| #!/usr/bin/env python3 |
| |
| import unittest |
| |
| import scapy.compat |
| from scapy.packet import Raw |
| from scapy.layers.l2 import Ether, Dot1Q, GRE |
| from scapy.layers.inet import IP, UDP |
| from scapy.layers.inet6 import IPv6 |
| from scapy.volatile import RandMAC, RandIP |
| |
| from framework import VppTestCase, VppTestRunner |
| from vpp_sub_interface import L2_VTR_OP, VppDot1QSubint |
| from vpp_gre_interface import VppGreInterface |
| from vpp_teib import VppNhrp |
| from vpp_ip import DpoProto |
| from vpp_ip_route import VppIpRoute, VppRoutePath, VppIpTable, FibPathProto |
| from util import ppp, ppc |
| from vpp_papi import VppEnum |
| |
| |
| class TestGREInputNodes(VppTestCase): |
| """ GRE Input Nodes Test Case """ |
| |
| def setUp(self): |
| super(TestGREInputNodes, self).setUp() |
| |
| # create 3 pg interfaces - set one in a non-default table. |
| self.create_pg_interfaces(range(1)) |
| |
| for i in self.pg_interfaces: |
| i.admin_up() |
| i.config_ip4() |
| |
| def tearDown(self): |
| for i in self.pg_interfaces: |
| i.unconfig_ip4() |
| i.admin_down() |
| super(TestGREInputNodes, self).tearDown() |
| |
| def test_gre_input_node(self): |
| """ GRE gre input nodes not registerd unless configured """ |
| pkt = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / |
| IP(src=self.pg0.remote_ip4, dst=self.pg0.local_ip4) / |
| GRE()) |
| |
| self.pg0.add_stream(pkt) |
| self.pg_start() |
| # no tunnel created, gre-input not registered |
| err = self.statistics.get_counter( |
| '/err/ip4-local/unknown ip protocol')[0] |
| self.assertEqual(err, 1) |
| err_count = err |
| |
| # create gre tunnel |
| gre_if = VppGreInterface(self, self.pg0.local_ip4, "1.1.1.2") |
| gre_if.add_vpp_config() |
| |
| self.pg0.add_stream(pkt) |
| self.pg_start() |
| # tunnel created, gre-input registered |
| err = self.statistics.get_counter( |
| '/err/ip4-local/unknown ip protocol')[0] |
| # expect no new errors |
| self.assertEqual(err, err_count) |
| |
| |
| class TestGRE(VppTestCase): |
| """ GRE Test Case """ |
| |
| @classmethod |
| def setUpClass(cls): |
| super(TestGRE, cls).setUpClass() |
| |
| @classmethod |
| def tearDownClass(cls): |
| super(TestGRE, cls).tearDownClass() |
| |
| def setUp(self): |
| super(TestGRE, self).setUp() |
| |
| # create 3 pg interfaces - set one in a non-default table. |
| self.create_pg_interfaces(range(5)) |
| |
| self.tbl = VppIpTable(self, 1) |
| self.tbl.add_vpp_config() |
| self.pg1.set_table_ip4(1) |
| |
| for i in self.pg_interfaces: |
| i.admin_up() |
| |
| self.pg0.config_ip4() |
| self.pg0.resolve_arp() |
| self.pg1.config_ip4() |
| self.pg1.resolve_arp() |
| self.pg2.config_ip6() |
| self.pg2.resolve_ndp() |
| self.pg3.config_ip4() |
| self.pg3.resolve_arp() |
| self.pg4.config_ip4() |
| self.pg4.resolve_arp() |
| |
| def tearDown(self): |
| for i in self.pg_interfaces: |
| i.unconfig_ip4() |
| i.unconfig_ip6() |
| i.admin_down() |
| self.pg1.set_table_ip4(0) |
| super(TestGRE, self).tearDown() |
| |
| def create_stream_ip4(self, src_if, src_ip, dst_ip, dscp=0, ecn=0): |
| pkts = [] |
| tos = (dscp << 2) | ecn |
| for i in range(0, 257): |
| info = self.create_packet_info(src_if, src_if) |
| payload = self.info_to_payload(info) |
| p = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) / |
| IP(src=src_ip, dst=dst_ip, tos=tos) / |
| UDP(sport=1234, dport=1234) / |
| Raw(payload)) |
| info.data = p.copy() |
| pkts.append(p) |
| return pkts |
| |
| def create_stream_ip6(self, src_if, src_ip, dst_ip, dscp=0, ecn=0): |
| pkts = [] |
| tc = (dscp << 2) | ecn |
| for i in range(0, 257): |
| info = self.create_packet_info(src_if, src_if) |
| payload = self.info_to_payload(info) |
| p = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) / |
| IPv6(src=src_ip, dst=dst_ip, tc=tc) / |
| UDP(sport=1234, dport=1234) / |
| Raw(payload)) |
| info.data = p.copy() |
| pkts.append(p) |
| return pkts |
| |
| def create_tunnel_stream_4o4(self, src_if, |
| tunnel_src, tunnel_dst, |
| src_ip, dst_ip): |
| pkts = [] |
| for i in range(0, 257): |
| info = self.create_packet_info(src_if, src_if) |
| payload = self.info_to_payload(info) |
| p = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) / |
| IP(src=tunnel_src, dst=tunnel_dst) / |
| GRE() / |
| IP(src=src_ip, dst=dst_ip) / |
| UDP(sport=1234, dport=1234) / |
| Raw(payload)) |
| info.data = p.copy() |
| pkts.append(p) |
| return pkts |
| |
| def create_tunnel_stream_6o4(self, src_if, |
| tunnel_src, tunnel_dst, |
| src_ip, dst_ip): |
| pkts = [] |
| for i in range(0, 257): |
| info = self.create_packet_info(src_if, src_if) |
| payload = self.info_to_payload(info) |
| p = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) / |
| IP(src=tunnel_src, dst=tunnel_dst) / |
| GRE() / |
| IPv6(src=src_ip, dst=dst_ip) / |
| UDP(sport=1234, dport=1234) / |
| Raw(payload)) |
| info.data = p.copy() |
| pkts.append(p) |
| return pkts |
| |
| def create_tunnel_stream_6o6(self, src_if, |
| tunnel_src, tunnel_dst, |
| src_ip, dst_ip): |
| pkts = [] |
| for i in range(0, 257): |
| info = self.create_packet_info(src_if, src_if) |
| payload = self.info_to_payload(info) |
| p = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) / |
| IPv6(src=tunnel_src, dst=tunnel_dst) / |
| GRE() / |
| IPv6(src=src_ip, dst=dst_ip) / |
| UDP(sport=1234, dport=1234) / |
| Raw(payload)) |
| info.data = p.copy() |
| pkts.append(p) |
| return pkts |
| |
| def create_tunnel_stream_l2o4(self, src_if, |
| tunnel_src, tunnel_dst): |
| pkts = [] |
| for i in range(0, 257): |
| info = self.create_packet_info(src_if, src_if) |
| payload = self.info_to_payload(info) |
| p = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) / |
| IP(src=tunnel_src, dst=tunnel_dst) / |
| GRE() / |
| Ether(dst=RandMAC('*:*:*:*:*:*'), |
| src=RandMAC('*:*:*:*:*:*')) / |
| IP(src=scapy.compat.raw(RandIP()), |
| dst=scapy.compat.raw(RandIP())) / |
| UDP(sport=1234, dport=1234) / |
| Raw(payload)) |
| info.data = p.copy() |
| pkts.append(p) |
| return pkts |
| |
| def create_tunnel_stream_vlano4(self, src_if, |
| tunnel_src, tunnel_dst, vlan): |
| pkts = [] |
| for i in range(0, 257): |
| info = self.create_packet_info(src_if, src_if) |
| payload = self.info_to_payload(info) |
| p = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) / |
| IP(src=tunnel_src, dst=tunnel_dst) / |
| GRE() / |
| Ether(dst=RandMAC('*:*:*:*:*:*'), |
| src=RandMAC('*:*:*:*:*:*')) / |
| Dot1Q(vlan=vlan) / |
| IP(src=scapy.compat.raw(RandIP()), |
| dst=scapy.compat.raw(RandIP())) / |
| UDP(sport=1234, dport=1234) / |
| Raw(payload)) |
| info.data = p.copy() |
| pkts.append(p) |
| return pkts |
| |
| def verify_tunneled_4o4(self, src_if, capture, sent, |
| tunnel_src, tunnel_dst, |
| dscp=0, ecn=0): |
| |
| self.assertEqual(len(capture), len(sent)) |
| tos = (dscp << 2) | ecn |
| |
| for i in range(len(capture)): |
| try: |
| tx = sent[i] |
| rx = capture[i] |
| |
| tx_ip = tx[IP] |
| rx_ip = rx[IP] |
| |
| self.assertEqual(rx_ip.src, tunnel_src) |
| self.assertEqual(rx_ip.dst, tunnel_dst) |
| self.assertEqual(rx_ip.tos, tos) |
| |
| rx_gre = rx[GRE] |
| rx_ip = rx_gre[IP] |
| |
| self.assertEqual(rx_ip.src, tx_ip.src) |
| self.assertEqual(rx_ip.dst, tx_ip.dst) |
| # IP processing post pop has decremented the TTL |
| self.assertEqual(rx_ip.ttl + 1, tx_ip.ttl) |
| |
| except: |
| self.logger.error(ppp("Rx:", rx)) |
| self.logger.error(ppp("Tx:", tx)) |
| raise |
| |
| def verify_tunneled_6o6(self, src_if, capture, sent, |
| tunnel_src, tunnel_dst, |
| dscp=0, ecn=0): |
| |
| self.assertEqual(len(capture), len(sent)) |
| tc = (dscp << 2) | ecn |
| |
| for i in range(len(capture)): |
| try: |
| tx = sent[i] |
| rx = capture[i] |
| |
| tx_ip = tx[IPv6] |
| rx_ip = rx[IPv6] |
| |
| self.assertEqual(rx_ip.src, tunnel_src) |
| self.assertEqual(rx_ip.dst, tunnel_dst) |
| self.assertEqual(rx_ip.tc, tc) |
| |
| rx_gre = GRE(scapy.compat.raw(rx_ip[IPv6].payload)) |
| rx_ip = rx_gre[IPv6] |
| |
| self.assertEqual(rx_ip.src, tx_ip.src) |
| self.assertEqual(rx_ip.dst, tx_ip.dst) |
| |
| except: |
| self.logger.error(ppp("Rx:", rx)) |
| self.logger.error(ppp("Tx:", tx)) |
| raise |
| |
| def verify_tunneled_4o6(self, src_if, capture, sent, |
| tunnel_src, tunnel_dst): |
| |
| self.assertEqual(len(capture), len(sent)) |
| |
| for i in range(len(capture)): |
| try: |
| tx = sent[i] |
| rx = capture[i] |
| |
| rx_ip = rx[IPv6] |
| |
| self.assertEqual(rx_ip.src, tunnel_src) |
| self.assertEqual(rx_ip.dst, tunnel_dst) |
| |
| rx_gre = GRE(scapy.compat.raw(rx_ip[IPv6].payload)) |
| tx_ip = tx[IP] |
| rx_ip = rx_gre[IP] |
| |
| self.assertEqual(rx_ip.src, tx_ip.src) |
| self.assertEqual(rx_ip.dst, tx_ip.dst) |
| |
| except: |
| self.logger.error(ppp("Rx:", rx)) |
| self.logger.error(ppp("Tx:", tx)) |
| raise |
| |
| def verify_tunneled_6o4(self, src_if, capture, sent, |
| tunnel_src, tunnel_dst): |
| |
| self.assertEqual(len(capture), len(sent)) |
| |
| for i in range(len(capture)): |
| try: |
| tx = sent[i] |
| rx = capture[i] |
| |
| rx_ip = rx[IP] |
| |
| self.assertEqual(rx_ip.src, tunnel_src) |
| self.assertEqual(rx_ip.dst, tunnel_dst) |
| |
| rx_gre = GRE(scapy.compat.raw(rx_ip[IP].payload)) |
| rx_ip = rx_gre[IPv6] |
| tx_ip = tx[IPv6] |
| |
| self.assertEqual(rx_ip.src, tx_ip.src) |
| self.assertEqual(rx_ip.dst, tx_ip.dst) |
| |
| except: |
| self.logger.error(ppp("Rx:", rx)) |
| self.logger.error(ppp("Tx:", tx)) |
| raise |
| |
| def verify_tunneled_l2o4(self, src_if, capture, sent, |
| tunnel_src, tunnel_dst): |
| self.assertEqual(len(capture), len(sent)) |
| |
| for i in range(len(capture)): |
| try: |
| tx = sent[i] |
| rx = capture[i] |
| |
| tx_ip = tx[IP] |
| rx_ip = rx[IP] |
| |
| self.assertEqual(rx_ip.src, tunnel_src) |
| self.assertEqual(rx_ip.dst, tunnel_dst) |
| |
| rx_gre = rx[GRE] |
| rx_l2 = rx_gre[Ether] |
| rx_ip = rx_l2[IP] |
| tx_gre = tx[GRE] |
| tx_l2 = tx_gre[Ether] |
| tx_ip = tx_l2[IP] |
| |
| self.assertEqual(rx_ip.src, tx_ip.src) |
| self.assertEqual(rx_ip.dst, tx_ip.dst) |
| # bridged, not L3 forwarded, so no TTL decrement |
| self.assertEqual(rx_ip.ttl, tx_ip.ttl) |
| |
| except: |
| self.logger.error(ppp("Rx:", rx)) |
| self.logger.error(ppp("Tx:", tx)) |
| raise |
| |
| def verify_tunneled_vlano4(self, src_if, capture, sent, |
| tunnel_src, tunnel_dst, vlan): |
| try: |
| self.assertEqual(len(capture), len(sent)) |
| except: |
| ppc("Unexpected packets captured:", capture) |
| raise |
| |
| for i in range(len(capture)): |
| try: |
| tx = sent[i] |
| rx = capture[i] |
| |
| tx_ip = tx[IP] |
| rx_ip = rx[IP] |
| |
| self.assertEqual(rx_ip.src, tunnel_src) |
| self.assertEqual(rx_ip.dst, tunnel_dst) |
| |
| rx_gre = rx[GRE] |
| rx_l2 = rx_gre[Ether] |
| rx_vlan = rx_l2[Dot1Q] |
| rx_ip = rx_l2[IP] |
| |
| self.assertEqual(rx_vlan.vlan, vlan) |
| |
| tx_gre = tx[GRE] |
| tx_l2 = tx_gre[Ether] |
| tx_ip = tx_l2[IP] |
| |
| self.assertEqual(rx_ip.src, tx_ip.src) |
| self.assertEqual(rx_ip.dst, tx_ip.dst) |
| # bridged, not L3 forwarded, so no TTL decrement |
| self.assertEqual(rx_ip.ttl, tx_ip.ttl) |
| |
| except: |
| self.logger.error(ppp("Rx:", rx)) |
| self.logger.error(ppp("Tx:", tx)) |
| raise |
| |
| def verify_decapped_4o4(self, src_if, capture, sent): |
| self.assertEqual(len(capture), len(sent)) |
| |
| for i in range(len(capture)): |
| try: |
| tx = sent[i] |
| rx = capture[i] |
| |
| tx_ip = tx[IP] |
| rx_ip = rx[IP] |
| tx_gre = tx[GRE] |
| tx_ip = tx_gre[IP] |
| |
| self.assertEqual(rx_ip.src, tx_ip.src) |
| self.assertEqual(rx_ip.dst, tx_ip.dst) |
| # IP processing post pop has decremented the TTL |
| self.assertEqual(rx_ip.ttl + 1, tx_ip.ttl) |
| |
| except: |
| self.logger.error(ppp("Rx:", rx)) |
| self.logger.error(ppp("Tx:", tx)) |
| raise |
| |
| def verify_decapped_6o4(self, src_if, capture, sent): |
| self.assertEqual(len(capture), len(sent)) |
| |
| for i in range(len(capture)): |
| try: |
| tx = sent[i] |
| rx = capture[i] |
| |
| tx_ip = tx[IP] |
| rx_ip = rx[IPv6] |
| tx_gre = tx[GRE] |
| tx_ip = tx_gre[IPv6] |
| |
| self.assertEqual(rx_ip.src, tx_ip.src) |
| self.assertEqual(rx_ip.dst, tx_ip.dst) |
| self.assertEqual(rx_ip.hlim + 1, tx_ip.hlim) |
| |
| except: |
| self.logger.error(ppp("Rx:", rx)) |
| self.logger.error(ppp("Tx:", tx)) |
| raise |
| |
| def verify_decapped_6o6(self, src_if, capture, sent): |
| self.assertEqual(len(capture), len(sent)) |
| |
| for i in range(len(capture)): |
| try: |
| tx = sent[i] |
| rx = capture[i] |
| |
| tx_ip = tx[IPv6] |
| rx_ip = rx[IPv6] |
| tx_gre = tx[GRE] |
| tx_ip = tx_gre[IPv6] |
| |
| self.assertEqual(rx_ip.src, tx_ip.src) |
| self.assertEqual(rx_ip.dst, tx_ip.dst) |
| self.assertEqual(rx_ip.hlim + 1, tx_ip.hlim) |
| |
| except: |
| self.logger.error(ppp("Rx:", rx)) |
| self.logger.error(ppp("Tx:", tx)) |
| raise |
| |
| def test_gre(self): |
| """ GRE IPv4 tunnel Tests """ |
| |
| # |
| # Create an L3 GRE tunnel. |
| # - set it admin up |
| # - assign an IP Addres |
| # - Add a route via the tunnel |
| # |
| gre_if = VppGreInterface(self, |
| self.pg0.local_ip4, |
| "1.1.1.2") |
| gre_if.add_vpp_config() |
| |
| # |
| # The double create (create the same tunnel twice) should fail, |
| # and we should still be able to use the original |
| # |
| try: |
| gre_if.add_vpp_config() |
| except Exception: |
| pass |
| else: |
| self.fail("Double GRE tunnel add does not fail") |
| |
| gre_if.admin_up() |
| gre_if.config_ip4() |
| |
| route_via_tun = VppIpRoute(self, "4.4.4.4", 32, |
| [VppRoutePath("0.0.0.0", |
| gre_if.sw_if_index)]) |
| |
| route_via_tun.add_vpp_config() |
| |
| # |
| # Send a packet stream that is routed into the tunnel |
| # - they are all dropped since the tunnel's destintation IP |
| # is unresolved - or resolves via the default route - which |
| # which is a drop. |
| # |
| tx = self.create_stream_ip4(self.pg0, "5.5.5.5", "4.4.4.4") |
| |
| self.send_and_assert_no_replies(self.pg0, tx) |
| |
| # |
| # Add a route that resolves the tunnel's destination |
| # |
| route_tun_dst = VppIpRoute(self, "1.1.1.2", 32, |
| [VppRoutePath(self.pg0.remote_ip4, |
| self.pg0.sw_if_index)]) |
| route_tun_dst.add_vpp_config() |
| |
| # |
| # Send a packet stream that is routed into the tunnel |
| # - packets are GRE encapped |
| # |
| tx = self.create_stream_ip4(self.pg0, "5.5.5.5", "4.4.4.4") |
| rx = self.send_and_expect(self.pg0, tx, self.pg0) |
| self.verify_tunneled_4o4(self.pg0, rx, tx, |
| self.pg0.local_ip4, "1.1.1.2") |
| |
| # |
| # Send tunneled packets that match the created tunnel and |
| # are decapped and forwarded |
| # |
| tx = self.create_tunnel_stream_4o4(self.pg0, |
| "1.1.1.2", |
| self.pg0.local_ip4, |
| self.pg0.local_ip4, |
| self.pg0.remote_ip4) |
| rx = self.send_and_expect(self.pg0, tx, self.pg0) |
| self.verify_decapped_4o4(self.pg0, rx, tx) |
| |
| # |
| # Send tunneled packets that do not match the tunnel's src |
| # |
| self.vapi.cli("clear trace") |
| tx = self.create_tunnel_stream_4o4(self.pg0, |
| "1.1.1.3", |
| self.pg0.local_ip4, |
| self.pg0.local_ip4, |
| self.pg0.remote_ip4) |
| self.send_and_assert_no_replies( |
| self.pg0, tx, |
| remark="GRE packets forwarded despite no SRC address match") |
| |
| # |
| # Configure IPv6 on the PG interface so we can route IPv6 |
| # packets |
| # |
| self.pg0.config_ip6() |
| self.pg0.resolve_ndp() |
| |
| # |
| # Send IPv6 tunnel encapslated packets |
| # - dropped since IPv6 is not enabled on the tunnel |
| # |
| tx = self.create_tunnel_stream_6o4(self.pg0, |
| "1.1.1.2", |
| self.pg0.local_ip4, |
| self.pg0.local_ip6, |
| self.pg0.remote_ip6) |
| self.send_and_assert_no_replies(self.pg0, tx, |
| "IPv6 GRE packets forwarded " |
| "despite IPv6 not enabled on tunnel") |
| |
| # |
| # Enable IPv6 on the tunnel |
| # |
| gre_if.config_ip6() |
| |
| # |
| # Send IPv6 tunnel encapslated packets |
| # - forwarded since IPv6 is enabled on the tunnel |
| # |
| tx = self.create_tunnel_stream_6o4(self.pg0, |
| "1.1.1.2", |
| self.pg0.local_ip4, |
| self.pg0.local_ip6, |
| self.pg0.remote_ip6) |
| rx = self.send_and_expect(self.pg0, tx, self.pg0) |
| self.verify_decapped_6o4(self.pg0, rx, tx) |
| |
| # |
| # Send v6 packets for v4 encap |
| # |
| route6_via_tun = VppIpRoute( |
| self, "2001::1", 128, |
| [VppRoutePath("::", |
| gre_if.sw_if_index, |
| proto=DpoProto.DPO_PROTO_IP6)]) |
| route6_via_tun.add_vpp_config() |
| |
| tx = self.create_stream_ip6(self.pg0, "2001::2", "2001::1") |
| rx = self.send_and_expect(self.pg0, tx, self.pg0) |
| |
| self.verify_tunneled_6o4(self.pg0, rx, tx, |
| self.pg0.local_ip4, "1.1.1.2") |
| |
| # |
| # test case cleanup |
| # |
| route_tun_dst.remove_vpp_config() |
| route_via_tun.remove_vpp_config() |
| route6_via_tun.remove_vpp_config() |
| gre_if.remove_vpp_config() |
| |
| self.pg0.unconfig_ip6() |
| |
| def test_gre6(self): |
| """ GRE IPv6 tunnel Tests """ |
| |
| self.pg1.config_ip6() |
| self.pg1.resolve_ndp() |
| |
| # |
| # Create an L3 GRE tunnel. |
| # - set it admin up |
| # - assign an IP Address |
| # - Add a route via the tunnel |
| # |
| gre_if = VppGreInterface(self, |
| self.pg2.local_ip6, |
| "1002::1") |
| gre_if.add_vpp_config() |
| gre_if.admin_up() |
| gre_if.config_ip6() |
| |
| route_via_tun = VppIpRoute(self, "4004::1", 128, |
| [VppRoutePath("0::0", |
| gre_if.sw_if_index)]) |
| |
| route_via_tun.add_vpp_config() |
| |
| # |
| # Send a packet stream that is routed into the tunnel |
| # - they are all dropped since the tunnel's destintation IP |
| # is unresolved - or resolves via the default route - which |
| # which is a drop. |
| # |
| tx = self.create_stream_ip6(self.pg2, "5005::1", "4004::1") |
| self.send_and_assert_no_replies( |
| self.pg2, tx, |
| "GRE packets forwarded without DIP resolved") |
| |
| # |
| # Add a route that resolves the tunnel's destination |
| # |
| route_tun_dst = VppIpRoute(self, "1002::1", 128, |
| [VppRoutePath(self.pg2.remote_ip6, |
| self.pg2.sw_if_index)]) |
| route_tun_dst.add_vpp_config() |
| |
| # |
| # Send a packet stream that is routed into the tunnel |
| # - packets are GRE encapped |
| # |
| tx = self.create_stream_ip6(self.pg2, "5005::1", "4004::1") |
| rx = self.send_and_expect(self.pg2, tx, self.pg2) |
| self.verify_tunneled_6o6(self.pg2, rx, tx, |
| self.pg2.local_ip6, "1002::1") |
| |
| # |
| # Test decap. decapped packets go out pg1 |
| # |
| tx = self.create_tunnel_stream_6o6(self.pg2, |
| "1002::1", |
| self.pg2.local_ip6, |
| "2001::1", |
| self.pg1.remote_ip6) |
| rx = self.send_and_expect(self.pg2, tx, self.pg1) |
| |
| # |
| # RX'd packet is UDP over IPv6, test the GRE header is gone. |
| # |
| self.assertFalse(rx[0].haslayer(GRE)) |
| self.assertEqual(rx[0][IPv6].dst, self.pg1.remote_ip6) |
| |
| # |
| # Send v4 over v6 |
| # |
| route4_via_tun = VppIpRoute(self, "1.1.1.1", 32, |
| [VppRoutePath("0.0.0.0", |
| gre_if.sw_if_index)]) |
| route4_via_tun.add_vpp_config() |
| |
| tx = self.create_stream_ip4(self.pg0, "1.1.1.2", "1.1.1.1") |
| rx = self.send_and_expect(self.pg0, tx, self.pg2) |
| |
| self.verify_tunneled_4o6(self.pg0, rx, tx, |
| self.pg2.local_ip6, "1002::1") |
| |
| # |
| # test case cleanup |
| # |
| route_tun_dst.remove_vpp_config() |
| route_via_tun.remove_vpp_config() |
| route4_via_tun.remove_vpp_config() |
| gre_if.remove_vpp_config() |
| |
| self.pg2.unconfig_ip6() |
| self.pg1.unconfig_ip6() |
| |
| def test_gre_vrf(self): |
| """ GRE tunnel VRF Tests """ |
| |
| e = VppEnum.vl_api_tunnel_encap_decap_flags_t |
| |
| # |
| # Create an L3 GRE tunnel whose destination is in the non-default |
| # table. The underlay is thus non-default - the overlay is still |
| # the default. |
| # - set it admin up |
| # - assign an IP Addres |
| # |
| gre_if = VppGreInterface( |
| self, self.pg1.local_ip4, |
| "2.2.2.2", |
| outer_table_id=1, |
| flags=(e.TUNNEL_API_ENCAP_DECAP_FLAG_ENCAP_COPY_DSCP | |
| e.TUNNEL_API_ENCAP_DECAP_FLAG_ENCAP_COPY_ECN)) |
| |
| gre_if.add_vpp_config() |
| gre_if.admin_up() |
| gre_if.config_ip4() |
| |
| # |
| # Add a route via the tunnel - in the overlay |
| # |
| route_via_tun = VppIpRoute(self, "9.9.9.9", 32, |
| [VppRoutePath("0.0.0.0", |
| gre_if.sw_if_index)]) |
| route_via_tun.add_vpp_config() |
| |
| # |
| # Add a route that resolves the tunnel's destination - in the |
| # underlay table |
| # |
| route_tun_dst = VppIpRoute(self, "2.2.2.2", 32, table_id=1, |
| paths=[VppRoutePath(self.pg1.remote_ip4, |
| self.pg1.sw_if_index)]) |
| route_tun_dst.add_vpp_config() |
| |
| # |
| # Send a packet stream that is routed into the tunnel |
| # packets are sent in on pg0 which is in the default table |
| # - packets are GRE encapped |
| # |
| self.vapi.cli("clear trace") |
| tx = self.create_stream_ip4(self.pg0, "5.5.5.5", "9.9.9.9", |
| dscp=5, ecn=3) |
| rx = self.send_and_expect(self.pg0, tx, self.pg1) |
| self.verify_tunneled_4o4(self.pg1, rx, tx, |
| self.pg1.local_ip4, "2.2.2.2", |
| dscp=5, ecn=3) |
| |
| # |
| # Send tunneled packets that match the created tunnel and |
| # are decapped and forwarded. This tests the decap lookup |
| # does not happen in the encap table |
| # |
| self.vapi.cli("clear trace") |
| tx = self.create_tunnel_stream_4o4(self.pg1, |
| "2.2.2.2", |
| self.pg1.local_ip4, |
| self.pg0.local_ip4, |
| self.pg0.remote_ip4) |
| rx = self.send_and_expect(self.pg1, tx, self.pg0) |
| self.verify_decapped_4o4(self.pg0, rx, tx) |
| |
| # |
| # Send tunneled packets that match the created tunnel |
| # but arrive on an interface that is not in the tunnel's |
| # encap VRF, these are dropped. |
| # IP enable the interface so they aren't dropped due to |
| # IP not being enabled. |
| # |
| self.pg2.config_ip4() |
| self.vapi.cli("clear trace") |
| tx = self.create_tunnel_stream_4o4(self.pg2, |
| "2.2.2.2", |
| self.pg1.local_ip4, |
| self.pg0.local_ip4, |
| self.pg0.remote_ip4) |
| rx = self.send_and_assert_no_replies( |
| self.pg2, tx, |
| "GRE decap packets in wrong VRF") |
| |
| self.pg2.unconfig_ip4() |
| |
| # |
| # test case cleanup |
| # |
| route_tun_dst.remove_vpp_config() |
| route_via_tun.remove_vpp_config() |
| gre_if.remove_vpp_config() |
| |
| def test_gre_l2(self): |
| """ GRE tunnel L2 Tests """ |
| |
| # |
| # Add routes to resolve the tunnel destinations |
| # |
| route_tun1_dst = VppIpRoute(self, "2.2.2.2", 32, |
| [VppRoutePath(self.pg0.remote_ip4, |
| self.pg0.sw_if_index)]) |
| route_tun2_dst = VppIpRoute(self, "2.2.2.3", 32, |
| [VppRoutePath(self.pg0.remote_ip4, |
| self.pg0.sw_if_index)]) |
| |
| route_tun1_dst.add_vpp_config() |
| route_tun2_dst.add_vpp_config() |
| |
| # |
| # Create 2 L2 GRE tunnels and x-connect them |
| # |
| gre_if1 = VppGreInterface(self, self.pg0.local_ip4, |
| "2.2.2.2", |
| type=(VppEnum.vl_api_gre_tunnel_type_t. |
| GRE_API_TUNNEL_TYPE_TEB)) |
| gre_if2 = VppGreInterface(self, self.pg0.local_ip4, |
| "2.2.2.3", |
| type=(VppEnum.vl_api_gre_tunnel_type_t. |
| GRE_API_TUNNEL_TYPE_TEB)) |
| gre_if1.add_vpp_config() |
| gre_if2.add_vpp_config() |
| |
| gre_if1.admin_up() |
| gre_if2.admin_up() |
| |
| self.vapi.sw_interface_set_l2_xconnect(gre_if1.sw_if_index, |
| gre_if2.sw_if_index, |
| enable=1) |
| self.vapi.sw_interface_set_l2_xconnect(gre_if2.sw_if_index, |
| gre_if1.sw_if_index, |
| enable=1) |
| |
| # |
| # Send in tunnel encapped L2. expect out tunnel encapped L2 |
| # in both directions |
| # |
| tx = self.create_tunnel_stream_l2o4(self.pg0, |
| "2.2.2.2", |
| self.pg0.local_ip4) |
| rx = self.send_and_expect(self.pg0, tx, self.pg0) |
| self.verify_tunneled_l2o4(self.pg0, rx, tx, |
| self.pg0.local_ip4, |
| "2.2.2.3") |
| |
| tx = self.create_tunnel_stream_l2o4(self.pg0, |
| "2.2.2.3", |
| self.pg0.local_ip4) |
| rx = self.send_and_expect(self.pg0, tx, self.pg0) |
| self.verify_tunneled_l2o4(self.pg0, rx, tx, |
| self.pg0.local_ip4, |
| "2.2.2.2") |
| |
| self.vapi.sw_interface_set_l2_xconnect(gre_if1.sw_if_index, |
| gre_if2.sw_if_index, |
| enable=0) |
| self.vapi.sw_interface_set_l2_xconnect(gre_if2.sw_if_index, |
| gre_if1.sw_if_index, |
| enable=0) |
| |
| # |
| # Create a VLAN sub-interfaces on the GRE TEB interfaces |
| # then x-connect them |
| # |
| gre_if_11 = VppDot1QSubint(self, gre_if1, 11) |
| gre_if_12 = VppDot1QSubint(self, gre_if2, 12) |
| |
| # gre_if_11.add_vpp_config() |
| # gre_if_12.add_vpp_config() |
| |
| gre_if_11.admin_up() |
| gre_if_12.admin_up() |
| |
| self.vapi.sw_interface_set_l2_xconnect(gre_if_11.sw_if_index, |
| gre_if_12.sw_if_index, |
| enable=1) |
| self.vapi.sw_interface_set_l2_xconnect(gre_if_12.sw_if_index, |
| gre_if_11.sw_if_index, |
| enable=1) |
| |
| # |
| # Configure both to pop thier respective VLAN tags, |
| # so that during the x-coonect they will subsequently push |
| # |
| self.vapi.l2_interface_vlan_tag_rewrite( |
| sw_if_index=gre_if_12.sw_if_index, vtr_op=L2_VTR_OP.L2_POP_1, |
| push_dot1q=12) |
| self.vapi.l2_interface_vlan_tag_rewrite( |
| sw_if_index=gre_if_11.sw_if_index, vtr_op=L2_VTR_OP.L2_POP_1, |
| push_dot1q=11) |
| |
| # |
| # Send traffic in both directiond - expect the VLAN tags to |
| # be swapped. |
| # |
| tx = self.create_tunnel_stream_vlano4(self.pg0, |
| "2.2.2.2", |
| self.pg0.local_ip4, |
| 11) |
| rx = self.send_and_expect(self.pg0, tx, self.pg0) |
| self.verify_tunneled_vlano4(self.pg0, rx, tx, |
| self.pg0.local_ip4, |
| "2.2.2.3", |
| 12) |
| |
| tx = self.create_tunnel_stream_vlano4(self.pg0, |
| "2.2.2.3", |
| self.pg0.local_ip4, |
| 12) |
| rx = self.send_and_expect(self.pg0, tx, self.pg0) |
| self.verify_tunneled_vlano4(self.pg0, rx, tx, |
| self.pg0.local_ip4, |
| "2.2.2.2", |
| 11) |
| |
| # |
| # Cleanup Test resources |
| # |
| gre_if_11.remove_vpp_config() |
| gre_if_12.remove_vpp_config() |
| gre_if1.remove_vpp_config() |
| gre_if2.remove_vpp_config() |
| route_tun1_dst.add_vpp_config() |
| route_tun2_dst.add_vpp_config() |
| |
| def test_gre_loop(self): |
| """ GRE tunnel loop Tests """ |
| |
| # |
| # Create an L3 GRE tunnel. |
| # - set it admin up |
| # - assign an IP Addres |
| # |
| gre_if = VppGreInterface(self, |
| self.pg0.local_ip4, |
| "1.1.1.2") |
| gre_if.add_vpp_config() |
| gre_if.admin_up() |
| gre_if.config_ip4() |
| |
| # |
| # add a route to the tunnel's destination that points |
| # through the tunnel, hence forming a loop in the forwarding |
| # graph |
| # |
| route_dst = VppIpRoute(self, "1.1.1.2", 32, |
| [VppRoutePath("0.0.0.0", |
| gre_if.sw_if_index)]) |
| route_dst.add_vpp_config() |
| |
| # |
| # packets to the tunnels destination should be dropped |
| # |
| tx = self.create_stream_ip4(self.pg0, "1.1.1.1", "1.1.1.2") |
| self.send_and_assert_no_replies(self.pg2, tx) |
| |
| self.logger.info(self.vapi.ppcli("sh adj 7")) |
| |
| # |
| # break the loop |
| # |
| route_dst.modify([VppRoutePath(self.pg1.remote_ip4, |
| self.pg1.sw_if_index)]) |
| route_dst.add_vpp_config() |
| |
| rx = self.send_and_expect(self.pg0, tx, self.pg1) |
| |
| # |
| # a good route throught the tunnel to check it restacked |
| # |
| route_via_tun_2 = VppIpRoute(self, "2.2.2.2", 32, |
| [VppRoutePath("0.0.0.0", |
| gre_if.sw_if_index)]) |
| route_via_tun_2.add_vpp_config() |
| |
| tx = self.create_stream_ip4(self.pg0, "2.2.2.3", "2.2.2.2") |
| rx = self.send_and_expect(self.pg0, tx, self.pg1) |
| self.verify_tunneled_4o4(self.pg1, rx, tx, |
| self.pg0.local_ip4, "1.1.1.2") |
| |
| # |
| # cleanup |
| # |
| route_via_tun_2.remove_vpp_config() |
| gre_if.remove_vpp_config() |
| |
| def test_mgre(self): |
| """ mGRE IPv4 tunnel Tests """ |
| |
| for itf in self.pg_interfaces[3:]: |
| # |
| # one underlay nh for each overlay/tunnel peer |
| # |
| itf.generate_remote_hosts(4) |
| itf.configure_ipv4_neighbors() |
| |
| # |
| # Create an L3 GRE tunnel. |
| # - set it admin up |
| # - assign an IP Addres |
| # - Add a route via the tunnel |
| # |
| gre_if = VppGreInterface(self, |
| itf.local_ip4, |
| "0.0.0.0", |
| mode=(VppEnum.vl_api_tunnel_mode_t. |
| TUNNEL_API_MODE_MP)) |
| gre_if.add_vpp_config() |
| gre_if.admin_up() |
| gre_if.config_ip4() |
| gre_if.generate_remote_hosts(4) |
| |
| self.logger.info(self.vapi.cli("sh adj")) |
| self.logger.info(self.vapi.cli("sh ip fib")) |
| |
| # |
| # ensure we don't match to the tunnel if the source address |
| # is all zeros |
| # |
| tx = self.create_tunnel_stream_4o4(self.pg0, |
| "0.0.0.0", |
| itf.local_ip4, |
| self.pg0.local_ip4, |
| self.pg0.remote_ip4) |
| self.send_and_assert_no_replies(self.pg0, tx) |
| |
| # |
| # for-each peer |
| # |
| for ii in range(1, 4): |
| route_addr = "4.4.4.%d" % ii |
| |
| # |
| # route traffic via the peer |
| # |
| route_via_tun = VppIpRoute( |
| self, route_addr, 32, |
| [VppRoutePath(gre_if._remote_hosts[ii].ip4, |
| gre_if.sw_if_index)]) |
| route_via_tun.add_vpp_config() |
| |
| # |
| # Add a NHRP entry resolves the peer |
| # |
| teib = VppNhrp(self, gre_if, |
| gre_if._remote_hosts[ii].ip4, |
| itf._remote_hosts[ii].ip4) |
| teib.add_vpp_config() |
| |
| # |
| # Send a packet stream that is routed into the tunnel |
| # - packets are GRE encapped |
| # |
| tx_e = self.create_stream_ip4(self.pg0, "5.5.5.5", route_addr) |
| rx = self.send_and_expect(self.pg0, tx_e, itf) |
| self.verify_tunneled_4o4(self.pg0, rx, tx_e, |
| itf.local_ip4, |
| itf._remote_hosts[ii].ip4) |
| |
| tx_i = self.create_tunnel_stream_4o4(self.pg0, |
| itf._remote_hosts[ii].ip4, |
| itf.local_ip4, |
| self.pg0.local_ip4, |
| self.pg0.remote_ip4) |
| rx = self.send_and_expect(self.pg0, tx_i, self.pg0) |
| self.verify_decapped_4o4(self.pg0, rx, tx_i) |
| |
| # |
| # delete and re-add the NHRP |
| # |
| teib.remove_vpp_config() |
| self.send_and_assert_no_replies(self.pg0, tx_e) |
| self.send_and_assert_no_replies(self.pg0, tx_i) |
| |
| teib.add_vpp_config() |
| rx = self.send_and_expect(self.pg0, tx_e, itf) |
| self.verify_tunneled_4o4(self.pg0, rx, tx_e, |
| itf.local_ip4, |
| itf._remote_hosts[ii].ip4) |
| rx = self.send_and_expect(self.pg0, tx_i, self.pg0) |
| self.verify_decapped_4o4(self.pg0, rx, tx_i) |
| |
| gre_if.admin_down() |
| gre_if.unconfig_ip4() |
| |
| def test_mgre6(self): |
| """ mGRE IPv6 tunnel Tests """ |
| |
| self.pg0.config_ip6() |
| self.pg0.resolve_ndp() |
| |
| e = VppEnum.vl_api_tunnel_encap_decap_flags_t |
| |
| for itf in self.pg_interfaces[3:]: |
| # |
| # one underlay nh for each overlay/tunnel peer |
| # |
| itf.config_ip6() |
| itf.generate_remote_hosts(4) |
| itf.configure_ipv6_neighbors() |
| |
| # |
| # Create an L3 GRE tunnel. |
| # - set it admin up |
| # - assign an IP Addres |
| # - Add a route via the tunnel |
| # |
| gre_if = VppGreInterface( |
| self, |
| itf.local_ip6, |
| "::", |
| mode=(VppEnum.vl_api_tunnel_mode_t. |
| TUNNEL_API_MODE_MP), |
| flags=e.TUNNEL_API_ENCAP_DECAP_FLAG_ENCAP_COPY_DSCP) |
| |
| gre_if.add_vpp_config() |
| gre_if.admin_up() |
| gre_if.config_ip6() |
| gre_if.generate_remote_hosts(4) |
| |
| # |
| # for-each peer |
| # |
| for ii in range(1, 4): |
| route_addr = "4::%d" % ii |
| |
| # |
| # Add a NHRP entry resolves the peer |
| # |
| teib = VppNhrp(self, gre_if, |
| gre_if._remote_hosts[ii].ip6, |
| itf._remote_hosts[ii].ip6) |
| teib.add_vpp_config() |
| |
| # |
| # route traffic via the peer |
| # |
| route_via_tun = VppIpRoute( |
| self, route_addr, 128, |
| [VppRoutePath(gre_if._remote_hosts[ii].ip6, |
| gre_if.sw_if_index)]) |
| route_via_tun.add_vpp_config() |
| |
| # |
| # Send a packet stream that is routed into the tunnel |
| # - packets are GRE encapped |
| # |
| tx_e = self.create_stream_ip6(self.pg0, "5::5", route_addr, |
| dscp=2, ecn=1) |
| rx = self.send_and_expect(self.pg0, tx_e, itf) |
| self.verify_tunneled_6o6(self.pg0, rx, tx_e, |
| itf.local_ip6, |
| itf._remote_hosts[ii].ip6, |
| dscp=2) |
| tx_i = self.create_tunnel_stream_6o6(self.pg0, |
| itf._remote_hosts[ii].ip6, |
| itf.local_ip6, |
| self.pg0.local_ip6, |
| self.pg0.remote_ip6) |
| rx = self.send_and_expect(self.pg0, tx_i, self.pg0) |
| self.verify_decapped_6o6(self.pg0, rx, tx_i) |
| |
| # |
| # delete and re-add the NHRP |
| # |
| teib.remove_vpp_config() |
| self.send_and_assert_no_replies(self.pg0, tx_e) |
| |
| teib.add_vpp_config() |
| rx = self.send_and_expect(self.pg0, tx_e, itf) |
| self.verify_tunneled_6o6(self.pg0, rx, tx_e, |
| itf.local_ip6, |
| itf._remote_hosts[ii].ip6, |
| dscp=2) |
| rx = self.send_and_expect(self.pg0, tx_i, self.pg0) |
| self.verify_decapped_6o6(self.pg0, rx, tx_i) |
| |
| gre_if.admin_down() |
| gre_if.unconfig_ip4() |
| itf.unconfig_ip6() |
| self.pg0.unconfig_ip6() |
| |
| |
| if __name__ == '__main__': |
| unittest.main(testRunner=VppTestRunner) |