net: Introduce bandwidth throttling test (#4299)

Add bandwidth throttling test for Multus secondary
interface via bridge CNI.
Users are interested to apply bandwidth limitations on
ingress and egress traffic passing to and from the VM interfaces.
Implements test coverage for SUPPORTEX-29574
https://redhat.atlassian.net/browse/SUPPORTEX-29574

In order to cover the BW rating limits, a Network Attachment Definition
with the bridge CNI and the Bandwidth CNI is defined and linked to a
secondary VM network.
The test covers all available IP families, per the deployed cluster.
An existing NNCP is used to configure the node network.

Some new helpers are similar to existing helpers from
`vmi_interfaces_stability` module and will be adjusted in a follow-up to
focus this PR on the BW test.

##### jira-ticket: https://redhat.atlassian.net/browse/CNV-82064
<!-- full-ticket-url needs to be provided. This would add a link to the
pull request to the jira and close it when the pull request is merged
If the task is not tracked by a Jira ticket, just write "NONE".
-->


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added bandwidth shaping and rate limiting capabilities for secondary
network interfaces.
* Introduced dual-stack IPv4/IPv6 networking support with automatic
address configuration and cloud-init integration.
* Enhanced VM interface status monitoring and verification
functionality.

* **Tests**
* Added comprehensive test suite for bandwidth limit enforcement on
secondary network interfaces.
* Implemented supporting test infrastructure and helpers for network
configuration validation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Author: rnetser

libs/net/ip.py

@@ -79,6 +79,31 @@ def _random_hextets(count: int) -> list[int]:
     return random.sample(range(1, 0xFFFE), count)
 
 
+def random_ip_addresses_by_family(
+    ipv4_supported: bool,
+    ipv6_supported: bool,
+    net_seed: int,
+    host_address: int,
+) -> list[str]:
+    """Generate IP addresses for each supported IP family.
+
+    Args:
+        ipv4_supported: Whether IPv4 is supported.
+        ipv6_supported: Whether IPv6 is supported.
+        net_seed: Seed index for selecting the random network portion of the address.
+        host_address: Host portion of the address, used to place VMs on the same subnet.
+
+    Returns:
+        List of IP address strings, one per supported IP family.
+    """
+    ips = []
+    if ipv4_supported:
+        ips.append(random_ipv4_address(net_seed=net_seed, host_address=host_address))
+    if ipv6_supported:
+        ips.append(random_ipv6_address(net_seed=net_seed, host_address=host_address))
+    return ips
+
+
 def filter_link_local_addresses(ip_addresses: list[str]) -> list[ipaddress.IPv4Address | ipaddress.IPv6Address]:
     """
     Filter out link-local IP addresses from a list of IP address strings.

libs/net/netattachdef.py

@@ -84,6 +84,20 @@ class Topology(Enum):
         LOCALNET = "localnet"
 
 
+@dataclass
+class CNIPluginBandwidthConfig(CNIPluginConfig):
+    """
+    CNI Bandwidth Plugin
+    Ref: https://www.cni.dev/plugins/current/meta/bandwidth/
+    """
+
+    type: str = field(default="bandwidth", init=False)
+    ingressRate: int  # noqa: N815
+    ingressBurst: int  # noqa: N815
+    egressRate: int  # noqa: N815
+    egressBurst: int  # noqa: N815
+
+
 @dataclass
 class CNIPluginMacvlanConfig(CNIPluginConfig):
     """

libs/net/vmspec.py

@@ -163,3 +163,30 @@ def _lookup_first_ip_address(
     ip_family: int,
 ) -> ipaddress.IPv4Address | ipaddress.IPv6Address | None:
     return next((ip for ip_addr in ip_addresses if (ip := ipaddress.ip_address(ip_addr)).version == ip_family), None)
+
+
+def wait_for_ifaces_status(
+    vm: BaseVirtualMachine,
+    ip_addresses_by_spec_net_name: dict[str, list[str]],
+) -> None:
+    """Wait for all VM interfaces to be ready.
+
+    Args:
+        vm: The virtual machine to wait for.
+        ip_addresses_by_spec_net_name: Mapping of spec network name to its expected IP addresses.
+            Primary (masquerade) interfaces are detected automatically from the VM spec.
+    """
+    for iface in vm.template_spec.domain.devices.interfaces:  # type: ignore
+        if iface.masquerade is not None:
+            lookup_iface_status(vm=vm, iface_name=iface.name)
+        else:
+            lookup_iface_status(
+                vm=vm,
+                iface_name=iface.name,
+                predicate=lambda iface_status: (
+                    "guest-agent" in iface_status["infoSource"]
+                    and all(
+                        ip in iface_status.get("ipAddresses", []) for ip in ip_addresses_by_spec_net_name[iface.name]
+                    )
+                ),
+            )

libs/vm/vm.py

@@ -11,7 +11,17 @@
 from ocp_resources.virtual_machine_instance import VirtualMachineInstance
 from pytest_testconfig import config as py_config
 
-from libs.vm.spec import CloudInitNoCloud, ContainerDisk, Devices, Disk, Metadata, SpecDisk, VMISpec, VMSpec, Volume
+from libs.vm.spec import (
+    CloudInitNoCloud,
+    ContainerDisk,
+    Devices,
+    Disk,
+    Metadata,
+    SpecDisk,
+    VMISpec,
+    VMSpec,
+    Volume,
+)
 from tests.network.libs import cloudinit
 from utilities import infra
 from utilities.constants import CLOUD_INIT_DISK_NAME
@@ -104,6 +114,10 @@ def update_template_annotations(self, template_annotations: dict[str, str]) -> N
         }
         ResourceEditor(patches=patches).update()
 
+    @property
+    def template_spec(self) -> VMISpec:
+        return self._spec.template.spec
+
     @property
     def cloud_init_network_data(self) -> cloudinit.NetworkData:
         """Return the parsed cloud-init network data configured for this VM.

tests/network/l2_bridge/bandwidth/conftest.py

@@ -0,0 +1,138 @@
+import ipaddress
+from collections.abc import Generator
+from ipaddress import ip_interface
+from typing import Final
+
+import pytest
+from kubernetes.dynamic import DynamicClient
+from ocp_resources.namespace import Namespace
+
+import tests.network.libs.nodenetworkconfigurationpolicy as libnncp
+from libs.net.ip import random_ip_addresses_by_family
+from libs.net.netattachdef import (
+    CNIPluginBandwidthConfig,
+    CNIPluginBridgeConfig,
+    NetConfig,
+    NetworkAttachmentDefinition,
+)
+from libs.net.vmspec import wait_for_ifaces_status
+from libs.vm.vm import BaseVirtualMachine
+from tests.network.l2_bridge.bandwidth.lib_helpers import (
+    BANDWIDTH_RATE_BPS,
+    BANDWIDTH_SECONDARY_IFACE_NAME,
+    GUEST_2ND_IFACE_NAME,
+    secondary_network_vm,
+)
+
+_NAD_NAME: Final[str] = "br-bw-test-nad"
+
+
+@pytest.fixture(scope="module")
+def bandwidth_nad(
+    admin_client: DynamicClient,
+    namespace: Namespace,
+    bridge_nncp: libnncp.NodeNetworkConfigurationPolicy,
+) -> Generator[NetworkAttachmentDefinition]:
+    config = NetConfig(
+        name=_NAD_NAME,
+        plugins=[
+            CNIPluginBridgeConfig(
+                bridge=bridge_nncp.desired_state_spec.interfaces[0].name  # type: ignore
+            ),
+            CNIPluginBandwidthConfig(
+                ingressRate=BANDWIDTH_RATE_BPS,
+                ingressBurst=BANDWIDTH_RATE_BPS,
+                egressRate=BANDWIDTH_RATE_BPS,
+                egressBurst=BANDWIDTH_RATE_BPS,
+            ),
+        ],
+    )
+    with NetworkAttachmentDefinition(
+        name=_NAD_NAME,
+        namespace=namespace.name,
+        config=config,
+        client=admin_client,
+    ) as bw_nad:
+        yield bw_nad
+
+
+@pytest.fixture(scope="module")
+def server_vm(
+    ipv4_supported_cluster: bool,
+    ipv6_supported_cluster: bool,
+    unprivileged_client: DynamicClient,
+    namespace: Namespace,
+    bandwidth_nad: NetworkAttachmentDefinition,
+) -> Generator[BaseVirtualMachine]:
+    addresses = [
+        f"{ip}/64" if ipaddress.ip_address(ip).version == 6 else f"{ip}/24"
+        for ip in random_ip_addresses_by_family(
+            ipv4_supported=ipv4_supported_cluster,
+            ipv6_supported=ipv6_supported_cluster,
+            net_seed=0,
+            host_address=1,
+        )
+    ]
+    with secondary_network_vm(
+        namespace=namespace.name,
+        name="bw-server-vm",
+        client=unprivileged_client,
+        nad_name=bandwidth_nad.name,
+        secondary_iface_name=BANDWIDTH_SECONDARY_IFACE_NAME,
+        secondary_iface_addresses=addresses,
+        ipv4_supported=ipv4_supported_cluster,
+        ipv6_supported=ipv6_supported_cluster,
+    ) as vm:
+        vm.start(wait=True)
+        vm.wait_for_agent_connected()
+        wait_for_ifaces_status(
+            vm=vm,
+            ip_addresses_by_spec_net_name={
+                BANDWIDTH_SECONDARY_IFACE_NAME: [
+                    str(ip_interface(addr).ip)
+                    for addr in vm.cloud_init_network_data.ethernets[GUEST_2ND_IFACE_NAME].addresses
+                ]
+            },
+        )
+        yield vm
+
+
+@pytest.fixture(scope="module")
+def client_vm(
+    ipv4_supported_cluster: bool,
+    ipv6_supported_cluster: bool,
+    unprivileged_client: DynamicClient,
+    namespace: Namespace,
+    bandwidth_nad: NetworkAttachmentDefinition,
+) -> Generator[BaseVirtualMachine]:
+    addresses = [
+        f"{ip}/64" if ipaddress.ip_address(ip).version == 6 else f"{ip}/24"
+        for ip in random_ip_addresses_by_family(
+            ipv4_supported=ipv4_supported_cluster,
+            ipv6_supported=ipv6_supported_cluster,
+            net_seed=0,
+            host_address=2,
+        )
+    ]
+    with secondary_network_vm(
+        namespace=namespace.name,
+        name="bw-client-vm",
+        client=unprivileged_client,
+        nad_name=bandwidth_nad.name,
+        secondary_iface_name=BANDWIDTH_SECONDARY_IFACE_NAME,
+        secondary_iface_addresses=addresses,
+        ipv4_supported=ipv4_supported_cluster,
+        ipv6_supported=ipv6_supported_cluster,
+    ) as vm:
+        vm.start(wait=True)
+        vm.wait_for_agent_connected()
+        wait_for_ifaces_status(
+            vm=vm,
+            ip_addresses_by_spec_net_name={
+                BANDWIDTH_SECONDARY_IFACE_NAME: [
+                    str(ip_interface(addr).ip)
+                    for addr in vm.cloud_init_network_data.ethernets[GUEST_2ND_IFACE_NAME].addresses
+                ]
+            },
+        )
+        yield vm