tests/bgp-simple: GoGBP with Zebra Integration

DerDennisOP · DerDennisOP · commit 9cde5504f889 · 2025-11-24T11:33:59.000+01:00
diff --git a/tests/bgp-simple/default.nix b/tests/bgp-simple/default.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ lib, pkgs, ... }:
 {
   name = "bgp-simple";
 
@@ -27,7 +27,6 @@
         config = ''
           ip route 198.51.100.0/25 reject
           ipv6 route 2001:db8:beef::/48 reject
-
           router bgp 64496
             no bgp ebgp-requires-policy
             no bgp default ipv4-unicast
@@ -184,59 +183,100 @@
           ];
         };
       };
-      services.gobgpd = {
-        enable = true;
-        settings = {
-          global.config = {
-            as = 64498;
-            router-id = "192.0.2.3";
+      users = {
+        groups.gobgpd = { };
+        users.gobgpd = {
+          description = "GoBGP Daemon User";
+          isSystemUser = true;
+          group = "gobgpd";
+        };
+      };
+      systemd = {
+        services = {
+          frr.postStart = "${pkgs.acl}/bin/setfacl -m u:gobgpd:rwx /run/frr/zserv.api";
+          gobgpd = {
+            after = [ "frr.service" ];
+            serviceConfig = {
+              DynamicUser = lib.mkForce false;
+              User = "gobgpd";
+              Group = "gobgpd";
+            };
           };
-          neighbors = [
-            {
-              config = {
-                neighbor-address = "192.0.2.1";
-                peer-as = 64496;
-              };
-              afi-safis = [
-                {
-                  config.afi-safi-name = "ipv4-unicast";
-                }
-              ];
-            }
-            {
-              config = {
-                neighbor-address = "192.0.2.2";
-                peer-as = 64497;
-              };
-              afi-safis = [
-                {
-                  config.afi-safi-name = "ipv4-unicast";
-                }
-              ];
-            }
-            {
-              config = {
-                neighbor-address = "2001:db8::1";
-                peer-as = 64496;
-              };
-              afi-safis = [
-                {
-                  config.afi-safi-name = "ipv6-unicast";
-                }
-              ];
-            }
-            {
-              config = {
-                neighbor-address = "2001:db8::2";
-                peer-as = 64497;
-              };
-              afi-safis = [
-                {
-                  config.afi-safi-name = "ipv6-unicast";
-                }
+        };
+      };
+      services = {
+        # any frr service will do, we just need the zebra socket
+        # a upstream module modification to frr would be better
+        frr.sharpd.enable = true;
+        gobgpd = {
+          enable = true;
+          settings = {
+            global.config = {
+              as = 64498;
+              router-id = "192.0.2.3";
+            };
+            global.apply-policy.config = {
+              default-import-policy = "accept-route";
+              default-export-policy = "accept-route";
+            };
+            zebra.config = {
+              enabled = true;
+              software-name = "frr10.3";
+              version = 6;
+              url = "unix:/run/frr/zserv.api";
+              redistribute-route-type-list = [
+                "kernel"
+                "directly-connected"
+                "static"
               ];
-            }
-          ];
+            };
+            neighbors = [
+              {
+                config = {
+                  neighbor-address = "192.0.2.1";
+                  peer-as = 64496;
+                };
+                afi-safis = [
+                  {
+                    config.afi-safi-name = "ipv4-unicast";
+                  }
+                ];
+              }
+              {
+                config = {
+                  neighbor-address = "192.0.2.2";
+                  peer-as = 64497;
+                };
+                afi-safis = [
+                  {
+                    config.afi-safi-name = "ipv4-unicast";
+                  }
+                ];
+              }
+              {
+                config = {
+                  neighbor-address = "2001:db8::1";
+                  peer-as = 64496;
+                };
+                afi-safis = [
+                  {
+                    config.afi-safi-name = "ipv6-unicast";
+                  }
+                ];
+              }
+              {
+                config = {
+                  neighbor-address = "2001:db8::2";
+                  peer-as = 64497;
+                };
+                afi-safis = [
+                  {
+                    config.afi-safi-name = "ipv6-unicast";
+                  }
+                ];
+              }
+            ];
+          };
         };
       };
     };
@@ -253,33 +293,34 @@
     b.wait_for_unit("bird.service")
     c.wait_for_unit("gobgpd.service")
 
-    a.wait_until_succeeds("vtysh -c 'show bgp ipv4 summary' | grep '192.0.2.2.*1\\s*2\\s*N/A'")
-    a.wait_until_succeeds("vtysh -c 'show bgp ipv4 summary' | grep '192.0.2.3.*1\\s*2\\s*N/A'")
-    b.wait_until_succeeds("birdc show protocols | grep 'a_v4.*Established'")
-    b.wait_until_succeeds("birdc show protocols | grep 'c_v4.*Established'")
-    c.wait_until_succeeds("gobgp neighbor -a 'ipv4' | grep '192.0.2.1.*Establ'")
-    c.wait_until_succeeds("gobgp neighbor -a 'ipv4' | grep '192.0.2.2.*Establ'")
+    with subtest("ensure bgp sessions are established"):
+      a.wait_until_succeeds("vtysh -c 'show bgp ipv4 summary' | grep '192.0.2.2.*1\\s*2\\s*N/A'")
+      a.wait_until_succeeds("vtysh -c 'show bgp ipv4 summary' | grep '192.0.2.3.*1\\s*2\\s*N/A'")
+      b.wait_until_succeeds("birdc show protocols | grep 'a_v4.*Established'")
+      b.wait_until_succeeds("birdc show protocols | grep 'c_v4.*Established'")
+      c.wait_until_succeeds("gobgp neighbor -a 'ipv4' | grep '192.0.2.1.*Establ.*|.*2.*2'")
+      c.wait_until_succeeds("gobgp neighbor -a 'ipv4' | grep '192.0.2.2.*Establ.*|.*2.*2'")
 
-    # IPv6 DAD might need some time to complete for the local link address, which is required by frr
-    a.wait_until_succeeds("vtysh -c 'show bgp ipv6 summary' | grep '2001:db8::2.*1\\s*2\\s*N/A'")
-    a.wait_until_succeeds("vtysh -c 'show bgp ipv6 summary' | grep '2001:db8::3.*1\\s*2\\s*N/A'")
-    b.wait_until_succeeds("birdc show protocols | grep 'a_v6.*Established'")
-    b.wait_until_succeeds("birdc show protocols | grep 'c_v4.*Established'")
-    c.wait_until_succeeds("gobgp neighbor -a 'ipv6' | grep '2001:db8::1.*Establ'")
-    c.wait_until_succeeds("gobgp neighbor -a 'ipv6' | grep '2001:db8::2.*Establ'")
+      # IPv6 DAD might need some time to complete for the local link address, which is required by frr
+      a.wait_until_succeeds("vtysh -c 'show bgp ipv6 summary' | grep '2001:db8::2.*1\\s*2\\s*N/A'")
+      a.wait_until_succeeds("vtysh -c 'show bgp ipv6 summary' | grep '2001:db8::3.*1\\s*2\\s*N/A'")
+      b.wait_until_succeeds("birdc show protocols | grep 'a_v6.*Established'")
+      b.wait_until_succeeds("birdc show protocols | grep 'c_v4.*Established'")
+      c.wait_until_succeeds("gobgp neighbor -a 'ipv6' | grep '2001:db8::1.*Establ.*|.*2.*2'")
+      c.wait_until_succeeds("gobgp neighbor -a 'ipv6' | grep '2001:db8::2.*Establ.*|.*2.*2'")
 
     with subtest("ensure routes have been installed in fib"):
       b.succeed("ip route show | grep 198.51.100.0/25")
-      # c.succeed("ip route show | grep 198.51.100.0/25")
+      c.succeed("ip route show | grep 198.51.100.0/25")
       a.succeed("ip route show | grep 198.51.100.128/25")
-      # c.succeed("ip route show | grep 198.51.100.128/25")
-      # a.succeed("ip route show | grep 203.0.113.0/24")
-      # b.succeed("ip route show | grep 203.0.113.0/24")
+      c.succeed("ip route show | grep 198.51.100.128/25")
+      a.succeed("ip route show | grep 203.0.113.0/24")
+      b.succeed("ip route show | grep 203.0.113.0/24")
       b.succeed("ip -6 route show | grep 2001:db8:beef::/48")
-      # c.succeed("ip -6 route show | grep 2001:db8:beef::/48")
+      c.succeed("ip -6 route show | grep 2001:db8:beef::/48")
       a.succeed("ip -6 route show | grep 2001:db8:c0de::/48")
-      # c.succeed("ip -6 route show | grep 2001:db8:c0de::/48")
-      # a.succeed("ip -6 route show | grep 2001:db8:dead::/48")
-      # b.succeed("ip -6 route show | grep 2001:db8:dead::/48")
+      c.succeed("ip -6 route show | grep 2001:db8:c0de::/48")
+      a.succeed("ip -6 route show | grep 2001:db8:dead::/48")
+      b.succeed("ip -6 route show | grep 2001:db8:dead::/48")
   '';
 }
