test/e2e, multihoming: Check VLAN-ID change on NAD update

Add tests that make sure that:
- the N/S connectivity is broken after NAD updating the VLAN-ID.
- the N/S connectivity is restored after the server networking is
reconfigured to the new VLAN-ID.

Signed-off-by: Ram Lavi <[email protected]>

Author: RamLavi

test/e2e/localnet-underlay.go

@@ -45,6 +45,20 @@ func setupUnderlay(ovsPods []v1.Pod, portName string, nadConfig networkAttachmen
 	return nil
 }
 
+func ovsRemoveSwitchPort(ovsPods []v1.Pod, portName string, newVLANID int) error {
+	for _, ovsPod := range ovsPods {
+		if err := ovsRemoveVLANAccessPort(ovsPod.Name, bridgeName, portName); err != nil {
+			return fmt.Errorf("failed to remove old VLAN port: %v", err)
+		}
+
+		if err := ovsEnableVLANAccessPort(ovsPod.Name, bridgeName, portName, newVLANID); err != nil {
+			return fmt.Errorf("failed to add new VLAN port: %v", err)
+		}
+	}
+
+	return nil
+}
+
 func teardownUnderlay(ovsPods []v1.Pod) error {
 	for _, ovsPod := range ovsPods {
 		if err := removeOVSBridge(ovsPod.Name, bridgeName); err != nil {
@@ -117,6 +131,19 @@ func ovsEnableVLANAccessPort(ovsNodeName string, bridgeName string, portName str
 	return nil
 }
 
+func ovsRemoveVLANAccessPort(ovsNodeName string, bridgeName string, portName string) error {
+	cmd := []string{
+		"kubectl", "-n", ovnNamespace, "exec", ovsNodeName, "--",
+		"ovs-vsctl", "del-port", bridgeName, portName,
+	}
+
+	if _, err := runCommand(cmd...); err != nil {
+		return fmt.Errorf("failed to remove port %s from OVS bridge %s: %v", portName, bridgeName, err)
+	}
+
+	return nil
+}
+
 type BridgeMapping struct {
 	physnet   string
 	ovsBridge string

test/e2e/multihoming.go

@@ -838,12 +838,15 @@ var _ = Describe("Multi Homing", func() {
 						excludedSubnetLowerRange2 = "60.128.0.128/26" // Excludes IPs from 60.128.0.128 to 60.128.0.191
 						excludedSubnetUpperRange1 = "60.128.0.208/28" // Excludes IPs from 60.128.0.208 to 60.128.0.223
 						excludedSubnetUpperRange2 = "60.128.0.224/27" // Excludes IPs from 60.128.0.224 to 60.128.0.255
+						newLocalnetVLANID         = 30
 					)
 					BeforeEach(func() {
 						By("setting new MTU")
 						netConfig.mtu = expectedChangedMTU
 						By("setting new subnets to leave a smaller range")
 						netConfig.excludeCIDRs = []string{excludedSubnetLowerRange1, excludedSubnetLowerRange2, excludedSubnetUpperRange1, excludedSubnetUpperRange2}
+						By("setting new VLAN-ID")
+						netConfig.vlanID = newLocalnetVLANID
 						p := []byte(fmt.Sprintf(`[{"op":"replace","path":"/spec/config","value":%q}]`, generateNADSpec(netConfig)))
 						Expect(patchNADSpec(nadClient, netConfig.name, netConfig.namespace, p)).To(Succeed())
 					})
@@ -896,6 +899,55 @@ var _ = Describe("Multi Homing", func() {
 							return nil
 						}).Should(Succeed(), "pod's secondary NIC is not allocated in the desired range")
 					})
+
+					It("can no longer communicate over a localnet secondary network from pod to the underlay service", func() {
+						Eventually(func() error {
+							clientPodConfig := podConfiguration{
+								name:        clientPodName,
+								namespace:   f.Namespace.Name,
+								attachments: []nadapi.NetworkSelectionElement{{Name: secondaryNetworkName}},
+							}
+							kickstartPod(cs, clientPodConfig)
+
+							By("asserting the *client* pod can no longer contact the underlay service")
+							var err error
+							if err = connectToServer(clientPodConfig, underlayServiceIP, servicePort); err != nil && strings.Contains(err.Error(), "exit code 28") {
+								return nil
+							}
+							err = fmt.Errorf("expected exit code 28 from underlay service, got err %w", err)
+
+							if delErr := cs.CoreV1().Pods(clientPodConfig.namespace).Delete(context.Background(), clientPodConfig.name, metav1.DeleteOptions{}); delErr != nil {
+								err = errors.Join(err, fmt.Errorf("pod delete failed: %w", delErr))
+							}
+							return err
+						}).Should(Succeed(), "pod should be disconnected from underlay")
+					})
+
+					Context("and the service connected to the underlay is reconfigured to connect to the new VLAN-ID", func() {
+						BeforeEach(func() {
+							Expect(ovsRemoveSwitchPort(nodes, secondaryInterfaceName, newLocalnetVLANID)).To(Succeed())
+						})
+
+						It("can now communicate over a localnet secondary network from pod to the underlay service", func() {
+							Eventually(func() error {
+								clientPodConfig := podConfiguration{
+									name:        clientPodName,
+									namespace:   f.Namespace.Name,
+									attachments: []nadapi.NetworkSelectionElement{{Name: secondaryNetworkName}},
+								}
+								kickstartPod(cs, clientPodConfig)
+
+								By("asserting the *client* pod can contact the underlay service")
+								if err := connectToServer(clientPodConfig, underlayServiceIP, servicePort); err != nil {
+									if delErr := cs.CoreV1().Pods(clientPodConfig.namespace).Delete(context.Background(), clientPodConfig.name, metav1.DeleteOptions{}); delErr != nil {
+										err = errors.Join(err, fmt.Errorf("pod delete failed: %w", delErr))
+									}
+									return err
+								}
+								return nil
+							}).Should(Succeed(), "pod should be connected to underlay")
+						})
+					})
 				})
 
 				Context("with multi network policy blocking the traffic", func() {