Merge branch 'main' into sudhir-gnmi-1.24

Author: sudhirakondi

feature/bgp/otg_tests/bgp_disable_peer_as_filter_test/README.md

@@ -0,0 +1,164 @@
+# RT-1.71: BGP Disable Peer AS Filter (`disable-peer-as-filter`)
+
+## Summary
+
+Verifies BGP disable-peer-as-filter functionality for both IPv4 and IPv6 Unicast sessions. This feature ensures that a router can accept routes from an eBGP peer even if the receiving router's own AS is present in the AS-PATH.
+
+## Testbed type
+
+* [TESTBED_DUT_ATE_2LINKS](https://github.com/openconfig/featureprofiles/blob/main/topologies/ate_tests/base_2link_topology.testbed)
+
+## Topology
+
+```mermaid
+flowchart LR
+    subgraph ATE ["Automated Test Equipment"]
+        ATE1(["Port 1 AS 64496"])
+        ATE2(["Port 2 AS 64497"])
+    end
+
+    subgraph DUT_Domain ["Device Under Test"]
+        DUT(["DUT AS 64498"])
+    end
+
+    ATE1 <-->|eBGP| DUT
+    DUT <-->|eBGP| ATE2
+```
+
+* **ATE Port 1** (AS 64496) connects to the **DUT** (AS 64498) via eBGP.
+* **DUT** (AS 64498) connects to **ATE Port 2** (AS 64497) via eBGP.
+
+## Test environment setup
+
+1. Configure eBGP sessions (IPv4 and IPv6) between ATE Port 1, DUT, and ATE Port 2.
+2. Use the following RFC-compliant addresses:
+    * **Link 1 (ATE1 - DUT):** `192.0.2.0/30`, `2001:db8::1/126`
+    * **Link 2 (ATE2 - DUT):** `198.51.100.0/30`, `2001:db8::5/126`
+
+
+## Procedure
+
+### RT-1.71.1: Baseline Test (Default Filtering)
+
+1. Establish eBGP sessions (IPv4 and IPv6) between ATE Port 1, DUT, and ATE Port 2.
+2. Advertise a prefix (e.g., `192.0.2.100/32` and `2001:db8:64:64::1/64`) from ATE Port 1 with an AS-PATH containing the target peer's AS (`64497`) in the middle (e.g., AS-PATH: `64496 64497 64499`).
+3. Verify that the DUT **does not advertise** the route to ATE Port 2.
+4. Verify that ATE Port 2 **does not receive** the route.
+
+### RT-1.71.2: Test `disable-peer-as-filter = TRUE` (Transit AS)
+
+1. Enable `disable-peer-as-filter` on the DUT's neighbor/peer-group configuration towards ATE Port 2 (AS 64497).
+2. Re-advertise the prefixes from ATE Port 1 with the same AS-PATH (`64496 64497 64499`).
+3. Verify that the DUT **advertises** the route to ATE Port 2.
+4. Verify that ATE Port 2 **receives** the route.
+5. Validate for both IPv4 and IPv6 families.
+
+### RT-1.71.3: Test "Originating Peer AS"
+
+1. Ensure `disable-peer-as-filter` is enabled on the DUT's neighbor configuration towards ATE Port 2.
+2. Advertise a prefix from ATE Port 1 with an AS-PATH where the target peer's AS (`64497`) is the **originating AS** (e.g., AS-PATH: `64496 64499 64497`).
+3. Verify that the DUT **advertises** the route to ATE Port 2.
+4. Verify that ATE Port 2 **receives** the route.
+5. Validate session state and capabilities received on DUT using telemetry.
+
+
+### RT-1.71.4: Private AS Number Scenario
+
+```mermaid
+graph LR
+    subgraph ATE ["ATE"]
+        direction TB
+        ATE1["Port 1<br/>(AS 64496)"]
+        ATE2["Port 2<br/>(AS 64512)"]
+    end
+
+    subgraph DUT_Domain ["DUT"]
+        DUT["DUT<br/>(AS 64498)"]
+    end
+
+    %% Advertisement Flow for RT-1.71.4
+    ATE1 -- "Advertise Prefix<br/>(AS-PATH: 64496 64499 64512)" --> DUT
+    DUT -- "Propagate to Peer with<br/>AS 64512 in PATH" --> ATE2
+```
+
+1. Configure **ATE Port 2** with a private AS number (e.g., `64512`).
+2. Configure the **DUT** (AS `64498`) with `disable-peer-as-filter = TRUE` on the neighbor configuration towards ATE Port 2.
+3. Advertise a prefix from **ATE Port 1** with an AS-PATH that includes ATE Port 2's AS (e.g., AS-PATH: `64496 64499 64512`).
+4. Verify that the DUT **advertises** the route to ATE Port 2 (AS 64512).
+5. Verify that ATE Port 2 **receives** the route.
+
+### RT-1.71.5: Test "Peer-group and Neighbor level"
+
+Ensure the tests are performed for BGP configuration at the Peer-group as well as at the Neighbor levels
+
+## Canonical OC
+
+```json
+{
+  "network-instances": {
+    "network-instance": [
+      {
+        "name": "DEFAULT",
+        "config": {
+          "name": "DEFAULT"
+        },
+        "protocols": {
+          "protocol": [
+            {
+              "identifier": "BGP",
+              "name": "BGP",
+              "config": {
+                "identifier": "BGP",
+                "name": "BGP"
+              },
+              "bgp": {
+                "peer-groups": {
+                  "peer-group": [
+                    {
+                      "peer-group-name": "BGP-PEER-GROUP1",
+                      "config": {
+                        "peer-group-name": "BGP-PEER-GROUP1"
+                      },
+                      "as-path-options": {
+                        "config": {
+                          "disable-peer-as-filter": true
+                        }
+                      }
+                    }
+                  ]
+                }
+              }
+            }
+          ]
+        }
+      }
+    ]
+  }
+}
+```
+
+## OpenConfig Path and RPC Coverage
+
+```yaml
+paths:
+  ## Config paths
+  /network-instances/network-instance/protocols/protocol/bgp/peer-groups/peer-group/as-path-options/config/disable-peer-as-filter:
+  /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/as-path-options/config/disable-peer-as-filter:
+
+  ## State paths
+  /network-instances/network-instance/protocols/protocol/bgp/peer-groups/peer-group/as-path-options/state/disable-peer-as-filter:
+  /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/as-path-options/state/disable-peer-as-filter:
+  /network-instances/network-instance/protocols/protocol/bgp/neighbors/neighbor/state/session-state:
+
+rpcs:
+  gnmi:
+    gNMI.Set:
+      union_replace: true
+    gNMI.Subscribe:
+      on_change: true
+```
+
+## Required DUT platform
+
+* vRX - virtual router device
+

feature/bgp/otg_tests/bgp_disable_peer_as_filter_test/metadata.textproto

@@ -0,0 +1,7 @@
+# proto-file: github.com/openconfig/featureprofiles/proto/metadata.proto
+# proto-message: Metadata
+
+uuid: "0a9bd744-53e0-4152-bb30-ef23d5c3fe78"
+plan_id: "RT-1.71"
+description: "BGP Disable Peer AS Filter (`disable-peer-as-filter`)"
+testbed: TESTBED_DUT_ATE_2LINKS

feature/bgp/policybase/otg_tests/link_bandwidth_test/link_bandwidth_test.go

@@ -382,21 +382,15 @@ func validateImportPolicyDut(t *testing.T, dut *ondatra.DUTDevice, td testData,
 		t.Fatalf("invalid import policy")
 	}
 	// Validating if OTG has learnt 3 prefixes with subnet 203.0.0.0/16 on which policy applied
-	receivedPrefixes := map[string]bool{}
-	var bgpPrefixes []*otgtelemetry.BgpPeer_UnicastIpv4Prefix
 	_, pok := gnmi.WatchAll(t, td.ate.OTG(), gnmi.OTG().BgpPeer(td.otgP2.Name()+".BGP4.peer").UnicastIpv4PrefixAny().State(), 2*time.Minute, func(v *ygnmi.Value[*otgtelemetry.BgpPeer_UnicastIpv4Prefix]) bool {
-		prefix, present := v.Val()
-		if !present {
-			return false
-		}
-		receivedPrefixes[prefix.GetAddress()] = true
-		bgpPrefixes = append(bgpPrefixes, prefix)
-		return len(receivedPrefixes) == 3
+		_, present := v.Val()
+		return present
 	}).Await(t)
 	if !pok {
-		t.Fatalf("Prefixes not installed on OTG port 2, got: %v", receivedPrefixes)
+		t.Fatalf("Prefixes not installed on OTG port 2")
 	}
 	found := 0
+	bgpPrefixes := gnmi.GetAll(t, td.ate.OTG(), gnmi.OTG().BgpPeer(td.otgP2.Name()+".BGP4.peer").UnicastIpv4PrefixAny().State())
 	for _, bgpPrefix := range bgpPrefixes {
 		_, ok := gnmi.Watch(t, td.ate.OTG(), gnmi.OTG().BgpPeer(td.otgP2.Name()+".BGP4.peer").UnicastIpv4Prefix(bgpPrefix.GetAddress(), bgpPrefix.GetPrefixLength(), bgpPrefix.GetOrigin(), bgpPrefix.GetPathId()).State(), 10*time.Second, func(v *ygnmi.Value[*otgtelemetry.BgpPeer_UnicastIpv4Prefix]) bool {
 			if !v.IsPresent() {

feature/container/failover/tests/supervisor_failover/README.md

@@ -0,0 +1,116 @@
+# CNTR-3: Container Supervisor Failover
+
+## Summary
+
+Verify that containers and volumes persist across a control processor switchover (failover).
+
+## Procedure
+
+* Build the test container as described below.
+* Pass the tarball of the container to the test as an argument.
+
+### Build Test Container
+
+The test container is available in the feature profile repository under
+`internal/cntrsrv`.
+
+Start by entering in that directory and running the following commands:
+
+```shell
+$ cd internal/cntrsrv
+$ go mod vendor
+$ CGO_ENABLED=0 go build .
+$ docker build -f build/Dockerfile.local -t cntrsrv_image:latest .
+```
+
+At this point you will have a container image build for the test container.
+
+```shell
+$ docker images
+REPOSITORY        TAG            IMAGE ID       CREATED         SIZE
+cntrsrv_image     latest         8d786a6eebc8   3 minutes ago   21.4MB
+```
+
+Now export the container to a tarball.
+
+```shell
+$ docker save -o /tmp/cntrsrv.tar cntrsrv_image:latest
+```
+
+This is the tarball that will be used during tests.
+
+## CNTR-3.1: Image Persistence
+
+1.  **Load Image**: Using `gnoi.Containerz.Deploy`, load a container image onto the device.
+2.  **Verify Load**: Verify the image exists on the device using `gnoi.Containerz.List`.
+3.  **Trigger Failover**: Identify the standby control processor using gNMI and trigger a switchover using `gnoi.System.SwitchControlProcessor`.
+4.  **Verify Persistence**: After the switchover, verify the loaded image is still available on the new primary control processor.
+
+## CNTR-3.2, CNTR-3.3, CNTR-3.4: Container and Volume Persistence
+
+1.  **Setup**:
+    *   Using `gnoi.Containerz.CreateVolume`, create a volume.
+    *   Using `gnoi.Containerz.Deploy`, load a container image.
+    *   Using `gnoi.Containerz.Start`, start a container that mounts the created volume.
+2.  **Verify Setup**: Verify the container is in a `RUNNING` state and the volume exists.
+3.  **Trigger Failover**: Identify the standby control processor using gNMI. Trigger a switchover using `gnoi.System.SwitchControlProcessor`.
+4.  **Verify Recovery**: After the switchover, verify that the container is still `RUNNING` and the volume still exists using `gnoi.Containerz`.
+
+## CNTR-3.5: Image Removal Persistence
+
+1.  **Load and Remove Image**: Load a container image, then remove it using `gnoi.Containerz.Deploy` with the `image_delete` option.
+2.  **Verify Removal**: Verify the image no longer exists on the device.
+3.  **Trigger Failover**: Trigger a control processor switchover.
+4.  **Verify Persistence of Removal**: After the switchover, verify the image does not exist on the new primary control processor.
+
+## CNTR-3.6: Container Removal Persistence
+
+1.  **Start and Remove Container**: Start a container, then remove it using `gnoi.Containerz.Remove`.
+2.  **Verify Removal**: Verify the container no longer exists.
+3.  **Trigger Failover**: Trigger a control processor switchover.
+4.  **Verify Persistence of Removal**: After the switchover, verify the container does not exist on the new primary control processor.
+
+## CNTR-3.7: Double Failover Image Persistence
+
+1.  **Load Image**: Load a container image onto the device.
+2.  **First Failover**: Trigger a control processor switchover to the standby.
+3.  **Verify Persistence**: After the first switchover, verify the image is still available on the new primary.
+4.  **Second Failover**: Trigger another control processor switchover, returning to the original primary.
+5.  **Verify Final Persistence**: After the second switchover, verify the image is still available.
+
+## CNTR-3.8: Container Persistence On Cold Reboot
+
+1.  **Setup**:
+    *   Using `gnoi.Containerz.CreateVolume`, create a volume.
+    *   Using `gnoi.Containerz.Deploy`, load a container image.
+    *   Using `gnoi.Containerz.Start`, start a container that mounts the created volume.
+2.  **Verify Setup**: Verify the container is in a `RUNNING` state and the volume exists.
+2.  **Cold Reboot**: Trigger a cold reboot using `gnoi.System.Reboot`.
+3.  **Verify Recovery**: After the cold reboot, verify that the container is still `RUNNING` and the volume still exists using `gnoi.Containerz`.
+
+
+## Canonical OC
+
+<!-- This test does not require any specific OpenConfig configuration, so this section is empty to satisfy the validator. -->
+```json
+{}
+```
+
+## OpenConfig Path and RPC Coverage
+
+The below yaml defines the RPCs intended to be covered by this test.
+
+```yaml
+rpcs:
+  gnoi:
+    containerz.Containerz.Deploy:
+    containerz.Containerz.StartContainer:
+    containerz.Containerz.ListContainer:
+    containerz.Containerz.CreateVolume:
+    containerz.Containerz.ListVolume:
+    system.System.SwitchControlProcessor:
+    system.System.Reboot:
+  gnmi:
+    gNMI.Get:
+    gNMI.Subscribe:
+```