Merge branch 'selftests-forwarding-Add-VRF-based-tests'

forwarding.config

Motivation

==========

One of the nice things about network namespaces is that they allow one

to easily create and test complex environments.

Unfortunately, these namespaces can not be used with actual switching

ASICs, as their ports can not be migrated to other network namespaces

(NETIF_F_NETNS_LOCAL) and most of them probably do not support the

L1-separation provided by namespaces.

However, a similar kind of flexibility can be achieved by using VRFs and

by looping the switch ports together. For example:

                             br0

                              +

               vrf-h1         |           vrf-h2

                 +        +---+----+        +

                 |        |        |        |

    192.0.2.1/24 +        +        +        + 192.0.2.2/24

               swp1     swp2     swp3     swp4

                 +        +        +        +

                 |        |        |        |

                 +--------+        +--------+

The VRFs act as lightweight namespaces representing hosts connected to

the switch.

This approach for testing switch ASICs has several advantages over the

traditional method that requires multiple physical machines, to name a

few:

1. Only the device under test (DUT) is being tested without noise from

other system.

2. Ability to easily provision complex topologies. Testing bridging

between 4-ports LAGs or 8-way ECMP requires many physical links that are

not always available. With the VRF-based approach one merely needs to

loopback more ports.

These tests are written with switch ASICs in mind, but they can be run

on any Linux box using veth pairs to emulate physical loopbacks.

Guidelines for Writing Tests

============================

o Where possible, reuse an existing topology for different tests instead

  of recreating the same topology.

o Where possible, IPv6 and IPv4 addresses shall conform to RFC 3849 and

  RFC 5737, respectively.

o Where possible, tests shall be written so that they can be reused by

  multiple topologies and added to lib.sh.

o Checks shall be added to lib.sh for any external dependencies.

o Code shall be checked using ShellCheck [1] prior to submission.

1. https://www.shellcheck.net/

#!/bin/bash

# SPDX-License-Identifier: GPL-2.0

NUM_NETIFS=4

source lib.sh

h1_create()

{

	simple_if_init $h1 192.0.2.1/24 2001:db8:1::1/64

}

h1_destroy()

{

	simple_if_fini $h1 192.0.2.1/24 2001:db8:1::1/64

}

h2_create()

{

	simple_if_init $h2 192.0.2.2/24 2001:db8:1::2/64

}

h2_destroy()

{

	simple_if_fini $h2 192.0.2.2/24 2001:db8:1::2/64

}

switch_create()

{

	# 10 Seconds ageing time.

	ip link add dev br0 type bridge vlan_filtering 1 ageing_time 1000 \

		mcast_snooping 0

	ip link set dev $swp1 master br0

	ip link set dev $swp2 master br0

	ip link set dev br0 up

	ip link set dev $swp1 up

	ip link set dev $swp2 up

}

switch_destroy()

{

	ip link set dev $swp2 down

	ip link set dev $swp1 down

	ip link del dev br0

}

setup_prepare()

{

	h1=${NETIFS[p1]}

	swp1=${NETIFS[p2]}

	swp2=${NETIFS[p3]}

	h2=${NETIFS[p4]}

	vrf_prepare

	h1_create

	h2_create

	switch_create

}

cleanup()

{

	pre_cleanup

	switch_destroy

	h2_destroy

	h1_destroy

	vrf_cleanup

}

trap cleanup EXIT

setup_prepare

setup_wait

ping_test $h1 192.0.2.2

ping6_test $h1 2001:db8:1::2

learning_test "br0" $swp1 $h1 $h2

flood_test $swp2 $h1 $h2

exit $EXIT_STATUS

CONFIG_BRIDGE=m

CONFIG_VLAN_8021Q=m

CONFIG_BRIDGE_VLAN_FILTERING=y

CONFIG_NET_L3_MASTER_DEV=y

CONFIG_IPV6_MULTIPLE_TABLES=y

CONFIG_NET_VRF=m

CONFIG_BPF_SYSCALL=y

CONFIG_CGROUP_BPF=y

CONFIG_NET_CLS_FLOWER=m

CONFIG_NET_SCH_INGRESS=m

CONFIG_NET_ACT_GACT=m

CONFIG_VETH=m

#!/bin/bash

# SPDX-License-Identifier: GPL-2.0

##############################################################################

# Topology description. p1 looped back to p2, p3 to p4 and so on.

declare -A NETIFS

NETIFS[p1]=veth0

NETIFS[p2]=veth1

NETIFS[p3]=veth2

NETIFS[p4]=veth3

NETIFS[p5]=veth4

NETIFS[p6]=veth5

NETIFS[p7]=veth6

NETIFS[p8]=veth7

##############################################################################

# Defines

# IPv4 ping utility name

PING=ping

# IPv6 ping utility name. Some distributions use 'ping' for IPv6.

PING6=ping6

# Packet generator. Some distributions use 'mz'.

MZ=mausezahn

# Time to wait after interfaces participating in the test are all UP

WAIT_TIME=5

# Whether to pause on failure or not.

PAUSE_ON_FAIL=no

# Whether to pause on cleanup or not.

PAUSE_ON_CLEANUP=no