From patchwork Thu Jul 28 07:14:01 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dongjun X-Patchwork-Id: 653609 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from archives.nicira.com (archives.nicira.com [96.126.127.54]) by ozlabs.org (Postfix) with ESMTP id 3s0NQk6pLdz9t0q for ; Thu, 28 Jul 2016 17:14:37 +1000 (AEST) Received: from archives.nicira.com (localhost [127.0.0.1]) by archives.nicira.com (Postfix) with ESMTP id 6BBEB10CBE; Thu, 28 Jul 2016 00:14:34 -0700 (PDT) X-Original-To: dev@openvswitch.org Delivered-To: dev@openvswitch.org Received: from mx1e3.cudamail.com (mx1.cudamail.com [69.90.118.67]) by archives.nicira.com (Postfix) with ESMTPS id C227E10CBC for ; Thu, 28 Jul 2016 00:14:33 -0700 (PDT) Received: from bar5.cudamail.com (localhost [127.0.0.1]) by mx1e3.cudamail.com (Postfix) with ESMTPS id E69084204EF for ; Thu, 28 Jul 2016 01:14:32 -0600 (MDT) X-ASG-Debug-ID: 1469690064-09eadd7ae8224220001-byXFYA Received: from mx3-pf1.cudamail.com ([192.168.14.2]) by bar5.cudamail.com with ESMTP id Yr0A0u1rWYJV5FTa (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 28 Jul 2016 01:14:24 -0600 (MDT) X-Barracuda-Envelope-From: dongj@dtdream.com X-Barracuda-RBL-Trusted-Forwarder: 192.168.14.2 Received: from unknown (HELO smtp2203-239.mail.aliyun.com) (121.197.203.239) by mx3-pf1.cudamail.com with SMTP; 28 Jul 2016 07:14:23 -0000 Received-SPF: pass (mx3-pf1.cudamail.com: SPF record at b.hichina.mail.aliyun.com designates 121.197.203.239 as permitted sender) X-Barracuda-Apparent-Source-IP: 121.197.203.239 X-Barracuda-RBL-IP: 121.197.203.239 X-Alimail-AntiSpam: AC=CONTINUE; BC=0.09998728|-1; FP=13808208395335656855|3|2|3|0|-1|-1|-1; HT=e02c03303; MF=dongj@dtdream.com; NM=1; PH=DS; RN=1; RT=1; SR=0; TI=SMTPD_----54o-km3_1469690042; Received: from com1.localdomain(mailfrom:dongj@dtdream.com ip:111.198.29.130) by smtp.aliyun-inc.com(10.147.41.199); Thu, 28 Jul 2016 15:14:02 +0800 X-CudaMail-Envelope-Sender: dongj@dtdream.com From: Dongjun To: dev@openvswitch.org X-CudaMail-MID: CM-V1-727000687 X-CudaMail-DTE: 072816 X-CudaMail-Originating-IP: 121.197.203.239 Date: Thu, 28 Jul 2016 15:14:01 +0800 X-ASG-Orig-Subj: [##CM-V1-727000687##][ovs-dev][PATCH 1/2] ovn:add easy SNAT test case Message-Id: <1469690042-24438-1-git-send-email-dongj@dtdream.com> X-Mailer: git-send-email 1.8.3.1 X-GBUdb-Analysis: 0, 121.197.203.239, Ugly c=0.291963 p=-0.0588235 Source Normal X-MessageSniffer-Rules: 0-0-0-9930-c X-Barracuda-Connect: UNKNOWN[192.168.14.2] X-Barracuda-Start-Time: 1469690064 X-Barracuda-Encrypted: DHE-RSA-AES256-SHA X-Barracuda-URL: https://web.cudamail.com:443/cgi-mod/mark.cgi X-Virus-Scanned: by bsmtpd at cudamail.com X-Barracuda-BRTS-Status: 1 X-Barracuda-Spam-Score: 0.60 X-Barracuda-Spam-Status: No, SCORE=0.60 using global scores of TAG_LEVEL=3.5 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=4.0 tests=BSF_SC5_MJ1963, RDNS_NONE, UNPARSEABLE_RELAY X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.31572 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 UNPARSEABLE_RELAY Informational: message has unparseable relay lines 0.10 RDNS_NONE Delivered to trusted network by a host with no rDNS 0.50 BSF_SC5_MJ1963 Custom Rule MJ1963 Subject: [ovs-dev] [PATCH 1/2] ovn:add easy SNAT test case X-BeenThere: dev@openvswitch.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: dev-bounces@openvswitch.org Sender: "dev" Signed-off-by: Dongjun --- tests/system-ovn.at | 106 +++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 105 insertions(+), 1 deletion(-) mode change 100644 => 100755 tests/system-ovn.at diff --git a/tests/system-ovn.at b/tests/system-ovn.at old mode 100644 new mode 100755 index 13f380f..cb50fd4 --- a/tests/system-ovn.at +++ b/tests/system-ovn.at @@ -1,4 +1,4 @@ -AT_SETUP([ovn -- 2 LRs connected via LS, gateway router, NAT]) +AT_SETUP([ovn -- 2 LRs connected via LS, gateway router, SNAT and DNAT]) AT_KEYWORDS([ovnnat]) CHECK_CONNTRACK() @@ -168,6 +168,110 @@ as OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d"]) AT_CLEANUP +AT_SETUP([ovn -- 2 LRs connected via LS, gateway router, easy SNAT]) +AT_KEYWORDS([ovnnat]) + +CHECK_CONNTRACK() +ovn_start +OVS_TRAFFIC_VSWITCHD_START() +ADD_BR([br-int]) + +# Set external-ids in br-int needed for ovn-controller +ovs-vsctl \ + -- set Open_vSwitch . external-ids:system-id=hv1 \ + -- set Open_vSwitch . external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \ + -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \ + -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \ + -- set bridge br-int fail-mode=secure other-config:disable-in-band=true + +# Start ovn-controller +start_daemon ovn-controller + +# Logical network: +# Two LRs - R1 and R2 that are connected to each other via LS "join" +# in 20.0.0.0/24 network. R1 has switchess foo (192.168.1.0/24) connected to it. +# R2 has alice (172.16.1.0/24) connectedto it. +# R2 is a gateway router on which we add NAT rules. +# +# foo -- R1 -- join - R2 -- alice + +ovn-nbctl lr-add R1 +ovn-nbctl lr-add R2 -- set Logical_Router R2 options:chassis=hv1 + +ovn-nbctl ls-add foo +ovn-nbctl ls-add alice +ovn-nbctl ls-add join + +ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 192.168.1.1/24 +ovn-nbctl lrp-add R2 alice 00:00:02:01:02:03 172.16.1.1/24 +ovn-nbctl lrp-add R1 R1_join 00:00:04:01:02:03 20.0.0.1/24 +ovn-nbctl lrp-add R2 R2_join 00:00:04:01:02:04 20.0.0.2/24 + +# Connect foo to R1 +ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \ + type=router options:router-port=foo addresses=\"00:00:01:01:02:03\" + +# Connect alice to R2 +ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \ + type=router options:router-port=alice addresses=\"00:00:02:01:02:03\" + +# Connect R1 to join +ovn-nbctl lsp-add join r1-join -- set Logical_Switch_Port r1-join \ + type=router options:router-port=R1_join addresses='"00:00:04:01:02:03"' + +# Connect R2 to join +ovn-nbctl lsp-add join r2-join -- set Logical_Switch_Port r2-join \ + type=router options:router-port=R2_join addresses='"00:00:04:01:02:04"' + +# Static routes. +ovn-nbctl lr-route-add R1 172.16.1.0/24 20.0.0.2 +ovn-nbctl lr-route-add R2 192.168.0.0/16 20.0.0.1 + +# Logical port 'foo1' in switch 'foo'. +ADD_NAMESPACES(foo1) +ADD_VETH(foo1, foo1, br-int, "192.168.1.2/24", "f0:00:00:01:02:03", \ + "192.168.1.1") +ovn-nbctl lsp-add foo foo1 \ +-- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2" + +# Logical port 'alice1' in switch 'alice'. +ADD_NAMESPACES(alice1) +ADD_VETH(alice1, alice1, br-int, "172.16.1.2/24", "f0:00:00:01:02:04", \ + "172.16.1.1") +ovn-nbctl lsp-add alice alice1 \ +-- lsp-set-addresses alice1 "f0:00:00:01:02:04 172.16.1.2" + +# Add a SNAT rule +ovn-nbctl -- --id=@nat create nat type="snat" logical_ip=192.168.1.2 \ + external_ip=20.0.0.2 -- add logical_router R2 nat @nat + +# South-North SNAT: 'foo1' pings 'alice1'. But 'alice1' receives traffic +# from 20.0.0.2 +NS_CHECK_EXEC([foo1], [ping -q -c 3 -i 0.3 -w 2 172.16.1.2 | FORMAT_PING], \ +[0], [dnl +3 packets transmitted, 3 received, 0% packet loss, time 0ms +]) + +# We verify that SNAT indeed happened via 'dump-conntrack' command. +AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(20.0.0.2) | \ +sed -e 's/zone=[[0-9]]*/zone=/'], [0], [dnl +icmp,orig=(src=192.168.1.2,dst=172.16.1.2,id=),reply=(src=172.16.1.2,dst=20.0.0.2,id=),zone= +]) + +OVS_APP_EXIT_AND_WAIT([ovn-controller]) + +as ovn-sb +OVS_APP_EXIT_AND_WAIT([ovsdb-server]) + +as ovn-nb +OVS_APP_EXIT_AND_WAIT([ovsdb-server]) + +as northd +OVS_APP_EXIT_AND_WAIT([ovn-northd]) + +as +OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d"]) +AT_CLEANUP AT_SETUP([ovn -- load-balancing]) AT_KEYWORDS([ovnlb])