summaryrefslogtreecommitdiffstats
path: root/test
diff options
context:
space:
mode:
authorPavel Kotucek <pkotucek@cisco.com>2017-09-07 08:17:31 +0200
committerOle Trøan <otroan@employees.org>2017-09-12 08:38:25 +0000
commitc29940c58de3e44c0c1dd5c4eda5e0268d963b14 (patch)
tree4d4f84747757439422aa61ab7c2edaf00246ba54 /test
parent6b3a8eff76f27f2b919887582006b2290d12ecfa (diff)
ACL-plugin add "replace" semantics for adding a new MacIP acl
Change-Id: Ia5c869b2d8b8ad012b9e89fb6720c9c32d9ee065 Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
Diffstat (limited to 'test')
-rw-r--r--test/test_acl_plugin_macip.py118
-rw-r--r--test/vpp_papi_provider.py20
2 files changed, 114 insertions, 24 deletions
diff --git a/test/test_acl_plugin_macip.py b/test/test_acl_plugin_macip.py
index de57f6bb82b..3f41313bc0f 100644
--- a/test/test_acl_plugin_macip.py
+++ b/test/test_acl_plugin_macip.py
@@ -130,13 +130,14 @@ class TestMACIP(VppTestCase):
acls = self.vapi.macip_acl_dump()
if self.DEBUG:
for acl in acls:
+ print "ACL #"+str(acl.acl_index)
for r in acl.r:
rule = "ACTION"
if r.is_permit == 1:
rule = "PERMIT"
elif r.is_permit == 0:
rule = "DENY "
- print "IP6" if r.is_ipv6 else "IP4", \
+ print " IP6" if r.is_ipv6 else " IP4", \
rule, \
r.src_mac.encode('hex'), \
r.src_mac_mask.encode('hex'),\
@@ -144,10 +145,12 @@ class TestMACIP(VppTestCase):
r.src_ip_prefix_len
return acls
- def create_acls(self, mac_type, ip_type, acl_count, rules_count):
- rules = []
+ def create_rules(self, mac_type=EXACT_MAC, ip_type=EXACT_IP,
+ acl_count=1, rules_count=[1]):
+ acls = []
src_mac = int("220000dead00", 16)
for acl in range(2, (acl_count+1) * 2):
+ rules = []
host = random.choice(self.loop0.remote_hosts)
is_ip6 = acl % 2
ip4 = host.ip4.split('.')
@@ -210,12 +213,15 @@ class TestMACIP(VppTestCase):
if ip_type == self.WILD_IP:
break
- reply = self.vapi.macip_acl_add_replace(rules)
+ acls.append(rules)
+ src_mac += 1099511627776
+ return acls
+
+ def apply_rules(self, acls):
+ for acl in acls:
+ reply = self.vapi.macip_acl_add(acl)
self.assertEqual(reply.retval, 0)
self.ACLS.append(reply.acl_index)
- del rules[:]
-
- src_mac += 1099511627776
def verify_acls(self, acl_count, rules_count, expected_count=2):
reply = self.macip_acl_dump_debug()
@@ -459,7 +465,8 @@ class TestMACIP(VppTestCase):
# data = p[Raw].load.split(':',1)[1]
# print p[p_l3].src, data
- def run_traffic(self, mac_type, ip_type, bridged_routed, is_ip6, packets):
+ def run_traffic(self, mac_type, ip_type, bridged_routed, is_ip6, packets,
+ do_not_expected_capture=False):
self.reset_packet_infos()
tx_if = self.pg0 if bridged_routed else self.pg2
@@ -469,7 +476,7 @@ class TestMACIP(VppTestCase):
self.pg2, self.loop0,
bridged_routed, is_ip6)
- reply = self.vapi.macip_acl_add_replace(test_dict['rules'])
+ reply = self.vapi.macip_acl_add(test_dict['rules'])
self.assertEqual(reply.retval, 0)
acl_index = reply.acl_index
@@ -483,15 +490,20 @@ class TestMACIP(VppTestCase):
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
- packet_count = self.get_packet_count_for_if_idx(self.loop0.sw_if_index)
- if mac_type == self.WILD_MAC and ip_type == self.WILD_IP:
- packet_count = packets
- capture = rx_if.get_capture(packet_count)
- self.verify_capture(test_dict['stream'], capture, is_ip6)
+ if do_not_expected_capture:
+ rx_if.get_capture(0)
+ else:
+ packet_count = self.get_packet_count_for_if_idx(
+ self.loop0.sw_if_index)
+ if mac_type == self.WILD_MAC and ip_type == self.WILD_IP:
+ packet_count = packets
+ capture = rx_if.get_capture(packet_count)
+ self.verify_capture(test_dict['stream'], capture, is_ip6)
def run_test_acls(self, mac_type, ip_type, acl_count,
rules_count, traffic=None, ip=None):
- self.create_acls(mac_type, ip_type, acl_count, rules_count)
+ self.apply_rules(self.create_rules(mac_type, ip_type, acl_count,
+ rules_count))
self.verify_acls(acl_count, rules_count)
if traffic is not None:
@@ -687,14 +699,84 @@ class TestMACIP(VppTestCase):
[100, 120, 140, 160, 180, 200, 210, 220, 230, 240],
self.BRIDGED, self.IS_IP6)
+ def test_acl_replace(self):
+ """ MACIP replace ACL
+ """
+
+ r1 = self.create_rules(acl_count=3, rules_count=[2, 2, 2])
+ r2 = self.create_rules(mac_type=self.OUI_MAC, ip_type=self.SUBNET_IP)
+ self.apply_rules(r1)
+
+ acls_before = self.macip_acl_dump_debug()
+
+ # replace acls #2, #3 with new
+ reply = self.vapi.macip_acl_add_replace(r2[0], 2)
+ self.assertEqual(reply.retval, 0)
+ self.assertEqual(reply.acl_index, 2)
+ reply = self.vapi.macip_acl_add_replace(r2[1], 3)
+ self.assertEqual(reply.retval, 0)
+ self.assertEqual(reply.acl_index, 3)
+
+ acls_after = self.macip_acl_dump_debug()
+
+ # verify changes
+ self.assertEqual(len(acls_before), len(acls_after))
+ for acl1, acl2 in zip(
+ acls_before[:2]+acls_before[4:],
+ acls_after[:2]+acls_after[4:]):
+ self.assertEqual(len(acl1), len(acl2))
+
+ self.assertEqual(len(acl1.r), len(acl2.r))
+ for r1, r2 in zip(acl1.r, acl2.r):
+ self.assertEqual(len(acl1.r), len(acl2.r))
+ self.assertEqual(acl1.r, acl2.r)
+ for acl1, acl2 in zip(
+ acls_before[2:4],
+ acls_after[2:4]):
+ self.assertEqual(len(acl1), len(acl2))
+
+ self.assertNotEqual(len(acl1.r), len(acl2.r))
+ for r1, r2 in zip(acl1.r, acl2.r):
+ self.assertNotEqual(len(acl1.r), len(acl2.r))
+ self.assertNotEqual(acl1.r, acl2.r)
+
+ def test_acl_replace_traffic_ip4(self):
+ """ MACIP replace ACL with IP4 traffic
+ """
+ self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
+ self.BRIDGED, self.IS_IP4, 9)
+
+ r = self.create_rules()
+ # replace acls #2, #3 with new
+ reply = self.vapi.macip_acl_add_replace(r[0], 0)
+ self.assertEqual(reply.retval, 0)
+ self.assertEqual(reply.acl_index, 0)
+
+ self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
+ self.BRIDGED, self.IS_IP4, 9, True)
+
+ def test_acl_replace_traffic_ip6(self):
+ """ MACIP replace ACL with IP6 traffic
+ """
+ self.run_traffic(self.OUI_MAC, self.SUBNET_IP,
+ self.BRIDGED, self.IS_IP6, 9)
+
+ r = self.create_rules()
+ # replace acls #2, #3 with new
+ reply = self.vapi.macip_acl_add_replace(r[0], 0)
+ self.assertEqual(reply.retval, 0)
+ self.assertEqual(reply.acl_index, 0)
+
+ self.run_traffic(self.EXACT_MAC, self.EXACT_IP,
+ self.BRIDGED, self.IS_IP6, 9, True)
+
def test_delete_intf(self):
""" MACIP ACL delete intf with acl
"""
intf_count = len(self.interfaces)+1
- rules_count = [3, 5, 4]
intf = []
- self.create_acls(self.EXACT_IP, self.EXACT_MAC, 3, rules_count)
+ self.apply_rules(self.create_rules(acl_count=3, rules_count=[3, 5, 4]))
intf.append(VppLoInterface(self, 0))
intf.append(VppLoInterface(self, 1))
@@ -748,7 +830,7 @@ class TestMACIP(VppTestCase):
self.assertEqual(len([x for x in reply.acls if x != 4294967295]), 0)
@unittest.skipUnless(running_extended_tests(), "part of extended tests")
- def test_check(self):
+ def test_routed(self):
""" MACIP with routed traffic
"""
# TODO: routed do not work yet !!!
diff --git a/test/vpp_papi_provider.py b/test/vpp_papi_provider.py
index 519aff80899..b63a26583da 100644
--- a/test/vpp_papi_provider.py
+++ b/test/vpp_papi_provider.py
@@ -2266,23 +2266,31 @@ class VppPapiProvider(object):
'traffic_type': traffic_type
})
- def macip_acl_add_replace(self, rules, acl_index=0xFFFFFFFF, tag=""):
+ def macip_acl_add(self, rules, tag=""):
""" Add MACIP acl
:param rules: list of rules for given acl
:param tag: acl tag
"""
- # return self.api(self.papi.macip_acl_add_replace,
- # {'acl_index': acl_index,
- # 'r': rules,
- # 'count': len(rules),
- # 'tag': tag})
return self.api(self.papi.macip_acl_add,
{'r': rules,
'count': len(rules),
'tag': tag})
+ def macip_acl_add_replace(self, rules, acl_index=0xFFFFFFFF, tag=""):
+ """ Add MACIP acl
+
+ :param rules: list of rules for given acl
+ :param tag: acl tag
+ """
+
+ return self.api(self.papi.macip_acl_add_replace,
+ {'acl_index': acl_index,
+ 'r': rules,
+ 'count': len(rules),
+ 'tag': tag})
+
def macip_acl_del(self, acl_index):
"""
String.Other */ .highlight .sr { color: #008800; background-color: #fff0ff } /* Literal.String.Regex */ .highlight .s1 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Single */ .highlight .ss { color: #aa6600; background-color: #fff0f0 } /* Literal.String.Symbol */ .highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */ .highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */ .highlight .vc { color: #336699 } /* Name.Variable.Class */ .highlight .vg { color: #dd7700 } /* Name.Variable.Global */ .highlight .vi { color: #3333bb } /* Name.Variable.Instance */ .highlight .vm { color: #336699 } /* Name.Variable.Magic */ .highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */ } 
# Copyright (c) 2017 Cisco and/or its affiliates.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at:
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

*** Settings ***
| Resource | resources/libraries/robot/performance/performance_setup.robot
| ...
| Force Tags | 3_NODE_SINGLE_LINK_TOPO | PERFTEST | HW_ENV | NDRPDRDISC
| ... | NIC_Intel-X520-DA2 | ETH | L2BDMACLRN | FEATURE | ACL | ACL_STATEFUL
| ... | IACL | ACL1 | 10k_FLOWS
| ...
| Suite Setup | Set up 3-node performance topology with DUT's NIC model
| ... | L2 | Intel-X520-DA2
| Suite Teardown | Tear down 3-node performance topology
| ...
| Test Setup | Set up performance test
| ...
| Test Teardown | Tear down performance test with ACL
| ... | ${min_rate}pps | ${framesize} | ${traffic_profile}
| ...
| Documentation | *RFC2544: Packet throughput L2BD test cases with ACL*
| ...
| ... | *[Top] Network Topologies:* TG-DUT1-DUT2-TG 3-node circular topology\
| ... | with single links between nodes.
| ... | *[Enc] Packet Encapsulations:* Eth-IPv4-UDP for L2 switching of IPv4.
| ... | *[Cfg] DUT configuration:* DUT1 is configured with L2 bridge domain\
| ... | and MAC learning enabled. DUT2 is configured with L2 cross-connects.\
| ... | Required ACL rules are applied to input paths of both DUT1 intefaces.\
| ... | DUT1 and DUT2 are tested with 2p10GE NIC X520 Niantic by Intel.\
| ... | *[Ver] TG verification:* TG finds and reports throughput NDR (Non Drop\
| ... | Rate) with zero packet loss tolerance or throughput PDR (Partial Drop\
| ... | Rate) with non-zero packet loss tolerance (LT) expressed in percentage\
| ... | of packets transmitted. NDR and PDR are discovered for different\
| ... | Ethernet L2 frame sizes using either binary search or linear search\
| ... | algorithms with configured starting rate and final step that determines\
| ... | throughput measurement resolution. Test packets are generated by TG on\
| ... | links to DUTs. TG traffic profile contains two L3 flow-groups\
| ... | (flow-group per direction, ${flows_per_dir} flows per flow-group) with\
| ... | all packets containing Ethernet header, IPv4 header with UDP header and\
| ... | static payload. MAC addresses are matching MAC addresses of the TG node\
| ... | interfaces.
| ... | *[Ref] Applicable standard specifications:* RFC2544.

*** Variables ***
# X520-DA2 bandwidth limit
| ${s_limit}= | ${10000000000}

# ACL test setup
| ${acl_action}= | permit+reflect
| ${acl_apply_type}= | input
| ${no_hit_aces_number}= | 1
| ${flows_per_dir}= | 10k

# starting points for non-hitting ACLs
| ${src_ip_start}= | 30.30.30.1
| ${dst_ip_start}= | 40.40.40.1
| ${ip_step}= | ${1}
| ${sport_start}= | ${1000}
| ${dport_start}= | ${1000}
| ${port_step}= | ${1}
| ${trex_stream1_subnet}= | 10.10.10.0/24
| ${trex_stream2_subnet}= | 20.20.20.0/24

*** Keywords ***
| Discover NDR or PDR for L2 Bridge Domain with ACLs
| | [Arguments] | ${wt} | ${rxq} | ${framesize} | ${min_rate} | ${search_type}
| | Set Test Variable | ${framesize}
| | Set Test Variable | ${min_rate}
| | ${max_rate}= | Calculate pps | ${s_limit} | ${framesize}
| | ${binary_min}= | Set Variable | ${min_rate}
| | ${binary_max}= | Set Variable | ${max_rate}
| | ${threshold}= | Set Variable | ${min_rate}
| | Given Add '${wt}' worker threads and '${rxq}' rxqueues in 3-node single-link circular topology
| | And Add PCI devices to DUTs in 3-node single link topology
| | ${get_framesize}= | Get Frame Size | ${framesize}
| | And Run Keyword If | ${get_framesize} < ${1522} | Add no multi seg to all DUTs
| | And Apply startup configuration on all VPP DUTs
| | When Initialize L2 bridge domain with IPv4 ACLs on DUT1 in 3-node circular topology
| | ${traffic_profile}= | Set Variable | trex-sl-3n-ethip4udp-10u1000p-conc
| | Set Test Variable | ${traffic_profile}
| | Then Run Keyword If | '${search_type}' == 'NDR'
| | ... | Find NDR using binary search and pps
| | ... | ${framesize} | ${binary_min} | ${binary_max} | ${traffic_profile}
| | ... | ${min_rate} | ${max_rate} | ${threshold}
| | ... | ELSE IF | '${search_type}' == 'PDR'
| | ... | Find PDR using binary search and pps
| | ... | ${framesize} | ${binary_min} | ${binary_max} | ${traffic_profile}
| | ... | ${min_rate} | ${max_rate} | ${threshold}
| | ... | ${perf_pdr_loss_acceptance} | ${perf_pdr_loss_acceptance_type}

*** Test Cases ***
| tc01-64B-1t1c-eth-l2bdbasemaclrn-iacl1-stateful-flows10k-ndrdisc
| | [Documentation]
| | ... | [Cfg] DUT runs L2BD switching config with ACL with\
| | ... | 1 thread, 1 phy core, 1 receive queue per NIC port.
| | ... | [Ver] Find NDR for 64 Byte frames using binary search start at 10GE\
| | ... | linerate, step 100kpps.
| | ...
| | [Tags] | 64B | 1T1C | STHREAD | NDRDISC
| | ...
| | [Template] | Discover NDR or PDR for L2 Bridge Domain with ACLs
| | wt=1 | rxq=1 | framesize=${64} | min_rate=${100000} | search_type=NDR

| tc02-64B-1t1c-eth-l2bdbasemaclrn-iacl1-stateful-flows10k-pdrdisc
| | [Documentation]
| | ... | [Cfg] DUT runs L2BD switching config with ACL with\
| | ... | 1 thread, 1 phy core, 1 receive queue per NIC port.
| | ... | [Ver] Find PDR for 64 Byte frames using binary search start at 10GE\
| | ... | linerate, step 100kpps, LT=0.5%.
| | ...
| | [Tags] | 64B | 1T1C | STHREAD | PDRDISC | SKIP_PATCH
| | ...
| | [Template] | Discover NDR or PDR for L2 Bridge Domain with ACLs
| | wt=1 | rxq=1 | framesize=${64} | min_rate=${100000} | search_type=PDR

| tc03-64B-2t2c-eth-l2bdbasemaclrn-iacl1-stateful-flows10k-ndrdisc
| | [Documentation]
| | ... | [Cfg] DUT runs L2BD switching config with ACL with\
| | ... | 2 threads, 2 phy cores, 1 receive queue per NIC port.
| | ... | [Ver] Find NDR for 64 Byte frames using binary search start at 10GE\
| | ... | linerate, step 100kpps.
| | ...
| | [Tags] | 64B | 2T2C | MTHREAD | NDRDISC
| | ...
| | [Template] | Discover NDR or PDR for L2 Bridge Domain with ACLs
| | wt=2 | rxq=1 | framesize=${64} | min_rate=${100000} | search_type=NDR

| tc04-64B-2t2c-eth-l2bdbasemaclrn-iacl1-stateful-flows10k-pdrdisc
| | [Documentation]
| | ... | [Cfg] DUT runs L2BD switching config with ACL with\
| | ... | 2 threads, 2 phy cores, 1 receive queue per NIC port.
| | ... | [Ver] Find PDR for 64 Byte frames using binary search start at 10GE\
| | ... | linerate, step 100kpps, LT=0.5%.
| | ...
| | [Tags] | 64B | 2T2C | MTHREAD | PDRDISC | SKIP_PATCH
| | ...
| | [Template] | Discover NDR or PDR for L2 Bridge Domain with ACLs
| | wt=2 | rxq=1 | framesize=${64} | min_rate=${100000} | search_type=PDR