Merge pull request #17918 from lsang6WIND/bgp_evpn_route_map

Add bgpevpn route type-2 route map filter tests

tests/topotests/bgp_evpn_route_map_match/r1/frr.conf

@@ -24,19 +24,16 @@ router bgp 65001
  !
  address-family l2vpn evpn
   neighbor 192.168.1.2 activate
-  neighbor 192.168.1.2 route-map r2 out
+  neighbor 192.168.1.2 route-map rt5 out
   advertise-all-vni
   advertise ipv4 unicast
  exit-address-family
 !
-route-map r2 deny 10
+route-map rt5 deny 20
- match evpn route-type macip
-!
-route-map r2 deny 20
  match ip address prefix-list pl
  match evpn route-type prefix
 !
-route-map r2 permit 30
+route-map rt5 permit 30
 !
 ip prefix-list pl seq 5 permit 192.168.1.0/24
 ip prefix-list pl seq 10 permit 10.10.10.1/32

tests/topotests/bgp_evpn_route_map_match/r2/frr.conf

@@ -7,6 +7,7 @@ int lo
 int r2-eth0
  ip address 192.168.1.2/24
 !
+vni 10
 router bgp 65002
  no bgp ebgp-requires-policy
  neighbor 192.168.1.1 remote-as external

tests/topotests/bgp_evpn_route_map_match/test_bgp_evpn_route_map_match.py

@@ -23,6 +23,7 @@ sys.path.append(os.path.join(CWD, "../"))
 # pylint: disable=C0413
 from lib import topotest
 from lib.topogen import Topogen, get_topogen
+from lib.topolog import logger
 
 
 def setup_module(mod):
@@ -63,7 +64,7 @@ def teardown_module(mod):
     tgen.stop_topology()
 
 
-def test_bgp_evpn_route_map_match_route_type():
+def test_bgp_evpn_route_map_match_route_type5():
     tgen = get_topogen()
 
     if tgen.routers_have_failure():
@@ -84,16 +85,12 @@ def test_bgp_evpn_route_map_match_route_type():
                         "valid": True,
                     }
                 },
-                "10.10.10.2:2": {
-                    "[3]:[0]:[32]:[10.10.10.2]": {
-                        "valid": True,
-                    }
-                },
             },
-            "totalPrefixCounter": 2,
+            "totalPrefixCounter": 1,
         }
         return topotest.json_cmp(output, expected)
 
+    logger.info("Check route type-5 filtering")
     test_func = functools.partial(
         _bgp_converge,
     )
@@ -101,6 +98,97 @@ def test_bgp_evpn_route_map_match_route_type():
     assert result is None, "Filtered EVPN routes should not be advertised"
 
 
+def test_bgp_evpn_route_map_match_route_type2():
+    tgen = get_topogen()
+
+    # Change to L2VNI
+    for machine in [tgen.gears["r1"], tgen.gears["r2"]]:
+        machine.vtysh_cmd("configure terminal\nno vni 10")
+
+    def _check_l2vni():
+        for machine in [tgen.gears["r1"], tgen.gears["r2"]]:
+            output = json.loads(machine.vtysh_cmd("show evpn vni json"))
+
+            expected = {"10": {"vni": 10, "type": "L2"}}
+            return topotest.json_cmp(output, expected)
+
+    logger.info("Check L2VNI setup")
+    test_func = functools.partial(_check_l2vni)
+    _, result = topotest.run_and_expect(test_func, None, count=60, wait=1)
+    assert result is None, "L2VNI setup failed."
+
+    c2_mac = (
+        tgen.gears["c2"]
+        .cmd("ip link show c2-eth0 | awk '/link\/ether/ {print $2}'")
+        .rstrip()
+    )
+    tgen.gears["r1"].vtysh_cmd(
+        "\n".join(
+            [
+                "configure",
+                "route-map rt2 deny 30",
+                "match mac address %s" % c2_mac,
+                "exit",
+                "router bgp 65001",
+                "address-family l2vpn evpn",
+                "neighbor 192.168.1.2 route-map rt2 in",
+            ]
+        )
+    )
+
+    def _check_filter_mac():
+        output = json.loads(
+            tgen.gears["r1"].vtysh_cmd(
+                "show bgp l2vpn evpn neighbors 192.168.1.2 advertised-routes json"
+            )
+        )
+
+        if (
+            output["advertisedRoutes"]
+            .get("10.10.10.2:2", {})
+            .get("[2]:[0]:[48]:[%s]" % c2_mac)
+        ):
+            return False
+
+        return True
+
+    logger.info("check mac filter in, on c2 interface: %s" % c2_mac)
+    test_func = functools.partial(_check_filter_mac)
+    _, result = topotest.run_and_expect(test_func, True, count=60, wait=1)
+    assert result is True, "%s is not filtered" % c2_mac
+
+    tgen.gears["r1"].vtysh_cmd(
+        "\n".join(
+            [
+                "configure",
+                "route-map rt2 deny 30",
+                "no match mac address %s" % c2_mac,
+                "match evpn route-type macip" "exit",
+                "router bgp 65001",
+                "address-family l2vpn evpn",
+                "neighbor 192.168.1.2 route-map rt2 out",
+            ]
+        )
+    )
+
+    def _check_filter_type2():
+        output = json.loads(
+            tgen.gears["r1"].vtysh_cmd(
+                "show bgp l2vpn evpn neighbors 192.168.1.2 advertised-routes json"
+            )
+        )
+
+        if output["totalPrefixCounter"] == 0:
+            return True
+
+        return False
+
+    logger.info("check route type-2 filter out")
+    test_func = functools.partial(_check_filter_type2)
+    _, result = topotest.run_and_expect(test_func, True, count=60, wait=1)
+    assert result is True, "EVPN routes type-2 are not filtered."
+
+
 if __name__ == "__main__":
     args = ["-s"] + sys.argv[1:]
     sys.exit(pytest.main(args))