-
Notifications
You must be signed in to change notification settings - Fork 1.2k
IPv4 Decapsulation test
Related documents
##Overview
This test case is aimed at testing the DUTs ability to do de-capsulation of IP encapsulated packets, and verify that each decapsulated packet is with the right properties in each field, and forward with the corresponding underlay destination IP to the correct route. The test assumes all routes and decapsulation are set prior by to test, so no configuration is required to be done by the test itself, and the test will correspond only to the right IPs that is configured in the test.
The validation to the routes and the decapsulation is done by sending packets with the corresponding IPs both, in the overlay and underlay. If the test fails, it is the testing responsibility to provide all the debug information which can be retrieved in order to shade more light to the failure for offline debugging as much as possible.
The scope is this test plan is only the Ansible test, including the PTF test and the necessary configuration.
N/A
No CLI commands will be needed for this test.
The decap_conf.j2 will create JSON file that will configure the decap rule for the Decap IP
N/A
The D.U.T must connect with 32 different ports to the PTF docker. And the test must run after BGP configuration so that the default route will be configured
The setup tests assume to have single SONiC (DUT) connected to a switch connected to a server running 32 Arista VMs.
There will be 32 BGP peers connected to the switch. The peers will advertise the default route and update the switch.
PTF host needs to be connected to a port through which it will send packets to the switch and needs to have a connection via ports through which the switch will send forward received packet back to the host for validation.
The peers and SONIC (DUT) will be deployed by an Ansible script. As part of the deployment, the script will generate the routes and decapsulation commands. The decapsulation rule will be generated by J2 script that will output JSON file with Decap IP that will configure through the SWSS config tool.
[ { "TUNNEL_DECAP_TABLE:NETBOUNCER" : { "tunnel_type":"IPINIP", "dst_ip":"{{ansible_lo['ipv4']['address']}}", "dscp_mode":"pipe", "ecn_mode":"copy_from_outer", "ttl_mode":"pipe" }, "OP": "SET" } ]
[ { "TUNNEL_DECAP_TABLE:NETBOUNCER" : { "tunnel_type":"IPINIP", "dst_ip":"10.0.0.1", "dscp_mode":"pipe", "ecn_mode":"copy_from_outer", "ttl_mode":"pipe" }, "OP": "SET" } ]
The test assumes there is a mechanism to validate logs on the DUT where we should be able to analyze /var/log/syslog for error and warning messages related to the current test. In case such messages are detected, the test is considered failed.
The test should have standardized summary section in the following format:
TEST SUMMARY:
TEST: OK/FAIL
LOGS: OK/FAIL
The objective is to validate decapsulation ability and each route has been added to the switch and is functioning properly with the decapsulated packet.
- IP decap IPv4 that will be taken from loopback IP: _Decap IP
- default IPv4 routes that will be configured through the BGP session as ECMP routes.
- unicase IPv4 routes that will configure throught the BGP session as TOR routes.
- The test will use host IP that fall into the default route and for the TOR routes.
- The test will use different outer and inner TTL value combinations for different TTL modes
TTL mode | ttl_outer | ttl_inner | Decap & forwarded? | Expected TTL |
---|---|---|---|---|
pipe | 2 ~ 64 | 2 ~ 64 | Yes | ttl_inner - 1 |
pipe | 64 | 2 | Yes | 1 |
pipe | 1 | 64 | Yes | 63 |
uniform | 2 ~ 64 | 2 ~ 64 | Yes | ttl_outer - 1 |
uniform | 64 | 2 | Yes | 63 |
uniform | 2 | 64 | Yes | 1 |
- From the PTF docker, craft and sent through all the ports a double encapsulated IP packets as follows:
-
outer IP header [S:2.2.2.0,D:
Decap IP]
-
inner IP header [S:1.1.1.1,D:
host IP]
ECN and DSCP will be set to values picked from allowed range in a round robin way, for the overlay and the underlay.
ECN_outer != ECN_inner1
DSCP_outer != DSCP_inner1
TTL_outer != TTL_outer1
all other fields will be PTF default for simple_tcp_packet function
-
Verify the Sonic does not see the encapsulated packet. the IP-in-IP packet should not go to CPU, the packet should not be seen on the DUT.
-
Confirm that the packet that comes back to PTF Docker decapsulated from one of the expected ports. and the L3 header fields will look like this :
-
IP header [S:1.1.1.1,D:
host port0 IP]
TTL = TTL_inner - 1 when ttl_mode=pipe
TTL = TTL_outer - 1 when ttl_mode=uniform
ECN = ECN_outer
DSCP = DSCP_outer
- repeat steps 1-4 32 times, so each port will send 2 packets one for unicast route and one ecmp route.
####Test objective
The objective is to validate decapsulation ability with triple encapsulated packet and each route has been added to the switch and is functioning properly with the decapsulated packet.
- IP decap IPv4 that will be taken from loopback IP: Decap IP
- ECMP route IPv4 that will be configured through the BGP session as ECMP routes.
- unicase IPv4 routes that will configure throught the BGP session as TOR routes.
####Test description
- The test will use host IP that is one of the routes preconfigured in the BGP session (ECMP and Unicast).
- The test will use different outer and inner TTL value combinations for different TTL modes
TTL mode | ttl_outer | ttl_inner | Decap & forwarded? | Expected TTL |
---|---|---|---|---|
pipe | 2 ~ 64 | 2 ~ 64 | Yes | ttl_inner - 1 |
pipe | 64 | 2 | Yes | 1 |
pipe | 1 | 64 | Yes | 63 |
uniform | 2 ~ 64 | 2 ~ 64 | Yes | ttl_outer - 1 |
uniform | 64 | 2 | Yes | 63 |
uniform | 2 | 64 | Yes | 1 |
- From the PTF docker, craft and sent through all the ports a triple encapsulated IP packets as follows:
-
outer IP header [S:2.2.2.0,D:
Decap IP]
-
inner1 IP header [S:1.1.1.1,D:
host IP]
inner2 IP header [S:4.4.4.4,D:4.4.4.3]
ECN and DSCP will be set to values picked from allowed range in a round robin way, for the overlay and the underlay.
ECN_outer != ECN_inner1
DSCP_outer != DSCP_inner1
TTL_outer != TTL_inner1
all other fields will be PTF default for simple_tcp_packet function
-
Verify the Sonic does not see the encapsulated packet. the IP-in-IP packet should not go to CPU, the packet should not be seen on the DUT.
-
Confirm that the packet that comes back to PTF Docker decapsulated from one of the expected ports. and the L3 header fields will look like this:
- outer IP headers
-
IPs [S:1.1.1.1,D:
host IP]
TTL = TTL_inner - 1 when ttl_mode=pipe
TTL = TTL_outer - 1 when ttl_mode=uniform
ECN = ECN_outer
DSCP = DSCP_outer
-
- inner IP headers : PTF default for simple_tcp_packet function
- repeat steps 1-4 32 times, so each port will send 2 packets one for unicast route and one ecmp route.
-
For Users
-
For Developers
-
Subgroups/Working Groups
-
Presentations
-
Join Us