class lnst.Recipes.ENRT.IpsecEspAeadRecipe.IpsecEspAeadRecipe(**kwargs)

Bases: CommonHWSubConfigMixin, BaremetalEnrtRecipe, PacketAssertTestAndEvaluate

This recipe implements Enrt testing for a simple IPsec scenario that looks as follows

     +------+ switch +-----+
     |      +--------+     |
  +--+-+                 +-+--+
+-|eth0|-+             +-|eth0|-+
| +----+ |             | +----+ |
| host1  |             | host2  |
+--------+             +--------+

The recipe provides additional recipe parameter to configure IPsec tunel.

param ipsec_mode:

mode of the ipsec tunnel

All sub configurations are included via Mixin classes.

The actual test machinery is implemented in the BaseEnrtRecipe class.


Test wide configuration for this recipe involves just adding an IPv4 and IPv6 address to the matched eth0 nics on both hosts and route between them.

host1.eth0 = and fc00::1/64

host2.eth0 = and fc00::2/64

generate_test_wide_description(config: EnrtConfiguration)

Test wide description is extended with the configured IP addresses, specified IPsec algorithm, key length and integrity check value length.


Test wide configuration is extended with subconfiguration containing IPsec tunnel with predefined parameters for both IP versions.


Subconfiguration containing IPsec tunnel is applied through XfrmTools class.


The ping endpoints for this recipe are the configured endpoints of the IPsec tunnel on both hosts.


Flow combinations are generated based on the tunnel endpoints and test parameters.


Ping test is utilizing PacketAssert class to search for the appropriate ESP IP packet. Result of ping test is handed to the super class’ method.

Returned as:

(ping_result, pa_config, pa_result)