Loading...
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 | #!/bin/bash # SPDX-License-Identifier: GPL-2.0 # # Test that packets are sampled when tc-sample is used and that reported # metadata is correct. Two sets of hosts (with and without LAG) are used, since # metadata extraction in mlxsw is a bit different when LAG is involved. # # +---------------------------------+ +---------------------------------+ # | H1 (vrf) | | H3 (vrf) | # | + $h1 | | + $h3_lag | # | | 192.0.2.1/28 | | | 192.0.2.17/28 | # | | | | | | # | | default via 192.0.2.2 | | | default via 192.0.2.18 | # +----|----------------------------+ +----|----------------------------+ # | | # +----|-----------------------------------------|----------------------------+ # | | 192.0.2.2/28 | 192.0.2.18/28 | # | + $rp1 + $rp3_lag | # | | # | + $rp2 + $rp4_lag | # | | 198.51.100.2/28 | 198.51.100.18/28 | # +----|-----------------------------------------|----------------------------+ # | | # +----|----------------------------+ +----|----------------------------+ # | | default via 198.51.100.2 | | | default via 198.51.100.18 | # | | | | | | # | | 198.51.100.1/28 | | | 198.51.100.17/28 | # | + $h2 | | + $h4_lag | # | H2 (vrf) | | H4 (vrf) | # +---------------------------------+ +---------------------------------+ lib_dir=$(dirname $0)/../../../net/forwarding ALL_TESTS=" tc_sample_rate_test tc_sample_max_rate_test tc_sample_conflict_test tc_sample_group_conflict_test tc_sample_md_iif_test tc_sample_md_lag_iif_test tc_sample_md_oif_test tc_sample_md_lag_oif_test tc_sample_md_out_tc_test tc_sample_md_out_tc_occ_test tc_sample_md_latency_test tc_sample_acl_group_conflict_test tc_sample_acl_rate_test tc_sample_acl_max_rate_test " NUM_NETIFS=8 CAPTURE_FILE=$(mktemp) source $lib_dir/lib.sh source $lib_dir/devlink_lib.sh source mlxsw_lib.sh # Available at https://github.com/Mellanox/libpsample require_command psample h1_create() { simple_if_init $h1 192.0.2.1/28 ip -4 route add default vrf v$h1 nexthop via 192.0.2.2 } h1_destroy() { ip -4 route del default vrf v$h1 nexthop via 192.0.2.2 simple_if_fini $h1 192.0.2.1/28 } h2_create() { simple_if_init $h2 198.51.100.1/28 ip -4 route add default vrf v$h2 nexthop via 198.51.100.2 } h2_destroy() { ip -4 route del default vrf v$h2 nexthop via 198.51.100.2 simple_if_fini $h2 198.51.100.1/28 } h3_create() { ip link set dev $h3 down ip link add name ${h3}_bond type bond mode 802.3ad ip link set dev $h3 master ${h3}_bond simple_if_init ${h3}_bond 192.0.2.17/28 ip -4 route add default vrf v${h3}_bond nexthop via 192.0.2.18 } h3_destroy() { ip -4 route del default vrf v${h3}_bond nexthop via 192.0.2.18 simple_if_fini ${h3}_bond 192.0.2.17/28 ip link set dev $h3 nomaster ip link del dev ${h3}_bond } h4_create() { ip link set dev $h4 down ip link add name ${h4}_bond type bond mode 802.3ad ip link set dev $h4 master ${h4}_bond simple_if_init ${h4}_bond 198.51.100.17/28 ip -4 route add default vrf v${h4}_bond nexthop via 198.51.100.18 } h4_destroy() { ip -4 route del default vrf v${h4}_bond nexthop via 198.51.100.18 simple_if_fini ${h4}_bond 198.51.100.17/28 ip link set dev $h4 nomaster ip link del dev ${h4}_bond } router_create() { ip link set dev $rp1 up __addr_add_del $rp1 add 192.0.2.2/28 tc qdisc add dev $rp1 clsact ip link set dev $rp2 up __addr_add_del $rp2 add 198.51.100.2/28 tc qdisc add dev $rp2 clsact ip link add name ${rp3}_bond type bond mode 802.3ad ip link set dev $rp3 master ${rp3}_bond __addr_add_del ${rp3}_bond add 192.0.2.18/28 tc qdisc add dev $rp3 clsact ip link set dev ${rp3}_bond up ip link add name ${rp4}_bond type bond mode 802.3ad ip link set dev $rp4 master ${rp4}_bond __addr_add_del ${rp4}_bond add 198.51.100.18/28 tc qdisc add dev $rp4 clsact ip link set dev ${rp4}_bond up } router_destroy() { ip link set dev ${rp4}_bond down tc qdisc del dev $rp4 clsact __addr_add_del ${rp4}_bond del 198.51.100.18/28 ip link set dev $rp4 nomaster ip link del dev ${rp4}_bond ip link set dev ${rp3}_bond down tc qdisc del dev $rp3 clsact __addr_add_del ${rp3}_bond del 192.0.2.18/28 ip link set dev $rp3 nomaster ip link del dev ${rp3}_bond tc qdisc del dev $rp2 clsact __addr_add_del $rp2 del 198.51.100.2/28 ip link set dev $rp2 down tc qdisc del dev $rp1 clsact __addr_add_del $rp1 del 192.0.2.2/28 ip link set dev $rp1 down } setup_prepare() { h1=${NETIFS[p1]} rp1=${NETIFS[p2]} rp2=${NETIFS[p3]} h2=${NETIFS[p4]} h3=${NETIFS[p5]} rp3=${NETIFS[p6]} h4=${NETIFS[p7]} rp4=${NETIFS[p8]} vrf_prepare h1_create h2_create h3_create h4_create router_create } cleanup() { pre_cleanup rm -f $CAPTURE_FILE router_destroy h4_destroy h3_destroy h2_destroy h1_destroy vrf_cleanup } psample_capture_start() { rm -f $CAPTURE_FILE psample &> $CAPTURE_FILE & sleep 1 } psample_capture_stop() { { kill %% && wait %%; } 2>/dev/null } __tc_sample_rate_test() { local desc=$1; shift local dip=$1; shift local pkts pct RET=0 tc filter add dev $rp1 ingress protocol all pref 1 handle 101 matchall \ skip_sw action sample rate 32 group 1 check_err $? "Failed to configure sampling rule" psample_capture_start ip vrf exec v$h1 $MZ $h1 -c 320000 -d 100usec -p 64 -A 192.0.2.1 \ -B $dip -t udp dp=52768,sp=42768 -q psample_capture_stop pkts=$(grep -e "group 1 " $CAPTURE_FILE | wc -l) pct=$((100 * (pkts - 10000) / 10000)) (( -25 <= pct && pct <= 25)) check_err $? "Expected 10000 packets, got $pkts packets, which is $pct% off. Required accuracy is +-25%" log_test "tc sample rate ($desc)" tc filter del dev $rp1 ingress protocol all pref 1 handle 101 matchall } tc_sample_rate_test() { __tc_sample_rate_test "forward" 198.51.100.1 __tc_sample_rate_test "local receive" 192.0.2.2 } tc_sample_max_rate_test() { RET=0 tc filter add dev $rp1 ingress protocol all pref 1 handle 101 matchall \ skip_sw action sample rate $((35 * 10 ** 8)) group 1 check_err $? "Failed to configure sampling rule with max rate" tc filter del dev $rp1 ingress protocol all pref 1 handle 101 matchall tc filter add dev $rp1 ingress protocol all pref 1 handle 101 matchall \ skip_sw action sample rate $((35 * 10 ** 8 + 1)) \ group 1 &> /dev/null check_fail $? "Managed to configure sampling rate above maximum" log_test "tc sample maximum rate" } tc_sample_conflict_test() { RET=0 # Test that two sampling rules cannot be configured on the same port, # even when they share the same parameters. tc filter add dev $rp1 ingress protocol all pref 1 handle 101 matchall \ skip_sw action sample rate 1024 group 1 check_err $? "Failed to configure sampling rule" tc filter add dev $rp1 ingress protocol all pref 2 handle 102 matchall \ skip_sw action sample rate 1024 group 1 &> /dev/null check_fail $? "Managed to configure second sampling rule" # Delete the first rule and make sure the second rule can now be # configured. tc filter del dev $rp1 ingress protocol all pref 1 handle 101 matchall tc filter add dev $rp1 ingress protocol all pref 2 handle 102 matchall \ skip_sw action sample rate 1024 group 1 check_err $? "Failed to configure sampling rule after deletion" log_test "tc sample conflict test" tc filter del dev $rp1 ingress protocol all pref 2 handle 102 matchall } tc_sample_group_conflict_test() { RET=0 # Test that two sampling rules cannot be configured on the same port # with different groups. tc filter add dev $rp1 ingress protocol all pref 1 handle 101 matchall \ skip_sw action sample rate 1024 group 1 check_err $? "Failed to configure sampling rule" tc filter add dev $rp1 ingress protocol all pref 2 handle 102 matchall \ skip_sw action sample rate 1024 group 2 &> /dev/null check_fail $? "Managed to configure sampling rule with conflicting group" log_test "tc sample group conflict test" tc filter del dev $rp1 ingress protocol all pref 1 handle 101 matchall } tc_sample_md_iif_test() { local rp1_ifindex RET=0 tc filter add dev $rp1 ingress protocol all pref 1 handle 101 matchall \ skip_sw action sample rate 5 group 1 check_err $? "Failed to configure sampling rule" psample_capture_start ip vrf exec v$h1 $MZ $h1 -c 3200 -d 1msec -p 64 -A 192.0.2.1 \ -B 198.51.100.1 -t udp dp=52768,sp=42768 -q psample_capture_stop rp1_ifindex=$(ip -j -p link show dev $rp1 | jq '.[]["ifindex"]') grep -q -e "in-ifindex $rp1_ifindex " $CAPTURE_FILE check_err $? "Sampled packets do not have expected in-ifindex" log_test "tc sample iif" tc filter del dev $rp1 ingress protocol all pref 1 handle 101 matchall } tc_sample_md_lag_iif_test() { local rp3_ifindex RET=0 tc filter add dev $rp3 ingress protocol all pref 1 handle 101 matchall \ skip_sw action sample rate 5 group 1 check_err $? "Failed to configure sampling rule" psample_capture_start ip vrf exec v${h3}_bond $MZ ${h3}_bond -c 3200 -d 1msec -p 64 \ -A 192.0.2.17 -B 198.51.100.17 -t udp dp=52768,sp=42768 -q psample_capture_stop rp3_ifindex=$(ip -j -p link show dev $rp3 | jq '.[]["ifindex"]') grep -q -e "in-ifindex $rp3_ifindex " $CAPTURE_FILE check_err $? "Sampled packets do not have expected in-ifindex" log_test "tc sample lag iif" tc filter del dev $rp3 ingress protocol all pref 1 handle 101 matchall } tc_sample_md_oif_test() { local rp2_ifindex RET=0 tc filter add dev $rp1 ingress protocol all pref 1 handle 101 matchall \ skip_sw action sample rate 5 group 1 check_err $? "Failed to configure sampling rule" psample_capture_start ip vrf exec v$h1 $MZ $h1 -c 3200 -d 1msec -p 64 -A 192.0.2.1 \ -B 198.51.100.1 -t udp dp=52768,sp=42768 -q psample_capture_stop rp2_ifindex=$(ip -j -p link show dev $rp2 | jq '.[]["ifindex"]') grep -q -e "out-ifindex $rp2_ifindex " $CAPTURE_FILE check_err $? "Sampled packets do not have expected out-ifindex" log_test "tc sample oif" tc filter del dev $rp1 ingress protocol all pref 1 handle 101 matchall } tc_sample_md_lag_oif_test() { local rp4_ifindex RET=0 tc filter add dev $rp3 ingress protocol all pref 1 handle 101 matchall \ skip_sw action sample rate 5 group 1 check_err $? "Failed to configure sampling rule" psample_capture_start ip vrf exec v${h3}_bond $MZ ${h3}_bond -c 3200 -d 1msec -p 64 \ -A 192.0.2.17 -B 198.51.100.17 -t udp dp=52768,sp=42768 -q psample_capture_stop rp4_ifindex=$(ip -j -p link show dev $rp4 | jq '.[]["ifindex"]') grep -q -e "out-ifindex $rp4_ifindex " $CAPTURE_FILE check_err $? "Sampled packets do not have expected out-ifindex" log_test "tc sample lag oif" tc filter del dev $rp3 ingress protocol all pref 1 handle 101 matchall } tc_sample_md_out_tc_test() { RET=0 # Output traffic class is not supported on Spectrum-1. mlxsw_only_on_spectrum 2+ || return tc filter add dev $rp1 ingress protocol all pref 1 handle 101 matchall \ skip_sw action sample rate 5 group 1 check_err $? "Failed to configure sampling rule" # By default, all the packets should go to the same traffic class (0). psample_capture_start ip vrf exec v$h1 $MZ $h1 -c 3200 -d 1msec -p 64 -A 192.0.2.1 \ -B 198.51.100.1 -t udp dp=52768,sp=42768 -q psample_capture_stop grep -q -e "out-tc 0 " $CAPTURE_FILE check_err $? "Sampled packets do not have expected out-tc (0)" # Map all priorities to highest traffic class (7) and check reported # out-tc. tc qdisc replace dev $rp2 root handle 1: \ prio bands 3 priomap 0 0 0 0 0 0 0 0 psample_capture_start ip vrf exec v$h1 $MZ $h1 -c 3200 -d 1msec -p 64 -A 192.0.2.1 \ -B 198.51.100.1 -t udp dp=52768,sp=42768 -q psample_capture_stop grep -q -e "out-tc 7 " $CAPTURE_FILE check_err $? "Sampled packets do not have expected out-tc (7)" log_test "tc sample out-tc" tc qdisc del dev $rp2 root handle 1: tc filter del dev $rp1 ingress protocol all pref 1 handle 101 matchall } tc_sample_md_out_tc_occ_test() { local backlog pct occ RET=0 # Output traffic class occupancy is not supported on Spectrum-1. mlxsw_only_on_spectrum 2+ || return tc filter add dev $rp1 ingress protocol all pref 1 handle 101 matchall \ skip_sw action sample rate 1024 group 1 check_err $? "Failed to configure sampling rule" # Configure a shaper on egress to create congestion. tc qdisc replace dev $rp2 root handle 1: \ tbf rate 1Mbit burst 256k limit 1M psample_capture_start ip vrf exec v$h1 $MZ $h1 -c 0 -d 1usec -p 1400 -A 192.0.2.1 \ -B 198.51.100.1 -t udp dp=52768,sp=42768 -q & # Allow congestion to reach steady state. sleep 10 backlog=$(tc -j -p -s qdisc show dev $rp2 | jq '.[0]["backlog"]') # Kill mausezahn. { kill %% && wait %%; } 2>/dev/null psample_capture_stop # Record last congestion sample. occ=$(grep -e "out-tc-occ " $CAPTURE_FILE | tail -n 1 | \ cut -d ' ' -f 16) pct=$((100 * (occ - backlog) / backlog)) (( -1 <= pct && pct <= 1)) check_err $? "Recorded a congestion of $backlog bytes, but sampled congestion is $occ bytes, which is $pct% off. Required accuracy is +-5%" log_test "tc sample out-tc-occ" tc qdisc del dev $rp2 root handle 1: tc filter del dev $rp1 ingress protocol all pref 1 handle 101 matchall } tc_sample_md_latency_test() { RET=0 # Egress sampling not supported on Spectrum-1. mlxsw_only_on_spectrum 2+ || return tc filter add dev $rp2 egress protocol all pref 1 handle 101 matchall \ skip_sw action sample rate 5 group 1 check_err $? "Failed to configure sampling rule" psample_capture_start ip vrf exec v$h1 $MZ $h1 -c 3200 -d 1msec -p 64 -A 192.0.2.1 \ -B 198.51.100.1 -t udp dp=52768,sp=42768 -q psample_capture_stop grep -q -e "latency " $CAPTURE_FILE check_err $? "Sampled packets do not have latency attribute" log_test "tc sample latency" tc filter del dev $rp2 egress protocol all pref 1 handle 101 matchall } tc_sample_acl_group_conflict_test() { RET=0 # Test that two flower sampling rules cannot be configured on the same # port with different groups. # Policy-based sampling is not supported on Spectrum-1. mlxsw_only_on_spectrum 2+ || return tc filter add dev $rp1 ingress protocol ip pref 1 handle 101 flower \ skip_sw action sample rate 1024 group 1 check_err $? "Failed to configure sampling rule" tc filter add dev $rp1 ingress protocol ip pref 2 handle 102 flower \ skip_sw action sample rate 1024 group 1 check_err $? "Failed to configure sampling rule with same group" tc filter add dev $rp1 ingress protocol ip pref 3 handle 103 flower \ skip_sw action sample rate 1024 group 2 &> /dev/null check_fail $? "Managed to configure sampling rule with conflicting group" log_test "tc sample (w/ flower) group conflict test" tc filter del dev $rp1 ingress protocol ip pref 2 handle 102 flower tc filter del dev $rp1 ingress protocol ip pref 1 handle 101 flower } __tc_sample_acl_rate_test() { local bind=$1; shift local port=$1; shift local pkts pct RET=0 # Policy-based sampling is not supported on Spectrum-1. mlxsw_only_on_spectrum 2+ || return tc filter add dev $port $bind protocol ip pref 1 handle 101 flower \ skip_sw dst_ip 198.51.100.1 action sample rate 32 group 1 check_err $? "Failed to configure sampling rule" psample_capture_start ip vrf exec v$h1 $MZ $h1 -c 320000 -d 100usec -p 64 -A 192.0.2.1 \ -B 198.51.100.1 -t udp dp=52768,sp=42768 -q psample_capture_stop pkts=$(grep -e "group 1 " $CAPTURE_FILE | wc -l) pct=$((100 * (pkts - 10000) / 10000)) (( -25 <= pct && pct <= 25)) check_err $? "Expected 10000 packets, got $pkts packets, which is $pct% off. Required accuracy is +-25%" # Setup a filter that should not match any packet and make sure packets # are not sampled. tc filter del dev $port $bind protocol ip pref 1 handle 101 flower tc filter add dev $port $bind protocol ip pref 1 handle 101 flower \ skip_sw dst_ip 198.51.100.10 action sample rate 32 group 1 check_err $? "Failed to configure sampling rule" psample_capture_start ip vrf exec v$h1 $MZ $h1 -c 3200 -d 1msec -p 64 -A 192.0.2.1 \ -B 198.51.100.1 -t udp dp=52768,sp=42768 -q psample_capture_stop grep -q -e "group 1 " $CAPTURE_FILE check_fail $? "Sampled packets when should not" log_test "tc sample (w/ flower) rate ($bind)" tc filter del dev $port $bind protocol ip pref 1 handle 101 flower } tc_sample_acl_rate_test() { __tc_sample_acl_rate_test ingress $rp1 __tc_sample_acl_rate_test egress $rp2 } tc_sample_acl_max_rate_test() { RET=0 # Policy-based sampling is not supported on Spectrum-1. mlxsw_only_on_spectrum 2+ || return tc filter add dev $rp1 ingress protocol ip pref 1 handle 101 flower \ skip_sw action sample rate $((2 ** 24 - 1)) group 1 check_err $? "Failed to configure sampling rule with max rate" tc filter del dev $rp1 ingress protocol ip pref 1 handle 101 flower tc filter add dev $rp1 ingress protocol ip pref 1 handle 101 flower \ skip_sw action sample rate $((2 ** 24)) \ group 1 &> /dev/null check_fail $? "Managed to configure sampling rate above maximum" log_test "tc sample (w/ flower) maximum rate" } trap cleanup EXIT setup_prepare setup_wait tests_run exit $EXIT_STATUS |