5 from framework import VppTestCase, VppTestRunner
6 from vpp_object import VppObject
7 from vpp_neighbor import VppNeighbor
8 from vpp_ip_route import VppIpRoute, VppRoutePath, VppIpTable, \
9 VppIpInterfaceAddress, VppIpInterfaceBind, find_route
10 from vpp_l2 import VppBridgeDomain, VppBridgeDomainPort, \
11 VppBridgeDomainArpEntry, VppL2FibEntry, find_bridge_domain_port
12 from vpp_vxlan_gbp_tunnel import *
13 from vpp_sub_interface import VppDot1QSubint
16 from vpp_papi_provider import L2_PORT_TYPE
17 from vpp_papi import VppEnum, MACAddress
19 from scapy.packet import Raw
20 from scapy.layers.l2 import Ether, ARP, Dot1Q
21 from scapy.layers.inet import IP, UDP
22 from scapy.layers.inet6 import IPv6, ICMPv6ND_NS, ICMPv6NDOptSrcLLAddr, \
24 from scapy.utils6 import in6_getnsma, in6_getnsmac
25 from scapy.layers.vxlan import VXLAN
26 from scapy.data import ETH_P_IP, ETH_P_IPV6
28 from socket import AF_INET, AF_INET6
29 from scapy.utils import inet_pton, inet_ntop
30 from vpp_papi_provider import L2_VTR_OP
33 def find_gbp_endpoint(test, sw_if_index=None, ip=None, mac=None):
35 vip = VppIpAddress(ip)
37 vmac = MACAddress(mac)
39 eps = test.vapi.gbp_endpoint_dump()
43 if ep.endpoint.sw_if_index != sw_if_index:
46 for eip in ep.endpoint.ips:
50 if vmac.packed == ep.endpoint.mac:
55 def find_gbp_vxlan(test, vni):
56 ts = test.vapi.gbp_vxlan_tunnel_dump()
58 if t.tunnel.vni == vni:
63 class VppGbpEndpoint(VppObject):
74 return self.itf.remote_mac
94 return [self.ip4, self.ip6]
98 return [self.fip4, self.fip6]
100 def __init__(self, test, itf, epg, recirc, ip4, fip4, ip6, fip6,
110 self._ip4 = VppIpAddress(ip4)
111 self._fip4 = VppIpAddress(fip4)
112 self._ip6 = VppIpAddress(ip6)
113 self._fip6 = VppIpAddress(fip6)
116 self.vmac = MACAddress(self.itf.remote_mac)
118 self.vmac = MACAddress("00:00:00:00:00:00")
121 self.tun_src = VppIpAddress(tun_src)
122 self.tun_dst = VppIpAddress(tun_dst)
124 def add_vpp_config(self):
125 res = self._test.vapi.gbp_endpoint_add(
126 self.itf.sw_if_index,
127 [self.ip4.encode(), self.ip6.encode()],
131 self.tun_src.encode(),
132 self.tun_dst.encode())
133 self.handle = res.handle
134 self._test.registry.register(self, self._test.logger)
136 def remove_vpp_config(self):
137 self._test.vapi.gbp_endpoint_del(self.handle)
140 return self.object_id()
143 return "gbp-endpoint:[%d==%d:%s:%d]" % (self.handle,
144 self.itf.sw_if_index,
148 def query_vpp_config(self):
149 return find_gbp_endpoint(self._test,
150 self.itf.sw_if_index,
154 class VppGbpRecirc(VppObject):
156 GBP Recirculation Interface
159 def __init__(self, test, epg, recirc, is_ext=False):
165 def add_vpp_config(self):
166 self._test.vapi.gbp_recirc_add_del(
168 self.recirc.sw_if_index,
171 self._test.registry.register(self, self._test.logger)
173 def remove_vpp_config(self):
174 self._test.vapi.gbp_recirc_add_del(
176 self.recirc.sw_if_index,
181 return self.object_id()
184 return "gbp-recirc:[%d]" % (self.recirc.sw_if_index)
186 def query_vpp_config(self):
187 rs = self._test.vapi.gbp_recirc_dump()
189 if r.recirc.sw_if_index == self.recirc.sw_if_index:
194 class VppGbpExtItf(VppObject):
196 GBP ExtItfulation Interface
199 def __init__(self, test, itf, bd, rd):
205 def add_vpp_config(self):
206 self._test.vapi.gbp_ext_itf_add_del(
208 self.itf.sw_if_index,
211 self._test.registry.register(self, self._test.logger)
213 def remove_vpp_config(self):
214 self._test.vapi.gbp_ext_itf_add_del(
216 self.itf.sw_if_index,
221 return self.object_id()
224 return "gbp-ext-itf:[%d]" % (self.itf.sw_if_index)
226 def query_vpp_config(self):
227 rs = self._test.vapi.gbp_ext_itf_dump()
229 if r.ext_itf.sw_if_index == self.itf.sw_if_index:
234 class VppGbpSubnet(VppObject):
238 def __init__(self, test, rd, address, address_len,
239 type, sw_if_index=None, epg=None):
241 self.rd_id = rd.rd_id
242 self.prefix = VppIpPrefix(address, address_len)
244 self.sw_if_index = sw_if_index
247 def add_vpp_config(self):
248 self._test.vapi.gbp_subnet_add_del(
251 self.prefix.encode(),
253 sw_if_index=self.sw_if_index if self.sw_if_index else 0xffffffff,
254 epg_id=self.epg if self.epg else 0xffff)
255 self._test.registry.register(self, self._test.logger)
257 def remove_vpp_config(self):
258 self._test.vapi.gbp_subnet_add_del(
261 self.prefix.encode(),
265 return self.object_id()
268 return "gbp-subnet:[%d-%s]" % (self.rd_id, self.prefix)
270 def query_vpp_config(self):
271 ss = self._test.vapi.gbp_subnet_dump()
273 if s.subnet.rd_id == self.rd_id and \
274 s.subnet.type == self.type and \
275 s.subnet.prefix == self.prefix:
280 class VppGbpEndpointGroup(VppObject):
285 def __init__(self, test, epg, sclass, rd, bd, uplink,
286 bvi, bvi_ip4, bvi_ip6=None):
290 self.bvi_ip4 = VppIpAddress(bvi_ip4)
291 self.bvi_ip6 = VppIpAddress(bvi_ip6)
299 def add_vpp_config(self):
300 self._test.vapi.gbp_endpoint_group_add(
305 self.uplink.sw_if_index if self.uplink else INDEX_INVALID)
306 self._test.registry.register(self, self._test.logger)
308 def remove_vpp_config(self):
309 self._test.vapi.gbp_endpoint_group_del(
313 return self.object_id()
316 return "gbp-endpoint-group:[%d]" % (self.epg)
318 def query_vpp_config(self):
319 epgs = self._test.vapi.gbp_endpoint_group_dump()
321 if epg.epg.epg_id == self.epg:
326 class VppGbpBridgeDomain(VppObject):
331 def __init__(self, test, bd, bvi, uu_fwd=None,
332 bm_flood=None, learn=True):
336 self.bm_flood = bm_flood
339 e = VppEnum.vl_api_gbp_bridge_domain_flags_t
341 self.learn = e.GBP_BD_API_FLAG_NONE
343 self.learn = e.GBP_BD_API_FLAG_DO_NOT_LEARN
345 def add_vpp_config(self):
346 self._test.vapi.gbp_bridge_domain_add(
349 self.bvi.sw_if_index,
350 self.uu_fwd.sw_if_index if self.uu_fwd else INDEX_INVALID,
351 self.bm_flood.sw_if_index if self.bm_flood else INDEX_INVALID)
352 self._test.registry.register(self, self._test.logger)
354 def remove_vpp_config(self):
355 self._test.vapi.gbp_bridge_domain_del(self.bd.bd_id)
358 return self.object_id()
361 return "gbp-bridge-domain:[%d]" % (self.bd.bd_id)
363 def query_vpp_config(self):
364 bds = self._test.vapi.gbp_bridge_domain_dump()
366 if bd.bd.bd_id == self.bd.bd_id:
371 class VppGbpRouteDomain(VppObject):
376 def __init__(self, test, rd_id, t4, t6, ip4_uu=None, ip6_uu=None):
384 def add_vpp_config(self):
385 self._test.vapi.gbp_route_domain_add(
389 self.ip4_uu.sw_if_index if self.ip4_uu else INDEX_INVALID,
390 self.ip6_uu.sw_if_index if self.ip6_uu else INDEX_INVALID)
391 self._test.registry.register(self, self._test.logger)
393 def remove_vpp_config(self):
394 self._test.vapi.gbp_route_domain_del(self.rd_id)
397 return self.object_id()
400 return "gbp-route-domain:[%d]" % (self.rd_id)
402 def query_vpp_config(self):
403 rds = self._test.vapi.gbp_route_domain_dump()
405 if rd.rd.rd_id == self.rd_id:
410 class VppGbpContractNextHop():
411 def __init__(self, mac, bd, ip, rd):
418 return {'ip': self.ip.encode(),
419 'mac': self.mac.packed,
420 'bd_id': self.bd.bd.bd_id,
421 'rd_id': self.rd.rd_id}
424 class VppGbpContractRule():
425 def __init__(self, action, hash_mode, nhs=[]):
427 self.hash_mode = hash_mode
433 nhs.append(nh.encode())
436 return {'action': self.action,
438 'hash_mode': self.hash_mode,
439 'n_nhs': len(self.nhs),
443 class VppGbpContract(VppObject):
448 def __init__(self, test, src_epg, dst_epg, acl_index,
449 rules, allowed_ethertypes):
451 self.acl_index = acl_index
452 self.src_epg = src_epg
453 self.dst_epg = dst_epg
455 self.allowed_ethertypes = allowed_ethertypes
457 def add_vpp_config(self):
460 rules.append(r.encode())
461 self._test.vapi.gbp_contract_add_del(
467 self.allowed_ethertypes)
468 self._test.registry.register(self, self._test.logger)
470 def remove_vpp_config(self):
471 self._test.vapi.gbp_contract_add_del(
479 return self.object_id()
482 return "gbp-contract:[%d:%s:%d]" % (self.src_epg,
486 def query_vpp_config(self):
487 cs = self._test.vapi.gbp_contract_dump()
489 if c.contract.src_epg == self.src_epg \
490 and c.contract.dst_epg == self.dst_epg:
495 class VppGbpVxlanTunnel(VppInterface):
500 def __init__(self, test, vni, bd_rd_id, mode):
501 super(VppGbpVxlanTunnel, self).__init__(test)
504 self.bd_rd_id = bd_rd_id
507 def add_vpp_config(self):
508 r = self._test.vapi.gbp_vxlan_tunnel_add(
512 self.set_sw_if_index(r.sw_if_index)
513 self._test.registry.register(self, self._test.logger)
515 def remove_vpp_config(self):
516 self._test.vapi.gbp_vxlan_tunnel_del(self.vni)
519 return self.object_id()
522 return "gbp-vxlan:%d" % (self.vni)
524 def query_vpp_config(self):
525 return find_gbp_vxlan(self._test, self.vni)
528 class VppGbpAcl(VppObject):
533 def __init__(self, test):
535 self.acl_index = 4294967295
537 def create_rule(self, is_ipv6=0, permit_deny=0, proto=-1,
538 s_prefix=0, s_ip='\x00\x00\x00\x00', sport_from=0,
539 sport_to=65535, d_prefix=0, d_ip='\x00\x00\x00\x00',
540 dport_from=0, dport_to=65535):
541 if proto == -1 or proto == 0:
544 elif proto == 1 or proto == 58:
547 rule = ({'is_permit': permit_deny, 'is_ipv6': is_ipv6, 'proto': proto,
548 'srcport_or_icmptype_first': sport_from,
549 'srcport_or_icmptype_last': sport_to,
550 'src_ip_prefix_len': s_prefix,
552 'dstport_or_icmpcode_first': dport_from,
553 'dstport_or_icmpcode_last': dport_to,
554 'dst_ip_prefix_len': d_prefix,
555 'dst_ip_addr': d_ip})
558 def add_vpp_config(self, rules):
560 reply = self._test.vapi.acl_add_replace(self.acl_index,
563 self.acl_index = reply.acl_index
564 return self.acl_index
566 def remove_vpp_config(self):
567 self._test.vapi.acl_del(self.acl_index)
570 return self.object_id()
573 return "gbp-acl:[%d]" % (self.acl_index)
575 def query_vpp_config(self):
576 cs = self._test.vapi.acl_dump()
578 if c.acl_index == self.acl_index:
583 class TestGBP(VppTestCase):
584 """ GBP Test Case """
587 super(TestGBP, self).setUp()
589 self.create_pg_interfaces(range(9))
590 self.create_loopback_interfaces(8)
592 self.router_mac = MACAddress("00:11:22:33:44:55")
594 for i in self.pg_interfaces:
596 for i in self.lo_interfaces:
600 for i in self.pg_interfaces:
603 super(TestGBP, self).tearDown()
605 def send_and_expect_bridged(self, src, tx, dst):
606 rx = self.send_and_expect(src, tx, dst)
609 self.assertEqual(r[Ether].src, tx[0][Ether].src)
610 self.assertEqual(r[Ether].dst, tx[0][Ether].dst)
611 self.assertEqual(r[IP].src, tx[0][IP].src)
612 self.assertEqual(r[IP].dst, tx[0][IP].dst)
615 def send_and_expect_bridged6(self, src, tx, dst):
616 rx = self.send_and_expect(src, tx, dst)
619 self.assertEqual(r[Ether].src, tx[0][Ether].src)
620 self.assertEqual(r[Ether].dst, tx[0][Ether].dst)
621 self.assertEqual(r[IPv6].src, tx[0][IPv6].src)
622 self.assertEqual(r[IPv6].dst, tx[0][IPv6].dst)
625 def send_and_expect_routed(self, src, tx, dst, src_mac):
626 rx = self.send_and_expect(src, tx, dst)
629 self.assertEqual(r[Ether].src, src_mac)
630 self.assertEqual(r[Ether].dst, dst.remote_mac)
631 self.assertEqual(r[IP].src, tx[0][IP].src)
632 self.assertEqual(r[IP].dst, tx[0][IP].dst)
635 def send_and_expect_natted(self, src, tx, dst, src_ip):
636 rx = self.send_and_expect(src, tx, dst)
639 self.assertEqual(r[Ether].src, tx[0][Ether].src)
640 self.assertEqual(r[Ether].dst, tx[0][Ether].dst)
641 self.assertEqual(r[IP].src, src_ip)
642 self.assertEqual(r[IP].dst, tx[0][IP].dst)
645 def send_and_expect_natted6(self, src, tx, dst, src_ip):
646 rx = self.send_and_expect(src, tx, dst)
649 self.assertEqual(r[Ether].src, tx[0][Ether].src)
650 self.assertEqual(r[Ether].dst, tx[0][Ether].dst)
651 self.assertEqual(r[IPv6].src, src_ip)
652 self.assertEqual(r[IPv6].dst, tx[0][IPv6].dst)
655 def send_and_expect_unnatted(self, src, tx, dst, dst_ip):
656 rx = self.send_and_expect(src, tx, dst)
659 self.assertEqual(r[Ether].src, tx[0][Ether].src)
660 self.assertEqual(r[Ether].dst, tx[0][Ether].dst)
661 self.assertEqual(r[IP].dst, dst_ip)
662 self.assertEqual(r[IP].src, tx[0][IP].src)
665 def send_and_expect_unnatted6(self, src, tx, dst, dst_ip):
666 rx = self.send_and_expect(src, tx, dst)
669 self.assertEqual(r[Ether].src, tx[0][Ether].src)
670 self.assertEqual(r[Ether].dst, tx[0][Ether].dst)
671 self.assertEqual(r[IPv6].dst, dst_ip)
672 self.assertEqual(r[IPv6].src, tx[0][IPv6].src)
675 def send_and_expect_double_natted(self, src, tx, dst, src_ip, dst_ip):
676 rx = self.send_and_expect(src, tx, dst)
679 self.assertEqual(r[Ether].src, str(self.router_mac))
680 self.assertEqual(r[Ether].dst, dst.remote_mac)
681 self.assertEqual(r[IP].dst, dst_ip)
682 self.assertEqual(r[IP].src, src_ip)
685 def send_and_expect_double_natted6(self, src, tx, dst, src_ip, dst_ip):
686 rx = self.send_and_expect(src, tx, dst)
689 self.assertEqual(r[Ether].src, str(self.router_mac))
690 self.assertEqual(r[Ether].dst, dst.remote_mac)
691 self.assertEqual(r[IPv6].dst, dst_ip)
692 self.assertEqual(r[IPv6].src, src_ip)
696 """ Group Based Policy """
698 ep_flags = VppEnum.vl_api_gbp_endpoint_flags_t
703 bd1 = VppBridgeDomain(self, 1)
704 bd2 = VppBridgeDomain(self, 2)
705 bd20 = VppBridgeDomain(self, 20)
709 bd20.add_vpp_config()
711 gbd1 = VppGbpBridgeDomain(self, bd1, self.loop0)
712 gbd2 = VppGbpBridgeDomain(self, bd2, self.loop1)
713 gbd20 = VppGbpBridgeDomain(self, bd20, self.loop2)
715 gbd1.add_vpp_config()
716 gbd2.add_vpp_config()
717 gbd20.add_vpp_config()
722 gt4 = VppIpTable(self, 0)
724 gt6 = VppIpTable(self, 0, is_ip6=True)
726 nt4 = VppIpTable(self, 20)
728 nt6 = VppIpTable(self, 20, is_ip6=True)
731 rd0 = VppGbpRouteDomain(self, 0, gt4, gt6, None, None)
732 rd20 = VppGbpRouteDomain(self, 20, nt4, nt6, None, None)
735 rd20.add_vpp_config()
738 # 3 EPGs, 2 of which share a BD.
739 # 2 NAT EPGs, one for floating-IP subnets, the other for internet
741 epgs = [VppGbpEndpointGroup(self, 220, 0, rd0, gbd1, self.pg4,
745 VppGbpEndpointGroup(self, 221, 0, rd0, gbd1, self.pg5,
749 VppGbpEndpointGroup(self, 222, 0, rd0, gbd2, self.pg6,
753 VppGbpEndpointGroup(self, 333, 0, rd20, gbd20, self.pg7,
757 VppGbpEndpointGroup(self, 444, 0, rd20, gbd20, self.pg8,
761 recircs = [VppGbpRecirc(self, epgs[0],
763 VppGbpRecirc(self, epgs[1],
765 VppGbpRecirc(self, epgs[2],
767 VppGbpRecirc(self, epgs[3],
768 self.loop6, is_ext=True),
769 VppGbpRecirc(self, epgs[4],
770 self.loop7, is_ext=True)]
773 recirc_nat = recircs[3]
776 # 4 end-points, 2 in the same subnet, 3 in the same BD
778 eps = [VppGbpEndpoint(self, self.pg0,
780 "10.0.0.1", "11.0.0.1",
781 "2001:10::1", "3001::1"),
782 VppGbpEndpoint(self, self.pg1,
784 "10.0.0.2", "11.0.0.2",
785 "2001:10::2", "3001::2"),
786 VppGbpEndpoint(self, self.pg2,
788 "10.0.1.1", "11.0.0.3",
789 "2001:10:1::1", "3001::3"),
790 VppGbpEndpoint(self, self.pg3,
792 "10.0.2.1", "11.0.0.4",
793 "2001:10:2::1", "3001::4")]
796 # Config related to each of the EPGs
799 # IP config on the BVI interfaces
800 if epg != epgs[1] and epg != epgs[4]:
801 VppIpInterfaceBind(self, epg.bvi, epg.rd.t4).add_vpp_config()
802 VppIpInterfaceBind(self, epg.bvi, epg.rd.t6).add_vpp_config()
803 self.vapi.sw_interface_set_mac_address(
805 self.router_mac.packed)
807 # The BVIs are NAT inside interfaces
808 self.vapi.nat44_interface_add_del_feature(epg.bvi.sw_if_index,
811 self.vapi.nat66_add_del_interface(epg.bvi.sw_if_index,
815 if_ip4 = VppIpInterfaceAddress(self, epg.bvi, epg.bvi_ip4, 32)
816 if_ip6 = VppIpInterfaceAddress(self, epg.bvi, epg.bvi_ip6, 128)
817 if_ip4.add_vpp_config()
818 if_ip6.add_vpp_config()
820 # EPG uplink interfaces in the RD
821 VppIpInterfaceBind(self, epg.uplink, epg.rd.t4).add_vpp_config()
822 VppIpInterfaceBind(self, epg.uplink, epg.rd.t6).add_vpp_config()
824 # add the BD ARP termination entry for BVI IP
825 epg.bd_arp_ip4 = VppBridgeDomainArpEntry(self, epg.bd.bd,
826 str(self.router_mac),
828 epg.bd_arp_ip6 = VppBridgeDomainArpEntry(self, epg.bd.bd,
829 str(self.router_mac),
831 epg.bd_arp_ip4.add_vpp_config()
832 epg.bd_arp_ip6.add_vpp_config()
837 for recirc in recircs:
838 # EPG's ingress recirculation interface maps to its RD
839 VppIpInterfaceBind(self, recirc.recirc,
840 recirc.epg.rd.t4).add_vpp_config()
841 VppIpInterfaceBind(self, recirc.recirc,
842 recirc.epg.rd.t6).add_vpp_config()
844 self.vapi.nat44_interface_add_del_feature(
845 recirc.recirc.sw_if_index,
848 self.vapi.nat66_add_del_interface(
849 recirc.recirc.sw_if_index,
853 recirc.add_vpp_config()
855 for recirc in recircs:
856 self.assertTrue(find_bridge_domain_port(self,
857 recirc.epg.bd.bd.bd_id,
858 recirc.recirc.sw_if_index))
861 self.pg_enable_capture(self.pg_interfaces)
864 # routes to the endpoints. We need these since there are no
865 # adj-fibs due to the fact the the BVI address has /32 and
866 # the subnet is not attached.
868 for (ip, fip) in zip(ep.ips, ep.fips):
869 # Add static mappings for each EP from the 10/8 to 11/8 network
871 self.vapi.nat44_add_del_static_mapping(ip.bytes,
876 self.vapi.nat66_add_del_static_mapping(ip.bytes,
883 self.logger.info(self.vapi.cli("sh gbp endpoint"))
885 # ... results in a Gratuitous ARP/ND on the EPG's uplink
886 rx = ep.epg.uplink.get_capture(len(ep.ips), timeout=0.2)
888 for ii, ip in enumerate(ep.ips):
892 self.assertTrue(p.haslayer(ICMPv6ND_NA))
893 self.assertEqual(p[ICMPv6ND_NA].tgt, ip.address)
895 self.assertTrue(p.haslayer(ARP))
896 self.assertEqual(p[ARP].psrc, ip.address)
897 self.assertEqual(p[ARP].pdst, ip.address)
899 # add the BD ARP termination entry for floating IP
901 ba = VppBridgeDomainArpEntry(self, epg_nat.bd.bd, ep.mac, fip)
904 # floating IPs route via EPG recirc
905 r = VppIpRoute(self, fip.address, fip.length,
906 [VppRoutePath(fip.address,
907 ep.recirc.recirc.sw_if_index,
909 proto=fip.dpo_proto)],
914 # L2 FIB entries in the NAT EPG BD to bridge the packets from
915 # the outside direct to the internal EPG
916 lf = VppL2FibEntry(self, epg_nat.bd.bd, ep.mac,
917 ep.recirc.recirc, bvi_mac=0)
921 # ARP packets for unknown IP are sent to the EPG uplink
923 pkt_arp = (Ether(dst="ff:ff:ff:ff:ff:ff",
924 src=self.pg0.remote_mac) /
926 hwdst="ff:ff:ff:ff:ff:ff",
927 hwsrc=self.pg0.remote_mac,
931 self.vapi.cli("clear trace")
932 self.pg0.add_stream(pkt_arp)
934 self.pg_enable_capture(self.pg_interfaces)
937 rxd = epgs[0].uplink.get_capture(1)
940 # ARP/ND packets get a response
942 pkt_arp = (Ether(dst="ff:ff:ff:ff:ff:ff",
943 src=self.pg0.remote_mac) /
945 hwdst="ff:ff:ff:ff:ff:ff",
946 hwsrc=self.pg0.remote_mac,
947 pdst=epgs[0].bvi_ip4.address,
948 psrc=eps[0].ip4.address))
950 self.send_and_expect(self.pg0, [pkt_arp], self.pg0)
952 nsma = in6_getnsma(inet_pton(AF_INET6, eps[0].ip6.address))
953 d = inet_ntop(AF_INET6, nsma)
954 pkt_nd = (Ether(dst=in6_getnsmac(nsma),
955 src=self.pg0.remote_mac) /
956 IPv6(dst=d, src=eps[0].ip6.address) /
957 ICMPv6ND_NS(tgt=epgs[0].bvi_ip6.address) /
958 ICMPv6NDOptSrcLLAddr(lladdr=self.pg0.remote_mac))
959 self.send_and_expect(self.pg0, [pkt_nd], self.pg0)
962 # broadcast packets are flooded
964 pkt_bcast = (Ether(dst="ff:ff:ff:ff:ff:ff",
965 src=self.pg0.remote_mac) /
966 IP(src=eps[0].ip4.address, dst="232.1.1.1") /
967 UDP(sport=1234, dport=1234) /
970 self.vapi.cli("clear trace")
971 self.pg0.add_stream(pkt_bcast)
973 self.pg_enable_capture(self.pg_interfaces)
976 rxd = eps[1].itf.get_capture(1)
977 self.assertEqual(rxd[0][Ether].dst, pkt_bcast[Ether].dst)
978 rxd = epgs[0].uplink.get_capture(1)
979 self.assertEqual(rxd[0][Ether].dst, pkt_bcast[Ether].dst)
982 # packets to non-local L3 destinations dropped
984 pkt_intra_epg_220_ip4 = (Ether(src=self.pg0.remote_mac,
985 dst=str(self.router_mac)) /
986 IP(src=eps[0].ip4.address,
988 UDP(sport=1234, dport=1234) /
990 pkt_inter_epg_222_ip4 = (Ether(src=self.pg0.remote_mac,
991 dst=str(self.router_mac)) /
992 IP(src=eps[0].ip4.address,
994 UDP(sport=1234, dport=1234) /
997 self.send_and_assert_no_replies(self.pg0, pkt_intra_epg_220_ip4 * 65)
999 pkt_inter_epg_222_ip6 = (Ether(src=self.pg0.remote_mac,
1000 dst=str(self.router_mac)) /
1001 IPv6(src=eps[0].ip6.address,
1002 dst="2001:10::99") /
1003 UDP(sport=1234, dport=1234) /
1005 self.send_and_assert_no_replies(self.pg0, pkt_inter_epg_222_ip6 * 65)
1008 # Add the subnet routes
1011 self, rd0, "10.0.0.0", 24,
1012 VppEnum.vl_api_gbp_subnet_type_t.GBP_API_SUBNET_STITCHED_INTERNAL)
1014 self, rd0, "10.0.1.0", 24,
1015 VppEnum.vl_api_gbp_subnet_type_t.GBP_API_SUBNET_STITCHED_INTERNAL)
1017 self, rd0, "10.0.2.0", 24,
1018 VppEnum.vl_api_gbp_subnet_type_t.GBP_API_SUBNET_STITCHED_INTERNAL)
1020 self, rd0, "2001:10::1", 64,
1021 VppEnum.vl_api_gbp_subnet_type_t.GBP_API_SUBNET_STITCHED_INTERNAL)
1023 self, rd0, "2001:10:1::1", 64,
1024 VppEnum.vl_api_gbp_subnet_type_t.GBP_API_SUBNET_STITCHED_INTERNAL)
1026 self, rd0, "2001:10:2::1", 64,
1027 VppEnum.vl_api_gbp_subnet_type_t.GBP_API_SUBNET_STITCHED_INTERNAL)
1028 s41.add_vpp_config()
1029 s42.add_vpp_config()
1030 s43.add_vpp_config()
1031 s61.add_vpp_config()
1032 s62.add_vpp_config()
1033 s63.add_vpp_config()
1035 self.send_and_expect_bridged(eps[0].itf,
1036 pkt_intra_epg_220_ip4 * 65,
1038 self.send_and_expect_bridged(eps[0].itf,
1039 pkt_inter_epg_222_ip4 * 65,
1041 self.send_and_expect_bridged6(eps[0].itf,
1042 pkt_inter_epg_222_ip6 * 65,
1045 self.logger.info(self.vapi.cli("sh ip fib 11.0.0.2"))
1046 self.logger.info(self.vapi.cli("sh gbp endpoint-group"))
1047 self.logger.info(self.vapi.cli("sh gbp endpoint"))
1048 self.logger.info(self.vapi.cli("sh gbp recirc"))
1049 self.logger.info(self.vapi.cli("sh int"))
1050 self.logger.info(self.vapi.cli("sh int addr"))
1051 self.logger.info(self.vapi.cli("sh int feat loop6"))
1052 self.logger.info(self.vapi.cli("sh vlib graph ip4-gbp-src-classify"))
1053 self.logger.info(self.vapi.cli("sh int feat loop3"))
1054 self.logger.info(self.vapi.cli("sh int feat pg0"))
1057 # Packet destined to unknown unicast is sent on the epg uplink ...
1059 pkt_intra_epg_220_to_uplink = (Ether(src=self.pg0.remote_mac,
1060 dst="00:00:00:33:44:55") /
1061 IP(src=eps[0].ip4.address,
1063 UDP(sport=1234, dport=1234) /
1066 self.send_and_expect_bridged(eps[0].itf,
1067 pkt_intra_epg_220_to_uplink * 65,
1069 # ... and nowhere else
1070 self.pg1.get_capture(0, timeout=0.1)
1071 self.pg1.assert_nothing_captured(remark="Flood onto other VMS")
1073 pkt_intra_epg_221_to_uplink = (Ether(src=self.pg2.remote_mac,
1074 dst="00:00:00:33:44:66") /
1075 IP(src=eps[0].ip4.address,
1077 UDP(sport=1234, dport=1234) /
1080 self.send_and_expect_bridged(eps[2].itf,
1081 pkt_intra_epg_221_to_uplink * 65,
1085 # Packets from the uplink are forwarded in the absence of a contract
1087 pkt_intra_epg_220_from_uplink = (Ether(src="00:00:00:33:44:55",
1088 dst=self.pg0.remote_mac) /
1089 IP(src=eps[0].ip4.address,
1091 UDP(sport=1234, dport=1234) /
1094 self.send_and_expect_bridged(self.pg4,
1095 pkt_intra_epg_220_from_uplink * 65,
1099 # in the absence of policy, endpoints in the same EPG
1102 pkt_intra_epg = (Ether(src=self.pg0.remote_mac,
1103 dst=self.pg1.remote_mac) /
1104 IP(src=eps[0].ip4.address,
1105 dst=eps[1].ip4.address) /
1106 UDP(sport=1234, dport=1234) /
1109 self.send_and_expect_bridged(self.pg0, pkt_intra_epg * 65, self.pg1)
1112 # in the abscense of policy, endpoints in the different EPG
1113 # cannot communicate
1115 pkt_inter_epg_220_to_221 = (Ether(src=self.pg0.remote_mac,
1116 dst=self.pg2.remote_mac) /
1117 IP(src=eps[0].ip4.address,
1118 dst=eps[2].ip4.address) /
1119 UDP(sport=1234, dport=1234) /
1121 pkt_inter_epg_221_to_220 = (Ether(src=self.pg2.remote_mac,
1122 dst=self.pg0.remote_mac) /
1123 IP(src=eps[2].ip4.address,
1124 dst=eps[0].ip4.address) /
1125 UDP(sport=1234, dport=1234) /
1127 pkt_inter_epg_220_to_222 = (Ether(src=self.pg0.remote_mac,
1128 dst=str(self.router_mac)) /
1129 IP(src=eps[0].ip4.address,
1130 dst=eps[3].ip4.address) /
1131 UDP(sport=1234, dport=1234) /
1134 self.send_and_assert_no_replies(eps[0].itf,
1135 pkt_inter_epg_220_to_221 * 65)
1136 self.send_and_assert_no_replies(eps[0].itf,
1137 pkt_inter_epg_220_to_222 * 65)
1140 # A uni-directional contract from EPG 220 -> 221
1142 acl = VppGbpAcl(self)
1143 rule = acl.create_rule(permit_deny=1, proto=17)
1144 rule2 = acl.create_rule(is_ipv6=1, permit_deny=1, proto=17)
1145 acl_index = acl.add_vpp_config([rule, rule2])
1146 c1 = VppGbpContract(
1147 self, 220, 221, acl_index,
1148 [VppGbpContractRule(
1149 VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
1152 VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
1154 [ETH_P_IP, ETH_P_IPV6])
1157 self.send_and_expect_bridged(eps[0].itf,
1158 pkt_inter_epg_220_to_221 * 65,
1160 self.send_and_assert_no_replies(eps[0].itf,
1161 pkt_inter_epg_220_to_222 * 65)
1164 # contract for the return direction
1166 c2 = VppGbpContract(
1167 self, 221, 220, acl_index,
1168 [VppGbpContractRule(
1169 VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
1172 VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
1174 [ETH_P_IP, ETH_P_IPV6])
1177 self.send_and_expect_bridged(eps[0].itf,
1178 pkt_inter_epg_220_to_221 * 65,
1180 self.send_and_expect_bridged(eps[2].itf,
1181 pkt_inter_epg_221_to_220 * 65,
1185 # the contract does not allow non-IP
1187 pkt_non_ip_inter_epg_220_to_221 = (Ether(src=self.pg0.remote_mac,
1188 dst=self.pg2.remote_mac) /
1190 self.send_and_assert_no_replies(eps[0].itf,
1191 pkt_non_ip_inter_epg_220_to_221 * 17)
1194 # check that inter group is still disabled for the groups
1195 # not in the contract.
1197 self.send_and_assert_no_replies(eps[0].itf,
1198 pkt_inter_epg_220_to_222 * 65)
1201 # A uni-directional contract from EPG 220 -> 222 'L3 routed'
1203 c3 = VppGbpContract(
1204 self, 220, 222, acl_index,
1205 [VppGbpContractRule(
1206 VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
1209 VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
1211 [ETH_P_IP, ETH_P_IPV6])
1214 self.logger.info(self.vapi.cli("sh gbp contract"))
1216 self.send_and_expect_routed(eps[0].itf,
1217 pkt_inter_epg_220_to_222 * 65,
1219 str(self.router_mac))
1222 # remove both contracts, traffic stops in both directions
1224 c2.remove_vpp_config()
1225 c1.remove_vpp_config()
1226 c3.remove_vpp_config()
1227 acl.remove_vpp_config()
1229 self.send_and_assert_no_replies(eps[2].itf,
1230 pkt_inter_epg_221_to_220 * 65)
1231 self.send_and_assert_no_replies(eps[0].itf,
1232 pkt_inter_epg_220_to_221 * 65)
1233 self.send_and_expect_bridged(eps[0].itf,
1238 # EPs to the outside world
1241 # in the EP's RD an external subnet via the NAT EPG's recirc
1243 self, rd0, "0.0.0.0", 0,
1244 VppEnum.vl_api_gbp_subnet_type_t.GBP_API_SUBNET_STITCHED_EXTERNAL,
1245 sw_if_index=recirc_nat.recirc.sw_if_index,
1248 self, rd0, "11.0.0.0", 8,
1249 VppEnum.vl_api_gbp_subnet_type_t.GBP_API_SUBNET_STITCHED_EXTERNAL,
1250 sw_if_index=recirc_nat.recirc.sw_if_index,
1252 se16 = VppGbpSubnet(
1254 VppEnum.vl_api_gbp_subnet_type_t.GBP_API_SUBNET_STITCHED_EXTERNAL,
1255 sw_if_index=recirc_nat.recirc.sw_if_index,
1257 # in the NAT RD an external subnet via the NAT EPG's uplink
1259 self, rd20, "0.0.0.0", 0,
1260 VppEnum.vl_api_gbp_subnet_type_t.GBP_API_SUBNET_STITCHED_EXTERNAL,
1261 sw_if_index=epg_nat.uplink.sw_if_index,
1263 se36 = VppGbpSubnet(
1264 self, rd20, "::", 0,
1265 VppEnum.vl_api_gbp_subnet_type_t.GBP_API_SUBNET_STITCHED_EXTERNAL,
1266 sw_if_index=epg_nat.uplink.sw_if_index,
1269 self, rd20, "11.0.0.0", 8,
1270 VppEnum.vl_api_gbp_subnet_type_t.GBP_API_SUBNET_STITCHED_EXTERNAL,
1271 sw_if_index=epg_nat.uplink.sw_if_index,
1273 se1.add_vpp_config()
1274 se2.add_vpp_config()
1275 se16.add_vpp_config()
1276 se3.add_vpp_config()
1277 se36.add_vpp_config()
1278 se4.add_vpp_config()
1280 self.logger.info(self.vapi.cli("sh ip fib 0.0.0.0/0"))
1281 self.logger.info(self.vapi.cli("sh ip fib 11.0.0.1"))
1282 self.logger.info(self.vapi.cli("sh ip6 fib ::/0"))
1283 self.logger.info(self.vapi.cli("sh ip6 fib %s" %
1287 # From an EP to an outside addess: IN2OUT
1289 pkt_inter_epg_220_to_global = (Ether(src=self.pg0.remote_mac,
1290 dst=str(self.router_mac)) /
1291 IP(src=eps[0].ip4.address,
1293 UDP(sport=1234, dport=1234) /
1297 self.send_and_assert_no_replies(eps[0].itf,
1298 pkt_inter_epg_220_to_global * 65)
1300 acl2 = VppGbpAcl(self)
1301 rule = acl2.create_rule(permit_deny=1, proto=17, sport_from=1234,
1302 sport_to=1234, dport_from=1234, dport_to=1234)
1303 rule2 = acl2.create_rule(is_ipv6=1, permit_deny=1, proto=17,
1304 sport_from=1234, sport_to=1234,
1305 dport_from=1234, dport_to=1234)
1307 acl_index2 = acl2.add_vpp_config([rule, rule2])
1308 c4 = VppGbpContract(
1309 self, 220, 333, acl_index2,
1310 [VppGbpContractRule(
1311 VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
1314 VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
1316 [ETH_P_IP, ETH_P_IPV6])
1319 self.send_and_expect_natted(eps[0].itf,
1320 pkt_inter_epg_220_to_global * 65,
1322 eps[0].fip4.address)
1324 pkt_inter_epg_220_to_global = (Ether(src=self.pg0.remote_mac,
1325 dst=str(self.router_mac)) /
1326 IPv6(src=eps[0].ip6.address,
1328 UDP(sport=1234, dport=1234) /
1331 self.send_and_expect_natted6(self.pg0,
1332 pkt_inter_epg_220_to_global * 65,
1334 eps[0].fip6.address)
1337 # From a global address to an EP: OUT2IN
1339 pkt_inter_epg_220_from_global = (Ether(src=str(self.router_mac),
1340 dst=self.pg0.remote_mac) /
1341 IP(dst=eps[0].fip4.address,
1343 UDP(sport=1234, dport=1234) /
1346 self.send_and_assert_no_replies(self.pg7,
1347 pkt_inter_epg_220_from_global * 65)
1349 c5 = VppGbpContract(
1350 self, 333, 220, acl_index2,
1351 [VppGbpContractRule(
1352 VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
1355 VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
1357 [ETH_P_IP, ETH_P_IPV6])
1360 self.send_and_expect_unnatted(self.pg7,
1361 pkt_inter_epg_220_from_global * 65,
1365 pkt_inter_epg_220_from_global = (Ether(src=str(self.router_mac),
1366 dst=self.pg0.remote_mac) /
1367 IPv6(dst=eps[0].fip6.address,
1369 UDP(sport=1234, dport=1234) /
1372 self.send_and_expect_unnatted6(self.pg7,
1373 pkt_inter_epg_220_from_global * 65,
1378 # From a local VM to another local VM using resp. public addresses:
1381 pkt_intra_epg_220_global = (Ether(src=self.pg0.remote_mac,
1382 dst=str(self.router_mac)) /
1383 IP(src=eps[0].ip4.address,
1384 dst=eps[1].fip4.address) /
1385 UDP(sport=1234, dport=1234) /
1388 self.send_and_expect_double_natted(eps[0].itf,
1389 pkt_intra_epg_220_global * 65,
1391 eps[0].fip4.address,
1394 pkt_intra_epg_220_global = (Ether(src=self.pg0.remote_mac,
1395 dst=str(self.router_mac)) /
1396 IPv6(src=eps[0].ip6.address,
1397 dst=eps[1].fip6.address) /
1398 UDP(sport=1234, dport=1234) /
1401 self.send_and_expect_double_natted6(eps[0].itf,
1402 pkt_intra_epg_220_global * 65,
1404 eps[0].fip6.address,
1411 # del static mappings for each EP from the 10/8 to 11/8 network
1412 self.vapi.nat44_add_del_static_mapping(ep.ip4.bytes,
1417 self.vapi.nat66_add_del_static_mapping(ep.ip6.bytes,
1423 # IP config on the BVI interfaces
1424 if epg != epgs[0] and epg != epgs[3]:
1425 self.vapi.nat44_interface_add_del_feature(epg.bvi.sw_if_index,
1428 self.vapi.nat66_add_del_interface(epg.bvi.sw_if_index,
1432 for recirc in recircs:
1433 self.vapi.nat44_interface_add_del_feature(
1434 recirc.recirc.sw_if_index,
1437 self.vapi.nat66_add_del_interface(
1438 recirc.recirc.sw_if_index,
1442 def wait_for_ep_timeout(self, sw_if_index=None, ip=None, mac=None,
1443 n_tries=100, s_time=1):
1445 if not find_gbp_endpoint(self, sw_if_index, ip, mac):
1447 n_tries = n_tries - 1
1449 self.assertFalse(find_gbp_endpoint(self, sw_if_index, ip, mac))
1452 def test_gbp_learn_l2(self):
1453 """ GBP L2 Endpoint Learning """
1455 ep_flags = VppEnum.vl_api_gbp_endpoint_flags_t
1456 learnt = [{'mac': '00:00:11:11:11:01',
1458 'ip6': '2001:10::2'},
1459 {'mac': '00:00:11:11:11:02',
1461 'ip6': '2001:10::3'}]
1464 # lower the inactive threshold so these tests pass in a
1465 # reasonable amount of time
1467 self.vapi.gbp_endpoint_learn_set_inactive_threshold(2)
1472 gt4 = VppIpTable(self, 1)
1473 gt4.add_vpp_config()
1474 gt6 = VppIpTable(self, 1, is_ip6=True)
1475 gt6.add_vpp_config()
1477 rd1 = VppGbpRouteDomain(self, 1, gt4, gt6)
1478 rd1.add_vpp_config()
1481 # Pg2 hosts the vxlan tunnel, hosts on pg2 to act as TEPs
1482 # Pg3 hosts the IP4 UU-flood VXLAN tunnel
1483 # Pg4 hosts the IP6 UU-flood VXLAN tunnel
1485 self.pg2.config_ip4()
1486 self.pg2.resolve_arp()
1487 self.pg2.generate_remote_hosts(4)
1488 self.pg2.configure_ipv4_neighbors()
1489 self.pg3.config_ip4()
1490 self.pg3.resolve_arp()
1491 self.pg4.config_ip4()
1492 self.pg4.resolve_arp()
1495 # Add a mcast destination VXLAN-GBP tunnel for B&M traffic
1497 tun_bm = VppVxlanGbpTunnel(self, self.pg4.local_ip4,
1500 tun_bm.add_vpp_config()
1503 # a GBP bridge domain with a BVI and a UU-flood interface
1505 bd1 = VppBridgeDomain(self, 1)
1506 bd1.add_vpp_config()
1507 gbd1 = VppGbpBridgeDomain(self, bd1, self.loop0, self.pg3, tun_bm)
1508 gbd1.add_vpp_config()
1510 self.logger.info(self.vapi.cli("sh bridge 1 detail"))
1511 self.logger.info(self.vapi.cli("sh gbp bridge"))
1513 # ... and has a /32 applied
1514 ip_addr = VppIpInterfaceAddress(self, gbd1.bvi, "10.0.0.128", 32)
1515 ip_addr.add_vpp_config()
1518 # The Endpoint-group in which we are learning endpoints
1520 epg_220 = VppGbpEndpointGroup(self, 220, 112, rd1, gbd1,
1524 epg_220.add_vpp_config()
1525 epg_330 = VppGbpEndpointGroup(self, 330, 113, rd1, gbd1,
1529 epg_330.add_vpp_config()
1532 # The VXLAN GBP tunnel is a bridge-port and has L2 endpoint
1535 vx_tun_l2_1 = VppGbpVxlanTunnel(
1536 self, 99, bd1.bd_id,
1537 VppEnum.vl_api_gbp_vxlan_tunnel_mode_t.GBP_VXLAN_TUNNEL_MODE_L2)
1538 vx_tun_l2_1.add_vpp_config()
1541 # A static endpoint that the learnt endpoints are trying to
1544 ep = VppGbpEndpoint(self, self.pg0,
1546 "10.0.0.127", "11.0.0.127",
1547 "2001:10::1", "3001::1")
1550 self.assertTrue(find_route(self, ep.ip4.address, 32, table_id=1))
1552 # a packet with an sclass from an unknwon EPG
1553 p = (Ether(src=self.pg2.remote_mac,
1554 dst=self.pg2.local_mac) /
1555 IP(src=self.pg2.remote_hosts[0].ip4,
1556 dst=self.pg2.local_ip4) /
1557 UDP(sport=1234, dport=48879) /
1558 VXLAN(vni=99, gpid=88, flags=0x88) /
1559 Ether(src=learnt[0]["mac"], dst=ep.mac) /
1560 IP(src=learnt[0]["ip"], dst=ep.ip4.address) /
1561 UDP(sport=1234, dport=1234) /
1564 self.send_and_assert_no_replies(self.pg2, p)
1567 # we should not have learnt a new tunnel endpoint, since
1568 # the EPG was not learnt.
1570 self.assertEqual(INDEX_INVALID,
1571 find_vxlan_gbp_tunnel(self,
1573 self.pg2.remote_hosts[0].ip4,
1576 # epg is not learnt, becasue the EPG is unknwon
1577 self.assertEqual(len(self.vapi.gbp_endpoint_dump()), 1)
1579 for ii, l in enumerate(learnt):
1580 # a packet with an sclass from a knwon EPG
1581 # arriving on an unknown TEP
1582 p = (Ether(src=self.pg2.remote_mac,
1583 dst=self.pg2.local_mac) /
1584 IP(src=self.pg2.remote_hosts[1].ip4,
1585 dst=self.pg2.local_ip4) /
1586 UDP(sport=1234, dport=48879) /
1587 VXLAN(vni=99, gpid=112, flags=0x88) /
1588 Ether(src=l['mac'], dst=ep.mac) /
1589 IP(src=l['ip'], dst=ep.ip4.address) /
1590 UDP(sport=1234, dport=1234) /
1593 rx = self.send_and_expect(self.pg2, [p], self.pg0)
1596 tep1_sw_if_index = find_vxlan_gbp_tunnel(
1599 self.pg2.remote_hosts[1].ip4,
1601 self.assertNotEqual(INDEX_INVALID, tep1_sw_if_index)
1604 # the EP is learnt via the learnt TEP
1605 # both from its MAC and its IP
1607 self.assertTrue(find_gbp_endpoint(self,
1608 vx_tun_l2_1.sw_if_index,
1610 self.assertTrue(find_gbp_endpoint(self,
1611 vx_tun_l2_1.sw_if_index,
1614 self.logger.info(self.vapi.cli("show gbp endpoint"))
1615 self.logger.info(self.vapi.cli("show gbp vxlan"))
1616 self.logger.info(self.vapi.cli("show vxlan-gbp tunnel"))
1619 # If we sleep for the threshold time, the learnt endpoints should
1623 self.wait_for_ep_timeout(vx_tun_l2_1.sw_if_index,
1627 # repeat. the do not learn bit is set so the EPs are not learnt
1630 # a packet with an sclass from a knwon EPG
1631 p = (Ether(src=self.pg2.remote_mac,
1632 dst=self.pg2.local_mac) /
1633 IP(src=self.pg2.remote_hosts[1].ip4,
1634 dst=self.pg2.local_ip4) /
1635 UDP(sport=1234, dport=48879) /
1636 VXLAN(vni=99, gpid=112, flags=0x88, gpflags="D") /
1637 Ether(src=l['mac'], dst=ep.mac) /
1638 IP(src=l['ip'], dst=ep.ip4.address) /
1639 UDP(sport=1234, dport=1234) /
1642 rx = self.send_and_expect(self.pg2, p*65, self.pg0)
1645 self.assertFalse(find_gbp_endpoint(self,
1646 vx_tun_l2_1.sw_if_index,
1653 # a packet with an sclass from a knwon EPG
1654 p = (Ether(src=self.pg2.remote_mac,
1655 dst=self.pg2.local_mac) /
1656 IP(src=self.pg2.remote_hosts[1].ip4,
1657 dst=self.pg2.local_ip4) /
1658 UDP(sport=1234, dport=48879) /
1659 VXLAN(vni=99, gpid=112, flags=0x88) /
1660 Ether(src=l['mac'], dst=ep.mac) /
1661 IP(src=l['ip'], dst=ep.ip4.address) /
1662 UDP(sport=1234, dport=1234) /
1665 rx = self.send_and_expect(self.pg2, p*65, self.pg0)
1667 self.assertTrue(find_gbp_endpoint(self,
1668 vx_tun_l2_1.sw_if_index,
1672 # Static EP replies to dynamics
1674 self.logger.info(self.vapi.cli("sh l2fib bd_id 1"))
1676 p = (Ether(src=ep.mac, dst=l['mac']) /
1677 IP(dst=l['ip'], src=ep.ip4.address) /
1678 UDP(sport=1234, dport=1234) /
1681 rxs = self.send_and_expect(self.pg0, p * 17, self.pg2)
1684 self.assertEqual(rx[IP].src, self.pg2.local_ip4)
1685 self.assertEqual(rx[IP].dst, self.pg2.remote_hosts[1].ip4)
1686 self.assertEqual(rx[UDP].dport, 48879)
1687 # the UDP source port is a random value for hashing
1688 self.assertEqual(rx[VXLAN].gpid, 112)
1689 self.assertEqual(rx[VXLAN].vni, 99)
1690 self.assertTrue(rx[VXLAN].flags.G)
1691 self.assertTrue(rx[VXLAN].flags.Instance)
1692 self.assertTrue(rx[VXLAN].gpflags.A)
1693 self.assertFalse(rx[VXLAN].gpflags.D)
1696 self.wait_for_ep_timeout(vx_tun_l2_1.sw_if_index,
1700 # repeat in the other EPG
1701 # there's no contract between 220 and 330, but the A-bit is set
1702 # so the packet is cleared for delivery
1705 # a packet with an sclass from a knwon EPG
1706 p = (Ether(src=self.pg2.remote_mac,
1707 dst=self.pg2.local_mac) /
1708 IP(src=self.pg2.remote_hosts[1].ip4,
1709 dst=self.pg2.local_ip4) /
1710 UDP(sport=1234, dport=48879) /
1711 VXLAN(vni=99, gpid=113, flags=0x88, gpflags='A') /
1712 Ether(src=l['mac'], dst=ep.mac) /
1713 IP(src=l['ip'], dst=ep.ip4.address) /
1714 UDP(sport=1234, dport=1234) /
1717 rx = self.send_and_expect(self.pg2, p*65, self.pg0)
1719 self.assertTrue(find_gbp_endpoint(self,
1720 vx_tun_l2_1.sw_if_index,
1724 # static EP cannot reach the learnt EPs since there is no contract
1725 # only test 1 EP as the others could timeout
1727 p = (Ether(src=ep.mac, dst=l['mac']) /
1728 IP(dst=learnt[0]['ip'], src=ep.ip4.address) /
1729 UDP(sport=1234, dport=1234) /
1732 self.send_and_assert_no_replies(self.pg0, [p])
1735 # refresh the entries after the check for no replies above
1738 # a packet with an sclass from a knwon EPG
1739 p = (Ether(src=self.pg2.remote_mac,
1740 dst=self.pg2.local_mac) /
1741 IP(src=self.pg2.remote_hosts[1].ip4,
1742 dst=self.pg2.local_ip4) /
1743 UDP(sport=1234, dport=48879) /
1744 VXLAN(vni=99, gpid=113, flags=0x88, gpflags='A') /
1745 Ether(src=l['mac'], dst=ep.mac) /
1746 IP(src=l['ip'], dst=ep.ip4.address) /
1747 UDP(sport=1234, dport=1234) /
1750 rx = self.send_and_expect(self.pg2, p*65, self.pg0)
1752 self.assertTrue(find_gbp_endpoint(self,
1753 vx_tun_l2_1.sw_if_index,
1757 # Add the contract so they can talk
1759 acl = VppGbpAcl(self)
1760 rule = acl.create_rule(permit_deny=1, proto=17)
1761 rule2 = acl.create_rule(is_ipv6=1, permit_deny=1, proto=17)
1762 acl_index = acl.add_vpp_config([rule, rule2])
1763 c1 = VppGbpContract(
1764 self, 220, 330, acl_index,
1765 [VppGbpContractRule(
1766 VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
1769 VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
1771 [ETH_P_IP, ETH_P_IPV6])
1775 p = (Ether(src=ep.mac, dst=l['mac']) /
1776 IP(dst=l['ip'], src=ep.ip4.address) /
1777 UDP(sport=1234, dport=1234) /
1780 self.send_and_expect(self.pg0, [p], self.pg2)
1783 # send UU packets from the local EP
1785 self.logger.info(self.vapi.cli("sh bridge 1 detail"))
1786 self.logger.info(self.vapi.cli("sh gbp bridge"))
1787 p_uu = (Ether(src=ep.mac, dst="00:11:11:11:11:11") /
1788 IP(dst="10.0.0.133", src=ep.ip4.address) /
1789 UDP(sport=1234, dport=1234) /
1791 rxs = self.send_and_expect(ep.itf, [p_uu], gbd1.uu_fwd)
1793 self.logger.info(self.vapi.cli("sh bridge 1 detail"))
1795 p_bm = (Ether(src=ep.mac, dst="ff:ff:ff:ff:ff:ff") /
1796 IP(dst="10.0.0.133", src=ep.ip4.address) /
1797 UDP(sport=1234, dport=1234) /
1799 rxs = self.send_and_expect_only(ep.itf, [p_bm], tun_bm.mcast_itf)
1802 self.assertEqual(rx[IP].src, self.pg4.local_ip4)
1803 self.assertEqual(rx[IP].dst, "239.1.1.1")
1804 self.assertEqual(rx[UDP].dport, 48879)
1805 # the UDP source port is a random value for hashing
1806 self.assertEqual(rx[VXLAN].gpid, 112)
1807 self.assertEqual(rx[VXLAN].vni, 88)
1808 self.assertTrue(rx[VXLAN].flags.G)
1809 self.assertTrue(rx[VXLAN].flags.Instance)
1810 self.assertFalse(rx[VXLAN].gpflags.A)
1811 self.assertFalse(rx[VXLAN].gpflags.D)
1814 # Check v6 Endpoints
1817 # a packet with an sclass from a knwon EPG
1818 p = (Ether(src=self.pg2.remote_mac,
1819 dst=self.pg2.local_mac) /
1820 IP(src=self.pg2.remote_hosts[1].ip4,
1821 dst=self.pg2.local_ip4) /
1822 UDP(sport=1234, dport=48879) /
1823 VXLAN(vni=99, gpid=113, flags=0x88, gpflags='A') /
1824 Ether(src=l['mac'], dst=ep.mac) /
1825 IPv6(src=l['ip6'], dst=ep.ip6.address) /
1826 UDP(sport=1234, dport=1234) /
1829 rx = self.send_and_expect(self.pg2, p*65, self.pg0)
1831 self.assertTrue(find_gbp_endpoint(self,
1832 vx_tun_l2_1.sw_if_index,
1836 # L3 Endpoint Learning
1837 # - configured on the bridge's BVI
1844 self.wait_for_ep_timeout(vx_tun_l2_1.sw_if_index,
1847 self.pg2.unconfig_ip4()
1848 self.pg3.unconfig_ip4()
1849 self.pg4.unconfig_ip4()
1851 self.logger.info(self.vapi.cli("sh int"))
1852 self.logger.info(self.vapi.cli("sh gbp vxlan"))
1854 def test_gbp_learn_vlan_l2(self):
1855 """ GBP L2 Endpoint w/ VLANs"""
1857 ep_flags = VppEnum.vl_api_gbp_endpoint_flags_t
1858 learnt = [{'mac': '00:00:11:11:11:01',
1860 'ip6': '2001:10::2'},
1861 {'mac': '00:00:11:11:11:02',
1863 'ip6': '2001:10::3'}]
1866 # lower the inactive threshold so these tests pass in a
1867 # reasonable amount of time
1869 self.vapi.gbp_endpoint_learn_set_inactive_threshold(2)
1874 gt4 = VppIpTable(self, 1)
1875 gt4.add_vpp_config()
1876 gt6 = VppIpTable(self, 1, is_ip6=True)
1877 gt6.add_vpp_config()
1879 rd1 = VppGbpRouteDomain(self, 1, gt4, gt6)
1880 rd1.add_vpp_config()
1883 # Pg2 hosts the vxlan tunnel, hosts on pg2 to act as TEPs
1885 self.pg2.config_ip4()
1886 self.pg2.resolve_arp()
1887 self.pg2.generate_remote_hosts(4)
1888 self.pg2.configure_ipv4_neighbors()
1889 self.pg3.config_ip4()
1890 self.pg3.resolve_arp()
1893 # The EP will be on a vlan sub-interface
1895 vlan_11 = VppDot1QSubint(self, self.pg0, 11)
1897 self.vapi.sw_interface_set_l2_tag_rewrite(vlan_11.sw_if_index,
1901 bd_uu_fwd = VppVxlanGbpTunnel(self, self.pg3.local_ip4,
1902 self.pg3.remote_ip4, 116)
1903 bd_uu_fwd.add_vpp_config()
1906 # a GBP bridge domain with a BVI and a UU-flood interface
1907 # The BD is marked as do not learn, so no endpoints are ever
1908 # learnt in this BD.
1910 bd1 = VppBridgeDomain(self, 1)
1911 bd1.add_vpp_config()
1912 gbd1 = VppGbpBridgeDomain(self, bd1, self.loop0, bd_uu_fwd,
1914 gbd1.add_vpp_config()
1916 self.logger.info(self.vapi.cli("sh bridge 1 detail"))
1917 self.logger.info(self.vapi.cli("sh gbp bridge"))
1919 # ... and has a /32 applied
1920 ip_addr = VppIpInterfaceAddress(self, gbd1.bvi, "10.0.0.128", 32)
1921 ip_addr.add_vpp_config()
1924 # The Endpoint-group in which we are learning endpoints
1926 epg_220 = VppGbpEndpointGroup(self, 220, 441, rd1, gbd1,
1930 epg_220.add_vpp_config()
1933 # The VXLAN GBP tunnel is a bridge-port and has L2 endpoint
1936 vx_tun_l2_1 = VppGbpVxlanTunnel(
1937 self, 99, bd1.bd_id,
1938 VppEnum.vl_api_gbp_vxlan_tunnel_mode_t.GBP_VXLAN_TUNNEL_MODE_L2)
1939 vx_tun_l2_1.add_vpp_config()
1942 # A static endpoint that the learnt endpoints are trying to
1945 ep = VppGbpEndpoint(self, vlan_11,
1947 "10.0.0.127", "11.0.0.127",
1948 "2001:10::1", "3001::1")
1951 self.assertTrue(find_route(self, ep.ip4.address, 32, table_id=1))
1954 # Send to the static EP
1956 for ii, l in enumerate(learnt):
1957 # a packet with an sclass from a knwon EPG
1958 # arriving on an unknown TEP
1959 p = (Ether(src=self.pg2.remote_mac,
1960 dst=self.pg2.local_mac) /
1961 IP(src=self.pg2.remote_hosts[1].ip4,
1962 dst=self.pg2.local_ip4) /
1963 UDP(sport=1234, dport=48879) /
1964 VXLAN(vni=99, gpid=441, flags=0x88) /
1965 Ether(src=l['mac'], dst=ep.mac) /
1966 IP(src=l['ip'], dst=ep.ip4.address) /
1967 UDP(sport=1234, dport=1234) /
1970 rxs = self.send_and_expect(self.pg2, [p], self.pg0)
1973 # packet to EP has the EP's vlan tag
1976 self.assertEqual(rx[Dot1Q].vlan, 11)
1979 # the EP is not learnt since the BD setting prevents it
1982 self.assertFalse(find_gbp_endpoint(self,
1983 vx_tun_l2_1.sw_if_index,
1985 self.assertEqual(INDEX_INVALID,
1986 find_vxlan_gbp_tunnel(
1989 self.pg2.remote_hosts[1].ip4,
1992 self.assertEqual(len(self.vapi.gbp_endpoint_dump()), 1)
1996 # we didn't learn the remotes so they are sent to the UU-fwd
1999 p = (Ether(src=ep.mac, dst=l['mac']) /
2001 IP(dst=l['ip'], src=ep.ip4.address) /
2002 UDP(sport=1234, dport=1234) /
2005 rxs = self.send_and_expect(self.pg0, p * 17, self.pg3)
2008 self.assertEqual(rx[IP].src, self.pg3.local_ip4)
2009 self.assertEqual(rx[IP].dst, self.pg3.remote_ip4)
2010 self.assertEqual(rx[UDP].dport, 48879)
2011 # the UDP source port is a random value for hashing
2012 self.assertEqual(rx[VXLAN].gpid, 441)
2013 self.assertEqual(rx[VXLAN].vni, 116)
2014 self.assertTrue(rx[VXLAN].flags.G)
2015 self.assertTrue(rx[VXLAN].flags.Instance)
2016 self.assertFalse(rx[VXLAN].gpflags.A)
2017 self.assertFalse(rx[VXLAN].gpflags.D)
2019 self.pg2.unconfig_ip4()
2020 self.pg3.unconfig_ip4()
2022 def test_gbp_learn_l3(self):
2023 """ GBP L3 Endpoint Learning """
2025 self.vapi.cli("set logging class gbp debug")
2027 ep_flags = VppEnum.vl_api_gbp_endpoint_flags_t
2028 routed_dst_mac = "00:0c:0c:0c:0c:0c"
2029 routed_src_mac = "00:22:bd:f8:19:ff"
2031 learnt = [{'mac': '00:00:11:11:11:02',
2033 'ip6': '2001:10::2'},
2034 {'mac': '00:00:11:11:11:03',
2036 'ip6': '2001:10::3'}]
2039 # lower the inactive threshold so these tests pass in a
2040 # reasonable amount of time
2042 self.vapi.gbp_endpoint_learn_set_inactive_threshold(2)
2047 t4 = VppIpTable(self, 1)
2049 t6 = VppIpTable(self, 1, True)
2052 tun_ip4_uu = VppVxlanGbpTunnel(self, self.pg4.local_ip4,
2053 self.pg4.remote_ip4, 114)
2054 tun_ip6_uu = VppVxlanGbpTunnel(self, self.pg4.local_ip4,
2055 self.pg4.remote_ip4, 116)
2056 tun_ip4_uu.add_vpp_config()
2057 tun_ip6_uu.add_vpp_config()
2059 rd1 = VppGbpRouteDomain(self, 2, t4, t6, tun_ip4_uu, tun_ip6_uu)
2060 rd1.add_vpp_config()
2062 self.loop0.set_mac(self.router_mac)
2065 # Bind the BVI to the RD
2067 VppIpInterfaceBind(self, self.loop0, t4).add_vpp_config()
2068 VppIpInterfaceBind(self, self.loop0, t6).add_vpp_config()
2071 # Pg2 hosts the vxlan tunnel
2072 # hosts on pg2 to act as TEPs
2076 self.pg2.config_ip4()
2077 self.pg2.resolve_arp()
2078 self.pg2.generate_remote_hosts(4)
2079 self.pg2.configure_ipv4_neighbors()
2080 self.pg3.config_ip4()
2081 self.pg3.resolve_arp()
2082 self.pg4.config_ip4()
2083 self.pg4.resolve_arp()
2086 # a GBP bridge domain with a BVI and a UU-flood interface
2088 bd1 = VppBridgeDomain(self, 1)
2089 bd1.add_vpp_config()
2090 gbd1 = VppGbpBridgeDomain(self, bd1, self.loop0, self.pg3)
2091 gbd1.add_vpp_config()
2093 self.logger.info(self.vapi.cli("sh bridge 1 detail"))
2094 self.logger.info(self.vapi.cli("sh gbp bridge"))
2095 self.logger.info(self.vapi.cli("sh gbp route"))
2097 # ... and has a /32 and /128 applied
2098 ip4_addr = VppIpInterfaceAddress(self, gbd1.bvi, "10.0.0.128", 32)
2099 ip4_addr.add_vpp_config()
2100 ip6_addr = VppIpInterfaceAddress(self, gbd1.bvi, "2001:10::128", 128)
2101 ip6_addr.add_vpp_config()
2104 # The Endpoint-group in which we are learning endpoints
2106 epg_220 = VppGbpEndpointGroup(self, 220, 441, rd1, gbd1,
2110 epg_220.add_vpp_config()
2113 # The VXLAN GBP tunnel is a bridge-port and has L2 endpoint
2116 vx_tun_l3 = VppGbpVxlanTunnel(
2117 self, 101, rd1.rd_id,
2118 VppEnum.vl_api_gbp_vxlan_tunnel_mode_t.GBP_VXLAN_TUNNEL_MODE_L3)
2119 vx_tun_l3.add_vpp_config()
2122 # A static endpoint that the learnt endpoints are trying to
2125 ep = VppGbpEndpoint(self, self.pg0,
2127 "10.0.0.127", "11.0.0.127",
2128 "2001:10::1", "3001::1")
2132 # learn some remote IPv4 EPs
2134 for ii, l in enumerate(learnt):
2135 # a packet with an sclass from a knwon EPG
2136 # arriving on an unknown TEP
2137 p = (Ether(src=self.pg2.remote_mac,
2138 dst=self.pg2.local_mac) /
2139 IP(src=self.pg2.remote_hosts[1].ip4,
2140 dst=self.pg2.local_ip4) /
2141 UDP(sport=1234, dport=48879) /
2142 VXLAN(vni=101, gpid=441, flags=0x88) /
2143 Ether(src=l['mac'], dst="00:00:00:11:11:11") /
2144 IP(src=l['ip'], dst=ep.ip4.address) /
2145 UDP(sport=1234, dport=1234) /
2148 rx = self.send_and_expect(self.pg2, [p], self.pg0)
2151 tep1_sw_if_index = find_vxlan_gbp_tunnel(
2154 self.pg2.remote_hosts[1].ip4,
2156 self.assertNotEqual(INDEX_INVALID, tep1_sw_if_index)
2158 # endpoint learnt via the parent GBP-vxlan interface
2159 self.assertTrue(find_gbp_endpoint(self,
2160 vx_tun_l3._sw_if_index,
2164 # Static IPv4 EP replies to learnt
2167 p = (Ether(src=ep.mac, dst=self.loop0.local_mac) /
2168 IP(dst=l['ip'], src=ep.ip4.address) /
2169 UDP(sport=1234, dport=1234) /
2172 rxs = self.send_and_expect(self.pg0, p*1, self.pg2)
2175 self.assertEqual(rx[IP].src, self.pg2.local_ip4)
2176 self.assertEqual(rx[IP].dst, self.pg2.remote_hosts[1].ip4)
2177 self.assertEqual(rx[UDP].dport, 48879)
2178 # the UDP source port is a random value for hashing
2179 self.assertEqual(rx[VXLAN].gpid, 441)
2180 self.assertEqual(rx[VXLAN].vni, 101)
2181 self.assertTrue(rx[VXLAN].flags.G)
2182 self.assertTrue(rx[VXLAN].flags.Instance)
2183 self.assertTrue(rx[VXLAN].gpflags.A)
2184 self.assertFalse(rx[VXLAN].gpflags.D)
2186 inner = rx[VXLAN].payload
2188 self.assertEqual(inner[Ether].src, routed_src_mac)
2189 self.assertEqual(inner[Ether].dst, routed_dst_mac)
2190 self.assertEqual(inner[IP].src, ep.ip4.address)
2191 self.assertEqual(inner[IP].dst, l['ip'])
2194 self.assertFalse(find_gbp_endpoint(self,
2199 # learn some remote IPv6 EPs
2201 for ii, l in enumerate(learnt):
2202 # a packet with an sclass from a knwon EPG
2203 # arriving on an unknown TEP
2204 p = (Ether(src=self.pg2.remote_mac,
2205 dst=self.pg2.local_mac) /
2206 IP(src=self.pg2.remote_hosts[1].ip4,
2207 dst=self.pg2.local_ip4) /
2208 UDP(sport=1234, dport=48879) /
2209 VXLAN(vni=101, gpid=441, flags=0x88) /
2210 Ether(src=l['mac'], dst="00:00:00:11:11:11") /
2211 IPv6(src=l['ip6'], dst=ep.ip6.address) /
2212 UDP(sport=1234, dport=1234) /
2215 rx = self.send_and_expect(self.pg2, [p], self.pg0)
2218 tep1_sw_if_index = find_vxlan_gbp_tunnel(
2221 self.pg2.remote_hosts[1].ip4,
2223 self.assertNotEqual(INDEX_INVALID, tep1_sw_if_index)
2225 self.logger.info(self.vapi.cli("show gbp bridge"))
2226 self.logger.info(self.vapi.cli("show vxlan-gbp tunnel"))
2227 self.logger.info(self.vapi.cli("show gbp vxlan"))
2228 self.logger.info(self.vapi.cli("show int addr"))
2230 # endpoint learnt via the TEP
2231 self.assertTrue(find_gbp_endpoint(self, ip=l['ip6']))
2233 self.logger.info(self.vapi.cli("show gbp endpoint"))
2234 self.logger.info(self.vapi.cli("show ip fib index 1 %s" % l['ip']))
2237 # Static EP replies to learnt
2240 p = (Ether(src=ep.mac, dst=self.loop0.local_mac) /
2241 IPv6(dst=l['ip6'], src=ep.ip6.address) /
2242 UDP(sport=1234, dport=1234) /
2245 rxs = self.send_and_expect(self.pg0, p*65, self.pg2)
2248 self.assertEqual(rx[IP].src, self.pg2.local_ip4)
2249 self.assertEqual(rx[IP].dst, self.pg2.remote_hosts[1].ip4)
2250 self.assertEqual(rx[UDP].dport, 48879)
2251 # the UDP source port is a random value for hashing
2252 self.assertEqual(rx[VXLAN].gpid, 441)
2253 self.assertEqual(rx[VXLAN].vni, 101)
2254 self.assertTrue(rx[VXLAN].flags.G)
2255 self.assertTrue(rx[VXLAN].flags.Instance)
2256 self.assertTrue(rx[VXLAN].gpflags.A)
2257 self.assertFalse(rx[VXLAN].gpflags.D)
2259 inner = rx[VXLAN].payload
2261 self.assertEqual(inner[Ether].src, routed_src_mac)
2262 self.assertEqual(inner[Ether].dst, routed_dst_mac)
2263 self.assertEqual(inner[IPv6].src, ep.ip6.address)
2264 self.assertEqual(inner[IPv6].dst, l['ip6'])
2266 self.logger.info(self.vapi.cli("sh gbp endpoint"))
2268 self.wait_for_ep_timeout(ip=l['ip'])
2271 # Static sends to unknown EP with no route
2273 p = (Ether(src=ep.mac, dst=self.loop0.local_mac) /
2274 IP(dst="10.0.0.99", src=ep.ip4.address) /
2275 UDP(sport=1234, dport=1234) /
2278 self.send_and_assert_no_replies(self.pg0, [p])
2281 # Add a route to static EP's v4 and v6 subnet
2282 # packets should be sent on the v4/v6 uu=fwd interface resp.
2284 se_10_24 = VppGbpSubnet(
2285 self, rd1, "10.0.0.0", 24,
2286 VppEnum.vl_api_gbp_subnet_type_t.GBP_API_SUBNET_TRANSPORT)
2287 se_10_24.add_vpp_config()
2289 p = (Ether(src=ep.mac, dst=self.loop0.local_mac) /
2290 IP(dst="10.0.0.99", src=ep.ip4.address) /
2291 UDP(sport=1234, dport=1234) /
2294 rxs = self.send_and_expect(self.pg0, [p], self.pg4)
2296 self.assertEqual(rx[IP].src, self.pg4.local_ip4)
2297 self.assertEqual(rx[IP].dst, self.pg4.remote_ip4)
2298 self.assertEqual(rx[UDP].dport, 48879)
2299 # the UDP source port is a random value for hashing
2300 self.assertEqual(rx[VXLAN].gpid, 441)
2301 self.assertEqual(rx[VXLAN].vni, 114)
2302 self.assertTrue(rx[VXLAN].flags.G)
2303 self.assertTrue(rx[VXLAN].flags.Instance)
2304 # policy is not applied to packets sent to the uu-fwd interfaces
2305 self.assertFalse(rx[VXLAN].gpflags.A)
2306 self.assertFalse(rx[VXLAN].gpflags.D)
2309 # learn some remote IPv4 EPs
2311 for ii, l in enumerate(learnt):
2312 # a packet with an sclass from a knwon EPG
2313 # arriving on an unknown TEP
2314 p = (Ether(src=self.pg2.remote_mac,
2315 dst=self.pg2.local_mac) /
2316 IP(src=self.pg2.remote_hosts[2].ip4,
2317 dst=self.pg2.local_ip4) /
2318 UDP(sport=1234, dport=48879) /
2319 VXLAN(vni=101, gpid=441, flags=0x88) /
2320 Ether(src=l['mac'], dst="00:00:00:11:11:11") /
2321 IP(src=l['ip'], dst=ep.ip4.address) /
2322 UDP(sport=1234, dport=1234) /
2325 rx = self.send_and_expect(self.pg2, [p], self.pg0)
2328 tep1_sw_if_index = find_vxlan_gbp_tunnel(
2331 self.pg2.remote_hosts[2].ip4,
2333 self.assertNotEqual(INDEX_INVALID, tep1_sw_if_index)
2335 # endpoint learnt via the parent GBP-vxlan interface
2336 self.assertTrue(find_gbp_endpoint(self,
2337 vx_tun_l3._sw_if_index,
2341 # Add a remote endpoint from the API
2343 rep_88 = VppGbpEndpoint(self, vx_tun_l3,
2345 "10.0.0.88", "11.0.0.88",
2346 "2001:10::88", "3001::88",
2347 ep_flags.GBP_API_ENDPOINT_FLAG_REMOTE,
2349 self.pg2.remote_hosts[1].ip4,
2351 rep_88.add_vpp_config()
2354 # Add a remote endpoint from the API that matches an existing one
2356 rep_2 = VppGbpEndpoint(self, vx_tun_l3,
2358 learnt[0]['ip'], "11.0.0.101",
2359 learnt[0]['ip6'], "3001::101",
2360 ep_flags.GBP_API_ENDPOINT_FLAG_REMOTE,
2362 self.pg2.remote_hosts[1].ip4,
2364 rep_2.add_vpp_config()
2367 # Add a route to the leanred EP's v4 subnet
2368 # packets should be send on the v4/v6 uu=fwd interface resp.
2370 se_10_1_24 = VppGbpSubnet(
2371 self, rd1, "10.0.1.0", 24,
2372 VppEnum.vl_api_gbp_subnet_type_t.GBP_API_SUBNET_TRANSPORT)
2373 se_10_1_24.add_vpp_config()
2375 self.logger.info(self.vapi.cli("show gbp endpoint"))
2377 ips = ["10.0.0.88", learnt[0]['ip']]
2379 p = (Ether(src=ep.mac, dst=self.loop0.local_mac) /
2380 IP(dst=ip, src=ep.ip4.address) /
2381 UDP(sport=1234, dport=1234) /
2384 rxs = self.send_and_expect(self.pg0, p*65, self.pg2)
2387 self.assertEqual(rx[IP].src, self.pg2.local_ip4)
2388 self.assertEqual(rx[IP].dst, self.pg2.remote_hosts[1].ip4)
2389 self.assertEqual(rx[UDP].dport, 48879)
2390 # the UDP source port is a random value for hashing
2391 self.assertEqual(rx[VXLAN].gpid, 441)
2392 self.assertEqual(rx[VXLAN].vni, 101)
2393 self.assertTrue(rx[VXLAN].flags.G)
2394 self.assertTrue(rx[VXLAN].flags.Instance)
2395 self.assertTrue(rx[VXLAN].gpflags.A)
2396 self.assertFalse(rx[VXLAN].gpflags.D)
2398 inner = rx[VXLAN].payload
2400 self.assertEqual(inner[Ether].src, routed_src_mac)
2401 self.assertEqual(inner[Ether].dst, routed_dst_mac)
2402 self.assertEqual(inner[IP].src, ep.ip4.address)
2403 self.assertEqual(inner[IP].dst, ip)
2406 # remove the API remote EPs, only API sourced is gone, the DP
2407 # learnt one remains
2409 rep_88.remove_vpp_config()
2410 rep_2.remove_vpp_config()
2412 self.assertTrue(find_gbp_endpoint(self, ip=rep_2.ip4.address))
2414 p = (Ether(src=ep.mac, dst=self.loop0.local_mac) /
2415 IP(src=ep.ip4.address, dst=rep_2.ip4.address) /
2416 UDP(sport=1234, dport=1234) /
2418 rxs = self.send_and_expect(self.pg0, [p], self.pg2)
2420 self.assertFalse(find_gbp_endpoint(self, ip=rep_88.ip4.address))
2422 p = (Ether(src=ep.mac, dst=self.loop0.local_mac) /
2423 IP(src=ep.ip4.address, dst=rep_88.ip4.address) /
2424 UDP(sport=1234, dport=1234) /
2426 rxs = self.send_and_expect(self.pg0, [p], self.pg4)
2429 # to appease the testcase we cannot have the registered EP stll
2430 # present (because it's DP learnt) when the TC ends so wait until
2433 self.wait_for_ep_timeout(ip=rep_88.ip4.address)
2434 self.wait_for_ep_timeout(ip=rep_2.ip4.address)
2437 # shutdown with learnt endpoint present
2439 p = (Ether(src=self.pg2.remote_mac,
2440 dst=self.pg2.local_mac) /
2441 IP(src=self.pg2.remote_hosts[1].ip4,
2442 dst=self.pg2.local_ip4) /
2443 UDP(sport=1234, dport=48879) /
2444 VXLAN(vni=101, gpid=441, flags=0x88) /
2445 Ether(src=l['mac'], dst="00:00:00:11:11:11") /
2446 IP(src=learnt[1]['ip'], dst=ep.ip4.address) /
2447 UDP(sport=1234, dport=1234) /
2450 rx = self.send_and_expect(self.pg2, [p], self.pg0)
2452 # endpoint learnt via the parent GBP-vxlan interface
2453 self.assertTrue(find_gbp_endpoint(self,
2454 vx_tun_l3._sw_if_index,
2459 # remote endpoint becomes local
2461 self.pg2.unconfig_ip4()
2462 self.pg3.unconfig_ip4()
2463 self.pg4.unconfig_ip4()
2465 def test_gbp_redirect(self):
2466 """ GBP Endpoint Redirect """
2468 self.vapi.cli("set logging class gbp debug")
2470 ep_flags = VppEnum.vl_api_gbp_endpoint_flags_t
2471 routed_dst_mac = "00:0c:0c:0c:0c:0c"
2472 routed_src_mac = "00:22:bd:f8:19:ff"
2474 learnt = [{'mac': '00:00:11:11:11:02',
2476 'ip6': '2001:10::2'},
2477 {'mac': '00:00:11:11:11:03',
2479 'ip6': '2001:10::3'}]
2482 # lower the inactive threshold so these tests pass in a
2483 # reasonable amount of time
2485 self.vapi.gbp_endpoint_learn_set_inactive_threshold(2)
2490 t4 = VppIpTable(self, 1)
2492 t6 = VppIpTable(self, 1, True)
2495 rd1 = VppGbpRouteDomain(self, 2, t4, t6)
2496 rd1.add_vpp_config()
2498 self.loop0.set_mac(self.router_mac)
2501 # Bind the BVI to the RD
2503 VppIpInterfaceBind(self, self.loop0, t4).add_vpp_config()
2504 VppIpInterfaceBind(self, self.loop0, t6).add_vpp_config()
2507 # Pg7 hosts a BD's UU-fwd
2509 self.pg7.config_ip4()
2510 self.pg7.resolve_arp()
2513 # a GBP bridge domains for the EPs
2515 bd1 = VppBridgeDomain(self, 1)
2516 bd1.add_vpp_config()
2517 gbd1 = VppGbpBridgeDomain(self, bd1, self.loop0)
2518 gbd1.add_vpp_config()
2520 bd2 = VppBridgeDomain(self, 2)
2521 bd2.add_vpp_config()
2522 gbd2 = VppGbpBridgeDomain(self, bd2, self.loop1)
2523 gbd2.add_vpp_config()
2525 # ... and has a /32 and /128 applied
2526 ip4_addr = VppIpInterfaceAddress(self, gbd1.bvi, "10.0.0.128", 32)
2527 ip4_addr.add_vpp_config()
2528 ip6_addr = VppIpInterfaceAddress(self, gbd1.bvi, "2001:10::128", 128)
2529 ip6_addr.add_vpp_config()
2530 ip4_addr = VppIpInterfaceAddress(self, gbd2.bvi, "10.0.1.128", 32)
2531 ip4_addr.add_vpp_config()
2532 ip6_addr = VppIpInterfaceAddress(self, gbd2.bvi, "2001:11::128", 128)
2533 ip6_addr.add_vpp_config()
2536 # The Endpoint-groups in which we are learning endpoints
2538 epg_220 = VppGbpEndpointGroup(self, 220, 440, rd1, gbd1,
2542 epg_220.add_vpp_config()
2543 epg_221 = VppGbpEndpointGroup(self, 221, 441, rd1, gbd2,
2547 epg_221.add_vpp_config()
2548 epg_222 = VppGbpEndpointGroup(self, 222, 442, rd1, gbd1,
2552 epg_222.add_vpp_config()
2555 # a GBP bridge domains for the SEPs
2557 bd_uu1 = VppVxlanGbpTunnel(self, self.pg7.local_ip4,
2558 self.pg7.remote_ip4, 116)
2559 bd_uu1.add_vpp_config()
2560 bd_uu2 = VppVxlanGbpTunnel(self, self.pg7.local_ip4,
2561 self.pg7.remote_ip4, 117)
2562 bd_uu2.add_vpp_config()
2564 bd3 = VppBridgeDomain(self, 3)
2565 bd3.add_vpp_config()
2566 gbd3 = VppGbpBridgeDomain(self, bd3, self.loop2, bd_uu1, learn=False)
2567 gbd3.add_vpp_config()
2568 bd4 = VppBridgeDomain(self, 4)
2569 bd4.add_vpp_config()
2570 gbd4 = VppGbpBridgeDomain(self, bd4, self.loop3, bd_uu2, learn=False)
2571 gbd4.add_vpp_config()
2574 # EPGs in which the service endpoints exist
2576 epg_320 = VppGbpEndpointGroup(self, 320, 550, rd1, gbd3,
2580 epg_320.add_vpp_config()
2581 epg_321 = VppGbpEndpointGroup(self, 321, 551, rd1, gbd4,
2585 epg_321.add_vpp_config()
2588 # three local endpoints
2590 ep1 = VppGbpEndpoint(self, self.pg0,
2592 "10.0.0.1", "11.0.0.1",
2593 "2001:10::1", "3001:10::1")
2594 ep1.add_vpp_config()
2595 ep2 = VppGbpEndpoint(self, self.pg1,
2597 "10.0.1.1", "11.0.1.1",
2598 "2001:11::1", "3001:11::1")
2599 ep2.add_vpp_config()
2600 ep3 = VppGbpEndpoint(self, self.pg2,
2602 "10.0.2.2", "11.0.2.2",
2603 "2001:12::1", "3001:12::1")
2604 ep3.add_vpp_config()
2609 sep1 = VppGbpEndpoint(self, self.pg3,
2611 "12.0.0.1", "13.0.0.1",
2612 "4001:10::1", "5001:10::1")
2613 sep1.add_vpp_config()
2614 sep2 = VppGbpEndpoint(self, self.pg4,
2616 "12.0.0.2", "13.0.0.2",
2617 "4001:10::2", "5001:10::2")
2618 sep2.add_vpp_config()
2619 sep3 = VppGbpEndpoint(self, self.pg5,
2621 "12.0.1.1", "13.0.1.1",
2622 "4001:11::1", "5001:11::1")
2623 sep3.add_vpp_config()
2624 # this EP is not installed immediately
2625 sep4 = VppGbpEndpoint(self, self.pg6,
2627 "12.0.1.2", "13.0.1.2",
2628 "4001:11::2", "5001:11::2")
2631 # an L2 switch packet between local EPs in different EPGs
2632 # different dest ports on each so the are LB hashed differently
2634 p4 = [(Ether(src=ep1.mac, dst=ep3.mac) /
2635 IP(src=ep1.ip4.address, dst=ep3.ip4.address) /
2636 UDP(sport=1234, dport=1234) /
2638 (Ether(src=ep3.mac, dst=ep1.mac) /
2639 IP(src=ep3.ip4.address, dst=ep1.ip4.address) /
2640 UDP(sport=1234, dport=1234) /
2642 p6 = [(Ether(src=ep1.mac, dst=ep3.mac) /
2643 IPv6(src=ep1.ip6.address, dst=ep3.ip6.address) /
2644 UDP(sport=1234, dport=1234) /
2646 (Ether(src=ep3.mac, dst=ep1.mac) /
2647 IPv6(src=ep3.ip6.address, dst=ep1.ip6.address) /
2648 UDP(sport=1234, dport=1230) /
2651 # should be dropped since no contract yet
2652 self.send_and_assert_no_replies(self.pg0, [p4[0]])
2653 self.send_and_assert_no_replies(self.pg0, [p6[0]])
2656 # Add a contract with a rule to load-balance redirect via SEP1 and SEP2
2657 # one of the next-hops is via an EP that is not known
2659 acl = VppGbpAcl(self)
2660 rule4 = acl.create_rule(permit_deny=1, proto=17)
2661 rule6 = acl.create_rule(is_ipv6=1, permit_deny=1, proto=17)
2662 acl_index = acl.add_vpp_config([rule4, rule6])
2665 # test the src-ip hash mode
2667 c1 = VppGbpContract(
2668 self, 220, 222, acl_index,
2669 [VppGbpContractRule(
2670 VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT,
2671 VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SRC_IP,
2672 [VppGbpContractNextHop(sep1.vmac, sep1.epg.bd,
2673 sep1.ip4, sep1.epg.rd),
2674 VppGbpContractNextHop(sep2.vmac, sep2.epg.bd,
2675 sep2.ip4, sep2.epg.rd)]),
2677 VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT,
2678 VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SRC_IP,
2679 [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd,
2680 sep3.ip6, sep3.epg.rd),
2681 VppGbpContractNextHop(sep4.vmac, sep4.epg.bd,
2682 sep4.ip6, sep4.epg.rd)])],
2683 [ETH_P_IP, ETH_P_IPV6])
2686 c2 = VppGbpContract(
2687 self, 222, 220, acl_index,
2688 [VppGbpContractRule(
2689 VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT,
2690 VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SRC_IP,
2691 [VppGbpContractNextHop(sep1.vmac, sep1.epg.bd,
2692 sep1.ip4, sep1.epg.rd),
2693 VppGbpContractNextHop(sep2.vmac, sep2.epg.bd,
2694 sep2.ip4, sep2.epg.rd)]),
2696 VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT,
2697 VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SRC_IP,
2698 [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd,
2699 sep3.ip6, sep3.epg.rd),
2700 VppGbpContractNextHop(sep4.vmac, sep4.epg.bd,
2701 sep4.ip6, sep4.epg.rd)])],
2702 [ETH_P_IP, ETH_P_IPV6])
2706 # send again with the contract preset, now packets arrive
2707 # at SEP1 or SEP2 depending on the hashing
2709 rxs = self.send_and_expect(self.pg0, p4[0] * 17, sep1.itf)
2712 self.assertEqual(rx[Ether].src, routed_src_mac)
2713 self.assertEqual(rx[Ether].dst, sep1.mac)
2714 self.assertEqual(rx[IP].src, ep1.ip4.address)
2715 self.assertEqual(rx[IP].dst, ep3.ip4.address)
2717 rxs = self.send_and_expect(self.pg2, p4[1] * 17, sep2.itf)
2720 self.assertEqual(rx[Ether].src, routed_src_mac)
2721 self.assertEqual(rx[Ether].dst, sep2.mac)
2722 self.assertEqual(rx[IP].src, ep3.ip4.address)
2723 self.assertEqual(rx[IP].dst, ep1.ip4.address)
2725 rxs = self.send_and_expect(self.pg0, p6[0] * 17, self.pg7)
2728 self.assertEqual(rx[Ether].src, self.pg7.local_mac)
2729 self.assertEqual(rx[Ether].dst, self.pg7.remote_mac)
2730 self.assertEqual(rx[IP].src, self.pg7.local_ip4)
2731 self.assertEqual(rx[IP].dst, self.pg7.remote_ip4)
2732 self.assertEqual(rx[VXLAN].vni, 117)
2733 self.assertTrue(rx[VXLAN].flags.G)
2734 self.assertTrue(rx[VXLAN].flags.Instance)
2735 # redirect policy has been applied
2736 self.assertTrue(rx[VXLAN].gpflags.A)
2737 self.assertFalse(rx[VXLAN].gpflags.D)
2739 inner = rx[VXLAN].payload
2741 self.assertEqual(inner[Ether].src, routed_src_mac)
2742 self.assertEqual(inner[Ether].dst, sep4.mac)
2743 self.assertEqual(inner[IPv6].src, ep1.ip6.address)
2744 self.assertEqual(inner[IPv6].dst, ep3.ip6.address)
2746 rxs = self.send_and_expect(self.pg2, p6[1] * 17, sep3.itf)
2749 self.assertEqual(rx[Ether].src, routed_src_mac)
2750 self.assertEqual(rx[Ether].dst, sep3.mac)
2751 self.assertEqual(rx[IPv6].src, ep3.ip6.address)
2752 self.assertEqual(rx[IPv6].dst, ep1.ip6.address)
2755 # programme the unknown EP
2757 sep4.add_vpp_config()
2759 rxs = self.send_and_expect(self.pg0, p6[0] * 17, sep4.itf)
2762 self.assertEqual(rx[Ether].src, routed_src_mac)
2763 self.assertEqual(rx[Ether].dst, sep4.mac)
2764 self.assertEqual(rx[IPv6].src, ep1.ip6.address)
2765 self.assertEqual(rx[IPv6].dst, ep3.ip6.address)
2768 # and revert back to unprogrammed
2770 sep4.remove_vpp_config()
2772 rxs = self.send_and_expect(self.pg0, p6[0] * 17, self.pg7)
2775 self.assertEqual(rx[Ether].src, self.pg7.local_mac)
2776 self.assertEqual(rx[Ether].dst, self.pg7.remote_mac)
2777 self.assertEqual(rx[IP].src, self.pg7.local_ip4)
2778 self.assertEqual(rx[IP].dst, self.pg7.remote_ip4)
2779 self.assertEqual(rx[VXLAN].vni, 117)
2780 self.assertTrue(rx[VXLAN].flags.G)
2781 self.assertTrue(rx[VXLAN].flags.Instance)
2782 # redirect policy has been applied
2783 self.assertTrue(rx[VXLAN].gpflags.A)
2784 self.assertFalse(rx[VXLAN].gpflags.D)
2786 inner = rx[VXLAN].payload
2788 self.assertEqual(inner[Ether].src, routed_src_mac)
2789 self.assertEqual(inner[Ether].dst, sep4.mac)
2790 self.assertEqual(inner[IPv6].src, ep1.ip6.address)
2791 self.assertEqual(inner[IPv6].dst, ep3.ip6.address)
2793 c1.remove_vpp_config()
2794 c2.remove_vpp_config()
2797 # test the symmetric hash mode
2799 c1 = VppGbpContract(
2800 self, 220, 222, acl_index,
2801 [VppGbpContractRule(
2802 VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT,
2803 VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SYMMETRIC,
2804 [VppGbpContractNextHop(sep1.vmac, sep1.epg.bd,
2805 sep1.ip4, sep1.epg.rd),
2806 VppGbpContractNextHop(sep2.vmac, sep2.epg.bd,
2807 sep2.ip4, sep2.epg.rd)]),
2809 VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT,
2810 VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SYMMETRIC,
2811 [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd,
2812 sep3.ip6, sep3.epg.rd),
2813 VppGbpContractNextHop(sep4.vmac, sep4.epg.bd,
2814 sep4.ip6, sep4.epg.rd)])],
2815 [ETH_P_IP, ETH_P_IPV6])
2818 c2 = VppGbpContract(
2819 self, 222, 220, acl_index,
2820 [VppGbpContractRule(
2821 VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT,
2822 VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SYMMETRIC,
2823 [VppGbpContractNextHop(sep1.vmac, sep1.epg.bd,
2824 sep1.ip4, sep1.epg.rd),
2825 VppGbpContractNextHop(sep2.vmac, sep2.epg.bd,
2826 sep2.ip4, sep2.epg.rd)]),
2828 VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT,
2829 VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SYMMETRIC,
2830 [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd,
2831 sep3.ip6, sep3.epg.rd),
2832 VppGbpContractNextHop(sep4.vmac, sep4.epg.bd,
2833 sep4.ip6, sep4.epg.rd)])],
2834 [ETH_P_IP, ETH_P_IPV6])
2838 # send again with the contract preset, now packets arrive
2839 # at SEP1 for both directions
2841 rxs = self.send_and_expect(self.pg0, p4[0] * 17, sep1.itf)
2844 self.assertEqual(rx[Ether].src, routed_src_mac)
2845 self.assertEqual(rx[Ether].dst, sep1.mac)
2846 self.assertEqual(rx[IP].src, ep1.ip4.address)
2847 self.assertEqual(rx[IP].dst, ep3.ip4.address)
2849 rxs = self.send_and_expect(self.pg2, p4[1] * 17, sep1.itf)
2852 self.assertEqual(rx[Ether].src, routed_src_mac)
2853 self.assertEqual(rx[Ether].dst, sep1.mac)
2854 self.assertEqual(rx[IP].src, ep3.ip4.address)
2855 self.assertEqual(rx[IP].dst, ep1.ip4.address)
2858 # programme the unknown EP for the L3 tests
2860 sep4.add_vpp_config()
2863 # an L3 switch packet between local EPs in different EPGs
2864 # different dest ports on each so the are LB hashed differently
2866 p4 = [(Ether(src=ep1.mac, dst=str(self.router_mac)) /
2867 IP(src=ep1.ip4.address, dst=ep2.ip4.address) /
2868 UDP(sport=1234, dport=1234) /
2870 (Ether(src=ep2.mac, dst=str(self.router_mac)) /
2871 IP(src=ep2.ip4.address, dst=ep1.ip4.address) /
2872 UDP(sport=1234, dport=1234) /
2874 p6 = [(Ether(src=ep1.mac, dst=str(self.router_mac)) /
2875 IPv6(src=ep1.ip6.address, dst=ep2.ip6.address) /
2876 UDP(sport=1234, dport=1234) /
2878 (Ether(src=ep2.mac, dst=str(self.router_mac)) /
2879 IPv6(src=ep2.ip6.address, dst=ep1.ip6.address) /
2880 UDP(sport=1234, dport=1234) /
2883 c3 = VppGbpContract(
2884 self, 220, 221, acl_index,
2885 [VppGbpContractRule(
2886 VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT,
2887 VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SYMMETRIC,
2888 [VppGbpContractNextHop(sep1.vmac, sep1.epg.bd,
2889 sep1.ip4, sep1.epg.rd),
2890 VppGbpContractNextHop(sep2.vmac, sep2.epg.bd,
2891 sep2.ip4, sep2.epg.rd)]),
2893 VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT,
2894 VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_SYMMETRIC,
2895 [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd,
2896 sep3.ip6, sep3.epg.rd),
2897 VppGbpContractNextHop(sep4.vmac, sep4.epg.bd,
2898 sep4.ip6, sep4.epg.rd)])],
2899 [ETH_P_IP, ETH_P_IPV6])
2902 rxs = self.send_and_expect(self.pg0, p4[0] * 17, sep1.itf)
2905 self.assertEqual(rx[Ether].src, routed_src_mac)
2906 self.assertEqual(rx[Ether].dst, sep1.mac)
2907 self.assertEqual(rx[IP].src, ep1.ip4.address)
2908 self.assertEqual(rx[IP].dst, ep2.ip4.address)
2911 # learn a remote EP in EPG 221
2913 vx_tun_l3 = VppGbpVxlanTunnel(
2914 self, 444, rd1.rd_id,
2915 VppEnum.vl_api_gbp_vxlan_tunnel_mode_t.GBP_VXLAN_TUNNEL_MODE_L3)
2916 vx_tun_l3.add_vpp_config()
2918 c4 = VppGbpContract(
2919 self, 221, 220, acl_index,
2920 [VppGbpContractRule(
2921 VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
2924 VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_PERMIT,
2926 [ETH_P_IP, ETH_P_IPV6])
2929 p = (Ether(src=self.pg7.remote_mac,
2930 dst=self.pg7.local_mac) /
2931 IP(src=self.pg7.remote_ip4,
2932 dst=self.pg7.local_ip4) /
2933 UDP(sport=1234, dport=48879) /
2934 VXLAN(vni=444, gpid=441, flags=0x88) /
2935 Ether(src="00:22:22:22:22:33", dst=str(self.router_mac)) /
2936 IP(src="10.0.0.88", dst=ep1.ip4.address) /
2937 UDP(sport=1234, dport=1234) /
2940 rx = self.send_and_expect(self.pg7, [p], self.pg0)
2942 # endpoint learnt via the parent GBP-vxlan interface
2943 self.assertTrue(find_gbp_endpoint(self,
2944 vx_tun_l3._sw_if_index,
2947 p = (Ether(src=self.pg7.remote_mac,
2948 dst=self.pg7.local_mac) /
2949 IP(src=self.pg7.remote_ip4,
2950 dst=self.pg7.local_ip4) /
2951 UDP(sport=1234, dport=48879) /
2952 VXLAN(vni=444, gpid=441, flags=0x88) /
2953 Ether(src="00:22:22:22:22:33", dst=str(self.router_mac)) /
2954 IPv6(src="2001:10::88", dst=ep1.ip6.address) /
2955 UDP(sport=1234, dport=1234) /
2958 rx = self.send_and_expect(self.pg7, [p], self.pg0)
2960 # endpoint learnt via the parent GBP-vxlan interface
2961 self.assertTrue(find_gbp_endpoint(self,
2962 vx_tun_l3._sw_if_index,
2966 # L3 switch from local to remote EP
2968 p4 = [(Ether(src=ep1.mac, dst=str(self.router_mac)) /
2969 IP(src=ep1.ip4.address, dst="10.0.0.88") /
2970 UDP(sport=1234, dport=1234) /
2972 p6 = [(Ether(src=ep1.mac, dst=str(self.router_mac)) /
2973 IPv6(src=ep1.ip6.address, dst="2001:10::88") /
2974 UDP(sport=1234, dport=1234) /
2977 rxs = self.send_and_expect(self.pg0, p4[0] * 17, sep1.itf)
2980 self.assertEqual(rx[Ether].src, routed_src_mac)
2981 self.assertEqual(rx[Ether].dst, sep1.mac)
2982 self.assertEqual(rx[IP].src, ep1.ip4.address)
2983 self.assertEqual(rx[IP].dst, "10.0.0.88")
2985 rxs = self.send_and_expect(self.pg0, p6[0] * 17, sep4.itf)
2988 self.assertEqual(rx[Ether].src, routed_src_mac)
2989 self.assertEqual(rx[Ether].dst, sep4.mac)
2990 self.assertEqual(rx[IPv6].src, ep1.ip6.address)
2991 self.assertEqual(rx[IPv6].dst, "2001:10::88")
2994 # test the dst-ip hash mode
2996 c5 = VppGbpContract(
2997 self, 220, 221, acl_index,
2998 [VppGbpContractRule(
2999 VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT,
3000 VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_DST_IP,
3001 [VppGbpContractNextHop(sep1.vmac, sep1.epg.bd,
3002 sep1.ip4, sep1.epg.rd),
3003 VppGbpContractNextHop(sep2.vmac, sep2.epg.bd,
3004 sep2.ip4, sep2.epg.rd)]),
3006 VppEnum.vl_api_gbp_rule_action_t.GBP_API_RULE_REDIRECT,
3007 VppEnum.vl_api_gbp_hash_mode_t.GBP_API_HASH_MODE_DST_IP,
3008 [VppGbpContractNextHop(sep3.vmac, sep3.epg.bd,
3009 sep3.ip6, sep3.epg.rd),
3010 VppGbpContractNextHop(sep4.vmac, sep4.epg.bd,
3011 sep4.ip6, sep4.epg.rd)])],
3012 [ETH_P_IP, ETH_P_IPV6])
3015 rxs = self.send_and_expect(self.pg0, p4[0] * 17, sep1.itf)
3018 self.assertEqual(rx[Ether].src, routed_src_mac)
3019 self.assertEqual(rx[Ether].dst, sep1.mac)
3020 self.assertEqual(rx[IP].src, ep1.ip4.address)
3021 self.assertEqual(rx[IP].dst, "10.0.0.88")
3023 rxs = self.send_and_expect(self.pg0, p6[0] * 17, sep3.itf)
3026 self.assertEqual(rx[Ether].src, routed_src_mac)
3027 self.assertEqual(rx[Ether].dst, sep3.mac)
3028 self.assertEqual(rx[IPv6].src, ep1.ip6.address)
3029 self.assertEqual(rx[IPv6].dst, "2001:10::88")
3034 self.pg7.unconfig_ip4()
3036 def test_gbp_l3_out(self):
3039 ep_flags = VppEnum.vl_api_gbp_endpoint_flags_t
3040 self.vapi.cli("set logging class gbp debug")
3042 routed_dst_mac = "00:0c:0c:0c:0c:0c"
3043 routed_src_mac = "00:22:bd:f8:19:ff"
3048 t4 = VppIpTable(self, 1)
3050 t6 = VppIpTable(self, 1, True)
3053 rd1 = VppGbpRouteDomain(self, 2, t4, t6)
3054 rd1.add_vpp_config()
3056 self.loop0.set_mac(self.router_mac)
3059 # Bind the BVI to the RD
3061 VppIpInterfaceBind(self, self.loop0, t4).add_vpp_config()
3062 VppIpInterfaceBind(self, self.loop0, t6).add_vpp_config()
3065 # Pg7 hosts a BD's BUM
3066 # Pg1 some other l3 interface
3068 self.pg7.config_ip4()
3069 self.pg7.resolve_arp()
3072 # a multicast vxlan-gbp tunnel for broadcast in the BD
3074 tun_bm = VppVxlanGbpTunnel(self, self.pg7.local_ip4,
3077 tun_bm.add_vpp_config()
3080 # a GBP external bridge domains for the EPs
3082 bd1 = VppBridgeDomain(self, 1)
3083 bd1.add_vpp_config()
3084 gbd1 = VppGbpBridgeDomain(self, bd1, self.loop0, None, tun_bm)
3085 gbd1.add_vpp_config()
3088 # The Endpoint-groups in which the external endpoints exist
3090 epg_220 = VppGbpEndpointGroup(self, 220, 113, rd1, gbd1,
3094 epg_220.add_vpp_config()
3096 # the BVIs have the subnets applied ...
3097 ip4_addr = VppIpInterfaceAddress(self, gbd1.bvi, "10.0.0.128", 24)
3098 ip4_addr.add_vpp_config()
3099 ip6_addr = VppIpInterfaceAddress(self, gbd1.bvi, "2001:10::128", 64)
3100 ip6_addr.add_vpp_config()
3102 # ... which are L3-out subnets
3103 l3o_1 = VppGbpSubnet(
3104 self, rd1, "10.0.0.0", 24,
3105 VppEnum.vl_api_gbp_subnet_type_t.GBP_API_SUBNET_L3_OUT,
3107 l3o_1.add_vpp_config()
3110 # an external interface attached to the outside world and the
3113 vlan_100 = VppDot1QSubint(self, self.pg0, 100)
3115 ext_itf = VppGbpExtItf(self, vlan_100, bd1, rd1)
3116 ext_itf.add_vpp_config()
3119 # an unicast vxlan-gbp for inter-RD traffic
3121 vx_tun_l3 = VppGbpVxlanTunnel(
3122 self, 444, rd1.rd_id,
3123 VppEnum.vl_api_gbp_vxlan_tunnel_mode_t.GBP_VXLAN_TUNNEL_MODE_L3)
3124 vx_tun_l3.add_vpp_config()
3127 # packets destined to unkown addresses in the BVI's subnet
3130 p4 = (Ether(src=self.pg0.remote_mac, dst=str(self.router_mac)) /
3132 IP(src="10.0.0.1", dst="10.0.0.88") /
3133 UDP(sport=1234, dport=1234) /
3135 p6 = (Ether(src=self.pg0.remote_mac, dst=str(self.router_mac)) /
3137 IPv6(src="2001:10::1", dst="2001:10::88") /
3138 UDP(sport=1234, dport=1234) /
3141 rxs = self.send_and_expect(self.pg0, p4 * 1, self.pg7)
3144 self.assertEqual(rx[Ether].src, self.pg7.local_mac)
3145 # self.assertEqual(rx[Ether].dst, self.pg7.remote_mac)
3146 self.assertEqual(rx[IP].src, self.pg7.local_ip4)
3147 self.assertEqual(rx[IP].dst, "239.1.1.1")
3148 self.assertEqual(rx[VXLAN].vni, 88)
3149 self.assertTrue(rx[VXLAN].flags.G)
3150 self.assertTrue(rx[VXLAN].flags.Instance)
3151 # policy was applied to the original IP packet
3152 self.assertEqual(rx[VXLAN].gpid, 113)
3153 self.assertTrue(rx[VXLAN].gpflags.A)
3154 self.assertFalse(rx[VXLAN].gpflags.D)
3156 inner = rx[VXLAN].payload
3158 self.assertTrue(inner.haslayer(ARP))
3161 # An external Endpoint
3163 eep = VppGbpEndpoint(self, vlan_100,
3165 "10.0.0.1", "11.0.0.1",
3166 "2001:10::1", "3001::1",
3167 ep_flags.GBP_API_ENDPOINT_FLAG_EXTERNAL)
3168 eep.add_vpp_config()
3173 rep = VppGbpEndpoint(self, vx_tun_l3,
3175 "10.0.0.101", "11.0.0.101",
3176 "2001:10::101", "3001::101",
3177 ep_flags.GBP_API_ENDPOINT_FLAG_REMOTE,
3179 self.pg7.remote_ip4,
3181 rep.add_vpp_config()
3184 # remote to external
3186 p = (Ether(src=self.pg7.remote_mac,
3187 dst=self.pg7.local_mac) /
3188 IP(src=self.pg7.remote_ip4,
3189 dst=self.pg7.local_ip4) /
3190 UDP(sport=1234, dport=48879) /
3191 VXLAN(vni=444, gpid=113, flags=0x88) /
3192 Ether(src=self.pg0.remote_mac, dst=str(self.router_mac)) /
3193 IP(src="10.0.0.101", dst="10.0.0.1") /
3194 UDP(sport=1234, dport=1234) /
3197 rxs = self.send_and_expect(self.pg7, p * 1, self.pg0)
3200 # A subnet reachable through the external EP
3202 ip_220 = VppIpRoute(self, "10.220.0.0", 24,
3203 [VppRoutePath(eep.ip4.address,
3204 eep.epg.bvi.sw_if_index)],
3205 table_id=t4.table_id)
3206 ip_220.add_vpp_config()
3208 l3o_220 = VppGbpSubnet(
3209 self, rd1, "10.220.0.0", 24,
3210 VppEnum.vl_api_gbp_subnet_type_t.GBP_API_SUBNET_L3_OUT,
3212 l3o_220.add_vpp_config()
3214 p = (Ether(src=self.pg7.remote_mac,
3215 dst=self.pg7.local_mac) /
3216 IP(src=self.pg7.remote_ip4,
3217 dst=self.pg7.local_ip4) /
3218 UDP(sport=1234, dport=48879) /
3219 VXLAN(vni=444, gpid=113, flags=0x88) /
3220 Ether(src=self.pg0.remote_mac, dst=str(self.router_mac)) /
3221 IP(src="10.0.0.101", dst="10.220.0.1") /
3222 UDP(sport=1234, dport=1234) /
3225 rxs = self.send_and_expect(self.pg7, p * 1, self.pg0)
3230 self.pg7.unconfig_ip4()
3233 if __name__ == '__main__':
3234 unittest.main(testRunner=VppTestRunner)
Code Review / vpp.git / blob