Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add script for testing BGP allow list (#2572)
What is the motivation for this PR? The BGP allow list feature was introduced in SONiC. This PR is to add a script for testing the BGP allow list feature. How did you do it? Add a new script for testing BGP allow list. Covered scenarios: * Ensure that constants.bgp.allow_list.default_action is "permit". No BGP allow list is configured. * Announce routes with and without test community '1010:1010' to the first T0 VM by exabgp. * Check routes on the first T0 VM. All the routes should be successfully injected. * Check routes on DUT. All the routes should be accepted by DUT. * Check routes on other T0 and T2 VMs. All the routes should be advertised by DUT. The drop_community defined in * /etc/sonic/constants.yml should be added to all routes. The original community of routes should be kept. * Ensure that constants.bgp.allow_list.default_action is "permit". BGP allow list is configured. * Announce routes with and without test community '1010:1010' to the first T0 VM by exabgp. * Check routes on the first T0 VM. All the routes should be successfully injected. * Check routes on DUT. All the routes should be accepted by DUT. * Check routes on other T0 and T2 VMs. All the routes should be advertised by DUT. The drop_community should only be * added to routes not on allow list. The original community of routes should be kept. * Ensure that constants.bgp.allow_list.default_action is "deny". No BGP allow list is configured. * Announce routes with and without test community '1010:1010' to the first T0 VM by exabgp. * Check routes on the first T0 VM. All the routes should be successfully injected. * Check routes on DUT. All the routes should be accepted by DUT. * Check routes on other T0 and T2 VMs. No routes should be advertised by DUT. * Ensure that constants.bgp.allow_list.default_action is "deny". BGP allow list is configured. * Announce routes with and without test community '1010:1010' to the first T0 VM by exabgp. * Check routes on the first T0 VM. All the routes should be successfully injected. * Check routes on DUT. All the routes should be accepted by DUT. * Check routes on other T0 and T2 VMs. Only the routes on allow list should be advertised by DUT. No drop_community should be added to advertised routes. The original community of routes should be kept. Relevant change: sonic-net/sonic-buildimage#5309 How did you verify/test it? Run the test script using latest master image. Currently some test cases can't pass because of issue: sonic-net/sonic-buildimage#6001 If add `on-match next` to /usr/share/sonic/templates/bgpd/templates/general/policies.conf.j2 and restart bgp service, then all the cases can pass: ``` route-map FROM_BGP_PEER_V6 permit 1 on-match next set ipv6 next-hop prefer-global ``` Any platform specific information? No Supported testbed topology if it's a new test case? This test only supports topology type t1. Signed-off-by: Xin Wang <xiwang5@microsoft.com>
- Loading branch information
