Age | Commit message (Collapse) | Author | Files | Lines |
|
+ Post-release rdma_create_v4 will be added next cycle.
Change-Id: Ief129b5be4a2c5d27f4674491c96c548573ecfb1
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Signed-off-by: pmikus <peter.mikus@protonmail.ch>
Change-Id: Id646ab09ae51d3153446f1ae334f62ba7710be14
|
|
Performance of adaptive mode is bad (different bug),
keep continuity of ipsec swasync tests (when VPP allows).
As 23.06-release does not have the new API message,
the new CSIT code needs to be more careful around CRC checking.
+ Add new crc collection with the new API call used.
+ Also keep the old collection so older VPP does not fail.
+ Document how papi executor works with VPP without a message.
+ Prevent CRC checker from raising bodus errors with old VPP.
Change-Id: I9ff933a8a9558289d22d55526905d63e7894378c
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Signed-off-by: pmikus <peter.mikus@protonmail.ch>
Change-Id: I782b87190dbee6e0a12c97f616b80539cd6614bd
|
|
Signed-off-by: xinfeng zhao <xinfengx.zhao@intel.com>
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: I3708253adf4c7421ff48eee6aefb735b39726359
|
|
New features are generally not used in CSIT,
but some edits in code are needed to continue using defaults.
3 messages have newer versions:
* bridge_domain_add_del_v2
* ipsec_spd_entry_add_del_v2
* lb_add_del_vip_v2
Change-Id: Ibcc089ccbf933c019b5e7188c06ef229e68d39a8
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
+ Move papi_exec resource out of for loops.
Change-Id: I39d75ad2552986f82f7e2c8e3aae2fbc07f042e0
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
+ Introduce two explicit handling modes to save memory in scale test.
+ Connect in async mode for both handling modes (to avoid reconnects).
+ Support both pre- and post-37758 VPP PAPI async behavior.
+ Use control-ping in dumps to emulate sync mode.
+ Do not use it for single reply to avoid VPP-2033.
+ Fix call sites to get their replies with correct handling mode.
+ Drain enqueued replies to avoid subsequent errors.
+ Retry if read returns None too early.
+ Update docstrings.
- Complexity issues reported by pylint postponed, needs larger refactor.
- Explicit replace of VAT is done in subsequent changes.
Ticket: CSIT-1547 CSIT-1671
Change-Id: I3c63fa5c578975cc4dd7fce0babe3ab04ec15ed3
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Updated for what is available in (last common ancestor of) 2206.
(So newer messages such as ipsec_spd_entry_add_del_v2 are not used yet.)
+ Removed messgages documented as unused.
- Did not check if more become unused.
+ Restored alphabetical order.
Change-Id: I4191c3f8629106f52ce387d03f30f9f973ffbefe
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
The test scenario is about two private networks which communication was
protected by ipsec.
The test suites are to show performance impovement about ipsec esp flow
lookup that offloaded by NIC flow director and rss.
Verified on 3n-clx and Intel E810 NIC environment, with 64B ipsec packet
flow, performance improved ~31% with 1C2T, ~110% with 2C4T, ~250% with 4C8T.
Signed-off-by: xinfeng zhao <xinfengx.zhao@intel.com>
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Change-Id: I30aec8c5115e5a6fbef88c11d1bef2624029d1b9
|
|
Replace the hardcoded SPD inbound/outbound ranges with values derived
from test inputs.
Add the necessary routes now that the tunnel endpoints are not in the
same subnet. Also add ip neighbor entry on DUT2 for the same reason.
Also replace ipsec sa dump with show ipsec all in teardown of tests
where both SAs and SPDs are configured to improve troubleshooting.
Change-Id: I7d89a99fcf457a701c87bf6ac07364b62802677d
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
+ Just few obvious one
Signed-off-by: pmikus <pmikus@cisco.com>
Change-Id: I9bbac293a56d6b2943bef03cb3b8943e967dae6b
|
|
Based on latest common ancestor of master and stable/2106:
1372178e0e674143bfec14b17050d5e92e4fcf1a
Only ipsec_sad_entry_add_del_v3 needs non-trivial argument edits.
Change-Id: I813367292a830e5a1fac765e9f24057b6b0192ee
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
+ Set 1 as default value for increment.
+ Update IPsecUtil.
+ Tolerate address with host bits set when incrementing.
+ Call sites can check initial value on their own.
+ Support multiple ways of converting to string.
- Only the previous "dash" format is supported here.
+ Update docstrings.
Change-Id: I0c71a6327cca6a319715b3fcfbbee800cac14287
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Add testcases with plain ipv4 forwarding with 1, 10, 100 and 1000 SPD
entries on outbound traffic in both directions both directions. Only
match the last SPD entry and process others before the matching entry.
Add testcases only without flow cache optimization.
Refactor the Python functions that add SPD entries:
- Unify the args in functions that add one and multiple entries.
- For multiple entries, add the ability to pass an object that will
handle how values in each iteration (i.e. for each entry) are modified.
Change-Id: I061922eec6acc75a4e115202c07e72d89bf1f4d3
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
Signed-off-by: pmikus <pmikus@cisco.com>
Change-Id: I6826add7b3032041632c3952c45a3c64409400b0
|
|
Signed-off-by: pmikus <pmikus@cisco.com>
Change-Id: I909942dbb920df7f0fe15c0c92cda92c3cd8d8ad
|
|
Add more granularity test policy tests. Mirror the number of tunnels in
other IPsec tests under 1000 tunnels.
Change-Id: I9bde7447a5d809bab05db132bf6cb524e97e19b3
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
Add 2n1l udir 1 and 1000 tunnel sw policy IPsec tests to mirror the
existing 3n tests.
Add static ip neighbor mac entries which can't be retrieved in 2node
setups.
Change-Id: I13dd557cbeed7f907fa9b4c21e4e245d48916513
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
The tunnel specification in "ipsec sa add" has changed. Update the cli
the reflect this.
Change-Id: I11d788798419b96b1289c53052eedb9767252df6
Signed-off-by: Juraj Linkeš <juraj.linkes@pantheon.tech>
|
|
Some tests use a crypto algorithm with no integrity algorithm.
Generate empty binary strings as fake integrity keys
to keep return values of low level methods consistent.
+ Add return_keys argument to avoid returning long lists.
+ Improve various docstrings.
Change-Id: Idae1877bdde32d194ce4e3bb3053c8dba39d377a
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
This patch is to add test suites for vpp plugin crypto_sw_scheduler,
IPsec sync mode is to do crypto and packet forward work in same worker cores,
crypto_sw_scheduler can schedule crypto work to other async crypto cores to
improve whole crypto processing capability.
This test suites configure fixed 1 rx queues per port, then measure IPsec
performance with 1, 2, 3 crypto cores.
This patchset include 1, 2, 4, 8 ipsec tunnels test cases.
+Vratko help to change to count total physical cores instead of previous only
count crypto cores in test cases.
Change-Id: I0e67182e3d13273890a23703d838101900e25126
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
Signed-off-by: pmikus <pmikus@cisco.com>
|
|
The mesages are the newest present in last common ancestor
of master and rls2101 (so not yet ipsec_sad_entry_add_del_v3).
Added a TODO for the RDMA create improvement,
to be implemented in a separate change.
Change-Id: I94bcd2f1bc109fb995c4dd6df44f8928865634f5
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Jira: CSIT-1597
+ add ipsec_sa tear down action
Change-Id: I4d1e6f26c14e61e8ddc6f29fbf5528a034c84eb0
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
In VPP 20.05, vpp added async crypto engine that support to use QAT hardware
to do encryption and decryption, vnet/ipsec enabled async mode to use async
crypto engine.
Current async crypto engine also use dpdk_cryptodev as async handlers, in the
future it may add other native QAT driver as async handlers.
Note that async crypto engine is to support vnet/ipsec, it is different
with current existing dpdk backend which itself has ESP implementation
in plugins/dpdk/ipsec.
Change-Id: I4e6eaa7ca1eddb8b1c45212de0684fb26907119b
Signed-off-by: Yulong Pei <yulong.pei@intel.com>
|
|
- cover API changes in VPP: https://gerrit.fd.io/r/c/vpp/+/26276
- update vpp stable to version 20.05-rc0~727
Change-Id: I39a0b5e60fac6a74aff2426f6a448c0e117ab647
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
+ some pylint fixies
Change-Id: I650ce16282ae953a1a5ee96e810702c01f71efd6
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
Reason: with upcomming vpp api changes the ip object will be used
in more csit python libraries, e.g. InterfaceUtil.py, so we need
to avoid circular import issue
(e.g. InterfaceUtil.pyu <-> IPUtil.py)
Change-Id: Ia658b187d4e326f58e33019dd54f8ac7b9137d78
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
- cover API changes in VPP: https://gerrit.fd.io/r/c/vpp/+/25529
- update vpp stable to version 20.05-rc0~312-g287d5e109
Change-Id: I6c7b3520f4bb306c3b0b59247b4ba2d5f170686c
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
- Not adding nf_density tests.
- Not adding hardware ipsec tests.
- Not adding -policy- tests.
- Using old crypto_ia32_plugin.so plugin name.
+ Suitable for cherry-picking to rls2001.
Change-Id: Ibf44d6d91e2afa2320637ecd9eb69d5d5dc364aa
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
+ Because arp->neigbor was so important to do.
Signed-off-by: Peter Mikus <pmikus@cisco.com>
Change-Id: I552e175b7555ebf5053d7994c0c9173c0c96fc58
|
|
Change-Id: Ie64d662e81879bd52785e0188450d998bf056bda
Signed-off-by: Ludovit Mikula <ludovit.mikula@pantheon.tech>
|
|
Change-Id: Ibf1979b87aeea0f4c195b97c8e6b59a4a23b1b77
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
Change-Id: I066a8b85649654c1c575eb63722de6c51f3d4f78
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
Change-Id: I1392c06b1d64f62b141d24c0d42a8e36913b15e2
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
Signed-off-by: Peter Mikus <pmikus@cisco.com>
Change-Id: I6e3ce086978c383303724d989702b1c1273c50c0
|
|
CSIT code alignment with API changes in VPP introduced
by patch https://gerrit.fd.io/r/c/vpp/+/18361
Change-Id: Ib0357bba79f55d297ef1086fbf3b760caca16cdb
Signed-off-by: Jan Gelety <jgelety@cisco.com>
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
- if we are trying to update ip field of already existing IP object
in more iterations of e.g. ip_route_add_del the PapiExecutor uses
value from last iteration for all iterations so it ends up in
creation of ip route only for one IP not for all required IPs
Change-Id: I5ffa622e2a06d0c5c71720d2cf743a4c2104ab79
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
Because:
>>> for i in xrange(4):
... if i > 0 and i % 250 / 3 == 0:
... i
...
1
2
Change-Id: Ia4eba227ea1e4c6222f32ac598f254428d95adc9
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
Change-Id: Iecfd7e69a72c8d5893a703fa93439cde0a3edf5f
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
Change-Id: Iac790bf5755a70697e4c4eff32242b04f8e7f789
Signed-off-by: Jan Gelety <jgelety@cisco.com>
|
|
Ticket: CSIT-1541
Ticket: VPP-1722
Ticket: CSIT-1546
+ Increase timeout to hide x520 slownes of show hardware detail.
- Install sshpass and update ssh client in virl bootstrap.
+ Added TODOs to remove when CSIT-1546 is fixed.
+ Enable default socksvr on any startup conf.
+ Improve OptionString init and repr.
- The non-socket executor still kept for stats.
+ Remove everything unrelated to stats from non-socket executor.
- Remove some debug-loooking calls to avoid failures.
TODO: Introduce proper parsing to the affected keywords.
+ Reduce logging from PAPI code to level INFO.
- Needs https://gerrit.fd.io/r/20660 to fully work.
+ Change default values for LocalExecution.run()
+ Return code check enabled by default.
Code is more readable when rc!=0 is allowed explicitly,
and the test code will now detect unexpected failures.
+ Logging disabled by default.
Output XML is large already. Important logging can be enabled explicitly.
+ Restore alphabetical order in common.sh functions.
Change-Id: I05882cb6b620ad14638f7404b5ad38c7a5de9e6c
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Do not support returning unverified replies anymore.
Basically, ".get_replies().verify_replies()" is now just ".get_replies()".
This allows fairly large simplifications both at call sites
and in PapiExecutor.py
+ Rename get_dumps to get_details.
+ Introduce get_reply and get_sw_if_index.
+ Rename variables holding get_*() value,
+ e.g. get_stats() value is stored to variable named "stats".
+ Rename "item" of subsequent loop to hint the type instead.
+ Rename "details" function argument to "verbose".
+ Process reply details in place, instead of building new list.
- Except hybrid blocks which can return both list or single item.
- Except human readable text building blocks.
+ Rename most similar names to sw_if_index.
- Except "vpp_sw_index" and some function names.
+ Use single run_cli_cmd from PapiExecutor.
+ Do not chain methods over multiple lines.
+ Small space gain is not worth readability loss.
+ Include minor code and docstrings improvement.
+ Add some TODOs.
Change-Id: Ib2110a3d2101a74d5837baab3a58dc46aafc6ce3
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
+ Stop attempting to check test/ as module inits are not there.
Change-Id: Ia4e498061be3e3118b07e98c9c2f761f2454653e
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|
|
Change-Id: Ib52e1735b6b82ea9fea44c06c379f117068e94c1
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
Change-Id: Ide82ae5fa03d3fec8f4db9db7634be0a1e339cd1
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
Change-Id: I286490280b6e62f9f212831a5bf1d14db1838fa7
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
Change-Id: I10eeb4ee30a57712824e68176d92d1ecb5f0d1b0
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
- Add:
aes-128-gcm aes-128-gcm
aes-256-gcm aes-256-gcm
aes-128-cbc hmac-sha-256
aes-256-cbc hmac-sha-512
- Remove:
hmac-sha1
- Scale will follow in next patch
Change-Id: I789f71cf66cf61b8dbb3c6dbe9b6fdc79866ac33
Signed-off-by: Peter Mikus <pmikus@cisco.com>
|
|
Change-Id: I4c756cc4b29901184594a728f6184c30cadd9c1a
Signed-off-by: Vratko Polak <vrpolak@cisco.com>
|