summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-02-14 21:07:36 +0100
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2024-02-15 15:21:31 +0000
commit506f4b87951f91833cc43562bca2efa1ed9d2bd7 (patch)
treecd037790007081d444b0ada93e5a1db55f587c7f
parenteb079e4a49150934dec082861176f5a5213c1206 (diff)
downloadvyos-1x-506f4b87951f91833cc43562bca2efa1ed9d2bd7.tar.gz
vyos-1x-506f4b87951f91833cc43562bca2efa1ed9d2bd7.zip
rpki: T6034: extend config migration testcase
(cherry picked from commit 354603398b693af06695d5d1a7602f17079f8350)
-rw-r--r--smoketest/config-tests/rpki-only30
-rw-r--r--smoketest/configs/rpki-only51
2 files changed, 81 insertions, 0 deletions
diff --git a/smoketest/config-tests/rpki-only b/smoketest/config-tests/rpki-only
new file mode 100644
index 000000000..569463b12
--- /dev/null
+++ b/smoketest/config-tests/rpki-only
@@ -0,0 +1,30 @@
+set interfaces ethernet eth0 address '192.0.2.1/24'
+set interfaces ethernet eth0 address '2001:db8::1/64'
+set interfaces loopback lo
+set pki openssh rpki-5.6.7.8 private key 'b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcnNhAAAAAwEAAQAAAQEAweDyflDFR4qyEwETbJkZ2ZZc+sJNiDTvYpwGsWIkju49lJSxHe1xKf8FhwfyMu40Snt1yDlRmmmz4CsbLgbuZGMPvXG11e34+C0pSVUvpF6aqRTeLl1pDRK7Rnjgm3su+I8SRLQR4qbLG6VXWOFuVpwiqbExLaU0hFYTPNP+dArNpsWEEKsohk6pTXdhg3VzWp3vCMjl2JTshDa3lD7p2xISSAReEY0fnfEAmQzH4Z6DIwwGdFuMWoQIg+oFBM9ARrO2/FIjRsz6AecR/WeU72JEw4aJic1/cAJQA6PiQBHwkuo3Wll1tbpxeRZoB2NQG22ETyJLvhfTaooNLT9HpQAAA8joU5dM6FOXTAAAAAdzc2gtcnNhAAABAQDB4PJ+UMVHirITARNsmRnZllz6wk2INO9inAaxYiSO7j2UlLEd7XEp/wWHB/Iy7jRKe3XIOVGaabPgKxsuBu5kYw+9cbXV7fj4LSlJVS+kXpqpFN4uXWkNErtGeOCbey74jxJEtBHipssbpVdY4W5WnCKpsTEtpTSEVhM80/50Cs2mxYQQqyiGTqlNd2GDdXNane8IyOXYlOyENreUPunbEhJIBF4RjR+d8QCZDMfhnoMjDAZ0W4xahAiD6gUEz0BGs7b8UiNGzPoB5xH9Z5TvYkTDhomJzX9wAlADo+JAEfCS6jdaWXW1unF5FmgHY1AbbYRPIku+F9Nqig0tP0elAAAAAwEAAQAAAQACkDlUjzfUhtJs6uY5WNrdJB5NmHUS+HQzzxFNlhkapK6+wKqI1UNaRUtq6iF7J+gcFf7MK2nXS098BsXguWm8fQzPuemoDvHsQhiaJhyvpSqRUrvPTB/f8t/0AhQiKiJIWgfpTaIw53inAGwjujNNxNm2eafHTThhCYxOkRT7rsT6bnSio6yeqPy5QHg7IKFztp5FXDUyiOS3aX3SvzQcDUkMXALdvzX50t1XIk+X48Rgkq72dL4VpV2oMNDu3hM6FqBUplf9Mv3s51FNSma/cibCQoVufrIfoqYjkNTjIpYFUcq4zZ0/KvgXgzSsy9VN/4TtbalrOuu7X/SHJbvhAAAAgGPFsXgONYQvXxCnK1dIueozgaZg1I/n522E2ZCOXBW4dYJVyNpppwRreDzuFzTDEe061MpNHfScjVBJCCulivFYWscL6oaGsryDbFxO3QmB4I98UBqrds2yan9/JGc6EYe299yvaHy7Y64+NC0+fN8H2RAZ61T4w10JrCaJRyvzAAAAgQDvBfuV1U7o9k/fbU+U7W2UYnWblpOZAMfi1XQP6IJJeyWs90PdTdXh+l0eIQrCawIiRJytNfxMmbD4huwTf77fWiyCcPznmALQ7ex/yJ+W5Z0V4dPGF3h7o1uiS236JhQ7mfcliCkhp/1PIklBIMPcCp0zl+s9wMv2hX7w1Pah9QAAAIEAz6YgU9Xute+J+dBwoWxEQ+igR6KE55Um7O9AvSrqnCm9r7lSFsXC2ErYOxoDSJ3yIBEV0b4XAGn6tbbVIs3jS8BnLHxclAHQecOx1PGn7PKbnPW0oJRq/X9QCIEelKYvlykpayn7uZooTXqcDaPZxfPpmPdye8chVJvdygi7kPEAAAAMY3BvQExSMS53dWUzAQIDBAUGBw=='
+set pki openssh rpki-5.6.7.8 public key 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDB4PJ+UMVHirITARNsmRnZllz6wk2INO9inAaxYiSO7j2UlLEd7XEp/wWHB/Iy7jRKe3XIOVGaabPgKxsuBu5kYw+9cbXV7fj4LSlJVS+kXpqpFN4uXWkNErtGeOCbey74jxJEtBHipssbpVdY4W5WnCKpsTEtpTSEVhM80/50Cs2mxYQQqyiGTqlNd2GDdXNane8IyOXYlOyENreUPunbEhJIBF4RjR+d8QCZDMfhnoMjDAZ0W4xahAiD6gUEz0BGs7b8UiNGzPoB5xH9Z5TvYkTDhomJzX9wAlADo+JAEfCS6jdaWXW1unF5FmgHY1AbbYRPIku+F9Nqig0tP0el'
+set pki openssh rpki-5.6.7.8 public type 'ssh-rsa'
+set policy route-map ROUTES-IN rule 10 action 'permit'
+set policy route-map ROUTES-IN rule 10 match rpki 'valid'
+set policy route-map ROUTES-IN rule 10 set local-preference '300'
+set policy route-map ROUTES-IN rule 20 action 'permit'
+set policy route-map ROUTES-IN rule 20 match rpki 'notfound'
+set policy route-map ROUTES-IN rule 20 set local-preference '125'
+set policy route-map ROUTES-IN rule 30 action 'deny'
+set policy route-map ROUTES-IN rule 30 match rpki 'invalid'
+set protocols bgp neighbor 192.0.2.200 address-family ipv4-unicast route-map import 'ROUTES-IN'
+set protocols bgp neighbor 192.0.2.200 remote-as '200'
+set protocols bgp neighbor 2001:db8::200 address-family ipv6-unicast route-map import 'ROUTES-IN'
+set protocols bgp neighbor 2001:db8::200 remote-as '200'
+set protocols bgp system-as '100'
+set protocols rpki cache 1.2.3.4 port '3323'
+set protocols rpki cache 1.2.3.4 preference '10'
+set protocols rpki cache 5.6.7.8 port '2222'
+set protocols rpki cache 5.6.7.8 preference '20'
+set protocols rpki cache 5.6.7.8 ssh key 'rpki-5.6.7.8'
+set protocols rpki cache 5.6.7.8 ssh username 'vyos'
+set system host-name 'vyos'
+set system login user vyos authentication encrypted-password '$6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0'
+set system login user vyos authentication plaintext-password ''
+set system syslog global facility all level 'debug'
+set system console device ttyS0 speed '115200'
diff --git a/smoketest/configs/rpki-only b/smoketest/configs/rpki-only
index 0f89b9a1b..98e9892ad 100644
--- a/smoketest/configs/rpki-only
+++ b/smoketest/configs/rpki-only
@@ -3,11 +3,62 @@ interfaces {
duplex auto
speed auto
address 192.0.2.1/24
+ address 2001:db8::1/64
}
loopback lo {
}
}
+policy {
+ route-map ROUTES-IN {
+ rule 10 {
+ action permit
+ match {
+ rpki valid
+ }
+ set {
+ local-preference 300
+ }
+ }
+ rule 20 {
+ action permit
+ match {
+ rpki notfound
+ }
+ set {
+ local-preference 125
+ }
+ }
+ rule 30 {
+ action deny
+ match {
+ rpki invalid
+ }
+ }
+ }
+}
protocols {
+ bgp 100 {
+ neighbor 192.0.2.200 {
+ address-family {
+ ipv4-unicast {
+ route-map {
+ import ROUTES-IN
+ }
+ }
+ }
+ remote-as 200
+ }
+ neighbor 2001:db8::200 {
+ address-family {
+ ipv6-unicast {
+ route-map {
+ import ROUTES-IN
+ }
+ }
+ }
+ remote-as 200
+ }
+ }
rpki {
cache 1.2.3.4 {
port 3323