2.17. test_acl_plugin_l2l3 module¶
ACL IRB Test Case HLD:
- config
- L2 MAC learning enabled in l2bd
- 2 routed interfaces untagged, bvi (Bridge Virtual Interface)
- 2 bridged interfaces in l2bd with bvi
- test
- sending ip4 eth pkts between routed interfaces
- 2 routed interfaces
- 2 bridged interfaces
- 64B, 512B, 1518B, 9200B (ether_size)
- burst of pkts per interface
- 257pkts per burst
- routed pkts hitting different FIB entries
- bridged pkts hitting different MAC entries
- verify
- all packets received correctly
-
class
test_acl_plugin_l2l3.
TestIpIrb
(methodName='runTest')¶ Bases:
framework.VppTestCase
IRB Test Case
-
applied_acl_shuffle
(sw_if_index)¶
-
apply_acl_ip46_both_directions_reflect
(primary_is_bridged_to_routed, reflect_on_l2, is_ip6, add_eh)¶
-
apply_acl_ip46_bridged_to_routed
(test_l2_deny, is_ip6, is_reflect, add_eh)¶
-
apply_acl_ip46_routed_to_bridged
(test_l2_deny, is_ip6, is_reflect, add_eh)¶
-
apply_acl_ip46_x_to_y
(bridged_to_routed, test_l2_deny, is_ip6, is_reflect, add_eh)¶ Apply the ACLs
-
create_acls_for_a_stream
(stream_dict, test_l2_action, is_reflect)¶
-
create_stream
(src_ip_if, dst_ip_if, reverse, packet_sizes, is_ip6, expect_blocked, expect_established, add_extension_header)¶
-
run_test_ip46_bridged_to_routed
(test_l2_deny, is_ip6, is_reflect, add_eh)¶
-
run_test_ip46_bridged_to_routed_and_back
(test_l2_action, is_ip6, add_eh)¶
-
run_test_ip46_routed_to_bridged
(test_l2_deny, is_ip6, is_reflect, add_eh)¶
-
run_test_ip46_routed_to_bridged_and_back
(test_l2_action, is_ip6, add_eh)¶
-
run_traffic_ip46_bridged_to_routed
(test_l2_deny, is_ip6, is_reflect, is_established, add_eh)¶
-
run_traffic_ip46_routed_to_bridged
(test_l2_deny, is_ip6, is_reflect, is_established, add_eh)¶
-
run_traffic_ip46_x_to_y
(bridged_to_routed, test_l2_deny, is_ip6, is_reflect, is_established, add_eh)¶
-
classmethod
setUpClass
()¶ - Create BD with MAC learning enabled and put interfaces to this BD.
- Configure IPv4 addresses on loopback interface and routed interface.
- Configure MAC address binding to IPv4 neighbors on loop0.
- Configure MAC address on pg2.
- Loopback BVI interface has remote hosts, one half of hosts are behind pg0 second behind pg1.
-
tearDown
()¶ Run standard test teardown and log
show l2patch
,show l2fib verbose
,``show bridge-domain <bd_id> detail``,show ip arp
.
-
test_0000_ip6_irb_1
()¶ ACL plugin prepare
-
test_0001_ip6_irb_1
()¶ ACL IPv6 routed -> bridged, L2 ACL deny
-
test_0002_ip6_irb_1
()¶ ACL IPv6 routed -> bridged, L3 ACL deny
-
test_0003_ip4_irb_1
()¶ ACL IPv4 routed -> bridged, L2 ACL deny
-
test_0004_ip4_irb_1
()¶ ACL IPv4 routed -> bridged, L3 ACL deny
-
test_0005_ip6_irb_1
()¶ ACL IPv6 bridged -> routed, L2 ACL deny
-
test_0006_ip6_irb_1
()¶ ACL IPv6 bridged -> routed, L3 ACL deny
-
test_0007_ip6_irb_1
()¶ ACL IPv4 bridged -> routed, L2 ACL deny
-
test_0008_ip6_irb_1
()¶ ACL IPv4 bridged -> routed, L3 ACL deny
-
test_0101_ip6_irb_1
()¶ ACL IPv6 routed -> bridged, L2 ACL permit+reflect
-
test_0102_ip6_irb_1
()¶ ACL IPv6 bridged -> routed, L2 ACL permit+reflect
-
test_0103_ip6_irb_1
()¶ ACL IPv4 routed -> bridged, L2 ACL permit+reflect
-
test_0104_ip6_irb_1
()¶ ACL IPv4 bridged -> routed, L2 ACL permit+reflect
-
test_0111_ip6_irb_1
()¶ ACL IPv6 routed -> bridged, L3 ACL permit+reflect
-
test_0112_ip6_irb_1
()¶ ACL IPv6 bridged -> routed, L3 ACL permit+reflect
-
test_0113_ip6_irb_1
()¶ ACL IPv4 routed -> bridged, L3 ACL permit+reflect
-
test_0114_ip6_irb_1
()¶ ACL IPv4 bridged -> routed, L3 ACL permit+reflect
-
test_1001_ip6_irb_1
()¶ ACL IPv6+EH routed -> bridged, L2 ACL deny
-
test_1002_ip6_irb_1
()¶ ACL IPv6+EH routed -> bridged, L3 ACL deny
-
test_1005_ip6_irb_1
()¶ ACL IPv6+EH bridged -> routed, L2 ACL deny
-
test_1006_ip6_irb_1
()¶ ACL IPv6+EH bridged -> routed, L3 ACL deny
-
test_1101_ip6_irb_1
()¶ ACL IPv6+EH routed -> bridged, L2 ACL permit+reflect
-
test_1102_ip6_irb_1
()¶ ACL IPv6+EH bridged -> routed, L2 ACL permit+reflect
-
test_1111_ip6_irb_1
()¶ ACL IPv6+EH routed -> bridged, L3 ACL permit+reflect
-
test_1112_ip6_irb_1
()¶ ACL IPv6+EH bridged -> routed, L3 ACL permit+reflect
-
test_1201_ip6_irb_1
()¶ ACL IPv4+MF routed -> bridged, L2 ACL deny
-
test_1202_ip6_irb_1
()¶ ACL IPv4+MF routed -> bridged, L3 ACL deny
-
test_1205_ip6_irb_1
()¶ ACL IPv4+MF bridged -> routed, L2 ACL deny
-
test_1206_ip6_irb_1
()¶ ACL IPv4+MF bridged -> routed, L3 ACL deny
-
test_1301_ip6_irb_1
()¶ ACL IPv4+MF routed -> bridged, L2 ACL permit+reflect
-
test_1302_ip6_irb_1
()¶ ACL IPv4+MF bridged -> routed, L2 ACL permit+reflect
-
test_1311_ip6_irb_1
()¶ ACL IPv4+MF routed -> bridged, L3 ACL permit+reflect
-
test_1312_ip6_irb_1
()¶ ACL IPv4+MF bridged -> routed, L3 ACL permit+reflect
-
verify_capture
(dst_ip_if, src_ip_if, capture, reverse)¶
-