test_vxlan_under_vrf.sh (5607B)
1#!/bin/bash 2# SPDX-License-Identifier: GPL-2.0 3 4# This test is for checking VXLAN underlay in a non-default VRF. 5# 6# It simulates two hypervisors running a VM each using four network namespaces: 7# two for the HVs, two for the VMs. 8# A small VXLAN tunnel is made between the two hypervisors to have the two vms 9# in the same virtual L2: 10# 11# +-------------------+ +-------------------+ 12# | | | | 13# | vm-1 netns | | vm-2 netns | 14# | | | | 15# | +-------------+ | | +-------------+ | 16# | | veth-hv | | | | veth-hv | | 17# | | 10.0.0.1/24 | | | | 10.0.0.2/24 | | 18# | +-------------+ | | +-------------+ | 19# | . | | . | 20# +-------------------+ +-------------------+ 21# . . 22# . . 23# . . 24# +-----------------------------------+ +------------------------------------+ 25# | . | | . | 26# | +----------+ | | +----------+ | 27# | | veth-tap | | | | veth-tap | | 28# | +----+-----+ | | +----+-----+ | 29# | | | | | | 30# | +--+--+ +--------------+ | | +--------------+ +--+--+ | 31# | | br0 | | vrf-underlay | | | | vrf-underlay | | br0 | | 32# | +--+--+ +-------+------+ | | +------+-------+ +--+--+ | 33# | | | | | | | | 34# | +---+----+ +-------+-------+ | | +-------+-------+ +---+----+ | 35# | | vxlan0 |....| veth0 |.|...|.| veth0 |....| vxlan0 | | 36# | +--------+ | 172.16.0.1/24 | | | | 172.16.0.2/24 | +--------+ | 37# | +---------------+ | | +---------------+ | 38# | | | | 39# | hv-1 netns | | hv-2 netns | 40# | | | | 41# +-----------------------------------+ +------------------------------------+ 42# 43# This tests both the connectivity between vm-1 and vm-2, and that the underlay 44# can be moved in and out of the vrf by unsetting and setting veth0's master. 45 46set -e 47 48cleanup() { 49 ip link del veth-hv-1 2>/dev/null || true 50 ip link del veth-tap 2>/dev/null || true 51 52 for ns in hv-1 hv-2 vm-1 vm-2; do 53 ip netns del $ns 2>/dev/null || true 54 done 55} 56 57# Clean start 58cleanup &> /dev/null 59 60[[ $1 == "clean" ]] && exit 0 61 62trap cleanup EXIT 63 64# Setup "Hypervisors" simulated with netns 65ip link add veth-hv-1 type veth peer name veth-hv-2 66setup-hv-networking() { 67 hv=$1 68 69 ip netns add hv-$hv 70 ip link set veth-hv-$hv netns hv-$hv 71 ip -netns hv-$hv link set veth-hv-$hv name veth0 72 73 ip -netns hv-$hv link add vrf-underlay type vrf table 1 74 ip -netns hv-$hv link set vrf-underlay up 75 ip -netns hv-$hv addr add 172.16.0.$hv/24 dev veth0 76 ip -netns hv-$hv link set veth0 up 77 78 ip -netns hv-$hv link add br0 type bridge 79 ip -netns hv-$hv link set br0 up 80 81 ip -netns hv-$hv link add vxlan0 type vxlan id 10 local 172.16.0.$hv dev veth0 dstport 4789 82 ip -netns hv-$hv link set vxlan0 master br0 83 ip -netns hv-$hv link set vxlan0 up 84} 85setup-hv-networking 1 86setup-hv-networking 2 87 88# Check connectivity between HVs by pinging hv-2 from hv-1 89echo -n "Checking HV connectivity " 90ip netns exec hv-1 ping -c 1 -W 1 172.16.0.2 &> /dev/null || (echo "[FAIL]"; false) 91echo "[ OK ]" 92 93# Setups a "VM" simulated by a netns an a veth pair 94setup-vm() { 95 id=$1 96 97 ip netns add vm-$id 98 ip link add veth-tap type veth peer name veth-hv 99 100 ip link set veth-tap netns hv-$id 101 ip -netns hv-$id link set veth-tap master br0 102 ip -netns hv-$id link set veth-tap up 103 104 ip link set veth-hv address 02:1d:8d:dd:0c:6$id 105 106 ip link set veth-hv netns vm-$id 107 ip -netns vm-$id addr add 10.0.0.$id/24 dev veth-hv 108 ip -netns vm-$id link set veth-hv up 109} 110setup-vm 1 111setup-vm 2 112 113# Setup VTEP routes to make ARP work 114bridge -netns hv-1 fdb add 00:00:00:00:00:00 dev vxlan0 dst 172.16.0.2 self permanent 115bridge -netns hv-2 fdb add 00:00:00:00:00:00 dev vxlan0 dst 172.16.0.1 self permanent 116 117echo -n "Check VM connectivity through VXLAN (underlay in the default VRF) " 118ip netns exec vm-1 ping -c 1 -W 1 10.0.0.2 &> /dev/null || (echo "[FAIL]"; false) 119echo "[ OK ]" 120 121# Move the underlay to a non-default VRF 122ip -netns hv-1 link set veth0 vrf vrf-underlay 123ip -netns hv-1 link set vxlan0 down 124ip -netns hv-1 link set vxlan0 up 125ip -netns hv-2 link set veth0 vrf vrf-underlay 126ip -netns hv-2 link set vxlan0 down 127ip -netns hv-2 link set vxlan0 up 128 129echo -n "Check VM connectivity through VXLAN (underlay in a VRF) " 130ip netns exec vm-1 ping -c 1 -W 1 10.0.0.2 &> /dev/null || (echo "[FAIL]"; false) 131echo "[ OK ]"