This test file keeps tests related to TTL setting of IP-in-IP tunnels. Currently it tests whether a TTL of "inherit" on a GRE tunnel actually copies TTL of a tunnel packet from overlay, and whether changing the TTL of a tunnel then correctly adjusts the offload.
Signed-off-by: Petr Machata petrm@mellanox.com --- recipes/switchdev/ipip-011-gre-hier-change-ttl.py | 124 +++++++++++++++++++++ recipes/switchdev/ipip-011-gre-hier-change-ttl.xml | 79 +++++++++++++ 2 files changed, 203 insertions(+) create mode 100644 recipes/switchdev/ipip-011-gre-hier-change-ttl.py create mode 100644 recipes/switchdev/ipip-011-gre-hier-change-ttl.xml
diff --git a/recipes/switchdev/ipip-011-gre-hier-change-ttl.py b/recipes/switchdev/ipip-011-gre-hier-change-ttl.py new file mode 100644 index 0000000..e114c98 --- /dev/null +++ b/recipes/switchdev/ipip-011-gre-hier-change-ttl.py @@ -0,0 +1,124 @@ +""" +Copyright 2017 Mellanox Technologies. All rights reserved. +Licensed under the GNU General Public License, version 2 as +published by the Free Software Foundation; see COPYING for details. +""" + +__author__ = """ +petrm@mellanox.com (Petr Machata) +""" + +from lnst.Controller.Task import ctl +from TestLib import TestLib, vrf, dummy, gre +from ipip_common import ping_test, encap_route, \ + add_forward_route, connect_host_ifaces, \ + test_ip, ipv4, ipv6 +from time import sleep +import logging + +def do_task(ctl, hosts, ifaces, aliases): + m1, m2, sw = hosts + m1_if1, m2_if1, m2_mg, m2_v3, sw_if1, sw_if2 = ifaces + + m2.config("/proc/sys/net/ipv4/ip_forward", "1", netns="ns1") + m2.config("/proc/sys/net/ipv4/ip_forward", "1", netns="ns2") + + m1_if1.add_nhs_route(ipv4(test_ip(2, 0)), [ipv4(test_ip(1, 1, []))]) + m1_if1.add_nhs_route(ipv6(test_ip(2, 0)), [ipv6(test_ip(1, 1, []))]) + m2_if1.add_nhs_route("1.2.3.4/32", [ipv4(test_ip(99, 1, []))]) + m2_if1.add_nhs_route("1.2.3.5/32", [ipv4(test_ip(88, 2, []))]) + m2_v3.add_nhs_route("1.2.3.4/32", [ipv4(test_ip(88, 1, []))]) + m2_v3.add_nhs_route("1.2.3.5/32", [ipv4(test_ip(77, 2, []))]) + m2_mg.add_nhs_route("1.2.3.4/32", [ipv4(test_ip(77, 1, []))]) + + vrf_None = None + tl = TestLib(ctl, aliases) + sw_if1.reset(ip=test_ip(1, 1)) + sw_if2.reset(ip=test_ip(99,1)) + + logging.info("=== TTL tests") + with vrf(sw) as vrf_u, \ + vrf(sw) as vrf_o, \ + dummy(sw, vrf_u, ip=["1.2.3.4/32"]) as d, \ + encap_route(m2, vrf_None, 1, "mg", ip=ipv4), \ + encap_route(m2, vrf_None, 1, "mg", ip=ipv6): + connect_host_ifaces(sw, sw_if1, vrf_o, sw_if2, vrf_u) + sw_if1.reset() + sw_if2.reset() + add_forward_route(sw, vrf_u, "1.2.3.5", via=ipv4(test_ip(99, 2, []))) + + # - Test that tunnel configured with TTL inherit actually copies the TTL + # from the overlay packet. The topology is as follows: + # + # +-- M1 ----------------+ +-- M2 ----------------+ + # | 1.33/24 +--|----. | | + # | | | | 2.33/32 md + | + # +----------------------+ | | 1.2.3.5/31 mg + | + # +-- SW -------------------------+ | + 77.2 | + # | | | | | | + # | +-- ol vrf -----------------+ | | +-- ns2 -----------+ | + # | | 1.2.3.4/31 g + | | | | | | 88.2 + | | + # | | | 1.1/24 + | | | | + 77.1 | | | + # | +---------------------------+ | | +------------------+ | + # | | | | | | + # | +-- ul vrf -----------------+ | | +-- ns1 -----------+ | + # | | | +--|-|----|-|--+ | | | + # | | 1.2.3.4/32 d + 99.1/24 | | | | 99.2/24 88.1 + | | + # | +---------------------------+ | | +------------------+ | + # +-------------------------------+ +----------------------+ + # + # The point of the test is that there are several next hops between + # 1.2.3.4 and 1.2.3.5. If the tunnel is set to "ttl inherit", ping + # with TTL of 2 (ping -t 2) never reaches the other endpoint, but ping + # with TTL of 3 does. + with dummy(sw, vrf_u) as d, \ + gre(sw, d, vrf_o, + tos="inherit", + local_ip="1.2.3.4", + remote_ip="1.2.3.5") as g, \ + encap_route(sw, vrf_o, 2, g, ip=ipv4), \ + encap_route(sw, vrf_o, 2, g, ip=ipv6): + + logging.info("--- TTL inherit") + + sleep(15) + ping_test(tl, m1, sw, ipv4(test_ip(2, 33, [])), m1_if1, g, + count=25, ttl=2, fail_expected=True) + + sleep(5) + ping_test(tl, m1, sw, ipv4(test_ip(2, 33, [])), m1_if1, g, ttl=4) + + # - On the same topology, after offloading a tunnel with "ttl + # inherit", set the tunnel to e.g. "ttl 64". Now the other + # endpoint should become reachable again even with ping -t 2. Thus + # we know that the tunnel was moved to slow path correcly (or the + # TTL was reflected in the hardware, we don't care). + # + # - A similar test could be done for TOS: + # - On m2, install tc to drop packets with TOS of 0x20. + # - Configure offloaded tunnel with TOS inherit. ping -Q 0x40, + # that should work. + # - ping -Q 0x20, that shouldn't work. + # - Change TOS on tunnel to 0x40, ping -Q 0x20, which should now + # work. + # + # However, tc doesn't match on ip_tos until kernel 4.14, which is too + # recent as of this writing. + + logging.info("--- ip t change ttl") + sw.run("ip t change name %s ttl 64" % g.get_devname()) + + sleep(5) + ping_test(tl, m1, sw, ipv4(test_ip(2, 33, [])), m1_if1, g, + ttl=2, require_fastpath=False) + +do_task(ctl, [ctl.get_host("machine1"), + ctl.get_host("machine2"), + ctl.get_host("switch")], + [ctl.get_host("machine1").get_interface("if1"), + ctl.get_host("machine2").get_interface("if1"), + ctl.get_host("machine2").get_interface("mg"), + ctl.get_host("machine2").get_interface("v3"), + ctl.get_host("switch").get_interface("if1"), + ctl.get_host("switch").get_interface("if2")], + ctl.get_aliases()) diff --git a/recipes/switchdev/ipip-011-gre-hier-change-ttl.xml b/recipes/switchdev/ipip-011-gre-hier-change-ttl.xml new file mode 100644 index 0000000..3d7f653 --- /dev/null +++ b/recipes/switchdev/ipip-011-gre-hier-change-ttl.xml @@ -0,0 +1,79 @@ +<lnstrecipe xmlns:xi="http://www.w3.org/2003/XInclude"> + <xi:include href="default_aliases.xml" /> + <define> + <alias name="onet1" value="192.168.1"/> + <alias name="onet2" value="192.168.2"/> + <alias name="o6net1" value="2002:1"/> + <alias name="o6net2" value="2002:2"/> + <alias name="unet1" value="192.168.99"/> + <alias name="unet2" value="192.168.88"/> + <alias name="unet3" value="192.168.77"/> + </define> + <network> + <host id="machine1"> + <params/> + <interfaces> + <eth id="if1" label="A"> + <addresses> + <address value="{$onet1}.33/24" /> + <address value="{$o6net1}::33/64" /> + </addresses> + </eth> + </interfaces> + </host> + <host id="machine2"> + <params/> + <interfaces> + <dummy id="md"> + <addresses> + <address value="1.2.3.5/32" /> + <address value="{$onet2}.33/32" /> + <address value="{$o6net2}::33/128" /> + </addresses> + </dummy> + <gre id="mg"> + <options> + <option name="local_ip" value="1.2.3.5"/> + <option name="remote_ip" value="1.2.3.4"/> + </options> + </gre> + <veth_pair> + <veth id="v4"> + <addresses> + <address value="{$unet3}.2/24" /> + </addresses> + </veth> + <veth id="v3" netns="ns2"> + <addresses> + <address value="{$unet3}.1/24" /> + </addresses> + </veth> + </veth_pair> + <veth_pair> + <veth id="v2" netns="ns2"> + <addresses> + <address value="{$unet2}.2/24" /> + </addresses> + </veth> + <veth id="v1" netns="ns1"> + <addresses> + <address value="{$unet2}.1/24" /> + </addresses> + </veth> + </veth_pair> + <eth id="if1" label="B" netns="ns1"> + <addresses> + <address value="{$unet1}.2/24" /> + </addresses> + </eth> + </interfaces> + </host> + <host id="switch"> + <interfaces> + <eth id="if1" label="A" /> + <eth id="if2" label="B" /> + </interfaces> + </host> + </network> + <task python="ipip-011-gre-hier-change-ttl.py" /> +</lnstrecipe>
lnst-developers@lists.fedorahosted.org