From 929591cdb0463570efe2bea28c8dc1709cd56319 Mon Sep 17 00:00:00 2001
From: Donatas Abraitis <donatas@opensourcerouting.org>
Date: Wed, 8 Jan 2025 19:22:27 +0200
Subject: [PATCH] tests: Check if allowas-in works when importing between local
 VRFs

Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
---
 .../__init__.py                               |   0
 .../r1/frr.conf                               |  35 +++++
 .../r2/frr.conf                               |  48 ++++++
 ...bgp_vpnv4_import_allowas_in_between_vrf.py | 142 ++++++++++++++++++
 4 files changed, 225 insertions(+)
 create mode 100644 tests/topotests/bgp_vpnv4_import_allowas_in_between_vrf/__init__.py
 create mode 100644 tests/topotests/bgp_vpnv4_import_allowas_in_between_vrf/r1/frr.conf
 create mode 100644 tests/topotests/bgp_vpnv4_import_allowas_in_between_vrf/r2/frr.conf
 create mode 100644 tests/topotests/bgp_vpnv4_import_allowas_in_between_vrf/test_bgp_vpnv4_import_allowas_in_between_vrf.py

diff --git a/tests/topotests/bgp_vpnv4_import_allowas_in_between_vrf/__init__.py b/tests/topotests/bgp_vpnv4_import_allowas_in_between_vrf/__init__.py
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/tests/topotests/bgp_vpnv4_import_allowas_in_between_vrf/r1/frr.conf b/tests/topotests/bgp_vpnv4_import_allowas_in_between_vrf/r1/frr.conf
new file mode 100644
index 000000000000..428b1d992f5d
--- /dev/null
+++ b/tests/topotests/bgp_vpnv4_import_allowas_in_between_vrf/r1/frr.conf
@@ -0,0 +1,35 @@
+!
+interface r1-eth0
+ ip address 192.168.179.4/24
+exit
+!
+router bgp 65001
+!
+router bgp 65001 vrf CUSTOMER-A
+ bgp router-id 192.168.179.4
+ no bgp ebgp-requires-policy
+ no bgp network import-check
+ neighbor 192.168.179.5 remote-as external
+!
+ address-family ipv4 unicast
+  neighbor 192.168.179.5 next-hop-self
+  neighbor 192.168.179.5 allowas-in 10
+  label vpn export auto
+  rd vpn export 100:1
+  rt vpn both 100:1 100:2
+  export vpn
+  import vpn
+ exit-address-family
+!
+router bgp 65001 vrf CUSTOMER-B
+ bgp router-id 192.168.0.1
+ no bgp ebgp-requires-policy
+ no bgp network import-check
+!
+ address-family ipv4 unicast
+  label vpn export auto
+  rd vpn export 100:2
+  rt vpn import 100:1 100:2
+  export vpn
+  import vpn
+ exit-address-family
diff --git a/tests/topotests/bgp_vpnv4_import_allowas_in_between_vrf/r2/frr.conf b/tests/topotests/bgp_vpnv4_import_allowas_in_between_vrf/r2/frr.conf
new file mode 100644
index 000000000000..58e63d6cf0c9
--- /dev/null
+++ b/tests/topotests/bgp_vpnv4_import_allowas_in_between_vrf/r2/frr.conf
@@ -0,0 +1,48 @@
+!
+interface lo
+ ip address 10.10.10.10/32
+!
+interface r2-eth0
+ ip address 192.168.179.5/24
+exit
+!
+interface r2-eth1
+ ip address 192.168.2.2/24
+exit
+!
+router bgp 65002
+!
+router bgp 65002 vrf CUSTOMER-A
+ bgp router-id 192.168.179.5
+ no bgp ebgp-requires-policy
+ no bgp network import-check
+ neighbor 192.168.179.4 remote-as external
+!
+ address-family ipv4 unicast
+  neighbor 192.168.179.4 next-hop-self
+  neighbor 192.168.179.4 route-map r1 out
+  label vpn export auto
+  rd vpn export 100:1
+  rt vpn import 100:1 100:2
+  export vpn
+  import vpn
+ exit-address-family
+!
+router bgp 65002 vrf CUSTOMER-B
+ bgp router-id 192.168.0.2
+ no bgp ebgp-requires-policy
+ no bgp network import-check
+!
+ address-family ipv4 unicast
+  redistribute connected
+  network 10.10.10.10/32
+  label vpn export auto
+  rd vpn export 100:2
+  rt vpn both 100:2
+  export vpn
+  import vpn
+ exit-address-family
+!
+route-map r1 permit 10
+ set as-path prepend 65001
+!
diff --git a/tests/topotests/bgp_vpnv4_import_allowas_in_between_vrf/test_bgp_vpnv4_import_allowas_in_between_vrf.py b/tests/topotests/bgp_vpnv4_import_allowas_in_between_vrf/test_bgp_vpnv4_import_allowas_in_between_vrf.py
new file mode 100644
index 000000000000..23325c7a17d5
--- /dev/null
+++ b/tests/topotests/bgp_vpnv4_import_allowas_in_between_vrf/test_bgp_vpnv4_import_allowas_in_between_vrf.py
@@ -0,0 +1,142 @@
+#!/usr/bin/env python
+# SPDX-License-Identifier: ISC
+
+#
+# Copyright (c) 2024 by
+# Donatas Abraitis <donatas@opensourcerouting.org>
+#
+
+import os
+import sys
+import json
+import pytest
+import functools
+
+CWD = os.path.dirname(os.path.realpath(__file__))
+sys.path.append(os.path.join(CWD, "../"))
+
+# pylint: disable=C0413
+from lib import topotest
+from lib.topogen import Topogen, get_topogen
+
+pytestmark = [pytest.mark.bgpd]
+
+
+def build_topo(tgen):
+    tgen.add_router("r1")
+    tgen.add_router("r2")
+
+    switch = tgen.add_switch("s1")
+    switch.add_link(tgen.gears["r1"])
+    switch.add_link(tgen.gears["r2"])
+
+    switch = tgen.add_switch("s2")
+    switch.add_link(tgen.gears["r1"])
+
+    switch = tgen.add_switch("s3")
+    switch.add_link(tgen.gears["r2"])
+
+
+def setup_module(mod):
+    tgen = Topogen(build_topo, mod.__name__)
+    tgen.start_topology()
+
+    r1 = tgen.gears["r1"]
+    r2 = tgen.gears["r2"]
+
+    r1.run("ip link add CUSTOMER-A type vrf table 1001")
+    r1.run("ip link set up dev CUSTOMER-A")
+    r1.run("ip link set r1-eth0 master CUSTOMER-A")
+
+    r1.run("ip link add CUSTOMER-B type vrf table 1002")
+    r1.run("ip link set up dev CUSTOMER-B")
+    r1.run("ip link set r1-eth1 master CUSTOMER-B")
+
+    r2.run("ip link add CUSTOMER-A type vrf table 1001")
+    r2.run("ip link set up dev CUSTOMER-A")
+    r2.run("ip link set r2-eth0 master CUSTOMER-A")
+
+    r2.run("ip link add CUSTOMER-B type vrf table 1002")
+    r2.run("ip link set up dev CUSTOMER-B")
+    r2.run("ip link set r2-eth1 master CUSTOMER-B")
+
+    router_list = tgen.routers()
+
+    for _, (rname, router) in enumerate(router_list.items(), 1):
+        router.load_frr_config(os.path.join(CWD, "{}/frr.conf".format(rname)))
+
+    tgen.start_router()
+
+
+def teardown_module(mod):
+    tgen = get_topogen()
+    tgen.stop_topology()
+
+
+def test_bgp_vpnv4_import_allowas_in_between_vrf():
+    tgen = get_topogen()
+
+    if tgen.routers_have_failure():
+        pytest.skip(tgen.errors)
+
+    r1 = tgen.gears["r1"]
+
+    def _bgp_converge():
+        output = json.loads(
+            r1.vtysh_cmd("show bgp vrf CUSTOMER-A ipv4 unicast 10.10.10.10/32 json")
+        )
+        expected = {
+            "paths": [
+                {
+                    "aspath": {
+                        "string": "65002 65001",
+                    },
+                    "valid": True,
+                }
+            ]
+        }
+        return topotest.json_cmp(output, expected)
+
+    test_func = functools.partial(_bgp_converge)
+    _, result = topotest.run_and_expect(test_func, None, count=30, wait=1)
+    assert result is None, "Failed to see 10.10.10.10/32 with a valid next-hop"
+
+    def _vrf_route_imported_to_vrf():
+        output = json.loads(
+            r1.vtysh_cmd("show ip route vrf CUSTOMER-B 10.10.10.10/32 json")
+        )
+        expected = {
+            "10.10.10.10/32": [
+                {
+                    "protocol": "bgp",
+                    "vrfName": "CUSTOMER-B",
+                    "selected": True,
+                    "installed": True,
+                    "table": 1002,
+                    "internalNextHopNum": 1,
+                    "internalNextHopActiveNum": 1,
+                    "nexthops": [
+                        {
+                            "fib": True,
+                            "ip": "192.168.179.5",
+                            "afi": "ipv4",
+                            "interfaceName": "r1-eth0",
+                            "vrf": "CUSTOMER-A",
+                            "active": True,
+                        }
+                    ],
+                }
+            ]
+        }
+        return topotest.json_cmp(output, expected)
+
+    test_func = functools.partial(_vrf_route_imported_to_vrf)
+    _, result = topotest.run_and_expect(test_func, None, count=30, wait=1)
+    assert (
+        result is None
+    ), "Failed to see 10.10.10.10/32 to be imported into CUSTOMER-B VRF (Zebra)"
+
+
+if __name__ == "__main__":
+    args = ["-s"] + sys.argv[1:]
+    sys.exit(pytest.main(args))