8.2.5. IPSec - Tunnels and Transport

8.2.5.1. eth2p-ethip4ipsectnl-ip4base-func

IPv4 IPsec tunnel mode test suite.

  • [Top] Network topologies: TG-DUT1 2-node topology with one link between nodes.
  • [Cfg] DUT configuration: On DUT1 create loopback interface, configure loopback an physical interface IPv4 addresses, static ARP record, route and IPsec manual keyed connection in tunnel mode.
  • [Ver] TG verification: ESP packet is sent from TG to DUT1. ESP packet is received on TG from DUT1.
  • [Ref] Applicable standard specifications: RFC4303.
Name VPP API Test (VAT) Commands History - Commands Used Per Test Case
TC01: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 192.168.100.3/24
sw_interface_add_del_address sw_if_index 5 192.168.4.4/24
ip_neighbor_add_del sw_if_index 1 dst 192.168.100.2 mac fa:16:3e:6a:a9:9f
ip_add_del_route 192.168.3.3/24 via 192.168.100.2 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 6f344c347472584233386548574d4151 integ_alg sha1-96 integ_key 36436a36724f68696f6f67486a58463545616d63 tunnel_src 192.168.100.3 tunnel_dst 192.168.100.2
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 6f344c347472584233386548574d4151 integ_alg sha1-96 integ_key 36436a36724f68696f6f67486a58463545616d63 tunnel_src 192.168.100.2 tunnel_dst 192.168.100.3
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 192.168.4.4 laddr_stop 192.168.4.4 raddr_start 192.168.3.3 raddr_stop 192.168.3.3
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 192.168.4.4 laddr_stop 192.168.4.4 raddr_start 192.168.3.3 raddr_stop 192.168.3.3

DUT2:
no VAT command executed
TC05: VPP process ESP packet in Tunnel Mode with AES-CBC-192 encryption and SHA-256-128 integrity
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 192.168.100.3/24
sw_interface_add_del_address sw_if_index 5 192.168.4.4/24
ip_neighbor_add_del sw_if_index 1 dst 192.168.100.2 mac fa:16:3e:6a:a9:9f
ip_add_del_route 192.168.3.3/24 via 192.168.100.2 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-192 crypto_key 527264583366796f58337a514c68476b4e4d755877614c65 integ_alg sha-256-128 integ_key 496d35736465713331647232765a715147304c75365143483375533566493751 tunnel_src 192.168.100.3 tunnel_dst 192.168.100.2
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-192 crypto_key 527264583366796f58337a514c68476b4e4d755877614c65 integ_alg sha-256-128 integ_key 496d35736465713331647232765a715147304c75365143483375533566493751 tunnel_src 192.168.100.2 tunnel_dst 192.168.100.3
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 192.168.4.4 laddr_stop 192.168.4.4 raddr_start 192.168.3.3 raddr_stop 192.168.3.3
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 192.168.4.4 laddr_stop 192.168.4.4 raddr_start 192.168.3.3 raddr_stop 192.168.3.3

DUT2:
no VAT command executed
TC09: VPP process ESP packet in Tunnel Mode with AES-CBC-256 encryption and SHA-384-192 integrity
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 192.168.100.3/24
sw_interface_add_del_address sw_if_index 5 192.168.4.4/24
ip_neighbor_add_del sw_if_index 1 dst 192.168.100.2 mac fa:16:3e:6a:a9:9f
ip_add_del_route 192.168.3.3/24 via 192.168.100.2 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-256 crypto_key 653433496844764336544868514d48456a32396448535a6d4f756c5767794b53 integ_alg sha-384-192 integ_key 44727969315665374f4251666e35656a43796f55754839326464796a4b4d58536c5757337a4943666c62495931384c47 tunnel_src 192.168.100.3 tunnel_dst 192.168.100.2
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-256 crypto_key 653433496844764336544868514d48456a32396448535a6d4f756c5767794b53 integ_alg sha-384-192 integ_key 44727969315665374f4251666e35656a43796f55754839326464796a4b4d58536c5757337a4943666c62495931384c47 tunnel_src 192.168.100.2 tunnel_dst 192.168.100.3
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 192.168.4.4 laddr_stop 192.168.4.4 raddr_start 192.168.3.3 raddr_stop 192.168.3.3
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 192.168.4.4 laddr_stop 192.168.4.4 raddr_start 192.168.3.3 raddr_stop 192.168.3.3

DUT2:
no VAT command executed
TC12: VPP process ESP packet in Tunnel Mode with AES-CBC-256 encryption and SHA-512-256 integrity
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 192.168.100.3/24
sw_interface_add_del_address sw_if_index 5 192.168.4.4/24
ip_neighbor_add_del sw_if_index 1 dst 192.168.100.2 mac fa:16:3e:6a:a9:9f
ip_add_del_route 192.168.3.3/24 via 192.168.100.2 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-256 crypto_key 724c7578483934774458726247633967377877346a44706267696e444a47474a integ_alg sha-512-256 integ_key 573778545976664b64376d5157546b42424c626758757259594a387067536e6a5645384c5167396574356f34644d487a365a33736a6930744e594b5467454768 tunnel_src 192.168.100.3 tunnel_dst 192.168.100.2
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-256 crypto_key 724c7578483934774458726247633967377877346a44706267696e444a47474a integ_alg sha-512-256 integ_key 573778545976664b64376d5157546b42424c626758757259594a387067536e6a5645384c5167396574356f34644d487a365a33736a6930744e594b5467454768 tunnel_src 192.168.100.2 tunnel_dst 192.168.100.3
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 192.168.4.4 laddr_stop 192.168.4.4 raddr_start 192.168.3.3 raddr_stop 192.168.3.3
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 192.168.4.4 laddr_stop 192.168.4.4 raddr_start 192.168.3.3 raddr_stop 192.168.3.3

DUT2:
no VAT command executed
TC13: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity - different encryption alogrithms used
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 192.168.100.3/24
sw_interface_add_del_address sw_if_index 5 192.168.4.4/24
ip_neighbor_add_del sw_if_index 1 dst 192.168.100.2 mac fa:16:3e:6a:a9:9f
ip_add_del_route 192.168.3.3/24 via 192.168.100.2 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 43467457455336435548374e734e784f integ_alg sha1-96 integ_key 666843654e3953746636585a6d42746f3963314c tunnel_src 192.168.100.3 tunnel_dst 192.168.100.2
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 43467457455336435548374e734e784f integ_alg sha1-96 integ_key 666843654e3953746636585a6d42746f3963314c tunnel_src 192.168.100.2 tunnel_dst 192.168.100.3
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 192.168.4.4 laddr_stop 192.168.4.4 raddr_start 192.168.3.3 raddr_stop 192.168.3.3
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 192.168.4.4 laddr_stop 192.168.4.4 raddr_start 192.168.3.3 raddr_stop 192.168.3.3

DUT2:
no VAT command executed
TC14: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity - different integrity alogrithms used
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 192.168.100.3/24
sw_interface_add_del_address sw_if_index 5 192.168.4.4/24
ip_neighbor_add_del sw_if_index 1 dst 192.168.100.2 mac fa:16:3e:6a:a9:9f
ip_add_del_route 192.168.3.3/24 via 192.168.100.2 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 72484178617048584871575230353138 integ_alg sha1-96 integ_key 78786361743251715854524a5844453059416c48 tunnel_src 192.168.100.3 tunnel_dst 192.168.100.2
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 72484178617048584871575230353138 integ_alg sha1-96 integ_key 78786361743251715854524a5844453059416c48 tunnel_src 192.168.100.2 tunnel_dst 192.168.100.3
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 192.168.4.4 laddr_stop 192.168.4.4 raddr_start 192.168.3.3 raddr_stop 192.168.3.3
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 192.168.4.4 laddr_stop 192.168.4.4 raddr_start 192.168.3.3 raddr_stop 192.168.3.3

DUT2:
no VAT command executed
TC15: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity - different encryption and integrity alogrithms used
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 192.168.100.3/24
sw_interface_add_del_address sw_if_index 5 192.168.4.4/24
ip_neighbor_add_del sw_if_index 1 dst 192.168.100.2 mac fa:16:3e:6a:a9:9f
ip_add_del_route 192.168.3.3/24 via 192.168.100.2 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 64504e6c623150706978643557343663 integ_alg sha1-96 integ_key 7550666f343934437a343268536f506867365475 tunnel_src 192.168.100.3 tunnel_dst 192.168.100.2
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 64504e6c623150706978643557343663 integ_alg sha1-96 integ_key 7550666f343934437a343268536f506867365475 tunnel_src 192.168.100.2 tunnel_dst 192.168.100.3
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 192.168.4.4 laddr_stop 192.168.4.4 raddr_start 192.168.3.3 raddr_stop 192.168.3.3
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 192.168.4.4 laddr_stop 192.168.4.4 raddr_start 192.168.3.3 raddr_stop 192.168.3.3

DUT2:
no VAT command executed
TC16: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 192.168.100.3/24
sw_interface_add_del_address sw_if_index 5 192.168.4.4/24
ip_neighbor_add_del sw_if_index 1 dst 192.168.100.2 mac fa:16:3e:6a:a9:9f
ip_add_del_route 192.168.3.3/24 via 192.168.100.2 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 434b7930684f59774170444974597361 integ_alg sha1-96 integ_key 346762596161354a5267666a5a315333426c7254 tunnel_src 192.168.100.3 tunnel_dst 192.168.100.2
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 434b7930684f59774170444974597361 integ_alg sha1-96 integ_key 346762596161354a5267666a5a315333426c7254 tunnel_src 192.168.100.2 tunnel_dst 192.168.100.3
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 192.168.4.4 laddr_stop 192.168.4.4 raddr_start 192.168.3.3 raddr_stop 192.168.3.3
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 192.168.4.4 laddr_stop 192.168.4.4 raddr_start 192.168.3.3 raddr_stop 192.168.3.3
ipsec_sa_set_key sa_id 10 crypto_key 4562724573786439306448797a567a32 integ_key 5a334b52493734766e376744594163464d575136
ipsec_sa_set_key sa_id 20 crypto_key 4562724573786439306448797a567a32 integ_key 5a334b52493734766e376744594163464d575136

DUT2:
no VAT command executed
TC17: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys - different encryption alogrithms used
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 192.168.100.3/24
sw_interface_add_del_address sw_if_index 5 192.168.4.4/24
ip_neighbor_add_del sw_if_index 1 dst 192.168.100.2 mac fa:16:3e:6a:a9:9f
ip_add_del_route 192.168.3.3/24 via 192.168.100.2 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 6e765849786c6637766e6633614e324c integ_alg sha1-96 integ_key 44774c6a54346b5135704e6e7270774b69524c32 tunnel_src 192.168.100.3 tunnel_dst 192.168.100.2
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 6e765849786c6637766e6633614e324c integ_alg sha1-96 integ_key 44774c6a54346b5135704e6e7270774b69524c32 tunnel_src 192.168.100.2 tunnel_dst 192.168.100.3
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 192.168.4.4 laddr_stop 192.168.4.4 raddr_start 192.168.3.3 raddr_stop 192.168.3.3
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 192.168.4.4 laddr_stop 192.168.4.4 raddr_start 192.168.3.3 raddr_stop 192.168.3.3
ipsec_sa_set_key sa_id 10 crypto_key 366554516c39666f774656314e6e7155 integ_key 4d46343758796554374762463356384556415731
ipsec_sa_set_key sa_id 20 crypto_key 366554516c39666f774656314e6e7155 integ_key 4d46343758796554374762463356384556415731

DUT2:
no VAT command executed
TC18: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys - different integrity alogrithms used
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 192.168.100.3/24
sw_interface_add_del_address sw_if_index 5 192.168.4.4/24
ip_neighbor_add_del sw_if_index 1 dst 192.168.100.2 mac fa:16:3e:6a:a9:9f
ip_add_del_route 192.168.3.3/24 via 192.168.100.2 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 54554a3561627653484634397048596b integ_alg sha1-96 integ_key 4b6c4469665a6d394b43327a576e57303774385a tunnel_src 192.168.100.3 tunnel_dst 192.168.100.2
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 54554a3561627653484634397048596b integ_alg sha1-96 integ_key 4b6c4469665a6d394b43327a576e57303774385a tunnel_src 192.168.100.2 tunnel_dst 192.168.100.3
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 192.168.4.4 laddr_stop 192.168.4.4 raddr_start 192.168.3.3 raddr_stop 192.168.3.3
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 192.168.4.4 laddr_stop 192.168.4.4 raddr_start 192.168.3.3 raddr_stop 192.168.3.3
ipsec_sa_set_key sa_id 10 crypto_key 306666714a36634c64474d5739413156 integ_key 374e4874786c6e31715a454e71324d71764c3571
ipsec_sa_set_key sa_id 20 crypto_key 306666714a36634c64474d5739413156 integ_key 374e4874786c6e31715a454e71324d71764c3571

DUT2:
no VAT command executed
TC19: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys - different encryption and integrity alogrithms used
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 192.168.100.3/24
sw_interface_add_del_address sw_if_index 5 192.168.4.4/24
ip_neighbor_add_del sw_if_index 1 dst 192.168.100.2 mac fa:16:3e:6a:a9:9f
ip_add_del_route 192.168.3.3/24 via 192.168.100.2 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 59726f7a62346d524468395766677846 integ_alg sha1-96 integ_key 5543654e75456135366c6d735077424550484479 tunnel_src 192.168.100.3 tunnel_dst 192.168.100.2
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 59726f7a62346d524468395766677846 integ_alg sha1-96 integ_key 5543654e75456135366c6d735077424550484479 tunnel_src 192.168.100.2 tunnel_dst 192.168.100.3
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 192.168.4.4 laddr_stop 192.168.4.4 raddr_start 192.168.3.3 raddr_stop 192.168.3.3
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 192.168.4.4 laddr_stop 192.168.4.4 raddr_start 192.168.3.3 raddr_stop 192.168.3.3
ipsec_sa_set_key sa_id 10 crypto_key 4f30535665434961354f42527a364b51 integ_key 64764c35723479356a736b566946504857525066
ipsec_sa_set_key sa_id 20 crypto_key 4f30535665434961354f42527a364b51 integ_key 64764c35723479356a736b566946504857525066

DUT2:
no VAT command executed

8.2.5.2. eth2p-ethip4ipsectpt-ip4base-func

IPv4 IPsec transport mode test suite.

  • [Top] Network topologies: TG-DUT1 2-node topology with one link between nodes.
  • [Cfg] DUT configuration: On DUT1 create loopback interface, configure loopback an physical interface IPv4 addresses, static ARP record, route and IPsec manual keyed connection in transport mode.
  • [Ver] TG verification: ESP packet is sent from TG to DUT1. ESP packet is received on TG from DUT1.
  • [Ref] Applicable standard specifications: RFC4303.
Name VPP API Test (VAT) Commands History - Commands Used Per Test Case
TC01: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 192.168.100.3/24
sw_interface_add_del_address sw_if_index 5 192.168.4.4/24
ip_neighbor_add_del sw_if_index 1 dst 192.168.100.2 mac fa:16:3e:6a:a9:9f
ip_add_del_route 192.168.3.3/24 via 192.168.100.2 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 626e3030326931706f546254744a455a integ_alg sha1-96 integ_key 5272657564397a594e7551335a33776e4f337975
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 626e3030326931706f546254744a455a integ_alg sha1-96 integ_key 5272657564397a594e7551335a33776e4f337975
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 192.168.100.3 laddr_stop 192.168.100.3 raddr_start 192.168.100.2 raddr_stop 192.168.100.2
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 192.168.100.3 laddr_stop 192.168.100.3 raddr_start 192.168.100.2 raddr_stop 192.168.100.2

DUT2:
no VAT command executed
TC05: VPP process ESP packet in Transport Mode with AES-CBC-192 encryption and SHA-256-128 integrity
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 192.168.100.3/24
sw_interface_add_del_address sw_if_index 5 192.168.4.4/24
ip_neighbor_add_del sw_if_index 1 dst 192.168.100.2 mac fa:16:3e:6a:a9:9f
ip_add_del_route 192.168.3.3/24 via 192.168.100.2 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-192 crypto_key 6d6b627849715268623076306d4c69794d49676a494e794a integ_alg sha-256-128 integ_key 566e54456c43657038474458433964497046415a656c7736675a435953327550
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-192 crypto_key 6d6b627849715268623076306d4c69794d49676a494e794a integ_alg sha-256-128 integ_key 566e54456c43657038474458433964497046415a656c7736675a435953327550
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 192.168.100.3 laddr_stop 192.168.100.3 raddr_start 192.168.100.2 raddr_stop 192.168.100.2
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 192.168.100.3 laddr_stop 192.168.100.3 raddr_start 192.168.100.2 raddr_stop 192.168.100.2

DUT2:
no VAT command executed
TC09: VPP process ESP packet in Transport Mode with AES-CBC-256 encryption and SHA-384-192 integrity
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 192.168.100.3/24
sw_interface_add_del_address sw_if_index 5 192.168.4.4/24
ip_neighbor_add_del sw_if_index 1 dst 192.168.100.2 mac fa:16:3e:6a:a9:9f
ip_add_del_route 192.168.3.3/24 via 192.168.100.2 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-256 crypto_key 4d53486f714d6f79336436613358437a58493168785153364177367437356942 integ_alg sha-384-192 integ_key 5a7850466f69425a68745a6f34705a6173725459504251667664693334796772503545554d3854555579366179556349
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-256 crypto_key 4d53486f714d6f79336436613358437a58493168785153364177367437356942 integ_alg sha-384-192 integ_key 5a7850466f69425a68745a6f34705a6173725459504251667664693334796772503545554d3854555579366179556349
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 192.168.100.3 laddr_stop 192.168.100.3 raddr_start 192.168.100.2 raddr_stop 192.168.100.2
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 192.168.100.3 laddr_stop 192.168.100.3 raddr_start 192.168.100.2 raddr_stop 192.168.100.2

DUT2:
no VAT command executed
TC12: VPP process ESP packet in Transport Mode with AES-CBC-256 encryption and SHA-512-256 integrity
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 192.168.100.3/24
sw_interface_add_del_address sw_if_index 5 192.168.4.4/24
ip_neighbor_add_del sw_if_index 1 dst 192.168.100.2 mac fa:16:3e:6a:a9:9f
ip_add_del_route 192.168.3.3/24 via 192.168.100.2 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-256 crypto_key 4577503139696a685572527a794346426c42614b713938526368456138523267 integ_alg sha-512-256 integ_key 4a483769335146375638414367583572346b39785a656b50444f4b6e3662465077464a684a42665843654d69455667376e534d41706773707652424d426c6745
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-256 crypto_key 4577503139696a685572527a794346426c42614b713938526368456138523267 integ_alg sha-512-256 integ_key 4a483769335146375638414367583572346b39785a656b50444f4b6e3662465077464a684a42665843654d69455667376e534d41706773707652424d426c6745
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 192.168.100.3 laddr_stop 192.168.100.3 raddr_start 192.168.100.2 raddr_stop 192.168.100.2
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 192.168.100.3 laddr_stop 192.168.100.3 raddr_start 192.168.100.2 raddr_stop 192.168.100.2

DUT2:
no VAT command executed
TC13: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity - different encryption alogrithms used
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 192.168.100.3/24
sw_interface_add_del_address sw_if_index 5 192.168.4.4/24
ip_neighbor_add_del sw_if_index 1 dst 192.168.100.2 mac fa:16:3e:6a:a9:9f
ip_add_del_route 192.168.3.3/24 via 192.168.100.2 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 6c6436646845773171724c4251755757 integ_alg sha1-96 integ_key 6d4a31344e506d4274534a6337534e7671466758
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 6c6436646845773171724c4251755757 integ_alg sha1-96 integ_key 6d4a31344e506d4274534a6337534e7671466758
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 192.168.100.3 laddr_stop 192.168.100.3 raddr_start 192.168.100.2 raddr_stop 192.168.100.2
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 192.168.100.3 laddr_stop 192.168.100.3 raddr_start 192.168.100.2 raddr_stop 192.168.100.2

DUT2:
no VAT command executed
TC14: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity - different integrity alogrithms used
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 192.168.100.3/24
sw_interface_add_del_address sw_if_index 5 192.168.4.4/24
ip_neighbor_add_del sw_if_index 1 dst 192.168.100.2 mac fa:16:3e:6a:a9:9f
ip_add_del_route 192.168.3.3/24 via 192.168.100.2 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 556a7541396f7a69593750656d443879 integ_alg sha1-96 integ_key 314276433173676a6f495552614338526e42636a
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 556a7541396f7a69593750656d443879 integ_alg sha1-96 integ_key 314276433173676a6f495552614338526e42636a
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 192.168.100.3 laddr_stop 192.168.100.3 raddr_start 192.168.100.2 raddr_stop 192.168.100.2
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 192.168.100.3 laddr_stop 192.168.100.3 raddr_start 192.168.100.2 raddr_stop 192.168.100.2

DUT2:
no VAT command executed
TC15: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity - different encryption and integrity alogrithms used
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 192.168.100.3/24
sw_interface_add_del_address sw_if_index 5 192.168.4.4/24
ip_neighbor_add_del sw_if_index 1 dst 192.168.100.2 mac fa:16:3e:6a:a9:9f
ip_add_del_route 192.168.3.3/24 via 192.168.100.2 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 64306c4a7236466d36444e7051794575 integ_alg sha1-96 integ_key 344b75444f6c673937456d6b4f434f6352414458
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 64306c4a7236466d36444e7051794575 integ_alg sha1-96 integ_key 344b75444f6c673937456d6b4f434f6352414458
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 192.168.100.3 laddr_stop 192.168.100.3 raddr_start 192.168.100.2 raddr_stop 192.168.100.2
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 192.168.100.3 laddr_stop 192.168.100.3 raddr_start 192.168.100.2 raddr_stop 192.168.100.2

DUT2:
no VAT command executed
TC16: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 192.168.100.3/24
sw_interface_add_del_address sw_if_index 5 192.168.4.4/24
ip_neighbor_add_del sw_if_index 1 dst 192.168.100.2 mac fa:16:3e:6a:a9:9f
ip_add_del_route 192.168.3.3/24 via 192.168.100.2 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 34674959347461586e64665458346d67 integ_alg sha1-96 integ_key 656554353976364c6c79784b7541454832747177
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 34674959347461586e64665458346d67 integ_alg sha1-96 integ_key 656554353976364c6c79784b7541454832747177
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 192.168.100.3 laddr_stop 192.168.100.3 raddr_start 192.168.100.2 raddr_stop 192.168.100.2
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 192.168.100.3 laddr_stop 192.168.100.3 raddr_start 192.168.100.2 raddr_stop 192.168.100.2
ipsec_sa_set_key sa_id 10 crypto_key 704b714533496c6b4b4b5a577575386f integ_key 4b6651615657797248654a3038764939676e4667
ipsec_sa_set_key sa_id 20 crypto_key 704b714533496c6b4b4b5a577575386f integ_key 4b6651615657797248654a3038764939676e4667

DUT2:
no VAT command executed
TC17: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys - different encryption alogrithms used
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 192.168.100.3/24
sw_interface_add_del_address sw_if_index 5 192.168.4.4/24
ip_neighbor_add_del sw_if_index 1 dst 192.168.100.2 mac fa:16:3e:6a:a9:9f
ip_add_del_route 192.168.3.3/24 via 192.168.100.2 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 7179765a753875425638397870504152 integ_alg sha1-96 integ_key 48346250766364547945394568335732506e4752
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 7179765a753875425638397870504152 integ_alg sha1-96 integ_key 48346250766364547945394568335732506e4752
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 192.168.100.3 laddr_stop 192.168.100.3 raddr_start 192.168.100.2 raddr_stop 192.168.100.2
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 192.168.100.3 laddr_stop 192.168.100.3 raddr_start 192.168.100.2 raddr_stop 192.168.100.2
ipsec_sa_set_key sa_id 10 crypto_key 69394848767142694e67375074527435 integ_key 67545a7933685142776d7875674e4c71664a5a64
ipsec_sa_set_key sa_id 20 crypto_key 69394848767142694e67375074527435 integ_key 67545a7933685142776d7875674e4c71664a5a64

DUT2:
no VAT command executed
TC18: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys - different integrity alogrithms used
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 192.168.100.3/24
sw_interface_add_del_address sw_if_index 5 192.168.4.4/24
ip_neighbor_add_del sw_if_index 1 dst 192.168.100.2 mac fa:16:3e:6a:a9:9f
ip_add_del_route 192.168.3.3/24 via 192.168.100.2 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 43694742637341504b723167766e4557 integ_alg sha1-96 integ_key 4e6177545363734858426e753750547a3044426f
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 43694742637341504b723167766e4557 integ_alg sha1-96 integ_key 4e6177545363734858426e753750547a3044426f
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 192.168.100.3 laddr_stop 192.168.100.3 raddr_start 192.168.100.2 raddr_stop 192.168.100.2
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 192.168.100.3 laddr_stop 192.168.100.3 raddr_start 192.168.100.2 raddr_stop 192.168.100.2
ipsec_sa_set_key sa_id 10 crypto_key 385a6a5746524d616168423271484777 integ_key 656248305966337363715042636b414b354b416f
ipsec_sa_set_key sa_id 20 crypto_key 385a6a5746524d616168423271484777 integ_key 656248305966337363715042636b414b354b416f

DUT2:
no VAT command executed
TC19: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys - different encryption and integrity alogrithms used
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 192.168.100.3/24
sw_interface_add_del_address sw_if_index 5 192.168.4.4/24
ip_neighbor_add_del sw_if_index 1 dst 192.168.100.2 mac fa:16:3e:6a:a9:9f
ip_add_del_route 192.168.3.3/24 via 192.168.100.2 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 456c314350686c71564e756259487550 integ_alg sha1-96 integ_key 4b3850714b316443443079357569377168707a7a
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 456c314350686c71564e756259487550 integ_alg sha1-96 integ_key 4b3850714b316443443079357569377168707a7a
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 192.168.100.3 laddr_stop 192.168.100.3 raddr_start 192.168.100.2 raddr_stop 192.168.100.2
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 192.168.100.3 laddr_stop 192.168.100.3 raddr_start 192.168.100.2 raddr_stop 192.168.100.2
ipsec_sa_set_key sa_id 10 crypto_key 535877517a446f4c3376655072335049 integ_key 54773066743258686b71776c594e5344364f6c69
ipsec_sa_set_key sa_id 20 crypto_key 535877517a446f4c3376655072335049 integ_key 54773066743258686b71776c594e5344364f6c69

DUT2:
no VAT command executed

8.2.5.3. eth2p-ethip6ipsectnl-ip6base-func

IPv6 IPsec tunnel mode test suite.

  • [Top] Network topologies: TG-DUT1 2-node topology with one link between nodes.
  • [Cfg] DUT configuration: On DUT1 create loopback interface, configure loopback an physical interface IPv6 addresses, static ARP record, route and IPsec manual keyed connection in tunnel mode.
  • [Ver] TG verification: ESP packet is sent from TG to DUT1. ESP packet is received on TG from DUT1.
  • [Ref] Applicable standard specifications: RFC4303.
Name VPP API Test (VAT) Commands History - Commands Used Per Test Case
TC01: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 3ffe:5f::2/64
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_add_del_address sw_if_index 5 3ffe:60::4/64
sw_interface_set_flags sw_if_index 5 admin-up
ip_neighbor_add_del sw_if_index 1 dst 3ffe:5f::1 mac fa:16:3e:6a:a9:9f
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
ip_add_del_route 3ffe:60::3/128 via 3ffe:5f::1 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 58704e674d787a7672726c6a41324f6e integ_alg sha1-96 integ_key 4445523075596e4b4c7737526a6275755a6b4f48 tunnel_src 3ffe:5f::2 tunnel_dst 3ffe:5f::1
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 58704e674d787a7672726c6a41324f6e integ_alg sha1-96 integ_key 4445523075596e4b4c7737526a6275755a6b4f48 tunnel_src 3ffe:5f::1 tunnel_dst 3ffe:5f::2
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 3ffe:60::4 laddr_stop 3ffe:60::4 raddr_start 3ffe:60::3 raddr_stop 3ffe:60::3
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 3ffe:60::4 laddr_stop 3ffe:60::4 raddr_start 3ffe:60::3 raddr_stop 3ffe:60::3

DUT2:
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC05: VPP process ESP packet in Tunnel Mode with AES-CBC-192 encryption and SHA-256-128 integrity
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 3ffe:5f::2/64
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_add_del_address sw_if_index 5 3ffe:60::4/64
sw_interface_set_flags sw_if_index 5 admin-up
ip_neighbor_add_del sw_if_index 1 dst 3ffe:5f::1 mac fa:16:3e:6a:a9:9f
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
ip_add_del_route 3ffe:60::3/128 via 3ffe:5f::1 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-192 crypto_key 345134354343484b6a4d54494637594d7767797151677944 integ_alg sha-256-128 integ_key 663870397956394f70596c43683274596f734535434462416b4c316d7a72304b tunnel_src 3ffe:5f::2 tunnel_dst 3ffe:5f::1
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-192 crypto_key 345134354343484b6a4d54494637594d7767797151677944 integ_alg sha-256-128 integ_key 663870397956394f70596c43683274596f734535434462416b4c316d7a72304b tunnel_src 3ffe:5f::1 tunnel_dst 3ffe:5f::2
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 3ffe:60::4 laddr_stop 3ffe:60::4 raddr_start 3ffe:60::3 raddr_stop 3ffe:60::3
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 3ffe:60::4 laddr_stop 3ffe:60::4 raddr_start 3ffe:60::3 raddr_stop 3ffe:60::3

DUT2:
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC09: VPP process ESP packet in Tunnel Mode with AES-CBC-256 encryption and SHA-384-192 integrity
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 3ffe:5f::2/64
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_add_del_address sw_if_index 5 3ffe:60::4/64
sw_interface_set_flags sw_if_index 5 admin-up
ip_neighbor_add_del sw_if_index 1 dst 3ffe:5f::1 mac fa:16:3e:6a:a9:9f
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
ip_add_del_route 3ffe:60::3/128 via 3ffe:5f::1 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-256 crypto_key 7730774e7661694452764378424653674b593642434c596966543953315a416e integ_alg sha-384-192 integ_key 774d59364e463249746f363148736a674e797154617652385450573268514d514f697032663045763959747570396438 tunnel_src 3ffe:5f::2 tunnel_dst 3ffe:5f::1
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-256 crypto_key 7730774e7661694452764378424653674b593642434c596966543953315a416e integ_alg sha-384-192 integ_key 774d59364e463249746f363148736a674e797154617652385450573268514d514f697032663045763959747570396438 tunnel_src 3ffe:5f::1 tunnel_dst 3ffe:5f::2
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 3ffe:60::4 laddr_stop 3ffe:60::4 raddr_start 3ffe:60::3 raddr_stop 3ffe:60::3
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 3ffe:60::4 laddr_stop 3ffe:60::4 raddr_start 3ffe:60::3 raddr_stop 3ffe:60::3

DUT2:
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC12: VPP process ESP packet in Tunnel Mode with AES-CBC-256 encryption and SHA-512-256 integrity
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 3ffe:5f::2/64
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_add_del_address sw_if_index 5 3ffe:60::4/64
sw_interface_set_flags sw_if_index 5 admin-up
ip_neighbor_add_del sw_if_index 1 dst 3ffe:5f::1 mac fa:16:3e:6a:a9:9f
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
ip_add_del_route 3ffe:60::3/128 via 3ffe:5f::1 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-256 crypto_key 6d564e364d6c4f4661326b6f45476e45707237316462737336336d54617a646d integ_alg sha-512-256 integ_key 3970494143616b4d486e7039417a4f5243446177384834454c54555659306b4c6a78514232354d75584d694c5361615747554642666e6e366d454c6f46335878 tunnel_src 3ffe:5f::2 tunnel_dst 3ffe:5f::1
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-256 crypto_key 6d564e364d6c4f4661326b6f45476e45707237316462737336336d54617a646d integ_alg sha-512-256 integ_key 3970494143616b4d486e7039417a4f5243446177384834454c54555659306b4c6a78514232354d75584d694c5361615747554642666e6e366d454c6f46335878 tunnel_src 3ffe:5f::1 tunnel_dst 3ffe:5f::2
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 3ffe:60::4 laddr_stop 3ffe:60::4 raddr_start 3ffe:60::3 raddr_stop 3ffe:60::3
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 3ffe:60::4 laddr_stop 3ffe:60::4 raddr_start 3ffe:60::3 raddr_stop 3ffe:60::3

DUT2:
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC13: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity - different encryption alogrithms used
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 3ffe:5f::2/64
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_add_del_address sw_if_index 5 3ffe:60::4/64
sw_interface_set_flags sw_if_index 5 admin-up
ip_neighbor_add_del sw_if_index 1 dst 3ffe:5f::1 mac fa:16:3e:6a:a9:9f
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
ip_add_del_route 3ffe:60::3/128 via 3ffe:5f::1 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 304d503875783172786d7a584d4b4835 integ_alg sha1-96 integ_key 4b70325873644631776c4d686a444a4335617834 tunnel_src 3ffe:5f::2 tunnel_dst 3ffe:5f::1
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 304d503875783172786d7a584d4b4835 integ_alg sha1-96 integ_key 4b70325873644631776c4d686a444a4335617834 tunnel_src 3ffe:5f::1 tunnel_dst 3ffe:5f::2
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 3ffe:60::4 laddr_stop 3ffe:60::4 raddr_start 3ffe:60::3 raddr_stop 3ffe:60::3
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 3ffe:60::4 laddr_stop 3ffe:60::4 raddr_start 3ffe:60::3 raddr_stop 3ffe:60::3

DUT2:
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC14: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity - different integrity alogrithms used
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 3ffe:5f::2/64
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_add_del_address sw_if_index 5 3ffe:60::4/64
sw_interface_set_flags sw_if_index 5 admin-up
ip_neighbor_add_del sw_if_index 1 dst 3ffe:5f::1 mac fa:16:3e:6a:a9:9f
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
ip_add_del_route 3ffe:60::3/128 via 3ffe:5f::1 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 6d5969426636796d416a7173446c5567 integ_alg sha1-96 integ_key 5a784f7157784177756277544859654463573731 tunnel_src 3ffe:5f::2 tunnel_dst 3ffe:5f::1
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 6d5969426636796d416a7173446c5567 integ_alg sha1-96 integ_key 5a784f7157784177756277544859654463573731 tunnel_src 3ffe:5f::1 tunnel_dst 3ffe:5f::2
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 3ffe:60::4 laddr_stop 3ffe:60::4 raddr_start 3ffe:60::3 raddr_stop 3ffe:60::3
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 3ffe:60::4 laddr_stop 3ffe:60::4 raddr_start 3ffe:60::3 raddr_stop 3ffe:60::3

DUT2:
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC15: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity - different encryption and integrity alogrithms used
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 3ffe:5f::2/64
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_add_del_address sw_if_index 5 3ffe:60::4/64
sw_interface_set_flags sw_if_index 5 admin-up
ip_neighbor_add_del sw_if_index 1 dst 3ffe:5f::1 mac fa:16:3e:6a:a9:9f
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
ip_add_del_route 3ffe:60::3/128 via 3ffe:5f::1 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 676c6e59367563696b3158566f62714f integ_alg sha1-96 integ_key 58786e6579484e4273736e596e4c577757426472 tunnel_src 3ffe:5f::2 tunnel_dst 3ffe:5f::1
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 676c6e59367563696b3158566f62714f integ_alg sha1-96 integ_key 58786e6579484e4273736e596e4c577757426472 tunnel_src 3ffe:5f::1 tunnel_dst 3ffe:5f::2
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 3ffe:60::4 laddr_stop 3ffe:60::4 raddr_start 3ffe:60::3 raddr_stop 3ffe:60::3
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 3ffe:60::4 laddr_stop 3ffe:60::4 raddr_start 3ffe:60::3 raddr_stop 3ffe:60::3

DUT2:
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC16: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 3ffe:5f::2/64
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_add_del_address sw_if_index 5 3ffe:60::4/64
sw_interface_set_flags sw_if_index 5 admin-up
ip_neighbor_add_del sw_if_index 1 dst 3ffe:5f::1 mac fa:16:3e:6a:a9:9f
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
ip_add_del_route 3ffe:60::3/128 via 3ffe:5f::1 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 3043325931674f51434478474e554555 integ_alg sha1-96 integ_key 755658367138524565623958384c7744676b6150 tunnel_src 3ffe:5f::2 tunnel_dst 3ffe:5f::1
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 3043325931674f51434478474e554555 integ_alg sha1-96 integ_key 755658367138524565623958384c7744676b6150 tunnel_src 3ffe:5f::1 tunnel_dst 3ffe:5f::2
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 3ffe:60::4 laddr_stop 3ffe:60::4 raddr_start 3ffe:60::3 raddr_stop 3ffe:60::3
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 3ffe:60::4 laddr_stop 3ffe:60::4 raddr_start 3ffe:60::3 raddr_stop 3ffe:60::3
ipsec_sa_set_key sa_id 10 crypto_key 33766c61714564305a6445336a44574b integ_key 5546374f47656a6b76335369574c48696d6f4c33
ipsec_sa_set_key sa_id 20 crypto_key 33766c61714564305a6445336a44574b integ_key 5546374f47656a6b76335369574c48696d6f4c33

DUT2:
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC17: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys - different encryption alogrithms used
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 3ffe:5f::2/64
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_add_del_address sw_if_index 5 3ffe:60::4/64
sw_interface_set_flags sw_if_index 5 admin-up
ip_neighbor_add_del sw_if_index 1 dst 3ffe:5f::1 mac fa:16:3e:6a:a9:9f
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
ip_add_del_route 3ffe:60::3/128 via 3ffe:5f::1 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 484b75353368626167516579336d5a4a integ_alg sha1-96 integ_key 546d3151746f334466344a4b6b7a624137756a45 tunnel_src 3ffe:5f::2 tunnel_dst 3ffe:5f::1
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 484b75353368626167516579336d5a4a integ_alg sha1-96 integ_key 546d3151746f334466344a4b6b7a624137756a45 tunnel_src 3ffe:5f::1 tunnel_dst 3ffe:5f::2
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 3ffe:60::4 laddr_stop 3ffe:60::4 raddr_start 3ffe:60::3 raddr_stop 3ffe:60::3
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 3ffe:60::4 laddr_stop 3ffe:60::4 raddr_start 3ffe:60::3 raddr_stop 3ffe:60::3
ipsec_sa_set_key sa_id 10 crypto_key 527533715a423661646e3564666e7362 integ_key 53414379596d446d6551466a68536d5145666545
ipsec_sa_set_key sa_id 20 crypto_key 527533715a423661646e3564666e7362 integ_key 53414379596d446d6551466a68536d5145666545

DUT2:
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC18: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys - different integrity alogrithms used
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 3ffe:5f::2/64
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_add_del_address sw_if_index 5 3ffe:60::4/64
sw_interface_set_flags sw_if_index 5 admin-up
ip_neighbor_add_del sw_if_index 1 dst 3ffe:5f::1 mac fa:16:3e:6a:a9:9f
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
ip_add_del_route 3ffe:60::3/128 via 3ffe:5f::1 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 6b78414c384f54786569764d48785665 integ_alg sha1-96 integ_key 4a577049384d6754754e4c504b6447385a385a66 tunnel_src 3ffe:5f::2 tunnel_dst 3ffe:5f::1
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 6b78414c384f54786569764d48785665 integ_alg sha1-96 integ_key 4a577049384d6754754e4c504b6447385a385a66 tunnel_src 3ffe:5f::1 tunnel_dst 3ffe:5f::2
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 3ffe:60::4 laddr_stop 3ffe:60::4 raddr_start 3ffe:60::3 raddr_stop 3ffe:60::3
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 3ffe:60::4 laddr_stop 3ffe:60::4 raddr_start 3ffe:60::3 raddr_stop 3ffe:60::3
ipsec_sa_set_key sa_id 10 crypto_key 626637536a3054715a4c354247533737 integ_key 4f32316e316256324b75496f5558714c6d317162
ipsec_sa_set_key sa_id 20 crypto_key 626637536a3054715a4c354247533737 integ_key 4f32316e316256324b75496f5558714c6d317162

DUT2:
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC19: VPP process ESP packet in Tunnel Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys - different encryption and integrity alogrithms used
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 3ffe:5f::2/64
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_add_del_address sw_if_index 5 3ffe:60::4/64
sw_interface_set_flags sw_if_index 5 admin-up
ip_neighbor_add_del sw_if_index 1 dst 3ffe:5f::1 mac fa:16:3e:6a:a9:9f
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
ip_add_del_route 3ffe:60::3/128 via 3ffe:5f::1 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 424e4e46674f54574a4e696e3939546f integ_alg sha1-96 integ_key 4b435050355268697a4f744a704571536839564e tunnel_src 3ffe:5f::2 tunnel_dst 3ffe:5f::1
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 424e4e46674f54574a4e696e3939546f integ_alg sha1-96 integ_key 4b435050355268697a4f744a704571536839564e tunnel_src 3ffe:5f::1 tunnel_dst 3ffe:5f::2
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 3ffe:60::4 laddr_stop 3ffe:60::4 raddr_start 3ffe:60::3 raddr_stop 3ffe:60::3
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 3ffe:60::4 laddr_stop 3ffe:60::4 raddr_start 3ffe:60::3 raddr_stop 3ffe:60::3
ipsec_sa_set_key sa_id 10 crypto_key 64505531374e684e34455661744f4839 integ_key 4b7a4372634e49524c5559696672527353747241
ipsec_sa_set_key sa_id 20 crypto_key 64505531374e684e34455661744f4839 integ_key 4b7a4372634e49524c5559696672527353747241

DUT2:
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress

8.2.5.4. eth2p-ethip6ipsectpt-ip6base-func

IPv6 IPsec transport mode test suite.

  • [Top] Network topologies: TG-DUT1 2-node topology with one link between nodes.
  • [Cfg] DUT configuration: On DUT1 create loopback interface, configure loopback an physical interface IPv6 addresses, static ARP record, route and IPsec manual keyed connection in transport mode.
  • [Ver] TG verification: ESP packet is sent from TG to DUT1. ESP packet is received on TG from DUT1.
  • [Ref] Applicable standard specifications: RFC4303.
Name VPP API Test (VAT) Commands History - Commands Used Per Test Case
TC01: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 3ffe:5f::2/64
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_add_del_address sw_if_index 5 3ffe:60::4/64
sw_interface_set_flags sw_if_index 5 admin-up
ip_neighbor_add_del sw_if_index 1 dst 3ffe:5f::1 mac fa:16:3e:6a:a9:9f
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
ip_add_del_route 3ffe:60::3/128 via 3ffe:5f::1 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 724c46473661674d626f38654f686273 integ_alg sha1-96 integ_key 4161575a783344307747725a4a35565857583138
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 724c46473661674d626f38654f686273 integ_alg sha1-96 integ_key 4161575a783344307747725a4a35565857583138
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 3ffe:5f::2 laddr_stop 3ffe:5f::2 raddr_start 3ffe:5f::1 raddr_stop 3ffe:5f::1
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 3ffe:5f::2 laddr_stop 3ffe:5f::2 raddr_start 3ffe:5f::1 raddr_stop 3ffe:5f::1

DUT2:
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC05: VPP process ESP packet in Transport Mode with AES-CBC-192 encryption and SHA-256-128 integrity
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 3ffe:5f::2/64
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_add_del_address sw_if_index 5 3ffe:60::4/64
sw_interface_set_flags sw_if_index 5 admin-up
ip_neighbor_add_del sw_if_index 1 dst 3ffe:5f::1 mac fa:16:3e:6a:a9:9f
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
ip_add_del_route 3ffe:60::3/128 via 3ffe:5f::1 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-192 crypto_key 51683363365a414e417276764d4752357a7351737a59326d integ_alg sha-256-128 integ_key 7a6439473648597033395633637964543436735372476944744c57536c593053
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-192 crypto_key 51683363365a414e417276764d4752357a7351737a59326d integ_alg sha-256-128 integ_key 7a6439473648597033395633637964543436735372476944744c57536c593053
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 3ffe:5f::2 laddr_stop 3ffe:5f::2 raddr_start 3ffe:5f::1 raddr_stop 3ffe:5f::1
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 3ffe:5f::2 laddr_stop 3ffe:5f::2 raddr_start 3ffe:5f::1 raddr_stop 3ffe:5f::1

DUT2:
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC09: VPP process ESP packet in Transport Mode with AES-CBC-256 encryption and SHA-384-192 integrity
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 3ffe:5f::2/64
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_add_del_address sw_if_index 5 3ffe:60::4/64
sw_interface_set_flags sw_if_index 5 admin-up
ip_neighbor_add_del sw_if_index 1 dst 3ffe:5f::1 mac fa:16:3e:6a:a9:9f
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
ip_add_del_route 3ffe:60::3/128 via 3ffe:5f::1 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-256 crypto_key 4368437367396455476b46695a51354c38484858375a50376e61637656704a43 integ_alg sha-384-192 integ_key 3964724c6e68394a4a47553553566c665a6535705157766f4376554f507034616f674c46374d5a44754e687a65784f4e
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-256 crypto_key 4368437367396455476b46695a51354c38484858375a50376e61637656704a43 integ_alg sha-384-192 integ_key 3964724c6e68394a4a47553553566c665a6535705157766f4376554f507034616f674c46374d5a44754e687a65784f4e
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 3ffe:5f::2 laddr_stop 3ffe:5f::2 raddr_start 3ffe:5f::1 raddr_stop 3ffe:5f::1
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 3ffe:5f::2 laddr_stop 3ffe:5f::2 raddr_start 3ffe:5f::1 raddr_stop 3ffe:5f::1

DUT2:
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC12: VPP process ESP packet in Transport Mode with AES-CBC-256 encryption and SHA-512-256 integrity
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 3ffe:5f::2/64
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_add_del_address sw_if_index 5 3ffe:60::4/64
sw_interface_set_flags sw_if_index 5 admin-up
ip_neighbor_add_del sw_if_index 1 dst 3ffe:5f::1 mac fa:16:3e:6a:a9:9f
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
ip_add_del_route 3ffe:60::3/128 via 3ffe:5f::1 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-256 crypto_key 456f736d674c574c736e6e55316a5679537451644e516b6c3841644d74344741 integ_alg sha-512-256 integ_key 324e344e657a52315973506759704d59437639324a44596a564b325a6153666f4d41386f624e6c5148724772585950444f326576304470566e786f736454484e
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-256 crypto_key 456f736d674c574c736e6e55316a5679537451644e516b6c3841644d74344741 integ_alg sha-512-256 integ_key 324e344e657a52315973506759704d59437639324a44596a564b325a6153666f4d41386f624e6c5148724772585950444f326576304470566e786f736454484e
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 3ffe:5f::2 laddr_stop 3ffe:5f::2 raddr_start 3ffe:5f::1 raddr_stop 3ffe:5f::1
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 3ffe:5f::2 laddr_stop 3ffe:5f::2 raddr_start 3ffe:5f::1 raddr_stop 3ffe:5f::1

DUT2:
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC13: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity - different encryption alogrithms used
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 3ffe:5f::2/64
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_add_del_address sw_if_index 5 3ffe:60::4/64
sw_interface_set_flags sw_if_index 5 admin-up
ip_neighbor_add_del sw_if_index 1 dst 3ffe:5f::1 mac fa:16:3e:6a:a9:9f
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
ip_add_del_route 3ffe:60::3/128 via 3ffe:5f::1 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 325a6a77635a497a5a4b517557335169 integ_alg sha1-96 integ_key 574b753332697255345a6448354958584d4c5742
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 325a6a77635a497a5a4b517557335169 integ_alg sha1-96 integ_key 574b753332697255345a6448354958584d4c5742
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 3ffe:5f::2 laddr_stop 3ffe:5f::2 raddr_start 3ffe:5f::1 raddr_stop 3ffe:5f::1
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 3ffe:5f::2 laddr_stop 3ffe:5f::2 raddr_start 3ffe:5f::1 raddr_stop 3ffe:5f::1

DUT2:
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC14: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity - different integrity alogrithms used
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 3ffe:5f::2/64
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_add_del_address sw_if_index 5 3ffe:60::4/64
sw_interface_set_flags sw_if_index 5 admin-up
ip_neighbor_add_del sw_if_index 1 dst 3ffe:5f::1 mac fa:16:3e:6a:a9:9f
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
ip_add_del_route 3ffe:60::3/128 via 3ffe:5f::1 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 764a3751563930413745485262514779 integ_alg sha1-96 integ_key 4a7a4f556362525857546e49384e787674514672
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 764a3751563930413745485262514779 integ_alg sha1-96 integ_key 4a7a4f556362525857546e49384e787674514672
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 3ffe:5f::2 laddr_stop 3ffe:5f::2 raddr_start 3ffe:5f::1 raddr_stop 3ffe:5f::1
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 3ffe:5f::2 laddr_stop 3ffe:5f::2 raddr_start 3ffe:5f::1 raddr_stop 3ffe:5f::1

DUT2:
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC15: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity - different encryption and integrity alogrithms used
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 3ffe:5f::2/64
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_add_del_address sw_if_index 5 3ffe:60::4/64
sw_interface_set_flags sw_if_index 5 admin-up
ip_neighbor_add_del sw_if_index 1 dst 3ffe:5f::1 mac fa:16:3e:6a:a9:9f
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
ip_add_del_route 3ffe:60::3/128 via 3ffe:5f::1 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 46784848494171676d7836384a463069 integ_alg sha1-96 integ_key 636d6c3862745a334c51345a496c57393146794e
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 46784848494171676d7836384a463069 integ_alg sha1-96 integ_key 636d6c3862745a334c51345a496c57393146794e
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 3ffe:5f::2 laddr_stop 3ffe:5f::2 raddr_start 3ffe:5f::1 raddr_stop 3ffe:5f::1
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 3ffe:5f::2 laddr_stop 3ffe:5f::2 raddr_start 3ffe:5f::1 raddr_stop 3ffe:5f::1

DUT2:
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC16: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 3ffe:5f::2/64
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_add_del_address sw_if_index 5 3ffe:60::4/64
sw_interface_set_flags sw_if_index 5 admin-up
ip_neighbor_add_del sw_if_index 1 dst 3ffe:5f::1 mac fa:16:3e:6a:a9:9f
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
ip_add_del_route 3ffe:60::3/128 via 3ffe:5f::1 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 643647734833496f5877556f57303443 integ_alg sha1-96 integ_key 427751304a684e796b326c6d31676c6968344370
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 643647734833496f5877556f57303443 integ_alg sha1-96 integ_key 427751304a684e796b326c6d31676c6968344370
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 3ffe:5f::2 laddr_stop 3ffe:5f::2 raddr_start 3ffe:5f::1 raddr_stop 3ffe:5f::1
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 3ffe:5f::2 laddr_stop 3ffe:5f::2 raddr_start 3ffe:5f::1 raddr_stop 3ffe:5f::1
ipsec_sa_set_key sa_id 10 crypto_key 48744b376a477466574a4e6f354f7772 integ_key 524a6e3053475265593652687259514468567356
ipsec_sa_set_key sa_id 20 crypto_key 48744b376a477466574a4e6f354f7772 integ_key 524a6e3053475265593652687259514468567356

DUT2:
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC17: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys - different encryption alogrithms used
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 3ffe:5f::2/64
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_add_del_address sw_if_index 5 3ffe:60::4/64
sw_interface_set_flags sw_if_index 5 admin-up
ip_neighbor_add_del sw_if_index 1 dst 3ffe:5f::1 mac fa:16:3e:6a:a9:9f
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
ip_add_del_route 3ffe:60::3/128 via 3ffe:5f::1 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 7046716364784772774f674e45615a54 integ_alg sha1-96 integ_key 5257616f326a4a49346e474a394b364e79637862
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 7046716364784772774f674e45615a54 integ_alg sha1-96 integ_key 5257616f326a4a49346e474a394b364e79637862
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 3ffe:5f::2 laddr_stop 3ffe:5f::2 raddr_start 3ffe:5f::1 raddr_stop 3ffe:5f::1
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 3ffe:5f::2 laddr_stop 3ffe:5f::2 raddr_start 3ffe:5f::1 raddr_stop 3ffe:5f::1
ipsec_sa_set_key sa_id 10 crypto_key 6b335131587477713772774130454a4b integ_key 4f646e5849393835734457656e71585652627939
ipsec_sa_set_key sa_id 20 crypto_key 6b335131587477713772774130454a4b integ_key 4f646e5849393835734457656e71585652627939

DUT2:
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC18: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys - different integrity alogrithms used
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 3ffe:5f::2/64
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_add_del_address sw_if_index 5 3ffe:60::4/64
sw_interface_set_flags sw_if_index 5 admin-up
ip_neighbor_add_del sw_if_index 1 dst 3ffe:5f::1 mac fa:16:3e:6a:a9:9f
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
ip_add_del_route 3ffe:60::3/128 via 3ffe:5f::1 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 6b32425930574f314e4b433048634d35 integ_alg sha1-96 integ_key 636678785650524e305675394f74616a79713154
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 6b32425930574f314e4b433048634d35 integ_alg sha1-96 integ_key 636678785650524e305675394f74616a79713154
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 3ffe:5f::2 laddr_stop 3ffe:5f::2 raddr_start 3ffe:5f::1 raddr_stop 3ffe:5f::1
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 3ffe:5f::2 laddr_stop 3ffe:5f::2 raddr_start 3ffe:5f::1 raddr_stop 3ffe:5f::1
ipsec_sa_set_key sa_id 10 crypto_key 315458515a38526e746841434467715a integ_key 394272414733626a4b524366655146624e6b6641
ipsec_sa_set_key sa_id 20 crypto_key 315458515a38526e746841434467715a integ_key 394272414733626a4b524366655146624e6b6641

DUT2:
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
TC19: VPP process ESP packet in Transport Mode with AES-CBC-128 encryption and SHA1-96 integrity with update SA keys - different encryption and integrity alogrithms used
 DUT1: 
create_loopback
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 5 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 3ffe:5f::2/64
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_add_del_address sw_if_index 5 3ffe:60::4/64
sw_interface_set_flags sw_if_index 5 admin-up
ip_neighbor_add_del sw_if_index 1 dst 3ffe:5f::1 mac fa:16:3e:6a:a9:9f
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress
ip_add_del_route 3ffe:60::3/128 via 3ffe:5f::1 sw_if_index 1 resolve-attempts 10 count 1
ipsec_sad_add_del_entry esp sad_id 10 spi 1001 crypto_alg aes-cbc-128 crypto_key 4850554d616270354637397275516b71 integ_alg sha1-96 integ_key 346d4e736d6834586b54634a35557a5574506377
ipsec_sad_add_del_entry esp sad_id 20 spi 1000 crypto_alg aes-cbc-128 crypto_key 4850554d616270354637397275516b71 integ_alg sha1-96 integ_key 346d4e736d6834586b54634a35557a5574506377
ipsec_spd_add_del spd_id 1
ipsec_interface_add_del_spd sw_if_index 1 spd_id 1
ipsec_spd_add_del_entry spd_id 1 priority 100 inbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 100 outbound action bypass protocol 50
ipsec_spd_add_del_entry spd_id 1 priority 10 inbound action protectsa_id 20 laddr_start 3ffe:5f::2 laddr_stop 3ffe:5f::2 raddr_start 3ffe:5f::1 raddr_stop 3ffe:5f::1
ipsec_spd_add_del_entry spd_id 1 priority 10 outbound action protectsa_id 10 laddr_start 3ffe:5f::2 laddr_stop 3ffe:5f::2 raddr_start 3ffe:5f::1 raddr_stop 3ffe:5f::1
ipsec_sa_set_key sa_id 10 crypto_key 6b3874776c6635304565635a67304b6a integ_key 313475774c72456f6c4a48596767467a52734753
ipsec_sa_set_key sa_id 20 crypto_key 6b3874776c6635304565635a67304b6a integ_key 313475774c72456f6c4a48596767467a52734753

DUT2:
sw_interface_ip6nd_ra_config sw_if_index 4 surpress
sw_interface_ip6nd_ra_config sw_if_index 2 surpress
sw_interface_ip6nd_ra_config sw_if_index 3 surpress
sw_interface_ip6nd_ra_config sw_if_index 1 surpress