Gitiles
Code Review Sign In
gerrit.nordix.org / fdio / vpp / de0203edd2177f627cc655b52ffdf921d94d5d26 / . / test / test_dvr.py
blob: e2e960584a6c42c8b80d0561b2ebdaf53c1ab085 [file] [log] [blame]
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]1#!/usr/bin/env python
2import random
3import socket
4import unittest
5
6from framework import VppTestCase, VppTestRunner
7from vpp_sub_interface import VppSubInterface, VppDot1QSubint
Neale Ranns55d03782017-10-21 06:34:22 -0700[diff] [blame]8from vpp_ip_route import VppIpRoute, VppRoutePath, DpoProto, VppIpMRoute, \
9 VppMRoutePath, MRouteEntryFlags, MRouteItfFlags
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]10from vpp_papi_provider import L2_VTR_OP
11
12from scapy.packet import Raw
13from scapy.layers.l2 import Ether, Dot1Q, ARP
14from scapy.layers.inet import IP, UDP
15from util import ppp
Neale Rannsf068c3e2018-01-03 04:18:48 -0800[diff] [blame]16from socket import AF_INET, inet_pton
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]17
18
19class TestDVR(VppTestCase):
Neale Ranns62fe07c2017-10-31 12:28:22 -0700[diff] [blame]20 """ Distributed Virtual Router """
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]21
22 def setUp(self):
23 super(TestDVR, self).setUp()
24
25 self.create_pg_interfaces(range(4))
26 self.create_loopback_interfaces(range(1))
27
28 for i in self.pg_interfaces:
29 i.admin_up()
30
31 self.loop0.config_ip4()
32
33 def tearDown(self):
34 for i in self.pg_interfaces:
35 i.admin_down()
36 self.loop0.unconfig_ip4()
37
38 super(TestDVR, self).tearDown()
39
Neale Ranns55d03782017-10-21 06:34:22 -0700[diff] [blame]40 def assert_same_mac_addr(self, tx, rx):
41 t_eth = tx[Ether]
42 for p in rx:
43 r_eth = p[Ether]
44 self.assertEqual(t_eth.src, r_eth.src)
45 self.assertEqual(t_eth.dst, r_eth.dst)
46
47 def assert_has_vlan_tag(self, tag, rx):
48 for p in rx:
49 r_1q = p[Dot1Q]
50 self.assertEqual(tag, r_1q.vlan)
51
52 def assert_has_no_tag(self, rx):
53 for p in rx:
54 self.assertFalse(p.haslayer(Dot1Q))
55
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]56 def test_dvr(self):
57 """ Distributed Virtual Router """
58
59 #
60 # A packet destined to an IP address that is L2 bridged via
61 # a non-tag interface
62 #
63 ip_non_tag_bridged = "10.10.10.10"
64 ip_tag_bridged = "10.10.10.11"
65 any_src_addr = "1.1.1.1"
66
67 pkt_no_tag = (Ether(src=self.pg0.remote_mac,
68 dst=self.loop0.local_mac) /
69 IP(src=any_src_addr,
70 dst=ip_non_tag_bridged) /
71 UDP(sport=1234, dport=1234) /
72 Raw('\xa5' * 100))
73 pkt_tag = (Ether(src=self.pg0.remote_mac,
74 dst=self.loop0.local_mac) /
75 IP(src=any_src_addr,
76 dst=ip_tag_bridged) /
77 UDP(sport=1234, dport=1234) /
78 Raw('\xa5' * 100))
79
80 #
81 # Two sub-interfaces so we can test VLAN tag push/pop
82 #
83 sub_if_on_pg2 = VppDot1QSubint(self, self.pg2, 92)
84 sub_if_on_pg3 = VppDot1QSubint(self, self.pg3, 93)
85 sub_if_on_pg2.admin_up()
86 sub_if_on_pg3.admin_up()
87
88 #
89 # Put all the interfaces into a new bridge domain
90 #
91 self.vapi.sw_interface_set_l2_bridge(self.pg0.sw_if_index, 1)
92 self.vapi.sw_interface_set_l2_bridge(self.pg1.sw_if_index, 1)
93 self.vapi.sw_interface_set_l2_bridge(sub_if_on_pg2.sw_if_index, 1)
94 self.vapi.sw_interface_set_l2_bridge(sub_if_on_pg3.sw_if_index, 1)
95 self.vapi.sw_interface_set_l2_bridge(self.loop0.sw_if_index, 1, bvi=1)
96
97 self.vapi.sw_interface_set_l2_tag_rewrite(sub_if_on_pg2.sw_if_index,
98 L2_VTR_OP.L2_POP_1,
99 92)
100 self.vapi.sw_interface_set_l2_tag_rewrite(sub_if_on_pg3.sw_if_index,
101 L2_VTR_OP.L2_POP_1,
102 93)
103
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]104 #
105 # Add routes to bridge the traffic via a tagged an nontagged interface
106 #
107 route_no_tag = VppIpRoute(
108 self, ip_non_tag_bridged, 32,
109 [VppRoutePath("0.0.0.0",
110 self.pg1.sw_if_index,
Neale Rannsf068c3e2018-01-03 04:18:48 -0800[diff] [blame]111 is_dvr=1)])
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]112 route_no_tag.add_vpp_config()
113
114 #
115 # Inject the packet that arrives and leaves on a non-tagged interface
116 # Since it's 'bridged' expect that the MAC headed is unchanged.
117 #
Neale Rannsf068c3e2018-01-03 04:18:48 -0800[diff] [blame]118 rx = self.send_and_expect(self.pg0, pkt_no_tag * 65, self.pg1)
119 self.assert_same_mac_addr(pkt_no_tag, rx)
120 self.assert_has_no_tag(rx)
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]121
122 #
123 # Add routes to bridge the traffic via a tagged interface
124 #
Neale Ranns55d03782017-10-21 06:34:22 -0700[diff] [blame]125 route_with_tag = VppIpRoute(
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]126 self, ip_tag_bridged, 32,
127 [VppRoutePath("0.0.0.0",
128 sub_if_on_pg3.sw_if_index,
Neale Rannsf068c3e2018-01-03 04:18:48 -0800[diff] [blame]129 is_dvr=1)])
Neale Ranns55d03782017-10-21 06:34:22 -0700[diff] [blame]130 route_with_tag.add_vpp_config()
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]131
132 #
Neale Rannsf068c3e2018-01-03 04:18:48 -0800[diff] [blame]133 # Inject the packet that arrives non-tag and leaves on a tagged
134 # interface
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]135 #
Neale Ranns55d03782017-10-21 06:34:22 -0700[diff] [blame]136 rx = self.send_and_expect(self.pg0, pkt_tag * 65, self.pg3)
137 self.assert_same_mac_addr(pkt_tag, rx)
138 self.assert_has_vlan_tag(93, rx)
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]139
140 #
141 # Tag to tag
142 #
143 pkt_tag_to_tag = (Ether(src=self.pg2.remote_mac,
144 dst=self.loop0.local_mac) /
145 Dot1Q(vlan=92) /
146 IP(src=any_src_addr,
147 dst=ip_tag_bridged) /
148 UDP(sport=1234, dport=1234) /
149 Raw('\xa5' * 100))
150
Neale Ranns55d03782017-10-21 06:34:22 -0700[diff] [blame]151 rx = self.send_and_expect(self.pg2, pkt_tag_to_tag * 65, self.pg3)
152 self.assert_same_mac_addr(pkt_tag_to_tag, rx)
153 self.assert_has_vlan_tag(93, rx)
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]154
155 #
156 # Tag to non-Tag
157 #
158 pkt_tag_to_non_tag = (Ether(src=self.pg2.remote_mac,
159 dst=self.loop0.local_mac) /
160 Dot1Q(vlan=92) /
161 IP(src=any_src_addr,
162 dst=ip_non_tag_bridged) /
163 UDP(sport=1234, dport=1234) /
164 Raw('\xa5' * 100))
165
Neale Ranns55d03782017-10-21 06:34:22 -0700[diff] [blame]166 rx = self.send_and_expect(self.pg2, pkt_tag_to_non_tag * 65, self.pg1)
167 self.assert_same_mac_addr(pkt_tag_to_tag, rx)
168 self.assert_has_no_tag(rx)
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]169
Neale Ranns55d03782017-10-21 06:34:22 -0700[diff] [blame]170 #
Neale Rannsf068c3e2018-01-03 04:18:48 -0800[diff] [blame]171 # Add an output L3 ACL that will block the traffic
172 #
173 rule_1 = ({'is_permit': 0,
174 'is_ipv6': 0,
175 'proto': 17,
176 'srcport_or_icmptype_first': 1234,
177 'srcport_or_icmptype_last': 1234,
178 'src_ip_prefix_len': 32,
179 'src_ip_addr': inet_pton(AF_INET, any_src_addr),
180 'dstport_or_icmpcode_first': 1234,
181 'dstport_or_icmpcode_last': 1234,
182 'dst_ip_prefix_len': 32,
183 'dst_ip_addr': inet_pton(AF_INET, ip_non_tag_bridged)})
184 acl = self.vapi.acl_add_replace(acl_index=4294967295,
185 r=[rule_1])
186
187 #
188 # Apply the ACL on the output interface
189 #
190 self.vapi.acl_interface_set_acl_list(self.pg1.sw_if_index,
191 0,
192 [acl.acl_index])
193
194 #
195 # Send packet's that should match the ACL and be dropped
196 #
197 rx = self.send_and_assert_no_replies(self.pg2, pkt_tag_to_non_tag * 65)
198
199 #
Neale Ranns55d03782017-10-21 06:34:22 -0700[diff] [blame]200 # cleanup
201 #
Neale Rannsf068c3e2018-01-03 04:18:48 -0800[diff] [blame]202 self.vapi.acl_interface_set_acl_list(self.pg1.sw_if_index,
203 0, [])
204 self.vapi.acl_del(acl.acl_index)
205
Neale Ranns55d03782017-10-21 06:34:22 -0700[diff] [blame]206 self.vapi.sw_interface_set_l2_bridge(self.pg0.sw_if_index, 1,
207 enable=0)
208 self.vapi.sw_interface_set_l2_bridge(self.pg1.sw_if_index, 1,
209 enable=0)
210 self.vapi.sw_interface_set_l2_bridge(sub_if_on_pg2.sw_if_index,
211 1, enable=0)
212 self.vapi.sw_interface_set_l2_bridge(sub_if_on_pg3.sw_if_index,
213 1, enable=0)
214 self.vapi.sw_interface_set_l2_bridge(self.loop0.sw_if_index,
215 1, bvi=1, enable=0)
216
217 #
218 # the explicit route delete is require so it happens before
219 # the sbu-interface delete. subinterface delete is required
220 # because that object type does not use the object registry
221 #
222 route_no_tag.remove_vpp_config()
223 route_with_tag.remove_vpp_config()
224 sub_if_on_pg3.remove_vpp_config()
225 sub_if_on_pg2.remove_vpp_config()
226
227 def test_l2_emulation(self):
228 """ L2 Emulation """
229
230 #
231 # non distinct L3 packets, in the tag/non-tag combos
232 #
233 pkt_no_tag = (Ether(src=self.pg0.remote_mac,
234 dst=self.pg1.remote_mac) /
235 IP(src="2.2.2.2",
236 dst="1.1.1.1") /
237 UDP(sport=1234, dport=1234) /
238 Raw('\xa5' * 100))
239 pkt_to_tag = (Ether(src=self.pg0.remote_mac,
240 dst=self.pg2.remote_mac) /
241 IP(src="2.2.2.2",
242 dst="1.1.1.2") /
243 UDP(sport=1234, dport=1234) /
244 Raw('\xa5' * 100))
245 pkt_from_tag = (Ether(src=self.pg3.remote_mac,
246 dst=self.pg2.remote_mac) /
247 Dot1Q(vlan=93) /
248 IP(src="2.2.2.2",
249 dst="1.1.1.1") /
250 UDP(sport=1234, dport=1234) /
251 Raw('\xa5' * 100))
252 pkt_from_to_tag = (Ether(src=self.pg3.remote_mac,
253 dst=self.pg2.remote_mac) /
254 Dot1Q(vlan=93) /
255 IP(src="2.2.2.2",
256 dst="1.1.1.2") /
257 UDP(sport=1234, dport=1234) /
258 Raw('\xa5' * 100))
259 pkt_bcast = (Ether(src=self.pg0.remote_mac,
260 dst="ff:ff:ff:ff:ff:ff") /
261 IP(src="2.2.2.2",
262 dst="255.255.255.255") /
263 UDP(sport=1234, dport=1234) /
264 Raw('\xa5' * 100))
265
266 #
267 # A couple of sub-interfaces for tags
268 #
269 sub_if_on_pg2 = VppDot1QSubint(self, self.pg2, 92)
270 sub_if_on_pg3 = VppDot1QSubint(self, self.pg3, 93)
271 sub_if_on_pg2.admin_up()
272 sub_if_on_pg3.admin_up()
273
274 #
275 # Put all the interfaces into a new bridge domain
276 #
277 self.vapi.sw_interface_set_l2_bridge(self.pg0.sw_if_index, 1)
278 self.vapi.sw_interface_set_l2_bridge(self.pg1.sw_if_index, 1)
279 self.vapi.sw_interface_set_l2_bridge(sub_if_on_pg2.sw_if_index, 1)
280 self.vapi.sw_interface_set_l2_bridge(sub_if_on_pg3.sw_if_index, 1)
281 self.vapi.sw_interface_set_l2_tag_rewrite(sub_if_on_pg2.sw_if_index,
282 L2_VTR_OP.L2_POP_1,
283 92)
284 self.vapi.sw_interface_set_l2_tag_rewrite(sub_if_on_pg3.sw_if_index,
285 L2_VTR_OP.L2_POP_1,
286 93)
287
288 #
Neale Rannsf068c3e2018-01-03 04:18:48 -0800[diff] [blame]289 # Disable UU flooding, learning and ARP terminaation. makes this test
Neale Ranns55d03782017-10-21 06:34:22 -0700[diff] [blame]290 # easier as unicast packets are dropped if not extracted.
291 #
292 self.vapi.bridge_flags(1, 0, (1 << 0) | (1 << 3) | (1 << 4))
293
294 #
295 # Add a DVR route to steer traffic at L3
296 #
297 route_1 = VppIpRoute(self, "1.1.1.1", 32,
298 [VppRoutePath("0.0.0.0",
299 self.pg1.sw_if_index,
Neale Rannsf068c3e2018-01-03 04:18:48 -0800[diff] [blame]300 is_dvr=1)])
Neale Ranns55d03782017-10-21 06:34:22 -0700[diff] [blame]301 route_2 = VppIpRoute(self, "1.1.1.2", 32,
302 [VppRoutePath("0.0.0.0",
303 sub_if_on_pg2.sw_if_index,
Neale Rannsf068c3e2018-01-03 04:18:48 -0800[diff] [blame]304 is_dvr=1)])
Neale Ranns55d03782017-10-21 06:34:22 -0700[diff] [blame]305 route_1.add_vpp_config()
306 route_2.add_vpp_config()
307
308 #
309 # packets are dropped because bridge does not flood unkown unicast
310 #
311 self.send_and_assert_no_replies(self.pg0, pkt_no_tag)
312
313 #
314 # Enable L3 extraction on pgs
315 #
316 self.vapi.sw_interface_set_l2_emulation(self.pg0.sw_if_index)
317 self.vapi.sw_interface_set_l2_emulation(self.pg1.sw_if_index)
318 self.vapi.sw_interface_set_l2_emulation(sub_if_on_pg2.sw_if_index)
319 self.vapi.sw_interface_set_l2_emulation(sub_if_on_pg3.sw_if_index)
320
321 #
322 # now we expect the packet forward according to the DVR route
323 #
324 rx = self.send_and_expect(self.pg0, pkt_no_tag * 65, self.pg1)
325 self.assert_same_mac_addr(pkt_no_tag, rx)
326 self.assert_has_no_tag(rx)
327
328 rx = self.send_and_expect(self.pg0, pkt_to_tag * 65, self.pg2)
329 self.assert_same_mac_addr(pkt_to_tag, rx)
330 self.assert_has_vlan_tag(92, rx)
331
332 rx = self.send_and_expect(self.pg3, pkt_from_tag * 65, self.pg1)
333 self.assert_same_mac_addr(pkt_from_tag, rx)
334 self.assert_has_no_tag(rx)
335
336 rx = self.send_and_expect(self.pg3, pkt_from_to_tag * 65, self.pg2)
337 self.assert_same_mac_addr(pkt_from_tag, rx)
338 self.assert_has_vlan_tag(92, rx)
339
340 #
341 # but broadcast packets are still flooded
342 #
343 self.send_and_expect(self.pg0, pkt_bcast * 33, self.pg2)
344
345 #
346 # cleanup
347 #
348 self.vapi.sw_interface_set_l2_emulation(self.pg0.sw_if_index,
349 enable=0)
350 self.vapi.sw_interface_set_l2_emulation(self.pg1.sw_if_index,
351 enable=0)
352 self.vapi.sw_interface_set_l2_emulation(sub_if_on_pg2.sw_if_index,
353 enable=0)
354 self.vapi.sw_interface_set_l2_emulation(sub_if_on_pg3.sw_if_index,
355 enable=0)
356
357 self.vapi.sw_interface_set_l2_bridge(self.pg0.sw_if_index,
358 1, enable=0)
359 self.vapi.sw_interface_set_l2_bridge(self.pg1.sw_if_index,
360 1, enable=0)
361 self.vapi.sw_interface_set_l2_bridge(sub_if_on_pg2.sw_if_index,
362 1, enable=0)
363 self.vapi.sw_interface_set_l2_bridge(sub_if_on_pg3.sw_if_index,
364 1, enable=0)
365
366 route_1.remove_vpp_config()
367 route_2.remove_vpp_config()
368 sub_if_on_pg3.remove_vpp_config()
369 sub_if_on_pg2.remove_vpp_config()
370
Neale Ranns6f631152017-10-03 08:20:21 -0700[diff] [blame]371
372if __name__ == '__main__':
373 unittest.main(testRunner=VppTestRunner)