tests/bgp-simple: add gobgp

Author: DerDennisOP

tests/README.md

@@ -7,7 +7,7 @@
 | bgp-frr-unnumbered                        | FRR                        | <!-- Add BIRD when unnumbered peerings are supported -->
 | bgp-md5                                   | FRR, BIRD3                 |
 | bgp-prefsource                            | FRR, BIRD3                 |
-| bgp-simple                                | FRR, BIRD3                 |
+| bgp-simple                                | FRR, BIRD3, GoBGP          |
 | bgp-ttl-security                          | FRR, BIRD3                 |
 | dhcpv4                                    | Kea DHCP Server, dhclient  | <!-- Extend by NetworkManager/systemd-networkd clients -->
 | dns-knot                                  | Knot DNS Server            |

tests/bgp-simple/README.md

@@ -3,5 +3,5 @@
 This configuration sets up a simple BGP test environment with two nodes.
 
 Node a runs FRRouting (FRR) as a BGP speaker with IPv4 and IPv6 addresses on interface
-eth1, while node b runs the BIRD routing daemon configured similarly. Both nodes establish
+eth1, while node b runs the BIRD and node c the GoBGP routing daemon configured similarly. All nodes establish
 BGP peering over IPv4 and IPv6 with each other.

tests/bgp-simple/default.nix

@@ -1,4 +1,4 @@
-{ ... }:
+{ lib, pkgs, ... }:
 {
   name = "bgp-simple";
 
@@ -12,7 +12,7 @@
         ipv4.addresses = [
           {
             address = "192.0.2.1";
-            prefixLength = 30;
+            prefixLength = 29;
           }
         ];
         ipv6.addresses = [
@@ -25,6 +25,8 @@
       services.frr = {
         bgpd.enable = true;
         config = ''
+          ip route 198.51.100.0/25 reject
+          ipv6 route 2001:db8:beef::/48 reject
           router bgp 64496
             no bgp ebgp-requires-policy
             no bgp default ipv4-unicast
@@ -33,12 +35,19 @@
             neighbor 192.0.2.2 remote-as 64497
             neighbor 2001:db8::2 remote-as 64497
 
+            neighbor 192.0.2.3 remote-as 64498
+            neighbor 2001:db8::3 remote-as 64498
+
             address-family ipv4 unicast
+              network 198.51.100.0/25
               neighbor 192.0.2.2 activate
+              neighbor 192.0.2.3 activate
             exit-address-family
 
             address-family ipv6 unicast
+              network 2001:db8:beef::/48
               neighbor 2001:db8::2 activate
+              neighbor 2001:db8::3 activate
             exit-address-family
         '';
       };
@@ -48,7 +57,7 @@
         ipv4.addresses = [
           {
             address = "192.0.2.2";
-            prefixLength = 30;
+            prefixLength = 29;
           }
         ];
         ipv6.addresses = [
@@ -91,9 +100,13 @@
           # families and to disable/enable various groups of static routes on the fly).
           protocol static static4 {
             ipv4;
+
+            route 198.51.100.128/25 unreachable;
           }
           protocol static static6 {
             ipv6;
+
+            route 2001:db8:c0de::/48 unreachable;
           }
 
           protocol bgp a_v4 {
@@ -106,6 +119,16 @@
             };
           }
 
+          protocol bgp c_v4 {
+            local as 64497;
+            neighbor 192.0.2.3 as 64498;
+
+            ipv4 {
+              import all;
+              export all;
+            };
+          }
+
           protocol bgp a_v6 {
             local as 64497;
             neighbor 2001:db8::1 as 64496;
@@ -115,25 +138,189 @@
               export all;
             };
           }
+
+          protocol bgp c_v6 {
+            local as 64497;
+            neighbor 2001:db8::3 as 64498;
+
+            ipv6 {
+              import all;
+              export all;
+            };
+          }
         '';
       };
     };
+    c = {
+      environment.systemPackages = with pkgs; [ gobgp ];
+      networking.interfaces = {
+        eth1 = {
+          ipv4.addresses = [
+            {
+              address = "192.0.2.3";
+              prefixLength = 29;
+            }
+          ];
+          ipv6.addresses = [
+            {
+              address = "2001:db8::3";
+              prefixLength = 64;
+            }
+          ];
+        };
+        lo = {
+          ipv4.routes = [
+            {
+              address = "203.0.113.0";
+              prefixLength = 24;
+            }
+          ];
+          ipv6.routes = [
+            {
+              address = "2001:db8:dead::";
+              prefixLength = 48;
+            }
+          ];
+        };
+      };
+      users = {
+        groups.gobgpd = { };
+        users.gobgpd = {
+          description = "GoBGP Daemon User";
+          isSystemUser = true;
+          group = "gobgpd";
+        };
+      };
+      systemd = {
+        services = {
+          frr.postStart = "${pkgs.acl}/bin/setfacl -m u:gobgpd:rwx /run/frr/zserv.api";
+          gobgpd = {
+            after = [ "frr.service" ];
+            serviceConfig = {
+              DynamicUser = lib.mkForce false;
+              User = "gobgpd";
+              Group = "gobgpd";
+            };
+          };
+        };
+      };
+      services = {
+        # any frr service will do, we just need the zebra socket
+        # a upstream module modification to frr would be better
+        frr.sharpd.enable = true;
+        gobgpd = {
+          enable = true;
+          settings = {
+            global.config = {
+              as = 64498;
+              router-id = "192.0.2.3";
+            };
+            global.apply-policy.config = {
+              default-import-policy = "accept-route";
+              default-export-policy = "accept-route";
+            };
+            zebra.config = {
+              enabled = true;
+              software-name = "frr${lib.versions.majorMinor pkgs.frr.version}";
+              version = 6;
+              url = "unix:/run/frr/zserv.api";
+              redistribute-route-type-list = [
+                "kernel"
+                "directly-connected"
+                "static"
+              ];
+            };
+            neighbors = [
+              {
+                config = {
+                  neighbor-address = "192.0.2.1";
+                  peer-as = 64496;
+                };
+                afi-safis = [
+                  {
+                    config.afi-safi-name = "ipv4-unicast";
+                  }
+                ];
+              }
+              {
+                config = {
+                  neighbor-address = "192.0.2.2";
+                  peer-as = 64497;
+                };
+                afi-safis = [
+                  {
+                    config.afi-safi-name = "ipv4-unicast";
+                  }
+                ];
+              }
+              {
+                config = {
+                  neighbor-address = "2001:db8::1";
+                  peer-as = 64496;
+                };
+                afi-safis = [
+                  {
+                    config.afi-safi-name = "ipv6-unicast";
+                  }
+                ];
+              }
+              {
+                config = {
+                  neighbor-address = "2001:db8::2";
+                  peer-as = 64497;
+                };
+                afi-safis = [
+                  {
+                    config.afi-safi-name = "ipv6-unicast";
+                  }
+                ];
+              }
+            ];
+          };
+        };
+      };
+    };
   };
 
   testScript = ''
     start_all()
 
     a.wait_for_unit("network.target")
     b.wait_for_unit("network.target")
+    c.wait_for_unit("network.target")
 
     a.wait_for_unit("frr.service")
     b.wait_for_unit("bird.service")
+    c.wait_for_unit("gobgpd.service")
+
+    with subtest("ensure bgp sessions are established"):
+      a.wait_until_succeeds("vtysh -c 'show bgp ipv4 summary' | grep '192.0.2.2.*1\\s*2\\s*N/A'")
+      a.wait_until_succeeds("vtysh -c 'show bgp ipv4 summary' | grep '192.0.2.3.*1\\s*2\\s*N/A'")
+      b.wait_until_succeeds("birdc show protocols | grep 'a_v4.*Established'")
+      b.wait_until_succeeds("birdc show protocols | grep 'c_v4.*Established'")
+      c.wait_until_succeeds("gobgp neighbor -a 'ipv4' | grep '192.0.2.1.*Establ.*|.*2.*2'")
+      c.wait_until_succeeds("gobgp neighbor -a 'ipv4' | grep '192.0.2.2.*Establ.*|.*2.*2'")
 
-    a.wait_until_succeeds("vtysh -c 'show bgp ipv4 summary' | grep '192.0.2.2.*0\\s*0\\s*N/A'")
-    b.wait_until_succeeds("birdc show protocols | grep 'a_v4.*Established'")
+      # IPv6 DAD might need some time to complete for the local link address, which is required by frr
+      a.wait_until_succeeds("vtysh -c 'show bgp ipv6 summary' | grep '2001:db8::2.*1\\s*2\\s*N/A'")
+      a.wait_until_succeeds("vtysh -c 'show bgp ipv6 summary' | grep '2001:db8::3.*1\\s*2\\s*N/A'")
+      b.wait_until_succeeds("birdc show protocols | grep 'a_v6.*Established'")
+      b.wait_until_succeeds("birdc show protocols | grep 'c_v4.*Established'")
+      c.wait_until_succeeds("gobgp neighbor -a 'ipv6' | grep '2001:db8::1.*Establ.*|.*2.*2'")
+      c.wait_until_succeeds("gobgp neighbor -a 'ipv6' | grep '2001:db8::2.*Establ.*|.*2.*2'")
 
-    # IPv6 DAD might need some time to complete for the local link address, which is required by frr
-    a.wait_until_succeeds("vtysh -c 'show bgp ipv6 summary' | grep '2001:db8::2.*0\\s*0\\s*N/A'")
-    b.wait_until_succeeds("birdc show protocols | grep 'a_v6.*Established'")
+    with subtest("ensure routes have been installed in fib"):
+      b.succeed("ip route show | grep 198.51.100.0/25")
+      c.succeed("ip route show | grep 198.51.100.0/25")
+      a.succeed("ip route show | grep 198.51.100.128/25")
+      c.succeed("ip route show | grep 198.51.100.128/25")
+      a.succeed("ip route show | grep 203.0.113.0/24")
+      b.succeed("ip route show | grep 203.0.113.0/24")
+      b.succeed("ip -6 route show | grep 2001:db8:beef::/48")
+      c.succeed("ip -6 route show | grep 2001:db8:beef::/48")
+      a.succeed("ip -6 route show | grep 2001:db8:c0de::/48")
+      c.succeed("ip -6 route show | grep 2001:db8:c0de::/48")
+      a.succeed("ip -6 route show | grep 2001:db8:dead::/48")
+      b.succeed("ip -6 route show | grep 2001:db8:dead::/48")
   '';
 }