Gitiles
Code Review Sign In
gerrit.opencord.org / cord-tester / a29609199320c52a921284821fb54d8eab2e6dab / . / src / test / vsg / vsgTest.py
blob: edcd41a710aecf2266075009daab8bf233c545d8 [file] [log] [blame]
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]1#copyright 2016-present Ciena Corporation
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14#
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]15import time
16import os
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]17import sys
18import json
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]19import requests
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]20from nose.tools import *
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]21from twisted.internet import defer
22from nose.twistedtools import reactor, deferred
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]23from CordTestUtils import *
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]24from OltConfig import OltConfig
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]25from onosclidriver import OnosCliDriver
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]26from SSHTestAgent import SSHTestAgent
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]27from CordLogger import CordLogger
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]28from VSGAccess import VSGAccess
A R Karthick933f5b52017-03-27 15:27:16 -0700[diff] [blame]29from CordTestUtils import log_test as log
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]30from CordTestConfig import setup_module, running_on_ciab
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]31from OnosCtrl import OnosCtrl
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]32
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]33log.setLevel('INFO')
34
35class vsg_exchange(CordLogger):
36 ONOS_INSTANCES = 3
37 V_INF1 = 'veth0'
38 device_id = 'of:' + get_mac()
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]39 TEST_IP = '8.8.8.8'
40 HOST = "10.1.0.1"
41 USER = "vagrant"
42 PASS = "vagrant"
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]43 head_node = os.getenv('HEAD_NODE', 'prod')
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]44 HEAD_NODE = head_node + '.cord.lab' if len(head_node.split('.')) == 1 else head_node
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]45 test_path = os.path.dirname(os.path.realpath(__file__))
A.R Karthick5968e0d2017-05-16 14:50:46 -0700[diff] [blame]46 olt_conf_file = os.getenv('OLT_CONFIG_FILE', os.path.join(test_path, '..', 'setup/olt_config.json'))
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]47 restApiXos = None
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]48 subscriber_account_num = 200
49 subscriber_s_tag = 304
50 subscriber_c_tag = 304
51 subscribers_per_s_tag = 8
52 subscriber_map = {}
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]53 subscriber_info = []
54 volt_subscriber_info = []
A R Karthick9a16a112017-04-07 15:40:05 -0700[diff] [blame]55 restore_methods = []
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]56 TIMEOUT=120
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]57 FABRIC_PORT_HEAD_NODE = 1
58 FABRIC_PORT_COMPUTE_NODE = 2
59 APP_NAME = 'org.ciena.xconnect'
60 APP_FILE = os.path.join(test_path, '..', 'apps/xconnect-1.0-SNAPSHOT.oar')
A.R Karthick50f4d9a2017-04-20 16:44:19 -0700[diff] [blame]61 NUM_SUBSCRIBERS = 5
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]62
63 @classmethod
64 def getSubscriberCredentials(cls, subId):
65 """Generate our own account num, s_tag and c_tags"""
66 if subId in cls.subscriber_map:
67 return cls.subscriber_map[subId]
68 account_num = cls.subscriber_account_num
69 cls.subscriber_account_num += 1
70 s_tag, c_tag = cls.subscriber_s_tag, cls.subscriber_c_tag
71 cls.subscriber_c_tag += 1
72 if cls.subscriber_c_tag % cls.subscribers_per_s_tag == 0:
73 cls.subscriber_s_tag += 1
74 cls.subscriber_map[subId] = account_num, s_tag, c_tag
75 return cls.subscriber_map[subId]
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]76
77 @classmethod
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]78 def getXosCredentials(cls):
79 onos_cfg = OnosCtrl.get_config()
80 if onos_cfg is None:
81 return None
82 if 'apps' in onos_cfg and \
83 'org.opencord.vtn' in onos_cfg['apps'] and \
84 'cordvtn' in onos_cfg['apps']['org.opencord.vtn'] and \
85 'xos' in onos_cfg['apps']['org.opencord.vtn']['cordvtn']:
86 xos_cfg = onos_cfg['apps']['org.opencord.vtn']['cordvtn']['xos']
87 endpoint = xos_cfg['endpoint']
88 user = xos_cfg['user']
89 password = xos_cfg['password']
90 xos_endpoints = endpoint.split(':')
91 xos_host = xos_endpoints[1][len('//'):]
92 xos_port = xos_endpoints[2][:-1]
93 #log.info('xos_host: %s, port: %s, user: %s, password: %s' %(xos_host, xos_port, user, password))
94 return dict(host = xos_host, port = xos_port, user = user, password = password)
95
96 return None
97
98 @classmethod
A.R Karthick50f4d9a2017-04-20 16:44:19 -0700[diff] [blame]99 def getSubscriberConfig(cls, num_subscribers):
100 features = {
101 'cdn': True,
102 'uplink_speed': 1000000000,
103 'downlink_speed': 1000000000,
104 'uverse': True,
105 'status': 'enabled'
106 }
107 subscriber_map = []
108 for i in xrange(num_subscribers):
109 subId = 'sub{}'.format(i)
110 account_num, _, _ = cls.getSubscriberCredentials(subId)
111 identity = { 'account_num' : str(account_num),
112 'name' : 'My House {}'.format(i)
113 }
114 sub_info = { 'features' : features,
115 'identity' : identity
116 }
117 subscriber_map.append(sub_info)
118
119 return subscriber_map
120
121 @classmethod
122 def getVoltSubscriberConfig(cls, num_subscribers):
123 voltSubscriberMap = []
124 for i in xrange(num_subscribers):
125 subId = 'sub{}'.format(i)
126 account_num, s_tag, c_tag = cls.getSubscriberCredentials(subId)
127 voltSubscriberInfo = {}
128 voltSubscriberInfo['voltTenant'] = dict(s_tag = str(s_tag),
129 c_tag = str(c_tag),
130 subscriber = '')
131 voltSubscriberInfo['account_num'] = account_num
132 voltSubscriberMap.append(voltSubscriberInfo)
133
134 return voltSubscriberMap
135
136 @classmethod
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]137 def setUpCordApi(cls):
138 our_path = os.path.dirname(os.path.realpath(__file__))
139 cord_api_path = os.path.join(our_path, '..', 'cord-api')
140 framework_path = os.path.join(cord_api_path, 'Framework')
141 utils_path = os.path.join(framework_path, 'utils')
142 data_path = os.path.join(cord_api_path, 'Tests', 'data')
143 subscriber_cfg = os.path.join(data_path, 'Subscriber.json')
144 volt_tenant_cfg = os.path.join(data_path, 'VoltTenant.json')
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]145 num_subscribers = max(cls.NUM_SUBSCRIBERS, 5)
146 cls.subscriber_info = cls.getSubscriberConfig(num_subscribers)
147 cls.volt_subscriber_info = cls.getVoltSubscriberConfig(num_subscribers)
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]148
149 sys.path.append(utils_path)
150 sys.path.append(framework_path)
151 from restApi import restApi
152 restApiXos = restApi()
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]153 xos_credentials = cls.getXosCredentials()
154 if xos_credentials is None:
155 restApiXos.controllerIP = cls.HEAD_NODE
156 restApiXos.controllerPort = '9000'
157 else:
158 restApiXos.controllerIP = xos_credentials['host']
159 restApiXos.controllerPort = xos_credentials['port']
160 restApiXos.user = xos_credentials['user']
161 restApiXos.password = xos_credentials['password']
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]162 cls.restApiXos = restApiXos
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]163
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]164 @classmethod
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]165 def getVoltId(cls, result, subId):
166 if type(result) is not type([]):
167 return None
168 for tenant in result:
169 if str(tenant['subscriber']) == str(subId):
170 return str(tenant['id'])
171 return None
172
173 @classmethod
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]174 def closeVCPEAccess(cls, volt_subscriber_info):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]175 OnosCtrl.uninstall_app(cls.APP_NAME, onos_ip = cls.HEAD_NODE)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]176
177 @classmethod
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]178 def openVCPEAccess(cls, volt_subscriber_info):
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]179 """
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]180 This code is used to configure leaf switch for head node access to compute node over fabric.
181 Care is to be taken to avoid overwriting existing/default vcpe flows.
182 The access is opened for generated subscriber info which should not overlap.
183 We target the fabric onos instance on head node.
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]184 """
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]185 OnosCtrl.install_app(cls.APP_FILE, onos_ip = cls.HEAD_NODE)
186 time.sleep(2)
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]187 s_tags = map(lambda tenant: int(tenant['voltTenant']['s_tag']), volt_subscriber_info)
188 #only get unique vlan tags
189 s_tags = list(set(s_tags))
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]190 devices = OnosCtrl.get_device_ids(controller = cls.HEAD_NODE)
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]191 if devices:
192 device_config = {}
193 for device in devices:
194 device_config[device] = []
195 for s_tag in s_tags:
196 xconnect_config = {'vlan': s_tag, 'ports' : [ cls.FABRIC_PORT_HEAD_NODE, cls.FABRIC_PORT_COMPUTE_NODE ] }
197 device_config[device].append(xconnect_config)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]198
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]199 cfg = { 'apps' : { 'org.ciena.xconnect' : { 'xconnectTestConfig' : device_config } } }
200 OnosCtrl.config(cfg, controller = cls.HEAD_NODE)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]201
202 @classmethod
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]203 def setUpClass(cls):
204 cls.controllers = get_controllers()
205 cls.controller = cls.controllers[0]
206 cls.cli = None
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]207 cls.on_pod = running_on_pod()
208 cls.on_ciab = running_on_ciab()
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]209 cls.olt = OltConfig(olt_conf_file = cls.olt_conf_file)
210 cls.vcpes = cls.olt.get_vcpes()
211 cls.vcpes_dhcp = cls.olt.get_vcpes_by_type('dhcp')
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]212 cls.vcpes_reserved = cls.olt.get_vcpes_by_type('reserved')
213 cls.dhcp_vcpes_reserved = [ 'vcpe{}.{}.{}'.format(i, cls.vcpes_reserved[i]['s_tag'], cls.vcpes_reserved[i]['c_tag'])
214 for i in xrange(len(cls.vcpes_reserved)) ]
215 cls.untagged_dhcp_vcpes_reserved = [ 'vcpe{}'.format(i) for i in xrange(len(cls.vcpes_reserved)) ]
216 cls.container_vcpes_reserved = [ 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag']) for vcpe in cls.vcpes_reserved ]
217 vcpe_dhcp_reserved = None
218 vcpe_container_reserved = None
219 if cls.vcpes_reserved:
220 vcpe_dhcp_reserved = cls.dhcp_vcpes_reserved[0]
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]221 if cls.on_pod is False:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]222 vcpe_dhcp_reserved = cls.untagged_dhcp_vcpes_reserved[0]
223 vcpe_container_reserved = cls.container_vcpes_reserved[0]
224
225 cls.vcpe_dhcp_reserved = vcpe_dhcp_reserved
226 cls.vcpe_container_reserved = vcpe_container_reserved
227 dhcp_vcpe_offset = len(cls.vcpes_reserved)
A R Karthick927129c2017-04-25 14:08:02 -0700[diff] [blame]228 cls.dhcp_vcpes = [ 'vcpe{}.{}.{}'.format(i+dhcp_vcpe_offset, cls.vcpes_dhcp[i]['s_tag'], cls.vcpes_dhcp[i]['c_tag'])
229 for i in xrange(len(cls.vcpes_dhcp)) ]
230 cls.untagged_dhcp_vcpes = [ 'vcpe{}'.format(i+dhcp_vcpe_offset) for i in xrange(len(cls.vcpes_dhcp)) ]
231 cls.container_vcpes = [ 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag']) for vcpe in cls.vcpes_dhcp ]
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]232 vcpe_dhcp = None
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]233 vcpe_container = None
234 #cache the first dhcp vcpe in the class for quick testing
235 if cls.vcpes_dhcp:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]236 vcpe_container = cls.container_vcpes[0]
237 vcpe_dhcp = cls.dhcp_vcpes[0]
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]238 if cls.on_pod is False:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]239 vcpe_dhcp = cls.untagged_dhcp_vcpes[0]
240 cls.vcpe_container = vcpe_container_reserved or vcpe_container
241 cls.vcpe_dhcp = vcpe_dhcp_reserved or vcpe_dhcp
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]242 VSGAccess.setUp()
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]243 cls.setUpCordApi()
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]244 if cls.on_pod is True:
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]245 cls.openVCPEAccess(cls.volt_subscriber_info)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]246
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]247 @classmethod
248 def tearDownClass(cls):
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]249 VSGAccess.tearDown()
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]250 if cls.on_pod is True:
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]251 cls.closeVCPEAccess(cls.volt_subscriber_info)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]252
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]253 def cliEnter(self, controller = None):
254 retries = 0
255 while retries < 30:
256 self.cli = OnosCliDriver(controller = controller, connect = True)
257 if self.cli.handle:
258 break
259 else:
260 retries += 1
261 time.sleep(2)
262
263 def cliExit(self):
264 self.cli.disconnect()
265
266 def onos_shutdown(self, controller = None):
267 status = True
268 self.cliEnter(controller = controller)
269 try:
270 self.cli.shutdown(timeout = 10)
271 except:
272 log.info('Graceful shutdown of ONOS failed for controller: %s' %controller)
273 status = False
274
275 self.cliExit()
276 return status
277
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]278 def log_set(self, level = None, app = 'org.onosproject'):
279 CordLogger.logSet(level = level, app = app, controllers = self.controllers, forced = True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]280
A R Karthick9a16a112017-04-07 15:40:05 -0700[diff] [blame]281 @classmethod
282 def get_dhcp(cls, vcpe, mgmt = 'eth0'):
283 """Get DHCP for vcpe interface saving management settings"""
284
285 def put_dhcp():
286 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
287
288 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
289 if vcpe_ip is not None:
290 cls.restore_methods.append(put_dhcp)
291 return vcpe_ip
292
293 @classmethod
294 def config_restore(cls):
295 """Restore the vsg test configuration on test case failures"""
296 for restore_method in cls.restore_methods:
297 restore_method()
298
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]299 def get_vsg_vcpe_pair(self):
300 vcpes = self.vcpes_dhcp
301 vcpe_containers = []
302 vsg_vcpe = {}
303 for vcp in vcpes:
304 vcpe_container = 'vcpe-{}-{}'.format(vcp['s_tag'], vcp['c_tag'])
305 vcpe_containers.append(vcpe_container)
306 vsg = VSGAccess.get_vcpe_vsg(vcpe_container)
307 vsg_vcpe[vcpe_container]=str(vsg.get_ip())
308 return vsg_vcpe
309
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]310 def get_vcpe_containers_and_interfaces(self):
311 vcpe_containers = {}
312 vcpe_interfaces = []
313 vcpes = self.vcpes_dhcp
314 count = 0
315 for vcpe in vcpes:
316 vcpe_intf = 'vcpe{}.{}.{}'.format(count,vcpe['s_tag'],vcpe['c_tag'])
317 vcpe_interfaces.append(vcpe_intf)
318 vcpe_container = 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag'])
319 vcpe_containers[vcpe_intf] = vcpe_container
320 count += 1
321 log.info('vcpe interfaces are %s'%vcpe_interfaces)
322 log.info('vcpe containers are %s'%vcpe_containers)
323 return vcpe_interfaces,vcpe_containers
324
325 def get_vcpe_interface_dhcp_ip(self,vcpe=None):
326 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]327 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]328 st, _ = getstatusoutput('dhclient {}'.format(vcpe))
329 vcpe_ip = get_ip(vcpe)
330 return vcpe_ip
331
332 def release_vcpe_interface_dhcp_ip(self,vcpe=None):
333 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]334 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]335 st, _ = getstatusoutput('dhclient {} -r'.format(vcpe))
336 vcpe_ip = get_ip(vcpe)
337 assert_equal(vcpe_ip, None)
338
339 def add_static_route_via_vcpe_interface(self, routes, vcpe=None,dhcp_ip=True):
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]340 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]341 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]342 if dhcp_ip:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]343 os.system('dhclient '+vcpe)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]344 time.sleep(1)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]345 for route in routes:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]346 log.info('route is %s'%route)
347 cmd = 'ip route add ' + route + ' via 192.168.0.1 '+ 'dev ' + vcpe
348 cmds.append(cmd)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]349 for cmd in cmds:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]350 os.system(cmd)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]351 return True
352
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]353 def del_static_route_via_vcpe_interface(self,routes,vcpe=None,dhcp_release=True):
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]354 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]355 vcpe = self.vcpe_dhcp
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]356 cmds = []
357 for route in routes:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]358 cmd = 'ip route del ' + route + ' via 192.168.0.1 ' + 'dev ' + vcpe
359 os.system(cmd)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]360 if dhcp_release:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]361 os.system('dhclient '+vcpe+' -r')
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]362 return True
363
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]364 def vsg_for_external_connectivity(self, subscriber_index, reserved = False):
365 if reserved is True:
366 if self.on_pod is True:
367 vcpe = self.dhcp_vcpes_reserved[subscriber_index]
368 else:
369 vcpe = self.untagged_dhcp_vcpes_reserved[subscriber_index]
370 else:
371 if self.on_pod is True:
372 vcpe = self.dhcp_vcpes[subscriber_index]
373 else:
374 vcpe = self.untagged_dhcp_vcpes[subscriber_index]
375 mgmt = 'eth0'
376 host = '8.8.8.8'
377 self.success = False
378 assert_not_equal(vcpe, None)
379 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
380 assert_not_equal(vcpe_ip, None)
381 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
382 log.info('Sending icmp echo requests to external network 8.8.8.8')
383 st, _ = getstatusoutput('ping -c 3 8.8.8.8')
384 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
385 assert_equal(st, 0)
386
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]387 def test_vsg_health(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]388 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]389 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]390 1. Login to compute node VM
391 2. Get all vSGs
392 3. Ping to all vSGs
393 4. Verifying Ping success
394 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]395 status = True
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]396 if self.on_pod is True:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]397 status = VSGAccess.health_check()
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]398 assert_equal(status, True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]399
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]400 def test_vsg_health_check(self, vsg_name='mysite_vsg-1', verify_status=True):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]401 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]402 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]403 1. If vsg name not specified, Get vsg corresponding to vcpe
404 1. Login to compute mode VM
405 3. Ping to the vSG
406 4. Verifying Ping success
407 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]408 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]409 return
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]410 if not vsg_name:
411 vcpe = self.vcpe_container
412 vsg = VSGAccess.get_vcpe_vsg(vcpe)
413 status = vsg.get_health()
414 assert_equal(status, verify_status)
415 else:
416 vsgs = VSGAccess.get_vsgs()
417 status = None
418 for vsg in vsgs:
419 if vsg.name == vsg_name:
420 status = vsg.get_health()
421 log.info('vsg health check status is %s'%status)
422 assert_equal(status,verify_status)
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]423
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]424 @deferred(TIMEOUT)
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]425 def test_vsg_for_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]426 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]427 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]428 1. Get list of all compute nodes created using Openstack
429 2. Login to compute mode VM
430 3. Get all vSGs
431 4. Verifying atleast one compute node and one vSG created
432 """
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]433 df = defer.Deferred()
434 def vsg_for_vcpe_df(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]435 if self.on_pod is True:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]436 vsgs = VSGAccess.get_vsgs()
437 compute_nodes = VSGAccess.get_compute_nodes()
438 time.sleep(14)
439 assert_not_equal(len(vsgs), 0)
440 assert_not_equal(len(compute_nodes), 0)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]441 df.callback(0)
442 reactor.callLater(0,vsg_for_vcpe_df,df)
443 return df
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]444
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]445 def test_vsg_for_login(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]446 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]447 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]448 1. Login to compute node VM
449 2. Get all vSGs
450 3. Verifying login to vSG is success
451 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]452 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]453 return
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]454 vsgs = VSGAccess.get_vsgs()
455 vsg_access_status = map(lambda vsg: vsg.check_access(), vsgs)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]456 status = filter(lambda st: st == False, vsg_access_status)
457 assert_equal(len(status), 0)
458
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]459 def test_vsg_for_default_route_through_testclient(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]460 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]461 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]462 1. Login to head node
463 2. Verifying for default route in lxc test client
464 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]465 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]466 return
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]467 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
468 cmd = "sudo lxc exec testclient -- route | grep default"
469 status, output = ssh_agent.run_cmd(cmd)
470 assert_equal(status, True)
471
472 def test_vsg_for_external_connectivity_through_testclient(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]473 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]474 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]475 1. Login to head node
476 2. On head node, executing ping to 8.8.8.8 from lxc test client
477 3. Verifying for the ping success
478 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]479 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]480 return
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]481 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
482 cmd = "lxc exec testclient -- ping -c 3 8.8.8.8"
483 status, output = ssh_agent.run_cmd(cmd)
484 assert_equal( status, True)
485
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]486 def test_vsg_for_external_connectivity(self):
487 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]488 Test Method:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]489 1. Get dhcp IP to vcpe interface in cord-tester
490 2. Verifying vcpe interface gets dhcp IP
491 3. Ping to 8.8.8.8 and Verifying ping should success
492 4. Restoring management interface configuration in cord-tester
493 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]494 reserved = True
495 if self.on_pod:
496 reserved = self.on_ciab
497 self.vsg_for_external_connectivity(0, reserved = reserved)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]498
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]499 def test_vsg_for_external_connectivity_to_google(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]500 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]501 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]502 1. Get dhcp IP to vcpe interface in cord-tester
503 2. Verifying vcpe interface gets dhcp IP
504 3. Ping to www.google.com and Verifying ping should success
505 4. Restoring management interface configuration in cord-tester
506 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]507 host = 'www.google.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]508 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]509 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]510 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]511 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]512 assert_not_equal(vcpe_ip, None)
513 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
514 log.info('Sending icmp ping requests to %s' %host)
515 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]516 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]517 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]518
A R Karthickb2618052017-05-10 09:23:22 -0700[diff] [blame]519 def retrieve_content_from_host_to_validate_path_mtu(self, host):
520 vcpe = self.vcpe_dhcp
521 mgmt = 'eth0'
522 assert_not_equal(vcpe, None)
523 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
524 assert_not_equal(vcpe_ip, None)
525 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
526 log.info('Initiating get requests to %s' %host)
527 r = requests.get('http://{}'.format(host))
528 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
529 return r.status_code
530
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]531 #Test cases to check path mtu across cord framework wih some selected websites to check response.
532 def test_vsg_to_retrieve_content_from_google_to_validate_path_mtu(self):
533 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]534 Test Method:
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]535 1. Get dhcp IP to vcpe interface in cord-tester
536 2. Verifying vcpe interface gets dhcp IP
537 3. Retrieve contents from www.google.com and Verify response status is 200 ok.
538 4. This validates path mtu for end to end traffic with request to retrieve web contents in cord framework.
539 (Based on website response, size differs, needs check on MTU)
540 4. Restoring management interface configuration in cord-tester
541 """
A R Karthickb2618052017-05-10 09:23:22 -0700[diff] [blame]542 status_code = self.retrieve_content_from_host_to_validate_path_mtu('www.google.com')
543 assert_equal(status_code, 200)
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]544
545 def test_vsg_to_retrieve_content_from_rediff_to_validate_path_mtu(self):
546 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]547 Test Method:
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]548 1. Get dhcp IP to vcpe interface in cord-tester
549 2. Verifying vcpe interface gets dhcp IP
550 3. Retrieve contents from www.rediff.com and Verify response status is 200 ok.
551 4. This validates path mtu for end to end traffic with request to retrieve web contents in cord framework.
552 (Based on website response, size differs, needs check on MTU)
553 4. Restoring management interface configuration in cord-tester
554 """
A R Karthickb2618052017-05-10 09:23:22 -0700[diff] [blame]555 status_code = self.retrieve_content_from_host_to_validate_path_mtu('www.rediff.com')
556 assert_equal(status_code, 200)
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]557
558 def test_vsg_to_retrieve_content_from_yahoo_to_validate_path_mtu(self):
559 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]560 Test Method:
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]561 1. Get dhcp IP to vcpe interface in cord-tester
562 2. Verifying vcpe interface gets dhcp IP
563 3. Retrieve contents from www.yahoo.com and Verify response status is 200 ok.
564 4. This validates path mtu for end to end traffic with request to retrieve web contents in cord framework.
565 (Based on website response, size differs, needs check on MTU)
566 4. Restoring management interface configuration in cord-tester
567 """
A R Karthickb2618052017-05-10 09:23:22 -0700[diff] [blame]568 status_code = self.retrieve_content_from_host_to_validate_path_mtu('www.yahoo.com')
569 assert_equal(status_code, 200)
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]570
571 def test_vsg_to_retrieve_content_from_facebook_to_validate_path_mtu(self):
572 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]573 Test Method:
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]574 1. Get dhcp IP to vcpe interface in cord-tester
575 2. Verifying vcpe interface gets dhcp IP
576 3. Retrieve contents from www.facebook.com and Verify response status is 200 ok.
577 4. This validates path mtu for end to end traffic with request to retrieve web contents in cord framework.
578 (Based on website response, size differs, needs check on MTU)
579 4. Restoring management interface configuration in cord-tester
580 """
A R Karthickb2618052017-05-10 09:23:22 -0700[diff] [blame]581 status_code = self.retrieve_content_from_host_to_validate_path_mtu('www.facebook.com')
582 assert_equal(status_code, 200)
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]583
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]584 def test_vsg_for_external_connectivity_to_invalid_host(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]585 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]586 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]587 1. Get dhcp IP to vcpe interface in cord-tester
588 2. Verifying vcpe interface gets dhcp IP
589 3. Ping to www.goglee.com and Verifying ping should not success
590 4. Restoring management interface configuration in cord-tester
591 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]592 host = 'www.goglee.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]593 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]594 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]595 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]596 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]597 assert_not_equal(vcpe_ip, None)
598 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
599 log.info('Sending icmp ping requests to non existent host %s' %host)
600 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]601 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]602 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]603
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]604 def test_vsg_for_external_connectivity_with_ttl_1(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]605 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]606 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]607 1. Get dhcp IP to vcpe interface in cord-tester
608 2. Verifying vcpe interface gets dhcp IP
609 3. Ping to 8.8.8.8 with ttl set to 1
610 4. Verifying ping should not success
611 5. Restoring management interface configuration in cord-tester
612 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]613 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]614 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]615 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]616 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]617 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]618 assert_not_equal(vcpe_ip, None)
619 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
620 log.info('Sending icmp ping requests to host %s with ttl 1' %host)
621 st, _ = getstatusoutput('ping -c 1 -t 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]622 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]623 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]624
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]625 def test_vsg_for_external_connectivity_with_wan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]626 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]627 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]628 1. Get dhcp IP to vcpe interface in cord-tester
629 2. Verifying vcpe interface gets dhcp IP
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]630 3. Ping to 8.8.8.8 and Verifying ping succeeds
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]631 4. Now down the WAN interface of vcpe
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]632 5. Ping to 8.8.8.8 and Verifying ping fails
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]633 6. Now Up the WAN interface of vcpe
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]634 7. Ping to 8.8.8.8 and Verifying ping succeeds
635 8. Restoring management interface configuration in cord-tester
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]636 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]637 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]638 return
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]639 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]640 mgmt = 'eth0'
641 vcpe = self.vcpe_container
642 assert_not_equal(vcpe, None)
643 assert_not_equal(self.vcpe_dhcp, None)
644 #first get dhcp on the vcpe interface
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]645 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
646 assert_not_equal(vcpe_ip, None)
647 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
648 log.info('Sending ICMP pings to host %s' %(host))
649 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
650 if st != 0:
651 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
652 assert_equal(st, 0)
653 #bring down the wan interface and check again
654 st = VSGAccess.vcpe_wan_down(vcpe)
655 if st is False:
656 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
657 assert_equal(st, True)
658 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
659 if st == 0:
660 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
661 assert_not_equal(st, 0)
662 st = VSGAccess.vcpe_wan_up(vcpe)
663 if st is False:
664 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
665 assert_equal(st, True)
666 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
667 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
668 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]669
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]670 def test_vsg_for_external_connectivity_with_lan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]671 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]672 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]673 1. Get dhcp IP to vcpe interface in cord-tester
674 2. Verifying vcpe interface gets dhcp IP
675 3. Ping to 8.8.8.8 and Verifying ping should success
676 4. Now down the LAN interface of vcpe
677 5. Ping to 8.8.8.8 and Verifying ping should not success
678 6. Now Up the LAN interface of vcpe
679 7. Ping to 8.8.8.8 and Verifying ping should success
680 8. Restoring management interface configuration in cord-tester
681 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]682 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]683 return
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]684 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]685 mgmt = 'eth0'
686 vcpe = self.vcpe_container
687 assert_not_equal(vcpe, None)
688 assert_not_equal(self.vcpe_dhcp, None)
689 #first get dhcp on the vcpe interface
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]690 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
691 assert_not_equal(vcpe_ip, None)
692 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
693 log.info('Sending ICMP pings to host %s' %(host))
694 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
695 if st != 0:
696 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
697 assert_equal(st, 0)
698 #bring down the lan interface and check again
699 st = VSGAccess.vcpe_lan_down(vcpe)
700 if st is False:
701 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
702 assert_equal(st, True)
703 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
704 if st == 0:
705 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
706 assert_not_equal(st, 0)
707 st = VSGAccess.vcpe_lan_up(vcpe)
708 if st is False:
709 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
710 assert_equal(st, True)
711 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
712 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
713 assert_equal(st, 0)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]714
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]715 def test_vsg_multiple_subscribers_for_same_vcpe_instace(self):
716 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]717 Test Method:
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]718 1. Create a vcpe instance
719 2. Create multiple vcpe interfaces in cord-tester with same s-tag and c-tag to access vcpe instance
720 3. Verify all the interfaces gets dhcp IP in same subnet
721 """
722 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
723 for vcpe in vcpe_intfs:
724 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
725 assert_not_equal(vcpe_ip,None)
726 for vcpe in vcpe_intfs:
727 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
728
729 def test_vsg_for_multiple_subscribers_with_same_vcpe_instance_and_validate_external_connectivity(self):
730 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]731 Test Method:
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]732 1. Create a vcpe instance
733 2. Create multiple vcpe interfaces in cord-tester with same s-tag and c-tag to access vcpe instance
734 3. Verify all the interfaces gets dhcp IP in same subnet
735 4. From cord-tester ping to external with vcpe interface option
736 """
737 host = '8.8.8.8'
738 vcpe_intfs, containers = self.get_vcpe_containers_and_interfaces()
739 for vcpe in vcpe_intfs:
740 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
741 assert_not_equal(vcpe_ip,None)
742 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe,dhcp_ip=False)
743 st, _ = getstatusoutput('ping -I {} -c 3 {}'.format(vcpe,host))
744 assert_equal(st, 0)
745 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe,dhcp_release=False)
746 for vcpe in vcpe_intfs:
747 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
748
749 def test_vsg_vcpe_interface_and_validate_dhcp_ip_after_interface_toggle(self):
750 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]751 Test Method:
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]752 1. Create a vcpe instance
753 2. Create a vcpe interface in cord-tester
754 3. Verify the interface gets dhcp IP
755 4. Toggle the interface
756 5. Verify the interface gets dhcp IP
757 """
758 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
759 for vcpe in vcpe_intfs:
760 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
761 assert_not_equal(vcpe_ip,None)
762 os.system('ifconfig {} down'.format(vcpe))
763 time.sleep(1)
764 os.system('ifconfig {} up'.format(vcpe))
765 time.sleep(1)
766 vcpe_ip2 = get_ip(vcpe)
767 assert_equal(vcpe_ip2,vcpe_ip)
768 for vcpe in vcpe_intfs:
769 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
770
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]771 @deferred(TIMEOUT)
Anil Kumar Sanka52a39f82017-05-10 17:39:31 +0000[diff] [blame]772 def test_vsg_for_external_connectivity_after_restarting_vcpe_instance(self,vcpe_name=None,vcpe_intf=None):
773 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]774 Test Method:
Anil Kumar Sanka52a39f82017-05-10 17:39:31 +0000[diff] [blame]775 1. Get vSG corresponding to vcpe
776 2. Get dhcp ip to vcpe interface
777 3. Add static route to destination route in test container
778 4. From test container ping to destination route and verify ping success
779 5. Login to compute node and execute command to pause vcpe container
780 6. From test container ping to destination route and verify ping success
781 """
782 if not vcpe_name:
783 vcpe_name = self.vcpe_container
784 if not vcpe_intf:
785 vcpe_intf = self.vcpe_dhcp
786 df = defer.Deferred()
787 def vcpe_firewall(df):
788 if self.on_pod is False:
789 df.callback(0)
790 return
791 host = '8.8.8.8'
792 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
793 try:
794 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
795 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
796 assert_equal(st, False)
797 st, _ = vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
798 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
799 assert_equal(st, False)
800 finally:
801 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
802 df.callback(0)
803 reactor.callLater(0, vcpe_firewall, df)
804 return df
805
806 @deferred(TIMEOUT)
807 def test_vsg_for_external_connectivity_after_restarting_vsg_vm(self,vcpe_name=None,vcpe_intf=None):
808 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]809 Test Method:
Anil Kumar Sanka52a39f82017-05-10 17:39:31 +0000[diff] [blame]810 1. Get vSG corresponding to vcpe
811 2. Get dhcp ip to vcpe interface
812 3. Add static route to destination route in test container
813 4. From test container ping to destination route and verify ping success
814 5. Login to compute node and execute command to pause vcpe container
815 6. From test container ping to destination route and verify ping success
816 """
817 if not vcpe_name:
818 vcpe_name = self.vcpe_container
819 if not vcpe_intf:
820 vcpe_intf = self.vcpe_dhcp
821 df = defer.Deferred()
822 def vcpe_firewall(df):
823 if self.on_pod is False:
824 df.callback(0)
825 return
826 host = '8.8.8.8'
827 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
828 try:
829 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
830 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
831 assert_equal(st, False)
832 st, _ = vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
833 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
834 assert_equal(st, False)
835 finally:
836 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
837 df.callback(0)
838 reactor.callLater(0, vcpe_firewall, df)
839 return df
840
841 @deferred(TIMEOUT)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]842 def test_vsg_for_external_connectivity_with_vcpe_container_paused(self,vcpe_name=None,vcpe_intf=None):
843 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]844 Test Method:
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]845 1. Get vSG corresponding to vcpe
846 2. Get dhcp ip to vcpe interface
847 3. Add static route to destination route in test container
848 4. From test container ping to destination route and verify ping success
849 5. Login to compute node and execute command to pause vcpe container
850 6. From test container ping to destination route and verify ping success
851 """
852 if not vcpe_name:
853 vcpe_name = self.vcpe_container
854 if not vcpe_intf:
855 vcpe_intf = self.vcpe_dhcp
856 df = defer.Deferred()
857 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]858 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]859 df.callback(0)
860 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]861 host = '8.8.8.8'
862 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
863 try:
864 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
865 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
866 assert_equal(st, False)
867 st, _ = vsg.run_cmd('sudo docker pause {}'.format(vcpe_name))
868 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
869 assert_equal(st, False)
870 finally:
871 vsg.run_cmd('sudo docker unpause'.format(vcpe_name))
872 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
873 df.callback(0)
874 reactor.callLater(0, vcpe_firewall, df)
875 return df
876
877 @deferred(TIMEOUT)
878 def test_vsg_firewall_with_deny_destination_ip(self, vcpe_name=None, vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]879 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]880 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]881 1. Get vSG corresponding to vcpe
882 2. Login to compute node
883 3. Execute iptable command on vcpe from compute node to deny a destination IP
884 4. From cord-tester ping to the denied IP address
885 5. Verifying that ping should not be successful
886 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]887 if not vcpe_name:
888 vcpe_name = self.vcpe_container
889 if not vcpe_intf:
890 vcpe_intf = self.vcpe_dhcp
891 df = defer.Deferred()
892 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]893 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]894 df.callback(0)
895 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]896 host = '8.8.8.8'
897 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
898 try:
899 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
900 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
901 assert_equal(st, False)
902 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
903 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
904 assert_equal(st, True)
905 finally:
906 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
907 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
908 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
909 df.callback(0)
910 reactor.callLater(0, vcpe_firewall, df)
911 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]912
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]913 @deferred(TIMEOUT)
914 def test_vsg_firewall_with_rule_add_and_delete_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]915 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]916 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]917 1. Get vSG corresponding to vcpe
918 2. Login to compute node
919 3. Execute iptable command on vcpe from compute node to deny a destination IP
920 4. From cord-tester ping to the denied IP address
921 5. Verifying that ping should not be successful
922 6. Delete the iptable rule in vcpe
923 7. From cord-tester ping to the denied IP address
924 8. Verifying the ping should success
925 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]926 if not vcpe_name:
927 vcpe_name = self.vcpe_container
928 if not vcpe_intf:
929 vcpe_intf = self.vcpe_dhcp
930 df = defer.Deferred()
931 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]932 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]933 df.callback(0)
934 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]935 host = '8.8.8.8'
936 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
937 try:
938 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
939 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
940 assert_equal(st, False)
941 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
942 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
943 assert_equal(st, True)
944 st,_ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
945 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
946 assert_equal(st, False)
947 finally:
948 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
949 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
950 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
951 df.callback(0)
952 reactor.callLater(0, vcpe_firewall, df)
953 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]954
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]955 @deferred(TIMEOUT)
956 def test_vsg_firewall_verifying_reachability_for_non_blocked_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]957 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]958 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]959 1. Get vSG corresponding to vcpe
960 2. Login to compute node
961 3. Execute iptable command on vcpe from compute node to deny a destination IP
962 4. From cord-tester ping to the denied IP address
963 5. Verifying that ping should not be successful
964 6. From cord-tester ping to the denied IP address other than the denied one
965 7. Verifying the ping should success
966 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]967 if not vcpe_name:
968 vcpe_name = self.vcpe_container
969 if not vcpe_intf:
970 vcpe_intf = self.vcpe_dhcp
971 df = defer.Deferred()
972 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]973 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]974 df.callback(0)
975 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]976 host1 = '8.8.8.8'
977 host2 = '204.79.197.203'
978 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
979 try:
980 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
981 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
982 assert_equal(st, False)
983 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
984 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
985 assert_equal(st, True)
986 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
987 assert_equal(st,False)
988 finally:
989 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
990 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
991 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
992 df.callback(0)
993 reactor.callLater(0, vcpe_firewall, df)
994 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]995
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]996 @deferred(TIMEOUT)
997 def test_vsg_firewall_appending_rules_with_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]998 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]999 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1000 1. Get vSG corresponding to vcpe
1001 2. Login to compute node
1002 3. Execute iptable command on vcpe from compute node to deny a destination IP1
1003 4. From cord-tester ping to the denied IP address IP1
1004 5. Verifying that ping should not be successful
1005 6. Execute iptable command on vcpe from compute node to deny a destination IP2
1006 6. From cord-tester ping to the denied IP address IP2
1007 7. Verifying that ping should not be successful
1008 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1009 if not vcpe_name:
1010 vcpe_name = self.vcpe_container
1011 if not vcpe_intf:
1012 vcpe_intf = self.vcpe_dhcp
1013 df = defer.Deferred()
1014 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1015 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1016 df.callback(0)
1017 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1018 host1 = '8.8.8.8'
1019 host2 = '204.79.197.203'
1020 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1021 try:
1022 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
1023 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1024 assert_equal(st, False)
1025 st,_ = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name))
1026 time.sleep(2)
1027 st,_ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
1028 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1029 assert_equal(st, True)
1030 st, out = getstatusoutput('ping -c 1 {}'.format(host2))
1031 log.info('host2 ping output is %s'%out)
1032 assert_equal(st, False)
1033 st, _ = vsg.run_cmd('sudo docker exec {} iptables -A FORWARD -d {} -j DROP'.format(vcpe_name,host2))
1034 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1035 assert_equal(st,True)
1036 finally:
1037 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
1038 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
1039 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
1040 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1041 df.callback(0)
1042 reactor.callLater(0, vcpe_firewall, df)
1043 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1044
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1045 @deferred(TIMEOUT)
1046 def test_vsg_firewall_removing_one_rule_denying_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1047 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1048 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1049 1. Get vSG corresponding to vcpe
1050 2. Login to compute node
1051 3. Execute iptable command on vcpe from compute node to deny a destination IP1
1052 4. Execute iptable command on vcpe from compute node to deny a destination IP2
1053 5. From cord-tester ping to the denied IP address IP1
1054 6. Verifying that ping should not be successful
1055 7. From cord-tester ping to the denied IP address IP2
1056 8. Verifying that ping should not be successful
1057 9. Execute iptable command on vcpe from compute node to remove deny a destination IP2 rule
1058 10. From cord-tester ping to the denied IP address IP2
1059 11. Verifying the ping should success
1060 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1061 if not vcpe_name:
1062 vcpe_name = self.vcpe_container
1063 if not vcpe_intf:
1064 vcpe_intf = self.vcpe_dhcp
1065 df = defer.Deferred()
1066 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1067 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1068 df.callback(0)
1069 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1070 host1 = '8.8.8.8'
1071 host2 = '204.79.197.203'
1072 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1073 try:
1074 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp)
1075 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1076 assert_equal(st, False)
1077 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
1078 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host2))
1079 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1080 assert_equal(st, True)
1081 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1082 assert_equal(st,True)
1083 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
1084 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1085 assert_equal(st,False)
1086 finally:
1087 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
1088 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
1089 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
1090 log.info('restarting vcpe container')
1091 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1092 df.callback(0)
1093 reactor.callLater(0, vcpe_firewall, df)
1094 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1095
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1096 @deferred(TIMEOUT)
1097 def test_vsg_firewall_changing_rule_id_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1098 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1099 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1100 1. Get vSG corresponding to vcpe
1101 2. Login to compute node
1102 3. Execute iptable command on vcpe from compute node to deny a destination IP
1103 5. From cord-tester ping to the denied IP address IP1
1104 6. Verifying that ping should not be successful
1105 9. Execute iptable command on vcpe from compute node to change the rule ID to 2 to deny the same destination IP
1106 10. From cord-tester ping to the denied IP address IP
1107 11. Verifying that ping should not be successful
1108 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1109 if not vcpe_name:
1110 vcpe_name = self.vcpe_container
1111 if not vcpe_intf:
1112 vcpe_intf = self.vcpe_dhcp
1113 df = defer.Deferred()
1114 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1115 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1116 df.callback(0)
1117 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1118 host = '8.8.8.8'
1119 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1120 try:
1121 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1122 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1123 assert_equal(st, False)
1124 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1125 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1126 assert_equal(st, True)
1127 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP '.format(vcpe_name,host))
1128 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1129 assert_equal(st,True)
1130 finally:
1131 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1132 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1133 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1134 df.callback(0)
1135 reactor.callLater(0, vcpe_firewall, df)
1136 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1137
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1138 @deferred(TIMEOUT)
1139 def test_vsg_firewall_changing_deny_rule_to_accept_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1140 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1141 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1142 1. Get vSG corresponding to vcpe
1143 2. Login to compute node
1144 3. Execute iptable command on vcpe from compute node to deny a destination IP
1145 5. From cord-tester ping to the denied IP address IP1
1146 6. Verifying that ping should not be successful
1147 9. Execute iptable command on vcpe from compute node to accept the same destination IP
1148 10. From cord-tester ping to the accepted IP
1149 11. Verifying the ping should success
1150 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1151 if not vcpe_name:
1152 vcpe_name = self.vcpe_container
1153 if not vcpe_intf:
1154 vcpe_intf = self.vcpe_dhcp
1155 df = defer.Deferred()
1156 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1157 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1158 df.callback(0)
1159 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1160 host = '8.8.8.8'
1161 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1162 try:
1163 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1164 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1165 assert_equal(st, False)
1166 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1167 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1168 assert_equal(st, True)
1169 st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -d {} -j ACCEPT'.format(vcpe_name,host))
1170 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1171 assert_equal(st,False)
1172 finally:
1173 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1174 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j ACCEPT'.format(vcpe_name,host))
1175 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1176 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1177 df.callback(0)
1178 reactor.callLater(0, vcpe_firewall, df)
1179 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1180
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1181 @deferred(TIMEOUT) #Fail
1182 def test_vsg_firewall_denying_destination_network(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1183 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1184 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1185 1. Get vSG corresponding to vcpe
1186 2. Login to compute node
1187 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet
1188 4. From cord-tester ping to the denied IP address IP1 in the denied subnet
1189 5. Verifying that ping should not be successful
1190 6. From cord-tester ping to the denied IP address IP2 in the denied subnet
1191 7. Verifying that ping should not be successful
1192 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1193 if not vcpe_name:
1194 vcpe_name = self.vcpe_container
1195 if not vcpe_intf:
1196 vcpe_intf = self.vcpe_dhcp
1197 df = defer.Deferred()
1198 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1199 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1200 df.callback(0)
1201 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1202 network = '204.79.197.192/28'
1203 host1 = '204.79.197.203'
1204 host2 = '204.79.197.210'
1205 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1206 try:
1207 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp)
1208 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1209 assert_equal(st, False)
1210 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network))
1211 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1212 assert_equal(st, True)
1213 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1214 assert_equal(st,False)
1215 finally:
1216 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network))
1217 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
1218 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1219 df.callback(0)
1220 reactor.callLater(0, vcpe_firewall, df)
1221 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1222
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1223 @deferred(TIMEOUT)
1224 def test_vsg_firewall_denying_destination_network_subnet_modification(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1225 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1226 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1227 1. Get vSG corresponding to vcpe
1228 2. Login to compute node
1229 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet
1230 4. From cord-tester ping to the denied IP address IP1 in the denied subnet
1231 5. Verifying that ping should not be successful
1232 6. From cord-tester ping to the denied IP address IP2 in the denied subnet
1233 7. Verifying that ping should not be successful
1234 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1235 if not vcpe_name:
1236 vcpe_name = self.vcpe_container
1237 if not vcpe_intf:
1238 vcpe_intf = self.vcpe_dhcp
1239 df = defer.Deferred()
1240 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1241 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1242 df.callback(0)
1243 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1244 network1 = '204.79.197.192/28'
1245 network2 = '204.79.197.192/27'
1246 host1 = '204.79.197.203'
1247 host2 = '204.79.197.210'
1248 host3 = '204.79.197.224'
1249 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1250 try:
1251 self.add_static_route_via_vcpe_interface([host1,host2,host3],vcpe=self.vcpe_dhcp)
1252 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1253 assert_equal(st, False)
1254 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network1))
1255 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1256 assert_equal(st, True)
1257 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1258 assert_equal(st,False)
1259 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP'.format(vcpe_name,network2))
1260 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1261 assert_equal(st, True)
1262 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1263 assert_equal(st, True)
1264 st, _ = getstatusoutput('ping -c 1 {}'.format(host3))
1265 assert_equal(st, False)
1266 finally:
1267 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network1))
1268 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network2))
1269 self.del_static_route_via_vcpe_interface([host1,host2,host3],vcpe=vcpe_intf)
1270 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1271 df.callback(0)
1272 reactor.callLater(0, vcpe_firewall, df)
1273 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1274
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1275 @deferred(TIMEOUT)
1276 def test_vsg_firewall_with_deny_source_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1277 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1278 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1279 1. Get vSG corresponding to vcpe
1280 2. Login to compute node
1281 3. Execute iptable command on vcpe from compute node to deny a source IP
1282 4. From cord-tester ping to 8.8.8.8 from the denied IP
1283 5. Verifying that ping should not be successful
1284 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1285 if not vcpe_name:
1286 vcpe_name = self.vcpe_container
1287 if not vcpe_intf:
1288 vcpe_intf = self.vcpe_dhcp
1289 df = defer.Deferred()
1290 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1291 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1292 df.callback(0)
1293 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1294 host = '8.8.8.8'
1295 #source_ip = get_ip(self.vcpe_dhcp)
1296 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1297 try:
1298 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1299 source_ip = get_ip(self.vcpe_dhcp)
1300 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1301 assert_equal(st, False)
1302 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1303 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1304 assert_equal(st, True)
1305 finally:
1306 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1307 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1308 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1309 df.callback(0)
1310 reactor.callLater(0, vcpe_firewall, df)
1311 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1312
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1313 @deferred(TIMEOUT)
1314 def test_vsg_firewall_rule_with_add_and_delete_deny_source_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1315 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1316 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1317 1. Get vSG corresponding to vcpe
1318 2. Login to compute node
1319 3. Execute iptable command on vcpe from compute node to deny a source IP
1320 4. From cord-tester ping to 8.8.8.8 from the denied IP
1321 5. Verifying that ping should not be successful
1322 6. Delete the iptable rule in vcpe
1323 7. From cord-tester ping to 8.8.8.8 from the denied IP
1324 8. Verifying the ping should success
1325 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1326 if not vcpe_name:
1327 vcpe_name = self.vcpe_container
1328 if not vcpe_intf:
1329 vcpe_intf = self.vcpe_dhcp
1330 df = defer.Deferred()
1331 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1332 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1333 df.callback(0)
1334 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1335 host = '8.8.8.8'
1336 source_ip = get_ip(self.vcpe_dhcp)
1337 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1338 try:
1339 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1340 source_ip = get_ip(self.vcpe_dhcp)
1341 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1342 assert_equal(st, False)
1343 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1344 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1345 assert_equal(st, True)
1346 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1347 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1348 assert_equal(st, False)
1349 finally:
1350 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1351 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1352 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1353 df.callback(0)
1354 reactor.callLater(0, vcpe_firewall, df)
1355 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1356
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1357 @deferred(TIMEOUT)
1358 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_requests_type(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1359 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1360 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1361 1. Get vSG corresponding to vcpe
1362 2. Login to compute node
1363 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets
1364 4. From cord-tester ping to 8.8.8.8
1365 5. Verifying that ping should not be successful
1366 6. Delete the iptable rule
1367 7. From cord-tester ping to 8.8.8.8
1368 8. Verifying the ping should success
1369 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1370 if not vcpe_name:
1371 vcpe_name = self.vcpe_container
1372 if not vcpe_intf:
1373 vcpe_intf = self.vcpe_dhcp
1374 df = defer.Deferred()
1375 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1376 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1377 df.callback(0)
1378 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1379 host = '8.8.8.8'
1380 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1381 try:
1382 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1383 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1384 assert_equal(st, False)
1385 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1386 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1387 assert_equal(st, True)
1388 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1389 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1390 assert_equal(st, False)
1391 finally:
1392 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1393 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1394 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1395 df.callback(0)
1396 reactor.callLater(0, vcpe_firewall, df)
1397 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1398
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1399 @deferred(TIMEOUT)
1400 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1401 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1402 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1403 1. Get vSG corresponding to vcpe
1404 2. Login to compute node
1405 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets
1406 4. From cord-tester ping to 8.8.8.8
1407 5. Verifying that ping should not be successful
1408 6. Delete the iptable rule
1409 7. From cord-tester ping to 8.8.8.8
1410 8. Verifying the ping should success
1411 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1412 if not vcpe_name:
1413 vcpe_name = self.vcpe_container
1414 if not vcpe_intf:
1415 vcpe_intf = self.vcpe_dhcp
1416 df = defer.Deferred()
1417 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1418 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1419 df.callback(0)
1420 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1421 host = '8.8.8.8'
1422 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1423 try:
1424 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1425 st, _ = getstatusoutput('ping -c 1 {}'.format('8.8.8.8'))
1426 assert_equal(st, False)
1427 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1428 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1429 assert_equal(st, True)
1430 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1431 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1432 assert_equal(st,False)
1433 finally:
1434 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1435 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1436 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1437 df.callback(0)
1438 reactor.callLater(0, vcpe_firewall, df)
1439 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1440
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1441 @deferred(TIMEOUT)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1442 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_requests_type(self, vcpe_name=None, vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1443 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1444 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1445 1. Get vSG corresponding to vcpe
1446 2. Login to compute node
1447 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets
1448 4. From cord-tester ping to 8.8.8.8
1449 5. Verifying that ping should not be successful
1450 6. Insert another rule to accept the icmp-echo requests protocol packets
1451 7. From cord-tester ping to 8.8.8.8
1452 8. Verifying the ping should success
1453 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1454 if not vcpe_name:
1455 vcpe_name = self.vcpe_container
1456 if not vcpe_intf:
1457 vcpe_intf = self.vcpe_dhcp
1458 df = defer.Deferred()
1459 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1460 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1461 df.callback(0)
1462 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1463 host = '8.8.8.8'
1464 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1465 try:
1466 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1467 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1468 assert_equal(st, False)
1469 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1470 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1471 assert_equal(st, True)
1472 st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name))
1473 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1474 assert_equal(st,False)
1475 finally:
1476 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1477 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name))
1478 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1479 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1480 df.callback(0)
1481 reactor.callLater(0, vcpe_firewall, df)
1482 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1483
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1484 @deferred(TIMEOUT)
1485 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None):
1486 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1487 Test Method:
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1488 1. Get vSG corresponding to vcpe
1489 2. Login to compute node
1490 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets
1491 4. From cord-tester ping to 8.8.8.8
1492 5. Verifying the ping should not success
1493 6. Insert another rule to accept the icmp-echo requests protocol packets
1494 7. From cord-tester ping to 8.8.8.8
1495 8. Verifying the ping should success
1496 """
1497 if not vcpe_name:
1498 vcpe_name = self.vcpe_container
1499 if not vcpe_intf:
1500 vcpe_intf = self.vcpe_dhcp
1501 df = defer.Deferred()
1502 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1503 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1504 df.callback(0)
1505 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1506 host = '8.8.8.8'
1507 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1508 try:
1509 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1510 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1511 assert_equal(st, False)
1512 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1513 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1514 assert_equal(st, True)
1515 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name))
1516 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1517 assert_equal(st,False)
1518 finally:
1519 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1520 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name))
1521 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1522 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1523 df.callback(0)
1524 reactor.callLater(0, vcpe_firewall, df)
1525 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1526
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1527 @deferred(TIMEOUT)
1528 def test_vsg_firewall_for_deny_icmp_protocol(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1529 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1530 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1531 1. Get vSG corresponding to vcpe
1532 2. Login to compute node
1533 3. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1534 4. From cord-tester ping to 8.8.8.8
1535 5. Verifying that ping should not be successful
1536 6. Delete the iptable rule
1537 7. From cord-tester ping to 8.8.8.8
1538 8. Verifying the ping should success
1539 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1540 if not vcpe_name:
1541 vcpe_name = self.vcpe_container
1542 if not vcpe_intf:
1543 vcpe_intf = self.vcpe_dhcp
1544 df = defer.Deferred()
1545 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1546 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1547 df.callback(0)
1548 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1549 host = '8.8.8.8'
1550 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1551 try:
1552 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1553 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1554 assert_equal(st, False)
1555 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1556 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1557 assert_equal(st, True)
1558 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1559 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1560 assert_equal(st,False)
1561 finally:
1562 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1563 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1564 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1565 df.callback(0)
1566 reactor.callLater(0, vcpe_firewall, df)
1567 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1568
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1569 @deferred(TIMEOUT)
1570 def test_vsg_firewall_rule_deny_icmp_protocol_and_destination_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1571 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1572 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1573 1. Get vSG corresponding to vcpe
1574 2. Login to compute node
1575 3. Execute iptable command on vcpe from compute node to deny a destination IP
1576 4. From cord-tester ping to 8.8.8.8
1577 5. Verifying that ping should not be successful
1578 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1579 7. From cord-tester ping to 8.8.8.8
1580 8. Verifying the ping should success
1581 9. Delete the rule added in step 3
1582 10. From cord-tester ping to 8.8.8.8
1583 11. Verifying that ping should not be successful
1584 12. Delete the rule added in step 6
1585 13. From cord-tester ping to 8.8.8.8
1586 14. Verifying the ping should success
1587 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1588 if not vcpe_name:
1589 vcpe_name = self.vcpe_container
1590 if not vcpe_intf:
1591 vcpe_intf = self.vcpe_dhcp
1592 df = defer.Deferred()
1593 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1594 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1595 df.callback(0)
1596 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1597 host = '8.8.8.8'
1598 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1599 try:
1600 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1601 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1602 assert_equal(st, False)
1603 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1604 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1605 assert_equal(st, True)
1606 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1607 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1608 assert_equal(st, True)
1609 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1610 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1611 assert_equal(st, True)
1612 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1613 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1614 assert_equal(st,False)
1615 finally:
1616 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1617 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1618 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1619 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1620 df.callback(0)
1621 reactor.callLater(0, vcpe_firewall, df)
1622 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1623
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1624 @deferred(TIMEOUT) #Fail
1625 def test_vsg_firewall_flushing_all_configured_rules(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1626 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1627 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1628 1. Get vSG corresponding to vcpe
1629 2. Login to compute node
1630 3. Execute iptable command on vcpe from compute node to deny a destination IP
1631 4. From cord-tester ping to 8.8.8.8
1632 5. Verifying that ping should not be successful
1633 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1634 7. From cord-tester ping to 8.8.8.8
1635 8. Verifying the ping should success
1636 9. Flush all the iptable rules configuraed in vcpe
1637 10. Delete the rule added in step 6
1638 11. From cord-tester ping to 8.8.8.8
1639 12. Verifying the ping should success
1640 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1641 if not vcpe_name:
1642 vcpe_name = self.vcpe_container
1643 if not vcpe_intf:
1644 vcpe_intf = self.vcpe_dhcp
1645 df = defer.Deferred()
1646 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1647 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1648 df.callback(0)
1649 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1650 host = '8.8.8.8'
1651 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1652 try:
1653 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1654 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1655 assert_equal(st, False)
1656 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1657 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1658 assert_equal(st, True)
1659 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1660 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1661 assert_equal(st, True)
1662 st,output = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name))
1663 time.sleep(1)
1664 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1665 assert_equal(st, False)
1666 finally:
1667 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1668 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1669 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1670 df.callback(0)
1671 reactor.callLater(0, vcpe_firewall, df)
1672 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1673
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1674 @deferred(TIMEOUT)
1675 def test_vsg_firewall_deny_all_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1676 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1677 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1678 1. Get vSG corresponding to vcpe
1679 2. Login to compute node
1680 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic
1681 4. From cord-tester ping to 8.8.8.8
1682 5. Verifying that ping should not be successful
1683 6. Delete the iptable rule added
1684 7. From cord-tester ping to 8.8.8.8
1685 8. Verifying the ping should success
1686 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1687 if not vcpe_name:
1688 vcpe_name = self.vcpe_container
1689 if not vcpe_intf:
1690 vcpe_intf = self.vcpe_dhcp
1691 df = defer.Deferred()
1692 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1693 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1694 df.callback(0)
1695 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1696 host = '8.8.8.8'
1697 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1698 try:
1699 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1700 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1701 assert_equal(st, False)
1702 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1703 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1704 assert_equal(st, True)
1705 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1706 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1707 assert_equal(st, False)
1708 finally:
1709 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1710 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1711 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1712 df.callback(0)
1713 reactor.callLater(0, vcpe_firewall, df)
1714 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1715
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1716 @deferred(TIMEOUT)
1717 def test_vsg_firewall_replacing_deny_rule_to_accept_rule_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1718 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1719 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1720 1. Get vSG corresponding to vcpe
1721 2. Login to compute node
1722 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic
1723 4. From cord-tester ping to 8.8.8.8
1724 5. Verifying that ping should not be successful
1725 6. Replace the deny rule added in step 3 with accept rule
1726 7. From cord-tester ping to 8.8.8.8
1727 8. Verifying the ping should success
1728 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1729 if not vcpe_name:
1730 vcpe_name = self.vcpe_container
1731 if not vcpe_intf:
1732 vcpe_intf = self.vcpe_dhcp
1733 df = defer.Deferred()
1734 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1735 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1736 df.callback(0)
1737 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1738 host = '8.8.8.8'
1739 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1740 try:
1741 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1742 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1743 assert_equal(st, False)
1744 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1745 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1746 assert_equal(st, True)
1747 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -4 -j ACCEPT'.format(vcpe_name))
1748 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1749 assert_equal(st, False)
1750 finally:
1751 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1752 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1753 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1754 df.callback(0)
1755 reactor.callLater(0, vcpe_firewall, df)
1756 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1757
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1758 @deferred(TIMEOUT)
1759 def test_vsg_firewall_deny_all_traffic_coming_on_lan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
1760 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1761 Test Method:
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1762 1. Get vSG corresponding to vcpe
1763 2. Login to compute node
1764 3. Execute iptable command on vcpe from compute node to deny all the traffic coming on lan interface inside vcpe container
1765 4. From cord-tester ping to 8.8.8.8
1766 5. Verifying the ping should not success
1767 6. Delete the iptable rule added
1768 7. From cord-tester ping to 8.8.8.8
1769 8. Verifying the ping should success
1770 """
1771 if not vcpe_name:
1772 vcpe_name = self.vcpe_container
1773 if not vcpe_intf:
1774 vcpe_intf = self.vcpe_dhcp
1775 df = defer.Deferred()
1776 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1777 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1778 df.callback(0)
1779 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1780 host = '8.8.8.8'
1781 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1782 try:
1783 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1784 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1785 assert_equal(st, False)
1786 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -j DROP'.format(vcpe_name))
1787 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1788 assert_equal(st, True)
1789 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name))
1790 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1791 assert_equal(st, False)
1792 finally:
1793 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name))
1794 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1795 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1796 df.callback(0)
1797 reactor.callLater(0, vcpe_firewall, df)
1798 return df
1799
1800 @deferred(TIMEOUT)
1801 def test_vsg_firewall_deny_all_traffic_going_out_of_wan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
1802 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1803 Test Method:
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1804 1. Get vSG corresponding to vcpe
1805 2. Login to compute node
1806 3. Execute iptable command on vcpe from compute node to deny all the traffic going out of wan interface inside vcpe container
1807 4. From cord-tester ping to 8.8.8.8
1808 5. Verifying the ping should not success
1809 6. Delete the iptable rule added
1810 7. From cord-tester ping to 8.8.8.8
1811 8. Verifying the ping should success
1812 """
1813 if not vcpe_name:
1814 vcpe_name = self.vcpe_container
1815 if not vcpe_intf:
1816 vcpe_intf = self.vcpe_dhcp
1817 df = defer.Deferred()
1818 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1819 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1820 df.callback(0)
1821 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1822 host = '8.8.8.8'
1823 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1824 try:
1825 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1826 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1827 assert_equal(st, False)
1828 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -o eth0 -j DROP'.format(vcpe_name))
1829 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1830 assert_equal(st, True)
1831 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name))
1832 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1833 assert_equal(st, False)
1834 finally:
1835 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name))
1836 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1837 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1838 df.callback(0)
1839 reactor.callLater(0, vcpe_firewall, df)
1840 return df
1841
1842 @deferred(TIMEOUT)
1843 def test_vsg_firewall_deny_all_traffic_from_lan_to_wan_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1844 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1845 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1846 1. Get vSG corresponding to vcpe
1847 2. Login to compute node
1848 3. Execute iptable command on vcpe from compute node to deny all the traffic from lan to wan interface in vcpe
1849 4. From cord-tester ping to 8.8.8.8
1850 5. Verifying that ping should not be successful
1851 6. Delete the iptable rule added
1852 7. From cord-tester ping to 8.8.8.8
1853 8. Verifying the ping should success
1854 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1855 if not vcpe_name:
1856 vcpe_name = self.vcpe_container
1857 if not vcpe_intf:
1858 vcpe_intf = self.vcpe_dhcp
1859 df = defer.Deferred()
1860 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1861 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1862 df.callback(0)
1863 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1864 host = '8.8.8.8'
1865 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1866 try:
1867 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1868 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1869 assert_equal(st, False)
1870 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1871 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1872 assert_equal(st, True)
1873 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1874 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1875 assert_equal(st, False)
1876 finally:
1877 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1878 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1879 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1880 df.callback(0)
1881 reactor.callLater(0, vcpe_firewall, df)
1882 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1883
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1884 #this test case needs modification.default route should be vcpe interface to run this test case
1885 @deferred(TIMEOUT)
1886 def test_vsg_firewall_deny_all_dns_traffic(self,vcpe_name=None,vcpe_intf=None):
1887 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1888 Test Method:
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1889 1. Get vSG corresponding to vcpe
1890 2. Login to compute node
1891 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1892 4. From cord-tester ping to www.google.com
1893 5. Verifying the ping should not success
1894 6. Delete the iptable rule added
1895 7. From cord-tester ping to www.google.com
1896 8. Verifying the ping should success
1897 """
1898 if not vcpe_name:
1899 vcpe_name = self.vcpe_container
1900 if not vcpe_intf:
1901 vcpe_intf = self.vcpe_dhcp
1902 df = defer.Deferred()
1903 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1904 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1905 df.callback(0)
1906 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1907 host = 'www.msn.com'
1908 host_ip = '131.253.33.203'
1909 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1910 try:
1911 self.add_static_route_via_vcpe_interface([host_ip],vcpe=self.vcpe_dhcp)
1912 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1913 assert_equal(st, False)
1914 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name))
1915 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1916 assert_equal(st, True)
1917 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p udp --dport 53 -j ACCEPT'.format(vcpe_name))
1918 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1919 assert_equal(st, False)
1920 finally:
1921 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name))
1922 self.del_static_route_via_vcpe_interface([host_ip],vcpe=vcpe_intf)
1923 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1924 df.callback(0)
1925 reactor.callLater(0, vcpe_firewall, df)
1926 return df
1927
1928 @deferred(TIMEOUT)
1929 def test_vsg_firewall_deny_all_ipv4_traffic_vcpe_container_restart(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1930 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1931 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1932 1. Get vSG corresponding to vcpe
1933 2. Login to compute node
1934 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1935 4. From cord-tester ping to www.google.com
1936 5. Verifying that ping should not be successful
1937 6. Delete the iptable rule added
1938 7. From cord-tester ping to www.google.com
1939 8. Verifying the ping should success
1940 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1941 if not vcpe_name:
1942 vcpe_name = self.vcpe_container
1943 if not vcpe_intf:
1944 vcpe_intf = self.vcpe_dhcp
1945 df = defer.Deferred()
1946 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1947 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1948 df.callback(0)
1949 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1950 host = '8.8.8.8'
1951 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1952 try:
1953 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1954 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1955 assert_equal(st, False)
1956 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1957 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1958 assert_equal(st, True)
1959 st,output = vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1960 time.sleep(3)
1961 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1962 assert_equal(st, False)
1963 finally:
1964 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1965 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1966 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1967 df.callback(0)
1968 reactor.callLater(0, vcpe_firewall, df)
1969 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1970
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1971 @deferred(TIMEOUT)
1972 def test_vsg_dnat_modifying_destination_ip(self,vcpe_name=None,vcpe_intf=None):
1973 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1974 Test Method:
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1975 1. Get vSG corresponding to vcpe
1976 2. Login to compute node
1977 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1978 4. From cord-tester ping to www.google.com
1979 5. Verifying the ping should not success
1980 6. Delete the iptable rule added
1981 7. From cord-tester ping to www.google.com
1982 8. Verifying the ping should success
1983 """
1984 if not vcpe_name:
1985 vcpe_name = self.vcpe_container
1986 if not vcpe_intf:
1987 vcpe_intf = self.vcpe_dhcp
1988 df = defer.Deferred()
1989 def vcpe_firewall(df):
1990 host = '8.8.8.8'
1991 dst_ip = '123.123.123.123'
1992 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1993 try:
1994 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1995 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1996 assert_equal(st, False)
1997 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1998 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1999 assert_equal(st, True)
2000 finally:
2001 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
2002 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
2003 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
2004 df.callback(0)
2005 reactor.callLater(0,vcpe_firewall,df)
2006 return df
2007
2008 @deferred(TIMEOUT)
2009 def test_vsg_dnat_modifying_destination_ip_and_delete(self,vcpe_name=None,vcpe_intf=None):
2010 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2011 Test Method:
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]2012 1. Get vSG corresponding to vcpe
2013 2. Login to compute node
2014 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
2015 4. From cord-tester ping to www.google.com
2016 5. Verifying the ping should not success
2017 6. Delete the iptable rule added
2018 7. From cord-tester ping to www.google.com
2019 8. Verifying the ping should success
2020 """
2021 if not vcpe_name:
2022 vcpe_name = self.vcpe_container
2023 if not vcpe_intf:
2024 vcpe_intf = self.vcpe_dhcp
2025 df = defer.Deferred()
2026 def vcpe_firewall(df):
2027 host = '8.8.8.8'
2028 dst_ip = '123.123.123.123'
2029 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
2030 try:
2031 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
2032 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2033 assert_equal(st, False)
2034 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
2035 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2036 assert_equal(st, True)
2037 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
2038 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2039 assert_equal(st, False)
2040 finally:
2041 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
2042 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
2043 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
2044 df.callback(0)
2045 reactor.callLater(0,vcpe_firewall,df)
2046 return df
2047
2048 @deferred(TIMEOUT)
2049 def test_vsg_dnat_change_modifying_destination_ip_address(self,vcpe_name=None,vcpe_intf=None):
2050 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2051 Test Method:
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]2052 1. Get vSG corresponding to vcpe
2053 2. Login to compute node
2054 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
2055 4. From cord-tester ping to www.google.com
2056 5. Verifying the ping should not success
2057 6. Delete the iptable rule added
2058 7. From cord-tester ping to www.google.com
2059 8. Verifying the ping should success
2060 """
2061 if not vcpe_name:
2062 vcpe_name = self.vcpe_container
2063 if not vcpe_intf:
2064 vcpe_intf = self.vcpe_dhcp
2065 df = defer.Deferred()
2066 def vcpe_firewall(df):
2067 host = '8.8.8.8'
2068 dst_ip = '123.123.123.123'
2069 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
2070 try:
2071 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
2072 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2073 assert_equal(st, False)
2074 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
2075 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2076 assert_equal(st, True)
2077 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -R PREROUTING 1 -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,host))
2078 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2079 assert_equal(st, False)
2080 finally:
2081 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
2082 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,host))
2083 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
2084 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
2085 df.callback(0)
2086 reactor.callLater(0,vcpe_firewall,df)
2087 return df
2088
A.R Karthicka3fa2f92017-05-18 18:51:36 -0700[diff] [blame]2089 def vsg_xos_subscriber_create(self, index, subscriber_info = None, volt_subscriber_info = None):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]2090 if self.on_pod is False:
A.R Karthicka3fa2f92017-05-18 18:51:36 -0700[diff] [blame]2091 return ''
2092 if subscriber_info is None:
2093 subscriber_info = self.subscriber_info[index]
2094 if volt_subscriber_info is None:
2095 volt_subscriber_info = self.volt_subscriber_info[index]
A R Karthickd0b06792017-04-25 15:11:23 -0700[diff] [blame]2096 s_tag = int(volt_subscriber_info['voltTenant']['s_tag'])
2097 c_tag = int(volt_subscriber_info['voltTenant']['c_tag'])
2098 vcpe = 'vcpe-{}-{}'.format(s_tag, c_tag)
2099 log.info('Creating tenant with s_tag: %d, c_tag: %d' %(s_tag, c_tag))
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]2100 subId = ''
2101 try:
2102 result = self.restApiXos.ApiPost('TENANT_SUBSCRIBER', subscriber_info)
2103 assert_equal(result, True)
2104 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
2105 assert_not_equal(result, None)
2106 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
2107 assert_not_equal(subId, '0')
A.R Karthicka3fa2f92017-05-18 18:51:36 -0700[diff] [blame]2108 log.info('Subscriber ID for account num %s = %s' %(str(volt_subscriber_info['account_num']), subId))
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]2109 volt_tenant = volt_subscriber_info['voltTenant']
2110 #update the subscriber id in the tenant info before making the rest
2111 volt_tenant['subscriber'] = subId
2112 result = self.restApiXos.ApiPost('TENANT_VOLT', volt_tenant)
2113 assert_equal(result, True)
2114 #if the vsg instance was already instantiated, then reduce delay
2115 if c_tag % self.subscribers_per_s_tag == 0:
2116 delay = 350
2117 else:
2118 delay = 90
2119 log.info('Delaying %d seconds for the VCPE to be provisioned' %(delay))
2120 time.sleep(delay)
2121 log.info('Testing for external connectivity to VCPE %s' %(vcpe))
2122 self.vsg_for_external_connectivity(index)
2123 finally:
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2124 return subId
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]2125
A.R Karthicka3fa2f92017-05-18 18:51:36 -0700[diff] [blame]2126 def vsg_xos_subscriber_delete(self, index, subId = '', voltId = '', subscriber_info = None, volt_subscriber_info = None):
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]2127 if self.on_pod is False:
2128 return
A.R Karthicka3fa2f92017-05-18 18:51:36 -0700[diff] [blame]2129 if subscriber_info is None:
2130 subscriber_info = self.subscriber_info[index]
2131 if volt_subscriber_info is None:
2132 volt_subscriber_info = self.volt_subscriber_info[index]
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]2133 s_tag = int(volt_subscriber_info['voltTenant']['s_tag'])
2134 c_tag = int(volt_subscriber_info['voltTenant']['c_tag'])
2135 vcpe = 'vcpe-{}-{}'.format(s_tag, c_tag)
2136 log.info('Deleting tenant with s_tag: %d, c_tag: %d' %(s_tag, c_tag))
2137 if not subId:
2138 #get the subscriber id first
2139 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
2140 assert_not_equal(result, None)
2141 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
2142 assert_not_equal(subId, '0')
A.R Karthicka3fa2f92017-05-18 18:51:36 -0700[diff] [blame]2143 if not voltId:
2144 #get the volt id for the subscriber
2145 result = self.restApiXos.ApiGet('TENANT_VOLT')
2146 assert_not_equal(result, None)
2147 voltId = self.getVoltId(result, subId)
2148 assert_not_equal(voltId, None)
2149 log.info('Deleting subscriber ID %s for account num %s' %(subId, str(volt_subscriber_info['account_num'])))
A R Karthicka385cea2017-04-26 10:12:43 -0700[diff] [blame]2150 status = self.restApiXos.ApiDelete('TENANT_SUBSCRIBER', subId)
2151 assert_equal(status, True)
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]2152 #Delete the tenant
2153 log.info('Deleting VOLT Tenant ID %s for subscriber %s' %(voltId, subId))
A R Karthick76944872017-04-26 10:21:37 -0700[diff] [blame]2154 self.restApiXos.ApiDelete('TENANT_VOLT', voltId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2155
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame]2156 def vsg_xos_subscriber_id(self, index):
2157 volt_subscriber_info = self.volt_subscriber_info[index]
2158 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
2159 assert_not_equal(result, None)
2160 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
2161 return subId
2162
A.R Karthicka3fa2f92017-05-18 18:51:36 -0700[diff] [blame]2163 def test_vsg_xos_subscriber_create_reserved(self):
A.R Karthicka2960912017-05-18 18:52:55 -0700[diff] [blame^]2164 if self.on_pod is False:
2165 return
A.R Karthicka3fa2f92017-05-18 18:51:36 -0700[diff] [blame]2166 tags_reserved = [ (int(vcpe['s_tag']), int(vcpe['c_tag'])) for vcpe in self.vcpes_reserved ]
2167 volt_tenants = self.restApiXos.ApiGet('TENANT_VOLT')
2168 subscribers = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
2169 reserved_tenants = filter(lambda tenant: (int(tenant['s_tag']), int(tenant['c_tag'])) in tags_reserved, volt_tenants)
2170 reserved_config = []
2171 for tenant in reserved_tenants:
2172 for subscriber in subscribers:
2173 if int(subscriber['id']) == int(tenant['subscriber']):
2174 volt_subscriber_info = {}
2175 volt_subscriber_info['voltTenant'] = dict(s_tag = tenant['s_tag'],
2176 c_tag = tenant['c_tag'],
2177 subscriber = tenant['subscriber'])
2178 volt_subscriber_info['volt_id'] = tenant['id']
2179 volt_subscriber_info['account_num'] = subscriber['identity']['account_num']
2180 reserved_config.append( (subscriber, volt_subscriber_info) )
2181 break
2182 else:
2183 log.info('Subscriber not found for tenant %s, s_tag: %s, c_tag: %s' %(str(tenant['subscriber']),
2184 str(tenant['s_tag']),
2185 str(tenant['c_tag'])))
2186
2187 for subscriber_info, volt_subscriber_info in reserved_config:
2188 self.vsg_xos_subscriber_delete(0,
2189 subId = str(subscriber_info['id']),
2190 voltId = str(volt_subscriber_info['volt_id']),
2191 subscriber_info = subscriber_info,
2192 volt_subscriber_info = volt_subscriber_info)
2193 subId = self.vsg_xos_subscriber_create(0,
2194 subscriber_info = subscriber_info,
2195 volt_subscriber_info = volt_subscriber_info)
2196 log.info('Created reserved subscriber %s' %(subId))
2197
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame]2198 def test_vsg_xos_subscriber_create_all(self):
2199 for index in xrange(len(self.subscriber_info)):
2200 #check if the index exists
2201 subId = self.vsg_xos_subscriber_id(index)
2202 if subId and subId != '0':
2203 self.vsg_xos_subscriber_delete(index, subId = subId)
2204 subId = self.vsg_xos_subscriber_create(index)
2205 log.info('Created Subscriber %s' %(subId))
2206
2207 def test_vsg_xos_subscriber_delete_all(self):
2208 for index in xrange(len(self.subscriber_info)):
2209 subId = self.vsg_xos_subscriber_id(index)
2210 if subId and subId != '0':
2211 self.vsg_xos_subscriber_delete(index, subId = subId)
2212
2213 def test_vsg_xos_subscriber_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2214 subId = self.vsg_xos_subscriber_create(0)
2215 if subId and subId != '0':
2216 self.vsg_xos_subscriber_delete(0, subId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2217
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame]2218 def test_vsg_xos_subscriber_2_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2219 subId = self.vsg_xos_subscriber_create(1)
2220 if subId and subId != '0':
2221 self.vsg_xos_subscriber_delete(1, subId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2222
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame]2223 def test_vsg_xos_subscriber_3_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2224 subId = self.vsg_xos_subscriber_create(2)
2225 if subId and subId != '0':
2226 self.vsg_xos_subscriber_delete(2, subId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2227
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame]2228 def test_vsg_xos_subscriber_4_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2229 subId = self.vsg_xos_subscriber_create(3)
2230 if subId and subId != '0':
2231 self.vsg_xos_subscriber_delete(3, subId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2232
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame]2233 def test_vsg_xos_subscriber_5_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2234 subId = self.vsg_xos_subscriber_create(4)
2235 if subId and subId != '0':
2236 self.vsg_xos_subscriber_delete(4, subId)
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]2237
Anil Kumar Sanka52a39f82017-05-10 17:39:31 +0000[diff] [blame]2238 def test_vsg_without_creating_vcpe_instance(self, index=0):
2239 vcpe = self.dhcp_vcpes[index]
2240 host = '8.8.8.8'
2241 st, _ = getstatusoutput('dhclient {}'.format(vcpe))
2242 assert_equal(st,True)
2243 subId = self.vsg_xos_subscriber_create(index)
2244 if subId and subId != '0':
2245 self.vsg_xos_subscriber_delete(index, subId)
2246
2247 def test_vsg_for_remove_vcpe_instance(self,index=0):
2248 subId = self.vsg_xos_subscriber_create(index)
2249 if subId and subId != '0':
2250 self.vsg_xos_subscriber_delete(index, subId)
2251 vcpe = self.dhcp_vcpes[index]
2252 host = '8.8.8.8'
2253 st, _ = getstatusoutput('dhclient {}'.format(vcpe))
2254 assert_equal(st,True)
2255
2256 def test_vsg_create_xos_subscribers_in_different_vsg_vm(self):
2257 subId1 = self.vsg_xos_subscriber_create(4)
2258 subId2 = self.vsg_xos_subscriber_create(6)
2259 if subId1 and subId1 != '0':
2260 self.vsg_xos_subscriber_delete(4, subId1)
2261 if subId2 and subId2 != '0':
2262 self.vsg_xos_subscriber_delete(6, subId2)
2263
Anil Kumar Sanka5bb352a2017-05-16 22:24:01 +0000[diff] [blame]2264 def test_vsg_xos_subscriber_external_connectivity_if_one_vcpe_goes_down(self):
2265 """
2266 Test Method:
2267 1.Create two vcpe instances in two different vsg vms using XOS
2268 2.Verify external connectivity through vcpe instances from cord-tester
2269 3.Kill first vcpe instance
2270 4.Verify external network cant be reachable form first vcpe interface
2271 """
2272 host = '8.8.8.8'
2273 subId1 = self.vsg_xos_subscriber_create(0)
2274 subId2 = self.vsg_xos_subscriber_create(1)
2275 vcpe_intf1 = self.dhcp_vcpes[0]
2276 vcpe_intf2 = self.dhcp_vcpes[1]
2277 vcpe_name1 = 'vcpe-{}-{}'.format(vcpe_intf1.split('.')[1],intf.split1('.')[2])
2278 vcpe_name1 = 'vcpe-{}-{}'.format(vcpe_intf2.split('.')[1],intf.split2('.')[2])
2279 vsg1 = VSGAccess.get_vcpe_vsg(vcpe_name1)
2280 vsg2 = VSGAccess.get_vcpe_vsg(vcpe_name2)
2281 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf2)
2282 st,output = vsg2.run_cmd('sudo docker kill {}'.format(vcpe_name2))
2283 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2284 assert_equal(st, True)
2285 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf2)
2286 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf1)
2287 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2288 assert_equal(st, False)
2289 if subId1 and subId1 != '0':
2290 self.vsg_xos_subscriber_delete(0, subId1)
2291 if subId2 and subId2 != '0':
2292 self.vsg_xos_subscriber_delete(1, subId2)
2293
2294 def test_vsg_xos_subscriber_external_connectivity_if_one_vcpe_is_removed_and_added_again(self):
2295 """
2296 Test Method:
2297 1.Create two vcpe instances in two different vsg vms using XOS
2298 2.Verify external connectivity through vcpe instances from cord-tester
2299 3.Remove first vcpe instance
2300 4.Verify external network cant be reachable form first vcpe interface
2301 5.Add back the removed vcpe instance
2302 6.Verify external connectivity through vcpe instances from cord-tester
2303 """
2304 host = '8.8.8.8'
2305 subId1 = self.vsg_xos_subscriber_create(0)
2306 subId2 = self.vsg_xos_subscriber_create(1)
2307 vcpe_intf1 = self.dhcp_vcpes[0]
2308 vcpe_intf2 = self.dhcp_vcpes[1]
2309 vcpe_name1 = 'vcpe-{}-{}'.format(vcpe_intf1.split('.')[1],intf.split1('.')[2])
2310 vcpe_name1 = 'vcpe-{}-{}'.format(vcpe_intf2.split('.')[1],intf.split2('.')[2])
2311 vsg1 = VSGAccess.get_vcpe_vsg(vcpe_name1)
2312 vsg2 = VSGAccess.get_vcpe_vsg(vcpe_name2)
2313 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf2)
2314 st,output = vsg2.run_cmd('sudo docker kill {}'.format(vcpe_name2))
2315 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2316 assert_equal(st, True)
2317 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf2)
2318 subId2 = self.vsg_xos_subscriber_create(1)
2319 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf2)
2320 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2321 assert_equal(st, False)
2322 if subId1 and subId1 != '0':
2323 self.vsg_xos_subscriber_delete(0, subId1)
2324 if subId2 and subId2 != '0':
2325 self.vsg_xos_subscriber_delete(1, subId2)
2326
2327
2328 def test_vsg_xos_subscriber_external_connectivity_if_one_vcpe_restarts(self):
2329 """
2330 Test Method:
2331 1.Create two vcpe instances in two different vsg vms using XOS
2332 2.Verify external connectivity through vcpe instances from cord-tester
2333 3.Restart first vcpe instance
2334 4.Verify external network cant be reachable form first vcpe interface
2335 """
2336 host = '8.8.8.8'
2337 subId1 = self.vsg_xos_subscriber_create(0)
2338 subId2 = self.vsg_xos_subscriber_create(1)
2339 vcpe_intf1 = self.dhcp_vcpes[0]
2340 vcpe_intf2 = self.dhcp_vcpes[1]
2341 vcpe_name1 = 'vcpe-{}-{}'.format(vcpe_intf1.split('.')[1],intf.split1('.')[2])
2342 vcpe_name1 = 'vcpe-{}-{}'.format(vcpe_intf2.split('.')[1],intf.split2('.')[2])
2343 vsg1 = VSGAccess.get_vcpe_vsg(vcpe_name1)
2344 vsg2 = VSGAccess.get_vcpe_vsg(vcpe_name2)
2345 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf2)
2346 st,output = vsg2.run_cmd('sudo docker restart {}'.format(vcpe_name1))
2347 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2348 assert_equal(st, True)
2349 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf1)
2350 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf1)
2351 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2352 assert_equal(st, False)
2353 if subId1 and subId1 != '0':
2354 self.vsg_xos_subscriber_delete(0, subId1)
2355 if subId2 and subId2 != '0':
2356 self.vsg_xos_subscriber_delete(1, subId2)
2357
2358 def test_vsg_xos_subscriber_external_connectivity_if_one_vcpe_pause(self):
2359 """
2360 Test Method:
2361 1.Create two vcpe instances in two different vsg vms using XOS
2362 2.Verify external connectivity through vcpe instances from cord-tester
2363 3.Pause running first vcpe instance
2364 4.Verify external network cant be reachable form first vcpe interface
2365 """
2366 host = '8.8.8.8'
2367 subId1 = self.vsg_xos_subscriber_create(0)
2368 subId2 = self.vsg_xos_subscriber_create(1)
2369 vcpe_intf1 = self.dhcp_vcpes[0]
2370 vcpe_intf2 = self.dhcp_vcpes[1]
2371 vcpe_name1 = 'vcpe-{}-{}'.format(vcpe_intf1.split('.')[1],intf.split1('.')[2])
2372 vcpe_name1 = 'vcpe-{}-{}'.format(vcpe_intf2.split('.')[1],intf.split2('.')[2])
2373 vsg1 = VSGAccess.get_vcpe_vsg(vcpe_name1)
2374 vsg2 = VSGAccess.get_vcpe_vsg(vcpe_name2)
2375 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf2)
2376 st,output = vsg2.run_cmd('sudo docker pause {}'.format(vcpe_name1))
2377 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2378 assert_equal(st, True)
2379 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf1)
2380 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf1)
2381 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2382 assert_equal(st, False)
2383 if subId1 and subId1 != '0':
2384 self.vsg_xos_subscriber_delete(0, subId1)
2385 if subId2 and subId2 != '0':
2386 self.vsg_xos_subscriber_delete(1, subId2)
2387
2388 def test_vsg_xos_subscriber_external_connectivity_if_one_vcpe_restarts_and_stops(self):
2389 """
2390 Test Method:
2391 1.Create two vcpe instances in two different vsg vms using XOS
2392 2.Verify external connectivity through vcpe instances from cord-tester
2393 3.Stop running first vcpe instance
2394 4.Verify external network cant be reachable form first vcpe interface
2395 """
2396 host = '8.8.8.8'
2397 subId1 = self.vsg_xos_subscriber_create(0)
2398 subId2 = self.vsg_xos_subscriber_create(1)
2399 vcpe_intf1 = self.dhcp_vcpes[0]
2400 vcpe_intf2 = self.dhcp_vcpes[1]
2401 vcpe_name1 = 'vcpe-{}-{}'.format(vcpe_intf1.split('.')[1],intf.split1('.')[2])
2402 vcpe_name1 = 'vcpe-{}-{}'.format(vcpe_intf2.split('.')[1],intf.split2('.')[2])
2403 vsg1 = VSGAccess.get_vcpe_vsg(vcpe_name1)
2404 vsg2 = VSGAccess.get_vcpe_vsg(vcpe_name2)
2405 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf2)
2406 st,output = vsg2.run_cmd('sudo docker stop {}'.format(vcpe_name1))
2407 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2408 assert_equal(st, True)
2409 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf1)
2410 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf1)
2411 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2412 assert_equal(st, False)
2413 if subId1 and subId1 != '0':
2414 self.vsg_xos_subscriber_delete(0, subId1)
2415 if subId2 and subId2 != '0':
2416 self.vsg_xos_subscriber_delete(1, subId2)
2417
2418 def test_vsg_xos_subscriber_external_connectivity_if_one_vsg_goes_down(self):
2419 """
2420 Test Method:
2421 1.Create two vcpe instances in two different vsg vms using XOS
2422 2.Verify external connectivity through vcpe instances from cord-tester
2423 3.Bring down first vSG vm
2424 4.Verify external network cant be reachable form first vcpe interface
2425 """
2426 subId1 = self.vsg_xos_subscriber_create(4)
2427 subId2 = self.vsg_xos_subscriber_create(6)
2428 if subId1 and subId1 != '0':
2429 self.vsg_xos_subscriber_delete(4, subId1)
2430 if subId2 and subId2 != '0':
2431 self.vsg_xos_subscriber_delete(6, subId2)
2432
2433 def test_vsg_xos_subscriber_external_connectivity_if_two_vsgs_goes_down(self):
2434 """
2435 Test Method:
2436 1.Create two vcpe instances in two different vsg vms using XOS
2437 2.Verify external connectivity through vcpe instances from cord-tester
2438 3.Bring down first vSG vm
2439 4.Verify external network cant be reachable form first vcpe interface
2440 5.Bring down second vSG vm also
2441 6.Verify external network cant be reachable form first vcpe interface also
2442 """
Anil Kumar Sanka52a39f82017-05-10 17:39:31 +0000[diff] [blame]2443 subId1 = self.vsg_xos_subscriber_create(4)
2444 subId2 = self.vsg_xos_subscriber_create(6)
2445 if subId1 and subId1 != '0':
2446 self.vsg_xos_subscriber_delete(4, subId1)
2447 if subId2 and subId2 != '0':
2448 self.vsg_xos_subscriber_delete(6, subId2)
2449
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2450 def test_vsg_with_xos_subscriber_creating_firewall(self,index=4):
2451 log.info('cls.dhcp_vcpes is %s'%self.dhcp_vcpes)
Chetan Gaonker4cff4432017-05-01 17:56:56 +0000[diff] [blame]2452 host = '8.8.8.8'
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2453 self.vsg_xos_subscriber_delete(4, 3)
2454 subId = self.vsg_xos_subscriber_create(index)
2455 if subId and subId != '0':
2456 subscriber_info = self.subscriber_info[index]
2457 volt_subscriber_info = self.volt_subscriber_info[index]
2458 s_tag = int(volt_subscriber_info['voltTenant']['s_tag'])
2459 c_tag = int(volt_subscriber_info['voltTenant']['c_tag'])
2460 vcpe = 'vcpe-{}-{}'.format(s_tag, c_tag)
2461 vcpe_intf = self.dhcp_vcpes[index] #'vcpe{}.{}.{}'.format(s_tag, c_tag)
2462 vsg = VSGAccess.get_vcpe_vsg(vcpe)
2463 try:
2464 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
2465 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2466 assert_equal(st, False)
2467 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe,host))
2468 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2469 assert_equal(st, True)
2470 st,_ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe,host))
2471 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2472 assert_equal(st, False)
2473 finally:
2474 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe,host))
2475 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
2476 vsg.run_cmd('sudo docker restart {}'.format(vcpe))
2477 self.vsg_xos_subscriber_delete(4, subId)
2478 self.vsg_xos_subscriber_delete(4, subId)
Chetan Gaonker4cff4432017-05-01 17:56:56 +0000[diff] [blame]2479
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2480
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2481 def test_vsg_for_packet_received_with_invalid_ip_fields(self):
2482 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2483 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2484 1.Create a vSG VM in compute node
2485 2.Create a vCPE container in vSG VM
2486 3.Ensure vSG VM and vCPE container created properly
2487 4.From subscriber, send a ping packet with invalid ip fields
2488 5.Verify that vSG drops the packet
2489 6.Verify ping fails
2490 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2491
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2492 def test_vsg_for_packet_received_with_invalid_mac_fields(self):
2493 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2494 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2495 1.Create a vSG VM in compute node
2496 2.Create a vCPE container in vSG VM
2497 3.Ensure vSG VM and vCPE container created properly
2498 4.From subscriber, send a ping packet with invalid mac fields
2499 5.Verify that vSG drops the packet
2500 6.Verify ping fails
2501 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2502
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2503 def test_vsg_for_vlan_id_mismatch_in_stag(self):
2504 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2505 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2506 1.Create a vSG VM in compute Node
2507 2.Create a vCPE container in vSG VM
2508 3.Ensure vSG VM and vCPE container created properly
2509 4.Send a ping request to external valid IP from subscriber, with incorrect vlan id in s-tag and valid c-tag
2510 5.Verify that ping fails as the packet drops at VM entry
2511 6.Repeat step 4 with correct s-tag
2512 7.Verify that ping success
2513 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2514
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2515 def test_vsg_for_vlan_id_mismatch_in_ctag(self):
2516 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2517 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2518 1.Create a vSG VM in compute node
2519 2.Create a vCPE container in vSG VM
2520 3.Ensure vSG VM and vCPE container created properly
2521 4.Send a ping request to external valid IP from subscriber, with valid s-tag and incorrect vlan id in c-tag
2522 5.Verify that ping fails as the packet drops at vCPE container entry
2523 6.Repeat step 4 with valid s-tag and c-tag
2524 7.Verify that ping success
2525 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2526
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2527 def test_vsg_for_matching_and_mismatching_vlan_id_in_stag(self):
2528 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2529 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2530 1.Create two vSG VMs in compute node
2531 2.Create a vCPE container in each vSG VM
2532 3.Ensure vSG VM and vCPE container created properly
2533 4.From subscriber one, send ping request with valid s and c tags
2534 5.From subscriber two, send ping request with vlan id mismatch in s-tag and valid c tags
2535 6.Verify that ping success for only subscriber one and fails for two.
2536 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2537
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2538 def test_vsg_for_matching_and_mismatching_vlan_id_in_ctag(self):
2539 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2540 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2541 1.Create a vSG VM in compute node
2542 2.Create two vCPE containers in vSG VM
2543 3.Ensure vSG VM and vCPE container created properly
2544 4.From subscriber one, send ping request with valid s and c tags
2545 5.From subscriber two, send ping request with valid s-tag and vlan id mismatch in c-tag
2546 6.Verify that ping success for only subscriber one and fails for two
2547 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2548
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2549 def test_vsg_for_out_of_range_vlanid_in_ctag(self):
2550 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2551 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2552 1.Create a vSG VM in compute node
2553 2.Create a vCPE container in vSG VM
2554 3.Ensure vSG VM and vCPE container created properly
2555 4.From subscriber, send ping request with valid stag and vlan id in c-tag is an out of range value ( like 0,4097 )
2556 4.Verify that ping fails as the ping packets drops at vCPE container entry
2557 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2558
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2559 def test_vsg_for_out_of_range_vlanid_in_stag(self):
2560 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2561 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2562 1.Create a vSG VM in compute node
2563 2.Create a vCPE container in vSG VM
2564 3.Ensure vSG VM and vCPE container created properly
2565 2.From subscriber, send ping request with vlan id in s-tag is an out of range value ( like 0,4097 ), with valid c-tag
2566 4.Verify that ping fails as the ping packets drops at vSG VM entry
2567 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2568
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2569 def test_vsg_for_extracting_all_compute_stats_from_all_vcpe_containers(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2570 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2571 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2572 1.Create a vSG VM in compute node
2573 2.Create 10 vCPE containers in VM
2574 3.Ensure vSG VM and vCPE containers created properly
2575 4.Login to all vCPE containers
2576 4.Get all compute stats from all vCPE containers
2577 5.Verify the stats # verification method need to add
2578 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2579
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2580 def test_vsg_for_extracting_dns_stats_from_all_vcpe_containers(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2581 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2582 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2583 1.Create a vSG VM in compute node
2584 2.Create 10 vCPE containers in VM
2585 3.Ensure vSG VM and vCPE containers created properly
2586 4.From 10 subscribers, send ping to valid and invalid dns hosts
2587 5.Verify dns resolves and ping success for valid dns hosts
2588 6.Verify ping fails for invalid dns hosts
2589 7.Verify dns host name resolve flows in OvS
2590 8.Login to all 10 vCPE containers
2591 9.Extract all dns stats
2592 10.Verify dns stats for queries sent, queries received for dns host resolve success and failed scenarios
2593 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2594
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2595 def test_subscriber_access_if_vsg1_goes_down(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2596 """
2597 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2598 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2599 1.Create two vSG VMs for two services in compute node
2600 2.Create one vCPE container in each VM for one subscriber
2601 3.Ensure VMs and containers created properly
2602 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2603 5.Verify ping gets success
2604 6.Verify ping success flows in OvS
2605 7.Down the vSG-1 VM
2606 8.Now repeat step 4
2607 9.Verify that ping fails as vSG-1 is down
2608 10.Repeat step 4 with stag corresponding to vSG-2
2609 9.Verify ping success and flows added in OvS
2610 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2611
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2612 def test_subscriber_access_if_vsg2_goes_down(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2613 """
2614 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2615 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2616 1.Create two vSG VMs for two services in compute node
2617 2.Create one vCPE container in each VM for one subscriber
2618 3.Ensure VMs and containers created properly
2619 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2620 5.Verify ping gets success
2621 6.Verify ping success flows added in OvS
2622 7.Now restart vSG-1 VM
2623 8.Now repeat step 4 while vSG-1 VM restarts
2624 9.Verify that ping fails as vSG-1 is restarting
2625 10.Repeat step 4 with stag corresponding to vSG-2 while vSG-1 VM restarts
2626 11.Verify ping success and flows added in OvS
2627 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2628
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2629 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_going_down(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2630 """
2631 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2632 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2633 1.Create a vSG VM in compute node
2634 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2635 3.Ensure VM and containers created properly
2636 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2637 5.Verify ping gets success
2638 6.Verify ping success flows added in OvS
2639 7.Now stop vCPE-1 container
2640 8.Now repeat step 4
2641 9.Verify that ping fails as vCPE-1 container is down
2642 10.Repeat step 4 with ctag corresponding to vCPE-2 container
2643 11.Verify ping success and flows added in OvS
2644 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2645
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2646 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_restart(self):
2647 """
2648 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2649 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2650 1.Create a vSG VM in compute node
2651 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2652 3.Ensure VM and containers created properly
2653 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2654 5.Verify ping gets success
2655 6.Verify ping success flows added in OvS
2656 7.Now restart vCPE-1 container
2657 8.Now repeat step 4 while vCPE-1 restarts
2658 9.Verify that ping fails as vCPE-1 container is restarts
2659 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 restarts
2660 11..Verify ping success and flows added in OvS
2661 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2662
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2663 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_paused(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2664 """
2665 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 paused
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2666 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2667 1.Create a vSG VM in compute node
2668 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2669 3.Ensure VM and containers created properly
2670 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2671 5.Verify ping gets success
2672 6.Verify ping success flows added in OvS
2673 7.Now pause vCPE-1 container
2674 8.Now repeat step 4 while vCPE-1 in pause state
2675 9.Verify that ping fails as vCPE-1 container in pause state
2676 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 in pause state
2677 11.Verify ping success and flows added in OvS
2678 """
2679 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_removed(self):
2680 """
2681 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 removed
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2682 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2683 1.Create a vSG VM in compute node
2684 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2685 3.Ensure VM and containers created properly
2686 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2687 5.Verify ping gets success
2688 6.Verify ping success flows added in OvS
2689 7.Now remove vCPE-1 container
2690 8.Now repeat step 4
2691 9.Verify that ping fails as vCPE-1 container removed
2692 10.Repeat step 4 with ctag corresponding to vCPE-2 container
2693 11.Verify ping success and flows added in OvS
2694 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2695
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2696 def test_vsg_for_vcpe_instance_removed_and_added_again(self):
2697 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2698 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2699 1.Create a vSG VM in compute node
2700 2.Create a vCPE container in vSG VM
2701 3.Ensure VM and containers created properly
2702 4.From subscriber end, send ping to public IP
2703 5.Verify ping gets success
2704 6.Verify ping success flows added in OvS
2705 7.Now remove vCPE container in vSG VM
2706 8.Now repeat step 4
2707 9.Verify that ping fails as vCPE container removed
2708 10.Create the vCPE container again for the same subscriber
2709 11.Ensure that vCPE created now
2710 12.Now repeat step 4
2711 13.Verify ping success and flows added in OvS
2712 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2713
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2714 def test_vsg_for_vsg_vm_removed_and_added_again(self):
2715 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2716 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2717 1.Create a vSG VM in compute node
2718 2.Create a vCPE container in vSG VM
2719 3.Ensure VM and containers created properly
2720 4.From subscriber end, send ping to public IP
2721 5.Verify ping gets success
2722 6.Verify ping success flows added in OvS
2723 7.Now remove vSG VM
2724 8.Now repeat step 4
2725 9.Verify that ping fails as vSG VM not exists
2726 10.Create the vSG VM and vCPE container in VM again
2727 11.Ensure that vSG and vCPE created
2728 12.Now repeat step 4
2729 13.Verify ping success and flows added in OvS
2730 """
2731
2732 #Test vSG - Subscriber Configuration
2733 def test_vsg_for_configuring_new_subscriber_in_vcpe(self):
2734 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2735 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2736 1.Create a vSG VM in compute node
2737 2.Create a vCPE container in vSG VM
2738 3.Ensure VM and containers created properly
2739 4.Configure a subscriber in XOS and assign a service id
2740 5.Set the admin privileges to the subscriber
2741 6.Verify subscriber configuration is success
2742 """
2743 def test_vsg_for_adding_subscriber_devices_in_vcpe(self):
2744 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2745 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2746 1.Create a vSG VM in compute node
2747 2.Create a vCPE container in vSG VM
2748 3.Ensure VM and containers created properly
2749 4.Configure a subscriber in XOS and assign a service id
2750 5.Verify subscriber successfully configured in vCPE
2751 6.Now add devices( Mac addresses ) under the subscriber admin group
2752 7.Verify all devices ( Macs ) added successfully
2753 """
2754 def test_vsg_for_removing_subscriber_devices_in_vcpe(self):
2755 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2756 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2757 1.Create a vSG VM in compute node
2758 2.Create a vCPE container in vSG VM
2759 3.Ensure VM and containers created properly
2760 4.Configure a subscriber in XOS and assign a service id
2761 5.Verify subscriber successfully configured
2762 6.Now add devices( Mac addresses ) under the subscriber admin group
2763 7.Verify all devices ( Macs ) added successfully
2764 8.Now remove All the added devices in XOS
2765 9.Verify all the devices removed
2766 """
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2767 def test_vsg_modifying_subscriber_devices_in_vcpe(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2768 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2769 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2770 1.Create a vSG VM in compute node
2771 2.Create a vCPE container in vSG VM
2772 3.Ensure VM and containers created properly
2773 4.Configure a user in XOS and assign a service id
2774 5.Verify subscriber successfully configured in vCPE.
2775 6.Now add devices( Mac addresses ) under the subscriber admin group
2776 7.Verify all devices ( Macs ) added successfully
2777 8.Now remove few devices in XOS
2778 9.Verify devices removed successfully
2779 10.Now add few additional devices in XOS under the same subscriber admin group
2780 11.Verify newly added devices successfully added
2781 """
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2782 def test_vsg_for_vcpe_login_failing_with_incorrect_subscriber_credentials(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2783 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2784 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2785 1.Create a vSG VM in compute node
2786 2.Create a vCPE container in vSG VM
2787 3.Ensure VM and containers created properly
2788 4.Configure a subscriber in XOS and assign a service id
2789 5.Verify subscriber successfully configured
2790 6.Now add devices( Mac addresses ) under the subscriber admin group
2791 7.Verify all devices ( Macs ) added successfully
2792 8.Login vCPE with credentials with which subscriber configured
2793 9.Verify subscriber successfully logged in
2794 10.Logout and login again with incorrect credentials ( either user name or password )
2795 11.Verify login attempt to vCPE fails wtih incorrect credentials
2796 """
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2797 def test_vsg_for_subscriber_configuration_in_vcpe_after_vcpe_restart(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2798 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2799 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2800 1.Create a vSG VM in compute node
2801 2.Create a vCPE container in vSG VM
2802 3.Ensure VM and containers created properly
2803 4.Configure a subscriber in XOS and assign a service id
2804 5.Verify subscriber successfully configured
2805 6.Now add devices( Mac addresses ) under the subscriber admin group
2806 7.Verify all devices ( Macs ) added successfully
2807 8.Restart vCPE ( locate backup config path while restart )
2808 9.Verify subscriber details in vCPE after restart should be same as before the restart
2809 """
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2810 def test_vsg_creating_multiple_vcpe_instances_and_configuring_subscriber_in_each_instance(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2811 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2812 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2813 1.Create a vSG VM in compute node
2814 2.Create 2 vCPE containers in vSG VM
2815 3.Ensure VM and containers created properly
2816 4.Configure a subscriber in XOS for each vCPE instance and assign a service id
2817 5.Verify subscribers successfully configured
2818 6.Now login vCPE-2 with subscriber-1 credentials
2819 7.Verify login fails
2820 8.Now login vCPE-1 with subscriber-2 credentials
2821 9.Verify login fails
2822 10.Now login vCPE-1 with subscriber-1 and vCPE-2 with subscriber-2 credentials
2823 11.Verify that both the subscribers able to login to their respective vCPE containers
2824 """
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2825 def test_vsg_for_same_subscriber_configuring_multiple_services(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2826 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2827 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2828 1.Create 2 vSG VMs in compute node
2829 2.Create a vCPE container in each vSG VM
2830 3.Ensure VMs and containers created properly
2831 4.Configure same subscriber in XOS for each vCPE instance and assign a service id
2832 5.Verify subscriber successfully configured
2833 6.Now login vCPE-1 with subscriber credentials
2834 7.Verify login success
2835 8.Now login vCPE-2 with the same subscriber credentials
2836 9.Verify login success
2837 """
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2838 #vCPE Firewall Functionality
2839 def test_vsg_firewall_for_creating_acl_rule_based_on_source_ip(self):
2840 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2841 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2842 1.Create a vSG VM in compute node
2843 2.Create vCPE container in the VM
2844 3.Ensure vSG VM and vCPE container created properly
2845 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
2846 5.Bound the acl rule to WAN interface of vCPE
2847 6.Verify configuration in vCPE is success
2848 8.Verify flows added in OvS
2849 """
2850 def test_vsg_firewall_for_creating_acl_rule_based_on_destination_ip(self):
2851 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2852 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2853 1.Create a vSG VM in compute node
2854 2.Create vCPE container in the VM
2855 3.Ensure vSG VM and vCPE container created properly
2856 4.Configure ac acl rule in vCPE to deny IP traffic to a destination ip
2857 5.Bound the acl rule to WAN interface of vCPE
2858 6.Verify configuration in vCPE is success
2859 8.Verify flows added in OvS
2860 """
2861 def test_vsg_firewall_for_acl_deny_rule_based_on_source_ip_traffic(self):
2862 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2863 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2864 1.Create a vSG VM in compute node
2865 2.Create vCPE container in the VM
2866 3.Ensure vSG VM and vCPE container created properly
2867 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
2868 5.Bound the acl rule to WAN interface of vCPE
2869 6.From subscriber, send ping to the denied IP address
2870 7.Verify that ping fails as vCPE denies ping response
2871 8.Verify flows added in OvS
2872 """
2873 def test_vsg_firewall_for_acl_deny_rule_based_on_destination_ip_traffic(self):
2874 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2875 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2876 1.Create a vSG VM in compute node
2877 2.Create vCPE container in the VM
2878 3.Ensure vSG VM and vCPE container created properly
2879 4.Configure ac acl rule in vCPE to deny IP traffic to a destination IP
2880 5.Bound the acl rule to WAN interface of vCPE
2881 6.From subscriber, send ping to the denied IP address
2882 7.Verify that ping fails as vCPE drops the ping request at WAN interface
2883 8.Verify flows added in OvS
2884 """
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]2885
2886 def test_vsg_dnsmasq(self):
2887 pass
2888
2889 def test_vsg_with_external_parental_control_family_shield_for_filter(self):
2890 pass
2891
2892 def test_vsg_with_external_parental_control_with_answerx(self):
2893 pass
2894
2895 def test_vsg_for_subscriber_upstream_bandwidth(self):
2896 pass
2897
2898 def test_vsg_for_subscriber_downstream_bandwidth(self):
2899 pass
2900
2901 def test_vsg_for_diagnostic_run_of_traceroute(self):
2902 pass
2903
2904 def test_vsg_for_diagnostic_run_of_tcpdump(self):
2905 pass
2906
2907 def test_vsg_for_iptable_rules(self):
2908 pass
2909
2910 def test_vsg_for_iptables_with_neutron(self):
2911 pass