xref: /linux/tools/testing/selftests/net/test_vxlan_under_vrf.sh (revision 32d7e03d26fd93187c87ed0fbf59ec7023a61404)
1#!/bin/bash
2# SPDX-License-Identifier: GPL-2.0
3
4# This test is for checking VXLAN underlay in a non-default VRF.
5#
6# It simulates two hypervisors running a VM each using four network namespaces:
7# two for the HVs, two for the VMs.
8# A small VXLAN tunnel is made between the two hypervisors to have the two vms
9# in the same virtual L2:
10#
11# +-------------------+                                    +-------------------+
12# |                   |                                    |                   |
13# |    vm-1 netns     |                                    |    vm-2 netns     |
14# |                   |                                    |                   |
15# |  +-------------+  |                                    |  +-------------+  |
16# |  |   veth-hv   |  |                                    |  |   veth-hv   |  |
17# |  | 10.0.0.1/24 |  |                                    |  | 10.0.0.2/24 |  |
18# |  +-------------+  |                                    |  +-------------+  |
19# |        .          |                                    |         .         |
20# +-------------------+                                    +-------------------+
21#          .                                                         .
22#          .                                                         .
23#          .                                                         .
24# +-----------------------------------+   +------------------------------------+
25# |        .                          |   |                          .         |
26# |  +----------+                     |   |                     +----------+   |
27# |  | veth-tap |                     |   |                     | veth-tap |   |
28# |  +----+-----+                     |   |                     +----+-----+   |
29# |       |                           |   |                          |         |
30# |    +--+--+      +--------------+  |   |  +--------------+     +--+--+      |
31# |    | br0 |      | vrf-underlay |  |   |  | vrf-underlay |     | br0 |      |
32# |    +--+--+      +-------+------+  |   |  +------+-------+     +--+--+      |
33# |       |                 |         |   |         |                |         |
34# |   +---+----+    +-------+-------+ |   | +-------+-------+    +---+----+    |
35# |   | vxlan0 |....|     veth0     |.|...|.|     veth0     |....| vxlan0 |    |
36# |   +--------+    | 172.16.0.1/24 | |   | | 172.16.0.2/24 |    +--------+    |
37# |                 +---------------+ |   | +---------------+                  |
38# |                                   |   |                                    |
39# |             hv-1 netns            |   |           hv-2 netns               |
40# |                                   |   |                                    |
41# +-----------------------------------+   +------------------------------------+
42#
43# This tests both the connectivity between vm-1 and vm-2, and that the underlay
44# can be moved in and out of the vrf by unsetting and setting veth0's master.
45
46set -e
47
48cleanup() {
49    ip link del veth-hv-1 2>/dev/null || true
50    ip link del veth-tap 2>/dev/null || true
51
52    for ns in hv-1 hv-2 vm-1 vm-2; do
53        ip netns del $ns 2>/dev/null || true
54    done
55}
56
57# Clean start
58cleanup &> /dev/null
59
60[[ $1 == "clean" ]] && exit 0
61
62trap cleanup EXIT
63
64# Setup "Hypervisors" simulated with netns
65ip link add veth-hv-1 type veth peer name veth-hv-2
66setup-hv-networking() {
67    hv=$1
68
69    ip netns add hv-$hv
70    ip link set veth-hv-$hv netns hv-$hv
71    ip -netns hv-$hv link set veth-hv-$hv name veth0
72
73    ip -netns hv-$hv link add vrf-underlay type vrf table 1
74    ip -netns hv-$hv link set vrf-underlay up
75    ip -netns hv-$hv addr add 172.16.0.$hv/24 dev veth0
76    ip -netns hv-$hv link set veth0 up
77
78    ip -netns hv-$hv link add br0 type bridge
79    ip -netns hv-$hv link set br0 up
80
81    ip -netns hv-$hv link add vxlan0 type vxlan id 10 local 172.16.0.$hv dev veth0 dstport 4789
82    ip -netns hv-$hv link set vxlan0 master br0
83    ip -netns hv-$hv link set vxlan0 up
84}
85setup-hv-networking 1
86setup-hv-networking 2
87
88# Check connectivity between HVs by pinging hv-2 from hv-1
89echo -n "Checking HV connectivity                                           "
90ip netns exec hv-1 ping -c 1 -W 1 172.16.0.2 &> /dev/null || (echo "[FAIL]"; false)
91echo "[ OK ]"
92
93# Setups a "VM" simulated by a netns an a veth pair
94setup-vm() {
95    id=$1
96
97    ip netns add vm-$id
98    ip link add veth-tap type veth peer name veth-hv
99
100    ip link set veth-tap netns hv-$id
101    ip -netns hv-$id link set veth-tap master br0
102    ip -netns hv-$id link set veth-tap up
103
104    ip link set veth-hv address 02:1d:8d:dd:0c:6$id
105
106    ip link set veth-hv netns vm-$id
107    ip -netns vm-$id addr add 10.0.0.$id/24 dev veth-hv
108    ip -netns vm-$id link set veth-hv up
109}
110setup-vm 1
111setup-vm 2
112
113# Setup VTEP routes to make ARP work
114bridge -netns hv-1 fdb add 00:00:00:00:00:00 dev vxlan0 dst 172.16.0.2 self permanent
115bridge -netns hv-2 fdb add 00:00:00:00:00:00 dev vxlan0 dst 172.16.0.1 self permanent
116
117echo -n "Check VM connectivity through VXLAN (underlay in the default VRF)  "
118ip netns exec vm-1 ping -c 1 -W 1 10.0.0.2 &> /dev/null || (echo "[FAIL]"; false)
119echo "[ OK ]"
120
121# Move the underlay to a non-default VRF
122ip -netns hv-1 link set veth0 vrf vrf-underlay
123ip -netns hv-1 link set veth0 down
124ip -netns hv-1 link set veth0 up
125ip -netns hv-2 link set veth0 vrf vrf-underlay
126ip -netns hv-2 link set veth0 down
127ip -netns hv-2 link set veth0 up
128
129echo -n "Check VM connectivity through VXLAN (underlay in a VRF)            "
130ip netns exec vm-1 ping -c 1 -W 1 10.0.0.2 &> /dev/null || (echo "[FAIL]"; false)
131echo "[ OK ]"
132