Gitiles
Code Review Sign In
gerrit.nordix.org / fdio / vpp / 8d09a70ee87e777dabf2251e517f5cd63ebc269b / . / test / test_dvr.py
blob: dcc17f040eba4989eb8a3dadc95bf6f003f67d69 [file] [log] [blame]
Renato Botelho do Coutoead1e532019-10-31 13:31:07 -0500[diff] [blame]1#!/usr/bin/env python3
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]2import unittest
3
Dave Wallace8800f732023-08-31 00:47:44 -0400[diff] [blame]4from framework import VppTestCase
5from asfframework import VppTestRunner
Neale Ranns097fa662018-05-01 05:17:55 -0700[diff] [blame]6from vpp_ip_route import VppIpRoute, VppRoutePath, FibPathType
Paul Vinciguerra95c0ca42019-03-28 13:07:00 -0700[diff] [blame]7from vpp_l2 import L2_PORT_TYPE
8from vpp_sub_interface import L2_VTR_OP, VppDot1QSubint
Jakub Grajciar2f8cd912020-03-27 06:55:06 +0100[diff] [blame]9from vpp_acl import AclRule, VppAcl, VppAclInterface
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]10
11from scapy.packet import Raw
Klement Sekerab9ef2732018-06-24 22:49:33 +0200[diff] [blame]12from scapy.layers.l2 import Ether, Dot1Q
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]13from scapy.layers.inet import IP, UDP
Dave Wallace8800f732023-08-31 00:47:44 -0400[diff] [blame]14from socket import AF_INET
Jakub Grajciar2f8cd912020-03-27 06:55:06 +0100[diff] [blame]15from ipaddress import IPv4Network
Dmitry Valter34fa0ce2024-03-11 10:38:46 +0000[diff] [blame]16from config import config
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]17
Paul Vinciguerra4271c972019-05-14 13:25:49 -0400[diff] [blame]18NUM_PKTS = 67
19
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]20
Dmitry Valter34fa0ce2024-03-11 10:38:46 +0000[diff] [blame]21@unittest.skipIf("acl" in config.excluded_plugins, "Exclude tests requiring ACL plugin")
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]22class TestDVR(VppTestCase):
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]23 """Distributed Virtual Router"""
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]24
Paul Vinciguerra7f9b7f92019-03-12 19:23:27 -0700[diff] [blame]25 @classmethod
26 def setUpClass(cls):
27 super(TestDVR, cls).setUpClass()
28
29 @classmethod
30 def tearDownClass(cls):
31 super(TestDVR, cls).tearDownClass()
32
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]33 def setUp(self):
34 super(TestDVR, self).setUp()
35
36 self.create_pg_interfaces(range(4))
Klement Sekerab9ef2732018-06-24 22:49:33 +0200[diff] [blame]37 self.create_loopback_interfaces(1)
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]38
39 for i in self.pg_interfaces:
40 i.admin_up()
41
42 self.loop0.config_ip4()
43
44 def tearDown(self):
45 for i in self.pg_interfaces:
46 i.admin_down()
47 self.loop0.unconfig_ip4()
48
49 super(TestDVR, self).tearDown()
50
Neale Ranns55d03782017-10-21 06:34:22 -0700[diff] [blame]51 def assert_same_mac_addr(self, tx, rx):
52 t_eth = tx[Ether]
53 for p in rx:
54 r_eth = p[Ether]
55 self.assertEqual(t_eth.src, r_eth.src)
56 self.assertEqual(t_eth.dst, r_eth.dst)
57
58 def assert_has_vlan_tag(self, tag, rx):
59 for p in rx:
60 r_1q = p[Dot1Q]
61 self.assertEqual(tag, r_1q.vlan)
62
63 def assert_has_no_tag(self, rx):
64 for p in rx:
65 self.assertFalse(p.haslayer(Dot1Q))
66
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]67 def test_dvr(self):
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]68 """Distributed Virtual Router"""
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]69
70 #
71 # A packet destined to an IP address that is L2 bridged via
72 # a non-tag interface
73 #
74 ip_non_tag_bridged = "10.10.10.10"
75 ip_tag_bridged = "10.10.10.11"
76 any_src_addr = "1.1.1.1"
77
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]78 pkt_no_tag = (
79 Ether(src=self.pg0.remote_mac, dst=self.loop0.local_mac)
80 / IP(src=any_src_addr, dst=ip_non_tag_bridged)
81 / UDP(sport=1234, dport=1234)
82 / Raw(b"\xa5" * 100)
83 )
84 pkt_tag = (
85 Ether(src=self.pg0.remote_mac, dst=self.loop0.local_mac)
86 / IP(src=any_src_addr, dst=ip_tag_bridged)
87 / UDP(sport=1234, dport=1234)
88 / Raw(b"\xa5" * 100)
89 )
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]90
91 #
92 # Two sub-interfaces so we can test VLAN tag push/pop
93 #
94 sub_if_on_pg2 = VppDot1QSubint(self, self.pg2, 92)
95 sub_if_on_pg3 = VppDot1QSubint(self, self.pg3, 93)
96 sub_if_on_pg2.admin_up()
97 sub_if_on_pg3.admin_up()
98
99 #
100 # Put all the interfaces into a new bridge domain
101 #
Ole Troana5b2eec2019-03-11 19:23:25 +0100[diff] [blame]102 self.vapi.sw_interface_set_l2_bridge(
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]103 rx_sw_if_index=self.pg0.sw_if_index, bd_id=1
104 )
Ole Troana5b2eec2019-03-11 19:23:25 +0100[diff] [blame]105 self.vapi.sw_interface_set_l2_bridge(
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]106 rx_sw_if_index=self.pg1.sw_if_index, bd_id=1
107 )
Ole Troana5b2eec2019-03-11 19:23:25 +0100[diff] [blame]108 self.vapi.sw_interface_set_l2_bridge(
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]109 rx_sw_if_index=sub_if_on_pg2.sw_if_index, bd_id=1
110 )
Ole Troana5b2eec2019-03-11 19:23:25 +0100[diff] [blame]111 self.vapi.sw_interface_set_l2_bridge(
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]112 rx_sw_if_index=sub_if_on_pg3.sw_if_index, bd_id=1
113 )
Ole Troana5b2eec2019-03-11 19:23:25 +0100[diff] [blame]114 self.vapi.sw_interface_set_l2_bridge(
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]115 rx_sw_if_index=self.loop0.sw_if_index, bd_id=1, port_type=L2_PORT_TYPE.BVI
116 )
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]117
Ole Troane1ade682019-03-04 23:55:43 +0100[diff] [blame]118 self.vapi.l2_interface_vlan_tag_rewrite(
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]119 sw_if_index=sub_if_on_pg2.sw_if_index,
120 vtr_op=L2_VTR_OP.L2_POP_1,
121 push_dot1q=92,
122 )
Ole Troane1ade682019-03-04 23:55:43 +0100[diff] [blame]123 self.vapi.l2_interface_vlan_tag_rewrite(
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]124 sw_if_index=sub_if_on_pg3.sw_if_index,
125 vtr_op=L2_VTR_OP.L2_POP_1,
126 push_dot1q=93,
127 )
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]128
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]129 #
130 # Add routes to bridge the traffic via a tagged an nontagged interface
131 #
132 route_no_tag = VppIpRoute(
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]133 self,
134 ip_non_tag_bridged,
135 32,
136 [
137 VppRoutePath(
138 "0.0.0.0", self.pg1.sw_if_index, type=FibPathType.FIB_PATH_TYPE_DVR
139 )
140 ],
141 )
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]142 route_no_tag.add_vpp_config()
143
144 #
145 # Inject the packet that arrives and leaves on a non-tagged interface
146 # Since it's 'bridged' expect that the MAC headed is unchanged.
147 #
Paul Vinciguerra4271c972019-05-14 13:25:49 -0400[diff] [blame]148 rx = self.send_and_expect(self.pg0, pkt_no_tag * NUM_PKTS, self.pg1)
Neale Rannsf068c3e2018-01-03 04:18:48 -0800[diff] [blame]149 self.assert_same_mac_addr(pkt_no_tag, rx)
150 self.assert_has_no_tag(rx)
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]151
152 #
153 # Add routes to bridge the traffic via a tagged interface
154 #
Neale Ranns55d03782017-10-21 06:34:22 -0700[diff] [blame]155 route_with_tag = VppIpRoute(
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]156 self,
157 ip_tag_bridged,
158 32,
159 [
160 VppRoutePath(
161 "0.0.0.0",
162 sub_if_on_pg3.sw_if_index,
163 type=FibPathType.FIB_PATH_TYPE_DVR,
164 )
165 ],
166 )
Neale Ranns55d03782017-10-21 06:34:22 -0700[diff] [blame]167 route_with_tag.add_vpp_config()
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]168
169 #
Neale Rannsf068c3e2018-01-03 04:18:48 -0800[diff] [blame]170 # Inject the packet that arrives non-tag and leaves on a tagged
171 # interface
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]172 #
Paul Vinciguerra4271c972019-05-14 13:25:49 -0400[diff] [blame]173 rx = self.send_and_expect(self.pg0, pkt_tag * NUM_PKTS, self.pg3)
Neale Ranns55d03782017-10-21 06:34:22 -0700[diff] [blame]174 self.assert_same_mac_addr(pkt_tag, rx)
175 self.assert_has_vlan_tag(93, rx)
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]176
177 #
178 # Tag to tag
179 #
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]180 pkt_tag_to_tag = (
181 Ether(src=self.pg2.remote_mac, dst=self.loop0.local_mac)
182 / Dot1Q(vlan=92)
183 / IP(src=any_src_addr, dst=ip_tag_bridged)
184 / UDP(sport=1234, dport=1234)
185 / Raw(b"\xa5" * 100)
186 )
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]187
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]188 rx = self.send_and_expect(self.pg2, pkt_tag_to_tag * NUM_PKTS, self.pg3)
Neale Ranns55d03782017-10-21 06:34:22 -0700[diff] [blame]189 self.assert_same_mac_addr(pkt_tag_to_tag, rx)
190 self.assert_has_vlan_tag(93, rx)
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]191
192 #
193 # Tag to non-Tag
194 #
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]195 pkt_tag_to_non_tag = (
196 Ether(src=self.pg2.remote_mac, dst=self.loop0.local_mac)
197 / Dot1Q(vlan=92)
198 / IP(src=any_src_addr, dst=ip_non_tag_bridged)
199 / UDP(sport=1234, dport=1234)
200 / Raw(b"\xa5" * 100)
201 )
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]202
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]203 rx = self.send_and_expect(self.pg2, pkt_tag_to_non_tag * NUM_PKTS, self.pg1)
Neale Ranns55d03782017-10-21 06:34:22 -0700[diff] [blame]204 self.assert_same_mac_addr(pkt_tag_to_tag, rx)
205 self.assert_has_no_tag(rx)
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]206
Neale Ranns55d03782017-10-21 06:34:22 -0700[diff] [blame]207 #
Neale Rannsf068c3e2018-01-03 04:18:48 -0800[diff] [blame]208 # Add an output L3 ACL that will block the traffic
209 #
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]210 rule_1 = AclRule(
211 is_permit=0,
212 proto=17,
213 ports=1234,
214 src_prefix=IPv4Network((any_src_addr, 32)),
215 dst_prefix=IPv4Network((ip_non_tag_bridged, 32)),
216 )
Jakub Grajciar2f8cd912020-03-27 06:55:06 +0100[diff] [blame]217 acl = VppAcl(self, rules=[rule_1])
218 acl.add_vpp_config()
Neale Rannsf068c3e2018-01-03 04:18:48 -0800[diff] [blame]219
220 #
221 # Apply the ACL on the output interface
222 #
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]223 acl_if1 = VppAclInterface(
224 self, sw_if_index=self.pg1.sw_if_index, n_input=0, acls=[acl]
225 )
Jakub Grajciar2f8cd912020-03-27 06:55:06 +0100[diff] [blame]226 acl_if1.add_vpp_config()
Neale Rannsf068c3e2018-01-03 04:18:48 -0800[diff] [blame]227
228 #
229 # Send packet's that should match the ACL and be dropped
230 #
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]231 rx = self.send_and_assert_no_replies(self.pg2, pkt_tag_to_non_tag * NUM_PKTS)
Neale Rannsf068c3e2018-01-03 04:18:48 -0800[diff] [blame]232
233 #
Neale Ranns55d03782017-10-21 06:34:22 -0700[diff] [blame]234 # cleanup
235 #
Jakub Grajciar2f8cd912020-03-27 06:55:06 +0100[diff] [blame]236 acl_if1.remove_vpp_config()
237 acl.remove_vpp_config()
Neale Rannsf068c3e2018-01-03 04:18:48 -0800[diff] [blame]238
Ole Troana5b2eec2019-03-11 19:23:25 +0100[diff] [blame]239 self.vapi.sw_interface_set_l2_bridge(
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]240 rx_sw_if_index=self.pg0.sw_if_index, bd_id=1, enable=0
241 )
Ole Troana5b2eec2019-03-11 19:23:25 +0100[diff] [blame]242 self.vapi.sw_interface_set_l2_bridge(
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]243 rx_sw_if_index=self.pg1.sw_if_index, bd_id=1, enable=0
244 )
Ole Troana5b2eec2019-03-11 19:23:25 +0100[diff] [blame]245 self.vapi.sw_interface_set_l2_bridge(
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]246 rx_sw_if_index=sub_if_on_pg2.sw_if_index, bd_id=1, enable=0
247 )
Ole Troana5b2eec2019-03-11 19:23:25 +0100[diff] [blame]248 self.vapi.sw_interface_set_l2_bridge(
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]249 rx_sw_if_index=sub_if_on_pg3.sw_if_index, bd_id=1, enable=0
250 )
Ole Troana5b2eec2019-03-11 19:23:25 +0100[diff] [blame]251 self.vapi.sw_interface_set_l2_bridge(
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]252 rx_sw_if_index=self.loop0.sw_if_index,
253 bd_id=1,
254 port_type=L2_PORT_TYPE.BVI,
255 enable=0,
256 )
Neale Ranns55d03782017-10-21 06:34:22 -0700[diff] [blame]257
258 #
Neale Ranns81458422018-03-12 06:59:36 -0700[diff] [blame]259 # Do a FIB dump to make sure the paths are correctly reported as DVR
260 #
Neale Ranns097fa662018-05-01 05:17:55 -0700[diff] [blame]261 routes = self.vapi.ip_route_dump(0)
Neale Ranns81458422018-03-12 06:59:36 -0700[diff] [blame]262
263 for r in routes:
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]264 if ip_tag_bridged == str(r.route.prefix.network_address):
265 self.assertEqual(
266 r.route.paths[0].sw_if_index, sub_if_on_pg3.sw_if_index
267 )
268 self.assertEqual(r.route.paths[0].type, FibPathType.FIB_PATH_TYPE_DVR)
269 if ip_non_tag_bridged == str(r.route.prefix.network_address):
270 self.assertEqual(r.route.paths[0].sw_if_index, self.pg1.sw_if_index)
271 self.assertEqual(r.route.paths[0].type, FibPathType.FIB_PATH_TYPE_DVR)
Neale Ranns81458422018-03-12 06:59:36 -0700[diff] [blame]272
273 #
Neale Ranns55d03782017-10-21 06:34:22 -0700[diff] [blame]274 # the explicit route delete is require so it happens before
275 # the sbu-interface delete. subinterface delete is required
276 # because that object type does not use the object registry
277 #
278 route_no_tag.remove_vpp_config()
279 route_with_tag.remove_vpp_config()
280 sub_if_on_pg3.remove_vpp_config()
281 sub_if_on_pg2.remove_vpp_config()
282
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]283
Klement Sekerad9b0c6f2022-04-26 19:02:15 +0200[diff] [blame]284if __name__ == "__main__":
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]285 unittest.main(testRunner=VppTestRunner)