New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Te 18.6 gRIBI mpls in udp encapsulation for ip sec #3435

Open

vishnureddybadveli wants to merge 13 commits into openconfig:main from vishnureddybadveli:TE-18.6-gRIBI-MPLS-in-UDP-Encapsulation-for-IPSec

Contributor

vishnureddybadveli commented Sep 17, 2024

No description provided.

dplore and others added 7 commits

August 12, 2024 18:44


          introduce mpls-in-udp scale test


          update testresgistry

c0f0a67


          add readme

a334a93


          Merge branch 'main' into dplore/gribi-mpls-udp-scale

7e128e7


          renumber test

c2f53e9


          revise scale profiles

f2d8822


          TE-18.6 gRIBI MPLS in UDP Encapsulation for IPSec

5b31ea1

vishnureddybadveli requested a review from a team as a code owner

September 17, 2024 21:54

OpenConfigBot commented Sep 17, 2024 •

edited

Loading

Pull Request Functional Test Report for #3435 / `e5854e7`

No tests identified for validation.

coveralls commented Sep 17, 2024 •

edited

Loading

Pull Request Test Coverage Report for Build 11412151444

Warning: This coverage report may be inaccurate.

This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.

For more information on this, see Tracking coverage changes with pull request builds.
To avoid this issue with future PRs, see these Recommended CI Configurations.
For a quick fix, rebase this PR at GitHub. Your next report should be accurate.

Details

0 of 0 changed or added relevant lines in 0 files are covered.
3 unchanged lines in 1 file lost coverage.
Overall coverage increased (+0.02%) to 55.268%

Files with Coverage Reduction	New Missed Lines	%
topologies/binding/gnsi.go	3	0.0%

Totals
Change from base Build 10908915118:	0.02%
Covered Lines:	1983
Relevant Lines:	3588

💛 - Coveralls

vishnureddybadveli added 2 commits

September 17, 2024 15:00


          Changed test registery.

fb2f318


          Update testregistry.textproto

afeab01

dplore requested changes

View reviewed changes

testregistry.textproto Show resolved Hide resolved

feature/gribi/otg_tests/mpls_in_udp_ipsec/README.md Outdated

+                            dst_udp_port: "outer_dst_udp_port"
+                            ip_ttl: "outer_ip-ttl"
+                            dscp: "outer_dscp"
+                            key_chain_name: "ipsec_keychain"

Member

dplore Sep 17, 2024

add a comment here that updating the OC aft models to support key_chain_name is a TODO item

feature/gribi/otg_tests/mpls_in_udp_ipsec/README.md

+                }
+              }
+              ```

Member

dplore Sep 17, 2024

Need to add traffic generation profile

Need to add a test procedure with list of steps and validations.
ie:

send the gribi rpc
send traffic
verify packets are ipsec encrypted at ate receive port

Add a negative test case (that confirms traffic not matching is not encrypted/encaped)

feature/gribi/otg_tests/mpls_in_udp_ipsec/README.md

Comment on lines +177 to +182

+                #/network-instances/network-instance/afts/next-hops/next-hop/mpls-in-udp/state/src-ip:
+                #/network-instances/network-instance/afts/next-hops/next-hop/mpls-in-udp/state/dst-ip:
+                #/network-instances/network-instance/afts/next-hops/next-hop/mpls-in-udp/state/ip-ttl:
+                #/network-instances/network-instance/afts/next-hops/next-hop/mpls-in-udp/state/dst-udp-port:
+                #/network-instances/network-instance/afts/next-hops/next-hop/mpls-in-udp/state/dscp:
+                #/network-instances/network-instance/afts/next-hop-groups/next-hop-group/state/next-hop-group-id:

Member

dplore Sep 17, 2024

these paths shuold be updated to match the newer #1153 model with the encap-headers container

feature/gribi/otg_tests/mpls_in_udp_ipsec/README.md

+                #/network-instances/network-instance/afts/next-hops/next-hop/mpls-in-udp/state/dst-udp-port:
+                #/network-instances/network-instance/afts/next-hops/next-hop/mpls-in-udp/state/dscp:
+                #/network-instances/network-instance/afts/next-hop-groups/next-hop-group/state/next-hop-group-id:

Member

dplore Sep 17, 2024

are there any paths needed for monitoring ipsec?

feature/gribi/otg_tests/mpls_in_udp_ipsec/README.md

+                }
+              }
+              ```

Member

dplore Sep 17, 2024

need to add configuration for adding ipsec keychain and ipsec keys. Provide canonical OC for this.

Contributor Author

vishnureddybadveli Sep 27, 2024

Added AFT keychain canonical OC, added TODO's.

dplore self-assigned this

vishnureddybadveli changed the title ~~Te 18.6 g ribi mpls in udp encapsulation for ip sec~~ Te 18.6 gRIBI mpls in udp encapsulation for ip sec

This was referenced Sep 24, 2024

DP-2.2 QoS policer matching on next-hop-group #3383

Closed

TE-18.6 gRIBI MPLS in UDP encap with ipsec #3455

Open

vishnureddybadveli added 3 commits

September 25, 2024 10:36


          Added key chain paths with start and end time.

45d5ca9


          Add OC AFT's for keys

33887df

Added OC AFT's for keys


          Update to include decrypt.

f5566ae

vishnureddybadveli assigned robshakir

vishnureddybadveli requested review from robshakir and jaingaurav12

October 15, 2024 01:30

vishnureddybadveli assigned vishnureddybadveli and unassigned robshakir and dplore


          Removed IPSec keys with gRIBI its already covered in gNMI.

e5854e7

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet