- #
- # another external subnet, this time in a different EPG
- #
- ip_200 = VppIpRoute(self, "10.200.0.0", 24,
- [VppRoutePath(eep.ip4.address,
- eep.epg.bvi.sw_if_index)],
- table_id=t4.table_id)
- ip_200.add_vpp_config()
-
- l3o_200 = VppGbpSubnet(
- self, rd1, "10.200.0.0", 24,
- VppEnum.vl_api_gbp_subnet_type_t.GBP_API_SUBNET_L3_OUT,
- epg=200)
- l3o_200.add_vpp_config()
-
- p = (Ether(src=self.pg7.remote_mac,
- dst=self.pg7.local_mac) /
- IP(src=self.pg7.remote_ip4,
- dst=self.pg7.local_ip4) /
- UDP(sport=1234, dport=48879) /
- VXLAN(vni=444, gpid=220, flags=0x88) /
- Ether(src=self.pg0.remote_mac, dst=str(self.router_mac)) /
- IP(src="10.0.0.101", dst="10.200.0.1") /
- UDP(sport=1234, dport=1234) /
- Raw('\xa5' * 100))
-
- #
- # packets dropped due to lack of contract.
- #
- rxs = self.send_and_assert_no_replies(self.pg7, p * 1)
-
- #
- # from the the subnet in EPG 220 beyond the external to remote
- #
- p4 = (Ether(src=self.pg0.remote_mac, dst=str(self.router_mac)) /
- Dot1Q(vlan=100) /
- IP(src="10.220.0.1", dst=rep.ip4.address) /
- UDP(sport=1234, dport=1234) /
- Raw('\xa5' * 100))
-
- rxs = self.send_and_expect(self.pg0, p4 * 1, self.pg7)
-
- for rx in rxs:
- self.assertEqual(rx[Ether].src, self.pg7.local_mac)
- self.assertEqual(rx[Ether].dst, self.pg7.remote_mac)
- self.assertEqual(rx[IP].src, self.pg7.local_ip4)
- self.assertEqual(rx[IP].dst, self.pg7.remote_ip4)
- self.assertEqual(rx[VXLAN].vni, 444)
- self.assertTrue(rx[VXLAN].flags.G)
- self.assertTrue(rx[VXLAN].flags.Instance)
- self.assertTrue(rx[VXLAN].gpflags.A)
- self.assertFalse(rx[VXLAN].gpflags.D)
-
- #
- # from the the subnet in EPG 200 beyond the external to remote
- # dropped due to no contract
- #
- p4 = (Ether(src=self.pg0.remote_mac, dst=str(self.router_mac)) /
- Dot1Q(vlan=100) /
- IP(src="10.200.0.1", dst=rep.ip4.address) /
- UDP(sport=1234, dport=1234) /
- Raw('\xa5' * 100))
-
- rxs = self.send_and_assert_no_replies(self.pg0, p4 * 1)
-
- #
- # add a contract
- #
- acl = VppGbpAcl(self)
- rule = acl.create_rule(permit_deny=1, proto=17)
- rule2 = acl.create_rule(is_ipv6=1, permit_deny=1, proto=17)
- acl_index = acl.add_vpp_config([rule, rule2])
- c1 = VppGbpContract(
- self, 200, 220, acl_index,
- [VppGbpContractRule(
- VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
- []),
- VppGbpContractRule(
- VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
- [])],
- [ETH_P_IP, ETH_P_IPV6])
- c1.add_vpp_config()
-
- rxs = self.send_and_expect(self.pg0, p4 * 1, self.pg7)
-
- for rx in rxs:
- self.assertEqual(rx[Ether].src, self.pg7.local_mac)
- self.assertEqual(rx[Ether].dst, self.pg7.remote_mac)
- self.assertEqual(rx[IP].src, self.pg7.local_ip4)
- self.assertEqual(rx[IP].dst, self.pg7.remote_ip4)
- self.assertEqual(rx[VXLAN].vni, 444)
- self.assertTrue(rx[VXLAN].flags.G)
- self.assertTrue(rx[VXLAN].flags.Instance)
- self.assertTrue(rx[VXLAN].gpflags.A)
- self.assertFalse(rx[VXLAN].gpflags.D)
-