From c29c0af40eda76e382a63269bca9ff57c6ecf5d5 Mon Sep 17 00:00:00 2001 From: Neale Ranns Date: Wed, 7 Nov 2018 04:21:12 -0800 Subject: [PATCH] GBP: Endpoints with VLAN tags and birdges that don't learn Change-Id: I20192f3a8f4f01f47e775746f6fde7c685f185ee Signed-off-by: Neale Ranns --- src/plugins/gbp/gbp.api | 7 ++ src/plugins/gbp/gbp_api.c | 16 ++++ src/plugins/gbp/gbp_bridge_domain.c | 21 ++--- src/plugins/gbp/gbp_bridge_domain.h | 43 ++++++++- src/plugins/gbp/gbp_learn.c | 7 +- test/test_gbp.py | 180 +++++++++++++++++++++++++++++++++++- test/vpp_papi_provider.py | 3 +- 7 files changed, 257 insertions(+), 20 deletions(-) diff --git a/src/plugins/gbp/gbp.api b/src/plugins/gbp/gbp.api index bf42243e0d0..1fb9073d190 100644 --- a/src/plugins/gbp/gbp.api +++ b/src/plugins/gbp/gbp.api @@ -19,9 +19,16 @@ option version = "2.0.0"; import "vnet/ip/ip_types.api"; import "vnet/ethernet/ethernet_types.api"; +enum gbp_bridge_domain_flags +{ + GBP_BD_API_FLAG_NONE = 0, + GBP_BD_API_FLAG_DO_NOT_LEARN = 1, +}; + typedef gbp_bridge_domain { u32 bd_id; + vl_api_gbp_bridge_domain_flags_t flags; u32 bvi_sw_if_index; u32 uu_fwd_sw_if_index; }; diff --git a/src/plugins/gbp/gbp_api.c b/src/plugins/gbp/gbp_api.c index faf036e9d81..47823d5cd9b 100644 --- a/src/plugins/gbp/gbp_api.c +++ b/src/plugins/gbp/gbp_api.c @@ -299,6 +299,20 @@ static void REPLY_MACRO (VL_API_GBP_ENDPOINT_GROUP_DEL_REPLY + GBP_MSG_BASE); } +static gbp_bridge_domain_flags_t +gbp_bridge_domain_flags_from_api (vl_api_gbp_bridge_domain_flags_t a) +{ + gbp_bridge_domain_flags_t g; + + g = GBP_BD_FLAG_NONE; + a = clib_net_to_host_u32 (a); + + if (a & GBP_BD_API_FLAG_DO_NOT_LEARN) + g |= GBP_BD_FLAG_DO_NOT_LEARN; + + return (g); +} + static void vl_api_gbp_bridge_domain_add_t_handler (vl_api_gbp_bridge_domain_add_t * mp) { @@ -306,6 +320,8 @@ vl_api_gbp_bridge_domain_add_t_handler (vl_api_gbp_bridge_domain_add_t * mp) int rv = 0; rv = gbp_bridge_domain_add_and_lock (ntohl (mp->bd.bd_id), + gbp_bridge_domain_flags_from_api + (mp->bd.flags), ntohl (mp->bd.bvi_sw_if_index), ntohl (mp->bd.uu_fwd_sw_if_index)); diff --git a/src/plugins/gbp/gbp_bridge_domain.c b/src/plugins/gbp/gbp_bridge_domain.c index b7812eb1645..1a1a7bd3383 100644 --- a/src/plugins/gbp/gbp_bridge_domain.c +++ b/src/plugins/gbp/gbp_bridge_domain.c @@ -31,12 +31,7 @@ gbp_bridge_domain_t *gbp_bridge_domain_pool; /** * DB of bridge_domains */ -typedef struct gbp_bridge_domain_db_t -{ - uword *gbd_by_bd_id; -} gbp_bridge_domain_db_t; - -static gbp_bridge_domain_db_t gbp_bridge_domain_db; +gbp_bridge_domain_db_t gbp_bridge_domain_db; /** * logger @@ -46,12 +41,6 @@ vlib_log_class_t gb_logger; #define GBP_BD_DBG(...) \ vlib_log_debug (gb_logger, __VA_ARGS__); -gbp_bridge_domain_t * -gbp_bridge_domain_get (index_t i) -{ - return (pool_elt_at_index (gbp_bridge_domain_pool, i)); -} - static void gbp_bridge_domain_lock (index_t i) { @@ -95,16 +84,21 @@ gbp_bridge_domain_db_add (gbp_bridge_domain_t * gb) index_t gbi = gb - gbp_bridge_domain_pool; hash_set (gbp_bridge_domain_db.gbd_by_bd_id, gb->gb_bd_id, gbi); + vec_validate_init_empty (gbp_bridge_domain_db.gbd_by_bd_index, + gb->gb_bd_index, INDEX_INVALID); + gbp_bridge_domain_db.gbd_by_bd_index[gb->gb_bd_index] = gbi; } static void gbp_bridge_domain_db_remove (gbp_bridge_domain_t * gb) { hash_unset (gbp_bridge_domain_db.gbd_by_bd_id, gb->gb_bd_id); + gbp_bridge_domain_db.gbd_by_bd_index[gb->gb_bd_index] = INDEX_INVALID; } int gbp_bridge_domain_add_and_lock (u32 bd_id, + gbp_bridge_domain_flags_t flags, u32 bvi_sw_if_index, u32 uu_fwd_sw_if_index) { gbp_bridge_domain_t *gb; @@ -134,6 +128,7 @@ gbp_bridge_domain_add_and_lock (u32 bd_id, gb->gb_uu_fwd_sw_if_index = uu_fwd_sw_if_index; gb->gb_bvi_sw_if_index = bvi_sw_if_index; gb->gb_locks = 1; + gb->gb_flags = flags; /* * Set the BVI and uu-flood interfaces into the BD @@ -269,7 +264,7 @@ gbp_bridge_domain_cli (vlib_main_t * vm, if (~0 == bvi_sw_if_index) return clib_error_return (0, "interface must be specified"); - gbp_bridge_domain_add_and_lock (bd_id, + gbp_bridge_domain_add_and_lock (bd_id, GBP_BD_FLAG_NONE, bvi_sw_if_index, uu_fwd_sw_if_index); } else diff --git a/src/plugins/gbp/gbp_bridge_domain.h b/src/plugins/gbp/gbp_bridge_domain.h index 992900b4aa1..4135c2d8232 100644 --- a/src/plugins/gbp/gbp_bridge_domain.h +++ b/src/plugins/gbp/gbp_bridge_domain.h @@ -20,12 +20,21 @@ #include +/** + * Bridge Domain Flags + */ +typedef enum gbp_bridge_domain_flags_t_ +{ + GBP_BD_FLAG_NONE = 0, + GBP_BD_FLAG_DO_NOT_LEARN = (1 << 0), +} gbp_bridge_domain_flags_t; + /** * A bridge Domain Representation. * This is a standard bridge-domain plus all the attributes it must * have to supprt the GBP model. */ -typedef struct gpb_bridge_domain_t_ +typedef struct gbp_bridge_domain_t_ { /** * Bridge-domain ID @@ -33,6 +42,11 @@ typedef struct gpb_bridge_domain_t_ u32 gb_bd_id; u32 gb_bd_index; + /** + * Flags conttrolling behaviour + */ + gbp_bridge_domain_flags_t gb_flags; + /** * The BD's BVI interface (obligatory) */ @@ -57,18 +71,43 @@ typedef struct gpb_bridge_domain_t_ } gbp_bridge_domain_t; extern int gbp_bridge_domain_add_and_lock (u32 bd_id, + gbp_bridge_domain_flags_t flags, u32 bvi_sw_if_index, u32 uu_fwd_sw_if_index); extern void gbp_bridge_domain_unlock (index_t gbi); extern index_t gbp_bridge_domain_find_and_lock (u32 bd_id); extern int gbp_bridge_domain_delete (u32 bd_id); -extern gbp_bridge_domain_t *gbp_bridge_domain_get (index_t i); typedef int (*gbp_bridge_domain_cb_t) (gbp_bridge_domain_t * gb, void *ctx); extern void gbp_bridge_domain_walk (gbp_bridge_domain_cb_t bgpe, void *ctx); extern u8 *format_gbp_bridge_domain (u8 * s, va_list * args); +/** + * DB of bridge_domains + */ +typedef struct gbp_bridge_domain_db_t +{ + uword *gbd_by_bd_id; + index_t *gbd_by_bd_index; +} gbp_bridge_domain_db_t; + +extern gbp_bridge_domain_db_t gbp_bridge_domain_db; +extern gbp_bridge_domain_t *gbp_bridge_domain_pool; + +always_inline gbp_bridge_domain_t * +gbp_bridge_domain_get (index_t i) +{ + return (pool_elt_at_index (gbp_bridge_domain_pool, i)); +} + +always_inline gbp_bridge_domain_t * +gbp_bridge_domain_get_by_bd_index (u32 bd_index) +{ + return (gbp_bridge_domain_get + (gbp_bridge_domain_db.gbd_by_bd_index[bd_index])); +} + #endif /* diff --git a/src/plugins/gbp/gbp_learn.c b/src/plugins/gbp/gbp_learn.c index 9239779dd99..883f3d1c862 100644 --- a/src/plugins/gbp/gbp_learn.c +++ b/src/plugins/gbp/gbp_learn.c @@ -236,6 +236,7 @@ gbp_learn_l2 (vlib_main_t * vm, ip4_address_t outer_src, outer_dst; u32 bi0, sw_if_index0, t0, epg0; const ethernet_header_t *eh0; + gbp_bridge_domain_t *gb0; gbp_learn_next_t next0; gbp_endpoint_t *ge0; vlib_buffer_t *b0; @@ -259,10 +260,12 @@ gbp_learn_l2 (vlib_main_t * vm, ge0 = gbp_endpoint_find_mac (eh0->src_address, vnet_buffer (b0)->l2.bd_index); + gb0 = + gbp_bridge_domain_get_by_bd_index (vnet_buffer (b0)->l2.bd_index); - if (vnet_buffer2 (b0)->gbp.flags & VXLAN_GBP_GPFLAGS_D) + if ((vnet_buffer2 (b0)->gbp.flags & VXLAN_GBP_GPFLAGS_D) || + (gb0->gb_flags & GBP_BD_FLAG_DO_NOT_LEARN)) { - ge0 = NULL; t0 = 1; goto trace; } diff --git a/test/test_gbp.py b/test/test_gbp.py index a45b2f845b8..92480cebba3 100644 --- a/test/test_gbp.py +++ b/test/test_gbp.py @@ -10,6 +10,7 @@ from vpp_ip_route import VppIpRoute, VppRoutePath, VppIpTable, \ from vpp_l2 import VppBridgeDomain, VppBridgeDomainPort, \ VppBridgeDomainArpEntry, VppL2FibEntry, find_bridge_domain_port from vpp_vxlan_gbp_tunnel import * +from vpp_sub_interface import VppDot1QSubint from vpp_ip import * from vpp_mac import * @@ -17,7 +18,7 @@ from vpp_papi_provider import L2_PORT_TYPE from vpp_papi import VppEnum from scapy.packet import Raw -from scapy.layers.l2 import Ether, ARP +from scapy.layers.l2 import Ether, ARP, Dot1Q from scapy.layers.inet import IP, UDP from scapy.layers.inet6 import IPv6, ICMPv6ND_NS, ICMPv6NDOptSrcLLAddr, \ ICMPv6ND_NA @@ -27,6 +28,7 @@ from scapy.layers.vxlan import VXLAN from socket import AF_INET, AF_INET6 from scapy.utils import inet_pton, inet_ntop from util import mactobinary +from vpp_papi_provider import L2_VTR_OP def find_gbp_endpoint(test, sw_if_index=None, ip=None, mac=None): @@ -287,15 +289,22 @@ class VppGbpBridgeDomain(VppObject): GBP Bridge Domain """ - def __init__(self, test, bd, bvi, uu_flood=None): + def __init__(self, test, bd, bvi, uu_flood=None, learn=True): self._test = test self.bvi = bvi self.uu_flood = uu_flood self.bd = bd + e = VppEnum.vl_api_gbp_bridge_domain_flags_t + if (learn): + self.learn = e.GBP_BD_API_FLAG_NONE + else: + self.learn = e.GBP_BD_API_FLAG_DO_NOT_LEARN + def add_vpp_config(self): self._test.vapi.gbp_bridge_domain_add( self.bd.bd_id, + self.learn, self.bvi.sw_if_index, self.uu_flood.sw_if_index if self.uu_flood else INDEX_INVALID) self._test.registry.register(self, self._test.logger) @@ -1695,6 +1704,173 @@ class TestGBP(VppTestCase): self.logger.info(self.vapi.cli("sh int")) self.logger.info(self.vapi.cli("sh gbp vxlan")) + def test_gbp_learn_vlan_l2(self): + """ GBP L2 Endpoint w/ VLANs""" + + learnt = [{'mac': '00:00:11:11:11:01', + 'ip': '10.0.0.1', + 'ip6': '2001:10::2'}, + {'mac': '00:00:11:11:11:02', + 'ip': '10.0.0.2', + 'ip6': '2001:10::3'}] + + # + # lower the inactive threshold so these tests pass in a + # reasonable amount of time + # + self.vapi.gbp_endpoint_learn_set_inactive_threshold(1) + + # + # IP tables + # + gt4 = VppIpTable(self, 1) + gt4.add_vpp_config() + gt6 = VppIpTable(self, 1, is_ip6=True) + gt6.add_vpp_config() + + rd1 = VppGbpRouteDomain(self, 1, gt4, gt6) + rd1.add_vpp_config() + + # + # Pg2 hosts the vxlan tunnel, hosts on pg2 to act as TEPs + # + self.pg2.config_ip4() + self.pg2.resolve_arp() + self.pg2.generate_remote_hosts(4) + self.pg2.configure_ipv4_neighbors() + self.pg3.config_ip4() + self.pg3.resolve_arp() + + # + # The EP will be on a vlan sub-interface + # + vlan_11 = VppDot1QSubint(self, self.pg0, 11) + vlan_11.admin_up() + self.vapi.sw_interface_set_l2_tag_rewrite(vlan_11.sw_if_index, + L2_VTR_OP.L2_POP_1, + 11) + + bd_uu_fwd = VppVxlanGbpTunnel(self, self.pg3.local_ip4, + self.pg3.remote_ip4, 116) + bd_uu_fwd.add_vpp_config() + + # + # a GBP bridge domain with a BVI and a UU-flood interface + # The BD is marked as do not learn, so no endpoints are ever + # learnt in this BD. + # + bd1 = VppBridgeDomain(self, 1) + bd1.add_vpp_config() + gbd1 = VppGbpBridgeDomain(self, bd1, self.loop0, bd_uu_fwd, + learn=False) + gbd1.add_vpp_config() + + self.logger.info(self.vapi.cli("sh bridge 1 detail")) + self.logger.info(self.vapi.cli("sh gbp bridge")) + + # ... and has a /32 applied + ip_addr = VppIpInterfaceAddress(self, gbd1.bvi, "10.0.0.128", 32) + ip_addr.add_vpp_config() + + # + # The Endpoint-group in which we are learning endpoints + # + epg_220 = VppGbpEndpointGroup(self, 220, rd1, gbd1, + None, self.loop0, + "10.0.0.128", + "2001:10::128") + epg_220.add_vpp_config() + + # + # The VXLAN GBP tunnel is a bridge-port and has L2 endpoint + # leanring enabled + # + vx_tun_l2_1 = VppGbpVxlanTunnel( + self, 99, bd1.bd_id, + VppEnum.vl_api_gbp_vxlan_tunnel_mode_t.GBP_VXLAN_TUNNEL_MODE_L2) + vx_tun_l2_1.add_vpp_config() + + # + # A static endpoint that the learnt endpoints are trying to + # talk to + # + ep = VppGbpEndpoint(self, vlan_11, + epg_220, None, + "10.0.0.127", "11.0.0.127", + "2001:10::1", "3001::1") + ep.add_vpp_config() + + self.assertTrue(find_route(self, ep.ip4.address, 32, table_id=1)) + + # + # Send to the static EP + # + for ii, l in enumerate(learnt): + # a packet with an sclass from a knwon EPG + # arriving on an unknown TEP + p = (Ether(src=self.pg2.remote_mac, + dst=self.pg2.local_mac) / + IP(src=self.pg2.remote_hosts[1].ip4, + dst=self.pg2.local_ip4) / + UDP(sport=1234, dport=48879) / + VXLAN(vni=99, gpid=220, flags=0x88) / + Ether(src=l['mac'], dst=ep.mac) / + IP(src=l['ip'], dst=ep.ip4.address) / + UDP(sport=1234, dport=1234) / + Raw('\xa5' * 100)) + + rxs = self.send_and_expect(self.pg2, [p], self.pg0) + + # + # packet to EP has the EP's vlan tag + # + for rx in rxs: + self.assertEqual(rx[Dot1Q].vlan, 11) + + # + # the EP is not learnt since the BD setting prevents it + # also no TEP too + # + self.assertFalse(find_gbp_endpoint(self, + vx_tun_l2_1.sw_if_index, + mac=l['mac'])) + self.assertEqual(INDEX_INVALID, + find_vxlan_gbp_tunnel( + self, + self.pg2.local_ip4, + self.pg2.remote_hosts[1].ip4, + 99)) + + self.assertEqual(len(self.vapi.gbp_endpoint_dump()), 1) + + # + # static to remotes + # we didn't learn the remotes so they are sent to the UU-fwd + # + for l in learnt: + p = (Ether(src=ep.mac, dst=l['mac']) / + Dot1Q(vlan=11) / + IP(dst=l['ip'], src=ep.ip4.address) / + UDP(sport=1234, dport=1234) / + Raw('\xa5' * 100)) + + rxs = self.send_and_expect(self.pg0, p * 17, self.pg3) + + for rx in rxs: + self.assertEqual(rx[IP].src, self.pg3.local_ip4) + self.assertEqual(rx[IP].dst, self.pg3.remote_ip4) + self.assertEqual(rx[UDP].dport, 48879) + # the UDP source port is a random value for hashing + self.assertEqual(rx[VXLAN].gpid, 220) + self.assertEqual(rx[VXLAN].vni, 116) + self.assertTrue(rx[VXLAN].flags.G) + self.assertTrue(rx[VXLAN].flags.Instance) + self.assertFalse(rx[VXLAN].gpflags.A) + self.assertFalse(rx[VXLAN].gpflags.D) + + self.pg2.unconfig_ip4() + self.pg3.unconfig_ip4() + def test_gbp_learn_l3(self): """ GBP L3 Endpoint Learning """ diff --git a/test/vpp_papi_provider.py b/test/vpp_papi_provider.py index 1adcc1ba24b..9f7968bbbb7 100644 --- a/test/vpp_papi_provider.py +++ b/test/vpp_papi_provider.py @@ -3537,13 +3537,14 @@ class VppPapiProvider(object): """ GBP endpoint group Dump """ return self.api(self.papi.gbp_endpoint_group_dump, {}) - def gbp_bridge_domain_add(self, bd_id, + def gbp_bridge_domain_add(self, bd_id, flags, bvi_sw_if_index, uu_fwd_sw_if_index): """ GBP bridge-domain Add """ return self.api(self.papi.gbp_bridge_domain_add, {'bd': { + 'flags': flags, 'bvi_sw_if_index': bvi_sw_if_index, 'uu_fwd_sw_if_index': uu_fwd_sw_if_index, 'bd_id': bd_id -- 2.16.6