param( [string]$ApiBaseUrl = "http://192.168.200.61:18121/api/v1", [string]$ClusterID = "cfc0743d-d960-49fb-9de8-96e063d5e4aa", [string]$ActorUserID = "f67d943f-5397-4b3a-a229-695fe67ad700", [string]$EntryNodeName = "test-1", [string]$ExitNodeName = "test-2", [string]$EntryBaseUrl = "http://192.168.200.61:19131", [string]$DockerSSH = "test-docker", [int]$SessionCount = 3, [int]$PreRebuildRounds = 12, [int]$PostRebuildRounds = 24, [int]$PacketsPerBatch = 8, [int]$BatchDelayMilliseconds = 25, [string]$RequiredNodeVersion = "0.2.183", [string]$ResultPath = "artifacts\c18z7-live-service-channel-concurrent-isolation-smoke-result.json" ) Set-StrictMode -Version Latest $ErrorActionPreference = "Stop" Add-Type -AssemblyName System.Net.Http $repoRoot = (Resolve-Path (Join-Path $PSScriptRoot "..\..")).ProviderPath $runId = "c18z7-" + (Get-Date -Format "yyyyMMdd-HHmmss") $resourceId = "vpn-$runId" function Invoke-Api { param( [string]$Method, [string]$Path, [object]$Body = $null ) $uri = "$ApiBaseUrl$Path" try { if ($null -eq $Body) { return Invoke-RestMethod -Method $Method -Uri $uri -TimeoutSec 30 } return Invoke-RestMethod -Method $Method -Uri $uri -ContentType "application/json" -Body ($Body | ConvertTo-Json -Depth 80) -TimeoutSec 30 } catch { $statusCode = $null if ($_.Exception.Response) { $statusCode = [int]$_.Exception.Response.StatusCode } $details = $_.ErrorDetails.Message if (-not $details) { $details = $_.Exception.Message } throw "$Method $Path failed with HTTP $statusCode`: $details" } } function Get-NodeByName { param([string]$Name) $nodes = (Invoke-Api -Method GET -Path "/clusters/$ClusterID/nodes?actor_user_id=$ActorUserID").nodes $node = @($nodes | Where-Object { $_.name -eq $Name }) | Select-Object -First 1 if ($null -eq $node) { throw "Node '$Name' was not found in cluster $ClusterID" } return $node } function Get-MeshPort { param([string]$Name) switch ($Name) { "test-1" { return 19131 } "test-2" { return 19132 } "test-3" { return 19133 } default { return 19131 } } } function Enable-TestMeshListener { param([object]$Node) $port = Get-MeshPort -Name $Node.name Invoke-Api -Method PUT -Path "/clusters/$ClusterID/nodes/$($Node.id)/workloads/fabric-listener/desired" -Body @{ actor_user_id = $ActorUserID desired_state = "enabled" runtime_mode = "container" version = "c18z7-live-fsc-concurrent-isolation" config = @{ listen_addr = "0.0.0.0:$port" listen_port_mode = "manual" advertise_endpoint = "http://192.168.200.61:$port" advertise_transport = "direct_http" connectivity_mode = "private_lan" nat_type = "none" region = "docker-test" production_forwarding = $true } environment = @{} } | Out-Null } function Clear-OldSmokeRouteIntents { param( [string]$SourceNodeID, [string]$DestinationNodeID ) $items = (Invoke-Api -Method GET -Path "/clusters/$ClusterID/mesh/route-intents?actor_user_id=$ActorUserID").route_intents foreach ($item in @($items)) { if ([string]$item.lifecycle_status -ne "active") { continue } if ([string]$item.service_class -ne "vpn_packets") { continue } if ([string]$item.source_selector.node_id -ne $SourceNodeID -or [string]$item.destination_selector.node_id -ne $DestinationNodeID) { continue } $smoke = "" if ($null -ne $item.policy -and $null -ne $item.policy.metadata) { $prop = $item.policy.metadata.PSObject.Properties["smoke"] if ($null -ne $prop) { $smoke = [string]$prop.Value } } if ($smoke -ne "c18z1_live_service_channel_ingress" -and $smoke -ne "c18z2_live_service_channel_soak" -and $smoke -ne "c18z3_live_service_channel_entry_ws_fallback" -and $smoke -ne "c18z4_live_service_channel_session_pressure" -and $smoke -ne "c18z5_live_service_channel_exit_restart" -and $smoke -ne "c18z6_live_service_channel_active_rebuild" -and $smoke -ne "c18z7_live_service_channel_concurrent_isolation") { continue } Invoke-Api -Method POST -Path "/clusters/$ClusterID/mesh/route-intents/$($item.id)/expire" -Body @{ actor_user_id = $ActorUserID } | Out-Null } } function New-RouteIntent { param( [string]$SourceNodeID, [string]$DestinationNodeID, [int]$Priority, [string]$Label ) $expiresAt = (Get-Date).ToUniversalTime().AddMinutes(10).ToString("o") return Invoke-Api -Method POST -Path "/clusters/$ClusterID/mesh/route-intents" -Body @{ actor_user_id = $ActorUserID source_selector = @{ node_id = $SourceNodeID } destination_selector = @{ node_id = $DestinationNodeID } service_class = "vpn_packets" priority = $Priority policy = @{ synthetic_enabled = $true route_version = "$runId-$Label" policy_version = "$runId-$Label" peer_directory_version = "$runId-$Label" hops = @($SourceNodeID, $DestinationNodeID) allowed_channels = @("vpn_packet", "fabric_control") max_ttl = 8 max_hops = 8 expires_at = $expiresAt metadata = @{ smoke = "c18z7_live_service_channel_concurrent_isolation" run_id = $runId label = $Label } } } } function Get-SyntheticConfig { param([string]$NodeID) return Invoke-Api -Method GET -Path "/clusters/$ClusterID/nodes/$NodeID/mesh/synthetic-config?actor_user_id=$ActorUserID" } function Get-LatestHeartbeat { param([string]$NodeID) return (Invoke-Api -Method GET -Path "/clusters/$ClusterID/nodes/$NodeID/heartbeats?actor_user_id=$ActorUserID&limit=1").heartbeats[0] } function Get-LatestRuntimeReport { param([string]$NodeID) $hb = Get-LatestHeartbeat -NodeID $NodeID return @{ heartbeat = $hb report = $hb.metadata.fabric_service_channel_runtime_report } } function Wait-ForRuntimeReady { param( [string]$NodeID, [int]$MinRoutes, [int]$TimeoutSeconds = 90 ) $deadline = (Get-Date).AddSeconds($TimeoutSeconds) do { $latest = Get-LatestRuntimeReport -NodeID $NodeID $report = $latest.report if ($null -ne $report -and $report.enabled -eq $true -and $report.production_payload_forwarding -eq $true -and [int]$report.route_candidate_total -ge $MinRoutes) { return $latest } Start-Sleep -Seconds 2 } while ((Get-Date) -lt $deadline) throw "Timed out waiting for production service-channel runtime ready on node $NodeID" } function Wait-ForRuntimeConfigVersion { param( [string]$NodeID, [string]$ConfigVersion, [int]$TimeoutSeconds = 90 ) $deadline = (Get-Date).AddSeconds($TimeoutSeconds) do { $latest = Get-LatestRuntimeReport -NodeID $NodeID if ($null -ne $latest.report) { $loadedVersion = [string]$latest.report.config_version if ($loadedVersion -ge $ConfigVersion) { return $latest } } Start-Sleep -Seconds 2 } while ((Get-Date) -lt $deadline) throw "Timed out waiting for node $NodeID to load synthetic config $ConfigVersion" } function Wait-ForRouteIntentVisible { param( [string]$NodeID, [string[]]$RouteIDs, [int]$TimeoutSeconds = 60 ) $deadline = (Get-Date).AddSeconds($TimeoutSeconds) do { $config = Get-SyntheticConfig -NodeID $NodeID $routes = @($config.synthetic_mesh_config.routes) $present = @($routes | Where-Object { $RouteIDs -contains $_.route_id }) if ($present.Count -ge $RouteIDs.Count) { return $config } Start-Sleep -Seconds 2 } while ((Get-Date) -lt $deadline) throw "Timed out waiting for routes '$($RouteIDs -join ",")' in synthetic config for node $NodeID" } function Wait-ForRouteIntentNotVisible { param( [string]$NodeID, [string]$RouteID, [int]$TimeoutSeconds = 90 ) $deadline = (Get-Date).AddSeconds($TimeoutSeconds) do { $config = Get-SyntheticConfig -NodeID $NodeID $routes = @($config.synthetic_mesh_config.routes) $present = @($routes | Where-Object { $_.route_id -eq $RouteID }) if ($present.Count -eq 0) { return $config } Start-Sleep -Seconds 2 } while ((Get-Date) -lt $deadline) throw "Timed out waiting for route '$RouteID' to disappear from synthetic config for node $NodeID" } function New-ServiceChannelLease { param( [string]$EntryNodeID, [string]$ExitNodeID, [string]$VPNResourceID = $resourceId ) return (Invoke-Api -Method POST -Path "/clusters/$ClusterID/fabric/service-channels/leases" -Body @{ actor_user_id = $ActorUserID organization_id = "org-c18z7-smoke" user_id = $ActorUserID resource_id = $VPNResourceID service_class = "vpn_packets" entry_node_ids = @($EntryNodeID) exit_node_ids = @($ExitNodeID) preferred_entry_node_id = $EntryNodeID preferred_exit_node_id = $ExitNodeID allowed_channels = @("vpn_packet", "bulk", "control") ttl_seconds = 300 metadata = @{ smoke = "c18z7_live_service_channel_concurrent_isolation" run_id = $runId } }).fabric_service_channel_lease } function ConvertTo-Base64UrlJson { param([object]$Value) $json = $Value | ConvertTo-Json -Depth 80 -Compress $bytes = [System.Text.Encoding]::UTF8.GetBytes($json) return [Convert]::ToBase64String($bytes).TrimEnd("=").Replace("+", "-").Replace("/", "_") } function Get-ObjectPropertyValue { param( [object]$Object, [string]$Name ) if ($null -eq $Object) { return $null } $prop = $Object.PSObject.Properties[$Name] if ($null -eq $prop) { return $null } return $prop.Value } function New-TestIPv4UDPPacket { param([int]$SourcePort) $payload = [System.Text.Encoding]::ASCII.GetBytes("c18z1-$SourcePort") $totalLength = 20 + 8 + $payload.Length $packet = New-Object byte[] $totalLength $packet[0] = 0x45 $packet[1] = 0 $packet[2] = [byte](($totalLength -shr 8) -band 0xff) $packet[3] = [byte]($totalLength -band 0xff) $packet[8] = 64 $packet[9] = 17 $packet[12] = 10; $packet[13] = 18; $packet[14] = 1; $packet[15] = 10 $packet[16] = 10; $packet[17] = 18; $packet[18] = 2; $packet[19] = 20 $udpOffset = 20 $destPort = 3389 $udpLength = 8 + $payload.Length $packet[$udpOffset] = [byte](($SourcePort -shr 8) -band 0xff) $packet[$udpOffset + 1] = [byte]($SourcePort -band 0xff) $packet[$udpOffset + 2] = [byte](($destPort -shr 8) -band 0xff) $packet[$udpOffset + 3] = [byte]($destPort -band 0xff) $packet[$udpOffset + 4] = [byte](($udpLength -shr 8) -band 0xff) $packet[$udpOffset + 5] = [byte]($udpLength -band 0xff) [Array]::Copy($payload, 0, $packet, 28, $payload.Length) return $packet } function New-PacketBatchBody { param([byte[][]]$Packets) $stream = [System.IO.MemoryStream]::new() foreach ($packet in $Packets) { $length = $packet.Length $stream.WriteByte([byte](($length -shr 24) -band 0xff)) $stream.WriteByte([byte](($length -shr 16) -band 0xff)) $stream.WriteByte([byte](($length -shr 8) -band 0xff)) $stream.WriteByte([byte]($length -band 0xff)) $stream.Write($packet, 0, $packet.Length) } return $stream.ToArray() } function Invoke-ServiceChannelPost { param( [object]$Lease, [int]$PortStart, [string]$VPNResourceID = $resourceId ) $packets = @() for ($i = 0; $i -lt 8; $i++) { $packets += ,(New-TestIPv4UDPPacket -SourcePort ($PortStart + $i)) } $path = $Lease.entry_http.path_template. Replace("{cluster_id}", $ClusterID). Replace("{channel_id}", $Lease.channel_id). Replace("{resource_id}", $VPNResourceID) $url = "$EntryBaseUrl$path`?batch=true" $headers = @{ "X-RAP-Service-Channel-Token" = $Lease.token.token "X-RAP-Fabric-Channel-ID" = $Lease.channel_id "X-RAP-Service-Class" = "vpn_packets" "X-RAP-Channel-Class" = "vpn_packet" "X-RAP-Service-Channel-Authority-Payload" = ConvertTo-Base64UrlJson -Value $Lease.authority_payload "X-RAP-Service-Channel-Authority-Signature" = ConvertTo-Base64UrlJson -Value $Lease.authority_signature } $body = New-PacketBatchBody -Packets $packets $client = [System.Net.Http.HttpClient]::new() try { $client.Timeout = [TimeSpan]::FromSeconds(30) $request = [System.Net.Http.HttpRequestMessage]::new([System.Net.Http.HttpMethod]::Post, $url) foreach ($header in $headers.GetEnumerator()) { [void]$request.Headers.TryAddWithoutValidation($header.Key, [string]$header.Value) } $content = [System.Net.Http.ByteArrayContent]::new($body) $content.Headers.ContentType = [System.Net.Http.Headers.MediaTypeHeaderValue]::Parse("application/vnd.rap.vpn-packet-batch.v1") $request.Content = $content $response = $client.SendAsync($request).GetAwaiter().GetResult() $responseBody = $response.Content.ReadAsStringAsync().GetAwaiter().GetResult() if (-not $response.IsSuccessStatusCode) { throw "Service-channel POST $url failed with HTTP $([int]$response.StatusCode): $responseBody" } return [pscustomobject]@{ StatusCode = [int]$response.StatusCode Body = $responseBody } } finally { $client.Dispose() } } function Get-IngressSendPackets { param([string]$NodeID) $latest = Get-LatestRuntimeReport -NodeID $NodeID $ingress = $latest.report.ingress $sendPackets = Get-ObjectPropertyValue -Object $ingress -Name "send_packets" if ($null -eq $sendPackets) { return 0 } return [int]$sendPackets } function Get-IngressRouteFailures { param([string]$NodeID) $latest = Get-LatestRuntimeReport -NodeID $NodeID $ingress = $latest.report.ingress $failures = Get-ObjectPropertyValue -Object $ingress -Name "send_route_failures" if ($null -eq $failures) { return 0 } return [int]$failures } function Get-IngressFlowDropped { param([string]$NodeID) $latest = Get-LatestRuntimeReport -NodeID $NodeID $ingress = $latest.report.ingress if ($null -eq $ingress) { return 0 } $flowScheduler = Get-ObjectPropertyValue -Object $ingress -Name "flow_scheduler" if ($null -eq $flowScheduler) { return 0 } $dropped = Get-ObjectPropertyValue -Object $flowScheduler -Name "dropped" if ($null -eq $dropped) { return 0 } return [int]$dropped } function Get-ExitQueueDepth { param( [string]$NodeID, [string]$VPNConnectionID ) $latest = Get-LatestRuntimeReport -NodeID $NodeID $queueKey = "$VPNConnectionID`:client_to_gateway" $depths = $latest.report.inbox.queue_depths if ($null -eq $depths) { return 0 } $prop = $depths.PSObject.Properties[$queueKey] if ($null -eq $prop) { return 0 } return [int]$prop.Value } function Wait-ForExitQueueDepth { param( [string]$NodeID, [string]$VPNConnectionID, [int]$MinDepth, [int]$TimeoutSeconds = 90 ) $deadline = (Get-Date).AddSeconds($TimeoutSeconds) do { $depth = Get-ExitQueueDepth -NodeID $NodeID -VPNConnectionID $VPNConnectionID if ($depth -ge $MinDepth) { return $depth } Start-Sleep -Seconds 2 } while ((Get-Date) -lt $deadline) throw "Timed out waiting for exit queue depth >= $MinDepth on node $NodeID" } function Invoke-ServiceChannelPostSafe { param( [object]$Lease, [int]$PortStart, [string]$VPNResourceID = $resourceId ) try { $response = Invoke-ServiceChannelPost -Lease $Lease -PortStart $PortStart -VPNResourceID $VPNResourceID return [pscustomobject]@{ ok = $true status_code = [int]$response.StatusCode error = "" } } catch { return [pscustomobject]@{ ok = $false status_code = 0 error = $_.Exception.Message } } } function ConvertTo-WebSocketURL { param([string]$URL) if ($URL.StartsWith("https://")) { return "wss://" + $URL.Substring("https://".Length) } if ($URL.StartsWith("http://")) { return "ws://" + $URL.Substring("http://".Length) } return $URL } function Invoke-ServiceChannelWebSocketSend { param( [object]$Lease, [int]$PortStart, [string]$VPNResourceID = $resourceId ) $packets = @() for ($i = 0; $i -lt 8; $i++) { $packets += ,(New-TestIPv4UDPPacket -SourcePort ($PortStart + $i)) } $path = $Lease.entry_http.websocket_path_template. Replace("{cluster_id}", $ClusterID). Replace("{channel_id}", $Lease.channel_id). Replace("{resource_id}", $VPNResourceID) $url = ConvertTo-WebSocketURL -URL "$EntryBaseUrl$path" $socket = [System.Net.WebSockets.ClientWebSocket]::new() $cts = [System.Threading.CancellationTokenSource]::new([TimeSpan]::FromSeconds(20)) try { $null = $socket.Options.SetRequestHeader("X-RAP-Service-Channel-Token", [string]$Lease.token.token) $null = $socket.Options.SetRequestHeader("X-RAP-Fabric-Channel-ID", [string]$Lease.channel_id) $null = $socket.Options.SetRequestHeader("X-RAP-Service-Class", "vpn_packets") $null = $socket.Options.SetRequestHeader("X-RAP-Channel-Class", "vpn_packet") $null = $socket.Options.SetRequestHeader("X-RAP-Service-Channel-Authority-Payload", (ConvertTo-Base64UrlJson -Value $Lease.authority_payload)) $null = $socket.Options.SetRequestHeader("X-RAP-Service-Channel-Authority-Signature", (ConvertTo-Base64UrlJson -Value $Lease.authority_signature)) $null = $socket.ConnectAsync([Uri]$url, $cts.Token).GetAwaiter().GetResult() $body = New-PacketBatchBody -Packets $packets $segment = [ArraySegment[byte]]::new($body) $null = $socket.SendAsync($segment, [System.Net.WebSockets.WebSocketMessageType]::Binary, $true, $cts.Token).GetAwaiter().GetResult() Start-Sleep -Milliseconds 300 if ($socket.State -eq [System.Net.WebSockets.WebSocketState]::Open) { $null = $socket.CloseOutputAsync([System.Net.WebSockets.WebSocketCloseStatus]::NormalClosure, "c18z7 sent", $cts.Token).GetAwaiter().GetResult() } return [pscustomobject]@{ ok = $true url = $url sent_packets = $packets.Count state = [string]$socket.State error = "" } } catch { return [pscustomobject]@{ ok = $false url = $url sent_packets = 0 state = [string]$socket.State error = $_.Exception.Message } } finally { $socket.Dispose() $cts.Dispose() } } function Invoke-ServiceChannelWebSocketPressure { param( [object]$Lease, [int]$PortStart, [int]$PreSwitchBatches, [int]$PostSwitchBatches, [int]$PacketsInBatch, [int]$DelayMilliseconds, [scriptblock]$AfterPreSwitchAction, [string]$VPNResourceID = $resourceId ) $path = $Lease.entry_http.websocket_path_template. Replace("{cluster_id}", $ClusterID). Replace("{channel_id}", $Lease.channel_id). Replace("{resource_id}", $VPNResourceID) $url = ConvertTo-WebSocketURL -URL "$EntryBaseUrl$path" $socket = [System.Net.WebSockets.ClientWebSocket]::new() $cts = [System.Threading.CancellationTokenSource]::new([TimeSpan]::FromSeconds(120)) $sentBatches = 0 $sentPackets = 0 $switchActionRan = $false try { $null = $socket.Options.SetRequestHeader("X-RAP-Service-Channel-Token", [string]$Lease.token.token) $null = $socket.Options.SetRequestHeader("X-RAP-Fabric-Channel-ID", [string]$Lease.channel_id) $null = $socket.Options.SetRequestHeader("X-RAP-Service-Class", "vpn_packets") $null = $socket.Options.SetRequestHeader("X-RAP-Channel-Class", "vpn_packet") $null = $socket.Options.SetRequestHeader("X-RAP-Service-Channel-Authority-Payload", (ConvertTo-Base64UrlJson -Value $Lease.authority_payload)) $null = $socket.Options.SetRequestHeader("X-RAP-Service-Channel-Authority-Signature", (ConvertTo-Base64UrlJson -Value $Lease.authority_signature)) $null = $socket.ConnectAsync([Uri]$url, $cts.Token).GetAwaiter().GetResult() $totalBatches = $PreSwitchBatches + $PostSwitchBatches for ($batch = 0; $batch -lt $totalBatches; $batch++) { if ($batch -eq $PreSwitchBatches -and $null -ne $AfterPreSwitchAction) { & $AfterPreSwitchAction $switchActionRan = $true } $packets = @() for ($i = 0; $i -lt $PacketsInBatch; $i++) { $packets += ,(New-TestIPv4UDPPacket -SourcePort ($PortStart + ($batch * 100) + $i)) } $body = New-PacketBatchBody -Packets $packets $segment = [ArraySegment[byte]]::new($body) $null = $socket.SendAsync($segment, [System.Net.WebSockets.WebSocketMessageType]::Binary, $true, $cts.Token).GetAwaiter().GetResult() $sentBatches++ $sentPackets += $packets.Count if ($DelayMilliseconds -gt 0) { Start-Sleep -Milliseconds $DelayMilliseconds } } Start-Sleep -Milliseconds 500 if ($socket.State -eq [System.Net.WebSockets.WebSocketState]::Open) { $null = $socket.CloseOutputAsync([System.Net.WebSockets.WebSocketCloseStatus]::NormalClosure, "c18z7 sent", $cts.Token).GetAwaiter().GetResult() } return [pscustomobject]@{ ok = $true url = $url sent_batches = $sentBatches sent_packets = $sentPackets switch_action_ran = $switchActionRan state = [string]$socket.State error = "" } } catch { return [pscustomobject]@{ ok = $false url = $url sent_batches = $sentBatches sent_packets = $sentPackets switch_action_ran = $switchActionRan state = [string]$socket.State error = $_.Exception.Message } } finally { $socket.Dispose() $cts.Dispose() } } function Open-ServiceChannelWebSocket { param( [object]$Lease, [string]$VPNResourceID ) $path = $Lease.entry_http.websocket_path_template. Replace("{cluster_id}", $ClusterID). Replace("{channel_id}", $Lease.channel_id). Replace("{resource_id}", $VPNResourceID) $url = ConvertTo-WebSocketURL -URL "$EntryBaseUrl$path" $socket = [System.Net.WebSockets.ClientWebSocket]::new() $cts = [System.Threading.CancellationTokenSource]::new([TimeSpan]::FromSeconds(180)) $null = $socket.Options.SetRequestHeader("X-RAP-Service-Channel-Token", [string]$Lease.token.token) $null = $socket.Options.SetRequestHeader("X-RAP-Fabric-Channel-ID", [string]$Lease.channel_id) $null = $socket.Options.SetRequestHeader("X-RAP-Service-Class", "vpn_packets") $null = $socket.Options.SetRequestHeader("X-RAP-Channel-Class", "vpn_packet") $null = $socket.Options.SetRequestHeader("X-RAP-Service-Channel-Authority-Payload", (ConvertTo-Base64UrlJson -Value $Lease.authority_payload)) $null = $socket.Options.SetRequestHeader("X-RAP-Service-Channel-Authority-Signature", (ConvertTo-Base64UrlJson -Value $Lease.authority_signature)) $null = $socket.ConnectAsync([Uri]$url, $cts.Token).GetAwaiter().GetResult() return [pscustomobject]@{ lease = $Lease resource_id = $VPNResourceID socket = $socket cts = $cts url = $url sent_batches = 0 sent_packets = 0 error = "" } } function Send-ServiceChannelWebSocketBatch { param( [object]$Session, [int]$PortStart, [int]$PacketsInBatch ) $packets = @() for ($i = 0; $i -lt $PacketsInBatch; $i++) { $packets += ,(New-TestIPv4UDPPacket -SourcePort ($PortStart + $i)) } $body = New-PacketBatchBody -Packets $packets $segment = [ArraySegment[byte]]::new($body) $null = $Session.socket.SendAsync($segment, [System.Net.WebSockets.WebSocketMessageType]::Binary, $true, $Session.cts.Token).GetAwaiter().GetResult() $Session.sent_batches = [int]$Session.sent_batches + 1 $Session.sent_packets = [int]$Session.sent_packets + $packets.Count } function Close-ServiceChannelWebSocket { param([object]$Session) if ($null -eq $Session) { return } try { if ($null -ne $Session.socket -and $Session.socket.State -eq [System.Net.WebSockets.WebSocketState]::Open) { $null = $Session.socket.CloseOutputAsync([System.Net.WebSockets.WebSocketCloseStatus]::NormalClosure, "c18z7 sent", $Session.cts.Token).GetAwaiter().GetResult() } } catch {} try { if ($null -ne $Session.socket) { $Session.socket.Dispose() } } catch {} try { if ($null -ne $Session.cts) { $Session.cts.Dispose() } } catch {} } function Send-BatchSeries { param( [object]$Lease, [int]$Count, [int]$PortBase, [int]$DelayMilliseconds = 100, [string]$VPNResourceID = $resourceId ) $results = @() for ($i = 0; $i -lt $Count; $i++) { $results += Invoke-ServiceChannelPostSafe -Lease $Lease -PortStart ($PortBase + ($i * 100)) -VPNResourceID $VPNResourceID if ($DelayMilliseconds -gt 0) { Start-Sleep -Milliseconds $DelayMilliseconds } } return $results } function Invoke-RemoteDocker { param([string]$Command) & ssh $DockerSSH $Command if ($LASTEXITCODE -ne 0) { throw "ssh $DockerSSH command failed: $Command" } } function Stop-TestUpdaters { Invoke-RemoteDocker -Command "docker stop rap_host_agent_updater_test-1 rap_host_agent_updater_test-2 rap_host_agent_updater_test-3 >/dev/null 2>&1 || true" } function Start-TestUpdaters { Invoke-RemoteDocker -Command "docker start rap_host_agent_updater_test-1 rap_host_agent_updater_test-2 rap_host_agent_updater_test-3 >/dev/null 2>&1 || true" } function Restart-ExitContainer { param([string]$Name) $containerName = "rap_test_node_" + $Name.Replace("-", "_") Invoke-RemoteDocker -Command "docker restart $containerName >/dev/null" } function Restart-NodeContainer { param([string]$Name) $containerName = "rap_test_node_" + $Name.Replace("-", "_") Invoke-RemoteDocker -Command "docker restart $containerName >/dev/null" } function Get-BackendClientGatewayDepth { param([string]$VPNConnectionID) $stats = (Invoke-Api -Method GET -Path "/clusters/$ClusterID/vpn-connections/$VPNConnectionID/tunnel/stats").vpn_packet_stats $queue = $stats.client_to_gateway if ($null -eq $queue) { return 0 } $depthProp = $queue.PSObject.Properties["queue_depth"] if ($null -eq $depthProp) { return 0 } return [int]$depthProp.Value } function Wait-ForIngressRoute { param( [string]$NodeID, [string]$RouteID, [int]$MinSendPackets, [int]$TimeoutSeconds = 45 ) $deadline = (Get-Date).AddSeconds($TimeoutSeconds) do { $latest = Get-LatestRuntimeReport -NodeID $NodeID $ingress = $latest.report.ingress $sendPackets = Get-ObjectPropertyValue -Object $ingress -Name "send_packets" $selectedRoute = Get-ObjectPropertyValue -Object $ingress -Name "last_selected_route_id" if ($null -ne $ingress -and [int]$sendPackets -ge $MinSendPackets -and [string]$selectedRoute -eq $RouteID) { return $latest } Start-Sleep -Seconds 2 } while ((Get-Date) -lt $deadline) throw "Timed out waiting for ingress telemetry route=$RouteID packets>=$MinSendPackets on node $NodeID" } function Wait-ForIngressAnyRoute { param( [string]$NodeID, [string[]]$RouteIDs, [int]$MinSendPackets, [int]$TimeoutSeconds = 45 ) $deadline = (Get-Date).AddSeconds($TimeoutSeconds) do { $latest = Get-LatestRuntimeReport -NodeID $NodeID $ingress = $latest.report.ingress $sendPackets = Get-ObjectPropertyValue -Object $ingress -Name "send_packets" $selectedRoute = Get-ObjectPropertyValue -Object $ingress -Name "last_selected_route_id" if ($null -ne $ingress -and [int]$sendPackets -ge $MinSendPackets -and $RouteIDs -contains [string]$selectedRoute) { return $latest } Start-Sleep -Seconds 2 } while ((Get-Date) -lt $deadline) throw "Timed out waiting for ingress telemetry routes='$($RouteIDs -join ",")' packets>=$MinSendPackets on node $NodeID" } function Wait-ForExitInbox { param( [string]$NodeID, [string]$VPNConnectionID, [int]$TimeoutSeconds = 45 ) $queueKey = "$VPNConnectionID`:client_to_gateway" $deadline = (Get-Date).AddSeconds($TimeoutSeconds) do { $latest = Get-LatestRuntimeReport -NodeID $NodeID $depths = $latest.report.inbox.queue_depths if ($null -ne $depths) { $prop = $depths.PSObject.Properties[$queueKey] if ($null -ne $prop -and [int]$prop.Value -gt 0) { return $latest } } Start-Sleep -Seconds 2 } while ((Get-Date) -lt $deadline) throw "Timed out waiting for exit inbox queue '$queueKey' on node $NodeID" } function Send-FeedbackHeartbeat { param( [string]$EntryNodeID, [string]$BadRouteID, [string]$GoodRouteID ) return Invoke-Api -Method POST -Path "/clusters/$ClusterID/nodes/$EntryNodeID/heartbeats" -Body @{ health_status = "healthy" reported_version = $RequiredNodeVersion capabilities = @{ native_node_agent = $true fabric_service_channel_runtime = $true fabric_service_channel_route_manager = $true smoke_feedback_injection = "c18z7" } service_states = @{ smoke = "c18z7_concurrent_isolation_feedback" } metadata = @{ fabric_service_channel_runtime_report = @{ schema_version = "c18l.fabric_service_channel_runtime_report.v1" ingress = @{ flow_scheduler = @{ channel_stats = @{ "c18z7-concurrent-isolation-flow" = @{ last_route_id = $GoodRouteID last_failed_route_id = $BadRouteID last_error = "c18z7 forced stale route during concurrent active service-channel websockets" consecutive_failures = 3 stall_count = 1 last_send_duration_ms = 250 route_rebuild_recommended = $true degraded_fallback_recommended = $false } } } } } smoke = @{ name = "c18z7_live_service_channel_concurrent_isolation" run_id = $runId } } } } function Wait-ForConfigDecision { param( [string]$NodeID, [string]$BadRouteID, [string]$ExpectedReplacementID, [int]$TimeoutSeconds = 60 ) $deadline = (Get-Date).AddSeconds($TimeoutSeconds) do { $config = Get-SyntheticConfig -NodeID $NodeID $decisions = @($config.synthetic_mesh_config.route_path_decisions.decisions) $decision = @($decisions | Where-Object { $_.route_id -eq $BadRouteID -and $_.rebuild_status -eq "applied" -and $_.replacement_route_id -eq $ExpectedReplacementID }) | Select-Object -First 1 if ($null -ne $decision) { return @{ config = $config decision = $decision } } Start-Sleep -Seconds 2 } while ((Get-Date) -lt $deadline) throw "Timed out waiting for applied rebuild decision $BadRouteID -> $ExpectedReplacementID" } function Wait-ForAppliedRebuildTransition { param( [string]$NodeID, [string]$BadRouteID = "", [string]$ReplacementRouteID = "", [int]$TimeoutSeconds = 90 ) $deadline = (Get-Date).AddSeconds($TimeoutSeconds) do { $latest = Get-LatestRuntimeReport -NodeID $NodeID $transition = $null if ($null -ne $latest.report -and $null -ne $latest.report.ingress) { $prop = $latest.report.ingress.PSObject.Properties["route_manager_transition"] if ($null -ne $prop) { $transition = $prop.Value } } if ($null -ne $transition -and [string]$transition.status -eq "applied_rebuild") { return $latest } if ($BadRouteID -ne "" -and $ReplacementRouteID -ne "") { Send-FeedbackHeartbeat -EntryNodeID $NodeID -BadRouteID $BadRouteID -GoodRouteID $ReplacementRouteID | Out-Null } Start-Sleep -Seconds 2 } while ((Get-Date) -lt $deadline) throw "Timed out waiting for node route-manager transition applied_rebuild on node $NodeID" } $entryNode = Get-NodeByName -Name $EntryNodeName $exitNode = Get-NodeByName -Name $ExitNodeName $primaryRouteID = "" $alternateRouteID = "" $appliedDecision = $null $appliedTransition = $null $updatersStopped = $false $sessions = @() $result = $null try { Stop-TestUpdaters $updatersStopped = $true Enable-TestMeshListener -Node $entryNode Enable-TestMeshListener -Node $exitNode Clear-OldSmokeRouteIntents -SourceNodeID $entryNode.id -DestinationNodeID $exitNode.id $primaryIntent = New-RouteIntent -SourceNodeID $entryNode.id -DestinationNodeID $exitNode.id -Priority 2000000000 -Label "primary" $alternateIntent = New-RouteIntent -SourceNodeID $entryNode.id -DestinationNodeID $exitNode.id -Priority 1999999999 -Label "alternate" $primaryRouteID = $primaryIntent.route_intent.id $alternateRouteID = $alternateIntent.route_intent.id $routeIDs = @($primaryRouteID, $alternateRouteID) $visibleConfig = Wait-ForRouteIntentVisible -NodeID $entryNode.id -RouteIDs $routeIDs $exitVisibleConfig = Wait-ForRouteIntentVisible -NodeID $exitNode.id -RouteIDs $routeIDs $readyBefore = Wait-ForRuntimeReady -NodeID $entryNode.id -MinRoutes 2 $exitReadyBefore = Wait-ForRuntimeReady -NodeID $exitNode.id -MinRoutes 0 $loadedConfig = Wait-ForRuntimeConfigVersion -NodeID $entryNode.id -ConfigVersion $visibleConfig.synthetic_mesh_config.config_version $exitLoadedConfig = Wait-ForRuntimeConfigVersion -NodeID $exitNode.id -ConfigVersion $exitVisibleConfig.synthetic_mesh_config.config_version $baselineSendPackets = Get-IngressSendPackets -NodeID $entryNode.id $baselineRouteFailures = Get-IngressRouteFailures -NodeID $entryNode.id $baselineDropped = Get-IngressFlowDropped -NodeID $entryNode.id $sessionSpecs = @() for ($index = 0; $index -lt $SessionCount; $index++) { $sessionResourceID = "$resourceId-s$($index + 1)" $lease = New-ServiceChannelLease -EntryNodeID $entryNode.id -ExitNodeID $exitNode.id -VPNResourceID $sessionResourceID if ($lease.status -ne "ready") { throw "Lease status for session $($index + 1) was '$($lease.status)', want ready" } $sessionSpecs += [pscustomobject]@{ index = $index + 1 resource_id = $sessionResourceID lease = $lease baseline_exit_depth = Get-ExitQueueDepth -NodeID $exitNode.id -VPNConnectionID $sessionResourceID baseline_backend_depth = Get-BackendClientGatewayDepth -VPNConnectionID $sessionResourceID } } foreach ($spec in $sessionSpecs) { $session = Open-ServiceChannelWebSocket -Lease $spec.lease -VPNResourceID $spec.resource_id $session | Add-Member -NotePropertyName index -NotePropertyValue $spec.index $sessions += $session } $round = 0 for ($i = 0; $i -lt $PreRebuildRounds; $i++) { foreach ($session in $sessions) { Send-ServiceChannelWebSocketBatch -Session $session -PortStart (20000 + ($round * 100) + ([int]$session.index * 10)) -PacketsInBatch $PacketsPerBatch } $round++ if ($BatchDelayMilliseconds -gt 0) { Start-Sleep -Milliseconds $BatchDelayMilliseconds } } Send-FeedbackHeartbeat -EntryNodeID $entryNode.id -BadRouteID $primaryRouteID -GoodRouteID $alternateRouteID | Out-Null $appliedDecision = Wait-ForConfigDecision -NodeID $entryNode.id -BadRouteID $primaryRouteID -ExpectedReplacementID $alternateRouteID -TimeoutSeconds 90 $appliedTransition = Wait-ForAppliedRebuildTransition -NodeID $entryNode.id -BadRouteID $primaryRouteID -ReplacementRouteID $alternateRouteID -TimeoutSeconds 120 for ($i = 0; $i -lt $PostRebuildRounds; $i++) { foreach ($session in $sessions) { Send-ServiceChannelWebSocketBatch -Session $session -PortStart (20000 + ($round * 100) + ([int]$session.index * 10)) -PacketsInBatch $PacketsPerBatch } $round++ if ($BatchDelayMilliseconds -gt 0) { Start-Sleep -Milliseconds $BatchDelayMilliseconds } } Start-Sleep -Milliseconds 500 foreach ($session in $sessions) { Close-ServiceChannelWebSocket -Session $session } $expectedPacketsPerSession = ($PreRebuildRounds + $PostRebuildRounds) * $PacketsPerBatch $expectedTotalPackets = $expectedPacketsPerSession * $SessionCount $postRebuildLoadedConfig = Wait-ForRuntimeConfigVersion -NodeID $entryNode.id -ConfigVersion $appliedDecision.config.synthetic_mesh_config.config_version -TimeoutSeconds 120 $postRebuildIngress = Wait-ForIngressRoute -NodeID $entryNode.id -RouteID $alternateRouteID -MinSendPackets ($baselineSendPackets + $expectedTotalPackets) -TimeoutSeconds 120 $sessionResults = @() foreach ($i in 0..($sessionSpecs.Count - 1)) { $spec = $sessionSpecs[$i] $session = $sessions[$i] $exitDepth = Wait-ForExitQueueDepth -NodeID $exitNode.id -VPNConnectionID $spec.resource_id -MinDepth ([int]$spec.baseline_exit_depth + $expectedPacketsPerSession) -TimeoutSeconds 120 $backendDepth = Get-BackendClientGatewayDepth -VPNConnectionID $spec.resource_id $sessionResults += [pscustomobject]@{ index = $spec.index resource_id = $spec.resource_id channel_id = $spec.lease.channel_id sent_batches = $session.sent_batches sent_packets = $session.sent_packets expected_packets = $expectedPacketsPerSession baseline_exit_depth = $spec.baseline_exit_depth exit_depth = $exitDepth baseline_backend_depth = $spec.baseline_backend_depth backend_depth = $backendDepth backend_delta = ([int]$backendDepth - [int]$spec.baseline_backend_depth) final_state = [string]$session.socket.State } } $finalEntryRuntime = Get-LatestRuntimeReport -NodeID $entryNode.id $finalExitRuntime = Get-LatestRuntimeReport -NodeID $exitNode.id $finalRouteFailures = Get-IngressRouteFailures -NodeID $entryNode.id $finalDropped = Get-IngressFlowDropped -NodeID $entryNode.id $feedbackExpire = Invoke-Api -Method POST -Path "/clusters/$ClusterID/fabric/service-channels/route-feedback/expire" -Body @{ actor_user_id = $ActorUserID reporter_node_id = $entryNode.id route_id = $primaryRouteID service_class = "vpn_packets" reason = "c18z7 concurrent isolation smoke cleanup" } Start-Sleep -Seconds 2 $expiredAlternate = Invoke-Api -Method POST -Path "/clusters/$ClusterID/mesh/route-intents/$alternateRouteID/expire" -Body @{ actor_user_id = $ActorUserID } $expiredPrimary = Invoke-Api -Method POST -Path "/clusters/$ClusterID/mesh/route-intents/$primaryRouteID/expire" -Body @{ actor_user_id = $ActorUserID } $routeFailureDelta = $finalRouteFailures - $baselineRouteFailures $droppedDelta = $finalDropped - $baselineDropped $feedbackExpireStatus = Get-ObjectPropertyValue -Object (Get-ObjectPropertyValue -Object $feedbackExpire -Name "route_feedback_expire") -Name "status" if ($null -eq $feedbackExpireStatus) { $feedbackExpireStatus = "ok" } $result = [ordered]@{ schema_version = "c18z7.live_service_channel_concurrent_isolation_smoke.v1" run_id = $runId base_url = $ApiBaseUrl entry_base_url = $EntryBaseUrl cluster_id = $ClusterID entry_node = @{ name = $entryNode.name; id = $entryNode.id } exit_node = @{ name = $exitNode.name; id = $exitNode.id } resource_id_prefix = $resourceId route_intents = @{ primary_route_intent_id = $primaryRouteID alternate_route_intent_id = $alternateRouteID expired_primary_status = $expiredPrimary.route_intent.lifecycle_status expired_alternate_status = $expiredAlternate.route_intent.lifecycle_status } websocket_pressure = @{ session_count = $SessionCount requested_rounds = ($PreRebuildRounds + $PostRebuildRounds) pre_rebuild_rounds = $PreRebuildRounds post_rebuild_rounds = $PostRebuildRounds packets_per_batch = $PacketsPerBatch expected_packets_per_session = $expectedPacketsPerSession expected_total_packets = $expectedTotalPackets sent_total_batches = (@($sessionResults | Measure-Object -Property sent_batches -Sum).Sum) sent_total_packets = (@($sessionResults | Measure-Object -Property sent_packets -Sum).Sum) } rebuild = @{ feedback_expire_status = $feedbackExpireStatus applied_rebuild_status = $appliedDecision.decision.rebuild_status replacement_route_id = $appliedDecision.decision.replacement_route_id transition_status = $appliedTransition.report.ingress.route_manager_transition.status } route_failures = @{ baseline = $baselineRouteFailures final = $finalRouteFailures delta = $routeFailureDelta } flow_drops = @{ baseline = $baselineDropped final = $finalDropped delta = $droppedDelta } exit_queue = @{ total_depth = (@($sessionResults | Measure-Object -Property exit_depth -Sum).Sum) } degraded_route_queue = @{ total_delta = (@($sessionResults | Measure-Object -Property backend_delta -Sum).Sum) } sessions = $sessionResults passed = $true checks = [ordered]@{ production_forwarding_ready = ($readyBefore.report.production_payload_forwarding -eq $true) exit_production_forwarding_ready = ($exitReadyBefore.report.production_payload_forwarding -eq $true) route_intents_visible_before_pressure = (@($visibleConfig.synthetic_mesh_config.routes | Where-Object { $routeIDs -contains $_.route_id }).Count -ge 2) exit_route_intents_visible_before_pressure = (@($exitVisibleConfig.synthetic_mesh_config.routes | Where-Object { $routeIDs -contains $_.route_id }).Count -ge 2) entry_runtime_loaded_visible_config = ([string]$loadedConfig.report.config_version -ge [string]$visibleConfig.synthetic_mesh_config.config_version) exit_runtime_loaded_visible_config = ([string]$exitLoadedConfig.report.config_version -ge [string]$exitVisibleConfig.synthetic_mesh_config.config_version) signed_leases_ready = (@($sessionSpecs | Where-Object { $_.lease.status -eq "ready" }).Count -eq $SessionCount) all_sessions_sent_all_batches = (@($sessionResults | Where-Object { $_.sent_packets -eq $_.expected_packets }).Count -eq $SessionCount) control_plane_applied_rebuild_decision = ($appliedDecision.decision.rebuild_status -eq "applied" -and $appliedDecision.decision.replacement_route_id -eq $alternateRouteID) node_agent_applied_rebuild_transition = ($appliedTransition.report.ingress.route_manager_transition.status -eq "applied_rebuild") entry_runtime_loaded_rebuild_config = ([string]$postRebuildLoadedConfig.report.config_version -ge [string]$appliedDecision.config.synthetic_mesh_config.config_version) post_rebuild_uses_alternate_route = ([string]$postRebuildIngress.report.ingress.last_selected_route_id -eq $alternateRouteID) every_session_exit_inbox_received_all_packets = (@($sessionResults | Where-Object { $_.exit_depth -ge ($_.baseline_exit_depth + $_.expected_packets) }).Count -eq $SessionCount) no_degraded_route_used = ((@($sessionResults | Measure-Object -Property backend_delta -Sum).Sum) -eq 0) no_flow_drops = ($droppedDelta -eq 0) route_intents_expired = ($expiredPrimary.route_intent.lifecycle_status -eq "expired" -and $expiredAlternate.route_intent.lifecycle_status -eq "expired") } telemetry = @{ final_entry_ingress = $finalEntryRuntime.report.ingress final_exit_inbox = $finalExitRuntime.report.inbox post_rebuild_ingress = $postRebuildIngress.report.ingress applied_decision = $appliedDecision.decision applied_transition = $appliedTransition.report.ingress.route_manager_transition sessions = $sessionResults } } $failedChecks = @($result.checks.GetEnumerator() | Where-Object { $_.Value -ne $true }) if ($failedChecks.Count -gt 0) { throw "C18Z7 failed checks: $($failedChecks.Name -join ', ')" } } finally { foreach ($session in @($sessions)) { try { Close-ServiceChannelWebSocket -Session $session } catch {} } if ($primaryRouteID) { try { Invoke-Api -Method POST -Path "/clusters/$ClusterID/mesh/route-intents/$primaryRouteID/expire" -Body @{ actor_user_id = $ActorUserID } | Out-Null } catch {} } if ($alternateRouteID) { try { Invoke-Api -Method POST -Path "/clusters/$ClusterID/mesh/route-intents/$alternateRouteID/expire" -Body @{ actor_user_id = $ActorUserID } | Out-Null } catch {} } if ($updatersStopped) { try { Start-TestUpdaters } catch { Write-Warning "Could not restart test updaters: $($_.Exception.Message)" } } } $resultFullPath = Join-Path $repoRoot $ResultPath $resultDir = Split-Path -Parent $resultFullPath if (-not (Test-Path $resultDir)) { New-Item -ItemType Directory -Path $resultDir | Out-Null } $result | ConvertTo-Json -Depth 100 | Set-Content -Path $resultFullPath -Encoding UTF8 Write-Host "C18Z7 live service-channel concurrent isolation smoke passed. Result: $resultFullPath" $result