Add 100k tunnels ipsec policy mode with fastpath enabled test suite

Signed-off-by: xinfeng zhao <xinfengx.zhao@intel.com>
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: I3708253adf4c7421ff48eee6aefb735b39726359

2 files changed, 57 insertions, 25 deletions

diff --git a/resources/libraries/python/IPsecUtil.py b/resources/libraries/python/IPsecUtil.py
index 9c5337b8d4..363558dcaf 100644
--- a/resources/libraries/python/IPsecUtil.py
+++ b/resources/libraries/python/IPsecUtil.py
@@ -1887,10 +1887,6 @@ class IPsecUtil:
         sa_id_2 = 200000
         spi_1 = 300000
         spi_2 = 400000
-        dut1_local_outbound_range = ip_network(f"{tunnel_ip1}/8", False).\
-            with_prefixlen
-        dut1_remote_outbound_range = ip_network(f"{tunnel_ip2}/8", False).\
-            with_prefixlen
 
         crypto_key = gen_key(
             IPsecUtil.get_crypto_alg_key_len(crypto_alg)
@@ -1908,16 +1904,27 @@ class IPsecUtil:
 
         IPsecUtil.vpp_ipsec_add_spd(nodes[u"DUT1"], spd_id)
         IPsecUtil.vpp_ipsec_spd_add_if(nodes[u"DUT1"], spd_id, interface1)
-        IPsecUtil.vpp_ipsec_add_spd_entry(
-            nodes[u"DUT1"], spd_id, p_hi, PolicyAction.BYPASS, inbound=False,
-            proto=50, laddr_range=dut1_local_outbound_range,
-            raddr_range=dut1_remote_outbound_range
-        )
-        IPsecUtil.vpp_ipsec_add_spd_entry(
-            nodes[u"DUT1"], spd_id, p_hi, PolicyAction.BYPASS, inbound=True,
-            proto=50, laddr_range=dut1_remote_outbound_range,
-            raddr_range=dut1_local_outbound_range
-        )
+
+        addr_incr = 1 << (128 - 96) if ip_address(tunnel_ip1).version == 6 \
+            else 1 << (32 - 24)
+        for i in range(n_tunnels//(addr_incr**2)+1):
+            dut1_local_outbound_range = \
+                ip_network(f"{ip_address(tunnel_ip1) + i*(addr_incr**3)}/8",
+                False).with_prefixlen
+            dut1_remote_outbound_range = \
+                ip_network(f"{ip_address(tunnel_ip2) + i*(addr_incr**3)}/8",
+                False).with_prefixlen
+
+            IPsecUtil.vpp_ipsec_add_spd_entry(
+                nodes[u"DUT1"], spd_id, p_hi, PolicyAction.BYPASS, inbound=False,
+                proto=50, laddr_range=dut1_local_outbound_range,
+                raddr_range=dut1_remote_outbound_range
+            )
+            IPsecUtil.vpp_ipsec_add_spd_entry(
+                nodes[u"DUT1"], spd_id, p_hi, PolicyAction.BYPASS, inbound=True,
+                proto=50, laddr_range=dut1_remote_outbound_range,
+                raddr_range=dut1_local_outbound_range
+            )
 
         IPsecUtil.vpp_ipsec_add_sad_entries(
             nodes[u"DUT1"], n_tunnels, sa_id_1, spi_1, crypto_alg, crypto_key,
@@ -1950,16 +1957,24 @@ class IPsecUtil:
 
             IPsecUtil.vpp_ipsec_add_spd(nodes[u"DUT2"], spd_id)
             IPsecUtil.vpp_ipsec_spd_add_if(nodes[u"DUT2"], spd_id, interface2)
-            IPsecUtil.vpp_ipsec_add_spd_entry(
-                nodes[u"DUT2"], spd_id, p_hi, PolicyAction.BYPASS,
-                inbound=False, proto=50, laddr_range=dut1_remote_outbound_range,
-                raddr_range=dut1_local_outbound_range
-            )
-            IPsecUtil.vpp_ipsec_add_spd_entry(
-                nodes[u"DUT2"], spd_id, p_hi, PolicyAction.BYPASS,
-                inbound=True, proto=50, laddr_range=dut1_local_outbound_range,
-                raddr_range=dut1_remote_outbound_range
-            )
+            for i in range(n_tunnels//(addr_incr**2)+1):
+                dut2_local_outbound_range = \
+                    ip_network(f"{ip_address(tunnel_ip1) + i*(addr_incr**3)}/8",
+                    False).with_prefixlen
+                dut2_remote_outbound_range = \
+                    ip_network(f"{ip_address(tunnel_ip2) + i*(addr_incr**3)}/8",
+                    False).with_prefixlen
+
+                IPsecUtil.vpp_ipsec_add_spd_entry(
+                    nodes[u"DUT2"], spd_id, p_hi, PolicyAction.BYPASS,
+                    inbound=False, proto=50, laddr_range=dut2_remote_outbound_range,
+                    raddr_range=dut2_local_outbound_range
+                )
+                IPsecUtil.vpp_ipsec_add_spd_entry(
+                    nodes[u"DUT2"], spd_id, p_hi, PolicyAction.BYPASS,
+                    inbound=True, proto=50, laddr_range=dut2_local_outbound_range,
+                    raddr_range=dut2_remote_outbound_range
+                )
 
             IPsecUtil.vpp_ipsec_add_sad_entries(
                 nodes[u"DUT2"], n_tunnels, sa_id_1, spi_1, crypto_alg,
diff --git a/resources/libraries/python/VPPUtil.py b/resources/libraries/python/VPPUtil.py
index daeb568bda..0c603616a2 100644
--- a/resources/libraries/python/VPPUtil.py
+++ b/resources/libraries/python/VPPUtil.py
@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Cisco and/or its affiliates.
+# Copyright (c) 2023 Cisco and/or its affiliates.
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at:
@@ -410,3 +410,20 @@ class VPPUtil:
             reply = papi_exec.add(cmd, **args).get_reply()
 
         return reply[u"next_index"]
+
+    @staticmethod
+    def vpp_set_neighbor_limit_on_all_duts(nodes, count):
+        """VPP set neighbor count limit on all DUTs in the given topology.
+
+        :param nodes: Nodes in the topology.
+        :param count: Neighbor count need to set.
+        :type nodes: dict
+        :type count: int
+        """
+        for node in nodes.values():
+            if node[u"type"] == NodeType.DUT:
+                cmd = f"set ip neighbor-config ip4 limit {count}"
+                PapiSocketExecutor.run_cli_cmd(node, cmd)
+
+                cmd = f"set ip neighbor-config ip6 limit {count}"
+                PapiSocketExecutor.run_cli_cmd(node, cmd)