#!/bin/bash # SPDX-License-Identifier: GPL-2.0 # # Test VxLAN flooding. The device stores flood records in a singly linked list # where each record stores up to three IPv4 addresses of remote VTEPs. The test # verifies that packets are correctly flooded in various cases such as deletion # of a record in the middle of the list. # # +--------------------+ # | H1 (vrf) | # | + $h1 | # | | 203.0.113.1/24| # +----|---------------+ # | # +----|----------------------------------------------------------------------+ # | SW | | # | +--|--------------------------------------------------------------------+ | # | | + $swp1 BR0 (802.1d) | | # | | | | # | | + vxlan0 (vxlan) | | # | | local 198.51.100.1 | | # | | remote 198.51.100.{2..13} | | # | | id 10 dstport 4789 | | # | +-----------------------------------------------------------------------+ | # | | # | 198.51.100.0/24 via 192.0.2.2 | # | | # | + $rp1 | # | | 192.0.2.1/24 | # +----|----------------------------------------------------------------------+ # | # +----|--------------------------------------------------------+ # | | R2 (vrf) | # | + $rp2 | # | 192.0.2.2/24 | # | | # +-------------------------------------------------------------+ lib_dir=$(dirname $0)/../../../net/forwarding ALL_TESTS="flooding_test" NUM_NETIFS=4 source $lib_dir/tc_common.sh source $lib_dir/lib.sh h1_create() { simple_if_init $h1 203.0.113.1/24 } h1_destroy() { simple_if_fini $h1 203.0.113.1/24 } switch_create() { # Make sure the bridge uses the MAC address of the local port and # not that of the VxLAN's device ip link add dev br0 type bridge mcast_snooping 0 ip link set dev br0 address $(mac_get $swp1) ip link add name vxlan0 type vxlan id 10 nolearning noudpcsum \ ttl 20 tos inherit local 198.51.100.1 dstport 4789 ip address add 198.51.100.1/32 dev lo ip link set dev $swp1 master br0 ip link set dev vxlan0 master br0 ip link set dev br0 up ip link set dev $swp1 up ip link set dev vxlan0 up } switch_destroy() { ip link set dev vxlan0 down ip link set dev $swp1 down ip link set dev br0 down ip link set dev vxlan0 nomaster ip link set dev $swp1 nomaster ip address del 198.51.100.1/32 dev lo ip link del dev vxlan0 ip link del dev br0 } router1_create() { # This router is in the default VRF, where the VxLAN device is # performing the L3 lookup ip link set dev $rp1 up ip address add 192.0.2.1/24 dev $rp1 ip route add 198.51.100.0/24 via 192.0.2.2 } router1_destroy() { ip route del 198.51.100.0/24 via 192.0.2.2 ip address del 192.0.2.1/24 dev $rp1 ip link set dev $rp1 down } router2_create() { # This router is not in the default VRF, so use simple_if_init() simple_if_init $rp2 192.0.2.2/24 } router2_destroy() { simple_if_fini $rp2 192.0.2.2/24 } setup_prepare() { h1=${NETIFS[p1]} swp1=${NETIFS[p2]} rp1=${NETIFS[p3]} rp2=${NETIFS[p4]} vrf_prepare h1_create switch_create router1_create router2_create forwarding_enable } cleanup() { pre_cleanup forwarding_restore router2_destroy router1_destroy switch_destroy h1_destroy vrf_cleanup } flooding_remotes_add() { local num_remotes=$1 local lsb local i for i in $(eval echo {1..$num_remotes}); do lsb=$((i + 1)) bridge fdb append 00:00:00:00:00:00 dev vxlan0 self \ dst 198.51.100.$lsb done } flooding_filters_add() { local num_remotes=$1 local lsb local i tc qdisc add dev $rp2 clsact for i in $(eval echo {1..$num_remotes}); do lsb=$((i + 1)) tc filter add dev $rp2 ingress protocol ip pref $i handle $i \ flower ip_proto udp dst_ip 198.51.100.$lsb \ dst_port 4789 skip_sw action drop done } flooding_filters_del() { local num_remotes=$1 local i for i in $(eval echo {1..$num_remotes}); do tc filter del dev $rp2 ingress protocol ip pref $i \ handle $i flower done tc qdisc del dev $rp2 clsact } flooding_check_packets() { local packets=("$@") local num_remotes=${#packets[@]} local i for i in $(eval echo {1..$num_remotes}); do tc_check_packets "dev $rp2 ingress" $i ${packets[i - 1]} check_err $? "remote $i - did not get expected number of packets" done } flooding_test() { # Use 12 remote VTEPs that will be stored in 4 records. The array # 'packets' will store how many packets are expected to be received # by each remote VTEP at each stage of the test declare -a packets=(1 1 1 1 1 1 1 1 1 1 1 1) local num_remotes=12 RET=0 # Add FDB entries for remote VTEPs and corresponding tc filters on the # ingress of the nexthop router. These filters will count how many # packets were flooded to each remote VTEP flooding_remotes_add $num_remotes flooding_filters_add $num_remotes # Send one packet and make sure it is flooded to all the remote VTEPs $MZ $h1 -q -p 64 -b de:ad:be:ef:13:37 -t ip -c 1 flooding_check_packets "${packets[@]}" log_test "flood after 1 packet" # Delete the third record which corresponds to VTEPs with LSB 8..10 # and check that packet is flooded correctly when we remove a record # from the middle of the list RET=0 packets=(2 2 2 2 2 2 1 1 1 2 2 2) bridge fdb del 00:00:00:00:00:00 dev vxlan0 self dst 198.51.100.8 bridge fdb del 00:00:00:00:00:00 dev vxlan0 self dst 198.51.100.9 bridge fdb del 00:00:00:00:00:00 dev vxlan0 self dst 198.51.100.10 $MZ $h1 -q -p 64 -b de:ad:be:ef:13:37 -t ip -c 1 flooding_check_packets "${packets[@]}" log_test "flood after 2 packets" # Delete the first record and make sure the packet is flooded correctly RET=0 packets=(2 2 2 3 3 3 1 1 1 3 3 3) bridge fdb del 00:00:00:00:00:00 dev vxlan0 self dst 198.51.100.2 bridge fdb del 00:00:00:00:00:00 dev vxlan0 self dst 198.51.100.3 bridge fdb del 00:00:00:00:00:00 dev vxlan0 self dst 198.51.100.4 $MZ $h1 -q -p 64 -b de:ad:be:ef:13:37 -t ip -c 1 flooding_check_packets "${packets[@]}" log_test "flood after 3 packets" # Delete the last record and make sure the packet is flooded correctly RET=0 packets=(2 2 2 4 4 4 1 1 1 3 3 3) bridge fdb del 00:00:00:00:00:00 dev vxlan0 self dst 198.51.100.11 bridge fdb del 00:00:00:00:00:00 dev vxlan0 self dst 198.51.100.12 bridge fdb del 00:00:00:00:00:00 dev vxlan0 self dst 198.51.100.13 $MZ $h1 -q -p 64 -b de:ad:be:ef:13:37 -t ip -c 1 flooding_check_packets "${packets[@]}" log_test "flood after 4 packets" # Delete the last record, one entry at a time and make sure single # entries are correctly removed RET=0 packets=(2 2 2 4 5 5 1 1 1 3 3 3) bridge fdb del 00:00:00:00:00:00 dev vxlan0 self dst 198.51.100.5 $MZ $h1 -q -p 64 -b de:ad:be:ef:13:37 -t ip -c 1 flooding_check_packets "${packets[@]}" log_test "flood after 5 packets" RET=0 packets=(2 2 2 4 5 6 1 1 1 3 3 3) bridge fdb del 00:00:00:00:00:00 dev vxlan0 self dst 198.51.100.6 $MZ $h1 -q -p 64 -b de:ad:be:ef:13:37 -t ip -c 1 flooding_check_packets "${packets[@]}" log_test "flood after 6 packets" RET=0 packets=(2 2 2 4 5 6 1 1 1 3 3 3) bridge fdb del 00:00:00:00:00:00 dev vxlan0 self dst 198.51.100.7 $MZ $h1 -q -p 64 -b de:ad:be:ef:13:37 -t ip -c 1 flooding_check_packets "${packets[@]}" log_test "flood after 7 packets" flooding_filters_del $num_remotes } trap cleanup EXIT setup_prepare setup_wait tests_run exit $EXIT_STATUS