Gitiles
Code Review Sign In
gerrit.opencord.org / cord-tester / 0bf7631ef2115eb4e7661a74dd3e9cf6d0b53d12 / . / src / test / vsg / vsgTest.py
blob: e20383bcf8f71c224e5403efe17c2c50a09876ae [file] [log] [blame]
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]1#copyright 2016-present Ciena Corporation
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14#
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]15import time
16import os
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]17import sys
18import json
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame^]19import requests
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]20from nose.tools import *
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]21from twisted.internet import defer
22from nose.twistedtools import reactor, deferred
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]23from CordTestUtils import *
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]24from OltConfig import OltConfig
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]25from onosclidriver import OnosCliDriver
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]26from SSHTestAgent import SSHTestAgent
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]27from CordLogger import CordLogger
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]28from VSGAccess import VSGAccess
A R Karthick933f5b52017-03-27 15:27:16 -0700[diff] [blame]29from CordTestUtils import log_test as log
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]30from CordTestConfig import setup_module, running_on_ciab
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]31from OnosCtrl import OnosCtrl
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]32
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]33log.setLevel('INFO')
34
35class vsg_exchange(CordLogger):
36 ONOS_INSTANCES = 3
37 V_INF1 = 'veth0'
38 device_id = 'of:' + get_mac()
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]39 TEST_IP = '8.8.8.8'
40 HOST = "10.1.0.1"
41 USER = "vagrant"
42 PASS = "vagrant"
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]43 head_node = os.getenv('HEAD_NODE', 'prod')
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]44 HEAD_NODE = head_node + '.cord.lab' if len(head_node.split('.')) == 1 else head_node
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]45 test_path = os.path.dirname(os.path.realpath(__file__))
46 olt_conf_file = os.path.join(test_path, '..', 'setup/olt_config.json')
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]47 restApiXos = None
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]48 subscriber_account_num = 200
49 subscriber_s_tag = 304
50 subscriber_c_tag = 304
51 subscribers_per_s_tag = 8
52 subscriber_map = {}
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]53 subscriber_info = []
54 volt_subscriber_info = []
A R Karthick9a16a112017-04-07 15:40:05 -0700[diff] [blame]55 restore_methods = []
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]56 TIMEOUT=120
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]57 FABRIC_PORT_HEAD_NODE = 1
58 FABRIC_PORT_COMPUTE_NODE = 2
59 APP_NAME = 'org.ciena.xconnect'
60 APP_FILE = os.path.join(test_path, '..', 'apps/xconnect-1.0-SNAPSHOT.oar')
A.R Karthick50f4d9a2017-04-20 16:44:19 -0700[diff] [blame]61 NUM_SUBSCRIBERS = 5
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]62
63 @classmethod
64 def getSubscriberCredentials(cls, subId):
65 """Generate our own account num, s_tag and c_tags"""
66 if subId in cls.subscriber_map:
67 return cls.subscriber_map[subId]
68 account_num = cls.subscriber_account_num
69 cls.subscriber_account_num += 1
70 s_tag, c_tag = cls.subscriber_s_tag, cls.subscriber_c_tag
71 cls.subscriber_c_tag += 1
72 if cls.subscriber_c_tag % cls.subscribers_per_s_tag == 0:
73 cls.subscriber_s_tag += 1
74 cls.subscriber_map[subId] = account_num, s_tag, c_tag
75 return cls.subscriber_map[subId]
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]76
77 @classmethod
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]78 def getXosCredentials(cls):
79 onos_cfg = OnosCtrl.get_config()
80 if onos_cfg is None:
81 return None
82 if 'apps' in onos_cfg and \
83 'org.opencord.vtn' in onos_cfg['apps'] and \
84 'cordvtn' in onos_cfg['apps']['org.opencord.vtn'] and \
85 'xos' in onos_cfg['apps']['org.opencord.vtn']['cordvtn']:
86 xos_cfg = onos_cfg['apps']['org.opencord.vtn']['cordvtn']['xos']
87 endpoint = xos_cfg['endpoint']
88 user = xos_cfg['user']
89 password = xos_cfg['password']
90 xos_endpoints = endpoint.split(':')
91 xos_host = xos_endpoints[1][len('//'):]
92 xos_port = xos_endpoints[2][:-1]
93 #log.info('xos_host: %s, port: %s, user: %s, password: %s' %(xos_host, xos_port, user, password))
94 return dict(host = xos_host, port = xos_port, user = user, password = password)
95
96 return None
97
98 @classmethod
A.R Karthick50f4d9a2017-04-20 16:44:19 -0700[diff] [blame]99 def getSubscriberConfig(cls, num_subscribers):
100 features = {
101 'cdn': True,
102 'uplink_speed': 1000000000,
103 'downlink_speed': 1000000000,
104 'uverse': True,
105 'status': 'enabled'
106 }
107 subscriber_map = []
108 for i in xrange(num_subscribers):
109 subId = 'sub{}'.format(i)
110 account_num, _, _ = cls.getSubscriberCredentials(subId)
111 identity = { 'account_num' : str(account_num),
112 'name' : 'My House {}'.format(i)
113 }
114 sub_info = { 'features' : features,
115 'identity' : identity
116 }
117 subscriber_map.append(sub_info)
118
119 return subscriber_map
120
121 @classmethod
122 def getVoltSubscriberConfig(cls, num_subscribers):
123 voltSubscriberMap = []
124 for i in xrange(num_subscribers):
125 subId = 'sub{}'.format(i)
126 account_num, s_tag, c_tag = cls.getSubscriberCredentials(subId)
127 voltSubscriberInfo = {}
128 voltSubscriberInfo['voltTenant'] = dict(s_tag = str(s_tag),
129 c_tag = str(c_tag),
130 subscriber = '')
131 voltSubscriberInfo['account_num'] = account_num
132 voltSubscriberMap.append(voltSubscriberInfo)
133
134 return voltSubscriberMap
135
136 @classmethod
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]137 def setUpCordApi(cls):
138 our_path = os.path.dirname(os.path.realpath(__file__))
139 cord_api_path = os.path.join(our_path, '..', 'cord-api')
140 framework_path = os.path.join(cord_api_path, 'Framework')
141 utils_path = os.path.join(framework_path, 'utils')
142 data_path = os.path.join(cord_api_path, 'Tests', 'data')
143 subscriber_cfg = os.path.join(data_path, 'Subscriber.json')
144 volt_tenant_cfg = os.path.join(data_path, 'VoltTenant.json')
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]145 num_subscribers = max(cls.NUM_SUBSCRIBERS, 5)
146 cls.subscriber_info = cls.getSubscriberConfig(num_subscribers)
147 cls.volt_subscriber_info = cls.getVoltSubscriberConfig(num_subscribers)
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]148
149 sys.path.append(utils_path)
150 sys.path.append(framework_path)
151 from restApi import restApi
152 restApiXos = restApi()
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]153 xos_credentials = cls.getXosCredentials()
154 if xos_credentials is None:
155 restApiXos.controllerIP = cls.HEAD_NODE
156 restApiXos.controllerPort = '9000'
157 else:
158 restApiXos.controllerIP = xos_credentials['host']
159 restApiXos.controllerPort = xos_credentials['port']
160 restApiXos.user = xos_credentials['user']
161 restApiXos.password = xos_credentials['password']
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]162 cls.restApiXos = restApiXos
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]163
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]164 @classmethod
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]165 def getVoltId(cls, result, subId):
166 if type(result) is not type([]):
167 return None
168 for tenant in result:
169 if str(tenant['subscriber']) == str(subId):
170 return str(tenant['id'])
171 return None
172
173 @classmethod
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]174 def closeVCPEAccess(cls, volt_subscriber_info):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]175 OnosCtrl.uninstall_app(cls.APP_NAME, onos_ip = cls.HEAD_NODE)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]176
177 @classmethod
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]178 def openVCPEAccess(cls, volt_subscriber_info):
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]179 """
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]180 This code is used to configure leaf switch for head node access to compute node over fabric.
181 Care is to be taken to avoid overwriting existing/default vcpe flows.
182 The access is opened for generated subscriber info which should not overlap.
183 We target the fabric onos instance on head node.
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]184 """
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]185 OnosCtrl.install_app(cls.APP_FILE, onos_ip = cls.HEAD_NODE)
186 time.sleep(2)
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]187 s_tags = map(lambda tenant: int(tenant['voltTenant']['s_tag']), volt_subscriber_info)
188 #only get unique vlan tags
189 s_tags = list(set(s_tags))
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]190 devices = OnosCtrl.get_device_ids(controller = cls.HEAD_NODE)
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]191 if devices:
192 device_config = {}
193 for device in devices:
194 device_config[device] = []
195 for s_tag in s_tags:
196 xconnect_config = {'vlan': s_tag, 'ports' : [ cls.FABRIC_PORT_HEAD_NODE, cls.FABRIC_PORT_COMPUTE_NODE ] }
197 device_config[device].append(xconnect_config)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]198
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]199 cfg = { 'apps' : { 'org.ciena.xconnect' : { 'xconnectTestConfig' : device_config } } }
200 OnosCtrl.config(cfg, controller = cls.HEAD_NODE)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]201
202 @classmethod
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]203 def setUpClass(cls):
204 cls.controllers = get_controllers()
205 cls.controller = cls.controllers[0]
206 cls.cli = None
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]207 cls.on_pod = running_on_pod()
208 cls.on_ciab = running_on_ciab()
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]209 cls.olt = OltConfig(olt_conf_file = cls.olt_conf_file)
210 cls.vcpes = cls.olt.get_vcpes()
211 cls.vcpes_dhcp = cls.olt.get_vcpes_by_type('dhcp')
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]212 cls.vcpes_reserved = cls.olt.get_vcpes_by_type('reserved')
213 cls.dhcp_vcpes_reserved = [ 'vcpe{}.{}.{}'.format(i, cls.vcpes_reserved[i]['s_tag'], cls.vcpes_reserved[i]['c_tag'])
214 for i in xrange(len(cls.vcpes_reserved)) ]
215 cls.untagged_dhcp_vcpes_reserved = [ 'vcpe{}'.format(i) for i in xrange(len(cls.vcpes_reserved)) ]
216 cls.container_vcpes_reserved = [ 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag']) for vcpe in cls.vcpes_reserved ]
217 vcpe_dhcp_reserved = None
218 vcpe_container_reserved = None
219 if cls.vcpes_reserved:
220 vcpe_dhcp_reserved = cls.dhcp_vcpes_reserved[0]
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]221 if cls.on_pod is False:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]222 vcpe_dhcp_reserved = cls.untagged_dhcp_vcpes_reserved[0]
223 vcpe_container_reserved = cls.container_vcpes_reserved[0]
224
225 cls.vcpe_dhcp_reserved = vcpe_dhcp_reserved
226 cls.vcpe_container_reserved = vcpe_container_reserved
227 dhcp_vcpe_offset = len(cls.vcpes_reserved)
A R Karthick927129c2017-04-25 14:08:02 -0700[diff] [blame]228 cls.dhcp_vcpes = [ 'vcpe{}.{}.{}'.format(i+dhcp_vcpe_offset, cls.vcpes_dhcp[i]['s_tag'], cls.vcpes_dhcp[i]['c_tag'])
229 for i in xrange(len(cls.vcpes_dhcp)) ]
230 cls.untagged_dhcp_vcpes = [ 'vcpe{}'.format(i+dhcp_vcpe_offset) for i in xrange(len(cls.vcpes_dhcp)) ]
231 cls.container_vcpes = [ 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag']) for vcpe in cls.vcpes_dhcp ]
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]232 vcpe_dhcp = None
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]233 vcpe_container = None
234 #cache the first dhcp vcpe in the class for quick testing
235 if cls.vcpes_dhcp:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]236 vcpe_container = cls.container_vcpes[0]
237 vcpe_dhcp = cls.dhcp_vcpes[0]
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]238 if cls.on_pod is False:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]239 vcpe_dhcp = cls.untagged_dhcp_vcpes[0]
240 cls.vcpe_container = vcpe_container_reserved or vcpe_container
241 cls.vcpe_dhcp = vcpe_dhcp_reserved or vcpe_dhcp
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]242 VSGAccess.setUp()
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]243 cls.setUpCordApi()
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]244 if cls.on_pod is True:
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]245 cls.openVCPEAccess(cls.volt_subscriber_info)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]246
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]247 @classmethod
248 def tearDownClass(cls):
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]249 VSGAccess.tearDown()
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]250 if cls.on_pod is True:
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]251 cls.closeVCPEAccess(cls.volt_subscriber_info)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]252
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]253 def cliEnter(self, controller = None):
254 retries = 0
255 while retries < 30:
256 self.cli = OnosCliDriver(controller = controller, connect = True)
257 if self.cli.handle:
258 break
259 else:
260 retries += 1
261 time.sleep(2)
262
263 def cliExit(self):
264 self.cli.disconnect()
265
266 def onos_shutdown(self, controller = None):
267 status = True
268 self.cliEnter(controller = controller)
269 try:
270 self.cli.shutdown(timeout = 10)
271 except:
272 log.info('Graceful shutdown of ONOS failed for controller: %s' %controller)
273 status = False
274
275 self.cliExit()
276 return status
277
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]278 def log_set(self, level = None, app = 'org.onosproject'):
279 CordLogger.logSet(level = level, app = app, controllers = self.controllers, forced = True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]280
A R Karthick9a16a112017-04-07 15:40:05 -0700[diff] [blame]281 @classmethod
282 def get_dhcp(cls, vcpe, mgmt = 'eth0'):
283 """Get DHCP for vcpe interface saving management settings"""
284
285 def put_dhcp():
286 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
287
288 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
289 if vcpe_ip is not None:
290 cls.restore_methods.append(put_dhcp)
291 return vcpe_ip
292
293 @classmethod
294 def config_restore(cls):
295 """Restore the vsg test configuration on test case failures"""
296 for restore_method in cls.restore_methods:
297 restore_method()
298
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]299 def get_vsg_vcpe_pair(self):
300 vcpes = self.vcpes_dhcp
301 vcpe_containers = []
302 vsg_vcpe = {}
303 for vcp in vcpes:
304 vcpe_container = 'vcpe-{}-{}'.format(vcp['s_tag'], vcp['c_tag'])
305 vcpe_containers.append(vcpe_container)
306 vsg = VSGAccess.get_vcpe_vsg(vcpe_container)
307 vsg_vcpe[vcpe_container]=str(vsg.get_ip())
308 return vsg_vcpe
309
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]310 def get_vcpe_containers_and_interfaces(self):
311 vcpe_containers = {}
312 vcpe_interfaces = []
313 vcpes = self.vcpes_dhcp
314 count = 0
315 for vcpe in vcpes:
316 vcpe_intf = 'vcpe{}.{}.{}'.format(count,vcpe['s_tag'],vcpe['c_tag'])
317 vcpe_interfaces.append(vcpe_intf)
318 vcpe_container = 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag'])
319 vcpe_containers[vcpe_intf] = vcpe_container
320 count += 1
321 log.info('vcpe interfaces are %s'%vcpe_interfaces)
322 log.info('vcpe containers are %s'%vcpe_containers)
323 return vcpe_interfaces,vcpe_containers
324
325 def get_vcpe_interface_dhcp_ip(self,vcpe=None):
326 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]327 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]328 st, _ = getstatusoutput('dhclient {}'.format(vcpe))
329 vcpe_ip = get_ip(vcpe)
330 return vcpe_ip
331
332 def release_vcpe_interface_dhcp_ip(self,vcpe=None):
333 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]334 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]335 st, _ = getstatusoutput('dhclient {} -r'.format(vcpe))
336 vcpe_ip = get_ip(vcpe)
337 assert_equal(vcpe_ip, None)
338
339 def add_static_route_via_vcpe_interface(self, routes, vcpe=None,dhcp_ip=True):
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]340 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]341 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]342 if dhcp_ip:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]343 os.system('dhclient '+vcpe)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]344 time.sleep(1)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]345 for route in routes:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]346 log.info('route is %s'%route)
347 cmd = 'ip route add ' + route + ' via 192.168.0.1 '+ 'dev ' + vcpe
348 cmds.append(cmd)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]349 for cmd in cmds:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]350 os.system(cmd)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]351 return True
352
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]353 def del_static_route_via_vcpe_interface(self,routes,vcpe=None,dhcp_release=True):
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]354 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]355 vcpe = self.vcpe_dhcp
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]356 cmds = []
357 for route in routes:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]358 cmd = 'ip route del ' + route + ' via 192.168.0.1 ' + 'dev ' + vcpe
359 os.system(cmd)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]360 if dhcp_release:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]361 os.system('dhclient '+vcpe+' -r')
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]362 return True
363
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]364 def vsg_for_external_connectivity(self, subscriber_index, reserved = False):
365 if reserved is True:
366 if self.on_pod is True:
367 vcpe = self.dhcp_vcpes_reserved[subscriber_index]
368 else:
369 vcpe = self.untagged_dhcp_vcpes_reserved[subscriber_index]
370 else:
371 if self.on_pod is True:
372 vcpe = self.dhcp_vcpes[subscriber_index]
373 else:
374 vcpe = self.untagged_dhcp_vcpes[subscriber_index]
375 mgmt = 'eth0'
376 host = '8.8.8.8'
377 self.success = False
378 assert_not_equal(vcpe, None)
379 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
380 assert_not_equal(vcpe_ip, None)
381 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
382 log.info('Sending icmp echo requests to external network 8.8.8.8')
383 st, _ = getstatusoutput('ping -c 3 8.8.8.8')
384 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
385 assert_equal(st, 0)
386
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]387 def test_vsg_health(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]388 """
389 Algo:
390 1. Login to compute node VM
391 2. Get all vSGs
392 3. Ping to all vSGs
393 4. Verifying Ping success
394 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]395 status = True
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]396 if self.on_pod is True:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]397 status = VSGAccess.health_check()
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]398 assert_equal(status, True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]399
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]400 def test_vsg_health_check(self, vsg_name='mysite_vsg-1', verify_status=True):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]401 """
402 Algo:
403 1. If vsg name not specified, Get vsg corresponding to vcpe
404 1. Login to compute mode VM
405 3. Ping to the vSG
406 4. Verifying Ping success
407 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]408 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]409 return
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]410 if not vsg_name:
411 vcpe = self.vcpe_container
412 vsg = VSGAccess.get_vcpe_vsg(vcpe)
413 status = vsg.get_health()
414 assert_equal(status, verify_status)
415 else:
416 vsgs = VSGAccess.get_vsgs()
417 status = None
418 for vsg in vsgs:
419 if vsg.name == vsg_name:
420 status = vsg.get_health()
421 log.info('vsg health check status is %s'%status)
422 assert_equal(status,verify_status)
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]423
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]424 @deferred(TIMEOUT)
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]425 def test_vsg_for_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]426 """
427 Algo:
428 1. Get list of all compute nodes created using Openstack
429 2. Login to compute mode VM
430 3. Get all vSGs
431 4. Verifying atleast one compute node and one vSG created
432 """
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]433 df = defer.Deferred()
434 def vsg_for_vcpe_df(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]435 if self.on_pod is True:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]436 vsgs = VSGAccess.get_vsgs()
437 compute_nodes = VSGAccess.get_compute_nodes()
438 time.sleep(14)
439 assert_not_equal(len(vsgs), 0)
440 assert_not_equal(len(compute_nodes), 0)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]441 df.callback(0)
442 reactor.callLater(0,vsg_for_vcpe_df,df)
443 return df
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]444
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]445 def test_vsg_for_login(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]446 """
447 Algo:
448 1. Login to compute node VM
449 2. Get all vSGs
450 3. Verifying login to vSG is success
451 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]452 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]453 return
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]454 vsgs = VSGAccess.get_vsgs()
455 vsg_access_status = map(lambda vsg: vsg.check_access(), vsgs)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]456 status = filter(lambda st: st == False, vsg_access_status)
457 assert_equal(len(status), 0)
458
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]459 def test_vsg_for_default_route_through_testclient(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]460 """
461 Algo:
462 1. Login to head node
463 2. Verifying for default route in lxc test client
464 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]465 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]466 return
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]467 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
468 cmd = "sudo lxc exec testclient -- route | grep default"
469 status, output = ssh_agent.run_cmd(cmd)
470 assert_equal(status, True)
471
472 def test_vsg_for_external_connectivity_through_testclient(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]473 """
474 Algo:
475 1. Login to head node
476 2. On head node, executing ping to 8.8.8.8 from lxc test client
477 3. Verifying for the ping success
478 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]479 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]480 return
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]481 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
482 cmd = "lxc exec testclient -- ping -c 3 8.8.8.8"
483 status, output = ssh_agent.run_cmd(cmd)
484 assert_equal( status, True)
485
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]486 def test_vsg_for_external_connectivity(self):
487 """
488 Algo:
489 1. Get dhcp IP to vcpe interface in cord-tester
490 2. Verifying vcpe interface gets dhcp IP
491 3. Ping to 8.8.8.8 and Verifying ping should success
492 4. Restoring management interface configuration in cord-tester
493 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]494 reserved = True
495 if self.on_pod:
496 reserved = self.on_ciab
497 self.vsg_for_external_connectivity(0, reserved = reserved)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]498
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]499 def test_vsg_for_external_connectivity_to_google(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]500 """
501 Algo:
502 1. Get dhcp IP to vcpe interface in cord-tester
503 2. Verifying vcpe interface gets dhcp IP
504 3. Ping to www.google.com and Verifying ping should success
505 4. Restoring management interface configuration in cord-tester
506 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]507 host = 'www.google.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]508 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]509 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]510 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]511 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]512 assert_not_equal(vcpe_ip, None)
513 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
514 log.info('Sending icmp ping requests to %s' %host)
515 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]516 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]517 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]518
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame^]519 #Test cases to check path mtu across cord framework wih some selected websites to check response.
520 def test_vsg_to_retrieve_content_from_google_to_validate_path_mtu(self):
521 """
522 Algo:
523 1. Get dhcp IP to vcpe interface in cord-tester
524 2. Verifying vcpe interface gets dhcp IP
525 3. Retrieve contents from www.google.com and Verify response status is 200 ok.
526 4. This validates path mtu for end to end traffic with request to retrieve web contents in cord framework.
527 (Based on website response, size differs, needs check on MTU)
528 4. Restoring management interface configuration in cord-tester
529 """
530 host = 'www.google.com'
531 vcpe = self.vcpe_dhcp
532 mgmt = 'eth0'
533 assert_not_equal(vcpe, None)
534 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
535 assert_not_equal(vcpe_ip, None)
536 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
537 log.info('Initiating get requests to %s' %host)
538 r = requests.get('http://<%s>'%host)
539 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
540 assert_equal(r.status_code, 200)
541
542 def test_vsg_to_retrieve_content_from_rediff_to_validate_path_mtu(self):
543 """
544 Algo:
545 1. Get dhcp IP to vcpe interface in cord-tester
546 2. Verifying vcpe interface gets dhcp IP
547 3. Retrieve contents from www.rediff.com and Verify response status is 200 ok.
548 4. This validates path mtu for end to end traffic with request to retrieve web contents in cord framework.
549 (Based on website response, size differs, needs check on MTU)
550 4. Restoring management interface configuration in cord-tester
551 """
552 host = 'www.rediff.com'
553 vcpe = self.vcpe_dhcp
554 mgmt = 'eth0'
555 assert_not_equal(vcpe, None)
556 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
557 assert_not_equal(vcpe_ip, None)
558 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
559 log.info('Initiating get requests to %s' %host)
560 r = requests.get('http://<%s>'%host)
561 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
562 assert_equal(r.status_code, 200)
563
564 def test_vsg_to_retrieve_content_from_yahoo_to_validate_path_mtu(self):
565 """
566 Algo:
567 1. Get dhcp IP to vcpe interface in cord-tester
568 2. Verifying vcpe interface gets dhcp IP
569 3. Retrieve contents from www.yahoo.com and Verify response status is 200 ok.
570 4. This validates path mtu for end to end traffic with request to retrieve web contents in cord framework.
571 (Based on website response, size differs, needs check on MTU)
572 4. Restoring management interface configuration in cord-tester
573 """
574 host = 'www.yahoo.com'
575 vcpe = self.vcpe_dhcp
576 mgmt = 'eth0'
577 assert_not_equal(vcpe, None)
578 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
579 assert_not_equal(vcpe_ip, None)
580 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
581 log.info('Initiating get requests to %s' %host)
582 r = requests.get('http://<%s>'%host)
583 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
584 assert_equal(r.status_code, 200)
585
586 def test_vsg_to_retrieve_content_from_facebook_to_validate_path_mtu(self):
587 """
588 Algo:
589 1. Get dhcp IP to vcpe interface in cord-tester
590 2. Verifying vcpe interface gets dhcp IP
591 3. Retrieve contents from www.facebook.com and Verify response status is 200 ok.
592 4. This validates path mtu for end to end traffic with request to retrieve web contents in cord framework.
593 (Based on website response, size differs, needs check on MTU)
594 4. Restoring management interface configuration in cord-tester
595 """
596 host = 'www.facebook.com'
597 vcpe = self.vcpe_dhcp
598 mgmt = 'eth0'
599 assert_not_equal(vcpe, None)
600 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
601 assert_not_equal(vcpe_ip, None)
602 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
603 log.info('Initiating get requests to %s' %host)
604 r = requests.get('http://<%s>'%host)
605 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
606 assert_equal(r.status_code, 200)
607
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]608 def test_vsg_for_external_connectivity_to_invalid_host(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]609 """
610 Algo:
611 1. Get dhcp IP to vcpe interface in cord-tester
612 2. Verifying vcpe interface gets dhcp IP
613 3. Ping to www.goglee.com and Verifying ping should not success
614 4. Restoring management interface configuration in cord-tester
615 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]616 host = 'www.goglee.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]617 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]618 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]619 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]620 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]621 assert_not_equal(vcpe_ip, None)
622 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
623 log.info('Sending icmp ping requests to non existent host %s' %host)
624 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]625 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]626 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]627
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]628 def test_vsg_for_external_connectivity_with_ttl_1(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]629 """
630 Algo:
631 1. Get dhcp IP to vcpe interface in cord-tester
632 2. Verifying vcpe interface gets dhcp IP
633 3. Ping to 8.8.8.8 with ttl set to 1
634 4. Verifying ping should not success
635 5. Restoring management interface configuration in cord-tester
636 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]637 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]638 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]639 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]640 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]641 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]642 assert_not_equal(vcpe_ip, None)
643 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
644 log.info('Sending icmp ping requests to host %s with ttl 1' %host)
645 st, _ = getstatusoutput('ping -c 1 -t 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]646 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]647 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]648
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]649 def test_vsg_for_external_connectivity_with_wan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]650 """
651 Algo:
652 1. Get dhcp IP to vcpe interface in cord-tester
653 2. Verifying vcpe interface gets dhcp IP
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]654 3. Ping to 8.8.8.8 and Verifying ping succeeds
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]655 4. Now down the WAN interface of vcpe
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]656 5. Ping to 8.8.8.8 and Verifying ping fails
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]657 6. Now Up the WAN interface of vcpe
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]658 7. Ping to 8.8.8.8 and Verifying ping succeeds
659 8. Restoring management interface configuration in cord-tester
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]660 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]661 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]662 return
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]663 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]664 mgmt = 'eth0'
665 vcpe = self.vcpe_container
666 assert_not_equal(vcpe, None)
667 assert_not_equal(self.vcpe_dhcp, None)
668 #first get dhcp on the vcpe interface
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]669 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
670 assert_not_equal(vcpe_ip, None)
671 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
672 log.info('Sending ICMP pings to host %s' %(host))
673 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
674 if st != 0:
675 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
676 assert_equal(st, 0)
677 #bring down the wan interface and check again
678 st = VSGAccess.vcpe_wan_down(vcpe)
679 if st is False:
680 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
681 assert_equal(st, True)
682 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
683 if st == 0:
684 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
685 assert_not_equal(st, 0)
686 st = VSGAccess.vcpe_wan_up(vcpe)
687 if st is False:
688 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
689 assert_equal(st, True)
690 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
691 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
692 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]693
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]694 def test_vsg_for_external_connectivity_with_lan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]695 """
696 Algo:
697 1. Get dhcp IP to vcpe interface in cord-tester
698 2. Verifying vcpe interface gets dhcp IP
699 3. Ping to 8.8.8.8 and Verifying ping should success
700 4. Now down the LAN interface of vcpe
701 5. Ping to 8.8.8.8 and Verifying ping should not success
702 6. Now Up the LAN interface of vcpe
703 7. Ping to 8.8.8.8 and Verifying ping should success
704 8. Restoring management interface configuration in cord-tester
705 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]706 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]707 return
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]708 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]709 mgmt = 'eth0'
710 vcpe = self.vcpe_container
711 assert_not_equal(vcpe, None)
712 assert_not_equal(self.vcpe_dhcp, None)
713 #first get dhcp on the vcpe interface
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]714 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
715 assert_not_equal(vcpe_ip, None)
716 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
717 log.info('Sending ICMP pings to host %s' %(host))
718 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
719 if st != 0:
720 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
721 assert_equal(st, 0)
722 #bring down the lan interface and check again
723 st = VSGAccess.vcpe_lan_down(vcpe)
724 if st is False:
725 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
726 assert_equal(st, True)
727 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
728 if st == 0:
729 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
730 assert_not_equal(st, 0)
731 st = VSGAccess.vcpe_lan_up(vcpe)
732 if st is False:
733 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
734 assert_equal(st, True)
735 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
736 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
737 assert_equal(st, 0)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]738
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]739 def test_vsg_multiple_subscribers_for_same_vcpe_instace(self):
740 """
741 Algo:
742 1. Create a vcpe instance
743 2. Create multiple vcpe interfaces in cord-tester with same s-tag and c-tag to access vcpe instance
744 3. Verify all the interfaces gets dhcp IP in same subnet
745 """
746 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
747 for vcpe in vcpe_intfs:
748 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
749 assert_not_equal(vcpe_ip,None)
750 for vcpe in vcpe_intfs:
751 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
752
753 def test_vsg_for_multiple_subscribers_with_same_vcpe_instance_and_validate_external_connectivity(self):
754 """
755 Algo:
756 1. Create a vcpe instance
757 2. Create multiple vcpe interfaces in cord-tester with same s-tag and c-tag to access vcpe instance
758 3. Verify all the interfaces gets dhcp IP in same subnet
759 4. From cord-tester ping to external with vcpe interface option
760 """
761 host = '8.8.8.8'
762 vcpe_intfs, containers = self.get_vcpe_containers_and_interfaces()
763 for vcpe in vcpe_intfs:
764 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
765 assert_not_equal(vcpe_ip,None)
766 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe,dhcp_ip=False)
767 st, _ = getstatusoutput('ping -I {} -c 3 {}'.format(vcpe,host))
768 assert_equal(st, 0)
769 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe,dhcp_release=False)
770 for vcpe in vcpe_intfs:
771 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
772
773 def test_vsg_vcpe_interface_and_validate_dhcp_ip_after_interface_toggle(self):
774 """
775 Algo:
776 1. Create a vcpe instance
777 2. Create a vcpe interface in cord-tester
778 3. Verify the interface gets dhcp IP
779 4. Toggle the interface
780 5. Verify the interface gets dhcp IP
781 """
782 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
783 for vcpe in vcpe_intfs:
784 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
785 assert_not_equal(vcpe_ip,None)
786 os.system('ifconfig {} down'.format(vcpe))
787 time.sleep(1)
788 os.system('ifconfig {} up'.format(vcpe))
789 time.sleep(1)
790 vcpe_ip2 = get_ip(vcpe)
791 assert_equal(vcpe_ip2,vcpe_ip)
792 for vcpe in vcpe_intfs:
793 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
794
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]795 @deferred(TIMEOUT)
796 def test_vsg_for_external_connectivity_with_vcpe_container_paused(self,vcpe_name=None,vcpe_intf=None):
797 """
798 Algo:
799 1. Get vSG corresponding to vcpe
800 2. Get dhcp ip to vcpe interface
801 3. Add static route to destination route in test container
802 4. From test container ping to destination route and verify ping success
803 5. Login to compute node and execute command to pause vcpe container
804 6. From test container ping to destination route and verify ping success
805 """
806 if not vcpe_name:
807 vcpe_name = self.vcpe_container
808 if not vcpe_intf:
809 vcpe_intf = self.vcpe_dhcp
810 df = defer.Deferred()
811 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]812 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]813 df.callback(0)
814 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]815 host = '8.8.8.8'
816 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
817 try:
818 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
819 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
820 assert_equal(st, False)
821 st, _ = vsg.run_cmd('sudo docker pause {}'.format(vcpe_name))
822 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
823 assert_equal(st, False)
824 finally:
825 vsg.run_cmd('sudo docker unpause'.format(vcpe_name))
826 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
827 df.callback(0)
828 reactor.callLater(0, vcpe_firewall, df)
829 return df
830
831 @deferred(TIMEOUT)
832 def test_vsg_firewall_with_deny_destination_ip(self, vcpe_name=None, vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]833 """
834 Algo:
835 1. Get vSG corresponding to vcpe
836 2. Login to compute node
837 3. Execute iptable command on vcpe from compute node to deny a destination IP
838 4. From cord-tester ping to the denied IP address
839 5. Verifying that ping should not be successful
840 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]841 if not vcpe_name:
842 vcpe_name = self.vcpe_container
843 if not vcpe_intf:
844 vcpe_intf = self.vcpe_dhcp
845 df = defer.Deferred()
846 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]847 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]848 df.callback(0)
849 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]850 host = '8.8.8.8'
851 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
852 try:
853 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
854 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
855 assert_equal(st, False)
856 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
857 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
858 assert_equal(st, True)
859 finally:
860 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
861 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
862 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
863 df.callback(0)
864 reactor.callLater(0, vcpe_firewall, df)
865 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]866
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]867 @deferred(TIMEOUT)
868 def test_vsg_firewall_with_rule_add_and_delete_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]869 """
870 Algo:
871 1. Get vSG corresponding to vcpe
872 2. Login to compute node
873 3. Execute iptable command on vcpe from compute node to deny a destination IP
874 4. From cord-tester ping to the denied IP address
875 5. Verifying that ping should not be successful
876 6. Delete the iptable rule in vcpe
877 7. From cord-tester ping to the denied IP address
878 8. Verifying the ping should success
879 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]880 if not vcpe_name:
881 vcpe_name = self.vcpe_container
882 if not vcpe_intf:
883 vcpe_intf = self.vcpe_dhcp
884 df = defer.Deferred()
885 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]886 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]887 df.callback(0)
888 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]889 host = '8.8.8.8'
890 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
891 try:
892 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
893 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
894 assert_equal(st, False)
895 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
896 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
897 assert_equal(st, True)
898 st,_ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
899 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
900 assert_equal(st, False)
901 finally:
902 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
903 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
904 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
905 df.callback(0)
906 reactor.callLater(0, vcpe_firewall, df)
907 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]908
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]909 @deferred(TIMEOUT)
910 def test_vsg_firewall_verifying_reachability_for_non_blocked_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]911 """
912 Algo:
913 1. Get vSG corresponding to vcpe
914 2. Login to compute node
915 3. Execute iptable command on vcpe from compute node to deny a destination IP
916 4. From cord-tester ping to the denied IP address
917 5. Verifying that ping should not be successful
918 6. From cord-tester ping to the denied IP address other than the denied one
919 7. Verifying the ping should success
920 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]921 if not vcpe_name:
922 vcpe_name = self.vcpe_container
923 if not vcpe_intf:
924 vcpe_intf = self.vcpe_dhcp
925 df = defer.Deferred()
926 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]927 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]928 df.callback(0)
929 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]930 host1 = '8.8.8.8'
931 host2 = '204.79.197.203'
932 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
933 try:
934 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
935 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
936 assert_equal(st, False)
937 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
938 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
939 assert_equal(st, True)
940 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
941 assert_equal(st,False)
942 finally:
943 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
944 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
945 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
946 df.callback(0)
947 reactor.callLater(0, vcpe_firewall, df)
948 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]949
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]950 @deferred(TIMEOUT)
951 def test_vsg_firewall_appending_rules_with_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]952 """
953 Algo:
954 1. Get vSG corresponding to vcpe
955 2. Login to compute node
956 3. Execute iptable command on vcpe from compute node to deny a destination IP1
957 4. From cord-tester ping to the denied IP address IP1
958 5. Verifying that ping should not be successful
959 6. Execute iptable command on vcpe from compute node to deny a destination IP2
960 6. From cord-tester ping to the denied IP address IP2
961 7. Verifying that ping should not be successful
962 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]963 if not vcpe_name:
964 vcpe_name = self.vcpe_container
965 if not vcpe_intf:
966 vcpe_intf = self.vcpe_dhcp
967 df = defer.Deferred()
968 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]969 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]970 df.callback(0)
971 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]972 host1 = '8.8.8.8'
973 host2 = '204.79.197.203'
974 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
975 try:
976 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
977 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
978 assert_equal(st, False)
979 st,_ = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name))
980 time.sleep(2)
981 st,_ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
982 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
983 assert_equal(st, True)
984 st, out = getstatusoutput('ping -c 1 {}'.format(host2))
985 log.info('host2 ping output is %s'%out)
986 assert_equal(st, False)
987 st, _ = vsg.run_cmd('sudo docker exec {} iptables -A FORWARD -d {} -j DROP'.format(vcpe_name,host2))
988 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
989 assert_equal(st,True)
990 finally:
991 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
992 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
993 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
994 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
995 df.callback(0)
996 reactor.callLater(0, vcpe_firewall, df)
997 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]998
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]999 @deferred(TIMEOUT)
1000 def test_vsg_firewall_removing_one_rule_denying_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1001 """
1002 Algo:
1003 1. Get vSG corresponding to vcpe
1004 2. Login to compute node
1005 3. Execute iptable command on vcpe from compute node to deny a destination IP1
1006 4. Execute iptable command on vcpe from compute node to deny a destination IP2
1007 5. From cord-tester ping to the denied IP address IP1
1008 6. Verifying that ping should not be successful
1009 7. From cord-tester ping to the denied IP address IP2
1010 8. Verifying that ping should not be successful
1011 9. Execute iptable command on vcpe from compute node to remove deny a destination IP2 rule
1012 10. From cord-tester ping to the denied IP address IP2
1013 11. Verifying the ping should success
1014 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1015 if not vcpe_name:
1016 vcpe_name = self.vcpe_container
1017 if not vcpe_intf:
1018 vcpe_intf = self.vcpe_dhcp
1019 df = defer.Deferred()
1020 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1021 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1022 df.callback(0)
1023 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1024 host1 = '8.8.8.8'
1025 host2 = '204.79.197.203'
1026 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1027 try:
1028 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp)
1029 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1030 assert_equal(st, False)
1031 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
1032 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host2))
1033 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1034 assert_equal(st, True)
1035 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1036 assert_equal(st,True)
1037 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
1038 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1039 assert_equal(st,False)
1040 finally:
1041 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
1042 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
1043 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
1044 log.info('restarting vcpe container')
1045 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1046 df.callback(0)
1047 reactor.callLater(0, vcpe_firewall, df)
1048 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1049
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1050 @deferred(TIMEOUT)
1051 def test_vsg_firewall_changing_rule_id_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1052 """
1053 Algo:
1054 1. Get vSG corresponding to vcpe
1055 2. Login to compute node
1056 3. Execute iptable command on vcpe from compute node to deny a destination IP
1057 5. From cord-tester ping to the denied IP address IP1
1058 6. Verifying that ping should not be successful
1059 9. Execute iptable command on vcpe from compute node to change the rule ID to 2 to deny the same destination IP
1060 10. From cord-tester ping to the denied IP address IP
1061 11. Verifying that ping should not be successful
1062 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1063 if not vcpe_name:
1064 vcpe_name = self.vcpe_container
1065 if not vcpe_intf:
1066 vcpe_intf = self.vcpe_dhcp
1067 df = defer.Deferred()
1068 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1069 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1070 df.callback(0)
1071 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1072 host = '8.8.8.8'
1073 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1074 try:
1075 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1076 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1077 assert_equal(st, False)
1078 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1079 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1080 assert_equal(st, True)
1081 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP '.format(vcpe_name,host))
1082 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1083 assert_equal(st,True)
1084 finally:
1085 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1086 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1087 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1088 df.callback(0)
1089 reactor.callLater(0, vcpe_firewall, df)
1090 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1091
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1092 @deferred(TIMEOUT)
1093 def test_vsg_firewall_changing_deny_rule_to_accept_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1094 """
1095 Algo:
1096 1. Get vSG corresponding to vcpe
1097 2. Login to compute node
1098 3. Execute iptable command on vcpe from compute node to deny a destination IP
1099 5. From cord-tester ping to the denied IP address IP1
1100 6. Verifying that ping should not be successful
1101 9. Execute iptable command on vcpe from compute node to accept the same destination IP
1102 10. From cord-tester ping to the accepted IP
1103 11. Verifying the ping should success
1104 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1105 if not vcpe_name:
1106 vcpe_name = self.vcpe_container
1107 if not vcpe_intf:
1108 vcpe_intf = self.vcpe_dhcp
1109 df = defer.Deferred()
1110 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1111 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1112 df.callback(0)
1113 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1114 host = '8.8.8.8'
1115 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1116 try:
1117 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1118 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1119 assert_equal(st, False)
1120 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1121 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1122 assert_equal(st, True)
1123 st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -d {} -j ACCEPT'.format(vcpe_name,host))
1124 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1125 assert_equal(st,False)
1126 finally:
1127 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1128 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j ACCEPT'.format(vcpe_name,host))
1129 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1130 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1131 df.callback(0)
1132 reactor.callLater(0, vcpe_firewall, df)
1133 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1134
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1135 @deferred(TIMEOUT) #Fail
1136 def test_vsg_firewall_denying_destination_network(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1137 """
1138 Algo:
1139 1. Get vSG corresponding to vcpe
1140 2. Login to compute node
1141 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet
1142 4. From cord-tester ping to the denied IP address IP1 in the denied subnet
1143 5. Verifying that ping should not be successful
1144 6. From cord-tester ping to the denied IP address IP2 in the denied subnet
1145 7. Verifying that ping should not be successful
1146 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1147 if not vcpe_name:
1148 vcpe_name = self.vcpe_container
1149 if not vcpe_intf:
1150 vcpe_intf = self.vcpe_dhcp
1151 df = defer.Deferred()
1152 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1153 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1154 df.callback(0)
1155 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1156 network = '204.79.197.192/28'
1157 host1 = '204.79.197.203'
1158 host2 = '204.79.197.210'
1159 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1160 try:
1161 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp)
1162 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1163 assert_equal(st, False)
1164 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network))
1165 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1166 assert_equal(st, True)
1167 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1168 assert_equal(st,False)
1169 finally:
1170 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network))
1171 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
1172 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1173 df.callback(0)
1174 reactor.callLater(0, vcpe_firewall, df)
1175 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1176
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1177 @deferred(TIMEOUT)
1178 def test_vsg_firewall_denying_destination_network_subnet_modification(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1179 """
1180 Algo:
1181 1. Get vSG corresponding to vcpe
1182 2. Login to compute node
1183 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet
1184 4. From cord-tester ping to the denied IP address IP1 in the denied subnet
1185 5. Verifying that ping should not be successful
1186 6. From cord-tester ping to the denied IP address IP2 in the denied subnet
1187 7. Verifying that ping should not be successful
1188 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1189 if not vcpe_name:
1190 vcpe_name = self.vcpe_container
1191 if not vcpe_intf:
1192 vcpe_intf = self.vcpe_dhcp
1193 df = defer.Deferred()
1194 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1195 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1196 df.callback(0)
1197 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1198 network1 = '204.79.197.192/28'
1199 network2 = '204.79.197.192/27'
1200 host1 = '204.79.197.203'
1201 host2 = '204.79.197.210'
1202 host3 = '204.79.197.224'
1203 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1204 try:
1205 self.add_static_route_via_vcpe_interface([host1,host2,host3],vcpe=self.vcpe_dhcp)
1206 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1207 assert_equal(st, False)
1208 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network1))
1209 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1210 assert_equal(st, True)
1211 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1212 assert_equal(st,False)
1213 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP'.format(vcpe_name,network2))
1214 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1215 assert_equal(st, True)
1216 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1217 assert_equal(st, True)
1218 st, _ = getstatusoutput('ping -c 1 {}'.format(host3))
1219 assert_equal(st, False)
1220 finally:
1221 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network1))
1222 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network2))
1223 self.del_static_route_via_vcpe_interface([host1,host2,host3],vcpe=vcpe_intf)
1224 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1225 df.callback(0)
1226 reactor.callLater(0, vcpe_firewall, df)
1227 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1228
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1229 @deferred(TIMEOUT)
1230 def test_vsg_firewall_with_deny_source_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1231 """
1232 Algo:
1233 1. Get vSG corresponding to vcpe
1234 2. Login to compute node
1235 3. Execute iptable command on vcpe from compute node to deny a source IP
1236 4. From cord-tester ping to 8.8.8.8 from the denied IP
1237 5. Verifying that ping should not be successful
1238 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1239 if not vcpe_name:
1240 vcpe_name = self.vcpe_container
1241 if not vcpe_intf:
1242 vcpe_intf = self.vcpe_dhcp
1243 df = defer.Deferred()
1244 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1245 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1246 df.callback(0)
1247 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1248 host = '8.8.8.8'
1249 #source_ip = get_ip(self.vcpe_dhcp)
1250 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1251 try:
1252 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1253 source_ip = get_ip(self.vcpe_dhcp)
1254 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1255 assert_equal(st, False)
1256 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1257 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1258 assert_equal(st, True)
1259 finally:
1260 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1261 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1262 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1263 df.callback(0)
1264 reactor.callLater(0, vcpe_firewall, df)
1265 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1266
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1267 @deferred(TIMEOUT)
1268 def test_vsg_firewall_rule_with_add_and_delete_deny_source_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1269 """
1270 Algo:
1271 1. Get vSG corresponding to vcpe
1272 2. Login to compute node
1273 3. Execute iptable command on vcpe from compute node to deny a source IP
1274 4. From cord-tester ping to 8.8.8.8 from the denied IP
1275 5. Verifying that ping should not be successful
1276 6. Delete the iptable rule in vcpe
1277 7. From cord-tester ping to 8.8.8.8 from the denied IP
1278 8. Verifying the ping should success
1279 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1280 if not vcpe_name:
1281 vcpe_name = self.vcpe_container
1282 if not vcpe_intf:
1283 vcpe_intf = self.vcpe_dhcp
1284 df = defer.Deferred()
1285 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1286 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1287 df.callback(0)
1288 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1289 host = '8.8.8.8'
1290 source_ip = get_ip(self.vcpe_dhcp)
1291 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1292 try:
1293 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1294 source_ip = get_ip(self.vcpe_dhcp)
1295 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1296 assert_equal(st, False)
1297 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1298 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1299 assert_equal(st, True)
1300 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1301 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1302 assert_equal(st, False)
1303 finally:
1304 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1305 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1306 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1307 df.callback(0)
1308 reactor.callLater(0, vcpe_firewall, df)
1309 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1310
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1311 @deferred(TIMEOUT)
1312 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_requests_type(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1313 """
1314 Algo:
1315 1. Get vSG corresponding to vcpe
1316 2. Login to compute node
1317 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets
1318 4. From cord-tester ping to 8.8.8.8
1319 5. Verifying that ping should not be successful
1320 6. Delete the iptable rule
1321 7. From cord-tester ping to 8.8.8.8
1322 8. Verifying the ping should success
1323 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1324 if not vcpe_name:
1325 vcpe_name = self.vcpe_container
1326 if not vcpe_intf:
1327 vcpe_intf = self.vcpe_dhcp
1328 df = defer.Deferred()
1329 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1330 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1331 df.callback(0)
1332 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1333 host = '8.8.8.8'
1334 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1335 try:
1336 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1337 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1338 assert_equal(st, False)
1339 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1340 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1341 assert_equal(st, True)
1342 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1343 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1344 assert_equal(st, False)
1345 finally:
1346 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1347 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1348 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1349 df.callback(0)
1350 reactor.callLater(0, vcpe_firewall, df)
1351 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1352
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1353 @deferred(TIMEOUT)
1354 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1355 """
1356 Algo:
1357 1. Get vSG corresponding to vcpe
1358 2. Login to compute node
1359 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets
1360 4. From cord-tester ping to 8.8.8.8
1361 5. Verifying that ping should not be successful
1362 6. Delete the iptable rule
1363 7. From cord-tester ping to 8.8.8.8
1364 8. Verifying the ping should success
1365 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1366 if not vcpe_name:
1367 vcpe_name = self.vcpe_container
1368 if not vcpe_intf:
1369 vcpe_intf = self.vcpe_dhcp
1370 df = defer.Deferred()
1371 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1372 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1373 df.callback(0)
1374 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1375 host = '8.8.8.8'
1376 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1377 try:
1378 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1379 st, _ = getstatusoutput('ping -c 1 {}'.format('8.8.8.8'))
1380 assert_equal(st, False)
1381 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1382 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1383 assert_equal(st, True)
1384 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1385 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1386 assert_equal(st,False)
1387 finally:
1388 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1389 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1390 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1391 df.callback(0)
1392 reactor.callLater(0, vcpe_firewall, df)
1393 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1394
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1395 @deferred(TIMEOUT)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1396 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_requests_type(self, vcpe_name=None, vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1397 """
1398 Algo:
1399 1. Get vSG corresponding to vcpe
1400 2. Login to compute node
1401 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets
1402 4. From cord-tester ping to 8.8.8.8
1403 5. Verifying that ping should not be successful
1404 6. Insert another rule to accept the icmp-echo requests protocol packets
1405 7. From cord-tester ping to 8.8.8.8
1406 8. Verifying the ping should success
1407 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1408 if not vcpe_name:
1409 vcpe_name = self.vcpe_container
1410 if not vcpe_intf:
1411 vcpe_intf = self.vcpe_dhcp
1412 df = defer.Deferred()
1413 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1414 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1415 df.callback(0)
1416 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1417 host = '8.8.8.8'
1418 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1419 try:
1420 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1421 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1422 assert_equal(st, False)
1423 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1424 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1425 assert_equal(st, True)
1426 st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name))
1427 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1428 assert_equal(st,False)
1429 finally:
1430 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1431 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name))
1432 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1433 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1434 df.callback(0)
1435 reactor.callLater(0, vcpe_firewall, df)
1436 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1437
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1438 @deferred(TIMEOUT)
1439 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None):
1440 """
1441 Algo:
1442 1. Get vSG corresponding to vcpe
1443 2. Login to compute node
1444 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets
1445 4. From cord-tester ping to 8.8.8.8
1446 5. Verifying the ping should not success
1447 6. Insert another rule to accept the icmp-echo requests protocol packets
1448 7. From cord-tester ping to 8.8.8.8
1449 8. Verifying the ping should success
1450 """
1451 if not vcpe_name:
1452 vcpe_name = self.vcpe_container
1453 if not vcpe_intf:
1454 vcpe_intf = self.vcpe_dhcp
1455 df = defer.Deferred()
1456 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1457 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1458 df.callback(0)
1459 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1460 host = '8.8.8.8'
1461 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1462 try:
1463 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1464 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1465 assert_equal(st, False)
1466 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1467 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1468 assert_equal(st, True)
1469 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name))
1470 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1471 assert_equal(st,False)
1472 finally:
1473 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1474 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name))
1475 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1476 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1477 df.callback(0)
1478 reactor.callLater(0, vcpe_firewall, df)
1479 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1480
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1481 @deferred(TIMEOUT)
1482 def test_vsg_firewall_for_deny_icmp_protocol(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1483 """
1484 Algo:
1485 1. Get vSG corresponding to vcpe
1486 2. Login to compute node
1487 3. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1488 4. From cord-tester ping to 8.8.8.8
1489 5. Verifying that ping should not be successful
1490 6. Delete the iptable rule
1491 7. From cord-tester ping to 8.8.8.8
1492 8. Verifying the ping should success
1493 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1494 if not vcpe_name:
1495 vcpe_name = self.vcpe_container
1496 if not vcpe_intf:
1497 vcpe_intf = self.vcpe_dhcp
1498 df = defer.Deferred()
1499 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1500 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1501 df.callback(0)
1502 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1503 host = '8.8.8.8'
1504 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1505 try:
1506 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1507 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1508 assert_equal(st, False)
1509 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1510 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1511 assert_equal(st, True)
1512 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1513 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1514 assert_equal(st,False)
1515 finally:
1516 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1517 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1518 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1519 df.callback(0)
1520 reactor.callLater(0, vcpe_firewall, df)
1521 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1522
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1523 @deferred(TIMEOUT)
1524 def test_vsg_firewall_rule_deny_icmp_protocol_and_destination_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1525 """
1526 Algo:
1527 1. Get vSG corresponding to vcpe
1528 2. Login to compute node
1529 3. Execute iptable command on vcpe from compute node to deny a destination IP
1530 4. From cord-tester ping to 8.8.8.8
1531 5. Verifying that ping should not be successful
1532 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1533 7. From cord-tester ping to 8.8.8.8
1534 8. Verifying the ping should success
1535 9. Delete the rule added in step 3
1536 10. From cord-tester ping to 8.8.8.8
1537 11. Verifying that ping should not be successful
1538 12. Delete the rule added in step 6
1539 13. From cord-tester ping to 8.8.8.8
1540 14. Verifying the ping should success
1541 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1542 if not vcpe_name:
1543 vcpe_name = self.vcpe_container
1544 if not vcpe_intf:
1545 vcpe_intf = self.vcpe_dhcp
1546 df = defer.Deferred()
1547 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1548 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1549 df.callback(0)
1550 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1551 host = '8.8.8.8'
1552 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1553 try:
1554 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1555 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1556 assert_equal(st, False)
1557 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1558 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1559 assert_equal(st, True)
1560 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1561 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1562 assert_equal(st, True)
1563 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1564 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1565 assert_equal(st, True)
1566 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1567 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1568 assert_equal(st,False)
1569 finally:
1570 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1571 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1572 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1573 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1574 df.callback(0)
1575 reactor.callLater(0, vcpe_firewall, df)
1576 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1577
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1578 @deferred(TIMEOUT) #Fail
1579 def test_vsg_firewall_flushing_all_configured_rules(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1580 """
1581 Algo:
1582 1. Get vSG corresponding to vcpe
1583 2. Login to compute node
1584 3. Execute iptable command on vcpe from compute node to deny a destination IP
1585 4. From cord-tester ping to 8.8.8.8
1586 5. Verifying that ping should not be successful
1587 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1588 7. From cord-tester ping to 8.8.8.8
1589 8. Verifying the ping should success
1590 9. Flush all the iptable rules configuraed in vcpe
1591 10. Delete the rule added in step 6
1592 11. From cord-tester ping to 8.8.8.8
1593 12. Verifying the ping should success
1594 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1595 if not vcpe_name:
1596 vcpe_name = self.vcpe_container
1597 if not vcpe_intf:
1598 vcpe_intf = self.vcpe_dhcp
1599 df = defer.Deferred()
1600 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1601 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1602 df.callback(0)
1603 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1604 host = '8.8.8.8'
1605 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1606 try:
1607 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1608 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1609 assert_equal(st, False)
1610 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1611 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1612 assert_equal(st, True)
1613 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1614 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1615 assert_equal(st, True)
1616 st,output = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name))
1617 time.sleep(1)
1618 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1619 assert_equal(st, False)
1620 finally:
1621 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1622 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1623 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1624 df.callback(0)
1625 reactor.callLater(0, vcpe_firewall, df)
1626 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1627
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1628 @deferred(TIMEOUT)
1629 def test_vsg_firewall_deny_all_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1630 """
1631 Algo:
1632 1. Get vSG corresponding to vcpe
1633 2. Login to compute node
1634 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic
1635 4. From cord-tester ping to 8.8.8.8
1636 5. Verifying that ping should not be successful
1637 6. Delete the iptable rule added
1638 7. From cord-tester ping to 8.8.8.8
1639 8. Verifying the ping should success
1640 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1641 if not vcpe_name:
1642 vcpe_name = self.vcpe_container
1643 if not vcpe_intf:
1644 vcpe_intf = self.vcpe_dhcp
1645 df = defer.Deferred()
1646 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1647 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1648 df.callback(0)
1649 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1650 host = '8.8.8.8'
1651 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1652 try:
1653 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1654 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1655 assert_equal(st, False)
1656 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1657 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1658 assert_equal(st, True)
1659 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1660 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1661 assert_equal(st, False)
1662 finally:
1663 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1664 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1665 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1666 df.callback(0)
1667 reactor.callLater(0, vcpe_firewall, df)
1668 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1669
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1670 @deferred(TIMEOUT)
1671 def test_vsg_firewall_replacing_deny_rule_to_accept_rule_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1672 """
1673 Algo:
1674 1. Get vSG corresponding to vcpe
1675 2. Login to compute node
1676 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic
1677 4. From cord-tester ping to 8.8.8.8
1678 5. Verifying that ping should not be successful
1679 6. Replace the deny rule added in step 3 with accept rule
1680 7. From cord-tester ping to 8.8.8.8
1681 8. Verifying the ping should success
1682 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1683 if not vcpe_name:
1684 vcpe_name = self.vcpe_container
1685 if not vcpe_intf:
1686 vcpe_intf = self.vcpe_dhcp
1687 df = defer.Deferred()
1688 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1689 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1690 df.callback(0)
1691 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1692 host = '8.8.8.8'
1693 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1694 try:
1695 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1696 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1697 assert_equal(st, False)
1698 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1699 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1700 assert_equal(st, True)
1701 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -4 -j ACCEPT'.format(vcpe_name))
1702 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1703 assert_equal(st, False)
1704 finally:
1705 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1706 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1707 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1708 df.callback(0)
1709 reactor.callLater(0, vcpe_firewall, df)
1710 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1711
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1712 @deferred(TIMEOUT)
1713 def test_vsg_firewall_deny_all_traffic_coming_on_lan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
1714 """
1715 Algo:
1716 1. Get vSG corresponding to vcpe
1717 2. Login to compute node
1718 3. Execute iptable command on vcpe from compute node to deny all the traffic coming on lan interface inside vcpe container
1719 4. From cord-tester ping to 8.8.8.8
1720 5. Verifying the ping should not success
1721 6. Delete the iptable rule added
1722 7. From cord-tester ping to 8.8.8.8
1723 8. Verifying the ping should success
1724 """
1725 if not vcpe_name:
1726 vcpe_name = self.vcpe_container
1727 if not vcpe_intf:
1728 vcpe_intf = self.vcpe_dhcp
1729 df = defer.Deferred()
1730 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1731 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1732 df.callback(0)
1733 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1734 host = '8.8.8.8'
1735 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1736 try:
1737 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1738 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1739 assert_equal(st, False)
1740 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -j DROP'.format(vcpe_name))
1741 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1742 assert_equal(st, True)
1743 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name))
1744 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1745 assert_equal(st, False)
1746 finally:
1747 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name))
1748 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1749 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1750 df.callback(0)
1751 reactor.callLater(0, vcpe_firewall, df)
1752 return df
1753
1754 @deferred(TIMEOUT)
1755 def test_vsg_firewall_deny_all_traffic_going_out_of_wan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
1756 """
1757 Algo:
1758 1. Get vSG corresponding to vcpe
1759 2. Login to compute node
1760 3. Execute iptable command on vcpe from compute node to deny all the traffic going out of wan interface inside vcpe container
1761 4. From cord-tester ping to 8.8.8.8
1762 5. Verifying the ping should not success
1763 6. Delete the iptable rule added
1764 7. From cord-tester ping to 8.8.8.8
1765 8. Verifying the ping should success
1766 """
1767 if not vcpe_name:
1768 vcpe_name = self.vcpe_container
1769 if not vcpe_intf:
1770 vcpe_intf = self.vcpe_dhcp
1771 df = defer.Deferred()
1772 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1773 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1774 df.callback(0)
1775 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1776 host = '8.8.8.8'
1777 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1778 try:
1779 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1780 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1781 assert_equal(st, False)
1782 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -o eth0 -j DROP'.format(vcpe_name))
1783 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1784 assert_equal(st, True)
1785 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name))
1786 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1787 assert_equal(st, False)
1788 finally:
1789 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name))
1790 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1791 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1792 df.callback(0)
1793 reactor.callLater(0, vcpe_firewall, df)
1794 return df
1795
1796 @deferred(TIMEOUT)
1797 def test_vsg_firewall_deny_all_traffic_from_lan_to_wan_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1798 """
1799 Algo:
1800 1. Get vSG corresponding to vcpe
1801 2. Login to compute node
1802 3. Execute iptable command on vcpe from compute node to deny all the traffic from lan to wan interface in vcpe
1803 4. From cord-tester ping to 8.8.8.8
1804 5. Verifying that ping should not be successful
1805 6. Delete the iptable rule added
1806 7. From cord-tester ping to 8.8.8.8
1807 8. Verifying the ping should success
1808 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1809 if not vcpe_name:
1810 vcpe_name = self.vcpe_container
1811 if not vcpe_intf:
1812 vcpe_intf = self.vcpe_dhcp
1813 df = defer.Deferred()
1814 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1815 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1816 df.callback(0)
1817 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1818 host = '8.8.8.8'
1819 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1820 try:
1821 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1822 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1823 assert_equal(st, False)
1824 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1825 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1826 assert_equal(st, True)
1827 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1828 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1829 assert_equal(st, False)
1830 finally:
1831 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1832 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1833 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1834 df.callback(0)
1835 reactor.callLater(0, vcpe_firewall, df)
1836 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1837
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1838 #this test case needs modification.default route should be vcpe interface to run this test case
1839 @deferred(TIMEOUT)
1840 def test_vsg_firewall_deny_all_dns_traffic(self,vcpe_name=None,vcpe_intf=None):
1841 """
1842 Algo:
1843 1. Get vSG corresponding to vcpe
1844 2. Login to compute node
1845 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1846 4. From cord-tester ping to www.google.com
1847 5. Verifying the ping should not success
1848 6. Delete the iptable rule added
1849 7. From cord-tester ping to www.google.com
1850 8. Verifying the ping should success
1851 """
1852 if not vcpe_name:
1853 vcpe_name = self.vcpe_container
1854 if not vcpe_intf:
1855 vcpe_intf = self.vcpe_dhcp
1856 df = defer.Deferred()
1857 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1858 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1859 df.callback(0)
1860 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1861 host = 'www.msn.com'
1862 host_ip = '131.253.33.203'
1863 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1864 try:
1865 self.add_static_route_via_vcpe_interface([host_ip],vcpe=self.vcpe_dhcp)
1866 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1867 assert_equal(st, False)
1868 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name))
1869 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1870 assert_equal(st, True)
1871 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p udp --dport 53 -j ACCEPT'.format(vcpe_name))
1872 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1873 assert_equal(st, False)
1874 finally:
1875 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name))
1876 self.del_static_route_via_vcpe_interface([host_ip],vcpe=vcpe_intf)
1877 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1878 df.callback(0)
1879 reactor.callLater(0, vcpe_firewall, df)
1880 return df
1881
1882 @deferred(TIMEOUT)
1883 def test_vsg_firewall_deny_all_ipv4_traffic_vcpe_container_restart(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1884 """
1885 Algo:
1886 1. Get vSG corresponding to vcpe
1887 2. Login to compute node
1888 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1889 4. From cord-tester ping to www.google.com
1890 5. Verifying that ping should not be successful
1891 6. Delete the iptable rule added
1892 7. From cord-tester ping to www.google.com
1893 8. Verifying the ping should success
1894 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1895 if not vcpe_name:
1896 vcpe_name = self.vcpe_container
1897 if not vcpe_intf:
1898 vcpe_intf = self.vcpe_dhcp
1899 df = defer.Deferred()
1900 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1901 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1902 df.callback(0)
1903 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1904 host = '8.8.8.8'
1905 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1906 try:
1907 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1908 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1909 assert_equal(st, False)
1910 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1911 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1912 assert_equal(st, True)
1913 st,output = vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1914 time.sleep(3)
1915 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1916 assert_equal(st, False)
1917 finally:
1918 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1919 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1920 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1921 df.callback(0)
1922 reactor.callLater(0, vcpe_firewall, df)
1923 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1924
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1925 @deferred(TIMEOUT)
1926 def test_vsg_dnat_modifying_destination_ip(self,vcpe_name=None,vcpe_intf=None):
1927 """
1928 Algo:
1929 1. Get vSG corresponding to vcpe
1930 2. Login to compute node
1931 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1932 4. From cord-tester ping to www.google.com
1933 5. Verifying the ping should not success
1934 6. Delete the iptable rule added
1935 7. From cord-tester ping to www.google.com
1936 8. Verifying the ping should success
1937 """
1938 if not vcpe_name:
1939 vcpe_name = self.vcpe_container
1940 if not vcpe_intf:
1941 vcpe_intf = self.vcpe_dhcp
1942 df = defer.Deferred()
1943 def vcpe_firewall(df):
1944 host = '8.8.8.8'
1945 dst_ip = '123.123.123.123'
1946 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1947 try:
1948 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1949 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1950 assert_equal(st, False)
1951 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1952 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1953 assert_equal(st, True)
1954 finally:
1955 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1956 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1957 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1958 df.callback(0)
1959 reactor.callLater(0,vcpe_firewall,df)
1960 return df
1961
1962 @deferred(TIMEOUT)
1963 def test_vsg_dnat_modifying_destination_ip_and_delete(self,vcpe_name=None,vcpe_intf=None):
1964 """
1965 Algo:
1966 1. Get vSG corresponding to vcpe
1967 2. Login to compute node
1968 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1969 4. From cord-tester ping to www.google.com
1970 5. Verifying the ping should not success
1971 6. Delete the iptable rule added
1972 7. From cord-tester ping to www.google.com
1973 8. Verifying the ping should success
1974 """
1975 if not vcpe_name:
1976 vcpe_name = self.vcpe_container
1977 if not vcpe_intf:
1978 vcpe_intf = self.vcpe_dhcp
1979 df = defer.Deferred()
1980 def vcpe_firewall(df):
1981 host = '8.8.8.8'
1982 dst_ip = '123.123.123.123'
1983 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1984 try:
1985 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1986 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1987 assert_equal(st, False)
1988 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1989 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1990 assert_equal(st, True)
1991 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1992 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1993 assert_equal(st, False)
1994 finally:
1995 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1996 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1997 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1998 df.callback(0)
1999 reactor.callLater(0,vcpe_firewall,df)
2000 return df
2001
2002 @deferred(TIMEOUT)
2003 def test_vsg_dnat_change_modifying_destination_ip_address(self,vcpe_name=None,vcpe_intf=None):
2004 """
2005 Algo:
2006 1. Get vSG corresponding to vcpe
2007 2. Login to compute node
2008 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
2009 4. From cord-tester ping to www.google.com
2010 5. Verifying the ping should not success
2011 6. Delete the iptable rule added
2012 7. From cord-tester ping to www.google.com
2013 8. Verifying the ping should success
2014 """
2015 if not vcpe_name:
2016 vcpe_name = self.vcpe_container
2017 if not vcpe_intf:
2018 vcpe_intf = self.vcpe_dhcp
2019 df = defer.Deferred()
2020 def vcpe_firewall(df):
2021 host = '8.8.8.8'
2022 dst_ip = '123.123.123.123'
2023 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
2024 try:
2025 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
2026 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2027 assert_equal(st, False)
2028 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
2029 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2030 assert_equal(st, True)
2031 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -R PREROUTING 1 -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,host))
2032 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2033 assert_equal(st, False)
2034 finally:
2035 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
2036 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,host))
2037 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
2038 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
2039 df.callback(0)
2040 reactor.callLater(0,vcpe_firewall,df)
2041 return df
2042
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2043 def vsg_xos_subscriber_create(self, index):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]2044 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]2045 return
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2046 subscriber_info = self.subscriber_info[index]
2047 volt_subscriber_info = self.volt_subscriber_info[index]
A R Karthickd0b06792017-04-25 15:11:23 -0700[diff] [blame]2048 s_tag = int(volt_subscriber_info['voltTenant']['s_tag'])
2049 c_tag = int(volt_subscriber_info['voltTenant']['c_tag'])
2050 vcpe = 'vcpe-{}-{}'.format(s_tag, c_tag)
2051 log.info('Creating tenant with s_tag: %d, c_tag: %d' %(s_tag, c_tag))
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]2052 subId = ''
2053 try:
2054 result = self.restApiXos.ApiPost('TENANT_SUBSCRIBER', subscriber_info)
2055 assert_equal(result, True)
2056 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
2057 assert_not_equal(result, None)
2058 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
2059 assert_not_equal(subId, '0')
2060 log.info('Subscriber ID for account num %d = %s' %(volt_subscriber_info['account_num'], subId))
2061 volt_tenant = volt_subscriber_info['voltTenant']
2062 #update the subscriber id in the tenant info before making the rest
2063 volt_tenant['subscriber'] = subId
2064 result = self.restApiXos.ApiPost('TENANT_VOLT', volt_tenant)
2065 assert_equal(result, True)
2066 #if the vsg instance was already instantiated, then reduce delay
2067 if c_tag % self.subscribers_per_s_tag == 0:
2068 delay = 350
2069 else:
2070 delay = 90
2071 log.info('Delaying %d seconds for the VCPE to be provisioned' %(delay))
2072 time.sleep(delay)
2073 log.info('Testing for external connectivity to VCPE %s' %(vcpe))
2074 self.vsg_for_external_connectivity(index)
2075 finally:
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2076 return subId
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]2077
2078 def vsg_xos_subscriber_delete(self, index, subId = ''):
2079 if self.on_pod is False:
2080 return
2081 subscriber_info = self.subscriber_info[index]
2082 volt_subscriber_info = self.volt_subscriber_info[index]
2083 s_tag = int(volt_subscriber_info['voltTenant']['s_tag'])
2084 c_tag = int(volt_subscriber_info['voltTenant']['c_tag'])
2085 vcpe = 'vcpe-{}-{}'.format(s_tag, c_tag)
2086 log.info('Deleting tenant with s_tag: %d, c_tag: %d' %(s_tag, c_tag))
2087 if not subId:
2088 #get the subscriber id first
2089 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
2090 assert_not_equal(result, None)
2091 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
2092 assert_not_equal(subId, '0')
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]2093 #get the volt id for the subscriber
2094 result = self.restApiXos.ApiGet('TENANT_VOLT')
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]2095 assert_not_equal(result, None)
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]2096 voltId = self.getVoltId(result, subId)
2097 assert_not_equal(voltId, None)
A R Karthicka385cea2017-04-26 10:12:43 -0700[diff] [blame]2098 log.info('Deleting subscriber ID %s for account num %d' %(subId, volt_subscriber_info['account_num']))
2099 status = self.restApiXos.ApiDelete('TENANT_SUBSCRIBER', subId)
2100 assert_equal(status, True)
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]2101 #Delete the tenant
2102 log.info('Deleting VOLT Tenant ID %s for subscriber %s' %(voltId, subId))
A R Karthick76944872017-04-26 10:21:37 -0700[diff] [blame]2103 self.restApiXos.ApiDelete('TENANT_VOLT', voltId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2104
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame]2105 def vsg_xos_subscriber_id(self, index):
2106 volt_subscriber_info = self.volt_subscriber_info[index]
2107 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
2108 assert_not_equal(result, None)
2109 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
2110 return subId
2111
2112 def test_vsg_xos_subscriber_create_all(self):
2113 for index in xrange(len(self.subscriber_info)):
2114 #check if the index exists
2115 subId = self.vsg_xos_subscriber_id(index)
2116 if subId and subId != '0':
2117 self.vsg_xos_subscriber_delete(index, subId = subId)
2118 subId = self.vsg_xos_subscriber_create(index)
2119 log.info('Created Subscriber %s' %(subId))
2120
2121 def test_vsg_xos_subscriber_delete_all(self):
2122 for index in xrange(len(self.subscriber_info)):
2123 subId = self.vsg_xos_subscriber_id(index)
2124 if subId and subId != '0':
2125 self.vsg_xos_subscriber_delete(index, subId = subId)
2126
2127 def test_vsg_xos_subscriber_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2128 subId = self.vsg_xos_subscriber_create(0)
2129 if subId and subId != '0':
2130 self.vsg_xos_subscriber_delete(0, subId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2131
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame]2132 def test_vsg_xos_subscriber_2_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2133 subId = self.vsg_xos_subscriber_create(1)
2134 if subId and subId != '0':
2135 self.vsg_xos_subscriber_delete(1, subId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2136
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame]2137 def test_vsg_xos_subscriber_3_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2138 subId = self.vsg_xos_subscriber_create(2)
2139 if subId and subId != '0':
2140 self.vsg_xos_subscriber_delete(2, subId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2141
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame]2142 def test_vsg_xos_subscriber_4_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2143 subId = self.vsg_xos_subscriber_create(3)
2144 if subId and subId != '0':
2145 self.vsg_xos_subscriber_delete(3, subId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2146
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame]2147 def test_vsg_xos_subscriber_5_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2148 subId = self.vsg_xos_subscriber_create(4)
2149 if subId and subId != '0':
2150 self.vsg_xos_subscriber_delete(4, subId)
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]2151
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2152 def test_vsg_with_xos_subscriber_creating_firewall(self,index=4):
2153 log.info('cls.dhcp_vcpes is %s'%self.dhcp_vcpes)
Chetan Gaonker4cff4432017-05-01 17:56:56 +0000[diff] [blame]2154 host = '8.8.8.8'
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2155 self.vsg_xos_subscriber_delete(4, 3)
2156 subId = self.vsg_xos_subscriber_create(index)
2157 if subId and subId != '0':
2158 subscriber_info = self.subscriber_info[index]
2159 volt_subscriber_info = self.volt_subscriber_info[index]
2160 s_tag = int(volt_subscriber_info['voltTenant']['s_tag'])
2161 c_tag = int(volt_subscriber_info['voltTenant']['c_tag'])
2162 vcpe = 'vcpe-{}-{}'.format(s_tag, c_tag)
2163 vcpe_intf = self.dhcp_vcpes[index] #'vcpe{}.{}.{}'.format(s_tag, c_tag)
2164 vsg = VSGAccess.get_vcpe_vsg(vcpe)
2165 try:
2166 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
2167 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2168 assert_equal(st, False)
2169 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe,host))
2170 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2171 assert_equal(st, True)
2172 st,_ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe,host))
2173 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2174 assert_equal(st, False)
2175 finally:
2176 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe,host))
2177 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
2178 vsg.run_cmd('sudo docker restart {}'.format(vcpe))
2179 self.vsg_xos_subscriber_delete(4, subId)
2180 self.vsg_xos_subscriber_delete(4, subId)
Chetan Gaonker4cff4432017-05-01 17:56:56 +0000[diff] [blame]2181
Anil Kumar Sankaf2e10282017-05-08 22:49:39 +0000[diff] [blame]2182 def get_example_service_vm_public_ip(self,vm='mysite_exampleservice'):
2183 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
2184 cmd = "nova list --all-tenants|grep {}|cut -d '|' -f 2".format(vm)
2185 status, nova_id = ssh_agent.run_cmd(cmd)
2186 assert_equal(status, True)
2187 #Get public IP of VM
2188 cmd = 'nova interface-list {} |grep -o -m 1 10\.6\.[[:digit:]]*\.[[:digit:]]*'.format(nova_id)
2189 status, public_ip = ssh_agent.run_cmd(cmd)
2190 assert_equal(status, True)
2191 return public_ip
2192
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2193 def test_onboarding_example_service(self):
2194 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
2195 #Wait for ExampleService VM to come up
2196 cmd = "nova list --all-tenants|grep 'exampleservice.*ACTIVE'"
2197 status, output = ssh_agent.run_cmd(cmd)
2198 assert_equal(status, True)
2199 #Get ID of VM
2200 cmd = "nova list --all-tenants|grep mysite_exampleservice|cut -d '|' -f 2"
2201 status, nova_id = ssh_agent.run_cmd(cmd)
2202 assert_equal(status, True)
2203 #Get mgmt IP of VM
2204 cmd = 'nova interface-list {} |grep -o -m 1 172\.27\.[[:digit:]]*\.[[:digit:]]*'.format(nova_id)
2205 status, mgmt_ip = ssh_agent.run_cmd(cmd)
2206 assert_equal(status, True)
2207 #Get public IP of VM
2208 cmd = 'nova interface-list {} |grep -o -m 1 10\.6\.[[:digit:]]*\.[[:digit:]]*'.format(nova_id)
2209 status, public_ip = ssh_agent.run_cmd(cmd)
2210 assert_equal(status, True)
2211 #Get name of compute node
2212 cmd = "nova service-list|grep nova-compute|cut -d '|' -f 3"
2213 status, compute_node = ssh_agent.run_cmd(cmd)
2214 assert_equal(status, True)
2215 #Wait for Apache to come up inside VM
2216 cmd = "ssh -o ProxyCommand='ssh -W %h:%p -l ubuntu {}' ubuntu@{} 'ls /var/run/apache2/apache2.pid'".fromat(compute_node,mgmt_ip)
2217 #Make sure testclient has default route to vSG
2218 cmd = "lxc exec testclient -- route | grep default | grep eth0.222.111"
2219 status, output = ssh_agent.run_cmd(cmd)
2220 assert_equal(status, True)
2221 cmd = 'lxc exec testclient -- apt-get install -y curl'
2222 status, output = ssh_agent.run_cmd(cmd)
2223 assert_equal(status, True)
2224 #Test connectivity to ExampleService from test client
2225 cmd = 'lxc exec testclient -- curl -s http://{}'.format(public_ip)
2226 status, output = ssh_agent.run_cmd(cmd)
2227 assert_equal(status, True)
2228
2229 def test_vsg_onboarding_example_service(self):
2230 if not vcpe_intf:
2231 vcpe_intf = self.dhcp_vcpes_reserved[0]
2232 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
2233 cmd = "nova list --all-tenants|grep mysite_exampleservice|cut -d '|' -f 2"
2234 status, nova_id = ssh_agent.run_cmd(cmd)
2235 assert_equal(status, True)
2236 #Get public IP of VM
2237 cmd = 'nova interface-list {} |grep -o -m 1 10\.6\.[[:digit:]]*\.[[:digit:]]*'.format(nova_id)
2238 status, public_ip = ssh_agent.run_cmd(cmd)
2239 assert_equal(status, True)
2240 try:
2241 self.add_static_route_via_vcpe_interface([public_ip],vcpe=vcpe_intf)
2242 #curl request from test container
2243 cmd = 'curl -s http://{}'.format(public_ip)
2244 st,_ = getstatusoutput(cmd)
2245 assert_equal(st, True)
2246 finally:
2247 self.del_static_route_via_vcpe_interface([public_ip],vcpe=vcpe_intf)
2248
2249 def test_subscriber_validating_example_service_after_subscriber_interface_toggle(self,vcpe_intf=None):
2250 if not vcpe_intf:
2251 vcpe_intf = self.dhcp_vcpes_reserved[0]
2252 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
2253 #Get public IP of VM
2254 cmd = "nova list --all-tenants|grep mysite_exampleservice|cut -d '|' -f 2"
2255 status, nova_id = ssh_agent.run_cmd(cmd)
2256 assert_equal(status, True)
2257 cmd = 'nova interface-list {} |grep -o -m 1 10\.6\.[[:digit:]]*\.[[:digit:]]*'.format(nova_id)
2258 status, public_ip = ssh_agent.run_cmd(cmd)
2259 assert_equal(status, True)
2260 try:
2261 self.add_static_route_via_vcpe_interface([public_ip],vcpe=vcpe_intf)
2262 #curl request from test container
2263 cmd = 'curl -s http://{}'.format(public_ip)
2264 st,_ = getstatusoutput(cmd)
2265 assert_equal(st, True)
2266 st,_ = getstatusoutput('ifconfig {} down'.format(vcpe_intf))
2267 assert_equal(st, True)
2268 st,_ = getstatusoutput(cmd)
2269 assert_equal(st, True)
2270 finally:
2271 self.del_static_route_via_vcpe_interface([public_ip],vcpe=vcpe_intf)
2272
2273 def test_subscriber_example_service_after_service_restart(self, vcpe_intf=None):
2274 if not vcpe_intf:
2275 vcpe_intf = self.dhcp_vcpes_reserved[0]
2276 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
2277 cmd = "nova list --all-tenants|grep mysite_exampleservice|cut -d '|' -f 2"
2278 status, nova_id = ssh_agent.run_cmd(cmd)
2279 assert_equal(status, True)
2280 #Get public IP of VM
2281 cmd = 'nova interface-list {} |grep -o -m 1 10\.6\.[[:digit:]]*\.[[:digit:]]*'.format(nova_id)
2282 status, public_ip = ssh_agent.run_cmd(cmd)
2283 assert_equal(status, True)
2284 try:
2285 self.add_static_route_via_vcpe_interface([public_ip],vcpe=vcpe_intf)
2286 #curl request from test container
2287 curl_cmd = 'curl -s http://{}'.format(public_ip)
2288 st,_ = getstatusoutput(curl_cmd)
2289 assert_equal(st, True)
2290 #restarting example service VM
2291 cmd = 'nova reset-state {}'.format(nova_id)
2292 status, _ = ssh_agent.run_cmd(cmd)
2293 assert_equal(status, True)
2294 time.sleep(10)
2295 st,_ = getstatusoutput(curl_cmd)
2296 assert_equal(st, True)
2297 finally:
2298 self.del_static_route_via_vcpe_interface([public_ip],vcpe=vcpe_intf)
Chetan Gaonker4cff4432017-05-01 17:56:56 +0000[diff] [blame]2299
Anil Kumar Sankaf2e10282017-05-08 22:49:39 +0000[diff] [blame]2300 def test_vsg_for_subcriber_with_example_service_running_apache_server_after_service_stop(self, vcpe_intf=None):
2301 if not vcpe_intf:
2302 vcpe_intf = self.dhcp_vcpes_reserved[0]
2303 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
2304 cmd = "nova list --all-tenants|grep mysite_exampleservice|cut -d '|' -f 2"
2305 status, nova_id = ssh_agent.run_cmd(cmd)
2306 assert_equal(status, True)
2307 #Get public IP of VM
2308 cmd = 'nova interface-list {} |grep -o -m 1 10\.6\.[[:digit:]]*\.[[:digit:]]*'.format(nova_id)
2309 status, public_ip = ssh_agent.run_cmd(cmd)
2310 assert_equal(status, True)
2311 try:
2312 self.add_static_route_via_vcpe_interface([public_ip],vcpe=vcpe_intf)
2313 #curl request from test container
2314 curl_cmd = 'curl -s http://{}'.format(public_ip)
2315 st,_ = getstatusoutput(curl_cmd)
2316 assert_equal(st, True)
2317 #restarting example service VM
2318 cmd = 'nova stop {}'.format(nova_id)
2319 status, _ = ssh_agent.run_cmd(cmd)
2320 assert_equal(status, True)
2321 time.sleep(1)
2322 st,_ = getstatusoutput(curl_cmd)
2323 assert_equal(st, False)
2324 cmd = 'nova start {}'.format(nova_id)
2325 status, _ = ssh_agent.run_cmd(cmd)
2326 assert_equal(status, True)
2327 time.sleep(1)
2328 st,_ = getstatusoutput(curl_cmd)
2329 assert_equal(st, True)
2330 finally:
2331 self.del_static_route_via_vcpe_interface([public_ip],vcpe=vcpe_intf)
2332
2333 def test_vsg_for_multiple_subcribers_with_same_example_service_running_apache_server(self):
2334 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
2335 cmd = "nova list --all-tenants|grep mysite_exampleservice|cut -d '|' -f 2"
2336 status, nova_id = ssh_agent.run_cmd(cmd)
2337 assert_equal(status, True)
2338 #Get public IP of VM
2339 cmd = 'nova interface-list {} |grep -o -m 1 10\.6\.[[:digit:]]*\.[[:digit:]]*'.format(nova_id)
2340 status, public_ip = ssh_agent.run_cmd(cmd)
2341 assert_equal(status, True)
2342 for vcpe in self.dhcp_vcpes:
2343 self.add_static_route_via_vcpe_interface([public_ip],vcpe=vcpe)
2344 #curl request from test container
2345 curl_cmd = 'curl -s http://{}'.format(public_ip)
2346 st,_ = getstatusoutput(curl_cmd)
2347 assert_equal(st, True)
2348 self.del_static_route_via_vcpe_interface([public_ip],vcpe=vcpe)
2349 time.sleep(1)
2350
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]2351 def test_vsg_for_dns_service(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2352 """
2353 Algo:
2354 1. Create a test client in Prod VM
2355 2. Create a vCPE container in vSG VM inside compute Node
2356 3. Ensure vSG VM and vCPE container created properly
2357 4. Enable dns service in vCPE ( if not by default )
2358 5. Send ping request from test client to valid domain address say, 'www.google'com
2359 6. Verify that dns should resolve ping should success
2360 7. Now send ping request to invalid domain address say 'www.invalidaddress'.com'
2361 8. Verify that dns resolve should fail and hence ping
2362 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2363
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2364 def test_vsg_with_10_subscribers_for_same_service(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2365 """
2366 Algo:
2367 1.Create a vSG VM in compute node
2368 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
2369 3.Ensure vSG VM and vCPE container created properly
2370 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to valid external public IP
2371 5.Verify that ping success for all 10 subscribers
2372 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2373
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2374 def test_vsg_with_subscribers_for_same_service(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2375 """
2376 Algo:
2377 1.Create a vSG VM in compute node
2378 2.Create 100 vCPE containers for 100 subscribers, in vSG VM
2379 3.Ensure vSG VM and vCPE container created properly
2380 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to valid external public IP
2381 5.Verify that ping success for all 100 subscribers
2382 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2383
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2384 def test_vsg_for_packet_received_with_invalid_ip_fields(self):
2385 """
2386 Algo:
2387 1.Create a vSG VM in compute node
2388 2.Create a vCPE container in vSG VM
2389 3.Ensure vSG VM and vCPE container created properly
2390 4.From subscriber, send a ping packet with invalid ip fields
2391 5.Verify that vSG drops the packet
2392 6.Verify ping fails
2393 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2394
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2395 def test_vsg_for_packet_received_with_invalid_mac_fields(self):
2396 """
2397 Algo:
2398 1.Create a vSG VM in compute node
2399 2.Create a vCPE container in vSG VM
2400 3.Ensure vSG VM and vCPE container created properly
2401 4.From subscriber, send a ping packet with invalid mac fields
2402 5.Verify that vSG drops the packet
2403 6.Verify ping fails
2404 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2405
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2406 def test_vsg_for_vlan_id_mismatch_in_stag(self):
2407 """
2408 Algo:
2409 1.Create a vSG VM in compute Node
2410 2.Create a vCPE container in vSG VM
2411 3.Ensure vSG VM and vCPE container created properly
2412 4.Send a ping request to external valid IP from subscriber, with incorrect vlan id in s-tag and valid c-tag
2413 5.Verify that ping fails as the packet drops at VM entry
2414 6.Repeat step 4 with correct s-tag
2415 7.Verify that ping success
2416 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2417
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2418 def test_vsg_for_vlan_id_mismatch_in_ctag(self):
2419 """
2420 Algo:
2421 1.Create a vSG VM in compute node
2422 2.Create a vCPE container in vSG VM
2423 3.Ensure vSG VM and vCPE container created properly
2424 4.Send a ping request to external valid IP from subscriber, with valid s-tag and incorrect vlan id in c-tag
2425 5.Verify that ping fails as the packet drops at vCPE container entry
2426 6.Repeat step 4 with valid s-tag and c-tag
2427 7.Verify that ping success
2428 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2429
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2430 def test_vsg_for_matching_and_mismatching_vlan_id_in_stag(self):
2431 """
2432 Algo:
2433 1.Create two vSG VMs in compute node
2434 2.Create a vCPE container in each vSG VM
2435 3.Ensure vSG VM and vCPE container created properly
2436 4.From subscriber one, send ping request with valid s and c tags
2437 5.From subscriber two, send ping request with vlan id mismatch in s-tag and valid c tags
2438 6.Verify that ping success for only subscriber one and fails for two.
2439 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2440
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2441 def test_vsg_for_matching_and_mismatching_vlan_id_in_ctag(self):
2442 """
2443 Algo:
2444 1.Create a vSG VM in compute node
2445 2.Create two vCPE containers in vSG VM
2446 3.Ensure vSG VM and vCPE container created properly
2447 4.From subscriber one, send ping request with valid s and c tags
2448 5.From subscriber two, send ping request with valid s-tag and vlan id mismatch in c-tag
2449 6.Verify that ping success for only subscriber one and fails for two
2450 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2451
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2452 def test_vsg_for_out_of_range_vlanid_in_ctag(self):
2453 """
2454 Algo:
2455 1.Create a vSG VM in compute node
2456 2.Create a vCPE container in vSG VM
2457 3.Ensure vSG VM and vCPE container created properly
2458 4.From subscriber, send ping request with valid stag and vlan id in c-tag is an out of range value ( like 0,4097 )
2459 4.Verify that ping fails as the ping packets drops at vCPE container entry
2460 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2461
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2462 def test_vsg_for_out_of_range_vlanid_in_stag(self):
2463 """
2464 Algo:
2465 1.Create a vSG VM in compute node
2466 2.Create a vCPE container in vSG VM
2467 3.Ensure vSG VM and vCPE container created properly
2468 2.From subscriber, send ping request with vlan id in s-tag is an out of range value ( like 0,4097 ), with valid c-tag
2469 4.Verify that ping fails as the ping packets drops at vSG VM entry
2470 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2471
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2472 def test_vsg_without_creating_vcpe_instance(self):
2473 """
2474 Algo:
2475 1.Create a vSG VM in compute Node
2476 2.Ensure vSG VM created properly
2477 3.Do not create vCPE container inside vSG VM
2478 4.From a subscriber, send ping to external valid IP
2479 5.Verify that ping fails as the ping packet drops at vSG VM entry itself.
2480 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2481
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2482 def test_vsg_for_remove_vcpe_instance(self):
2483 """
2484 Algo:
2485 1.Create a vSG VM in compute node
2486 2.Create a vCPE container in vSG VM
2487 3.Ensure vSG VM and vCPE container created properly
2488 4.From subscriber, send ping request with valid s-tag and c-tag
2489 5.Verify that ping success
2490 6.Verify ping success flows in OvS switch in compute node
2491 7.Now remove the vCPE container in vSG VM
2492 8.Ensure that the container removed properly
2493 9.Repeat step 4
2494 10.Verify that now, ping fails
2495 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2496
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2497 def test_vsg_for_restarting_vcpe_instance(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2498 """
2499 Algo:
2500 1.Create a vSG VM in compute node
2501 2.Create a vCPE container in vSG VM
2502 3.Ensure vSG VM and vCPE container created properly
2503 4.From subscriber, send ping request with valid s-tag and c-tag
2504 5.Verify that ping success
2505 6.Verify ping success flows in OvS switch in compute node
2506 7.Now restart the vCPE container in vSG VM
2507 8.Ensure that the container came up after restart
2508 9.Repeat step 4
2509 10.Verify that now,ping gets success and flows added in OvS
2510 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2511
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2512 def test_vsg_for_restarting_vsg_vm(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2513 """
2514 Algo:
2515 1.Create a vSG VM in compute node
2516 2.Create a vCPE container in vSG VM
2517 3.Ensure vSG VM and vCPE container created properly
2518 4.From subscriber, send ping request with valid s-tag and c-tag
2519 5.Verify that ping success
2520 6.Verify ping success flows in OvS switch in compute node
2521 7.Now restart the vSG VM
2522 8.Ensure that the vSG comes up properly after restart
2523 9.Verify that vCPE container comes up after vSG restart
2524 10.Repeat step 4
2525 11.Verify that now,ping gets success and flows added in OvS
2526 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2527
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2528 def test_vsg_for_pause_of_vcpe_instance(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2529 """
2530 Algo:
2531 1.Create a vSG VM in compute node
2532 2.Create a vCPE container in vSG VM
2533 3.Ensure vSG VM and vCPE container created properly
2534 4.From subscriber, send ping request with valid s-tag and c-tag
2535 5.Verify that ping success
2536 6.Verify ping success flows in OvS switch in compute node
2537 7.Now pause vCPE container in vSG VM for a while
2538 8.Ensure that the container state is pause
2539 9.Repeat step 4
2540 10.Verify that now,ping fails now and verify flows in OvS
2541 11.Now resume the container
2542 12.Now repeat step 4 again
2543 13.Verify that now, ping gets success
2544 14.Verify ping success flows in OvS
2545 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2546
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2547 def test_vsg_for_extracting_all_compute_stats_from_all_vcpe_containers(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2548 """
2549 Algo:
2550 1.Create a vSG VM in compute node
2551 2.Create 10 vCPE containers in VM
2552 3.Ensure vSG VM and vCPE containers created properly
2553 4.Login to all vCPE containers
2554 4.Get all compute stats from all vCPE containers
2555 5.Verify the stats # verification method need to add
2556 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2557
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2558 def test_vsg_for_extracting_dns_stats_from_all_vcpe_containers(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2559 """
2560 Algo:
2561 1.Create a vSG VM in compute node
2562 2.Create 10 vCPE containers in VM
2563 3.Ensure vSG VM and vCPE containers created properly
2564 4.From 10 subscribers, send ping to valid and invalid dns hosts
2565 5.Verify dns resolves and ping success for valid dns hosts
2566 6.Verify ping fails for invalid dns hosts
2567 7.Verify dns host name resolve flows in OvS
2568 8.Login to all 10 vCPE containers
2569 9.Extract all dns stats
2570 10.Verify dns stats for queries sent, queries received for dns host resolve success and failed scenarios
2571 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2572
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2573 def test_subscriber_access_for_two_vsg_services(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2574 """
2575 # Intention is to verify if subscriber can reach internet via two vSG VMs
2576 Algo:
2577 1.Create two vSG VMs for two services in compute node
2578 2.Create one vCPE container in each VM for one subscriber
2579 3.Ensure VMs and containers created properly
2580 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2581 5.Verify ping gets success
2582 6.Verify ping success flows in OvS
2583 7.Now repeat step 4 with stag corresponds to vSG-2 VM
2584 8.Verify that ping again success
2585 9.Verify ping success flows in OvS
2586 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2587
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2588 def test_subscriber_access_if_vsg1_goes_down(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2589 """
2590 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
2591 Algo:
2592 1.Create two vSG VMs for two services in compute node
2593 2.Create one vCPE container in each VM for one subscriber
2594 3.Ensure VMs and containers created properly
2595 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2596 5.Verify ping gets success
2597 6.Verify ping success flows in OvS
2598 7.Down the vSG-1 VM
2599 8.Now repeat step 4
2600 9.Verify that ping fails as vSG-1 is down
2601 10.Repeat step 4 with stag corresponding to vSG-2
2602 9.Verify ping success and flows added in OvS
2603 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2604
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2605 def test_subscriber_access_if_vsg2_goes_down(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2606 """
2607 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
2608 Algo:
2609 1.Create two vSG VMs for two services in compute node
2610 2.Create one vCPE container in each VM for one subscriber
2611 3.Ensure VMs and containers created properly
2612 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2613 5.Verify ping gets success
2614 6.Verify ping success flows added in OvS
2615 7.Now restart vSG-1 VM
2616 8.Now repeat step 4 while vSG-1 VM restarts
2617 9.Verify that ping fails as vSG-1 is restarting
2618 10.Repeat step 4 with stag corresponding to vSG-2 while vSG-1 VM restarts
2619 11.Verify ping success and flows added in OvS
2620 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2621
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2622 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_going_down(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2623 """
2624 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
2625 Algo:
2626 1.Create a vSG VM in compute node
2627 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2628 3.Ensure VM and containers created properly
2629 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2630 5.Verify ping gets success
2631 6.Verify ping success flows added in OvS
2632 7.Now stop vCPE-1 container
2633 8.Now repeat step 4
2634 9.Verify that ping fails as vCPE-1 container is down
2635 10.Repeat step 4 with ctag corresponding to vCPE-2 container
2636 11.Verify ping success and flows added in OvS
2637 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2638
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2639 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_restart(self):
2640 """
2641 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
2642 Algo:
2643 1.Create a vSG VM in compute node
2644 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2645 3.Ensure VM and containers created properly
2646 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2647 5.Verify ping gets success
2648 6.Verify ping success flows added in OvS
2649 7.Now restart vCPE-1 container
2650 8.Now repeat step 4 while vCPE-1 restarts
2651 9.Verify that ping fails as vCPE-1 container is restarts
2652 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 restarts
2653 11..Verify ping success and flows added in OvS
2654 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2655
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2656 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_paused(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2657 """
2658 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 paused
2659 Algo:
2660 1.Create a vSG VM in compute node
2661 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2662 3.Ensure VM and containers created properly
2663 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2664 5.Verify ping gets success
2665 6.Verify ping success flows added in OvS
2666 7.Now pause vCPE-1 container
2667 8.Now repeat step 4 while vCPE-1 in pause state
2668 9.Verify that ping fails as vCPE-1 container in pause state
2669 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 in pause state
2670 11.Verify ping success and flows added in OvS
2671 """
2672 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_removed(self):
2673 """
2674 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 removed
2675 Algo:
2676 1.Create a vSG VM in compute node
2677 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2678 3.Ensure VM and containers created properly
2679 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2680 5.Verify ping gets success
2681 6.Verify ping success flows added in OvS
2682 7.Now remove vCPE-1 container
2683 8.Now repeat step 4
2684 9.Verify that ping fails as vCPE-1 container removed
2685 10.Repeat step 4 with ctag corresponding to vCPE-2 container
2686 11.Verify ping success and flows added in OvS
2687 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2688
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2689 def test_vsg_for_vcpe_instance_removed_and_added_again(self):
2690 """
2691 Algo:
2692 1.Create a vSG VM in compute node
2693 2.Create a vCPE container in vSG VM
2694 3.Ensure VM and containers created properly
2695 4.From subscriber end, send ping to public IP
2696 5.Verify ping gets success
2697 6.Verify ping success flows added in OvS
2698 7.Now remove vCPE container in vSG VM
2699 8.Now repeat step 4
2700 9.Verify that ping fails as vCPE container removed
2701 10.Create the vCPE container again for the same subscriber
2702 11.Ensure that vCPE created now
2703 12.Now repeat step 4
2704 13.Verify ping success and flows added in OvS
2705 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2706
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2707 def test_vsg_for_vsg_vm_removed_and_added_again(self):
2708 """
2709 Algo:
2710 1.Create a vSG VM in compute node
2711 2.Create a vCPE container in vSG VM
2712 3.Ensure VM and containers created properly
2713 4.From subscriber end, send ping to public IP
2714 5.Verify ping gets success
2715 6.Verify ping success flows added in OvS
2716 7.Now remove vSG VM
2717 8.Now repeat step 4
2718 9.Verify that ping fails as vSG VM not exists
2719 10.Create the vSG VM and vCPE container in VM again
2720 11.Ensure that vSG and vCPE created
2721 12.Now repeat step 4
2722 13.Verify ping success and flows added in OvS
2723 """
2724
2725 #Test vSG - Subscriber Configuration
2726 def test_vsg_for_configuring_new_subscriber_in_vcpe(self):
2727 """
2728 Algo:
2729 1.Create a vSG VM in compute node
2730 2.Create a vCPE container in vSG VM
2731 3.Ensure VM and containers created properly
2732 4.Configure a subscriber in XOS and assign a service id
2733 5.Set the admin privileges to the subscriber
2734 6.Verify subscriber configuration is success
2735 """
2736 def test_vsg_for_adding_subscriber_devices_in_vcpe(self):
2737 """
2738 Algo:
2739 1.Create a vSG VM in compute node
2740 2.Create a vCPE container in vSG VM
2741 3.Ensure VM and containers created properly
2742 4.Configure a subscriber in XOS and assign a service id
2743 5.Verify subscriber successfully configured in vCPE
2744 6.Now add devices( Mac addresses ) under the subscriber admin group
2745 7.Verify all devices ( Macs ) added successfully
2746 """
2747 def test_vsg_for_removing_subscriber_devices_in_vcpe(self):
2748 """
2749 Algo:
2750 1.Create a vSG VM in compute node
2751 2.Create a vCPE container in vSG VM
2752 3.Ensure VM and containers created properly
2753 4.Configure a subscriber in XOS and assign a service id
2754 5.Verify subscriber successfully configured
2755 6.Now add devices( Mac addresses ) under the subscriber admin group
2756 7.Verify all devices ( Macs ) added successfully
2757 8.Now remove All the added devices in XOS
2758 9.Verify all the devices removed
2759 """
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2760 def test_vsg_modifying_subscriber_devices_in_vcpe(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2761 """
2762 Algo:
2763 1.Create a vSG VM in compute node
2764 2.Create a vCPE container in vSG VM
2765 3.Ensure VM and containers created properly
2766 4.Configure a user in XOS and assign a service id
2767 5.Verify subscriber successfully configured in vCPE.
2768 6.Now add devices( Mac addresses ) under the subscriber admin group
2769 7.Verify all devices ( Macs ) added successfully
2770 8.Now remove few devices in XOS
2771 9.Verify devices removed successfully
2772 10.Now add few additional devices in XOS under the same subscriber admin group
2773 11.Verify newly added devices successfully added
2774 """
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2775 def test_vsg_for_vcpe_login_failing_with_incorrect_subscriber_credentials(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2776 """
2777 Algo:
2778 1.Create a vSG VM in compute node
2779 2.Create a vCPE container in vSG VM
2780 3.Ensure VM and containers created properly
2781 4.Configure a subscriber in XOS and assign a service id
2782 5.Verify subscriber successfully configured
2783 6.Now add devices( Mac addresses ) under the subscriber admin group
2784 7.Verify all devices ( Macs ) added successfully
2785 8.Login vCPE with credentials with which subscriber configured
2786 9.Verify subscriber successfully logged in
2787 10.Logout and login again with incorrect credentials ( either user name or password )
2788 11.Verify login attempt to vCPE fails wtih incorrect credentials
2789 """
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2790 def test_vsg_for_subscriber_configuration_in_vcpe_after_vcpe_restart(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2791 """
2792 Algo:
2793 1.Create a vSG VM in compute node
2794 2.Create a vCPE container in vSG VM
2795 3.Ensure VM and containers created properly
2796 4.Configure a subscriber in XOS and assign a service id
2797 5.Verify subscriber successfully configured
2798 6.Now add devices( Mac addresses ) under the subscriber admin group
2799 7.Verify all devices ( Macs ) added successfully
2800 8.Restart vCPE ( locate backup config path while restart )
2801 9.Verify subscriber details in vCPE after restart should be same as before the restart
2802 """
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2803 def test_vsg_creating_multiple_vcpe_instances_and_configuring_subscriber_in_each_instance(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2804 """
2805 Algo:
2806 1.Create a vSG VM in compute node
2807 2.Create 2 vCPE containers in vSG VM
2808 3.Ensure VM and containers created properly
2809 4.Configure a subscriber in XOS for each vCPE instance and assign a service id
2810 5.Verify subscribers successfully configured
2811 6.Now login vCPE-2 with subscriber-1 credentials
2812 7.Verify login fails
2813 8.Now login vCPE-1 with subscriber-2 credentials
2814 9.Verify login fails
2815 10.Now login vCPE-1 with subscriber-1 and vCPE-2 with subscriber-2 credentials
2816 11.Verify that both the subscribers able to login to their respective vCPE containers
2817 """
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2818 def test_vsg_for_same_subscriber_configuring_multiple_services(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2819 """
2820 Algo:
2821 1.Create 2 vSG VMs in compute node
2822 2.Create a vCPE container in each vSG VM
2823 3.Ensure VMs and containers created properly
2824 4.Configure same subscriber in XOS for each vCPE instance and assign a service id
2825 5.Verify subscriber successfully configured
2826 6.Now login vCPE-1 with subscriber credentials
2827 7.Verify login success
2828 8.Now login vCPE-2 with the same subscriber credentials
2829 9.Verify login success
2830 """
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2831 #vCPE Firewall Functionality
2832 def test_vsg_firewall_for_creating_acl_rule_based_on_source_ip(self):
2833 """
2834 Algo:
2835 1.Create a vSG VM in compute node
2836 2.Create vCPE container in the VM
2837 3.Ensure vSG VM and vCPE container created properly
2838 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
2839 5.Bound the acl rule to WAN interface of vCPE
2840 6.Verify configuration in vCPE is success
2841 8.Verify flows added in OvS
2842 """
2843 def test_vsg_firewall_for_creating_acl_rule_based_on_destination_ip(self):
2844 """
2845 Algo:
2846 1.Create a vSG VM in compute node
2847 2.Create vCPE container in the VM
2848 3.Ensure vSG VM and vCPE container created properly
2849 4.Configure ac acl rule in vCPE to deny IP traffic to a destination ip
2850 5.Bound the acl rule to WAN interface of vCPE
2851 6.Verify configuration in vCPE is success
2852 8.Verify flows added in OvS
2853 """
2854 def test_vsg_firewall_for_acl_deny_rule_based_on_source_ip_traffic(self):
2855 """
2856 Algo:
2857 1.Create a vSG VM in compute node
2858 2.Create vCPE container in the VM
2859 3.Ensure vSG VM and vCPE container created properly
2860 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
2861 5.Bound the acl rule to WAN interface of vCPE
2862 6.From subscriber, send ping to the denied IP address
2863 7.Verify that ping fails as vCPE denies ping response
2864 8.Verify flows added in OvS
2865 """
2866 def test_vsg_firewall_for_acl_deny_rule_based_on_destination_ip_traffic(self):
2867 """
2868 Algo:
2869 1.Create a vSG VM in compute node
2870 2.Create vCPE container in the VM
2871 3.Ensure vSG VM and vCPE container created properly
2872 4.Configure ac acl rule in vCPE to deny IP traffic to a destination IP
2873 5.Bound the acl rule to WAN interface of vCPE
2874 6.From subscriber, send ping to the denied IP address
2875 7.Verify that ping fails as vCPE drops the ping request at WAN interface
2876 8.Verify flows added in OvS
2877 """
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]2878
2879 def test_vsg_dnsmasq(self):
2880 pass
2881
2882 def test_vsg_with_external_parental_control_family_shield_for_filter(self):
2883 pass
2884
2885 def test_vsg_with_external_parental_control_with_answerx(self):
2886 pass
2887
2888 def test_vsg_for_subscriber_upstream_bandwidth(self):
2889 pass
2890
2891 def test_vsg_for_subscriber_downstream_bandwidth(self):
2892 pass
2893
2894 def test_vsg_for_diagnostic_run_of_traceroute(self):
2895 pass
2896
2897 def test_vsg_for_diagnostic_run_of_tcpdump(self):
2898 pass
2899
2900 def test_vsg_for_iptable_rules(self):
2901 pass
2902
2903 def test_vsg_for_iptables_with_neutron(self):
2904 pass
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2905