Skip to content

Add script for testing BGP allow list#2572

Merged
wangxin merged 1 commit intosonic-net:masterfrom
wangxin:bgp_allow_list
Nov 25, 2020
Merged

Add script for testing BGP allow list#2572
wangxin merged 1 commit intosonic-net:masterfrom
wangxin:bgp_allow_list

Conversation

@wangxin
Copy link
Collaborator

@wangxin wangxin commented Nov 23, 2020
edited
Loading

Description of PR

Summary:
Fixes # (issue)

Add script for testing BGP allow list.

This change is dependent on the changes to tests/common/devices.py in PR #2538:

Type of change

  • Bug fix
  • Testbed and Framework(new/improvement)
  • Test case(new/improvement)

Approach

What is the motivation for this PR?

The BGP allow list feature was introduced in SONiC. This PR is to add a script for testing the BGP allow list feature.

How did you do it?

Add a new script for testing BGP allow list. Covered scenarios:

  • Ensure that constants.bgp.allow_list.default_action is "permit". No BGP allow list is configured.

    • Announce routes with and without test community '1010:1010' to the first T0 VM by exabgp.
    • Check routes on the first T0 VM. All the routes should be successfully injected.
    • Check routes on DUT. All the routes should be accepted by DUT.
    • Check routes on other T0 and T2 VMs. All the routes should be advertised by DUT. The drop_community defined in /etc/sonic/constants.yml should be added to all routes. The original community of routes should be kept.

  • Ensure that constants.bgp.allow_list.default_action is "permit". BGP allow list is configured.

    • Announce routes with and without test community '1010:1010' to the first T0 VM by exabgp.
    • Check routes on the first T0 VM. All the routes should be successfully injected.
    • Check routes on DUT. All the routes should be accepted by DUT.
    • Check routes on other T0 and T2 VMs. All the routes should be advertised by DUT. The drop_community should only be added to routes not on allow list. The original community of routes should be kept.

  • Ensure that constants.bgp.allow_list.default_action is "deny". No BGP allow list is configured.

    • Announce routes with and without test community '1010:1010' to the first T0 VM by exabgp.
    • Check routes on the first T0 VM. All the routes should be successfully injected.
    • Check routes on DUT. All the routes should be accepted by DUT.
    • Check routes on other T0 and T2 VMs. No routes should be advertised by DUT.

  • Ensure that constants.bgp.allow_list.default_action is "deny". BGP allow list is configured.

    • Announce routes with and without test community '1010:1010' to the first T0 VM by exabgp.
    • Check routes on the first T0 VM. All the routes should be successfully injected.
    • Check routes on DUT. All the routes should be accepted by DUT.
    • Check routes on other T0 and T2 VMs. Only the routes on allow list should be advertised by DUT. No drop_community should be added to advertised routes. The original community of routes should be kept.

Relevant change: sonic-net/sonic-buildimage#5309

How did you verify/test it?

Run the test script using latest master image.

Currently some test cases can't pass because of issue: sonic-net/sonic-buildimage#6001

If add on-match next to /usr/share/sonic/templates/bgpd/templates/general/policies.conf.j2 and restart bgp service, then all the cases can pass:

route-map FROM_BGP_PEER_V6 permit 1
 on-match next
 set ipv6 next-hop prefer-global

Any platform specific information?

No

Supported testbed topology if it's a new test case?

This test only supports topology type t1.

Documentation

@wangxin
Add script for testing BGP allow list
5bc668e 
This change is to cover the BGP allow list test.

Signed-off-by: Xin Wang <[email protected]>
@wangxin wangxin requested review from a team and pavel-shirshov November 23, 2020 08:33
pavel-shirshov
pavel-shirshov approved these changes Nov 24, 2020
View reviewed changes
Copy link
Contributor

@pavel-shirshov pavel-shirshov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@wangxin wangxin merged commit f9ada0d into sonic-net:master Nov 25, 2020
@wangxin wangxin deleted the bgp_allow_list branch November 30, 2020 09:57
kazinator-arista pushed a commit to kazinator-arista/sonic-mgmt that referenced this pull request Mar 4, 2026
@dprital
[202205][submodule] Advance sonic-utilities pointer (sonic-net#13176)
f91cc17 
Update sonic-utilities submodule pointer to include the following:

3bc2bc6 [Mellanox][202205] Change severity to NOTICE in Mellanox buffer migrator when unable to fetch DEVICE_METADATA due to empty CONFIG_DB during initialization (sonic-net#2570)
e1c8243 [202205][generate_dump] Fix for a deletion flow for all secret files in the techsupport dump (sonic-net#2572)
9f2984a [202205] Fix issue: unconfigured PGs are displayed in watermarkstat (sonic-net#2568)
f7988b0 [202205] [timer.unit.j2] use wanted-by in timer unit (sonic-net#2561)
f45dcfb [generate_dump] Optimize the execution time of 'show techsupport' CLI by paraller function execution (sonic-net#2565)
67cbb15 [202205]Fixes 12170: Delete subinterface and recreate the subinterface in default-vrf (sonic-net#2564)
93172c4 [202205] [generate_dump] Optimize the execution time of the 'show techsupport' script to 5-10% by reducing calls to the 'tar append' operation (sonic-net#2562)

Signed-off-by: dprital <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@pavel-shirshov pavel-shirshov pavel-shirshov approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@wangxin @pavel-shirshov