8.2.4. iACL Security

8.2.4.1. eth2p-eth-l2xcbase-iaclbase-func

Ingress ACL test cases

  • [Top] Network Topologies: TG - DUT1 - DUT2 - TG with one link between the nodes.
  • [Cfg] DUT configuration: DUT2 is configured with L2 Cross connect. DUT1 is configured with iACL classification on link to TG,
  • [Ver] TG verification: Test ICMPv4 Echo Request packets are sent in one direction by TG on link to DUT1 and received on TG link to DUT2. On receive TG verifies if packets are dropped.
Name VPP API Test (VAT) Commands History - Commands Used Per Test Case
TC01: DUT with iACL MAC src-addr drops matching pkts 
 DUT1: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3 
 classify_add_del_table mask l2 src 
 classify_add_del_session acl-hit-next deny table-index 0 skip_n 0 match_n 1 match l2 src fa:16:3e:a6:b9:66 
 input_acl_set_interface sw_if_index 1 l2-table 0 
  
 DUT2: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3
TC02: DUT with iACL MAC dst-addr drops matching pkts 
 DUT1: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3 
 classify_add_del_table mask l2 dst 
 classify_add_del_session acl-hit-next deny table-index 0 skip_n 0 match_n 1 match l2 dst fa:16:3e:a6:64:0f 
 input_acl_set_interface sw_if_index 1 l2-table 0 
  
 DUT2: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3
TC03: DUT with iACL MAC src-addr and dst-addr drops matching pkts 
 DUT1: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3 
 classify_add_del_table mask l2 src 
 classify_add_del_session acl-hit-next deny table-index 0 skip_n 0 match_n 1 match l2 src fa:16:3e:a6:b9:66 
 classify_add_del_table mask l2 dst 
 classify_add_del_session acl-hit-next deny table-index 1 skip_n 0 match_n 1 match l2 dst fa:16:3e:a6:b9:66 
 input_acl_set_interface sw_if_index 1 l2-table 0 
 input_acl_set_interface sw_if_index 1 l2-table 1 
  
 DUT2: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3
TC04: DUT with iACL EtherType drops matching pkts 
 DUT1: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3 
 classify_add_del_table mask hex 000000000000000000000000ffff 
 classify_add_del_session acl-hit-next deny table-index 0 skip_n 0 match_n 1 match hex 0000000000000000000000000800 
 input_acl_set_interface sw_if_index 1 l2-table 0 
  
 DUT2: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3

8.2.4.2. eth2p-ethip4-ip4base-iaclbase-func

IPv4 routing with ingress ACL test cases Encapsulations: Eth-IPv4 on links TG-DUT1, TG-DUT2, DUT1-DUT2. IPv4 ingress ACL (iACL) tests use 3-node topology TG - DUT1 - DUT2 - TG with one link between the nodes. DUT1 and DUT2 are configured with IPv4 routing and static routes. DUT1 is configured with iACL on link to TG, iACL classification and permit/deny action are configured on a per test case basis. Test ICMPv4 Echo Request packets are sent in one direction by TG on link to DUT1 and received on TG link to DUT2. On receive TG verifies if packets are dropped, or if received verifies packet IPv4 src-addr, dst-addr and MAC addresses.

Name VPP API Test (VAT) Commands History - Commands Used Per Test Case
TC01: DUT with iACL IPv4 src-addr drops matching pkts 
 DUT1: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_add_del_address sw_if_index 1 192.168.1.1/24 
 sw_interface_add_del_address sw_if_index 3 192.168.2.1/24 
 ip_neighbor_add_del sw_if_index 3 dst 192.168.2.2 mac fa:16:3e:a6:64:0f 
 ip_add_del_route 32.0.0.1/24 via 192.168.2.2  sw_if_index 3 resolve-attempts 10 count 1    
 classify_add_del_table mask l3 ip4 src 
 classify_add_del_session acl-hit-next deny table-index 0 skip_n 1 match_n 1 match l3 ip4 src 16.0.0.1 
 input_acl_set_interface sw_if_index 1 ip4-table 0 
  
 DUT2: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3
TC02: DUT with iACL IPv4 dst-addr drops matching pkts 
 DUT1: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_add_del_address sw_if_index 1 192.168.1.1/24 
 sw_interface_add_del_address sw_if_index 3 192.168.2.1/24 
 ip_neighbor_add_del sw_if_index 3 dst 192.168.2.2 mac fa:16:3e:a6:64:0f 
 ip_add_del_route 32.0.0.1/24 via 192.168.2.2  sw_if_index 3 resolve-attempts 10 count 1    
 ip_add_del_route 33.0.0.1/24 via 192.168.2.2  sw_if_index 3 resolve-attempts 10 count 1    
 classify_add_del_table mask l3 ip4 dst 
 classify_add_del_session acl-hit-next deny table-index 0 skip_n 1 match_n 2 match l3 ip4 dst 32.0.0.1 
 input_acl_set_interface sw_if_index 1 ip4-table 0 
  
 DUT2: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3
TC03: DUT with iACL IPv4 src-addr and dst-addr drops matching pkts 
 DUT1: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_add_del_address sw_if_index 1 192.168.1.1/24 
 sw_interface_add_del_address sw_if_index 3 192.168.2.1/24 
 ip_neighbor_add_del sw_if_index 3 dst 192.168.2.2 mac fa:16:3e:a6:64:0f 
 ip_add_del_route 32.0.0.1/24 via 192.168.2.2  sw_if_index 3 resolve-attempts 10 count 1    
 ip_add_del_route 33.0.0.1/24 via 192.168.2.2  sw_if_index 3 resolve-attempts 10 count 1    
 classify_add_del_table mask l3 ip4 src 
 classify_add_del_table mask l3 ip4 dst 
 classify_add_del_session acl-hit-next deny table-index 0 skip_n 1 match_n 2 match l3 ip4 src 16.0.0.1 
 classify_add_del_session acl-hit-next deny table-index 1 skip_n 1 match_n 2 match l3 ip4 dst 32.0.0.1 
 input_acl_set_interface sw_if_index 1 ip4-table 0 
 input_acl_set_interface sw_if_index 1 ip4-table 1 
  
 DUT2: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3
TC04: DUT with iACL IPv4 protocol set to TCP drops matching pkts 
 DUT1: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_add_del_address sw_if_index 1 192.168.1.1/24 
 sw_interface_add_del_address sw_if_index 3 192.168.2.1/24 
 ip_neighbor_add_del sw_if_index 3 dst 192.168.2.2 mac fa:16:3e:a6:64:0f 
 ip_add_del_route 32.0.0.1/24 via 192.168.2.2  sw_if_index 3 resolve-attempts 10 count 1    
 classify_add_del_table mask hex 0000000000000000000000000000000000000000000000FF 
 classify_add_del_session acl-hit-next deny table-index 0 skip_n 1 match_n 1 match hex 000000000000000000000000000000000000000000000006 
 input_acl_set_interface sw_if_index 1 ip4-table 0 
  
 DUT2: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3
TC05: DUT with iACL IPv4 protocol set to UDP drops matching pkts 
 DUT1: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_add_del_address sw_if_index 1 192.168.1.1/24 
 sw_interface_add_del_address sw_if_index 3 192.168.2.1/24 
 ip_neighbor_add_del sw_if_index 3 dst 192.168.2.2 mac fa:16:3e:a6:64:0f 
 ip_add_del_route 32.0.0.1/24 via 192.168.2.2  sw_if_index 3 resolve-attempts 10 count 1    
 classify_add_del_table mask hex 0000000000000000000000000000000000000000000000FF 
 classify_add_del_session acl-hit-next deny table-index 0 skip_n 1 match_n 1 match hex 000000000000000000000000000000000000000000000011 
 input_acl_set_interface sw_if_index 1 ip4-table 0 
  
 DUT2: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3
TC06: DUT with iACL IPv4 TCP src-ports drops matching pkts 
 DUT1: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_add_del_address sw_if_index 1 192.168.1.1/24 
 sw_interface_add_del_address sw_if_index 3 192.168.2.1/24 
 ip_neighbor_add_del sw_if_index 3 dst 192.168.2.2 mac fa:16:3e:a6:64:0f 
 ip_add_del_route 32.0.0.1/24 via 192.168.2.2  sw_if_index 3 resolve-attempts 10 count 1    
 classify_add_del_table mask hex 00000000000000000000000000000000000000000000000000000000000000000000FFFF0000 
 classify_add_del_session acl-hit-next deny table-index 0 skip_n 2 match_n 1 match hex 0000000000000000000000000000000000000000000000000000000000000000000000500000 
 input_acl_set_interface sw_if_index 1 ip4-table 0 
  
 DUT2: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3
TC07: DUT with iACL IPv4 TCP dst-ports drops matching pkts 
 DUT1: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_add_del_address sw_if_index 1 192.168.1.1/24 
 sw_interface_add_del_address sw_if_index 3 192.168.2.1/24 
 ip_neighbor_add_del sw_if_index 3 dst 192.168.2.2 mac fa:16:3e:a6:64:0f 
 ip_add_del_route 32.0.0.1/24 via 192.168.2.2  sw_if_index 3 resolve-attempts 10 count 1    
 classify_add_del_table mask hex 000000000000000000000000000000000000000000000000000000000000000000000000FFFF 
 classify_add_del_session acl-hit-next deny table-index 0 skip_n 2 match_n 1 match hex 0000000000000000000000000000000000000000000000000000000000000000000000000050 
 input_acl_set_interface sw_if_index 1 ip4-table 0 
  
 DUT2: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3
TC08: DUT with iACL IPv4 TCP src-ports and dst-ports drops matching pkts 
 DUT1: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_add_del_address sw_if_index 1 192.168.1.1/24 
 sw_interface_add_del_address sw_if_index 3 192.168.2.1/24 
 ip_neighbor_add_del sw_if_index 3 dst 192.168.2.2 mac fa:16:3e:a6:64:0f 
 ip_add_del_route 32.0.0.1/24 via 192.168.2.2  sw_if_index 3 resolve-attempts 10 count 1    
 classify_add_del_table mask hex 00000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF 
 classify_add_del_session acl-hit-next deny table-index 0 skip_n 2 match_n 1 match hex 0000000000000000000000000000000000000000000000000000000000000000000000500014 
 input_acl_set_interface sw_if_index 1 ip4-table 0 
  
 DUT2: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3
TC09: DUT with iACL IPv4 UDP src-ports drops matching pkts 
 DUT1: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_add_del_address sw_if_index 1 192.168.1.1/24 
 sw_interface_add_del_address sw_if_index 3 192.168.2.1/24 
 ip_neighbor_add_del sw_if_index 3 dst 192.168.2.2 mac fa:16:3e:a6:64:0f 
 ip_add_del_route 32.0.0.1/24 via 192.168.2.2  sw_if_index 3 resolve-attempts 10 count 1    
 classify_add_del_table mask hex 00000000000000000000000000000000000000000000000000000000000000000000FFFF0000 
 classify_add_del_session acl-hit-next deny table-index 0 skip_n 2 match_n 1 match hex 0000000000000000000000000000000000000000000000000000000000000000000000500000 
 input_acl_set_interface sw_if_index 1 ip4-table 0 
  
 DUT2: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3
TC10: DUT with iACL IPv4 UDP dst-ports drops matching pkts 
 DUT1: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_add_del_address sw_if_index 1 192.168.1.1/24 
 sw_interface_add_del_address sw_if_index 3 192.168.2.1/24 
 ip_neighbor_add_del sw_if_index 3 dst 192.168.2.2 mac fa:16:3e:a6:64:0f 
 ip_add_del_route 32.0.0.1/24 via 192.168.2.2  sw_if_index 3 resolve-attempts 10 count 1    
 classify_add_del_table mask hex 000000000000000000000000000000000000000000000000000000000000000000000000FFFF 
 classify_add_del_session acl-hit-next deny table-index 0 skip_n 2 match_n 1 match hex 0000000000000000000000000000000000000000000000000000000000000000000000000050 
 input_acl_set_interface sw_if_index 1 ip4-table 0 
  
 DUT2: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3
TC11: DUT with iACL IPv4 UDP src-ports and dst-ports drops matching pkts 
 DUT1: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_add_del_address sw_if_index 1 192.168.1.1/24 
 sw_interface_add_del_address sw_if_index 3 192.168.2.1/24 
 ip_neighbor_add_del sw_if_index 3 dst 192.168.2.2 mac fa:16:3e:a6:64:0f 
 ip_add_del_route 32.0.0.1/24 via 192.168.2.2  sw_if_index 3 resolve-attempts 10 count 1    
 classify_add_del_table mask hex 00000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF 
 classify_add_del_session acl-hit-next deny table-index 0 skip_n 2 match_n 1 match hex 0000000000000000000000000000000000000000000000000000000000000000000000500014 
 input_acl_set_interface sw_if_index 1 ip4-table 0 
  
 DUT2: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3

8.2.4.3. eth2p-ethip6-ip6base-iaclbase-func

IPv6 routing with ingress ACL test cases Encapsulations: Eth-IPv6 on links TG-DUT1, TG-DUT2, DUT1-DUT2. IPv6 ingress ACL (iACL) tests use 3-node topology TG - DUT1 - DUT2 - TG with one link between the nodes. DUT1 and DUT2 are configured with IPv6 routing and static routes. DUT1 is configured with iACL on link to TG, iACL classification and permit/deny action are configured on a per test case basis. Test ICMPv6 Echo Request packets are sent in one direction by TG on link to DUT1 and received on TG link to DUT2. On receive TG verifies if packets are dropped, or if received verifies packet IPv6 src-addr, dst-addr and MAC addresses.

Name VPP API Test (VAT) Commands History - Commands Used Per Test Case
TC01: DUT with iACL IPv6 src-addr drops matching pkts 
 DUT1: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_add_del_address sw_if_index 1 3ffe:62::1/64 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_add_del_address sw_if_index 3 3ffe:63::1/64 
 sw_interface_set_flags sw_if_index 3 admin-up 
 ip_neighbor_add_del sw_if_index 3 dst 3ffe:63::2 mac fa:16:3e:a6:64:0f 
 ip_add_del_route 3ffe:64::1/64 via 3ffe:63::2  sw_if_index 3 resolve-attempts 10 count 1    
 sw_interface_ip6nd_ra_config sw_if_index 4 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 2 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 3 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 1 surpress 
 classify_add_del_table mask l3 ip6 src 
 classify_add_del_session acl-hit-next deny table-index 0 skip_n 1 match_n 2 match l3 ip6 src 3ffe:61::1 
 input_acl_set_interface sw_if_index 1 ip6-table 0 
  
 DUT2: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3 
 sw_interface_ip6nd_ra_config sw_if_index 4 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 2 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 3 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC02: DUT with iACL IPv6 dst-addr drops matching pkts 
 DUT1: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_add_del_address sw_if_index 1 3ffe:62::1/64 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_add_del_address sw_if_index 3 3ffe:63::1/64 
 sw_interface_set_flags sw_if_index 3 admin-up 
 ip_neighbor_add_del sw_if_index 3 dst 3ffe:63::2 mac fa:16:3e:a6:64:0f 
 ip_add_del_route 3ffe:64::1/64 via 3ffe:63::2  sw_if_index 3 resolve-attempts 10 count 1    
 ip_add_del_route 3ffe:54::1/64 via 3ffe:63::2  sw_if_index 3 resolve-attempts 10 count 1    
 sw_interface_ip6nd_ra_config sw_if_index 4 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 2 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 3 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 1 surpress 
 classify_add_del_table mask l3 ip6 dst 
 classify_add_del_session acl-hit-next deny table-index 0 skip_n 2 match_n 2 match l3 ip6 dst 3ffe:64::1 
 input_acl_set_interface sw_if_index 1 ip6-table 0 
  
 DUT2: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3 
 sw_interface_ip6nd_ra_config sw_if_index 4 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 2 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 3 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC03: DUT with iACL IPv6 src-addr and dst-addr drops matching pkts 
 DUT1: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_add_del_address sw_if_index 1 3ffe:62::1/64 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_add_del_address sw_if_index 3 3ffe:63::1/64 
 sw_interface_set_flags sw_if_index 3 admin-up 
 ip_neighbor_add_del sw_if_index 3 dst 3ffe:63::2 mac fa:16:3e:a6:64:0f 
 ip_add_del_route 3ffe:64::1/64 via 3ffe:63::2  sw_if_index 3 resolve-attempts 10 count 1    
 ip_add_del_route 3ffe:54::1/64 via 3ffe:63::2  sw_if_index 3 resolve-attempts 10 count 1    
 sw_interface_ip6nd_ra_config sw_if_index 4 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 2 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 3 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 1 surpress 
 classify_add_del_table mask l3 ip6 src 
 classify_add_del_table mask l3 ip6 dst 
 classify_add_del_session acl-hit-next deny table-index 0 skip_n 1 match_n 2 match l3 ip6 src 3ffe:61::1 
 classify_add_del_session acl-hit-next deny table-index 1 skip_n 2 match_n 2 match l3 ip6 dst 3ffe:64::1 
 input_acl_set_interface sw_if_index 1 ip6-table 0 
 input_acl_set_interface sw_if_index 1 ip6-table 1 
  
 DUT2: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3 
 sw_interface_ip6nd_ra_config sw_if_index 4 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 2 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 3 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC04: DUT with iACL IPv6 protocol set to TCP drops matching pkts 
 DUT1: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_add_del_address sw_if_index 1 3ffe:62::1/64 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_add_del_address sw_if_index 3 3ffe:63::1/64 
 sw_interface_set_flags sw_if_index 3 admin-up 
 ip_neighbor_add_del sw_if_index 3 dst 3ffe:63::2 mac fa:16:3e:a6:64:0f 
 ip_add_del_route 3ffe:64::1/64 via 3ffe:63::2  sw_if_index 3 resolve-attempts 10 count 1    
 sw_interface_ip6nd_ra_config sw_if_index 4 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 2 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 3 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 1 surpress 
 classify_add_del_table mask hex 0000000000000000000000000000000000000000FF 
 classify_add_del_session acl-hit-next deny table-index 0 skip_n 1 match_n 1 match hex 000000000000000000000000000000000000000006 
 input_acl_set_interface sw_if_index 1 ip6-table 0 
  
 DUT2: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3 
 sw_interface_ip6nd_ra_config sw_if_index 4 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 2 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 3 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC05: DUT with iACL IPv6 protocol set to UDP drops matching pkts 
 DUT1: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_add_del_address sw_if_index 1 3ffe:62::1/64 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_add_del_address sw_if_index 3 3ffe:63::1/64 
 sw_interface_set_flags sw_if_index 3 admin-up 
 ip_neighbor_add_del sw_if_index 3 dst 3ffe:63::2 mac fa:16:3e:a6:64:0f 
 ip_add_del_route 3ffe:64::1/64 via 3ffe:63::2  sw_if_index 3 resolve-attempts 10 count 1    
 sw_interface_ip6nd_ra_config sw_if_index 4 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 2 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 3 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 1 surpress 
 classify_add_del_table mask hex 0000000000000000000000000000000000000000FF 
 classify_add_del_session acl-hit-next deny table-index 0 skip_n 1 match_n 1 match hex 000000000000000000000000000000000000000011 
 input_acl_set_interface sw_if_index 1 ip6-table 0 
  
 DUT2: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3 
 sw_interface_ip6nd_ra_config sw_if_index 4 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 2 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 3 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC06: DUT with iACL IPv6 TCP src-ports drops matching pkts 
 DUT1: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_add_del_address sw_if_index 1 3ffe:62::1/64 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_add_del_address sw_if_index 3 3ffe:63::1/64 
 sw_interface_set_flags sw_if_index 3 admin-up 
 ip_neighbor_add_del sw_if_index 3 dst 3ffe:63::2 mac fa:16:3e:a6:64:0f 
 ip_add_del_route 3ffe:64::1/64 via 3ffe:63::2  sw_if_index 3 resolve-attempts 10 count 1    
 sw_interface_ip6nd_ra_config sw_if_index 4 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 2 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 3 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 1 surpress 
 classify_add_del_table mask hex 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FFFF0000 
 classify_add_del_session acl-hit-next deny table-index 0 skip_n 3 match_n 1 match hex 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000 
 input_acl_set_interface sw_if_index 1 ip6-table 0 
  
 DUT2: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3 
 sw_interface_ip6nd_ra_config sw_if_index 4 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 2 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 3 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC07: DUT with iACL IPv6 TCP dst-ports drops matching pkts 
 DUT1: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_add_del_address sw_if_index 1 3ffe:62::1/64 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_add_del_address sw_if_index 3 3ffe:63::1/64 
 sw_interface_set_flags sw_if_index 3 admin-up 
 ip_neighbor_add_del sw_if_index 3 dst 3ffe:63::2 mac fa:16:3e:a6:64:0f 
 ip_add_del_route 3ffe:64::1/64 via 3ffe:63::2  sw_if_index 3 resolve-attempts 10 count 1    
 sw_interface_ip6nd_ra_config sw_if_index 4 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 2 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 3 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 1 surpress 
 classify_add_del_table mask hex 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FFFF 
 classify_add_del_session acl-hit-next deny table-index 0 skip_n 3 match_n 1 match hex 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050 
 input_acl_set_interface sw_if_index 1 ip6-table 0 
  
 DUT2: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3 
 sw_interface_ip6nd_ra_config sw_if_index 4 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 2 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 3 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC08: DUT with iACL IPv6 TCP src-ports and dst-ports drops matching pkts 
 DUT1: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_add_del_address sw_if_index 1 3ffe:62::1/64 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_add_del_address sw_if_index 3 3ffe:63::1/64 
 sw_interface_set_flags sw_if_index 3 admin-up 
 ip_neighbor_add_del sw_if_index 3 dst 3ffe:63::2 mac fa:16:3e:a6:64:0f 
 ip_add_del_route 3ffe:64::1/64 via 3ffe:63::2  sw_if_index 3 resolve-attempts 10 count 1    
 sw_interface_ip6nd_ra_config sw_if_index 4 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 2 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 3 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 1 surpress 
 classify_add_del_table mask hex 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF 
 classify_add_del_session acl-hit-next deny table-index 0 skip_n 3 match_n 1 match hex 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500014 
 input_acl_set_interface sw_if_index 1 ip6-table 0 
  
 DUT2: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3 
 sw_interface_ip6nd_ra_config sw_if_index 4 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 2 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 3 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC09: DUT with iACL IPv6 UDP src-ports drops matching pkts 
 DUT1: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_add_del_address sw_if_index 1 3ffe:62::1/64 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_add_del_address sw_if_index 3 3ffe:63::1/64 
 sw_interface_set_flags sw_if_index 3 admin-up 
 ip_neighbor_add_del sw_if_index 3 dst 3ffe:63::2 mac fa:16:3e:a6:64:0f 
 ip_add_del_route 3ffe:64::1/64 via 3ffe:63::2  sw_if_index 3 resolve-attempts 10 count 1    
 sw_interface_ip6nd_ra_config sw_if_index 4 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 2 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 3 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 1 surpress 
 classify_add_del_table mask hex 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FFFF0000 
 classify_add_del_session acl-hit-next deny table-index 0 skip_n 3 match_n 1 match hex 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000 
 input_acl_set_interface sw_if_index 1 ip6-table 0 
  
 DUT2: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3 
 sw_interface_ip6nd_ra_config sw_if_index 4 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 2 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 3 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC10: DUT with iACL IPv6 UDP dst-ports drops matching pkts 
 DUT1: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_add_del_address sw_if_index 1 3ffe:62::1/64 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_add_del_address sw_if_index 3 3ffe:63::1/64 
 sw_interface_set_flags sw_if_index 3 admin-up 
 ip_neighbor_add_del sw_if_index 3 dst 3ffe:63::2 mac fa:16:3e:a6:64:0f 
 ip_add_del_route 3ffe:64::1/64 via 3ffe:63::2  sw_if_index 3 resolve-attempts 10 count 1    
 sw_interface_ip6nd_ra_config sw_if_index 4 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 2 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 3 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 1 surpress 
 classify_add_del_table mask hex 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FFFF 
 classify_add_del_session acl-hit-next deny table-index 0 skip_n 3 match_n 1 match hex 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050 
 input_acl_set_interface sw_if_index 1 ip6-table 0 
  
 DUT2: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3 
 sw_interface_ip6nd_ra_config sw_if_index 4 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 2 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 3 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC11: DUT with iACL IPv6 UDP src-ports and dst-ports drops matching pkts 
 DUT1: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_add_del_address sw_if_index 1 3ffe:62::1/64 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_add_del_address sw_if_index 3 3ffe:63::1/64 
 sw_interface_set_flags sw_if_index 3 admin-up 
 ip_neighbor_add_del sw_if_index 3 dst 3ffe:63::2 mac fa:16:3e:a6:64:0f 
 ip_add_del_route 3ffe:64::1/64 via 3ffe:63::2  sw_if_index 3 resolve-attempts 10 count 1    
 sw_interface_ip6nd_ra_config sw_if_index 4 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 2 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 3 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 1 surpress 
 classify_add_del_table mask hex 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF 
 classify_add_del_session acl-hit-next deny table-index 0 skip_n 3 match_n 1 match hex 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500014 
 input_acl_set_interface sw_if_index 1 ip6-table 0 
  
 DUT2: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3 
 sw_interface_ip6nd_ra_config sw_if_index 4 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 2 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 3 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC12: DUT with iACL MAC src-addr and iACL IPv6 UDP src-ports and dst-ports drops matching pkts 
 DUT1: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3 
 sw_interface_ip6nd_ra_config sw_if_index 4 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 2 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 3 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 1 surpress 
 classify_add_del_table mask l2 src 
 classify_add_del_session acl-hit-next deny table-index 0 skip_n 0 match_n 1 match l2 src fa:16:3e:a6:b9:66 
 classify_add_del_table mask hex 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF 
 classify_add_del_session acl-hit-next deny table-index 1 skip_n 3 match_n 1 match hex 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500014 
 input_acl_set_interface sw_if_index 1 l2-table 1 
  
 DUT2: 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_dump 
 sw_interface_set_flags sw_if_index 3 admin-up 
 sw_interface_set_flags sw_if_index 1 admin-up 
 sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 
 sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3 
 sw_interface_ip6nd_ra_config sw_if_index 4 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 2 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 3 surpress 
 sw_interface_ip6nd_ra_config sw_if_index 1 surpress