tests: Test if RPKI extended community can be disabled between peers

Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>

5 files changed, 66 insertions, 1 deletions

diff --git a/tests/topotests/bgp_rpki_topo1/r2/bgpd.conf b/tests/topotests/bgp_rpki_topo1/r2/bgpd.conf
index 95b1e5bdc..87d721497 100644
--- a/tests/topotests/bgp_rpki_topo1/r2/bgpd.conf
+++ b/tests/topotests/bgp_rpki_topo1/r2/bgpd.conf
@@ -4,6 +4,12 @@ router bgp 65002
  neighbor 192.0.2.1 timers connect 1
  neighbor 192.0.2.1 ebgp-multihop 3
  neighbor 192.0.2.1 update-source 192.0.2.2
+ neighbor 192.168.4.4 remote-as internal
+ neighbor 192.168.4.4 timers 1 3
+ neighbor 192.168.4.4 timers connect 1
+ address-family ipv4 unicast
+  neighbor 192.168.4.4 next-hop-self
+ exit-address-family
 !
 router bgp 65002 vrf vrf10
  no bgp ebgp-requires-policy
diff --git a/tests/topotests/bgp_rpki_topo1/r2/zebra.conf b/tests/topotests/bgp_rpki_topo1/r2/zebra.conf
index d44a8a908..785dbc6ce 100644
--- a/tests/topotests/bgp_rpki_topo1/r2/zebra.conf
+++ b/tests/topotests/bgp_rpki_topo1/r2/zebra.conf
@@ -10,3 +10,6 @@ interface r2-eth0
 interface r2-eth1 vrf vrf10
  ip address 192.168.2.2/24
 !
+interface r2-eth2
+ ip address 192.168.4.2/24
+!
diff --git a/tests/topotests/bgp_rpki_topo1/r4/bgpd.conf b/tests/topotests/bgp_rpki_topo1/r4/bgpd.conf
new file mode 100644
index 000000000..80dc9ca86
--- /dev/null
+++ b/tests/topotests/bgp_rpki_topo1/r4/bgpd.conf
@@ -0,0 +1,6 @@
+router bgp 65002
+ no bgp ebgp-requires-policy
+ neighbor 192.168.4.2 remote-as internal
+ neighbor 192.168.4.2 timers 1 3
+ neighbor 192.168.4.2 timers connect 1
+!
diff --git a/tests/topotests/bgp_rpki_topo1/r4/zebra.conf b/tests/topotests/bgp_rpki_topo1/r4/zebra.conf
new file mode 100644
index 000000000..ed793aeb4
--- /dev/null
+++ b/tests/topotests/bgp_rpki_topo1/r4/zebra.conf
@@ -0,0 +1,4 @@
+!
+interface r4-eth0
+ ip address 192.168.4.4/24
+!
diff --git a/tests/topotests/bgp_rpki_topo1/test_bgp_rpki_topo1.py b/tests/topotests/bgp_rpki_topo1/test_bgp_rpki_topo1.py
index 0416148b2..a12204f24 100644
--- a/tests/topotests/bgp_rpki_topo1/test_bgp_rpki_topo1.py
+++ b/tests/topotests/bgp_rpki_topo1/test_bgp_rpki_topo1.py
@@ -22,7 +22,7 @@ pytestmark = [pytest.mark.bgpd]
 
 
 def build_topo(tgen):
-    for routern in range(1, 4):
+    for routern in range(1, 5):
         tgen.add_router("r{}".format(routern))
 
     switch = tgen.add_switch("s1")
@@ -33,6 +33,10 @@ def build_topo(tgen):
     switch.add_link(tgen.gears["r2"])
     switch.add_link(tgen.gears["r3"])
 
+    switch = tgen.add_switch("s3")
+    switch.add_link(tgen.gears["r2"])
+    switch.add_link(tgen.gears["r4"])
+
 
 def setup_module(mod):
     tgen = Topogen(build_topo, mod.__name__)
@@ -402,6 +406,48 @@ router bgp 65002 vrf vrf10
         assert result is None, "Unexpected prefixes RPKI state on {}".format(rname)
 
 
+def test_bgp_ecommunity_rpki():
+    tgen = get_topogen()
+
+    if tgen.routers_have_failure():
+        pytest.skip(tgen.errors)
+
+    r2 = tgen.gears["r2"]
+    r4 = tgen.gears["r4"]
+
+    # Flush all the states what was before and try sending out the prefixes
+    # with RPKI extended community.
+    r2.vtysh_cmd("clear ip bgp 192.168.4.4 soft out")
+
+    def _bgp_check_ecommunity_rpki(community=None):
+        output = json.loads(r4.vtysh_cmd("show bgp ipv4 unicast 198.51.100.0/24 json"))
+        expected = {
+            "paths": [
+                {
+                    "extendedCommunity": community,
+                }
+            ]
+        }
+        return topotest.json_cmp(output, expected)
+
+    test_func = functools.partial(_bgp_check_ecommunity_rpki, {"string": "OVS:valid"})
+    _, result = topotest.run_and_expect(test_func, None, count=30, wait=1)
+    assert result is None, "Didn't receive RPKI extended community"
+
+    r2.vtysh_cmd(
+        """
+    configure terminal
+     router bgp 65002
+      address-family ipv4 unicast
+       no neighbor 192.168.4.4 send-community extended rpki
+    """
+    )
+
+    test_func = functools.partial(_bgp_check_ecommunity_rpki)
+    _, result = topotest.run_and_expect(test_func, None, count=30, wait=1)
+    assert result is None, "Received RPKI extended community"
+
+
 if __name__ == "__main__":
     args = ["-s"] + sys.argv[1:]
     sys.exit(pytest.main(args))