Chetan Gaonker | 5241883 | 2017-01-26 23:03:13 +0000 | [diff] [blame] | 1 | #copyright 2016-present Ciena Corporation |
| 2 | # |
| 3 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | # you may not use this file except in compliance with the License. |
| 5 | # You may obtain a copy of the License at |
| 6 | # |
| 7 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | # |
| 9 | # Unless required by applicable law or agreed to in writing, software |
| 10 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | # See the License for the specific language governing permissions and |
| 13 | # limitations under the License. |
| 14 | # |
A R Karthick | d0fdf3b | 2017-03-21 16:54:22 -0700 | [diff] [blame] | 15 | import time |
| 16 | import os |
A.R Karthick | 282f0d3 | 2017-03-28 16:43:59 -0700 | [diff] [blame] | 17 | import sys |
| 18 | import json |
Chetan Gaonker | 5241883 | 2017-01-26 23:03:13 +0000 | [diff] [blame] | 19 | from nose.tools import * |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 20 | from twisted.internet import defer |
| 21 | from nose.twistedtools import reactor, deferred |
A.R Karthick | 33cfdbe | 2017-03-17 18:03:48 -0700 | [diff] [blame] | 22 | from CordTestUtils import * |
Chetan Gaonker | 5241883 | 2017-01-26 23:03:13 +0000 | [diff] [blame] | 23 | from OltConfig import OltConfig |
Chetan Gaonker | 5241883 | 2017-01-26 23:03:13 +0000 | [diff] [blame] | 24 | from onosclidriver import OnosCliDriver |
A.R Karthick | 9ccd0d0 | 2017-03-16 17:11:08 -0700 | [diff] [blame] | 25 | from SSHTestAgent import SSHTestAgent |
Chetan Gaonker | 5241883 | 2017-01-26 23:03:13 +0000 | [diff] [blame] | 26 | from CordLogger import CordLogger |
A R Karthick | d0fdf3b | 2017-03-21 16:54:22 -0700 | [diff] [blame] | 27 | from VSGAccess import VSGAccess |
A R Karthick | 933f5b5 | 2017-03-27 15:27:16 -0700 | [diff] [blame] | 28 | from CordTestUtils import log_test as log |
A.R Karthick | a9b594d | 2017-03-29 16:25:22 -0700 | [diff] [blame] | 29 | from OnosCtrl import OnosCtrl |
A.R Karthick | 282f0d3 | 2017-03-28 16:43:59 -0700 | [diff] [blame] | 30 | |
Chetan Gaonker | 5241883 | 2017-01-26 23:03:13 +0000 | [diff] [blame] | 31 | log.setLevel('INFO') |
| 32 | |
| 33 | class vsg_exchange(CordLogger): |
| 34 | ONOS_INSTANCES = 3 |
| 35 | V_INF1 = 'veth0' |
| 36 | device_id = 'of:' + get_mac() |
Chetan Gaonker | 5241883 | 2017-01-26 23:03:13 +0000 | [diff] [blame] | 37 | TEST_IP = '8.8.8.8' |
| 38 | HOST = "10.1.0.1" |
| 39 | USER = "vagrant" |
| 40 | PASS = "vagrant" |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 41 | head_node = os.getenv('HEAD_NODE', 'prod') |
A.R Karthick | 9ccd0d0 | 2017-03-16 17:11:08 -0700 | [diff] [blame] | 42 | HEAD_NODE = head_node + '.cord.lab' if len(head_node.split('.')) == 1 else head_node |
A R Karthick | 03f40aa | 2017-03-20 19:33:55 -0700 | [diff] [blame] | 43 | test_path = os.path.dirname(os.path.realpath(__file__)) |
| 44 | olt_conf_file = os.path.join(test_path, '..', 'setup/olt_config.json') |
A.R Karthick | 282f0d3 | 2017-03-28 16:43:59 -0700 | [diff] [blame] | 45 | restApiXos = None |
A R Karthick | 0a4ca3a | 2017-03-30 09:36:53 -0700 | [diff] [blame] | 46 | subscriber_account_num = 200 |
| 47 | subscriber_s_tag = 304 |
| 48 | subscriber_c_tag = 304 |
| 49 | subscribers_per_s_tag = 8 |
| 50 | subscriber_map = {} |
A R Karthick | 9a16a11 | 2017-04-07 15:40:05 -0700 | [diff] [blame] | 51 | restore_methods = [] |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 52 | TIMEOUT=120 |
A R Karthick | 0a4ca3a | 2017-03-30 09:36:53 -0700 | [diff] [blame] | 53 | |
| 54 | @classmethod |
| 55 | def getSubscriberCredentials(cls, subId): |
| 56 | """Generate our own account num, s_tag and c_tags""" |
| 57 | if subId in cls.subscriber_map: |
| 58 | return cls.subscriber_map[subId] |
| 59 | account_num = cls.subscriber_account_num |
| 60 | cls.subscriber_account_num += 1 |
| 61 | s_tag, c_tag = cls.subscriber_s_tag, cls.subscriber_c_tag |
| 62 | cls.subscriber_c_tag += 1 |
| 63 | if cls.subscriber_c_tag % cls.subscribers_per_s_tag == 0: |
| 64 | cls.subscriber_s_tag += 1 |
| 65 | cls.subscriber_map[subId] = account_num, s_tag, c_tag |
| 66 | return cls.subscriber_map[subId] |
A.R Karthick | 282f0d3 | 2017-03-28 16:43:59 -0700 | [diff] [blame] | 67 | |
| 68 | @classmethod |
A.R Karthick | a9b594d | 2017-03-29 16:25:22 -0700 | [diff] [blame] | 69 | def getXosCredentials(cls): |
| 70 | onos_cfg = OnosCtrl.get_config() |
| 71 | if onos_cfg is None: |
| 72 | return None |
| 73 | if 'apps' in onos_cfg and \ |
| 74 | 'org.opencord.vtn' in onos_cfg['apps'] and \ |
| 75 | 'cordvtn' in onos_cfg['apps']['org.opencord.vtn'] and \ |
| 76 | 'xos' in onos_cfg['apps']['org.opencord.vtn']['cordvtn']: |
| 77 | xos_cfg = onos_cfg['apps']['org.opencord.vtn']['cordvtn']['xos'] |
| 78 | endpoint = xos_cfg['endpoint'] |
| 79 | user = xos_cfg['user'] |
| 80 | password = xos_cfg['password'] |
| 81 | xos_endpoints = endpoint.split(':') |
| 82 | xos_host = xos_endpoints[1][len('//'):] |
| 83 | xos_port = xos_endpoints[2][:-1] |
| 84 | #log.info('xos_host: %s, port: %s, user: %s, password: %s' %(xos_host, xos_port, user, password)) |
| 85 | return dict(host = xos_host, port = xos_port, user = user, password = password) |
| 86 | |
| 87 | return None |
| 88 | |
| 89 | @classmethod |
A.R Karthick | 282f0d3 | 2017-03-28 16:43:59 -0700 | [diff] [blame] | 90 | def setUpCordApi(cls): |
| 91 | our_path = os.path.dirname(os.path.realpath(__file__)) |
| 92 | cord_api_path = os.path.join(our_path, '..', 'cord-api') |
| 93 | framework_path = os.path.join(cord_api_path, 'Framework') |
| 94 | utils_path = os.path.join(framework_path, 'utils') |
| 95 | data_path = os.path.join(cord_api_path, 'Tests', 'data') |
| 96 | subscriber_cfg = os.path.join(data_path, 'Subscriber.json') |
| 97 | volt_tenant_cfg = os.path.join(data_path, 'VoltTenant.json') |
| 98 | |
| 99 | with open(subscriber_cfg) as f: |
| 100 | subscriber_data = json.load(f) |
| 101 | subscriber_info = subscriber_data['SubscriberInfo'] |
A R Karthick | 0a4ca3a | 2017-03-30 09:36:53 -0700 | [diff] [blame] | 102 | for i in xrange(len(subscriber_info)): |
| 103 | subscriber = subscriber_info[i] |
| 104 | account_num, _, _ = cls.getSubscriberCredentials('sub{}'.format(i)) |
A.R Karthick | 282f0d3 | 2017-03-28 16:43:59 -0700 | [diff] [blame] | 105 | subscriber['identity']['account_num'] = str(account_num) |
A.R Karthick | 282f0d3 | 2017-03-28 16:43:59 -0700 | [diff] [blame] | 106 | cls.subscriber_info = subscriber_info |
| 107 | |
| 108 | with open(volt_tenant_cfg) as f: |
| 109 | volt_tenant_data = json.load(f) |
| 110 | volt_subscriber_info = volt_tenant_data['voltSubscriberInfo'] |
| 111 | assert_equal(len(volt_subscriber_info), len(cls.subscriber_info)) |
A R Karthick | 0a4ca3a | 2017-03-30 09:36:53 -0700 | [diff] [blame] | 112 | for i in xrange(len(volt_subscriber_info)): |
| 113 | volt_subscriber = volt_subscriber_info[i] |
| 114 | account_num, s_tag, c_tag = cls.getSubscriberCredentials('sub{}'.format(i)) |
A.R Karthick | 282f0d3 | 2017-03-28 16:43:59 -0700 | [diff] [blame] | 115 | volt_subscriber['account_num'] = account_num |
A R Karthick | 0a4ca3a | 2017-03-30 09:36:53 -0700 | [diff] [blame] | 116 | volt_subscriber['voltTenant']['s_tag'] = str(s_tag) |
| 117 | volt_subscriber['voltTenant']['c_tag'] = str(c_tag) |
A.R Karthick | 282f0d3 | 2017-03-28 16:43:59 -0700 | [diff] [blame] | 118 | cls.volt_subscriber_info = volt_subscriber_info |
| 119 | |
| 120 | sys.path.append(utils_path) |
| 121 | sys.path.append(framework_path) |
| 122 | from restApi import restApi |
| 123 | restApiXos = restApi() |
A.R Karthick | a9b594d | 2017-03-29 16:25:22 -0700 | [diff] [blame] | 124 | xos_credentials = cls.getXosCredentials() |
| 125 | if xos_credentials is None: |
| 126 | restApiXos.controllerIP = cls.HEAD_NODE |
| 127 | restApiXos.controllerPort = '9000' |
| 128 | else: |
| 129 | restApiXos.controllerIP = xos_credentials['host'] |
| 130 | restApiXos.controllerPort = xos_credentials['port'] |
| 131 | restApiXos.user = xos_credentials['user'] |
| 132 | restApiXos.password = xos_credentials['password'] |
A.R Karthick | 282f0d3 | 2017-03-28 16:43:59 -0700 | [diff] [blame] | 133 | cls.restApiXos = restApiXos |
Chetan Gaonker | 5241883 | 2017-01-26 23:03:13 +0000 | [diff] [blame] | 134 | |
A.R Karthick | 33cfdbe | 2017-03-17 18:03:48 -0700 | [diff] [blame] | 135 | @classmethod |
| 136 | def setUpClass(cls): |
| 137 | cls.controllers = get_controllers() |
| 138 | cls.controller = cls.controllers[0] |
| 139 | cls.cli = None |
A R Karthick | 03f40aa | 2017-03-20 19:33:55 -0700 | [diff] [blame] | 140 | cls.olt = OltConfig(olt_conf_file = cls.olt_conf_file) |
| 141 | cls.vcpes = cls.olt.get_vcpes() |
| 142 | cls.vcpes_dhcp = cls.olt.get_vcpes_by_type('dhcp') |
| 143 | vcpe_dhcp = None |
| 144 | vcpe_dhcp_stag = None |
| 145 | vcpe_container = None |
| 146 | #cache the first dhcp vcpe in the class for quick testing |
| 147 | if cls.vcpes_dhcp: |
| 148 | vcpe_container = 'vcpe-{}-{}'.format(cls.vcpes_dhcp[0]['s_tag'], cls.vcpes_dhcp[0]['c_tag']) |
| 149 | vcpe_dhcp = 'vcpe0.{}.{}'.format(cls.vcpes_dhcp[0]['s_tag'], cls.vcpes_dhcp[0]['c_tag']) |
| 150 | vcpe_dhcp_stag = 'vcpe0.{}'.format(cls.vcpes_dhcp[0]['s_tag']) |
| 151 | cls.vcpe_container = vcpe_container |
| 152 | cls.vcpe_dhcp = vcpe_dhcp |
| 153 | cls.vcpe_dhcp_stag = vcpe_dhcp_stag |
A R Karthick | d0fdf3b | 2017-03-21 16:54:22 -0700 | [diff] [blame] | 154 | VSGAccess.setUp() |
A.R Karthick | 282f0d3 | 2017-03-28 16:43:59 -0700 | [diff] [blame] | 155 | cls.setUpCordApi() |
Chetan Gaonker | 5241883 | 2017-01-26 23:03:13 +0000 | [diff] [blame] | 156 | |
A.R Karthick | 33cfdbe | 2017-03-17 18:03:48 -0700 | [diff] [blame] | 157 | @classmethod |
| 158 | def tearDownClass(cls): |
A R Karthick | d0fdf3b | 2017-03-21 16:54:22 -0700 | [diff] [blame] | 159 | VSGAccess.tearDown() |
Chetan Gaonker | 5241883 | 2017-01-26 23:03:13 +0000 | [diff] [blame] | 160 | |
Chetan Gaonker | 5241883 | 2017-01-26 23:03:13 +0000 | [diff] [blame] | 161 | def cliEnter(self, controller = None): |
| 162 | retries = 0 |
| 163 | while retries < 30: |
| 164 | self.cli = OnosCliDriver(controller = controller, connect = True) |
| 165 | if self.cli.handle: |
| 166 | break |
| 167 | else: |
| 168 | retries += 1 |
| 169 | time.sleep(2) |
| 170 | |
| 171 | def cliExit(self): |
| 172 | self.cli.disconnect() |
| 173 | |
| 174 | def onos_shutdown(self, controller = None): |
| 175 | status = True |
| 176 | self.cliEnter(controller = controller) |
| 177 | try: |
| 178 | self.cli.shutdown(timeout = 10) |
| 179 | except: |
| 180 | log.info('Graceful shutdown of ONOS failed for controller: %s' %controller) |
| 181 | status = False |
| 182 | |
| 183 | self.cliExit() |
| 184 | return status |
| 185 | |
A.R Karthick | 9ccd0d0 | 2017-03-16 17:11:08 -0700 | [diff] [blame] | 186 | def log_set(self, level = None, app = 'org.onosproject'): |
| 187 | CordLogger.logSet(level = level, app = app, controllers = self.controllers, forced = True) |
Chetan Gaonker | 5241883 | 2017-01-26 23:03:13 +0000 | [diff] [blame] | 188 | |
A R Karthick | 9a16a11 | 2017-04-07 15:40:05 -0700 | [diff] [blame] | 189 | @classmethod |
| 190 | def get_dhcp(cls, vcpe, mgmt = 'eth0'): |
| 191 | """Get DHCP for vcpe interface saving management settings""" |
| 192 | |
| 193 | def put_dhcp(): |
| 194 | VSGAccess.restore_interface_config(mgmt, vcpe = vcpe) |
| 195 | |
| 196 | vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt) |
| 197 | if vcpe_ip is not None: |
| 198 | cls.restore_methods.append(put_dhcp) |
| 199 | return vcpe_ip |
| 200 | |
| 201 | @classmethod |
| 202 | def config_restore(cls): |
| 203 | """Restore the vsg test configuration on test case failures""" |
| 204 | for restore_method in cls.restore_methods: |
| 205 | restore_method() |
| 206 | |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 207 | def get_vsg_vcpe_pair(self): |
| 208 | vcpes = self.vcpes_dhcp |
| 209 | vcpe_containers = [] |
| 210 | vsg_vcpe = {} |
| 211 | for vcp in vcpes: |
| 212 | vcpe_container = 'vcpe-{}-{}'.format(vcp['s_tag'], vcp['c_tag']) |
| 213 | vcpe_containers.append(vcpe_container) |
| 214 | vsg = VSGAccess.get_vcpe_vsg(vcpe_container) |
| 215 | vsg_vcpe[vcpe_container]=str(vsg.get_ip()) |
| 216 | return vsg_vcpe |
| 217 | |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 218 | def add_static_route_via_vcpe_interface(self, routes, vcpe=None): |
| 219 | if not vcpe: |
| 220 | vcpe = self.vcpe_dhcp |
| 221 | os.system('dhclient '+self.vcpe_dhcp) |
| 222 | cmds = [] |
| 223 | for route in routes: |
| 224 | log.info('route is %s'%route) |
| 225 | cmd = 'ip route add ' + route + ' via 192.168.0.1 '+ 'dev ' + vcpe |
| 226 | cmds.append(cmd) |
| 227 | for cmd in cmds: |
| 228 | os.system(cmd) |
| 229 | return True |
| 230 | |
| 231 | def del_static_route_via_vcpe_interface(self,routes,vcpe=None): |
| 232 | if not vcpe: |
| 233 | vcpe = self.vcpe_dhcp |
| 234 | cmds = [] |
| 235 | for route in routes: |
| 236 | cmd = 'ip route del ' + route + ' via 192.168.0.1 ' + 'dev ' + vcpe |
| 237 | cmds.append(cmd) |
| 238 | for cmd in cmds: |
| 239 | os.system(cmd) |
| 240 | os.system('dhclient '+self.vcpe_dhcp+' -r') |
| 241 | return True |
| 242 | |
| 243 | def restart_vcpe_container(self,vcpe=None): |
| 244 | vsg = VSGAccess.get_vcpe_vsg(self.vcpe_container) |
| 245 | log.info('restarting vcpe container') |
| 246 | vsg.run_cmd('sudo docker restart {}'.format(self.vcpe_container)) |
| 247 | return True |
| 248 | |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 249 | def test_vsg_health(self): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 250 | """ |
| 251 | Algo: |
| 252 | 1. Login to compute node VM |
| 253 | 2. Get all vSGs |
| 254 | 3. Ping to all vSGs |
| 255 | 4. Verifying Ping success |
| 256 | """ |
A R Karthick | d0fdf3b | 2017-03-21 16:54:22 -0700 | [diff] [blame] | 257 | status = VSGAccess.health_check() |
| 258 | assert_equal(status, True) |
Chetan Gaonker | 5241883 | 2017-01-26 23:03:13 +0000 | [diff] [blame] | 259 | |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 260 | def test_vsg_health_check(self, vsg_name='mysite_vsg-1', verify_status=True): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 261 | """ |
| 262 | Algo: |
| 263 | 1. If vsg name not specified, Get vsg corresponding to vcpe |
| 264 | 1. Login to compute mode VM |
| 265 | 3. Ping to the vSG |
| 266 | 4. Verifying Ping success |
| 267 | """ |
| 268 | if not vsg_name: |
| 269 | vcpe = self.vcpe_container |
| 270 | vsg = VSGAccess.get_vcpe_vsg(vcpe) |
| 271 | status = vsg.get_health() |
| 272 | assert_equal(status, verify_status) |
| 273 | else: |
| 274 | vsgs = VSGAccess.get_vsgs() |
| 275 | status = None |
| 276 | for vsg in vsgs: |
| 277 | if vsg.name == vsg_name: |
| 278 | status = vsg.get_health() |
| 279 | log.info('vsg health check status is %s'%status) |
| 280 | assert_equal(status,verify_status) |
| 281 | |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 282 | @deferred(TIMEOUT) |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 283 | def test_vsg_for_vcpe(self): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 284 | """ |
| 285 | Algo: |
| 286 | 1. Get list of all compute nodes created using Openstack |
| 287 | 2. Login to compute mode VM |
| 288 | 3. Get all vSGs |
| 289 | 4. Verifying atleast one compute node and one vSG created |
| 290 | """ |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 291 | df = defer.Deferred() |
| 292 | def vsg_for_vcpe_df(df): |
| 293 | vsgs = VSGAccess.get_vsgs() |
| 294 | compute_nodes = VSGAccess.get_compute_nodes() |
| 295 | time.sleep(14) |
| 296 | assert_not_equal(len(vsgs), 0) |
| 297 | assert_not_equal(len(compute_nodes), 0) |
| 298 | df.callback(0) |
| 299 | reactor.callLater(0,vsg_for_vcpe_df,df) |
| 300 | return df |
Chetan Gaonker | 5241883 | 2017-01-26 23:03:13 +0000 | [diff] [blame] | 301 | |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 302 | def test_vsg_for_login(self): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 303 | """ |
| 304 | Algo: |
| 305 | 1. Login to compute node VM |
| 306 | 2. Get all vSGs |
| 307 | 3. Verifying login to vSG is success |
| 308 | """ |
A R Karthick | d0fdf3b | 2017-03-21 16:54:22 -0700 | [diff] [blame] | 309 | vsgs = VSGAccess.get_vsgs() |
| 310 | vsg_access_status = map(lambda vsg: vsg.check_access(), vsgs) |
A.R Karthick | 33cfdbe | 2017-03-17 18:03:48 -0700 | [diff] [blame] | 311 | status = filter(lambda st: st == False, vsg_access_status) |
| 312 | assert_equal(len(status), 0) |
| 313 | |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 314 | def test_vsg_for_default_route_through_testclient(self): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 315 | """ |
| 316 | Algo: |
| 317 | 1. Login to head node |
| 318 | 2. Verifying for default route in lxc test client |
| 319 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 320 | ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS) |
| 321 | cmd = "sudo lxc exec testclient -- route | grep default" |
| 322 | status, output = ssh_agent.run_cmd(cmd) |
| 323 | assert_equal(status, True) |
| 324 | |
| 325 | def test_vsg_for_external_connectivity_through_testclient(self): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 326 | """ |
| 327 | Algo: |
| 328 | 1. Login to head node |
| 329 | 2. On head node, executing ping to 8.8.8.8 from lxc test client |
| 330 | 3. Verifying for the ping success |
| 331 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 332 | ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS) |
| 333 | cmd = "lxc exec testclient -- ping -c 3 8.8.8.8" |
| 334 | status, output = ssh_agent.run_cmd(cmd) |
| 335 | assert_equal( status, True) |
| 336 | |
| 337 | def test_vsg_for_external_connectivity(self): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 338 | """ |
| 339 | Algo: |
| 340 | 1. Get dhcp IP to vcpe interface in cord-tester |
| 341 | 2. Verifying vcpe interface gets dhcp IP |
| 342 | 3. Ping to 8.8.8.8 and Verifying ping should success |
| 343 | 4. Restoring management interface configuration in cord-tester |
| 344 | """ |
A R Karthick | 03f40aa | 2017-03-20 19:33:55 -0700 | [diff] [blame] | 345 | vcpe = self.vcpe_dhcp |
A.R Karthick | 33cfdbe | 2017-03-17 18:03:48 -0700 | [diff] [blame] | 346 | mgmt = 'eth0' |
Anil Kumar Sanka | 87115b0 | 2017-03-14 17:46:47 +0000 | [diff] [blame] | 347 | host = '8.8.8.8' |
| 348 | self.success = False |
A R Karthick | 03f40aa | 2017-03-20 19:33:55 -0700 | [diff] [blame] | 349 | assert_not_equal(vcpe, None) |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 350 | vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt) |
A.R Karthick | 33cfdbe | 2017-03-17 18:03:48 -0700 | [diff] [blame] | 351 | assert_not_equal(vcpe_ip, None) |
| 352 | log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe)) |
| 353 | log.info('Sending icmp echo requests to external network 8.8.8.8') |
| 354 | st, _ = getstatusoutput('ping -c 3 8.8.8.8') |
A R Karthick | d0fdf3b | 2017-03-21 16:54:22 -0700 | [diff] [blame] | 355 | VSGAccess.restore_interface_config(mgmt, vcpe = vcpe) |
A.R Karthick | 33cfdbe | 2017-03-17 18:03:48 -0700 | [diff] [blame] | 356 | assert_equal(st, 0) |
Chetan Gaonker | 5241883 | 2017-01-26 23:03:13 +0000 | [diff] [blame] | 357 | |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 358 | def test_vsg_for_external_connectivity_to_google(self): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 359 | """ |
| 360 | Algo: |
| 361 | 1. Get dhcp IP to vcpe interface in cord-tester |
| 362 | 2. Verifying vcpe interface gets dhcp IP |
| 363 | 3. Ping to www.google.com and Verifying ping should success |
| 364 | 4. Restoring management interface configuration in cord-tester |
| 365 | """ |
Anil Kumar Sanka | 87115b0 | 2017-03-14 17:46:47 +0000 | [diff] [blame] | 366 | host = 'www.google.com' |
A R Karthick | 03f40aa | 2017-03-20 19:33:55 -0700 | [diff] [blame] | 367 | vcpe = self.vcpe_dhcp |
A.R Karthick | 33cfdbe | 2017-03-17 18:03:48 -0700 | [diff] [blame] | 368 | mgmt = 'eth0' |
A R Karthick | 03f40aa | 2017-03-20 19:33:55 -0700 | [diff] [blame] | 369 | assert_not_equal(vcpe, None) |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 370 | vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt) |
A.R Karthick | 33cfdbe | 2017-03-17 18:03:48 -0700 | [diff] [blame] | 371 | assert_not_equal(vcpe_ip, None) |
| 372 | log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe)) |
| 373 | log.info('Sending icmp ping requests to %s' %host) |
| 374 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
A R Karthick | d0fdf3b | 2017-03-21 16:54:22 -0700 | [diff] [blame] | 375 | VSGAccess.restore_interface_config(mgmt, vcpe = vcpe) |
A.R Karthick | 33cfdbe | 2017-03-17 18:03:48 -0700 | [diff] [blame] | 376 | assert_equal(st, 0) |
Anil Kumar Sanka | 87115b0 | 2017-03-14 17:46:47 +0000 | [diff] [blame] | 377 | |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 378 | def test_vsg_for_external_connectivity_to_invalid_host(self): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 379 | """ |
| 380 | Algo: |
| 381 | 1. Get dhcp IP to vcpe interface in cord-tester |
| 382 | 2. Verifying vcpe interface gets dhcp IP |
| 383 | 3. Ping to www.goglee.com and Verifying ping should not success |
| 384 | 4. Restoring management interface configuration in cord-tester |
| 385 | """ |
Anil Kumar Sanka | 87115b0 | 2017-03-14 17:46:47 +0000 | [diff] [blame] | 386 | host = 'www.goglee.com' |
A R Karthick | 03f40aa | 2017-03-20 19:33:55 -0700 | [diff] [blame] | 387 | vcpe = self.vcpe_dhcp |
A.R Karthick | 33cfdbe | 2017-03-17 18:03:48 -0700 | [diff] [blame] | 388 | mgmt = 'eth0' |
A R Karthick | 03f40aa | 2017-03-20 19:33:55 -0700 | [diff] [blame] | 389 | assert_not_equal(vcpe, None) |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 390 | vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt) |
A.R Karthick | 33cfdbe | 2017-03-17 18:03:48 -0700 | [diff] [blame] | 391 | assert_not_equal(vcpe_ip, None) |
| 392 | log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe)) |
| 393 | log.info('Sending icmp ping requests to non existent host %s' %host) |
| 394 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
A R Karthick | d0fdf3b | 2017-03-21 16:54:22 -0700 | [diff] [blame] | 395 | VSGAccess.restore_interface_config(mgmt, vcpe = vcpe) |
A.R Karthick | 33cfdbe | 2017-03-17 18:03:48 -0700 | [diff] [blame] | 396 | assert_not_equal(st, 0) |
Anil Kumar Sanka | 87115b0 | 2017-03-14 17:46:47 +0000 | [diff] [blame] | 397 | |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 398 | def test_vsg_for_external_connectivity_with_ttl_1(self): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 399 | """ |
| 400 | Algo: |
| 401 | 1. Get dhcp IP to vcpe interface in cord-tester |
| 402 | 2. Verifying vcpe interface gets dhcp IP |
| 403 | 3. Ping to 8.8.8.8 with ttl set to 1 |
| 404 | 4. Verifying ping should not success |
| 405 | 5. Restoring management interface configuration in cord-tester |
| 406 | """ |
Anil Kumar Sanka | 87115b0 | 2017-03-14 17:46:47 +0000 | [diff] [blame] | 407 | host = '8.8.8.8' |
A R Karthick | 03f40aa | 2017-03-20 19:33:55 -0700 | [diff] [blame] | 408 | vcpe = self.vcpe_dhcp |
A.R Karthick | 33cfdbe | 2017-03-17 18:03:48 -0700 | [diff] [blame] | 409 | mgmt = 'eth0' |
A R Karthick | 03f40aa | 2017-03-20 19:33:55 -0700 | [diff] [blame] | 410 | assert_not_equal(vcpe, None) |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 411 | vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt) |
A.R Karthick | 33cfdbe | 2017-03-17 18:03:48 -0700 | [diff] [blame] | 412 | assert_not_equal(vcpe_ip, None) |
| 413 | log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe)) |
| 414 | log.info('Sending icmp ping requests to host %s with ttl 1' %host) |
| 415 | st, _ = getstatusoutput('ping -c 1 -t 1 {}'.format(host)) |
A R Karthick | d0fdf3b | 2017-03-21 16:54:22 -0700 | [diff] [blame] | 416 | VSGAccess.restore_interface_config(mgmt, vcpe = vcpe) |
A.R Karthick | 33cfdbe | 2017-03-17 18:03:48 -0700 | [diff] [blame] | 417 | assert_not_equal(st, 0) |
Anil Kumar Sanka | 87115b0 | 2017-03-14 17:46:47 +0000 | [diff] [blame] | 418 | |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 419 | def test_vsg_for_external_connectivity_with_wan_interface_toggle_in_vcpe(self): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 420 | """ |
| 421 | Algo: |
| 422 | 1. Get dhcp IP to vcpe interface in cord-tester |
| 423 | 2. Verifying vcpe interface gets dhcp IP |
A.R Karthick | 8f7f1b6 | 2017-04-06 18:25:07 -0700 | [diff] [blame] | 424 | 3. Ping to 8.8.8.8 and Verifying ping succeeds |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 425 | 4. Now down the WAN interface of vcpe |
A.R Karthick | 8f7f1b6 | 2017-04-06 18:25:07 -0700 | [diff] [blame] | 426 | 5. Ping to 8.8.8.8 and Verifying ping fails |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 427 | 6. Now Up the WAN interface of vcpe |
A.R Karthick | 8f7f1b6 | 2017-04-06 18:25:07 -0700 | [diff] [blame] | 428 | 7. Ping to 8.8.8.8 and Verifying ping succeeds |
| 429 | 8. Restoring management interface configuration in cord-tester |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 430 | """ |
Anil Kumar Sanka | 87115b0 | 2017-03-14 17:46:47 +0000 | [diff] [blame] | 431 | host = '8.8.8.8' |
A R Karthick | 03f40aa | 2017-03-20 19:33:55 -0700 | [diff] [blame] | 432 | mgmt = 'eth0' |
| 433 | vcpe = self.vcpe_container |
| 434 | assert_not_equal(vcpe, None) |
| 435 | assert_not_equal(self.vcpe_dhcp, None) |
| 436 | #first get dhcp on the vcpe interface |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 437 | vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt) |
| 438 | assert_not_equal(vcpe_ip, None) |
| 439 | log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp)) |
| 440 | log.info('Sending ICMP pings to host %s' %(host)) |
| 441 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 442 | if st != 0: |
| 443 | VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp) |
| 444 | assert_equal(st, 0) |
| 445 | #bring down the wan interface and check again |
| 446 | st = VSGAccess.vcpe_wan_down(vcpe) |
| 447 | if st is False: |
| 448 | VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp) |
| 449 | assert_equal(st, True) |
| 450 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 451 | if st == 0: |
| 452 | VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp) |
| 453 | assert_not_equal(st, 0) |
| 454 | st = VSGAccess.vcpe_wan_up(vcpe) |
| 455 | if st is False: |
| 456 | VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp) |
| 457 | assert_equal(st, True) |
| 458 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 459 | VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp) |
| 460 | assert_equal(st, 0) |
Anil Kumar Sanka | 87115b0 | 2017-03-14 17:46:47 +0000 | [diff] [blame] | 461 | |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 462 | def test_vsg_for_external_connectivity_with_lan_interface_toggle_in_vcpe(self): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 463 | """ |
| 464 | Algo: |
| 465 | 1. Get dhcp IP to vcpe interface in cord-tester |
| 466 | 2. Verifying vcpe interface gets dhcp IP |
| 467 | 3. Ping to 8.8.8.8 and Verifying ping should success |
| 468 | 4. Now down the LAN interface of vcpe |
| 469 | 5. Ping to 8.8.8.8 and Verifying ping should not success |
| 470 | 6. Now Up the LAN interface of vcpe |
| 471 | 7. Ping to 8.8.8.8 and Verifying ping should success |
| 472 | 8. Restoring management interface configuration in cord-tester |
| 473 | """ |
Anil Kumar Sanka | 87115b0 | 2017-03-14 17:46:47 +0000 | [diff] [blame] | 474 | host = '8.8.8.8' |
A R Karthick | 03f40aa | 2017-03-20 19:33:55 -0700 | [diff] [blame] | 475 | mgmt = 'eth0' |
| 476 | vcpe = self.vcpe_container |
| 477 | assert_not_equal(vcpe, None) |
| 478 | assert_not_equal(self.vcpe_dhcp, None) |
| 479 | #first get dhcp on the vcpe interface |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 480 | vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt) |
| 481 | assert_not_equal(vcpe_ip, None) |
| 482 | log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp)) |
| 483 | log.info('Sending ICMP pings to host %s' %(host)) |
| 484 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 485 | if st != 0: |
| 486 | VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp) |
| 487 | assert_equal(st, 0) |
| 488 | #bring down the lan interface and check again |
| 489 | st = VSGAccess.vcpe_lan_down(vcpe) |
| 490 | if st is False: |
| 491 | VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp) |
| 492 | assert_equal(st, True) |
| 493 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 494 | if st == 0: |
| 495 | VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp) |
| 496 | assert_not_equal(st, 0) |
| 497 | st = VSGAccess.vcpe_lan_up(vcpe) |
| 498 | if st is False: |
| 499 | VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp) |
| 500 | assert_equal(st, True) |
| 501 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 502 | VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp) |
| 503 | assert_equal(st, 0) |
Chetan Gaonker | 5241883 | 2017-01-26 23:03:13 +0000 | [diff] [blame] | 504 | |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 505 | @deferred(TIMEOUT) |
| 506 | def test_vsg_for_external_connectivity_with_vcpe_container_paused(self,vcpe_name=None,vcpe_intf=None): |
| 507 | """ |
| 508 | Algo: |
| 509 | 1. Get vSG corresponding to vcpe |
| 510 | 2. Get dhcp ip to vcpe interface |
| 511 | 3. Add static route to destination route in test container |
| 512 | 4. From test container ping to destination route and verify ping success |
| 513 | 5. Login to compute node and execute command to pause vcpe container |
| 514 | 6. From test container ping to destination route and verify ping success |
| 515 | """ |
| 516 | if not vcpe_name: |
| 517 | vcpe_name = self.vcpe_container |
| 518 | if not vcpe_intf: |
| 519 | vcpe_intf = self.vcpe_dhcp |
| 520 | df = defer.Deferred() |
| 521 | def vcpe_firewall(df): |
| 522 | host = '8.8.8.8' |
| 523 | vsg = VSGAccess.get_vcpe_vsg(vcpe_name) |
| 524 | try: |
| 525 | self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf) |
| 526 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 527 | assert_equal(st, False) |
| 528 | st, _ = vsg.run_cmd('sudo docker pause {}'.format(vcpe_name)) |
| 529 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 530 | assert_equal(st, False) |
| 531 | finally: |
| 532 | vsg.run_cmd('sudo docker unpause'.format(vcpe_name)) |
| 533 | self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf) |
| 534 | df.callback(0) |
| 535 | reactor.callLater(0, vcpe_firewall, df) |
| 536 | return df |
| 537 | |
| 538 | @deferred(TIMEOUT) |
| 539 | def test_vsg_firewall_with_deny_destination_ip(self, vcpe_name=None, vcpe_intf=None): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 540 | """ |
| 541 | Algo: |
| 542 | 1. Get vSG corresponding to vcpe |
| 543 | 2. Login to compute node |
| 544 | 3. Execute iptable command on vcpe from compute node to deny a destination IP |
| 545 | 4. From cord-tester ping to the denied IP address |
| 546 | 5. Verifying that ping should not be successful |
| 547 | """ |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 548 | if not vcpe_name: |
| 549 | vcpe_name = self.vcpe_container |
| 550 | if not vcpe_intf: |
| 551 | vcpe_intf = self.vcpe_dhcp |
| 552 | df = defer.Deferred() |
| 553 | def vcpe_firewall(df): |
| 554 | host = '8.8.8.8' |
| 555 | vsg = VSGAccess.get_vcpe_vsg(vcpe_name) |
| 556 | try: |
| 557 | self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf) |
| 558 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 559 | assert_equal(st, False) |
| 560 | st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host)) |
| 561 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 562 | assert_equal(st, True) |
| 563 | finally: |
| 564 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host)) |
| 565 | self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf) |
| 566 | vsg.run_cmd('sudo docker restart {}'.format(vcpe_name)) |
| 567 | df.callback(0) |
| 568 | reactor.callLater(0, vcpe_firewall, df) |
| 569 | return df |
Anil Kumar Sanka | d47023a | 2017-03-29 21:11:09 +0000 | [diff] [blame] | 570 | |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 571 | @deferred(TIMEOUT) |
| 572 | def test_vsg_firewall_with_rule_add_and_delete_dest_ip(self,vcpe_name=None,vcpe_intf=None): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 573 | """ |
| 574 | Algo: |
| 575 | 1. Get vSG corresponding to vcpe |
| 576 | 2. Login to compute node |
| 577 | 3. Execute iptable command on vcpe from compute node to deny a destination IP |
| 578 | 4. From cord-tester ping to the denied IP address |
| 579 | 5. Verifying that ping should not be successful |
| 580 | 6. Delete the iptable rule in vcpe |
| 581 | 7. From cord-tester ping to the denied IP address |
| 582 | 8. Verifying the ping should success |
| 583 | """ |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 584 | if not vcpe_name: |
| 585 | vcpe_name = self.vcpe_container |
| 586 | if not vcpe_intf: |
| 587 | vcpe_intf = self.vcpe_dhcp |
| 588 | df = defer.Deferred() |
| 589 | def vcpe_firewall(df): |
| 590 | host = '8.8.8.8' |
| 591 | vsg = VSGAccess.get_vcpe_vsg(vcpe_name) |
| 592 | try: |
| 593 | self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf) |
| 594 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 595 | assert_equal(st, False) |
| 596 | st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host)) |
| 597 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 598 | assert_equal(st, True) |
| 599 | st,_ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host)) |
| 600 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 601 | assert_equal(st, False) |
| 602 | finally: |
| 603 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host)) |
| 604 | self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf) |
| 605 | vsg.run_cmd('sudo docker restart {}'.format(vcpe_name)) |
| 606 | df.callback(0) |
| 607 | reactor.callLater(0, vcpe_firewall, df) |
| 608 | return df |
Anil Kumar Sanka | d47023a | 2017-03-29 21:11:09 +0000 | [diff] [blame] | 609 | |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 610 | @deferred(TIMEOUT) |
| 611 | def test_vsg_firewall_verifying_reachability_for_non_blocked_dest_ip(self,vcpe_name=None,vcpe_intf=None): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 612 | """ |
| 613 | Algo: |
| 614 | 1. Get vSG corresponding to vcpe |
| 615 | 2. Login to compute node |
| 616 | 3. Execute iptable command on vcpe from compute node to deny a destination IP |
| 617 | 4. From cord-tester ping to the denied IP address |
| 618 | 5. Verifying that ping should not be successful |
| 619 | 6. From cord-tester ping to the denied IP address other than the denied one |
| 620 | 7. Verifying the ping should success |
| 621 | """ |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 622 | if not vcpe_name: |
| 623 | vcpe_name = self.vcpe_container |
| 624 | if not vcpe_intf: |
| 625 | vcpe_intf = self.vcpe_dhcp |
| 626 | df = defer.Deferred() |
| 627 | def vcpe_firewall(df): |
| 628 | host1 = '8.8.8.8' |
| 629 | host2 = '204.79.197.203' |
| 630 | vsg = VSGAccess.get_vcpe_vsg(vcpe_name) |
| 631 | try: |
| 632 | self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf) |
| 633 | st, _ = getstatusoutput('ping -c 1 {}'.format(host1)) |
| 634 | assert_equal(st, False) |
| 635 | st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1)) |
| 636 | st, _ = getstatusoutput('ping -c 1 {}'.format(host1)) |
| 637 | assert_equal(st, True) |
| 638 | st, _ = getstatusoutput('ping -c 1 {}'.format(host2)) |
| 639 | assert_equal(st,False) |
| 640 | finally: |
| 641 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1)) |
| 642 | self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf) |
| 643 | vsg.run_cmd('sudo docker restart {}'.format(vcpe_name)) |
| 644 | df.callback(0) |
| 645 | reactor.callLater(0, vcpe_firewall, df) |
| 646 | return df |
Anil Kumar Sanka | d47023a | 2017-03-29 21:11:09 +0000 | [diff] [blame] | 647 | |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 648 | @deferred(TIMEOUT) |
| 649 | def test_vsg_firewall_appending_rules_with_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 650 | """ |
| 651 | Algo: |
| 652 | 1. Get vSG corresponding to vcpe |
| 653 | 2. Login to compute node |
| 654 | 3. Execute iptable command on vcpe from compute node to deny a destination IP1 |
| 655 | 4. From cord-tester ping to the denied IP address IP1 |
| 656 | 5. Verifying that ping should not be successful |
| 657 | 6. Execute iptable command on vcpe from compute node to deny a destination IP2 |
| 658 | 6. From cord-tester ping to the denied IP address IP2 |
| 659 | 7. Verifying that ping should not be successful |
| 660 | """ |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 661 | if not vcpe_name: |
| 662 | vcpe_name = self.vcpe_container |
| 663 | if not vcpe_intf: |
| 664 | vcpe_intf = self.vcpe_dhcp |
| 665 | df = defer.Deferred() |
| 666 | def vcpe_firewall(df): |
| 667 | host1 = '8.8.8.8' |
| 668 | host2 = '204.79.197.203' |
| 669 | vsg = VSGAccess.get_vcpe_vsg(vcpe_name) |
| 670 | try: |
| 671 | self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf) |
| 672 | st, _ = getstatusoutput('ping -c 1 {}'.format(host1)) |
| 673 | assert_equal(st, False) |
| 674 | st,_ = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name)) |
| 675 | time.sleep(2) |
| 676 | st,_ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1)) |
| 677 | st, _ = getstatusoutput('ping -c 1 {}'.format(host1)) |
| 678 | assert_equal(st, True) |
| 679 | st, out = getstatusoutput('ping -c 1 {}'.format(host2)) |
| 680 | log.info('host2 ping output is %s'%out) |
| 681 | assert_equal(st, False) |
| 682 | st, _ = vsg.run_cmd('sudo docker exec {} iptables -A FORWARD -d {} -j DROP'.format(vcpe_name,host2)) |
| 683 | st, _ = getstatusoutput('ping -c 1 {}'.format(host2)) |
| 684 | assert_equal(st,True) |
| 685 | finally: |
| 686 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1)) |
| 687 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2)) |
| 688 | self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf) |
| 689 | vsg.run_cmd('sudo docker restart {}'.format(vcpe_name)) |
| 690 | df.callback(0) |
| 691 | reactor.callLater(0, vcpe_firewall, df) |
| 692 | return df |
Anil Kumar Sanka | d47023a | 2017-03-29 21:11:09 +0000 | [diff] [blame] | 693 | |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 694 | @deferred(TIMEOUT) |
| 695 | def test_vsg_firewall_removing_one_rule_denying_dest_ip(self,vcpe_name=None,vcpe_intf=None): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 696 | """ |
| 697 | Algo: |
| 698 | 1. Get vSG corresponding to vcpe |
| 699 | 2. Login to compute node |
| 700 | 3. Execute iptable command on vcpe from compute node to deny a destination IP1 |
| 701 | 4. Execute iptable command on vcpe from compute node to deny a destination IP2 |
| 702 | 5. From cord-tester ping to the denied IP address IP1 |
| 703 | 6. Verifying that ping should not be successful |
| 704 | 7. From cord-tester ping to the denied IP address IP2 |
| 705 | 8. Verifying that ping should not be successful |
| 706 | 9. Execute iptable command on vcpe from compute node to remove deny a destination IP2 rule |
| 707 | 10. From cord-tester ping to the denied IP address IP2 |
| 708 | 11. Verifying the ping should success |
| 709 | """ |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 710 | if not vcpe_name: |
| 711 | vcpe_name = self.vcpe_container |
| 712 | if not vcpe_intf: |
| 713 | vcpe_intf = self.vcpe_dhcp |
| 714 | df = defer.Deferred() |
| 715 | def vcpe_firewall(df): |
| 716 | host1 = '8.8.8.8' |
| 717 | host2 = '204.79.197.203' |
| 718 | vsg = VSGAccess.get_vcpe_vsg(vcpe_name) |
| 719 | try: |
| 720 | self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp) |
| 721 | st, _ = getstatusoutput('ping -c 1 {}'.format(host1)) |
| 722 | assert_equal(st, False) |
| 723 | st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1)) |
| 724 | st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host2)) |
| 725 | st, _ = getstatusoutput('ping -c 1 {}'.format(host1)) |
| 726 | assert_equal(st, True) |
| 727 | st, _ = getstatusoutput('ping -c 1 {}'.format(host2)) |
| 728 | assert_equal(st,True) |
| 729 | st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2)) |
| 730 | st, _ = getstatusoutput('ping -c 1 {}'.format(host2)) |
| 731 | assert_equal(st,False) |
| 732 | finally: |
| 733 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1)) |
| 734 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2)) |
| 735 | self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf) |
| 736 | log.info('restarting vcpe container') |
| 737 | vsg.run_cmd('sudo docker restart {}'.format(vcpe_name)) |
| 738 | df.callback(0) |
| 739 | reactor.callLater(0, vcpe_firewall, df) |
| 740 | return df |
Anil Kumar Sanka | d47023a | 2017-03-29 21:11:09 +0000 | [diff] [blame] | 741 | |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 742 | @deferred(TIMEOUT) |
| 743 | def test_vsg_firewall_changing_rule_id_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 744 | """ |
| 745 | Algo: |
| 746 | 1. Get vSG corresponding to vcpe |
| 747 | 2. Login to compute node |
| 748 | 3. Execute iptable command on vcpe from compute node to deny a destination IP |
| 749 | 5. From cord-tester ping to the denied IP address IP1 |
| 750 | 6. Verifying that ping should not be successful |
| 751 | 9. Execute iptable command on vcpe from compute node to change the rule ID to 2 to deny the same destination IP |
| 752 | 10. From cord-tester ping to the denied IP address IP |
| 753 | 11. Verifying that ping should not be successful |
| 754 | """ |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 755 | if not vcpe_name: |
| 756 | vcpe_name = self.vcpe_container |
| 757 | if not vcpe_intf: |
| 758 | vcpe_intf = self.vcpe_dhcp |
| 759 | df = defer.Deferred() |
| 760 | def vcpe_firewall(df): |
| 761 | host = '8.8.8.8' |
| 762 | vsg = VSGAccess.get_vcpe_vsg(vcpe_name) |
| 763 | try: |
| 764 | self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp) |
| 765 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 766 | assert_equal(st, False) |
| 767 | st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host)) |
| 768 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 769 | assert_equal(st, True) |
| 770 | st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP '.format(vcpe_name,host)) |
| 771 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 772 | assert_equal(st,True) |
| 773 | finally: |
| 774 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host)) |
| 775 | self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf) |
| 776 | vsg.run_cmd('sudo docker restart {}'.format(vcpe_name)) |
| 777 | df.callback(0) |
| 778 | reactor.callLater(0, vcpe_firewall, df) |
| 779 | return df |
Anil Kumar Sanka | d47023a | 2017-03-29 21:11:09 +0000 | [diff] [blame] | 780 | |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 781 | @deferred(TIMEOUT) |
| 782 | def test_vsg_firewall_changing_deny_rule_to_accept_dest_ip(self,vcpe_name=None,vcpe_intf=None): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 783 | """ |
| 784 | Algo: |
| 785 | 1. Get vSG corresponding to vcpe |
| 786 | 2. Login to compute node |
| 787 | 3. Execute iptable command on vcpe from compute node to deny a destination IP |
| 788 | 5. From cord-tester ping to the denied IP address IP1 |
| 789 | 6. Verifying that ping should not be successful |
| 790 | 9. Execute iptable command on vcpe from compute node to accept the same destination IP |
| 791 | 10. From cord-tester ping to the accepted IP |
| 792 | 11. Verifying the ping should success |
| 793 | """ |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 794 | if not vcpe_name: |
| 795 | vcpe_name = self.vcpe_container |
| 796 | if not vcpe_intf: |
| 797 | vcpe_intf = self.vcpe_dhcp |
| 798 | df = defer.Deferred() |
| 799 | def vcpe_firewall(df): |
| 800 | host = '8.8.8.8' |
| 801 | vsg = VSGAccess.get_vcpe_vsg(vcpe_name) |
| 802 | try: |
| 803 | self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp) |
| 804 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 805 | assert_equal(st, False) |
| 806 | st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host)) |
| 807 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 808 | assert_equal(st, True) |
| 809 | st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -d {} -j ACCEPT'.format(vcpe_name,host)) |
| 810 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 811 | assert_equal(st,False) |
| 812 | finally: |
| 813 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host)) |
| 814 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j ACCEPT'.format(vcpe_name,host)) |
| 815 | self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf) |
| 816 | vsg.run_cmd('sudo docker restart {}'.format(vcpe_name)) |
| 817 | df.callback(0) |
| 818 | reactor.callLater(0, vcpe_firewall, df) |
| 819 | return df |
Anil Kumar Sanka | d47023a | 2017-03-29 21:11:09 +0000 | [diff] [blame] | 820 | |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 821 | @deferred(TIMEOUT) #Fail |
| 822 | def test_vsg_firewall_denying_destination_network(self,vcpe_name=None,vcpe_intf=None): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 823 | """ |
| 824 | Algo: |
| 825 | 1. Get vSG corresponding to vcpe |
| 826 | 2. Login to compute node |
| 827 | 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet |
| 828 | 4. From cord-tester ping to the denied IP address IP1 in the denied subnet |
| 829 | 5. Verifying that ping should not be successful |
| 830 | 6. From cord-tester ping to the denied IP address IP2 in the denied subnet |
| 831 | 7. Verifying that ping should not be successful |
| 832 | """ |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 833 | if not vcpe_name: |
| 834 | vcpe_name = self.vcpe_container |
| 835 | if not vcpe_intf: |
| 836 | vcpe_intf = self.vcpe_dhcp |
| 837 | df = defer.Deferred() |
| 838 | def vcpe_firewall(df): |
| 839 | network = '204.79.197.192/28' |
| 840 | host1 = '204.79.197.203' |
| 841 | host2 = '204.79.197.210' |
| 842 | vsg = VSGAccess.get_vcpe_vsg(vcpe_name) |
| 843 | try: |
| 844 | self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp) |
| 845 | st, _ = getstatusoutput('ping -c 1 {}'.format(host1)) |
| 846 | assert_equal(st, False) |
| 847 | st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network)) |
| 848 | st, _ = getstatusoutput('ping -c 1 {}'.format(host1)) |
| 849 | assert_equal(st, True) |
| 850 | st, _ = getstatusoutput('ping -c 1 {}'.format(host2)) |
| 851 | assert_equal(st,False) |
| 852 | finally: |
| 853 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network)) |
| 854 | self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf) |
| 855 | vsg.run_cmd('sudo docker restart {}'.format(vcpe_name)) |
| 856 | df.callback(0) |
| 857 | reactor.callLater(0, vcpe_firewall, df) |
| 858 | return df |
Anil Kumar Sanka | d47023a | 2017-03-29 21:11:09 +0000 | [diff] [blame] | 859 | |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 860 | @deferred(TIMEOUT) |
| 861 | def test_vsg_firewall_denying_destination_network_subnet_modification(self,vcpe_name=None,vcpe_intf=None): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 862 | """ |
| 863 | Algo: |
| 864 | 1. Get vSG corresponding to vcpe |
| 865 | 2. Login to compute node |
| 866 | 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet |
| 867 | 4. From cord-tester ping to the denied IP address IP1 in the denied subnet |
| 868 | 5. Verifying that ping should not be successful |
| 869 | 6. From cord-tester ping to the denied IP address IP2 in the denied subnet |
| 870 | 7. Verifying that ping should not be successful |
| 871 | """ |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 872 | if not vcpe_name: |
| 873 | vcpe_name = self.vcpe_container |
| 874 | if not vcpe_intf: |
| 875 | vcpe_intf = self.vcpe_dhcp |
| 876 | df = defer.Deferred() |
| 877 | def vcpe_firewall(df): |
| 878 | network1 = '204.79.197.192/28' |
| 879 | network2 = '204.79.197.192/27' |
| 880 | host1 = '204.79.197.203' |
| 881 | host2 = '204.79.197.210' |
| 882 | host3 = '204.79.197.224' |
| 883 | vsg = VSGAccess.get_vcpe_vsg(vcpe_name) |
| 884 | try: |
| 885 | self.add_static_route_via_vcpe_interface([host1,host2,host3],vcpe=self.vcpe_dhcp) |
| 886 | st, _ = getstatusoutput('ping -c 1 {}'.format(host1)) |
| 887 | assert_equal(st, False) |
| 888 | st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network1)) |
| 889 | st, _ = getstatusoutput('ping -c 1 {}'.format(host1)) |
| 890 | assert_equal(st, True) |
| 891 | st, _ = getstatusoutput('ping -c 1 {}'.format(host2)) |
| 892 | assert_equal(st,False) |
| 893 | st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP'.format(vcpe_name,network2)) |
| 894 | st, _ = getstatusoutput('ping -c 1 {}'.format(host1)) |
| 895 | assert_equal(st, True) |
| 896 | st, _ = getstatusoutput('ping -c 1 {}'.format(host2)) |
| 897 | assert_equal(st, True) |
| 898 | st, _ = getstatusoutput('ping -c 1 {}'.format(host3)) |
| 899 | assert_equal(st, False) |
| 900 | finally: |
| 901 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network1)) |
| 902 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network2)) |
| 903 | self.del_static_route_via_vcpe_interface([host1,host2,host3],vcpe=vcpe_intf) |
| 904 | vsg.run_cmd('sudo docker restart {}'.format(vcpe_name)) |
| 905 | df.callback(0) |
| 906 | reactor.callLater(0, vcpe_firewall, df) |
| 907 | return df |
Anil Kumar Sanka | d47023a | 2017-03-29 21:11:09 +0000 | [diff] [blame] | 908 | |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 909 | @deferred(TIMEOUT) |
| 910 | def test_vsg_firewall_with_deny_source_ip(self,vcpe_name=None,vcpe_intf=None): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 911 | """ |
| 912 | Algo: |
| 913 | 1. Get vSG corresponding to vcpe |
| 914 | 2. Login to compute node |
| 915 | 3. Execute iptable command on vcpe from compute node to deny a source IP |
| 916 | 4. From cord-tester ping to 8.8.8.8 from the denied IP |
| 917 | 5. Verifying that ping should not be successful |
| 918 | """ |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 919 | if not vcpe_name: |
| 920 | vcpe_name = self.vcpe_container |
| 921 | if not vcpe_intf: |
| 922 | vcpe_intf = self.vcpe_dhcp |
| 923 | df = defer.Deferred() |
| 924 | def vcpe_firewall(df): |
| 925 | host = '8.8.8.8' |
| 926 | #source_ip = get_ip(self.vcpe_dhcp) |
| 927 | vsg = VSGAccess.get_vcpe_vsg(vcpe_name) |
| 928 | try: |
| 929 | self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp) |
| 930 | source_ip = get_ip(self.vcpe_dhcp) |
| 931 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 932 | assert_equal(st, False) |
| 933 | st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip)) |
| 934 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 935 | assert_equal(st, True) |
| 936 | finally: |
| 937 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip)) |
| 938 | self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf) |
| 939 | vsg.run_cmd('sudo docker restart {}'.format(vcpe_name)) |
| 940 | df.callback(0) |
| 941 | reactor.callLater(0, vcpe_firewall, df) |
| 942 | return df |
Anil Kumar Sanka | d47023a | 2017-03-29 21:11:09 +0000 | [diff] [blame] | 943 | |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 944 | @deferred(TIMEOUT) |
| 945 | def test_vsg_firewall_rule_with_add_and_delete_deny_source_ip(self,vcpe_name=None,vcpe_intf=None): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 946 | """ |
| 947 | Algo: |
| 948 | 1. Get vSG corresponding to vcpe |
| 949 | 2. Login to compute node |
| 950 | 3. Execute iptable command on vcpe from compute node to deny a source IP |
| 951 | 4. From cord-tester ping to 8.8.8.8 from the denied IP |
| 952 | 5. Verifying that ping should not be successful |
| 953 | 6. Delete the iptable rule in vcpe |
| 954 | 7. From cord-tester ping to 8.8.8.8 from the denied IP |
| 955 | 8. Verifying the ping should success |
| 956 | """ |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 957 | if not vcpe_name: |
| 958 | vcpe_name = self.vcpe_container |
| 959 | if not vcpe_intf: |
| 960 | vcpe_intf = self.vcpe_dhcp |
| 961 | df = defer.Deferred() |
| 962 | def vcpe_firewall(df): |
| 963 | host = '8.8.8.8' |
| 964 | source_ip = get_ip(self.vcpe_dhcp) |
| 965 | vsg = VSGAccess.get_vcpe_vsg(vcpe_name) |
| 966 | try: |
| 967 | self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp) |
| 968 | source_ip = get_ip(self.vcpe_dhcp) |
| 969 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 970 | assert_equal(st, False) |
| 971 | st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip)) |
| 972 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 973 | assert_equal(st, True) |
| 974 | st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip)) |
| 975 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 976 | assert_equal(st, False) |
| 977 | finally: |
| 978 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip)) |
| 979 | self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf) |
| 980 | vsg.run_cmd('sudo docker restart {}'.format(vcpe_name)) |
| 981 | df.callback(0) |
| 982 | reactor.callLater(0, vcpe_firewall, df) |
| 983 | return df |
Anil Kumar Sanka | d47023a | 2017-03-29 21:11:09 +0000 | [diff] [blame] | 984 | |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 985 | @deferred(TIMEOUT) |
| 986 | def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_requests_type(self,vcpe_name=None,vcpe_intf=None): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 987 | """ |
| 988 | Algo: |
| 989 | 1. Get vSG corresponding to vcpe |
| 990 | 2. Login to compute node |
| 991 | 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets |
| 992 | 4. From cord-tester ping to 8.8.8.8 |
| 993 | 5. Verifying that ping should not be successful |
| 994 | 6. Delete the iptable rule |
| 995 | 7. From cord-tester ping to 8.8.8.8 |
| 996 | 8. Verifying the ping should success |
| 997 | """ |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 998 | if not vcpe_name: |
| 999 | vcpe_name = self.vcpe_container |
| 1000 | if not vcpe_intf: |
| 1001 | vcpe_intf = self.vcpe_dhcp |
| 1002 | df = defer.Deferred() |
| 1003 | def vcpe_firewall(df): |
| 1004 | host = '8.8.8.8' |
| 1005 | vsg = VSGAccess.get_vcpe_vsg(vcpe_name) |
| 1006 | try: |
| 1007 | self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp) |
| 1008 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1009 | assert_equal(st, False) |
| 1010 | st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name)) |
| 1011 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1012 | assert_equal(st, True) |
| 1013 | st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name)) |
| 1014 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1015 | assert_equal(st, False) |
| 1016 | finally: |
| 1017 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name)) |
| 1018 | self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf) |
| 1019 | vsg.run_cmd('sudo docker restart {}'.format(vcpe_name)) |
| 1020 | df.callback(0) |
| 1021 | reactor.callLater(0, vcpe_firewall, df) |
| 1022 | return df |
Anil Kumar Sanka | d47023a | 2017-03-29 21:11:09 +0000 | [diff] [blame] | 1023 | |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 1024 | @deferred(TIMEOUT) |
| 1025 | def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 1026 | """ |
| 1027 | Algo: |
| 1028 | 1. Get vSG corresponding to vcpe |
| 1029 | 2. Login to compute node |
| 1030 | 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets |
| 1031 | 4. From cord-tester ping to 8.8.8.8 |
| 1032 | 5. Verifying that ping should not be successful |
| 1033 | 6. Delete the iptable rule |
| 1034 | 7. From cord-tester ping to 8.8.8.8 |
| 1035 | 8. Verifying the ping should success |
| 1036 | """ |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 1037 | if not vcpe_name: |
| 1038 | vcpe_name = self.vcpe_container |
| 1039 | if not vcpe_intf: |
| 1040 | vcpe_intf = self.vcpe_dhcp |
| 1041 | df = defer.Deferred() |
| 1042 | def vcpe_firewall(df): |
| 1043 | host = '8.8.8.8' |
| 1044 | vsg = VSGAccess.get_vcpe_vsg(vcpe_name) |
| 1045 | try: |
| 1046 | self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp) |
| 1047 | st, _ = getstatusoutput('ping -c 1 {}'.format('8.8.8.8')) |
| 1048 | assert_equal(st, False) |
| 1049 | st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name)) |
| 1050 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1051 | assert_equal(st, True) |
| 1052 | st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name)) |
| 1053 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1054 | assert_equal(st,False) |
| 1055 | finally: |
| 1056 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name)) |
| 1057 | self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf) |
| 1058 | vsg.run_cmd('sudo docker restart {}'.format(vcpe_name)) |
| 1059 | df.callback(0) |
| 1060 | reactor.callLater(0, vcpe_firewall, df) |
| 1061 | return df |
Anil Kumar Sanka | d47023a | 2017-03-29 21:11:09 +0000 | [diff] [blame] | 1062 | |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 1063 | @deferred(TIMEOUT) |
| 1064 | def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_requests_type(self,vcpe_name=None,vcpe_intf=None): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 1065 | """ |
| 1066 | Algo: |
| 1067 | 1. Get vSG corresponding to vcpe |
| 1068 | 2. Login to compute node |
| 1069 | 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets |
| 1070 | 4. From cord-tester ping to 8.8.8.8 |
| 1071 | 5. Verifying that ping should not be successful |
| 1072 | 6. Insert another rule to accept the icmp-echo requests protocol packets |
| 1073 | 7. From cord-tester ping to 8.8.8.8 |
| 1074 | 8. Verifying the ping should success |
| 1075 | """ |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 1076 | if not vcpe_name: |
| 1077 | vcpe_name = self.vcpe_container |
| 1078 | if not vcpe_intf: |
| 1079 | vcpe_intf = self.vcpe_dhcp |
| 1080 | df = defer.Deferred() |
| 1081 | def vcpe_firewall(df): |
| 1082 | host = '8.8.8.8' |
| 1083 | vsg = VSGAccess.get_vcpe_vsg(vcpe_name) |
| 1084 | try: |
| 1085 | self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp) |
| 1086 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1087 | assert_equal(st, False) |
| 1088 | st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name)) |
| 1089 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1090 | assert_equal(st, True) |
| 1091 | st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name)) |
| 1092 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1093 | assert_equal(st,False) |
| 1094 | finally: |
| 1095 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name)) |
| 1096 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name)) |
| 1097 | self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf) |
| 1098 | vsg.run_cmd('sudo docker restart {}'.format(vcpe_name)) |
| 1099 | df.callback(0) |
| 1100 | reactor.callLater(0, vcpe_firewall, df) |
| 1101 | return df |
Anil Kumar Sanka | d47023a | 2017-03-29 21:11:09 +0000 | [diff] [blame] | 1102 | |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 1103 | @deferred(TIMEOUT) |
| 1104 | def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None): |
| 1105 | """ |
| 1106 | Algo: |
| 1107 | 1. Get vSG corresponding to vcpe |
| 1108 | 2. Login to compute node |
| 1109 | 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets |
| 1110 | 4. From cord-tester ping to 8.8.8.8 |
| 1111 | 5. Verifying the ping should not success |
| 1112 | 6. Insert another rule to accept the icmp-echo requests protocol packets |
| 1113 | 7. From cord-tester ping to 8.8.8.8 |
| 1114 | 8. Verifying the ping should success |
| 1115 | """ |
| 1116 | if not vcpe_name: |
| 1117 | vcpe_name = self.vcpe_container |
| 1118 | if not vcpe_intf: |
| 1119 | vcpe_intf = self.vcpe_dhcp |
| 1120 | df = defer.Deferred() |
| 1121 | def vcpe_firewall(df): |
| 1122 | host = '8.8.8.8' |
| 1123 | vsg = VSGAccess.get_vcpe_vsg(vcpe_name) |
| 1124 | try: |
| 1125 | self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp) |
| 1126 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1127 | assert_equal(st, False) |
| 1128 | st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name)) |
| 1129 | st,_ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1130 | assert_equal(st, True) |
| 1131 | st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name)) |
| 1132 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1133 | assert_equal(st,False) |
| 1134 | finally: |
| 1135 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name)) |
| 1136 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name)) |
| 1137 | self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf) |
| 1138 | vsg.run_cmd('sudo docker restart {}'.format(vcpe_name)) |
| 1139 | df.callback(0) |
| 1140 | reactor.callLater(0, vcpe_firewall, df) |
| 1141 | return df |
Anil Kumar Sanka | d47023a | 2017-03-29 21:11:09 +0000 | [diff] [blame] | 1142 | |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 1143 | @deferred(TIMEOUT) |
| 1144 | def test_vsg_firewall_for_deny_icmp_protocol(self,vcpe_name=None,vcpe_intf=None): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 1145 | """ |
| 1146 | Algo: |
| 1147 | 1. Get vSG corresponding to vcpe |
| 1148 | 2. Login to compute node |
| 1149 | 3. Execute iptable command on vcpe from compute node to deny icmp protocol packets |
| 1150 | 4. From cord-tester ping to 8.8.8.8 |
| 1151 | 5. Verifying that ping should not be successful |
| 1152 | 6. Delete the iptable rule |
| 1153 | 7. From cord-tester ping to 8.8.8.8 |
| 1154 | 8. Verifying the ping should success |
| 1155 | """ |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 1156 | if not vcpe_name: |
| 1157 | vcpe_name = self.vcpe_container |
| 1158 | if not vcpe_intf: |
| 1159 | vcpe_intf = self.vcpe_dhcp |
| 1160 | df = defer.Deferred() |
| 1161 | def vcpe_firewall(df): |
| 1162 | host = '8.8.8.8' |
| 1163 | vsg = VSGAccess.get_vcpe_vsg(vcpe_name) |
| 1164 | try: |
| 1165 | self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp) |
| 1166 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1167 | assert_equal(st, False) |
| 1168 | st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name)) |
| 1169 | st,_ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1170 | assert_equal(st, True) |
| 1171 | st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name)) |
| 1172 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1173 | assert_equal(st,False) |
| 1174 | finally: |
| 1175 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name)) |
| 1176 | self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf) |
| 1177 | vsg.run_cmd('sudo docker restart {}'.format(vcpe_name)) |
| 1178 | df.callback(0) |
| 1179 | reactor.callLater(0, vcpe_firewall, df) |
| 1180 | return df |
Anil Kumar Sanka | d47023a | 2017-03-29 21:11:09 +0000 | [diff] [blame] | 1181 | |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 1182 | @deferred(TIMEOUT) |
| 1183 | def test_vsg_firewall_rule_deny_icmp_protocol_and_destination_ip(self,vcpe_name=None,vcpe_intf=None): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 1184 | """ |
| 1185 | Algo: |
| 1186 | 1. Get vSG corresponding to vcpe |
| 1187 | 2. Login to compute node |
| 1188 | 3. Execute iptable command on vcpe from compute node to deny a destination IP |
| 1189 | 4. From cord-tester ping to 8.8.8.8 |
| 1190 | 5. Verifying that ping should not be successful |
| 1191 | 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets |
| 1192 | 7. From cord-tester ping to 8.8.8.8 |
| 1193 | 8. Verifying the ping should success |
| 1194 | 9. Delete the rule added in step 3 |
| 1195 | 10. From cord-tester ping to 8.8.8.8 |
| 1196 | 11. Verifying that ping should not be successful |
| 1197 | 12. Delete the rule added in step 6 |
| 1198 | 13. From cord-tester ping to 8.8.8.8 |
| 1199 | 14. Verifying the ping should success |
| 1200 | """ |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 1201 | if not vcpe_name: |
| 1202 | vcpe_name = self.vcpe_container |
| 1203 | if not vcpe_intf: |
| 1204 | vcpe_intf = self.vcpe_dhcp |
| 1205 | df = defer.Deferred() |
| 1206 | def vcpe_firewall(df): |
| 1207 | host = '8.8.8.8' |
| 1208 | vsg = VSGAccess.get_vcpe_vsg(vcpe_name) |
| 1209 | try: |
| 1210 | self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp) |
| 1211 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1212 | assert_equal(st, False) |
| 1213 | st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host)) |
| 1214 | st,_ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1215 | assert_equal(st, True) |
| 1216 | st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name)) |
| 1217 | st,_ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1218 | assert_equal(st, True) |
| 1219 | st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host)) |
| 1220 | st,_ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1221 | assert_equal(st, True) |
| 1222 | st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name)) |
| 1223 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1224 | assert_equal(st,False) |
| 1225 | finally: |
| 1226 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host)) |
| 1227 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name)) |
| 1228 | self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf) |
| 1229 | vsg.run_cmd('sudo docker restart {}'.format(vcpe_name)) |
| 1230 | df.callback(0) |
| 1231 | reactor.callLater(0, vcpe_firewall, df) |
| 1232 | return df |
Anil Kumar Sanka | d47023a | 2017-03-29 21:11:09 +0000 | [diff] [blame] | 1233 | |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 1234 | @deferred(TIMEOUT) #Fail |
| 1235 | def test_vsg_firewall_flushing_all_configured_rules(self,vcpe_name=None,vcpe_intf=None): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 1236 | """ |
| 1237 | Algo: |
| 1238 | 1. Get vSG corresponding to vcpe |
| 1239 | 2. Login to compute node |
| 1240 | 3. Execute iptable command on vcpe from compute node to deny a destination IP |
| 1241 | 4. From cord-tester ping to 8.8.8.8 |
| 1242 | 5. Verifying that ping should not be successful |
| 1243 | 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets |
| 1244 | 7. From cord-tester ping to 8.8.8.8 |
| 1245 | 8. Verifying the ping should success |
| 1246 | 9. Flush all the iptable rules configuraed in vcpe |
| 1247 | 10. Delete the rule added in step 6 |
| 1248 | 11. From cord-tester ping to 8.8.8.8 |
| 1249 | 12. Verifying the ping should success |
| 1250 | """ |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 1251 | if not vcpe_name: |
| 1252 | vcpe_name = self.vcpe_container |
| 1253 | if not vcpe_intf: |
| 1254 | vcpe_intf = self.vcpe_dhcp |
| 1255 | df = defer.Deferred() |
| 1256 | def vcpe_firewall(df): |
| 1257 | host = '8.8.8.8' |
| 1258 | vsg = VSGAccess.get_vcpe_vsg(vcpe_name) |
| 1259 | try: |
| 1260 | self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp) |
| 1261 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1262 | assert_equal(st, False) |
| 1263 | st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host)) |
| 1264 | st,_ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1265 | assert_equal(st, True) |
| 1266 | st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name)) |
| 1267 | st,_ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1268 | assert_equal(st, True) |
| 1269 | st,output = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name)) |
| 1270 | time.sleep(1) |
| 1271 | st,_ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1272 | assert_equal(st, False) |
| 1273 | finally: |
| 1274 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host)) |
| 1275 | self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf) |
| 1276 | vsg.run_cmd('sudo docker restart {}'.format(vcpe_name)) |
| 1277 | df.callback(0) |
| 1278 | reactor.callLater(0, vcpe_firewall, df) |
| 1279 | return df |
Anil Kumar Sanka | d47023a | 2017-03-29 21:11:09 +0000 | [diff] [blame] | 1280 | |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 1281 | @deferred(TIMEOUT) |
| 1282 | def test_vsg_firewall_deny_all_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 1283 | """ |
| 1284 | Algo: |
| 1285 | 1. Get vSG corresponding to vcpe |
| 1286 | 2. Login to compute node |
| 1287 | 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic |
| 1288 | 4. From cord-tester ping to 8.8.8.8 |
| 1289 | 5. Verifying that ping should not be successful |
| 1290 | 6. Delete the iptable rule added |
| 1291 | 7. From cord-tester ping to 8.8.8.8 |
| 1292 | 8. Verifying the ping should success |
| 1293 | """ |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 1294 | if not vcpe_name: |
| 1295 | vcpe_name = self.vcpe_container |
| 1296 | if not vcpe_intf: |
| 1297 | vcpe_intf = self.vcpe_dhcp |
| 1298 | df = defer.Deferred() |
| 1299 | def vcpe_firewall(df): |
| 1300 | host = '8.8.8.8' |
| 1301 | vsg = VSGAccess.get_vcpe_vsg(vcpe_name) |
| 1302 | try: |
| 1303 | self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp) |
| 1304 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1305 | assert_equal(st, False) |
| 1306 | st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name)) |
| 1307 | st,_ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1308 | assert_equal(st, True) |
| 1309 | st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name)) |
| 1310 | st,_ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1311 | assert_equal(st, False) |
| 1312 | finally: |
| 1313 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name)) |
| 1314 | self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf) |
| 1315 | vsg.run_cmd('sudo docker restart {}'.format(vcpe_name)) |
| 1316 | df.callback(0) |
| 1317 | reactor.callLater(0, vcpe_firewall, df) |
| 1318 | return df |
Anil Kumar Sanka | 966c193 | 2017-03-31 00:48:31 +0000 | [diff] [blame] | 1319 | |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 1320 | @deferred(TIMEOUT) |
| 1321 | def test_vsg_firewall_replacing_deny_rule_to_accept_rule_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 1322 | """ |
| 1323 | Algo: |
| 1324 | 1. Get vSG corresponding to vcpe |
| 1325 | 2. Login to compute node |
| 1326 | 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic |
| 1327 | 4. From cord-tester ping to 8.8.8.8 |
| 1328 | 5. Verifying that ping should not be successful |
| 1329 | 6. Replace the deny rule added in step 3 with accept rule |
| 1330 | 7. From cord-tester ping to 8.8.8.8 |
| 1331 | 8. Verifying the ping should success |
| 1332 | """ |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 1333 | if not vcpe_name: |
| 1334 | vcpe_name = self.vcpe_container |
| 1335 | if not vcpe_intf: |
| 1336 | vcpe_intf = self.vcpe_dhcp |
| 1337 | df = defer.Deferred() |
| 1338 | def vcpe_firewall(df): |
| 1339 | host = '8.8.8.8' |
| 1340 | vsg = VSGAccess.get_vcpe_vsg(vcpe_name) |
| 1341 | try: |
| 1342 | self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp) |
| 1343 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1344 | assert_equal(st, False) |
| 1345 | st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name)) |
| 1346 | st,_ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1347 | assert_equal(st, True) |
| 1348 | st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -4 -j ACCEPT'.format(vcpe_name)) |
| 1349 | st,_ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1350 | assert_equal(st, False) |
| 1351 | finally: |
| 1352 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name)) |
| 1353 | self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf) |
| 1354 | vsg.run_cmd('sudo docker restart {}'.format(vcpe_name)) |
| 1355 | df.callback(0) |
| 1356 | reactor.callLater(0, vcpe_firewall, df) |
| 1357 | return df |
Anil Kumar Sanka | 966c193 | 2017-03-31 00:48:31 +0000 | [diff] [blame] | 1358 | |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 1359 | @deferred(TIMEOUT) |
| 1360 | def test_vsg_firewall_deny_all_traffic_coming_on_lan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None): |
| 1361 | """ |
| 1362 | Algo: |
| 1363 | 1. Get vSG corresponding to vcpe |
| 1364 | 2. Login to compute node |
| 1365 | 3. Execute iptable command on vcpe from compute node to deny all the traffic coming on lan interface inside vcpe container |
| 1366 | 4. From cord-tester ping to 8.8.8.8 |
| 1367 | 5. Verifying the ping should not success |
| 1368 | 6. Delete the iptable rule added |
| 1369 | 7. From cord-tester ping to 8.8.8.8 |
| 1370 | 8. Verifying the ping should success |
| 1371 | """ |
| 1372 | if not vcpe_name: |
| 1373 | vcpe_name = self.vcpe_container |
| 1374 | if not vcpe_intf: |
| 1375 | vcpe_intf = self.vcpe_dhcp |
| 1376 | df = defer.Deferred() |
| 1377 | def vcpe_firewall(df): |
| 1378 | host = '8.8.8.8' |
| 1379 | vsg = VSGAccess.get_vcpe_vsg(vcpe_name) |
| 1380 | try: |
| 1381 | self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp) |
| 1382 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1383 | assert_equal(st, False) |
| 1384 | st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -j DROP'.format(vcpe_name)) |
| 1385 | st,_ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1386 | assert_equal(st, True) |
| 1387 | st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name)) |
| 1388 | st,_ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1389 | assert_equal(st, False) |
| 1390 | finally: |
| 1391 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name)) |
| 1392 | self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf) |
| 1393 | vsg.run_cmd('sudo docker restart {}'.format(vcpe_name)) |
| 1394 | df.callback(0) |
| 1395 | reactor.callLater(0, vcpe_firewall, df) |
| 1396 | return df |
| 1397 | |
| 1398 | @deferred(TIMEOUT) |
| 1399 | def test_vsg_firewall_deny_all_traffic_going_out_of_wan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None): |
| 1400 | """ |
| 1401 | Algo: |
| 1402 | 1. Get vSG corresponding to vcpe |
| 1403 | 2. Login to compute node |
| 1404 | 3. Execute iptable command on vcpe from compute node to deny all the traffic going out of wan interface inside vcpe container |
| 1405 | 4. From cord-tester ping to 8.8.8.8 |
| 1406 | 5. Verifying the ping should not success |
| 1407 | 6. Delete the iptable rule added |
| 1408 | 7. From cord-tester ping to 8.8.8.8 |
| 1409 | 8. Verifying the ping should success |
| 1410 | """ |
| 1411 | if not vcpe_name: |
| 1412 | vcpe_name = self.vcpe_container |
| 1413 | if not vcpe_intf: |
| 1414 | vcpe_intf = self.vcpe_dhcp |
| 1415 | df = defer.Deferred() |
| 1416 | def vcpe_firewall(df): |
| 1417 | host = '8.8.8.8' |
| 1418 | vsg = VSGAccess.get_vcpe_vsg(vcpe_name) |
| 1419 | try: |
| 1420 | self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp) |
| 1421 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1422 | assert_equal(st, False) |
| 1423 | st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -o eth0 -j DROP'.format(vcpe_name)) |
| 1424 | st,_ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1425 | assert_equal(st, True) |
| 1426 | st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name)) |
| 1427 | st,_ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1428 | assert_equal(st, False) |
| 1429 | finally: |
| 1430 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name)) |
| 1431 | self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf) |
| 1432 | vsg.run_cmd('sudo docker restart {}'.format(vcpe_name)) |
| 1433 | df.callback(0) |
| 1434 | reactor.callLater(0, vcpe_firewall, df) |
| 1435 | return df |
| 1436 | |
| 1437 | @deferred(TIMEOUT) |
| 1438 | def test_vsg_firewall_deny_all_traffic_from_lan_to_wan_in_vcpe(self,vcpe_name=None,vcpe_intf=None): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 1439 | """ |
| 1440 | Algo: |
| 1441 | 1. Get vSG corresponding to vcpe |
| 1442 | 2. Login to compute node |
| 1443 | 3. Execute iptable command on vcpe from compute node to deny all the traffic from lan to wan interface in vcpe |
| 1444 | 4. From cord-tester ping to 8.8.8.8 |
| 1445 | 5. Verifying that ping should not be successful |
| 1446 | 6. Delete the iptable rule added |
| 1447 | 7. From cord-tester ping to 8.8.8.8 |
| 1448 | 8. Verifying the ping should success |
| 1449 | """ |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 1450 | if not vcpe_name: |
| 1451 | vcpe_name = self.vcpe_container |
| 1452 | if not vcpe_intf: |
| 1453 | vcpe_intf = self.vcpe_dhcp |
| 1454 | df = defer.Deferred() |
| 1455 | def vcpe_firewall(df): |
| 1456 | host = '8.8.8.8' |
| 1457 | vsg = VSGAccess.get_vcpe_vsg(vcpe_name) |
| 1458 | try: |
| 1459 | self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp) |
| 1460 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1461 | assert_equal(st, False) |
| 1462 | st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name)) |
| 1463 | st,_ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1464 | assert_equal(st, True) |
| 1465 | st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name)) |
| 1466 | st,_ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1467 | assert_equal(st, False) |
| 1468 | finally: |
| 1469 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name)) |
| 1470 | self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf) |
| 1471 | vsg.run_cmd('sudo docker restart {}'.format(vcpe_name)) |
| 1472 | df.callback(0) |
| 1473 | reactor.callLater(0, vcpe_firewall, df) |
| 1474 | return df |
Anil Kumar Sanka | 966c193 | 2017-03-31 00:48:31 +0000 | [diff] [blame] | 1475 | |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 1476 | |
| 1477 | #this test case needs modification.default route should be vcpe interface to run this test case |
| 1478 | @deferred(TIMEOUT) |
| 1479 | def test_vsg_firewall_deny_all_dns_traffic(self,vcpe_name=None,vcpe_intf=None): |
| 1480 | """ |
| 1481 | Algo: |
| 1482 | 1. Get vSG corresponding to vcpe |
| 1483 | 2. Login to compute node |
| 1484 | 3. Execute iptable command on vcpe from compute node to deny all dns Traffic |
| 1485 | 4. From cord-tester ping to www.google.com |
| 1486 | 5. Verifying the ping should not success |
| 1487 | 6. Delete the iptable rule added |
| 1488 | 7. From cord-tester ping to www.google.com |
| 1489 | 8. Verifying the ping should success |
| 1490 | """ |
| 1491 | if not vcpe_name: |
| 1492 | vcpe_name = self.vcpe_container |
| 1493 | if not vcpe_intf: |
| 1494 | vcpe_intf = self.vcpe_dhcp |
| 1495 | df = defer.Deferred() |
| 1496 | def vcpe_firewall(df): |
| 1497 | host = 'www.msn.com' |
| 1498 | host_ip = '131.253.33.203' |
| 1499 | vsg = VSGAccess.get_vcpe_vsg(vcpe_name) |
| 1500 | try: |
| 1501 | self.add_static_route_via_vcpe_interface([host_ip],vcpe=self.vcpe_dhcp) |
| 1502 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1503 | assert_equal(st, False) |
| 1504 | st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name)) |
| 1505 | st,_ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1506 | assert_equal(st, True) |
| 1507 | st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p udp --dport 53 -j ACCEPT'.format(vcpe_name)) |
| 1508 | st,_ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1509 | assert_equal(st, False) |
| 1510 | finally: |
| 1511 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name)) |
| 1512 | self.del_static_route_via_vcpe_interface([host_ip],vcpe=vcpe_intf) |
| 1513 | vsg.run_cmd('sudo docker restart {}'.format(vcpe_name)) |
| 1514 | df.callback(0) |
| 1515 | reactor.callLater(0, vcpe_firewall, df) |
| 1516 | return df |
| 1517 | |
| 1518 | @deferred(TIMEOUT) |
| 1519 | def test_vsg_firewall_deny_all_ipv4_traffic_vcpe_container_restart(self,vcpe_name=None,vcpe_intf=None): |
Anil Kumar Sanka | 72755c9 | 2017-04-06 17:19:02 +0000 | [diff] [blame] | 1520 | """ |
| 1521 | Algo: |
| 1522 | 1. Get vSG corresponding to vcpe |
| 1523 | 2. Login to compute node |
| 1524 | 3. Execute iptable command on vcpe from compute node to deny all dns Traffic |
| 1525 | 4. From cord-tester ping to www.google.com |
| 1526 | 5. Verifying that ping should not be successful |
| 1527 | 6. Delete the iptable rule added |
| 1528 | 7. From cord-tester ping to www.google.com |
| 1529 | 8. Verifying the ping should success |
| 1530 | """ |
Anil Kumar Sanka | a357c6a | 2017-04-12 17:52:24 +0000 | [diff] [blame^] | 1531 | if not vcpe_name: |
| 1532 | vcpe_name = self.vcpe_container |
| 1533 | if not vcpe_intf: |
| 1534 | vcpe_intf = self.vcpe_dhcp |
| 1535 | df = defer.Deferred() |
| 1536 | def vcpe_firewall(df): |
| 1537 | host = '8.8.8.8' |
| 1538 | vsg = VSGAccess.get_vcpe_vsg(vcpe_name) |
| 1539 | try: |
| 1540 | self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp) |
| 1541 | st, _ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1542 | assert_equal(st, False) |
| 1543 | st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name)) |
| 1544 | st,_ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1545 | assert_equal(st, True) |
| 1546 | st,output = vsg.run_cmd('sudo docker restart {}'.format(vcpe_name)) |
| 1547 | time.sleep(3) |
| 1548 | st,_ = getstatusoutput('ping -c 1 {}'.format(host)) |
| 1549 | assert_equal(st, False) |
| 1550 | finally: |
| 1551 | vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name)) |
| 1552 | self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf) |
| 1553 | vsg.run_cmd('sudo docker restart {}'.format(vcpe_name)) |
| 1554 | df.callback(0) |
| 1555 | reactor.callLater(0, vcpe_firewall, df) |
| 1556 | return df |
Anil Kumar Sanka | 966c193 | 2017-03-31 00:48:31 +0000 | [diff] [blame] | 1557 | |
A.R Karthick | 282f0d3 | 2017-03-28 16:43:59 -0700 | [diff] [blame] | 1558 | def test_vsg_xos_subscriber(self): |
| 1559 | subscriber_info = self.subscriber_info[0] |
| 1560 | volt_subscriber_info = self.volt_subscriber_info[0] |
| 1561 | result = self.restApiXos.ApiPost('TENANT_SUBSCRIBER', subscriber_info) |
| 1562 | assert_equal(result, True) |
| 1563 | result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER') |
| 1564 | assert_not_equal(result, None) |
| 1565 | subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num']) |
| 1566 | assert_not_equal(subId, '0') |
| 1567 | log.info('Subscriber ID for account num %d = %s' %(volt_subscriber_info['account_num'], subId)) |
| 1568 | volt_tenant = volt_subscriber_info['voltTenant'] |
| 1569 | #update the subscriber id in the tenant info before making the rest |
| 1570 | volt_tenant['subscriber'] = subId |
| 1571 | result = self.restApiXos.ApiPost('TENANT_VOLT', volt_tenant) |
| 1572 | assert_equal(result, True) |
| 1573 | |
Chetan Gaonker | 5241883 | 2017-01-26 23:03:13 +0000 | [diff] [blame] | 1574 | def test_vsg_for_dns_service(self): |
Anil Kumar Sanka | 1213d4c | 2017-02-23 22:50:48 +0000 | [diff] [blame] | 1575 | """ |
| 1576 | Algo: |
| 1577 | 1. Create a test client in Prod VM |
| 1578 | 2. Create a vCPE container in vSG VM inside compute Node |
| 1579 | 3. Ensure vSG VM and vCPE container created properly |
| 1580 | 4. Enable dns service in vCPE ( if not by default ) |
| 1581 | 5. Send ping request from test client to valid domain address say, 'www.google'com |
| 1582 | 6. Verify that dns should resolve ping should success |
| 1583 | 7. Now send ping request to invalid domain address say 'www.invalidaddress'.com' |
| 1584 | 8. Verify that dns resolve should fail and hence ping |
| 1585 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 1586 | |
Anil Kumar Sanka | 1213d4c | 2017-02-23 22:50:48 +0000 | [diff] [blame] | 1587 | def test_vsg_for_10_subscribers_for_same_service(self): |
| 1588 | """ |
| 1589 | Algo: |
| 1590 | 1.Create a vSG VM in compute node |
| 1591 | 2.Create 10 vCPE containers for 10 subscribers, in vSG VM |
| 1592 | 3.Ensure vSG VM and vCPE container created properly |
| 1593 | 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to valid external public IP |
| 1594 | 5.Verify that ping success for all 10 subscribers |
| 1595 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 1596 | |
Anil Kumar Sanka | 1213d4c | 2017-02-23 22:50:48 +0000 | [diff] [blame] | 1597 | def test_vsg_for_10_subscribers_for_same_service_ping_invalid_ip(self): |
| 1598 | """ |
| 1599 | Algo: |
| 1600 | 1.Create a vSG VM in compute Node |
| 1601 | 2.Create 10 vCPE containers for 10 subscribers, in vSG VM |
| 1602 | 3.Ensure vSG VM and vCPE container created properly |
| 1603 | 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to invalid IP |
| 1604 | 5.Verify that ping fails for all 10 subscribers |
| 1605 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 1606 | |
Anil Kumar Sanka | 1213d4c | 2017-02-23 22:50:48 +0000 | [diff] [blame] | 1607 | def test_vsg_for_10_subscribers_for_same_service_ping_valid_and_invalid_ip(self): |
| 1608 | """ |
| 1609 | Algo: |
| 1610 | 1.Create a vSG VM in VM |
| 1611 | 2.Create 10 vCPE containers for 10 subscribers, in vSG VM |
| 1612 | 3.Ensure vSG VM and vCPE container created properly |
| 1613 | 4.From first 5 subscribers, with same s-tag and different c-tag, send a ping to valid IP |
| 1614 | 5.Verify that ping success for all 5 subscribers |
| 1615 | 6.From next 5 subscribers, with same s-tag and different c-tag, send a ping to invalid IP |
| 1616 | 7.Verify that ping fails for all 5 subscribers |
| 1617 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 1618 | |
Anil Kumar Sanka | 1213d4c | 2017-02-23 22:50:48 +0000 | [diff] [blame] | 1619 | def test_vsg_for_100_subscribers_for_same_service(self): |
| 1620 | """ |
| 1621 | Algo: |
| 1622 | 1.Create a vSG VM in compute node |
| 1623 | 2.Create 100 vCPE containers for 100 subscribers, in vSG VM |
| 1624 | 3.Ensure vSG VM and vCPE container created properly |
| 1625 | 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to valid external public IP |
| 1626 | 5.Verify that ping success for all 100 subscribers |
| 1627 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 1628 | |
Anil Kumar Sanka | 1213d4c | 2017-02-23 22:50:48 +0000 | [diff] [blame] | 1629 | def test_vsg_for_100_subscribers_for_same_service_ping_invalid_ip(self): |
| 1630 | """ |
| 1631 | Algo: |
| 1632 | 1.Create a vSG VM in compute Node |
| 1633 | 2.Create 10 vCPE containers for 100 subscribers, in vSG VM |
| 1634 | 3.Ensure vSG VM and vCPE container created properly |
| 1635 | 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to invalid IP |
| 1636 | 5.Verify that ping fails for all 100 subscribers |
| 1637 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 1638 | |
Anil Kumar Sanka | 1213d4c | 2017-02-23 22:50:48 +0000 | [diff] [blame] | 1639 | def test_vsg_for_100_subscribers_for_same_service_ping_valid_and_invalid_ip(self): |
| 1640 | """ |
| 1641 | Algo: |
| 1642 | 1.Create a vSG VM in VM |
| 1643 | 2.Create 10 vCPE containers for 100 subscribers, in vSG VM |
| 1644 | 3.Ensure vSG VM and vCPE container created properly |
| 1645 | 4.From first 5 subscribers, with same s-tag and different c-tag, send a ping to valid IP |
| 1646 | 5.Verify that ping success for all 5 subscribers |
| 1647 | 6.From next 5 subscribers, with same s-tag and different c-tag, send a ping to invalid IP |
| 1648 | 7.Verify that ping fails for all 5 subscribers |
| 1649 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 1650 | |
Anil Kumar Sanka | 1213d4c | 2017-02-23 22:50:48 +0000 | [diff] [blame] | 1651 | def test_vsg_for_packet_received_with_invalid_ip_fields(self): |
| 1652 | """ |
| 1653 | Algo: |
| 1654 | 1.Create a vSG VM in compute node |
| 1655 | 2.Create a vCPE container in vSG VM |
| 1656 | 3.Ensure vSG VM and vCPE container created properly |
| 1657 | 4.From subscriber, send a ping packet with invalid ip fields |
| 1658 | 5.Verify that vSG drops the packet |
| 1659 | 6.Verify ping fails |
| 1660 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 1661 | |
Anil Kumar Sanka | 1213d4c | 2017-02-23 22:50:48 +0000 | [diff] [blame] | 1662 | def test_vsg_for_packet_received_with_invalid_mac_fields(self): |
| 1663 | """ |
| 1664 | Algo: |
| 1665 | 1.Create a vSG VM in compute node |
| 1666 | 2.Create a vCPE container in vSG VM |
| 1667 | 3.Ensure vSG VM and vCPE container created properly |
| 1668 | 4.From subscriber, send a ping packet with invalid mac fields |
| 1669 | 5.Verify that vSG drops the packet |
| 1670 | 6.Verify ping fails |
| 1671 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 1672 | |
Anil Kumar Sanka | 1213d4c | 2017-02-23 22:50:48 +0000 | [diff] [blame] | 1673 | def test_vsg_for_vlan_id_mismatch_in_stag(self): |
| 1674 | """ |
| 1675 | Algo: |
| 1676 | 1.Create a vSG VM in compute Node |
| 1677 | 2.Create a vCPE container in vSG VM |
| 1678 | 3.Ensure vSG VM and vCPE container created properly |
| 1679 | 4.Send a ping request to external valid IP from subscriber, with incorrect vlan id in s-tag and valid c-tag |
| 1680 | 5.Verify that ping fails as the packet drops at VM entry |
| 1681 | 6.Repeat step 4 with correct s-tag |
| 1682 | 7.Verify that ping success |
| 1683 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 1684 | |
Anil Kumar Sanka | 1213d4c | 2017-02-23 22:50:48 +0000 | [diff] [blame] | 1685 | def test_vsg_for_vlan_id_mismatch_in_ctag(self): |
| 1686 | """ |
| 1687 | Algo: |
| 1688 | 1.Create a vSG VM in compute node |
| 1689 | 2.Create a vCPE container in vSG VM |
| 1690 | 3.Ensure vSG VM and vCPE container created properly |
| 1691 | 4.Send a ping request to external valid IP from subscriber, with valid s-tag and incorrect vlan id in c-tag |
| 1692 | 5.Verify that ping fails as the packet drops at vCPE container entry |
| 1693 | 6.Repeat step 4 with valid s-tag and c-tag |
| 1694 | 7.Verify that ping success |
| 1695 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 1696 | |
Anil Kumar Sanka | 1213d4c | 2017-02-23 22:50:48 +0000 | [diff] [blame] | 1697 | def test_vsg_for_matching_and_mismatching_vlan_id_in_stag(self): |
| 1698 | """ |
| 1699 | Algo: |
| 1700 | 1.Create two vSG VMs in compute node |
| 1701 | 2.Create a vCPE container in each vSG VM |
| 1702 | 3.Ensure vSG VM and vCPE container created properly |
| 1703 | 4.From subscriber one, send ping request with valid s and c tags |
| 1704 | 5.From subscriber two, send ping request with vlan id mismatch in s-tag and valid c tags |
| 1705 | 6.Verify that ping success for only subscriber one and fails for two. |
| 1706 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 1707 | |
Anil Kumar Sanka | 1213d4c | 2017-02-23 22:50:48 +0000 | [diff] [blame] | 1708 | def test_vsg_for_matching_and_mismatching_vlan_id_in_ctag(self): |
| 1709 | """ |
| 1710 | Algo: |
| 1711 | 1.Create a vSG VM in compute node |
| 1712 | 2.Create two vCPE containers in vSG VM |
| 1713 | 3.Ensure vSG VM and vCPE container created properly |
| 1714 | 4.From subscriber one, send ping request with valid s and c tags |
| 1715 | 5.From subscriber two, send ping request with valid s-tag and vlan id mismatch in c-tag |
| 1716 | 6.Verify that ping success for only subscriber one and fails for two |
| 1717 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 1718 | |
Anil Kumar Sanka | 1213d4c | 2017-02-23 22:50:48 +0000 | [diff] [blame] | 1719 | def test_vsg_for_out_of_range_vlanid_in_ctag(self): |
| 1720 | """ |
| 1721 | Algo: |
| 1722 | 1.Create a vSG VM in compute node |
| 1723 | 2.Create a vCPE container in vSG VM |
| 1724 | 3.Ensure vSG VM and vCPE container created properly |
| 1725 | 4.From subscriber, send ping request with valid stag and vlan id in c-tag is an out of range value ( like 0,4097 ) |
| 1726 | 4.Verify that ping fails as the ping packets drops at vCPE container entry |
| 1727 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 1728 | |
Anil Kumar Sanka | 1213d4c | 2017-02-23 22:50:48 +0000 | [diff] [blame] | 1729 | def test_vsg_for_out_of_range_vlanid_in_stag(self): |
| 1730 | """ |
| 1731 | Algo: |
| 1732 | 1.Create a vSG VM in compute node |
| 1733 | 2.Create a vCPE container in vSG VM |
| 1734 | 3.Ensure vSG VM and vCPE container created properly |
| 1735 | 2.From subscriber, send ping request with vlan id in s-tag is an out of range value ( like 0,4097 ), with valid c-tag |
| 1736 | 4.Verify that ping fails as the ping packets drops at vSG VM entry |
| 1737 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 1738 | |
Anil Kumar Sanka | 1213d4c | 2017-02-23 22:50:48 +0000 | [diff] [blame] | 1739 | def test_vsg_without_creating_vcpe_instance(self): |
| 1740 | """ |
| 1741 | Algo: |
| 1742 | 1.Create a vSG VM in compute Node |
| 1743 | 2.Ensure vSG VM created properly |
| 1744 | 3.Do not create vCPE container inside vSG VM |
| 1745 | 4.From a subscriber, send ping to external valid IP |
| 1746 | 5.Verify that ping fails as the ping packet drops at vSG VM entry itself. |
| 1747 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 1748 | |
Anil Kumar Sanka | 1213d4c | 2017-02-23 22:50:48 +0000 | [diff] [blame] | 1749 | def test_vsg_for_remove_vcpe_instance(self): |
| 1750 | """ |
| 1751 | Algo: |
| 1752 | 1.Create a vSG VM in compute node |
| 1753 | 2.Create a vCPE container in vSG VM |
| 1754 | 3.Ensure vSG VM and vCPE container created properly |
| 1755 | 4.From subscriber, send ping request with valid s-tag and c-tag |
| 1756 | 5.Verify that ping success |
| 1757 | 6.Verify ping success flows in OvS switch in compute node |
| 1758 | 7.Now remove the vCPE container in vSG VM |
| 1759 | 8.Ensure that the container removed properly |
| 1760 | 9.Repeat step 4 |
| 1761 | 10.Verify that now, ping fails |
| 1762 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 1763 | |
Anil Kumar Sanka | 1213d4c | 2017-02-23 22:50:48 +0000 | [diff] [blame] | 1764 | def test_vsg_for_restart_vcpe_instance(self): |
| 1765 | """ |
| 1766 | Algo: |
| 1767 | 1.Create a vSG VM in compute node |
| 1768 | 2.Create a vCPE container in vSG VM |
| 1769 | 3.Ensure vSG VM and vCPE container created properly |
| 1770 | 4.From subscriber, send ping request with valid s-tag and c-tag |
| 1771 | 5.Verify that ping success |
| 1772 | 6.Verify ping success flows in OvS switch in compute node |
| 1773 | 7.Now restart the vCPE container in vSG VM |
| 1774 | 8.Ensure that the container came up after restart |
| 1775 | 9.Repeat step 4 |
| 1776 | 10.Verify that now,ping gets success and flows added in OvS |
| 1777 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 1778 | |
Anil Kumar Sanka | 1213d4c | 2017-02-23 22:50:48 +0000 | [diff] [blame] | 1779 | def test_vsg_for_restart_vsg_vm(self): |
| 1780 | """ |
| 1781 | Algo: |
| 1782 | 1.Create a vSG VM in compute node |
| 1783 | 2.Create a vCPE container in vSG VM |
| 1784 | 3.Ensure vSG VM and vCPE container created properly |
| 1785 | 4.From subscriber, send ping request with valid s-tag and c-tag |
| 1786 | 5.Verify that ping success |
| 1787 | 6.Verify ping success flows in OvS switch in compute node |
| 1788 | 7.Now restart the vSG VM |
| 1789 | 8.Ensure that the vSG comes up properly after restart |
| 1790 | 9.Verify that vCPE container comes up after vSG restart |
| 1791 | 10.Repeat step 4 |
| 1792 | 11.Verify that now,ping gets success and flows added in OvS |
| 1793 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 1794 | |
Anil Kumar Sanka | 1213d4c | 2017-02-23 22:50:48 +0000 | [diff] [blame] | 1795 | def test_vsg_for_pause_vcpe_instance(self): |
| 1796 | """ |
| 1797 | Algo: |
| 1798 | 1.Create a vSG VM in compute node |
| 1799 | 2.Create a vCPE container in vSG VM |
| 1800 | 3.Ensure vSG VM and vCPE container created properly |
| 1801 | 4.From subscriber, send ping request with valid s-tag and c-tag |
| 1802 | 5.Verify that ping success |
| 1803 | 6.Verify ping success flows in OvS switch in compute node |
| 1804 | 7.Now pause vCPE container in vSG VM for a while |
| 1805 | 8.Ensure that the container state is pause |
| 1806 | 9.Repeat step 4 |
| 1807 | 10.Verify that now,ping fails now and verify flows in OvS |
| 1808 | 11.Now resume the container |
| 1809 | 12.Now repeat step 4 again |
| 1810 | 13.Verify that now, ping gets success |
| 1811 | 14.Verify ping success flows in OvS |
| 1812 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 1813 | |
Anil Kumar Sanka | 1213d4c | 2017-02-23 22:50:48 +0000 | [diff] [blame] | 1814 | def test_vsg_for_extract_all_compute_stats_from_all_vcpe_containers(self): |
| 1815 | """ |
| 1816 | Algo: |
| 1817 | 1.Create a vSG VM in compute node |
| 1818 | 2.Create 10 vCPE containers in VM |
| 1819 | 3.Ensure vSG VM and vCPE containers created properly |
| 1820 | 4.Login to all vCPE containers |
| 1821 | 4.Get all compute stats from all vCPE containers |
| 1822 | 5.Verify the stats # verification method need to add |
| 1823 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 1824 | |
Anil Kumar Sanka | 1213d4c | 2017-02-23 22:50:48 +0000 | [diff] [blame] | 1825 | def test_vsg_for_extract_dns_stats_from_all_vcpe_containers(self): |
| 1826 | """ |
| 1827 | Algo: |
| 1828 | 1.Create a vSG VM in compute node |
| 1829 | 2.Create 10 vCPE containers in VM |
| 1830 | 3.Ensure vSG VM and vCPE containers created properly |
| 1831 | 4.From 10 subscribers, send ping to valid and invalid dns hosts |
| 1832 | 5.Verify dns resolves and ping success for valid dns hosts |
| 1833 | 6.Verify ping fails for invalid dns hosts |
| 1834 | 7.Verify dns host name resolve flows in OvS |
| 1835 | 8.Login to all 10 vCPE containers |
| 1836 | 9.Extract all dns stats |
| 1837 | 10.Verify dns stats for queries sent, queries received for dns host resolve success and failed scenarios |
| 1838 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 1839 | |
Anil Kumar Sanka | 1213d4c | 2017-02-23 22:50:48 +0000 | [diff] [blame] | 1840 | def test_vsg_for_subscriber_access_two_vsg_services(self): |
| 1841 | """ |
| 1842 | # Intention is to verify if subscriber can reach internet via two vSG VMs |
| 1843 | Algo: |
| 1844 | 1.Create two vSG VMs for two services in compute node |
| 1845 | 2.Create one vCPE container in each VM for one subscriber |
| 1846 | 3.Ensure VMs and containers created properly |
| 1847 | 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag |
| 1848 | 5.Verify ping gets success |
| 1849 | 6.Verify ping success flows in OvS |
| 1850 | 7.Now repeat step 4 with stag corresponds to vSG-2 VM |
| 1851 | 8.Verify that ping again success |
| 1852 | 9.Verify ping success flows in OvS |
| 1853 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 1854 | |
Anil Kumar Sanka | 1213d4c | 2017-02-23 22:50:48 +0000 | [diff] [blame] | 1855 | def test_vsg_for_subscriber_access_service2_if_service1_goes_down(self): |
| 1856 | """ |
| 1857 | # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down |
| 1858 | Algo: |
| 1859 | 1.Create two vSG VMs for two services in compute node |
| 1860 | 2.Create one vCPE container in each VM for one subscriber |
| 1861 | 3.Ensure VMs and containers created properly |
| 1862 | 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag |
| 1863 | 5.Verify ping gets success |
| 1864 | 6.Verify ping success flows in OvS |
| 1865 | 7.Down the vSG-1 VM |
| 1866 | 8.Now repeat step 4 |
| 1867 | 9.Verify that ping fails as vSG-1 is down |
| 1868 | 10.Repeat step 4 with stag corresponding to vSG-2 |
| 1869 | 9.Verify ping success and flows added in OvS |
| 1870 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 1871 | |
Anil Kumar Sanka | 1213d4c | 2017-02-23 22:50:48 +0000 | [diff] [blame] | 1872 | def test_vsg_for_subscriber_access_service2_if_service1_goes_restart(self): |
| 1873 | """ |
| 1874 | # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts |
| 1875 | Algo: |
| 1876 | 1.Create two vSG VMs for two services in compute node |
| 1877 | 2.Create one vCPE container in each VM for one subscriber |
| 1878 | 3.Ensure VMs and containers created properly |
| 1879 | 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag |
| 1880 | 5.Verify ping gets success |
| 1881 | 6.Verify ping success flows added in OvS |
| 1882 | 7.Now restart vSG-1 VM |
| 1883 | 8.Now repeat step 4 while vSG-1 VM restarts |
| 1884 | 9.Verify that ping fails as vSG-1 is restarting |
| 1885 | 10.Repeat step 4 with stag corresponding to vSG-2 while vSG-1 VM restarts |
| 1886 | 11.Verify ping success and flows added in OvS |
| 1887 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 1888 | |
Anil Kumar Sanka | 1213d4c | 2017-02-23 22:50:48 +0000 | [diff] [blame] | 1889 | def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_goes_down(self): |
| 1890 | """ |
| 1891 | # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down |
| 1892 | Algo: |
| 1893 | 1.Create a vSG VM in compute node |
| 1894 | 2.Create two vCPE containers corresponds to two subscribers in vSG VM |
| 1895 | 3.Ensure VM and containers created properly |
| 1896 | 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag |
| 1897 | 5.Verify ping gets success |
| 1898 | 6.Verify ping success flows added in OvS |
| 1899 | 7.Now stop vCPE-1 container |
| 1900 | 8.Now repeat step 4 |
| 1901 | 9.Verify that ping fails as vCPE-1 container is down |
| 1902 | 10.Repeat step 4 with ctag corresponding to vCPE-2 container |
| 1903 | 11.Verify ping success and flows added in OvS |
| 1904 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 1905 | |
Anil Kumar Sanka | 1213d4c | 2017-02-23 22:50:48 +0000 | [diff] [blame] | 1906 | def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_restart(self): |
| 1907 | """ |
| 1908 | # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts |
| 1909 | Algo: |
| 1910 | 1.Create a vSG VM in compute node |
| 1911 | 2.Create two vCPE containers corresponds to two subscribers in vSG VM |
| 1912 | 3.Ensure VM and containers created properly |
| 1913 | 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag |
| 1914 | 5.Verify ping gets success |
| 1915 | 6.Verify ping success flows added in OvS |
| 1916 | 7.Now restart vCPE-1 container |
| 1917 | 8.Now repeat step 4 while vCPE-1 restarts |
| 1918 | 9.Verify that ping fails as vCPE-1 container is restarts |
| 1919 | 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 restarts |
| 1920 | 11..Verify ping success and flows added in OvS |
| 1921 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 1922 | |
Anil Kumar Sanka | 1213d4c | 2017-02-23 22:50:48 +0000 | [diff] [blame] | 1923 | def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_pause(self): |
| 1924 | """ |
| 1925 | # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 paused |
| 1926 | Algo: |
| 1927 | 1.Create a vSG VM in compute node |
| 1928 | 2.Create two vCPE containers corresponds to two subscribers in vSG VM |
| 1929 | 3.Ensure VM and containers created properly |
| 1930 | 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag |
| 1931 | 5.Verify ping gets success |
| 1932 | 6.Verify ping success flows added in OvS |
| 1933 | 7.Now pause vCPE-1 container |
| 1934 | 8.Now repeat step 4 while vCPE-1 in pause state |
| 1935 | 9.Verify that ping fails as vCPE-1 container in pause state |
| 1936 | 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 in pause state |
| 1937 | 11.Verify ping success and flows added in OvS |
| 1938 | """ |
| 1939 | def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_removed(self): |
| 1940 | """ |
| 1941 | # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 removed |
| 1942 | Algo: |
| 1943 | 1.Create a vSG VM in compute node |
| 1944 | 2.Create two vCPE containers corresponds to two subscribers in vSG VM |
| 1945 | 3.Ensure VM and containers created properly |
| 1946 | 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag |
| 1947 | 5.Verify ping gets success |
| 1948 | 6.Verify ping success flows added in OvS |
| 1949 | 7.Now remove vCPE-1 container |
| 1950 | 8.Now repeat step 4 |
| 1951 | 9.Verify that ping fails as vCPE-1 container removed |
| 1952 | 10.Repeat step 4 with ctag corresponding to vCPE-2 container |
| 1953 | 11.Verify ping success and flows added in OvS |
| 1954 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 1955 | |
Anil Kumar Sanka | 1213d4c | 2017-02-23 22:50:48 +0000 | [diff] [blame] | 1956 | def test_vsg_for_vcpe_instance_removed_and_added_again(self): |
| 1957 | """ |
| 1958 | Algo: |
| 1959 | 1.Create a vSG VM in compute node |
| 1960 | 2.Create a vCPE container in vSG VM |
| 1961 | 3.Ensure VM and containers created properly |
| 1962 | 4.From subscriber end, send ping to public IP |
| 1963 | 5.Verify ping gets success |
| 1964 | 6.Verify ping success flows added in OvS |
| 1965 | 7.Now remove vCPE container in vSG VM |
| 1966 | 8.Now repeat step 4 |
| 1967 | 9.Verify that ping fails as vCPE container removed |
| 1968 | 10.Create the vCPE container again for the same subscriber |
| 1969 | 11.Ensure that vCPE created now |
| 1970 | 12.Now repeat step 4 |
| 1971 | 13.Verify ping success and flows added in OvS |
| 1972 | """ |
A R Karthick | 6375149 | 2017-03-22 09:28:01 -0700 | [diff] [blame] | 1973 | |
Anil Kumar Sanka | 1213d4c | 2017-02-23 22:50:48 +0000 | [diff] [blame] | 1974 | def test_vsg_for_vsg_vm_removed_and_added_again(self): |
| 1975 | """ |
| 1976 | Algo: |
| 1977 | 1.Create a vSG VM in compute node |
| 1978 | 2.Create a vCPE container in vSG VM |
| 1979 | 3.Ensure VM and containers created properly |
| 1980 | 4.From subscriber end, send ping to public IP |
| 1981 | 5.Verify ping gets success |
| 1982 | 6.Verify ping success flows added in OvS |
| 1983 | 7.Now remove vSG VM |
| 1984 | 8.Now repeat step 4 |
| 1985 | 9.Verify that ping fails as vSG VM not exists |
| 1986 | 10.Create the vSG VM and vCPE container in VM again |
| 1987 | 11.Ensure that vSG and vCPE created |
| 1988 | 12.Now repeat step 4 |
| 1989 | 13.Verify ping success and flows added in OvS |
| 1990 | """ |
| 1991 | |
| 1992 | #Test vSG - Subscriber Configuration |
| 1993 | def test_vsg_for_configuring_new_subscriber_in_vcpe(self): |
| 1994 | """ |
| 1995 | Algo: |
| 1996 | 1.Create a vSG VM in compute node |
| 1997 | 2.Create a vCPE container in vSG VM |
| 1998 | 3.Ensure VM and containers created properly |
| 1999 | 4.Configure a subscriber in XOS and assign a service id |
| 2000 | 5.Set the admin privileges to the subscriber |
| 2001 | 6.Verify subscriber configuration is success |
| 2002 | """ |
| 2003 | def test_vsg_for_adding_subscriber_devices_in_vcpe(self): |
| 2004 | """ |
| 2005 | Algo: |
| 2006 | 1.Create a vSG VM in compute node |
| 2007 | 2.Create a vCPE container in vSG VM |
| 2008 | 3.Ensure VM and containers created properly |
| 2009 | 4.Configure a subscriber in XOS and assign a service id |
| 2010 | 5.Verify subscriber successfully configured in vCPE |
| 2011 | 6.Now add devices( Mac addresses ) under the subscriber admin group |
| 2012 | 7.Verify all devices ( Macs ) added successfully |
| 2013 | """ |
| 2014 | def test_vsg_for_removing_subscriber_devices_in_vcpe(self): |
| 2015 | """ |
| 2016 | Algo: |
| 2017 | 1.Create a vSG VM in compute node |
| 2018 | 2.Create a vCPE container in vSG VM |
| 2019 | 3.Ensure VM and containers created properly |
| 2020 | 4.Configure a subscriber in XOS and assign a service id |
| 2021 | 5.Verify subscriber successfully configured |
| 2022 | 6.Now add devices( Mac addresses ) under the subscriber admin group |
| 2023 | 7.Verify all devices ( Macs ) added successfully |
| 2024 | 8.Now remove All the added devices in XOS |
| 2025 | 9.Verify all the devices removed |
| 2026 | """ |
| 2027 | def test_vsg_for_modify_subscriber_devices_in_vcpe(self): |
| 2028 | """ |
| 2029 | Algo: |
| 2030 | 1.Create a vSG VM in compute node |
| 2031 | 2.Create a vCPE container in vSG VM |
| 2032 | 3.Ensure VM and containers created properly |
| 2033 | 4.Configure a user in XOS and assign a service id |
| 2034 | 5.Verify subscriber successfully configured in vCPE. |
| 2035 | 6.Now add devices( Mac addresses ) under the subscriber admin group |
| 2036 | 7.Verify all devices ( Macs ) added successfully |
| 2037 | 8.Now remove few devices in XOS |
| 2038 | 9.Verify devices removed successfully |
| 2039 | 10.Now add few additional devices in XOS under the same subscriber admin group |
| 2040 | 11.Verify newly added devices successfully added |
| 2041 | """ |
| 2042 | def test_vsg_for_vcpe_login_fails_with_incorrect_subscriber_credentials(self): |
| 2043 | """ |
| 2044 | Algo: |
| 2045 | 1.Create a vSG VM in compute node |
| 2046 | 2.Create a vCPE container in vSG VM |
| 2047 | 3.Ensure VM and containers created properly |
| 2048 | 4.Configure a subscriber in XOS and assign a service id |
| 2049 | 5.Verify subscriber successfully configured |
| 2050 | 6.Now add devices( Mac addresses ) under the subscriber admin group |
| 2051 | 7.Verify all devices ( Macs ) added successfully |
| 2052 | 8.Login vCPE with credentials with which subscriber configured |
| 2053 | 9.Verify subscriber successfully logged in |
| 2054 | 10.Logout and login again with incorrect credentials ( either user name or password ) |
| 2055 | 11.Verify login attempt to vCPE fails wtih incorrect credentials |
| 2056 | """ |
| 2057 | def test_vsg_for_subscriber_configuration_in_vcpe_retain_after_vcpe_restart(self): |
| 2058 | """ |
| 2059 | Algo: |
| 2060 | 1.Create a vSG VM in compute node |
| 2061 | 2.Create a vCPE container in vSG VM |
| 2062 | 3.Ensure VM and containers created properly |
| 2063 | 4.Configure a subscriber in XOS and assign a service id |
| 2064 | 5.Verify subscriber successfully configured |
| 2065 | 6.Now add devices( Mac addresses ) under the subscriber admin group |
| 2066 | 7.Verify all devices ( Macs ) added successfully |
| 2067 | 8.Restart vCPE ( locate backup config path while restart ) |
| 2068 | 9.Verify subscriber details in vCPE after restart should be same as before the restart |
| 2069 | """ |
| 2070 | def test_vsg_for_create_multiple_vcpe_instances_and_configure_subscriber_in_each_instance(self): |
| 2071 | """ |
| 2072 | Algo: |
| 2073 | 1.Create a vSG VM in compute node |
| 2074 | 2.Create 2 vCPE containers in vSG VM |
| 2075 | 3.Ensure VM and containers created properly |
| 2076 | 4.Configure a subscriber in XOS for each vCPE instance and assign a service id |
| 2077 | 5.Verify subscribers successfully configured |
| 2078 | 6.Now login vCPE-2 with subscriber-1 credentials |
| 2079 | 7.Verify login fails |
| 2080 | 8.Now login vCPE-1 with subscriber-2 credentials |
| 2081 | 9.Verify login fails |
| 2082 | 10.Now login vCPE-1 with subscriber-1 and vCPE-2 with subscriber-2 credentials |
| 2083 | 11.Verify that both the subscribers able to login to their respective vCPE containers |
| 2084 | """ |
| 2085 | def test_vsg_for_same_subscriber_can_be_configured_for_multiple_services(self): |
| 2086 | """ |
| 2087 | Algo: |
| 2088 | 1.Create 2 vSG VMs in compute node |
| 2089 | 2.Create a vCPE container in each vSG VM |
| 2090 | 3.Ensure VMs and containers created properly |
| 2091 | 4.Configure same subscriber in XOS for each vCPE instance and assign a service id |
| 2092 | 5.Verify subscriber successfully configured |
| 2093 | 6.Now login vCPE-1 with subscriber credentials |
| 2094 | 7.Verify login success |
| 2095 | 8.Now login vCPE-2 with the same subscriber credentials |
| 2096 | 9.Verify login success |
| 2097 | """ |
| 2098 | |
| 2099 | #Test Example Service |
| 2100 | def test_vsg_for_subcriber_avail_example_service_running_in_apache_server(self): |
| 2101 | """ |
| 2102 | Algo: |
| 2103 | 1.Create a vSG VM in compute node |
| 2104 | 2.Create a vCPE container in each vSG VM |
| 2105 | 3.Ensure VM and container created properly |
| 2106 | 4.Configure a subscriber in XOS for the vCPE instance and assign a service id |
| 2107 | 5.On-board an example service into cord pod |
| 2108 | 6.Create a VM in compute node and run the example service ( Apache server ) |
| 2109 | 7.Configure the example service with service specific and subscriber specific messages |
| 2110 | 8.Verify example service on-boarded successfully |
| 2111 | 9.Verify example service running in VM |
| 2112 | 10.Run a curl command from subscriber to reach example service |
| 2113 | 11.Verify subscriber can successfully reach example service via vSG |
| 2114 | 12.Verify that service specific and subscriber specific messages |
| 2115 | """ |
| 2116 | def test_vsg_for_subcriber_avail_example_service_running_in_apache_server_after_service_restart(self): |
| 2117 | """ |
| 2118 | Algo: |
| 2119 | 1.Create a vSG VM in compute node |
| 2120 | 2.Create a vCPE container in each vSG VM |
| 2121 | 3.Ensure VM and container created properly |
| 2122 | 4.Configure a subscriber in XOS for the vCPE instance and assign a service id |
| 2123 | 5.On-board an example service into cord pod |
| 2124 | 6.Create a VM in compute node and run the example service ( Apache server ) |
| 2125 | 7.Configure the example service with service specific and subscriber specific messages |
| 2126 | 8.Verify example service on-boarded successfully |
| 2127 | 9.Verify example service running in VM |
| 2128 | 10.Run a curl command from subscriber to reach example service |
| 2129 | 11.Verify subscriber can successfully reach example service via vSG |
| 2130 | 12.Verify that service specific and subscriber specific messages |
| 2131 | 13.Restart example service running in VM |
| 2132 | 14.Repeat step 10 |
| 2133 | 15.Verify the same results as mentioned in steps 11, 12 |
| 2134 | """ |
| 2135 | |
| 2136 | #vCPE Firewall Functionality |
| 2137 | def test_vsg_firewall_for_creating_acl_rule_based_on_source_ip(self): |
| 2138 | """ |
| 2139 | Algo: |
| 2140 | 1.Create a vSG VM in compute node |
| 2141 | 2.Create vCPE container in the VM |
| 2142 | 3.Ensure vSG VM and vCPE container created properly |
| 2143 | 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP |
| 2144 | 5.Bound the acl rule to WAN interface of vCPE |
| 2145 | 6.Verify configuration in vCPE is success |
| 2146 | 8.Verify flows added in OvS |
| 2147 | """ |
| 2148 | def test_vsg_firewall_for_creating_acl_rule_based_on_destination_ip(self): |
| 2149 | """ |
| 2150 | Algo: |
| 2151 | 1.Create a vSG VM in compute node |
| 2152 | 2.Create vCPE container in the VM |
| 2153 | 3.Ensure vSG VM and vCPE container created properly |
| 2154 | 4.Configure ac acl rule in vCPE to deny IP traffic to a destination ip |
| 2155 | 5.Bound the acl rule to WAN interface of vCPE |
| 2156 | 6.Verify configuration in vCPE is success |
| 2157 | 8.Verify flows added in OvS |
| 2158 | """ |
| 2159 | def test_vsg_firewall_for_acl_deny_rule_based_on_source_ip_traffic(self): |
| 2160 | """ |
| 2161 | Algo: |
| 2162 | 1.Create a vSG VM in compute node |
| 2163 | 2.Create vCPE container in the VM |
| 2164 | 3.Ensure vSG VM and vCPE container created properly |
| 2165 | 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP |
| 2166 | 5.Bound the acl rule to WAN interface of vCPE |
| 2167 | 6.From subscriber, send ping to the denied IP address |
| 2168 | 7.Verify that ping fails as vCPE denies ping response |
| 2169 | 8.Verify flows added in OvS |
| 2170 | """ |
| 2171 | def test_vsg_firewall_for_acl_deny_rule_based_on_destination_ip_traffic(self): |
| 2172 | """ |
| 2173 | Algo: |
| 2174 | 1.Create a vSG VM in compute node |
| 2175 | 2.Create vCPE container in the VM |
| 2176 | 3.Ensure vSG VM and vCPE container created properly |
| 2177 | 4.Configure ac acl rule in vCPE to deny IP traffic to a destination IP |
| 2178 | 5.Bound the acl rule to WAN interface of vCPE |
| 2179 | 6.From subscriber, send ping to the denied IP address |
| 2180 | 7.Verify that ping fails as vCPE drops the ping request at WAN interface |
| 2181 | 8.Verify flows added in OvS |
| 2182 | """ |
Chetan Gaonker | 5241883 | 2017-01-26 23:03:13 +0000 | [diff] [blame] | 2183 | |
| 2184 | def test_vsg_dnsmasq(self): |
| 2185 | pass |
| 2186 | |
| 2187 | def test_vsg_with_external_parental_control_family_shield_for_filter(self): |
| 2188 | pass |
| 2189 | |
| 2190 | def test_vsg_with_external_parental_control_with_answerx(self): |
| 2191 | pass |
| 2192 | |
| 2193 | def test_vsg_for_subscriber_upstream_bandwidth(self): |
| 2194 | pass |
| 2195 | |
| 2196 | def test_vsg_for_subscriber_downstream_bandwidth(self): |
| 2197 | pass |
| 2198 | |
| 2199 | def test_vsg_for_diagnostic_run_of_traceroute(self): |
| 2200 | pass |
| 2201 | |
| 2202 | def test_vsg_for_diagnostic_run_of_tcpdump(self): |
| 2203 | pass |
| 2204 | |
| 2205 | def test_vsg_for_iptable_rules(self): |
| 2206 | pass |
| 2207 | |
| 2208 | def test_vsg_for_iptables_with_neutron(self): |
| 2209 | pass |