+ self.send_and_expect_bridged(self.pg0, pkt_intra_epg * 65, self.pg1)
+
+ #
+ # EPs to the outside world
+ #
+
+ # in the EP's RD an external subnet via the NAT EPG's recirc
+ se1 = VppGbpSubnet(self, 0, "0.0.0.0", 0,
+ is_internal=False,
+ sw_if_index=recirc_nat.recirc.sw_if_index,
+ epg=epg_nat.epg)
+ se1.add_vpp_config()
+ se2 = VppGbpSubnet(self, 0, "11.0.0.0", 8,
+ is_internal=False,
+ sw_if_index=recirc_nat.recirc.sw_if_index,
+ epg=epg_nat.epg)
+ se2.add_vpp_config()
+ se16 = VppGbpSubnet(self, 0, "::", 0,
+ is_internal=False,
+ sw_if_index=recirc_nat.recirc.sw_if_index,
+ epg=epg_nat.epg,
+ is_ip6=True)
+ se16.add_vpp_config()
+ # in the NAT RD an external subnet via the NAT EPG's uplink
+ se3 = VppGbpSubnet(self, 20, "0.0.0.0", 0,
+ is_internal=False,
+ sw_if_index=epg_nat.uplink.sw_if_index,
+ epg=epg_nat.epg)
+ se36 = VppGbpSubnet(self, 20, "::", 0,
+ is_internal=False,
+ sw_if_index=epg_nat.uplink.sw_if_index,
+ epg=epg_nat.epg,
+ is_ip6=True)
+ se4 = VppGbpSubnet(self, 20, "11.0.0.0", 8,
+ is_internal=False,
+ sw_if_index=epg_nat.uplink.sw_if_index,
+ epg=epg_nat.epg)
+ se3.add_vpp_config()
+ se36.add_vpp_config()
+ se4.add_vpp_config()
+
+ self.logger.info(self.vapi.cli("sh ip fib 0.0.0.0/0"))
+ self.logger.info(self.vapi.cli("sh ip fib 11.0.0.1"))
+ self.logger.info(self.vapi.cli("sh ip6 fib ::/0"))
+ self.logger.info(self.vapi.cli("sh ip6 fib %s" %
+ eps[4].floating_ip))
+
+ #
+ # From an EP to an outside addess: IN2OUT
+ #
+ pkt_inter_epg_220_to_global = (Ether(src=self.pg0.remote_mac,
+ dst=self.router_mac) /
+ IP(src=eps[0].ip, dst="1.1.1.1") /
+ UDP(sport=1234, dport=1234) /
+ Raw('\xa5' * 100))
+
+ # no policy yet
+ self.send_and_assert_no_replies(self.pg0,
+ pkt_inter_epg_220_to_global * 65)
+
+ acl2 = VppGbpAcl(self)
+ rule = acl2.create_rule(permit_deny=1, proto=17, sport_from=1234,
+ sport_to=1234, dport_from=1234, dport_to=1234)
+ rule2 = acl2.create_rule(is_ipv6=1, permit_deny=1, proto=17,
+ sport_from=1234, sport_to=1234,
+ dport_from=1234, dport_to=1234)
+
+ acl_index2 = acl2.add_vpp_config([rule, rule2])
+ c4 = VppGbpContract(self, 220, 333, acl_index2)
+ c4.add_vpp_config()
+
+ self.send_and_expect_natted(self.pg0,
+ pkt_inter_epg_220_to_global * 65,
+ self.pg7,
+ eps[0].floating_ip)
+
+ pkt_inter_epg_220_to_global = (Ether(src=self.pg0.remote_mac,
+ dst=self.router_mac) /
+ IPv6(src=eps[4].ip, dst="6001::1") /
+ UDP(sport=1234, dport=1234) /
+ Raw('\xa5' * 100))
+
+ self.send_and_expect_natted6(self.pg0,
+ pkt_inter_epg_220_to_global * 65,
+ self.pg7,
+ eps[4].floating_ip)
+
+ #
+ # From a global address to an EP: OUT2IN
+ #
+ pkt_inter_epg_220_from_global = (Ether(src=self.router_mac,
+ dst=self.pg0.remote_mac) /
+ IP(dst=eps[0].floating_ip,
+ src="1.1.1.1") /
+ UDP(sport=1234, dport=1234) /
+ Raw('\xa5' * 100))
+
+ self.send_and_assert_no_replies(self.pg7,
+ pkt_inter_epg_220_from_global * 65)
+
+ c5 = VppGbpContract(self, 333, 220, acl_index2)
+ c5.add_vpp_config()
+
+ self.send_and_expect_unnatted(self.pg7,
+ pkt_inter_epg_220_from_global * 65,
+ eps[0].itf,
+ eps[0].ip)
+
+ pkt_inter_epg_220_from_global = (Ether(src=self.router_mac,
+ dst=self.pg0.remote_mac) /
+ IPv6(dst=eps[4].floating_ip,
+ src="6001::1") /
+ UDP(sport=1234, dport=1234) /
+ Raw('\xa5' * 100))
+
+ self.send_and_expect_unnatted6(self.pg7,
+ pkt_inter_epg_220_from_global * 65,
+ eps[4].itf,
+ eps[4].ip)
+
+ #
+ # From a local VM to another local VM using resp. public addresses:
+ # IN2OUT2IN
+ #
+ pkt_intra_epg_220_global = (Ether(src=self.pg0.remote_mac,
+ dst=self.router_mac) /
+ IP(src=eps[0].ip,
+ dst=eps[1].floating_ip) /
+ UDP(sport=1234, dport=1234) /
+ Raw('\xa5' * 100))
+
+ self.send_and_expect_double_natted(eps[0].itf,
+ pkt_intra_epg_220_global * 65,
+ eps[1].itf,
+ eps[0].floating_ip,
+ eps[1].ip)
+
+ pkt_intra_epg_220_global = (Ether(src=self.pg4.remote_mac,
+ dst=self.router_mac) /
+ IPv6(src=eps[4].ip,
+ dst=eps[5].floating_ip) /
+ UDP(sport=1234, dport=1234) /
+ Raw('\xa5' * 100))
+
+ self.send_and_expect_double_natted6(eps[4].itf,
+ pkt_intra_epg_220_global * 65,
+ eps[5].itf,
+ eps[4].floating_ip,
+ eps[5].ip)
+
+ #
+ # cleanup
+ #
+ for ep in eps:
+ # del static mappings for each EP from the 10/8 to 11/8 network
+ if ep.af == AF_INET:
+ self.vapi.nat44_add_del_static_mapping(ep.ip_n,
+ ep.floating_ip_n,
+ vrf_id=0,
+ addr_only=1,
+ is_add=0)
+ else:
+ self.vapi.nat66_add_del_static_mapping(ep.ip_n,
+ ep.floating_ip_n,
+ vrf_id=0,
+ is_add=0)
+
+ for epg in epgs:
+ # IP config on the BVI interfaces
+ self.vapi.sw_interface_add_del_address(epg.bvi.sw_if_index,
+ epg.bvi_ip4_n,
+ 32,
+ is_add=0)
+ self.vapi.sw_interface_add_del_address(epg.bvi.sw_if_index,
+ epg.bvi_ip6_n,
+ 128,
+ is_add=0,
+ is_ipv6=True)
+ self.logger.info(self.vapi.cli("sh int addr"))
+
+ epg.uplink.set_table_ip4(0)
+ epg.uplink.set_table_ip6(0)
+
+ if epg != epgs[0] and epg != epgs[3]:
+ epg.bvi.set_table_ip4(0)
+ epg.bvi.set_table_ip6(0)
+
+ self.vapi.nat44_interface_add_del_feature(epg.bvi.sw_if_index,
+ is_inside=1,
+ is_add=0)
+ self.vapi.nat66_add_del_interface(epg.bvi.sw_if_index,
+ is_inside=1,
+ is_add=0)
+
+ for recirc in recircs:
+ recirc.recirc.set_table_ip4(0)
+ recirc.recirc.set_table_ip6(0)
+
+ self.vapi.nat44_interface_add_del_feature(
+ recirc.recirc.sw_if_index,
+ is_inside=0,
+ is_add=0)
+ self.vapi.nat66_add_del_interface(
+ recirc.recirc.sw_if_index,
+ is_inside=0,
+ is_add=0)