aboutsummaryrefslogtreecommitdiffstats
path: root/resources/libraries
diff options
context:
space:
mode:
authorYulong Pei <yulong.pei@intel.com>2023-04-12 02:47:09 +0000
committerPeter Mikus <peter.mikus@protonmail.ch>2023-04-20 05:18:44 +0000
commit334e9005b0c8a0c7cdd37f1c267981b46057dc6a (patch)
treef6d26c110da34d6caafc7af625f957ca3040d78b /resources/libraries
parentb58b33c32f799c746bf90272519e8b1d3f78bc65 (diff)
Add 100k tunnels ipsec policy mode with fastpath enabled test suite
Signed-off-by: xinfeng zhao <xinfengx.zhao@intel.com> Signed-off-by: Yulong Pei <yulong.pei@intel.com> Change-Id: I3708253adf4c7421ff48eee6aefb735b39726359
Diffstat (limited to 'resources/libraries')
-rw-r--r--resources/libraries/python/IPsecUtil.py63
-rw-r--r--resources/libraries/python/VPPUtil.py19
2 files changed, 57 insertions, 25 deletions
diff --git a/resources/libraries/python/IPsecUtil.py b/resources/libraries/python/IPsecUtil.py
index 9c5337b8d4..363558dcaf 100644
--- a/resources/libraries/python/IPsecUtil.py
+++ b/resources/libraries/python/IPsecUtil.py
@@ -1887,10 +1887,6 @@ class IPsecUtil:
sa_id_2 = 200000
spi_1 = 300000
spi_2 = 400000
- dut1_local_outbound_range = ip_network(f"{tunnel_ip1}/8", False).\
- with_prefixlen
- dut1_remote_outbound_range = ip_network(f"{tunnel_ip2}/8", False).\
- with_prefixlen
crypto_key = gen_key(
IPsecUtil.get_crypto_alg_key_len(crypto_alg)
@@ -1908,16 +1904,27 @@ class IPsecUtil:
IPsecUtil.vpp_ipsec_add_spd(nodes[u"DUT1"], spd_id)
IPsecUtil.vpp_ipsec_spd_add_if(nodes[u"DUT1"], spd_id, interface1)
- IPsecUtil.vpp_ipsec_add_spd_entry(
- nodes[u"DUT1"], spd_id, p_hi, PolicyAction.BYPASS, inbound=False,
- proto=50, laddr_range=dut1_local_outbound_range,
- raddr_range=dut1_remote_outbound_range
- )
- IPsecUtil.vpp_ipsec_add_spd_entry(
- nodes[u"DUT1"], spd_id, p_hi, PolicyAction.BYPASS, inbound=True,
- proto=50, laddr_range=dut1_remote_outbound_range,
- raddr_range=dut1_local_outbound_range
- )
+
+ addr_incr = 1 << (128 - 96) if ip_address(tunnel_ip1).version == 6 \
+ else 1 << (32 - 24)
+ for i in range(n_tunnels//(addr_incr**2)+1):
+ dut1_local_outbound_range = \
+ ip_network(f"{ip_address(tunnel_ip1) + i*(addr_incr**3)}/8",
+ False).with_prefixlen
+ dut1_remote_outbound_range = \
+ ip_network(f"{ip_address(tunnel_ip2) + i*(addr_incr**3)}/8",
+ False).with_prefixlen
+
+ IPsecUtil.vpp_ipsec_add_spd_entry(
+ nodes[u"DUT1"], spd_id, p_hi, PolicyAction.BYPASS, inbound=False,
+ proto=50, laddr_range=dut1_local_outbound_range,
+ raddr_range=dut1_remote_outbound_range
+ )
+ IPsecUtil.vpp_ipsec_add_spd_entry(
+ nodes[u"DUT1"], spd_id, p_hi, PolicyAction.BYPASS, inbound=True,
+ proto=50, laddr_range=dut1_remote_outbound_range,
+ raddr_range=dut1_local_outbound_range
+ )
IPsecUtil.vpp_ipsec_add_sad_entries(
nodes[u"DUT1"], n_tunnels, sa_id_1, spi_1, crypto_alg, crypto_key,
@@ -1950,16 +1957,24 @@ class IPsecUtil:
IPsecUtil.vpp_ipsec_add_spd(nodes[u"DUT2"], spd_id)
IPsecUtil.vpp_ipsec_spd_add_if(nodes[u"DUT2"], spd_id, interface2)
- IPsecUtil.vpp_ipsec_add_spd_entry(
- nodes[u"DUT2"], spd_id, p_hi, PolicyAction.BYPASS,
- inbound=False, proto=50, laddr_range=dut1_remote_outbound_range,
- raddr_range=dut1_local_outbound_range
- )
- IPsecUtil.vpp_ipsec_add_spd_entry(
- nodes[u"DUT2"], spd_id, p_hi, PolicyAction.BYPASS,
- inbound=True, proto=50, laddr_range=dut1_local_outbound_range,
- raddr_range=dut1_remote_outbound_range
- )
+ for i in range(n_tunnels//(addr_incr**2)+1):
+ dut2_local_outbound_range = \
+ ip_network(f"{ip_address(tunnel_ip1) + i*(addr_incr**3)}/8",
+ False).with_prefixlen
+ dut2_remote_outbound_range = \
+ ip_network(f"{ip_address(tunnel_ip2) + i*(addr_incr**3)}/8",
+ False).with_prefixlen
+
+ IPsecUtil.vpp_ipsec_add_spd_entry(
+ nodes[u"DUT2"], spd_id, p_hi, PolicyAction.BYPASS,
+ inbound=False, proto=50, laddr_range=dut2_remote_outbound_range,
+ raddr_range=dut2_local_outbound_range
+ )
+ IPsecUtil.vpp_ipsec_add_spd_entry(
+ nodes[u"DUT2"], spd_id, p_hi, PolicyAction.BYPASS,
+ inbound=True, proto=50, laddr_range=dut2_local_outbound_range,
+ raddr_range=dut2_remote_outbound_range
+ )
IPsecUtil.vpp_ipsec_add_sad_entries(
nodes[u"DUT2"], n_tunnels, sa_id_1, spi_1, crypto_alg,
diff --git a/resources/libraries/python/VPPUtil.py b/resources/libraries/python/VPPUtil.py
index daeb568bda..0c603616a2 100644
--- a/resources/libraries/python/VPPUtil.py
+++ b/resources/libraries/python/VPPUtil.py
@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Cisco and/or its affiliates.
+# Copyright (c) 2023 Cisco and/or its affiliates.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at:
@@ -410,3 +410,20 @@ class VPPUtil:
reply = papi_exec.add(cmd, **args).get_reply()
return reply[u"next_index"]
+
+ @staticmethod
+ def vpp_set_neighbor_limit_on_all_duts(nodes, count):
+ """VPP set neighbor count limit on all DUTs in the given topology.
+
+ :param nodes: Nodes in the topology.
+ :param count: Neighbor count need to set.
+ :type nodes: dict
+ :type count: int
+ """
+ for node in nodes.values():
+ if node[u"type"] == NodeType.DUT:
+ cmd = f"set ip neighbor-config ip4 limit {count}"
+ PapiSocketExecutor.run_cli_cmd(node, cmd)
+
+ cmd = f"set ip neighbor-config ip6 limit {count}"
+ PapiSocketExecutor.run_cli_cmd(node, cmd)