diff options
21 files changed, 1580 insertions, 0 deletions
diff --git a/NSH_SFC_VER b/NSH_SFC_VER new file mode 100644 index 0000000000..4a979a5789 --- /dev/null +++ b/NSH_SFC_VER @@ -0,0 +1,2 @@ +VPP = 17.07-rc0 +NSH_SFC = 17.07-rc0 diff --git a/nsh_sfc_tests/func/__init__.robot b/nsh_sfc_tests/func/__init__.robot new file mode 100644 index 0000000000..efebac383e --- /dev/null +++ b/nsh_sfc_tests/func/__init__.robot @@ -0,0 +1,20 @@ +# Copyright (c) 2017 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +*** Settings *** +| Resource | resources/libraries/robot/default.robot +| Resource | resources/libraries/robot/interfaces.robot +| Library | resources.libraries.python.SFC.SetupSFCTest +| Suite Setup | Run Keywords | Setup NSH SFC test | ${nodes} +| ... | AND | Setup All DUTs | ${nodes} +| ... | AND | Update All Interface Data On All Nodes | ${nodes} diff --git a/nsh_sfc_tests/func/proxy/eth2p-ethip4-nsh-proxy-inbound-func.robot b/nsh_sfc_tests/func/proxy/eth2p-ethip4-nsh-proxy-inbound-func.robot new file mode 100644 index 0000000000..5eef6c0b96 --- /dev/null +++ b/nsh_sfc_tests/func/proxy/eth2p-ethip4-nsh-proxy-inbound-func.robot @@ -0,0 +1,85 @@ +# Copyright (c) 2017 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +*** Settings *** +| Library | resources.libraries.python.NodePath +| Library | resources.libraries.python.Trace +| Resource | resources/libraries/robot/default.robot +| Resource | resources/libraries/robot/nsh_sfc/default.robot +| Resource | resources/libraries/robot/interfaces.robot +| Resource | resources/libraries/robot/ipv4.robot +| Force Tags | 3_NODE_SINGLE_LINK_TOPO | VM_ENV | FUNCTEST +| Suite Setup | Run Keywords +| ... | Setup all DUTs before test | AND +| ... | Setup all TGs before traffic script | AND +| ... | Update All Interface Data On All Nodes | ${nodes} | AND +| ... | Setup DUT nodes for 'Proxy Inbound' functional testing +| Test Setup | Run Keywords | Save VPP PIDs | AND +| ... | Reset VAT History On All DUTs | ${nodes} | AND +| ... | Clear interface counters on all vpp nodes in topology | ${nodes} +| Test Teardown | Run Keywords +| ... | Show packet trace on all DUTs | ${nodes} | AND +| ... | Show VAT History On All DUTs | ${nodes} | AND +| ... | Check VPP PID in Teardown +| Documentation | *NSH SFC Proxy Inbound test cases* +| ... +| ... | Test the SFC Proxy Inbound functional. DUT run the VPP with NSH +| ... | SFC Plugin, TG send a VxLAN-GPE+NSH packet to the DUT, +| ... | if the packet match the SFC Proxy inbound rules, the SFC Proxy will +| ... | pop the VxLAN-GPE and NSH protocol, then encapsulate with the +| ... | VxLAN protocol. DUT will loopback the packet to the TG. +| ... | The TG will capture this VxLAN packet and check the packet +| ... | field is correct. + +*** Test Cases *** +| TC01: NSH SFC Proxy Inbound functional test with 152B frame size +| | [Documentation] +| | ... | Make TG send 152 Bytes VxLAN-GPE+NSH packet to DUT ingress interface.\ +| | ... | Make TG verify SFC Proxy Inbound functional is correct. +| | ${frame_size}= | Set Variable | ${152} +| | Node "${src_node}" interface "${src_port}" send "${frame_size}" Bytes packet to node "${dst_node}" interface "${dst_port}" for "Proxy Inbound" test + +| TC02: NSH SFC Proxy Inbound functional test with 256B frame size +| | [Documentation] +| | ... | Make TG send 256 Bytes VxLAN-GPE+NSH packet to DUT ingress interface.\ +| | ... | Make TG verify SFC Proxy Inbound functional is correct. +| | ${frame_size}= | Set Variable | ${256} +| | Node "${src_node}" interface "${src_port}" send "${frame_size}" Bytes packet to node "${dst_node}" interface "${dst_port}" for "Proxy Inbound" test + +| TC03: NSH SFC Proxy Inbound functional test with 512B frame size +| | [Documentation] +| | ... | Make TG send 512 Bytes VxLAN-GPE+NSH packet to DUT ingress interface.\ +| | ... | Make TG verify SFC Proxy Inbound functional is correct. +| | ${frame_size}= | Set Variable | ${512} +| | Node "${src_node}" interface "${src_port}" send "${frame_size}" Bytes packet to node "${dst_node}" interface "${dst_port}" for "Proxy Inbound" test + +| TC04: NSH SFC Proxy Inbound functional test with 1024B frame size +| | [Documentation] +| | ... | Make TG send 1024 Bytes VxLAN-GPE+NSH packet to DUT ingress interface.\ +| | ... | Make TG verify SFC Proxy Inbound functional is correct. +| | ${frame_size}= | Set Variable | ${1024} +| | Node "${src_node}" interface "${src_port}" send "${frame_size}" Bytes packet to node "${dst_node}" interface "${dst_port}" for "Proxy Inbound" test + +| TC05: NSH SFC Proxy Inbound functional test with 1280B frame size +| | [Documentation] +| | ... | Make TG send 1280 Bytes VxLAN-GPE+NSH packet to DUT ingress interface.\ +| | ... | Make TG verify SFC Proxy Inbound functional is correct. +| | ${frame_size}= | Set Variable | ${1280} +| | Node "${src_node}" interface "${src_port}" send "${frame_size}" Bytes packet to node "${dst_node}" interface "${dst_port}" for "Proxy Inbound" test + +| TC06: NSH SFC Proxy Inbound functional test with 1518B frame size +| | [Documentation] +| | ... | Make TG send 1518 Bytes VxLAN-GPE+NSH packet to DUT ingress interface.\ +| | ... | Make TG verify SFC Proxy Inbound functional is correct. +| | ${frame_size}= | Set Variable | ${1518} +| | Node "${src_node}" interface "${src_port}" send "${frame_size}" Bytes packet to node "${dst_node}" interface "${dst_port}" for "Proxy Inbound" test diff --git a/nsh_sfc_tests/func/proxy/eth2p-ethip4-nsh-proxy-outbound-func.robot b/nsh_sfc_tests/func/proxy/eth2p-ethip4-nsh-proxy-outbound-func.robot new file mode 100644 index 0000000000..7fc46317f5 --- /dev/null +++ b/nsh_sfc_tests/func/proxy/eth2p-ethip4-nsh-proxy-outbound-func.robot @@ -0,0 +1,86 @@ +# Copyright (c) 2017 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +*** Settings *** +| Library | resources.libraries.python.NodePath +| Library | resources.libraries.python.Trace +| Resource | resources/libraries/robot/default.robot +| Resource | resources/libraries/robot/nsh_sfc/default.robot +| Resource | resources/libraries/robot/interfaces.robot +| Resource | resources/libraries/robot/ipv4.robot +| Force Tags | 3_NODE_SINGLE_LINK_TOPO | VM_ENV | FUNCTEST +| Suite Setup | Run Keywords +| ... | Setup all DUTs before test | AND +| ... | Setup all TGs before traffic script | AND +| ... | Update All Interface Data On All Nodes | ${nodes} | AND +| ... | Setup DUT nodes for 'Proxy Outbound' functional testing +| Test Setup | Run Keywords | Save VPP PIDs | AND +| ... | Reset VAT History On All DUTs | ${nodes} | AND +| ... | Clear interface counters on all vpp nodes in topology | ${nodes} +| Test Teardown | Run Keywords +| ... | Show packet trace on all DUTs | ${nodes} | AND +| ... | Show VAT History On All DUTs | ${nodes} | AND +| ... | Check VPP PID in Teardown +| Documentation | *NSH SFC Proxy Outbound test cases* +| ... +| ... | Test the SFC Proxy Outbound functional. DUT run the VPP with NSH +| ... | SFC Plugin, TG send a VxLAN packet to the DUT, +| ... | if the packet match the SFC Proxy outbound rules, the SFC Proxy will +| ... | push the NSH protocol, then encapsulate with the VxLAN-GPE protocol. +| ... | DUT will loopback the packet to the TG. +| ... | The TG will capture this VxLAN-GPE+NSH packet and check the packet +| ... | field is correct. + + +*** Test Cases *** +| TC01: NSH SFC Proxy Outbound functional test with 128B frame size +| | [Documentation] +| | ... | Make TG send 128 Bytes VxLAN packet to DUT ingress interface.\ +| | ... | Make TG verify SFC Proxy Outbound functional is correct. +| | ${frame_size}= | Set Variable | ${128} +| | Node "${src_node}" interface "${src_port}" send "${frame_size}" Bytes packet to node "${dst_node}" interface "${dst_port}" for "Proxy Outbound" test + +| TC02: NSH SFC Proxy Outbound functional test with 256B frame size +| | [Documentation] +| | ... | Make TG send 256 Bytes VxLAN packet to DUT ingress interface.\ +| | ... | Make TG verify SFC Proxy Outbound functional is correct. +| | ${frame_size}= | Set Variable | ${256} +| | Node "${src_node}" interface "${src_port}" send "${frame_size}" Bytes packet to node "${dst_node}" interface "${dst_port}" for "Proxy Outbound" test + +| TC03: NSH SFC Proxy Outbound functional test with 512B frame size +| | [Documentation] +| | ... | Make TG send 512 Bytes VxLAN packet to DUT ingress interface.\ +| | ... | Make TG verify SFC Proxy Outbound functional is correct. +| | ${frame_size}= | Set Variable | ${512} +| | Node "${src_node}" interface "${src_port}" send "${frame_size}" Bytes packet to node "${dst_node}" interface "${dst_port}" for "Proxy Outbound" test + +| TC04: NSH SFC Proxy Outbound functional test with 1024B frame size +| | [Documentation] +| | ... | Make TG send 1024 Bytes VxLAN packet to DUT ingress interface.\ +| | ... | Make TG verify SFC Proxy Outbound functional is correct. +| | ${frame_size}= | Set Variable | ${1024} +| | Node "${src_node}" interface "${src_port}" send "${frame_size}" Bytes packet to node "${dst_node}" interface "${dst_port}" for "Proxy Outbound" test + +| TC05: NSH SFC Proxy Outbound functional test with 1280B frame size +| | [Documentation] +| | ... | Make TG send 1280 Bytes VxLAN packet to DUT ingress interface.\ +| | ... | Make TG verify SFC Proxy Outbound functional is correct. +| | ${frame_size}= | Set Variable | ${1280} +| | Node "${src_node}" interface "${src_port}" send "${frame_size}" Bytes packet to node "${dst_node}" interface "${dst_port}" for "Proxy Outbound" test + +| TC06: NSH SFC Proxy Outbound functional test with 1518B frame size +| | [Documentation] +| | ... | Make TG send 1518 Bytes VxLAN packet to DUT ingress interface.\ +| | ... | Make TG verify SFC Proxy Outbound functional is correct. +| | ${frame_size}= | Set Variable | ${1518} +| | Node "${src_node}" interface "${src_port}" send "${frame_size}" Bytes packet to node "${dst_node}" interface "${dst_port}" for "Proxy Outbound" test diff --git a/nsh_sfc_tests/func/sff/eth2p-ethip4-sfc-sff-func.robot b/nsh_sfc_tests/func/sff/eth2p-ethip4-sfc-sff-func.robot new file mode 100644 index 0000000000..c70a92ab51 --- /dev/null +++ b/nsh_sfc_tests/func/sff/eth2p-ethip4-sfc-sff-func.robot @@ -0,0 +1,85 @@ +# Copyright (c) 2017 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +*** Settings *** +| Library | resources.libraries.python.NodePath +| Library | resources.libraries.python.Trace +| Resource | resources/libraries/robot/default.robot +| Resource | resources/libraries/robot/nsh_sfc/default.robot +| Resource | resources/libraries/robot/interfaces.robot +| Resource | resources/libraries/robot/ipv4.robot +| Force Tags | 3_NODE_SINGLE_LINK_TOPO | VM_ENV | FUNCTEST +| Suite Setup | Run Keywords +| ... | Setup all DUTs before test | AND +| ... | Setup all TGs before traffic script | AND +| ... | Update All Interface Data On All Nodes | ${nodes} | AND +| ... | Setup DUT nodes for 'SFF' functional testing +| Test Setup | Run Keywords | Save VPP PIDs | AND +| ... | Reset VAT History On All DUTs | ${nodes} | AND +| ... | Clear interface counters on all vpp nodes in topology | ${nodes} +| Test Teardown | Run Keywords +| ... | Show packet trace on all DUTs | ${nodes} | AND +| ... | Show VAT History On All DUTs | ${nodes} | AND +| ... | Check VPP PID in Teardown +| Documentation | *NSH SFC SFF test cases* +| ... +| ... | Test the SFC Service Function Forward functional. DUT run the VPP +| ... | with NSH SFC Plugin, TG send a VxLAN-GPE+NSH packet to the DUT, +| ... | if the packet match the SFC SFF rules, the SFC SFF will +| ... | swap the VxLAN-GPE and NSH protocol. +| ... | DUT will loopback the packet to the TG. +| ... | The TG will capture this VxLAN-GPE+NSH packet and check the packet +| ... | field is correct. + +*** Test Cases *** +| TC01: NSH SFC SFF functional test with 152B frame size +| | [Documentation] +| | ... | Make TG send 152 Bytes VxLAN-GPE+NSH packet to DUT ingress interface.\ +| | ... | Make TG verify SFC SFF functional is correct. +| | ${frame_size}= | Set Variable | ${152} +| | Node "${src_node}" interface "${src_port}" send "${frame_size}" Bytes packet to node "${dst_node}" interface "${dst_port}" for "SFF" test + +| TC02: NSH SFC SFF functional test with 256B frame size +| | [Documentation] +| | ... | Make TG send 256 Bytes VxLAN-GPE+NSH packet to DUT ingress interface.\ +| | ... | Make TG verify SFC SFF functional is correct. +| | ${frame_size}= | Set Variable | ${256} +| | Node "${src_node}" interface "${src_port}" send "${frame_size}" Bytes packet to node "${dst_node}" interface "${dst_port}" for "SFF" test + +| TC03: NSH SFC SFF functional test with 512B frame size +| | [Documentation] +| | ... | Make TG send 512 Bytes VxLAN-GPE+NSH packet to DUT ingress interface.\ +| | ... | Make TG verify SFC SFF functional is correct. +| | ${frame_size}= | Set Variable | ${512} +| | Node "${src_node}" interface "${src_port}" send "${frame_size}" Bytes packet to node "${dst_node}" interface "${dst_port}" for "SFF" test + +| TC04: NSH SFC SFF functional test with 1024B frame size +| | [Documentation] +| | ... | Make TG send 1024 Bytes VxLAN-GPE+NSH packet to DUT ingress interface.\ +| | ... | Make TG verify SFC SFF functional is correct. +| | ${frame_size}= | Set Variable | ${1024} +| | Node "${src_node}" interface "${src_port}" send "${frame_size}" Bytes packet to node "${dst_node}" interface "${dst_port}" for "SFF" test + +| TC05: NSH SFC SFF functional test with 1280B frame size +| | [Documentation] +| | ... | Make TG send 1280 Bytes VxLAN-GPE+NSH packet to DUT ingress interface.\ +| | ... | Make TG verify SFC SFF functional is correct. +| | ${frame_size}= | Set Variable | ${1280} +| | Node "${src_node}" interface "${src_port}" send "${frame_size}" Bytes packet to node "${dst_node}" interface "${dst_port}" for "SFF" test + +| TC06: NSH SFC SFF functional test with 1518B frame size +| | [Documentation] +| | ... | Make TG send 1518 Bytes VxLAN-GPE+NSH packet to DUT ingress interface.\ +| | ... | Make TG verify SFC SFF functional is correct. +| | ${frame_size}= | Set Variable | ${1518} +| | Node "${src_node}" interface "${src_port}" send "${frame_size}" Bytes packet to node "${dst_node}" interface "${dst_port}" for "SFF" test diff --git a/nsh_sfc_tests/sfc_scripts/install_sfc.sh b/nsh_sfc_tests/sfc_scripts/install_sfc.sh new file mode 100755 index 0000000000..265d4c153a --- /dev/null +++ b/nsh_sfc_tests/sfc_scripts/install_sfc.sh @@ -0,0 +1,114 @@ +#!/bin/bash + +set -x + +ROOTDIR=/tmp/openvpp-testing +PWDDIR=$(pwd) + +if_name1=$1 +if_name2=$2 + +VPP_VERSION=`cat ${ROOTDIR}/NSH_SFC_VER | grep VPP | awk -F'= ' '{print $2}'` +NSH_SFC_VERSION=`cat ${ROOTDIR}/NSH_SFC_VER | grep NSH_SFC | awk -F'= ' '{print $2}'` + +VPP_CODE_DIR=${ROOTDIR}/vpp_codes +NSH_SFC_CODE_DIR=${ROOTDIR}/nsh_sfc_codes + +#at first, we need to stop the vpp service if have +sudo service vpp stop + +#uninstall the vpp and nsh sfc plugin +#and git clone the vpp and nsh sfc plugin source codes +#then compile and install them in the dut nodes. +nsh_need_install=0 +sudo dpkg -l vpp-nsh-plugin >/dev/null 2>&1 +if [ $? -eq 0 ]; then + nsh_plugin_version=`dpkg -s vpp-nsh-plugin | grep Version | awk -F' ' '{print $2}'` + if [ "${nsh_plugin_version}" \< "${NSH_SFC_VERSION}" ]; then + sudo dpkg -P vpp-nsh-plugin vpp-nsh-plugin-dbg vpp-nsh-plugin-dev >/dev/null 2>&1 + test $? -eq 0 || exit 1 + nsh_need_install=1 + fi +else + nsh_need_install=1 +fi + +vpp_need_install=0 +sudo dpkg -l vpp >/dev/null 2>&1 +if [ $? -eq 0 ]; then + vpp_version=`dpkg -s vpp | grep Version | awk -F' ' '{print $2}'` + if [ "${vpp_version}" \< "${VPP_VERSION}" ]; then + sudo dpkg -P vpp vpp-dbg vpp-dev vpp-dpdk-dev vpp-dpdk-dkms vpp-lib \ + vpp-plugins vpp-python-api >/dev/null 2>&1 + test $? -eq 0 || exit 1 + vpp_need_install=1 + fi +else + vpp_need_install=1 +fi + +sleep 5 + +##begin to clone the vpp source code +if [ ${vpp_need_install} -eq 1 ]; then + sudo rm -rf ${VPP_CODE_DIR} + sudo mkdir -p ${VPP_CODE_DIR} + cd ${VPP_CODE_DIR} + git clone -b v${VPP_VERSION} https://gerrit.fd.io/r/vpp + + #compile the vpp code + cd ./vpp/build-root/ + make distclean + ./bootstrap.sh + make V=0 PLATFORM=vpp TAG=vpp install-deb + + #after that, install vpp + sudo dpkg -i *.deb + cd ${PWDDIR} +fi + +##begin to clone the nsh sfc source code +if [ ${nsh_need_install} -eq 1 ]; then + sudo rm -rf ${NSH_SFC_CODE_DIR} + sudo mkdir -p ${NSH_SFC_CODE_DIR} + cd ${NSH_SFC_CODE_DIR} + git clone -b v${NSH_SFC_VERSION} https://gerrit.fd.io/r/nsh_sfc + + #compile the nsh sfc code + cd ./nsh_sfc/nsh-plugin/ + sudo rm -rf build + sudo ./build.sh + + #after that, install the nsh sfc plugin + cd ./packaging/ + sudo dpkg -i *.deb + cd ${PWDDIR} +fi + +#check and setup the hugepages +SYS_HUGEPAGE=$(cat /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages) +if [ ${SYS_HUGEPAGE} -lt 1024 ]; then + MOUNT=$(mount | grep /mnt/huge) + while [ "${MOUNT}" != "" ] + do + sudo umount /mnt/huge + sleep 1 + MOUNT=$(mount | grep /mnt/huge) + done + + echo 2048 | sudo tee /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages + echo 2048 | sudo tee /sys/devices/system/node/node1/hugepages/hugepages-2048kB/nr_hugepages + + sudo mkdir -p /mnt/huge + sudo mount -t hugetlbfs nodev /mnt/huge/ + test $? -eq 0 || exit 1 +fi + +#check and set the max map count +SYS_MAP=$(cat /proc/sys/vm/max_map_count) +if [ ${SYS_MAP} -lt 200000 ]; then + echo 200000 | sudo tee /proc/sys/vm/max_map_count +fi + +#after all, we can start the vpp service now +sudo service vpp start diff --git a/nsh_sfc_tests/sfc_scripts/set_nsh_proxy_inbound.sh b/nsh_sfc_tests/sfc_scripts/set_nsh_proxy_inbound.sh new file mode 100755 index 0000000000..7535f0db2b --- /dev/null +++ b/nsh_sfc_tests/sfc_scripts/set_nsh_proxy_inbound.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +set -x + +sudo service vpp restart +sleep 5 + +sudo vppctl set int state $1 up +sleep 10 +sudo vppctl set int ip table $1 0 +sudo vppctl set int ip address $1 192.168.50.76/24 + +sudo vppctl create vxlan-gpe tunnel local 192.168.50.76 remote 192.168.50.72 vni 9 next-nsh encap-vrf-id 0 decap-vrf-id 0 +sudo vppctl set int l2 bridge vxlan_gpe_tunnel0 1 1 + +sudo vppctl create vxlan tunnel src 192.168.50.76 dst 192.168.50.71 vni 1 encap-vrf-id 0 decap-next node nsh-proxy +sudo vppctl set int l2 bridge vxlan_tunnel0 1 1 + +sudo vppctl create nsh entry nsp 185 nsi 255 md-type 1 c1 3232248395 c2 9 c3 3232248392 c4 50336437 next-ethernet +sudo vppctl create nsh entry nsp 185 nsi 254 md-type 1 c1 3232248395 c2 9 c3 3232248392 c4 50336437 next-ethernet + +sleep 2 +vxlan_gpe_index=`sudo vppctl sh interfaces | grep "vxlan_gpe_tunnel0" | awk '{print $2}'` +vxlan_index=`sudo vppctl sh interfaces | grep "vxlan_tunnel0" | awk '{print $2}'` +sudo vppctl create nsh map nsp 185 nsi 255 mapped-nsp 185 mapped-nsi 255 nsh_action pop encap-vxlan4-intf ${vxlan_index} +sudo vppctl create nsh map nsp 185 nsi 254 mapped-nsp 185 mapped-nsi 254 nsh_action push encap-vxlan-gpe-intf ${vxlan_gpe_index} + +sudo vppctl ip route add 192.168.50.72/24 via 192.168.50.76 +sudo vppctl set ip arp $1 192.168.50.71 $2 +sudo vppctl set ip arp $1 192.168.50.72 $2 + +sudo vppctl trace add dpdk-input 100 diff --git a/nsh_sfc_tests/sfc_scripts/set_nsh_proxy_outbound.sh b/nsh_sfc_tests/sfc_scripts/set_nsh_proxy_outbound.sh new file mode 100755 index 0000000000..d52bdf039f --- /dev/null +++ b/nsh_sfc_tests/sfc_scripts/set_nsh_proxy_outbound.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +set -x + +sudo service vpp restart +sleep 5 + +sudo vppctl set int state $1 up +sleep 10 +sudo vppctl set int ip table $1 0 +sudo vppctl set int ip address $1 192.168.50.76/24 + +sudo vppctl create vxlan-gpe tunnel local 192.168.50.76 remote 192.168.50.71 vni 9 next-nsh encap-vrf-id 0 decap-vrf-id 0 +sudo vppctl set int l2 bridge vxlan_gpe_tunnel0 1 1 + +sudo vppctl create vxlan tunnel src 192.168.50.76 dst 192.168.50.72 vni 1 encap-vrf-id 0 decap-next node nsh-proxy +sudo vppctl set int l2 bridge vxlan_tunnel0 1 1 + +sudo vppctl create nsh entry nsp 185 nsi 255 md-type 1 c1 3232248395 c2 9 c3 3232248392 c4 50336437 next-ethernet +sudo vppctl create nsh entry nsp 185 nsi 254 md-type 1 c1 3232248395 c2 9 c3 3232248392 c4 50336437 next-ethernet + +sleep 2 +vxlan_gpe_index=`sudo vppctl sh interfaces | grep "vxlan_gpe_tunnel0" | awk '{print $2}'` +vxlan_index=`sudo vppctl sh interfaces | grep "vxlan_tunnel0" | awk '{print $2}'` +sudo vppctl create nsh map nsp 185 nsi 255 mapped-nsp 185 mapped-nsi 255 nsh_action pop encap-vxlan4-intf ${vxlan_index} +sudo vppctl create nsh map nsp 185 nsi 254 mapped-nsp 185 mapped-nsi 254 nsh_action push encap-vxlan-gpe-intf ${vxlan_gpe_index} + +sudo vppctl ip route add 192.168.50.72/24 via 192.168.50.76 +sudo vppctl set ip arp $1 192.168.50.71 $2 +sudo vppctl set ip arp $1 192.168.50.72 $2 + +sudo vppctl trace add dpdk-input 100 diff --git a/nsh_sfc_tests/sfc_scripts/set_sfc_sff.sh b/nsh_sfc_tests/sfc_scripts/set_sfc_sff.sh new file mode 100755 index 0000000000..2223e5d039 --- /dev/null +++ b/nsh_sfc_tests/sfc_scripts/set_sfc_sff.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +set -x + +sudo service vpp restart +sleep 5 + +sudo vppctl set int state $1 up +sleep 10 +sudo vppctl set int ip table $1 7 +sudo vppctl set int ip address $1 192.168.50.76/24 + +sudo vppctl create vxlan-gpe tunnel local 192.168.50.76 remote 192.168.50.71 vni 9 next-nsh encap-vrf-id 7 decap-vrf-id 7 +sudo vppctl set int l2 bridge vxlan_gpe_tunnel0 1 1 + +sudo vppctl create vxlan-gpe tunnel local 192.168.50.76 remote 192.168.50.72 vni 10 next-nsh encap-vrf-id 7 decap-vrf-id 7 +sudo vppctl set int l2 bridge vxlan_gpe_tunnel1 1 1 + +sudo vppctl create nsh entry nsp 185 nsi 255 md-type 1 c1 3232248395 c2 9 c3 3232248392 c4 50336437 next-ethernet +sudo vppctl create nsh entry nsp 185 nsi 254 md-type 1 c1 3232248395 c2 9 c3 3232248392 c4 50336437 next-ethernet + +sleep 2 +vxlan_gpe_index0=`sudo vppctl sh interfaces | grep "vxlan_gpe_tunnel0" | awk '{print $2}'` +vxlan_gpe_index1=`sudo vppctl sh interfaces | grep "vxlan_gpe_tunnel1" | awk '{print $2}'` +sudo vppctl create nsh map nsp 185 nsi 255 mapped-nsp 185 mapped-nsi 254 nsh_action swap encap-vxlan-gpe-intf ${vxlan_gpe_index0} + +sudo vppctl ip route add 192.168.50.71/32 via 192.168.50.76 $1 +sudo vppctl ip route add 192.168.50.72/32 via 192.168.50.76 $1 +sudo vppctl set ip arp fib-id 7 $1 192.168.50.71 $2 +sudo vppctl set ip arp fib-id 7 $1 192.168.50.72 $2 + +sudo vppctl trace add dpdk-input 100 diff --git a/nsh_sfc_tests/sfc_scripts/start_tcpdump.sh b/nsh_sfc_tests/sfc_scripts/start_tcpdump.sh new file mode 100755 index 0000000000..9d51e667bd --- /dev/null +++ b/nsh_sfc_tests/sfc_scripts/start_tcpdump.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +ROOTDIR=/tmp/openvpp-testing +PWDDIR=$(pwd) + +cd ${ROOTDIR}/nsh_sfc_tests/sfc_scripts/ +sudo rm -f temp_packet.pcap + +sudo tcpdump -i $1 -c 1 -w temp_packet.pcap dst host $2 >/dev/null 2>&1 & + +cd ${PWDDIR} diff --git a/resources/libraries/python/SFC/SFCConstants.py b/resources/libraries/python/SFC/SFCConstants.py new file mode 100644 index 0000000000..33391a1771 --- /dev/null +++ b/resources/libraries/python/SFC/SFCConstants.py @@ -0,0 +1,43 @@ +#!/usr/bin/env python +# Copyright (c) 2017 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +""" +This module define some constants. +""" + +class SFCConstants(object): + """ + Define some constants for the test filed verify. + """ + + DEF_SRC_PORT = 1234 + DEF_DST_PORT = 5678 + UDP_PROTOCOL = 17 + VxLAN_UDP_PORT = 4789 + VxLANGPE_UDP_PORT = 4790 + VxLAN_FLAGS = 0x8 + VxLAN_DEFAULT_VNI = 1 + VxLANGPE_FLAGS = 0xc + VxLANGPE_NEXT_PROTOCOL = 0x4 + VxLANGPE_DEFAULT_VNI = 9 + NSH_FLAGS = 0x0 + NSH_HEADER_LENGTH = 0x6 + NSH_DEFAULT_MDTYPE = 0x1 + NSH_NEXT_PROTOCOL = 0x3 + NSH_DEFAULT_NSP = 185 + NSH_DEFAULT_NSI = 255 + NSH_DEFAULT_C1 = 3232248395 + NSH_DEFAULT_C2 = 9 + NSH_DEFAULT_C3 = 3232248392 + NSH_DEFAULT_C4 = 50336437 diff --git a/resources/libraries/python/SFC/SFCTest.py b/resources/libraries/python/SFC/SFCTest.py new file mode 100644 index 0000000000..456457f9f6 --- /dev/null +++ b/resources/libraries/python/SFC/SFCTest.py @@ -0,0 +1,93 @@ +# Copyright (c) 2017 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +""" +This module implements functionality which configure and start +the NSH SFC functional test. +""" + +from resources.libraries.python.ssh import SSH +from resources.libraries.python.constants import Constants as con +from resources.libraries.python.topology import Topology + +class SFCTest(object): + """Configure and Start the NSH SFC functional tests.""" + + @staticmethod + def config_and_start_SFC_test(dut_node, dut_port, adj_mac, testtype): + """ + Start the SFC functional on the dut_node. + + :param dut_node: Will execute the SFC on this node. + :param dut_port: The ingress interface on the DUT. + :param adj_mac: The adjacency interface MAC. + :param testtype: The SFC functional test type. + (Classifier, Proxy Inbound, Proxy Outbound, SFF). + :type dut_node: dict + :type dut_port: str + :type adj_mac: str + :type testtype: str + :returns: none + :raises RuntimeError: If the script execute fails. + """ + + vpp_intf_name = Topology.get_interface_name(dut_node, dut_port) + + ssh = SSH() + ssh.connect(dut_node) + + if testtype == "Classifier": + exec_shell = "set_sfc_classifier.sh" + elif testtype == "Proxy Inbound": + exec_shell = "set_nsh_proxy_inbound.sh" + elif testtype == "Proxy Outbound": + exec_shell = "set_nsh_proxy_outbound.sh" + else: + exec_shell = "set_sfc_sff.sh" + + cmd = 'cd {0}/nsh_sfc_tests/sfc_scripts/ && sudo ./{1} {2} ' \ + '{3} {4}'.format(con.REMOTE_FW_DIR, exec_shell, vpp_intf_name, + adj_mac, dut_port) + + (ret_code, _, _) = ssh.exec_command(cmd, timeout=600) + if ret_code != 0: + raise RuntimeError('Failed to execute SFC setup script ' \ + '{0} at node {1}'.format(exec_shell, dut_node['host'])) + + @staticmethod + def start_the_tcpdump_on_the_node(from_node, from_port, filter_ip): + """ + Start the tcpdump on the frome_node. + + :param from_node: Will execute the tcpdump on this node. + :param from_port: Will capture the packets on this interface. + :param filter_ip: filter the dest ip. + :type from_node: dict + :type from_port: str + :type filter_ip: str + :returns: none + :raises RuntimeError: If the script "start_tcpdump.sh" fails. + """ + + interface_name = Topology.get_interface_name(from_node, from_port) + + ssh = SSH() + ssh.connect(from_node) + + cmd = 'cd {0}/nsh_sfc_tests/sfc_scripts/ && sudo ./start_tcpdump.sh ' \ + '{1} {2}'.format(con.REMOTE_FW_DIR, interface_name, filter_ip) + + (ret_code, _, _) = ssh.exec_command(cmd, timeout=600) + if ret_code != 0: + raise RuntimeError('Failed to exec start_tcpdump.sh at node {0}'. + format(from_node['host'])) diff --git a/resources/libraries/python/SFC/SetupSFCTest.py b/resources/libraries/python/SFC/SetupSFCTest.py new file mode 100644 index 0000000000..d481202837 --- /dev/null +++ b/resources/libraries/python/SFC/SetupSFCTest.py @@ -0,0 +1,226 @@ +# Copyright (c) 2017 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""This module exists to provide setup utilities for the framework on topology +nodes. All tasks required to be run before the actual tests are started is +supposed to end up here. +""" + +from shlex import split +from subprocess import Popen, PIPE, call +from multiprocessing import Pool +from tempfile import NamedTemporaryFile +from os.path import basename + +from robot.api import logger +from robot.libraries.BuiltIn import BuiltIn + +from resources.libraries.python.ssh import SSH +from resources.libraries.python.constants import Constants as con +from resources.libraries.python.topology import NodeType +from resources.libraries.python.topology import Topology + +__all__ = ["SetupSFCTest"] + + +def pack_framework_dir(): + """Pack the testing WS into temp file, return its name. + + :returns: the temporary package file name. + :rtype: str + :raises: If execute the tar command failed. + """ + + tmpfile = NamedTemporaryFile(suffix=".tgz", prefix="SFC-testing-") + file_name = tmpfile.name + tmpfile.close() + + proc = Popen( + split("tar --exclude-vcs --exclude=./tmp -zcf {0} .".format(file_name)), + stdout=PIPE, stderr=PIPE) + (stdout, stderr) = proc.communicate() + + logger.debug(stdout) + logger.debug(stderr) + + return_code = proc.wait() + if return_code != 0: + raise RuntimeError("Could not pack testing framework.") + + return file_name + + +def copy_tarball_to_node(tarball, node): + """Copy tarball file from local host to remote node. + + :param tarball: Path to tarball to upload. + :param node: Node in the topology where the tarball will be copied to. + :type tarball: str + :type node: dict + :returns: nothing + """ + logger.console('Copying tarball to {0}'.format(node['host'])) + ssh = SSH() + ssh.connect(node) + + ssh.scp(tarball, "/tmp/") + + +def extract_tarball_at_node(tarball, node): + """Extract tarball at given node. + + Extracts tarball using tar on given node to specific CSIT loocation. + + :param tarball: Path to tarball to upload. + :param node: Dictionary created from topology. + :type tarball: str + :type node: dict + :returns: nothing + :raises: If unpack the file failed. + """ + logger.console('Extracting tarball to {0} on {1}'.format( + con.REMOTE_FW_DIR, node['host'])) + ssh = SSH() + ssh.connect(node) + + cmd = 'sudo rm -rf {1}; mkdir {1} ; tar -zxf {0} -C {1}; ' \ + 'rm -f {0}'.format(tarball, con.REMOTE_FW_DIR) + (ret_code, _, stderr) = ssh.exec_command(cmd, timeout=30) + if ret_code != 0: + logger.error('Unpack error: {0}'.format(stderr)) + raise RuntimeError('Failed to unpack {0} at node {1}'.format( + tarball, node['host'])) + + +def create_env_directory_at_node(node): + """Create fresh virtualenv to a directory, install pip requirements. + + :param node: Dictionary created from topology, will only install in the TG + :type node: dict + :returns: nothing + """ + logger.console('Extracting virtualenv, installing requirements.txt ' + 'on {0}'.format(node['host'])) + ssh = SSH() + ssh.connect(node) + (ret_code, stdout, stderr) = ssh.exec_command( + 'cd {0} && rm -rf env && ' + 'virtualenv --system-site-packages --never-download env && ' + '. env/bin/activate && pip install -r requirements.txt' + .format(con.REMOTE_FW_DIR), timeout=100) + if ret_code != 0: + logger.error('Virtualenv creation error: {0}'.format(stdout + stderr)) + raise RuntimeError('Virtualenv setup failed') + else: + logger.console('Virtualenv created on {0}'.format(node['host'])) + +def install_sfc_test(node): + """Prepare the NSH SFC test envrionment. + + :param node: Dictionary created from topology + :type node: dict + :returns: nothing + """ + logger.console('Install the NSH SFC on {0}'.format(node['host'])) + + if_name_list = Topology.get_node_interfaces(node) + + ssh = SSH() + ssh.connect(node) + + (ret_code, _, stderr) = ssh.exec_command( + 'cd {0}/nsh_sfc_tests/sfc_scripts/ && ./install_sfc.sh {1} {2}' + .format(con.REMOTE_FW_DIR, if_name_list[0], if_name_list[1]), \ + timeout=600) + + if ret_code != 0: + logger.error('Install the NSH SFC error: {0}'.format(stderr)) + raise RuntimeError('Install the NSH SFC failed') + else: + logger.console('Install the NSH SFC on {0} success!'. + format(node['host'])) + +def setup_node(args): + """Run all set-up methods for a node. + + This method is used as map_async parameter. It receives tuple with all + parameters as passed to map_async function. + + :param args: All parameters needed to setup one node. + :type args: tuple + :returns: True - success, False - error + :rtype: bool + """ + tarball, remote_tarball, node = args + try: + copy_tarball_to_node(tarball, node) + extract_tarball_at_node(remote_tarball, node) + if node['type'] == NodeType.DUT: + install_sfc_test(node) + if node['type'] == NodeType.TG: + create_env_directory_at_node(node) + except RuntimeError as exc: + logger.error("Node setup failed, error:'{0}'".format(exc.message)) + return False + else: + logger.console('Setup of node {0} done'.format(node['host'])) + return True + +def delete_local_tarball(tarball): + """Delete local tarball to prevent disk pollution. + + :param tarball: Path to tarball to upload. + :type tarball: str + :returns: nothing + """ + call(split('sh -c "rm {0} > /dev/null 2>&1"'.format(tarball))) + + +class SetupSFCTest(object): + """Setup suite run on topology nodes. + + Many VAT/CLI based tests need the scripts at remote hosts before executing + them. This class packs the whole testing directory and copies it over + to all nodes in topology under /tmp/ + """ + + @staticmethod + def setup_nsh_sfc_test(nodes): + """Pack the whole directory and extract in temp on each node.""" + + tarball = pack_framework_dir() + msg = 'Framework packed to {0}'.format(tarball) + logger.console(msg) + logger.trace(msg) + remote_tarball = "/tmp/{0}".format(basename(tarball)) + + # Turn off logging since we use multiprocessing + log_level = BuiltIn().set_log_level('NONE') + params = ((tarball, remote_tarball, node) for node in nodes.values()) + pool = Pool(processes=len(nodes)) + result = pool.map_async(setup_node, params) + pool.close() + pool.join() + + # Turn on logging + BuiltIn().set_log_level(log_level) + + logger.info( + 'Executed node setups in parallel, waiting for processes to end') + result.wait() + + logger.info('Results: {0}'.format(result.get())) + + logger.trace('Test framework copied to all topology nodes') + delete_local_tarball(tarball) + logger.console('All nodes are ready') diff --git a/resources/libraries/python/SFC/TunnelProtocol.py b/resources/libraries/python/SFC/TunnelProtocol.py new file mode 100644 index 0000000000..4b4377c895 --- /dev/null +++ b/resources/libraries/python/SFC/TunnelProtocol.py @@ -0,0 +1,41 @@ +# Copyright (c) 2017 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +""" +This module implements the VxLAN/VXLAN-GPE/NSH protocol +for the packet analyse. +""" +from scapy.all import Packet +from scapy.all import XByteField, ShortField +from scapy.all import BitField, XBitField, IntField + +class VxLAN(Packet): + """Define the vxlan protocol for the packet analysis.""" + name = "vxlan" + fields_desc = [XByteField("flags", 0x08), BitField("reserved", 0, 24), + BitField("vni", 0, 24), XByteField("reserved", 0x00)] + +class VxLANGPE(Packet): + """Define the vxlan-gpe protocol for the packet analysis.""" + name = "vxlan-gpe" + fields_desc = [XByteField("flags", 0x0c), ShortField("reserved", 0), + XByteField("nextproto", 0x3), BitField("vni", 0, 24), + XByteField("reserved", 0x0)] + +class NSH(Packet): + """Define the NSH protocol for the packet analysis.""" + name = "nsh" + fields_desc = [XBitField("flags", 0x0, 10), XBitField("length", 0x6, 6), + XByteField("MDtype", 0x1), XByteField("nextproto", 0x3), + IntField("nsp_nsi", 0), IntField("c1", 0), + IntField("c2", 0), IntField("c3", 0), IntField("c4", 0)] diff --git a/resources/libraries/python/SFC/VerifyPacket.py b/resources/libraries/python/SFC/VerifyPacket.py new file mode 100644 index 0000000000..66bd09899d --- /dev/null +++ b/resources/libraries/python/SFC/VerifyPacket.py @@ -0,0 +1,223 @@ +#!/usr/bin/env python +# Copyright (c) 2017 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +""" +This module defines the common functions. +""" + +import ipaddress + +from scapy.layers.inet import IP, UDP +from scapy.all import Raw +from scapy.utils import rdpcap +from resources.libraries.python.constants import Constants as con +from resources.libraries.python.SFC.SFCConstants import SFCConstants as sfccon +from resources.libraries.python.SFC.TunnelProtocol import VxLAN, VxLANGPE, NSH + +from robot.api import logger + +def valid_ipv4(ipaddr): + """Check if IP address has the correct IPv4 address format. + + :param ipaddr: IP address. + :type ipaddr: str + :returns: True in case of correct IPv4 address format, + otherwise return False. + :rtype: bool + """ + try: + ipaddress.IPv4Address(unicode(ipaddr)) + return True + except (AttributeError, ipaddress.AddressValueError): + return False + + +def valid_ipv6(ipaddr): + """Check if IP address has the correct IPv6 address format. + + :param ipaddr: IP address. + :type ipaddr: str + :returns: True in case of correct IPv6 address format, + otherwise return False. + :rtype: bool + """ + try: + ipaddress.IPv6Address(unicode(ipaddr)) + return True + except (AttributeError, ipaddress.AddressValueError): + return False + + +class VerifyPacket(object): + """Define some functions for the test filed verify.""" + + @staticmethod + def check_vxlan_protocol(payload_data): + """ + verify the vxlan protocol in the payload data. + + :param payload_data: the payload data in the packet. + :type payload_data: str + :returns: none + :raises RuntimeError: If the vxlan protocol field verify fails. + """ + # get the vxlan packet and check it + vxlan_pkt = VxLAN(payload_data[0:8]) + if vxlan_pkt.flags != sfccon.VxLAN_FLAGS: + raise RuntimeError("Unexpected Vxlan flags: {0}". + format(vxlan_pkt.flags)) + + if vxlan_pkt.vni != sfccon.VxLAN_DEFAULT_VNI: + raise RuntimeError("Unexpected VNI flag: {0}".format(vxlan_pkt.vni)) + + @staticmethod + def check_vxlangpe_nsh_protocol(payload_data, test_type): + """ + verify the vxlangpe and nsh protocol in the payload data. + + :param payload_data: the payload data in the packet. + :param test_type: the functional test type. + :type payload_data: str + :type test_type: str + :returns: none + :raises RuntimeError: If the vxlangpe and nsh protocol + field verify fails. + """ + # get the vxlan-gpe packet and check it + vxlangpe_pkt = VxLANGPE(payload_data[0:8]) + if vxlangpe_pkt.flags != sfccon.VxLANGPE_FLAGS: + raise RuntimeError("Unexpected Vxlan-GPE flags: {0}". + format(vxlangpe_pkt.flags)) + + if vxlangpe_pkt.nextproto != sfccon.VxLANGPE_NEXT_PROTOCOL: + raise RuntimeError("next protocol not the NSH") + + if vxlangpe_pkt.vni != sfccon.VxLANGPE_DEFAULT_VNI: + raise RuntimeError("Unexpected VNI flag: {0}". + format(vxlangpe_pkt.vni)) + + # get the NSH packet and check it + nsh_pkt = NSH(payload_data[8:32]) + if nsh_pkt.flags != sfccon.NSH_FLAGS: + raise RuntimeError("Unexpected NSH flags: {0}". + format(nsh_pkt.flags)) + + if nsh_pkt.length != sfccon.NSH_HEADER_LENGTH: + raise RuntimeError("NSH length {0} incorrect". + format(nsh_pkt.length)) + + if nsh_pkt.MDtype != sfccon.NSH_DEFAULT_MDTYPE: + raise RuntimeError("NSH MD-Type {0} incorrect". + format(nsh_pkt.MDtype)) + + if nsh_pkt.nextproto != sfccon.NSH_NEXT_PROTOCOL: + raise RuntimeError("NSH next protocol {0} incorrect". + format(nsh_pkt.nextproto)) + + if test_type == "Proxy Outbound" or test_type == "SFF": + expect_nsi = sfccon.NSH_DEFAULT_NSI - 1 + else: + expect_nsi = sfccon.NSH_DEFAULT_NSI + + nsp_nsi = nsh_pkt.nsp_nsi + nsp = nsp_nsi >> 8 + nsi = nsp_nsi & 0x000000FF + if nsp != sfccon.NSH_DEFAULT_NSP: + raise RuntimeError("NSH Service Path ID {0} incorrect".format(nsp)) + + if nsi != expect_nsi: + raise RuntimeError("NSH Service Index {0} incorrect".format(nsi)) + + nsh_c1 = nsh_pkt.c1 + if nsh_c1 != sfccon.NSH_DEFAULT_C1: + raise RuntimeError("NSH c1 {0} incorrect".format(nsh_c1)) + + nsh_c2 = nsh_pkt.c2 + if nsh_c2 != sfccon.NSH_DEFAULT_C2: + raise RuntimeError("NSH c2 {0} incorrect".format(nsh_c2)) + + nsh_c3 = nsh_pkt.c3 + if nsh_c3 != sfccon.NSH_DEFAULT_C3: + raise RuntimeError("NSH c3 {0} incorrect".format(nsh_c3)) + + nsh_c4 = nsh_pkt.c4 + if nsh_c4 != sfccon.NSH_DEFAULT_C4: + raise RuntimeError("NSH c4 {0} incorrect".format(nsh_c4)) + + + @staticmethod + def check_the_nsh_sfc_packet(frame_size, test_type): + """ + verify the NSH SFC functional test loopback packet field + is correct. + + :param frame_size: the origin frame size. + :param test_type: the test type. + (Classifier, Proxy Inbound, Proxy Outbound, SFF). + :type frame_size: Integer + :type test_type: str + :returns: none + :raises RuntimeError: If the packet field verify fails. + """ + + rx_pcapfile = '{0}/nsh_sfc_tests/sfc_scripts/temp_packet.pcap' \ + .format(con.REMOTE_FW_DIR) + + logger.trace('read pcap file:{0}'.format(rx_pcapfile)) + + packets = rdpcap(rx_pcapfile) + if len(packets) < 1: + raise RuntimeError("No packet is received!") + + ether = packets[0] + + origin_size = int(frame_size) + if test_type == "Classifier": + expect_pkt_len = origin_size + 74 - 4 + elif test_type == "Proxy Inbound": + expect_pkt_len = origin_size - 24 - 4 + elif test_type == "Proxy Outbound": + expect_pkt_len = origin_size + 24 - 4 + else: + expect_pkt_len = origin_size - 4 + + recv_pkt_len = len(ether) + if recv_pkt_len != expect_pkt_len: + raise RuntimeError("Received packet size {0} not " \ + "the expect size {1}".format(recv_pkt_len, \ + expect_pkt_len)) + + if not ether.haslayer(IP): + raise RuntimeError("Not a IPv4 packet") + + pkt_proto = ether[IP].proto + if pkt_proto != sfccon.UDP_PROTOCOL: + raise RuntimeError("Not a UDP packet , {0}".format(pkt_proto)) + + if test_type == "Proxy Inbound": + expect_udp_port = sfccon.VxLAN_UDP_PORT + else: + expect_udp_port = sfccon.VxLANGPE_UDP_PORT + + dst_port = ether[UDP].dport + if dst_port != expect_udp_port: + raise RuntimeError("UDP dest port must be {0}, {1}". + format(expect_udp_port, dst_port)) + + payload_data = ether[Raw].load + + if test_type == "Proxy Inbound": + VerifyPacket.check_vxlan_protocol(payload_data) + else: + VerifyPacket.check_vxlangpe_nsh_protocol(payload_data, test_type) diff --git a/resources/libraries/python/SFC/__init__.py b/resources/libraries/python/SFC/__init__.py new file mode 100644 index 0000000000..e90d968cca --- /dev/null +++ b/resources/libraries/python/SFC/__init__.py @@ -0,0 +1,16 @@ +# Copyright (c) 2017 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +""" +__init__ file for directory resources/libraries/python/SFC +""" diff --git a/resources/libraries/robot/nsh_sfc/default.robot b/resources/libraries/robot/nsh_sfc/default.robot new file mode 100644 index 0000000000..fc70523cdd --- /dev/null +++ b/resources/libraries/robot/nsh_sfc/default.robot @@ -0,0 +1,67 @@ +# Copyright (c) 2017 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +*** Settings *** +| Variables | resources/libraries/python/topology.py +| Library | resources.libraries.python.topology.Topology +| Library | resources.libraries.python.InterfaceUtil +| Library | resources.libraries.python.SFC.SFCTest +| Library | Collections + +*** Keywords *** +| Setup DUT nodes for '${type}' functional testing +| | [Documentation] | Configure and Start the SFC functional test +| | ... | on the DUT node. +| | ${testtype}= | Convert to String | ${type} +| | Append Nodes | ${nodes['TG']} | ${nodes['DUT1']} +| | Compute Path +| | ${src_port} | ${src_node}= | First Interface +| | ${dst_port} | ${dst_node}= | Last Interface +| | Set Suite Variable | ${src_node} +| | Set Suite Variable | ${src_port} +| | Set Suite Variable | ${dst_node} +| | Set Suite Variable | ${dst_port} +| | Set Interface State | ${src_node} | ${src_port} | 'up' +| | Set Interface Ethernet MTU | ${src_node} | ${src_port} | 9000 +| | ${adj_mac}= | Get interface mac | ${src_node} | ${src_port} +| | Config and Start SFC test | ${dst_node} | ${dst_port} +| | ... | ${adj_mac} | ${testtype} + +| Node "${from_node}" interface "${from_port}" send "${size}" Bytes packet to node "${to_node}" interface "${to_port}" for "${type}" test +| | [Documentation] | At the first start the tcpdump on the TG node, +| | ... | then build the packet with the scapy and send the packet to the +| | ... | DUT node, DUT node will receive the packet on the ingress interface +| | ... | DUT will loopback packet to the TG after processed. TG will use +| | ... | the tcpdump to capture the packet and check the packet is correct. +| | ${filter_dst_ip}= | Set Variable | 192.168.50.71 +| | Start the tcpdump on the Node | ${from_node} | ${from_port} | ${filter_dst_ip} +| | ${src_ip}= | Set Variable If | "${type}" == "Classifier" | 10.10.12.101 | 192.168.50.72 +| | ${dst_ip}= | Set Variable If | "${type}" == "Classifier" | 10.10.12.100 | 192.168.50.76 +| | ${src_mac}= | Get interface mac | ${from_node} | ${from_port} +| | ${dst_mac}= | Get interface mac | ${to_node} | ${to_port} +| | ${from_port_name}= | Get interface name | ${from_node} | ${from_port} +| | ${to_port_name}= | Get interface name | ${to_node} | ${to_port} +| | ${timeout}= | Set Variable | 10 +| | ${frame_size}= | Convert To Integer | ${size} +| | ${args}= | Traffic Script Gen Arg | ${from_port_name} | ${from_port_name} +| | | ... | ${src_mac} | ${dst_mac} | ${src_ip} | ${dst_ip} +| | ${args}= | Catenate | ${args} | --framesize ${frame_size} +| | | ... | --timeout ${timeout} | --testtype "${type}" +| | Run Keyword If | "${type}" == "Classifier" | Run Traffic Script On Node +| | | | | ... | send_tcp_for_classifier_test.py | ${from_node} | ${args} +| | ... | ELSE IF | "${type}" == "Proxy Inbound" | Run Traffic Script On Node +| | | | | ... | send_vxlangpe_nsh_for_proxy_test.py | ${from_node} | ${args} +| | ... | ELSE IF | "${type}" == "Proxy Outbound" | Run Traffic Script On Node +| | | | | ... | send_vxlan_for_proxy_test.py | ${from_node} | ${args} +| | ... | ELSE | Run Traffic Script On Node | send_vxlangpe_nsh_for_sff_test.py +| | | | | ... | ${from_node} | ${args} diff --git a/resources/traffic_scripts/send_tcp_for_classifier_test.py b/resources/traffic_scripts/send_tcp_for_classifier_test.py new file mode 100755 index 0000000000..f08816eaae --- /dev/null +++ b/resources/traffic_scripts/send_tcp_for_classifier_test.py @@ -0,0 +1,86 @@ +#!/usr/bin/env python +# Copyright (c) 2017 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +""" +Traffic script that sends an TCP packet +from TG to DUT. +""" +import sys +import time + +from scapy.layers.inet import IP, UDP, TCP +from scapy.layers.inet6 import IPv6 +from scapy.all import Ether, Packet, Raw +from scapy.all import sendp + +from resources.libraries.python.SFC.VerifyPacket import * +from resources.libraries.python.SFC.SFCConstants import SFCConstants as sfccon +from resources.libraries.python.TrafficScriptArg import TrafficScriptArg + +from robot.api import logger + +def main(): + """Send TCP packet from one traffic generator interface to DUT. + + :raises: If the IP address is invalid. + """ + args = TrafficScriptArg( + ['src_mac', 'dst_mac', 'src_ip', 'dst_ip', + 'timeout', 'framesize', 'testtype']) + + src_mac = args.get_arg('src_mac') + dst_mac = args.get_arg('dst_mac') + src_ip = args.get_arg('src_ip') + dst_ip = args.get_arg('dst_ip') + tx_if = args.get_arg('tx_if') + rx_if = args.get_arg('rx_if') + timeout = int(args.get_arg('timeout')) + frame_size = int(args.get_arg('framesize')) + test_type = args.get_arg('testtype') + + protocol = TCP + source_port = sfccon.DEF_SRC_PORT + destination_port = sfccon.DEF_DST_PORT + + ip_version = None + if valid_ipv4(src_ip) and valid_ipv4(dst_ip): + ip_version = IP + elif valid_ipv6(src_ip) and valid_ipv6(dst_ip): + ip_version = IPv6 + else: + raise ValueError("Invalid IP version!") + + pkt_header = (Ether(src=src_mac, dst=dst_mac) / + ip_version(src=src_ip, dst=dst_ip) / + protocol(sport=int(source_port), dport=int(destination_port))) + + fsize_no_fcs = frame_size - 4 + pad_len = max(0, fsize_no_fcs - len(pkt_header)) + pad_data = "A" * pad_len + + pkt_raw = pkt_header / Raw(load=pad_data) + + sendp(pkt_raw, iface=tx_if, count=3) + + time.sleep(timeout) + + # let us begin to check the NSH SFC loopback packet + VerifyPacket.check_the_nsh_sfc_packet(frame_size, test_type) + + # we check all the fields about the loopback packet, this test will pass + sys.exit(0) + + +if __name__ == "__main__": + main() diff --git a/resources/traffic_scripts/send_vxlan_for_proxy_test.py b/resources/traffic_scripts/send_vxlan_for_proxy_test.py new file mode 100755 index 0000000000..4087c7f6d8 --- /dev/null +++ b/resources/traffic_scripts/send_vxlan_for_proxy_test.py @@ -0,0 +1,94 @@ +#!/usr/bin/env python +# Copyright (c) 2017 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""Traffic script that sends an VxLAN packet +from TG to DUT. +""" +import sys +import time + +from scapy.layers.inet import IP, UDP, TCP +from scapy.layers.inet6 import IPv6 +from scapy.all import Ether, Packet, Raw +from scapy.all import sendp + +from resources.libraries.python.SFC.VerifyPacket import * +from resources.libraries.python.SFC.SFCConstants import SFCConstants as sfccon +from resources.libraries.python.TrafficScriptArg import TrafficScriptArg + +from robot.api import logger + +def main(): + """Send VxLAN packet from TG to DUT. + + :raises: If the IP address is invalid. + """ + args = TrafficScriptArg( + ['src_mac', 'dst_mac', 'src_ip', 'dst_ip', + 'timeout', 'framesize', 'testtype']) + + src_mac = args.get_arg('src_mac') + dst_mac = args.get_arg('dst_mac') + src_ip = args.get_arg('src_ip') + dst_ip = args.get_arg('dst_ip') + tx_if = args.get_arg('tx_if') + rx_if = args.get_arg('rx_if') + timeout = int(args.get_arg('timeout')) + frame_size = int(args.get_arg('framesize')) + test_type = args.get_arg('testtype') + + protocol = TCP + source_port = sfccon.DEF_SRC_PORT + destination_port = sfccon.DEF_DST_PORT + + ip_version = None + if valid_ipv4(src_ip) and valid_ipv4(dst_ip): + ip_version = IP + elif valid_ipv6(src_ip) and valid_ipv6(dst_ip): + ip_version = IPv6 + else: + raise ValueError("Invalid IP version!") + + innerpkt = (Ether(src=src_mac, dst=dst_mac) / + ip_version(src=src_ip, dst=dst_ip) / + protocol(sport=int(source_port), dport=int(destination_port))) + + vxlan = '\x08\x00\x00\x00\x00\x00\x01\x00' + + raw_data = vxlan + str(innerpkt) + + pkt_header = (Ether(src=src_mac, dst=dst_mac) / + ip_version(src=src_ip, dst=dst_ip) / + UDP(sport=int(source_port), dport=4789) / + Raw(load=raw_data)) + + fsize_no_fcs = frame_size - 4 + pad_len = max(0, fsize_no_fcs - len(pkt_header)) + pad_data = "A" * pad_len + + pkt_raw = pkt_header / Raw(load=pad_data) + + sendp(pkt_raw, iface=tx_if, count=3) + + time.sleep(timeout) + + # let us begin to check the proxy outbound packet + VerifyPacket.check_the_nsh_sfc_packet(frame_size, test_type) + + # we check all the fields about the proxy outbound, this test will pass + sys.exit(0) + + +if __name__ == "__main__": + main() diff --git a/resources/traffic_scripts/send_vxlangpe_nsh_for_proxy_test.py b/resources/traffic_scripts/send_vxlangpe_nsh_for_proxy_test.py new file mode 100755 index 0000000000..ea1f9b15a7 --- /dev/null +++ b/resources/traffic_scripts/send_vxlangpe_nsh_for_proxy_test.py @@ -0,0 +1,96 @@ +#!/usr/bin/env python +# Copyright (c) 2017 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""Traffic script that sends an VxLAN-GPE+NSH packet +from TG to DUT. +""" +import sys +import time + +from scapy.layers.inet import IP, UDP, TCP +from scapy.layers.inet6 import IPv6 +from scapy.all import Ether, Packet, Raw +from scapy.all import sendp + +from resources.libraries.python.SFC.VerifyPacket import * +from resources.libraries.python.SFC.SFCConstants import SFCConstants as sfccon +from resources.libraries.python.TrafficScriptArg import TrafficScriptArg + +from robot.api import logger + +def main(): + """Send VxLAN-GPE+NSH packet from TG to DUT. + + :raises: If the IP address is invalid. + """ + args = TrafficScriptArg( + ['src_mac', 'dst_mac', 'src_ip', 'dst_ip', + 'timeout', 'framesize', 'testtype']) + + src_mac = args.get_arg('src_mac') + dst_mac = args.get_arg('dst_mac') + src_ip = args.get_arg('src_ip') + dst_ip = args.get_arg('dst_ip') + tx_if = args.get_arg('tx_if') + rx_if = args.get_arg('rx_if') + timeout = int(args.get_arg('timeout')) + frame_size = int(args.get_arg('framesize')) + test_type = args.get_arg('testtype') + + protocol = TCP + source_port = sfccon.DEF_SRC_PORT + destination_port = sfccon.DEF_DST_PORT + + ip_version = None + if valid_ipv4(src_ip) and valid_ipv4(dst_ip): + ip_version = IP + elif valid_ipv6(src_ip) and valid_ipv6(dst_ip): + ip_version = IPv6 + else: + raise ValueError("Invalid IP version!") + + innerpkt = (Ether(src=src_mac, dst=dst_mac) / + ip_version(src=src_ip, dst=dst_ip) / + protocol(sport=int(source_port), dport=int(destination_port))) + + vxlangpe_nsh = '\x0c\x00\x00\x04\x00\x00\x09\x00\x00\x06' \ + '\x01\x03\x00\x00\xb9\xff\xC0\xA8\x32\x4B' \ + '\x00\x00\x00\x09\xC0\xA8\x32\x48\x03\x00\x12\xB5' + + raw_data = vxlangpe_nsh + str(innerpkt) + + pkt_header = (Ether(src=src_mac, dst=dst_mac) / + ip_version(src=src_ip, dst=dst_ip) / + UDP(sport=int(source_port), dport=4790) / + Raw(load=raw_data)) + + fsize_no_fcs = frame_size - 4 + pad_len = max(0, fsize_no_fcs - len(pkt_header)) + pad_data = "A" * pad_len + + pkt_raw = pkt_header / Raw(load=pad_data) + + sendp(pkt_raw, iface=tx_if, count=3) + + time.sleep(timeout) + + # let us begin to check the proxy inbound packet + VerifyPacket.check_the_nsh_sfc_packet(frame_size, test_type) + + # we check all the fields about the proxy inbound, this test will pass + sys.exit(0) + + +if __name__ == "__main__": + main() diff --git a/resources/traffic_scripts/send_vxlangpe_nsh_for_sff_test.py b/resources/traffic_scripts/send_vxlangpe_nsh_for_sff_test.py new file mode 100755 index 0000000000..b82e2a8938 --- /dev/null +++ b/resources/traffic_scripts/send_vxlangpe_nsh_for_sff_test.py @@ -0,0 +1,96 @@ +#!/usr/bin/env python +# Copyright (c) 2017 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""Traffic script that sends an VxLAN-GPE+NSH packet +from TG to DUT. +""" +import sys +import time + +from scapy.layers.inet import IP, UDP, TCP +from scapy.layers.inet6 import IPv6 +from scapy.all import Ether, Packet, Raw +from scapy.all import sendp + +from resources.libraries.python.SFC.VerifyPacket import * +from resources.libraries.python.SFC.SFCConstants import SFCConstants as sfccon +from resources.libraries.python.TrafficScriptArg import TrafficScriptArg + +from robot.api import logger + +def main(): + """Send VxLAN-GPE+NSH packet from TG to DUT. + + :raises: If the IP address is invalid. + """ + args = TrafficScriptArg( + ['src_mac', 'dst_mac', 'src_ip', 'dst_ip', + 'timeout', 'framesize', 'testtype']) + + src_mac = args.get_arg('src_mac') + dst_mac = args.get_arg('dst_mac') + src_ip = args.get_arg('src_ip') + dst_ip = args.get_arg('dst_ip') + tx_if = args.get_arg('tx_if') + rx_if = args.get_arg('rx_if') + timeout = int(args.get_arg('timeout')) + frame_size = int(args.get_arg('framesize')) + test_type = args.get_arg('testtype') + + protocol = TCP + source_port = sfccon.DEF_SRC_PORT + destination_port = sfccon.DEF_DST_PORT + + ip_version = None + if valid_ipv4(src_ip) and valid_ipv4(dst_ip): + ip_version = IP + elif valid_ipv6(src_ip) and valid_ipv6(dst_ip): + ip_version = IPv6 + else: + raise ValueError("Invalid IP version!") + + innerpkt = (Ether(src=src_mac, dst=dst_mac) / + ip_version(src=src_ip, dst=dst_ip) / + protocol(sport=int(source_port), dport=int(destination_port))) + + vxlangpe_nsh = '\x0c\x00\x00\x04\x00\x00\x0a\x00\x00\x06' \ + '\x01\x03\x00\x00\xb9\xff\xC0\xA8\x32\x4B' \ + '\x00\x00\x00\x09\xC0\xA8\x32\x48\x03\x00\x12\xB5' + + raw_data = vxlangpe_nsh + str(innerpkt) + + pkt_header = (Ether(src=src_mac, dst=dst_mac) / + ip_version(src=src_ip, dst=dst_ip) / + UDP(sport=int(source_port), dport=4790) / + Raw(load=raw_data)) + + fsize_no_fcs = frame_size - 4 + pad_len = max(0, fsize_no_fcs - len(pkt_header)) + pad_data = "A" * pad_len + + pkt_raw = pkt_header / Raw(load=pad_data) + + sendp(pkt_raw, iface=tx_if, count=3) + + time.sleep(timeout) + + # let us begin to check the sfc sff packet + VerifyPacket.check_the_nsh_sfc_packet(frame_size, test_type) + + # we check all the fields about the sfc sff, this test will pass + sys.exit(0) + + +if __name__ == "__main__": + main() |