|
 |
bbaaef |
From fcf41d43c6286f6794a690541f7ac657b216f46f Mon Sep 17 00:00:00 2001
|
|
|
bbaaef |
From: Russell Bryant <russell@ovn.org>
|
|
|
bbaaef |
Date: Fri, 25 Oct 2019 11:58:32 -0400
|
|
|
bbaaef |
Subject: [PATCH 5/5] system-ovn: Add IPv6 NAT test cases
|
|
|
bbaaef |
|
|
|
bbaaef |
These tests failed prior to the changes leading up to this one.
|
|
|
bbaaef |
|
|
|
bbaaef |
Signed-off-by: Russell Bryant <russell@ovn.org>
|
|
|
bbaaef |
Acked-by: Numan Siddique <numans@ovn.org>
|
|
|
bbaaef |
---
|
|
|
bbaaef |
tests/system-ovn.at | 862 +++++++++++++++++++++++++++++++++++++++++++-
|
|
|
bbaaef |
1 file changed, 860 insertions(+), 2 deletions(-)
|
|
|
bbaaef |
|
|
|
bbaaef |
diff --git a/tests/system-ovn.at b/tests/system-ovn.at
|
|
|
bbaaef |
index f88ad31e4..b3f90aae2 100644
|
|
|
bbaaef |
--- a/tests/system-ovn.at
|
|
|
bbaaef |
+++ b/tests/system-ovn.at
|
|
|
bbaaef |
@@ -176,6 +176,186 @@ OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
|
|
|
bbaaef |
/connection dropped.*/d"])
|
|
|
bbaaef |
AT_CLEANUP
|
|
|
bbaaef |
|
|
|
bbaaef |
+AT_SETUP([ovn -- 2 LRs connected via LS, gateway router, SNAT and DNAT - IPv6])
|
|
|
bbaaef |
+AT_KEYWORDS([ovnnat])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+CHECK_CONNTRACK()
|
|
|
bbaaef |
+CHECK_CONNTRACK_NAT()
|
|
|
bbaaef |
+ovn_start
|
|
|
bbaaef |
+OVS_TRAFFIC_VSWITCHD_START()
|
|
|
bbaaef |
+ADD_BR([br-int])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Set external-ids in br-int needed for ovn-controller
|
|
|
bbaaef |
+ovs-vsctl \
|
|
|
bbaaef |
+ -- set Open_vSwitch . external-ids:system-id=hv1 \
|
|
|
bbaaef |
+ -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
|
|
|
bbaaef |
+ -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
|
|
|
bbaaef |
+ -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \
|
|
|
bbaaef |
+ -- set bridge br-int fail-mode=secure other-config:disable-in-band=true
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Start ovn-controller
|
|
|
bbaaef |
+start_daemon ovn-controller
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Logical network:
|
|
|
bbaaef |
+# Two LRs - R1 and R2 that are connected to each other via LS "join"
|
|
|
bbaaef |
+# in fd00::/64 network. R1 has switchess foo (fd11::/64) and
|
|
|
bbaaef |
+# bar (fd12::/64) connected to it. R2 has alice (fd21::/64) connected
|
|
|
bbaaef |
+# to it. R2 is a gateway router on which we add NAT rules.
|
|
|
bbaaef |
+#
|
|
|
bbaaef |
+# foo -- R1 -- join - R2 -- alice
|
|
|
bbaaef |
+# |
|
|
|
bbaaef |
+# bar ----
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+ovn-nbctl create Logical_Router name=R1
|
|
|
bbaaef |
+ovn-nbctl create Logical_Router name=R2 options:chassis=hv1
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+ovn-nbctl ls-add foo
|
|
|
bbaaef |
+ovn-nbctl ls-add bar
|
|
|
bbaaef |
+ovn-nbctl ls-add alice
|
|
|
bbaaef |
+ovn-nbctl ls-add join
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Connect foo to R1
|
|
|
bbaaef |
+ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 fd11::1/64
|
|
|
bbaaef |
+ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
|
|
|
bbaaef |
+ type=router options:router-port=foo addresses=\"00:00:01:01:02:03\"
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Connect bar to R1
|
|
|
bbaaef |
+ovn-nbctl lrp-add R1 bar 00:00:01:01:02:04 fd12::1/64
|
|
|
bbaaef |
+ovn-nbctl lsp-add bar rp-bar -- set Logical_Switch_Port rp-bar \
|
|
|
bbaaef |
+ type=router options:router-port=bar addresses=\"00:00:01:01:02:04\"
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Connect alice to R2
|
|
|
bbaaef |
+ovn-nbctl lrp-add R2 alice 00:00:02:01:02:03 fd21::1/64
|
|
|
bbaaef |
+ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
|
|
|
bbaaef |
+ type=router options:router-port=alice addresses=\"00:00:02:01:02:03\"
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Connect R1 to join
|
|
|
bbaaef |
+ovn-nbctl lrp-add R1 R1_join 00:00:04:01:02:03 fd00::1/64
|
|
|
bbaaef |
+ovn-nbctl lsp-add join r1-join -- set Logical_Switch_Port r1-join \
|
|
|
bbaaef |
+ type=router options:router-port=R1_join addresses='"00:00:04:01:02:03"'
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Connect R2 to join
|
|
|
bbaaef |
+ovn-nbctl lrp-add R2 R2_join 00:00:04:01:02:04 fd00::2/64
|
|
|
bbaaef |
+ovn-nbctl lsp-add join r2-join -- set Logical_Switch_Port r2-join \
|
|
|
bbaaef |
+ type=router options:router-port=R2_join addresses='"00:00:04:01:02:04"'
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Static routes.
|
|
|
bbaaef |
+ovn-nbctl lr-route-add R1 fd21::/64 fd00::2
|
|
|
bbaaef |
+ovn-nbctl lr-route-add R2 fd11::/64 fd00::1
|
|
|
bbaaef |
+ovn-nbctl lr-route-add R2 fd12::/64 fd00::1
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Logical port 'foo1' in switch 'foo'.
|
|
|
bbaaef |
+ADD_NAMESPACES(foo1)
|
|
|
bbaaef |
+ADD_VETH(foo1, foo1, br-int, "fd11::2/64", "f0:00:00:01:02:03", \
|
|
|
bbaaef |
+ "fd11::1")
|
|
|
bbaaef |
+OVS_WAIT_UNTIL([test "$(ip netns exec foo1 ip a | grep fd11::2 | grep tentative)" = ""])
|
|
|
bbaaef |
+ovn-nbctl lsp-add foo foo1 \
|
|
|
bbaaef |
+-- lsp-set-addresses foo1 "f0:00:00:01:02:03 fd11::2"
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Logical port 'alice1' in switch 'alice'.
|
|
|
bbaaef |
+ADD_NAMESPACES(alice1)
|
|
|
bbaaef |
+ADD_VETH(alice1, alice1, br-int, "fd21::2/64", "f0:00:00:01:02:04", \
|
|
|
bbaaef |
+ "fd21::1")
|
|
|
bbaaef |
+OVS_WAIT_UNTIL([test "$(ip netns exec alice1 ip a | grep fd21::2 | grep tentative)" = ""])
|
|
|
bbaaef |
+ovn-nbctl lsp-add alice alice1 \
|
|
|
bbaaef |
+-- lsp-set-addresses alice1 "f0:00:00:01:02:04 fd21::2"
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Logical port 'bar1' in switch 'bar'.
|
|
|
bbaaef |
+ADD_NAMESPACES(bar1)
|
|
|
bbaaef |
+ADD_VETH(bar1, bar1, br-int, "fd12::2/64", "f0:00:00:01:02:05", \
|
|
|
bbaaef |
+ "fd12::1")
|
|
|
bbaaef |
+OVS_WAIT_UNTIL([test "$(ip netns exec bar1 ip a | grep fd12::2 | grep tentative)" = ""])
|
|
|
bbaaef |
+ovn-nbctl lsp-add bar bar1 \
|
|
|
bbaaef |
+-- lsp-set-addresses bar1 "f0:00:00:01:02:05 fd12::2"
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Add a DNAT rule.
|
|
|
bbaaef |
+ovn-nbctl -- --id=@nat create nat type="dnat" logical_ip=\"fd11::2\" \
|
|
|
bbaaef |
+ external_ip=\"fd30::2\" -- add logical_router R2 nat @nat
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Add a SNAT rule
|
|
|
bbaaef |
+ovn-nbctl -- --id=@nat create nat type="snat" logical_ip=\"fd12::2\" \
|
|
|
bbaaef |
+ external_ip=\"fd30::1\" -- add logical_router R2 nat @nat
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# wait for ovn-controller to catch up.
|
|
|
bbaaef |
+ovn-nbctl --wait=hv sync
|
|
|
bbaaef |
+OVS_WAIT_UNTIL([ovs-ofctl dump-flows br-int | grep 'nat(src=fd30::1)'])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# 'alice1' should be able to ping 'foo1' directly.
|
|
|
bbaaef |
+NS_CHECK_EXEC([alice1], [ping -6 -v -q -c 3 -i 0.3 -w 2 fd11::2 | FORMAT_PING], \
|
|
|
bbaaef |
+[0], [dnl
|
|
|
bbaaef |
+3 packets transmitted, 3 received, 0% packet loss, time 0ms
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# North-South DNAT: 'alice1' should also be able to ping 'foo1' via fd30::2
|
|
|
bbaaef |
+NS_CHECK_EXEC([alice1], [ping -6 -q -c 3 -i 0.3 -w 2 fd30::2 | FORMAT_PING], \
|
|
|
bbaaef |
+[0], [dnl
|
|
|
bbaaef |
+3 packets transmitted, 3 received, 0% packet loss, time 0ms
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Check conntrack entries.
|
|
|
bbaaef |
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fd21::2) | \
|
|
|
bbaaef |
+sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
|
|
|
bbaaef |
+icmpv6,orig=(src=fd21::2,dst=fd30::2,id=<cleared>,type=128,code=0),reply=(src=fd11::2,dst=fd21::2,id=<cleared>,type=129,code=0),zone=<cleared>
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# South-North SNAT: 'bar1' pings 'alice1'. But 'alice1' receives traffic
|
|
|
bbaaef |
+# from fd30::1
|
|
|
bbaaef |
+NS_CHECK_EXEC([bar1], [ping -6 -q -c 3 -i 0.3 -w 2 fd21::2 | FORMAT_PING], \
|
|
|
bbaaef |
+[0], [dnl
|
|
|
bbaaef |
+3 packets transmitted, 3 received, 0% packet loss, time 0ms
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# We verify that SNAT indeed happened via 'dump-conntrack' command.
|
|
|
bbaaef |
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fd30::1) | \
|
|
|
bbaaef |
+sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
|
|
|
bbaaef |
+icmpv6,orig=(src=fd12::2,dst=fd21::2,id=<cleared>,type=128,code=0),reply=(src=fd21::2,dst=fd30::1,id=<cleared>,type=129,code=0),zone=<cleared>
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Add static routes to handle east-west NAT.
|
|
|
bbaaef |
+ovn-nbctl lr-route-add R1 fd30::/64 fd00::2
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# wait for ovn-controller to catch up.
|
|
|
bbaaef |
+ovn-nbctl --wait=hv sync
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Flush conntrack entries for easier output parsing of next test.
|
|
|
bbaaef |
+AT_CHECK([ovs-appctl dpctl/flush-conntrack])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# East-west DNAT and SNAT: 'bar1' pings fd30::2. 'foo1' receives it.
|
|
|
bbaaef |
+NS_CHECK_EXEC([bar1], [ping -6 -q -c 3 -i 0.3 -w 2 fd30::2 | FORMAT_PING], \
|
|
|
bbaaef |
+[0], [dnl
|
|
|
bbaaef |
+3 packets transmitted, 3 received, 0% packet loss, time 0ms
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# As we have a static route that sends all packets with destination
|
|
|
bbaaef |
+# fd30::2 to R2, it hits the DNAT rule and converts fd30::2 to fd11::2
|
|
|
bbaaef |
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fd30::2) | \
|
|
|
bbaaef |
+sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
|
|
|
bbaaef |
+icmpv6,orig=(src=fd12::2,dst=fd30::2,id=<cleared>,type=128,code=0),reply=(src=fd11::2,dst=fd12::2,id=<cleared>,type=129,code=0),zone=<cleared>
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# As we have a SNAT rule that converts fd12::2 to fd30::1, the source is
|
|
|
bbaaef |
+# SNATted and 'foo1' receives it.
|
|
|
bbaaef |
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fd30::1) | \
|
|
|
bbaaef |
+sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
|
|
|
bbaaef |
+icmpv6,orig=(src=fd12::2,dst=fd11::2,id=<cleared>,type=128,code=0),reply=(src=fd11::2,dst=fd30::1,id=<cleared>,type=129,code=0),zone=<cleared>
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+OVS_APP_EXIT_AND_WAIT([ovn-controller])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+as ovn-sb
|
|
|
bbaaef |
+OVS_APP_EXIT_AND_WAIT([ovsdb-server])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+as ovn-nb
|
|
|
bbaaef |
+OVS_APP_EXIT_AND_WAIT([ovsdb-server])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+as northd
|
|
|
bbaaef |
+OVS_APP_EXIT_AND_WAIT([ovn-northd])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+as
|
|
|
bbaaef |
+OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
|
|
|
bbaaef |
+/connection dropped.*/d"])
|
|
|
bbaaef |
+AT_CLEANUP
|
|
|
bbaaef |
+
|
|
|
bbaaef |
AT_SETUP([ovn -- 2 LRs connected via LS, gateway router, easy SNAT])
|
|
|
bbaaef |
AT_KEYWORDS([ovnnat])
|
|
|
bbaaef |
|
|
|
bbaaef |
@@ -286,6 +466,118 @@ OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
|
|
|
bbaaef |
/connection dropped.*/d"])
|
|
|
bbaaef |
AT_CLEANUP
|
|
|
bbaaef |
|
|
|
bbaaef |
+AT_SETUP([ovn -- 2 LRs connected via LS, gateway router, easy SNAT - IPv6])
|
|
|
bbaaef |
+AT_KEYWORDS([ovnnat])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+CHECK_CONNTRACK()
|
|
|
bbaaef |
+CHECK_CONNTRACK_NAT()
|
|
|
bbaaef |
+ovn_start
|
|
|
bbaaef |
+OVS_TRAFFIC_VSWITCHD_START()
|
|
|
bbaaef |
+ADD_BR([br-int])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Set external-ids in br-int needed for ovn-controller
|
|
|
bbaaef |
+ovs-vsctl \
|
|
|
bbaaef |
+ -- set Open_vSwitch . external-ids:system-id=hv1 \
|
|
|
bbaaef |
+ -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
|
|
|
bbaaef |
+ -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
|
|
|
bbaaef |
+ -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \
|
|
|
bbaaef |
+ -- set bridge br-int fail-mode=secure other-config:disable-in-band=true
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Start ovn-controller
|
|
|
bbaaef |
+start_daemon ovn-controller
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Logical network:
|
|
|
bbaaef |
+# Two LRs - R1 and R2 that are connected to each other via LS "join"
|
|
|
bbaaef |
+# in fd20::/64 network. R1 has switchess foo (fd10::/64) connected
|
|
|
bbaaef |
+# to it. R2 has alice (fd30::/64) connected to it.
|
|
|
bbaaef |
+# R2 is a gateway router on which we add NAT rules.
|
|
|
bbaaef |
+#
|
|
|
bbaaef |
+# foo -- R1 -- join - R2 -- alice
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+ovn-nbctl lr-add R1
|
|
|
bbaaef |
+ovn-nbctl lr-add R2 -- set Logical_Router R2 options:chassis=hv1
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+ovn-nbctl ls-add foo
|
|
|
bbaaef |
+ovn-nbctl ls-add alice
|
|
|
bbaaef |
+ovn-nbctl ls-add join
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 fd10::1/64
|
|
|
bbaaef |
+ovn-nbctl lrp-add R2 alice 00:00:02:01:02:03 fd30::1/64
|
|
|
bbaaef |
+ovn-nbctl lrp-add R1 R1_join 00:00:04:01:02:03 fd20::1/64
|
|
|
bbaaef |
+ovn-nbctl lrp-add R2 R2_join 00:00:04:01:02:04 fd20::2/64
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Connect foo to R1
|
|
|
bbaaef |
+ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
|
|
|
bbaaef |
+ type=router options:router-port=foo addresses=\"00:00:01:01:02:03\"
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Connect alice to R2
|
|
|
bbaaef |
+ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
|
|
|
bbaaef |
+ type=router options:router-port=alice addresses=\"00:00:02:01:02:03\"
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Connect R1 to join
|
|
|
bbaaef |
+ovn-nbctl lsp-add join r1-join -- set Logical_Switch_Port r1-join \
|
|
|
bbaaef |
+ type=router options:router-port=R1_join addresses='"00:00:04:01:02:03"'
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Connect R2 to join
|
|
|
bbaaef |
+ovn-nbctl lsp-add join r2-join -- set Logical_Switch_Port r2-join \
|
|
|
bbaaef |
+ type=router options:router-port=R2_join addresses='"00:00:04:01:02:04"'
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Static routes.
|
|
|
bbaaef |
+ovn-nbctl lr-route-add R1 fd30::/64 fd20::2
|
|
|
bbaaef |
+ovn-nbctl lr-route-add R2 fd10::/64 fd20::1
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Logical port 'foo1' in switch 'foo'.
|
|
|
bbaaef |
+ADD_NAMESPACES(foo1)
|
|
|
bbaaef |
+ADD_VETH(foo1, foo1, br-int, "fd10::2/64", "f0:00:00:01:02:03", \
|
|
|
bbaaef |
+ "fd10::1")
|
|
|
bbaaef |
+OVS_WAIT_UNTIL([test "$(ip netns exec foo1 ip a | grep fd10::2 | grep tentative)" = ""])
|
|
|
bbaaef |
+ovn-nbctl lsp-add foo foo1 \
|
|
|
bbaaef |
+-- lsp-set-addresses foo1 "f0:00:00:01:02:03 fd10::2"
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Logical port 'alice1' in switch 'alice'.
|
|
|
bbaaef |
+ADD_NAMESPACES(alice1)
|
|
|
bbaaef |
+ADD_VETH(alice1, alice1, br-int, "fd30::2/64", "f0:00:00:01:02:04", \
|
|
|
bbaaef |
+ "fd30::1")
|
|
|
bbaaef |
+OVS_WAIT_UNTIL([test "$(ip netns exec alice1 ip a | grep fd30::2 | grep tentative)" = ""])
|
|
|
bbaaef |
+ovn-nbctl lsp-add alice alice1 \
|
|
|
bbaaef |
+-- lsp-set-addresses alice1 "f0:00:00:01:02:04 fd30::2"
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Add a SNAT rule
|
|
|
bbaaef |
+ovn-nbctl -- --id=@nat create nat type="snat" logical_ip=\"fd10::2\" \
|
|
|
bbaaef |
+ external_ip=\"fd30::1\" -- add logical_router R2 nat @nat
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+ovn-nbctl --wait=hv sync
|
|
|
bbaaef |
+OVS_WAIT_UNTIL([ovs-ofctl dump-flows br-int | grep 'nat(src=fd30::1)'])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# South-North SNAT: 'foo1' pings 'alice1'. But 'alice1' receives traffic
|
|
|
bbaaef |
+# from fd30::1
|
|
|
bbaaef |
+NS_CHECK_EXEC([foo1], [ping -q -c 3 -i 0.3 -w 2 fd30::2 | FORMAT_PING], \
|
|
|
bbaaef |
+[0], [dnl
|
|
|
bbaaef |
+3 packets transmitted, 3 received, 0% packet loss, time 0ms
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# We verify that SNAT indeed happened via 'dump-conntrack' command.
|
|
|
bbaaef |
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fd30::1) | \
|
|
|
bbaaef |
+sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
|
|
|
bbaaef |
+icmpv6,orig=(src=fd10::2,dst=fd30::2,id=<cleared>,type=128,code=0),reply=(src=fd30::2,dst=fd30::1,id=<cleared>,type=129,code=0),zone=<cleared>
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+OVS_APP_EXIT_AND_WAIT([ovn-controller])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+as ovn-sb
|
|
|
bbaaef |
+OVS_APP_EXIT_AND_WAIT([ovsdb-server])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+as ovn-nb
|
|
|
bbaaef |
+OVS_APP_EXIT_AND_WAIT([ovsdb-server])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+as northd
|
|
|
bbaaef |
+OVS_APP_EXIT_AND_WAIT([ovn-northd])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+as
|
|
|
bbaaef |
+OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
|
|
|
bbaaef |
+/connection dropped.*/d"])
|
|
|
bbaaef |
+AT_CLEANUP
|
|
|
bbaaef |
+
|
|
|
bbaaef |
AT_SETUP([ovn -- multiple gateway routers, SNAT and DNAT])
|
|
|
bbaaef |
AT_KEYWORDS([ovnnat])
|
|
|
bbaaef |
|
|
|
bbaaef |
@@ -485,9 +777,237 @@ NS_CHECK_EXEC([foo1], [ping -q -c 3 -i 0.3 -w 2 172.16.1.3 | FORMAT_PING], \
|
|
|
bbaaef |
])
|
|
|
bbaaef |
|
|
|
bbaaef |
# We verify that SNAT indeed happened via 'dump-conntrack' command.
|
|
|
bbaaef |
-AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(30.0.0.1) | \
|
|
|
bbaaef |
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(30.0.0.1) | \
|
|
|
bbaaef |
+sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
|
|
|
bbaaef |
+icmp,orig=(src=192.168.1.2,dst=172.16.1.3,id=<cleared>,type=8,code=0),reply=(src=172.16.1.3,dst=30.0.0.1,id=<cleared>,type=0,code=0),zone=<cleared>
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+OVS_APP_EXIT_AND_WAIT([ovn-controller])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+as ovn-sb
|
|
|
bbaaef |
+OVS_APP_EXIT_AND_WAIT([ovsdb-server])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+as ovn-nb
|
|
|
bbaaef |
+OVS_APP_EXIT_AND_WAIT([ovsdb-server])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+as northd
|
|
|
bbaaef |
+OVS_APP_EXIT_AND_WAIT([ovn-northd])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+as
|
|
|
bbaaef |
+OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
|
|
|
bbaaef |
+/connection dropped.*/d"])
|
|
|
bbaaef |
+AT_CLEANUP
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+AT_SETUP([ovn -- multiple gateway routers, SNAT and DNAT - IPv6])
|
|
|
bbaaef |
+AT_KEYWORDS([ovnnat])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+CHECK_CONNTRACK()
|
|
|
bbaaef |
+CHECK_CONNTRACK_NAT()
|
|
|
bbaaef |
+ovn_start
|
|
|
bbaaef |
+OVS_TRAFFIC_VSWITCHD_START()
|
|
|
bbaaef |
+ADD_BR([br-int])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Set external-ids in br-int needed for ovn-controller
|
|
|
bbaaef |
+ovs-vsctl \
|
|
|
bbaaef |
+ -- set Open_vSwitch . external-ids:system-id=hv1 \
|
|
|
bbaaef |
+ -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
|
|
|
bbaaef |
+ -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
|
|
|
bbaaef |
+ -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \
|
|
|
bbaaef |
+ -- set bridge br-int fail-mode=secure other-config:disable-in-band=true
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Start ovn-controller
|
|
|
bbaaef |
+start_daemon ovn-controller
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Logical network:
|
|
|
bbaaef |
+# Three LRs - R1, R2 and R3 that are connected to each other via LS "join"
|
|
|
bbaaef |
+# in fd20::/64 network. R1 has switchess foo (fd11::/64) and
|
|
|
bbaaef |
+# bar (fd12::/64) connected to it. R2 has alice (fd30::/64) connected
|
|
|
bbaaef |
+# to it. R3 has bob (fd30::/64) connected to it. Note how both alice and
|
|
|
bbaaef |
+# bob have the same subnet behind it. We are trying to simulate external
|
|
|
bbaaef |
+# network via those 2 switches. In real world the switch ports of these
|
|
|
bbaaef |
+# switches will have addresses set as "unknown" to make them learning switches.
|
|
|
bbaaef |
+# Or those switches will be "localnet" ones.
|
|
|
bbaaef |
+#
|
|
|
bbaaef |
+# foo -- R1 -- join - R2 -- alice
|
|
|
bbaaef |
+# | |
|
|
|
bbaaef |
+# bar ---- - R3 --- bob
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+ovn-nbctl create Logical_Router name=R1
|
|
|
bbaaef |
+ovn-nbctl create Logical_Router name=R2 options:chassis=hv1
|
|
|
bbaaef |
+ovn-nbctl create Logical_Router name=R3 options:chassis=hv1
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+ovn-nbctl ls-add foo
|
|
|
bbaaef |
+ovn-nbctl ls-add bar
|
|
|
bbaaef |
+ovn-nbctl ls-add alice
|
|
|
bbaaef |
+ovn-nbctl ls-add bob
|
|
|
bbaaef |
+ovn-nbctl ls-add join
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Connect foo to R1
|
|
|
bbaaef |
+ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 fd11::1/64
|
|
|
bbaaef |
+ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
|
|
|
bbaaef |
+ type=router options:router-port=foo addresses=\"00:00:01:01:02:03\"
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Connect bar to R1
|
|
|
bbaaef |
+ovn-nbctl lrp-add R1 bar 00:00:01:01:02:04 fd12::1/64
|
|
|
bbaaef |
+ovn-nbctl lsp-add bar rp-bar -- set Logical_Switch_Port rp-bar \
|
|
|
bbaaef |
+ type=router options:router-port=bar addresses=\"00:00:01:01:02:04\"
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Connect alice to R2
|
|
|
bbaaef |
+ovn-nbctl lrp-add R2 alice 00:00:02:01:02:03 fd30::1/64
|
|
|
bbaaef |
+ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
|
|
|
bbaaef |
+ type=router options:router-port=alice addresses=\"00:00:02:01:02:03\"
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Connect bob to R3
|
|
|
bbaaef |
+ovn-nbctl lrp-add R3 bob 00:00:03:01:02:03 fd30::2/64
|
|
|
bbaaef |
+ovn-nbctl lsp-add bob rp-bob -- set Logical_Switch_Port rp-bob \
|
|
|
bbaaef |
+ type=router options:router-port=bob addresses=\"00:00:03:01:02:03\"
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Connect R1 to join
|
|
|
bbaaef |
+ovn-nbctl lrp-add R1 R1_join 00:00:04:01:02:03 fd20::1/64
|
|
|
bbaaef |
+ovn-nbctl lsp-add join r1-join -- set Logical_Switch_Port r1-join \
|
|
|
bbaaef |
+ type=router options:router-port=R1_join addresses='"00:00:04:01:02:03"'
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Connect R2 to join
|
|
|
bbaaef |
+ovn-nbctl lrp-add R2 R2_join 00:00:04:01:02:04 fd20::2/64
|
|
|
bbaaef |
+ovn-nbctl lsp-add join r2-join -- set Logical_Switch_Port r2-join \
|
|
|
bbaaef |
+ type=router options:router-port=R2_join addresses='"00:00:04:01:02:04"'
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Connect R3 to join
|
|
|
bbaaef |
+ovn-nbctl lrp-add R3 R3_join 00:00:04:01:02:05 fd20::3/64
|
|
|
bbaaef |
+ovn-nbctl lsp-add join r3-join -- set Logical_Switch_Port r3-join \
|
|
|
bbaaef |
+ type=router options:router-port=R3_join addresses='"00:00:04:01:02:05"'
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Install static routes with source ip address as the policy for routing.
|
|
|
bbaaef |
+# We want traffic from 'foo' to go via R2 and traffic of 'bar' to go via R3.
|
|
|
bbaaef |
+ovn-nbctl --policy="src-ip" lr-route-add R1 fd11::/64 fd20::2
|
|
|
bbaaef |
+ovn-nbctl --policy="src-ip" lr-route-add R1 fd12::/64 fd20::3
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Static routes.
|
|
|
bbaaef |
+ovn-nbctl lr-route-add R2 fd11::/64 fd20::1
|
|
|
bbaaef |
+ovn-nbctl lr-route-add R2 fd12::/64 fd20::1
|
|
|
bbaaef |
+ovn-nbctl lr-route-add R3 fd11::/64 fd20::1
|
|
|
bbaaef |
+ovn-nbctl lr-route-add R3 fd12::/64 fd20::1
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# For gateway routers R2 and R3, set a force SNAT rule.
|
|
|
bbaaef |
+ovn-nbctl set logical_router R2 options:dnat_force_snat_ip=fd20::2
|
|
|
bbaaef |
+ovn-nbctl set logical_router R3 options:dnat_force_snat_ip=fd20::3
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Logical port 'foo1' in switch 'foo'.
|
|
|
bbaaef |
+ADD_NAMESPACES(foo1)
|
|
|
bbaaef |
+ADD_VETH(foo1, foo1, br-int, "fd11::2/64", "f0:00:00:01:02:03", \
|
|
|
bbaaef |
+ "fd11::1")
|
|
|
bbaaef |
+OVS_WAIT_UNTIL([test "$(ip netns exec foo1 ip a | grep fd11::2 | grep tentative)" = ""])
|
|
|
bbaaef |
+ovn-nbctl lsp-add foo foo1 \
|
|
|
bbaaef |
+-- lsp-set-addresses foo1 "f0:00:00:01:02:03 fd11::2"
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Logical port 'alice1' in switch 'alice'.
|
|
|
bbaaef |
+ADD_NAMESPACES(alice1)
|
|
|
bbaaef |
+ADD_VETH(alice1, alice1, br-int, "fd30::3/64", "f0:00:00:01:02:04", \
|
|
|
bbaaef |
+ "fd30::1")
|
|
|
bbaaef |
+OVS_WAIT_UNTIL([test "$(ip netns exec alice1 ip a | grep fd30::3 | grep tentative)" = ""])
|
|
|
bbaaef |
+ovn-nbctl lsp-add alice alice1 \
|
|
|
bbaaef |
+-- lsp-set-addresses alice1 "f0:00:00:01:02:04 fd30::3"
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Logical port 'bar1' in switch 'bar'.
|
|
|
bbaaef |
+ADD_NAMESPACES(bar1)
|
|
|
bbaaef |
+ADD_VETH(bar1, bar1, br-int, "fd12::2/64", "f0:00:00:01:02:05", \
|
|
|
bbaaef |
+ "fd12::1")
|
|
|
bbaaef |
+OVS_WAIT_UNTIL([test "$(ip netns exec bar1 ip a | grep fd12::2 | grep tentative)" = ""])
|
|
|
bbaaef |
+ovn-nbctl lsp-add bar bar1 \
|
|
|
bbaaef |
+-- lsp-set-addresses bar1 "f0:00:00:01:02:05 fd12::2"
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Logical port 'bob1' in switch 'bob'.
|
|
|
bbaaef |
+ADD_NAMESPACES(bob1)
|
|
|
bbaaef |
+ADD_VETH(bob1, bob1, br-int, "fd30::4/64", "f0:00:00:01:02:06", \
|
|
|
bbaaef |
+ "fd30::2")
|
|
|
bbaaef |
+OVS_WAIT_UNTIL([test "$(ip netns exec bob1 ip a | grep fd30::4 | grep tentative)" = ""])
|
|
|
bbaaef |
+ovn-nbctl lsp-add bob bob1 \
|
|
|
bbaaef |
+-- lsp-set-addresses bob1 "f0:00:00:01:02:06 fd30::4"
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# External IPs -- 30.0.0.N --> fd40::N (from IPv4 version of test case)
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Router R2
|
|
|
bbaaef |
+# Add a DNAT rule.
|
|
|
bbaaef |
+ovn-nbctl -- --id=@nat create nat type="dnat" logical_ip='"fd11::2"' \
|
|
|
bbaaef |
+ external_ip='"fd40::2"' -- add logical_router R2 nat @nat
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Add a SNAT rule
|
|
|
bbaaef |
+ovn-nbctl -- --id=@nat create nat type="snat" logical_ip='"fd11::2"' \
|
|
|
bbaaef |
+ external_ip='"fd40::1"' -- add logical_router R2 nat @nat
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Router R3
|
|
|
bbaaef |
+# Add a DNAT rule.
|
|
|
bbaaef |
+ovn-nbctl -- --id=@nat create nat type="dnat" logical_ip='"fd11::2"' \
|
|
|
bbaaef |
+ external_ip='"fd40::3"' -- add logical_router R3 nat @nat
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Add a SNAT rule
|
|
|
bbaaef |
+ovn-nbctl -- --id=@nat create nat type="snat" logical_ip='"fd12::2"' \
|
|
|
bbaaef |
+ external_ip='"fd40::4"' -- add logical_router R3 nat @nat
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# wait for ovn-controller to catch up.
|
|
|
bbaaef |
+ovn-nbctl --wait=hv sync
|
|
|
bbaaef |
+OVS_WAIT_UNTIL([ovs-ofctl dump-flows br-int | grep 'nat(src=fd40::4)'])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# North-South DNAT: 'alice1' should be able to ping 'foo1' via fd30::2
|
|
|
bbaaef |
+NS_CHECK_EXEC([alice1], [ping -6 -q -c 3 -i 0.3 -w 2 fd40::2 | FORMAT_PING], \
|
|
|
bbaaef |
+[0], [dnl
|
|
|
bbaaef |
+3 packets transmitted, 3 received, 0% packet loss, time 0ms
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Check conntrack entries.
|
|
|
bbaaef |
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fd30::3) | \
|
|
|
bbaaef |
+sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
|
|
|
bbaaef |
+icmpv6,orig=(src=fd30::3,dst=fd40::2,id=<cleared>,type=128,code=0),reply=(src=fd11::2,dst=fd30::3,id=<cleared>,type=129,code=0),zone=<cleared>
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# But foo1 should receive traffic from fd20::2
|
|
|
bbaaef |
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fd20::2) | \
|
|
|
bbaaef |
+sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
|
|
|
bbaaef |
+icmpv6,orig=(src=fd30::3,dst=fd11::2,id=<cleared>,type=128,code=0),reply=(src=fd11::2,dst=fd20::2,id=<cleared>,type=129,code=0),zone=<cleared>
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# North-South DNAT: 'bob1' should be able to ping 'foo1' via fd40::3
|
|
|
bbaaef |
+NS_CHECK_EXEC([bob1], [ping -6 -q -c 3 -i 0.3 -w 2 fd40::3 | FORMAT_PING], \
|
|
|
bbaaef |
+[0], [dnl
|
|
|
bbaaef |
+3 packets transmitted, 3 received, 0% packet loss, time 0ms
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Check conntrack entries.
|
|
|
bbaaef |
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fd30::4) | \
|
|
|
bbaaef |
+sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
|
|
|
bbaaef |
+icmpv6,orig=(src=fd30::4,dst=fd40::3,id=<cleared>,type=128,code=0),reply=(src=fd11::2,dst=fd30::4,id=<cleared>,type=129,code=0),zone=<cleared>
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# But foo1 should receive traffic from fd20::3
|
|
|
bbaaef |
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fd20::3) | \
|
|
|
bbaaef |
+sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
|
|
|
bbaaef |
+icmpv6,orig=(src=fd30::4,dst=fd11::2,id=<cleared>,type=128,code=0),reply=(src=fd11::2,dst=fd20::3,id=<cleared>,type=129,code=0),zone=<cleared>
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# South-North SNAT: 'bar1' pings 'bob1'. But 'bob1' receives traffic
|
|
|
bbaaef |
+# from fd40::4
|
|
|
bbaaef |
+NS_CHECK_EXEC([bar1], [ping -6 -q -c 3 -i 0.3 -w 2 fd30::4 | FORMAT_PING], \
|
|
|
bbaaef |
+[0], [dnl
|
|
|
bbaaef |
+3 packets transmitted, 3 received, 0% packet loss, time 0ms
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# We verify that SNAT indeed happened via 'dump-conntrack' command.
|
|
|
bbaaef |
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fd40::4) | \
|
|
|
bbaaef |
+sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
|
|
|
bbaaef |
+icmpv6,orig=(src=fd12::2,dst=fd30::4,id=<cleared>,type=128,code=0),reply=(src=fd30::4,dst=fd40::4,id=<cleared>,type=129,code=0),zone=<cleared>
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# South-North SNAT: 'foo1' pings 'alice1'. But 'alice1' receives traffic
|
|
|
bbaaef |
+# from fd40::1
|
|
|
bbaaef |
+NS_CHECK_EXEC([foo1], [ping -6 -q -c 3 -i 0.3 -w 2 fd30::3 | FORMAT_PING], \
|
|
|
bbaaef |
+[0], [dnl
|
|
|
bbaaef |
+3 packets transmitted, 3 received, 0% packet loss, time 0ms
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# We verify that SNAT indeed happened via 'dump-conntrack' command.
|
|
|
bbaaef |
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fd40::1) | \
|
|
|
bbaaef |
sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
|
|
|
bbaaef |
-icmp,orig=(src=192.168.1.2,dst=172.16.1.3,id=<cleared>,type=8,code=0),reply=(src=172.16.1.3,dst=30.0.0.1,id=<cleared>,type=0,code=0),zone=<cleared>
|
|
|
bbaaef |
+icmpv6,orig=(src=fd11::2,dst=fd30::3,id=<cleared>,type=128,code=0),reply=(src=fd30::3,dst=fd40::1,id=<cleared>,type=129,code=0),zone=<cleared>
|
|
|
bbaaef |
])
|
|
|
bbaaef |
|
|
|
bbaaef |
OVS_APP_EXIT_AND_WAIT([ovn-controller])
|
|
|
bbaaef |
@@ -1370,6 +1890,162 @@ OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
|
|
|
bbaaef |
/connection dropped.*/d"])
|
|
|
bbaaef |
AT_CLEANUP
|
|
|
bbaaef |
|
|
|
bbaaef |
+AT_SETUP([ovn -- DNAT and SNAT on distributed router - N/S - IPv6])
|
|
|
bbaaef |
+AT_KEYWORDS([ovnnat])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+CHECK_CONNTRACK()
|
|
|
bbaaef |
+CHECK_CONNTRACK_NAT()
|
|
|
bbaaef |
+ovn_start
|
|
|
bbaaef |
+OVS_TRAFFIC_VSWITCHD_START()
|
|
|
bbaaef |
+ADD_BR([br-int])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Set external-ids in br-int needed for ovn-controller
|
|
|
bbaaef |
+ovs-vsctl \
|
|
|
bbaaef |
+ -- set Open_vSwitch . external-ids:system-id=hv1 \
|
|
|
bbaaef |
+ -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
|
|
|
bbaaef |
+ -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
|
|
|
bbaaef |
+ -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \
|
|
|
bbaaef |
+ -- set bridge br-int fail-mode=secure other-config:disable-in-band=true
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Start ovn-controller
|
|
|
bbaaef |
+start_daemon ovn-controller
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Logical network:
|
|
|
bbaaef |
+# One LR R1 with switches foo (fd11::/64), bar (fd12::/64),
|
|
|
bbaaef |
+# and alice (fd20::/64) connected to it. The port between R1 and
|
|
|
bbaaef |
+# alice is the router gateway port where the R1 NAT rules are applied.
|
|
|
bbaaef |
+#
|
|
|
bbaaef |
+# foo -- R1 -- alice
|
|
|
bbaaef |
+# |
|
|
|
bbaaef |
+# bar ----
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+ovn-nbctl lr-add R1
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+ovn-nbctl ls-add foo
|
|
|
bbaaef |
+ovn-nbctl ls-add bar
|
|
|
bbaaef |
+ovn-nbctl ls-add alice
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 fd11::1/64
|
|
|
bbaaef |
+ovn-nbctl lrp-add R1 bar 00:00:01:01:02:04 fd12::1/64
|
|
|
bbaaef |
+ovn-nbctl lrp-add R1 alice 00:00:02:01:02:03 fd20::1/64 \
|
|
|
bbaaef |
+ -- set Logical_Router_Port alice options:redirect-chassis=hv1
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Connect foo to R1
|
|
|
bbaaef |
+ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
|
|
|
bbaaef |
+ type=router options:router-port=foo \
|
|
|
bbaaef |
+ -- lsp-set-addresses rp-foo router
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Connect bar to R1
|
|
|
bbaaef |
+ovn-nbctl lsp-add bar rp-bar -- set Logical_Switch_Port rp-bar \
|
|
|
bbaaef |
+ type=router options:router-port=bar \
|
|
|
bbaaef |
+ -- lsp-set-addresses rp-bar router
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Connect alice to R1
|
|
|
bbaaef |
+ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
|
|
|
bbaaef |
+ type=router options:router-port=alice \
|
|
|
bbaaef |
+ -- lsp-set-addresses rp-alice router
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Logical port 'foo1' in switch 'foo'.
|
|
|
bbaaef |
+ADD_NAMESPACES(foo1)
|
|
|
bbaaef |
+ADD_VETH(foo1, foo1, br-int, "fd11::2/64", "f0:00:00:01:02:03", \
|
|
|
bbaaef |
+ "fd11::1")
|
|
|
bbaaef |
+OVS_WAIT_UNTIL([test "$(ip netns exec foo1 ip a | grep fd11::2 | grep tentative)" = ""])
|
|
|
bbaaef |
+ovn-nbctl lsp-add foo foo1 \
|
|
|
bbaaef |
+-- lsp-set-addresses foo1 "f0:00:00:01:02:03 fd11::2"
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Logical port 'foo2' in switch 'foo'.
|
|
|
bbaaef |
+ADD_NAMESPACES(foo2)
|
|
|
bbaaef |
+ADD_VETH(foo2, foo2, br-int, "fd11::3/64", "f0:00:00:01:02:06", \
|
|
|
bbaaef |
+ "fd11::1")
|
|
|
bbaaef |
+OVS_WAIT_UNTIL([test "$(ip netns exec foo2 ip a | grep fd11::3 | grep tentative)" = ""])
|
|
|
bbaaef |
+ovn-nbctl lsp-add foo foo2 \
|
|
|
bbaaef |
+-- lsp-set-addresses foo2 "f0:00:00:01:02:06 fd11::3"
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Logical port 'bar1' in switch 'bar'.
|
|
|
bbaaef |
+ADD_NAMESPACES(bar1)
|
|
|
bbaaef |
+ADD_VETH(bar1, bar1, br-int, "fd12::2/64", "f0:00:00:01:02:04", \
|
|
|
bbaaef |
+ "fd12::1")
|
|
|
bbaaef |
+OVS_WAIT_UNTIL([test "$(ip netns exec bar1 ip a | grep fd12::2 | grep tentative)" = ""])
|
|
|
bbaaef |
+ovn-nbctl lsp-add bar bar1 \
|
|
|
bbaaef |
+-- lsp-set-addresses bar1 "f0:00:00:01:02:04 fd12::2"
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Logical port 'alice1' in switch 'alice'.
|
|
|
bbaaef |
+ADD_NAMESPACES(alice1)
|
|
|
bbaaef |
+ADD_VETH(alice1, alice1, br-int, "fd20::2/64", "f0:00:00:01:02:05", \
|
|
|
bbaaef |
+ "fd20::1")
|
|
|
bbaaef |
+OVS_WAIT_UNTIL([test "$(ip netns exec alice1 ip a | grep fd20::2 | grep tentative)" = ""])
|
|
|
bbaaef |
+ovn-nbctl lsp-add alice alice1 \
|
|
|
bbaaef |
+-- lsp-set-addresses alice1 "f0:00:00:01:02:05 fd20::2"
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+ovn-nbctl --wait=hv sync
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Add DNAT rules
|
|
|
bbaaef |
+AT_CHECK([ovn-nbctl lr-nat-add R1 dnat_and_snat fd20::3 fd11::2 foo1 00:00:02:02:03:04])
|
|
|
bbaaef |
+AT_CHECK([ovn-nbctl lr-nat-add R1 dnat_and_snat fd20::4 fd11::3 foo2 00:00:02:02:03:05])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Add a SNAT rule
|
|
|
bbaaef |
+AT_CHECK([ovn-nbctl lr-nat-add R1 snat fd20::1 fd11::/64])
|
|
|
bbaaef |
+AT_CHECK([ovn-nbctl lr-nat-add R1 snat fd20::1 fd12::/64])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+ovn-nbctl --wait=hv sync
|
|
|
bbaaef |
+OVS_WAIT_UNTIL([ovs-ofctl dump-flows br-int | grep 'nat(src=fd20::1)'])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# North-South DNAT: 'alice1' pings 'foo1' using fd20::3
|
|
|
bbaaef |
+NS_CHECK_EXEC([alice1], [ping -6 -q -c 3 -i 0.3 -w 2 fd20::3 | FORMAT_PING], \
|
|
|
bbaaef |
+[0], [dnl
|
|
|
bbaaef |
+3 packets transmitted, 3 received, 0% packet loss, time 0ms
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# We verify that DNAT indeed happened via 'dump-conntrack' command.
|
|
|
bbaaef |
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fd20::3) | \
|
|
|
bbaaef |
+sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
|
|
|
bbaaef |
+icmpv6,orig=(src=fd20::2,dst=fd20::3,id=<cleared>,type=128,code=0),reply=(src=fd11::2,dst=fd20::2,id=<cleared>,type=129,code=0),zone=<cleared>
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# South-North SNAT: 'foo2' pings 'alice1'. But 'alice1' receives traffic
|
|
|
bbaaef |
+# from 172.16.1.4
|
|
|
bbaaef |
+NS_CHECK_EXEC([foo2], [ping -6 -q -c 3 -i 0.3 -w 2 fd20::2 | FORMAT_PING], \
|
|
|
bbaaef |
+[0], [dnl
|
|
|
bbaaef |
+3 packets transmitted, 3 received, 0% packet loss, time 0ms
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# We verify that SNAT indeed happened via 'dump-conntrack' command.
|
|
|
bbaaef |
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fd20::1) | \
|
|
|
bbaaef |
+sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
|
|
|
bbaaef |
+icmpv6,orig=(src=fd11::3,dst=fd20::2,id=<cleared>,type=128,code=0),reply=(src=fd20::2,dst=fd20::1,id=<cleared>,type=129,code=0),zone=<cleared>
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+AT_CHECK([ovs-appctl dpctl/flush-conntrack])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# South-North SNAT: 'bar1' pings 'alice1'. But 'alice1' receives traffic
|
|
|
bbaaef |
+# from fd20::1
|
|
|
bbaaef |
+NS_CHECK_EXEC([bar1], [ping -6 -q -c 3 -i 0.3 -w 2 fd20::2 | FORMAT_PING], \
|
|
|
bbaaef |
+[0], [dnl
|
|
|
bbaaef |
+3 packets transmitted, 3 received, 0% packet loss, time 0ms
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# We verify that SNAT indeed happened via 'dump-conntrack' command.
|
|
|
bbaaef |
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fd20::1) | \
|
|
|
bbaaef |
+sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
|
|
|
bbaaef |
+icmpv6,orig=(src=fd12::2,dst=fd20::2,id=<cleared>,type=128,code=0),reply=(src=fd20::2,dst=fd20::1,id=<cleared>,type=129,code=0),zone=<cleared>
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+OVS_APP_EXIT_AND_WAIT([ovn-controller])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+as ovn-sb
|
|
|
bbaaef |
+OVS_APP_EXIT_AND_WAIT([ovsdb-server])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+as ovn-nb
|
|
|
bbaaef |
+OVS_APP_EXIT_AND_WAIT([ovsdb-server])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+as northd
|
|
|
bbaaef |
+OVS_APP_EXIT_AND_WAIT([ovn-northd])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+as
|
|
|
bbaaef |
+OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
|
|
|
bbaaef |
+/connection dropped.*/d"])
|
|
|
bbaaef |
+AT_CLEANUP
|
|
|
bbaaef |
+
|
|
|
bbaaef |
AT_SETUP([ovn -- DNAT and SNAT on distributed router - E/W])
|
|
|
bbaaef |
AT_KEYWORDS([ovnnat])
|
|
|
bbaaef |
|
|
|
bbaaef |
@@ -1547,6 +2223,188 @@ OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
|
|
|
bbaaef |
/connection dropped.*/d"])
|
|
|
bbaaef |
AT_CLEANUP
|
|
|
bbaaef |
|
|
|
bbaaef |
+AT_SETUP([ovn -- DNAT and SNAT on distributed router - E/W - IPv6])
|
|
|
bbaaef |
+AT_KEYWORDS([ovnnat])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+CHECK_CONNTRACK()
|
|
|
bbaaef |
+CHECK_CONNTRACK_NAT()
|
|
|
bbaaef |
+ovn_start
|
|
|
bbaaef |
+OVS_TRAFFIC_VSWITCHD_START()
|
|
|
bbaaef |
+ADD_BR([br-int])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Set external-ids in br-int needed for ovn-controller
|
|
|
bbaaef |
+ovs-vsctl \
|
|
|
bbaaef |
+ -- set Open_vSwitch . external-ids:system-id=hv1 \
|
|
|
bbaaef |
+ -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
|
|
|
bbaaef |
+ -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
|
|
|
bbaaef |
+ -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \
|
|
|
bbaaef |
+ -- set bridge br-int fail-mode=secure other-config:disable-in-band=true
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Start ovn-controller
|
|
|
bbaaef |
+start_daemon ovn-controller
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Logical network:
|
|
|
bbaaef |
+# One LR R1 with switches foo (fd11::/64), bar (fd12::/64),
|
|
|
bbaaef |
+# and alice (fd20::/64) connected to it. The port between R1 and
|
|
|
bbaaef |
+# alice is the router gateway port where the R1 NAT rules are applied.
|
|
|
bbaaef |
+#
|
|
|
bbaaef |
+# foo -- R1 -- alice
|
|
|
bbaaef |
+# |
|
|
|
bbaaef |
+# bar ----
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+ovn-nbctl lr-add R1
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+ovn-nbctl ls-add foo
|
|
|
bbaaef |
+ovn-nbctl ls-add bar
|
|
|
bbaaef |
+ovn-nbctl ls-add alice
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 fd11::1/64
|
|
|
bbaaef |
+ovn-nbctl lrp-add R1 bar 00:00:01:01:02:04 fd12::1/64
|
|
|
bbaaef |
+ovn-nbctl lrp-add R1 alice 00:00:02:01:02:03 fd20::1/64 \
|
|
|
bbaaef |
+ -- set Logical_Router_Port alice options:redirect-chassis=hv1
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Connect foo to R1
|
|
|
bbaaef |
+ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
|
|
|
bbaaef |
+ type=router options:router-port=foo \
|
|
|
bbaaef |
+ -- lsp-set-addresses rp-foo router
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Connect bar to R1
|
|
|
bbaaef |
+ovn-nbctl lsp-add bar rp-bar -- set Logical_Switch_Port rp-bar \
|
|
|
bbaaef |
+ type=router options:router-port=bar \
|
|
|
bbaaef |
+ -- lsp-set-addresses rp-bar router
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Connect alice to R1
|
|
|
bbaaef |
+ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
|
|
|
bbaaef |
+ type=router options:router-port=alice \
|
|
|
bbaaef |
+ -- lsp-set-addresses rp-alice router
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Logical port 'foo1' in switch 'foo'.
|
|
|
bbaaef |
+ADD_NAMESPACES(foo1)
|
|
|
bbaaef |
+ADD_VETH(foo1, foo1, br-int, "fd11::2/64", "f0:00:00:01:02:03", \
|
|
|
bbaaef |
+ "fd11::1")
|
|
|
bbaaef |
+OVS_WAIT_UNTIL([test "$(ip netns exec foo1 ip a | grep fd11::2 | grep tentative)" = ""])
|
|
|
bbaaef |
+ovn-nbctl lsp-add foo foo1 \
|
|
|
bbaaef |
+-- lsp-set-addresses foo1 "f0:00:00:01:02:03 fd11::2"
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Logical port 'foo2' in switch 'foo'.
|
|
|
bbaaef |
+ADD_NAMESPACES(foo2)
|
|
|
bbaaef |
+ADD_VETH(foo2, foo2, br-int, "fd11::3/64", "f0:00:00:01:02:06", \
|
|
|
bbaaef |
+ "fd11::1")
|
|
|
bbaaef |
+OVS_WAIT_UNTIL([test "$(ip netns exec foo2 ip a | grep fd11::3 | grep tentative)" = ""])
|
|
|
bbaaef |
+ovn-nbctl lsp-add foo foo2 \
|
|
|
bbaaef |
+-- lsp-set-addresses foo2 "f0:00:00:01:02:06 fd11::3"
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Logical port 'bar1' in switch 'bar'.
|
|
|
bbaaef |
+ADD_NAMESPACES(bar1)
|
|
|
bbaaef |
+ADD_VETH(bar1, bar1, br-int, "fd12::2/64", "f0:00:00:01:02:04", \
|
|
|
bbaaef |
+ "fd12::1")
|
|
|
bbaaef |
+OVS_WAIT_UNTIL([test "$(ip netns exec bar1 ip a | grep fd12::2 | grep tentative)" = ""])
|
|
|
bbaaef |
+ovn-nbctl lsp-add bar bar1 \
|
|
|
bbaaef |
+-- lsp-set-addresses bar1 "f0:00:00:01:02:04 fd12::2"
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Logical port 'alice1' in switch 'alice'.
|
|
|
bbaaef |
+ADD_NAMESPACES(alice1)
|
|
|
bbaaef |
+ADD_VETH(alice1, alice1, br-int, "fd20::2/64", "f0:00:00:01:02:05", \
|
|
|
bbaaef |
+ "fd20::1")
|
|
|
bbaaef |
+OVS_WAIT_UNTIL([test "$(ip netns exec alice1 ip a | grep fd20::2 | grep tentative)" = ""])
|
|
|
bbaaef |
+ovn-nbctl lsp-add alice alice1 \
|
|
|
bbaaef |
+-- lsp-set-addresses alice1 "f0:00:00:01:02:05 fd20::2"
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Add DNAT rules
|
|
|
bbaaef |
+AT_CHECK([ovn-nbctl lr-nat-add R1 dnat_and_snat fd20::3 fd11::2 foo1 00:00:02:02:03:04])
|
|
|
bbaaef |
+AT_CHECK([ovn-nbctl lr-nat-add R1 dnat_and_snat fd20::4 fd12::2 bar1 00:00:02:02:03:05])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Add a SNAT rule
|
|
|
bbaaef |
+AT_CHECK([ovn-nbctl lr-nat-add R1 snat fd20::1 fd11::/64])
|
|
|
bbaaef |
+AT_CHECK([ovn-nbctl lr-nat-add R1 snat fd20::1 fd12::/64])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+ovn-nbctl --wait=hv sync
|
|
|
bbaaef |
+OVS_WAIT_UNTIL([ovs-ofctl dump-flows br-int | grep 'nat(src=fd20::1)'])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+echo "------ hv dump ------"
|
|
|
bbaaef |
+ovs-ofctl show br-int
|
|
|
bbaaef |
+ovs-ofctl dump-flows br-int
|
|
|
bbaaef |
+echo "---------------------"
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# East-West No NAT: 'foo1' pings 'bar1' using fd12::2.
|
|
|
bbaaef |
+NS_CHECK_EXEC([foo1], [ping -q -c 3 -i 0.3 -w 2 fd12::2 | FORMAT_PING], \
|
|
|
bbaaef |
+[0], [dnl
|
|
|
bbaaef |
+3 packets transmitted, 3 received, 0% packet loss, time 0ms
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# We verify that no NAT happened via 'dump-conntrack' command.
|
|
|
bbaaef |
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fd12::2) | \
|
|
|
bbaaef |
+sed -e 's/zone=[[0-9]]*/zone=<cleared>/' | wc -l], [0], [0
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# East-West No NAT: 'foo2' pings 'bar1' using fd12::2.
|
|
|
bbaaef |
+NS_CHECK_EXEC([foo2], [ping -q -c 3 -i 0.3 -w 2 fd12::2 | FORMAT_PING], \
|
|
|
bbaaef |
+[0], [dnl
|
|
|
bbaaef |
+3 packets transmitted, 3 received, 0% packet loss, time 0ms
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# We verify that no NAT happened via 'dump-conntrack' command.
|
|
|
bbaaef |
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fd12::2) | \
|
|
|
bbaaef |
+sed -e 's/zone=[[0-9]]*/zone=<cleared>/' | wc -l], [0], [0
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# East-West No NAT: 'bar1' pings 'foo2' using fd11::3.
|
|
|
bbaaef |
+NS_CHECK_EXEC([bar1], [ping -q -c 3 -i 0.3 -w 2 fd11::3 | FORMAT_PING], \
|
|
|
bbaaef |
+[0], [dnl
|
|
|
bbaaef |
+3 packets transmitted, 3 received, 0% packet loss, time 0ms
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# We verify that no NAT happened via 'dump-conntrack' command.
|
|
|
bbaaef |
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fd12::2) | \
|
|
|
bbaaef |
+sed -e 's/zone=[[0-9]]*/zone=<cleared>/' | wc -l], [0], [0
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# East-West NAT: 'foo1' pings 'bar1' using fd20::4.
|
|
|
bbaaef |
+NS_CHECK_EXEC([foo1], [ping -q -c 3 -i 0.3 -w 2 fd20::4 | FORMAT_PING], \
|
|
|
bbaaef |
+[0], [dnl
|
|
|
bbaaef |
+3 packets transmitted, 3 received, 0% packet loss, time 0ms
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Check conntrack entries. First SNAT of 'foo1' address happens.
|
|
|
bbaaef |
+# Then DNAT of 'bar1' address happens (listed first below).
|
|
|
bbaaef |
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fd20::4) | \
|
|
|
bbaaef |
+sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
|
|
|
bbaaef |
+icmpv6,orig=(src=fd11::2,dst=fd20::4,id=<cleared>,type=128,code=0),reply=(src=fd20::4,dst=fd20::1,id=<cleared>,type=129,code=0),zone=<cleared>
|
|
|
bbaaef |
+icmpv6,orig=(src=fd20::1,dst=fd20::4,id=<cleared>,type=128,code=0),reply=(src=fd12::2,dst=fd20::1,id=<cleared>,type=129,code=0),zone=<cleared>
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+AT_CHECK([ovs-appctl dpctl/flush-conntrack])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# East-West NAT: 'foo2' pings 'bar1' using fd20::4.
|
|
|
bbaaef |
+NS_CHECK_EXEC([foo2], [ping -q -c 3 -i 0.3 -w 2 fd20::4 | FORMAT_PING], \
|
|
|
bbaaef |
+[0], [dnl
|
|
|
bbaaef |
+3 packets transmitted, 3 received, 0% packet loss, time 0ms
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+# Check conntrack entries. First SNAT of 'foo2' address happens.
|
|
|
bbaaef |
+# Then DNAT of 'bar1' address happens (listed first below).
|
|
|
bbaaef |
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fd20::1) | \
|
|
|
bbaaef |
+sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
|
|
|
bbaaef |
+icmpv6,orig=(src=fd11::3,dst=fd20::4,id=<cleared>,type=128,code=0),reply=(src=fd20::4,dst=fd20::1,id=<cleared>,type=129,code=0),zone=<cleared>
|
|
|
bbaaef |
+icmpv6,orig=(src=fd20::1,dst=fd20::4,id=<cleared>,type=128,code=0),reply=(src=fd12::2,dst=fd20::1,id=<cleared>,type=129,code=0),zone=<cleared>
|
|
|
bbaaef |
+])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+OVS_APP_EXIT_AND_WAIT([ovn-controller])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+as ovn-sb
|
|
|
bbaaef |
+OVS_APP_EXIT_AND_WAIT([ovsdb-server])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+as ovn-nb
|
|
|
bbaaef |
+OVS_APP_EXIT_AND_WAIT([ovsdb-server])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+as northd
|
|
|
bbaaef |
+OVS_APP_EXIT_AND_WAIT([ovn-northd])
|
|
|
bbaaef |
+
|
|
|
bbaaef |
+as
|
|
|
bbaaef |
+OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d
|
|
|
bbaaef |
+/connection dropped.*/d"])
|
|
|
bbaaef |
+AT_CLEANUP
|
|
|
bbaaef |
+
|
|
|
bbaaef |
AT_SETUP([ovn -- 2 LSs IGMP])
|
|
|
bbaaef |
AT_KEYWORDS([ovnigmp])
|
|
|
bbaaef |
|
|
|
bbaaef |
--
|
|
|
bbaaef |
2.23.0
|
|
|
bbaaef |
|