-
Notifications
You must be signed in to change notification settings - Fork 0
vrf_policy_driven_te
Test VRF selection logic involving different decapsulation and encapsulation lookup scenarios via gRIBI.
ATE port-1 <------> port-1 DUT DUT port-2 <------> port-2 ATE DUT port-3 <------> port-3 ATE DUT port-4 <------> port-4 ATE DUT port-5 <------> port-5 ATE DUT port-6 <------> port-6 ATE DUT port-7 <------> port-7 ATE DUT port-8 <------> port-8 ATE
# DSCP value that will be matched to ENCAP_TE_VRF_A
* dscp_encap_a_1 = 10
* dscp_encap_a_2 = 18
# DSCP value that will be matched to ENCAP_TE_VRF_B
* dscp_encap_b_1 = 20
* dscp_encap_b_2 = 28
# DSCP value that will NOT be matched to any VRF for encapsulation.
* dscp_encap_no_match = 30
# Magic source IP addresses used in VRF selection policy
* ipv4_outer_src_111 = 198.51.100.111
* ipv4_outer_src_222 = 198.51.100.222
# Magic destination MAC address
* magic_mac = 02:00:00:00:00:01`
vrf_selection_policy_c
network-instances {
network-instance {
name: DEFAULT
policy-forwarding {
policies {
policy {
policy-id: "vrf_selection_policy_c"
rules {
rule {
sequence-id: 1
ipv4 {
protocol: 4
dscp-set: [dscp_encap_a_1, dscp_encap_a_2]
source-address: "ipv4_outer_src_222"
}
action {
decap-network-instance: "DECAP_TE_VRF"
post-network-instance: "ENCAP_TE_VRF_A"
decap-fallback-network-instance: "TE_VRF_222"
}
}
rule {
sequence-id: 2
ipv4 {
protocol: 41
dscp-set: [dscp_encap_a_1, dscp_encap_a_2]
source-address: "ipv4_outer_src_222"
}
action {
decap-network-instance: "DECAP_TE_VRF"
post-network-instance: "ENCAP_TE_VRF_A"
decap-fallback-network-instance: "TE_VRF_222"
}
}
rule {
sequence-id: 3
ipv4 {
protocol: 4
dscp-set: [dscp_encap_a_1, dscp_encap_a_2]
source-address: "ipv4_outer_src_111"
}
action {
decap-network-instance: "DECAP_TE_VRF"
post-network-instance: "ENCAP_TE_VRF_A"
decap-fallback-network-instance: "TE_VRF_111"
}
}
rule {
sequence-id: 4
ipv4 {
protocol: 41
dscp-set: [dscp_encap_a_1, dscp_encap_a_2]
source-address: "ipv4_outer_src_111"
}
action {
decap-network-instance: "DECAP_TE_VRF"
post-network-instance: "ENCAP_TE_VRF_A"
decap-fallback-network-instance: "TE_VRF_111"
}
}
rule {
sequence-id: 5
ipv4 {
protocol: 4
dscp-set: [dscp_encap_b_1, dscp_encap_b_2]
source-address: "ipv4_outer_src_222"
}
action {
decap-network-instance: "DECAP_TE_VRF"
post-network-instance: "ENCAP_TE_VRF_B"
decap-fallback-network-instance: "TE_VRF_222"
}
}
rule {
sequence-id: 6
ipv4 {
protocol: 41
dscp-set: [dscp_encap_b_1, dscp_encap_b_2]
source-address: "ipv4_outer_src_222"
}
action {
decap-network-instance: "DECAP_TE_VRF"
post-network-instance: "ENCAP_TE_VRF_B"
decap-fallback-network-instance: "TE_VRF_222"
}
}
rule {
sequence-id: 7
ipv4 {
protocol: 4
dscp-set: [dscp_encap_b_1, dscp_encap_b_2]
source-address: "ipv4_outer_src_111"
}
action {
decap-network-instance: "DECAP_TE_VRF"
post-network-instance: "ENCAP_TE_VRF_B"
decap-fallback-network-instance: "TE_VRF_111"
}
}
rule {
sequence-id: 8
ipv4 {
protocol: 41
dscp-set: [dscp_encap_b_1, dscp_encap_b_2]
source-address: "ipv4_outer_src_111"
}
action {
decap-network-instance: "DECAP_TE_VRF"
post-network-instance: "ENCAP_TE_VRF_B"
decap-fallback-network-instance: "TE_VRF_111"
}
}
rule {
sequence-id: 9
ipv4 {
protocol: 4
source-address: "ipv4_outer_src_222"
}
action {
decap-network-instance: "DECAP_TE_VRF"
post-network-instance: "DEFAULT"
decap-fallback-network-instance: "TE_VRF_222"
}
}
rule {
sequence-id: 10
ipv4 {
protocol: 41
source-address: "ipv4_outer_src_222"
}
action {
decap-network-instance: "DECAP_TE_VRF"
post-network-instance: "DEFAULT"
decap-fallback-network-instance: "TE_VRF_222"
}
}
rule {
sequence-id: 11
ipv4 {
protocol: 4
source-address: "ipv4_outer_src_111"
}
action {
decap-network-instance: "DECAP_TE_VRF"
post-network-instance: "DEFAULT"
decap-fallback-network-instance: "TE_VRF_111"
}
}
rule {
sequence-id: 12
ipv4 {
protocol: 41
source-address: "ipv4_outer_src_111"
}
action {
decap-network-instance: "DECAP_TE_VRF"
post-network-instance: "DEFAULT"
decap-fallback-network-instance: "TE_VRF_111"
}
}
rule {
sequence-id: 13
ipv4 {
dscp-set: [dscp_encap_a_1, dscp_encap_a_2]
}
action {
network-instance: "ENCAP_TE_VRF_A"
}
}
rule {
sequence-id: 14
ipv6 {
dscp-set: [dscp_encap_a_1, dscp_encap_a_2]
}
action {
network-instance: "ENCAP_TE_VRF_A"
}
}
rule {
sequence-id: 15
ipv4 {
dscp-set: [dscp_encap_b_1, dscp_encap_b_2]
}
action {
network-instance: "ENCAP_TE_VRF_B"
}
}
rule {
sequence-id: 16
ipv6 {
dscp-set: [dscp_encap_b_1, dscp_encap_b_2]
}
action {
network-instance: "ENCAP_TE_VRF_B"
}
}
rule {
sequence-id: 17
action {
network-instance: "DEFAULT"
}
}
}
}
}
}
}
}
vrf_selection_policy_w
network-instances {
network-instance {
name: DEFAULT
policy-forwarding {
policies {
policy {
policy-id: "vrf_selection_policy_w"
rules {
rule {
sequence-id: 1
ipv4 {
protocol: 4
dscp-set: [dscp_encap_a_1, dscp_encap_a_2]
source-address: "ipv4_outer_src_222"
}
action {
decap-network-instance: "DECAP_TE_VRF"
post-network-instance: "ENCAP_TE_VRF_A"
decap-fallback-network-instance: "TE_VRF_222"
}
}
rule {
sequence-id: 2
ipv4 {
protocol: 41
dscp-set: [dscp_encap_a_1, dscp_encap_a_2]
source-address: "ipv4_outer_src_222"
}
action {
decap-network-instance: "DECAP_TE_VRF"
post-network-instance: "ENCAP_TE_VRF_A"
decap-fallback-network-instance: "TE_VRF_222"
}
}
rule {
sequence-id: 3
ipv4 {
protocol: 4
dscp-set: [dscp_encap_a_1, dscp_encap_a_2]
source-address: "ipv4_outer_src_111"
}
action {
decap-network-instance: "DECAP_TE_VRF"
post-network-instance: "ENCAP_TE_VRF_A"
decap-fallback-network-instance: "TE_VRF_111"
}
}
rule {
sequence-id: 4
ipv4 {
protocol: 41
dscp-set: [dscp_encap_a_1, dscp_encap_a_2]
source-address: "ipv4_outer_src_111"
}
action {
decap-network-instance: "DECAP_TE_VRF"
post-network-instance: "ENCAP_TE_VRF_A"
decap-fallback-network-instance: "TE_VRF_111"
}
}
rule {
sequence-id: 5
ipv4 {
protocol: 4
dscp-set: [dscp_encap_b_1, dscp_encap_b_2]
source-address: "ipv4_outer_src_222"
}
action {
decap-network-instance: "DECAP_TE_VRF"
post-network-instance: "ENCAP_TE_VRF_B"
decap-fallback-network-instance: "TE_VRF_222"
}
}
rule {
sequence-id: 6
ipv4 {
protocol: 41
dscp-set: [dscp_encap_b_1, dscp_encap_b_2]
source-address: "ipv4_outer_src_222"
}
action {
decap-network-instance: "DECAP_TE_VRF"
post-network-instance: "ENCAP_TE_VRF_B"
decap-fallback-network-instance: "TE_VRF_222"
}
}
rule {
sequence-id: 7
ipv4 {
protocol: 4
dscp-set: [dscp_encap_b_1, dscp_encap_b_2]
source-address: "ipv4_outer_src_111"
}
action {
decap-network-instance: "DECAP_TE_VRF"
post-network-instance: "ENCAP_TE_VRF_B"
decap-fallback-network-instance: "TE_VRF_111"
}
}
rule {
sequence-id: 8
ipv4 {
protocol: 41
dscp-set: [dscp_encap_b_1, dscp_encap_b_2]
source-address: "ipv4_outer_src_111"
}
action {
decap-network-instance: "DECAP_TE_VRF"
post-network-instance: "ENCAP_TE_VRF_B"
decap-fallback-network-instance: "TE_VRF_111"
}
}
rule {
sequence-id: 9
ipv4 {
protocol: 4
source-address: "ipv4_outer_src_222"
}
action {
decap-network-instance: "DECAP_TE_VRF"
post-network-instance: "DEFAULT"
decap-fallback-network-instance: "TE_VRF_222"
}
}
rule {
sequence-id: 10
ipv4 {
protocol: 41
source-address: "ipv4_outer_src_222"
}
action {
decap-network-instance: "DECAP_TE_VRF"
post-network-instance: "DEFAULT"
decap-fallback-network-instance: "TE_VRF_222"
}
}
rule {
sequence-id: 11
ipv4 {
protocol: 4
source-address: "ipv4_outer_src_111"
}
action {
decap-network-instance: "DECAP_TE_VRF"
post-network-instance: "DEFAULT"
decap-fallback-network-instance: "TE_VRF_111"
}
}
rule {
sequence-id: 12
ipv4 {
protocol: 41
source-address: "ipv4_outer_src_111"
}
action {
decap-network-instance: "DECAP_TE_VRF"
post-network-instance: "DEFAULT"
decap-fallback-network-instance: "TE_VRF_111"
}
}
rule {
sequence-id: 13
action {
network-instance: "DEFAULT"
}
}
}
}
}
}
}
}
- Install the following gRIBI AFTs.
IPv4Entry {138.0.11.0/24 (ENCAP_TE_VRF_A)} -> NHG#101 (DEFAULT VRF) -> {
{NH#101, DEFAULT VRF, weight:1},
{NH#102, DEFAULT VRF, weight:3},
backup_next_hop_group: 200 // in case specific vendor implementation or bugs pruned the NHs.
}
IPv4Entry {138.0.11.0/24 (ENCAP_TE_VRF_B)} -> NHG#102 (DEFAULT VRF) -> {
{NH#101, DEFAULT VRF, weight:3},
{NH#102, DEFAULT VRF, weight:1},
backup_next_hop_group: 200 // in case specific vendor implementation or bugs pruned the NHs.
}
IPv6Entry {2001:db8::138:0:11:0/126 (ENCAP_TE_VRF_A)} -> NHG#101 (DEFAULT VRF) -> {
{NH#101, DEFAULT VRF, weight:1},
{NH#102, DEFAULT VRF, weight:3},
backup_next_hop_group: 200 // in case specific vendor implementation or bugs pruned the NHs.
}
IPv6Entry {2001:db8::138:0:11:0/126 (ENCAP_TE_VRF_B)} -> NHG#102 (DEFAULT VRF) -> {
{NH#101, DEFAULT VRF, weight:3},
{NH#102, DEFAULT VRF, weight:1},
backup_next_hop_group: 200 // in case specific vendor implementation or bugs pruned the NHs.
}
NH#101 -> {
encapsulate_header: OPENCONFIGAFTTYPESENCAPSULATIONHEADERTYPE_IPV4
ip_in_ip {
dst_ip: "203.0.113.1"
src_ip: "ipv4_outer_src_111"
}
network_instance: "TE_VRF_111"
}
NH#102 -> {
encapsulate_header: OPENCONFIGAFTTYPESENCAPSULATIONHEADERTYPE_IPV4
ip_in_ip {
dst_ip: "203.10.113.2"
src_ip: "ipv4_outer_src_111"
}
network_instance: "TE_VRF_111"
}
NHG#200 (Default VRF) {
{NH#200, DEFAULT VRF, weight:1}
}
NH#200 -> {
network_instance: "DEFAULT"
}
IPv4Entry {203.0.113.1/32 (TE_VRF_111)} -> NHG#1 (DEFAULT VRF) -> {
{NH#1, DEFAULT VRF, weight:1,ip_address=192.0.2.101},
{NH#2, DEFAULT VRF, weight:3,ip_address=192.0.2.102},
backup_next_hop_group: 1000 // re-encap to 203.0.113.100
}
IPv4Entry {192.0.2.101/32 (DEFAULT VRF)} -> NHG#11 (DEFAULT VRF) -> {
{NH#11, DEFAULT VRF, weight:1,mac_address:magic_mac, interface-ref:dut-port-2-interface},
{NH#12, DEFAULT VRF, weight:3,mac_address:magic_mac, interface-ref:dut-port-3-interface},
}
IPv4Entry {192.0.2.102/32 (DEFAUlT VRF)} -> NHG#12 (DEFAULT VRF) -> {
{NH#13, DEFAULT VRF, weight:2,mac_address:magic_mac, interface-ref:dut-port-4-interface},
}
NHG#1000 (Default VRF) {
{NH#1000, DEFAULT VRF}
}
NH#1000 -> {
decapsulate_header: OPENCONFIGAFTTYPESENCAPSULATIONHEADERTYPE_IPV4
encapsulate_header: OPENCONFIGAFTTYPESENCAPSULATIONHEADERTYPE_IPV4
ip_in_ip {
dst_ip: "203.0.113.100"
src_ip: "ipv4_outer_src_222"
}
network_instance: "TE_VRF_222"
}
IPv4Entry {203.0.113.100/32 (TE_VRF_222)} -> NHG#2 (DEFAULT VRF) -> {
{NH#3, DEFAULT VRF, weight:1,ip_address=192.0.2.103},
backup_next_hop_group: 1001 // decap to DEFAULT VRF
}
IPv4Entry {192.0.2.103/32 (DEFAULT VRF)} -> NHG#13 (DEFAULT VRF) -> {
{NH#14, DEFAULT VRF, weight:1,mac_address:magic_mac, interface-ref:dut-port-5-interface},
}
NHG#1001 (Default VRF) {
{NH#1001, DEFAULT VRF, weight:1}
}
NH#1001 -> {
decapsulate_header: OPENCONFIGAFTTYPESENCAPSULATIONHEADERTYPE_IPV4
network_instance: "DEFAULT"
}
// 203.10.113.2 is the tunnel IP address. Note that the NHG#3 is different than NHG#1.
IPv4Entry {203.10.113.2/32 (TE_VRF_111)} -> NHG#3 (DEFAULT VRF) -> {
{NH#4, DEFAULT VRF, weight:1,ip_address=192.0.2.104},
backup_next_hop_group: 1002 // re-encap to 203.10.113.101
}
IPv4Entry {192.0.2.104/32 (DEFAULT VRF)} -> NHG#14 (DEFAULT VRF) -> {
{NH#15, DEFAULT VRF, weight:1,mac_address:magic_mac, interface-ref:dut-port-6-interface},
}
NHG#1002 (DEFAULT VRF) {
{NH#1002, DEFAULT VRF}
}
NH#1002 -> {
decapsulate_header: OPENCONFIGAFTTYPESENCAPSULATIONHEADERTYPE_IPV4
encapsulate_header: OPENCONFIGAFTTYPESENCAPSULATIONHEADERTYPE_IPV4
ip_in_ip {
dst_ip: "203.0.113.101"
src_ip: "ipv4_outer_src_222"
}
network_instance: "TE_VRF_222"
}
IPv4Entry {203.0.113.101/32 (TE_VRF_222)} -> NHG#4 (DEFAULT VRF) -> {
{NH#5, DEFAULT VRF, weight:1,ip_address=192.0.2.105},
backup_next_hop_group: 1001 // decap to DEFAULT VRF
}
IPv4Entry {192.0.2.105/32 (DEFAULT VRF)} -> NHG#15 (DEFAULT VRF) -> {
{NH#16, DEFAULT VRF, weight:1,mac_address:magic_mac, interface-ref:dut-port-7-interface},
}
-
Install a BGP route resolved by ISIS in default VRF to rout traffic out of DUT port-8.
-
Install an 0/0 static route in ENCAP_VRF_A and ENCAP_VRF_B pointing to the DEFAULT VRF.
-
Install an 0/0 ipv6 static route in ENCAP_VRF_A and ENCAP_VRF_B pointing to the DEFAULT VRF.
The DUT should be reset to the baseline after each of the following tests.
-
Using gRIBI to install the following entries in the
DECAP_TE_VRF
:IPv4Entry {192.51.100.1/24 (DECAP_TE_VRF)} -> NHG#1001 (DEFAULT VRF) -> { {NH#1001, DEFAULT VRF, weight:1} } NH#1001 -> { decapsulate_header: OPENCONFIGAFTTYPESDECAPSULATIONHEADERTYPE_IPV4 }
-
Apply vrf selection policy
vrf_selection_policy_w
to DUT port-1. -
Send the following 6in4 and 4in4 flows to DUT port-1:
* inner_src: `ipv4_inner_src` * inner_dst: `ipv4_inner_encap_match` * dscp: `dscp_encap_no_match` * outter_src: `ipv4_outter_src_111` * outter_dst: `ipv4_outter_decap_match` * dscp: `dscp_encap_no_match` * proto: `4` * inner_src: `ipv6_inner_src` * inner_dst: `ipv6_inner_encap_match` * dscp: `dscp_encap_no_match` * outter_src: `ipv4_outter_src_111` * outter_dst: `ipv4_outter_decap_match` * dscp: `dscp_encap_no_match` * proto: `41`
-
Verify that the packets have their outer v4 header stripped and are forwarded out of DUT port-8 per the BGP-ISIS routes in the DEFAULT VRF.
-
Verify that the TTL value is copied from the outer header to the inner header.
-
Change the subnet mask from /24 and repeat the test for the masks /32, /22, and /28 and verify again that the packets are decapped and forwarded correctly.
-
Repeat the test with packets with a destination address 203.0.113.1/32 that does not match the decap entry, and verify that such packets are not decapped.
-
Using gRIBI to install the following entries in the
DECAP_TE_VRF
:IPv4Entry {192.51.100.1/24 (DECAP_TE_VRF)} -> NHG#1001 (DEFAULT VRF) -> { {NH#1001, DEFAULT VRF, weight:1} } NH#1001 -> { decapsulate_header: OPENCONFIGAFTTYPESDECAPSULATIONHEADERTYPE_IPV4 }
-
Apply vrf selection policy
vrf_selection_policy_w
to DUT port-1. -
Send the following 6in4 and 4in4 flows to DUT port-1:
* inner_src: `ipv4_inner_src` * inner_dst: `ipv4_inner_encap_no_match` * dscp: `dscp_encap_a_1` * outter_src: `ipv4_outter_src_111` * outter_dst: `ipv4_outter_decap_match` * dscp: `dscp_encap_a_1` * proto: `4` * inner_src: `ipv6_inner_src` * inner_dst: `ipv6_inner_encap_no_match` * dscp: `dscp_encap_a_1` * outter_src: `ipv4_outter_src_111` * outter_dst: `ipv4_outter_decap_match` * dscp: `dscp_encap_a_1` * proto: `41`
-
Verify that the packets have their outer v4 header stripped and are forwarded out of DUT port-8 per the BGP-ISIS routes in the DEFAULT VRF.
-
Verify that the TTL value is copied from the outer header to the inner header.
-
Change the subnet mask from /24 and repeat the test for the masks /32, /22, and /28 and verify again that the packets are decapped and forwarded correctly.
Support for decap actions with mixed prefixes installed through gRIBI
-
Add the following gRIBI entries:
IPv4Entry {192.51.128.0/22 (DECAP_TE_VRF)} -> NHG#1001 (DEFAULT VRF) -> { {NH#1001, DEFAULT VRF, weight:1} } IPv4Entry {192.55.200.3/32 (DECAP_TE_VRF)} -> NHG#1001 (DEFAULT VRF) -> { {NH#1001, DEFAULT VRF, weight:1} } NH#1001 -> { decapsulate_header: OPENCONFIGAFTTYPESDECAPSULATIONHEADERTYPE_IPV4 }
-
Apply vrf selection policy
vrf_selection_policy_w
to DUT port-1. -
Send the following 6in4 and 4in4 flows to DUT port-1:
* inner_src: `ipv6_inner_src` * inner_dst: `ipv6_inner_encap_match` * dscp: `dscp_encap_no_match` * outter_src: `ipv4_outter_src_111` * outter_dst: `192.55.200.3` * dscp: `dscp_encap_no_match` * proto: `41` * inner_src: `ipv4_inner_src` * inner_dst: `ipv4_inner_encap_match` * dscp: `dscp_encap_no_match` * outter_src: `ipv4_outter_src_111` * outter_dst: `192.51.128.5` * dscp: `dscp_encap_no_match` * proto: `4`
-
Verify that the packets have their outer v4 header stripped, and are forwarded according to the route in the DEFAULT VRF that matches the inner IP address.
-
Repeat the test with packets with a destination address 203.0.113.1/32 that does not match the decap route, and verify that such packets are not decapped.
Ensures that tunneled traffic is correctly forwarded when there is no match in the DECAP_VRF. The intent of this test is to ensure that the VRF selection policy correctly sends these packets to either TE_VRF_111
or TE_VRF_222
.
- Apply vrf selection policy
vrf_selection_policy_c
to DUT port-1. - Send 4in4 (IP protocol 4) and 6in4 (IP protocol 41) packets to DUT port-1 where
- The outer v4 header has the destination address 203.0.113.1.
- The outer v4 header has the source address ipv4_outer_src_111.
- The outer v4 header has DSCP value has
dscp_encap_no_match
anddscp_encap_match
- We should expect that all egress packets (100%) are IPinIP encapped with 203.0.113.1 as the outer header, and egress on DUT port-2, port-3 and port-4 per the hierarchical weight.
- Send 4in4 (IP protocol 4) and 6in4 (IP protocol 41) packets to DUT port-2 where
- The outer v4 header has the destination address 203.0.113.100.
- The outer v4 header has the source address ipv4_outer_src_222.
- The outer v4 header has DSCP value has
dscp_encap_no_match
anddscp_encap_match
We should expect that the egress traffic are 100% encapped with 203.0.113.100 as the outer header, and egress on DUT port-5.
Tests support for TE disabled IPinIP IPv4 (IP protocol 4) cluster traffic arriving on WAN facing ports. Specifically, this test verifies the tunnel traffic identification using ipv4_outer_src_111 and ipv4_outer_src_222 in the VRF selection policy.
- Apply vrf selection policy
vrf_selection_policy_w
to DUT port-1. - Send 6in4 and 4in4 packets to DUT port-1, where:
- The outer v4 header has the destination address 138.0.11.8.
- The outer v4 header has the source address that’s not ipv4_outer_src_111 or ipv4_outer_src_222. For example, we can use 198.100.200.123.
- We should expect that all egress packets:
- 100% are still IPinIP (4in4) with outer v4 destination address as
138.0.11.8
. - and, egressed out of DUT port-8 per the route in the DEFAULT VRF.
- 100% are still IPinIP (4in4) with outer v4 destination address as
- Send v4 packet with protocol
17
(not 6in4 or 4in4), where:- The outer v4 header has the destination address 138.0.11.8.
- 50% of the packets with source address as ipv4_outer_src_111.
- 50% of the packets with source address as ipv4_outer_src_222.
- We should expect that all egress packets:
- 100% are still of protocl
17
and with outer v4 destination address as138.0.11.8
. - and, egressed out of DUT port-8 per the route in the DEFAULT VRF.
- 100% are still of protocl
- Remove the matching route (e.g. stop the BGP routes) in the DEFAULT VRF and verify that the traffic are dropped.
-
Using gRIBI to install the following entries in the
DECAP_TE_VRF
:IPv4Entry {192.51.100.1/24 (DECAP_TE_VRF)} -> NHG#1001 (DEFAULT VRF) -> { {NH#1001, DEFAULT VRF, weight:1} } NH#1001 -> { decapsulate_header: OPENCONFIGAFTTYPESDECAPSULATIONHEADERTYPE_IPV4 }
-
Apply vrf selection policy
vrf_selection_policy_w
to DUT port-1. -
Send the following packets to DUT port-1:
* inner_src: `ipv4_inner_src` * inner_dst: `ipv4_inner_encap_match` * dscp: `dscp_encap_a_1` * outter_src: `ipv4_outter_src_222` * outter_dst: `ipv4_outter_decap_match` * dscp: `dscp_encap_a_1` * proto: `4`
* inner_src: `ipv6_inner_src` * inner_dst: `ipv6_inner_encap_match` * dscp: `dscp_encap_a_1` * outter_src: `ipv4_outter_src_111` * outter_dst: `ipv4_outter_decap_match` * dscp: `dscp_encap_a_1` * proto: `41`
-
We should expect that all egress packets:
- are IPinIP encapped with outer source IP as
ipv4_outter_src_111
and dscp valuedscp_encap_a_1
. - 1/4 are with 203.0.113.1 as the outer header destination IP.
- 3/4 are with 203.10.113.2 as the outer header destination IPs.
- egress on DUT port-2, port-3, port-4 and port-6 per the hierarchical weight.
- are IPinIP encapped with outer source IP as
-
Send the following packets to DUT port -1
* inner_src: `ipv4_inner_src` * inner_dst: `ipv4_inner_encap_match` * dscp: `dscp_encap_b_1` * outter_src: `ipv4_outter_src_111` * outter_dst: `ipv4_outter_decap_match` * dscp: `dscp_encap_b_1` * proto: `4` * inner_src: `ipv6_inner_src` * inner_dst: `ipv6_inner_encap_match` * dscp: `dscp_encap_b_1` * outter_src: `ipv4_outter_src_222` * outter_dst: `ipv4_outter_decap_match` * dscp: `dscp_encap_b_1` * proto: `41`
-
We should expect that all egress packets:
- are IPinIP encapped with outer source IP as
ipv4_outter_src_111
and dscp valuedscp_encap_b_1
. - 3/4 are with 203.0.113.1 as the outer header destination IP.
- 1/4 are with 203.10.113.2 as the outer header destination IPs.
- egress on DUT port-2, port-3, port-4 and port-6 per the hierarchical weight.
- are IPinIP encapped with outer source IP as
- network-instances/network-instance/name
- network-instances/network-instance/policy-forwarding/policies/policy/policy-id
- network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/sequence-id
- network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/ipv4/protocol
- network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/ipv4/dscp-set
- network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/ipv4/source-address
- network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/ipv6/protocol
- network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/ipv6/dscp-set
- network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/ipv6/source-address
- network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/action/decap-network-instance
- network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/action/post-decap-network-instance
- network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/action/decap-fallback-network-instance
- network-instances/network-instance/name
- network-instances/network-instance/policy-forwarding/policies/policy/policy-id
- network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/sequence-id
- network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/ipv4/protocol
- network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/ipv4/dscp-set
- network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/ipv4/source-address
- network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/ipv6/protocol
- network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/ipv6/dscp-set
- network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/ipv6/source-address
- network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/action/decap-network-instance
- network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/action/post-network-instance
- network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/action/decap-fallback-network-instance
- gRIBI:
- Modify
- ModifyRequest
- Modify
vRX
The below yaml defines the OC paths intended to be covered by this test. OC paths used for test setup are not listed here.
paths:
## Config paths
/network-instances/network-instance/policy-forwarding/policies/policy/config/policy-id:
/network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/config/sequence-id:
/network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/ipv4/config/protocol:
/network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/ipv4/config/dscp-set:
/network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/ipv4/config/source-address:
/network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/ipv6/config/protocol:
/network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/ipv6/config/dscp-set:
/network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/ipv6/config/source-address:
/network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/action/config/decap-network-instance:
/network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/action/config/post-decap-network-instance:
/network-instances/network-instance/policy-forwarding/policies/policy/rules/rule/action/config/decap-fallback-network-instance:
## State paths
/network-instances/network-instance/protocols/protocol/isis/interfaces/interface/levels/level/adjacencies/adjacency/state/adjacency-state:
/network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/session-state:
rpcs:
gnmi:
gNMI.Set:
gNMI.Subscribe:
gribi:
gRIBI.Modify:
gRIBI.Flush:
-
Home
- Test Plans
- Authz: General Authz (1-4) tests
- CNTR-2: Container network connectivity tests
- DP-1.2: QoS policy feature config
- DP-1.3: QoS ECN feature config
- DP-1.4: QoS Interface Output Queue Counters
- DP-1.7: One strict priority queue traffic test
- DP-1.8: Two strict priority queue traffic test
- DP-1.9: WRR traffic test
- DP-1.10: Mixed strict priority and WRR traffic test
- DP-1.11: Bursty traffic test
- DP-1.14: QoS basic test
- example-0.1: Topology Test
- FP-1.1: Power admin DOWN/UP Test
- gNMI-1.1: cli Origin
- gNMI-1.2: Benchmarking: Full Configuration Replace
- gNMI-1.3: Benchmarking: Drained Configuration Convergence Time
- gNMI-1.4: Telemetry: Inventory
- gNMI-1.5: Telemetry: Port Speed Test
- gNMI-1.8: Configuration Metadata-only Retrieve and Replace
- gNMI-1.9: Get requests
- gNMI-1.10: Telemetry: Basic Check
- gNMI-1.11: Telemetry: Interface Packet Counters
- gNMI-1.12: Mixed OpenConfig/CLI Origin
- gNMI-1.13: Optics Telemetry, Instant, threshold, and miscellaneous static info
- gNMI-1.14: OpenConfig metadata consistency during large config push
- gNMI-1.15: Set Requests
- gNMI-1.16: fabric redundancy test
- gNMI-1.17: Controller Card redundancy test
- gNMI-1.18: gNMI subscribe with sample mode for backplane capacity counters
- gNMI-1.19: ConfigPush after Control Card switchover
- gNMI-1.20: Telemetry: Optics Thresholds
- gNMI-1.21: Integrated Circuit Hardware Resource Utilization Test
- gNMI-1.22: Controller card port attributes
- gNMI-1.27: gNMI Sample Mode Test
- gNOI-2.1: Packet-based Link Qualification
- gNOI-3.1: Complete Chassis Reboot
- gNOI-3.2: Per-Component Reboot
- gNOI-3.3: Supervisor Switchover
- gNOI-3.4: Chassis Reboot Status and Reboot Cancellation
- gNOI-4.1: Software Upgrade
- gNOI-5.1: Ping Test
- gNOI-5.2: Traceroute Test
- gNOI-5.3: Copying Debug Files
- gNOI-6.1: Factory Reset
- Health-1.1: Generic Health Check
- Health-1.2: Healthz component status paths
- MGT-1: Management HA solution test
- MTU-1.3: Large IP Packet Transmission
- OC-1.2: Default Address Families
- OC-26.1: Network Time Protocol (NTP)
- P4RT-1.1: Base P4RT Functionality
- P4RT-1.2: P4RT Daemon Failure
- P4RT-2.1: P4RT Election
- P4RT-2.2: P4RT Metadata Validation
- P4RT-3.1: Google Discovery Protocol: PacketIn
- P4RT-3.2: Google Discovery Protocol: PacketOut
- P4RT-5.1: Traceroute: PacketIn
- P4RT-5.2: Traceroute Packetout
- P4RT-6.1: Required Packet I/O rate: Performance
- P4RT-7.1: LLDP: PacketIn
- P4RT-7.2: LLDP: PacketOut
- Replay-1.0: Record/replay presession test
- Replay-1.1: Record/replay diff command trees test
- Replay-1.2: P4RT Replay Test
- RT-1.1: Base BGP Session Parameters
- RT-1.2: BGP Policy & Route Installation
- RT-1.3: BGP Route Propagation
- RT-1.4: BGP Graceful Restart
- RT-1.5: BGP Prefix Limit
- RT-1.7: Local BGP Test
- RT-1.10: BGP Keepalive and HoldTimer Configuration Test
- RT-1.11: BGP remove private AS
- RT-1.12: BGP always compare MED
- RT-1.14: BGP Long-Lived Graceful Restart
- RT-1.19: BGP 2-Byte and 4-Byte ASN support
- RT-1.21: BGP TCP MSS and PMTUD
- RT-1.23: BGP AFI SAFI OC DEFAULTS
- RT-1.24: BGP 2-Byte and 4-Byte ASN support with policy
- RT-1.25: Management network-instance default static route
- RT-1.26: Basic static route support
- RT-1.27: Static route to BGP redistribution
- RT-1.28: BGP to IS-IS redistribution
- RT-1.29: BGP chained import/export policy attachment
- RT-1.30: BGP nested import/export policy attachment
- RT-1.32: BGP policy actions - MED, LocPref, prepend, flow-control
- RT-1.33: BGP Policy with prefix-set matching
- RT-1.51: BGP multipath ECMP
- RT-1.52: BGP multipath UCMP support with Link Bandwidth Community
- RT-2.1: Base IS-IS Process and Adjacencies
- RT-2.2: IS-IS LSP Updates
- RT-2.6: IS-IS Hello-Padding enabled at interface level
- RT-2.7: IS-IS Passive is enabled at interface level
- RT-2.8: IS-IS metric style wide not enabled
- RT-2.9: IS-IS metric style wide enabled
- RT-2.10: IS-IS change LSP lifetime
- RT-2.11: IS-IS Passive is enabled at the area level
- RT-2.12: Static route to IS-IS redistribution
- RT-2.13: Weighted-ECMP for IS-IS
- RT-2.14: IS-IS Drain Test
- RT-3.1: Policy based VRF selection
- RT-3.2: Multiple <Protocol, DSCP> Rules for VRF Selection
- RT-4.10: AFTs Route Summary
- RT-5.1: Singleton Interface
- RT-5.2: Aggregate Interfaces
- RT-5.3: Aggregate Balancing
- RT-5.4: Aggregate Forwarding Viable
- RT-5.5: Interface hold-time
- RT-5.6: Interface Loopback mode
- RT-5.8: IPv6 Link Local
- RT-5.9: Disable IPv6 ND Router Arvetisment
- RT-5.10: IPv6 Link Local generated by SLAAC
- RT-6.1: Core LLDP TLV Population
- RT-7.1: BGP default policies
- RT-7.2: BGP Policy Community Set
- RT-7.3: BGP Policy AS Path Set
- RT-7.4: BGP Policy AS Path Set and Community Set
- RT-7.5: BGP Policy - Match and Set Link Bandwidth Community
- RT-7.8: BGP Policy Match Standard Community and Add Community Import/Export Policy
- RT-7.11: BGP Policy - Import/Export Policy Action Using Multiple Criteria
- SEC-3.1: Authentication
- SFLOW-1: sFlow Configuration and Sampling
- System-1: System testing
- TE-1.1: Static ARP
- TE-1.2: My Station MAC
- TE-2.1: gRIBI IPv4 Entry
- TE-2.2: gRIBI IPv4 Entry With Aggregate Ports
- TE-3.1: Base Hierarchical Route Installation
- TE-3.2: Traffic Balancing According to Weights
- TE-3.3: Hierarchical weight resolution
- TE-3.5: Ordering: ACK Received
- TE-3.6: ACK in the Presence of Other Routes
- TE-3.7: Base Hierarchical NHG Update
- TE-3.31: Hierarchical weight resolution with PBF
- TE-4.1: Base Leader Election
- TE-4.2: Persistence Mode
- TE-5.1: gRIBI Get RPC
- TE-6.1: Route Removal via Flush
- TE-6.2: Route Removal In Non Default VRF
- TE-8.1: DUT Daemon Failure
- TE-8.2: Supervisor Failure
- TE-9.1: FIB FAILURE DUE TO HARDWARE RESOURCE EXHAUST
- TE-9.2: MPLS based forwarding Static LSP
- TE-9: gRIBI MPLS Compliance
- TE-10: gRIBI MPLS Forwarding
- TE-11.1: Backup NHG: Single NH
- TE-11.2: Backup NHG: Multiple NH
- TE-11.3: Backup NHG: Actions
- TE-11.21: Backup NHG: Multiple NH with PBF
- TE-11.31: Backup NHG: Actions with PBF
- TE-13.1: gRIBI route ADD during Failover
- TE-13.2: gRIBI route DELETE during Failover
- TE-14.1: gRIBI Scaling
- TE-14.2: encap and decap scale
- TE-15.1: gRIBI Compliance
- TE-16.1: basic encapsulation tests
- TE-16.2: encapsulation FRR scenarios
- TE-17.1: VRF selection policy driven TE
- TR-6.1: Remote Syslog feature config
- TRANSCEIVER-1: Telemetry: 400ZR Chromatic Dispersion(CD) telemetry values streaming
- TRANSCEIVER-3: Telemetry: 400ZR Optics firmware version streaming
- TRANSCEIVER-4: Telemetry: 400ZR RX input and TX output power telemetry values streaming.
- TRANSCEIVER-5: Configuration: 400ZR channel frequency, output TX launch power and operational mode setting.
- TRANSCEIVER-6: Telemetry: 400ZR Optics performance metrics (pm) streaming.
- TRANSCEIVER-7: Telemetry: 400ZR Optics inventory info streaming
- TRANSCEIVER-8: Telemetry: 400ZR Optics module temperature streaming.
- TRANSCEIVER-9: Telemetry: 400ZR TX laser bias current telemetry values streaming.
- TRANSCEIVER-10: Telemetry: 400ZR Optics FEC(Forward Error Correction) Uncorrectable Frames Streaming.
- TRANSCEIVER-11: Telemetry: 400ZR Optics logical channels provisioning and related telemetry.
- TRANSCEIVER-12: Telemetry: 400ZR Transceiver Supply Voltage streaming.
- TRANSCEIVER-13: Configuration: 400ZR Transceiver Low Power Mode Setting.
- TUN-1.4: Interface based IPv6 GRE Encapsulation
- TUN-1.9: GRE inner packet DSCP
- Test Plans