X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=test%2Ftest_gbp.py;h=e9b5f5dc56b25487e5a416607249b9a701e565b4;hb=4271c971919bb8defa3ca54f4a362676cd57bfb2;hp=17e9f93e93847b0d8715970be47873d385bd8f12;hpb=95c0ca42f2d02e7562775f7c1e6535a586a26186;p=vpp.git diff --git a/test/test_gbp.py b/test/test_gbp.py index 17e9f93e938..e9b5f5dc56b 100644 --- a/test/test_gbp.py +++ b/test/test_gbp.py @@ -6,7 +6,7 @@ import unittest from scapy.packet import Raw from scapy.layers.l2 import Ether, ARP, Dot1Q from scapy.layers.inet import IP, UDP, ICMP -from scapy.layers.inet6 import IPv6, ICMPv6ND_NS, ICMPv6NDOptSrcLLAddr, \ +from scapy.layers.inet6 import IPv6, ICMPv6ND_NS, ICMPv6NDOptSrcLLAddr, \ ICMPv6ND_NA from scapy.utils6 import in6_getnsma, in6_getnsmac from scapy.layers.vxlan import VXLAN @@ -27,6 +27,8 @@ from vpp_vxlan_gbp_tunnel import find_vxlan_gbp_tunnel, INDEX_INVALID, \ VppVxlanGbpTunnel from vpp_neighbor import VppNeighbor +NUM_PKTS = 67 + def find_gbp_endpoint(test, sw_if_index=None, ip=None, mac=None): if ip: @@ -220,6 +222,7 @@ class VppGbpSubnet(VppObject): """ GBP Subnet """ + def __init__(self, test, rd, address, address_len, type, sw_if_index=None, sclass=None): self._test = test @@ -253,8 +256,8 @@ class VppGbpSubnet(VppObject): ss = self._test.vapi.gbp_subnet_dump() for s in ss: if s.subnet.rd_id == self.rd_id and \ - s.subnet.type == self.type and \ - s.subnet.prefix == self.prefix: + s.subnet.type == self.type and \ + s.subnet.prefix == self.prefix: return True return False @@ -318,7 +321,7 @@ class VppGbpBridgeDomain(VppObject): """ def __init__(self, test, bd, bvi, uu_fwd=None, - bm_flood=None, learn=True): + bm_flood=None, learn=True, uu_drop=False, bm_drop=False): self._test = test self.bvi = bvi self.uu_fwd = uu_fwd @@ -330,6 +333,10 @@ class VppGbpBridgeDomain(VppObject): self.learn = e.GBP_BD_API_FLAG_NONE else: self.learn = e.GBP_BD_API_FLAG_DO_NOT_LEARN + if (uu_drop): + self.learn |= e.GBP_BD_API_FLAG_UU_FWD_DROP + if (bm_drop): + self.learn |= e.GBP_BD_API_FLAG_MCAST_DROP def add_vpp_config(self): self._test.vapi.gbp_bridge_domain_add( @@ -443,13 +450,14 @@ class VppGbpContract(VppObject): rules = [] for r in self.rules: rules.append(r.encode()) - self._test.vapi.gbp_contract_add_del( + r = self._test.vapi.gbp_contract_add_del( 1, self.sclass, self.dclass, self.acl_index, rules, self.allowed_ethertypes) + self.stats_index = r.stats_index self._test.registry.register(self, self._test.logger) def remove_vpp_config(self): @@ -470,10 +478,18 @@ class VppGbpContract(VppObject): cs = self._test.vapi.gbp_contract_dump() for c in cs: if c.contract.sclass == self.sclass \ - and c.contract.dclass == self.dclass: + and c.contract.dclass == self.dclass: return True return False + def get_drop_stats(self): + c = self._test.statistics.get_counter("/net/gbp/contract/drop") + return c[0][self.stats_index] + + def get_permit_stats(self): + c = self._test.statistics.get_counter("/net/gbp/contract/permit") + return c[0][self.stats_index] + class VppGbpVxlanTunnel(VppInterface): """ @@ -562,6 +578,18 @@ class VppGbpAcl(VppObject): class TestGBP(VppTestCase): """ GBP Test Case """ + @property + def config_flags(self): + return VppEnum.vl_api_nat_config_flags_t + + @classmethod + def setUpClass(cls): + super(TestGBP, cls).setUpClass() + + @classmethod + def tearDownClass(cls): + super(TestGBP, cls).tearDownClass() + def setUp(self): super(TestGBP, self).setUp() @@ -774,12 +802,13 @@ class TestGBP(VppTestCase): self.router_mac.packed) # The BVIs are NAT inside interfaces - self.vapi.nat44_interface_add_del_feature(epg.bvi.sw_if_index, - is_inside=1, - is_add=1) - self.vapi.nat66_add_del_interface(epg.bvi.sw_if_index, - is_inside=1, - is_add=1) + flags = self.config_flags.NAT_IS_INSIDE + self.vapi.nat44_interface_add_del_feature( + sw_if_index=epg.bvi.sw_if_index, + flags=flags, is_add=1) + self.vapi.nat66_add_del_interface( + is_add=1, flags=flags, + sw_if_index=epg.bvi.sw_if_index) if_ip4 = VppIpInterfaceAddress(self, epg.bvi, epg.bvi_ip4, 32) if_ip6 = VppIpInterfaceAddress(self, epg.bvi, epg.bvi_ip6, 128) @@ -811,13 +840,10 @@ class TestGBP(VppTestCase): recirc.epg.rd.t6).add_vpp_config() self.vapi.nat44_interface_add_del_feature( - recirc.recirc.sw_if_index, - is_inside=0, - is_add=1) + sw_if_index=recirc.recirc.sw_if_index, is_add=1) self.vapi.nat66_add_del_interface( - recirc.recirc.sw_if_index, - is_inside=0, - is_add=1) + is_add=1, + sw_if_index=recirc.recirc.sw_if_index) recirc.add_vpp_config() @@ -837,14 +863,19 @@ class TestGBP(VppTestCase): for (ip, fip) in zip(ep.ips, ep.fips): # Add static mappings for each EP from the 10/8 to 11/8 network if ip.af == AF_INET: - self.vapi.nat44_add_del_static_mapping(ip.bytes, - fip.bytes, - vrf_id=0, - addr_only=1) + flags = self.config_flags.NAT_IS_ADDR_ONLY + self.vapi.nat44_add_del_static_mapping( + is_add=1, + local_ip_address=ip.bytes, + external_ip_address=fip.bytes, + external_sw_if_index=0xFFFFFFFF, + vrf_id=0, + flags=flags) else: - self.vapi.nat66_add_del_static_mapping(ip.bytes, - fip.bytes, - vrf_id=0) + self.vapi.nat66_add_del_static_mapping( + local_ip_address=ip.bytes, + external_ip_address=fip.bytes, + vrf_id=0, is_add=1) # VPP EP create ... ep.add_vpp_config() @@ -963,7 +994,8 @@ class TestGBP(VppTestCase): UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)) - self.send_and_assert_no_replies(self.pg0, pkt_intra_epg_220_ip4 * 65) + self.send_and_assert_no_replies(self.pg0, + pkt_intra_epg_220_ip4 * NUM_PKTS) pkt_inter_epg_222_ip6 = (Ether(src=self.pg0.remote_mac, dst=str(self.router_mac)) / @@ -971,7 +1003,8 @@ class TestGBP(VppTestCase): dst="2001:10::99") / UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)) - self.send_and_assert_no_replies(self.pg0, pkt_inter_epg_222_ip6 * 65) + self.send_and_assert_no_replies(self.pg0, + pkt_inter_epg_222_ip6 * NUM_PKTS) # # Add the subnet routes @@ -1002,13 +1035,13 @@ class TestGBP(VppTestCase): s63.add_vpp_config() self.send_and_expect_bridged(eps[0].itf, - pkt_intra_epg_220_ip4 * 65, + pkt_intra_epg_220_ip4 * NUM_PKTS, eps[0].epg.uplink) self.send_and_expect_bridged(eps[0].itf, - pkt_inter_epg_222_ip4 * 65, + pkt_inter_epg_222_ip4 * NUM_PKTS, eps[0].epg.uplink) self.send_and_expect_bridged6(eps[0].itf, - pkt_inter_epg_222_ip6 * 65, + pkt_inter_epg_222_ip6 * NUM_PKTS, eps[0].epg.uplink) self.logger.info(self.vapi.cli("sh ip fib 11.0.0.2")) @@ -1033,7 +1066,7 @@ class TestGBP(VppTestCase): Raw('\xa5' * 100)) self.send_and_expect_bridged(eps[0].itf, - pkt_intra_epg_220_to_uplink * 65, + pkt_intra_epg_220_to_uplink * NUM_PKTS, eps[0].epg.uplink) # ... and nowhere else self.pg1.get_capture(0, timeout=0.1) @@ -1047,7 +1080,7 @@ class TestGBP(VppTestCase): Raw('\xa5' * 100)) self.send_and_expect_bridged(eps[2].itf, - pkt_intra_epg_221_to_uplink * 65, + pkt_intra_epg_221_to_uplink * NUM_PKTS, eps[2].epg.uplink) # @@ -1061,7 +1094,7 @@ class TestGBP(VppTestCase): Raw('\xa5' * 100)) self.send_and_expect_bridged(self.pg4, - pkt_intra_epg_220_from_uplink * 65, + pkt_intra_epg_220_from_uplink * NUM_PKTS, self.pg0) # @@ -1075,7 +1108,9 @@ class TestGBP(VppTestCase): UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)) - self.send_and_expect_bridged(self.pg0, pkt_intra_epg * 65, self.pg1) + self.send_and_expect_bridged(self.pg0, + pkt_intra_epg * NUM_PKTS, + self.pg1) # # in the absence of policy, endpoints in the different EPG @@ -1101,9 +1136,9 @@ class TestGBP(VppTestCase): Raw('\xa5' * 100)) self.send_and_assert_no_replies(eps[0].itf, - pkt_inter_epg_220_to_221 * 65) + pkt_inter_epg_220_to_221 * NUM_PKTS) self.send_and_assert_no_replies(eps[0].itf, - pkt_inter_epg_220_to_222 * 65) + pkt_inter_epg_220_to_222 * NUM_PKTS) # # A uni-directional contract from EPG 220 -> 221 @@ -1117,17 +1152,17 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c1.add_vpp_config() self.send_and_expect_bridged(eps[0].itf, - pkt_inter_epg_220_to_221 * 65, + pkt_inter_epg_220_to_221 * NUM_PKTS, eps[2].itf) self.send_and_assert_no_replies(eps[0].itf, - pkt_inter_epg_220_to_222 * 65) + pkt_inter_epg_220_to_222 * NUM_PKTS) # # contract for the return direction @@ -1137,19 +1172,24 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c2.add_vpp_config() self.send_and_expect_bridged(eps[0].itf, - pkt_inter_epg_220_to_221 * 65, + pkt_inter_epg_220_to_221 * NUM_PKTS, eps[2].itf) self.send_and_expect_bridged(eps[2].itf, - pkt_inter_epg_221_to_220 * 65, + pkt_inter_epg_221_to_220 * NUM_PKTS, eps[0].itf) + ds = c2.get_drop_stats() + self.assertEqual(ds['packets'], 0) + ps = c2.get_permit_stats() + self.assertEqual(ps['packets'], NUM_PKTS) + # # the contract does not allow non-IP # @@ -1164,7 +1204,7 @@ class TestGBP(VppTestCase): # not in the contract. # self.send_and_assert_no_replies(eps[0].itf, - pkt_inter_epg_220_to_222 * 65) + pkt_inter_epg_220_to_222 * NUM_PKTS) # # A uni-directional contract from EPG 220 -> 222 'L3 routed' @@ -1174,16 +1214,16 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c3.add_vpp_config() self.logger.info(self.vapi.cli("sh gbp contract")) self.send_and_expect_routed(eps[0].itf, - pkt_inter_epg_220_to_222 * 65, + pkt_inter_epg_220_to_222 * NUM_PKTS, eps[3].itf, str(self.router_mac)) @@ -1196,11 +1236,11 @@ class TestGBP(VppTestCase): acl.remove_vpp_config() self.send_and_assert_no_replies(eps[2].itf, - pkt_inter_epg_221_to_220 * 65) + pkt_inter_epg_221_to_220 * NUM_PKTS) self.send_and_assert_no_replies(eps[0].itf, - pkt_inter_epg_220_to_221 * 65) + pkt_inter_epg_220_to_221 * NUM_PKTS) self.send_and_expect_bridged(eps[0].itf, - pkt_intra_epg * 65, + pkt_intra_epg * NUM_PKTS, eps[1].itf) # @@ -1264,7 +1304,7 @@ class TestGBP(VppTestCase): # no policy yet self.send_and_assert_no_replies(eps[0].itf, - pkt_inter_epg_220_to_global * 65) + pkt_inter_epg_220_to_global * NUM_PKTS) acl2 = VppGbpAcl(self) rule = acl2.create_rule(permit_deny=1, proto=17, sport_from=1234, @@ -1279,14 +1319,14 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c4.add_vpp_config() self.send_and_expect_natted(eps[0].itf, - pkt_inter_epg_220_to_global * 65, + pkt_inter_epg_220_to_global * NUM_PKTS, self.pg7, eps[0].fip4.address) @@ -1298,7 +1338,7 @@ class TestGBP(VppTestCase): Raw('\xa5' * 100)) self.send_and_expect_natted6(self.pg0, - pkt_inter_epg_220_to_global * 65, + pkt_inter_epg_220_to_global * NUM_PKTS, self.pg7, eps[0].fip6.address) @@ -1312,22 +1352,22 @@ class TestGBP(VppTestCase): UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)) - self.send_and_assert_no_replies(self.pg7, - pkt_inter_epg_220_from_global * 65) + self.send_and_assert_no_replies( + self.pg7, pkt_inter_epg_220_from_global * NUM_PKTS) c5 = VppGbpContract( self, epgs[3].sclass, epgs[0].sclass, acl_index2, [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c5.add_vpp_config() self.send_and_expect_unnatted(self.pg7, - pkt_inter_epg_220_from_global * 65, + pkt_inter_epg_220_from_global * NUM_PKTS, eps[0].itf, eps[0].ip4.address) @@ -1338,10 +1378,11 @@ class TestGBP(VppTestCase): UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)) - self.send_and_expect_unnatted6(self.pg7, - pkt_inter_epg_220_from_global * 65, - eps[0].itf, - eps[0].ip6.address) + self.send_and_expect_unnatted6( + self.pg7, + pkt_inter_epg_220_from_global * NUM_PKTS, + eps[0].itf, + eps[0].ip6.address) # # From a local VM to another local VM using resp. public addresses: @@ -1355,7 +1396,7 @@ class TestGBP(VppTestCase): Raw('\xa5' * 100)) self.send_and_expect_double_natted(eps[0].itf, - pkt_intra_epg_220_global * 65, + pkt_intra_epg_220_global * NUM_PKTS, eps[1].itf, eps[0].fip4.address, eps[1].ip4.address) @@ -1367,46 +1408,50 @@ class TestGBP(VppTestCase): UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)) - self.send_and_expect_double_natted6(eps[0].itf, - pkt_intra_epg_220_global * 65, - eps[1].itf, - eps[0].fip6.address, - eps[1].ip6.address) + self.send_and_expect_double_natted6( + eps[0].itf, + pkt_intra_epg_220_global * NUM_PKTS, + eps[1].itf, + eps[0].fip6.address, + eps[1].ip6.address) # # cleanup # for ep in eps: # del static mappings for each EP from the 10/8 to 11/8 network - self.vapi.nat44_add_del_static_mapping(ep.ip4.bytes, - ep.fip4.bytes, - vrf_id=0, - addr_only=1, - is_add=0) - self.vapi.nat66_add_del_static_mapping(ep.ip6.bytes, - ep.fip6.bytes, - vrf_id=0, - is_add=0) + flags = self.config_flags.NAT_IS_ADDR_ONLY + self.vapi.nat44_add_del_static_mapping( + is_add=0, + local_ip_address=ep.ip4.bytes, + external_ip_address=ep.fip4.bytes, + external_sw_if_index=0xFFFFFFFF, + vrf_id=0, + flags=flags) + self.vapi.nat66_add_del_static_mapping( + local_ip_address=ep.ip6.bytes, + external_ip_address=ep.fip6.bytes, + vrf_id=0, is_add=0) for epg in epgs: # IP config on the BVI interfaces if epg != epgs[0] and epg != epgs[3]: - self.vapi.nat44_interface_add_del_feature(epg.bvi.sw_if_index, - is_inside=1, - is_add=0) - self.vapi.nat66_add_del_interface(epg.bvi.sw_if_index, - is_inside=1, - is_add=0) + flags = self.config_flags.NAT_IS_INSIDE + self.vapi.nat44_interface_add_del_feature( + sw_if_index=epg.bvi.sw_if_index, + flags=flags, + is_add=0) + self.vapi.nat66_add_del_interface( + is_add=0, flags=flags, + sw_if_index=epg.bvi.sw_if_index) for recirc in recircs: self.vapi.nat44_interface_add_del_feature( - recirc.recirc.sw_if_index, - is_inside=0, + sw_if_index=recirc.recirc.sw_if_index, is_add=0) self.vapi.nat66_add_del_interface( - recirc.recirc.sw_if_index, - is_inside=0, - is_add=0) + is_add=0, + sw_if_index=recirc.recirc.sw_if_index) def wait_for_ep_timeout(self, sw_if_index=None, ip=None, mac=None, n_tries=100, s_time=1): @@ -1421,6 +1466,8 @@ class TestGBP(VppTestCase): def test_gbp_learn_l2(self): """ GBP L2 Endpoint Learning """ + self.vapi.cli("clear errors") + ep_flags = VppEnum.vl_api_gbp_endpoint_flags_t learnt = [{'mac': '00:00:11:11:11:01', 'ip': '10.0.0.1', @@ -1529,6 +1576,10 @@ class TestGBP(VppTestCase): self.send_and_assert_no_replies(self.pg2, p) + self.logger.info(self.vapi.cli("sh error")) + # self.assert_packet_counter_equal( + # '/err/gbp-policy-port/drop-no-contract', 1) + # # we should not have learnt a new tunnel endpoint, since # the EPG was not learnt. @@ -1539,7 +1590,7 @@ class TestGBP(VppTestCase): self.pg2.remote_hosts[0].ip4, 99)) - # epg is not learnt, because the EPG is unknwon + # epg is not learnt, because the EPG is unknown self.assertEqual(len(self.vapi.gbp_endpoint_dump()), 1) # @@ -1580,6 +1631,9 @@ class TestGBP(VppTestCase): vx_tun_l2_1.sw_if_index, ip=l['ip'])) + # self.assert_packet_counter_equal( + # '/err/gbp-policy-port/allow-intra-sclass', 2) + self.logger.info(self.vapi.cli("show gbp endpoint")) self.logger.info(self.vapi.cli("show gbp vxlan")) self.logger.info(self.vapi.cli("show ip mfib")) @@ -1697,7 +1751,7 @@ class TestGBP(VppTestCase): UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)) - rx = self.send_and_expect(self.pg2, p*65, self.pg0) + rx = self.send_and_expect(self.pg2, p * NUM_PKTS, self.pg0) for l in learnt: self.assertFalse(find_gbp_endpoint(self, @@ -1720,7 +1774,7 @@ class TestGBP(VppTestCase): UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)) - rx = self.send_and_expect(self.pg2, p*65, self.pg0) + rx = self.send_and_expect(self.pg2, p * NUM_PKTS, self.pg0) self.assertTrue(find_gbp_endpoint(self, vx_tun_l2_1.sw_if_index, @@ -1772,7 +1826,7 @@ class TestGBP(VppTestCase): UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)) - rx = self.send_and_expect(self.pg2, p*65, self.pg0) + rx = self.send_and_expect(self.pg2, p * NUM_PKTS, self.pg0) self.assertTrue(find_gbp_endpoint(self, vx_tun_l2_1.sw_if_index, @@ -1805,7 +1859,7 @@ class TestGBP(VppTestCase): UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)) - rx = self.send_and_expect(self.pg2, p*65, self.pg0) + rx = self.send_and_expect(self.pg2, p * NUM_PKTS, self.pg0) self.assertTrue(find_gbp_endpoint(self, vx_tun_l2_1.sw_if_index, @@ -1823,9 +1877,9 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c1.add_vpp_config() @@ -1884,7 +1938,7 @@ class TestGBP(VppTestCase): UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)) - rx = self.send_and_expect(self.pg2, p*65, self.pg0) + rx = self.send_and_expect(self.pg2, p * NUM_PKTS, self.pg0) self.assertTrue(find_gbp_endpoint(self, vx_tun_l2_1.sw_if_index, @@ -1901,7 +1955,6 @@ class TestGBP(VppTestCase): for l in learnt: self.wait_for_ep_timeout(vx_tun_l2_1.sw_if_index, mac=l['mac']) - self.pg2.unconfig_ip4() self.pg3.unconfig_ip4() self.pg4.unconfig_ip4() @@ -1909,6 +1962,92 @@ class TestGBP(VppTestCase): self.logger.info(self.vapi.cli("sh int")) self.logger.info(self.vapi.cli("sh gbp vxlan")) + def test_gbp_bd_flags(self): + """ GBP BD FLAGS """ + + # + # IP tables + # + gt4 = VppIpTable(self, 1) + gt4.add_vpp_config() + gt6 = VppIpTable(self, 1, is_ip6=True) + gt6.add_vpp_config() + + rd1 = VppGbpRouteDomain(self, 1, gt4, gt6) + rd1.add_vpp_config() + + # + # Pg3 hosts the IP4 UU-flood VXLAN tunnel + # Pg4 hosts the IP6 UU-flood VXLAN tunnel + # + self.pg3.config_ip4() + self.pg3.resolve_arp() + self.pg4.config_ip4() + self.pg4.resolve_arp() + + # + # Add a mcast destination VXLAN-GBP tunnel for B&M traffic + # + tun_bm = VppVxlanGbpTunnel(self, self.pg4.local_ip4, + "239.1.1.1", 88, + mcast_itf=self.pg4) + tun_bm.add_vpp_config() + + # + # a GBP bridge domain with a BVI and a UU-flood interface + # + bd1 = VppBridgeDomain(self, 1) + bd1.add_vpp_config() + + gbd1 = VppGbpBridgeDomain(self, bd1, self.loop0, self.pg3, tun_bm, + uu_drop=True, bm_drop=True) + gbd1.add_vpp_config() + + self.logger.info(self.vapi.cli("sh bridge 1 detail")) + self.logger.info(self.vapi.cli("sh gbp bridge")) + + # ... and has a /32 applied + ip_addr = VppIpInterfaceAddress(self, gbd1.bvi, "10.0.0.128", 32) + ip_addr.add_vpp_config() + + # + # The Endpoint-group + # + epg_220 = VppGbpEndpointGroup(self, 220, 112, rd1, gbd1, + None, self.loop0, + "10.0.0.128", + "2001:10::128", + VppGbpEndpointRetention(2)) + epg_220.add_vpp_config() + + ep = VppGbpEndpoint(self, self.pg0, + epg_220, None, + "10.0.0.127", "11.0.0.127", + "2001:10::1", "3001::1") + ep.add_vpp_config() + # + # send UU/BM packet from the local EP with UU drop and BM drop enabled + # in bd + # + self.logger.info(self.vapi.cli("sh bridge 1 detail")) + self.logger.info(self.vapi.cli("sh gbp bridge")) + p_uu = (Ether(src=ep.mac, dst="00:11:11:11:11:11") / + IP(dst="10.0.0.133", src=ep.ip4.address) / + UDP(sport=1234, dport=1234) / + Raw('\xa5' * 100)) + self.send_and_assert_no_replies(ep.itf, [p_uu]) + + p_bm = (Ether(src=ep.mac, dst="ff:ff:ff:ff:ff:ff") / + IP(dst="10.0.0.133", src=ep.ip4.address) / + UDP(sport=1234, dport=1234) / + Raw('\xa5' * 100)) + self.send_and_assert_no_replies(ep.itf, [p_bm]) + + self.pg3.unconfig_ip4() + self.pg4.unconfig_ip4() + + self.logger.info(self.vapi.cli("sh int")) + def test_gbp_learn_vlan_l2(self): """ GBP L2 Endpoint w/ VLANs""" @@ -2219,7 +2358,7 @@ class TestGBP(VppTestCase): UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)) - rxs = self.send_and_expect(self.pg0, p*1, self.pg2) + rxs = self.send_and_expect(self.pg0, p * 1, self.pg2) for rx in rxs: self.assertEqual(rx[IP].src, self.pg2.local_ip4) @@ -2292,7 +2431,7 @@ class TestGBP(VppTestCase): UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)) - rxs = self.send_and_expect(self.pg0, p*65, self.pg2) + rxs = self.send_and_expect(self.pg0, p * NUM_PKTS, self.pg2) for rx in rxs: self.assertEqual(rx[IP].src, self.pg2.local_ip4) @@ -2431,7 +2570,7 @@ class TestGBP(VppTestCase): UDP(sport=1234, dport=1234) / Raw('\xa5' * 100)) - rxs = self.send_and_expect(self.pg0, p*65, self.pg2) + rxs = self.send_and_expect(self.pg0, p * NUM_PKTS, self.pg2) for rx in rxs: self.assertEqual(rx[IP].src, self.pg2.local_ip4) @@ -2722,13 +2861,13 @@ class TestGBP(VppTestCase): sep1.ip4, sep1.epg.rd), VppGbpContractNextHop(sep2.vmac, sep2.epg.bd, sep2.ip4, sep2.epg.rd)]), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, - VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SRC_IP, - [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, - sep3.ip6, sep3.epg.rd), - VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, - sep4.ip6, sep4.epg.rd)])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, + VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SRC_IP, + [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, + sep3.ip6, sep3.epg.rd), + VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, + sep4.ip6, sep4.epg.rd)])], [ETH_P_IP, ETH_P_IPV6]) c1.add_vpp_config() @@ -2741,13 +2880,13 @@ class TestGBP(VppTestCase): sep1.ip4, sep1.epg.rd), VppGbpContractNextHop(sep2.vmac, sep2.epg.bd, sep2.ip4, sep2.epg.rd)]), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, - VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SRC_IP, - [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, - sep3.ip6, sep3.epg.rd), - VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, - sep4.ip6, sep4.epg.rd)])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, + VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SRC_IP, + [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, + sep3.ip6, sep3.epg.rd), + VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, + sep4.ip6, sep4.epg.rd)])], [ETH_P_IP, ETH_P_IPV6]) c2.add_vpp_config() @@ -2854,13 +2993,13 @@ class TestGBP(VppTestCase): sep1.ip4, sep1.epg.rd), VppGbpContractNextHop(sep2.vmac, sep2.epg.bd, sep2.ip4, sep2.epg.rd)]), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, - VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SYMMETRIC, - [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, - sep3.ip6, sep3.epg.rd), - VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, - sep4.ip6, sep4.epg.rd)])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, + VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SYMMETRIC, + [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, + sep3.ip6, sep3.epg.rd), + VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, + sep4.ip6, sep4.epg.rd)])], [ETH_P_IP, ETH_P_IPV6]) c1.add_vpp_config() @@ -2873,13 +3012,13 @@ class TestGBP(VppTestCase): sep1.ip4, sep1.epg.rd), VppGbpContractNextHop(sep2.vmac, sep2.epg.bd, sep2.ip4, sep2.epg.rd)]), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, - VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SYMMETRIC, - [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, - sep3.ip6, sep3.epg.rd), - VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, - sep4.ip6, sep4.epg.rd)])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, + VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SYMMETRIC, + [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, + sep3.ip6, sep3.epg.rd), + VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, + sep4.ip6, sep4.epg.rd)])], [ETH_P_IP, ETH_P_IPV6]) c2.add_vpp_config() @@ -2938,13 +3077,13 @@ class TestGBP(VppTestCase): sep1.ip4, sep1.epg.rd), VppGbpContractNextHop(sep2.vmac, sep2.epg.bd, sep2.ip4, sep2.epg.rd)]), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, - VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SYMMETRIC, - [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, - sep3.ip6, sep3.epg.rd), - VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, - sep4.ip6, sep4.epg.rd)])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, + VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SYMMETRIC, + [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, + sep3.ip6, sep3.epg.rd), + VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, + sep4.ip6, sep4.epg.rd)])], [ETH_P_IP, ETH_P_IPV6]) c3.add_vpp_config() @@ -2970,9 +3109,9 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c4.add_vpp_config() @@ -3052,13 +3191,13 @@ class TestGBP(VppTestCase): sep1.ip4, sep1.epg.rd), VppGbpContractNextHop(sep2.vmac, sep2.epg.bd, sep2.ip4, sep2.epg.rd)]), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, - VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_DST_IP, - [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, - sep3.ip6, sep3.epg.rd), - VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, - sep4.ip6, sep4.epg.rd)])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT, + VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_DST_IP, + [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd, + sep3.ip6, sep3.epg.rd), + VppGbpContractNextHop(sep4.vmac, sep4.epg.bd, + sep4.ip6, sep4.epg.rd)])], [ETH_P_IP, ETH_P_IPV6]) c5.add_vpp_config() @@ -3353,9 +3492,9 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c1.add_vpp_config() @@ -3367,9 +3506,9 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c2.add_vpp_config() c3 = VppGbpContract( @@ -3377,9 +3516,9 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c3.add_vpp_config() @@ -3509,9 +3648,9 @@ class TestGBP(VppTestCase): [VppGbpContractRule( VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, []), - VppGbpContractRule( - VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, - [])], + VppGbpContractRule( + VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT, + [])], [ETH_P_IP, ETH_P_IPV6]) c4.add_vpp_config() @@ -3561,6 +3700,21 @@ class TestGBP(VppTestCase): rxs = self.send_and_expect(self.pg7, p * 3, self.pg0) self.assertFalse(find_gbp_endpoint(self, ip="10.222.0.1")) + # + # ping from host in remote to remote external subnets + # this is dropped by reflection check. + # + p = (Ether(src=self.pg7.remote_mac, dst=self.pg7.local_mac) / + IP(src=self.pg7.remote_ip4, dst=self.pg7.local_ip4) / + UDP(sport=1234, dport=48879) / + VXLAN(vni=445, gpid=4222, flags=0x88, gpflags='A') / + Ether(src=self.pg0.remote_mac, dst=str(self.router_mac)) / + IP(src="10.222.0.1", dst="10.222.0.2") / + UDP(sport=1234, dport=1234) / + Raw('\xa5' * 100)) + + rxs = self.send_and_assert_no_replies(self.pg7, p * 3) + # # cleanup #