Gitiles
Code Review Sign In
gerrit.opencord.org / cord-tester / 50f4d9a75fba0505236e0f607f5459065d362e66 / . / src / test / vsg / vsgTest.py
blob: b8e00142d09d156f34adb557ee5c46cdc65ade04 [file] [log] [blame]
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]1#copyright 2016-present Ciena Corporation
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14#
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]15import time
16import os
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]17import sys
18import json
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]19from nose.tools import *
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]20from twisted.internet import defer
21from nose.twistedtools import reactor, deferred
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]22from CordTestUtils import *
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]23from OltConfig import OltConfig
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]24from onosclidriver import OnosCliDriver
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]25from SSHTestAgent import SSHTestAgent
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]26from CordLogger import CordLogger
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]27from VSGAccess import VSGAccess
A R Karthick933f5b52017-03-27 15:27:16 -0700[diff] [blame]28from CordTestUtils import log_test as log
A.R Karthick50f4d9a2017-04-20 16:44:19 -0700[diff] [blame^]29from CordTestConfig import setup_module
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]30from OnosCtrl import OnosCtrl
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]31
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]32log.setLevel('INFO')
33
34class vsg_exchange(CordLogger):
35 ONOS_INSTANCES = 3
36 V_INF1 = 'veth0'
37 device_id = 'of:' + get_mac()
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]38 TEST_IP = '8.8.8.8'
39 HOST = "10.1.0.1"
40 USER = "vagrant"
41 PASS = "vagrant"
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]42 head_node = os.getenv('HEAD_NODE', 'prod')
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]43 HEAD_NODE = head_node + '.cord.lab' if len(head_node.split('.')) == 1 else head_node
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]44 test_path = os.path.dirname(os.path.realpath(__file__))
45 olt_conf_file = os.path.join(test_path, '..', 'setup/olt_config.json')
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]46 restApiXos = None
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]47 subscriber_account_num = 200
48 subscriber_s_tag = 304
49 subscriber_c_tag = 304
50 subscribers_per_s_tag = 8
51 subscriber_map = {}
A R Karthick9a16a112017-04-07 15:40:05 -0700[diff] [blame]52 restore_methods = []
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]53 TIMEOUT=120
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]54 FABRIC_PORT_HEAD_NODE = 1
55 FABRIC_PORT_COMPUTE_NODE = 2
56 APP_NAME = 'org.ciena.xconnect'
57 APP_FILE = os.path.join(test_path, '..', 'apps/xconnect-1.0-SNAPSHOT.oar')
A.R Karthick50f4d9a2017-04-20 16:44:19 -0700[diff] [blame^]58 NUM_SUBSCRIBERS = 5
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]59
60 @classmethod
61 def getSubscriberCredentials(cls, subId):
62 """Generate our own account num, s_tag and c_tags"""
63 if subId in cls.subscriber_map:
64 return cls.subscriber_map[subId]
65 account_num = cls.subscriber_account_num
66 cls.subscriber_account_num += 1
67 s_tag, c_tag = cls.subscriber_s_tag, cls.subscriber_c_tag
68 cls.subscriber_c_tag += 1
69 if cls.subscriber_c_tag % cls.subscribers_per_s_tag == 0:
70 cls.subscriber_s_tag += 1
71 cls.subscriber_map[subId] = account_num, s_tag, c_tag
72 return cls.subscriber_map[subId]
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]73
74 @classmethod
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]75 def getXosCredentials(cls):
76 onos_cfg = OnosCtrl.get_config()
77 if onos_cfg is None:
78 return None
79 if 'apps' in onos_cfg and \
80 'org.opencord.vtn' in onos_cfg['apps'] and \
81 'cordvtn' in onos_cfg['apps']['org.opencord.vtn'] and \
82 'xos' in onos_cfg['apps']['org.opencord.vtn']['cordvtn']:
83 xos_cfg = onos_cfg['apps']['org.opencord.vtn']['cordvtn']['xos']
84 endpoint = xos_cfg['endpoint']
85 user = xos_cfg['user']
86 password = xos_cfg['password']
87 xos_endpoints = endpoint.split(':')
88 xos_host = xos_endpoints[1][len('//'):]
89 xos_port = xos_endpoints[2][:-1]
90 #log.info('xos_host: %s, port: %s, user: %s, password: %s' %(xos_host, xos_port, user, password))
91 return dict(host = xos_host, port = xos_port, user = user, password = password)
92
93 return None
94
95 @classmethod
A.R Karthick50f4d9a2017-04-20 16:44:19 -0700[diff] [blame^]96 def getSubscriberConfig(cls, num_subscribers):
97 features = {
98 'cdn': True,
99 'uplink_speed': 1000000000,
100 'downlink_speed': 1000000000,
101 'uverse': True,
102 'status': 'enabled'
103 }
104 subscriber_map = []
105 for i in xrange(num_subscribers):
106 subId = 'sub{}'.format(i)
107 account_num, _, _ = cls.getSubscriberCredentials(subId)
108 identity = { 'account_num' : str(account_num),
109 'name' : 'My House {}'.format(i)
110 }
111 sub_info = { 'features' : features,
112 'identity' : identity
113 }
114 subscriber_map.append(sub_info)
115
116 return subscriber_map
117
118 @classmethod
119 def getVoltSubscriberConfig(cls, num_subscribers):
120 voltSubscriberMap = []
121 for i in xrange(num_subscribers):
122 subId = 'sub{}'.format(i)
123 account_num, s_tag, c_tag = cls.getSubscriberCredentials(subId)
124 voltSubscriberInfo = {}
125 voltSubscriberInfo['voltTenant'] = dict(s_tag = str(s_tag),
126 c_tag = str(c_tag),
127 subscriber = '')
128 voltSubscriberInfo['account_num'] = account_num
129 voltSubscriberMap.append(voltSubscriberInfo)
130
131 return voltSubscriberMap
132
133 @classmethod
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]134 def setUpCordApi(cls):
135 our_path = os.path.dirname(os.path.realpath(__file__))
136 cord_api_path = os.path.join(our_path, '..', 'cord-api')
137 framework_path = os.path.join(cord_api_path, 'Framework')
138 utils_path = os.path.join(framework_path, 'utils')
139 data_path = os.path.join(cord_api_path, 'Tests', 'data')
140 subscriber_cfg = os.path.join(data_path, 'Subscriber.json')
141 volt_tenant_cfg = os.path.join(data_path, 'VoltTenant.json')
142
A.R Karthick50f4d9a2017-04-20 16:44:19 -0700[diff] [blame^]143 cls.subscriber_info = cls.getSubscriberConfig(cls.NUM_SUBSCRIBERS)
144 cls.volt_subscriber_info = cls.getVoltSubscriberConfig(cls.NUM_SUBSCRIBERS)
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]145
146 sys.path.append(utils_path)
147 sys.path.append(framework_path)
148 from restApi import restApi
149 restApiXos = restApi()
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]150 xos_credentials = cls.getXosCredentials()
151 if xos_credentials is None:
152 restApiXos.controllerIP = cls.HEAD_NODE
153 restApiXos.controllerPort = '9000'
154 else:
155 restApiXos.controllerIP = xos_credentials['host']
156 restApiXos.controllerPort = xos_credentials['port']
157 restApiXos.user = xos_credentials['user']
158 restApiXos.password = xos_credentials['password']
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]159 cls.restApiXos = restApiXos
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]160
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]161 @classmethod
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]162 def closeVCPEAccess(cls, vcpes):
163 return
164 OnosCtrl.uninstall_app(cls.APP_NAME, onos_ip = cls.HEAD_NODE)
165
166 @classmethod
167 def openVCPEAccess(cls, vcpes):
168 """
169 This code works below to configure the leaf switch.
170 But it needs the olt_config.json to be modified to not overlap with existing/default vcpes.
171 That is to avoid overwriting the flows already provisioned for eg: for 222 vcpe.
172 (default and created on CiaB).
173 So returning for now with a no-op
174 """
175 return
176 OnosCtrl.install_app(cls.APP_FILE, onos_ip = cls.HEAD_NODE)
177 time.sleep(2)
178 s_tags = map(lambda vcpe: int(vcpe['s_tag']), vcpes)
179 devices = OnosCtrl.get_device_ids(controller = cls.HEAD_NODE)
180 device_config = {}
181 for device in devices:
182 device_config[device] = []
183 for s_tag in s_tags:
184 xconnect_config = {'vlan': s_tag, 'ports' : [ cls.FABRIC_PORT_HEAD_NODE, cls.FABRIC_PORT_COMPUTE_NODE ] }
185 device_config[device].append(xconnect_config)
186
187 cfg = { 'apps' : { 'org.ciena.xconnect' : { 'xconnectTestConfig' : device_config } } }
188 OnosCtrl.config(cfg, controller = cls.HEAD_NODE)
189
190 @classmethod
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]191 def setUpClass(cls):
192 cls.controllers = get_controllers()
193 cls.controller = cls.controllers[0]
194 cls.cli = None
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]195 cls.olt = OltConfig(olt_conf_file = cls.olt_conf_file)
196 cls.vcpes = cls.olt.get_vcpes()
197 cls.vcpes_dhcp = cls.olt.get_vcpes_by_type('dhcp')
198 vcpe_dhcp = None
199 vcpe_dhcp_stag = None
200 vcpe_container = None
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]201 cls.on_podd = running_on_podd()
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]202 #cache the first dhcp vcpe in the class for quick testing
203 if cls.vcpes_dhcp:
204 vcpe_container = 'vcpe-{}-{}'.format(cls.vcpes_dhcp[0]['s_tag'], cls.vcpes_dhcp[0]['c_tag'])
205 vcpe_dhcp = 'vcpe0.{}.{}'.format(cls.vcpes_dhcp[0]['s_tag'], cls.vcpes_dhcp[0]['c_tag'])
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]206 if cls.on_podd is False:
A R Karthick3d5ff792017-04-12 16:53:27 -0700[diff] [blame]207 vcpe_dhcp = 'vcpe0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]208 vcpe_dhcp_stag = 'vcpe0.{}'.format(cls.vcpes_dhcp[0]['s_tag'])
209 cls.vcpe_container = vcpe_container
210 cls.vcpe_dhcp = vcpe_dhcp
211 cls.vcpe_dhcp_stag = vcpe_dhcp_stag
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]212 VSGAccess.setUp()
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]213 cls.setUpCordApi()
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]214 if cls.on_podd is True:
215 cls.openVCPEAccess(cls.vcpes_dhcp)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]216
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]217 @classmethod
218 def tearDownClass(cls):
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]219 VSGAccess.tearDown()
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]220 if cls.on_podd is True:
221 cls.closeVCPEAccess(cls.vcpes_dhcp)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]222
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]223 def cliEnter(self, controller = None):
224 retries = 0
225 while retries < 30:
226 self.cli = OnosCliDriver(controller = controller, connect = True)
227 if self.cli.handle:
228 break
229 else:
230 retries += 1
231 time.sleep(2)
232
233 def cliExit(self):
234 self.cli.disconnect()
235
236 def onos_shutdown(self, controller = None):
237 status = True
238 self.cliEnter(controller = controller)
239 try:
240 self.cli.shutdown(timeout = 10)
241 except:
242 log.info('Graceful shutdown of ONOS failed for controller: %s' %controller)
243 status = False
244
245 self.cliExit()
246 return status
247
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]248 def log_set(self, level = None, app = 'org.onosproject'):
249 CordLogger.logSet(level = level, app = app, controllers = self.controllers, forced = True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]250
A R Karthick9a16a112017-04-07 15:40:05 -0700[diff] [blame]251 @classmethod
252 def get_dhcp(cls, vcpe, mgmt = 'eth0'):
253 """Get DHCP for vcpe interface saving management settings"""
254
255 def put_dhcp():
256 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
257
258 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
259 if vcpe_ip is not None:
260 cls.restore_methods.append(put_dhcp)
261 return vcpe_ip
262
263 @classmethod
264 def config_restore(cls):
265 """Restore the vsg test configuration on test case failures"""
266 for restore_method in cls.restore_methods:
267 restore_method()
268
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]269 def get_vsg_vcpe_pair(self):
270 vcpes = self.vcpes_dhcp
271 vcpe_containers = []
272 vsg_vcpe = {}
273 for vcp in vcpes:
274 vcpe_container = 'vcpe-{}-{}'.format(vcp['s_tag'], vcp['c_tag'])
275 vcpe_containers.append(vcpe_container)
276 vsg = VSGAccess.get_vcpe_vsg(vcpe_container)
277 vsg_vcpe[vcpe_container]=str(vsg.get_ip())
278 return vsg_vcpe
279
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]280 def get_vcpe_containers_and_interfaces(self):
281 vcpe_containers = {}
282 vcpe_interfaces = []
283 vcpes = self.vcpes_dhcp
284 count = 0
285 for vcpe in vcpes:
286 vcpe_intf = 'vcpe{}.{}.{}'.format(count,vcpe['s_tag'],vcpe['c_tag'])
287 vcpe_interfaces.append(vcpe_intf)
288 vcpe_container = 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag'])
289 vcpe_containers[vcpe_intf] = vcpe_container
290 count += 1
291 log.info('vcpe interfaces are %s'%vcpe_interfaces)
292 log.info('vcpe containers are %s'%vcpe_containers)
293 return vcpe_interfaces,vcpe_containers
294
295 def get_vcpe_interface_dhcp_ip(self,vcpe=None):
296 if not vcpe:
297 vcpe = self.vcpe_dhcp
298 st, _ = getstatusoutput('dhclient {}'.format(vcpe))
299 vcpe_ip = get_ip(vcpe)
300 return vcpe_ip
301
302 def release_vcpe_interface_dhcp_ip(self,vcpe=None):
303 if not vcpe:
304 vcpe = self.vcpe_dhcp
305 st, _ = getstatusoutput('dhclient {} -r'.format(vcpe))
306 vcpe_ip = get_ip(vcpe)
307 assert_equal(vcpe_ip, None)
308
309 def add_static_route_via_vcpe_interface(self, routes, vcpe=None,dhcp_ip=True):
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]310 if not vcpe:
311 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]312 if dhcp_ip:
313 os.system('dhclient '+vcpe)
314 time.sleep(1)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]315 for route in routes:
316 log.info('route is %s'%route)
317 cmd = 'ip route add ' + route + ' via 192.168.0.1 '+ 'dev ' + vcpe
318 cmds.append(cmd)
319 for cmd in cmds:
320 os.system(cmd)
321 return True
322
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]323 def del_static_route_via_vcpe_interface(self,routes,vcpe=None,dhcp_release=True):
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]324 if not vcpe:
325 vcpe = self.vcpe_dhcp
326 cmds = []
327 for route in routes:
328 cmd = 'ip route del ' + route + ' via 192.168.0.1 ' + 'dev ' + vcpe
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]329 os.system(cmd)
330 if dhcp_release:
331 os.system('dhclient '+vcpe+' -r')
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]332 return True
333
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]334 def test_vsg_multiple_subscribers_for_same_vcpe_instace(self):
335 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
336 for vcpe in vcpe_intfs:
337 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
338 assert_not_equal(vcpe_ip,None)
339 for vcpe in vcpe_intfs:
340 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
341
342 def test_vsg_multiple_subscribers_for_same_vcpe_instance_ping_to_external_connectivity(self):
343 host = '8.8.8.8'
344 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
345 for vcpe in vcpe_intfs:
346 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
347 assert_not_equal(vcpe_ip,None)
348 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe,dhcp_ip=False)
349 st, _ = getstatusoutput('ping -I {} -c 3 {}'.format(vcpe,host))
350 assert_equal(st, 0)
351 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe,dhcp_release=False)
352 for vcpe in vcpe_intfs:
353 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
354
355 def test_vsg_vcpe_interface_gets_dhcp_ip_after_interface_toggle(self):
356 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
357 for vcpe in vcpe_intfs:
358 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
359 assert_not_equal(vcpe_ip,None)
360 os.system('ifconfig {} down'.format(vcpe))
361 time.sleep(1)
362 os.system('ifconfig {} up'.format(vcpe))
363 time.sleep(1)
364 vcpe_ip2 = get_ip(vcpe)
365 assert_equal(vcpe_ip2,vcpe_ip)
366 for vcpe in vcpe_intfs:
367 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
368
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]369
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]370 def test_vsg_health(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]371 """
372 Algo:
373 1. Login to compute node VM
374 2. Get all vSGs
375 3. Ping to all vSGs
376 4. Verifying Ping success
377 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]378 status = True
379 if self.on_podd is True:
380 status = VSGAccess.health_check()
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]381 assert_equal(status, True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]382
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]383 def test_vsg_health_check(self, vsg_name='mysite_vsg-1', verify_status=True):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]384 """
385 Algo:
386 1. If vsg name not specified, Get vsg corresponding to vcpe
387 1. Login to compute mode VM
388 3. Ping to the vSG
389 4. Verifying Ping success
390 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]391 if self.on_podd is False:
392 return
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]393 if not vsg_name:
394 vcpe = self.vcpe_container
395 vsg = VSGAccess.get_vcpe_vsg(vcpe)
396 status = vsg.get_health()
397 assert_equal(status, verify_status)
398 else:
399 vsgs = VSGAccess.get_vsgs()
400 status = None
401 for vsg in vsgs:
402 if vsg.name == vsg_name:
403 status = vsg.get_health()
404 log.info('vsg health check status is %s'%status)
405 assert_equal(status,verify_status)
406
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]407 @deferred(TIMEOUT)
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]408 def test_vsg_for_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]409 """
410 Algo:
411 1. Get list of all compute nodes created using Openstack
412 2. Login to compute mode VM
413 3. Get all vSGs
414 4. Verifying atleast one compute node and one vSG created
415 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]416 df = defer.Deferred()
417 def vsg_for_vcpe_df(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]418 if self.on_podd is True:
419 vsgs = VSGAccess.get_vsgs()
420 compute_nodes = VSGAccess.get_compute_nodes()
421 time.sleep(14)
422 assert_not_equal(len(vsgs), 0)
423 assert_not_equal(len(compute_nodes), 0)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]424 df.callback(0)
425 reactor.callLater(0,vsg_for_vcpe_df,df)
426 return df
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]427
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]428 def test_vsg_for_login(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]429 """
430 Algo:
431 1. Login to compute node VM
432 2. Get all vSGs
433 3. Verifying login to vSG is success
434 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]435 if self.on_podd is False:
436 return
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]437 vsgs = VSGAccess.get_vsgs()
438 vsg_access_status = map(lambda vsg: vsg.check_access(), vsgs)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]439 status = filter(lambda st: st == False, vsg_access_status)
440 assert_equal(len(status), 0)
441
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]442 def test_vsg_for_default_route_through_testclient(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]443 """
444 Algo:
445 1. Login to head node
446 2. Verifying for default route in lxc test client
447 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]448 if self.on_podd is False:
449 return
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]450 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
451 cmd = "sudo lxc exec testclient -- route | grep default"
452 status, output = ssh_agent.run_cmd(cmd)
453 assert_equal(status, True)
454
455 def test_vsg_for_external_connectivity_through_testclient(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]456 """
457 Algo:
458 1. Login to head node
459 2. On head node, executing ping to 8.8.8.8 from lxc test client
460 3. Verifying for the ping success
461 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]462 if self.on_podd is False:
463 return
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]464 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
465 cmd = "lxc exec testclient -- ping -c 3 8.8.8.8"
466 status, output = ssh_agent.run_cmd(cmd)
467 assert_equal( status, True)
468
469 def test_vsg_for_external_connectivity(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]470 """
471 Algo:
472 1. Get dhcp IP to vcpe interface in cord-tester
473 2. Verifying vcpe interface gets dhcp IP
474 3. Ping to 8.8.8.8 and Verifying ping should success
475 4. Restoring management interface configuration in cord-tester
476 """
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]477 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]478 mgmt = 'eth0'
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]479 host = '8.8.8.8'
480 self.success = False
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]481 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]482 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]483 assert_not_equal(vcpe_ip, None)
484 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
485 log.info('Sending icmp echo requests to external network 8.8.8.8')
486 st, _ = getstatusoutput('ping -c 3 8.8.8.8')
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]487 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]488 assert_equal(st, 0)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]489
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]490 def test_vsg_for_external_connectivity_to_google(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]491 """
492 Algo:
493 1. Get dhcp IP to vcpe interface in cord-tester
494 2. Verifying vcpe interface gets dhcp IP
495 3. Ping to www.google.com and Verifying ping should success
496 4. Restoring management interface configuration in cord-tester
497 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]498 host = 'www.google.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]499 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]500 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]501 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]502 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]503 assert_not_equal(vcpe_ip, None)
504 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
505 log.info('Sending icmp ping requests to %s' %host)
506 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]507 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]508 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]509
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]510 def test_vsg_for_external_connectivity_to_invalid_host(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]511 """
512 Algo:
513 1. Get dhcp IP to vcpe interface in cord-tester
514 2. Verifying vcpe interface gets dhcp IP
515 3. Ping to www.goglee.com and Verifying ping should not success
516 4. Restoring management interface configuration in cord-tester
517 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]518 host = 'www.goglee.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]519 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]520 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]521 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]522 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]523 assert_not_equal(vcpe_ip, None)
524 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
525 log.info('Sending icmp ping requests to non existent host %s' %host)
526 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]527 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]528 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]529
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]530 def test_vsg_for_external_connectivity_with_ttl_1(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]531 """
532 Algo:
533 1. Get dhcp IP to vcpe interface in cord-tester
534 2. Verifying vcpe interface gets dhcp IP
535 3. Ping to 8.8.8.8 with ttl set to 1
536 4. Verifying ping should not success
537 5. Restoring management interface configuration in cord-tester
538 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]539 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]540 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]541 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]542 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]543 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]544 assert_not_equal(vcpe_ip, None)
545 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
546 log.info('Sending icmp ping requests to host %s with ttl 1' %host)
547 st, _ = getstatusoutput('ping -c 1 -t 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]548 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]549 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]550
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]551 def test_vsg_for_external_connectivity_with_wan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]552 """
553 Algo:
554 1. Get dhcp IP to vcpe interface in cord-tester
555 2. Verifying vcpe interface gets dhcp IP
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]556 3. Ping to 8.8.8.8 and Verifying ping succeeds
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]557 4. Now down the WAN interface of vcpe
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]558 5. Ping to 8.8.8.8 and Verifying ping fails
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]559 6. Now Up the WAN interface of vcpe
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]560 7. Ping to 8.8.8.8 and Verifying ping succeeds
561 8. Restoring management interface configuration in cord-tester
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]562 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]563 if self.on_podd is False:
564 return
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]565 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]566 mgmt = 'eth0'
567 vcpe = self.vcpe_container
568 assert_not_equal(vcpe, None)
569 assert_not_equal(self.vcpe_dhcp, None)
570 #first get dhcp on the vcpe interface
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]571 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
572 assert_not_equal(vcpe_ip, None)
573 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
574 log.info('Sending ICMP pings to host %s' %(host))
575 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
576 if st != 0:
577 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
578 assert_equal(st, 0)
579 #bring down the wan interface and check again
580 st = VSGAccess.vcpe_wan_down(vcpe)
581 if st is False:
582 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
583 assert_equal(st, True)
584 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
585 if st == 0:
586 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
587 assert_not_equal(st, 0)
588 st = VSGAccess.vcpe_wan_up(vcpe)
589 if st is False:
590 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
591 assert_equal(st, True)
592 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
593 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
594 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]595
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]596 def test_vsg_for_external_connectivity_with_lan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]597 """
598 Algo:
599 1. Get dhcp IP to vcpe interface in cord-tester
600 2. Verifying vcpe interface gets dhcp IP
601 3. Ping to 8.8.8.8 and Verifying ping should success
602 4. Now down the LAN interface of vcpe
603 5. Ping to 8.8.8.8 and Verifying ping should not success
604 6. Now Up the LAN interface of vcpe
605 7. Ping to 8.8.8.8 and Verifying ping should success
606 8. Restoring management interface configuration in cord-tester
607 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]608 if self.on_podd is False:
609 return
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]610 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]611 mgmt = 'eth0'
612 vcpe = self.vcpe_container
613 assert_not_equal(vcpe, None)
614 assert_not_equal(self.vcpe_dhcp, None)
615 #first get dhcp on the vcpe interface
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]616 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
617 assert_not_equal(vcpe_ip, None)
618 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
619 log.info('Sending ICMP pings to host %s' %(host))
620 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
621 if st != 0:
622 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
623 assert_equal(st, 0)
624 #bring down the lan interface and check again
625 st = VSGAccess.vcpe_lan_down(vcpe)
626 if st is False:
627 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
628 assert_equal(st, True)
629 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
630 if st == 0:
631 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
632 assert_not_equal(st, 0)
633 st = VSGAccess.vcpe_lan_up(vcpe)
634 if st is False:
635 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
636 assert_equal(st, True)
637 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
638 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
639 assert_equal(st, 0)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]640
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]641 @deferred(TIMEOUT)
642 def test_vsg_for_external_connectivity_with_vcpe_container_paused(self,vcpe_name=None,vcpe_intf=None):
643 """
644 Algo:
645 1. Get vSG corresponding to vcpe
646 2. Get dhcp ip to vcpe interface
647 3. Add static route to destination route in test container
648 4. From test container ping to destination route and verify ping success
649 5. Login to compute node and execute command to pause vcpe container
650 6. From test container ping to destination route and verify ping success
651 """
652 if not vcpe_name:
653 vcpe_name = self.vcpe_container
654 if not vcpe_intf:
655 vcpe_intf = self.vcpe_dhcp
656 df = defer.Deferred()
657 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]658 if self.on_podd is False:
659 df.callback(0)
660 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]661 host = '8.8.8.8'
662 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
663 try:
664 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
665 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
666 assert_equal(st, False)
667 st, _ = vsg.run_cmd('sudo docker pause {}'.format(vcpe_name))
668 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
669 assert_equal(st, False)
670 finally:
671 vsg.run_cmd('sudo docker unpause'.format(vcpe_name))
672 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
673 df.callback(0)
674 reactor.callLater(0, vcpe_firewall, df)
675 return df
676
677 @deferred(TIMEOUT)
678 def test_vsg_firewall_with_deny_destination_ip(self, vcpe_name=None, vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]679 """
680 Algo:
681 1. Get vSG corresponding to vcpe
682 2. Login to compute node
683 3. Execute iptable command on vcpe from compute node to deny a destination IP
684 4. From cord-tester ping to the denied IP address
685 5. Verifying that ping should not be successful
686 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]687 if not vcpe_name:
688 vcpe_name = self.vcpe_container
689 if not vcpe_intf:
690 vcpe_intf = self.vcpe_dhcp
691 df = defer.Deferred()
692 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]693 if self.on_podd is False:
694 df.callback(0)
695 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]696 host = '8.8.8.8'
697 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
698 try:
699 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
700 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
701 assert_equal(st, False)
702 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
703 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
704 assert_equal(st, True)
705 finally:
706 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
707 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
708 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
709 df.callback(0)
710 reactor.callLater(0, vcpe_firewall, df)
711 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]712
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]713 @deferred(TIMEOUT)
714 def test_vsg_firewall_with_rule_add_and_delete_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]715 """
716 Algo:
717 1. Get vSG corresponding to vcpe
718 2. Login to compute node
719 3. Execute iptable command on vcpe from compute node to deny a destination IP
720 4. From cord-tester ping to the denied IP address
721 5. Verifying that ping should not be successful
722 6. Delete the iptable rule in vcpe
723 7. From cord-tester ping to the denied IP address
724 8. Verifying the ping should success
725 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]726 if not vcpe_name:
727 vcpe_name = self.vcpe_container
728 if not vcpe_intf:
729 vcpe_intf = self.vcpe_dhcp
730 df = defer.Deferred()
731 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]732 if self.on_podd is False:
733 df.callback(0)
734 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]735 host = '8.8.8.8'
736 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
737 try:
738 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
739 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
740 assert_equal(st, False)
741 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
742 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
743 assert_equal(st, True)
744 st,_ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
745 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
746 assert_equal(st, False)
747 finally:
748 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
749 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
750 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
751 df.callback(0)
752 reactor.callLater(0, vcpe_firewall, df)
753 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]754
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]755 @deferred(TIMEOUT)
756 def test_vsg_firewall_verifying_reachability_for_non_blocked_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]757 """
758 Algo:
759 1. Get vSG corresponding to vcpe
760 2. Login to compute node
761 3. Execute iptable command on vcpe from compute node to deny a destination IP
762 4. From cord-tester ping to the denied IP address
763 5. Verifying that ping should not be successful
764 6. From cord-tester ping to the denied IP address other than the denied one
765 7. Verifying the ping should success
766 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]767 if not vcpe_name:
768 vcpe_name = self.vcpe_container
769 if not vcpe_intf:
770 vcpe_intf = self.vcpe_dhcp
771 df = defer.Deferred()
772 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]773 if self.on_podd is False:
774 df.callback(0)
775 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]776 host1 = '8.8.8.8'
777 host2 = '204.79.197.203'
778 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
779 try:
780 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
781 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
782 assert_equal(st, False)
783 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
784 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
785 assert_equal(st, True)
786 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
787 assert_equal(st,False)
788 finally:
789 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
790 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
791 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
792 df.callback(0)
793 reactor.callLater(0, vcpe_firewall, df)
794 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]795
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]796 @deferred(TIMEOUT)
797 def test_vsg_firewall_appending_rules_with_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]798 """
799 Algo:
800 1. Get vSG corresponding to vcpe
801 2. Login to compute node
802 3. Execute iptable command on vcpe from compute node to deny a destination IP1
803 4. From cord-tester ping to the denied IP address IP1
804 5. Verifying that ping should not be successful
805 6. Execute iptable command on vcpe from compute node to deny a destination IP2
806 6. From cord-tester ping to the denied IP address IP2
807 7. Verifying that ping should not be successful
808 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]809 if not vcpe_name:
810 vcpe_name = self.vcpe_container
811 if not vcpe_intf:
812 vcpe_intf = self.vcpe_dhcp
813 df = defer.Deferred()
814 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]815 if self.on_podd is False:
816 df.callback(0)
817 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]818 host1 = '8.8.8.8'
819 host2 = '204.79.197.203'
820 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
821 try:
822 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
823 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
824 assert_equal(st, False)
825 st,_ = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name))
826 time.sleep(2)
827 st,_ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
828 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
829 assert_equal(st, True)
830 st, out = getstatusoutput('ping -c 1 {}'.format(host2))
831 log.info('host2 ping output is %s'%out)
832 assert_equal(st, False)
833 st, _ = vsg.run_cmd('sudo docker exec {} iptables -A FORWARD -d {} -j DROP'.format(vcpe_name,host2))
834 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
835 assert_equal(st,True)
836 finally:
837 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
838 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
839 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
840 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
841 df.callback(0)
842 reactor.callLater(0, vcpe_firewall, df)
843 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]844
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]845 @deferred(TIMEOUT)
846 def test_vsg_firewall_removing_one_rule_denying_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]847 """
848 Algo:
849 1. Get vSG corresponding to vcpe
850 2. Login to compute node
851 3. Execute iptable command on vcpe from compute node to deny a destination IP1
852 4. Execute iptable command on vcpe from compute node to deny a destination IP2
853 5. From cord-tester ping to the denied IP address IP1
854 6. Verifying that ping should not be successful
855 7. From cord-tester ping to the denied IP address IP2
856 8. Verifying that ping should not be successful
857 9. Execute iptable command on vcpe from compute node to remove deny a destination IP2 rule
858 10. From cord-tester ping to the denied IP address IP2
859 11. Verifying the ping should success
860 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]861 if not vcpe_name:
862 vcpe_name = self.vcpe_container
863 if not vcpe_intf:
864 vcpe_intf = self.vcpe_dhcp
865 df = defer.Deferred()
866 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]867 if self.on_podd is False:
868 df.callback(0)
869 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]870 host1 = '8.8.8.8'
871 host2 = '204.79.197.203'
872 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
873 try:
874 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp)
875 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
876 assert_equal(st, False)
877 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
878 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host2))
879 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
880 assert_equal(st, True)
881 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
882 assert_equal(st,True)
883 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
884 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
885 assert_equal(st,False)
886 finally:
887 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
888 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
889 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
890 log.info('restarting vcpe container')
891 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
892 df.callback(0)
893 reactor.callLater(0, vcpe_firewall, df)
894 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]895
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]896 @deferred(TIMEOUT)
897 def test_vsg_firewall_changing_rule_id_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]898 """
899 Algo:
900 1. Get vSG corresponding to vcpe
901 2. Login to compute node
902 3. Execute iptable command on vcpe from compute node to deny a destination IP
903 5. From cord-tester ping to the denied IP address IP1
904 6. Verifying that ping should not be successful
905 9. Execute iptable command on vcpe from compute node to change the rule ID to 2 to deny the same destination IP
906 10. From cord-tester ping to the denied IP address IP
907 11. Verifying that ping should not be successful
908 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]909 if not vcpe_name:
910 vcpe_name = self.vcpe_container
911 if not vcpe_intf:
912 vcpe_intf = self.vcpe_dhcp
913 df = defer.Deferred()
914 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]915 if self.on_podd is False:
916 df.callback(0)
917 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]918 host = '8.8.8.8'
919 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
920 try:
921 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
922 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
923 assert_equal(st, False)
924 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
925 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
926 assert_equal(st, True)
927 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP '.format(vcpe_name,host))
928 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
929 assert_equal(st,True)
930 finally:
931 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
932 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
933 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
934 df.callback(0)
935 reactor.callLater(0, vcpe_firewall, df)
936 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]937
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]938 @deferred(TIMEOUT)
939 def test_vsg_firewall_changing_deny_rule_to_accept_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]940 """
941 Algo:
942 1. Get vSG corresponding to vcpe
943 2. Login to compute node
944 3. Execute iptable command on vcpe from compute node to deny a destination IP
945 5. From cord-tester ping to the denied IP address IP1
946 6. Verifying that ping should not be successful
947 9. Execute iptable command on vcpe from compute node to accept the same destination IP
948 10. From cord-tester ping to the accepted IP
949 11. Verifying the ping should success
950 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]951 if not vcpe_name:
952 vcpe_name = self.vcpe_container
953 if not vcpe_intf:
954 vcpe_intf = self.vcpe_dhcp
955 df = defer.Deferred()
956 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]957 if self.on_podd is False:
958 df.callback(0)
959 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]960 host = '8.8.8.8'
961 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
962 try:
963 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
964 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
965 assert_equal(st, False)
966 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
967 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
968 assert_equal(st, True)
969 st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -d {} -j ACCEPT'.format(vcpe_name,host))
970 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
971 assert_equal(st,False)
972 finally:
973 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
974 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j ACCEPT'.format(vcpe_name,host))
975 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
976 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
977 df.callback(0)
978 reactor.callLater(0, vcpe_firewall, df)
979 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]980
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]981 @deferred(TIMEOUT) #Fail
982 def test_vsg_firewall_denying_destination_network(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]983 """
984 Algo:
985 1. Get vSG corresponding to vcpe
986 2. Login to compute node
987 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet
988 4. From cord-tester ping to the denied IP address IP1 in the denied subnet
989 5. Verifying that ping should not be successful
990 6. From cord-tester ping to the denied IP address IP2 in the denied subnet
991 7. Verifying that ping should not be successful
992 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]993 if not vcpe_name:
994 vcpe_name = self.vcpe_container
995 if not vcpe_intf:
996 vcpe_intf = self.vcpe_dhcp
997 df = defer.Deferred()
998 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]999 if self.on_podd is False:
1000 df.callback(0)
1001 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1002 network = '204.79.197.192/28'
1003 host1 = '204.79.197.203'
1004 host2 = '204.79.197.210'
1005 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1006 try:
1007 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp)
1008 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1009 assert_equal(st, False)
1010 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network))
1011 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1012 assert_equal(st, True)
1013 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1014 assert_equal(st,False)
1015 finally:
1016 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network))
1017 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
1018 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1019 df.callback(0)
1020 reactor.callLater(0, vcpe_firewall, df)
1021 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1022
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1023 @deferred(TIMEOUT)
1024 def test_vsg_firewall_denying_destination_network_subnet_modification(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1025 """
1026 Algo:
1027 1. Get vSG corresponding to vcpe
1028 2. Login to compute node
1029 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet
1030 4. From cord-tester ping to the denied IP address IP1 in the denied subnet
1031 5. Verifying that ping should not be successful
1032 6. From cord-tester ping to the denied IP address IP2 in the denied subnet
1033 7. Verifying that ping should not be successful
1034 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1035 if not vcpe_name:
1036 vcpe_name = self.vcpe_container
1037 if not vcpe_intf:
1038 vcpe_intf = self.vcpe_dhcp
1039 df = defer.Deferred()
1040 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1041 if self.on_podd is False:
1042 df.callback(0)
1043 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1044 network1 = '204.79.197.192/28'
1045 network2 = '204.79.197.192/27'
1046 host1 = '204.79.197.203'
1047 host2 = '204.79.197.210'
1048 host3 = '204.79.197.224'
1049 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1050 try:
1051 self.add_static_route_via_vcpe_interface([host1,host2,host3],vcpe=self.vcpe_dhcp)
1052 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1053 assert_equal(st, False)
1054 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network1))
1055 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1056 assert_equal(st, True)
1057 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1058 assert_equal(st,False)
1059 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP'.format(vcpe_name,network2))
1060 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1061 assert_equal(st, True)
1062 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1063 assert_equal(st, True)
1064 st, _ = getstatusoutput('ping -c 1 {}'.format(host3))
1065 assert_equal(st, False)
1066 finally:
1067 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network1))
1068 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network2))
1069 self.del_static_route_via_vcpe_interface([host1,host2,host3],vcpe=vcpe_intf)
1070 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1071 df.callback(0)
1072 reactor.callLater(0, vcpe_firewall, df)
1073 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1074
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1075 @deferred(TIMEOUT)
1076 def test_vsg_firewall_with_deny_source_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1077 """
1078 Algo:
1079 1. Get vSG corresponding to vcpe
1080 2. Login to compute node
1081 3. Execute iptable command on vcpe from compute node to deny a source IP
1082 4. From cord-tester ping to 8.8.8.8 from the denied IP
1083 5. Verifying that ping should not be successful
1084 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1085 if not vcpe_name:
1086 vcpe_name = self.vcpe_container
1087 if not vcpe_intf:
1088 vcpe_intf = self.vcpe_dhcp
1089 df = defer.Deferred()
1090 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1091 if self.on_podd is False:
1092 df.callback(0)
1093 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1094 host = '8.8.8.8'
1095 #source_ip = get_ip(self.vcpe_dhcp)
1096 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1097 try:
1098 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1099 source_ip = get_ip(self.vcpe_dhcp)
1100 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1101 assert_equal(st, False)
1102 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1103 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1104 assert_equal(st, True)
1105 finally:
1106 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1107 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1108 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1109 df.callback(0)
1110 reactor.callLater(0, vcpe_firewall, df)
1111 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1112
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1113 @deferred(TIMEOUT)
1114 def test_vsg_firewall_rule_with_add_and_delete_deny_source_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1115 """
1116 Algo:
1117 1. Get vSG corresponding to vcpe
1118 2. Login to compute node
1119 3. Execute iptable command on vcpe from compute node to deny a source IP
1120 4. From cord-tester ping to 8.8.8.8 from the denied IP
1121 5. Verifying that ping should not be successful
1122 6. Delete the iptable rule in vcpe
1123 7. From cord-tester ping to 8.8.8.8 from the denied IP
1124 8. Verifying the ping should success
1125 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1126 if not vcpe_name:
1127 vcpe_name = self.vcpe_container
1128 if not vcpe_intf:
1129 vcpe_intf = self.vcpe_dhcp
1130 df = defer.Deferred()
1131 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1132 if self.on_podd is False:
1133 df.callback(0)
1134 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1135 host = '8.8.8.8'
1136 source_ip = get_ip(self.vcpe_dhcp)
1137 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1138 try:
1139 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1140 source_ip = get_ip(self.vcpe_dhcp)
1141 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1142 assert_equal(st, False)
1143 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1144 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1145 assert_equal(st, True)
1146 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1147 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1148 assert_equal(st, False)
1149 finally:
1150 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1151 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1152 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1153 df.callback(0)
1154 reactor.callLater(0, vcpe_firewall, df)
1155 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1156
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1157 @deferred(TIMEOUT)
1158 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_requests_type(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1159 """
1160 Algo:
1161 1. Get vSG corresponding to vcpe
1162 2. Login to compute node
1163 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets
1164 4. From cord-tester ping to 8.8.8.8
1165 5. Verifying that ping should not be successful
1166 6. Delete the iptable rule
1167 7. From cord-tester ping to 8.8.8.8
1168 8. Verifying the ping should success
1169 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1170 if not vcpe_name:
1171 vcpe_name = self.vcpe_container
1172 if not vcpe_intf:
1173 vcpe_intf = self.vcpe_dhcp
1174 df = defer.Deferred()
1175 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1176 if self.on_podd is False:
1177 df.callback(0)
1178 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1179 host = '8.8.8.8'
1180 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1181 try:
1182 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1183 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1184 assert_equal(st, False)
1185 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1186 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1187 assert_equal(st, True)
1188 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1189 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1190 assert_equal(st, False)
1191 finally:
1192 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1193 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1194 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1195 df.callback(0)
1196 reactor.callLater(0, vcpe_firewall, df)
1197 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1198
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1199 @deferred(TIMEOUT)
1200 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1201 """
1202 Algo:
1203 1. Get vSG corresponding to vcpe
1204 2. Login to compute node
1205 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets
1206 4. From cord-tester ping to 8.8.8.8
1207 5. Verifying that ping should not be successful
1208 6. Delete the iptable rule
1209 7. From cord-tester ping to 8.8.8.8
1210 8. Verifying the ping should success
1211 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1212 if not vcpe_name:
1213 vcpe_name = self.vcpe_container
1214 if not vcpe_intf:
1215 vcpe_intf = self.vcpe_dhcp
1216 df = defer.Deferred()
1217 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1218 if self.on_podd is False:
1219 df.callback(0)
1220 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1221 host = '8.8.8.8'
1222 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1223 try:
1224 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1225 st, _ = getstatusoutput('ping -c 1 {}'.format('8.8.8.8'))
1226 assert_equal(st, False)
1227 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1228 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1229 assert_equal(st, True)
1230 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1231 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1232 assert_equal(st,False)
1233 finally:
1234 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1235 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1236 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1237 df.callback(0)
1238 reactor.callLater(0, vcpe_firewall, df)
1239 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1240
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1241 @deferred(TIMEOUT)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1242 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_requests_type(self, vcpe_name=None, vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1243 """
1244 Algo:
1245 1. Get vSG corresponding to vcpe
1246 2. Login to compute node
1247 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets
1248 4. From cord-tester ping to 8.8.8.8
1249 5. Verifying that ping should not be successful
1250 6. Insert another rule to accept the icmp-echo requests protocol packets
1251 7. From cord-tester ping to 8.8.8.8
1252 8. Verifying the ping should success
1253 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1254 if not vcpe_name:
1255 vcpe_name = self.vcpe_container
1256 if not vcpe_intf:
1257 vcpe_intf = self.vcpe_dhcp
1258 df = defer.Deferred()
1259 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1260 if self.on_podd is False:
1261 df.callback(0)
1262 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1263 host = '8.8.8.8'
1264 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1265 try:
1266 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1267 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1268 assert_equal(st, False)
1269 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1270 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1271 assert_equal(st, True)
1272 st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name))
1273 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1274 assert_equal(st,False)
1275 finally:
1276 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1277 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name))
1278 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1279 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1280 df.callback(0)
1281 reactor.callLater(0, vcpe_firewall, df)
1282 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1283
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1284 @deferred(TIMEOUT)
1285 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None):
1286 """
1287 Algo:
1288 1. Get vSG corresponding to vcpe
1289 2. Login to compute node
1290 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets
1291 4. From cord-tester ping to 8.8.8.8
1292 5. Verifying the ping should not success
1293 6. Insert another rule to accept the icmp-echo requests protocol packets
1294 7. From cord-tester ping to 8.8.8.8
1295 8. Verifying the ping should success
1296 """
1297 if not vcpe_name:
1298 vcpe_name = self.vcpe_container
1299 if not vcpe_intf:
1300 vcpe_intf = self.vcpe_dhcp
1301 df = defer.Deferred()
1302 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1303 if self.on_podd is False:
1304 df.callback(0)
1305 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1306 host = '8.8.8.8'
1307 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1308 try:
1309 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1310 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1311 assert_equal(st, False)
1312 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1313 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1314 assert_equal(st, True)
1315 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name))
1316 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1317 assert_equal(st,False)
1318 finally:
1319 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1320 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name))
1321 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1322 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1323 df.callback(0)
1324 reactor.callLater(0, vcpe_firewall, df)
1325 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1326
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1327 @deferred(TIMEOUT)
1328 def test_vsg_firewall_for_deny_icmp_protocol(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1329 """
1330 Algo:
1331 1. Get vSG corresponding to vcpe
1332 2. Login to compute node
1333 3. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1334 4. From cord-tester ping to 8.8.8.8
1335 5. Verifying that ping should not be successful
1336 6. Delete the iptable rule
1337 7. From cord-tester ping to 8.8.8.8
1338 8. Verifying the ping should success
1339 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1340 if not vcpe_name:
1341 vcpe_name = self.vcpe_container
1342 if not vcpe_intf:
1343 vcpe_intf = self.vcpe_dhcp
1344 df = defer.Deferred()
1345 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1346 if self.on_podd is False:
1347 df.callback(0)
1348 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1349 host = '8.8.8.8'
1350 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1351 try:
1352 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1353 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1354 assert_equal(st, False)
1355 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1356 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1357 assert_equal(st, True)
1358 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1359 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1360 assert_equal(st,False)
1361 finally:
1362 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1363 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1364 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1365 df.callback(0)
1366 reactor.callLater(0, vcpe_firewall, df)
1367 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1368
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1369 @deferred(TIMEOUT)
1370 def test_vsg_firewall_rule_deny_icmp_protocol_and_destination_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1371 """
1372 Algo:
1373 1. Get vSG corresponding to vcpe
1374 2. Login to compute node
1375 3. Execute iptable command on vcpe from compute node to deny a destination IP
1376 4. From cord-tester ping to 8.8.8.8
1377 5. Verifying that ping should not be successful
1378 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1379 7. From cord-tester ping to 8.8.8.8
1380 8. Verifying the ping should success
1381 9. Delete the rule added in step 3
1382 10. From cord-tester ping to 8.8.8.8
1383 11. Verifying that ping should not be successful
1384 12. Delete the rule added in step 6
1385 13. From cord-tester ping to 8.8.8.8
1386 14. Verifying the ping should success
1387 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1388 if not vcpe_name:
1389 vcpe_name = self.vcpe_container
1390 if not vcpe_intf:
1391 vcpe_intf = self.vcpe_dhcp
1392 df = defer.Deferred()
1393 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1394 if self.on_podd is False:
1395 df.callback(0)
1396 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1397 host = '8.8.8.8'
1398 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1399 try:
1400 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1401 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1402 assert_equal(st, False)
1403 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1404 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1405 assert_equal(st, True)
1406 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1407 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1408 assert_equal(st, True)
1409 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1410 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1411 assert_equal(st, True)
1412 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1413 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1414 assert_equal(st,False)
1415 finally:
1416 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1417 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1418 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1419 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1420 df.callback(0)
1421 reactor.callLater(0, vcpe_firewall, df)
1422 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1423
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1424 @deferred(TIMEOUT) #Fail
1425 def test_vsg_firewall_flushing_all_configured_rules(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1426 """
1427 Algo:
1428 1. Get vSG corresponding to vcpe
1429 2. Login to compute node
1430 3. Execute iptable command on vcpe from compute node to deny a destination IP
1431 4. From cord-tester ping to 8.8.8.8
1432 5. Verifying that ping should not be successful
1433 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1434 7. From cord-tester ping to 8.8.8.8
1435 8. Verifying the ping should success
1436 9. Flush all the iptable rules configuraed in vcpe
1437 10. Delete the rule added in step 6
1438 11. From cord-tester ping to 8.8.8.8
1439 12. Verifying the ping should success
1440 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1441 if not vcpe_name:
1442 vcpe_name = self.vcpe_container
1443 if not vcpe_intf:
1444 vcpe_intf = self.vcpe_dhcp
1445 df = defer.Deferred()
1446 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1447 if self.on_podd is False:
1448 df.callback(0)
1449 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1450 host = '8.8.8.8'
1451 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1452 try:
1453 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1454 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1455 assert_equal(st, False)
1456 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1457 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1458 assert_equal(st, True)
1459 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1460 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1461 assert_equal(st, True)
1462 st,output = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name))
1463 time.sleep(1)
1464 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1465 assert_equal(st, False)
1466 finally:
1467 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1468 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1469 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1470 df.callback(0)
1471 reactor.callLater(0, vcpe_firewall, df)
1472 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1473
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1474 @deferred(TIMEOUT)
1475 def test_vsg_firewall_deny_all_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1476 """
1477 Algo:
1478 1. Get vSG corresponding to vcpe
1479 2. Login to compute node
1480 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic
1481 4. From cord-tester ping to 8.8.8.8
1482 5. Verifying that ping should not be successful
1483 6. Delete the iptable rule added
1484 7. From cord-tester ping to 8.8.8.8
1485 8. Verifying the ping should success
1486 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1487 if not vcpe_name:
1488 vcpe_name = self.vcpe_container
1489 if not vcpe_intf:
1490 vcpe_intf = self.vcpe_dhcp
1491 df = defer.Deferred()
1492 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1493 if self.on_podd is False:
1494 df.callback(0)
1495 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1496 host = '8.8.8.8'
1497 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1498 try:
1499 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1500 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1501 assert_equal(st, False)
1502 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1503 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1504 assert_equal(st, True)
1505 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1506 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1507 assert_equal(st, False)
1508 finally:
1509 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1510 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1511 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1512 df.callback(0)
1513 reactor.callLater(0, vcpe_firewall, df)
1514 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1515
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1516 @deferred(TIMEOUT)
1517 def test_vsg_firewall_replacing_deny_rule_to_accept_rule_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1518 """
1519 Algo:
1520 1. Get vSG corresponding to vcpe
1521 2. Login to compute node
1522 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic
1523 4. From cord-tester ping to 8.8.8.8
1524 5. Verifying that ping should not be successful
1525 6. Replace the deny rule added in step 3 with accept rule
1526 7. From cord-tester ping to 8.8.8.8
1527 8. Verifying the ping should success
1528 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1529 if not vcpe_name:
1530 vcpe_name = self.vcpe_container
1531 if not vcpe_intf:
1532 vcpe_intf = self.vcpe_dhcp
1533 df = defer.Deferred()
1534 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1535 if self.on_podd is False:
1536 df.callback(0)
1537 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1538 host = '8.8.8.8'
1539 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1540 try:
1541 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1542 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1543 assert_equal(st, False)
1544 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1545 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1546 assert_equal(st, True)
1547 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -4 -j ACCEPT'.format(vcpe_name))
1548 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1549 assert_equal(st, False)
1550 finally:
1551 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1552 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1553 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1554 df.callback(0)
1555 reactor.callLater(0, vcpe_firewall, df)
1556 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1557
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1558 @deferred(TIMEOUT)
1559 def test_vsg_firewall_deny_all_traffic_coming_on_lan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
1560 """
1561 Algo:
1562 1. Get vSG corresponding to vcpe
1563 2. Login to compute node
1564 3. Execute iptable command on vcpe from compute node to deny all the traffic coming on lan interface inside vcpe container
1565 4. From cord-tester ping to 8.8.8.8
1566 5. Verifying the ping should not success
1567 6. Delete the iptable rule added
1568 7. From cord-tester ping to 8.8.8.8
1569 8. Verifying the ping should success
1570 """
1571 if not vcpe_name:
1572 vcpe_name = self.vcpe_container
1573 if not vcpe_intf:
1574 vcpe_intf = self.vcpe_dhcp
1575 df = defer.Deferred()
1576 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1577 if self.on_podd is False:
1578 df.callback(0)
1579 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1580 host = '8.8.8.8'
1581 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1582 try:
1583 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1584 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1585 assert_equal(st, False)
1586 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -j DROP'.format(vcpe_name))
1587 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1588 assert_equal(st, True)
1589 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name))
1590 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1591 assert_equal(st, False)
1592 finally:
1593 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name))
1594 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1595 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1596 df.callback(0)
1597 reactor.callLater(0, vcpe_firewall, df)
1598 return df
1599
1600 @deferred(TIMEOUT)
1601 def test_vsg_firewall_deny_all_traffic_going_out_of_wan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
1602 """
1603 Algo:
1604 1. Get vSG corresponding to vcpe
1605 2. Login to compute node
1606 3. Execute iptable command on vcpe from compute node to deny all the traffic going out of wan interface inside vcpe container
1607 4. From cord-tester ping to 8.8.8.8
1608 5. Verifying the ping should not success
1609 6. Delete the iptable rule added
1610 7. From cord-tester ping to 8.8.8.8
1611 8. Verifying the ping should success
1612 """
1613 if not vcpe_name:
1614 vcpe_name = self.vcpe_container
1615 if not vcpe_intf:
1616 vcpe_intf = self.vcpe_dhcp
1617 df = defer.Deferred()
1618 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1619 if self.on_podd is False:
1620 df.callback(0)
1621 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1622 host = '8.8.8.8'
1623 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1624 try:
1625 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1626 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1627 assert_equal(st, False)
1628 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -o eth0 -j DROP'.format(vcpe_name))
1629 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1630 assert_equal(st, True)
1631 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name))
1632 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1633 assert_equal(st, False)
1634 finally:
1635 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name))
1636 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1637 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1638 df.callback(0)
1639 reactor.callLater(0, vcpe_firewall, df)
1640 return df
1641
1642 @deferred(TIMEOUT)
1643 def test_vsg_firewall_deny_all_traffic_from_lan_to_wan_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1644 """
1645 Algo:
1646 1. Get vSG corresponding to vcpe
1647 2. Login to compute node
1648 3. Execute iptable command on vcpe from compute node to deny all the traffic from lan to wan interface in vcpe
1649 4. From cord-tester ping to 8.8.8.8
1650 5. Verifying that ping should not be successful
1651 6. Delete the iptable rule added
1652 7. From cord-tester ping to 8.8.8.8
1653 8. Verifying the ping should success
1654 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1655 if not vcpe_name:
1656 vcpe_name = self.vcpe_container
1657 if not vcpe_intf:
1658 vcpe_intf = self.vcpe_dhcp
1659 df = defer.Deferred()
1660 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1661 if self.on_podd is False:
1662 df.callback(0)
1663 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1664 host = '8.8.8.8'
1665 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1666 try:
1667 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1668 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1669 assert_equal(st, False)
1670 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1671 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1672 assert_equal(st, True)
1673 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1674 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1675 assert_equal(st, False)
1676 finally:
1677 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1678 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1679 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1680 df.callback(0)
1681 reactor.callLater(0, vcpe_firewall, df)
1682 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1683
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1684
1685 #this test case needs modification.default route should be vcpe interface to run this test case
1686 @deferred(TIMEOUT)
1687 def test_vsg_firewall_deny_all_dns_traffic(self,vcpe_name=None,vcpe_intf=None):
1688 """
1689 Algo:
1690 1. Get vSG corresponding to vcpe
1691 2. Login to compute node
1692 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1693 4. From cord-tester ping to www.google.com
1694 5. Verifying the ping should not success
1695 6. Delete the iptable rule added
1696 7. From cord-tester ping to www.google.com
1697 8. Verifying the ping should success
1698 """
1699 if not vcpe_name:
1700 vcpe_name = self.vcpe_container
1701 if not vcpe_intf:
1702 vcpe_intf = self.vcpe_dhcp
1703 df = defer.Deferred()
1704 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1705 if self.on_podd is False:
1706 df.callback(0)
1707 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1708 host = 'www.msn.com'
1709 host_ip = '131.253.33.203'
1710 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1711 try:
1712 self.add_static_route_via_vcpe_interface([host_ip],vcpe=self.vcpe_dhcp)
1713 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1714 assert_equal(st, False)
1715 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name))
1716 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1717 assert_equal(st, True)
1718 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p udp --dport 53 -j ACCEPT'.format(vcpe_name))
1719 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1720 assert_equal(st, False)
1721 finally:
1722 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name))
1723 self.del_static_route_via_vcpe_interface([host_ip],vcpe=vcpe_intf)
1724 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1725 df.callback(0)
1726 reactor.callLater(0, vcpe_firewall, df)
1727 return df
1728
1729 @deferred(TIMEOUT)
1730 def test_vsg_firewall_deny_all_ipv4_traffic_vcpe_container_restart(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1731 """
1732 Algo:
1733 1. Get vSG corresponding to vcpe
1734 2. Login to compute node
1735 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1736 4. From cord-tester ping to www.google.com
1737 5. Verifying that ping should not be successful
1738 6. Delete the iptable rule added
1739 7. From cord-tester ping to www.google.com
1740 8. Verifying the ping should success
1741 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1742 if not vcpe_name:
1743 vcpe_name = self.vcpe_container
1744 if not vcpe_intf:
1745 vcpe_intf = self.vcpe_dhcp
1746 df = defer.Deferred()
1747 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1748 if self.on_podd is False:
1749 df.callback(0)
1750 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1751 host = '8.8.8.8'
1752 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1753 try:
1754 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1755 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1756 assert_equal(st, False)
1757 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1758 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1759 assert_equal(st, True)
1760 st,output = vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1761 time.sleep(3)
1762 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1763 assert_equal(st, False)
1764 finally:
1765 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1766 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1767 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1768 df.callback(0)
1769 reactor.callLater(0, vcpe_firewall, df)
1770 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1771
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1772 @deferred(TIMEOUT)
1773 def test_vsg_dnat_modifying_destination_ip(self,vcpe_name=None,vcpe_intf=None):
1774 """
1775 Algo:
1776 1. Get vSG corresponding to vcpe
1777 2. Login to compute node
1778 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1779 4. From cord-tester ping to www.google.com
1780 5. Verifying the ping should not success
1781 6. Delete the iptable rule added
1782 7. From cord-tester ping to www.google.com
1783 8. Verifying the ping should success
1784 """
1785 if not vcpe_name:
1786 vcpe_name = self.vcpe_container
1787 if not vcpe_intf:
1788 vcpe_intf = self.vcpe_dhcp
1789 df = defer.Deferred()
1790 def vcpe_firewall(df):
1791 host = '8.8.8.8'
1792 dst_ip = '123.123.123.123'
1793 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1794 try:
1795 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1796 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1797 assert_equal(st, False)
1798 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1799 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1800 assert_equal(st, True)
1801 finally:
1802 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1803 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1804 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1805 df.callback(0)
1806 reactor.callLater(0,vcpe_firewall,df)
1807 return df
1808
1809 @deferred(TIMEOUT)
1810 def test_vsg_dnat_modifying_destination_ip_and_delete(self,vcpe_name=None,vcpe_intf=None):
1811 """
1812 Algo:
1813 1. Get vSG corresponding to vcpe
1814 2. Login to compute node
1815 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1816 4. From cord-tester ping to www.google.com
1817 5. Verifying the ping should not success
1818 6. Delete the iptable rule added
1819 7. From cord-tester ping to www.google.com
1820 8. Verifying the ping should success
1821 """
1822 if not vcpe_name:
1823 vcpe_name = self.vcpe_container
1824 if not vcpe_intf:
1825 vcpe_intf = self.vcpe_dhcp
1826 df = defer.Deferred()
1827 def vcpe_firewall(df):
1828 host = '8.8.8.8'
1829 dst_ip = '123.123.123.123'
1830 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1831 try:
1832 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1833 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1834 assert_equal(st, False)
1835 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1836 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1837 assert_equal(st, True)
1838 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1839 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1840 assert_equal(st, False)
1841 finally:
1842 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1843 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1844 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1845 df.callback(0)
1846 reactor.callLater(0,vcpe_firewall,df)
1847 return df
1848
1849 @deferred(TIMEOUT)
1850 def test_vsg_dnat_change_modifying_destination_ip_address(self,vcpe_name=None,vcpe_intf=None):
1851 """
1852 Algo:
1853 1. Get vSG corresponding to vcpe
1854 2. Login to compute node
1855 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1856 4. From cord-tester ping to www.google.com
1857 5. Verifying the ping should not success
1858 6. Delete the iptable rule added
1859 7. From cord-tester ping to www.google.com
1860 8. Verifying the ping should success
1861 """
1862 if not vcpe_name:
1863 vcpe_name = self.vcpe_container
1864 if not vcpe_intf:
1865 vcpe_intf = self.vcpe_dhcp
1866 df = defer.Deferred()
1867 def vcpe_firewall(df):
1868 host = '8.8.8.8'
1869 dst_ip = '123.123.123.123'
1870 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1871 try:
1872 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1873 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1874 assert_equal(st, False)
1875 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1876 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1877 assert_equal(st, True)
1878 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -R PREROUTING 1 -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,host))
1879 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1880 assert_equal(st, False)
1881 finally:
1882 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1883 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,host))
1884 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1885 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1886 df.callback(0)
1887 reactor.callLater(0,vcpe_firewall,df)
1888 return df
1889
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]1890 def test_vsg_xos_subscriber(self):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1891 if self.on_podd is False:
1892 return
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]1893 subscriber_info = self.subscriber_info[0]
1894 volt_subscriber_info = self.volt_subscriber_info[0]
1895 result = self.restApiXos.ApiPost('TENANT_SUBSCRIBER', subscriber_info)
1896 assert_equal(result, True)
1897 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
1898 assert_not_equal(result, None)
1899 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
1900 assert_not_equal(subId, '0')
1901 log.info('Subscriber ID for account num %d = %s' %(volt_subscriber_info['account_num'], subId))
1902 volt_tenant = volt_subscriber_info['voltTenant']
1903 #update the subscriber id in the tenant info before making the rest
1904 volt_tenant['subscriber'] = subId
1905 result = self.restApiXos.ApiPost('TENANT_VOLT', volt_tenant)
1906 assert_equal(result, True)
1907
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]1908 def test_vsg_for_dns_service(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1909 """
1910 Algo:
1911 1. Create a test client in Prod VM
1912 2. Create a vCPE container in vSG VM inside compute Node
1913 3. Ensure vSG VM and vCPE container created properly
1914 4. Enable dns service in vCPE ( if not by default )
1915 5. Send ping request from test client to valid domain address say, 'www.google'com
1916 6. Verify that dns should resolve ping should success
1917 7. Now send ping request to invalid domain address say 'www.invalidaddress'.com'
1918 8. Verify that dns resolve should fail and hence ping
1919 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1920
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1921 def test_vsg_for_10_subscribers_for_same_service(self):
1922 """
1923 Algo:
1924 1.Create a vSG VM in compute node
1925 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
1926 3.Ensure vSG VM and vCPE container created properly
1927 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to valid external public IP
1928 5.Verify that ping success for all 10 subscribers
1929 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1930
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1931 def test_vsg_for_10_subscribers_for_same_service_ping_invalid_ip(self):
1932 """
1933 Algo:
1934 1.Create a vSG VM in compute Node
1935 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
1936 3.Ensure vSG VM and vCPE container created properly
1937 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to invalid IP
1938 5.Verify that ping fails for all 10 subscribers
1939 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1940
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1941 def test_vsg_for_10_subscribers_for_same_service_ping_valid_and_invalid_ip(self):
1942 """
1943 Algo:
1944 1.Create a vSG VM in VM
1945 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
1946 3.Ensure vSG VM and vCPE container created properly
1947 4.From first 5 subscribers, with same s-tag and different c-tag, send a ping to valid IP
1948 5.Verify that ping success for all 5 subscribers
1949 6.From next 5 subscribers, with same s-tag and different c-tag, send a ping to invalid IP
1950 7.Verify that ping fails for all 5 subscribers
1951 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1952
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1953 def test_vsg_for_100_subscribers_for_same_service(self):
1954 """
1955 Algo:
1956 1.Create a vSG VM in compute node
1957 2.Create 100 vCPE containers for 100 subscribers, in vSG VM
1958 3.Ensure vSG VM and vCPE container created properly
1959 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to valid external public IP
1960 5.Verify that ping success for all 100 subscribers
1961 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1962
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1963 def test_vsg_for_100_subscribers_for_same_service_ping_invalid_ip(self):
1964 """
1965 Algo:
1966 1.Create a vSG VM in compute Node
1967 2.Create 10 vCPE containers for 100 subscribers, in vSG VM
1968 3.Ensure vSG VM and vCPE container created properly
1969 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to invalid IP
1970 5.Verify that ping fails for all 100 subscribers
1971 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1972
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1973 def test_vsg_for_100_subscribers_for_same_service_ping_valid_and_invalid_ip(self):
1974 """
1975 Algo:
1976 1.Create a vSG VM in VM
1977 2.Create 10 vCPE containers for 100 subscribers, in vSG VM
1978 3.Ensure vSG VM and vCPE container created properly
1979 4.From first 5 subscribers, with same s-tag and different c-tag, send a ping to valid IP
1980 5.Verify that ping success for all 5 subscribers
1981 6.From next 5 subscribers, with same s-tag and different c-tag, send a ping to invalid IP
1982 7.Verify that ping fails for all 5 subscribers
1983 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1984
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1985 def test_vsg_for_packet_received_with_invalid_ip_fields(self):
1986 """
1987 Algo:
1988 1.Create a vSG VM in compute node
1989 2.Create a vCPE container in vSG VM
1990 3.Ensure vSG VM and vCPE container created properly
1991 4.From subscriber, send a ping packet with invalid ip fields
1992 5.Verify that vSG drops the packet
1993 6.Verify ping fails
1994 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1995
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1996 def test_vsg_for_packet_received_with_invalid_mac_fields(self):
1997 """
1998 Algo:
1999 1.Create a vSG VM in compute node
2000 2.Create a vCPE container in vSG VM
2001 3.Ensure vSG VM and vCPE container created properly
2002 4.From subscriber, send a ping packet with invalid mac fields
2003 5.Verify that vSG drops the packet
2004 6.Verify ping fails
2005 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2006
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2007 def test_vsg_for_vlan_id_mismatch_in_stag(self):
2008 """
2009 Algo:
2010 1.Create a vSG VM in compute Node
2011 2.Create a vCPE container in vSG VM
2012 3.Ensure vSG VM and vCPE container created properly
2013 4.Send a ping request to external valid IP from subscriber, with incorrect vlan id in s-tag and valid c-tag
2014 5.Verify that ping fails as the packet drops at VM entry
2015 6.Repeat step 4 with correct s-tag
2016 7.Verify that ping success
2017 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2018
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2019 def test_vsg_for_vlan_id_mismatch_in_ctag(self):
2020 """
2021 Algo:
2022 1.Create a vSG VM in compute node
2023 2.Create a vCPE container in vSG VM
2024 3.Ensure vSG VM and vCPE container created properly
2025 4.Send a ping request to external valid IP from subscriber, with valid s-tag and incorrect vlan id in c-tag
2026 5.Verify that ping fails as the packet drops at vCPE container entry
2027 6.Repeat step 4 with valid s-tag and c-tag
2028 7.Verify that ping success
2029 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2030
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2031 def test_vsg_for_matching_and_mismatching_vlan_id_in_stag(self):
2032 """
2033 Algo:
2034 1.Create two vSG VMs in compute node
2035 2.Create a vCPE container in each vSG VM
2036 3.Ensure vSG VM and vCPE container created properly
2037 4.From subscriber one, send ping request with valid s and c tags
2038 5.From subscriber two, send ping request with vlan id mismatch in s-tag and valid c tags
2039 6.Verify that ping success for only subscriber one and fails for two.
2040 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2041
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2042 def test_vsg_for_matching_and_mismatching_vlan_id_in_ctag(self):
2043 """
2044 Algo:
2045 1.Create a vSG VM in compute node
2046 2.Create two vCPE containers in vSG VM
2047 3.Ensure vSG VM and vCPE container created properly
2048 4.From subscriber one, send ping request with valid s and c tags
2049 5.From subscriber two, send ping request with valid s-tag and vlan id mismatch in c-tag
2050 6.Verify that ping success for only subscriber one and fails for two
2051 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2052
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2053 def test_vsg_for_out_of_range_vlanid_in_ctag(self):
2054 """
2055 Algo:
2056 1.Create a vSG VM in compute node
2057 2.Create a vCPE container in vSG VM
2058 3.Ensure vSG VM and vCPE container created properly
2059 4.From subscriber, send ping request with valid stag and vlan id in c-tag is an out of range value ( like 0,4097 )
2060 4.Verify that ping fails as the ping packets drops at vCPE container entry
2061 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2062
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2063 def test_vsg_for_out_of_range_vlanid_in_stag(self):
2064 """
2065 Algo:
2066 1.Create a vSG VM in compute node
2067 2.Create a vCPE container in vSG VM
2068 3.Ensure vSG VM and vCPE container created properly
2069 2.From subscriber, send ping request with vlan id in s-tag is an out of range value ( like 0,4097 ), with valid c-tag
2070 4.Verify that ping fails as the ping packets drops at vSG VM entry
2071 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2072
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2073 def test_vsg_without_creating_vcpe_instance(self):
2074 """
2075 Algo:
2076 1.Create a vSG VM in compute Node
2077 2.Ensure vSG VM created properly
2078 3.Do not create vCPE container inside vSG VM
2079 4.From a subscriber, send ping to external valid IP
2080 5.Verify that ping fails as the ping packet drops at vSG VM entry itself.
2081 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2082
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2083 def test_vsg_for_remove_vcpe_instance(self):
2084 """
2085 Algo:
2086 1.Create a vSG VM in compute node
2087 2.Create a vCPE container in vSG VM
2088 3.Ensure vSG VM and vCPE container created properly
2089 4.From subscriber, send ping request with valid s-tag and c-tag
2090 5.Verify that ping success
2091 6.Verify ping success flows in OvS switch in compute node
2092 7.Now remove the vCPE container in vSG VM
2093 8.Ensure that the container removed properly
2094 9.Repeat step 4
2095 10.Verify that now, ping fails
2096 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2097
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2098 def test_vsg_for_restart_vcpe_instance(self):
2099 """
2100 Algo:
2101 1.Create a vSG VM in compute node
2102 2.Create a vCPE container in vSG VM
2103 3.Ensure vSG VM and vCPE container created properly
2104 4.From subscriber, send ping request with valid s-tag and c-tag
2105 5.Verify that ping success
2106 6.Verify ping success flows in OvS switch in compute node
2107 7.Now restart the vCPE container in vSG VM
2108 8.Ensure that the container came up after restart
2109 9.Repeat step 4
2110 10.Verify that now,ping gets success and flows added in OvS
2111 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2112
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2113 def test_vsg_for_restart_vsg_vm(self):
2114 """
2115 Algo:
2116 1.Create a vSG VM in compute node
2117 2.Create a vCPE container in vSG VM
2118 3.Ensure vSG VM and vCPE container created properly
2119 4.From subscriber, send ping request with valid s-tag and c-tag
2120 5.Verify that ping success
2121 6.Verify ping success flows in OvS switch in compute node
2122 7.Now restart the vSG VM
2123 8.Ensure that the vSG comes up properly after restart
2124 9.Verify that vCPE container comes up after vSG restart
2125 10.Repeat step 4
2126 11.Verify that now,ping gets success and flows added in OvS
2127 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2128
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2129 def test_vsg_for_pause_vcpe_instance(self):
2130 """
2131 Algo:
2132 1.Create a vSG VM in compute node
2133 2.Create a vCPE container in vSG VM
2134 3.Ensure vSG VM and vCPE container created properly
2135 4.From subscriber, send ping request with valid s-tag and c-tag
2136 5.Verify that ping success
2137 6.Verify ping success flows in OvS switch in compute node
2138 7.Now pause vCPE container in vSG VM for a while
2139 8.Ensure that the container state is pause
2140 9.Repeat step 4
2141 10.Verify that now,ping fails now and verify flows in OvS
2142 11.Now resume the container
2143 12.Now repeat step 4 again
2144 13.Verify that now, ping gets success
2145 14.Verify ping success flows in OvS
2146 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2147
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2148 def test_vsg_for_extract_all_compute_stats_from_all_vcpe_containers(self):
2149 """
2150 Algo:
2151 1.Create a vSG VM in compute node
2152 2.Create 10 vCPE containers in VM
2153 3.Ensure vSG VM and vCPE containers created properly
2154 4.Login to all vCPE containers
2155 4.Get all compute stats from all vCPE containers
2156 5.Verify the stats # verification method need to add
2157 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2158
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2159 def test_vsg_for_extract_dns_stats_from_all_vcpe_containers(self):
2160 """
2161 Algo:
2162 1.Create a vSG VM in compute node
2163 2.Create 10 vCPE containers in VM
2164 3.Ensure vSG VM and vCPE containers created properly
2165 4.From 10 subscribers, send ping to valid and invalid dns hosts
2166 5.Verify dns resolves and ping success for valid dns hosts
2167 6.Verify ping fails for invalid dns hosts
2168 7.Verify dns host name resolve flows in OvS
2169 8.Login to all 10 vCPE containers
2170 9.Extract all dns stats
2171 10.Verify dns stats for queries sent, queries received for dns host resolve success and failed scenarios
2172 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2173
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2174 def test_vsg_for_subscriber_access_two_vsg_services(self):
2175 """
2176 # Intention is to verify if subscriber can reach internet via two vSG VMs
2177 Algo:
2178 1.Create two vSG VMs for two services in compute node
2179 2.Create one vCPE container in each VM for one subscriber
2180 3.Ensure VMs and containers created properly
2181 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2182 5.Verify ping gets success
2183 6.Verify ping success flows in OvS
2184 7.Now repeat step 4 with stag corresponds to vSG-2 VM
2185 8.Verify that ping again success
2186 9.Verify ping success flows in OvS
2187 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2188
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2189 def test_vsg_for_subscriber_access_service2_if_service1_goes_down(self):
2190 """
2191 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
2192 Algo:
2193 1.Create two vSG VMs for two services in compute node
2194 2.Create one vCPE container in each VM for one subscriber
2195 3.Ensure VMs and containers created properly
2196 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2197 5.Verify ping gets success
2198 6.Verify ping success flows in OvS
2199 7.Down the vSG-1 VM
2200 8.Now repeat step 4
2201 9.Verify that ping fails as vSG-1 is down
2202 10.Repeat step 4 with stag corresponding to vSG-2
2203 9.Verify ping success and flows added in OvS
2204 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2205
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2206 def test_vsg_for_subscriber_access_service2_if_service1_goes_restart(self):
2207 """
2208 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
2209 Algo:
2210 1.Create two vSG VMs for two services in compute node
2211 2.Create one vCPE container in each VM for one subscriber
2212 3.Ensure VMs and containers created properly
2213 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2214 5.Verify ping gets success
2215 6.Verify ping success flows added in OvS
2216 7.Now restart vSG-1 VM
2217 8.Now repeat step 4 while vSG-1 VM restarts
2218 9.Verify that ping fails as vSG-1 is restarting
2219 10.Repeat step 4 with stag corresponding to vSG-2 while vSG-1 VM restarts
2220 11.Verify ping success and flows added in OvS
2221 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2222
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2223 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_goes_down(self):
2224 """
2225 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
2226 Algo:
2227 1.Create a vSG VM in compute node
2228 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2229 3.Ensure VM and containers created properly
2230 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2231 5.Verify ping gets success
2232 6.Verify ping success flows added in OvS
2233 7.Now stop vCPE-1 container
2234 8.Now repeat step 4
2235 9.Verify that ping fails as vCPE-1 container is down
2236 10.Repeat step 4 with ctag corresponding to vCPE-2 container
2237 11.Verify ping success and flows added in OvS
2238 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2239
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2240 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_restart(self):
2241 """
2242 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
2243 Algo:
2244 1.Create a vSG VM in compute node
2245 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2246 3.Ensure VM and containers created properly
2247 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2248 5.Verify ping gets success
2249 6.Verify ping success flows added in OvS
2250 7.Now restart vCPE-1 container
2251 8.Now repeat step 4 while vCPE-1 restarts
2252 9.Verify that ping fails as vCPE-1 container is restarts
2253 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 restarts
2254 11..Verify ping success and flows added in OvS
2255 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2256
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2257 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_pause(self):
2258 """
2259 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 paused
2260 Algo:
2261 1.Create a vSG VM in compute node
2262 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2263 3.Ensure VM and containers created properly
2264 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2265 5.Verify ping gets success
2266 6.Verify ping success flows added in OvS
2267 7.Now pause vCPE-1 container
2268 8.Now repeat step 4 while vCPE-1 in pause state
2269 9.Verify that ping fails as vCPE-1 container in pause state
2270 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 in pause state
2271 11.Verify ping success and flows added in OvS
2272 """
2273 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_removed(self):
2274 """
2275 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 removed
2276 Algo:
2277 1.Create a vSG VM in compute node
2278 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2279 3.Ensure VM and containers created properly
2280 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2281 5.Verify ping gets success
2282 6.Verify ping success flows added in OvS
2283 7.Now remove vCPE-1 container
2284 8.Now repeat step 4
2285 9.Verify that ping fails as vCPE-1 container removed
2286 10.Repeat step 4 with ctag corresponding to vCPE-2 container
2287 11.Verify ping success and flows added in OvS
2288 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2289
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2290 def test_vsg_for_vcpe_instance_removed_and_added_again(self):
2291 """
2292 Algo:
2293 1.Create a vSG VM in compute node
2294 2.Create a vCPE container in vSG VM
2295 3.Ensure VM and containers created properly
2296 4.From subscriber end, send ping to public IP
2297 5.Verify ping gets success
2298 6.Verify ping success flows added in OvS
2299 7.Now remove vCPE container in vSG VM
2300 8.Now repeat step 4
2301 9.Verify that ping fails as vCPE container removed
2302 10.Create the vCPE container again for the same subscriber
2303 11.Ensure that vCPE created now
2304 12.Now repeat step 4
2305 13.Verify ping success and flows added in OvS
2306 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2307
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2308 def test_vsg_for_vsg_vm_removed_and_added_again(self):
2309 """
2310 Algo:
2311 1.Create a vSG VM in compute node
2312 2.Create a vCPE container in vSG VM
2313 3.Ensure VM and containers created properly
2314 4.From subscriber end, send ping to public IP
2315 5.Verify ping gets success
2316 6.Verify ping success flows added in OvS
2317 7.Now remove vSG VM
2318 8.Now repeat step 4
2319 9.Verify that ping fails as vSG VM not exists
2320 10.Create the vSG VM and vCPE container in VM again
2321 11.Ensure that vSG and vCPE created
2322 12.Now repeat step 4
2323 13.Verify ping success and flows added in OvS
2324 """
2325
2326 #Test vSG - Subscriber Configuration
2327 def test_vsg_for_configuring_new_subscriber_in_vcpe(self):
2328 """
2329 Algo:
2330 1.Create a vSG VM in compute node
2331 2.Create a vCPE container in vSG VM
2332 3.Ensure VM and containers created properly
2333 4.Configure a subscriber in XOS and assign a service id
2334 5.Set the admin privileges to the subscriber
2335 6.Verify subscriber configuration is success
2336 """
2337 def test_vsg_for_adding_subscriber_devices_in_vcpe(self):
2338 """
2339 Algo:
2340 1.Create a vSG VM in compute node
2341 2.Create a vCPE container in vSG VM
2342 3.Ensure VM and containers created properly
2343 4.Configure a subscriber in XOS and assign a service id
2344 5.Verify subscriber successfully configured in vCPE
2345 6.Now add devices( Mac addresses ) under the subscriber admin group
2346 7.Verify all devices ( Macs ) added successfully
2347 """
2348 def test_vsg_for_removing_subscriber_devices_in_vcpe(self):
2349 """
2350 Algo:
2351 1.Create a vSG VM in compute node
2352 2.Create a vCPE container in vSG VM
2353 3.Ensure VM and containers created properly
2354 4.Configure a subscriber in XOS and assign a service id
2355 5.Verify subscriber successfully configured
2356 6.Now add devices( Mac addresses ) under the subscriber admin group
2357 7.Verify all devices ( Macs ) added successfully
2358 8.Now remove All the added devices in XOS
2359 9.Verify all the devices removed
2360 """
2361 def test_vsg_for_modify_subscriber_devices_in_vcpe(self):
2362 """
2363 Algo:
2364 1.Create a vSG VM in compute node
2365 2.Create a vCPE container in vSG VM
2366 3.Ensure VM and containers created properly
2367 4.Configure a user in XOS and assign a service id
2368 5.Verify subscriber successfully configured in vCPE.
2369 6.Now add devices( Mac addresses ) under the subscriber admin group
2370 7.Verify all devices ( Macs ) added successfully
2371 8.Now remove few devices in XOS
2372 9.Verify devices removed successfully
2373 10.Now add few additional devices in XOS under the same subscriber admin group
2374 11.Verify newly added devices successfully added
2375 """
2376 def test_vsg_for_vcpe_login_fails_with_incorrect_subscriber_credentials(self):
2377 """
2378 Algo:
2379 1.Create a vSG VM in compute node
2380 2.Create a vCPE container in vSG VM
2381 3.Ensure VM and containers created properly
2382 4.Configure a subscriber in XOS and assign a service id
2383 5.Verify subscriber successfully configured
2384 6.Now add devices( Mac addresses ) under the subscriber admin group
2385 7.Verify all devices ( Macs ) added successfully
2386 8.Login vCPE with credentials with which subscriber configured
2387 9.Verify subscriber successfully logged in
2388 10.Logout and login again with incorrect credentials ( either user name or password )
2389 11.Verify login attempt to vCPE fails wtih incorrect credentials
2390 """
2391 def test_vsg_for_subscriber_configuration_in_vcpe_retain_after_vcpe_restart(self):
2392 """
2393 Algo:
2394 1.Create a vSG VM in compute node
2395 2.Create a vCPE container in vSG VM
2396 3.Ensure VM and containers created properly
2397 4.Configure a subscriber in XOS and assign a service id
2398 5.Verify subscriber successfully configured
2399 6.Now add devices( Mac addresses ) under the subscriber admin group
2400 7.Verify all devices ( Macs ) added successfully
2401 8.Restart vCPE ( locate backup config path while restart )
2402 9.Verify subscriber details in vCPE after restart should be same as before the restart
2403 """
2404 def test_vsg_for_create_multiple_vcpe_instances_and_configure_subscriber_in_each_instance(self):
2405 """
2406 Algo:
2407 1.Create a vSG VM in compute node
2408 2.Create 2 vCPE containers in vSG VM
2409 3.Ensure VM and containers created properly
2410 4.Configure a subscriber in XOS for each vCPE instance and assign a service id
2411 5.Verify subscribers successfully configured
2412 6.Now login vCPE-2 with subscriber-1 credentials
2413 7.Verify login fails
2414 8.Now login vCPE-1 with subscriber-2 credentials
2415 9.Verify login fails
2416 10.Now login vCPE-1 with subscriber-1 and vCPE-2 with subscriber-2 credentials
2417 11.Verify that both the subscribers able to login to their respective vCPE containers
2418 """
2419 def test_vsg_for_same_subscriber_can_be_configured_for_multiple_services(self):
2420 """
2421 Algo:
2422 1.Create 2 vSG VMs in compute node
2423 2.Create a vCPE container in each vSG VM
2424 3.Ensure VMs and containers created properly
2425 4.Configure same subscriber in XOS for each vCPE instance and assign a service id
2426 5.Verify subscriber successfully configured
2427 6.Now login vCPE-1 with subscriber credentials
2428 7.Verify login success
2429 8.Now login vCPE-2 with the same subscriber credentials
2430 9.Verify login success
2431 """
2432
2433 #Test Example Service
2434 def test_vsg_for_subcriber_avail_example_service_running_in_apache_server(self):
2435 """
2436 Algo:
2437 1.Create a vSG VM in compute node
2438 2.Create a vCPE container in each vSG VM
2439 3.Ensure VM and container created properly
2440 4.Configure a subscriber in XOS for the vCPE instance and assign a service id
2441 5.On-board an example service into cord pod
2442 6.Create a VM in compute node and run the example service ( Apache server )
2443 7.Configure the example service with service specific and subscriber specific messages
2444 8.Verify example service on-boarded successfully
2445 9.Verify example service running in VM
2446 10.Run a curl command from subscriber to reach example service
2447 11.Verify subscriber can successfully reach example service via vSG
2448 12.Verify that service specific and subscriber specific messages
2449 """
2450 def test_vsg_for_subcriber_avail_example_service_running_in_apache_server_after_service_restart(self):
2451 """
2452 Algo:
2453 1.Create a vSG VM in compute node
2454 2.Create a vCPE container in each vSG VM
2455 3.Ensure VM and container created properly
2456 4.Configure a subscriber in XOS for the vCPE instance and assign a service id
2457 5.On-board an example service into cord pod
2458 6.Create a VM in compute node and run the example service ( Apache server )
2459 7.Configure the example service with service specific and subscriber specific messages
2460 8.Verify example service on-boarded successfully
2461 9.Verify example service running in VM
2462 10.Run a curl command from subscriber to reach example service
2463 11.Verify subscriber can successfully reach example service via vSG
2464 12.Verify that service specific and subscriber specific messages
2465 13.Restart example service running in VM
2466 14.Repeat step 10
2467 15.Verify the same results as mentioned in steps 11, 12
2468 """
2469
2470 #vCPE Firewall Functionality
2471 def test_vsg_firewall_for_creating_acl_rule_based_on_source_ip(self):
2472 """
2473 Algo:
2474 1.Create a vSG VM in compute node
2475 2.Create vCPE container in the VM
2476 3.Ensure vSG VM and vCPE container created properly
2477 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
2478 5.Bound the acl rule to WAN interface of vCPE
2479 6.Verify configuration in vCPE is success
2480 8.Verify flows added in OvS
2481 """
2482 def test_vsg_firewall_for_creating_acl_rule_based_on_destination_ip(self):
2483 """
2484 Algo:
2485 1.Create a vSG VM in compute node
2486 2.Create vCPE container in the VM
2487 3.Ensure vSG VM and vCPE container created properly
2488 4.Configure ac acl rule in vCPE to deny IP traffic to a destination ip
2489 5.Bound the acl rule to WAN interface of vCPE
2490 6.Verify configuration in vCPE is success
2491 8.Verify flows added in OvS
2492 """
2493 def test_vsg_firewall_for_acl_deny_rule_based_on_source_ip_traffic(self):
2494 """
2495 Algo:
2496 1.Create a vSG VM in compute node
2497 2.Create vCPE container in the VM
2498 3.Ensure vSG VM and vCPE container created properly
2499 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
2500 5.Bound the acl rule to WAN interface of vCPE
2501 6.From subscriber, send ping to the denied IP address
2502 7.Verify that ping fails as vCPE denies ping response
2503 8.Verify flows added in OvS
2504 """
2505 def test_vsg_firewall_for_acl_deny_rule_based_on_destination_ip_traffic(self):
2506 """
2507 Algo:
2508 1.Create a vSG VM in compute node
2509 2.Create vCPE container in the VM
2510 3.Ensure vSG VM and vCPE container created properly
2511 4.Configure ac acl rule in vCPE to deny IP traffic to a destination IP
2512 5.Bound the acl rule to WAN interface of vCPE
2513 6.From subscriber, send ping to the denied IP address
2514 7.Verify that ping fails as vCPE drops the ping request at WAN interface
2515 8.Verify flows added in OvS
2516 """
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]2517
2518 def test_vsg_dnsmasq(self):
2519 pass
2520
2521 def test_vsg_with_external_parental_control_family_shield_for_filter(self):
2522 pass
2523
2524 def test_vsg_with_external_parental_control_with_answerx(self):
2525 pass
2526
2527 def test_vsg_for_subscriber_upstream_bandwidth(self):
2528 pass
2529
2530 def test_vsg_for_subscriber_downstream_bandwidth(self):
2531 pass
2532
2533 def test_vsg_for_diagnostic_run_of_traceroute(self):
2534 pass
2535
2536 def test_vsg_for_diagnostic_run_of_tcpdump(self):
2537 pass
2538
2539 def test_vsg_for_iptable_rules(self):
2540 pass
2541
2542 def test_vsg_for_iptables_with_neutron(self):
2543 pass