Distribute-List Interface

Test to verify RIPng distribute-list interface configuration for route filtering. The set protocols ripng distribute-list interface <itf> prefix-list in <list> command filters incoming RIPng routes based on the interface they are received on and a prefix-list. The set protocols ripng distribute-list interface <itf> prefix-list out <list> command filters outgoing RIPng routes on a specific interface. These commands provide granular control over route acceptance and advertisement on a per-interface basis. The first test case validates inbound filtering with three routers, while the second test case validates outbound filtering with two routers using multiple dummy interfaces.

Test RIPng Distribute-List Interface Filtering

Description

Test RIPng distribute-list interface in filters incoming routes based on interface and prefix-list. DUT0 acts as the middle router with two neighbors. DUT1 connects via eth0 and redistributes the 2001:db8:100::/64 network into RIPng. DUT2 connects via eth1 and redistributes the 2001:db8:200::/64 network into RIPng. DUT0 applies the same prefix-list FILTER-ROUTES on both interfaces, which permits 2001:db8:100::/64 and denies 2001:db8:200::/64. The test verifies that DUT0 learns the route from DUT1 via eth0 but rejects the route from DUT2 via eth1 due to the prefix-list filtering rules.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address '2001:db8:1::50/64'
set interfaces ethernet eth1 address '2001:db8:2::50/64'
set protocols ipv6 prefix-list FILTER-ROUTES rule 10 action permit
set protocols ipv6 prefix-list FILTER-ROUTES rule 10 prefix '2001:db8:100::/64'
set protocols ipv6 prefix-list FILTER-ROUTES rule 20 action deny
set protocols ipv6 prefix-list FILTER-ROUTES rule 20 prefix '2001:db8:200::/64'
set protocols ripng distribute-list interface eth0 prefix-list in FILTER-ROUTES
set protocols ripng distribute-list interface eth1 prefix-list in FILTER-ROUTES
set protocols ripng network '2001:db8:1::/64'
set protocols ripng network '2001:db8:2::/64'
set protocols ripng timers update 5
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces dummy dum0 address '2001:db8:100::1/64'
set interfaces ethernet eth0 address '2001:db8:1::100/64'
set protocols ripng network '2001:db8:1::/64'
set protocols ripng redistribute connected
set protocols ripng timers update 5
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Set the following configuration in DUT2 :

set interfaces dummy dum0 address '2001:db8:200::1/64'
set interfaces ethernet eth1 address '2001:db8:2::75/64'
set protocols ripng network '2001:db8:2::/64'
set protocols ripng redistribute connected
set protocols ripng timers update 5
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Attention

DUT0 should learn route 2001:db8:100::/64 from DUT1 via eth0 (allowed by distribute-list).

Step 4: Run command protocols ripng show at DUT0 and check if output matches the following regular expressions:

R\(n\) 2001:db8:100::/64

Show output

Codes: K - kernel route, C - connected, L - local, S - static,
       R - RIPng, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric, t - Table-Direct
Sub-codes:
      (n) - normal, (s) - static, (d) - default, (r) - redistribute,
      (i) - interface, (a/S) - aggregated/Suppressed

   Network      Next Hop                      Via     Metric Tag Time
C(i) 2001:db8:1::/64
                  ::                          self       1    0
C(i) 2001:db8:2::/64
                  ::                          self       1    0
R(n) 2001:db8:100::/64
                  fe80::dcad:beff:feef:6c10   eth0       2    0  02:58

Step 5: Run command protocols ipv6 show route at DUT0 and check if output matches the following regular expressions:

R>\* 2001:db8:100::/64

Show output

Codes: K - kernel route, C - connected, L - local, S - static,
       R - RIPng, O - OSPFv3, I - IS-IS, B - BGP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric, t - Table-Direct,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

IPv6 unicast VRF default:
C>* 2001:db8:1::/64 is directly connected, eth0, weight 1, 00:00:08
K * 2001:db8:1::/64 [0/256] is directly connected, eth0, weight 1, 00:00:09
L>* 2001:db8:1::50/128 is directly connected, eth0, weight 1, 00:00:08
C>* 2001:db8:2::/64 is directly connected, eth1, weight 1, 00:00:08
K * 2001:db8:2::/64 [0/256] is directly connected, eth1, weight 1, 00:00:09
L>* 2001:db8:2::50/128 is directly connected, eth1, weight 1, 00:00:08
R>* 2001:db8:100::/64 [120/2] via fe80::dcad:beff:feef:6c10, eth0, weight 1, 00:00:02
C * fe80::/64 is directly connected, eth1, weight 1, 00:00:07
C>* fe80::/64 is directly connected, eth0, weight 1, 00:00:08

Attention

DUT0 should not learn route 2001:db8:200::/64 from DUT2 via eth1 (filtered by distribute-list).

Step 6: Run command protocols ripng show at DUT0 and expect this output:

Show output

Codes: K - kernel route, C - connected, L - local, S - static,
       R - RIPng, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric, t - Table-Direct
Sub-codes:
      (n) - normal, (s) - static, (d) - default, (r) - redistribute,
      (i) - interface, (a/S) - aggregated/Suppressed

   Network      Next Hop                      Via     Metric Tag Time
C(i) 2001:db8:1::/64
                  ::                          self       1    0
C(i) 2001:db8:2::/64
                  ::                          self       1    0
R(n) 2001:db8:100::/64
                  fe80::dcad:beff:feef:6c10   eth0       2    0  02:58

Step 7: Run command protocols ipv6 show route at DUT0 and expect this output:

Show output

Codes: K - kernel route, C - connected, L - local, S - static,
       R - RIPng, O - OSPFv3, I - IS-IS, B - BGP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric, t - Table-Direct,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

IPv6 unicast VRF default:
C>* 2001:db8:1::/64 is directly connected, eth0, weight 1, 00:00:08
K * 2001:db8:1::/64 [0/256] is directly connected, eth0, weight 1, 00:00:09
L>* 2001:db8:1::50/128 is directly connected, eth0, weight 1, 00:00:08
C>* 2001:db8:2::/64 is directly connected, eth1, weight 1, 00:00:08
K * 2001:db8:2::/64 [0/256] is directly connected, eth1, weight 1, 00:00:09
L>* 2001:db8:2::50/128 is directly connected, eth1, weight 1, 00:00:08
R>* 2001:db8:100::/64 [120/2] via fe80::dcad:beff:feef:6c10, eth0, weight 1, 00:00:02
C * fe80::/64 is directly connected, eth1, weight 1, 00:00:07
C>* fe80::/64 is directly connected, eth0, weight 1, 00:00:08

---

Test RIPng Distribute-List Interface OUT Filtering

Description

Test RIPng distribute-list interface out filters outgoing routes on specific interfaces. DUT0 has two dummy interfaces with networks 2001:db8:100::/64 and 2001:db8:200::/64. DUT0 is configured with an outgoing distribute-list on eth0 that permits 2001:db8:100::/64 and denies 2001:db8:200::/64. The test verifies that DUT1 receives only the permitted route.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces dummy dum0 address '2001:db8:100::1/64'
set interfaces dummy dum1 address '2001:db8:200::1/64'
set interfaces ethernet eth0 address '2001:db8:1::50/64'
set protocols ipv6 prefix-list FILTER-OUT rule 10 action permit
set protocols ipv6 prefix-list FILTER-OUT rule 10 prefix '2001:db8:100::/64'
set protocols ipv6 prefix-list FILTER-OUT rule 20 action deny
set protocols ipv6 prefix-list FILTER-OUT rule 20 prefix '2001:db8:200::/64'
set protocols ripng distribute-list interface eth0 prefix-list out FILTER-OUT
set protocols ripng network '2001:db8:1::/64'
set protocols ripng redistribute connected
set protocols ripng timers update 5
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address '2001:db8:1::100/64'
set protocols ripng network '2001:db8:1::/64'
set protocols ripng passive interface eth0
set protocols ripng timers update 5
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Attention

DUT1 should learn route 2001:db8:100::/64 from DUT0 (allowed by distribute-list out).

Step 3: Run command protocols ripng show at DUT1 and check if output matches the following regular expressions:

R\(n\) 2001:db8:100::/64

Show output

Codes: K - kernel route, C - connected, L - local, S - static,
       R - RIPng, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric, t - Table-Direct
Sub-codes:
      (n) - normal, (s) - static, (d) - default, (r) - redistribute,
      (i) - interface, (a/S) - aggregated/Suppressed

   Network      Next Hop                      Via     Metric Tag Time
C(i) 2001:db8:1::/64
                  ::                          self       1    0
R(n) 2001:db8:100::/64
                  fe80::dcad:beff:feef:6c00   eth0       2    0  02:58

Step 4: Run command protocols ipv6 show route at DUT1 and check if output matches the following regular expressions:

R>\* 2001:db8:100::/64

Show output

Codes: K - kernel route, C - connected, L - local, S - static,
       R - RIPng, O - OSPFv3, I - IS-IS, B - BGP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric, t - Table-Direct,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

IPv6 unicast VRF default:
C>* 2001:db8:1::/64 is directly connected, eth0, weight 1, 00:00:03
K * 2001:db8:1::/64 [0/256] is directly connected, eth0, weight 1, 00:00:05
L>* 2001:db8:1::100/128 is directly connected, eth0, weight 1, 00:00:03
R>* 2001:db8:100::/64 [120/2] via fe80::dcad:beff:feef:6c00, eth0, weight 1, 00:00:02
C>* fe80::/64 is directly connected, eth0, weight 1, 00:00:03

Attention

DUT1 should not learn route 2001:db8:200::/64 from DUT0 (filtered by distribute-list out).

Step 5: Run command protocols ripng show at DUT1 and expect this output:

Show output

Codes: K - kernel route, C - connected, L - local, S - static,
       R - RIPng, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric, t - Table-Direct
Sub-codes:
      (n) - normal, (s) - static, (d) - default, (r) - redistribute,
      (i) - interface, (a/S) - aggregated/Suppressed

   Network      Next Hop                      Via     Metric Tag Time
C(i) 2001:db8:1::/64
                  ::                          self       1    0
R(n) 2001:db8:100::/64
                  fe80::dcad:beff:feef:6c00   eth0       2    0  02:57

---