aboutsummaryrefslogtreecommitdiffstats
path: root/tests/vpp/perf/crypto/10ge2p1x710-ethip4ipsec400tnlsw-ip4base-int-aes256gcm-ndrpdr.robot
blob: a783b73ce9c1bc0c019b084bf9f4bc2e64d4cbdc (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152

# Copyright (c) 2019 Cisco and/or its affiliates.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at:
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

*** Settings ***
| Resource | resources/libraries/robot/shared/default.robot
| Resource | resources/libraries/robot/crypto/ipsec.robot
| ...
| Force Tags | 3_NODE_SINGLE_LINK_TOPO | PERFTEST | HW_ENV | NDRPDR | TNL_400
| ... | IP4FWD | IPSEC | IPSECSW | IPSECINT | NIC_Intel-X710 | SCALE
| ... | AES_256_GCM | AES
| ...
| Suite Setup | Setup suite single link | performance
| Suite Teardown | Tear down suite | performance
| Test Setup | Setup test
| Test Teardown | Tear down test | performance
| ...
| Test Template | Local Template
| ...
| Documentation | *RFC2544: Pkt throughput IPv4 IPsec tunnel mode.*
| ...
| ... | *[Top] Network Topologies:* TG-DUT1-DUT2-TG 3-node circular topology
| ... | with single links between nodes.
| ... | *[Enc] Packet Encapsulations:* Eth-IPv4 on TG-DUTn,
| ... | Eth-IPv4-IPSec on DUT1-DUT2
| ... | *[Cfg] DUT configuration:* DUT1 and DUT2 are configured with multiple\
| ... | IPsec tunnels between them. DUTs get IPv4 traffic from TG, encrypt it\
| ... | and send to another DUT, where packets are decrypted and sent back to TG
| ... | *[Ver] TG verification:* TG finds and reports throughput NDR (Non Drop\
| ... | Rate) with zero packet loss tolerance and throughput PDR (Partial Drop\
| ... | Rate) with non-zero packet loss tolerance (LT) expressed in percentage\
| ... | of packets transmitted. NDR and PDR are discovered for different\
| ... | Ethernet L2 frame sizes using MLRsearch library.\
| ... | Test packets are generated by TG on
| ... | links to DUTs. TG traffic profile contains two L3 flow-groups
| ... | (flow-group per direction, number of flows per flow-group equals to
| ... | number of IPSec tunnels) with all packets
| ... | containing Ethernet header, IPv4 header with IP protocol=61 and
| ... | static payload. MAC addresses are matching MAC addresses of the TG
| ... | node interfaces. Incrementing of IP.dst (IPv4 destination address) field
| ... | is applied to both streams.
| ... | *[Ref] Applicable standard specifications:* RFC4303 and RFC2544.

*** Variables ***
| @{plugins_to_enable}= | dpdk_plugin.so | crypto_ia32_plugin.so
| ... | crypto_ipsecmb_plugin.so | crypto_openssl_plugin.so
| ${osi_layer}= | L3
| ${nic_name}= | Intel-X710
| ${overhead}= | ${54}
| ${tg_if1_ip4}= | 192.168.10.2
| ${dut1_if1_ip4}= | 192.168.10.1
| ${dut1_if2_ip4}= | 100.0.0.1
| ${dut2_if1_ip4}= | 200.0.0.2
| ${dut2_if2_ip4}= | 192.168.20.1
| ${tg_if2_ip4}= | 192.168.20.2
| ${raddr_ip4}= | 20.0.0.0
| ${laddr_ip4}= | 10.0.0.0
| ${addr_range}= | ${24}
| ${n_tunnels}= | ${400}
# Traffic profile:
| ${traffic_profile}= | trex-sl-3n-ethip4-ip4dst${n_tunnels}

*** Keywords ***
| Local Template
| | [Documentation]
| | ... | [Cfg] DUT runs IPSec tunneling AES_256_GCM config.
| | ... | Each DUT uses ${phy_cores} physical core(s) for worker threads.
| | ... | [Ver] Measure NDR and PDR values using MLRsearch algorithm.\
| | ...
| | ... | *Arguments:*
| | ... | - frame_size - Framesize in Bytes in integer or string (IMIX_v4_1).
| | ... | Type: integer, string
| | ... | - phy_cores - Number of physical cores. Type: integer
| | ... | - rxq - Number of RX queues, default value: ${None}. Type: integer
| | ...
| | [Arguments] | ${frame_size} | ${phy_cores} | ${rxq}=${None}
| | ...
| | Set Test Variable | \${frame_size}
| | ...
| | # These are enums (not strings) so they cannot be in Variables table.
| | ${encr_alg}= | Crypto Alg AES GCM 256
| | ${auth_alg}= | Set Variable | ${NONE}
| | ${ipsec_proto} = | IPsec Proto ESP
| | ...
| | Given Add worker threads and rxqueues to all DUTs | ${phy_cores} | ${rxq}
| | And Add PCI devices to all DUTs
| | And Set Max Rate And Jumbo And Handle Multi Seg
| | And Apply startup configuration on all VPP DUTs
| | When Initialize IPSec in 3-node circular topology
| | And VPP IPsec Create Tunnel Interfaces
| | ... | ${nodes} | ${dut1_if2_ip4} | ${dut2_if1_ip4} | ${dut1_if2}
| | ... | ${dut2_if1} | ${n_tunnels} | ${encr_alg} | ${auth_alg}
| | ... | ${laddr_ip4} | ${raddr_ip4} | ${addr_range}
| | Then Find NDR and PDR intervals using optimized search

*** Test Cases ***
| tc01-64B-1c-ethip4ipsec400tnlsw-ip4base-int-aes256gcm-ndrpdr
| | [Tags] | 64B | 1C
| | frame_size=${64} | phy_cores=${1}

| tc02-64B-2c-ethip4ipsec400tnlsw-ip4base-int-aes256gcm-ndrpdr
| | [Tags] | 64B | 2C
| | frame_size=${64} | phy_cores=${2}

| tc03-64B-4c-ethip4ipsec400tnlsw-ip4base-int-aes256gcm-ndrpdr
| | [Tags] | 64B | 4C
| | frame_size=${64} | phy_cores=${4}

| tc04-1518B-1c-ethip4ipsec400tnlsw-ip4base-int-aes256gcm-ndrpdr
| | [Tags] | 1518B | 1C
| | frame_size=${1518} | phy_cores=${1}

| tc05-1518B-2c-ethip4ipsec400tnlsw-ip4base-int-aes256gcm-ndrpdr
| | [Tags] | 1518B | 2C
| | frame_size=${1518} | phy_cores=${2}

| tc06-1518B-4c-ethip4ipsec400tnlsw-ip4base-int-aes256gcm-ndrpdr
| | [Tags] | 1518B | 4C
| | frame_size=${1518} | phy_cores=${4}

| tc07-9000B-1c-ethip4ipsec400tnlsw-ip4base-int-aes256gcm-ndrpdr
| | [Tags] | 9000B | 1C
| | frame_size=${9000} | phy_cores=${1}

| tc08-9000B-2c-ethip4ipsec400tnlsw-ip4base-int-aes256gcm-ndrpdr
| | [Tags] | 9000B | 2C
| | frame_size=${9000} | phy_cores=${2}

| tc09-9000B-4c-ethip4ipsec400tnlsw-ip4base-int-aes256gcm-ndrpdr
| | [Tags] | 9000B | 4C
| | frame_size=${9000} | phy_cores=${4}

| tc10-IMIX-1c-ethip4ipsec400tnlsw-ip4base-int-aes256gcm-ndrpdr
| | [Tags] | IMIX | 1C
| | frame_size=IMIX_v4_1 | phy_cores=${1}

| tc11-IMIX-2c-ethip4ipsec400tnlsw-ip4base-int-aes256gcm-ndrpdr
| | [Tags] | IMIX | 2C
| | frame_size=IMIX_v4_1 | phy_cores=${2}

| tc12-IMIX-4c-ethip4ipsec400tnlsw-ip4base-int-aes256gcm-ndrpdr
| | [Tags] | IMIX | 4C
| | frame_size=IMIX_v4_1 | phy_cores=${4}
class="s2">"expire_time_clocks", 0, 64), BitField("checksum", 0, 64) ] def mysummary(self): return self.sprintf( "BFD_VPP_ECHO(disc=%BFD_VPP_ECHO.discriminator%," "expire_time_clocks=%BFD_VPP_ECHO.expire_time_clocks%)") # glue the BFD echo packet class to scapy parser bind_layers(UDP, BFD_vpp_echo, dport=BFD_vpp_echo.udp_dport) class VppBFDAuthKey(VppObject): """ Represents BFD authentication key in VPP """ def __init__(self, test, conf_key_id, auth_type, key): self._test = test self._key = key self._auth_type = auth_type test.assertIn(auth_type, BFDAuthType.desc_dict) self._conf_key_id = conf_key_id @property def test(self): """ Test which created this key """ return self._test @property def auth_type(self): """ Authentication type for this key """ return self._auth_type @property def key(self): """ key data """ return self._key @key.setter def key(self, value): self._key = value @property def conf_key_id(self): """ configuration key ID """ return self._conf_key_id def add_vpp_config(self): self.test.vapi.bfd_auth_set_key( conf_key_id=self._conf_key_id, auth_type=self._auth_type, key=self._key, key_len=len(self._key)) self._test.registry.register(self, self.test.logger) def get_bfd_auth_keys_dump_entry(self): """ get the entry in the auth keys dump corresponding to this key """ result = self.test.vapi.bfd_auth_keys_dump() for k in result: if k.conf_key_id == self._conf_key_id: return k return None def query_vpp_config(self): return self.get_bfd_auth_keys_dump_entry() is not None def remove_vpp_config(self): self.test.vapi.bfd_auth_del_key(conf_key_id=self._conf_key_id) def object_id(self): return "bfd-auth-key-%s" % self._conf_key_id class VppBFDUDPSession(VppObject): """ Represents BFD UDP session in VPP """ def __init__(self, test, interface, peer_addr, local_addr=None, af=AF_INET, desired_min_tx=300000, required_min_rx=300000, detect_mult=3, sha1_key=None, bfd_key_id=None, is_tunnel=False): self._test = test self._interface = interface self._af = af if local_addr: self._local_addr = local_addr else: self._local_addr = None self._peer_addr = peer_addr self._desired_min_tx = desired_min_tx self._required_min_rx = required_min_rx self._detect_mult = detect_mult self._sha1_key = sha1_key if bfd_key_id is not None: self._bfd_key_id = bfd_key_id else: self._bfd_key_id = randint(0, 255) self._is_tunnel = is_tunnel @property def test(self): """ Test which created this session """ return self._test @property def interface(self): """ Interface on which this session lives """ return self._interface @property def af(self): """ Address family - AF_INET or AF_INET6 """ return self._af @property def local_addr(self): """ BFD session local address (VPP address) """ if self._local_addr is None: if self.af == AF_INET: return self._interface.local_ip4 elif self.af == AF_INET6: return self._interface.local_ip6 else: raise Exception("Unexpected af '%s'" % self.af) return self._local_addr @property def peer_addr(self): """ BFD session peer address """ return self._peer_addr def get_bfd_udp_session_dump_entry(self): """ get the namedtuple entry from bfd udp session dump """ result = self.test.vapi.bfd_udp_session_dump() for s in result: self.test.logger.debug("session entry: %s" % str(s)) if s.sw_if_index == self.interface.sw_if_index: if self.af == AF_INET \ and self.interface.local_ip4 == str(s.local_addr) \ and self.interface.remote_ip4 == str(s.peer_addr): return s if self.af == AF_INET6 \ and self.interface.local_ip6 == str(s.local_addr) \ and self.interface.remote_ip6 == str(s.peer_addr): return s return None @property def state(self): """ BFD session state """ session = self.get_bfd_udp_session_dump_entry() if session is None: raise Exception("Could not find BFD session in VPP response") return session.state @property def desired_min_tx(self): """ desired minimum tx interval """ return self._desired_min_tx @property def required_min_rx(self): """ required minimum rx interval """ return self._required_min_rx @property def detect_mult(self): """ detect multiplier """ return self._detect_mult @property def sha1_key(self): """ sha1 key """ return self._sha1_key @property def bfd_key_id(self): """ bfd key id in use """ return self._bfd_key_id @property def is_tunnel(self): return self._is_tunnel def activate_auth(self, key, bfd_key_id=None, delayed=False): """ activate authentication for this session """ self._bfd_key_id = bfd_key_id if bfd_key_id else randint(0, 255) self._sha1_key = key conf_key_id = self._sha1_key.conf_key_id is_delayed = 1 if delayed else 0 self.test.vapi.bfd_udp_auth_activate( sw_if_index=self._interface.sw_if_index, local_addr=self.local_addr, peer_addr=self.peer_addr, bfd_key_id=self._bfd_key_id, conf_key_id=conf_key_id, is_delayed=is_delayed) def deactivate_auth(self, delayed=False): """ deactivate authentication """ self._bfd_key_id = None self._sha1_key = None is_delayed = 1 if delayed else 0 self.test.vapi.bfd_udp_auth_deactivate( sw_if_index=self._interface.sw_if_index, local_addr=self.local_addr, peer_addr=self.peer_addr, is_delayed=is_delayed) def modify_parameters(self, detect_mult=None, desired_min_tx=None, required_min_rx=None): """ modify session parameters """ if detect_mult: self._detect_mult = detect_mult if desired_min_tx: self._desired_min_tx = desired_min_tx if required_min_rx: self._required_min_rx = required_min_rx self.test.vapi.bfd_udp_mod(sw_if_index=self._interface.sw_if_index, desired_min_tx=self.desired_min_tx, required_min_rx=self.required_min_rx, detect_mult=self.detect_mult, local_addr=self.local_addr, peer_addr=self.peer_addr) def add_vpp_config(self): bfd_key_id = self._bfd_key_id if self._sha1_key else None conf_key_id = self._sha1_key.conf_key_id if self._sha1_key else None is_authenticated = True if self._sha1_key else False self.test.vapi.bfd_udp_add(sw_if_index=self._interface.sw_if_index, desired_min_tx=self.desired_min_tx, required_min_rx=self.required_min_rx, detect_mult=self.detect_mult, local_addr=self.local_addr, peer_addr=self.peer_addr, bfd_key_id=bfd_key_id, conf_key_id=conf_key_id, is_authenticated=is_authenticated) self._test.registry.register(self, self.test.logger) def query_vpp_config(self): session = self.get_bfd_udp_session_dump_entry() return session is not None def remove_vpp_config(self): self.test.vapi.bfd_udp_del(self._interface.sw_if_index, local_addr=self.local_addr, peer_addr=self.peer_addr) def object_id(self): return "bfd-udp-%s-%s-%s-%s" % (self._interface.sw_if_index, self.local_addr, self.peer_addr, self.af) def admin_up(self): """ set bfd session admin-up """ self.test.vapi.bfd_udp_session_set_flags( flags=VppEnum.vl_api_if_status_flags_t.IF_STATUS_API_FLAG_ADMIN_UP, sw_if_index=self._interface.sw_if_index, local_addr=self.local_addr, peer_addr=self.peer_addr) def admin_down(self): """ set bfd session admin-down """ self.test.vapi.bfd_udp_session_set_flags( flags=0, sw_if_index=self._interface.sw_if_index, local_addr=self.local_addr, peer_addr=self.peer_addr)