4 # Copyright 2019-2020 Rubicon Communications, LLC (Netgate)
6 # SPDX-License-Identifier: Apache-2.0
12 from socket import inet_pton, inet_ntop
14 from vpp_object import VppObject
15 from vpp_papi import VppEnum
17 from scapy.packet import raw
18 from scapy.layers.l2 import Ether, ARP
19 from scapy.layers.inet import IP, ICMP, icmptypes
20 from scapy.layers.inet6 import IPv6, ipv6nh, IPv6ExtHdrHopByHop, \
21 ICMPv6MLReport2, ICMPv6ND_NA, ICMPv6ND_NS, ICMPv6NDOptDstLLAddr, \
22 ICMPv6NDOptSrcLLAddr, ICMPv6EchoRequest, ICMPv6EchoReply
23 from scapy.contrib.igmpv3 import IGMPv3, IGMPv3mr, IGMPv3gr
24 from scapy.layers.vrrp import IPPROTO_VRRP, VRRPv3
25 from scapy.utils6 import in6_getnsma, in6_getnsmac
26 from config import config
27 from framework import VppTestCase, VppTestRunner
28 from util import ip6_normalize
30 VRRP_VR_FLAG_PREEMPT = 1
31 VRRP_VR_FLAG_ACCEPT = 2
32 VRRP_VR_FLAG_UNICAST = 4
35 VRRP_VR_STATE_INIT = 0
36 VRRP_VR_STATE_BACKUP = 1
37 VRRP_VR_STATE_MASTER = 2
38 VRRP_VR_STATE_INTF_DOWN = 3
42 """ Want to filter out advertisements, igmp, etc"""
50 """ Filter out everything but advertisements. E.g. multicast RD/ND """
51 if p.haslayer(VRRPv3):
57 def is_not_echo_reply(p):
58 """ filter out advertisements and other while waiting for echo reply """
59 if p.haslayer(IP) and p.haslayer(ICMP):
60 if icmptypes[p[ICMP].type] == "echo-reply":
62 elif p.haslayer(IPv6) and p.haslayer(ICMPv6EchoReply):
68 class VppVRRPVirtualRouter(VppObject):
76 flags=VRRP_VR_FLAG_PREEMPT,
80 self._sw_if_index = self._intf.sw_if_index
85 if (flags & VRRP_VR_FLAG_IPV6):
87 self._adv_dest_mac = "33:33:00:00:00:12"
88 self._virtual_mac = "00:00:5e:00:02:%02x" % vr_id
89 self._adv_dest_ip = "ff02::12"
90 self._vips = ([intf.local_ip6] if vips is None else vips)
93 self._adv_dest_mac = "01:00:5e:00:00:12"
94 self._virtual_mac = "00:00:5e:00:01:%02x" % vr_id
95 self._adv_dest_ip = "224.0.0.18"
96 self._vips = ([intf.local_ip4] if vips is None else vips)
97 self._tracked_ifs = []
99 def add_vpp_config(self):
100 self._test.vapi.vrrp_vr_add_del(is_add=1,
101 sw_if_index=self._intf.sw_if_index,
104 interval=self._intvl,
106 n_addrs=len(self._vips),
109 def query_vpp_config(self):
110 vrs = self._test.vapi.vrrp_vr_dump(sw_if_index=self._intf.sw_if_index)
112 if vr.config.vr_id != self._vr_id:
115 is_ipv6 = (1 if (vr.config.flags & VRRP_VR_FLAG_IPV6) else 0)
116 if is_ipv6 != self._is_ipv6:
123 def remove_vpp_config(self):
124 self._test.vapi.vrrp_vr_add_del(is_add=0,
125 sw_if_index=self._intf.sw_if_index,
128 interval=self._intvl,
130 n_addrs=len(self._vips),
133 def start_stop(self, is_start):
134 self._test.vapi.vrrp_vr_start_stop(is_start=is_start,
135 sw_if_index=self._intf.sw_if_index,
137 is_ipv6=self._is_ipv6)
138 self._start_time = (time.time() if is_start else None)
140 def add_del_tracked_interface(self, is_add, sw_if_index, prio):
142 'sw_if_index': self._intf.sw_if_index,
143 'is_ipv6': self._is_ipv6,
144 'vr_id': self._vr_id,
147 'ifs': [{'sw_if_index': sw_if_index, 'priority': prio}]
149 self._test.vapi.vrrp_vr_track_if_add_del(**args)
150 self._tracked_ifs.append(args['ifs'][0])
152 def set_unicast_peers(self, addrs):
154 'sw_if_index': self._intf.sw_if_index,
155 'is_ipv6': self._is_ipv6,
156 'vr_id': self._vr_id,
157 'n_addrs': len(addrs),
160 self._test.vapi.vrrp_vr_set_peers(**args)
161 self._unicast_peers = addrs
163 def start_time(self):
164 return self._start_time
166 def virtual_mac(self):
167 return self._virtual_mac
169 def virtual_ips(self):
172 def adv_dest_mac(self):
173 return self._adv_dest_mac
175 def adv_dest_ip(self):
176 return self._adv_dest_ip
184 def adv_interval(self):
190 def assert_state_equals(self, state):
191 vr_details = self.query_vpp_config()
192 self._test.assertEqual(vr_details.runtime.state, state)
194 def master_down_seconds(self):
195 vr_details = self.query_vpp_config()
196 return (vr_details.runtime.master_down_int * 0.01)
198 def vrrp_adv_packet(self, prio=None, src_ip=None):
199 dst_ip = self._adv_dest_ip
202 eth = Ether(dst=self._adv_dest_mac, src=self._virtual_mac)
203 vrrp = VRRPv3(vrid=self._vr_id, priority=prio,
204 ipcount=len(self._vips), adv=self._intvl)
206 src_ip = (self._intf.local_ip6_ll if src_ip is None else src_ip)
207 ip = IPv6(src=src_ip, dst=dst_ip, nh=IPPROTO_VRRP, hlim=255)
208 vrrp.addrlist = self._vips
210 src_ip = (self._intf.local_ip4 if src_ip is None else src_ip)
211 ip = IP(src=src_ip, dst=dst_ip, proto=IPPROTO_VRRP, ttl=255, id=0)
212 vrrp.addrlist = self._vips
214 # Fill in default values & checksums
215 pkt = Ether(raw(eth / ip / vrrp))
219 @unittest.skipUnless(config.extended, "part of extended tests")
220 class TestVRRP4(VppTestCase):
221 """ IPv4 VRRP Test Case """
225 super(TestVRRP4, cls).setUpClass()
228 def tearDownClass(cls):
229 super(TestVRRP4, cls).tearDownClass()
232 super(TestVRRP4, self).setUp()
234 self.create_pg_interfaces(range(2))
236 for i in self.pg_interfaces:
239 i.generate_remote_hosts(5)
240 i.configure_ipv4_neighbors()
243 self._default_flags = VRRP_VR_FLAG_PREEMPT
244 self._default_adv = 100
249 vr_api = vr.query_vpp_config()
250 if vr_api.runtime.state != VRRP_VR_STATE_INIT:
251 vr.start_stop(is_start=0)
252 vr.remove_vpp_config()
254 self.logger.error("Error cleaning up")
256 for i in self.pg_interfaces:
263 super(TestVRRP4, self).tearDown()
265 def verify_vrrp4_igmp(self, pkt):
267 self.assertEqual(ip.dst, "224.0.0.22")
268 self.assertEqual(ip.proto, 2)
271 self.assertEqual(IGMPv3.igmpv3types[igmp.type],
272 "Version 3 Membership Report")
274 igmpmr = pkt[IGMPv3mr]
275 self.assertEqual(igmpmr.numgrp, 1)
276 self.assertEqual(igmpmr.records[0].maddr, "224.0.0.18")
278 def verify_vrrp4_garp(self, pkt, vip, vmac):
281 # ARP "who-has" op == 1
282 self.assertEqual(arp.op, 1)
283 self.assertEqual(arp.pdst, arp.psrc)
284 self.assertEqual(arp.pdst, vip)
285 self.assertEqual(arp.hwsrc, vmac)
287 def verify_vrrp4_adv(self, rx_pkt, vr, prio=None):
288 vips = vr.virtual_ips()
291 vrrp = rx_pkt[VRRPv3]
293 pkt = vr.vrrp_adv_packet(prio=prio)
295 # Source MAC is virtual MAC, destination is multicast MAC
296 self.assertEqual(eth.src, vr.virtual_mac())
297 self.assertEqual(eth.dst, vr.adv_dest_mac())
299 self.assertEqual(ip.dst, "224.0.0.18")
300 self.assertEqual(ip.ttl, 255)
301 self.assertEqual(ip.proto, IPPROTO_VRRP)
303 self.assertEqual(vrrp.version, 3)
304 self.assertEqual(vrrp.type, 1)
305 self.assertEqual(vrrp.vrid, vr.vr_id())
308 self.assertEqual(vrrp.priority, prio)
309 self.assertEqual(vrrp.ipcount, len(vips))
310 self.assertEqual(vrrp.adv, vr.adv_interval())
311 self.assertListEqual(vrrp.addrlist, vips)
313 # VR with priority 255 owns the virtual address and should
314 # become master and start advertising immediately.
315 def test_vrrp4_master_adv(self):
316 """ IPv4 Master VR advertises """
317 self.pg_enable_capture(self.pg_interfaces)
321 intvl = self._default_adv
322 vr = VppVRRPVirtualRouter(self, self.pg0, 100,
323 prio=prio, intvl=intvl,
324 flags=self._default_flags)
327 vr.start_stop(is_start=1)
328 self.logger.info(self.vapi.cli("show vrrp vr"))
329 vr.start_stop(is_start=0)
330 self.logger.info(self.vapi.cli("show vrrp vr"))
332 pkts = self.pg0.get_capture(4)
334 # Init -> Master: IGMP Join, VRRP adv, gratuitous ARP are sent
335 self.verify_vrrp4_igmp(pkts[0])
336 self.verify_vrrp4_adv(pkts[1], vr, prio=prio)
337 self.verify_vrrp4_garp(pkts[2], vr.virtual_ips()[0], vr.virtual_mac())
338 # Master -> Init: Adv with priority 0 sent to force an election
339 self.verify_vrrp4_adv(pkts[3], vr, prio=0)
341 vr.remove_vpp_config()
344 # VR with priority < 255 enters backup state and does not advertise as
345 # long as it receives higher priority advertisements
346 def test_vrrp4_backup_noadv(self):
347 """ IPv4 Backup VR does not advertise """
348 self.pg_enable_capture(self.pg_interfaces)
353 intvl = self._default_adv
354 intvl_s = intvl * 0.01
355 vr = VppVRRPVirtualRouter(self, self.pg0, vr_id,
356 prio=prio, intvl=intvl,
357 flags=self._default_flags,
358 vips=[self.pg0.remote_ip4])
362 vr.start_stop(is_start=1)
364 vr.assert_state_equals(VRRP_VR_STATE_BACKUP)
365 # watch for advertisements for 2x the master down preemption timeout
366 end_time = vr.start_time() + 2 * vr.master_down_seconds()
368 # Init -> Backup: An IGMP join should be sent
369 pkts = self.pg0.get_capture(1)
370 self.verify_vrrp4_igmp(pkts[0])
372 # send higher prio advertisements, should not receive any
373 src_ip = self.pg0.remote_ip4
374 pkts = [vr.vrrp_adv_packet(prio=prio+10, src_ip=src_ip)]
375 while time.time() < end_time:
376 self.send_and_assert_no_replies(self.pg0, pkts, timeout=intvl_s)
377 self.logger.info(self.vapi.cli("show trace"))
379 vr.start_stop(is_start=0)
380 self.logger.info(self.vapi.cli("show vrrp vr"))
381 vr.remove_vpp_config()
384 def test_vrrp4_master_arp(self):
385 """ IPv4 Master VR replies to ARP """
388 # VR virtual IP is the default, which is the pg local IP
391 intvl = self._default_adv
392 vr = VppVRRPVirtualRouter(self, self.pg0, 100,
393 prio=prio, intvl=intvl,
394 flags=self._default_flags)
399 # before the VR is up, ARP should resolve to interface MAC
400 self.pg0.resolve_arp()
401 self.assertNotEqual(self.pg0.local_mac, vr.virtual_mac())
403 # start the VR, ARP should now resolve to virtual MAC
404 vr.start_stop(is_start=1)
405 self.pg0.resolve_arp()
406 self.assertEqual(self.pg0.local_mac, vr.virtual_mac())
408 # stop the VR, ARP should resolve to interface MAC again
409 vr.start_stop(is_start=0)
410 self.pg0.resolve_arp()
411 self.assertNotEqual(self.pg0.local_mac, vr.virtual_mac())
413 vr.remove_vpp_config()
416 def test_vrrp4_backup_noarp(self):
417 """ IPv4 Backup VR ignores ARP """
418 # We need an address for a virtual IP that is not the IP that
419 # ARP requests will originate from
423 intvl = self._default_adv
424 vip = self.pg0.remote_hosts[1].ip4
425 vr = VppVRRPVirtualRouter(self, self.pg0, vr_id,
426 prio=prio, intvl=intvl,
427 flags=self._default_flags,
432 arp_req = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
433 ARP(op=ARP.who_has, pdst=vip,
434 psrc=self.pg0.remote_ip4, hwsrc=self.pg0.remote_mac))
436 # Before the VR is started make sure no reply to request for VIP
438 self.pg_enable_capture(self.pg_interfaces)
439 self.send_and_assert_no_replies(self.pg0, [arp_req], timeout=1)
441 # VR should start in backup state and still should not reply to ARP
442 # send a higher priority adv to make sure it does not become master
443 adv = vr.vrrp_adv_packet(prio=prio+10, src_ip=self.pg0.remote_ip4)
444 vr.start_stop(is_start=1)
445 self.send_and_assert_no_replies(self.pg0, [adv, arp_req], timeout=1)
447 vr.start_stop(is_start=0)
448 vr.remove_vpp_config()
451 def test_vrrp4_election(self):
452 """ IPv4 Backup VR becomes master if no advertisements received """
456 intvl = self._default_adv
457 intvl_s = intvl * 0.01
458 vip = self.pg0.remote_ip4
459 vr = VppVRRPVirtualRouter(self, self.pg0, vr_id,
460 prio=prio, intvl=intvl,
461 flags=self._default_flags,
466 # After adding the VR, it should be in the init state
467 vr.assert_state_equals(VRRP_VR_STATE_INIT)
470 vr.start_stop(is_start=1)
472 # VR should be in backup state after starting
473 vr.assert_state_equals(VRRP_VR_STATE_BACKUP)
474 end_time = vr.start_time() + vr.master_down_seconds()
476 # should not receive adverts until timer expires & state transition
477 self.pg_enable_capture(self.pg_interfaces)
478 while (time.time() + intvl_s) < end_time:
480 self.pg0.assert_nothing_captured(filter_out_fn=is_not_adv)
482 # VR should be in master state, should send an adv
483 self.pg0.enable_capture()
484 self.pg0.wait_for_packet(intvl_s, is_not_adv)
485 vr.assert_state_equals(VRRP_VR_STATE_MASTER)
487 def test_vrrp4_backup_preempts(self):
488 """ IPv4 Backup VR preempts lower priority master """
492 intvl = self._default_adv
493 intvl_s = intvl * 0.01
494 vip = self.pg0.remote_ip4
495 vr = VppVRRPVirtualRouter(self, self.pg0, vr_id,
496 prio=prio, intvl=intvl,
497 flags=self._default_flags,
502 # After adding the VR, it should be in the init state
503 vr.assert_state_equals(VRRP_VR_STATE_INIT)
506 vr.start_stop(is_start=1)
508 # VR should be in backup state after starting
509 vr.assert_state_equals(VRRP_VR_STATE_BACKUP)
510 end_time = vr.start_time() + vr.master_down_seconds()
512 # send lower prio advertisements until timer expires
513 src_ip = self.pg0.remote_ip4
514 pkts = [vr.vrrp_adv_packet(prio=prio-10, src_ip=src_ip)]
515 while time.time() + intvl_s < end_time:
516 self.send_and_assert_no_replies(self.pg0, pkts, timeout=intvl_s)
517 self.logger.info(self.vapi.cli("show trace"))
519 # when timer expires, VR should take over as master
520 self.pg0.enable_capture()
521 self.pg0.wait_for_packet(timeout=intvl_s, filter_out_fn=is_not_adv)
522 vr.assert_state_equals(VRRP_VR_STATE_MASTER)
524 def test_vrrp4_master_preempted(self):
525 """ IPv4 Master VR preempted by higher priority backup """
527 # A prio 255 VR cannot be preempted so the prio has to be lower and
528 # we have to wait for it to take over
531 intvl = self._default_adv
532 vip = self.pg0.remote_ip4
533 vr = VppVRRPVirtualRouter(self, self.pg0, vr_id,
534 prio=prio, intvl=intvl,
535 flags=self._default_flags,
540 # After adding the VR, it should be in the init state
541 vr.assert_state_equals(VRRP_VR_STATE_INIT)
544 vr.start_stop(is_start=1)
545 vr.assert_state_equals(VRRP_VR_STATE_BACKUP)
547 # wait for VR to take over as master
548 end_time = vr.start_time() + vr.master_down_seconds()
549 sleep_s = end_time - time.time()
551 vr.assert_state_equals(VRRP_VR_STATE_MASTER)
553 # Build advertisement packet and send it
554 pkts = [vr.vrrp_adv_packet(prio=255, src_ip=self.pg0.remote_ip4)]
555 self.pg_send(self.pg0, pkts)
557 # VR should be in backup state again
558 vr.assert_state_equals(VRRP_VR_STATE_BACKUP)
560 def test_vrrp4_accept_mode_disabled(self):
561 """ IPv4 Master VR does not reply for VIP w/ accept mode off """
563 # accept mode only matters when prio < 255, so it will have to
564 # come up as a backup and take over as master after the timeout
567 intvl = self._default_adv
568 vip = self.pg0.remote_hosts[4].ip4
569 vr = VppVRRPVirtualRouter(self, self.pg0, vr_id,
570 prio=prio, intvl=intvl,
571 flags=self._default_flags,
576 # After adding the VR, it should be in the init state
577 vr.assert_state_equals(VRRP_VR_STATE_INIT)
580 vr.start_stop(is_start=1)
581 vr.assert_state_equals(VRRP_VR_STATE_BACKUP)
583 # wait for VR to take over as master
584 end_time = vr.start_time() + vr.master_down_seconds()
585 sleep_s = end_time - time.time()
587 vr.assert_state_equals(VRRP_VR_STATE_MASTER)
589 # send an ICMP echo to the VR virtual IP address
590 echo = (Ether(dst=vr.virtual_mac(), src=self.pg0.remote_mac) /
591 IP(dst=vip, src=self.pg0.remote_ip4) /
592 ICMP(seq=1, id=self.pg0.sw_if_index, type='echo-request'))
593 self.pg_send(self.pg0, [echo])
595 # wait for an echo reply. none should be received
597 self.pg0.assert_nothing_captured(filter_out_fn=is_not_echo_reply)
599 def test_vrrp4_accept_mode_enabled(self):
600 """ IPv4 Master VR replies for VIP w/ accept mode on """
602 # A prio 255 VR cannot be preempted so the prio has to be lower and
603 # we have to wait for it to take over
606 intvl = self._default_adv
607 vip = self.pg0.remote_hosts[4].ip4
608 flags = (VRRP_VR_FLAG_PREEMPT | VRRP_VR_FLAG_ACCEPT)
609 vr = VppVRRPVirtualRouter(self, self.pg0, vr_id,
610 prio=prio, intvl=intvl,
616 # After adding the VR, it should be in the init state
617 vr.assert_state_equals(VRRP_VR_STATE_INIT)
620 vr.start_stop(is_start=1)
621 vr.assert_state_equals(VRRP_VR_STATE_BACKUP)
623 # wait for VR to take over as master
624 end_time = vr.start_time() + vr.master_down_seconds()
625 sleep_s = end_time - time.time()
627 vr.assert_state_equals(VRRP_VR_STATE_MASTER)
629 # send an ICMP echo to the VR virtual IP address
630 echo = (Ether(dst=vr.virtual_mac(), src=self.pg0.remote_mac) /
631 IP(dst=vip, src=self.pg0.remote_ip4) /
632 ICMP(seq=1, id=self.pg0.sw_if_index, type='echo-request'))
633 self.pg_send(self.pg0, [echo])
635 # wait for an echo reply.
637 rx_pkts = self.pg0.get_capture(expected_count=1, timeout=1,
638 filter_out_fn=is_not_echo_reply)
640 self.assertEqual(rx_pkts[0][IP].src, vip)
641 self.assertEqual(rx_pkts[0][IP].dst, self.pg0.remote_ip4)
642 self.assertEqual(icmptypes[rx_pkts[0][ICMP].type], "echo-reply")
643 self.assertEqual(rx_pkts[0][ICMP].seq, 1)
644 self.assertEqual(rx_pkts[0][ICMP].id, self.pg0.sw_if_index)
646 def test_vrrp4_intf_tracking(self):
647 """ IPv4 Master VR adjusts priority based on tracked interface """
651 intvl = self._default_adv
652 intvl_s = intvl * 0.01
653 vip = self.pg0.local_ip4
654 vr = VppVRRPVirtualRouter(self, self.pg0, vr_id,
655 prio=prio, intvl=intvl,
656 flags=self._default_flags,
661 # After adding the VR, it should be in the init state
662 vr.assert_state_equals(VRRP_VR_STATE_INIT)
664 # add pg1 as a tracked interface and start the VR
666 adjusted_prio = prio - adjustment
667 vr.add_del_tracked_interface(is_add=1,
668 sw_if_index=self.pg1.sw_if_index,
670 vr.start_stop(is_start=1)
671 vr.assert_state_equals(VRRP_VR_STATE_MASTER)
673 adv_configured = vr.vrrp_adv_packet(prio=prio)
674 adv_adjusted = vr.vrrp_adv_packet(prio=adjusted_prio)
676 # tracked intf is up -> advertised priority == configured priority
677 self.pg0.enable_capture()
678 rx = self.pg0.wait_for_packet(timeout=intvl_s,
679 filter_out_fn=is_not_adv)
680 self.assertEqual(rx, adv_configured)
682 # take down pg1, verify priority is now being adjusted
683 self.pg1.admin_down()
684 self.pg0.enable_capture()
685 rx = self.pg0.wait_for_packet(timeout=intvl_s,
686 filter_out_fn=is_not_adv)
687 self.assertEqual(rx, adv_adjusted)
689 # bring up pg1, verify priority now matches configured value
691 self.pg0.enable_capture()
692 rx = self.pg0.wait_for_packet(timeout=intvl_s,
693 filter_out_fn=is_not_adv)
694 self.assertEqual(rx, adv_configured)
696 # remove IP address from pg1, verify priority now being adjusted
697 self.pg1.unconfig_ip4()
698 self.pg0.enable_capture()
699 rx = self.pg0.wait_for_packet(timeout=intvl_s,
700 filter_out_fn=is_not_adv)
701 self.assertEqual(rx, adv_adjusted)
703 # add IP address to pg1, verify priority now matches configured value
704 self.pg1.config_ip4()
705 self.pg0.enable_capture()
706 rx = self.pg0.wait_for_packet(timeout=intvl_s,
707 filter_out_fn=is_not_adv)
708 self.assertEqual(rx, adv_configured)
710 def test_vrrp4_master_adv_unicast(self):
711 """ IPv4 Master VR advertises (unicast) """
715 intvl = self._default_adv
716 intvl_s = intvl * 0.01
717 vip = self.pg0.local_ip4
718 flags = (self._default_flags | VRRP_VR_FLAG_UNICAST)
719 unicast_peer = self.pg0.remote_hosts[4]
720 vr = VppVRRPVirtualRouter(self, self.pg0, vr_id,
721 prio=prio, intvl=intvl,
726 vr.set_unicast_peers([unicast_peer.ip4])
728 # After adding the VR, it should be in the init state
729 vr.assert_state_equals(VRRP_VR_STATE_INIT)
731 # Start VR, transition to master
732 vr.start_stop(is_start=1)
733 vr.assert_state_equals(VRRP_VR_STATE_MASTER)
735 self.pg0.enable_capture()
736 rx = self.pg0.wait_for_packet(timeout=intvl_s,
737 filter_out_fn=is_not_adv)
739 self.assertTrue(rx.haslayer(Ether))
740 self.assertTrue(rx.haslayer(IP))
741 self.assertTrue(rx.haslayer(VRRPv3))
742 self.assertEqual(rx[Ether].src, self.pg0.local_mac)
743 self.assertEqual(rx[Ether].dst, unicast_peer.mac)
744 self.assertEqual(rx[IP].src, self.pg0.local_ip4)
745 self.assertEqual(rx[IP].dst, unicast_peer.ip4)
746 self.assertEqual(rx[VRRPv3].vrid, vr_id)
747 self.assertEqual(rx[VRRPv3].priority, prio)
748 self.assertEqual(rx[VRRPv3].ipcount, 1)
749 self.assertEqual(rx[VRRPv3].addrlist, [vip])
752 @unittest.skipUnless(config.extended, "part of extended tests")
753 class TestVRRP6(VppTestCase):
754 """ IPv6 VRRP Test Case """
758 super(TestVRRP6, cls).setUpClass()
761 def tearDownClass(cls):
762 super(TestVRRP6, cls).tearDownClass()
765 super(TestVRRP6, self).setUp()
767 self.create_pg_interfaces(range(2))
769 for i in self.pg_interfaces:
772 i.generate_remote_hosts(5)
773 i.configure_ipv6_neighbors()
776 self._default_flags = (VRRP_VR_FLAG_IPV6 | VRRP_VR_FLAG_PREEMPT)
777 self._default_adv = 100
782 vr_api = vr.query_vpp_config()
783 if vr_api.runtime.state != VRRP_VR_STATE_INIT:
784 vr.start_stop(is_start=0)
785 vr.remove_vpp_config()
787 self.logger.error("Error cleaning up")
789 for i in self.pg_interfaces:
796 super(TestVRRP6, self).tearDown()
798 def verify_vrrp6_mlr(self, pkt, vr):
800 self.assertEqual(ip6.dst, "ff02::16")
801 self.assertEqual(ipv6nh[ip6.nh], "Hop-by-Hop Option Header")
803 hbh = pkt[IPv6ExtHdrHopByHop]
804 self.assertEqual(ipv6nh[hbh.nh], "ICMPv6")
806 self.assertTrue(pkt.haslayer(ICMPv6MLReport2))
807 mlr = pkt[ICMPv6MLReport2]
808 # should contain mc addr records for:
809 # - VRRPv3 multicast addr
810 # - solicited node mc addr record for each VR virtual IPv6 address
811 vips = vr.virtual_ips()
812 self.assertEqual(mlr.records_number, len(vips) + 1)
813 self.assertEqual(mlr.records[0].dst, vr.adv_dest_ip())
815 def verify_vrrp6_adv(self, rx_pkt, vr, prio=None):
816 self.assertTrue(rx_pkt.haslayer(Ether))
817 self.assertTrue(rx_pkt.haslayer(IPv6))
818 self.assertTrue(rx_pkt.haslayer(VRRPv3))
820 # generate a packet for this VR and compare it to the one received
821 pkt = vr.vrrp_adv_packet(prio=prio)
822 self.assertTrue(rx_pkt.haslayer(Ether))
823 self.assertTrue(rx_pkt.haslayer(IPv6))
824 self.assertTrue(rx_pkt.haslayer(VRRPv3))
826 self.assertEqual(pkt, rx_pkt)
828 def verify_vrrp6_gna(self, pkt, vr):
829 self.assertTrue(pkt.haslayer(Ether))
830 self.assertTrue(pkt.haslayer(IPv6))
831 self.assertTrue(pkt.haslayer(ICMPv6ND_NA))
832 self.assertTrue(pkt.haslayer(ICMPv6NDOptDstLLAddr))
834 self.assertEqual(pkt[Ether].dst, "33:33:00:00:00:01")
836 self.assertEqual(pkt[IPv6].dst, "ff02::1")
837 # convert addrs to packed format since string versions could differ
838 src_addr = inet_pton(socket.AF_INET6, pkt[IPv6].src)
839 vr_ll_addr = inet_pton(socket.AF_INET6, vr.interface().local_ip6_ll)
840 self.assertEqual(src_addr, vr_ll_addr)
842 self.assertTrue(pkt[ICMPv6ND_NA].tgt in vr.virtual_ips())
843 self.assertEqual(pkt[ICMPv6NDOptDstLLAddr].lladdr, vr.virtual_mac())
845 # VR with priority 255 owns the virtual address and should
846 # become master and start advertising immediately.
847 def test_vrrp6_master_adv(self):
848 """ IPv6 Master VR advertises """
849 self.pg_enable_capture(self.pg_interfaces)
853 intvl = self._default_adv
854 vr = VppVRRPVirtualRouter(self, self.pg0, 100,
855 prio=prio, intvl=intvl,
856 flags=self._default_flags)
860 self.logger.info(self.vapi.cli("show vrrp vr"))
861 vr.start_stop(is_start=1)
862 self.logger.info(self.vapi.cli("show vrrp vr"))
863 vr.start_stop(is_start=0)
864 self.logger.info(self.vapi.cli("show vrrp vr"))
866 pkts = self.pg0.get_capture(4, filter_out_fn=None)
868 # Init -> Master: Multicast group Join, VRRP adv, gratuitous NAs sent
869 self.verify_vrrp6_mlr(pkts[0], vr)
870 self.verify_vrrp6_adv(pkts[1], vr, prio=prio)
871 self.verify_vrrp6_gna(pkts[2], vr)
872 # Master -> Init: Adv with priority 0 sent to force an election
873 self.verify_vrrp6_adv(pkts[3], vr, prio=0)
875 vr.remove_vpp_config()
878 # VR with priority < 255 enters backup state and does not advertise as
879 # long as it receives higher priority advertisements
880 def test_vrrp6_backup_noadv(self):
881 """ IPv6 Backup VR does not advertise """
882 self.pg_enable_capture(self.pg_interfaces)
887 intvl = self._default_adv
888 intvl_s = intvl * 0.01
889 vr = VppVRRPVirtualRouter(self, self.pg0, vr_id,
890 prio=prio, intvl=intvl,
891 flags=self._default_flags,
892 vips=[self.pg0.remote_ip6])
896 vr.start_stop(is_start=1)
898 vr.assert_state_equals(VRRP_VR_STATE_BACKUP)
899 # watch for advertisements for 2x the master down preemption timeout
900 end_time = vr.start_time() + 2 * vr.master_down_seconds()
902 # Init -> Backup: A multicast listener report should be sent
903 pkts = self.pg0.get_capture(1, filter_out_fn=None)
905 # send higher prio advertisements, should not see VPP send any
906 src_ip = self.pg0.remote_ip6_ll
908 pkts = [vr.vrrp_adv_packet(prio=prio+10, src_ip=src_ip)]
909 self.logger.info(self.vapi.cli("show vlib graph"))
910 while time.time() < end_time:
911 self.send_and_assert_no_replies(self.pg0, pkts, timeout=intvl_s)
912 self.logger.info(self.vapi.cli("show trace"))
915 vr.start_stop(is_start=0)
916 self.logger.info(self.vapi.cli("show vrrp vr"))
917 vr.remove_vpp_config()
920 def test_vrrp6_master_nd(self):
921 """ IPv6 Master VR replies to NDP """
924 # VR virtual IP is the default, which is the pg local IP
927 intvl = self._default_adv
928 vr = VppVRRPVirtualRouter(self, self.pg0, 100,
929 prio=prio, intvl=intvl,
930 flags=self._default_flags)
934 # before the VR is up, NDP should resolve to interface MAC
935 self.pg0.resolve_ndp()
936 self.assertNotEqual(self.pg0.local_mac, vr.virtual_mac())
938 # start the VR, NDP should now resolve to virtual MAC
939 vr.start_stop(is_start=1)
940 self.pg0.resolve_ndp()
941 self.assertEqual(self.pg0.local_mac, vr.virtual_mac())
943 # stop the VR, ARP should resolve to interface MAC again
944 vr.start_stop(is_start=0)
945 self.pg0.resolve_ndp()
946 self.assertNotEqual(self.pg0.local_mac, vr.virtual_mac())
948 vr.remove_vpp_config()
951 def test_vrrp6_backup_nond(self):
952 """ IPv6 Backup VR ignores NDP """
953 # We need an address for a virtual IP that is not the IP that
954 # ARP requests will originate from
958 intvl = self._default_adv
959 intvl_s = intvl * 0.01
960 vip = self.pg0.remote_hosts[1].ip6
961 vr = VppVRRPVirtualRouter(self, self.pg0, vr_id,
962 prio=prio, intvl=intvl,
963 flags=self._default_flags,
968 nsma = in6_getnsma(inet_pton(socket.AF_INET6, vip))
969 dmac = in6_getnsmac(nsma)
970 dst_ip = inet_ntop(socket.AF_INET6, nsma)
972 ndp_req = (Ether(dst=dmac, src=self.pg0.remote_mac) /
973 IPv6(dst=dst_ip, src=self.pg0.remote_ip6) /
974 ICMPv6ND_NS(tgt=vip) /
975 ICMPv6NDOptSrcLLAddr(lladdr=self.pg0.remote_mac))
977 # Before the VR is started make sure no reply to request for VIP
978 self.send_and_assert_no_replies(self.pg0, [ndp_req], timeout=1)
980 # VR should start in backup state and still should not reply to NDP
981 # send a higher priority adv to make sure it does not become master
982 adv = vr.vrrp_adv_packet(prio=prio+10, src_ip=self.pg0.remote_ip6)
983 pkts = [adv, ndp_req]
984 vr.start_stop(is_start=1)
985 self.send_and_assert_no_replies(self.pg0, pkts, timeout=intvl_s)
987 vr.start_stop(is_start=0)
989 def test_vrrp6_election(self):
990 """ IPv6 Backup VR becomes master if no advertisements received """
994 intvl = self._default_adv
995 intvl_s = intvl * 0.01
996 vip = self.pg0.remote_ip6
997 vr = VppVRRPVirtualRouter(self, self.pg0, vr_id,
998 prio=prio, intvl=intvl,
999 flags=self._default_flags,
1001 self._vrs.append(vr)
1004 # After adding the VR, it should be in the init state
1005 vr.assert_state_equals(VRRP_VR_STATE_INIT)
1008 vr.start_stop(is_start=1)
1010 # VR should be in backup state after starting
1011 vr.assert_state_equals(VRRP_VR_STATE_BACKUP)
1012 end_time = vr.start_time() + vr.master_down_seconds()
1014 # no advertisements should arrive until timer expires
1015 self.pg0.enable_capture()
1016 while (time.time() + intvl_s) < end_time:
1018 self.pg0.assert_nothing_captured(filter_out_fn=is_not_adv)
1020 # VR should be in master state after timer expires
1021 self.pg0.enable_capture()
1022 self.pg0.wait_for_packet(intvl_s, is_not_adv)
1023 vr.assert_state_equals(VRRP_VR_STATE_MASTER)
1025 def test_vrrp6_backup_preempts(self):
1026 """ IPv6 Backup VR preempts lower priority master """
1030 intvl = self._default_adv
1031 intvl_s = intvl * 0.01
1032 vip = self.pg0.remote_ip6
1033 vr = VppVRRPVirtualRouter(self, self.pg0, vr_id,
1034 prio=prio, intvl=intvl,
1035 flags=self._default_flags,
1037 self._vrs.append(vr)
1040 # After adding the VR, it should be in the init state
1041 vr.assert_state_equals(VRRP_VR_STATE_INIT)
1044 vr.start_stop(is_start=1)
1046 # VR should be in backup state after starting
1047 vr.assert_state_equals(VRRP_VR_STATE_BACKUP)
1048 end_time = vr.start_time() + vr.master_down_seconds()
1050 # send lower prio advertisements until timer expires
1051 src_ip = self.pg0.remote_ip6
1052 pkts = [vr.vrrp_adv_packet(prio=prio-10, src_ip=src_ip)]
1053 while (time.time() + intvl_s) < end_time:
1054 self.send_and_assert_no_replies(self.pg0, pkts, timeout=intvl_s)
1055 self.logger.info(self.vapi.cli("show trace"))
1057 # when timer expires, VR should take over as master
1058 self.pg0.enable_capture()
1059 self.pg0.wait_for_packet(timeout=intvl_s, filter_out_fn=is_not_adv)
1060 vr.assert_state_equals(VRRP_VR_STATE_MASTER)
1062 def test_vrrp6_master_preempted(self):
1063 """ IPv6 Master VR preempted by higher priority backup """
1065 # A prio 255 VR cannot be preempted so the prio has to be lower and
1066 # we have to wait for it to take over
1069 intvl = self._default_adv
1070 vip = self.pg0.remote_ip6
1071 vr = VppVRRPVirtualRouter(self, self.pg0, vr_id,
1072 prio=prio, intvl=intvl,
1073 flags=self._default_flags,
1075 self._vrs.append(vr)
1078 # After adding the VR, it should be in the init state
1079 vr.assert_state_equals(VRRP_VR_STATE_INIT)
1082 vr.start_stop(is_start=1)
1083 vr.assert_state_equals(VRRP_VR_STATE_BACKUP)
1085 # wait for VR to take over as master
1086 end_time = vr.start_time() + vr.master_down_seconds()
1087 sleep_s = end_time - time.time()
1089 vr.assert_state_equals(VRRP_VR_STATE_MASTER)
1091 # Build advertisement packet and send it
1092 pkts = [vr.vrrp_adv_packet(prio=255, src_ip=self.pg0.remote_ip6)]
1093 self.pg_send(self.pg0, pkts)
1095 # VR should be in backup state again
1096 vr.assert_state_equals(VRRP_VR_STATE_BACKUP)
1098 def test_vrrp6_accept_mode_disabled(self):
1099 """ IPv6 Master VR does not reply for VIP w/ accept mode off """
1101 # accept mode only matters when prio < 255, so it will have to
1102 # come up as a backup and take over as master after the timeout
1105 intvl = self._default_adv
1106 vip = self.pg0.remote_hosts[4].ip6
1107 vr = VppVRRPVirtualRouter(self, self.pg0, vr_id,
1108 prio=prio, intvl=intvl,
1109 flags=self._default_flags,
1111 self._vrs.append(vr)
1114 # After adding the VR, it should be in the init state
1115 vr.assert_state_equals(VRRP_VR_STATE_INIT)
1118 vr.start_stop(is_start=1)
1119 vr.assert_state_equals(VRRP_VR_STATE_BACKUP)
1121 # wait for VR to take over as master
1122 end_time = vr.start_time() + vr.master_down_seconds()
1123 sleep_s = end_time - time.time()
1125 vr.assert_state_equals(VRRP_VR_STATE_MASTER)
1127 # send an ICMPv6 echo to the VR virtual IP address
1128 echo = (Ether(dst=vr.virtual_mac(), src=self.pg0.remote_mac) /
1129 IPv6(dst=vip, src=self.pg0.remote_ip6) /
1130 ICMPv6EchoRequest(seq=1, id=self.pg0.sw_if_index))
1131 self.pg_send(self.pg0, [echo])
1133 # wait for an echo reply. none should be received
1135 self.pg0.assert_nothing_captured(filter_out_fn=is_not_echo_reply)
1137 def test_vrrp6_accept_mode_enabled(self):
1138 """ IPv6 Master VR replies for VIP w/ accept mode on """
1140 # A prio 255 VR cannot be preempted so the prio has to be lower and
1141 # we have to wait for it to take over
1144 intvl = self._default_adv
1145 vip = self.pg0.remote_hosts[4].ip6
1146 flags = (self._default_flags | VRRP_VR_FLAG_ACCEPT)
1147 vr = VppVRRPVirtualRouter(self, self.pg0, vr_id,
1148 prio=prio, intvl=intvl,
1151 self._vrs.append(vr)
1154 # After adding the VR, it should be in the init state
1155 vr.assert_state_equals(VRRP_VR_STATE_INIT)
1158 vr.start_stop(is_start=1)
1159 vr.assert_state_equals(VRRP_VR_STATE_BACKUP)
1161 # wait for VR to take over as master
1162 end_time = vr.start_time() + vr.master_down_seconds()
1163 sleep_s = end_time - time.time()
1165 vr.assert_state_equals(VRRP_VR_STATE_MASTER)
1167 # send an ICMP echo to the VR virtual IP address
1168 echo = (Ether(dst=vr.virtual_mac(), src=self.pg0.remote_mac) /
1169 IPv6(dst=vip, src=self.pg0.remote_ip6) /
1170 ICMPv6EchoRequest(seq=1, id=self.pg0.sw_if_index))
1171 self.pg_send(self.pg0, [echo])
1173 # wait for an echo reply.
1175 rx_pkts = self.pg0.get_capture(expected_count=1, timeout=1,
1176 filter_out_fn=is_not_echo_reply)
1178 self.assertEqual(rx_pkts[0][IPv6].src, vip)
1179 self.assertEqual(rx_pkts[0][IPv6].dst, self.pg0.remote_ip6)
1180 self.assertEqual(rx_pkts[0][ICMPv6EchoReply].seq, 1)
1181 self.assertEqual(rx_pkts[0][ICMPv6EchoReply].id, self.pg0.sw_if_index)
1183 def test_vrrp6_intf_tracking(self):
1184 """ IPv6 Master VR adjusts priority based on tracked interface """
1188 intvl = self._default_adv
1189 intvl_s = intvl * 0.01
1190 vip = self.pg0.local_ip6
1191 vr = VppVRRPVirtualRouter(self, self.pg0, vr_id,
1192 prio=prio, intvl=intvl,
1193 flags=self._default_flags,
1195 self._vrs.append(vr)
1198 # After adding the VR, it should be in the init state
1199 vr.assert_state_equals(VRRP_VR_STATE_INIT)
1201 # add pg1 as a tracked interface and start the VR
1203 adjusted_prio = prio - adjustment
1204 vr.add_del_tracked_interface(is_add=1,
1205 sw_if_index=self.pg1.sw_if_index,
1207 vr.start_stop(is_start=1)
1208 vr.assert_state_equals(VRRP_VR_STATE_MASTER)
1210 adv_configured = vr.vrrp_adv_packet(prio=prio)
1211 adv_adjusted = vr.vrrp_adv_packet(prio=adjusted_prio)
1213 # tracked intf is up -> advertised priority == configured priority
1214 self.pg0.enable_capture()
1215 rx = self.pg0.wait_for_packet(timeout=intvl_s,
1216 filter_out_fn=is_not_adv)
1217 self.assertEqual(rx, adv_configured)
1219 # take down pg1, verify priority is now being adjusted
1220 self.pg1.admin_down()
1221 self.pg0.enable_capture()
1222 rx = self.pg0.wait_for_packet(timeout=intvl_s,
1223 filter_out_fn=is_not_adv)
1224 self.assertEqual(rx, adv_adjusted)
1226 # bring up pg1, verify priority now matches configured value
1228 self.pg0.enable_capture()
1229 rx = self.pg0.wait_for_packet(timeout=intvl_s,
1230 filter_out_fn=is_not_adv)
1231 self.assertEqual(rx, adv_configured)
1233 # remove IP address from pg1, verify priority now being adjusted
1234 self.pg1.unconfig_ip6()
1235 self.pg0.enable_capture()
1236 rx = self.pg0.wait_for_packet(timeout=intvl_s,
1237 filter_out_fn=is_not_adv)
1238 self.assertEqual(rx, adv_adjusted)
1240 # add IP address to pg1, verify priority now matches configured value
1241 self.pg1.config_ip6()
1242 self.pg0.enable_capture()
1243 rx = self.pg0.wait_for_packet(timeout=intvl_s,
1244 filter_out_fn=is_not_adv)
1245 self.assertEqual(rx, adv_configured)
1247 def test_vrrp6_master_adv_unicast(self):
1248 """ IPv6 Master VR advertises (unicast) """
1252 intvl = self._default_adv
1253 intvl_s = intvl * 0.01
1254 vip = self.pg0.local_ip6
1255 flags = (self._default_flags | VRRP_VR_FLAG_UNICAST)
1256 unicast_peer = self.pg0.remote_hosts[4]
1257 vr = VppVRRPVirtualRouter(self, self.pg0, vr_id,
1258 prio=prio, intvl=intvl,
1261 self._vrs.append(vr)
1263 vr.set_unicast_peers([unicast_peer.ip6])
1265 # After adding the VR, it should be in the init state
1266 vr.assert_state_equals(VRRP_VR_STATE_INIT)
1268 # Start VR, transition to master
1269 vr.start_stop(is_start=1)
1270 vr.assert_state_equals(VRRP_VR_STATE_MASTER)
1272 self.pg0.enable_capture()
1273 rx = self.pg0.wait_for_packet(timeout=intvl_s,
1274 filter_out_fn=is_not_adv)
1276 self.assertTrue(rx.haslayer(Ether))
1277 self.assertTrue(rx.haslayer(IPv6))
1278 self.assertTrue(rx.haslayer(VRRPv3))
1279 self.assertEqual(rx[Ether].src, self.pg0.local_mac)
1280 self.assertEqual(rx[Ether].dst, unicast_peer.mac)
1281 self.assertEqual(ip6_normalize(rx[IPv6].src),
1282 ip6_normalize(self.pg0.local_ip6_ll))
1283 self.assertEqual(ip6_normalize(rx[IPv6].dst),
1284 ip6_normalize(unicast_peer.ip6))
1285 self.assertEqual(rx[VRRPv3].vrid, vr_id)
1286 self.assertEqual(rx[VRRPv3].priority, prio)
1287 self.assertEqual(rx[VRRPv3].ipcount, 1)
1288 self.assertEqual(rx[VRRPv3].addrlist, [vip])
1291 if __name__ == '__main__':
1292 unittest.main(testRunner=VppTestRunner)