[TestPlan] BGP policy test

[Azarack]

Description of PR

Summary:
Fixes # (issue)
New test case to test BGP policy features.

Type of change

• Bug fix
• Testbed and Framework(new/improvement)
• Test case(new/improvement)

Back port request

• 201911
• 202012
• 202205
• 202305
• 202311

Approach

What is the motivation for this PR?

To test BGP policy.

How did you do it?

How did you verify/test it?

Running on virtual T2 testbed.

Any platform specific information?

Supported testbed topology if it's a new test case?

T2

Documentation

Yes, testplan readme is updated.

[mssonicbld]

The pre-commit check detected issues in the files touched by this pull request.
The pre-commit check is a mandatory check, please fix detected issues.

Detailed pre-commit check results:
trim trailing whitespace.................................................Failed
- hook id: trailing-whitespace
- exit code: 1
- files were modified by this hook

Fixing docs/testplan/BGP-Policy.md
Fixing tests/bgp/conftest.py

fix end of files.........................................................Failed
- hook id: end-of-file-fixer
- exit code: 1
- files were modified by this hook

Fixing tests/bgp/conftest.py

check yaml...........................................(no files to check)Skipped
check for added large files..............................................Passed
check python ast.........................................................Passed
flake8...................................................................Passed
flake8...............................................(no files to check)Skipped
...
[truncated extra lines, please run pre-commit locally to view full check results]

To run the pre-commit checks locally, you can follow below steps:

1. Ensure that default python is python3. In sonic-mgmt docker container, default python is python2. You can run
   the check by activating the python3 virtual environment in sonic-mgmt docker container or outside of sonic-mgmt
   docker container.
2. Ensure that the pre-commit package is installed:

sudo pip install pre-commit

3. Go to repository root folder
4. Install the pre-commit hooks:

pre-commit install

5. Use pre-commit to check staged file:

pre-commit

6. Alternatively, you can check committed files using:

pre-commit run --from-ref <commit_id> --to-ref <commit_id>

[mssonicbld]

The pre-commit check detected issues in the files touched by this pull request.
The pre-commit check is a mandatory check, please fix detected issues.

Detailed pre-commit check results:
trim trailing whitespace.................................................Failed
- hook id: trailing-whitespace
- exit code: 1
- files were modified by this hook

Fixing docs/testplan/BGP-Policy.md

fix end of files.........................................................Passed
check yaml...........................................(no files to check)Skipped
check for added large files..............................................Passed
check python ast.........................................................Passed
flake8...................................................................Passed
flake8...............................................(no files to check)Skipped
check conditional mark sort..........................(no files to check)Skipped

To run the pre-commit checks locally, you can follow below steps:

1. Ensure that default python is python3. In sonic-mgmt docker container, default python is python2. You can run
   the check by activating the python3 virtual environment in sonic-mgmt docker container or outside of sonic-mgmt
   docker container.
2. Ensure that the pre-commit package is installed:

sudo pip install pre-commit

3. Go to repository root folder
4. Install the pre-commit hooks:

pre-commit install

5. Use pre-commit to check staged file:

pre-commit

6. Alternatively, you can check committed files using:

pre-commit run --from-ref <commit_id> --to-ref <commit_id>

[colintle]

@Azarack how were you able to run a virtual t2 testbed?

@colintle We use the ansible in this repo to start the minimum T2 topology on a virtual machine.

@Azarack Is there documentation on getting T2 topology running on a vm?

@colintle https://github.com/sonic-net/sonic-mgmt/blob/master/docs/testbed/README.testbed.VsSetup.md is the document I used to get started. I use vsonic neighbors and the vms-kvm-t2-min topology settings.

Is it just replacing t0 with t2 for the add-topo and deploy-mg? @Azarack

[Azarack]

@Azarack how were you able to run a virtual t2 testbed?

@colintle We use the ansible in this repo to start the minimum T2 topology on a virtual machine.

@Azarack Is there documentation on getting T2 topology running on a vm?

@colintle https://github.com/sonic-net/sonic-mgmt/blob/master/docs/testbed/README.testbed.VsSetup.md is the document I used to get started. I use vsonic neighbors and the vms-kvm-t2-min topology settings.

Is it just replacing t0 with t2 for the add-topo and deploy-mg? @Azarack

You need to use the above topo for the testbed-cli.sh commands as well as make these changes to a couple files to add that topology into the system.

git diff ansible/vars/topo_t2_2lc_min_ports-masic.yml
diff --git a/ansible/vars/topo_t2_2lc_min_ports-masic.yml b/ansible/vars/topo_t2_2lc_min_ports-masic.yml
index 36d7fb4ff..847d23cbd 100644
--- a/ansible/vars/topo_t2_2lc_min_ports-masic.yml
+++ b/ansible/vars/topo_t2_2lc_min_ports-masic.yml
@@ -54,6 +54,19 @@ topology:
       ipv6:
         - FC00:10::1/128
         - FC00:11::1/128
+    vs_chassis:
+      inband_port:
+        - 30
+        - 30
+      midplane_port:
+        - 31
+        - 31
+        - 31
+      midplane_address:
+        - 10.0.5.1
+        - 10.0.5.2
+        - 10.0.5.16
+      chassis_db_ip: 10.0.5.16

 configuration_properties:
   common:


git diff ansible/veos_vtb
diff --git a/ansible/veos_vtb b/ansible/veos_vtb
index 16900d8c4..7736011ea 100644
--- a/ansible/veos_vtb
+++ b/ansible/veos_vtb
@@ -32,6 +32,8 @@ all:
           - dualtor-56
           - dualtor-120
           - t2-vs
+          - t2
+          - t2_2lc_min_ports-masic
           - dualtor-mixed
           - dualtor-mixed-56
           - dualtor-mixed-120
@@ -199,6 +201,7 @@ all:
           ansible_password: password
           ansible_user: admin
           slot_num: slot1
+          macsec_card: True
         vlab-t2-02:
           ansible_host: 10.250.0.121
           ansible_hostv6: fec0::ffff:afa:11
@@ -277,8 +280,8 @@ vm_host_1:
   hosts:
     STR-ACS-VSERV-01:
       ansible_host: 172.17.0.1
-      ansible_user: use_own_value
-      vm_host_user: use_own_value
+      ansible_user: <own_value>
+      vm_host_user: <own_value>

 vms_1:
   hosts:
@@ -370,3 +373,5 @@ vms_1:
       ansible_host: 10.250.0.93
     VM0143:
       ansible_host: 10.250.0.94
+  vars:
+    macsec_card: True


git diff ansible/vtestbed.yaml
diff --git a/ansible/vtestbed.yaml b/ansible/vtestbed.yaml
index 14e31f208..e54b7213d 100644
--- a/ansible/vtestbed.yaml
+++ b/ansible/vtestbed.yaml
@@ -336,3 +336,21 @@
   inv_name: veos_vtb
   auto_recover: False
   comment: Tests virtual switch vm as DPU
+
+- conf-name: vms-kvm-t2-min
+  group-name: vms6-4-m
+  topo: t2_2lc_min_ports-masic
+  ptf_image_name: docker-ptf
+  ptf: ptf-04
+  ptf_ip: 10.250.0.109/24
+  ptf_ipv6: fec0::ffff:afa:9/64
+  server: server_1
+  vm_base: VM0100
+  dut:
+    - vlab-t2-01
+    - vlab-t2-02
+    - vlab-t2-sup
+  inv_name: veos_vtb
+  auto_recover: 'False'
+  comment: T2 Virtual chassis
+

[colintle]

@Azarack how were you able to run a virtual t2 testbed?

@colintle We use the ansible in this repo to start the minimum T2 topology on a virtual machine.

@Azarack Is there documentation on getting T2 topology running on a vm?

@colintle https://github.com/sonic-net/sonic-mgmt/blob/master/docs/testbed/README.testbed.VsSetup.md is the document I used to get started. I use vsonic neighbors and the vms-kvm-t2-min topology settings.

Is it just replacing t0 with t2 for the add-topo and deploy-mg? @Azarack

You need to use the above topo for the testbed-cli.sh commands as well as make these changes to a couple files to add that topology into the system.

git diff ansible/vars/topo_t2_2lc_min_ports-masic.yml
diff --git a/ansible/vars/topo_t2_2lc_min_ports-masic.yml b/ansible/vars/topo_t2_2lc_min_ports-masic.yml
index 36d7fb4ff..847d23cbd 100644
--- a/ansible/vars/topo_t2_2lc_min_ports-masic.yml
+++ b/ansible/vars/topo_t2_2lc_min_ports-masic.yml
@@ -54,6 +54,19 @@ topology:
       ipv6:
         - FC00:10::1/128
         - FC00:11::1/128
+    vs_chassis:
+      inband_port:
+        - 30
+        - 30
+      midplane_port:
+        - 31
+        - 31
+        - 31
+      midplane_address:
+        - 10.0.5.1
+        - 10.0.5.2
+        - 10.0.5.16
+      chassis_db_ip: 10.0.5.16

 configuration_properties:
   common:


git diff ansible/veos_vtb
diff --git a/ansible/veos_vtb b/ansible/veos_vtb
index 16900d8c4..7736011ea 100644
--- a/ansible/veos_vtb
+++ b/ansible/veos_vtb
@@ -32,6 +32,8 @@ all:
           - dualtor-56
           - dualtor-120
           - t2-vs
+          - t2
+          - t2_2lc_min_ports-masic
           - dualtor-mixed
           - dualtor-mixed-56
           - dualtor-mixed-120
@@ -199,6 +201,7 @@ all:
           ansible_password: password
           ansible_user: admin
           slot_num: slot1
+          macsec_card: True
         vlab-t2-02:
           ansible_host: 10.250.0.121
           ansible_hostv6: fec0::ffff:afa:11
@@ -277,8 +280,8 @@ vm_host_1:
   hosts:
     STR-ACS-VSERV-01:
       ansible_host: 172.17.0.1
-      ansible_user: use_own_value
-      vm_host_user: use_own_value
+      ansible_user: <own_value>
+      vm_host_user: <own_value>

 vms_1:
   hosts:
@@ -370,3 +373,5 @@ vms_1:
       ansible_host: 10.250.0.93
     VM0143:
       ansible_host: 10.250.0.94
+  vars:
+    macsec_card: True


git diff ansible/vtestbed.yaml
diff --git a/ansible/vtestbed.yaml b/ansible/vtestbed.yaml
index 14e31f208..e54b7213d 100644
--- a/ansible/vtestbed.yaml
+++ b/ansible/vtestbed.yaml
@@ -336,3 +336,21 @@
   inv_name: veos_vtb
   auto_recover: False
   comment: Tests virtual switch vm as DPU
+
+- conf-name: vms-kvm-t2-min
+  group-name: vms6-4-m
+  topo: t2_2lc_min_ports-masic
+  ptf_image_name: docker-ptf
+  ptf: ptf-04
+  ptf_ip: 10.250.0.109/24
+  ptf_ipv6: fec0::ffff:afa:9/64
+  server: server_1
+  vm_base: VM0100
+  dut:
+    - vlab-t2-01
+    - vlab-t2-02
+    - vlab-t2-sup
+  inv_name: veos_vtb
+  auto_recover: 'False'
+  comment: T2 Virtual chassis
+

Were you able to see your internal neighbors (show ip bgp sum -d all) @Azarack

/testbed-cli.sh -d /data/sonic-vm -t vtestbed.yaml -m veos_vtb -k ceos add-topo vms-kvm-t2 password.txt
./testbed-cli.sh -d /data/sonic-vm -t vtestbed.yaml -m veos_vtb deploy-mg vms-kvm-t2 veos_vtb password.txt

These were the commands I ran for my virtual chassis

[Azarack]

@colintle I do get neighbors:

admin@vlab-t2-01:~$ show ip bgp sum -d all

IPv4 Unicast Summary:
BGP router identifier 10.1.0.1, local AS number 65100 vrf-id 0
BGP table version 299445
RIB entries 101641, using 19515072 bytes of memory
Peers 4, using 2967904 KiB of memory
Peer groups 2, using 128 bytes of memory


Neighbhor      V     AS    MsgRcvd    MsgSent    TblVer    InQ    OutQ  Up/Down      State/PfxRcd  NeighborName
-----------  ---  -----  ---------  ---------  --------  -----  ------  ---------  --------------  --------------
10.0.0.1       4  65200     145823     146100         0      0       0  4d11h16m            34050  ARISTA01T3
10.0.0.5       4  65200     145835     146503         0      0       0  4d11h16m            34050  ARISTA03T3
10.0.0.7       4  65200     145824     146103         0      0       0  4d11h16m            34050  ARISTA04T3
10.0.0.11      4  65200     146123     146499         0      0       0  3d01h54m            34049  ARISTA06T3

Total number of neighbors 4

In your command use the topo vms-kvm-t2-min. We found the full T2 virtual to be too much for our hardware.

I did forget to mention the fix for the t2-bridge error you may have seen. Run these commands on the actual host, not in the container:

Bridge fix:
sudo ovs-vsctl --may-exist add-br br-T2Inband
sudo ovs-vsctl --may-exist add-br br-T2Midplane

[colintle]

/testbed-cli.sh -d /data/sonic-vm -t vtestbed.yaml -m veos_vtb -k ceos add-topo vms-kvm-t2 password.txt

So what would be the difference between vms-kvm-t2 and vms-kvm-t2-min? Is it that in the topo_t2_2lc_min_ports-masic.yml, your configuration properities are empty? I am using default data/sonic-mgmt/ansible/vars/topo_t2-vs.yml, data/sonic-mgmt/ansible/veos_vtb, and data/sonic-mgmt/ansible/vtestbed.yaml. @Azarack

[colintle]

sudo ovs-vsctl --may-exist add-br br-T2Midplane

It looks like you have only external neighbors since all of them have a AS id (65200) that is different from your local AS id (65100). Virtual chassis also needs internal neighbors with the same AS id (65100) @Azarack

[Azarack]

/testbed-cli.sh -d /data/sonic-vm -t vtestbed.yaml -m veos_vtb -k ceos add-topo vms-kvm-t2 password.txt

So what would be the difference between vms-kvm-t2 and vms-kvm-t2-min? Is it that in the topo_t2_2lc_min_ports-masic.yml, your configuration properities are empty? I am using default data/sonic-mgmt/ansible/vars/topo_t2-vs.yml, data/sonic-mgmt/ansible/veos_vtb, and data/sonic-mgmt/ansible/vtestbed.yaml. @Azarack

The -min uses fewer neighbors so its less load on the host. The configuration is in the vars/topo_t2_2lc_min_ports-masic.yml file, you need to add the couple lines I posted above in my git diff.

[Azarack]

sudo ovs-vsctl --may-exist add-br br-T2Midplane

It looks like you have only external neighbors since all of them have a AS id (65200) that is different from your local AS id (65100). Virtual chassis also needs internal neighbors with the same AS id (65100) @Azarack

There are no T2 neighbors in this setup if that is what you are referring to. There are only T1 and T3 which have different ASN.

[colintle]

sudo ovs-vsctl --may-exist add-br br-T2Midplane

It looks like you have only external neighbors since all of them have a AS id (65200) that is different from your local AS id (65100). Virtual chassis also needs internal neighbors with the same AS id (65100) @Azarack

There are no T2 neighbors in this setup if that is what you are referring to. There are only T1 and T3 which have different ASN.

A virtual chassis needs have both iBGP and eBGP sessions open right? So neighbors with the same local ASN would be that iBGP session is active. @Azarack

[Azarack]

sudo ovs-vsctl --may-exist add-br br-T2Midplane

It looks like you have only external neighbors since all of them have a AS id (65200) that is different from your local AS id (65100). Virtual chassis also needs internal neighbors with the same AS id (65100) @Azarack

There are no T2 neighbors in this setup if that is what you are referring to. There are only T1 and T3 which have different ASN.

A virtual chassis needs have both iBGP and eBGP sessions open right? So neighbors with the same local ASN would be that iBGP session is active. @Azarack

There are multiple LC's in the virtual setup, but they don't have iBGP running between them like a physical chassis would. This is the way the configuration comes from the repo.

[colintle]

LC's in the virtual setup, but they don't have iBGP running between them like a physical chassis would. This is the way the configuration comes fro

Could you point to where the configuration does that in the repo? @Azarack

[Azarack]

No, I don't know the specific place that is setup.

[colintle]

No, I don't know the specific place that is setup.

Is it the topo yml file (e.g. data/sonic-mgmt/ansible/vars/topo_t2-vs.yml )?

[Azarack]

You should be using this topo file topo_t2_2lc_min_ports-masic.yml for the min topo.

[colintle]

You should be using this topo file topo_t2_2lc_min_ports-masic.yml for the min topo.

Which neighbors did you use for the testbed? @Azarack

[Azarack]

You should be using this topo file topo_t2_2lc_min_ports-masic.yml for the min topo.

Which neighbors did you use for the testbed? @Azarack

@colintle I dynamically get the neighbor to use in the conftest file in the gather_info fixture.

[colintle]

You should be using this topo file topo_t2_2lc_min_ports-masic.yml for the min topo.

Which neighbors did you use for the testbed? @Azarack

@colintle I dynamically get the neighbor to use in the conftest file in the gather_info fixture.
./testbed-cli.sh -d /data/veos-vm/ -m veos_vtb -n 8 -k vsonic start-vms server_1 password.txt

./testbed-cli.sh -d /data/sonic-vm -t vtestbed.yaml -m veos_vtb -k vsonic add-topo vms-kvm-t2-min password.txt

./testbed-cli.sh -d /data/sonic-vm -t vtestbed.yaml -m veos_vtb deploy-mg vms-kvm-t2-min veos_vtb password.txt

For some reason, my linecard is not being received prefixes from its neighbors. Those commands were the ones I use.

[Azarack]

@colintle I don't think you need the -d switch for the setup commands.

Do you have the same image in ../sonic-vm/images and ../veos-vm/images?

[colintle]

@colintle I don't think you need the -d switch for the setup commands.

Do you have the same image in ../sonic-vm/images and ../veos-vm/images?

Yup I do

this was the error I was getting during the deploy-mg @Azarack

[Azarack]

@colintle I have not seen that error before and am unsure what it is telling you.

[colintle]

@colintle I have not seen that error before and am unsure what it is telling you.

could you show your running docker containers? isn't there supposed to be one for each asic? @Azarack

[Azarack]

@colintle I have not seen that error before and am unsure what it is telling you.

could you show your running docker containers? isn't there supposed to be one for each asic? @Azarack

There is only one docker container that runs and each line card has a virsh vm. The virtual testbed is single asic devices.