-# Copyright (c) 2019 Cisco and/or its affiliates.
+# Copyright (c) 2021 Cisco and/or its affiliates.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at:
| | Set Test Variable | ${encr_key}
| | Set Test Variable | ${auth_key}
-| Configure path for IPSec test
-| | [Documentation] | Setup path for IPsec testing TG<-->DUT1.
-| |
-| | ... | *Example:*
-| | ... | \| Configure path for IPSec test \|
-| |
-| | Set Interface State | ${dut1} | ${dut1_if1} | up
-| | Set Interface State | ${dut1} | ${dut1_if2} | up
-| | Vpp Node Interfaces Ready Wait | ${dut1}
-
| Configure topology for IPv4 IPsec testing
| | [Documentation] | Setup topology for IPv4 IPsec testing.
| |
| | ... | *Example:*
| | ... | \| Configure topology for IPv4 IPsec testing \|
| |
-| | Configure path for IPSec test
+| | Set interfaces in path up
| | VPP Interface Set IP Address
-| | ... | ${dut1} | ${dut1_if1} | ${dut_if1_ip4} | ${ip4_plen}
+| | ... | ${dut1} | ${DUT1_${int}1}[0] | ${dut_if1_ip4} | ${ip4_plen}
| | VPP Interface Set IP Address
-| | ... | ${dut1} | ${dut1_if2} | ${dut_if2_ip4} | ${ip4_plen}
+| | ... | ${dut1} | ${DUT1_${int}2}[0] | ${dut_if2_ip4} | ${ip4_plen}
| | VPP Add IP Neighbor
-| | ... | ${dut1} | ${dut1_if1} | ${tg_if1_ip4} | ${tg_if1_mac}
+| | ... | ${dut1} | ${DUT1_${int}1}[0] | ${tg_if1_ip4} | ${TG_pf1_mac}[0]
| | VPP Add IP Neighbor
-| | ... | ${dut1} | ${dut1_if2} | ${tg_if2_ip4} | ${tg_if2_mac}
+| | ... | ${dut1} | ${DUT1_${int}2}[0] | ${tg_if2_ip4} | ${TG_pf2_mac}[0]
| | Vpp Route Add
| | ... | ${dut1} | ${tg_host_ip4} | ${ip4_plen} | gateway=${tg_if1_ip4}
-| | ... | interface=${dut1_if1}
+| | ... | interface=${DUT1_${int}1}[0]
| | Set Test Variable | ${dut_tun_ip} | ${dut_if1_ip4}
| | Set Test Variable | ${tg_tun_ip} | ${tg_if1_ip4}
| | Set Test Variable | ${tg_src_ip} | ${tg_host_ip4}
| | ... | *Example:*
| | ... | \| Configure topology for IPv6 IPsec testing \|
| |
-| | Configure path for IPSec test
+| | Set interfaces in path up
| | VPP Interface Set IP Address
-| | ... | ${dut1} | ${dut1_if1} | ${dut_if1_ip6} | ${ip6_plen}
+| | ... | ${dut1} | ${DUT1_${int}1}[0] | ${dut_if1_ip6} | ${ip6_plen}
| | VPP Interface Set IP Address
-| | ... | ${dut1} | ${dut1_if2} | ${dut_if2_ip6} | ${ip6_plen}
+| | ... | ${dut1} | ${DUT1_${int}2}[0] | ${dut_if2_ip6} | ${ip6_plen}
| | VPP Add IP Neighbor
-| | ... | ${dut1} | ${dut1_if1} | ${tg_if1_ip6} | ${tg_if1_mac}
+| | ... | ${dut1} | ${DUT1_${int}1}[0] | ${tg_if1_ip6} | ${TG_pf1_mac}[0]
| | VPP Add IP Neighbor
-| | ... | ${dut1} | ${dut1_if2} | ${tg_if2_ip6} | ${tg_if2_mac}
-| | Vpp All RA Suppress Link Layer | ${nodes}
+| | ... | ${dut1} | ${DUT1_${int}2}[0] | ${tg_if2_ip6} | ${TG_pf2_mac}[0]
+| | Vpp Interfaces RA Suppress On All Nodes | ${nodes}
| | Vpp Route Add
| | ... | ${dut1} | ${tg_host_ip6} | ${ip6_plen_rt} | gateway=${tg_if1_ip6}
-| | ... | interface=${dut1_if1}
+| | ... | interface=${DUT1_${int}1}[0]
| | Set Test Variable | ${dut_tun_ip} | ${dut_if1_ip6}
| | Set Test Variable | ${tg_tun_ip} | ${tg_if1_ip6}
| | Set Test Variable | ${tg_src_ip} | ${tg_host_ip6}
| | VPP IPsec Add SPD | ${node} | ${spd_id}
| | VPP IPsec SPD Add If | ${node} | ${spd_id} | ${interface}
| | ${action}= | Policy Action Bypass
-| | VPP IPsec Policy Add | ${node} | ${spd_id} | ${p_hi} | ${action}
+| | VPP IPsec Add SPD Entry | ${node} | ${spd_id} | ${p_hi} | ${action}
| | ... | inbound=${TRUE} | proto=${ESP_PROTO} | is_ipv6=${is_ipv6}
| | ... | laddr_range=${tg_tun_ip} | raddr_range=${dut_tun_ip}
-| | VPP IPsec Policy Add | ${node} | ${spd_id} | ${p_hi} | ${action}
+| | VPP IPsec Add SPD Entry | ${node} | ${spd_id} | ${p_hi} | ${action}
| | ... | inbound=${FALSE} | proto=${ESP_PROTO} | is_ipv6=${is_ipv6}
| | ... | laddr_range=${dut_tun_ip} | raddr_range=${tg_tun_ip}
| | ${action}= | Policy Action Protect
-| | VPP IPsec Policy Add | ${node} | ${spd_id} | ${p_lo} | ${action}
+| | VPP IPsec Add SPD Entry | ${node} | ${spd_id} | ${p_lo} | ${action}
| | ... | sa_id=${r_sa_id} | laddr_range=${l_ip}
| | ... | raddr_range=${r_ip} | inbound=${TRUE}
-| | VPP IPsec Policy Add | ${node} | ${spd_id} | ${p_lo} | ${action}
+| | VPP IPsec Add SPD Entry | ${node} | ${spd_id} | ${p_lo} | ${action}
| | ... | sa_id=${l_sa_id} | laddr_range=${l_ip}
| | ... | raddr_range=${r_ip} | inbound=${FALSE}
| Initialize IPSec in 3-node circular topology
| | [Documentation]
| | ... | Set UP state on VPP interfaces in path on nodes in 3-node circular
+| | ... | topology. Get the interface MAC addresses and setup ARP on VPP
+| | ... | interfaces towards TG. Setup IPv4 addresses with /24 prefix on DUT-TG
+| | ... | links. Set routing for decrypted traffic on both DUT nodes
+| | ... | with prefix /8 and next hop of neighbour TG interface IPv4 address.
+| |
+| | Set interfaces in path up
+| | VPP Interface Set IP Address
+| | ... | ${dut1} | ${DUT1_${int}1}[0] | ${dut1_if1_ip4} | 24
+| | VPP Interface Set IP Address
+| | ... | ${dut2} | ${DUT2_${int}2}[0] | ${dut2_if2_ip4} | 24
+| | VPP Add IP Neighbor
+| | ... | ${dut1} | ${DUT1_${int}1}[0] | ${tg_if1_ip4} | ${TG_pf1_mac}[0]
+| | VPP Add IP Neighbor
+| | ... | ${dut2} | ${DUT2_${int}2}[0] | ${tg_if2_ip4} | ${TG_pf2_mac}[0]
+| | Vpp Route Add | ${dut1} | ${laddr_ip4} | 8 | gateway=${tg_if1_ip4}
+| | ... | interface=${DUT1_${int}1}[0]
+| | Vpp Route Add | ${dut2} | ${raddr_ip4} | 8 | gateway=${tg_if2_ip4}
+| | ... | interface=${DUT2_${int}2}[0]
+
+| Initialize IPSec in 3-node circular container topology
+| | [Documentation]
+| | ... | Set UP state on VPP interfaces in path on nodes in 3-node circular
| | ... | topology. Get the interface MAC addresses and setup ARP on all VPP
| | ... | interfaces. Setup IPv4 addresses with /24 prefix on DUT-TG and
| | ... | DUT1-DUT2 links. Set routing for encrypted traffic on both DUT nodes
| | ... | with prefix /8 and next hop of neighbour DUT or TG interface IPv4
| | ... | address.
| |
+| | Set interfaces in path up on DUT | DUT1
+| | VPP Interface Set IP Address
+| | ... | ${dut1} | ${DUT1_${int}1}[0] | ${dut1_if1_ip4} | 24
+| | VPP Add IP Neighbor
+| | ... | ${dut1} | ${DUT1_${int}1}[0] | ${tg_if1_ip4} | ${TG_pf1_mac}[0]
+| | Vpp Route Add
+| | ... | ${dut1} | ${laddr_ip4} | 8 | gateway=${tg_if1_ip4}
+| | ... | interface=${DUT1_${int}1}[0]
+
+| Initialize IPSec in 2-node circular topology
+| | [Documentation]
+| | ... | Set UP state on VPP interfaces in path on node in 2-node circular
+| | ... | topology. Get the interface MAC address and setup ARP on VPP
+| | ... | interface towards TG. Setup IPv4 address with /24 prefix on one
+| | ... | DUT-TG link. Set routing for decrypted traffic on DUT
+| | ... | with prefix /8 and next hop of neighbour TG interface IPv4 address.
+| |
| | Set interfaces in path up
-| | VPP Interface Set IP Address | ${dut1} | ${dut1_if1}
-| | ... | ${dut1_if1_ip4} | 24
-| | VPP Interface Set IP Address | ${dut2} | ${dut2_if2}
-| | ... | ${dut2_if2_ip4} | 24
-| | VPP Add IP Neighbor | ${dut1} | ${dut1_if1} | ${tg_if1_ip4} | ${tg_if1_mac}
-| | VPP Add IP Neighbor | ${dut2} | ${dut2_if2} | ${tg_if2_ip4} | ${tg_if2_mac}
-| | Vpp Route Add | ${dut1} | ${laddr_ip4} | 8 | gateway=${tg_if1_ip4}
-| | ... | interface=${dut1_if1}
-| | Vpp Route Add | ${dut2} | ${raddr_ip4} | 8 | gateway=${tg_if2_ip4}
-| | ... | interface=${dut2_if2}
+| | VPP Interface Set IP Address
+| | ... | ${dut1} | ${DUT1_${int}1}[0] | ${dut1_if1_ip4} | 24
+| | VPP Add IP Neighbor
+| | ... | ${dut1} | ${DUT1_${int}1}[0] | ${tg_if1_ip4} | ${TG_pf1_mac}[0]
+| | Vpp Route Add
+| | ... | ${dut1} | ${laddr_ip4} | 8 | gateway=${tg_if1_ip4}
+| | ... | interface=${DUT1_${int}1}[0]
+
+| Enable IPSec Async Mode on all VPP DUTs
+| | [Documentation]
+| | ... | Set IPsec async mode on for all DUT nodes.
+| |
+| | FOR | ${dut} | IN | @{duts}
+| | | VPP Ipsec Set Async Mode | ${nodes['${dut}']}
+| | END
+
+| Set Data Plane And Feature Plane Workers for IPsec on all VPP DUTs
+| | [Documentation]
+| | ... | Disable crypto work for specified data plane CPU cores
+| | ... | on all DUT nodes (leaving feature plane workers enabled).
+| | ... | Set Round Robin interface RX placement on data plane CPU cores
+| | ... | on all DUT nodes (leaving feature plane workers disabled).
+| |
+| | VPP Round Robin Rx Placement on all DUTs
+| | ... | ${nodes} | prefix=${EMPTY} | workers=${cpu_dp}
+| | VPP IPSec Crypto SW Scheduler Set Worker on all DUTs
+| | ... | ${nodes} | workers=${cpu_dp} | crypto_enable=${False}
Code Review / csit.git / blobdiff