go.ligato.io/vpp-agent/v3@v3.5.0/tests/e2e/070_ipsec_test.go (about) 1 // Copyright (c) 2020 Cisco and/or its affiliates. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at: 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package e2e 16 17 import ( 18 "context" 19 "testing" 20 21 . "github.com/onsi/gomega" 22 23 "go.ligato.io/vpp-agent/v3/proto/ligato/kvscheduler" 24 vpp_interfaces "go.ligato.io/vpp-agent/v3/proto/ligato/vpp/interfaces" 25 vpp_ipsec "go.ligato.io/vpp-agent/v3/proto/ligato/vpp/ipsec" 26 vpp_l3 "go.ligato.io/vpp-agent/v3/proto/ligato/vpp/l3" 27 . "go.ligato.io/vpp-agent/v3/tests/e2e/e2etest" 28 ) 29 30 func TestIPSec(t *testing.T) { 31 ctx := Setup(t) 32 defer ctx.Teardown() 33 34 const ( 35 msName = "microservice1" 36 tunnelIfName = "ipsec-tunnel" 37 ) 38 39 // configure IPIP tunnel with IPSec tunnel protection 40 41 ipipTun := &vpp_interfaces.Interface{ 42 Name: tunnelIfName, 43 Enabled: true, 44 Type: vpp_interfaces.Interface_IPIP_TUNNEL, 45 46 Link: &vpp_interfaces.Interface_Ipip{ 47 Ipip: &vpp_interfaces.IPIPLink{ 48 DstAddr: "8.8.8.8", 49 SrcAddr: "1.2.3.4", 50 }, 51 }, 52 } 53 saOut := &vpp_ipsec.SecurityAssociation{ 54 Index: 10, 55 Spi: 123, 56 Protocol: vpp_ipsec.SecurityAssociation_ESP, 57 CryptoAlg: vpp_ipsec.CryptoAlg_AES_GCM_128, 58 CryptoKey: "d9a4ec50aed76f1bf80bc915d8fcfe1c", 59 CryptoSalt: 1500, 60 IntegAlg: vpp_ipsec.IntegAlg_SHA1_96, 61 IntegKey: "bf9b150aaf5c2a87d79898b11eabd055e70abdbe", 62 EnableUdpEncap: true, 63 TunnelSrcPort: 4500, 64 TunnelDstPort: 8777, 65 } 66 saIn := &vpp_ipsec.SecurityAssociation{ 67 Index: 20, 68 Spi: 456, 69 Protocol: vpp_ipsec.SecurityAssociation_ESP, 70 CryptoAlg: vpp_ipsec.CryptoAlg_AES_GCM_128, 71 CryptoKey: "d9a4ec50aed76f1bf80bc915d8fcfe1c", 72 CryptoSalt: 8900, 73 IntegAlg: vpp_ipsec.IntegAlg_SHA1_96, 74 IntegKey: "bf9b150aaf5c2a87d79898b11eabd055e70abdbe", 75 EnableUdpEncap: true, 76 TunnelSrcPort: 8777, 77 TunnelDstPort: 4500, 78 } 79 spOut := &vpp_ipsec.SecurityPolicy{ 80 SpdIndex: 100, 81 SaIndex: 10, 82 Priority: 0, 83 IsOutbound: true, 84 RemoteAddrStart: "10.10.1.1", 85 RemoteAddrStop: "10.10.1.255", 86 LocalAddrStart: "10.10.2.1", 87 LocalAddrStop: "10.10.2.255", 88 Protocol: 0, 89 RemotePortStart: 100, 90 RemotePortStop: 2000, 91 LocalPortStart: 0, 92 LocalPortStop: 65535, 93 Action: vpp_ipsec.SecurityPolicy_PROTECT, 94 } 95 spIn := &vpp_ipsec.SecurityPolicy{ 96 SpdIndex: 100, 97 SaIndex: 20, 98 Priority: 0, 99 IsOutbound: false, 100 RemoteAddrStart: "10.10.1.1", 101 RemoteAddrStop: "10.10.1.255", 102 LocalAddrStart: "10.10.2.1", 103 LocalAddrStop: "10.10.2.255", 104 Protocol: 0, 105 RemotePortStart: 0, 106 RemotePortStop: 65535, 107 LocalPortStart: 0, 108 LocalPortStop: 65535, 109 Action: vpp_ipsec.SecurityPolicy_PROTECT, 110 } 111 spd := &vpp_ipsec.SecurityPolicyDatabase{ 112 Index: 100, 113 Interfaces: []*vpp_ipsec.SecurityPolicyDatabase_Interface{ 114 { 115 Name: tunnelIfName, 116 }, 117 }, 118 } 119 tp := &vpp_ipsec.TunnelProtection{ 120 Interface: tunnelIfName, 121 SaOut: []uint32{saOut.Index}, 122 SaIn: []uint32{saIn.Index}, 123 } 124 125 ctx.StartMicroservice(msName) 126 req := ctx.GenericClient().ChangeRequest() 127 err := req.Update( 128 ipipTun, 129 saOut, 130 saIn, 131 tp, 132 spd, 133 spIn, 134 spOut, 135 ).Send(context.Background()) 136 ctx.Expect(err).ToNot(HaveOccurred(), "Sending change request failed with err") 137 138 ctx.Eventually(ctx.GetValueStateClb(ipipTun)).Should(Equal(kvscheduler.ValueState_CONFIGURED), 139 "IPIP tunnel is not configured") 140 ctx.Eventually(ctx.GetValueStateClb(saOut)).Should(Equal(kvscheduler.ValueState_CONFIGURED), 141 "OUT SA is not configured") 142 ctx.Eventually(ctx.GetValueStateClb(saIn)).Should(Equal(kvscheduler.ValueState_CONFIGURED), 143 "IN SA is not configured") 144 ctx.Eventually(ctx.GetValueStateClb(tp)).Should(Equal(kvscheduler.ValueState_CONFIGURED), 145 "tunnel protection is not configured") 146 ctx.Eventually(ctx.GetValueStateClb(spd)).Should(Equal(kvscheduler.ValueState_CONFIGURED), 147 "SPD is not configured") 148 ctx.Eventually(ctx.GetValueStateClb(spIn)).Should(Equal(kvscheduler.ValueState_CONFIGURED), 149 "IN SP is not configured") 150 ctx.Eventually(ctx.GetValueStateClb(spOut)).Should(Equal(kvscheduler.ValueState_CONFIGURED), 151 "OUT SP is not configured") 152 153 if ctx.VppRelease() >= "20.05" { 154 ctx.Expect(ctx.AgentInSync()).To(BeTrue()) 155 } 156 157 // rekey - delete old SAs, create new SAs and modify tunnel protection 158 159 saOutNew := &vpp_ipsec.SecurityAssociation{ 160 Index: 11, 161 Spi: 888, 162 Protocol: vpp_ipsec.SecurityAssociation_ESP, 163 CryptoAlg: vpp_ipsec.CryptoAlg_AES_CBC_128, 164 CryptoKey: "a9a4ec50aed76f1bf80bc915d8fcfe1d", 165 IntegAlg: vpp_ipsec.IntegAlg_SHA1_96, 166 IntegKey: "cf9b150aaf5c2a87d79898b11eabd055e70abdbf", 167 EnableUdpEncap: true, 168 } 169 saInNew := &vpp_ipsec.SecurityAssociation{ 170 Index: 21, 171 Spi: 999, 172 Protocol: vpp_ipsec.SecurityAssociation_ESP, 173 CryptoAlg: vpp_ipsec.CryptoAlg_AES_CBC_128, 174 CryptoKey: "a9a4ec50aed76f1bf80bc915d8fcfe1d", 175 IntegAlg: vpp_ipsec.IntegAlg_SHA1_96, 176 IntegKey: "cf9b150aaf5c2a87d79898b11eabd055e70abdbf", 177 EnableUdpEncap: true, 178 } 179 tpNew := &vpp_ipsec.TunnelProtection{ 180 Interface: tunnelIfName, 181 SaOut: []uint32{saOutNew.Index}, 182 SaIn: []uint32{saInNew.Index}, 183 } 184 spOutNew := &vpp_ipsec.SecurityPolicy{ 185 SpdIndex: 100, 186 SaIndex: 11, 187 Priority: 0, 188 IsOutbound: true, 189 RemoteAddrStart: "10.10.1.1", 190 RemoteAddrStop: "10.10.1.255", 191 LocalAddrStart: "10.10.2.1", 192 LocalAddrStop: "10.10.2.255", 193 Protocol: 0, 194 RemotePortStart: 0, 195 RemotePortStop: 65535, 196 LocalPortStart: 0, 197 LocalPortStop: 65535, 198 Action: vpp_ipsec.SecurityPolicy_PROTECT, 199 } 200 spInNew := &vpp_ipsec.SecurityPolicy{ 201 SpdIndex: 100, 202 SaIndex: 21, 203 Priority: 0, 204 IsOutbound: false, 205 RemoteAddrStart: "10.10.1.1", 206 RemoteAddrStop: "10.10.1.255", 207 LocalAddrStart: "10.10.2.1", 208 LocalAddrStop: "10.10.2.255", 209 Protocol: 0, 210 RemotePortStart: 0, 211 RemotePortStop: 65535, 212 LocalPortStart: 0, 213 LocalPortStop: 65535, 214 Action: vpp_ipsec.SecurityPolicy_PROTECT, 215 } 216 217 req2 := ctx.GenericClient().ChangeRequest() 218 err = req2. 219 Delete( 220 saOut, 221 saIn, 222 spOut, 223 spIn). 224 Update( 225 saOutNew, 226 saInNew, 227 spOutNew, 228 spInNew, 229 tpNew, 230 ).Send(context.Background()) 231 ctx.Expect(err).ToNot(HaveOccurred(), "Sending change request failed with err") 232 233 ctx.Eventually(ctx.GetValueStateClb(saOut)).Should(Equal(kvscheduler.ValueState_NONEXISTENT), 234 "old OUT SA was not removed") 235 ctx.Eventually(ctx.GetValueStateClb(saIn)).Should(Equal(kvscheduler.ValueState_NONEXISTENT), 236 "old IN SA was not removed") 237 ctx.Eventually(ctx.GetValueStateClb(saOutNew)).Should(Equal(kvscheduler.ValueState_CONFIGURED), 238 "OUT SA is not configured") 239 ctx.Eventually(ctx.GetValueStateClb(saInNew)).Should(Equal(kvscheduler.ValueState_CONFIGURED), 240 "IN SA is not configured") 241 ctx.Eventually(ctx.GetValueStateClb(tpNew)).Should(Equal(kvscheduler.ValueState_CONFIGURED), 242 "tunnel protection is not configured") 243 ctx.Eventually(ctx.GetValueStateClb(spOut)).Should(Equal(kvscheduler.ValueState_NONEXISTENT), 244 "old OUT SP was not removed") 245 ctx.Eventually(ctx.GetValueStateClb(spIn)).Should(Equal(kvscheduler.ValueState_NONEXISTENT), 246 "old IN SP was not removed") 247 ctx.Eventually(ctx.GetValueStateClb(spOutNew)).Should(Equal(kvscheduler.ValueState_CONFIGURED), 248 "OUT SP is not configured") 249 ctx.Eventually(ctx.GetValueStateClb(spInNew)).Should(Equal(kvscheduler.ValueState_CONFIGURED), 250 "IN SP is not configured") 251 252 if ctx.VppRelease() >= "20.05" { 253 ctx.Expect(ctx.AgentInSync()).To(BeTrue()) 254 } 255 256 // delete the tunnel 257 258 req3 := ctx.GenericClient().ChangeRequest() 259 err = req3.Delete( 260 saOutNew, 261 saInNew, 262 tpNew, 263 ipipTun, 264 spInNew, 265 spOutNew, 266 spd, 267 ).Send(context.Background()) 268 ctx.Expect(err).ToNot(HaveOccurred(), "Sending change request failed with err") 269 270 ctx.Eventually(ctx.GetValueStateClb(saOutNew)).Should(Equal(kvscheduler.ValueState_NONEXISTENT), 271 "OUT SA was not removed") 272 ctx.Eventually(ctx.GetValueStateClb(saInNew)).Should(Equal(kvscheduler.ValueState_NONEXISTENT), 273 "IN SA was not removed") 274 ctx.Eventually(ctx.GetValueStateClb(spOutNew)).Should(Equal(kvscheduler.ValueState_NONEXISTENT), 275 "OUT SP was not removed") 276 ctx.Eventually(ctx.GetValueStateClb(spInNew)).Should(Equal(kvscheduler.ValueState_NONEXISTENT), 277 "IN SP was not removed") 278 ctx.Eventually(ctx.GetValueStateClb(spd)).Should(Equal(kvscheduler.ValueState_NONEXISTENT), 279 "SPD was not removed") 280 ctx.Eventually(ctx.GetValueStateClb(tpNew)).Should(Equal(kvscheduler.ValueState_NONEXISTENT), 281 "tunnel protection was not removed") 282 ctx.Eventually(ctx.GetValueStateClb(ipipTun)).Should(Equal(kvscheduler.ValueState_NONEXISTENT), 283 "IPIP tunnel was not removed") 284 285 if ctx.VppRelease() >= "20.05" { 286 ctx.Expect(ctx.AgentInSync()).To(BeTrue()) 287 } 288 } 289 290 func TestIPSecMultiPoint(t *testing.T) { 291 ctx := Setup(t) 292 defer ctx.Teardown() 293 294 if ctx.VppRelease() < "20.05" { 295 t.Skipf("IPSec MP: skipped for VPP < 20.05 (%s)", ctx.VppRelease()) 296 } 297 298 const ( 299 msName = "microservice1" 300 tunnelIfName = "ipsec-tunnel" 301 ) 302 303 ipipTun := &vpp_interfaces.Interface{ 304 Name: tunnelIfName, 305 Enabled: true, 306 Type: vpp_interfaces.Interface_IPIP_TUNNEL, 307 308 Link: &vpp_interfaces.Interface_Ipip{ 309 Ipip: &vpp_interfaces.IPIPLink{ 310 SrcAddr: "1.2.3.4", 311 TunnelMode: vpp_interfaces.IPIPLink_POINT_TO_MULTIPOINT, 312 }, 313 }, 314 IpAddresses: []string{"192.168.0.1/24"}, 315 } 316 saOut1 := &vpp_ipsec.SecurityAssociation{ 317 Index: 10, 318 Spi: 123, 319 Protocol: vpp_ipsec.SecurityAssociation_ESP, 320 CryptoAlg: vpp_ipsec.CryptoAlg_AES_CBC_128, 321 CryptoKey: "d9a4ec50aed76f1bf80bc915d8fcfe1c", 322 IntegAlg: vpp_ipsec.IntegAlg_SHA1_96, 323 IntegKey: "bf9b150aaf5c2a87d79898b11eabd055e70abdbe", 324 EnableUdpEncap: true, 325 } 326 saIn1 := &vpp_ipsec.SecurityAssociation{ 327 Index: 20, 328 Spi: 456, 329 Protocol: vpp_ipsec.SecurityAssociation_ESP, 330 CryptoAlg: vpp_ipsec.CryptoAlg_AES_CBC_128, 331 CryptoKey: "d9a4ec50aed76f1bf80bc915d8fcfe1c", 332 IntegAlg: vpp_ipsec.IntegAlg_SHA1_96, 333 IntegKey: "bf9b150aaf5c2a87d79898b11eabd055e70abdbe", 334 EnableUdpEncap: true, 335 } 336 saOut2 := &vpp_ipsec.SecurityAssociation{ 337 Index: 30, 338 Spi: 789, 339 Protocol: vpp_ipsec.SecurityAssociation_ESP, 340 CryptoAlg: vpp_ipsec.CryptoAlg_AES_CBC_128, 341 CryptoKey: "d9a4ec50aed76f1bf80bc915d8fcfe1c", 342 IntegAlg: vpp_ipsec.IntegAlg_SHA1_96, 343 IntegKey: "bf9b150aaf5c2a87d79898b11eabd055e70abdbe", 344 EnableUdpEncap: true, 345 } 346 saIn2 := &vpp_ipsec.SecurityAssociation{ 347 Index: 40, 348 Spi: 111, 349 Protocol: vpp_ipsec.SecurityAssociation_ESP, 350 CryptoAlg: vpp_ipsec.CryptoAlg_AES_CBC_128, 351 CryptoKey: "d9a4ec50aed76f1bf80bc915d8fcfe1c", 352 IntegAlg: vpp_ipsec.IntegAlg_SHA1_96, 353 IntegKey: "bf9b150aaf5c2a87d79898b11eabd055e70abdbe", 354 EnableUdpEncap: true, 355 } 356 tp1 := &vpp_ipsec.TunnelProtection{ 357 Interface: tunnelIfName, 358 SaOut: []uint32{saOut1.Index}, 359 SaIn: []uint32{saIn1.Index}, 360 NextHopAddr: "192.168.0.2", 361 } 362 tp2 := &vpp_ipsec.TunnelProtection{ 363 Interface: tunnelIfName, 364 SaOut: []uint32{saOut2.Index}, 365 SaIn: []uint32{saIn2.Index}, 366 NextHopAddr: "192.168.0.3", 367 } 368 teib1 := &vpp_l3.TeibEntry{ 369 Interface: tunnelIfName, 370 PeerAddr: tp1.NextHopAddr, 371 NextHopAddr: "8.8.8.8", 372 } 373 teib2 := &vpp_l3.TeibEntry{ 374 Interface: tunnelIfName, 375 PeerAddr: tp2.NextHopAddr, 376 NextHopAddr: "8.8.8.9", 377 } 378 spOut1 := &vpp_ipsec.SecurityPolicy{ 379 SpdIndex: 100, 380 SaIndex: 10, 381 Priority: 0, 382 IsOutbound: true, 383 RemoteAddrStart: "10.10.1.1", 384 RemoteAddrStop: "10.10.1.255", 385 LocalAddrStart: "10.10.2.1", 386 LocalAddrStop: "10.10.2.255", 387 Protocol: 0, 388 RemotePortStart: 0, 389 RemotePortStop: 65535, 390 LocalPortStart: 0, 391 LocalPortStop: 65535, 392 Action: vpp_ipsec.SecurityPolicy_PROTECT, 393 } 394 spIn1 := &vpp_ipsec.SecurityPolicy{ 395 SpdIndex: 100, 396 SaIndex: 20, 397 Priority: 0, 398 IsOutbound: false, 399 RemoteAddrStart: "10.10.1.1", 400 RemoteAddrStop: "10.10.1.255", 401 LocalAddrStart: "10.10.2.1", 402 LocalAddrStop: "10.10.2.255", 403 Protocol: 0, 404 RemotePortStart: 0, 405 RemotePortStop: 65535, 406 LocalPortStart: 0, 407 LocalPortStop: 65535, 408 Action: vpp_ipsec.SecurityPolicy_PROTECT, 409 } 410 spOut2 := &vpp_ipsec.SecurityPolicy{ 411 SpdIndex: 100, 412 SaIndex: 30, 413 Priority: 0, 414 IsOutbound: true, 415 RemoteAddrStart: "10.20.1.1", 416 RemoteAddrStop: "10.20.1.255", 417 LocalAddrStart: "10.20.2.1", 418 LocalAddrStop: "10.20.2.255", 419 Protocol: 0, 420 RemotePortStart: 0, 421 RemotePortStop: 65535, 422 LocalPortStart: 0, 423 LocalPortStop: 65535, 424 Action: vpp_ipsec.SecurityPolicy_PROTECT, 425 } 426 spIn2 := &vpp_ipsec.SecurityPolicy{ 427 SpdIndex: 100, 428 SaIndex: 40, 429 Priority: 0, 430 IsOutbound: false, 431 RemoteAddrStart: "10.20.1.1", 432 RemoteAddrStop: "10.20.1.255", 433 LocalAddrStart: "10.20.2.1", 434 LocalAddrStop: "10.20.2.255", 435 Protocol: 0, 436 RemotePortStart: 0, 437 RemotePortStop: 65535, 438 LocalPortStart: 0, 439 LocalPortStop: 65535, 440 Action: vpp_ipsec.SecurityPolicy_PROTECT, 441 } 442 spd := &vpp_ipsec.SecurityPolicyDatabase{ 443 Index: 100, 444 Interfaces: []*vpp_ipsec.SecurityPolicyDatabase_Interface{ 445 { 446 Name: tunnelIfName, 447 }, 448 }, 449 } 450 451 ctx.StartMicroservice(msName) 452 req := ctx.GenericClient().ChangeRequest() 453 err := req.Update( 454 ipipTun, 455 saOut1, saIn1, saOut2, saIn2, 456 spOut1, spIn1, spOut2, spIn2, spd, 457 tp1, tp2, 458 teib1, teib2, 459 ).Send(context.Background()) 460 ctx.Expect(err).ToNot(HaveOccurred(), "Sending change request failed with err") 461 462 ctx.Eventually(ctx.GetValueStateClb(ipipTun)).Should(Equal(kvscheduler.ValueState_CONFIGURED), 463 "IPIP tunnel is not configured") 464 ctx.Eventually(ctx.GetValueStateClb(saOut1)).Should(Equal(kvscheduler.ValueState_CONFIGURED), 465 "OUT SA 1 is not configured") 466 ctx.Eventually(ctx.GetValueStateClb(saIn1)).Should(Equal(kvscheduler.ValueState_CONFIGURED), 467 "IN SA 1 is not configured") 468 ctx.Eventually(ctx.GetValueStateClb(saOut2)).Should(Equal(kvscheduler.ValueState_CONFIGURED), 469 "OUT SA 2 is not configured") 470 ctx.Eventually(ctx.GetValueStateClb(saIn2)).Should(Equal(kvscheduler.ValueState_CONFIGURED), 471 "IN SA 2 is not configured") 472 ctx.Eventually(ctx.GetValueStateClb(tp1)).Should(Equal(kvscheduler.ValueState_CONFIGURED), 473 "tunnel protection 1 is not configured") 474 ctx.Eventually(ctx.GetValueStateClb(tp2)).Should(Equal(kvscheduler.ValueState_CONFIGURED), 475 "tunnel protection 2 is not configured") 476 ctx.Eventually(ctx.GetValueStateClb(teib1)).Should(Equal(kvscheduler.ValueState_CONFIGURED), 477 "TEIB 1 is not configured") 478 ctx.Eventually(ctx.GetValueStateClb(teib2)).Should(Equal(kvscheduler.ValueState_CONFIGURED), 479 "TEIB 2 is not configured") 480 ctx.Eventually(ctx.GetValueStateClb(spOut1)).Should(Equal(kvscheduler.ValueState_CONFIGURED), 481 "OUT SP 1 is not configured") 482 ctx.Eventually(ctx.GetValueStateClb(spIn1)).Should(Equal(kvscheduler.ValueState_CONFIGURED), 483 "IN SP 1 is not configured") 484 ctx.Eventually(ctx.GetValueStateClb(spOut2)).Should(Equal(kvscheduler.ValueState_CONFIGURED), 485 "OUT SP 2 is not configured") 486 ctx.Eventually(ctx.GetValueStateClb(spIn2)).Should(Equal(kvscheduler.ValueState_CONFIGURED), 487 "IN SP 2 is not configured") 488 ctx.Eventually(ctx.GetValueStateClb(spd)).Should(Equal(kvscheduler.ValueState_CONFIGURED), 489 "SPD is not configured") 490 491 if ctx.VppRelease() >= "20.05" { 492 ctx.Expect(ctx.AgentInSync()).To(BeTrue()) 493 } 494 495 req3 := ctx.GenericClient().ChangeRequest() 496 err = req3.Delete( 497 ipipTun, 498 saOut1, saIn1, saOut2, saIn2, 499 spOut1, spIn1, spOut2, spIn2, spd, 500 tp1, tp2, 501 teib1, teib2, 502 ).Send(context.Background()) 503 ctx.Expect(err).ToNot(HaveOccurred(), "Sending change request failed with err") 504 505 ctx.Eventually(ctx.GetValueStateClb(teib1)).Should(Equal(kvscheduler.ValueState_NONEXISTENT), 506 "TEIB 1 was not removed") 507 ctx.Eventually(ctx.GetValueStateClb(teib2)).Should(Equal(kvscheduler.ValueState_NONEXISTENT), 508 "TEIB 2 was not removed") 509 ctx.Eventually(ctx.GetValueStateClb(saOut1)).Should(Equal(kvscheduler.ValueState_NONEXISTENT), 510 "OUT SA 1 was not removed") 511 ctx.Eventually(ctx.GetValueStateClb(saIn1)).Should(Equal(kvscheduler.ValueState_NONEXISTENT), 512 "IN SA 1 was not removed") 513 ctx.Eventually(ctx.GetValueStateClb(saOut2)).Should(Equal(kvscheduler.ValueState_NONEXISTENT), 514 "OUT SA 2 was not removed") 515 ctx.Eventually(ctx.GetValueStateClb(saIn2)).Should(Equal(kvscheduler.ValueState_NONEXISTENT), 516 "IN SA 2 was not removed") 517 ctx.Eventually(ctx.GetValueStateClb(tp2)).Should(Equal(kvscheduler.ValueState_NONEXISTENT), 518 "tunnel protection 2 was not removed") 519 ctx.Eventually(ctx.GetValueStateClb(tp1)).Should(Equal(kvscheduler.ValueState_NONEXISTENT), 520 "tunnel protection 1 was not removed") 521 ctx.Eventually(ctx.GetValueStateClb(ipipTun)).Should(Equal(kvscheduler.ValueState_NONEXISTENT), 522 "IPIP tunnel was not removed") 523 ctx.Eventually(ctx.GetValueStateClb(spOut1)).Should(Equal(kvscheduler.ValueState_NONEXISTENT), 524 "OUT SP 1 was not removed") 525 ctx.Eventually(ctx.GetValueStateClb(spIn1)).Should(Equal(kvscheduler.ValueState_NONEXISTENT), 526 "IN SP 1 was not removed") 527 ctx.Eventually(ctx.GetValueStateClb(spOut2)).Should(Equal(kvscheduler.ValueState_NONEXISTENT), 528 "OUT SP 2 was not removed") 529 ctx.Eventually(ctx.GetValueStateClb(spIn2)).Should(Equal(kvscheduler.ValueState_NONEXISTENT), 530 "IN SP 2 was not removed") 531 532 if ctx.VppRelease() >= "20.05" { 533 ctx.Expect(ctx.AgentInSync()).To(BeTrue()) 534 } 535 }