dn42.nix/checks/extended-next-hop.nix

{ self, pkgs ? import <nixpkgs> { } }:

let
  common = { pkgs, ... }: {
    imports = [ self.nixosModules.default ];
    networking.dn42.enable = true;
    virtualisation.interfaces.enp1s0.vlan = 1;
    networking.useNetworkd = true;
    networking.domain = "test.nixos";
    systemd.network.netdevs.dummy0.netdevConfig = {
      Kind = "dummy";
      Name = "dummy0";
    };
    environment.systemPackages = [ pkgs.jq ];
    networking.dn42.roagen = {
      enable = true;
      outputDir = pkgs.runCommand "stub-roa" {} ''
        mkdir $out
        cat >$out/dn42-roa4.conf <<EOF
        route 172.20.0.0/24 max 24 as 64600;
        route 172.20.1.0/24 max 24 as 64601;
        EOF
        cat >$out/dn42-roa6.conf <<EOF
        route fec1::/64 max 64 as 64600;
        route fec1:0:0:1::/64 max 64 as 64601;
        EOF
      '';
    };
  };

in
pkgs.nixosTest rec {
  name = "extended-next-hop";

  nodes = {
    foo = {
      imports = [ common ];
      networking.hostName = "foo";
      networking.dn42 = {
        as = 64600;
        geo = 41;
        country = 1276;
        addr.v4 = "172.20.0.1";
        nets.v4 = [ "172.20.0.0/24" ];
        addr.v6 = "fec0::1";
        nets.v6 = [ "fec0::/64" ];
        peers.bar = {
          as = 64601;
          latency = 1;
          bandwidth = 25;
          crypto = 31;
          transit = false;
          extendedNextHop = true;
          addr.v6 = (builtins.head nodes.bar.networking.interfaces.enp1s0.ipv6.addresses).address;
          srcAddr.v6 = (builtins.head nodes.foo.networking.interfaces.enp1s0.ipv6.addresses).address;
          interface = "enp1s0";
        };
      };
      networking.interfaces.enp1s0 = {
        ipv4.addresses = [{
          address = "10.0.0.1";
          prefixLength = 24;
        }];
        ipv6.addresses = [{
          address = "fe80::1";
          prefixLength = 64;
        }];
      };
      networking.interfaces.dummy0 = {
        ipv4.addresses = [{
          address = nodes.foo.networking.dn42.addr.v4;
          prefixLength = 24;
        }];
        ipv6.addresses = [{
          address = nodes.foo.networking.dn42.addr.v6;
          prefixLength = 64;
        }];
      };
    };
    bar = {
      imports = [ common ];
      networking.hostName = "bar";
      networking.dn42 = {
        as = 64601;
        geo = 41;
        country = 1276;
        addr.v4 = "172.20.1.1";
        nets.v4 = [ "172.20.1.0/24" ];
        addr.v6 = "fec0:0:0:1::1";
        nets.v6 = [ "fec0:0:0:1::/64" ];
        peers.foo = {
          as = 64600;
          latency = 1;
          bandwidth = 25;
          crypto = 31;
          transit = false;
          extendedNextHop = true;
          addr.v6 = (builtins.head nodes.foo.networking.interfaces.enp1s0.ipv6.addresses).address;
          srcAddr.v6 = (builtins.head nodes.bar.networking.interfaces.enp1s0.ipv6.addresses).address;
          interface = "enp1s0";
        };
      };
      networking.interfaces.enp1s0 = {
        ipv4.addresses = [{
          address = "10.0.0.2";
          prefixLength = 24;
        }];
        ipv6.addresses = [{
          address = "fe80::2";
          prefixLength = 64;
        }];
      };
      networking.interfaces.dummy0 = {
        ipv4.addresses = [{
          address = nodes.bar.networking.dn42.addr.v4;
          prefixLength = 24;
        }];
        ipv6.addresses = [{
          address = nodes.bar.networking.dn42.addr.v6;
          prefixLength = 64;
        }];
      };
    };
  };

  testScript = ''
    foo.succeed("ip -6 mon > /dev/console &")

    foo.wait_for_unit("bird2")
    bar.wait_for_unit("bird2")

    with subtest("Waiting for advertised IPv4 routes"):
      foo.wait_until_succeeds("ip --json r | jq -e 'map(select(.dst == \"${builtins.head nodes.bar.networking.dn42.nets.v4}\")) | any'")
      bar.wait_until_succeeds("ip --json r | jq -e 'map(select(.dst == \"${builtins.head nodes.foo.networking.dn42.nets.v4}\")) | any'")

    # Assuming IPv4 peering is up, try ping on routed dummy0 addrs
    foo.wait_until_succeeds("ping -c 1 ${nodes.bar.networking.dn42.addr.v4}")
    bar.wait_until_succeeds("ping -c 1 ${nodes.foo.networking.dn42.addr.v4}")

    # with subtest("Waiting for advertised IPv6 routes"):
    #   foo.wait_until_succeeds("ip --json -6 r | jq -e 'map(select(.dst == \"${builtins.head nodes.bar.networking.dn42.nets.v6}\")) | any'")
    #   bar.wait_until_succeeds("ip --json -6 r | jq -e 'map(select(.dst == \"${builtins.head nodes.foo.networking.dn42.nets.v6}\")) | any'")

    # icmpv6 unsupported by QEMU user networking
    # foo.wait_until_succeeds("ping -c 1 ${nodes.bar.networking.dn42.addr.v6}")
    # bar.wait_until_succeeds("ping -c 1 ${nodes.foo.networking.dn42.addr.v6}")
  '';
}
checks: add stub-roa 2024-04-13 01:14:58 +02:00			`{ self, pkgs ? import <nixpkgs> { } }:`
added extendes ipv6 next-hop support 2024-03-12 19:56:30 +01:00
checks/extended-next-hop: DRY 2024-03-13 01:10:28 +01:00			`let`
			`common = { pkgs, ... }: {`
checks: add stub-roa 2024-04-13 01:14:58 +02:00			`imports = [ self.nixosModules.default ];`
checks/extended-next-hop: DRY 2024-03-13 01:10:28 +01:00			`networking.dn42.enable = true;`
			`virtualisation.interfaces.enp1s0.vlan = 1;`
			`networking.useNetworkd = true;`
added dn42 bgp communities 2024-03-14 21:42:08 +01:00			`networking.domain = "test.nixos";`
checks/extended-next-hop: DRY 2024-03-13 01:10:28 +01:00			`systemd.network.netdevs.dummy0.netdevConfig = {`
			`Kind = "dummy";`
			`Name = "dummy0";`
			`};`
updated extended next hop text 2024-03-14 18:35:09 +01:00			`environment.systemPackages = [ pkgs.jq ];`
checks: move rtr options into networking.dn42 2024-04-14 21:10:40 +02:00			`networking.dn42.roagen = {`
checks: add stub-roa 2024-04-13 01:14:58 +02:00			`enable = true;`
			`outputDir = pkgs.runCommand "stub-roa" {} ''`
			`mkdir $out`
			`cat >$out/dn42-roa4.conf <<EOF`
			`route 172.20.0.0/24 max 24 as 64600;`
			`route 172.20.1.0/24 max 24 as 64601;`
			`EOF`
			`cat >$out/dn42-roa6.conf <<EOF`
			`route fec1::/64 max 64 as 64600;`
			`route fec1:0:0:1::/64 max 64 as 64601;`
			`EOF`
			`'';`
			`};`
checks/extended-next-hop: DRY 2024-03-13 01:10:28 +01:00			`};`

			`in`
added extendes ipv6 next-hop support 2024-03-12 19:56:30 +01:00			`pkgs.nixosTest rec {`
			`name = "extended-next-hop";`

			`nodes = {`
			`foo = {`
checks/extended-next-hop: DRY 2024-03-13 01:10:28 +01:00			`imports = [ common ];`
added dn42 bgp communities 2024-03-14 21:42:08 +01:00			`networking.hostName = "foo";`
added extendes ipv6 next-hop support 2024-03-12 19:56:30 +01:00			`networking.dn42 = {`
			`as = 64600;`
added dn42 bgp communities 2024-03-14 21:42:08 +01:00			`geo = 41;`
			`country = 1276;`
added extendes ipv6 next-hop support 2024-03-12 19:56:30 +01:00			`addr.v4 = "172.20.0.1";`
			`nets.v4 = [ "172.20.0.0/24" ];`
			`addr.v6 = "fec0::1";`
			`nets.v6 = [ "fec0::/64" ];`
			`peers.bar = {`
			`as = 64601;`
added dn42 bgp communities 2024-03-14 21:42:08 +01:00			`latency = 1;`
			`bandwidth = 25;`
			`crypto = 31;`
added roa 2024-03-15 22:15:51 +01:00			`transit = false;`
added extendes ipv6 next-hop support 2024-03-12 19:56:30 +01:00			`extendedNextHop = true;`
			`addr.v6 = (builtins.head nodes.bar.networking.interfaces.enp1s0.ipv6.addresses).address;`
			`srcAddr.v6 = (builtins.head nodes.foo.networking.interfaces.enp1s0.ipv6.addresses).address;`
			`interface = "enp1s0";`
			`};`
			`};`
			`networking.interfaces.enp1s0 = {`
cleanup 2024-03-31 19:12:39 +02:00			`ipv4.addresses = [{`
added extendes ipv6 next-hop support 2024-03-12 19:56:30 +01:00			`address = "10.0.0.1";`
			`prefixLength = 24;`
cleanup 2024-03-31 19:12:39 +02:00			`}];`
			`ipv6.addresses = [{`
added extendes ipv6 next-hop support 2024-03-12 19:56:30 +01:00			`address = "fe80::1";`
			`prefixLength = 64;`
cleanup 2024-03-31 19:12:39 +02:00			`}];`
added extendes ipv6 next-hop support 2024-03-12 19:56:30 +01:00			`};`
			`networking.interfaces.dummy0 = {`
cleanup 2024-03-31 19:12:39 +02:00			`ipv4.addresses = [{`
added extendes ipv6 next-hop support 2024-03-12 19:56:30 +01:00			`address = nodes.foo.networking.dn42.addr.v4;`
			`prefixLength = 24;`
cleanup 2024-03-31 19:12:39 +02:00			`}];`
			`ipv6.addresses = [{`
added extendes ipv6 next-hop support 2024-03-12 19:56:30 +01:00			`address = nodes.foo.networking.dn42.addr.v6;`
			`prefixLength = 64;`
cleanup 2024-03-31 19:12:39 +02:00			`}];`
added extendes ipv6 next-hop support 2024-03-12 19:56:30 +01:00			`};`
			`};`
			`bar = {`
checks/extended-next-hop: DRY 2024-03-13 01:10:28 +01:00			`imports = [ common ];`
added dn42 bgp communities 2024-03-14 21:42:08 +01:00			`networking.hostName = "bar";`
added extendes ipv6 next-hop support 2024-03-12 19:56:30 +01:00			`networking.dn42 = {`
			`as = 64601;`
added dn42 bgp communities 2024-03-14 21:42:08 +01:00			`geo = 41;`
			`country = 1276;`
added extendes ipv6 next-hop support 2024-03-12 19:56:30 +01:00			`addr.v4 = "172.20.1.1";`
			`nets.v4 = [ "172.20.1.0/24" ];`
			`addr.v6 = "fec0:0:0:1::1";`
			`nets.v6 = [ "fec0:0:0:1::/64" ];`
			`peers.foo = {`
			`as = 64600;`
added dn42 bgp communities 2024-03-14 21:42:08 +01:00			`latency = 1;`
			`bandwidth = 25;`
			`crypto = 31;`
added roa 2024-03-15 22:15:51 +01:00			`transit = false;`
added extendes ipv6 next-hop support 2024-03-12 19:56:30 +01:00			`extendedNextHop = true;`
			`addr.v6 = (builtins.head nodes.foo.networking.interfaces.enp1s0.ipv6.addresses).address;`
			`srcAddr.v6 = (builtins.head nodes.bar.networking.interfaces.enp1s0.ipv6.addresses).address;`
			`interface = "enp1s0";`
			`};`
			`};`
			`networking.interfaces.enp1s0 = {`
cleanup 2024-03-31 19:12:39 +02:00			`ipv4.addresses = [{`
added extendes ipv6 next-hop support 2024-03-12 19:56:30 +01:00			`address = "10.0.0.2";`
			`prefixLength = 24;`
cleanup 2024-03-31 19:12:39 +02:00			`}];`
			`ipv6.addresses = [{`
added extendes ipv6 next-hop support 2024-03-12 19:56:30 +01:00			`address = "fe80::2";`
			`prefixLength = 64;`
cleanup 2024-03-31 19:12:39 +02:00			`}];`
added extendes ipv6 next-hop support 2024-03-12 19:56:30 +01:00			`};`
			`networking.interfaces.dummy0 = {`
cleanup 2024-03-31 19:12:39 +02:00			`ipv4.addresses = [{`
added extendes ipv6 next-hop support 2024-03-12 19:56:30 +01:00			`address = nodes.bar.networking.dn42.addr.v4;`
			`prefixLength = 24;`
cleanup 2024-03-31 19:12:39 +02:00			`}];`
			`ipv6.addresses = [{`
added extendes ipv6 next-hop support 2024-03-12 19:56:30 +01:00			`address = nodes.bar.networking.dn42.addr.v6;`
			`prefixLength = 64;`
cleanup 2024-03-31 19:12:39 +02:00			`}];`
added extendes ipv6 next-hop support 2024-03-12 19:56:30 +01:00			`};`
			`};`
			`};`

			`testScript = ''`
updated extended next hop text 2024-03-14 18:35:09 +01:00			`foo.succeed("ip -6 mon > /dev/console &")`

added extendes ipv6 next-hop support 2024-03-12 19:56:30 +01:00			`foo.wait_for_unit("bird2")`
			`bar.wait_for_unit("bird2")`

updated extended next hop text 2024-03-14 18:35:09 +01:00			`with subtest("Waiting for advertised IPv4 routes"):`
			`foo.wait_until_succeeds("ip --json r \| jq -e 'map(select(.dst == \"${builtins.head nodes.bar.networking.dn42.nets.v4}\")) \| any'")`
			`bar.wait_until_succeeds("ip --json r \| jq -e 'map(select(.dst == \"${builtins.head nodes.foo.networking.dn42.nets.v4}\")) \| any'")`
added extendes ipv6 next-hop support 2024-03-12 19:56:30 +01:00
			`# Assuming IPv4 peering is up, try ping on routed dummy0 addrs`
			`foo.wait_until_succeeds("ping -c 1 ${nodes.bar.networking.dn42.addr.v4}")`
			`bar.wait_until_succeeds("ping -c 1 ${nodes.foo.networking.dn42.addr.v4}")`

updated extended next hop text 2024-03-14 18:35:09 +01:00			`# with subtest("Waiting for advertised IPv6 routes"):`
			`# foo.wait_until_succeeds("ip --json -6 r \| jq -e 'map(select(.dst == \"${builtins.head nodes.bar.networking.dn42.nets.v6}\")) \| any'")`
			`# bar.wait_until_succeeds("ip --json -6 r \| jq -e 'map(select(.dst == \"${builtins.head nodes.foo.networking.dn42.nets.v6}\")) \| any'")`

added extendes ipv6 next-hop support 2024-03-12 19:56:30 +01:00			`# icmpv6 unsupported by QEMU user networking`
			`# foo.wait_until_succeeds("ping -c 1 ${nodes.bar.networking.dn42.addr.v6}")`
			`# bar.wait_until_succeeds("ping -c 1 ${nodes.foo.networking.dn42.addr.v6}")`
			`'';`
			`}`