0001
0002
0003
0004
0005
0006
0007
0008
0009
0010
0011
0012
0013
0014
0015
0016
0017
0018
0019
0020
0021
0022
0023
0024
0025
0026
0027
0028
0029
0030
0031
0032
0033
0034
0035
0036
0037
0038
0039
0040
0041
0042
0043
0044
0045
0046
0047
0048
0049
0050
0051
0052
0053
0054
0055
0056
0057
0058
0059
0060
0061
0062
0063
0064
0065
0066
0067
0068
0069
0070
0071
0072
0073
0074
0075
0076
0077
0078
0079
0080
0081
0082
0083
0084
0085
0086
0087
0088
0089
0090
0091
0092
0093
0094 ALL_TESTS="
0095 ping_ipv4
0096 arp_decap
0097 arp_suppression
0098 "
0099 NUM_NETIFS=6
0100 source lib.sh
0101
0102 require_command $ARPING
0103
0104 hx_create()
0105 {
0106 local vrf_name=$1; shift
0107 local if_name=$1; shift
0108 local ip_addr=$1; shift
0109 local gw_ip=$1; shift
0110
0111 vrf_create $vrf_name
0112 ip link set dev $if_name master $vrf_name
0113 ip link set dev $vrf_name up
0114 ip link set dev $if_name up
0115
0116 ip address add $ip_addr/24 dev $if_name
0117 ip neigh replace $gw_ip lladdr 00:00:5e:00:01:01 nud permanent \
0118 dev $if_name
0119 ip route add default vrf $vrf_name nexthop via $gw_ip
0120 }
0121 export -f hx_create
0122
0123 hx_destroy()
0124 {
0125 local vrf_name=$1; shift
0126 local if_name=$1; shift
0127 local ip_addr=$1; shift
0128 local gw_ip=$1; shift
0129
0130 ip route del default vrf $vrf_name nexthop via $gw_ip
0131 ip neigh del $gw_ip dev $if_name
0132 ip address del $ip_addr/24 dev $if_name
0133
0134 ip link set dev $if_name down
0135 vrf_destroy $vrf_name
0136 }
0137
0138 h1_create()
0139 {
0140 hx_create "vrf-h1" $h1 10.1.1.101 10.1.1.1
0141 }
0142
0143 h1_destroy()
0144 {
0145 hx_destroy "vrf-h1" $h1 10.1.1.101 10.1.1.1
0146 }
0147
0148 h2_create()
0149 {
0150 hx_create "vrf-h2" $h2 10.1.2.101 10.1.2.1
0151 }
0152
0153 h2_destroy()
0154 {
0155 hx_destroy "vrf-h2" $h2 10.1.2.101 10.1.2.1
0156 }
0157
0158 switch_create()
0159 {
0160 ip link add name br1 type bridge vlan_filtering 1 vlan_default_pvid 0 \
0161 mcast_snooping 0
0162
0163
0164 ip link set dev br1 address $(mac_get $swp1)
0165 ip link set dev br1 up
0166
0167 ip link set dev $rp1 up
0168 ip address add dev $rp1 192.0.2.1/24
0169 ip route add 10.0.0.2/32 nexthop via 192.0.2.2
0170
0171 ip link add name vx10 type vxlan id 1000 \
0172 local 10.0.0.1 remote 10.0.0.2 dstport 4789 \
0173 nolearning noudpcsum tos inherit ttl 100
0174 ip link set dev vx10 up
0175
0176 ip link set dev vx10 master br1
0177 bridge vlan add vid 10 dev vx10 pvid untagged
0178
0179 ip link add name vx20 type vxlan id 2000 \
0180 local 10.0.0.1 remote 10.0.0.2 dstport 4789 \
0181 nolearning noudpcsum tos inherit ttl 100
0182 ip link set dev vx20 up
0183
0184 ip link set dev vx20 master br1
0185 bridge vlan add vid 20 dev vx20 pvid untagged
0186
0187 ip link set dev $swp1 master br1
0188 ip link set dev $swp1 up
0189 bridge vlan add vid 10 dev $swp1 pvid untagged
0190
0191 ip link set dev $swp2 master br1
0192 ip link set dev $swp2 up
0193 bridge vlan add vid 20 dev $swp2 pvid untagged
0194
0195 ip address add 10.0.0.1/32 dev lo
0196
0197
0198 vrf_create "vrf-green"
0199 ip link set dev vrf-green up
0200
0201 ip link add link br1 name vlan10 up master vrf-green type vlan id 10
0202 ip address add 10.1.1.11/24 dev vlan10
0203 ip link add link vlan10 name vlan10-v up master vrf-green \
0204 address 00:00:5e:00:01:01 type macvlan mode private
0205 ip address add 10.1.1.1/24 dev vlan10-v
0206
0207 ip link add link br1 name vlan20 up master vrf-green type vlan id 20
0208 ip address add 10.1.2.11/24 dev vlan20
0209 ip link add link vlan20 name vlan20-v up master vrf-green \
0210 address 00:00:5e:00:01:01 type macvlan mode private
0211 ip address add 10.1.2.1/24 dev vlan20-v
0212
0213 bridge vlan add vid 10 dev br1 self
0214 bridge vlan add vid 20 dev br1 self
0215
0216 bridge fdb add 00:00:5e:00:01:01 dev br1 self local vlan 10
0217 bridge fdb add 00:00:5e:00:01:01 dev br1 self local vlan 20
0218
0219 sysctl_set net.ipv4.conf.all.rp_filter 0
0220 sysctl_set net.ipv4.conf.vlan10-v.rp_filter 0
0221 sysctl_set net.ipv4.conf.vlan20-v.rp_filter 0
0222 }
0223
0224 switch_destroy()
0225 {
0226 sysctl_restore net.ipv4.conf.all.rp_filter
0227
0228 bridge fdb del 00:00:5e:00:01:01 dev br1 self local vlan 20
0229 bridge fdb del 00:00:5e:00:01:01 dev br1 self local vlan 10
0230
0231 bridge vlan del vid 20 dev br1 self
0232 bridge vlan del vid 10 dev br1 self
0233
0234 ip link del dev vlan20
0235
0236 ip link del dev vlan10
0237
0238 vrf_destroy "vrf-green"
0239
0240 ip address del 10.0.0.1/32 dev lo
0241
0242 bridge vlan del vid 20 dev $swp2
0243 ip link set dev $swp2 down
0244 ip link set dev $swp2 nomaster
0245
0246 bridge vlan del vid 10 dev $swp1
0247 ip link set dev $swp1 down
0248 ip link set dev $swp1 nomaster
0249
0250 bridge vlan del vid 20 dev vx20
0251 ip link set dev vx20 nomaster
0252
0253 ip link set dev vx20 down
0254 ip link del dev vx20
0255
0256 bridge vlan del vid 10 dev vx10
0257 ip link set dev vx10 nomaster
0258
0259 ip link set dev vx10 down
0260 ip link del dev vx10
0261
0262 ip route del 10.0.0.2/32 nexthop via 192.0.2.2
0263 ip address del dev $rp1 192.0.2.1/24
0264 ip link set dev $rp1 down
0265
0266 ip link set dev br1 down
0267 ip link del dev br1
0268 }
0269
0270 spine_create()
0271 {
0272 vrf_create "vrf-spine"
0273 ip link set dev $rp2 master vrf-spine
0274 ip link set dev v1 master vrf-spine
0275 ip link set dev vrf-spine up
0276 ip link set dev $rp2 up
0277 ip link set dev v1 up
0278
0279 ip address add 192.0.2.2/24 dev $rp2
0280 ip address add 192.0.3.2/24 dev v1
0281
0282 ip route add 10.0.0.1/32 vrf vrf-spine nexthop via 192.0.2.1
0283 ip route add 10.0.0.2/32 vrf vrf-spine nexthop via 192.0.3.1
0284 }
0285
0286 spine_destroy()
0287 {
0288 ip route del 10.0.0.2/32 vrf vrf-spine nexthop via 192.0.3.1
0289 ip route del 10.0.0.1/32 vrf vrf-spine nexthop via 192.0.2.1
0290
0291 ip address del 192.0.3.2/24 dev v1
0292 ip address del 192.0.2.2/24 dev $rp2
0293
0294 ip link set dev v1 down
0295 ip link set dev $rp2 down
0296 vrf_destroy "vrf-spine"
0297 }
0298
0299 ns_h1_create()
0300 {
0301 hx_create "vrf-h1" w2 10.1.1.102 10.1.1.1
0302 }
0303 export -f ns_h1_create
0304
0305 ns_h2_create()
0306 {
0307 hx_create "vrf-h2" w4 10.1.2.102 10.1.2.1
0308 }
0309 export -f ns_h2_create
0310
0311 ns_switch_create()
0312 {
0313 ip link add name br1 type bridge vlan_filtering 1 vlan_default_pvid 0 \
0314 mcast_snooping 0
0315 ip link set dev br1 up
0316
0317 ip link set dev v2 up
0318 ip address add dev v2 192.0.3.1/24
0319 ip route add 10.0.0.1/32 nexthop via 192.0.3.2
0320
0321 ip link add name vx10 type vxlan id 1000 \
0322 local 10.0.0.2 remote 10.0.0.1 dstport 4789 \
0323 nolearning noudpcsum tos inherit ttl 100
0324 ip link set dev vx10 up
0325
0326 ip link set dev vx10 master br1
0327 bridge vlan add vid 10 dev vx10 pvid untagged
0328
0329 ip link add name vx20 type vxlan id 2000 \
0330 local 10.0.0.2 remote 10.0.0.1 dstport 4789 \
0331 nolearning noudpcsum tos inherit ttl 100
0332 ip link set dev vx20 up
0333
0334 ip link set dev vx20 master br1
0335 bridge vlan add vid 20 dev vx20 pvid untagged
0336
0337 ip link set dev w1 master br1
0338 ip link set dev w1 up
0339 bridge vlan add vid 10 dev w1 pvid untagged
0340
0341 ip link set dev w3 master br1
0342 ip link set dev w3 up
0343 bridge vlan add vid 20 dev w3 pvid untagged
0344
0345 ip address add 10.0.0.2/32 dev lo
0346
0347
0348 vrf_create "vrf-green"
0349 ip link set dev vrf-green up
0350
0351 ip link add link br1 name vlan10 up master vrf-green type vlan id 10
0352 ip address add 10.1.1.12/24 dev vlan10
0353 ip link add link vlan10 name vlan10-v up master vrf-green \
0354 address 00:00:5e:00:01:01 type macvlan mode private
0355 ip address add 10.1.1.1/24 dev vlan10-v
0356
0357 ip link add link br1 name vlan20 up master vrf-green type vlan id 20
0358 ip address add 10.1.2.12/24 dev vlan20
0359 ip link add link vlan20 name vlan20-v up master vrf-green \
0360 address 00:00:5e:00:01:01 type macvlan mode private
0361 ip address add 10.1.2.1/24 dev vlan20-v
0362
0363 bridge vlan add vid 10 dev br1 self
0364 bridge vlan add vid 20 dev br1 self
0365
0366 bridge fdb add 00:00:5e:00:01:01 dev br1 self local vlan 10
0367 bridge fdb add 00:00:5e:00:01:01 dev br1 self local vlan 20
0368
0369 sysctl_set net.ipv4.conf.all.rp_filter 0
0370 sysctl_set net.ipv4.conf.vlan10-v.rp_filter 0
0371 sysctl_set net.ipv4.conf.vlan20-v.rp_filter 0
0372 }
0373 export -f ns_switch_create
0374
0375 ns_init()
0376 {
0377 ip link add name w1 type veth peer name w2
0378 ip link add name w3 type veth peer name w4
0379
0380 ip link set dev lo up
0381
0382 ns_h1_create
0383 ns_h2_create
0384 ns_switch_create
0385 }
0386 export -f ns_init
0387
0388 ns1_create()
0389 {
0390 ip netns add ns1
0391 ip link set dev v2 netns ns1
0392 in_ns ns1 ns_init
0393 }
0394
0395 ns1_destroy()
0396 {
0397 ip netns exec ns1 ip link set dev v2 netns 1
0398 ip netns del ns1
0399 }
0400
0401 macs_populate()
0402 {
0403 local mac1=$1; shift
0404 local mac2=$1; shift
0405 local ip1=$1; shift
0406 local ip2=$1; shift
0407 local dst=$1; shift
0408
0409 bridge fdb add $mac1 dev vx10 self master extern_learn static \
0410 dst $dst vlan 10
0411 bridge fdb add $mac2 dev vx20 self master extern_learn static \
0412 dst $dst vlan 20
0413
0414 ip neigh add $ip1 lladdr $mac1 nud noarp dev vlan10 \
0415 extern_learn
0416 ip neigh add $ip2 lladdr $mac2 nud noarp dev vlan20 \
0417 extern_learn
0418 }
0419 export -f macs_populate
0420
0421 macs_initialize()
0422 {
0423 local h1_ns_mac=$(in_ns ns1 mac_get w2)
0424 local h2_ns_mac=$(in_ns ns1 mac_get w4)
0425 local h1_mac=$(mac_get $h1)
0426 local h2_mac=$(mac_get $h2)
0427
0428 macs_populate $h1_ns_mac $h2_ns_mac 10.1.1.102 10.1.2.102 10.0.0.2
0429 in_ns ns1 macs_populate $h1_mac $h2_mac 10.1.1.101 10.1.2.101 10.0.0.1
0430 }
0431
0432 setup_prepare()
0433 {
0434 h1=${NETIFS[p1]}
0435 swp1=${NETIFS[p2]}
0436
0437 swp2=${NETIFS[p3]}
0438 h2=${NETIFS[p4]}
0439
0440 rp1=${NETIFS[p5]}
0441 rp2=${NETIFS[p6]}
0442
0443 vrf_prepare
0444 forwarding_enable
0445
0446 h1_create
0447 h2_create
0448 switch_create
0449
0450 ip link add name v1 type veth peer name v2
0451 spine_create
0452 ns1_create
0453
0454 macs_initialize
0455 }
0456
0457 cleanup()
0458 {
0459 pre_cleanup
0460
0461 ns1_destroy
0462 spine_destroy
0463 ip link del dev v1
0464
0465 switch_destroy
0466 h2_destroy
0467 h1_destroy
0468
0469 forwarding_restore
0470 vrf_cleanup
0471 }
0472
0473 ping_ipv4()
0474 {
0475 ping_test $h1 10.1.2.101 ": local->local vid 10->vid 20"
0476 ping_test $h1 10.1.1.102 ": local->remote vid 10->vid 10"
0477 ping_test $h2 10.1.2.102 ": local->remote vid 20->vid 20"
0478 ping_test $h1 10.1.2.102 ": local->remote vid 10->vid 20"
0479 ping_test $h2 10.1.1.102 ": local->remote vid 20->vid 10"
0480 }
0481
0482 arp_decap()
0483 {
0484
0485
0486 log_info "deleting neighbours from vlan interfaces"
0487
0488 ip neigh del 10.1.1.102 dev vlan10
0489 ip neigh del 10.1.2.102 dev vlan20
0490
0491 ping_ipv4
0492
0493 ip neigh replace 10.1.1.102 lladdr $(in_ns ns1 mac_get w2) nud noarp \
0494 dev vlan10 extern_learn
0495 ip neigh replace 10.1.2.102 lladdr $(in_ns ns1 mac_get w4) nud noarp \
0496 dev vlan20 extern_learn
0497 }
0498
0499 arp_suppression_compare()
0500 {
0501 local expect=$1; shift
0502 local actual=$(in_ns ns1 tc_rule_stats_get vx10 1 ingress)
0503
0504 (( expect == actual ))
0505 check_err $? "expected $expect arps got $actual"
0506 }
0507
0508 arp_suppression()
0509 {
0510 ip link set dev vx10 type bridge_slave neigh_suppress on
0511
0512 in_ns ns1 tc qdisc add dev vx10 clsact
0513 in_ns ns1 tc filter add dev vx10 ingress proto arp pref 1 handle 101 \
0514 flower dst_mac ff:ff:ff:ff:ff:ff arp_tip 10.1.1.102 arp_op \
0515 request action pass
0516
0517
0518
0519 RET=0
0520
0521 $ARPING -I $h1 -fqb -c 1 -w 1 10.1.1.102
0522 check_err $? "arping failed"
0523
0524 arp_suppression_compare 0
0525
0526 log_test "neigh_suppress: on / neigh exists: yes"
0527
0528
0529
0530 RET=0
0531
0532 ip neigh del 10.1.1.102 dev vlan10
0533
0534 $ARPING -I $h1 -fqb -c 1 -w 1 10.1.1.102
0535 check_err $? "arping failed"
0536
0537 arp_suppression_compare 1
0538
0539 log_test "neigh_suppress: on / neigh exists: no"
0540
0541
0542
0543 RET=0
0544
0545 ip neigh del 10.1.1.102 dev vlan10 &> /dev/null
0546 ip link set dev vx10 type bridge_slave neigh_suppress off
0547
0548 $ARPING -I $h1 -fqb -c 1 -w 1 10.1.1.102
0549 check_err $? "arping failed"
0550
0551 arp_suppression_compare 2
0552
0553 log_test "neigh_suppress: off / neigh exists: no"
0554
0555 RET=0
0556
0557 ip neigh add 10.1.1.102 lladdr $(in_ns ns1 mac_get w2) nud noarp \
0558 dev vlan10 extern_learn
0559
0560 $ARPING -I $h1 -fqb -c 1 -w 1 10.1.1.102
0561 check_err $? "arping failed"
0562
0563 arp_suppression_compare 3
0564
0565 log_test "neigh_suppress: off / neigh exists: yes"
0566
0567 in_ns ns1 tc qdisc del dev vx10 clsact
0568 }
0569
0570 trap cleanup EXIT
0571
0572 setup_prepare
0573 setup_wait
0574
0575 tests_run
0576
0577 exit $EXIT_STATUS
