6.7. ip6

6.7.1. 2n1l-10ge2p1x710-ethip6-ip6base-adlalwlistbase-scapy suite

ADL Security IPv6 allowlist test cases

  • [Top] Network Topologies: TG-DUT1-TG 2-node circular topology with single links between nodes.

  • [Enc] Packet Encapsulations: Eth-IPv6 on all links.

  • [Cfg] DUT configuration: DUT1 is configured with IPv6 routing and static routes. ADL security allowlists are applied on DUT1 ingress interface from TG.

  • [Ver] TG verification: Test IPv6 packets are sent in one direction by TG on link to DUT1; on receive TG verifies packets for correctness and drops as applicable.

  • [Ref] Applicable standard specifications:

*** Settings ***
| Resource | resources/libraries/robot/shared/default.robot
|
| Force Tags | 2_NODE_SINGLE_LINK_TOPO | DEVICETEST | HW_ENV | DCR_ENV | SCAPY
| ... | NIC_Intel-X710 | ETH | IP6FWD | FEATURE | ADLALWLIST | DRV_VFIO_PCI
| ... | RXQ_SIZE_0 | TXQ_SIZE_0
| ... | ethip6-ip6base-adlalwlistbase
|
| Suite Setup | Setup suite topology interfaces | scapy
| Test Setup | Setup test
| Test Teardown | Tear down test | packet_trace | telemetry
|
| Test Template | Local Template
|
| 
*** Variables ***
| @{plugins_to_enable}= | dpdk_plugin.so | perfmon_plugin.so | adl_plugin.so
| ${crypto_type}= | ${None}
| ${nic_name}= | Intel-X710
| ${nic_driver}= | vfio-pci
| ${nic_rxq_size}= | 0
| ${nic_txq_size}= | 0
| ${nic_pfs}= | 2
| ${nic_vfs}= | 0
| ${overhead}= | ${0}
# Telemetry
| ${telemetry_profile}= | vppctl_test_teardown

6.7.1.1. Local Template

  • [Ver] Make TG send IPv6 on its interface to DUT1; verify received IPv6 pkts are correct.

Arguments: - frame_size - Framesize in Bytes in integer. Type: integer - phy_cores - Number of physical cores. Type: integer - rxq - Number of RX queues, default value: ${None}. Type: integer


Set Test Variable  \${frame_size}
Given Set Max Rate And Jumbo
  And Add worker threads to all DUTs  ${phy_cores}  ${rxq}
  And Pre-initialize layer driver  ${nic_driver}
  And Apply startup configuration on all VPP DUTs  with_trace=${True}
 When Initialize layer driver  ${nic_driver}
  And Initialize layer interface
  And Initialize IPv6 forwarding in circular topology
  And Add Fib Table  ${dut1}  1  ipv6=${TRUE}
  And Vpp Route Add  ${dut1}  2001:1::  64  vrf=1  local=${TRUE}
  And ADL Add allowlist Entry  ${dut1}  ${DUT1_${int}1}[0]  ip6  1
  And ADL interface enable or disable  ${dut1}  ${DUT1_${int}1}[0]  enable
 Then Send packet and verify headers  ${tg}  2001:1::2  2001:2::2  ${TG_pf1}[0]  ${TG_pf1_mac}[0]  ${DUT1_vf1_mac}[0]  ${TG_pf2}[0]  ${DUT1_vf2_mac}[0]  ${TG_pf2_mac}[0]

6.7.1.2. 78B-0c-ethip6-ip6base-adlalwlistbase-scapy


frame_size=${78}  phy_cores=${0}

6.7.2. 2n1l-10ge2p1x710-ethip6-ip6base-adlblklistbase-scapy suite

ADL Security IPv6 allowlist test cases

  • [Top] Network Topologies: TG-DUT1-TG 2-node circular topology with single links between nodes.

  • [Enc] Packet Encapsulations: Eth-IPv6 on all links.

  • [Cfg] DUT configuration: DUT1 is configured with IPv6 routing and static routes. ADL security allowlists are applied on DUT1 ingress interface from TG.

  • [Ver] TG verification: Test IPv6 packets are sent in one direction by TG on link to DUT1; on receive TG verifies packets for correctness and drops as applicable.

  • [Ref] Applicable standard specifications:

*** Settings ***
| Resource | resources/libraries/robot/shared/default.robot
|
| Force Tags | 2_NODE_SINGLE_LINK_TOPO | DEVICETEST | HW_ENV | DCR_ENV | SCAPY
| ... | NIC_Intel-X710 | ETH | IP6FWD | FEATURE | ADLBLKLIST | DRV_VFIO_PCI
| ... | RXQ_SIZE_0 | TXQ_SIZE_0
| ... | ethip6-ip6base-adlblklistbase
|
| Suite Setup | Setup suite topology interfaces | scapy
| Test Setup | Setup test
| Test Teardown | Tear down test | packet_trace | telemetry
|
| Test Template | Local Template
|
| 
*** Variables ***
| @{plugins_to_enable}= | dpdk_plugin.so | perfmon_plugin.so | adl_plugin.so
| ${crypto_type}= | ${None}
| ${nic_name}= | Intel-X710
| ${nic_driver}= | vfio-pci
| ${nic_rxq_size}= | 0
| ${nic_txq_size}= | 0
| ${nic_pfs}= | 2
| ${nic_vfs}= | 0
| ${overhead}= | ${0}
# Telemetry
| ${telemetry_profile}= | vppctl_test_teardown

6.7.2.1. Local Template

  • [Ver] Make TG send IPv6 on its interface to DUT1; verify received IPv6 pkts are correct.

Arguments: - frame_size - Framesize in Bytes in integer. Type: integer - phy_cores - Number of physical cores. Type: integer - rxq - Number of RX queues, default value: ${None}. Type: integer


Set Test Variable  \${frame_size}
Given Set Max Rate And Jumbo
  And Add worker threads to all DUTs  ${phy_cores}  ${rxq}
  And Pre-initialize layer driver  ${nic_driver}
  And Apply startup configuration on all VPP DUTs  with_trace=${True}
 When Initialize layer driver  ${nic_driver}
  And Initialize layer interface
  And Initialize IPv6 forwarding in circular topology
  And Add Fib Table  ${dut1}  1  ipv6=${True}
  And Vpp Route Add  ${dut1}  2002:1::0  64  vrf=1  local=${True}
  And ADL Add allowlist Entry  ${dut1}  ${DUT1_${int}1}[0]  ip6  1
  And ADL interface enable or disable  ${dut1}  ${DUT1_${int}1}[0]  enable
 Then Packet transmission from port to port should fail  ${tg}  2002:1::2  2002:2::2  ${TG_pf1}[0]  ${TG_pf1_mac}[0]  ${DUT1_vf1_mac}[0]  ${TG_pf2}[0]  ${DUT1_vf2_mac}[0]  ${TG_pf2_mac}[0]

6.7.2.2. 78B-0c-ethip6-ip6base-adlblklistbase-scapy


frame_size=${78}  phy_cores=${0}

6.7.3. 2n1l-10ge2p1x710-ethip6-ip6base-iacldstbase-scapy suite

IPv6 iAcl whitelist test cases

  • [Top] Network Topologies: TG-DUT1-TG 2-node circular topology with single links between nodes.

  • [Enc] Packet Encapsulations: Eth-IPv6 on all links.

  • [Cfg] DUT configuration: DUT1 is configured with IPv6 routing static routes. IPv6 iAcl security whitelist is applied on DUT1 ingress interface from TG.

  • [Ver] TG verification: Test IPv6 packets are sent in one direction by TG on link to DUT1; on receive TG verifies packets for correctness and drops as applicable.

  • [Ref] Applicable standard specifications:

*** Settings ***
| Resource | resources/libraries/robot/shared/default.robot
|
| Force Tags | 2_NODE_SINGLE_LINK_TOPO | DEVICETEST | HW_ENV | DCR_ENV | SCAPY
| ... | NIC_Intel-X710 | ETH | IP6FWD | FEATURE | IACLDST | DRV_VFIO_PCI
| ... | RXQ_SIZE_0 | TXQ_SIZE_0
| ... | ethip6-ip6base-iacldstbase
|
| Suite Setup | Setup suite topology interfaces | scapy
| Test Setup | Setup test
| Test Teardown | Tear down test | packet_trace | telemetry | classify
|
| Test Template | Local Template
|
| 
*** Variables ***
| @{plugins_to_enable}= | dpdk_plugin.so | perfmon_plugin.so
| ${crypto_type}= | ${None}
| ${nic_name}= | Intel-X710
| ${nic_driver}= | vfio-pci
| ${nic_rxq_size}= | 0
| ${nic_txq_size}= | 0
| ${nic_pfs}= | 2
| ${nic_vfs}= | 0
| ${overhead}= | ${0}
# Telemetry
| ${telemetry_profile}= | vppctl_test_teardown

6.7.3.1. Local Template

  • [Ver] Make TG send IPv6 on its interface to DUT1; verify received IPv6 pkts are correct.

Arguments: - frame_size - Framesize in Bytes in integer or string (IMIX_v4_1). Type: integer, string - phy_cores - Number of physical cores. Type: integer - rxq - Number of RX queues, default value: ${None}. Type: integer


Set Test Variable  \${frame_size}
Given Set Max Rate And Jumbo
  And Add worker threads to all DUTs  ${phy_cores}  ${rxq}
  And Pre-initialize layer driver  ${nic_driver}
  And Apply startup configuration on all VPP DUTs  with_trace=${True}
 When Initialize layer driver  ${nic_driver}
  And Initialize layer interface
  And Initialize IPv6 forwarding in circular topology
${table_idx}  ${skip_n}  ${match_n}=  And Vpp Creates Classify Table L3  ${dut1}  ip6  dst  ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
  And Vpp Configures Classify Session L3  ${dut1}  permit  ${table_idx}  ${skip_n}  ${match_n}  ip6  dst  2001:2::2
  And Vpp Enable Input Acl Interface  ${dut1}  ${DUT1_${int}1}[0]  ip6  ${table_idx}
 Then Send packet and verify headers  ${tg}  2001:1::2  2001:2::2  ${TG_pf1}[0]  ${TG_pf1_mac}[0]  ${DUT1_vf1_mac}[0]  ${TG_pf2}[0]  ${DUT1_vf2_mac}[0]  ${TG_pf2_mac}[0]

6.7.3.2. 78B-0c-ethip6-ip6base-iacldstbase-scapy


frame_size=${78}  phy_cores=${0}

6.7.4. 2n1l-10ge2p1x710-ethip6-ip6base-ipolicemarkbase-scapy suite

IPv4 policer test cases

  • [Top] Network Topologies: TG-DUT1-TG 2-node circular topology with single links between nodes.

  • [Enc] Packet Encapsulations: Eth-IPv6 on all links.

  • [Cfg] DUT configuration: On DUT1 configure interfaces IPv6 addresses and static ARP record on the second interface. On DUT1 configure 2R3C color-aware policer on the first interface.

  • [Ver] TG verification: Test packet is sent from TG on the first link to DUT1. Packet is received on TG on the second link from DUT1.

  • [Ref] Applicable standard specifications: RFC2474, RFC2697, RFC2698.

*** Settings ***
| Resource | resources/libraries/robot/shared/default.robot
|
| Force Tags | 2_NODE_SINGLE_LINK_TOPO | DEVICETEST | HW_ENV | DCR_ENV | SCAPY
| ... | NIC_Intel-X710 | ETH | IP6FWD | FEATURE | POLICE_MARK | DRV_VFIO_PCI
| ... | RXQ_SIZE_0 | TXQ_SIZE_0
| ... | ethip6-ip6base-ipolicemarkbase
|
| Suite Setup | Setup suite topology interfaces | scapy
| Test Setup | Setup test
| Test Teardown | Tear down test | packet_trace | telemetry | classify
|
| Test Template | Local Template
|
| 
*** Variables ***
| @{plugins_to_enable}= | dpdk_plugin.so | perfmon_plugin.so
| ${crypto_type}= | ${None}
| ${nic_name}= | Intel-X710
| ${nic_driver}= | vfio-pci
| ${nic_rxq_size}= | 0
| ${nic_txq_size}= | 0
| ${nic_pfs}= | 2
| ${nic_vfs}= | 0
| ${overhead}= | ${0}
| ${cir}= | ${100}
| ${eir}= | ${150}
| ${dscp}= | AF22
# Telemetry
| ${telemetry_profile}= | vppctl_test_teardown

6.7.4.1. Local Template

  • [Ver] Test packet is sent from TG on the first link to DUT1. Packet is received on TG on the second link from DUT1.

Arguments: - frame_size - Framesize in Bytes in integer. Type: integer - phy_cores - Number of physical cores. Type: integer - rxq - Number of RX queues, default value: ${None}. Type: integer


Set Test Variable  \${frame_size}
Given Set Max Rate And Jumbo
  And Set Rates For Policer
  And Add worker threads to all DUTs  ${phy_cores}  ${rxq}
  And Pre-initialize layer driver  ${nic_driver}
  And Apply startup configuration on all VPP DUTs  with_trace=${True}
 When Initialize layer driver  ${nic_driver}
  And Initialize layer interface
  And Initialize IPv6 forwarding in circular topology
  And Initialize IPv6 policer 2r3c-'ca' in circular topology
 Then Send packet and verify marking  ${tg}  ${TG_pf1}[0]  ${TG_pf2}[0]  ${TG_pf1_mac}[0]  ${DUT1_${int}1_mac}[0]  2001:1::2  2001:2::2

6.7.4.2. 78B-0c-ethip6-ip6base-ipolicemarkbase-scapy


frame_size=${78}  phy_cores=${0}

6.7.5. 2n1l-10ge2p1x710-ethip6-ip6base-scapy suite

IPv6 routing test cases

  • [Top] Network Topologies: TG-DUT1-TG 2-node circular topology with single links between nodes.

  • [Enc] Packet Encapsulations: Eth-IPv6 for IPv6 routing on both links.

  • [Cfg] DUT configuration: DUT1 is configured with IPv6 routing two static IPv6 /64 route entries.

  • [Ver] TG verification: Test IPv6 packet is sent in one direction by TG on links to DUT1; on receive TG verifies packet for correctness and their IPv6 src-addr, dst-addr and MAC addresses.

  • [Ref] Applicable standard specifications: RFC2460, RFC4443, RFC4861.

*** Settings ***
| Resource | resources/libraries/robot/shared/default.robot
|
| Force Tags | 2_NODE_SINGLE_LINK_TOPO | DEVICETEST | HW_ENV | DCR_ENV | SCAPY
| ... | NIC_Intel-X710 | ETH | IP6FWD | BASE | IP6BASE | DRV_VFIO_PCI
| ... | RXQ_SIZE_0 | TXQ_SIZE_0
| ... | ethip6-ip6base
|
| Suite Setup | Setup suite topology interfaces | scapy
| Test Setup | Setup test
| Test Teardown | Tear down test | packet_trace | telemetry
|
| Test Template | Local Template
|
| 
*** Variables ***
| @{plugins_to_enable}= | dpdk_plugin.so | perfmon_plugin.so
| ${crypto_type}= | ${None}
| ${nic_name}= | Intel-X710
| ${nic_driver}= | vfio-pci
| ${nic_rxq_size}= | 0
| ${nic_txq_size}= | 0
| ${nic_pfs}= | 2
| ${nic_vfs}= | 0
| ${overhead}= | ${0}
# Telemetry
| ${telemetry_profile}= | vppctl_test_teardown

6.7.5.1. Local Template

  • [Ver] Make TG send IPv6 packet routed over DUT1 interfaces. Make TG verify IPv6 packet is correct.

Arguments: - frame_size - Framesize in Bytes in integer. Type: integer - phy_cores - Number of physical cores. Type: integer - rxq - Number of RX queues, default value: ${None}. Type: integer


Set Test Variable  \${frame_size}
Given Set Max Rate And Jumbo
  And Add worker threads to all DUTs  ${phy_cores}  ${rxq}
  And Pre-initialize layer driver  ${nic_driver}
  And Apply startup configuration on all VPP DUTs  with_trace=${True}
 When Initialize layer driver  ${nic_driver}
  And Initialize layer interface
  And Initialize IPv6 forwarding in circular topology  remote_host1_ip=3ffe:5f::1  remote_host2_ip=3ffe:5f::2
 Then Send packet and verify headers  ${tg}  3ffe:5f::1  3ffe:5f::2  ${TG_pf1}[0]  ${TG_pf1_mac}[0]  ${DUT1_vf1_mac}[0]  ${TG_pf2}[0]  ${DUT1_vf2_mac}[0]  ${TG_pf2_mac}[0]

6.7.5.2. 78B-0c-ethip6-ip6base-scapy


frame_size=${78}  phy_cores=${0}