net: implement NAD live-update test for localnet

azhivovk · azhivovk · commit 7b6aebe8256a · 2026-06-03T00:01:45.000+03:00
Implement the NAD reference change test for localnet.
The reference VM has eth1 on CUDN-VLAN-A and eth2 on CUDN-VLAN-B.
CUDN-VLAN-A is reused from the existing cudn_localnet fixture; only
CUDN-VLAN-B is created specifically for this test.

arp_ignore=1 and arp_announce=2 are set via cloud-init runcmd to
prevent ARP cache poisoning when both secondary interfaces share the
same subnet. --bind-dev forces iperf3 server responses out the
correct interface, eliminating ECMP routing ambiguity.

Signed-off-by: Asia Khromov &lt;azhivovk@redhat.com&gt;
Assisted-by: Claude Sonnet 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/tests/network/localnet/nad_ref_change/conftest.py b/tests/network/localnet/nad_ref_change/conftest.py
@@ -0,0 +1,139 @@
+from collections.abc import Generator
+from typing import Final
+
+import pytest
+from kubernetes.dynamic import DynamicClient
+from ocp_resources.namespace import Namespace
+
+from libs.net.ip import filter_link_local_addresses, random_cidr_addresses_by_family
+from libs.net.vmspec import lookup_iface_status, wait_for_ifaces_status
+from libs.vm.spec import Interface, Multus, Network
+from libs.vm.vm import BaseVirtualMachine
+from tests.network.libs import cloudinit
+from tests.network.libs import cluster_user_defined_network as libcudn
+from tests.network.libs.connectivity import ARP_ISOLATION_SYSCTL_CMD, poll_tcp_connectivity
+from tests.network.localnet.liblocalnet import (
+    CUDN_B_NAME,
+    GUEST_1ST_IFACE_NAME,
+    GUEST_2ND_IFACE_NAME,
+    IFACE_A_NAME,
+    IFACE_B_NAME,
+    LOCALNET_BR_EX_NETWORK,
+    LOCALNET_TEST_LABEL,
+    localnet_cudn,
+    localnet_vm,
+)
+
+NET_SEED: Final[int] = 0
+
+
+@pytest.fixture(scope="module")
+def cudn_nad_ref_vlan_b(
+    admin_client: DynamicClient,
+    cudn_localnet: libcudn.ClusterUserDefinedNetwork,
+    vlan_index_number: Generator[int],
+) -> Generator[libcudn.ClusterUserDefinedNetwork]:
+    with localnet_cudn(
+        name=CUDN_B_NAME,
+        match_labels=LOCALNET_TEST_LABEL,
+        vlan_id=next(vlan_index_number),
+        physical_network_name=LOCALNET_BR_EX_NETWORK,
+        client=admin_client,
+    ) as cudn:
+        cudn.wait_for_status_success()
+        yield cudn
+
+
+@pytest.fixture(scope="module")
+def ref_vm_localnet(
+    namespace_localnet_1: Namespace,
+    unprivileged_client: DynamicClient,
+    cudn_localnet: libcudn.ClusterUserDefinedNetwork,
+    cudn_nad_ref_vlan_b: libcudn.ClusterUserDefinedNetwork,
+) -> Generator[BaseVirtualMachine]:
+    iface_a_ips = random_cidr_addresses_by_family(net_seed=NET_SEED, host_address=1)
+    iface_b_ips = random_cidr_addresses_by_family(net_seed=NET_SEED, host_address=2)
+    with localnet_vm(
+        namespace=namespace_localnet_1.name,
+        name="ref-vm",
+        client=unprivileged_client,
+        networks=[
+            Network(name=IFACE_A_NAME, multus=Multus(networkName=cudn_localnet.name)),
+            Network(name=IFACE_B_NAME, multus=Multus(networkName=cudn_nad_ref_vlan_b.name)),
+        ],
+        interfaces=[
+            Interface(name=IFACE_A_NAME, bridge={}),
+            Interface(name=IFACE_B_NAME, bridge={}),
+        ],
+        network_data=cloudinit.NetworkData(
+            ethernets={
+                GUEST_1ST_IFACE_NAME: cloudinit.EthernetDevice(addresses=iface_a_ips),
+                GUEST_2ND_IFACE_NAME: cloudinit.EthernetDevice(addresses=iface_b_ips),
+            }
+        ),
+        runcmd=ARP_ISOLATION_SYSCTL_CMD,
+    ) as vm:
+        vm.start(wait=True)
+        vm.wait_for_agent_connected()
+        wait_for_ifaces_status(
+            vm=vm,
+            ip_addresses_by_spec_net_name={
+                IFACE_A_NAME: [addr.split("/")[0] for addr in iface_a_ips],
+                IFACE_B_NAME: [addr.split("/")[0] for addr in iface_b_ips],
+            },
+        )
+        yield vm
+
+
+@pytest.fixture()
+def under_test_vm_localnet(
+    namespace_localnet_1: Namespace,
+    unprivileged_client: DynamicClient,
+    cudn_localnet: libcudn.ClusterUserDefinedNetwork,
+) -> Generator[BaseVirtualMachine]:
+    iface_a_ips = random_cidr_addresses_by_family(net_seed=NET_SEED, host_address=3)
+    with localnet_vm(
+        namespace=namespace_localnet_1.name,
+        name="under-test-vm",
+        client=unprivileged_client,
+        networks=[Network(name=IFACE_A_NAME, multus=Multus(networkName=cudn_localnet.name))],
+        interfaces=[Interface(name=IFACE_A_NAME, bridge={})],
+        network_data=cloudinit.NetworkData(
+            ethernets={GUEST_1ST_IFACE_NAME: cloudinit.EthernetDevice(addresses=iface_a_ips)},
+        ),
+    ) as vm:
+        vm.start(wait=True)
+        vm.wait_for_agent_connected()
+        wait_for_ifaces_status(
+            vm=vm,
+            ip_addresses_by_spec_net_name={
+                IFACE_A_NAME: [addr.split("/")[0] for addr in iface_a_ips],
+            },
+        )
+        yield vm
+
+
+@pytest.fixture()
+def baseline_connectivity_localnet(
+    under_test_vm_localnet: BaseVirtualMachine,
+    ref_vm_localnet: BaseVirtualMachine,
+) -> None:
+    for server_ip in filter_link_local_addresses(
+        ip_addresses=lookup_iface_status(vm=ref_vm_localnet, iface_name=IFACE_A_NAME).ipAddresses
+    ):
+        poll_tcp_connectivity(
+            client_vm=under_test_vm_localnet,
+            server_vm=ref_vm_localnet,
+            server_ip=str(server_ip),
+            server_bind_dev=GUEST_1ST_IFACE_NAME,
+        )
+    for server_ip in filter_link_local_addresses(
+        ip_addresses=lookup_iface_status(vm=ref_vm_localnet, iface_name=IFACE_B_NAME).ipAddresses
+    ):
+        poll_tcp_connectivity(
+            client_vm=under_test_vm_localnet,
+            server_vm=ref_vm_localnet,
+            server_ip=str(server_ip),
+            server_bind_dev=GUEST_2ND_IFACE_NAME,
+            expect_connectivity=False,
+        )
diff --git a/tests/network/localnet/nad_ref_change/test_nad_ref_change.py b/tests/network/localnet/nad_ref_change/test_nad_ref_change.py
@@ -12,9 +12,26 @@
 
 import pytest
 
+from libs.net.ip import filter_link_local_addresses
+from libs.net.vmspec import lookup_iface_status
+from tests.network.libs.connectivity import poll_tcp_connectivity
+from tests.network.libs.nad_ref import update_nad_references
+from tests.network.localnet.liblocalnet import (
+    GUEST_1ST_IFACE_NAME,
+    GUEST_2ND_IFACE_NAME,
+    IFACE_A_NAME,
+    IFACE_B_NAME,
+)
 
+
+@pytest.mark.usefixtures("nncp_localnet", "baseline_connectivity_localnet")
 @pytest.mark.polarion("CNV-15948")
-def test_running_vm_vlan_change():
+def test_running_vm_vlan_change(
+    subtests,
+    under_test_vm_localnet,
+    ref_vm_localnet,
+    cudn_nad_ref_vlan_b,
+):
     """
     Test that a running VM can change the VLAN of its secondary localnet network, without rebooting.
     The VM should establish TCP connectivity on the new VLAN.
@@ -33,6 +50,28 @@ def test_running_vm_vlan_change():
         - Under-test VM eventually has TCP connectivity to the reference VM on NAD-VLAN-B
         - Under-test VM has no TCP connectivity to the reference VM on NAD-VLAN-A
     """
+    update_nad_references(vm=under_test_vm_localnet, nad_name_by_net={IFACE_A_NAME: cudn_nad_ref_vlan_b.name})
 
-
-test_running_vm_vlan_change.__test__ = False
+    for server_ip in filter_link_local_addresses(
+        ip_addresses=lookup_iface_status(vm=ref_vm_localnet, iface_name=IFACE_B_NAME).ipAddresses
+    ):
+        with subtests.test(msg=f"IPv{server_ip.version} connectivity on {IFACE_B_NAME}"):
+            poll_tcp_connectivity(
+                client_vm=under_test_vm_localnet,
+                server_vm=ref_vm_localnet,
+                server_ip=str(server_ip),
+                server_bind_dev=GUEST_2ND_IFACE_NAME,
+                client_bind_dev=GUEST_1ST_IFACE_NAME,
+            )
+    for server_ip in filter_link_local_addresses(
+        ip_addresses=lookup_iface_status(vm=ref_vm_localnet, iface_name=IFACE_A_NAME).ipAddresses
+    ):
+        with subtests.test(msg=f"IPv{server_ip.version} no connectivity on {IFACE_A_NAME}"):
+            poll_tcp_connectivity(
+                client_vm=under_test_vm_localnet,
+                server_vm=ref_vm_localnet,
+                server_ip=str(server_ip),
+                server_bind_dev=GUEST_1ST_IFACE_NAME,
+                client_bind_dev=GUEST_1ST_IFACE_NAME,
+                expect_connectivity=False,
+            )
