summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2018-11-07 04:21:12 -0800
committerNeale Ranns <nranns@cisco.com>2018-11-07 13:28:11 +0000
commitc29c0af40eda76e382a63269bca9ff57c6ecf5d5 (patch)
tree3be3f4a3ff2047bcfe553719a0d87ae048ec1f11
parent7ac053b27fee8f9e437cf7b61357943356381061 (diff)
GBP: Endpoints with VLAN tags and birdges that don't learn
Change-Id: I20192f3a8f4f01f47e775746f6fde7c685f185ee Signed-off-by: Neale Ranns <nranns@cisco.com>
-rw-r--r--src/plugins/gbp/gbp.api7
-rw-r--r--src/plugins/gbp/gbp_api.c16
-rw-r--r--src/plugins/gbp/gbp_bridge_domain.c21
-rw-r--r--src/plugins/gbp/gbp_bridge_domain.h43
-rw-r--r--src/plugins/gbp/gbp_learn.c7
-rw-r--r--test/test_gbp.py180
-rw-r--r--test/vpp_papi_provider.py3
7 files changed, 257 insertions, 20 deletions
diff --git a/src/plugins/gbp/gbp.api b/src/plugins/gbp/gbp.api
index bf42243e0d0..1fb9073d190 100644
--- a/src/plugins/gbp/gbp.api
+++ b/src/plugins/gbp/gbp.api
@@ -19,9 +19,16 @@ option version = "2.0.0";
import "vnet/ip/ip_types.api";
import "vnet/ethernet/ethernet_types.api";
+enum gbp_bridge_domain_flags
+{
+ GBP_BD_API_FLAG_NONE = 0,
+ GBP_BD_API_FLAG_DO_NOT_LEARN = 1,
+};
+
typedef gbp_bridge_domain
{
u32 bd_id;
+ vl_api_gbp_bridge_domain_flags_t flags;
u32 bvi_sw_if_index;
u32 uu_fwd_sw_if_index;
};
diff --git a/src/plugins/gbp/gbp_api.c b/src/plugins/gbp/gbp_api.c
index faf036e9d81..47823d5cd9b 100644
--- a/src/plugins/gbp/gbp_api.c
+++ b/src/plugins/gbp/gbp_api.c
@@ -299,6 +299,20 @@ static void
REPLY_MACRO (VL_API_GBP_ENDPOINT_GROUP_DEL_REPLY + GBP_MSG_BASE);
}
+static gbp_bridge_domain_flags_t
+gbp_bridge_domain_flags_from_api (vl_api_gbp_bridge_domain_flags_t a)
+{
+ gbp_bridge_domain_flags_t g;
+
+ g = GBP_BD_FLAG_NONE;
+ a = clib_net_to_host_u32 (a);
+
+ if (a & GBP_BD_API_FLAG_DO_NOT_LEARN)
+ g |= GBP_BD_FLAG_DO_NOT_LEARN;
+
+ return (g);
+}
+
static void
vl_api_gbp_bridge_domain_add_t_handler (vl_api_gbp_bridge_domain_add_t * mp)
{
@@ -306,6 +320,8 @@ vl_api_gbp_bridge_domain_add_t_handler (vl_api_gbp_bridge_domain_add_t * mp)
int rv = 0;
rv = gbp_bridge_domain_add_and_lock (ntohl (mp->bd.bd_id),
+ gbp_bridge_domain_flags_from_api
+ (mp->bd.flags),
ntohl (mp->bd.bvi_sw_if_index),
ntohl (mp->bd.uu_fwd_sw_if_index));
diff --git a/src/plugins/gbp/gbp_bridge_domain.c b/src/plugins/gbp/gbp_bridge_domain.c
index b7812eb1645..1a1a7bd3383 100644
--- a/src/plugins/gbp/gbp_bridge_domain.c
+++ b/src/plugins/gbp/gbp_bridge_domain.c
@@ -31,12 +31,7 @@ gbp_bridge_domain_t *gbp_bridge_domain_pool;
/**
* DB of bridge_domains
*/
-typedef struct gbp_bridge_domain_db_t
-{
- uword *gbd_by_bd_id;
-} gbp_bridge_domain_db_t;
-
-static gbp_bridge_domain_db_t gbp_bridge_domain_db;
+gbp_bridge_domain_db_t gbp_bridge_domain_db;
/**
* logger
@@ -46,12 +41,6 @@ vlib_log_class_t gb_logger;
#define GBP_BD_DBG(...) \
vlib_log_debug (gb_logger, __VA_ARGS__);
-gbp_bridge_domain_t *
-gbp_bridge_domain_get (index_t i)
-{
- return (pool_elt_at_index (gbp_bridge_domain_pool, i));
-}
-
static void
gbp_bridge_domain_lock (index_t i)
{
@@ -95,16 +84,21 @@ gbp_bridge_domain_db_add (gbp_bridge_domain_t * gb)
index_t gbi = gb - gbp_bridge_domain_pool;
hash_set (gbp_bridge_domain_db.gbd_by_bd_id, gb->gb_bd_id, gbi);
+ vec_validate_init_empty (gbp_bridge_domain_db.gbd_by_bd_index,
+ gb->gb_bd_index, INDEX_INVALID);
+ gbp_bridge_domain_db.gbd_by_bd_index[gb->gb_bd_index] = gbi;
}
static void
gbp_bridge_domain_db_remove (gbp_bridge_domain_t * gb)
{
hash_unset (gbp_bridge_domain_db.gbd_by_bd_id, gb->gb_bd_id);
+ gbp_bridge_domain_db.gbd_by_bd_index[gb->gb_bd_index] = INDEX_INVALID;
}
int
gbp_bridge_domain_add_and_lock (u32 bd_id,
+ gbp_bridge_domain_flags_t flags,
u32 bvi_sw_if_index, u32 uu_fwd_sw_if_index)
{
gbp_bridge_domain_t *gb;
@@ -134,6 +128,7 @@ gbp_bridge_domain_add_and_lock (u32 bd_id,
gb->gb_uu_fwd_sw_if_index = uu_fwd_sw_if_index;
gb->gb_bvi_sw_if_index = bvi_sw_if_index;
gb->gb_locks = 1;
+ gb->gb_flags = flags;
/*
* Set the BVI and uu-flood interfaces into the BD
@@ -269,7 +264,7 @@ gbp_bridge_domain_cli (vlib_main_t * vm,
if (~0 == bvi_sw_if_index)
return clib_error_return (0, "interface must be specified");
- gbp_bridge_domain_add_and_lock (bd_id,
+ gbp_bridge_domain_add_and_lock (bd_id, GBP_BD_FLAG_NONE,
bvi_sw_if_index, uu_fwd_sw_if_index);
}
else
diff --git a/src/plugins/gbp/gbp_bridge_domain.h b/src/plugins/gbp/gbp_bridge_domain.h
index 992900b4aa1..4135c2d8232 100644
--- a/src/plugins/gbp/gbp_bridge_domain.h
+++ b/src/plugins/gbp/gbp_bridge_domain.h
@@ -21,11 +21,20 @@
#include <vnet/fib/fib_types.h>
/**
+ * Bridge Domain Flags
+ */
+typedef enum gbp_bridge_domain_flags_t_
+{
+ GBP_BD_FLAG_NONE = 0,
+ GBP_BD_FLAG_DO_NOT_LEARN = (1 << 0),
+} gbp_bridge_domain_flags_t;
+
+/**
* A bridge Domain Representation.
* This is a standard bridge-domain plus all the attributes it must
* have to supprt the GBP model.
*/
-typedef struct gpb_bridge_domain_t_
+typedef struct gbp_bridge_domain_t_
{
/**
* Bridge-domain ID
@@ -34,6 +43,11 @@ typedef struct gpb_bridge_domain_t_
u32 gb_bd_index;
/**
+ * Flags conttrolling behaviour
+ */
+ gbp_bridge_domain_flags_t gb_flags;
+
+ /**
* The BD's BVI interface (obligatory)
*/
u32 gb_bvi_sw_if_index;
@@ -57,18 +71,43 @@ typedef struct gpb_bridge_domain_t_
} gbp_bridge_domain_t;
extern int gbp_bridge_domain_add_and_lock (u32 bd_id,
+ gbp_bridge_domain_flags_t flags,
u32 bvi_sw_if_index,
u32 uu_fwd_sw_if_index);
extern void gbp_bridge_domain_unlock (index_t gbi);
extern index_t gbp_bridge_domain_find_and_lock (u32 bd_id);
extern int gbp_bridge_domain_delete (u32 bd_id);
-extern gbp_bridge_domain_t *gbp_bridge_domain_get (index_t i);
typedef int (*gbp_bridge_domain_cb_t) (gbp_bridge_domain_t * gb, void *ctx);
extern void gbp_bridge_domain_walk (gbp_bridge_domain_cb_t bgpe, void *ctx);
extern u8 *format_gbp_bridge_domain (u8 * s, va_list * args);
+/**
+ * DB of bridge_domains
+ */
+typedef struct gbp_bridge_domain_db_t
+{
+ uword *gbd_by_bd_id;
+ index_t *gbd_by_bd_index;
+} gbp_bridge_domain_db_t;
+
+extern gbp_bridge_domain_db_t gbp_bridge_domain_db;
+extern gbp_bridge_domain_t *gbp_bridge_domain_pool;
+
+always_inline gbp_bridge_domain_t *
+gbp_bridge_domain_get (index_t i)
+{
+ return (pool_elt_at_index (gbp_bridge_domain_pool, i));
+}
+
+always_inline gbp_bridge_domain_t *
+gbp_bridge_domain_get_by_bd_index (u32 bd_index)
+{
+ return (gbp_bridge_domain_get
+ (gbp_bridge_domain_db.gbd_by_bd_index[bd_index]));
+}
+
#endif
/*
diff --git a/src/plugins/gbp/gbp_learn.c b/src/plugins/gbp/gbp_learn.c
index 9239779dd99..883f3d1c862 100644
--- a/src/plugins/gbp/gbp_learn.c
+++ b/src/plugins/gbp/gbp_learn.c
@@ -236,6 +236,7 @@ gbp_learn_l2 (vlib_main_t * vm,
ip4_address_t outer_src, outer_dst;
u32 bi0, sw_if_index0, t0, epg0;
const ethernet_header_t *eh0;
+ gbp_bridge_domain_t *gb0;
gbp_learn_next_t next0;
gbp_endpoint_t *ge0;
vlib_buffer_t *b0;
@@ -259,10 +260,12 @@ gbp_learn_l2 (vlib_main_t * vm,
ge0 = gbp_endpoint_find_mac (eh0->src_address,
vnet_buffer (b0)->l2.bd_index);
+ gb0 =
+ gbp_bridge_domain_get_by_bd_index (vnet_buffer (b0)->l2.bd_index);
- if (vnet_buffer2 (b0)->gbp.flags & VXLAN_GBP_GPFLAGS_D)
+ if ((vnet_buffer2 (b0)->gbp.flags & VXLAN_GBP_GPFLAGS_D) ||
+ (gb0->gb_flags & GBP_BD_FLAG_DO_NOT_LEARN))
{
- ge0 = NULL;
t0 = 1;
goto trace;
}
diff --git a/test/test_gbp.py b/test/test_gbp.py
index a45b2f845b8..92480cebba3 100644
--- a/test/test_gbp.py
+++ b/test/test_gbp.py
@@ -10,6 +10,7 @@ from vpp_ip_route import VppIpRoute, VppRoutePath, VppIpTable, \
from vpp_l2 import VppBridgeDomain, VppBridgeDomainPort, \
VppBridgeDomainArpEntry, VppL2FibEntry, find_bridge_domain_port
from vpp_vxlan_gbp_tunnel import *
+from vpp_sub_interface import VppDot1QSubint
from vpp_ip import *
from vpp_mac import *
@@ -17,7 +18,7 @@ from vpp_papi_provider import L2_PORT_TYPE
from vpp_papi import VppEnum
from scapy.packet import Raw
-from scapy.layers.l2 import Ether, ARP
+from scapy.layers.l2 import Ether, ARP, Dot1Q
from scapy.layers.inet import IP, UDP
from scapy.layers.inet6 import IPv6, ICMPv6ND_NS, ICMPv6NDOptSrcLLAddr, \
ICMPv6ND_NA
@@ -27,6 +28,7 @@ from scapy.layers.vxlan import VXLAN
from socket import AF_INET, AF_INET6
from scapy.utils import inet_pton, inet_ntop
from util import mactobinary
+from vpp_papi_provider import L2_VTR_OP
def find_gbp_endpoint(test, sw_if_index=None, ip=None, mac=None):
@@ -287,15 +289,22 @@ class VppGbpBridgeDomain(VppObject):
GBP Bridge Domain
"""
- def __init__(self, test, bd, bvi, uu_flood=None):
+ def __init__(self, test, bd, bvi, uu_flood=None, learn=True):
self._test = test
self.bvi = bvi
self.uu_flood = uu_flood
self.bd = bd
+ e = VppEnum.vl_api_gbp_bridge_domain_flags_t
+ if (learn):
+ self.learn = e.GBP_BD_API_FLAG_NONE
+ else:
+ self.learn = e.GBP_BD_API_FLAG_DO_NOT_LEARN
+
def add_vpp_config(self):
self._test.vapi.gbp_bridge_domain_add(
self.bd.bd_id,
+ self.learn,
self.bvi.sw_if_index,
self.uu_flood.sw_if_index if self.uu_flood else INDEX_INVALID)
self._test.registry.register(self, self._test.logger)
@@ -1695,6 +1704,173 @@ class TestGBP(VppTestCase):
self.logger.info(self.vapi.cli("sh int"))
self.logger.info(self.vapi.cli("sh gbp vxlan"))
+ def test_gbp_learn_vlan_l2(self):
+ """ GBP L2 Endpoint w/ VLANs"""
+
+ learnt = [{'mac': '00:00:11:11:11:01',
+ 'ip': '10.0.0.1',
+ 'ip6': '2001:10::2'},
+ {'mac': '00:00:11:11:11:02',
+ 'ip': '10.0.0.2',
+ 'ip6': '2001:10::3'}]
+
+ #
+ # lower the inactive threshold so these tests pass in a
+ # reasonable amount of time
+ #
+ self.vapi.gbp_endpoint_learn_set_inactive_threshold(1)
+
+ #
+ # IP tables
+ #
+ gt4 = VppIpTable(self, 1)
+ gt4.add_vpp_config()
+ gt6 = VppIpTable(self, 1, is_ip6=True)
+ gt6.add_vpp_config()
+
+ rd1 = VppGbpRouteDomain(self, 1, gt4, gt6)
+ rd1.add_vpp_config()
+
+ #
+ # Pg2 hosts the vxlan tunnel, hosts on pg2 to act as TEPs
+ #
+ self.pg2.config_ip4()
+ self.pg2.resolve_arp()
+ self.pg2.generate_remote_hosts(4)
+ self.pg2.configure_ipv4_neighbors()
+ self.pg3.config_ip4()
+ self.pg3.resolve_arp()
+
+ #
+ # The EP will be on a vlan sub-interface
+ #
+ vlan_11 = VppDot1QSubint(self, self.pg0, 11)
+ vlan_11.admin_up()
+ self.vapi.sw_interface_set_l2_tag_rewrite(vlan_11.sw_if_index,
+ L2_VTR_OP.L2_POP_1,
+ 11)
+
+ bd_uu_fwd = VppVxlanGbpTunnel(self, self.pg3.local_ip4,
+ self.pg3.remote_ip4, 116)
+ bd_uu_fwd.add_vpp_config()
+
+ #
+ # a GBP bridge domain with a BVI and a UU-flood interface
+ # The BD is marked as do not learn, so no endpoints are ever
+ # learnt in this BD.
+ #
+ bd1 = VppBridgeDomain(self, 1)
+ bd1.add_vpp_config()
+ gbd1 = VppGbpBridgeDomain(self, bd1, self.loop0, bd_uu_fwd,
+ learn=False)
+ gbd1.add_vpp_config()
+
+ self.logger.info(self.vapi.cli("sh bridge 1 detail"))
+ self.logger.info(self.vapi.cli("sh gbp bridge"))
+
+ # ... and has a /32 applied
+ ip_addr = VppIpInterfaceAddress(self, gbd1.bvi, "10.0.0.128", 32)
+ ip_addr.add_vpp_config()
+
+ #
+ # The Endpoint-group in which we are learning endpoints
+ #
+ epg_220 = VppGbpEndpointGroup(self, 220, rd1, gbd1,
+ None, self.loop0,
+ "10.0.0.128",
+ "2001:10::128")
+ epg_220.add_vpp_config()
+
+ #
+ # The VXLAN GBP tunnel is a bridge-port and has L2 endpoint
+ # leanring enabled
+ #
+ vx_tun_l2_1 = VppGbpVxlanTunnel(
+ self, 99, bd1.bd_id,
+ VppEnum.vl_api_gbp_vxlan_tunnel_mode_t.GBP_VXLAN_TUNNEL_MODE_L2)
+ vx_tun_l2_1.add_vpp_config()
+
+ #
+ # A static endpoint that the learnt endpoints are trying to
+ # talk to
+ #
+ ep = VppGbpEndpoint(self, vlan_11,
+ epg_220, None,
+ "10.0.0.127", "11.0.0.127",
+ "2001:10::1", "3001::1")
+ ep.add_vpp_config()
+
+ self.assertTrue(find_route(self, ep.ip4.address, 32, table_id=1))
+
+ #
+ # Send to the static EP
+ #
+ for ii, l in enumerate(learnt):
+ # a packet with an sclass from a knwon EPG
+ # arriving on an unknown TEP
+ p = (Ether(src=self.pg2.remote_mac,
+ dst=self.pg2.local_mac) /
+ IP(src=self.pg2.remote_hosts[1].ip4,
+ dst=self.pg2.local_ip4) /
+ UDP(sport=1234, dport=48879) /
+ VXLAN(vni=99, gpid=220, flags=0x88) /
+ Ether(src=l['mac'], dst=ep.mac) /
+ IP(src=l['ip'], dst=ep.ip4.address) /
+ UDP(sport=1234, dport=1234) /
+ Raw('\xa5' * 100))
+
+ rxs = self.send_and_expect(self.pg2, [p], self.pg0)
+
+ #
+ # packet to EP has the EP's vlan tag
+ #
+ for rx in rxs:
+ self.assertEqual(rx[Dot1Q].vlan, 11)
+
+ #
+ # the EP is not learnt since the BD setting prevents it
+ # also no TEP too
+ #
+ self.assertFalse(find_gbp_endpoint(self,
+ vx_tun_l2_1.sw_if_index,
+ mac=l['mac']))
+ self.assertEqual(INDEX_INVALID,
+ find_vxlan_gbp_tunnel(
+ self,
+ self.pg2.local_ip4,
+ self.pg2.remote_hosts[1].ip4,
+ 99))
+
+ self.assertEqual(len(self.vapi.gbp_endpoint_dump()), 1)
+
+ #
+ # static to remotes
+ # we didn't learn the remotes so they are sent to the UU-fwd
+ #
+ for l in learnt:
+ p = (Ether(src=ep.mac, dst=l['mac']) /
+ Dot1Q(vlan=11) /
+ IP(dst=l['ip'], src=ep.ip4.address) /
+ UDP(sport=1234, dport=1234) /
+ Raw('\xa5' * 100))
+
+ rxs = self.send_and_expect(self.pg0, p * 17, self.pg3)
+
+ for rx in rxs:
+ self.assertEqual(rx[IP].src, self.pg3.local_ip4)
+ self.assertEqual(rx[IP].dst, self.pg3.remote_ip4)
+ self.assertEqual(rx[UDP].dport, 48879)
+ # the UDP source port is a random value for hashing
+ self.assertEqual(rx[VXLAN].gpid, 220)
+ self.assertEqual(rx[VXLAN].vni, 116)
+ self.assertTrue(rx[VXLAN].flags.G)
+ self.assertTrue(rx[VXLAN].flags.Instance)
+ self.assertFalse(rx[VXLAN].gpflags.A)
+ self.assertFalse(rx[VXLAN].gpflags.D)
+
+ self.pg2.unconfig_ip4()
+ self.pg3.unconfig_ip4()
+
def test_gbp_learn_l3(self):
""" GBP L3 Endpoint Learning """
diff --git a/test/vpp_papi_provider.py b/test/vpp_papi_provider.py
index 1adcc1ba24b..9f7968bbbb7 100644
--- a/test/vpp_papi_provider.py
+++ b/test/vpp_papi_provider.py
@@ -3537,13 +3537,14 @@ class VppPapiProvider(object):
""" GBP endpoint group Dump """
return self.api(self.papi.gbp_endpoint_group_dump, {})
- def gbp_bridge_domain_add(self, bd_id,
+ def gbp_bridge_domain_add(self, bd_id, flags,
bvi_sw_if_index,
uu_fwd_sw_if_index):
""" GBP bridge-domain Add """
return self.api(self.papi.gbp_bridge_domain_add,
{'bd':
{
+ 'flags': flags,
'bvi_sw_if_index': bvi_sw_if_index,
'uu_fwd_sw_if_index': uu_fwd_sw_if_index,
'bd_id': bd_id