+ @unittest.skipUnless(running_extended_tests, "part of extended tests")
+ def test_ha_send(self):
+ """ Send HA session synchronization events (active) """
+ self.nat44_add_address(self.nat_addr)
+ self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index)
+ self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index,
+ is_inside=0)
+ self.vapi.nat_ha_set_listener(self.pg3.local_ip4, port=12345)
+ self.vapi.nat_ha_set_failover(self.pg3.remote_ip4, port=12346)
+ bind_layers(UDP, HANATStateSync, sport=12345)
+
+ # create sessions
+ pkts = self.create_stream_in(self.pg0, self.pg1)
+ self.pg0.add_stream(pkts)
+ self.pg_enable_capture(self.pg_interfaces)
+ self.pg_start()
+ capture = self.pg1.get_capture(len(pkts))
+ self.verify_capture_out(capture)
+ # active send HA events
+ self.vapi.nat_ha_flush()
+ stats = self.statistics.get_counter('/nat44/ha/add-event-send')
+ self.assertEqual(stats[0][0], 3)
+ capture = self.pg3.get_capture(1)
+ p = capture[0]
+ self.assert_packet_checksums_valid(p)
+ try:
+ ip = p[IP]
+ udp = p[UDP]
+ hanat = p[HANATStateSync]
+ except IndexError:
+ self.logger.error(ppp("Invalid packet:", p))
+ raise
+ else:
+ self.assertEqual(ip.src, self.pg3.local_ip4)
+ self.assertEqual(ip.dst, self.pg3.remote_ip4)
+ self.assertEqual(udp.sport, 12345)
+ self.assertEqual(udp.dport, 12346)
+ self.assertEqual(hanat.version, 1)
+ self.assertEqual(hanat.thread_index, 0)
+ self.assertEqual(hanat.count, 3)
+ seq = hanat.sequence_number
+ for event in hanat.events:
+ self.assertEqual(event.event_type, 1)
+ self.assertEqual(event.in_addr, self.pg0.remote_ip4)
+ self.assertEqual(event.out_addr, self.nat_addr)
+ self.assertEqual(event.fib_index, 0)
+
+ # ACK received events
+ ack = (Ether(dst=self.pg3.local_mac, src=self.pg3.remote_mac) /
+ IP(src=self.pg3.remote_ip4, dst=self.pg3.local_ip4) /
+ UDP(sport=12346, dport=12345) /
+ HANATStateSync(sequence_number=seq, flags='ACK'))
+ self.pg3.add_stream(ack)
+ self.pg_start()
+ stats = self.statistics.get_counter('/nat44/ha/ack-recv')
+ self.assertEqual(stats[0][0], 1)
+
+ # delete one session
+ self.pg_enable_capture(self.pg_interfaces)
+ self.vapi.nat44_del_session(self.pg0.remote_ip4n, self.tcp_port_in,
+ IP_PROTOS.tcp)
+ self.vapi.nat_ha_flush()
+ stats = self.statistics.get_counter('/nat44/ha/del-event-send')
+ self.assertEqual(stats[0][0], 1)
+ capture = self.pg3.get_capture(1)
+ p = capture[0]
+ try:
+ hanat = p[HANATStateSync]
+ except IndexError:
+ self.logger.error(ppp("Invalid packet:", p))
+ raise
+ else:
+ self.assertGreater(hanat.sequence_number, seq)
+
+ # do not send ACK, active retry send HA event again
+ self.pg_enable_capture(self.pg_interfaces)
+ sleep(12)
+ stats = self.statistics.get_counter('/nat44/ha/retry-count')
+ self.assertEqual(stats[0][0], 3)
+ stats = self.statistics.get_counter('/nat44/ha/missed-count')
+ self.assertEqual(stats[0][0], 1)
+ capture = self.pg3.get_capture(3)
+ for packet in capture:
+ self.assertEqual(packet, p)
+
+ # session counters refresh
+ pkts = self.create_stream_out(self.pg1)
+ self.pg1.add_stream(pkts)
+ self.pg_enable_capture(self.pg_interfaces)
+ self.pg_start()
+ self.pg0.get_capture(2)
+ self.vapi.nat_ha_flush()
+ stats = self.statistics.get_counter('/nat44/ha/refresh-event-send')
+ self.assertEqual(stats[0][0], 2)
+ capture = self.pg3.get_capture(1)
+ p = capture[0]
+ self.assert_packet_checksums_valid(p)
+ try:
+ ip = p[IP]
+ udp = p[UDP]
+ hanat = p[HANATStateSync]
+ except IndexError:
+ self.logger.error(ppp("Invalid packet:", p))
+ raise
+ else:
+ self.assertEqual(ip.src, self.pg3.local_ip4)
+ self.assertEqual(ip.dst, self.pg3.remote_ip4)
+ self.assertEqual(udp.sport, 12345)
+ self.assertEqual(udp.dport, 12346)
+ self.assertEqual(hanat.version, 1)
+ self.assertEqual(hanat.count, 2)
+ seq = hanat.sequence_number
+ for event in hanat.events:
+ self.assertEqual(event.event_type, 3)
+ self.assertEqual(event.out_addr, self.nat_addr)
+ self.assertEqual(event.fib_index, 0)
+ self.assertEqual(event.total_pkts, 2)
+ self.assertGreater(event.total_bytes, 0)
+
+ ack = (Ether(dst=self.pg3.local_mac, src=self.pg3.remote_mac) /
+ IP(src=self.pg3.remote_ip4, dst=self.pg3.local_ip4) /
+ UDP(sport=12346, dport=12345) /
+ HANATStateSync(sequence_number=seq, flags='ACK'))
+ self.pg3.add_stream(ack)
+ self.pg_start()
+ stats = self.statistics.get_counter('/nat44/ha/ack-recv')
+ self.assertEqual(stats[0][0], 2)
+
+ def test_ha_recv(self):
+ """ Receive HA session synchronization events (passive) """
+ self.nat44_add_address(self.nat_addr)
+ self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index)
+ self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index,
+ is_inside=0)
+ self.vapi.nat_ha_set_listener(self.pg3.local_ip4, port=12345)
+ bind_layers(UDP, HANATStateSync, sport=12345)
+
+ self.tcp_port_out = random.randint(1025, 65535)
+ self.udp_port_out = random.randint(1025, 65535)
+
+ # send HA session add events to failover/passive
+ p = (Ether(dst=self.pg3.local_mac, src=self.pg3.remote_mac) /
+ IP(src=self.pg3.remote_ip4, dst=self.pg3.local_ip4) /
+ UDP(sport=12346, dport=12345) /
+ HANATStateSync(sequence_number=1, events=[
+ Event(event_type='add', protocol='tcp',
+ in_addr=self.pg0.remote_ip4, out_addr=self.nat_addr,
+ in_port=self.tcp_port_in, out_port=self.tcp_port_out,
+ eh_addr=self.pg1.remote_ip4,
+ ehn_addr=self.pg1.remote_ip4,
+ eh_port=self.tcp_external_port,
+ ehn_port=self.tcp_external_port, fib_index=0),
+ Event(event_type='add', protocol='udp',
+ in_addr=self.pg0.remote_ip4, out_addr=self.nat_addr,
+ in_port=self.udp_port_in, out_port=self.udp_port_out,
+ eh_addr=self.pg1.remote_ip4,
+ ehn_addr=self.pg1.remote_ip4,
+ eh_port=self.udp_external_port,
+ ehn_port=self.udp_external_port, fib_index=0)]))
+
+ self.pg3.add_stream(p)
+ self.pg_enable_capture(self.pg_interfaces)
+ self.pg_start()
+ # receive ACK
+ capture = self.pg3.get_capture(1)
+ p = capture[0]
+ try:
+ hanat = p[HANATStateSync]
+ except IndexError:
+ self.logger.error(ppp("Invalid packet:", p))
+ raise
+ else:
+ self.assertEqual(hanat.sequence_number, 1)
+ self.assertEqual(hanat.flags, 'ACK')
+ self.assertEqual(hanat.version, 1)
+ self.assertEqual(hanat.thread_index, 0)
+ stats = self.statistics.get_counter('/nat44/ha/ack-send')
+ self.assertEqual(stats[0][0], 1)
+ stats = self.statistics.get_counter('/nat44/ha/add-event-recv')
+ self.assertEqual(stats[0][0], 2)
+ users = self.statistics.get_counter('/nat44/total-users')
+ self.assertEqual(users[0][0], 1)
+ sessions = self.statistics.get_counter('/nat44/total-sessions')
+ self.assertEqual(sessions[0][0], 2)
+ users = self.vapi.nat44_user_dump()
+ self.assertEqual(len(users), 1)
+ self.assertEqual(users[0].ip_address, self.pg0.remote_ip4n)
+ # there should be 2 sessions created by HA
+ sessions = self.vapi.nat44_user_session_dump(users[0].ip_address,
+ users[0].vrf_id)
+ self.assertEqual(len(sessions), 2)
+ for session in sessions:
+ self.assertEqual(session.inside_ip_address, self.pg0.remote_ip4n)
+ self.assertEqual(session.outside_ip_address, self.nat_addr_n)
+ self.assertIn(session.inside_port,
+ [self.tcp_port_in, self.udp_port_in])
+ self.assertIn(session.outside_port,
+ [self.tcp_port_out, self.udp_port_out])
+ self.assertIn(session.protocol, [IP_PROTOS.tcp, IP_PROTOS.udp])
+
+ # send HA session delete event to failover/passive
+ p = (Ether(dst=self.pg3.local_mac, src=self.pg3.remote_mac) /
+ IP(src=self.pg3.remote_ip4, dst=self.pg3.local_ip4) /
+ UDP(sport=12346, dport=12345) /
+ HANATStateSync(sequence_number=2, events=[
+ Event(event_type='del', protocol='udp',
+ in_addr=self.pg0.remote_ip4, out_addr=self.nat_addr,
+ in_port=self.udp_port_in, out_port=self.udp_port_out,
+ eh_addr=self.pg1.remote_ip4,
+ ehn_addr=self.pg1.remote_ip4,
+ eh_port=self.udp_external_port,
+ ehn_port=self.udp_external_port, fib_index=0)]))
+
+ self.pg3.add_stream(p)
+ self.pg_enable_capture(self.pg_interfaces)
+ self.pg_start()
+ # receive ACK
+ capture = self.pg3.get_capture(1)
+ p = capture[0]
+ try:
+ hanat = p[HANATStateSync]
+ except IndexError:
+ self.logger.error(ppp("Invalid packet:", p))
+ raise
+ else:
+ self.assertEqual(hanat.sequence_number, 2)
+ self.assertEqual(hanat.flags, 'ACK')
+ self.assertEqual(hanat.version, 1)
+ users = self.vapi.nat44_user_dump()
+ self.assertEqual(len(users), 1)
+ self.assertEqual(users[0].ip_address, self.pg0.remote_ip4n)
+ # now we should have only 1 session, 1 deleted by HA
+ sessions = self.vapi.nat44_user_session_dump(users[0].ip_address,
+ users[0].vrf_id)
+ self.assertEqual(len(sessions), 1)
+ stats = self.statistics.get_counter('/nat44/ha/del-event-recv')
+ self.assertEqual(stats[0][0], 1)
+
+ stats = self.statistics.get_counter('/err/nat-ha/pkts-processed')
+ self.assertEqual(stats, 2)
+
+ # send HA session refresh event to failover/passive
+ p = (Ether(dst=self.pg3.local_mac, src=self.pg3.remote_mac) /
+ IP(src=self.pg3.remote_ip4, dst=self.pg3.local_ip4) /
+ UDP(sport=12346, dport=12345) /
+ HANATStateSync(sequence_number=3, events=[
+ Event(event_type='refresh', protocol='tcp',
+ in_addr=self.pg0.remote_ip4, out_addr=self.nat_addr,
+ in_port=self.tcp_port_in, out_port=self.tcp_port_out,
+ eh_addr=self.pg1.remote_ip4,
+ ehn_addr=self.pg1.remote_ip4,
+ eh_port=self.tcp_external_port,
+ ehn_port=self.tcp_external_port, fib_index=0,
+ total_bytes=1024, total_pkts=2)]))
+ self.pg3.add_stream(p)
+ self.pg_enable_capture(self.pg_interfaces)
+ self.pg_start()
+ # receive ACK
+ capture = self.pg3.get_capture(1)
+ p = capture[0]
+ try:
+ hanat = p[HANATStateSync]
+ except IndexError:
+ self.logger.error(ppp("Invalid packet:", p))
+ raise
+ else:
+ self.assertEqual(hanat.sequence_number, 3)
+ self.assertEqual(hanat.flags, 'ACK')
+ self.assertEqual(hanat.version, 1)
+ users = self.vapi.nat44_user_dump()
+ self.assertEqual(len(users), 1)
+ self.assertEqual(users[0].ip_address, self.pg0.remote_ip4n)
+ sessions = self.vapi.nat44_user_session_dump(users[0].ip_address,
+ users[0].vrf_id)
+ self.assertEqual(len(sessions), 1)
+ session = sessions[0]
+ self.assertEqual(session.total_bytes, 1024)
+ self.assertEqual(session.total_pkts, 2)
+ stats = self.statistics.get_counter('/nat44/ha/refresh-event-recv')
+ self.assertEqual(stats[0][0], 1)
+
+ stats = self.statistics.get_counter('/err/nat-ha/pkts-processed')
+ self.assertEqual(stats, 3)
+
+ # send packet to test session created by HA
+ p = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
+ IP(src=self.pg1.remote_ip4, dst=self.nat_addr) /
+ TCP(sport=self.tcp_external_port, dport=self.tcp_port_out))
+ self.pg1.add_stream(p)
+ self.pg_enable_capture(self.pg_interfaces)
+ self.pg_start()
+ capture = self.pg0.get_capture(1)
+ p = capture[0]
+ try:
+ ip = p[IP]
+ tcp = p[TCP]
+ except IndexError:
+ self.logger.error(ppp("Invalid packet:", p))
+ raise
+ else:
+ self.assertEqual(ip.src, self.pg1.remote_ip4)
+ self.assertEqual(ip.dst, self.pg0.remote_ip4)
+ self.assertEqual(tcp.sport, self.tcp_external_port)
+ self.assertEqual(tcp.dport, self.tcp_port_in)
+