diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 09:53:30 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 09:53:30 +0000 |
| commit | 2c7cac91ed6e7db0f6937923d2b57f97dbdbc337 (patch) | |
| tree | c05dc0f8e6aa3accc84e3e5cffc933ed94941383 /tests/topotests/bgp_roles_filtering | |
| parent | Initial commit. (diff) | |
| download | frr-2c7cac91ed6e7db0f6937923d2b57f97dbdbc337.tar.xz frr-2c7cac91ed6e7db0f6937923d2b57f97dbdbc337.zip | |
Adding upstream version 8.4.4.upstream/8.4.4upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tests/topotests/bgp_roles_filtering')
20 files changed, 332 insertions, 0 deletions
diff --git a/tests/topotests/bgp_roles_filtering/__init__.py b/tests/topotests/bgp_roles_filtering/__init__.py new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/topotests/bgp_roles_filtering/__init__.py diff --git a/tests/topotests/bgp_roles_filtering/r1/bgpd.conf b/tests/topotests/bgp_roles_filtering/r1/bgpd.conf new file mode 100644 index 0000000..99f6211 --- /dev/null +++ b/tests/topotests/bgp_roles_filtering/r1/bgpd.conf @@ -0,0 +1,12 @@ +! Provider on this side +router bgp 64501 + bgp router-id 192.168.1.1 + no bgp network import-check + network 192.0.2.1/32 + neighbor 192.168.1.2 remote-as 64510 + neighbor 192.168.1.2 local-role provider + neighbor 192.168.1.2 route-map ALLOW_ALL out + neighbor 192.168.1.2 route-map ALLOW_ALL in + neighbor 192.168.1.2 timers 3 10 + +route-map ALLOW_ALL permit 999 diff --git a/tests/topotests/bgp_roles_filtering/r1/zebra.conf b/tests/topotests/bgp_roles_filtering/r1/zebra.conf new file mode 100644 index 0000000..acf120b --- /dev/null +++ b/tests/topotests/bgp_roles_filtering/r1/zebra.conf @@ -0,0 +1,6 @@ +! +interface r1-eth0 + ip address 192.168.1.1/24 +! +ip forwarding +! diff --git a/tests/topotests/bgp_roles_filtering/r10/bgpd.conf b/tests/topotests/bgp_roles_filtering/r10/bgpd.conf new file mode 100644 index 0000000..f60bc6e --- /dev/null +++ b/tests/topotests/bgp_roles_filtering/r10/bgpd.conf @@ -0,0 +1,21 @@ +! Customer on other side +router bgp 64510 + bgp router-id 192.168.10.1 + no bgp ebgp-requires-policy + neighbor 192.168.1.1 remote-as 64501 + neighbor 192.168.1.1 timers 3 10 + neighbor 192.168.2.1 remote-as 64502 + neighbor 192.168.2.1 timers 3 10 + neighbor 192.168.3.1 remote-as 64503 + neighbor 192.168.3.1 timers 3 10 + neighbor 192.168.4.1 remote-as 64504 + neighbor 192.168.4.1 timers 3 10 + neighbor 192.168.5.1 remote-as 64505 + neighbor 192.168.5.1 local-role provider + neighbor 192.168.5.1 timers 3 10 + neighbor 192.168.6.1 remote-as 64506 + neighbor 192.168.6.1 local-role peer + neighbor 192.168.6.1 timers 3 10 + neighbor 192.168.7.1 remote-as 64507 + neighbor 192.168.7.1 local-role customer + neighbor 192.168.7.1 timers 3 10 diff --git a/tests/topotests/bgp_roles_filtering/r10/zebra.conf b/tests/topotests/bgp_roles_filtering/r10/zebra.conf new file mode 100644 index 0000000..f2733fe --- /dev/null +++ b/tests/topotests/bgp_roles_filtering/r10/zebra.conf @@ -0,0 +1,24 @@ +! +interface r10-eth0 + ip address 192.168.1.2/24 +! +interface r10-eth1 + ip address 192.168.2.2/24 +! +interface r10-eth2 + ip address 192.168.3.2/24 +! +interface r10-eth3 + ip address 192.168.4.2/24 +! +interface r10-eth4 + ip address 192.168.5.2/24 +! +interface r10-eth5 + ip address 192.168.6.2/24 +! +interface r10-eth6 + ip address 192.168.7.2/24 +! +ip forwarding +! diff --git a/tests/topotests/bgp_roles_filtering/r2/bgpd.conf b/tests/topotests/bgp_roles_filtering/r2/bgpd.conf new file mode 100644 index 0000000..b6db8c1 --- /dev/null +++ b/tests/topotests/bgp_roles_filtering/r2/bgpd.conf @@ -0,0 +1,12 @@ +! With peer on this side +router bgp 64502 + bgp router-id 192.168.2.1 + no bgp network import-check + network 192.0.2.2/32 + neighbor 192.168.2.2 remote-as 64510 + neighbor 192.168.2.2 local-role peer + neighbor 192.168.2.2 route-map ALLOW_ALL out + neighbor 192.168.2.2 route-map ALLOW_ALL in + neighbor 192.168.2.2 timers 3 10 + +route-map ALLOW_ALL permit 999 diff --git a/tests/topotests/bgp_roles_filtering/r2/zebra.conf b/tests/topotests/bgp_roles_filtering/r2/zebra.conf new file mode 100644 index 0000000..f785ea1 --- /dev/null +++ b/tests/topotests/bgp_roles_filtering/r2/zebra.conf @@ -0,0 +1,6 @@ +! +interface r2-eth0 + ip address 192.168.2.1/24 +! +ip forwarding +! diff --git a/tests/topotests/bgp_roles_filtering/r3/bgpd.conf b/tests/topotests/bgp_roles_filtering/r3/bgpd.conf new file mode 100644 index 0000000..70f10b1 --- /dev/null +++ b/tests/topotests/bgp_roles_filtering/r3/bgpd.conf @@ -0,0 +1,12 @@ +! Customer role on this side +router bgp 64503 + bgp router-id 192.168.3.1 + no bgp network import-check + network 192.0.2.3/32 + neighbor 192.168.3.2 remote-as 64510 + neighbor 192.168.3.2 local-role customer + neighbor 192.168.3.2 route-map ALLOW_ALL out + neighbor 192.168.3.2 route-map ALLOW_ALL in + neighbor 192.168.3.2 timers 3 10 + +route-map ALLOW_ALL permit 999 diff --git a/tests/topotests/bgp_roles_filtering/r3/zebra.conf b/tests/topotests/bgp_roles_filtering/r3/zebra.conf new file mode 100644 index 0000000..b347257 --- /dev/null +++ b/tests/topotests/bgp_roles_filtering/r3/zebra.conf @@ -0,0 +1,6 @@ +! +interface r3-eth0 + ip address 192.168.3.1/24 +! +ip forwarding +! diff --git a/tests/topotests/bgp_roles_filtering/r4/bgpd.conf b/tests/topotests/bgp_roles_filtering/r4/bgpd.conf new file mode 100644 index 0000000..11e324e --- /dev/null +++ b/tests/topotests/bgp_roles_filtering/r4/bgpd.conf @@ -0,0 +1,11 @@ +! Without role on this side +router bgp 64504 + bgp router-id 192.168.4.1 + no bgp network import-check + network 192.0.2.4/32 + neighbor 192.168.4.2 remote-as 64510 + neighbor 192.168.4.2 route-map ALLOW_ALL out + neighbor 192.168.4.2 route-map ALLOW_ALL in + neighbor 192.168.4.2 timers 3 10 + +route-map ALLOW_ALL permit 999 diff --git a/tests/topotests/bgp_roles_filtering/r4/zebra.conf b/tests/topotests/bgp_roles_filtering/r4/zebra.conf new file mode 100644 index 0000000..3543c08 --- /dev/null +++ b/tests/topotests/bgp_roles_filtering/r4/zebra.conf @@ -0,0 +1,6 @@ +! +interface r4-eth0 + ip address 192.168.4.1/24 +! +ip forwarding +! diff --git a/tests/topotests/bgp_roles_filtering/r5/bgpd.conf b/tests/topotests/bgp_roles_filtering/r5/bgpd.conf new file mode 100644 index 0000000..39d2a8d --- /dev/null +++ b/tests/topotests/bgp_roles_filtering/r5/bgpd.conf @@ -0,0 +1,11 @@ +! Provider on other side +router bgp 64505 + bgp router-id 192.168.5.1 + no bgp network import-check + network 192.0.2.5/32 + neighbor 192.168.5.2 remote-as 64510 + neighbor 192.168.5.2 route-map ALLOW_ALL out + neighbor 192.168.5.2 route-map ALLOW_ALL in + neighbor 192.168.5.2 timers 3 10 + +route-map ALLOW_ALL permit 999 diff --git a/tests/topotests/bgp_roles_filtering/r5/zebra.conf b/tests/topotests/bgp_roles_filtering/r5/zebra.conf new file mode 100644 index 0000000..4a1c273 --- /dev/null +++ b/tests/topotests/bgp_roles_filtering/r5/zebra.conf @@ -0,0 +1,6 @@ +! +interface r5-eth0 + ip address 192.168.5.1/24 +! +ip forwarding +! diff --git a/tests/topotests/bgp_roles_filtering/r6/bgpd.conf b/tests/topotests/bgp_roles_filtering/r6/bgpd.conf new file mode 100644 index 0000000..25e5cd8 --- /dev/null +++ b/tests/topotests/bgp_roles_filtering/r6/bgpd.conf @@ -0,0 +1,11 @@ +! Peer on other side +router bgp 64506 + bgp router-id 192.168.6.1 + no bgp network import-check + network 192.0.2.6/32 + neighbor 192.168.6.2 remote-as 64510 + neighbor 192.168.6.2 route-map ALLOW_ALL out + neighbor 192.168.6.2 route-map ALLOW_ALL in + neighbor 192.168.6.2 timers 3 10 + +route-map ALLOW_ALL permit 999 diff --git a/tests/topotests/bgp_roles_filtering/r6/zebra.conf b/tests/topotests/bgp_roles_filtering/r6/zebra.conf new file mode 100644 index 0000000..3644a69 --- /dev/null +++ b/tests/topotests/bgp_roles_filtering/r6/zebra.conf @@ -0,0 +1,6 @@ +! +interface r6-eth0 + ip address 192.168.6.1/24 +! +ip forwarding +! diff --git a/tests/topotests/bgp_roles_filtering/r7/bgpd.conf b/tests/topotests/bgp_roles_filtering/r7/bgpd.conf new file mode 100644 index 0000000..5f5f257 --- /dev/null +++ b/tests/topotests/bgp_roles_filtering/r7/bgpd.conf @@ -0,0 +1,11 @@ +! Customer on other side +router bgp 64507 + bgp router-id 192.168.7.1 + no bgp network import-check + network 192.0.2.7/32 + neighbor 192.168.7.2 remote-as 64510 + neighbor 192.168.7.2 route-map ALLOW_ALL out + neighbor 192.168.7.2 route-map ALLOW_ALL in + neighbor 192.168.7.2 timers 3 10 + +route-map ALLOW_ALL permit 999 diff --git a/tests/topotests/bgp_roles_filtering/r7/zebra.conf b/tests/topotests/bgp_roles_filtering/r7/zebra.conf new file mode 100644 index 0000000..0407a48 --- /dev/null +++ b/tests/topotests/bgp_roles_filtering/r7/zebra.conf @@ -0,0 +1,6 @@ +! +interface r7-eth0 + ip address 192.168.7.1/24 +! +ip forwarding +! diff --git a/tests/topotests/bgp_roles_filtering/roles_filtering_stand.dot b/tests/topotests/bgp_roles_filtering/roles_filtering_stand.dot new file mode 100644 index 0000000..df0f685 --- /dev/null +++ b/tests/topotests/bgp_roles_filtering/roles_filtering_stand.dot @@ -0,0 +1,21 @@ +graph roles_filtering_stand { + layout="circo" + label="roles filtering stand" + fontsize="20" + + r1 [label="r1 192.0.2.1/32"]; + r2 [label="r2 192.0.2.2/32"]; + r3 [label="r3 192.0.2.3/32"]; + r4 [label="r4 192.0.2.4/32"]; + r5 [label="r5 192.0.2.5/32"]; + r6 [label="r6 192.0.2.6/32"]; + r7 [label="r7 192.0.2.7/32"]; + r10 [label="r10 intermediate"]; + r10 -- r1 [headlabel="provider", taillabel="?"]; + r10 -- r2 [headlabel="peer", taillabel="?"]; + r10 -- r3 [headlabel="customer", taillabel="?"]; + r10 -- r4 [headlabel="?", taillabel="?"]; + r10 -- r5 [headlabel="?", taillabel="provider"]; + r10 -- r6 [headlabel="?", taillabel="peer"]; + r10 -- r7 [headlabel="?", taillabel="customer"]; +} diff --git a/tests/topotests/bgp_roles_filtering/roles_filtering_stand.jpg b/tests/topotests/bgp_roles_filtering/roles_filtering_stand.jpg Binary files differnew file mode 100644 index 0000000..dfedcf8 --- /dev/null +++ b/tests/topotests/bgp_roles_filtering/roles_filtering_stand.jpg diff --git a/tests/topotests/bgp_roles_filtering/test_bgp_roles_filtering.py b/tests/topotests/bgp_roles_filtering/test_bgp_roles_filtering.py new file mode 100644 index 0000000..c5827d7 --- /dev/null +++ b/tests/topotests/bgp_roles_filtering/test_bgp_roles_filtering.py @@ -0,0 +1,144 @@ +#!/usr/bin/python +# +# test_bgp_roles_filtering.py +# Part of NetDEF Topology Tests +# +# Copyright (c) 2022 by Eugene Bogomazov <eb@qrator.net> +# Copyright (c) 2017 by +# Network Device Education Foundation, Inc. ("NetDEF") +# +# Permission to use, copy, modify, and/or distribute this software +# for any purpose with or without fee is hereby granted, provided +# that the above copyright notice and this permission notice appear +# in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND NETDEF DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL VMWARE BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY +# DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, +# WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS +# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE +# OF THIS SOFTWARE. +# + +""" +test_bgp_roles_filtering: test leaks prevention and mitigation with roles +""" + +import json +import os +import sys +import functools +import pytest + +CWD = os.path.dirname(os.path.realpath(__file__)) +sys.path.append(os.path.join(CWD, "../")) + +# pylint: disable=C0413 +from lib import topotest +from lib.bgp import verify_bgp_convergence_from_running_config +from lib.topogen import Topogen, TopoRouter, get_topogen +from lib.topolog import logger + +pytestmark = [pytest.mark.bgpd] + + +topodef = {f"s{i}": (f"r{i}", "r10") for i in range(1, 8)} + + +@pytest.fixture(scope="module") +def tgen(request): + tgen = Topogen(topodef, request.module.__name__) + tgen.start_topology() + router_list = tgen.routers() + for rname, router in router_list.items(): + router.load_config(TopoRouter.RD_ZEBRA, "zebra.conf") + router.load_config(TopoRouter.RD_BGP, "bgpd.conf") + tgen.start_router() + yield tgen + tgen.stop_topology() + + +@pytest.fixture(autouse=True) +def skip_on_failure(tgen): + if tgen.routers_have_failure(): + pytest.skip("skipped because of previous test failure") + + +def test_r10_routes(tgen): + # provider-undefine pair bur strict-mode was set + def _routes_half_converged(): + routes = json.loads(tgen.gears["r10"].vtysh_cmd("show bgp ipv4 json"))["routes"] + output = sorted(routes.keys()) + expected = [ + "192.0.2.1/32", + "192.0.2.2/32", + "192.0.2.3/32", + "192.0.2.4/32", + "192.0.2.5/32", + "192.0.2.6/32", + "192.0.2.7/32", + ] + return output == expected + + success, result = topotest.run_and_expect( + _routes_half_converged, True, count=20, wait=3 + ) + assert success, "Routes did not converged" + + routes_with_otc = list() + for number in range(1, 8): + prefix = f"192.0.2.{number}/32" + route_details = json.loads( + tgen.gears["r10"].vtysh_cmd(f"show bgp ipv4 {prefix} json") + ) + if route_details["paths"][0].get("otc") is not None: + routes_with_otc.append(prefix) + assert routes_with_otc == [ + "192.0.2.1/32", + "192.0.2.2/32", + "192.0.2.6/32", + "192.0.2.7/32", + ] + + +def test_r1_routes(tgen): + routes = json.loads(tgen.gears["r1"].vtysh_cmd("show bgp ipv4 json"))["routes"] + routes_list = sorted(routes.keys()) + assert routes_list == [ + "192.0.2.1/32", # own + "192.0.2.3/32", + "192.0.2.4/32", + "192.0.2.5/32", + ] + + +def test_r6_routes(tgen): + routes = json.loads(tgen.gears["r6"].vtysh_cmd("show bgp ipv4 json"))["routes"] + routes_list = sorted(routes.keys()) + assert routes_list == [ + "192.0.2.3/32", + "192.0.2.4/32", + "192.0.2.5/32", + "192.0.2.6/32", # own + ] + + +def test_r4_routes(tgen): + routes = json.loads(tgen.gears["r4"].vtysh_cmd("show bgp ipv4 json"))["routes"] + routes_list = sorted(routes.keys()) + assert routes_list == [ + "192.0.2.1/32", + "192.0.2.2/32", + "192.0.2.3/32", + "192.0.2.4/32", + "192.0.2.5/32", + "192.0.2.6/32", + "192.0.2.7/32", + ] + + +if __name__ == "__main__": + args = ["-s"] + sys.argv[1:] + sys.exit(pytest.main(args)) |
