Gitiles
Code Review Sign In
gerrit.opencord.org / cord-tester / a385ceae0b93b80ce2d9eac8f02a3345d4aa7e02 / . / src / test / vsg / vsgTest.py
blob: ac8975c040f81a4d25a82974fd1ae00ff244b59c [file] [log] [blame]
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]1#copyright 2016-present Ciena Corporation
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14#
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]15import time
16import os
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]17import sys
18import json
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]19from nose.tools import *
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]20from twisted.internet import defer
21from nose.twistedtools import reactor, deferred
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]22from CordTestUtils import *
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]23from OltConfig import OltConfig
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]24from onosclidriver import OnosCliDriver
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]25from SSHTestAgent import SSHTestAgent
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]26from CordLogger import CordLogger
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]27from VSGAccess import VSGAccess
A R Karthick933f5b52017-03-27 15:27:16 -0700[diff] [blame]28from CordTestUtils import log_test as log
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]29from CordTestConfig import setup_module, running_on_ciab
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]30from OnosCtrl import OnosCtrl
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]31
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]32log.setLevel('INFO')
33
34class vsg_exchange(CordLogger):
35 ONOS_INSTANCES = 3
36 V_INF1 = 'veth0'
37 device_id = 'of:' + get_mac()
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]38 TEST_IP = '8.8.8.8'
39 HOST = "10.1.0.1"
40 USER = "vagrant"
41 PASS = "vagrant"
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]42 head_node = os.getenv('HEAD_NODE', 'prod')
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]43 HEAD_NODE = head_node + '.cord.lab' if len(head_node.split('.')) == 1 else head_node
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]44 test_path = os.path.dirname(os.path.realpath(__file__))
45 olt_conf_file = os.path.join(test_path, '..', 'setup/olt_config.json')
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]46 restApiXos = None
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]47 subscriber_account_num = 200
48 subscriber_s_tag = 304
49 subscriber_c_tag = 304
50 subscribers_per_s_tag = 8
51 subscriber_map = {}
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]52 subscriber_info = []
53 volt_subscriber_info = []
A R Karthick9a16a112017-04-07 15:40:05 -0700[diff] [blame]54 restore_methods = []
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]55 TIMEOUT=120
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]56 FABRIC_PORT_HEAD_NODE = 1
57 FABRIC_PORT_COMPUTE_NODE = 2
58 APP_NAME = 'org.ciena.xconnect'
59 APP_FILE = os.path.join(test_path, '..', 'apps/xconnect-1.0-SNAPSHOT.oar')
A.R Karthick50f4d9a2017-04-20 16:44:19 -0700[diff] [blame]60 NUM_SUBSCRIBERS = 5
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]61
62 @classmethod
63 def getSubscriberCredentials(cls, subId):
64 """Generate our own account num, s_tag and c_tags"""
65 if subId in cls.subscriber_map:
66 return cls.subscriber_map[subId]
67 account_num = cls.subscriber_account_num
68 cls.subscriber_account_num += 1
69 s_tag, c_tag = cls.subscriber_s_tag, cls.subscriber_c_tag
70 cls.subscriber_c_tag += 1
71 if cls.subscriber_c_tag % cls.subscribers_per_s_tag == 0:
72 cls.subscriber_s_tag += 1
73 cls.subscriber_map[subId] = account_num, s_tag, c_tag
74 return cls.subscriber_map[subId]
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]75
76 @classmethod
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]77 def getXosCredentials(cls):
78 onos_cfg = OnosCtrl.get_config()
79 if onos_cfg is None:
80 return None
81 if 'apps' in onos_cfg and \
82 'org.opencord.vtn' in onos_cfg['apps'] and \
83 'cordvtn' in onos_cfg['apps']['org.opencord.vtn'] and \
84 'xos' in onos_cfg['apps']['org.opencord.vtn']['cordvtn']:
85 xos_cfg = onos_cfg['apps']['org.opencord.vtn']['cordvtn']['xos']
86 endpoint = xos_cfg['endpoint']
87 user = xos_cfg['user']
88 password = xos_cfg['password']
89 xos_endpoints = endpoint.split(':')
90 xos_host = xos_endpoints[1][len('//'):]
91 xos_port = xos_endpoints[2][:-1]
92 #log.info('xos_host: %s, port: %s, user: %s, password: %s' %(xos_host, xos_port, user, password))
93 return dict(host = xos_host, port = xos_port, user = user, password = password)
94
95 return None
96
97 @classmethod
A.R Karthick50f4d9a2017-04-20 16:44:19 -0700[diff] [blame]98 def getSubscriberConfig(cls, num_subscribers):
99 features = {
100 'cdn': True,
101 'uplink_speed': 1000000000,
102 'downlink_speed': 1000000000,
103 'uverse': True,
104 'status': 'enabled'
105 }
106 subscriber_map = []
107 for i in xrange(num_subscribers):
108 subId = 'sub{}'.format(i)
109 account_num, _, _ = cls.getSubscriberCredentials(subId)
110 identity = { 'account_num' : str(account_num),
111 'name' : 'My House {}'.format(i)
112 }
113 sub_info = { 'features' : features,
114 'identity' : identity
115 }
116 subscriber_map.append(sub_info)
117
118 return subscriber_map
119
120 @classmethod
121 def getVoltSubscriberConfig(cls, num_subscribers):
122 voltSubscriberMap = []
123 for i in xrange(num_subscribers):
124 subId = 'sub{}'.format(i)
125 account_num, s_tag, c_tag = cls.getSubscriberCredentials(subId)
126 voltSubscriberInfo = {}
127 voltSubscriberInfo['voltTenant'] = dict(s_tag = str(s_tag),
128 c_tag = str(c_tag),
129 subscriber = '')
130 voltSubscriberInfo['account_num'] = account_num
131 voltSubscriberMap.append(voltSubscriberInfo)
132
133 return voltSubscriberMap
134
135 @classmethod
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]136 def setUpCordApi(cls):
137 our_path = os.path.dirname(os.path.realpath(__file__))
138 cord_api_path = os.path.join(our_path, '..', 'cord-api')
139 framework_path = os.path.join(cord_api_path, 'Framework')
140 utils_path = os.path.join(framework_path, 'utils')
141 data_path = os.path.join(cord_api_path, 'Tests', 'data')
142 subscriber_cfg = os.path.join(data_path, 'Subscriber.json')
143 volt_tenant_cfg = os.path.join(data_path, 'VoltTenant.json')
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]144 num_subscribers = max(cls.NUM_SUBSCRIBERS, 5)
145 cls.subscriber_info = cls.getSubscriberConfig(num_subscribers)
146 cls.volt_subscriber_info = cls.getVoltSubscriberConfig(num_subscribers)
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]147
148 sys.path.append(utils_path)
149 sys.path.append(framework_path)
150 from restApi import restApi
151 restApiXos = restApi()
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]152 xos_credentials = cls.getXosCredentials()
153 if xos_credentials is None:
154 restApiXos.controllerIP = cls.HEAD_NODE
155 restApiXos.controllerPort = '9000'
156 else:
157 restApiXos.controllerIP = xos_credentials['host']
158 restApiXos.controllerPort = xos_credentials['port']
159 restApiXos.user = xos_credentials['user']
160 restApiXos.password = xos_credentials['password']
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]161 cls.restApiXos = restApiXos
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]162
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]163 @classmethod
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]164 def getVoltId(cls, result, subId):
165 if type(result) is not type([]):
166 return None
167 for tenant in result:
168 if str(tenant['subscriber']) == str(subId):
169 return str(tenant['id'])
170 return None
171
172 @classmethod
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]173 def closeVCPEAccess(cls, volt_subscriber_info):
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]174 """
175 Disabled uninstall app for now to disable deletion of flows on leaf-switch
176 """
177 return
178 #OnosCtrl.uninstall_app(cls.APP_NAME, onos_ip = cls.HEAD_NODE)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]179
180 @classmethod
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]181 def openVCPEAccess(cls, volt_subscriber_info):
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]182 """
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]183 This code is used to configure leaf switch for head node access to compute node over fabric.
184 Care is to be taken to avoid overwriting existing/default vcpe flows.
185 The access is opened for generated subscriber info which should not overlap.
186 We target the fabric onos instance on head node.
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]187 """
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]188 OnosCtrl.install_app(cls.APP_FILE, onos_ip = cls.HEAD_NODE)
189 time.sleep(2)
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]190 s_tags = map(lambda tenant: int(tenant['voltTenant']['s_tag']), volt_subscriber_info)
191 #only get unique vlan tags
192 s_tags = list(set(s_tags))
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]193 devices = OnosCtrl.get_device_ids(controller = cls.HEAD_NODE)
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]194 if devices:
195 device_config = {}
196 for device in devices:
197 device_config[device] = []
198 for s_tag in s_tags:
199 xconnect_config = {'vlan': s_tag, 'ports' : [ cls.FABRIC_PORT_HEAD_NODE, cls.FABRIC_PORT_COMPUTE_NODE ] }
200 device_config[device].append(xconnect_config)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]201
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]202 cfg = { 'apps' : { 'org.ciena.xconnect' : { 'xconnectTestConfig' : device_config } } }
203 OnosCtrl.config(cfg, controller = cls.HEAD_NODE)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]204
205 @classmethod
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]206 def setUpClass(cls):
207 cls.controllers = get_controllers()
208 cls.controller = cls.controllers[0]
209 cls.cli = None
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]210 cls.on_pod = running_on_pod()
211 cls.on_ciab = running_on_ciab()
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]212 cls.olt = OltConfig(olt_conf_file = cls.olt_conf_file)
213 cls.vcpes = cls.olt.get_vcpes()
214 cls.vcpes_dhcp = cls.olt.get_vcpes_by_type('dhcp')
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]215 cls.vcpes_reserved = cls.olt.get_vcpes_by_type('reserved')
216 cls.dhcp_vcpes_reserved = [ 'vcpe{}.{}.{}'.format(i, cls.vcpes_reserved[i]['s_tag'], cls.vcpes_reserved[i]['c_tag'])
217 for i in xrange(len(cls.vcpes_reserved)) ]
218 cls.untagged_dhcp_vcpes_reserved = [ 'vcpe{}'.format(i) for i in xrange(len(cls.vcpes_reserved)) ]
219 cls.container_vcpes_reserved = [ 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag']) for vcpe in cls.vcpes_reserved ]
220 vcpe_dhcp_reserved = None
221 vcpe_container_reserved = None
222 if cls.vcpes_reserved:
223 vcpe_dhcp_reserved = cls.dhcp_vcpes_reserved[0]
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]224 if cls.on_pod is False:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]225 vcpe_dhcp_reserved = cls.untagged_dhcp_vcpes_reserved[0]
226 vcpe_container_reserved = cls.container_vcpes_reserved[0]
227
228 cls.vcpe_dhcp_reserved = vcpe_dhcp_reserved
229 cls.vcpe_container_reserved = vcpe_container_reserved
230 dhcp_vcpe_offset = len(cls.vcpes_reserved)
A R Karthick927129c2017-04-25 14:08:02 -0700[diff] [blame]231 cls.dhcp_vcpes = [ 'vcpe{}.{}.{}'.format(i+dhcp_vcpe_offset, cls.vcpes_dhcp[i]['s_tag'], cls.vcpes_dhcp[i]['c_tag'])
232 for i in xrange(len(cls.vcpes_dhcp)) ]
233 cls.untagged_dhcp_vcpes = [ 'vcpe{}'.format(i+dhcp_vcpe_offset) for i in xrange(len(cls.vcpes_dhcp)) ]
234 cls.container_vcpes = [ 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag']) for vcpe in cls.vcpes_dhcp ]
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]235 vcpe_dhcp = None
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]236 vcpe_container = None
237 #cache the first dhcp vcpe in the class for quick testing
238 if cls.vcpes_dhcp:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]239 vcpe_container = cls.container_vcpes[0]
240 vcpe_dhcp = cls.dhcp_vcpes[0]
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]241 if cls.on_pod is False:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]242 vcpe_dhcp = cls.untagged_dhcp_vcpes[0]
243 cls.vcpe_container = vcpe_container_reserved or vcpe_container
244 cls.vcpe_dhcp = vcpe_dhcp_reserved or vcpe_dhcp
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]245 VSGAccess.setUp()
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]246 cls.setUpCordApi()
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]247 if cls.on_pod is True:
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]248 cls.openVCPEAccess(cls.volt_subscriber_info)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]249
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]250 @classmethod
251 def tearDownClass(cls):
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]252 VSGAccess.tearDown()
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]253 if cls.on_pod is True:
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]254 cls.closeVCPEAccess(cls.volt_subscriber_info)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]255
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]256 def cliEnter(self, controller = None):
257 retries = 0
258 while retries < 30:
259 self.cli = OnosCliDriver(controller = controller, connect = True)
260 if self.cli.handle:
261 break
262 else:
263 retries += 1
264 time.sleep(2)
265
266 def cliExit(self):
267 self.cli.disconnect()
268
269 def onos_shutdown(self, controller = None):
270 status = True
271 self.cliEnter(controller = controller)
272 try:
273 self.cli.shutdown(timeout = 10)
274 except:
275 log.info('Graceful shutdown of ONOS failed for controller: %s' %controller)
276 status = False
277
278 self.cliExit()
279 return status
280
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]281 def log_set(self, level = None, app = 'org.onosproject'):
282 CordLogger.logSet(level = level, app = app, controllers = self.controllers, forced = True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]283
A R Karthick9a16a112017-04-07 15:40:05 -0700[diff] [blame]284 @classmethod
285 def get_dhcp(cls, vcpe, mgmt = 'eth0'):
286 """Get DHCP for vcpe interface saving management settings"""
287
288 def put_dhcp():
289 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
290
291 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
292 if vcpe_ip is not None:
293 cls.restore_methods.append(put_dhcp)
294 return vcpe_ip
295
296 @classmethod
297 def config_restore(cls):
298 """Restore the vsg test configuration on test case failures"""
299 for restore_method in cls.restore_methods:
300 restore_method()
301
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]302 def get_vsg_vcpe_pair(self):
303 vcpes = self.vcpes_dhcp
304 vcpe_containers = []
305 vsg_vcpe = {}
306 for vcp in vcpes:
307 vcpe_container = 'vcpe-{}-{}'.format(vcp['s_tag'], vcp['c_tag'])
308 vcpe_containers.append(vcpe_container)
309 vsg = VSGAccess.get_vcpe_vsg(vcpe_container)
310 vsg_vcpe[vcpe_container]=str(vsg.get_ip())
311 return vsg_vcpe
312
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]313 def get_vcpe_containers_and_interfaces(self):
314 vcpe_containers = {}
315 vcpe_interfaces = []
316 vcpes = self.vcpes_dhcp
317 count = 0
318 for vcpe in vcpes:
319 vcpe_intf = 'vcpe{}.{}.{}'.format(count,vcpe['s_tag'],vcpe['c_tag'])
320 vcpe_interfaces.append(vcpe_intf)
321 vcpe_container = 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag'])
322 vcpe_containers[vcpe_intf] = vcpe_container
323 count += 1
324 log.info('vcpe interfaces are %s'%vcpe_interfaces)
325 log.info('vcpe containers are %s'%vcpe_containers)
326 return vcpe_interfaces,vcpe_containers
327
328 def get_vcpe_interface_dhcp_ip(self,vcpe=None):
329 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]330 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]331 st, _ = getstatusoutput('dhclient {}'.format(vcpe))
332 vcpe_ip = get_ip(vcpe)
333 return vcpe_ip
334
335 def release_vcpe_interface_dhcp_ip(self,vcpe=None):
336 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]337 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]338 st, _ = getstatusoutput('dhclient {} -r'.format(vcpe))
339 vcpe_ip = get_ip(vcpe)
340 assert_equal(vcpe_ip, None)
341
342 def add_static_route_via_vcpe_interface(self, routes, vcpe=None,dhcp_ip=True):
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]343 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]344 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]345 if dhcp_ip:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]346 os.system('dhclient '+vcpe)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]347 time.sleep(1)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]348 for route in routes:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]349 log.info('route is %s'%route)
350 cmd = 'ip route add ' + route + ' via 192.168.0.1 '+ 'dev ' + vcpe
351 cmds.append(cmd)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]352 for cmd in cmds:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]353 os.system(cmd)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]354 return True
355
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]356 def del_static_route_via_vcpe_interface(self,routes,vcpe=None,dhcp_release=True):
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]357 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]358 vcpe = self.vcpe_dhcp
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]359 cmds = []
360 for route in routes:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]361 cmd = 'ip route del ' + route + ' via 192.168.0.1 ' + 'dev ' + vcpe
362 os.system(cmd)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]363 if dhcp_release:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]364 os.system('dhclient '+vcpe+' -r')
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]365 return True
366
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]367 def test_vsg_multiple_subscribers_for_same_vcpe_instace(self):
368 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
369 for vcpe in vcpe_intfs:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]370 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
371 assert_not_equal(vcpe_ip,None)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]372 for vcpe in vcpe_intfs:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]373 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]374
375 def test_vsg_multiple_subscribers_for_same_vcpe_instance_ping_to_external_connectivity(self):
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]376 host = '8.8.8.8'
377 vcpe_intfs, containers = self.get_vcpe_containers_and_interfaces()
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]378 for vcpe in vcpe_intfs:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]379 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
380 assert_not_equal(vcpe_ip,None)
381 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe,dhcp_ip=False)
382 st, _ = getstatusoutput('ping -I {} -c 3 {}'.format(vcpe,host))
383 assert_equal(st, 0)
384 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe,dhcp_release=False)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]385 for vcpe in vcpe_intfs:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]386 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]387
388 def test_vsg_vcpe_interface_gets_dhcp_ip_after_interface_toggle(self):
389 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
390 for vcpe in vcpe_intfs:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]391 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
392 assert_not_equal(vcpe_ip,None)
393 os.system('ifconfig {} down'.format(vcpe))
394 time.sleep(1)
395 os.system('ifconfig {} up'.format(vcpe))
396 time.sleep(1)
397 vcpe_ip2 = get_ip(vcpe)
398 assert_equal(vcpe_ip2,vcpe_ip)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]399 for vcpe in vcpe_intfs:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]400 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]401
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]402 def test_vsg_health(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]403 """
404 Algo:
405 1. Login to compute node VM
406 2. Get all vSGs
407 3. Ping to all vSGs
408 4. Verifying Ping success
409 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]410 status = True
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]411 if self.on_pod is True:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]412 status = VSGAccess.health_check()
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]413 assert_equal(status, True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]414
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]415 def test_vsg_health_check(self, vsg_name='mysite_vsg-1', verify_status=True):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]416 """
417 Algo:
418 1. If vsg name not specified, Get vsg corresponding to vcpe
419 1. Login to compute mode VM
420 3. Ping to the vSG
421 4. Verifying Ping success
422 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]423 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]424 return
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]425 if not vsg_name:
426 vcpe = self.vcpe_container
427 vsg = VSGAccess.get_vcpe_vsg(vcpe)
428 status = vsg.get_health()
429 assert_equal(status, verify_status)
430 else:
431 vsgs = VSGAccess.get_vsgs()
432 status = None
433 for vsg in vsgs:
434 if vsg.name == vsg_name:
435 status = vsg.get_health()
436 log.info('vsg health check status is %s'%status)
437 assert_equal(status,verify_status)
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]438
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]439 @deferred(TIMEOUT)
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]440 def test_vsg_for_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]441 """
442 Algo:
443 1. Get list of all compute nodes created using Openstack
444 2. Login to compute mode VM
445 3. Get all vSGs
446 4. Verifying atleast one compute node and one vSG created
447 """
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]448 df = defer.Deferred()
449 def vsg_for_vcpe_df(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]450 if self.on_pod is True:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]451 vsgs = VSGAccess.get_vsgs()
452 compute_nodes = VSGAccess.get_compute_nodes()
453 time.sleep(14)
454 assert_not_equal(len(vsgs), 0)
455 assert_not_equal(len(compute_nodes), 0)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]456 df.callback(0)
457 reactor.callLater(0,vsg_for_vcpe_df,df)
458 return df
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]459
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]460 def test_vsg_for_login(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]461 """
462 Algo:
463 1. Login to compute node VM
464 2. Get all vSGs
465 3. Verifying login to vSG is success
466 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]467 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]468 return
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]469 vsgs = VSGAccess.get_vsgs()
470 vsg_access_status = map(lambda vsg: vsg.check_access(), vsgs)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]471 status = filter(lambda st: st == False, vsg_access_status)
472 assert_equal(len(status), 0)
473
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]474 def test_vsg_for_default_route_through_testclient(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]475 """
476 Algo:
477 1. Login to head node
478 2. Verifying for default route in lxc test client
479 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]480 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]481 return
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]482 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
483 cmd = "sudo lxc exec testclient -- route | grep default"
484 status, output = ssh_agent.run_cmd(cmd)
485 assert_equal(status, True)
486
487 def test_vsg_for_external_connectivity_through_testclient(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]488 """
489 Algo:
490 1. Login to head node
491 2. On head node, executing ping to 8.8.8.8 from lxc test client
492 3. Verifying for the ping success
493 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]494 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]495 return
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]496 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
497 cmd = "lxc exec testclient -- ping -c 3 8.8.8.8"
498 status, output = ssh_agent.run_cmd(cmd)
499 assert_equal( status, True)
500
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]501 def vsg_for_external_connectivity(self, subscriber_index, reserved = False):
502 if reserved is True:
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]503 if self.on_pod is True:
504 vcpe = self.dhcp_vcpes_reserved[subscriber_index]
505 else:
506 vcpe = self.untagged_dhcp_vcpes_reserved[subscriber_index]
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]507 else:
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]508 if self.on_pod is True:
509 vcpe = self.dhcp_vcpes[subscriber_index]
510 else:
511 vcpe = self.untagged_dhcp_vcpes[subscriber_index]
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]512 mgmt = 'eth0'
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]513 host = '8.8.8.8'
514 self.success = False
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]515 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]516 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]517 assert_not_equal(vcpe_ip, None)
518 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
519 log.info('Sending icmp echo requests to external network 8.8.8.8')
520 st, _ = getstatusoutput('ping -c 3 8.8.8.8')
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]521 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]522 assert_equal(st, 0)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]523
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]524 def test_vsg_for_external_connectivity(self):
525 """
526 Algo:
527 1. Get dhcp IP to vcpe interface in cord-tester
528 2. Verifying vcpe interface gets dhcp IP
529 3. Ping to 8.8.8.8 and Verifying ping should success
530 4. Restoring management interface configuration in cord-tester
531 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]532 reserved = True
533 if self.on_pod:
534 reserved = self.on_ciab
535 self.vsg_for_external_connectivity(0, reserved = reserved)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]536
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]537 def test_vsg_for_external_connectivity_to_google(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]538 """
539 Algo:
540 1. Get dhcp IP to vcpe interface in cord-tester
541 2. Verifying vcpe interface gets dhcp IP
542 3. Ping to www.google.com and Verifying ping should success
543 4. Restoring management interface configuration in cord-tester
544 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]545 host = 'www.google.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]546 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]547 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]548 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]549 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]550 assert_not_equal(vcpe_ip, None)
551 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
552 log.info('Sending icmp ping requests to %s' %host)
553 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]554 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]555 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]556
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]557 def test_vsg_for_external_connectivity_to_invalid_host(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]558 """
559 Algo:
560 1. Get dhcp IP to vcpe interface in cord-tester
561 2. Verifying vcpe interface gets dhcp IP
562 3. Ping to www.goglee.com and Verifying ping should not success
563 4. Restoring management interface configuration in cord-tester
564 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]565 host = 'www.goglee.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]566 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]567 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]568 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]569 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]570 assert_not_equal(vcpe_ip, None)
571 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
572 log.info('Sending icmp ping requests to non existent host %s' %host)
573 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]574 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]575 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]576
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]577 def test_vsg_for_external_connectivity_with_ttl_1(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]578 """
579 Algo:
580 1. Get dhcp IP to vcpe interface in cord-tester
581 2. Verifying vcpe interface gets dhcp IP
582 3. Ping to 8.8.8.8 with ttl set to 1
583 4. Verifying ping should not success
584 5. Restoring management interface configuration in cord-tester
585 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]586 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]587 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]588 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]589 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]590 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]591 assert_not_equal(vcpe_ip, None)
592 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
593 log.info('Sending icmp ping requests to host %s with ttl 1' %host)
594 st, _ = getstatusoutput('ping -c 1 -t 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]595 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]596 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]597
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]598 def test_vsg_for_external_connectivity_with_wan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]599 """
600 Algo:
601 1. Get dhcp IP to vcpe interface in cord-tester
602 2. Verifying vcpe interface gets dhcp IP
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]603 3. Ping to 8.8.8.8 and Verifying ping succeeds
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]604 4. Now down the WAN interface of vcpe
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]605 5. Ping to 8.8.8.8 and Verifying ping fails
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]606 6. Now Up the WAN interface of vcpe
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]607 7. Ping to 8.8.8.8 and Verifying ping succeeds
608 8. Restoring management interface configuration in cord-tester
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]609 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]610 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]611 return
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]612 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]613 mgmt = 'eth0'
614 vcpe = self.vcpe_container
615 assert_not_equal(vcpe, None)
616 assert_not_equal(self.vcpe_dhcp, None)
617 #first get dhcp on the vcpe interface
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]618 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
619 assert_not_equal(vcpe_ip, None)
620 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
621 log.info('Sending ICMP pings to host %s' %(host))
622 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
623 if st != 0:
624 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
625 assert_equal(st, 0)
626 #bring down the wan interface and check again
627 st = VSGAccess.vcpe_wan_down(vcpe)
628 if st is False:
629 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
630 assert_equal(st, True)
631 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
632 if st == 0:
633 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
634 assert_not_equal(st, 0)
635 st = VSGAccess.vcpe_wan_up(vcpe)
636 if st is False:
637 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
638 assert_equal(st, True)
639 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
640 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
641 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]642
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]643 def test_vsg_for_external_connectivity_with_lan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]644 """
645 Algo:
646 1. Get dhcp IP to vcpe interface in cord-tester
647 2. Verifying vcpe interface gets dhcp IP
648 3. Ping to 8.8.8.8 and Verifying ping should success
649 4. Now down the LAN interface of vcpe
650 5. Ping to 8.8.8.8 and Verifying ping should not success
651 6. Now Up the LAN interface of vcpe
652 7. Ping to 8.8.8.8 and Verifying ping should success
653 8. Restoring management interface configuration in cord-tester
654 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]655 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]656 return
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]657 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]658 mgmt = 'eth0'
659 vcpe = self.vcpe_container
660 assert_not_equal(vcpe, None)
661 assert_not_equal(self.vcpe_dhcp, None)
662 #first get dhcp on the vcpe interface
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]663 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
664 assert_not_equal(vcpe_ip, None)
665 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
666 log.info('Sending ICMP pings to host %s' %(host))
667 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
668 if st != 0:
669 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
670 assert_equal(st, 0)
671 #bring down the lan interface and check again
672 st = VSGAccess.vcpe_lan_down(vcpe)
673 if st is False:
674 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
675 assert_equal(st, True)
676 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
677 if st == 0:
678 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
679 assert_not_equal(st, 0)
680 st = VSGAccess.vcpe_lan_up(vcpe)
681 if st is False:
682 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
683 assert_equal(st, True)
684 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
685 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
686 assert_equal(st, 0)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]687
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]688 @deferred(TIMEOUT)
689 def test_vsg_for_external_connectivity_with_vcpe_container_paused(self,vcpe_name=None,vcpe_intf=None):
690 """
691 Algo:
692 1. Get vSG corresponding to vcpe
693 2. Get dhcp ip to vcpe interface
694 3. Add static route to destination route in test container
695 4. From test container ping to destination route and verify ping success
696 5. Login to compute node and execute command to pause vcpe container
697 6. From test container ping to destination route and verify ping success
698 """
699 if not vcpe_name:
700 vcpe_name = self.vcpe_container
701 if not vcpe_intf:
702 vcpe_intf = self.vcpe_dhcp
703 df = defer.Deferred()
704 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]705 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]706 df.callback(0)
707 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]708 host = '8.8.8.8'
709 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
710 try:
711 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
712 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
713 assert_equal(st, False)
714 st, _ = vsg.run_cmd('sudo docker pause {}'.format(vcpe_name))
715 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
716 assert_equal(st, False)
717 finally:
718 vsg.run_cmd('sudo docker unpause'.format(vcpe_name))
719 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
720 df.callback(0)
721 reactor.callLater(0, vcpe_firewall, df)
722 return df
723
724 @deferred(TIMEOUT)
725 def test_vsg_firewall_with_deny_destination_ip(self, vcpe_name=None, vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]726 """
727 Algo:
728 1. Get vSG corresponding to vcpe
729 2. Login to compute node
730 3. Execute iptable command on vcpe from compute node to deny a destination IP
731 4. From cord-tester ping to the denied IP address
732 5. Verifying that ping should not be successful
733 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]734 if not vcpe_name:
735 vcpe_name = self.vcpe_container
736 if not vcpe_intf:
737 vcpe_intf = self.vcpe_dhcp
738 df = defer.Deferred()
739 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]740 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]741 df.callback(0)
742 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]743 host = '8.8.8.8'
744 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
745 try:
746 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
747 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
748 assert_equal(st, False)
749 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
750 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
751 assert_equal(st, True)
752 finally:
753 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
754 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
755 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
756 df.callback(0)
757 reactor.callLater(0, vcpe_firewall, df)
758 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]759
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]760 @deferred(TIMEOUT)
761 def test_vsg_firewall_with_rule_add_and_delete_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]762 """
763 Algo:
764 1. Get vSG corresponding to vcpe
765 2. Login to compute node
766 3. Execute iptable command on vcpe from compute node to deny a destination IP
767 4. From cord-tester ping to the denied IP address
768 5. Verifying that ping should not be successful
769 6. Delete the iptable rule in vcpe
770 7. From cord-tester ping to the denied IP address
771 8. Verifying the ping should success
772 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]773 if not vcpe_name:
774 vcpe_name = self.vcpe_container
775 if not vcpe_intf:
776 vcpe_intf = self.vcpe_dhcp
777 df = defer.Deferred()
778 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]779 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]780 df.callback(0)
781 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]782 host = '8.8.8.8'
783 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
784 try:
785 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
786 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
787 assert_equal(st, False)
788 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
789 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
790 assert_equal(st, True)
791 st,_ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
792 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
793 assert_equal(st, False)
794 finally:
795 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
796 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
797 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
798 df.callback(0)
799 reactor.callLater(0, vcpe_firewall, df)
800 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]801
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]802 @deferred(TIMEOUT)
803 def test_vsg_firewall_verifying_reachability_for_non_blocked_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]804 """
805 Algo:
806 1. Get vSG corresponding to vcpe
807 2. Login to compute node
808 3. Execute iptable command on vcpe from compute node to deny a destination IP
809 4. From cord-tester ping to the denied IP address
810 5. Verifying that ping should not be successful
811 6. From cord-tester ping to the denied IP address other than the denied one
812 7. Verifying the ping should success
813 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]814 if not vcpe_name:
815 vcpe_name = self.vcpe_container
816 if not vcpe_intf:
817 vcpe_intf = self.vcpe_dhcp
818 df = defer.Deferred()
819 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]820 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]821 df.callback(0)
822 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]823 host1 = '8.8.8.8'
824 host2 = '204.79.197.203'
825 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
826 try:
827 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
828 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
829 assert_equal(st, False)
830 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
831 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
832 assert_equal(st, True)
833 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
834 assert_equal(st,False)
835 finally:
836 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
837 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
838 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
839 df.callback(0)
840 reactor.callLater(0, vcpe_firewall, df)
841 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]842
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]843 @deferred(TIMEOUT)
844 def test_vsg_firewall_appending_rules_with_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]845 """
846 Algo:
847 1. Get vSG corresponding to vcpe
848 2. Login to compute node
849 3. Execute iptable command on vcpe from compute node to deny a destination IP1
850 4. From cord-tester ping to the denied IP address IP1
851 5. Verifying that ping should not be successful
852 6. Execute iptable command on vcpe from compute node to deny a destination IP2
853 6. From cord-tester ping to the denied IP address IP2
854 7. Verifying that ping should not be successful
855 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]856 if not vcpe_name:
857 vcpe_name = self.vcpe_container
858 if not vcpe_intf:
859 vcpe_intf = self.vcpe_dhcp
860 df = defer.Deferred()
861 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]862 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]863 df.callback(0)
864 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]865 host1 = '8.8.8.8'
866 host2 = '204.79.197.203'
867 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
868 try:
869 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
870 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
871 assert_equal(st, False)
872 st,_ = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name))
873 time.sleep(2)
874 st,_ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
875 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
876 assert_equal(st, True)
877 st, out = getstatusoutput('ping -c 1 {}'.format(host2))
878 log.info('host2 ping output is %s'%out)
879 assert_equal(st, False)
880 st, _ = vsg.run_cmd('sudo docker exec {} iptables -A FORWARD -d {} -j DROP'.format(vcpe_name,host2))
881 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
882 assert_equal(st,True)
883 finally:
884 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
885 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
886 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
887 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
888 df.callback(0)
889 reactor.callLater(0, vcpe_firewall, df)
890 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]891
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]892 @deferred(TIMEOUT)
893 def test_vsg_firewall_removing_one_rule_denying_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]894 """
895 Algo:
896 1. Get vSG corresponding to vcpe
897 2. Login to compute node
898 3. Execute iptable command on vcpe from compute node to deny a destination IP1
899 4. Execute iptable command on vcpe from compute node to deny a destination IP2
900 5. From cord-tester ping to the denied IP address IP1
901 6. Verifying that ping should not be successful
902 7. From cord-tester ping to the denied IP address IP2
903 8. Verifying that ping should not be successful
904 9. Execute iptable command on vcpe from compute node to remove deny a destination IP2 rule
905 10. From cord-tester ping to the denied IP address IP2
906 11. Verifying the ping should success
907 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]908 if not vcpe_name:
909 vcpe_name = self.vcpe_container
910 if not vcpe_intf:
911 vcpe_intf = self.vcpe_dhcp
912 df = defer.Deferred()
913 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]914 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]915 df.callback(0)
916 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]917 host1 = '8.8.8.8'
918 host2 = '204.79.197.203'
919 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
920 try:
921 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp)
922 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
923 assert_equal(st, False)
924 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
925 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host2))
926 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
927 assert_equal(st, True)
928 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
929 assert_equal(st,True)
930 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
931 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
932 assert_equal(st,False)
933 finally:
934 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
935 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
936 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
937 log.info('restarting vcpe container')
938 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
939 df.callback(0)
940 reactor.callLater(0, vcpe_firewall, df)
941 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]942
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]943 @deferred(TIMEOUT)
944 def test_vsg_firewall_changing_rule_id_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]945 """
946 Algo:
947 1. Get vSG corresponding to vcpe
948 2. Login to compute node
949 3. Execute iptable command on vcpe from compute node to deny a destination IP
950 5. From cord-tester ping to the denied IP address IP1
951 6. Verifying that ping should not be successful
952 9. Execute iptable command on vcpe from compute node to change the rule ID to 2 to deny the same destination IP
953 10. From cord-tester ping to the denied IP address IP
954 11. Verifying that ping should not be successful
955 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]956 if not vcpe_name:
957 vcpe_name = self.vcpe_container
958 if not vcpe_intf:
959 vcpe_intf = self.vcpe_dhcp
960 df = defer.Deferred()
961 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]962 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]963 df.callback(0)
964 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]965 host = '8.8.8.8'
966 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
967 try:
968 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
969 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
970 assert_equal(st, False)
971 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
972 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
973 assert_equal(st, True)
974 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP '.format(vcpe_name,host))
975 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
976 assert_equal(st,True)
977 finally:
978 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
979 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
980 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
981 df.callback(0)
982 reactor.callLater(0, vcpe_firewall, df)
983 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]984
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]985 @deferred(TIMEOUT)
986 def test_vsg_firewall_changing_deny_rule_to_accept_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]987 """
988 Algo:
989 1. Get vSG corresponding to vcpe
990 2. Login to compute node
991 3. Execute iptable command on vcpe from compute node to deny a destination IP
992 5. From cord-tester ping to the denied IP address IP1
993 6. Verifying that ping should not be successful
994 9. Execute iptable command on vcpe from compute node to accept the same destination IP
995 10. From cord-tester ping to the accepted IP
996 11. Verifying the ping should success
997 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]998 if not vcpe_name:
999 vcpe_name = self.vcpe_container
1000 if not vcpe_intf:
1001 vcpe_intf = self.vcpe_dhcp
1002 df = defer.Deferred()
1003 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1004 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1005 df.callback(0)
1006 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1007 host = '8.8.8.8'
1008 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1009 try:
1010 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1011 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1012 assert_equal(st, False)
1013 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1014 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1015 assert_equal(st, True)
1016 st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -d {} -j ACCEPT'.format(vcpe_name,host))
1017 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1018 assert_equal(st,False)
1019 finally:
1020 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1021 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j ACCEPT'.format(vcpe_name,host))
1022 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1023 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1024 df.callback(0)
1025 reactor.callLater(0, vcpe_firewall, df)
1026 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1027
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1028 @deferred(TIMEOUT) #Fail
1029 def test_vsg_firewall_denying_destination_network(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1030 """
1031 Algo:
1032 1. Get vSG corresponding to vcpe
1033 2. Login to compute node
1034 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet
1035 4. From cord-tester ping to the denied IP address IP1 in the denied subnet
1036 5. Verifying that ping should not be successful
1037 6. From cord-tester ping to the denied IP address IP2 in the denied subnet
1038 7. Verifying that ping should not be successful
1039 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1040 if not vcpe_name:
1041 vcpe_name = self.vcpe_container
1042 if not vcpe_intf:
1043 vcpe_intf = self.vcpe_dhcp
1044 df = defer.Deferred()
1045 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1046 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1047 df.callback(0)
1048 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1049 network = '204.79.197.192/28'
1050 host1 = '204.79.197.203'
1051 host2 = '204.79.197.210'
1052 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1053 try:
1054 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp)
1055 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1056 assert_equal(st, False)
1057 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network))
1058 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1059 assert_equal(st, True)
1060 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1061 assert_equal(st,False)
1062 finally:
1063 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network))
1064 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
1065 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1066 df.callback(0)
1067 reactor.callLater(0, vcpe_firewall, df)
1068 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1069
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1070 @deferred(TIMEOUT)
1071 def test_vsg_firewall_denying_destination_network_subnet_modification(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1072 """
1073 Algo:
1074 1. Get vSG corresponding to vcpe
1075 2. Login to compute node
1076 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet
1077 4. From cord-tester ping to the denied IP address IP1 in the denied subnet
1078 5. Verifying that ping should not be successful
1079 6. From cord-tester ping to the denied IP address IP2 in the denied subnet
1080 7. Verifying that ping should not be successful
1081 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1082 if not vcpe_name:
1083 vcpe_name = self.vcpe_container
1084 if not vcpe_intf:
1085 vcpe_intf = self.vcpe_dhcp
1086 df = defer.Deferred()
1087 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1088 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1089 df.callback(0)
1090 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1091 network1 = '204.79.197.192/28'
1092 network2 = '204.79.197.192/27'
1093 host1 = '204.79.197.203'
1094 host2 = '204.79.197.210'
1095 host3 = '204.79.197.224'
1096 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1097 try:
1098 self.add_static_route_via_vcpe_interface([host1,host2,host3],vcpe=self.vcpe_dhcp)
1099 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1100 assert_equal(st, False)
1101 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network1))
1102 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1103 assert_equal(st, True)
1104 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1105 assert_equal(st,False)
1106 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP'.format(vcpe_name,network2))
1107 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1108 assert_equal(st, True)
1109 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1110 assert_equal(st, True)
1111 st, _ = getstatusoutput('ping -c 1 {}'.format(host3))
1112 assert_equal(st, False)
1113 finally:
1114 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network1))
1115 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network2))
1116 self.del_static_route_via_vcpe_interface([host1,host2,host3],vcpe=vcpe_intf)
1117 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1118 df.callback(0)
1119 reactor.callLater(0, vcpe_firewall, df)
1120 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1121
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1122 @deferred(TIMEOUT)
1123 def test_vsg_firewall_with_deny_source_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1124 """
1125 Algo:
1126 1. Get vSG corresponding to vcpe
1127 2. Login to compute node
1128 3. Execute iptable command on vcpe from compute node to deny a source IP
1129 4. From cord-tester ping to 8.8.8.8 from the denied IP
1130 5. Verifying that ping should not be successful
1131 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1132 if not vcpe_name:
1133 vcpe_name = self.vcpe_container
1134 if not vcpe_intf:
1135 vcpe_intf = self.vcpe_dhcp
1136 df = defer.Deferred()
1137 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1138 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1139 df.callback(0)
1140 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1141 host = '8.8.8.8'
1142 #source_ip = get_ip(self.vcpe_dhcp)
1143 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1144 try:
1145 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1146 source_ip = get_ip(self.vcpe_dhcp)
1147 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1148 assert_equal(st, False)
1149 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1150 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1151 assert_equal(st, True)
1152 finally:
1153 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1154 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1155 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1156 df.callback(0)
1157 reactor.callLater(0, vcpe_firewall, df)
1158 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1159
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1160 @deferred(TIMEOUT)
1161 def test_vsg_firewall_rule_with_add_and_delete_deny_source_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1162 """
1163 Algo:
1164 1. Get vSG corresponding to vcpe
1165 2. Login to compute node
1166 3. Execute iptable command on vcpe from compute node to deny a source IP
1167 4. From cord-tester ping to 8.8.8.8 from the denied IP
1168 5. Verifying that ping should not be successful
1169 6. Delete the iptable rule in vcpe
1170 7. From cord-tester ping to 8.8.8.8 from the denied IP
1171 8. Verifying the ping should success
1172 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1173 if not vcpe_name:
1174 vcpe_name = self.vcpe_container
1175 if not vcpe_intf:
1176 vcpe_intf = self.vcpe_dhcp
1177 df = defer.Deferred()
1178 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1179 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1180 df.callback(0)
1181 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1182 host = '8.8.8.8'
1183 source_ip = get_ip(self.vcpe_dhcp)
1184 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1185 try:
1186 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1187 source_ip = get_ip(self.vcpe_dhcp)
1188 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1189 assert_equal(st, False)
1190 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1191 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1192 assert_equal(st, True)
1193 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1194 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1195 assert_equal(st, False)
1196 finally:
1197 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1198 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1199 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1200 df.callback(0)
1201 reactor.callLater(0, vcpe_firewall, df)
1202 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1203
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1204 @deferred(TIMEOUT)
1205 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_requests_type(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1206 """
1207 Algo:
1208 1. Get vSG corresponding to vcpe
1209 2. Login to compute node
1210 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets
1211 4. From cord-tester ping to 8.8.8.8
1212 5. Verifying that ping should not be successful
1213 6. Delete the iptable rule
1214 7. From cord-tester ping to 8.8.8.8
1215 8. Verifying the ping should success
1216 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1217 if not vcpe_name:
1218 vcpe_name = self.vcpe_container
1219 if not vcpe_intf:
1220 vcpe_intf = self.vcpe_dhcp
1221 df = defer.Deferred()
1222 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1223 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1224 df.callback(0)
1225 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1226 host = '8.8.8.8'
1227 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1228 try:
1229 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1230 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1231 assert_equal(st, False)
1232 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1233 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1234 assert_equal(st, True)
1235 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1236 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1237 assert_equal(st, False)
1238 finally:
1239 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1240 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1241 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1242 df.callback(0)
1243 reactor.callLater(0, vcpe_firewall, df)
1244 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1245
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1246 @deferred(TIMEOUT)
1247 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1248 """
1249 Algo:
1250 1. Get vSG corresponding to vcpe
1251 2. Login to compute node
1252 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets
1253 4. From cord-tester ping to 8.8.8.8
1254 5. Verifying that ping should not be successful
1255 6. Delete the iptable rule
1256 7. From cord-tester ping to 8.8.8.8
1257 8. Verifying the ping should success
1258 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1259 if not vcpe_name:
1260 vcpe_name = self.vcpe_container
1261 if not vcpe_intf:
1262 vcpe_intf = self.vcpe_dhcp
1263 df = defer.Deferred()
1264 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1265 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1266 df.callback(0)
1267 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1268 host = '8.8.8.8'
1269 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1270 try:
1271 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1272 st, _ = getstatusoutput('ping -c 1 {}'.format('8.8.8.8'))
1273 assert_equal(st, False)
1274 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1275 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1276 assert_equal(st, True)
1277 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1278 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1279 assert_equal(st,False)
1280 finally:
1281 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1282 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1283 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1284 df.callback(0)
1285 reactor.callLater(0, vcpe_firewall, df)
1286 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1287
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1288 @deferred(TIMEOUT)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1289 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_requests_type(self, vcpe_name=None, vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1290 """
1291 Algo:
1292 1. Get vSG corresponding to vcpe
1293 2. Login to compute node
1294 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets
1295 4. From cord-tester ping to 8.8.8.8
1296 5. Verifying that ping should not be successful
1297 6. Insert another rule to accept the icmp-echo requests protocol packets
1298 7. From cord-tester ping to 8.8.8.8
1299 8. Verifying the ping should success
1300 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1301 if not vcpe_name:
1302 vcpe_name = self.vcpe_container
1303 if not vcpe_intf:
1304 vcpe_intf = self.vcpe_dhcp
1305 df = defer.Deferred()
1306 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1307 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1308 df.callback(0)
1309 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1310 host = '8.8.8.8'
1311 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1312 try:
1313 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1314 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1315 assert_equal(st, False)
1316 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1317 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1318 assert_equal(st, True)
1319 st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name))
1320 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1321 assert_equal(st,False)
1322 finally:
1323 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1324 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name))
1325 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1326 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1327 df.callback(0)
1328 reactor.callLater(0, vcpe_firewall, df)
1329 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1330
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1331 @deferred(TIMEOUT)
1332 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None):
1333 """
1334 Algo:
1335 1. Get vSG corresponding to vcpe
1336 2. Login to compute node
1337 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets
1338 4. From cord-tester ping to 8.8.8.8
1339 5. Verifying the ping should not success
1340 6. Insert another rule to accept the icmp-echo requests protocol packets
1341 7. From cord-tester ping to 8.8.8.8
1342 8. Verifying the ping should success
1343 """
1344 if not vcpe_name:
1345 vcpe_name = self.vcpe_container
1346 if not vcpe_intf:
1347 vcpe_intf = self.vcpe_dhcp
1348 df = defer.Deferred()
1349 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1350 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1351 df.callback(0)
1352 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1353 host = '8.8.8.8'
1354 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1355 try:
1356 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1357 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1358 assert_equal(st, False)
1359 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1360 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1361 assert_equal(st, True)
1362 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name))
1363 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1364 assert_equal(st,False)
1365 finally:
1366 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1367 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name))
1368 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1369 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1370 df.callback(0)
1371 reactor.callLater(0, vcpe_firewall, df)
1372 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1373
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1374 @deferred(TIMEOUT)
1375 def test_vsg_firewall_for_deny_icmp_protocol(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1376 """
1377 Algo:
1378 1. Get vSG corresponding to vcpe
1379 2. Login to compute node
1380 3. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1381 4. From cord-tester ping to 8.8.8.8
1382 5. Verifying that ping should not be successful
1383 6. Delete the iptable rule
1384 7. From cord-tester ping to 8.8.8.8
1385 8. Verifying the ping should success
1386 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1387 if not vcpe_name:
1388 vcpe_name = self.vcpe_container
1389 if not vcpe_intf:
1390 vcpe_intf = self.vcpe_dhcp
1391 df = defer.Deferred()
1392 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1393 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1394 df.callback(0)
1395 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1396 host = '8.8.8.8'
1397 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1398 try:
1399 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1400 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1401 assert_equal(st, False)
1402 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1403 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1404 assert_equal(st, True)
1405 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1406 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1407 assert_equal(st,False)
1408 finally:
1409 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1410 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1411 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1412 df.callback(0)
1413 reactor.callLater(0, vcpe_firewall, df)
1414 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1415
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1416 @deferred(TIMEOUT)
1417 def test_vsg_firewall_rule_deny_icmp_protocol_and_destination_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1418 """
1419 Algo:
1420 1. Get vSG corresponding to vcpe
1421 2. Login to compute node
1422 3. Execute iptable command on vcpe from compute node to deny a destination IP
1423 4. From cord-tester ping to 8.8.8.8
1424 5. Verifying that ping should not be successful
1425 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1426 7. From cord-tester ping to 8.8.8.8
1427 8. Verifying the ping should success
1428 9. Delete the rule added in step 3
1429 10. From cord-tester ping to 8.8.8.8
1430 11. Verifying that ping should not be successful
1431 12. Delete the rule added in step 6
1432 13. From cord-tester ping to 8.8.8.8
1433 14. Verifying the ping should success
1434 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1435 if not vcpe_name:
1436 vcpe_name = self.vcpe_container
1437 if not vcpe_intf:
1438 vcpe_intf = self.vcpe_dhcp
1439 df = defer.Deferred()
1440 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1441 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1442 df.callback(0)
1443 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1444 host = '8.8.8.8'
1445 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1446 try:
1447 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1448 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1449 assert_equal(st, False)
1450 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1451 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1452 assert_equal(st, True)
1453 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1454 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1455 assert_equal(st, True)
1456 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1457 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1458 assert_equal(st, True)
1459 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1460 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1461 assert_equal(st,False)
1462 finally:
1463 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1464 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1465 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1466 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1467 df.callback(0)
1468 reactor.callLater(0, vcpe_firewall, df)
1469 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1470
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1471 @deferred(TIMEOUT) #Fail
1472 def test_vsg_firewall_flushing_all_configured_rules(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1473 """
1474 Algo:
1475 1. Get vSG corresponding to vcpe
1476 2. Login to compute node
1477 3. Execute iptable command on vcpe from compute node to deny a destination IP
1478 4. From cord-tester ping to 8.8.8.8
1479 5. Verifying that ping should not be successful
1480 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1481 7. From cord-tester ping to 8.8.8.8
1482 8. Verifying the ping should success
1483 9. Flush all the iptable rules configuraed in vcpe
1484 10. Delete the rule added in step 6
1485 11. From cord-tester ping to 8.8.8.8
1486 12. Verifying the ping should success
1487 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1488 if not vcpe_name:
1489 vcpe_name = self.vcpe_container
1490 if not vcpe_intf:
1491 vcpe_intf = self.vcpe_dhcp
1492 df = defer.Deferred()
1493 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1494 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1495 df.callback(0)
1496 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1497 host = '8.8.8.8'
1498 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1499 try:
1500 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1501 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1502 assert_equal(st, False)
1503 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1504 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1505 assert_equal(st, True)
1506 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1507 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1508 assert_equal(st, True)
1509 st,output = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name))
1510 time.sleep(1)
1511 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1512 assert_equal(st, False)
1513 finally:
1514 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1515 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1516 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1517 df.callback(0)
1518 reactor.callLater(0, vcpe_firewall, df)
1519 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1520
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1521 @deferred(TIMEOUT)
1522 def test_vsg_firewall_deny_all_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1523 """
1524 Algo:
1525 1. Get vSG corresponding to vcpe
1526 2. Login to compute node
1527 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic
1528 4. From cord-tester ping to 8.8.8.8
1529 5. Verifying that ping should not be successful
1530 6. Delete the iptable rule added
1531 7. From cord-tester ping to 8.8.8.8
1532 8. Verifying the ping should success
1533 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1534 if not vcpe_name:
1535 vcpe_name = self.vcpe_container
1536 if not vcpe_intf:
1537 vcpe_intf = self.vcpe_dhcp
1538 df = defer.Deferred()
1539 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1540 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1541 df.callback(0)
1542 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1543 host = '8.8.8.8'
1544 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1545 try:
1546 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1547 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1548 assert_equal(st, False)
1549 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1550 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1551 assert_equal(st, True)
1552 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1553 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1554 assert_equal(st, False)
1555 finally:
1556 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1557 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1558 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1559 df.callback(0)
1560 reactor.callLater(0, vcpe_firewall, df)
1561 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1562
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1563 @deferred(TIMEOUT)
1564 def test_vsg_firewall_replacing_deny_rule_to_accept_rule_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1565 """
1566 Algo:
1567 1. Get vSG corresponding to vcpe
1568 2. Login to compute node
1569 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic
1570 4. From cord-tester ping to 8.8.8.8
1571 5. Verifying that ping should not be successful
1572 6. Replace the deny rule added in step 3 with accept rule
1573 7. From cord-tester ping to 8.8.8.8
1574 8. Verifying the ping should success
1575 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1576 if not vcpe_name:
1577 vcpe_name = self.vcpe_container
1578 if not vcpe_intf:
1579 vcpe_intf = self.vcpe_dhcp
1580 df = defer.Deferred()
1581 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1582 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1583 df.callback(0)
1584 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1585 host = '8.8.8.8'
1586 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1587 try:
1588 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1589 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1590 assert_equal(st, False)
1591 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1592 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1593 assert_equal(st, True)
1594 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -4 -j ACCEPT'.format(vcpe_name))
1595 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1596 assert_equal(st, False)
1597 finally:
1598 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1599 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1600 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1601 df.callback(0)
1602 reactor.callLater(0, vcpe_firewall, df)
1603 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1604
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1605 @deferred(TIMEOUT)
1606 def test_vsg_firewall_deny_all_traffic_coming_on_lan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
1607 """
1608 Algo:
1609 1. Get vSG corresponding to vcpe
1610 2. Login to compute node
1611 3. Execute iptable command on vcpe from compute node to deny all the traffic coming on lan interface inside vcpe container
1612 4. From cord-tester ping to 8.8.8.8
1613 5. Verifying the ping should not success
1614 6. Delete the iptable rule added
1615 7. From cord-tester ping to 8.8.8.8
1616 8. Verifying the ping should success
1617 """
1618 if not vcpe_name:
1619 vcpe_name = self.vcpe_container
1620 if not vcpe_intf:
1621 vcpe_intf = self.vcpe_dhcp
1622 df = defer.Deferred()
1623 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1624 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1625 df.callback(0)
1626 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1627 host = '8.8.8.8'
1628 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1629 try:
1630 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1631 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1632 assert_equal(st, False)
1633 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -j DROP'.format(vcpe_name))
1634 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1635 assert_equal(st, True)
1636 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name))
1637 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1638 assert_equal(st, False)
1639 finally:
1640 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name))
1641 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1642 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1643 df.callback(0)
1644 reactor.callLater(0, vcpe_firewall, df)
1645 return df
1646
1647 @deferred(TIMEOUT)
1648 def test_vsg_firewall_deny_all_traffic_going_out_of_wan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
1649 """
1650 Algo:
1651 1. Get vSG corresponding to vcpe
1652 2. Login to compute node
1653 3. Execute iptable command on vcpe from compute node to deny all the traffic going out of wan interface inside vcpe container
1654 4. From cord-tester ping to 8.8.8.8
1655 5. Verifying the ping should not success
1656 6. Delete the iptable rule added
1657 7. From cord-tester ping to 8.8.8.8
1658 8. Verifying the ping should success
1659 """
1660 if not vcpe_name:
1661 vcpe_name = self.vcpe_container
1662 if not vcpe_intf:
1663 vcpe_intf = self.vcpe_dhcp
1664 df = defer.Deferred()
1665 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1666 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1667 df.callback(0)
1668 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1669 host = '8.8.8.8'
1670 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1671 try:
1672 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1673 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1674 assert_equal(st, False)
1675 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -o eth0 -j DROP'.format(vcpe_name))
1676 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1677 assert_equal(st, True)
1678 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name))
1679 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1680 assert_equal(st, False)
1681 finally:
1682 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name))
1683 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1684 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1685 df.callback(0)
1686 reactor.callLater(0, vcpe_firewall, df)
1687 return df
1688
1689 @deferred(TIMEOUT)
1690 def test_vsg_firewall_deny_all_traffic_from_lan_to_wan_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1691 """
1692 Algo:
1693 1. Get vSG corresponding to vcpe
1694 2. Login to compute node
1695 3. Execute iptable command on vcpe from compute node to deny all the traffic from lan to wan interface in vcpe
1696 4. From cord-tester ping to 8.8.8.8
1697 5. Verifying that ping should not be successful
1698 6. Delete the iptable rule added
1699 7. From cord-tester ping to 8.8.8.8
1700 8. Verifying the ping should success
1701 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1702 if not vcpe_name:
1703 vcpe_name = self.vcpe_container
1704 if not vcpe_intf:
1705 vcpe_intf = self.vcpe_dhcp
1706 df = defer.Deferred()
1707 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1708 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1709 df.callback(0)
1710 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1711 host = '8.8.8.8'
1712 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1713 try:
1714 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1715 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1716 assert_equal(st, False)
1717 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1718 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1719 assert_equal(st, True)
1720 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1721 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1722 assert_equal(st, False)
1723 finally:
1724 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1725 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1726 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1727 df.callback(0)
1728 reactor.callLater(0, vcpe_firewall, df)
1729 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1730
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1731
1732 #this test case needs modification.default route should be vcpe interface to run this test case
1733 @deferred(TIMEOUT)
1734 def test_vsg_firewall_deny_all_dns_traffic(self,vcpe_name=None,vcpe_intf=None):
1735 """
1736 Algo:
1737 1. Get vSG corresponding to vcpe
1738 2. Login to compute node
1739 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1740 4. From cord-tester ping to www.google.com
1741 5. Verifying the ping should not success
1742 6. Delete the iptable rule added
1743 7. From cord-tester ping to www.google.com
1744 8. Verifying the ping should success
1745 """
1746 if not vcpe_name:
1747 vcpe_name = self.vcpe_container
1748 if not vcpe_intf:
1749 vcpe_intf = self.vcpe_dhcp
1750 df = defer.Deferred()
1751 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1752 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1753 df.callback(0)
1754 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1755 host = 'www.msn.com'
1756 host_ip = '131.253.33.203'
1757 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1758 try:
1759 self.add_static_route_via_vcpe_interface([host_ip],vcpe=self.vcpe_dhcp)
1760 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1761 assert_equal(st, False)
1762 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name))
1763 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1764 assert_equal(st, True)
1765 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p udp --dport 53 -j ACCEPT'.format(vcpe_name))
1766 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1767 assert_equal(st, False)
1768 finally:
1769 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name))
1770 self.del_static_route_via_vcpe_interface([host_ip],vcpe=vcpe_intf)
1771 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1772 df.callback(0)
1773 reactor.callLater(0, vcpe_firewall, df)
1774 return df
1775
1776 @deferred(TIMEOUT)
1777 def test_vsg_firewall_deny_all_ipv4_traffic_vcpe_container_restart(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1778 """
1779 Algo:
1780 1. Get vSG corresponding to vcpe
1781 2. Login to compute node
1782 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1783 4. From cord-tester ping to www.google.com
1784 5. Verifying that ping should not be successful
1785 6. Delete the iptable rule added
1786 7. From cord-tester ping to www.google.com
1787 8. Verifying the ping should success
1788 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1789 if not vcpe_name:
1790 vcpe_name = self.vcpe_container
1791 if not vcpe_intf:
1792 vcpe_intf = self.vcpe_dhcp
1793 df = defer.Deferred()
1794 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1795 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1796 df.callback(0)
1797 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1798 host = '8.8.8.8'
1799 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1800 try:
1801 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1802 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1803 assert_equal(st, False)
1804 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1805 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1806 assert_equal(st, True)
1807 st,output = vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1808 time.sleep(3)
1809 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1810 assert_equal(st, False)
1811 finally:
1812 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1813 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1814 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1815 df.callback(0)
1816 reactor.callLater(0, vcpe_firewall, df)
1817 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1818
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1819 @deferred(TIMEOUT)
1820 def test_vsg_dnat_modifying_destination_ip(self,vcpe_name=None,vcpe_intf=None):
1821 """
1822 Algo:
1823 1. Get vSG corresponding to vcpe
1824 2. Login to compute node
1825 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1826 4. From cord-tester ping to www.google.com
1827 5. Verifying the ping should not success
1828 6. Delete the iptable rule added
1829 7. From cord-tester ping to www.google.com
1830 8. Verifying the ping should success
1831 """
1832 if not vcpe_name:
1833 vcpe_name = self.vcpe_container
1834 if not vcpe_intf:
1835 vcpe_intf = self.vcpe_dhcp
1836 df = defer.Deferred()
1837 def vcpe_firewall(df):
1838 host = '8.8.8.8'
1839 dst_ip = '123.123.123.123'
1840 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1841 try:
1842 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1843 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1844 assert_equal(st, False)
1845 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1846 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1847 assert_equal(st, True)
1848 finally:
1849 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1850 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1851 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1852 df.callback(0)
1853 reactor.callLater(0,vcpe_firewall,df)
1854 return df
1855
1856 @deferred(TIMEOUT)
1857 def test_vsg_dnat_modifying_destination_ip_and_delete(self,vcpe_name=None,vcpe_intf=None):
1858 """
1859 Algo:
1860 1. Get vSG corresponding to vcpe
1861 2. Login to compute node
1862 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1863 4. From cord-tester ping to www.google.com
1864 5. Verifying the ping should not success
1865 6. Delete the iptable rule added
1866 7. From cord-tester ping to www.google.com
1867 8. Verifying the ping should success
1868 """
1869 if not vcpe_name:
1870 vcpe_name = self.vcpe_container
1871 if not vcpe_intf:
1872 vcpe_intf = self.vcpe_dhcp
1873 df = defer.Deferred()
1874 def vcpe_firewall(df):
1875 host = '8.8.8.8'
1876 dst_ip = '123.123.123.123'
1877 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1878 try:
1879 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1880 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1881 assert_equal(st, False)
1882 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1883 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1884 assert_equal(st, True)
1885 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1886 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1887 assert_equal(st, False)
1888 finally:
1889 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1890 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1891 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1892 df.callback(0)
1893 reactor.callLater(0,vcpe_firewall,df)
1894 return df
1895
1896 @deferred(TIMEOUT)
1897 def test_vsg_dnat_change_modifying_destination_ip_address(self,vcpe_name=None,vcpe_intf=None):
1898 """
1899 Algo:
1900 1. Get vSG corresponding to vcpe
1901 2. Login to compute node
1902 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1903 4. From cord-tester ping to www.google.com
1904 5. Verifying the ping should not success
1905 6. Delete the iptable rule added
1906 7. From cord-tester ping to www.google.com
1907 8. Verifying the ping should success
1908 """
1909 if not vcpe_name:
1910 vcpe_name = self.vcpe_container
1911 if not vcpe_intf:
1912 vcpe_intf = self.vcpe_dhcp
1913 df = defer.Deferred()
1914 def vcpe_firewall(df):
1915 host = '8.8.8.8'
1916 dst_ip = '123.123.123.123'
1917 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1918 try:
1919 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1920 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1921 assert_equal(st, False)
1922 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1923 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1924 assert_equal(st, True)
1925 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -R PREROUTING 1 -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,host))
1926 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1927 assert_equal(st, False)
1928 finally:
1929 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1930 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,host))
1931 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1932 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1933 df.callback(0)
1934 reactor.callLater(0,vcpe_firewall,df)
1935 return df
1936
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]1937 def vsg_xos_subscriber_create(self, index):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1938 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1939 return
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]1940 subscriber_info = self.subscriber_info[index]
1941 volt_subscriber_info = self.volt_subscriber_info[index]
A R Karthickd0b06792017-04-25 15:11:23 -0700[diff] [blame]1942 s_tag = int(volt_subscriber_info['voltTenant']['s_tag'])
1943 c_tag = int(volt_subscriber_info['voltTenant']['c_tag'])
1944 vcpe = 'vcpe-{}-{}'.format(s_tag, c_tag)
1945 log.info('Creating tenant with s_tag: %d, c_tag: %d' %(s_tag, c_tag))
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]1946 subId = ''
1947 try:
1948 result = self.restApiXos.ApiPost('TENANT_SUBSCRIBER', subscriber_info)
1949 assert_equal(result, True)
1950 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
1951 assert_not_equal(result, None)
1952 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
1953 assert_not_equal(subId, '0')
1954 log.info('Subscriber ID for account num %d = %s' %(volt_subscriber_info['account_num'], subId))
1955 volt_tenant = volt_subscriber_info['voltTenant']
1956 #update the subscriber id in the tenant info before making the rest
1957 volt_tenant['subscriber'] = subId
1958 result = self.restApiXos.ApiPost('TENANT_VOLT', volt_tenant)
1959 assert_equal(result, True)
1960 #if the vsg instance was already instantiated, then reduce delay
1961 if c_tag % self.subscribers_per_s_tag == 0:
1962 delay = 350
1963 else:
1964 delay = 90
1965 log.info('Delaying %d seconds for the VCPE to be provisioned' %(delay))
1966 time.sleep(delay)
1967 log.info('Testing for external connectivity to VCPE %s' %(vcpe))
1968 self.vsg_for_external_connectivity(index)
1969 finally:
1970 self.vsg_xos_subscriber_delete(index, subId = subId)
1971
1972 def vsg_xos_subscriber_delete(self, index, subId = ''):
1973 if self.on_pod is False:
1974 return
1975 subscriber_info = self.subscriber_info[index]
1976 volt_subscriber_info = self.volt_subscriber_info[index]
1977 s_tag = int(volt_subscriber_info['voltTenant']['s_tag'])
1978 c_tag = int(volt_subscriber_info['voltTenant']['c_tag'])
1979 vcpe = 'vcpe-{}-{}'.format(s_tag, c_tag)
1980 log.info('Deleting tenant with s_tag: %d, c_tag: %d' %(s_tag, c_tag))
1981 if not subId:
1982 #get the subscriber id first
1983 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
1984 assert_not_equal(result, None)
1985 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
1986 assert_not_equal(subId, '0')
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]1987 #get the volt id for the subscriber
1988 result = self.restApiXos.ApiGet('TENANT_VOLT')
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]1989 assert_not_equal(result, None)
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]1990 voltId = self.getVoltId(result, subId)
1991 assert_not_equal(voltId, None)
A R Karthicka385cea2017-04-26 10:12:43 -0700[diff] [blame^]1992 log.info('Deleting subscriber ID %s for account num %d' %(subId, volt_subscriber_info['account_num']))
1993 status = self.restApiXos.ApiDelete('TENANT_SUBSCRIBER', subId)
1994 assert_equal(status, True)
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]1995 #Delete the tenant
1996 log.info('Deleting VOLT Tenant ID %s for subscriber %s' %(voltId, subId))
1997 status = self.restApiXos.ApiDelete('TENANT_VOLT', voltId)
1998 assert_equal(status, True)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]1999
2000 def test_vsg_xos_subscriber(self):
2001 self.vsg_xos_subscriber_create(0)
2002
2003 def test_vsg_xos_subscriber_2(self):
2004 self.vsg_xos_subscriber_create(1)
2005
2006 def test_vsg_xos_subscriber_3(self):
2007 self.vsg_xos_subscriber_create(2)
2008
2009 def test_vsg_xos_subscriber_4(self):
2010 self.vsg_xos_subscriber_create(3)
2011
2012 def test_vsg_xos_subscriber_5(self):
2013 self.vsg_xos_subscriber_create(4)
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]2014
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]2015 def test_vsg_for_dns_service(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2016 """
2017 Algo:
2018 1. Create a test client in Prod VM
2019 2. Create a vCPE container in vSG VM inside compute Node
2020 3. Ensure vSG VM and vCPE container created properly
2021 4. Enable dns service in vCPE ( if not by default )
2022 5. Send ping request from test client to valid domain address say, 'www.google'com
2023 6. Verify that dns should resolve ping should success
2024 7. Now send ping request to invalid domain address say 'www.invalidaddress'.com'
2025 8. Verify that dns resolve should fail and hence ping
2026 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2027
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2028 def test_vsg_for_10_subscribers_for_same_service(self):
2029 """
2030 Algo:
2031 1.Create a vSG VM in compute node
2032 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
2033 3.Ensure vSG VM and vCPE container created properly
2034 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to valid external public IP
2035 5.Verify that ping success for all 10 subscribers
2036 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2037
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2038 def test_vsg_for_10_subscribers_for_same_service_ping_invalid_ip(self):
2039 """
2040 Algo:
2041 1.Create a vSG VM in compute Node
2042 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
2043 3.Ensure vSG VM and vCPE container created properly
2044 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to invalid IP
2045 5.Verify that ping fails for all 10 subscribers
2046 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2047
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2048 def test_vsg_for_10_subscribers_for_same_service_ping_valid_and_invalid_ip(self):
2049 """
2050 Algo:
2051 1.Create a vSG VM in VM
2052 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
2053 3.Ensure vSG VM and vCPE container created properly
2054 4.From first 5 subscribers, with same s-tag and different c-tag, send a ping to valid IP
2055 5.Verify that ping success for all 5 subscribers
2056 6.From next 5 subscribers, with same s-tag and different c-tag, send a ping to invalid IP
2057 7.Verify that ping fails for all 5 subscribers
2058 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2059
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2060 def test_vsg_for_100_subscribers_for_same_service(self):
2061 """
2062 Algo:
2063 1.Create a vSG VM in compute node
2064 2.Create 100 vCPE containers for 100 subscribers, in vSG VM
2065 3.Ensure vSG VM and vCPE container created properly
2066 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to valid external public IP
2067 5.Verify that ping success for all 100 subscribers
2068 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2069
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2070 def test_vsg_for_100_subscribers_for_same_service_ping_invalid_ip(self):
2071 """
2072 Algo:
2073 1.Create a vSG VM in compute Node
2074 2.Create 10 vCPE containers for 100 subscribers, in vSG VM
2075 3.Ensure vSG VM and vCPE container created properly
2076 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to invalid IP
2077 5.Verify that ping fails for all 100 subscribers
2078 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2079
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2080 def test_vsg_for_100_subscribers_for_same_service_ping_valid_and_invalid_ip(self):
2081 """
2082 Algo:
2083 1.Create a vSG VM in VM
2084 2.Create 10 vCPE containers for 100 subscribers, in vSG VM
2085 3.Ensure vSG VM and vCPE container created properly
2086 4.From first 5 subscribers, with same s-tag and different c-tag, send a ping to valid IP
2087 5.Verify that ping success for all 5 subscribers
2088 6.From next 5 subscribers, with same s-tag and different c-tag, send a ping to invalid IP
2089 7.Verify that ping fails for all 5 subscribers
2090 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2091
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2092 def test_vsg_for_packet_received_with_invalid_ip_fields(self):
2093 """
2094 Algo:
2095 1.Create a vSG VM in compute node
2096 2.Create a vCPE container in vSG VM
2097 3.Ensure vSG VM and vCPE container created properly
2098 4.From subscriber, send a ping packet with invalid ip fields
2099 5.Verify that vSG drops the packet
2100 6.Verify ping fails
2101 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2102
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2103 def test_vsg_for_packet_received_with_invalid_mac_fields(self):
2104 """
2105 Algo:
2106 1.Create a vSG VM in compute node
2107 2.Create a vCPE container in vSG VM
2108 3.Ensure vSG VM and vCPE container created properly
2109 4.From subscriber, send a ping packet with invalid mac fields
2110 5.Verify that vSG drops the packet
2111 6.Verify ping fails
2112 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2113
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2114 def test_vsg_for_vlan_id_mismatch_in_stag(self):
2115 """
2116 Algo:
2117 1.Create a vSG VM in compute Node
2118 2.Create a vCPE container in vSG VM
2119 3.Ensure vSG VM and vCPE container created properly
2120 4.Send a ping request to external valid IP from subscriber, with incorrect vlan id in s-tag and valid c-tag
2121 5.Verify that ping fails as the packet drops at VM entry
2122 6.Repeat step 4 with correct s-tag
2123 7.Verify that ping success
2124 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2125
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2126 def test_vsg_for_vlan_id_mismatch_in_ctag(self):
2127 """
2128 Algo:
2129 1.Create a vSG VM in compute node
2130 2.Create a vCPE container in vSG VM
2131 3.Ensure vSG VM and vCPE container created properly
2132 4.Send a ping request to external valid IP from subscriber, with valid s-tag and incorrect vlan id in c-tag
2133 5.Verify that ping fails as the packet drops at vCPE container entry
2134 6.Repeat step 4 with valid s-tag and c-tag
2135 7.Verify that ping success
2136 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2137
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2138 def test_vsg_for_matching_and_mismatching_vlan_id_in_stag(self):
2139 """
2140 Algo:
2141 1.Create two vSG VMs in compute node
2142 2.Create a vCPE container in each vSG VM
2143 3.Ensure vSG VM and vCPE container created properly
2144 4.From subscriber one, send ping request with valid s and c tags
2145 5.From subscriber two, send ping request with vlan id mismatch in s-tag and valid c tags
2146 6.Verify that ping success for only subscriber one and fails for two.
2147 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2148
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2149 def test_vsg_for_matching_and_mismatching_vlan_id_in_ctag(self):
2150 """
2151 Algo:
2152 1.Create a vSG VM in compute node
2153 2.Create two vCPE containers in vSG VM
2154 3.Ensure vSG VM and vCPE container created properly
2155 4.From subscriber one, send ping request with valid s and c tags
2156 5.From subscriber two, send ping request with valid s-tag and vlan id mismatch in c-tag
2157 6.Verify that ping success for only subscriber one and fails for two
2158 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2159
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2160 def test_vsg_for_out_of_range_vlanid_in_ctag(self):
2161 """
2162 Algo:
2163 1.Create a vSG VM in compute node
2164 2.Create a vCPE container in vSG VM
2165 3.Ensure vSG VM and vCPE container created properly
2166 4.From subscriber, send ping request with valid stag and vlan id in c-tag is an out of range value ( like 0,4097 )
2167 4.Verify that ping fails as the ping packets drops at vCPE container entry
2168 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2169
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2170 def test_vsg_for_out_of_range_vlanid_in_stag(self):
2171 """
2172 Algo:
2173 1.Create a vSG VM in compute node
2174 2.Create a vCPE container in vSG VM
2175 3.Ensure vSG VM and vCPE container created properly
2176 2.From subscriber, send ping request with vlan id in s-tag is an out of range value ( like 0,4097 ), with valid c-tag
2177 4.Verify that ping fails as the ping packets drops at vSG VM entry
2178 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2179
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2180 def test_vsg_without_creating_vcpe_instance(self):
2181 """
2182 Algo:
2183 1.Create a vSG VM in compute Node
2184 2.Ensure vSG VM created properly
2185 3.Do not create vCPE container inside vSG VM
2186 4.From a subscriber, send ping to external valid IP
2187 5.Verify that ping fails as the ping packet drops at vSG VM entry itself.
2188 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2189
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2190 def test_vsg_for_remove_vcpe_instance(self):
2191 """
2192 Algo:
2193 1.Create a vSG VM in compute node
2194 2.Create a vCPE container in vSG VM
2195 3.Ensure vSG VM and vCPE container created properly
2196 4.From subscriber, send ping request with valid s-tag and c-tag
2197 5.Verify that ping success
2198 6.Verify ping success flows in OvS switch in compute node
2199 7.Now remove the vCPE container in vSG VM
2200 8.Ensure that the container removed properly
2201 9.Repeat step 4
2202 10.Verify that now, ping fails
2203 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2204
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2205 def test_vsg_for_restart_vcpe_instance(self):
2206 """
2207 Algo:
2208 1.Create a vSG VM in compute node
2209 2.Create a vCPE container in vSG VM
2210 3.Ensure vSG VM and vCPE container created properly
2211 4.From subscriber, send ping request with valid s-tag and c-tag
2212 5.Verify that ping success
2213 6.Verify ping success flows in OvS switch in compute node
2214 7.Now restart the vCPE container in vSG VM
2215 8.Ensure that the container came up after restart
2216 9.Repeat step 4
2217 10.Verify that now,ping gets success and flows added in OvS
2218 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2219
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2220 def test_vsg_for_restart_vsg_vm(self):
2221 """
2222 Algo:
2223 1.Create a vSG VM in compute node
2224 2.Create a vCPE container in vSG VM
2225 3.Ensure vSG VM and vCPE container created properly
2226 4.From subscriber, send ping request with valid s-tag and c-tag
2227 5.Verify that ping success
2228 6.Verify ping success flows in OvS switch in compute node
2229 7.Now restart the vSG VM
2230 8.Ensure that the vSG comes up properly after restart
2231 9.Verify that vCPE container comes up after vSG restart
2232 10.Repeat step 4
2233 11.Verify that now,ping gets success and flows added in OvS
2234 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2235
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2236 def test_vsg_for_pause_vcpe_instance(self):
2237 """
2238 Algo:
2239 1.Create a vSG VM in compute node
2240 2.Create a vCPE container in vSG VM
2241 3.Ensure vSG VM and vCPE container created properly
2242 4.From subscriber, send ping request with valid s-tag and c-tag
2243 5.Verify that ping success
2244 6.Verify ping success flows in OvS switch in compute node
2245 7.Now pause vCPE container in vSG VM for a while
2246 8.Ensure that the container state is pause
2247 9.Repeat step 4
2248 10.Verify that now,ping fails now and verify flows in OvS
2249 11.Now resume the container
2250 12.Now repeat step 4 again
2251 13.Verify that now, ping gets success
2252 14.Verify ping success flows in OvS
2253 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2254
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2255 def test_vsg_for_extract_all_compute_stats_from_all_vcpe_containers(self):
2256 """
2257 Algo:
2258 1.Create a vSG VM in compute node
2259 2.Create 10 vCPE containers in VM
2260 3.Ensure vSG VM and vCPE containers created properly
2261 4.Login to all vCPE containers
2262 4.Get all compute stats from all vCPE containers
2263 5.Verify the stats # verification method need to add
2264 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2265
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2266 def test_vsg_for_extract_dns_stats_from_all_vcpe_containers(self):
2267 """
2268 Algo:
2269 1.Create a vSG VM in compute node
2270 2.Create 10 vCPE containers in VM
2271 3.Ensure vSG VM and vCPE containers created properly
2272 4.From 10 subscribers, send ping to valid and invalid dns hosts
2273 5.Verify dns resolves and ping success for valid dns hosts
2274 6.Verify ping fails for invalid dns hosts
2275 7.Verify dns host name resolve flows in OvS
2276 8.Login to all 10 vCPE containers
2277 9.Extract all dns stats
2278 10.Verify dns stats for queries sent, queries received for dns host resolve success and failed scenarios
2279 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2280
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2281 def test_vsg_for_subscriber_access_two_vsg_services(self):
2282 """
2283 # Intention is to verify if subscriber can reach internet via two vSG VMs
2284 Algo:
2285 1.Create two vSG VMs for two services in compute node
2286 2.Create one vCPE container in each VM for one subscriber
2287 3.Ensure VMs and containers created properly
2288 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2289 5.Verify ping gets success
2290 6.Verify ping success flows in OvS
2291 7.Now repeat step 4 with stag corresponds to vSG-2 VM
2292 8.Verify that ping again success
2293 9.Verify ping success flows in OvS
2294 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2295
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2296 def test_vsg_for_subscriber_access_service2_if_service1_goes_down(self):
2297 """
2298 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
2299 Algo:
2300 1.Create two vSG VMs for two services in compute node
2301 2.Create one vCPE container in each VM for one subscriber
2302 3.Ensure VMs and containers created properly
2303 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2304 5.Verify ping gets success
2305 6.Verify ping success flows in OvS
2306 7.Down the vSG-1 VM
2307 8.Now repeat step 4
2308 9.Verify that ping fails as vSG-1 is down
2309 10.Repeat step 4 with stag corresponding to vSG-2
2310 9.Verify ping success and flows added in OvS
2311 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2312
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2313 def test_vsg_for_subscriber_access_service2_if_service1_goes_restart(self):
2314 """
2315 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
2316 Algo:
2317 1.Create two vSG VMs for two services in compute node
2318 2.Create one vCPE container in each VM for one subscriber
2319 3.Ensure VMs and containers created properly
2320 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2321 5.Verify ping gets success
2322 6.Verify ping success flows added in OvS
2323 7.Now restart vSG-1 VM
2324 8.Now repeat step 4 while vSG-1 VM restarts
2325 9.Verify that ping fails as vSG-1 is restarting
2326 10.Repeat step 4 with stag corresponding to vSG-2 while vSG-1 VM restarts
2327 11.Verify ping success and flows added in OvS
2328 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2329
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2330 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_goes_down(self):
2331 """
2332 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
2333 Algo:
2334 1.Create a vSG VM in compute node
2335 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2336 3.Ensure VM and containers created properly
2337 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2338 5.Verify ping gets success
2339 6.Verify ping success flows added in OvS
2340 7.Now stop vCPE-1 container
2341 8.Now repeat step 4
2342 9.Verify that ping fails as vCPE-1 container is down
2343 10.Repeat step 4 with ctag corresponding to vCPE-2 container
2344 11.Verify ping success and flows added in OvS
2345 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2346
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2347 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_restart(self):
2348 """
2349 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
2350 Algo:
2351 1.Create a vSG VM in compute node
2352 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2353 3.Ensure VM and containers created properly
2354 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2355 5.Verify ping gets success
2356 6.Verify ping success flows added in OvS
2357 7.Now restart vCPE-1 container
2358 8.Now repeat step 4 while vCPE-1 restarts
2359 9.Verify that ping fails as vCPE-1 container is restarts
2360 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 restarts
2361 11..Verify ping success and flows added in OvS
2362 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2363
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2364 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_pause(self):
2365 """
2366 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 paused
2367 Algo:
2368 1.Create a vSG VM in compute node
2369 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2370 3.Ensure VM and containers created properly
2371 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2372 5.Verify ping gets success
2373 6.Verify ping success flows added in OvS
2374 7.Now pause vCPE-1 container
2375 8.Now repeat step 4 while vCPE-1 in pause state
2376 9.Verify that ping fails as vCPE-1 container in pause state
2377 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 in pause state
2378 11.Verify ping success and flows added in OvS
2379 """
2380 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_removed(self):
2381 """
2382 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 removed
2383 Algo:
2384 1.Create a vSG VM in compute node
2385 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2386 3.Ensure VM and containers created properly
2387 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2388 5.Verify ping gets success
2389 6.Verify ping success flows added in OvS
2390 7.Now remove vCPE-1 container
2391 8.Now repeat step 4
2392 9.Verify that ping fails as vCPE-1 container removed
2393 10.Repeat step 4 with ctag corresponding to vCPE-2 container
2394 11.Verify ping success and flows added in OvS
2395 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2396
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2397 def test_vsg_for_vcpe_instance_removed_and_added_again(self):
2398 """
2399 Algo:
2400 1.Create a vSG VM in compute node
2401 2.Create a vCPE container in vSG VM
2402 3.Ensure VM and containers created properly
2403 4.From subscriber end, send ping to public IP
2404 5.Verify ping gets success
2405 6.Verify ping success flows added in OvS
2406 7.Now remove vCPE container in vSG VM
2407 8.Now repeat step 4
2408 9.Verify that ping fails as vCPE container removed
2409 10.Create the vCPE container again for the same subscriber
2410 11.Ensure that vCPE created now
2411 12.Now repeat step 4
2412 13.Verify ping success and flows added in OvS
2413 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2414
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2415 def test_vsg_for_vsg_vm_removed_and_added_again(self):
2416 """
2417 Algo:
2418 1.Create a vSG VM in compute node
2419 2.Create a vCPE container in vSG VM
2420 3.Ensure VM and containers created properly
2421 4.From subscriber end, send ping to public IP
2422 5.Verify ping gets success
2423 6.Verify ping success flows added in OvS
2424 7.Now remove vSG VM
2425 8.Now repeat step 4
2426 9.Verify that ping fails as vSG VM not exists
2427 10.Create the vSG VM and vCPE container in VM again
2428 11.Ensure that vSG and vCPE created
2429 12.Now repeat step 4
2430 13.Verify ping success and flows added in OvS
2431 """
2432
2433 #Test vSG - Subscriber Configuration
2434 def test_vsg_for_configuring_new_subscriber_in_vcpe(self):
2435 """
2436 Algo:
2437 1.Create a vSG VM in compute node
2438 2.Create a vCPE container in vSG VM
2439 3.Ensure VM and containers created properly
2440 4.Configure a subscriber in XOS and assign a service id
2441 5.Set the admin privileges to the subscriber
2442 6.Verify subscriber configuration is success
2443 """
2444 def test_vsg_for_adding_subscriber_devices_in_vcpe(self):
2445 """
2446 Algo:
2447 1.Create a vSG VM in compute node
2448 2.Create a vCPE container in vSG VM
2449 3.Ensure VM and containers created properly
2450 4.Configure a subscriber in XOS and assign a service id
2451 5.Verify subscriber successfully configured in vCPE
2452 6.Now add devices( Mac addresses ) under the subscriber admin group
2453 7.Verify all devices ( Macs ) added successfully
2454 """
2455 def test_vsg_for_removing_subscriber_devices_in_vcpe(self):
2456 """
2457 Algo:
2458 1.Create a vSG VM in compute node
2459 2.Create a vCPE container in vSG VM
2460 3.Ensure VM and containers created properly
2461 4.Configure a subscriber in XOS and assign a service id
2462 5.Verify subscriber successfully configured
2463 6.Now add devices( Mac addresses ) under the subscriber admin group
2464 7.Verify all devices ( Macs ) added successfully
2465 8.Now remove All the added devices in XOS
2466 9.Verify all the devices removed
2467 """
2468 def test_vsg_for_modify_subscriber_devices_in_vcpe(self):
2469 """
2470 Algo:
2471 1.Create a vSG VM in compute node
2472 2.Create a vCPE container in vSG VM
2473 3.Ensure VM and containers created properly
2474 4.Configure a user in XOS and assign a service id
2475 5.Verify subscriber successfully configured in vCPE.
2476 6.Now add devices( Mac addresses ) under the subscriber admin group
2477 7.Verify all devices ( Macs ) added successfully
2478 8.Now remove few devices in XOS
2479 9.Verify devices removed successfully
2480 10.Now add few additional devices in XOS under the same subscriber admin group
2481 11.Verify newly added devices successfully added
2482 """
2483 def test_vsg_for_vcpe_login_fails_with_incorrect_subscriber_credentials(self):
2484 """
2485 Algo:
2486 1.Create a vSG VM in compute node
2487 2.Create a vCPE container in vSG VM
2488 3.Ensure VM and containers created properly
2489 4.Configure a subscriber in XOS and assign a service id
2490 5.Verify subscriber successfully configured
2491 6.Now add devices( Mac addresses ) under the subscriber admin group
2492 7.Verify all devices ( Macs ) added successfully
2493 8.Login vCPE with credentials with which subscriber configured
2494 9.Verify subscriber successfully logged in
2495 10.Logout and login again with incorrect credentials ( either user name or password )
2496 11.Verify login attempt to vCPE fails wtih incorrect credentials
2497 """
2498 def test_vsg_for_subscriber_configuration_in_vcpe_retain_after_vcpe_restart(self):
2499 """
2500 Algo:
2501 1.Create a vSG VM in compute node
2502 2.Create a vCPE container in vSG VM
2503 3.Ensure VM and containers created properly
2504 4.Configure a subscriber in XOS and assign a service id
2505 5.Verify subscriber successfully configured
2506 6.Now add devices( Mac addresses ) under the subscriber admin group
2507 7.Verify all devices ( Macs ) added successfully
2508 8.Restart vCPE ( locate backup config path while restart )
2509 9.Verify subscriber details in vCPE after restart should be same as before the restart
2510 """
2511 def test_vsg_for_create_multiple_vcpe_instances_and_configure_subscriber_in_each_instance(self):
2512 """
2513 Algo:
2514 1.Create a vSG VM in compute node
2515 2.Create 2 vCPE containers in vSG VM
2516 3.Ensure VM and containers created properly
2517 4.Configure a subscriber in XOS for each vCPE instance and assign a service id
2518 5.Verify subscribers successfully configured
2519 6.Now login vCPE-2 with subscriber-1 credentials
2520 7.Verify login fails
2521 8.Now login vCPE-1 with subscriber-2 credentials
2522 9.Verify login fails
2523 10.Now login vCPE-1 with subscriber-1 and vCPE-2 with subscriber-2 credentials
2524 11.Verify that both the subscribers able to login to their respective vCPE containers
2525 """
2526 def test_vsg_for_same_subscriber_can_be_configured_for_multiple_services(self):
2527 """
2528 Algo:
2529 1.Create 2 vSG VMs in compute node
2530 2.Create a vCPE container in each vSG VM
2531 3.Ensure VMs and containers created properly
2532 4.Configure same subscriber in XOS for each vCPE instance and assign a service id
2533 5.Verify subscriber successfully configured
2534 6.Now login vCPE-1 with subscriber credentials
2535 7.Verify login success
2536 8.Now login vCPE-2 with the same subscriber credentials
2537 9.Verify login success
2538 """
2539
2540 #Test Example Service
2541 def test_vsg_for_subcriber_avail_example_service_running_in_apache_server(self):
2542 """
2543 Algo:
2544 1.Create a vSG VM in compute node
2545 2.Create a vCPE container in each vSG VM
2546 3.Ensure VM and container created properly
2547 4.Configure a subscriber in XOS for the vCPE instance and assign a service id
2548 5.On-board an example service into cord pod
2549 6.Create a VM in compute node and run the example service ( Apache server )
2550 7.Configure the example service with service specific and subscriber specific messages
2551 8.Verify example service on-boarded successfully
2552 9.Verify example service running in VM
2553 10.Run a curl command from subscriber to reach example service
2554 11.Verify subscriber can successfully reach example service via vSG
2555 12.Verify that service specific and subscriber specific messages
2556 """
2557 def test_vsg_for_subcriber_avail_example_service_running_in_apache_server_after_service_restart(self):
2558 """
2559 Algo:
2560 1.Create a vSG VM in compute node
2561 2.Create a vCPE container in each vSG VM
2562 3.Ensure VM and container created properly
2563 4.Configure a subscriber in XOS for the vCPE instance and assign a service id
2564 5.On-board an example service into cord pod
2565 6.Create a VM in compute node and run the example service ( Apache server )
2566 7.Configure the example service with service specific and subscriber specific messages
2567 8.Verify example service on-boarded successfully
2568 9.Verify example service running in VM
2569 10.Run a curl command from subscriber to reach example service
2570 11.Verify subscriber can successfully reach example service via vSG
2571 12.Verify that service specific and subscriber specific messages
2572 13.Restart example service running in VM
2573 14.Repeat step 10
2574 15.Verify the same results as mentioned in steps 11, 12
2575 """
2576
2577 #vCPE Firewall Functionality
2578 def test_vsg_firewall_for_creating_acl_rule_based_on_source_ip(self):
2579 """
2580 Algo:
2581 1.Create a vSG VM in compute node
2582 2.Create vCPE container in the VM
2583 3.Ensure vSG VM and vCPE container created properly
2584 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
2585 5.Bound the acl rule to WAN interface of vCPE
2586 6.Verify configuration in vCPE is success
2587 8.Verify flows added in OvS
2588 """
2589 def test_vsg_firewall_for_creating_acl_rule_based_on_destination_ip(self):
2590 """
2591 Algo:
2592 1.Create a vSG VM in compute node
2593 2.Create vCPE container in the VM
2594 3.Ensure vSG VM and vCPE container created properly
2595 4.Configure ac acl rule in vCPE to deny IP traffic to a destination ip
2596 5.Bound the acl rule to WAN interface of vCPE
2597 6.Verify configuration in vCPE is success
2598 8.Verify flows added in OvS
2599 """
2600 def test_vsg_firewall_for_acl_deny_rule_based_on_source_ip_traffic(self):
2601 """
2602 Algo:
2603 1.Create a vSG VM in compute node
2604 2.Create vCPE container in the VM
2605 3.Ensure vSG VM and vCPE container created properly
2606 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
2607 5.Bound the acl rule to WAN interface of vCPE
2608 6.From subscriber, send ping to the denied IP address
2609 7.Verify that ping fails as vCPE denies ping response
2610 8.Verify flows added in OvS
2611 """
2612 def test_vsg_firewall_for_acl_deny_rule_based_on_destination_ip_traffic(self):
2613 """
2614 Algo:
2615 1.Create a vSG VM in compute node
2616 2.Create vCPE container in the VM
2617 3.Ensure vSG VM and vCPE container created properly
2618 4.Configure ac acl rule in vCPE to deny IP traffic to a destination IP
2619 5.Bound the acl rule to WAN interface of vCPE
2620 6.From subscriber, send ping to the denied IP address
2621 7.Verify that ping fails as vCPE drops the ping request at WAN interface
2622 8.Verify flows added in OvS
2623 """
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]2624
2625 def test_vsg_dnsmasq(self):
2626 pass
2627
2628 def test_vsg_with_external_parental_control_family_shield_for_filter(self):
2629 pass
2630
2631 def test_vsg_with_external_parental_control_with_answerx(self):
2632 pass
2633
2634 def test_vsg_for_subscriber_upstream_bandwidth(self):
2635 pass
2636
2637 def test_vsg_for_subscriber_downstream_bandwidth(self):
2638 pass
2639
2640 def test_vsg_for_diagnostic_run_of_traceroute(self):
2641 pass
2642
2643 def test_vsg_for_diagnostic_run_of_tcpdump(self):
2644 pass
2645
2646 def test_vsg_for_iptable_rules(self):
2647 pass
2648
2649 def test_vsg_for_iptables_with_neutron(self):
2650 pass