From d30afa2d48c9f56ec2570e5b4b71061e5d65691e Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 3 Jan 2021 22:31:58 +0100 Subject: smoketest: add basic BGP testing --- smoketest/scripts/cli/test_protocols_bgp.py | 221 ++++++++++++++++++++++++++++ 1 file changed, 221 insertions(+) create mode 100755 smoketest/scripts/cli/test_protocols_bgp.py (limited to 'smoketest/scripts/cli') diff --git a/smoketest/scripts/cli/test_protocols_bgp.py b/smoketest/scripts/cli/test_protocols_bgp.py new file mode 100755 index 000000000..941d7828f --- /dev/null +++ b/smoketest/scripts/cli/test_protocols_bgp.py @@ -0,0 +1,221 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2021 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +import os +import unittest + +from vyos.configsession import ConfigSession +from vyos.configsession import ConfigSessionError +from vyos.util import cmd +from vyos.util import process_named_running + +PROCESS_NAME = 'bgpd' +ASN = '64512' +base_path = ['protocols', 'bgp', ASN] + +neighbor_config = { + '192.0.2.1' : { + 'remote_as' : '100', + 'adv_interv' : '400', + 'passive' : '', + 'password' : 'VyOS-Secure123', + 'shutdown' : '', + 'cap_over' : '', + 'ttl_security': '5', + }, + '192.0.2.2' : { + 'remote_as' : '200', + 'shutdown' : '', + 'no_cap_nego' : '', + 'port' : '667', + 'cap_strict' : '', + }, + '192.0.2.3' : { +# XXX: not available in current Perl backend +# 'description' : 'foo bar baz', + 'remote_as' : '200', + 'passive' : '', + 'multi_hop' : '5', + }, +} + +peer_group_config = { + 'foo' : { + 'remote_as' : '100', + 'passive' : '', + 'password' : 'VyOS-Secure123', + 'shutdown' : '', + 'cap_over' : '', +# XXX: not available in current Perl backend +# 'ttl_security': '5', + }, + 'bar' : { + 'remote_as' : '200', + 'shutdown' : '', + 'no_cap_nego' : '', + }, + 'baz' : { + 'remote_as' : '200', + 'passive' : '', + 'multi_hop' : '5', + }, +} + + +def getFRRBGPconfig(): + return cmd(f'vtysh -c "show run" | sed -n "/router bgp {ASN}/,/^!/p"') + +class TestProtocolsBGP(unittest.TestCase): + def setUp(self): + self.session = ConfigSession(os.getpid()) + + def tearDown(self): + self.session.delete(base_path) + self.session.commit() + del self.session + + def test_bgp_01_simple(self): + router_id = '127.0.0.1' + local_pref = '500' + + self.session.set(base_path + ['parameters', 'router-id', router_id]) + self.session.set(base_path + ['parameters', 'log-neighbor-changes']) + # Default local preference (higher=more preferred) + self.session.set(base_path + ['parameters', 'default', 'local-pref', local_pref]) + # Deactivate IPv4 unicast for a peer by default + self.session.set(base_path + ['parameters', 'default', 'no-ipv4-unicast']) + + # commit changes + self.session.commit() + + # Verify FRR bgpd configuration + frrconfig = getFRRBGPconfig() + self.assertIn(f'router bgp {ASN}', frrconfig) + self.assertIn(f' bgp router-id {router_id}', frrconfig) + self.assertIn(f' bgp log-neighbor-changes', frrconfig) + self.assertIn(f' bgp default local-preference {local_pref}', frrconfig) + self.assertIn(f' no bgp default ipv4-unicast', frrconfig) + + # Check for running process + self.assertTrue(process_named_running(PROCESS_NAME)) + + def test_bgp_02_neighbors(self): + for neighbor, config in neighbor_config.items(): + if 'remote_as' in config: + self.session.set(base_path + ['neighbor', neighbor, 'remote-as', config["remote_as"]]) + if 'description' in config: + self.session.set(base_path + ['neighbor', neighbor, 'description', config["description"]]) + if 'passive' in config: + self.session.set(base_path + ['neighbor', neighbor, 'passive']) + if 'password' in config: + self.session.set(base_path + ['neighbor', neighbor, 'password', config["password"]]) + if 'shutdown' in config: + self.session.set(base_path + ['neighbor', neighbor, 'shutdown']) + if 'adv_interv' in config: + self.session.set(base_path + ['neighbor', neighbor, 'advertisement-interval', config["adv_interv"]]) + if 'no_cap_nego' in config: + self.session.set(base_path + ['neighbor', neighbor, 'disable-capability-negotiation']) + if 'port' in config: + self.session.set(base_path + ['neighbor', neighbor, 'port', config["port"]]) + if 'multi_hop' in config: + self.session.set(base_path + ['neighbor', neighbor, 'ebgp-multihop', config["multi_hop"]]) + if 'cap_over' in config: + self.session.set(base_path + ['neighbor', neighbor, 'override-capability']) + if 'cap_strict' in config: + self.session.set(base_path + ['neighbor', neighbor, 'strict-capability-match']) + if 'ttl_security' in config: + self.session.set(base_path + ['neighbor', neighbor, 'ttl-security', 'hops', config["ttl_security"]]) + + # commit changes + self.session.commit() + + # Verify FRR bgpd configuration + frrconfig = getFRRBGPconfig() + self.assertIn(f'router bgp {ASN}', frrconfig) + + for neighbor, config in neighbor_config.items(): + if 'remote_as' in config: + self.assertIn(f' neighbor {neighbor} remote-as {config["remote_as"]}', frrconfig) + if 'description' in config: + self.assertIn(f' neighbor {neighbor} description {config["description"]}', frrconfig) + if 'passive' in config: + self.assertIn(f' neighbor {neighbor} passive', frrconfig) + if 'password' in config: + self.assertIn(f' neighbor {neighbor} password {config["password"]}', frrconfig) + if 'shutdown' in config: + self.assertIn(f' neighbor {neighbor} shutdown', frrconfig) + if 'adv_interv' in config: + self.assertIn(f' neighbor {neighbor} advertisement-interval {config["adv_interv"]}', frrconfig) + if 'no_cap_nego' in config: + self.assertIn(f' neighbor {neighbor} dont-capability-negotiate', frrconfig) + if 'port' in config: + self.assertIn(f' neighbor {neighbor} port {config["port"]}', frrconfig) + if 'multi_hop' in config: + self.assertIn(f' neighbor {neighbor} ebgp-multihop {config["multi_hop"]}', frrconfig) + if 'cap_over' in config: + self.assertIn(f' neighbor {neighbor} override-capability', frrconfig) + if 'cap_strict' in config: + self.assertIn(f' neighbor {neighbor} strict-capability-match', frrconfig) + if 'ttl_security' in config: + self.assertIn(f' neighbor {neighbor} ttl-security hops {config["ttl_security"]}', frrconfig) + + def test_bgp_03_peer_groups(self): + for peer_group, config in peer_group_config.items(): + self.session.set(base_path + ['peer-group', peer_group, 'remote-as', config["remote_as"]]) + if 'passive' in config: + self.session.set(base_path + ['peer-group', peer_group, 'passive']) + if 'password' in config: + self.session.set(base_path + ['peer-group', peer_group, 'password', config["password"]]) + if 'shutdown' in config: + self.session.set(base_path + ['peer-group', peer_group, 'shutdown']) + if 'no_cap_nego' in config: + self.session.set(base_path + ['peer-group', peer_group, 'disable-capability-negotiation']) + if 'multi_hop' in config: + self.session.set(base_path + ['peer-group', peer_group, 'ebgp-multihop', config["multi_hop"]]) + if 'cap_over' in config: + self.session.set(base_path + ['peer-group', peer_group, 'override-capability']) + if 'ttl_security' in config: + self.session.set(base_path + ['peer-group', peer_group, 'ttl-security', 'hops', config["ttl_security"]]) + + # commit changes + self.session.commit() + + # Verify FRR bgpd configuration + frrconfig = getFRRBGPconfig() + self.assertIn(f'router bgp {ASN}', frrconfig) + + for peer_group, config in peer_group_config.items(): + self.assertIn(f' neighbor {peer_group} peer-group', frrconfig) + + if 'remote_as' in config: + self.assertIn(f' neighbor {peer_group} remote-as {config["remote_as"]}', frrconfig) + if 'passive' in config: + self.assertIn(f' neighbor {peer_group} passive', frrconfig) + if 'password' in config: + self.assertIn(f' neighbor {peer_group} password {config["password"]}', frrconfig) + if 'shutdown' in config: + self.assertIn(f' neighbor {peer_group} shutdown', frrconfig) + if 'no_cap_nego' in config: + self.assertIn(f' neighbor {peer_group} dont-capability-negotiate', frrconfig) + if 'multi_hop' in config: + self.assertIn(f' neighbor {peer_group} ebgp-multihop {config["multi_hop"]}', frrconfig) + if 'cap_over' in config: + self.assertIn(f' neighbor {peer_group} override-capability', frrconfig) + if 'ttl_security' in config: + self.assertIn(f' neighbor {peer_group} ttl-security hops {config["ttl_security"]}', frrconfig) + +if __name__ == '__main__': + unittest.main(verbosity=2) -- cgit v1.2.3