vpp/test/test_lb.py
Nobuhiro MIKI 95c2da7c25 lb: Fix src_ip_sticky evaluation bug in per-port-vip case.
Before this fix, the src_ip_sticky flag was passed as an argument to
the lb_node_get_hash function, which computes a hash value for a packet.
However, in per-port-vip case, the value of src_ip_sticky flag may be
different for each port number. As a result, the value is the same for
all port numbers, even though it is a per-port-vip case.

This commit fixes the src_ip_sticky evaluation by delaying it until the
packet is received, so that the correct value is obtained. Also, the
unit test case has been enhanced for this bug fix.

The steps to reproduce this bug are described below:
https://lists.fd.io/g/vpp-dev/message/23248

Type: fix
Fixes: 613e6dc0bf92 ("lb: add source ip based sticky load balancing")
Change-Id: I483492b214a1768e7a21fd86edd5151b3c46528b
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
2023-07-13 08:10:26 +00:00

550 lines
21 KiB
Python

import socket
import scapy.compat
from scapy.layers.inet import IP, UDP
from scapy.layers.inet6 import IPv6
from scapy.layers.l2 import Ether, GRE
from scapy.packet import Raw
from scapy.data import IP_PROTOS
from framework import VppTestCase
from util import ppp
from vpp_ip_route import VppIpRoute, VppRoutePath
from vpp_ip import INVALID_INDEX
""" TestLB is a subclass of VPPTestCase classes.
TestLB class defines Load Balancer test cases for:
- IP4 to GRE4 encap on per-port vip case
- IP4 to GRE6 encap on per-port vip case
- IP6 to GRE4 encap on per-port vip case
- IP6 to GRE6 encap on per-port vip case
- IP4 to L3DSR encap on vip case
- IP4 to L3DSR encap on per-port vip case
- IP4 to L3DSR encap on per-port vip with src_ip_sticky case
- IP4 to NAT4 encap on per-port vip case
- IP6 to NAT6 encap on per-port vip case
As stated in comments below, GRE has issues with IPv6.
All test cases involving IPv6 are executed, but
received packets are not parsed and checked.
"""
class TestLB(VppTestCase):
"""Load Balancer Test Case"""
@classmethod
def setUpClass(cls):
super(TestLB, cls).setUpClass()
cls.ass = range(5)
cls.packets = range(100)
try:
cls.create_pg_interfaces(range(2))
cls.interfaces = list(cls.pg_interfaces)
for i in cls.interfaces:
i.admin_up()
i.config_ip4()
i.config_ip6()
i.disable_ipv6_ra()
i.resolve_arp()
i.resolve_ndp()
dst4 = VppIpRoute(
cls,
"10.0.0.0",
24,
[VppRoutePath(cls.pg1.remote_ip4, INVALID_INDEX)],
register=False,
)
dst4.add_vpp_config()
dst6 = VppIpRoute(
cls,
"2002::",
16,
[VppRoutePath(cls.pg1.remote_ip6, INVALID_INDEX)],
register=False,
)
dst6.add_vpp_config()
cls.vapi.lb_conf(ip4_src_address="39.40.41.42", ip6_src_address="2004::1")
except Exception:
super(TestLB, cls).tearDownClass()
raise
@classmethod
def tearDownClass(cls):
super(TestLB, cls).tearDownClass()
def tearDown(self):
super(TestLB, self).tearDown()
def show_commands_at_teardown(self):
self.logger.info(self.vapi.cli("show lb vip verbose"))
def getIPv4Flow(self, id):
return IP(
dst="90.0.%u.%u" % (id / 255, id % 255),
src="40.0.%u.%u" % (id / 255, id % 255),
) / UDP(sport=10000 + id, dport=20000)
def getIPv6Flow(self, id):
return IPv6(dst="2001::%u" % (id), src="fd00:f00d:ffff::%u" % (id)) / UDP(
sport=10000 + id, dport=20000
)
def generatePackets(self, src_if, isv4):
self.reset_packet_infos()
pkts = []
for pktid in self.packets:
info = self.create_packet_info(src_if, self.pg1)
payload = self.info_to_payload(info)
ip = self.getIPv4Flow(pktid) if isv4 else self.getIPv6Flow(pktid)
packet = (
Ether(dst=src_if.local_mac, src=src_if.remote_mac) / ip / Raw(payload)
)
self.extend_packet(packet, 128)
info.data = packet.copy()
pkts.append(packet)
return pkts
def checkInner(self, gre, isv4):
IPver = IP if isv4 else IPv6
self.assertEqual(gre.proto, 0x0800 if isv4 else 0x86DD)
self.assertEqual(gre.flags, 0)
self.assertEqual(gre.version, 0)
inner = IPver(scapy.compat.raw(gre.payload))
payload_info = self.payload_to_info(inner[Raw])
self.info = self.packet_infos[payload_info.index]
self.assertEqual(payload_info.src, self.pg0.sw_if_index)
self.assertEqual(
scapy.compat.raw(inner), scapy.compat.raw(self.info.data[IPver])
)
def checkCapture(self, encap, isv4, src_ip_sticky=False):
self.pg0.assert_nothing_captured()
out = self.pg1.get_capture(len(self.packets))
load = [0] * len(self.ass)
sticky_as = {}
self.info = None
for p in out:
try:
asid = 0
gre = None
if encap == "gre4":
ip = p[IP]
asid = int(ip.dst.split(".")[3])
self.assertEqual(ip.version, 4)
self.assertEqual(ip.flags, 0)
self.assertEqual(ip.src, "39.40.41.42")
self.assertEqual(ip.dst, "10.0.0.%u" % asid)
self.assertEqual(ip.proto, 47)
self.assertEqual(len(ip.options), 0)
gre = p[GRE]
self.checkInner(gre, isv4)
elif encap == "gre6":
ip = p[IPv6]
asid = ip.dst.split(":")
asid = asid[len(asid) - 1]
asid = 0 if asid == "" else int(asid)
self.assertEqual(ip.version, 6)
self.assertEqual(ip.tc, 0)
self.assertEqual(ip.fl, 0)
self.assertEqual(ip.src, "2004::1")
self.assertEqual(
socket.inet_pton(socket.AF_INET6, ip.dst),
socket.inet_pton(socket.AF_INET6, "2002::%u" % asid),
)
self.assertEqual(ip.nh, 47)
# self.assertEqual(len(ip.options), 0)
gre = GRE(scapy.compat.raw(p[IPv6].payload))
self.checkInner(gre, isv4)
elif encap == "l3dsr":
ip = p[IP]
asid = int(ip.dst.split(".")[3])
self.assertEqual(ip.version, 4)
self.assertEqual(ip.flags, 0)
self.assertEqual(ip.dst, "10.0.0.%u" % asid)
self.assertEqual(ip.tos, 0x1C)
self.assertEqual(len(ip.options), 0)
self.assert_ip_checksum_valid(p)
if ip.proto == IP_PROTOS.tcp:
self.assert_tcp_checksum_valid(p)
elif ip.proto == IP_PROTOS.udp:
self.assert_udp_checksum_valid(p)
elif encap == "nat4":
ip = p[IP]
asid = int(ip.dst.split(".")[3])
self.assertEqual(ip.version, 4)
self.assertEqual(ip.flags, 0)
self.assertEqual(ip.dst, "10.0.0.%u" % asid)
self.assertEqual(ip.proto, 17)
self.assertEqual(len(ip.options), 0)
udp = p[UDP]
self.assertEqual(udp.dport, 3307)
elif encap == "nat6":
ip = p[IPv6]
asid = ip.dst.split(":")
asid = asid[len(asid) - 1]
asid = 0 if asid == "" else int(asid)
self.assertEqual(ip.version, 6)
self.assertEqual(ip.tc, 0)
self.assertEqual(ip.fl, 0)
self.assertEqual(
socket.inet_pton(socket.AF_INET6, ip.dst),
socket.inet_pton(socket.AF_INET6, "2002::%u" % asid),
)
self.assertEqual(ip.nh, 17)
self.assertGreaterEqual(ip.hlim, 63)
udp = UDP(scapy.compat.raw(p[IPv6].payload))
self.assertEqual(udp.dport, 3307)
load[asid] += 1
# In case of source ip sticky, check that packets with same
# src_ip are routed to same as.
if src_ip_sticky and sticky_as.get(ip.src, asid) != asid:
raise Exception("Packets with same src_ip are routed to another as")
sticky_as[ip.src] = asid
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
# This is just to roughly check that the balancing algorithm
# is not completely biased.
for asid in self.ass:
if load[asid] < int(len(self.packets) / (len(self.ass) * 2)):
self.logger.error(
"ASS is not balanced: load[%d] = %d" % (asid, load[asid])
)
raise Exception("Load Balancer algorithm is biased")
def test_lb_ip4_gre4(self):
"""Load Balancer IP4 GRE4 on vip case"""
try:
self.vapi.cli("lb vip 90.0.0.0/8 encap gre4")
for asid in self.ass:
self.vapi.cli("lb as 90.0.0.0/8 10.0.0.%u" % (asid))
self.pg0.add_stream(self.generatePackets(self.pg0, isv4=True))
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
self.checkCapture(encap="gre4", isv4=True)
finally:
for asid in self.ass:
self.vapi.cli("lb as 90.0.0.0/8 10.0.0.%u del" % (asid))
self.vapi.cli("lb vip 90.0.0.0/8 encap gre4 del")
self.vapi.cli("test lb flowtable flush")
def test_lb_ip6_gre4(self):
"""Load Balancer IP6 GRE4 on vip case"""
try:
self.vapi.cli("lb vip 2001::/16 encap gre4")
for asid in self.ass:
self.vapi.cli("lb as 2001::/16 10.0.0.%u" % (asid))
self.pg0.add_stream(self.generatePackets(self.pg0, isv4=False))
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
self.checkCapture(encap="gre4", isv4=False)
finally:
for asid in self.ass:
self.vapi.cli("lb as 2001::/16 10.0.0.%u del" % (asid))
self.vapi.cli("lb vip 2001::/16 encap gre4 del")
self.vapi.cli("test lb flowtable flush")
def test_lb_ip4_gre6(self):
"""Load Balancer IP4 GRE6 on vip case"""
try:
self.vapi.cli("lb vip 90.0.0.0/8 encap gre6")
for asid in self.ass:
self.vapi.cli("lb as 90.0.0.0/8 2002::%u" % (asid))
self.pg0.add_stream(self.generatePackets(self.pg0, isv4=True))
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
self.checkCapture(encap="gre6", isv4=True)
finally:
for asid in self.ass:
self.vapi.cli("lb as 90.0.0.0/8 2002::%u del" % (asid))
self.vapi.cli("lb vip 90.0.0.0/8 encap gre6 del")
self.vapi.cli("test lb flowtable flush")
def test_lb_ip6_gre6(self):
"""Load Balancer IP6 GRE6 on vip case"""
try:
self.vapi.cli("lb vip 2001::/16 encap gre6")
for asid in self.ass:
self.vapi.cli("lb as 2001::/16 2002::%u" % (asid))
self.pg0.add_stream(self.generatePackets(self.pg0, isv4=False))
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
self.checkCapture(encap="gre6", isv4=False)
finally:
for asid in self.ass:
self.vapi.cli("lb as 2001::/16 2002::%u del" % (asid))
self.vapi.cli("lb vip 2001::/16 encap gre6 del")
self.vapi.cli("test lb flowtable flush")
def test_lb_ip4_gre4_port(self):
"""Load Balancer IP4 GRE4 on per-port-vip case"""
try:
self.vapi.cli("lb vip 90.0.0.0/8 protocol udp port 20000 encap gre4")
for asid in self.ass:
self.vapi.cli(
"lb as 90.0.0.0/8 protocol udp port 20000 10.0.0.%u" % (asid)
)
self.pg0.add_stream(self.generatePackets(self.pg0, isv4=True))
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
self.checkCapture(encap="gre4", isv4=True)
finally:
for asid in self.ass:
self.vapi.cli(
"lb as 90.0.0.0/8 protocol udp port 20000 10.0.0.%u del" % (asid)
)
self.vapi.cli("lb vip 90.0.0.0/8 protocol udp port 20000 encap gre4 del")
self.vapi.cli("test lb flowtable flush")
def test_lb_ip6_gre4_port(self):
"""Load Balancer IP6 GRE4 on per-port-vip case"""
try:
self.vapi.cli("lb vip 2001::/16 protocol udp port 20000 encap gre4")
for asid in self.ass:
self.vapi.cli(
"lb as 2001::/16 protocol udp port 20000 10.0.0.%u" % (asid)
)
self.pg0.add_stream(self.generatePackets(self.pg0, isv4=False))
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
self.checkCapture(encap="gre4", isv4=False)
finally:
for asid in self.ass:
self.vapi.cli(
"lb as 2001::/16 protocol udp port 20000 10.0.0.%u del" % (asid)
)
self.vapi.cli("lb vip 2001::/16 protocol udp port 20000 encap gre4 del")
self.vapi.cli("test lb flowtable flush")
def test_lb_ip4_gre6_port(self):
"""Load Balancer IP4 GRE6 on per-port-vip case"""
try:
self.vapi.cli("lb vip 90.0.0.0/8 protocol udp port 20000 encap gre6")
for asid in self.ass:
self.vapi.cli(
"lb as 90.0.0.0/8 protocol udp port 20000 2002::%u" % (asid)
)
self.pg0.add_stream(self.generatePackets(self.pg0, isv4=True))
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
self.checkCapture(encap="gre6", isv4=True)
finally:
for asid in self.ass:
self.vapi.cli(
"lb as 90.0.0.0/8 protocol udp port 20000 2002::%u del" % (asid)
)
self.vapi.cli("lb vip 90.0.0.0/8 protocol udp port 20000 encap gre6 del")
self.vapi.cli("test lb flowtable flush")
def test_lb_ip6_gre6_port(self):
"""Load Balancer IP6 GRE6 on per-port-vip case"""
try:
self.vapi.cli("lb vip 2001::/16 protocol udp port 20000 encap gre6")
for asid in self.ass:
self.vapi.cli(
"lb as 2001::/16 protocol udp port 20000 2002::%u" % (asid)
)
self.pg0.add_stream(self.generatePackets(self.pg0, isv4=False))
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
self.checkCapture(encap="gre6", isv4=False)
finally:
for asid in self.ass:
self.vapi.cli(
"lb as 2001::/16 protocol udp port 20000 2002::%u del" % (asid)
)
self.vapi.cli("lb vip 2001::/16 protocol udp port 20000 encap gre6 del")
self.vapi.cli("test lb flowtable flush")
def test_lb_ip4_l3dsr(self):
"""Load Balancer IP4 L3DSR on vip case"""
try:
self.vapi.cli("lb vip 90.0.0.0/8 encap l3dsr dscp 7")
for asid in self.ass:
self.vapi.cli("lb as 90.0.0.0/8 10.0.0.%u" % (asid))
self.pg0.add_stream(self.generatePackets(self.pg0, isv4=True))
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
self.checkCapture(encap="l3dsr", isv4=True)
finally:
for asid in self.ass:
self.vapi.cli("lb as 90.0.0.0/8 10.0.0.%u del" % (asid))
self.vapi.cli("lb vip 90.0.0.0/8 encap l3dsr dscp 7 del")
self.vapi.cli("test lb flowtable flush")
def test_lb_ip4_l3dsr_src_ip_sticky(self):
"""Load Balancer IP4 L3DSR on vip with src_ip_sticky case"""
try:
self.vapi.cli("lb vip 90.0.0.0/8 encap l3dsr dscp 7 src_ip_sticky")
for asid in self.ass:
self.vapi.cli("lb as 90.0.0.0/8 10.0.0.%u" % (asid))
# Generate duplicated packets
pkts = self.generatePackets(self.pg0, isv4=True)
pkts = pkts[: len(pkts) // 2]
pkts = pkts + pkts
self.pg0.add_stream(pkts)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
self.checkCapture(encap="l3dsr", isv4=True, src_ip_sticky=True)
finally:
for asid in self.ass:
self.vapi.cli("lb as 90.0.0.0/8 10.0.0.%u del" % (asid))
self.vapi.cli("lb vip 90.0.0.0/8 encap l3dsr dscp 7 src_ip_sticky del")
self.vapi.cli("test lb flowtable flush")
def test_lb_ip4_l3dsr_port(self):
"""Load Balancer IP4 L3DSR on per-port-vip case"""
try:
self.vapi.cli(
"lb vip 90.0.0.0/8 protocol udp port 20000 encap l3dsr dscp 7"
)
for asid in self.ass:
self.vapi.cli(
"lb as 90.0.0.0/8 protocol udp port 20000 10.0.0.%u" % (asid)
)
self.pg0.add_stream(self.generatePackets(self.pg0, isv4=True))
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
self.checkCapture(encap="l3dsr", isv4=True)
finally:
for asid in self.ass:
self.vapi.cli(
"lb as 90.0.0.0/8 protocol udp port 20000 10.0.0.%u del" % (asid)
)
self.vapi.cli(
"lb vip 90.0.0.0/8 protocol udp port 20000 encap l3dsr dscp 7 del"
)
self.vapi.cli("test lb flowtable flush")
def test_lb_ip4_l3dsr_port_src_ip_sticky(self):
"""Load Balancer IP4 L3DSR on per-port-vip with src_ip_sticky case"""
try:
# This VIP at port 1000 does not receive packets, but is defined
# as a dummy to verify that the src_ip_sticky flag can be set
# independently for each port.
self.vapi.cli(
"lb vip 90.0.0.0/8 protocol udp port 10000 encap l3dsr dscp 7"
)
self.vapi.cli(
"lb vip 90.0.0.0/8 protocol udp port 20000 encap l3dsr dscp 7 src_ip_sticky"
)
for asid in self.ass:
self.vapi.cli(
"lb as 90.0.0.0/8 protocol udp port 20000 10.0.0.%u" % (asid)
)
# Generate duplicated packets
pkts = self.generatePackets(self.pg0, isv4=True)
pkts = pkts[: len(pkts) // 2]
pkts = pkts + pkts
self.pg0.add_stream(pkts)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
self.checkCapture(encap="l3dsr", isv4=True, src_ip_sticky=True)
finally:
for asid in self.ass:
self.vapi.cli(
"lb as 90.0.0.0/8 protocol udp port 20000 10.0.0.%u del" % (asid)
)
self.vapi.cli(
"lb vip 90.0.0.0/8 protocol udp port 20000 encap l3dsr dscp 7 src_ip_sticky del"
)
self.vapi.cli(
"lb vip 90.0.0.0/8 protocol udp port 10000 encap l3dsr dscp 7 del"
)
self.vapi.cli("test lb flowtable flush")
def test_lb_ip4_nat4_port(self):
"""Load Balancer IP4 NAT4 on per-port-vip case"""
try:
self.vapi.cli(
"lb vip 90.0.0.0/8 protocol udp port 20000 encap nat4"
" type clusterip target_port 3307"
)
for asid in self.ass:
self.vapi.cli(
"lb as 90.0.0.0/8 protocol udp port 20000 10.0.0.%u" % (asid)
)
self.pg0.add_stream(self.generatePackets(self.pg0, isv4=True))
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
self.checkCapture(encap="nat4", isv4=True)
finally:
for asid in self.ass:
self.vapi.cli(
"lb as 90.0.0.0/8 protocol udp port 20000 10.0.0.%u del" % (asid)
)
self.vapi.cli(
"lb vip 90.0.0.0/8 protocol udp port 20000 encap nat4"
" type clusterip target_port 3307 del"
)
self.vapi.cli("test lb flowtable flush")
def test_lb_ip6_nat6_port(self):
"""Load Balancer IP6 NAT6 on per-port-vip case"""
try:
self.vapi.cli(
"lb vip 2001::/16 protocol udp port 20000 encap nat6"
" type clusterip target_port 3307"
)
for asid in self.ass:
self.vapi.cli(
"lb as 2001::/16 protocol udp port 20000 2002::%u" % (asid)
)
self.pg0.add_stream(self.generatePackets(self.pg0, isv4=False))
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
self.checkCapture(encap="nat6", isv4=False)
finally:
for asid in self.ass:
self.vapi.cli(
"lb as 2001::/16 protocol udp port 20000 2002::%u del" % (asid)
)
self.vapi.cli(
"lb vip 2001::/16 protocol udp port 20000 encap nat6"
" type clusterip target_port 3307 del"
)
self.vapi.cli("test lb flowtable flush")