[26-06-22 06:32:05] START switch_ipsec_vxlan scenario: cases/switch_ipsec_vxlan.sh header : build two switches and verify ipsec vxlan output connectivity topology: sw1 100.100.0.241 <==== IPSec ====> sw2 100.100.0.242 | svc 192.56.0.1 <---- VxLAN output - svc 192.56.0.2 topology: # Topology: topology: # - Diagram: topology: # sw1 100.100.0.241 <==== IPSec ====> sw2 100.100.0.242 topology: # svc 192.56.0.1 <---- VxLAN output - svc 192.56.0.2 topology: # plain VxLAN phase, then IPSec-protected phase topology: # - Docker mgmt network: 100.100.0.0/24 topology: # sw1=100.100.0.241, sw2=100.100.0.242. topology: # - OpenLAN service network "example": 192.56.0.0/24 topology: # sw1=192.56.0.1, sw2=192.56.0.2. topology: # - IPSec tunnel: topology: # sw1 <-> sw2 over mgmt addresses with shared PSK. topology: # - Output link: topology: # sw2 -> sw1 by vxlan output. topology: # Validation: topology: # sw2 can ping/perf to sw1 on plain vxlan output (no ipsec tunnel), topology: # then repeat ping/perf after enabling ipsec tunnel on the same path. Started switch pause container: tests-sw-ipsec1-pause Started switch frr container: tests-sw-ipsec1-frr Started switch ipsec container: tests-sw-ipsec1-ipsec Started switch container: tests-sw-ipsec1 [26-06-22 06:32:06][ASSERT#0001][expect] at cases/switch_ipsec_vxlan.sh:64 fn=setup_sw1 retry=30 cmd="docker logs -f tests-sw-ipsec1" expect="Http.Start" 2026/06/22 06:32:06 INFO|root|Wait: ... 2026/06/22 06:32:06 INFO|root|TcpServer.Listen: tcp://0.0.0.0:10002 2026/06/22 06:32:06 INFO|root|UdpServer.Listen: udp://0.0.0.0:10002 2026/06/22 06:32:06 INFO|root|Http.Start 0.0.0.0:10000 [26-06-22 06:32:07][ASSERT#0001][OK] cost=1.038s [26-06-22 06:32:07][ASSERT#0002][cmd] at cases/switch_ipsec_vxlan.sh:66 fn=setup_sw1 cmd="docker exec tests-sw-ipsec1 openlan network --name example add --address 192.56.0.1/24" [26-06-22 06:32:07][ASSERT#0002][OK] cost=0.252s [26-06-22 06:32:07][ASSERT#0003][cmd] at cases/switch_ipsec_vxlan.sh:67 fn=setup_sw1 cmd="docker exec tests-sw-ipsec1 openlan user add --name edge@example --password 123456" # total 1 username password role lease edge@example 123456 guest 2027-06-22T06 [26-06-22 06:32:07][ASSERT#0003][OK] cost=0.066s Started switch pause container: tests-sw-ipsec2-pause Started switch frr container: tests-sw-ipsec2-frr Started switch ipsec container: tests-sw-ipsec2-ipsec Started switch container: tests-sw-ipsec2 [26-06-22 06:32:08][ASSERT#0004][expect] at cases/switch_ipsec_vxlan.sh:86 fn=setup_sw2 retry=30 cmd="docker logs -f tests-sw-ipsec2" expect="Http.Start" 2026/06/22 06:32:09 INFO|root|UdpServer.Listen: udp://0.0.0.0:10002 2026/06/22 06:32:09 INFO|root|TcpServer.Listen: tcp://0.0.0.0:10002 2026/06/22 06:32:09 INFO|root|Wait: ... 2026/06/22 06:32:09 INFO|root|Http.Start 0.0.0.0:10000 [26-06-22 06:32:09][ASSERT#0004][OK] cost=1.034s [26-06-22 06:32:09][ASSERT#0005][cmd] at cases/switch_ipsec_vxlan.sh:88 fn=setup_sw2 cmd="docker exec tests-sw-ipsec2 openlan network --name example add --address 192.56.0.2/24" [26-06-22 06:32:09][ASSERT#0005][OK] cost=0.267s [26-06-22 06:32:09][ASSERT#0006][cmd] at cases/switch_ipsec_vxlan.sh:89 fn=setup_sw2 cmd="docker exec tests-sw-ipsec2 openlan user add --name edge@example --password 123456" # total 1 username password role lease edge@example 123456 guest 2027-06-22T06 [26-06-22 06:32:09][ASSERT#0006][OK] cost=0.059s [26-06-22 06:32:09][ASSERT#0007][cmd] at cases/switch_ipsec_vxlan.sh:93 fn=setup_output cmd="docker exec tests-sw-ipsec1 openlan network --name example output add --remote 100.100.0.242 --protocol vxlan --segment 1056" [26-06-22 06:32:09][ASSERT#0007][OK] cost=0.066s [26-06-22 06:32:09][ASSERT#0008][cmd] at cases/switch_ipsec_vxlan.sh:94 fn=setup_output cmd="docker exec tests-sw-ipsec2 openlan network --name example output add --remote 100.100.0.241 --protocol vxlan --segment 1056" [26-06-22 06:32:09][ASSERT#0008][OK] cost=0.064s [26-06-22 06:32:09][ASSERT#0009][match] at cases/switch_ipsec_vxlan.sh:98 fn=test_vxlan_output_ping_without_ipsec retry=20 cmd="docker exec tests-sw-ipsec2 ping -c 3 192.56.0.1" expect="bytes from" PING 192.56.0.1 (192.56.0.1) 56(84) bytes of data. 64 bytes from 192.56.0.1: icmp_seq=1 ttl=64 time=0.346 ms 64 bytes from 192.56.0.1: icmp_seq=2 ttl=64 time=0.273 ms 64 bytes from 192.56.0.1: icmp_seq=3 ttl=64 time=0.266 ms --- 192.56.0.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2070ms [26-06-22 06:32:16][ASSERT#0009][OK] cost=6.271s [26-06-22 06:32:16][ASSERT#0010][cmd] at cases/switch_ipsec_vxlan.sh:100 fn=test_vxlan_output_ping_without_ipsec cmd="docker exec tests-sw-ipsec1 openlan reload --save" Save configuraion ... success # reloading pid:45 .... PID 45 CMD: /usr/bin/openlan-switch -conf:dir /etc/openlan/switch -log:level 20 # max wait 60s... # during 1s, new pid:464 ... PID 464 CMD: /usr/bin/openlan-switch -conf:dir /etc/openlan/switch -log:level 20 [26-06-22 06:32:17][ASSERT#0010][OK] cost=1.076s [26-06-22 06:32:17][ASSERT#0011][cmd] at cases/switch_ipsec_vxlan.sh:101 fn=test_vxlan_output_ping_without_ipsec cmd="docker exec tests-sw-ipsec2 openlan reload --save" Save configuraion ... success # reloading pid:45 .... PID 45 CMD: /usr/bin/openlan-switch -conf:dir /etc/openlan/switch -log:level 20 # max wait 60s... # during 1s, new pid:464 ... PID 464 CMD: /usr/bin/openlan-switch -conf:dir /etc/openlan/switch -log:level 20 [26-06-22 06:32:18][ASSERT#0011][OK] cost=1.085s [26-06-22 06:32:18][ASSERT#0012][match] at cases/switch_ipsec_vxlan.sh:102 fn=test_vxlan_output_ping_without_ipsec retry=20 cmd="docker exec tests-sw-ipsec2 ping -c 3 192.56.0.1" expect="bytes from" PING 192.56.0.1 (192.56.0.1) 56(84) bytes of data. 64 bytes from 192.56.0.1: icmp_seq=1 ttl=64 time=0.166 ms 64 bytes from 192.56.0.1: icmp_seq=2 ttl=64 time=0.276 ms 64 bytes from 192.56.0.1: icmp_seq=3 ttl=64 time=0.313 ms --- 192.56.0.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2041ms [26-06-22 06:32:20][ASSERT#0012][OK] cost=2.107s [26-06-22 06:32:20][ASSERT#0013][match] at cases/switch_ipsec_vxlan.sh:121 fn=test_vxlan_output_perf retry=30 cmd="docker exec tests-sw-ipsec2 ping -q -c 20 -i 0.05 -s 1200 192.56.0.1" expect="0% packet loss" PING 192.56.0.1 (192.56.0.1) 1200(1228) bytes of data. --- 192.56.0.1 ping statistics --- 20 packets transmitted, 20 received, 0% packet loss, time 973ms rtt min/avg/max/mdev = 0.111/0.245/0.329/0.057 ms [26-06-22 06:32:21][ASSERT#0013][OK] cost=1.041s [26-06-22 06:32:21][ASSERT#0014][match] at cases/switch_ipsec_vxlan.sh:122 fn=test_vxlan_output_perf retry=5 cmd="docker exec tests-sw-ipsec2 ping -q -c 20 -i 0.05 -s 1200 192.56.0.1" expect="rtt min/avg/max" --- 192.56.0.1 ping statistics --- 20 packets transmitted, 20 received, 0% packet loss, time 969ms rtt min/avg/max/mdev = 0.142/0.259/0.394/0.066 ms [26-06-22 06:32:22][ASSERT#0014][OK] cost=1.035s [26-06-22 06:32:22][ASSERT#0015][cmd] at cases/switch_ipsec_vxlan.sh:124 fn=test_vxlan_output_perf cmd="docker exec tests-sw-ipsec1 iperf3 -s -D -p 5206" [26-06-22 06:32:22][ASSERT#0015][OK] cost=0.059s [26-06-22 06:32:22][ASSERT#0016][match] at cases/switch_ipsec_vxlan.sh:125 fn=test_vxlan_output_perf retry=20 cmd="docker exec tests-sw-ipsec2 iperf3 -c 192.56.0.1 -p 5206 -t 5" expect="receiver" - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-5.00 sec 15.5 GBytes 26.6 Gbits/sec 0 sender [ 5] 0.00-5.03 sec 15.5 GBytes 26.5 Gbits/sec receiver iperf Done. [26-06-22 06:32:27][ASSERT#0016][OK] cost=5.234s [26-06-22 06:32:27][ASSERT#0017][cmd] at cases/switch_ipsec_vxlan.sh:126 fn=test_vxlan_output_perf cmd="docker exec tests-sw-ipsec1 pkill -f iperf3 -s -D -p 5206" [26-06-22 06:32:27][ASSERT#0017][OK] cost=0.064s [26-06-22 06:32:27][ASSERT#0018][cmd] at cases/switch_ipsec_vxlan.sh:128 fn=test_vxlan_output_perf cmd="docker exec tests-sw-ipsec1 iperf3 -s -D -p 5207" [26-06-22 06:32:27][ASSERT#0018][OK] cost=0.060s [26-06-22 06:32:27][ASSERT#0019][match] at cases/switch_ipsec_vxlan.sh:129 fn=test_vxlan_output_perf retry=20 cmd="docker exec tests-sw-ipsec2 iperf3 -u -c 192.56.0.1 -p 5207 -b 100M -t 5" expect="receiver" - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Jitter Lost/Total Datagrams [ 5] 0.00-5.00 sec 59.6 MBytes 100 Mbits/sec 0.000 ms 0/44702 (0%) sender [ 5] 0.00-5.04 sec 59.6 MBytes 99.2 Mbits/sec 0.002 ms 0/44702 (0%) receiver iperf Done. [26-06-22 06:32:33][ASSERT#0019][OK] cost=5.237s [26-06-22 06:32:33][ASSERT#0020][cmd] at cases/switch_ipsec_vxlan.sh:130 fn=test_vxlan_output_perf cmd="docker exec tests-sw-ipsec1 pkill -f iperf3 -s -D -p 5207" [26-06-22 06:32:33][ASSERT#0020][OK] cost=0.049s [26-06-22 06:32:33][ASSERT#0021][cmd] at cases/switch_ipsec_vxlan.sh:106 fn=test_vxlan_output_ping_with_ipsec cmd="docker exec tests-sw-ipsec1 openlan ipsec tunnel add --remote 100.100.0.242 --protocol vxlan --secret ea64d5b0c96c --localid sw1.ipsec.test --remoteid sw2.ipsec.test" [26-06-22 06:32:33][ASSERT#0021][OK] cost=0.068s [26-06-22 06:32:33][ASSERT#0022][cmd] at cases/switch_ipsec_vxlan.sh:107 fn=test_vxlan_output_ping_with_ipsec cmd="docker exec tests-sw-ipsec2 openlan ipsec tunnel add --remote 100.100.0.241 --protocol vxlan --secret ea64d5b0c96c --localid sw2.ipsec.test --remoteid sw1.ipsec.test" [26-06-22 06:32:33][ASSERT#0022][OK] cost=0.071s [26-06-22 06:32:33][ASSERT#0023][match] at cases/switch_ipsec_vxlan.sh:108 fn=test_vxlan_output_ping_with_ipsec retry=20 cmd="docker exec tests-sw-ipsec1 openlan ipsec tunnel ls | grep 100.100.0.242" expect="erouted" 100.100.0.242 vxlan ea64d5b0c96c [sw1.ipsec.test]0 -> [sw2.ipsec.test]0 erouted [26-06-22 06:32:34][ASSERT#0023][OK] cost=1.134s [26-06-22 06:32:34][ASSERT#0024][match] at cases/switch_ipsec_vxlan.sh:109 fn=test_vxlan_output_ping_with_ipsec retry=20 cmd="docker exec tests-sw-ipsec2 openlan ipsec tunnel ls | grep 100.100.0.241" expect="erouted" 100.100.0.241 vxlan ea64d5b0c96c [sw2.ipsec.test]0 -> [sw1.ipsec.test]0 erouted [26-06-22 06:32:34][ASSERT#0024][OK] cost=0.073s [26-06-22 06:32:34][ASSERT#0025][match] at cases/switch_ipsec_vxlan.sh:110 fn=test_vxlan_output_ping_with_ipsec retry=20 cmd="docker exec tests-sw-ipsec2 ping -c 3 192.56.0.1" expect="bytes from" PING 192.56.0.1 (192.56.0.1) 56(84) bytes of data. 64 bytes from 192.56.0.1: icmp_seq=1 ttl=64 time=0.240 ms 64 bytes from 192.56.0.1: icmp_seq=2 ttl=64 time=0.465 ms 64 bytes from 192.56.0.1: icmp_seq=3 ttl=64 time=0.374 ms --- 192.56.0.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2043ms [26-06-22 06:32:36][ASSERT#0025][OK] cost=2.112s [26-06-22 06:32:36][ASSERT#0026][cmd] at cases/switch_ipsec_vxlan.sh:112 fn=test_vxlan_output_ping_with_ipsec cmd="docker exec tests-sw-ipsec1 openlan reload --save" Save configuraion ... success # reloading pid:464 .... PID 464 CMD: /usr/bin/openlan-switch -conf:dir /etc/openlan/switch -log:level 20 # max wait 60s... # during 1s, new pid:726 ... PID 726 CMD: /usr/bin/openlan-switch -conf:dir /etc/openlan/switch -log:level 20 [26-06-22 06:32:37][ASSERT#0026][OK] cost=1.073s [26-06-22 06:32:37][ASSERT#0027][cmd] at cases/switch_ipsec_vxlan.sh:113 fn=test_vxlan_output_ping_with_ipsec cmd="docker exec tests-sw-ipsec2 openlan reload --save" Save configuraion ... success # reloading pid:464 .... PID 464 CMD: /usr/bin/openlan-switch -conf:dir /etc/openlan/switch -log:level 20 # max wait 60s... # during 1s, new pid:725 ... PID 725 CMD: /usr/bin/openlan-switch -conf:dir /etc/openlan/switch -log:level 20 [26-06-22 06:32:38][ASSERT#0027][OK] cost=1.077s [26-06-22 06:32:38][ASSERT#0028][match] at cases/switch_ipsec_vxlan.sh:115 fn=test_vxlan_output_ping_with_ipsec retry=20 cmd="docker exec tests-sw-ipsec1 openlan ipsec tunnel ls | grep 100.100.0.242" expect="erouted" 100.100.0.242 vxlan ea64d5b0c96c [sw1.ipsec.test]0 -> [sw2.ipsec.test]0 erouted [26-06-22 06:32:39][ASSERT#0028][OK] cost=0.071s [26-06-22 06:32:39][ASSERT#0029][match] at cases/switch_ipsec_vxlan.sh:116 fn=test_vxlan_output_ping_with_ipsec retry=20 cmd="docker exec tests-sw-ipsec2 openlan ipsec tunnel ls | grep 100.100.0.241" expect="erouted" 100.100.0.241 vxlan ea64d5b0c96c [sw2.ipsec.test]0 -> [sw1.ipsec.test]0 erouted [26-06-22 06:32:39][ASSERT#0029][OK] cost=0.075s [26-06-22 06:32:39][ASSERT#0030][match] at cases/switch_ipsec_vxlan.sh:117 fn=test_vxlan_output_ping_with_ipsec retry=20 cmd="docker exec tests-sw-ipsec2 ping -c 3 192.56.0.1" expect="bytes from" PING 192.56.0.1 (192.56.0.1) 56(84) bytes of data. 64 bytes from 192.56.0.1: icmp_seq=1 ttl=64 time=0.325 ms 64 bytes from 192.56.0.1: icmp_seq=2 ttl=64 time=0.403 ms 64 bytes from 192.56.0.1: icmp_seq=3 ttl=64 time=0.385 ms --- 192.56.0.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2030ms [26-06-22 06:32:41][ASSERT#0030][OK] cost=2.089s [26-06-22 06:32:41][ASSERT#0031][match] at cases/switch_ipsec_vxlan.sh:121 fn=test_vxlan_output_perf retry=30 cmd="docker exec tests-sw-ipsec2 ping -q -c 20 -i 0.05 -s 1200 192.56.0.1" expect="0% packet loss" PING 192.56.0.1 (192.56.0.1) 1200(1228) bytes of data. --- 192.56.0.1 ping statistics --- 20 packets transmitted, 20 received, 0% packet loss, time 969ms rtt min/avg/max/mdev = 0.271/0.472/0.585/0.061 ms [26-06-22 06:32:42][ASSERT#0031][OK] cost=1.032s [26-06-22 06:32:42][ASSERT#0032][match] at cases/switch_ipsec_vxlan.sh:122 fn=test_vxlan_output_perf retry=5 cmd="docker exec tests-sw-ipsec2 ping -q -c 20 -i 0.05 -s 1200 192.56.0.1" expect="rtt min/avg/max" --- 192.56.0.1 ping statistics --- 20 packets transmitted, 20 received, 0% packet loss, time 969ms rtt min/avg/max/mdev = 0.136/0.335/0.555/0.092 ms [26-06-22 06:32:43][ASSERT#0032][OK] cost=1.029s [26-06-22 06:32:43][ASSERT#0033][cmd] at cases/switch_ipsec_vxlan.sh:124 fn=test_vxlan_output_perf cmd="docker exec tests-sw-ipsec1 iperf3 -s -D -p 5206" [26-06-22 06:32:43][ASSERT#0033][OK] cost=0.044s [26-06-22 06:32:43][ASSERT#0034][match] at cases/switch_ipsec_vxlan.sh:125 fn=test_vxlan_output_perf retry=20 cmd="docker exec tests-sw-ipsec2 iperf3 -c 192.56.0.1 -p 5206 -t 5" expect="receiver" - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-5.00 sec 454 MBytes 761 Mbits/sec 4673 sender [ 5] 0.00-5.04 sec 445 MBytes 741 Mbits/sec receiver iperf Done. [26-06-22 06:32:48][ASSERT#0034][OK] cost=5.226s [26-06-22 06:32:48][ASSERT#0035][cmd] at cases/switch_ipsec_vxlan.sh:126 fn=test_vxlan_output_perf cmd="docker exec tests-sw-ipsec1 pkill -f iperf3 -s -D -p 5206" [26-06-22 06:32:48][ASSERT#0035][OK] cost=0.066s [26-06-22 06:32:48][ASSERT#0036][cmd] at cases/switch_ipsec_vxlan.sh:128 fn=test_vxlan_output_perf cmd="docker exec tests-sw-ipsec1 iperf3 -s -D -p 5207" [26-06-22 06:32:48][ASSERT#0036][OK] cost=0.051s [26-06-22 06:32:48][ASSERT#0037][match] at cases/switch_ipsec_vxlan.sh:129 fn=test_vxlan_output_perf retry=20 cmd="docker exec tests-sw-ipsec2 iperf3 -u -c 192.56.0.1 -p 5207 -b 100M -t 5" expect="receiver" - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Jitter Lost/Total Datagrams [ 5] 0.00-5.00 sec 59.6 MBytes 100 Mbits/sec 0.000 ms 0/46086 (0%) sender [ 5] 0.00-5.04 sec 59.6 MBytes 99.2 Mbits/sec 0.050 ms 0/46086 (0%) receiver iperf Done. [26-06-22 06:32:53][ASSERT#0037][OK] cost=5.223s [26-06-22 06:32:53][ASSERT#0038][cmd] at cases/switch_ipsec_vxlan.sh:130 fn=test_vxlan_output_perf cmd="docker exec tests-sw-ipsec1 pkill -f iperf3 -s -D -p 5207" [26-06-22 06:32:53][ASSERT#0038][OK] cost=0.053s [26-06-22 06:32:53][ASSERT#0039][cmd] at cases/switch_ipsec_vxlan.sh:136 fn=test_vxlan_output_remove cmd="docker exec tests-sw-ipsec2 openlan network --name example output rm --device xei1056" [26-06-22 06:32:54][ASSERT#0039][OK] cost=0.093s [26-06-22 06:32:54][ASSERT#0040][unmatch] at cases/switch_ipsec_vxlan.sh:137 fn=test_vxlan_output_remove retry=20 cmd="docker exec tests-sw-ipsec2 ping -c 3 192.56.0.1" unexpected="bytes from" Last output: PING 192.56.0.1 (192.56.0.1) 56(84) bytes of data. From 192.56.0.2 icmp_seq=1 Destination Host Unreachable From 192.56.0.2 icmp_seq=2 Destination Host Unreachable From 192.56.0.2 icmp_seq=3 Destination Host Unreachable --- 192.56.0.1 ping statistics --- 3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2071ms pipe 3 [26-06-22 06:34:44][ASSERT#0040][OK] cost=109.984s [26-06-22 06:34:44] END switch_ipsec_vxlan status=PASS cost=159.326s