Gitiles
Code Review Sign In
gerrit.opencord.org / cord-tester / 79b3553f17a1a08a688daf51056db5377a5b2681 / . / src / test / vsg / vsgTest.py
blob: 47d65215baa6296a1b0ba83aea4f9d1a783d185a [file] [log] [blame]
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]1#copyright 2016-present Ciena Corporation
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14#
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]15import time
16import os
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]17import sys
18import json
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]19from nose.tools import *
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]20from CordTestUtils import *
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]21from OltConfig import OltConfig
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]22from onosclidriver import OnosCliDriver
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]23from SSHTestAgent import SSHTestAgent
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]24from CordLogger import CordLogger
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]25from VSGAccess import VSGAccess
A R Karthick933f5b52017-03-27 15:27:16 -0700[diff] [blame]26from CordTestUtils import log_test as log
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]27from OnosCtrl import OnosCtrl
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]28
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]29log.setLevel('INFO')
30
31class vsg_exchange(CordLogger):
32 ONOS_INSTANCES = 3
33 V_INF1 = 'veth0'
34 device_id = 'of:' + get_mac()
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]35 TEST_IP = '8.8.8.8'
36 HOST = "10.1.0.1"
37 USER = "vagrant"
38 PASS = "vagrant"
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]39 head_node = os.getenv('HEAD_NODE', 'prod')
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]40 HEAD_NODE = head_node + '.cord.lab' if len(head_node.split('.')) == 1 else head_node
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]41 test_path = os.path.dirname(os.path.realpath(__file__))
42 olt_conf_file = os.path.join(test_path, '..', 'setup/olt_config.json')
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]43 restApiXos = None
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]44 subscriber_account_num = 200
45 subscriber_s_tag = 304
46 subscriber_c_tag = 304
47 subscribers_per_s_tag = 8
48 subscriber_map = {}
49
50 @classmethod
51 def getSubscriberCredentials(cls, subId):
52 """Generate our own account num, s_tag and c_tags"""
53 if subId in cls.subscriber_map:
54 return cls.subscriber_map[subId]
55 account_num = cls.subscriber_account_num
56 cls.subscriber_account_num += 1
57 s_tag, c_tag = cls.subscriber_s_tag, cls.subscriber_c_tag
58 cls.subscriber_c_tag += 1
59 if cls.subscriber_c_tag % cls.subscribers_per_s_tag == 0:
60 cls.subscriber_s_tag += 1
61 cls.subscriber_map[subId] = account_num, s_tag, c_tag
62 return cls.subscriber_map[subId]
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]63
64 @classmethod
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]65 def getXosCredentials(cls):
66 onos_cfg = OnosCtrl.get_config()
67 if onos_cfg is None:
68 return None
69 if 'apps' in onos_cfg and \
70 'org.opencord.vtn' in onos_cfg['apps'] and \
71 'cordvtn' in onos_cfg['apps']['org.opencord.vtn'] and \
72 'xos' in onos_cfg['apps']['org.opencord.vtn']['cordvtn']:
73 xos_cfg = onos_cfg['apps']['org.opencord.vtn']['cordvtn']['xos']
74 endpoint = xos_cfg['endpoint']
75 user = xos_cfg['user']
76 password = xos_cfg['password']
77 xos_endpoints = endpoint.split(':')
78 xos_host = xos_endpoints[1][len('//'):]
79 xos_port = xos_endpoints[2][:-1]
80 #log.info('xos_host: %s, port: %s, user: %s, password: %s' %(xos_host, xos_port, user, password))
81 return dict(host = xos_host, port = xos_port, user = user, password = password)
82
83 return None
84
85 @classmethod
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]86 def setUpCordApi(cls):
87 our_path = os.path.dirname(os.path.realpath(__file__))
88 cord_api_path = os.path.join(our_path, '..', 'cord-api')
89 framework_path = os.path.join(cord_api_path, 'Framework')
90 utils_path = os.path.join(framework_path, 'utils')
91 data_path = os.path.join(cord_api_path, 'Tests', 'data')
92 subscriber_cfg = os.path.join(data_path, 'Subscriber.json')
93 volt_tenant_cfg = os.path.join(data_path, 'VoltTenant.json')
94
95 with open(subscriber_cfg) as f:
96 subscriber_data = json.load(f)
97 subscriber_info = subscriber_data['SubscriberInfo']
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]98 for i in xrange(len(subscriber_info)):
99 subscriber = subscriber_info[i]
100 account_num, _, _ = cls.getSubscriberCredentials('sub{}'.format(i))
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]101 subscriber['identity']['account_num'] = str(account_num)
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]102 cls.subscriber_info = subscriber_info
103
104 with open(volt_tenant_cfg) as f:
105 volt_tenant_data = json.load(f)
106 volt_subscriber_info = volt_tenant_data['voltSubscriberInfo']
107 assert_equal(len(volt_subscriber_info), len(cls.subscriber_info))
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]108 for i in xrange(len(volt_subscriber_info)):
109 volt_subscriber = volt_subscriber_info[i]
110 account_num, s_tag, c_tag = cls.getSubscriberCredentials('sub{}'.format(i))
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]111 volt_subscriber['account_num'] = account_num
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]112 volt_subscriber['voltTenant']['s_tag'] = str(s_tag)
113 volt_subscriber['voltTenant']['c_tag'] = str(c_tag)
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]114 cls.volt_subscriber_info = volt_subscriber_info
115
116 sys.path.append(utils_path)
117 sys.path.append(framework_path)
118 from restApi import restApi
119 restApiXos = restApi()
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]120 xos_credentials = cls.getXosCredentials()
121 if xos_credentials is None:
122 restApiXos.controllerIP = cls.HEAD_NODE
123 restApiXos.controllerPort = '9000'
124 else:
125 restApiXos.controllerIP = xos_credentials['host']
126 restApiXos.controllerPort = xos_credentials['port']
127 restApiXos.user = xos_credentials['user']
128 restApiXos.password = xos_credentials['password']
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]129 cls.restApiXos = restApiXos
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]130
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]131 @classmethod
132 def setUpClass(cls):
133 cls.controllers = get_controllers()
134 cls.controller = cls.controllers[0]
135 cls.cli = None
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]136 cls.olt = OltConfig(olt_conf_file = cls.olt_conf_file)
137 cls.vcpes = cls.olt.get_vcpes()
138 cls.vcpes_dhcp = cls.olt.get_vcpes_by_type('dhcp')
139 vcpe_dhcp = None
140 vcpe_dhcp_stag = None
141 vcpe_container = None
142 #cache the first dhcp vcpe in the class for quick testing
143 if cls.vcpes_dhcp:
144 vcpe_container = 'vcpe-{}-{}'.format(cls.vcpes_dhcp[0]['s_tag'], cls.vcpes_dhcp[0]['c_tag'])
145 vcpe_dhcp = 'vcpe0.{}.{}'.format(cls.vcpes_dhcp[0]['s_tag'], cls.vcpes_dhcp[0]['c_tag'])
146 vcpe_dhcp_stag = 'vcpe0.{}'.format(cls.vcpes_dhcp[0]['s_tag'])
147 cls.vcpe_container = vcpe_container
148 cls.vcpe_dhcp = vcpe_dhcp
149 cls.vcpe_dhcp_stag = vcpe_dhcp_stag
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]150 VSGAccess.setUp()
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]151 cls.setUpCordApi()
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]152
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]153 @classmethod
154 def tearDownClass(cls):
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]155 VSGAccess.tearDown()
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]156
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]157 def cliEnter(self, controller = None):
158 retries = 0
159 while retries < 30:
160 self.cli = OnosCliDriver(controller = controller, connect = True)
161 if self.cli.handle:
162 break
163 else:
164 retries += 1
165 time.sleep(2)
166
167 def cliExit(self):
168 self.cli.disconnect()
169
170 def onos_shutdown(self, controller = None):
171 status = True
172 self.cliEnter(controller = controller)
173 try:
174 self.cli.shutdown(timeout = 10)
175 except:
176 log.info('Graceful shutdown of ONOS failed for controller: %s' %controller)
177 status = False
178
179 self.cliExit()
180 return status
181
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]182 def log_set(self, level = None, app = 'org.onosproject'):
183 CordLogger.logSet(level = level, app = app, controllers = self.controllers, forced = True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]184
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]185 def test_vsg_health(self):
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]186 status = VSGAccess.health_check()
187 assert_equal(status, True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]188
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]189 def test_vsg_for_vcpe(self):
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]190 vsgs = VSGAccess.get_vsgs()
191 compute_nodes = VSGAccess.get_compute_nodes()
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]192 assert_not_equal(len(vsgs), 0)
193 assert_not_equal(len(compute_nodes), 0)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]194
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]195 def test_vsg_for_login(self):
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]196 vsgs = VSGAccess.get_vsgs()
197 vsg_access_status = map(lambda vsg: vsg.check_access(), vsgs)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]198 status = filter(lambda st: st == False, vsg_access_status)
199 assert_equal(len(status), 0)
200
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]201 def test_vsg_for_default_route_through_testclient(self):
202 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
203 cmd = "sudo lxc exec testclient -- route | grep default"
204 status, output = ssh_agent.run_cmd(cmd)
205 assert_equal(status, True)
206
207 def test_vsg_for_external_connectivity_through_testclient(self):
208 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
209 cmd = "lxc exec testclient -- ping -c 3 8.8.8.8"
210 status, output = ssh_agent.run_cmd(cmd)
211 assert_equal( status, True)
212
213 def test_vsg_for_external_connectivity(self):
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]214 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]215 mgmt = 'eth0'
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]216 host = '8.8.8.8'
217 self.success = False
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]218 assert_not_equal(vcpe, None)
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]219 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]220 assert_not_equal(vcpe_ip, None)
221 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
222 log.info('Sending icmp echo requests to external network 8.8.8.8')
223 st, _ = getstatusoutput('ping -c 3 8.8.8.8')
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]224 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]225 assert_equal(st, 0)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]226
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]227 def test_vsg_for_external_connectivity_to_google(self):
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]228 host = 'www.google.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]229 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]230 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]231 assert_not_equal(vcpe, None)
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]232 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]233 assert_not_equal(vcpe_ip, None)
234 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
235 log.info('Sending icmp ping requests to %s' %host)
236 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]237 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]238 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]239
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]240 def test_vsg_for_external_connectivity_to_invalid_host(self):
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]241 host = 'www.goglee.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]242 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]243 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]244 assert_not_equal(vcpe, None)
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]245 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]246 assert_not_equal(vcpe_ip, None)
247 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
248 log.info('Sending icmp ping requests to non existent host %s' %host)
249 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]250 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]251 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]252
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]253 def test_vsg_for_external_connectivity_with_ttl_1(self):
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]254 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]255 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]256 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]257 assert_not_equal(vcpe, None)
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]258 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]259 assert_not_equal(vcpe_ip, None)
260 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
261 log.info('Sending icmp ping requests to host %s with ttl 1' %host)
262 st, _ = getstatusoutput('ping -c 1 -t 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]263 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]264 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]265
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]266 def test_vsg_for_external_connectivity_with_wan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]267 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]268 mgmt = 'eth0'
269 vcpe = self.vcpe_container
270 assert_not_equal(vcpe, None)
271 assert_not_equal(self.vcpe_dhcp, None)
272 #first get dhcp on the vcpe interface
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]273 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]274 assert_not_equal(vcpe_ip, None)
275 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
276 log.info('Sending ICMP pings to host %s' %(host))
277 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
278 if st != 0:
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]279 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]280 assert_equal(st, 0)
281 #bring down the wan interface and check again
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]282 st = VSGAccess.vcpe_wan_down(vcpe)
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]283 if st is False:
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]284 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]285 assert_equal(st, True)
286 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
287 if st == 0:
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]288 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]289 assert_not_equal(st, 0)
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]290 st = VSGAccess.vcpe_wan_up(vcpe)
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]291 if st is False:
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]292 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]293 assert_equal(st, True)
294 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]295 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]296 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]297
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]298 def test_vsg_for_external_connectivity_with_lan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]299 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]300 mgmt = 'eth0'
301 vcpe = self.vcpe_container
302 assert_not_equal(vcpe, None)
303 assert_not_equal(self.vcpe_dhcp, None)
304 #first get dhcp on the vcpe interface
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]305 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]306 assert_not_equal(vcpe_ip, None)
307 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
308 log.info('Sending ICMP pings to host %s' %(host))
309 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
310 if st != 0:
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]311 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]312 assert_equal(st, 0)
313 #bring down the lan interface and check again
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]314 st = VSGAccess.vcpe_lan_down(vcpe)
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]315 if st is False:
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]316 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]317 assert_equal(st, True)
318 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
319 if st == 0:
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]320 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]321 assert_not_equal(st, 0)
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]322 st = VSGAccess.vcpe_lan_up(vcpe)
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]323 if st is False:
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]324 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]325 assert_equal(st, True)
326 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]327 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]328 assert_equal(st, 0)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]329
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]330 def test_vsg_firewall_with_deny_destination_ip(self, vcpe=None):
331 host = '8.8.8.8'
332 if not vcpe:
333 vcpe = self.vcpe_container
334 vsg = VSGAccess.get_vcpe_vsg(vcpe)
335 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
336 assert_equal(st, False)
337 try:
338 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe,host))
339 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
340 assert_equal(st, True)
341 finally:
342 vsg.run_cmd('sudo docker exec {} iptables -F'.format(vcpe))
343 vsg.run_cmd('sudo docker exec {} iptables -X'.format(vcpe))
344
345 def test_vsg_firewall_with_rule_add_and_delete_dest_ip(self, vcpe=None):
346 host = '8.8.8.8'
347 if not vcpe:
348 vcpe = self.vcpe_container
349 vsg = VSGAccess.get_vcpe_vsg(vcpe)
350 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
351 assert_equal(st, False)
352 try:
353 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe,host))
354 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
355 assert_equal(st, True)
356 st,_ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe,host))
357 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
358 assert_equal(st,False)
359 finally:
360 vsg.run_cmd('sudo docker exec {} iptables -F'.format(vcpe))
361 vsg.run_cmd('sudo docker exec {} iptables -X'.format(vcpe))
362
363 def test_vsg_firewall_verifying_reachability_for_non_blocked_dest_ip(self, vcpe=None):
364 host1 = '8.8.8.8'
365 host2 = '204.79.197.203'
366 if not vcpe:
367 vcpe = self.vcpe_container
368 vsg = VSGAccess.get_vcpe_vsg(vcpe)
369 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
370 assert_equal(st, False)
371 try:
372 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe,host1))
373 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
374 assert_equal(st, True)
375 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
376 assert_equal(st,False)
377 finally:
378 vsg.run_cmd('sudo docker exec {} iptables -F'.format(vcpe))
379 vsg.run_cmd('sudo docker exec {} iptables -X'.format(vcpe))
380
381 def test_vsg_firewall_appending_rules_with_deny_dest_ip(self, vcpe=None):
382 host1 = '8.8.8.8'
383 host2 = '204.79.197.203'
384 if not vcpe:
385 vcpe = self.vcpe_container
386 vsg = VSGAccess.get_vcpe_vsg(vcpe)
387 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
388 assert_equal(st, False)
389 try:
390 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe,host1))
391 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
392 assert_equal(st, True)
393 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
394 assert_equal(st, False)
395 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe,host2))
396 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
397 assert_equal(st,True)
398 finally:
399 vsg.run_cmd('sudo docker exec {} iptables -F'.format(vcpe))
400 vsg.run_cmd('sudo docker exec {} iptables -X'.format(vcpe))
401
402 def test_vsg_firewall_removing_one_rule_denying_dest_ip(self, vcpe=None):
403 host1 = '8.8.8.8'
404 host2 = '204.79.197.203'
405 if not vcpe:
406 vcpe = self.vcpe_container
407 vsg = VSGAccess.get_vcpe_vsg(vcpe)
408 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
409 assert_equal(st, False)
410 try:
411 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe,host1))
412 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe,host2))
413 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
414 assert_equal(st, True)
415 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
416 assert_equal(st,True)
417 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe,host2))
418 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
419 assert_equal(st,False)
420 finally:
421 vsg.run_cmd('sudo docker exec {} iptables -F'.format(vcpe))
422 vsg.run_cmd('sudo docker exec {} iptables -X'.format(vcpe))
423
424 def test_vsg_firewall_changing_rule_id_deny_dest_ip(self, vcpe=None):
425 host = '8.8.8.8'
426 if not vcpe:
427 vcpe = self.vcpe_container
428 vsg = VSGAccess.get_vcpe_vsg(vcpe)
429 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
430 assert_equal(st, False)
431 try:
432 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe,host))
433 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
434 assert_equal(st, True)
435 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -j ACCEPT 2'.format(vcpe))
436 st,output = vsg.run_cmd('sudo docker exec {} iptables -A FORWARD 2 -d {} -j DROP '.format(vcpe,host))
437 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
438 assert_equal(st,False)
439 finally:
440 vsg.run_cmd('sudo docker exec {} iptables -F'.format(vcpe))
441 vsg.run_cmd('sudo docker exec {} iptables -X'.format(vcpe))
442
443 def test_vsg_firewall_changing_deny_rule_to_accept_dest_ip(self, vcpe=None):
444 host1 = '8.8.8.8'
445 host2 = '204.79.197.203'
446 if not vcpe:
447 vcpe = self.vcpe_container
448 vsg = VSGAccess.get_vcpe_vsg(vcpe)
449 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
450 assert_equal(st, False)
451 try:
452 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe,host))
453 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
454 assert_equal(st, True)
455 st,output = vsg.run_cmd('sudo docker exec {} iptables -A FORWARD -d {} -j ACCEPT 1'.format(vcpe,host))
456 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
457 assert_equal(st,False)
458 finally:
459 vsg.run_cmd('sudo docker exec {} iptables -F'.format(vcpe))
460 vsg.run_cmd('sudo docker exec {} iptables -X'.format(vcpe))
461
462 def test_vsg_firewall_denying_destination_network(self, vcpe=None):
463 network = '206.190.36.44/28'
464 host1 = '204.79.197.46'
465 host2 = '204.79.197.51'
466 if not vcpe:
467 vcpe = self.vcpe_container
468 vsg = VSGAccess.get_vcpe_vsg(vcpe)
469 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
470 assert_equal(st, False)
471 try:
472 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe,network))
473 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
474 assert_equal(st, True)
475 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
476 assert_equal(st,False)
477 finally:
478 vsg.run_cmd('sudo docker exec {} iptables -F'.format(vcpe))
479
480 def test_vsg_firewall_denying_destination_network_subnet_modification(self, vcpe=None):
481 network1 = '206.190.36.44/28'
482 network2 = '206.190.36.44/26'
483 host1 = '204.79.197.46'
484 host2 = '204.79.197.51'
485 host2 = '204.79.197.63'
486 if not vcpe:
487 vcpe = self.vcpe_container
488 vsg = VSGAccess.get_vcpe_vsg(vcpe)
489 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
490 assert_equal(st, False)
491 try:
492 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe,network1))
493 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
494 assert_equal(st, True)
495 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
496 assert_equal(st,False)
497 st,output = vsg.run_cmd('sudo docker exec {} iptables -A FORWARD -d {} -j DROP'.format(vcpe,network2))
498 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
499 assert_equal(st, True)
500 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
501 assert_equal(st, True)
502 st, _ = getstatusoutput('ping -c 1 {}'.format(host3))
503 assert_equal(st, False)
504 finally:
505 vsg.run_cmd('sudo docker exec {} iptables -F'.format(vcpe))
506
507 def test_vsg_firewall_with_deny_source_ip(self, vcpe=None):
508 host = '8.8.8.8'
509 source_ip = self.vcpe_dhcp
510 if not vcpe:
511 vcpe = self.vcpe_container
512 vsg = VSGAccess.get_vcpe_vsg(vcpe)
513 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
514 assert_equal(st, False)
515 try:
516 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe,source_ip))
517 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
518 assert_equal(st, True)
519 finally:
520 vsg.run_cmd('sudo docker exec {} iptables -F'.format(vcpe))
521
522 def test_vsg_firewall_rule_with_add_and_delete_deny_source_ip(self, vcpe=None):
523 host = '8.8.8.8'
524 source_ip = self.vcpe_dhcp
525 if not vcpe:
526 vcpe = self.vcpe_container
527 vsg = VSGAccess.get_vcpe_vsg(vcpe)
528 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
529 assert_equal(st, False)
530 try:
531 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe,source_ip))
532 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
533 assert_equal(st, True)
534 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe,source_ip))
535 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
536 assert_equal(st, False)
537 finally:
538 vsg.run_cmd('sudo docker exec {} iptables -F'.format(vcpe))
539
540 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_requests_type(self, vcpe=None):
541 host = '8.8.8.8'
542 if not vcpe:
543 vcpe = self.vcpe_container
544 vsg = VSGAccess.get_vcpe_vsg(vcpe)
545 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
546 assert_equal(st, False)
547 try:
548 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe))
549 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
550 assert_equal(st, True)
551 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe))
552 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
553 assert_equal(st, False)
554 finally:
555 vsg.run_cmd('sudo docker exec {} iptables -F'.format(vcpe))
556 vsg.run_cmd('sudo docker exec {} iptables -X'.format(vcpe))
557
558 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_reply_type(self, vcpe=None):
559 host = '8.8.8.8'
560 if not vcpe:
561 vcpe = self.vcpe_container
562 vsg = VSGAccess.get_vcpe_vsg(vcpe)
563 st, _ = getstatusoutput('ping -c 1 {}'.format('8.8.8.8'))
564 assert_equal(st, False)
565 try:
566 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe))
567 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
568 assert_equal(st, True)
569 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe))
570 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
571 assert_equal(st,False)
572 finally:
573 st, _ = vsg.run_cmd('sudo docker exec {} iptables -X'.format(vcpe))
574 st, _ = vsg.run_cmd('sudo docker exec {} iptables -F'.format(vcpe))
575
576 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_requests_type(self, vcpe=None):
577 host = '8.8.8.8'
578 if not vcpe:
579 vcpe = self.vcpe_container
580 vsg = VSGAccess.get_vcpe_vsg(vcpe)
581 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
582 assert_equal(st, False)
583 try:
584 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 1 -p icmp --icmp-type echo-request -j DROP'.format(vcpe))
585 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
586 assert_equal(st, True)
587 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 1 -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe))
588 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
589 assert_equal(st,False)
590 finally:
591 st, _ = vsg.run_cmd('sudo docker exec {} iptables -X'.format(vcpe))
592 st, _ = vsg.run_cmd('sudo docker exec {} iptables -F'.format(vcpe))
593
594 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_reply_type(self, vcpe=None):
595 host = '8.8.8.8'
596 if not vcpe:
597 vcpe = self.vcpe_container
598 vsg = VSGAccess.get_vcpe_vsg(vcpe)
599 st, out1 = getstatusoutput('ping -c 1 {}'.format(host))
600 assert_equal(st, False)
601 try:
602 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 1 -p icmp --icmp-type echo-reply -j DROP'.format(vcpe))
603 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
604 assert_equal(st, True)
605 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 1 -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe))
606 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
607 assert_equal(st,False)
608 finally:
609 st, _ = vsg.run_cmd('sudo docker exec {} iptables -X'.format(vcpe))
610 st, _ = vsg.run_cmd('sudo docker exec {} iptables -F'.format(vcpe))
611
612 def test_vsg_firewall_for_deny_icmp_protocol(self, vcpe=None):
613 host = '8.8.8.8'
614 if not vcpe:
615 vcpe = self.vcpe_container
616 vsg = VSGAccess.get_vcpe_vsg(vcpe)
617 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
618 assert_equal(st, False)
619 try:
620 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe))
621 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
622 assert_equal(st, True)
623 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe))
624 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
625 assert_equal(st,False)
626 finally:
627 st, _ = vsg.run_cmd('sudo docker exec {} iptables -X'.format(vcpe))
628 st, _ = vsg.run_cmd('sudo docker exec {} iptables -F'.format(vcpe))
629
630 def test_vsg_firewall_rule_deny_icmp_protocol_and_destination_ip(self, vcpe=None):
631 host = '8.8.8.8'
632 if not vcpe:
633 vcpe = self.vcpe_container
634 vsg = VSGAccess.get_vcpe_vsg(vcpe)
635 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
636 assert_equal(st, False)
637 try:
638 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe,host))
639 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
640 assert_equal(st, True)
641 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe))
642 assert_equal(st, True)
643 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe,host))
644 assert_equal(st, True)
645 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe))
646 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
647 assert_equal(st,False)
648 finally:
649 st, _ = vsg.run_cmd('sudo docker exec {} iptables -X'.format(vcpe))
650 st, _ = vsg.run_cmd('sudo docker exec {} iptables -F'.format(vcpe))
651
652 def test_vsg_firewall_flushing_all_configured_rules(self, vcpe=None):
653 host = '8.8.8.8'
654 if not vcpe:
655 vcpe = self.vcpe_container
656 vsg = VSGAccess.get_vcpe_vsg(vcpe)
657 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
658 assert_equal(st, False)
659 try:
660 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe,host))
661 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
662 assert_equal(st, True)
663 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe))
664 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
665 assert_equal(st, True)
666 st,output = vsg.run_cmd('sudo docker exec {} iptables -F'.format(vcpe))
667 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
668 assert_equal(st, False)
669 finally:
670 st, _ = vsg.run_cmd('sudo docker exec {} iptables -X'.format(vcpe))
671 st, _ = vsg.run_cmd('sudo docker exec {} iptables -F'.format(vcpe))
672
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]673 def test_vsg_firewall_deny_all_ipv4_traffic(self, vcpe=None):
674 host = '8.8.8.8'
675 if not vcpe:
676 vcpe = self.vcpe_container
677 vsg = VSGAccess.get_vcpe_vsg(vcpe)
678 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
679 assert_equal(st, False)
680 try:
681 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe))
682 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
683 assert_equal(st, True)
684 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe))
685 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
686 assert_equal(st, False)
687 finally:
688 st, _ = vsg.run_cmd('sudo docker exec {} iptables -X'.format(vcpe))
689
690 def test_vsg_firewall_replacing_deny_rule_to_accept_rule(self, vcpe=None):
691 host = '8.8.8.8'
692 if not vcpe:
693 vcpe = self.vcpe_container
694 vsg = VSGAccess.get_vcpe_vsg(vcpe)
695 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
696 assert_equal(st, False)
697 try:
698 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 1 -4 -j DROP'.format(vcpe))
699 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
700 assert_equal(st, True)
701 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -4 -j ACCEPT'.format(vcpe))
702 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
703 assert_equal(st, False)
704 finally:
705 st, _ = vsg.run_cmd('sudo docker exec {} iptables -X'.format(vcpe))
706
707 def test_vsg_firewall_deny_all_traffic_from_lan_to_wan_in_vcpe(self, vcpe=None):
708 host = '8.8.8.8'
709 if not vcpe:
710 vcpe = self.vcpe_container
711 vsg = VSGAccess.get_vcpe_vsg(vcpe)
712 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
713 assert_equal(st, False)
714 try:
715 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe))
716 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
717 assert_equal(st, True)
718 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j ACCEPT'.format(vcpe))
719 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
720 assert_equal(st, False)
721 finally:
722 st, _ = vsg.run_cmd('sudo docker exec {} iptables -X'.format(vcpe))
723
724 def test_vsg_firewall_deny_all_dns_traffic(self, vcpe=None):
725 host = 'www.google.com'
726 if not vcpe:
727 vcpe = self.vcpe_container
728 vsg = VSGAccess.get_vcpe_vsg(vcpe)
729 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
730 assert_equal(st, False)
731 try:
732 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 1 -p udp --dport 53 -j DROP'.format(vcpe))
733 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
734 assert_equal(st, True)
735 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p udp --dport 53 -j ACCEPT'.format(vcpe))
736 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
737 assert_equal(st, False)
738 finally:
739 st, _ = vsg.run_cmd('sudo docker exec {} iptables -X'.format(vcpe))
740
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]741 def test_vsg_xos_subscriber(self):
742 subscriber_info = self.subscriber_info[0]
743 volt_subscriber_info = self.volt_subscriber_info[0]
744 result = self.restApiXos.ApiPost('TENANT_SUBSCRIBER', subscriber_info)
745 assert_equal(result, True)
746 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
747 assert_not_equal(result, None)
748 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
749 assert_not_equal(subId, '0')
750 log.info('Subscriber ID for account num %d = %s' %(volt_subscriber_info['account_num'], subId))
751 volt_tenant = volt_subscriber_info['voltTenant']
752 #update the subscriber id in the tenant info before making the rest
753 volt_tenant['subscriber'] = subId
754 result = self.restApiXos.ApiPost('TENANT_VOLT', volt_tenant)
755 assert_equal(result, True)
756
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]757 def test_vsg_for_ping_from_vsg_to_external_network(self):
758 """
759 Algo:
760 1.Create a vSG VM in compute node
761 2.Ensure VM created properly
762 3.Verify login to VM success
763 4.Do ping to external network from vSG VM
764 5.Verify that ping gets success
765 6.Verify ping success flows added in OvS
766 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]767
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]768 def test_vsg_for_ping_from_vcpe_to_external_network(self):
769 """
770 Algo:
771 1.Create a vSG VM in compute node
772 2.Create a vCPE container inside VM
773 3.Verify both VM and Container created properly
774 4.Verify login to vCPE container success
775 5.Do ping to external network from vCPE container
776 6.Verify that ping gets success
777 7.Verify ping success flows added in OvS
778 """
779
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]780 def test_vsg_for_dns_service(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]781 """
782 Algo:
783 1. Create a test client in Prod VM
784 2. Create a vCPE container in vSG VM inside compute Node
785 3. Ensure vSG VM and vCPE container created properly
786 4. Enable dns service in vCPE ( if not by default )
787 5. Send ping request from test client to valid domain address say, 'www.google'com
788 6. Verify that dns should resolve ping should success
789 7. Now send ping request to invalid domain address say 'www.invalidaddress'.com'
790 8. Verify that dns resolve should fail and hence ping
791 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]792
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]793 def test_vsg_for_10_subscribers_for_same_service(self):
794 """
795 Algo:
796 1.Create a vSG VM in compute node
797 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
798 3.Ensure vSG VM and vCPE container created properly
799 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to valid external public IP
800 5.Verify that ping success for all 10 subscribers
801 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]802
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]803 def test_vsg_for_10_subscribers_for_same_service_ping_invalid_ip(self):
804 """
805 Algo:
806 1.Create a vSG VM in compute Node
807 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
808 3.Ensure vSG VM and vCPE container created properly
809 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to invalid IP
810 5.Verify that ping fails for all 10 subscribers
811 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]812
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]813 def test_vsg_for_10_subscribers_for_same_service_ping_valid_and_invalid_ip(self):
814 """
815 Algo:
816 1.Create a vSG VM in VM
817 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
818 3.Ensure vSG VM and vCPE container created properly
819 4.From first 5 subscribers, with same s-tag and different c-tag, send a ping to valid IP
820 5.Verify that ping success for all 5 subscribers
821 6.From next 5 subscribers, with same s-tag and different c-tag, send a ping to invalid IP
822 7.Verify that ping fails for all 5 subscribers
823 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]824
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]825 def test_vsg_for_100_subscribers_for_same_service(self):
826 """
827 Algo:
828 1.Create a vSG VM in compute node
829 2.Create 100 vCPE containers for 100 subscribers, in vSG VM
830 3.Ensure vSG VM and vCPE container created properly
831 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to valid external public IP
832 5.Verify that ping success for all 100 subscribers
833 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]834
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]835 def test_vsg_for_100_subscribers_for_same_service_ping_invalid_ip(self):
836 """
837 Algo:
838 1.Create a vSG VM in compute Node
839 2.Create 10 vCPE containers for 100 subscribers, in vSG VM
840 3.Ensure vSG VM and vCPE container created properly
841 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to invalid IP
842 5.Verify that ping fails for all 100 subscribers
843 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]844
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]845 def test_vsg_for_100_subscribers_for_same_service_ping_valid_and_invalid_ip(self):
846 """
847 Algo:
848 1.Create a vSG VM in VM
849 2.Create 10 vCPE containers for 100 subscribers, in vSG VM
850 3.Ensure vSG VM and vCPE container created properly
851 4.From first 5 subscribers, with same s-tag and different c-tag, send a ping to valid IP
852 5.Verify that ping success for all 5 subscribers
853 6.From next 5 subscribers, with same s-tag and different c-tag, send a ping to invalid IP
854 7.Verify that ping fails for all 5 subscribers
855 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]856
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]857 def test_vsg_for_packet_received_with_invalid_ip_fields(self):
858 """
859 Algo:
860 1.Create a vSG VM in compute node
861 2.Create a vCPE container in vSG VM
862 3.Ensure vSG VM and vCPE container created properly
863 4.From subscriber, send a ping packet with invalid ip fields
864 5.Verify that vSG drops the packet
865 6.Verify ping fails
866 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]867
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]868 def test_vsg_for_packet_received_with_invalid_mac_fields(self):
869 """
870 Algo:
871 1.Create a vSG VM in compute node
872 2.Create a vCPE container in vSG VM
873 3.Ensure vSG VM and vCPE container created properly
874 4.From subscriber, send a ping packet with invalid mac fields
875 5.Verify that vSG drops the packet
876 6.Verify ping fails
877 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]878
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]879 def test_vsg_for_vlan_id_mismatch_in_stag(self):
880 """
881 Algo:
882 1.Create a vSG VM in compute Node
883 2.Create a vCPE container in vSG VM
884 3.Ensure vSG VM and vCPE container created properly
885 4.Send a ping request to external valid IP from subscriber, with incorrect vlan id in s-tag and valid c-tag
886 5.Verify that ping fails as the packet drops at VM entry
887 6.Repeat step 4 with correct s-tag
888 7.Verify that ping success
889 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]890
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]891 def test_vsg_for_vlan_id_mismatch_in_ctag(self):
892 """
893 Algo:
894 1.Create a vSG VM in compute node
895 2.Create a vCPE container in vSG VM
896 3.Ensure vSG VM and vCPE container created properly
897 4.Send a ping request to external valid IP from subscriber, with valid s-tag and incorrect vlan id in c-tag
898 5.Verify that ping fails as the packet drops at vCPE container entry
899 6.Repeat step 4 with valid s-tag and c-tag
900 7.Verify that ping success
901 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]902
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]903 def test_vsg_for_matching_and_mismatching_vlan_id_in_stag(self):
904 """
905 Algo:
906 1.Create two vSG VMs in compute node
907 2.Create a vCPE container in each vSG VM
908 3.Ensure vSG VM and vCPE container created properly
909 4.From subscriber one, send ping request with valid s and c tags
910 5.From subscriber two, send ping request with vlan id mismatch in s-tag and valid c tags
911 6.Verify that ping success for only subscriber one and fails for two.
912 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]913
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]914 def test_vsg_for_matching_and_mismatching_vlan_id_in_ctag(self):
915 """
916 Algo:
917 1.Create a vSG VM in compute node
918 2.Create two vCPE containers in vSG VM
919 3.Ensure vSG VM and vCPE container created properly
920 4.From subscriber one, send ping request with valid s and c tags
921 5.From subscriber two, send ping request with valid s-tag and vlan id mismatch in c-tag
922 6.Verify that ping success for only subscriber one and fails for two
923 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]924
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]925 def test_vsg_for_out_of_range_vlanid_in_ctag(self):
926 """
927 Algo:
928 1.Create a vSG VM in compute node
929 2.Create a vCPE container in vSG VM
930 3.Ensure vSG VM and vCPE container created properly
931 4.From subscriber, send ping request with valid stag and vlan id in c-tag is an out of range value ( like 0,4097 )
932 4.Verify that ping fails as the ping packets drops at vCPE container entry
933 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]934
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]935 def test_vsg_for_out_of_range_vlanid_in_stag(self):
936 """
937 Algo:
938 1.Create a vSG VM in compute node
939 2.Create a vCPE container in vSG VM
940 3.Ensure vSG VM and vCPE container created properly
941 2.From subscriber, send ping request with vlan id in s-tag is an out of range value ( like 0,4097 ), with valid c-tag
942 4.Verify that ping fails as the ping packets drops at vSG VM entry
943 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]944
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]945 def test_vsg_without_creating_vcpe_instance(self):
946 """
947 Algo:
948 1.Create a vSG VM in compute Node
949 2.Ensure vSG VM created properly
950 3.Do not create vCPE container inside vSG VM
951 4.From a subscriber, send ping to external valid IP
952 5.Verify that ping fails as the ping packet drops at vSG VM entry itself.
953 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]954
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]955 def test_vsg_for_remove_vcpe_instance(self):
956 """
957 Algo:
958 1.Create a vSG VM in compute node
959 2.Create a vCPE container in vSG VM
960 3.Ensure vSG VM and vCPE container created properly
961 4.From subscriber, send ping request with valid s-tag and c-tag
962 5.Verify that ping success
963 6.Verify ping success flows in OvS switch in compute node
964 7.Now remove the vCPE container in vSG VM
965 8.Ensure that the container removed properly
966 9.Repeat step 4
967 10.Verify that now, ping fails
968 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]969
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]970 def test_vsg_for_restart_vcpe_instance(self):
971 """
972 Algo:
973 1.Create a vSG VM in compute node
974 2.Create a vCPE container in vSG VM
975 3.Ensure vSG VM and vCPE container created properly
976 4.From subscriber, send ping request with valid s-tag and c-tag
977 5.Verify that ping success
978 6.Verify ping success flows in OvS switch in compute node
979 7.Now restart the vCPE container in vSG VM
980 8.Ensure that the container came up after restart
981 9.Repeat step 4
982 10.Verify that now,ping gets success and flows added in OvS
983 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]984
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]985 def test_vsg_for_restart_vsg_vm(self):
986 """
987 Algo:
988 1.Create a vSG VM in compute node
989 2.Create a vCPE container in vSG VM
990 3.Ensure vSG VM and vCPE container created properly
991 4.From subscriber, send ping request with valid s-tag and c-tag
992 5.Verify that ping success
993 6.Verify ping success flows in OvS switch in compute node
994 7.Now restart the vSG VM
995 8.Ensure that the vSG comes up properly after restart
996 9.Verify that vCPE container comes up after vSG restart
997 10.Repeat step 4
998 11.Verify that now,ping gets success and flows added in OvS
999 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1000
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1001 def test_vsg_for_pause_vcpe_instance(self):
1002 """
1003 Algo:
1004 1.Create a vSG VM in compute node
1005 2.Create a vCPE container in vSG VM
1006 3.Ensure vSG VM and vCPE container created properly
1007 4.From subscriber, send ping request with valid s-tag and c-tag
1008 5.Verify that ping success
1009 6.Verify ping success flows in OvS switch in compute node
1010 7.Now pause vCPE container in vSG VM for a while
1011 8.Ensure that the container state is pause
1012 9.Repeat step 4
1013 10.Verify that now,ping fails now and verify flows in OvS
1014 11.Now resume the container
1015 12.Now repeat step 4 again
1016 13.Verify that now, ping gets success
1017 14.Verify ping success flows in OvS
1018 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1019
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1020 def test_vsg_for_extract_all_compute_stats_from_all_vcpe_containers(self):
1021 """
1022 Algo:
1023 1.Create a vSG VM in compute node
1024 2.Create 10 vCPE containers in VM
1025 3.Ensure vSG VM and vCPE containers created properly
1026 4.Login to all vCPE containers
1027 4.Get all compute stats from all vCPE containers
1028 5.Verify the stats # verification method need to add
1029 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1030
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1031 def test_vsg_for_extract_dns_stats_from_all_vcpe_containers(self):
1032 """
1033 Algo:
1034 1.Create a vSG VM in compute node
1035 2.Create 10 vCPE containers in VM
1036 3.Ensure vSG VM and vCPE containers created properly
1037 4.From 10 subscribers, send ping to valid and invalid dns hosts
1038 5.Verify dns resolves and ping success for valid dns hosts
1039 6.Verify ping fails for invalid dns hosts
1040 7.Verify dns host name resolve flows in OvS
1041 8.Login to all 10 vCPE containers
1042 9.Extract all dns stats
1043 10.Verify dns stats for queries sent, queries received for dns host resolve success and failed scenarios
1044 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1045
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1046 def test_vsg_for_subscriber_access_two_vsg_services(self):
1047 """
1048 # Intention is to verify if subscriber can reach internet via two vSG VMs
1049 Algo:
1050 1.Create two vSG VMs for two services in compute node
1051 2.Create one vCPE container in each VM for one subscriber
1052 3.Ensure VMs and containers created properly
1053 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
1054 5.Verify ping gets success
1055 6.Verify ping success flows in OvS
1056 7.Now repeat step 4 with stag corresponds to vSG-2 VM
1057 8.Verify that ping again success
1058 9.Verify ping success flows in OvS
1059 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1060
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1061 def test_vsg_for_subscriber_access_service2_if_service1_goes_down(self):
1062 """
1063 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
1064 Algo:
1065 1.Create two vSG VMs for two services in compute node
1066 2.Create one vCPE container in each VM for one subscriber
1067 3.Ensure VMs and containers created properly
1068 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
1069 5.Verify ping gets success
1070 6.Verify ping success flows in OvS
1071 7.Down the vSG-1 VM
1072 8.Now repeat step 4
1073 9.Verify that ping fails as vSG-1 is down
1074 10.Repeat step 4 with stag corresponding to vSG-2
1075 9.Verify ping success and flows added in OvS
1076 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1077
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1078 def test_vsg_for_subscriber_access_service2_if_service1_goes_restart(self):
1079 """
1080 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
1081 Algo:
1082 1.Create two vSG VMs for two services in compute node
1083 2.Create one vCPE container in each VM for one subscriber
1084 3.Ensure VMs and containers created properly
1085 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
1086 5.Verify ping gets success
1087 6.Verify ping success flows added in OvS
1088 7.Now restart vSG-1 VM
1089 8.Now repeat step 4 while vSG-1 VM restarts
1090 9.Verify that ping fails as vSG-1 is restarting
1091 10.Repeat step 4 with stag corresponding to vSG-2 while vSG-1 VM restarts
1092 11.Verify ping success and flows added in OvS
1093 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1094
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1095 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_goes_down(self):
1096 """
1097 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
1098 Algo:
1099 1.Create a vSG VM in compute node
1100 2.Create two vCPE containers corresponds to two subscribers in vSG VM
1101 3.Ensure VM and containers created properly
1102 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
1103 5.Verify ping gets success
1104 6.Verify ping success flows added in OvS
1105 7.Now stop vCPE-1 container
1106 8.Now repeat step 4
1107 9.Verify that ping fails as vCPE-1 container is down
1108 10.Repeat step 4 with ctag corresponding to vCPE-2 container
1109 11.Verify ping success and flows added in OvS
1110 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1111
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1112 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_restart(self):
1113 """
1114 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
1115 Algo:
1116 1.Create a vSG VM in compute node
1117 2.Create two vCPE containers corresponds to two subscribers in vSG VM
1118 3.Ensure VM and containers created properly
1119 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
1120 5.Verify ping gets success
1121 6.Verify ping success flows added in OvS
1122 7.Now restart vCPE-1 container
1123 8.Now repeat step 4 while vCPE-1 restarts
1124 9.Verify that ping fails as vCPE-1 container is restarts
1125 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 restarts
1126 11..Verify ping success and flows added in OvS
1127 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1128
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1129 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_pause(self):
1130 """
1131 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 paused
1132 Algo:
1133 1.Create a vSG VM in compute node
1134 2.Create two vCPE containers corresponds to two subscribers in vSG VM
1135 3.Ensure VM and containers created properly
1136 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
1137 5.Verify ping gets success
1138 6.Verify ping success flows added in OvS
1139 7.Now pause vCPE-1 container
1140 8.Now repeat step 4 while vCPE-1 in pause state
1141 9.Verify that ping fails as vCPE-1 container in pause state
1142 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 in pause state
1143 11.Verify ping success and flows added in OvS
1144 """
1145 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_removed(self):
1146 """
1147 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 removed
1148 Algo:
1149 1.Create a vSG VM in compute node
1150 2.Create two vCPE containers corresponds to two subscribers in vSG VM
1151 3.Ensure VM and containers created properly
1152 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
1153 5.Verify ping gets success
1154 6.Verify ping success flows added in OvS
1155 7.Now remove vCPE-1 container
1156 8.Now repeat step 4
1157 9.Verify that ping fails as vCPE-1 container removed
1158 10.Repeat step 4 with ctag corresponding to vCPE-2 container
1159 11.Verify ping success and flows added in OvS
1160 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1161
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1162 def test_vsg_for_vcpe_instance_removed_and_added_again(self):
1163 """
1164 Algo:
1165 1.Create a vSG VM in compute node
1166 2.Create a vCPE container in vSG VM
1167 3.Ensure VM and containers created properly
1168 4.From subscriber end, send ping to public IP
1169 5.Verify ping gets success
1170 6.Verify ping success flows added in OvS
1171 7.Now remove vCPE container in vSG VM
1172 8.Now repeat step 4
1173 9.Verify that ping fails as vCPE container removed
1174 10.Create the vCPE container again for the same subscriber
1175 11.Ensure that vCPE created now
1176 12.Now repeat step 4
1177 13.Verify ping success and flows added in OvS
1178 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1179
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1180 def test_vsg_for_vsg_vm_removed_and_added_again(self):
1181 """
1182 Algo:
1183 1.Create a vSG VM in compute node
1184 2.Create a vCPE container in vSG VM
1185 3.Ensure VM and containers created properly
1186 4.From subscriber end, send ping to public IP
1187 5.Verify ping gets success
1188 6.Verify ping success flows added in OvS
1189 7.Now remove vSG VM
1190 8.Now repeat step 4
1191 9.Verify that ping fails as vSG VM not exists
1192 10.Create the vSG VM and vCPE container in VM again
1193 11.Ensure that vSG and vCPE created
1194 12.Now repeat step 4
1195 13.Verify ping success and flows added in OvS
1196 """
1197
1198 #Test vSG - Subscriber Configuration
1199 def test_vsg_for_configuring_new_subscriber_in_vcpe(self):
1200 """
1201 Algo:
1202 1.Create a vSG VM in compute node
1203 2.Create a vCPE container in vSG VM
1204 3.Ensure VM and containers created properly
1205 4.Configure a subscriber in XOS and assign a service id
1206 5.Set the admin privileges to the subscriber
1207 6.Verify subscriber configuration is success
1208 """
1209 def test_vsg_for_adding_subscriber_devices_in_vcpe(self):
1210 """
1211 Algo:
1212 1.Create a vSG VM in compute node
1213 2.Create a vCPE container in vSG VM
1214 3.Ensure VM and containers created properly
1215 4.Configure a subscriber in XOS and assign a service id
1216 5.Verify subscriber successfully configured in vCPE
1217 6.Now add devices( Mac addresses ) under the subscriber admin group
1218 7.Verify all devices ( Macs ) added successfully
1219 """
1220 def test_vsg_for_removing_subscriber_devices_in_vcpe(self):
1221 """
1222 Algo:
1223 1.Create a vSG VM in compute node
1224 2.Create a vCPE container in vSG VM
1225 3.Ensure VM and containers created properly
1226 4.Configure a subscriber in XOS and assign a service id
1227 5.Verify subscriber successfully configured
1228 6.Now add devices( Mac addresses ) under the subscriber admin group
1229 7.Verify all devices ( Macs ) added successfully
1230 8.Now remove All the added devices in XOS
1231 9.Verify all the devices removed
1232 """
1233 def test_vsg_for_modify_subscriber_devices_in_vcpe(self):
1234 """
1235 Algo:
1236 1.Create a vSG VM in compute node
1237 2.Create a vCPE container in vSG VM
1238 3.Ensure VM and containers created properly
1239 4.Configure a user in XOS and assign a service id
1240 5.Verify subscriber successfully configured in vCPE.
1241 6.Now add devices( Mac addresses ) under the subscriber admin group
1242 7.Verify all devices ( Macs ) added successfully
1243 8.Now remove few devices in XOS
1244 9.Verify devices removed successfully
1245 10.Now add few additional devices in XOS under the same subscriber admin group
1246 11.Verify newly added devices successfully added
1247 """
1248 def test_vsg_for_vcpe_login_fails_with_incorrect_subscriber_credentials(self):
1249 """
1250 Algo:
1251 1.Create a vSG VM in compute node
1252 2.Create a vCPE container in vSG VM
1253 3.Ensure VM and containers created properly
1254 4.Configure a subscriber in XOS and assign a service id
1255 5.Verify subscriber successfully configured
1256 6.Now add devices( Mac addresses ) under the subscriber admin group
1257 7.Verify all devices ( Macs ) added successfully
1258 8.Login vCPE with credentials with which subscriber configured
1259 9.Verify subscriber successfully logged in
1260 10.Logout and login again with incorrect credentials ( either user name or password )
1261 11.Verify login attempt to vCPE fails wtih incorrect credentials
1262 """
1263 def test_vsg_for_subscriber_configuration_in_vcpe_retain_after_vcpe_restart(self):
1264 """
1265 Algo:
1266 1.Create a vSG VM in compute node
1267 2.Create a vCPE container in vSG VM
1268 3.Ensure VM and containers created properly
1269 4.Configure a subscriber in XOS and assign a service id
1270 5.Verify subscriber successfully configured
1271 6.Now add devices( Mac addresses ) under the subscriber admin group
1272 7.Verify all devices ( Macs ) added successfully
1273 8.Restart vCPE ( locate backup config path while restart )
1274 9.Verify subscriber details in vCPE after restart should be same as before the restart
1275 """
1276 def test_vsg_for_create_multiple_vcpe_instances_and_configure_subscriber_in_each_instance(self):
1277 """
1278 Algo:
1279 1.Create a vSG VM in compute node
1280 2.Create 2 vCPE containers in vSG VM
1281 3.Ensure VM and containers created properly
1282 4.Configure a subscriber in XOS for each vCPE instance and assign a service id
1283 5.Verify subscribers successfully configured
1284 6.Now login vCPE-2 with subscriber-1 credentials
1285 7.Verify login fails
1286 8.Now login vCPE-1 with subscriber-2 credentials
1287 9.Verify login fails
1288 10.Now login vCPE-1 with subscriber-1 and vCPE-2 with subscriber-2 credentials
1289 11.Verify that both the subscribers able to login to their respective vCPE containers
1290 """
1291 def test_vsg_for_same_subscriber_can_be_configured_for_multiple_services(self):
1292 """
1293 Algo:
1294 1.Create 2 vSG VMs in compute node
1295 2.Create a vCPE container in each vSG VM
1296 3.Ensure VMs and containers created properly
1297 4.Configure same subscriber in XOS for each vCPE instance and assign a service id
1298 5.Verify subscriber successfully configured
1299 6.Now login vCPE-1 with subscriber credentials
1300 7.Verify login success
1301 8.Now login vCPE-2 with the same subscriber credentials
1302 9.Verify login success
1303 """
1304
1305 #Test Example Service
1306 def test_vsg_for_subcriber_avail_example_service_running_in_apache_server(self):
1307 """
1308 Algo:
1309 1.Create a vSG VM in compute node
1310 2.Create a vCPE container in each vSG VM
1311 3.Ensure VM and container created properly
1312 4.Configure a subscriber in XOS for the vCPE instance and assign a service id
1313 5.On-board an example service into cord pod
1314 6.Create a VM in compute node and run the example service ( Apache server )
1315 7.Configure the example service with service specific and subscriber specific messages
1316 8.Verify example service on-boarded successfully
1317 9.Verify example service running in VM
1318 10.Run a curl command from subscriber to reach example service
1319 11.Verify subscriber can successfully reach example service via vSG
1320 12.Verify that service specific and subscriber specific messages
1321 """
1322 def test_vsg_for_subcriber_avail_example_service_running_in_apache_server_after_service_restart(self):
1323 """
1324 Algo:
1325 1.Create a vSG VM in compute node
1326 2.Create a vCPE container in each vSG VM
1327 3.Ensure VM and container created properly
1328 4.Configure a subscriber in XOS for the vCPE instance and assign a service id
1329 5.On-board an example service into cord pod
1330 6.Create a VM in compute node and run the example service ( Apache server )
1331 7.Configure the example service with service specific and subscriber specific messages
1332 8.Verify example service on-boarded successfully
1333 9.Verify example service running in VM
1334 10.Run a curl command from subscriber to reach example service
1335 11.Verify subscriber can successfully reach example service via vSG
1336 12.Verify that service specific and subscriber specific messages
1337 13.Restart example service running in VM
1338 14.Repeat step 10
1339 15.Verify the same results as mentioned in steps 11, 12
1340 """
1341
1342 #vCPE Firewall Functionality
1343 def test_vsg_firewall_for_creating_acl_rule_based_on_source_ip(self):
1344 """
1345 Algo:
1346 1.Create a vSG VM in compute node
1347 2.Create vCPE container in the VM
1348 3.Ensure vSG VM and vCPE container created properly
1349 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
1350 5.Bound the acl rule to WAN interface of vCPE
1351 6.Verify configuration in vCPE is success
1352 8.Verify flows added in OvS
1353 """
1354 def test_vsg_firewall_for_creating_acl_rule_based_on_destination_ip(self):
1355 """
1356 Algo:
1357 1.Create a vSG VM in compute node
1358 2.Create vCPE container in the VM
1359 3.Ensure vSG VM and vCPE container created properly
1360 4.Configure ac acl rule in vCPE to deny IP traffic to a destination ip
1361 5.Bound the acl rule to WAN interface of vCPE
1362 6.Verify configuration in vCPE is success
1363 8.Verify flows added in OvS
1364 """
1365 def test_vsg_firewall_for_acl_deny_rule_based_on_source_ip_traffic(self):
1366 """
1367 Algo:
1368 1.Create a vSG VM in compute node
1369 2.Create vCPE container in the VM
1370 3.Ensure vSG VM and vCPE container created properly
1371 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
1372 5.Bound the acl rule to WAN interface of vCPE
1373 6.From subscriber, send ping to the denied IP address
1374 7.Verify that ping fails as vCPE denies ping response
1375 8.Verify flows added in OvS
1376 """
1377 def test_vsg_firewall_for_acl_deny_rule_based_on_destination_ip_traffic(self):
1378 """
1379 Algo:
1380 1.Create a vSG VM in compute node
1381 2.Create vCPE container in the VM
1382 3.Ensure vSG VM and vCPE container created properly
1383 4.Configure ac acl rule in vCPE to deny IP traffic to a destination IP
1384 5.Bound the acl rule to WAN interface of vCPE
1385 6.From subscriber, send ping to the denied IP address
1386 7.Verify that ping fails as vCPE drops the ping request at WAN interface
1387 8.Verify flows added in OvS
1388 """
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]1389
1390 def test_vsg_dnsmasq(self):
1391 pass
1392
1393 def test_vsg_with_external_parental_control_family_shield_for_filter(self):
1394 pass
1395
1396 def test_vsg_with_external_parental_control_with_answerx(self):
1397 pass
1398
1399 def test_vsg_for_subscriber_upstream_bandwidth(self):
1400 pass
1401
1402 def test_vsg_for_subscriber_downstream_bandwidth(self):
1403 pass
1404
1405 def test_vsg_for_diagnostic_run_of_traceroute(self):
1406 pass
1407
1408 def test_vsg_for_diagnostic_run_of_tcpdump(self):
1409 pass
1410
1411 def test_vsg_for_iptable_rules(self):
1412 pass
1413
1414 def test_vsg_for_iptables_with_neutron(self):
1415 pass