[lxc-devel] [lxc-ci/master] Network: Adds OVN routed ingress mode tests

tomponline on Github Wed, 09 Dec 2020 03:43:48 -0800

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxc-ci/pull/210


This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
Depends on https://github.com/lxc/lxd/pull/8226

From 5f02b017fdb125fe27992f6808c021e2ab7ae896 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parr...@canonical.com>
Date: Wed, 9 Dec 2020 10:53:08 +0000
Subject: [PATCH 1/4] bin/test-lxd-ovn: Adds external routes allowed check

Signed-off-by: Thomas Parrott <thomas.parr...@canonical.com>
---
 bin/test-lxd-ovn | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/bin/test-lxd-ovn b/bin/test-lxd-ovn
index f011144..d16729d 100755
--- a/bin/test-lxd-ovn
+++ b/bin/test-lxd-ovn
@@ -177,9 +177,13 @@ lxc network set ovn-virtual-network --project testovn \
     ipv4.nat=true \
     ipv6.nat=true
 
-# Check external routes are ensured to be within uplink's external routes.
+# Check external routes are not too big (when using l2proxy uplink ingress 
mode).
 ! lxc config device set u1 eth0 ipv4.routes.external=198.51.100.0/24 --project 
testovn || false
 ! lxc config device set u1 eth0 ipv6.routes.external=2001:db8:1:2::/64 
--project testovn || false
+
+# Check external routes are ensured to be within uplink's external routes.
+! lxc config device set u1 eth0 ipv4.routes.external=203.0.113.0/26 --project 
testovn || false
+! lxc config device set u1 eth0 ipv6.routes.external=2001:db8:2:2::/122  
--project testovn || false
 lxc config device set u1 eth0 ipv4.routes.external=198.51.100.0/26 --project 
testovn
 lxc config device set u1 eth0 ipv6.routes.external=2001:db8:1:2::/122 
--project testovn
 

From 32ad6cdfae2edfb7875bd9f84448ff3d576fe13d Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parr...@canonical.com>
Date: Wed, 9 Dec 2020 11:09:41 +0000
Subject: [PATCH 2/4] bin/test-lxd-ovn: Typo

Signed-off-by: Thomas Parrott <thomas.parr...@canonical.com>
---
 bin/test-lxd-ovn | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bin/test-lxd-ovn b/bin/test-lxd-ovn
index d16729d..0a50dca 100755
--- a/bin/test-lxd-ovn
+++ b/bin/test-lxd-ovn
@@ -132,7 +132,7 @@ lxc network create ovn-virtual-network network=lxdbr0 
--project testovn
 lxc network delete ovn-virtual-network --project testovn
 lxc network delete lxdbr1 --project default
 
-# Test physical uplink with external IPs
+# Test physical uplink with external IPs.
 ip link add dummy0 type dummy
 lxc network create dummy --type=physical --project default \
     parent=dummy0 \

From 043d77f45a43b6017f36efb0fc9e70c14648aba9 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parr...@canonical.com>
Date: Wed, 9 Dec 2020 11:09:55 +0000
Subject: [PATCH 3/4] bin/test-lxd-ovn: Add NAT rule cleanup checks

Signed-off-by: Thomas Parrott <thomas.parr...@canonical.com>
---
 bin/test-lxd-ovn | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/bin/test-lxd-ovn b/bin/test-lxd-ovn
index 0a50dca..18f2d33 100755
--- a/bin/test-lxd-ovn
+++ b/bin/test-lxd-ovn
@@ -160,6 +160,10 @@ lxc network create ovn-virtual-network --type=ovn 
--project testovn network=dumm
 
 lxc init images:ubuntu/20.04 u1 --project testovn
 lxc config device add u1 eth0 nic network=ovn-virtual-network name=eth0 
--project testovn
+
+# Record NAT rules count before u1 started.
+natRulesBefore=$(ovn-nbctl --bare --format=csv 
--column=external_ip,logical_ip,type find nat | wc -l)
+
 lxc start u1 --project testovn
 
 # Test external IPs allocated and published using dnat.
@@ -170,6 +174,13 @@ ovn-nbctl --bare --format=csv 
--column=external_ip,logical_ip,type find nat | gr
 ovn-nbctl --bare --format=csv --column=external_ip,logical_ip,type find nat | 
grep "${U1_EXT_IPV6},${U1_EXT_IPV6},dnat_and_snat"
 lxc stop -f u1 --project testovn
 
+# Check NAT rules got cleaned up.
+natRulesAfter=$(ovn-nbctl --bare --format=csv 
--column=external_ip,logical_ip,type find nat | wc -l)
+if [ "$natRulesBefore" -ne "$natRulesAfter" ]; then
+    echo "NAT rules left over. Started with ${natRulesBefore} now have 
${natRulesAfter}"
+    false
+fi
+
 # Test external IPs routed to OVN NIC.
 lxc network set ovn-virtual-network --project testovn \
     ipv4.address=auto \
@@ -177,6 +188,9 @@ lxc network set ovn-virtual-network --project testovn \
     ipv4.nat=true \
     ipv6.nat=true
 
+# Record NAT rules count before u1 started again.
+natRulesBefore=$(ovn-nbctl --bare --format=csv 
--column=external_ip,logical_ip,type find nat | wc -l)
+
 # Check external routes are not too big (when using l2proxy uplink ingress 
mode).
 ! lxc config device set u1 eth0 ipv4.routes.external=198.51.100.0/24 --project 
testovn || false
 ! lxc config device set u1 eth0 ipv6.routes.external=2001:db8:1:2::/64 
--project testovn || false
@@ -204,6 +218,14 @@ ovn-nbctl --bare --format=csv 
--column=external_ip,logical_ip,type find nat | gr
 ovn-nbctl --bare --format=csv --column=external_ip,logical_ip,type find nat | 
wc -l | grep 132
 
 lxc delete -f u1 --project testovn
+
+# Check NAT rules got cleaned up.
+natRulesAfter=$(ovn-nbctl --bare --format=csv 
--column=external_ip,logical_ip,type find nat | wc -l)
+if [ "$natRulesBefore" -ne "$natRulesAfter" ]; then
+    echo "NAT rules left over. Started with ${natRulesBefore} now have 
${natRulesAfter}"
+    false
+fi
+
 lxc network delete ovn-virtual-network --project testovn
 lxc image delete "${FINGERPRINT}" --project testovn
 lxc project delete testovn

From dd8891ece1159825610056cca91d890bef261294 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parr...@canonical.com>
Date: Wed, 9 Dec 2020 11:42:43 +0000
Subject: [PATCH 4/4] bin/test-lxd-ovn: Adds check that DNAT rules don't
 created when using routed ingress mode

Signed-off-by: Thomas Parrott <thomas.parr...@canonical.com>
---
 bin/test-lxd-ovn | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/bin/test-lxd-ovn b/bin/test-lxd-ovn
index 18f2d33..f5cbc92 100755
--- a/bin/test-lxd-ovn
+++ b/bin/test-lxd-ovn
@@ -217,7 +217,7 @@ ovn-nbctl --bare --format=csv 
--column=external_ip,logical_ip,type find nat | gr
 ovn-nbctl --bare --format=csv --column=external_ip,logical_ip,type find nat | 
grep "2001:db8:1:2::3f,2001:db8:1:2::3f,dnat_and_snat"
 ovn-nbctl --bare --format=csv --column=external_ip,logical_ip,type find nat | 
wc -l | grep 132
 
-lxc delete -f u1 --project testovn
+lxc stop -f u1 --project testovn
 
 # Check NAT rules got cleaned up.
 natRulesAfter=$(ovn-nbctl --bare --format=csv 
--column=external_ip,logical_ip,type find nat | wc -l)
@@ -226,6 +226,21 @@ if [ "$natRulesBefore" -ne "$natRulesAfter" ]; then
     false
 fi
 
+# Check routed ingress mode allows larger subnets and doesn't add DNAT rules.
+lxc network set dummy ovn.ingress_mode=routed
+lxc config device set u1 eth0 ipv4.routes.external=198.51.100.0/24 --project 
testovn
+lxc config device set u1 eth0 ipv6.routes.external=2001:db8:1:2::/64 --project 
testovn
+lxc start u1 --project testovn
+
+# Check no NAT rules got added.
+natRulesAfter=$(ovn-nbctl --bare --format=csv 
--column=external_ip,logical_ip,type find nat | wc -l)
+if [ "$natRulesBefore" -ne "$natRulesAfter" ]; then
+    echo "NAT rules got added in routed ingress mode. Started with 
${natRulesBefore} now have ${natRulesAfter}"
+    false
+fi
+
+lxc delete -f u1 --project testovn
+
 lxc network delete ovn-virtual-network --project testovn
 lxc image delete "${FINGERPRINT}" --project testovn
 lxc project delete testovn

_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [lxc-ci/master] Network: Adds OVN routed ingress mode tests

Reply via email to