#!/usr/bin/env python3 """IP6 VRF Multi-instance Test Case HLD: **NOTES:** - higher number of pg-ip6 interfaces causes problems => only 15 pg-ip6 \ interfaces in 5 VRFs are tested - jumbo packets in configuration with 15 pg-ip6 interfaces leads to \ problems too **config 1** - add 15 pg-ip6 interfaces - configure 5 hosts per pg-ip6 interface - configure 4 VRFs - add 3 pg-ip6 interfaces per VRF **test 1** - send IP6 packets between all pg-ip6 interfaces in all VRF groups **verify 1** - check VRF data by parsing output of ip_route_dump API command - all packets received correctly in case of pg-ip6 interfaces in the same VRF - no packet received in case of pg-ip6 interfaces not in VRF - no packet received in case of pg-ip6 interfaces in different VRFs **config 2** - reset 2 VRFs **test 2** - send IP6 packets between all pg-ip6 interfaces in all VRF groups **verify 2** - check VRF data by parsing output of ip_route_dump API command - all packets received correctly in case of pg-ip6 interfaces in the same VRF - no packet received in case of pg-ip6 interfaces not in VRF - no packet received in case of pg-ip6 interfaces in different VRFs **config 3** - add 1 of reset VRFs and 1 new VRF **test 3** - send IP6 packets between all pg-ip6 interfaces in all VRF groups **verify 3** - check VRF data by parsing output of ip_route_dump API command - all packets received correctly in case of pg-ip6 interfaces in the same VRF - no packet received in case of pg-ip6 interfaces not in VRF - no packet received in case of pg-ip6 interfaces in different VRFs **config 4** - reset all VRFs (i.e. no VRF except VRF=0 created) **test 4** - send IP6 packets between all pg-ip6 interfaces in all VRF groups **verify 4** - check VRF data by parsing output of ip_route_dump API command - all packets received correctly in case of pg-ip6 interfaces in the same VRF - no packet received in case of pg-ip6 interfaces not in VRF - no packet received in case of pg-ip6 interfaces in different VRFs """ import unittest import random import socket from scapy.packet import Raw from scapy.layers.l2 import Ether from scapy.layers.inet6 import UDP, IPv6, ICMPv6ND_NS, ICMPv6ND_RA, \ RouterAlert, IPv6ExtHdrHopByHop from scapy.utils6 import in6_ismaddr, in6_isllsnmaddr, in6_getAddrType from scapy.pton_ntop import inet_ntop from framework import VppTestCase, VppTestRunner from util import ppp from vrf import VRFState def is_ipv6_misc_ext(p): """ Is packet one of uninteresting IPv6 broadcasts (extended to filter out ICMPv6 Neighbor Discovery - Neighbor Advertisement packets too)? """ if p.haslayer(ICMPv6ND_RA): if in6_ismaddr(p[IPv6].dst): return True if p.haslayer(ICMPv6ND_NS): if in6_isllsnmaddr(p[IPv6].dst): return True if p.haslayer(IPv6ExtHdrHopByHop): for o in p[IPv6ExtHdrHopByHop].options: if isinstance(o, RouterAlert): return True return False class TestIP6VrfMultiInst(VppTestCase): """ IP6 VRF Multi-instance Test Case """ @classmethod def setUpClass(cls): """ Perform standard class setup (defined by class method setUpClass in class VppTestCase) before running the test case, set test case related variables and configure VPP. """ super(TestIP6VrfMultiInst, cls).setUpClass() # Test variables cls.hosts_per_pg = 5 cls.nr_of_vrfs = 5 cls.pg_ifs_per_vrf = 3 try: # Create pg interfaces cls.create_pg_interfaces( range(cls.nr_of_vrfs * cls.pg_ifs_per_vrf)) # Packet flows mapping pg0 -> pg1, pg2 etc. cls.flows = dict() for i in range(len(cls.pg_interfaces)): multiplicand = i // cls.pg_ifs_per_vrf pg_list = [ cls.pg_interfaces[multiplicand * cls.pg_ifs_per_vrf + j] for j in range(cls.pg_ifs_per_vrf) if (multiplicand * cls.pg_ifs_per_vrf + j) != i] cls.flows[cls.pg_interfaces[i]] = pg_list # Packet sizes - jumbo packet (9018 bytes) skipped cls.pg_if_packet_sizes = [64, 512, 1518] # Set up all interfaces for pg_if in cls.pg_interfaces: pg_if.admin_up() pg_if.generate_remote_hosts(cls.hosts_per_pg) # Create list of VRFs cls.vrf_list = list() # Create list of reset VRFs cls.vrf_reset_list = list() # Create list of pg_interfaces in VRFs cls.pg_in_vrf = list() # Create list of pg_interfaces not in VRFs cls.pg_not_in_vrf = [pg_if for pg_if in cls.pg_interfaces] # Create mapping of pg_interfaces to VRF IDs cls.pg_if_by_vrf_id = dict() for i in range(cls.nr_of_vrfs): vrf_id = i + 1 pg_list = [ cls.pg_interfaces[i * cls.pg_ifs_per_vrf + j] for j in range(cls.pg_ifs_per_vrf)] cls.pg_if_by_vrf_id[vrf_id] = pg_list except Exception: super(TestIP6VrfMultiInst, cls).tearDownClass() raise @classmethod def tearDownClass(cls): super(TestIP6VrfMultiInst, cls).tearDownClass() def setUp(self): """ Clear trace and packet infos before running each test. """ super(TestIP6VrfMultiInst, self).setUp() self.reset_packet_infos() def tearDown(self): """ Show various debug prints after each test. """ super(TestIP6VrfMultiInst, self).tearDown() def show_commands_at_teardown(self): self.logger.info(self.vapi.ppcli("show ip6 fib")) self.logger.info(self.vapi.ppcli("show ip6 neighbors")) def create_vrf_and_assign_interfaces(self, count, start=1): """ Create required number of FIB tables / VRFs, put 3 pg-ip6 interfaces to every FIB table / VRF. :param int count: Number of FIB tables / VRFs to be created. :param int start: Starting number of the FIB table / VRF ID. \ (Default value = 1) """ for i in range(count): vrf_id = i + start pg_if = self.pg_if_by_vrf_id[vrf_id][0] self.vapi.ip_table_add_del(is_add=1, table={'table_id': vrf_id, 'is_ip6': 1}) self.logger.info("IPv6 VRF ID %d created" % vrf_id) if vrf_id not in self.vrf_list: self.vrf_list.append(vrf_id) if vrf_id in self.vrf_reset_list: self.vrf_reset_list.remove(vrf_id) for j in range(self.pg_ifs_per_vrf): pg_if = self.pg_if_by_vrf_id[vrf_id][j] pg_if.set_table_ip6(vrf_id) self.logger.info("pg-interface %s added to IPv6 VRF ID %d" % (pg_if.name, vrf_id)) if pg_if not in self.pg_in_vrf: self.pg_in_vrf.append(pg_if) if pg_if in self.pg_not_in_vrf: self.pg_not_in_vrf.remove(pg_if) pg_if.config_ip6() pg_if.disable_ipv6_ra() pg_if.configure_ipv6_neighbors() self.logger.debug(self.vapi.ppcli("show ip6 fib")) self.logger.debug(self.vapi.ppcli("show ip6 neighbors")) def reset_vrf_and_remove_from_vrf_list(self, vrf_id): """ Reset required FIB table / VRF and remove it from VRF list. :param int vrf_id: The FIB table / VRF ID to be reset. """ self.vapi.ip_table_flush(table={'table_id': vrf_id, 'is_ip6': 1}) if vrf_id in self.vrf_list: self.vrf_list.remove(vrf_id) if vrf_id not in self.vrf_reset_list: self.vrf_reset_list.append(vrf_id) for j in range(self.pg_ifs_per_vrf): pg_if = self.pg_if_by_vrf_id[vrf_id][j] pg_if.unconfig_ip6() if pg_if in self.pg_in_vrf: self.pg_in_vrf.remove(pg_if) if pg_if not in self.pg_not_in_vrf: self.pg_not_in_vrf.append(pg_if) self.logger.info("IPv6 VRF ID %d reset finished" % vrf_id) self.logger.debug(self.vapi.ppcli("show ip6 fib")) self.logger.debug(self.vapi.ppcli("show ip6 neighbors")) self.vapi.ip_table_add_del(is_add=0, table={'table_id': vrf_id, 'is_ip6': 1}) def create_stream(self, src_if, packet_sizes): """ Create input packet stream for defined interface using hosts list. :param object src_if: Interface to create packet stream for. :param list packet_sizes: List of required packet sizes. :return: Stream of packets. """ pkts = [] src_hosts = src_if.remote_hosts for dst_if in self.flows[src_if]: for dst_host in dst_if.remote_hosts: src_host = random.choice(src_hosts) pkt_info = self.create_packet_info(src_if, dst_if) payload = self.info_to_payload(pkt_info) p = (Ether(dst=src_if.local_mac, src=src_host.mac) / IPv6(src=src_host.ip6, dst=dst_host.ip6) / UDP(sport=1234, dport=1234) / Raw(payload)) pkt_info.data = p.copy() size = random.choice(packet_sizes) self.extend_packet(p, size) pkts.append(p) self.logger.debug("Input stream created for port %s. Length: %u pkt(s)" % (src_if.name, len(pkts))) return pkts def create_stream_crosswise_vrf(self, src_if, vrf_id, packet_sizes): """ Create input packet stream for negative test for leaking across different VRFs for defined interface using hosts list. :param object src_if: Interface to create packet stream for. :param int vrf_id: The FIB table / VRF ID where src_if is assigned. :param list packet_sizes: List of required packet sizes. :return: Stream of packets. """ pkts = [] src_hosts = src_if.remote_hosts vrf_lst = list(self.vrf_list) vrf_lst.remove(vrf_id) for vrf in vrf_lst: for dst_if in self.pg_if_by_vrf_id[vrf]: for dst_host in dst_if.remote_hosts: src_host = random.choice(src_hosts) pkt_info = self.create_packet_info(src_if, dst_if) payload = self.info_to_payload(pkt_info) p = (Ether(dst=src_if.local_mac, src=src_host.mac) / IPv6(src=src_host.ip6, dst=dst_host.ip6) / UDP(sport=1234, dport=1234) / Raw(payload)) pkt_info.data = p.copy() size = random.choice(packet_sizes) self.extend_packet(p, size) pkts.append(p) self.logger.debug("Input stream created for port %s. Length: %u pkt(s)" % (src_if.name, len(pkts))) return pkts def verify_capture(self, pg_if, capture): """ Verify captured input packet stream for defined interface. :param object pg_if: Interface to verify captured packet stream for. :param list capture: Captured packet stream. """ last_info = dict() for i in self.pg_interfaces: last_info[i.sw_if_index] = None dst_sw_if_index = pg_if.sw_if_index for packet in capture: try: ip = packet[IPv6] udp = packet[UDP] payload_info = self.payload_to_info(packet[Raw]) packet_index = payload_info.index self.assertEqual(payload_info.dst, dst_sw_if_index) self.logger.debug("Got packet on port %s: src=%u (id=%u)" % (pg_if.name, payload_info.src, packet_index)) next_info = self.get_next_packet_info_for_interface2( payload_info.src, dst_sw_if_index, last_info[payload_info.src]) last_info[payload_info.src] = next_info self.assertIsNotNone(next_info) self.assertEqual(packet_index, next_info.index) saved_packet = next_info.data # Check standard fields self.assertEqual(ip.src, saved_packet[IPv6].src) self.assertEqual(ip.dst, saved_packet[IPv6].dst) self.assertEqual(udp.sport, saved_packet[UDP].sport) self.assertEqual(udp.dport, saved_packet[UDP].dport) except: self.logger.error(ppp("Unexpected or invalid packet:", packet)) raise for i in self.pg_interfaces: remaining_packet = self.get_next_packet_info_for_interface2( i, dst_sw_if_index, last_info[i.sw_if_index]) self.assertIsNone( remaining_packet, "Port %u: Packet expected from source %u didn't arrive" % (dst_sw_if_index, i.sw_if_index)) def verify_vrf(self, vrf_id): """ Check if the FIB table / VRF ID is configured. :param int vrf_id: The FIB table / VRF ID to be verified. :return: 1 if the FIB table / VRF ID is configured, otherwise return 0. """ ip6_fib_dump = self.vapi.ip_route_dump(vrf_id, True) vrf_exist = len(ip6_fib_dump) vrf_count = 0 for ip6_fib_details in ip6_fib_dump: addr = ip6_fib_details.route.prefix.network_address found = False for pg_if in self.pg_if_by_vrf_id[vrf_id]: if found: break for host in pg_if.remote_hosts: if str(addr) == host.ip6: vrf_count += 1 found = True break if not vrf_exist and vrf_count == 0: self.logger.info("IPv6 VRF ID %d is not configured" % vrf_id) return VRFState.not_configured elif vrf_exist and vrf_count == 0: self.logger.info("IPv6 VRF ID %d has been reset" % vrf_id) return VRFState.reset else: self.logger.info("IPv6 VRF ID %d is configured" % vrf_id) return VRFState.configured def run_verify_test(self): """ Create packet streams for all configured pg interfaces, send all \ prepared packet streams and verify that: - all packets received correctly on all pg-ip6 interfaces assigned to VRFs - no packet received on all pg-ip6 interfaces not assigned to VRFs :raise RuntimeError: If no packet captured on pg-ip6 interface assigned to VRF or if any packet is captured on pg-ip6 interface not assigned to VRF. """ # Test # Create incoming packet streams for packet-generator interfaces for pg_if in self.pg_interfaces: pkts = self.create_stream(pg_if, self.pg_if_packet_sizes) pg_if.add_stream(pkts) # Enable packet capture and start packet sending self.pg_enable_capture(self.pg_interfaces) self.pg_start() # Verify # Verify outgoing packet streams per packet-generator interface for pg_if in self.pg_interfaces: if pg_if in self.pg_in_vrf: capture = pg_if.get_capture(remark="interface is in VRF") self.verify_capture(pg_if, capture) elif pg_if in self.pg_not_in_vrf: pg_if.assert_nothing_captured(remark="interface is not in VRF", filter_out_fn=is_ipv6_misc_ext) self.logger.debug("No capture for interface %s" % pg_if.name) else: raise Exception("Unknown interface: %s" % pg_if.name) def run_crosswise_vrf_test(self): """ Create packet streams for every pg-ip6 interface in VRF towards all pg-ip6 interfaces in other VRFs, send all prepared packet streams and \ verify that: - no packet received on all configured pg-ip6 interfaces :raise RuntimeError: If any packet is captured on any pg-ip6 interface. """ # Test # Create incoming packet streams for packet-generator interfaces for vrf_id in self.vrf_list: for pg_if in self.pg_if_by_vrf_id[vrf_id]: pkts = self.create_stream_crosswise_vrf( pg_if, vrf_id, self.pg_if_packet_sizes) pg_if.add_stream(pkts) # Enable packet capture and start packet sending self.pg_enable_capture(self.pg_interfaces) self.pg_start() # Verify # Verify outgoing packet streams per packet-generator interface for pg_if in self.pg_interfaces: pg_if.assert_nothing_captured(remark="interface is in other VRF", filter_out_fn=is_ipv6_misc_ext) self.logger.debug("No capture for interface %s" % pg_if.name) def test_ip6_vrf_01(self): """ IP6 VRF Multi-instance test 1 - create 4 VRFs """ # Config 1 # Create 4 VRFs self.create_vrf_and_assign_interfaces(4) # Verify 1 for vrf_id in self.vrf_list: self.assert_equal(self.verify_vrf(vrf_id), VRFState.configured, VRFState) # Test 1 self.run_verify_test() self.run_crosswise_vrf_test() def test_ip6_vrf_02(self): """ IP6 VRF Multi-instance test 2 - reset 2 VRFs """ # Config 2 # Delete 2 VRFs self.reset_vrf_and_remove_from_vrf_list(1) self.reset_vrf_and_remove_from_vrf_list(2) # Verify 2 for vrf_id in self.vrf_reset_list: self.assert_equal(self.verify_vrf(vrf_id), VRFState.reset, VRFState) for vrf_id in self.vrf_list: self.assert_equal(self.verify_vrf(vrf_id), VRFState.configured, VRFState) # Test 2 self.run_verify_test() self.run_crosswise_vrf_test() # Reset routes learned from ICMPv6 Neighbor Discovery for vrf_id in self.vrf_reset_list: self.reset_vrf_and_remove_from_vrf_list(vrf_id) def test_ip6_vrf_03(self): """ IP6 VRF Multi-instance 3 - add 2 VRFs """ # Config 3 # Add 1 of reset VRFs and 1 new VRF self.create_vrf_and_assign_interfaces(1) self.create_vrf_and_assign_interfaces(1, start=5) # Verify 3 for vrf_id in self.vrf_reset_list: self.assert_equal(self.verify_vrf(vrf_id), VRFState.reset, VRFState) for vrf_id in self.vrf_list: self.assert_equal(self.verify_vrf(vrf_id), VRFState.configured, VRFState) # Test 3 self.run_verify_test() self.run_crosswise_vrf_test() # Reset routes learned from ICMPv6 Neighbor Discovery for vrf_id in self.vrf_reset_list: self.reset_vrf_and_remove_from_vrf_list(vrf_id) def test_ip6_vrf_04(self): """ IP6 VRF Multi-instance test 4 - reset 4 VRFs """ # Config 4 # Reset all VRFs (i.e. no VRF except VRF=0 configured) for i in range(len(self.vrf_list)): self.reset_vrf_and_remove_from_vrf_list(self.vrf_list[0]) # Verify 4 for vrf_id in self.vrf_reset_list: self.assert_equal(self.verify_vrf(vrf_id), VRFState.reset, VRFState) vrf_list_length = len(self.vrf_list) self.assertEqual( vrf_list_length, 0, "List of configured VRFs is not empty: %s != 0" % vrf_list_length) # Test 4 self.run_verify_test() self.run_crosswise_vrf_test() if __name__ == '__main__': unittest.main(testRunner=VppTestRunner)