tests/bgp-simple: prepare adding announcements

felbinger · DerDennisOP · commit 84a0dda4a828 · 2025-11-24T20:10:37.000+01:00
diff --git a/tests/bgp-simple/default.nix b/tests/bgp-simple/default.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ lib, pkgs, ... }:
 {
   name = "bgp-simple";
 
@@ -25,6 +25,8 @@
       services.frr = {
         bgpd.enable = true;
         config = ''
+          ip route 198.51.100.0/25 reject
+          ipv6 route 2001:db8:beef::/48 reject
           router bgp 64496
             no bgp ebgp-requires-policy
             no bgp default ipv4-unicast
@@ -37,11 +39,13 @@
             neighbor 2001:db8::3 remote-as 64498
 
             address-family ipv4 unicast
+              network 198.51.100.0/25
               neighbor 192.0.2.2 activate
               neighbor 192.0.2.3 activate
             exit-address-family
 
             address-family ipv6 unicast
+              network 2001:db8:beef::/48
               neighbor 2001:db8::2 activate
               neighbor 2001:db8::3 activate
             exit-address-family
@@ -96,9 +100,13 @@
           # families and to disable/enable various groups of static routes on the fly).
           protocol static static4 {
             ipv4;
+
+            route 198.51.100.128/25 unreachable;
           }
           protocol static static6 {
             ipv6;
+
+            route 2001:db8:c0de::/48 unreachable;
           }
 
           protocol bgp a_v4 {
@@ -145,75 +153,132 @@
     };
     c = {
       environment.systemPackages = with pkgs; [ gobgp ];
-      networking.interfaces.eth1 = {
-        ipv4.addresses = [
-          {
-            address = "192.0.2.3";
-            prefixLength = 29;
-          }
-        ];
-        ipv6.addresses = [
-          {
-            address = "2001:db8::3";
-            prefixLength = 64;
-          }
-        ];
-      };
-      services.gobgpd = {
-        enable = true;
-        settings = {
-          global.config = {
-            as = 64498;
-            router-id = "192.0.2.3";
-          };
-          neighbors = [
+      networking.interfaces = {
+        eth1 = {
+          ipv4.addresses = [
             {
-              config = {
-                neighbor-address = "192.0.2.1";
-                peer-as = 64496;
-              };
-              afi-safis = [
-                {
-                  config.afi-safi-name = "ipv4-unicast";
-                }
-              ];
+              address = "192.0.2.3";
+              prefixLength = 29;
             }
+          ];
+          ipv6.addresses = [
             {
-              config = {
-                neighbor-address = "192.0.2.2";
-                peer-as = 64497;
-              };
-              afi-safis = [
-                {
-                  config.afi-safi-name = "ipv4-unicast";
-                }
-              ];
+              address = "2001:db8::3";
+              prefixLength = 64;
             }
+          ];
+        };
+        lo = {
+          ipv4.routes = [
             {
-              config = {
-                neighbor-address = "2001:db8::1";
-                peer-as = 64496;
-              };
-              afi-safis = [
-                {
-                  config.afi-safi-name = "ipv6-unicast";
-                }
-              ];
+              address = "203.0.113.0";
+              prefixLength = 24;
             }
+          ];
+          ipv6.routes = [
             {
-              config = {
-                neighbor-address = "2001:db8::2";
-                peer-as = 64497;
-              };
-              afi-safis = [
-                {
-                  config.afi-safi-name = "ipv6-unicast";
-                }
-              ];
+              address = "2001:db8:dead::";
+              prefixLength = 48;
             }
           ];
         };
       };
+      users = {
+        groups.gobgpd = { };
+        users.gobgpd = {
+          description = "GoBGP Daemon User";
+          isSystemUser = true;
+          group = "gobgpd";
+        };
+      };
+      systemd = {
+        services = {
+          frr.postStart = "${pkgs.acl}/bin/setfacl -m u:gobgpd:rwx /run/frr/zserv.api";
+          gobgpd = {
+            after = [ "frr.service" ];
+            serviceConfig = {
+              DynamicUser = lib.mkForce false;
+              User = "gobgpd";
+              Group = "gobgpd";
+            };
+          };
+        };
+      };
+      services = {
+        # any frr service will do, we just need the zebra socket
+        # a upstream module modification to frr would be better
+        frr.sharpd.enable = true;
+        gobgpd = {
+          enable = true;
+          settings = {
+            global.config = {
+              as = 64498;
+              router-id = "192.0.2.3";
+            };
+            global.apply-policy.config = {
+              default-import-policy = "accept-route";
+              default-export-policy = "accept-route";
+            };
+            zebra.config = {
+              enabled = true;
+              software-name = "frr${lib.versions.majorMinor pkgs.frr.version}";
+              version = 6;
+              url = "unix:/run/frr/zserv.api";
+              redistribute-route-type-list = [
+                "kernel"
+                "directly-connected"
+                "static"
+              ];
+            };
+            neighbors = [
+              {
+                config = {
+                  neighbor-address = "192.0.2.1";
+                  peer-as = 64496;
+                };
+                afi-safis = [
+                  {
+                    config.afi-safi-name = "ipv4-unicast";
+                  }
+                ];
+              }
+              {
+                config = {
+                  neighbor-address = "192.0.2.2";
+                  peer-as = 64497;
+                };
+                afi-safis = [
+                  {
+                    config.afi-safi-name = "ipv4-unicast";
+                  }
+                ];
+              }
+              {
+                config = {
+                  neighbor-address = "2001:db8::1";
+                  peer-as = 64496;
+                };
+                afi-safis = [
+                  {
+                    config.afi-safi-name = "ipv6-unicast";
+                  }
+                ];
+              }
+              {
+                config = {
+                  neighbor-address = "2001:db8::2";
+                  peer-as = 64497;
+                };
+                afi-safis = [
+                  {
+                    config.afi-safi-name = "ipv6-unicast";
+                  }
+                ];
+              }
+            ];
+          };
+        };
+      };
     };
   };
 
@@ -228,19 +293,34 @@
     b.wait_for_unit("bird.service")
     c.wait_for_unit("gobgpd.service")
 
-    a.wait_until_succeeds("vtysh -c 'show bgp ipv4 summary' | grep '192.0.2.2.*0\\s*0\\s*N/A'")
-    a.wait_until_succeeds("vtysh -c 'show bgp ipv4 summary' | grep '192.0.2.3.*0\\s*0\\s*N/A'")
-    b.wait_until_succeeds("birdc show protocols | grep 'a_v4.*Established'")
-    b.wait_until_succeeds("birdc show protocols | grep 'c_v4.*Established'")
-    c.wait_until_succeeds("gobgp neighbor -a 'ipv4' | grep '192.0.2.1.*Establ'")
-    c.wait_until_succeeds("gobgp neighbor -a 'ipv4' | grep '192.0.2.2.*Establ'")
-
-    # IPv6 DAD might need some time to complete for the local link address, which is required by frr
-    a.wait_until_succeeds("vtysh -c 'show bgp ipv6 summary' | grep '2001:db8::2.*0\\s*0\\s*N/A'")
-    a.wait_until_succeeds("vtysh -c 'show bgp ipv6 summary' | grep '2001:db8::3.*0\\s*0\\s*N/A'")
-    b.wait_until_succeeds("birdc show protocols | grep 'a_v6.*Established'")
-    b.wait_until_succeeds("birdc show protocols | grep 'c_v4.*Established'")
-    c.wait_until_succeeds("gobgp neighbor -a 'ipv6' | grep '2001:db8::1.*Establ'")
-    c.wait_until_succeeds("gobgp neighbor -a 'ipv6' | grep '2001:db8::2.*Establ'")
+    with subtest("ensure bgp sessions are established"):
+      a.wait_until_succeeds("vtysh -c 'show bgp ipv4 summary' | grep '192.0.2.2.*1\\s*2\\s*N/A'")
+      a.wait_until_succeeds("vtysh -c 'show bgp ipv4 summary' | grep '192.0.2.3.*1\\s*2\\s*N/A'")
+      b.wait_until_succeeds("birdc show protocols | grep 'a_v4.*Established'")
+      b.wait_until_succeeds("birdc show protocols | grep 'c_v4.*Established'")
+      c.wait_until_succeeds("gobgp neighbor -a 'ipv4' | grep '192.0.2.1.*Establ.*|.*2.*2'")
+      c.wait_until_succeeds("gobgp neighbor -a 'ipv4' | grep '192.0.2.2.*Establ.*|.*2.*2'")
+
+      # IPv6 DAD might need some time to complete for the local link address, which is required by frr
+      a.wait_until_succeeds("vtysh -c 'show bgp ipv6 summary' | grep '2001:db8::2.*1\\s*2\\s*N/A'")
+      a.wait_until_succeeds("vtysh -c 'show bgp ipv6 summary' | grep '2001:db8::3.*1\\s*2\\s*N/A'")
+      b.wait_until_succeeds("birdc show protocols | grep 'a_v6.*Established'")
+      b.wait_until_succeeds("birdc show protocols | grep 'c_v4.*Established'")
+      c.wait_until_succeeds("gobgp neighbor -a 'ipv6' | grep '2001:db8::1.*Establ.*|.*2.*2'")
+      c.wait_until_succeeds("gobgp neighbor -a 'ipv6' | grep '2001:db8::2.*Establ.*|.*2.*2'")
+
+    with subtest("ensure routes have been installed in fib"):
+      b.succeed("ip route show | grep 198.51.100.0/25")
+      c.succeed("ip route show | grep 198.51.100.0/25")
+      a.succeed("ip route show | grep 198.51.100.128/25")
+      c.succeed("ip route show | grep 198.51.100.128/25")
+      a.succeed("ip route show | grep 203.0.113.0/24")
+      b.succeed("ip route show | grep 203.0.113.0/24")
+      b.succeed("ip -6 route show | grep 2001:db8:beef::/48")
+      c.succeed("ip -6 route show | grep 2001:db8:beef::/48")
+      a.succeed("ip -6 route show | grep 2001:db8:c0de::/48")
+      c.succeed("ip -6 route show | grep 2001:db8:c0de::/48")
+      a.succeed("ip -6 route show | grep 2001:db8:dead::/48")
+      b.succeed("ip -6 route show | grep 2001:db8:dead::/48")
   '';
 }
