from scapy.packet import Raw
from scapy.layers.l2 import Ether, ARP, Dot1Q
from scapy.layers.inet import IP, UDP, ICMP
-from scapy.layers.inet6 import IPv6, ICMPv6ND_NS, ICMPv6NDOptSrcLLAddr, \
+from scapy.layers.inet6 import IPv6, ICMPv6ND_NS, ICMPv6NDOptSrcLLAddr, \
ICMPv6ND_NA
from scapy.utils6 import in6_getnsma, in6_getnsmac
from scapy.layers.vxlan import VXLAN
"""
GBP Subnet
"""
+
def __init__(self, test, rd, address, address_len,
type, sw_if_index=None, sclass=None):
self._test = test
ss = self._test.vapi.gbp_subnet_dump()
for s in ss:
if s.subnet.rd_id == self.rd_id and \
- s.subnet.type == self.type and \
- s.subnet.prefix == self.prefix:
+ s.subnet.type == self.type and \
+ s.subnet.prefix == self.prefix:
return True
return False
cs = self._test.vapi.gbp_contract_dump()
for c in cs:
if c.contract.sclass == self.sclass \
- and c.contract.dclass == self.dclass:
+ and c.contract.dclass == self.dclass:
return True
return False
# The BVIs are NAT inside interfaces
flags = self.config_flags.NAT_IS_INSIDE
- self.vapi.nat44_interface_add_del_feature(epg.bvi.sw_if_index,
- flags=flags)
- self.vapi.nat66_add_del_interface(epg.bvi.sw_if_index,
- flags=flags)
+ self.vapi.nat44_interface_add_del_feature(
+ sw_if_index=epg.bvi.sw_if_index,
+ flags=flags, is_add=1)
+ self.vapi.nat66_add_del_interface(
+ is_add=1, flags=flags,
+ sw_if_index=epg.bvi.sw_if_index)
if_ip4 = VppIpInterfaceAddress(self, epg.bvi, epg.bvi_ip4, 32)
if_ip6 = VppIpInterfaceAddress(self, epg.bvi, epg.bvi_ip6, 128)
recirc.epg.rd.t6).add_vpp_config()
self.vapi.nat44_interface_add_del_feature(
- recirc.recirc.sw_if_index)
+ sw_if_index=recirc.recirc.sw_if_index, is_add=1)
self.vapi.nat66_add_del_interface(
- recirc.recirc.sw_if_index)
+ is_add=1,
+ sw_if_index=recirc.recirc.sw_if_index)
recirc.add_vpp_config()
# Add static mappings for each EP from the 10/8 to 11/8 network
if ip.af == AF_INET:
flags = self.config_flags.NAT_IS_ADDR_ONLY
- self.vapi.nat44_add_del_static_mapping(ip.bytes,
- fip.bytes,
- vrf_id=0,
- flags=flags)
+ self.vapi.nat44_add_del_static_mapping(
+ is_add=1,
+ local_ip_address=ip.bytes,
+ external_ip_address=fip.bytes,
+ external_sw_if_index=0xFFFFFFFF,
+ vrf_id=0,
+ flags=flags)
else:
- self.vapi.nat66_add_del_static_mapping(ip.bytes,
- fip.bytes,
- vrf_id=0)
+ self.vapi.nat66_add_del_static_mapping(
+ local_ip_address=ip.bytes,
+ external_ip_address=fip.bytes,
+ vrf_id=0, is_add=1)
# VPP EP create ...
ep.add_vpp_config()
[VppGbpContractRule(
VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
[]),
- VppGbpContractRule(
- VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
- [])],
+ VppGbpContractRule(
+ VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
+ [])],
[ETH_P_IP, ETH_P_IPV6])
c1.add_vpp_config()
[VppGbpContractRule(
VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
[]),
- VppGbpContractRule(
- VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
- [])],
+ VppGbpContractRule(
+ VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
+ [])],
[ETH_P_IP, ETH_P_IPV6])
c2.add_vpp_config()
[VppGbpContractRule(
VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
[]),
- VppGbpContractRule(
- VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
- [])],
+ VppGbpContractRule(
+ VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
+ [])],
[ETH_P_IP, ETH_P_IPV6])
c3.add_vpp_config()
[VppGbpContractRule(
VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
[]),
- VppGbpContractRule(
- VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
- [])],
+ VppGbpContractRule(
+ VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
+ [])],
[ETH_P_IP, ETH_P_IPV6])
c4.add_vpp_config()
[VppGbpContractRule(
VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
[]),
- VppGbpContractRule(
- VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
- [])],
+ VppGbpContractRule(
+ VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
+ [])],
[ETH_P_IP, ETH_P_IPV6])
c5.add_vpp_config()
for ep in eps:
# del static mappings for each EP from the 10/8 to 11/8 network
flags = self.config_flags.NAT_IS_ADDR_ONLY
- self.vapi.nat44_add_del_static_mapping(ep.ip4.bytes,
- ep.fip4.bytes,
- vrf_id=0,
- is_add=0,
- flags=flags)
- self.vapi.nat66_add_del_static_mapping(ep.ip6.bytes,
- ep.fip6.bytes,
- vrf_id=0,
- is_add=0)
+ self.vapi.nat44_add_del_static_mapping(
+ is_add=0,
+ local_ip_address=ep.ip4.bytes,
+ external_ip_address=ep.fip4.bytes,
+ external_sw_if_index=0xFFFFFFFF,
+ vrf_id=0,
+ flags=flags)
+ self.vapi.nat66_add_del_static_mapping(
+ local_ip_address=ep.ip6.bytes,
+ external_ip_address=ep.fip6.bytes,
+ vrf_id=0, is_add=0)
for epg in epgs:
# IP config on the BVI interfaces
if epg != epgs[0] and epg != epgs[3]:
flags = self.config_flags.NAT_IS_INSIDE
- self.vapi.nat44_interface_add_del_feature(epg.bvi.sw_if_index,
- flags=flags,
- is_add=0)
- self.vapi.nat66_add_del_interface(epg.bvi.sw_if_index,
- flags=flags,
- is_add=0)
+ self.vapi.nat44_interface_add_del_feature(
+ sw_if_index=epg.bvi.sw_if_index,
+ flags=flags,
+ is_add=0)
+ self.vapi.nat66_add_del_interface(
+ is_add=0, flags=flags,
+ sw_if_index=epg.bvi.sw_if_index)
for recirc in recircs:
self.vapi.nat44_interface_add_del_feature(
- recirc.recirc.sw_if_index,
+ sw_if_index=recirc.recirc.sw_if_index,
is_add=0)
self.vapi.nat66_add_del_interface(
- recirc.recirc.sw_if_index,
- is_add=0)
+ is_add=0,
+ sw_if_index=recirc.recirc.sw_if_index)
def wait_for_ep_timeout(self, sw_if_index=None, ip=None, mac=None,
n_tries=100, s_time=1):
UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
- rx = self.send_and_expect(self.pg2, p*65, self.pg0)
+ rx = self.send_and_expect(self.pg2, p * 65, self.pg0)
for l in learnt:
self.assertFalse(find_gbp_endpoint(self,
UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
- rx = self.send_and_expect(self.pg2, p*65, self.pg0)
+ rx = self.send_and_expect(self.pg2, p * 65, self.pg0)
self.assertTrue(find_gbp_endpoint(self,
vx_tun_l2_1.sw_if_index,
UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
- rx = self.send_and_expect(self.pg2, p*65, self.pg0)
-
- self.assertTrue(find_gbp_endpoint(self,
- vx_tun_l2_1.sw_if_index,
- mac=l['mac']))
-
- #
- # repeat in the other EPG
- # there's no contract between 220 and 330, but the sclass is set to 1
- # so the packet is cleared for delivery
- #
- for l in learnt:
- # a packet with an sclass from a known EPG
- p = (Ether(src=self.pg2.remote_mac,
- dst=self.pg2.local_mac) /
- IP(src=self.pg2.remote_hosts[1].ip4,
- dst=self.pg2.local_ip4) /
- UDP(sport=1234, dport=48879) /
- VXLAN(vni=99, gpid=1, flags=0x88) /
- Ether(src=l['mac'], dst=ep.mac) /
- IP(src=l['ip'], dst=ep.ip4.address) /
- UDP(sport=1234, dport=1234) /
- Raw('\xa5' * 100))
-
- rx = self.send_and_expect(self.pg2, p*65, self.pg0)
+ rx = self.send_and_expect(self.pg2, p * 65, self.pg0)
self.assertTrue(find_gbp_endpoint(self,
vx_tun_l2_1.sw_if_index,
UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
- rx = self.send_and_expect(self.pg2, p*65, self.pg0)
+ rx = self.send_and_expect(self.pg2, p * 65, self.pg0)
self.assertTrue(find_gbp_endpoint(self,
vx_tun_l2_1.sw_if_index,
[VppGbpContractRule(
VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
[]),
- VppGbpContractRule(
- VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
- [])],
+ VppGbpContractRule(
+ VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
+ [])],
[ETH_P_IP, ETH_P_IPV6])
c1.add_vpp_config()
UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
- rx = self.send_and_expect(self.pg2, p*65, self.pg0)
+ rx = self.send_and_expect(self.pg2, p * 65, self.pg0)
self.assertTrue(find_gbp_endpoint(self,
vx_tun_l2_1.sw_if_index,
UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
- rxs = self.send_and_expect(self.pg0, p*1, self.pg2)
+ rxs = self.send_and_expect(self.pg0, p * 1, self.pg2)
for rx in rxs:
self.assertEqual(rx[IP].src, self.pg2.local_ip4)
UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
- rxs = self.send_and_expect(self.pg0, p*65, self.pg2)
+ rxs = self.send_and_expect(self.pg0, p * 65, self.pg2)
for rx in rxs:
self.assertEqual(rx[IP].src, self.pg2.local_ip4)
UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
- rxs = self.send_and_expect(self.pg0, p*65, self.pg2)
+ rxs = self.send_and_expect(self.pg0, p * 65, self.pg2)
for rx in rxs:
self.assertEqual(rx[IP].src, self.pg2.local_ip4)
sep1.ip4, sep1.epg.rd),
VppGbpContractNextHop(sep2.vmac, sep2.epg.bd,
sep2.ip4, sep2.epg.rd)]),
- VppGbpContractRule(
- VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT,
- VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SRC_IP,
- [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd,
- sep3.ip6, sep3.epg.rd),
- VppGbpContractNextHop(sep4.vmac, sep4.epg.bd,
- sep4.ip6, sep4.epg.rd)])],
+ VppGbpContractRule(
+ VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT,
+ VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SRC_IP,
+ [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd,
+ sep3.ip6, sep3.epg.rd),
+ VppGbpContractNextHop(sep4.vmac, sep4.epg.bd,
+ sep4.ip6, sep4.epg.rd)])],
[ETH_P_IP, ETH_P_IPV6])
c1.add_vpp_config()
sep1.ip4, sep1.epg.rd),
VppGbpContractNextHop(sep2.vmac, sep2.epg.bd,
sep2.ip4, sep2.epg.rd)]),
- VppGbpContractRule(
- VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT,
- VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SRC_IP,
- [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd,
- sep3.ip6, sep3.epg.rd),
- VppGbpContractNextHop(sep4.vmac, sep4.epg.bd,
- sep4.ip6, sep4.epg.rd)])],
+ VppGbpContractRule(
+ VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT,
+ VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SRC_IP,
+ [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd,
+ sep3.ip6, sep3.epg.rd),
+ VppGbpContractNextHop(sep4.vmac, sep4.epg.bd,
+ sep4.ip6, sep4.epg.rd)])],
[ETH_P_IP, ETH_P_IPV6])
c2.add_vpp_config()
sep1.ip4, sep1.epg.rd),
VppGbpContractNextHop(sep2.vmac, sep2.epg.bd,
sep2.ip4, sep2.epg.rd)]),
- VppGbpContractRule(
- VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT,
- VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SYMMETRIC,
- [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd,
- sep3.ip6, sep3.epg.rd),
- VppGbpContractNextHop(sep4.vmac, sep4.epg.bd,
- sep4.ip6, sep4.epg.rd)])],
+ VppGbpContractRule(
+ VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT,
+ VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SYMMETRIC,
+ [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd,
+ sep3.ip6, sep3.epg.rd),
+ VppGbpContractNextHop(sep4.vmac, sep4.epg.bd,
+ sep4.ip6, sep4.epg.rd)])],
[ETH_P_IP, ETH_P_IPV6])
c1.add_vpp_config()
sep1.ip4, sep1.epg.rd),
VppGbpContractNextHop(sep2.vmac, sep2.epg.bd,
sep2.ip4, sep2.epg.rd)]),
- VppGbpContractRule(
- VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT,
- VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SYMMETRIC,
- [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd,
- sep3.ip6, sep3.epg.rd),
- VppGbpContractNextHop(sep4.vmac, sep4.epg.bd,
- sep4.ip6, sep4.epg.rd)])],
+ VppGbpContractRule(
+ VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT,
+ VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SYMMETRIC,
+ [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd,
+ sep3.ip6, sep3.epg.rd),
+ VppGbpContractNextHop(sep4.vmac, sep4.epg.bd,
+ sep4.ip6, sep4.epg.rd)])],
[ETH_P_IP, ETH_P_IPV6])
c2.add_vpp_config()
sep1.ip4, sep1.epg.rd),
VppGbpContractNextHop(sep2.vmac, sep2.epg.bd,
sep2.ip4, sep2.epg.rd)]),
- VppGbpContractRule(
- VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT,
- VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SYMMETRIC,
- [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd,
- sep3.ip6, sep3.epg.rd),
- VppGbpContractNextHop(sep4.vmac, sep4.epg.bd,
- sep4.ip6, sep4.epg.rd)])],
+ VppGbpContractRule(
+ VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT,
+ VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SYMMETRIC,
+ [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd,
+ sep3.ip6, sep3.epg.rd),
+ VppGbpContractNextHop(sep4.vmac, sep4.epg.bd,
+ sep4.ip6, sep4.epg.rd)])],
[ETH_P_IP, ETH_P_IPV6])
c3.add_vpp_config()
[VppGbpContractRule(
VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
[]),
- VppGbpContractRule(
- VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
- [])],
+ VppGbpContractRule(
+ VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
+ [])],
[ETH_P_IP, ETH_P_IPV6])
c4.add_vpp_config()
sep1.ip4, sep1.epg.rd),
VppGbpContractNextHop(sep2.vmac, sep2.epg.bd,
sep2.ip4, sep2.epg.rd)]),
- VppGbpContractRule(
- VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT,
- VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_DST_IP,
- [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd,
- sep3.ip6, sep3.epg.rd),
- VppGbpContractNextHop(sep4.vmac, sep4.epg.bd,
- sep4.ip6, sep4.epg.rd)])],
+ VppGbpContractRule(
+ VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT,
+ VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_DST_IP,
+ [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd,
+ sep3.ip6, sep3.epg.rd),
+ VppGbpContractNextHop(sep4.vmac, sep4.epg.bd,
+ sep4.ip6, sep4.epg.rd)])],
[ETH_P_IP, ETH_P_IPV6])
c5.add_vpp_config()
[VppGbpContractRule(
VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
[]),
- VppGbpContractRule(
- VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
- [])],
+ VppGbpContractRule(
+ VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
+ [])],
[ETH_P_IP, ETH_P_IPV6])
c1.add_vpp_config()
[VppGbpContractRule(
VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
[]),
- VppGbpContractRule(
- VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
- [])],
+ VppGbpContractRule(
+ VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
+ [])],
[ETH_P_IP, ETH_P_IPV6])
c2.add_vpp_config()
c3 = VppGbpContract(
[VppGbpContractRule(
VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
[]),
- VppGbpContractRule(
- VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
- [])],
+ VppGbpContractRule(
+ VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
+ [])],
[ETH_P_IP, ETH_P_IPV6])
c3.add_vpp_config()
[VppGbpContractRule(
VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
[]),
- VppGbpContractRule(
- VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
- [])],
+ VppGbpContractRule(
+ VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
+ [])],
[ETH_P_IP, ETH_P_IPV6])
c4.add_vpp_config()
self.assertEqual(inner[IP].src, "10.220.0.1")
self.assertEqual(inner[IP].dst, "10.222.0.1")
- #
- # ping from host in remote to local external subnets
- # there's no contract for this, but sclass is 1.
- #
- p = (Ether(src=self.pg7.remote_mac, dst=self.pg7.local_mac) /
- IP(src=self.pg7.remote_ip4, dst=self.pg7.local_ip4) /
- UDP(sport=1234, dport=48879) /
- VXLAN(vni=445, gpid=1, flags=0x88) /
- Ether(src=self.pg0.remote_mac, dst=str(self.router_mac)) /
- IP(src="10.222.0.1", dst="10.220.0.1") /
- UDP(sport=1234, dport=1234) /
- Raw('\xa5' * 100))
-
- rxs = self.send_and_expect(self.pg7, p * 3, self.pg0)
- self.assertFalse(find_gbp_endpoint(self, ip="10.222.0.1"))
-
#
# ping from host in remote to local external subnets
# there's no contract for this, but the A bit is set.