6 from framework import VppTestCase, VppTestRunner
7 from util import ppp, ip6_normalize
8 from vpp_sub_interface import VppSubInterface, VppDot1QSubint
9 from vpp_pg_interface import is_ipv6_misc
10 from vpp_ip_route import VppIpRoute, VppRoutePath, find_route, VppIpMRoute, \
11 VppMRoutePath, MRouteItfFlags, MRouteEntryFlags, VppMplsIpBind, \
12 VppMplsRoute, DpoProto, VppMplsTable
13 from vpp_neighbor import find_nbr, VppNeighbor
15 from scapy.packet import Raw
16 from scapy.layers.l2 import Ether, Dot1Q
17 from scapy.layers.inet6 import IPv6, UDP, TCP, ICMPv6ND_NS, ICMPv6ND_RS, \
18 ICMPv6ND_RA, ICMPv6NDOptSrcLLAddr, getmacbyip6, ICMPv6MRD_Solicitation, \
19 ICMPv6NDOptMTU, ICMPv6NDOptSrcLLAddr, ICMPv6NDOptPrefixInfo, \
20 ICMPv6ND_NA, ICMPv6NDOptDstLLAddr, ICMPv6DestUnreach, icmp6types, \
22 from scapy.utils6 import in6_getnsma, in6_getnsmac, in6_ptop, in6_islladdr, \
23 in6_mactoifaceid, in6_ismaddr
24 from scapy.utils import inet_pton, inet_ntop
25 from scapy.contrib.mpls import MPLS
28 AF_INET6 = socket.AF_INET6
32 euid = in6_mactoifaceid(mac)
33 addr = "fe80::" + euid
37 class TestIPv6ND(VppTestCase):
38 def validate_ra(self, intf, rx, dst_ip=None):
40 dst_ip = intf.remote_ip6
42 # unicasted packets must come to the unicast mac
43 self.assertEqual(rx[Ether].dst, intf.remote_mac)
45 # and from the router's MAC
46 self.assertEqual(rx[Ether].src, intf.local_mac)
48 # the rx'd RA should be addressed to the sender's source
49 self.assertTrue(rx.haslayer(ICMPv6ND_RA))
50 self.assertEqual(in6_ptop(rx[IPv6].dst),
53 # and come from the router's link local
54 self.assertTrue(in6_islladdr(rx[IPv6].src))
55 self.assertEqual(in6_ptop(rx[IPv6].src),
56 in6_ptop(mk_ll_addr(intf.local_mac)))
58 def validate_na(self, intf, rx, dst_ip=None, tgt_ip=None):
60 dst_ip = intf.remote_ip6
62 dst_ip = intf.local_ip6
64 # unicasted packets must come to the unicast mac
65 self.assertEqual(rx[Ether].dst, intf.remote_mac)
67 # and from the router's MAC
68 self.assertEqual(rx[Ether].src, intf.local_mac)
70 # the rx'd NA should be addressed to the sender's source
71 self.assertTrue(rx.haslayer(ICMPv6ND_NA))
72 self.assertEqual(in6_ptop(rx[IPv6].dst),
75 # and come from the target address
76 self.assertEqual(in6_ptop(rx[IPv6].src), in6_ptop(tgt_ip))
78 # Dest link-layer options should have the router's MAC
79 dll = rx[ICMPv6NDOptDstLLAddr]
80 self.assertEqual(dll.lladdr, intf.local_mac)
82 def validate_ns(self, intf, rx, tgt_ip):
83 nsma = in6_getnsma(inet_pton(AF_INET6, tgt_ip))
84 dst_ip = inet_ntop(AF_INET6, nsma)
87 self.assertEqual(rx[Ether].dst, in6_getnsmac(nsma))
89 # and from the router's MAC
90 self.assertEqual(rx[Ether].src, intf.local_mac)
92 # the rx'd NS should be addressed to an mcast address
93 # derived from the target address
94 self.assertEqual(in6_ptop(rx[IPv6].dst), in6_ptop(dst_ip))
96 # expect the tgt IP in the NS header
98 self.assertEqual(in6_ptop(ns.tgt), in6_ptop(tgt_ip))
100 # packet is from the router's local address
101 self.assertEqual(in6_ptop(rx[IPv6].src), intf.local_ip6)
103 # Src link-layer options should have the router's MAC
104 sll = rx[ICMPv6NDOptSrcLLAddr]
105 self.assertEqual(sll.lladdr, intf.local_mac)
107 def send_and_expect_ra(self, intf, pkts, remark, dst_ip=None,
108 filter_out_fn=is_ipv6_misc):
109 intf.add_stream(pkts)
110 self.pg_enable_capture(self.pg_interfaces)
112 rx = intf.get_capture(1, filter_out_fn=filter_out_fn)
114 self.assertEqual(len(rx), 1)
116 self.validate_ra(intf, rx, dst_ip)
118 def send_and_expect_na(self, intf, pkts, remark, dst_ip=None,
120 filter_out_fn=is_ipv6_misc):
121 intf.add_stream(pkts)
122 self.pg_enable_capture(self.pg_interfaces)
124 rx = intf.get_capture(1, filter_out_fn=filter_out_fn)
126 self.assertEqual(len(rx), 1)
128 self.validate_na(intf, rx, dst_ip, tgt_ip)
130 def send_and_expect_ns(self, tx_intf, rx_intf, pkts, tgt_ip,
131 filter_out_fn=is_ipv6_misc):
132 tx_intf.add_stream(pkts)
133 self.pg_enable_capture(self.pg_interfaces)
135 rx = rx_intf.get_capture(1, filter_out_fn=filter_out_fn)
137 self.assertEqual(len(rx), 1)
139 self.validate_ns(rx_intf, rx, tgt_ip)
141 def verify_ip(self, rx, smac, dmac, sip, dip):
143 self.assertEqual(ether.dst, dmac)
144 self.assertEqual(ether.src, smac)
147 self.assertEqual(ip.src, sip)
148 self.assertEqual(ip.dst, dip)
151 class TestIPv6(TestIPv6ND):
152 """ IPv6 Test Case """
156 super(TestIPv6, cls).setUpClass()
160 Perform test setup before test case.
163 - create 3 pg interfaces
164 - untagged pg0 interface
165 - Dot1Q subinterface on pg1
166 - Dot1AD subinterface on pg2
168 - put it into UP state
170 - resolve neighbor address using NDP
171 - configure 200 fib entries
173 :ivar list interfaces: pg interfaces and subinterfaces.
174 :ivar dict flows: IPv4 packet flows in test.
175 :ivar list pg_if_packet_sizes: packet sizes in test.
177 *TODO:* Create AD sub interface
179 super(TestIPv6, self).setUp()
181 # create 3 pg interfaces
182 self.create_pg_interfaces(range(3))
184 # create 2 subinterfaces for p1 and pg2
185 self.sub_interfaces = [
186 VppDot1QSubint(self, self.pg1, 100),
187 VppDot1QSubint(self, self.pg2, 200)
188 # TODO: VppDot1ADSubint(self, self.pg2, 200, 300, 400)
191 # packet flows mapping pg0 -> pg1.sub, pg2.sub, etc.
193 self.flows[self.pg0] = [self.pg1.sub_if, self.pg2.sub_if]
194 self.flows[self.pg1.sub_if] = [self.pg0, self.pg2.sub_if]
195 self.flows[self.pg2.sub_if] = [self.pg0, self.pg1.sub_if]
198 self.pg_if_packet_sizes = [64, 512, 1518, 9018]
199 self.sub_if_packet_sizes = [64, 512, 1518 + 4, 9018 + 4]
201 self.interfaces = list(self.pg_interfaces)
202 self.interfaces.extend(self.sub_interfaces)
204 # setup all interfaces
205 for i in self.interfaces:
210 # config 2M FIB entries
211 self.config_fib_entries(200)
214 """Run standard test teardown and log ``show ip6 neighbors``."""
215 for i in self.interfaces:
219 for i in self.sub_interfaces:
220 i.remove_vpp_config()
222 super(TestIPv6, self).tearDown()
223 if not self.vpp_dead:
224 self.logger.info(self.vapi.cli("show ip6 neighbors"))
225 # info(self.vapi.cli("show ip6 fib")) # many entries
227 def config_fib_entries(self, count):
228 """For each interface add to the FIB table *count* routes to
229 "fd02::1/128" destination with interface's local address as next-hop
232 :param int count: Number of FIB entries.
234 - *TODO:* check if the next-hop address shouldn't be remote address
235 instead of local address.
237 n_int = len(self.interfaces)
240 dest_addr = inet_pton(AF_INET6, "fd02::1")
242 for i in self.interfaces:
243 next_hop_address = i.local_ip6n
244 for j in range(count / n_int):
245 self.vapi.ip_add_del_route(
246 dest_addr, dest_addr_len, next_hop_address, is_ipv6=1)
248 if counter / count * 100 > percent:
249 self.logger.info("Configure %d FIB entries .. %d%% done" %
253 def create_stream(self, src_if, packet_sizes):
254 """Create input packet stream for defined interface.
256 :param VppInterface src_if: Interface to create packet stream for.
257 :param list packet_sizes: Required packet sizes.
260 for i in range(0, 257):
261 dst_if = self.flows[src_if][i % 2]
262 info = self.create_packet_info(src_if, dst_if)
263 payload = self.info_to_payload(info)
264 p = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) /
265 IPv6(src=src_if.remote_ip6, dst=dst_if.remote_ip6) /
266 UDP(sport=1234, dport=1234) /
269 if isinstance(src_if, VppSubInterface):
270 p = src_if.add_dot1_layer(p)
271 size = packet_sizes[(i // 2) % len(packet_sizes)]
272 self.extend_packet(p, size)
276 def verify_capture(self, dst_if, capture):
277 """Verify captured input packet stream for defined interface.
279 :param VppInterface dst_if: Interface to verify captured packet stream
281 :param list capture: Captured packet stream.
283 self.logger.info("Verifying capture on interface %s" % dst_if.name)
285 for i in self.interfaces:
286 last_info[i.sw_if_index] = None
288 dst_sw_if_index = dst_if.sw_if_index
289 if hasattr(dst_if, 'parent'):
291 for packet in capture:
293 # Check VLAN tags and Ethernet header
294 packet = dst_if.remove_dot1_layer(packet)
295 self.assertTrue(Dot1Q not in packet)
299 payload_info = self.payload_to_info(str(packet[Raw]))
300 packet_index = payload_info.index
301 self.assertEqual(payload_info.dst, dst_sw_if_index)
303 "Got packet on port %s: src=%u (id=%u)" %
304 (dst_if.name, payload_info.src, packet_index))
305 next_info = self.get_next_packet_info_for_interface2(
306 payload_info.src, dst_sw_if_index,
307 last_info[payload_info.src])
308 last_info[payload_info.src] = next_info
309 self.assertTrue(next_info is not None)
310 self.assertEqual(packet_index, next_info.index)
311 saved_packet = next_info.data
312 # Check standard fields
313 self.assertEqual(ip.src, saved_packet[IPv6].src)
314 self.assertEqual(ip.dst, saved_packet[IPv6].dst)
315 self.assertEqual(udp.sport, saved_packet[UDP].sport)
316 self.assertEqual(udp.dport, saved_packet[UDP].dport)
318 self.logger.error(ppp("Unexpected or invalid packet:", packet))
320 for i in self.interfaces:
321 remaining_packet = self.get_next_packet_info_for_interface2(
322 i.sw_if_index, dst_sw_if_index, last_info[i.sw_if_index])
323 self.assertTrue(remaining_packet is None,
324 "Interface %s: Packet expected from interface %s "
325 "didn't arrive" % (dst_if.name, i.name))
331 - Create IPv6 stream for pg0 interface
332 - Create IPv6 tagged streams for pg1's and pg2's subinterface.
333 - Send and verify received packets on each interface.
336 pkts = self.create_stream(self.pg0, self.pg_if_packet_sizes)
337 self.pg0.add_stream(pkts)
339 for i in self.sub_interfaces:
340 pkts = self.create_stream(i, self.sub_if_packet_sizes)
341 i.parent.add_stream(pkts)
343 self.pg_enable_capture(self.pg_interfaces)
346 pkts = self.pg0.get_capture()
347 self.verify_capture(self.pg0, pkts)
349 for i in self.sub_interfaces:
350 pkts = i.parent.get_capture()
351 self.verify_capture(i, pkts)
354 """ IPv6 Neighbour Solicitation Exceptions
357 - Send an NS Sourced from an address not covered by the link sub-net
358 - Send an NS to an mcast address the router has not joined
359 - Send NS for a target address the router does not onn.
363 # An NS from a non link source address
365 nsma = in6_getnsma(inet_pton(AF_INET6, self.pg0.local_ip6))
366 d = inet_ntop(AF_INET6, nsma)
368 p = (Ether(dst=in6_getnsmac(nsma)) /
369 IPv6(dst=d, src="2002::2") /
370 ICMPv6ND_NS(tgt=self.pg0.local_ip6) /
371 ICMPv6NDOptSrcLLAddr(lladdr=self.pg0.remote_mac))
374 self.send_and_assert_no_replies(
376 "No response to NS source by address not on sub-net")
379 # An NS for sent to a solicited mcast group the router is
380 # not a member of FAILS
383 nsma = in6_getnsma(inet_pton(AF_INET6, "fd::ffff"))
384 d = inet_ntop(AF_INET6, nsma)
386 p = (Ether(dst=in6_getnsmac(nsma)) /
387 IPv6(dst=d, src=self.pg0.remote_ip6) /
388 ICMPv6ND_NS(tgt=self.pg0.local_ip6) /
389 ICMPv6NDOptSrcLLAddr(lladdr=self.pg0.remote_mac))
392 self.send_and_assert_no_replies(
394 "No response to NS sent to unjoined mcast address")
397 # An NS whose target address is one the router does not own
399 nsma = in6_getnsma(inet_pton(AF_INET6, self.pg0.local_ip6))
400 d = inet_ntop(AF_INET6, nsma)
402 p = (Ether(dst=in6_getnsmac(nsma)) /
403 IPv6(dst=d, src=self.pg0.remote_ip6) /
404 ICMPv6ND_NS(tgt="fd::ffff") /
405 ICMPv6NDOptSrcLLAddr(lladdr=self.pg0.remote_mac))
408 self.send_and_assert_no_replies(self.pg0, pkts,
409 "No response to NS for unknown target")
412 # A neighbor entry that has no associated FIB-entry
414 self.pg0.generate_remote_hosts(4)
415 nd_entry = VppNeighbor(self,
416 self.pg0.sw_if_index,
417 self.pg0.remote_hosts[2].mac,
418 self.pg0.remote_hosts[2].ip6,
421 nd_entry.add_vpp_config()
424 # check we have the neighbor, but no route
426 self.assertTrue(find_nbr(self,
427 self.pg0.sw_if_index,
428 self.pg0._remote_hosts[2].ip6,
430 self.assertFalse(find_route(self,
431 self.pg0._remote_hosts[2].ip6,
436 # send an NS from a link local address to the interface's global
439 p = (Ether(dst=in6_getnsmac(nsma), src=self.pg0.remote_mac) /
440 IPv6(dst=d, src=self.pg0._remote_hosts[2].ip6_ll) /
441 ICMPv6ND_NS(tgt=self.pg0.local_ip6) /
442 ICMPv6NDOptSrcLLAddr(lladdr=self.pg0.remote_mac))
444 self.send_and_expect_na(self.pg0, p,
445 "NS from link-local",
446 dst_ip=self.pg0._remote_hosts[2].ip6_ll,
447 tgt_ip=self.pg0.local_ip6)
450 # we should have learned an ND entry for the peer's link-local
451 # but not inserted a route to it in the FIB
453 self.assertTrue(find_nbr(self,
454 self.pg0.sw_if_index,
455 self.pg0._remote_hosts[2].ip6_ll,
457 self.assertFalse(find_route(self,
458 self.pg0._remote_hosts[2].ip6_ll,
463 # An NS to the router's own Link-local
465 p = (Ether(dst=in6_getnsmac(nsma), src=self.pg0.remote_mac) /
466 IPv6(dst=d, src=self.pg0._remote_hosts[3].ip6_ll) /
467 ICMPv6ND_NS(tgt=self.pg0.local_ip6_ll) /
468 ICMPv6NDOptSrcLLAddr(lladdr=self.pg0.remote_mac))
470 self.send_and_expect_na(self.pg0, p,
471 "NS to/from link-local",
472 dst_ip=self.pg0._remote_hosts[3].ip6_ll,
473 tgt_ip=self.pg0.local_ip6_ll)
476 # we should have learned an ND entry for the peer's link-local
477 # but not inserted a route to it in the FIB
479 self.assertTrue(find_nbr(self,
480 self.pg0.sw_if_index,
481 self.pg0._remote_hosts[3].ip6_ll,
483 self.assertFalse(find_route(self,
484 self.pg0._remote_hosts[3].ip6_ll,
488 def test_ns_duplicates(self):
492 # Generate some hosts on the LAN
494 self.pg1.generate_remote_hosts(3)
497 # Add host 1 on pg1 and pg2
499 ns_pg1 = VppNeighbor(self,
500 self.pg1.sw_if_index,
501 self.pg1.remote_hosts[1].mac,
502 self.pg1.remote_hosts[1].ip6,
504 ns_pg1.add_vpp_config()
505 ns_pg2 = VppNeighbor(self,
506 self.pg2.sw_if_index,
508 self.pg1.remote_hosts[1].ip6,
510 ns_pg2.add_vpp_config()
513 # IP packet destined for pg1 remote host arrives on pg1 again.
515 p = (Ether(dst=self.pg0.local_mac,
516 src=self.pg0.remote_mac) /
517 IPv6(src=self.pg0.remote_ip6,
518 dst=self.pg1.remote_hosts[1].ip6) /
519 UDP(sport=1234, dport=1234) /
522 self.pg0.add_stream(p)
523 self.pg_enable_capture(self.pg_interfaces)
526 rx1 = self.pg1.get_capture(1)
528 self.verify_ip(rx1[0],
530 self.pg1.remote_hosts[1].mac,
532 self.pg1.remote_hosts[1].ip6)
535 # remove the duplicate on pg1
536 # packet stream shoud generate NSs out of pg1
538 ns_pg1.remove_vpp_config()
540 self.send_and_expect_ns(self.pg0, self.pg1,
541 p, self.pg1.remote_hosts[1].ip6)
546 ns_pg1.add_vpp_config()
548 self.pg0.add_stream(p)
549 self.pg_enable_capture(self.pg_interfaces)
552 rx1 = self.pg1.get_capture(1)
554 self.verify_ip(rx1[0],
556 self.pg1.remote_hosts[1].mac,
558 self.pg1.remote_hosts[1].ip6)
560 def validate_ra(self, intf, rx, dst_ip=None, mtu=9000, pi_opt=None):
562 dst_ip = intf.remote_ip6
564 # unicasted packets must come to the unicast mac
565 self.assertEqual(rx[Ether].dst, intf.remote_mac)
567 # and from the router's MAC
568 self.assertEqual(rx[Ether].src, intf.local_mac)
570 # the rx'd RA should be addressed to the sender's source
571 self.assertTrue(rx.haslayer(ICMPv6ND_RA))
572 self.assertEqual(in6_ptop(rx[IPv6].dst),
575 # and come from the router's link local
576 self.assertTrue(in6_islladdr(rx[IPv6].src))
577 self.assertEqual(in6_ptop(rx[IPv6].src),
578 in6_ptop(mk_ll_addr(intf.local_mac)))
580 # it should contain the links MTU
582 self.assertEqual(ra[ICMPv6NDOptMTU].mtu, mtu)
584 # it should contain the source's link layer address option
585 sll = ra[ICMPv6NDOptSrcLLAddr]
586 self.assertEqual(sll.lladdr, intf.local_mac)
589 # the RA should not contain prefix information
590 self.assertFalse(ra.haslayer(ICMPv6NDOptPrefixInfo))
592 raos = rx.getlayer(ICMPv6NDOptPrefixInfo, 1)
594 # the options are nested in the scapy packet in way that i cannot
595 # decipher how to decode. this 1st layer of option always returns
596 # nested classes, so a direct obj1=obj2 comparison always fails.
597 # however, the getlayer(.., 2) does give one instnace.
598 # so we cheat here and construct a new opt instnace for comparison
599 rd = ICMPv6NDOptPrefixInfo(prefixlen=raos.prefixlen,
603 if type(pi_opt) is list:
604 for ii in range(len(pi_opt)):
605 self.assertEqual(pi_opt[ii], rd)
606 rd = rx.getlayer(ICMPv6NDOptPrefixInfo, ii+2)
608 self.assertEqual(pi_opt, raos)
610 def send_and_expect_ra(self, intf, pkts, remark, dst_ip=None,
611 filter_out_fn=is_ipv6_misc,
613 intf.add_stream(pkts)
614 self.pg_enable_capture(self.pg_interfaces)
616 rx = intf.get_capture(1, filter_out_fn=filter_out_fn)
618 self.assertEqual(len(rx), 1)
620 self.validate_ra(intf, rx, dst_ip, pi_opt=opt)
623 """ IPv6 Router Solicitation Exceptions
629 # Before we begin change the IPv6 RA responses to use the unicast
630 # address - that way we will not confuse them with the periodic
631 # RAs which go to the mcast address
632 # Sit and wait for the first periodic RA.
636 self.pg0.ip6_ra_config(send_unicast=1)
639 # An RS from a link source address
640 # - expect an RA in return
642 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
643 IPv6(dst=self.pg0.local_ip6, src=self.pg0.remote_ip6) /
646 self.send_and_expect_ra(self.pg0, pkts, "Genuine RS")
649 # For the next RS sent the RA should be rate limited
651 self.send_and_assert_no_replies(self.pg0, pkts, "RA rate limited")
654 # When we reconfiure the IPv6 RA config, we reset the RA rate limiting,
655 # so we need to do this before each test below so as not to drop
656 # packets for rate limiting reasons. Test this works here.
658 self.pg0.ip6_ra_config(send_unicast=1)
659 self.send_and_expect_ra(self.pg0, pkts, "Rate limit reset RS")
662 # An RS sent from a non-link local source
664 self.pg0.ip6_ra_config(send_unicast=1)
665 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
666 IPv6(dst=self.pg0.local_ip6, src="2002::ffff") /
669 self.send_and_assert_no_replies(self.pg0, pkts,
670 "RS from non-link source")
673 # Source an RS from a link local address
675 self.pg0.ip6_ra_config(send_unicast=1)
676 ll = mk_ll_addr(self.pg0.remote_mac)
677 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
678 IPv6(dst=self.pg0.local_ip6, src=ll) /
681 self.send_and_expect_ra(self.pg0, pkts,
682 "RS sourced from link-local",
686 # Send the RS multicast
688 self.pg0.ip6_ra_config(send_unicast=1)
689 dmac = in6_getnsmac(inet_pton(AF_INET6, "ff02::2"))
690 ll = mk_ll_addr(self.pg0.remote_mac)
691 p = (Ether(dst=dmac, src=self.pg0.remote_mac) /
692 IPv6(dst="ff02::2", src=ll) /
695 self.send_and_expect_ra(self.pg0, pkts,
696 "RS sourced from link-local",
700 # Source from the unspecified address ::. This happens when the RS
701 # is sent before the host has a configured address/sub-net,
702 # i.e. auto-config. Since the sender has no IP address, the reply
703 # comes back mcast - so the capture needs to not filter this.
704 # If we happen to pick up the periodic RA at this point then so be it,
707 self.pg0.ip6_ra_config(send_unicast=1, suppress=1)
708 p = (Ether(dst=dmac, src=self.pg0.remote_mac) /
709 IPv6(dst="ff02::2", src="::") /
712 self.send_and_expect_ra(self.pg0, pkts,
713 "RS sourced from unspecified",
718 # Configure The RA to announce the links prefix
720 self.pg0.ip6_ra_prefix(self.pg0.local_ip6n,
721 self.pg0.local_ip6_prefix_len)
724 # RAs should now contain the prefix information option
726 opt = ICMPv6NDOptPrefixInfo(prefixlen=self.pg0.local_ip6_prefix_len,
727 prefix=self.pg0.local_ip6,
731 self.pg0.ip6_ra_config(send_unicast=1)
732 ll = mk_ll_addr(self.pg0.remote_mac)
733 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
734 IPv6(dst=self.pg0.local_ip6, src=ll) /
736 self.send_and_expect_ra(self.pg0, p,
737 "RA with prefix-info",
742 # Change the prefix info to not off-link
745 self.pg0.ip6_ra_prefix(self.pg0.local_ip6n,
746 self.pg0.local_ip6_prefix_len,
749 opt = ICMPv6NDOptPrefixInfo(prefixlen=self.pg0.local_ip6_prefix_len,
750 prefix=self.pg0.local_ip6,
754 self.pg0.ip6_ra_config(send_unicast=1)
755 self.send_and_expect_ra(self.pg0, p,
756 "RA with Prefix info with L-flag=0",
761 # Change the prefix info to not off-link, no-autoconfig
762 # L and A flag are clear in the advert
764 self.pg0.ip6_ra_prefix(self.pg0.local_ip6n,
765 self.pg0.local_ip6_prefix_len,
769 opt = ICMPv6NDOptPrefixInfo(prefixlen=self.pg0.local_ip6_prefix_len,
770 prefix=self.pg0.local_ip6,
774 self.pg0.ip6_ra_config(send_unicast=1)
775 self.send_and_expect_ra(self.pg0, p,
776 "RA with Prefix info with A & L-flag=0",
781 # Change the flag settings back to the defaults
782 # L and A flag are set in the advert
784 self.pg0.ip6_ra_prefix(self.pg0.local_ip6n,
785 self.pg0.local_ip6_prefix_len)
787 opt = ICMPv6NDOptPrefixInfo(prefixlen=self.pg0.local_ip6_prefix_len,
788 prefix=self.pg0.local_ip6,
792 self.pg0.ip6_ra_config(send_unicast=1)
793 self.send_and_expect_ra(self.pg0, p,
794 "RA with Prefix info",
799 # Change the prefix info to not off-link, no-autoconfig
800 # L and A flag are clear in the advert
802 self.pg0.ip6_ra_prefix(self.pg0.local_ip6n,
803 self.pg0.local_ip6_prefix_len,
807 opt = ICMPv6NDOptPrefixInfo(prefixlen=self.pg0.local_ip6_prefix_len,
808 prefix=self.pg0.local_ip6,
812 self.pg0.ip6_ra_config(send_unicast=1)
813 self.send_and_expect_ra(self.pg0, p,
814 "RA with Prefix info with A & L-flag=0",
819 # Use the reset to defults option to revert to defaults
820 # L and A flag are clear in the advert
822 self.pg0.ip6_ra_prefix(self.pg0.local_ip6n,
823 self.pg0.local_ip6_prefix_len,
826 opt = ICMPv6NDOptPrefixInfo(prefixlen=self.pg0.local_ip6_prefix_len,
827 prefix=self.pg0.local_ip6,
831 self.pg0.ip6_ra_config(send_unicast=1)
832 self.send_and_expect_ra(self.pg0, p,
833 "RA with Prefix reverted to defaults",
838 # Advertise Another prefix. With no L-flag/A-flag
840 self.pg0.ip6_ra_prefix(self.pg1.local_ip6n,
841 self.pg1.local_ip6_prefix_len,
845 opt = [ICMPv6NDOptPrefixInfo(prefixlen=self.pg0.local_ip6_prefix_len,
846 prefix=self.pg0.local_ip6,
849 ICMPv6NDOptPrefixInfo(prefixlen=self.pg1.local_ip6_prefix_len,
850 prefix=self.pg1.local_ip6,
854 self.pg0.ip6_ra_config(send_unicast=1)
855 ll = mk_ll_addr(self.pg0.remote_mac)
856 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
857 IPv6(dst=self.pg0.local_ip6, src=ll) /
859 self.send_and_expect_ra(self.pg0, p,
860 "RA with multiple Prefix infos",
865 # Remove the first refix-info - expect the second is still in the
868 self.pg0.ip6_ra_prefix(self.pg0.local_ip6n,
869 self.pg0.local_ip6_prefix_len,
872 opt = ICMPv6NDOptPrefixInfo(prefixlen=self.pg1.local_ip6_prefix_len,
873 prefix=self.pg1.local_ip6,
877 self.pg0.ip6_ra_config(send_unicast=1)
878 self.send_and_expect_ra(self.pg0, p,
879 "RA with Prefix reverted to defaults",
884 # Remove the second prefix-info - expect no prefix-info i nthe adverts
886 self.pg0.ip6_ra_prefix(self.pg1.local_ip6n,
887 self.pg1.local_ip6_prefix_len,
890 self.pg0.ip6_ra_config(send_unicast=1)
891 self.send_and_expect_ra(self.pg0, p,
892 "RA with Prefix reverted to defaults",
896 # Reset the periodic advertisements back to default values
898 self.pg0.ip6_ra_config(no=1, suppress=1, send_unicast=0)
901 class TestIPv6RD(TestIPv6ND):
902 """ IPv6 Router Discovery Test Case """
906 super(TestIPv6RD, cls).setUpClass()
909 super(TestIPv6RD, self).setUp()
911 # create 2 pg interfaces
912 self.create_pg_interfaces(range(2))
914 self.interfaces = list(self.pg_interfaces)
916 # setup all interfaces
917 for i in self.interfaces:
922 for i in self.interfaces:
925 super(TestIPv6RD, self).tearDown()
927 def test_rd_send_router_solicitation(self):
928 """ Verify router solicitation packets """
931 self.pg_enable_capture(self.pg_interfaces)
933 self.vapi.ip6nd_send_router_solicitation(self.pg1.sw_if_index,
935 rx_list = self.pg1.get_capture(count, timeout=3)
936 self.assertEqual(len(rx_list), count)
937 for packet in rx_list:
938 self.assertTrue(packet.haslayer(IPv6))
939 self.assertTrue(packet[IPv6].haslayer(ICMPv6ND_RS))
940 dst = ip6_normalize(packet[IPv6].dst)
941 dst2 = ip6_normalize("ff02::2")
942 self.assert_equal(dst, dst2)
943 src = ip6_normalize(packet[IPv6].src)
944 src2 = ip6_normalize(self.pg1.local_ip6_ll)
945 self.assert_equal(src, src2)
946 self.assertTrue(packet[ICMPv6ND_RS].haslayer(ICMPv6NDOptSrcLLAddr))
947 self.assert_equal(packet[ICMPv6NDOptSrcLLAddr].lladdr,
950 def verify_prefix_info(self, reported_prefix, prefix_option):
951 prefix = socket.inet_pton(socket.AF_INET6,
952 prefix_option.getfieldval("prefix"))
953 self.assert_equal(reported_prefix.dst_address, prefix)
954 self.assert_equal(reported_prefix.dst_address_length,
955 prefix_option.getfieldval("prefixlen"))
956 L = prefix_option.getfieldval("L")
957 A = prefix_option.getfieldval("A")
958 option_flags = (L << 7) | (A << 6)
959 self.assert_equal(reported_prefix.flags, option_flags)
960 self.assert_equal(reported_prefix.valid_time,
961 prefix_option.getfieldval("validlifetime"))
962 self.assert_equal(reported_prefix.preferred_time,
963 prefix_option.getfieldval("preferredlifetime"))
965 def test_rd_receive_router_advertisement(self):
966 """ Verify events triggered by received RA packets """
968 self.vapi.want_ip6_ra_events()
970 prefix_info_1 = ICMPv6NDOptPrefixInfo(
974 preferredlifetime=500,
979 prefix_info_2 = ICMPv6NDOptPrefixInfo(
983 preferredlifetime=1000,
988 p = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
989 IPv6(dst=self.pg1.local_ip6_ll,
990 src=mk_ll_addr(self.pg1.remote_mac)) /
994 self.pg1.add_stream([p])
997 ev = self.vapi.wait_for_event(10, "ip6_ra_event")
999 self.assert_equal(ev.current_hop_limit, 0)
1000 self.assert_equal(ev.flags, 8)
1001 self.assert_equal(ev.router_lifetime_in_sec, 1800)
1002 self.assert_equal(ev.neighbor_reachable_time_in_msec, 0)
1004 ev.time_in_msec_between_retransmitted_neighbor_solicitations, 0)
1006 self.assert_equal(ev.n_prefixes, 2)
1008 self.verify_prefix_info(ev.prefixes[0], prefix_info_1)
1009 self.verify_prefix_info(ev.prefixes[1], prefix_info_2)
1012 class TestIPv6RDControlPlane(TestIPv6ND):
1013 """ IPv6 Router Discovery Control Plane Test Case """
1016 def setUpClass(cls):
1017 super(TestIPv6RDControlPlane, cls).setUpClass()
1020 super(TestIPv6RDControlPlane, self).setUp()
1022 # create 1 pg interface
1023 self.create_pg_interfaces(range(1))
1025 self.interfaces = list(self.pg_interfaces)
1027 # setup all interfaces
1028 for i in self.interfaces:
1033 super(TestIPv6RDControlPlane, self).tearDown()
1036 def create_ra_packet(pg, routerlifetime=None):
1037 src_ip = pg.remote_ip6_ll
1038 dst_ip = pg.local_ip6
1039 if routerlifetime is not None:
1040 ra = ICMPv6ND_RA(routerlifetime=routerlifetime)
1043 p = (Ether(dst=pg.local_mac, src=pg.remote_mac) /
1044 IPv6(dst=dst_ip, src=src_ip) / ra)
1048 def get_default_routes(fib):
1051 if entry.address_length == 0:
1052 for path in entry.path:
1053 if path.sw_if_index != 0xFFFFFFFF:
1055 defaut_route['sw_if_index'] = path.sw_if_index
1056 defaut_route['next_hop'] = path.next_hop
1057 list.append(defaut_route)
1061 def get_interface_addresses(fib, pg):
1064 if entry.address_length == 128:
1065 path = entry.path[0]
1066 if path.sw_if_index == pg.sw_if_index:
1067 list.append(entry.address)
1071 """ Test handling of SLAAC addresses and default routes """
1073 fib = self.vapi.ip6_fib_dump()
1074 default_routes = self.get_default_routes(fib)
1075 initial_addresses = set(self.get_interface_addresses(fib, self.pg0))
1076 self.assertEqual(default_routes, [])
1077 router_address = self.pg0.remote_ip6n_ll
1079 self.vapi.ip6_nd_address_autoconfig(self.pg0.sw_if_index, 1, 1)
1084 packet = (self.create_ra_packet(self.pg0) / ICMPv6NDOptPrefixInfo(
1088 preferredlifetime=2,
1091 ) / ICMPv6NDOptPrefixInfo(
1095 preferredlifetime=1000,
1099 self.pg0.add_stream([packet])
1104 fib = self.vapi.ip6_fib_dump()
1106 # check FIB for new address
1107 addresses = set(self.get_interface_addresses(fib, self.pg0))
1108 new_addresses = addresses.difference(initial_addresses)
1109 self.assertEqual(len(new_addresses), 1)
1110 prefix = list(new_addresses)[0][:8] + '\0\0\0\0\0\0\0\0'
1111 self.assertEqual(inet_ntop(AF_INET6, prefix), '1::')
1113 # check FIB for new default route
1114 default_routes = self.get_default_routes(fib)
1115 self.assertEqual(len(default_routes), 1)
1116 dr = default_routes[0]
1117 self.assertEqual(dr['sw_if_index'], self.pg0.sw_if_index)
1118 self.assertEqual(dr['next_hop'], router_address)
1120 # send RA to delete default route
1121 packet = self.create_ra_packet(self.pg0, routerlifetime=0)
1122 self.pg0.add_stream([packet])
1127 # check that default route is deleted
1128 fib = self.vapi.ip6_fib_dump()
1129 default_routes = self.get_default_routes(fib)
1130 self.assertEqual(len(default_routes), 0)
1135 packet = self.create_ra_packet(self.pg0)
1136 self.pg0.add_stream([packet])
1141 # check FIB for new default route
1142 fib = self.vapi.ip6_fib_dump()
1143 default_routes = self.get_default_routes(fib)
1144 self.assertEqual(len(default_routes), 1)
1145 dr = default_routes[0]
1146 self.assertEqual(dr['sw_if_index'], self.pg0.sw_if_index)
1147 self.assertEqual(dr['next_hop'], router_address)
1149 # send RA, updating router lifetime to 1s
1150 packet = self.create_ra_packet(self.pg0, 1)
1151 self.pg0.add_stream([packet])
1156 # check that default route still exists
1157 fib = self.vapi.ip6_fib_dump()
1158 default_routes = self.get_default_routes(fib)
1159 self.assertEqual(len(default_routes), 1)
1160 dr = default_routes[0]
1161 self.assertEqual(dr['sw_if_index'], self.pg0.sw_if_index)
1162 self.assertEqual(dr['next_hop'], router_address)
1166 # check that default route is deleted
1167 fib = self.vapi.ip6_fib_dump()
1168 default_routes = self.get_default_routes(fib)
1169 self.assertEqual(len(default_routes), 0)
1171 # check FIB still contains the SLAAC address
1172 addresses = set(self.get_interface_addresses(fib, self.pg0))
1173 new_addresses = addresses.difference(initial_addresses)
1174 self.assertEqual(len(new_addresses), 1)
1175 prefix = list(new_addresses)[0][:8] + '\0\0\0\0\0\0\0\0'
1176 self.assertEqual(inet_ntop(AF_INET6, prefix), '1::')
1180 # check that SLAAC address is deleted
1181 fib = self.vapi.ip6_fib_dump()
1182 addresses = set(self.get_interface_addresses(fib, self.pg0))
1183 new_addresses = addresses.difference(initial_addresses)
1184 self.assertEqual(len(new_addresses), 0)
1187 class IPv6NDProxyTest(TestIPv6ND):
1188 """ IPv6 ND ProxyTest Case """
1191 super(IPv6NDProxyTest, self).setUp()
1193 # create 3 pg interfaces
1194 self.create_pg_interfaces(range(3))
1196 # pg0 is the master interface, with the configured subnet
1198 self.pg0.config_ip6()
1199 self.pg0.resolve_ndp()
1201 self.pg1.ip6_enable()
1202 self.pg2.ip6_enable()
1205 super(IPv6NDProxyTest, self).tearDown()
1207 def test_nd_proxy(self):
1208 """ IPv6 Proxy ND """
1211 # Generate some hosts in the subnet that we are proxying
1213 self.pg0.generate_remote_hosts(8)
1215 nsma = in6_getnsma(inet_pton(AF_INET6, self.pg0.local_ip6))
1216 d = inet_ntop(AF_INET6, nsma)
1219 # Send an NS for one of those remote hosts on one of the proxy links
1220 # expect no response since it's from an address that is not
1221 # on the link that has the prefix configured
1223 ns_pg1 = (Ether(dst=in6_getnsmac(nsma), src=self.pg1.remote_mac) /
1224 IPv6(dst=d, src=self.pg0._remote_hosts[2].ip6) /
1225 ICMPv6ND_NS(tgt=self.pg0.local_ip6) /
1226 ICMPv6NDOptSrcLLAddr(lladdr=self.pg0._remote_hosts[2].mac))
1228 self.send_and_assert_no_replies(self.pg1, ns_pg1, "Off link NS")
1231 # Add proxy support for the host
1233 self.vapi.ip6_nd_proxy(
1234 inet_pton(AF_INET6, self.pg0._remote_hosts[2].ip6),
1235 self.pg1.sw_if_index)
1238 # try that NS again. this time we expect an NA back
1240 self.send_and_expect_na(self.pg1, ns_pg1,
1241 "NS to proxy entry",
1242 dst_ip=self.pg0._remote_hosts[2].ip6,
1243 tgt_ip=self.pg0.local_ip6)
1246 # ... and that we have an entry in the ND cache
1248 self.assertTrue(find_nbr(self,
1249 self.pg1.sw_if_index,
1250 self.pg0._remote_hosts[2].ip6,
1254 # ... and we can route traffic to it
1256 t = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
1257 IPv6(dst=self.pg0._remote_hosts[2].ip6,
1258 src=self.pg0.remote_ip6) /
1259 UDP(sport=10000, dport=20000) /
1262 self.pg0.add_stream(t)
1263 self.pg_enable_capture(self.pg_interfaces)
1265 rx = self.pg1.get_capture(1)
1268 self.assertEqual(rx[Ether].dst, self.pg0._remote_hosts[2].mac)
1269 self.assertEqual(rx[Ether].src, self.pg1.local_mac)
1271 self.assertEqual(rx[IPv6].src, t[IPv6].src)
1272 self.assertEqual(rx[IPv6].dst, t[IPv6].dst)
1275 # Test we proxy for the host on the main interface
1277 ns_pg0 = (Ether(dst=in6_getnsmac(nsma), src=self.pg0.remote_mac) /
1278 IPv6(dst=d, src=self.pg0.remote_ip6) /
1279 ICMPv6ND_NS(tgt=self.pg0._remote_hosts[2].ip6) /
1280 ICMPv6NDOptSrcLLAddr(lladdr=self.pg0.remote_mac))
1282 self.send_and_expect_na(self.pg0, ns_pg0,
1283 "NS to proxy entry on main",
1284 tgt_ip=self.pg0._remote_hosts[2].ip6,
1285 dst_ip=self.pg0.remote_ip6)
1288 # Setup and resolve proxy for another host on another interface
1290 ns_pg2 = (Ether(dst=in6_getnsmac(nsma), src=self.pg2.remote_mac) /
1291 IPv6(dst=d, src=self.pg0._remote_hosts[3].ip6) /
1292 ICMPv6ND_NS(tgt=self.pg0.local_ip6) /
1293 ICMPv6NDOptSrcLLAddr(lladdr=self.pg0._remote_hosts[2].mac))
1295 self.vapi.ip6_nd_proxy(
1296 inet_pton(AF_INET6, self.pg0._remote_hosts[3].ip6),
1297 self.pg2.sw_if_index)
1299 self.send_and_expect_na(self.pg2, ns_pg2,
1300 "NS to proxy entry other interface",
1301 dst_ip=self.pg0._remote_hosts[3].ip6,
1302 tgt_ip=self.pg0.local_ip6)
1304 self.assertTrue(find_nbr(self,
1305 self.pg2.sw_if_index,
1306 self.pg0._remote_hosts[3].ip6,
1310 # hosts can communicate. pg2->pg1
1312 t2 = (Ether(dst=self.pg2.local_mac,
1313 src=self.pg0.remote_hosts[3].mac) /
1314 IPv6(dst=self.pg0._remote_hosts[2].ip6,
1315 src=self.pg0._remote_hosts[3].ip6) /
1316 UDP(sport=10000, dport=20000) /
1319 self.pg2.add_stream(t2)
1320 self.pg_enable_capture(self.pg_interfaces)
1322 rx = self.pg1.get_capture(1)
1325 self.assertEqual(rx[Ether].dst, self.pg0._remote_hosts[2].mac)
1326 self.assertEqual(rx[Ether].src, self.pg1.local_mac)
1328 self.assertEqual(rx[IPv6].src, t2[IPv6].src)
1329 self.assertEqual(rx[IPv6].dst, t2[IPv6].dst)
1332 # remove the proxy configs
1334 self.vapi.ip6_nd_proxy(
1335 inet_pton(AF_INET6, self.pg0._remote_hosts[2].ip6),
1336 self.pg1.sw_if_index,
1338 self.vapi.ip6_nd_proxy(
1339 inet_pton(AF_INET6, self.pg0._remote_hosts[3].ip6),
1340 self.pg2.sw_if_index,
1343 self.assertFalse(find_nbr(self,
1344 self.pg2.sw_if_index,
1345 self.pg0._remote_hosts[3].ip6,
1347 self.assertFalse(find_nbr(self,
1348 self.pg1.sw_if_index,
1349 self.pg0._remote_hosts[2].ip6,
1353 # no longer proxy-ing...
1355 self.send_and_assert_no_replies(self.pg0, ns_pg0, "Proxy unconfigured")
1356 self.send_and_assert_no_replies(self.pg1, ns_pg1, "Proxy unconfigured")
1357 self.send_and_assert_no_replies(self.pg2, ns_pg2, "Proxy unconfigured")
1360 # no longer forwarding. traffic generates NS out of the glean/main
1363 self.pg2.add_stream(t2)
1364 self.pg_enable_capture(self.pg_interfaces)
1367 rx = self.pg0.get_capture(1)
1369 self.assertTrue(rx[0].haslayer(ICMPv6ND_NS))
1372 class TestIPNull(VppTestCase):
1373 """ IPv6 routes via NULL """
1376 super(TestIPNull, self).setUp()
1378 # create 2 pg interfaces
1379 self.create_pg_interfaces(range(1))
1381 for i in self.pg_interfaces:
1387 super(TestIPNull, self).tearDown()
1388 for i in self.pg_interfaces:
1392 def test_ip_null(self):
1393 """ IP NULL route """
1395 p = (Ether(src=self.pg0.remote_mac,
1396 dst=self.pg0.local_mac) /
1397 IPv6(src=self.pg0.remote_ip6, dst="2001::1") /
1398 UDP(sport=1234, dport=1234) /
1402 # A route via IP NULL that will reply with ICMP unreachables
1404 ip_unreach = VppIpRoute(self, "2001::", 64, [], is_unreach=1, is_ip6=1)
1405 ip_unreach.add_vpp_config()
1407 self.pg0.add_stream(p)
1408 self.pg_enable_capture(self.pg_interfaces)
1411 rx = self.pg0.get_capture(1)
1413 icmp = rx[ICMPv6DestUnreach]
1415 # 0 = "No route to destination"
1416 self.assertEqual(icmp.code, 0)
1418 # ICMP is rate limited. pause a bit
1422 # A route via IP NULL that will reply with ICMP prohibited
1424 ip_prohibit = VppIpRoute(self, "2001::1", 128, [],
1425 is_prohibit=1, is_ip6=1)
1426 ip_prohibit.add_vpp_config()
1428 self.pg0.add_stream(p)
1429 self.pg_enable_capture(self.pg_interfaces)
1432 rx = self.pg0.get_capture(1)
1434 icmp = rx[ICMPv6DestUnreach]
1436 # 1 = "Communication with destination administratively prohibited"
1437 self.assertEqual(icmp.code, 1)
1440 class TestIPDisabled(VppTestCase):
1441 """ IPv6 disabled """
1444 super(TestIPDisabled, self).setUp()
1446 # create 2 pg interfaces
1447 self.create_pg_interfaces(range(2))
1451 self.pg0.config_ip6()
1452 self.pg0.resolve_ndp()
1454 # PG 1 is not IP enabled
1458 super(TestIPDisabled, self).tearDown()
1459 for i in self.pg_interfaces:
1463 def test_ip_disabled(self):
1468 # one accepting interface, pg0, 2 forwarding interfaces
1470 route_ff_01 = VppIpMRoute(
1474 MRouteEntryFlags.MFIB_ENTRY_FLAG_NONE,
1475 [VppMRoutePath(self.pg1.sw_if_index,
1476 MRouteItfFlags.MFIB_ITF_FLAG_ACCEPT),
1477 VppMRoutePath(self.pg0.sw_if_index,
1478 MRouteItfFlags.MFIB_ITF_FLAG_FORWARD)],
1480 route_ff_01.add_vpp_config()
1482 pu = (Ether(src=self.pg1.remote_mac,
1483 dst=self.pg1.local_mac) /
1484 IPv6(src="2001::1", dst=self.pg0.remote_ip6) /
1485 UDP(sport=1234, dport=1234) /
1487 pm = (Ether(src=self.pg1.remote_mac,
1488 dst=self.pg1.local_mac) /
1489 IPv6(src="2001::1", dst="ffef::1") /
1490 UDP(sport=1234, dport=1234) /
1494 # PG1 does not forward IP traffic
1496 self.send_and_assert_no_replies(self.pg1, pu, "IPv6 disabled")
1497 self.send_and_assert_no_replies(self.pg1, pm, "IPv6 disabled")
1502 self.pg1.config_ip6()
1505 # Now we get packets through
1507 self.pg1.add_stream(pu)
1508 self.pg_enable_capture(self.pg_interfaces)
1510 rx = self.pg0.get_capture(1)
1512 self.pg1.add_stream(pm)
1513 self.pg_enable_capture(self.pg_interfaces)
1515 rx = self.pg0.get_capture(1)
1520 self.pg1.unconfig_ip6()
1523 # PG1 does not forward IP traffic
1525 self.send_and_assert_no_replies(self.pg1, pu, "IPv6 disabled")
1526 self.send_and_assert_no_replies(self.pg1, pm, "IPv6 disabled")
1529 class TestIP6LoadBalance(VppTestCase):
1530 """ IPv6 Load-Balancing """
1533 super(TestIP6LoadBalance, self).setUp()
1535 self.create_pg_interfaces(range(5))
1537 mpls_tbl = VppMplsTable(self, 0)
1538 mpls_tbl.add_vpp_config()
1540 for i in self.pg_interfaces:
1547 for i in self.pg_interfaces:
1551 super(TestIP6LoadBalance, self).tearDown()
1553 def send_and_expect_load_balancing(self, input, pkts, outputs):
1554 self.vapi.cli("clear trace")
1555 input.add_stream(pkts)
1556 self.pg_enable_capture(self.pg_interfaces)
1559 rx = oo._get_capture(1)
1560 self.assertNotEqual(0, len(rx))
1562 def send_and_expect_one_itf(self, input, pkts, itf):
1563 self.vapi.cli("clear trace")
1564 input.add_stream(pkts)
1565 self.pg_enable_capture(self.pg_interfaces)
1567 rx = itf.get_capture(len(pkts))
1569 def test_ip6_load_balance(self):
1570 """ IPv6 Load-Balancing """
1573 # An array of packets that differ only in the destination port
1577 # - MPLS non-EOS with an entropy label
1581 port_mpls_neos_pkts = []
1585 # An array of packets that differ only in the source address
1590 for ii in range(65):
1591 port_ip_hdr = (IPv6(dst="3000::1", src="3000:1::1") /
1592 UDP(sport=1234, dport=1234 + ii) /
1594 port_ip_pkts.append((Ether(src=self.pg0.remote_mac,
1595 dst=self.pg0.local_mac) /
1597 port_mpls_pkts.append((Ether(src=self.pg0.remote_mac,
1598 dst=self.pg0.local_mac) /
1599 MPLS(label=66, ttl=2) /
1601 port_mpls_neos_pkts.append((Ether(src=self.pg0.remote_mac,
1602 dst=self.pg0.local_mac) /
1603 MPLS(label=67, ttl=2) /
1604 MPLS(label=77, ttl=2) /
1606 port_ent_pkts.append((Ether(src=self.pg0.remote_mac,
1607 dst=self.pg0.local_mac) /
1608 MPLS(label=67, ttl=2) /
1609 MPLS(label=14, ttl=2) /
1610 MPLS(label=999, ttl=2) /
1612 src_ip_hdr = (IPv6(dst="3000::1", src="3000:1::%d" % ii) /
1613 UDP(sport=1234, dport=1234) /
1615 src_ip_pkts.append((Ether(src=self.pg0.remote_mac,
1616 dst=self.pg0.local_mac) /
1618 src_mpls_pkts.append((Ether(src=self.pg0.remote_mac,
1619 dst=self.pg0.local_mac) /
1620 MPLS(label=66, ttl=2) /
1624 # A route for the IP pacekts
1626 route_3000_1 = VppIpRoute(self, "3000::1", 128,
1627 [VppRoutePath(self.pg1.remote_ip6,
1628 self.pg1.sw_if_index,
1629 proto=DpoProto.DPO_PROTO_IP6),
1630 VppRoutePath(self.pg2.remote_ip6,
1631 self.pg2.sw_if_index,
1632 proto=DpoProto.DPO_PROTO_IP6)],
1634 route_3000_1.add_vpp_config()
1637 # a local-label for the EOS packets
1639 binding = VppMplsIpBind(self, 66, "3000::1", 128, is_ip6=1)
1640 binding.add_vpp_config()
1643 # An MPLS route for the non-EOS packets
1645 route_67 = VppMplsRoute(self, 67, 0,
1646 [VppRoutePath(self.pg1.remote_ip6,
1647 self.pg1.sw_if_index,
1649 proto=DpoProto.DPO_PROTO_IP6),
1650 VppRoutePath(self.pg2.remote_ip6,
1651 self.pg2.sw_if_index,
1653 proto=DpoProto.DPO_PROTO_IP6)])
1654 route_67.add_vpp_config()
1657 # inject the packet on pg0 - expect load-balancing across the 2 paths
1658 # - since the default hash config is to use IP src,dst and port
1660 # We are not going to ensure equal amounts of packets across each link,
1661 # since the hash algorithm is statistical and therefore this can never
1662 # be guaranteed. But wuth 64 different packets we do expect some
1663 # balancing. So instead just ensure there is traffic on each link.
1665 self.send_and_expect_load_balancing(self.pg0, port_ip_pkts,
1666 [self.pg1, self.pg2])
1667 self.send_and_expect_load_balancing(self.pg0, src_ip_pkts,
1668 [self.pg1, self.pg2])
1669 self.send_and_expect_load_balancing(self.pg0, port_mpls_pkts,
1670 [self.pg1, self.pg2])
1671 self.send_and_expect_load_balancing(self.pg0, src_mpls_pkts,
1672 [self.pg1, self.pg2])
1673 self.send_and_expect_load_balancing(self.pg0, port_mpls_neos_pkts,
1674 [self.pg1, self.pg2])
1677 # The packets with Entropy label in should not load-balance,
1678 # since the Entorpy value is fixed.
1680 self.send_and_expect_one_itf(self.pg0, port_ent_pkts, self.pg1)
1683 # change the flow hash config so it's only IP src,dst
1684 # - now only the stream with differing source address will
1687 self.vapi.set_ip_flow_hash(0, is_ip6=1, src=1, dst=1, sport=0, dport=0)
1689 self.send_and_expect_load_balancing(self.pg0, src_ip_pkts,
1690 [self.pg1, self.pg2])
1691 self.send_and_expect_load_balancing(self.pg0, src_mpls_pkts,
1692 [self.pg1, self.pg2])
1693 self.send_and_expect_one_itf(self.pg0, port_ip_pkts, self.pg2)
1696 # change the flow hash config back to defaults
1698 self.vapi.set_ip_flow_hash(0, is_ip6=1, src=1, dst=1, sport=1, dport=1)
1701 # Recursive prefixes
1702 # - testing that 2 stages of load-balancing occurs and there is no
1703 # polarisation (i.e. only 2 of 4 paths are used)
1708 for ii in range(257):
1709 port_pkts.append((Ether(src=self.pg0.remote_mac,
1710 dst=self.pg0.local_mac) /
1711 IPv6(dst="4000::1", src="4000:1::1") /
1712 UDP(sport=1234, dport=1234 + ii) /
1714 src_pkts.append((Ether(src=self.pg0.remote_mac,
1715 dst=self.pg0.local_mac) /
1716 IPv6(dst="4000::1", src="4000:1::%d" % ii) /
1717 UDP(sport=1234, dport=1234) /
1720 route_3000_2 = VppIpRoute(self, "3000::2", 128,
1721 [VppRoutePath(self.pg3.remote_ip6,
1722 self.pg3.sw_if_index,
1723 proto=DpoProto.DPO_PROTO_IP6),
1724 VppRoutePath(self.pg4.remote_ip6,
1725 self.pg4.sw_if_index,
1726 proto=DpoProto.DPO_PROTO_IP6)],
1728 route_3000_2.add_vpp_config()
1730 route_4000_1 = VppIpRoute(self, "4000::1", 128,
1731 [VppRoutePath("3000::1",
1733 proto=DpoProto.DPO_PROTO_IP6),
1734 VppRoutePath("3000::2",
1736 proto=DpoProto.DPO_PROTO_IP6)],
1738 route_4000_1.add_vpp_config()
1741 # inject the packet on pg0 - expect load-balancing across all 4 paths
1743 self.vapi.cli("clear trace")
1744 self.send_and_expect_load_balancing(self.pg0, port_pkts,
1745 [self.pg1, self.pg2,
1746 self.pg3, self.pg4])
1747 self.send_and_expect_load_balancing(self.pg0, src_pkts,
1748 [self.pg1, self.pg2,
1749 self.pg3, self.pg4])
1752 # Recursive prefixes
1753 # - testing that 2 stages of load-balancing no choices
1757 for ii in range(257):
1758 port_pkts.append((Ether(src=self.pg0.remote_mac,
1759 dst=self.pg0.local_mac) /
1760 IPv6(dst="6000::1", src="6000:1::1") /
1761 UDP(sport=1234, dport=1234 + ii) /
1764 route_5000_2 = VppIpRoute(self, "5000::2", 128,
1765 [VppRoutePath(self.pg3.remote_ip6,
1766 self.pg3.sw_if_index,
1767 proto=DpoProto.DPO_PROTO_IP6)],
1769 route_5000_2.add_vpp_config()
1771 route_6000_1 = VppIpRoute(self, "6000::1", 128,
1772 [VppRoutePath("5000::2",
1774 proto=DpoProto.DPO_PROTO_IP6)],
1776 route_6000_1.add_vpp_config()
1779 # inject the packet on pg0 - expect load-balancing across all 4 paths
1781 self.vapi.cli("clear trace")
1782 self.send_and_expect_one_itf(self.pg0, port_pkts, self.pg3)
1785 class TestIP6Punt(VppTestCase):
1786 """ IPv6 Punt Police/Redirect """
1789 super(TestIP6Punt, self).setUp()
1791 self.create_pg_interfaces(range(2))
1793 for i in self.pg_interfaces:
1799 super(TestIP6Punt, self).tearDown()
1800 for i in self.pg_interfaces:
1804 def test_ip_punt(self):
1805 """ IP6 punt police and redirect """
1807 p = (Ether(src=self.pg0.remote_mac,
1808 dst=self.pg0.local_mac) /
1809 IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6) /
1810 TCP(sport=1234, dport=1234) /
1816 # Configure a punt redirect via pg1.
1818 nh_addr = inet_pton(AF_INET6,
1819 self.pg1.remote_ip6)
1820 self.vapi.ip_punt_redirect(self.pg0.sw_if_index,
1821 self.pg1.sw_if_index,
1825 self.send_and_expect(self.pg0, pkts, self.pg1)
1830 policer = self.vapi.policer_add_del("ip6-punt", 400, 0, 10, 0,
1832 self.vapi.ip_punt_police(policer.policer_index, is_ip6=1)
1834 self.vapi.cli("clear trace")
1835 self.pg0.add_stream(pkts)
1836 self.pg_enable_capture(self.pg_interfaces)
1840 # the number of packet recieved should be greater than 0,
1841 # but not equal to the number sent, since some were policed
1843 rx = self.pg1._get_capture(1)
1844 self.assertTrue(len(rx) > 0)
1845 self.assertTrue(len(rx) < len(pkts))
1848 # remove the poilcer. back to full rx
1850 self.vapi.ip_punt_police(policer.policer_index, is_add=0, is_ip6=1)
1851 self.vapi.policer_add_del("ip6-punt", 400, 0, 10, 0,
1852 rate_type=1, is_add=0)
1853 self.send_and_expect(self.pg0, pkts, self.pg1)
1856 # remove the redirect. expect full drop.
1858 self.vapi.ip_punt_redirect(self.pg0.sw_if_index,
1859 self.pg1.sw_if_index,
1863 self.send_and_assert_no_replies(self.pg0, pkts,
1864 "IP no punt config")
1867 # Add a redirect that is not input port selective
1869 self.vapi.ip_punt_redirect(0xffffffff,
1870 self.pg1.sw_if_index,
1873 self.send_and_expect(self.pg0, pkts, self.pg1)
1875 self.vapi.ip_punt_redirect(0xffffffff,
1876 self.pg1.sw_if_index,
1882 class TestIP6Input(VppTestCase):
1883 """ IPv6 Input Exceptions """
1886 super(TestIP6Input, self).setUp()
1888 self.create_pg_interfaces(range(2))
1890 for i in self.pg_interfaces:
1896 super(TestIP6Input, self).tearDown()
1897 for i in self.pg_interfaces:
1901 def test_ip_input(self):
1902 """ IP6 Input Exceptions """
1905 # bad version - this is dropped
1907 p_version = (Ether(src=self.pg0.remote_mac,
1908 dst=self.pg0.local_mac) /
1909 IPv6(src=self.pg0.remote_ip6,
1910 dst=self.pg1.remote_ip6,
1912 UDP(sport=1234, dport=1234) /
1915 self.send_and_assert_no_replies(self.pg0, p_version * 65,
1919 # hop limit - IMCP replies
1921 p_version = (Ether(src=self.pg0.remote_mac,
1922 dst=self.pg0.local_mac) /
1923 IPv6(src=self.pg0.remote_ip6,
1924 dst=self.pg1.remote_ip6,
1926 UDP(sport=1234, dport=1234) /
1929 rx = self.send_and_expect(self.pg0, p_version * 65, self.pg0)
1931 icmp = rx[ICMPv6TimeExceeded]
1932 self.assertEqual(icmp.type, 3)
1933 # 0: "hop limit exceeded in transit",
1934 self.assertEqual(icmp.code, 0)
1937 if __name__ == '__main__':
1938 unittest.main(testRunner=VppTestRunner)
Code Review / vpp.git / blob