diff options
author | Marcin Ptaszyński <marcin.ptaszynski@ntti3.com> | 2018-06-05 14:44:53 -0700 |
---|---|---|
committer | Marcin Ptaszyński <marcin.ptaszynski@ntti3.com> | 2018-06-13 20:53:17 -0700 |
commit | 5fbd0cb24324f1569377ce5c627bb2db97b76ce7 (patch) | |
tree | 4c646607888f8a46b9f9d2ecedfc3f6759950eda /test | |
parent | 964bb04e22fdbf430d9810f5b362d7844b81e251 (diff) |
table: support AfiSafiIn Policy Condition match
Diffstat (limited to 'test')
-rw-r--r-- | test/scenario_test/route_reflector_test.py | 140 |
1 files changed, 140 insertions, 0 deletions
diff --git a/test/scenario_test/route_reflector_test.py b/test/scenario_test/route_reflector_test.py index 29846d53..3008ad14 100644 --- a/test/scenario_test/route_reflector_test.py +++ b/test/scenario_test/route_reflector_test.py @@ -44,6 +44,14 @@ def wait_for(f, timeout=120): class GoBGPTestBase(unittest.TestCase): + def assert_adv_count(self, src, dst, rf, count): + self.assertEqual(count, len(src.get_adj_rib_out(dst, rf=rf))) + self.assertEqual(count, len(dst.get_adj_rib_in(src, rf=rf))) + + def assert_upd_count(self, src, dst, sent, received): + messages = src.get_neighbor(dst)['state']['messages'] + self.assertEqual(messages['sent'].get('update', 0), sent) + self.assertEqual(messages['received'].get('update', 0), received) @classmethod def setUpClass(cls): @@ -119,6 +127,138 @@ class GoBGPTestBase(unittest.TestCase): else: self.assertFalse(p in paths) + def test_10_setup_rr_rtc_isolation_policy(self): + # +-------+ + # | rr | + # +----------------+----| (RR) |---+----------------+ + # | | +-------+ | | + # | | | | + # (iBGP) (iBGP) (iBGP) (iBGP) + # | | | | + # +-------------+ +-------------+ +-------------+ +-------------+ + # | acme1 | | acme2 | | tyrell1 | | tyrell2 | + # | (RR Client) | | (RR Client) | | (RR Client) | | (RR Client) | + # +-------------+ +-------------+ +-------------+ +-------------+ + + + gobgp_ctn_image_name = parser_option.gobgp_image + rr = GoBGPContainer(name='rr', asn=65000, router_id='192.168.1.1', + ctn_image_name=gobgp_ctn_image_name, + log_level=parser_option.gobgp_log_level) + acme1 = GoBGPContainer(name='acme1', asn=65000, router_id='192.168.1.101', + ctn_image_name=gobgp_ctn_image_name, + log_level=parser_option.gobgp_log_level) + acme2 = GoBGPContainer(name='acme2', asn=65000, router_id='192.168.1.102', + ctn_image_name=gobgp_ctn_image_name, + log_level=parser_option.gobgp_log_level) + + tyrell1 = GoBGPContainer(name='tyrell1', asn=65000, router_id='192.168.1.201', + ctn_image_name=gobgp_ctn_image_name, + log_level=parser_option.gobgp_log_level) + + tyrell2 = GoBGPContainer(name='tyrell2', asn=65000, router_id='192.168.1.202', + ctn_image_name=gobgp_ctn_image_name, + log_level=parser_option.gobgp_log_level) + + time.sleep(max(ctn.run() for ctn in [rr, acme1, acme2, tyrell1, tyrell2])) + + rr.add_peer(acme1, vpn=True, addpath=True, graceful_restart=True, llgr=True, is_rr_client=True) + acme1.add_peer(rr, vpn=True, addpath=True, graceful_restart=True, llgr=True) + + rr.add_peer(acme2, vpn=True, addpath=True, graceful_restart=True, llgr=True, is_rr_client=True) + acme2.add_peer(rr, vpn=True, addpath=True, graceful_restart=True, llgr=True) + + rr.add_peer(tyrell1, vpn=True, addpath=True, graceful_restart=True, llgr=True, is_rr_client=True) + tyrell1.add_peer(rr, vpn=True, addpath=True, graceful_restart=True, llgr=True) + + rr.add_peer(tyrell2, vpn=True, addpath=True, graceful_restart=True, llgr=True, is_rr_client=True) + tyrell2.add_peer(rr, vpn=True, addpath=True, graceful_restart=True, llgr=True) + + self.__class__.rr = rr + self.__class__.acme1 = acme1 + self.__class__.acme2 = acme2 + self.__class__.tyrell1 = tyrell1 + self.__class__.tyrell2 = tyrell2 + + # add import/export policy to allow peers exchange routes within specific RTs + # later tests should not break due to RTC Updates being filtered-out + + rr.local("gobgp policy neighbor add clients-acme {} {}".format( + rr.peer_name(acme1), + rr.peer_name(acme2))) + + rr.local("gobgp policy neighbor add clients-tyrell {} {}".format( + rr.peer_name(tyrell1), + rr.peer_name(tyrell2))) + + rr.local("gobgp policy ext-community add rts-acme rt:^100:.*$") + rr.local("gobgp policy ext-community add rts-tyrell rt:^200:.*$") + + rr.local('gobgp policy statement add allow-rtc') + rr.local('gobgp policy statement allow-rtc add condition afi-safi-in rtc') + rr.local('gobgp policy statement allow-rtc add action accept') + + rr.local('gobgp policy statement add allow-acme') + rr.local('gobgp policy statement allow-acme add condition neighbor clients-acme') + rr.local('gobgp policy statement allow-acme add condition ext-community rts-acme') + rr.local('gobgp policy statement allow-acme add action accept') + + rr.local('gobgp policy statement add allow-tyrell') + rr.local('gobgp policy statement allow-tyrell add condition neighbor clients-tyrell') + rr.local('gobgp policy statement allow-tyrell add condition ext-community rts-tyrell') + rr.local('gobgp policy statement allow-tyrell add action accept') + rr.local('gobgp policy add tenancy allow-rtc allow-acme allow-tyrell') + + rr.local('gobgp global policy import add tenancy default reject') + rr.local('gobgp global policy export add tenancy default reject') + + acme1.local("gobgp vrf add a1 rd 100:100 rt both 100:100") + acme2.local("gobgp vrf add a1 rd 100:100 rt both 100:100") + + tyrell1.local("gobgp vrf add t1 rd 200:100 rt both 200:100") + tyrell2.local("gobgp vrf add t1 rd 200:100 rt both 200:100") + + rr.wait_for(expected_state=BGP_FSM_ESTABLISHED, peer=acme1) + rr.wait_for(expected_state=BGP_FSM_ESTABLISHED, peer=acme2) + rr.wait_for(expected_state=BGP_FSM_ESTABLISHED, peer=tyrell1) + rr.wait_for(expected_state=BGP_FSM_ESTABLISHED, peer=tyrell2) + + def test_11_routes_in_allowed_acme_rts_are_exchanged(self): + self.acme1.local("gobgp vrf a1 rib add 10.10.0.0/16 local-pref 100") + self.acme2.local("gobgp vrf a1 rib add 10.20.0.0/16") + self.tyrell1.local("gobgp vrf t1 rib add 20.10.0.0/16") + self.tyrell2.local("gobgp vrf t1 rib add 20.20.0.0/16") + time.sleep(1) + + self.assert_adv_count(self.rr, self.acme1, 'rtc', 2) + self.assert_adv_count(self.rr, self.acme1, 'ipv4-l3vpn', 1) + self.assert_adv_count(self.rr, self.acme2, 'rtc', 2) + self.assert_adv_count(self.rr, self.acme2, 'ipv4-l3vpn', 1) + self.assert_adv_count(self.rr, self.tyrell1, 'rtc', 2) + self.assert_adv_count(self.rr, self.tyrell1, 'ipv4-l3vpn', 1) + self.assert_adv_count(self.rr, self.tyrell2, 'rtc', 2) + self.assert_adv_count(self.rr, self.tyrell2, 'ipv4-l3vpn', 1) + + def test_12_routes_from_separate_rts_peers_are_isolated_by_rr(self): + self.tyrell1.local("gobgp vrf add a1 rd 100:100 rt both 100:100") + self.tyrell1.local("gobgp vrf add a1 rd 100:100 rt both 100:100") + self.tyrell1.local("gobgp vrf a1 rib add 10.10.0.0/16 local-pref 200") + self.tyrell1.local("gobgp vrf a1 rib add 10.30.0.0/16") + time.sleep(1) + + rr_t2_in = self.rr.get_adj_rib_in(self.tyrell1, rf='ipv4-l3vpn') + self.assertEqual(3, len(rr_t2_in)) + + rr_a2_out = self.rr.get_adj_rib_out(self.acme2, rf='ipv4-l3vpn') + self.assertEqual(1, len(rr_a2_out)) + + a2_routes = self.acme2.get_adj_rib_in(self.rr, rf='ipv4-l3vpn') + self.assertEqual(1, len(a2_routes)) + ar0 = a2_routes[0] + self.assertEqual('10.10.0.0/16', ar0['prefix']) + self.assertEqual(self.rr.peer_name(self.acme1), ar0['nexthop']) + self.assertEqual(100, ar0['local-pref']) + if __name__ == '__main__': output = local("which docker 2>&1 > /dev/null ; echo $?", capture=True) |