6.2.1. ethip4

6.2.1.1. 2n1l-10ge2p1x710-ethip4ipsec11tnlsw-ip4base-int-aes128cbc-hmac512sha-scapy suite

IPv4 IPsec tunnel mode test suite.

  • [Top] Network topologies: TG-DUT1 2-node topology with one link between nodes.

  • [Cfg] DUT configuration: On DUT1 create loopback interface, configure loopback an physical interface IPv4 addresses, static ARP record, route and IPsec manual keyed connection in tunnel mode.

  • [Ver] TG verification: ETH-IP4 packet is sent from TG to DUT1. Packet is received on TG from DUT1.

  • [Ref] Applicable standard specifications: RFC4303.

*** Settings ***
| Resource | resources/libraries/robot/shared/default.robot
|
| Force Tags | 2_NODE_SINGLE_LINK_TOPO | DEVICETEST | HW_ENV | DCR_ENV | SCAPY
| ... | NIC_Intel-X710 | IP4FWD | IPSEC | IPSECSW | IPSECINT | IP4BASE
| ... | AES_128_CBC | HMAC_SHA_512 | HMAC | AES | DRV_VFIO_PCI
| ... | RXQ_SIZE_0 | TXQ_SIZE_0
| ... | ethip4ipsec11tnlsw-ip4base-int-aes128cbc-hmac512sha
|
| Suite Setup | Setup suite topology interfaces | scapy
| Test Setup | Setup test
| Test Teardown | Tear down test | packet_trace | telemetry | ipsec_sa
|
| Test Template | Local Template
|
| 
*** Variables ***
| @{plugins_to_enable}= | dpdk_plugin.so | perfmon_plugin.so
| ... | crypto_native_plugin.so | crypto_ipsecmb_plugin.so
| ... | crypto_openssl_plugin.so
| ${crypto_type}= | ${None}
| ${nic_name}= | Intel-X710
| ${nic_driver}= | vfio-pci
| ${nic_rxq_size}= | 0
| ${nic_txq_size}= | 0
| ${nic_pfs}= | 2
| ${nic_vfs}= | 0
| ${overhead}= | ${90}
| ${tg_if1_ip4}= | 192.168.10.2
| ${dut1_if1_ip4}= | 192.168.10.1
| ${tun_if1_ip4}= | 100.0.0.1
| ${tun_if2_ip4}= | 200.0.0.2
| ${raddr_ip4}= | 20.0.0.0
| ${laddr_ip4}= | 10.0.0.0
| ${addr_range}= | ${24}
| ${n_tunnels}= | ${11}
# Telemetry
| ${telemetry_profile}= | vppctl_test_teardown

6.2.1.1.1. Local Template

  • [Cfg] On DUT1 configure IPsec tunnel interfaces with encryption algorithm AES_128_CBC and integrity algorithm HMAC_SHA_512 in tunnel mode.

Arguments: - frame_size - Framesize in Bytes in integer. Type: integer - phy_cores - Number of physical cores. Type: integer - rxq - Number of RX queues, default value: ${None}. Type: integer


Set Test Variable  \${frame_size}
${encr_alg} =  Crypto Alg AES CBC 128
${auth_alg} =  Integ Alg SHA 512 256
Given Set Max Rate And Jumbo
  And Add worker threads to all DUTs  ${phy_cores}  ${rxq}
  And Pre-initialize layer driver  ${nic_driver}
  And Apply startup configuration on all VPP DUTs  with_trace=${True}
 When Initialize layer driver  ${nic_driver}
  And Initialize layer interface
  And Initialize IPSec in 2-node circular topology
${encr_keys}  ${auth_keys}  ${dut_spi}  ${tg_spi} =  And VPP IPsec Create Tunnel Interfaces  ${nodes}  ${tun_if1_ip4}  ${tun_if2_ip4}  ${DUT1_${int}2}[0]  ${TG_pf2}[0]  ${n_tunnels}  ${encr_alg}  ${auth_alg}  ${laddr_ip4}  ${raddr_ip4}  ${addr_range}  return_keys=${True}
 Then Send IP Packet and verify ESP encapsulation in received packet  ${tg}  ${TG_pf1}[0]  ${TG_pf2}[0]  ${DUT1_${int}1_mac}[0]  ${DUT1_${int}2_mac}[0]  ${encr_alg}  ${encr_keys}[0]  ${auth_alg}  ${auth_keys}[0]  ${dut_spi}  ${tg_spi}  ${laddr_ip4}  ${raddr_ip4}  ${tun_if1_ip4}  ${tun_if2_ip4}

6.2.1.1.2. 64B-0c-ethip4ipsec11tnlsw-ip4base-int-aes128cbc-hmac512sha-scapy


frame_size=${64}  phy_cores=${0}

6.2.1.2. 2n1l-10ge2p1x710-ethip4ipsec1tnlsw-ip4base-int-aes128cbc-hmac512sha-scapy suite

IPv4 IPsec tunnel mode test suite.

  • [Top] Network topologies: TG-DUT1 2-node topology with one link between nodes.

  • [Cfg] DUT configuration: On DUT1 create loopback interface, configure loopback an physical interface IPv4 addresses, static ARP irecord, route and IPsec manual keyed connection in tunnel mode.

  • [Ver] TG verification: ETH-IP4 packet is sent from TG to DUT1. Packet is received on TG from DUT1.

  • [Ref] Applicable standard specifications: RFC4303.

*** Settings ***
| Resource | resources/libraries/robot/shared/default.robot
|
| Force Tags | 2_NODE_SINGLE_LINK_TOPO | DEVICETEST | HW_ENV | DCR_ENV | SCAPY
| ... | NIC_Intel-X710 | IP4FWD | IPSEC | IPSECSW | IPSECINT | IP4BASE
| ... | AES_128_CBC | HMAC_SHA_512 | HMAC | AES | DRV_VFIO_PCI
| ... | RXQ_SIZE_0 | TXQ_SIZE_0
| ... | ethip4ipsec1tnlsw-ip4base-int-aes128cbc-hmac512sha
|
| Suite Setup | Setup suite topology interfaces | scapy
| Test Setup | Setup test
| Test Teardown | Tear down test | packet_trace | telemetry | ipsec_sa
|
| Test Template | Local Template
|
| 
*** Variables ***
| @{plugins_to_enable}= | dpdk_plugin.so | perfmon_plugin.so
| ... | crypto_native_plugin.so | crypto_ipsecmb_plugin.so
| ... | crypto_openssl_plugin.so
| ${crypto_type}= | ${None}
| ${nic_name}= | Intel-X710
| ${nic_driver}= | vfio-pci
| ${nic_rxq_size}= | 0
| ${nic_txq_size}= | 0
| ${nic_pfs}= | 2
| ${nic_vfs}= | 0
| ${overhead}= | ${90}
| ${tg_if1_ip4}= | 192.168.10.2
| ${dut1_if1_ip4}= | 192.168.10.1
| ${tun_if1_ip4}= | 100.0.0.1
| ${tun_if2_ip4}= | 200.0.0.2
| ${raddr_ip4}= | 20.0.0.0
| ${laddr_ip4}= | 10.0.0.0
| ${addr_range}= | ${24}
| ${n_tunnels}= | ${1}
# Telemetry
| ${telemetry_profile}= | vppctl_test_teardown

6.2.1.2.1. Local Template

  • [Cfg] On DUT1 configure IPsec tunnel interface with encryption algorithm AES_128_CBC and integrity algorithm HMAC_SHA_512 in tunnel mode.

Arguments: - frame_size - Framesize in Bytes in integer. Type: integer - phy_cores - Number of physical cores. Type: integer - rxq - Number of RX queues, default value: ${None}. Type: integer


Set Test Variable  \${frame_size}
${encr_alg} =  Crypto Alg AES CBC 128
${auth_alg} =  Integ Alg SHA 512 256
Given Set Max Rate And Jumbo
  And Add worker threads to all DUTs  ${phy_cores}  ${rxq}
  And Pre-initialize layer driver  ${nic_driver}
  And Apply startup configuration on all VPP DUTs  with_trace=${True}
 When Initialize layer driver  ${nic_driver}
  And Initialize layer interface
  And Initialize IPSec in 2-node circular topology
${encr_keys}  ${auth_keys}  ${dut_spi}  ${tg_spi} =  And VPP IPsec Create Tunnel Interfaces  ${nodes}  ${tun_if1_ip4}  ${tun_if2_ip4}  ${DUT1_${int}2}[0]  ${TG_pf2}[0]  ${n_tunnels}  ${encr_alg}  ${auth_alg}  ${laddr_ip4}  ${raddr_ip4}  ${addr_range}  return_keys=${True}
 Then Send IP Packet and verify ESP encapsulation in received packet  ${tg}  ${TG_pf1}[0]  ${TG_pf2}[0]  ${DUT1_${int}1_mac}[0]  ${DUT1_${int}2_mac}[0]  ${encr_alg}  ${encr_keys}[0]  ${auth_alg}  ${auth_keys}[0]  ${dut_spi}  ${tg_spi}  ${laddr_ip4}  ${raddr_ip4}  ${tun_if1_ip4}  ${tun_if2_ip4}

6.2.1.2.2. 64B-0c-ethip4ipsec1tnlsw-ip4base-int-aes128cbc-hmac512sha-scapy


frame_size=${64}  phy_cores=${0}

6.2.1.3. 2n1l-10ge2p1x710-ethip4ipsec1tnlsw-ip4base-policy-aes128cbc-hmac512sha-scapy suite

IPv4 IPsec tunnel mode test suite.

  • [Top] Network topologies: TG-DUT1 2-node topology with one link between nodes.

  • [Cfg] DUT configuration: On DUT1 create loopback interface, configure loopback an physical interface IPv4 addresses, static ARP record, route and IPsec manual keyed connection in tunnel mode.

  • [Ver] TG verification: ESP packet is sent from TG to DUT1. ESP packet is received on TG from DUT1.

  • [Ref] Applicable standard specifications: RFC4303.

*** Settings ***
| Resource | resources/libraries/robot/shared/default.robot
|
| Force Tags | 2_NODE_SINGLE_LINK_TOPO | DEVICETEST | HW_ENV | DCR_ENV | SCAPY
| ... | NIC_Intel-X710 | IP4FWD | IPSEC | IPSECSW | IPSECTUN | IP4BASE
| ... | AES_128_CBC | HMAC_SHA_512 | HMAC | AES | DRV_VFIO_PCI
| ... | RXQ_SIZE_0 | TXQ_SIZE_0
| ... | ethip4ipsec1tnlsw-ip4base-policy-aes128cbc-hmac512sha
|
| Suite Setup | Setup suite topology interfaces | scapy
| Test Setup | Setup test
| Test Teardown | Tear down test | packet_trace | telemetry | ipsec_sa
|
| Test Template | Local Template
|
| 
*** Variables ***
| @{plugins_to_enable}= | dpdk_plugin.so | perfmon_plugin.so
| ... | crypto_native_plugin.so | crypto_ipsecmb_plugin.so
| ... | crypto_openssl_plugin.so
| ${crypto_type}= | ${None}
| ${nic_name}= | Intel-X710
| ${nic_driver}= | vfio-pci
| ${nic_rxq_size}= | 0
| ${nic_txq_size}= | 0
| ${nic_pfs}= | 2
| ${nic_vfs}= | 0
| ${overhead}= | ${54}
| ${tg_spi}= | ${1000}
| ${dut_spi}= | ${1001}
| ${ESP_PROTO}= | ${50}
| ${tg_if1_ip4}= | 192.168.100.2
| ${tg_if2_ip4}= | 192.168.4.4
| ${dut_if1_ip4}= | 192.168.100.3
| ${dut_if2_ip4}= | 192.168.4.3
| ${tg_host_ip4}= | 192.168.3.3
| ${ip4_plen}= | ${24}
# Telemetry
| ${telemetry_profile}= | vppctl_test_teardown

6.2.1.3.1. Local Template

  • [Cfg] On DUT1 configure IPsec manual keyed connection with encryption algorithm AES_128_CBC and integrity algorithm HMAC_SHA_512 in tunnel mode.

Arguments: - frame_size - Framesize in Bytes in integer. Type: integer - phy_cores - Number of physical cores. Type: integer - rxq - Number of RX queues, default value: ${None}. Type: integer


Set Test Variable  \${frame_size}
${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA 512 256
Given Set Max Rate And Jumbo
  And Add worker threads to all DUTs  ${phy_cores}  ${rxq}
  And Pre-initialize layer driver  ${nic_driver}
  And Apply startup configuration on all VPP DUTs  with_trace=${True}
 When Initialize layer driver  ${nic_driver}
  And Initialize layer interface
  And Configure topology for IPv4 IPsec testing
  And Generate keys for IPSec  ${encr_alg}  ${auth_alg}
  And Configure manual keyed connection for IPSec  ${dut1}  ${DUT1_${int}1}[0]  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${tg_dst_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}
 Then Send IPsec Packet and verify ESP encapsulation in received packet  ${tg}  ${TG_pf1}[0]  ${TG_pf2}[0]  ${DUT1_vf1_mac}[0]  ${DUT1_vf2_mac}[0]  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${tg_dst_ip}  ${tg_tun_ip}  ${dut_tun_ip}

6.2.1.3.2. 64B-0c-ethip4ipsec1tnlsw-ip4base-policy-aes128cbc-hmac512sha-scapy


frame_size=${64}  phy_cores=${0}

6.2.1.4. 2n1l-10ge2p1x710-ethip4ipsec1tptsw-ip4base-policy-aes128cbc-hmac512sha-scapy suite

IPv4 IPsec transport mode test suite.

  • [Top] Network topologies: TG-DUT1 2-node topology with one link between nodes.

  • [Cfg] DUT configuration: On DUT1 create loopback interface, configure loopback an physical interface IPv4 addresses, static ARP record, route and IPsec manual keyed connection in transport mode.

  • [Ver] TG verification: ESP packet is sent from TG to DUT1. ESP packet is received on TG from DUT1.

  • [Ref] Applicable standard specifications: RFC4303.

*** Settings ***
| Resource | resources/libraries/robot/shared/default.robot
|
| Force Tags | 2_NODE_SINGLE_LINK_TOPO | DEVICETEST | HW_ENV | DCR_ENV | SCAPY
| ... | NIC_Intel-X710 | IP4FWD | IPSEC | IPSECSW | IPSECTPT | IP4BASE
| ... | AES_128_CBC | HMAC_SHA_512 | HMAC | AES | DRV_VFIO_PCI
| ... | RXQ_SIZE_0 | TXQ_SIZE_0
| ... | ethip4ipsec1tptsw-ip4base-policy-aes128cbc-hmac512sha
|
| Suite Setup | Setup suite topology interfaces | scapy
| Test Setup | Setup test
| Test Teardown | Tear down test | packet_trace | telemetry | ipsec_sa
|
| Test Template | Local Template
|
| 
*** Variables ***
| @{plugins_to_enable}= | dpdk_plugin.so | perfmon_plugin.so
| ... | crypto_native_plugin.so | crypto_ipsecmb_plugin.so
| ... | crypto_openssl_plugin.so
| ${crypto_type}= | ${None}
| ${nic_name}= | Intel-X710
| ${nic_driver}= | vfio-pci
| ${nic_rxq_size}= | 0
| ${nic_txq_size}= | 0
| ${nic_pfs}= | 2
| ${nic_vfs}= | 0
| ${overhead}= | ${54}
| ${tg_spi}= | ${1000}
| ${dut_spi}= | ${1001}
| ${ESP_PROTO}= | ${50}
| ${tg_if1_ip4}= | 192.168.100.2
| ${tg_if2_ip4}= | 192.168.4.4
| ${dut_if1_ip4}= | 192.168.100.3
| ${dut_if2_ip4}= | 192.168.4.3
| ${tg_host_ip4}= | 192.168.3.3
| ${ip4_plen}= | ${24}
# Telemetry
| ${telemetry_profile}= | vppctl_test_teardown

6.2.1.4.1. Local Template

  • [Cfg] On DUT1 configure IPsec manual keyed connection with encryption algorithm AES_128_CBC and integrity algorithm HMAC_SHA_512 in transport mode.

Arguments: - frame_size - Framesize in Bytes in integer. Type: integer - phy_cores - Number of physical cores. Type: integer - rxq - Number of RX queues, default value: ${None}. Type: integer


Set Test Variable  \${frame_size}
${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA 512 256
Given Set Max Rate And Jumbo
  And Add worker threads to all DUTs  ${phy_cores}  ${rxq}
  And Pre-initialize layer driver  ${nic_driver}
  And Apply startup configuration on all VPP DUTs  with_trace=${True}
 When Initialize layer driver  ${nic_driver}
  And Initialize layer interface
  And Configure topology for IPv4 IPsec testing
  And Generate keys for IPSec  ${encr_alg}  ${auth_alg}
  And Configure manual keyed connection for IPSec  ${dut1}  ${DUT1_${int}1}[0]  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${tg_dst_ip}  ${tg_src_ip}
 Then Send IPsec Packet and verify ESP encapsulation in received packet  ${tg}  ${TG_pf1}[0]  ${TG_pf2}[0]  ${DUT1_vf1_mac}[0]  ${DUT1_vf2_mac}[0]  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${tg_dst_ip}

6.2.1.4.2. 64B-0c-ethip4ipsec1tptsw-ip4base-policy-aes128cbc-hmac512sha-scapy


frame_size=${64}  phy_cores=${0}