From 2ef2ef64c253af3ad4680a9196d36c7d04299ed1 Mon Sep 17 00:00:00 2001
From: gran <gran@vmware.com>
Date: Thu, 11 Nov 2021 13:09:23 +0800
Subject: [PATCH] Enable traceflow e2e test on Windows

Signed-off-by: gran <gran@vmware.com>
---
 pkg/agent/openflow/client_test.go |   3 +
 test/e2e/fixtures.go              |  18 ++-
 test/e2e/traceflow_test.go        | 221 ++++++++++++++++++------------
 3 files changed, 150 insertions(+), 92 deletions(-)

diff --git a/pkg/agent/openflow/client_test.go b/pkg/agent/openflow/client_test.go
index 5e5753c8ebe..36aaf121393 100644
--- a/pkg/agent/openflow/client_test.go
+++ b/pkg/agent/openflow/client_test.go
@@ -367,6 +367,7 @@ func Test_client_SendTraceflowPacket(t *testing.T) {
 			name: "IPv6 ICMPv6",
 			args: args{
 				Packet: binding.Packet{
+					IsIPv6:         true,
 					SourceMAC:      srcMAC,
 					DestinationMAC: dstMAC,
 					SourceIP:       net.ParseIP("1111::4444"),
@@ -381,6 +382,7 @@ func Test_client_SendTraceflowPacket(t *testing.T) {
 			name: "IPv6 TCP",
 			args: args{
 				Packet: binding.Packet{
+					IsIPv6:         true,
 					SourceMAC:      srcMAC,
 					DestinationMAC: dstMAC,
 					SourceIP:       net.ParseIP("1111::4444"),
@@ -394,6 +396,7 @@ func Test_client_SendTraceflowPacket(t *testing.T) {
 			name: "IPv6 UDP",
 			args: args{
 				Packet: binding.Packet{
+					IsIPv6:         true,
 					SourceMAC:      srcMAC,
 					DestinationMAC: dstMAC,
 					SourceIP:       net.ParseIP("1111::4444"),
diff --git a/test/e2e/fixtures.go b/test/e2e/fixtures.go
index f679ed1bf54..acb764b5ba1 100644
--- a/test/e2e/fixtures.go
+++ b/test/e2e/fixtures.go
@@ -437,6 +437,18 @@ func deletePodWrapper(tb testing.TB, data *TestData, namespace, name string) {
 // created Pods. Pods are created in parallel to reduce the time required to run the tests.
 func createTestBusyboxPods(tb testing.TB, data *TestData, num int, ns string, nodeName string) (
 	podNames []string, podIPs []*PodIPs, cleanupFn func(),
+) {
+	return createTestPods(tb, data, num, ns, nodeName, data.createBusyboxPodOnNode)
+}
+
+func createTestAgnhostPods(tb testing.TB, data *TestData, num int, ns string, nodeName string) (
+	podNames []string, podIPs []*PodIPs, cleanupFn func(),
+) {
+	return createTestPods(tb, data, num, ns, nodeName, data.createAgnhostPodOnNode)
+}
+
+func createTestPods(tb testing.TB, data *TestData, num int, ns string, nodeName string, createFunc func(string, string, string, bool) error) (
+	podNames []string, podIPs []*PodIPs, cleanupFn func(),
 ) {
 	cleanupFn = func() {
 		var wg sync.WaitGroup
@@ -458,9 +470,9 @@ func createTestBusyboxPods(tb testing.TB, data *TestData, num int, ns string, no
 
 	createPodAndGetIP := func() (string, *PodIPs, error) {
 		podName := randName("test-pod-")
-		tb.Logf("Creating a busybox test Pod '%s' and waiting for IP", podName)
-		if err := data.createBusyboxPodOnNode(podName, ns, nodeName, false); err != nil {
-			tb.Errorf("Error when creating busybox test Pod '%s': %v", podName, err)
+		tb.Logf("Creating a test Pod '%s' and waiting for IP", podName)
+		if err := createFunc(podName, ns, nodeName, false); err != nil {
+			tb.Errorf("Error when creating test Pod '%s': %v", podName, err)
 			return "", nil, err
 		}
 		podIP, err := data.podWaitForIPs(defaultTimeout, podName, ns)
diff --git a/test/e2e/traceflow_test.go b/test/e2e/traceflow_test.go
index d1892c43db3..0b174057153 100644
--- a/test/e2e/traceflow_test.go
+++ b/test/e2e/traceflow_test.go
@@ -19,6 +19,7 @@ import (
 	"fmt"
 	"net"
 	"reflect"
+	"strconv"
 	"strings"
 	"testing"
 	"time"
@@ -30,7 +31,6 @@ import (
 	"k8s.io/apimachinery/pkg/util/wait"
 
 	"antrea.io/antrea/pkg/agent/config"
-	"antrea.io/antrea/pkg/apis/controlplane/v1beta2"
 	"antrea.io/antrea/pkg/apis/crd/v1alpha1"
 	"antrea.io/antrea/pkg/features"
 	"antrea.io/antrea/pkg/util/k8s"
@@ -53,7 +53,6 @@ type testcase struct {
 // TestTraceflow is the top-level test which contains all subtests for
 // Traceflow related test cases so they can share setup, teardown.
 func TestTraceflow(t *testing.T) {
-	skipIfHasWindowsNodes(t)
 	skipIfTraceflowDisabled(t)
 
 	data, err := setupTest(t)
@@ -97,8 +96,12 @@ func testTraceflowIntraNodeANP(t *testing.T, data *TestData) {
 	k8sUtils, err = NewKubernetesUtils(data)
 	failOnError(err, t)
 
-	node1 := nodeName(0)
-	node1Pods, _, node1CleanupFn := createTestBusyboxPods(t, data, 3, testNamespace, node1)
+	nodeIdx := 0
+	if len(clusterInfo.windowsNodes) != 0 {
+		nodeIdx = clusterInfo.windowsNodes[0]
+	}
+	node1 := nodeName(nodeIdx)
+	node1Pods, _, node1CleanupFn := createTestAgnhostPods(t, data, 3, testNamespace, node1)
 	defer node1CleanupFn()
 
 	var denyIngress *v1alpha1.NetworkPolicy
@@ -111,6 +114,9 @@ func testTraceflowIntraNodeANP(t *testing.T, data *TestData) {
 			t.Errorf("Error when deleting Antrea NetworkPolicy: %v", err)
 		}
 	}()
+	if err = data.waitForANPRealized(t, testNamespace, denyIngressName); err != nil {
+		t.Fatal(err)
+	}
 	var rejectIngress *v1alpha1.NetworkPolicy
 	rejectIngressName := "test-anp-reject-ingress"
 	if rejectIngress, err = data.createANPDenyIngress("antrea-e2e", node1Pods[2], rejectIngressName, true); err != nil {
@@ -121,8 +127,7 @@ func testTraceflowIntraNodeANP(t *testing.T, data *TestData) {
 			t.Errorf("Error when deleting Antrea NetworkPolicy: %v", err)
 		}
 	}()
-	antreaPod, err := data.getAntreaPodOnNode(node1)
-	if err = data.waitForNetworkpolicyRealized(antreaPod, denyIngressName, v1beta2.AntreaNetworkPolicy); err != nil {
+	if err = data.waitForANPRealized(t, testNamespace, rejectIngressName); err != nil {
 		t.Fatal(err)
 	}
 
@@ -150,6 +155,7 @@ func testTraceflowIntraNodeANP(t *testing.T, data *TestData) {
 						TransportHeader: v1alpha1.TransportHeader{
 							TCP: &v1alpha1.TCPHeader{
 								DstPort: 80,
+								SrcPort: 10000,
 								Flags:   2,
 							},
 						},
@@ -197,6 +203,7 @@ func testTraceflowIntraNodeANP(t *testing.T, data *TestData) {
 						TransportHeader: v1alpha1.TransportHeader{
 							TCP: &v1alpha1.TCPHeader{
 								DstPort: 80,
+								SrcPort: 10001,
 								Flags:   2,
 							},
 						},
@@ -244,6 +251,7 @@ func testTraceflowIntraNodeANP(t *testing.T, data *TestData) {
 						TransportHeader: v1alpha1.TransportHeader{
 							TCP: &v1alpha1.TCPHeader{
 								DstPort: 80,
+								SrcPort: 10002,
 								Flags:   2,
 							},
 						},
@@ -282,10 +290,14 @@ func testTraceflowIntraNodeANP(t *testing.T, data *TestData) {
 
 // testTraceflowIntraNode verifies if traceflow can trace intra node traffic with some NetworkPolicies set.
 func testTraceflowIntraNode(t *testing.T, data *TestData) {
-	node1 := nodeName(0)
+	nodeIdx := 0
+	if len(clusterInfo.windowsNodes) != 0 {
+		nodeIdx = clusterInfo.windowsNodes[0]
+	}
+	node1 := nodeName(nodeIdx)
 
 	agentPod, _ := data.getAntreaPodOnNode(node1)
-	node1Pods, node1IPs, node1CleanupFn := createTestBusyboxPods(t, data, 3, testNamespace, node1)
+	node1Pods, node1IPs, node1CleanupFn := createTestAgnhostPods(t, data, 3, testNamespace, node1)
 	defer node1CleanupFn()
 	var pod0IPv4Str, pod1IPv4Str, dstPodIPv4Str, dstPodIPv6Str string
 	if node1IPs[0].ipv4 != nil {
@@ -300,7 +312,7 @@ func testTraceflowIntraNode(t *testing.T, data *TestData) {
 	if node1IPs[2].ipv6 != nil {
 		dstPodIPv6Str = node1IPs[2].ipv6.String()
 	}
-	gwIPv4Str, gwIPv6Str := nodeGatewayIPs(0)
+	gwIPv4Str, gwIPv6Str := nodeGatewayIPs(nodeIdx)
 
 	// Setup 2 NetworkPolicies:
 	// 1. Allow all egress traffic.
@@ -328,15 +340,16 @@ func testTraceflowIntraNode(t *testing.T, data *TestData) {
 		}
 	}()
 
-	antreaPod, err := data.getAntreaPodOnNode(node1)
-	if err = data.waitForNetworkpolicyRealized(antreaPod, allowAllEgressName, v1beta2.K8sNetworkPolicy); err != nil {
-		t.Fatal(err)
-	}
-	if err = data.waitForNetworkpolicyRealized(antreaPod, denyAllIngressName, v1beta2.K8sNetworkPolicy); err != nil {
-		t.Fatal(err)
-	}
-
+	// default Ubuntu ping packet properties.
+	expectedLength := uint16(84)
 	expectedTTL := int32(64)
+	expectedFlags := int32(2)
+	if len(clusterInfo.windowsNodes) != 0 {
+		// default Windows ping packet properties.
+		expectedLength = 60
+		expectedTTL = 128
+		expectedFlags = 0
+	}
 	testcases := []testcase{
 		{
 			name:      "intraNodeTraceflowIPv4",
@@ -361,6 +374,7 @@ func testTraceflowIntraNode(t *testing.T, data *TestData) {
 						TransportHeader: v1alpha1.TransportHeader{
 							TCP: &v1alpha1.TCPHeader{
 								DstPort: 80,
+								SrcPort: 10003,
 								Flags:   2,
 							},
 						},
@@ -413,6 +427,7 @@ func testTraceflowIntraNode(t *testing.T, data *TestData) {
 						TransportHeader: v1alpha1.TransportHeader{
 							UDP: &v1alpha1.UDPHeader{
 								DstPort: 321,
+								SrcPort: 10004,
 							},
 						},
 					},
@@ -463,6 +478,7 @@ func testTraceflowIntraNode(t *testing.T, data *TestData) {
 						TransportHeader: v1alpha1.TransportHeader{
 							UDP: &v1alpha1.UDPHeader{
 								DstPort: 321,
+								SrcPort: 10005,
 							},
 						},
 					},
@@ -643,8 +659,8 @@ func testTraceflowIntraNode(t *testing.T, data *TestData) {
 			expectedPktCap: &v1alpha1.Packet{
 				SrcIP:    pod0IPv4Str,
 				DstIP:    dstPodIPv4Str,
-				Length:   84, // default ping packet length.
-				IPHeader: v1alpha1.IPHeader{Protocol: 1, TTL: expectedTTL, Flags: 2},
+				Length:   expectedLength,
+				IPHeader: v1alpha1.IPHeader{Protocol: 1, TTL: expectedTTL, Flags: expectedFlags},
 				TransportHeader: v1alpha1.TransportHeader{
 					ICMP: &v1alpha1.ICMPEchoRequestHeader{},
 				},
@@ -655,7 +671,7 @@ func testTraceflowIntraNode(t *testing.T, data *TestData) {
 			ipVersion: 4,
 			tf: &v1alpha1.Traceflow{
 				ObjectMeta: metav1.ObjectMeta{
-					Name: randName(fmt.Sprintf("%s-%s-to-%s-", testNamespace, node1Pods[0], dstPodIPv4Str)),
+					Name: randName(fmt.Sprintf("%s-%s-to-%s-", testNamespace, pod0IPv4Str, node1Pods[1])),
 				},
 				Spec: v1alpha1.TraceflowSpec{
 					Source: v1alpha1.Source{
@@ -695,8 +711,8 @@ func testTraceflowIntraNode(t *testing.T, data *TestData) {
 			expectedPktCap: &v1alpha1.Packet{
 				SrcIP:    pod0IPv4Str,
 				DstIP:    pod1IPv4Str,
-				Length:   84, // default ping packet length.
-				IPHeader: v1alpha1.IPHeader{Protocol: 1, TTL: expectedTTL, Flags: 2},
+				Length:   expectedLength,
+				IPHeader: v1alpha1.IPHeader{Protocol: 1, TTL: expectedTTL, Flags: expectedFlags},
 				TransportHeader: v1alpha1.TransportHeader{
 					ICMP: &v1alpha1.ICMPEchoRequestHeader{},
 				},
@@ -725,6 +741,7 @@ func testTraceflowIntraNode(t *testing.T, data *TestData) {
 						TransportHeader: v1alpha1.TransportHeader{
 							TCP: &v1alpha1.TCPHeader{
 								DstPort: 80,
+								SrcPort: 10006,
 								Flags:   2,
 							},
 						},
@@ -777,6 +794,7 @@ func testTraceflowIntraNode(t *testing.T, data *TestData) {
 						TransportHeader: v1alpha1.TransportHeader{
 							UDP: &v1alpha1.UDPHeader{
 								DstPort: 321,
+								SrcPort: 10007,
 							},
 						},
 					},
@@ -827,6 +845,7 @@ func testTraceflowIntraNode(t *testing.T, data *TestData) {
 						TransportHeader: v1alpha1.TransportHeader{
 							UDP: &v1alpha1.UDPHeader{
 								DstPort: 321,
+								SrcPort: 10008,
 							},
 						},
 					},
@@ -1084,11 +1103,28 @@ func testTraceflowIntraNode(t *testing.T, data *TestData) {
 
 // testTraceflowInterNode verifies if traceflow can trace inter nodes traffic with some NetworkPolicies set.
 func testTraceflowInterNode(t *testing.T, data *TestData) {
-	node1 := nodeName(0)
-	node2 := nodeName(1)
+	encapMode, err := data.GetEncapMode()
+	if err != nil {
+		t.Fatalf("Failed to retrieve encap mode: %v", err)
+	}
+	if encapMode != config.TrafficEncapModeNoEncap {
+		// https://github.com/antrea-io/antrea/issues/897
+		skipIfProviderIs(t, "kind", "Skipping inter-Node Traceflow test for Kind because of #897")
+	}
+
+	nodeIdx0 := 0
+	nodeIdx1 := 1
+	if len(clusterInfo.windowsNodes) > 1 {
+		nodeIdx0 = clusterInfo.windowsNodes[0]
+		nodeIdx1 = clusterInfo.windowsNodes[1]
+	} else {
+		skipIfHasWindowsNodes(t)
+	}
+	node1 := nodeName(nodeIdx0)
+	node2 := nodeName(nodeIdx1)
 
-	node1Pods, _, node1CleanupFn := createTestBusyboxPods(t, data, 1, testNamespace, node1)
-	node2Pods, node2IPs, node2CleanupFn := createTestBusyboxPods(t, data, 2, testNamespace, node2)
+	node1Pods, _, node1CleanupFn := createTestAgnhostPods(t, data, 1, testNamespace, node1)
+	node2Pods, node2IPs, node2CleanupFn := createTestAgnhostPods(t, data, 3, testNamespace, node2)
 	gatewayIPv4, gatewayIPv6 := nodeGatewayIPs(1)
 	defer node1CleanupFn()
 	defer node2CleanupFn()
@@ -1102,27 +1138,44 @@ func testTraceflowInterNode(t *testing.T, data *TestData) {
 
 	// Create Service backend Pod. The "hairpin" testcases require the Service to have a single backend Pod,
 	// and no more, in order to be deterministic.
-	nginxPodName := "nginx"
-	require.NoError(t, data.createNginxPodOnNode(nginxPodName, testNamespace, node2, false))
-	nginxIP, err := data.podWaitForIPs(defaultTimeout, nginxPodName, testNamespace)
+	agnhostPodName := "agnhost"
+	mutateFunc := func(pod *corev1.Pod) {
+		pod.Labels["app"] = "agnhost-server"
+	}
+	require.NoError(t, data.createPodOnNode(agnhostPodName, testNamespace, node2, agnhostImage, []string{"sleep", strconv.Itoa(3600)}, nil, nil, nil, false, mutateFunc))
+	agnhostIP, err := data.podWaitForIPs(defaultTimeout, agnhostPodName, testNamespace)
 	require.NoError(t, err)
 
-	var nginxIPv4Str, nginxIPv6Str, svcIPv4Name, svcIPv6Name string
-	if nginxIP.ipv4 != nil {
-		nginxIPv4Str = nginxIP.ipv4.String()
+	var agnhostIPv4Str, agnhostIPv6Str, svcIPv4Name, svcIPv6Name string
+	if agnhostIP.ipv4 != nil {
+		agnhostIPv4Str = agnhostIP.ipv4.String()
 		ipv4Protocol := corev1.IPv4Protocol
-		svcIPv4, err := data.createNginxClusterIPService("nginx-ipv4", testNamespace, false, &ipv4Protocol)
+		svcIPv4, err := data.CreateService("agnhost-ipv4", testNamespace, 80, 8080, map[string]string{"app": "agnhost-server"}, false, false, corev1.ServiceTypeClusterIP, &ipv4Protocol)
 		require.NoError(t, err)
 		svcIPv4Name = svcIPv4.Name
 	}
-	if nginxIP.ipv6 != nil {
-		nginxIPv6Str = nginxIP.ipv6.String()
+	if agnhostIP.ipv6 != nil {
+		agnhostIPv6Str = agnhostIP.ipv6.String()
 		ipv6Protocol := corev1.IPv6Protocol
-		svcIPv6, err := data.createNginxClusterIPService("nginx-ipv6", testNamespace, false, &ipv6Protocol)
+		svcIPv6, err := data.CreateService("agnhost-ipv6", testNamespace, 80, 8080, map[string]string{"app": "agnhost-server"}, false, false, corev1.ServiceTypeClusterIP, &ipv6Protocol)
 		require.NoError(t, err)
 		svcIPv6Name = svcIPv6.Name
 	}
 
+	// Mesh ping to activate tunnel on Windows Node
+	// TODO: Remove this after Windows OVS fixes the issue (openvswitch/ovs-issues#253) that first packet is possibly
+	// dropped on tunnel because the ARP entry doesn't exist in host cache.
+	if len(clusterInfo.windowsNodes) != 0 {
+		podInfos := make([]podInfo, 2)
+		podInfos[0].name = node1Pods[0]
+		podInfos[0].namespace = testNamespace
+		podInfos[0].os = "windows"
+		podInfos[1].name = node2Pods[2]
+		podInfos[1].namespace = testNamespace
+		podInfos[1].os = "windows"
+		data.runPingMesh(t, podInfos, agnhostContainerName)
+	}
+
 	// Setup 2 NetworkPolicies:
 	// 1. Allow all egress traffic.
 	// 2. Deny ingress traffic on pod with label antrea-e2e = node1Pods[1]. So flow node1Pods[0] -> node1Pods[1] will be dropped.
@@ -1148,14 +1201,6 @@ func testTraceflowInterNode(t *testing.T, data *TestData) {
 		}
 	}()
 
-	antreaPod, err := data.getAntreaPodOnNode(node2)
-	if err = data.waitForNetworkpolicyRealized(antreaPod, allowAllEgressName, v1beta2.K8sNetworkPolicy); err != nil {
-		t.Fatal(err)
-	}
-	if err = data.waitForNetworkpolicyRealized(antreaPod, denyAllIngressName, v1beta2.K8sNetworkPolicy); err != nil {
-		t.Fatal(err)
-	}
-
 	testcases := []testcase{
 		{
 			name:      "interNodeTraceflowIPv4",
@@ -1180,6 +1225,7 @@ func testTraceflowInterNode(t *testing.T, data *TestData) {
 						TransportHeader: v1alpha1.TransportHeader{
 							TCP: &v1alpha1.TCPHeader{
 								DstPort: 80,
+								SrcPort: 10009,
 								Flags:   2,
 							},
 						},
@@ -1245,6 +1291,7 @@ func testTraceflowInterNode(t *testing.T, data *TestData) {
 						TransportHeader: v1alpha1.TransportHeader{
 							UDP: &v1alpha1.UDPHeader{
 								DstPort: 321,
+								SrcPort: 10010,
 							},
 						},
 					},
@@ -1288,11 +1335,11 @@ func testTraceflowInterNode(t *testing.T, data *TestData) {
 			},
 		},
 		{
-			name:      "interNodeICMPDstIPTraceflowIPv4",
+			name:      "interNodeICMPDstPodDroppedTraceflowIPv4",
 			ipVersion: 4,
 			tf: &v1alpha1.Traceflow{
 				ObjectMeta: metav1.ObjectMeta{
-					Name: randName(fmt.Sprintf("%s-%s-to-%s-", testNamespace, node1Pods[0], dstPodIPv4Str)),
+					Name: randName(fmt.Sprintf("%s-%s-to-%s-", testNamespace, node1Pods[0], node2Pods[1])),
 				},
 				Spec: v1alpha1.TraceflowSpec{
 					Source: v1alpha1.Source{
@@ -1300,7 +1347,8 @@ func testTraceflowInterNode(t *testing.T, data *TestData) {
 						Pod:       node1Pods[0],
 					},
 					Destination: v1alpha1.Destination{
-						IP: dstPodIPv4Str,
+						Namespace: testNamespace,
+						Pod:       node2Pods[1],
 					},
 					Packet: v1alpha1.Packet{
 						IPHeader: v1alpha1.IPHeader{
@@ -1338,9 +1386,9 @@ func testTraceflowInterNode(t *testing.T, data *TestData) {
 							Action:    v1alpha1.ActionReceived,
 						},
 						{
-							Component:     v1alpha1.ComponentForwarding,
-							ComponentInfo: "Output",
-							Action:        v1alpha1.ActionDelivered,
+							Component:     v1alpha1.ComponentNetworkPolicy,
+							ComponentInfo: "IngressDefaultRule",
+							Action:        v1alpha1.ActionDropped,
 						},
 					},
 				},
@@ -1372,6 +1420,7 @@ func testTraceflowInterNode(t *testing.T, data *TestData) {
 						TransportHeader: v1alpha1.TransportHeader{
 							TCP: &v1alpha1.TCPHeader{
 								DstPort: 80,
+								SrcPort: 10011,
 								Flags:   2,
 							},
 						},
@@ -1389,8 +1438,8 @@ func testTraceflowInterNode(t *testing.T, data *TestData) {
 						},
 						{
 							Component:       v1alpha1.ComponentLB,
-							Pod:             fmt.Sprintf("%s/%s", testNamespace, nginxPodName),
-							TranslatedDstIP: nginxIPv4Str,
+							Pod:             fmt.Sprintf("%s/%s", testNamespace, agnhostPodName),
+							TranslatedDstIP: agnhostIPv4Str,
 							Action:          v1alpha1.ActionForwarded,
 						},
 						{
@@ -1429,12 +1478,12 @@ func testTraceflowInterNode(t *testing.T, data *TestData) {
 			ipVersion: 4,
 			tf: &v1alpha1.Traceflow{
 				ObjectMeta: metav1.ObjectMeta{
-					Name: randName(fmt.Sprintf("%s-%s-to-svc-%s-", testNamespace, nginxPodName, svcIPv4Name)),
+					Name: randName(fmt.Sprintf("%s-%s-to-svc-%s-", testNamespace, agnhostPodName, svcIPv4Name)),
 				},
 				Spec: v1alpha1.TraceflowSpec{
 					Source: v1alpha1.Source{
 						Namespace: testNamespace,
-						Pod:       nginxPodName,
+						Pod:       agnhostPodName,
 					},
 					Destination: v1alpha1.Destination{
 						Namespace: testNamespace,
@@ -1447,6 +1496,7 @@ func testTraceflowInterNode(t *testing.T, data *TestData) {
 						TransportHeader: v1alpha1.TransportHeader{
 							TCP: &v1alpha1.TCPHeader{
 								DstPort: 80,
+								SrcPort: 10012,
 								Flags:   2,
 							},
 						},
@@ -1464,9 +1514,9 @@ func testTraceflowInterNode(t *testing.T, data *TestData) {
 						},
 						{
 							Component:       v1alpha1.ComponentLB,
-							Pod:             fmt.Sprintf("%s/%s", testNamespace, nginxPodName),
+							Pod:             fmt.Sprintf("%s/%s", testNamespace, agnhostPodName),
 							TranslatedSrcIP: gatewayIPv4,
-							TranslatedDstIP: nginxIPv4Str,
+							TranslatedDstIP: agnhostIPv4Str,
 							Action:          v1alpha1.ActionForwarded,
 						},
 						{
@@ -1563,6 +1613,7 @@ func testTraceflowInterNode(t *testing.T, data *TestData) {
 						TransportHeader: v1alpha1.TransportHeader{
 							TCP: &v1alpha1.TCPHeader{
 								DstPort: 80,
+								SrcPort: 10013,
 								Flags:   2,
 							},
 						},
@@ -1631,6 +1682,7 @@ func testTraceflowInterNode(t *testing.T, data *TestData) {
 						TransportHeader: v1alpha1.TransportHeader{
 							UDP: &v1alpha1.UDPHeader{
 								DstPort: 321,
+								SrcPort: 10014,
 							},
 						},
 					},
@@ -1755,6 +1807,7 @@ func testTraceflowInterNode(t *testing.T, data *TestData) {
 						TransportHeader: v1alpha1.TransportHeader{
 							TCP: &v1alpha1.TCPHeader{
 								DstPort: 80,
+								SrcPort: 10015,
 								Flags:   2,
 							},
 						},
@@ -1772,8 +1825,8 @@ func testTraceflowInterNode(t *testing.T, data *TestData) {
 						},
 						{
 							Component:       v1alpha1.ComponentLB,
-							Pod:             fmt.Sprintf("%s/%s", testNamespace, nginxPodName),
-							TranslatedDstIP: nginxIPv6Str,
+							Pod:             fmt.Sprintf("%s/%s", testNamespace, agnhostPodName),
+							TranslatedDstIP: agnhostIPv6Str,
 							Action:          v1alpha1.ActionForwarded,
 						},
 						{
@@ -1809,12 +1862,12 @@ func testTraceflowInterNode(t *testing.T, data *TestData) {
 			ipVersion: 6,
 			tf: &v1alpha1.Traceflow{
 				ObjectMeta: metav1.ObjectMeta{
-					Name: randName(fmt.Sprintf("%s-%s-to-svc-%s-", testNamespace, nginxPodName, svcIPv6Name)),
+					Name: randName(fmt.Sprintf("%s-%s-to-svc-%s-", testNamespace, agnhostPodName, svcIPv6Name)),
 				},
 				Spec: v1alpha1.TraceflowSpec{
 					Source: v1alpha1.Source{
 						Namespace: testNamespace,
-						Pod:       nginxPodName,
+						Pod:       agnhostPodName,
 					},
 					Destination: v1alpha1.Destination{
 						Namespace: testNamespace,
@@ -1827,6 +1880,7 @@ func testTraceflowInterNode(t *testing.T, data *TestData) {
 						TransportHeader: v1alpha1.TransportHeader{
 							TCP: &v1alpha1.TCPHeader{
 								DstPort: 80,
+								SrcPort: 10016,
 								Flags:   2,
 							},
 						},
@@ -1844,9 +1898,9 @@ func testTraceflowInterNode(t *testing.T, data *TestData) {
 						},
 						{
 							Component:       v1alpha1.ComponentLB,
-							Pod:             fmt.Sprintf("%s/%s", testNamespace, nginxPodName),
+							Pod:             fmt.Sprintf("%s/%s", testNamespace, agnhostPodName),
 							TranslatedSrcIP: gatewayIPv6,
-							TranslatedDstIP: nginxIPv6Str,
+							TranslatedDstIP: agnhostIPv6Str,
 							Action:          v1alpha1.ActionForwarded,
 						},
 						{
@@ -1931,7 +1985,9 @@ func testTraceflowInterNode(t *testing.T, data *TestData) {
 		for _, tc := range testcases {
 			tc := tc
 			t.Run(tc.name, func(t *testing.T) {
-				t.Parallel()
+				if len(clusterInfo.windowsNodes) == 0 {
+					t.Parallel()
+				}
 				runTestTraceflow(t, data, tc)
 			})
 		}
@@ -1939,9 +1995,13 @@ func testTraceflowInterNode(t *testing.T, data *TestData) {
 }
 
 func testTraceflowExternalIP(t *testing.T, data *TestData) {
-	node := nodeName(0)
-	nodeIP := nodeIP(0)
-	podNames, _, cleanupFn := createTestBusyboxPods(t, data, 1, testNamespace, node)
+	nodeIdx := 0
+	if len(clusterInfo.windowsNodes) != 0 {
+		nodeIdx = clusterInfo.windowsNodes[0]
+	}
+	node := nodeName(nodeIdx)
+	nodeIP := nodeIP(nodeIdx)
+	podNames, _, cleanupFn := createTestAgnhostPods(t, data, 1, testNamespace, node)
 	defer cleanupFn()
 
 	testcase := testcase{
@@ -2105,27 +2165,6 @@ func (data *TestData) createNPAllowAllEgress(name string) (*networkingv1.Network
 	return data.createNetworkPolicy(name, spec)
 }
 
-// waitForNetworkpolicyRealized waits for the NetworkPolicy to be realized by the antrea-agent Pod.
-func (data *TestData) waitForNetworkpolicyRealized(pod string, networkpolicy string, npType v1beta2.NetworkPolicyType) error {
-	npOption := "K8sNP"
-	if npType == v1beta2.AntreaNetworkPolicy {
-		npOption = "ANP"
-	}
-	if err := wait.Poll(200*time.Millisecond, 5*time.Second, func() (bool, error) {
-		cmds := []string{"antctl", "get", "networkpolicy", "-S", networkpolicy, "-n", testNamespace, "-T", npOption}
-		stdout, stderr, err := runAntctl(pod, cmds, data)
-		if err != nil {
-			return false, fmt.Errorf("Error when executing antctl get NetworkPolicy, stdout: %s, stderr: %s, err: %v", stdout, stderr, err)
-		}
-		return strings.Contains(stdout, fmt.Sprintf("%s:%s/%s", npType, testNamespace, networkpolicy)), nil
-	}); err == wait.ErrWaitTimeout {
-		return fmt.Errorf("NetworkPolicy %s isn't realized in time", networkpolicy)
-	} else if err != nil {
-		return err
-	}
-	return nil
-}
-
 func runTestTraceflow(t *testing.T, data *TestData, tc testcase) {
 	switch tc.ipVersion {
 	case 4:
@@ -2148,6 +2187,10 @@ func runTestTraceflow(t *testing.T, data *TestData, tc testcase) {
 	if tc.tf.Spec.LiveTraffic {
 		// LiveTraffic Traceflow test supports only ICMP traffic from
 		// the source Pod to an IP or another Pod.
+		osString := "linux"
+		if len(clusterInfo.windowsNodes) != 0 {
+			osString = "windows"
+		}
 		var dstPodIPs *PodIPs
 		srcPod := tc.srcPod
 		if dstIP := tc.tf.Spec.Destination.IP; dstIP != "" {
@@ -2159,13 +2202,13 @@ func runTestTraceflow(t *testing.T, data *TestData, tc testcase) {
 			}
 		} else {
 			dstPod := tc.tf.Spec.Destination.Pod
-			podIPs := waitForPodIPs(t, data, []podInfo{{dstPod, "linux", "", ""}})
+			podIPs := waitForPodIPs(t, data, []podInfo{{dstPod, osString, "", ""}})
 			dstPodIPs = podIPs[dstPod]
 		}
 		// Give a little time for Nodes to install OVS flows.
 		time.Sleep(time.Second * 2)
 		// Send an ICMP echo packet from the source Pod to the destination.
-		if err := data.runPingCommandFromTestPod(podInfo{srcPod, "linux", "", ""}, testNamespace, dstPodIPs, busyboxContainerName, 2, 0); err != nil {
+		if err := data.runPingCommandFromTestPod(podInfo{srcPod, osString, "", ""}, testNamespace, dstPodIPs, agnhostContainerName, 2, 0); err != nil {
 			t.Logf("Ping '%s' -> '%v' failed: ERROR (%v)", srcPod, *dstPodIPs, err)
 		}
 	}