File: ovn-ipsec.at

package info (click to toggle)
ovn 25.09.0-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 14,492 kB
  • sloc: ansic: 106,060; xml: 23,314; sh: 3,322; python: 1,838; makefile: 836
file content (60 lines) | stat: -rw-r--r-- 2,610 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
 
AT_BANNER([OVN - IPsec])

AT_SETUP([ipsec -- basic configuration])
ovn_start

# Configure the Northbound database
check ovn-nbctl ls-add lsw0

check ovn-nbctl lsp-add lsw0 lp1
check ovn-nbctl lsp-set-addresses lp1 "f0:00:00:00:00:01 10.1.1.1"

check ovn-nbctl lsp-add lsw0 lp2
check ovn-nbctl lsp-set-addresses lp2 "f0:00:00:00:00:02 10.1.1.2"

net_add n1               # Network to connect hv1 and hv2

# Create hypervisor hv1 connected to n1
sim_add hv1
as hv1
ovs-vsctl add-br br-phys
ovn_attach n1 br-phys 192.168.0.1
ovs-vsctl add-port br-int vif1 -- set Interface vif1 external-ids:iface-id=lp1
ovs-vsctl \
    -- set Open_vSwitch . external-ids:system-id=hv1 \
    -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
    -- set Open_vSwitch . external-ids:ovn-encap-ip=192.168.0.1 \
    -- set Open_vSwitch . other_config:certificate=dummy-cert.pem \
    -- set Open_vSwitch . other_config:private_key=dummy-privkey.pem \
    -- set Open_vSwitch . other_config:ca_cert=dummy-cacert.pem

# Create hypervisor hv2 connected to n1
sim_add hv2
as hv2
ovs-vsctl add-br br-phys
ovn_attach n1 br-phys 192.168.0.2
ovs-vsctl add-port br-int vif2 -- set Interface vif2 external-ids:iface-id=lp2
ovs-vsctl \
    -- set Open_vSwitch . external-ids:system-id=hv2 \
    -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \
    -- set Open_vSwitch . external-ids:ovn-encap-ip=192.168.0.2 \
    -- set Open_vSwitch . other_config:certificate=dummy-cert.pem \
    -- set Open_vSwitch . other_config:private_key=dummy-privkey.pem \
    -- set Open_vSwitch . other_config:ca_cert=dummy-cacert.pem

# Enable IPsec
check ovn-nbctl set nb_global . ipsec=true
check ovn-nbctl set nb_global . options:ipsec_encapsulation=true

check ovn-nbctl --wait=hv sync

OVS_WAIT_UNTIL([test x`as hv2 ovs-vsctl get Interface ovn-hv1-0 options:remote_ip | tr -d '"\n'` = x192.168.0.1])
AT_CHECK([as hv2 ovs-vsctl get Interface ovn-hv1-0 options:local_ip | tr -d '"\n'], [0], [192.168.0.2])
AT_CHECK([as hv2 ovs-vsctl get Interface ovn-hv1-0 options:remote_name | tr -d '\n'], [0], [hv1])
AT_CHECK([as hv2 ovs-vsctl get Interface ovn-hv1-0 options:ipsec_encapsulation | tr -d '\n'], [0], [yes])
OVS_WAIT_UNTIL([test x`as hv1 ovs-vsctl get Interface ovn-hv2-0 options:remote_ip | tr -d '"\n'` = x192.168.0.2])
AT_CHECK([as hv1 ovs-vsctl get Interface ovn-hv2-0 options:local_ip | tr -d '"\n'], [0], [192.168.0.1])
AT_CHECK([as hv1 ovs-vsctl get Interface ovn-hv2-0 options:remote_name | tr -d '\n'], [0], [hv2])
AT_CHECK([as hv1 ovs-vsctl get Interface ovn-hv2-0 options:ipsec_encapsulation | tr -d '\n'], [0], [yes])

AT_CLEANUP