tests/topotests/bgp_auth/test_bgp_auth2.py

   1 #!/usr/bin/env python
   2 # SPDX-License-Identifier: ISC
   3
   4 #
   5 # test_bgp_auth.py
   6 # Part of NetDEF Topology Tests
   7 #
   8 # Copyright (c) 2020 by Volta Networks
   9 #
  10
  11 """
  12 test_bgp_auth.py: Test BGP Md5 Authentication
  13
  14                              +------+
  15                     +--------|      |--------+
  16                     | +------|  R1  |------+ |
  17                     | | -----|      |----+ | |
  18                     | | |    +------+    | | |
  19                     | | |                | | |
  20                    +------+            +------+
  21                    |      |------------|      |
  22                    |  R2  |------------|  R3  |
  23                    |      |------------|      |
  24                    +------+            +------+
  25
  26
  27 setup is 3 routers with 3 links between each each link in a different vrf
  28 Default, blue and red respectively
  29 Tests check various fiddling with passwords and checking that the peer
  30 establishment is as expected and passwords are not leaked across sockets
  31 for bgp instances
  32 """
  33 # pylint: disable=C0413
  34
  35 import json
  36 import os
  37 import platform
  38 import sys
  39 from time import sleep
  40
  41 import pytest
  42 from lib import common_config, topotest
  43 from lib.common_config import (
  44     save_initial_config_on_routers,
  45     reset_with_new_configs,
  46 )
  47 from bgp_auth_common import (
  48     check_all_peers_established,
  49     check_vrf_peer_remove_passwords,
  50     check_vrf_peer_change_passwords,
  51     check_all_peers_established,
  52 )
  53 from lib.topogen import Topogen, TopoRouter, get_topogen
  54
  55 pytestmark = [pytest.mark.bgpd, pytest.mark.ospfd]
  56
  57 CWD = os.path.dirname(os.path.realpath(__file__))
  58
  59
  60 def build_topo(tgen):
  61     tgen.add_router("R1")
  62     tgen.add_router("R2")
  63     tgen.add_router("R3")
  64
  65     tgen.add_link(tgen.gears["R1"], tgen.gears["R2"])
  66     tgen.add_link(tgen.gears["R1"], tgen.gears["R3"])
  67     tgen.add_link(tgen.gears["R2"], tgen.gears["R3"])
  68     tgen.add_link(tgen.gears["R1"], tgen.gears["R2"])
  69     tgen.add_link(tgen.gears["R1"], tgen.gears["R3"])
  70     tgen.add_link(tgen.gears["R2"], tgen.gears["R3"])
  71     tgen.add_link(tgen.gears["R1"], tgen.gears["R2"])
  72     tgen.add_link(tgen.gears["R1"], tgen.gears["R3"])
  73     tgen.add_link(tgen.gears["R2"], tgen.gears["R3"])
  74
  75
  76 def setup_module(mod):
  77     "Sets up the pytest environment"
  78     # This function initiates the topology build with Topogen...
  79     tgen = Topogen(build_topo, mod.__name__)
  80     # ... and here it calls Mininet initialization functions.
  81     tgen.start_topology()
  82
  83     r1 = tgen.gears["R1"]
  84     r2 = tgen.gears["R2"]
  85     r3 = tgen.gears["R3"]
  86
  87     # blue vrf
  88     r1.cmd_raises("ip link add blue type vrf table 1001")
  89     r1.cmd_raises("ip link set up dev blue")
  90     r2.cmd_raises("ip link add blue type vrf table 1001")
  91     r2.cmd_raises("ip link set up dev blue")
  92     r3.cmd_raises("ip link add blue type vrf table 1001")
  93     r3.cmd_raises("ip link set up dev blue")
  94
  95     r1.cmd_raises("ip link add lo1 type dummy")
  96     r1.cmd_raises("ip link set lo1 master blue")
  97     r1.cmd_raises("ip link set up dev lo1")
  98     r2.cmd_raises("ip link add lo1 type dummy")
  99     r2.cmd_raises("ip link set up dev lo1")
 100     r2.cmd_raises("ip link set lo1 master blue")
 101     r3.cmd_raises("ip link add lo1 type dummy")
 102     r3.cmd_raises("ip link set up dev lo1")
 103     r3.cmd_raises("ip link set lo1 master blue")
 104
 105     r1.cmd_raises("ip link set R1-eth2 master blue")
 106     r1.cmd_raises("ip link set R1-eth3 master blue")
 107     r2.cmd_raises("ip link set R2-eth2 master blue")
 108     r2.cmd_raises("ip link set R2-eth3 master blue")
 109     r3.cmd_raises("ip link set R3-eth2 master blue")
 110     r3.cmd_raises("ip link set R3-eth3 master blue")
 111
 112     r1.cmd_raises("ip link set up dev  R1-eth2")
 113     r1.cmd_raises("ip link set up dev  R1-eth3")
 114     r2.cmd_raises("ip link set up dev  R2-eth2")
 115     r2.cmd_raises("ip link set up dev  R2-eth3")
 116     r3.cmd_raises("ip link set up dev  R3-eth2")
 117     r3.cmd_raises("ip link set up dev  R3-eth3")
 118
 119     # red vrf
 120     r1.cmd_raises("ip link add red type vrf table 1002")
 121     r1.cmd_raises("ip link set up dev red")
 122     r2.cmd_raises("ip link add red type vrf table 1002")
 123     r2.cmd_raises("ip link set up dev red")
 124     r3.cmd_raises("ip link add red type vrf table 1002")
 125     r3.cmd_raises("ip link set up dev red")
 126
 127     r1.cmd_raises("ip link add lo2 type dummy")
 128     r1.cmd_raises("ip link set lo2 master red")
 129     r1.cmd_raises("ip link set up dev lo2")
 130     r2.cmd_raises("ip link add lo2 type dummy")
 131     r2.cmd_raises("ip link set up dev lo2")
 132     r2.cmd_raises("ip link set lo2 master red")
 133     r3.cmd_raises("ip link add lo2 type dummy")
 134     r3.cmd_raises("ip link set up dev lo2")
 135     r3.cmd_raises("ip link set lo2 master red")
 136
 137     r1.cmd_raises("ip link set R1-eth4 master red")
 138     r1.cmd_raises("ip link set R1-eth5 master red")
 139     r2.cmd_raises("ip link set R2-eth4 master red")
 140     r2.cmd_raises("ip link set R2-eth5 master red")
 141     r3.cmd_raises("ip link set R3-eth4 master red")
 142     r3.cmd_raises("ip link set R3-eth5 master red")
 143
 144     r1.cmd_raises("ip link set up dev  R1-eth4")
 145     r1.cmd_raises("ip link set up dev  R1-eth5")
 146     r2.cmd_raises("ip link set up dev  R2-eth4")
 147     r2.cmd_raises("ip link set up dev  R2-eth5")
 148     r3.cmd_raises("ip link set up dev  R3-eth4")
 149     r3.cmd_raises("ip link set up dev  R3-eth5")
 150
 151     r1.cmd_raises("sysctl -w net.ipv4.tcp_l3mdev_accept=1")
 152     r2.cmd_raises("sysctl -w net.ipv4.tcp_l3mdev_accept=1")
 153     r3.cmd_raises("sysctl -w net.ipv4.tcp_l3mdev_accept=1")
 154
 155     # This is a sample of configuration loading.
 156     router_list = tgen.routers()
 157
 158     # For all registered routers, load the zebra configuration file
 159     for rname, router in router_list.items():
 160         router.load_config(TopoRouter.RD_ZEBRA, "zebra.conf")
 161         router.load_config(TopoRouter.RD_OSPF)
 162         router.load_config(TopoRouter.RD_BGP)
 163
 164     # After copying the configurations, this function loads configured daemons.
 165     tgen.start_router()
 166
 167     # Save the initial router config. reset_config_on_routers will return to this config.
 168     save_initial_config_on_routers(tgen)
 169
 170
 171 def teardown_module(mod):
 172     "Teardown the pytest environment"
 173     tgen = get_topogen()
 174
 175     # This function tears down the whole topology.
 176     tgen.stop_topology()
 177
 178
 179 def test_vrf_prefix_peer_established(tgen):
 180     "default vrf 3 peers same password with VRF prefix config"
 181
 182     # only supported in kernel > 5.3
 183     if topotest.version_cmp(platform.release(), "5.3") < 0:
 184         return
 185
 186     reset_with_new_configs(tgen, "bgpd_vrf_prefix.conf", "ospfd_vrf.conf")
 187     check_all_peers_established("blue")
 188
 189
 190 def test_vrf_prefix_peer_remove_passwords(tgen):
 191     "selectively remove passwords checking state with VRF prefix config"
 192
 193     # only supported in kernel > 5.3
 194     if topotest.version_cmp(platform.release(), "5.3") < 0:
 195         return
 196
 197     reset_with_new_configs(tgen, "bgpd_vrf_prefix.conf", "ospfd_vrf.conf")
 198     check_vrf_peer_remove_passwords(vrf="blue", prefix="yes")
 199
 200
 201 def test_vrf_prefix_peer_change_passwords(tgen):
 202     "selectively change passwords checking state with VRF prefix config"
 203
 204     # only supported in kernel > 5.3
 205     if topotest.version_cmp(platform.release(), "5.3") < 0:
 206         return
 207
 208     reset_with_new_configs(tgen, "bgpd_vrf_prefix.conf", "ospfd_vrf.conf")
 209     check_vrf_peer_change_passwords(vrf="blue", prefix="yes")
 210
 211
 212 def test_multiple_vrf_peer_established(tgen):
 213     "default vrf 3 peers same password with multiple VRFs"
 214
 215     reset_with_new_configs(tgen, "bgpd_multi_vrf.conf", "ospfd_multi_vrf.conf")
 216     check_all_peers_established("blue")
 217     check_all_peers_established("red")
 218
 219
 220 def test_multiple_vrf_peer_remove_passwords(tgen):
 221     "selectively remove passwords checking state with multiple VRFs"
 222
 223     reset_with_new_configs(tgen, "bgpd_multi_vrf.conf", "ospfd_multi_vrf.conf")
 224     check_vrf_peer_remove_passwords("blue")
 225     check_all_peers_established("red")
 226     check_vrf_peer_remove_passwords("red")
 227     check_all_peers_established("blue")
 228
 229
 230 def test_memory_leak(tgen):
 231     "Run the memory leak test and report results."
 232     if not tgen.is_memleak_enabled():
 233         pytest.skip("Memory leak test/report is disabled")
 234
 235     tgen.report_memory_leaks()
 236
 237
 238 if __name__ == "__main__":
 239     args = ["-s"] + sys.argv[1:]
 240     sys.exit(pytest.main(args))