8.2.12. RPF Source Security

8.2.12.1. eth2p-ethip4-ip4base-rpf-func

Source RPF check on IPv4 test cases

  • [Top] Network Topologies: TG - DUT1 - DUT2 - TG with one link between the nodes.
  • [Cfg] DUT configuration: DUT2 is configured with L2 Cross connect. DUT1 is configured with IP source check on link to TG,
  • [Ver] TG verification: Test ICMP Echo Request packets are sent in one direction by TG on link to DUT1 and received on TG link to DUT2. On receive TG verifies if packets which source address is not in routes are dropped.
Name VPP API Test (VAT) Commands History - Commands Used Per Test Case
TC01: VPP source RPF check on IPv4 src-addr
 DUT1: 
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 3 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 192.168.1.1/24
sw_interface_add_del_address sw_if_index 3 192.168.2.1/24
ip_neighbor_add_del sw_if_index 3 dst 192.168.2.2 mac fa:16:3e:12:d2:d2
ip_add_del_route 32.0.0.1/24 via 192.168.2.2 sw_if_index 3 count 1
ip_neighbor_add_del sw_if_index 1 dst 192.168.1.2 mac fa:16:3e:6a:a9:9f
ip_add_del_route 16.0.0.1/24 via 192.168.1.2 sw_if_index 1 count 1
exec set interface ip source-check GigabitEthernet0/4/0

DUT2:
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 3 admin-up
sw_interface_dump
sw_interface_set_flags sw_if_index 3 admin-up
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1
sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3
TC02: VPP pass traffic on non-enabled RPF interface
 DUT1: 
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 3 admin-up
sw_interface_dump
sw_interface_add_del_address sw_if_index 1 192.168.1.1/24
sw_interface_add_del_address sw_if_index 3 192.168.2.1/24
ip_neighbor_add_del sw_if_index 3 dst 192.168.2.2 mac fa:16:3e:12:d2:d2
ip_add_del_route 32.0.0.1/24 via 192.168.2.2 sw_if_index 3 count 1
ip_neighbor_add_del sw_if_index 1 dst 192.168.1.2 mac fa:16:3e:6a:a9:9f
ip_add_del_route 16.0.0.1/24 via 192.168.1.2 sw_if_index 1 count 1
exec set interface ip source-check GigabitEthernet0/4/0

DUT2:
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_flags sw_if_index 3 admin-up
sw_interface_dump
sw_interface_set_flags sw_if_index 3 admin-up
sw_interface_set_flags sw_if_index 1 admin-up
sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1
sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3