6.2.2. ethip6

6.2.2.1. 2n1l-10ge2p1x710-ethip6ipsec1tnlsw-ip6base-policy-aes128cbc-hmac512sha-scapy suite

IPv6 IPsec tunnel mode test suite.

  • [Top] Network topologies: TG-DUT1 2-node topology with one link between nodes.

  • [Cfg] DUT configuration: On DUT1 create loopback interface, configure loopback an physical interface IPv6 addresses, static ARP record, route and IPsec manual keyed connection in tunnel mode.

  • [Ver] TG verification: ESP packet is sent from TG to DUT1. ESP packet is received on TG from DUT1.

  • [Ref] Applicable standard specifications: RFC4303.

*** Settings ***
| Resource | resources/libraries/robot/shared/default.robot
|
| Force Tags | 2_NODE_SINGLE_LINK_TOPO | DEVICETEST | HW_ENV | DCR_ENV | SCAPY
| ... | NIC_Intel-X710 | IP6FWD | IPSEC | IPSECSW | IPSECTUN | IP6BASE
| ... | AES_128_CBC | HMAC_SHA_512 | HMAC | AES | DRV_VFIO_PCI
| ... | RXQ_SIZE_0 | TXQ_SIZE_0
| ... | ethip6ipsec1tnlsw-ip6base-policy-aes128cbc-hmac512sha
|
| Suite Setup | Setup suite topology interfaces | scapy
| Test Setup | Setup test
| Test Teardown | Tear down test | packet_trace | telemetry | ipsec_sa
|
| Test Template | Local Template
|
| 
*** Variables ***
| @{plugins_to_enable}= | dpdk_plugin.so | perfmon_plugin.so
| ... | crypto_native_plugin.so | crypto_ipsecmb_plugin.so
| ... | crypto_openssl_plugin.so
| ${crypto_type}= | ${None}
| ${nic_name}= | Intel-X710
| ${nic_driver}= | vfio-pci
| ${nic_rxq_size}= | 0
| ${nic_txq_size}= | 0
| ${nic_pfs}= | 2
| ${nic_vfs}= | 0
| ${overhead}= | ${54}
| ${tg_spi}= | ${1000}
| ${dut_spi}= | ${1001}
| ${ESP_PROTO}= | ${50}
| ${tg_if1_ip6}= | 3ffe:5f::1
| ${tg_if2_ip6}= | 3ffe:60::4
| ${dut_if1_ip6}= | 3ffe:5f::2
| ${dut_if2_ip6}= | 3ffe:60::3
| ${tg_host_ip6}= | 3ffe:61::3
| ${ip6_plen}= | ${64}
| ${ip6_plen_rt}= | ${128}
# Telemetry
| ${telemetry_profile}= | vppctl_test_teardown

6.2.2.1.1. Local Template

  • [Cfg] On DUT1 configure IPsec manual keyed connection with encryption algorithm AES_128_CBC and integrity algorithm HMAC_SHA_512 in tunnel mode.

Arguments: - frame_size - Framesize in Bytes in integer. Type: integer - phy_cores - Number of physical cores. Type: integer - rxq - Number of RX queues, default value: ${None}. Type: integer


Set Test Variable  \${frame_size}
${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA 512 256
Given Set Max Rate And Jumbo
  And Add worker threads to all DUTs  ${phy_cores}  ${rxq}
  And Pre-initialize layer driver  ${nic_driver}
  And Apply startup configuration on all VPP DUTs  with_trace=${True}
 When Initialize layer driver  ${nic_driver}
  And Initialize layer interface
  And Configure topology for IPv6 IPsec testing
  And Generate keys for IPSec  ${encr_alg}  ${auth_alg}
  And Configure manual keyed connection for IPSec  ${dut1}  ${DUT1_${int}1}[0]  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${tg_dst_ip}  ${tg_src_ip}  ${dut_tun_ip}  ${tg_tun_ip}  is_ipv6=${TRUE}
 Then Send IPsec Packet and verify ESP encapsulation in received packet  ${tg}  ${TG_pf1}[0]  ${TG_pf2}[0]  ${DUT1_vf1_mac}[0]  ${DUT1_vf2_mac}[0]  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${tg_dst_ip}  ${tg_tun_ip}  ${dut_tun_ip}

6.2.2.1.2. 78B-0c-ethip6ipsec1tnlsw-ip6base-policy-aes128cbc-hmac512sha-scapy


frame_size=${78}  phy_cores=${0}

6.2.2.2. 2n1l-10ge2p1x710-ethip6ipsec1tptsw-ip6base-policy-aes128cbc-hmac512sha-scapy suite

IPv6 IPsec transport mode test suite.

  • [Top] Network topologies: TG-DUT1 2-node topology with one link between nodes.

  • [Cfg] DUT configuration: On DUT1 create loopback interface, configure loopback an physical interface IPv6 addresses, static ARP record, route and IPsec manual keyed connection in transport mode.

  • [Ver] TG verification: ESP packet is sent from TG to DUT1. ESP packet is received on TG from DUT1.

  • [Ref] Applicable standard specifications: RFC4303.

*** Settings ***
| Resource | resources/libraries/robot/shared/default.robot
|
| Force Tags | 2_NODE_SINGLE_LINK_TOPO | DEVICETEST | HW_ENV | DCR_ENV | SCAPY
| ... | NIC_Intel-X710 | IP6FWD | IPSEC | IPSECSW | IPSECTPT | IP6BASE
| ... | AES_128_CBC | HMAC_SHA_512 | HMAC | AES | DRV_VFIO_PCI
| ... | RXQ_SIZE_0 | TXQ_SIZE_0
| ... | ethip6ipsec1tptsw-ip6base-policy-aes128cbc-hmac512sha
|
| Suite Setup | Setup suite topology interfaces | scapy
| Test Setup | Setup test
| Test Teardown | Tear down test | packet_trace | telemetry | ipsec_sa
|
| Test Template | Local Template
|
| 
*** Variables ***
| @{plugins_to_enable}= | dpdk_plugin.so | perfmon_plugin.so
| ... | crypto_native_plugin.so | crypto_ipsecmb_plugin.so
| ... | crypto_openssl_plugin.so
| ${crypto_type}= | ${None}
| ${nic_name}= | Intel-X710
| ${nic_driver}= | vfio-pci
| ${nic_rxq_size}= | 0
| ${nic_txq_size}= | 0
| ${nic_pfs}= | 2
| ${nic_vfs}= | 0
| ${overhead}= | ${58}
| ${tg_spi}= | ${1000}
| ${dut_spi}= | ${1001}
| ${ESP_PROTO}= | ${50}
| ${tg_if1_ip6}= | 3ffe:5f::1
| ${tg_if2_ip6}= | 3ffe:60::4
| ${dut_if1_ip6}= | 3ffe:5f::2
| ${dut_if2_ip6}= | 3ffe:60::3
| ${tg_host_ip6}= | 3ffe:61::3
| ${ip6_plen}= | ${64}
| ${ip6_plen_rt}= | ${128}
# Telemetry
| ${telemetry_profile}= | vppctl_test_teardown

6.2.2.2.1. Local Template

  • [Cfg] On DUT1 configure IPsec manual keyed connection with encryption algorithm AES_128_CBC and integrity algorithm HMAC_SHA_512 in transport mode.

Arguments: - frame_size - Framesize in Bytes in integer. Type: integer - phy_cores - Number of physical cores. Type: integer - rxq - Number of RX queues, default value: ${None}. Type: integer


Set Test Variable  \${frame_size}
${encr_alg}=  Crypto Alg AES CBC 128
${auth_alg}=  Integ Alg SHA 512 256
Given Set Max Rate And Jumbo
  And Add worker threads to all DUTs  ${phy_cores}  ${rxq}
  And Pre-initialize layer driver  ${nic_driver}
  And Apply startup configuration on all VPP DUTs  with_trace=${True}
 When Initialize layer driver  ${nic_driver}
  And Initialize layer interface
  And Configure topology for IPv6 IPsec testing
  And Generate keys for IPSec  ${encr_alg}  ${auth_alg}
  And Configure manual keyed connection for IPSec  ${dut1}  ${DUT1_${int}1}[0]  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${dut_spi}  ${tg_spi}  ${tg_dst_ip}  ${tg_src_ip}  is_ipv6=${TRUE}
 Then Send IPsec Packet and verify ESP encapsulation in received packet  ${tg}  ${TG_pf1}[0]  ${TG_pf2}[0]  ${DUT1_vf1_mac}[0]  ${DUT1_vf2_mac}[0]  ${encr_alg}  ${encr_key}  ${auth_alg}  ${auth_key}  ${tg_spi}  ${dut_spi}  ${tg_src_ip}  ${tg_dst_ip}

6.2.2.2.2. 78B-0c-ethip6ipsec1tptsw-ip6base-policy-aes128cbc-hmac512sha-scapy


frame_size=${78}  phy_cores=${0}