X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=test%2Ftest_dvr.py;h=8531b8553caad048f522d0d37d455f93998539b7;hb=88cecfad98d2e8b32e68b90538c2c4cb906eb204;hp=e7b68db2ac7f214190cc71def9b21f981a935074;hpb=52fae862646e25bac6d1cd11b9fc7ac77299bc25;p=vpp.git diff --git a/test/test_dvr.py b/test/test_dvr.py index e7b68db2ac7..8531b8553ca 100644 --- a/test/test_dvr.py +++ b/test/test_dvr.py @@ -1,28 +1,37 @@ -#!/usr/bin/env python -import random -import socket +#!/usr/bin/env python3 import unittest from framework import VppTestCase, VppTestRunner -from vpp_sub_interface import VppSubInterface, VppDot1QSubint -from vpp_ip_route import VppIpRoute, VppRoutePath, DpoProto, VppIpMRoute, \ - VppMRoutePath, MRouteEntryFlags, MRouteItfFlags -from vpp_papi_provider import L2_VTR_OP +from vpp_ip_route import VppIpRoute, VppRoutePath, FibPathType +from vpp_l2 import L2_PORT_TYPE +from vpp_sub_interface import L2_VTR_OP, VppDot1QSubint +from vpp_acl import AclRule, VppAcl, VppAclInterface from scapy.packet import Raw -from scapy.layers.l2 import Ether, Dot1Q, ARP +from scapy.layers.l2 import Ether, Dot1Q from scapy.layers.inet import IP, UDP -from util import ppp +from socket import AF_INET, inet_pton +from ipaddress import IPv4Network + +NUM_PKTS = 67 class TestDVR(VppTestCase): """ Distributed Virtual Router """ + @classmethod + def setUpClass(cls): + super(TestDVR, cls).setUpClass() + + @classmethod + def tearDownClass(cls): + super(TestDVR, cls).tearDownClass() + def setUp(self): super(TestDVR, self).setUp() self.create_pg_interfaces(range(4)) - self.create_loopback_interfaces(range(1)) + self.create_loopback_interfaces(1) for i in self.pg_interfaces: i.admin_up() @@ -68,13 +77,13 @@ class TestDVR(VppTestCase): IP(src=any_src_addr, dst=ip_non_tag_bridged) / UDP(sport=1234, dport=1234) / - Raw('\xa5' * 100)) + Raw(b'\xa5' * 100)) pkt_tag = (Ether(src=self.pg0.remote_mac, dst=self.loop0.local_mac) / IP(src=any_src_addr, dst=ip_tag_bridged) / UDP(sport=1234, dport=1234) / - Raw('\xa5' * 100)) + Raw(b'\xa5' * 100)) # # Two sub-interfaces so we can test VLAN tag push/pop @@ -87,18 +96,24 @@ class TestDVR(VppTestCase): # # Put all the interfaces into a new bridge domain # - self.vapi.sw_interface_set_l2_bridge(self.pg0.sw_if_index, 1) - self.vapi.sw_interface_set_l2_bridge(self.pg1.sw_if_index, 1) - self.vapi.sw_interface_set_l2_bridge(sub_if_on_pg2.sw_if_index, 1) - self.vapi.sw_interface_set_l2_bridge(sub_if_on_pg3.sw_if_index, 1) - self.vapi.sw_interface_set_l2_bridge(self.loop0.sw_if_index, 1, bvi=1) - - self.vapi.sw_interface_set_l2_tag_rewrite(sub_if_on_pg2.sw_if_index, - L2_VTR_OP.L2_POP_1, - 92) - self.vapi.sw_interface_set_l2_tag_rewrite(sub_if_on_pg3.sw_if_index, - L2_VTR_OP.L2_POP_1, - 93) + self.vapi.sw_interface_set_l2_bridge( + rx_sw_if_index=self.pg0.sw_if_index, bd_id=1) + self.vapi.sw_interface_set_l2_bridge( + rx_sw_if_index=self.pg1.sw_if_index, bd_id=1) + self.vapi.sw_interface_set_l2_bridge( + rx_sw_if_index=sub_if_on_pg2.sw_if_index, bd_id=1) + self.vapi.sw_interface_set_l2_bridge( + rx_sw_if_index=sub_if_on_pg3.sw_if_index, bd_id=1) + self.vapi.sw_interface_set_l2_bridge( + rx_sw_if_index=self.loop0.sw_if_index, bd_id=1, + port_type=L2_PORT_TYPE.BVI) + + self.vapi.l2_interface_vlan_tag_rewrite( + sw_if_index=sub_if_on_pg2.sw_if_index, vtr_op=L2_VTR_OP.L2_POP_1, + push_dot1q=92) + self.vapi.l2_interface_vlan_tag_rewrite( + sw_if_index=sub_if_on_pg3.sw_if_index, vtr_op=L2_VTR_OP.L2_POP_1, + push_dot1q=93) # # Add routes to bridge the traffic via a tagged an nontagged interface @@ -107,22 +122,16 @@ class TestDVR(VppTestCase): self, ip_non_tag_bridged, 32, [VppRoutePath("0.0.0.0", self.pg1.sw_if_index, - proto=DpoProto.DPO_PROTO_ETHERNET)]) + type=FibPathType.FIB_PATH_TYPE_DVR)]) route_no_tag.add_vpp_config() # # Inject the packet that arrives and leaves on a non-tagged interface # Since it's 'bridged' expect that the MAC headed is unchanged. # - self.pg0.add_stream(pkt_no_tag) - - self.pg_enable_capture(self.pg_interfaces) - self.pg_start() - - rx = self.pg1.get_capture(1) - - self.assertEqual(rx[0][Ether].dst, pkt_no_tag[Ether].dst) - self.assertEqual(rx[0][Ether].src, pkt_no_tag[Ether].src) + rx = self.send_and_expect(self.pg0, pkt_no_tag * NUM_PKTS, self.pg1) + self.assert_same_mac_addr(pkt_no_tag, rx) + self.assert_has_no_tag(rx) # # Add routes to bridge the traffic via a tagged interface @@ -131,14 +140,14 @@ class TestDVR(VppTestCase): self, ip_tag_bridged, 32, [VppRoutePath("0.0.0.0", sub_if_on_pg3.sw_if_index, - proto=DpoProto.DPO_PROTO_ETHERNET)]) + type=FibPathType.FIB_PATH_TYPE_DVR)]) route_with_tag.add_vpp_config() # - # Inject the packet that arrives and leaves on a non-tagged interface - # Since it's 'bridged' expect that the MAC headed is unchanged. + # Inject the packet that arrives non-tag and leaves on a tagged + # interface # - rx = self.send_and_expect(self.pg0, pkt_tag * 65, self.pg3) + rx = self.send_and_expect(self.pg0, pkt_tag * NUM_PKTS, self.pg3) self.assert_same_mac_addr(pkt_tag, rx) self.assert_has_vlan_tag(93, rx) @@ -151,9 +160,11 @@ class TestDVR(VppTestCase): IP(src=any_src_addr, dst=ip_tag_bridged) / UDP(sport=1234, dport=1234) / - Raw('\xa5' * 100)) + Raw(b'\xa5' * 100)) - rx = self.send_and_expect(self.pg2, pkt_tag_to_tag * 65, self.pg3) + rx = self.send_and_expect(self.pg2, + pkt_tag_to_tag * NUM_PKTS, + self.pg3) self.assert_same_mac_addr(pkt_tag_to_tag, rx) self.assert_has_vlan_tag(93, rx) @@ -166,25 +177,70 @@ class TestDVR(VppTestCase): IP(src=any_src_addr, dst=ip_non_tag_bridged) / UDP(sport=1234, dport=1234) / - Raw('\xa5' * 100)) + Raw(b'\xa5' * 100)) - rx = self.send_and_expect(self.pg2, pkt_tag_to_non_tag * 65, self.pg1) + rx = self.send_and_expect(self.pg2, + pkt_tag_to_non_tag * NUM_PKTS, + self.pg1) self.assert_same_mac_addr(pkt_tag_to_tag, rx) self.assert_has_no_tag(rx) + # + # Add an output L3 ACL that will block the traffic + # + rule_1 = AclRule(is_permit=0, proto=17, ports=1234, + src_prefix=IPv4Network((any_src_addr, 32)), + dst_prefix=IPv4Network((ip_non_tag_bridged, 32))) + acl = VppAcl(self, rules=[rule_1]) + acl.add_vpp_config() + + # + # Apply the ACL on the output interface + # + acl_if1 = VppAclInterface(self, sw_if_index=self.pg1.sw_if_index, + n_input=0, acls=[acl]) + acl_if1.add_vpp_config() + + # + # Send packet's that should match the ACL and be dropped + # + rx = self.send_and_assert_no_replies(self.pg2, + pkt_tag_to_non_tag * NUM_PKTS) + # # cleanup # - self.vapi.sw_interface_set_l2_bridge(self.pg0.sw_if_index, 1, - enable=0) - self.vapi.sw_interface_set_l2_bridge(self.pg1.sw_if_index, 1, - enable=0) - self.vapi.sw_interface_set_l2_bridge(sub_if_on_pg2.sw_if_index, - 1, enable=0) - self.vapi.sw_interface_set_l2_bridge(sub_if_on_pg3.sw_if_index, - 1, enable=0) - self.vapi.sw_interface_set_l2_bridge(self.loop0.sw_if_index, - 1, bvi=1, enable=0) + acl_if1.remove_vpp_config() + acl.remove_vpp_config() + + self.vapi.sw_interface_set_l2_bridge( + rx_sw_if_index=self.pg0.sw_if_index, bd_id=1, enable=0) + self.vapi.sw_interface_set_l2_bridge( + rx_sw_if_index=self.pg1.sw_if_index, bd_id=1, enable=0) + self.vapi.sw_interface_set_l2_bridge( + rx_sw_if_index=sub_if_on_pg2.sw_if_index, bd_id=1, enable=0) + self.vapi.sw_interface_set_l2_bridge( + rx_sw_if_index=sub_if_on_pg3.sw_if_index, bd_id=1, enable=0) + self.vapi.sw_interface_set_l2_bridge( + rx_sw_if_index=self.loop0.sw_if_index, bd_id=1, + port_type=L2_PORT_TYPE.BVI, enable=0) + + # + # Do a FIB dump to make sure the paths are correctly reported as DVR + # + routes = self.vapi.ip_route_dump(0) + + for r in routes: + if (ip_tag_bridged == str(r.route.prefix.network_address)): + self.assertEqual(r.route.paths[0].sw_if_index, + sub_if_on_pg3.sw_if_index) + self.assertEqual(r.route.paths[0].type, + FibPathType.FIB_PATH_TYPE_DVR) + if (ip_non_tag_bridged == str(r.route.prefix.network_address)): + self.assertEqual(r.route.paths[0].sw_if_index, + self.pg1.sw_if_index) + self.assertEqual(r.route.paths[0].type, + FibPathType.FIB_PATH_TYPE_DVR) # # the explicit route delete is require so it happens before @@ -207,33 +263,33 @@ class TestDVR(VppTestCase): IP(src="2.2.2.2", dst="1.1.1.1") / UDP(sport=1234, dport=1234) / - Raw('\xa5' * 100)) + Raw(b'\xa5' * 100)) pkt_to_tag = (Ether(src=self.pg0.remote_mac, dst=self.pg2.remote_mac) / IP(src="2.2.2.2", dst="1.1.1.2") / UDP(sport=1234, dport=1234) / - Raw('\xa5' * 100)) + Raw(b'\xa5' * 100)) pkt_from_tag = (Ether(src=self.pg3.remote_mac, dst=self.pg2.remote_mac) / Dot1Q(vlan=93) / IP(src="2.2.2.2", dst="1.1.1.1") / UDP(sport=1234, dport=1234) / - Raw('\xa5' * 100)) + Raw(b'\xa5' * 100)) pkt_from_to_tag = (Ether(src=self.pg3.remote_mac, dst=self.pg2.remote_mac) / Dot1Q(vlan=93) / IP(src="2.2.2.2", dst="1.1.1.2") / UDP(sport=1234, dport=1234) / - Raw('\xa5' * 100)) + Raw(b'\xa5' * 100)) pkt_bcast = (Ether(src=self.pg0.remote_mac, dst="ff:ff:ff:ff:ff:ff") / IP(src="2.2.2.2", dst="255.255.255.255") / UDP(sport=1234, dport=1234) / - Raw('\xa5' * 100)) + Raw(b'\xa5' * 100)) # # A couple of sub-interfaces for tags @@ -246,66 +302,75 @@ class TestDVR(VppTestCase): # # Put all the interfaces into a new bridge domain # - self.vapi.sw_interface_set_l2_bridge(self.pg0.sw_if_index, 1) - self.vapi.sw_interface_set_l2_bridge(self.pg1.sw_if_index, 1) - self.vapi.sw_interface_set_l2_bridge(sub_if_on_pg2.sw_if_index, 1) - self.vapi.sw_interface_set_l2_bridge(sub_if_on_pg3.sw_if_index, 1) - self.vapi.sw_interface_set_l2_tag_rewrite(sub_if_on_pg2.sw_if_index, - L2_VTR_OP.L2_POP_1, - 92) - self.vapi.sw_interface_set_l2_tag_rewrite(sub_if_on_pg3.sw_if_index, - L2_VTR_OP.L2_POP_1, - 93) - - # - # Disable UU flooding, learning and ARM terminaation. makes this test + self.vapi.sw_interface_set_l2_bridge( + rx_sw_if_index=self.pg0.sw_if_index, bd_id=1) + self.vapi.sw_interface_set_l2_bridge( + rx_sw_if_index=self.pg1.sw_if_index, bd_id=1) + self.vapi.sw_interface_set_l2_bridge( + rx_sw_if_index=sub_if_on_pg2.sw_if_index, bd_id=1) + self.vapi.sw_interface_set_l2_bridge( + rx_sw_if_index=sub_if_on_pg3.sw_if_index, bd_id=1) + self.vapi.l2_interface_vlan_tag_rewrite( + sw_if_index=sub_if_on_pg2.sw_if_index, vtr_op=L2_VTR_OP.L2_POP_1, + push_dot1q=92) + self.vapi.l2_interface_vlan_tag_rewrite( + sw_if_index=sub_if_on_pg3.sw_if_index, vtr_op=L2_VTR_OP.L2_POP_1, + push_dot1q=93) + + # + # Disable UU flooding, learning and ARP termination. makes this test # easier as unicast packets are dropped if not extracted. # - self.vapi.bridge_flags(1, 0, (1 << 0) | (1 << 3) | (1 << 4)) + self.vapi.bridge_flags(bd_id=1, is_set=0, + flags=(1 << 0) | (1 << 3) | (1 << 4)) # # Add a DVR route to steer traffic at L3 # - route_1 = VppIpRoute(self, "1.1.1.1", 32, - [VppRoutePath("0.0.0.0", - self.pg1.sw_if_index, - proto=DpoProto.DPO_PROTO_ETHERNET)]) - route_2 = VppIpRoute(self, "1.1.1.2", 32, - [VppRoutePath("0.0.0.0", - sub_if_on_pg2.sw_if_index, - proto=DpoProto.DPO_PROTO_ETHERNET)]) + route_1 = VppIpRoute( + self, "1.1.1.1", 32, + [VppRoutePath("0.0.0.0", + self.pg1.sw_if_index, + type=FibPathType.FIB_PATH_TYPE_DVR)]) + route_2 = VppIpRoute( + self, "1.1.1.2", 32, + [VppRoutePath("0.0.0.0", + sub_if_on_pg2.sw_if_index, + type=FibPathType.FIB_PATH_TYPE_DVR)]) route_1.add_vpp_config() route_2.add_vpp_config() # - # packets are dropped because bridge does not flood unkown unicast + # packets are dropped because bridge does not flood unknown unicast # self.send_and_assert_no_replies(self.pg0, pkt_no_tag) # # Enable L3 extraction on pgs # - self.vapi.sw_interface_set_l2_emulation(self.pg0.sw_if_index) - self.vapi.sw_interface_set_l2_emulation(self.pg1.sw_if_index) - self.vapi.sw_interface_set_l2_emulation(sub_if_on_pg2.sw_if_index) - self.vapi.sw_interface_set_l2_emulation(sub_if_on_pg3.sw_if_index) + self.vapi.l2_emulation(self.pg0.sw_if_index) + self.vapi.l2_emulation(self.pg1.sw_if_index) + self.vapi.l2_emulation(sub_if_on_pg2.sw_if_index) + self.vapi.l2_emulation(sub_if_on_pg3.sw_if_index) # # now we expect the packet forward according to the DVR route # - rx = self.send_and_expect(self.pg0, pkt_no_tag * 65, self.pg1) + rx = self.send_and_expect(self.pg0, pkt_no_tag * NUM_PKTS, self.pg1) self.assert_same_mac_addr(pkt_no_tag, rx) self.assert_has_no_tag(rx) - rx = self.send_and_expect(self.pg0, pkt_to_tag * 65, self.pg2) + rx = self.send_and_expect(self.pg0, pkt_to_tag * NUM_PKTS, self.pg2) self.assert_same_mac_addr(pkt_to_tag, rx) self.assert_has_vlan_tag(92, rx) - rx = self.send_and_expect(self.pg3, pkt_from_tag * 65, self.pg1) + rx = self.send_and_expect(self.pg3, pkt_from_tag * NUM_PKTS, self.pg1) self.assert_same_mac_addr(pkt_from_tag, rx) self.assert_has_no_tag(rx) - rx = self.send_and_expect(self.pg3, pkt_from_to_tag * 65, self.pg2) + rx = self.send_and_expect(self.pg3, + pkt_from_to_tag * NUM_PKTS, + self.pg2) self.assert_same_mac_addr(pkt_from_tag, rx) self.assert_has_vlan_tag(92, rx) @@ -317,23 +382,23 @@ class TestDVR(VppTestCase): # # cleanup # - self.vapi.sw_interface_set_l2_emulation(self.pg0.sw_if_index, - enable=0) - self.vapi.sw_interface_set_l2_emulation(self.pg1.sw_if_index, - enable=0) - self.vapi.sw_interface_set_l2_emulation(sub_if_on_pg2.sw_if_index, - enable=0) - self.vapi.sw_interface_set_l2_emulation(sub_if_on_pg3.sw_if_index, - enable=0) - - self.vapi.sw_interface_set_l2_bridge(self.pg0.sw_if_index, - 1, enable=0) - self.vapi.sw_interface_set_l2_bridge(self.pg1.sw_if_index, - 1, enable=0) - self.vapi.sw_interface_set_l2_bridge(sub_if_on_pg2.sw_if_index, - 1, enable=0) - self.vapi.sw_interface_set_l2_bridge(sub_if_on_pg3.sw_if_index, - 1, enable=0) + self.vapi.l2_emulation(self.pg0.sw_if_index, + enable=0) + self.vapi.l2_emulation(self.pg1.sw_if_index, + enable=0) + self.vapi.l2_emulation(sub_if_on_pg2.sw_if_index, + enable=0) + self.vapi.l2_emulation(sub_if_on_pg3.sw_if_index, + enable=0) + + self.vapi.sw_interface_set_l2_bridge( + rx_sw_if_index=self.pg0.sw_if_index, bd_id=1, enable=0) + self.vapi.sw_interface_set_l2_bridge( + rx_sw_if_index=self.pg1.sw_if_index, bd_id=1, enable=0) + self.vapi.sw_interface_set_l2_bridge( + rx_sw_if_index=sub_if_on_pg2.sw_if_index, bd_id=1, enable=0) + self.vapi.sw_interface_set_l2_bridge( + rx_sw_if_index=sub_if_on_pg3.sw_if_index, bd_id=1, enable=0) route_1.remove_vpp_config() route_2.remove_vpp_config()