IPv4 Decapsulation test

Related documents

• Tests readme
• Test system readme
• swss-schema

##Overview

---

This test case is aimed at testing the DUTs ability to do de-capsulation of IP encapsulated packets, and verify that each decapsulated packet is with the right properties in each field, and forward with the corresponding underlay destination IP to the correct route. The test assumes all routes and decapsulation are set prior by to test, so no configuration is required to be done by the test itself, and the test will correspond only to the right IPs that is configured in the test.

The validation to the routes and the decapsulation is done by sending packets with the corresponding IPs both, in the overlay and underlay. If the test fails, it is the testing responsibility to provide all the debug information which can be retrieved in order to shade more light to the failure for offline debugging as much as possible.

###Scope

The scope if this test plan is only the PTF test.

###Scale / Performance

The Setup will be configured to have IPv4 routes and decapsulation commands

###Related DUT CLI commands

No CLI commands will be needed for this test.

###Related DUT configuration files

Will add a JSON SWSS configuration file, that will set decapsulations rules for IP 1.1.1.1.

###Related SAI APIs

N/A

D.U.T Requirement

---

The D.U.T must connect with 2 different ports to the PTF docker. port 0 will be the source port, And port 1 will be the destination port.

##Test structure

###Setup configuration

The setup tests assume to have single SONiC (DUT) connected to a switch connected to a server running 32 Arista VMs.

There will be 32 BGP peers connected to the switch. Each peer will have 2 BGP sessions open with the switch: single IPV4 connection and single IPV6 connection. The peers will advertise routes that switch needs to become aware of.

PTF host needs to be connected to a port through which it will send packets to the switch and needs to have a connection via ports through which the switch will send forward received packet back to the host for validation.

###Configuration scripts

The peers and SONIC (DUT) will be deployed by an Ansible script. As part of the deployment, the script will generate the routes and decapsulation commands. The decapsulation rule will be generated by J2 script that will output JSON file with Decap IP that will configure through the SWSS config tool.

###Ansible scripts to setup and run netbouncer test

The netbouncer_test.yml will configure (if not configured previously) the decapsulation rule, with the json_decap_conf.j2 that will generate JSON file and will configure the decap rule with the SWSS config tool, The new rule will decapsulate every packet with the Decap IP and will pass the DSCP and ECN to the inner packet, and also TTL of the outer header minus one. Then the PTF netbouncer_test.py will begin with the Decap IP and host port0 IP arguments in the PTF docker.

Test cases

The test assumes there is a mechanism to validate logs on the DUT where we should be able to analyze /var/log/syslog for error and warning messages related to the current test. In case such messages are detected, the test is considered failed.

The test should have standardized summary section in the following format:

TEST SUMMARY:

TEST: OK/FAIL

LOGS: OK/FAIL

Test case #1

Test objective

The objective is to validate decapsulation ability and each route has been added to the switch and is functioning properly with the decapsulated packet.

Test configurations

• IP decap IPv4 that will be taken from loopback IP: _Decap IP
• IP Route IPv4 that will be taken from the system configuration: _host port0 IP

Test description

1. From the PTF docker, craft and sent through all the ports a double encapsulated IP packets as follows:

• outer IP header [S:2.2.2.0,D:Decap IP]
• inner IP header [S:1.1.1.1,D:host port0 IP]
• ECN and DSCP will be randomized, for the overlay and the underlay.
• ECN_outer != ECN_inner1
• DSCP_outer != DSCP_inner1
• TTL_outer != TTL_inner1
• all other fields will be PTF default for simple_tcp_packet function

2. Verify the Sonic does not see the encapsulated packet. the IP-in-IP packet should not go to CPU, the packet should not be seen on the DUT.

3. Confirm that the packet that comes back to PTF Docker decapsulated from the destination port. and the L3 header fields will look like this :

• IP header [S:1.1.1.1,D:host port0 IP]
• TTL = TTL_outer - 1
• ECN = ECN_outer
• DSCP = DSCP_outer

Test case #2

####Test objective

The objective is to validate decapsulation ability with triple encapsulated packet and each route has been added to the switch and is functioning properly with the decapsulated packet.

Test configurations

• IP decap IPv4 that will be taken from loopback IP: Decap IP
• IP Route IPv4 that will be taken from the system configuration: host port0 IP

####Test description

1. From the PTF docker, craft and sent through all the ports a triple encapsulated IP packets as follows:

• outer IP header [S:2.2.2.0,D:Decap IP]
• inner1 IP header [S:1.1.1.1,D:host port0 IP]
• inner2 IP header [S:4.4.4.4,D:4.4.4.3]
• ECN and DSCP will be randomized, for the overlay and the underlay.
• ECN_outer != ECN_inner1
• DSCP_outer != DSCP_inner1
• TTL_outer != TTL_inner1
• all other fields will be PTF default for simple_tcp_packet function

2. Verify the Sonic does not see the encapsulated packet. the IP-in-IP packet should not go to CPU, the packet should not be seen on the DUT.

3. Confirm that the packet that comes back to PTF Docker decapsulated from the destination port. and the L3 header fields will look like this:

• outer IP headers
  • IPs [S:1.1.1.1,D:host port0 IP]
  • TTL = TTL_outer - 1
  • ECN = ECN_outer
  • DSCP = DSCP_outer
• inner IP headers : PTF default for simple_tcp_packet function