From patchwork Tue Jul 12 06:35:28 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gurucharan Shetty <guru@ovn.org>
X-Patchwork-Id: 647506
Return-Path: <dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from archives.nicira.com (archives.nicira.com [96.126.127.54])
	by ozlabs.org (Postfix) with ESMTP id 3rpnc92bxhz9s5Q
	for <incoming@patchwork.ozlabs.org>;
	Wed, 13 Jul 2016 02:34:33 +1000 (AEST)
Received: from archives.nicira.com (localhost [127.0.0.1])
	by archives.nicira.com (Postfix) with ESMTP id C2DCC108C5;
	Tue, 12 Jul 2016 09:34:24 -0700 (PDT)
X-Original-To: dev@openvswitch.org
Delivered-To: dev@openvswitch.org
Received: from mx3v3.cudamail.com (mx3.cudamail.com [64.34.241.5])
	by archives.nicira.com (Postfix) with ESMTPS id 40716108B1
	for <dev@openvswitch.org>; Tue, 12 Jul 2016 09:34:23 -0700 (PDT)
Received: from bar6.cudamail.com (localhost [127.0.0.1])
	by mx3v3.cudamail.com (Postfix) with ESMTPS id CE23016299D
	for <dev@openvswitch.org>; Tue, 12 Jul 2016 10:34:22 -0600 (MDT)
X-ASG-Debug-ID: 1468341262-0b323707011a020001-byXFYA
Received: from mx1-pf2.cudamail.com ([192.168.24.2]) by bar6.cudamail.com
	with
	ESMTP id thlNFH96RouZD01x (version=TLSv1 cipher=DHE-RSA-AES256-SHA
	bits=256 verify=NO) for <dev@openvswitch.org>;
	Tue, 12 Jul 2016 10:34:22 -0600 (MDT)
X-Barracuda-Envelope-From: guru.ovn@gmail.com
X-Barracuda-RBL-Trusted-Forwarder: 192.168.24.2
Received: from unknown (HELO mail-pf0-f194.google.com) (209.85.192.194)
	by mx1-pf2.cudamail.com with ESMTPS (AES128-SHA encrypted);
	12 Jul 2016 16:34:21 -0000
Received-SPF: pass (mx1-pf2.cudamail.com: SPF record at _netblocks.google.com
	designates 209.85.192.194 as permitted sender)
X-Barracuda-Apparent-Source-IP: 209.85.192.194
X-Barracuda-RBL-IP: 209.85.192.194
Received: by mail-pf0-f194.google.com with SMTP id t190so1385415pfb.2
	for <dev@openvswitch.org>; Tue, 12 Jul 2016 09:34:21 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references;
	bh=sEFmebhqRw83zzTdgqM5dedzU3u/peE9S0SxN7Wpp7w=;
	b=K/qI/ObE6Gi9M0l/AJIfRkUzoJhO8im6Xj9dBZgROQ3EKTYY4DIT9dxrG0GRoYtEDw
	xm+YQCDkgo90UVyF8qI25sga/bRjanzdRokSkAUkr7vGJZPlgfWVrX4s6sgjL5U6g9HP
	apanu6Ht0hVSVnKIIn8dCBmsezzX2UXCRItTGPzP/m6d8guh2LIV7W5suCqgAayol70B
	7eN/TmGahSEhefLcH9lRpANTwmK+qKBIxF7xDdyu5lBePxouywNHeiYWoM3UPeyMp5rH
	k5sIVuI5lgdlsVcjgiEKtwKsaMYGJfxbt0gqw8SPHEQuoz926KX2CwB01TcZ67F9buFa
	aZ5A==
X-Gm-Message-State: 
 ALyK8tLI9OGcDeFdwMtN+Knhfm3vMZOl5+sF/xWYTHmw0JYIN2bQO8NKDEne6VKsD8vhDQ==
X-Received: by 10.98.95.5 with SMTP id t5mr45972971pfb.103.1468341260671;
	Tue, 12 Jul 2016 09:34:20 -0700 (PDT)
Received: from ovn1.eng.vmware.com ([208.91.1.34])
	by smtp.gmail.com with ESMTPSA id
	s3sm5728593pfb.87.2016.07.12.09.34.19 for <dev@openvswitch.org>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Tue, 12 Jul 2016 09:34:19 -0700 (PDT)
X-CudaMail-Envelope-Sender: guru.ovn@gmail.com
From: Gurucharan Shetty <guru@ovn.org>
To: dev@openvswitch.org
X-CudaMail-Whitelist-To: dev@openvswitch.org
X-CudaMail-MID: CM-E2-711042649
X-CudaMail-DTE: 071216
X-CudaMail-Originating-IP: 209.85.192.194
Date: Mon, 11 Jul 2016 23:35:28 -0700
X-ASG-Orig-Subj: [##CM-E2-711042649##][PATCH 3/4] system-ovn.at: Add a OVN
	NAT test using OVN gateway.
Message-Id: <1468305329-28456-3-git-send-email-guru@ovn.org>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <1468305329-28456-1-git-send-email-guru@ovn.org>
References: <1468305329-28456-1-git-send-email-guru@ovn.org>
X-Barracuda-Connect: UNKNOWN[192.168.24.2]
X-Barracuda-Start-Time: 1468341262
X-Barracuda-Encrypted: DHE-RSA-AES256-SHA
X-Barracuda-URL: https://web.cudamail.com:443/cgi-mod/mark.cgi
X-ASG-Whitelist: Header =?UTF-8?B?eFwtY3VkYW1haWxcLXdoaXRlbGlzdFwtdG8=?=
X-Virus-Scanned: by bsmtpd at cudamail.com
X-Barracuda-BRTS-Status: 1
Subject: [ovs-dev] [PATCH 3/4] system-ovn.at: Add a OVN NAT test using OVN
	gateway.
X-BeenThere: dev@openvswitch.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: <dev.openvswitch.org>
List-Unsubscribe: <http://openvswitch.org/mailman/options/dev>,
	<mailto:dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://openvswitch.org/pipermail/dev>
List-Post: <mailto:dev@openvswitch.org>
List-Help: <mailto:dev-request@openvswitch.org?subject=help>
List-Subscribe: <http://openvswitch.org/mailman/listinfo/dev>,
	<mailto:dev-request@openvswitch.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: dev-bounces@openvswitch.org
Sender: "dev" <dev-bounces@openvswitch.org>

This unit test adds a basic OVN NAT test that tests north-south
DNAT, south-north SNAT and east-west DNAT and SNAT. It uses network
namespaces connected to br-int using veth pairs to act as logical
ports. This test does not cover multi-host scenarios, so there is
a gap. But userspace OVN tests do multi-host scenarios (without NAT
testing), so it should still be a decent coverage.

Signed-off-by: Gurucharan Shetty <guru@ovn.org>
---
Please note that there are a couple of unit tests around fragmentation
(unrelated to OVN) that can cause kernel crashes when you run OVN kernel
tests. So, if you intend to run these, run it via:
make check-kmod TESTSUITEFLAGS="-k ovn"
---
 tests/automake.mk              |   3 +-
 tests/system-kmod-testsuite.at |   1 +
 tests/system-ovn.at            | 141 +++++++++++++++++++++++++++++++++++++++++
 3 files changed, 144 insertions(+), 1 deletion(-)
 create mode 100644 tests/system-ovn.at

diff --git a/tests/automake.mk b/tests/automake.mk
index bdf6828..0a4e9e6 100644
--- a/tests/automake.mk
+++ b/tests/automake.mk
@@ -106,7 +106,8 @@ SYSTEM_USERSPACE_TESTSUITE_AT = \
 
 SYSTEM_TESTSUITE_AT = \
 	tests/system-common-macros.at \
-	tests/system-traffic.at
+	tests/system-traffic.at \
+	tests/system-ovn.at
 
 TESTSUITE = $(srcdir)/tests/testsuite
 TESTSUITE_PATCH = $(srcdir)/tests/testsuite.patch
diff --git a/tests/system-kmod-testsuite.at b/tests/system-kmod-testsuite.at
index fc71a48..bdf57c8 100644
--- a/tests/system-kmod-testsuite.at
+++ b/tests/system-kmod-testsuite.at
@@ -23,3 +23,4 @@ m4_include([tests/system-common-macros.at])
 m4_include([tests/system-kmod-macros.at])
 
 m4_include([tests/system-traffic.at])
+m4_include([tests/system-ovn.at])
diff --git a/tests/system-ovn.at b/tests/system-ovn.at
new file mode 100644
index 0000000..b58a5b7
--- /dev/null
+++ b/tests/system-ovn.at
@@ -0,0 +1,141 @@
+AT_SETUP([ovn -- 2 LRs connected via LS, gateway router, NAT])
+AT_KEYWORDS([ovnnat])
+ovn_start
+
+OVS_TRAFFIC_VSWITCHD_START()
+ADD_BR([br-int])
+
+# Set external-ids in br-int needed for ovn-controller
+ovs-vsctl \
+        -- set Open_vSwitch . external-ids:system-id=hv1 \
+        -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \
+        -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
+        -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \
+        -- set bridge br-int fail-mode=secure other-config:disable-in-band=true
+
+# Start ovn-controller
+start_daemon ovn-controller
+
+# Logical network:
+# Two LRs - R1 and R2 that are connected to each other via LS "join"
+# in 20.0.0.0/24 network. R1 has switchess foo (192.168.1.0/24) and
+# bar (192.168.2.0/24) connected to it. R2 has alice (172.16.1.0/24) connected
+# to it.  R2 is a gateway router on which we add NAT rules.
+
+ovn-nbctl create Logical_Router name=R1
+ovn-nbctl create Logical_Router name=R2 options:chassis=hv1
+
+ovn-nbctl ls-add foo
+ovn-nbctl ls-add bar
+ovn-nbctl ls-add alice
+ovn-nbctl ls-add join
+
+# Connect foo to R1
+ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 192.168.1.1/24
+ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
+    type=router options:router-port=foo addresses=\"00:00:01:01:02:03\"
+
+# Connect bar to R1
+ovn-nbctl lrp-add R1 bar 00:00:01:01:02:04 192.168.2.1/24
+ovn-nbctl lsp-add bar rp-bar -- set Logical_Switch_Port rp-bar \
+    type=router options:router-port=bar addresses=\"00:00:01:01:02:04\"
+
+# Connect alice to R2
+ovn-nbctl lrp-add R2 alice 00:00:02:01:02:03 172.16.1.1/24
+ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
+    type=router options:router-port=alice addresses=\"00:00:02:01:02:03\"
+
+# Connect R1 to join
+ovn-nbctl lrp-add R1 R1_join 00:00:04:01:02:03 20.0.0.1/24
+ovn-nbctl lsp-add join r1-join -- set Logical_Switch_Port r1-join \
+    type=router options:router-port=R1_join addresses='"00:00:04:01:02:03"'
+
+# Connect R2 to join
+ovn-nbctl lrp-add R2 R2_join 00:00:04:01:02:04 20.0.0.2/24
+ovn-nbctl lsp-add join r2-join -- set Logical_Switch_Port r2-join \
+    type=router options:router-port=R2_join addresses='"00:00:04:01:02:04"'
+
+# Static routes.
+ovn-nbctl lr-route-add R1 172.16.1.0/24 20.0.0.2
+ovn-nbctl lr-route-add R2 192.168.0.0/16 20.0.0.1
+
+# Logical port 'foo1' in switch 'foo'.
+ADD_NAMESPACES(foo1)
+ADD_VETH(foo1, foo1, br-int, "192.168.1.2/24", "f0:00:00:01:02:03", \
+         "192.168.1.1")
+ovn-nbctl lsp-add foo foo1 \
+-- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2"
+
+# Logical port 'alice1' in switch 'alice'.
+ADD_NAMESPACES(alice1)
+ADD_VETH(alice1, alice1, br-int, "172.16.1.2/24", "f0:00:00:01:02:04", \
+         "172.16.1.1")
+ovn-nbctl lsp-add alice alice1 \
+-- lsp-set-addresses alice1 "f0:00:00:01:02:04 172.16.1.2"
+
+# Logical port 'bar1' in switch 'bar'.
+ADD_NAMESPACES(bar1)
+ADD_VETH(bar1, bar1, br-int, "192.168.2.2/24", "f0:00:00:01:02:05", \
+"192.168.2.1")
+ovn-nbctl lsp-add bar bar1 \
+-- lsp-set-addresses bar1 "f0:00:00:01:02:05 192.168.2.2"
+
+# Add a DNAT rule.
+ovn-nbctl -- --id=@nat create nat type="dnat" logical_ip=192.168.1.2 \
+    external_ip=30.0.0.2 -- add logical_router R2 nat @nat
+
+# Add a SNAT rule
+ovn-nbctl -- --id=@nat create nat type="snat" logical_ip=192.168.2.2 \
+    external_ip=30.0.0.1 -- add logical_router R2 nat @nat
+
+# wait for ovn-controller to catch up.
+sleep 2
+
+# 'alice1' should be able to ping 'foo1' directly.
+NS_CHECK_EXEC([alice1], [ping -q -c 3 -i 0.3 -w 2 192.168.1.2 | FORMAT_PING], \
+[0], [dnl
+3 packets transmitted, 3 received, 0% packet loss, time 0ms
+])
+
+# North-South DNAT: 'alice1' should also be able to ping 'foo1' via 30.0.0.2
+NS_CHECK_EXEC([alice1], [ping -q -c 3 -i 0.3 -w 2 192.168.1.2 | FORMAT_PING], \
+[0], [dnl
+3 packets transmitted, 3 received, 0% packet loss, time 0ms
+])
+
+# South-North SNAT: 'bar1' pings 'alice1'. But 'alice1' receives traffic
+# from 30.0.0.1
+NS_CHECK_EXEC([bar1], [ping -q -c 3 -i 0.3 -w 2 172.16.1.2 | FORMAT_PING], \
+[0], [dnl
+3 packets transmitted, 3 received, 0% packet loss, time 0ms
+])
+
+# We verify that SNAT indeed happened via 'dump-conntrack' command.
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(30.0.0.1) | \
+sed -e 's/zone=[[0-9]]*/zone=<cleared>/'], [0], [dnl
+icmp,orig=(src=192.168.2.2,dst=172.16.1.2,id=<cleared>),reply=(src=172.16.1.2,dst=30.0.0.1,id=<cleared>),zone=<cleared>
+])
+
+# Add static routes to handle east-west NAT.
+ovn-nbctl lr-route-add R1 30.0.0.0/24 20.0.0.2
+
+# East-west DNAT and SNAT: 'bar1' pings 30.0.0.2. 'foo1' receives it.
+NS_CHECK_EXEC([bar1], [ping -q -c 3 -i 0.3 -w 2 30.0.0.2 | FORMAT_PING], \
+[0], [dnl
+3 packets transmitted, 3 received, 0% packet loss, time 0ms
+])
+
+OVS_APP_EXIT_AND_WAIT([ovn-controller])
+
+as ovn-sb
+OVS_APP_EXIT_AND_WAIT([ovsdb-server])
+
+as ovn-nb
+OVS_APP_EXIT_AND_WAIT([ovsdb-server])
+
+as northd
+OVS_APP_EXIT_AND_WAIT([ovn-northd])
+
+as
+OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d"])
+AT_CLEANUP