Gitiles
Code Review Sign In
gerrit.opencord.org / cord-tester / b2618050dd3402583ecd4a80713a7d1b3488adf0 / . / src / test / vsg / vsgTest.py
blob: b2079c4edc7e3bb87a2246f46c80f1c07cf6917c [file] [log] [blame]
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]1#copyright 2016-present Ciena Corporation
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14#
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]15import time
16import os
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]17import sys
18import json
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]19import requests
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]20from nose.tools import *
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]21from twisted.internet import defer
22from nose.twistedtools import reactor, deferred
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]23from CordTestUtils import *
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]24from OltConfig import OltConfig
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]25from onosclidriver import OnosCliDriver
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]26from SSHTestAgent import SSHTestAgent
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]27from CordLogger import CordLogger
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]28from VSGAccess import VSGAccess
A R Karthick933f5b52017-03-27 15:27:16 -0700[diff] [blame]29from CordTestUtils import log_test as log
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]30from CordTestConfig import setup_module, running_on_ciab
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]31from OnosCtrl import OnosCtrl
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]32
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]33log.setLevel('INFO')
34
35class vsg_exchange(CordLogger):
36 ONOS_INSTANCES = 3
37 V_INF1 = 'veth0'
38 device_id = 'of:' + get_mac()
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]39 TEST_IP = '8.8.8.8'
40 HOST = "10.1.0.1"
41 USER = "vagrant"
42 PASS = "vagrant"
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]43 head_node = os.getenv('HEAD_NODE', 'prod')
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]44 HEAD_NODE = head_node + '.cord.lab' if len(head_node.split('.')) == 1 else head_node
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]45 test_path = os.path.dirname(os.path.realpath(__file__))
46 olt_conf_file = os.path.join(test_path, '..', 'setup/olt_config.json')
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]47 restApiXos = None
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]48 subscriber_account_num = 200
49 subscriber_s_tag = 304
50 subscriber_c_tag = 304
51 subscribers_per_s_tag = 8
52 subscriber_map = {}
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]53 subscriber_info = []
54 volt_subscriber_info = []
A R Karthick9a16a112017-04-07 15:40:05 -0700[diff] [blame]55 restore_methods = []
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]56 TIMEOUT=120
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]57 FABRIC_PORT_HEAD_NODE = 1
58 FABRIC_PORT_COMPUTE_NODE = 2
59 APP_NAME = 'org.ciena.xconnect'
60 APP_FILE = os.path.join(test_path, '..', 'apps/xconnect-1.0-SNAPSHOT.oar')
A.R Karthick50f4d9a2017-04-20 16:44:19 -0700[diff] [blame]61 NUM_SUBSCRIBERS = 5
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]62
63 @classmethod
64 def getSubscriberCredentials(cls, subId):
65 """Generate our own account num, s_tag and c_tags"""
66 if subId in cls.subscriber_map:
67 return cls.subscriber_map[subId]
68 account_num = cls.subscriber_account_num
69 cls.subscriber_account_num += 1
70 s_tag, c_tag = cls.subscriber_s_tag, cls.subscriber_c_tag
71 cls.subscriber_c_tag += 1
72 if cls.subscriber_c_tag % cls.subscribers_per_s_tag == 0:
73 cls.subscriber_s_tag += 1
74 cls.subscriber_map[subId] = account_num, s_tag, c_tag
75 return cls.subscriber_map[subId]
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]76
77 @classmethod
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]78 def getXosCredentials(cls):
79 onos_cfg = OnosCtrl.get_config()
80 if onos_cfg is None:
81 return None
82 if 'apps' in onos_cfg and \
83 'org.opencord.vtn' in onos_cfg['apps'] and \
84 'cordvtn' in onos_cfg['apps']['org.opencord.vtn'] and \
85 'xos' in onos_cfg['apps']['org.opencord.vtn']['cordvtn']:
86 xos_cfg = onos_cfg['apps']['org.opencord.vtn']['cordvtn']['xos']
87 endpoint = xos_cfg['endpoint']
88 user = xos_cfg['user']
89 password = xos_cfg['password']
90 xos_endpoints = endpoint.split(':')
91 xos_host = xos_endpoints[1][len('//'):]
92 xos_port = xos_endpoints[2][:-1]
93 #log.info('xos_host: %s, port: %s, user: %s, password: %s' %(xos_host, xos_port, user, password))
94 return dict(host = xos_host, port = xos_port, user = user, password = password)
95
96 return None
97
98 @classmethod
A.R Karthick50f4d9a2017-04-20 16:44:19 -0700[diff] [blame]99 def getSubscriberConfig(cls, num_subscribers):
100 features = {
101 'cdn': True,
102 'uplink_speed': 1000000000,
103 'downlink_speed': 1000000000,
104 'uverse': True,
105 'status': 'enabled'
106 }
107 subscriber_map = []
108 for i in xrange(num_subscribers):
109 subId = 'sub{}'.format(i)
110 account_num, _, _ = cls.getSubscriberCredentials(subId)
111 identity = { 'account_num' : str(account_num),
112 'name' : 'My House {}'.format(i)
113 }
114 sub_info = { 'features' : features,
115 'identity' : identity
116 }
117 subscriber_map.append(sub_info)
118
119 return subscriber_map
120
121 @classmethod
122 def getVoltSubscriberConfig(cls, num_subscribers):
123 voltSubscriberMap = []
124 for i in xrange(num_subscribers):
125 subId = 'sub{}'.format(i)
126 account_num, s_tag, c_tag = cls.getSubscriberCredentials(subId)
127 voltSubscriberInfo = {}
128 voltSubscriberInfo['voltTenant'] = dict(s_tag = str(s_tag),
129 c_tag = str(c_tag),
130 subscriber = '')
131 voltSubscriberInfo['account_num'] = account_num
132 voltSubscriberMap.append(voltSubscriberInfo)
133
134 return voltSubscriberMap
135
136 @classmethod
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]137 def setUpCordApi(cls):
138 our_path = os.path.dirname(os.path.realpath(__file__))
139 cord_api_path = os.path.join(our_path, '..', 'cord-api')
140 framework_path = os.path.join(cord_api_path, 'Framework')
141 utils_path = os.path.join(framework_path, 'utils')
142 data_path = os.path.join(cord_api_path, 'Tests', 'data')
143 subscriber_cfg = os.path.join(data_path, 'Subscriber.json')
144 volt_tenant_cfg = os.path.join(data_path, 'VoltTenant.json')
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]145 num_subscribers = max(cls.NUM_SUBSCRIBERS, 5)
146 cls.subscriber_info = cls.getSubscriberConfig(num_subscribers)
147 cls.volt_subscriber_info = cls.getVoltSubscriberConfig(num_subscribers)
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]148
149 sys.path.append(utils_path)
150 sys.path.append(framework_path)
151 from restApi import restApi
152 restApiXos = restApi()
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]153 xos_credentials = cls.getXosCredentials()
154 if xos_credentials is None:
155 restApiXos.controllerIP = cls.HEAD_NODE
156 restApiXos.controllerPort = '9000'
157 else:
158 restApiXos.controllerIP = xos_credentials['host']
159 restApiXos.controllerPort = xos_credentials['port']
160 restApiXos.user = xos_credentials['user']
161 restApiXos.password = xos_credentials['password']
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]162 cls.restApiXos = restApiXos
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]163
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]164 @classmethod
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]165 def getVoltId(cls, result, subId):
166 if type(result) is not type([]):
167 return None
168 for tenant in result:
169 if str(tenant['subscriber']) == str(subId):
170 return str(tenant['id'])
171 return None
172
173 @classmethod
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]174 def closeVCPEAccess(cls, volt_subscriber_info):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]175 OnosCtrl.uninstall_app(cls.APP_NAME, onos_ip = cls.HEAD_NODE)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]176
177 @classmethod
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]178 def openVCPEAccess(cls, volt_subscriber_info):
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]179 """
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]180 This code is used to configure leaf switch for head node access to compute node over fabric.
181 Care is to be taken to avoid overwriting existing/default vcpe flows.
182 The access is opened for generated subscriber info which should not overlap.
183 We target the fabric onos instance on head node.
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]184 """
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]185 OnosCtrl.install_app(cls.APP_FILE, onos_ip = cls.HEAD_NODE)
186 time.sleep(2)
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]187 s_tags = map(lambda tenant: int(tenant['voltTenant']['s_tag']), volt_subscriber_info)
188 #only get unique vlan tags
189 s_tags = list(set(s_tags))
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]190 devices = OnosCtrl.get_device_ids(controller = cls.HEAD_NODE)
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]191 if devices:
192 device_config = {}
193 for device in devices:
194 device_config[device] = []
195 for s_tag in s_tags:
196 xconnect_config = {'vlan': s_tag, 'ports' : [ cls.FABRIC_PORT_HEAD_NODE, cls.FABRIC_PORT_COMPUTE_NODE ] }
197 device_config[device].append(xconnect_config)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]198
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]199 cfg = { 'apps' : { 'org.ciena.xconnect' : { 'xconnectTestConfig' : device_config } } }
200 OnosCtrl.config(cfg, controller = cls.HEAD_NODE)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]201
202 @classmethod
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]203 def setUpClass(cls):
204 cls.controllers = get_controllers()
205 cls.controller = cls.controllers[0]
206 cls.cli = None
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]207 cls.on_pod = running_on_pod()
208 cls.on_ciab = running_on_ciab()
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]209 cls.olt = OltConfig(olt_conf_file = cls.olt_conf_file)
210 cls.vcpes = cls.olt.get_vcpes()
211 cls.vcpes_dhcp = cls.olt.get_vcpes_by_type('dhcp')
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]212 cls.vcpes_reserved = cls.olt.get_vcpes_by_type('reserved')
213 cls.dhcp_vcpes_reserved = [ 'vcpe{}.{}.{}'.format(i, cls.vcpes_reserved[i]['s_tag'], cls.vcpes_reserved[i]['c_tag'])
214 for i in xrange(len(cls.vcpes_reserved)) ]
215 cls.untagged_dhcp_vcpes_reserved = [ 'vcpe{}'.format(i) for i in xrange(len(cls.vcpes_reserved)) ]
216 cls.container_vcpes_reserved = [ 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag']) for vcpe in cls.vcpes_reserved ]
217 vcpe_dhcp_reserved = None
218 vcpe_container_reserved = None
219 if cls.vcpes_reserved:
220 vcpe_dhcp_reserved = cls.dhcp_vcpes_reserved[0]
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]221 if cls.on_pod is False:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]222 vcpe_dhcp_reserved = cls.untagged_dhcp_vcpes_reserved[0]
223 vcpe_container_reserved = cls.container_vcpes_reserved[0]
224
225 cls.vcpe_dhcp_reserved = vcpe_dhcp_reserved
226 cls.vcpe_container_reserved = vcpe_container_reserved
227 dhcp_vcpe_offset = len(cls.vcpes_reserved)
A R Karthick927129c2017-04-25 14:08:02 -0700[diff] [blame]228 cls.dhcp_vcpes = [ 'vcpe{}.{}.{}'.format(i+dhcp_vcpe_offset, cls.vcpes_dhcp[i]['s_tag'], cls.vcpes_dhcp[i]['c_tag'])
229 for i in xrange(len(cls.vcpes_dhcp)) ]
230 cls.untagged_dhcp_vcpes = [ 'vcpe{}'.format(i+dhcp_vcpe_offset) for i in xrange(len(cls.vcpes_dhcp)) ]
231 cls.container_vcpes = [ 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag']) for vcpe in cls.vcpes_dhcp ]
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]232 vcpe_dhcp = None
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]233 vcpe_container = None
234 #cache the first dhcp vcpe in the class for quick testing
235 if cls.vcpes_dhcp:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]236 vcpe_container = cls.container_vcpes[0]
237 vcpe_dhcp = cls.dhcp_vcpes[0]
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]238 if cls.on_pod is False:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]239 vcpe_dhcp = cls.untagged_dhcp_vcpes[0]
240 cls.vcpe_container = vcpe_container_reserved or vcpe_container
241 cls.vcpe_dhcp = vcpe_dhcp_reserved or vcpe_dhcp
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]242 VSGAccess.setUp()
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]243 cls.setUpCordApi()
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]244 if cls.on_pod is True:
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]245 cls.openVCPEAccess(cls.volt_subscriber_info)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]246
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]247 @classmethod
248 def tearDownClass(cls):
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]249 VSGAccess.tearDown()
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]250 if cls.on_pod is True:
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]251 cls.closeVCPEAccess(cls.volt_subscriber_info)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]252
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]253 def cliEnter(self, controller = None):
254 retries = 0
255 while retries < 30:
256 self.cli = OnosCliDriver(controller = controller, connect = True)
257 if self.cli.handle:
258 break
259 else:
260 retries += 1
261 time.sleep(2)
262
263 def cliExit(self):
264 self.cli.disconnect()
265
266 def onos_shutdown(self, controller = None):
267 status = True
268 self.cliEnter(controller = controller)
269 try:
270 self.cli.shutdown(timeout = 10)
271 except:
272 log.info('Graceful shutdown of ONOS failed for controller: %s' %controller)
273 status = False
274
275 self.cliExit()
276 return status
277
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]278 def log_set(self, level = None, app = 'org.onosproject'):
279 CordLogger.logSet(level = level, app = app, controllers = self.controllers, forced = True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]280
A R Karthick9a16a112017-04-07 15:40:05 -0700[diff] [blame]281 @classmethod
282 def get_dhcp(cls, vcpe, mgmt = 'eth0'):
283 """Get DHCP for vcpe interface saving management settings"""
284
285 def put_dhcp():
286 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
287
288 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
289 if vcpe_ip is not None:
290 cls.restore_methods.append(put_dhcp)
291 return vcpe_ip
292
293 @classmethod
294 def config_restore(cls):
295 """Restore the vsg test configuration on test case failures"""
296 for restore_method in cls.restore_methods:
297 restore_method()
298
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]299 def get_vsg_vcpe_pair(self):
300 vcpes = self.vcpes_dhcp
301 vcpe_containers = []
302 vsg_vcpe = {}
303 for vcp in vcpes:
304 vcpe_container = 'vcpe-{}-{}'.format(vcp['s_tag'], vcp['c_tag'])
305 vcpe_containers.append(vcpe_container)
306 vsg = VSGAccess.get_vcpe_vsg(vcpe_container)
307 vsg_vcpe[vcpe_container]=str(vsg.get_ip())
308 return vsg_vcpe
309
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]310 def get_vcpe_containers_and_interfaces(self):
311 vcpe_containers = {}
312 vcpe_interfaces = []
313 vcpes = self.vcpes_dhcp
314 count = 0
315 for vcpe in vcpes:
316 vcpe_intf = 'vcpe{}.{}.{}'.format(count,vcpe['s_tag'],vcpe['c_tag'])
317 vcpe_interfaces.append(vcpe_intf)
318 vcpe_container = 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag'])
319 vcpe_containers[vcpe_intf] = vcpe_container
320 count += 1
321 log.info('vcpe interfaces are %s'%vcpe_interfaces)
322 log.info('vcpe containers are %s'%vcpe_containers)
323 return vcpe_interfaces,vcpe_containers
324
325 def get_vcpe_interface_dhcp_ip(self,vcpe=None):
326 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]327 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]328 st, _ = getstatusoutput('dhclient {}'.format(vcpe))
329 vcpe_ip = get_ip(vcpe)
330 return vcpe_ip
331
332 def release_vcpe_interface_dhcp_ip(self,vcpe=None):
333 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]334 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]335 st, _ = getstatusoutput('dhclient {} -r'.format(vcpe))
336 vcpe_ip = get_ip(vcpe)
337 assert_equal(vcpe_ip, None)
338
339 def add_static_route_via_vcpe_interface(self, routes, vcpe=None,dhcp_ip=True):
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]340 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]341 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]342 if dhcp_ip:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]343 os.system('dhclient '+vcpe)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]344 time.sleep(1)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]345 for route in routes:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]346 log.info('route is %s'%route)
347 cmd = 'ip route add ' + route + ' via 192.168.0.1 '+ 'dev ' + vcpe
348 cmds.append(cmd)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]349 for cmd in cmds:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]350 os.system(cmd)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]351 return True
352
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]353 def del_static_route_via_vcpe_interface(self,routes,vcpe=None,dhcp_release=True):
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]354 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]355 vcpe = self.vcpe_dhcp
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]356 cmds = []
357 for route in routes:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]358 cmd = 'ip route del ' + route + ' via 192.168.0.1 ' + 'dev ' + vcpe
359 os.system(cmd)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]360 if dhcp_release:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]361 os.system('dhclient '+vcpe+' -r')
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]362 return True
363
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]364 def vsg_for_external_connectivity(self, subscriber_index, reserved = False):
365 if reserved is True:
366 if self.on_pod is True:
367 vcpe = self.dhcp_vcpes_reserved[subscriber_index]
368 else:
369 vcpe = self.untagged_dhcp_vcpes_reserved[subscriber_index]
370 else:
371 if self.on_pod is True:
372 vcpe = self.dhcp_vcpes[subscriber_index]
373 else:
374 vcpe = self.untagged_dhcp_vcpes[subscriber_index]
375 mgmt = 'eth0'
376 host = '8.8.8.8'
377 self.success = False
378 assert_not_equal(vcpe, None)
379 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
380 assert_not_equal(vcpe_ip, None)
381 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
382 log.info('Sending icmp echo requests to external network 8.8.8.8')
383 st, _ = getstatusoutput('ping -c 3 8.8.8.8')
384 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
385 assert_equal(st, 0)
386
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]387 def test_vsg_health(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]388 """
389 Algo:
390 1. Login to compute node VM
391 2. Get all vSGs
392 3. Ping to all vSGs
393 4. Verifying Ping success
394 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]395 status = True
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]396 if self.on_pod is True:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]397 status = VSGAccess.health_check()
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]398 assert_equal(status, True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]399
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]400 def test_vsg_health_check(self, vsg_name='mysite_vsg-1', verify_status=True):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]401 """
402 Algo:
403 1. If vsg name not specified, Get vsg corresponding to vcpe
404 1. Login to compute mode VM
405 3. Ping to the vSG
406 4. Verifying Ping success
407 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]408 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]409 return
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]410 if not vsg_name:
411 vcpe = self.vcpe_container
412 vsg = VSGAccess.get_vcpe_vsg(vcpe)
413 status = vsg.get_health()
414 assert_equal(status, verify_status)
415 else:
416 vsgs = VSGAccess.get_vsgs()
417 status = None
418 for vsg in vsgs:
419 if vsg.name == vsg_name:
420 status = vsg.get_health()
421 log.info('vsg health check status is %s'%status)
422 assert_equal(status,verify_status)
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]423
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]424 @deferred(TIMEOUT)
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]425 def test_vsg_for_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]426 """
427 Algo:
428 1. Get list of all compute nodes created using Openstack
429 2. Login to compute mode VM
430 3. Get all vSGs
431 4. Verifying atleast one compute node and one vSG created
432 """
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]433 df = defer.Deferred()
434 def vsg_for_vcpe_df(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]435 if self.on_pod is True:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]436 vsgs = VSGAccess.get_vsgs()
437 compute_nodes = VSGAccess.get_compute_nodes()
438 time.sleep(14)
439 assert_not_equal(len(vsgs), 0)
440 assert_not_equal(len(compute_nodes), 0)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]441 df.callback(0)
442 reactor.callLater(0,vsg_for_vcpe_df,df)
443 return df
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]444
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]445 def test_vsg_for_login(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]446 """
447 Algo:
448 1. Login to compute node VM
449 2. Get all vSGs
450 3. Verifying login to vSG is success
451 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]452 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]453 return
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]454 vsgs = VSGAccess.get_vsgs()
455 vsg_access_status = map(lambda vsg: vsg.check_access(), vsgs)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]456 status = filter(lambda st: st == False, vsg_access_status)
457 assert_equal(len(status), 0)
458
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]459 def test_vsg_for_default_route_through_testclient(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]460 """
461 Algo:
462 1. Login to head node
463 2. Verifying for default route in lxc test client
464 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]465 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]466 return
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]467 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
468 cmd = "sudo lxc exec testclient -- route | grep default"
469 status, output = ssh_agent.run_cmd(cmd)
470 assert_equal(status, True)
471
472 def test_vsg_for_external_connectivity_through_testclient(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]473 """
474 Algo:
475 1. Login to head node
476 2. On head node, executing ping to 8.8.8.8 from lxc test client
477 3. Verifying for the ping success
478 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]479 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]480 return
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]481 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
482 cmd = "lxc exec testclient -- ping -c 3 8.8.8.8"
483 status, output = ssh_agent.run_cmd(cmd)
484 assert_equal( status, True)
485
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]486 def test_vsg_for_external_connectivity(self):
487 """
488 Algo:
489 1. Get dhcp IP to vcpe interface in cord-tester
490 2. Verifying vcpe interface gets dhcp IP
491 3. Ping to 8.8.8.8 and Verifying ping should success
492 4. Restoring management interface configuration in cord-tester
493 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]494 reserved = True
495 if self.on_pod:
496 reserved = self.on_ciab
497 self.vsg_for_external_connectivity(0, reserved = reserved)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]498
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]499 def test_vsg_for_external_connectivity_to_google(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]500 """
501 Algo:
502 1. Get dhcp IP to vcpe interface in cord-tester
503 2. Verifying vcpe interface gets dhcp IP
504 3. Ping to www.google.com and Verifying ping should success
505 4. Restoring management interface configuration in cord-tester
506 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]507 host = 'www.google.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]508 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]509 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]510 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]511 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]512 assert_not_equal(vcpe_ip, None)
513 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
514 log.info('Sending icmp ping requests to %s' %host)
515 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]516 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]517 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]518
A R Karthickb2618052017-05-10 09:23:22 -0700[diff] [blame^]519 def retrieve_content_from_host_to_validate_path_mtu(self, host):
520 vcpe = self.vcpe_dhcp
521 mgmt = 'eth0'
522 assert_not_equal(vcpe, None)
523 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
524 assert_not_equal(vcpe_ip, None)
525 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
526 log.info('Initiating get requests to %s' %host)
527 r = requests.get('http://{}'.format(host))
528 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
529 return r.status_code
530
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]531 #Test cases to check path mtu across cord framework wih some selected websites to check response.
532 def test_vsg_to_retrieve_content_from_google_to_validate_path_mtu(self):
533 """
534 Algo:
535 1. Get dhcp IP to vcpe interface in cord-tester
536 2. Verifying vcpe interface gets dhcp IP
537 3. Retrieve contents from www.google.com and Verify response status is 200 ok.
538 4. This validates path mtu for end to end traffic with request to retrieve web contents in cord framework.
539 (Based on website response, size differs, needs check on MTU)
540 4. Restoring management interface configuration in cord-tester
541 """
A R Karthickb2618052017-05-10 09:23:22 -0700[diff] [blame^]542 status_code = self.retrieve_content_from_host_to_validate_path_mtu('www.google.com')
543 assert_equal(status_code, 200)
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]544
545 def test_vsg_to_retrieve_content_from_rediff_to_validate_path_mtu(self):
546 """
547 Algo:
548 1. Get dhcp IP to vcpe interface in cord-tester
549 2. Verifying vcpe interface gets dhcp IP
550 3. Retrieve contents from www.rediff.com and Verify response status is 200 ok.
551 4. This validates path mtu for end to end traffic with request to retrieve web contents in cord framework.
552 (Based on website response, size differs, needs check on MTU)
553 4. Restoring management interface configuration in cord-tester
554 """
A R Karthickb2618052017-05-10 09:23:22 -0700[diff] [blame^]555 status_code = self.retrieve_content_from_host_to_validate_path_mtu('www.rediff.com')
556 assert_equal(status_code, 200)
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]557
558 def test_vsg_to_retrieve_content_from_yahoo_to_validate_path_mtu(self):
559 """
560 Algo:
561 1. Get dhcp IP to vcpe interface in cord-tester
562 2. Verifying vcpe interface gets dhcp IP
563 3. Retrieve contents from www.yahoo.com and Verify response status is 200 ok.
564 4. This validates path mtu for end to end traffic with request to retrieve web contents in cord framework.
565 (Based on website response, size differs, needs check on MTU)
566 4. Restoring management interface configuration in cord-tester
567 """
A R Karthickb2618052017-05-10 09:23:22 -0700[diff] [blame^]568 status_code = self.retrieve_content_from_host_to_validate_path_mtu('www.yahoo.com')
569 assert_equal(status_code, 200)
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]570
571 def test_vsg_to_retrieve_content_from_facebook_to_validate_path_mtu(self):
572 """
573 Algo:
574 1. Get dhcp IP to vcpe interface in cord-tester
575 2. Verifying vcpe interface gets dhcp IP
576 3. Retrieve contents from www.facebook.com and Verify response status is 200 ok.
577 4. This validates path mtu for end to end traffic with request to retrieve web contents in cord framework.
578 (Based on website response, size differs, needs check on MTU)
579 4. Restoring management interface configuration in cord-tester
580 """
A R Karthickb2618052017-05-10 09:23:22 -0700[diff] [blame^]581 status_code = self.retrieve_content_from_host_to_validate_path_mtu('www.facebook.com')
582 assert_equal(status_code, 200)
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]583
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]584 def test_vsg_for_external_connectivity_to_invalid_host(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]585 """
586 Algo:
587 1. Get dhcp IP to vcpe interface in cord-tester
588 2. Verifying vcpe interface gets dhcp IP
589 3. Ping to www.goglee.com and Verifying ping should not success
590 4. Restoring management interface configuration in cord-tester
591 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]592 host = 'www.goglee.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]593 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]594 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]595 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]596 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]597 assert_not_equal(vcpe_ip, None)
598 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
599 log.info('Sending icmp ping requests to non existent host %s' %host)
600 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]601 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]602 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]603
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]604 def test_vsg_for_external_connectivity_with_ttl_1(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]605 """
606 Algo:
607 1. Get dhcp IP to vcpe interface in cord-tester
608 2. Verifying vcpe interface gets dhcp IP
609 3. Ping to 8.8.8.8 with ttl set to 1
610 4. Verifying ping should not success
611 5. Restoring management interface configuration in cord-tester
612 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]613 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]614 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]615 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]616 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]617 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]618 assert_not_equal(vcpe_ip, None)
619 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
620 log.info('Sending icmp ping requests to host %s with ttl 1' %host)
621 st, _ = getstatusoutput('ping -c 1 -t 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]622 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]623 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]624
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]625 def test_vsg_for_external_connectivity_with_wan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]626 """
627 Algo:
628 1. Get dhcp IP to vcpe interface in cord-tester
629 2. Verifying vcpe interface gets dhcp IP
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]630 3. Ping to 8.8.8.8 and Verifying ping succeeds
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]631 4. Now down the WAN interface of vcpe
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]632 5. Ping to 8.8.8.8 and Verifying ping fails
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]633 6. Now Up the WAN interface of vcpe
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]634 7. Ping to 8.8.8.8 and Verifying ping succeeds
635 8. Restoring management interface configuration in cord-tester
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]636 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]637 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]638 return
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]639 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]640 mgmt = 'eth0'
641 vcpe = self.vcpe_container
642 assert_not_equal(vcpe, None)
643 assert_not_equal(self.vcpe_dhcp, None)
644 #first get dhcp on the vcpe interface
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]645 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
646 assert_not_equal(vcpe_ip, None)
647 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
648 log.info('Sending ICMP pings to host %s' %(host))
649 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
650 if st != 0:
651 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
652 assert_equal(st, 0)
653 #bring down the wan interface and check again
654 st = VSGAccess.vcpe_wan_down(vcpe)
655 if st is False:
656 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
657 assert_equal(st, True)
658 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
659 if st == 0:
660 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
661 assert_not_equal(st, 0)
662 st = VSGAccess.vcpe_wan_up(vcpe)
663 if st is False:
664 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
665 assert_equal(st, True)
666 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
667 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
668 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]669
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]670 def test_vsg_for_external_connectivity_with_lan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]671 """
672 Algo:
673 1. Get dhcp IP to vcpe interface in cord-tester
674 2. Verifying vcpe interface gets dhcp IP
675 3. Ping to 8.8.8.8 and Verifying ping should success
676 4. Now down the LAN interface of vcpe
677 5. Ping to 8.8.8.8 and Verifying ping should not success
678 6. Now Up the LAN interface of vcpe
679 7. Ping to 8.8.8.8 and Verifying ping should success
680 8. Restoring management interface configuration in cord-tester
681 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]682 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]683 return
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]684 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]685 mgmt = 'eth0'
686 vcpe = self.vcpe_container
687 assert_not_equal(vcpe, None)
688 assert_not_equal(self.vcpe_dhcp, None)
689 #first get dhcp on the vcpe interface
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]690 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
691 assert_not_equal(vcpe_ip, None)
692 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
693 log.info('Sending ICMP pings to host %s' %(host))
694 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
695 if st != 0:
696 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
697 assert_equal(st, 0)
698 #bring down the lan interface and check again
699 st = VSGAccess.vcpe_lan_down(vcpe)
700 if st is False:
701 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
702 assert_equal(st, True)
703 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
704 if st == 0:
705 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
706 assert_not_equal(st, 0)
707 st = VSGAccess.vcpe_lan_up(vcpe)
708 if st is False:
709 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
710 assert_equal(st, True)
711 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
712 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
713 assert_equal(st, 0)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]714
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]715 def test_vsg_multiple_subscribers_for_same_vcpe_instace(self):
716 """
717 Algo:
718 1. Create a vcpe instance
719 2. Create multiple vcpe interfaces in cord-tester with same s-tag and c-tag to access vcpe instance
720 3. Verify all the interfaces gets dhcp IP in same subnet
721 """
722 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
723 for vcpe in vcpe_intfs:
724 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
725 assert_not_equal(vcpe_ip,None)
726 for vcpe in vcpe_intfs:
727 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
728
729 def test_vsg_for_multiple_subscribers_with_same_vcpe_instance_and_validate_external_connectivity(self):
730 """
731 Algo:
732 1. Create a vcpe instance
733 2. Create multiple vcpe interfaces in cord-tester with same s-tag and c-tag to access vcpe instance
734 3. Verify all the interfaces gets dhcp IP in same subnet
735 4. From cord-tester ping to external with vcpe interface option
736 """
737 host = '8.8.8.8'
738 vcpe_intfs, containers = self.get_vcpe_containers_and_interfaces()
739 for vcpe in vcpe_intfs:
740 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
741 assert_not_equal(vcpe_ip,None)
742 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe,dhcp_ip=False)
743 st, _ = getstatusoutput('ping -I {} -c 3 {}'.format(vcpe,host))
744 assert_equal(st, 0)
745 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe,dhcp_release=False)
746 for vcpe in vcpe_intfs:
747 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
748
749 def test_vsg_vcpe_interface_and_validate_dhcp_ip_after_interface_toggle(self):
750 """
751 Algo:
752 1. Create a vcpe instance
753 2. Create a vcpe interface in cord-tester
754 3. Verify the interface gets dhcp IP
755 4. Toggle the interface
756 5. Verify the interface gets dhcp IP
757 """
758 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
759 for vcpe in vcpe_intfs:
760 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
761 assert_not_equal(vcpe_ip,None)
762 os.system('ifconfig {} down'.format(vcpe))
763 time.sleep(1)
764 os.system('ifconfig {} up'.format(vcpe))
765 time.sleep(1)
766 vcpe_ip2 = get_ip(vcpe)
767 assert_equal(vcpe_ip2,vcpe_ip)
768 for vcpe in vcpe_intfs:
769 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
770
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]771 @deferred(TIMEOUT)
772 def test_vsg_for_external_connectivity_with_vcpe_container_paused(self,vcpe_name=None,vcpe_intf=None):
773 """
774 Algo:
775 1. Get vSG corresponding to vcpe
776 2. Get dhcp ip to vcpe interface
777 3. Add static route to destination route in test container
778 4. From test container ping to destination route and verify ping success
779 5. Login to compute node and execute command to pause vcpe container
780 6. From test container ping to destination route and verify ping success
781 """
782 if not vcpe_name:
783 vcpe_name = self.vcpe_container
784 if not vcpe_intf:
785 vcpe_intf = self.vcpe_dhcp
786 df = defer.Deferred()
787 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]788 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]789 df.callback(0)
790 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]791 host = '8.8.8.8'
792 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
793 try:
794 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
795 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
796 assert_equal(st, False)
797 st, _ = vsg.run_cmd('sudo docker pause {}'.format(vcpe_name))
798 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
799 assert_equal(st, False)
800 finally:
801 vsg.run_cmd('sudo docker unpause'.format(vcpe_name))
802 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
803 df.callback(0)
804 reactor.callLater(0, vcpe_firewall, df)
805 return df
806
807 @deferred(TIMEOUT)
808 def test_vsg_firewall_with_deny_destination_ip(self, vcpe_name=None, vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]809 """
810 Algo:
811 1. Get vSG corresponding to vcpe
812 2. Login to compute node
813 3. Execute iptable command on vcpe from compute node to deny a destination IP
814 4. From cord-tester ping to the denied IP address
815 5. Verifying that ping should not be successful
816 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]817 if not vcpe_name:
818 vcpe_name = self.vcpe_container
819 if not vcpe_intf:
820 vcpe_intf = self.vcpe_dhcp
821 df = defer.Deferred()
822 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]823 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]824 df.callback(0)
825 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]826 host = '8.8.8.8'
827 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
828 try:
829 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
830 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
831 assert_equal(st, False)
832 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
833 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
834 assert_equal(st, True)
835 finally:
836 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
837 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
838 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
839 df.callback(0)
840 reactor.callLater(0, vcpe_firewall, df)
841 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]842
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]843 @deferred(TIMEOUT)
844 def test_vsg_firewall_with_rule_add_and_delete_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]845 """
846 Algo:
847 1. Get vSG corresponding to vcpe
848 2. Login to compute node
849 3. Execute iptable command on vcpe from compute node to deny a destination IP
850 4. From cord-tester ping to the denied IP address
851 5. Verifying that ping should not be successful
852 6. Delete the iptable rule in vcpe
853 7. From cord-tester ping to the denied IP address
854 8. Verifying the ping should success
855 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]856 if not vcpe_name:
857 vcpe_name = self.vcpe_container
858 if not vcpe_intf:
859 vcpe_intf = self.vcpe_dhcp
860 df = defer.Deferred()
861 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]862 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]863 df.callback(0)
864 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]865 host = '8.8.8.8'
866 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
867 try:
868 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
869 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
870 assert_equal(st, False)
871 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
872 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
873 assert_equal(st, True)
874 st,_ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
875 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
876 assert_equal(st, False)
877 finally:
878 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
879 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
880 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
881 df.callback(0)
882 reactor.callLater(0, vcpe_firewall, df)
883 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]884
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]885 @deferred(TIMEOUT)
886 def test_vsg_firewall_verifying_reachability_for_non_blocked_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]887 """
888 Algo:
889 1. Get vSG corresponding to vcpe
890 2. Login to compute node
891 3. Execute iptable command on vcpe from compute node to deny a destination IP
892 4. From cord-tester ping to the denied IP address
893 5. Verifying that ping should not be successful
894 6. From cord-tester ping to the denied IP address other than the denied one
895 7. Verifying the ping should success
896 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]897 if not vcpe_name:
898 vcpe_name = self.vcpe_container
899 if not vcpe_intf:
900 vcpe_intf = self.vcpe_dhcp
901 df = defer.Deferred()
902 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]903 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]904 df.callback(0)
905 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]906 host1 = '8.8.8.8'
907 host2 = '204.79.197.203'
908 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
909 try:
910 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
911 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
912 assert_equal(st, False)
913 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
914 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
915 assert_equal(st, True)
916 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
917 assert_equal(st,False)
918 finally:
919 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
920 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
921 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
922 df.callback(0)
923 reactor.callLater(0, vcpe_firewall, df)
924 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]925
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]926 @deferred(TIMEOUT)
927 def test_vsg_firewall_appending_rules_with_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]928 """
929 Algo:
930 1. Get vSG corresponding to vcpe
931 2. Login to compute node
932 3. Execute iptable command on vcpe from compute node to deny a destination IP1
933 4. From cord-tester ping to the denied IP address IP1
934 5. Verifying that ping should not be successful
935 6. Execute iptable command on vcpe from compute node to deny a destination IP2
936 6. From cord-tester ping to the denied IP address IP2
937 7. Verifying that ping should not be successful
938 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]939 if not vcpe_name:
940 vcpe_name = self.vcpe_container
941 if not vcpe_intf:
942 vcpe_intf = self.vcpe_dhcp
943 df = defer.Deferred()
944 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]945 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]946 df.callback(0)
947 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]948 host1 = '8.8.8.8'
949 host2 = '204.79.197.203'
950 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
951 try:
952 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
953 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
954 assert_equal(st, False)
955 st,_ = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name))
956 time.sleep(2)
957 st,_ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
958 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
959 assert_equal(st, True)
960 st, out = getstatusoutput('ping -c 1 {}'.format(host2))
961 log.info('host2 ping output is %s'%out)
962 assert_equal(st, False)
963 st, _ = vsg.run_cmd('sudo docker exec {} iptables -A FORWARD -d {} -j DROP'.format(vcpe_name,host2))
964 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
965 assert_equal(st,True)
966 finally:
967 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
968 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
969 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
970 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
971 df.callback(0)
972 reactor.callLater(0, vcpe_firewall, df)
973 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]974
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]975 @deferred(TIMEOUT)
976 def test_vsg_firewall_removing_one_rule_denying_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]977 """
978 Algo:
979 1. Get vSG corresponding to vcpe
980 2. Login to compute node
981 3. Execute iptable command on vcpe from compute node to deny a destination IP1
982 4. Execute iptable command on vcpe from compute node to deny a destination IP2
983 5. From cord-tester ping to the denied IP address IP1
984 6. Verifying that ping should not be successful
985 7. From cord-tester ping to the denied IP address IP2
986 8. Verifying that ping should not be successful
987 9. Execute iptable command on vcpe from compute node to remove deny a destination IP2 rule
988 10. From cord-tester ping to the denied IP address IP2
989 11. Verifying the ping should success
990 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]991 if not vcpe_name:
992 vcpe_name = self.vcpe_container
993 if not vcpe_intf:
994 vcpe_intf = self.vcpe_dhcp
995 df = defer.Deferred()
996 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]997 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]998 df.callback(0)
999 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1000 host1 = '8.8.8.8'
1001 host2 = '204.79.197.203'
1002 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1003 try:
1004 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp)
1005 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1006 assert_equal(st, False)
1007 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
1008 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host2))
1009 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1010 assert_equal(st, True)
1011 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1012 assert_equal(st,True)
1013 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
1014 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1015 assert_equal(st,False)
1016 finally:
1017 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
1018 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
1019 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
1020 log.info('restarting vcpe container')
1021 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1022 df.callback(0)
1023 reactor.callLater(0, vcpe_firewall, df)
1024 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1025
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1026 @deferred(TIMEOUT)
1027 def test_vsg_firewall_changing_rule_id_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1028 """
1029 Algo:
1030 1. Get vSG corresponding to vcpe
1031 2. Login to compute node
1032 3. Execute iptable command on vcpe from compute node to deny a destination IP
1033 5. From cord-tester ping to the denied IP address IP1
1034 6. Verifying that ping should not be successful
1035 9. Execute iptable command on vcpe from compute node to change the rule ID to 2 to deny the same destination IP
1036 10. From cord-tester ping to the denied IP address IP
1037 11. Verifying that ping should not be successful
1038 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1039 if not vcpe_name:
1040 vcpe_name = self.vcpe_container
1041 if not vcpe_intf:
1042 vcpe_intf = self.vcpe_dhcp
1043 df = defer.Deferred()
1044 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1045 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1046 df.callback(0)
1047 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1048 host = '8.8.8.8'
1049 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1050 try:
1051 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1052 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1053 assert_equal(st, False)
1054 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1055 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1056 assert_equal(st, True)
1057 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP '.format(vcpe_name,host))
1058 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1059 assert_equal(st,True)
1060 finally:
1061 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1062 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1063 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1064 df.callback(0)
1065 reactor.callLater(0, vcpe_firewall, df)
1066 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1067
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1068 @deferred(TIMEOUT)
1069 def test_vsg_firewall_changing_deny_rule_to_accept_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1070 """
1071 Algo:
1072 1. Get vSG corresponding to vcpe
1073 2. Login to compute node
1074 3. Execute iptable command on vcpe from compute node to deny a destination IP
1075 5. From cord-tester ping to the denied IP address IP1
1076 6. Verifying that ping should not be successful
1077 9. Execute iptable command on vcpe from compute node to accept the same destination IP
1078 10. From cord-tester ping to the accepted IP
1079 11. Verifying the ping should success
1080 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1081 if not vcpe_name:
1082 vcpe_name = self.vcpe_container
1083 if not vcpe_intf:
1084 vcpe_intf = self.vcpe_dhcp
1085 df = defer.Deferred()
1086 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1087 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1088 df.callback(0)
1089 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1090 host = '8.8.8.8'
1091 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1092 try:
1093 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1094 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1095 assert_equal(st, False)
1096 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1097 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1098 assert_equal(st, True)
1099 st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -d {} -j ACCEPT'.format(vcpe_name,host))
1100 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1101 assert_equal(st,False)
1102 finally:
1103 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1104 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j ACCEPT'.format(vcpe_name,host))
1105 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1106 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1107 df.callback(0)
1108 reactor.callLater(0, vcpe_firewall, df)
1109 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1110
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1111 @deferred(TIMEOUT) #Fail
1112 def test_vsg_firewall_denying_destination_network(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1113 """
1114 Algo:
1115 1. Get vSG corresponding to vcpe
1116 2. Login to compute node
1117 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet
1118 4. From cord-tester ping to the denied IP address IP1 in the denied subnet
1119 5. Verifying that ping should not be successful
1120 6. From cord-tester ping to the denied IP address IP2 in the denied subnet
1121 7. Verifying that ping should not be successful
1122 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1123 if not vcpe_name:
1124 vcpe_name = self.vcpe_container
1125 if not vcpe_intf:
1126 vcpe_intf = self.vcpe_dhcp
1127 df = defer.Deferred()
1128 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1129 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1130 df.callback(0)
1131 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1132 network = '204.79.197.192/28'
1133 host1 = '204.79.197.203'
1134 host2 = '204.79.197.210'
1135 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1136 try:
1137 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp)
1138 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1139 assert_equal(st, False)
1140 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network))
1141 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1142 assert_equal(st, True)
1143 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1144 assert_equal(st,False)
1145 finally:
1146 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network))
1147 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
1148 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1149 df.callback(0)
1150 reactor.callLater(0, vcpe_firewall, df)
1151 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1152
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1153 @deferred(TIMEOUT)
1154 def test_vsg_firewall_denying_destination_network_subnet_modification(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1155 """
1156 Algo:
1157 1. Get vSG corresponding to vcpe
1158 2. Login to compute node
1159 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet
1160 4. From cord-tester ping to the denied IP address IP1 in the denied subnet
1161 5. Verifying that ping should not be successful
1162 6. From cord-tester ping to the denied IP address IP2 in the denied subnet
1163 7. Verifying that ping should not be successful
1164 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1165 if not vcpe_name:
1166 vcpe_name = self.vcpe_container
1167 if not vcpe_intf:
1168 vcpe_intf = self.vcpe_dhcp
1169 df = defer.Deferred()
1170 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1171 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1172 df.callback(0)
1173 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1174 network1 = '204.79.197.192/28'
1175 network2 = '204.79.197.192/27'
1176 host1 = '204.79.197.203'
1177 host2 = '204.79.197.210'
1178 host3 = '204.79.197.224'
1179 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1180 try:
1181 self.add_static_route_via_vcpe_interface([host1,host2,host3],vcpe=self.vcpe_dhcp)
1182 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1183 assert_equal(st, False)
1184 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network1))
1185 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1186 assert_equal(st, True)
1187 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1188 assert_equal(st,False)
1189 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP'.format(vcpe_name,network2))
1190 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1191 assert_equal(st, True)
1192 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1193 assert_equal(st, True)
1194 st, _ = getstatusoutput('ping -c 1 {}'.format(host3))
1195 assert_equal(st, False)
1196 finally:
1197 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network1))
1198 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network2))
1199 self.del_static_route_via_vcpe_interface([host1,host2,host3],vcpe=vcpe_intf)
1200 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1201 df.callback(0)
1202 reactor.callLater(0, vcpe_firewall, df)
1203 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1204
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1205 @deferred(TIMEOUT)
1206 def test_vsg_firewall_with_deny_source_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1207 """
1208 Algo:
1209 1. Get vSG corresponding to vcpe
1210 2. Login to compute node
1211 3. Execute iptable command on vcpe from compute node to deny a source IP
1212 4. From cord-tester ping to 8.8.8.8 from the denied IP
1213 5. Verifying that ping should not be successful
1214 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1215 if not vcpe_name:
1216 vcpe_name = self.vcpe_container
1217 if not vcpe_intf:
1218 vcpe_intf = self.vcpe_dhcp
1219 df = defer.Deferred()
1220 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1221 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1222 df.callback(0)
1223 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1224 host = '8.8.8.8'
1225 #source_ip = get_ip(self.vcpe_dhcp)
1226 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1227 try:
1228 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1229 source_ip = get_ip(self.vcpe_dhcp)
1230 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1231 assert_equal(st, False)
1232 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1233 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1234 assert_equal(st, True)
1235 finally:
1236 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1237 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1238 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1239 df.callback(0)
1240 reactor.callLater(0, vcpe_firewall, df)
1241 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1242
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1243 @deferred(TIMEOUT)
1244 def test_vsg_firewall_rule_with_add_and_delete_deny_source_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1245 """
1246 Algo:
1247 1. Get vSG corresponding to vcpe
1248 2. Login to compute node
1249 3. Execute iptable command on vcpe from compute node to deny a source IP
1250 4. From cord-tester ping to 8.8.8.8 from the denied IP
1251 5. Verifying that ping should not be successful
1252 6. Delete the iptable rule in vcpe
1253 7. From cord-tester ping to 8.8.8.8 from the denied IP
1254 8. Verifying the ping should success
1255 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1256 if not vcpe_name:
1257 vcpe_name = self.vcpe_container
1258 if not vcpe_intf:
1259 vcpe_intf = self.vcpe_dhcp
1260 df = defer.Deferred()
1261 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1262 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1263 df.callback(0)
1264 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1265 host = '8.8.8.8'
1266 source_ip = get_ip(self.vcpe_dhcp)
1267 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1268 try:
1269 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1270 source_ip = get_ip(self.vcpe_dhcp)
1271 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1272 assert_equal(st, False)
1273 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1274 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1275 assert_equal(st, True)
1276 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1277 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1278 assert_equal(st, False)
1279 finally:
1280 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1281 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1282 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1283 df.callback(0)
1284 reactor.callLater(0, vcpe_firewall, df)
1285 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1286
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1287 @deferred(TIMEOUT)
1288 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_requests_type(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1289 """
1290 Algo:
1291 1. Get vSG corresponding to vcpe
1292 2. Login to compute node
1293 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets
1294 4. From cord-tester ping to 8.8.8.8
1295 5. Verifying that ping should not be successful
1296 6. Delete the iptable rule
1297 7. From cord-tester ping to 8.8.8.8
1298 8. Verifying the ping should success
1299 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1300 if not vcpe_name:
1301 vcpe_name = self.vcpe_container
1302 if not vcpe_intf:
1303 vcpe_intf = self.vcpe_dhcp
1304 df = defer.Deferred()
1305 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1306 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1307 df.callback(0)
1308 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1309 host = '8.8.8.8'
1310 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1311 try:
1312 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1313 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1314 assert_equal(st, False)
1315 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1316 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1317 assert_equal(st, True)
1318 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1319 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1320 assert_equal(st, False)
1321 finally:
1322 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1323 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1324 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1325 df.callback(0)
1326 reactor.callLater(0, vcpe_firewall, df)
1327 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1328
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1329 @deferred(TIMEOUT)
1330 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1331 """
1332 Algo:
1333 1. Get vSG corresponding to vcpe
1334 2. Login to compute node
1335 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets
1336 4. From cord-tester ping to 8.8.8.8
1337 5. Verifying that ping should not be successful
1338 6. Delete the iptable rule
1339 7. From cord-tester ping to 8.8.8.8
1340 8. Verifying the ping should success
1341 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1342 if not vcpe_name:
1343 vcpe_name = self.vcpe_container
1344 if not vcpe_intf:
1345 vcpe_intf = self.vcpe_dhcp
1346 df = defer.Deferred()
1347 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1348 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1349 df.callback(0)
1350 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1351 host = '8.8.8.8'
1352 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1353 try:
1354 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1355 st, _ = getstatusoutput('ping -c 1 {}'.format('8.8.8.8'))
1356 assert_equal(st, False)
1357 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1358 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1359 assert_equal(st, True)
1360 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1361 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1362 assert_equal(st,False)
1363 finally:
1364 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1365 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1366 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1367 df.callback(0)
1368 reactor.callLater(0, vcpe_firewall, df)
1369 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1370
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1371 @deferred(TIMEOUT)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1372 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_requests_type(self, vcpe_name=None, vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1373 """
1374 Algo:
1375 1. Get vSG corresponding to vcpe
1376 2. Login to compute node
1377 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets
1378 4. From cord-tester ping to 8.8.8.8
1379 5. Verifying that ping should not be successful
1380 6. Insert another rule to accept the icmp-echo requests protocol packets
1381 7. From cord-tester ping to 8.8.8.8
1382 8. Verifying the ping should success
1383 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1384 if not vcpe_name:
1385 vcpe_name = self.vcpe_container
1386 if not vcpe_intf:
1387 vcpe_intf = self.vcpe_dhcp
1388 df = defer.Deferred()
1389 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1390 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1391 df.callback(0)
1392 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1393 host = '8.8.8.8'
1394 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1395 try:
1396 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1397 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1398 assert_equal(st, False)
1399 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1400 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1401 assert_equal(st, True)
1402 st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name))
1403 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1404 assert_equal(st,False)
1405 finally:
1406 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1407 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name))
1408 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1409 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1410 df.callback(0)
1411 reactor.callLater(0, vcpe_firewall, df)
1412 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1413
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1414 @deferred(TIMEOUT)
1415 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None):
1416 """
1417 Algo:
1418 1. Get vSG corresponding to vcpe
1419 2. Login to compute node
1420 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets
1421 4. From cord-tester ping to 8.8.8.8
1422 5. Verifying the ping should not success
1423 6. Insert another rule to accept the icmp-echo requests protocol packets
1424 7. From cord-tester ping to 8.8.8.8
1425 8. Verifying the ping should success
1426 """
1427 if not vcpe_name:
1428 vcpe_name = self.vcpe_container
1429 if not vcpe_intf:
1430 vcpe_intf = self.vcpe_dhcp
1431 df = defer.Deferred()
1432 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1433 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1434 df.callback(0)
1435 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1436 host = '8.8.8.8'
1437 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1438 try:
1439 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1440 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1441 assert_equal(st, False)
1442 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1443 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1444 assert_equal(st, True)
1445 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name))
1446 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1447 assert_equal(st,False)
1448 finally:
1449 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1450 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name))
1451 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1452 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1453 df.callback(0)
1454 reactor.callLater(0, vcpe_firewall, df)
1455 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1456
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1457 @deferred(TIMEOUT)
1458 def test_vsg_firewall_for_deny_icmp_protocol(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1459 """
1460 Algo:
1461 1. Get vSG corresponding to vcpe
1462 2. Login to compute node
1463 3. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1464 4. From cord-tester ping to 8.8.8.8
1465 5. Verifying that ping should not be successful
1466 6. Delete the iptable rule
1467 7. From cord-tester ping to 8.8.8.8
1468 8. Verifying the ping should success
1469 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1470 if not vcpe_name:
1471 vcpe_name = self.vcpe_container
1472 if not vcpe_intf:
1473 vcpe_intf = self.vcpe_dhcp
1474 df = defer.Deferred()
1475 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1476 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1477 df.callback(0)
1478 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1479 host = '8.8.8.8'
1480 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1481 try:
1482 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1483 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1484 assert_equal(st, False)
1485 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1486 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1487 assert_equal(st, True)
1488 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1489 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1490 assert_equal(st,False)
1491 finally:
1492 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1493 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1494 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1495 df.callback(0)
1496 reactor.callLater(0, vcpe_firewall, df)
1497 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1498
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1499 @deferred(TIMEOUT)
1500 def test_vsg_firewall_rule_deny_icmp_protocol_and_destination_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1501 """
1502 Algo:
1503 1. Get vSG corresponding to vcpe
1504 2. Login to compute node
1505 3. Execute iptable command on vcpe from compute node to deny a destination IP
1506 4. From cord-tester ping to 8.8.8.8
1507 5. Verifying that ping should not be successful
1508 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1509 7. From cord-tester ping to 8.8.8.8
1510 8. Verifying the ping should success
1511 9. Delete the rule added in step 3
1512 10. From cord-tester ping to 8.8.8.8
1513 11. Verifying that ping should not be successful
1514 12. Delete the rule added in step 6
1515 13. From cord-tester ping to 8.8.8.8
1516 14. Verifying the ping should success
1517 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1518 if not vcpe_name:
1519 vcpe_name = self.vcpe_container
1520 if not vcpe_intf:
1521 vcpe_intf = self.vcpe_dhcp
1522 df = defer.Deferred()
1523 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1524 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1525 df.callback(0)
1526 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1527 host = '8.8.8.8'
1528 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1529 try:
1530 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1531 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1532 assert_equal(st, False)
1533 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1534 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1535 assert_equal(st, True)
1536 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1537 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1538 assert_equal(st, True)
1539 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1540 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1541 assert_equal(st, True)
1542 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1543 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1544 assert_equal(st,False)
1545 finally:
1546 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1547 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1548 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1549 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1550 df.callback(0)
1551 reactor.callLater(0, vcpe_firewall, df)
1552 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1553
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1554 @deferred(TIMEOUT) #Fail
1555 def test_vsg_firewall_flushing_all_configured_rules(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1556 """
1557 Algo:
1558 1. Get vSG corresponding to vcpe
1559 2. Login to compute node
1560 3. Execute iptable command on vcpe from compute node to deny a destination IP
1561 4. From cord-tester ping to 8.8.8.8
1562 5. Verifying that ping should not be successful
1563 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1564 7. From cord-tester ping to 8.8.8.8
1565 8. Verifying the ping should success
1566 9. Flush all the iptable rules configuraed in vcpe
1567 10. Delete the rule added in step 6
1568 11. From cord-tester ping to 8.8.8.8
1569 12. Verifying the ping should success
1570 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1571 if not vcpe_name:
1572 vcpe_name = self.vcpe_container
1573 if not vcpe_intf:
1574 vcpe_intf = self.vcpe_dhcp
1575 df = defer.Deferred()
1576 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1577 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1578 df.callback(0)
1579 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1580 host = '8.8.8.8'
1581 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1582 try:
1583 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1584 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1585 assert_equal(st, False)
1586 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1587 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1588 assert_equal(st, True)
1589 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1590 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1591 assert_equal(st, True)
1592 st,output = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name))
1593 time.sleep(1)
1594 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1595 assert_equal(st, False)
1596 finally:
1597 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1598 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1599 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1600 df.callback(0)
1601 reactor.callLater(0, vcpe_firewall, df)
1602 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1603
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1604 @deferred(TIMEOUT)
1605 def test_vsg_firewall_deny_all_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1606 """
1607 Algo:
1608 1. Get vSG corresponding to vcpe
1609 2. Login to compute node
1610 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic
1611 4. From cord-tester ping to 8.8.8.8
1612 5. Verifying that ping should not be successful
1613 6. Delete the iptable rule added
1614 7. From cord-tester ping to 8.8.8.8
1615 8. Verifying the ping should success
1616 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1617 if not vcpe_name:
1618 vcpe_name = self.vcpe_container
1619 if not vcpe_intf:
1620 vcpe_intf = self.vcpe_dhcp
1621 df = defer.Deferred()
1622 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1623 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1624 df.callback(0)
1625 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1626 host = '8.8.8.8'
1627 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1628 try:
1629 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1630 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1631 assert_equal(st, False)
1632 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1633 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1634 assert_equal(st, True)
1635 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1636 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1637 assert_equal(st, False)
1638 finally:
1639 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1640 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1641 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1642 df.callback(0)
1643 reactor.callLater(0, vcpe_firewall, df)
1644 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1645
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1646 @deferred(TIMEOUT)
1647 def test_vsg_firewall_replacing_deny_rule_to_accept_rule_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1648 """
1649 Algo:
1650 1. Get vSG corresponding to vcpe
1651 2. Login to compute node
1652 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic
1653 4. From cord-tester ping to 8.8.8.8
1654 5. Verifying that ping should not be successful
1655 6. Replace the deny rule added in step 3 with accept rule
1656 7. From cord-tester ping to 8.8.8.8
1657 8. Verifying the ping should success
1658 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1659 if not vcpe_name:
1660 vcpe_name = self.vcpe_container
1661 if not vcpe_intf:
1662 vcpe_intf = self.vcpe_dhcp
1663 df = defer.Deferred()
1664 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1665 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1666 df.callback(0)
1667 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1668 host = '8.8.8.8'
1669 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1670 try:
1671 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1672 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1673 assert_equal(st, False)
1674 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1675 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1676 assert_equal(st, True)
1677 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -4 -j ACCEPT'.format(vcpe_name))
1678 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1679 assert_equal(st, False)
1680 finally:
1681 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1682 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1683 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1684 df.callback(0)
1685 reactor.callLater(0, vcpe_firewall, df)
1686 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1687
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1688 @deferred(TIMEOUT)
1689 def test_vsg_firewall_deny_all_traffic_coming_on_lan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
1690 """
1691 Algo:
1692 1. Get vSG corresponding to vcpe
1693 2. Login to compute node
1694 3. Execute iptable command on vcpe from compute node to deny all the traffic coming on lan interface inside vcpe container
1695 4. From cord-tester ping to 8.8.8.8
1696 5. Verifying the ping should not success
1697 6. Delete the iptable rule added
1698 7. From cord-tester ping to 8.8.8.8
1699 8. Verifying the ping should success
1700 """
1701 if not vcpe_name:
1702 vcpe_name = self.vcpe_container
1703 if not vcpe_intf:
1704 vcpe_intf = self.vcpe_dhcp
1705 df = defer.Deferred()
1706 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1707 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1708 df.callback(0)
1709 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1710 host = '8.8.8.8'
1711 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1712 try:
1713 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1714 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1715 assert_equal(st, False)
1716 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -j DROP'.format(vcpe_name))
1717 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1718 assert_equal(st, True)
1719 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name))
1720 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1721 assert_equal(st, False)
1722 finally:
1723 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name))
1724 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1725 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1726 df.callback(0)
1727 reactor.callLater(0, vcpe_firewall, df)
1728 return df
1729
1730 @deferred(TIMEOUT)
1731 def test_vsg_firewall_deny_all_traffic_going_out_of_wan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
1732 """
1733 Algo:
1734 1. Get vSG corresponding to vcpe
1735 2. Login to compute node
1736 3. Execute iptable command on vcpe from compute node to deny all the traffic going out of wan interface inside vcpe container
1737 4. From cord-tester ping to 8.8.8.8
1738 5. Verifying the ping should not success
1739 6. Delete the iptable rule added
1740 7. From cord-tester ping to 8.8.8.8
1741 8. Verifying the ping should success
1742 """
1743 if not vcpe_name:
1744 vcpe_name = self.vcpe_container
1745 if not vcpe_intf:
1746 vcpe_intf = self.vcpe_dhcp
1747 df = defer.Deferred()
1748 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1749 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1750 df.callback(0)
1751 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1752 host = '8.8.8.8'
1753 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1754 try:
1755 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1756 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1757 assert_equal(st, False)
1758 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -o eth0 -j DROP'.format(vcpe_name))
1759 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1760 assert_equal(st, True)
1761 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name))
1762 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1763 assert_equal(st, False)
1764 finally:
1765 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name))
1766 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1767 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1768 df.callback(0)
1769 reactor.callLater(0, vcpe_firewall, df)
1770 return df
1771
1772 @deferred(TIMEOUT)
1773 def test_vsg_firewall_deny_all_traffic_from_lan_to_wan_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1774 """
1775 Algo:
1776 1. Get vSG corresponding to vcpe
1777 2. Login to compute node
1778 3. Execute iptable command on vcpe from compute node to deny all the traffic from lan to wan interface in vcpe
1779 4. From cord-tester ping to 8.8.8.8
1780 5. Verifying that ping should not be successful
1781 6. Delete the iptable rule added
1782 7. From cord-tester ping to 8.8.8.8
1783 8. Verifying the ping should success
1784 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1785 if not vcpe_name:
1786 vcpe_name = self.vcpe_container
1787 if not vcpe_intf:
1788 vcpe_intf = self.vcpe_dhcp
1789 df = defer.Deferred()
1790 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1791 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1792 df.callback(0)
1793 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1794 host = '8.8.8.8'
1795 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1796 try:
1797 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1798 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1799 assert_equal(st, False)
1800 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1801 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1802 assert_equal(st, True)
1803 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1804 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1805 assert_equal(st, False)
1806 finally:
1807 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1808 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1809 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1810 df.callback(0)
1811 reactor.callLater(0, vcpe_firewall, df)
1812 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1813
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1814 #this test case needs modification.default route should be vcpe interface to run this test case
1815 @deferred(TIMEOUT)
1816 def test_vsg_firewall_deny_all_dns_traffic(self,vcpe_name=None,vcpe_intf=None):
1817 """
1818 Algo:
1819 1. Get vSG corresponding to vcpe
1820 2. Login to compute node
1821 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1822 4. From cord-tester ping to www.google.com
1823 5. Verifying the ping should not success
1824 6. Delete the iptable rule added
1825 7. From cord-tester ping to www.google.com
1826 8. Verifying the ping should success
1827 """
1828 if not vcpe_name:
1829 vcpe_name = self.vcpe_container
1830 if not vcpe_intf:
1831 vcpe_intf = self.vcpe_dhcp
1832 df = defer.Deferred()
1833 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1834 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1835 df.callback(0)
1836 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1837 host = 'www.msn.com'
1838 host_ip = '131.253.33.203'
1839 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1840 try:
1841 self.add_static_route_via_vcpe_interface([host_ip],vcpe=self.vcpe_dhcp)
1842 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1843 assert_equal(st, False)
1844 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name))
1845 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1846 assert_equal(st, True)
1847 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p udp --dport 53 -j ACCEPT'.format(vcpe_name))
1848 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1849 assert_equal(st, False)
1850 finally:
1851 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name))
1852 self.del_static_route_via_vcpe_interface([host_ip],vcpe=vcpe_intf)
1853 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1854 df.callback(0)
1855 reactor.callLater(0, vcpe_firewall, df)
1856 return df
1857
1858 @deferred(TIMEOUT)
1859 def test_vsg_firewall_deny_all_ipv4_traffic_vcpe_container_restart(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1860 """
1861 Algo:
1862 1. Get vSG corresponding to vcpe
1863 2. Login to compute node
1864 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1865 4. From cord-tester ping to www.google.com
1866 5. Verifying that ping should not be successful
1867 6. Delete the iptable rule added
1868 7. From cord-tester ping to www.google.com
1869 8. Verifying the ping should success
1870 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1871 if not vcpe_name:
1872 vcpe_name = self.vcpe_container
1873 if not vcpe_intf:
1874 vcpe_intf = self.vcpe_dhcp
1875 df = defer.Deferred()
1876 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1877 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1878 df.callback(0)
1879 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1880 host = '8.8.8.8'
1881 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1882 try:
1883 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1884 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1885 assert_equal(st, False)
1886 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1887 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1888 assert_equal(st, True)
1889 st,output = vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1890 time.sleep(3)
1891 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1892 assert_equal(st, False)
1893 finally:
1894 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1895 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1896 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1897 df.callback(0)
1898 reactor.callLater(0, vcpe_firewall, df)
1899 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1900
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1901 @deferred(TIMEOUT)
1902 def test_vsg_dnat_modifying_destination_ip(self,vcpe_name=None,vcpe_intf=None):
1903 """
1904 Algo:
1905 1. Get vSG corresponding to vcpe
1906 2. Login to compute node
1907 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1908 4. From cord-tester ping to www.google.com
1909 5. Verifying the ping should not success
1910 6. Delete the iptable rule added
1911 7. From cord-tester ping to www.google.com
1912 8. Verifying the ping should success
1913 """
1914 if not vcpe_name:
1915 vcpe_name = self.vcpe_container
1916 if not vcpe_intf:
1917 vcpe_intf = self.vcpe_dhcp
1918 df = defer.Deferred()
1919 def vcpe_firewall(df):
1920 host = '8.8.8.8'
1921 dst_ip = '123.123.123.123'
1922 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1923 try:
1924 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1925 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1926 assert_equal(st, False)
1927 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1928 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1929 assert_equal(st, True)
1930 finally:
1931 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1932 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1933 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1934 df.callback(0)
1935 reactor.callLater(0,vcpe_firewall,df)
1936 return df
1937
1938 @deferred(TIMEOUT)
1939 def test_vsg_dnat_modifying_destination_ip_and_delete(self,vcpe_name=None,vcpe_intf=None):
1940 """
1941 Algo:
1942 1. Get vSG corresponding to vcpe
1943 2. Login to compute node
1944 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1945 4. From cord-tester ping to www.google.com
1946 5. Verifying the ping should not success
1947 6. Delete the iptable rule added
1948 7. From cord-tester ping to www.google.com
1949 8. Verifying the ping should success
1950 """
1951 if not vcpe_name:
1952 vcpe_name = self.vcpe_container
1953 if not vcpe_intf:
1954 vcpe_intf = self.vcpe_dhcp
1955 df = defer.Deferred()
1956 def vcpe_firewall(df):
1957 host = '8.8.8.8'
1958 dst_ip = '123.123.123.123'
1959 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1960 try:
1961 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1962 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1963 assert_equal(st, False)
1964 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1965 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1966 assert_equal(st, True)
1967 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1968 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1969 assert_equal(st, False)
1970 finally:
1971 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1972 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1973 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1974 df.callback(0)
1975 reactor.callLater(0,vcpe_firewall,df)
1976 return df
1977
1978 @deferred(TIMEOUT)
1979 def test_vsg_dnat_change_modifying_destination_ip_address(self,vcpe_name=None,vcpe_intf=None):
1980 """
1981 Algo:
1982 1. Get vSG corresponding to vcpe
1983 2. Login to compute node
1984 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1985 4. From cord-tester ping to www.google.com
1986 5. Verifying the ping should not success
1987 6. Delete the iptable rule added
1988 7. From cord-tester ping to www.google.com
1989 8. Verifying the ping should success
1990 """
1991 if not vcpe_name:
1992 vcpe_name = self.vcpe_container
1993 if not vcpe_intf:
1994 vcpe_intf = self.vcpe_dhcp
1995 df = defer.Deferred()
1996 def vcpe_firewall(df):
1997 host = '8.8.8.8'
1998 dst_ip = '123.123.123.123'
1999 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
2000 try:
2001 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
2002 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2003 assert_equal(st, False)
2004 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
2005 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2006 assert_equal(st, True)
2007 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -R PREROUTING 1 -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,host))
2008 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2009 assert_equal(st, False)
2010 finally:
2011 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
2012 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,host))
2013 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
2014 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
2015 df.callback(0)
2016 reactor.callLater(0,vcpe_firewall,df)
2017 return df
2018
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2019 def vsg_xos_subscriber_create(self, index):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]2020 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]2021 return
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2022 subscriber_info = self.subscriber_info[index]
2023 volt_subscriber_info = self.volt_subscriber_info[index]
A R Karthickd0b06792017-04-25 15:11:23 -0700[diff] [blame]2024 s_tag = int(volt_subscriber_info['voltTenant']['s_tag'])
2025 c_tag = int(volt_subscriber_info['voltTenant']['c_tag'])
2026 vcpe = 'vcpe-{}-{}'.format(s_tag, c_tag)
2027 log.info('Creating tenant with s_tag: %d, c_tag: %d' %(s_tag, c_tag))
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]2028 subId = ''
2029 try:
2030 result = self.restApiXos.ApiPost('TENANT_SUBSCRIBER', subscriber_info)
2031 assert_equal(result, True)
2032 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
2033 assert_not_equal(result, None)
2034 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
2035 assert_not_equal(subId, '0')
2036 log.info('Subscriber ID for account num %d = %s' %(volt_subscriber_info['account_num'], subId))
2037 volt_tenant = volt_subscriber_info['voltTenant']
2038 #update the subscriber id in the tenant info before making the rest
2039 volt_tenant['subscriber'] = subId
2040 result = self.restApiXos.ApiPost('TENANT_VOLT', volt_tenant)
2041 assert_equal(result, True)
2042 #if the vsg instance was already instantiated, then reduce delay
2043 if c_tag % self.subscribers_per_s_tag == 0:
2044 delay = 350
2045 else:
2046 delay = 90
2047 log.info('Delaying %d seconds for the VCPE to be provisioned' %(delay))
2048 time.sleep(delay)
2049 log.info('Testing for external connectivity to VCPE %s' %(vcpe))
2050 self.vsg_for_external_connectivity(index)
2051 finally:
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2052 return subId
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]2053
2054 def vsg_xos_subscriber_delete(self, index, subId = ''):
2055 if self.on_pod is False:
2056 return
2057 subscriber_info = self.subscriber_info[index]
2058 volt_subscriber_info = self.volt_subscriber_info[index]
2059 s_tag = int(volt_subscriber_info['voltTenant']['s_tag'])
2060 c_tag = int(volt_subscriber_info['voltTenant']['c_tag'])
2061 vcpe = 'vcpe-{}-{}'.format(s_tag, c_tag)
2062 log.info('Deleting tenant with s_tag: %d, c_tag: %d' %(s_tag, c_tag))
2063 if not subId:
2064 #get the subscriber id first
2065 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
2066 assert_not_equal(result, None)
2067 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
2068 assert_not_equal(subId, '0')
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]2069 #get the volt id for the subscriber
2070 result = self.restApiXos.ApiGet('TENANT_VOLT')
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]2071 assert_not_equal(result, None)
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]2072 voltId = self.getVoltId(result, subId)
2073 assert_not_equal(voltId, None)
A R Karthicka385cea2017-04-26 10:12:43 -0700[diff] [blame]2074 log.info('Deleting subscriber ID %s for account num %d' %(subId, volt_subscriber_info['account_num']))
2075 status = self.restApiXos.ApiDelete('TENANT_SUBSCRIBER', subId)
2076 assert_equal(status, True)
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]2077 #Delete the tenant
2078 log.info('Deleting VOLT Tenant ID %s for subscriber %s' %(voltId, subId))
A R Karthick76944872017-04-26 10:21:37 -0700[diff] [blame]2079 self.restApiXos.ApiDelete('TENANT_VOLT', voltId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2080
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame]2081 def vsg_xos_subscriber_id(self, index):
2082 volt_subscriber_info = self.volt_subscriber_info[index]
2083 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
2084 assert_not_equal(result, None)
2085 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
2086 return subId
2087
2088 def test_vsg_xos_subscriber_create_all(self):
2089 for index in xrange(len(self.subscriber_info)):
2090 #check if the index exists
2091 subId = self.vsg_xos_subscriber_id(index)
2092 if subId and subId != '0':
2093 self.vsg_xos_subscriber_delete(index, subId = subId)
2094 subId = self.vsg_xos_subscriber_create(index)
2095 log.info('Created Subscriber %s' %(subId))
2096
2097 def test_vsg_xos_subscriber_delete_all(self):
2098 for index in xrange(len(self.subscriber_info)):
2099 subId = self.vsg_xos_subscriber_id(index)
2100 if subId and subId != '0':
2101 self.vsg_xos_subscriber_delete(index, subId = subId)
2102
2103 def test_vsg_xos_subscriber_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2104 subId = self.vsg_xos_subscriber_create(0)
2105 if subId and subId != '0':
2106 self.vsg_xos_subscriber_delete(0, subId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2107
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame]2108 def test_vsg_xos_subscriber_2_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2109 subId = self.vsg_xos_subscriber_create(1)
2110 if subId and subId != '0':
2111 self.vsg_xos_subscriber_delete(1, subId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2112
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame]2113 def test_vsg_xos_subscriber_3_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2114 subId = self.vsg_xos_subscriber_create(2)
2115 if subId and subId != '0':
2116 self.vsg_xos_subscriber_delete(2, subId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2117
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame]2118 def test_vsg_xos_subscriber_4_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2119 subId = self.vsg_xos_subscriber_create(3)
2120 if subId and subId != '0':
2121 self.vsg_xos_subscriber_delete(3, subId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2122
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame]2123 def test_vsg_xos_subscriber_5_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2124 subId = self.vsg_xos_subscriber_create(4)
2125 if subId and subId != '0':
2126 self.vsg_xos_subscriber_delete(4, subId)
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]2127
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2128 def test_vsg_with_xos_subscriber_creating_firewall(self,index=4):
2129 log.info('cls.dhcp_vcpes is %s'%self.dhcp_vcpes)
Chetan Gaonker4cff4432017-05-01 17:56:56 +0000[diff] [blame]2130 host = '8.8.8.8'
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2131 self.vsg_xos_subscriber_delete(4, 3)
2132 subId = self.vsg_xos_subscriber_create(index)
2133 if subId and subId != '0':
2134 subscriber_info = self.subscriber_info[index]
2135 volt_subscriber_info = self.volt_subscriber_info[index]
2136 s_tag = int(volt_subscriber_info['voltTenant']['s_tag'])
2137 c_tag = int(volt_subscriber_info['voltTenant']['c_tag'])
2138 vcpe = 'vcpe-{}-{}'.format(s_tag, c_tag)
2139 vcpe_intf = self.dhcp_vcpes[index] #'vcpe{}.{}.{}'.format(s_tag, c_tag)
2140 vsg = VSGAccess.get_vcpe_vsg(vcpe)
2141 try:
2142 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
2143 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2144 assert_equal(st, False)
2145 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe,host))
2146 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2147 assert_equal(st, True)
2148 st,_ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe,host))
2149 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2150 assert_equal(st, False)
2151 finally:
2152 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe,host))
2153 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
2154 vsg.run_cmd('sudo docker restart {}'.format(vcpe))
2155 self.vsg_xos_subscriber_delete(4, subId)
2156 self.vsg_xos_subscriber_delete(4, subId)
Chetan Gaonker4cff4432017-05-01 17:56:56 +0000[diff] [blame]2157
Anil Kumar Sankaf2e10282017-05-08 22:49:39 +0000[diff] [blame]2158 def get_example_service_vm_public_ip(self,vm='mysite_exampleservice'):
2159 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
2160 cmd = "nova list --all-tenants|grep {}|cut -d '|' -f 2".format(vm)
2161 status, nova_id = ssh_agent.run_cmd(cmd)
2162 assert_equal(status, True)
2163 #Get public IP of VM
2164 cmd = 'nova interface-list {} |grep -o -m 1 10\.6\.[[:digit:]]*\.[[:digit:]]*'.format(nova_id)
2165 status, public_ip = ssh_agent.run_cmd(cmd)
2166 assert_equal(status, True)
2167 return public_ip
2168
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2169 def test_onboarding_example_service(self):
2170 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
2171 #Wait for ExampleService VM to come up
2172 cmd = "nova list --all-tenants|grep 'exampleservice.*ACTIVE'"
2173 status, output = ssh_agent.run_cmd(cmd)
2174 assert_equal(status, True)
2175 #Get ID of VM
2176 cmd = "nova list --all-tenants|grep mysite_exampleservice|cut -d '|' -f 2"
2177 status, nova_id = ssh_agent.run_cmd(cmd)
2178 assert_equal(status, True)
2179 #Get mgmt IP of VM
2180 cmd = 'nova interface-list {} |grep -o -m 1 172\.27\.[[:digit:]]*\.[[:digit:]]*'.format(nova_id)
2181 status, mgmt_ip = ssh_agent.run_cmd(cmd)
2182 assert_equal(status, True)
2183 #Get public IP of VM
2184 cmd = 'nova interface-list {} |grep -o -m 1 10\.6\.[[:digit:]]*\.[[:digit:]]*'.format(nova_id)
2185 status, public_ip = ssh_agent.run_cmd(cmd)
2186 assert_equal(status, True)
2187 #Get name of compute node
2188 cmd = "nova service-list|grep nova-compute|cut -d '|' -f 3"
2189 status, compute_node = ssh_agent.run_cmd(cmd)
2190 assert_equal(status, True)
2191 #Wait for Apache to come up inside VM
2192 cmd = "ssh -o ProxyCommand='ssh -W %h:%p -l ubuntu {}' ubuntu@{} 'ls /var/run/apache2/apache2.pid'".fromat(compute_node,mgmt_ip)
2193 #Make sure testclient has default route to vSG
2194 cmd = "lxc exec testclient -- route | grep default | grep eth0.222.111"
2195 status, output = ssh_agent.run_cmd(cmd)
2196 assert_equal(status, True)
2197 cmd = 'lxc exec testclient -- apt-get install -y curl'
2198 status, output = ssh_agent.run_cmd(cmd)
2199 assert_equal(status, True)
2200 #Test connectivity to ExampleService from test client
2201 cmd = 'lxc exec testclient -- curl -s http://{}'.format(public_ip)
2202 status, output = ssh_agent.run_cmd(cmd)
2203 assert_equal(status, True)
2204
2205 def test_vsg_onboarding_example_service(self):
2206 if not vcpe_intf:
2207 vcpe_intf = self.dhcp_vcpes_reserved[0]
2208 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
2209 cmd = "nova list --all-tenants|grep mysite_exampleservice|cut -d '|' -f 2"
2210 status, nova_id = ssh_agent.run_cmd(cmd)
2211 assert_equal(status, True)
2212 #Get public IP of VM
2213 cmd = 'nova interface-list {} |grep -o -m 1 10\.6\.[[:digit:]]*\.[[:digit:]]*'.format(nova_id)
2214 status, public_ip = ssh_agent.run_cmd(cmd)
2215 assert_equal(status, True)
2216 try:
2217 self.add_static_route_via_vcpe_interface([public_ip],vcpe=vcpe_intf)
2218 #curl request from test container
2219 cmd = 'curl -s http://{}'.format(public_ip)
2220 st,_ = getstatusoutput(cmd)
2221 assert_equal(st, True)
2222 finally:
2223 self.del_static_route_via_vcpe_interface([public_ip],vcpe=vcpe_intf)
2224
2225 def test_subscriber_validating_example_service_after_subscriber_interface_toggle(self,vcpe_intf=None):
2226 if not vcpe_intf:
2227 vcpe_intf = self.dhcp_vcpes_reserved[0]
2228 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
2229 #Get public IP of VM
2230 cmd = "nova list --all-tenants|grep mysite_exampleservice|cut -d '|' -f 2"
2231 status, nova_id = ssh_agent.run_cmd(cmd)
2232 assert_equal(status, True)
2233 cmd = 'nova interface-list {} |grep -o -m 1 10\.6\.[[:digit:]]*\.[[:digit:]]*'.format(nova_id)
2234 status, public_ip = ssh_agent.run_cmd(cmd)
2235 assert_equal(status, True)
2236 try:
2237 self.add_static_route_via_vcpe_interface([public_ip],vcpe=vcpe_intf)
2238 #curl request from test container
2239 cmd = 'curl -s http://{}'.format(public_ip)
2240 st,_ = getstatusoutput(cmd)
2241 assert_equal(st, True)
2242 st,_ = getstatusoutput('ifconfig {} down'.format(vcpe_intf))
2243 assert_equal(st, True)
2244 st,_ = getstatusoutput(cmd)
2245 assert_equal(st, True)
2246 finally:
2247 self.del_static_route_via_vcpe_interface([public_ip],vcpe=vcpe_intf)
2248
2249 def test_subscriber_example_service_after_service_restart(self, vcpe_intf=None):
2250 if not vcpe_intf:
2251 vcpe_intf = self.dhcp_vcpes_reserved[0]
2252 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
2253 cmd = "nova list --all-tenants|grep mysite_exampleservice|cut -d '|' -f 2"
2254 status, nova_id = ssh_agent.run_cmd(cmd)
2255 assert_equal(status, True)
2256 #Get public IP of VM
2257 cmd = 'nova interface-list {} |grep -o -m 1 10\.6\.[[:digit:]]*\.[[:digit:]]*'.format(nova_id)
2258 status, public_ip = ssh_agent.run_cmd(cmd)
2259 assert_equal(status, True)
2260 try:
2261 self.add_static_route_via_vcpe_interface([public_ip],vcpe=vcpe_intf)
2262 #curl request from test container
2263 curl_cmd = 'curl -s http://{}'.format(public_ip)
2264 st,_ = getstatusoutput(curl_cmd)
2265 assert_equal(st, True)
2266 #restarting example service VM
2267 cmd = 'nova reset-state {}'.format(nova_id)
2268 status, _ = ssh_agent.run_cmd(cmd)
2269 assert_equal(status, True)
2270 time.sleep(10)
2271 st,_ = getstatusoutput(curl_cmd)
2272 assert_equal(st, True)
2273 finally:
2274 self.del_static_route_via_vcpe_interface([public_ip],vcpe=vcpe_intf)
Chetan Gaonker4cff4432017-05-01 17:56:56 +0000[diff] [blame]2275
Anil Kumar Sankaf2e10282017-05-08 22:49:39 +0000[diff] [blame]2276 def test_vsg_for_subcriber_with_example_service_running_apache_server_after_service_stop(self, vcpe_intf=None):
2277 if not vcpe_intf:
2278 vcpe_intf = self.dhcp_vcpes_reserved[0]
2279 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
2280 cmd = "nova list --all-tenants|grep mysite_exampleservice|cut -d '|' -f 2"
2281 status, nova_id = ssh_agent.run_cmd(cmd)
2282 assert_equal(status, True)
2283 #Get public IP of VM
2284 cmd = 'nova interface-list {} |grep -o -m 1 10\.6\.[[:digit:]]*\.[[:digit:]]*'.format(nova_id)
2285 status, public_ip = ssh_agent.run_cmd(cmd)
2286 assert_equal(status, True)
2287 try:
2288 self.add_static_route_via_vcpe_interface([public_ip],vcpe=vcpe_intf)
2289 #curl request from test container
2290 curl_cmd = 'curl -s http://{}'.format(public_ip)
2291 st,_ = getstatusoutput(curl_cmd)
2292 assert_equal(st, True)
2293 #restarting example service VM
2294 cmd = 'nova stop {}'.format(nova_id)
2295 status, _ = ssh_agent.run_cmd(cmd)
2296 assert_equal(status, True)
2297 time.sleep(1)
2298 st,_ = getstatusoutput(curl_cmd)
2299 assert_equal(st, False)
2300 cmd = 'nova start {}'.format(nova_id)
2301 status, _ = ssh_agent.run_cmd(cmd)
2302 assert_equal(status, True)
2303 time.sleep(1)
2304 st,_ = getstatusoutput(curl_cmd)
2305 assert_equal(st, True)
2306 finally:
2307 self.del_static_route_via_vcpe_interface([public_ip],vcpe=vcpe_intf)
2308
2309 def test_vsg_for_multiple_subcribers_with_same_example_service_running_apache_server(self):
2310 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
2311 cmd = "nova list --all-tenants|grep mysite_exampleservice|cut -d '|' -f 2"
2312 status, nova_id = ssh_agent.run_cmd(cmd)
2313 assert_equal(status, True)
2314 #Get public IP of VM
2315 cmd = 'nova interface-list {} |grep -o -m 1 10\.6\.[[:digit:]]*\.[[:digit:]]*'.format(nova_id)
2316 status, public_ip = ssh_agent.run_cmd(cmd)
2317 assert_equal(status, True)
2318 for vcpe in self.dhcp_vcpes:
2319 self.add_static_route_via_vcpe_interface([public_ip],vcpe=vcpe)
2320 #curl request from test container
2321 curl_cmd = 'curl -s http://{}'.format(public_ip)
2322 st,_ = getstatusoutput(curl_cmd)
2323 assert_equal(st, True)
2324 self.del_static_route_via_vcpe_interface([public_ip],vcpe=vcpe)
2325 time.sleep(1)
2326
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]2327 def test_vsg_for_dns_service(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2328 """
2329 Algo:
2330 1. Create a test client in Prod VM
2331 2. Create a vCPE container in vSG VM inside compute Node
2332 3. Ensure vSG VM and vCPE container created properly
2333 4. Enable dns service in vCPE ( if not by default )
2334 5. Send ping request from test client to valid domain address say, 'www.google'com
2335 6. Verify that dns should resolve ping should success
2336 7. Now send ping request to invalid domain address say 'www.invalidaddress'.com'
2337 8. Verify that dns resolve should fail and hence ping
2338 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2339
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2340 def test_vsg_with_10_subscribers_for_same_service(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2341 """
2342 Algo:
2343 1.Create a vSG VM in compute node
2344 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
2345 3.Ensure vSG VM and vCPE container created properly
2346 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to valid external public IP
2347 5.Verify that ping success for all 10 subscribers
2348 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2349
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2350 def test_vsg_with_subscribers_for_same_service(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2351 """
2352 Algo:
2353 1.Create a vSG VM in compute node
2354 2.Create 100 vCPE containers for 100 subscribers, in vSG VM
2355 3.Ensure vSG VM and vCPE container created properly
2356 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to valid external public IP
2357 5.Verify that ping success for all 100 subscribers
2358 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2359
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2360 def test_vsg_for_packet_received_with_invalid_ip_fields(self):
2361 """
2362 Algo:
2363 1.Create a vSG VM in compute node
2364 2.Create a vCPE container in vSG VM
2365 3.Ensure vSG VM and vCPE container created properly
2366 4.From subscriber, send a ping packet with invalid ip fields
2367 5.Verify that vSG drops the packet
2368 6.Verify ping fails
2369 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2370
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2371 def test_vsg_for_packet_received_with_invalid_mac_fields(self):
2372 """
2373 Algo:
2374 1.Create a vSG VM in compute node
2375 2.Create a vCPE container in vSG VM
2376 3.Ensure vSG VM and vCPE container created properly
2377 4.From subscriber, send a ping packet with invalid mac fields
2378 5.Verify that vSG drops the packet
2379 6.Verify ping fails
2380 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2381
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2382 def test_vsg_for_vlan_id_mismatch_in_stag(self):
2383 """
2384 Algo:
2385 1.Create a vSG VM in compute Node
2386 2.Create a vCPE container in vSG VM
2387 3.Ensure vSG VM and vCPE container created properly
2388 4.Send a ping request to external valid IP from subscriber, with incorrect vlan id in s-tag and valid c-tag
2389 5.Verify that ping fails as the packet drops at VM entry
2390 6.Repeat step 4 with correct s-tag
2391 7.Verify that ping success
2392 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2393
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2394 def test_vsg_for_vlan_id_mismatch_in_ctag(self):
2395 """
2396 Algo:
2397 1.Create a vSG VM in compute node
2398 2.Create a vCPE container in vSG VM
2399 3.Ensure vSG VM and vCPE container created properly
2400 4.Send a ping request to external valid IP from subscriber, with valid s-tag and incorrect vlan id in c-tag
2401 5.Verify that ping fails as the packet drops at vCPE container entry
2402 6.Repeat step 4 with valid s-tag and c-tag
2403 7.Verify that ping success
2404 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2405
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2406 def test_vsg_for_matching_and_mismatching_vlan_id_in_stag(self):
2407 """
2408 Algo:
2409 1.Create two vSG VMs in compute node
2410 2.Create a vCPE container in each vSG VM
2411 3.Ensure vSG VM and vCPE container created properly
2412 4.From subscriber one, send ping request with valid s and c tags
2413 5.From subscriber two, send ping request with vlan id mismatch in s-tag and valid c tags
2414 6.Verify that ping success for only subscriber one and fails for two.
2415 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2416
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2417 def test_vsg_for_matching_and_mismatching_vlan_id_in_ctag(self):
2418 """
2419 Algo:
2420 1.Create a vSG VM in compute node
2421 2.Create two vCPE containers in vSG VM
2422 3.Ensure vSG VM and vCPE container created properly
2423 4.From subscriber one, send ping request with valid s and c tags
2424 5.From subscriber two, send ping request with valid s-tag and vlan id mismatch in c-tag
2425 6.Verify that ping success for only subscriber one and fails for two
2426 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2427
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2428 def test_vsg_for_out_of_range_vlanid_in_ctag(self):
2429 """
2430 Algo:
2431 1.Create a vSG VM in compute node
2432 2.Create a vCPE container in vSG VM
2433 3.Ensure vSG VM and vCPE container created properly
2434 4.From subscriber, send ping request with valid stag and vlan id in c-tag is an out of range value ( like 0,4097 )
2435 4.Verify that ping fails as the ping packets drops at vCPE container entry
2436 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2437
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2438 def test_vsg_for_out_of_range_vlanid_in_stag(self):
2439 """
2440 Algo:
2441 1.Create a vSG VM in compute node
2442 2.Create a vCPE container in vSG VM
2443 3.Ensure vSG VM and vCPE container created properly
2444 2.From subscriber, send ping request with vlan id in s-tag is an out of range value ( like 0,4097 ), with valid c-tag
2445 4.Verify that ping fails as the ping packets drops at vSG VM entry
2446 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2447
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2448 def test_vsg_without_creating_vcpe_instance(self):
2449 """
2450 Algo:
2451 1.Create a vSG VM in compute Node
2452 2.Ensure vSG VM created properly
2453 3.Do not create vCPE container inside vSG VM
2454 4.From a subscriber, send ping to external valid IP
2455 5.Verify that ping fails as the ping packet drops at vSG VM entry itself.
2456 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2457
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2458 def test_vsg_for_remove_vcpe_instance(self):
2459 """
2460 Algo:
2461 1.Create a vSG VM in compute node
2462 2.Create a vCPE container in vSG VM
2463 3.Ensure vSG VM and vCPE container created properly
2464 4.From subscriber, send ping request with valid s-tag and c-tag
2465 5.Verify that ping success
2466 6.Verify ping success flows in OvS switch in compute node
2467 7.Now remove the vCPE container in vSG VM
2468 8.Ensure that the container removed properly
2469 9.Repeat step 4
2470 10.Verify that now, ping fails
2471 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2472
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2473 def test_vsg_for_restarting_vcpe_instance(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2474 """
2475 Algo:
2476 1.Create a vSG VM in compute node
2477 2.Create a vCPE container in vSG VM
2478 3.Ensure vSG VM and vCPE container created properly
2479 4.From subscriber, send ping request with valid s-tag and c-tag
2480 5.Verify that ping success
2481 6.Verify ping success flows in OvS switch in compute node
2482 7.Now restart the vCPE container in vSG VM
2483 8.Ensure that the container came up after restart
2484 9.Repeat step 4
2485 10.Verify that now,ping gets success and flows added in OvS
2486 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2487
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2488 def test_vsg_for_restarting_vsg_vm(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2489 """
2490 Algo:
2491 1.Create a vSG VM in compute node
2492 2.Create a vCPE container in vSG VM
2493 3.Ensure vSG VM and vCPE container created properly
2494 4.From subscriber, send ping request with valid s-tag and c-tag
2495 5.Verify that ping success
2496 6.Verify ping success flows in OvS switch in compute node
2497 7.Now restart the vSG VM
2498 8.Ensure that the vSG comes up properly after restart
2499 9.Verify that vCPE container comes up after vSG restart
2500 10.Repeat step 4
2501 11.Verify that now,ping gets success and flows added in OvS
2502 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2503
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2504 def test_vsg_for_pause_of_vcpe_instance(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2505 """
2506 Algo:
2507 1.Create a vSG VM in compute node
2508 2.Create a vCPE container in vSG VM
2509 3.Ensure vSG VM and vCPE container created properly
2510 4.From subscriber, send ping request with valid s-tag and c-tag
2511 5.Verify that ping success
2512 6.Verify ping success flows in OvS switch in compute node
2513 7.Now pause vCPE container in vSG VM for a while
2514 8.Ensure that the container state is pause
2515 9.Repeat step 4
2516 10.Verify that now,ping fails now and verify flows in OvS
2517 11.Now resume the container
2518 12.Now repeat step 4 again
2519 13.Verify that now, ping gets success
2520 14.Verify ping success flows in OvS
2521 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2522
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2523 def test_vsg_for_extracting_all_compute_stats_from_all_vcpe_containers(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2524 """
2525 Algo:
2526 1.Create a vSG VM in compute node
2527 2.Create 10 vCPE containers in VM
2528 3.Ensure vSG VM and vCPE containers created properly
2529 4.Login to all vCPE containers
2530 4.Get all compute stats from all vCPE containers
2531 5.Verify the stats # verification method need to add
2532 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2533
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2534 def test_vsg_for_extracting_dns_stats_from_all_vcpe_containers(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2535 """
2536 Algo:
2537 1.Create a vSG VM in compute node
2538 2.Create 10 vCPE containers in VM
2539 3.Ensure vSG VM and vCPE containers created properly
2540 4.From 10 subscribers, send ping to valid and invalid dns hosts
2541 5.Verify dns resolves and ping success for valid dns hosts
2542 6.Verify ping fails for invalid dns hosts
2543 7.Verify dns host name resolve flows in OvS
2544 8.Login to all 10 vCPE containers
2545 9.Extract all dns stats
2546 10.Verify dns stats for queries sent, queries received for dns host resolve success and failed scenarios
2547 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2548
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2549 def test_subscriber_access_for_two_vsg_services(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2550 """
2551 # Intention is to verify if subscriber can reach internet via two vSG VMs
2552 Algo:
2553 1.Create two vSG VMs for two services in compute node
2554 2.Create one vCPE container in each VM for one subscriber
2555 3.Ensure VMs and containers created properly
2556 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2557 5.Verify ping gets success
2558 6.Verify ping success flows in OvS
2559 7.Now repeat step 4 with stag corresponds to vSG-2 VM
2560 8.Verify that ping again success
2561 9.Verify ping success flows in OvS
2562 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2563
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2564 def test_subscriber_access_if_vsg1_goes_down(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2565 """
2566 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
2567 Algo:
2568 1.Create two vSG VMs for two services in compute node
2569 2.Create one vCPE container in each VM for one subscriber
2570 3.Ensure VMs and containers created properly
2571 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2572 5.Verify ping gets success
2573 6.Verify ping success flows in OvS
2574 7.Down the vSG-1 VM
2575 8.Now repeat step 4
2576 9.Verify that ping fails as vSG-1 is down
2577 10.Repeat step 4 with stag corresponding to vSG-2
2578 9.Verify ping success and flows added in OvS
2579 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2580
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2581 def test_subscriber_access_if_vsg2_goes_down(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2582 """
2583 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
2584 Algo:
2585 1.Create two vSG VMs for two services in compute node
2586 2.Create one vCPE container in each VM for one subscriber
2587 3.Ensure VMs and containers created properly
2588 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2589 5.Verify ping gets success
2590 6.Verify ping success flows added in OvS
2591 7.Now restart vSG-1 VM
2592 8.Now repeat step 4 while vSG-1 VM restarts
2593 9.Verify that ping fails as vSG-1 is restarting
2594 10.Repeat step 4 with stag corresponding to vSG-2 while vSG-1 VM restarts
2595 11.Verify ping success and flows added in OvS
2596 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2597
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2598 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_going_down(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2599 """
2600 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
2601 Algo:
2602 1.Create a vSG VM in compute node
2603 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2604 3.Ensure VM and containers created properly
2605 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2606 5.Verify ping gets success
2607 6.Verify ping success flows added in OvS
2608 7.Now stop vCPE-1 container
2609 8.Now repeat step 4
2610 9.Verify that ping fails as vCPE-1 container is down
2611 10.Repeat step 4 with ctag corresponding to vCPE-2 container
2612 11.Verify ping success and flows added in OvS
2613 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2614
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2615 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_restart(self):
2616 """
2617 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
2618 Algo:
2619 1.Create a vSG VM in compute node
2620 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2621 3.Ensure VM and containers created properly
2622 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2623 5.Verify ping gets success
2624 6.Verify ping success flows added in OvS
2625 7.Now restart vCPE-1 container
2626 8.Now repeat step 4 while vCPE-1 restarts
2627 9.Verify that ping fails as vCPE-1 container is restarts
2628 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 restarts
2629 11..Verify ping success and flows added in OvS
2630 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2631
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2632 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_paused(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2633 """
2634 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 paused
2635 Algo:
2636 1.Create a vSG VM in compute node
2637 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2638 3.Ensure VM and containers created properly
2639 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2640 5.Verify ping gets success
2641 6.Verify ping success flows added in OvS
2642 7.Now pause vCPE-1 container
2643 8.Now repeat step 4 while vCPE-1 in pause state
2644 9.Verify that ping fails as vCPE-1 container in pause state
2645 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 in pause state
2646 11.Verify ping success and flows added in OvS
2647 """
2648 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_removed(self):
2649 """
2650 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 removed
2651 Algo:
2652 1.Create a vSG VM in compute node
2653 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2654 3.Ensure VM and containers created properly
2655 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2656 5.Verify ping gets success
2657 6.Verify ping success flows added in OvS
2658 7.Now remove vCPE-1 container
2659 8.Now repeat step 4
2660 9.Verify that ping fails as vCPE-1 container removed
2661 10.Repeat step 4 with ctag corresponding to vCPE-2 container
2662 11.Verify ping success and flows added in OvS
2663 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2664
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2665 def test_vsg_for_vcpe_instance_removed_and_added_again(self):
2666 """
2667 Algo:
2668 1.Create a vSG VM in compute node
2669 2.Create a vCPE container in vSG VM
2670 3.Ensure VM and containers created properly
2671 4.From subscriber end, send ping to public IP
2672 5.Verify ping gets success
2673 6.Verify ping success flows added in OvS
2674 7.Now remove vCPE container in vSG VM
2675 8.Now repeat step 4
2676 9.Verify that ping fails as vCPE container removed
2677 10.Create the vCPE container again for the same subscriber
2678 11.Ensure that vCPE created now
2679 12.Now repeat step 4
2680 13.Verify ping success and flows added in OvS
2681 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2682
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2683 def test_vsg_for_vsg_vm_removed_and_added_again(self):
2684 """
2685 Algo:
2686 1.Create a vSG VM in compute node
2687 2.Create a vCPE container in vSG VM
2688 3.Ensure VM and containers created properly
2689 4.From subscriber end, send ping to public IP
2690 5.Verify ping gets success
2691 6.Verify ping success flows added in OvS
2692 7.Now remove vSG VM
2693 8.Now repeat step 4
2694 9.Verify that ping fails as vSG VM not exists
2695 10.Create the vSG VM and vCPE container in VM again
2696 11.Ensure that vSG and vCPE created
2697 12.Now repeat step 4
2698 13.Verify ping success and flows added in OvS
2699 """
2700
2701 #Test vSG - Subscriber Configuration
2702 def test_vsg_for_configuring_new_subscriber_in_vcpe(self):
2703 """
2704 Algo:
2705 1.Create a vSG VM in compute node
2706 2.Create a vCPE container in vSG VM
2707 3.Ensure VM and containers created properly
2708 4.Configure a subscriber in XOS and assign a service id
2709 5.Set the admin privileges to the subscriber
2710 6.Verify subscriber configuration is success
2711 """
2712 def test_vsg_for_adding_subscriber_devices_in_vcpe(self):
2713 """
2714 Algo:
2715 1.Create a vSG VM in compute node
2716 2.Create a vCPE container in vSG VM
2717 3.Ensure VM and containers created properly
2718 4.Configure a subscriber in XOS and assign a service id
2719 5.Verify subscriber successfully configured in vCPE
2720 6.Now add devices( Mac addresses ) under the subscriber admin group
2721 7.Verify all devices ( Macs ) added successfully
2722 """
2723 def test_vsg_for_removing_subscriber_devices_in_vcpe(self):
2724 """
2725 Algo:
2726 1.Create a vSG VM in compute node
2727 2.Create a vCPE container in vSG VM
2728 3.Ensure VM and containers created properly
2729 4.Configure a subscriber in XOS and assign a service id
2730 5.Verify subscriber successfully configured
2731 6.Now add devices( Mac addresses ) under the subscriber admin group
2732 7.Verify all devices ( Macs ) added successfully
2733 8.Now remove All the added devices in XOS
2734 9.Verify all the devices removed
2735 """
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2736 def test_vsg_modifying_subscriber_devices_in_vcpe(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2737 """
2738 Algo:
2739 1.Create a vSG VM in compute node
2740 2.Create a vCPE container in vSG VM
2741 3.Ensure VM and containers created properly
2742 4.Configure a user in XOS and assign a service id
2743 5.Verify subscriber successfully configured in vCPE.
2744 6.Now add devices( Mac addresses ) under the subscriber admin group
2745 7.Verify all devices ( Macs ) added successfully
2746 8.Now remove few devices in XOS
2747 9.Verify devices removed successfully
2748 10.Now add few additional devices in XOS under the same subscriber admin group
2749 11.Verify newly added devices successfully added
2750 """
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2751 def test_vsg_for_vcpe_login_failing_with_incorrect_subscriber_credentials(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2752 """
2753 Algo:
2754 1.Create a vSG VM in compute node
2755 2.Create a vCPE container in vSG VM
2756 3.Ensure VM and containers created properly
2757 4.Configure a subscriber in XOS and assign a service id
2758 5.Verify subscriber successfully configured
2759 6.Now add devices( Mac addresses ) under the subscriber admin group
2760 7.Verify all devices ( Macs ) added successfully
2761 8.Login vCPE with credentials with which subscriber configured
2762 9.Verify subscriber successfully logged in
2763 10.Logout and login again with incorrect credentials ( either user name or password )
2764 11.Verify login attempt to vCPE fails wtih incorrect credentials
2765 """
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2766 def test_vsg_for_subscriber_configuration_in_vcpe_after_vcpe_restart(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2767 """
2768 Algo:
2769 1.Create a vSG VM in compute node
2770 2.Create a vCPE container in vSG VM
2771 3.Ensure VM and containers created properly
2772 4.Configure a subscriber in XOS and assign a service id
2773 5.Verify subscriber successfully configured
2774 6.Now add devices( Mac addresses ) under the subscriber admin group
2775 7.Verify all devices ( Macs ) added successfully
2776 8.Restart vCPE ( locate backup config path while restart )
2777 9.Verify subscriber details in vCPE after restart should be same as before the restart
2778 """
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2779 def test_vsg_creating_multiple_vcpe_instances_and_configuring_subscriber_in_each_instance(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2780 """
2781 Algo:
2782 1.Create a vSG VM in compute node
2783 2.Create 2 vCPE containers in vSG VM
2784 3.Ensure VM and containers created properly
2785 4.Configure a subscriber in XOS for each vCPE instance and assign a service id
2786 5.Verify subscribers successfully configured
2787 6.Now login vCPE-2 with subscriber-1 credentials
2788 7.Verify login fails
2789 8.Now login vCPE-1 with subscriber-2 credentials
2790 9.Verify login fails
2791 10.Now login vCPE-1 with subscriber-1 and vCPE-2 with subscriber-2 credentials
2792 11.Verify that both the subscribers able to login to their respective vCPE containers
2793 """
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2794 def test_vsg_for_same_subscriber_configuring_multiple_services(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2795 """
2796 Algo:
2797 1.Create 2 vSG VMs in compute node
2798 2.Create a vCPE container in each vSG VM
2799 3.Ensure VMs and containers created properly
2800 4.Configure same subscriber in XOS for each vCPE instance and assign a service id
2801 5.Verify subscriber successfully configured
2802 6.Now login vCPE-1 with subscriber credentials
2803 7.Verify login success
2804 8.Now login vCPE-2 with the same subscriber credentials
2805 9.Verify login success
2806 """
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2807 #vCPE Firewall Functionality
2808 def test_vsg_firewall_for_creating_acl_rule_based_on_source_ip(self):
2809 """
2810 Algo:
2811 1.Create a vSG VM in compute node
2812 2.Create vCPE container in the VM
2813 3.Ensure vSG VM and vCPE container created properly
2814 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
2815 5.Bound the acl rule to WAN interface of vCPE
2816 6.Verify configuration in vCPE is success
2817 8.Verify flows added in OvS
2818 """
2819 def test_vsg_firewall_for_creating_acl_rule_based_on_destination_ip(self):
2820 """
2821 Algo:
2822 1.Create a vSG VM in compute node
2823 2.Create vCPE container in the VM
2824 3.Ensure vSG VM and vCPE container created properly
2825 4.Configure ac acl rule in vCPE to deny IP traffic to a destination ip
2826 5.Bound the acl rule to WAN interface of vCPE
2827 6.Verify configuration in vCPE is success
2828 8.Verify flows added in OvS
2829 """
2830 def test_vsg_firewall_for_acl_deny_rule_based_on_source_ip_traffic(self):
2831 """
2832 Algo:
2833 1.Create a vSG VM in compute node
2834 2.Create vCPE container in the VM
2835 3.Ensure vSG VM and vCPE container created properly
2836 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
2837 5.Bound the acl rule to WAN interface of vCPE
2838 6.From subscriber, send ping to the denied IP address
2839 7.Verify that ping fails as vCPE denies ping response
2840 8.Verify flows added in OvS
2841 """
2842 def test_vsg_firewall_for_acl_deny_rule_based_on_destination_ip_traffic(self):
2843 """
2844 Algo:
2845 1.Create a vSG VM in compute node
2846 2.Create vCPE container in the VM
2847 3.Ensure vSG VM and vCPE container created properly
2848 4.Configure ac acl rule in vCPE to deny IP traffic to a destination IP
2849 5.Bound the acl rule to WAN interface of vCPE
2850 6.From subscriber, send ping to the denied IP address
2851 7.Verify that ping fails as vCPE drops the ping request at WAN interface
2852 8.Verify flows added in OvS
2853 """
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]2854
2855 def test_vsg_dnsmasq(self):
2856 pass
2857
2858 def test_vsg_with_external_parental_control_family_shield_for_filter(self):
2859 pass
2860
2861 def test_vsg_with_external_parental_control_with_answerx(self):
2862 pass
2863
2864 def test_vsg_for_subscriber_upstream_bandwidth(self):
2865 pass
2866
2867 def test_vsg_for_subscriber_downstream_bandwidth(self):
2868 pass
2869
2870 def test_vsg_for_diagnostic_run_of_traceroute(self):
2871 pass
2872
2873 def test_vsg_for_diagnostic_run_of_tcpdump(self):
2874 pass
2875
2876 def test_vsg_for_iptable_rules(self):
2877 pass
2878
2879 def test_vsg_for_iptables_with_neutron(self):
2880 pass