Gitiles
Code Review Sign In
gerrit.opencord.org / cord-tester / 5d30b3c5a276b57390eebcfa7c00cfe32b44e60a / . / src / test / vsg / vsgTest.py
blob: 070e3f8396d827ea63f778e4bcd751322007c1e7 [file] [log] [blame]
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]1#copyright 2016-present Ciena Corporation
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14#
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]15import time
16import os
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]17import sys
18import json
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]19from nose.tools import *
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]20from twisted.internet import defer
21from nose.twistedtools import reactor, deferred
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]22from CordTestUtils import *
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]23from OltConfig import OltConfig
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]24from onosclidriver import OnosCliDriver
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]25from SSHTestAgent import SSHTestAgent
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]26from CordLogger import CordLogger
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]27from VSGAccess import VSGAccess
A R Karthick933f5b52017-03-27 15:27:16 -0700[diff] [blame]28from CordTestUtils import log_test as log
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]29from CordTestConfig import setup_module, running_on_ciab
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]30from OnosCtrl import OnosCtrl
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]31
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]32log.setLevel('INFO')
33
34class vsg_exchange(CordLogger):
35 ONOS_INSTANCES = 3
36 V_INF1 = 'veth0'
37 device_id = 'of:' + get_mac()
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]38 TEST_IP = '8.8.8.8'
39 HOST = "10.1.0.1"
40 USER = "vagrant"
41 PASS = "vagrant"
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]42 head_node = os.getenv('HEAD_NODE', 'prod')
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]43 HEAD_NODE = head_node + '.cord.lab' if len(head_node.split('.')) == 1 else head_node
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]44 test_path = os.path.dirname(os.path.realpath(__file__))
45 olt_conf_file = os.path.join(test_path, '..', 'setup/olt_config.json')
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]46 restApiXos = None
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]47 subscriber_account_num = 200
48 subscriber_s_tag = 304
49 subscriber_c_tag = 304
50 subscribers_per_s_tag = 8
51 subscriber_map = {}
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]52 subscriber_info = []
53 volt_subscriber_info = []
A R Karthick9a16a112017-04-07 15:40:05 -0700[diff] [blame]54 restore_methods = []
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]55 TIMEOUT=120
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]56 FABRIC_PORT_HEAD_NODE = 1
57 FABRIC_PORT_COMPUTE_NODE = 2
58 APP_NAME = 'org.ciena.xconnect'
59 APP_FILE = os.path.join(test_path, '..', 'apps/xconnect-1.0-SNAPSHOT.oar')
A.R Karthick50f4d9a2017-04-20 16:44:19 -0700[diff] [blame]60 NUM_SUBSCRIBERS = 5
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]61
62 @classmethod
63 def getSubscriberCredentials(cls, subId):
64 """Generate our own account num, s_tag and c_tags"""
65 if subId in cls.subscriber_map:
66 return cls.subscriber_map[subId]
67 account_num = cls.subscriber_account_num
68 cls.subscriber_account_num += 1
69 s_tag, c_tag = cls.subscriber_s_tag, cls.subscriber_c_tag
70 cls.subscriber_c_tag += 1
71 if cls.subscriber_c_tag % cls.subscribers_per_s_tag == 0:
72 cls.subscriber_s_tag += 1
73 cls.subscriber_map[subId] = account_num, s_tag, c_tag
74 return cls.subscriber_map[subId]
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]75
76 @classmethod
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]77 def getXosCredentials(cls):
78 onos_cfg = OnosCtrl.get_config()
79 if onos_cfg is None:
80 return None
81 if 'apps' in onos_cfg and \
82 'org.opencord.vtn' in onos_cfg['apps'] and \
83 'cordvtn' in onos_cfg['apps']['org.opencord.vtn'] and \
84 'xos' in onos_cfg['apps']['org.opencord.vtn']['cordvtn']:
85 xos_cfg = onos_cfg['apps']['org.opencord.vtn']['cordvtn']['xos']
86 endpoint = xos_cfg['endpoint']
87 user = xos_cfg['user']
88 password = xos_cfg['password']
89 xos_endpoints = endpoint.split(':')
90 xos_host = xos_endpoints[1][len('//'):]
91 xos_port = xos_endpoints[2][:-1]
92 #log.info('xos_host: %s, port: %s, user: %s, password: %s' %(xos_host, xos_port, user, password))
93 return dict(host = xos_host, port = xos_port, user = user, password = password)
94
95 return None
96
97 @classmethod
A.R Karthick50f4d9a2017-04-20 16:44:19 -0700[diff] [blame]98 def getSubscriberConfig(cls, num_subscribers):
99 features = {
100 'cdn': True,
101 'uplink_speed': 1000000000,
102 'downlink_speed': 1000000000,
103 'uverse': True,
104 'status': 'enabled'
105 }
106 subscriber_map = []
107 for i in xrange(num_subscribers):
108 subId = 'sub{}'.format(i)
109 account_num, _, _ = cls.getSubscriberCredentials(subId)
110 identity = { 'account_num' : str(account_num),
111 'name' : 'My House {}'.format(i)
112 }
113 sub_info = { 'features' : features,
114 'identity' : identity
115 }
116 subscriber_map.append(sub_info)
117
118 return subscriber_map
119
120 @classmethod
121 def getVoltSubscriberConfig(cls, num_subscribers):
122 voltSubscriberMap = []
123 for i in xrange(num_subscribers):
124 subId = 'sub{}'.format(i)
125 account_num, s_tag, c_tag = cls.getSubscriberCredentials(subId)
126 voltSubscriberInfo = {}
127 voltSubscriberInfo['voltTenant'] = dict(s_tag = str(s_tag),
128 c_tag = str(c_tag),
129 subscriber = '')
130 voltSubscriberInfo['account_num'] = account_num
131 voltSubscriberMap.append(voltSubscriberInfo)
132
133 return voltSubscriberMap
134
135 @classmethod
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]136 def setUpCordApi(cls):
137 our_path = os.path.dirname(os.path.realpath(__file__))
138 cord_api_path = os.path.join(our_path, '..', 'cord-api')
139 framework_path = os.path.join(cord_api_path, 'Framework')
140 utils_path = os.path.join(framework_path, 'utils')
141 data_path = os.path.join(cord_api_path, 'Tests', 'data')
142 subscriber_cfg = os.path.join(data_path, 'Subscriber.json')
143 volt_tenant_cfg = os.path.join(data_path, 'VoltTenant.json')
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]144 num_subscribers = max(cls.NUM_SUBSCRIBERS, 5)
145 cls.subscriber_info = cls.getSubscriberConfig(num_subscribers)
146 cls.volt_subscriber_info = cls.getVoltSubscriberConfig(num_subscribers)
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]147
148 sys.path.append(utils_path)
149 sys.path.append(framework_path)
150 from restApi import restApi
151 restApiXos = restApi()
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]152 xos_credentials = cls.getXosCredentials()
153 if xos_credentials is None:
154 restApiXos.controllerIP = cls.HEAD_NODE
155 restApiXos.controllerPort = '9000'
156 else:
157 restApiXos.controllerIP = xos_credentials['host']
158 restApiXos.controllerPort = xos_credentials['port']
159 restApiXos.user = xos_credentials['user']
160 restApiXos.password = xos_credentials['password']
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]161 cls.restApiXos = restApiXos
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]162
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]163 @classmethod
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]164 def getVoltId(cls, result, subId):
165 if type(result) is not type([]):
166 return None
167 for tenant in result:
168 if str(tenant['subscriber']) == str(subId):
169 return str(tenant['id'])
170 return None
171
172 @classmethod
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]173 def closeVCPEAccess(cls, volt_subscriber_info):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame^]174 OnosCtrl.uninstall_app(cls.APP_NAME, onos_ip = cls.HEAD_NODE)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]175
176 @classmethod
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]177 def openVCPEAccess(cls, volt_subscriber_info):
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]178 """
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]179 This code is used to configure leaf switch for head node access to compute node over fabric.
180 Care is to be taken to avoid overwriting existing/default vcpe flows.
181 The access is opened for generated subscriber info which should not overlap.
182 We target the fabric onos instance on head node.
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]183 """
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]184 OnosCtrl.install_app(cls.APP_FILE, onos_ip = cls.HEAD_NODE)
185 time.sleep(2)
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]186 s_tags = map(lambda tenant: int(tenant['voltTenant']['s_tag']), volt_subscriber_info)
187 #only get unique vlan tags
188 s_tags = list(set(s_tags))
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]189 devices = OnosCtrl.get_device_ids(controller = cls.HEAD_NODE)
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]190 if devices:
191 device_config = {}
192 for device in devices:
193 device_config[device] = []
194 for s_tag in s_tags:
195 xconnect_config = {'vlan': s_tag, 'ports' : [ cls.FABRIC_PORT_HEAD_NODE, cls.FABRIC_PORT_COMPUTE_NODE ] }
196 device_config[device].append(xconnect_config)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]197
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]198 cfg = { 'apps' : { 'org.ciena.xconnect' : { 'xconnectTestConfig' : device_config } } }
199 OnosCtrl.config(cfg, controller = cls.HEAD_NODE)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]200
201 @classmethod
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]202 def setUpClass(cls):
203 cls.controllers = get_controllers()
204 cls.controller = cls.controllers[0]
205 cls.cli = None
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]206 cls.on_pod = running_on_pod()
207 cls.on_ciab = running_on_ciab()
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]208 cls.olt = OltConfig(olt_conf_file = cls.olt_conf_file)
209 cls.vcpes = cls.olt.get_vcpes()
210 cls.vcpes_dhcp = cls.olt.get_vcpes_by_type('dhcp')
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]211 cls.vcpes_reserved = cls.olt.get_vcpes_by_type('reserved')
212 cls.dhcp_vcpes_reserved = [ 'vcpe{}.{}.{}'.format(i, cls.vcpes_reserved[i]['s_tag'], cls.vcpes_reserved[i]['c_tag'])
213 for i in xrange(len(cls.vcpes_reserved)) ]
214 cls.untagged_dhcp_vcpes_reserved = [ 'vcpe{}'.format(i) for i in xrange(len(cls.vcpes_reserved)) ]
215 cls.container_vcpes_reserved = [ 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag']) for vcpe in cls.vcpes_reserved ]
216 vcpe_dhcp_reserved = None
217 vcpe_container_reserved = None
218 if cls.vcpes_reserved:
219 vcpe_dhcp_reserved = cls.dhcp_vcpes_reserved[0]
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]220 if cls.on_pod is False:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]221 vcpe_dhcp_reserved = cls.untagged_dhcp_vcpes_reserved[0]
222 vcpe_container_reserved = cls.container_vcpes_reserved[0]
223
224 cls.vcpe_dhcp_reserved = vcpe_dhcp_reserved
225 cls.vcpe_container_reserved = vcpe_container_reserved
226 dhcp_vcpe_offset = len(cls.vcpes_reserved)
A R Karthick927129c2017-04-25 14:08:02 -0700[diff] [blame]227 cls.dhcp_vcpes = [ 'vcpe{}.{}.{}'.format(i+dhcp_vcpe_offset, cls.vcpes_dhcp[i]['s_tag'], cls.vcpes_dhcp[i]['c_tag'])
228 for i in xrange(len(cls.vcpes_dhcp)) ]
229 cls.untagged_dhcp_vcpes = [ 'vcpe{}'.format(i+dhcp_vcpe_offset) for i in xrange(len(cls.vcpes_dhcp)) ]
230 cls.container_vcpes = [ 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag']) for vcpe in cls.vcpes_dhcp ]
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]231 vcpe_dhcp = None
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]232 vcpe_container = None
233 #cache the first dhcp vcpe in the class for quick testing
234 if cls.vcpes_dhcp:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]235 vcpe_container = cls.container_vcpes[0]
236 vcpe_dhcp = cls.dhcp_vcpes[0]
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]237 if cls.on_pod is False:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]238 vcpe_dhcp = cls.untagged_dhcp_vcpes[0]
239 cls.vcpe_container = vcpe_container_reserved or vcpe_container
240 cls.vcpe_dhcp = vcpe_dhcp_reserved or vcpe_dhcp
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]241 VSGAccess.setUp()
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]242 cls.setUpCordApi()
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]243 if cls.on_pod is True:
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]244 cls.openVCPEAccess(cls.volt_subscriber_info)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]245
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]246 @classmethod
247 def tearDownClass(cls):
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]248 VSGAccess.tearDown()
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]249 if cls.on_pod is True:
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]250 cls.closeVCPEAccess(cls.volt_subscriber_info)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]251
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]252 def cliEnter(self, controller = None):
253 retries = 0
254 while retries < 30:
255 self.cli = OnosCliDriver(controller = controller, connect = True)
256 if self.cli.handle:
257 break
258 else:
259 retries += 1
260 time.sleep(2)
261
262 def cliExit(self):
263 self.cli.disconnect()
264
265 def onos_shutdown(self, controller = None):
266 status = True
267 self.cliEnter(controller = controller)
268 try:
269 self.cli.shutdown(timeout = 10)
270 except:
271 log.info('Graceful shutdown of ONOS failed for controller: %s' %controller)
272 status = False
273
274 self.cliExit()
275 return status
276
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]277 def log_set(self, level = None, app = 'org.onosproject'):
278 CordLogger.logSet(level = level, app = app, controllers = self.controllers, forced = True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]279
A R Karthick9a16a112017-04-07 15:40:05 -0700[diff] [blame]280 @classmethod
281 def get_dhcp(cls, vcpe, mgmt = 'eth0'):
282 """Get DHCP for vcpe interface saving management settings"""
283
284 def put_dhcp():
285 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
286
287 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
288 if vcpe_ip is not None:
289 cls.restore_methods.append(put_dhcp)
290 return vcpe_ip
291
292 @classmethod
293 def config_restore(cls):
294 """Restore the vsg test configuration on test case failures"""
295 for restore_method in cls.restore_methods:
296 restore_method()
297
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]298 def get_vsg_vcpe_pair(self):
299 vcpes = self.vcpes_dhcp
300 vcpe_containers = []
301 vsg_vcpe = {}
302 for vcp in vcpes:
303 vcpe_container = 'vcpe-{}-{}'.format(vcp['s_tag'], vcp['c_tag'])
304 vcpe_containers.append(vcpe_container)
305 vsg = VSGAccess.get_vcpe_vsg(vcpe_container)
306 vsg_vcpe[vcpe_container]=str(vsg.get_ip())
307 return vsg_vcpe
308
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]309 def get_vcpe_containers_and_interfaces(self):
310 vcpe_containers = {}
311 vcpe_interfaces = []
312 vcpes = self.vcpes_dhcp
313 count = 0
314 for vcpe in vcpes:
315 vcpe_intf = 'vcpe{}.{}.{}'.format(count,vcpe['s_tag'],vcpe['c_tag'])
316 vcpe_interfaces.append(vcpe_intf)
317 vcpe_container = 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag'])
318 vcpe_containers[vcpe_intf] = vcpe_container
319 count += 1
320 log.info('vcpe interfaces are %s'%vcpe_interfaces)
321 log.info('vcpe containers are %s'%vcpe_containers)
322 return vcpe_interfaces,vcpe_containers
323
324 def get_vcpe_interface_dhcp_ip(self,vcpe=None):
325 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]326 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]327 st, _ = getstatusoutput('dhclient {}'.format(vcpe))
328 vcpe_ip = get_ip(vcpe)
329 return vcpe_ip
330
331 def release_vcpe_interface_dhcp_ip(self,vcpe=None):
332 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]333 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]334 st, _ = getstatusoutput('dhclient {} -r'.format(vcpe))
335 vcpe_ip = get_ip(vcpe)
336 assert_equal(vcpe_ip, None)
337
338 def add_static_route_via_vcpe_interface(self, routes, vcpe=None,dhcp_ip=True):
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]339 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]340 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]341 if dhcp_ip:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]342 os.system('dhclient '+vcpe)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]343 time.sleep(1)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]344 for route in routes:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]345 log.info('route is %s'%route)
346 cmd = 'ip route add ' + route + ' via 192.168.0.1 '+ 'dev ' + vcpe
347 cmds.append(cmd)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]348 for cmd in cmds:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]349 os.system(cmd)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]350 return True
351
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]352 def del_static_route_via_vcpe_interface(self,routes,vcpe=None,dhcp_release=True):
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]353 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]354 vcpe = self.vcpe_dhcp
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]355 cmds = []
356 for route in routes:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]357 cmd = 'ip route del ' + route + ' via 192.168.0.1 ' + 'dev ' + vcpe
358 os.system(cmd)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]359 if dhcp_release:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]360 os.system('dhclient '+vcpe+' -r')
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]361 return True
362
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]363 def test_vsg_multiple_subscribers_for_same_vcpe_instace(self):
364 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
365 for vcpe in vcpe_intfs:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]366 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
367 assert_not_equal(vcpe_ip,None)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]368 for vcpe in vcpe_intfs:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]369 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]370
371 def test_vsg_multiple_subscribers_for_same_vcpe_instance_ping_to_external_connectivity(self):
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]372 host = '8.8.8.8'
373 vcpe_intfs, containers = self.get_vcpe_containers_and_interfaces()
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]374 for vcpe in vcpe_intfs:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]375 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
376 assert_not_equal(vcpe_ip,None)
377 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe,dhcp_ip=False)
378 st, _ = getstatusoutput('ping -I {} -c 3 {}'.format(vcpe,host))
379 assert_equal(st, 0)
380 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe,dhcp_release=False)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]381 for vcpe in vcpe_intfs:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]382 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]383
384 def test_vsg_vcpe_interface_gets_dhcp_ip_after_interface_toggle(self):
385 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
386 for vcpe in vcpe_intfs:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]387 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
388 assert_not_equal(vcpe_ip,None)
389 os.system('ifconfig {} down'.format(vcpe))
390 time.sleep(1)
391 os.system('ifconfig {} up'.format(vcpe))
392 time.sleep(1)
393 vcpe_ip2 = get_ip(vcpe)
394 assert_equal(vcpe_ip2,vcpe_ip)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]395 for vcpe in vcpe_intfs:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]396 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]397
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]398 def test_vsg_health(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]399 """
400 Algo:
401 1. Login to compute node VM
402 2. Get all vSGs
403 3. Ping to all vSGs
404 4. Verifying Ping success
405 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]406 status = True
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]407 if self.on_pod is True:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]408 status = VSGAccess.health_check()
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]409 assert_equal(status, True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]410
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]411 def test_vsg_health_check(self, vsg_name='mysite_vsg-1', verify_status=True):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]412 """
413 Algo:
414 1. If vsg name not specified, Get vsg corresponding to vcpe
415 1. Login to compute mode VM
416 3. Ping to the vSG
417 4. Verifying Ping success
418 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]419 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]420 return
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]421 if not vsg_name:
422 vcpe = self.vcpe_container
423 vsg = VSGAccess.get_vcpe_vsg(vcpe)
424 status = vsg.get_health()
425 assert_equal(status, verify_status)
426 else:
427 vsgs = VSGAccess.get_vsgs()
428 status = None
429 for vsg in vsgs:
430 if vsg.name == vsg_name:
431 status = vsg.get_health()
432 log.info('vsg health check status is %s'%status)
433 assert_equal(status,verify_status)
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]434
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]435 @deferred(TIMEOUT)
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]436 def test_vsg_for_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]437 """
438 Algo:
439 1. Get list of all compute nodes created using Openstack
440 2. Login to compute mode VM
441 3. Get all vSGs
442 4. Verifying atleast one compute node and one vSG created
443 """
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]444 df = defer.Deferred()
445 def vsg_for_vcpe_df(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]446 if self.on_pod is True:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]447 vsgs = VSGAccess.get_vsgs()
448 compute_nodes = VSGAccess.get_compute_nodes()
449 time.sleep(14)
450 assert_not_equal(len(vsgs), 0)
451 assert_not_equal(len(compute_nodes), 0)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]452 df.callback(0)
453 reactor.callLater(0,vsg_for_vcpe_df,df)
454 return df
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]455
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]456 def test_vsg_for_login(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]457 """
458 Algo:
459 1. Login to compute node VM
460 2. Get all vSGs
461 3. Verifying login to vSG is success
462 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]463 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]464 return
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]465 vsgs = VSGAccess.get_vsgs()
466 vsg_access_status = map(lambda vsg: vsg.check_access(), vsgs)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]467 status = filter(lambda st: st == False, vsg_access_status)
468 assert_equal(len(status), 0)
469
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]470 def test_vsg_for_default_route_through_testclient(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]471 """
472 Algo:
473 1. Login to head node
474 2. Verifying for default route in lxc test client
475 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]476 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]477 return
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]478 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
479 cmd = "sudo lxc exec testclient -- route | grep default"
480 status, output = ssh_agent.run_cmd(cmd)
481 assert_equal(status, True)
482
483 def test_vsg_for_external_connectivity_through_testclient(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]484 """
485 Algo:
486 1. Login to head node
487 2. On head node, executing ping to 8.8.8.8 from lxc test client
488 3. Verifying for the ping success
489 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]490 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]491 return
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]492 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
493 cmd = "lxc exec testclient -- ping -c 3 8.8.8.8"
494 status, output = ssh_agent.run_cmd(cmd)
495 assert_equal( status, True)
496
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]497 def vsg_for_external_connectivity(self, subscriber_index, reserved = False):
498 if reserved is True:
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]499 if self.on_pod is True:
500 vcpe = self.dhcp_vcpes_reserved[subscriber_index]
501 else:
502 vcpe = self.untagged_dhcp_vcpes_reserved[subscriber_index]
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]503 else:
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]504 if self.on_pod is True:
505 vcpe = self.dhcp_vcpes[subscriber_index]
506 else:
507 vcpe = self.untagged_dhcp_vcpes[subscriber_index]
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]508 mgmt = 'eth0'
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]509 host = '8.8.8.8'
510 self.success = False
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]511 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]512 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]513 assert_not_equal(vcpe_ip, None)
514 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
515 log.info('Sending icmp echo requests to external network 8.8.8.8')
516 st, _ = getstatusoutput('ping -c 3 8.8.8.8')
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]517 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]518 assert_equal(st, 0)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]519
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]520 def test_vsg_for_external_connectivity(self):
521 """
522 Algo:
523 1. Get dhcp IP to vcpe interface in cord-tester
524 2. Verifying vcpe interface gets dhcp IP
525 3. Ping to 8.8.8.8 and Verifying ping should success
526 4. Restoring management interface configuration in cord-tester
527 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]528 reserved = True
529 if self.on_pod:
530 reserved = self.on_ciab
531 self.vsg_for_external_connectivity(0, reserved = reserved)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]532
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]533 def test_vsg_for_external_connectivity_to_google(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]534 """
535 Algo:
536 1. Get dhcp IP to vcpe interface in cord-tester
537 2. Verifying vcpe interface gets dhcp IP
538 3. Ping to www.google.com and Verifying ping should success
539 4. Restoring management interface configuration in cord-tester
540 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]541 host = 'www.google.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]542 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]543 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]544 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]545 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]546 assert_not_equal(vcpe_ip, None)
547 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
548 log.info('Sending icmp ping requests to %s' %host)
549 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]550 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]551 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]552
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]553 def test_vsg_for_external_connectivity_to_invalid_host(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]554 """
555 Algo:
556 1. Get dhcp IP to vcpe interface in cord-tester
557 2. Verifying vcpe interface gets dhcp IP
558 3. Ping to www.goglee.com and Verifying ping should not success
559 4. Restoring management interface configuration in cord-tester
560 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]561 host = 'www.goglee.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]562 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]563 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]564 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]565 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]566 assert_not_equal(vcpe_ip, None)
567 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
568 log.info('Sending icmp ping requests to non existent host %s' %host)
569 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]570 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]571 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]572
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]573 def test_vsg_for_external_connectivity_with_ttl_1(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]574 """
575 Algo:
576 1. Get dhcp IP to vcpe interface in cord-tester
577 2. Verifying vcpe interface gets dhcp IP
578 3. Ping to 8.8.8.8 with ttl set to 1
579 4. Verifying ping should not success
580 5. Restoring management interface configuration in cord-tester
581 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]582 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]583 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]584 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]585 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]586 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]587 assert_not_equal(vcpe_ip, None)
588 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
589 log.info('Sending icmp ping requests to host %s with ttl 1' %host)
590 st, _ = getstatusoutput('ping -c 1 -t 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]591 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]592 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]593
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]594 def test_vsg_for_external_connectivity_with_wan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]595 """
596 Algo:
597 1. Get dhcp IP to vcpe interface in cord-tester
598 2. Verifying vcpe interface gets dhcp IP
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]599 3. Ping to 8.8.8.8 and Verifying ping succeeds
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]600 4. Now down the WAN interface of vcpe
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]601 5. Ping to 8.8.8.8 and Verifying ping fails
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]602 6. Now Up the WAN interface of vcpe
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]603 7. Ping to 8.8.8.8 and Verifying ping succeeds
604 8. Restoring management interface configuration in cord-tester
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]605 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]606 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]607 return
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]608 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]609 mgmt = 'eth0'
610 vcpe = self.vcpe_container
611 assert_not_equal(vcpe, None)
612 assert_not_equal(self.vcpe_dhcp, None)
613 #first get dhcp on the vcpe interface
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]614 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
615 assert_not_equal(vcpe_ip, None)
616 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
617 log.info('Sending ICMP pings to host %s' %(host))
618 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
619 if st != 0:
620 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
621 assert_equal(st, 0)
622 #bring down the wan interface and check again
623 st = VSGAccess.vcpe_wan_down(vcpe)
624 if st is False:
625 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
626 assert_equal(st, True)
627 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
628 if st == 0:
629 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
630 assert_not_equal(st, 0)
631 st = VSGAccess.vcpe_wan_up(vcpe)
632 if st is False:
633 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
634 assert_equal(st, True)
635 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
636 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
637 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]638
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]639 def test_vsg_for_external_connectivity_with_lan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]640 """
641 Algo:
642 1. Get dhcp IP to vcpe interface in cord-tester
643 2. Verifying vcpe interface gets dhcp IP
644 3. Ping to 8.8.8.8 and Verifying ping should success
645 4. Now down the LAN interface of vcpe
646 5. Ping to 8.8.8.8 and Verifying ping should not success
647 6. Now Up the LAN interface of vcpe
648 7. Ping to 8.8.8.8 and Verifying ping should success
649 8. Restoring management interface configuration in cord-tester
650 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]651 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]652 return
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]653 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]654 mgmt = 'eth0'
655 vcpe = self.vcpe_container
656 assert_not_equal(vcpe, None)
657 assert_not_equal(self.vcpe_dhcp, None)
658 #first get dhcp on the vcpe interface
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]659 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
660 assert_not_equal(vcpe_ip, None)
661 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
662 log.info('Sending ICMP pings to host %s' %(host))
663 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
664 if st != 0:
665 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
666 assert_equal(st, 0)
667 #bring down the lan interface and check again
668 st = VSGAccess.vcpe_lan_down(vcpe)
669 if st is False:
670 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
671 assert_equal(st, True)
672 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
673 if st == 0:
674 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
675 assert_not_equal(st, 0)
676 st = VSGAccess.vcpe_lan_up(vcpe)
677 if st is False:
678 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
679 assert_equal(st, True)
680 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
681 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
682 assert_equal(st, 0)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]683
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]684 @deferred(TIMEOUT)
685 def test_vsg_for_external_connectivity_with_vcpe_container_paused(self,vcpe_name=None,vcpe_intf=None):
686 """
687 Algo:
688 1. Get vSG corresponding to vcpe
689 2. Get dhcp ip to vcpe interface
690 3. Add static route to destination route in test container
691 4. From test container ping to destination route and verify ping success
692 5. Login to compute node and execute command to pause vcpe container
693 6. From test container ping to destination route and verify ping success
694 """
695 if not vcpe_name:
696 vcpe_name = self.vcpe_container
697 if not vcpe_intf:
698 vcpe_intf = self.vcpe_dhcp
699 df = defer.Deferred()
700 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]701 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]702 df.callback(0)
703 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]704 host = '8.8.8.8'
705 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
706 try:
707 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
708 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
709 assert_equal(st, False)
710 st, _ = vsg.run_cmd('sudo docker pause {}'.format(vcpe_name))
711 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
712 assert_equal(st, False)
713 finally:
714 vsg.run_cmd('sudo docker unpause'.format(vcpe_name))
715 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
716 df.callback(0)
717 reactor.callLater(0, vcpe_firewall, df)
718 return df
719
720 @deferred(TIMEOUT)
721 def test_vsg_firewall_with_deny_destination_ip(self, vcpe_name=None, vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]722 """
723 Algo:
724 1. Get vSG corresponding to vcpe
725 2. Login to compute node
726 3. Execute iptable command on vcpe from compute node to deny a destination IP
727 4. From cord-tester ping to the denied IP address
728 5. Verifying that ping should not be successful
729 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]730 if not vcpe_name:
731 vcpe_name = self.vcpe_container
732 if not vcpe_intf:
733 vcpe_intf = self.vcpe_dhcp
734 df = defer.Deferred()
735 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]736 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]737 df.callback(0)
738 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]739 host = '8.8.8.8'
740 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
741 try:
742 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
743 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
744 assert_equal(st, False)
745 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
746 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
747 assert_equal(st, True)
748 finally:
749 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
750 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
751 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
752 df.callback(0)
753 reactor.callLater(0, vcpe_firewall, df)
754 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]755
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]756 @deferred(TIMEOUT)
757 def test_vsg_firewall_with_rule_add_and_delete_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]758 """
759 Algo:
760 1. Get vSG corresponding to vcpe
761 2. Login to compute node
762 3. Execute iptable command on vcpe from compute node to deny a destination IP
763 4. From cord-tester ping to the denied IP address
764 5. Verifying that ping should not be successful
765 6. Delete the iptable rule in vcpe
766 7. From cord-tester ping to the denied IP address
767 8. Verifying the ping should success
768 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]769 if not vcpe_name:
770 vcpe_name = self.vcpe_container
771 if not vcpe_intf:
772 vcpe_intf = self.vcpe_dhcp
773 df = defer.Deferred()
774 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]775 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]776 df.callback(0)
777 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]778 host = '8.8.8.8'
779 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
780 try:
781 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
782 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
783 assert_equal(st, False)
784 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
785 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
786 assert_equal(st, True)
787 st,_ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
788 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
789 assert_equal(st, False)
790 finally:
791 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
792 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
793 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
794 df.callback(0)
795 reactor.callLater(0, vcpe_firewall, df)
796 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]797
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]798 @deferred(TIMEOUT)
799 def test_vsg_firewall_verifying_reachability_for_non_blocked_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]800 """
801 Algo:
802 1. Get vSG corresponding to vcpe
803 2. Login to compute node
804 3. Execute iptable command on vcpe from compute node to deny a destination IP
805 4. From cord-tester ping to the denied IP address
806 5. Verifying that ping should not be successful
807 6. From cord-tester ping to the denied IP address other than the denied one
808 7. Verifying the ping should success
809 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]810 if not vcpe_name:
811 vcpe_name = self.vcpe_container
812 if not vcpe_intf:
813 vcpe_intf = self.vcpe_dhcp
814 df = defer.Deferred()
815 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]816 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]817 df.callback(0)
818 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]819 host1 = '8.8.8.8'
820 host2 = '204.79.197.203'
821 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
822 try:
823 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
824 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
825 assert_equal(st, False)
826 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
827 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
828 assert_equal(st, True)
829 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
830 assert_equal(st,False)
831 finally:
832 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
833 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
834 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
835 df.callback(0)
836 reactor.callLater(0, vcpe_firewall, df)
837 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]838
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]839 @deferred(TIMEOUT)
840 def test_vsg_firewall_appending_rules_with_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]841 """
842 Algo:
843 1. Get vSG corresponding to vcpe
844 2. Login to compute node
845 3. Execute iptable command on vcpe from compute node to deny a destination IP1
846 4. From cord-tester ping to the denied IP address IP1
847 5. Verifying that ping should not be successful
848 6. Execute iptable command on vcpe from compute node to deny a destination IP2
849 6. From cord-tester ping to the denied IP address IP2
850 7. Verifying that ping should not be successful
851 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]852 if not vcpe_name:
853 vcpe_name = self.vcpe_container
854 if not vcpe_intf:
855 vcpe_intf = self.vcpe_dhcp
856 df = defer.Deferred()
857 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]858 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]859 df.callback(0)
860 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]861 host1 = '8.8.8.8'
862 host2 = '204.79.197.203'
863 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
864 try:
865 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
866 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
867 assert_equal(st, False)
868 st,_ = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name))
869 time.sleep(2)
870 st,_ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
871 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
872 assert_equal(st, True)
873 st, out = getstatusoutput('ping -c 1 {}'.format(host2))
874 log.info('host2 ping output is %s'%out)
875 assert_equal(st, False)
876 st, _ = vsg.run_cmd('sudo docker exec {} iptables -A FORWARD -d {} -j DROP'.format(vcpe_name,host2))
877 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
878 assert_equal(st,True)
879 finally:
880 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
881 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
882 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
883 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
884 df.callback(0)
885 reactor.callLater(0, vcpe_firewall, df)
886 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]887
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]888 @deferred(TIMEOUT)
889 def test_vsg_firewall_removing_one_rule_denying_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]890 """
891 Algo:
892 1. Get vSG corresponding to vcpe
893 2. Login to compute node
894 3. Execute iptable command on vcpe from compute node to deny a destination IP1
895 4. Execute iptable command on vcpe from compute node to deny a destination IP2
896 5. From cord-tester ping to the denied IP address IP1
897 6. Verifying that ping should not be successful
898 7. From cord-tester ping to the denied IP address IP2
899 8. Verifying that ping should not be successful
900 9. Execute iptable command on vcpe from compute node to remove deny a destination IP2 rule
901 10. From cord-tester ping to the denied IP address IP2
902 11. Verifying the ping should success
903 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]904 if not vcpe_name:
905 vcpe_name = self.vcpe_container
906 if not vcpe_intf:
907 vcpe_intf = self.vcpe_dhcp
908 df = defer.Deferred()
909 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]910 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]911 df.callback(0)
912 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]913 host1 = '8.8.8.8'
914 host2 = '204.79.197.203'
915 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
916 try:
917 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp)
918 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
919 assert_equal(st, False)
920 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
921 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host2))
922 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
923 assert_equal(st, True)
924 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
925 assert_equal(st,True)
926 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
927 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
928 assert_equal(st,False)
929 finally:
930 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
931 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
932 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
933 log.info('restarting vcpe container')
934 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
935 df.callback(0)
936 reactor.callLater(0, vcpe_firewall, df)
937 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]938
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]939 @deferred(TIMEOUT)
940 def test_vsg_firewall_changing_rule_id_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]941 """
942 Algo:
943 1. Get vSG corresponding to vcpe
944 2. Login to compute node
945 3. Execute iptable command on vcpe from compute node to deny a destination IP
946 5. From cord-tester ping to the denied IP address IP1
947 6. Verifying that ping should not be successful
948 9. Execute iptable command on vcpe from compute node to change the rule ID to 2 to deny the same destination IP
949 10. From cord-tester ping to the denied IP address IP
950 11. Verifying that ping should not be successful
951 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]952 if not vcpe_name:
953 vcpe_name = self.vcpe_container
954 if not vcpe_intf:
955 vcpe_intf = self.vcpe_dhcp
956 df = defer.Deferred()
957 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]958 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]959 df.callback(0)
960 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]961 host = '8.8.8.8'
962 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
963 try:
964 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
965 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
966 assert_equal(st, False)
967 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
968 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
969 assert_equal(st, True)
970 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP '.format(vcpe_name,host))
971 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
972 assert_equal(st,True)
973 finally:
974 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
975 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
976 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
977 df.callback(0)
978 reactor.callLater(0, vcpe_firewall, df)
979 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]980
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]981 @deferred(TIMEOUT)
982 def test_vsg_firewall_changing_deny_rule_to_accept_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]983 """
984 Algo:
985 1. Get vSG corresponding to vcpe
986 2. Login to compute node
987 3. Execute iptable command on vcpe from compute node to deny a destination IP
988 5. From cord-tester ping to the denied IP address IP1
989 6. Verifying that ping should not be successful
990 9. Execute iptable command on vcpe from compute node to accept the same destination IP
991 10. From cord-tester ping to the accepted IP
992 11. Verifying the ping should success
993 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]994 if not vcpe_name:
995 vcpe_name = self.vcpe_container
996 if not vcpe_intf:
997 vcpe_intf = self.vcpe_dhcp
998 df = defer.Deferred()
999 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1000 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1001 df.callback(0)
1002 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1003 host = '8.8.8.8'
1004 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1005 try:
1006 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1007 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1008 assert_equal(st, False)
1009 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1010 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1011 assert_equal(st, True)
1012 st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -d {} -j ACCEPT'.format(vcpe_name,host))
1013 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1014 assert_equal(st,False)
1015 finally:
1016 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1017 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j ACCEPT'.format(vcpe_name,host))
1018 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1019 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1020 df.callback(0)
1021 reactor.callLater(0, vcpe_firewall, df)
1022 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1023
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1024 @deferred(TIMEOUT) #Fail
1025 def test_vsg_firewall_denying_destination_network(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1026 """
1027 Algo:
1028 1. Get vSG corresponding to vcpe
1029 2. Login to compute node
1030 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet
1031 4. From cord-tester ping to the denied IP address IP1 in the denied subnet
1032 5. Verifying that ping should not be successful
1033 6. From cord-tester ping to the denied IP address IP2 in the denied subnet
1034 7. Verifying that ping should not be successful
1035 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1036 if not vcpe_name:
1037 vcpe_name = self.vcpe_container
1038 if not vcpe_intf:
1039 vcpe_intf = self.vcpe_dhcp
1040 df = defer.Deferred()
1041 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1042 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1043 df.callback(0)
1044 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1045 network = '204.79.197.192/28'
1046 host1 = '204.79.197.203'
1047 host2 = '204.79.197.210'
1048 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1049 try:
1050 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp)
1051 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1052 assert_equal(st, False)
1053 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network))
1054 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1055 assert_equal(st, True)
1056 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1057 assert_equal(st,False)
1058 finally:
1059 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network))
1060 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
1061 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1062 df.callback(0)
1063 reactor.callLater(0, vcpe_firewall, df)
1064 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1065
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1066 @deferred(TIMEOUT)
1067 def test_vsg_firewall_denying_destination_network_subnet_modification(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1068 """
1069 Algo:
1070 1. Get vSG corresponding to vcpe
1071 2. Login to compute node
1072 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet
1073 4. From cord-tester ping to the denied IP address IP1 in the denied subnet
1074 5. Verifying that ping should not be successful
1075 6. From cord-tester ping to the denied IP address IP2 in the denied subnet
1076 7. Verifying that ping should not be successful
1077 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1078 if not vcpe_name:
1079 vcpe_name = self.vcpe_container
1080 if not vcpe_intf:
1081 vcpe_intf = self.vcpe_dhcp
1082 df = defer.Deferred()
1083 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1084 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1085 df.callback(0)
1086 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1087 network1 = '204.79.197.192/28'
1088 network2 = '204.79.197.192/27'
1089 host1 = '204.79.197.203'
1090 host2 = '204.79.197.210'
1091 host3 = '204.79.197.224'
1092 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1093 try:
1094 self.add_static_route_via_vcpe_interface([host1,host2,host3],vcpe=self.vcpe_dhcp)
1095 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1096 assert_equal(st, False)
1097 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network1))
1098 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1099 assert_equal(st, True)
1100 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1101 assert_equal(st,False)
1102 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP'.format(vcpe_name,network2))
1103 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1104 assert_equal(st, True)
1105 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1106 assert_equal(st, True)
1107 st, _ = getstatusoutput('ping -c 1 {}'.format(host3))
1108 assert_equal(st, False)
1109 finally:
1110 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network1))
1111 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network2))
1112 self.del_static_route_via_vcpe_interface([host1,host2,host3],vcpe=vcpe_intf)
1113 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1114 df.callback(0)
1115 reactor.callLater(0, vcpe_firewall, df)
1116 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1117
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1118 @deferred(TIMEOUT)
1119 def test_vsg_firewall_with_deny_source_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1120 """
1121 Algo:
1122 1. Get vSG corresponding to vcpe
1123 2. Login to compute node
1124 3. Execute iptable command on vcpe from compute node to deny a source IP
1125 4. From cord-tester ping to 8.8.8.8 from the denied IP
1126 5. Verifying that ping should not be successful
1127 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1128 if not vcpe_name:
1129 vcpe_name = self.vcpe_container
1130 if not vcpe_intf:
1131 vcpe_intf = self.vcpe_dhcp
1132 df = defer.Deferred()
1133 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1134 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1135 df.callback(0)
1136 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1137 host = '8.8.8.8'
1138 #source_ip = get_ip(self.vcpe_dhcp)
1139 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1140 try:
1141 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1142 source_ip = get_ip(self.vcpe_dhcp)
1143 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1144 assert_equal(st, False)
1145 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1146 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1147 assert_equal(st, True)
1148 finally:
1149 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1150 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1151 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1152 df.callback(0)
1153 reactor.callLater(0, vcpe_firewall, df)
1154 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1155
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1156 @deferred(TIMEOUT)
1157 def test_vsg_firewall_rule_with_add_and_delete_deny_source_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1158 """
1159 Algo:
1160 1. Get vSG corresponding to vcpe
1161 2. Login to compute node
1162 3. Execute iptable command on vcpe from compute node to deny a source IP
1163 4. From cord-tester ping to 8.8.8.8 from the denied IP
1164 5. Verifying that ping should not be successful
1165 6. Delete the iptable rule in vcpe
1166 7. From cord-tester ping to 8.8.8.8 from the denied IP
1167 8. Verifying the ping should success
1168 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1169 if not vcpe_name:
1170 vcpe_name = self.vcpe_container
1171 if not vcpe_intf:
1172 vcpe_intf = self.vcpe_dhcp
1173 df = defer.Deferred()
1174 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1175 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1176 df.callback(0)
1177 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1178 host = '8.8.8.8'
1179 source_ip = get_ip(self.vcpe_dhcp)
1180 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1181 try:
1182 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1183 source_ip = get_ip(self.vcpe_dhcp)
1184 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1185 assert_equal(st, False)
1186 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1187 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1188 assert_equal(st, True)
1189 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1190 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1191 assert_equal(st, False)
1192 finally:
1193 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1194 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1195 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1196 df.callback(0)
1197 reactor.callLater(0, vcpe_firewall, df)
1198 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1199
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1200 @deferred(TIMEOUT)
1201 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_requests_type(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1202 """
1203 Algo:
1204 1. Get vSG corresponding to vcpe
1205 2. Login to compute node
1206 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets
1207 4. From cord-tester ping to 8.8.8.8
1208 5. Verifying that ping should not be successful
1209 6. Delete the iptable rule
1210 7. From cord-tester ping to 8.8.8.8
1211 8. Verifying the ping should success
1212 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1213 if not vcpe_name:
1214 vcpe_name = self.vcpe_container
1215 if not vcpe_intf:
1216 vcpe_intf = self.vcpe_dhcp
1217 df = defer.Deferred()
1218 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1219 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1220 df.callback(0)
1221 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1222 host = '8.8.8.8'
1223 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1224 try:
1225 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1226 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1227 assert_equal(st, False)
1228 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1229 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1230 assert_equal(st, True)
1231 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1232 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1233 assert_equal(st, False)
1234 finally:
1235 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1236 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1237 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1238 df.callback(0)
1239 reactor.callLater(0, vcpe_firewall, df)
1240 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1241
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1242 @deferred(TIMEOUT)
1243 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1244 """
1245 Algo:
1246 1. Get vSG corresponding to vcpe
1247 2. Login to compute node
1248 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets
1249 4. From cord-tester ping to 8.8.8.8
1250 5. Verifying that ping should not be successful
1251 6. Delete the iptable rule
1252 7. From cord-tester ping to 8.8.8.8
1253 8. Verifying the ping should success
1254 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1255 if not vcpe_name:
1256 vcpe_name = self.vcpe_container
1257 if not vcpe_intf:
1258 vcpe_intf = self.vcpe_dhcp
1259 df = defer.Deferred()
1260 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1261 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1262 df.callback(0)
1263 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1264 host = '8.8.8.8'
1265 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1266 try:
1267 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1268 st, _ = getstatusoutput('ping -c 1 {}'.format('8.8.8.8'))
1269 assert_equal(st, False)
1270 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1271 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1272 assert_equal(st, True)
1273 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1274 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1275 assert_equal(st,False)
1276 finally:
1277 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1278 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1279 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1280 df.callback(0)
1281 reactor.callLater(0, vcpe_firewall, df)
1282 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1283
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1284 @deferred(TIMEOUT)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1285 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_requests_type(self, vcpe_name=None, vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1286 """
1287 Algo:
1288 1. Get vSG corresponding to vcpe
1289 2. Login to compute node
1290 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets
1291 4. From cord-tester ping to 8.8.8.8
1292 5. Verifying that ping should not be successful
1293 6. Insert another rule to accept the icmp-echo requests protocol packets
1294 7. From cord-tester ping to 8.8.8.8
1295 8. Verifying the ping should success
1296 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1297 if not vcpe_name:
1298 vcpe_name = self.vcpe_container
1299 if not vcpe_intf:
1300 vcpe_intf = self.vcpe_dhcp
1301 df = defer.Deferred()
1302 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1303 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1304 df.callback(0)
1305 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1306 host = '8.8.8.8'
1307 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1308 try:
1309 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1310 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1311 assert_equal(st, False)
1312 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1313 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1314 assert_equal(st, True)
1315 st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name))
1316 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1317 assert_equal(st,False)
1318 finally:
1319 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1320 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name))
1321 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1322 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1323 df.callback(0)
1324 reactor.callLater(0, vcpe_firewall, df)
1325 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1326
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1327 @deferred(TIMEOUT)
1328 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None):
1329 """
1330 Algo:
1331 1. Get vSG corresponding to vcpe
1332 2. Login to compute node
1333 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets
1334 4. From cord-tester ping to 8.8.8.8
1335 5. Verifying the ping should not success
1336 6. Insert another rule to accept the icmp-echo requests protocol packets
1337 7. From cord-tester ping to 8.8.8.8
1338 8. Verifying the ping should success
1339 """
1340 if not vcpe_name:
1341 vcpe_name = self.vcpe_container
1342 if not vcpe_intf:
1343 vcpe_intf = self.vcpe_dhcp
1344 df = defer.Deferred()
1345 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1346 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1347 df.callback(0)
1348 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1349 host = '8.8.8.8'
1350 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1351 try:
1352 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1353 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1354 assert_equal(st, False)
1355 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1356 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1357 assert_equal(st, True)
1358 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name))
1359 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1360 assert_equal(st,False)
1361 finally:
1362 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1363 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name))
1364 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1365 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1366 df.callback(0)
1367 reactor.callLater(0, vcpe_firewall, df)
1368 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1369
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1370 @deferred(TIMEOUT)
1371 def test_vsg_firewall_for_deny_icmp_protocol(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1372 """
1373 Algo:
1374 1. Get vSG corresponding to vcpe
1375 2. Login to compute node
1376 3. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1377 4. From cord-tester ping to 8.8.8.8
1378 5. Verifying that ping should not be successful
1379 6. Delete the iptable rule
1380 7. From cord-tester ping to 8.8.8.8
1381 8. Verifying the ping should success
1382 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1383 if not vcpe_name:
1384 vcpe_name = self.vcpe_container
1385 if not vcpe_intf:
1386 vcpe_intf = self.vcpe_dhcp
1387 df = defer.Deferred()
1388 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1389 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1390 df.callback(0)
1391 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1392 host = '8.8.8.8'
1393 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1394 try:
1395 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1396 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1397 assert_equal(st, False)
1398 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1399 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1400 assert_equal(st, True)
1401 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1402 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1403 assert_equal(st,False)
1404 finally:
1405 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1406 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1407 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1408 df.callback(0)
1409 reactor.callLater(0, vcpe_firewall, df)
1410 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1411
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1412 @deferred(TIMEOUT)
1413 def test_vsg_firewall_rule_deny_icmp_protocol_and_destination_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1414 """
1415 Algo:
1416 1. Get vSG corresponding to vcpe
1417 2. Login to compute node
1418 3. Execute iptable command on vcpe from compute node to deny a destination IP
1419 4. From cord-tester ping to 8.8.8.8
1420 5. Verifying that ping should not be successful
1421 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1422 7. From cord-tester ping to 8.8.8.8
1423 8. Verifying the ping should success
1424 9. Delete the rule added in step 3
1425 10. From cord-tester ping to 8.8.8.8
1426 11. Verifying that ping should not be successful
1427 12. Delete the rule added in step 6
1428 13. From cord-tester ping to 8.8.8.8
1429 14. Verifying the ping should success
1430 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1431 if not vcpe_name:
1432 vcpe_name = self.vcpe_container
1433 if not vcpe_intf:
1434 vcpe_intf = self.vcpe_dhcp
1435 df = defer.Deferred()
1436 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1437 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1438 df.callback(0)
1439 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1440 host = '8.8.8.8'
1441 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1442 try:
1443 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1444 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1445 assert_equal(st, False)
1446 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1447 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1448 assert_equal(st, True)
1449 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1450 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1451 assert_equal(st, True)
1452 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1453 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1454 assert_equal(st, True)
1455 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1456 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1457 assert_equal(st,False)
1458 finally:
1459 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1460 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1461 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1462 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1463 df.callback(0)
1464 reactor.callLater(0, vcpe_firewall, df)
1465 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1466
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1467 @deferred(TIMEOUT) #Fail
1468 def test_vsg_firewall_flushing_all_configured_rules(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1469 """
1470 Algo:
1471 1. Get vSG corresponding to vcpe
1472 2. Login to compute node
1473 3. Execute iptable command on vcpe from compute node to deny a destination IP
1474 4. From cord-tester ping to 8.8.8.8
1475 5. Verifying that ping should not be successful
1476 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1477 7. From cord-tester ping to 8.8.8.8
1478 8. Verifying the ping should success
1479 9. Flush all the iptable rules configuraed in vcpe
1480 10. Delete the rule added in step 6
1481 11. From cord-tester ping to 8.8.8.8
1482 12. Verifying the ping should success
1483 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1484 if not vcpe_name:
1485 vcpe_name = self.vcpe_container
1486 if not vcpe_intf:
1487 vcpe_intf = self.vcpe_dhcp
1488 df = defer.Deferred()
1489 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1490 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1491 df.callback(0)
1492 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1493 host = '8.8.8.8'
1494 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1495 try:
1496 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1497 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1498 assert_equal(st, False)
1499 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1500 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1501 assert_equal(st, True)
1502 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1503 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1504 assert_equal(st, True)
1505 st,output = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name))
1506 time.sleep(1)
1507 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1508 assert_equal(st, False)
1509 finally:
1510 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1511 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1512 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1513 df.callback(0)
1514 reactor.callLater(0, vcpe_firewall, df)
1515 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1516
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1517 @deferred(TIMEOUT)
1518 def test_vsg_firewall_deny_all_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1519 """
1520 Algo:
1521 1. Get vSG corresponding to vcpe
1522 2. Login to compute node
1523 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic
1524 4. From cord-tester ping to 8.8.8.8
1525 5. Verifying that ping should not be successful
1526 6. Delete the iptable rule added
1527 7. From cord-tester ping to 8.8.8.8
1528 8. Verifying the ping should success
1529 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1530 if not vcpe_name:
1531 vcpe_name = self.vcpe_container
1532 if not vcpe_intf:
1533 vcpe_intf = self.vcpe_dhcp
1534 df = defer.Deferred()
1535 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1536 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1537 df.callback(0)
1538 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1539 host = '8.8.8.8'
1540 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1541 try:
1542 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1543 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1544 assert_equal(st, False)
1545 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1546 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1547 assert_equal(st, True)
1548 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1549 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1550 assert_equal(st, False)
1551 finally:
1552 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1553 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1554 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1555 df.callback(0)
1556 reactor.callLater(0, vcpe_firewall, df)
1557 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1558
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1559 @deferred(TIMEOUT)
1560 def test_vsg_firewall_replacing_deny_rule_to_accept_rule_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1561 """
1562 Algo:
1563 1. Get vSG corresponding to vcpe
1564 2. Login to compute node
1565 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic
1566 4. From cord-tester ping to 8.8.8.8
1567 5. Verifying that ping should not be successful
1568 6. Replace the deny rule added in step 3 with accept rule
1569 7. From cord-tester ping to 8.8.8.8
1570 8. Verifying the ping should success
1571 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1572 if not vcpe_name:
1573 vcpe_name = self.vcpe_container
1574 if not vcpe_intf:
1575 vcpe_intf = self.vcpe_dhcp
1576 df = defer.Deferred()
1577 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1578 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1579 df.callback(0)
1580 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1581 host = '8.8.8.8'
1582 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1583 try:
1584 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1585 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1586 assert_equal(st, False)
1587 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1588 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1589 assert_equal(st, True)
1590 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -4 -j ACCEPT'.format(vcpe_name))
1591 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1592 assert_equal(st, False)
1593 finally:
1594 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1595 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1596 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1597 df.callback(0)
1598 reactor.callLater(0, vcpe_firewall, df)
1599 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1600
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1601 @deferred(TIMEOUT)
1602 def test_vsg_firewall_deny_all_traffic_coming_on_lan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
1603 """
1604 Algo:
1605 1. Get vSG corresponding to vcpe
1606 2. Login to compute node
1607 3. Execute iptable command on vcpe from compute node to deny all the traffic coming on lan interface inside vcpe container
1608 4. From cord-tester ping to 8.8.8.8
1609 5. Verifying the ping should not success
1610 6. Delete the iptable rule added
1611 7. From cord-tester ping to 8.8.8.8
1612 8. Verifying the ping should success
1613 """
1614 if not vcpe_name:
1615 vcpe_name = self.vcpe_container
1616 if not vcpe_intf:
1617 vcpe_intf = self.vcpe_dhcp
1618 df = defer.Deferred()
1619 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1620 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1621 df.callback(0)
1622 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1623 host = '8.8.8.8'
1624 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1625 try:
1626 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1627 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1628 assert_equal(st, False)
1629 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -j DROP'.format(vcpe_name))
1630 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1631 assert_equal(st, True)
1632 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name))
1633 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1634 assert_equal(st, False)
1635 finally:
1636 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name))
1637 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1638 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1639 df.callback(0)
1640 reactor.callLater(0, vcpe_firewall, df)
1641 return df
1642
1643 @deferred(TIMEOUT)
1644 def test_vsg_firewall_deny_all_traffic_going_out_of_wan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
1645 """
1646 Algo:
1647 1. Get vSG corresponding to vcpe
1648 2. Login to compute node
1649 3. Execute iptable command on vcpe from compute node to deny all the traffic going out of wan interface inside vcpe container
1650 4. From cord-tester ping to 8.8.8.8
1651 5. Verifying the ping should not success
1652 6. Delete the iptable rule added
1653 7. From cord-tester ping to 8.8.8.8
1654 8. Verifying the ping should success
1655 """
1656 if not vcpe_name:
1657 vcpe_name = self.vcpe_container
1658 if not vcpe_intf:
1659 vcpe_intf = self.vcpe_dhcp
1660 df = defer.Deferred()
1661 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1662 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1663 df.callback(0)
1664 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1665 host = '8.8.8.8'
1666 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1667 try:
1668 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1669 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1670 assert_equal(st, False)
1671 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -o eth0 -j DROP'.format(vcpe_name))
1672 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1673 assert_equal(st, True)
1674 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name))
1675 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1676 assert_equal(st, False)
1677 finally:
1678 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name))
1679 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1680 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1681 df.callback(0)
1682 reactor.callLater(0, vcpe_firewall, df)
1683 return df
1684
1685 @deferred(TIMEOUT)
1686 def test_vsg_firewall_deny_all_traffic_from_lan_to_wan_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1687 """
1688 Algo:
1689 1. Get vSG corresponding to vcpe
1690 2. Login to compute node
1691 3. Execute iptable command on vcpe from compute node to deny all the traffic from lan to wan interface in vcpe
1692 4. From cord-tester ping to 8.8.8.8
1693 5. Verifying that ping should not be successful
1694 6. Delete the iptable rule added
1695 7. From cord-tester ping to 8.8.8.8
1696 8. Verifying the ping should success
1697 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1698 if not vcpe_name:
1699 vcpe_name = self.vcpe_container
1700 if not vcpe_intf:
1701 vcpe_intf = self.vcpe_dhcp
1702 df = defer.Deferred()
1703 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1704 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1705 df.callback(0)
1706 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1707 host = '8.8.8.8'
1708 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1709 try:
1710 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1711 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1712 assert_equal(st, False)
1713 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1714 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1715 assert_equal(st, True)
1716 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1717 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1718 assert_equal(st, False)
1719 finally:
1720 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1721 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1722 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1723 df.callback(0)
1724 reactor.callLater(0, vcpe_firewall, df)
1725 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1726
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1727
1728 #this test case needs modification.default route should be vcpe interface to run this test case
1729 @deferred(TIMEOUT)
1730 def test_vsg_firewall_deny_all_dns_traffic(self,vcpe_name=None,vcpe_intf=None):
1731 """
1732 Algo:
1733 1. Get vSG corresponding to vcpe
1734 2. Login to compute node
1735 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1736 4. From cord-tester ping to www.google.com
1737 5. Verifying the ping should not success
1738 6. Delete the iptable rule added
1739 7. From cord-tester ping to www.google.com
1740 8. Verifying the ping should success
1741 """
1742 if not vcpe_name:
1743 vcpe_name = self.vcpe_container
1744 if not vcpe_intf:
1745 vcpe_intf = self.vcpe_dhcp
1746 df = defer.Deferred()
1747 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1748 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1749 df.callback(0)
1750 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1751 host = 'www.msn.com'
1752 host_ip = '131.253.33.203'
1753 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1754 try:
1755 self.add_static_route_via_vcpe_interface([host_ip],vcpe=self.vcpe_dhcp)
1756 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1757 assert_equal(st, False)
1758 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name))
1759 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1760 assert_equal(st, True)
1761 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p udp --dport 53 -j ACCEPT'.format(vcpe_name))
1762 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1763 assert_equal(st, False)
1764 finally:
1765 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name))
1766 self.del_static_route_via_vcpe_interface([host_ip],vcpe=vcpe_intf)
1767 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1768 df.callback(0)
1769 reactor.callLater(0, vcpe_firewall, df)
1770 return df
1771
1772 @deferred(TIMEOUT)
1773 def test_vsg_firewall_deny_all_ipv4_traffic_vcpe_container_restart(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1774 """
1775 Algo:
1776 1. Get vSG corresponding to vcpe
1777 2. Login to compute node
1778 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1779 4. From cord-tester ping to www.google.com
1780 5. Verifying that ping should not be successful
1781 6. Delete the iptable rule added
1782 7. From cord-tester ping to www.google.com
1783 8. Verifying the ping should success
1784 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1785 if not vcpe_name:
1786 vcpe_name = self.vcpe_container
1787 if not vcpe_intf:
1788 vcpe_intf = self.vcpe_dhcp
1789 df = defer.Deferred()
1790 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1791 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1792 df.callback(0)
1793 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1794 host = '8.8.8.8'
1795 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1796 try:
1797 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1798 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1799 assert_equal(st, False)
1800 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1801 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1802 assert_equal(st, True)
1803 st,output = vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1804 time.sleep(3)
1805 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1806 assert_equal(st, False)
1807 finally:
1808 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1809 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1810 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1811 df.callback(0)
1812 reactor.callLater(0, vcpe_firewall, df)
1813 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1814
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1815 @deferred(TIMEOUT)
1816 def test_vsg_dnat_modifying_destination_ip(self,vcpe_name=None,vcpe_intf=None):
1817 """
1818 Algo:
1819 1. Get vSG corresponding to vcpe
1820 2. Login to compute node
1821 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1822 4. From cord-tester ping to www.google.com
1823 5. Verifying the ping should not success
1824 6. Delete the iptable rule added
1825 7. From cord-tester ping to www.google.com
1826 8. Verifying the ping should success
1827 """
1828 if not vcpe_name:
1829 vcpe_name = self.vcpe_container
1830 if not vcpe_intf:
1831 vcpe_intf = self.vcpe_dhcp
1832 df = defer.Deferred()
1833 def vcpe_firewall(df):
1834 host = '8.8.8.8'
1835 dst_ip = '123.123.123.123'
1836 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1837 try:
1838 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1839 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1840 assert_equal(st, False)
1841 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1842 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1843 assert_equal(st, True)
1844 finally:
1845 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1846 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1847 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1848 df.callback(0)
1849 reactor.callLater(0,vcpe_firewall,df)
1850 return df
1851
1852 @deferred(TIMEOUT)
1853 def test_vsg_dnat_modifying_destination_ip_and_delete(self,vcpe_name=None,vcpe_intf=None):
1854 """
1855 Algo:
1856 1. Get vSG corresponding to vcpe
1857 2. Login to compute node
1858 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1859 4. From cord-tester ping to www.google.com
1860 5. Verifying the ping should not success
1861 6. Delete the iptable rule added
1862 7. From cord-tester ping to www.google.com
1863 8. Verifying the ping should success
1864 """
1865 if not vcpe_name:
1866 vcpe_name = self.vcpe_container
1867 if not vcpe_intf:
1868 vcpe_intf = self.vcpe_dhcp
1869 df = defer.Deferred()
1870 def vcpe_firewall(df):
1871 host = '8.8.8.8'
1872 dst_ip = '123.123.123.123'
1873 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1874 try:
1875 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1876 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1877 assert_equal(st, False)
1878 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1879 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1880 assert_equal(st, True)
1881 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1882 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1883 assert_equal(st, False)
1884 finally:
1885 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1886 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1887 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1888 df.callback(0)
1889 reactor.callLater(0,vcpe_firewall,df)
1890 return df
1891
1892 @deferred(TIMEOUT)
1893 def test_vsg_dnat_change_modifying_destination_ip_address(self,vcpe_name=None,vcpe_intf=None):
1894 """
1895 Algo:
1896 1. Get vSG corresponding to vcpe
1897 2. Login to compute node
1898 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1899 4. From cord-tester ping to www.google.com
1900 5. Verifying the ping should not success
1901 6. Delete the iptable rule added
1902 7. From cord-tester ping to www.google.com
1903 8. Verifying the ping should success
1904 """
1905 if not vcpe_name:
1906 vcpe_name = self.vcpe_container
1907 if not vcpe_intf:
1908 vcpe_intf = self.vcpe_dhcp
1909 df = defer.Deferred()
1910 def vcpe_firewall(df):
1911 host = '8.8.8.8'
1912 dst_ip = '123.123.123.123'
1913 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1914 try:
1915 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1916 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1917 assert_equal(st, False)
1918 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1919 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1920 assert_equal(st, True)
1921 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -R PREROUTING 1 -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,host))
1922 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1923 assert_equal(st, False)
1924 finally:
1925 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1926 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,host))
1927 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1928 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1929 df.callback(0)
1930 reactor.callLater(0,vcpe_firewall,df)
1931 return df
1932
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]1933 def vsg_xos_subscriber_create(self, index):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1934 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1935 return
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]1936 subscriber_info = self.subscriber_info[index]
1937 volt_subscriber_info = self.volt_subscriber_info[index]
A R Karthickd0b06792017-04-25 15:11:23 -0700[diff] [blame]1938 s_tag = int(volt_subscriber_info['voltTenant']['s_tag'])
1939 c_tag = int(volt_subscriber_info['voltTenant']['c_tag'])
1940 vcpe = 'vcpe-{}-{}'.format(s_tag, c_tag)
1941 log.info('Creating tenant with s_tag: %d, c_tag: %d' %(s_tag, c_tag))
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]1942 subId = ''
1943 try:
1944 result = self.restApiXos.ApiPost('TENANT_SUBSCRIBER', subscriber_info)
1945 assert_equal(result, True)
1946 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
1947 assert_not_equal(result, None)
1948 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
1949 assert_not_equal(subId, '0')
1950 log.info('Subscriber ID for account num %d = %s' %(volt_subscriber_info['account_num'], subId))
1951 volt_tenant = volt_subscriber_info['voltTenant']
1952 #update the subscriber id in the tenant info before making the rest
1953 volt_tenant['subscriber'] = subId
1954 result = self.restApiXos.ApiPost('TENANT_VOLT', volt_tenant)
1955 assert_equal(result, True)
1956 #if the vsg instance was already instantiated, then reduce delay
1957 if c_tag % self.subscribers_per_s_tag == 0:
1958 delay = 350
1959 else:
1960 delay = 90
1961 log.info('Delaying %d seconds for the VCPE to be provisioned' %(delay))
1962 time.sleep(delay)
1963 log.info('Testing for external connectivity to VCPE %s' %(vcpe))
1964 self.vsg_for_external_connectivity(index)
1965 finally:
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame^]1966 return subId
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]1967
1968 def vsg_xos_subscriber_delete(self, index, subId = ''):
1969 if self.on_pod is False:
1970 return
1971 subscriber_info = self.subscriber_info[index]
1972 volt_subscriber_info = self.volt_subscriber_info[index]
1973 s_tag = int(volt_subscriber_info['voltTenant']['s_tag'])
1974 c_tag = int(volt_subscriber_info['voltTenant']['c_tag'])
1975 vcpe = 'vcpe-{}-{}'.format(s_tag, c_tag)
1976 log.info('Deleting tenant with s_tag: %d, c_tag: %d' %(s_tag, c_tag))
1977 if not subId:
1978 #get the subscriber id first
1979 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
1980 assert_not_equal(result, None)
1981 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
1982 assert_not_equal(subId, '0')
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]1983 #get the volt id for the subscriber
1984 result = self.restApiXos.ApiGet('TENANT_VOLT')
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]1985 assert_not_equal(result, None)
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]1986 voltId = self.getVoltId(result, subId)
1987 assert_not_equal(voltId, None)
A R Karthicka385cea2017-04-26 10:12:43 -0700[diff] [blame]1988 log.info('Deleting subscriber ID %s for account num %d' %(subId, volt_subscriber_info['account_num']))
1989 status = self.restApiXos.ApiDelete('TENANT_SUBSCRIBER', subId)
1990 assert_equal(status, True)
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]1991 #Delete the tenant
1992 log.info('Deleting VOLT Tenant ID %s for subscriber %s' %(voltId, subId))
A R Karthick76944872017-04-26 10:21:37 -0700[diff] [blame]1993 self.restApiXos.ApiDelete('TENANT_VOLT', voltId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]1994
1995 def test_vsg_xos_subscriber(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame^]1996 subId = self.vsg_xos_subscriber_create(0)
1997 if subId and subId != '0':
1998 self.vsg_xos_subscriber_delete(0, subId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]1999
2000 def test_vsg_xos_subscriber_2(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame^]2001 subId = self.vsg_xos_subscriber_create(1)
2002 if subId and subId != '0':
2003 self.vsg_xos_subscriber_delete(1, subId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2004
2005 def test_vsg_xos_subscriber_3(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame^]2006 subId = self.vsg_xos_subscriber_create(2)
2007 if subId and subId != '0':
2008 self.vsg_xos_subscriber_delete(2, subId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2009
2010 def test_vsg_xos_subscriber_4(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame^]2011 subId = self.vsg_xos_subscriber_create(3)
2012 if subId and subId != '0':
2013 self.vsg_xos_subscriber_delete(3, subId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2014
2015 def test_vsg_xos_subscriber_5(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame^]2016 subId = self.vsg_xos_subscriber_create(4)
2017 if subId and subId != '0':
2018 self.vsg_xos_subscriber_delete(4, subId)
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]2019
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]2020 def test_vsg_for_dns_service(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2021 """
2022 Algo:
2023 1. Create a test client in Prod VM
2024 2. Create a vCPE container in vSG VM inside compute Node
2025 3. Ensure vSG VM and vCPE container created properly
2026 4. Enable dns service in vCPE ( if not by default )
2027 5. Send ping request from test client to valid domain address say, 'www.google'com
2028 6. Verify that dns should resolve ping should success
2029 7. Now send ping request to invalid domain address say 'www.invalidaddress'.com'
2030 8. Verify that dns resolve should fail and hence ping
2031 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2032
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2033 def test_vsg_for_10_subscribers_for_same_service(self):
2034 """
2035 Algo:
2036 1.Create a vSG VM in compute node
2037 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
2038 3.Ensure vSG VM and vCPE container created properly
2039 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to valid external public IP
2040 5.Verify that ping success for all 10 subscribers
2041 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2042
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2043 def test_vsg_for_10_subscribers_for_same_service_ping_invalid_ip(self):
2044 """
2045 Algo:
2046 1.Create a vSG VM in compute Node
2047 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
2048 3.Ensure vSG VM and vCPE container created properly
2049 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to invalid IP
2050 5.Verify that ping fails for all 10 subscribers
2051 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2052
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2053 def test_vsg_for_10_subscribers_for_same_service_ping_valid_and_invalid_ip(self):
2054 """
2055 Algo:
2056 1.Create a vSG VM in VM
2057 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
2058 3.Ensure vSG VM and vCPE container created properly
2059 4.From first 5 subscribers, with same s-tag and different c-tag, send a ping to valid IP
2060 5.Verify that ping success for all 5 subscribers
2061 6.From next 5 subscribers, with same s-tag and different c-tag, send a ping to invalid IP
2062 7.Verify that ping fails for all 5 subscribers
2063 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2064
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2065 def test_vsg_for_100_subscribers_for_same_service(self):
2066 """
2067 Algo:
2068 1.Create a vSG VM in compute node
2069 2.Create 100 vCPE containers for 100 subscribers, in vSG VM
2070 3.Ensure vSG VM and vCPE container created properly
2071 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to valid external public IP
2072 5.Verify that ping success for all 100 subscribers
2073 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2074
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2075 def test_vsg_for_100_subscribers_for_same_service_ping_invalid_ip(self):
2076 """
2077 Algo:
2078 1.Create a vSG VM in compute Node
2079 2.Create 10 vCPE containers for 100 subscribers, in vSG VM
2080 3.Ensure vSG VM and vCPE container created properly
2081 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to invalid IP
2082 5.Verify that ping fails for all 100 subscribers
2083 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2084
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2085 def test_vsg_for_100_subscribers_for_same_service_ping_valid_and_invalid_ip(self):
2086 """
2087 Algo:
2088 1.Create a vSG VM in VM
2089 2.Create 10 vCPE containers for 100 subscribers, in vSG VM
2090 3.Ensure vSG VM and vCPE container created properly
2091 4.From first 5 subscribers, with same s-tag and different c-tag, send a ping to valid IP
2092 5.Verify that ping success for all 5 subscribers
2093 6.From next 5 subscribers, with same s-tag and different c-tag, send a ping to invalid IP
2094 7.Verify that ping fails for all 5 subscribers
2095 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2096
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2097 def test_vsg_for_packet_received_with_invalid_ip_fields(self):
2098 """
2099 Algo:
2100 1.Create a vSG VM in compute node
2101 2.Create a vCPE container in vSG VM
2102 3.Ensure vSG VM and vCPE container created properly
2103 4.From subscriber, send a ping packet with invalid ip fields
2104 5.Verify that vSG drops the packet
2105 6.Verify ping fails
2106 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2107
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2108 def test_vsg_for_packet_received_with_invalid_mac_fields(self):
2109 """
2110 Algo:
2111 1.Create a vSG VM in compute node
2112 2.Create a vCPE container in vSG VM
2113 3.Ensure vSG VM and vCPE container created properly
2114 4.From subscriber, send a ping packet with invalid mac fields
2115 5.Verify that vSG drops the packet
2116 6.Verify ping fails
2117 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2118
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2119 def test_vsg_for_vlan_id_mismatch_in_stag(self):
2120 """
2121 Algo:
2122 1.Create a vSG VM in compute Node
2123 2.Create a vCPE container in vSG VM
2124 3.Ensure vSG VM and vCPE container created properly
2125 4.Send a ping request to external valid IP from subscriber, with incorrect vlan id in s-tag and valid c-tag
2126 5.Verify that ping fails as the packet drops at VM entry
2127 6.Repeat step 4 with correct s-tag
2128 7.Verify that ping success
2129 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2130
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2131 def test_vsg_for_vlan_id_mismatch_in_ctag(self):
2132 """
2133 Algo:
2134 1.Create a vSG VM in compute node
2135 2.Create a vCPE container in vSG VM
2136 3.Ensure vSG VM and vCPE container created properly
2137 4.Send a ping request to external valid IP from subscriber, with valid s-tag and incorrect vlan id in c-tag
2138 5.Verify that ping fails as the packet drops at vCPE container entry
2139 6.Repeat step 4 with valid s-tag and c-tag
2140 7.Verify that ping success
2141 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2142
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2143 def test_vsg_for_matching_and_mismatching_vlan_id_in_stag(self):
2144 """
2145 Algo:
2146 1.Create two vSG VMs in compute node
2147 2.Create a vCPE container in each vSG VM
2148 3.Ensure vSG VM and vCPE container created properly
2149 4.From subscriber one, send ping request with valid s and c tags
2150 5.From subscriber two, send ping request with vlan id mismatch in s-tag and valid c tags
2151 6.Verify that ping success for only subscriber one and fails for two.
2152 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2153
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2154 def test_vsg_for_matching_and_mismatching_vlan_id_in_ctag(self):
2155 """
2156 Algo:
2157 1.Create a vSG VM in compute node
2158 2.Create two vCPE containers in vSG VM
2159 3.Ensure vSG VM and vCPE container created properly
2160 4.From subscriber one, send ping request with valid s and c tags
2161 5.From subscriber two, send ping request with valid s-tag and vlan id mismatch in c-tag
2162 6.Verify that ping success for only subscriber one and fails for two
2163 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2164
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2165 def test_vsg_for_out_of_range_vlanid_in_ctag(self):
2166 """
2167 Algo:
2168 1.Create a vSG VM in compute node
2169 2.Create a vCPE container in vSG VM
2170 3.Ensure vSG VM and vCPE container created properly
2171 4.From subscriber, send ping request with valid stag and vlan id in c-tag is an out of range value ( like 0,4097 )
2172 4.Verify that ping fails as the ping packets drops at vCPE container entry
2173 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2174
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2175 def test_vsg_for_out_of_range_vlanid_in_stag(self):
2176 """
2177 Algo:
2178 1.Create a vSG VM in compute node
2179 2.Create a vCPE container in vSG VM
2180 3.Ensure vSG VM and vCPE container created properly
2181 2.From subscriber, send ping request with vlan id in s-tag is an out of range value ( like 0,4097 ), with valid c-tag
2182 4.Verify that ping fails as the ping packets drops at vSG VM entry
2183 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2184
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2185 def test_vsg_without_creating_vcpe_instance(self):
2186 """
2187 Algo:
2188 1.Create a vSG VM in compute Node
2189 2.Ensure vSG VM created properly
2190 3.Do not create vCPE container inside vSG VM
2191 4.From a subscriber, send ping to external valid IP
2192 5.Verify that ping fails as the ping packet drops at vSG VM entry itself.
2193 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2194
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2195 def test_vsg_for_remove_vcpe_instance(self):
2196 """
2197 Algo:
2198 1.Create a vSG VM in compute node
2199 2.Create a vCPE container in vSG VM
2200 3.Ensure vSG VM and vCPE container created properly
2201 4.From subscriber, send ping request with valid s-tag and c-tag
2202 5.Verify that ping success
2203 6.Verify ping success flows in OvS switch in compute node
2204 7.Now remove the vCPE container in vSG VM
2205 8.Ensure that the container removed properly
2206 9.Repeat step 4
2207 10.Verify that now, ping fails
2208 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2209
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2210 def test_vsg_for_restart_vcpe_instance(self):
2211 """
2212 Algo:
2213 1.Create a vSG VM in compute node
2214 2.Create a vCPE container in vSG VM
2215 3.Ensure vSG VM and vCPE container created properly
2216 4.From subscriber, send ping request with valid s-tag and c-tag
2217 5.Verify that ping success
2218 6.Verify ping success flows in OvS switch in compute node
2219 7.Now restart the vCPE container in vSG VM
2220 8.Ensure that the container came up after restart
2221 9.Repeat step 4
2222 10.Verify that now,ping gets success and flows added in OvS
2223 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2224
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2225 def test_vsg_for_restart_vsg_vm(self):
2226 """
2227 Algo:
2228 1.Create a vSG VM in compute node
2229 2.Create a vCPE container in vSG VM
2230 3.Ensure vSG VM and vCPE container created properly
2231 4.From subscriber, send ping request with valid s-tag and c-tag
2232 5.Verify that ping success
2233 6.Verify ping success flows in OvS switch in compute node
2234 7.Now restart the vSG VM
2235 8.Ensure that the vSG comes up properly after restart
2236 9.Verify that vCPE container comes up after vSG restart
2237 10.Repeat step 4
2238 11.Verify that now,ping gets success and flows added in OvS
2239 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2240
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2241 def test_vsg_for_pause_vcpe_instance(self):
2242 """
2243 Algo:
2244 1.Create a vSG VM in compute node
2245 2.Create a vCPE container in vSG VM
2246 3.Ensure vSG VM and vCPE container created properly
2247 4.From subscriber, send ping request with valid s-tag and c-tag
2248 5.Verify that ping success
2249 6.Verify ping success flows in OvS switch in compute node
2250 7.Now pause vCPE container in vSG VM for a while
2251 8.Ensure that the container state is pause
2252 9.Repeat step 4
2253 10.Verify that now,ping fails now and verify flows in OvS
2254 11.Now resume the container
2255 12.Now repeat step 4 again
2256 13.Verify that now, ping gets success
2257 14.Verify ping success flows in OvS
2258 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2259
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2260 def test_vsg_for_extract_all_compute_stats_from_all_vcpe_containers(self):
2261 """
2262 Algo:
2263 1.Create a vSG VM in compute node
2264 2.Create 10 vCPE containers in VM
2265 3.Ensure vSG VM and vCPE containers created properly
2266 4.Login to all vCPE containers
2267 4.Get all compute stats from all vCPE containers
2268 5.Verify the stats # verification method need to add
2269 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2270
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2271 def test_vsg_for_extract_dns_stats_from_all_vcpe_containers(self):
2272 """
2273 Algo:
2274 1.Create a vSG VM in compute node
2275 2.Create 10 vCPE containers in VM
2276 3.Ensure vSG VM and vCPE containers created properly
2277 4.From 10 subscribers, send ping to valid and invalid dns hosts
2278 5.Verify dns resolves and ping success for valid dns hosts
2279 6.Verify ping fails for invalid dns hosts
2280 7.Verify dns host name resolve flows in OvS
2281 8.Login to all 10 vCPE containers
2282 9.Extract all dns stats
2283 10.Verify dns stats for queries sent, queries received for dns host resolve success and failed scenarios
2284 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2285
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2286 def test_vsg_for_subscriber_access_two_vsg_services(self):
2287 """
2288 # Intention is to verify if subscriber can reach internet via two vSG VMs
2289 Algo:
2290 1.Create two vSG VMs for two services in compute node
2291 2.Create one vCPE container in each VM for one subscriber
2292 3.Ensure VMs and containers created properly
2293 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2294 5.Verify ping gets success
2295 6.Verify ping success flows in OvS
2296 7.Now repeat step 4 with stag corresponds to vSG-2 VM
2297 8.Verify that ping again success
2298 9.Verify ping success flows in OvS
2299 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2300
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2301 def test_vsg_for_subscriber_access_service2_if_service1_goes_down(self):
2302 """
2303 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
2304 Algo:
2305 1.Create two vSG VMs for two services in compute node
2306 2.Create one vCPE container in each VM for one subscriber
2307 3.Ensure VMs and containers created properly
2308 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2309 5.Verify ping gets success
2310 6.Verify ping success flows in OvS
2311 7.Down the vSG-1 VM
2312 8.Now repeat step 4
2313 9.Verify that ping fails as vSG-1 is down
2314 10.Repeat step 4 with stag corresponding to vSG-2
2315 9.Verify ping success and flows added in OvS
2316 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2317
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2318 def test_vsg_for_subscriber_access_service2_if_service1_goes_restart(self):
2319 """
2320 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
2321 Algo:
2322 1.Create two vSG VMs for two services in compute node
2323 2.Create one vCPE container in each VM for one subscriber
2324 3.Ensure VMs and containers created properly
2325 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2326 5.Verify ping gets success
2327 6.Verify ping success flows added in OvS
2328 7.Now restart vSG-1 VM
2329 8.Now repeat step 4 while vSG-1 VM restarts
2330 9.Verify that ping fails as vSG-1 is restarting
2331 10.Repeat step 4 with stag corresponding to vSG-2 while vSG-1 VM restarts
2332 11.Verify ping success and flows added in OvS
2333 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2334
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2335 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_goes_down(self):
2336 """
2337 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
2338 Algo:
2339 1.Create a vSG VM in compute node
2340 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2341 3.Ensure VM and containers created properly
2342 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2343 5.Verify ping gets success
2344 6.Verify ping success flows added in OvS
2345 7.Now stop vCPE-1 container
2346 8.Now repeat step 4
2347 9.Verify that ping fails as vCPE-1 container is down
2348 10.Repeat step 4 with ctag corresponding to vCPE-2 container
2349 11.Verify ping success and flows added in OvS
2350 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2351
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2352 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_restart(self):
2353 """
2354 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
2355 Algo:
2356 1.Create a vSG VM in compute node
2357 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2358 3.Ensure VM and containers created properly
2359 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2360 5.Verify ping gets success
2361 6.Verify ping success flows added in OvS
2362 7.Now restart vCPE-1 container
2363 8.Now repeat step 4 while vCPE-1 restarts
2364 9.Verify that ping fails as vCPE-1 container is restarts
2365 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 restarts
2366 11..Verify ping success and flows added in OvS
2367 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2368
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2369 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_pause(self):
2370 """
2371 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 paused
2372 Algo:
2373 1.Create a vSG VM in compute node
2374 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2375 3.Ensure VM and containers created properly
2376 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2377 5.Verify ping gets success
2378 6.Verify ping success flows added in OvS
2379 7.Now pause vCPE-1 container
2380 8.Now repeat step 4 while vCPE-1 in pause state
2381 9.Verify that ping fails as vCPE-1 container in pause state
2382 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 in pause state
2383 11.Verify ping success and flows added in OvS
2384 """
2385 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_removed(self):
2386 """
2387 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 removed
2388 Algo:
2389 1.Create a vSG VM in compute node
2390 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2391 3.Ensure VM and containers created properly
2392 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2393 5.Verify ping gets success
2394 6.Verify ping success flows added in OvS
2395 7.Now remove vCPE-1 container
2396 8.Now repeat step 4
2397 9.Verify that ping fails as vCPE-1 container removed
2398 10.Repeat step 4 with ctag corresponding to vCPE-2 container
2399 11.Verify ping success and flows added in OvS
2400 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2401
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2402 def test_vsg_for_vcpe_instance_removed_and_added_again(self):
2403 """
2404 Algo:
2405 1.Create a vSG VM in compute node
2406 2.Create a vCPE container in vSG VM
2407 3.Ensure VM and containers created properly
2408 4.From subscriber end, send ping to public IP
2409 5.Verify ping gets success
2410 6.Verify ping success flows added in OvS
2411 7.Now remove vCPE container in vSG VM
2412 8.Now repeat step 4
2413 9.Verify that ping fails as vCPE container removed
2414 10.Create the vCPE container again for the same subscriber
2415 11.Ensure that vCPE created now
2416 12.Now repeat step 4
2417 13.Verify ping success and flows added in OvS
2418 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2419
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2420 def test_vsg_for_vsg_vm_removed_and_added_again(self):
2421 """
2422 Algo:
2423 1.Create a vSG VM in compute node
2424 2.Create a vCPE container in vSG VM
2425 3.Ensure VM and containers created properly
2426 4.From subscriber end, send ping to public IP
2427 5.Verify ping gets success
2428 6.Verify ping success flows added in OvS
2429 7.Now remove vSG VM
2430 8.Now repeat step 4
2431 9.Verify that ping fails as vSG VM not exists
2432 10.Create the vSG VM and vCPE container in VM again
2433 11.Ensure that vSG and vCPE created
2434 12.Now repeat step 4
2435 13.Verify ping success and flows added in OvS
2436 """
2437
2438 #Test vSG - Subscriber Configuration
2439 def test_vsg_for_configuring_new_subscriber_in_vcpe(self):
2440 """
2441 Algo:
2442 1.Create a vSG VM in compute node
2443 2.Create a vCPE container in vSG VM
2444 3.Ensure VM and containers created properly
2445 4.Configure a subscriber in XOS and assign a service id
2446 5.Set the admin privileges to the subscriber
2447 6.Verify subscriber configuration is success
2448 """
2449 def test_vsg_for_adding_subscriber_devices_in_vcpe(self):
2450 """
2451 Algo:
2452 1.Create a vSG VM in compute node
2453 2.Create a vCPE container in vSG VM
2454 3.Ensure VM and containers created properly
2455 4.Configure a subscriber in XOS and assign a service id
2456 5.Verify subscriber successfully configured in vCPE
2457 6.Now add devices( Mac addresses ) under the subscriber admin group
2458 7.Verify all devices ( Macs ) added successfully
2459 """
2460 def test_vsg_for_removing_subscriber_devices_in_vcpe(self):
2461 """
2462 Algo:
2463 1.Create a vSG VM in compute node
2464 2.Create a vCPE container in vSG VM
2465 3.Ensure VM and containers created properly
2466 4.Configure a subscriber in XOS and assign a service id
2467 5.Verify subscriber successfully configured
2468 6.Now add devices( Mac addresses ) under the subscriber admin group
2469 7.Verify all devices ( Macs ) added successfully
2470 8.Now remove All the added devices in XOS
2471 9.Verify all the devices removed
2472 """
2473 def test_vsg_for_modify_subscriber_devices_in_vcpe(self):
2474 """
2475 Algo:
2476 1.Create a vSG VM in compute node
2477 2.Create a vCPE container in vSG VM
2478 3.Ensure VM and containers created properly
2479 4.Configure a user in XOS and assign a service id
2480 5.Verify subscriber successfully configured in vCPE.
2481 6.Now add devices( Mac addresses ) under the subscriber admin group
2482 7.Verify all devices ( Macs ) added successfully
2483 8.Now remove few devices in XOS
2484 9.Verify devices removed successfully
2485 10.Now add few additional devices in XOS under the same subscriber admin group
2486 11.Verify newly added devices successfully added
2487 """
2488 def test_vsg_for_vcpe_login_fails_with_incorrect_subscriber_credentials(self):
2489 """
2490 Algo:
2491 1.Create a vSG VM in compute node
2492 2.Create a vCPE container in vSG VM
2493 3.Ensure VM and containers created properly
2494 4.Configure a subscriber in XOS and assign a service id
2495 5.Verify subscriber successfully configured
2496 6.Now add devices( Mac addresses ) under the subscriber admin group
2497 7.Verify all devices ( Macs ) added successfully
2498 8.Login vCPE with credentials with which subscriber configured
2499 9.Verify subscriber successfully logged in
2500 10.Logout and login again with incorrect credentials ( either user name or password )
2501 11.Verify login attempt to vCPE fails wtih incorrect credentials
2502 """
2503 def test_vsg_for_subscriber_configuration_in_vcpe_retain_after_vcpe_restart(self):
2504 """
2505 Algo:
2506 1.Create a vSG VM in compute node
2507 2.Create a vCPE container in vSG VM
2508 3.Ensure VM and containers created properly
2509 4.Configure a subscriber in XOS and assign a service id
2510 5.Verify subscriber successfully configured
2511 6.Now add devices( Mac addresses ) under the subscriber admin group
2512 7.Verify all devices ( Macs ) added successfully
2513 8.Restart vCPE ( locate backup config path while restart )
2514 9.Verify subscriber details in vCPE after restart should be same as before the restart
2515 """
2516 def test_vsg_for_create_multiple_vcpe_instances_and_configure_subscriber_in_each_instance(self):
2517 """
2518 Algo:
2519 1.Create a vSG VM in compute node
2520 2.Create 2 vCPE containers in vSG VM
2521 3.Ensure VM and containers created properly
2522 4.Configure a subscriber in XOS for each vCPE instance and assign a service id
2523 5.Verify subscribers successfully configured
2524 6.Now login vCPE-2 with subscriber-1 credentials
2525 7.Verify login fails
2526 8.Now login vCPE-1 with subscriber-2 credentials
2527 9.Verify login fails
2528 10.Now login vCPE-1 with subscriber-1 and vCPE-2 with subscriber-2 credentials
2529 11.Verify that both the subscribers able to login to their respective vCPE containers
2530 """
2531 def test_vsg_for_same_subscriber_can_be_configured_for_multiple_services(self):
2532 """
2533 Algo:
2534 1.Create 2 vSG VMs in compute node
2535 2.Create a vCPE container in each vSG VM
2536 3.Ensure VMs and containers created properly
2537 4.Configure same subscriber in XOS for each vCPE instance and assign a service id
2538 5.Verify subscriber successfully configured
2539 6.Now login vCPE-1 with subscriber credentials
2540 7.Verify login success
2541 8.Now login vCPE-2 with the same subscriber credentials
2542 9.Verify login success
2543 """
2544
2545 #Test Example Service
2546 def test_vsg_for_subcriber_avail_example_service_running_in_apache_server(self):
2547 """
2548 Algo:
2549 1.Create a vSG VM in compute node
2550 2.Create a vCPE container in each vSG VM
2551 3.Ensure VM and container created properly
2552 4.Configure a subscriber in XOS for the vCPE instance and assign a service id
2553 5.On-board an example service into cord pod
2554 6.Create a VM in compute node and run the example service ( Apache server )
2555 7.Configure the example service with service specific and subscriber specific messages
2556 8.Verify example service on-boarded successfully
2557 9.Verify example service running in VM
2558 10.Run a curl command from subscriber to reach example service
2559 11.Verify subscriber can successfully reach example service via vSG
2560 12.Verify that service specific and subscriber specific messages
2561 """
2562 def test_vsg_for_subcriber_avail_example_service_running_in_apache_server_after_service_restart(self):
2563 """
2564 Algo:
2565 1.Create a vSG VM in compute node
2566 2.Create a vCPE container in each vSG VM
2567 3.Ensure VM and container created properly
2568 4.Configure a subscriber in XOS for the vCPE instance and assign a service id
2569 5.On-board an example service into cord pod
2570 6.Create a VM in compute node and run the example service ( Apache server )
2571 7.Configure the example service with service specific and subscriber specific messages
2572 8.Verify example service on-boarded successfully
2573 9.Verify example service running in VM
2574 10.Run a curl command from subscriber to reach example service
2575 11.Verify subscriber can successfully reach example service via vSG
2576 12.Verify that service specific and subscriber specific messages
2577 13.Restart example service running in VM
2578 14.Repeat step 10
2579 15.Verify the same results as mentioned in steps 11, 12
2580 """
2581
2582 #vCPE Firewall Functionality
2583 def test_vsg_firewall_for_creating_acl_rule_based_on_source_ip(self):
2584 """
2585 Algo:
2586 1.Create a vSG VM in compute node
2587 2.Create vCPE container in the VM
2588 3.Ensure vSG VM and vCPE container created properly
2589 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
2590 5.Bound the acl rule to WAN interface of vCPE
2591 6.Verify configuration in vCPE is success
2592 8.Verify flows added in OvS
2593 """
2594 def test_vsg_firewall_for_creating_acl_rule_based_on_destination_ip(self):
2595 """
2596 Algo:
2597 1.Create a vSG VM in compute node
2598 2.Create vCPE container in the VM
2599 3.Ensure vSG VM and vCPE container created properly
2600 4.Configure ac acl rule in vCPE to deny IP traffic to a destination ip
2601 5.Bound the acl rule to WAN interface of vCPE
2602 6.Verify configuration in vCPE is success
2603 8.Verify flows added in OvS
2604 """
2605 def test_vsg_firewall_for_acl_deny_rule_based_on_source_ip_traffic(self):
2606 """
2607 Algo:
2608 1.Create a vSG VM in compute node
2609 2.Create vCPE container in the VM
2610 3.Ensure vSG VM and vCPE container created properly
2611 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
2612 5.Bound the acl rule to WAN interface of vCPE
2613 6.From subscriber, send ping to the denied IP address
2614 7.Verify that ping fails as vCPE denies ping response
2615 8.Verify flows added in OvS
2616 """
2617 def test_vsg_firewall_for_acl_deny_rule_based_on_destination_ip_traffic(self):
2618 """
2619 Algo:
2620 1.Create a vSG VM in compute node
2621 2.Create vCPE container in the VM
2622 3.Ensure vSG VM and vCPE container created properly
2623 4.Configure ac acl rule in vCPE to deny IP traffic to a destination IP
2624 5.Bound the acl rule to WAN interface of vCPE
2625 6.From subscriber, send ping to the denied IP address
2626 7.Verify that ping fails as vCPE drops the ping request at WAN interface
2627 8.Verify flows added in OvS
2628 """
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]2629
2630 def test_vsg_dnsmasq(self):
2631 pass
2632
2633 def test_vsg_with_external_parental_control_family_shield_for_filter(self):
2634 pass
2635
2636 def test_vsg_with_external_parental_control_with_answerx(self):
2637 pass
2638
2639 def test_vsg_for_subscriber_upstream_bandwidth(self):
2640 pass
2641
2642 def test_vsg_for_subscriber_downstream_bandwidth(self):
2643 pass
2644
2645 def test_vsg_for_diagnostic_run_of_traceroute(self):
2646 pass
2647
2648 def test_vsg_for_diagnostic_run_of_tcpdump(self):
2649 pass
2650
2651 def test_vsg_for_iptable_rules(self):
2652 pass
2653
2654 def test_vsg_for_iptables_with_neutron(self):
2655 pass