diff --git a/controlplane/controller/internal/controller/fixtures/base.config.txt b/controlplane/controller/internal/controller/fixtures/base.config.txt new file mode 100644 index 000000000..2e1d7e2ef --- /dev/null +++ b/controlplane/controller/internal/controller/fixtures/base.config.txt @@ -0,0 +1,102 @@ +! +ip multicast-routing +! +router pim sparse-mode + ipv4 + rp address 10.0.0.0 239.0.0.0/24 override +! +vrf instance vrf1 +ip routing vrf vrf1 +! +hardware access-list update default-result permit +! +no ip access-list MAIN-CONTROL-PLANE-ACL +ip access-list MAIN-CONTROL-PLANE-ACL + counters per-entry + 10 permit icmp any any + 20 permit ip any any tracked + 30 permit udp any any eq bfd ttl eq 255 + 40 permit udp any any eq bfd-echo ttl eq 254 + 50 permit udp any any eq multihop-bfd micro-bfd sbfd + 60 permit udp any eq sbfd any eq sbfd-initiator + 70 permit ospf any any + 80 permit tcp any any eq ssh telnet www snmp bgp https msdp ldp netconf-ssh gnmi + 90 permit udp any any eq bootps bootpc snmp rip ntp ldp ptp-event ptp-general + 100 permit tcp any any eq mlag ttl eq 255 + 110 permit udp any any eq mlag ttl eq 255 + 120 permit vrrp any any + 130 permit ahp any any + 140 permit pim any any + 150 permit igmp any any + 160 permit tcp any any range 5900 5910 + 170 permit tcp any any range 50000 50100 + 180 permit udp any any range 51000 51100 + 190 permit tcp any any eq 3333 + 200 permit tcp any any eq nat ttl eq 255 + 210 permit tcp any eq bgp any + 220 permit rsvp any any + 230 permit tcp any any eq 9340 + 240 permit tcp any any eq 9559 + 250 permit udp any any eq 8503 + 260 permit udp any any eq lsp-ping + 270 permit udp any eq lsp-ping any + + 280 remark Permit TWAMP (UDP 862) + 290 permit udp any any eq 862 +! +system control-plane + ip access-group MAIN-CONTROL-PLANE-ACL in +! +router bgp 65342 + router-id 14.14.14.14 + no neighbor 12.12.12.12 + neighbor 12.12.12.12 remote-as 65342 + neighbor 12.12.12.12 next-hop-self + neighbor 12.12.12.12 update-source Loopback256 + neighbor 12.12.12.12 description remote-dzd-ipv4 + neighbor 12.12.12.12 send-community + no neighbor 15.15.15.15 + neighbor 15.15.15.15 remote-as 65342 + neighbor 15.15.15.15 next-hop-self + neighbor 15.15.15.15 update-source Loopback255 + neighbor 15.15.15.15 description remote-dzd-vpnv4 + neighbor 15.15.15.15 send-community + address-family ipv4 + neighbor 12.12.12.12 activate + no neighbor 15.15.15.15 activate + ! + address-family vpn-ipv4 + neighbor 15.15.15.15 activate + ! + vrf vrf1 + rd 65342:1 + route-target import vpn-ipv4 65342:1 + route-target export vpn-ipv4 65342:1 + router-id 7.7.7.7 +! +ip community-list COMM-ALL_USERS permit 21682:1200 +ip community-list COMM-ALL_MCAST_USERS permit 21682:1300 +! +no ip access-list SEC-USER-PUB-MCAST-IN +ip access-list SEC-USER-PUB-MCAST-IN + counters per-entry + permit icmp any any + permit tcp any any eq bgp + permit ip any 224.0.0.13/32 + permit ip any 239.0.0.0/24 + deny ip any any +! +no ip access-list SEC-USER-SUB-MCAST-IN +ip access-list SEC-USER-SUB-MCAST-IN + counters per-entry + permit icmp any any + permit tcp any any eq bgp + permit ip any 224.0.0.13/32 + deny ip any any +! +no router msdp +router msdp + peer 12.12.12.12 + mesh-group DZ-1 + local-interface Loopback256 + description remote-dzd diff --git a/controlplane/controller/internal/controller/fixtures/e2e.last.user.txt b/controlplane/controller/internal/controller/fixtures/e2e.last.user.txt index 72193d8f3..74d49bddc 100644 --- a/controlplane/controller/internal/controller/fixtures/e2e.last.user.txt +++ b/controlplane/controller/internal/controller/fixtures/e2e.last.user.txt @@ -176,14 +176,21 @@ default interface Tunnel562 default interface Tunnel563 ! router bgp 65342 + router-id 14.14.14.14 address-family ipv4 - no neighbor 169.254.0.13 + no neighbor 172.16.0.1 + no neighbor 169.254.0.13 + ! + address-family vpn-ipv4 + no neighbor 172.16.0.1 + no neighbor 169.254.0.13 ! vrf vrf1 rd 65342:1 route-target import vpn-ipv4 65342:1 route-target export vpn-ipv4 65342:1 router-id 2.2.2.2 + no neighbor 172.16.0.1 no neighbor 169.254.0.13 ! ip community-list COMM-ALL_USERS permit 21682:1200 diff --git a/controlplane/controller/internal/controller/fixtures/e2e.peer.removal.txt b/controlplane/controller/internal/controller/fixtures/e2e.peer.removal.txt index 70f38b515..651fd6de7 100644 --- a/controlplane/controller/internal/controller/fixtures/e2e.peer.removal.txt +++ b/controlplane/controller/internal/controller/fixtures/e2e.peer.removal.txt @@ -201,6 +201,7 @@ default interface Tunnel562 default interface Tunnel563 ! router bgp 65342 + router-id 14.14.14.14 no neighbor 169.254.0.3 neighbor 169.254.0.3 remote-as 65000 neighbor 169.254.0.3 passive @@ -211,7 +212,12 @@ router bgp 65342 neighbor 169.254.0.3 maximum-accepted-routes 1 address-family ipv4 neighbor 169.254.0.3 activate - no neighbor 169.254.0.7 + no neighbor 172.16.0.1 + no neighbor 169.254.0.7 + ! + address-family vpn-ipv4 + no neighbor 172.16.0.1 + no neighbor 169.254.0.7 ! vrf vrf1 rd 65342:1 @@ -226,6 +232,7 @@ router bgp 65342 neighbor 169.254.0.1 route-map RM-USER-500-OUT out neighbor 169.254.0.1 maximum-routes 1 neighbor 169.254.0.1 maximum-accepted-routes 1 + no neighbor 172.16.0.1 no neighbor 169.254.0.7 ! ip community-list COMM-ALL_USERS permit 21682:1200 diff --git a/controlplane/controller/internal/controller/fixtures/e2e.txt b/controlplane/controller/internal/controller/fixtures/e2e.txt index 56e4f55a5..dd5bb1618 100644 --- a/controlplane/controller/internal/controller/fixtures/e2e.txt +++ b/controlplane/controller/internal/controller/fixtures/e2e.txt @@ -201,6 +201,7 @@ default interface Tunnel562 default interface Tunnel563 ! router bgp 65342 + router-id 14.14.14.14 no neighbor 169.254.0.3 neighbor 169.254.0.3 remote-as 65000 neighbor 169.254.0.3 passive @@ -212,6 +213,8 @@ router bgp 65342 address-family ipv4 neighbor 169.254.0.3 activate ! + address-family vpn-ipv4 + ! vrf vrf1 rd 65342:1 route-target import vpn-ipv4 65342:1 diff --git a/controlplane/controller/internal/controller/fixtures/mixed.tunnel.txt b/controlplane/controller/internal/controller/fixtures/mixed.tunnel.txt index a60337846..504598394 100644 --- a/controlplane/controller/internal/controller/fixtures/mixed.tunnel.txt +++ b/controlplane/controller/internal/controller/fixtures/mixed.tunnel.txt @@ -111,6 +111,7 @@ interface Tunnel503 no shutdown ! router bgp 65342 + router-id 14.14.14.14 no neighbor 169.254.0.1 neighbor 169.254.0.1 remote-as 65000 neighbor 169.254.0.1 passive @@ -140,6 +141,8 @@ router bgp 65342 neighbor 169.254.0.5 activate neighbor 169.254.0.7 activate ! + address-family vpn-ipv4 + ! vrf vrf1 rd 65342:1 route-target import vpn-ipv4 65342:1 diff --git a/controlplane/controller/internal/controller/fixtures/multicast.tunnel.txt b/controlplane/controller/internal/controller/fixtures/multicast.tunnel.txt index ce63e6f9c..b5469259c 100644 --- a/controlplane/controller/internal/controller/fixtures/multicast.tunnel.txt +++ b/controlplane/controller/internal/controller/fixtures/multicast.tunnel.txt @@ -98,6 +98,7 @@ interface Tunnel502 no shutdown ! router bgp 65342 + router-id 14.14.14.14 no neighbor 169.254.0.1 neighbor 169.254.0.1 remote-as 65000 neighbor 169.254.0.1 passive @@ -127,6 +128,8 @@ router bgp 65342 neighbor 169.254.0.3 activate neighbor 169.254.0.5 activate ! + address-family vpn-ipv4 + ! vrf vrf1 rd 65342:1 route-target import vpn-ipv4 65342:1 diff --git a/controlplane/controller/internal/controller/fixtures/nohardware.tunnel.txt b/controlplane/controller/internal/controller/fixtures/nohardware.tunnel.txt index 977e09891..b0d5c634a 100644 --- a/controlplane/controller/internal/controller/fixtures/nohardware.tunnel.txt +++ b/controlplane/controller/internal/controller/fixtures/nohardware.tunnel.txt @@ -106,6 +106,7 @@ interface Tunnel503 no shutdown ! router bgp 65342 + router-id 14.14.14.14 no neighbor 169.254.0.1 neighbor 169.254.0.1 remote-as 65000 neighbor 169.254.0.1 passive @@ -135,6 +136,8 @@ router bgp 65342 neighbor 169.254.0.5 activate neighbor 169.254.0.7 activate ! + address-family vpn-ipv4 + ! vrf vrf1 rd 65342:1 route-target import vpn-ipv4 65342:1 diff --git a/controlplane/controller/internal/controller/fixtures/unicast.tunnel.txt b/controlplane/controller/internal/controller/fixtures/unicast.tunnel.txt index 8970c0bbc..b02ca6e25 100644 --- a/controlplane/controller/internal/controller/fixtures/unicast.tunnel.txt +++ b/controlplane/controller/internal/controller/fixtures/unicast.tunnel.txt @@ -87,8 +87,11 @@ interface Tunnel502 no shutdown ! router bgp 65342 + router-id 14.14.14.14 address-family ipv4 ! + address-family vpn-ipv4 + ! vrf vrf1 rd 65342:1 route-target import vpn-ipv4 65342:1 diff --git a/controlplane/controller/internal/controller/fixtures/unknown.peer.removal.txt b/controlplane/controller/internal/controller/fixtures/unknown.peer.removal.txt index 6b917566a..2d07a9e91 100644 --- a/controlplane/controller/internal/controller/fixtures/unknown.peer.removal.txt +++ b/controlplane/controller/internal/controller/fixtures/unknown.peer.removal.txt @@ -87,8 +87,12 @@ interface Tunnel502 no shutdown ! router bgp 65342 + router-id 14.14.14.14 address-family ipv4 - no neighbor 169.254.0.7 + no neighbor 169.254.0.7 + ! + address-family vpn-ipv4 + no neighbor 169.254.0.7 ! vrf vrf1 rd 65342:1 diff --git a/controlplane/controller/internal/controller/models.go b/controlplane/controller/internal/controller/models.go index 39b028015..b561b49a8 100644 --- a/controlplane/controller/internal/controller/models.go +++ b/controlplane/controller/internal/controller/models.go @@ -2,6 +2,8 @@ package controller import ( "net" + + "github.com/malbeclabs/doublezero/smartcontract/sdk/go/serviceability" ) var ( @@ -11,10 +13,15 @@ var ( ) type Device struct { - PubKey string - PublicIP net.IP - Tunnels []*Tunnel - TunnelSlots int + PubKey string + PublicIP net.IP + Vpn4vLoopbackIP net.IP + Ipv4LoopbackIP net.IP + Tunnels []*Tunnel + TunnelSlots int + Interfaces []serviceability.Interface + Vpn4vLoopbackIntfName string + Ipv4LoopbackIntfName string } func NewDevice(ip net.IP, publicKey string) *Device { @@ -59,8 +66,15 @@ type Tunnel struct { MulticastPublishers []net.IP } +type BgpPeer struct { + PeerIP net.IP + PeerName string +} + type templateData struct { Device *Device + Vpnv4BgpPeers []BgpPeer + Ipv4BgpPeers []BgpPeer UnknownBgpPeers []net.IP MulticastGroupBlock string NoHardware bool diff --git a/controlplane/controller/internal/controller/render_test.go b/controlplane/controller/internal/controller/render_test.go index 738e52135..2e3ad2288 100644 --- a/controlplane/controller/internal/controller/render_test.go +++ b/controlplane/controller/internal/controller/render_test.go @@ -1,11 +1,13 @@ package controller import ( + "fmt" "net" "os" "testing" "github.com/google/go-cmp/cmp" + "github.com/malbeclabs/doublezero/smartcontract/sdk/go/serviceability" ) func TestRenderConfig(t *testing.T) { @@ -22,7 +24,8 @@ func TestRenderConfig(t *testing.T) { MulticastGroupBlock: "239.0.0.0/24", TelemetryTWAMPListenPort: 862, Device: &Device{ - PublicIP: net.IP{7, 7, 7, 7}, + PublicIP: net.IP{7, 7, 7, 7}, + Vpn4vLoopbackIP: net.IP{14, 14, 14, 14}, Tunnels: []*Tunnel{ { Id: 500, @@ -53,7 +56,7 @@ func TestRenderConfig(t *testing.T) { }, }, }, - UnknownBgpPeers: []net.IP{}, + UnknownBgpPeers: nil, }, Want: "fixtures/unicast.tunnel.txt", }, @@ -64,7 +67,8 @@ func TestRenderConfig(t *testing.T) { MulticastGroupBlock: "239.0.0.0/24", TelemetryTWAMPListenPort: 862, Device: &Device{ - PublicIP: net.IP{7, 7, 7, 7}, + PublicIP: net.IP{7, 7, 7, 7}, + Vpn4vLoopbackIP: net.IP{14, 14, 14, 14}, Tunnels: []*Tunnel{ { Id: 500, @@ -108,7 +112,8 @@ func TestRenderConfig(t *testing.T) { MulticastGroupBlock: "239.0.0.0/24", TelemetryTWAMPListenPort: 862, Device: &Device{ - PublicIP: net.IP{7, 7, 7, 7}, + PublicIP: net.IP{7, 7, 7, 7}, + Vpn4vLoopbackIP: net.IP{14, 14, 14, 14}, Tunnels: []*Tunnel{ { Id: 500, @@ -183,7 +188,8 @@ func TestRenderConfig(t *testing.T) { MulticastGroupBlock: "239.0.0.0/24", TelemetryTWAMPListenPort: 862, Device: &Device{ - PublicIP: net.IP{7, 7, 7, 7}, + PublicIP: net.IP{7, 7, 7, 7}, + Vpn4vLoopbackIP: net.IP{14, 14, 14, 14}, Tunnels: []*Tunnel{ { Id: 500, @@ -270,7 +276,8 @@ func TestRenderConfig(t *testing.T) { MulticastGroupBlock: "239.0.0.0/24", TelemetryTWAMPListenPort: 862, Device: &Device{ - PublicIP: net.IP{7, 7, 7, 7}, + PublicIP: net.IP{7, 7, 7, 7}, + Vpn4vLoopbackIP: net.IP{14, 14, 14, 14}, Tunnels: []*Tunnel{ { Id: 500, @@ -349,6 +356,44 @@ func TestRenderConfig(t *testing.T) { }, Want: "fixtures/nohardware.tunnel.txt", }, + { + Name: "render_base_config_successfully", + Description: "render base device config without tunnels", + Data: templateData{ + MulticastGroupBlock: "239.0.0.0/24", + TelemetryTWAMPListenPort: 862, + Device: &Device{ + PublicIP: net.IP{7, 7, 7, 7}, + Vpn4vLoopbackIP: net.IP{14, 14, 14, 14}, + Ipv4LoopbackIP: net.IP{13, 13, 13, 13}, + Interfaces: []serviceability.Interface{ + { + Version: serviceability.CurrentInterfaceVersion, + Name: "Loopback255", + InterfaceType: serviceability.InterfaceTypeLoopback, + LoopbackType: serviceability.LoopbackTypeVpnv4, + IpNet: [5]uint8{14, 14, 14, 14, 32}, + NodeSegmentIdx: 15, + }, + }, + Vpn4vLoopbackIntfName: "Loopback255", + Ipv4LoopbackIntfName: "Loopback256", + }, + Vpnv4BgpPeers: []BgpPeer{ + { + PeerIP: net.IP{15, 15, 15, 15}, + PeerName: "remote-dzd", + }, + }, + Ipv4BgpPeers: []BgpPeer{ + { + PeerIP: net.IP{12, 12, 12, 12}, + PeerName: "remote-dzd", + }, + }, + }, + Want: "fixtures/base.config.txt", + }, } for _, test := range tests { @@ -362,7 +407,10 @@ func TestRenderConfig(t *testing.T) { t.Fatalf("error reading test fixture %s: %v", test.Want, err) } if diff := cmp.Diff(string(want), got); diff != "" { - t.Errorf("renderTunnels mismatch (-want +got): %s\n", diff) + t.Errorf("renderTunnels mismatch (-want +got):\n%s", diff) + // Print the actual strings for debugging + fmt.Printf("\n=== EXPECTED ===\n%s\n=== END EXPECTED ===\n", string(want)) + fmt.Printf("\n=== ACTUAL ===\n%s\n=== END ACTUAL ===\n", got) } }) } diff --git a/controlplane/controller/internal/controller/server.go b/controlplane/controller/internal/controller/server.go index 0145447a3..9a0a8d1be 100644 --- a/controlplane/controller/internal/controller/server.go +++ b/controlplane/controller/internal/controller/server.go @@ -31,6 +31,8 @@ type stateCache struct { Config serviceability.Config Devices map[string]*Device MulticastGroups map[string]serviceability.MulticastGroup + Vpnv4BgpPeers []BgpPeer + Ipv4BgpPeers []BgpPeer } type Controller struct { @@ -154,7 +156,50 @@ func (c *Controller) updateStateCache(ctx context.Context) error { continue } devicePubKey := base58.Encode(device.PubKey[:]) - cache.Devices[devicePubKey] = NewDevice(ip, devicePubKey) + d := NewDevice(ip, devicePubKey) + + d.Interfaces = device.Interfaces + + // Build list of peers from device interfaces + for _, iface := range device.Interfaces { + if iface.InterfaceType == serviceability.InterfaceTypeLoopback && + iface.LoopbackType == serviceability.LoopbackTypeVpnv4 { + // Extract IP from IpNet + ip := net.IP(iface.IpNet[:4]) + d.Vpn4vLoopbackIP = ip // Used to set router-id + d.Vpn4vLoopbackIntfName = iface.Name + // TODO: raise an error if the IP is 0.0.0.0 (not set) + peer := BgpPeer{ + PeerIP: ip, + PeerName: device.Code, + } + cache.Vpnv4BgpPeers = append(cache.Vpnv4BgpPeers, peer) + } else if iface.InterfaceType == serviceability.InterfaceTypeLoopback && + iface.LoopbackType == serviceability.LoopbackTypeIpv4 { + // Extract IP from IpNet + ip := net.IP(iface.IpNet[:4]) + d.Ipv4LoopbackIP = ip // Used to set router-id + d.Ipv4LoopbackIntfName = iface.Name + // TODO: raise an error if the IP is 0.0.0.0 (not set) + peer := BgpPeer{ + PeerIP: ip, + PeerName: device.Code, + } + cache.Ipv4BgpPeers = append(cache.Ipv4BgpPeers, peer) + } + } + + if d.Vpn4vLoopbackIP == nil { + slog.Error("not adding device to cache", "device pubkey", devicePubKey, "reason", "no VPNv4 loopback interface found for device") + continue + } + + if d.Ipv4LoopbackIP == nil { + slog.Error("not adding device to cache", "device pubkey", devicePubKey, "reason", "no IPv4 loopback interface found for device") + continue + } + + cache.Devices[devicePubKey] = d } // Build cache of multicast groups. @@ -343,6 +388,16 @@ func (c *Controller) GetConfig(ctx context.Context, req *pb.ConfigRequest) (*pb. return true } } + for _, bgpPeer := range c.cache.Vpnv4BgpPeers { // TODO: write a test that proves we don't remove ipv4/vpnv4 BGP peers + if bgpPeer.PeerIP.Equal(peer) { + return true + } + } + for _, bgpPeer := range c.cache.Ipv4BgpPeers { + if bgpPeer.PeerIP.Equal(peer) { + return true + } + } return false } @@ -350,13 +405,15 @@ func (c *Controller) GetConfig(ctx context.Context, req *pb.ConfigRequest) (*pb. for _, peer := range req.GetBgpPeers() { ip := net.ParseIP(peer) if ip == nil { - slog.Error("malformed peer ip", "peer", peer) continue } - if !ip.IsLinkLocalUnicast() || peerFound(ip) { + if peerFound(ip) { continue } - unknownPeers = append(unknownPeers, ip) + // Only remove peers with addresses that DZ has assigned. This will avoid removal of contributor-configured peers like DIA. + if isIPInBlock(ip, c.cache.Config.UserTunnelBlock) || isIPInBlock(ip, c.cache.Config.TunnelTunnelBlock) { + unknownPeers = append(unknownPeers, ip) + } } if len(unknownPeers) != 0 { @@ -365,9 +422,21 @@ func (c *Controller) GetConfig(ctx context.Context, req *pb.ConfigRequest) (*pb. multicastGroupBlock := formatCIDR(&c.cache.Config.MulticastGroupBlock) + // This check avoids the situation where the template produces the following useless output, which happens in any test case with a single DZD. + // ``` + // no router msdp + // router msdp + // ``` + ipv4Peers := c.cache.Ipv4BgpPeers + if len(ipv4Peers) == 1 && ipv4Peers[0].PeerIP.Equal(device.Ipv4LoopbackIP) { + ipv4Peers = nil + } + data := templateData{ MulticastGroupBlock: multicastGroupBlock, Device: device, + Vpnv4BgpPeers: c.cache.Vpnv4BgpPeers, + Ipv4BgpPeers: ipv4Peers, UnknownBgpPeers: unknownPeers, NoHardware: c.noHardware, TelemetryTWAMPListenPort: telemetryconfig.TWAMPListenPort, @@ -388,3 +457,11 @@ func formatCIDR(b *[5]byte) string { mask := net.CIDRMask(int(b[4]), 32) return (&net.IPNet{IP: ip, Mask: mask}).String() } + +// isIPInBlock checks if an IP address is within a 5-byte network block +func isIPInBlock(ip net.IP, block [5]uint8) bool { + network := net.IPv4(block[0], block[1], block[2], block[3]) + mask := net.CIDRMask(int(block[4]), 32) + ipNet := &net.IPNet{IP: network, Mask: mask} + return ipNet.Contains(ip) +} diff --git a/controlplane/controller/internal/controller/server_test.go b/controlplane/controller/internal/controller/server_test.go index 077e13fd9..019c82372 100644 --- a/controlplane/controller/internal/controller/server_test.go +++ b/controlplane/controller/internal/controller/server_test.go @@ -65,7 +65,8 @@ func TestGetConfig(t *testing.T) { Allocated: true, }, }, - PublicIP: net.IP{7, 7, 7, 7}, + PublicIP: net.IP{7, 7, 7, 7}, + Vpn4vLoopbackIP: net.IP{14, 14, 14, 14}, }, }, }, @@ -143,7 +144,8 @@ func TestGetConfig(t *testing.T) { }, }, }, - PublicIP: net.IP{7, 7, 7, 7}, + PublicIP: net.IP{7, 7, 7, 7}, + Vpn4vLoopbackIP: net.IP{14, 14, 14, 14}, }, }, }, @@ -232,7 +234,8 @@ func TestGetConfig(t *testing.T) { }, }, }, - PublicIP: net.IP{7, 7, 7, 7}, + PublicIP: net.IP{7, 7, 7, 7}, + Vpn4vLoopbackIP: net.IP{14, 14, 14, 14}, }, }, }, @@ -322,13 +325,48 @@ func TestGetConfig(t *testing.T) { }, }, }, - PublicIP: net.IP{7, 7, 7, 7}, + PublicIP: net.IP{7, 7, 7, 7}, + Vpn4vLoopbackIP: net.IP{14, 14, 14, 14}, }, }, }, Pubkey: "abc123", Want: "fixtures/nohardware.tunnel.txt", }, + { + Name: "render_base_config_successfully", + Description: "render base configuration with BGP peers", + StateCache: stateCache{ + Config: serviceability.Config{ + MulticastGroupBlock: [5]uint8{239, 0, 0, 0, 24}, + }, + Vpnv4BgpPeers: []BgpPeer{ + { + PeerIP: net.IP{15, 15, 15, 15}, + PeerName: "remote-dzd", + }, + }, + Ipv4BgpPeers: []BgpPeer{ + { + PeerIP: net.IP{12, 12, 12, 12}, + PeerName: "remote-dzd", + }, + }, + Devices: map[string]*Device{ + "abc123": { + PublicIP: net.IP{7, 7, 7, 7}, + Vpn4vLoopbackIP: net.IP{14, 14, 14, 14}, + Ipv4LoopbackIP: net.IP{13, 13, 13, 13}, + Vpn4vLoopbackIntfName: "Loopback255", + Ipv4LoopbackIntfName: "Loopback256", + Tunnels: []*Tunnel{}, + TunnelSlots: 0, + }, + }, + }, + Pubkey: "abc123", + Want: "fixtures/base.config.txt", + }, } for _, test := range tests { @@ -451,9 +489,23 @@ func TestStateCache(t *testing.T) { ExchangePubKey: [32]uint8{}, DeviceType: 0, PublicIp: [4]uint8{2, 2, 2, 2}, - Status: serviceability.DeviceStatusActivated, - Code: "abc01", - PubKey: [32]byte{1}, + Interfaces: []serviceability.Interface{ + { + InterfaceType: serviceability.InterfaceTypeLoopback, + LoopbackType: serviceability.LoopbackTypeVpnv4, + IpNet: [5]uint8{14, 14, 14, 14, 32}, + Name: "Loopback255", + }, + { + InterfaceType: serviceability.InterfaceTypeLoopback, + LoopbackType: serviceability.LoopbackTypeIpv4, + IpNet: [5]uint8{12, 12, 12, 12, 32}, + Name: "Loopback256", + }, + }, + Status: serviceability.DeviceStatusActivated, + Code: "abc01", + PubKey: [32]byte{1}, }, }, StateCache: stateCache{ @@ -470,10 +522,24 @@ func TestStateCache(t *testing.T) { }, }, }, + Vpnv4BgpPeers: []BgpPeer{ + { + PeerIP: net.IP{14, 14, 14, 14}, + PeerName: "abc01", + }, + }, + Ipv4BgpPeers: []BgpPeer{ + { + PeerIP: net.IP{12, 12, 12, 12}, + PeerName: "abc01", + }, + }, Devices: map[string]*Device{ "4uQeVj5tqViQh7yWWGStvkEG1Zmhx6uasJtWCJziofM": { - PubKey: "4uQeVj5tqViQh7yWWGStvkEG1Zmhx6uasJtWCJziofM", - PublicIP: net.IP{2, 2, 2, 2}, + PubKey: "4uQeVj5tqViQh7yWWGStvkEG1Zmhx6uasJtWCJziofM", + PublicIP: net.IP{2, 2, 2, 2}, + Vpn4vLoopbackIP: net.IP{14, 14, 14, 14}, + Ipv4LoopbackIP: net.IP{12, 12, 12, 12}, Tunnels: []*Tunnel{ { Id: 500, @@ -566,15 +632,73 @@ func TestStateCache(t *testing.T) { {Id: 563}, }, TunnelSlots: 64, + Interfaces: []serviceability.Interface{ + { + InterfaceType: serviceability.InterfaceTypeLoopback, + LoopbackType: serviceability.LoopbackTypeVpnv4, + IpNet: [5]uint8{14, 14, 14, 14, 32}, + Name: "Loopback255", + }, + { + InterfaceType: serviceability.InterfaceTypeLoopback, + LoopbackType: serviceability.LoopbackTypeIpv4, + IpNet: [5]uint8{12, 12, 12, 12, 32}, + Name: "Loopback256", + }, + }, + Vpn4vLoopbackIntfName: "Loopback255", + Ipv4LoopbackIntfName: "Loopback256", }, }, }, }, + { + Name: "exclude_device_without_vpnv4_loopback", + Config: serviceability.Config{ + MulticastGroupBlock: [5]uint8{239, 0, 0, 0, 24}, + }, + Users: []serviceability.User{ + { + AccountType: serviceability.AccountType(0), + Owner: [32]uint8{}, + UserType: serviceability.UserUserType(serviceability.UserTypeIBRL), + DevicePubKey: [32]uint8{1}, + CyoaType: serviceability.CyoaTypeGREOverDIA, + ClientIp: [4]uint8{1, 1, 1, 1}, + DzIp: [4]uint8{100, 100, 100, 100}, + TunnelId: uint16(500), + TunnelNet: [5]uint8{10, 1, 1, 0, 31}, + Status: serviceability.UserStatusActivated, + }, + }, + Devices: []serviceability.Device{ + { + AccountType: serviceability.AccountType(0), + Owner: [32]uint8{}, + LocationPubKey: [32]uint8{}, + ExchangePubKey: [32]uint8{}, + DeviceType: 0, + PublicIp: [4]uint8{3, 3, 3, 3}, + Interfaces: []serviceability.Interface{}, // No VPNv4 loopback interface + Status: serviceability.DeviceStatusActivated, + Code: "abc02", + PubKey: [32]byte{1}, + }, + }, + StateCache: stateCache{ + Config: serviceability.Config{ + MulticastGroupBlock: [5]uint8{239, 0, 0, 0, 24}, + }, + MulticastGroups: map[string]serviceability.MulticastGroup{}, + Vpnv4BgpPeers: nil, // No BGP peers since device is excluded + Devices: map[string]*Device{}, // Device should not be in cache + }, + }, } for _, test := range tests { t.Run(test.Name, func(t *testing.T) { - lis, err := net.Listen("tcp", net.JoinHostPort("localhost", "7004")) + lis, err := net.Listen("tcp", "localhost:0") if err != nil { log.Fatalf("failed to listen: %v", err) } @@ -717,9 +841,23 @@ func TestEndToEnd(t *testing.T) { ExchangePubKey: [32]uint8{}, DeviceType: 0, PublicIp: [4]uint8{2, 2, 2, 2}, - Status: serviceability.DeviceStatusActivated, - Code: "abc01", - PubKey: [32]byte{1}, + Interfaces: []serviceability.Interface{ + { + InterfaceType: serviceability.InterfaceTypeLoopback, + LoopbackType: serviceability.LoopbackTypeVpnv4, + IpNet: [5]uint8{14, 14, 14, 14, 32}, + Name: "Loopback255", + }, + { + InterfaceType: serviceability.InterfaceTypeLoopback, + LoopbackType: serviceability.LoopbackTypeIpv4, + IpNet: [5]uint8{12, 12, 12, 12, 32}, + Name: "Loopback256", + }, + }, + Status: serviceability.DeviceStatusActivated, + Code: "abc01", + PubKey: [32]byte{1}, }, }, AgentRequest: &pb.ConfigRequest{ @@ -732,6 +870,8 @@ func TestEndToEnd(t *testing.T) { Name: "remove_unknown_peers_successfully", Config: serviceability.Config{ MulticastGroupBlock: [5]uint8{239, 0, 0, 0, 24}, + TunnelTunnelBlock: [5]uint8{172, 16, 0, 0, 16}, + UserTunnelBlock: [5]uint8{169, 254, 0, 0, 16}, }, MulticastGroups: []serviceability.MulticastGroup{ { @@ -778,17 +918,33 @@ func TestEndToEnd(t *testing.T) { ExchangePubKey: [32]uint8{}, DeviceType: 0, PublicIp: [4]uint8{2, 2, 2, 2}, - Status: serviceability.DeviceStatusActivated, - Code: "abc01", - PubKey: [32]byte{1}, + Interfaces: []serviceability.Interface{ + { + InterfaceType: serviceability.InterfaceTypeLoopback, + LoopbackType: serviceability.LoopbackTypeVpnv4, + IpNet: [5]uint8{14, 14, 14, 14, 32}, + Name: "Loopback255", + }, + { + InterfaceType: serviceability.InterfaceTypeLoopback, + LoopbackType: serviceability.LoopbackTypeIpv4, + IpNet: [5]uint8{12, 12, 12, 12, 32}, + Name: "Loopback256", + }, + }, + Status: serviceability.DeviceStatusActivated, + Code: "abc01", + PubKey: [32]byte{1}, }, }, AgentRequest: &pb.ConfigRequest{ Pubkey: "4uQeVj5tqViQh7yWWGStvkEG1Zmhx6uasJtWCJziofM", BgpPeers: []string{ - "10.0.0.1", - "172.16.0.1", - "169.254.0.7", + "10.0.0.1", // Not in any DZ block - should not be flagged for removal + "172.17.0.1", // Not in any DZ block - should not be flagged for removal + "172.16.0.1", // In TunnelTunnelBlock - should be flagged for removal + "169.254.0.7", // In UserTunnelBlock - should be flagged for removal + "169.254.0.3", // In UserTunnelBlock, but associated with a user - should not be flagged for removal }, }, Want: "fixtures/e2e.peer.removal.txt", @@ -797,6 +953,8 @@ func TestEndToEnd(t *testing.T) { Name: "remove_last_user_from_device", Config: serviceability.Config{ MulticastGroupBlock: [5]uint8{239, 0, 0, 0, 24}, + TunnelTunnelBlock: [5]uint8{172, 16, 0, 0, 16}, + UserTunnelBlock: [5]uint8{169, 254, 0, 0, 16}, }, Users: []serviceability.User{}, Devices: []serviceability.Device{ @@ -807,9 +965,23 @@ func TestEndToEnd(t *testing.T) { ExchangePubKey: [32]uint8{}, DeviceType: 0, PublicIp: [4]uint8{2, 2, 2, 2}, - Status: serviceability.DeviceStatusActivated, - Code: "abc01", - PubKey: [32]byte{1}, + Interfaces: []serviceability.Interface{ + { + InterfaceType: serviceability.InterfaceTypeLoopback, + LoopbackType: serviceability.LoopbackTypeVpnv4, + IpNet: [5]uint8{14, 14, 14, 14, 32}, + Name: "Loopback255", + }, + { + InterfaceType: serviceability.InterfaceTypeLoopback, + LoopbackType: serviceability.LoopbackTypeIpv4, + IpNet: [5]uint8{12, 12, 12, 12, 32}, + Name: "Loopback256", + }, + }, + Status: serviceability.DeviceStatusActivated, + Code: "abc01", + PubKey: [32]byte{1}, }, }, AgentRequest: &pb.ConfigRequest{ diff --git a/controlplane/controller/internal/controller/templates/tunnel.tmpl b/controlplane/controller/internal/controller/templates/tunnel.tmpl index 9d81f5ee8..1d737acf2 100644 --- a/controlplane/controller/internal/controller/templates/tunnel.tmpl +++ b/controlplane/controller/internal/controller/templates/tunnel.tmpl @@ -84,6 +84,27 @@ interface Tunnel{{ .Id }} ! {{- end }} router bgp 65342 + router-id {{ .Device.Vpn4vLoopbackIP }} + {{- range .Ipv4BgpPeers }} + {{- if ne .PeerIP.String $.Device.Ipv4LoopbackIP.String }} + no neighbor {{ .PeerIP }} + neighbor {{ .PeerIP }} remote-as 65342 + neighbor {{ .PeerIP }} next-hop-self + neighbor {{ .PeerIP }} update-source {{ $.Device.Ipv4LoopbackIntfName }} + neighbor {{ .PeerIP }} description {{ .PeerName }}-ipv4 + neighbor {{ .PeerIP }} send-community + {{- end }} + {{- end }} + {{- range .Vpnv4BgpPeers }} + {{- if ne .PeerIP.String $.Device.Vpn4vLoopbackIP.String }} + no neighbor {{ .PeerIP }} + neighbor {{ .PeerIP }} remote-as 65342 + neighbor {{ .PeerIP }} next-hop-self + neighbor {{ .PeerIP }} update-source {{ $.Device.Vpn4vLoopbackIntfName }} + neighbor {{ .PeerIP }} description {{ .PeerName }}-vpnv4 + neighbor {{ .PeerIP }} send-community + {{- end }} + {{- end }} {{- range .Device.Tunnels }} {{- if and .IsMulticast .Allocated }} no neighbor {{ .OverlayDstIP }} @@ -102,10 +123,30 @@ router bgp 65342 neighbor {{ .OverlayDstIP }} activate {{- end }} {{- end }} + {{- range .Ipv4BgpPeers }} + {{- if ne .PeerIP.String $.Device.Ipv4LoopbackIP.String }} + neighbor {{ .PeerIP }} activate + {{- end }} + {{- end }} + {{- range .Vpnv4BgpPeers }} + {{- if ne .PeerIP.String $.Device.Vpn4vLoopbackIP.String }} + no neighbor {{ .PeerIP }} activate + {{- end }} + {{- end }} {{- range .UnknownBgpPeers }} - no neighbor {{ . }} + no neighbor {{ . }} {{- end }} ! + address-family vpn-ipv4 + {{- range .Vpnv4BgpPeers }} + {{- if ne .PeerIP.String $.Device.Vpn4vLoopbackIP.String }} + neighbor {{ .PeerIP }} activate + {{- end }} + {{- end }} + {{- range .UnknownBgpPeers }} + no neighbor {{ . }} + {{- end }} + ! vrf vrf1 rd 65342:1 route-target import vpn-ipv4 65342:1 @@ -125,9 +166,9 @@ router bgp 65342 {{- end }} {{- end }} {{- end }} -{{- range .UnknownBgpPeers }} + {{- range .UnknownBgpPeers }} no neighbor {{ . }} -{{- end }} + {{- end }} ! ip community-list COMM-ALL_USERS permit 21682:1200 ip community-list COMM-ALL_MCAST_USERS permit 21682:1300 @@ -190,3 +231,15 @@ ip access-list SEC-USER-SUB-MCAST-IN permit ip any 224.0.0.13/32 deny ip any any ! +{{- if .Ipv4BgpPeers }} +no router msdp +router msdp + {{- range .Ipv4BgpPeers }} + {{- if ne .PeerIP.String $.Device.Ipv4LoopbackIP.String }} + peer {{ .PeerIP }} + mesh-group DZ-1 + local-interface {{ $.Device.Ipv4LoopbackIntfName }} + description {{ .PeerName }} + {{- end }} + {{- end }} +{{- end }} diff --git a/e2e/README.md b/e2e/README.md index 2c196eff8..6bb52e678 100644 --- a/e2e/README.md +++ b/e2e/README.md @@ -48,6 +48,8 @@ make test nobuild make test run=TestE2E_IBRL nobuild ``` +If you want the docker containers to keep running after the tests finish, set the `TESTCONTAINERS_RYUK_DISABLED` env var to `true`. You will need to manually clean up the containers when you're done with them. + ## Topology Each test spins up a local devnet with all components running in containers, and internal CYOA networks for devices and clients. diff --git a/e2e/device_telemetry_test.go b/e2e/device_telemetry_test.go index c8c3c0064..879a1ca0e 100644 --- a/e2e/device_telemetry_test.go +++ b/e2e/device_telemetry_test.go @@ -156,7 +156,6 @@ func TestE2E_DeviceTelemetry(t *testing.T) { doublezero device create --code pit-dzd01 --contributor co01 --location pit --exchange xpit --public-ip "204.16.241.243" --dz-prefixes "204.16.243.243/32" --mgmt-vrf mgmt doublezero device create --code ams-dz001 --contributor co01 --location ams --exchange xams --public-ip "195.219.138.50" --dz-prefixes "195.219.138.56/29" --mgmt-vrf mgmt - # TODO: When the controller supports dzd metadata, this will have to be updated to reflect actual interfaces doublezero device interface create la2-dz01 "Switch1/1/1" physical doublezero device interface create ny5-dz01 "Switch1/1/1" physical doublezero device interface create ld4-dz01 "Switch1/1/1" physical @@ -165,6 +164,24 @@ func TestE2E_DeviceTelemetry(t *testing.T) { doublezero device interface create ty2-dz01 "Switch1/1/1" physical doublezero device interface create pit-dzd01 "Switch1/1/1" physical doublezero device interface create ams-dz001 "Switch1/1/1" physical + + doublezero device interface create la2-dz01 "Loopback255" loopback --loopback-type vpnv4 + doublezero device interface create ny5-dz01 "Loopback255" loopback --loopback-type vpnv4 + doublezero device interface create ld4-dz01 "Loopback255" loopback --loopback-type vpnv4 + doublezero device interface create frk-dz01 "Loopback255" loopback --loopback-type vpnv4 + doublezero device interface create sg1-dz01 "Loopback255" loopback --loopback-type vpnv4 + doublezero device interface create ty2-dz01 "Loopback255" loopback --loopback-type vpnv4 + doublezero device interface create pit-dzd01 "Loopback255" loopback --loopback-type vpnv4 + doublezero device interface create ams-dz001 "Loopback255" loopback --loopback-type vpnv4 + + doublezero device interface create la2-dz01 "Loopback256" loopback --loopback-type ipv4 + doublezero device interface create ny5-dz01 "Loopback256" loopback --loopback-type ipv4 + doublezero device interface create ld4-dz01 "Loopback256" loopback --loopback-type ipv4 + doublezero device interface create frk-dz01 "Loopback256" loopback --loopback-type ipv4 + doublezero device interface create sg1-dz01 "Loopback256" loopback --loopback-type ipv4 + doublezero device interface create ty2-dz01 "Loopback256" loopback --loopback-type ipv4 + doublezero device interface create pit-dzd01 "Loopback256" loopback --loopback-type ipv4 + doublezero device interface create ams-dz001 "Loopback256" loopback --loopback-type ipv4 `}) require.NoError(t, err) @@ -183,9 +200,9 @@ func TestE2E_DeviceTelemetry(t *testing.T) { // Manually create tunnel interfaces on the devices. // NOTE: This is a workaround until tunnels on devices are configured automatically when links // are created. - la2ToNY5LinkTunnelLA2IP := "172.16.0.0" // 172.16.0.0/31 expected to be allocated to this link by the activator - la2ToNY5LinkTunnelNY5IP := "172.16.0.1" // 172.16.0.0/31 expected to be allocated to this link by the activator - ny5ToLD4LinkTunnelNY5IP := "172.16.0.2" // 172.16.0.2/31 expected to be allocated to this link by the activator + la2ToNY5LinkTunnelLA2IP := "172.16.0.18" // 172.16.0.0/31 expected to be allocated to this link by the activator + la2ToNY5LinkTunnelNY5IP := "172.16.0.19" // 172.16.0.0/31 expected to be allocated to this link by the activator + ny5ToLD4LinkTunnelNY5IP := "172.16.0.20" // 172.16.0.2/31 expected to be allocated to this link by the activator func() { la2Device := dn.Devices["la2-dz01"] ny5Device := dn.Devices["ny5-dz01"] diff --git a/e2e/fixtures/ibrl/doublezero_agent_config_user_added.tmpl b/e2e/fixtures/ibrl/doublezero_agent_config_user_added.tmpl index 81854ec03..7b620c847 100644 --- a/e2e/fixtures/ibrl/doublezero_agent_config_user_added.tmpl +++ b/e2e/fixtures/ibrl/doublezero_agent_config_user_added.tmpl @@ -185,7 +185,115 @@ default interface Tunnel562 default interface Tunnel563 ! router bgp 65342 + router-id 172.16.0.1 + no neighbor 172.16.0.14 + neighbor 172.16.0.14 remote-as 65342 + neighbor 172.16.0.14 next-hop-self + neighbor 172.16.0.14 update-source Loopback256 + neighbor 172.16.0.14 description ty2-dz01-ipv4 + neighbor 172.16.0.14 send-community + no neighbor 172.16.0.11 + neighbor 172.16.0.11 remote-as 65342 + neighbor 172.16.0.11 next-hop-self + neighbor 172.16.0.11 update-source Loopback256 + neighbor 172.16.0.11 description ld4-dz01-ipv4 + neighbor 172.16.0.11 send-community + no neighbor 172.16.0.10 + neighbor 172.16.0.10 remote-as 65342 + neighbor 172.16.0.10 next-hop-self + neighbor 172.16.0.10 update-source Loopback256 + neighbor 172.16.0.10 description la2-dz01-ipv4 + neighbor 172.16.0.10 send-community + no neighbor 172.16.0.13 + neighbor 172.16.0.13 remote-as 65342 + neighbor 172.16.0.13 next-hop-self + neighbor 172.16.0.13 update-source Loopback256 + neighbor 172.16.0.13 description sg1-dz01-ipv4 + neighbor 172.16.0.13 send-community + no neighbor 172.16.0.16 + neighbor 172.16.0.16 remote-as 65342 + neighbor 172.16.0.16 next-hop-self + neighbor 172.16.0.16 update-source Loopback256 + neighbor 172.16.0.16 description ams-dz001-ipv4 + neighbor 172.16.0.16 send-community + no neighbor 172.16.0.12 + neighbor 172.16.0.12 remote-as 65342 + neighbor 172.16.0.12 next-hop-self + neighbor 172.16.0.12 update-source Loopback256 + neighbor 172.16.0.12 description frk-dz01-ipv4 + neighbor 172.16.0.12 send-community + no neighbor 172.16.0.15 + neighbor 172.16.0.15 remote-as 65342 + neighbor 172.16.0.15 next-hop-self + neighbor 172.16.0.15 update-source Loopback256 + neighbor 172.16.0.15 description pit-dzd01-ipv4 + neighbor 172.16.0.15 send-community + no neighbor 172.16.0.6 + neighbor 172.16.0.6 remote-as 65342 + neighbor 172.16.0.6 next-hop-self + neighbor 172.16.0.6 update-source Loopback255 + neighbor 172.16.0.6 description ty2-dz01-vpnv4 + neighbor 172.16.0.6 send-community + no neighbor 172.16.0.3 + neighbor 172.16.0.3 remote-as 65342 + neighbor 172.16.0.3 next-hop-self + neighbor 172.16.0.3 update-source Loopback255 + neighbor 172.16.0.3 description ld4-dz01-vpnv4 + neighbor 172.16.0.3 send-community + no neighbor 172.16.0.2 + neighbor 172.16.0.2 remote-as 65342 + neighbor 172.16.0.2 next-hop-self + neighbor 172.16.0.2 update-source Loopback255 + neighbor 172.16.0.2 description la2-dz01-vpnv4 + neighbor 172.16.0.2 send-community + no neighbor 172.16.0.5 + neighbor 172.16.0.5 remote-as 65342 + neighbor 172.16.0.5 next-hop-self + neighbor 172.16.0.5 update-source Loopback255 + neighbor 172.16.0.5 description sg1-dz01-vpnv4 + neighbor 172.16.0.5 send-community + no neighbor 172.16.0.8 + neighbor 172.16.0.8 remote-as 65342 + neighbor 172.16.0.8 next-hop-self + neighbor 172.16.0.8 update-source Loopback255 + neighbor 172.16.0.8 description ams-dz001-vpnv4 + neighbor 172.16.0.8 send-community + no neighbor 172.16.0.4 + neighbor 172.16.0.4 remote-as 65342 + neighbor 172.16.0.4 next-hop-self + neighbor 172.16.0.4 update-source Loopback255 + neighbor 172.16.0.4 description frk-dz01-vpnv4 + neighbor 172.16.0.4 send-community + no neighbor 172.16.0.7 + neighbor 172.16.0.7 remote-as 65342 + neighbor 172.16.0.7 next-hop-self + neighbor 172.16.0.7 update-source Loopback255 + neighbor 172.16.0.7 description pit-dzd01-vpnv4 + neighbor 172.16.0.7 send-community address-family ipv4 + neighbor 172.16.0.14 activate + neighbor 172.16.0.11 activate + neighbor 172.16.0.10 activate + neighbor 172.16.0.13 activate + neighbor 172.16.0.16 activate + neighbor 172.16.0.12 activate + neighbor 172.16.0.15 activate + no neighbor 172.16.0.6 activate + no neighbor 172.16.0.3 activate + no neighbor 172.16.0.2 activate + no neighbor 172.16.0.5 activate + no neighbor 172.16.0.8 activate + no neighbor 172.16.0.4 activate + no neighbor 172.16.0.7 activate + ! + address-family vpn-ipv4 + neighbor 172.16.0.6 activate + neighbor 172.16.0.3 activate + neighbor 172.16.0.2 activate + neighbor 172.16.0.5 activate + neighbor 172.16.0.8 activate + neighbor 172.16.0.4 activate + neighbor 172.16.0.7 activate ! vrf vrf1 rd 65342:1 @@ -676,3 +784,33 @@ ip access-list SEC-USER-SUB-MCAST-IN permit ip any 224.0.0.13/32 deny ip any any ! +no router msdp +router msdp + peer 172.16.0.14 + mesh-group DZ-1 + local-interface Loopback256 + description ty2-dz01 + peer 172.16.0.11 + mesh-group DZ-1 + local-interface Loopback256 + description ld4-dz01 + peer 172.16.0.10 + mesh-group DZ-1 + local-interface Loopback256 + description la2-dz01 + peer 172.16.0.13 + mesh-group DZ-1 + local-interface Loopback256 + description sg1-dz01 + peer 172.16.0.16 + mesh-group DZ-1 + local-interface Loopback256 + description ams-dz001 + peer 172.16.0.12 + mesh-group DZ-1 + local-interface Loopback256 + description frk-dz01 + peer 172.16.0.15 + mesh-group DZ-1 + local-interface Loopback256 + description pit-dzd01 diff --git a/e2e/fixtures/ibrl/doublezero_agent_config_user_removed.tmpl b/e2e/fixtures/ibrl/doublezero_agent_config_user_removed.tmpl index ba3f55ceb..ae7598fca 100644 --- a/e2e/fixtures/ibrl/doublezero_agent_config_user_removed.tmpl +++ b/e2e/fixtures/ibrl/doublezero_agent_config_user_removed.tmpl @@ -174,7 +174,115 @@ default interface Tunnel562 default interface Tunnel563 ! router bgp 65342 + router-id 172.16.0.1 + no neighbor 172.16.0.14 + neighbor 172.16.0.14 remote-as 65342 + neighbor 172.16.0.14 next-hop-self + neighbor 172.16.0.14 update-source Loopback256 + neighbor 172.16.0.14 description ty2-dz01-ipv4 + neighbor 172.16.0.14 send-community + no neighbor 172.16.0.11 + neighbor 172.16.0.11 remote-as 65342 + neighbor 172.16.0.11 next-hop-self + neighbor 172.16.0.11 update-source Loopback256 + neighbor 172.16.0.11 description ld4-dz01-ipv4 + neighbor 172.16.0.11 send-community + no neighbor 172.16.0.10 + neighbor 172.16.0.10 remote-as 65342 + neighbor 172.16.0.10 next-hop-self + neighbor 172.16.0.10 update-source Loopback256 + neighbor 172.16.0.10 description la2-dz01-ipv4 + neighbor 172.16.0.10 send-community + no neighbor 172.16.0.13 + neighbor 172.16.0.13 remote-as 65342 + neighbor 172.16.0.13 next-hop-self + neighbor 172.16.0.13 update-source Loopback256 + neighbor 172.16.0.13 description sg1-dz01-ipv4 + neighbor 172.16.0.13 send-community + no neighbor 172.16.0.16 + neighbor 172.16.0.16 remote-as 65342 + neighbor 172.16.0.16 next-hop-self + neighbor 172.16.0.16 update-source Loopback256 + neighbor 172.16.0.16 description ams-dz001-ipv4 + neighbor 172.16.0.16 send-community + no neighbor 172.16.0.12 + neighbor 172.16.0.12 remote-as 65342 + neighbor 172.16.0.12 next-hop-self + neighbor 172.16.0.12 update-source Loopback256 + neighbor 172.16.0.12 description frk-dz01-ipv4 + neighbor 172.16.0.12 send-community + no neighbor 172.16.0.15 + neighbor 172.16.0.15 remote-as 65342 + neighbor 172.16.0.15 next-hop-self + neighbor 172.16.0.15 update-source Loopback256 + neighbor 172.16.0.15 description pit-dzd01-ipv4 + neighbor 172.16.0.15 send-community + no neighbor 172.16.0.6 + neighbor 172.16.0.6 remote-as 65342 + neighbor 172.16.0.6 next-hop-self + neighbor 172.16.0.6 update-source Loopback255 + neighbor 172.16.0.6 description ty2-dz01-vpnv4 + neighbor 172.16.0.6 send-community + no neighbor 172.16.0.3 + neighbor 172.16.0.3 remote-as 65342 + neighbor 172.16.0.3 next-hop-self + neighbor 172.16.0.3 update-source Loopback255 + neighbor 172.16.0.3 description ld4-dz01-vpnv4 + neighbor 172.16.0.3 send-community + no neighbor 172.16.0.2 + neighbor 172.16.0.2 remote-as 65342 + neighbor 172.16.0.2 next-hop-self + neighbor 172.16.0.2 update-source Loopback255 + neighbor 172.16.0.2 description la2-dz01-vpnv4 + neighbor 172.16.0.2 send-community + no neighbor 172.16.0.5 + neighbor 172.16.0.5 remote-as 65342 + neighbor 172.16.0.5 next-hop-self + neighbor 172.16.0.5 update-source Loopback255 + neighbor 172.16.0.5 description sg1-dz01-vpnv4 + neighbor 172.16.0.5 send-community + no neighbor 172.16.0.8 + neighbor 172.16.0.8 remote-as 65342 + neighbor 172.16.0.8 next-hop-self + neighbor 172.16.0.8 update-source Loopback255 + neighbor 172.16.0.8 description ams-dz001-vpnv4 + neighbor 172.16.0.8 send-community + no neighbor 172.16.0.4 + neighbor 172.16.0.4 remote-as 65342 + neighbor 172.16.0.4 next-hop-self + neighbor 172.16.0.4 update-source Loopback255 + neighbor 172.16.0.4 description frk-dz01-vpnv4 + neighbor 172.16.0.4 send-community + no neighbor 172.16.0.7 + neighbor 172.16.0.7 remote-as 65342 + neighbor 172.16.0.7 next-hop-self + neighbor 172.16.0.7 update-source Loopback255 + neighbor 172.16.0.7 description pit-dzd01-vpnv4 + neighbor 172.16.0.7 send-community address-family ipv4 + neighbor 172.16.0.14 activate + neighbor 172.16.0.11 activate + neighbor 172.16.0.10 activate + neighbor 172.16.0.13 activate + neighbor 172.16.0.16 activate + neighbor 172.16.0.12 activate + neighbor 172.16.0.15 activate + no neighbor 172.16.0.6 activate + no neighbor 172.16.0.3 activate + no neighbor 172.16.0.2 activate + no neighbor 172.16.0.5 activate + no neighbor 172.16.0.8 activate + no neighbor 172.16.0.4 activate + no neighbor 172.16.0.7 activate + ! + address-family vpn-ipv4 + neighbor 172.16.0.6 activate + neighbor 172.16.0.3 activate + neighbor 172.16.0.2 activate + neighbor 172.16.0.5 activate + neighbor 172.16.0.8 activate + neighbor 172.16.0.4 activate + neighbor 172.16.0.7 activate ! vrf vrf1 rd 65342:1 @@ -650,3 +758,33 @@ ip access-list SEC-USER-SUB-MCAST-IN permit ip any 224.0.0.13/32 deny ip any any ! +no router msdp +router msdp + peer 172.16.0.14 + mesh-group DZ-1 + local-interface Loopback256 + description ty2-dz01 + peer 172.16.0.11 + mesh-group DZ-1 + local-interface Loopback256 + description ld4-dz01 + peer 172.16.0.10 + mesh-group DZ-1 + local-interface Loopback256 + description la2-dz01 + peer 172.16.0.13 + mesh-group DZ-1 + local-interface Loopback256 + description sg1-dz01 + peer 172.16.0.16 + mesh-group DZ-1 + local-interface Loopback256 + description ams-dz001 + peer 172.16.0.12 + mesh-group DZ-1 + local-interface Loopback256 + description frk-dz01 + peer 172.16.0.15 + mesh-group DZ-1 + local-interface Loopback256 + description pit-dzd01 diff --git a/e2e/fixtures/ibrl_with_allocated_addr/doublezero_agent_config_user_added.tmpl b/e2e/fixtures/ibrl_with_allocated_addr/doublezero_agent_config_user_added.tmpl index 10abcc8d8..9f20fb054 100644 --- a/e2e/fixtures/ibrl_with_allocated_addr/doublezero_agent_config_user_added.tmpl +++ b/e2e/fixtures/ibrl_with_allocated_addr/doublezero_agent_config_user_added.tmpl @@ -185,7 +185,115 @@ default interface Tunnel562 default interface Tunnel563 ! router bgp 65342 + router-id 172.16.0.1 + no neighbor 172.16.0.14 + neighbor 172.16.0.14 remote-as 65342 + neighbor 172.16.0.14 next-hop-self + neighbor 172.16.0.14 update-source Loopback256 + neighbor 172.16.0.14 description ty2-dz01-ipv4 + neighbor 172.16.0.14 send-community + no neighbor 172.16.0.11 + neighbor 172.16.0.11 remote-as 65342 + neighbor 172.16.0.11 next-hop-self + neighbor 172.16.0.11 update-source Loopback256 + neighbor 172.16.0.11 description ld4-dz01-ipv4 + neighbor 172.16.0.11 send-community + no neighbor 172.16.0.10 + neighbor 172.16.0.10 remote-as 65342 + neighbor 172.16.0.10 next-hop-self + neighbor 172.16.0.10 update-source Loopback256 + neighbor 172.16.0.10 description la2-dz01-ipv4 + neighbor 172.16.0.10 send-community + no neighbor 172.16.0.13 + neighbor 172.16.0.13 remote-as 65342 + neighbor 172.16.0.13 next-hop-self + neighbor 172.16.0.13 update-source Loopback256 + neighbor 172.16.0.13 description sg1-dz01-ipv4 + neighbor 172.16.0.13 send-community + no neighbor 172.16.0.16 + neighbor 172.16.0.16 remote-as 65342 + neighbor 172.16.0.16 next-hop-self + neighbor 172.16.0.16 update-source Loopback256 + neighbor 172.16.0.16 description ams-dz001-ipv4 + neighbor 172.16.0.16 send-community + no neighbor 172.16.0.12 + neighbor 172.16.0.12 remote-as 65342 + neighbor 172.16.0.12 next-hop-self + neighbor 172.16.0.12 update-source Loopback256 + neighbor 172.16.0.12 description frk-dz01-ipv4 + neighbor 172.16.0.12 send-community + no neighbor 172.16.0.15 + neighbor 172.16.0.15 remote-as 65342 + neighbor 172.16.0.15 next-hop-self + neighbor 172.16.0.15 update-source Loopback256 + neighbor 172.16.0.15 description pit-dzd01-ipv4 + neighbor 172.16.0.15 send-community + no neighbor 172.16.0.6 + neighbor 172.16.0.6 remote-as 65342 + neighbor 172.16.0.6 next-hop-self + neighbor 172.16.0.6 update-source Loopback255 + neighbor 172.16.0.6 description ty2-dz01-vpnv4 + neighbor 172.16.0.6 send-community + no neighbor 172.16.0.3 + neighbor 172.16.0.3 remote-as 65342 + neighbor 172.16.0.3 next-hop-self + neighbor 172.16.0.3 update-source Loopback255 + neighbor 172.16.0.3 description ld4-dz01-vpnv4 + neighbor 172.16.0.3 send-community + no neighbor 172.16.0.2 + neighbor 172.16.0.2 remote-as 65342 + neighbor 172.16.0.2 next-hop-self + neighbor 172.16.0.2 update-source Loopback255 + neighbor 172.16.0.2 description la2-dz01-vpnv4 + neighbor 172.16.0.2 send-community + no neighbor 172.16.0.5 + neighbor 172.16.0.5 remote-as 65342 + neighbor 172.16.0.5 next-hop-self + neighbor 172.16.0.5 update-source Loopback255 + neighbor 172.16.0.5 description sg1-dz01-vpnv4 + neighbor 172.16.0.5 send-community + no neighbor 172.16.0.8 + neighbor 172.16.0.8 remote-as 65342 + neighbor 172.16.0.8 next-hop-self + neighbor 172.16.0.8 update-source Loopback255 + neighbor 172.16.0.8 description ams-dz001-vpnv4 + neighbor 172.16.0.8 send-community + no neighbor 172.16.0.4 + neighbor 172.16.0.4 remote-as 65342 + neighbor 172.16.0.4 next-hop-self + neighbor 172.16.0.4 update-source Loopback255 + neighbor 172.16.0.4 description frk-dz01-vpnv4 + neighbor 172.16.0.4 send-community + no neighbor 172.16.0.7 + neighbor 172.16.0.7 remote-as 65342 + neighbor 172.16.0.7 next-hop-self + neighbor 172.16.0.7 update-source Loopback255 + neighbor 172.16.0.7 description pit-dzd01-vpnv4 + neighbor 172.16.0.7 send-community address-family ipv4 + neighbor 172.16.0.14 activate + neighbor 172.16.0.11 activate + neighbor 172.16.0.10 activate + neighbor 172.16.0.13 activate + neighbor 172.16.0.16 activate + neighbor 172.16.0.12 activate + neighbor 172.16.0.15 activate + no neighbor 172.16.0.6 activate + no neighbor 172.16.0.3 activate + no neighbor 172.16.0.2 activate + no neighbor 172.16.0.5 activate + no neighbor 172.16.0.8 activate + no neighbor 172.16.0.4 activate + no neighbor 172.16.0.7 activate + ! + address-family vpn-ipv4 + neighbor 172.16.0.6 activate + neighbor 172.16.0.3 activate + neighbor 172.16.0.2 activate + neighbor 172.16.0.5 activate + neighbor 172.16.0.8 activate + neighbor 172.16.0.4 activate + neighbor 172.16.0.7 activate ! vrf vrf1 rd 65342:1 @@ -676,3 +784,33 @@ ip access-list SEC-USER-SUB-MCAST-IN permit ip any 224.0.0.13/32 deny ip any any ! +no router msdp +router msdp + peer 172.16.0.14 + mesh-group DZ-1 + local-interface Loopback256 + description ty2-dz01 + peer 172.16.0.11 + mesh-group DZ-1 + local-interface Loopback256 + description ld4-dz01 + peer 172.16.0.10 + mesh-group DZ-1 + local-interface Loopback256 + description la2-dz01 + peer 172.16.0.13 + mesh-group DZ-1 + local-interface Loopback256 + description sg1-dz01 + peer 172.16.0.16 + mesh-group DZ-1 + local-interface Loopback256 + description ams-dz001 + peer 172.16.0.12 + mesh-group DZ-1 + local-interface Loopback256 + description frk-dz01 + peer 172.16.0.15 + mesh-group DZ-1 + local-interface Loopback256 + description pit-dzd01 diff --git a/e2e/fixtures/ibrl_with_allocated_addr/doublezero_agent_config_user_removed.tmpl b/e2e/fixtures/ibrl_with_allocated_addr/doublezero_agent_config_user_removed.tmpl index ba3f55ceb..ae7598fca 100644 --- a/e2e/fixtures/ibrl_with_allocated_addr/doublezero_agent_config_user_removed.tmpl +++ b/e2e/fixtures/ibrl_with_allocated_addr/doublezero_agent_config_user_removed.tmpl @@ -174,7 +174,115 @@ default interface Tunnel562 default interface Tunnel563 ! router bgp 65342 + router-id 172.16.0.1 + no neighbor 172.16.0.14 + neighbor 172.16.0.14 remote-as 65342 + neighbor 172.16.0.14 next-hop-self + neighbor 172.16.0.14 update-source Loopback256 + neighbor 172.16.0.14 description ty2-dz01-ipv4 + neighbor 172.16.0.14 send-community + no neighbor 172.16.0.11 + neighbor 172.16.0.11 remote-as 65342 + neighbor 172.16.0.11 next-hop-self + neighbor 172.16.0.11 update-source Loopback256 + neighbor 172.16.0.11 description ld4-dz01-ipv4 + neighbor 172.16.0.11 send-community + no neighbor 172.16.0.10 + neighbor 172.16.0.10 remote-as 65342 + neighbor 172.16.0.10 next-hop-self + neighbor 172.16.0.10 update-source Loopback256 + neighbor 172.16.0.10 description la2-dz01-ipv4 + neighbor 172.16.0.10 send-community + no neighbor 172.16.0.13 + neighbor 172.16.0.13 remote-as 65342 + neighbor 172.16.0.13 next-hop-self + neighbor 172.16.0.13 update-source Loopback256 + neighbor 172.16.0.13 description sg1-dz01-ipv4 + neighbor 172.16.0.13 send-community + no neighbor 172.16.0.16 + neighbor 172.16.0.16 remote-as 65342 + neighbor 172.16.0.16 next-hop-self + neighbor 172.16.0.16 update-source Loopback256 + neighbor 172.16.0.16 description ams-dz001-ipv4 + neighbor 172.16.0.16 send-community + no neighbor 172.16.0.12 + neighbor 172.16.0.12 remote-as 65342 + neighbor 172.16.0.12 next-hop-self + neighbor 172.16.0.12 update-source Loopback256 + neighbor 172.16.0.12 description frk-dz01-ipv4 + neighbor 172.16.0.12 send-community + no neighbor 172.16.0.15 + neighbor 172.16.0.15 remote-as 65342 + neighbor 172.16.0.15 next-hop-self + neighbor 172.16.0.15 update-source Loopback256 + neighbor 172.16.0.15 description pit-dzd01-ipv4 + neighbor 172.16.0.15 send-community + no neighbor 172.16.0.6 + neighbor 172.16.0.6 remote-as 65342 + neighbor 172.16.0.6 next-hop-self + neighbor 172.16.0.6 update-source Loopback255 + neighbor 172.16.0.6 description ty2-dz01-vpnv4 + neighbor 172.16.0.6 send-community + no neighbor 172.16.0.3 + neighbor 172.16.0.3 remote-as 65342 + neighbor 172.16.0.3 next-hop-self + neighbor 172.16.0.3 update-source Loopback255 + neighbor 172.16.0.3 description ld4-dz01-vpnv4 + neighbor 172.16.0.3 send-community + no neighbor 172.16.0.2 + neighbor 172.16.0.2 remote-as 65342 + neighbor 172.16.0.2 next-hop-self + neighbor 172.16.0.2 update-source Loopback255 + neighbor 172.16.0.2 description la2-dz01-vpnv4 + neighbor 172.16.0.2 send-community + no neighbor 172.16.0.5 + neighbor 172.16.0.5 remote-as 65342 + neighbor 172.16.0.5 next-hop-self + neighbor 172.16.0.5 update-source Loopback255 + neighbor 172.16.0.5 description sg1-dz01-vpnv4 + neighbor 172.16.0.5 send-community + no neighbor 172.16.0.8 + neighbor 172.16.0.8 remote-as 65342 + neighbor 172.16.0.8 next-hop-self + neighbor 172.16.0.8 update-source Loopback255 + neighbor 172.16.0.8 description ams-dz001-vpnv4 + neighbor 172.16.0.8 send-community + no neighbor 172.16.0.4 + neighbor 172.16.0.4 remote-as 65342 + neighbor 172.16.0.4 next-hop-self + neighbor 172.16.0.4 update-source Loopback255 + neighbor 172.16.0.4 description frk-dz01-vpnv4 + neighbor 172.16.0.4 send-community + no neighbor 172.16.0.7 + neighbor 172.16.0.7 remote-as 65342 + neighbor 172.16.0.7 next-hop-self + neighbor 172.16.0.7 update-source Loopback255 + neighbor 172.16.0.7 description pit-dzd01-vpnv4 + neighbor 172.16.0.7 send-community address-family ipv4 + neighbor 172.16.0.14 activate + neighbor 172.16.0.11 activate + neighbor 172.16.0.10 activate + neighbor 172.16.0.13 activate + neighbor 172.16.0.16 activate + neighbor 172.16.0.12 activate + neighbor 172.16.0.15 activate + no neighbor 172.16.0.6 activate + no neighbor 172.16.0.3 activate + no neighbor 172.16.0.2 activate + no neighbor 172.16.0.5 activate + no neighbor 172.16.0.8 activate + no neighbor 172.16.0.4 activate + no neighbor 172.16.0.7 activate + ! + address-family vpn-ipv4 + neighbor 172.16.0.6 activate + neighbor 172.16.0.3 activate + neighbor 172.16.0.2 activate + neighbor 172.16.0.5 activate + neighbor 172.16.0.8 activate + neighbor 172.16.0.4 activate + neighbor 172.16.0.7 activate ! vrf vrf1 rd 65342:1 @@ -650,3 +758,33 @@ ip access-list SEC-USER-SUB-MCAST-IN permit ip any 224.0.0.13/32 deny ip any any ! +no router msdp +router msdp + peer 172.16.0.14 + mesh-group DZ-1 + local-interface Loopback256 + description ty2-dz01 + peer 172.16.0.11 + mesh-group DZ-1 + local-interface Loopback256 + description ld4-dz01 + peer 172.16.0.10 + mesh-group DZ-1 + local-interface Loopback256 + description la2-dz01 + peer 172.16.0.13 + mesh-group DZ-1 + local-interface Loopback256 + description sg1-dz01 + peer 172.16.0.16 + mesh-group DZ-1 + local-interface Loopback256 + description ams-dz001 + peer 172.16.0.12 + mesh-group DZ-1 + local-interface Loopback256 + description frk-dz01 + peer 172.16.0.15 + mesh-group DZ-1 + local-interface Loopback256 + description pit-dzd01 diff --git a/e2e/fixtures/multicast_publisher/doublezero_agent_config_user_added.tmpl b/e2e/fixtures/multicast_publisher/doublezero_agent_config_user_added.tmpl index 663325b81..c19fe9825 100644 --- a/e2e/fixtures/multicast_publisher/doublezero_agent_config_user_added.tmpl +++ b/e2e/fixtures/multicast_publisher/doublezero_agent_config_user_added.tmpl @@ -188,6 +188,91 @@ default interface Tunnel562 default interface Tunnel563 ! router bgp 65342 + router-id 172.16.0.1 + no neighbor 172.16.0.14 + neighbor 172.16.0.14 remote-as 65342 + neighbor 172.16.0.14 next-hop-self + neighbor 172.16.0.14 update-source Loopback256 + neighbor 172.16.0.14 description ty2-dz01-ipv4 + neighbor 172.16.0.14 send-community + no neighbor 172.16.0.11 + neighbor 172.16.0.11 remote-as 65342 + neighbor 172.16.0.11 next-hop-self + neighbor 172.16.0.11 update-source Loopback256 + neighbor 172.16.0.11 description ld4-dz01-ipv4 + neighbor 172.16.0.11 send-community + no neighbor 172.16.0.10 + neighbor 172.16.0.10 remote-as 65342 + neighbor 172.16.0.10 next-hop-self + neighbor 172.16.0.10 update-source Loopback256 + neighbor 172.16.0.10 description la2-dz01-ipv4 + neighbor 172.16.0.10 send-community + no neighbor 172.16.0.13 + neighbor 172.16.0.13 remote-as 65342 + neighbor 172.16.0.13 next-hop-self + neighbor 172.16.0.13 update-source Loopback256 + neighbor 172.16.0.13 description sg1-dz01-ipv4 + neighbor 172.16.0.13 send-community + no neighbor 172.16.0.16 + neighbor 172.16.0.16 remote-as 65342 + neighbor 172.16.0.16 next-hop-self + neighbor 172.16.0.16 update-source Loopback256 + neighbor 172.16.0.16 description ams-dz001-ipv4 + neighbor 172.16.0.16 send-community + no neighbor 172.16.0.12 + neighbor 172.16.0.12 remote-as 65342 + neighbor 172.16.0.12 next-hop-self + neighbor 172.16.0.12 update-source Loopback256 + neighbor 172.16.0.12 description frk-dz01-ipv4 + neighbor 172.16.0.12 send-community + no neighbor 172.16.0.15 + neighbor 172.16.0.15 remote-as 65342 + neighbor 172.16.0.15 next-hop-self + neighbor 172.16.0.15 update-source Loopback256 + neighbor 172.16.0.15 description pit-dzd01-ipv4 + neighbor 172.16.0.15 send-community + no neighbor 172.16.0.6 + neighbor 172.16.0.6 remote-as 65342 + neighbor 172.16.0.6 next-hop-self + neighbor 172.16.0.6 update-source Loopback255 + neighbor 172.16.0.6 description ty2-dz01-vpnv4 + neighbor 172.16.0.6 send-community + no neighbor 172.16.0.3 + neighbor 172.16.0.3 remote-as 65342 + neighbor 172.16.0.3 next-hop-self + neighbor 172.16.0.3 update-source Loopback255 + neighbor 172.16.0.3 description ld4-dz01-vpnv4 + neighbor 172.16.0.3 send-community + no neighbor 172.16.0.2 + neighbor 172.16.0.2 remote-as 65342 + neighbor 172.16.0.2 next-hop-self + neighbor 172.16.0.2 update-source Loopback255 + neighbor 172.16.0.2 description la2-dz01-vpnv4 + neighbor 172.16.0.2 send-community + no neighbor 172.16.0.5 + neighbor 172.16.0.5 remote-as 65342 + neighbor 172.16.0.5 next-hop-self + neighbor 172.16.0.5 update-source Loopback255 + neighbor 172.16.0.5 description sg1-dz01-vpnv4 + neighbor 172.16.0.5 send-community + no neighbor 172.16.0.8 + neighbor 172.16.0.8 remote-as 65342 + neighbor 172.16.0.8 next-hop-self + neighbor 172.16.0.8 update-source Loopback255 + neighbor 172.16.0.8 description ams-dz001-vpnv4 + neighbor 172.16.0.8 send-community + no neighbor 172.16.0.4 + neighbor 172.16.0.4 remote-as 65342 + neighbor 172.16.0.4 next-hop-self + neighbor 172.16.0.4 update-source Loopback255 + neighbor 172.16.0.4 description frk-dz01-vpnv4 + neighbor 172.16.0.4 send-community + no neighbor 172.16.0.7 + neighbor 172.16.0.7 remote-as 65342 + neighbor 172.16.0.7 next-hop-self + neighbor 172.16.0.7 update-source Loopback255 + neighbor 172.16.0.7 description pit-dzd01-vpnv4 + neighbor 172.16.0.7 send-community no neighbor 169.254.0.1 neighbor 169.254.0.1 remote-as 65000 neighbor 169.254.0.1 passive @@ -198,6 +283,29 @@ router bgp 65342 neighbor 169.254.0.1 maximum-accepted-routes 1 address-family ipv4 neighbor 169.254.0.1 activate + neighbor 172.16.0.14 activate + neighbor 172.16.0.11 activate + neighbor 172.16.0.10 activate + neighbor 172.16.0.13 activate + neighbor 172.16.0.16 activate + neighbor 172.16.0.12 activate + neighbor 172.16.0.15 activate + no neighbor 172.16.0.6 activate + no neighbor 172.16.0.3 activate + no neighbor 172.16.0.2 activate + no neighbor 172.16.0.5 activate + no neighbor 172.16.0.8 activate + no neighbor 172.16.0.4 activate + no neighbor 172.16.0.7 activate + ! + address-family vpn-ipv4 + neighbor 172.16.0.6 activate + neighbor 172.16.0.3 activate + neighbor 172.16.0.2 activate + neighbor 172.16.0.5 activate + neighbor 172.16.0.8 activate + neighbor 172.16.0.4 activate + neighbor 172.16.0.7 activate ! vrf vrf1 rd 65342:1 @@ -685,3 +793,33 @@ ip access-list SEC-USER-SUB-MCAST-IN permit ip any 224.0.0.13/32 deny ip any any ! +no router msdp +router msdp + peer 172.16.0.14 + mesh-group DZ-1 + local-interface Loopback256 + description ty2-dz01 + peer 172.16.0.11 + mesh-group DZ-1 + local-interface Loopback256 + description ld4-dz01 + peer 172.16.0.10 + mesh-group DZ-1 + local-interface Loopback256 + description la2-dz01 + peer 172.16.0.13 + mesh-group DZ-1 + local-interface Loopback256 + description sg1-dz01 + peer 172.16.0.16 + mesh-group DZ-1 + local-interface Loopback256 + description ams-dz001 + peer 172.16.0.12 + mesh-group DZ-1 + local-interface Loopback256 + description frk-dz01 + peer 172.16.0.15 + mesh-group DZ-1 + local-interface Loopback256 + description pit-dzd01 diff --git a/e2e/fixtures/multicast_publisher/doublezero_agent_config_user_removed.tmpl b/e2e/fixtures/multicast_publisher/doublezero_agent_config_user_removed.tmpl index ba3f55ceb..ae7598fca 100644 --- a/e2e/fixtures/multicast_publisher/doublezero_agent_config_user_removed.tmpl +++ b/e2e/fixtures/multicast_publisher/doublezero_agent_config_user_removed.tmpl @@ -174,7 +174,115 @@ default interface Tunnel562 default interface Tunnel563 ! router bgp 65342 + router-id 172.16.0.1 + no neighbor 172.16.0.14 + neighbor 172.16.0.14 remote-as 65342 + neighbor 172.16.0.14 next-hop-self + neighbor 172.16.0.14 update-source Loopback256 + neighbor 172.16.0.14 description ty2-dz01-ipv4 + neighbor 172.16.0.14 send-community + no neighbor 172.16.0.11 + neighbor 172.16.0.11 remote-as 65342 + neighbor 172.16.0.11 next-hop-self + neighbor 172.16.0.11 update-source Loopback256 + neighbor 172.16.0.11 description ld4-dz01-ipv4 + neighbor 172.16.0.11 send-community + no neighbor 172.16.0.10 + neighbor 172.16.0.10 remote-as 65342 + neighbor 172.16.0.10 next-hop-self + neighbor 172.16.0.10 update-source Loopback256 + neighbor 172.16.0.10 description la2-dz01-ipv4 + neighbor 172.16.0.10 send-community + no neighbor 172.16.0.13 + neighbor 172.16.0.13 remote-as 65342 + neighbor 172.16.0.13 next-hop-self + neighbor 172.16.0.13 update-source Loopback256 + neighbor 172.16.0.13 description sg1-dz01-ipv4 + neighbor 172.16.0.13 send-community + no neighbor 172.16.0.16 + neighbor 172.16.0.16 remote-as 65342 + neighbor 172.16.0.16 next-hop-self + neighbor 172.16.0.16 update-source Loopback256 + neighbor 172.16.0.16 description ams-dz001-ipv4 + neighbor 172.16.0.16 send-community + no neighbor 172.16.0.12 + neighbor 172.16.0.12 remote-as 65342 + neighbor 172.16.0.12 next-hop-self + neighbor 172.16.0.12 update-source Loopback256 + neighbor 172.16.0.12 description frk-dz01-ipv4 + neighbor 172.16.0.12 send-community + no neighbor 172.16.0.15 + neighbor 172.16.0.15 remote-as 65342 + neighbor 172.16.0.15 next-hop-self + neighbor 172.16.0.15 update-source Loopback256 + neighbor 172.16.0.15 description pit-dzd01-ipv4 + neighbor 172.16.0.15 send-community + no neighbor 172.16.0.6 + neighbor 172.16.0.6 remote-as 65342 + neighbor 172.16.0.6 next-hop-self + neighbor 172.16.0.6 update-source Loopback255 + neighbor 172.16.0.6 description ty2-dz01-vpnv4 + neighbor 172.16.0.6 send-community + no neighbor 172.16.0.3 + neighbor 172.16.0.3 remote-as 65342 + neighbor 172.16.0.3 next-hop-self + neighbor 172.16.0.3 update-source Loopback255 + neighbor 172.16.0.3 description ld4-dz01-vpnv4 + neighbor 172.16.0.3 send-community + no neighbor 172.16.0.2 + neighbor 172.16.0.2 remote-as 65342 + neighbor 172.16.0.2 next-hop-self + neighbor 172.16.0.2 update-source Loopback255 + neighbor 172.16.0.2 description la2-dz01-vpnv4 + neighbor 172.16.0.2 send-community + no neighbor 172.16.0.5 + neighbor 172.16.0.5 remote-as 65342 + neighbor 172.16.0.5 next-hop-self + neighbor 172.16.0.5 update-source Loopback255 + neighbor 172.16.0.5 description sg1-dz01-vpnv4 + neighbor 172.16.0.5 send-community + no neighbor 172.16.0.8 + neighbor 172.16.0.8 remote-as 65342 + neighbor 172.16.0.8 next-hop-self + neighbor 172.16.0.8 update-source Loopback255 + neighbor 172.16.0.8 description ams-dz001-vpnv4 + neighbor 172.16.0.8 send-community + no neighbor 172.16.0.4 + neighbor 172.16.0.4 remote-as 65342 + neighbor 172.16.0.4 next-hop-self + neighbor 172.16.0.4 update-source Loopback255 + neighbor 172.16.0.4 description frk-dz01-vpnv4 + neighbor 172.16.0.4 send-community + no neighbor 172.16.0.7 + neighbor 172.16.0.7 remote-as 65342 + neighbor 172.16.0.7 next-hop-self + neighbor 172.16.0.7 update-source Loopback255 + neighbor 172.16.0.7 description pit-dzd01-vpnv4 + neighbor 172.16.0.7 send-community address-family ipv4 + neighbor 172.16.0.14 activate + neighbor 172.16.0.11 activate + neighbor 172.16.0.10 activate + neighbor 172.16.0.13 activate + neighbor 172.16.0.16 activate + neighbor 172.16.0.12 activate + neighbor 172.16.0.15 activate + no neighbor 172.16.0.6 activate + no neighbor 172.16.0.3 activate + no neighbor 172.16.0.2 activate + no neighbor 172.16.0.5 activate + no neighbor 172.16.0.8 activate + no neighbor 172.16.0.4 activate + no neighbor 172.16.0.7 activate + ! + address-family vpn-ipv4 + neighbor 172.16.0.6 activate + neighbor 172.16.0.3 activate + neighbor 172.16.0.2 activate + neighbor 172.16.0.5 activate + neighbor 172.16.0.8 activate + neighbor 172.16.0.4 activate + neighbor 172.16.0.7 activate ! vrf vrf1 rd 65342:1 @@ -650,3 +758,33 @@ ip access-list SEC-USER-SUB-MCAST-IN permit ip any 224.0.0.13/32 deny ip any any ! +no router msdp +router msdp + peer 172.16.0.14 + mesh-group DZ-1 + local-interface Loopback256 + description ty2-dz01 + peer 172.16.0.11 + mesh-group DZ-1 + local-interface Loopback256 + description ld4-dz01 + peer 172.16.0.10 + mesh-group DZ-1 + local-interface Loopback256 + description la2-dz01 + peer 172.16.0.13 + mesh-group DZ-1 + local-interface Loopback256 + description sg1-dz01 + peer 172.16.0.16 + mesh-group DZ-1 + local-interface Loopback256 + description ams-dz001 + peer 172.16.0.12 + mesh-group DZ-1 + local-interface Loopback256 + description frk-dz01 + peer 172.16.0.15 + mesh-group DZ-1 + local-interface Loopback256 + description pit-dzd01 diff --git a/e2e/fixtures/multicast_subscriber/doublezero_agent_config_user_added.tmpl b/e2e/fixtures/multicast_subscriber/doublezero_agent_config_user_added.tmpl index 62b578c55..fb811aa1c 100644 --- a/e2e/fixtures/multicast_subscriber/doublezero_agent_config_user_added.tmpl +++ b/e2e/fixtures/multicast_subscriber/doublezero_agent_config_user_added.tmpl @@ -187,6 +187,91 @@ default interface Tunnel562 default interface Tunnel563 ! router bgp 65342 + router-id 172.16.0.1 + no neighbor 172.16.0.14 + neighbor 172.16.0.14 remote-as 65342 + neighbor 172.16.0.14 next-hop-self + neighbor 172.16.0.14 update-source Loopback256 + neighbor 172.16.0.14 description ty2-dz01-ipv4 + neighbor 172.16.0.14 send-community + no neighbor 172.16.0.11 + neighbor 172.16.0.11 remote-as 65342 + neighbor 172.16.0.11 next-hop-self + neighbor 172.16.0.11 update-source Loopback256 + neighbor 172.16.0.11 description ld4-dz01-ipv4 + neighbor 172.16.0.11 send-community + no neighbor 172.16.0.10 + neighbor 172.16.0.10 remote-as 65342 + neighbor 172.16.0.10 next-hop-self + neighbor 172.16.0.10 update-source Loopback256 + neighbor 172.16.0.10 description la2-dz01-ipv4 + neighbor 172.16.0.10 send-community + no neighbor 172.16.0.13 + neighbor 172.16.0.13 remote-as 65342 + neighbor 172.16.0.13 next-hop-self + neighbor 172.16.0.13 update-source Loopback256 + neighbor 172.16.0.13 description sg1-dz01-ipv4 + neighbor 172.16.0.13 send-community + no neighbor 172.16.0.16 + neighbor 172.16.0.16 remote-as 65342 + neighbor 172.16.0.16 next-hop-self + neighbor 172.16.0.16 update-source Loopback256 + neighbor 172.16.0.16 description ams-dz001-ipv4 + neighbor 172.16.0.16 send-community + no neighbor 172.16.0.12 + neighbor 172.16.0.12 remote-as 65342 + neighbor 172.16.0.12 next-hop-self + neighbor 172.16.0.12 update-source Loopback256 + neighbor 172.16.0.12 description frk-dz01-ipv4 + neighbor 172.16.0.12 send-community + no neighbor 172.16.0.15 + neighbor 172.16.0.15 remote-as 65342 + neighbor 172.16.0.15 next-hop-self + neighbor 172.16.0.15 update-source Loopback256 + neighbor 172.16.0.15 description pit-dzd01-ipv4 + neighbor 172.16.0.15 send-community + no neighbor 172.16.0.6 + neighbor 172.16.0.6 remote-as 65342 + neighbor 172.16.0.6 next-hop-self + neighbor 172.16.0.6 update-source Loopback255 + neighbor 172.16.0.6 description ty2-dz01-vpnv4 + neighbor 172.16.0.6 send-community + no neighbor 172.16.0.3 + neighbor 172.16.0.3 remote-as 65342 + neighbor 172.16.0.3 next-hop-self + neighbor 172.16.0.3 update-source Loopback255 + neighbor 172.16.0.3 description ld4-dz01-vpnv4 + neighbor 172.16.0.3 send-community + no neighbor 172.16.0.2 + neighbor 172.16.0.2 remote-as 65342 + neighbor 172.16.0.2 next-hop-self + neighbor 172.16.0.2 update-source Loopback255 + neighbor 172.16.0.2 description la2-dz01-vpnv4 + neighbor 172.16.0.2 send-community + no neighbor 172.16.0.5 + neighbor 172.16.0.5 remote-as 65342 + neighbor 172.16.0.5 next-hop-self + neighbor 172.16.0.5 update-source Loopback255 + neighbor 172.16.0.5 description sg1-dz01-vpnv4 + neighbor 172.16.0.5 send-community + no neighbor 172.16.0.8 + neighbor 172.16.0.8 remote-as 65342 + neighbor 172.16.0.8 next-hop-self + neighbor 172.16.0.8 update-source Loopback255 + neighbor 172.16.0.8 description ams-dz001-vpnv4 + neighbor 172.16.0.8 send-community + no neighbor 172.16.0.4 + neighbor 172.16.0.4 remote-as 65342 + neighbor 172.16.0.4 next-hop-self + neighbor 172.16.0.4 update-source Loopback255 + neighbor 172.16.0.4 description frk-dz01-vpnv4 + neighbor 172.16.0.4 send-community + no neighbor 172.16.0.7 + neighbor 172.16.0.7 remote-as 65342 + neighbor 172.16.0.7 next-hop-self + neighbor 172.16.0.7 update-source Loopback255 + neighbor 172.16.0.7 description pit-dzd01-vpnv4 + neighbor 172.16.0.7 send-community no neighbor 169.254.0.1 neighbor 169.254.0.1 remote-as 65000 neighbor 169.254.0.1 passive @@ -197,6 +282,29 @@ router bgp 65342 neighbor 169.254.0.1 maximum-accepted-routes 1 address-family ipv4 neighbor 169.254.0.1 activate + neighbor 172.16.0.14 activate + neighbor 172.16.0.11 activate + neighbor 172.16.0.10 activate + neighbor 172.16.0.13 activate + neighbor 172.16.0.16 activate + neighbor 172.16.0.12 activate + neighbor 172.16.0.15 activate + no neighbor 172.16.0.6 activate + no neighbor 172.16.0.3 activate + no neighbor 172.16.0.2 activate + no neighbor 172.16.0.5 activate + no neighbor 172.16.0.8 activate + no neighbor 172.16.0.4 activate + no neighbor 172.16.0.7 activate + ! + address-family vpn-ipv4 + neighbor 172.16.0.6 activate + neighbor 172.16.0.3 activate + neighbor 172.16.0.2 activate + neighbor 172.16.0.5 activate + neighbor 172.16.0.8 activate + neighbor 172.16.0.4 activate + neighbor 172.16.0.7 activate ! vrf vrf1 rd 65342:1 @@ -684,3 +792,33 @@ ip access-list SEC-USER-SUB-MCAST-IN permit ip any 224.0.0.13/32 deny ip any any ! +no router msdp +router msdp + peer 172.16.0.14 + mesh-group DZ-1 + local-interface Loopback256 + description ty2-dz01 + peer 172.16.0.11 + mesh-group DZ-1 + local-interface Loopback256 + description ld4-dz01 + peer 172.16.0.10 + mesh-group DZ-1 + local-interface Loopback256 + description la2-dz01 + peer 172.16.0.13 + mesh-group DZ-1 + local-interface Loopback256 + description sg1-dz01 + peer 172.16.0.16 + mesh-group DZ-1 + local-interface Loopback256 + description ams-dz001 + peer 172.16.0.12 + mesh-group DZ-1 + local-interface Loopback256 + description frk-dz01 + peer 172.16.0.15 + mesh-group DZ-1 + local-interface Loopback256 + description pit-dzd01 diff --git a/e2e/fixtures/multicast_subscriber/doublezero_agent_config_user_removed.tmpl b/e2e/fixtures/multicast_subscriber/doublezero_agent_config_user_removed.tmpl index ba3f55ceb..ae7598fca 100644 --- a/e2e/fixtures/multicast_subscriber/doublezero_agent_config_user_removed.tmpl +++ b/e2e/fixtures/multicast_subscriber/doublezero_agent_config_user_removed.tmpl @@ -174,7 +174,115 @@ default interface Tunnel562 default interface Tunnel563 ! router bgp 65342 + router-id 172.16.0.1 + no neighbor 172.16.0.14 + neighbor 172.16.0.14 remote-as 65342 + neighbor 172.16.0.14 next-hop-self + neighbor 172.16.0.14 update-source Loopback256 + neighbor 172.16.0.14 description ty2-dz01-ipv4 + neighbor 172.16.0.14 send-community + no neighbor 172.16.0.11 + neighbor 172.16.0.11 remote-as 65342 + neighbor 172.16.0.11 next-hop-self + neighbor 172.16.0.11 update-source Loopback256 + neighbor 172.16.0.11 description ld4-dz01-ipv4 + neighbor 172.16.0.11 send-community + no neighbor 172.16.0.10 + neighbor 172.16.0.10 remote-as 65342 + neighbor 172.16.0.10 next-hop-self + neighbor 172.16.0.10 update-source Loopback256 + neighbor 172.16.0.10 description la2-dz01-ipv4 + neighbor 172.16.0.10 send-community + no neighbor 172.16.0.13 + neighbor 172.16.0.13 remote-as 65342 + neighbor 172.16.0.13 next-hop-self + neighbor 172.16.0.13 update-source Loopback256 + neighbor 172.16.0.13 description sg1-dz01-ipv4 + neighbor 172.16.0.13 send-community + no neighbor 172.16.0.16 + neighbor 172.16.0.16 remote-as 65342 + neighbor 172.16.0.16 next-hop-self + neighbor 172.16.0.16 update-source Loopback256 + neighbor 172.16.0.16 description ams-dz001-ipv4 + neighbor 172.16.0.16 send-community + no neighbor 172.16.0.12 + neighbor 172.16.0.12 remote-as 65342 + neighbor 172.16.0.12 next-hop-self + neighbor 172.16.0.12 update-source Loopback256 + neighbor 172.16.0.12 description frk-dz01-ipv4 + neighbor 172.16.0.12 send-community + no neighbor 172.16.0.15 + neighbor 172.16.0.15 remote-as 65342 + neighbor 172.16.0.15 next-hop-self + neighbor 172.16.0.15 update-source Loopback256 + neighbor 172.16.0.15 description pit-dzd01-ipv4 + neighbor 172.16.0.15 send-community + no neighbor 172.16.0.6 + neighbor 172.16.0.6 remote-as 65342 + neighbor 172.16.0.6 next-hop-self + neighbor 172.16.0.6 update-source Loopback255 + neighbor 172.16.0.6 description ty2-dz01-vpnv4 + neighbor 172.16.0.6 send-community + no neighbor 172.16.0.3 + neighbor 172.16.0.3 remote-as 65342 + neighbor 172.16.0.3 next-hop-self + neighbor 172.16.0.3 update-source Loopback255 + neighbor 172.16.0.3 description ld4-dz01-vpnv4 + neighbor 172.16.0.3 send-community + no neighbor 172.16.0.2 + neighbor 172.16.0.2 remote-as 65342 + neighbor 172.16.0.2 next-hop-self + neighbor 172.16.0.2 update-source Loopback255 + neighbor 172.16.0.2 description la2-dz01-vpnv4 + neighbor 172.16.0.2 send-community + no neighbor 172.16.0.5 + neighbor 172.16.0.5 remote-as 65342 + neighbor 172.16.0.5 next-hop-self + neighbor 172.16.0.5 update-source Loopback255 + neighbor 172.16.0.5 description sg1-dz01-vpnv4 + neighbor 172.16.0.5 send-community + no neighbor 172.16.0.8 + neighbor 172.16.0.8 remote-as 65342 + neighbor 172.16.0.8 next-hop-self + neighbor 172.16.0.8 update-source Loopback255 + neighbor 172.16.0.8 description ams-dz001-vpnv4 + neighbor 172.16.0.8 send-community + no neighbor 172.16.0.4 + neighbor 172.16.0.4 remote-as 65342 + neighbor 172.16.0.4 next-hop-self + neighbor 172.16.0.4 update-source Loopback255 + neighbor 172.16.0.4 description frk-dz01-vpnv4 + neighbor 172.16.0.4 send-community + no neighbor 172.16.0.7 + neighbor 172.16.0.7 remote-as 65342 + neighbor 172.16.0.7 next-hop-self + neighbor 172.16.0.7 update-source Loopback255 + neighbor 172.16.0.7 description pit-dzd01-vpnv4 + neighbor 172.16.0.7 send-community address-family ipv4 + neighbor 172.16.0.14 activate + neighbor 172.16.0.11 activate + neighbor 172.16.0.10 activate + neighbor 172.16.0.13 activate + neighbor 172.16.0.16 activate + neighbor 172.16.0.12 activate + neighbor 172.16.0.15 activate + no neighbor 172.16.0.6 activate + no neighbor 172.16.0.3 activate + no neighbor 172.16.0.2 activate + no neighbor 172.16.0.5 activate + no neighbor 172.16.0.8 activate + no neighbor 172.16.0.4 activate + no neighbor 172.16.0.7 activate + ! + address-family vpn-ipv4 + neighbor 172.16.0.6 activate + neighbor 172.16.0.3 activate + neighbor 172.16.0.2 activate + neighbor 172.16.0.5 activate + neighbor 172.16.0.8 activate + neighbor 172.16.0.4 activate + neighbor 172.16.0.7 activate ! vrf vrf1 rd 65342:1 @@ -650,3 +758,33 @@ ip access-list SEC-USER-SUB-MCAST-IN permit ip any 224.0.0.13/32 deny ip any any ! +no router msdp +router msdp + peer 172.16.0.14 + mesh-group DZ-1 + local-interface Loopback256 + description ty2-dz01 + peer 172.16.0.11 + mesh-group DZ-1 + local-interface Loopback256 + description ld4-dz01 + peer 172.16.0.10 + mesh-group DZ-1 + local-interface Loopback256 + description la2-dz01 + peer 172.16.0.13 + mesh-group DZ-1 + local-interface Loopback256 + description sg1-dz01 + peer 172.16.0.16 + mesh-group DZ-1 + local-interface Loopback256 + description ams-dz001 + peer 172.16.0.12 + mesh-group DZ-1 + local-interface Loopback256 + description frk-dz01 + peer 172.16.0.15 + mesh-group DZ-1 + local-interface Loopback256 + description pit-dzd01 diff --git a/e2e/ibrl_test.go b/e2e/ibrl_test.go index e77557b30..fcb4e51f4 100644 --- a/e2e/ibrl_test.go +++ b/e2e/ibrl_test.go @@ -51,7 +51,7 @@ func checkIBRLPostConnect(t *testing.T, dn *TestDevnet, device *devnet.Device, c t.Run("check_post_connect", func(t *testing.T) { dn.log.Info("==> Checking IBRL post-connect requirements") - if !t.Run("wait_for_agent_config_from_controller", func(t *testing.T) { + if !t.Run("wait_for_agent_config_from_controller_post_connect", func(t *testing.T) { config, err := fixtures.Render("fixtures/ibrl/doublezero_agent_config_user_added.tmpl", map[string]string{ "ClientIP": client.CYOANetworkIP, "DeviceIP": device.CYOANetworkIP, @@ -228,7 +228,7 @@ func checkIBRLPostDisconnect(t *testing.T, dn *TestDevnet, device *devnet.Device t.Run("check_post_disconnect", func(t *testing.T) { dn.log.Info("==> Checking IBRL post-disconnect requirements") - if !t.Run("wait_for_agent_config_from_controller", func(t *testing.T) { + if !t.Run("wait_for_agent_config_from_controller_post_disconnect", func(t *testing.T) { config, err := fixtures.Render("fixtures/ibrl/doublezero_agent_config_user_removed.tmpl", map[string]string{ "DeviceIP": device.CYOANetworkIP, }) diff --git a/e2e/internal/devnet/device/startup-config.tmpl b/e2e/internal/devnet/device/startup-config.tmpl index 5bfab9a10..bff6749fe 100644 --- a/e2e/internal/devnet/device/startup-config.tmpl +++ b/e2e/internal/devnet/device/startup-config.tmpl @@ -54,7 +54,7 @@ management api gnmi vrf management {{- end }} ! -ip access-list MAIN-CONTROL-PLANE-ACL-MGMT +ip access-list MAIN-CONTROL-PLANE-ACL counters per-entry 10 permit icmp any any 20 permit ip any any tracked @@ -83,14 +83,16 @@ ip access-list MAIN-CONTROL-PLANE-ACL-MGMT 250 permit udp any any eq 8503 260 permit udp any any eq lsp-ping 270 permit udp any eq lsp-ping any - + 280 remark Permit TWAMP (UDP 862) + 290 permit udp any any eq 862 {{- if .TelemetryMetricsEnable }} 990 remark Permit doublezero-telemetry prometheus metrics (TCP {{ .TelemetryMetricsPort }}) 999 permit tcp any any eq {{ .TelemetryMetricsPort }} {{- end }} ! system control-plane - ip access-group MAIN-CONTROL-PLANE-ACL-MGMT vrf management in + ip access-group MAIN-CONTROL-PLANE-ACL vrf management in + ip access-group MAIN-CONTROL-PLANE-ACL in ! no service interface inactive port-id allocation disabled ! diff --git a/e2e/internal/devnet/devnet.go b/e2e/internal/devnet/devnet.go index 524135e7e..38d71e83c 100644 --- a/e2e/internal/devnet/devnet.go +++ b/e2e/internal/devnet/devnet.go @@ -801,6 +801,19 @@ func generateKeypairIfNotExists(keypairPath string) (bool, error) { return false, nil } +func (d *Devnet) CreateDeviceLoopbackInterface(ctx context.Context, deviceCode string, interfaceName string, loopbackType string) error { + d.log.Info("==> Creating loopback interface for device", "code", deviceCode) + d.onchainWriteMutex.Lock() + defer d.onchainWriteMutex.Unlock() + + _, err := d.Manager.Exec(ctx, []string{"doublezero", "device", "interface", "create", deviceCode, interfaceName, "loopback", "--loopback-type", loopbackType}) + if err != nil { + return fmt.Errorf("failed to create loopback interface %s of type %s for device %s: %w", interfaceName, loopbackType, deviceCode, err) + } + + return nil +} + func (d *Devnet) waitForContainerPortExposed(ctx context.Context, containerID string, port int, timeout time.Duration) (int, error) { loggedWait := false attempts := 0 diff --git a/e2e/main_test.go b/e2e/main_test.go index 0cd345ae1..39d1805b6 100644 --- a/e2e/main_test.go +++ b/e2e/main_test.go @@ -173,7 +173,6 @@ func (dn *TestDevnet) Start(t *testing.T) (*devnet.Device, *devnet.Client) { doublezero device list echo "==> Populate device interface information onchain" - # TODO: When the controller supports dzd metadata, this will have to be updated to reflect actual interfaces doublezero device interface create ny5-dz01 "Switch1/1/1" physical doublezero device interface create la2-dz01 "Switch1/1/1" physical doublezero device interface create ld4-dz01 "Switch1/1/1" physical @@ -183,6 +182,24 @@ func (dn *TestDevnet) Start(t *testing.T) (*devnet.Device, *devnet.Client) { doublezero device interface create pit-dzd01 "Switch1/1/1" physical doublezero device interface create ams-dz001 "Switch1/1/1" physical + doublezero device interface create ny5-dz01 "Loopback255" loopback --loopback-type vpnv4 + doublezero device interface create la2-dz01 "Loopback255" loopback --loopback-type vpnv4 + doublezero device interface create ld4-dz01 "Loopback255" loopback --loopback-type vpnv4 + doublezero device interface create frk-dz01 "Loopback255" loopback --loopback-type vpnv4 + doublezero device interface create sg1-dz01 "Loopback255" loopback --loopback-type vpnv4 + doublezero device interface create ty2-dz01 "Loopback255" loopback --loopback-type vpnv4 + doublezero device interface create pit-dzd01 "Loopback255" loopback --loopback-type vpnv4 + doublezero device interface create ams-dz001 "Loopback255" loopback --loopback-type vpnv4 + + doublezero device interface create ny5-dz01 "Loopback256" loopback --loopback-type ipv4 + doublezero device interface create la2-dz01 "Loopback256" loopback --loopback-type ipv4 + doublezero device interface create ld4-dz01 "Loopback256" loopback --loopback-type ipv4 + doublezero device interface create frk-dz01 "Loopback256" loopback --loopback-type ipv4 + doublezero device interface create sg1-dz01 "Loopback256" loopback --loopback-type ipv4 + doublezero device interface create ty2-dz01 "Loopback256" loopback --loopback-type ipv4 + doublezero device interface create pit-dzd01 "Loopback256" loopback --loopback-type ipv4 + doublezero device interface create ams-dz001 "Loopback256" loopback --loopback-type ipv4 + echo "==> Populate link information onchain" doublezero link create wan --code "la2-dz01:ny5-dz01" --contributor co01 --side-a la2-dz01 --side-a-interface Switch1/1/1 --side-z ny5-dz01 --side-z-interface Switch1/1/1 --bandwidth "10 Gbps" --mtu 9000 --delay-ms 40 --jitter-ms 3 doublezero link create wan --code "ny5-dz01:ld4-dz01" --contributor co01 --side-a ny5-dz01 --side-a-interface Switch1/1/1 --side-z ld4-dz01 --side-z-interface Switch1/1/1 --bandwidth "10 Gbps" --mtu 9000 --delay-ms 30 --jitter-ms 3 diff --git a/e2e/multi_client_test.go b/e2e/multi_client_test.go index 4cf1854e8..7331682e8 100644 --- a/e2e/multi_client_test.go +++ b/e2e/multi_client_test.go @@ -56,6 +56,12 @@ func TestE2E_MultiClient(t *testing.T) { devicePK := device.ID log.Info("--> Device added", "deviceCode", deviceCode, "devicePK", devicePK) + err = dn.CreateDeviceLoopbackInterface(t.Context(), deviceCode, "Loopback255", "vpnv4") + require.NoError(t, err, "failed to create VPNv4 loopback interface for device %s: %w", deviceCode, err) + + err = dn.CreateDeviceLoopbackInterface(t.Context(), deviceCode, "Loopback256", "ipv4") + require.NoError(t, err, "failed to create IPv4 loopback interface for device %s: %w", deviceCode, err) + // Wait for device to exist onchain. log.Info("==> Waiting for device to exist onchain") serviceabilityClient, err := dn.Ledger.GetServiceabilityClient() diff --git a/e2e/sdk_device_telemetry_test.go b/e2e/sdk_device_telemetry_test.go index d735a1933..0a89c1335 100644 --- a/e2e/sdk_device_telemetry_test.go +++ b/e2e/sdk_device_telemetry_test.go @@ -62,12 +62,21 @@ func TestE2E_SDK_Telemetry_DeviceLatencySamples(t *testing.T) { doublezero device create --code ld4-dz01 --contributor co01 --location lhr --exchange xlhr --public-ip "195.219.120.72" --dz-prefixes "195.219.120.72/29" --mgmt-vrf mgmt doublezero device create --code frk-dz01 --contributor co01 --location fra --exchange xfra --public-ip "195.219.220.88" --dz-prefixes "195.219.220.88/29" --mgmt-vrf mgmt - # TODO: When the controller supports dzd metadata, this will have to be updated to reflect actual interfaces doublezero device interface create la2-dz01 "Switch1/1/1" physical doublezero device interface create ny5-dz01 "Switch1/1/1" physical doublezero device interface create ld4-dz01 "Switch1/1/1" physical doublezero device interface create frk-dz01 "Switch1/1/1" physical + doublezero device interface create la2-dz01 "Loopback255" loopback --loopback-type vpnv4 + doublezero device interface create ny5-dz01 "Loopback255" loopback --loopback-type vpnv4 + doublezero device interface create ld4-dz01 "Loopback255" loopback --loopback-type vpnv4 + doublezero device interface create frk-dz01 "Loopback255" loopback --loopback-type vpnv4 + + doublezero device interface create la2-dz01 "Loopback256" loopback --loopback-type ipv4 + doublezero device interface create ny5-dz01 "Loopback256" loopback --loopback-type ipv4 + doublezero device interface create ld4-dz01 "Loopback256" loopback --loopback-type ipv4 + doublezero device interface create frk-dz01 "Loopback256" loopback --loopback-type ipv4 + doublezero link create wan --code "la2-dz01:ny5-dz01" --contributor co01 --side-a la2-dz01 --side-a-interface Switch1/1/1 --side-z ny5-dz01 --side-z-interface Switch1/1/1 --bandwidth "10 Gbps" --mtu 9000 --delay-ms 40 --jitter-ms 3 doublezero link create wan --code "ny5-dz01:ld4-dz01" --contributor co01 --side-a ny5-dz01 --side-a-interface Switch1/1/1 --side-z ld4-dz01 --side-z-interface Switch1/1/1 --bandwidth "10 Gbps" --mtu 9000 --delay-ms 30 --jitter-ms 3 doublezero link create wan --code "ld4-dz01:frk-dz01" --contributor co01 --side-a ld4-dz01 --side-a-interface Switch1/1/1 --side-z frk-dz01 --side-z-interface Switch1/1/1 --bandwidth "10 Gbps" --mtu 9000 --delay-ms 25 --jitter-ms 10