Gitiles
Code Review Sign In
gerrit.opencord.org / cord-tester / 378ea8b6c1ff346b6770c9874c0f46b67911623e / . / src / test / vsg / vsgTest.py
blob: 2c981e823934d34d28c26ca2878076ff1f66c969 [file] [log] [blame]
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]1#copyright 2016-present Ciena Corporation
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14#
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]15import time
16import os
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]17import sys
18import json
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]19from nose.tools import *
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]20from twisted.internet import defer
21from nose.twistedtools import reactor, deferred
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]22from CordTestUtils import *
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]23from OltConfig import OltConfig
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]24from onosclidriver import OnosCliDriver
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]25from SSHTestAgent import SSHTestAgent
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]26from CordLogger import CordLogger
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]27from VSGAccess import VSGAccess
A R Karthick933f5b52017-03-27 15:27:16 -0700[diff] [blame]28from CordTestUtils import log_test as log
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]29from CordTestConfig import setup_module, running_on_ciab
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]30from OnosCtrl import OnosCtrl
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]31
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]32log.setLevel('INFO')
33
34class vsg_exchange(CordLogger):
35 ONOS_INSTANCES = 3
36 V_INF1 = 'veth0'
37 device_id = 'of:' + get_mac()
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]38 TEST_IP = '8.8.8.8'
39 HOST = "10.1.0.1"
40 USER = "vagrant"
41 PASS = "vagrant"
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]42 head_node = os.getenv('HEAD_NODE', 'prod')
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]43 HEAD_NODE = head_node + '.cord.lab' if len(head_node.split('.')) == 1 else head_node
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]44 test_path = os.path.dirname(os.path.realpath(__file__))
45 olt_conf_file = os.path.join(test_path, '..', 'setup/olt_config.json')
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]46 restApiXos = None
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]47 subscriber_account_num = 200
48 subscriber_s_tag = 304
49 subscriber_c_tag = 304
50 subscribers_per_s_tag = 8
51 subscriber_map = {}
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]52 subscriber_info = []
53 volt_subscriber_info = []
A R Karthick9a16a112017-04-07 15:40:05 -0700[diff] [blame]54 restore_methods = []
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]55 TIMEOUT=120
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]56 FABRIC_PORT_HEAD_NODE = 1
57 FABRIC_PORT_COMPUTE_NODE = 2
58 APP_NAME = 'org.ciena.xconnect'
59 APP_FILE = os.path.join(test_path, '..', 'apps/xconnect-1.0-SNAPSHOT.oar')
A.R Karthick50f4d9a2017-04-20 16:44:19 -0700[diff] [blame]60 NUM_SUBSCRIBERS = 5
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]61
62 @classmethod
63 def getSubscriberCredentials(cls, subId):
64 """Generate our own account num, s_tag and c_tags"""
65 if subId in cls.subscriber_map:
66 return cls.subscriber_map[subId]
67 account_num = cls.subscriber_account_num
68 cls.subscriber_account_num += 1
69 s_tag, c_tag = cls.subscriber_s_tag, cls.subscriber_c_tag
70 cls.subscriber_c_tag += 1
71 if cls.subscriber_c_tag % cls.subscribers_per_s_tag == 0:
72 cls.subscriber_s_tag += 1
73 cls.subscriber_map[subId] = account_num, s_tag, c_tag
74 return cls.subscriber_map[subId]
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]75
76 @classmethod
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]77 def getXosCredentials(cls):
78 onos_cfg = OnosCtrl.get_config()
79 if onos_cfg is None:
80 return None
81 if 'apps' in onos_cfg and \
82 'org.opencord.vtn' in onos_cfg['apps'] and \
83 'cordvtn' in onos_cfg['apps']['org.opencord.vtn'] and \
84 'xos' in onos_cfg['apps']['org.opencord.vtn']['cordvtn']:
85 xos_cfg = onos_cfg['apps']['org.opencord.vtn']['cordvtn']['xos']
86 endpoint = xos_cfg['endpoint']
87 user = xos_cfg['user']
88 password = xos_cfg['password']
89 xos_endpoints = endpoint.split(':')
90 xos_host = xos_endpoints[1][len('//'):]
91 xos_port = xos_endpoints[2][:-1]
92 #log.info('xos_host: %s, port: %s, user: %s, password: %s' %(xos_host, xos_port, user, password))
93 return dict(host = xos_host, port = xos_port, user = user, password = password)
94
95 return None
96
97 @classmethod
A.R Karthick50f4d9a2017-04-20 16:44:19 -0700[diff] [blame]98 def getSubscriberConfig(cls, num_subscribers):
99 features = {
100 'cdn': True,
101 'uplink_speed': 1000000000,
102 'downlink_speed': 1000000000,
103 'uverse': True,
104 'status': 'enabled'
105 }
106 subscriber_map = []
107 for i in xrange(num_subscribers):
108 subId = 'sub{}'.format(i)
109 account_num, _, _ = cls.getSubscriberCredentials(subId)
110 identity = { 'account_num' : str(account_num),
111 'name' : 'My House {}'.format(i)
112 }
113 sub_info = { 'features' : features,
114 'identity' : identity
115 }
116 subscriber_map.append(sub_info)
117
118 return subscriber_map
119
120 @classmethod
121 def getVoltSubscriberConfig(cls, num_subscribers):
122 voltSubscriberMap = []
123 for i in xrange(num_subscribers):
124 subId = 'sub{}'.format(i)
125 account_num, s_tag, c_tag = cls.getSubscriberCredentials(subId)
126 voltSubscriberInfo = {}
127 voltSubscriberInfo['voltTenant'] = dict(s_tag = str(s_tag),
128 c_tag = str(c_tag),
129 subscriber = '')
130 voltSubscriberInfo['account_num'] = account_num
131 voltSubscriberMap.append(voltSubscriberInfo)
132
133 return voltSubscriberMap
134
135 @classmethod
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]136 def setUpCordApi(cls):
137 our_path = os.path.dirname(os.path.realpath(__file__))
138 cord_api_path = os.path.join(our_path, '..', 'cord-api')
139 framework_path = os.path.join(cord_api_path, 'Framework')
140 utils_path = os.path.join(framework_path, 'utils')
141 data_path = os.path.join(cord_api_path, 'Tests', 'data')
142 subscriber_cfg = os.path.join(data_path, 'Subscriber.json')
143 volt_tenant_cfg = os.path.join(data_path, 'VoltTenant.json')
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]144 num_subscribers = max(cls.NUM_SUBSCRIBERS, 5)
145 cls.subscriber_info = cls.getSubscriberConfig(num_subscribers)
146 cls.volt_subscriber_info = cls.getVoltSubscriberConfig(num_subscribers)
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]147
148 sys.path.append(utils_path)
149 sys.path.append(framework_path)
150 from restApi import restApi
151 restApiXos = restApi()
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]152 xos_credentials = cls.getXosCredentials()
153 if xos_credentials is None:
154 restApiXos.controllerIP = cls.HEAD_NODE
155 restApiXos.controllerPort = '9000'
156 else:
157 restApiXos.controllerIP = xos_credentials['host']
158 restApiXos.controllerPort = xos_credentials['port']
159 restApiXos.user = xos_credentials['user']
160 restApiXos.password = xos_credentials['password']
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]161 cls.restApiXos = restApiXos
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]162
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]163 @classmethod
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]164 def closeVCPEAccess(cls, volt_subscriber_info):
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]165 """
166 Disabled uninstall app for now to disable deletion of flows on leaf-switch
167 """
168 return
169 #OnosCtrl.uninstall_app(cls.APP_NAME, onos_ip = cls.HEAD_NODE)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]170
171 @classmethod
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]172 def openVCPEAccess(cls, volt_subscriber_info):
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]173 """
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]174 This code is used to configure leaf switch for head node access to compute node over fabric.
175 Care is to be taken to avoid overwriting existing/default vcpe flows.
176 The access is opened for generated subscriber info which should not overlap.
177 We target the fabric onos instance on head node.
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]178 """
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]179 OnosCtrl.install_app(cls.APP_FILE, onos_ip = cls.HEAD_NODE)
180 time.sleep(2)
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]181 s_tags = map(lambda tenant: int(tenant['voltTenant']['s_tag']), volt_subscriber_info)
182 #only get unique vlan tags
183 s_tags = list(set(s_tags))
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]184 devices = OnosCtrl.get_device_ids(controller = cls.HEAD_NODE)
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]185 if devices:
186 device_config = {}
187 for device in devices:
188 device_config[device] = []
189 for s_tag in s_tags:
190 xconnect_config = {'vlan': s_tag, 'ports' : [ cls.FABRIC_PORT_HEAD_NODE, cls.FABRIC_PORT_COMPUTE_NODE ] }
191 device_config[device].append(xconnect_config)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]192
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]193 cfg = { 'apps' : { 'org.ciena.xconnect' : { 'xconnectTestConfig' : device_config } } }
194 OnosCtrl.config(cfg, controller = cls.HEAD_NODE)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]195
196 @classmethod
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]197 def setUpClass(cls):
198 cls.controllers = get_controllers()
199 cls.controller = cls.controllers[0]
200 cls.cli = None
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]201 cls.on_pod = running_on_pod()
202 cls.on_ciab = running_on_ciab()
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]203 cls.olt = OltConfig(olt_conf_file = cls.olt_conf_file)
204 cls.vcpes = cls.olt.get_vcpes()
205 cls.vcpes_dhcp = cls.olt.get_vcpes_by_type('dhcp')
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]206 cls.vcpes_reserved = cls.olt.get_vcpes_by_type('reserved')
207 cls.dhcp_vcpes_reserved = [ 'vcpe{}.{}.{}'.format(i, cls.vcpes_reserved[i]['s_tag'], cls.vcpes_reserved[i]['c_tag'])
208 for i in xrange(len(cls.vcpes_reserved)) ]
209 cls.untagged_dhcp_vcpes_reserved = [ 'vcpe{}'.format(i) for i in xrange(len(cls.vcpes_reserved)) ]
210 cls.container_vcpes_reserved = [ 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag']) for vcpe in cls.vcpes_reserved ]
211 vcpe_dhcp_reserved = None
212 vcpe_container_reserved = None
213 if cls.vcpes_reserved:
214 vcpe_dhcp_reserved = cls.dhcp_vcpes_reserved[0]
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]215 if cls.on_pod is False:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]216 vcpe_dhcp_reserved = cls.untagged_dhcp_vcpes_reserved[0]
217 vcpe_container_reserved = cls.container_vcpes_reserved[0]
218
219 cls.vcpe_dhcp_reserved = vcpe_dhcp_reserved
220 cls.vcpe_container_reserved = vcpe_container_reserved
221 dhcp_vcpe_offset = len(cls.vcpes_reserved)
A R Karthick927129c2017-04-25 14:08:02 -0700[diff] [blame]222 cls.dhcp_vcpes = [ 'vcpe{}.{}.{}'.format(i+dhcp_vcpe_offset, cls.vcpes_dhcp[i]['s_tag'], cls.vcpes_dhcp[i]['c_tag'])
223 for i in xrange(len(cls.vcpes_dhcp)) ]
224 cls.untagged_dhcp_vcpes = [ 'vcpe{}'.format(i+dhcp_vcpe_offset) for i in xrange(len(cls.vcpes_dhcp)) ]
225 cls.container_vcpes = [ 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag']) for vcpe in cls.vcpes_dhcp ]
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]226 vcpe_dhcp = None
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]227 vcpe_container = None
228 #cache the first dhcp vcpe in the class for quick testing
229 if cls.vcpes_dhcp:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]230 vcpe_container = cls.container_vcpes[0]
231 vcpe_dhcp = cls.dhcp_vcpes[0]
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]232 if cls.on_pod is False:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]233 vcpe_dhcp = cls.untagged_dhcp_vcpes[0]
234 cls.vcpe_container = vcpe_container_reserved or vcpe_container
235 cls.vcpe_dhcp = vcpe_dhcp_reserved or vcpe_dhcp
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]236 VSGAccess.setUp()
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]237 cls.setUpCordApi()
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]238 if cls.on_pod is True:
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]239 cls.openVCPEAccess(cls.volt_subscriber_info)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]240
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]241 @classmethod
242 def tearDownClass(cls):
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]243 VSGAccess.tearDown()
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]244 if cls.on_pod is True:
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]245 cls.closeVCPEAccess(cls.volt_subscriber_info)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]246
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]247 def cliEnter(self, controller = None):
248 retries = 0
249 while retries < 30:
250 self.cli = OnosCliDriver(controller = controller, connect = True)
251 if self.cli.handle:
252 break
253 else:
254 retries += 1
255 time.sleep(2)
256
257 def cliExit(self):
258 self.cli.disconnect()
259
260 def onos_shutdown(self, controller = None):
261 status = True
262 self.cliEnter(controller = controller)
263 try:
264 self.cli.shutdown(timeout = 10)
265 except:
266 log.info('Graceful shutdown of ONOS failed for controller: %s' %controller)
267 status = False
268
269 self.cliExit()
270 return status
271
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]272 def log_set(self, level = None, app = 'org.onosproject'):
273 CordLogger.logSet(level = level, app = app, controllers = self.controllers, forced = True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]274
A R Karthick9a16a112017-04-07 15:40:05 -0700[diff] [blame]275 @classmethod
276 def get_dhcp(cls, vcpe, mgmt = 'eth0'):
277 """Get DHCP for vcpe interface saving management settings"""
278
279 def put_dhcp():
280 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
281
282 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
283 if vcpe_ip is not None:
284 cls.restore_methods.append(put_dhcp)
285 return vcpe_ip
286
287 @classmethod
288 def config_restore(cls):
289 """Restore the vsg test configuration on test case failures"""
290 for restore_method in cls.restore_methods:
291 restore_method()
292
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]293 def get_vsg_vcpe_pair(self):
294 vcpes = self.vcpes_dhcp
295 vcpe_containers = []
296 vsg_vcpe = {}
297 for vcp in vcpes:
298 vcpe_container = 'vcpe-{}-{}'.format(vcp['s_tag'], vcp['c_tag'])
299 vcpe_containers.append(vcpe_container)
300 vsg = VSGAccess.get_vcpe_vsg(vcpe_container)
301 vsg_vcpe[vcpe_container]=str(vsg.get_ip())
302 return vsg_vcpe
303
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]304 def get_vcpe_containers_and_interfaces(self):
305 vcpe_containers = {}
306 vcpe_interfaces = []
307 vcpes = self.vcpes_dhcp
308 count = 0
309 for vcpe in vcpes:
310 vcpe_intf = 'vcpe{}.{}.{}'.format(count,vcpe['s_tag'],vcpe['c_tag'])
311 vcpe_interfaces.append(vcpe_intf)
312 vcpe_container = 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag'])
313 vcpe_containers[vcpe_intf] = vcpe_container
314 count += 1
315 log.info('vcpe interfaces are %s'%vcpe_interfaces)
316 log.info('vcpe containers are %s'%vcpe_containers)
317 return vcpe_interfaces,vcpe_containers
318
319 def get_vcpe_interface_dhcp_ip(self,vcpe=None):
320 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]321 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]322 st, _ = getstatusoutput('dhclient {}'.format(vcpe))
323 vcpe_ip = get_ip(vcpe)
324 return vcpe_ip
325
326 def release_vcpe_interface_dhcp_ip(self,vcpe=None):
327 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]328 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]329 st, _ = getstatusoutput('dhclient {} -r'.format(vcpe))
330 vcpe_ip = get_ip(vcpe)
331 assert_equal(vcpe_ip, None)
332
333 def add_static_route_via_vcpe_interface(self, routes, vcpe=None,dhcp_ip=True):
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]334 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]335 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]336 if dhcp_ip:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]337 os.system('dhclient '+vcpe)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]338 time.sleep(1)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]339 for route in routes:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]340 log.info('route is %s'%route)
341 cmd = 'ip route add ' + route + ' via 192.168.0.1 '+ 'dev ' + vcpe
342 cmds.append(cmd)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]343 for cmd in cmds:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]344 os.system(cmd)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]345 return True
346
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]347 def del_static_route_via_vcpe_interface(self,routes,vcpe=None,dhcp_release=True):
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]348 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]349 vcpe = self.vcpe_dhcp
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]350 cmds = []
351 for route in routes:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]352 cmd = 'ip route del ' + route + ' via 192.168.0.1 ' + 'dev ' + vcpe
353 os.system(cmd)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]354 if dhcp_release:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]355 os.system('dhclient '+vcpe+' -r')
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]356 return True
357
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]358 def test_vsg_multiple_subscribers_for_same_vcpe_instace(self):
359 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
360 for vcpe in vcpe_intfs:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]361 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
362 assert_not_equal(vcpe_ip,None)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]363 for vcpe in vcpe_intfs:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]364 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]365
366 def test_vsg_multiple_subscribers_for_same_vcpe_instance_ping_to_external_connectivity(self):
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]367 host = '8.8.8.8'
368 vcpe_intfs, containers = self.get_vcpe_containers_and_interfaces()
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]369 for vcpe in vcpe_intfs:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]370 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
371 assert_not_equal(vcpe_ip,None)
372 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe,dhcp_ip=False)
373 st, _ = getstatusoutput('ping -I {} -c 3 {}'.format(vcpe,host))
374 assert_equal(st, 0)
375 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe,dhcp_release=False)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]376 for vcpe in vcpe_intfs:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]377 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]378
379 def test_vsg_vcpe_interface_gets_dhcp_ip_after_interface_toggle(self):
380 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
381 for vcpe in vcpe_intfs:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]382 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
383 assert_not_equal(vcpe_ip,None)
384 os.system('ifconfig {} down'.format(vcpe))
385 time.sleep(1)
386 os.system('ifconfig {} up'.format(vcpe))
387 time.sleep(1)
388 vcpe_ip2 = get_ip(vcpe)
389 assert_equal(vcpe_ip2,vcpe_ip)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]390 for vcpe in vcpe_intfs:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]391 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]392
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]393 def test_vsg_health(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]394 """
395 Algo:
396 1. Login to compute node VM
397 2. Get all vSGs
398 3. Ping to all vSGs
399 4. Verifying Ping success
400 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]401 status = True
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]402 if self.on_pod is True:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]403 status = VSGAccess.health_check()
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]404 assert_equal(status, True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]405
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]406 def test_vsg_health_check(self, vsg_name='mysite_vsg-1', verify_status=True):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]407 """
408 Algo:
409 1. If vsg name not specified, Get vsg corresponding to vcpe
410 1. Login to compute mode VM
411 3. Ping to the vSG
412 4. Verifying Ping success
413 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]414 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]415 return
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]416 if not vsg_name:
417 vcpe = self.vcpe_container
418 vsg = VSGAccess.get_vcpe_vsg(vcpe)
419 status = vsg.get_health()
420 assert_equal(status, verify_status)
421 else:
422 vsgs = VSGAccess.get_vsgs()
423 status = None
424 for vsg in vsgs:
425 if vsg.name == vsg_name:
426 status = vsg.get_health()
427 log.info('vsg health check status is %s'%status)
428 assert_equal(status,verify_status)
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]429
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]430 @deferred(TIMEOUT)
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]431 def test_vsg_for_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]432 """
433 Algo:
434 1. Get list of all compute nodes created using Openstack
435 2. Login to compute mode VM
436 3. Get all vSGs
437 4. Verifying atleast one compute node and one vSG created
438 """
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]439 df = defer.Deferred()
440 def vsg_for_vcpe_df(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]441 if self.on_pod is True:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]442 vsgs = VSGAccess.get_vsgs()
443 compute_nodes = VSGAccess.get_compute_nodes()
444 time.sleep(14)
445 assert_not_equal(len(vsgs), 0)
446 assert_not_equal(len(compute_nodes), 0)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]447 df.callback(0)
448 reactor.callLater(0,vsg_for_vcpe_df,df)
449 return df
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]450
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]451 def test_vsg_for_login(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]452 """
453 Algo:
454 1. Login to compute node VM
455 2. Get all vSGs
456 3. Verifying login to vSG is success
457 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]458 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]459 return
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]460 vsgs = VSGAccess.get_vsgs()
461 vsg_access_status = map(lambda vsg: vsg.check_access(), vsgs)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]462 status = filter(lambda st: st == False, vsg_access_status)
463 assert_equal(len(status), 0)
464
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]465 def test_vsg_for_default_route_through_testclient(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]466 """
467 Algo:
468 1. Login to head node
469 2. Verifying for default route in lxc test client
470 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]471 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]472 return
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]473 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
474 cmd = "sudo lxc exec testclient -- route | grep default"
475 status, output = ssh_agent.run_cmd(cmd)
476 assert_equal(status, True)
477
478 def test_vsg_for_external_connectivity_through_testclient(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]479 """
480 Algo:
481 1. Login to head node
482 2. On head node, executing ping to 8.8.8.8 from lxc test client
483 3. Verifying for the ping success
484 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]485 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]486 return
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]487 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
488 cmd = "lxc exec testclient -- ping -c 3 8.8.8.8"
489 status, output = ssh_agent.run_cmd(cmd)
490 assert_equal( status, True)
491
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]492 def vsg_for_external_connectivity(self, subscriber_index, reserved = False):
493 if reserved is True:
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]494 if self.on_pod is True:
495 vcpe = self.dhcp_vcpes_reserved[subscriber_index]
496 else:
497 vcpe = self.untagged_dhcp_vcpes_reserved[subscriber_index]
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]498 else:
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]499 if self.on_pod is True:
500 vcpe = self.dhcp_vcpes[subscriber_index]
501 else:
502 vcpe = self.untagged_dhcp_vcpes[subscriber_index]
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]503 mgmt = 'eth0'
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]504 host = '8.8.8.8'
505 self.success = False
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]506 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]507 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]508 assert_not_equal(vcpe_ip, None)
509 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
510 log.info('Sending icmp echo requests to external network 8.8.8.8')
511 st, _ = getstatusoutput('ping -c 3 8.8.8.8')
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]512 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]513 assert_equal(st, 0)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]514
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]515 def test_vsg_for_external_connectivity(self):
516 """
517 Algo:
518 1. Get dhcp IP to vcpe interface in cord-tester
519 2. Verifying vcpe interface gets dhcp IP
520 3. Ping to 8.8.8.8 and Verifying ping should success
521 4. Restoring management interface configuration in cord-tester
522 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]523 reserved = True
524 if self.on_pod:
525 reserved = self.on_ciab
526 self.vsg_for_external_connectivity(0, reserved = reserved)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]527
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]528 def test_vsg_for_external_connectivity_to_google(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]529 """
530 Algo:
531 1. Get dhcp IP to vcpe interface in cord-tester
532 2. Verifying vcpe interface gets dhcp IP
533 3. Ping to www.google.com and Verifying ping should success
534 4. Restoring management interface configuration in cord-tester
535 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]536 host = 'www.google.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]537 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]538 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]539 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]540 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]541 assert_not_equal(vcpe_ip, None)
542 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
543 log.info('Sending icmp ping requests to %s' %host)
544 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]545 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]546 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]547
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]548 def test_vsg_for_external_connectivity_to_invalid_host(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]549 """
550 Algo:
551 1. Get dhcp IP to vcpe interface in cord-tester
552 2. Verifying vcpe interface gets dhcp IP
553 3. Ping to www.goglee.com and Verifying ping should not success
554 4. Restoring management interface configuration in cord-tester
555 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]556 host = 'www.goglee.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]557 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]558 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]559 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]560 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]561 assert_not_equal(vcpe_ip, None)
562 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
563 log.info('Sending icmp ping requests to non existent host %s' %host)
564 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]565 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]566 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]567
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]568 def test_vsg_for_external_connectivity_with_ttl_1(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]569 """
570 Algo:
571 1. Get dhcp IP to vcpe interface in cord-tester
572 2. Verifying vcpe interface gets dhcp IP
573 3. Ping to 8.8.8.8 with ttl set to 1
574 4. Verifying ping should not success
575 5. Restoring management interface configuration in cord-tester
576 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]577 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]578 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]579 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]580 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]581 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]582 assert_not_equal(vcpe_ip, None)
583 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
584 log.info('Sending icmp ping requests to host %s with ttl 1' %host)
585 st, _ = getstatusoutput('ping -c 1 -t 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]586 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]587 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]588
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]589 def test_vsg_for_external_connectivity_with_wan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]590 """
591 Algo:
592 1. Get dhcp IP to vcpe interface in cord-tester
593 2. Verifying vcpe interface gets dhcp IP
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]594 3. Ping to 8.8.8.8 and Verifying ping succeeds
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]595 4. Now down the WAN interface of vcpe
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]596 5. Ping to 8.8.8.8 and Verifying ping fails
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]597 6. Now Up the WAN interface of vcpe
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]598 7. Ping to 8.8.8.8 and Verifying ping succeeds
599 8. Restoring management interface configuration in cord-tester
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]600 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]601 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]602 return
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]603 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]604 mgmt = 'eth0'
605 vcpe = self.vcpe_container
606 assert_not_equal(vcpe, None)
607 assert_not_equal(self.vcpe_dhcp, None)
608 #first get dhcp on the vcpe interface
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]609 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
610 assert_not_equal(vcpe_ip, None)
611 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
612 log.info('Sending ICMP pings to host %s' %(host))
613 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
614 if st != 0:
615 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
616 assert_equal(st, 0)
617 #bring down the wan interface and check again
618 st = VSGAccess.vcpe_wan_down(vcpe)
619 if st is False:
620 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
621 assert_equal(st, True)
622 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
623 if st == 0:
624 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
625 assert_not_equal(st, 0)
626 st = VSGAccess.vcpe_wan_up(vcpe)
627 if st is False:
628 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
629 assert_equal(st, True)
630 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
631 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
632 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]633
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]634 def test_vsg_for_external_connectivity_with_lan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]635 """
636 Algo:
637 1. Get dhcp IP to vcpe interface in cord-tester
638 2. Verifying vcpe interface gets dhcp IP
639 3. Ping to 8.8.8.8 and Verifying ping should success
640 4. Now down the LAN interface of vcpe
641 5. Ping to 8.8.8.8 and Verifying ping should not success
642 6. Now Up the LAN interface of vcpe
643 7. Ping to 8.8.8.8 and Verifying ping should success
644 8. Restoring management interface configuration in cord-tester
645 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]646 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]647 return
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]648 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]649 mgmt = 'eth0'
650 vcpe = self.vcpe_container
651 assert_not_equal(vcpe, None)
652 assert_not_equal(self.vcpe_dhcp, None)
653 #first get dhcp on the vcpe interface
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]654 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
655 assert_not_equal(vcpe_ip, None)
656 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
657 log.info('Sending ICMP pings to host %s' %(host))
658 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
659 if st != 0:
660 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
661 assert_equal(st, 0)
662 #bring down the lan interface and check again
663 st = VSGAccess.vcpe_lan_down(vcpe)
664 if st is False:
665 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
666 assert_equal(st, True)
667 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
668 if st == 0:
669 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
670 assert_not_equal(st, 0)
671 st = VSGAccess.vcpe_lan_up(vcpe)
672 if st is False:
673 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
674 assert_equal(st, True)
675 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
676 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
677 assert_equal(st, 0)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]678
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]679 @deferred(TIMEOUT)
680 def test_vsg_for_external_connectivity_with_vcpe_container_paused(self,vcpe_name=None,vcpe_intf=None):
681 """
682 Algo:
683 1. Get vSG corresponding to vcpe
684 2. Get dhcp ip to vcpe interface
685 3. Add static route to destination route in test container
686 4. From test container ping to destination route and verify ping success
687 5. Login to compute node and execute command to pause vcpe container
688 6. From test container ping to destination route and verify ping success
689 """
690 if not vcpe_name:
691 vcpe_name = self.vcpe_container
692 if not vcpe_intf:
693 vcpe_intf = self.vcpe_dhcp
694 df = defer.Deferred()
695 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]696 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]697 df.callback(0)
698 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]699 host = '8.8.8.8'
700 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
701 try:
702 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
703 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
704 assert_equal(st, False)
705 st, _ = vsg.run_cmd('sudo docker pause {}'.format(vcpe_name))
706 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
707 assert_equal(st, False)
708 finally:
709 vsg.run_cmd('sudo docker unpause'.format(vcpe_name))
710 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
711 df.callback(0)
712 reactor.callLater(0, vcpe_firewall, df)
713 return df
714
715 @deferred(TIMEOUT)
716 def test_vsg_firewall_with_deny_destination_ip(self, vcpe_name=None, vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]717 """
718 Algo:
719 1. Get vSG corresponding to vcpe
720 2. Login to compute node
721 3. Execute iptable command on vcpe from compute node to deny a destination IP
722 4. From cord-tester ping to the denied IP address
723 5. Verifying that ping should not be successful
724 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]725 if not vcpe_name:
726 vcpe_name = self.vcpe_container
727 if not vcpe_intf:
728 vcpe_intf = self.vcpe_dhcp
729 df = defer.Deferred()
730 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]731 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]732 df.callback(0)
733 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]734 host = '8.8.8.8'
735 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
736 try:
737 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
738 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
739 assert_equal(st, False)
740 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
741 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
742 assert_equal(st, True)
743 finally:
744 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
745 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
746 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
747 df.callback(0)
748 reactor.callLater(0, vcpe_firewall, df)
749 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]750
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]751 @deferred(TIMEOUT)
752 def test_vsg_firewall_with_rule_add_and_delete_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]753 """
754 Algo:
755 1. Get vSG corresponding to vcpe
756 2. Login to compute node
757 3. Execute iptable command on vcpe from compute node to deny a destination IP
758 4. From cord-tester ping to the denied IP address
759 5. Verifying that ping should not be successful
760 6. Delete the iptable rule in vcpe
761 7. From cord-tester ping to the denied IP address
762 8. Verifying the ping should success
763 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]764 if not vcpe_name:
765 vcpe_name = self.vcpe_container
766 if not vcpe_intf:
767 vcpe_intf = self.vcpe_dhcp
768 df = defer.Deferred()
769 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]770 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]771 df.callback(0)
772 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]773 host = '8.8.8.8'
774 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
775 try:
776 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
777 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
778 assert_equal(st, False)
779 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
780 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
781 assert_equal(st, True)
782 st,_ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
783 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
784 assert_equal(st, False)
785 finally:
786 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
787 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
788 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
789 df.callback(0)
790 reactor.callLater(0, vcpe_firewall, df)
791 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]792
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]793 @deferred(TIMEOUT)
794 def test_vsg_firewall_verifying_reachability_for_non_blocked_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]795 """
796 Algo:
797 1. Get vSG corresponding to vcpe
798 2. Login to compute node
799 3. Execute iptable command on vcpe from compute node to deny a destination IP
800 4. From cord-tester ping to the denied IP address
801 5. Verifying that ping should not be successful
802 6. From cord-tester ping to the denied IP address other than the denied one
803 7. Verifying the ping should success
804 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]805 if not vcpe_name:
806 vcpe_name = self.vcpe_container
807 if not vcpe_intf:
808 vcpe_intf = self.vcpe_dhcp
809 df = defer.Deferred()
810 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]811 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]812 df.callback(0)
813 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]814 host1 = '8.8.8.8'
815 host2 = '204.79.197.203'
816 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
817 try:
818 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
819 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
820 assert_equal(st, False)
821 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
822 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
823 assert_equal(st, True)
824 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
825 assert_equal(st,False)
826 finally:
827 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
828 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
829 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
830 df.callback(0)
831 reactor.callLater(0, vcpe_firewall, df)
832 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]833
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]834 @deferred(TIMEOUT)
835 def test_vsg_firewall_appending_rules_with_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]836 """
837 Algo:
838 1. Get vSG corresponding to vcpe
839 2. Login to compute node
840 3. Execute iptable command on vcpe from compute node to deny a destination IP1
841 4. From cord-tester ping to the denied IP address IP1
842 5. Verifying that ping should not be successful
843 6. Execute iptable command on vcpe from compute node to deny a destination IP2
844 6. From cord-tester ping to the denied IP address IP2
845 7. Verifying that ping should not be successful
846 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]847 if not vcpe_name:
848 vcpe_name = self.vcpe_container
849 if not vcpe_intf:
850 vcpe_intf = self.vcpe_dhcp
851 df = defer.Deferred()
852 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]853 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]854 df.callback(0)
855 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]856 host1 = '8.8.8.8'
857 host2 = '204.79.197.203'
858 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
859 try:
860 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
861 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
862 assert_equal(st, False)
863 st,_ = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name))
864 time.sleep(2)
865 st,_ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
866 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
867 assert_equal(st, True)
868 st, out = getstatusoutput('ping -c 1 {}'.format(host2))
869 log.info('host2 ping output is %s'%out)
870 assert_equal(st, False)
871 st, _ = vsg.run_cmd('sudo docker exec {} iptables -A FORWARD -d {} -j DROP'.format(vcpe_name,host2))
872 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
873 assert_equal(st,True)
874 finally:
875 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
876 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
877 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
878 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
879 df.callback(0)
880 reactor.callLater(0, vcpe_firewall, df)
881 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]882
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]883 @deferred(TIMEOUT)
884 def test_vsg_firewall_removing_one_rule_denying_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]885 """
886 Algo:
887 1. Get vSG corresponding to vcpe
888 2. Login to compute node
889 3. Execute iptable command on vcpe from compute node to deny a destination IP1
890 4. Execute iptable command on vcpe from compute node to deny a destination IP2
891 5. From cord-tester ping to the denied IP address IP1
892 6. Verifying that ping should not be successful
893 7. From cord-tester ping to the denied IP address IP2
894 8. Verifying that ping should not be successful
895 9. Execute iptable command on vcpe from compute node to remove deny a destination IP2 rule
896 10. From cord-tester ping to the denied IP address IP2
897 11. Verifying the ping should success
898 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]899 if not vcpe_name:
900 vcpe_name = self.vcpe_container
901 if not vcpe_intf:
902 vcpe_intf = self.vcpe_dhcp
903 df = defer.Deferred()
904 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]905 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]906 df.callback(0)
907 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]908 host1 = '8.8.8.8'
909 host2 = '204.79.197.203'
910 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
911 try:
912 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp)
913 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
914 assert_equal(st, False)
915 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
916 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host2))
917 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
918 assert_equal(st, True)
919 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
920 assert_equal(st,True)
921 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
922 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
923 assert_equal(st,False)
924 finally:
925 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
926 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
927 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
928 log.info('restarting vcpe container')
929 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
930 df.callback(0)
931 reactor.callLater(0, vcpe_firewall, df)
932 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]933
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]934 @deferred(TIMEOUT)
935 def test_vsg_firewall_changing_rule_id_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]936 """
937 Algo:
938 1. Get vSG corresponding to vcpe
939 2. Login to compute node
940 3. Execute iptable command on vcpe from compute node to deny a destination IP
941 5. From cord-tester ping to the denied IP address IP1
942 6. Verifying that ping should not be successful
943 9. Execute iptable command on vcpe from compute node to change the rule ID to 2 to deny the same destination IP
944 10. From cord-tester ping to the denied IP address IP
945 11. Verifying that ping should not be successful
946 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]947 if not vcpe_name:
948 vcpe_name = self.vcpe_container
949 if not vcpe_intf:
950 vcpe_intf = self.vcpe_dhcp
951 df = defer.Deferred()
952 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]953 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]954 df.callback(0)
955 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]956 host = '8.8.8.8'
957 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
958 try:
959 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
960 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
961 assert_equal(st, False)
962 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
963 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
964 assert_equal(st, True)
965 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP '.format(vcpe_name,host))
966 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
967 assert_equal(st,True)
968 finally:
969 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
970 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
971 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
972 df.callback(0)
973 reactor.callLater(0, vcpe_firewall, df)
974 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]975
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]976 @deferred(TIMEOUT)
977 def test_vsg_firewall_changing_deny_rule_to_accept_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]978 """
979 Algo:
980 1. Get vSG corresponding to vcpe
981 2. Login to compute node
982 3. Execute iptable command on vcpe from compute node to deny a destination IP
983 5. From cord-tester ping to the denied IP address IP1
984 6. Verifying that ping should not be successful
985 9. Execute iptable command on vcpe from compute node to accept the same destination IP
986 10. From cord-tester ping to the accepted IP
987 11. Verifying the ping should success
988 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]989 if not vcpe_name:
990 vcpe_name = self.vcpe_container
991 if not vcpe_intf:
992 vcpe_intf = self.vcpe_dhcp
993 df = defer.Deferred()
994 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]995 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]996 df.callback(0)
997 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]998 host = '8.8.8.8'
999 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1000 try:
1001 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1002 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1003 assert_equal(st, False)
1004 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1005 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1006 assert_equal(st, True)
1007 st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -d {} -j ACCEPT'.format(vcpe_name,host))
1008 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1009 assert_equal(st,False)
1010 finally:
1011 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1012 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j ACCEPT'.format(vcpe_name,host))
1013 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1014 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1015 df.callback(0)
1016 reactor.callLater(0, vcpe_firewall, df)
1017 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1018
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1019 @deferred(TIMEOUT) #Fail
1020 def test_vsg_firewall_denying_destination_network(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1021 """
1022 Algo:
1023 1. Get vSG corresponding to vcpe
1024 2. Login to compute node
1025 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet
1026 4. From cord-tester ping to the denied IP address IP1 in the denied subnet
1027 5. Verifying that ping should not be successful
1028 6. From cord-tester ping to the denied IP address IP2 in the denied subnet
1029 7. Verifying that ping should not be successful
1030 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1031 if not vcpe_name:
1032 vcpe_name = self.vcpe_container
1033 if not vcpe_intf:
1034 vcpe_intf = self.vcpe_dhcp
1035 df = defer.Deferred()
1036 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1037 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1038 df.callback(0)
1039 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1040 network = '204.79.197.192/28'
1041 host1 = '204.79.197.203'
1042 host2 = '204.79.197.210'
1043 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1044 try:
1045 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp)
1046 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1047 assert_equal(st, False)
1048 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network))
1049 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1050 assert_equal(st, True)
1051 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1052 assert_equal(st,False)
1053 finally:
1054 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network))
1055 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
1056 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1057 df.callback(0)
1058 reactor.callLater(0, vcpe_firewall, df)
1059 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1060
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1061 @deferred(TIMEOUT)
1062 def test_vsg_firewall_denying_destination_network_subnet_modification(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1063 """
1064 Algo:
1065 1. Get vSG corresponding to vcpe
1066 2. Login to compute node
1067 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet
1068 4. From cord-tester ping to the denied IP address IP1 in the denied subnet
1069 5. Verifying that ping should not be successful
1070 6. From cord-tester ping to the denied IP address IP2 in the denied subnet
1071 7. Verifying that ping should not be successful
1072 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1073 if not vcpe_name:
1074 vcpe_name = self.vcpe_container
1075 if not vcpe_intf:
1076 vcpe_intf = self.vcpe_dhcp
1077 df = defer.Deferred()
1078 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1079 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1080 df.callback(0)
1081 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1082 network1 = '204.79.197.192/28'
1083 network2 = '204.79.197.192/27'
1084 host1 = '204.79.197.203'
1085 host2 = '204.79.197.210'
1086 host3 = '204.79.197.224'
1087 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1088 try:
1089 self.add_static_route_via_vcpe_interface([host1,host2,host3],vcpe=self.vcpe_dhcp)
1090 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1091 assert_equal(st, False)
1092 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network1))
1093 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1094 assert_equal(st, True)
1095 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1096 assert_equal(st,False)
1097 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP'.format(vcpe_name,network2))
1098 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1099 assert_equal(st, True)
1100 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1101 assert_equal(st, True)
1102 st, _ = getstatusoutput('ping -c 1 {}'.format(host3))
1103 assert_equal(st, False)
1104 finally:
1105 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network1))
1106 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network2))
1107 self.del_static_route_via_vcpe_interface([host1,host2,host3],vcpe=vcpe_intf)
1108 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1109 df.callback(0)
1110 reactor.callLater(0, vcpe_firewall, df)
1111 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1112
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1113 @deferred(TIMEOUT)
1114 def test_vsg_firewall_with_deny_source_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1115 """
1116 Algo:
1117 1. Get vSG corresponding to vcpe
1118 2. Login to compute node
1119 3. Execute iptable command on vcpe from compute node to deny a source IP
1120 4. From cord-tester ping to 8.8.8.8 from the denied IP
1121 5. Verifying that ping should not be successful
1122 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1123 if not vcpe_name:
1124 vcpe_name = self.vcpe_container
1125 if not vcpe_intf:
1126 vcpe_intf = self.vcpe_dhcp
1127 df = defer.Deferred()
1128 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1129 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1130 df.callback(0)
1131 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1132 host = '8.8.8.8'
1133 #source_ip = get_ip(self.vcpe_dhcp)
1134 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1135 try:
1136 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1137 source_ip = get_ip(self.vcpe_dhcp)
1138 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1139 assert_equal(st, False)
1140 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1141 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1142 assert_equal(st, True)
1143 finally:
1144 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1145 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1146 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1147 df.callback(0)
1148 reactor.callLater(0, vcpe_firewall, df)
1149 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1150
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1151 @deferred(TIMEOUT)
1152 def test_vsg_firewall_rule_with_add_and_delete_deny_source_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1153 """
1154 Algo:
1155 1. Get vSG corresponding to vcpe
1156 2. Login to compute node
1157 3. Execute iptable command on vcpe from compute node to deny a source IP
1158 4. From cord-tester ping to 8.8.8.8 from the denied IP
1159 5. Verifying that ping should not be successful
1160 6. Delete the iptable rule in vcpe
1161 7. From cord-tester ping to 8.8.8.8 from the denied IP
1162 8. Verifying the ping should success
1163 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1164 if not vcpe_name:
1165 vcpe_name = self.vcpe_container
1166 if not vcpe_intf:
1167 vcpe_intf = self.vcpe_dhcp
1168 df = defer.Deferred()
1169 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1170 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1171 df.callback(0)
1172 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1173 host = '8.8.8.8'
1174 source_ip = get_ip(self.vcpe_dhcp)
1175 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1176 try:
1177 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1178 source_ip = get_ip(self.vcpe_dhcp)
1179 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1180 assert_equal(st, False)
1181 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1182 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1183 assert_equal(st, True)
1184 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1185 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1186 assert_equal(st, False)
1187 finally:
1188 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1189 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1190 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1191 df.callback(0)
1192 reactor.callLater(0, vcpe_firewall, df)
1193 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1194
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1195 @deferred(TIMEOUT)
1196 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_requests_type(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1197 """
1198 Algo:
1199 1. Get vSG corresponding to vcpe
1200 2. Login to compute node
1201 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets
1202 4. From cord-tester ping to 8.8.8.8
1203 5. Verifying that ping should not be successful
1204 6. Delete the iptable rule
1205 7. From cord-tester ping to 8.8.8.8
1206 8. Verifying the ping should success
1207 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1208 if not vcpe_name:
1209 vcpe_name = self.vcpe_container
1210 if not vcpe_intf:
1211 vcpe_intf = self.vcpe_dhcp
1212 df = defer.Deferred()
1213 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1214 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1215 df.callback(0)
1216 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1217 host = '8.8.8.8'
1218 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1219 try:
1220 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1221 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1222 assert_equal(st, False)
1223 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1224 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1225 assert_equal(st, True)
1226 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1227 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1228 assert_equal(st, False)
1229 finally:
1230 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1231 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1232 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1233 df.callback(0)
1234 reactor.callLater(0, vcpe_firewall, df)
1235 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1236
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1237 @deferred(TIMEOUT)
1238 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1239 """
1240 Algo:
1241 1. Get vSG corresponding to vcpe
1242 2. Login to compute node
1243 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets
1244 4. From cord-tester ping to 8.8.8.8
1245 5. Verifying that ping should not be successful
1246 6. Delete the iptable rule
1247 7. From cord-tester ping to 8.8.8.8
1248 8. Verifying the ping should success
1249 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1250 if not vcpe_name:
1251 vcpe_name = self.vcpe_container
1252 if not vcpe_intf:
1253 vcpe_intf = self.vcpe_dhcp
1254 df = defer.Deferred()
1255 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1256 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1257 df.callback(0)
1258 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1259 host = '8.8.8.8'
1260 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1261 try:
1262 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1263 st, _ = getstatusoutput('ping -c 1 {}'.format('8.8.8.8'))
1264 assert_equal(st, False)
1265 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1266 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1267 assert_equal(st, True)
1268 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1269 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1270 assert_equal(st,False)
1271 finally:
1272 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1273 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1274 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1275 df.callback(0)
1276 reactor.callLater(0, vcpe_firewall, df)
1277 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1278
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1279 @deferred(TIMEOUT)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1280 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_requests_type(self, vcpe_name=None, vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1281 """
1282 Algo:
1283 1. Get vSG corresponding to vcpe
1284 2. Login to compute node
1285 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets
1286 4. From cord-tester ping to 8.8.8.8
1287 5. Verifying that ping should not be successful
1288 6. Insert another rule to accept the icmp-echo requests protocol packets
1289 7. From cord-tester ping to 8.8.8.8
1290 8. Verifying the ping should success
1291 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1292 if not vcpe_name:
1293 vcpe_name = self.vcpe_container
1294 if not vcpe_intf:
1295 vcpe_intf = self.vcpe_dhcp
1296 df = defer.Deferred()
1297 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1298 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1299 df.callback(0)
1300 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1301 host = '8.8.8.8'
1302 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1303 try:
1304 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1305 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1306 assert_equal(st, False)
1307 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1308 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1309 assert_equal(st, True)
1310 st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name))
1311 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1312 assert_equal(st,False)
1313 finally:
1314 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1315 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name))
1316 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1317 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1318 df.callback(0)
1319 reactor.callLater(0, vcpe_firewall, df)
1320 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1321
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1322 @deferred(TIMEOUT)
1323 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None):
1324 """
1325 Algo:
1326 1. Get vSG corresponding to vcpe
1327 2. Login to compute node
1328 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets
1329 4. From cord-tester ping to 8.8.8.8
1330 5. Verifying the ping should not success
1331 6. Insert another rule to accept the icmp-echo requests protocol packets
1332 7. From cord-tester ping to 8.8.8.8
1333 8. Verifying the ping should success
1334 """
1335 if not vcpe_name:
1336 vcpe_name = self.vcpe_container
1337 if not vcpe_intf:
1338 vcpe_intf = self.vcpe_dhcp
1339 df = defer.Deferred()
1340 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1341 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1342 df.callback(0)
1343 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1344 host = '8.8.8.8'
1345 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1346 try:
1347 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1348 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1349 assert_equal(st, False)
1350 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1351 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1352 assert_equal(st, True)
1353 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name))
1354 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1355 assert_equal(st,False)
1356 finally:
1357 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1358 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name))
1359 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1360 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1361 df.callback(0)
1362 reactor.callLater(0, vcpe_firewall, df)
1363 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1364
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1365 @deferred(TIMEOUT)
1366 def test_vsg_firewall_for_deny_icmp_protocol(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1367 """
1368 Algo:
1369 1. Get vSG corresponding to vcpe
1370 2. Login to compute node
1371 3. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1372 4. From cord-tester ping to 8.8.8.8
1373 5. Verifying that ping should not be successful
1374 6. Delete the iptable rule
1375 7. From cord-tester ping to 8.8.8.8
1376 8. Verifying the ping should success
1377 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1378 if not vcpe_name:
1379 vcpe_name = self.vcpe_container
1380 if not vcpe_intf:
1381 vcpe_intf = self.vcpe_dhcp
1382 df = defer.Deferred()
1383 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1384 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1385 df.callback(0)
1386 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1387 host = '8.8.8.8'
1388 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1389 try:
1390 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1391 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1392 assert_equal(st, False)
1393 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1394 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1395 assert_equal(st, True)
1396 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1397 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1398 assert_equal(st,False)
1399 finally:
1400 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1401 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1402 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1403 df.callback(0)
1404 reactor.callLater(0, vcpe_firewall, df)
1405 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1406
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1407 @deferred(TIMEOUT)
1408 def test_vsg_firewall_rule_deny_icmp_protocol_and_destination_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1409 """
1410 Algo:
1411 1. Get vSG corresponding to vcpe
1412 2. Login to compute node
1413 3. Execute iptable command on vcpe from compute node to deny a destination IP
1414 4. From cord-tester ping to 8.8.8.8
1415 5. Verifying that ping should not be successful
1416 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1417 7. From cord-tester ping to 8.8.8.8
1418 8. Verifying the ping should success
1419 9. Delete the rule added in step 3
1420 10. From cord-tester ping to 8.8.8.8
1421 11. Verifying that ping should not be successful
1422 12. Delete the rule added in step 6
1423 13. From cord-tester ping to 8.8.8.8
1424 14. Verifying the ping should success
1425 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1426 if not vcpe_name:
1427 vcpe_name = self.vcpe_container
1428 if not vcpe_intf:
1429 vcpe_intf = self.vcpe_dhcp
1430 df = defer.Deferred()
1431 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1432 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1433 df.callback(0)
1434 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1435 host = '8.8.8.8'
1436 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1437 try:
1438 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1439 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1440 assert_equal(st, False)
1441 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1442 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1443 assert_equal(st, True)
1444 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1445 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1446 assert_equal(st, True)
1447 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1448 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1449 assert_equal(st, True)
1450 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1451 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1452 assert_equal(st,False)
1453 finally:
1454 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1455 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1456 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1457 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1458 df.callback(0)
1459 reactor.callLater(0, vcpe_firewall, df)
1460 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1461
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1462 @deferred(TIMEOUT) #Fail
1463 def test_vsg_firewall_flushing_all_configured_rules(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1464 """
1465 Algo:
1466 1. Get vSG corresponding to vcpe
1467 2. Login to compute node
1468 3. Execute iptable command on vcpe from compute node to deny a destination IP
1469 4. From cord-tester ping to 8.8.8.8
1470 5. Verifying that ping should not be successful
1471 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1472 7. From cord-tester ping to 8.8.8.8
1473 8. Verifying the ping should success
1474 9. Flush all the iptable rules configuraed in vcpe
1475 10. Delete the rule added in step 6
1476 11. From cord-tester ping to 8.8.8.8
1477 12. Verifying the ping should success
1478 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1479 if not vcpe_name:
1480 vcpe_name = self.vcpe_container
1481 if not vcpe_intf:
1482 vcpe_intf = self.vcpe_dhcp
1483 df = defer.Deferred()
1484 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1485 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1486 df.callback(0)
1487 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1488 host = '8.8.8.8'
1489 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1490 try:
1491 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1492 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1493 assert_equal(st, False)
1494 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1495 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1496 assert_equal(st, True)
1497 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1498 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1499 assert_equal(st, True)
1500 st,output = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name))
1501 time.sleep(1)
1502 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1503 assert_equal(st, False)
1504 finally:
1505 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1506 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1507 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1508 df.callback(0)
1509 reactor.callLater(0, vcpe_firewall, df)
1510 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1511
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1512 @deferred(TIMEOUT)
1513 def test_vsg_firewall_deny_all_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1514 """
1515 Algo:
1516 1. Get vSG corresponding to vcpe
1517 2. Login to compute node
1518 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic
1519 4. From cord-tester ping to 8.8.8.8
1520 5. Verifying that ping should not be successful
1521 6. Delete the iptable rule added
1522 7. From cord-tester ping to 8.8.8.8
1523 8. Verifying the ping should success
1524 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1525 if not vcpe_name:
1526 vcpe_name = self.vcpe_container
1527 if not vcpe_intf:
1528 vcpe_intf = self.vcpe_dhcp
1529 df = defer.Deferred()
1530 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1531 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1532 df.callback(0)
1533 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1534 host = '8.8.8.8'
1535 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1536 try:
1537 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1538 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1539 assert_equal(st, False)
1540 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1541 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1542 assert_equal(st, True)
1543 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1544 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1545 assert_equal(st, False)
1546 finally:
1547 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1548 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1549 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1550 df.callback(0)
1551 reactor.callLater(0, vcpe_firewall, df)
1552 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1553
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1554 @deferred(TIMEOUT)
1555 def test_vsg_firewall_replacing_deny_rule_to_accept_rule_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1556 """
1557 Algo:
1558 1. Get vSG corresponding to vcpe
1559 2. Login to compute node
1560 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic
1561 4. From cord-tester ping to 8.8.8.8
1562 5. Verifying that ping should not be successful
1563 6. Replace the deny rule added in step 3 with accept rule
1564 7. From cord-tester ping to 8.8.8.8
1565 8. Verifying the ping should success
1566 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1567 if not vcpe_name:
1568 vcpe_name = self.vcpe_container
1569 if not vcpe_intf:
1570 vcpe_intf = self.vcpe_dhcp
1571 df = defer.Deferred()
1572 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1573 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1574 df.callback(0)
1575 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1576 host = '8.8.8.8'
1577 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1578 try:
1579 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1580 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1581 assert_equal(st, False)
1582 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1583 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1584 assert_equal(st, True)
1585 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -4 -j ACCEPT'.format(vcpe_name))
1586 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1587 assert_equal(st, False)
1588 finally:
1589 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1590 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1591 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1592 df.callback(0)
1593 reactor.callLater(0, vcpe_firewall, df)
1594 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1595
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1596 @deferred(TIMEOUT)
1597 def test_vsg_firewall_deny_all_traffic_coming_on_lan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
1598 """
1599 Algo:
1600 1. Get vSG corresponding to vcpe
1601 2. Login to compute node
1602 3. Execute iptable command on vcpe from compute node to deny all the traffic coming on lan interface inside vcpe container
1603 4. From cord-tester ping to 8.8.8.8
1604 5. Verifying the ping should not success
1605 6. Delete the iptable rule added
1606 7. From cord-tester ping to 8.8.8.8
1607 8. Verifying the ping should success
1608 """
1609 if not vcpe_name:
1610 vcpe_name = self.vcpe_container
1611 if not vcpe_intf:
1612 vcpe_intf = self.vcpe_dhcp
1613 df = defer.Deferred()
1614 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1615 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1616 df.callback(0)
1617 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1618 host = '8.8.8.8'
1619 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1620 try:
1621 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1622 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1623 assert_equal(st, False)
1624 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -j DROP'.format(vcpe_name))
1625 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1626 assert_equal(st, True)
1627 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name))
1628 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1629 assert_equal(st, False)
1630 finally:
1631 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name))
1632 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1633 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1634 df.callback(0)
1635 reactor.callLater(0, vcpe_firewall, df)
1636 return df
1637
1638 @deferred(TIMEOUT)
1639 def test_vsg_firewall_deny_all_traffic_going_out_of_wan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
1640 """
1641 Algo:
1642 1. Get vSG corresponding to vcpe
1643 2. Login to compute node
1644 3. Execute iptable command on vcpe from compute node to deny all the traffic going out of wan interface inside vcpe container
1645 4. From cord-tester ping to 8.8.8.8
1646 5. Verifying the ping should not success
1647 6. Delete the iptable rule added
1648 7. From cord-tester ping to 8.8.8.8
1649 8. Verifying the ping should success
1650 """
1651 if not vcpe_name:
1652 vcpe_name = self.vcpe_container
1653 if not vcpe_intf:
1654 vcpe_intf = self.vcpe_dhcp
1655 df = defer.Deferred()
1656 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1657 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1658 df.callback(0)
1659 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1660 host = '8.8.8.8'
1661 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1662 try:
1663 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1664 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1665 assert_equal(st, False)
1666 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -o eth0 -j DROP'.format(vcpe_name))
1667 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1668 assert_equal(st, True)
1669 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name))
1670 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1671 assert_equal(st, False)
1672 finally:
1673 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name))
1674 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1675 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1676 df.callback(0)
1677 reactor.callLater(0, vcpe_firewall, df)
1678 return df
1679
1680 @deferred(TIMEOUT)
1681 def test_vsg_firewall_deny_all_traffic_from_lan_to_wan_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1682 """
1683 Algo:
1684 1. Get vSG corresponding to vcpe
1685 2. Login to compute node
1686 3. Execute iptable command on vcpe from compute node to deny all the traffic from lan to wan interface in vcpe
1687 4. From cord-tester ping to 8.8.8.8
1688 5. Verifying that ping should not be successful
1689 6. Delete the iptable rule added
1690 7. From cord-tester ping to 8.8.8.8
1691 8. Verifying the ping should success
1692 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1693 if not vcpe_name:
1694 vcpe_name = self.vcpe_container
1695 if not vcpe_intf:
1696 vcpe_intf = self.vcpe_dhcp
1697 df = defer.Deferred()
1698 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1699 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1700 df.callback(0)
1701 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1702 host = '8.8.8.8'
1703 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1704 try:
1705 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1706 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1707 assert_equal(st, False)
1708 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1709 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1710 assert_equal(st, True)
1711 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1712 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1713 assert_equal(st, False)
1714 finally:
1715 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1716 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1717 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1718 df.callback(0)
1719 reactor.callLater(0, vcpe_firewall, df)
1720 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1721
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1722
1723 #this test case needs modification.default route should be vcpe interface to run this test case
1724 @deferred(TIMEOUT)
1725 def test_vsg_firewall_deny_all_dns_traffic(self,vcpe_name=None,vcpe_intf=None):
1726 """
1727 Algo:
1728 1. Get vSG corresponding to vcpe
1729 2. Login to compute node
1730 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1731 4. From cord-tester ping to www.google.com
1732 5. Verifying the ping should not success
1733 6. Delete the iptable rule added
1734 7. From cord-tester ping to www.google.com
1735 8. Verifying the ping should success
1736 """
1737 if not vcpe_name:
1738 vcpe_name = self.vcpe_container
1739 if not vcpe_intf:
1740 vcpe_intf = self.vcpe_dhcp
1741 df = defer.Deferred()
1742 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1743 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1744 df.callback(0)
1745 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1746 host = 'www.msn.com'
1747 host_ip = '131.253.33.203'
1748 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1749 try:
1750 self.add_static_route_via_vcpe_interface([host_ip],vcpe=self.vcpe_dhcp)
1751 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1752 assert_equal(st, False)
1753 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name))
1754 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1755 assert_equal(st, True)
1756 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p udp --dport 53 -j ACCEPT'.format(vcpe_name))
1757 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1758 assert_equal(st, False)
1759 finally:
1760 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name))
1761 self.del_static_route_via_vcpe_interface([host_ip],vcpe=vcpe_intf)
1762 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1763 df.callback(0)
1764 reactor.callLater(0, vcpe_firewall, df)
1765 return df
1766
1767 @deferred(TIMEOUT)
1768 def test_vsg_firewall_deny_all_ipv4_traffic_vcpe_container_restart(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1769 """
1770 Algo:
1771 1. Get vSG corresponding to vcpe
1772 2. Login to compute node
1773 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1774 4. From cord-tester ping to www.google.com
1775 5. Verifying that ping should not be successful
1776 6. Delete the iptable rule added
1777 7. From cord-tester ping to www.google.com
1778 8. Verifying the ping should success
1779 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1780 if not vcpe_name:
1781 vcpe_name = self.vcpe_container
1782 if not vcpe_intf:
1783 vcpe_intf = self.vcpe_dhcp
1784 df = defer.Deferred()
1785 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1786 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1787 df.callback(0)
1788 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1789 host = '8.8.8.8'
1790 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1791 try:
1792 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1793 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1794 assert_equal(st, False)
1795 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1796 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1797 assert_equal(st, True)
1798 st,output = vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1799 time.sleep(3)
1800 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1801 assert_equal(st, False)
1802 finally:
1803 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1804 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1805 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1806 df.callback(0)
1807 reactor.callLater(0, vcpe_firewall, df)
1808 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1809
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1810 @deferred(TIMEOUT)
1811 def test_vsg_dnat_modifying_destination_ip(self,vcpe_name=None,vcpe_intf=None):
1812 """
1813 Algo:
1814 1. Get vSG corresponding to vcpe
1815 2. Login to compute node
1816 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1817 4. From cord-tester ping to www.google.com
1818 5. Verifying the ping should not success
1819 6. Delete the iptable rule added
1820 7. From cord-tester ping to www.google.com
1821 8. Verifying the ping should success
1822 """
1823 if not vcpe_name:
1824 vcpe_name = self.vcpe_container
1825 if not vcpe_intf:
1826 vcpe_intf = self.vcpe_dhcp
1827 df = defer.Deferred()
1828 def vcpe_firewall(df):
1829 host = '8.8.8.8'
1830 dst_ip = '123.123.123.123'
1831 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1832 try:
1833 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1834 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1835 assert_equal(st, False)
1836 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1837 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1838 assert_equal(st, True)
1839 finally:
1840 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1841 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1842 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1843 df.callback(0)
1844 reactor.callLater(0,vcpe_firewall,df)
1845 return df
1846
1847 @deferred(TIMEOUT)
1848 def test_vsg_dnat_modifying_destination_ip_and_delete(self,vcpe_name=None,vcpe_intf=None):
1849 """
1850 Algo:
1851 1. Get vSG corresponding to vcpe
1852 2. Login to compute node
1853 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1854 4. From cord-tester ping to www.google.com
1855 5. Verifying the ping should not success
1856 6. Delete the iptable rule added
1857 7. From cord-tester ping to www.google.com
1858 8. Verifying the ping should success
1859 """
1860 if not vcpe_name:
1861 vcpe_name = self.vcpe_container
1862 if not vcpe_intf:
1863 vcpe_intf = self.vcpe_dhcp
1864 df = defer.Deferred()
1865 def vcpe_firewall(df):
1866 host = '8.8.8.8'
1867 dst_ip = '123.123.123.123'
1868 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1869 try:
1870 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1871 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1872 assert_equal(st, False)
1873 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1874 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1875 assert_equal(st, True)
1876 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1877 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1878 assert_equal(st, False)
1879 finally:
1880 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1881 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1882 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1883 df.callback(0)
1884 reactor.callLater(0,vcpe_firewall,df)
1885 return df
1886
1887 @deferred(TIMEOUT)
1888 def test_vsg_dnat_change_modifying_destination_ip_address(self,vcpe_name=None,vcpe_intf=None):
1889 """
1890 Algo:
1891 1. Get vSG corresponding to vcpe
1892 2. Login to compute node
1893 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1894 4. From cord-tester ping to www.google.com
1895 5. Verifying the ping should not success
1896 6. Delete the iptable rule added
1897 7. From cord-tester ping to www.google.com
1898 8. Verifying the ping should success
1899 """
1900 if not vcpe_name:
1901 vcpe_name = self.vcpe_container
1902 if not vcpe_intf:
1903 vcpe_intf = self.vcpe_dhcp
1904 df = defer.Deferred()
1905 def vcpe_firewall(df):
1906 host = '8.8.8.8'
1907 dst_ip = '123.123.123.123'
1908 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1909 try:
1910 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1911 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1912 assert_equal(st, False)
1913 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1914 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1915 assert_equal(st, True)
1916 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -R PREROUTING 1 -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,host))
1917 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1918 assert_equal(st, False)
1919 finally:
1920 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1921 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,host))
1922 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1923 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1924 df.callback(0)
1925 reactor.callLater(0,vcpe_firewall,df)
1926 return df
1927
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]1928 def vsg_xos_subscriber_create(self, index):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1929 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1930 return
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]1931 subscriber_info = self.subscriber_info[index]
1932 volt_subscriber_info = self.volt_subscriber_info[index]
A R Karthickd0b06792017-04-25 15:11:23 -0700[diff] [blame]1933 s_tag = int(volt_subscriber_info['voltTenant']['s_tag'])
1934 c_tag = int(volt_subscriber_info['voltTenant']['c_tag'])
1935 vcpe = 'vcpe-{}-{}'.format(s_tag, c_tag)
1936 log.info('Creating tenant with s_tag: %d, c_tag: %d' %(s_tag, c_tag))
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]1937 result = self.restApiXos.ApiPost('TENANT_SUBSCRIBER', subscriber_info)
1938 assert_equal(result, True)
1939 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
1940 assert_not_equal(result, None)
1941 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
1942 assert_not_equal(subId, '0')
1943 log.info('Subscriber ID for account num %d = %s' %(volt_subscriber_info['account_num'], subId))
1944 volt_tenant = volt_subscriber_info['voltTenant']
1945 #update the subscriber id in the tenant info before making the rest
1946 volt_tenant['subscriber'] = subId
1947 result = self.restApiXos.ApiPost('TENANT_VOLT', volt_tenant)
1948 assert_equal(result, True)
A R Karthickd0b06792017-04-25 15:11:23 -0700[diff] [blame]1949 #if the vsg instance was already instantiated, then reduce delay
1950 if c_tag % self.subscribers_per_s_tag == 0:
1951 delay = 350
1952 else:
A R Karthick378ea8b2017-04-25 15:15:51 -0700[diff] [blame^]1953 delay = 90
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]1954 log.info('Delaying %d seconds for the VCPE to be provisioned' %(delay))
1955 time.sleep(delay)
A R Karthickd0b06792017-04-25 15:11:23 -0700[diff] [blame]1956 log.info('Testing for external connectivity to VCPE %s' %(vcpe))
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]1957 self.vsg_for_external_connectivity(index)
1958
1959 def test_vsg_xos_subscriber(self):
1960 self.vsg_xos_subscriber_create(0)
1961
1962 def test_vsg_xos_subscriber_2(self):
1963 self.vsg_xos_subscriber_create(1)
1964
1965 def test_vsg_xos_subscriber_3(self):
1966 self.vsg_xos_subscriber_create(2)
1967
1968 def test_vsg_xos_subscriber_4(self):
1969 self.vsg_xos_subscriber_create(3)
1970
1971 def test_vsg_xos_subscriber_5(self):
1972 self.vsg_xos_subscriber_create(4)
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]1973
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]1974 def test_vsg_for_dns_service(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1975 """
1976 Algo:
1977 1. Create a test client in Prod VM
1978 2. Create a vCPE container in vSG VM inside compute Node
1979 3. Ensure vSG VM and vCPE container created properly
1980 4. Enable dns service in vCPE ( if not by default )
1981 5. Send ping request from test client to valid domain address say, 'www.google'com
1982 6. Verify that dns should resolve ping should success
1983 7. Now send ping request to invalid domain address say 'www.invalidaddress'.com'
1984 8. Verify that dns resolve should fail and hence ping
1985 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1986
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1987 def test_vsg_for_10_subscribers_for_same_service(self):
1988 """
1989 Algo:
1990 1.Create a vSG VM in compute node
1991 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
1992 3.Ensure vSG VM and vCPE container created properly
1993 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to valid external public IP
1994 5.Verify that ping success for all 10 subscribers
1995 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1996
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1997 def test_vsg_for_10_subscribers_for_same_service_ping_invalid_ip(self):
1998 """
1999 Algo:
2000 1.Create a vSG VM in compute Node
2001 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
2002 3.Ensure vSG VM and vCPE container created properly
2003 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to invalid IP
2004 5.Verify that ping fails for all 10 subscribers
2005 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2006
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2007 def test_vsg_for_10_subscribers_for_same_service_ping_valid_and_invalid_ip(self):
2008 """
2009 Algo:
2010 1.Create a vSG VM in VM
2011 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
2012 3.Ensure vSG VM and vCPE container created properly
2013 4.From first 5 subscribers, with same s-tag and different c-tag, send a ping to valid IP
2014 5.Verify that ping success for all 5 subscribers
2015 6.From next 5 subscribers, with same s-tag and different c-tag, send a ping to invalid IP
2016 7.Verify that ping fails for all 5 subscribers
2017 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2018
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2019 def test_vsg_for_100_subscribers_for_same_service(self):
2020 """
2021 Algo:
2022 1.Create a vSG VM in compute node
2023 2.Create 100 vCPE containers for 100 subscribers, in vSG VM
2024 3.Ensure vSG VM and vCPE container created properly
2025 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to valid external public IP
2026 5.Verify that ping success for all 100 subscribers
2027 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2028
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2029 def test_vsg_for_100_subscribers_for_same_service_ping_invalid_ip(self):
2030 """
2031 Algo:
2032 1.Create a vSG VM in compute Node
2033 2.Create 10 vCPE containers for 100 subscribers, in vSG VM
2034 3.Ensure vSG VM and vCPE container created properly
2035 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to invalid IP
2036 5.Verify that ping fails for all 100 subscribers
2037 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2038
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2039 def test_vsg_for_100_subscribers_for_same_service_ping_valid_and_invalid_ip(self):
2040 """
2041 Algo:
2042 1.Create a vSG VM in VM
2043 2.Create 10 vCPE containers for 100 subscribers, in vSG VM
2044 3.Ensure vSG VM and vCPE container created properly
2045 4.From first 5 subscribers, with same s-tag and different c-tag, send a ping to valid IP
2046 5.Verify that ping success for all 5 subscribers
2047 6.From next 5 subscribers, with same s-tag and different c-tag, send a ping to invalid IP
2048 7.Verify that ping fails for all 5 subscribers
2049 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2050
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2051 def test_vsg_for_packet_received_with_invalid_ip_fields(self):
2052 """
2053 Algo:
2054 1.Create a vSG VM in compute node
2055 2.Create a vCPE container in vSG VM
2056 3.Ensure vSG VM and vCPE container created properly
2057 4.From subscriber, send a ping packet with invalid ip fields
2058 5.Verify that vSG drops the packet
2059 6.Verify ping fails
2060 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2061
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2062 def test_vsg_for_packet_received_with_invalid_mac_fields(self):
2063 """
2064 Algo:
2065 1.Create a vSG VM in compute node
2066 2.Create a vCPE container in vSG VM
2067 3.Ensure vSG VM and vCPE container created properly
2068 4.From subscriber, send a ping packet with invalid mac fields
2069 5.Verify that vSG drops the packet
2070 6.Verify ping fails
2071 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2072
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2073 def test_vsg_for_vlan_id_mismatch_in_stag(self):
2074 """
2075 Algo:
2076 1.Create a vSG VM in compute Node
2077 2.Create a vCPE container in vSG VM
2078 3.Ensure vSG VM and vCPE container created properly
2079 4.Send a ping request to external valid IP from subscriber, with incorrect vlan id in s-tag and valid c-tag
2080 5.Verify that ping fails as the packet drops at VM entry
2081 6.Repeat step 4 with correct s-tag
2082 7.Verify that ping success
2083 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2084
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2085 def test_vsg_for_vlan_id_mismatch_in_ctag(self):
2086 """
2087 Algo:
2088 1.Create a vSG VM in compute node
2089 2.Create a vCPE container in vSG VM
2090 3.Ensure vSG VM and vCPE container created properly
2091 4.Send a ping request to external valid IP from subscriber, with valid s-tag and incorrect vlan id in c-tag
2092 5.Verify that ping fails as the packet drops at vCPE container entry
2093 6.Repeat step 4 with valid s-tag and c-tag
2094 7.Verify that ping success
2095 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2096
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2097 def test_vsg_for_matching_and_mismatching_vlan_id_in_stag(self):
2098 """
2099 Algo:
2100 1.Create two vSG VMs in compute node
2101 2.Create a vCPE container in each vSG VM
2102 3.Ensure vSG VM and vCPE container created properly
2103 4.From subscriber one, send ping request with valid s and c tags
2104 5.From subscriber two, send ping request with vlan id mismatch in s-tag and valid c tags
2105 6.Verify that ping success for only subscriber one and fails for two.
2106 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2107
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2108 def test_vsg_for_matching_and_mismatching_vlan_id_in_ctag(self):
2109 """
2110 Algo:
2111 1.Create a vSG VM in compute node
2112 2.Create two vCPE containers in vSG VM
2113 3.Ensure vSG VM and vCPE container created properly
2114 4.From subscriber one, send ping request with valid s and c tags
2115 5.From subscriber two, send ping request with valid s-tag and vlan id mismatch in c-tag
2116 6.Verify that ping success for only subscriber one and fails for two
2117 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2118
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2119 def test_vsg_for_out_of_range_vlanid_in_ctag(self):
2120 """
2121 Algo:
2122 1.Create a vSG VM in compute node
2123 2.Create a vCPE container in vSG VM
2124 3.Ensure vSG VM and vCPE container created properly
2125 4.From subscriber, send ping request with valid stag and vlan id in c-tag is an out of range value ( like 0,4097 )
2126 4.Verify that ping fails as the ping packets drops at vCPE container entry
2127 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2128
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2129 def test_vsg_for_out_of_range_vlanid_in_stag(self):
2130 """
2131 Algo:
2132 1.Create a vSG VM in compute node
2133 2.Create a vCPE container in vSG VM
2134 3.Ensure vSG VM and vCPE container created properly
2135 2.From subscriber, send ping request with vlan id in s-tag is an out of range value ( like 0,4097 ), with valid c-tag
2136 4.Verify that ping fails as the ping packets drops at vSG VM entry
2137 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2138
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2139 def test_vsg_without_creating_vcpe_instance(self):
2140 """
2141 Algo:
2142 1.Create a vSG VM in compute Node
2143 2.Ensure vSG VM created properly
2144 3.Do not create vCPE container inside vSG VM
2145 4.From a subscriber, send ping to external valid IP
2146 5.Verify that ping fails as the ping packet drops at vSG VM entry itself.
2147 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2148
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2149 def test_vsg_for_remove_vcpe_instance(self):
2150 """
2151 Algo:
2152 1.Create a vSG VM in compute node
2153 2.Create a vCPE container in vSG VM
2154 3.Ensure vSG VM and vCPE container created properly
2155 4.From subscriber, send ping request with valid s-tag and c-tag
2156 5.Verify that ping success
2157 6.Verify ping success flows in OvS switch in compute node
2158 7.Now remove the vCPE container in vSG VM
2159 8.Ensure that the container removed properly
2160 9.Repeat step 4
2161 10.Verify that now, ping fails
2162 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2163
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2164 def test_vsg_for_restart_vcpe_instance(self):
2165 """
2166 Algo:
2167 1.Create a vSG VM in compute node
2168 2.Create a vCPE container in vSG VM
2169 3.Ensure vSG VM and vCPE container created properly
2170 4.From subscriber, send ping request with valid s-tag and c-tag
2171 5.Verify that ping success
2172 6.Verify ping success flows in OvS switch in compute node
2173 7.Now restart the vCPE container in vSG VM
2174 8.Ensure that the container came up after restart
2175 9.Repeat step 4
2176 10.Verify that now,ping gets success and flows added in OvS
2177 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2178
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2179 def test_vsg_for_restart_vsg_vm(self):
2180 """
2181 Algo:
2182 1.Create a vSG VM in compute node
2183 2.Create a vCPE container in vSG VM
2184 3.Ensure vSG VM and vCPE container created properly
2185 4.From subscriber, send ping request with valid s-tag and c-tag
2186 5.Verify that ping success
2187 6.Verify ping success flows in OvS switch in compute node
2188 7.Now restart the vSG VM
2189 8.Ensure that the vSG comes up properly after restart
2190 9.Verify that vCPE container comes up after vSG restart
2191 10.Repeat step 4
2192 11.Verify that now,ping gets success and flows added in OvS
2193 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2194
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2195 def test_vsg_for_pause_vcpe_instance(self):
2196 """
2197 Algo:
2198 1.Create a vSG VM in compute node
2199 2.Create a vCPE container in vSG VM
2200 3.Ensure vSG VM and vCPE container created properly
2201 4.From subscriber, send ping request with valid s-tag and c-tag
2202 5.Verify that ping success
2203 6.Verify ping success flows in OvS switch in compute node
2204 7.Now pause vCPE container in vSG VM for a while
2205 8.Ensure that the container state is pause
2206 9.Repeat step 4
2207 10.Verify that now,ping fails now and verify flows in OvS
2208 11.Now resume the container
2209 12.Now repeat step 4 again
2210 13.Verify that now, ping gets success
2211 14.Verify ping success flows in OvS
2212 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2213
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2214 def test_vsg_for_extract_all_compute_stats_from_all_vcpe_containers(self):
2215 """
2216 Algo:
2217 1.Create a vSG VM in compute node
2218 2.Create 10 vCPE containers in VM
2219 3.Ensure vSG VM and vCPE containers created properly
2220 4.Login to all vCPE containers
2221 4.Get all compute stats from all vCPE containers
2222 5.Verify the stats # verification method need to add
2223 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2224
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2225 def test_vsg_for_extract_dns_stats_from_all_vcpe_containers(self):
2226 """
2227 Algo:
2228 1.Create a vSG VM in compute node
2229 2.Create 10 vCPE containers in VM
2230 3.Ensure vSG VM and vCPE containers created properly
2231 4.From 10 subscribers, send ping to valid and invalid dns hosts
2232 5.Verify dns resolves and ping success for valid dns hosts
2233 6.Verify ping fails for invalid dns hosts
2234 7.Verify dns host name resolve flows in OvS
2235 8.Login to all 10 vCPE containers
2236 9.Extract all dns stats
2237 10.Verify dns stats for queries sent, queries received for dns host resolve success and failed scenarios
2238 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2239
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2240 def test_vsg_for_subscriber_access_two_vsg_services(self):
2241 """
2242 # Intention is to verify if subscriber can reach internet via two vSG VMs
2243 Algo:
2244 1.Create two vSG VMs for two services in compute node
2245 2.Create one vCPE container in each VM for one subscriber
2246 3.Ensure VMs and containers created properly
2247 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2248 5.Verify ping gets success
2249 6.Verify ping success flows in OvS
2250 7.Now repeat step 4 with stag corresponds to vSG-2 VM
2251 8.Verify that ping again success
2252 9.Verify ping success flows in OvS
2253 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2254
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2255 def test_vsg_for_subscriber_access_service2_if_service1_goes_down(self):
2256 """
2257 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
2258 Algo:
2259 1.Create two vSG VMs for two services in compute node
2260 2.Create one vCPE container in each VM for one subscriber
2261 3.Ensure VMs and containers created properly
2262 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2263 5.Verify ping gets success
2264 6.Verify ping success flows in OvS
2265 7.Down the vSG-1 VM
2266 8.Now repeat step 4
2267 9.Verify that ping fails as vSG-1 is down
2268 10.Repeat step 4 with stag corresponding to vSG-2
2269 9.Verify ping success and flows added in OvS
2270 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2271
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2272 def test_vsg_for_subscriber_access_service2_if_service1_goes_restart(self):
2273 """
2274 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
2275 Algo:
2276 1.Create two vSG VMs for two services in compute node
2277 2.Create one vCPE container in each VM for one subscriber
2278 3.Ensure VMs and containers created properly
2279 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2280 5.Verify ping gets success
2281 6.Verify ping success flows added in OvS
2282 7.Now restart vSG-1 VM
2283 8.Now repeat step 4 while vSG-1 VM restarts
2284 9.Verify that ping fails as vSG-1 is restarting
2285 10.Repeat step 4 with stag corresponding to vSG-2 while vSG-1 VM restarts
2286 11.Verify ping success and flows added in OvS
2287 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2288
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2289 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_goes_down(self):
2290 """
2291 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
2292 Algo:
2293 1.Create a vSG VM in compute node
2294 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2295 3.Ensure VM and containers created properly
2296 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2297 5.Verify ping gets success
2298 6.Verify ping success flows added in OvS
2299 7.Now stop vCPE-1 container
2300 8.Now repeat step 4
2301 9.Verify that ping fails as vCPE-1 container is down
2302 10.Repeat step 4 with ctag corresponding to vCPE-2 container
2303 11.Verify ping success and flows added in OvS
2304 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2305
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2306 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_restart(self):
2307 """
2308 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
2309 Algo:
2310 1.Create a vSG VM in compute node
2311 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2312 3.Ensure VM and containers created properly
2313 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2314 5.Verify ping gets success
2315 6.Verify ping success flows added in OvS
2316 7.Now restart vCPE-1 container
2317 8.Now repeat step 4 while vCPE-1 restarts
2318 9.Verify that ping fails as vCPE-1 container is restarts
2319 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 restarts
2320 11..Verify ping success and flows added in OvS
2321 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2322
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2323 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_pause(self):
2324 """
2325 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 paused
2326 Algo:
2327 1.Create a vSG VM in compute node
2328 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2329 3.Ensure VM and containers created properly
2330 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2331 5.Verify ping gets success
2332 6.Verify ping success flows added in OvS
2333 7.Now pause vCPE-1 container
2334 8.Now repeat step 4 while vCPE-1 in pause state
2335 9.Verify that ping fails as vCPE-1 container in pause state
2336 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 in pause state
2337 11.Verify ping success and flows added in OvS
2338 """
2339 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_removed(self):
2340 """
2341 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 removed
2342 Algo:
2343 1.Create a vSG VM in compute node
2344 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2345 3.Ensure VM and containers created properly
2346 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2347 5.Verify ping gets success
2348 6.Verify ping success flows added in OvS
2349 7.Now remove vCPE-1 container
2350 8.Now repeat step 4
2351 9.Verify that ping fails as vCPE-1 container removed
2352 10.Repeat step 4 with ctag corresponding to vCPE-2 container
2353 11.Verify ping success and flows added in OvS
2354 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2355
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2356 def test_vsg_for_vcpe_instance_removed_and_added_again(self):
2357 """
2358 Algo:
2359 1.Create a vSG VM in compute node
2360 2.Create a vCPE container in vSG VM
2361 3.Ensure VM and containers created properly
2362 4.From subscriber end, send ping to public IP
2363 5.Verify ping gets success
2364 6.Verify ping success flows added in OvS
2365 7.Now remove vCPE container in vSG VM
2366 8.Now repeat step 4
2367 9.Verify that ping fails as vCPE container removed
2368 10.Create the vCPE container again for the same subscriber
2369 11.Ensure that vCPE created now
2370 12.Now repeat step 4
2371 13.Verify ping success and flows added in OvS
2372 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2373
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2374 def test_vsg_for_vsg_vm_removed_and_added_again(self):
2375 """
2376 Algo:
2377 1.Create a vSG VM in compute node
2378 2.Create a vCPE container in vSG VM
2379 3.Ensure VM and containers created properly
2380 4.From subscriber end, send ping to public IP
2381 5.Verify ping gets success
2382 6.Verify ping success flows added in OvS
2383 7.Now remove vSG VM
2384 8.Now repeat step 4
2385 9.Verify that ping fails as vSG VM not exists
2386 10.Create the vSG VM and vCPE container in VM again
2387 11.Ensure that vSG and vCPE created
2388 12.Now repeat step 4
2389 13.Verify ping success and flows added in OvS
2390 """
2391
2392 #Test vSG - Subscriber Configuration
2393 def test_vsg_for_configuring_new_subscriber_in_vcpe(self):
2394 """
2395 Algo:
2396 1.Create a vSG VM in compute node
2397 2.Create a vCPE container in vSG VM
2398 3.Ensure VM and containers created properly
2399 4.Configure a subscriber in XOS and assign a service id
2400 5.Set the admin privileges to the subscriber
2401 6.Verify subscriber configuration is success
2402 """
2403 def test_vsg_for_adding_subscriber_devices_in_vcpe(self):
2404 """
2405 Algo:
2406 1.Create a vSG VM in compute node
2407 2.Create a vCPE container in vSG VM
2408 3.Ensure VM and containers created properly
2409 4.Configure a subscriber in XOS and assign a service id
2410 5.Verify subscriber successfully configured in vCPE
2411 6.Now add devices( Mac addresses ) under the subscriber admin group
2412 7.Verify all devices ( Macs ) added successfully
2413 """
2414 def test_vsg_for_removing_subscriber_devices_in_vcpe(self):
2415 """
2416 Algo:
2417 1.Create a vSG VM in compute node
2418 2.Create a vCPE container in vSG VM
2419 3.Ensure VM and containers created properly
2420 4.Configure a subscriber in XOS and assign a service id
2421 5.Verify subscriber successfully configured
2422 6.Now add devices( Mac addresses ) under the subscriber admin group
2423 7.Verify all devices ( Macs ) added successfully
2424 8.Now remove All the added devices in XOS
2425 9.Verify all the devices removed
2426 """
2427 def test_vsg_for_modify_subscriber_devices_in_vcpe(self):
2428 """
2429 Algo:
2430 1.Create a vSG VM in compute node
2431 2.Create a vCPE container in vSG VM
2432 3.Ensure VM and containers created properly
2433 4.Configure a user in XOS and assign a service id
2434 5.Verify subscriber successfully configured in vCPE.
2435 6.Now add devices( Mac addresses ) under the subscriber admin group
2436 7.Verify all devices ( Macs ) added successfully
2437 8.Now remove few devices in XOS
2438 9.Verify devices removed successfully
2439 10.Now add few additional devices in XOS under the same subscriber admin group
2440 11.Verify newly added devices successfully added
2441 """
2442 def test_vsg_for_vcpe_login_fails_with_incorrect_subscriber_credentials(self):
2443 """
2444 Algo:
2445 1.Create a vSG VM in compute node
2446 2.Create a vCPE container in vSG VM
2447 3.Ensure VM and containers created properly
2448 4.Configure a subscriber in XOS and assign a service id
2449 5.Verify subscriber successfully configured
2450 6.Now add devices( Mac addresses ) under the subscriber admin group
2451 7.Verify all devices ( Macs ) added successfully
2452 8.Login vCPE with credentials with which subscriber configured
2453 9.Verify subscriber successfully logged in
2454 10.Logout and login again with incorrect credentials ( either user name or password )
2455 11.Verify login attempt to vCPE fails wtih incorrect credentials
2456 """
2457 def test_vsg_for_subscriber_configuration_in_vcpe_retain_after_vcpe_restart(self):
2458 """
2459 Algo:
2460 1.Create a vSG VM in compute node
2461 2.Create a vCPE container in vSG VM
2462 3.Ensure VM and containers created properly
2463 4.Configure a subscriber in XOS and assign a service id
2464 5.Verify subscriber successfully configured
2465 6.Now add devices( Mac addresses ) under the subscriber admin group
2466 7.Verify all devices ( Macs ) added successfully
2467 8.Restart vCPE ( locate backup config path while restart )
2468 9.Verify subscriber details in vCPE after restart should be same as before the restart
2469 """
2470 def test_vsg_for_create_multiple_vcpe_instances_and_configure_subscriber_in_each_instance(self):
2471 """
2472 Algo:
2473 1.Create a vSG VM in compute node
2474 2.Create 2 vCPE containers in vSG VM
2475 3.Ensure VM and containers created properly
2476 4.Configure a subscriber in XOS for each vCPE instance and assign a service id
2477 5.Verify subscribers successfully configured
2478 6.Now login vCPE-2 with subscriber-1 credentials
2479 7.Verify login fails
2480 8.Now login vCPE-1 with subscriber-2 credentials
2481 9.Verify login fails
2482 10.Now login vCPE-1 with subscriber-1 and vCPE-2 with subscriber-2 credentials
2483 11.Verify that both the subscribers able to login to their respective vCPE containers
2484 """
2485 def test_vsg_for_same_subscriber_can_be_configured_for_multiple_services(self):
2486 """
2487 Algo:
2488 1.Create 2 vSG VMs in compute node
2489 2.Create a vCPE container in each vSG VM
2490 3.Ensure VMs and containers created properly
2491 4.Configure same subscriber in XOS for each vCPE instance and assign a service id
2492 5.Verify subscriber successfully configured
2493 6.Now login vCPE-1 with subscriber credentials
2494 7.Verify login success
2495 8.Now login vCPE-2 with the same subscriber credentials
2496 9.Verify login success
2497 """
2498
2499 #Test Example Service
2500 def test_vsg_for_subcriber_avail_example_service_running_in_apache_server(self):
2501 """
2502 Algo:
2503 1.Create a vSG VM in compute node
2504 2.Create a vCPE container in each vSG VM
2505 3.Ensure VM and container created properly
2506 4.Configure a subscriber in XOS for the vCPE instance and assign a service id
2507 5.On-board an example service into cord pod
2508 6.Create a VM in compute node and run the example service ( Apache server )
2509 7.Configure the example service with service specific and subscriber specific messages
2510 8.Verify example service on-boarded successfully
2511 9.Verify example service running in VM
2512 10.Run a curl command from subscriber to reach example service
2513 11.Verify subscriber can successfully reach example service via vSG
2514 12.Verify that service specific and subscriber specific messages
2515 """
2516 def test_vsg_for_subcriber_avail_example_service_running_in_apache_server_after_service_restart(self):
2517 """
2518 Algo:
2519 1.Create a vSG VM in compute node
2520 2.Create a vCPE container in each vSG VM
2521 3.Ensure VM and container created properly
2522 4.Configure a subscriber in XOS for the vCPE instance and assign a service id
2523 5.On-board an example service into cord pod
2524 6.Create a VM in compute node and run the example service ( Apache server )
2525 7.Configure the example service with service specific and subscriber specific messages
2526 8.Verify example service on-boarded successfully
2527 9.Verify example service running in VM
2528 10.Run a curl command from subscriber to reach example service
2529 11.Verify subscriber can successfully reach example service via vSG
2530 12.Verify that service specific and subscriber specific messages
2531 13.Restart example service running in VM
2532 14.Repeat step 10
2533 15.Verify the same results as mentioned in steps 11, 12
2534 """
2535
2536 #vCPE Firewall Functionality
2537 def test_vsg_firewall_for_creating_acl_rule_based_on_source_ip(self):
2538 """
2539 Algo:
2540 1.Create a vSG VM in compute node
2541 2.Create vCPE container in the VM
2542 3.Ensure vSG VM and vCPE container created properly
2543 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
2544 5.Bound the acl rule to WAN interface of vCPE
2545 6.Verify configuration in vCPE is success
2546 8.Verify flows added in OvS
2547 """
2548 def test_vsg_firewall_for_creating_acl_rule_based_on_destination_ip(self):
2549 """
2550 Algo:
2551 1.Create a vSG VM in compute node
2552 2.Create vCPE container in the VM
2553 3.Ensure vSG VM and vCPE container created properly
2554 4.Configure ac acl rule in vCPE to deny IP traffic to a destination ip
2555 5.Bound the acl rule to WAN interface of vCPE
2556 6.Verify configuration in vCPE is success
2557 8.Verify flows added in OvS
2558 """
2559 def test_vsg_firewall_for_acl_deny_rule_based_on_source_ip_traffic(self):
2560 """
2561 Algo:
2562 1.Create a vSG VM in compute node
2563 2.Create vCPE container in the VM
2564 3.Ensure vSG VM and vCPE container created properly
2565 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
2566 5.Bound the acl rule to WAN interface of vCPE
2567 6.From subscriber, send ping to the denied IP address
2568 7.Verify that ping fails as vCPE denies ping response
2569 8.Verify flows added in OvS
2570 """
2571 def test_vsg_firewall_for_acl_deny_rule_based_on_destination_ip_traffic(self):
2572 """
2573 Algo:
2574 1.Create a vSG VM in compute node
2575 2.Create vCPE container in the VM
2576 3.Ensure vSG VM and vCPE container created properly
2577 4.Configure ac acl rule in vCPE to deny IP traffic to a destination IP
2578 5.Bound the acl rule to WAN interface of vCPE
2579 6.From subscriber, send ping to the denied IP address
2580 7.Verify that ping fails as vCPE drops the ping request at WAN interface
2581 8.Verify flows added in OvS
2582 """
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]2583
2584 def test_vsg_dnsmasq(self):
2585 pass
2586
2587 def test_vsg_with_external_parental_control_family_shield_for_filter(self):
2588 pass
2589
2590 def test_vsg_with_external_parental_control_with_answerx(self):
2591 pass
2592
2593 def test_vsg_for_subscriber_upstream_bandwidth(self):
2594 pass
2595
2596 def test_vsg_for_subscriber_downstream_bandwidth(self):
2597 pass
2598
2599 def test_vsg_for_diagnostic_run_of_traceroute(self):
2600 pass
2601
2602 def test_vsg_for_diagnostic_run_of_tcpdump(self):
2603 pass
2604
2605 def test_vsg_for_iptable_rules(self):
2606 pass
2607
2608 def test_vsg_for_iptables_with_neutron(self):
2609 pass