Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add network connectivity test #1424

Merged
merged 2 commits into from
Apr 14, 2021
Merged

add network connectivity test #1424

merged 2 commits into from
Apr 14, 2021

Conversation

abhipth
Copy link
Contributor

@abhipth abhipth commented Apr 12, 2021
edited
Loading

Integration test for verifying networking connectivity for TCP, UDP, ICMP in the following scenarios

N = Node
P = Pod using IP from Primary ENI
S = Pod using IP from Secondary ENI

N1P1 - N1P2 // Example, connection from Node 1, Pod 1 using Primary ENI IP to Node 1, Pod 2 using Primary ENI IP
N1P1 - N1S1
N1S1 - N1S2
N1P1 - N2P1
N1P1 - N2S1
N1S1 - N2S1

What type of PR is this?
Adds integration test.

Output

ginkgo -v --failOnPending -- --cluster-kubeconfig=$KUBECONFIG --cluster-name=$CLUSTER_NAME --aws-region=$AWS_REGION --aws-vpc-id=$VPC_ID  --ng-name-label-val="trunk-node"
Running Suite: CNI Pod Networking Suite
=======================================
Random Seed: 1618325377
Will run 3 of 3 specs

STEP: creating test namespace
STEP: getting the node with the node label key eks.amazonaws.com/nodegroup and value trunk-node
STEP: verifying more than 1 nodes are present for the test
STEP: getting the instance type from node label beta.kubernetes.io/instance-type
STEP: getting the network interface details from ec2
STEP: getting the aws-node daemon set in namesapce kube-system
STEP: setting the environment variables on the ds to map[WARM_ENI_TARGET:0 WARM_IP_TARGET:3]
STEP: updating the daemon set with new environment variable
test pod networking when testing ICMP traffic 
  should allow ICMP traffic
  /Users/abhipth/go/src/github.com/aws/amazon-vpc-cni-k8s/test/integration-new/cni/pod_networking_test.go:178
STEP: authorizing security group ingress on instance security group
STEP: authorizing security group egress on instance security group
STEP: creating server deployment on the primary node
STEP: creating server deployment on secondary node
STEP: checking connection on same node, primary to primary
verifying connectivity from pod primary-node-server-6d887b786f-zcnft on node ip-10-2-234-181.us-west-2.compute.internal with IP 10.2.1.102 to pod primary-node-server-6d887b786f-wjwl8 on node ip-10-2-234-181.us-west-2.compute.internal with IP 10.2.32.129
stdout: PING 10.2.32.129 (10.2.32.129): 56 data bytes
64 bytes from 10.2.32.129: seq=0 ttl=254 time=0.339 ms
64 bytes from 10.2.32.129: seq=1 ttl=254 time=0.316 ms
64 bytes from 10.2.32.129: seq=2 ttl=254 time=0.332 ms
64 bytes from 10.2.32.129: seq=3 ttl=254 time=0.319 ms
64 bytes from 10.2.32.129: seq=4 ttl=254 time=0.332 ms

--- 10.2.32.129 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.316/0.327/0.339 ms
 and stderr: 
STEP: checking connection on same node, primary to secondary
verifying connectivity from pod primary-node-server-6d887b786f-zcnft on node ip-10-2-234-181.us-west-2.compute.internal with IP 10.2.1.102 to pod primary-node-server-6d887b786f-8dq7q on node ip-10-2-234-181.us-west-2.compute.internal with IP 10.2.235.192
stdout: PING 10.2.235.192 (10.2.235.192): 56 data bytes
64 bytes from 10.2.235.192: seq=0 ttl=254 time=0.335 ms
64 bytes from 10.2.235.192: seq=1 ttl=254 time=0.342 ms
64 bytes from 10.2.235.192: seq=2 ttl=254 time=0.328 ms
64 bytes from 10.2.235.192: seq=3 ttl=254 time=0.326 ms
64 bytes from 10.2.235.192: seq=4 ttl=254 time=0.333 ms

--- 10.2.235.192 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.326/0.332/0.342 ms
 and stderr: 
STEP: checking connection on same node, secondary to secondary
verifying connectivity from pod primary-node-server-6d887b786f-8dq7q on node ip-10-2-234-181.us-west-2.compute.internal with IP 10.2.235.192 to pod primary-node-server-6d887b786f-wjwl8 on node ip-10-2-234-181.us-west-2.compute.internal with IP 10.2.32.129
stdout: PING 10.2.32.129 (10.2.32.129): 56 data bytes
64 bytes from 10.2.32.129: seq=0 ttl=254 time=0.311 ms
64 bytes from 10.2.32.129: seq=1 ttl=254 time=0.316 ms
64 bytes from 10.2.32.129: seq=2 ttl=254 time=0.321 ms
64 bytes from 10.2.32.129: seq=3 ttl=254 time=0.353 ms
64 bytes from 10.2.32.129: seq=4 ttl=254 time=0.315 ms

--- 10.2.32.129 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.311/0.323/0.353 ms
 and stderr: 
STEP: checking connection on different node, primary to primary
verifying connectivity from pod primary-node-server-6d887b786f-zcnft on node ip-10-2-234-181.us-west-2.compute.internal with IP 10.2.1.102 to pod secondary-node-server-795459df6c-5djr9 on node ip-10-2-242-100.us-west-2.compute.internal with IP 10.2.155.242
stdout: PING 10.2.155.242 (10.2.155.242): 56 data bytes
64 bytes from 10.2.155.242: seq=0 ttl=253 time=1.940 ms
64 bytes from 10.2.155.242: seq=1 ttl=253 time=1.536 ms
64 bytes from 10.2.155.242: seq=2 ttl=253 time=1.333 ms
64 bytes from 10.2.155.242: seq=3 ttl=253 time=1.507 ms
64 bytes from 10.2.155.242: seq=4 ttl=253 time=1.457 ms

--- 10.2.155.242 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 1.333/1.554/1.940 ms
 and stderr: 
STEP: checking connection on different node, primary to secondary
verifying connectivity from pod primary-node-server-6d887b786f-zcnft on node ip-10-2-234-181.us-west-2.compute.internal with IP 10.2.1.102 to pod secondary-node-server-795459df6c-fk6q9 on node ip-10-2-242-100.us-west-2.compute.internal with IP 10.2.124.133
stdout: PING 10.2.124.133 (10.2.124.133): 56 data bytes
64 bytes from 10.2.124.133: seq=0 ttl=253 time=2.331 ms
64 bytes from 10.2.124.133: seq=1 ttl=253 time=1.402 ms
64 bytes from 10.2.124.133: seq=2 ttl=253 time=1.364 ms
64 bytes from 10.2.124.133: seq=3 ttl=253 time=1.627 ms
64 bytes from 10.2.124.133: seq=4 ttl=253 time=1.171 ms

--- 10.2.124.133 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 1.171/1.579/2.331 ms
 and stderr: 
STEP: checking connection on different node, secondary to secondary
verifying connectivity from pod primary-node-server-6d887b786f-8dq7q on node ip-10-2-234-181.us-west-2.compute.internal with IP 10.2.235.192 to pod secondary-node-server-795459df6c-fk6q9 on node ip-10-2-242-100.us-west-2.compute.internal with IP 10.2.124.133
stdout: PING 10.2.124.133 (10.2.124.133): 56 data bytes
64 bytes from 10.2.124.133: seq=0 ttl=253 time=2.074 ms
64 bytes from 10.2.124.133: seq=1 ttl=253 time=1.554 ms
64 bytes from 10.2.124.133: seq=2 ttl=253 time=1.624 ms
64 bytes from 10.2.124.133: seq=3 ttl=253 time=1.624 ms
64 bytes from 10.2.124.133: seq=4 ttl=253 time=1.629 ms

--- 10.2.124.133 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 1.554/1.701/2.074 ms
 and stderr: 
STEP: revoking security group ingress on instance security group
STEP: revoking security group egress on instance security group
STEP: deleting the primary node server deployment
STEP: deleting the secondary node server deployment

• [SLOW TEST:107.142 seconds]
test pod networking
/Users/abhipth/go/src/github.com/aws/amazon-vpc-cni-k8s/test/integration-new/cni/pod_networking_test.go:33
  when testing ICMP traffic
  /Users/abhipth/go/src/github.com/aws/amazon-vpc-cni-k8s/test/integration-new/cni/pod_networking_test.go:156
    should allow ICMP traffic
    /Users/abhipth/go/src/github.com/aws/amazon-vpc-cni-k8s/test/integration-new/cni/pod_networking_test.go:178
------------------------------
test pod networking when establishing UDP connection from tester to server 
  connection should be established
  /Users/abhipth/go/src/github.com/aws/amazon-vpc-cni-k8s/test/integration-new/cni/pod_networking_test.go:205
STEP: authorizing security group ingress on instance security group
STEP: authorizing security group egress on instance security group
STEP: creating server deployment on the primary node
STEP: creating server deployment on secondary node
STEP: checking connection on same node, primary to primary
verifying connectivity from pod primary-node-server-6b64c865dc-nhwpq on node ip-10-2-234-181.us-west-2.compute.internal with IP 10.2.35.2 to pod primary-node-server-6b64c865dc-w9l64 on node ip-10-2-234-181.us-west-2.compute.internal with IP 10.2.199.224
stdout:  and stderr: Connection to 10.2.199.224 2271 port [udp/*] succeeded!

STEP: checking connection on same node, primary to secondary
verifying connectivity from pod primary-node-server-6b64c865dc-nhwpq on node ip-10-2-234-181.us-west-2.compute.internal with IP 10.2.35.2 to pod primary-node-server-6b64c865dc-9txb2 on node ip-10-2-234-181.us-west-2.compute.internal with IP 10.2.153.0
stdout:  and stderr: Connection to 10.2.153.0 2271 port [udp/*] succeeded!

STEP: checking connection on same node, secondary to secondary
verifying connectivity from pod primary-node-server-6b64c865dc-9txb2 on node ip-10-2-234-181.us-west-2.compute.internal with IP 10.2.153.0 to pod primary-node-server-6b64c865dc-w9l64 on node ip-10-2-234-181.us-west-2.compute.internal with IP 10.2.199.224
stdout:  and stderr: Connection to 10.2.199.224 2271 port [udp/*] succeeded!

STEP: checking connection on different node, primary to primary
verifying connectivity from pod primary-node-server-6b64c865dc-nhwpq on node ip-10-2-234-181.us-west-2.compute.internal with IP 10.2.35.2 to pod secondary-node-server-584b8bf-86gbk on node ip-10-2-242-100.us-west-2.compute.internal with IP 10.2.56.226
stdout:  and stderr: Connection to 10.2.56.226 2271 port [udp/*] succeeded!

STEP: checking connection on different node, primary to secondary
verifying connectivity from pod primary-node-server-6b64c865dc-nhwpq on node ip-10-2-234-181.us-west-2.compute.internal with IP 10.2.35.2 to pod secondary-node-server-584b8bf-8wq8h on node ip-10-2-242-100.us-west-2.compute.internal with IP 10.2.209.2
stdout:  and stderr: Connection to 10.2.209.2 2271 port [udp/*] succeeded!

STEP: checking connection on different node, secondary to secondary
verifying connectivity from pod primary-node-server-6b64c865dc-9txb2 on node ip-10-2-234-181.us-west-2.compute.internal with IP 10.2.153.0 to pod secondary-node-server-584b8bf-8wq8h on node ip-10-2-242-100.us-west-2.compute.internal with IP 10.2.209.2
stdout:  and stderr: Connection to 10.2.209.2 2271 port [udp/*] succeeded!

STEP: revoking security group ingress on instance security group
STEP: revoking security group egress on instance security group
STEP: deleting the primary node server deployment
STEP: deleting the secondary node server deployment

• [SLOW TEST:120.529 seconds]
test pod networking
/Users/abhipth/go/src/github.com/aws/amazon-vpc-cni-k8s/test/integration-new/cni/pod_networking_test.go:33
  when establishing UDP connection from tester to server
  /Users/abhipth/go/src/github.com/aws/amazon-vpc-cni-k8s/test/integration-new/cni/pod_networking_test.go:185
    connection should be established
    /Users/abhipth/go/src/github.com/aws/amazon-vpc-cni-k8s/test/integration-new/cni/pod_networking_test.go:205
------------------------------
test pod networking when establishing TCP connection from tester to server 
  should allow connection across nodes and across interface types
  /Users/abhipth/go/src/github.com/aws/amazon-vpc-cni-k8s/test/integration-new/cni/pod_networking_test.go:233
STEP: authorizing security group ingress on instance security group
STEP: authorizing security group egress on instance security group
STEP: creating server deployment on the primary node
STEP: creating server deployment on secondary node
STEP: checking connection on same node, primary to primary
verifying connectivity from pod primary-node-server-84548779c9-kr8gs on node ip-10-2-234-181.us-west-2.compute.internal with IP 10.2.23.67 to pod primary-node-server-84548779c9-bdm2c on node ip-10-2-234-181.us-west-2.compute.internal with IP 10.2.48.230
stdout:  and stderr: Connection to 10.2.48.230 2271 port [tcp/*] succeeded!

STEP: checking connection on same node, primary to secondary
verifying connectivity from pod primary-node-server-84548779c9-kr8gs on node ip-10-2-234-181.us-west-2.compute.internal with IP 10.2.23.67 to pod primary-node-server-84548779c9-n7nzd on node ip-10-2-234-181.us-west-2.compute.internal with IP 10.2.240.67
stdout:  and stderr: Connection to 10.2.240.67 2271 port [tcp/*] succeeded!

STEP: checking connection on same node, secondary to secondary
verifying connectivity from pod primary-node-server-84548779c9-n7nzd on node ip-10-2-234-181.us-west-2.compute.internal with IP 10.2.240.67 to pod primary-node-server-84548779c9-bdm2c on node ip-10-2-234-181.us-west-2.compute.internal with IP 10.2.48.230
stdout:  and stderr: Connection to 10.2.48.230 2271 port [tcp/*] succeeded!

STEP: checking connection on different node, primary to primary
verifying connectivity from pod primary-node-server-84548779c9-kr8gs on node ip-10-2-234-181.us-west-2.compute.internal with IP 10.2.23.67 to pod secondary-node-server-c95498bdf-pwzdd on node ip-10-2-242-100.us-west-2.compute.internal with IP 10.2.8.16
stdout:  and stderr: Connection to 10.2.8.16 2271 port [tcp/*] succeeded!

STEP: checking connection on different node, primary to secondary
verifying connectivity from pod primary-node-server-84548779c9-kr8gs on node ip-10-2-234-181.us-west-2.compute.internal with IP 10.2.23.67 to pod secondary-node-server-c95498bdf-7fscm on node ip-10-2-242-100.us-west-2.compute.internal with IP 10.2.194.163
stdout:  and stderr: Connection to 10.2.194.163 2271 port [tcp/*] succeeded!

STEP: checking connection on different node, secondary to secondary
verifying connectivity from pod primary-node-server-84548779c9-n7nzd on node ip-10-2-234-181.us-west-2.compute.internal with IP 10.2.240.67 to pod secondary-node-server-c95498bdf-7fscm on node ip-10-2-242-100.us-west-2.compute.internal with IP 10.2.194.163
stdout:  and stderr: Connection to 10.2.194.163 2271 port [tcp/*] succeeded!

STEP: revoking security group ingress on instance security group
STEP: revoking security group egress on instance security group
STEP: deleting the primary node server deployment
STEP: deleting the secondary node server deployment

• [SLOW TEST:87.079 seconds]
test pod networking
/Users/abhipth/go/src/github.com/aws/amazon-vpc-cni-k8s/test/integration-new/cni/pod_networking_test.go:33
  when establishing TCP connection from tester to server
  /Users/abhipth/go/src/github.com/aws/amazon-vpc-cni-k8s/test/integration-new/cni/pod_networking_test.go:212
    should allow connection across nodes and across interface types
    /Users/abhipth/go/src/github.com/aws/amazon-vpc-cni-k8s/test/integration-new/cni/pod_networking_test.go:233
------------------------------
STEP: deleting test namespace
STEP: getting the aws-node daemon set in namesapce kube-system
STEP: setting the environment variables on the ds to map[WARM_ENI_TARGET:{} WARM_IP_TARGET:{}]
STEP: updating the daemon set with new environment variable

Ran 3 of 3 Specs in 437.937 seconds
SUCCESS! -- 3 Passed | 0 Failed | 0 Pending | 0 Skipped
PASS

Ginkgo ran 1 suite in 7m24.400603565s
Test Suite Passed

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@abhipth
add network connectivity test
3503e8c 
- tests traffic for following scenarios on same node and on different node
  - Primary ENI IP - Primary ENI IP
  - Primary ENI IP - Secondary ENI IP
  - Secondary ENI IP - Secondary ENI IP
- traffic type - TCP, UPD, ICMP
@jayanthvn jayanthvn self-requested a review April 13, 2021 00:16
abhipth
abhipth commented Apr 13, 2021
View reviewed changes
test/integration-new/cni/pod_networking_test.go Outdated
By("checking connection on same node, primary to primary")
testConnectivity(
interfaceToPodListOnPrimaryNode.PodsOnPrimaryENI[0],
interfaceToPodListOnPrimaryNode.PodsOnSecondaryENI[1],
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need to fix

@jayanthvn
Copy link
Contributor

Thanks Abhinav. Also let's update the folder name and add a readme. Later lets deprecate the integration folder.

jayanthvn
jayanthvn approved these changes Apr 14, 2021
View reviewed changes
Copy link
Contributor

@jayanthvn jayanthvn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@jayanthvn jayanthvn merged commit 0013eba into aws:master Apr 14, 2021
@jayanthvn jayanthvn mentioned this pull request Apr 14, 2021
Closed
@abhipth abhipth deleted the networking-test branch May 5, 2021 05:55
This was referenced Jun 10, 2021
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jayanthvn jayanthvn jayanthvn approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@abhipth @jayanthvn