blob: 919a5aefcb8ab77ad519b1c84cbca9bbc8416913 [file] [log] [blame]
Chetan Gaonker52418832017-01-26 23:03:13 +00001#copyright 2016-present Ciena Corporation
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14#
A R Karthickd0fdf3b2017-03-21 16:54:22 -070015import time
16import os
A.R Karthick282f0d32017-03-28 16:43:59 -070017import sys
18import json
Chetan Gaonker0bf76312017-05-09 16:48:10 +000019import requests
Chetan Gaonker52418832017-01-26 23:03:13 +000020from nose.tools import *
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +000021from twisted.internet import defer
22from nose.twistedtools import reactor, deferred
A.R Karthick33cfdbe2017-03-17 18:03:48 -070023from CordTestUtils import *
Chetan Gaonker52418832017-01-26 23:03:13 +000024from OltConfig import OltConfig
Chetan Gaonker52418832017-01-26 23:03:13 +000025from onosclidriver import OnosCliDriver
A.R Karthick9ccd0d02017-03-16 17:11:08 -070026from SSHTestAgent import SSHTestAgent
Chetan Gaonker52418832017-01-26 23:03:13 +000027from CordLogger import CordLogger
A R Karthickd0fdf3b2017-03-21 16:54:22 -070028from VSGAccess import VSGAccess
A R Karthick933f5b52017-03-27 15:27:16 -070029from CordTestUtils import log_test as log
A R Karthick19771192017-04-25 14:57:05 -070030from CordTestConfig import setup_module, running_on_ciab
A.R Karthicka9b594d2017-03-29 16:25:22 -070031from OnosCtrl import OnosCtrl
A.R Karthick282f0d32017-03-28 16:43:59 -070032
Chetan Gaonker52418832017-01-26 23:03:13 +000033log.setLevel('INFO')
34
35class vsg_exchange(CordLogger):
36 ONOS_INSTANCES = 3
37 V_INF1 = 'veth0'
38 device_id = 'of:' + get_mac()
Chetan Gaonker52418832017-01-26 23:03:13 +000039 TEST_IP = '8.8.8.8'
40 HOST = "10.1.0.1"
41 USER = "vagrant"
42 PASS = "vagrant"
A R Karthick63751492017-03-22 09:28:01 -070043 head_node = os.getenv('HEAD_NODE', 'prod')
A.R Karthick9ccd0d02017-03-16 17:11:08 -070044 HEAD_NODE = head_node + '.cord.lab' if len(head_node.split('.')) == 1 else head_node
A R Karthick03f40aa2017-03-20 19:33:55 -070045 test_path = os.path.dirname(os.path.realpath(__file__))
A.R Karthick5968e0d2017-05-16 14:50:46 -070046 olt_conf_file = os.getenv('OLT_CONFIG_FILE', os.path.join(test_path, '..', 'setup/olt_config.json'))
A.R Karthick282f0d32017-03-28 16:43:59 -070047 restApiXos = None
A R Karthick0a4ca3a2017-03-30 09:36:53 -070048 subscriber_account_num = 200
49 subscriber_s_tag = 304
50 subscriber_c_tag = 304
51 subscribers_per_s_tag = 8
52 subscriber_map = {}
A R Karthickb0cec7c2017-04-21 10:42:54 -070053 subscriber_info = []
54 volt_subscriber_info = []
A R Karthick9a16a112017-04-07 15:40:05 -070055 restore_methods = []
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +000056 TIMEOUT=120
A.R Karthickb145da82017-04-20 14:45:43 -070057 FABRIC_PORT_HEAD_NODE = 1
58 FABRIC_PORT_COMPUTE_NODE = 2
59 APP_NAME = 'org.ciena.xconnect'
60 APP_FILE = os.path.join(test_path, '..', 'apps/xconnect-1.0-SNAPSHOT.oar')
A.R Karthick50f4d9a2017-04-20 16:44:19 -070061 NUM_SUBSCRIBERS = 5
A R Karthick0a4ca3a2017-03-30 09:36:53 -070062
63 @classmethod
64 def getSubscriberCredentials(cls, subId):
65 """Generate our own account num, s_tag and c_tags"""
66 if subId in cls.subscriber_map:
67 return cls.subscriber_map[subId]
68 account_num = cls.subscriber_account_num
69 cls.subscriber_account_num += 1
70 s_tag, c_tag = cls.subscriber_s_tag, cls.subscriber_c_tag
71 cls.subscriber_c_tag += 1
72 if cls.subscriber_c_tag % cls.subscribers_per_s_tag == 0:
73 cls.subscriber_s_tag += 1
74 cls.subscriber_map[subId] = account_num, s_tag, c_tag
75 return cls.subscriber_map[subId]
A.R Karthick282f0d32017-03-28 16:43:59 -070076
77 @classmethod
A.R Karthicka9b594d2017-03-29 16:25:22 -070078 def getXosCredentials(cls):
79 onos_cfg = OnosCtrl.get_config()
80 if onos_cfg is None:
81 return None
82 if 'apps' in onos_cfg and \
83 'org.opencord.vtn' in onos_cfg['apps'] and \
84 'cordvtn' in onos_cfg['apps']['org.opencord.vtn'] and \
85 'xos' in onos_cfg['apps']['org.opencord.vtn']['cordvtn']:
86 xos_cfg = onos_cfg['apps']['org.opencord.vtn']['cordvtn']['xos']
87 endpoint = xos_cfg['endpoint']
88 user = xos_cfg['user']
89 password = xos_cfg['password']
90 xos_endpoints = endpoint.split(':')
91 xos_host = xos_endpoints[1][len('//'):]
92 xos_port = xos_endpoints[2][:-1]
93 #log.info('xos_host: %s, port: %s, user: %s, password: %s' %(xos_host, xos_port, user, password))
94 return dict(host = xos_host, port = xos_port, user = user, password = password)
95
96 return None
97
98 @classmethod
A.R Karthick50f4d9a2017-04-20 16:44:19 -070099 def getSubscriberConfig(cls, num_subscribers):
100 features = {
101 'cdn': True,
102 'uplink_speed': 1000000000,
103 'downlink_speed': 1000000000,
104 'uverse': True,
105 'status': 'enabled'
106 }
107 subscriber_map = []
108 for i in xrange(num_subscribers):
109 subId = 'sub{}'.format(i)
110 account_num, _, _ = cls.getSubscriberCredentials(subId)
111 identity = { 'account_num' : str(account_num),
112 'name' : 'My House {}'.format(i)
113 }
114 sub_info = { 'features' : features,
115 'identity' : identity
116 }
117 subscriber_map.append(sub_info)
118
119 return subscriber_map
120
121 @classmethod
122 def getVoltSubscriberConfig(cls, num_subscribers):
123 voltSubscriberMap = []
124 for i in xrange(num_subscribers):
125 subId = 'sub{}'.format(i)
126 account_num, s_tag, c_tag = cls.getSubscriberCredentials(subId)
127 voltSubscriberInfo = {}
128 voltSubscriberInfo['voltTenant'] = dict(s_tag = str(s_tag),
129 c_tag = str(c_tag),
130 subscriber = '')
131 voltSubscriberInfo['account_num'] = account_num
132 voltSubscriberMap.append(voltSubscriberInfo)
133
134 return voltSubscriberMap
135
136 @classmethod
A.R Karthick282f0d32017-03-28 16:43:59 -0700137 def setUpCordApi(cls):
138 our_path = os.path.dirname(os.path.realpath(__file__))
139 cord_api_path = os.path.join(our_path, '..', 'cord-api')
140 framework_path = os.path.join(cord_api_path, 'Framework')
141 utils_path = os.path.join(framework_path, 'utils')
142 data_path = os.path.join(cord_api_path, 'Tests', 'data')
143 subscriber_cfg = os.path.join(data_path, 'Subscriber.json')
144 volt_tenant_cfg = os.path.join(data_path, 'VoltTenant.json')
A R Karthick035d2e22017-04-25 13:53:00 -0700145 num_subscribers = max(cls.NUM_SUBSCRIBERS, 5)
146 cls.subscriber_info = cls.getSubscriberConfig(num_subscribers)
147 cls.volt_subscriber_info = cls.getVoltSubscriberConfig(num_subscribers)
A.R Karthick282f0d32017-03-28 16:43:59 -0700148
149 sys.path.append(utils_path)
150 sys.path.append(framework_path)
151 from restApi import restApi
152 restApiXos = restApi()
A.R Karthicka9b594d2017-03-29 16:25:22 -0700153 xos_credentials = cls.getXosCredentials()
154 if xos_credentials is None:
155 restApiXos.controllerIP = cls.HEAD_NODE
156 restApiXos.controllerPort = '9000'
157 else:
158 restApiXos.controllerIP = xos_credentials['host']
159 restApiXos.controllerPort = xos_credentials['port']
160 restApiXos.user = xos_credentials['user']
161 restApiXos.password = xos_credentials['password']
A.R Karthick282f0d32017-03-28 16:43:59 -0700162 cls.restApiXos = restApiXos
Chetan Gaonker52418832017-01-26 23:03:13 +0000163
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700164 @classmethod
A R Karthick97e08852017-04-26 10:06:38 -0700165 def getVoltId(cls, result, subId):
166 if type(result) is not type([]):
167 return None
168 for tenant in result:
169 if str(tenant['subscriber']) == str(subId):
170 return str(tenant['id'])
171 return None
172
173 @classmethod
A R Karthickb0cec7c2017-04-21 10:42:54 -0700174 def closeVCPEAccess(cls, volt_subscriber_info):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700175 OnosCtrl.uninstall_app(cls.APP_NAME, onos_ip = cls.HEAD_NODE)
A.R Karthickb145da82017-04-20 14:45:43 -0700176
177 @classmethod
A R Karthickb0cec7c2017-04-21 10:42:54 -0700178 def openVCPEAccess(cls, volt_subscriber_info):
A.R Karthickb145da82017-04-20 14:45:43 -0700179 """
A R Karthickb0cec7c2017-04-21 10:42:54 -0700180 This code is used to configure leaf switch for head node access to compute node over fabric.
181 Care is to be taken to avoid overwriting existing/default vcpe flows.
182 The access is opened for generated subscriber info which should not overlap.
183 We target the fabric onos instance on head node.
A.R Karthickb145da82017-04-20 14:45:43 -0700184 """
A.R Karthickb145da82017-04-20 14:45:43 -0700185 OnosCtrl.install_app(cls.APP_FILE, onos_ip = cls.HEAD_NODE)
186 time.sleep(2)
A R Karthickb0cec7c2017-04-21 10:42:54 -0700187 s_tags = map(lambda tenant: int(tenant['voltTenant']['s_tag']), volt_subscriber_info)
188 #only get unique vlan tags
189 s_tags = list(set(s_tags))
A.R Karthickb145da82017-04-20 14:45:43 -0700190 devices = OnosCtrl.get_device_ids(controller = cls.HEAD_NODE)
A R Karthickb0cec7c2017-04-21 10:42:54 -0700191 if devices:
192 device_config = {}
193 for device in devices:
194 device_config[device] = []
195 for s_tag in s_tags:
196 xconnect_config = {'vlan': s_tag, 'ports' : [ cls.FABRIC_PORT_HEAD_NODE, cls.FABRIC_PORT_COMPUTE_NODE ] }
197 device_config[device].append(xconnect_config)
A.R Karthickb145da82017-04-20 14:45:43 -0700198
A R Karthickb0cec7c2017-04-21 10:42:54 -0700199 cfg = { 'apps' : { 'org.ciena.xconnect' : { 'xconnectTestConfig' : device_config } } }
200 OnosCtrl.config(cfg, controller = cls.HEAD_NODE)
A.R Karthickb145da82017-04-20 14:45:43 -0700201
202 @classmethod
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700203 def setUpClass(cls):
204 cls.controllers = get_controllers()
205 cls.controller = cls.controllers[0]
206 cls.cli = None
A R Karthick19771192017-04-25 14:57:05 -0700207 cls.on_pod = running_on_pod()
208 cls.on_ciab = running_on_ciab()
A R Karthick03f40aa2017-03-20 19:33:55 -0700209 cls.olt = OltConfig(olt_conf_file = cls.olt_conf_file)
210 cls.vcpes = cls.olt.get_vcpes()
211 cls.vcpes_dhcp = cls.olt.get_vcpes_by_type('dhcp')
A R Karthick035d2e22017-04-25 13:53:00 -0700212 cls.vcpes_reserved = cls.olt.get_vcpes_by_type('reserved')
213 cls.dhcp_vcpes_reserved = [ 'vcpe{}.{}.{}'.format(i, cls.vcpes_reserved[i]['s_tag'], cls.vcpes_reserved[i]['c_tag'])
214 for i in xrange(len(cls.vcpes_reserved)) ]
215 cls.untagged_dhcp_vcpes_reserved = [ 'vcpe{}'.format(i) for i in xrange(len(cls.vcpes_reserved)) ]
216 cls.container_vcpes_reserved = [ 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag']) for vcpe in cls.vcpes_reserved ]
217 vcpe_dhcp_reserved = None
218 vcpe_container_reserved = None
219 if cls.vcpes_reserved:
220 vcpe_dhcp_reserved = cls.dhcp_vcpes_reserved[0]
A R Karthick19771192017-04-25 14:57:05 -0700221 if cls.on_pod is False:
A R Karthick035d2e22017-04-25 13:53:00 -0700222 vcpe_dhcp_reserved = cls.untagged_dhcp_vcpes_reserved[0]
223 vcpe_container_reserved = cls.container_vcpes_reserved[0]
224
225 cls.vcpe_dhcp_reserved = vcpe_dhcp_reserved
226 cls.vcpe_container_reserved = vcpe_container_reserved
227 dhcp_vcpe_offset = len(cls.vcpes_reserved)
A R Karthick927129c2017-04-25 14:08:02 -0700228 cls.dhcp_vcpes = [ 'vcpe{}.{}.{}'.format(i+dhcp_vcpe_offset, cls.vcpes_dhcp[i]['s_tag'], cls.vcpes_dhcp[i]['c_tag'])
229 for i in xrange(len(cls.vcpes_dhcp)) ]
230 cls.untagged_dhcp_vcpes = [ 'vcpe{}'.format(i+dhcp_vcpe_offset) for i in xrange(len(cls.vcpes_dhcp)) ]
231 cls.container_vcpes = [ 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag']) for vcpe in cls.vcpes_dhcp ]
A R Karthick03f40aa2017-03-20 19:33:55 -0700232 vcpe_dhcp = None
A R Karthick03f40aa2017-03-20 19:33:55 -0700233 vcpe_container = None
234 #cache the first dhcp vcpe in the class for quick testing
235 if cls.vcpes_dhcp:
A R Karthick035d2e22017-04-25 13:53:00 -0700236 vcpe_container = cls.container_vcpes[0]
237 vcpe_dhcp = cls.dhcp_vcpes[0]
A R Karthick19771192017-04-25 14:57:05 -0700238 if cls.on_pod is False:
A R Karthick035d2e22017-04-25 13:53:00 -0700239 vcpe_dhcp = cls.untagged_dhcp_vcpes[0]
240 cls.vcpe_container = vcpe_container_reserved or vcpe_container
241 cls.vcpe_dhcp = vcpe_dhcp_reserved or vcpe_dhcp
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700242 VSGAccess.setUp()
A.R Karthick282f0d32017-03-28 16:43:59 -0700243 cls.setUpCordApi()
A R Karthick19771192017-04-25 14:57:05 -0700244 if cls.on_pod is True:
A R Karthickb0cec7c2017-04-21 10:42:54 -0700245 cls.openVCPEAccess(cls.volt_subscriber_info)
Chetan Gaonker52418832017-01-26 23:03:13 +0000246
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700247 @classmethod
248 def tearDownClass(cls):
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700249 VSGAccess.tearDown()
A R Karthick19771192017-04-25 14:57:05 -0700250 if cls.on_pod is True:
A R Karthickb0cec7c2017-04-21 10:42:54 -0700251 cls.closeVCPEAccess(cls.volt_subscriber_info)
Chetan Gaonker52418832017-01-26 23:03:13 +0000252
Chetan Gaonker52418832017-01-26 23:03:13 +0000253 def cliEnter(self, controller = None):
254 retries = 0
255 while retries < 30:
256 self.cli = OnosCliDriver(controller = controller, connect = True)
257 if self.cli.handle:
258 break
259 else:
260 retries += 1
261 time.sleep(2)
262
263 def cliExit(self):
264 self.cli.disconnect()
265
266 def onos_shutdown(self, controller = None):
267 status = True
268 self.cliEnter(controller = controller)
269 try:
270 self.cli.shutdown(timeout = 10)
271 except:
272 log.info('Graceful shutdown of ONOS failed for controller: %s' %controller)
273 status = False
274
275 self.cliExit()
276 return status
277
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700278 def log_set(self, level = None, app = 'org.onosproject'):
279 CordLogger.logSet(level = level, app = app, controllers = self.controllers, forced = True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000280
A R Karthick9a16a112017-04-07 15:40:05 -0700281 @classmethod
282 def get_dhcp(cls, vcpe, mgmt = 'eth0'):
283 """Get DHCP for vcpe interface saving management settings"""
284
285 def put_dhcp():
286 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
287
288 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
289 if vcpe_ip is not None:
290 cls.restore_methods.append(put_dhcp)
291 return vcpe_ip
292
293 @classmethod
294 def config_restore(cls):
295 """Restore the vsg test configuration on test case failures"""
296 for restore_method in cls.restore_methods:
297 restore_method()
298
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000299 def get_vsg_vcpe_pair(self):
300 vcpes = self.vcpes_dhcp
301 vcpe_containers = []
302 vsg_vcpe = {}
303 for vcp in vcpes:
304 vcpe_container = 'vcpe-{}-{}'.format(vcp['s_tag'], vcp['c_tag'])
305 vcpe_containers.append(vcpe_container)
306 vsg = VSGAccess.get_vcpe_vsg(vcpe_container)
307 vsg_vcpe[vcpe_container]=str(vsg.get_ip())
308 return vsg_vcpe
309
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000310 def get_vcpe_containers_and_interfaces(self):
311 vcpe_containers = {}
312 vcpe_interfaces = []
313 vcpes = self.vcpes_dhcp
314 count = 0
315 for vcpe in vcpes:
316 vcpe_intf = 'vcpe{}.{}.{}'.format(count,vcpe['s_tag'],vcpe['c_tag'])
317 vcpe_interfaces.append(vcpe_intf)
318 vcpe_container = 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag'])
319 vcpe_containers[vcpe_intf] = vcpe_container
320 count += 1
321 log.info('vcpe interfaces are %s'%vcpe_interfaces)
322 log.info('vcpe containers are %s'%vcpe_containers)
323 return vcpe_interfaces,vcpe_containers
324
325 def get_vcpe_interface_dhcp_ip(self,vcpe=None):
326 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700327 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000328 st, _ = getstatusoutput('dhclient {}'.format(vcpe))
329 vcpe_ip = get_ip(vcpe)
330 return vcpe_ip
331
332 def release_vcpe_interface_dhcp_ip(self,vcpe=None):
333 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700334 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000335 st, _ = getstatusoutput('dhclient {} -r'.format(vcpe))
336 vcpe_ip = get_ip(vcpe)
337 assert_equal(vcpe_ip, None)
338
339 def add_static_route_via_vcpe_interface(self, routes, vcpe=None,dhcp_ip=True):
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000340 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700341 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000342 if dhcp_ip:
A R Karthick035d2e22017-04-25 13:53:00 -0700343 os.system('dhclient '+vcpe)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000344 time.sleep(1)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000345 for route in routes:
A R Karthick035d2e22017-04-25 13:53:00 -0700346 log.info('route is %s'%route)
347 cmd = 'ip route add ' + route + ' via 192.168.0.1 '+ 'dev ' + vcpe
348 cmds.append(cmd)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000349 for cmd in cmds:
A R Karthick035d2e22017-04-25 13:53:00 -0700350 os.system(cmd)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000351 return True
352
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000353 def del_static_route_via_vcpe_interface(self,routes,vcpe=None,dhcp_release=True):
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000354 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700355 vcpe = self.vcpe_dhcp
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000356 cmds = []
357 for route in routes:
A R Karthick035d2e22017-04-25 13:53:00 -0700358 cmd = 'ip route del ' + route + ' via 192.168.0.1 ' + 'dev ' + vcpe
359 os.system(cmd)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000360 if dhcp_release:
A R Karthick035d2e22017-04-25 13:53:00 -0700361 os.system('dhclient '+vcpe+' -r')
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000362 return True
363
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000364 def vsg_for_external_connectivity(self, subscriber_index, reserved = False):
365 if reserved is True:
366 if self.on_pod is True:
367 vcpe = self.dhcp_vcpes_reserved[subscriber_index]
368 else:
369 vcpe = self.untagged_dhcp_vcpes_reserved[subscriber_index]
370 else:
371 if self.on_pod is True:
372 vcpe = self.dhcp_vcpes[subscriber_index]
373 else:
374 vcpe = self.untagged_dhcp_vcpes[subscriber_index]
375 mgmt = 'eth0'
376 host = '8.8.8.8'
377 self.success = False
378 assert_not_equal(vcpe, None)
379 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
380 assert_not_equal(vcpe_ip, None)
381 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
382 log.info('Sending icmp echo requests to external network 8.8.8.8')
383 st, _ = getstatusoutput('ping -c 3 8.8.8.8')
384 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
385 assert_equal(st, 0)
386
A R Karthick63751492017-03-22 09:28:01 -0700387 def test_vsg_health(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000388 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000389 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000390 1. Login to compute node VM
391 2. Get all vSGs
392 3. Ping to all vSGs
393 4. Verifying Ping success
394 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700395 status = True
A R Karthick19771192017-04-25 14:57:05 -0700396 if self.on_pod is True:
A R Karthick93ba8d02017-04-13 11:59:58 -0700397 status = VSGAccess.health_check()
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700398 assert_equal(status, True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000399
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000400 def test_vsg_health_check(self, vsg_name='mysite_vsg-1', verify_status=True):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000401 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000402 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000403 1. If vsg name not specified, Get vsg corresponding to vcpe
404 1. Login to compute mode VM
405 3. Ping to the vSG
406 4. Verifying Ping success
407 """
A R Karthick19771192017-04-25 14:57:05 -0700408 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700409 return
A R Karthick035d2e22017-04-25 13:53:00 -0700410 if not vsg_name:
411 vcpe = self.vcpe_container
412 vsg = VSGAccess.get_vcpe_vsg(vcpe)
413 status = vsg.get_health()
414 assert_equal(status, verify_status)
415 else:
416 vsgs = VSGAccess.get_vsgs()
417 status = None
418 for vsg in vsgs:
419 if vsg.name == vsg_name:
420 status = vsg.get_health()
421 log.info('vsg health check status is %s'%status)
422 assert_equal(status,verify_status)
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000423
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000424 @deferred(TIMEOUT)
A R Karthick63751492017-03-22 09:28:01 -0700425 def test_vsg_for_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000426 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000427 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000428 1. Get list of all compute nodes created using Openstack
429 2. Login to compute mode VM
430 3. Get all vSGs
431 4. Verifying atleast one compute node and one vSG created
432 """
A R Karthick035d2e22017-04-25 13:53:00 -0700433 df = defer.Deferred()
434 def vsg_for_vcpe_df(df):
A R Karthick19771192017-04-25 14:57:05 -0700435 if self.on_pod is True:
A R Karthick93ba8d02017-04-13 11:59:58 -0700436 vsgs = VSGAccess.get_vsgs()
437 compute_nodes = VSGAccess.get_compute_nodes()
438 time.sleep(14)
439 assert_not_equal(len(vsgs), 0)
440 assert_not_equal(len(compute_nodes), 0)
A R Karthick035d2e22017-04-25 13:53:00 -0700441 df.callback(0)
442 reactor.callLater(0,vsg_for_vcpe_df,df)
443 return df
Chetan Gaonker52418832017-01-26 23:03:13 +0000444
A R Karthick63751492017-03-22 09:28:01 -0700445 def test_vsg_for_login(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000446 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000447 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000448 1. Login to compute node VM
449 2. Get all vSGs
450 3. Verifying login to vSG is success
451 """
A R Karthick19771192017-04-25 14:57:05 -0700452 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700453 return
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700454 vsgs = VSGAccess.get_vsgs()
455 vsg_access_status = map(lambda vsg: vsg.check_access(), vsgs)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700456 status = filter(lambda st: st == False, vsg_access_status)
457 assert_equal(len(status), 0)
458
A R Karthick63751492017-03-22 09:28:01 -0700459 def test_vsg_for_default_route_through_testclient(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000460 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000461 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000462 1. Login to head node
463 2. Verifying for default route in lxc test client
464 """
A R Karthick19771192017-04-25 14:57:05 -0700465 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700466 return
A R Karthick63751492017-03-22 09:28:01 -0700467 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
468 cmd = "sudo lxc exec testclient -- route | grep default"
469 status, output = ssh_agent.run_cmd(cmd)
470 assert_equal(status, True)
471
472 def test_vsg_for_external_connectivity_through_testclient(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000473 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000474 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000475 1. Login to head node
476 2. On head node, executing ping to 8.8.8.8 from lxc test client
477 3. Verifying for the ping success
478 """
A R Karthick19771192017-04-25 14:57:05 -0700479 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700480 return
A R Karthick63751492017-03-22 09:28:01 -0700481 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
482 cmd = "lxc exec testclient -- ping -c 3 8.8.8.8"
483 status, output = ssh_agent.run_cmd(cmd)
484 assert_equal( status, True)
485
A R Karthick035d2e22017-04-25 13:53:00 -0700486 def test_vsg_for_external_connectivity(self):
487 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000488 Test Method:
A R Karthick035d2e22017-04-25 13:53:00 -0700489 1. Get dhcp IP to vcpe interface in cord-tester
490 2. Verifying vcpe interface gets dhcp IP
491 3. Ping to 8.8.8.8 and Verifying ping should success
492 4. Restoring management interface configuration in cord-tester
493 """
A R Karthick19771192017-04-25 14:57:05 -0700494 reserved = True
495 if self.on_pod:
496 reserved = self.on_ciab
497 self.vsg_for_external_connectivity(0, reserved = reserved)
A R Karthick035d2e22017-04-25 13:53:00 -0700498
A R Karthick63751492017-03-22 09:28:01 -0700499 def test_vsg_for_external_connectivity_to_google(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000500 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000501 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000502 1. Get dhcp IP to vcpe interface in cord-tester
503 2. Verifying vcpe interface gets dhcp IP
504 3. Ping to www.google.com and Verifying ping should success
505 4. Restoring management interface configuration in cord-tester
506 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000507 host = 'www.google.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700508 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700509 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700510 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000511 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700512 assert_not_equal(vcpe_ip, None)
513 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
514 log.info('Sending icmp ping requests to %s' %host)
515 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700516 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700517 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000518
A R Karthickb2618052017-05-10 09:23:22 -0700519 def retrieve_content_from_host_to_validate_path_mtu(self, host):
520 vcpe = self.vcpe_dhcp
521 mgmt = 'eth0'
522 assert_not_equal(vcpe, None)
523 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
524 assert_not_equal(vcpe_ip, None)
525 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
526 log.info('Initiating get requests to %s' %host)
527 r = requests.get('http://{}'.format(host))
528 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
529 return r.status_code
530
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000531 #Test cases to check path mtu across cord framework wih some selected websites to check response.
532 def test_vsg_to_retrieve_content_from_google_to_validate_path_mtu(self):
533 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000534 Test Method:
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000535 1. Get dhcp IP to vcpe interface in cord-tester
536 2. Verifying vcpe interface gets dhcp IP
537 3. Retrieve contents from www.google.com and Verify response status is 200 ok.
538 4. This validates path mtu for end to end traffic with request to retrieve web contents in cord framework.
539 (Based on website response, size differs, needs check on MTU)
540 4. Restoring management interface configuration in cord-tester
541 """
A R Karthickb2618052017-05-10 09:23:22 -0700542 status_code = self.retrieve_content_from_host_to_validate_path_mtu('www.google.com')
543 assert_equal(status_code, 200)
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000544
545 def test_vsg_to_retrieve_content_from_rediff_to_validate_path_mtu(self):
546 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000547 Test Method:
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000548 1. Get dhcp IP to vcpe interface in cord-tester
549 2. Verifying vcpe interface gets dhcp IP
550 3. Retrieve contents from www.rediff.com and Verify response status is 200 ok.
551 4. This validates path mtu for end to end traffic with request to retrieve web contents in cord framework.
552 (Based on website response, size differs, needs check on MTU)
553 4. Restoring management interface configuration in cord-tester
554 """
A R Karthickb2618052017-05-10 09:23:22 -0700555 status_code = self.retrieve_content_from_host_to_validate_path_mtu('www.rediff.com')
556 assert_equal(status_code, 200)
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000557
558 def test_vsg_to_retrieve_content_from_yahoo_to_validate_path_mtu(self):
559 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000560 Test Method:
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000561 1. Get dhcp IP to vcpe interface in cord-tester
562 2. Verifying vcpe interface gets dhcp IP
563 3. Retrieve contents from www.yahoo.com and Verify response status is 200 ok.
564 4. This validates path mtu for end to end traffic with request to retrieve web contents in cord framework.
565 (Based on website response, size differs, needs check on MTU)
566 4. Restoring management interface configuration in cord-tester
567 """
A R Karthickb2618052017-05-10 09:23:22 -0700568 status_code = self.retrieve_content_from_host_to_validate_path_mtu('www.yahoo.com')
569 assert_equal(status_code, 200)
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000570
571 def test_vsg_to_retrieve_content_from_facebook_to_validate_path_mtu(self):
572 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000573 Test Method:
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000574 1. Get dhcp IP to vcpe interface in cord-tester
575 2. Verifying vcpe interface gets dhcp IP
576 3. Retrieve contents from www.facebook.com and Verify response status is 200 ok.
577 4. This validates path mtu for end to end traffic with request to retrieve web contents in cord framework.
578 (Based on website response, size differs, needs check on MTU)
579 4. Restoring management interface configuration in cord-tester
580 """
A R Karthickb2618052017-05-10 09:23:22 -0700581 status_code = self.retrieve_content_from_host_to_validate_path_mtu('www.facebook.com')
582 assert_equal(status_code, 200)
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000583
A R Karthick63751492017-03-22 09:28:01 -0700584 def test_vsg_for_external_connectivity_to_invalid_host(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000585 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000586 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000587 1. Get dhcp IP to vcpe interface in cord-tester
588 2. Verifying vcpe interface gets dhcp IP
589 3. Ping to www.goglee.com and Verifying ping should not success
590 4. Restoring management interface configuration in cord-tester
591 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000592 host = 'www.goglee.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700593 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700594 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700595 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000596 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700597 assert_not_equal(vcpe_ip, None)
598 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
599 log.info('Sending icmp ping requests to non existent host %s' %host)
600 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700601 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700602 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000603
A R Karthick63751492017-03-22 09:28:01 -0700604 def test_vsg_for_external_connectivity_with_ttl_1(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000605 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000606 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000607 1. Get dhcp IP to vcpe interface in cord-tester
608 2. Verifying vcpe interface gets dhcp IP
609 3. Ping to 8.8.8.8 with ttl set to 1
610 4. Verifying ping should not success
611 5. Restoring management interface configuration in cord-tester
612 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000613 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700614 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700615 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700616 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000617 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700618 assert_not_equal(vcpe_ip, None)
619 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
620 log.info('Sending icmp ping requests to host %s with ttl 1' %host)
621 st, _ = getstatusoutput('ping -c 1 -t 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700622 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700623 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000624
A R Karthick63751492017-03-22 09:28:01 -0700625 def test_vsg_for_external_connectivity_with_wan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000626 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000627 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000628 1. Get dhcp IP to vcpe interface in cord-tester
629 2. Verifying vcpe interface gets dhcp IP
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700630 3. Ping to 8.8.8.8 and Verifying ping succeeds
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000631 4. Now down the WAN interface of vcpe
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700632 5. Ping to 8.8.8.8 and Verifying ping fails
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000633 6. Now Up the WAN interface of vcpe
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700634 7. Ping to 8.8.8.8 and Verifying ping succeeds
635 8. Restoring management interface configuration in cord-tester
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000636 """
A R Karthick19771192017-04-25 14:57:05 -0700637 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700638 return
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000639 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700640 mgmt = 'eth0'
641 vcpe = self.vcpe_container
642 assert_not_equal(vcpe, None)
643 assert_not_equal(self.vcpe_dhcp, None)
644 #first get dhcp on the vcpe interface
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000645 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
646 assert_not_equal(vcpe_ip, None)
647 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
648 log.info('Sending ICMP pings to host %s' %(host))
649 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
650 if st != 0:
651 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
652 assert_equal(st, 0)
653 #bring down the wan interface and check again
654 st = VSGAccess.vcpe_wan_down(vcpe)
655 if st is False:
656 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
657 assert_equal(st, True)
658 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
659 if st == 0:
660 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
661 assert_not_equal(st, 0)
662 st = VSGAccess.vcpe_wan_up(vcpe)
663 if st is False:
664 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
665 assert_equal(st, True)
666 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
667 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
668 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000669
A R Karthick63751492017-03-22 09:28:01 -0700670 def test_vsg_for_external_connectivity_with_lan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000671 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000672 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000673 1. Get dhcp IP to vcpe interface in cord-tester
674 2. Verifying vcpe interface gets dhcp IP
675 3. Ping to 8.8.8.8 and Verifying ping should success
676 4. Now down the LAN interface of vcpe
677 5. Ping to 8.8.8.8 and Verifying ping should not success
678 6. Now Up the LAN interface of vcpe
679 7. Ping to 8.8.8.8 and Verifying ping should success
680 8. Restoring management interface configuration in cord-tester
681 """
A R Karthick19771192017-04-25 14:57:05 -0700682 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700683 return
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000684 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700685 mgmt = 'eth0'
686 vcpe = self.vcpe_container
687 assert_not_equal(vcpe, None)
688 assert_not_equal(self.vcpe_dhcp, None)
689 #first get dhcp on the vcpe interface
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000690 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
691 assert_not_equal(vcpe_ip, None)
692 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
693 log.info('Sending ICMP pings to host %s' %(host))
694 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
695 if st != 0:
696 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
697 assert_equal(st, 0)
698 #bring down the lan interface and check again
699 st = VSGAccess.vcpe_lan_down(vcpe)
700 if st is False:
701 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
702 assert_equal(st, True)
703 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
704 if st == 0:
705 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
706 assert_not_equal(st, 0)
707 st = VSGAccess.vcpe_lan_up(vcpe)
708 if st is False:
709 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
710 assert_equal(st, True)
711 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
712 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
713 assert_equal(st, 0)
Chetan Gaonker52418832017-01-26 23:03:13 +0000714
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000715 def test_vsg_multiple_subscribers_for_same_vcpe_instace(self):
716 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000717 Test Method:
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000718 1. Create a vcpe instance
719 2. Create multiple vcpe interfaces in cord-tester with same s-tag and c-tag to access vcpe instance
720 3. Verify all the interfaces gets dhcp IP in same subnet
721 """
722 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
723 for vcpe in vcpe_intfs:
724 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
725 assert_not_equal(vcpe_ip,None)
726 for vcpe in vcpe_intfs:
727 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
728
729 def test_vsg_for_multiple_subscribers_with_same_vcpe_instance_and_validate_external_connectivity(self):
730 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000731 Test Method:
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000732 1. Create a vcpe instance
733 2. Create multiple vcpe interfaces in cord-tester with same s-tag and c-tag to access vcpe instance
734 3. Verify all the interfaces gets dhcp IP in same subnet
735 4. From cord-tester ping to external with vcpe interface option
736 """
737 host = '8.8.8.8'
738 vcpe_intfs, containers = self.get_vcpe_containers_and_interfaces()
739 for vcpe in vcpe_intfs:
740 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
741 assert_not_equal(vcpe_ip,None)
742 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe,dhcp_ip=False)
743 st, _ = getstatusoutput('ping -I {} -c 3 {}'.format(vcpe,host))
744 assert_equal(st, 0)
745 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe,dhcp_release=False)
746 for vcpe in vcpe_intfs:
747 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
748
749 def test_vsg_vcpe_interface_and_validate_dhcp_ip_after_interface_toggle(self):
750 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000751 Test Method:
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000752 1. Create a vcpe instance
753 2. Create a vcpe interface in cord-tester
754 3. Verify the interface gets dhcp IP
755 4. Toggle the interface
756 5. Verify the interface gets dhcp IP
757 """
758 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
759 for vcpe in vcpe_intfs:
760 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
761 assert_not_equal(vcpe_ip,None)
762 os.system('ifconfig {} down'.format(vcpe))
763 time.sleep(1)
764 os.system('ifconfig {} up'.format(vcpe))
765 time.sleep(1)
766 vcpe_ip2 = get_ip(vcpe)
767 assert_equal(vcpe_ip2,vcpe_ip)
768 for vcpe in vcpe_intfs:
769 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
770
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000771 @deferred(TIMEOUT)
Anil Kumar Sanka52a39f82017-05-10 17:39:31 +0000772 def test_vsg_for_external_connectivity_after_restarting_vcpe_instance(self,vcpe_name=None,vcpe_intf=None):
773 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000774 Test Method:
Anil Kumar Sanka52a39f82017-05-10 17:39:31 +0000775 1. Get vSG corresponding to vcpe
776 2. Get dhcp ip to vcpe interface
777 3. Add static route to destination route in test container
778 4. From test container ping to destination route and verify ping success
779 5. Login to compute node and execute command to pause vcpe container
780 6. From test container ping to destination route and verify ping success
781 """
782 if not vcpe_name:
783 vcpe_name = self.vcpe_container
784 if not vcpe_intf:
785 vcpe_intf = self.vcpe_dhcp
786 df = defer.Deferred()
787 def vcpe_firewall(df):
788 if self.on_pod is False:
789 df.callback(0)
790 return
791 host = '8.8.8.8'
792 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
793 try:
794 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
795 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
796 assert_equal(st, False)
797 st, _ = vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
798 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
799 assert_equal(st, False)
800 finally:
801 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
802 df.callback(0)
803 reactor.callLater(0, vcpe_firewall, df)
804 return df
805
806 @deferred(TIMEOUT)
807 def test_vsg_for_external_connectivity_after_restarting_vsg_vm(self,vcpe_name=None,vcpe_intf=None):
808 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000809 Test Method:
Anil Kumar Sanka52a39f82017-05-10 17:39:31 +0000810 1. Get vSG corresponding to vcpe
811 2. Get dhcp ip to vcpe interface
812 3. Add static route to destination route in test container
813 4. From test container ping to destination route and verify ping success
814 5. Login to compute node and execute command to pause vcpe container
815 6. From test container ping to destination route and verify ping success
816 """
817 if not vcpe_name:
818 vcpe_name = self.vcpe_container
819 if not vcpe_intf:
820 vcpe_intf = self.vcpe_dhcp
821 df = defer.Deferred()
822 def vcpe_firewall(df):
823 if self.on_pod is False:
824 df.callback(0)
825 return
826 host = '8.8.8.8'
827 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
828 try:
829 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
830 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
831 assert_equal(st, False)
832 st, _ = vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
833 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
834 assert_equal(st, False)
835 finally:
836 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
837 df.callback(0)
838 reactor.callLater(0, vcpe_firewall, df)
839 return df
840
841 @deferred(TIMEOUT)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000842 def test_vsg_for_external_connectivity_with_vcpe_container_paused(self,vcpe_name=None,vcpe_intf=None):
843 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000844 Test Method:
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000845 1. Get vSG corresponding to vcpe
846 2. Get dhcp ip to vcpe interface
847 3. Add static route to destination route in test container
848 4. From test container ping to destination route and verify ping success
849 5. Login to compute node and execute command to pause vcpe container
850 6. From test container ping to destination route and verify ping success
851 """
852 if not vcpe_name:
853 vcpe_name = self.vcpe_container
854 if not vcpe_intf:
855 vcpe_intf = self.vcpe_dhcp
856 df = defer.Deferred()
857 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700858 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700859 df.callback(0)
860 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000861 host = '8.8.8.8'
862 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
863 try:
864 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
865 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
866 assert_equal(st, False)
867 st, _ = vsg.run_cmd('sudo docker pause {}'.format(vcpe_name))
868 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
869 assert_equal(st, False)
870 finally:
871 vsg.run_cmd('sudo docker unpause'.format(vcpe_name))
872 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
873 df.callback(0)
874 reactor.callLater(0, vcpe_firewall, df)
875 return df
876
877 @deferred(TIMEOUT)
878 def test_vsg_firewall_with_deny_destination_ip(self, vcpe_name=None, vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000879 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000880 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000881 1. Get vSG corresponding to vcpe
882 2. Login to compute node
883 3. Execute iptable command on vcpe from compute node to deny a destination IP
884 4. From cord-tester ping to the denied IP address
885 5. Verifying that ping should not be successful
886 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000887 if not vcpe_name:
888 vcpe_name = self.vcpe_container
889 if not vcpe_intf:
890 vcpe_intf = self.vcpe_dhcp
891 df = defer.Deferred()
892 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700893 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700894 df.callback(0)
895 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000896 host = '8.8.8.8'
897 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
898 try:
899 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
900 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
901 assert_equal(st, False)
902 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
903 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
904 assert_equal(st, True)
905 finally:
906 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
907 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
908 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
909 df.callback(0)
910 reactor.callLater(0, vcpe_firewall, df)
911 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000912
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000913 @deferred(TIMEOUT)
914 def test_vsg_firewall_with_rule_add_and_delete_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000915 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000916 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000917 1. Get vSG corresponding to vcpe
918 2. Login to compute node
919 3. Execute iptable command on vcpe from compute node to deny a destination IP
920 4. From cord-tester ping to the denied IP address
921 5. Verifying that ping should not be successful
922 6. Delete the iptable rule in vcpe
923 7. From cord-tester ping to the denied IP address
924 8. Verifying the ping should success
925 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000926 if not vcpe_name:
927 vcpe_name = self.vcpe_container
928 if not vcpe_intf:
929 vcpe_intf = self.vcpe_dhcp
930 df = defer.Deferred()
931 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700932 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700933 df.callback(0)
934 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000935 host = '8.8.8.8'
936 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
937 try:
938 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
939 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
940 assert_equal(st, False)
941 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
942 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
943 assert_equal(st, True)
944 st,_ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
945 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
946 assert_equal(st, False)
947 finally:
948 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
949 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
950 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
951 df.callback(0)
952 reactor.callLater(0, vcpe_firewall, df)
953 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000954
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000955 @deferred(TIMEOUT)
956 def test_vsg_firewall_verifying_reachability_for_non_blocked_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000957 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000958 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000959 1. Get vSG corresponding to vcpe
960 2. Login to compute node
961 3. Execute iptable command on vcpe from compute node to deny a destination IP
962 4. From cord-tester ping to the denied IP address
963 5. Verifying that ping should not be successful
964 6. From cord-tester ping to the denied IP address other than the denied one
965 7. Verifying the ping should success
966 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000967 if not vcpe_name:
968 vcpe_name = self.vcpe_container
969 if not vcpe_intf:
970 vcpe_intf = self.vcpe_dhcp
971 df = defer.Deferred()
972 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700973 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700974 df.callback(0)
975 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000976 host1 = '8.8.8.8'
977 host2 = '204.79.197.203'
978 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
979 try:
980 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
981 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
982 assert_equal(st, False)
983 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
984 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
985 assert_equal(st, True)
986 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
987 assert_equal(st,False)
988 finally:
989 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
990 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
991 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
992 df.callback(0)
993 reactor.callLater(0, vcpe_firewall, df)
994 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000995
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000996 @deferred(TIMEOUT)
997 def test_vsg_firewall_appending_rules_with_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000998 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000999 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001000 1. Get vSG corresponding to vcpe
1001 2. Login to compute node
1002 3. Execute iptable command on vcpe from compute node to deny a destination IP1
1003 4. From cord-tester ping to the denied IP address IP1
1004 5. Verifying that ping should not be successful
1005 6. Execute iptable command on vcpe from compute node to deny a destination IP2
1006 6. From cord-tester ping to the denied IP address IP2
1007 7. Verifying that ping should not be successful
1008 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001009 if not vcpe_name:
1010 vcpe_name = self.vcpe_container
1011 if not vcpe_intf:
1012 vcpe_intf = self.vcpe_dhcp
1013 df = defer.Deferred()
1014 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -07001015 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -07001016 df.callback(0)
1017 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001018 host1 = '8.8.8.8'
1019 host2 = '204.79.197.203'
1020 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1021 try:
1022 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
1023 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1024 assert_equal(st, False)
1025 st,_ = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name))
1026 time.sleep(2)
1027 st,_ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
1028 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1029 assert_equal(st, True)
1030 st, out = getstatusoutput('ping -c 1 {}'.format(host2))
1031 log.info('host2 ping output is %s'%out)
1032 assert_equal(st, False)
1033 st, _ = vsg.run_cmd('sudo docker exec {} iptables -A FORWARD -d {} -j DROP'.format(vcpe_name,host2))
1034 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1035 assert_equal(st,True)
1036 finally:
1037 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
1038 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
1039 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
1040 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1041 df.callback(0)
1042 reactor.callLater(0, vcpe_firewall, df)
1043 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +00001044
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001045 @deferred(TIMEOUT)
1046 def test_vsg_firewall_removing_one_rule_denying_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001047 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00001048 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001049 1. Get vSG corresponding to vcpe
1050 2. Login to compute node
1051 3. Execute iptable command on vcpe from compute node to deny a destination IP1
1052 4. Execute iptable command on vcpe from compute node to deny a destination IP2
1053 5. From cord-tester ping to the denied IP address IP1
1054 6. Verifying that ping should not be successful
1055 7. From cord-tester ping to the denied IP address IP2
1056 8. Verifying that ping should not be successful
1057 9. Execute iptable command on vcpe from compute node to remove deny a destination IP2 rule
1058 10. From cord-tester ping to the denied IP address IP2
1059 11. Verifying the ping should success
1060 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001061 if not vcpe_name:
1062 vcpe_name = self.vcpe_container
1063 if not vcpe_intf:
1064 vcpe_intf = self.vcpe_dhcp
1065 df = defer.Deferred()
1066 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -07001067 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -07001068 df.callback(0)
1069 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001070 host1 = '8.8.8.8'
1071 host2 = '204.79.197.203'
1072 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1073 try:
1074 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp)
1075 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1076 assert_equal(st, False)
1077 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
1078 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host2))
1079 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1080 assert_equal(st, True)
1081 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1082 assert_equal(st,True)
1083 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
1084 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1085 assert_equal(st,False)
1086 finally:
1087 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
1088 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
1089 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
1090 log.info('restarting vcpe container')
1091 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1092 df.callback(0)
1093 reactor.callLater(0, vcpe_firewall, df)
1094 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +00001095
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001096 @deferred(TIMEOUT)
1097 def test_vsg_firewall_changing_rule_id_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001098 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00001099 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001100 1. Get vSG corresponding to vcpe
1101 2. Login to compute node
1102 3. Execute iptable command on vcpe from compute node to deny a destination IP
1103 5. From cord-tester ping to the denied IP address IP1
1104 6. Verifying that ping should not be successful
1105 9. Execute iptable command on vcpe from compute node to change the rule ID to 2 to deny the same destination IP
1106 10. From cord-tester ping to the denied IP address IP
1107 11. Verifying that ping should not be successful
1108 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001109 if not vcpe_name:
1110 vcpe_name = self.vcpe_container
1111 if not vcpe_intf:
1112 vcpe_intf = self.vcpe_dhcp
1113 df = defer.Deferred()
1114 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -07001115 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -07001116 df.callback(0)
1117 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001118 host = '8.8.8.8'
1119 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1120 try:
1121 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1122 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1123 assert_equal(st, False)
1124 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1125 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1126 assert_equal(st, True)
1127 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP '.format(vcpe_name,host))
1128 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1129 assert_equal(st,True)
1130 finally:
1131 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1132 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1133 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1134 df.callback(0)
1135 reactor.callLater(0, vcpe_firewall, df)
1136 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +00001137
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001138 @deferred(TIMEOUT)
1139 def test_vsg_firewall_changing_deny_rule_to_accept_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001140 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00001141 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001142 1. Get vSG corresponding to vcpe
1143 2. Login to compute node
1144 3. Execute iptable command on vcpe from compute node to deny a destination IP
1145 5. From cord-tester ping to the denied IP address IP1
1146 6. Verifying that ping should not be successful
1147 9. Execute iptable command on vcpe from compute node to accept the same destination IP
1148 10. From cord-tester ping to the accepted IP
1149 11. Verifying the ping should success
1150 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001151 if not vcpe_name:
1152 vcpe_name = self.vcpe_container
1153 if not vcpe_intf:
1154 vcpe_intf = self.vcpe_dhcp
1155 df = defer.Deferred()
1156 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -07001157 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -07001158 df.callback(0)
1159 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001160 host = '8.8.8.8'
1161 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1162 try:
1163 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1164 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1165 assert_equal(st, False)
1166 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1167 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1168 assert_equal(st, True)
1169 st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -d {} -j ACCEPT'.format(vcpe_name,host))
1170 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1171 assert_equal(st,False)
1172 finally:
1173 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1174 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j ACCEPT'.format(vcpe_name,host))
1175 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1176 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1177 df.callback(0)
1178 reactor.callLater(0, vcpe_firewall, df)
1179 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +00001180
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001181 @deferred(TIMEOUT) #Fail
1182 def test_vsg_firewall_denying_destination_network(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001183 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00001184 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001185 1. Get vSG corresponding to vcpe
1186 2. Login to compute node
1187 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet
1188 4. From cord-tester ping to the denied IP address IP1 in the denied subnet
1189 5. Verifying that ping should not be successful
1190 6. From cord-tester ping to the denied IP address IP2 in the denied subnet
1191 7. Verifying that ping should not be successful
1192 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001193 if not vcpe_name:
1194 vcpe_name = self.vcpe_container
1195 if not vcpe_intf:
1196 vcpe_intf = self.vcpe_dhcp
1197 df = defer.Deferred()
1198 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -07001199 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -07001200 df.callback(0)
1201 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001202 network = '204.79.197.192/28'
1203 host1 = '204.79.197.203'
1204 host2 = '204.79.197.210'
1205 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1206 try:
1207 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp)
1208 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1209 assert_equal(st, False)
1210 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network))
1211 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1212 assert_equal(st, True)
1213 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1214 assert_equal(st,False)
1215 finally:
1216 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network))
1217 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
1218 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1219 df.callback(0)
1220 reactor.callLater(0, vcpe_firewall, df)
1221 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +00001222
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001223 @deferred(TIMEOUT)
1224 def test_vsg_firewall_denying_destination_network_subnet_modification(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001225 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00001226 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001227 1. Get vSG corresponding to vcpe
1228 2. Login to compute node
1229 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet
1230 4. From cord-tester ping to the denied IP address IP1 in the denied subnet
1231 5. Verifying that ping should not be successful
1232 6. From cord-tester ping to the denied IP address IP2 in the denied subnet
1233 7. Verifying that ping should not be successful
1234 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001235 if not vcpe_name:
1236 vcpe_name = self.vcpe_container
1237 if not vcpe_intf:
1238 vcpe_intf = self.vcpe_dhcp
1239 df = defer.Deferred()
1240 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -07001241 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -07001242 df.callback(0)
1243 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001244 network1 = '204.79.197.192/28'
1245 network2 = '204.79.197.192/27'
1246 host1 = '204.79.197.203'
1247 host2 = '204.79.197.210'
1248 host3 = '204.79.197.224'
1249 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1250 try:
1251 self.add_static_route_via_vcpe_interface([host1,host2,host3],vcpe=self.vcpe_dhcp)
1252 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1253 assert_equal(st, False)
1254 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network1))
1255 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1256 assert_equal(st, True)
1257 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1258 assert_equal(st,False)
1259 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP'.format(vcpe_name,network2))
1260 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1261 assert_equal(st, True)
1262 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1263 assert_equal(st, True)
1264 st, _ = getstatusoutput('ping -c 1 {}'.format(host3))
1265 assert_equal(st, False)
1266 finally:
1267 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network1))
1268 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network2))
1269 self.del_static_route_via_vcpe_interface([host1,host2,host3],vcpe=vcpe_intf)
1270 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1271 df.callback(0)
1272 reactor.callLater(0, vcpe_firewall, df)
1273 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +00001274
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001275 @deferred(TIMEOUT)
1276 def test_vsg_firewall_with_deny_source_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001277 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00001278 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001279 1. Get vSG corresponding to vcpe
1280 2. Login to compute node
1281 3. Execute iptable command on vcpe from compute node to deny a source IP
1282 4. From cord-tester ping to 8.8.8.8 from the denied IP
1283 5. Verifying that ping should not be successful
1284 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001285 if not vcpe_name:
1286 vcpe_name = self.vcpe_container
1287 if not vcpe_intf:
1288 vcpe_intf = self.vcpe_dhcp
1289 df = defer.Deferred()
1290 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -07001291 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -07001292 df.callback(0)
1293 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001294 host = '8.8.8.8'
1295 #source_ip = get_ip(self.vcpe_dhcp)
1296 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1297 try:
1298 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1299 source_ip = get_ip(self.vcpe_dhcp)
1300 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1301 assert_equal(st, False)
1302 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1303 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1304 assert_equal(st, True)
1305 finally:
1306 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1307 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1308 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1309 df.callback(0)
1310 reactor.callLater(0, vcpe_firewall, df)
1311 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +00001312
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001313 @deferred(TIMEOUT)
1314 def test_vsg_firewall_rule_with_add_and_delete_deny_source_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001315 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00001316 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001317 1. Get vSG corresponding to vcpe
1318 2. Login to compute node
1319 3. Execute iptable command on vcpe from compute node to deny a source IP
1320 4. From cord-tester ping to 8.8.8.8 from the denied IP
1321 5. Verifying that ping should not be successful
1322 6. Delete the iptable rule in vcpe
1323 7. From cord-tester ping to 8.8.8.8 from the denied IP
1324 8. Verifying the ping should success
1325 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001326 if not vcpe_name:
1327 vcpe_name = self.vcpe_container
1328 if not vcpe_intf:
1329 vcpe_intf = self.vcpe_dhcp
1330 df = defer.Deferred()
1331 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -07001332 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -07001333 df.callback(0)
1334 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001335 host = '8.8.8.8'
1336 source_ip = get_ip(self.vcpe_dhcp)
1337 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1338 try:
1339 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1340 source_ip = get_ip(self.vcpe_dhcp)
1341 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1342 assert_equal(st, False)
1343 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1344 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1345 assert_equal(st, True)
1346 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1347 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1348 assert_equal(st, False)
1349 finally:
1350 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1351 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1352 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1353 df.callback(0)
1354 reactor.callLater(0, vcpe_firewall, df)
1355 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +00001356
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001357 @deferred(TIMEOUT)
1358 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_requests_type(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001359 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00001360 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001361 1. Get vSG corresponding to vcpe
1362 2. Login to compute node
1363 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets
1364 4. From cord-tester ping to 8.8.8.8
1365 5. Verifying that ping should not be successful
1366 6. Delete the iptable rule
1367 7. From cord-tester ping to 8.8.8.8
1368 8. Verifying the ping should success
1369 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001370 if not vcpe_name:
1371 vcpe_name = self.vcpe_container
1372 if not vcpe_intf:
1373 vcpe_intf = self.vcpe_dhcp
1374 df = defer.Deferred()
1375 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -07001376 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -07001377 df.callback(0)
1378 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001379 host = '8.8.8.8'
1380 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1381 try:
1382 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1383 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1384 assert_equal(st, False)
1385 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1386 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1387 assert_equal(st, True)
1388 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1389 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1390 assert_equal(st, False)
1391 finally:
1392 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1393 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1394 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1395 df.callback(0)
1396 reactor.callLater(0, vcpe_firewall, df)
1397 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +00001398
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001399 @deferred(TIMEOUT)
1400 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001401 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00001402 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001403 1. Get vSG corresponding to vcpe
1404 2. Login to compute node
1405 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets
1406 4. From cord-tester ping to 8.8.8.8
1407 5. Verifying that ping should not be successful
1408 6. Delete the iptable rule
1409 7. From cord-tester ping to 8.8.8.8
1410 8. Verifying the ping should success
1411 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001412 if not vcpe_name:
1413 vcpe_name = self.vcpe_container
1414 if not vcpe_intf:
1415 vcpe_intf = self.vcpe_dhcp
1416 df = defer.Deferred()
1417 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -07001418 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -07001419 df.callback(0)
1420 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001421 host = '8.8.8.8'
1422 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1423 try:
1424 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1425 st, _ = getstatusoutput('ping -c 1 {}'.format('8.8.8.8'))
1426 assert_equal(st, False)
1427 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1428 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1429 assert_equal(st, True)
1430 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1431 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1432 assert_equal(st,False)
1433 finally:
1434 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1435 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1436 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1437 df.callback(0)
1438 reactor.callLater(0, vcpe_firewall, df)
1439 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +00001440
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001441 @deferred(TIMEOUT)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +00001442 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_requests_type(self, vcpe_name=None, vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001443 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00001444 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001445 1. Get vSG corresponding to vcpe
1446 2. Login to compute node
1447 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets
1448 4. From cord-tester ping to 8.8.8.8
1449 5. Verifying that ping should not be successful
1450 6. Insert another rule to accept the icmp-echo requests protocol packets
1451 7. From cord-tester ping to 8.8.8.8
1452 8. Verifying the ping should success
1453 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001454 if not vcpe_name:
1455 vcpe_name = self.vcpe_container
1456 if not vcpe_intf:
1457 vcpe_intf = self.vcpe_dhcp
1458 df = defer.Deferred()
1459 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -07001460 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -07001461 df.callback(0)
1462 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001463 host = '8.8.8.8'
1464 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1465 try:
1466 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1467 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1468 assert_equal(st, False)
1469 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1470 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1471 assert_equal(st, True)
1472 st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name))
1473 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1474 assert_equal(st,False)
1475 finally:
1476 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1477 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name))
1478 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1479 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1480 df.callback(0)
1481 reactor.callLater(0, vcpe_firewall, df)
1482 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +00001483
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001484 @deferred(TIMEOUT)
1485 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None):
1486 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00001487 Test Method:
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001488 1. Get vSG corresponding to vcpe
1489 2. Login to compute node
1490 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets
1491 4. From cord-tester ping to 8.8.8.8
1492 5. Verifying the ping should not success
1493 6. Insert another rule to accept the icmp-echo requests protocol packets
1494 7. From cord-tester ping to 8.8.8.8
1495 8. Verifying the ping should success
1496 """
1497 if not vcpe_name:
1498 vcpe_name = self.vcpe_container
1499 if not vcpe_intf:
1500 vcpe_intf = self.vcpe_dhcp
1501 df = defer.Deferred()
1502 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -07001503 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -07001504 df.callback(0)
1505 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001506 host = '8.8.8.8'
1507 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1508 try:
1509 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1510 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1511 assert_equal(st, False)
1512 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1513 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1514 assert_equal(st, True)
1515 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name))
1516 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1517 assert_equal(st,False)
1518 finally:
1519 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1520 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name))
1521 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1522 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1523 df.callback(0)
1524 reactor.callLater(0, vcpe_firewall, df)
1525 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +00001526
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001527 @deferred(TIMEOUT)
1528 def test_vsg_firewall_for_deny_icmp_protocol(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001529 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00001530 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001531 1. Get vSG corresponding to vcpe
1532 2. Login to compute node
1533 3. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1534 4. From cord-tester ping to 8.8.8.8
1535 5. Verifying that ping should not be successful
1536 6. Delete the iptable rule
1537 7. From cord-tester ping to 8.8.8.8
1538 8. Verifying the ping should success
1539 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001540 if not vcpe_name:
1541 vcpe_name = self.vcpe_container
1542 if not vcpe_intf:
1543 vcpe_intf = self.vcpe_dhcp
1544 df = defer.Deferred()
1545 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -07001546 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -07001547 df.callback(0)
1548 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001549 host = '8.8.8.8'
1550 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1551 try:
1552 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1553 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1554 assert_equal(st, False)
1555 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1556 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1557 assert_equal(st, True)
1558 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1559 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1560 assert_equal(st,False)
1561 finally:
1562 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1563 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1564 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1565 df.callback(0)
1566 reactor.callLater(0, vcpe_firewall, df)
1567 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +00001568
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001569 @deferred(TIMEOUT)
1570 def test_vsg_firewall_rule_deny_icmp_protocol_and_destination_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001571 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00001572 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001573 1. Get vSG corresponding to vcpe
1574 2. Login to compute node
1575 3. Execute iptable command on vcpe from compute node to deny a destination IP
1576 4. From cord-tester ping to 8.8.8.8
1577 5. Verifying that ping should not be successful
1578 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1579 7. From cord-tester ping to 8.8.8.8
1580 8. Verifying the ping should success
1581 9. Delete the rule added in step 3
1582 10. From cord-tester ping to 8.8.8.8
1583 11. Verifying that ping should not be successful
1584 12. Delete the rule added in step 6
1585 13. From cord-tester ping to 8.8.8.8
1586 14. Verifying the ping should success
1587 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001588 if not vcpe_name:
1589 vcpe_name = self.vcpe_container
1590 if not vcpe_intf:
1591 vcpe_intf = self.vcpe_dhcp
1592 df = defer.Deferred()
1593 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -07001594 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -07001595 df.callback(0)
1596 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001597 host = '8.8.8.8'
1598 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1599 try:
1600 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1601 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1602 assert_equal(st, False)
1603 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1604 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1605 assert_equal(st, True)
1606 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1607 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1608 assert_equal(st, True)
1609 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1610 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1611 assert_equal(st, True)
1612 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1613 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1614 assert_equal(st,False)
1615 finally:
1616 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1617 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1618 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1619 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1620 df.callback(0)
1621 reactor.callLater(0, vcpe_firewall, df)
1622 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +00001623
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001624 @deferred(TIMEOUT) #Fail
1625 def test_vsg_firewall_flushing_all_configured_rules(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001626 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00001627 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001628 1. Get vSG corresponding to vcpe
1629 2. Login to compute node
1630 3. Execute iptable command on vcpe from compute node to deny a destination IP
1631 4. From cord-tester ping to 8.8.8.8
1632 5. Verifying that ping should not be successful
1633 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1634 7. From cord-tester ping to 8.8.8.8
1635 8. Verifying the ping should success
1636 9. Flush all the iptable rules configuraed in vcpe
1637 10. Delete the rule added in step 6
1638 11. From cord-tester ping to 8.8.8.8
1639 12. Verifying the ping should success
1640 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001641 if not vcpe_name:
1642 vcpe_name = self.vcpe_container
1643 if not vcpe_intf:
1644 vcpe_intf = self.vcpe_dhcp
1645 df = defer.Deferred()
1646 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -07001647 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -07001648 df.callback(0)
1649 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001650 host = '8.8.8.8'
1651 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1652 try:
1653 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1654 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1655 assert_equal(st, False)
1656 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1657 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1658 assert_equal(st, True)
1659 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1660 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1661 assert_equal(st, True)
1662 st,output = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name))
1663 time.sleep(1)
1664 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1665 assert_equal(st, False)
1666 finally:
1667 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1668 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1669 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1670 df.callback(0)
1671 reactor.callLater(0, vcpe_firewall, df)
1672 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +00001673
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001674 @deferred(TIMEOUT)
1675 def test_vsg_firewall_deny_all_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001676 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00001677 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001678 1. Get vSG corresponding to vcpe
1679 2. Login to compute node
1680 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic
1681 4. From cord-tester ping to 8.8.8.8
1682 5. Verifying that ping should not be successful
1683 6. Delete the iptable rule added
1684 7. From cord-tester ping to 8.8.8.8
1685 8. Verifying the ping should success
1686 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001687 if not vcpe_name:
1688 vcpe_name = self.vcpe_container
1689 if not vcpe_intf:
1690 vcpe_intf = self.vcpe_dhcp
1691 df = defer.Deferred()
1692 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -07001693 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -07001694 df.callback(0)
1695 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001696 host = '8.8.8.8'
1697 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1698 try:
1699 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1700 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1701 assert_equal(st, False)
1702 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1703 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1704 assert_equal(st, True)
1705 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1706 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1707 assert_equal(st, False)
1708 finally:
1709 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1710 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1711 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1712 df.callback(0)
1713 reactor.callLater(0, vcpe_firewall, df)
1714 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +00001715
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001716 @deferred(TIMEOUT)
1717 def test_vsg_firewall_replacing_deny_rule_to_accept_rule_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001718 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00001719 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001720 1. Get vSG corresponding to vcpe
1721 2. Login to compute node
1722 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic
1723 4. From cord-tester ping to 8.8.8.8
1724 5. Verifying that ping should not be successful
1725 6. Replace the deny rule added in step 3 with accept rule
1726 7. From cord-tester ping to 8.8.8.8
1727 8. Verifying the ping should success
1728 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001729 if not vcpe_name:
1730 vcpe_name = self.vcpe_container
1731 if not vcpe_intf:
1732 vcpe_intf = self.vcpe_dhcp
1733 df = defer.Deferred()
1734 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -07001735 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -07001736 df.callback(0)
1737 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001738 host = '8.8.8.8'
1739 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1740 try:
1741 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1742 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1743 assert_equal(st, False)
1744 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1745 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1746 assert_equal(st, True)
1747 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -4 -j ACCEPT'.format(vcpe_name))
1748 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1749 assert_equal(st, False)
1750 finally:
1751 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1752 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1753 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1754 df.callback(0)
1755 reactor.callLater(0, vcpe_firewall, df)
1756 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +00001757
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001758 @deferred(TIMEOUT)
1759 def test_vsg_firewall_deny_all_traffic_coming_on_lan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
1760 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00001761 Test Method:
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001762 1. Get vSG corresponding to vcpe
1763 2. Login to compute node
1764 3. Execute iptable command on vcpe from compute node to deny all the traffic coming on lan interface inside vcpe container
1765 4. From cord-tester ping to 8.8.8.8
1766 5. Verifying the ping should not success
1767 6. Delete the iptable rule added
1768 7. From cord-tester ping to 8.8.8.8
1769 8. Verifying the ping should success
1770 """
1771 if not vcpe_name:
1772 vcpe_name = self.vcpe_container
1773 if not vcpe_intf:
1774 vcpe_intf = self.vcpe_dhcp
1775 df = defer.Deferred()
1776 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -07001777 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -07001778 df.callback(0)
1779 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001780 host = '8.8.8.8'
1781 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1782 try:
1783 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1784 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1785 assert_equal(st, False)
1786 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -j DROP'.format(vcpe_name))
1787 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1788 assert_equal(st, True)
1789 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name))
1790 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1791 assert_equal(st, False)
1792 finally:
1793 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name))
1794 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1795 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1796 df.callback(0)
1797 reactor.callLater(0, vcpe_firewall, df)
1798 return df
1799
1800 @deferred(TIMEOUT)
1801 def test_vsg_firewall_deny_all_traffic_going_out_of_wan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
1802 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00001803 Test Method:
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001804 1. Get vSG corresponding to vcpe
1805 2. Login to compute node
1806 3. Execute iptable command on vcpe from compute node to deny all the traffic going out of wan interface inside vcpe container
1807 4. From cord-tester ping to 8.8.8.8
1808 5. Verifying the ping should not success
1809 6. Delete the iptable rule added
1810 7. From cord-tester ping to 8.8.8.8
1811 8. Verifying the ping should success
1812 """
1813 if not vcpe_name:
1814 vcpe_name = self.vcpe_container
1815 if not vcpe_intf:
1816 vcpe_intf = self.vcpe_dhcp
1817 df = defer.Deferred()
1818 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -07001819 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -07001820 df.callback(0)
1821 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001822 host = '8.8.8.8'
1823 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1824 try:
1825 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1826 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1827 assert_equal(st, False)
1828 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -o eth0 -j DROP'.format(vcpe_name))
1829 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1830 assert_equal(st, True)
1831 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name))
1832 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1833 assert_equal(st, False)
1834 finally:
1835 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name))
1836 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1837 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1838 df.callback(0)
1839 reactor.callLater(0, vcpe_firewall, df)
1840 return df
1841
1842 @deferred(TIMEOUT)
1843 def test_vsg_firewall_deny_all_traffic_from_lan_to_wan_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001844 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00001845 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001846 1. Get vSG corresponding to vcpe
1847 2. Login to compute node
1848 3. Execute iptable command on vcpe from compute node to deny all the traffic from lan to wan interface in vcpe
1849 4. From cord-tester ping to 8.8.8.8
1850 5. Verifying that ping should not be successful
1851 6. Delete the iptable rule added
1852 7. From cord-tester ping to 8.8.8.8
1853 8. Verifying the ping should success
1854 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001855 if not vcpe_name:
1856 vcpe_name = self.vcpe_container
1857 if not vcpe_intf:
1858 vcpe_intf = self.vcpe_dhcp
1859 df = defer.Deferred()
1860 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -07001861 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -07001862 df.callback(0)
1863 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001864 host = '8.8.8.8'
1865 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1866 try:
1867 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1868 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1869 assert_equal(st, False)
1870 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1871 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1872 assert_equal(st, True)
1873 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1874 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1875 assert_equal(st, False)
1876 finally:
1877 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1878 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1879 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1880 df.callback(0)
1881 reactor.callLater(0, vcpe_firewall, df)
1882 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +00001883
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001884 #this test case needs modification.default route should be vcpe interface to run this test case
1885 @deferred(TIMEOUT)
1886 def test_vsg_firewall_deny_all_dns_traffic(self,vcpe_name=None,vcpe_intf=None):
1887 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00001888 Test Method:
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001889 1. Get vSG corresponding to vcpe
1890 2. Login to compute node
1891 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1892 4. From cord-tester ping to www.google.com
1893 5. Verifying the ping should not success
1894 6. Delete the iptable rule added
1895 7. From cord-tester ping to www.google.com
1896 8. Verifying the ping should success
1897 """
1898 if not vcpe_name:
1899 vcpe_name = self.vcpe_container
1900 if not vcpe_intf:
1901 vcpe_intf = self.vcpe_dhcp
1902 df = defer.Deferred()
1903 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -07001904 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -07001905 df.callback(0)
1906 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001907 host = 'www.msn.com'
1908 host_ip = '131.253.33.203'
1909 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1910 try:
1911 self.add_static_route_via_vcpe_interface([host_ip],vcpe=self.vcpe_dhcp)
1912 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1913 assert_equal(st, False)
1914 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name))
1915 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1916 assert_equal(st, True)
1917 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p udp --dport 53 -j ACCEPT'.format(vcpe_name))
1918 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1919 assert_equal(st, False)
1920 finally:
1921 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name))
1922 self.del_static_route_via_vcpe_interface([host_ip],vcpe=vcpe_intf)
1923 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1924 df.callback(0)
1925 reactor.callLater(0, vcpe_firewall, df)
1926 return df
1927
1928 @deferred(TIMEOUT)
1929 def test_vsg_firewall_deny_all_ipv4_traffic_vcpe_container_restart(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001930 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00001931 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +00001932 1. Get vSG corresponding to vcpe
1933 2. Login to compute node
1934 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1935 4. From cord-tester ping to www.google.com
1936 5. Verifying that ping should not be successful
1937 6. Delete the iptable rule added
1938 7. From cord-tester ping to www.google.com
1939 8. Verifying the ping should success
1940 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001941 if not vcpe_name:
1942 vcpe_name = self.vcpe_container
1943 if not vcpe_intf:
1944 vcpe_intf = self.vcpe_dhcp
1945 df = defer.Deferred()
1946 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -07001947 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -07001948 df.callback(0)
1949 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +00001950 host = '8.8.8.8'
1951 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1952 try:
1953 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1954 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1955 assert_equal(st, False)
1956 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1957 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1958 assert_equal(st, True)
1959 st,output = vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1960 time.sleep(3)
1961 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1962 assert_equal(st, False)
1963 finally:
1964 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1965 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1966 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1967 df.callback(0)
1968 reactor.callLater(0, vcpe_firewall, df)
1969 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +00001970
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +00001971 @deferred(TIMEOUT)
1972 def test_vsg_dnat_modifying_destination_ip(self,vcpe_name=None,vcpe_intf=None):
1973 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00001974 Test Method:
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +00001975 1. Get vSG corresponding to vcpe
1976 2. Login to compute node
1977 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1978 4. From cord-tester ping to www.google.com
1979 5. Verifying the ping should not success
1980 6. Delete the iptable rule added
1981 7. From cord-tester ping to www.google.com
1982 8. Verifying the ping should success
1983 """
1984 if not vcpe_name:
1985 vcpe_name = self.vcpe_container
1986 if not vcpe_intf:
1987 vcpe_intf = self.vcpe_dhcp
1988 df = defer.Deferred()
1989 def vcpe_firewall(df):
1990 host = '8.8.8.8'
1991 dst_ip = '123.123.123.123'
1992 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1993 try:
1994 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1995 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1996 assert_equal(st, False)
1997 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1998 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1999 assert_equal(st, True)
2000 finally:
2001 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
2002 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
2003 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
2004 df.callback(0)
2005 reactor.callLater(0,vcpe_firewall,df)
2006 return df
2007
2008 @deferred(TIMEOUT)
2009 def test_vsg_dnat_modifying_destination_ip_and_delete(self,vcpe_name=None,vcpe_intf=None):
2010 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002011 Test Method:
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +00002012 1. Get vSG corresponding to vcpe
2013 2. Login to compute node
2014 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
2015 4. From cord-tester ping to www.google.com
2016 5. Verifying the ping should not success
2017 6. Delete the iptable rule added
2018 7. From cord-tester ping to www.google.com
2019 8. Verifying the ping should success
2020 """
2021 if not vcpe_name:
2022 vcpe_name = self.vcpe_container
2023 if not vcpe_intf:
2024 vcpe_intf = self.vcpe_dhcp
2025 df = defer.Deferred()
2026 def vcpe_firewall(df):
2027 host = '8.8.8.8'
2028 dst_ip = '123.123.123.123'
2029 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
2030 try:
2031 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
2032 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2033 assert_equal(st, False)
2034 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
2035 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2036 assert_equal(st, True)
2037 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
2038 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2039 assert_equal(st, False)
2040 finally:
2041 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
2042 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
2043 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
2044 df.callback(0)
2045 reactor.callLater(0,vcpe_firewall,df)
2046 return df
2047
2048 @deferred(TIMEOUT)
2049 def test_vsg_dnat_change_modifying_destination_ip_address(self,vcpe_name=None,vcpe_intf=None):
2050 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002051 Test Method:
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +00002052 1. Get vSG corresponding to vcpe
2053 2. Login to compute node
2054 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
2055 4. From cord-tester ping to www.google.com
2056 5. Verifying the ping should not success
2057 6. Delete the iptable rule added
2058 7. From cord-tester ping to www.google.com
2059 8. Verifying the ping should success
2060 """
2061 if not vcpe_name:
2062 vcpe_name = self.vcpe_container
2063 if not vcpe_intf:
2064 vcpe_intf = self.vcpe_dhcp
2065 df = defer.Deferred()
2066 def vcpe_firewall(df):
2067 host = '8.8.8.8'
2068 dst_ip = '123.123.123.123'
2069 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
2070 try:
2071 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
2072 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2073 assert_equal(st, False)
2074 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
2075 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2076 assert_equal(st, True)
2077 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -R PREROUTING 1 -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,host))
2078 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2079 assert_equal(st, False)
2080 finally:
2081 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
2082 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,host))
2083 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
2084 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
2085 df.callback(0)
2086 reactor.callLater(0,vcpe_firewall,df)
2087 return df
2088
A R Karthick035d2e22017-04-25 13:53:00 -07002089 def vsg_xos_subscriber_create(self, index):
A R Karthick19771192017-04-25 14:57:05 -07002090 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -07002091 return
A R Karthick035d2e22017-04-25 13:53:00 -07002092 subscriber_info = self.subscriber_info[index]
2093 volt_subscriber_info = self.volt_subscriber_info[index]
A R Karthickd0b06792017-04-25 15:11:23 -07002094 s_tag = int(volt_subscriber_info['voltTenant']['s_tag'])
2095 c_tag = int(volt_subscriber_info['voltTenant']['c_tag'])
2096 vcpe = 'vcpe-{}-{}'.format(s_tag, c_tag)
2097 log.info('Creating tenant with s_tag: %d, c_tag: %d' %(s_tag, c_tag))
A R Karthick97e08852017-04-26 10:06:38 -07002098 subId = ''
2099 try:
2100 result = self.restApiXos.ApiPost('TENANT_SUBSCRIBER', subscriber_info)
2101 assert_equal(result, True)
2102 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
2103 assert_not_equal(result, None)
2104 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
2105 assert_not_equal(subId, '0')
2106 log.info('Subscriber ID for account num %d = %s' %(volt_subscriber_info['account_num'], subId))
2107 volt_tenant = volt_subscriber_info['voltTenant']
2108 #update the subscriber id in the tenant info before making the rest
2109 volt_tenant['subscriber'] = subId
2110 result = self.restApiXos.ApiPost('TENANT_VOLT', volt_tenant)
2111 assert_equal(result, True)
2112 #if the vsg instance was already instantiated, then reduce delay
2113 if c_tag % self.subscribers_per_s_tag == 0:
2114 delay = 350
2115 else:
2116 delay = 90
2117 log.info('Delaying %d seconds for the VCPE to be provisioned' %(delay))
2118 time.sleep(delay)
2119 log.info('Testing for external connectivity to VCPE %s' %(vcpe))
2120 self.vsg_for_external_connectivity(index)
2121 finally:
A R Karthick5d30b3c2017-04-27 10:25:40 -07002122 return subId
A R Karthick97e08852017-04-26 10:06:38 -07002123
2124 def vsg_xos_subscriber_delete(self, index, subId = ''):
2125 if self.on_pod is False:
2126 return
2127 subscriber_info = self.subscriber_info[index]
2128 volt_subscriber_info = self.volt_subscriber_info[index]
2129 s_tag = int(volt_subscriber_info['voltTenant']['s_tag'])
2130 c_tag = int(volt_subscriber_info['voltTenant']['c_tag'])
2131 vcpe = 'vcpe-{}-{}'.format(s_tag, c_tag)
2132 log.info('Deleting tenant with s_tag: %d, c_tag: %d' %(s_tag, c_tag))
2133 if not subId:
2134 #get the subscriber id first
2135 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
2136 assert_not_equal(result, None)
2137 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
2138 assert_not_equal(subId, '0')
A R Karthick97e08852017-04-26 10:06:38 -07002139 #get the volt id for the subscriber
2140 result = self.restApiXos.ApiGet('TENANT_VOLT')
A.R Karthick282f0d32017-03-28 16:43:59 -07002141 assert_not_equal(result, None)
A R Karthick97e08852017-04-26 10:06:38 -07002142 voltId = self.getVoltId(result, subId)
2143 assert_not_equal(voltId, None)
A R Karthicka385cea2017-04-26 10:12:43 -07002144 log.info('Deleting subscriber ID %s for account num %d' %(subId, volt_subscriber_info['account_num']))
2145 status = self.restApiXos.ApiDelete('TENANT_SUBSCRIBER', subId)
2146 assert_equal(status, True)
A R Karthick97e08852017-04-26 10:06:38 -07002147 #Delete the tenant
2148 log.info('Deleting VOLT Tenant ID %s for subscriber %s' %(voltId, subId))
A R Karthick76944872017-04-26 10:21:37 -07002149 self.restApiXos.ApiDelete('TENANT_VOLT', voltId)
A R Karthick035d2e22017-04-25 13:53:00 -07002150
A R Karthicke29c8d42017-04-27 11:38:52 -07002151 def vsg_xos_subscriber_id(self, index):
2152 volt_subscriber_info = self.volt_subscriber_info[index]
2153 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
2154 assert_not_equal(result, None)
2155 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
2156 return subId
2157
2158 def test_vsg_xos_subscriber_create_all(self):
2159 for index in xrange(len(self.subscriber_info)):
2160 #check if the index exists
2161 subId = self.vsg_xos_subscriber_id(index)
2162 if subId and subId != '0':
2163 self.vsg_xos_subscriber_delete(index, subId = subId)
2164 subId = self.vsg_xos_subscriber_create(index)
2165 log.info('Created Subscriber %s' %(subId))
2166
2167 def test_vsg_xos_subscriber_delete_all(self):
2168 for index in xrange(len(self.subscriber_info)):
2169 subId = self.vsg_xos_subscriber_id(index)
2170 if subId and subId != '0':
2171 self.vsg_xos_subscriber_delete(index, subId = subId)
2172
2173 def test_vsg_xos_subscriber_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -07002174 subId = self.vsg_xos_subscriber_create(0)
2175 if subId and subId != '0':
2176 self.vsg_xos_subscriber_delete(0, subId)
A R Karthick035d2e22017-04-25 13:53:00 -07002177
A R Karthicke29c8d42017-04-27 11:38:52 -07002178 def test_vsg_xos_subscriber_2_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -07002179 subId = self.vsg_xos_subscriber_create(1)
2180 if subId and subId != '0':
2181 self.vsg_xos_subscriber_delete(1, subId)
A R Karthick035d2e22017-04-25 13:53:00 -07002182
A R Karthicke29c8d42017-04-27 11:38:52 -07002183 def test_vsg_xos_subscriber_3_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -07002184 subId = self.vsg_xos_subscriber_create(2)
2185 if subId and subId != '0':
2186 self.vsg_xos_subscriber_delete(2, subId)
A R Karthick035d2e22017-04-25 13:53:00 -07002187
A R Karthicke29c8d42017-04-27 11:38:52 -07002188 def test_vsg_xos_subscriber_4_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -07002189 subId = self.vsg_xos_subscriber_create(3)
2190 if subId and subId != '0':
2191 self.vsg_xos_subscriber_delete(3, subId)
A R Karthick035d2e22017-04-25 13:53:00 -07002192
A R Karthicke29c8d42017-04-27 11:38:52 -07002193 def test_vsg_xos_subscriber_5_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -07002194 subId = self.vsg_xos_subscriber_create(4)
2195 if subId and subId != '0':
2196 self.vsg_xos_subscriber_delete(4, subId)
A.R Karthick282f0d32017-03-28 16:43:59 -07002197
Anil Kumar Sanka52a39f82017-05-10 17:39:31 +00002198 def test_vsg_without_creating_vcpe_instance(self, index=0):
2199 vcpe = self.dhcp_vcpes[index]
2200 host = '8.8.8.8'
2201 st, _ = getstatusoutput('dhclient {}'.format(vcpe))
2202 assert_equal(st,True)
2203 subId = self.vsg_xos_subscriber_create(index)
2204 if subId and subId != '0':
2205 self.vsg_xos_subscriber_delete(index, subId)
2206
2207 def test_vsg_for_remove_vcpe_instance(self,index=0):
2208 subId = self.vsg_xos_subscriber_create(index)
2209 if subId and subId != '0':
2210 self.vsg_xos_subscriber_delete(index, subId)
2211 vcpe = self.dhcp_vcpes[index]
2212 host = '8.8.8.8'
2213 st, _ = getstatusoutput('dhclient {}'.format(vcpe))
2214 assert_equal(st,True)
2215
2216 def test_vsg_create_xos_subscribers_in_different_vsg_vm(self):
2217 subId1 = self.vsg_xos_subscriber_create(4)
2218 subId2 = self.vsg_xos_subscriber_create(6)
2219 if subId1 and subId1 != '0':
2220 self.vsg_xos_subscriber_delete(4, subId1)
2221 if subId2 and subId2 != '0':
2222 self.vsg_xos_subscriber_delete(6, subId2)
2223
2224 def test_vsg_external_connectivity_from_two_subscribers_if_one_vsg_goes_down(self):
2225 subId1 = self.vsg_xos_subscriber_create(4)
2226 subId2 = self.vsg_xos_subscriber_create(6)
2227 if subId1 and subId1 != '0':
2228 self.vsg_xos_subscriber_delete(4, subId1)
2229 if subId2 and subId2 != '0':
2230 self.vsg_xos_subscriber_delete(6, subId2)
2231
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +00002232 def test_vsg_with_xos_subscriber_creating_firewall(self,index=4):
2233 log.info('cls.dhcp_vcpes is %s'%self.dhcp_vcpes)
Chetan Gaonker4cff4432017-05-01 17:56:56 +00002234 host = '8.8.8.8'
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +00002235 self.vsg_xos_subscriber_delete(4, 3)
2236 subId = self.vsg_xos_subscriber_create(index)
2237 if subId and subId != '0':
2238 subscriber_info = self.subscriber_info[index]
2239 volt_subscriber_info = self.volt_subscriber_info[index]
2240 s_tag = int(volt_subscriber_info['voltTenant']['s_tag'])
2241 c_tag = int(volt_subscriber_info['voltTenant']['c_tag'])
2242 vcpe = 'vcpe-{}-{}'.format(s_tag, c_tag)
2243 vcpe_intf = self.dhcp_vcpes[index] #'vcpe{}.{}.{}'.format(s_tag, c_tag)
2244 vsg = VSGAccess.get_vcpe_vsg(vcpe)
2245 try:
2246 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
2247 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2248 assert_equal(st, False)
2249 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe,host))
2250 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2251 assert_equal(st, True)
2252 st,_ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe,host))
2253 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2254 assert_equal(st, False)
2255 finally:
2256 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe,host))
2257 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
2258 vsg.run_cmd('sudo docker restart {}'.format(vcpe))
2259 self.vsg_xos_subscriber_delete(4, subId)
2260 self.vsg_xos_subscriber_delete(4, subId)
Chetan Gaonker4cff4432017-05-01 17:56:56 +00002261
A R Karthick63751492017-03-22 09:28:01 -07002262
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002263 def test_vsg_for_packet_received_with_invalid_ip_fields(self):
2264 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002265 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002266 1.Create a vSG VM in compute node
2267 2.Create a vCPE container in vSG VM
2268 3.Ensure vSG VM and vCPE container created properly
2269 4.From subscriber, send a ping packet with invalid ip fields
2270 5.Verify that vSG drops the packet
2271 6.Verify ping fails
2272 """
A R Karthick63751492017-03-22 09:28:01 -07002273
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002274 def test_vsg_for_packet_received_with_invalid_mac_fields(self):
2275 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002276 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002277 1.Create a vSG VM in compute node
2278 2.Create a vCPE container in vSG VM
2279 3.Ensure vSG VM and vCPE container created properly
2280 4.From subscriber, send a ping packet with invalid mac fields
2281 5.Verify that vSG drops the packet
2282 6.Verify ping fails
2283 """
A R Karthick63751492017-03-22 09:28:01 -07002284
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002285 def test_vsg_for_vlan_id_mismatch_in_stag(self):
2286 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002287 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002288 1.Create a vSG VM in compute Node
2289 2.Create a vCPE container in vSG VM
2290 3.Ensure vSG VM and vCPE container created properly
2291 4.Send a ping request to external valid IP from subscriber, with incorrect vlan id in s-tag and valid c-tag
2292 5.Verify that ping fails as the packet drops at VM entry
2293 6.Repeat step 4 with correct s-tag
2294 7.Verify that ping success
2295 """
A R Karthick63751492017-03-22 09:28:01 -07002296
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002297 def test_vsg_for_vlan_id_mismatch_in_ctag(self):
2298 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002299 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002300 1.Create a vSG VM in compute node
2301 2.Create a vCPE container in vSG VM
2302 3.Ensure vSG VM and vCPE container created properly
2303 4.Send a ping request to external valid IP from subscriber, with valid s-tag and incorrect vlan id in c-tag
2304 5.Verify that ping fails as the packet drops at vCPE container entry
2305 6.Repeat step 4 with valid s-tag and c-tag
2306 7.Verify that ping success
2307 """
A R Karthick63751492017-03-22 09:28:01 -07002308
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002309 def test_vsg_for_matching_and_mismatching_vlan_id_in_stag(self):
2310 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002311 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002312 1.Create two vSG VMs in compute node
2313 2.Create a vCPE container in each vSG VM
2314 3.Ensure vSG VM and vCPE container created properly
2315 4.From subscriber one, send ping request with valid s and c tags
2316 5.From subscriber two, send ping request with vlan id mismatch in s-tag and valid c tags
2317 6.Verify that ping success for only subscriber one and fails for two.
2318 """
A R Karthick63751492017-03-22 09:28:01 -07002319
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002320 def test_vsg_for_matching_and_mismatching_vlan_id_in_ctag(self):
2321 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002322 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002323 1.Create a vSG VM in compute node
2324 2.Create two vCPE containers in vSG VM
2325 3.Ensure vSG VM and vCPE container created properly
2326 4.From subscriber one, send ping request with valid s and c tags
2327 5.From subscriber two, send ping request with valid s-tag and vlan id mismatch in c-tag
2328 6.Verify that ping success for only subscriber one and fails for two
2329 """
A R Karthick63751492017-03-22 09:28:01 -07002330
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002331 def test_vsg_for_out_of_range_vlanid_in_ctag(self):
2332 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002333 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002334 1.Create a vSG VM in compute node
2335 2.Create a vCPE container in vSG VM
2336 3.Ensure vSG VM and vCPE container created properly
2337 4.From subscriber, send ping request with valid stag and vlan id in c-tag is an out of range value ( like 0,4097 )
2338 4.Verify that ping fails as the ping packets drops at vCPE container entry
2339 """
A R Karthick63751492017-03-22 09:28:01 -07002340
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002341 def test_vsg_for_out_of_range_vlanid_in_stag(self):
2342 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002343 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002344 1.Create a vSG VM in compute node
2345 2.Create a vCPE container in vSG VM
2346 3.Ensure vSG VM and vCPE container created properly
2347 2.From subscriber, send ping request with vlan id in s-tag is an out of range value ( like 0,4097 ), with valid c-tag
2348 4.Verify that ping fails as the ping packets drops at vSG VM entry
2349 """
A R Karthick63751492017-03-22 09:28:01 -07002350
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +00002351 def test_vsg_for_extracting_all_compute_stats_from_all_vcpe_containers(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002352 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002353 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002354 1.Create a vSG VM in compute node
2355 2.Create 10 vCPE containers in VM
2356 3.Ensure vSG VM and vCPE containers created properly
2357 4.Login to all vCPE containers
2358 4.Get all compute stats from all vCPE containers
2359 5.Verify the stats # verification method need to add
2360 """
A R Karthick63751492017-03-22 09:28:01 -07002361
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +00002362 def test_vsg_for_extracting_dns_stats_from_all_vcpe_containers(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002363 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002364 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002365 1.Create a vSG VM in compute node
2366 2.Create 10 vCPE containers in VM
2367 3.Ensure vSG VM and vCPE containers created properly
2368 4.From 10 subscribers, send ping to valid and invalid dns hosts
2369 5.Verify dns resolves and ping success for valid dns hosts
2370 6.Verify ping fails for invalid dns hosts
2371 7.Verify dns host name resolve flows in OvS
2372 8.Login to all 10 vCPE containers
2373 9.Extract all dns stats
2374 10.Verify dns stats for queries sent, queries received for dns host resolve success and failed scenarios
2375 """
A R Karthick63751492017-03-22 09:28:01 -07002376
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +00002377 def test_subscriber_access_if_vsg1_goes_down(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002378 """
2379 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002380 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002381 1.Create two vSG VMs for two services in compute node
2382 2.Create one vCPE container in each VM for one subscriber
2383 3.Ensure VMs and containers created properly
2384 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2385 5.Verify ping gets success
2386 6.Verify ping success flows in OvS
2387 7.Down the vSG-1 VM
2388 8.Now repeat step 4
2389 9.Verify that ping fails as vSG-1 is down
2390 10.Repeat step 4 with stag corresponding to vSG-2
2391 9.Verify ping success and flows added in OvS
2392 """
A R Karthick63751492017-03-22 09:28:01 -07002393
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +00002394 def test_subscriber_access_if_vsg2_goes_down(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002395 """
2396 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002397 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002398 1.Create two vSG VMs for two services in compute node
2399 2.Create one vCPE container in each VM for one subscriber
2400 3.Ensure VMs and containers created properly
2401 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2402 5.Verify ping gets success
2403 6.Verify ping success flows added in OvS
2404 7.Now restart vSG-1 VM
2405 8.Now repeat step 4 while vSG-1 VM restarts
2406 9.Verify that ping fails as vSG-1 is restarting
2407 10.Repeat step 4 with stag corresponding to vSG-2 while vSG-1 VM restarts
2408 11.Verify ping success and flows added in OvS
2409 """
A R Karthick63751492017-03-22 09:28:01 -07002410
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +00002411 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_going_down(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002412 """
2413 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002414 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002415 1.Create a vSG VM in compute node
2416 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2417 3.Ensure VM and containers created properly
2418 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2419 5.Verify ping gets success
2420 6.Verify ping success flows added in OvS
2421 7.Now stop vCPE-1 container
2422 8.Now repeat step 4
2423 9.Verify that ping fails as vCPE-1 container is down
2424 10.Repeat step 4 with ctag corresponding to vCPE-2 container
2425 11.Verify ping success and flows added in OvS
2426 """
A R Karthick63751492017-03-22 09:28:01 -07002427
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002428 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_restart(self):
2429 """
2430 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002431 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002432 1.Create a vSG VM in compute node
2433 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2434 3.Ensure VM and containers created properly
2435 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2436 5.Verify ping gets success
2437 6.Verify ping success flows added in OvS
2438 7.Now restart vCPE-1 container
2439 8.Now repeat step 4 while vCPE-1 restarts
2440 9.Verify that ping fails as vCPE-1 container is restarts
2441 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 restarts
2442 11..Verify ping success and flows added in OvS
2443 """
A R Karthick63751492017-03-22 09:28:01 -07002444
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +00002445 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_paused(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002446 """
2447 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 paused
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002448 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002449 1.Create a vSG VM in compute node
2450 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2451 3.Ensure VM and containers created properly
2452 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2453 5.Verify ping gets success
2454 6.Verify ping success flows added in OvS
2455 7.Now pause vCPE-1 container
2456 8.Now repeat step 4 while vCPE-1 in pause state
2457 9.Verify that ping fails as vCPE-1 container in pause state
2458 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 in pause state
2459 11.Verify ping success and flows added in OvS
2460 """
2461 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_removed(self):
2462 """
2463 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 removed
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002464 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002465 1.Create a vSG VM in compute node
2466 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2467 3.Ensure VM and containers created properly
2468 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2469 5.Verify ping gets success
2470 6.Verify ping success flows added in OvS
2471 7.Now remove vCPE-1 container
2472 8.Now repeat step 4
2473 9.Verify that ping fails as vCPE-1 container removed
2474 10.Repeat step 4 with ctag corresponding to vCPE-2 container
2475 11.Verify ping success and flows added in OvS
2476 """
A R Karthick63751492017-03-22 09:28:01 -07002477
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002478 def test_vsg_for_vcpe_instance_removed_and_added_again(self):
2479 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002480 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002481 1.Create a vSG VM in compute node
2482 2.Create a vCPE container in vSG VM
2483 3.Ensure VM and containers created properly
2484 4.From subscriber end, send ping to public IP
2485 5.Verify ping gets success
2486 6.Verify ping success flows added in OvS
2487 7.Now remove vCPE container in vSG VM
2488 8.Now repeat step 4
2489 9.Verify that ping fails as vCPE container removed
2490 10.Create the vCPE container again for the same subscriber
2491 11.Ensure that vCPE created now
2492 12.Now repeat step 4
2493 13.Verify ping success and flows added in OvS
2494 """
A R Karthick63751492017-03-22 09:28:01 -07002495
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002496 def test_vsg_for_vsg_vm_removed_and_added_again(self):
2497 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002498 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002499 1.Create a vSG VM in compute node
2500 2.Create a vCPE container in vSG VM
2501 3.Ensure VM and containers created properly
2502 4.From subscriber end, send ping to public IP
2503 5.Verify ping gets success
2504 6.Verify ping success flows added in OvS
2505 7.Now remove vSG VM
2506 8.Now repeat step 4
2507 9.Verify that ping fails as vSG VM not exists
2508 10.Create the vSG VM and vCPE container in VM again
2509 11.Ensure that vSG and vCPE created
2510 12.Now repeat step 4
2511 13.Verify ping success and flows added in OvS
2512 """
2513
2514 #Test vSG - Subscriber Configuration
2515 def test_vsg_for_configuring_new_subscriber_in_vcpe(self):
2516 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002517 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002518 1.Create a vSG VM in compute node
2519 2.Create a vCPE container in vSG VM
2520 3.Ensure VM and containers created properly
2521 4.Configure a subscriber in XOS and assign a service id
2522 5.Set the admin privileges to the subscriber
2523 6.Verify subscriber configuration is success
2524 """
2525 def test_vsg_for_adding_subscriber_devices_in_vcpe(self):
2526 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002527 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002528 1.Create a vSG VM in compute node
2529 2.Create a vCPE container in vSG VM
2530 3.Ensure VM and containers created properly
2531 4.Configure a subscriber in XOS and assign a service id
2532 5.Verify subscriber successfully configured in vCPE
2533 6.Now add devices( Mac addresses ) under the subscriber admin group
2534 7.Verify all devices ( Macs ) added successfully
2535 """
2536 def test_vsg_for_removing_subscriber_devices_in_vcpe(self):
2537 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002538 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002539 1.Create a vSG VM in compute node
2540 2.Create a vCPE container in vSG VM
2541 3.Ensure VM and containers created properly
2542 4.Configure a subscriber in XOS and assign a service id
2543 5.Verify subscriber successfully configured
2544 6.Now add devices( Mac addresses ) under the subscriber admin group
2545 7.Verify all devices ( Macs ) added successfully
2546 8.Now remove All the added devices in XOS
2547 9.Verify all the devices removed
2548 """
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +00002549 def test_vsg_modifying_subscriber_devices_in_vcpe(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002550 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002551 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002552 1.Create a vSG VM in compute node
2553 2.Create a vCPE container in vSG VM
2554 3.Ensure VM and containers created properly
2555 4.Configure a user in XOS and assign a service id
2556 5.Verify subscriber successfully configured in vCPE.
2557 6.Now add devices( Mac addresses ) under the subscriber admin group
2558 7.Verify all devices ( Macs ) added successfully
2559 8.Now remove few devices in XOS
2560 9.Verify devices removed successfully
2561 10.Now add few additional devices in XOS under the same subscriber admin group
2562 11.Verify newly added devices successfully added
2563 """
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +00002564 def test_vsg_for_vcpe_login_failing_with_incorrect_subscriber_credentials(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002565 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002566 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002567 1.Create a vSG VM in compute node
2568 2.Create a vCPE container in vSG VM
2569 3.Ensure VM and containers created properly
2570 4.Configure a subscriber in XOS and assign a service id
2571 5.Verify subscriber successfully configured
2572 6.Now add devices( Mac addresses ) under the subscriber admin group
2573 7.Verify all devices ( Macs ) added successfully
2574 8.Login vCPE with credentials with which subscriber configured
2575 9.Verify subscriber successfully logged in
2576 10.Logout and login again with incorrect credentials ( either user name or password )
2577 11.Verify login attempt to vCPE fails wtih incorrect credentials
2578 """
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +00002579 def test_vsg_for_subscriber_configuration_in_vcpe_after_vcpe_restart(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002580 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002581 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002582 1.Create a vSG VM in compute node
2583 2.Create a vCPE container in vSG VM
2584 3.Ensure VM and containers created properly
2585 4.Configure a subscriber in XOS and assign a service id
2586 5.Verify subscriber successfully configured
2587 6.Now add devices( Mac addresses ) under the subscriber admin group
2588 7.Verify all devices ( Macs ) added successfully
2589 8.Restart vCPE ( locate backup config path while restart )
2590 9.Verify subscriber details in vCPE after restart should be same as before the restart
2591 """
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +00002592 def test_vsg_creating_multiple_vcpe_instances_and_configuring_subscriber_in_each_instance(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002593 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002594 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002595 1.Create a vSG VM in compute node
2596 2.Create 2 vCPE containers in vSG VM
2597 3.Ensure VM and containers created properly
2598 4.Configure a subscriber in XOS for each vCPE instance and assign a service id
2599 5.Verify subscribers successfully configured
2600 6.Now login vCPE-2 with subscriber-1 credentials
2601 7.Verify login fails
2602 8.Now login vCPE-1 with subscriber-2 credentials
2603 9.Verify login fails
2604 10.Now login vCPE-1 with subscriber-1 and vCPE-2 with subscriber-2 credentials
2605 11.Verify that both the subscribers able to login to their respective vCPE containers
2606 """
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +00002607 def test_vsg_for_same_subscriber_configuring_multiple_services(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002608 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002609 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002610 1.Create 2 vSG VMs in compute node
2611 2.Create a vCPE container in each vSG VM
2612 3.Ensure VMs and containers created properly
2613 4.Configure same subscriber in XOS for each vCPE instance and assign a service id
2614 5.Verify subscriber successfully configured
2615 6.Now login vCPE-1 with subscriber credentials
2616 7.Verify login success
2617 8.Now login vCPE-2 with the same subscriber credentials
2618 9.Verify login success
2619 """
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002620 #vCPE Firewall Functionality
2621 def test_vsg_firewall_for_creating_acl_rule_based_on_source_ip(self):
2622 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002623 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002624 1.Create a vSG VM in compute node
2625 2.Create vCPE container in the VM
2626 3.Ensure vSG VM and vCPE container created properly
2627 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
2628 5.Bound the acl rule to WAN interface of vCPE
2629 6.Verify configuration in vCPE is success
2630 8.Verify flows added in OvS
2631 """
2632 def test_vsg_firewall_for_creating_acl_rule_based_on_destination_ip(self):
2633 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002634 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002635 1.Create a vSG VM in compute node
2636 2.Create vCPE container in the VM
2637 3.Ensure vSG VM and vCPE container created properly
2638 4.Configure ac acl rule in vCPE to deny IP traffic to a destination ip
2639 5.Bound the acl rule to WAN interface of vCPE
2640 6.Verify configuration in vCPE is success
2641 8.Verify flows added in OvS
2642 """
2643 def test_vsg_firewall_for_acl_deny_rule_based_on_source_ip_traffic(self):
2644 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002645 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002646 1.Create a vSG VM in compute node
2647 2.Create vCPE container in the VM
2648 3.Ensure vSG VM and vCPE container created properly
2649 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
2650 5.Bound the acl rule to WAN interface of vCPE
2651 6.From subscriber, send ping to the denied IP address
2652 7.Verify that ping fails as vCPE denies ping response
2653 8.Verify flows added in OvS
2654 """
2655 def test_vsg_firewall_for_acl_deny_rule_based_on_destination_ip_traffic(self):
2656 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +00002657 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +00002658 1.Create a vSG VM in compute node
2659 2.Create vCPE container in the VM
2660 3.Ensure vSG VM and vCPE container created properly
2661 4.Configure ac acl rule in vCPE to deny IP traffic to a destination IP
2662 5.Bound the acl rule to WAN interface of vCPE
2663 6.From subscriber, send ping to the denied IP address
2664 7.Verify that ping fails as vCPE drops the ping request at WAN interface
2665 8.Verify flows added in OvS
2666 """
Chetan Gaonker52418832017-01-26 23:03:13 +00002667
2668 def test_vsg_dnsmasq(self):
2669 pass
2670
2671 def test_vsg_with_external_parental_control_family_shield_for_filter(self):
2672 pass
2673
2674 def test_vsg_with_external_parental_control_with_answerx(self):
2675 pass
2676
2677 def test_vsg_for_subscriber_upstream_bandwidth(self):
2678 pass
2679
2680 def test_vsg_for_subscriber_downstream_bandwidth(self):
2681 pass
2682
2683 def test_vsg_for_diagnostic_run_of_traceroute(self):
2684 pass
2685
2686 def test_vsg_for_diagnostic_run_of_tcpdump(self):
2687 pass
2688
2689 def test_vsg_for_iptable_rules(self):
2690 pass
2691
2692 def test_vsg_for_iptables_with_neutron(self):
2693 pass