6_normalize(packet[IPv6].dst)
1295 dst2 = ip6_normalize("ff02::2")
1296 self.assert_equal(dst, dst2)
1297 src = ip6_normalize(packet[IPv6].src)
1298 src2 = ip6_normalize(self.pg1.local_ip6_ll)
1299 self.assert_equal(src, src2)
1301 bool(packet[ICMPv6ND_RS].haslayer(
1302 ICMPv6NDOptSrcLLAddr)))
1304 packet[ICMPv6NDOptSrcLLAddr].lladdr,
1307 def verify_prefix_info(self, reported_prefix, prefix_option):
1308 prefix = IPv6Network(
1309 text_type(prefix_option.getfieldval("prefix") +
1311 text_type(prefix_option.getfieldval("prefixlen"))),
1313 self.assert_equal(reported_prefix.prefix.network_address,
1314 prefix.network_address)
1315 L = prefix_option.getfieldval("L")
1316 A = prefix_option.getfieldval("A")
1317 option_flags = (L << 7) | (A << 6)
1318 self.assert_equal(reported_prefix.flags, option_flags)
1319 self.assert_equal(reported_prefix.valid_time,
1320 prefix_option.getfieldval("validlifetime"))
1321 self.assert_equal(reported_prefix.preferred_time,
1322 prefix_option.getfieldval("preferredlifetime"))
1324 def test_rd_receive_router_advertisement(self):
1325 """ Verify events triggered by received RA packets """
1327 self.vapi.want_ip6_ra_events(enable=1)
1329 prefix_info_1 = ICMPv6NDOptPrefixInfo(
1333 preferredlifetime=500,
1338 prefix_info_2 = ICMPv6NDOptPrefixInfo(
1342 preferredlifetime=1000,
1347 p = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
1348 IPv6(dst=self.pg1.local_ip6_ll,
1349 src=mk_ll_addr(self.pg1.remote_mac)) /
1353 self.pg1.add_stream([p])
1356 ev = self.vapi.wait_for_event(10, "ip6_ra_event")
1358 self.assert_equal(ev.current_hop_limit, 0)
1359 self.assert_equal(ev.flags, 8)
1360 self.assert_equal(ev.router_lifetime_in_sec, 1800)
1361 self.assert_equal(ev.neighbor_reachable_time_in_msec, 0)
1363 ev.time_in_msec_between_retransmitted_neighbor_solicitations, 0)
1365 self.assert_equal(ev.n_prefixes, 2)
1367 self.verify_prefix_info(ev.prefixes[0], prefix_info_1)
1368 self.verify_prefix_info(ev.prefixes[1], prefix_info_2)
1371 class TestIPv6RDControlPlane(TestIPv6ND):
1372 """ IPv6 Router Discovery Control Plane Test Case """
1375 def setUpClass(cls):
1376 super(TestIPv6RDControlPlane, cls).setUpClass()
1379 def tearDownClass(cls):
1380 super(TestIPv6RDControlPlane, cls).tearDownClass()
1383 super(TestIPv6RDControlPlane, self).setUp()
1385 # create 1 pg interface
1386 self.create_pg_interfaces(range(1))
1388 self.interfaces = list(self.pg_interfaces)
1390 # setup all interfaces
1391 for i in self.interfaces:
1396 super(TestIPv6RDControlPlane, self).tearDown()
1399 def create_ra_packet(pg, routerlifetime=None):
1400 src_ip = pg.remote_ip6_ll
1401 dst_ip = pg.local_ip6
1402 if routerlifetime is not None:
1403 ra = ICMPv6ND_RA(routerlifetime=routerlifetime)
1406 p = (Ether(dst=pg.local_mac, src=pg.remote_mac) /
1407 IPv6(dst=dst_ip, src=src_ip) / ra)
1411 def get_default_routes(fib):
1414 if entry.route.prefix.prefixlen == 0:
1415 for path in entry.route.paths:
1416 if path.sw_if_index != 0xFFFFFFFF:
1418 defaut_route['sw_if_index'] = path.sw_if_index
1419 defaut_route['next_hop'] = path.nh.address.ip6
1420 list.append(defaut_route)
1424 def get_interface_addresses(fib, pg):
1427 if entry.route.prefix.prefixlen == 128:
1428 path = entry.route.paths[0]
1429 if path.sw_if_index == pg.sw_if_index:
1430 list.append(str(entry.route.prefix.network_address))
1433 def wait_for_no_default_route(self, n_tries=50, s_time=1):
1435 fib = self.vapi.ip_route_dump(0, True)
1436 default_routes = self.get_default_routes(fib)
1437 if 0 == len(default_routes):
1439 n_tries = n_tries - 1
1445 """ Test handling of SLAAC addresses and default routes """
1447 fib = self.vapi.ip_route_dump(0, True)
1448 default_routes = self.get_default_routes(fib)
1449 initial_addresses = set(self.get_interface_addresses(fib, self.pg0))
1450 self.assertEqual(default_routes, [])
1451 router_address = IPv6Address(text_type(self.pg0.remote_ip6_ll))
1453 self.vapi.ip6_nd_address_autoconfig(self.pg0.sw_if_index, 1, 1)
1458 packet = (self.create_ra_packet(
1459 self.pg0) / ICMPv6NDOptPrefixInfo(
1463 preferredlifetime=2,
1466 ) / ICMPv6NDOptPrefixInfo(
1470 preferredlifetime=1000,
1474 self.pg0.add_stream([packet])
1477 self.sleep_on_vpp_time(0.1)
1479 fib = self.vapi.ip_route_dump(0, True)
1481 # check FIB for new address
1482 addresses = set(self.get_interface_addresses(fib, self.pg0))
1483 new_addresses = addresses.difference(initial_addresses)
1484 self.assertEqual(len(new_addresses), 1)
1485 prefix = IPv6Network(text_type("%s/%d" % (list(new_addresses)[0], 20)),
1487 self.assertEqual(prefix, IPv6Network(text_type('1::/20')))
1489 # check FIB for new default route
1490 default_routes = self.get_default_routes(fib)
1491 self.assertEqual(len(default_routes), 1)
1492 dr = default_routes[0]
1493 self.assertEqual(dr['sw_if_index'], self.pg0.sw_if_index)
1494 self.assertEqual(dr['next_hop'], router_address)
1496 # send RA to delete default route
1497 packet = self.create_ra_packet(self.pg0, routerlifetime=0)
1498 self.pg0.add_stream([packet])
1501 self.sleep_on_vpp_time(0.1)
1503 # check that default route is deleted
1504 fib = self.vapi.ip_route_dump(0, True)
1505 default_routes = self.get_default_routes(fib)
1506 self.assertEqual(len(default_routes), 0)
1508 self.sleep_on_vpp_time(0.1)
1511 packet = self.create_ra_packet(self.pg0)
1512 self.pg0.add_stream([packet])
1515 self.sleep_on_vpp_time(0.1)
1517 # check FIB for new default route
1518 fib = self.vapi.ip_route_dump(0, True)
1519 default_routes = self.get_default_routes(fib)
1520 self.assertEqual(len(default_routes), 1)
1521 dr = default_routes[0]
1522 self.assertEqual(dr['sw_if_index'], self.pg0.sw_if_index)
1523 self.assertEqual(dr['next_hop'], router_address)
1525 # send RA, updating router lifetime to 1s
1526 packet = self.create_ra_packet(self.pg0, 1)
1527 self.pg0.add_stream([packet])
1530 self.sleep_on_vpp_time(0.1)
1532 # check that default route still exists
1533 fib = self.vapi.ip_route_dump(0, True)
1534 default_routes = self.get_default_routes(fib)
1535 self.assertEqual(len(default_routes), 1)
1536 dr = default_routes[0]
1537 self.assertEqual(dr['sw_if_index'], self.pg0.sw_if_index)
1538 self.assertEqual(dr['next_hop'], router_address)
1540 self.sleep_on_vpp_time(1)
1542 # check that default route is deleted
1543 self.assertTrue(self.wait_for_no_default_route())
1545 # check FIB still contains the SLAAC address
1546 addresses = set(self.get_interface_addresses(fib, self.pg0))
1547 new_addresses = addresses.difference(initial_addresses)
1549 self.assertEqual(len(new_addresses), 1)
1550 prefix = IPv6Network(text_type("%s/%d" % (list(new_addresses)[0], 20)),
1552 self.assertEqual(prefix, IPv6Network(text_type('1::/20')))
1554 self.sleep_on_vpp_time(1)
1556 # check that SLAAC address is deleted
1557 fib = self.vapi.ip_route_dump(0, True)
1558 addresses = set(self.get_interface_addresses(fib, self.pg0))
1559 new_addresses = addresses.difference(initial_addresses)
1560 self.assertEqual(len(new_addresses), 0)
1563 class IPv6NDProxyTest(TestIPv6ND):
1564 """ IPv6 ND ProxyTest Case """
1567 def setUpClass(cls):
1568 super(IPv6NDProxyTest, cls).setUpClass()
1571 def tearDownClass(cls):
1572 super(IPv6NDProxyTest, cls).tearDownClass()
1575 super(IPv6NDProxyTest, self).setUp()
1577 # create 3 pg interfaces
1578 self.create_pg_interfaces(range(3))
1580 # pg0 is the master interface, with the configured subnet
1582 self.pg0.config_ip6()
1583 self.pg0.resolve_ndp()
1585 self.pg1.ip6_enable()
1586 self.pg2.ip6_enable()
1589 super(IPv6NDProxyTest, self).tearDown()
1591 def test_nd_proxy(self):
1592 """ IPv6 Proxy ND """
1595 # Generate some hosts in the subnet that we are proxying
1597 self.pg0.generate_remote_hosts(8)
1599 nsma = in6_getnsma(inet_pton(AF_INET6, self.pg0.local_ip6))
1600 d = inet_ntop(AF_INET6, nsma)
1603 # Send an NS for one of those remote hosts on one of the proxy links
1604 # expect no response since it's from an address that is not
1605 # on the link that has the prefix configured
1607 ns_pg1 = (Ether(dst=in6_getnsmac(nsma), src=self.pg1.remote_mac) /
1609 src=self.pg0._remote_hosts[2].ip6) /
1610 ICMPv6ND_NS(tgt=self.pg0.local_ip6) /
1611 ICMPv6NDOptSrcLLAddr(
1612 lladdr=self.pg0._remote_hosts[2].mac))
1614 self.send_and_assert_no_replies(self.pg1, ns_pg1, "Off link NS")
1617 # Add proxy support for the host
1619 self.vapi.ip6nd_proxy_add_del(
1620 is_add=1, ip=inet_pton(AF_INET6, self.pg0._remote_hosts[2].ip6),
1621 sw_if_index=self.pg1.sw_if_index)
1624 # try that NS again. this time we expect an NA back
1626 self.send_and_expect_na(self.pg1, ns_pg1,
1627 "NS to proxy entry",
1628 dst_ip=self.pg0._remote_hosts[2].ip6,
1629 tgt_ip=self.pg0.local_ip6)
1632 # ... and that we have an entry in the ND cache
1634 self.assertTrue(find_nbr(self,
1635 self.pg1.sw_if_index,
1636 self.pg0._remote_hosts[2].ip6))
1639 # ... and we can route traffic to it
1641 t = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
1642 IPv6(dst=self.pg0._remote_hosts[2].ip6,
1643 src=self.pg0.remote_ip6) /
1644 inet6.UDP(sport=10000, dport=20000) /
1647 self.pg0.add_stream(t)
1648 self.pg_enable_capture(self.pg_interfaces)
1650 rx = self.pg1.get_capture(1)
1653 self.assertEqual(rx[Ether].dst, self.pg0._remote_hosts[2].mac)
1654 self.assertEqual(rx[Ether].src, self.pg1.local_mac)
1656 self.assertEqual(rx[IPv6].src,
1658 self.assertEqual(rx[IPv6].dst,
1662 # Test we proxy for the host on the main interface
1664 ns_pg0 = (Ether(dst=in6_getnsmac(nsma), src=self.pg0.remote_mac) /
1665 IPv6(dst=d, src=self.pg0.remote_ip6) /
1667 tgt=self.pg0._remote_hosts[2].ip6) /
1668 ICMPv6NDOptSrcLLAddr(
1669 lladdr=self.pg0.remote_mac))
1671 self.send_and_expect_na(self.pg0, ns_pg0,
1672 "NS to proxy entry on main",
1673 tgt_ip=self.pg0._remote_hosts[2].ip6,
1674 dst_ip=self.pg0.remote_ip6)
1677 # Setup and resolve proxy for another host on another interface
1679 ns_pg2 = (Ether(dst=in6_getnsmac(nsma), src=self.pg2.remote_mac) /
1681 src=self.pg0._remote_hosts[3].ip6) /
1682 ICMPv6ND_NS(tgt=self.pg0.local_ip6) /
1683 ICMPv6NDOptSrcLLAddr(
1684 lladdr=self.pg0._remote_hosts[2].mac))
1686 self.vapi.ip6nd_proxy_add_del(
1687 is_add=1, ip=inet_pton(AF_INET6, self.pg0._remote_hosts[3].ip6),
1688 sw_if_index=self.pg2.sw_if_index)
1690 self.send_and_expect_na(self.pg2, ns_pg2,
1691 "NS to proxy entry other interface",
1692 dst_ip=self.pg0._remote_hosts[3].ip6,
1693 tgt_ip=self.pg0.local_ip6)
1695 self.assertTrue(find_nbr(self,
1696 self.pg2.sw_if_index,
1697 self.pg0._remote_hosts[3].ip6))
1700 # hosts can communicate. pg2->pg1
1702 t2 = (Ether(dst=self.pg2.local_mac,
1703 src=self.pg0.remote_hosts[3].mac) /
1704 IPv6(dst=self.pg0._remote_hosts[2].ip6,
1705 src=self.pg0._remote_hosts[3].ip6) /
1706 inet6.UDP(sport=10000, dport=20000) /
1709 self.pg2.add_stream(t2)
1710 self.pg_enable_capture(self.pg_interfaces)
1712 rx = self.pg1.get_capture(1)
1715 self.assertEqual(rx[Ether].dst, self.pg0._remote_hosts[2].mac)
1716 self.assertEqual(rx[Ether].src, self.pg1.local_mac)
1718 self.assertEqual(rx[IPv6].src,
1720 self.assertEqual(rx[IPv6].dst,
1724 # remove the proxy configs
1726 self.vapi.ip6nd_proxy_add_del(
1727 ip=inet_pton(AF_INET6, self.pg0._remote_hosts[2].ip6),
1728 sw_if_index=self.pg1.sw_if_index, is_add=0)
1729 self.vapi.ip6nd_proxy_add_del(
1730 ip=inet_pton(AF_INET6, self.pg0._remote_hosts[3].ip6),
1731 sw_if_index=self.pg2.sw_if_index, is_add=0)
1733 self.assertFalse(find_nbr(self,
1734 self.pg2.sw_if_index,
1735 self.pg0._remote_hosts[3].ip6))
1736 self.assertFalse(find_nbr(self,
1737 self.pg1.sw_if_index,
1738 self.pg0._remote_hosts[2].ip6))
1741 # no longer proxy-ing...
1743 self.send_and_assert_no_replies(self.pg0, ns_pg0, "Proxy unconfigured")
1744 self.send_and_assert_no_replies(self.pg1, ns_pg1, "Proxy unconfigured")
1745 self.send_and_assert_no_replies(self.pg2, ns_pg2, "Proxy unconfigured")
1748 # no longer forwarding. traffic generates NS out of the glean/main
1751 self.pg2.add_stream(t2)
1752 self.pg_enable_capture(self.pg_interfaces)
1755 rx = self.pg0.get_capture(1)
1757 self.assertTrue(rx[0].haslayer(ICMPv6ND_NS))
1760 class TestIP6Null(VppTestCase):
1761 """ IPv6 routes via NULL """
1764 def setUpClass(cls):
1765 super(TestIP6Null, cls).setUpClass()
1768 def tearDownClass(cls):
1769 super(TestIP6Null, cls).tearDownClass()
1772 super(TestIP6Null, self).setUp()
1774 # create 2 pg interfaces
1775 self.create_pg_interfaces(range(1))
1777 for i in self.pg_interfaces:
1783 super(TestIP6Null, self).tearDown()
1784 for i in self.pg_interfaces:
1788 def test_ip_null(self):
1789 """ IP NULL route """
1791 p = (Ether(src=self.pg0.remote_mac,
1792 dst=self.pg0.local_mac) /
1793 IPv6(src=self.pg0.remote_ip6, dst="2001::1") /
1794 inet6.UDP(sport=1234, dport=1234) /
1798 # A route via IP NULL that will reply with ICMP unreachables
1800 ip_unreach = VppIpRoute(
1802 [VppRoutePath("::", 0xffffffff,
1803 type=FibPathType.FIB_PATH_TYPE_ICMP_UNREACH)])
1804 ip_unreach.add_vpp_config()
1806 self.pg0.add_stream(p)
1807 self.pg_enable_capture(self.pg_interfaces)
1810 rx = self.pg0.get_capture(1)
1812 icmp = rx[ICMPv6DestUnreach]
1814 # 0 = "No route to destination"
1815 self.assertEqual(icmp.code, 0)
1817 # ICMP is rate limited. pause a bit
1821 # A route via IP NULL that will reply with ICMP prohibited
1823 ip_prohibit = VppIpRoute(
1824 self, "2001::1", 128,
1825 [VppRoutePath("::", 0xffffffff,
1826 type=FibPathType.FIB_PATH_TYPE_ICMP_PROHIBIT)])
1827 ip_prohibit.add_vpp_config()
1829 self.pg0.add_stream(p)
1830 self.pg_enable_capture(self.pg_interfaces)
1833 rx = self.pg0.get_capture(1)
1835 icmp = rx[ICMPv6DestUnreach]
1837 # 1 = "Communication with destination administratively prohibited"
1838 self.assertEqual(icmp.code, 1)
1841 class TestIP6Disabled(VppTestCase):
1842 """ IPv6 disabled """
1845 def setUpClass(cls):
1846 super(TestIP6Disabled, cls).setUpClass()
1849 def tearDownClass(cls):
1850 super(TestIP6Disabled, cls).tearDownClass()
1853 super(TestIP6Disabled, self).setUp()
1855 # create 2 pg interfaces
1856 self.create_pg_interfaces(range(2))
1860 self.pg0.config_ip6()
1861 self.pg0.resolve_ndp()
1863 # PG 1 is not IP enabled
1867 super(TestIP6Disabled, self).tearDown()
1868 for i in self.pg_interfaces:
1872 def test_ip_disabled(self):
1875 MRouteItfFlags = VppEnum.vl_api_mfib_itf_flags_t
1876 MRouteEntryFlags = VppEnum.vl_api_mfib_entry_flags_t
1879 # one accepting interface, pg0, 2 forwarding interfaces
1881 route_ff_01 = VppIpMRoute(
1885 MRouteEntryFlags.MFIB_API_ENTRY_FLAG_NONE,
1886 [VppMRoutePath(self.pg1.sw_if_index,
1887 MRouteItfFlags.MFIB_API_ITF_FLAG_ACCEPT),
1888 VppMRoutePath(self.pg0.sw_if_index,
1889 MRouteItfFlags.MFIB_API_ITF_FLAG_FORWARD)])
1890 route_ff_01.add_vpp_config()
1892 pu = (Ether(src=self.pg1.remote_mac,
1893 dst=self.pg1.local_mac) /
1894 IPv6(src="2001::1", dst=self.pg0.remote_ip6) /
1895 inet6.UDP(sport=1234, dport=1234) /
1897 pm = (Ether(src=self.pg1.remote_mac,
1898 dst=self.pg1.local_mac) /
1899 IPv6(src="2001::1", dst="ffef::1") /
1900 inet6.UDP(sport=1234, dport=1234) /
1904 # PG1 does not forward IP traffic
1906 self.send_and_assert_no_replies(self.pg1, pu, "IPv6 disabled")
1907 self.send_and_assert_no_replies(self.pg1, pm, "IPv6 disabled")
1912 self.pg1.config_ip6()
1915 # Now we get packets through
1917 self.pg1.add_stream(pu)
1918 self.pg_enable_capture(self.pg_interfaces)
1920 rx = self.pg0.get_capture(1)
1922 self.pg1.add_stream(pm)
1923 self.pg_enable_capture(self.pg_interfaces)
1925 rx = self.pg0.get_capture(1)
1930 self.pg1.unconfig_ip6()
1933 # PG1 does not forward IP traffic
1935 self.send_and_assert_no_replies(self.pg1, pu, "IPv6 disabled")
1936 self.send_and_assert_no_replies(self.pg1, pm, "IPv6 disabled")
1939 class TestIP6LoadBalance(VppTestCase):
1940 """ IPv6 Load-Balancing """
1943 def setUpClass(cls):
1944 super(TestIP6LoadBalance, cls).setUpClass()
1947 def tearDownClass(cls):
1948 super(TestIP6LoadBalance, cls).tearDownClass()
1951 super(TestIP6LoadBalance, self).setUp()
1953 self.create_pg_interfaces(range(5))
1955 mpls_tbl = VppMplsTable(self, 0)
1956 mpls_tbl.add_vpp_config()
1958 for i in self.pg_interfaces:
1965 for i in self.pg_interfaces:
1969 super(TestIP6LoadBalance, self).tearDown()
1971 def test_ip6_load_balance(self):
1972 """ IPv6 Load-Balancing """
1975 # An array of packets that differ only in the destination port
1979 # - MPLS non-EOS with an entropy label
1983 port_mpls_neos_pkts = []
1987 # An array of packets that differ only in the source address
1992 for ii in range(NUM_PKTS):
1994 IPv6(dst="3000::1", src="3000:1::1") /
1995 inet6.UDP(sport=1234, dport=1234 + ii) /
1997 port_ip_pkts.append((Ether(src=self.pg0.remote_mac,
1998 dst=self.pg0.local_mac) /
2000 port_mpls_pkts.append((Ether(src=self.pg0.remote_mac,
2001 dst=self.pg0.local_mac) /
2002 MPLS(label=66, ttl=2) /
2004 port_mpls_neos_pkts.append((Ether(src=self.pg0.remote_mac,
2005 dst=self.pg0.local_mac) /
2006 MPLS(label=67, ttl=2) /
2007 MPLS(label=77, ttl=2) /
2009 port_ent_pkts.append((Ether(src=self.pg0.remote_mac,
2010 dst=self.pg0.local_mac) /
2011 MPLS(label=67, ttl=2) /
2012 MPLS(label=14, ttl=2) /
2013 MPLS(label=999, ttl=2) /
2016 IPv6(dst="3000::1", src="3000:1::%d" % ii) /
2017 inet6.UDP(sport=1234, dport=1234) /
2019 src_ip_pkts.append((Ether(src=self.pg0.remote_mac,
2020 dst=self.pg0.local_mac) /
2022 src_mpls_pkts.append((Ether(src=self.pg0.remote_mac,
2023 dst=self.pg0.local_mac) /
2024 MPLS(label=66, ttl=2) /
2028 # A route for the IP packets
2030 route_3000_1 = VppIpRoute(self, "3000::1", 128,
2031 [VppRoutePath(self.pg1.remote_ip6,
2032 self.pg1.sw_if_index),
2033 VppRoutePath(self.pg2.remote_ip6,
2034 self.pg2.sw_if_index)])
2035 route_3000_1.add_vpp_config()
2038 # a local-label for the EOS packets
2040 binding = VppMplsIpBind(self, 66, "3000::1", 128, is_ip6=1)
2041 binding.add_vpp_config()
2044 # An MPLS route for the non-EOS packets
2046 route_67 = VppMplsRoute(self, 67, 0,
2047 [VppRoutePath(self.pg1.remote_ip6,
2048 self.pg1.sw_if_index,
2050 VppRoutePath(self.pg2.remote_ip6,
2051 self.pg2.sw_if_index,
2053 route_67.add_vpp_config()
2056 # inject the packet on pg0 - expect load-balancing across the 2 paths
2057 # - since the default hash config is to use IP src,dst and port
2059 # We are not going to ensure equal amounts of packets across each link,
2060 # since the hash algorithm is statistical and therefore this can never
2061 # be guaranteed. But with 64 different packets we do expect some
2062 # balancing. So instead just ensure there is traffic on each link.
2064 rx = self.send_and_expect_load_balancing(self.pg0, port_ip_pkts,
2065 [self.pg1, self.pg2])
2066 n_ip_pg0 = len(rx[0])
2067 self.send_and_expect_load_balancing(self.pg0, src_ip_pkts,
2068 [self.pg1, self.pg2])
2069 self.send_and_expect_load_balancing(self.pg0, port_mpls_pkts,
2070 [self.pg1, self.pg2])
2071 self.send_and_expect_load_balancing(self.pg0, src_mpls_pkts,
2072 [self.pg1, self.pg2])
2073 rx = self.send_and_expect_load_balancing(self.pg0, port_mpls_neos_pkts,
2074 [self.pg1, self.pg2])
2075 n_mpls_pg0 = len(rx[0])
2078 # change the router ID and expect the distribution changes
2080 self.vapi.set_ip_flow_hash_router_id(router_id=0x11111111)
2082 rx = self.send_and_expect_load_balancing(self.pg0, port_ip_pkts,
2083 [self.pg1, self.pg2])
2084 self.assertNotEqual(n_ip_pg0, len(rx[0]))
2086 rx = self.send_and_expect_load_balancing(self.pg0, src_mpls_pkts,
2087 [self.pg1, self.pg2])
2088 self.assertNotEqual(n_mpls_pg0, len(rx[0]))
2091 # The packets with Entropy label in should not load-balance,
2092 # since the Entropy value is fixed.
2094 self.send_and_expect_only(self.pg0, port_ent_pkts, self.pg1)
2097 # change the flow hash config so it's only IP src,dst
2098 # - now only the stream with differing source address will
2101 self.vapi.set_ip_flow_hash(vrf_id=0, src=1, dst=1, proto=1,
2102 sport=0, dport=0, is_ipv6=1)
2104 self.send_and_expect_load_balancing(self.pg0, src_ip_pkts,
2105 [self.pg1, self.pg2])
2106 self.send_and_expect_load_balancing(self.pg0, src_mpls_pkts,
2107 [self.pg1, self.pg2])
2108 self.send_and_expect_only(self.pg0, port_ip_pkts, self.pg2)
2111 # change the flow hash config back to defaults
2113 self.vapi.set_ip_flow_hash(vrf_id=0, src=1, dst=1, sport=1, dport=1,
2117 # Recursive prefixes
2118 # - testing that 2 stages of load-balancing occurs and there is no
2119 # polarisation (i.e. only 2 of 4 paths are used)
2124 for ii in range(257):
2125 port_pkts.append((Ether(src=self.pg0.remote_mac,
2126 dst=self.pg0.local_mac) /
2129 inet6.UDP(sport=1234,
2131 Raw(b'\xa5' * 100)))
2132 src_pkts.append((Ether(src=self.pg0.remote_mac,
2133 dst=self.pg0.local_mac) /
2135 src="4000:1::%d" % ii) /
2136 inet6.UDP(sport=1234, dport=1234) /
2137 Raw(b'\xa5' * 100)))
2139 route_3000_2 = VppIpRoute(self, "3000::2", 128,
2140 [VppRoutePath(self.pg3.remote_ip6,
2141 self.pg3.sw_if_index),
2142 VppRoutePath(self.pg4.remote_ip6,
2143 self.pg4.sw_if_index)])
2144 route_3000_2.add_vpp_config()
2146 route_4000_1 = VppIpRoute(self, "4000::1", 128,
2147 [VppRoutePath("3000::1",
2149 VppRoutePath("3000::2",
2151 route_4000_1.add_vpp_config()
2154 # inject the packet on pg0 - expect load-balancing across all 4 paths
2156 self.vapi.cli("clear trace")
2157 self.send_and_expect_load_balancing(self.pg0, port_pkts,
2158 [self.pg1, self.pg2,
2159 self.pg3, self.pg4])
2160 self.send_and_expect_load_balancing(self.pg0, src_pkts,
2161 [self.pg1, self.pg2,
2162 self.pg3, self.pg4])
2165 # Recursive prefixes
2166 # - testing that 2 stages of load-balancing no choices
2170 for ii in range(257):
2171 port_pkts.append((Ether(src=self.pg0.remote_mac,
2172 dst=self.pg0.local_mac) /
2175 inet6.UDP(sport=1234,
2177 Raw(b'\xa5' * 100)))
2179 route_5000_2 = VppIpRoute(self, "5000::2", 128,
2180 [VppRoutePath(self.pg3.remote_ip6,
2181 self.pg3.sw_if_index)])
2182 route_5000_2.add_vpp_config()
2184 route_6000_1 = VppIpRoute(self, "6000::1", 128,
2185 [VppRoutePath("5000::2",
2187 route_6000_1.add_vpp_config()
2190 # inject the packet on pg0 - expect load-balancing across all 4 paths
2192 self.vapi.cli("clear trace")
2193 self.send_and_expect_only(self.pg0, port_pkts, self.pg3)
2196 class IP6PuntSetup(object):
2197 """ Setup for IPv6 Punt Police/Redirect """
2199 def punt_setup(self):
2200 self.create_pg_interfaces(range(4))
2202 for i in self.pg_interfaces:
2207 self.pkt = (Ether(src=self.pg0.remote_mac,
2208 dst=self.pg0.local_mac) /
2209 IPv6(src=self.pg0.remote_ip6,
2210 dst=self.pg0.local_ip6) /
2211 inet6.TCP(sport=1234, dport=1234) /
2214 def punt_teardown(self):
2215 for i in self.pg_interfaces:
2220 class TestIP6Punt(IP6PuntSetup, VppTestCase):
2221 """ IPv6 Punt Police/Redirect """
2224 super(TestIP6Punt, self).setUp()
2225 super(TestIP6Punt, self).punt_setup()
2228 super(TestIP6Punt, self).punt_teardown()
2229 super(TestIP6Punt, self).tearDown()
2231 def test_ip_punt(self):
2232 """ IP6 punt police and redirect """
2234 pkts = self.pkt * 1025
2237 # Configure a punt redirect via pg1.
2239 nh_addr = self.pg1.remote_ip6
2240 ip_punt_redirect = VppIpPuntRedirect(self, self.pg0.sw_if_index,
2241 self.pg1.sw_if_index, nh_addr)
2242 ip_punt_redirect.add_vpp_config()
2244 self.send_and_expect(self.pg0, pkts, self.pg1)
2249 policer = VppPolicer(self, "ip6-punt", 400, 0, 10, 0, rate_type=1)
2250 policer.add_vpp_config()
2251 ip_punt_policer = VppIpPuntPolicer(self, policer.policer_index,
2253 ip_punt_policer.add_vpp_config()
2255 self.vapi.cli("clear trace")
2256 self.pg0.add_stream(pkts)
2257 self.pg_enable_capture(self.pg_interfaces)
2261 # the number of packet received should be greater than 0,
2262 # but not equal to the number sent, since some were policed
2264 rx = self.pg1._get_capture(1)
2265 stats = policer.get_stats()
2267 # Single rate policer - expect conform, violate but no exceed
2268 self.assertGreater(stats['conform_packets'], 0)
2269 self.assertEqual(stats['exceed_packets'], 0)
2270 self.assertGreater(stats['violate_packets'], 0)
2272 self.assertGreater(len(rx), 0)
2273 self.assertLess(len(rx), len(pkts))
2276 # remove the policer. back to full rx
2278 ip_punt_policer.remove_vpp_config()
2279 policer.remove_vpp_config()
2280 self.send_and_expect(self.pg0, pkts, self.pg1)
2283 # remove the redirect. expect full drop.
2285 ip_punt_redirect.remove_vpp_config()
2286 self.send_and_assert_no_replies(self.pg0, pkts,
2287 "IP no punt config")
2290 # Add a redirect that is not input port selective
2292 ip_punt_redirect = VppIpPuntRedirect(self, 0xffffffff,
2293 self.pg1.sw_if_index, nh_addr)
2294 ip_punt_redirect.add_vpp_config()
2295 self.send_and_expect(self.pg0, pkts, self.pg1)
2296 ip_punt_redirect.remove_vpp_config()
2298 def test_ip_punt_dump(self):
2299 """ IP6 punt redirect dump"""
2302 # Configure a punt redirects
2304 nh_address = self.pg3.remote_ip6
2305 ipr_03 = VppIpPuntRedirect(self, self.pg0.sw_if_index,
2306 self.pg3.sw_if_index, nh_address)
2307 ipr_13 = VppIpPuntRedirect(self, self.pg1.sw_if_index,
2308 self.pg3.sw_if_index, nh_address)
2309 ipr_23 = VppIpPuntRedirect(self, self.pg2.sw_if_index,
2310 self.pg3.sw_if_index, '0::0')
2311 ipr_03.add_vpp_config()
2312 ipr_13.add_vpp_config()
2313 ipr_23.add_vpp_config()
2316 # Dump pg0 punt redirects
2318 self.assertTrue(ipr_03.query_vpp_config())
2319 self.assertTrue(ipr_13.query_vpp_config())
2320 self.assertTrue(ipr_23.query_vpp_config())
2323 # Dump punt redirects for all interfaces
2325 punts = self.vapi.ip_punt_redirect_dump(0xffffffff, is_ipv6=1)
2326 self.assertEqual(len(punts), 3)
2328 self.assertEqual(p.punt.tx_sw_if_index, self.pg3.sw_if_index)
2329 self.assertNotEqual(punts[1].punt.nh, self.pg3.remote_ip6)
2330 self.assertEqual(str(punts[2].punt.nh), '::')
2333 class TestIP6PuntHandoff(IP6PuntSetup, VppTestCase):
2334 """ IPv6 Punt Police/Redirect """
2335 vpp_worker_count = 2
2338 super(TestIP6PuntHandoff, self).setUp()
2339 super(TestIP6PuntHandoff, self).punt_setup()
2342 super(TestIP6PuntHandoff, self).punt_teardown()
2343 super(TestIP6PuntHandoff, self).tearDown()
2345 def test_ip_punt(self):
2346 """ IP6 punt policer thread handoff """
2347 pkts = self.pkt * NUM_PKTS
2350 # Configure a punt redirect via pg1.
2352 nh_addr = self.pg1.remote_ip6
2353 ip_punt_redirect = VppIpPuntRedirect(self, self.pg0.sw_if_index,
2354 self.pg1.sw_if_index, nh_addr)
2355 ip_punt_redirect.add_vpp_config()
2357 action_tx = PolicerAction(
2358 VppEnum.vl_api_sse2_qos_action_type_t.SSE2_QOS_ACTION_API_TRANSMIT,
2361 # This policer drops no packets, we are just
2362 # testing that they get to the right thread.
2364 policer = VppPolicer(self, "ip6-punt", 400, 0, 10, 0, 1,
2365 0, 0, False, action_tx, action_tx, action_tx)
2366 policer.add_vpp_config()
2367 ip_punt_policer = VppIpPuntPolicer(self, policer.policer_index,
2369 ip_punt_policer.add_vpp_config()
2371 for worker in [0, 1]:
2372 self.send_and_expect(self.pg0, pkts, self.pg1, worker=worker)
2374 self.logger.debug(self.vapi.cli("show trace max 100"))
2376 # Combined stats, all threads
2377 stats = policer.get_stats()
2379 # Single rate policer - expect conform, violate but no exceed
2380 self.assertGreater(stats['conform_packets'], 0)
2381 self.assertEqual(stats['exceed_packets'], 0)
2382 self.assertGreater(stats['violate_packets'], 0)
2384 # Worker 0, should have done all the policing
2385 stats0 = policer.get_stats(worker=0)
2386 self.assertEqual(stats, stats0)
2388 # Worker 1, should have handed everything off
2389 stats1 = policer.get_stats(worker=1)
2390 self.assertEqual(stats1['conform_packets'], 0)
2391 self.assertEqual(stats1['exceed_packets'], 0)
2392 self.assertEqual(stats1['violate_packets'], 0)
2394 # Bind the policer to worker 1 and repeat
2395 policer.bind_vpp_config(1, True)
2396 for worker in [0, 1]:
2397 self.send_and_expect(self.pg0, pkts, self.pg1, worker=worker)
2398 self.logger.debug(self.vapi.cli("show trace max 100"))
2400 # The 2 workers should now have policed the same amount
2401 stats = policer.get_stats()
2402 stats0 = policer.get_stats(worker=0)
2403 stats1 = policer.get_stats(worker=1)
2405 self.assertGreater(stats0['conform_packets'], 0)
2406 self.assertEqual(stats0['exceed_packets'], 0)
2407 self.assertGreater(stats0['violate_packets'], 0)
2409 self.assertGreater(stats1['conform_packets'], 0)
2410 self.assertEqual(stats1['exceed_packets'], 0)
2411 self.assertGreater(stats1['violate_packets'], 0)
2413 self.assertEqual(stats0['conform_packets'] + stats1['conform_packets'],
2414 stats['conform_packets'])
2416 self.assertEqual(stats0['violate_packets'] + stats1['violate_packets'],
2417 stats['violate_packets'])
2419 # Unbind the policer and repeat
2420 policer.bind_vpp_config(1, False)
2421 for worker in [0, 1]:
2422 self.send_and_expect(self.pg0, pkts, self.pg1, worker=worker)
2423 self.logger.debug(self.vapi.cli("show trace max 100"))
2425 # The policer should auto-bind to worker 0 when packets arrive
2426 stats = policer.get_stats()
2427 stats0new = policer.get_stats(worker=0)
2428 stats1new = policer.get_stats(worker=1)
2430 self.assertGreater(stats0new['conform_packets'],
2431 stats0['conform_packets'])
2432 self.assertEqual(stats0new['exceed_packets'], 0)
2433 self.assertGreater(stats0new['violate_packets'],
2434 stats0['violate_packets'])
2436 self.assertEqual(stats1, stats1new)
2441 ip_punt_policer.remove_vpp_config()
2442 policer.remove_vpp_config()
2443 ip_punt_redirect.remove_vpp_config()
2446 class TestIP6Deag(VppTestCase):
2447 """ IPv6 Deaggregate Routes """
2450 def setUpClass(cls):
2451 super(TestIP6Deag, cls).setUpClass()
2454 def tearDownClass(cls):
2455 super(TestIP6Deag, cls).tearDownClass()
2458 super(TestIP6Deag, self).setUp()
2460 self.create_pg_interfaces(range(3))
2462 for i in self.pg_interfaces:
2468 super(TestIP6Deag, self).tearDown()
2469 for i in self.pg_interfaces:
2473 def test_ip_deag(self):
2474 """ IP Deag Routes """
2477 # Create a table to be used for:
2478 # 1 - another destination address lookup
2479 # 2 - a source address lookup
2481 table_dst = VppIpTable(self, 1, is_ip6=1)
2482 table_src = VppIpTable(self, 2, is_ip6=1)
2483 table_dst.add_vpp_config()
2484 table_src.add_vpp_config()
2487 # Add a route in the default table to point to a deag/
2488 # second lookup in each of these tables
2490 route_to_dst = VppIpRoute(self, "1::1", 128,
2494 route_to_src = VppIpRoute(
2499 type=FibPathType.FIB_PATH_TYPE_SOURCE_LOOKUP)])
2501 route_to_dst.add_vpp_config()
2502 route_to_src.add_vpp_config()
2505 # packets to these destination are dropped, since they'll
2506 # hit the respective default routes in the second table
2508 p_dst = (Ether(src=self.pg0.remote_mac,
2509 dst=self.pg0.local_mac) /
2510 IPv6(src="5::5", dst="1::1") /
2511 inet6.TCP(sport=1234, dport=1234) /
2513 p_src = (Ether(src=self.pg0.remote_mac,
2514 dst=self.pg0.local_mac) /
2515 IPv6(src="2::2", dst="1::2") /
2516 inet6.TCP(sport=1234, dport=1234) /
2518 pkts_dst = p_dst * 257
2519 pkts_src = p_src * 257
2521 self.send_and_assert_no_replies(self.pg0, pkts_dst,
2523 self.send_and_assert_no_replies(self.pg0, pkts_src,
2527 # add a route in the dst table to forward via pg1
2529 route_in_dst = VppIpRoute(self, "1::1", 128,
2530 [VppRoutePath(self.pg1.remote_ip6,
2531 self.pg1.sw_if_index)],
2533 route_in_dst.add_vpp_config()
2535 self.send_and_expect(self.pg0, pkts_dst, self.pg1)
2538 # add a route in the src table to forward via pg2
2540 route_in_src = VppIpRoute(self, "2::2", 128,
2541 [VppRoutePath(self.pg2.remote_ip6,
2542 self.pg2.sw_if_index)],
2544 route_in_src.add_vpp_config()
2545 self.send_and_expect(self.pg0, pkts_src, self.pg2)
2548 # loop in the lookup DP
2550 route_loop = VppIpRoute(self, "3::3", 128,
2553 route_loop.add_vpp_config()
2555 p_l = (Ether(src=self.pg0.remote_mac,
2556 dst=self.pg0.local_mac) /
2557 IPv6(src="3::4", dst="3::3") /
2558 inet6.TCP(sport=1234, dport=1234) /
2561 self.send_and_assert_no_replies(self.pg0, p_l * 257,
2565 class TestIP6Input(VppTestCase):
2566 """ IPv6 Input Exception Test Cases """
2569 def setUpClass(cls):
2570 super(TestIP6Input, cls).setUpClass()
2573 def tearDownClass(cls):
2574 super(TestIP6Input, cls).tearDownClass()
2577 super(TestIP6Input, self).setUp()
2579 self.create_pg_interfaces(range(2))
2581 for i in self.pg_interfaces:
2587 super(TestIP6Input, self).tearDown()
2588 for i in self.pg_interfaces:
2592 def test_ip_input_icmp_reply(self):
2593 """ IP6 Input Exception - Return ICMP (3,0) """
2595 # hop limit - ICMP replies
2597 p_version = (Ether(src=self.pg0.remote_mac,
2598 dst=self.pg0.local_mac) /
2599 IPv6(src=self.pg0.remote_ip6,
2600 dst=self.pg1.remote_ip6,
2602 inet6.UDP(sport=1234, dport=1234) /
2605 rxs = self.send_and_expect_some(self.pg0,
2606 p_version * NUM_PKTS,
2610 icmp = rx[ICMPv6TimeExceeded]
2611 # 0: "hop limit exceeded in transit",
2612 self.assertEqual((icmp.type, icmp.code), (3, 0))
2614 icmpv6_data = '\x0a' * 18
2616 all_1s = "FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF"
2618 @parameterized.expand([
2619 # Name, src, dst, l4proto, msg, timeout
2620 ("src='iface', dst='iface'", None, None,
2621 inet6.UDP(sport=1234, dport=1234), "funky version", None),
2622 ("src='All 0's', dst='iface'", all_0s, None,
2623 ICMPv6EchoRequest(id=0xb, seq=5, data=icmpv6_data), None, 0.1),
2624 ("src='iface', dst='All 0's'", None, all_0s,
2625 ICMPv6EchoRequest(id=0xb, seq=5, data=icmpv6_data), None, 0.1),
2626 ("src='All 1's', dst='iface'", all_1s, None,
2627 ICMPv6EchoRequest(id=0xb, seq=5, data=icmpv6_data), None, 0.1),
2628 ("src='iface', dst='All 1's'", None, all_1s,
2629 ICMPv6EchoRequest(id=0xb, seq=5, data=icmpv6_data), None, 0.1),
2630 ("src='All 1's', dst='All 1's'", all_1s, all_1s,
2631 ICMPv6EchoRequest(id=0xb, seq=5, data=icmpv6_data), None, 0.1),
2634 def test_ip_input_no_replies(self, name, src, dst, l4, msg, timeout):
2636 self._testMethodDoc = 'IPv6 Input Exception - %s' % name
2638 p_version = (Ether(src=self.pg0.remote_mac,
2639 dst=self.pg0.local_mac) /
2640 IPv6(src=src or self.pg0.remote_ip6,
2641 dst=dst or self.pg1.remote_ip6,
2646 self.send_and_assert_no_replies(self.pg0, p_version * NUM_PKTS,
2650 def test_hop_by_hop(self):
2651 """ Hop-by-hop header test """
2653 p = (Ether(src=self.pg0.remote_mac,
2654 dst=self.pg0.local_mac) /
2655 IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6) /
2656 IPv6ExtHdrHopByHop() /
2657 inet6.UDP(sport=1234, dport=1234) /
2660 self.pg0.add_stream(p)
2661 self.pg_enable_capture(self.pg_interfaces)
2665 class TestIP6Replace(VppTestCase):
2666 """ IPv6 Table Replace """
2669 def setUpClass(cls):
2670 super(TestIP6Replace, cls).setUpClass()
2673 def tearDownClass(cls):
2674 super(TestIP6Replace, cls).tearDownClass()
2677 super(TestIP6Replace, self).setUp()
2679 self.create_pg_interfaces(range(4))
2684 for i in self.pg_interfaces:
2687 i.generate_remote_hosts(2)
2688 self.tables.append(VppIpTable(self, table_id,
2689 True).add_vpp_config())
2693 super(TestIP6Replace, self).tearDown()
2694 for i in self.pg_interfaces:
2698 def test_replace(self):
2699 """ IP Table Replace """
2701 MRouteItfFlags = VppEnum.vl_api_mfib_itf_flags_t
2702 MRouteEntryFlags = VppEnum.vl_api_mfib_entry_flags_t
2704 links = [self.pg0, self.pg1, self.pg2, self.pg3]
2705 routes = [[], [], [], []]
2707 # the sizes of 'empty' tables
2708 for t in self.tables:
2709 self.assertEqual(len(t.dump()), 2)
2710 self.assertEqual(len(t.mdump()), 5)
2712 # load up the tables with some routes
2713 for ii, t in enumerate(self.tables):
2714 for jj in range(1, N_ROUTES):
2716 self, "2001::%d" % jj if jj != 0 else "2001::", 128,
2717 [VppRoutePath(links[ii].remote_hosts[0].ip6,
2718 links[ii].sw_if_index),
2719 VppRoutePath(links[ii].remote_hosts[1].ip6,
2720 links[ii].sw_if_index)],
2721 table_id=t.table_id).add_vpp_config()
2722 multi = VppIpMRoute(
2724 "ff:2001::%d" % jj, 128,
2725 MRouteEntryFlags.MFIB_API_ENTRY_FLAG_NONE,
2726 [VppMRoutePath(self.pg0.sw_if_index,
2727 MRouteItfFlags.MFIB_API_ITF_FLAG_ACCEPT,
2728 proto=FibPathProto.FIB_PATH_NH_PROTO_IP6),
2729 VppMRoutePath(self.pg1.sw_if_index,
2730 MRouteItfFlags.MFIB_API_ITF_FLAG_FORWARD,
2731 proto=FibPathProto.FIB_PATH_NH_PROTO_IP6),
2732 VppMRoutePath(self.pg2.sw_if_index,
2733 MRouteItfFlags.MFIB_API_ITF_FLAG_FORWARD,
2734 proto=FibPathProto.FIB_PATH_NH_PROTO_IP6),
2735 VppMRoutePath(self.pg3.sw_if_index,
2736 MRouteItfFlags.MFIB_API_ITF_FLAG_FORWARD,
2737 proto=FibPathProto.FIB_PATH_NH_PROTO_IP6)],
2738 table_id=t.table_id).add_vpp_config()
2739 routes[ii].append({'uni': uni,
2743 # replace the tables a few times
2746 # replace each table
2747 for t in self.tables:
2750 # all the routes are still there
2751 for ii, t in enumerate(self.tables):
2754 for r in routes[ii]:
2755 self.assertTrue(find_route_in_dump(dump, r['uni'], t))
2756 self.assertTrue(find_mroute_in_dump(mdump, r['multi'], t))
2758 # redownload the even numbered routes
2759 for ii, t in enumerate(self.tables):
2760 for jj in range(0, N_ROUTES, 2):
2761 routes[ii][jj]['uni'].add_vpp_config()
2762 routes[ii][jj]['multi'].add_vpp_config()
2764 # signal each table converged
2765 for t in self.tables:
2768 # we should find the even routes, but not the odd
2769 for ii, t in enumerate(self.tables):
2772 for jj in range(0, N_ROUTES, 2):
2773 self.assertTrue(find_route_in_dump(
2774 dump, routes[ii][jj]['uni'], t))
2775 self.assertTrue(find_mroute_in_dump(
2776 mdump, routes[ii][jj]['multi'], t))
2777 for jj in range(1, N_ROUTES - 1, 2):
2778 self.assertFalse(find_route_in_dump(
2779 dump, routes[ii][jj]['uni'], t))
2780 self.assertFalse(find_mroute_in_dump(
2781 mdump, routes[ii][jj]['multi'], t))
2783 # reload all the routes
2784 for ii, t in enumerate(self.tables):
2785 for r in routes[ii]:
2786 r['uni'].add_vpp_config()
2787 r['multi'].add_vpp_config()
2789 # all the routes are still there
2790 for ii, t in enumerate(self.tables):
2793 for r in routes[ii]:
2794 self.assertTrue(find_route_in_dump(dump, r['uni'], t))
2795 self.assertTrue(find_mroute_in_dump(mdump, r['multi'], t))
2798 # finally flush the tables for good measure
2800 for t in self.tables:
2802 self.assertEqual(len(t.dump()), 2)
2803 self.assertEqual(len(t.mdump()), 5)
2806 class TestIP6AddrReplace(VppTestCase):
2807 """ IPv6 Interface Address Replace """
2810 def setUpClass(cls):
2811 super(TestIP6AddrReplace, cls).setUpClass()
2814 def tearDownClass(cls):
2815 super(TestIP6AddrReplace, cls).tearDownClass()
2818 super(TestIP6AddrReplace, self).setUp()
2820 self.create_pg_interfaces(range(4))
2822 for i in self.pg_interfaces:
2826 super(TestIP6AddrReplace, self).tearDown()
2827 for i in self.pg_interfaces:
2830 def get_n_pfxs(self, intf):
2831 return len(self.vapi.ip_address_dump(intf.sw_if_index, True))
2833 def test_replace(self):
2834 """ IP interface address replace """
2836 intf_pfxs = [[], [], [], []]
2838 # add prefixes to each of the interfaces
2839 for i in range(len(self.pg_interfaces)):
2840 intf = self.pg_interfaces[i]
2843 addr = "2001:16:%d::1" % intf.sw_if_index
2844 a = VppIpInterfaceAddress(self, intf, addr, 64).add_vpp_config()
2845 intf_pfxs[i].append(a)
2847 # 2001:16:x::2/64 - a different address in the same subnet as above
2848 addr = "2001:16:%d::2" % intf.sw_if_index
2849 a = VppIpInterfaceAddress(self, intf, addr, 64).add_vpp_config()
2850 intf_pfxs[i].append(a)
2852 # 2001:15:x::2/64 - a different address and subnet
2853 addr = "2001:15:%d::2" % intf.sw_if_index
2854 a = VppIpInterfaceAddress(self, intf, addr, 64).add_vpp_config()
2855 intf_pfxs[i].append(a)
2857 # a dump should n_address in it
2858 for intf in self.pg_interfaces:
2859 self.assertEqual(self.get_n_pfxs(intf), 3)
2862 # remove all the address thru a replace
2864 self.vapi.sw_interface_address_replace_begin()
2865 self.vapi.sw_interface_address_replace_end()
2866 for intf in self.pg_interfaces:
2867 self.assertEqual(self.get_n_pfxs(intf), 0)
2870 # add all the interface addresses back
2875 for intf in self.pg_interfaces:
2876 self.assertEqual(self.get_n_pfxs(intf), 3)
2879 # replace again, but this time update/re-add the address on the first
2882 self.vapi.sw_interface_address_replace_begin()
2884 for p in intf_pfxs[:2]:
2888 self.vapi.sw_interface_address_replace_end()
2890 # on the first two the address still exist,
2891 # on the other two they do not
2892 for intf in self.pg_interfaces[:2]:
2893 self.assertEqual(self.get_n_pfxs(intf), 3)
2894 for p in intf_pfxs[:2]:
2896 self.assertTrue(v.query_vpp_config())
2897 for intf in self.pg_interfaces[2:]:
2898 self.assertEqual(self.get_n_pfxs(intf), 0)
2901 # add all the interface addresses back on the last two
2903 for p in intf_pfxs[2:]:
2906 for intf in self.pg_interfaces:
2907 self.assertEqual(self.get_n_pfxs(intf), 3)
2910 # replace again, this time add different prefixes on all the interfaces
2912 self.vapi.sw_interface_address_replace_begin()
2915 for intf in self.pg_interfaces:
2917 addr = "2001:18:%d::1" % intf.sw_if_index
2918 pfxs.append(VppIpInterfaceAddress(self, intf, addr,
2919 64).add_vpp_config())
2921 self.vapi.sw_interface_address_replace_end()
2923 # only .18 should exist on each interface
2924 for intf in self.pg_interfaces:
2925 self.assertEqual(self.get_n_pfxs(intf), 1)
2927 self.assertTrue(pfx.query_vpp_config())
2932 self.vapi.sw_interface_address_replace_begin()
2933 self.vapi.sw_interface_address_replace_end()
2934 for intf in self.pg_interfaces:
2935 self.assertEqual(self.get_n_pfxs(intf), 0)
2938 # add prefixes to each interface. post-begin add the prefix from
2939 # interface X onto interface Y. this would normally be an error
2940 # since it would generate a 'duplicate address' warning. but in
2941 # this case, since what is newly downloaded is sane, it's ok
2943 for intf in self.pg_interfaces:
2945 addr = "2001:18:%d::1" % intf.sw_if_index
2946 VppIpInterfaceAddress(self, intf, addr, 64).add_vpp_config()
2948 self.vapi.sw_interface_address_replace_begin()
2951 for intf in self.pg_interfaces:
2953 addr = "2001:18:%d::1" % (intf.sw_if_index + 1)
2954 pfxs.append(VppIpInterfaceAddress(self, intf,
2955 addr, 64).add_vpp_config())
2957 self.vapi.sw_interface_address_replace_end()
2959 self.logger.info(self.vapi.cli("sh int addr"))
2961 for intf in self.pg_interfaces:
2962 self.assertEqual(self.get_n_pfxs(intf), 1)
2964 self.assertTrue(pfx.query_vpp_config())
2967 class TestIP6LinkLocal(VppTestCase):
2968 """ IPv6 Link Local """
2971 def setUpClass(cls):
2972 super(TestIP6LinkLocal, cls).setUpClass()
2975 def tearDownClass(cls):
2976 super(TestIP6LinkLocal, cls).tearDownClass()
2979 super(TestIP6LinkLocal, self).setUp()
2981 self.create_pg_interfaces(range(2))
2983 for i in self.pg_interfaces:
2987 super(TestIP6LinkLocal, self).tearDown()
2988 for i in self.pg_interfaces:
2991 def test_ip6_ll(self):
2992 """ IPv6 Link Local """
2995 # two APIs to add a link local address.
2996 # 1 - just like any other prefix
2997 # 2 - with the special set LL API
3001 # First with the API to set a 'normal' prefix
3008 self.pg0.sw_if_index,
3009 self.pg0.remote_mac,
3010 ll2).add_vpp_config()
3012 VppIpInterfaceAddress(self, self.pg0, ll1, 128).add_vpp_config()
3015 # should be able to ping the ll
3017 p_echo_request_1 = (Ether(src=self.pg0.remote_mac,
3018 dst=self.pg0.local_mac) /
3021 ICMPv6EchoRequest())
3023 self.send_and_expect(self.pg0, [p_echo_request_1], self.pg0)
3026 # change the link-local on pg0
3028 v_ll3 = VppIpInterfaceAddress(self, self.pg0,
3029 ll3, 128).add_vpp_config()
3031 p_echo_request_3 = (Ether(src=self.pg0.remote_mac,
3032 dst=self.pg0.local_mac) /
3035 ICMPv6EchoRequest())
3037 self.send_and_expect(self.pg0, [p_echo_request_3], self.pg0)
3040 # set a normal v6 prefix on the link
3042 self.pg0.config_ip6()
3044 self.send_and_expect(self.pg0, [p_echo_request_3], self.pg0)
3046 # the link-local cannot be removed
3047 with self.vapi.assert_negative_api_retval():
3048 v_ll3.remove_vpp_config()
3051 # Use the specific link-local API on pg1
3053 VppIp6LinkLocalAddress(self, self.pg1, ll1).add_vpp_config()
3054 self.send_and_expect(self.pg1, [p_echo_request_1], self.pg1)
3056 VppIp6LinkLocalAddress(self, self.pg1, ll3).add_vpp_config()
3057 self.send_and_expect(self.pg1, [p_echo_request_3], self.pg1)
3059 def test_ip6_ll_p2p(self):
3060 """ IPv6 Link Local P2P (GRE)"""
3062 self.pg0.config_ip4()
3063 self.pg0.resolve_arp()
3064 gre_if = VppGreInterface(self,
3066 self.pg0.remote_ip4).add_vpp_config()
3072 VppIpInterfaceAddress(self, gre_if, ll1, 128).add_vpp_config()
3074 self.logger.info(self.vapi.cli("sh ip6-ll gre0 fe80:2::2"))
3076 p_echo_request_1 = (Ether(src=self.pg0.remote_mac,
3077 dst=self.pg0.local_mac) /
3078 IP(src=self.pg0.remote_ip4,
3079 dst=self.pg0.local_ip4) /
3081 IPv6(src=ll2, dst=ll1) /
3082 ICMPv6EchoRequest())
3083 self.send_and_expect(self.pg0, [p_echo_request_1], self.pg0)
3085 self.pg0.unconfig_ip4()
3086 gre_if.remove_vpp_config()
3088 def test_ip6_ll_p2mp(self):
3089 """ IPv6 Link Local P2MP (GRE)"""
3091 self.pg0.config_ip4()
3092 self.pg0.resolve_arp()
3094 gre_if = VppGreInterface(
3098 mode=(VppEnum.vl_api_tunnel_mode_t.
3099 TUNNEL_API_MODE_MP)).add_vpp_config()
3105 VppIpInterfaceAddress(self, gre_if, ll1, 128).add_vpp_config()
3107 p_echo_request_1 = (Ether(src=self.pg0.remote_mac,
3108 dst=self.pg0.local_mac) /
3109 IP(src=self.pg0.remote_ip4,
3110 dst=self.pg0.local_ip4) /
3112 IPv6(src=ll2, dst=ll1) /
3113 ICMPv6EchoRequest())
3115 # no route back at this point
3116 self.send_and_assert_no_replies(self.pg0, [p_echo_request_1])
3118 # add teib entry for the peer
3119 teib = VppTeib(self, gre_if, ll2, self.pg0.remote_ip4)
3120 teib.add_vpp_config()
3122 self.logger.info(self.vapi.cli("sh ip6-ll gre0 %s" % ll2))
3123 self.send_and_expect(self.pg0, [p_echo_request_1], self.pg0)
3126 self.pg0.unconfig_ip4()
3129 class TestIPv6PathMTU(VppTestCase):
3130 """ IPv6 Path MTU """
3133 super(TestIPv6PathMTU, self).setUp()
3135 self.create_pg_interfaces(range(2))
3137 # setup all interfaces
3138 for i in self.pg_interfaces:
3144 super(TestIPv6PathMTU, self).tearDown()
3145 for i in self.pg_interfaces:
3149 def test_path_mtu_local(self):
3150 """ Path MTU for attached neighbour """
3152 self.vapi.cli("set log class ip level debug")
3154 # The goal here is not test that fragmentation works correctly,
3155 # that's done elsewhere, the intent is to ensure that the Path MTU
3156 # settings are honoured.
3160 # IPv6 will only frag locally generated packets, so use tunnelled
3161 # packets post encap
3163 tun = VppIpIpTunInterface(
3167 self.pg1.remote_ip6)
3168 tun.add_vpp_config()
3172 # set the interface MTU to a reasonable value
3173 self.vapi.sw_interface_set_mtu(self.pg1.sw_if_index,
3176 p_6k = (Ether(dst=self.pg0.local_mac,
3177 src=self.pg0.remote_mac) /
3178 IPv6(src=self.pg0.remote_ip6,
3179 dst=tun.remote_ip6) /
3180 UDP(sport=1234, dport=5678) /
3182 p_2k = (Ether(dst=self.pg0.local_mac,
3183 src=self.pg0.remote_mac) /
3184 IPv6(src=self.pg0.remote_ip6,
3185 dst=tun.remote_ip6) /
3186 UDP(sport=1234, dport=5678) /
3188 p_1k = (Ether(dst=self.pg0.local_mac,
3189 src=self.pg0.remote_mac) /
3190 IPv6(src=self.pg0.remote_ip6,
3191 dst=tun.remote_ip6) /
3192 UDP(sport=1234, dport=5678) /
3195 nbr = VppNeighbor(self,
3196 self.pg1.sw_if_index,
3197 self.pg1.remote_mac,
3198 self.pg1.remote_ip6).add_vpp_config()
3200 # this is now the interface MTU frags
3201 self.send_and_expect(self.pg0, [p_6k], self.pg1, n_rx=4)
3202 self.send_and_expect(self.pg0, [p_2k], self.pg1, n_rx=2)
3203 self.send_and_expect(self.pg0, [p_1k], self.pg1)
3205 # drop the path MTU for this neighbour to below the interface MTU
3207 pmtu = VppIpPathMtu(self, self.pg1.remote_ip6, 1300).add_vpp_config()
3209 # print/format the adj delegate and trackers
3210 self.logger.info(self.vapi.cli("sh ip pmtu"))
3211 self.logger.info(self.vapi.cli("sh adj 7"))
3213 self.send_and_expect(self.pg0, [p_2k], self.pg1, n_rx=3)
3214 self.send_and_expect(self.pg0, [p_1k], self.pg1, n_rx=2)
3216 # increase the path MTU to more than the interface
3217 # expect to use the interface MTU
3220 self.send_and_expect(self.pg0, [p_2k], self.pg1, n_rx=2)
3221 self.send_and_expect(self.pg0, [p_1k], self.pg1)
3223 # go back to an MTU from the path
3226 self.send_and_expect(self.pg0, [p_2k], self.pg1, n_rx=3)
3227 self.send_and_expect(self.pg0, [p_1k], self.pg1, n_rx=2)
3229 # raise the interface's MTU
3230 # should still use that of the path
3231 self.vapi.sw_interface_set_mtu(self.pg1.sw_if_index,
3233 self.send_and_expect(self.pg0, [p_2k], self.pg1, n_rx=3)
3234 self.send_and_expect(self.pg0, [p_1k], self.pg1, n_rx=2)
3236 # set path high and interface low
3238 self.vapi.sw_interface_set_mtu(self.pg1.sw_if_index,
3240 self.send_and_expect(self.pg0, [p_2k], self.pg1, n_rx=3)
3241 self.send_and_expect(self.pg0, [p_1k], self.pg1, n_rx=2)
3243 # remove the path MTU
3244 self.vapi.sw_interface_set_mtu(self.pg1.sw_if_index,
3248 self.send_and_expect(self.pg0, [p_2k], self.pg1, n_rx=2)
3249 self.send_and_expect(self.pg0, [p_1k], self.pg1)
3251 def test_path_mtu_remote(self):
3252 """ Path MTU for remote neighbour """
3254 self.vapi.cli("set log class ip level debug")
3256 # The goal here is not test that fragmentation works correctly,
3257 # that's done elsewhere, the intent is to ensure that the Path MTU
3258 # settings are honoured.
3264 [VppRoutePath(self.pg1.remote_ip6,
3265 self.pg1.sw_if_index)]).add_vpp_config()
3268 # IPv6 will only frag locally generated packets, so use tunnelled
3269 # packets post encap
3271 tun = VppIpIpTunInterface(
3276 tun.add_vpp_config()
3280 # set the interface MTU to a reasonable value
3281 self.vapi.sw_interface_set_mtu(self.pg1.sw_if_index,
3284 p_2k = (Ether(dst=self.pg0.local_mac,
3285 src=self.pg0.remote_mac) /
3286 IPv6(src=self.pg0.remote_ip6,
3287 dst=tun.remote_ip6) /
3288 UDP(sport=1234, dport=5678) /
3290 p_1k = (Ether(dst=self.pg0.local_mac,
3291 src=self.pg0.remote_mac) /
3292 IPv6(src=self.pg0.remote_ip6,
3293 dst=tun.remote_ip6) /
3294 UDP(sport=1234, dport=5678) /
3297 nbr = VppNeighbor(self,
3298 self.pg1.sw_if_index,
3299 self.pg1.remote_mac,
3300 self.pg1.remote_ip6).add_vpp_config()
3302 # this is now the interface MTU frags
3303 self.send_and_expect(self.pg0, [p_2k], self.pg1, n_rx=2)
3304 self.send_and_expect(self.pg0, [p_1k], self.pg1)
3306 # drop the path MTU for this neighbour to below the interface MTU
3308 pmtu = VppIpPathMtu(self, tun_dst, 1300).add_vpp_config()
3310 # print/format the fib entry/dpo
3311 self.logger.info(self.vapi.cli("sh ip6 fib 2001::1"))
3313 self.send_and_expect(self.pg0, [p_2k], self.pg1, n_rx=3)
3314 self.send_and_expect(self.pg0, [p_1k], self.pg1, n_rx=2)
3316 # increase the path MTU to more than the interface
3317 # expect to use the interface MTU
3320 self.send_and_expect(self.pg0, [p_2k], self.pg1, n_rx=2)
3321 self.send_and_expect(self.pg0, [p_1k], self.pg1)
3323 # go back to an MTU from the path
3326 self.send_and_expect(self.pg0, [p_2k], self.pg1, n_rx=3)
3327 self.send_and_expect(self.pg0, [p_1k], self.pg1, n_rx=2)
3329 # raise the interface's MTU
3330 # should still use that of the path
3331 self.vapi.sw_interface_set_mtu(self.pg1.sw_if_index,
3333 self.send_and_expect(self.pg0, [p_2k], self.pg1, n_rx=3)
3334 self.send_and_expect(self.pg0, [p_1k], self.pg1, n_rx=2)
3336 # turn the tun_dst into an attached neighbour
3337 route.modify([VppRoutePath("::",
3338 self.pg1.sw_if_index)])
3339 nbr2 = VppNeighbor(self,
3340 self.pg1.sw_if_index,
3341 self.pg1.remote_mac,
3342 tun_dst).add_vpp_config()
3344 self.send_and_expect(self.pg0, [p_2k], self.pg1, n_rx=3)
3345 self.send_and_expect(self.pg0, [p_1k], self.pg1, n_rx=2)
3347 # add back to not attached
3348 nbr2.remove_vpp_config()
3349 route.modify([VppRoutePath(self.pg1.remote_ip6,
3350 self.pg1.sw_if_index)])
3352 # set path high and interface low
3354 self.vapi.sw_interface_set_mtu(self.pg1.sw_if_index,
3356 self.send_and_expect(self.pg0, [p_2k], self.pg1, n_rx=3)
3357 self.send_and_expect(self.pg0, [p_1k], self.pg1, n_rx=2)
3359 # remove the path MTU
3360 self.vapi.sw_interface_set_mtu(self.pg1.sw_if_index,
3362 pmtu.remove_vpp_config()
3363 self.send_and_expect(self.pg0, [p_2k], self.pg1, n_rx=2)
3364 self.send_and_expect(self.pg0, [p_1k], self.pg1)
3367 class TestIPFibSource(VppTestCase):
3368 """ IPv6 Table FibSource """
3371 def setUpClass(cls):
3372 super(TestIPFibSource, cls).setUpClass()
3375 def tearDownClass(cls):
3376 super(TestIPFibSource, cls).tearDownClass()
3379 super(TestIPFibSource, self).setUp()
3381 self.create_pg_interfaces(range(2))
3383 for i in self.pg_interfaces:
3387 i.generate_remote_hosts(2)
3388 i.configure_ipv6_neighbors()
3391 super(TestIPFibSource, self).tearDown()
3392 for i in self.pg_interfaces:
3396 def test_fib_source(self):
3397 """ IP Table FibSource """
3399 routes = self.vapi.ip_route_v2_dump(0, True)
3401 # 2 interfaces (4 routes) + 2 specials + 4 neighbours = 10 routes
3402 self.assertEqual(len(routes), 10)
3404 # dump all the sources in the FIB
3405 sources = self.vapi.fib_source_dump()
3406 for source in sources:
3407 if (source.src.name == "API"):
3408 api_source = source.src
3409 if (source.src.name == "interface"):
3410 intf_source = source.src
3411 if (source.src.name == "adjacency"):
3412 adj_source = source.src
3413 if (source.src.name == "special"):
3414 special_source = source.src
3415 if (source.src.name == "default-route"):
3416 dr_source = source.src
3418 # dump the individual route types
3419 routes = self.vapi.ip_route_v2_dump(0, True, src=adj_source.id)
3420 self.assertEqual(len(routes), 4)
3421 routes = self.vapi.ip_route_v2_dump(0, True, src=intf_source.id)
3422 self.assertEqual(len(routes), 4)
3423 routes = self.vapi.ip_route_v2_dump(0, True, src=special_source.id)
3424 self.assertEqual(len(routes), 1)
3425 routes = self.vapi.ip_route_v2_dump(0, True, src=dr_source.id)
3426 self.assertEqual(len(routes), 1)
3428 # add a new soure that'a better than the API
3429 self.vapi.fib_source_add(src={'name': "bgp",
3430 "priority": api_source.priority - 1})
3432 # dump all the sources to check our new one is there
3433 sources = self.vapi.fib_source_dump()
3435 for source in sources:
3436 if (source.src.name == "bgp"):
3437 bgp_source = source.src
3439 self.assertTrue(bgp_source)
3440 self.assertEqual(bgp_source.priority,
3441 api_source.priority - 1)
3443 # add a route with the default API source
3445 self, "2001::1", 128,
3446 [VppRoutePath(self.pg0.remote_ip6,
3447 self.pg0.sw_if_index)]).add_vpp_config()
3449 r2 = VppIpRouteV2(self, "2001::1", 128,
3450 [VppRoutePath(self.pg1.remote_ip6,
3451 self.pg1.sw_if_index)],
3452 src=bgp_source.id).add_vpp_config()
3454 # ensure the BGP source takes priority
3455 p = (Ether(src=self.pg0.remote_mac,
3456 dst=self.pg0.local_mac) /
3457 IPv6(src=self.pg0.remote_ip6, dst="2001::1") /
3458 inet6.UDP(sport=1234, dport=1234) /
3461 self.send_and_expect(self.pg0, [p], self.pg1)
3463 r2.remove_vpp_config()
3464 r1.remove_vpp_config()
3466 self.assertFalse(find_route(self, "2001::1", 128))
3469 class TestIPxAF(VppTestCase):
3473 def setUpClass(cls):
3474 super(TestIPxAF, cls).setUpClass()
3477 def tearDownClass(cls):
3478 super(TestIPxAF, cls).tearDownClass()
3481 super(TestIPxAF, self).setUp()
3483 self.create_pg_interfaces(range(2))
3485 for i in self.pg_interfaces:
3493 super(TestIPxAF, self).tearDown()
3494 for i in self.pg_interfaces:
3499 def test_x_af(self):
3500 """ Cross AF routing """
3503 # a v4 route via a v6 attached next-hop
3505 self, "1.1.1.1", 32,
3506 [VppRoutePath(self.pg1.remote_ip6,
3507 self.pg1.sw_if_index)]).add_vpp_config()
3509 p = (Ether(src=self.pg0.remote_mac,
3510 dst=self.pg0.local_mac) /
3511 IP(src=self.pg0.remote_ip4, dst="1.1.1.1") /
3512 UDP(sport=1234, dport=1234) /
3514 rxs = self.send_and_expect(self.pg0, p * N_PKTS, self.pg1)
3517 self.assertEqual(rx[IP].dst, "1.1.1.1")
3519 # a v6 route via a v4 attached next-hop
3521 self, "2001::1", 128,
3522 [VppRoutePath(self.pg1.remote_ip4,
3523 self.pg1.sw_if_index)]).add_vpp_config()
3525 p = (Ether(src=self.pg0.remote_mac,
3526 dst=self.pg0.local_mac) /
3527 IPv6(src=self.pg0.remote_ip6, dst="2001::1") /
3528 UDP(sport=1234, dport=1234) /
3530 rxs = self.send_and_expect(self.pg0, p * N_PKTS, self.pg1)
3533 self.assertEqual(rx[IPv6].dst, "2001::1")
3535 # a recursive v4 route via a v6 next-hop (from above)
3537 self, "2.2.2.2", 32,
3538 [VppRoutePath("2001::1",
3539 0xffffffff)]).add_vpp_config()
3541 p = (Ether(src=self.pg0.remote_mac,
3542 dst=self.pg0.local_mac) /
3543 IP(src=self.pg0.remote_ip4, dst="2.2.2.2") /
3544 UDP(sport=1234, dport=1234) /
3546 rxs = self.send_and_expect(self.pg0, p * N_PKTS, self.pg1)
3548 # a recursive v4 route via a v6 next-hop
3550 self, "2.2.2.3", 32,
3551 [VppRoutePath(self.pg1.remote_ip6,
3552 0xffffffff)]).add_vpp_config()
3554 p = (Ether(src=self.pg0.remote_mac,
3555 dst=self.pg0.local_mac) /
3556 IP(src=self.pg0.remote_ip4, dst="2.2.2.3") /
3557 UDP(sport=1234, dport=1234) /
3559 rxs = self.send_and_expect(self.pg0, p * N_PKTS, self.pg1)
3561 # a recursive v6 route via a v4 next-hop
3563 self, "3001::1", 128,
3564 [VppRoutePath(self.pg1.remote_ip4,
3565 0xffffffff)]).add_vpp_config()
3567 p = (Ether(src=self.pg0.remote_mac,
3568 dst=self.pg0.local_mac) /
3569 IPv6(src=self.pg0.remote_ip6, dst="3001::1") /
3570 UDP(sport=1234, dport=1234) /
3572 rxs = self.send_and_expect(self.pg0, p * N_PKTS, self.pg1)
3575 self.assertEqual(rx[IPv6].dst, "3001::1")
3578 self, "3001::2", 128,
3579 [VppRoutePath("1.1.1.1",
3580 0xffffffff)]).add_vpp_config()
3582 p = (Ether(src=self.pg0.remote_mac,
3583 dst=self.pg0.local_mac) /
3584 IPv6(src=self.pg0.remote_ip6, dst="3001::2") /
3585 UDP(sport=1234, dport=1234) /
3587 rxs = self.send_and_expect(self.pg0, p * N_PKTS, self.pg1)
3590 self.assertEqual(rx[IPv6].dst, "3001::2")
3593 class TestIPv6Punt(VppTestCase):
3594 """ IPv6 Punt Police/Redirect """
3597 super(TestIPv6Punt, self).setUp()
3598 self.create_pg_interfaces(range(4))
3600 for i in self.pg_interfaces:
3606 super(TestIPv6Punt, self).tearDown()
3607 for i in self.pg_interfaces:
3611 def test_ip6_punt(self):
3612 """ IPv6 punt police and redirect """
3614 # use UDP packet that have a port we need to explicitly
3615 # register to get punted.
3616 pt_l4 = VppEnum.vl_api_punt_type_t.PUNT_API_TYPE_L4
3617 af_ip6 = VppEnum.vl_api_address_family_t.ADDRESS_IP6
3618 udp_proto = VppEnum.vl_api_ip_proto_t.IP_API_PROTO_UDP
3624 'protocol': udp_proto,
3630 self.vapi.set_punt(is_add=1, punt=punt_udp)
3632 pkts = (Ether(src=self.pg0.remote_mac,
3633 dst=self.pg0.local_mac) /
3634 IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6) /
3635 UDP(sport=1234, dport=7654) /
3636 Raw(b'\xa5' * 100)) * 1025
3639 # Configure a punt redirect via pg1.
3641 nh_addr = self.pg1.remote_ip6
3642 ip_punt_redirect = VppIpPuntRedirect(self, self.pg0.sw_if_index,
3643 self.pg1.sw_if_index, nh_addr)
3644 ip_punt_redirect.add_vpp_config()
3646 self.send_and_expect(self.pg0, pkts, self.pg1)
3651 policer = VppPolicer(self, "ip6-punt", 400, 0, 10, 0, rate_type=1)
3652 policer.add_vpp_config()
3653 ip_punt_policer = VppIpPuntPolicer(self, policer.policer_index,
3655 ip_punt_policer.add_vpp_config()
3657 self.vapi.cli("clear trace")
3658 self.pg0.add_stream(pkts)
3659 self.pg_enable_capture(self.pg_interfaces)
3663 # the number of packet received should be greater than 0,
3664 # but not equal to the number sent, since some were policed
3666 rx = self.pg1._get_capture(1)
3668 stats = policer.get_stats()
3670 # Single rate policer - expect conform, violate but no exceed
3671 self.assertGreater(stats['conform_packets'], 0)
3672 self.assertEqual(stats['exceed_packets'], 0)
3673 self.assertGreater(stats['violate_packets'], 0)
3675 self.assertGreater(len(rx), 0)
3676 self.assertLess(len(rx), len(pkts))
3679 # remove the policer. back to full rx
3681 ip_punt_policer.remove_vpp_config()
3682 policer.remove_vpp_config()
3683 self.send_and_expect(self.pg0, pkts, self.pg1)
3686 # remove the redirect. expect full drop.
3688 ip_punt_redirect.remove_vpp_config()
3689 self.send_and_assert_no_replies(self.pg0, pkts,
3690 "IP no punt config")
3693 # Add a redirect that is not input port selective
3695 ip_punt_redirect = VppIpPuntRedirect(self, 0xffffffff,
3696 self.pg1.sw_if_index, nh_addr)
3697 ip_punt_redirect.add_vpp_config()
3698 self.send_and_expect(self.pg0, pkts, self.pg1)
3699 ip_punt_redirect.remove_vpp_config()
3701 def test_ip6_punt_dump(self):
3702 """ IPv6 punt redirect dump"""
3705 # Configure a punt redirects
3707 nh_address = self.pg3.remote_ip6
3708 ipr_03 = VppIpPuntRedirect(self, self.pg0.sw_if_index,
3709 self.pg3.sw_if_index, nh_address)
3710 ipr_13 = VppIpPuntRedirect(self, self.pg1.sw_if_index,
3711 self.pg3.sw_if_index, nh_address)
3712 ipr_23 = VppIpPuntRedirect(self, self.pg2.sw_if_index,
3713 self.pg3.sw_if_index, "::")
3714 ipr_03.add_vpp_config()
3715 ipr_13.add_vpp_config()
3716 ipr_23.add_vpp_config()
3719 # Dump pg0 punt redirects
3721 self.assertTrue(ipr_03.query_vpp_config())
3722 self.assertTrue(ipr_13.query_vpp_config())
3723 self.assertTrue(ipr_23.query_vpp_config())
3726 # Dump punt redirects for all interfaces
3728 punts = self.vapi.ip_punt_redirect_dump(sw_if_index=0xffffffff,
3730 self.assertEqual(len(punts), 3)
3732 self.assertEqual(p.punt.tx_sw_if_index, self.pg3.sw_if_index)
3733 self.assertNotEqual(punts[1].punt.nh, self.pg3.remote_ip6)
3734 self.assertEqual(str(punts[2].punt.nh), '::')
3737 if __name__ == '__main__':
3738 unittest.main(testRunner=VppTestRunner)