From f38f973d485f2a72fce405dbc2aebbde983c22db Mon Sep 17 00:00:00 2001 From: Philippe Guibert Date: Thu, 2 Nov 2023 14:06:45 +0100 Subject: [PATCH 1/8] nhrpd, tests: fix json output to caml Some json attributes are not compliant with caml format. > # show ip nhrp cache json > [..] > { > "interface":"gre1", > "type":"dynamic", > "protocol":"11.255.255.4", > "nbma":"10.125.0.4", > "claimed_nbma":"10.125.0.4", > [..] Fix this by duping the 'claimed_nbma' attribute with the 'claimedNbma' name. Fixes: 85365e51f095 ("nhrpd: Add Claimed NBMA field in sh ip nhrp cache output") Signed-off-by: Philippe Guibert --- nhrpd/nhrp_vty.c | 4 ++++ tests/topotests/nhrp_redundancy/nhc1/nhrp_cache.json | 8 ++++---- .../nhrp_redundancy/nhc1/nhrp_cache_nhs1_down.json | 6 +++--- tests/topotests/nhrp_redundancy/nhc2/nhrp_cache.json | 8 ++++---- .../nhrp_redundancy/nhc2/nhrp_cache_nhs1_down.json | 6 +++--- tests/topotests/nhrp_redundancy/nhs1/nhrp_cache.json | 6 +++--- tests/topotests/nhrp_redundancy/nhs2/nhrp_cache.json | 6 +++--- .../nhrp_redundancy/nhs2/nhrp_cache_nhs1_down.json | 6 +++--- tests/topotests/nhrp_redundancy/nhs3/nhrp_cache.json | 6 +++--- .../nhrp_redundancy/nhs3/nhrp_cache_nhs1_down.json | 6 +++--- tests/topotests/nhrp_topo/r1/nhrp4_cache.json | 4 ++-- tests/topotests/nhrp_topo/r2/nhrp4_cache.json | 4 ++-- 12 files changed, 37 insertions(+), 33 deletions(-) diff --git a/nhrpd/nhrp_vty.c b/nhrpd/nhrp_vty.c index 96ba4728bf13..787a2f24b147 100644 --- a/nhrpd/nhrp_vty.c +++ b/nhrpd/nhrp_vty.c @@ -802,7 +802,11 @@ static void show_ip_nhrp_cache(struct nhrp_cache *c, void *pctx) nhrp_cache_type_str[c->cur.type]); json_object_string_add(json, "protocol", buf[0]); json_object_string_add(json, "nbma", buf[1]); +#if CONFDATE > 20250115 + CPP_NOTICE("remove claimed_nbma key") +#endif json_object_string_add(json, "claimed_nbma", buf[2]); + json_object_string_add(json, "claimedNbma", buf[2]); if (c->used) json_object_boolean_true_add(json, "used"); diff --git a/tests/topotests/nhrp_redundancy/nhc1/nhrp_cache.json b/tests/topotests/nhrp_redundancy/nhc1/nhrp_cache.json index 9e8a5c999d04..fa190acd1983 100644 --- a/tests/topotests/nhrp_redundancy/nhc1/nhrp_cache.json +++ b/tests/topotests/nhrp_redundancy/nhc1/nhrp_cache.json @@ -8,7 +8,7 @@ "type": "nhs", "protocol": "172.16.1.2", "nbma": "192.168.1.2", - "claimed_nbma": "192.168.1.2", + "claimedNbma": "192.168.1.2", "used": false, "timeout": true, "auth": false, @@ -19,7 +19,7 @@ "type": "local", "protocol": "172.16.1.4", "nbma": "192.168.2.4", - "claimed_nbma": "192.168.2.4", + "claimedNbma": "192.168.2.4", "used": false, "timeout": false, "auth": false, @@ -30,7 +30,7 @@ "type": "nhs", "protocol": "172.16.1.3", "nbma": "192.168.1.3", - "claimed_nbma": "192.168.1.3", + "claimedNbma": "192.168.1.3", "used": false, "timeout": true, "auth": false, @@ -41,7 +41,7 @@ "type": "nhs", "protocol": "172.16.1.1", "nbma": "192.168.1.1", - "claimed_nbma": "192.168.1.1", + "claimedNbma": "192.168.1.1", "used": false, "timeout": true, "auth": false, diff --git a/tests/topotests/nhrp_redundancy/nhc1/nhrp_cache_nhs1_down.json b/tests/topotests/nhrp_redundancy/nhc1/nhrp_cache_nhs1_down.json index 5b91f3bcfbea..08ab809c45b9 100644 --- a/tests/topotests/nhrp_redundancy/nhc1/nhrp_cache_nhs1_down.json +++ b/tests/topotests/nhrp_redundancy/nhc1/nhrp_cache_nhs1_down.json @@ -8,7 +8,7 @@ "type": "nhs", "protocol": "172.16.1.2", "nbma": "192.168.1.2", - "claimed_nbma": "192.168.1.2", + "claimedNbma": "192.168.1.2", "used": false, "timeout": true, "auth": false, @@ -19,7 +19,7 @@ "type": "local", "protocol": "172.16.1.4", "nbma": "192.168.2.4", - "claimed_nbma": "192.168.2.4", + "claimedNbma": "192.168.2.4", "used": false, "timeout": false, "auth": false, @@ -30,7 +30,7 @@ "type": "nhs", "protocol": "172.16.1.3", "nbma": "192.168.1.3", - "claimed_nbma": "192.168.1.3", + "claimedNbma": "192.168.1.3", "used": false, "timeout": true, "auth": false, diff --git a/tests/topotests/nhrp_redundancy/nhc2/nhrp_cache.json b/tests/topotests/nhrp_redundancy/nhc2/nhrp_cache.json index 8ee02a7cbf4f..9d08d81803df 100644 --- a/tests/topotests/nhrp_redundancy/nhc2/nhrp_cache.json +++ b/tests/topotests/nhrp_redundancy/nhc2/nhrp_cache.json @@ -8,7 +8,7 @@ "type": "nhs", "protocol": "172.16.1.2", "nbma": "192.168.1.2", - "claimed_nbma": "192.168.1.2", + "claimedNbma": "192.168.1.2", "used": false, "timeout": true, "auth": false, @@ -19,7 +19,7 @@ "type": "nhs", "protocol": "172.16.1.3", "nbma": "192.168.1.3", - "claimed_nbma": "192.168.1.3", + "claimedNbma": "192.168.1.3", "used": false, "timeout": true, "auth": false, @@ -30,7 +30,7 @@ "type": "nhs", "protocol": "172.16.1.1", "nbma": "192.168.1.1", - "claimed_nbma": "192.168.1.1", + "claimedNbma": "192.168.1.1", "used": false, "timeout": true, "auth": false, @@ -41,7 +41,7 @@ "type": "local", "protocol": "172.16.1.5", "nbma": "192.168.2.5", - "claimed_nbma": "192.168.2.5", + "claimedNbma": "192.168.2.5", "used": false, "timeout": false, "auth": false, diff --git a/tests/topotests/nhrp_redundancy/nhc2/nhrp_cache_nhs1_down.json b/tests/topotests/nhrp_redundancy/nhc2/nhrp_cache_nhs1_down.json index bb1c4837186d..c8a950600793 100644 --- a/tests/topotests/nhrp_redundancy/nhc2/nhrp_cache_nhs1_down.json +++ b/tests/topotests/nhrp_redundancy/nhc2/nhrp_cache_nhs1_down.json @@ -8,7 +8,7 @@ "type": "nhs", "protocol": "172.16.1.2", "nbma": "192.168.1.2", - "claimed_nbma": "192.168.1.2", + "claimedNbma": "192.168.1.2", "used": false, "timeout": true, "auth": false, @@ -19,7 +19,7 @@ "type": "nhs", "protocol": "172.16.1.3", "nbma": "192.168.1.3", - "claimed_nbma": "192.168.1.3", + "claimedNbma": "192.168.1.3", "used": false, "timeout": true, "auth": false, @@ -30,7 +30,7 @@ "type": "local", "protocol": "172.16.1.5", "nbma": "192.168.2.5", - "claimed_nbma": "192.168.2.5", + "claimedNbma": "192.168.2.5", "used": false, "timeout": false, "auth": false, diff --git a/tests/topotests/nhrp_redundancy/nhs1/nhrp_cache.json b/tests/topotests/nhrp_redundancy/nhs1/nhrp_cache.json index 11d41d1b83bc..393c0f1f7b69 100644 --- a/tests/topotests/nhrp_redundancy/nhs1/nhrp_cache.json +++ b/tests/topotests/nhrp_redundancy/nhs1/nhrp_cache.json @@ -8,7 +8,7 @@ "type": "dynamic", "protocol": "172.16.1.4", "nbma": "192.168.2.4", - "claimed_nbma": "192.168.2.4", + "claimedNbma": "192.168.2.4", "used": false, "timeout": true, "auth": false, @@ -19,7 +19,7 @@ "type": "local", "protocol": "172.16.1.1", "nbma": "192.168.1.1", - "claimed_nbma": "192.168.1.1", + "claimedNbma": "192.168.1.1", "used": false, "timeout": false, "auth": false, @@ -30,7 +30,7 @@ "type": "dynamic", "protocol": "172.16.1.5", "nbma": "192.168.2.5", - "claimed_nbma": "192.168.2.5", + "claimedNbma": "192.168.2.5", "used": false, "timeout": true, "auth": false, diff --git a/tests/topotests/nhrp_redundancy/nhs2/nhrp_cache.json b/tests/topotests/nhrp_redundancy/nhs2/nhrp_cache.json index 6343c4deb935..7fc0cf3d988a 100644 --- a/tests/topotests/nhrp_redundancy/nhs2/nhrp_cache.json +++ b/tests/topotests/nhrp_redundancy/nhs2/nhrp_cache.json @@ -8,7 +8,7 @@ "type": "local", "protocol": "172.16.1.2", "nbma": "192.168.1.2", - "claimed_nbma": "192.168.1.2", + "claimedNbma": "192.168.1.2", "used": false, "timeout": false, "auth": false, @@ -19,7 +19,7 @@ "type": "dynamic", "protocol": "172.16.1.4", "nbma": "192.168.2.4", - "claimed_nbma": "192.168.2.4", + "claimedNbma": "192.168.2.4", "used": false, "timeout": true, "auth": false, @@ -30,7 +30,7 @@ "type": "dynamic", "protocol": "172.16.1.5", "nbma": "192.168.2.5", - "claimed_nbma": "192.168.2.5", + "claimedNbma": "192.168.2.5", "used": false, "timeout": true, "auth": false, diff --git a/tests/topotests/nhrp_redundancy/nhs2/nhrp_cache_nhs1_down.json b/tests/topotests/nhrp_redundancy/nhs2/nhrp_cache_nhs1_down.json index 6343c4deb935..7fc0cf3d988a 100644 --- a/tests/topotests/nhrp_redundancy/nhs2/nhrp_cache_nhs1_down.json +++ b/tests/topotests/nhrp_redundancy/nhs2/nhrp_cache_nhs1_down.json @@ -8,7 +8,7 @@ "type": "local", "protocol": "172.16.1.2", "nbma": "192.168.1.2", - "claimed_nbma": "192.168.1.2", + "claimedNbma": "192.168.1.2", "used": false, "timeout": false, "auth": false, @@ -19,7 +19,7 @@ "type": "dynamic", "protocol": "172.16.1.4", "nbma": "192.168.2.4", - "claimed_nbma": "192.168.2.4", + "claimedNbma": "192.168.2.4", "used": false, "timeout": true, "auth": false, @@ -30,7 +30,7 @@ "type": "dynamic", "protocol": "172.16.1.5", "nbma": "192.168.2.5", - "claimed_nbma": "192.168.2.5", + "claimedNbma": "192.168.2.5", "used": false, "timeout": true, "auth": false, diff --git a/tests/topotests/nhrp_redundancy/nhs3/nhrp_cache.json b/tests/topotests/nhrp_redundancy/nhs3/nhrp_cache.json index d911de348b01..45c634c3900b 100644 --- a/tests/topotests/nhrp_redundancy/nhs3/nhrp_cache.json +++ b/tests/topotests/nhrp_redundancy/nhs3/nhrp_cache.json @@ -8,7 +8,7 @@ "type": "dynamic", "protocol": "172.16.1.4", "nbma": "192.168.2.4", - "claimed_nbma": "192.168.2.4", + "claimedNbma": "192.168.2.4", "used": false, "timeout": true, "auth": false, @@ -19,7 +19,7 @@ "type": "local", "protocol": "172.16.1.3", "nbma": "192.168.1.3", - "claimed_nbma": "192.168.1.3", + "claimedNbma": "192.168.1.3", "used": false, "timeout": false, "auth": false, @@ -30,7 +30,7 @@ "type": "dynamic", "protocol": "172.16.1.5", "nbma": "192.168.2.5", - "claimed_nbma": "192.168.2.5", + "claimedNbma": "192.168.2.5", "used": false, "timeout": true, "auth": false, diff --git a/tests/topotests/nhrp_redundancy/nhs3/nhrp_cache_nhs1_down.json b/tests/topotests/nhrp_redundancy/nhs3/nhrp_cache_nhs1_down.json index d911de348b01..45c634c3900b 100644 --- a/tests/topotests/nhrp_redundancy/nhs3/nhrp_cache_nhs1_down.json +++ b/tests/topotests/nhrp_redundancy/nhs3/nhrp_cache_nhs1_down.json @@ -8,7 +8,7 @@ "type": "dynamic", "protocol": "172.16.1.4", "nbma": "192.168.2.4", - "claimed_nbma": "192.168.2.4", + "claimedNbma": "192.168.2.4", "used": false, "timeout": true, "auth": false, @@ -19,7 +19,7 @@ "type": "local", "protocol": "172.16.1.3", "nbma": "192.168.1.3", - "claimed_nbma": "192.168.1.3", + "claimedNbma": "192.168.1.3", "used": false, "timeout": false, "auth": false, @@ -30,7 +30,7 @@ "type": "dynamic", "protocol": "172.16.1.5", "nbma": "192.168.2.5", - "claimed_nbma": "192.168.2.5", + "claimedNbma": "192.168.2.5", "used": false, "timeout": true, "auth": false, diff --git a/tests/topotests/nhrp_topo/r1/nhrp4_cache.json b/tests/topotests/nhrp_topo/r1/nhrp4_cache.json index 6426a939beb3..c79a9de9bb21 100644 --- a/tests/topotests/nhrp_topo/r1/nhrp4_cache.json +++ b/tests/topotests/nhrp_topo/r1/nhrp4_cache.json @@ -8,7 +8,7 @@ "type":"nhs", "protocol":"10.255.255.2", "nbma":"10.2.1.2", - "claimed_nbma":"10.2.1.2", + "claimedNbma":"10.2.1.2", "used":false, "timeout":true, "auth":false, @@ -19,7 +19,7 @@ "type":"local", "protocol":"10.255.255.1", "nbma":"10.1.1.1", - "claimed_nbma":"10.1.1.1", + "claimedNbma":"10.1.1.1", "used":false, "timeout":false, "auth":false, diff --git a/tests/topotests/nhrp_topo/r2/nhrp4_cache.json b/tests/topotests/nhrp_topo/r2/nhrp4_cache.json index 34558e0c2883..37918828caab 100644 --- a/tests/topotests/nhrp_topo/r2/nhrp4_cache.json +++ b/tests/topotests/nhrp_topo/r2/nhrp4_cache.json @@ -8,7 +8,7 @@ "type":"local", "protocol":"10.255.255.2", "nbma":"10.2.1.2", - "claimed_nbma":"10.2.1.2", + "claimedNbma":"10.2.1.2", "used":false, "timeout":false, "auth":false, @@ -19,7 +19,7 @@ "type":"dynamic", "protocol":"10.255.255.1", "nbma":"10.1.1.1", - "claimed_nbma":"10.1.1.1", + "claimedNbma":"10.1.1.1", "used":false, "timeout":true, "auth":false, From ea783a83eff4be5a4b20a5b3c69fc515aebd631b Mon Sep 17 00:00:00 2001 From: Philippe Guibert Date: Thu, 2 Nov 2023 16:21:05 +0100 Subject: [PATCH 2/8] nhrpd: add timer information on 'show ip nhrp shortcut' command When creating a shortcut, there is no information on the life cycle of the entry. Add some more fields in the json part of the command. > # show ip nhrp shortcut > [..] > "table":[ > { > "type":"dynamic", > "prefix":"11.255.255.4\/32", > "via":"11.255.255.4", > "identity":"south", > "holdingTimeSecs":1200, <-- added > "routeInstalled":true, <-- added > "expiring":false, <-- added > "remainingTimeSecs":312 <-- added > } The remaining time can be understood with the expiring flag. If true, the timer stands for the remaining time before shortcut is removed. Otherwise, the timer stands for the time before a renewal attempt may happen (initially set to the 2 thirds of the 'holdingTimeSecs' value. Signed-off-by: Philippe Guibert --- nhrpd/nhrp_vty.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/nhrpd/nhrp_vty.c b/nhrpd/nhrp_vty.c index 787a2f24b147..2488d31321c9 100644 --- a/nhrpd/nhrp_vty.c +++ b/nhrpd/nhrp_vty.c @@ -885,6 +885,8 @@ static void show_ip_nhrp_shortcut(struct nhrp_shortcut *s, void *pctx) struct vty *vty = ctx->vty; char buf1[PREFIX_STRLEN], buf2[SU_ADDRSTRLEN]; struct json_object *json = NULL; + struct timeval *t; + struct timeval now; if (!ctx->count && !ctx->json) { vty_out(vty, "%-8s %-24s %-24s %s\n", "Type", "Prefix", "Via", @@ -913,6 +915,16 @@ static void show_ip_nhrp_shortcut(struct nhrp_shortcut *s, void *pctx) else json_object_string_add(json, "identity", ""); + json_object_int_add(json, "holdingTimeSecs", s->holding_time); + json_object_boolean_add(json, "routeInstalled", + !!s->route_installed); + json_object_boolean_add(json, "expiring", !!s->expiring); + if (s->t_timer) { + monotime(&now); + t = &s->t_timer->u.sands; + json_object_int_add(json, "remainingTimeSecs", + t->tv_sec - now.tv_sec); + } json_object_array_add(ctx->json, json); return; } From 45451ff94a26938a90445020cbc5896d2e12e77b Mon Sep 17 00:00:00 2001 From: Philippe Guibert Date: Fri, 3 Nov 2023 15:57:35 +0100 Subject: [PATCH 3/8] nhrpd: add 'show ip nhrp cache json' timing information There is no information about the active timers in an nhrp cache entry. Dump the cache timer and/or the authentication timer when available. Dump the '*routeInstalled' boolean. > # show ip nhrp cache json > [..] > { > "interface":"gre1", > "type":"nhs", > [..] > "used":true, > "routeInstalled":true, <-- added > "nhrpRouteInstalled":true, <-- added > "timeout":true, > "timeoutRemainingTimeSecs":6644, <-- added > "auth":false, > [..] Signed-off-by: Philippe Guibert --- nhrpd/nhrp_vty.c | 35 +++++++++++++++++++++-------------- 1 file changed, 21 insertions(+), 14 deletions(-) diff --git a/nhrpd/nhrp_vty.c b/nhrpd/nhrp_vty.c index 2488d31321c9..791304273efe 100644 --- a/nhrpd/nhrp_vty.c +++ b/nhrpd/nhrp_vty.c @@ -752,6 +752,8 @@ static void show_ip_nhrp_cache(struct nhrp_cache *c, void *pctx) struct vty *vty = ctx->vty; char buf[3][SU_ADDRSTRLEN]; struct json_object *json = NULL; + struct timeval *t; + struct timeval now; if (ctx->afi != family2afi(sockunion_family(&c->remote_addr))) return; @@ -808,21 +810,26 @@ static void show_ip_nhrp_cache(struct nhrp_cache *c, void *pctx) json_object_string_add(json, "claimed_nbma", buf[2]); json_object_string_add(json, "claimedNbma", buf[2]); - if (c->used) - json_object_boolean_true_add(json, "used"); - else - json_object_boolean_false_add(json, "used"); - - if (c->t_timeout) - json_object_boolean_true_add(json, "timeout"); - else - json_object_boolean_false_add(json, "timeout"); - - if (c->t_auth) - json_object_boolean_true_add(json, "auth"); - else - json_object_boolean_false_add(json, "auth"); + json_object_boolean_add(json, "used", !!c->used); + json_object_boolean_add(json, "routeInstalled", + !!c->route_installed); + json_object_boolean_add(json, "nhrpRouteInstalled", + !!c->nhrp_route_installed); + + json_object_boolean_add(json, "timeout", !!c->t_timeout); + monotime(&now); + if (c->t_timeout) { + t = &c->t_timeout->u.sands; + json_object_int_add(json, "timeoutRemainingTimeSecs", + t->tv_sec - now.tv_sec); + } + json_object_boolean_add(json, "auth", !!c->t_auth); + if (c->t_auth) { + t = &c->t_auth->u.sands; + json_object_int_add(json, "authRemainingTimeSecs", + t->tv_sec - now.tv_sec); + } if (c->cur.peer) json_object_string_add(json, "identity", c->cur.peer->vc->remote.id); From 642655634e530b4fecf51b7fc7c8feb91453845e Mon Sep 17 00:00:00 2001 From: Philippe Guibert Date: Mon, 6 Nov 2023 10:12:54 +0100 Subject: [PATCH 4/8] nhrpd: fix ignore neighbor stale message The 'used' field of NHRP cache entries goes to false every time it receives a netlink STALE message. Consequently, the cache entry appears as unused until the reception of a PROBE message triggers the neighbor entry re-configuration that changes the entry to REACHABLE. > '# show ip nhrp cache' command before receiving STALE message. > Iface Type Protocol NBMA Claimed NBMA Flags Identity > gre1 nhs 11.255.255.1 10.125.0.1 10.125.0.1 UT west > # ip monitor neigh dev gre1 > 10.125.0.1 lladdr de:ed:02:05:3c:b5 STALE > > '# show ip nhrp cache' command after sending STALE message. > Iface Type Protocol NBMA Claimed NBMA Flags Identity > gre1 nhs 11.255.255.1 10.125.0.1 10.125.0.1 T west Fix this by ignoring the STALE state, and do not change the cache entry 'used' flag. Signed-off-by: Philippe Guibert --- nhrpd/netlink_arp.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/nhrpd/netlink_arp.c b/nhrpd/netlink_arp.c index be909c862ae0..eb1398babadd 100644 --- a/nhrpd/netlink_arp.c +++ b/nhrpd/netlink_arp.c @@ -204,7 +204,9 @@ int nhrp_neighbor_operation(ZAPI_CALLBACK_ARGS) } else { state = (cmd == ZEBRA_NEIGH_ADDED) ? ndm_state : ZEBRA_NEIGH_STATE_FAILED; - nhrp_cache_set_used(c, state == ZEBRA_NEIGH_STATE_REACHABLE); + if (ndm_state != ZEBRA_NEIGH_STATE_STALE) + nhrp_cache_set_used(c, + state == ZEBRA_NEIGH_STATE_REACHABLE); } return 0; } From a56578307a94ec5ca38f18c19feb0abc02d5c2a4 Mon Sep 17 00:00:00 2001 From: Philippe Guibert Date: Thu, 2 Nov 2023 16:29:05 +0100 Subject: [PATCH 5/8] zebra: fix handle netlink state reachable message When creating an NHRP shortcut entry between two spokes, the cache entry created has very often a field 'used' set to false, despite a continuous traffic towards the 11.255.255.1 IP address. > north-vm# show ip nhrp cache > Iface Type Protocol NBMA Claimed NBMA Flags Identity > gre1 local 11.255.255.2 10.125.0.2 10.125.0.2 - > gre1 nhs 11.255.255.1 10.125.0.1 10.125.0.1 T west <---- Actually, that flag reflects the protocol address reachability. A neighbor entry is maintained in the kernel. As an ARP probe operates only with MAC address, NHRP will take the place of ARP, and will refresh the NBMA link IP address, every time the neighbor entry enters in PROBE state. The neighbor entry state goes in REACHABLE state, and the expectation is that the REACHABLE state is notified to the NHRP daemon, which does not happen. The below dump indicates 3 netlink messages over the gre1 interface: > # trace from 'ip monitor neigh' > miss 11.255.255.1 dev gre1 lladdr 10.125.0.1 PROBE proto 191 > 11.255.255.1 dev gre1 lladdr 10.125.0.1 PROBE proto 191 > 11.255.255.1 dev gre1 lladdr 10.125.0.1 REACHABLE proto 191 The NHRP/ZEBRA traces indicate the first 2 netlink messages received, followed by the update of the neighbor entry by the NHRP daemon. But there is no reception or confirmation that the new neighbor state moved to REACHABLE. > # trace from nhrp > 2023/11/06 09:46:21 ZEBRA: [V8KNF-8EXH8] netlink_recv_msg: << netlink message dump [recv] > 2023/11/06 09:46:21 ZEBRA: [JAS4D-NCWGP] nlmsghdr [len=80 type=(30) GETNEIGH flags=(0x0001) {REQUEST} seq=0 pid=0] > 2023/11/06 09:46:21 ZEBRA: [S4WS4-PS3KF] netlink_parse_info: netlink-listen (NS 0) type RTM_GETNEIGH(30), len=80, seq=0, pid=0 > 2023/11/06 09:46:21 ZEBRA: [V8KNF-8EXH8] netlink_recv_msg: << netlink message dump [recv] > 2023/11/06 09:46:21 ZEBRA: [JAS4D-NCWGP] nlmsghdr [len=80 type=(28) NEWNEIGH flags=(0x0000) {} seq=0 pid=0] > 2023/11/06 09:46:21 ZEBRA: [T4YQJ-83R8H] ndm [family=2 (AF_INET) ifindex=10 state=0x0010 {PROBE} flags=0x0000 {} type=1 (UNICAST)] > 2023/11/06 09:46:21 ZEBRA: [KFBSR-XYJV1] rta [len=8 (payload=4) type=(1) DST] > 2023/11/06 09:46:21 ZEBRA: [M8QV4-KY9C0] 11.255.255.1 > 2023/11/06 09:46:21 ZEBRA: [KFBSR-XYJV1] rta [len=8 (payload=4) type=(2) LLADDR] > 2023/11/06 09:46:21 ZEBRA: [V74GD-NYS6Y] 0A:7D:00:01 > 2023/11/06 09:46:21 ZEBRA: [KFBSR-XYJV1] rta [len=8 (payload=4) type=(4) PROBES] > 2023/11/06 09:46:21 ZEBRA: [KFBSR-XYJV1] rta [len=20 (payload=16) type=(3) CACHEINFO] > 2023/11/06 09:46:21 ZEBRA: [KFBSR-XYJV1] rta [len=5 (payload=1) type=(12) UNKNOWN] > 2023/11/06 09:46:21 ZEBRA: [S4WS4-PS3KF] netlink_parse_info: netlink-listen (NS 0) type RTM_NEWNEIGH(28), len=76, seq=0, pid=0 > 2023/11/06 09:46:21 ZEBRA: [TDS34-MNEJW] Neighbor Entry received is not on a VLAN or a BRIDGE, ignoring > 2023/11/06 09:46:21 NHRP: [QQ0NK-1H449] Netlink: who-has 11.255.255.1 dev gre1 lladdr 10.125.0.1 nud 0x10 cache used 0 type 5 > 2023/11/06 09:46:21 NHRP: [QVXNM-NVHEQ] Netlink: update binding for 11.255.255.1 dev gre1 from c (unspec) peer.vc.nbma 10.125.0.1 to lladdr 10.125.0.1 > 2023/11/06 09:46:21 NHRP: [QQ0NK-1H449] Netlink: new-neigh 11.255.255.1 dev gre1 lladdr 10.125.0.1 nud 0x10 cache used 1 type 5 > 2023/11/06 09:46:21 ZEBRA: [NH6N7-54CD1] Tx RTM_NEWNEIGH family ipv4 IF gre1(10) Neigh 11.255.255.1 Link 10.125.0.1 flags 0x0 state 0x2 ext_flags 0x0 > 2023/11/06 09:46:21 ZEBRA: [HYEHE-CQZ9G] nl_batch_send: netlink-dp (NS 0), batch size=52, msg cnt=1 The NHRP daemon relies on zebra netlink layer. Read and write operations are done on two different sockets. As a filter is attached to the read socket to prevent from reading notifications from the write socket, the NEWNEIGH operations from NHRP are ignored. Fix this by adding an exception in the netlink filter to autorise NEWNEIGH notifications. Consequently, the REACHABLE state is notified to NHRP. > north-vm# show ip nhrp cache > Iface Type Protocol NBMA Claimed NBMA Flags Identity > gre1 local 11.255.255.2 10.125.0.2 10.125.0.2 - > gre1 nhs 11.255.255.1 10.125.0.1 10.125.0.1 UT west <---- Link: https://flylib.com/books/3/475/1/html/2/images/0131777203/graphics/15fig06.gif Fixes: b3b751046495 ("nhrpd: link layer registration to notificationas") Signed-off-by: Philippe Guibert --- zebra/kernel_netlink.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/zebra/kernel_netlink.c b/zebra/kernel_netlink.c index d2f1db67ee58..e13b32b168b0 100644 --- a/zebra/kernel_netlink.c +++ b/zebra/kernel_netlink.c @@ -555,7 +555,7 @@ static void netlink_install_filter(int sock, uint32_t pid, uint32_t dplane_pid) * nlmsg_pid == dplane_pid) { * if (the incoming nlmsg_type == * RTM_NEWADDR || RTM_DELADDR || RTM_NEWNETCONF || - * RTM_DELNETCONF) + * RTM_DELNETCONF || RTM_NEWNEIGH * keep this message * else * skip this message @@ -574,7 +574,7 @@ static void netlink_install_filter(int sock, uint32_t pid, uint32_t dplane_pid) /* * 2: Compare to dplane pid */ - BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, htonl(dplane_pid), 0, 6), + BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, htonl(dplane_pid), 0, 7), /* * 3: Load the nlmsg_type into BPF register */ @@ -583,27 +583,29 @@ static void netlink_install_filter(int sock, uint32_t pid, uint32_t dplane_pid) /* * 4: Compare to RTM_NEWADDR */ - BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, htons(RTM_NEWADDR), 4, 0), + BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, htons(RTM_NEWADDR), 5, 0), /* * 5: Compare to RTM_DELADDR */ - BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, htons(RTM_DELADDR), 3, 0), + BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, htons(RTM_DELADDR), 4, 0), /* * 6: Compare to RTM_NEWNETCONF */ - BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, htons(RTM_NEWNETCONF), 2, - 0), + BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, htons(RTM_NEWNETCONF), 3, 0), /* * 7: Compare to RTM_DELNETCONF */ - BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, htons(RTM_DELNETCONF), 1, - 0), + BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, htons(RTM_DELNETCONF), 2, 0), /* - * 8: This is the end state of we want to skip the + * 8: Compare to RTM_NEWNEIGH + */ + BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, htons(RTM_NEWNEIGH), 1, 0), + /* + * 9: This is the end state of we want to skip the * message */ BPF_STMT(BPF_RET | BPF_K, 0), - /* 9: This is the end state of we want to keep + /* 10: This is the end state of we want to keep * the message */ BPF_STMT(BPF_RET | BPF_K, 0xffff), From 593907ef97565c4bf1896959e34b26fb3c14584a Mon Sep 17 00:00:00 2001 From: Louis Scalbert Date: Tue, 3 Sep 2024 10:29:44 +0200 Subject: [PATCH 6/8] tests: expect nhrp used state true Expect expect nhrp used state true. Signed-off-by: Louis Scalbert --- tests/topotests/nhrp_redundancy/nhc1/nhrp_cache.json | 6 +++--- .../nhrp_redundancy/nhc1/nhrp_cache_nhs1_down.json | 4 ++-- tests/topotests/nhrp_redundancy/nhc2/nhrp_cache.json | 6 +++--- .../nhrp_redundancy/nhc2/nhrp_cache_nhs1_down.json | 4 ++-- tests/topotests/nhrp_redundancy/nhs1/nhrp_cache.json | 4 ++-- tests/topotests/nhrp_redundancy/nhs2/nhrp_cache.json | 4 ++-- .../nhrp_redundancy/nhs2/nhrp_cache_nhs1_down.json | 4 ++-- tests/topotests/nhrp_redundancy/nhs3/nhrp_cache.json | 4 ++-- .../nhrp_redundancy/nhs3/nhrp_cache_nhs1_down.json | 4 ++-- tests/topotests/nhrp_topo/r1/nhrp4_cache.json | 2 +- tests/topotests/nhrp_topo/r2/nhrp4_cache.json | 2 +- 11 files changed, 22 insertions(+), 22 deletions(-) diff --git a/tests/topotests/nhrp_redundancy/nhc1/nhrp_cache.json b/tests/topotests/nhrp_redundancy/nhc1/nhrp_cache.json index fa190acd1983..cadbaefb22c9 100644 --- a/tests/topotests/nhrp_redundancy/nhc1/nhrp_cache.json +++ b/tests/topotests/nhrp_redundancy/nhc1/nhrp_cache.json @@ -9,7 +9,7 @@ "protocol": "172.16.1.2", "nbma": "192.168.1.2", "claimedNbma": "192.168.1.2", - "used": false, + "used": true, "timeout": true, "auth": false, "identity": "" @@ -31,7 +31,7 @@ "protocol": "172.16.1.3", "nbma": "192.168.1.3", "claimedNbma": "192.168.1.3", - "used": false, + "used": true, "timeout": true, "auth": false, "identity": "" @@ -42,7 +42,7 @@ "protocol": "172.16.1.1", "nbma": "192.168.1.1", "claimedNbma": "192.168.1.1", - "used": false, + "used": true, "timeout": true, "auth": false, "identity": "" diff --git a/tests/topotests/nhrp_redundancy/nhc1/nhrp_cache_nhs1_down.json b/tests/topotests/nhrp_redundancy/nhc1/nhrp_cache_nhs1_down.json index 08ab809c45b9..28a4f9a1c903 100644 --- a/tests/topotests/nhrp_redundancy/nhc1/nhrp_cache_nhs1_down.json +++ b/tests/topotests/nhrp_redundancy/nhc1/nhrp_cache_nhs1_down.json @@ -9,7 +9,7 @@ "protocol": "172.16.1.2", "nbma": "192.168.1.2", "claimedNbma": "192.168.1.2", - "used": false, + "used": true, "timeout": true, "auth": false, "identity": "" @@ -31,7 +31,7 @@ "protocol": "172.16.1.3", "nbma": "192.168.1.3", "claimedNbma": "192.168.1.3", - "used": false, + "used": true, "timeout": true, "auth": false, "identity": "" diff --git a/tests/topotests/nhrp_redundancy/nhc2/nhrp_cache.json b/tests/topotests/nhrp_redundancy/nhc2/nhrp_cache.json index 9d08d81803df..acd719eef9e9 100644 --- a/tests/topotests/nhrp_redundancy/nhc2/nhrp_cache.json +++ b/tests/topotests/nhrp_redundancy/nhc2/nhrp_cache.json @@ -9,7 +9,7 @@ "protocol": "172.16.1.2", "nbma": "192.168.1.2", "claimedNbma": "192.168.1.2", - "used": false, + "used": true, "timeout": true, "auth": false, "identity": "" @@ -20,7 +20,7 @@ "protocol": "172.16.1.3", "nbma": "192.168.1.3", "claimedNbma": "192.168.1.3", - "used": false, + "used": true, "timeout": true, "auth": false, "identity": "" @@ -31,7 +31,7 @@ "protocol": "172.16.1.1", "nbma": "192.168.1.1", "claimedNbma": "192.168.1.1", - "used": false, + "used": true, "timeout": true, "auth": false, "identity": "" diff --git a/tests/topotests/nhrp_redundancy/nhc2/nhrp_cache_nhs1_down.json b/tests/topotests/nhrp_redundancy/nhc2/nhrp_cache_nhs1_down.json index c8a950600793..00b03ac4061b 100644 --- a/tests/topotests/nhrp_redundancy/nhc2/nhrp_cache_nhs1_down.json +++ b/tests/topotests/nhrp_redundancy/nhc2/nhrp_cache_nhs1_down.json @@ -9,7 +9,7 @@ "protocol": "172.16.1.2", "nbma": "192.168.1.2", "claimedNbma": "192.168.1.2", - "used": false, + "used": true, "timeout": true, "auth": false, "identity": "" @@ -20,7 +20,7 @@ "protocol": "172.16.1.3", "nbma": "192.168.1.3", "claimedNbma": "192.168.1.3", - "used": false, + "used": true, "timeout": true, "auth": false, "identity": "" diff --git a/tests/topotests/nhrp_redundancy/nhs1/nhrp_cache.json b/tests/topotests/nhrp_redundancy/nhs1/nhrp_cache.json index 393c0f1f7b69..663b506674d0 100644 --- a/tests/topotests/nhrp_redundancy/nhs1/nhrp_cache.json +++ b/tests/topotests/nhrp_redundancy/nhs1/nhrp_cache.json @@ -9,7 +9,7 @@ "protocol": "172.16.1.4", "nbma": "192.168.2.4", "claimedNbma": "192.168.2.4", - "used": false, + "used": true, "timeout": true, "auth": false, "identity": "" @@ -31,7 +31,7 @@ "protocol": "172.16.1.5", "nbma": "192.168.2.5", "claimedNbma": "192.168.2.5", - "used": false, + "used": true, "timeout": true, "auth": false, "identity": "" diff --git a/tests/topotests/nhrp_redundancy/nhs2/nhrp_cache.json b/tests/topotests/nhrp_redundancy/nhs2/nhrp_cache.json index 7fc0cf3d988a..9e436df16299 100644 --- a/tests/topotests/nhrp_redundancy/nhs2/nhrp_cache.json +++ b/tests/topotests/nhrp_redundancy/nhs2/nhrp_cache.json @@ -20,7 +20,7 @@ "protocol": "172.16.1.4", "nbma": "192.168.2.4", "claimedNbma": "192.168.2.4", - "used": false, + "used": true, "timeout": true, "auth": false, "identity": "" @@ -31,7 +31,7 @@ "protocol": "172.16.1.5", "nbma": "192.168.2.5", "claimedNbma": "192.168.2.5", - "used": false, + "used": true, "timeout": true, "auth": false, "identity": "" diff --git a/tests/topotests/nhrp_redundancy/nhs2/nhrp_cache_nhs1_down.json b/tests/topotests/nhrp_redundancy/nhs2/nhrp_cache_nhs1_down.json index 7fc0cf3d988a..9e436df16299 100644 --- a/tests/topotests/nhrp_redundancy/nhs2/nhrp_cache_nhs1_down.json +++ b/tests/topotests/nhrp_redundancy/nhs2/nhrp_cache_nhs1_down.json @@ -20,7 +20,7 @@ "protocol": "172.16.1.4", "nbma": "192.168.2.4", "claimedNbma": "192.168.2.4", - "used": false, + "used": true, "timeout": true, "auth": false, "identity": "" @@ -31,7 +31,7 @@ "protocol": "172.16.1.5", "nbma": "192.168.2.5", "claimedNbma": "192.168.2.5", - "used": false, + "used": true, "timeout": true, "auth": false, "identity": "" diff --git a/tests/topotests/nhrp_redundancy/nhs3/nhrp_cache.json b/tests/topotests/nhrp_redundancy/nhs3/nhrp_cache.json index 45c634c3900b..3dd6fbeb69c4 100644 --- a/tests/topotests/nhrp_redundancy/nhs3/nhrp_cache.json +++ b/tests/topotests/nhrp_redundancy/nhs3/nhrp_cache.json @@ -9,7 +9,7 @@ "protocol": "172.16.1.4", "nbma": "192.168.2.4", "claimedNbma": "192.168.2.4", - "used": false, + "used": true, "timeout": true, "auth": false, "identity": "" @@ -31,7 +31,7 @@ "protocol": "172.16.1.5", "nbma": "192.168.2.5", "claimedNbma": "192.168.2.5", - "used": false, + "used": true, "timeout": true, "auth": false, "identity": "" diff --git a/tests/topotests/nhrp_redundancy/nhs3/nhrp_cache_nhs1_down.json b/tests/topotests/nhrp_redundancy/nhs3/nhrp_cache_nhs1_down.json index 45c634c3900b..3dd6fbeb69c4 100644 --- a/tests/topotests/nhrp_redundancy/nhs3/nhrp_cache_nhs1_down.json +++ b/tests/topotests/nhrp_redundancy/nhs3/nhrp_cache_nhs1_down.json @@ -9,7 +9,7 @@ "protocol": "172.16.1.4", "nbma": "192.168.2.4", "claimedNbma": "192.168.2.4", - "used": false, + "used": true, "timeout": true, "auth": false, "identity": "" @@ -31,7 +31,7 @@ "protocol": "172.16.1.5", "nbma": "192.168.2.5", "claimedNbma": "192.168.2.5", - "used": false, + "used": true, "timeout": true, "auth": false, "identity": "" diff --git a/tests/topotests/nhrp_topo/r1/nhrp4_cache.json b/tests/topotests/nhrp_topo/r1/nhrp4_cache.json index c79a9de9bb21..72336ae3e55e 100644 --- a/tests/topotests/nhrp_topo/r1/nhrp4_cache.json +++ b/tests/topotests/nhrp_topo/r1/nhrp4_cache.json @@ -9,7 +9,7 @@ "protocol":"10.255.255.2", "nbma":"10.2.1.2", "claimedNbma":"10.2.1.2", - "used":false, + "used": true, "timeout":true, "auth":false, "identity":"" diff --git a/tests/topotests/nhrp_topo/r2/nhrp4_cache.json b/tests/topotests/nhrp_topo/r2/nhrp4_cache.json index 37918828caab..8fca22c24d56 100644 --- a/tests/topotests/nhrp_topo/r2/nhrp4_cache.json +++ b/tests/topotests/nhrp_topo/r2/nhrp4_cache.json @@ -20,7 +20,7 @@ "protocol":"10.255.255.1", "nbma":"10.1.1.1", "claimedNbma":"10.1.1.1", - "used":false, + "used": true, "timeout":true, "auth":false, "identity":"" From 65540b8d593908efda723e8e1a28b35f9292614a Mon Sep 17 00:00:00 2001 From: Louis Scalbert Date: Mon, 2 Sep 2024 17:52:13 +0200 Subject: [PATCH 7/8] tests: nhrp_redundancy, use check_ping Use the check_ping library function. Signed-off-by: Louis Scalbert --- .../nhrp_redundancy/test_nhrp_redundancy.py | 83 ++----------------- 1 file changed, 9 insertions(+), 74 deletions(-) diff --git a/tests/topotests/nhrp_redundancy/test_nhrp_redundancy.py b/tests/topotests/nhrp_redundancy/test_nhrp_redundancy.py index 06777aaa23dd..8d0e16c88921 100644 --- a/tests/topotests/nhrp_redundancy/test_nhrp_redundancy.py +++ b/tests/topotests/nhrp_redundancy/test_nhrp_redundancy.py @@ -23,6 +23,8 @@ shutdown_bringup_interface, retry, ) +from lib.checkping import check_ping + """ test_nhrp_redundancy.py: Test NHS redundancy for NHRP @@ -236,71 +238,21 @@ def test_protocols_convergence(): assert result is None, assertmsg # Test connectivity from 1 NHRP server to all clients - nhs1 = tgen.gears["nhs1"] logger.info("Check Ping IPv4 from nhs1 to nhc1 = 172.16.1.4)") - output = nhs1.run("ping 172.16.1.4 -f -c 1000") - logger.info(output) - if "1000 packets transmitted, 1000 received" not in output: - assertmsg = "expected ping IPv4 from nhs1 to nhc1 should be ok" - assert 0, assertmsg - else: - logger.info("Check Ping IPv4 from nhs1 to nhc1 OK") + check_ping("nhs1", "172.16.1.4", True, 10, 0.5) logger.info("Check Ping IPv4 from nhs1 to nhc2 = 172.16.1.5)") - output = nhs1.run("ping 172.16.1.5 -f -c 1000") - logger.info(output) - if "1000 packets transmitted, 1000 received" not in output: - assertmsg = "expected ping IPv4 from nhs1 to nhc2 should be ok" - assert 0, assertmsg - else: - logger.info("Check Ping IPv4 from nhs1 to nhc2 OK") + check_ping("nhs1", "172.16.1.5", True, 10, 0.5) # Test connectivity from 1 NHRP client to all servers - nhc1 = tgen.gears["nhc1"] logger.info("Check Ping IPv4 from nhc1 to nhs1 = 172.16.1.1)") - output = nhc1.run("ping 172.16.1.1 -f -c 1000") - logger.info(output) - if "1000 packets transmitted, 1000 received" not in output: - assertmsg = "expected ping IPv4 from nhc1 to nhs1 should be ok" - assert 0, assertmsg - else: - logger.info("Check Ping IPv4 from nhc1 to nhs1 OK") + check_ping("nhc1", "172.16.1.1", True, 10, 0.5) logger.info("Check Ping IPv4 from nhc1 to nhs2 = 172.16.1.2)") - output = nhc1.run("ping 172.16.1.2 -f -c 1000") - logger.info(output) - if "1000 packets transmitted, 1000 received" not in output: - assertmsg = "expected ping IPv4 from nhc1 to nhs2 should be ok" - assert 0, assertmsg - else: - logger.info("Check Ping IPv4 from nhc1 to nhs2 OK") + check_ping("nhc1", "172.16.1.2", True, 10, 0.5) logger.info("Check Ping IPv4 from nhc1 to nhs3 = 172.16.1.3)") - output = nhc1.run("ping 172.16.1.3 -f -c 1000") - logger.info(output) - if "1000 packets transmitted, 1000 received" not in output: - assertmsg = "expected ping IPv4 from nhc1 to nhs3 should be ok" - assert 0, assertmsg - else: - logger.info("Check Ping IPv4 from nhc1 to nhs3 OK") - - -@retry(retry_timeout=30, initial_wait=5) -def verify_shortcut_path(): - """ - Verifying that traffic flows through shortcut path - """ - tgen = get_topogen() - host = tgen.gears["host"] - logger.info("Check Ping IPv4 from host to nhc2 = 10.5.5.5") - - output = host.run("ping 10.5.5.5 -f -c 1000") - logger.info(output) - if "1000 packets transmitted, 1000 received" not in output: - assertmsg = "expected ping IPv4 from host to nhc2 should be ok" - assert 0, assertmsg - else: - logger.info("Check Ping IPv4 from host to nhc2 OK") + check_ping("nhc1", "172.16.1.3", True, 10, 0.5) def test_redundancy_shortcut(): @@ -335,16 +287,8 @@ def test_redundancy_shortcut(): assert result is None, assertmsg # Initiate shortcut by pinging between clients - host = tgen.gears["host"] logger.info("Check Ping IPv4 from host to nhc2 via shortcut = 10.5.5.5") - - output = host.run("ping 10.5.5.5 -f -c 1000") - logger.info(output) - if "1000 packets transmitted, 1000 received" not in output: - assertmsg = "expected ping IPv4 from host to nhc2 via shortcut should be ok" - assert 0, assertmsg - else: - logger.info("Check Ping IPv4 from host to nhc2 via shortcut OK") + check_ping("host", "10.5.5.5", True, 10, 0.5) # Now check that NHRP shortcut route installed json_file = "{}/{}/nhrp_route_shortcut.json".format(CWD, nhc1.name) @@ -450,17 +394,8 @@ def test_redundancy_shortcut_backup(): assertmsg = '"{}" JSON output mismatches'.format(router.name) assert result is None, assertmsg - # Verify shortcut is still active - host = tgen.gears["host"] logger.info("Check Ping IPv4 from host to nhc2 via shortcut = 10.5.5.5") - - output = host.run("ping 10.5.5.5 -f -c 1000") - logger.info(output) - if "1000 packets transmitted, 1000 received" not in output: - assertmsg = "expected ping IPv4 from host to nhc2 via shortcut should be ok" - assert 0, assertmsg - else: - logger.info("Check Ping IPv4 from host to nhc2 via shortcut OK") + check_ping("host", "10.5.5.5", True, 10, 0.5) # Verify shortcut is present in routing table json_file = "{}/{}/nhrp_route_shortcut_nhs1_down.json".format(CWD, nhc1.name) From c06c32e846e39237f0dae6d8e4c778b9d01f3488 Mon Sep 17 00:00:00 2001 From: Louis Scalbert Date: Mon, 2 Sep 2024 17:52:13 +0200 Subject: [PATCH 8/8] tests: adapt nhrp_redundancy The test expected the NHRP shortcut on nhc1 to expire after 10s in the absence of traffic. Previous patches no longer cause shortcuts to expire unless the remote network is down or the kernel has removed neighbor entries to the remote network. Test that the shortcut only expires in these cases. Note that the shortcut mechanism is based on NHRP type 8 (NHRP traffic indication) packets that is not part of RFC2332 but of draft-detienne-dmvpn-01. The tested behavior conforms with: > an NHRP cache entry is created for TunS1 => PubS1. The entry > SHOULD NOT remain in the cache for more than the specified Hold > Time (from the NHRP Resolution Request). This NHRP cache entry > may be 'refreshed' for another hold time period prior to expiry by > receipt of another matching NHRP Resolution Request or by sending > an NHRP Resolution Request and receiving an NHRP Resolution Reply. Signed-off-by: Louis Scalbert --- .../nhrp_redundancy/test_nhrp_redundancy.py | 49 +++++++++++++++++-- 1 file changed, 45 insertions(+), 4 deletions(-) diff --git a/tests/topotests/nhrp_redundancy/test_nhrp_redundancy.py b/tests/topotests/nhrp_redundancy/test_nhrp_redundancy.py index 8d0e16c88921..36c4cf8f9a7a 100644 --- a/tests/topotests/nhrp_redundancy/test_nhrp_redundancy.py +++ b/tests/topotests/nhrp_redundancy/test_nhrp_redundancy.py @@ -291,6 +291,7 @@ def test_redundancy_shortcut(): check_ping("host", "10.5.5.5", True, 10, 0.5) # Now check that NHRP shortcut route installed + logger.info("Check that NHRP shortcut route installed") json_file = "{}/{}/nhrp_route_shortcut.json".format(CWD, nhc1.name) assertmsg = "No nhrp_route file found" assert os.path.isfile(json_file), assertmsg @@ -307,6 +308,7 @@ def test_redundancy_shortcut(): assertmsg = '"{}" JSON output mismatches'.format(nhc1.name) assert result is None, assertmsg + logger.info("Check the shortcut") json_file = "{}/{}/nhrp_shortcut_present.json".format(CWD, nhc1.name) expected = json.loads(open(json_file).read()) test_func = partial( @@ -320,6 +322,22 @@ def test_redundancy_shortcut(): assertmsg = '"{}" JSON output mismatches'.format(nhc1.name) assert result is None, assertmsg + +def test_redundancy_shortcut_nhc2_down(): + """ + Check that the traffic disappears after nhc2 is shutdown + """ + tgen = get_topogen() + if tgen.routers_have_failure(): + pytest.skip(tgen.errors) + + nhc1 = tgen.gears["nhc1"] + router_list = tgen.routers() + + logger.info("Bringing down nhc2.") + shutdown_bringup_interface(tgen, "nhc2", "nhc2-gre0", False) + + logger.info("Check the shortcut disappears") # check the shortcut disappears because of no traffic json_file = "{}/{}/nhrp_shortcut_absent.json".format(CWD, nhc1.name) expected = json.loads(open(json_file).read()) @@ -335,7 +353,7 @@ def test_redundancy_shortcut(): assert result is None, assertmsg -def test_redundancy_shortcut_backup(): +def test_redundancy_shortcut_nhs1_down(): """ Stop traffic and verify next time traffic started, shortcut is initiated by backup NHS """ @@ -352,8 +370,10 @@ def test_redundancy_shortcut_backup(): # Bring down primary GRE interface and verify shortcut is not disturbed logger.info("Bringing down nhs1, primary NHRP server.") shutdown_bringup_interface(tgen, "nhs1", "nhs1-gre0", False) + logger.info("Bringing up nhc2.") + shutdown_bringup_interface(tgen, "nhc2", "nhc2-gre0", True) - # Check NHRP cache on servers and clients + logger.info("Check NHRP cache on servers and clients") for rname, router in router_list.items(): if "nh" not in rname: continue @@ -397,7 +417,7 @@ def test_redundancy_shortcut_backup(): logger.info("Check Ping IPv4 from host to nhc2 via shortcut = 10.5.5.5") check_ping("host", "10.5.5.5", True, 10, 0.5) - # Verify shortcut is present in routing table + logger.info("Check that shortcut is present in routing table") json_file = "{}/{}/nhrp_route_shortcut_nhs1_down.json".format(CWD, nhc1.name) assertmsg = "No nhrp_route file found" assert os.path.isfile(json_file), assertmsg @@ -424,7 +444,28 @@ def test_redundancy_shortcut_backup(): assertmsg = '"{}" JSON output mismatches'.format(nhc1.name) assert result is None, assertmsg - # Now verify shortcut is purged with lack of traffic + +def test_redundancy_shortcut_del_arp(): + """ + Stop traffic and verify next time traffic started, shortcut is initiated by backup NHS + """ + tgen = get_topogen() + if tgen.routers_have_failure(): + pytest.skip(tgen.errors) + + if not _verify_iptables(): + pytest.skip("iptables not installed") + + nhc1 = tgen.gears["nhc1"] + router_list = tgen.routers() + + logger.info("Remove ARP on nhc1 to nhc2") + nhc1.cmd("ip neigh del 10.5.5.5 dev nhc1-gre0") + nhc1.cmd("ip neigh del 172.16.1.5 dev nhc1-gre0") + + logger.info( + "Check that shortcut is purged with lack of traffic and neighbor entries" + ) json_file = "{}/{}/nhrp_route_nhs1_down.json".format(CWD, nhc1.name) assertmsg = "No nhrp_route file found" assert os.path.isfile(json_file), assertmsg