Gitiles
Code Review Sign In
gerrit.opencord.org / cord-tester / 927129c49053cb40db69bf2acb62aa0bf6f5cfb1 / . / src / test / vsg / vsgTest.py
blob: 44fa242a04ac05fc963670788ec16566619f69bb [file] [log] [blame]
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]1#copyright 2016-present Ciena Corporation
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14#
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]15import time
16import os
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]17import sys
18import json
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]19from nose.tools import *
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]20from twisted.internet import defer
21from nose.twistedtools import reactor, deferred
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]22from CordTestUtils import *
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]23from OltConfig import OltConfig
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]24from onosclidriver import OnosCliDriver
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]25from SSHTestAgent import SSHTestAgent
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]26from CordLogger import CordLogger
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]27from VSGAccess import VSGAccess
A R Karthick933f5b52017-03-27 15:27:16 -0700[diff] [blame]28from CordTestUtils import log_test as log
A.R Karthick50f4d9a2017-04-20 16:44:19 -0700[diff] [blame]29from CordTestConfig import setup_module
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]30from OnosCtrl import OnosCtrl
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]31
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]32log.setLevel('INFO')
33
34class vsg_exchange(CordLogger):
35 ONOS_INSTANCES = 3
36 V_INF1 = 'veth0'
37 device_id = 'of:' + get_mac()
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]38 TEST_IP = '8.8.8.8'
39 HOST = "10.1.0.1"
40 USER = "vagrant"
41 PASS = "vagrant"
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]42 head_node = os.getenv('HEAD_NODE', 'prod')
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]43 HEAD_NODE = head_node + '.cord.lab' if len(head_node.split('.')) == 1 else head_node
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]44 test_path = os.path.dirname(os.path.realpath(__file__))
45 olt_conf_file = os.path.join(test_path, '..', 'setup/olt_config.json')
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]46 restApiXos = None
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]47 subscriber_account_num = 200
48 subscriber_s_tag = 304
49 subscriber_c_tag = 304
50 subscribers_per_s_tag = 8
51 subscriber_map = {}
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]52 subscriber_info = []
53 volt_subscriber_info = []
A R Karthick9a16a112017-04-07 15:40:05 -0700[diff] [blame]54 restore_methods = []
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]55 TIMEOUT=120
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]56 FABRIC_PORT_HEAD_NODE = 1
57 FABRIC_PORT_COMPUTE_NODE = 2
58 APP_NAME = 'org.ciena.xconnect'
59 APP_FILE = os.path.join(test_path, '..', 'apps/xconnect-1.0-SNAPSHOT.oar')
A.R Karthick50f4d9a2017-04-20 16:44:19 -0700[diff] [blame]60 NUM_SUBSCRIBERS = 5
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]61
62 @classmethod
63 def getSubscriberCredentials(cls, subId):
64 """Generate our own account num, s_tag and c_tags"""
65 if subId in cls.subscriber_map:
66 return cls.subscriber_map[subId]
67 account_num = cls.subscriber_account_num
68 cls.subscriber_account_num += 1
69 s_tag, c_tag = cls.subscriber_s_tag, cls.subscriber_c_tag
70 cls.subscriber_c_tag += 1
71 if cls.subscriber_c_tag % cls.subscribers_per_s_tag == 0:
72 cls.subscriber_s_tag += 1
73 cls.subscriber_map[subId] = account_num, s_tag, c_tag
74 return cls.subscriber_map[subId]
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]75
76 @classmethod
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]77 def getXosCredentials(cls):
78 onos_cfg = OnosCtrl.get_config()
79 if onos_cfg is None:
80 return None
81 if 'apps' in onos_cfg and \
82 'org.opencord.vtn' in onos_cfg['apps'] and \
83 'cordvtn' in onos_cfg['apps']['org.opencord.vtn'] and \
84 'xos' in onos_cfg['apps']['org.opencord.vtn']['cordvtn']:
85 xos_cfg = onos_cfg['apps']['org.opencord.vtn']['cordvtn']['xos']
86 endpoint = xos_cfg['endpoint']
87 user = xos_cfg['user']
88 password = xos_cfg['password']
89 xos_endpoints = endpoint.split(':')
90 xos_host = xos_endpoints[1][len('//'):]
91 xos_port = xos_endpoints[2][:-1]
92 #log.info('xos_host: %s, port: %s, user: %s, password: %s' %(xos_host, xos_port, user, password))
93 return dict(host = xos_host, port = xos_port, user = user, password = password)
94
95 return None
96
97 @classmethod
A.R Karthick50f4d9a2017-04-20 16:44:19 -0700[diff] [blame]98 def getSubscriberConfig(cls, num_subscribers):
99 features = {
100 'cdn': True,
101 'uplink_speed': 1000000000,
102 'downlink_speed': 1000000000,
103 'uverse': True,
104 'status': 'enabled'
105 }
106 subscriber_map = []
107 for i in xrange(num_subscribers):
108 subId = 'sub{}'.format(i)
109 account_num, _, _ = cls.getSubscriberCredentials(subId)
110 identity = { 'account_num' : str(account_num),
111 'name' : 'My House {}'.format(i)
112 }
113 sub_info = { 'features' : features,
114 'identity' : identity
115 }
116 subscriber_map.append(sub_info)
117
118 return subscriber_map
119
120 @classmethod
121 def getVoltSubscriberConfig(cls, num_subscribers):
122 voltSubscriberMap = []
123 for i in xrange(num_subscribers):
124 subId = 'sub{}'.format(i)
125 account_num, s_tag, c_tag = cls.getSubscriberCredentials(subId)
126 voltSubscriberInfo = {}
127 voltSubscriberInfo['voltTenant'] = dict(s_tag = str(s_tag),
128 c_tag = str(c_tag),
129 subscriber = '')
130 voltSubscriberInfo['account_num'] = account_num
131 voltSubscriberMap.append(voltSubscriberInfo)
132
133 return voltSubscriberMap
134
135 @classmethod
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]136 def setUpCordApi(cls):
137 our_path = os.path.dirname(os.path.realpath(__file__))
138 cord_api_path = os.path.join(our_path, '..', 'cord-api')
139 framework_path = os.path.join(cord_api_path, 'Framework')
140 utils_path = os.path.join(framework_path, 'utils')
141 data_path = os.path.join(cord_api_path, 'Tests', 'data')
142 subscriber_cfg = os.path.join(data_path, 'Subscriber.json')
143 volt_tenant_cfg = os.path.join(data_path, 'VoltTenant.json')
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]144 num_subscribers = max(cls.NUM_SUBSCRIBERS, 5)
145 cls.subscriber_info = cls.getSubscriberConfig(num_subscribers)
146 cls.volt_subscriber_info = cls.getVoltSubscriberConfig(num_subscribers)
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]147
148 sys.path.append(utils_path)
149 sys.path.append(framework_path)
150 from restApi import restApi
151 restApiXos = restApi()
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]152 xos_credentials = cls.getXosCredentials()
153 if xos_credentials is None:
154 restApiXos.controllerIP = cls.HEAD_NODE
155 restApiXos.controllerPort = '9000'
156 else:
157 restApiXos.controllerIP = xos_credentials['host']
158 restApiXos.controllerPort = xos_credentials['port']
159 restApiXos.user = xos_credentials['user']
160 restApiXos.password = xos_credentials['password']
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]161 cls.restApiXos = restApiXos
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]162
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]163 @classmethod
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]164 def closeVCPEAccess(cls, volt_subscriber_info):
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]165 """
166 Disabled uninstall app for now to disable deletion of flows on leaf-switch
167 """
168 return
169 #OnosCtrl.uninstall_app(cls.APP_NAME, onos_ip = cls.HEAD_NODE)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]170
171 @classmethod
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]172 def openVCPEAccess(cls, volt_subscriber_info):
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]173 """
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]174 This code is used to configure leaf switch for head node access to compute node over fabric.
175 Care is to be taken to avoid overwriting existing/default vcpe flows.
176 The access is opened for generated subscriber info which should not overlap.
177 We target the fabric onos instance on head node.
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]178 """
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]179 OnosCtrl.install_app(cls.APP_FILE, onos_ip = cls.HEAD_NODE)
180 time.sleep(2)
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]181 s_tags = map(lambda tenant: int(tenant['voltTenant']['s_tag']), volt_subscriber_info)
182 #only get unique vlan tags
183 s_tags = list(set(s_tags))
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]184 devices = OnosCtrl.get_device_ids(controller = cls.HEAD_NODE)
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]185 if devices:
186 device_config = {}
187 for device in devices:
188 device_config[device] = []
189 for s_tag in s_tags:
190 xconnect_config = {'vlan': s_tag, 'ports' : [ cls.FABRIC_PORT_HEAD_NODE, cls.FABRIC_PORT_COMPUTE_NODE ] }
191 device_config[device].append(xconnect_config)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]192
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]193 cfg = { 'apps' : { 'org.ciena.xconnect' : { 'xconnectTestConfig' : device_config } } }
194 OnosCtrl.config(cfg, controller = cls.HEAD_NODE)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]195
196 @classmethod
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]197 def setUpClass(cls):
198 cls.controllers = get_controllers()
199 cls.controller = cls.controllers[0]
200 cls.cli = None
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]201 cls.on_podd = running_on_podd()
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]202 cls.olt = OltConfig(olt_conf_file = cls.olt_conf_file)
203 cls.vcpes = cls.olt.get_vcpes()
204 cls.vcpes_dhcp = cls.olt.get_vcpes_by_type('dhcp')
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]205 cls.vcpes_reserved = cls.olt.get_vcpes_by_type('reserved')
206 cls.dhcp_vcpes_reserved = [ 'vcpe{}.{}.{}'.format(i, cls.vcpes_reserved[i]['s_tag'], cls.vcpes_reserved[i]['c_tag'])
207 for i in xrange(len(cls.vcpes_reserved)) ]
208 cls.untagged_dhcp_vcpes_reserved = [ 'vcpe{}'.format(i) for i in xrange(len(cls.vcpes_reserved)) ]
209 cls.container_vcpes_reserved = [ 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag']) for vcpe in cls.vcpes_reserved ]
210 vcpe_dhcp_reserved = None
211 vcpe_container_reserved = None
212 if cls.vcpes_reserved:
213 vcpe_dhcp_reserved = cls.dhcp_vcpes_reserved[0]
214 if cls.on_podd is False:
215 vcpe_dhcp_reserved = cls.untagged_dhcp_vcpes_reserved[0]
216 vcpe_container_reserved = cls.container_vcpes_reserved[0]
217
218 cls.vcpe_dhcp_reserved = vcpe_dhcp_reserved
219 cls.vcpe_container_reserved = vcpe_container_reserved
220 dhcp_vcpe_offset = len(cls.vcpes_reserved)
A R Karthick927129c2017-04-25 14:08:02 -0700[diff] [blame^]221 cls.dhcp_vcpes = [ 'vcpe{}.{}.{}'.format(i+dhcp_vcpe_offset, cls.vcpes_dhcp[i]['s_tag'], cls.vcpes_dhcp[i]['c_tag'])
222 for i in xrange(len(cls.vcpes_dhcp)) ]
223 cls.untagged_dhcp_vcpes = [ 'vcpe{}'.format(i+dhcp_vcpe_offset) for i in xrange(len(cls.vcpes_dhcp)) ]
224 cls.container_vcpes = [ 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag']) for vcpe in cls.vcpes_dhcp ]
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]225 vcpe_dhcp = None
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]226 vcpe_container = None
227 #cache the first dhcp vcpe in the class for quick testing
228 if cls.vcpes_dhcp:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]229 vcpe_container = cls.container_vcpes[0]
230 vcpe_dhcp = cls.dhcp_vcpes[0]
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]231 if cls.on_podd is False:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]232 vcpe_dhcp = cls.untagged_dhcp_vcpes[0]
233 cls.vcpe_container = vcpe_container_reserved or vcpe_container
234 cls.vcpe_dhcp = vcpe_dhcp_reserved or vcpe_dhcp
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]235 VSGAccess.setUp()
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]236 cls.setUpCordApi()
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]237 if cls.on_podd is True:
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]238 cls.openVCPEAccess(cls.volt_subscriber_info)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]239
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]240 @classmethod
241 def tearDownClass(cls):
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]242 VSGAccess.tearDown()
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]243 if cls.on_podd is True:
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]244 cls.closeVCPEAccess(cls.volt_subscriber_info)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]245
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]246 def cliEnter(self, controller = None):
247 retries = 0
248 while retries < 30:
249 self.cli = OnosCliDriver(controller = controller, connect = True)
250 if self.cli.handle:
251 break
252 else:
253 retries += 1
254 time.sleep(2)
255
256 def cliExit(self):
257 self.cli.disconnect()
258
259 def onos_shutdown(self, controller = None):
260 status = True
261 self.cliEnter(controller = controller)
262 try:
263 self.cli.shutdown(timeout = 10)
264 except:
265 log.info('Graceful shutdown of ONOS failed for controller: %s' %controller)
266 status = False
267
268 self.cliExit()
269 return status
270
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]271 def log_set(self, level = None, app = 'org.onosproject'):
272 CordLogger.logSet(level = level, app = app, controllers = self.controllers, forced = True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]273
A R Karthick9a16a112017-04-07 15:40:05 -0700[diff] [blame]274 @classmethod
275 def get_dhcp(cls, vcpe, mgmt = 'eth0'):
276 """Get DHCP for vcpe interface saving management settings"""
277
278 def put_dhcp():
279 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
280
281 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
282 if vcpe_ip is not None:
283 cls.restore_methods.append(put_dhcp)
284 return vcpe_ip
285
286 @classmethod
287 def config_restore(cls):
288 """Restore the vsg test configuration on test case failures"""
289 for restore_method in cls.restore_methods:
290 restore_method()
291
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]292 def get_vsg_vcpe_pair(self):
293 vcpes = self.vcpes_dhcp
294 vcpe_containers = []
295 vsg_vcpe = {}
296 for vcp in vcpes:
297 vcpe_container = 'vcpe-{}-{}'.format(vcp['s_tag'], vcp['c_tag'])
298 vcpe_containers.append(vcpe_container)
299 vsg = VSGAccess.get_vcpe_vsg(vcpe_container)
300 vsg_vcpe[vcpe_container]=str(vsg.get_ip())
301 return vsg_vcpe
302
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]303 def get_vcpe_containers_and_interfaces(self):
304 vcpe_containers = {}
305 vcpe_interfaces = []
306 vcpes = self.vcpes_dhcp
307 count = 0
308 for vcpe in vcpes:
309 vcpe_intf = 'vcpe{}.{}.{}'.format(count,vcpe['s_tag'],vcpe['c_tag'])
310 vcpe_interfaces.append(vcpe_intf)
311 vcpe_container = 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag'])
312 vcpe_containers[vcpe_intf] = vcpe_container
313 count += 1
314 log.info('vcpe interfaces are %s'%vcpe_interfaces)
315 log.info('vcpe containers are %s'%vcpe_containers)
316 return vcpe_interfaces,vcpe_containers
317
318 def get_vcpe_interface_dhcp_ip(self,vcpe=None):
319 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]320 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]321 st, _ = getstatusoutput('dhclient {}'.format(vcpe))
322 vcpe_ip = get_ip(vcpe)
323 return vcpe_ip
324
325 def release_vcpe_interface_dhcp_ip(self,vcpe=None):
326 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]327 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]328 st, _ = getstatusoutput('dhclient {} -r'.format(vcpe))
329 vcpe_ip = get_ip(vcpe)
330 assert_equal(vcpe_ip, None)
331
332 def add_static_route_via_vcpe_interface(self, routes, vcpe=None,dhcp_ip=True):
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]333 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]334 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]335 if dhcp_ip:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]336 os.system('dhclient '+vcpe)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]337 time.sleep(1)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]338 for route in routes:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]339 log.info('route is %s'%route)
340 cmd = 'ip route add ' + route + ' via 192.168.0.1 '+ 'dev ' + vcpe
341 cmds.append(cmd)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]342 for cmd in cmds:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]343 os.system(cmd)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]344 return True
345
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]346 def del_static_route_via_vcpe_interface(self,routes,vcpe=None,dhcp_release=True):
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]347 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]348 vcpe = self.vcpe_dhcp
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]349 cmds = []
350 for route in routes:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]351 cmd = 'ip route del ' + route + ' via 192.168.0.1 ' + 'dev ' + vcpe
352 os.system(cmd)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]353 if dhcp_release:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]354 os.system('dhclient '+vcpe+' -r')
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]355 return True
356
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]357 def test_vsg_multiple_subscribers_for_same_vcpe_instace(self):
358 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
359 for vcpe in vcpe_intfs:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]360 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
361 assert_not_equal(vcpe_ip,None)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]362 for vcpe in vcpe_intfs:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]363 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]364
365 def test_vsg_multiple_subscribers_for_same_vcpe_instance_ping_to_external_connectivity(self):
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]366 host = '8.8.8.8'
367 vcpe_intfs, containers = self.get_vcpe_containers_and_interfaces()
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]368 for vcpe in vcpe_intfs:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]369 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
370 assert_not_equal(vcpe_ip,None)
371 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe,dhcp_ip=False)
372 st, _ = getstatusoutput('ping -I {} -c 3 {}'.format(vcpe,host))
373 assert_equal(st, 0)
374 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe,dhcp_release=False)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]375 for vcpe in vcpe_intfs:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]376 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]377
378 def test_vsg_vcpe_interface_gets_dhcp_ip_after_interface_toggle(self):
379 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
380 for vcpe in vcpe_intfs:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]381 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
382 assert_not_equal(vcpe_ip,None)
383 os.system('ifconfig {} down'.format(vcpe))
384 time.sleep(1)
385 os.system('ifconfig {} up'.format(vcpe))
386 time.sleep(1)
387 vcpe_ip2 = get_ip(vcpe)
388 assert_equal(vcpe_ip2,vcpe_ip)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]389 for vcpe in vcpe_intfs:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]390 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]391
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]392 def test_vsg_health(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]393 """
394 Algo:
395 1. Login to compute node VM
396 2. Get all vSGs
397 3. Ping to all vSGs
398 4. Verifying Ping success
399 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]400 status = True
401 if self.on_podd is True:
402 status = VSGAccess.health_check()
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]403 assert_equal(status, True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]404
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]405 def test_vsg_health_check(self, vsg_name='mysite_vsg-1', verify_status=True):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]406 """
407 Algo:
408 1. If vsg name not specified, Get vsg corresponding to vcpe
409 1. Login to compute mode VM
410 3. Ping to the vSG
411 4. Verifying Ping success
412 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]413 if self.on_podd is False:
414 return
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]415 if not vsg_name:
416 vcpe = self.vcpe_container
417 vsg = VSGAccess.get_vcpe_vsg(vcpe)
418 status = vsg.get_health()
419 assert_equal(status, verify_status)
420 else:
421 vsgs = VSGAccess.get_vsgs()
422 status = None
423 for vsg in vsgs:
424 if vsg.name == vsg_name:
425 status = vsg.get_health()
426 log.info('vsg health check status is %s'%status)
427 assert_equal(status,verify_status)
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]428
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]429 @deferred(TIMEOUT)
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]430 def test_vsg_for_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]431 """
432 Algo:
433 1. Get list of all compute nodes created using Openstack
434 2. Login to compute mode VM
435 3. Get all vSGs
436 4. Verifying atleast one compute node and one vSG created
437 """
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]438 df = defer.Deferred()
439 def vsg_for_vcpe_df(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]440 if self.on_podd is True:
441 vsgs = VSGAccess.get_vsgs()
442 compute_nodes = VSGAccess.get_compute_nodes()
443 time.sleep(14)
444 assert_not_equal(len(vsgs), 0)
445 assert_not_equal(len(compute_nodes), 0)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]446 df.callback(0)
447 reactor.callLater(0,vsg_for_vcpe_df,df)
448 return df
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]449
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]450 def test_vsg_for_login(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]451 """
452 Algo:
453 1. Login to compute node VM
454 2. Get all vSGs
455 3. Verifying login to vSG is success
456 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]457 if self.on_podd is False:
458 return
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]459 vsgs = VSGAccess.get_vsgs()
460 vsg_access_status = map(lambda vsg: vsg.check_access(), vsgs)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]461 status = filter(lambda st: st == False, vsg_access_status)
462 assert_equal(len(status), 0)
463
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]464 def test_vsg_for_default_route_through_testclient(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]465 """
466 Algo:
467 1. Login to head node
468 2. Verifying for default route in lxc test client
469 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]470 if self.on_podd is False:
471 return
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]472 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
473 cmd = "sudo lxc exec testclient -- route | grep default"
474 status, output = ssh_agent.run_cmd(cmd)
475 assert_equal(status, True)
476
477 def test_vsg_for_external_connectivity_through_testclient(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]478 """
479 Algo:
480 1. Login to head node
481 2. On head node, executing ping to 8.8.8.8 from lxc test client
482 3. Verifying for the ping success
483 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]484 if self.on_podd is False:
485 return
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]486 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
487 cmd = "lxc exec testclient -- ping -c 3 8.8.8.8"
488 status, output = ssh_agent.run_cmd(cmd)
489 assert_equal( status, True)
490
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]491 def vsg_for_external_connectivity(self, subscriber_index, reserved = False):
492 if reserved is True:
493 vcpe = self.dhcp_vcpes_reserved[subscriber_index]
494 else:
495 vcpe = self.dhcp_vcpes[subscriber_index]
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]496 mgmt = 'eth0'
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]497 host = '8.8.8.8'
498 self.success = False
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]499 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]500 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]501 assert_not_equal(vcpe_ip, None)
502 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
503 log.info('Sending icmp echo requests to external network 8.8.8.8')
504 st, _ = getstatusoutput('ping -c 3 8.8.8.8')
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]505 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]506 assert_equal(st, 0)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]507
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]508 def test_vsg_for_external_connectivity(self):
509 """
510 Algo:
511 1. Get dhcp IP to vcpe interface in cord-tester
512 2. Verifying vcpe interface gets dhcp IP
513 3. Ping to 8.8.8.8 and Verifying ping should success
514 4. Restoring management interface configuration in cord-tester
515 """
516 self.vsg_for_external_connectivity(0, reserved = True)
517
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]518 def test_vsg_for_external_connectivity_to_google(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]519 """
520 Algo:
521 1. Get dhcp IP to vcpe interface in cord-tester
522 2. Verifying vcpe interface gets dhcp IP
523 3. Ping to www.google.com and Verifying ping should success
524 4. Restoring management interface configuration in cord-tester
525 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]526 host = 'www.google.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]527 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]528 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]529 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]530 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]531 assert_not_equal(vcpe_ip, None)
532 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
533 log.info('Sending icmp ping requests to %s' %host)
534 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]535 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]536 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]537
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]538 def test_vsg_for_external_connectivity_to_invalid_host(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]539 """
540 Algo:
541 1. Get dhcp IP to vcpe interface in cord-tester
542 2. Verifying vcpe interface gets dhcp IP
543 3. Ping to www.goglee.com and Verifying ping should not success
544 4. Restoring management interface configuration in cord-tester
545 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]546 host = 'www.goglee.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]547 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]548 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]549 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]550 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]551 assert_not_equal(vcpe_ip, None)
552 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
553 log.info('Sending icmp ping requests to non existent host %s' %host)
554 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]555 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]556 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]557
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]558 def test_vsg_for_external_connectivity_with_ttl_1(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]559 """
560 Algo:
561 1. Get dhcp IP to vcpe interface in cord-tester
562 2. Verifying vcpe interface gets dhcp IP
563 3. Ping to 8.8.8.8 with ttl set to 1
564 4. Verifying ping should not success
565 5. Restoring management interface configuration in cord-tester
566 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]567 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]568 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]569 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]570 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]571 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]572 assert_not_equal(vcpe_ip, None)
573 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
574 log.info('Sending icmp ping requests to host %s with ttl 1' %host)
575 st, _ = getstatusoutput('ping -c 1 -t 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]576 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]577 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]578
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]579 def test_vsg_for_external_connectivity_with_wan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]580 """
581 Algo:
582 1. Get dhcp IP to vcpe interface in cord-tester
583 2. Verifying vcpe interface gets dhcp IP
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]584 3. Ping to 8.8.8.8 and Verifying ping succeeds
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]585 4. Now down the WAN interface of vcpe
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]586 5. Ping to 8.8.8.8 and Verifying ping fails
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]587 6. Now Up the WAN interface of vcpe
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]588 7. Ping to 8.8.8.8 and Verifying ping succeeds
589 8. Restoring management interface configuration in cord-tester
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]590 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]591 if self.on_podd is False:
592 return
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]593 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]594 mgmt = 'eth0'
595 vcpe = self.vcpe_container
596 assert_not_equal(vcpe, None)
597 assert_not_equal(self.vcpe_dhcp, None)
598 #first get dhcp on the vcpe interface
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]599 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
600 assert_not_equal(vcpe_ip, None)
601 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
602 log.info('Sending ICMP pings to host %s' %(host))
603 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
604 if st != 0:
605 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
606 assert_equal(st, 0)
607 #bring down the wan interface and check again
608 st = VSGAccess.vcpe_wan_down(vcpe)
609 if st is False:
610 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
611 assert_equal(st, True)
612 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
613 if st == 0:
614 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
615 assert_not_equal(st, 0)
616 st = VSGAccess.vcpe_wan_up(vcpe)
617 if st is False:
618 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
619 assert_equal(st, True)
620 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
621 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
622 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]623
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]624 def test_vsg_for_external_connectivity_with_lan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]625 """
626 Algo:
627 1. Get dhcp IP to vcpe interface in cord-tester
628 2. Verifying vcpe interface gets dhcp IP
629 3. Ping to 8.8.8.8 and Verifying ping should success
630 4. Now down the LAN interface of vcpe
631 5. Ping to 8.8.8.8 and Verifying ping should not success
632 6. Now Up the LAN interface of vcpe
633 7. Ping to 8.8.8.8 and Verifying ping should success
634 8. Restoring management interface configuration in cord-tester
635 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]636 if self.on_podd is False:
637 return
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]638 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]639 mgmt = 'eth0'
640 vcpe = self.vcpe_container
641 assert_not_equal(vcpe, None)
642 assert_not_equal(self.vcpe_dhcp, None)
643 #first get dhcp on the vcpe interface
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]644 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
645 assert_not_equal(vcpe_ip, None)
646 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
647 log.info('Sending ICMP pings to host %s' %(host))
648 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
649 if st != 0:
650 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
651 assert_equal(st, 0)
652 #bring down the lan interface and check again
653 st = VSGAccess.vcpe_lan_down(vcpe)
654 if st is False:
655 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
656 assert_equal(st, True)
657 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
658 if st == 0:
659 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
660 assert_not_equal(st, 0)
661 st = VSGAccess.vcpe_lan_up(vcpe)
662 if st is False:
663 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
664 assert_equal(st, True)
665 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
666 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
667 assert_equal(st, 0)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]668
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]669 @deferred(TIMEOUT)
670 def test_vsg_for_external_connectivity_with_vcpe_container_paused(self,vcpe_name=None,vcpe_intf=None):
671 """
672 Algo:
673 1. Get vSG corresponding to vcpe
674 2. Get dhcp ip to vcpe interface
675 3. Add static route to destination route in test container
676 4. From test container ping to destination route and verify ping success
677 5. Login to compute node and execute command to pause vcpe container
678 6. From test container ping to destination route and verify ping success
679 """
680 if not vcpe_name:
681 vcpe_name = self.vcpe_container
682 if not vcpe_intf:
683 vcpe_intf = self.vcpe_dhcp
684 df = defer.Deferred()
685 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]686 if self.on_podd is False:
687 df.callback(0)
688 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]689 host = '8.8.8.8'
690 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
691 try:
692 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
693 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
694 assert_equal(st, False)
695 st, _ = vsg.run_cmd('sudo docker pause {}'.format(vcpe_name))
696 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
697 assert_equal(st, False)
698 finally:
699 vsg.run_cmd('sudo docker unpause'.format(vcpe_name))
700 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
701 df.callback(0)
702 reactor.callLater(0, vcpe_firewall, df)
703 return df
704
705 @deferred(TIMEOUT)
706 def test_vsg_firewall_with_deny_destination_ip(self, vcpe_name=None, vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]707 """
708 Algo:
709 1. Get vSG corresponding to vcpe
710 2. Login to compute node
711 3. Execute iptable command on vcpe from compute node to deny a destination IP
712 4. From cord-tester ping to the denied IP address
713 5. Verifying that ping should not be successful
714 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]715 if not vcpe_name:
716 vcpe_name = self.vcpe_container
717 if not vcpe_intf:
718 vcpe_intf = self.vcpe_dhcp
719 df = defer.Deferred()
720 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]721 if self.on_podd is False:
722 df.callback(0)
723 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]724 host = '8.8.8.8'
725 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
726 try:
727 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
728 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
729 assert_equal(st, False)
730 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
731 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
732 assert_equal(st, True)
733 finally:
734 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
735 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
736 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
737 df.callback(0)
738 reactor.callLater(0, vcpe_firewall, df)
739 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]740
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]741 @deferred(TIMEOUT)
742 def test_vsg_firewall_with_rule_add_and_delete_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]743 """
744 Algo:
745 1. Get vSG corresponding to vcpe
746 2. Login to compute node
747 3. Execute iptable command on vcpe from compute node to deny a destination IP
748 4. From cord-tester ping to the denied IP address
749 5. Verifying that ping should not be successful
750 6. Delete the iptable rule in vcpe
751 7. From cord-tester ping to the denied IP address
752 8. Verifying the ping should success
753 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]754 if not vcpe_name:
755 vcpe_name = self.vcpe_container
756 if not vcpe_intf:
757 vcpe_intf = self.vcpe_dhcp
758 df = defer.Deferred()
759 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]760 if self.on_podd is False:
761 df.callback(0)
762 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]763 host = '8.8.8.8'
764 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
765 try:
766 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
767 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
768 assert_equal(st, False)
769 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
770 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
771 assert_equal(st, True)
772 st,_ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
773 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
774 assert_equal(st, False)
775 finally:
776 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
777 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
778 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
779 df.callback(0)
780 reactor.callLater(0, vcpe_firewall, df)
781 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]782
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]783 @deferred(TIMEOUT)
784 def test_vsg_firewall_verifying_reachability_for_non_blocked_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]785 """
786 Algo:
787 1. Get vSG corresponding to vcpe
788 2. Login to compute node
789 3. Execute iptable command on vcpe from compute node to deny a destination IP
790 4. From cord-tester ping to the denied IP address
791 5. Verifying that ping should not be successful
792 6. From cord-tester ping to the denied IP address other than the denied one
793 7. Verifying the ping should success
794 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]795 if not vcpe_name:
796 vcpe_name = self.vcpe_container
797 if not vcpe_intf:
798 vcpe_intf = self.vcpe_dhcp
799 df = defer.Deferred()
800 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]801 if self.on_podd is False:
802 df.callback(0)
803 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]804 host1 = '8.8.8.8'
805 host2 = '204.79.197.203'
806 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
807 try:
808 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
809 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
810 assert_equal(st, False)
811 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
812 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
813 assert_equal(st, True)
814 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
815 assert_equal(st,False)
816 finally:
817 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
818 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
819 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
820 df.callback(0)
821 reactor.callLater(0, vcpe_firewall, df)
822 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]823
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]824 @deferred(TIMEOUT)
825 def test_vsg_firewall_appending_rules_with_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]826 """
827 Algo:
828 1. Get vSG corresponding to vcpe
829 2. Login to compute node
830 3. Execute iptable command on vcpe from compute node to deny a destination IP1
831 4. From cord-tester ping to the denied IP address IP1
832 5. Verifying that ping should not be successful
833 6. Execute iptable command on vcpe from compute node to deny a destination IP2
834 6. From cord-tester ping to the denied IP address IP2
835 7. Verifying that ping should not be successful
836 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]837 if not vcpe_name:
838 vcpe_name = self.vcpe_container
839 if not vcpe_intf:
840 vcpe_intf = self.vcpe_dhcp
841 df = defer.Deferred()
842 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]843 if self.on_podd is False:
844 df.callback(0)
845 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]846 host1 = '8.8.8.8'
847 host2 = '204.79.197.203'
848 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
849 try:
850 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
851 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
852 assert_equal(st, False)
853 st,_ = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name))
854 time.sleep(2)
855 st,_ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
856 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
857 assert_equal(st, True)
858 st, out = getstatusoutput('ping -c 1 {}'.format(host2))
859 log.info('host2 ping output is %s'%out)
860 assert_equal(st, False)
861 st, _ = vsg.run_cmd('sudo docker exec {} iptables -A FORWARD -d {} -j DROP'.format(vcpe_name,host2))
862 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
863 assert_equal(st,True)
864 finally:
865 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
866 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
867 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
868 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
869 df.callback(0)
870 reactor.callLater(0, vcpe_firewall, df)
871 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]872
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]873 @deferred(TIMEOUT)
874 def test_vsg_firewall_removing_one_rule_denying_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]875 """
876 Algo:
877 1. Get vSG corresponding to vcpe
878 2. Login to compute node
879 3. Execute iptable command on vcpe from compute node to deny a destination IP1
880 4. Execute iptable command on vcpe from compute node to deny a destination IP2
881 5. From cord-tester ping to the denied IP address IP1
882 6. Verifying that ping should not be successful
883 7. From cord-tester ping to the denied IP address IP2
884 8. Verifying that ping should not be successful
885 9. Execute iptable command on vcpe from compute node to remove deny a destination IP2 rule
886 10. From cord-tester ping to the denied IP address IP2
887 11. Verifying the ping should success
888 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]889 if not vcpe_name:
890 vcpe_name = self.vcpe_container
891 if not vcpe_intf:
892 vcpe_intf = self.vcpe_dhcp
893 df = defer.Deferred()
894 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]895 if self.on_podd is False:
896 df.callback(0)
897 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]898 host1 = '8.8.8.8'
899 host2 = '204.79.197.203'
900 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
901 try:
902 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp)
903 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
904 assert_equal(st, False)
905 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
906 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host2))
907 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
908 assert_equal(st, True)
909 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
910 assert_equal(st,True)
911 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
912 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
913 assert_equal(st,False)
914 finally:
915 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
916 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
917 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
918 log.info('restarting vcpe container')
919 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
920 df.callback(0)
921 reactor.callLater(0, vcpe_firewall, df)
922 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]923
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]924 @deferred(TIMEOUT)
925 def test_vsg_firewall_changing_rule_id_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]926 """
927 Algo:
928 1. Get vSG corresponding to vcpe
929 2. Login to compute node
930 3. Execute iptable command on vcpe from compute node to deny a destination IP
931 5. From cord-tester ping to the denied IP address IP1
932 6. Verifying that ping should not be successful
933 9. Execute iptable command on vcpe from compute node to change the rule ID to 2 to deny the same destination IP
934 10. From cord-tester ping to the denied IP address IP
935 11. Verifying that ping should not be successful
936 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]937 if not vcpe_name:
938 vcpe_name = self.vcpe_container
939 if not vcpe_intf:
940 vcpe_intf = self.vcpe_dhcp
941 df = defer.Deferred()
942 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]943 if self.on_podd is False:
944 df.callback(0)
945 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]946 host = '8.8.8.8'
947 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
948 try:
949 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
950 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
951 assert_equal(st, False)
952 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
953 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
954 assert_equal(st, True)
955 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP '.format(vcpe_name,host))
956 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
957 assert_equal(st,True)
958 finally:
959 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
960 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
961 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
962 df.callback(0)
963 reactor.callLater(0, vcpe_firewall, df)
964 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]965
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]966 @deferred(TIMEOUT)
967 def test_vsg_firewall_changing_deny_rule_to_accept_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]968 """
969 Algo:
970 1. Get vSG corresponding to vcpe
971 2. Login to compute node
972 3. Execute iptable command on vcpe from compute node to deny a destination IP
973 5. From cord-tester ping to the denied IP address IP1
974 6. Verifying that ping should not be successful
975 9. Execute iptable command on vcpe from compute node to accept the same destination IP
976 10. From cord-tester ping to the accepted IP
977 11. Verifying the ping should success
978 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]979 if not vcpe_name:
980 vcpe_name = self.vcpe_container
981 if not vcpe_intf:
982 vcpe_intf = self.vcpe_dhcp
983 df = defer.Deferred()
984 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]985 if self.on_podd is False:
986 df.callback(0)
987 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]988 host = '8.8.8.8'
989 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
990 try:
991 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
992 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
993 assert_equal(st, False)
994 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
995 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
996 assert_equal(st, True)
997 st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -d {} -j ACCEPT'.format(vcpe_name,host))
998 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
999 assert_equal(st,False)
1000 finally:
1001 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1002 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j ACCEPT'.format(vcpe_name,host))
1003 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1004 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1005 df.callback(0)
1006 reactor.callLater(0, vcpe_firewall, df)
1007 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1008
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1009 @deferred(TIMEOUT) #Fail
1010 def test_vsg_firewall_denying_destination_network(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1011 """
1012 Algo:
1013 1. Get vSG corresponding to vcpe
1014 2. Login to compute node
1015 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet
1016 4. From cord-tester ping to the denied IP address IP1 in the denied subnet
1017 5. Verifying that ping should not be successful
1018 6. From cord-tester ping to the denied IP address IP2 in the denied subnet
1019 7. Verifying that ping should not be successful
1020 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1021 if not vcpe_name:
1022 vcpe_name = self.vcpe_container
1023 if not vcpe_intf:
1024 vcpe_intf = self.vcpe_dhcp
1025 df = defer.Deferred()
1026 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1027 if self.on_podd is False:
1028 df.callback(0)
1029 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1030 network = '204.79.197.192/28'
1031 host1 = '204.79.197.203'
1032 host2 = '204.79.197.210'
1033 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1034 try:
1035 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp)
1036 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1037 assert_equal(st, False)
1038 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network))
1039 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1040 assert_equal(st, True)
1041 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1042 assert_equal(st,False)
1043 finally:
1044 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network))
1045 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
1046 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1047 df.callback(0)
1048 reactor.callLater(0, vcpe_firewall, df)
1049 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1050
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1051 @deferred(TIMEOUT)
1052 def test_vsg_firewall_denying_destination_network_subnet_modification(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1053 """
1054 Algo:
1055 1. Get vSG corresponding to vcpe
1056 2. Login to compute node
1057 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet
1058 4. From cord-tester ping to the denied IP address IP1 in the denied subnet
1059 5. Verifying that ping should not be successful
1060 6. From cord-tester ping to the denied IP address IP2 in the denied subnet
1061 7. Verifying that ping should not be successful
1062 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1063 if not vcpe_name:
1064 vcpe_name = self.vcpe_container
1065 if not vcpe_intf:
1066 vcpe_intf = self.vcpe_dhcp
1067 df = defer.Deferred()
1068 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1069 if self.on_podd is False:
1070 df.callback(0)
1071 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1072 network1 = '204.79.197.192/28'
1073 network2 = '204.79.197.192/27'
1074 host1 = '204.79.197.203'
1075 host2 = '204.79.197.210'
1076 host3 = '204.79.197.224'
1077 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1078 try:
1079 self.add_static_route_via_vcpe_interface([host1,host2,host3],vcpe=self.vcpe_dhcp)
1080 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1081 assert_equal(st, False)
1082 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network1))
1083 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1084 assert_equal(st, True)
1085 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1086 assert_equal(st,False)
1087 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP'.format(vcpe_name,network2))
1088 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1089 assert_equal(st, True)
1090 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1091 assert_equal(st, True)
1092 st, _ = getstatusoutput('ping -c 1 {}'.format(host3))
1093 assert_equal(st, False)
1094 finally:
1095 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network1))
1096 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network2))
1097 self.del_static_route_via_vcpe_interface([host1,host2,host3],vcpe=vcpe_intf)
1098 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1099 df.callback(0)
1100 reactor.callLater(0, vcpe_firewall, df)
1101 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1102
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1103 @deferred(TIMEOUT)
1104 def test_vsg_firewall_with_deny_source_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1105 """
1106 Algo:
1107 1. Get vSG corresponding to vcpe
1108 2. Login to compute node
1109 3. Execute iptable command on vcpe from compute node to deny a source IP
1110 4. From cord-tester ping to 8.8.8.8 from the denied IP
1111 5. Verifying that ping should not be successful
1112 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1113 if not vcpe_name:
1114 vcpe_name = self.vcpe_container
1115 if not vcpe_intf:
1116 vcpe_intf = self.vcpe_dhcp
1117 df = defer.Deferred()
1118 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1119 if self.on_podd is False:
1120 df.callback(0)
1121 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1122 host = '8.8.8.8'
1123 #source_ip = get_ip(self.vcpe_dhcp)
1124 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1125 try:
1126 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1127 source_ip = get_ip(self.vcpe_dhcp)
1128 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1129 assert_equal(st, False)
1130 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1131 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1132 assert_equal(st, True)
1133 finally:
1134 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1135 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1136 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1137 df.callback(0)
1138 reactor.callLater(0, vcpe_firewall, df)
1139 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1140
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1141 @deferred(TIMEOUT)
1142 def test_vsg_firewall_rule_with_add_and_delete_deny_source_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1143 """
1144 Algo:
1145 1. Get vSG corresponding to vcpe
1146 2. Login to compute node
1147 3. Execute iptable command on vcpe from compute node to deny a source IP
1148 4. From cord-tester ping to 8.8.8.8 from the denied IP
1149 5. Verifying that ping should not be successful
1150 6. Delete the iptable rule in vcpe
1151 7. From cord-tester ping to 8.8.8.8 from the denied IP
1152 8. Verifying the ping should success
1153 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1154 if not vcpe_name:
1155 vcpe_name = self.vcpe_container
1156 if not vcpe_intf:
1157 vcpe_intf = self.vcpe_dhcp
1158 df = defer.Deferred()
1159 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1160 if self.on_podd is False:
1161 df.callback(0)
1162 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1163 host = '8.8.8.8'
1164 source_ip = get_ip(self.vcpe_dhcp)
1165 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1166 try:
1167 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1168 source_ip = get_ip(self.vcpe_dhcp)
1169 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1170 assert_equal(st, False)
1171 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1172 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1173 assert_equal(st, True)
1174 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1175 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1176 assert_equal(st, False)
1177 finally:
1178 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1179 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1180 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1181 df.callback(0)
1182 reactor.callLater(0, vcpe_firewall, df)
1183 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1184
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1185 @deferred(TIMEOUT)
1186 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_requests_type(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1187 """
1188 Algo:
1189 1. Get vSG corresponding to vcpe
1190 2. Login to compute node
1191 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets
1192 4. From cord-tester ping to 8.8.8.8
1193 5. Verifying that ping should not be successful
1194 6. Delete the iptable rule
1195 7. From cord-tester ping to 8.8.8.8
1196 8. Verifying the ping should success
1197 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1198 if not vcpe_name:
1199 vcpe_name = self.vcpe_container
1200 if not vcpe_intf:
1201 vcpe_intf = self.vcpe_dhcp
1202 df = defer.Deferred()
1203 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1204 if self.on_podd is False:
1205 df.callback(0)
1206 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1207 host = '8.8.8.8'
1208 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1209 try:
1210 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1211 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1212 assert_equal(st, False)
1213 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1214 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1215 assert_equal(st, True)
1216 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1217 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1218 assert_equal(st, False)
1219 finally:
1220 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1221 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1222 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1223 df.callback(0)
1224 reactor.callLater(0, vcpe_firewall, df)
1225 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1226
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1227 @deferred(TIMEOUT)
1228 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1229 """
1230 Algo:
1231 1. Get vSG corresponding to vcpe
1232 2. Login to compute node
1233 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets
1234 4. From cord-tester ping to 8.8.8.8
1235 5. Verifying that ping should not be successful
1236 6. Delete the iptable rule
1237 7. From cord-tester ping to 8.8.8.8
1238 8. Verifying the ping should success
1239 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1240 if not vcpe_name:
1241 vcpe_name = self.vcpe_container
1242 if not vcpe_intf:
1243 vcpe_intf = self.vcpe_dhcp
1244 df = defer.Deferred()
1245 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1246 if self.on_podd is False:
1247 df.callback(0)
1248 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1249 host = '8.8.8.8'
1250 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1251 try:
1252 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1253 st, _ = getstatusoutput('ping -c 1 {}'.format('8.8.8.8'))
1254 assert_equal(st, False)
1255 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1256 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1257 assert_equal(st, True)
1258 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1259 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1260 assert_equal(st,False)
1261 finally:
1262 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1263 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1264 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1265 df.callback(0)
1266 reactor.callLater(0, vcpe_firewall, df)
1267 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1268
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1269 @deferred(TIMEOUT)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1270 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_requests_type(self, vcpe_name=None, vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1271 """
1272 Algo:
1273 1. Get vSG corresponding to vcpe
1274 2. Login to compute node
1275 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets
1276 4. From cord-tester ping to 8.8.8.8
1277 5. Verifying that ping should not be successful
1278 6. Insert another rule to accept the icmp-echo requests protocol packets
1279 7. From cord-tester ping to 8.8.8.8
1280 8. Verifying the ping should success
1281 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1282 if not vcpe_name:
1283 vcpe_name = self.vcpe_container
1284 if not vcpe_intf:
1285 vcpe_intf = self.vcpe_dhcp
1286 df = defer.Deferred()
1287 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1288 if self.on_podd is False:
1289 df.callback(0)
1290 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1291 host = '8.8.8.8'
1292 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1293 try:
1294 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1295 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1296 assert_equal(st, False)
1297 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1298 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1299 assert_equal(st, True)
1300 st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name))
1301 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1302 assert_equal(st,False)
1303 finally:
1304 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1305 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name))
1306 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1307 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1308 df.callback(0)
1309 reactor.callLater(0, vcpe_firewall, df)
1310 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1311
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1312 @deferred(TIMEOUT)
1313 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None):
1314 """
1315 Algo:
1316 1. Get vSG corresponding to vcpe
1317 2. Login to compute node
1318 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets
1319 4. From cord-tester ping to 8.8.8.8
1320 5. Verifying the ping should not success
1321 6. Insert another rule to accept the icmp-echo requests protocol packets
1322 7. From cord-tester ping to 8.8.8.8
1323 8. Verifying the ping should success
1324 """
1325 if not vcpe_name:
1326 vcpe_name = self.vcpe_container
1327 if not vcpe_intf:
1328 vcpe_intf = self.vcpe_dhcp
1329 df = defer.Deferred()
1330 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1331 if self.on_podd is False:
1332 df.callback(0)
1333 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1334 host = '8.8.8.8'
1335 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1336 try:
1337 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1338 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1339 assert_equal(st, False)
1340 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1341 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1342 assert_equal(st, True)
1343 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name))
1344 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1345 assert_equal(st,False)
1346 finally:
1347 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1348 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name))
1349 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1350 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1351 df.callback(0)
1352 reactor.callLater(0, vcpe_firewall, df)
1353 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1354
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1355 @deferred(TIMEOUT)
1356 def test_vsg_firewall_for_deny_icmp_protocol(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1357 """
1358 Algo:
1359 1. Get vSG corresponding to vcpe
1360 2. Login to compute node
1361 3. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1362 4. From cord-tester ping to 8.8.8.8
1363 5. Verifying that ping should not be successful
1364 6. Delete the iptable rule
1365 7. From cord-tester ping to 8.8.8.8
1366 8. Verifying the ping should success
1367 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1368 if not vcpe_name:
1369 vcpe_name = self.vcpe_container
1370 if not vcpe_intf:
1371 vcpe_intf = self.vcpe_dhcp
1372 df = defer.Deferred()
1373 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1374 if self.on_podd is False:
1375 df.callback(0)
1376 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1377 host = '8.8.8.8'
1378 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1379 try:
1380 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1381 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1382 assert_equal(st, False)
1383 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1384 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1385 assert_equal(st, True)
1386 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1387 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1388 assert_equal(st,False)
1389 finally:
1390 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1391 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1392 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1393 df.callback(0)
1394 reactor.callLater(0, vcpe_firewall, df)
1395 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1396
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1397 @deferred(TIMEOUT)
1398 def test_vsg_firewall_rule_deny_icmp_protocol_and_destination_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1399 """
1400 Algo:
1401 1. Get vSG corresponding to vcpe
1402 2. Login to compute node
1403 3. Execute iptable command on vcpe from compute node to deny a destination IP
1404 4. From cord-tester ping to 8.8.8.8
1405 5. Verifying that ping should not be successful
1406 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1407 7. From cord-tester ping to 8.8.8.8
1408 8. Verifying the ping should success
1409 9. Delete the rule added in step 3
1410 10. From cord-tester ping to 8.8.8.8
1411 11. Verifying that ping should not be successful
1412 12. Delete the rule added in step 6
1413 13. From cord-tester ping to 8.8.8.8
1414 14. Verifying the ping should success
1415 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1416 if not vcpe_name:
1417 vcpe_name = self.vcpe_container
1418 if not vcpe_intf:
1419 vcpe_intf = self.vcpe_dhcp
1420 df = defer.Deferred()
1421 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1422 if self.on_podd is False:
1423 df.callback(0)
1424 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1425 host = '8.8.8.8'
1426 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1427 try:
1428 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1429 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1430 assert_equal(st, False)
1431 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1432 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1433 assert_equal(st, True)
1434 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1435 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1436 assert_equal(st, True)
1437 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1438 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1439 assert_equal(st, True)
1440 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1441 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1442 assert_equal(st,False)
1443 finally:
1444 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1445 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1446 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1447 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1448 df.callback(0)
1449 reactor.callLater(0, vcpe_firewall, df)
1450 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1451
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1452 @deferred(TIMEOUT) #Fail
1453 def test_vsg_firewall_flushing_all_configured_rules(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1454 """
1455 Algo:
1456 1. Get vSG corresponding to vcpe
1457 2. Login to compute node
1458 3. Execute iptable command on vcpe from compute node to deny a destination IP
1459 4. From cord-tester ping to 8.8.8.8
1460 5. Verifying that ping should not be successful
1461 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1462 7. From cord-tester ping to 8.8.8.8
1463 8. Verifying the ping should success
1464 9. Flush all the iptable rules configuraed in vcpe
1465 10. Delete the rule added in step 6
1466 11. From cord-tester ping to 8.8.8.8
1467 12. Verifying the ping should success
1468 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1469 if not vcpe_name:
1470 vcpe_name = self.vcpe_container
1471 if not vcpe_intf:
1472 vcpe_intf = self.vcpe_dhcp
1473 df = defer.Deferred()
1474 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1475 if self.on_podd is False:
1476 df.callback(0)
1477 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1478 host = '8.8.8.8'
1479 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1480 try:
1481 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1482 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1483 assert_equal(st, False)
1484 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1485 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1486 assert_equal(st, True)
1487 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1488 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1489 assert_equal(st, True)
1490 st,output = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name))
1491 time.sleep(1)
1492 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1493 assert_equal(st, False)
1494 finally:
1495 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1496 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1497 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1498 df.callback(0)
1499 reactor.callLater(0, vcpe_firewall, df)
1500 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1501
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1502 @deferred(TIMEOUT)
1503 def test_vsg_firewall_deny_all_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1504 """
1505 Algo:
1506 1. Get vSG corresponding to vcpe
1507 2. Login to compute node
1508 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic
1509 4. From cord-tester ping to 8.8.8.8
1510 5. Verifying that ping should not be successful
1511 6. Delete the iptable rule added
1512 7. From cord-tester ping to 8.8.8.8
1513 8. Verifying the ping should success
1514 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1515 if not vcpe_name:
1516 vcpe_name = self.vcpe_container
1517 if not vcpe_intf:
1518 vcpe_intf = self.vcpe_dhcp
1519 df = defer.Deferred()
1520 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1521 if self.on_podd is False:
1522 df.callback(0)
1523 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1524 host = '8.8.8.8'
1525 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1526 try:
1527 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1528 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1529 assert_equal(st, False)
1530 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1531 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1532 assert_equal(st, True)
1533 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1534 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1535 assert_equal(st, False)
1536 finally:
1537 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1538 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1539 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1540 df.callback(0)
1541 reactor.callLater(0, vcpe_firewall, df)
1542 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1543
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1544 @deferred(TIMEOUT)
1545 def test_vsg_firewall_replacing_deny_rule_to_accept_rule_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1546 """
1547 Algo:
1548 1. Get vSG corresponding to vcpe
1549 2. Login to compute node
1550 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic
1551 4. From cord-tester ping to 8.8.8.8
1552 5. Verifying that ping should not be successful
1553 6. Replace the deny rule added in step 3 with accept rule
1554 7. From cord-tester ping to 8.8.8.8
1555 8. Verifying the ping should success
1556 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1557 if not vcpe_name:
1558 vcpe_name = self.vcpe_container
1559 if not vcpe_intf:
1560 vcpe_intf = self.vcpe_dhcp
1561 df = defer.Deferred()
1562 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1563 if self.on_podd is False:
1564 df.callback(0)
1565 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1566 host = '8.8.8.8'
1567 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1568 try:
1569 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1570 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1571 assert_equal(st, False)
1572 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1573 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1574 assert_equal(st, True)
1575 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -4 -j ACCEPT'.format(vcpe_name))
1576 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1577 assert_equal(st, False)
1578 finally:
1579 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1580 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1581 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1582 df.callback(0)
1583 reactor.callLater(0, vcpe_firewall, df)
1584 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1585
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1586 @deferred(TIMEOUT)
1587 def test_vsg_firewall_deny_all_traffic_coming_on_lan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
1588 """
1589 Algo:
1590 1. Get vSG corresponding to vcpe
1591 2. Login to compute node
1592 3. Execute iptable command on vcpe from compute node to deny all the traffic coming on lan interface inside vcpe container
1593 4. From cord-tester ping to 8.8.8.8
1594 5. Verifying the ping should not success
1595 6. Delete the iptable rule added
1596 7. From cord-tester ping to 8.8.8.8
1597 8. Verifying the ping should success
1598 """
1599 if not vcpe_name:
1600 vcpe_name = self.vcpe_container
1601 if not vcpe_intf:
1602 vcpe_intf = self.vcpe_dhcp
1603 df = defer.Deferred()
1604 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1605 if self.on_podd is False:
1606 df.callback(0)
1607 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1608 host = '8.8.8.8'
1609 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1610 try:
1611 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1612 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1613 assert_equal(st, False)
1614 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -j DROP'.format(vcpe_name))
1615 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1616 assert_equal(st, True)
1617 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name))
1618 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1619 assert_equal(st, False)
1620 finally:
1621 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name))
1622 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1623 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1624 df.callback(0)
1625 reactor.callLater(0, vcpe_firewall, df)
1626 return df
1627
1628 @deferred(TIMEOUT)
1629 def test_vsg_firewall_deny_all_traffic_going_out_of_wan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
1630 """
1631 Algo:
1632 1. Get vSG corresponding to vcpe
1633 2. Login to compute node
1634 3. Execute iptable command on vcpe from compute node to deny all the traffic going out of wan interface inside vcpe container
1635 4. From cord-tester ping to 8.8.8.8
1636 5. Verifying the ping should not success
1637 6. Delete the iptable rule added
1638 7. From cord-tester ping to 8.8.8.8
1639 8. Verifying the ping should success
1640 """
1641 if not vcpe_name:
1642 vcpe_name = self.vcpe_container
1643 if not vcpe_intf:
1644 vcpe_intf = self.vcpe_dhcp
1645 df = defer.Deferred()
1646 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1647 if self.on_podd is False:
1648 df.callback(0)
1649 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1650 host = '8.8.8.8'
1651 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1652 try:
1653 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1654 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1655 assert_equal(st, False)
1656 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -o eth0 -j DROP'.format(vcpe_name))
1657 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1658 assert_equal(st, True)
1659 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name))
1660 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1661 assert_equal(st, False)
1662 finally:
1663 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name))
1664 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1665 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1666 df.callback(0)
1667 reactor.callLater(0, vcpe_firewall, df)
1668 return df
1669
1670 @deferred(TIMEOUT)
1671 def test_vsg_firewall_deny_all_traffic_from_lan_to_wan_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1672 """
1673 Algo:
1674 1. Get vSG corresponding to vcpe
1675 2. Login to compute node
1676 3. Execute iptable command on vcpe from compute node to deny all the traffic from lan to wan interface in vcpe
1677 4. From cord-tester ping to 8.8.8.8
1678 5. Verifying that ping should not be successful
1679 6. Delete the iptable rule added
1680 7. From cord-tester ping to 8.8.8.8
1681 8. Verifying the ping should success
1682 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1683 if not vcpe_name:
1684 vcpe_name = self.vcpe_container
1685 if not vcpe_intf:
1686 vcpe_intf = self.vcpe_dhcp
1687 df = defer.Deferred()
1688 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1689 if self.on_podd is False:
1690 df.callback(0)
1691 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1692 host = '8.8.8.8'
1693 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1694 try:
1695 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1696 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1697 assert_equal(st, False)
1698 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1699 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1700 assert_equal(st, True)
1701 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1702 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1703 assert_equal(st, False)
1704 finally:
1705 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1706 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1707 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1708 df.callback(0)
1709 reactor.callLater(0, vcpe_firewall, df)
1710 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1711
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1712
1713 #this test case needs modification.default route should be vcpe interface to run this test case
1714 @deferred(TIMEOUT)
1715 def test_vsg_firewall_deny_all_dns_traffic(self,vcpe_name=None,vcpe_intf=None):
1716 """
1717 Algo:
1718 1. Get vSG corresponding to vcpe
1719 2. Login to compute node
1720 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1721 4. From cord-tester ping to www.google.com
1722 5. Verifying the ping should not success
1723 6. Delete the iptable rule added
1724 7. From cord-tester ping to www.google.com
1725 8. Verifying the ping should success
1726 """
1727 if not vcpe_name:
1728 vcpe_name = self.vcpe_container
1729 if not vcpe_intf:
1730 vcpe_intf = self.vcpe_dhcp
1731 df = defer.Deferred()
1732 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1733 if self.on_podd is False:
1734 df.callback(0)
1735 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1736 host = 'www.msn.com'
1737 host_ip = '131.253.33.203'
1738 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1739 try:
1740 self.add_static_route_via_vcpe_interface([host_ip],vcpe=self.vcpe_dhcp)
1741 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1742 assert_equal(st, False)
1743 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name))
1744 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1745 assert_equal(st, True)
1746 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p udp --dport 53 -j ACCEPT'.format(vcpe_name))
1747 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1748 assert_equal(st, False)
1749 finally:
1750 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name))
1751 self.del_static_route_via_vcpe_interface([host_ip],vcpe=vcpe_intf)
1752 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1753 df.callback(0)
1754 reactor.callLater(0, vcpe_firewall, df)
1755 return df
1756
1757 @deferred(TIMEOUT)
1758 def test_vsg_firewall_deny_all_ipv4_traffic_vcpe_container_restart(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1759 """
1760 Algo:
1761 1. Get vSG corresponding to vcpe
1762 2. Login to compute node
1763 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1764 4. From cord-tester ping to www.google.com
1765 5. Verifying that ping should not be successful
1766 6. Delete the iptable rule added
1767 7. From cord-tester ping to www.google.com
1768 8. Verifying the ping should success
1769 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1770 if not vcpe_name:
1771 vcpe_name = self.vcpe_container
1772 if not vcpe_intf:
1773 vcpe_intf = self.vcpe_dhcp
1774 df = defer.Deferred()
1775 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1776 if self.on_podd is False:
1777 df.callback(0)
1778 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1779 host = '8.8.8.8'
1780 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1781 try:
1782 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1783 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1784 assert_equal(st, False)
1785 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1786 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1787 assert_equal(st, True)
1788 st,output = vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1789 time.sleep(3)
1790 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1791 assert_equal(st, False)
1792 finally:
1793 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1794 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1795 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1796 df.callback(0)
1797 reactor.callLater(0, vcpe_firewall, df)
1798 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1799
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1800 @deferred(TIMEOUT)
1801 def test_vsg_dnat_modifying_destination_ip(self,vcpe_name=None,vcpe_intf=None):
1802 """
1803 Algo:
1804 1. Get vSG corresponding to vcpe
1805 2. Login to compute node
1806 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1807 4. From cord-tester ping to www.google.com
1808 5. Verifying the ping should not success
1809 6. Delete the iptable rule added
1810 7. From cord-tester ping to www.google.com
1811 8. Verifying the ping should success
1812 """
1813 if not vcpe_name:
1814 vcpe_name = self.vcpe_container
1815 if not vcpe_intf:
1816 vcpe_intf = self.vcpe_dhcp
1817 df = defer.Deferred()
1818 def vcpe_firewall(df):
1819 host = '8.8.8.8'
1820 dst_ip = '123.123.123.123'
1821 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1822 try:
1823 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1824 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1825 assert_equal(st, False)
1826 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1827 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1828 assert_equal(st, True)
1829 finally:
1830 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1831 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1832 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1833 df.callback(0)
1834 reactor.callLater(0,vcpe_firewall,df)
1835 return df
1836
1837 @deferred(TIMEOUT)
1838 def test_vsg_dnat_modifying_destination_ip_and_delete(self,vcpe_name=None,vcpe_intf=None):
1839 """
1840 Algo:
1841 1. Get vSG corresponding to vcpe
1842 2. Login to compute node
1843 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1844 4. From cord-tester ping to www.google.com
1845 5. Verifying the ping should not success
1846 6. Delete the iptable rule added
1847 7. From cord-tester ping to www.google.com
1848 8. Verifying the ping should success
1849 """
1850 if not vcpe_name:
1851 vcpe_name = self.vcpe_container
1852 if not vcpe_intf:
1853 vcpe_intf = self.vcpe_dhcp
1854 df = defer.Deferred()
1855 def vcpe_firewall(df):
1856 host = '8.8.8.8'
1857 dst_ip = '123.123.123.123'
1858 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1859 try:
1860 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1861 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1862 assert_equal(st, False)
1863 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1864 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1865 assert_equal(st, True)
1866 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1867 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1868 assert_equal(st, False)
1869 finally:
1870 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1871 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1872 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1873 df.callback(0)
1874 reactor.callLater(0,vcpe_firewall,df)
1875 return df
1876
1877 @deferred(TIMEOUT)
1878 def test_vsg_dnat_change_modifying_destination_ip_address(self,vcpe_name=None,vcpe_intf=None):
1879 """
1880 Algo:
1881 1. Get vSG corresponding to vcpe
1882 2. Login to compute node
1883 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1884 4. From cord-tester ping to www.google.com
1885 5. Verifying the ping should not success
1886 6. Delete the iptable rule added
1887 7. From cord-tester ping to www.google.com
1888 8. Verifying the ping should success
1889 """
1890 if not vcpe_name:
1891 vcpe_name = self.vcpe_container
1892 if not vcpe_intf:
1893 vcpe_intf = self.vcpe_dhcp
1894 df = defer.Deferred()
1895 def vcpe_firewall(df):
1896 host = '8.8.8.8'
1897 dst_ip = '123.123.123.123'
1898 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1899 try:
1900 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1901 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1902 assert_equal(st, False)
1903 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1904 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1905 assert_equal(st, True)
1906 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -R PREROUTING 1 -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,host))
1907 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1908 assert_equal(st, False)
1909 finally:
1910 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1911 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,host))
1912 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1913 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1914 df.callback(0)
1915 reactor.callLater(0,vcpe_firewall,df)
1916 return df
1917
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]1918 def vsg_xos_subscriber_create(self, index):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1919 if self.on_podd is False:
1920 return
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]1921 subscriber_info = self.subscriber_info[index]
1922 volt_subscriber_info = self.volt_subscriber_info[index]
1923 log.info('Creating tenant with s_tag: %s, c_tag: %s' %(volt_subscriber_info['voltTenant']['s_tag'],
1924 volt_subscriber_info['voltTenant']['c_tag']))
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]1925 result = self.restApiXos.ApiPost('TENANT_SUBSCRIBER', subscriber_info)
1926 assert_equal(result, True)
1927 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
1928 assert_not_equal(result, None)
1929 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
1930 assert_not_equal(subId, '0')
1931 log.info('Subscriber ID for account num %d = %s' %(volt_subscriber_info['account_num'], subId))
1932 volt_tenant = volt_subscriber_info['voltTenant']
1933 #update the subscriber id in the tenant info before making the rest
1934 volt_tenant['subscriber'] = subId
1935 result = self.restApiXos.ApiPost('TENANT_VOLT', volt_tenant)
1936 assert_equal(result, True)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]1937 delay = 350
1938 log.info('Delaying %d seconds for the VCPE to be provisioned' %(delay))
1939 time.sleep(delay)
1940 log.info('Testing for external connectivity to VCPE %s' %(self.dhcp_vcpes[index]))
1941 self.vsg_for_external_connectivity(index)
1942
1943 def test_vsg_xos_subscriber(self):
1944 self.vsg_xos_subscriber_create(0)
1945
1946 def test_vsg_xos_subscriber_2(self):
1947 self.vsg_xos_subscriber_create(1)
1948
1949 def test_vsg_xos_subscriber_3(self):
1950 self.vsg_xos_subscriber_create(2)
1951
1952 def test_vsg_xos_subscriber_4(self):
1953 self.vsg_xos_subscriber_create(3)
1954
1955 def test_vsg_xos_subscriber_5(self):
1956 self.vsg_xos_subscriber_create(4)
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]1957
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]1958 def test_vsg_for_dns_service(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1959 """
1960 Algo:
1961 1. Create a test client in Prod VM
1962 2. Create a vCPE container in vSG VM inside compute Node
1963 3. Ensure vSG VM and vCPE container created properly
1964 4. Enable dns service in vCPE ( if not by default )
1965 5. Send ping request from test client to valid domain address say, 'www.google'com
1966 6. Verify that dns should resolve ping should success
1967 7. Now send ping request to invalid domain address say 'www.invalidaddress'.com'
1968 8. Verify that dns resolve should fail and hence ping
1969 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1970
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1971 def test_vsg_for_10_subscribers_for_same_service(self):
1972 """
1973 Algo:
1974 1.Create a vSG VM in compute node
1975 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
1976 3.Ensure vSG VM and vCPE container created properly
1977 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to valid external public IP
1978 5.Verify that ping success for all 10 subscribers
1979 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1980
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1981 def test_vsg_for_10_subscribers_for_same_service_ping_invalid_ip(self):
1982 """
1983 Algo:
1984 1.Create a vSG VM in compute Node
1985 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
1986 3.Ensure vSG VM and vCPE container created properly
1987 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to invalid IP
1988 5.Verify that ping fails for all 10 subscribers
1989 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1990
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1991 def test_vsg_for_10_subscribers_for_same_service_ping_valid_and_invalid_ip(self):
1992 """
1993 Algo:
1994 1.Create a vSG VM in VM
1995 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
1996 3.Ensure vSG VM and vCPE container created properly
1997 4.From first 5 subscribers, with same s-tag and different c-tag, send a ping to valid IP
1998 5.Verify that ping success for all 5 subscribers
1999 6.From next 5 subscribers, with same s-tag and different c-tag, send a ping to invalid IP
2000 7.Verify that ping fails for all 5 subscribers
2001 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2002
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2003 def test_vsg_for_100_subscribers_for_same_service(self):
2004 """
2005 Algo:
2006 1.Create a vSG VM in compute node
2007 2.Create 100 vCPE containers for 100 subscribers, in vSG VM
2008 3.Ensure vSG VM and vCPE container created properly
2009 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to valid external public IP
2010 5.Verify that ping success for all 100 subscribers
2011 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2012
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2013 def test_vsg_for_100_subscribers_for_same_service_ping_invalid_ip(self):
2014 """
2015 Algo:
2016 1.Create a vSG VM in compute Node
2017 2.Create 10 vCPE containers for 100 subscribers, in vSG VM
2018 3.Ensure vSG VM and vCPE container created properly
2019 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to invalid IP
2020 5.Verify that ping fails for all 100 subscribers
2021 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2022
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2023 def test_vsg_for_100_subscribers_for_same_service_ping_valid_and_invalid_ip(self):
2024 """
2025 Algo:
2026 1.Create a vSG VM in VM
2027 2.Create 10 vCPE containers for 100 subscribers, in vSG VM
2028 3.Ensure vSG VM and vCPE container created properly
2029 4.From first 5 subscribers, with same s-tag and different c-tag, send a ping to valid IP
2030 5.Verify that ping success for all 5 subscribers
2031 6.From next 5 subscribers, with same s-tag and different c-tag, send a ping to invalid IP
2032 7.Verify that ping fails for all 5 subscribers
2033 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2034
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2035 def test_vsg_for_packet_received_with_invalid_ip_fields(self):
2036 """
2037 Algo:
2038 1.Create a vSG VM in compute node
2039 2.Create a vCPE container in vSG VM
2040 3.Ensure vSG VM and vCPE container created properly
2041 4.From subscriber, send a ping packet with invalid ip fields
2042 5.Verify that vSG drops the packet
2043 6.Verify ping fails
2044 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2045
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2046 def test_vsg_for_packet_received_with_invalid_mac_fields(self):
2047 """
2048 Algo:
2049 1.Create a vSG VM in compute node
2050 2.Create a vCPE container in vSG VM
2051 3.Ensure vSG VM and vCPE container created properly
2052 4.From subscriber, send a ping packet with invalid mac fields
2053 5.Verify that vSG drops the packet
2054 6.Verify ping fails
2055 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2056
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2057 def test_vsg_for_vlan_id_mismatch_in_stag(self):
2058 """
2059 Algo:
2060 1.Create a vSG VM in compute Node
2061 2.Create a vCPE container in vSG VM
2062 3.Ensure vSG VM and vCPE container created properly
2063 4.Send a ping request to external valid IP from subscriber, with incorrect vlan id in s-tag and valid c-tag
2064 5.Verify that ping fails as the packet drops at VM entry
2065 6.Repeat step 4 with correct s-tag
2066 7.Verify that ping success
2067 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2068
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2069 def test_vsg_for_vlan_id_mismatch_in_ctag(self):
2070 """
2071 Algo:
2072 1.Create a vSG VM in compute node
2073 2.Create a vCPE container in vSG VM
2074 3.Ensure vSG VM and vCPE container created properly
2075 4.Send a ping request to external valid IP from subscriber, with valid s-tag and incorrect vlan id in c-tag
2076 5.Verify that ping fails as the packet drops at vCPE container entry
2077 6.Repeat step 4 with valid s-tag and c-tag
2078 7.Verify that ping success
2079 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2080
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2081 def test_vsg_for_matching_and_mismatching_vlan_id_in_stag(self):
2082 """
2083 Algo:
2084 1.Create two vSG VMs in compute node
2085 2.Create a vCPE container in each vSG VM
2086 3.Ensure vSG VM and vCPE container created properly
2087 4.From subscriber one, send ping request with valid s and c tags
2088 5.From subscriber two, send ping request with vlan id mismatch in s-tag and valid c tags
2089 6.Verify that ping success for only subscriber one and fails for two.
2090 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2091
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2092 def test_vsg_for_matching_and_mismatching_vlan_id_in_ctag(self):
2093 """
2094 Algo:
2095 1.Create a vSG VM in compute node
2096 2.Create two vCPE containers in vSG VM
2097 3.Ensure vSG VM and vCPE container created properly
2098 4.From subscriber one, send ping request with valid s and c tags
2099 5.From subscriber two, send ping request with valid s-tag and vlan id mismatch in c-tag
2100 6.Verify that ping success for only subscriber one and fails for two
2101 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2102
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2103 def test_vsg_for_out_of_range_vlanid_in_ctag(self):
2104 """
2105 Algo:
2106 1.Create a vSG VM in compute node
2107 2.Create a vCPE container in vSG VM
2108 3.Ensure vSG VM and vCPE container created properly
2109 4.From subscriber, send ping request with valid stag and vlan id in c-tag is an out of range value ( like 0,4097 )
2110 4.Verify that ping fails as the ping packets drops at vCPE container entry
2111 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2112
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2113 def test_vsg_for_out_of_range_vlanid_in_stag(self):
2114 """
2115 Algo:
2116 1.Create a vSG VM in compute node
2117 2.Create a vCPE container in vSG VM
2118 3.Ensure vSG VM and vCPE container created properly
2119 2.From subscriber, send ping request with vlan id in s-tag is an out of range value ( like 0,4097 ), with valid c-tag
2120 4.Verify that ping fails as the ping packets drops at vSG VM entry
2121 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2122
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2123 def test_vsg_without_creating_vcpe_instance(self):
2124 """
2125 Algo:
2126 1.Create a vSG VM in compute Node
2127 2.Ensure vSG VM created properly
2128 3.Do not create vCPE container inside vSG VM
2129 4.From a subscriber, send ping to external valid IP
2130 5.Verify that ping fails as the ping packet drops at vSG VM entry itself.
2131 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2132
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2133 def test_vsg_for_remove_vcpe_instance(self):
2134 """
2135 Algo:
2136 1.Create a vSG VM in compute node
2137 2.Create a vCPE container in vSG VM
2138 3.Ensure vSG VM and vCPE container created properly
2139 4.From subscriber, send ping request with valid s-tag and c-tag
2140 5.Verify that ping success
2141 6.Verify ping success flows in OvS switch in compute node
2142 7.Now remove the vCPE container in vSG VM
2143 8.Ensure that the container removed properly
2144 9.Repeat step 4
2145 10.Verify that now, ping fails
2146 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2147
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2148 def test_vsg_for_restart_vcpe_instance(self):
2149 """
2150 Algo:
2151 1.Create a vSG VM in compute node
2152 2.Create a vCPE container in vSG VM
2153 3.Ensure vSG VM and vCPE container created properly
2154 4.From subscriber, send ping request with valid s-tag and c-tag
2155 5.Verify that ping success
2156 6.Verify ping success flows in OvS switch in compute node
2157 7.Now restart the vCPE container in vSG VM
2158 8.Ensure that the container came up after restart
2159 9.Repeat step 4
2160 10.Verify that now,ping gets success and flows added in OvS
2161 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2162
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2163 def test_vsg_for_restart_vsg_vm(self):
2164 """
2165 Algo:
2166 1.Create a vSG VM in compute node
2167 2.Create a vCPE container in vSG VM
2168 3.Ensure vSG VM and vCPE container created properly
2169 4.From subscriber, send ping request with valid s-tag and c-tag
2170 5.Verify that ping success
2171 6.Verify ping success flows in OvS switch in compute node
2172 7.Now restart the vSG VM
2173 8.Ensure that the vSG comes up properly after restart
2174 9.Verify that vCPE container comes up after vSG restart
2175 10.Repeat step 4
2176 11.Verify that now,ping gets success and flows added in OvS
2177 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2178
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2179 def test_vsg_for_pause_vcpe_instance(self):
2180 """
2181 Algo:
2182 1.Create a vSG VM in compute node
2183 2.Create a vCPE container in vSG VM
2184 3.Ensure vSG VM and vCPE container created properly
2185 4.From subscriber, send ping request with valid s-tag and c-tag
2186 5.Verify that ping success
2187 6.Verify ping success flows in OvS switch in compute node
2188 7.Now pause vCPE container in vSG VM for a while
2189 8.Ensure that the container state is pause
2190 9.Repeat step 4
2191 10.Verify that now,ping fails now and verify flows in OvS
2192 11.Now resume the container
2193 12.Now repeat step 4 again
2194 13.Verify that now, ping gets success
2195 14.Verify ping success flows in OvS
2196 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2197
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2198 def test_vsg_for_extract_all_compute_stats_from_all_vcpe_containers(self):
2199 """
2200 Algo:
2201 1.Create a vSG VM in compute node
2202 2.Create 10 vCPE containers in VM
2203 3.Ensure vSG VM and vCPE containers created properly
2204 4.Login to all vCPE containers
2205 4.Get all compute stats from all vCPE containers
2206 5.Verify the stats # verification method need to add
2207 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2208
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2209 def test_vsg_for_extract_dns_stats_from_all_vcpe_containers(self):
2210 """
2211 Algo:
2212 1.Create a vSG VM in compute node
2213 2.Create 10 vCPE containers in VM
2214 3.Ensure vSG VM and vCPE containers created properly
2215 4.From 10 subscribers, send ping to valid and invalid dns hosts
2216 5.Verify dns resolves and ping success for valid dns hosts
2217 6.Verify ping fails for invalid dns hosts
2218 7.Verify dns host name resolve flows in OvS
2219 8.Login to all 10 vCPE containers
2220 9.Extract all dns stats
2221 10.Verify dns stats for queries sent, queries received for dns host resolve success and failed scenarios
2222 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2223
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2224 def test_vsg_for_subscriber_access_two_vsg_services(self):
2225 """
2226 # Intention is to verify if subscriber can reach internet via two vSG VMs
2227 Algo:
2228 1.Create two vSG VMs for two services in compute node
2229 2.Create one vCPE container in each VM for one subscriber
2230 3.Ensure VMs and containers created properly
2231 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2232 5.Verify ping gets success
2233 6.Verify ping success flows in OvS
2234 7.Now repeat step 4 with stag corresponds to vSG-2 VM
2235 8.Verify that ping again success
2236 9.Verify ping success flows in OvS
2237 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2238
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2239 def test_vsg_for_subscriber_access_service2_if_service1_goes_down(self):
2240 """
2241 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
2242 Algo:
2243 1.Create two vSG VMs for two services in compute node
2244 2.Create one vCPE container in each VM for one subscriber
2245 3.Ensure VMs and containers created properly
2246 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2247 5.Verify ping gets success
2248 6.Verify ping success flows in OvS
2249 7.Down the vSG-1 VM
2250 8.Now repeat step 4
2251 9.Verify that ping fails as vSG-1 is down
2252 10.Repeat step 4 with stag corresponding to vSG-2
2253 9.Verify ping success and flows added in OvS
2254 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2255
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2256 def test_vsg_for_subscriber_access_service2_if_service1_goes_restart(self):
2257 """
2258 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
2259 Algo:
2260 1.Create two vSG VMs for two services in compute node
2261 2.Create one vCPE container in each VM for one subscriber
2262 3.Ensure VMs and containers created properly
2263 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2264 5.Verify ping gets success
2265 6.Verify ping success flows added in OvS
2266 7.Now restart vSG-1 VM
2267 8.Now repeat step 4 while vSG-1 VM restarts
2268 9.Verify that ping fails as vSG-1 is restarting
2269 10.Repeat step 4 with stag corresponding to vSG-2 while vSG-1 VM restarts
2270 11.Verify ping success and flows added in OvS
2271 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2272
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2273 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_goes_down(self):
2274 """
2275 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
2276 Algo:
2277 1.Create a vSG VM in compute node
2278 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2279 3.Ensure VM and containers created properly
2280 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2281 5.Verify ping gets success
2282 6.Verify ping success flows added in OvS
2283 7.Now stop vCPE-1 container
2284 8.Now repeat step 4
2285 9.Verify that ping fails as vCPE-1 container is down
2286 10.Repeat step 4 with ctag corresponding to vCPE-2 container
2287 11.Verify ping success and flows added in OvS
2288 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2289
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2290 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_restart(self):
2291 """
2292 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
2293 Algo:
2294 1.Create a vSG VM in compute node
2295 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2296 3.Ensure VM and containers created properly
2297 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2298 5.Verify ping gets success
2299 6.Verify ping success flows added in OvS
2300 7.Now restart vCPE-1 container
2301 8.Now repeat step 4 while vCPE-1 restarts
2302 9.Verify that ping fails as vCPE-1 container is restarts
2303 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 restarts
2304 11..Verify ping success and flows added in OvS
2305 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2306
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2307 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_pause(self):
2308 """
2309 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 paused
2310 Algo:
2311 1.Create a vSG VM in compute node
2312 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2313 3.Ensure VM and containers created properly
2314 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2315 5.Verify ping gets success
2316 6.Verify ping success flows added in OvS
2317 7.Now pause vCPE-1 container
2318 8.Now repeat step 4 while vCPE-1 in pause state
2319 9.Verify that ping fails as vCPE-1 container in pause state
2320 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 in pause state
2321 11.Verify ping success and flows added in OvS
2322 """
2323 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_removed(self):
2324 """
2325 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 removed
2326 Algo:
2327 1.Create a vSG VM in compute node
2328 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2329 3.Ensure VM and containers created properly
2330 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2331 5.Verify ping gets success
2332 6.Verify ping success flows added in OvS
2333 7.Now remove vCPE-1 container
2334 8.Now repeat step 4
2335 9.Verify that ping fails as vCPE-1 container removed
2336 10.Repeat step 4 with ctag corresponding to vCPE-2 container
2337 11.Verify ping success and flows added in OvS
2338 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2339
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2340 def test_vsg_for_vcpe_instance_removed_and_added_again(self):
2341 """
2342 Algo:
2343 1.Create a vSG VM in compute node
2344 2.Create a vCPE container in vSG VM
2345 3.Ensure VM and containers created properly
2346 4.From subscriber end, send ping to public IP
2347 5.Verify ping gets success
2348 6.Verify ping success flows added in OvS
2349 7.Now remove vCPE container in vSG VM
2350 8.Now repeat step 4
2351 9.Verify that ping fails as vCPE container removed
2352 10.Create the vCPE container again for the same subscriber
2353 11.Ensure that vCPE created now
2354 12.Now repeat step 4
2355 13.Verify ping success and flows added in OvS
2356 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2357
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2358 def test_vsg_for_vsg_vm_removed_and_added_again(self):
2359 """
2360 Algo:
2361 1.Create a vSG VM in compute node
2362 2.Create a vCPE container in vSG VM
2363 3.Ensure VM and containers created properly
2364 4.From subscriber end, send ping to public IP
2365 5.Verify ping gets success
2366 6.Verify ping success flows added in OvS
2367 7.Now remove vSG VM
2368 8.Now repeat step 4
2369 9.Verify that ping fails as vSG VM not exists
2370 10.Create the vSG VM and vCPE container in VM again
2371 11.Ensure that vSG and vCPE created
2372 12.Now repeat step 4
2373 13.Verify ping success and flows added in OvS
2374 """
2375
2376 #Test vSG - Subscriber Configuration
2377 def test_vsg_for_configuring_new_subscriber_in_vcpe(self):
2378 """
2379 Algo:
2380 1.Create a vSG VM in compute node
2381 2.Create a vCPE container in vSG VM
2382 3.Ensure VM and containers created properly
2383 4.Configure a subscriber in XOS and assign a service id
2384 5.Set the admin privileges to the subscriber
2385 6.Verify subscriber configuration is success
2386 """
2387 def test_vsg_for_adding_subscriber_devices_in_vcpe(self):
2388 """
2389 Algo:
2390 1.Create a vSG VM in compute node
2391 2.Create a vCPE container in vSG VM
2392 3.Ensure VM and containers created properly
2393 4.Configure a subscriber in XOS and assign a service id
2394 5.Verify subscriber successfully configured in vCPE
2395 6.Now add devices( Mac addresses ) under the subscriber admin group
2396 7.Verify all devices ( Macs ) added successfully
2397 """
2398 def test_vsg_for_removing_subscriber_devices_in_vcpe(self):
2399 """
2400 Algo:
2401 1.Create a vSG VM in compute node
2402 2.Create a vCPE container in vSG VM
2403 3.Ensure VM and containers created properly
2404 4.Configure a subscriber in XOS and assign a service id
2405 5.Verify subscriber successfully configured
2406 6.Now add devices( Mac addresses ) under the subscriber admin group
2407 7.Verify all devices ( Macs ) added successfully
2408 8.Now remove All the added devices in XOS
2409 9.Verify all the devices removed
2410 """
2411 def test_vsg_for_modify_subscriber_devices_in_vcpe(self):
2412 """
2413 Algo:
2414 1.Create a vSG VM in compute node
2415 2.Create a vCPE container in vSG VM
2416 3.Ensure VM and containers created properly
2417 4.Configure a user in XOS and assign a service id
2418 5.Verify subscriber successfully configured in vCPE.
2419 6.Now add devices( Mac addresses ) under the subscriber admin group
2420 7.Verify all devices ( Macs ) added successfully
2421 8.Now remove few devices in XOS
2422 9.Verify devices removed successfully
2423 10.Now add few additional devices in XOS under the same subscriber admin group
2424 11.Verify newly added devices successfully added
2425 """
2426 def test_vsg_for_vcpe_login_fails_with_incorrect_subscriber_credentials(self):
2427 """
2428 Algo:
2429 1.Create a vSG VM in compute node
2430 2.Create a vCPE container in vSG VM
2431 3.Ensure VM and containers created properly
2432 4.Configure a subscriber in XOS and assign a service id
2433 5.Verify subscriber successfully configured
2434 6.Now add devices( Mac addresses ) under the subscriber admin group
2435 7.Verify all devices ( Macs ) added successfully
2436 8.Login vCPE with credentials with which subscriber configured
2437 9.Verify subscriber successfully logged in
2438 10.Logout and login again with incorrect credentials ( either user name or password )
2439 11.Verify login attempt to vCPE fails wtih incorrect credentials
2440 """
2441 def test_vsg_for_subscriber_configuration_in_vcpe_retain_after_vcpe_restart(self):
2442 """
2443 Algo:
2444 1.Create a vSG VM in compute node
2445 2.Create a vCPE container in vSG VM
2446 3.Ensure VM and containers created properly
2447 4.Configure a subscriber in XOS and assign a service id
2448 5.Verify subscriber successfully configured
2449 6.Now add devices( Mac addresses ) under the subscriber admin group
2450 7.Verify all devices ( Macs ) added successfully
2451 8.Restart vCPE ( locate backup config path while restart )
2452 9.Verify subscriber details in vCPE after restart should be same as before the restart
2453 """
2454 def test_vsg_for_create_multiple_vcpe_instances_and_configure_subscriber_in_each_instance(self):
2455 """
2456 Algo:
2457 1.Create a vSG VM in compute node
2458 2.Create 2 vCPE containers in vSG VM
2459 3.Ensure VM and containers created properly
2460 4.Configure a subscriber in XOS for each vCPE instance and assign a service id
2461 5.Verify subscribers successfully configured
2462 6.Now login vCPE-2 with subscriber-1 credentials
2463 7.Verify login fails
2464 8.Now login vCPE-1 with subscriber-2 credentials
2465 9.Verify login fails
2466 10.Now login vCPE-1 with subscriber-1 and vCPE-2 with subscriber-2 credentials
2467 11.Verify that both the subscribers able to login to their respective vCPE containers
2468 """
2469 def test_vsg_for_same_subscriber_can_be_configured_for_multiple_services(self):
2470 """
2471 Algo:
2472 1.Create 2 vSG VMs in compute node
2473 2.Create a vCPE container in each vSG VM
2474 3.Ensure VMs and containers created properly
2475 4.Configure same subscriber in XOS for each vCPE instance and assign a service id
2476 5.Verify subscriber successfully configured
2477 6.Now login vCPE-1 with subscriber credentials
2478 7.Verify login success
2479 8.Now login vCPE-2 with the same subscriber credentials
2480 9.Verify login success
2481 """
2482
2483 #Test Example Service
2484 def test_vsg_for_subcriber_avail_example_service_running_in_apache_server(self):
2485 """
2486 Algo:
2487 1.Create a vSG VM in compute node
2488 2.Create a vCPE container in each vSG VM
2489 3.Ensure VM and container created properly
2490 4.Configure a subscriber in XOS for the vCPE instance and assign a service id
2491 5.On-board an example service into cord pod
2492 6.Create a VM in compute node and run the example service ( Apache server )
2493 7.Configure the example service with service specific and subscriber specific messages
2494 8.Verify example service on-boarded successfully
2495 9.Verify example service running in VM
2496 10.Run a curl command from subscriber to reach example service
2497 11.Verify subscriber can successfully reach example service via vSG
2498 12.Verify that service specific and subscriber specific messages
2499 """
2500 def test_vsg_for_subcriber_avail_example_service_running_in_apache_server_after_service_restart(self):
2501 """
2502 Algo:
2503 1.Create a vSG VM in compute node
2504 2.Create a vCPE container in each vSG VM
2505 3.Ensure VM and container created properly
2506 4.Configure a subscriber in XOS for the vCPE instance and assign a service id
2507 5.On-board an example service into cord pod
2508 6.Create a VM in compute node and run the example service ( Apache server )
2509 7.Configure the example service with service specific and subscriber specific messages
2510 8.Verify example service on-boarded successfully
2511 9.Verify example service running in VM
2512 10.Run a curl command from subscriber to reach example service
2513 11.Verify subscriber can successfully reach example service via vSG
2514 12.Verify that service specific and subscriber specific messages
2515 13.Restart example service running in VM
2516 14.Repeat step 10
2517 15.Verify the same results as mentioned in steps 11, 12
2518 """
2519
2520 #vCPE Firewall Functionality
2521 def test_vsg_firewall_for_creating_acl_rule_based_on_source_ip(self):
2522 """
2523 Algo:
2524 1.Create a vSG VM in compute node
2525 2.Create vCPE container in the VM
2526 3.Ensure vSG VM and vCPE container created properly
2527 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
2528 5.Bound the acl rule to WAN interface of vCPE
2529 6.Verify configuration in vCPE is success
2530 8.Verify flows added in OvS
2531 """
2532 def test_vsg_firewall_for_creating_acl_rule_based_on_destination_ip(self):
2533 """
2534 Algo:
2535 1.Create a vSG VM in compute node
2536 2.Create vCPE container in the VM
2537 3.Ensure vSG VM and vCPE container created properly
2538 4.Configure ac acl rule in vCPE to deny IP traffic to a destination ip
2539 5.Bound the acl rule to WAN interface of vCPE
2540 6.Verify configuration in vCPE is success
2541 8.Verify flows added in OvS
2542 """
2543 def test_vsg_firewall_for_acl_deny_rule_based_on_source_ip_traffic(self):
2544 """
2545 Algo:
2546 1.Create a vSG VM in compute node
2547 2.Create vCPE container in the VM
2548 3.Ensure vSG VM and vCPE container created properly
2549 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
2550 5.Bound the acl rule to WAN interface of vCPE
2551 6.From subscriber, send ping to the denied IP address
2552 7.Verify that ping fails as vCPE denies ping response
2553 8.Verify flows added in OvS
2554 """
2555 def test_vsg_firewall_for_acl_deny_rule_based_on_destination_ip_traffic(self):
2556 """
2557 Algo:
2558 1.Create a vSG VM in compute node
2559 2.Create vCPE container in the VM
2560 3.Ensure vSG VM and vCPE container created properly
2561 4.Configure ac acl rule in vCPE to deny IP traffic to a destination IP
2562 5.Bound the acl rule to WAN interface of vCPE
2563 6.From subscriber, send ping to the denied IP address
2564 7.Verify that ping fails as vCPE drops the ping request at WAN interface
2565 8.Verify flows added in OvS
2566 """
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]2567
2568 def test_vsg_dnsmasq(self):
2569 pass
2570
2571 def test_vsg_with_external_parental_control_family_shield_for_filter(self):
2572 pass
2573
2574 def test_vsg_with_external_parental_control_with_answerx(self):
2575 pass
2576
2577 def test_vsg_for_subscriber_upstream_bandwidth(self):
2578 pass
2579
2580 def test_vsg_for_subscriber_downstream_bandwidth(self):
2581 pass
2582
2583 def test_vsg_for_diagnostic_run_of_traceroute(self):
2584 pass
2585
2586 def test_vsg_for_diagnostic_run_of_tcpdump(self):
2587 pass
2588
2589 def test_vsg_for_iptable_rules(self):
2590 pass
2591
2592 def test_vsg_for_iptables_with_neutron(self):
2593 pass