1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
|
#!/usr/bin/env python
# SPDX-License-Identifier: ISC
#
# test_pim_boundary_acl.py
#
# Copyright (c) 2024 Architecture Technology Corporation
# Corey Siltala
#
"""
test_pim_boundary_acl.py: Test multicast boundary commands (access-lists and prefix-lists)
"""
import os
import sys
import pytest
import json
from functools import partial
pytestmark = [pytest.mark.pimd]
CWD = os.path.dirname(os.path.realpath(__file__))
sys.path.append(os.path.join(CWD, "../"))
# pylint: disable=C0413
from lib import topotest
from lib.topogen import Topogen, TopoRouter, get_topogen
from lib.topolog import logger
ASM_GROUP="229.1.1.1"
SSM_GROUP="232.1.1.1"
def build_topo(tgen):
"Build function"
for routern in range(1, 4):
tgen.add_router("r{}".format(routern))
tgen.add_router("rp")
# rp ------ r1 -------- r2
# \
# --------- r3
# r1 -> .1
# r2 -> .2
# rp -> .3
# r3 -> .4
# loopback network is 10.254.0.X/32
#
# r1 <- sw1 -> r2
# r1-eth0 <-> r2-eth0
# 10.0.20.0/24
sw = tgen.add_switch("sw1")
sw.add_link(tgen.gears["r1"])
sw.add_link(tgen.gears["r2"])
# r1 <- sw2 -> rp
# r1-eth1 <-> rp-eth0
# 10.0.30.0/24
sw = tgen.add_switch("sw2")
sw.add_link(tgen.gears["r1"])
sw.add_link(tgen.gears["rp"])
# r1 <- sw3 -> r3
# r1-eth2 <-> r3-eth0
# 10.0.40.0/24
sw = tgen.add_switch("sw3")
sw.add_link(tgen.gears["r1"])
sw.add_link(tgen.gears["r3"])
def setup_module(mod):
"Sets up the pytest environment"
tgen = Topogen(build_topo, mod.__name__)
tgen.start_topology()
# For all registered routers, load the zebra configuration file
for rname, router in tgen.routers().items():
logger.info("Loading router %s" % rname)
router.load_frr_config(os.path.join(CWD, "{}/frr.conf".format(rname)))
# After loading the configurations, this function loads configured daemons.
tgen.start_router()
# tgen.mininet_cli()
def teardown_module():
"Teardown the pytest environment"
tgen = get_topogen()
# This function tears down the whole topology.
tgen.stop_topology()
def test_pim_rp_setup():
"Ensure basic routing has come up and the rp has an outgoing interface"
# Ensure rp and r1 establish pim neighbor ship and bgp has come up
# Finally ensure that the rp has an outgoing interface on r1
tgen = get_topogen()
r1 = tgen.gears["r1"]
expected = {
"10.254.0.3":[
{
"outboundInterface":"r1-eth1",
"group":"224.0.0.0/4",
"source":"Static"
}
]
}
test_func = partial(
topotest.router_json_cmp, r1, "show ip pim rp-info json", expected
)
_, result = topotest.run_and_expect(test_func, None, count=30, wait=1)
assertmsg = '"{}" JSON output mismatches'.format(r1.name)
assert result is None, assertmsg
# tgen.mininet_cli()
def test_pim_asm_igmp_join_acl():
"Test ASM IGMP joins with prefix-list ACLs"
logger.info("Send IGMP joins from r2 to r1 with ACL enabled and disabled")
tgen = get_topogen()
if tgen.routers_have_failure():
pytest.skip(tgen.errors)
r2 = tgen.gears["r2"]
r1 = tgen.gears["r1"]
# No IGMP sources other than from self for AutoRP Discovery group initially
expected = {
"r1-eth0":{
"name":"r1-eth0",
"229.1.1.1":None
},
"r1-eth2":{
"name":"r1-eth2",
"229.1.1.1":None
}
}
test_func = partial(
topotest.router_json_cmp, r1, "show ip igmp sources json", expected
)
_, result = topotest.run_and_expect(test_func, None, count=20, wait=1)
assert result is None, "Expected no IGMP sources other than for AutoRP Discovery"
# Send IGMP join from r2, check if r1 has IGMP source
r2.vtysh_cmd((
"""
configure terminal
interface {}
ip igmp join {}
"""
).format("r2-eth0", ASM_GROUP))
expected = {
"r1-eth0":{
"name":"r1-eth0",
"229.1.1.1":{
"group":"229.1.1.1",
"sources":[
{
"source":"*",
"forwarded":False,
}
]
}
}
}
test_func = partial(
topotest.router_json_cmp, r1, "show ip igmp sources json", expected
)
_, result = topotest.run_and_expect(test_func, None, count=20, wait=1)
assert result is None, "Expected IGMP source to be present but is absent"
# Test inbound boundary on r1
# Enable multicast boundary on r1, toggle IGMP join on r2
r2.vtysh_cmd((
"""
configure terminal
interface r2-eth0
no ip igmp join {}
"""
).format(ASM_GROUP))
r1.vtysh_cmd(
"""
configure terminal
interface r1-eth0
ip multicast boundary oil pim-oil-plist
"""
)
r2.vtysh_cmd((
"""
configure terminal
interface r2-eth0
ip igmp join {}
"""
).format(ASM_GROUP))
expected = {
"r1-eth0":{
"name":"r1-eth0",
"229.1.1.1":None
}
}
test_func = partial(
topotest.router_json_cmp, r1, "show ip igmp sources json", expected
)
_, result = topotest.run_and_expect(test_func, None, count=20, wait=1)
assert result is None, "Expected IGMP source to be absent but is present"
# Test outbound boundary on r2
# Enable multicast boundary on r2, toggle IGMP join (test outbound)
# Note: json_cmp treats "*" as wildcard but in this case that's actually what the source is
expected = {
"vrf":"default",
"r2-eth0":{
"name":"r2-eth0",
"groups":[
{
"source":"*",
"group":"229.1.1.1",
"primaryAddr":"10.0.20.2",
}
]
}
}
test_func = partial(
topotest.router_json_cmp, r2, "show ip igmp join json", expected
)
_, result = topotest.run_and_expect(test_func, None, count=20, wait=1)
assert result is None, "Expected IGMP join to be present but is absent"
r2.vtysh_cmd((
"""
configure terminal
interface r2-eth0
no ip igmp join {}
ip multicast boundary oil pim-oil-plist
ip igmp join {}
"""
).format(ASM_GROUP, ASM_GROUP))
expected = {
"vrf":"default",
"r2-eth0":None
}
test_func = partial(
topotest.router_json_cmp, r2, "show ip igmp join json", expected
)
_, result = topotest.run_and_expect(test_func, None, count=20, wait=1)
assert result is None, "Expected IGMP join to be absent but is present"
# Cleanup
r2.vtysh_cmd((
"""
configure terminal
interface r2-eth0
no ip igmp join {}
no ip multicast boundary oil pim-oil-plist
"""
).format(ASM_GROUP))
def test_pim_ssm_igmp_join_acl():
"Test SSM IGMP joins with extended ACLs"
logger.info("Send IGMP joins from r2 to r1 with ACL enabled and disabled")
tgen = get_topogen()
if tgen.routers_have_failure():
pytest.skip(tgen.errors)
r3 = tgen.gears["r3"]
r2 = tgen.gears["r2"]
r1 = tgen.gears["r1"]
# No IGMP sources other than from self for AutoRP Discovery group initially
expected = {
"r1-eth0":{
"name":"r1-eth0",
"229.1.1.1":None,
"232.1.1.1":None
},
"r1-eth2":{
"name":"r1-eth2",
"229.1.1.1":None,
"232.1.1.1":None
}
}
test_func = partial(
topotest.router_json_cmp, r1, "show ip igmp sources json", {}
)
_, result = topotest.run_and_expect(test_func, None, count=20, wait=1)
assert result is None, "Expected no IGMP sources other than from AutoRP Discovery"
# Send IGMP join from r2, check if r1 has IGMP source
r2.vtysh_cmd((
"""
configure terminal
interface r2-eth0
ip igmp join {} 10.0.20.2
"""
).format(SSM_GROUP))
expected = {
"r1-eth0":{
"name":"r1-eth0",
"232.1.1.1":{
"group":"232.1.1.1",
"sources":[
{
"source":"10.0.20.2",
"forwarded":False,
}
]
}
}
}
test_func = partial(
topotest.router_json_cmp, r1, "show ip igmp sources json", expected
)
_, result = topotest.run_and_expect(test_func, None, count=20, wait=1)
assert result is None, "Expected IGMP source to be present but is absent"
# Test inbound boundary on r1
# Enable multicast boundary on r1, toggle IGMP join on r2
r2.vtysh_cmd((
"""
configure terminal
interface r2-eth0
no ip igmp join {} 10.0.20.2
"""
).format(SSM_GROUP))
r1.vtysh_cmd(
"""
configure terminal
interface r1-eth0
ip multicast boundary pim-acl
"""
)
r2.vtysh_cmd((
"""
configure terminal
interface r2-eth0
ip igmp join {} 10.0.20.2
"""
).format(SSM_GROUP))
expected = {
"r1-eth0":{
"name":"r1-eth0",
"232.1.1.1":None
}
}
test_func = partial(
topotest.router_json_cmp, r1, "show ip igmp sources json", expected
)
_, result = topotest.run_and_expect(test_func, None, count=20, wait=1)
assert result is None, "Expected IGMP source to be absent but is present"
# Add lower, more-specific permit rule to access-list
r2.vtysh_cmd((
"""
configure terminal
interface r2-eth0
no ip igmp join {} 10.0.20.2
"""
).format(SSM_GROUP))
r1.vtysh_cmd((
"""
configure terminal
access-list pim-acl seq 5 permit ip host 10.0.20.2 {} 0.0.0.128
"""
).format(SSM_GROUP))
r2.vtysh_cmd((
"""
configure terminal
interface r2-eth0
ip igmp join {} 10.0.20.2
"""
).format(SSM_GROUP))
expected = {
"r1-eth0":{
"name":"r1-eth0",
"232.1.1.1":{
"group":"232.1.1.1",
"sources":[
{
"source":"10.0.20.2",
"forwarded":False,
}
]
}
}
}
test_func = partial(
topotest.router_json_cmp, r1, "show ip igmp sources json", expected
)
_, result = topotest.run_and_expect(test_func, None, count=20, wait=1)
assert result is None, "Expected IGMP source to be present but is absent"
# Test outbound boundary on r2
# Enable multicast boundary on r2, toggle IGMP join (test outbound)
expected = {
"vrf":"default",
"r2-eth0":{
"name":"r2-eth0",
"groups":[
{
"source":"10.0.20.2",
"group":"232.1.1.1",
"primaryAddr":"10.0.20.2",
}
]
}
}
test_func = partial(
topotest.router_json_cmp, r2, "show ip igmp join json", expected
)
_, result = topotest.run_and_expect(test_func, None, count=20, wait=1)
assert result is None, "Expected IGMP join to be present but is absent"
# Enable boundary ACL, check join is absent
r2.vtysh_cmd((
"""
configure terminal
interface r2-eth0
no ip igmp join {} 10.0.20.2
ip multicast boundary pim-acl
ip igmp join {} 10.0.20.2
"""
).format(SSM_GROUP, SSM_GROUP))
expected = {
"vrf":"default",
"r2-eth0":None
}
test_func = partial(
topotest.router_json_cmp, r2, "show ip igmp join json", expected
)
_, result = topotest.run_and_expect(test_func, None, count=20, wait=1)
assert result is None, "Expected IGMP join to be absent but is present"
# Check sources on r1 again, should be absent even though we permitted it because r2 is blocking it outbound
expected = {
"r1-eth0":{
"name":"r1-eth0",
"232.1.1.1":None
},
"r1-eth2":{
"name":"r1-eth2",
"232.1.1.1":None
}
}
test_func = partial(
topotest.router_json_cmp, r1, "show ip igmp sources json", expected
)
_, result = topotest.run_and_expect(test_func, None, count=20, wait=1)
assert result is None, "Expected IGMP source to be absent but is present"
# Send IGMP join from r3 with different source, should show up on r1
# Add lower, more-specific permit rule to access-list
r3.vtysh_cmd((
"""
configure terminal
interface r3-eth0
ip igmp join {} 10.0.40.4
"""
).format(SSM_GROUP))
expected = {
"r1-eth0":{
"name":"r1-eth0",
"232.1.1.1":None
},
"r1-eth2":{
"name":"r1-eth2",
"232.1.1.1":{
"group":"232.1.1.1",
"sources":[
{
"source":"10.0.40.4",
"forwarded":False,
}
]
}
}
}
test_func = partial(
topotest.router_json_cmp, r1, "show ip igmp sources json", expected
)
_, result = topotest.run_and_expect(test_func, None, count=20, wait=1)
assert result is None, "Expected IGMP source to be present but is absent"
# PIM join
# PIM-DM forwarding
def test_memory_leak():
"Run the memory leak test and report results."
tgen = get_topogen()
if not tgen.is_memleak_enabled():
pytest.skip("Memory leak test/report is disabled")
tgen.report_memory_leaks()
if __name__ == "__main__":
args = ["-s"] + sys.argv[1:]
sys.exit(pytest.main(args))
|
