From 1d726e3e6df3747ae9c7466e38461ff83c7849f6 Mon Sep 17 00:00:00 2001 From: Stepan Blyshchak <38952541+stepanblyschak@users.noreply.github.com> Date: Tue, 29 Oct 2019 11:36:23 +0200 Subject: [PATCH] [everflow_testbed] extend test to cover egress mirroring (#1094) * [everflow_testbed] extend test to cover ingress/egress mirroring on ingress/egress ACL table based on DUT capabilities Signed-off-by: Stepan Blyschak * fix ptf port id passing Signed-off-by: Stepan Blyschak * fix test case #4 Signed-off-by: Stepan Blyschak * fix testcase 3,4 description Signed-off-by: Stepan Blyschak * fix everflow policer test for egress mirroring test Signed-off-by: Stepan Blyschak * address review comments Signed-off-by: Stepan Blyschak --- ansible/library/switch_capabilities_facts.py | 53 +++++++++++ .../files/acstests/everflow_policer_test.py | 23 ++++- .../test/files/acstests/everflow_tb_test.py | 16 +++- ansible/roles/test/tasks/everflow_testbed.yml | 38 +++++--- .../tasks/everflow_testbed/apply_config.yml | 51 +++++++++- ...stent.json => acl_rule_persistent.json.j2} | 2 +- .../tasks/everflow_testbed/everflow_main.yml | 37 ++++++++ .../tasks/everflow_testbed/everflow_ptf.yml | 27 ++++++ .../get_capabilities_info.yml | 49 ++++++++++ .../get_general_port_info.yml | 39 ++++++++ .../tasks/everflow_testbed/get_port_info.yml | 29 +----- .../test/tasks/everflow_testbed/run_test.yml | 23 ++--- .../tasks/everflow_testbed/testcase_1.yml | 71 ++++++++++---- .../tasks/everflow_testbed/testcase_2.yml | 54 ++++------- .../tasks/everflow_testbed/testcase_3.yml | 68 +++++++------- .../tasks/everflow_testbed/testcase_4.yml | 61 +++++++----- .../tasks/everflow_testbed/testcase_5.yml | 94 ++++++++++++++++--- .../tasks/everflow_testbed/testcase_6.yml | 65 ------------- .../tasks/everflow_testbed/testcase_7.yml | 65 ------------- .../tasks/everflow_testbed/testcase_8.yml | 80 ---------------- 20 files changed, 548 insertions(+), 397 deletions(-) create mode 100644 ansible/library/switch_capabilities_facts.py rename ansible/roles/test/tasks/everflow_testbed/apply_config/{acl_rule_persistent.json => acl_rule_persistent.json.j2} (99%) create mode 100644 ansible/roles/test/tasks/everflow_testbed/everflow_main.yml create mode 100644 ansible/roles/test/tasks/everflow_testbed/everflow_ptf.yml create mode 100644 ansible/roles/test/tasks/everflow_testbed/get_capabilities_info.yml create mode 100644 ansible/roles/test/tasks/everflow_testbed/get_general_port_info.yml delete mode 100644 ansible/roles/test/tasks/everflow_testbed/testcase_6.yml delete mode 100644 ansible/roles/test/tasks/everflow_testbed/testcase_7.yml delete mode 100644 ansible/roles/test/tasks/everflow_testbed/testcase_8.yml diff --git a/ansible/library/switch_capabilities_facts.py b/ansible/library/switch_capabilities_facts.py new file mode 100644 index 0000000000..6055ae2034 --- /dev/null +++ b/ansible/library/switch_capabilities_facts.py @@ -0,0 +1,53 @@ +#!/usr/bin/python + +import swsssdk + +DOCUMENTATION = ''' +module: switch_capability_facts +version_added: "1.0" +author: Stepan Blyschak (stepanb@mellanox.com) +short_description: Retrieve switch capability information +''' + +EXAMPLES = ''' +- name: Get switch capability facts + switch_capability_facts: +''' + + +class SwitchCapabilityModule(object): + def __init__(self): + self.module = AnsibleModule( + argument_spec=dict( + ), + supports_check_mode=True) + + self.out = None + self.facts = {} + + return + + def run(self): + """ + Main method of the class + """ + self.facts['switch_capabilities'] = {} + + conn = swsssdk.SonicV2Connector(host='127.0.0.1') + conn.connect(conn.STATE_DB) + keys = conn.keys(conn.STATE_DB, 'SWITCH_CAPABILITY|*') + + for key in keys: + capab = conn.get_all(conn.STATE_DB, key) + self.facts['switch_capabilities'][key.split('|')[-1]] = capab + + self.module.exit_json(ansible_facts=self.facts) + + +def main(): + SwitchCapabilityModule().run() + + +from ansible.module_utils.basic import * +if __name__ == "__main__": + main() diff --git a/ansible/roles/test/files/acstests/everflow_policer_test.py b/ansible/roles/test/files/acstests/everflow_policer_test.py index d89c340cc5..a834dd2e9f 100644 --- a/ansible/roles/test/files/acstests/everflow_policer_test.py +++ b/ansible/roles/test/files/acstests/everflow_policer_test.py @@ -53,6 +53,7 @@ def setUp(self): self.hwsku = self.test_params['hwsku'] self.asic_type = self.test_params['asic_type'] self.router_mac = self.test_params['router_mac'] + self.mirror_stage = self.test_params['mirror_stage'] self.session_src_ip = "1.1.1.1" self.session_dst_ip = "2.2.2.2" self.session_ttl = 1 @@ -106,7 +107,15 @@ def checkMirroredFlow(self): Mellanox crafts the GRE packets with extra information: That is: 22 bytes extra information after the GRE header """ - payload = self.base_pkt + payload = self.base_pkt.copy() + payload_mask = Mask(payload) + + if self.mirror_stage == "egress": + payload['Ethernet'].src = self.router_mac + payload['IP'].ttl -= 1 + payload_mask.set_do_not_care_scapy(scapy.Ether, "dst") + payload_mask.set_do_not_care_scapy(scapy.IP, "chksum") + if self.asic_type in ["mellanox"]: import binascii payload = binascii.unhexlify("0"*44) + str(payload) # Add the padding @@ -130,9 +139,15 @@ def checkMirroredFlow(self): masked_exp_pkt.set_do_not_care_scapy(scapy.Ether, "dst") masked_exp_pkt.set_do_not_care_scapy(scapy.IP, "flags") masked_exp_pkt.set_do_not_care_scapy(scapy.IP, "chksum") + masked_exp_pkt.set_do_not_care(38*8, len(payload)*8) # don't match payload, payload will be matched by match_payload(pkt) - if self.asic_type in ["mellanox"]: - masked_exp_pkt.set_do_not_care(304, 176) # Mask the Mellanox specific inner header + def match_payload(pkt): + pkt = scapy.Ether(pkt).load + if self.asic_type in ["mellanox"]: + pkt = pkt[22:] # Mask the Mellanox specific inner header + pkt = scapy.Ether(pkt) + + return dataplane.match_exp_pkt(payload_mask, pkt) self.dataplane.flush() @@ -140,7 +155,7 @@ def checkMirroredFlow(self): for i in range(0,self.NUM_OF_TOTAL_PACKETS): testutils.send_packet(self, self.src_port, self.base_pkt) (rcv_device, rcv_port, rcv_pkt, pkt_time) = testutils.dp_poll(self, timeout=0.1, exp_pkt=masked_exp_pkt) - if rcv_pkt is not None: + if rcv_pkt is not None and match_payload(rcv_pkt): count += 1 elif count == 0: print "The first mirrored packet is not recieved" diff --git a/ansible/roles/test/files/acstests/everflow_tb_test.py b/ansible/roles/test/files/acstests/everflow_tb_test.py index abcc2c8d57..c717b32db5 100644 --- a/ansible/roles/test/files/acstests/everflow_tb_test.py +++ b/ansible/roles/test/files/acstests/everflow_tb_test.py @@ -76,6 +76,9 @@ def setUp(self): self.src_port = int(float(self.test_params['src_port'])) self.dst_ports = [int(float(p)) for p in self.test_params['dst_ports'].split(",") if p] self.expected_dst_mac = self.test_params.get('expected_dst_mac', None) + self.expect_received = self.test_params.get('expect_received', True) + self.acl_stage = self.test_params.get('acl_stage', 'ingress') + self.mirror_stage = self.test_params.get('mirror_stage', 'ingress') testutils.add_filter(self.gre_type_filter) @@ -106,7 +109,7 @@ def receivePacketOnPorts(self, ports=[], device_number=0): return (match_index, rcv_pkt, received) - def runSendReceiveTest(self, pkt2send, src_port, destination_ports): + def sendReceive(self, pkt2send, src_port, destination_ports): """ @summary Send packet and verify it is received/not received on the expected ports """ @@ -149,7 +152,12 @@ def runSendReceiveTest(self, pkt2send, src_port, destination_ports): inner_pkt = scapy.Ether(payload) + if self.mirror_stage == 'egress': + pkt2send['IP'].ttl -= 1 # expect mirrored packet on egress has TTL decremented + masked_inner_pkt = Mask(inner_pkt) + masked_inner_pkt.set_do_not_care_scapy(scapy.Ether, "dst") + masked_inner_pkt.set_do_not_care_scapy(scapy.Ether, "src") if scapy.IP in inner_pkt: masked_inner_pkt.set_do_not_care_scapy(scapy.IP, "chksum") @@ -158,6 +166,12 @@ def runSendReceiveTest(self, pkt2send, src_port, destination_ports): return dataplane.match_exp_pkt(masked_inner_pkt, pkt2send) + def runSendReceiveTest(self, pkt, src_port, dst_ports): + if self.expect_received: + return self.sendReceive(pkt, src_port, dst_ports) + else: + return not self.sendReceive(pkt, src_port, dst_ports) + @reportResults("Verify SRC IP match") def verifySrcIp(self): diff --git a/ansible/roles/test/tasks/everflow_testbed.yml b/ansible/roles/test/tasks/everflow_testbed.yml index d8299d0ef9..6f4378793d 100644 --- a/ansible/roles/test/tasks/everflow_testbed.yml +++ b/ansible/roles/test/tasks/everflow_testbed.yml @@ -1,19 +1,29 @@ -- name: Apply Everflow configuration. - include: "roles/test/tasks/everflow_testbed/apply_config.yml" - tags: everflow_tb_configure +- name: Get switch capabilities + include: "roles/test/tasks/everflow_testbed/get_capabilities_info.yml" -- name: Run Everflow tests. - include: "roles/test/tasks/everflow_testbed/run_test.yml" +- name: Get general port information + include: "roles/test/tasks/everflow_testbed/get_general_port_info.yml" + +- include: "roles/test/tasks/everflow_testbed/everflow_main.yml" + vars: + mirror_stage: "ingress" + acl_stage: "ingress" + when: test_ingress_mirror_on_ingress_acl == true + +- include: "roles/test/tasks/everflow_testbed/everflow_main.yml" vars: - dst_port_type: "tor" - tags: everflow_tb_test + mirror_stage: "egress" + acl_stage: "ingress" + when: test_egress_mirror_on_ingress_acl == true -- name: Run Everflow tests. - include: "roles/test/tasks/everflow_testbed/run_test.yml" +- include: "roles/test/tasks/everflow_testbed/everflow_main.yml" vars: - dst_port_type: "spine" - tags: everflow_tb_test + mirror_stage: "ingress" + acl_stage: "egress" + when: test_ingress_mirror_on_egress_acl == true -- name: Clear Everflow configuration. - include: "roles/test/tasks/everflow_testbed/del_config.yml" - tags: everflow_tb_cleanup +- include: "roles/test/tasks/everflow_testbed/everflow_main.yml" + vars: + mirror_stage: "egress" + acl_stage: "egress" + when: test_egress_mirror_on_egress_acl == true diff --git a/ansible/roles/test/tasks/everflow_testbed/apply_config.yml b/ansible/roles/test/tasks/everflow_testbed/apply_config.yml index c75e1b0337..3bde7e913e 100644 --- a/ansible/roles/test/tasks/everflow_testbed/apply_config.yml +++ b/ansible/roles/test/tasks/everflow_testbed/apply_config.yml @@ -5,14 +5,59 @@ tests_location: roles/test/tasks/everflow_testbed testname: apply_config +- name: Create running directory + command: "mkdir -p {{ run_dir }}" + - name: Get session info. include: roles/test/tasks/everflow_testbed/get_session_info.yml -- name: Copy ACL rules configuration file. - copy: src={{ tests_location }}/{{ testname}}/acl_rule_persistent.json dest={{ run_dir }}/ +- name: Set Everflow table name + set_fact: + acl_table_name: "EVERFLOW" + +- block: + - name: Init variables + set_fact: + acl_table_name: "EVERFLOW_EGRESS" + acl_table_ports: "{{ everflow_table_ports }}" + acl_table_stage: "{{ acl_stage }}" + acl_table_type: "MIRROR" + + - name: Remove default SONiC Everflow table (since SONiC allows only one mirror table) + command: "config acl remove table EVERFLOW" + become: yes + + - name: Set a flag that need recover config from config_db.json + set_fact: + recover_from_cfgdb_file: True + + - name: Generate config for egress Everflow table + template: + src: "roles/test/templates/acltb_table.j2" + dest: "{{ run_dir }}/everflow_egress_table.json" + + - name: Create egress Everflow table + command: "sonic-cfggen -j {{ run_dir }}/everflow_egress_table.json --write-to-db" + become: yes + when: acl_stage == "egress" + +- name: Copy ACL rules configuration file + template: + src={{ tests_location }}/{{ testname}}/acl_rule_persistent.json.j2 + dest={{ run_dir }}/acl_rule_persistent.json - command: "config mirror_session add {{session_name}} {{session_src_ip}} {{session_dst_ip}} {{session_dscp}} {{session_ttl}} {{session_gre}} {{session_queue}}" become: yes -- command: "acl-loader update full {{ run_dir }}/acl_rule_persistent.json --session_name={{ session_name }}" +- name: Set acl-loader command + set_fact: + load_rule_cmd: "acl-loader update full {{ run_dir }}/acl_rule_persistent.json --session_name={{ session_name }}" + +- name: Append stage parameter if needed + set_fact: + load_rule_cmd: "{{ load_rule_cmd }} --mirror_stage={{ mirror_stage }}" + when: mirror_stage == "egress" + +- name: Load ACL mirror rules + command: "{{ load_rule_cmd }}" become: yes diff --git a/ansible/roles/test/tasks/everflow_testbed/apply_config/acl_rule_persistent.json b/ansible/roles/test/tasks/everflow_testbed/apply_config/acl_rule_persistent.json.j2 similarity index 99% rename from ansible/roles/test/tasks/everflow_testbed/apply_config/acl_rule_persistent.json rename to ansible/roles/test/tasks/everflow_testbed/apply_config/acl_rule_persistent.json.j2 index 2f43770913..04c347086e 100644 --- a/ansible/roles/test/tasks/everflow_testbed/apply_config/acl_rule_persistent.json +++ b/ansible/roles/test/tasks/everflow_testbed/apply_config/acl_rule_persistent.json.j2 @@ -2,7 +2,7 @@ "acl": { "acl-sets": { "acl-set": { - "everflow": { + "{{ acl_table_name }}": { "acl-entries": { "acl-entry": { "1": { diff --git a/ansible/roles/test/tasks/everflow_testbed/everflow_main.yml b/ansible/roles/test/tasks/everflow_testbed/everflow_main.yml new file mode 100644 index 0000000000..0289b4e437 --- /dev/null +++ b/ansible/roles/test/tasks/everflow_testbed/everflow_main.yml @@ -0,0 +1,37 @@ +- fail: + msg: "Mirror stage is not defined or invalid" + when: mirror_stage is not defined or mirror_stage not in ['ingress', 'egress'] + +- fail: + msg: "ACL stage is not defined or invalid" + when: acl_stage is not defined or acl_stage not in ['ingress', 'egress'] + +- name: Set flag that recover from config_db.json is needed (default - false) + set_fact: + recover_from_cfgdb_file: False + +- name: Apply Everflow configuration. + include: "roles/test/tasks/everflow_testbed/apply_config.yml" + tags: everflow_tb_configure + +- name: Run Everflow tests [tor]. + include: "roles/test/tasks/everflow_testbed/run_test.yml" + vars: + dst_port_type: "tor" + tags: everflow_tb_test + +- name: Run Everflow tests [spine]. + include: "roles/test/tasks/everflow_testbed/run_test.yml" + vars: + dst_port_type: "spine" + tags: everflow_tb_test + +- name: Clear Everflow configuration. + include: "roles/test/tasks/everflow_testbed/del_config.yml" + tags: everflow_tb_cleanup + +- name: Reload config + include: "roles/test/tasks/common_tasks/reload_config.yml" + vars: + config_source: "config_db" + when: recover_from_cfgdb_file diff --git a/ansible/roles/test/tasks/everflow_testbed/everflow_ptf.yml b/ansible/roles/test/tasks/everflow_testbed/everflow_ptf.yml new file mode 100644 index 0000000000..8870b8e210 --- /dev/null +++ b/ansible/roles/test/tasks/everflow_testbed/everflow_ptf.yml @@ -0,0 +1,27 @@ +- set_fact: + expect_received: True + when: expect_received is not defined + +- name: Send traffic and verify that packets with correct Everflow header are {{ expect_received | ternary('', 'not') }} received on destination port {{ dst_port }} + include: roles/test/tasks/ptf_runner.yml + vars: + ptf_test_name: Everflow Test + ptf_test_dir: acstests + ptf_test_path: everflow_tb_test.EverflowTest + ptf_platform_dir: ptftests + ptf_platform: remote + ptf_test_params: + - asic_type='{{ sonic_asic_type }}' + - hwsku='{{ sonic_hwsku }}' + - router_mac='{{ ansible_Ethernet0['macaddress'] }}' + - src_port='{{ src_port_ptf_id }}' + - dst_ports='{{ dst_port_ptf_id }}' + - session_src_ip='{{ session_src_ip }}' + - session_dst_ip='{{ session_dst_ip }}' + - session_ttl='{{ session_ttl }}' + - session_dscp='{{ session_dscp }}' + - acl_stage='{{ acl_stage }}' + - mirror_stage='{{ mirror_stage }}' + - expect_received={{ expect_received }} + - verbose=True + ptf_extra_options: "--log-file /tmp/everflow_tb_test.EverflowTest.{{lookup('pipe','date +%Y-%m-%d-%H:%M:%S')}}.log" diff --git a/ansible/roles/test/tasks/everflow_testbed/get_capabilities_info.yml b/ansible/roles/test/tasks/everflow_testbed/get_capabilities_info.yml new file mode 100644 index 0000000000..86fd82ca8c --- /dev/null +++ b/ansible/roles/test/tasks/everflow_testbed/get_capabilities_info.yml @@ -0,0 +1,49 @@ +- name: get switch capabilities + switch_capabilities_facts: + +- name: initialize variables + set_fact: + test_mirror_v4: False + test_mirror_v6: False + test_ingress_mirror_on_ingress_acl: False + test_ingress_mirror_on_egress_acl: False + test_egress_mirror_on_egress_acl: False + test_egress_mirror_on_ingress_acl: False + +- name: set flag if mirroring is supported + set_fact: + test_mirror_v4: True + when: switch_capabilities['switch']['MIRROR'] | lower == 'true' + +- name: set flag if V6 mirroring is supported + set_fact: + test_mirror_v6: True + when: switch_capabilities['switch']['MIRRORV6'] | lower == 'true' + +- name: set flag if ingress mirroring on ingress ACL is supported + set_fact: + test_ingress_mirror_on_ingress_acl: True + when: "{{ 'MIRROR_INGRESS_ACTION' in switch_capabilities['switch']['ACL_ACTIONS|INGRESS'] }}" + +- name: set flag if egress mirroring on ingress ACL is supported + set_fact: + test_egress_mirror_on_ingress_acl: True + when: "{{ 'MIRROR_EGRESS_ACTION' in switch_capabilities['switch']['ACL_ACTIONS|INGRESS'] }}" + +- name: set flag if ingress mirroring on egress ACL is supported + set_fact: + test_ingress_mirror_on_egress_acl: True + when: "{{ 'MIRROR_INGRESS_ACTION' in switch_capabilities['switch']['ACL_ACTIONS|EGRESS'] }}" + +- name: set flag if egress mirroring on egress ACL is supported + set_fact: + test_egress_mirror_on_egress_acl: True + when: "{{ 'MIRROR_EGRESS_ACTION' in switch_capabilities['switch']['ACL_ACTIONS|EGRESS'] }}" + +- debug: var=test_mirror_v4 +- debug: var=test_mirror_v6 +- debug: var=test_ingress_mirror_on_ingress_acl +- debug: var=test_ingress_mirror_on_egress_acl +- debug: var=test_egress_mirror_on_ingress_acl +- debug: var=test_egress_mirror_on_egress_acl + diff --git a/ansible/roles/test/tasks/everflow_testbed/get_general_port_info.yml b/ansible/roles/test/tasks/everflow_testbed/get_general_port_info.yml new file mode 100644 index 0000000000..bc3e6e8c44 --- /dev/null +++ b/ansible/roles/test/tasks/everflow_testbed/get_general_port_info.yml @@ -0,0 +1,39 @@ +- name: Init variables. + set_fact: + tor_ports: [] + spine_ports: [] + spine_ptf_ports: [] + +- name: Get tor ports + set_fact: + tor_ports: "{{ tor_ports + [item.key] }}" + with_dict: "{{ minigraph_neighbors }}" + when: "'T0' in item.value.name" + +- name: Print tor ports + debug: msg={{ tor_ports }} + +- name: Get spine ports + set_fact: + spine_ports: "{{ spine_ports + [item.key] }}" + with_dict: "{{ minigraph_neighbors }}" + when: "'T2' in item.value.name" + +- name: Print spine ports + debug: msg={{ spine_ports }} + +- name: Define spine PTF ports + set_fact: + spine_ptf_ports: "{{ spine_ptf_ports + [minigraph_port_indices[item] | string] }}" + with_items: "{{ spine_ports }}" + +- name: Get the list of portchannel ports + set_fact: + portchannel_ports: "{% for portchannel in minigraph_portchannels.items() %}{{ portchannel[0] }},{% endfor %}" +- set_fact: + portchannel_ports: "{{ portchannel_ports.split(',')[:-1]}}" + +- name: Get the list of ports to be combined to Everflow ACL tables + set_fact: + everflow_table_ports: "{{ (testbed_type in ['t1-lag', 't1-64-lag']) | ternary(portchannel_ports + tor_ports, spine_ports + tor_ports) }}" + diff --git a/ansible/roles/test/tasks/everflow_testbed/get_port_info.yml b/ansible/roles/test/tasks/everflow_testbed/get_port_info.yml index 01851ded32..5115fe4f16 100644 --- a/ansible/roles/test/tasks/everflow_testbed/get_port_info.yml +++ b/ansible/roles/test/tasks/everflow_testbed/get_port_info.yml @@ -1,11 +1,11 @@ - fail: msg="Destination port type is not defined" when: dst_port_type not in ['tor', 'spine'] +- fail: msg="TOR/SPINE ports are not defined" + when: tor_ports is not defined or spine_ports is not defined + - name: Init variables. set_fact: - tor_ports: [] - spine_ports: [] - spine_ptf_ports: [] dst_port_1_is_lag_member: "" dst_port_1_ptf_id: "" dst_port_2: "" @@ -15,29 +15,6 @@ dst_port_3_is_lag_member: "" dst_port_3_ptf_id: "" -- name: Get tor ports - set_fact: - tor_ports: "{{ tor_ports + [item.key] }}" - with_dict: "{{ minigraph_neighbors }}" - when: "'T0' in item.value.name" - -- name: Print tor ports - debug: msg={{ tor_ports }} - -- name: Get spine ports - set_fact: - spine_ports: "{{ spine_ports + [item.key] }}" - with_dict: "{{ minigraph_neighbors }}" - when: "'T2' in item.value.name" - -- name: Print spine ports - debug: msg={{ spine_ports }} - -- name: Define spine PTF ports - set_fact: - spine_ptf_ports: "{{ spine_ptf_ports + [minigraph_port_indices[item] | string] }}" - with_items: "{{ spine_ports }}" - - name: Define SRC port variables. set_fact: src_port: "{{ spine_ports[0] }}" diff --git a/ansible/roles/test/tasks/everflow_testbed/run_test.yml b/ansible/roles/test/tasks/everflow_testbed/run_test.yml index 847a675333..d6d5d33b53 100644 --- a/ansible/roles/test/tasks/everflow_testbed/run_test.yml +++ b/ansible/roles/test/tasks/everflow_testbed/run_test.yml @@ -47,31 +47,22 @@ shell: vtysh -e "conf t" -e "ip route {{ unresolved_nexthop_prefix }} {{ dst_port_2 }}" become: yes - - name: Run testcase 1 - Resolved route + - name: Run testcase 1 - Resolved route, unresolved route, best prefix match route creation and removal flows include: roles/test/tasks/everflow_testbed/testcase_1.yml - - name: Run testcase 2 - Longer prefix route with resolved next hop. + - name: Run testcase 2 - Change neighbor MAC address. include: roles/test/tasks/everflow_testbed/testcase_2.yml + when: testbed_type == "t1" - - name: Run testcase 3 - Remove longer prefix route. + - name: Run testcase 3 - ECMP route change (remove next hop not used by session). include: roles/test/tasks/everflow_testbed/testcase_3.yml - - name: Run testcase 4 - Change neighbor MAC address. + - name: Run testcase 4 - ECMP route change (remove next hop used by session). include: roles/test/tasks/everflow_testbed/testcase_4.yml - when: testbed_type == "t1" - - name: Run testcase 5 - Resolved ECMP route. + - name: Run testcase 5 - Policer enforced with DSCP value/mask include: roles/test/tasks/everflow_testbed/testcase_5.yml - - name: Run testcase 6 - ECMP route change (add next hop). - include: roles/test/tasks/everflow_testbed/testcase_6.yml - - - name: Run testcase 7 - ECMP route change (remove next hop used by session). - include: roles/test/tasks/everflow_testbed/testcase_7.yml - - - name: Run testcase 8 - Policer enforced with DSCP value/mask - include: roles/test/tasks/everflow_testbed/testcase_8.yml - always: - name: Remove route to unresolved next hop. shell: vtysh -e "conf t" -e "no ip route {{ unresolved_nexthop_prefix }} {{ dst_port_2 }}" @@ -83,5 +74,5 @@ - shell: cat {{ test_out_dir }}/* register: out - debug: var=out.stdout_lines - + - include: roles/test/files/tools/loganalyzer/loganalyzer_end.yml diff --git a/ansible/roles/test/tasks/everflow_testbed/testcase_1.yml b/ansible/roles/test/tasks/everflow_testbed/testcase_1.yml index 74c4142eef..77c8efd536 100644 --- a/ansible/roles/test/tasks/everflow_testbed/testcase_1.yml +++ b/ansible/roles/test/tasks/everflow_testbed/testcase_1.yml @@ -1,22 +1,61 @@ -# Test case 1 - Resolved route. -# Verify that session with resolved route has active state. +# Test case 1 - Longer prefix route with resolved next hop. +# Verify that session destination port and MAC address are changed after best match route insertion. -- name: Create route with next hop {{ dst_port_1 }}. - shell: vtysh -e "conf t" -e "ip route {{ session_prefix_1 }} {{ neighbor_info_1['addr'] }}" - become: yes +- block: + - name: Create route with next hop on {{ dst_port_1 }}. + shell: vtysh -e "conf t" -e "ip route {{ session_prefix_1 }} {{ neighbor_info_1['addr'] }}" -- pause: - seconds: 3 + - pause: + seconds: 3 -- block: - - name: Send traffic and verify that packets with correct Everflow header are received on destination port {{ dst_port_1 }}. - shell: ptf --test-dir acstests everflow_tb_test.EverflowTest --platform-dir ptftests --platform remote -t 'asic_type="{{ sonic_asic_type }}";hwsku="{{ sonic_hwsku }}";router_mac="{{ ansible_Ethernet0['macaddress'] }}";src_port="{{ src_port_ptf_id }}";dst_ports="{{ dst_port_1_ptf_id }}";session_src_ip="{{ session_src_ip }}";session_dst_ip="{{ session_dst_ip }}";session_ttl="{{ session_ttl }}";session_dscp="{{ session_dscp }}";verbose=True' - args: - chdir: /root - delegate_to: "{{ ptf_host }}" - register: out + - include: roles/test/tasks/everflow_testbed/everflow_ptf.yml + vars: + dst_port: "{{ dst_port_1 }}" + dst_port_ptf_id: "{{ dst_port_1_ptf_id }}" + + - name: Create route with best match and unresolved next hop. + shell: vtysh -e "conf t" -e "ip route {{ session_prefix_2 }} {{ unresolved_nexthop }}" + + - pause: + seconds: 3 + + - include: roles/test/tasks/everflow_testbed/everflow_ptf.yml + vars: + dst_port: "{{ dst_port_1 }}" + dst_port_ptf_id: "{{ dst_port_1_ptf_id }}" + + - name: Create route with best match prefix and resolved next hop on destination port {{ dst_port_2 }}. + shell: vtysh -e "conf t" -e "no ip route {{ session_prefix_2 }} {{ unresolved_nexthop }}" -e "ip route {{ session_prefix_2 }} {{ neighbor_info_2['addr'] }}" + + - pause: + seconds: 3 + + - include: roles/test/tasks/everflow_testbed/everflow_ptf.yml + vars: + dst_port: "{{ dst_port_2 }}" + dst_port_ptf_id: "{{ dst_port_2_ptf_id }}" + + - name: Remove route with best match prefix and resolved next hop on destination port {{ dst_port_2 }}. + shell: vtysh -e "conf t" -e "no ip route {{ session_prefix_2 }} {{ neighbor_info_2['addr'] }}" + + - pause: + seconds: 3 + + - include: roles/test/tasks/everflow_testbed/everflow_ptf.yml + vars: + dst_port: "{{ dst_port_1 }}" + dst_port_ptf_id: "{{ dst_port_1_ptf_id }}" always: - - name: Remove route + - name: Remove route. shell: vtysh -e "conf t" -e "no ip route {{ session_prefix_1 }} {{ neighbor_info_1['addr'] }}" - become: yes + ignore_errors: yes + + - name: Remove best match route. + shell: vtysh -e "conf t" -e "no ip route {{ session_prefix_2 }} {{ unresolved_nexthop }}" + ignore_errors: yes + + - name: Remove best match route. + shell: vtysh -e "conf t" -e "no ip route {{ session_prefix_2 }} {{ neighbor_info_2['addr'] }}" + ignore_errors: yes + become: yes diff --git a/ansible/roles/test/tasks/everflow_testbed/testcase_2.yml b/ansible/roles/test/tasks/everflow_testbed/testcase_2.yml index 84f414e136..abe99c6df5 100644 --- a/ansible/roles/test/tasks/everflow_testbed/testcase_2.yml +++ b/ansible/roles/test/tasks/everflow_testbed/testcase_2.yml @@ -1,5 +1,5 @@ -# Test case 2 - Longer prefix route with resolved next hop. -# Verify that session destination port and MAC address are changed after best match route insertion. +# Test case 2 - Change neighbor MAC address. +# Verify that session destination MAC address is changed after neighbor MAC address update. - block: - name: Create route with next hop on {{ dst_port_1 }}. @@ -8,50 +8,32 @@ - pause: seconds: 3 - - name: Send traffic and verify that packets with correct Everflow header are received on destination port {{ dst_port_1 }}. - shell: ptf --test-dir acstests everflow_tb_test.EverflowTest --platform-dir ptftests --platform remote -t 'asic_type="{{ sonic_asic_type }}";hwsku="{{ sonic_hwsku }}";router_mac="{{ ansible_Ethernet0['macaddress'] }}";src_port="{{ src_port_ptf_id }}";dst_ports="{{ dst_port_1_ptf_id }}";session_src_ip="{{ session_src_ip }}";session_dst_ip="{{ session_dst_ip }}";session_ttl="{{ session_ttl }}";session_dscp="{{ session_dscp }}";verbose=True' - args: - chdir: /root - delegate_to: "{{ ptf_host }}" - register: out + - include: roles/test/tasks/everflow_testbed/everflow_ptf.yml + vars: + dst_port: "{{ dst_port_1 }}" + dst_port_ptf_id: "{{ dst_port_1_ptf_id }}" - - name: Create route with best match and unresolved next hop. - shell: vtysh -e "conf t" -e "ip route {{ session_prefix_2 }} {{ unresolved_nexthop }}" + - name: Change neighbor MAC address. + shell: ip neigh replace {{ neighbor_info_1['addr'] }} lladdr "00:11:22:33:44:55" nud permanent dev {{ dst_port_1 }} - pause: seconds: 3 - - name: Send traffic and verify that packets with correct Everflow header are received on destination port {{ dst_port_1 }}. - shell: ptf --test-dir acstests everflow_tb_test.EverflowTest --platform-dir ptftests --platform remote -t 'asic_type="{{ sonic_asic_type }}";hwsku="{{ sonic_hwsku }}";router_mac="{{ ansible_Ethernet0['macaddress'] }}";src_port="{{ src_port_ptf_id }}";dst_ports="{{ dst_port_1_ptf_id }}";session_src_ip="{{ session_src_ip }}";session_dst_ip="{{ session_dst_ip }}";session_ttl="{{ session_ttl }}";session_dscp="{{ session_dscp }}";verbose=True' - args: - chdir: /root - delegate_to: "{{ ptf_host }}" - register: out + - include: roles/test/tasks/everflow_testbed/everflow_ptf.yml + vars: + dst_port: "{{ dst_port_1 }}" + dst_port_ptf_id: "{{ dst_port_1_ptf_id }}" - - name: Create route with best match prefix and resolved next hop on destination port {{ dst_port_2 }}. - shell: vtysh -e "conf t" -e "no ip route {{ session_prefix_2 }} {{ unresolved_nexthop }}" -e "ip route {{ session_prefix_2 }} {{ neighbor_info_2['addr'] }}" - - - pause: - seconds: 3 - - - name: Send traffic and verify that packets with correct Everflow header are received on destination port {{ dst_port_2 }}. - shell: ptf --test-dir acstests everflow_tb_test.EverflowTest --platform-dir ptftests --platform remote -t 'asic_type="{{ sonic_asic_type }}";hwsku="{{ sonic_hwsku }}";router_mac="{{ ansible_Ethernet0['macaddress'] }}";src_port="{{ src_port_ptf_id }}";dst_ports="{{ dst_port_2_ptf_id }}";session_src_ip="{{ session_src_ip }}";session_dst_ip="{{ session_dst_ip }}";session_ttl="{{ session_ttl }}";session_dscp="{{ session_dscp }}";verbose=True' - args: - chdir: /root - delegate_to: "{{ ptf_host }}" - register: out become: yes always: - - name: Remove route. - shell: vtysh -e "conf t" -e "no ip route {{ session_prefix_1 }} {{ neighbor_info_1['addr'] }}" - ignore_errors: yes + - name: Remove neighbor MAC. + shell: ip neigh del {{ neighbor_info_1['addr'] }} dev {{ dst_port_1 }} - - name: Remove best match route. - shell: vtysh -e "conf t" -e "no ip route {{ session_prefix_2 }} {{ unresolved_nexthop }}" - ignore_errors: yes + - name: Recover neighbor MAC address. + shell: ping {{ neighbor_info_1['addr'] }} -c3 - - name: Remove best match route. - shell: vtysh -e "conf t" -e "no ip route {{ session_prefix_2 }} {{ neighbor_info_2['addr'] }}" + - name: Remove route. + shell: vtysh -e "conf t" -e "no ip route {{ session_prefix_1 }} {{ neighbor_info_1['addr'] }}" ignore_errors: yes become: yes diff --git a/ansible/roles/test/tasks/everflow_testbed/testcase_3.yml b/ansible/roles/test/tasks/everflow_testbed/testcase_3.yml index 0eefbcc3cf..5972121fc5 100644 --- a/ansible/roles/test/tasks/everflow_testbed/testcase_3.yml +++ b/ansible/roles/test/tasks/everflow_testbed/testcase_3.yml @@ -1,53 +1,55 @@ -# Test case 3 - Remove longer prefix route. -# Verify that session destination port and MAC address are changed after best match route removal. +# Test case 3 - ECMP route change (remove next hop not used by session). +# Verify that after removal of next hop that was used by session from ECMP route session state is active. - block: - - name: Create route with next hop on {{ dst_port_1 }}. - shell: vtysh -e "conf t" -e "ip route {{ session_prefix_1 }} {{ neighbor_info_1['addr'] }}" + - name: Create ECMP route with next hops on {{ dst_port_1 }} and {{ dst_port_2 }}. + shell: vtysh -e "conf t" -e "ip route {{ session_prefix_1 }} {{ neighbor_info_1['addr'] }}" -e "ip route {{ session_prefix_1 }} {{ neighbor_info_2['addr'] }}" - pause: seconds: 3 - - name: Send traffic and verify that packets with correct Everflow header are received on destination port {{ dst_port_1 }}. - shell: ptf --test-dir acstests everflow_tb_test.EverflowTest --platform-dir ptftests --platform remote -t 'asic_type="{{ sonic_asic_type }}";hwsku="{{ sonic_hwsku }}";router_mac="{{ ansible_Ethernet0['macaddress'] }}";src_port="{{ src_port_ptf_id }}";dst_ports="{{ dst_port_1_ptf_id }}";session_src_ip="{{ session_src_ip }}";session_dst_ip="{{ session_dst_ip }}";session_ttl="{{ session_ttl }}";session_dscp="{{ session_dscp }}";verbose=True' - args: - chdir: /root - delegate_to: "{{ ptf_host }}" - register: out + - include: roles/test/tasks/everflow_testbed/everflow_ptf.yml + vars: + dst_port: "{{ dst_port_1 }}, {{ dst_port_2 }}" + dst_port_ptf_id: "{{ dst_port_1_ptf_id }}, {{ dst_port_2_ptf_id }}" - - name: Create route with best match prefix and resolved next hop {{ dst_port_2 }}. - shell: vtysh -e "conf t" -e "ip route {{ session_prefix_2 }} {{ neighbor_info_2['addr'] }}" + - name: Add next hop to ECMP route. + shell: vtysh -e "conf t" -e "ip route {{ session_prefix_1 }} {{ neighbor_info_3['addr'] }}" - pause: seconds: 3 - - name: Send traffic and verify that packets with correct Everflow header are received on destination port {{ dst_port_2}}. - shell: ptf --test-dir acstests everflow_tb_test.EverflowTest --platform-dir ptftests --platform remote -t 'asic_type="{{ sonic_asic_type }}";hwsku="{{ sonic_hwsku }}";router_mac="{{ ansible_Ethernet0['macaddress'] }}";src_port="{{ src_port_ptf_id }}";dst_ports="{{ dst_port_2_ptf_id }}";session_src_ip="{{ session_src_ip }}";session_dst_ip="{{ session_dst_ip }}";session_ttl="{{ session_ttl }}";session_dscp="{{ session_dscp }}";verbose=True' - args: - chdir: /root - delegate_to: "{{ ptf_host }}" - register: out + - include: roles/test/tasks/everflow_testbed/everflow_ptf.yml + vars: + dst_port: "{{ dst_port_1 }}, {{ dst_port_2 }}" + dst_port_ptf_id: "{{ dst_port_1_ptf_id }}, {{ dst_port_2_ptf_id }}" - - name: Remove best match route. - shell: vtysh -e "conf t" -e "no ip route {{ session_prefix_2 }} {{ neighbor_info_2['addr'] }}" + - include: roles/test/tasks/everflow_testbed/everflow_ptf.yml + vars: + dst_port: "{{ dst_port_3 }}" + dst_port_ptf_id: "{{ dst_port_3_ptf_id }}" + expect_received: False + + - name: Delete next hop from ECMP route. + shell: vtysh -e "conf t" -e "no ip route {{ session_prefix_1 }} {{ neighbor_info_3['addr'] }}" - pause: seconds: 3 - - name: Send traffic and verify that packets with correct Everflow header are received on destination port {{ dst_port_1 }}. - shell: ptf --test-dir acstests everflow_tb_test.EverflowTest --platform-dir ptftests --platform remote -t 'asic_type="{{ sonic_asic_type }}";hwsku="{{ sonic_hwsku }}";router_mac="{{ ansible_Ethernet0['macaddress'] }}";src_port="{{ src_port_ptf_id }}";dst_ports="{{ dst_port_1_ptf_id }}";session_src_ip="{{ session_src_ip }}";session_dst_ip="{{ session_dst_ip }}";session_ttl="{{ session_ttl }}";session_dscp="{{ session_dscp }}";verbose=True' - args: - chdir: /root - delegate_to: "{{ ptf_host }}" - register: out + - include: roles/test/tasks/everflow_testbed/everflow_ptf.yml + vars: + dst_port: "{{ dst_port_1 }}, {{ dst_port_2 }}" + dst_port_ptf_id: "{{ dst_port_1_ptf_id }}, {{ dst_port_2_ptf_id }}" + + - include: roles/test/tasks/everflow_testbed/everflow_ptf.yml + vars: + dst_port: "{{ dst_port_3 }}" + dst_port_ptf_id: "{{ dst_port_3_ptf_id }}" + expect_received: False become: yes always: - - name: Remove route. - shell: vtysh -e "conf t" -e "no ip route {{ session_prefix_1 }} {{ neighbor_info_1['addr'] }}" + - name: Remove route + shell: vtysh -e "conf t" -e "no ip route {{ session_prefix_1 }} {{ neighbor_info_1['addr'] }}" -e "no ip route {{ session_prefix_1 }} {{ neighbor_info_2['addr'] }}" -e "no ip route {{ session_prefix_1 }} {{ neighbor_info_3['addr'] }}" ignore_errors: yes - - - name: Remove best match route. - shell: vtysh -e "conf t" -e "no ip route {{ session_prefix_2 }} {{ neighbor_info_2['addr'] }}" - ignore_errors: yes - become: yes + become: yes diff --git a/ansible/roles/test/tasks/everflow_testbed/testcase_4.yml b/ansible/roles/test/tasks/everflow_testbed/testcase_4.yml index b388ffdd7d..c60357ad2e 100644 --- a/ansible/roles/test/tasks/everflow_testbed/testcase_4.yml +++ b/ansible/roles/test/tasks/everflow_testbed/testcase_4.yml @@ -1,5 +1,5 @@ -# Test case 4 - Change neighbor MAC address. -# Verify that session destination MAC address is changed after neighbor MAC address update. +# Test case 4 - ECMP route change (remove next hop used by session). +# Verify that removal of next hop that is not used by session doesn't cause DST port and MAC change. - block: - name: Create route with next hop on {{ dst_port_1 }}. @@ -8,35 +8,48 @@ - pause: seconds: 3 - - name: Send traffic and verify that packets with correct Everflow header are received on destination port {{ dst_port_1 }}. - shell: ptf --test-dir acstests everflow_tb_test.EverflowTest --platform-dir ptftests --platform remote -t 'asic_type="{{ sonic_asic_type }}";hwsku="{{ sonic_hwsku }}";router_mac="{{ ansible_Ethernet0['macaddress'] }}";src_port="{{ src_port_ptf_id }}";dst_ports="{{ dst_port_1_ptf_id }}";session_src_ip="{{ session_src_ip }}";session_dst_ip="{{ session_dst_ip }}";session_ttl="{{ session_ttl }}";session_dscp="{{ session_dscp }}";expected_dst_mac="{{ neighbor_mac_1 }}";verbose=True' - args: - chdir: /root - delegate_to: "{{ ptf_host }}" - register: out + - include: roles/test/tasks/everflow_testbed/everflow_ptf.yml + vars: + dst_port: "{{ dst_port_1 }}" + dst_port_ptf_id: "{{ dst_port_1_ptf_id }}" - - name: Change neighbor MAC address. - shell: ip neigh replace {{ neighbor_info_1['addr'] }} lladdr "00:11:22:33:44:55" nud permanent dev {{ dst_port_1 }} + - name: Add next hops on {{ dst_port_2 }} and {{ dst_port_3 }} to route. + shell: vtysh -e "conf t" -e "ip route {{ session_prefix_1 }} {{ neighbor_info_2['addr'] }}" -e "ip route {{ session_prefix_1 }} {{ neighbor_info_3['addr'] }}" - pause: seconds: 3 - - name: Send traffic and verify that packets with correct Everflow header are received on destination port {{ dst_port_1 }}. - shell: ptf --test-dir acstests everflow_tb_test.EverflowTest --platform-dir ptftests --platform remote -t 'asic_type="{{ sonic_asic_type }}";hwsku="{{ sonic_hwsku }}";router_mac="{{ ansible_Ethernet0['macaddress'] }}";src_port="{{ src_port_ptf_id }}";dst_ports="{{ dst_port_1_ptf_id }}";session_src_ip="{{ session_src_ip }}";session_dst_ip="{{ session_dst_ip }}";session_ttl="{{ session_ttl }}";session_dscp="{{ session_dscp }}";expected_dst_mac="00:11:22:33:44:55";verbose=True' - args: - chdir: /root - delegate_to: "{{ ptf_host }}" - register: out - become: yes - - always: - - name: Remove neighbor MAC. - shell: ip neigh del {{ neighbor_info_1['addr'] }} dev {{ dst_port_1 }} + - include: roles/test/tasks/everflow_testbed/everflow_ptf.yml + vars: + dst_port: "{{ dst_port_1 }}" + dst_port_ptf_id: "{{ dst_port_1_ptf_id }}" - - name: Recover neighbor MAC address. - shell: ping {{ neighbor_info_1['addr'] }} -c3 + - include: roles/test/tasks/everflow_testbed/everflow_ptf.yml + vars: + dst_port: "{{ dst_port_2 }}, {{ dst_port_3 }}" + dst_port_ptf_id: "{{ dst_port_2_ptf_id }}, {{ dst_port_3_ptf_id }}" + expect_received: False - - name: Remove route. + - name: Delete one next hop from ECMP route. shell: vtysh -e "conf t" -e "no ip route {{ session_prefix_1 }} {{ neighbor_info_1['addr'] }}" + + - pause: + seconds: 3 + + - include: roles/test/tasks/everflow_testbed/everflow_ptf.yml + vars: + dst_port: "{{ dst_port_1 }}" + dst_port_ptf_id: "{{ dst_port_1_ptf_id }}" + expect_received: False + + - include: roles/test/tasks/everflow_testbed/everflow_ptf.yml + vars: + dst_port: "{{ dst_port_2 }}, {{ dst_port_3 }}" + dst_port_ptf_id: "{{ dst_port_2_ptf_id }}, {{ dst_port_3_ptf_id }}" + become: yes + + always: + - name: Remove route {{session_prefix_1}} + shell: vtysh -e "conf t" -e "no ip route {{ session_prefix_1 }} {{ neighbor_info_1['addr'] }}" -e "no ip route {{ session_prefix_1 }} {{ neighbor_info_2['addr'] }}" -e "no ip route {{ session_prefix_1 }} {{ neighbor_info_3['addr'] }}" ignore_errors: yes become: yes diff --git a/ansible/roles/test/tasks/everflow_testbed/testcase_5.yml b/ansible/roles/test/tasks/everflow_testbed/testcase_5.yml index fe953eacfc..e9016eb879 100644 --- a/ansible/roles/test/tasks/everflow_testbed/testcase_5.yml +++ b/ansible/roles/test/tasks/everflow_testbed/testcase_5.yml @@ -1,21 +1,89 @@ -# Test case 5 - Resolved ECMP route. +# Test case 5 - Policer enforced DSCP value/mask test -- name: Create ECMP route with next hops on {{ dst_port_1 }} and {{ dst_port_2 }}. - shell: vtysh -e "conf t" -e "ip route {{ session_prefix_1 }} {{ neighbor_info_1['addr'] }}" -e "ip route {{ session_prefix_1 }} {{ neighbor_info_2['addr'] }}" - become: yes +- set_fact: + policer_name: TEST_POLICER + policer_session_name: TEST_POLICER_SESSION + dscp_table_name: EVERFLOW_DSCP + +- set_fact: + rule_action: "MIRROR_INGRESS_ACTION" + when: mirror_stage == "ingress" -- pause: - seconds: 3 +- set_fact: + rule_action: "MIRROR_EGRESS_ACTION" + when: mirror_stage == "egress" + +- name: Create route with next hop {{ dst_port_1 }}. + shell: vtysh -e "conf t" -e "ip route {{ session_prefix_1 }} {{ neighbor_info_1['addr'] }}" + become: yes - block: - - name: Send traffic and verify that packets with correct Everflow header are received on {{ dst_port_1 }} or {{ dst_port_2 }}. - shell: ptf --test-dir acstests everflow_tb_test.EverflowTest --platform-dir ptftests --platform remote -t 'asic_type="{{ sonic_asic_type }}";hwsku="{{ sonic_hwsku }}";router_mac="{{ ansible_Ethernet0['macaddress'] }}";src_port="{{ src_port_ptf_id }}";dst_ports="{{ dst_port_1_ptf_id }}, {{ dst_port_2_ptf_id }}";session_src_ip="{{ session_src_ip }}";session_dst_ip="{{ session_dst_ip }}";session_ttl="{{ session_ttl }}";session_dscp="{{ session_dscp }}";verbose=True' - args: - chdir: /root - delegate_to: "{{ ptf_host }}" - register: out + - name: Create a policer + shell: | + redis-cli -n 4 hmset "POLICER|{{policer_name}}" "meter_type" "packets" "mode" "sr_tcm" "cir" "100" "cbs" "100" "red_packet_action" "drop" + become: yes + + - name: Create a policer enforced mirror session + shell: | + config mirror_session add {{policer_session_name}} {{session_src_ip}} {{session_dst_ip}} {{session_dscp}} {{session_ttl}} --policer {{policer_name}} + become: yes + + - name: Create an ACL table with MIRROR_DSCP type + shell: config acl add table {{dscp_table_name}} "MIRROR_DSCP" --description "EVERFLOW_TEST" --stage={{ acl_stage }} + become: yes + + - name: Create a rule with DSCP value and mask + shell: | + redis-cli -n 4 hmset "ACL_RULE|{{dscp_table_name}}|RULE_1" "PRIORITY" "9999" "{{ rule_action }}" "{{policer_session_name}}" "DSCP" "8/56" + become: yes + + - name: Pause to sync the rule + pause: seconds=3 + + - name: "Start PTF runner" + include: roles/test/tasks/ptf_runner.yml + vars: + ptf_test_name: EVERFLOW Policer Test + ptf_test_dir: acstests + ptf_test_path: everflow_policer_test.EverflowPolicerTest + ptf_platform: remote + ptf_platform_dir: ptftests + ptf_test_params: + - asic_type='{{sonic_asic_type}}' + - hwsku='{{sonic_hwsku}}' + - router_mac='{{ansible_Ethernet0['macaddress']}}' + - src_port='{{src_port_ptf_id}}' + - dst_ports='{{",".join((spine_ptf_ports))}}' + - dst_mirror_ports='{{dst_port_1_ptf_id}}' + - mirror_stage='{{ mirror_stage }}' + ptf_extra_options: "--relax --debug info" always: + - name: Remove the rule with DSCP value and mask + shell: | + redis-cli -n 4 del "ACL_RULE|{{dscp_table_name}}|RULE_1" + ignore_errors: yes + become: yes + + - name: Remove the ACL table with MIRROR_DSCP type + shell: config acl remove table {{dscp_table_name}} + ignore_errors: yes + become: yes + + - name: Remove the policer enforced mirror session + shell: | + config mirror_session remove {{policer_session_name}} + ignore_errors: yes + become: yes + + - name: Remove policer + shell: | + redis-cli -n 4 del "POLICER|{{policer_name}}" + ignore_errors: yes + become: yes + - name: Remove route - shell: vtysh -e "conf t" -e "no ip route {{ session_prefix_1 }} {{ neighbor_info_1['addr'] }}" -e "no ip route {{ session_prefix_1 }} {{ neighbor_info_2['addr'] }}" + shell: vtysh -e "conf t" -e "no ip route {{ session_prefix_1 }} {{ neighbor_info_1['addr'] }}" + ignore_errors: yes become: yes + diff --git a/ansible/roles/test/tasks/everflow_testbed/testcase_6.yml b/ansible/roles/test/tasks/everflow_testbed/testcase_6.yml deleted file mode 100644 index 9445d64817..0000000000 --- a/ansible/roles/test/tasks/everflow_testbed/testcase_6.yml +++ /dev/null @@ -1,65 +0,0 @@ -# Test case 8 - ECMP route change (remove next hop not used by session). -# Verify that after removal of next hop that was used by session from ECMP route session state is active. - -- block: - - name: Create ECMP route with next hops on {{ dst_port_1 }} and {{ dst_port_2 }}. - shell: vtysh -e "conf t" -e "ip route {{ session_prefix_1 }} {{ neighbor_info_1['addr'] }}" -e "ip route {{ session_prefix_1 }} {{ neighbor_info_2['addr'] }}" - - - pause: - seconds: 3 - - - name: Send traffic and verify that packets with correct Everflow header are received on {{ dst_port_1 }} or {{ dst_port_2 }}. - shell: ptf --test-dir acstests everflow_tb_test.EverflowTest --platform-dir ptftests --platform remote -t 'asic_type="{{ sonic_asic_type }}";hwsku="{{ sonic_hwsku }}";router_mac="{{ ansible_Ethernet0['macaddress'] }}";src_port="{{ src_port_ptf_id }}";dst_ports="{{ dst_port_1_ptf_id }}, {{ dst_port_2_ptf_id }}";session_src_ip="{{ session_src_ip }}";session_dst_ip="{{ session_dst_ip }}";session_ttl="{{ session_ttl }}";session_dscp="{{ session_dscp }}";verbose=True' - args: - chdir: /root - delegate_to: "{{ ptf_host }}" - register: out - - - name: Add next hop to ECMP route. - shell: vtysh -e "conf t" -e "ip route {{ session_prefix_1 }} {{ neighbor_info_3['addr'] }}" - - - pause: - seconds: 3 - - - name: Send traffic and verify that packets with correct Everflow header are received on {{ dst_port_1 }} or {{ dst_port_2 }}. - shell: ptf --test-dir acstests everflow_tb_test.EverflowTest --platform-dir ptftests --platform remote -t 'asic_type="{{ sonic_asic_type }}";hwsku="{{ sonic_hwsku }}";router_mac="{{ ansible_Ethernet0['macaddress'] }}";src_port="{{ src_port_ptf_id }}";dst_ports="{{ dst_port_1_ptf_id }}, {{ dst_port_2_ptf_id }}";session_src_ip="{{ session_src_ip }}";session_dst_ip="{{ session_dst_ip }}";session_ttl="{{ session_ttl }}";session_dscp="{{ session_dscp }}";verbose=True' - args: - chdir: /root - delegate_to: "{{ ptf_host }}" - register: out - - - name: Send traffic and verify that packets are not received on {{ dst_port_3 }}. - shell: ptf --test-dir acstests everflow_tb_test.EverflowTest --platform-dir ptftests --platform remote -t 'asic_type="{{ sonic_asic_type }}";hwsku="{{ sonic_hwsku }}";router_mac="{{ ansible_Ethernet0['macaddress'] }}";src_port="{{ src_port_ptf_id }}";dst_ports="{{ dst_port_3_ptf_id }}";session_src_ip="{{ session_src_ip }}";session_dst_ip="{{ session_dst_ip }}";session_ttl="{{ session_ttl }}";session_dscp="{{ session_dscp }}";verbose=True' - args: - chdir: /root - delegate_to: "{{ ptf_host }}" - register: out - failed_when: out.rc == 0 - - - name: Delete next hop from ECMP route. - shell: vtysh -e "conf t" -e "no ip route {{ session_prefix_1 }} {{ neighbor_info_3['addr'] }}" - - - pause: - seconds: 3 - - - name: Send traffic and verify that packets with correct Everflow header are received on {{ dst_port_1 }} or {{ dst_port_2 }}. - shell: ptf --test-dir acstests everflow_tb_test.EverflowTest --platform-dir ptftests --platform remote -t 'asic_type="{{ sonic_asic_type }}";hwsku="{{ sonic_hwsku }}";router_mac="{{ ansible_Ethernet0['macaddress'] }}";src_port="{{ src_port_ptf_id }}";dst_ports="{{ dst_port_1_ptf_id }}, {{ dst_port_2_ptf_id }}";session_src_ip="{{ session_src_ip }}";session_dst_ip="{{ session_dst_ip }}";session_ttl="{{ session_ttl }}";session_dscp="{{ session_dscp }}";verbose=True' - args: - chdir: /root - delegate_to: "{{ ptf_host }}" - register: out - - - name: Send traffic and verify that packets are not received on {{ dst_port_3 }}. - shell: ptf --test-dir acstests everflow_tb_test.EverflowTest --platform-dir ptftests --platform remote -t 'asic_type="{{ sonic_asic_type }}";hwsku="{{ sonic_hwsku }}";router_mac="{{ ansible_Ethernet0['macaddress'] }}";src_port="{{ src_port_ptf_id }}";dst_ports="{{ dst_port_3_ptf_id }}";session_src_ip="{{ session_src_ip }}";session_dst_ip="{{ session_dst_ip }}";session_ttl="{{ session_ttl }}";session_dscp="{{ session_dscp }}";verbose=True' - args: - chdir: /root - delegate_to: "{{ ptf_host }}" - register: out - failed_when: out.rc == 0 - become: yes - - always: - - name: Remove route - shell: vtysh -e "conf t" -e "no ip route {{ session_prefix_1 }} {{ neighbor_info_1['addr'] }}" -e "no ip route {{ session_prefix_1 }} {{ neighbor_info_2['addr'] }}" -e "no ip route {{ session_prefix_1 }} {{ neighbor_info_3['addr'] }}" - ignore_errors: yes - become: yes diff --git a/ansible/roles/test/tasks/everflow_testbed/testcase_7.yml b/ansible/roles/test/tasks/everflow_testbed/testcase_7.yml deleted file mode 100644 index 92ebb6d1f1..0000000000 --- a/ansible/roles/test/tasks/everflow_testbed/testcase_7.yml +++ /dev/null @@ -1,65 +0,0 @@ -# Test case 7 - ECMP route change (remove next hop used by session). -# Verify that removal of next hop that is not used by session doesn't cause DST port and MAC change. - -- block: - - name: Create route with next hop on {{ dst_port_1 }}. - shell: vtysh -e "conf t" -e "ip route {{ session_prefix_1 }} {{ neighbor_info_1['addr'] }}" - - - pause: - seconds: 3 - - - name: Send traffic and verify that packets with correct Everflow header are received on {{ dst_port_1 }}. - shell: ptf --test-dir acstests everflow_tb_test.EverflowTest --platform-dir ptftests --platform remote -t 'asic_type="{{ sonic_asic_type }}";hwsku="{{ sonic_hwsku }}";router_mac="{{ ansible_Ethernet0['macaddress'] }}";src_port="{{ src_port_ptf_id }}";dst_ports="{{ dst_port_1_ptf_id }}";session_src_ip="{{ session_src_ip }}";session_dst_ip="{{ session_dst_ip }}";session_ttl="{{ session_ttl }}";session_dscp="{{ session_dscp }}";verbose=True' - args: - chdir: /root - delegate_to: "{{ ptf_host }}" - register: out - - - name: Add next hops on {{ dst_port_2 }} and {{ dst_port_3 }} to route. - shell: vtysh -e "conf t" -e "ip route {{ session_prefix_1 }} {{ neighbor_info_2['addr'] }}" -e "ip route {{ session_prefix_1 }} {{ neighbor_info_3['addr'] }}" - - - pause: - seconds: 3 - - - name: Send traffic and verify that packets with correct Everflow header are received on {{ dst_port_1 }}. - shell: ptf --test-dir acstests everflow_tb_test.EverflowTest --platform-dir ptftests --platform remote -t 'asic_type="{{ sonic_asic_type }}";hwsku="{{ sonic_hwsku }}";router_mac="{{ ansible_Ethernet0['macaddress'] }}";src_port="{{ src_port_ptf_id }}";dst_ports="{{ dst_port_1_ptf_id }}";session_src_ip="{{ session_src_ip }}";session_dst_ip="{{ session_dst_ip }}";session_ttl="{{ session_ttl }}";session_dscp="{{ session_dscp }}";verbose=True' - args: - chdir: /root - delegate_to: "{{ ptf_host }}" - register: out - - - name: Send traffic and verify that packets are not received on {{ dst_port_2 }} and {{ dst_port_3 }}. - shell: ptf --test-dir acstests everflow_tb_test.EverflowTest --platform-dir ptftests --platform remote -t 'asic_type="{{ sonic_asic_type }}";hwsku="{{ sonic_hwsku }}";router_mac="{{ ansible_Ethernet0['macaddress'] }}";src_port="{{ src_port_ptf_id }}";dst_ports="{{ dst_port_2_ptf_id }},{{ dst_port_3_ptf_id }}";session_src_ip="{{ session_src_ip }}";session_dst_ip="{{ session_dst_ip }}";session_ttl="{{ session_ttl }}";session_dscp="{{ session_dscp }}";verbose=True' - args: - chdir: /root - delegate_to: "{{ ptf_host }}" - register: out - failed_when: out.rc == 0 - - - name: Delete one next hop from ECMP route. - shell: vtysh -e "conf t" -e "no ip route {{ session_prefix_1 }} {{ neighbor_info_1['addr'] }}" - - - pause: - seconds: 3 - - - name: Send traffic and verify that packets are not received {{ dst_port_1 }}. - shell: ptf --test-dir acstests everflow_tb_test.EverflowTest --platform-dir ptftests --platform remote -t 'asic_type="{{ sonic_asic_type }}";hwsku="{{ sonic_hwsku }}";router_mac="{{ ansible_Ethernet0['macaddress'] }}";src_port="{{ src_port_ptf_id }}";dst_ports="{{ dst_port_1_ptf_id }}";session_src_ip="{{ session_src_ip }}";session_dst_ip="{{ session_dst_ip }}";session_ttl="{{ session_ttl }}";session_dscp="{{ session_dscp }}";verbose=True' - args: - chdir: /root - delegate_to: "{{ ptf_host }}" - register: out - failed_when: out.rc == 0 - - - name: Send traffic and verify that packets with correct Everflow header are received on {{ dst_port_2 }} or {{ dst_port_3 }}. - shell: ptf --test-dir acstests everflow_tb_test.EverflowTest --platform-dir ptftests --platform remote -t 'asic_type="{{ sonic_asic_type }}";hwsku="{{ sonic_hwsku }}";router_mac="{{ ansible_Ethernet0['macaddress'] }}";src_port="{{ src_port_ptf_id }}";dst_ports="{{ dst_port_2_ptf_id }},{{ dst_port_3_ptf_id }}";session_src_ip="{{ session_src_ip }}";session_dst_ip="{{ session_dst_ip }}";session_ttl="{{ session_ttl }}";session_dscp="{{ session_dscp }}";verbose=True' - args: - chdir: /root - delegate_to: "{{ ptf_host }}" - register: out - become: yes - - always: - - name: Remove route {{session_prefix_1}} - shell: vtysh -e "conf t" -e "no ip route {{ session_prefix_1 }} {{ neighbor_info_1['addr'] }}" -e "no ip route {{ session_prefix_1 }} {{ neighbor_info_2['addr'] }}" -e "no ip route {{ session_prefix_1 }} {{ neighbor_info_3['addr'] }}" - ignore_errors: yes - become: yes diff --git a/ansible/roles/test/tasks/everflow_testbed/testcase_8.yml b/ansible/roles/test/tasks/everflow_testbed/testcase_8.yml deleted file mode 100644 index 7fb8ed3b36..0000000000 --- a/ansible/roles/test/tasks/everflow_testbed/testcase_8.yml +++ /dev/null @@ -1,80 +0,0 @@ -# Test case 8 - Policer enforced DSCP value/mask test - -- set_fact: - policer_name: TEST_POLICER - policer_session_name: TEST_POLICER_SESSION - dscp_table_name: EVERFLOW_DSCP - -- name: Create route with next hop {{ dst_port_1 }}. - shell: vtysh -e "conf t" -e "ip route {{ session_prefix_1 }} {{ neighbor_info_1['addr'] }}" - become: yes - -- block: - - name: Create a policer - shell: | - redis-cli -n 4 hmset "POLICER|{{policer_name}}" "meter_type" "packets" "mode" "sr_tcm" "cir" "100" "cbs" "100" "red_packet_action" "drop" - become: yes - - - name: Create a policer enforced mirror session - shell: | - config mirror_session add {{policer_session_name}} {{session_src_ip}} {{session_dst_ip}} {{session_dscp}} {{session_ttl}} --policer {{policer_name}} - become: yes - - - name: Create an ACL table with MIRROR_DSCP type - shell: config acl add table {{dscp_table_name}} "MIRROR_DSCP" --description "EVERFLOW_TEST" - become: yes - - - name: Create a rule with DSCP value and mask - shell: | - redis-cli -n 4 hmset "ACL_RULE|{{dscp_table_name}}|RULE_1" "PRIORITY" "9999" "MIRROR_ACTION" "{{policer_session_name}}" "DSCP" "8/56" - become: yes - - - name: Pause to sync the rule - pause: seconds=3 - - - name: "Start PTF runner" - include: roles/test/tasks/ptf_runner.yml - vars: - ptf_test_name: EVERFLOW Policer Test - ptf_test_dir: acstests - ptf_test_path: everflow_policer_test.EverflowPolicerTest - ptf_platform: remote - ptf_platform_dir: ptftests - ptf_test_params: - - asic_type='{{sonic_asic_type}}' - - hwsku='{{sonic_hwsku}}' - - router_mac='{{ansible_Ethernet0['macaddress']}}' - - src_port='{{src_port_ptf_id}}' - - dst_ports='{{",".join((spine_ptf_ports))}}' - - dst_mirror_ports='{{dst_port_1_ptf_id}}' - ptf_extra_options: "--relax --debug info" - - always: - - name: Remove the rule with DSCP value and mask - shell: | - redis-cli -n 4 del "ACL_RULE|{{dscp_table_name}}|RULE_1" - ignore_errors: yes - become: yes - - - name: Remove the ACL table with MIRROR_DSCP type - shell: config acl remove table {{dscp_table_name}} - ignore_errors: yes - become: yes - - - name: Remove the policer enforced mirror session - shell: | - config mirror_session remove {{policer_session_name}} - ignore_errors: yes - become: yes - - - name: Remove policer - shell: | - redis-cli -n 4 del "POLICER|{{policer_name}}" - ignore_errors: yes - become: yes - - - name: Remove route - shell: vtysh -e "conf t" -e "no ip route {{ session_prefix_1 }} {{ neighbor_info_1['addr'] }}" - ignore_errors: yes - become: yes -