From 2e85b7ccef45924f1aae03513e116b9087c7ef69 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Sat, 28 Oct 2023 20:57:38 +0200
Subject: vxlan: T5668: add CLI knob to enable ARP/ND suppression

In order to minimize the flooding of ARP and ND messages in the VXLAN network,
EVPN includes provisions [1] that allow participating VTEPs to suppress such
messages in case they know the MAC-IP binding and can reply on behalf of the
remote host. In Linux, the above is implemented in the bridge driver using a
per-port option called "neigh_suppress" that was added in kernel version 4.15.

[1] https://www.rfc-editor.org/rfc/rfc7432#section-10

(cherry picked from commit ec9a95502daa88b9632af12524e7cefebf86bab6)
---
 smoketest/scripts/cli/test_interfaces_vxlan.py | 39 ++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

(limited to 'smoketest')

diff --git a/smoketest/scripts/cli/test_interfaces_vxlan.py b/smoketest/scripts/cli/test_interfaces_vxlan.py
index cf05148ae..3a8b8ab99 100755
--- a/smoketest/scripts/cli/test_interfaces_vxlan.py
+++ b/smoketest/scripts/cli/test_interfaces_vxlan.py
@@ -177,11 +177,50 @@ class VXLANInterfaceTest(BasicInterfaceTest.TestCase):
 
         tmp = get_interface_config(interface)
         self.assertEqual(tmp['master'], bridge)
+        self.assertFalse(tmp['linkinfo']['info_slave_data']['neigh_suppress'])
 
         tmp = get_vxlan_vlan_tunnels('vxlan0')
         self.assertEqual(tmp, list(vlan_to_vni))
 
         self.cli_delete(['interfaces', 'bridge', bridge])
 
+    def test_vxlan_neighbor_suppress(self):
+        bridge = 'br555'
+        interface = 'vxlan555'
+        source_interface = 'eth0'
+
+        self.cli_set(self._base_path + [interface, 'external'])
+        self.cli_set(self._base_path + [interface, 'source-interface', source_interface])
+
+        self.cli_set(self._base_path + [interface, 'parameters', 'neighbor-suppress'])
+
+        # This must fail as this VXLAN interface is not associated with any bridge
+        with self.assertRaises(ConfigSessionError):
+            self.cli_commit()
+        self.cli_set(['interfaces', 'bridge', bridge, 'member', 'interface', interface])
+
+        # commit configuration
+        self.cli_commit()
+
+        self.assertTrue(interface_exists(bridge))
+        self.assertTrue(interface_exists(interface))
+
+        tmp = get_interface_config(interface)
+        self.assertEqual(tmp['master'], bridge)
+        self.assertTrue(tmp['linkinfo']['info_slave_data']['neigh_suppress'])
+        self.assertFalse(tmp['linkinfo']['info_slave_data']['learning'])
+
+        # Remove neighbor suppress configuration and re-test
+        self.cli_delete(self._base_path + [interface, 'parameters', 'neighbor-suppress'])
+        # commit configuration
+        self.cli_commit()
+
+        tmp = get_interface_config(interface)
+        self.assertEqual(tmp['master'], bridge)
+        self.assertFalse(tmp['linkinfo']['info_slave_data']['neigh_suppress'])
+        self.assertTrue(tmp['linkinfo']['info_slave_data']['learning'])
+
+        self.cli_delete(['interfaces', 'bridge', bridge])
+
 if __name__ == '__main__':
     unittest.main(verbosity=2)
-- 
cgit v1.2.3