[Swan-dev] adding a test domain

[Antony Antony]

For last couple of years I have been using an extended version of the 
FreSWAN diagram and added "duo"  and  "float"

My motivation was more clear hosts, routing FLOAT with dual uplink.

https://libreswan.org/wiki/images/f/f1/Testnet-202102.png

I have nsrun that support sunset,sunrise, Tokyo. I also have pacifica, (in 
memory of Hugh Daniel), behind sunset. And arctic behind the pole. I will 
update the diagram : Pacifica and arctic.

Along these lines, I have another proposal. To use mixed KVM + namesapce 
setup. The plain nodes, including the nic, could be namespace instead of 
kvm. I use such setup manually.

If and when we tidy up the network diagrams I propose the following too:
addresspools should use a separate rage on each host. Such as  east pool 
192.0.8.0/24 west pool192.0.9.0/24 and special cases you can configure both.


On Mon, Jul 25, 2022 at 05:02:56PM -0400, Andrew Cagney wrote:
> I'd like to add a domain to the test framework.  The motivation is to
> allow end-to-end testing of scenarios where non IPsec domains route
> their traffic through IPsec gateways.  For instance:
> 
>    {ROAD,TRAIN} - NORTH = NIC - {EAST,WEST}
> 
> where NORTH and NIC would be running libreswan, while ROAD, TRAIN,
> EAST, and WEST would not.
> Currently this is implemented by injecting packets into the back
> interface of domains such as NORTH, which isn't quite the same thing.
> 
> My suggestion is to make two changes:
> - add a second interface to ROAD so that it can route packets through NORTH
> - add a new domain TRAIN that is behind NORTH
> see https://libreswan.org/wiki/Test_Suite#Proposed_Network_Diagram
> 
> For reference:
> Here's the original diagram:
> https://libreswan.org/wiki/Test_Suite#Original_Network_Diagram
> And here's how things are today:
> https://libreswan.org/wiki/Test_Suite#Network_Diagram
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev