On 30 Oct 2024, at 14:50, Ilya Maximets wrote:
> Add a test to check establishment of IPsec connections among multiple > nodes and check the reconciliation logic along the way. > > The test: > - Creates 20 network namespaces. > - Starts Libreswan, OVS and ovs-monitor-ipsec in each of them. > - Adds a geneve tunnel from each namespace to every other namespace. > - Checks that each namespace has all the IPsec connections loaded. > - Removes a few connections manually. > - Checks that these connections are added back. > > Unfortunately, many widely used versions of Libreswan have issues > of pluto crashing frequently. For that reason the test is trying > to bring pluto back online once it finds a dead one. > > Also, since retransmit-timeout is 60 seconds and our command timeout > is 120, we can't actually use the OVS_WAIT_UNTIL macro most of the > time, so the checks are done in the custom loop that waits up to > 300 seconds. > > Signed-off-by: Ilya Maximets <[email protected]> This looks good to me. What a “mess” to get this to work ;) Acked-by: Eelco Chaudron <[email protected]> _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
