X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=test%2Ftest_ip6.py;h=ebeffe204613e61144fa4625feb654e963cc7747;hb=0eb874e7fd34d74edd0619674561995ddf3b20ae;hp=e57e034d82205fafb1e207819285c54f08e3a6be;hpb=b3b2de71ceea0cc7ce18f89cc8180ed4a42e355d;p=vpp.git diff --git a/test/test_ip6.py b/test/test_ip6.py index e57e034d822..ebeffe20461 100644 --- a/test/test_ip6.py +++ b/test/test_ip6.py @@ -6,7 +6,8 @@ from socket import AF_INET6 from framework import VppTestCase, VppTestRunner from vpp_sub_interface import VppSubInterface, VppDot1QSubint from vpp_pg_interface import is_ipv6_misc -from vpp_ip_route import VppIpRoute, VppRoutePath, find_route +from vpp_ip_route import VppIpRoute, VppRoutePath, find_route, VppIpMRoute, \ + VppMRoutePath, MRouteItfFlags, MRouteEntryFlags from vpp_neighbor import find_nbr, VppNeighbor from scapy.packet import Raw @@ -76,7 +77,6 @@ class TestIPv6ND(VppTestCase): def send_and_expect_ra(self, intf, pkts, remark, dst_ip=None, filter_out_fn=is_ipv6_misc): intf.add_stream(pkts) - self.pg0.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) self.pg_start() rx = intf.get_capture(1, filter_out_fn=filter_out_fn) @@ -85,11 +85,25 @@ class TestIPv6ND(VppTestCase): rx = rx[0] self.validate_ra(intf, rx, dst_ip) + def send_and_expect_na(self, intf, pkts, remark, dst_ip=None, + tgt_ip=None, + filter_out_fn=is_ipv6_misc): + intf.add_stream(pkts) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + rx = intf.get_capture(1, filter_out_fn=filter_out_fn) + + self.assertEqual(len(rx), 1) + rx = rx[0] + self.validate_na(intf, rx, dst_ip, tgt_ip) + def send_and_assert_no_replies(self, intf, pkts, remark): intf.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) self.pg_start() - intf.assert_nothing_captured(remark=remark) + for i in self.pg_interfaces: + i.get_capture(0) + i.assert_nothing_captured(remark=remark) class TestIPv6(TestIPv6ND): @@ -375,6 +389,59 @@ class TestIPv6(TestIPv6ND): 128, inet=AF_INET6)) + # + # send an NS from a link local address to the interface's global + # address + # + p = (Ether(dst=in6_getnsmac(nsma), src=self.pg0.remote_mac) / + IPv6(dst=d, src=self.pg0._remote_hosts[2].ip6_ll) / + ICMPv6ND_NS(tgt=self.pg0.local_ip6) / + ICMPv6NDOptSrcLLAddr(lladdr=self.pg0.remote_mac)) + + self.send_and_expect_na(self.pg0, p, + "NS from link-local", + dst_ip=self.pg0._remote_hosts[2].ip6_ll, + tgt_ip=self.pg0.local_ip6) + + # + # we should have learned an ND entry for the peer's link-local + # but not inserted a route to it in the FIB + # + self.assertTrue(find_nbr(self, + self.pg0.sw_if_index, + self.pg0._remote_hosts[2].ip6_ll, + inet=AF_INET6)) + self.assertFalse(find_route(self, + self.pg0._remote_hosts[2].ip6_ll, + 128, + inet=AF_INET6)) + + # + # An NS to the router's own Link-local + # + p = (Ether(dst=in6_getnsmac(nsma), src=self.pg0.remote_mac) / + IPv6(dst=d, src=self.pg0._remote_hosts[3].ip6_ll) / + ICMPv6ND_NS(tgt=self.pg0.local_ip6_ll) / + ICMPv6NDOptSrcLLAddr(lladdr=self.pg0.remote_mac)) + + self.send_and_expect_na(self.pg0, p, + "NS to/from link-local", + dst_ip=self.pg0._remote_hosts[3].ip6_ll, + tgt_ip=self.pg0.local_ip6_ll) + + # + # we should have learned an ND entry for the peer's link-local + # but not inserted a route to it in the FIB + # + self.assertTrue(find_nbr(self, + self.pg0.sw_if_index, + self.pg0._remote_hosts[3].ip6_ll, + inet=AF_INET6)) + self.assertFalse(find_route(self, + self.pg0._remote_hosts[3].ip6_ll, + 128, + inet=AF_INET6)) + def validate_ra(self, intf, rx, dst_ip=None, mtu=9000, pi_opt=None): if not dst_ip: dst_ip = intf.remote_ip6 @@ -769,14 +836,10 @@ class IPv6NDProxyTest(TestIPv6ND): # # try that NS again. this time we expect an NA back # - self.pg1.add_stream(ns_pg1) - self.pg_enable_capture(self.pg_interfaces) - self.pg_start() - rx = self.pg1.get_capture(1) - - self.validate_na(self.pg1, rx[0], - dst_ip=self.pg0._remote_hosts[2].ip6, - tgt_ip=self.pg0.local_ip6) + self.send_and_expect_na(self.pg1, ns_pg1, + "NS to proxy entry", + dst_ip=self.pg0._remote_hosts[2].ip6, + tgt_ip=self.pg0.local_ip6) # # ... and that we have an entry in the ND cache @@ -815,14 +878,10 @@ class IPv6NDProxyTest(TestIPv6ND): ICMPv6ND_NS(tgt=self.pg0._remote_hosts[2].ip6) / ICMPv6NDOptSrcLLAddr(lladdr=self.pg0.remote_mac)) - self.pg0.add_stream(ns_pg0) - self.pg_enable_capture(self.pg_interfaces) - self.pg_start() - rx = self.pg0.get_capture(1) - - self.validate_na(self.pg0, rx[0], - tgt_ip=self.pg0._remote_hosts[2].ip6, - dst_ip=self.pg0.remote_ip6) + self.send_and_expect_na(self.pg0, ns_pg0, + "NS to proxy entry on main", + tgt_ip=self.pg0._remote_hosts[2].ip6, + dst_ip=self.pg0.remote_ip6) # # Setup and resolve proxy for another host on another interface @@ -836,14 +895,10 @@ class IPv6NDProxyTest(TestIPv6ND): inet_pton(AF_INET6, self.pg0._remote_hosts[3].ip6), self.pg2.sw_if_index) - self.pg2.add_stream(ns_pg2) - self.pg_enable_capture(self.pg_interfaces) - self.pg_start() - rx = self.pg2.get_capture(1) - - self.validate_na(self.pg2, rx[0], - dst_ip=self.pg0._remote_hosts[3].ip6, - tgt_ip=self.pg0.local_ip6) + self.send_and_expect_na(self.pg2, ns_pg2, + "NS to proxy entry other interface", + dst_ip=self.pg0._remote_hosts[3].ip6, + tgt_ip=self.pg0.local_ip6) self.assertTrue(find_nbr(self, self.pg2.sw_if_index, @@ -981,5 +1036,251 @@ class TestIPNull(VppTestCase): self.assertEqual(icmp.code, 1) +class TestIPDisabled(VppTestCase): + """ IPv6 disabled """ + + def setUp(self): + super(TestIPDisabled, self).setUp() + + # create 2 pg interfaces + self.create_pg_interfaces(range(2)) + + # PG0 is IP enalbed + self.pg0.admin_up() + self.pg0.config_ip6() + self.pg0.resolve_ndp() + + # PG 1 is not IP enabled + self.pg1.admin_up() + + def tearDown(self): + super(TestIPDisabled, self).tearDown() + for i in self.pg_interfaces: + i.unconfig_ip4() + i.admin_down() + + def send_and_assert_no_replies(self, intf, pkts, remark): + intf.add_stream(pkts) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + for i in self.pg_interfaces: + i.get_capture(0) + i.assert_nothing_captured(remark=remark) + + def test_ip_disabled(self): + """ IP Disabled """ + + # + # An (S,G). + # one accepting interface, pg0, 2 forwarding interfaces + # + route_ff_01 = VppIpMRoute( + self, + "::", + "ffef::1", 128, + MRouteEntryFlags.MFIB_ENTRY_FLAG_NONE, + [VppMRoutePath(self.pg1.sw_if_index, + MRouteItfFlags.MFIB_ITF_FLAG_ACCEPT), + VppMRoutePath(self.pg0.sw_if_index, + MRouteItfFlags.MFIB_ITF_FLAG_FORWARD)], + is_ip6=1) + route_ff_01.add_vpp_config() + + pu = (Ether(src=self.pg1.remote_mac, + dst=self.pg1.local_mac) / + IPv6(src="2001::1", dst=self.pg0.remote_ip6) / + UDP(sport=1234, dport=1234) / + Raw('\xa5' * 100)) + pm = (Ether(src=self.pg1.remote_mac, + dst=self.pg1.local_mac) / + IPv6(src="2001::1", dst="ffef::1") / + UDP(sport=1234, dport=1234) / + Raw('\xa5' * 100)) + + # + # PG1 does not forward IP traffic + # + self.send_and_assert_no_replies(self.pg1, pu, "IPv6 disabled") + self.send_and_assert_no_replies(self.pg1, pm, "IPv6 disabled") + + # + # IP enable PG1 + # + self.pg1.config_ip6() + + # + # Now we get packets through + # + self.pg1.add_stream(pu) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + rx = self.pg0.get_capture(1) + + self.pg1.add_stream(pm) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + rx = self.pg0.get_capture(1) + + # + # Disable PG1 + # + self.pg1.unconfig_ip6() + + # + # PG1 does not forward IP traffic + # + self.send_and_assert_no_replies(self.pg1, pu, "IPv6 disabled") + self.send_and_assert_no_replies(self.pg1, pm, "IPv6 disabled") + + +class TestIP6LoadBalance(VppTestCase): + """ IPv6 Load-Balancing """ + + def setUp(self): + super(TestIP6LoadBalance, self).setUp() + + self.create_pg_interfaces(range(5)) + + for i in self.pg_interfaces: + i.admin_up() + i.config_ip6() + i.resolve_ndp() + + def tearDown(self): + super(TestIP6LoadBalance, self).tearDown() + for i in self.pg_interfaces: + i.unconfig_ip6() + i.admin_down() + + def send_and_expect_load_balancing(self, input, pkts, outputs): + input.add_stream(pkts) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + for oo in outputs: + rx = oo._get_capture(1) + self.assertNotEqual(0, len(rx)) + + def test_ip6_load_balance(self): + """ IPv6 Load-Balancing """ + + # + # An array of packets that differ only in the destination port + # + port_pkts = [] + + # + # An array of packets that differ only in the source address + # + src_pkts = [] + + for ii in range(65): + port_pkts.append((Ether(src=self.pg0.remote_mac, + dst=self.pg0.local_mac) / + IPv6(dst="3000::1", src="3000:1::1") / + UDP(sport=1234, dport=1234 + ii) / + Raw('\xa5' * 100))) + src_pkts.append((Ether(src=self.pg0.remote_mac, + dst=self.pg0.local_mac) / + IPv6(dst="3000::1", src="3000:1::%d" % ii) / + UDP(sport=1234, dport=1234) / + Raw('\xa5' * 100))) + + route_3000_1 = VppIpRoute(self, "3000::1", 128, + [VppRoutePath(self.pg1.remote_ip6, + self.pg1.sw_if_index, + is_ip6=1), + VppRoutePath(self.pg2.remote_ip6, + self.pg2.sw_if_index, + is_ip6=1)], + is_ip6=1) + route_3000_1.add_vpp_config() + + # + # inject the packet on pg0 - expect load-balancing across the 2 paths + # - since the default hash config is to use IP src,dst and port + # src,dst + # We are not going to ensure equal amounts of packets across each link, + # since the hash algorithm is statistical and therefore this can never + # be guaranteed. But wuth 64 different packets we do expect some + # balancing. So instead just ensure there is traffic on each link. + # + self.send_and_expect_load_balancing(self.pg0, port_pkts, + [self.pg1, self.pg2]) + self.send_and_expect_load_balancing(self.pg0, src_pkts, + [self.pg1, self.pg2]) + + # + # change the flow hash config so it's only IP src,dst + # - now only the stream with differing source address will + # load-balance + # + self.vapi.set_ip_flow_hash(0, is_ip6=1, src=1, dst=1, sport=0, dport=0) + + self.send_and_expect_load_balancing(self.pg0, src_pkts, + [self.pg1, self.pg2]) + + self.pg0.add_stream(port_pkts) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + + rx = self.pg2.get_capture(len(port_pkts)) + + # + # change the flow hash config back to defaults + # + self.vapi.set_ip_flow_hash(0, is_ip6=1, src=1, dst=1, sport=1, dport=1) + + # + # Recursive prefixes + # - testing that 2 stages of load-balancing occurs and there is no + # polarisation (i.e. only 2 of 4 paths are used) + # + port_pkts = [] + src_pkts = [] + + for ii in range(257): + port_pkts.append((Ether(src=self.pg0.remote_mac, + dst=self.pg0.local_mac) / + IPv6(dst="4000::1", src="4000:1::1") / + UDP(sport=1234, dport=1234 + ii) / + Raw('\xa5' * 100))) + src_pkts.append((Ether(src=self.pg0.remote_mac, + dst=self.pg0.local_mac) / + IPv6(dst="4000::1", src="4000:1::%d" % ii) / + UDP(sport=1234, dport=1234) / + Raw('\xa5' * 100))) + + route_3000_2 = VppIpRoute(self, "3000::2", 128, + [VppRoutePath(self.pg3.remote_ip6, + self.pg3.sw_if_index, + is_ip6=1), + VppRoutePath(self.pg4.remote_ip6, + self.pg4.sw_if_index, + is_ip6=1)], + is_ip6=1) + route_3000_2.add_vpp_config() + + route_4000_1 = VppIpRoute(self, "4000::1", 128, + [VppRoutePath("3000::1", + 0xffffffff, + is_ip6=1), + VppRoutePath("3000::2", + 0xffffffff, + is_ip6=1)], + is_ip6=1) + route_4000_1.add_vpp_config() + + # + # inject the packet on pg0 - expect load-balancing across all 4 paths + # + self.vapi.cli("clear trace") + self.send_and_expect_load_balancing(self.pg0, port_pkts, + [self.pg1, self.pg2, + self.pg3, self.pg4]) + self.send_and_expect_load_balancing(self.pg0, src_pkts, + [self.pg1, self.pg2, + self.pg3, self.pg4]) + + if __name__ == '__main__': unittest.main(testRunner=VppTestRunner)