From b7825f1f2b9b3ff7d25e8e072d60db7b70fa250a Mon Sep 17 00:00:00 2001 From: Nicolas Fort Date: Fri, 28 Jul 2023 20:29:01 +0000 Subject: T5014: nat: add source and destination nat options for configuring load balance within a single rule. --- smoketest/scripts/cli/test_nat.py | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) (limited to 'smoketest/scripts/cli') diff --git a/smoketest/scripts/cli/test_nat.py b/smoketest/scripts/cli/test_nat.py index 02fa03f7b..673be9905 100755 --- a/smoketest/scripts/cli/test_nat.py +++ b/smoketest/scripts/cli/test_nat.py @@ -231,5 +231,42 @@ class TestNAT(VyOSUnitTestSHIM.TestCase): self.verify_nftables(nftables_search, 'ip vyos_static_nat') + def test_nat_balance(self): + ifname = 'eth0' + member_1 = '198.51.100.1' + weight_1 = '10' + member_2 = '198.51.100.2' + weight_2 = '90' + member_3 = '192.0.2.1' + weight_3 = '35' + member_4 = '192.0.2.2' + weight_4 = '65' + dst_port = '443' + + self.cli_set(dst_path + ['rule', '1', 'inbound-interface', ifname]) + self.cli_set(dst_path + ['rule', '1', 'protocol', 'tcp']) + self.cli_set(dst_path + ['rule', '1', 'destination', 'port', dst_port]) + self.cli_set(dst_path + ['rule', '1', 'balance', 'hash', 'source-address']) + self.cli_set(dst_path + ['rule', '1', 'balance', 'hash', 'source-port']) + self.cli_set(dst_path + ['rule', '1', 'balance', 'hash', 'destination-address']) + self.cli_set(dst_path + ['rule', '1', 'balance', 'hash', 'destination-port']) + self.cli_set(dst_path + ['rule', '1', 'balance', 'member', member_1, 'weight', weight_1]) + self.cli_set(dst_path + ['rule', '1', 'balance', 'member', member_2, 'weight', weight_2]) + + self.cli_set(src_path + ['rule', '1', 'outbound-interface', ifname]) + self.cli_set(src_path + ['rule', '1', 'balance', 'hash', 'random']) + self.cli_set(src_path + ['rule', '1', 'balance', 'member', member_3, 'weight', weight_3]) + self.cli_set(src_path + ['rule', '1', 'balance', 'member', member_4, 'weight', weight_4]) + + self.cli_commit() + + nftables_search = [ + [f'iifname "{ifname}"', f'tcp dport {dst_port}', f'dnat to jhash ip saddr . tcp sport . ip daddr . tcp dport mod 100 map', f'0-9 : {member_1}, 10-99 : {member_2}'], + [f'oifname "{ifname}"', f'snat to numgen random mod 100 map', f'0-34 : {member_3}, 35-99 : {member_4}'] + ] + + self.verify_nftables(nftables_search, 'ip vyos_nat') + + if __name__ == '__main__': unittest.main(verbosity=2) -- cgit v1.2.3