6 from parameterized import parameterized
7 import scapy.layers.inet6 as inet6
8 from scapy.contrib.mpls import MPLS
9 from scapy.layers.inet6 import IPv6, ICMPv6ND_NS, ICMPv6ND_RS, \
10 ICMPv6ND_RA, ICMPv6NDOptMTU, ICMPv6NDOptSrcLLAddr, ICMPv6NDOptPrefixInfo, \
11 ICMPv6ND_NA, ICMPv6NDOptDstLLAddr, ICMPv6DestUnreach, icmp6types, \
12 ICMPv6TimeExceeded, ICMPv6EchoRequest, ICMPv6EchoReply
13 from scapy.layers.l2 import Ether, Dot1Q
14 from scapy.packet import Raw
15 from scapy.utils import inet_pton, inet_ntop
16 from scapy.utils6 import in6_getnsma, in6_getnsmac, in6_ptop, in6_islladdr, \
20 from framework import VppTestCase, VppTestRunner
21 from util import ppp, ip6_normalize, mk_ll_addr
22 from vpp_ip import DpoProto
23 from vpp_ip_route import VppIpRoute, VppRoutePath, find_route, VppIpMRoute, \
24 VppMRoutePath, MRouteItfFlags, MRouteEntryFlags, VppMplsIpBind, \
25 VppMplsRoute, VppMplsTable, VppIpTable
26 from vpp_neighbor import find_nbr, VppNeighbor
27 from vpp_pg_interface import is_ipv6_misc
28 from vpp_sub_interface import VppSubInterface, VppDot1QSubint
29 from ipaddress import IPv6Network, IPv4Network
31 AF_INET6 = socket.AF_INET6
39 class TestIPv6ND(VppTestCase):
40 def validate_ra(self, intf, rx, dst_ip=None):
42 dst_ip = intf.remote_ip6
44 # unicasted packets must come to the unicast mac
45 self.assertEqual(rx[Ether].dst, intf.remote_mac)
47 # and from the router's MAC
48 self.assertEqual(rx[Ether].src, intf.local_mac)
50 # the rx'd RA should be addressed to the sender's source
51 self.assertTrue(rx.haslayer(ICMPv6ND_RA))
52 self.assertEqual(in6_ptop(rx[IPv6].dst),
55 # and come from the router's link local
56 self.assertTrue(in6_islladdr(rx[IPv6].src))
57 self.assertEqual(in6_ptop(rx[IPv6].src),
58 in6_ptop(mk_ll_addr(intf.local_mac)))
60 def validate_na(self, intf, rx, dst_ip=None, tgt_ip=None):
62 dst_ip = intf.remote_ip6
64 dst_ip = intf.local_ip6
66 # unicasted packets must come to the unicast mac
67 self.assertEqual(rx[Ether].dst, intf.remote_mac)
69 # and from the router's MAC
70 self.assertEqual(rx[Ether].src, intf.local_mac)
72 # the rx'd NA should be addressed to the sender's source
73 self.assertTrue(rx.haslayer(ICMPv6ND_NA))
74 self.assertEqual(in6_ptop(rx[IPv6].dst),
77 # and come from the target address
79 in6_ptop(rx[IPv6].src), in6_ptop(tgt_ip))
81 # Dest link-layer options should have the router's MAC
82 dll = rx[ICMPv6NDOptDstLLAddr]
83 self.assertEqual(dll.lladdr, intf.local_mac)
85 def validate_ns(self, intf, rx, tgt_ip):
86 nsma = in6_getnsma(inet_pton(AF_INET6, tgt_ip))
87 dst_ip = inet_ntop(AF_INET6, nsma)
90 self.assertEqual(rx[Ether].dst, in6_getnsmac(nsma))
92 # and from the router's MAC
93 self.assertEqual(rx[Ether].src, intf.local_mac)
95 # the rx'd NS should be addressed to an mcast address
96 # derived from the target address
98 in6_ptop(rx[IPv6].dst), in6_ptop(dst_ip))
100 # expect the tgt IP in the NS header
102 self.assertEqual(in6_ptop(ns.tgt), in6_ptop(tgt_ip))
104 # packet is from the router's local address
106 in6_ptop(rx[IPv6].src), intf.local_ip6)
108 # Src link-layer options should have the router's MAC
109 sll = rx[ICMPv6NDOptSrcLLAddr]
110 self.assertEqual(sll.lladdr, intf.local_mac)
112 def send_and_expect_ra(self, intf, pkts, remark, dst_ip=None,
113 filter_out_fn=is_ipv6_misc):
114 intf.add_stream(pkts)
115 self.pg_enable_capture(self.pg_interfaces)
117 rx = intf.get_capture(1, filter_out_fn=filter_out_fn)
119 self.assertEqual(len(rx), 1)
121 self.validate_ra(intf, rx, dst_ip)
123 def send_and_expect_na(self, intf, pkts, remark, dst_ip=None,
125 filter_out_fn=is_ipv6_misc):
126 intf.add_stream(pkts)
127 self.pg_enable_capture(self.pg_interfaces)
129 rx = intf.get_capture(1, filter_out_fn=filter_out_fn)
131 self.assertEqual(len(rx), 1)
133 self.validate_na(intf, rx, dst_ip, tgt_ip)
135 def send_and_expect_ns(self, tx_intf, rx_intf, pkts, tgt_ip,
136 filter_out_fn=is_ipv6_misc):
137 tx_intf.add_stream(pkts)
138 self.pg_enable_capture(self.pg_interfaces)
140 rx = rx_intf.get_capture(1, filter_out_fn=filter_out_fn)
142 self.assertEqual(len(rx), 1)
144 self.validate_ns(rx_intf, rx, tgt_ip)
146 def verify_ip(self, rx, smac, dmac, sip, dip):
148 self.assertEqual(ether.dst, dmac)
149 self.assertEqual(ether.src, smac)
152 self.assertEqual(ip.src, sip)
153 self.assertEqual(ip.dst, dip)
156 class TestIPv6(TestIPv6ND):
157 """ IPv6 Test Case """
161 super(TestIPv6, cls).setUpClass()
165 Perform test setup before test case.
168 - create 3 pg interfaces
169 - untagged pg0 interface
170 - Dot1Q subinterface on pg1
171 - Dot1AD subinterface on pg2
173 - put it into UP state
175 - resolve neighbor address using NDP
176 - configure 200 fib entries
178 :ivar list interfaces: pg interfaces and subinterfaces.
179 :ivar dict flows: IPv4 packet flows in test.
181 *TODO:* Create AD sub interface
183 super(TestIPv6, self).setUp()
185 # create 3 pg interfaces
186 self.create_pg_interfaces(range(3))
188 # create 2 subinterfaces for p1 and pg2
189 self.sub_interfaces = [
190 VppDot1QSubint(self, self.pg1, 100),
191 VppDot1QSubint(self, self.pg2, 200)
192 # TODO: VppDot1ADSubint(self, self.pg2, 200, 300, 400)
195 # packet flows mapping pg0 -> pg1.sub, pg2.sub, etc.
197 self.flows[self.pg0] = [self.pg1.sub_if, self.pg2.sub_if]
198 self.flows[self.pg1.sub_if] = [self.pg0, self.pg2.sub_if]
199 self.flows[self.pg2.sub_if] = [self.pg0, self.pg1.sub_if]
202 self.pg_if_packet_sizes = [64, 1500, 9020]
204 self.interfaces = list(self.pg_interfaces)
205 self.interfaces.extend(self.sub_interfaces)
207 # setup all interfaces
208 for i in self.interfaces:
213 # config 2M FIB entries
214 self.config_fib_entries(200)
217 """Run standard test teardown and log ``show ip6 neighbors``."""
218 for i in self.interfaces:
222 for i in self.sub_interfaces:
223 i.remove_vpp_config()
225 super(TestIPv6, self).tearDown()
226 if not self.vpp_dead:
227 self.logger.info(self.vapi.cli("show ip6 neighbors"))
228 # info(self.vapi.cli("show ip6 fib")) # many entries
230 def config_fib_entries(self, count):
231 """For each interface add to the FIB table *count* routes to
232 "fd02::1/128" destination with interface's local address as next-hop
235 :param int count: Number of FIB entries.
237 - *TODO:* check if the next-hop address shouldn't be remote address
238 instead of local address.
240 n_int = len(self.interfaces)
243 dest_addr = inet_pton(AF_INET6, "fd02::1")
245 for i in self.interfaces:
246 next_hop_address = i.local_ip6n
247 for j in range(count / n_int):
248 self.vapi.ip_add_del_route(
249 dest_addr, dest_addr_len, next_hop_address, is_ipv6=1)
251 if counter / count * 100 > percent:
252 self.logger.info("Configure %d FIB entries .. %d%% done" %
256 def modify_packet(self, src_if, packet_size, pkt):
257 """Add load, set destination IP and extend packet to required packet
258 size for defined interface.
260 :param VppInterface src_if: Interface to create packet for.
261 :param int packet_size: Required packet size.
262 :param Scapy pkt: Packet to be modified.
264 dst_if_idx = packet_size / 10 % 2
265 dst_if = self.flows[src_if][dst_if_idx]
266 info = self.create_packet_info(src_if, dst_if)
267 payload = self.info_to_payload(info)
268 p = pkt / Raw(payload)
269 p[IPv6].dst = dst_if.remote_ip6
271 if isinstance(src_if, VppSubInterface):
272 p = src_if.add_dot1_layer(p)
273 self.extend_packet(p, packet_size)
277 def create_stream(self, src_if):
278 """Create input packet stream for defined interface.
280 :param VppInterface src_if: Interface to create packet stream for.
282 hdr_ext = 4 if isinstance(src_if, VppSubInterface) else 0
283 pkt_tmpl = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) /
284 IPv6(src=src_if.remote_ip6) /
285 inet6.UDP(sport=1234, dport=1234))
287 pkts = [self.modify_packet(src_if, i, pkt_tmpl)
288 for i in moves.range(self.pg_if_packet_sizes[0],
289 self.pg_if_packet_sizes[1], 10)]
290 pkts_b = [self.modify_packet(src_if, i, pkt_tmpl)
291 for i in moves.range(self.pg_if_packet_sizes[1] + hdr_ext,
292 self.pg_if_packet_sizes[2] + hdr_ext,
298 def verify_capture(self, dst_if, capture):
299 """Verify captured input packet stream for defined interface.
301 :param VppInterface dst_if: Interface to verify captured packet stream
303 :param list capture: Captured packet stream.
305 self.logger.info("Verifying capture on interface %s" % dst_if.name)
307 for i in self.interfaces:
308 last_info[i.sw_if_index] = None
310 dst_sw_if_index = dst_if.sw_if_index
311 if hasattr(dst_if, 'parent'):
313 for packet in capture:
315 # Check VLAN tags and Ethernet header
316 packet = dst_if.remove_dot1_layer(packet)
317 self.assertTrue(Dot1Q not in packet)
320 udp = packet[inet6.UDP]
321 payload_info = self.payload_to_info(str(packet[Raw]))
322 packet_index = payload_info.index
323 self.assertEqual(payload_info.dst, dst_sw_if_index)
325 "Got packet on port %s: src=%u (id=%u)" %
326 (dst_if.name, payload_info.src, packet_index))
327 next_info = self.get_next_packet_info_for_interface2(
328 payload_info.src, dst_sw_if_index,
329 last_info[payload_info.src])
330 last_info[payload_info.src] = next_info
331 self.assertTrue(next_info is not None)
332 self.assertEqual(packet_index, next_info.index)
333 saved_packet = next_info.data
334 # Check standard fields
336 ip.src, saved_packet[IPv6].src)
338 ip.dst, saved_packet[IPv6].dst)
340 udp.sport, saved_packet[inet6.UDP].sport)
342 udp.dport, saved_packet[inet6.UDP].dport)
344 self.logger.error(ppp("Unexpected or invalid packet:", packet))
346 for i in self.interfaces:
347 remaining_packet = self.get_next_packet_info_for_interface2(
348 i.sw_if_index, dst_sw_if_index, last_info[i.sw_if_index])
349 self.assertTrue(remaining_packet is None,
350 "Interface %s: Packet expected from interface %s "
351 "didn't arrive" % (dst_if.name, i.name))
357 - Create IPv6 stream for pg0 interface
358 - Create IPv6 tagged streams for pg1's and pg2's subinterface.
359 - Send and verify received packets on each interface.
362 pkts = self.create_stream(self.pg0)
363 self.pg0.add_stream(pkts)
365 for i in self.sub_interfaces:
366 pkts = self.create_stream(i)
367 i.parent.add_stream(pkts)
369 self.pg_enable_capture(self.pg_interfaces)
372 pkts = self.pg0.get_capture()
373 self.verify_capture(self.pg0, pkts)
375 for i in self.sub_interfaces:
376 pkts = i.parent.get_capture()
377 self.verify_capture(i, pkts)
380 """ IPv6 Neighbour Solicitation Exceptions
383 - Send an NS Sourced from an address not covered by the link sub-net
384 - Send an NS to an mcast address the router has not joined
385 - Send NS for a target address the router does not onn.
389 # An NS from a non link source address
391 nsma = in6_getnsma(inet_pton(AF_INET6, self.pg0.local_ip6))
392 d = inet_ntop(AF_INET6, nsma)
394 p = (Ether(dst=in6_getnsmac(nsma)) /
395 IPv6(dst=d, src="2002::2") /
396 ICMPv6ND_NS(tgt=self.pg0.local_ip6) /
397 ICMPv6NDOptSrcLLAddr(
398 lladdr=self.pg0.remote_mac))
401 self.send_and_assert_no_replies(
403 "No response to NS source by address not on sub-net")
406 # An NS for sent to a solicited mcast group the router is
407 # not a member of FAILS
410 nsma = in6_getnsma(inet_pton(AF_INET6, "fd::ffff"))
411 d = inet_ntop(AF_INET6, nsma)
413 p = (Ether(dst=in6_getnsmac(nsma)) /
414 IPv6(dst=d, src=self.pg0.remote_ip6) /
415 ICMPv6ND_NS(tgt=self.pg0.local_ip6) /
416 ICMPv6NDOptSrcLLAddr(
417 lladdr=self.pg0.remote_mac))
420 self.send_and_assert_no_replies(
422 "No response to NS sent to unjoined mcast address")
425 # An NS whose target address is one the router does not own
427 nsma = in6_getnsma(inet_pton(AF_INET6, self.pg0.local_ip6))
428 d = inet_ntop(AF_INET6, nsma)
430 p = (Ether(dst=in6_getnsmac(nsma)) /
431 IPv6(dst=d, src=self.pg0.remote_ip6) /
432 ICMPv6ND_NS(tgt="fd::ffff") /
433 ICMPv6NDOptSrcLLAddr(
434 lladdr=self.pg0.remote_mac))
437 self.send_and_assert_no_replies(self.pg0, pkts,
438 "No response to NS for unknown target")
441 # A neighbor entry that has no associated FIB-entry
443 self.pg0.generate_remote_hosts(4)
444 nd_entry = VppNeighbor(self,
445 self.pg0.sw_if_index,
446 self.pg0.remote_hosts[2].mac,
447 self.pg0.remote_hosts[2].ip6,
449 nd_entry.add_vpp_config()
452 # check we have the neighbor, but no route
454 self.assertTrue(find_nbr(self,
455 self.pg0.sw_if_index,
456 self.pg0._remote_hosts[2].ip6))
457 self.assertFalse(find_route(self,
458 self.pg0._remote_hosts[2].ip6,
463 # send an NS from a link local address to the interface's global
466 p = (Ether(dst=in6_getnsmac(nsma), src=self.pg0.remote_mac) /
468 dst=d, src=self.pg0._remote_hosts[2].ip6_ll) /
469 ICMPv6ND_NS(tgt=self.pg0.local_ip6) /
470 ICMPv6NDOptSrcLLAddr(
471 lladdr=self.pg0.remote_mac))
473 self.send_and_expect_na(self.pg0, p,
474 "NS from link-local",
475 dst_ip=self.pg0._remote_hosts[2].ip6_ll,
476 tgt_ip=self.pg0.local_ip6)
479 # we should have learned an ND entry for the peer's link-local
480 # but not inserted a route to it in the FIB
482 self.assertTrue(find_nbr(self,
483 self.pg0.sw_if_index,
484 self.pg0._remote_hosts[2].ip6_ll))
485 self.assertFalse(find_route(self,
486 self.pg0._remote_hosts[2].ip6_ll,
491 # An NS to the router's own Link-local
493 p = (Ether(dst=in6_getnsmac(nsma), src=self.pg0.remote_mac) /
495 dst=d, src=self.pg0._remote_hosts[3].ip6_ll) /
496 ICMPv6ND_NS(tgt=self.pg0.local_ip6_ll) /
497 ICMPv6NDOptSrcLLAddr(
498 lladdr=self.pg0.remote_mac))
500 self.send_and_expect_na(self.pg0, p,
501 "NS to/from link-local",
502 dst_ip=self.pg0._remote_hosts[3].ip6_ll,
503 tgt_ip=self.pg0.local_ip6_ll)
506 # we should have learned an ND entry for the peer's link-local
507 # but not inserted a route to it in the FIB
509 self.assertTrue(find_nbr(self,
510 self.pg0.sw_if_index,
511 self.pg0._remote_hosts[3].ip6_ll))
512 self.assertFalse(find_route(self,
513 self.pg0._remote_hosts[3].ip6_ll,
517 def test_ns_duplicates(self):
521 # Generate some hosts on the LAN
523 self.pg1.generate_remote_hosts(3)
526 # Add host 1 on pg1 and pg2
528 ns_pg1 = VppNeighbor(self,
529 self.pg1.sw_if_index,
530 self.pg1.remote_hosts[1].mac,
531 self.pg1.remote_hosts[1].ip6)
532 ns_pg1.add_vpp_config()
533 ns_pg2 = VppNeighbor(self,
534 self.pg2.sw_if_index,
536 self.pg1.remote_hosts[1].ip6)
537 ns_pg2.add_vpp_config()
540 # IP packet destined for pg1 remote host arrives on pg1 again.
542 p = (Ether(dst=self.pg0.local_mac,
543 src=self.pg0.remote_mac) /
544 IPv6(src=self.pg0.remote_ip6,
545 dst=self.pg1.remote_hosts[1].ip6) /
546 inet6.UDP(sport=1234, dport=1234) /
549 self.pg0.add_stream(p)
550 self.pg_enable_capture(self.pg_interfaces)
553 rx1 = self.pg1.get_capture(1)
555 self.verify_ip(rx1[0],
557 self.pg1.remote_hosts[1].mac,
559 self.pg1.remote_hosts[1].ip6)
562 # remove the duplicate on pg1
563 # packet stream shoud generate NSs out of pg1
565 ns_pg1.remove_vpp_config()
567 self.send_and_expect_ns(self.pg0, self.pg1,
568 p, self.pg1.remote_hosts[1].ip6)
573 ns_pg1.add_vpp_config()
575 self.pg0.add_stream(p)
576 self.pg_enable_capture(self.pg_interfaces)
579 rx1 = self.pg1.get_capture(1)
581 self.verify_ip(rx1[0],
583 self.pg1.remote_hosts[1].mac,
585 self.pg1.remote_hosts[1].ip6)
587 def validate_ra(self, intf, rx, dst_ip=None, mtu=9000, pi_opt=None):
589 dst_ip = intf.remote_ip6
591 # unicasted packets must come to the unicast mac
592 self.assertEqual(rx[Ether].dst, intf.remote_mac)
594 # and from the router's MAC
595 self.assertEqual(rx[Ether].src, intf.local_mac)
597 # the rx'd RA should be addressed to the sender's source
598 self.assertTrue(rx.haslayer(ICMPv6ND_RA))
599 self.assertEqual(in6_ptop(rx[IPv6].dst),
602 # and come from the router's link local
603 self.assertTrue(in6_islladdr(rx[IPv6].src))
604 self.assertEqual(in6_ptop(rx[IPv6].src),
605 in6_ptop(mk_ll_addr(intf.local_mac)))
607 # it should contain the links MTU
609 self.assertEqual(ra[ICMPv6NDOptMTU].mtu, mtu)
611 # it should contain the source's link layer address option
612 sll = ra[ICMPv6NDOptSrcLLAddr]
613 self.assertEqual(sll.lladdr, intf.local_mac)
616 # the RA should not contain prefix information
617 self.assertFalse(ra.haslayer(
618 ICMPv6NDOptPrefixInfo))
620 raos = rx.getlayer(ICMPv6NDOptPrefixInfo, 1)
622 # the options are nested in the scapy packet in way that i cannot
623 # decipher how to decode. this 1st layer of option always returns
624 # nested classes, so a direct obj1=obj2 comparison always fails.
625 # however, the getlayer(.., 2) does give one instnace.
626 # so we cheat here and construct a new opt instnace for comparison
627 rd = ICMPv6NDOptPrefixInfo(
628 prefixlen=raos.prefixlen,
632 if type(pi_opt) is list:
633 for ii in range(len(pi_opt)):
634 self.assertEqual(pi_opt[ii], rd)
636 ICMPv6NDOptPrefixInfo, ii + 2)
638 self.assertEqual(pi_opt, raos)
640 def send_and_expect_ra(self, intf, pkts, remark, dst_ip=None,
641 filter_out_fn=is_ipv6_misc,
643 intf.add_stream(pkts)
644 self.pg_enable_capture(self.pg_interfaces)
646 rx = intf.get_capture(1, filter_out_fn=filter_out_fn)
648 self.assertEqual(len(rx), 1)
650 self.validate_ra(intf, rx, dst_ip, pi_opt=opt)
653 """ IPv6 Router Solicitation Exceptions
659 # Before we begin change the IPv6 RA responses to use the unicast
660 # address - that way we will not confuse them with the periodic
661 # RAs which go to the mcast address
662 # Sit and wait for the first periodic RA.
666 self.pg0.ip6_ra_config(send_unicast=1)
669 # An RS from a link source address
670 # - expect an RA in return
672 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
674 dst=self.pg0.local_ip6, src=self.pg0.remote_ip6) /
677 self.send_and_expect_ra(self.pg0, pkts, "Genuine RS")
680 # For the next RS sent the RA should be rate limited
682 self.send_and_assert_no_replies(self.pg0, pkts, "RA rate limited")
685 # When we reconfiure the IPv6 RA config, we reset the RA rate limiting,
686 # so we need to do this before each test below so as not to drop
687 # packets for rate limiting reasons. Test this works here.
689 self.pg0.ip6_ra_config(send_unicast=1)
690 self.send_and_expect_ra(self.pg0, pkts, "Rate limit reset RS")
693 # An RS sent from a non-link local source
695 self.pg0.ip6_ra_config(send_unicast=1)
696 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
697 IPv6(dst=self.pg0.local_ip6,
701 self.send_and_assert_no_replies(self.pg0, pkts,
702 "RS from non-link source")
705 # Source an RS from a link local address
707 self.pg0.ip6_ra_config(send_unicast=1)
708 ll = mk_ll_addr(self.pg0.remote_mac)
709 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
710 IPv6(dst=self.pg0.local_ip6, src=ll) /
713 self.send_and_expect_ra(self.pg0, pkts,
714 "RS sourced from link-local",
718 # Send the RS multicast
720 self.pg0.ip6_ra_config(send_unicast=1)
721 dmac = in6_getnsmac(inet_pton(AF_INET6, "ff02::2"))
722 ll = mk_ll_addr(self.pg0.remote_mac)
723 p = (Ether(dst=dmac, src=self.pg0.remote_mac) /
724 IPv6(dst="ff02::2", src=ll) /
727 self.send_and_expect_ra(self.pg0, pkts,
728 "RS sourced from link-local",
732 # Source from the unspecified address ::. This happens when the RS
733 # is sent before the host has a configured address/sub-net,
734 # i.e. auto-config. Since the sender has no IP address, the reply
735 # comes back mcast - so the capture needs to not filter this.
736 # If we happen to pick up the periodic RA at this point then so be it,
739 self.pg0.ip6_ra_config(send_unicast=1, suppress=1)
740 p = (Ether(dst=dmac, src=self.pg0.remote_mac) /
741 IPv6(dst="ff02::2", src="::") /
744 self.send_and_expect_ra(self.pg0, pkts,
745 "RS sourced from unspecified",
750 # Configure The RA to announce the links prefix
752 self.pg0.ip6_ra_prefix(self.pg0.local_ip6,
753 self.pg0.local_ip6_prefix_len)
756 # RAs should now contain the prefix information option
758 opt = ICMPv6NDOptPrefixInfo(
759 prefixlen=self.pg0.local_ip6_prefix_len,
760 prefix=self.pg0.local_ip6,
764 self.pg0.ip6_ra_config(send_unicast=1)
765 ll = mk_ll_addr(self.pg0.remote_mac)
766 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
767 IPv6(dst=self.pg0.local_ip6, src=ll) /
769 self.send_and_expect_ra(self.pg0, p,
770 "RA with prefix-info",
775 # Change the prefix info to not off-link
778 self.pg0.ip6_ra_prefix(self.pg0.local_ip6,
779 self.pg0.local_ip6_prefix_len,
782 opt = ICMPv6NDOptPrefixInfo(
783 prefixlen=self.pg0.local_ip6_prefix_len,
784 prefix=self.pg0.local_ip6,
788 self.pg0.ip6_ra_config(send_unicast=1)
789 self.send_and_expect_ra(self.pg0, p,
790 "RA with Prefix info with L-flag=0",
795 # Change the prefix info to not off-link, no-autoconfig
796 # L and A flag are clear in the advert
798 self.pg0.ip6_ra_prefix(self.pg0.local_ip6,
799 self.pg0.local_ip6_prefix_len,
803 opt = ICMPv6NDOptPrefixInfo(
804 prefixlen=self.pg0.local_ip6_prefix_len,
805 prefix=self.pg0.local_ip6,
809 self.pg0.ip6_ra_config(send_unicast=1)
810 self.send_and_expect_ra(self.pg0, p,
811 "RA with Prefix info with A & L-flag=0",
816 # Change the flag settings back to the defaults
817 # L and A flag are set in the advert
819 self.pg0.ip6_ra_prefix(self.pg0.local_ip6,
820 self.pg0.local_ip6_prefix_len)
822 opt = ICMPv6NDOptPrefixInfo(
823 prefixlen=self.pg0.local_ip6_prefix_len,
824 prefix=self.pg0.local_ip6,
828 self.pg0.ip6_ra_config(send_unicast=1)
829 self.send_and_expect_ra(self.pg0, p,
830 "RA with Prefix info",
835 # Change the prefix info to not off-link, no-autoconfig
836 # L and A flag are clear in the advert
838 self.pg0.ip6_ra_prefix(self.pg0.local_ip6,
839 self.pg0.local_ip6_prefix_len,
843 opt = ICMPv6NDOptPrefixInfo(
844 prefixlen=self.pg0.local_ip6_prefix_len,
845 prefix=self.pg0.local_ip6,
849 self.pg0.ip6_ra_config(send_unicast=1)
850 self.send_and_expect_ra(self.pg0, p,
851 "RA with Prefix info with A & L-flag=0",
856 # Use the reset to defults option to revert to defaults
857 # L and A flag are clear in the advert
859 self.pg0.ip6_ra_prefix(self.pg0.local_ip6,
860 self.pg0.local_ip6_prefix_len,
863 opt = ICMPv6NDOptPrefixInfo(
864 prefixlen=self.pg0.local_ip6_prefix_len,
865 prefix=self.pg0.local_ip6,
869 self.pg0.ip6_ra_config(send_unicast=1)
870 self.send_and_expect_ra(self.pg0, p,
871 "RA with Prefix reverted to defaults",
876 # Advertise Another prefix. With no L-flag/A-flag
878 self.pg0.ip6_ra_prefix(self.pg1.local_ip6,
879 self.pg1.local_ip6_prefix_len,
883 opt = [ICMPv6NDOptPrefixInfo(
884 prefixlen=self.pg0.local_ip6_prefix_len,
885 prefix=self.pg0.local_ip6,
888 ICMPv6NDOptPrefixInfo(
889 prefixlen=self.pg1.local_ip6_prefix_len,
890 prefix=self.pg1.local_ip6,
894 self.pg0.ip6_ra_config(send_unicast=1)
895 ll = mk_ll_addr(self.pg0.remote_mac)
896 p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
897 IPv6(dst=self.pg0.local_ip6, src=ll) /
899 self.send_and_expect_ra(self.pg0, p,
900 "RA with multiple Prefix infos",
905 # Remove the first refix-info - expect the second is still in the
908 self.pg0.ip6_ra_prefix(self.pg0.local_ip6,
909 self.pg0.local_ip6_prefix_len,
912 opt = ICMPv6NDOptPrefixInfo(
913 prefixlen=self.pg1.local_ip6_prefix_len,
914 prefix=self.pg1.local_ip6,
918 self.pg0.ip6_ra_config(send_unicast=1)
919 self.send_and_expect_ra(self.pg0, p,
920 "RA with Prefix reverted to defaults",
925 # Remove the second prefix-info - expect no prefix-info i nthe adverts
927 self.pg0.ip6_ra_prefix(self.pg1.local_ip6,
928 self.pg1.local_ip6_prefix_len,
931 self.pg0.ip6_ra_config(send_unicast=1)
932 self.send_and_expect_ra(self.pg0, p,
933 "RA with Prefix reverted to defaults",
937 # Reset the periodic advertisements back to default values
939 self.pg0.ip6_ra_config(no=1, suppress=1, send_unicast=0)
942 class TestICMPv6Echo(VppTestCase):
943 """ ICMPv6 Echo Test Case """
946 super(TestICMPv6Echo, self).setUp()
948 # create 1 pg interface
949 self.create_pg_interfaces(range(1))
951 for i in self.pg_interfaces:
957 super(TestICMPv6Echo, self).tearDown()
958 for i in self.pg_interfaces:
963 def test_icmpv6_echo(self):
964 """ VPP replies to ICMPv6 Echo Request
968 - Receive ICMPv6 Echo Request message on pg0 interface.
969 - Check outgoing ICMPv6 Echo Reply message on pg0 interface.
974 icmpv6_data = '\x0a' * 18
975 p_echo_request = (Ether(src=self.pg0.remote_mac,
976 dst=self.pg0.local_mac) /
977 IPv6(src=self.pg0.remote_ip6,
978 dst=self.pg0.local_ip6) /
984 self.pg0.add_stream(p_echo_request)
985 self.pg_enable_capture(self.pg_interfaces)
988 rx = self.pg0.get_capture(1)
992 icmpv6 = rx[ICMPv6EchoReply]
994 self.assertEqual(ether.src, self.pg0.local_mac)
995 self.assertEqual(ether.dst, self.pg0.remote_mac)
997 self.assertEqual(ipv6.src, self.pg0.local_ip6)
998 self.assertEqual(ipv6.dst, self.pg0.remote_ip6)
1001 icmp6types[icmpv6.type], "Echo Reply")
1002 self.assertEqual(icmpv6.id, icmpv6_id)
1003 self.assertEqual(icmpv6.seq, icmpv6_seq)
1004 self.assertEqual(icmpv6.data, icmpv6_data)
1007 class TestIPv6RD(TestIPv6ND):
1008 """ IPv6 Router Discovery Test Case """
1011 def setUpClass(cls):
1012 super(TestIPv6RD, cls).setUpClass()
1015 super(TestIPv6RD, self).setUp()
1017 # create 2 pg interfaces
1018 self.create_pg_interfaces(range(2))
1020 self.interfaces = list(self.pg_interfaces)
1022 # setup all interfaces
1023 for i in self.interfaces:
1028 for i in self.interfaces:
1031 super(TestIPv6RD, self).tearDown()
1033 def test_rd_send_router_solicitation(self):
1034 """ Verify router solicitation packets """
1037 self.pg_enable_capture(self.pg_interfaces)
1039 self.vapi.ip6nd_send_router_solicitation(self.pg1.sw_if_index,
1041 rx_list = self.pg1.get_capture(count, timeout=3)
1042 self.assertEqual(len(rx_list), count)
1043 for packet in rx_list:
1044 self.assertEqual(packet.haslayer(IPv6), 1)
1045 self.assertEqual(packet[IPv6].haslayer(
1047 dst = ip6_normalize(packet[IPv6].dst)
1048 dst2 = ip6_normalize("ff02::2")
1049 self.assert_equal(dst, dst2)
1050 src = ip6_normalize(packet[IPv6].src)
1051 src2 = ip6_normalize(self.pg1.local_ip6_ll)
1052 self.assert_equal(src, src2)
1054 bool(packet[ICMPv6ND_RS].haslayer(
1055 ICMPv6NDOptSrcLLAddr)))
1057 packet[ICMPv6NDOptSrcLLAddr].lladdr,
1060 def verify_prefix_info(self, reported_prefix, prefix_option):
1061 prefix = IPv6Network(
1062 text_type(prefix_option.getfieldval("prefix") +
1064 text_type(prefix_option.getfieldval("prefixlen"))),
1066 self.assert_equal(reported_prefix.prefix.network_address,
1067 prefix.network_address)
1068 L = prefix_option.getfieldval("L")
1069 A = prefix_option.getfieldval("A")
1070 option_flags = (L << 7) | (A << 6)
1071 self.assert_equal(reported_prefix.flags, option_flags)
1072 self.assert_equal(reported_prefix.valid_time,
1073 prefix_option.getfieldval("validlifetime"))
1074 self.assert_equal(reported_prefix.preferred_time,
1075 prefix_option.getfieldval("preferredlifetime"))
1077 def test_rd_receive_router_advertisement(self):
1078 """ Verify events triggered by received RA packets """
1080 self.vapi.want_ip6_ra_events()
1082 prefix_info_1 = ICMPv6NDOptPrefixInfo(
1086 preferredlifetime=500,
1091 prefix_info_2 = ICMPv6NDOptPrefixInfo(
1095 preferredlifetime=1000,
1100 p = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
1101 IPv6(dst=self.pg1.local_ip6_ll,
1102 src=mk_ll_addr(self.pg1.remote_mac)) /
1106 self.pg1.add_stream([p])
1109 ev = self.vapi.wait_for_event(10, "ip6_ra_event")
1111 self.assert_equal(ev.current_hop_limit, 0)
1112 self.assert_equal(ev.flags, 8)
1113 self.assert_equal(ev.router_lifetime_in_sec, 1800)
1114 self.assert_equal(ev.neighbor_reachable_time_in_msec, 0)
1116 ev.time_in_msec_between_retransmitted_neighbor_solicitations, 0)
1118 self.assert_equal(ev.n_prefixes, 2)
1120 self.verify_prefix_info(ev.prefixes[0], prefix_info_1)
1121 self.verify_prefix_info(ev.prefixes[1], prefix_info_2)
1124 class TestIPv6RDControlPlane(TestIPv6ND):
1125 """ IPv6 Router Discovery Control Plane Test Case """
1128 def setUpClass(cls):
1129 super(TestIPv6RDControlPlane, cls).setUpClass()
1132 super(TestIPv6RDControlPlane, self).setUp()
1134 # create 1 pg interface
1135 self.create_pg_interfaces(range(1))
1137 self.interfaces = list(self.pg_interfaces)
1139 # setup all interfaces
1140 for i in self.interfaces:
1145 super(TestIPv6RDControlPlane, self).tearDown()
1148 def create_ra_packet(pg, routerlifetime=None):
1149 src_ip = pg.remote_ip6_ll
1150 dst_ip = pg.local_ip6
1151 if routerlifetime is not None:
1152 ra = ICMPv6ND_RA(routerlifetime=routerlifetime)
1155 p = (Ether(dst=pg.local_mac, src=pg.remote_mac) /
1156 IPv6(dst=dst_ip, src=src_ip) / ra)
1160 def get_default_routes(fib):
1163 if entry.address_length == 0:
1164 for path in entry.path:
1165 if path.sw_if_index != 0xFFFFFFFF:
1167 defaut_route['sw_if_index'] = path.sw_if_index
1168 defaut_route['next_hop'] = path.next_hop
1169 list.append(defaut_route)
1173 def get_interface_addresses(fib, pg):
1176 if entry.address_length == 128:
1177 path = entry.path[0]
1178 if path.sw_if_index == pg.sw_if_index:
1179 list.append(entry.address)
1183 """ Test handling of SLAAC addresses and default routes """
1185 fib = self.vapi.ip6_fib_dump()
1186 default_routes = self.get_default_routes(fib)
1187 initial_addresses = set(self.get_interface_addresses(fib, self.pg0))
1188 self.assertEqual(default_routes, [])
1189 router_address = self.pg0.remote_ip6n_ll
1191 self.vapi.ip6_nd_address_autoconfig(self.pg0.sw_if_index, 1, 1)
1196 packet = (self.create_ra_packet(
1197 self.pg0) / ICMPv6NDOptPrefixInfo(
1201 preferredlifetime=2,
1204 ) / ICMPv6NDOptPrefixInfo(
1208 preferredlifetime=1000,
1212 self.pg0.add_stream([packet])
1217 fib = self.vapi.ip6_fib_dump()
1219 # check FIB for new address
1220 addresses = set(self.get_interface_addresses(fib, self.pg0))
1221 new_addresses = addresses.difference(initial_addresses)
1222 self.assertEqual(len(new_addresses), 1)
1223 prefix = list(new_addresses)[0][:8] + '\0\0\0\0\0\0\0\0'
1224 self.assertEqual(inet_ntop(AF_INET6, prefix), '1::')
1226 # check FIB for new default route
1227 default_routes = self.get_default_routes(fib)
1228 self.assertEqual(len(default_routes), 1)
1229 dr = default_routes[0]
1230 self.assertEqual(dr['sw_if_index'], self.pg0.sw_if_index)
1231 self.assertEqual(dr['next_hop'], router_address)
1233 # send RA to delete default route
1234 packet = self.create_ra_packet(self.pg0, routerlifetime=0)
1235 self.pg0.add_stream([packet])
1240 # check that default route is deleted
1241 fib = self.vapi.ip6_fib_dump()
1242 default_routes = self.get_default_routes(fib)
1243 self.assertEqual(len(default_routes), 0)
1248 packet = self.create_ra_packet(self.pg0)
1249 self.pg0.add_stream([packet])
1254 # check FIB for new default route
1255 fib = self.vapi.ip6_fib_dump()
1256 default_routes = self.get_default_routes(fib)
1257 self.assertEqual(len(default_routes), 1)
1258 dr = default_routes[0]
1259 self.assertEqual(dr['sw_if_index'], self.pg0.sw_if_index)
1260 self.assertEqual(dr['next_hop'], router_address)
1262 # send RA, updating router lifetime to 1s
1263 packet = self.create_ra_packet(self.pg0, 1)
1264 self.pg0.add_stream([packet])
1269 # check that default route still exists
1270 fib = self.vapi.ip6_fib_dump()
1271 default_routes = self.get_default_routes(fib)
1272 self.assertEqual(len(default_routes), 1)
1273 dr = default_routes[0]
1274 self.assertEqual(dr['sw_if_index'], self.pg0.sw_if_index)
1275 self.assertEqual(dr['next_hop'], router_address)
1279 # check that default route is deleted
1280 fib = self.vapi.ip6_fib_dump()
1281 default_routes = self.get_default_routes(fib)
1282 self.assertEqual(len(default_routes), 0)
1284 # check FIB still contains the SLAAC address
1285 addresses = set(self.get_interface_addresses(fib, self.pg0))
1286 new_addresses = addresses.difference(initial_addresses)
1287 self.assertEqual(len(new_addresses), 1)
1288 prefix = list(new_addresses)[0][:8] + '\0\0\0\0\0\0\0\0'
1289 self.assertEqual(inet_ntop(AF_INET6, prefix), '1::')
1293 # check that SLAAC address is deleted
1294 fib = self.vapi.ip6_fib_dump()
1295 addresses = set(self.get_interface_addresses(fib, self.pg0))
1296 new_addresses = addresses.difference(initial_addresses)
1297 self.assertEqual(len(new_addresses), 0)
1300 class IPv6NDProxyTest(TestIPv6ND):
1301 """ IPv6 ND ProxyTest Case """
1304 super(IPv6NDProxyTest, self).setUp()
1306 # create 3 pg interfaces
1307 self.create_pg_interfaces(range(3))
1309 # pg0 is the master interface, with the configured subnet
1311 self.pg0.config_ip6()
1312 self.pg0.resolve_ndp()
1314 self.pg1.ip6_enable()
1315 self.pg2.ip6_enable()
1318 super(IPv6NDProxyTest, self).tearDown()
1320 def test_nd_proxy(self):
1321 """ IPv6 Proxy ND """
1324 # Generate some hosts in the subnet that we are proxying
1326 self.pg0.generate_remote_hosts(8)
1328 nsma = in6_getnsma(inet_pton(AF_INET6, self.pg0.local_ip6))
1329 d = inet_ntop(AF_INET6, nsma)
1332 # Send an NS for one of those remote hosts on one of the proxy links
1333 # expect no response since it's from an address that is not
1334 # on the link that has the prefix configured
1336 ns_pg1 = (Ether(dst=in6_getnsmac(nsma), src=self.pg1.remote_mac) /
1338 src=self.pg0._remote_hosts[2].ip6) /
1339 ICMPv6ND_NS(tgt=self.pg0.local_ip6) /
1340 ICMPv6NDOptSrcLLAddr(
1341 lladdr=self.pg0._remote_hosts[2].mac))
1343 self.send_and_assert_no_replies(self.pg1, ns_pg1, "Off link NS")
1346 # Add proxy support for the host
1348 self.vapi.ip6nd_proxy_add_del(
1349 ip=inet_pton(AF_INET6, self.pg0._remote_hosts[2].ip6),
1350 sw_if_index=self.pg1.sw_if_index)
1353 # try that NS again. this time we expect an NA back
1355 self.send_and_expect_na(self.pg1, ns_pg1,
1356 "NS to proxy entry",
1357 dst_ip=self.pg0._remote_hosts[2].ip6,
1358 tgt_ip=self.pg0.local_ip6)
1361 # ... and that we have an entry in the ND cache
1363 self.assertTrue(find_nbr(self,
1364 self.pg1.sw_if_index,
1365 self.pg0._remote_hosts[2].ip6))
1368 # ... and we can route traffic to it
1370 t = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
1371 IPv6(dst=self.pg0._remote_hosts[2].ip6,
1372 src=self.pg0.remote_ip6) /
1373 inet6.UDP(sport=10000, dport=20000) /
1376 self.pg0.add_stream(t)
1377 self.pg_enable_capture(self.pg_interfaces)
1379 rx = self.pg1.get_capture(1)
1382 self.assertEqual(rx[Ether].dst, self.pg0._remote_hosts[2].mac)
1383 self.assertEqual(rx[Ether].src, self.pg1.local_mac)
1385 self.assertEqual(rx[IPv6].src,
1387 self.assertEqual(rx[IPv6].dst,
1391 # Test we proxy for the host on the main interface
1393 ns_pg0 = (Ether(dst=in6_getnsmac(nsma), src=self.pg0.remote_mac) /
1394 IPv6(dst=d, src=self.pg0.remote_ip6) /
1396 tgt=self.pg0._remote_hosts[2].ip6) /
1397 ICMPv6NDOptSrcLLAddr(
1398 lladdr=self.pg0.remote_mac))
1400 self.send_and_expect_na(self.pg0, ns_pg0,
1401 "NS to proxy entry on main",
1402 tgt_ip=self.pg0._remote_hosts[2].ip6,
1403 dst_ip=self.pg0.remote_ip6)
1406 # Setup and resolve proxy for another host on another interface
1408 ns_pg2 = (Ether(dst=in6_getnsmac(nsma), src=self.pg2.remote_mac) /
1410 src=self.pg0._remote_hosts[3].ip6) /
1411 ICMPv6ND_NS(tgt=self.pg0.local_ip6) /
1412 ICMPv6NDOptSrcLLAddr(
1413 lladdr=self.pg0._remote_hosts[2].mac))
1415 self.vapi.ip6nd_proxy_add_del(
1416 ip=inet_pton(AF_INET6, self.pg0._remote_hosts[3].ip6),
1417 sw_if_index=self.pg2.sw_if_index)
1419 self.send_and_expect_na(self.pg2, ns_pg2,
1420 "NS to proxy entry other interface",
1421 dst_ip=self.pg0._remote_hosts[3].ip6,
1422 tgt_ip=self.pg0.local_ip6)
1424 self.assertTrue(find_nbr(self,
1425 self.pg2.sw_if_index,
1426 self.pg0._remote_hosts[3].ip6))
1429 # hosts can communicate. pg2->pg1
1431 t2 = (Ether(dst=self.pg2.local_mac,
1432 src=self.pg0.remote_hosts[3].mac) /
1433 IPv6(dst=self.pg0._remote_hosts[2].ip6,
1434 src=self.pg0._remote_hosts[3].ip6) /
1435 inet6.UDP(sport=10000, dport=20000) /
1438 self.pg2.add_stream(t2)
1439 self.pg_enable_capture(self.pg_interfaces)
1441 rx = self.pg1.get_capture(1)
1444 self.assertEqual(rx[Ether].dst, self.pg0._remote_hosts[2].mac)
1445 self.assertEqual(rx[Ether].src, self.pg1.local_mac)
1447 self.assertEqual(rx[IPv6].src,
1449 self.assertEqual(rx[IPv6].dst,
1453 # remove the proxy configs
1455 self.vapi.ip6nd_proxy_add_del(
1456 ip=inet_pton(AF_INET6, self.pg0._remote_hosts[2].ip6),
1457 sw_if_index=self.pg1.sw_if_index, is_del=1)
1458 self.vapi.ip6nd_proxy_add_del(
1459 ip=inet_pton(AF_INET6, self.pg0._remote_hosts[3].ip6),
1460 sw_if_index=self.pg2.sw_if_index, is_del=1)
1462 self.assertFalse(find_nbr(self,
1463 self.pg2.sw_if_index,
1464 self.pg0._remote_hosts[3].ip6))
1465 self.assertFalse(find_nbr(self,
1466 self.pg1.sw_if_index,
1467 self.pg0._remote_hosts[2].ip6))
1470 # no longer proxy-ing...
1472 self.send_and_assert_no_replies(self.pg0, ns_pg0, "Proxy unconfigured")
1473 self.send_and_assert_no_replies(self.pg1, ns_pg1, "Proxy unconfigured")
1474 self.send_and_assert_no_replies(self.pg2, ns_pg2, "Proxy unconfigured")
1477 # no longer forwarding. traffic generates NS out of the glean/main
1480 self.pg2.add_stream(t2)
1481 self.pg_enable_capture(self.pg_interfaces)
1484 rx = self.pg0.get_capture(1)
1486 self.assertTrue(rx[0].haslayer(ICMPv6ND_NS))
1489 class TestIPNull(VppTestCase):
1490 """ IPv6 routes via NULL """
1493 super(TestIPNull, self).setUp()
1495 # create 2 pg interfaces
1496 self.create_pg_interfaces(range(1))
1498 for i in self.pg_interfaces:
1504 super(TestIPNull, self).tearDown()
1505 for i in self.pg_interfaces:
1509 def test_ip_null(self):
1510 """ IP NULL route """
1512 p = (Ether(src=self.pg0.remote_mac,
1513 dst=self.pg0.local_mac) /
1514 IPv6(src=self.pg0.remote_ip6, dst="2001::1") /
1515 inet6.UDP(sport=1234, dport=1234) /
1519 # A route via IP NULL that will reply with ICMP unreachables
1521 ip_unreach = VppIpRoute(self, "2001::", 64, [], is_unreach=1, is_ip6=1)
1522 ip_unreach.add_vpp_config()
1524 self.pg0.add_stream(p)
1525 self.pg_enable_capture(self.pg_interfaces)
1528 rx = self.pg0.get_capture(1)
1530 icmp = rx[ICMPv6DestUnreach]
1532 # 0 = "No route to destination"
1533 self.assertEqual(icmp.code, 0)
1535 # ICMP is rate limited. pause a bit
1539 # A route via IP NULL that will reply with ICMP prohibited
1541 ip_prohibit = VppIpRoute(self, "2001::1", 128, [],
1542 is_prohibit=1, is_ip6=1)
1543 ip_prohibit.add_vpp_config()
1545 self.pg0.add_stream(p)
1546 self.pg_enable_capture(self.pg_interfaces)
1549 rx = self.pg0.get_capture(1)
1551 icmp = rx[ICMPv6DestUnreach]
1553 # 1 = "Communication with destination administratively prohibited"
1554 self.assertEqual(icmp.code, 1)
1557 class TestIPDisabled(VppTestCase):
1558 """ IPv6 disabled """
1561 super(TestIPDisabled, self).setUp()
1563 # create 2 pg interfaces
1564 self.create_pg_interfaces(range(2))
1568 self.pg0.config_ip6()
1569 self.pg0.resolve_ndp()
1571 # PG 1 is not IP enabled
1575 super(TestIPDisabled, self).tearDown()
1576 for i in self.pg_interfaces:
1580 def test_ip_disabled(self):
1585 # one accepting interface, pg0, 2 forwarding interfaces
1587 route_ff_01 = VppIpMRoute(
1591 MRouteEntryFlags.MFIB_ENTRY_FLAG_NONE,
1592 [VppMRoutePath(self.pg1.sw_if_index,
1593 MRouteItfFlags.MFIB_ITF_FLAG_ACCEPT),
1594 VppMRoutePath(self.pg0.sw_if_index,
1595 MRouteItfFlags.MFIB_ITF_FLAG_FORWARD)],
1597 route_ff_01.add_vpp_config()
1599 pu = (Ether(src=self.pg1.remote_mac,
1600 dst=self.pg1.local_mac) /
1601 IPv6(src="2001::1", dst=self.pg0.remote_ip6) /
1602 inet6.UDP(sport=1234, dport=1234) /
1604 pm = (Ether(src=self.pg1.remote_mac,
1605 dst=self.pg1.local_mac) /
1606 IPv6(src="2001::1", dst="ffef::1") /
1607 inet6.UDP(sport=1234, dport=1234) /
1611 # PG1 does not forward IP traffic
1613 self.send_and_assert_no_replies(self.pg1, pu, "IPv6 disabled")
1614 self.send_and_assert_no_replies(self.pg1, pm, "IPv6 disabled")
1619 self.pg1.config_ip6()
1622 # Now we get packets through
1624 self.pg1.add_stream(pu)
1625 self.pg_enable_capture(self.pg_interfaces)
1627 rx = self.pg0.get_capture(1)
1629 self.pg1.add_stream(pm)
1630 self.pg_enable_capture(self.pg_interfaces)
1632 rx = self.pg0.get_capture(1)
1637 self.pg1.unconfig_ip6()
1640 # PG1 does not forward IP traffic
1642 self.send_and_assert_no_replies(self.pg1, pu, "IPv6 disabled")
1643 self.send_and_assert_no_replies(self.pg1, pm, "IPv6 disabled")
1646 class TestIP6LoadBalance(VppTestCase):
1647 """ IPv6 Load-Balancing """
1650 super(TestIP6LoadBalance, self).setUp()
1652 self.create_pg_interfaces(range(5))
1654 mpls_tbl = VppMplsTable(self, 0)
1655 mpls_tbl.add_vpp_config()
1657 for i in self.pg_interfaces:
1664 for i in self.pg_interfaces:
1668 super(TestIP6LoadBalance, self).tearDown()
1670 def pg_send(self, input, pkts):
1671 self.vapi.cli("clear trace")
1672 input.add_stream(pkts)
1673 self.pg_enable_capture(self.pg_interfaces)
1676 def send_and_expect_load_balancing(self, input, pkts, outputs):
1677 self.pg_send(input, pkts)
1679 rx = oo._get_capture(1)
1680 self.assertNotEqual(0, len(rx))
1682 def send_and_expect_one_itf(self, input, pkts, itf):
1683 self.pg_send(input, pkts)
1684 rx = itf.get_capture(len(pkts))
1686 def test_ip6_load_balance(self):
1687 """ IPv6 Load-Balancing """
1690 # An array of packets that differ only in the destination port
1694 # - MPLS non-EOS with an entropy label
1698 port_mpls_neos_pkts = []
1702 # An array of packets that differ only in the source address
1707 for ii in range(65):
1709 IPv6(dst="3000::1", src="3000:1::1") /
1710 inet6.UDP(sport=1234, dport=1234 + ii) /
1712 port_ip_pkts.append((Ether(src=self.pg0.remote_mac,
1713 dst=self.pg0.local_mac) /
1715 port_mpls_pkts.append((Ether(src=self.pg0.remote_mac,
1716 dst=self.pg0.local_mac) /
1717 MPLS(label=66, ttl=2) /
1719 port_mpls_neos_pkts.append((Ether(src=self.pg0.remote_mac,
1720 dst=self.pg0.local_mac) /
1721 MPLS(label=67, ttl=2) /
1722 MPLS(label=77, ttl=2) /
1724 port_ent_pkts.append((Ether(src=self.pg0.remote_mac,
1725 dst=self.pg0.local_mac) /
1726 MPLS(label=67, ttl=2) /
1727 MPLS(label=14, ttl=2) /
1728 MPLS(label=999, ttl=2) /
1731 IPv6(dst="3000::1", src="3000:1::%d" % ii) /
1732 inet6.UDP(sport=1234, dport=1234) /
1734 src_ip_pkts.append((Ether(src=self.pg0.remote_mac,
1735 dst=self.pg0.local_mac) /
1737 src_mpls_pkts.append((Ether(src=self.pg0.remote_mac,
1738 dst=self.pg0.local_mac) /
1739 MPLS(label=66, ttl=2) /
1743 # A route for the IP pacekts
1745 route_3000_1 = VppIpRoute(self, "3000::1", 128,
1746 [VppRoutePath(self.pg1.remote_ip6,
1747 self.pg1.sw_if_index,
1748 proto=DpoProto.DPO_PROTO_IP6),
1749 VppRoutePath(self.pg2.remote_ip6,
1750 self.pg2.sw_if_index,
1751 proto=DpoProto.DPO_PROTO_IP6)],
1753 route_3000_1.add_vpp_config()
1756 # a local-label for the EOS packets
1758 binding = VppMplsIpBind(self, 66, "3000::1", 128, is_ip6=1)
1759 binding.add_vpp_config()
1762 # An MPLS route for the non-EOS packets
1764 route_67 = VppMplsRoute(self, 67, 0,
1765 [VppRoutePath(self.pg1.remote_ip6,
1766 self.pg1.sw_if_index,
1768 proto=DpoProto.DPO_PROTO_IP6),
1769 VppRoutePath(self.pg2.remote_ip6,
1770 self.pg2.sw_if_index,
1772 proto=DpoProto.DPO_PROTO_IP6)])
1773 route_67.add_vpp_config()
1776 # inject the packet on pg0 - expect load-balancing across the 2 paths
1777 # - since the default hash config is to use IP src,dst and port
1779 # We are not going to ensure equal amounts of packets across each link,
1780 # since the hash algorithm is statistical and therefore this can never
1781 # be guaranteed. But wuth 64 different packets we do expect some
1782 # balancing. So instead just ensure there is traffic on each link.
1784 self.send_and_expect_load_balancing(self.pg0, port_ip_pkts,
1785 [self.pg1, self.pg2])
1786 self.send_and_expect_load_balancing(self.pg0, src_ip_pkts,
1787 [self.pg1, self.pg2])
1788 self.send_and_expect_load_balancing(self.pg0, port_mpls_pkts,
1789 [self.pg1, self.pg2])
1790 self.send_and_expect_load_balancing(self.pg0, src_mpls_pkts,
1791 [self.pg1, self.pg2])
1792 self.send_and_expect_load_balancing(self.pg0, port_mpls_neos_pkts,
1793 [self.pg1, self.pg2])
1796 # The packets with Entropy label in should not load-balance,
1797 # since the Entorpy value is fixed.
1799 self.send_and_expect_one_itf(self.pg0, port_ent_pkts, self.pg1)
1802 # change the flow hash config so it's only IP src,dst
1803 # - now only the stream with differing source address will
1806 self.vapi.set_ip_flow_hash(0, is_ip6=1, src=1, dst=1, sport=0, dport=0)
1808 self.send_and_expect_load_balancing(self.pg0, src_ip_pkts,
1809 [self.pg1, self.pg2])
1810 self.send_and_expect_load_balancing(self.pg0, src_mpls_pkts,
1811 [self.pg1, self.pg2])
1812 self.send_and_expect_one_itf(self.pg0, port_ip_pkts, self.pg2)
1815 # change the flow hash config back to defaults
1817 self.vapi.set_ip_flow_hash(0, is_ip6=1, src=1, dst=1, sport=1, dport=1)
1820 # Recursive prefixes
1821 # - testing that 2 stages of load-balancing occurs and there is no
1822 # polarisation (i.e. only 2 of 4 paths are used)
1827 for ii in range(257):
1828 port_pkts.append((Ether(src=self.pg0.remote_mac,
1829 dst=self.pg0.local_mac) /
1832 inet6.UDP(sport=1234,
1835 src_pkts.append((Ether(src=self.pg0.remote_mac,
1836 dst=self.pg0.local_mac) /
1838 src="4000:1::%d" % ii) /
1839 inet6.UDP(sport=1234, dport=1234) /
1842 route_3000_2 = VppIpRoute(self, "3000::2", 128,
1843 [VppRoutePath(self.pg3.remote_ip6,
1844 self.pg3.sw_if_index,
1845 proto=DpoProto.DPO_PROTO_IP6),
1846 VppRoutePath(self.pg4.remote_ip6,
1847 self.pg4.sw_if_index,
1848 proto=DpoProto.DPO_PROTO_IP6)],
1850 route_3000_2.add_vpp_config()
1852 route_4000_1 = VppIpRoute(self, "4000::1", 128,
1853 [VppRoutePath("3000::1",
1855 proto=DpoProto.DPO_PROTO_IP6),
1856 VppRoutePath("3000::2",
1858 proto=DpoProto.DPO_PROTO_IP6)],
1860 route_4000_1.add_vpp_config()
1863 # inject the packet on pg0 - expect load-balancing across all 4 paths
1865 self.vapi.cli("clear trace")
1866 self.send_and_expect_load_balancing(self.pg0, port_pkts,
1867 [self.pg1, self.pg2,
1868 self.pg3, self.pg4])
1869 self.send_and_expect_load_balancing(self.pg0, src_pkts,
1870 [self.pg1, self.pg2,
1871 self.pg3, self.pg4])
1874 # Recursive prefixes
1875 # - testing that 2 stages of load-balancing no choices
1879 for ii in range(257):
1880 port_pkts.append((Ether(src=self.pg0.remote_mac,
1881 dst=self.pg0.local_mac) /
1884 inet6.UDP(sport=1234,
1888 route_5000_2 = VppIpRoute(self, "5000::2", 128,
1889 [VppRoutePath(self.pg3.remote_ip6,
1890 self.pg3.sw_if_index,
1891 proto=DpoProto.DPO_PROTO_IP6)],
1893 route_5000_2.add_vpp_config()
1895 route_6000_1 = VppIpRoute(self, "6000::1", 128,
1896 [VppRoutePath("5000::2",
1898 proto=DpoProto.DPO_PROTO_IP6)],
1900 route_6000_1.add_vpp_config()
1903 # inject the packet on pg0 - expect load-balancing across all 4 paths
1905 self.vapi.cli("clear trace")
1906 self.send_and_expect_one_itf(self.pg0, port_pkts, self.pg3)
1909 class TestIP6Punt(VppTestCase):
1910 """ IPv6 Punt Police/Redirect """
1913 super(TestIP6Punt, self).setUp()
1915 self.create_pg_interfaces(range(4))
1917 for i in self.pg_interfaces:
1923 super(TestIP6Punt, self).tearDown()
1924 for i in self.pg_interfaces:
1928 def test_ip_punt(self):
1929 """ IP6 punt police and redirect """
1931 p = (Ether(src=self.pg0.remote_mac,
1932 dst=self.pg0.local_mac) /
1933 IPv6(src=self.pg0.remote_ip6,
1934 dst=self.pg0.local_ip6) /
1935 inet6.TCP(sport=1234, dport=1234) /
1941 # Configure a punt redirect via pg1.
1943 nh_addr = self.pg1.remote_ip6
1944 self.vapi.ip_punt_redirect(self.pg0.sw_if_index,
1945 self.pg1.sw_if_index,
1948 self.send_and_expect(self.pg0, pkts, self.pg1)
1953 policer = self.vapi.policer_add_del("ip6-punt", 400, 0, 10, 0,
1955 self.vapi.ip_punt_police(policer.policer_index, is_ip6=1)
1957 self.vapi.cli("clear trace")
1958 self.pg0.add_stream(pkts)
1959 self.pg_enable_capture(self.pg_interfaces)
1963 # the number of packet recieved should be greater than 0,
1964 # but not equal to the number sent, since some were policed
1966 rx = self.pg1._get_capture(1)
1967 self.assertGreater(len(rx), 0)
1968 self.assertLess(len(rx), len(pkts))
1971 # remove the policer. back to full rx
1973 self.vapi.ip_punt_police(policer.policer_index, is_add=0, is_ip6=1)
1974 self.vapi.policer_add_del("ip6-punt", 400, 0, 10, 0,
1975 rate_type=1, is_add=0)
1976 self.send_and_expect(self.pg0, pkts, self.pg1)
1979 # remove the redirect. expect full drop.
1981 self.vapi.ip_punt_redirect(self.pg0.sw_if_index,
1982 self.pg1.sw_if_index,
1985 self.send_and_assert_no_replies(self.pg0, pkts,
1986 "IP no punt config")
1989 # Add a redirect that is not input port selective
1991 self.vapi.ip_punt_redirect(0xffffffff,
1992 self.pg1.sw_if_index,
1994 self.send_and_expect(self.pg0, pkts, self.pg1)
1996 self.vapi.ip_punt_redirect(0xffffffff,
1997 self.pg1.sw_if_index,
2001 def test_ip_punt_dump(self):
2002 """ IP6 punt redirect dump"""
2005 # Configure a punt redirects
2007 nh_addr = self.pg3.remote_ip6
2008 self.vapi.ip_punt_redirect(self.pg0.sw_if_index,
2009 self.pg3.sw_if_index,
2011 self.vapi.ip_punt_redirect(self.pg1.sw_if_index,
2012 self.pg3.sw_if_index,
2014 self.vapi.ip_punt_redirect(self.pg2.sw_if_index,
2015 self.pg3.sw_if_index,
2019 # Dump pg0 punt redirects
2021 punts = self.vapi.ip_punt_redirect_dump(self.pg0.sw_if_index,
2024 self.assertEqual(p.punt.rx_sw_if_index, self.pg0.sw_if_index)
2027 # Dump punt redirects for all interfaces
2029 punts = self.vapi.ip_punt_redirect_dump(0xffffffff, is_ipv6=1)
2030 self.assertEqual(len(punts), 3)
2032 self.assertEqual(p.punt.tx_sw_if_index, self.pg3.sw_if_index)
2033 self.assertNotEqual(punts[1].punt.nh, self.pg3.remote_ip6)
2034 self.assertEqual(str(punts[2].punt.nh), '::')
2037 class TestIPDeag(VppTestCase):
2038 """ IPv6 Deaggregate Routes """
2041 super(TestIPDeag, self).setUp()
2043 self.create_pg_interfaces(range(3))
2045 for i in self.pg_interfaces:
2051 super(TestIPDeag, self).tearDown()
2052 for i in self.pg_interfaces:
2056 def test_ip_deag(self):
2057 """ IP Deag Routes """
2060 # Create a table to be used for:
2061 # 1 - another destination address lookup
2062 # 2 - a source address lookup
2064 table_dst = VppIpTable(self, 1, is_ip6=1)
2065 table_src = VppIpTable(self, 2, is_ip6=1)
2066 table_dst.add_vpp_config()
2067 table_src.add_vpp_config()
2070 # Add a route in the default table to point to a deag/
2071 # second lookup in each of these tables
2073 route_to_dst = VppIpRoute(self, "1::1", 128,
2077 proto=DpoProto.DPO_PROTO_IP6)],
2079 route_to_src = VppIpRoute(self, "1::2", 128,
2084 proto=DpoProto.DPO_PROTO_IP6)],
2086 route_to_dst.add_vpp_config()
2087 route_to_src.add_vpp_config()
2090 # packets to these destination are dropped, since they'll
2091 # hit the respective default routes in the second table
2093 p_dst = (Ether(src=self.pg0.remote_mac,
2094 dst=self.pg0.local_mac) /
2095 IPv6(src="5::5", dst="1::1") /
2096 inet6.TCP(sport=1234, dport=1234) /
2098 p_src = (Ether(src=self.pg0.remote_mac,
2099 dst=self.pg0.local_mac) /
2100 IPv6(src="2::2", dst="1::2") /
2101 inet6.TCP(sport=1234, dport=1234) /
2103 pkts_dst = p_dst * 257
2104 pkts_src = p_src * 257
2106 self.send_and_assert_no_replies(self.pg0, pkts_dst,
2108 self.send_and_assert_no_replies(self.pg0, pkts_src,
2112 # add a route in the dst table to forward via pg1
2114 route_in_dst = VppIpRoute(self, "1::1", 128,
2115 [VppRoutePath(self.pg1.remote_ip6,
2116 self.pg1.sw_if_index,
2117 proto=DpoProto.DPO_PROTO_IP6)],
2120 route_in_dst.add_vpp_config()
2122 self.send_and_expect(self.pg0, pkts_dst, self.pg1)
2125 # add a route in the src table to forward via pg2
2127 route_in_src = VppIpRoute(self, "2::2", 128,
2128 [VppRoutePath(self.pg2.remote_ip6,
2129 self.pg2.sw_if_index,
2130 proto=DpoProto.DPO_PROTO_IP6)],
2133 route_in_src.add_vpp_config()
2134 self.send_and_expect(self.pg0, pkts_src, self.pg2)
2137 # loop in the lookup DP
2139 route_loop = VppIpRoute(self, "3::3", 128,
2142 proto=DpoProto.DPO_PROTO_IP6)],
2144 route_loop.add_vpp_config()
2146 p_l = (Ether(src=self.pg0.remote_mac,
2147 dst=self.pg0.local_mac) /
2148 IPv6(src="3::4", dst="3::3") /
2149 inet6.TCP(sport=1234, dport=1234) /
2152 self.send_and_assert_no_replies(self.pg0, p_l * 257,
2156 class TestIP6Input(VppTestCase):
2157 """ IPv6 Input Exception Test Cases """
2160 super(TestIP6Input, self).setUp()
2162 self.create_pg_interfaces(range(2))
2164 for i in self.pg_interfaces:
2170 super(TestIP6Input, self).tearDown()
2171 for i in self.pg_interfaces:
2175 def test_ip_input_icmp_reply(self):
2176 """ IP6 Input Exception - Return ICMP (3,0) """
2178 # hop limit - ICMP replies
2180 p_version = (Ether(src=self.pg0.remote_mac,
2181 dst=self.pg0.local_mac) /
2182 IPv6(src=self.pg0.remote_ip6,
2183 dst=self.pg1.remote_ip6,
2185 inet6.UDP(sport=1234, dport=1234) /
2188 rx = self.send_and_expect(self.pg0, p_version * 65, self.pg0)
2190 icmp = rx[ICMPv6TimeExceeded]
2192 # 0: "hop limit exceeded in transit",
2193 self.assertEqual((icmp.type, icmp.code), (3, 0))
2195 icmpv6_data = '\x0a' * 18
2197 all_1s = "FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF"
2199 @parameterized.expand([
2200 # Name, src, dst, l4proto, msg, timeout
2201 ("src='iface', dst='iface'", None, None,
2202 inet6.UDP(sport=1234, dport=1234), "funky version", None),
2203 ("src='All 0's', dst='iface'", all_0s, None,
2204 ICMPv6EchoRequest(id=0xb, seq=5, data=icmpv6_data), None, 0.1),
2205 ("src='iface', dst='All 0's'", None, all_0s,
2206 ICMPv6EchoRequest(id=0xb, seq=5, data=icmpv6_data), None, 0.1),
2207 ("src='All 1's', dst='iface'", all_1s, None,
2208 ICMPv6EchoRequest(id=0xb, seq=5, data=icmpv6_data), None, 0.1),
2209 ("src='iface', dst='All 1's'", None, all_1s,
2210 ICMPv6EchoRequest(id=0xb, seq=5, data=icmpv6_data), None, 0.1),
2211 ("src='All 1's', dst='All 1's'", all_1s, all_1s,
2212 ICMPv6EchoRequest(id=0xb, seq=5, data=icmpv6_data), None, 0.1),
2215 def test_ip_input_no_replies(self, name, src, dst, l4, msg, timeout):
2217 self._testMethodDoc = 'IPv6 Input Exception - %s' % name
2219 p_version = (Ether(src=self.pg0.remote_mac,
2220 dst=self.pg0.local_mac) /
2221 IPv6(src=src or self.pg0.remote_ip6,
2222 dst=dst or self.pg1.remote_ip6,
2227 self.send_and_assert_no_replies(self.pg0, p_version * 65,
2232 if __name__ == '__main__':
2233 unittest.main(testRunner=VppTestRunner)
Code Review / vpp.git / blob