X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=test%2Ftest_ip4.py;h=3fe61e266bee84a0d001f1e4a3ae2d69f0d2d3e6;hb=facee28032e329db691c68399ef6e3256132ddf0;hp=9bd9a4588ea62e94052c595eea79f4282e535f38;hpb=da505f608e0919c45089dc80f9e3e16330a6551a;p=vpp.git diff --git a/test/test_ip4.py b/test/test_ip4.py index 9bd9a4588ea..3fe61e266be 100644 --- a/test/test_ip4.py +++ b/test/test_ip4.py @@ -5,10 +5,12 @@ import unittest from framework import VppTestCase, VppTestRunner from vpp_sub_interface import VppSubInterface, VppDot1QSubint, VppDot1ADSubint +from vpp_ip_route import VppIpRoute, VppRoutePath, VppIpMRoute, \ + VppMRoutePath, MRouteItfFlags, MRouteEntryFlags from scapy.packet import Raw -from scapy.layers.l2 import Ether, Dot1Q -from scapy.layers.inet import IP, UDP +from scapy.layers.l2 import Ether, Dot1Q, ARP +from scapy.layers.inet import IP, UDP, ICMP, icmptypes, icmpcodes from util import ppp @@ -465,5 +467,441 @@ class TestIPv4FibCrud(VppTestCase): self.verify_not_in_route_dump(fib_dump, self.deleted_routes) +class TestIPNull(VppTestCase): + """ IPv4 routes via NULL """ + + def setUp(self): + super(TestIPNull, self).setUp() + + # create 2 pg interfaces + self.create_pg_interfaces(range(1)) + + for i in self.pg_interfaces: + i.admin_up() + i.config_ip4() + i.resolve_arp() + + def tearDown(self): + super(TestIPNull, self).tearDown() + for i in self.pg_interfaces: + i.unconfig_ip4() + i.admin_down() + + def test_ip_null(self): + """ IP NULL route """ + + # + # A route via IP NULL that will reply with ICMP unreachables + # + ip_unreach = VppIpRoute(self, "10.0.0.1", 32, [], is_unreach=1) + ip_unreach.add_vpp_config() + + p_unreach = (Ether(src=self.pg0.remote_mac, + dst=self.pg0.local_mac) / + IP(src=self.pg0.remote_ip4, dst="10.0.0.1") / + UDP(sport=1234, dport=1234) / + Raw('\xa5' * 100)) + + self.pg0.add_stream(p_unreach) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + + rx = self.pg0.get_capture(1) + rx = rx[0] + icmp = rx[ICMP] + + self.assertEqual(icmptypes[icmp.type], "dest-unreach") + self.assertEqual(icmpcodes[icmp.type][icmp.code], "host-unreachable") + self.assertEqual(icmp.src, self.pg0.remote_ip4) + self.assertEqual(icmp.dst, "10.0.0.1") + + # + # ICMP replies are rate limited. so sit and spin. + # + self.sleep(1) + + # + # A route via IP NULL that will reply with ICMP prohibited + # + ip_prohibit = VppIpRoute(self, "10.0.0.2", 32, [], is_prohibit=1) + ip_prohibit.add_vpp_config() + + p_prohibit = (Ether(src=self.pg0.remote_mac, + dst=self.pg0.local_mac) / + IP(src=self.pg0.remote_ip4, dst="10.0.0.2") / + UDP(sport=1234, dport=1234) / + Raw('\xa5' * 100)) + + self.pg0.add_stream(p_prohibit) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + + rx = self.pg0.get_capture(1) + + rx = rx[0] + icmp = rx[ICMP] + + self.assertEqual(icmptypes[icmp.type], "dest-unreach") + self.assertEqual(icmpcodes[icmp.type][icmp.code], "host-prohibited") + self.assertEqual(icmp.src, self.pg0.remote_ip4) + self.assertEqual(icmp.dst, "10.0.0.2") + + +class TestIPDisabled(VppTestCase): + """ IPv4 disabled """ + + def setUp(self): + super(TestIPDisabled, self).setUp() + + # create 2 pg interfaces + self.create_pg_interfaces(range(2)) + + # PG0 is IP enalbed + self.pg0.admin_up() + self.pg0.config_ip4() + self.pg0.resolve_arp() + + # PG 1 is not IP enabled + self.pg1.admin_up() + + def tearDown(self): + super(TestIPDisabled, self).tearDown() + for i in self.pg_interfaces: + i.unconfig_ip4() + i.admin_down() + + def send_and_assert_no_replies(self, intf, pkts, remark): + intf.add_stream(pkts) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + for i in self.pg_interfaces: + i.get_capture(0) + i.assert_nothing_captured(remark=remark) + + def test_ip_disabled(self): + """ IP Disabled """ + + # + # An (S,G). + # one accepting interface, pg0, 2 forwarding interfaces + # + route_232_1_1_1 = VppIpMRoute( + self, + "0.0.0.0", + "232.1.1.1", 32, + MRouteEntryFlags.MFIB_ENTRY_FLAG_NONE, + [VppMRoutePath(self.pg1.sw_if_index, + MRouteItfFlags.MFIB_ITF_FLAG_ACCEPT), + VppMRoutePath(self.pg0.sw_if_index, + MRouteItfFlags.MFIB_ITF_FLAG_FORWARD)]) + route_232_1_1_1.add_vpp_config() + + pu = (Ether(src=self.pg1.remote_mac, + dst=self.pg1.local_mac) / + IP(src="10.10.10.10", dst=self.pg0.remote_ip4) / + UDP(sport=1234, dport=1234) / + Raw('\xa5' * 100)) + pm = (Ether(src=self.pg1.remote_mac, + dst=self.pg1.local_mac) / + IP(src="10.10.10.10", dst="232.1.1.1") / + UDP(sport=1234, dport=1234) / + Raw('\xa5' * 100)) + + # + # PG1 does not forward IP traffic + # + self.send_and_assert_no_replies(self.pg1, pu, "IP disabled") + self.send_and_assert_no_replies(self.pg1, pm, "IP disabled") + + # + # IP enable PG1 + # + self.pg1.config_ip4() + + # + # Now we get packets through + # + self.pg1.add_stream(pu) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + rx = self.pg0.get_capture(1) + + self.pg1.add_stream(pm) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + rx = self.pg0.get_capture(1) + + # + # Disable PG1 + # + self.pg1.unconfig_ip4() + + # + # PG1 does not forward IP traffic + # + self.send_and_assert_no_replies(self.pg1, pu, "IP disabled") + self.send_and_assert_no_replies(self.pg1, pm, "IP disabled") + + +class TestIPSubNets(VppTestCase): + """ IPv4 Subnets """ + + def setUp(self): + super(TestIPSubNets, self).setUp() + + # create a 2 pg interfaces + self.create_pg_interfaces(range(2)) + + # pg0 we will use to experiemnt + self.pg0.admin_up() + + # pg1 is setup normally + self.pg1.admin_up() + self.pg1.config_ip4() + self.pg1.resolve_arp() + + def tearDown(self): + super(TestIPSubNets, self).tearDown() + for i in self.pg_interfaces: + i.admin_down() + + def send_and_assert_no_replies(self, intf, pkts, remark): + intf.add_stream(pkts) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + for i in self.pg_interfaces: + i.get_capture(0) + i.assert_nothing_captured(remark=remark) + + def test_ip_sub_nets(self): + """ IP Sub Nets """ + + # + # Configure a covering route to forward so we know + # when we are dropping + # + cover_route = VppIpRoute(self, "10.0.0.0", 8, + [VppRoutePath(self.pg1.remote_ip4, + self.pg1.sw_if_index)]) + cover_route.add_vpp_config() + + p = (Ether(src=self.pg1.remote_mac, + dst=self.pg1.local_mac) / + IP(dst="10.10.10.10", src=self.pg0.local_ip4) / + UDP(sport=1234, dport=1234) / + Raw('\xa5' * 100)) + + self.pg1.add_stream(p) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + rx = self.pg1.get_capture(1) + + # + # Configure some non-/24 subnets on an IP interface + # + ip_addr_n = socket.inet_pton(socket.AF_INET, "10.10.10.10") + + self.vapi.sw_interface_add_del_address(self.pg0.sw_if_index, + ip_addr_n, + 16) + + pn = (Ether(src=self.pg1.remote_mac, + dst=self.pg1.local_mac) / + IP(dst="10.10.0.0", src=self.pg0.local_ip4) / + UDP(sport=1234, dport=1234) / + Raw('\xa5' * 100)) + pb = (Ether(src=self.pg1.remote_mac, + dst=self.pg1.local_mac) / + IP(dst="10.10.255.255", src=self.pg0.local_ip4) / + UDP(sport=1234, dport=1234) / + Raw('\xa5' * 100)) + + self.send_and_assert_no_replies(self.pg1, pn, "IP Network address") + self.send_and_assert_no_replies(self.pg1, pb, "IP Broadcast address") + + # remove the sub-net and we are forwarding via the cover again + self.vapi.sw_interface_add_del_address(self.pg0.sw_if_index, + ip_addr_n, + 16, + is_add=0) + self.pg1.add_stream(pn) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + rx = self.pg1.get_capture(1) + self.pg1.add_stream(pb) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + rx = self.pg1.get_capture(1) + + # + # A /31 is a special case where the 'other-side' is an attached host + # packets to that peer generate ARP requests + # + ip_addr_n = socket.inet_pton(socket.AF_INET, "10.10.10.10") + + self.vapi.sw_interface_add_del_address(self.pg0.sw_if_index, + ip_addr_n, + 31) + + pn = (Ether(src=self.pg1.remote_mac, + dst=self.pg1.local_mac) / + IP(dst="10.10.10.11", src=self.pg0.local_ip4) / + UDP(sport=1234, dport=1234) / + Raw('\xa5' * 100)) + + self.pg1.add_stream(pn) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + rx = self.pg0.get_capture(1) + rx[ARP] + + # remove the sub-net and we are forwarding via the cover again + self.vapi.sw_interface_add_del_address(self.pg0.sw_if_index, + ip_addr_n, + 31, + is_add=0) + self.pg1.add_stream(pn) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + rx = self.pg1.get_capture(1) + + +class TestIPLoadBalance(VppTestCase): + """ IPv4 Load-Balancing """ + + def setUp(self): + super(TestIPLoadBalance, self).setUp() + + self.create_pg_interfaces(range(5)) + + for i in self.pg_interfaces: + i.admin_up() + i.config_ip4() + i.resolve_arp() + + def tearDown(self): + super(TestIPLoadBalance, self).tearDown() + for i in self.pg_interfaces: + i.unconfig_ip4() + i.admin_down() + + def send_and_expect_load_balancing(self, input, pkts, outputs): + input.add_stream(pkts) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + for oo in outputs: + rx = oo._get_capture(1) + self.assertNotEqual(0, len(rx)) + + def test_ip_load_balance(self): + """ IP Load-Balancing """ + + # + # An array of packets that differ only in the destination port + # + port_pkts = [] + + # + # An array of packets that differ only in the source address + # + src_pkts = [] + + for ii in range(65): + port_pkts.append((Ether(src=self.pg0.remote_mac, + dst=self.pg0.local_mac) / + IP(dst="10.0.0.1", src="20.0.0.1") / + UDP(sport=1234, dport=1234 + ii) / + Raw('\xa5' * 100))) + src_pkts.append((Ether(src=self.pg0.remote_mac, + dst=self.pg0.local_mac) / + IP(dst="10.0.0.1", src="20.0.0.%d" % ii) / + UDP(sport=1234, dport=1234) / + Raw('\xa5' * 100))) + + route_10_0_0_1 = VppIpRoute(self, "10.0.0.1", 32, + [VppRoutePath(self.pg1.remote_ip4, + self.pg1.sw_if_index), + VppRoutePath(self.pg2.remote_ip4, + self.pg2.sw_if_index)]) + route_10_0_0_1.add_vpp_config() + + # + # inject the packet on pg0 - expect load-balancing across the 2 paths + # - since the default hash config is to use IP src,dst and port + # src,dst + # We are not going to ensure equal amounts of packets across each link, + # since the hash algorithm is statistical and therefore this can never + # be guaranteed. But wuth 64 different packets we do expect some + # balancing. So instead just ensure there is traffic on each link. + # + self.send_and_expect_load_balancing(self.pg0, port_pkts, + [self.pg1, self.pg2]) + self.send_and_expect_load_balancing(self.pg0, src_pkts, + [self.pg1, self.pg2]) + + # + # change the flow hash config so it's only IP src,dst + # - now only the stream with differing source address will + # load-balance + # + self.vapi.set_ip_flow_hash(0, src=1, dst=1, sport=0, dport=0) + + self.send_and_expect_load_balancing(self.pg0, src_pkts, + [self.pg1, self.pg2]) + + self.pg0.add_stream(port_pkts) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + + rx = self.pg2.get_capture(len(port_pkts)) + + # + # change the flow hash config back to defaults + # + self.vapi.set_ip_flow_hash(0, src=1, dst=1, sport=1, dport=1) + + # + # Recursive prefixes + # - testing that 2 stages of load-balancing occurs and there is no + # polarisation (i.e. only 2 of 4 paths are used) + # + port_pkts = [] + src_pkts = [] + + for ii in range(257): + port_pkts.append((Ether(src=self.pg0.remote_mac, + dst=self.pg0.local_mac) / + IP(dst="1.1.1.1", src="20.0.0.1") / + UDP(sport=1234, dport=1234 + ii) / + Raw('\xa5' * 100))) + src_pkts.append((Ether(src=self.pg0.remote_mac, + dst=self.pg0.local_mac) / + IP(dst="1.1.1.1", src="20.0.0.%d" % ii) / + UDP(sport=1234, dport=1234) / + Raw('\xa5' * 100))) + + route_10_0_0_2 = VppIpRoute(self, "10.0.0.2", 32, + [VppRoutePath(self.pg3.remote_ip4, + self.pg3.sw_if_index), + VppRoutePath(self.pg4.remote_ip4, + self.pg4.sw_if_index)]) + route_10_0_0_2.add_vpp_config() + + route_1_1_1_1 = VppIpRoute(self, "1.1.1.1", 32, + [VppRoutePath("10.0.0.2", 0xffffffff), + VppRoutePath("10.0.0.1", 0xffffffff)]) + route_1_1_1_1.add_vpp_config() + + # + # inject the packet on pg0 - expect load-balancing across all 4 paths + # + self.vapi.cli("clear trace") + self.send_and_expect_load_balancing(self.pg0, port_pkts, + [self.pg1, self.pg2, + self.pg3, self.pg4]) + self.send_and_expect_load_balancing(self.pg0, src_pkts, + [self.pg1, self.pg2, + self.pg3, self.pg4]) + if __name__ == '__main__': unittest.main(testRunner=VppTestRunner)