blob: 8e873f345e703ce088a4282346a63e1818904d07 [file] [log] [blame]
Neale Rannsbc27d1b2018-02-05 01:13:38 -08001#!/usr/bin/env python
2
3import unittest
Neale Rannsbc27d1b2018-02-05 01:13:38 -08004
5from framework import VppTestCase, VppTestRunner
6from vpp_object import VppObject
Neale Ranns25b04942018-04-04 09:34:50 -07007from vpp_neighbor import VppNeighbor
Neale Rannsc0a93142018-09-05 15:42:26 -07008from vpp_ip_route import VppIpRoute, VppRoutePath, VppIpTable
9
10from vpp_ip import *
11from vpp_mac import *
Neale Rannsb4743802018-09-05 09:13:57 -070012from vpp_papi_provider import L2_PORT_TYPE
Ole Troan31555a32018-10-22 09:30:26 +020013from vpp_papi.vpp_format import VPPFormat
Neale Rannsbc27d1b2018-02-05 01:13:38 -080014
15from scapy.packet import Raw
Neale Ranns25b04942018-04-04 09:34:50 -070016from scapy.layers.l2 import Ether, ARP
Neale Rannsbc27d1b2018-02-05 01:13:38 -080017from scapy.layers.inet import IP, UDP
Neale Ranns25b04942018-04-04 09:34:50 -070018from scapy.layers.inet6 import IPv6, ICMPv6ND_NS, ICMPv6NDOptSrcLLAddr, \
Klement Sekerab9ef2732018-06-24 22:49:33 +020019 ICMPv6ND_NA
Neale Ranns25b04942018-04-04 09:34:50 -070020from scapy.utils6 import in6_getnsma, in6_getnsmac
Neale Rannsbc27d1b2018-02-05 01:13:38 -080021
22from socket import AF_INET, AF_INET6
Neale Ranns25b04942018-04-04 09:34:50 -070023from scapy.utils import inet_pton, inet_ntop
Klement Sekerab9ef2732018-06-24 22:49:33 +020024from util import mactobinary
Neale Rannsbc27d1b2018-02-05 01:13:38 -080025
26
Neale Rannsc0a93142018-09-05 15:42:26 -070027def find_gbp_endpoint(test, sw_if_index, ip=None, mac=None):
28 vip = VppIpAddress(ip)
29
30 eps = test.vapi.gbp_endpoint_dump()
31 for ep in eps:
32 if ep.endpoint.sw_if_index != sw_if_index:
33 continue
34 for eip in ep.endpoint.ips:
35 if vip == eip:
36 return True
37 return False
38
39
Neale Rannsbc27d1b2018-02-05 01:13:38 -080040class VppGbpEndpoint(VppObject):
41 """
Mohsin Kazmi22b3b842018-04-17 19:35:42 +020042 GBP Endpoint
Neale Rannsbc27d1b2018-02-05 01:13:38 -080043 """
44
Neale Ranns25b04942018-04-04 09:34:50 -070045 @property
46 def bin_mac(self):
47 return mactobinary(self.itf.remote_mac)
48
49 @property
50 def mac(self):
51 return self.itf.remote_mac
52
Neale Rannsc0a93142018-09-05 15:42:26 -070053 @property
54 def ip4(self):
55 return self._ip4
56
57 @property
58 def fip4(self):
59 return self._fip4
60
61 @property
62 def ip6(self):
63 return self._ip6
64
65 @property
66 def fip6(self):
67 return self._fip6
68
69 @property
70 def ips(self):
71 return [self.ip4, self.ip6]
72
73 @property
74 def fips(self):
75 return [self.fip4, self.fip6]
76
77 def __init__(self, test, itf, epg, recirc, ip4, fip4, ip6, fip6):
Neale Rannsbc27d1b2018-02-05 01:13:38 -080078 self._test = test
Neale Ranns25b04942018-04-04 09:34:50 -070079 self.itf = itf
Neale Rannsbc27d1b2018-02-05 01:13:38 -080080 self.epg = epg
Neale Ranns25b04942018-04-04 09:34:50 -070081 self.recirc = recirc
Neale Rannsc0a93142018-09-05 15:42:26 -070082
83 self._ip4 = VppIpAddress(ip4)
84 self._fip4 = VppIpAddress(fip4)
85 self._ip6 = VppIpAddress(ip6)
86 self._fip6 = VppIpAddress(fip6)
87
88 self.vmac = VppMacAddress(self.itf.remote_mac)
Neale Rannsbc27d1b2018-02-05 01:13:38 -080089
90 def add_vpp_config(self):
Neale Rannsc0a93142018-09-05 15:42:26 -070091 res = self._test.vapi.gbp_endpoint_add(
Neale Ranns25b04942018-04-04 09:34:50 -070092 self.itf.sw_if_index,
Neale Rannsc0a93142018-09-05 15:42:26 -070093 [self.ip4.encode(), self.ip6.encode()],
94 self.vmac.encode(),
Neale Ranns25b04942018-04-04 09:34:50 -070095 self.epg.epg)
Neale Rannsc0a93142018-09-05 15:42:26 -070096 self.handle = res.handle
Neale Rannsbc27d1b2018-02-05 01:13:38 -080097 self._test.registry.register(self, self._test.logger)
98
99 def remove_vpp_config(self):
Neale Rannsc0a93142018-09-05 15:42:26 -0700100 self._test.vapi.gbp_endpoint_del(self.handle)
Neale Rannsbc27d1b2018-02-05 01:13:38 -0800101
102 def __str__(self):
103 return self.object_id()
104
105 def object_id(self):
Neale Ranns25b04942018-04-04 09:34:50 -0700106 return "gbp-endpoint;[%d:%s:%d]" % (self.itf.sw_if_index,
Neale Rannsc0a93142018-09-05 15:42:26 -0700107 self.ip4.address,
Neale Ranns25b04942018-04-04 09:34:50 -0700108 self.epg.epg)
Neale Rannsbc27d1b2018-02-05 01:13:38 -0800109
110 def query_vpp_config(self):
Neale Rannsc0a93142018-09-05 15:42:26 -0700111 return find_gbp_endpoint(self._test,
112 self.itf.sw_if_index,
113 self.ip4.address)
Neale Ranns25b04942018-04-04 09:34:50 -0700114
115
116class VppGbpRecirc(VppObject):
117 """
Mohsin Kazmi22b3b842018-04-17 19:35:42 +0200118 GBP Recirculation Interface
Neale Ranns25b04942018-04-04 09:34:50 -0700119 """
120
121 def __init__(self, test, epg, recirc, is_ext=False):
122 self._test = test
123 self.recirc = recirc
124 self.epg = epg
125 self.is_ext = is_ext
126
127 def add_vpp_config(self):
128 self._test.vapi.gbp_recirc_add_del(
129 1,
130 self.recirc.sw_if_index,
131 self.epg.epg,
132 self.is_ext)
133 self._test.registry.register(self, self._test.logger)
134
135 def remove_vpp_config(self):
136 self._test.vapi.gbp_recirc_add_del(
137 0,
138 self.recirc.sw_if_index,
139 self.epg.epg,
140 self.is_ext)
141
142 def __str__(self):
143 return self.object_id()
144
145 def object_id(self):
146 return "gbp-recirc;[%d]" % (self.recirc.sw_if_index)
147
148 def query_vpp_config(self):
149 rs = self._test.vapi.gbp_recirc_dump()
150 for r in rs:
151 if r.recirc.sw_if_index == self.recirc.sw_if_index:
152 return True
153 return False
154
155
156class VppGbpSubnet(VppObject):
157 """
Mohsin Kazmi22b3b842018-04-17 19:35:42 +0200158 GBP Subnet
Neale Ranns25b04942018-04-04 09:34:50 -0700159 """
160
161 def __init__(self, test, table_id, address, address_len,
Neale Rannsc0a93142018-09-05 15:42:26 -0700162 is_internal=True,
Neale Ranns25b04942018-04-04 09:34:50 -0700163 sw_if_index=None, epg=None):
164 self._test = test
165 self.table_id = table_id
Ole Troan31555a32018-10-22 09:30:26 +0200166 self.prefix = "{}/{}".format(address, address_len)
Neale Ranns25b04942018-04-04 09:34:50 -0700167 self.is_internal = is_internal
168 self.sw_if_index = sw_if_index
169 self.epg = epg
170
171 def add_vpp_config(self):
172 self._test.vapi.gbp_subnet_add_del(
173 1,
174 self.table_id,
175 self.is_internal,
Ole Troan31555a32018-10-22 09:30:26 +0200176 self.prefix,
Neale Ranns25b04942018-04-04 09:34:50 -0700177 sw_if_index=self.sw_if_index if self.sw_if_index else 0xffffffff,
Neale Rannsc0a93142018-09-05 15:42:26 -0700178 epg_id=self.epg if self.epg else 0xffff)
Neale Ranns25b04942018-04-04 09:34:50 -0700179 self._test.registry.register(self, self._test.logger)
180
181 def remove_vpp_config(self):
182 self._test.vapi.gbp_subnet_add_del(
183 0,
184 self.table_id,
185 self.is_internal,
Ole Troan31555a32018-10-22 09:30:26 +0200186 self.prefix)
Neale Ranns25b04942018-04-04 09:34:50 -0700187
188 def __str__(self):
189 return self.object_id()
190
191 def object_id(self):
Neale Rannsc0a93142018-09-05 15:42:26 -0700192 return "gbp-subnet;[%d-%s]" % (self.table_id,
193 self.prefix)
Neale Ranns25b04942018-04-04 09:34:50 -0700194
195 def query_vpp_config(self):
196 ss = self._test.vapi.gbp_subnet_dump()
197 for s in ss:
198 if s.subnet.table_id == self.table_id and \
Ole Troan31555a32018-10-22 09:30:26 +0200199 VPPFormat.unformat(s.subnet.prefix) == self.prefix:
Neale Rannsc0a93142018-09-05 15:42:26 -0700200 return True
Neale Ranns25b04942018-04-04 09:34:50 -0700201 return False
202
203
204class VppGbpEndpointGroup(VppObject):
205 """
Mohsin Kazmi22b3b842018-04-17 19:35:42 +0200206 GBP Endpoint Group
Neale Ranns25b04942018-04-04 09:34:50 -0700207 """
208
209 def __init__(self, test, epg, rd, bd, uplink,
210 bvi, bvi_ip4, bvi_ip6=None):
211 self._test = test
212 self.uplink = uplink
213 self.bvi = bvi
214 self.bvi_ip4 = bvi_ip4
215 self.bvi_ip4_n = inet_pton(AF_INET, bvi_ip4)
216 self.bvi_ip6 = bvi_ip6
217 self.bvi_ip6_n = inet_pton(AF_INET6, bvi_ip6)
218 self.epg = epg
219 self.bd = bd
220 self.rd = rd
221
222 def add_vpp_config(self):
223 self._test.vapi.gbp_endpoint_group_add_del(
224 1,
225 self.epg,
226 self.bd,
227 self.rd,
228 self.rd,
229 self.uplink.sw_if_index)
230 self._test.registry.register(self, self._test.logger)
231
232 def remove_vpp_config(self):
233 self._test.vapi.gbp_endpoint_group_add_del(
234 0,
235 self.epg,
236 self.bd,
237 self.rd,
238 self.rd,
239 self.uplink.sw_if_index)
240
241 def __str__(self):
242 return self.object_id()
243
244 def object_id(self):
245 return "gbp-endpoint-group;[%d]" % (self.epg)
246
247 def query_vpp_config(self):
248 epgs = self._test.vapi.gbp_endpoint_group_dump()
249 for epg in epgs:
250 if epg.epg.epg_id == self.epg:
Neale Rannsbc27d1b2018-02-05 01:13:38 -0800251 return True
252 return False
253
254
255class VppGbpContract(VppObject):
256 """
Mohsin Kazmi22b3b842018-04-17 19:35:42 +0200257 GBP Contract
Neale Rannsbc27d1b2018-02-05 01:13:38 -0800258 """
259
260 def __init__(self, test, src_epg, dst_epg, acl_index):
261 self._test = test
262 self.acl_index = acl_index
263 self.src_epg = src_epg
264 self.dst_epg = dst_epg
265
266 def add_vpp_config(self):
267 self._test.vapi.gbp_contract_add_del(
268 1,
269 self.src_epg,
270 self.dst_epg,
271 self.acl_index)
272 self._test.registry.register(self, self._test.logger)
273
274 def remove_vpp_config(self):
275 self._test.vapi.gbp_contract_add_del(
276 0,
277 self.src_epg,
278 self.dst_epg,
279 self.acl_index)
280
281 def __str__(self):
282 return self.object_id()
283
284 def object_id(self):
285 return "gbp-contract;[%d:%s:%d]" % (self.src_epg,
286 self.dst_epg,
287 self.acl_index)
288
289 def query_vpp_config(self):
Neale Ranns25b04942018-04-04 09:34:50 -0700290 cs = self._test.vapi.gbp_contract_dump()
291 for c in cs:
292 if c.contract.src_epg == self.src_epg \
293 and c.contract.dst_epg == self.dst_epg:
Neale Rannsbc27d1b2018-02-05 01:13:38 -0800294 return True
295 return False
296
297
Mohsin Kazmi22b3b842018-04-17 19:35:42 +0200298class VppGbpAcl(VppObject):
299 """
300 GBP Acl
301 """
302
303 def __init__(self, test):
304 self._test = test
305 self.acl_index = 4294967295
306
307 def create_rule(self, is_ipv6=0, permit_deny=0, proto=-1,
308 s_prefix=0, s_ip='\x00\x00\x00\x00', sport_from=0,
309 sport_to=65535, d_prefix=0, d_ip='\x00\x00\x00\x00',
310 dport_from=0, dport_to=65535):
311 if proto == -1 or proto == 0:
312 sport_to = 0
313 dport_to = sport_to
314 elif proto == 1 or proto == 58:
315 sport_to = 255
316 dport_to = sport_to
317 rule = ({'is_permit': permit_deny, 'is_ipv6': is_ipv6, 'proto': proto,
318 'srcport_or_icmptype_first': sport_from,
319 'srcport_or_icmptype_last': sport_to,
320 'src_ip_prefix_len': s_prefix,
321 'src_ip_addr': s_ip,
322 'dstport_or_icmpcode_first': dport_from,
323 'dstport_or_icmpcode_last': dport_to,
324 'dst_ip_prefix_len': d_prefix,
325 'dst_ip_addr': d_ip})
326 return rule
327
328 def add_vpp_config(self, rules):
329
330 reply = self._test.vapi.acl_add_replace(self.acl_index,
331 r=rules,
332 tag='GBPTest')
333 self.acl_index = reply.acl_index
334 return self.acl_index
335
336 def remove_vpp_config(self):
337 self._test.vapi.acl_del(self.acl_index)
338
339 def __str__(self):
340 return self.object_id()
341
342 def object_id(self):
343 return "gbp-acl;[%d]" % (self.acl_index)
344
345 def query_vpp_config(self):
346 cs = self._test.vapi.acl_dump()
347 for c in cs:
348 if c.acl_index == self.acl_index:
349 return True
350 return False
351
352
Neale Rannsbc27d1b2018-02-05 01:13:38 -0800353class TestGBP(VppTestCase):
354 """ GBP Test Case """
355
356 def setUp(self):
357 super(TestGBP, self).setUp()
358
Neale Ranns25b04942018-04-04 09:34:50 -0700359 self.create_pg_interfaces(range(9))
Klement Sekerab9ef2732018-06-24 22:49:33 +0200360 self.create_loopback_interfaces(9)
Neale Ranns25b04942018-04-04 09:34:50 -0700361
362 self.router_mac = "00:11:22:33:44:55"
Neale Rannsbc27d1b2018-02-05 01:13:38 -0800363
364 for i in self.pg_interfaces:
365 i.admin_up()
Neale Ranns25b04942018-04-04 09:34:50 -0700366 for i in self.lo_interfaces:
367 i.admin_up()
368 self.vapi.sw_interface_set_mac_address(
369 i.sw_if_index,
370 mactobinary(self.router_mac))
Neale Rannsbc27d1b2018-02-05 01:13:38 -0800371
372 def tearDown(self):
373 for i in self.pg_interfaces:
Neale Ranns25b04942018-04-04 09:34:50 -0700374 i.admin_down()
Neale Rannsbc27d1b2018-02-05 01:13:38 -0800375
376 super(TestGBP, self).tearDown()
377
Neale Ranns25b04942018-04-04 09:34:50 -0700378 def send_and_expect_bridged(self, src, tx, dst):
379 rx = self.send_and_expect(src, tx, dst)
Neale Rannsbc27d1b2018-02-05 01:13:38 -0800380
Neale Ranns25b04942018-04-04 09:34:50 -0700381 for r in rx:
382 self.assertEqual(r[Ether].src, tx[0][Ether].src)
383 self.assertEqual(r[Ether].dst, tx[0][Ether].dst)
384 self.assertEqual(r[IP].src, tx[0][IP].src)
385 self.assertEqual(r[IP].dst, tx[0][IP].dst)
386 return rx
Neale Rannsbc27d1b2018-02-05 01:13:38 -0800387
Neale Ranns25b04942018-04-04 09:34:50 -0700388 def send_and_expect_bridged6(self, src, tx, dst):
389 rx = self.send_and_expect(src, tx, dst)
Neale Rannsbc27d1b2018-02-05 01:13:38 -0800390
Neale Ranns25b04942018-04-04 09:34:50 -0700391 for r in rx:
392 self.assertEqual(r[Ether].src, tx[0][Ether].src)
393 self.assertEqual(r[Ether].dst, tx[0][Ether].dst)
394 self.assertEqual(r[IPv6].src, tx[0][IPv6].src)
395 self.assertEqual(r[IPv6].dst, tx[0][IPv6].dst)
396 return rx
397
398 def send_and_expect_routed(self, src, tx, dst, src_mac):
399 rx = self.send_and_expect(src, tx, dst)
400
401 for r in rx:
402 self.assertEqual(r[Ether].src, src_mac)
403 self.assertEqual(r[Ether].dst, dst.remote_mac)
404 self.assertEqual(r[IP].src, tx[0][IP].src)
405 self.assertEqual(r[IP].dst, tx[0][IP].dst)
406 return rx
407
408 def send_and_expect_natted(self, src, tx, dst, src_ip):
409 rx = self.send_and_expect(src, tx, dst)
410
411 for r in rx:
412 self.assertEqual(r[Ether].src, tx[0][Ether].src)
413 self.assertEqual(r[Ether].dst, tx[0][Ether].dst)
414 self.assertEqual(r[IP].src, src_ip)
415 self.assertEqual(r[IP].dst, tx[0][IP].dst)
416 return rx
417
Neale Ranns4a6d0232018-04-24 07:45:33 -0700418 def send_and_expect_natted6(self, src, tx, dst, src_ip):
419 rx = self.send_and_expect(src, tx, dst)
420
421 for r in rx:
422 self.assertEqual(r[Ether].src, tx[0][Ether].src)
423 self.assertEqual(r[Ether].dst, tx[0][Ether].dst)
424 self.assertEqual(r[IPv6].src, src_ip)
425 self.assertEqual(r[IPv6].dst, tx[0][IPv6].dst)
426 return rx
427
Neale Ranns25b04942018-04-04 09:34:50 -0700428 def send_and_expect_unnatted(self, src, tx, dst, dst_ip):
429 rx = self.send_and_expect(src, tx, dst)
430
431 for r in rx:
432 self.assertEqual(r[Ether].src, tx[0][Ether].src)
433 self.assertEqual(r[Ether].dst, tx[0][Ether].dst)
434 self.assertEqual(r[IP].dst, dst_ip)
435 self.assertEqual(r[IP].src, tx[0][IP].src)
436 return rx
437
Neale Ranns4a6d0232018-04-24 07:45:33 -0700438 def send_and_expect_unnatted6(self, src, tx, dst, dst_ip):
439 rx = self.send_and_expect(src, tx, dst)
440
441 for r in rx:
442 self.assertEqual(r[Ether].src, tx[0][Ether].src)
443 self.assertEqual(r[Ether].dst, tx[0][Ether].dst)
444 self.assertEqual(r[IPv6].dst, dst_ip)
445 self.assertEqual(r[IPv6].src, tx[0][IPv6].src)
446 return rx
447
Neale Ranns25b04942018-04-04 09:34:50 -0700448 def send_and_expect_double_natted(self, src, tx, dst, src_ip, dst_ip):
449 rx = self.send_and_expect(src, tx, dst)
450
451 for r in rx:
452 self.assertEqual(r[Ether].src, self.router_mac)
453 self.assertEqual(r[Ether].dst, dst.remote_mac)
454 self.assertEqual(r[IP].dst, dst_ip)
455 self.assertEqual(r[IP].src, src_ip)
456 return rx
457
Neale Ranns4a6d0232018-04-24 07:45:33 -0700458 def send_and_expect_double_natted6(self, src, tx, dst, src_ip, dst_ip):
459 rx = self.send_and_expect(src, tx, dst)
460
461 for r in rx:
462 self.assertEqual(r[Ether].src, self.router_mac)
463 self.assertEqual(r[Ether].dst, dst.remote_mac)
464 self.assertEqual(r[IPv6].dst, dst_ip)
465 self.assertEqual(r[IPv6].src, src_ip)
466 return rx
467
Neale Ranns25b04942018-04-04 09:34:50 -0700468 def test_gbp(self):
469 """ Group Based Policy """
470
471 nat_table = VppIpTable(self, 20)
472 nat_table.add_vpp_config()
Neale Ranns8f6dd322018-05-17 06:34:24 -0700473 nat_table = VppIpTable(self, 20, is_ip6=True)
474 nat_table.add_vpp_config()
Neale Rannsbc27d1b2018-02-05 01:13:38 -0800475
476 #
Neale Ranns25b04942018-04-04 09:34:50 -0700477 # Bridge Domains
478 #
479 self.vapi.bridge_domain_add_del(1, flood=1, uu_flood=1, forward=1,
480 learn=0, arp_term=1, is_add=1)
481 self.vapi.bridge_domain_add_del(2, flood=1, uu_flood=1, forward=1,
482 learn=0, arp_term=1, is_add=1)
483 self.vapi.bridge_domain_add_del(20, flood=1, uu_flood=1, forward=1,
484 learn=0, arp_term=1, is_add=1)
485
486 #
487 # 3 EPGs, 2 of which share a BD.
Neale Ranns25b04942018-04-04 09:34:50 -0700488 # 2 NAT EPGs, one for floating-IP subnets, the other for internet
489 #
Neale Rannsc0a93142018-09-05 15:42:26 -0700490 epgs = [VppGbpEndpointGroup(self, 220, 0, 1, self.pg4,
491 self.loop0,
492 "10.0.0.128",
493 "2001:10::128"),
494 VppGbpEndpointGroup(self, 221, 0, 1, self.pg5,
495 self.loop0,
496 "10.0.1.128",
497 "2001:10:1::128"),
498 VppGbpEndpointGroup(self, 222, 0, 2, self.pg6,
499 self.loop1,
500 "10.0.2.128",
501 "2001:10:2::128"),
502 VppGbpEndpointGroup(self, 333, 20, 20, self.pg7,
503 self.loop2,
504 "11.0.0.128",
505 "3001::128"),
506 VppGbpEndpointGroup(self, 444, 20, 20, self.pg8,
507 self.loop2,
508 "11.0.0.129",
509 "3001::129")]
510 recircs = [VppGbpRecirc(self, epgs[0],
511 self.loop3),
512 VppGbpRecirc(self, epgs[1],
513 self.loop4),
514 VppGbpRecirc(self, epgs[2],
515 self.loop5),
516 VppGbpRecirc(self, epgs[3],
517 self.loop6, is_ext=True),
518 VppGbpRecirc(self, epgs[4],
519 self.loop8, is_ext=True)]
Neale Ranns25b04942018-04-04 09:34:50 -0700520
521 epg_nat = epgs[3]
522 recirc_nat = recircs[3]
523
524 #
525 # 4 end-points, 2 in the same subnet, 3 in the same BD
526 #
Neale Rannsc0a93142018-09-05 15:42:26 -0700527 eps = [VppGbpEndpoint(self, self.pg0,
528 epgs[0], recircs[0],
529 "10.0.0.1", "11.0.0.1",
530 "2001:10::1", "3001::1"),
531 VppGbpEndpoint(self, self.pg1,
532 epgs[0], recircs[0],
533 "10.0.0.2", "11.0.0.2",
534 "2001:10::2", "3001::2"),
535 VppGbpEndpoint(self, self.pg2,
536 epgs[1], recircs[1],
537 "10.0.1.1", "11.0.0.3",
538 "2001:10:1::1", "3001::3"),
539 VppGbpEndpoint(self, self.pg3,
540 epgs[2], recircs[2],
541 "10.0.2.1", "11.0.0.4",
542 "2001:10:2::1", "3001::4")]
Neale Ranns25b04942018-04-04 09:34:50 -0700543
544 #
545 # Config related to each of the EPGs
546 #
547 for epg in epgs:
548 # IP config on the BVI interfaces
549 if epg != epgs[1] and epg != epgs[4]:
550 epg.bvi.set_table_ip4(epg.rd)
551 epg.bvi.set_table_ip6(epg.rd)
552
553 # The BVIs are NAT inside interfaces
554 self.vapi.nat44_interface_add_del_feature(epg.bvi.sw_if_index,
555 is_inside=1,
556 is_add=1)
Neale Ranns4a6d0232018-04-24 07:45:33 -0700557 self.vapi.nat66_add_del_interface(epg.bvi.sw_if_index,
558 is_inside=1,
559 is_add=1)
Neale Ranns25b04942018-04-04 09:34:50 -0700560
561 self.vapi.sw_interface_add_del_address(epg.bvi.sw_if_index,
562 epg.bvi_ip4_n,
563 32)
564 self.vapi.sw_interface_add_del_address(epg.bvi.sw_if_index,
565 epg.bvi_ip6_n,
566 128,
Neale Ranns4a6d0232018-04-24 07:45:33 -0700567 is_ipv6=True)
Neale Ranns25b04942018-04-04 09:34:50 -0700568
569 # EPG uplink interfaces in the BD
570 epg.uplink.set_table_ip4(epg.rd)
Neale Ranns4a6d0232018-04-24 07:45:33 -0700571 epg.uplink.set_table_ip6(epg.rd)
Neale Ranns25b04942018-04-04 09:34:50 -0700572 self.vapi.sw_interface_set_l2_bridge(epg.uplink.sw_if_index,
573 epg.bd)
574
575 # add the BD ARP termination entry for BVI IP
576 self.vapi.bd_ip_mac_add_del(bd_id=epg.bd,
577 mac=mactobinary(self.router_mac),
578 ip=epg.bvi_ip4_n,
579 is_ipv6=0,
580 is_add=1)
581 self.vapi.bd_ip_mac_add_del(bd_id=epg.bd,
582 mac=mactobinary(self.router_mac),
583 ip=epg.bvi_ip6_n,
584 is_ipv6=1,
585 is_add=1)
586
587 # epg[1] shares the same BVI to epg[0]
588 if epg != epgs[1] and epg != epgs[4]:
589 # BVI in BD
Neale Rannsb4743802018-09-05 09:13:57 -0700590 self.vapi.sw_interface_set_l2_bridge(
591 epg.bvi.sw_if_index,
592 epg.bd,
593 port_type=L2_PORT_TYPE.BVI)
594
Neale Ranns25b04942018-04-04 09:34:50 -0700595 # BVI L2 FIB entry
596 self.vapi.l2fib_add_del(self.router_mac,
597 epg.bd,
598 epg.bvi.sw_if_index,
599 is_add=1, bvi_mac=1)
600
601 # EPG in VPP
602 epg.add_vpp_config()
603
604 for recirc in recircs:
605 # EPG's ingress recirculation interface maps to its RD
606 recirc.recirc.set_table_ip4(recirc.epg.rd)
Neale Ranns4a6d0232018-04-24 07:45:33 -0700607 recirc.recirc.set_table_ip6(recirc.epg.rd)
Neale Ranns25b04942018-04-04 09:34:50 -0700608
609 # in the bridge to allow DVR. L2 emulation to punt to L3
610 self.vapi.sw_interface_set_l2_bridge(recirc.recirc.sw_if_index,
611 recirc.epg.bd)
612 self.vapi.sw_interface_set_l2_emulation(
613 recirc.recirc.sw_if_index)
614
Neale Ranns4a6d0232018-04-24 07:45:33 -0700615 self.vapi.nat44_interface_add_del_feature(
616 recirc.recirc.sw_if_index,
617 is_inside=0,
618 is_add=1)
619 self.vapi.nat66_add_del_interface(
620 recirc.recirc.sw_if_index,
621 is_inside=0,
622 is_add=1)
Neale Ranns25b04942018-04-04 09:34:50 -0700623
624 recirc.add_vpp_config()
625
626 ep_routes = []
627 ep_arps = []
628 for ep in eps:
629 self.pg_enable_capture(self.pg_interfaces)
630 self.pg_start()
631 #
632 # routes to the endpoints. We need these since there are no
633 # adj-fibs due to the fact the the BVI address has /32 and
634 # the subnet is not attached.
635 #
Neale Rannsc0a93142018-09-05 15:42:26 -0700636 for (ip, fip) in zip(ep.ips, ep.fips):
637 r = VppIpRoute(self, ip.address, ip.length,
638 [VppRoutePath(ip.address,
639 ep.epg.bvi.sw_if_index,
640 proto=ip.dpo_proto)],
641 is_ip6=ip.is_ip6)
642 r.add_vpp_config()
643 ep_routes.append(r)
Neale Ranns25b04942018-04-04 09:34:50 -0700644
Neale Rannsc0a93142018-09-05 15:42:26 -0700645 #
646 # ARP entries for the endpoints
647 #
648 a = VppNeighbor(self,
649 ep.epg.bvi.sw_if_index,
650 ep.itf.remote_mac,
651 ip.address,
652 af=ip.af)
653 a.add_vpp_config()
654 ep_arps.append(a)
655
656 # add the BD ARP termination entry
657 self.vapi.bd_ip_mac_add_del(bd_id=ep.epg.bd,
658 mac=ep.bin_mac,
659 ip=ip.bytes,
660 is_ipv6=ip.is_ip6,
661 is_add=1)
662
663 # Add static mappings for each EP from the 10/8 to 11/8 network
664 if ip.af == AF_INET:
665 self.vapi.nat44_add_del_static_mapping(ip.bytes,
666 fip.bytes,
667 vrf_id=0,
668 addr_only=1)
669 else:
670 self.vapi.nat66_add_del_static_mapping(ip.bytes,
671 fip.bytes,
672 vrf_id=0)
Neale Ranns25b04942018-04-04 09:34:50 -0700673
674 # add each EP itf to the its BD
675 self.vapi.sw_interface_set_l2_bridge(ep.itf.sw_if_index,
676 ep.epg.bd)
677
Neale Ranns25b04942018-04-04 09:34:50 -0700678 # L2 FIB entry
679 self.vapi.l2fib_add_del(ep.mac,
680 ep.epg.bd,
681 ep.itf.sw_if_index,
682 is_add=1)
683
Neale Ranns25b04942018-04-04 09:34:50 -0700684 # VPP EP create ...
685 ep.add_vpp_config()
686
Neale Rannsc0a93142018-09-05 15:42:26 -0700687 self.logger.info(self.vapi.cli("sh gbp endpoint"))
Neale Ranns25b04942018-04-04 09:34:50 -0700688
Neale Rannsc0a93142018-09-05 15:42:26 -0700689 # ... results in a Gratuitous ARP/ND on the EPG's uplink
690 rx = ep.epg.uplink.get_capture(len(ep.ips), timeout=0.2)
691
692 for ii, ip in enumerate(ep.ips):
693 p = rx[ii]
694
695 if ip.is_ip6:
696 self.assertTrue(p.haslayer(ICMPv6ND_NA))
697 self.assertEqual(p[ICMPv6ND_NA].tgt, ip.address)
698 else:
699 self.assertTrue(p.haslayer(ARP))
700 self.assertEqual(p[ARP].psrc, ip.address)
701 self.assertEqual(p[ARP].pdst, ip.address)
Neale Ranns25b04942018-04-04 09:34:50 -0700702
703 # add the BD ARP termination entry for floating IP
Neale Rannsc0a93142018-09-05 15:42:26 -0700704 for fip in ep.fips:
705 self.vapi.bd_ip_mac_add_del(bd_id=epg_nat.bd,
706 mac=ep.bin_mac,
707 ip=fip.bytes,
708 is_ipv6=fip.is_ip6,
709 is_add=1)
Neale Ranns25b04942018-04-04 09:34:50 -0700710
Neale Rannsc0a93142018-09-05 15:42:26 -0700711 # floating IPs route via EPG recirc
712 r = VppIpRoute(self, fip.address, fip.length,
713 [VppRoutePath(fip.address,
714 ep.recirc.recirc.sw_if_index,
715 is_dvr=1,
716 proto=fip.dpo_proto)],
717 table_id=20,
718 is_ip6=fip.is_ip6)
719 r.add_vpp_config()
720 ep_routes.append(r)
Neale Ranns25b04942018-04-04 09:34:50 -0700721
722 # L2 FIB entries in the NAT EPG BD to bridge the packets from
723 # the outside direct to the internal EPG
724 self.vapi.l2fib_add_del(ep.mac,
725 epg_nat.bd,
726 ep.recirc.recirc.sw_if_index,
727 is_add=1)
728
729 #
730 # ARP packets for unknown IP are flooded
731 #
732 pkt_arp = (Ether(dst="ff:ff:ff:ff:ff:ff",
733 src=self.pg0.remote_mac) /
734 ARP(op="who-has",
735 hwdst="ff:ff:ff:ff:ff:ff",
736 hwsrc=self.pg0.remote_mac,
737 pdst=epgs[0].bvi_ip4,
738 psrc="10.0.0.88"))
739
740 self.send_and_expect(self.pg0, [pkt_arp], self.pg0)
741
742 #
743 # ARP/ND packets get a response
744 #
745 pkt_arp = (Ether(dst="ff:ff:ff:ff:ff:ff",
746 src=self.pg0.remote_mac) /
747 ARP(op="who-has",
748 hwdst="ff:ff:ff:ff:ff:ff",
749 hwsrc=self.pg0.remote_mac,
750 pdst=epgs[0].bvi_ip4,
Neale Rannsc0a93142018-09-05 15:42:26 -0700751 psrc=eps[0].ip4.address))
Neale Ranns25b04942018-04-04 09:34:50 -0700752
753 self.send_and_expect(self.pg0, [pkt_arp], self.pg0)
754
Neale Rannsc0a93142018-09-05 15:42:26 -0700755 nsma = in6_getnsma(inet_pton(AF_INET6, eps[0].ip6.address))
Neale Ranns25b04942018-04-04 09:34:50 -0700756 d = inet_ntop(AF_INET6, nsma)
757 pkt_nd = (Ether(dst=in6_getnsmac(nsma)) /
Neale Rannsc0a93142018-09-05 15:42:26 -0700758 IPv6(dst=d, src=eps[0].ip6.address) /
Neale Ranns25b04942018-04-04 09:34:50 -0700759 ICMPv6ND_NS(tgt=epgs[0].bvi_ip6) /
760 ICMPv6NDOptSrcLLAddr(lladdr=self.pg0.remote_mac))
761 self.send_and_expect(self.pg0, [pkt_nd], self.pg0)
762
763 #
764 # broadcast packets are flooded
765 #
766 pkt_bcast = (Ether(dst="ff:ff:ff:ff:ff:ff",
767 src=self.pg0.remote_mac) /
Neale Rannsc0a93142018-09-05 15:42:26 -0700768 IP(src=eps[0].ip4.address, dst="232.1.1.1") /
Neale Ranns25b04942018-04-04 09:34:50 -0700769 UDP(sport=1234, dport=1234) /
770 Raw('\xa5' * 100))
771
772 self.vapi.cli("clear trace")
773 self.pg0.add_stream(pkt_bcast)
774
775 self.pg_enable_capture(self.pg_interfaces)
776 self.pg_start()
777
778 rxd = eps[1].itf.get_capture(1)
779 self.assertEqual(rxd[0][Ether].dst, pkt_bcast[Ether].dst)
780 rxd = epgs[0].uplink.get_capture(1)
781 self.assertEqual(rxd[0][Ether].dst, pkt_bcast[Ether].dst)
782
783 #
784 # packets to non-local L3 destinations dropped
785 #
786 pkt_intra_epg_220_ip4 = (Ether(src=self.pg0.remote_mac,
787 dst=self.router_mac) /
Neale Rannsc0a93142018-09-05 15:42:26 -0700788 IP(src=eps[0].ip4.address,
789 dst="10.0.0.99") /
Neale Ranns25b04942018-04-04 09:34:50 -0700790 UDP(sport=1234, dport=1234) /
791 Raw('\xa5' * 100))
792 pkt_inter_epg_222_ip4 = (Ether(src=self.pg0.remote_mac,
793 dst=self.router_mac) /
Neale Rannsc0a93142018-09-05 15:42:26 -0700794 IP(src=eps[0].ip4.address,
795 dst="10.0.1.99") /
Neale Ranns25b04942018-04-04 09:34:50 -0700796 UDP(sport=1234, dport=1234) /
797 Raw('\xa5' * 100))
798
799 self.send_and_assert_no_replies(self.pg0, pkt_intra_epg_220_ip4 * 65)
800
801 pkt_inter_epg_222_ip6 = (Ether(src=self.pg0.remote_mac,
802 dst=self.router_mac) /
Neale Rannsc0a93142018-09-05 15:42:26 -0700803 IPv6(src=eps[0].ip6.address,
804 dst="2001:10::99") /
Neale Ranns25b04942018-04-04 09:34:50 -0700805 UDP(sport=1234, dport=1234) /
806 Raw('\xa5' * 100))
807 self.send_and_assert_no_replies(self.pg0, pkt_inter_epg_222_ip6 * 65)
808
809 #
810 # Add the subnet routes
811 #
812 s41 = VppGbpSubnet(self, 0, "10.0.0.0", 24)
813 s42 = VppGbpSubnet(self, 0, "10.0.1.0", 24)
814 s43 = VppGbpSubnet(self, 0, "10.0.2.0", 24)
815 s41.add_vpp_config()
816 s42.add_vpp_config()
817 s43.add_vpp_config()
Neale Rannsc0a93142018-09-05 15:42:26 -0700818 s61 = VppGbpSubnet(self, 0, "2001:10::1", 64)
819 s62 = VppGbpSubnet(self, 0, "2001:10:1::1", 64)
820 s63 = VppGbpSubnet(self, 0, "2001:10:2::1", 64)
Neale Ranns25b04942018-04-04 09:34:50 -0700821 s61.add_vpp_config()
822 s62.add_vpp_config()
823 s63.add_vpp_config()
824
825 self.send_and_expect_bridged(self.pg0,
826 pkt_intra_epg_220_ip4 * 65,
827 self.pg4)
828 self.send_and_expect_bridged(self.pg3,
829 pkt_inter_epg_222_ip4 * 65,
830 self.pg6)
831 self.send_and_expect_bridged6(self.pg3,
832 pkt_inter_epg_222_ip6 * 65,
833 self.pg6)
834
835 self.logger.info(self.vapi.cli("sh ip fib 11.0.0.2"))
836 self.logger.info(self.vapi.cli("sh gbp endpoint-group"))
837 self.logger.info(self.vapi.cli("sh gbp endpoint"))
838 self.logger.info(self.vapi.cli("sh gbp recirc"))
839 self.logger.info(self.vapi.cli("sh int"))
840 self.logger.info(self.vapi.cli("sh int addr"))
841 self.logger.info(self.vapi.cli("sh int feat loop6"))
842 self.logger.info(self.vapi.cli("sh vlib graph ip4-gbp-src-classify"))
843 self.logger.info(self.vapi.cli("sh int feat loop3"))
844
845 #
846 # Packet destined to unknown unicast is sent on the epg uplink ...
847 #
848 pkt_intra_epg_220_to_uplink = (Ether(src=self.pg0.remote_mac,
849 dst="00:00:00:33:44:55") /
Neale Rannsc0a93142018-09-05 15:42:26 -0700850 IP(src=eps[0].ip4.address,
851 dst="10.0.0.99") /
Neale Ranns25b04942018-04-04 09:34:50 -0700852 UDP(sport=1234, dport=1234) /
853 Raw('\xa5' * 100))
854
855 self.send_and_expect_bridged(self.pg0,
856 pkt_intra_epg_220_to_uplink * 65,
857 self.pg4)
858 # ... and nowhere else
859 self.pg1.get_capture(0, timeout=0.1)
860 self.pg1.assert_nothing_captured(remark="Flood onto other VMS")
861
862 pkt_intra_epg_221_to_uplink = (Ether(src=self.pg2.remote_mac,
863 dst="00:00:00:33:44:66") /
Neale Rannsc0a93142018-09-05 15:42:26 -0700864 IP(src=eps[0].ip4.address,
865 dst="10.0.0.99") /
Neale Ranns25b04942018-04-04 09:34:50 -0700866 UDP(sport=1234, dport=1234) /
867 Raw('\xa5' * 100))
868
869 self.send_and_expect_bridged(self.pg2,
870 pkt_intra_epg_221_to_uplink * 65,
871 self.pg5)
872
873 #
874 # Packets from the uplink are forwarded in the absence of a contract
875 #
876 pkt_intra_epg_220_from_uplink = (Ether(src="00:00:00:33:44:55",
877 dst=self.pg0.remote_mac) /
Neale Rannsc0a93142018-09-05 15:42:26 -0700878 IP(src=eps[0].ip4.address,
879 dst="10.0.0.99") /
Neale Ranns25b04942018-04-04 09:34:50 -0700880 UDP(sport=1234, dport=1234) /
881 Raw('\xa5' * 100))
882
883 self.send_and_expect_bridged(self.pg4,
884 pkt_intra_epg_220_from_uplink * 65,
885 self.pg0)
886
887 #
888 # in the absence of policy, endpoints in the same EPG
Neale Rannsbc27d1b2018-02-05 01:13:38 -0800889 # can communicate
890 #
891 pkt_intra_epg = (Ether(src=self.pg0.remote_mac,
Neale Ranns25b04942018-04-04 09:34:50 -0700892 dst=self.pg1.remote_mac) /
Neale Rannsc0a93142018-09-05 15:42:26 -0700893 IP(src=eps[0].ip4.address,
894 dst=eps[1].ip4.address) /
Neale Rannsbc27d1b2018-02-05 01:13:38 -0800895 UDP(sport=1234, dport=1234) /
896 Raw('\xa5' * 100))
897
Neale Ranns25b04942018-04-04 09:34:50 -0700898 self.send_and_expect_bridged(self.pg0, pkt_intra_epg * 65, self.pg1)
Neale Rannsbc27d1b2018-02-05 01:13:38 -0800899
900 #
901 # in the abscense of policy, endpoints in the different EPG
902 # cannot communicate
903 #
904 pkt_inter_epg_220_to_221 = (Ether(src=self.pg0.remote_mac,
Neale Ranns25b04942018-04-04 09:34:50 -0700905 dst=self.pg2.remote_mac) /
Neale Rannsc0a93142018-09-05 15:42:26 -0700906 IP(src=eps[0].ip4.address,
907 dst=eps[2].ip4.address) /
Neale Rannsbc27d1b2018-02-05 01:13:38 -0800908 UDP(sport=1234, dport=1234) /
909 Raw('\xa5' * 100))
910 pkt_inter_epg_221_to_220 = (Ether(src=self.pg2.remote_mac,
Neale Ranns25b04942018-04-04 09:34:50 -0700911 dst=self.pg0.remote_mac) /
Neale Rannsc0a93142018-09-05 15:42:26 -0700912 IP(src=eps[2].ip4.address,
913 dst=eps[0].ip4.address) /
Neale Ranns25b04942018-04-04 09:34:50 -0700914 UDP(sport=1234, dport=1234) /
915 Raw('\xa5' * 100))
916 pkt_inter_epg_220_to_222 = (Ether(src=self.pg0.remote_mac,
917 dst=self.router_mac) /
Neale Rannsc0a93142018-09-05 15:42:26 -0700918 IP(src=eps[0].ip4.address,
919 dst=eps[3].ip4.address) /
Neale Rannsbc27d1b2018-02-05 01:13:38 -0800920 UDP(sport=1234, dport=1234) /
921 Raw('\xa5' * 100))
922
923 self.send_and_assert_no_replies(self.pg0,
924 pkt_inter_epg_220_to_221 * 65)
925 self.send_and_assert_no_replies(self.pg0,
Neale Ranns25b04942018-04-04 09:34:50 -0700926 pkt_inter_epg_220_to_222 * 65)
Neale Rannsbc27d1b2018-02-05 01:13:38 -0800927
928 #
929 # A uni-directional contract from EPG 220 -> 221
930 #
Mohsin Kazmi22b3b842018-04-17 19:35:42 +0200931 acl = VppGbpAcl(self)
932 rule = acl.create_rule(permit_deny=1, proto=17)
933 rule2 = acl.create_rule(is_ipv6=1, permit_deny=1, proto=17)
934 acl_index = acl.add_vpp_config([rule, rule2])
935 c1 = VppGbpContract(self, 220, 221, acl_index)
Neale Rannsbc27d1b2018-02-05 01:13:38 -0800936 c1.add_vpp_config()
937
Neale Ranns25b04942018-04-04 09:34:50 -0700938 self.send_and_expect_bridged(self.pg0,
939 pkt_inter_epg_220_to_221 * 65,
940 self.pg2)
941 self.send_and_assert_no_replies(self.pg0,
942 pkt_inter_epg_220_to_222 * 65)
Neale Rannsbc27d1b2018-02-05 01:13:38 -0800943
944 #
945 # contract for the return direction
946 #
Mohsin Kazmi22b3b842018-04-17 19:35:42 +0200947 c2 = VppGbpContract(self, 221, 220, acl_index)
Neale Rannsbc27d1b2018-02-05 01:13:38 -0800948 c2.add_vpp_config()
949
Neale Ranns25b04942018-04-04 09:34:50 -0700950 self.send_and_expect_bridged(self.pg0,
951 pkt_inter_epg_220_to_221 * 65,
952 self.pg2)
953 self.send_and_expect_bridged(self.pg2,
954 pkt_inter_epg_221_to_220 * 65,
955 self.pg0)
Neale Rannsbc27d1b2018-02-05 01:13:38 -0800956
957 #
958 # check that inter group is still disabled for the groups
959 # not in the contract.
960 #
961 self.send_and_assert_no_replies(self.pg0,
962 pkt_inter_epg_220_to_222 * 65)
963
Neale Ranns25b04942018-04-04 09:34:50 -0700964 #
965 # A uni-directional contract from EPG 220 -> 222 'L3 routed'
966 #
Mohsin Kazmi22b3b842018-04-17 19:35:42 +0200967 c3 = VppGbpContract(self, 220, 222, acl_index)
Neale Ranns25b04942018-04-04 09:34:50 -0700968 c3.add_vpp_config()
969
Neale Rannsbc27d1b2018-02-05 01:13:38 -0800970 self.logger.info(self.vapi.cli("sh gbp contract"))
971
Neale Ranns25b04942018-04-04 09:34:50 -0700972 self.send_and_expect_routed(self.pg0,
973 pkt_inter_epg_220_to_222 * 65,
974 self.pg3,
975 self.router_mac)
976
Neale Rannsbc27d1b2018-02-05 01:13:38 -0800977 #
978 # remove both contracts, traffic stops in both directions
979 #
980 c2.remove_vpp_config()
981 c1.remove_vpp_config()
Neale Ranns25b04942018-04-04 09:34:50 -0700982 c3.remove_vpp_config()
Mohsin Kazmi22b3b842018-04-17 19:35:42 +0200983 acl.remove_vpp_config()
Neale Rannsbc27d1b2018-02-05 01:13:38 -0800984
985 self.send_and_assert_no_replies(self.pg2,
986 pkt_inter_epg_221_to_220 * 65)
987 self.send_and_assert_no_replies(self.pg0,
988 pkt_inter_epg_220_to_221 * 65)
Neale Ranns25b04942018-04-04 09:34:50 -0700989 self.send_and_expect_bridged(self.pg0, pkt_intra_epg * 65, self.pg1)
Neale Rannsbc27d1b2018-02-05 01:13:38 -0800990
991 #
Neale Ranns25b04942018-04-04 09:34:50 -0700992 # EPs to the outside world
Neale Rannsbc27d1b2018-02-05 01:13:38 -0800993 #
Neale Rannsbc27d1b2018-02-05 01:13:38 -0800994
Neale Ranns25b04942018-04-04 09:34:50 -0700995 # in the EP's RD an external subnet via the NAT EPG's recirc
996 se1 = VppGbpSubnet(self, 0, "0.0.0.0", 0,
997 is_internal=False,
998 sw_if_index=recirc_nat.recirc.sw_if_index,
999 epg=epg_nat.epg)
1000 se1.add_vpp_config()
1001 se2 = VppGbpSubnet(self, 0, "11.0.0.0", 8,
1002 is_internal=False,
1003 sw_if_index=recirc_nat.recirc.sw_if_index,
1004 epg=epg_nat.epg)
1005 se2.add_vpp_config()
Neale Ranns4a6d0232018-04-24 07:45:33 -07001006 se16 = VppGbpSubnet(self, 0, "::", 0,
1007 is_internal=False,
1008 sw_if_index=recirc_nat.recirc.sw_if_index,
Neale Rannsc0a93142018-09-05 15:42:26 -07001009 epg=epg_nat.epg)
Neale Ranns4a6d0232018-04-24 07:45:33 -07001010 se16.add_vpp_config()
Neale Ranns25b04942018-04-04 09:34:50 -07001011 # in the NAT RD an external subnet via the NAT EPG's uplink
1012 se3 = VppGbpSubnet(self, 20, "0.0.0.0", 0,
1013 is_internal=False,
1014 sw_if_index=epg_nat.uplink.sw_if_index,
1015 epg=epg_nat.epg)
Neale Ranns4a6d0232018-04-24 07:45:33 -07001016 se36 = VppGbpSubnet(self, 20, "::", 0,
1017 is_internal=False,
1018 sw_if_index=epg_nat.uplink.sw_if_index,
Neale Rannsc0a93142018-09-05 15:42:26 -07001019 epg=epg_nat.epg)
Neale Ranns25b04942018-04-04 09:34:50 -07001020 se4 = VppGbpSubnet(self, 20, "11.0.0.0", 8,
1021 is_internal=False,
1022 sw_if_index=epg_nat.uplink.sw_if_index,
1023 epg=epg_nat.epg)
1024 se3.add_vpp_config()
Neale Ranns4a6d0232018-04-24 07:45:33 -07001025 se36.add_vpp_config()
Neale Ranns25b04942018-04-04 09:34:50 -07001026 se4.add_vpp_config()
Neale Rannsbc27d1b2018-02-05 01:13:38 -08001027
Neale Ranns25b04942018-04-04 09:34:50 -07001028 self.logger.info(self.vapi.cli("sh ip fib 0.0.0.0/0"))
1029 self.logger.info(self.vapi.cli("sh ip fib 11.0.0.1"))
Neale Ranns4a6d0232018-04-24 07:45:33 -07001030 self.logger.info(self.vapi.cli("sh ip6 fib ::/0"))
1031 self.logger.info(self.vapi.cli("sh ip6 fib %s" %
Neale Rannsc0a93142018-09-05 15:42:26 -07001032 eps[0].fip6))
Neale Ranns25b04942018-04-04 09:34:50 -07001033
Neale Ranns4a6d0232018-04-24 07:45:33 -07001034 #
1035 # From an EP to an outside addess: IN2OUT
1036 #
Neale Ranns25b04942018-04-04 09:34:50 -07001037 pkt_inter_epg_220_to_global = (Ether(src=self.pg0.remote_mac,
1038 dst=self.router_mac) /
Neale Rannsc0a93142018-09-05 15:42:26 -07001039 IP(src=eps[0].ip4.address,
1040 dst="1.1.1.1") /
Neale Ranns25b04942018-04-04 09:34:50 -07001041 UDP(sport=1234, dport=1234) /
1042 Raw('\xa5' * 100))
1043
1044 # no policy yet
1045 self.send_and_assert_no_replies(self.pg0,
1046 pkt_inter_epg_220_to_global * 65)
1047
Mohsin Kazmi22b3b842018-04-17 19:35:42 +02001048 acl2 = VppGbpAcl(self)
1049 rule = acl2.create_rule(permit_deny=1, proto=17, sport_from=1234,
1050 sport_to=1234, dport_from=1234, dport_to=1234)
1051 rule2 = acl2.create_rule(is_ipv6=1, permit_deny=1, proto=17,
1052 sport_from=1234, sport_to=1234,
1053 dport_from=1234, dport_to=1234)
1054
1055 acl_index2 = acl2.add_vpp_config([rule, rule2])
1056 c4 = VppGbpContract(self, 220, 333, acl_index2)
Neale Ranns25b04942018-04-04 09:34:50 -07001057 c4.add_vpp_config()
1058
1059 self.send_and_expect_natted(self.pg0,
1060 pkt_inter_epg_220_to_global * 65,
1061 self.pg7,
Neale Rannsc0a93142018-09-05 15:42:26 -07001062 eps[0].fip4.address)
Neale Ranns25b04942018-04-04 09:34:50 -07001063
Neale Ranns4a6d0232018-04-24 07:45:33 -07001064 pkt_inter_epg_220_to_global = (Ether(src=self.pg0.remote_mac,
1065 dst=self.router_mac) /
Neale Rannsc0a93142018-09-05 15:42:26 -07001066 IPv6(src=eps[0].ip6.address,
1067 dst="6001::1") /
Neale Ranns4a6d0232018-04-24 07:45:33 -07001068 UDP(sport=1234, dport=1234) /
1069 Raw('\xa5' * 100))
1070
1071 self.send_and_expect_natted6(self.pg0,
1072 pkt_inter_epg_220_to_global * 65,
1073 self.pg7,
Neale Rannsc0a93142018-09-05 15:42:26 -07001074 eps[0].fip6.address)
Neale Ranns4a6d0232018-04-24 07:45:33 -07001075
1076 #
1077 # From a global address to an EP: OUT2IN
1078 #
Neale Ranns25b04942018-04-04 09:34:50 -07001079 pkt_inter_epg_220_from_global = (Ether(src=self.router_mac,
1080 dst=self.pg0.remote_mac) /
Neale Rannsc0a93142018-09-05 15:42:26 -07001081 IP(dst=eps[0].fip4.address,
Neale Ranns25b04942018-04-04 09:34:50 -07001082 src="1.1.1.1") /
1083 UDP(sport=1234, dport=1234) /
1084 Raw('\xa5' * 100))
1085
1086 self.send_and_assert_no_replies(self.pg7,
1087 pkt_inter_epg_220_from_global * 65)
1088
Mohsin Kazmi22b3b842018-04-17 19:35:42 +02001089 c5 = VppGbpContract(self, 333, 220, acl_index2)
Neale Ranns25b04942018-04-04 09:34:50 -07001090 c5.add_vpp_config()
1091
1092 self.send_and_expect_unnatted(self.pg7,
1093 pkt_inter_epg_220_from_global * 65,
Neale Ranns4a6d0232018-04-24 07:45:33 -07001094 eps[0].itf,
Neale Rannsc0a93142018-09-05 15:42:26 -07001095 eps[0].ip4.address)
Neale Ranns25b04942018-04-04 09:34:50 -07001096
Neale Ranns4a6d0232018-04-24 07:45:33 -07001097 pkt_inter_epg_220_from_global = (Ether(src=self.router_mac,
1098 dst=self.pg0.remote_mac) /
Neale Rannsc0a93142018-09-05 15:42:26 -07001099 IPv6(dst=eps[0].fip6.address,
Neale Ranns4a6d0232018-04-24 07:45:33 -07001100 src="6001::1") /
1101 UDP(sport=1234, dport=1234) /
1102 Raw('\xa5' * 100))
1103
1104 self.send_and_expect_unnatted6(self.pg7,
1105 pkt_inter_epg_220_from_global * 65,
Neale Rannsc0a93142018-09-05 15:42:26 -07001106 eps[0].itf,
1107 eps[0].ip6.address)
Neale Ranns4a6d0232018-04-24 07:45:33 -07001108
1109 #
1110 # From a local VM to another local VM using resp. public addresses:
1111 # IN2OUT2IN
1112 #
Neale Ranns25b04942018-04-04 09:34:50 -07001113 pkt_intra_epg_220_global = (Ether(src=self.pg0.remote_mac,
1114 dst=self.router_mac) /
Neale Rannsc0a93142018-09-05 15:42:26 -07001115 IP(src=eps[0].ip4.address,
1116 dst=eps[1].fip4.address) /
Neale Rannsbc27d1b2018-02-05 01:13:38 -08001117 UDP(sport=1234, dport=1234) /
1118 Raw('\xa5' * 100))
1119
Neale Ranns4a6d0232018-04-24 07:45:33 -07001120 self.send_and_expect_double_natted(eps[0].itf,
Neale Ranns25b04942018-04-04 09:34:50 -07001121 pkt_intra_epg_220_global * 65,
Neale Ranns4a6d0232018-04-24 07:45:33 -07001122 eps[1].itf,
Neale Rannsc0a93142018-09-05 15:42:26 -07001123 eps[0].fip4.address,
1124 eps[1].ip4.address)
Neale Ranns4a6d0232018-04-24 07:45:33 -07001125
Neale Rannsc0a93142018-09-05 15:42:26 -07001126 pkt_intra_epg_220_global = (Ether(src=self.pg0.remote_mac,
Neale Ranns4a6d0232018-04-24 07:45:33 -07001127 dst=self.router_mac) /
Neale Rannsc0a93142018-09-05 15:42:26 -07001128 IPv6(src=eps[0].ip6.address,
1129 dst=eps[1].fip6.address) /
Neale Ranns4a6d0232018-04-24 07:45:33 -07001130 UDP(sport=1234, dport=1234) /
1131 Raw('\xa5' * 100))
1132
Neale Rannsc0a93142018-09-05 15:42:26 -07001133 self.send_and_expect_double_natted6(eps[0].itf,
Neale Ranns4a6d0232018-04-24 07:45:33 -07001134 pkt_intra_epg_220_global * 65,
Neale Rannsc0a93142018-09-05 15:42:26 -07001135 eps[1].itf,
1136 eps[0].fip6.address,
1137 eps[1].ip6.address)
Neale Rannsbc27d1b2018-02-05 01:13:38 -08001138
1139 #
Neale Ranns25b04942018-04-04 09:34:50 -07001140 # cleanup
Neale Rannsbc27d1b2018-02-05 01:13:38 -08001141 #
Neale Ranns25b04942018-04-04 09:34:50 -07001142 for ep in eps:
1143 # del static mappings for each EP from the 10/8 to 11/8 network
Neale Rannsc0a93142018-09-05 15:42:26 -07001144 self.vapi.nat44_add_del_static_mapping(ep.ip4.bytes,
1145 ep.fip4.bytes,
1146 vrf_id=0,
1147 addr_only=1,
1148 is_add=0)
1149 self.vapi.nat66_add_del_static_mapping(ep.ip6.bytes,
1150 ep.fip6.bytes,
1151 vrf_id=0,
1152 is_add=0)
Neale Rannsbc27d1b2018-02-05 01:13:38 -08001153
Neale Ranns25b04942018-04-04 09:34:50 -07001154 for epg in epgs:
1155 # IP config on the BVI interfaces
1156 self.vapi.sw_interface_add_del_address(epg.bvi.sw_if_index,
1157 epg.bvi_ip4_n,
1158 32,
1159 is_add=0)
Neale Ranns4a6d0232018-04-24 07:45:33 -07001160 self.vapi.sw_interface_add_del_address(epg.bvi.sw_if_index,
1161 epg.bvi_ip6_n,
1162 128,
1163 is_add=0,
1164 is_ipv6=True)
Neale Ranns25b04942018-04-04 09:34:50 -07001165 self.logger.info(self.vapi.cli("sh int addr"))
Neale Rannsbc27d1b2018-02-05 01:13:38 -08001166
Neale Ranns25b04942018-04-04 09:34:50 -07001167 epg.uplink.set_table_ip4(0)
Neale Ranns4a6d0232018-04-24 07:45:33 -07001168 epg.uplink.set_table_ip6(0)
Neale Rannsbc27d1b2018-02-05 01:13:38 -08001169
Neale Ranns25b04942018-04-04 09:34:50 -07001170 if epg != epgs[0] and epg != epgs[3]:
1171 epg.bvi.set_table_ip4(0)
Neale Ranns4a6d0232018-04-24 07:45:33 -07001172 epg.bvi.set_table_ip6(0)
Neale Rannsbc27d1b2018-02-05 01:13:38 -08001173
Neale Ranns25b04942018-04-04 09:34:50 -07001174 self.vapi.nat44_interface_add_del_feature(epg.bvi.sw_if_index,
1175 is_inside=1,
1176 is_add=0)
Neale Ranns4a6d0232018-04-24 07:45:33 -07001177 self.vapi.nat66_add_del_interface(epg.bvi.sw_if_index,
1178 is_inside=1,
1179 is_add=0)
Neale Rannsbc27d1b2018-02-05 01:13:38 -08001180
Neale Ranns25b04942018-04-04 09:34:50 -07001181 for recirc in recircs:
1182 recirc.recirc.set_table_ip4(0)
Neale Ranns4a6d0232018-04-24 07:45:33 -07001183 recirc.recirc.set_table_ip6(0)
Neale Rannsbc27d1b2018-02-05 01:13:38 -08001184
Neale Ranns4a6d0232018-04-24 07:45:33 -07001185 self.vapi.nat44_interface_add_del_feature(
1186 recirc.recirc.sw_if_index,
1187 is_inside=0,
1188 is_add=0)
1189 self.vapi.nat66_add_del_interface(
1190 recirc.recirc.sw_if_index,
1191 is_inside=0,
1192 is_add=0)
Neale Rannsbc27d1b2018-02-05 01:13:38 -08001193
1194
1195if __name__ == '__main__':
1196 unittest.main(testRunner=VppTestRunner)