2.39. test_snat module¶
-
class
test_snat.
MethodHolder
(methodName='runTest')¶ Bases:
framework.VppTestCase
SNAT create capture and verify method holder
-
check_icmp_checksum
(pkt)¶ Check ICMP checksum in IPv4 packet
Parameters: pkt – Packet to check ICMP checksum
-
check_icmp_errror_embedded
(pkt)¶ Check ICMP error embeded packet checksum
Parameters: pkt – Packet to check ICMP error embeded packet checksum
-
check_icmpv6_checksum
(pkt)¶ Check ICMPv6 checksum in IPv4 packet
Parameters: pkt – Packet to check ICMPv6 checksum
-
check_ip_checksum
(pkt)¶ Check IP checksum of the packet
Parameters: pkt – Packet to check IP checksum
-
check_tcp_checksum
(pkt)¶ Check TCP checksum in IP packet
Parameters: pkt – Packet to check TCP checksum
-
check_udp_checksum
(pkt)¶ Check UDP checksum in IP packet
Parameters: pkt – Packet to check UDP checksum
-
compose_ip6
(ip4, pref, plen)¶ Compose IPv4-embedded IPv6 addresses
Parameters: - ip4 – IPv4 address
- pref – IPv6 prefix
- plen – IPv6 prefix length
Returns: IPv4-embedded IPv6 addresses
-
create_stream_in
(in_if, out_if, ttl=64)¶ Create packet stream for inside network
Parameters: - in_if – Inside interface
- out_if – Outside interface
- ttl – TTL of generated packets
-
create_stream_in_ip6
(in_if, out_if, hlim=64, pref=None, plen=0)¶ Create IPv6 packet stream for inside network
Parameters: - in_if – Inside interface
- out_if – Outside interface
- ttl – Hop Limit of generated packets
- pref – NAT64 prefix
- plen – NAT64 prefix length
-
create_stream_out
(out_if, dst_ip=None, ttl=64)¶ Create packet stream for outside network
Parameters: - out_if – Outside interface
- dst_ip – Destination IP address (Default use global SNAT address)
- ttl – TTL of generated packets
-
classmethod
setUpClass
()¶
-
tearDown
()¶
-
verify_capture_in
(capture, in_if, packet_num=3)¶ Verify captured packets on inside network
Parameters: - capture – Captured packets
- in_if – Inside interface
- packet_num – Expected number of packets (Default 3)
-
verify_capture_in_ip6
(capture, src_ip, dst_ip, packet_num=3)¶ Verify captured IPv6 packets on inside network
Parameters: - capture – Captured packets
- src_ip – Source IP
- dst_ip – Destination IP address
- packet_num – Expected number of packets (Default 3)
-
verify_capture_in_with_icmp_errors
(capture, in_if, packet_num=3, icmp_type=11)¶ Verify captured packets with ICMP errors on inside network
Parameters: - capture – Captured packets
- in_if – Inside interface
- packet_num – Expected number of packets (Default 3)
- icmp_type – Type of error ICMP packet we are expecting (Default 11)
-
verify_capture_no_translation
(capture, ingress_if, egress_if)¶ Verify captured packet that don’t have to be translated
Parameters: - capture – Captured packets
- ingress_if – Ingress interface
- egress_if – Egress interface
-
verify_capture_out
(capture, nat_ip=None, same_port=False, packet_num=3, dst_ip=None)¶ Verify captured packets on outside network
Parameters: - capture – Captured packets
- nat_ip – Translated IP address (Default use global SNAT address)
- same_port – Sorce port number is not translated (Default False)
- packet_num – Expected number of packets (Default 3)
- dst_ip – Destination IP address (Default do not verify)
-
verify_capture_out_with_icmp_errors
(capture, src_ip=None, packet_num=3, icmp_type=11)¶ Verify captured packets with ICMP errors on outside network
Parameters: - capture – Captured packets
- src_ip – Translated IP address or IP address of VPP (Default use global SNAT address)
- packet_num – Expected number of packets (Default 3)
- icmp_type – Type of error ICMP packet we are expecting (Default 11)
-
verify_ipfix_addr_exhausted
(data)¶ Verify IPFIX NAT addresses event
Parameters: data – Decoded IPFIX data records
-
verify_ipfix_nat44_ses
(data)¶ Verify IPFIX NAT44 session create/delete event
Parameters: data – Decoded IPFIX data records
-
-
class
test_snat.
TestDeterministicNAT
(methodName='runTest')¶ Bases:
test_snat.MethodHolder
Deterministic NAT Test Cases
-
clear_snat
()¶ Clear SNAT configuration.
-
create_stream_in
(in_if, out_if, ttl=64)¶ Create packet stream for inside network
Parameters: - in_if – Inside interface
- out_if – Outside interface
- ttl – TTL of generated packets
-
create_stream_out
(out_if, dst_ip=None, ttl=64)¶ Create packet stream for outside network
Parameters: - out_if – Outside interface
- dst_ip – Destination IP address (Default use global SNAT address)
- ttl – TTL of generated packets
-
initiate_tcp_session
(in_if, out_if)¶ Initiates TCP session
Parameters: - in_if – Inside interface
- out_if – Outside interface
-
classmethod
setUpClass
()¶
-
classmethod
setUpConstants
()¶
-
tearDown
()¶
-
test_det_in
()¶ CGNAT translation test (TCP, UDP, ICMP)
-
test_deterministic_mode
()¶ S-NAT run deterministic mode
-
test_multiple_users
()¶ CGNAT multiple users
-
test_session_limit_per_user
(*args, **kwargs)¶ CGNAT maximum 1000 sessions per user should be created
-
test_session_timeout
(*args, **kwargs)¶ CGNAT session timeouts
-
test_set_timeouts
()¶ Set deterministic NAT timeouts
-
test_tcp_session_close_detection_in
()¶ CGNAT TCP session close initiated from inside network
-
test_tcp_session_close_detection_out
()¶ CGNAT TCP session close initiated from outside network
-
verify_capture_out
(capture, nat_ip=None, packet_num=3)¶ Verify captured packets on outside network
Parameters: - capture – Captured packets
- nat_ip – Translated IP address (Default use global SNAT address)
- same_port – Sorce port number is not translated (Default False)
- packet_num – Expected number of packets (Default 3)
-
verify_ipfix_max_entries_per_user
(data)¶ Verify IPFIX maximum entries per user exceeded event
Parameters: data – Decoded IPFIX data records
-
-
class
test_snat.
TestNAT64
(methodName='runTest')¶ Bases:
test_snat.MethodHolder
NAT64 Test Cases
-
clear_nat64
()¶ Clear NAT64 configuration.
-
nat64_get_ses_num
()¶ Return number of active NAT64 sessions.
-
classmethod
setUpClass
()¶
-
tearDown
()¶
-
test_dynamic
()¶ NAT64 dynamic translation test
-
test_hairpinning
()¶ NAT64 hairpinning
-
test_icmp_error
()¶ NAT64 ICMP Error message translation
-
test_interface
()¶ Enable/disable NAT64 feature on the interface
-
test_pool
()¶ Add/delete address to NAT64 pool
-
test_prefix
()¶ NAT64 Network-Specific Prefix
-
test_session_timeout
(*args, **kwargs)¶ NAT64 session timeout
-
test_set_timeouts
()¶ Set NAT64 timeouts
-
test_static
()¶ NAT64 static translation test
-
test_static_bib
()¶ Add/delete static BIB entry
-
-
class
test_snat.
TestSNAT
(methodName='runTest')¶ Bases:
test_snat.MethodHolder
SNAT Test Cases
-
clear_snat
()¶ Clear SNAT configuration.
-
classmethod
setUpClass
()¶
-
snat_add_address
(ip, is_add=1, vrf_id=4294967295)¶ Add/delete S-NAT address
Parameters: - ip – IP address
- is_add – 1 if add, 0 if delete (Default add)
-
snat_add_static_mapping
(local_ip, external_ip='0.0.0.0', local_port=0, external_port=0, vrf_id=0, is_add=1, external_sw_if_index=4294967295, proto=0)¶ Add/delete S-NAT static mapping
Parameters: - local_ip – Local IP address
- external_ip – External IP address
- local_port – Local port number (Optional)
- external_port – External port number (Optional)
- vrf_id – VRF ID (Default 0)
- is_add – 1 if add, 0 if delete (Default add)
- external_sw_if_index – External interface instead of IP address
- proto – IP protocol (Mandatory if port specified)
-
tearDown
()¶
-
test_dynamic
()¶ SNAT dynamic translation test
-
test_dynamic_icmp_errors_in2out_ttl_1
()¶ SNAT handling of client packets with TTL=1
-
test_dynamic_icmp_errors_in2out_ttl_2
()¶ SNAT handling of error responses to client packets with TTL=2
-
test_dynamic_icmp_errors_out2in_ttl_1
()¶ SNAT handling of server packets with TTL=1
-
test_dynamic_icmp_errors_out2in_ttl_2
()¶ SNAT handling of error responses to server packets with TTL=2
-
test_dynamic_ipless_interfaces
()¶ SNAT interfaces without configured ip dynamic map
-
test_hairpinning
()¶ SNAT hairpinning - 1:1 NAT with port
-
test_hairpinning2
()¶ SNAT hairpinning - 1:1 NAT
-
test_hairpinning_unknown_proto
()¶ 1:1 NAT translate packet with unknown protocol - hairpinning
-
test_inside_overlapping_interfaces
()¶ SNAT multiple inside interfaces with overlapping address space
-
test_interface_addr
()¶ Acquire SNAT addresses from interface
-
test_interface_addr_static_mapping
()¶ Static mapping with addresses from interface
-
test_ipfix_addr_exhausted
()¶ S-NAT IPFIX logging NAT addresses exhausted
-
test_ipfix_nat44_sess
()¶ S-NAT IPFIX logging NAT44 session created/delted
-
test_max_translations_per_user
()¶ MAX translations per user - recycle the least recently used
-
test_multiple_inside_interfaces
()¶ SNAT multiple inside interfaces (non-overlapping address space)
-
test_ping_internal_host_from_outside
()¶ Ping internal host from outside network
-
test_ping_out_interface_from_outside
()¶ Ping SNAT out interface from outside network
-
test_pool_addr_fib
()¶ S-NAT add pool addresses to FIB
-
test_static_in
()¶ SNAT 1:1 NAT initialized from inside network
-
test_static_ipless_interfaces
()¶ SNAT 1:1 NAT interfaces without configured ip
-
test_static_out
()¶ SNAT 1:1 NAT initialized from outside network
-
test_static_unknown_proto
()¶ 1:1 NAT translate packet with unknown protocol
-
test_static_vrf_aware
()¶ SNAT 1:1 NAT VRF awareness
-
test_static_with_port_in
()¶ SNAT 1:1 NAT with port initialized from inside network
-
test_static_with_port_ipless_interfaces
()¶ SNAT 1:1 NAT with port interfaces without configured ip
-
test_static_with_port_out
()¶ SNAT 1:1 NAT with port initialized from outside network
-
test_vrf_feature_independent
()¶ S-NAT tenant VRF independent address pool mode
-
test_vrf_mode
()¶ S-NAT tenant VRF aware address pool mode
-