Gitiles
Code Review Sign In
gerrit.opencord.org / cord-tester / a3fa2f940125593c7f70e82d3db8c16567519e51 / . / src / test / vsg / vsgTest.py
blob: c6c1ad29b6230c53390ff6ac8b53097e858be3ab [file] [log] [blame]
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]1#copyright 2016-present Ciena Corporation
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14#
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]15import time
16import os
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]17import sys
18import json
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]19import requests
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]20from nose.tools import *
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]21from twisted.internet import defer
22from nose.twistedtools import reactor, deferred
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]23from CordTestUtils import *
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]24from OltConfig import OltConfig
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]25from onosclidriver import OnosCliDriver
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]26from SSHTestAgent import SSHTestAgent
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]27from CordLogger import CordLogger
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]28from VSGAccess import VSGAccess
A R Karthick933f5b52017-03-27 15:27:16 -0700[diff] [blame]29from CordTestUtils import log_test as log
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]30from CordTestConfig import setup_module, running_on_ciab
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]31from OnosCtrl import OnosCtrl
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]32
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]33log.setLevel('INFO')
34
35class vsg_exchange(CordLogger):
36 ONOS_INSTANCES = 3
37 V_INF1 = 'veth0'
38 device_id = 'of:' + get_mac()
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]39 TEST_IP = '8.8.8.8'
40 HOST = "10.1.0.1"
41 USER = "vagrant"
42 PASS = "vagrant"
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]43 head_node = os.getenv('HEAD_NODE', 'prod')
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]44 HEAD_NODE = head_node + '.cord.lab' if len(head_node.split('.')) == 1 else head_node
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]45 test_path = os.path.dirname(os.path.realpath(__file__))
A.R Karthick5968e0d2017-05-16 14:50:46 -0700[diff] [blame]46 olt_conf_file = os.getenv('OLT_CONFIG_FILE', os.path.join(test_path, '..', 'setup/olt_config.json'))
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]47 restApiXos = None
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]48 subscriber_account_num = 200
49 subscriber_s_tag = 304
50 subscriber_c_tag = 304
51 subscribers_per_s_tag = 8
52 subscriber_map = {}
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]53 subscriber_info = []
54 volt_subscriber_info = []
A R Karthick9a16a112017-04-07 15:40:05 -0700[diff] [blame]55 restore_methods = []
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]56 TIMEOUT=120
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]57 FABRIC_PORT_HEAD_NODE = 1
58 FABRIC_PORT_COMPUTE_NODE = 2
59 APP_NAME = 'org.ciena.xconnect'
60 APP_FILE = os.path.join(test_path, '..', 'apps/xconnect-1.0-SNAPSHOT.oar')
A.R Karthick50f4d9a2017-04-20 16:44:19 -0700[diff] [blame]61 NUM_SUBSCRIBERS = 5
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]62
63 @classmethod
64 def getSubscriberCredentials(cls, subId):
65 """Generate our own account num, s_tag and c_tags"""
66 if subId in cls.subscriber_map:
67 return cls.subscriber_map[subId]
68 account_num = cls.subscriber_account_num
69 cls.subscriber_account_num += 1
70 s_tag, c_tag = cls.subscriber_s_tag, cls.subscriber_c_tag
71 cls.subscriber_c_tag += 1
72 if cls.subscriber_c_tag % cls.subscribers_per_s_tag == 0:
73 cls.subscriber_s_tag += 1
74 cls.subscriber_map[subId] = account_num, s_tag, c_tag
75 return cls.subscriber_map[subId]
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]76
77 @classmethod
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]78 def getXosCredentials(cls):
79 onos_cfg = OnosCtrl.get_config()
80 if onos_cfg is None:
81 return None
82 if 'apps' in onos_cfg and \
83 'org.opencord.vtn' in onos_cfg['apps'] and \
84 'cordvtn' in onos_cfg['apps']['org.opencord.vtn'] and \
85 'xos' in onos_cfg['apps']['org.opencord.vtn']['cordvtn']:
86 xos_cfg = onos_cfg['apps']['org.opencord.vtn']['cordvtn']['xos']
87 endpoint = xos_cfg['endpoint']
88 user = xos_cfg['user']
89 password = xos_cfg['password']
90 xos_endpoints = endpoint.split(':')
91 xos_host = xos_endpoints[1][len('//'):]
92 xos_port = xos_endpoints[2][:-1]
93 #log.info('xos_host: %s, port: %s, user: %s, password: %s' %(xos_host, xos_port, user, password))
94 return dict(host = xos_host, port = xos_port, user = user, password = password)
95
96 return None
97
98 @classmethod
A.R Karthick50f4d9a2017-04-20 16:44:19 -0700[diff] [blame]99 def getSubscriberConfig(cls, num_subscribers):
100 features = {
101 'cdn': True,
102 'uplink_speed': 1000000000,
103 'downlink_speed': 1000000000,
104 'uverse': True,
105 'status': 'enabled'
106 }
107 subscriber_map = []
108 for i in xrange(num_subscribers):
109 subId = 'sub{}'.format(i)
110 account_num, _, _ = cls.getSubscriberCredentials(subId)
111 identity = { 'account_num' : str(account_num),
112 'name' : 'My House {}'.format(i)
113 }
114 sub_info = { 'features' : features,
115 'identity' : identity
116 }
117 subscriber_map.append(sub_info)
118
119 return subscriber_map
120
121 @classmethod
122 def getVoltSubscriberConfig(cls, num_subscribers):
123 voltSubscriberMap = []
124 for i in xrange(num_subscribers):
125 subId = 'sub{}'.format(i)
126 account_num, s_tag, c_tag = cls.getSubscriberCredentials(subId)
127 voltSubscriberInfo = {}
128 voltSubscriberInfo['voltTenant'] = dict(s_tag = str(s_tag),
129 c_tag = str(c_tag),
130 subscriber = '')
131 voltSubscriberInfo['account_num'] = account_num
132 voltSubscriberMap.append(voltSubscriberInfo)
133
134 return voltSubscriberMap
135
136 @classmethod
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]137 def setUpCordApi(cls):
138 our_path = os.path.dirname(os.path.realpath(__file__))
139 cord_api_path = os.path.join(our_path, '..', 'cord-api')
140 framework_path = os.path.join(cord_api_path, 'Framework')
141 utils_path = os.path.join(framework_path, 'utils')
142 data_path = os.path.join(cord_api_path, 'Tests', 'data')
143 subscriber_cfg = os.path.join(data_path, 'Subscriber.json')
144 volt_tenant_cfg = os.path.join(data_path, 'VoltTenant.json')
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]145 num_subscribers = max(cls.NUM_SUBSCRIBERS, 5)
146 cls.subscriber_info = cls.getSubscriberConfig(num_subscribers)
147 cls.volt_subscriber_info = cls.getVoltSubscriberConfig(num_subscribers)
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]148
149 sys.path.append(utils_path)
150 sys.path.append(framework_path)
151 from restApi import restApi
152 restApiXos = restApi()
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]153 xos_credentials = cls.getXosCredentials()
154 if xos_credentials is None:
155 restApiXos.controllerIP = cls.HEAD_NODE
156 restApiXos.controllerPort = '9000'
157 else:
158 restApiXos.controllerIP = xos_credentials['host']
159 restApiXos.controllerPort = xos_credentials['port']
160 restApiXos.user = xos_credentials['user']
161 restApiXos.password = xos_credentials['password']
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]162 cls.restApiXos = restApiXos
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]163
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]164 @classmethod
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]165 def getVoltId(cls, result, subId):
166 if type(result) is not type([]):
167 return None
168 for tenant in result:
169 if str(tenant['subscriber']) == str(subId):
170 return str(tenant['id'])
171 return None
172
173 @classmethod
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]174 def closeVCPEAccess(cls, volt_subscriber_info):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]175 OnosCtrl.uninstall_app(cls.APP_NAME, onos_ip = cls.HEAD_NODE)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]176
177 @classmethod
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]178 def openVCPEAccess(cls, volt_subscriber_info):
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]179 """
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]180 This code is used to configure leaf switch for head node access to compute node over fabric.
181 Care is to be taken to avoid overwriting existing/default vcpe flows.
182 The access is opened for generated subscriber info which should not overlap.
183 We target the fabric onos instance on head node.
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]184 """
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]185 OnosCtrl.install_app(cls.APP_FILE, onos_ip = cls.HEAD_NODE)
186 time.sleep(2)
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]187 s_tags = map(lambda tenant: int(tenant['voltTenant']['s_tag']), volt_subscriber_info)
188 #only get unique vlan tags
189 s_tags = list(set(s_tags))
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]190 devices = OnosCtrl.get_device_ids(controller = cls.HEAD_NODE)
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]191 if devices:
192 device_config = {}
193 for device in devices:
194 device_config[device] = []
195 for s_tag in s_tags:
196 xconnect_config = {'vlan': s_tag, 'ports' : [ cls.FABRIC_PORT_HEAD_NODE, cls.FABRIC_PORT_COMPUTE_NODE ] }
197 device_config[device].append(xconnect_config)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]198
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]199 cfg = { 'apps' : { 'org.ciena.xconnect' : { 'xconnectTestConfig' : device_config } } }
200 OnosCtrl.config(cfg, controller = cls.HEAD_NODE)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]201
202 @classmethod
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]203 def setUpClass(cls):
204 cls.controllers = get_controllers()
205 cls.controller = cls.controllers[0]
206 cls.cli = None
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]207 cls.on_pod = running_on_pod()
208 cls.on_ciab = running_on_ciab()
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]209 cls.olt = OltConfig(olt_conf_file = cls.olt_conf_file)
210 cls.vcpes = cls.olt.get_vcpes()
211 cls.vcpes_dhcp = cls.olt.get_vcpes_by_type('dhcp')
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]212 cls.vcpes_reserved = cls.olt.get_vcpes_by_type('reserved')
213 cls.dhcp_vcpes_reserved = [ 'vcpe{}.{}.{}'.format(i, cls.vcpes_reserved[i]['s_tag'], cls.vcpes_reserved[i]['c_tag'])
214 for i in xrange(len(cls.vcpes_reserved)) ]
215 cls.untagged_dhcp_vcpes_reserved = [ 'vcpe{}'.format(i) for i in xrange(len(cls.vcpes_reserved)) ]
216 cls.container_vcpes_reserved = [ 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag']) for vcpe in cls.vcpes_reserved ]
217 vcpe_dhcp_reserved = None
218 vcpe_container_reserved = None
219 if cls.vcpes_reserved:
220 vcpe_dhcp_reserved = cls.dhcp_vcpes_reserved[0]
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]221 if cls.on_pod is False:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]222 vcpe_dhcp_reserved = cls.untagged_dhcp_vcpes_reserved[0]
223 vcpe_container_reserved = cls.container_vcpes_reserved[0]
224
225 cls.vcpe_dhcp_reserved = vcpe_dhcp_reserved
226 cls.vcpe_container_reserved = vcpe_container_reserved
227 dhcp_vcpe_offset = len(cls.vcpes_reserved)
A R Karthick927129c2017-04-25 14:08:02 -0700[diff] [blame]228 cls.dhcp_vcpes = [ 'vcpe{}.{}.{}'.format(i+dhcp_vcpe_offset, cls.vcpes_dhcp[i]['s_tag'], cls.vcpes_dhcp[i]['c_tag'])
229 for i in xrange(len(cls.vcpes_dhcp)) ]
230 cls.untagged_dhcp_vcpes = [ 'vcpe{}'.format(i+dhcp_vcpe_offset) for i in xrange(len(cls.vcpes_dhcp)) ]
231 cls.container_vcpes = [ 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag']) for vcpe in cls.vcpes_dhcp ]
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]232 vcpe_dhcp = None
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]233 vcpe_container = None
234 #cache the first dhcp vcpe in the class for quick testing
235 if cls.vcpes_dhcp:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]236 vcpe_container = cls.container_vcpes[0]
237 vcpe_dhcp = cls.dhcp_vcpes[0]
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]238 if cls.on_pod is False:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]239 vcpe_dhcp = cls.untagged_dhcp_vcpes[0]
240 cls.vcpe_container = vcpe_container_reserved or vcpe_container
241 cls.vcpe_dhcp = vcpe_dhcp_reserved or vcpe_dhcp
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]242 VSGAccess.setUp()
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]243 cls.setUpCordApi()
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]244 if cls.on_pod is True:
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]245 cls.openVCPEAccess(cls.volt_subscriber_info)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]246
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]247 @classmethod
248 def tearDownClass(cls):
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]249 VSGAccess.tearDown()
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]250 if cls.on_pod is True:
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]251 cls.closeVCPEAccess(cls.volt_subscriber_info)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]252
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]253 def cliEnter(self, controller = None):
254 retries = 0
255 while retries < 30:
256 self.cli = OnosCliDriver(controller = controller, connect = True)
257 if self.cli.handle:
258 break
259 else:
260 retries += 1
261 time.sleep(2)
262
263 def cliExit(self):
264 self.cli.disconnect()
265
266 def onos_shutdown(self, controller = None):
267 status = True
268 self.cliEnter(controller = controller)
269 try:
270 self.cli.shutdown(timeout = 10)
271 except:
272 log.info('Graceful shutdown of ONOS failed for controller: %s' %controller)
273 status = False
274
275 self.cliExit()
276 return status
277
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]278 def log_set(self, level = None, app = 'org.onosproject'):
279 CordLogger.logSet(level = level, app = app, controllers = self.controllers, forced = True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]280
A R Karthick9a16a112017-04-07 15:40:05 -0700[diff] [blame]281 @classmethod
282 def get_dhcp(cls, vcpe, mgmt = 'eth0'):
283 """Get DHCP for vcpe interface saving management settings"""
284
285 def put_dhcp():
286 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
287
288 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
289 if vcpe_ip is not None:
290 cls.restore_methods.append(put_dhcp)
291 return vcpe_ip
292
293 @classmethod
294 def config_restore(cls):
295 """Restore the vsg test configuration on test case failures"""
296 for restore_method in cls.restore_methods:
297 restore_method()
298
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]299 def get_vsg_vcpe_pair(self):
300 vcpes = self.vcpes_dhcp
301 vcpe_containers = []
302 vsg_vcpe = {}
303 for vcp in vcpes:
304 vcpe_container = 'vcpe-{}-{}'.format(vcp['s_tag'], vcp['c_tag'])
305 vcpe_containers.append(vcpe_container)
306 vsg = VSGAccess.get_vcpe_vsg(vcpe_container)
307 vsg_vcpe[vcpe_container]=str(vsg.get_ip())
308 return vsg_vcpe
309
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]310 def get_vcpe_containers_and_interfaces(self):
311 vcpe_containers = {}
312 vcpe_interfaces = []
313 vcpes = self.vcpes_dhcp
314 count = 0
315 for vcpe in vcpes:
316 vcpe_intf = 'vcpe{}.{}.{}'.format(count,vcpe['s_tag'],vcpe['c_tag'])
317 vcpe_interfaces.append(vcpe_intf)
318 vcpe_container = 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag'])
319 vcpe_containers[vcpe_intf] = vcpe_container
320 count += 1
321 log.info('vcpe interfaces are %s'%vcpe_interfaces)
322 log.info('vcpe containers are %s'%vcpe_containers)
323 return vcpe_interfaces,vcpe_containers
324
325 def get_vcpe_interface_dhcp_ip(self,vcpe=None):
326 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]327 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]328 st, _ = getstatusoutput('dhclient {}'.format(vcpe))
329 vcpe_ip = get_ip(vcpe)
330 return vcpe_ip
331
332 def release_vcpe_interface_dhcp_ip(self,vcpe=None):
333 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]334 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]335 st, _ = getstatusoutput('dhclient {} -r'.format(vcpe))
336 vcpe_ip = get_ip(vcpe)
337 assert_equal(vcpe_ip, None)
338
339 def add_static_route_via_vcpe_interface(self, routes, vcpe=None,dhcp_ip=True):
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]340 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]341 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]342 if dhcp_ip:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]343 os.system('dhclient '+vcpe)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]344 time.sleep(1)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]345 for route in routes:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]346 log.info('route is %s'%route)
347 cmd = 'ip route add ' + route + ' via 192.168.0.1 '+ 'dev ' + vcpe
348 cmds.append(cmd)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]349 for cmd in cmds:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]350 os.system(cmd)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]351 return True
352
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]353 def del_static_route_via_vcpe_interface(self,routes,vcpe=None,dhcp_release=True):
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]354 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]355 vcpe = self.vcpe_dhcp
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]356 cmds = []
357 for route in routes:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]358 cmd = 'ip route del ' + route + ' via 192.168.0.1 ' + 'dev ' + vcpe
359 os.system(cmd)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]360 if dhcp_release:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]361 os.system('dhclient '+vcpe+' -r')
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]362 return True
363
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]364 def vsg_for_external_connectivity(self, subscriber_index, reserved = False):
365 if reserved is True:
366 if self.on_pod is True:
367 vcpe = self.dhcp_vcpes_reserved[subscriber_index]
368 else:
369 vcpe = self.untagged_dhcp_vcpes_reserved[subscriber_index]
370 else:
371 if self.on_pod is True:
372 vcpe = self.dhcp_vcpes[subscriber_index]
373 else:
374 vcpe = self.untagged_dhcp_vcpes[subscriber_index]
375 mgmt = 'eth0'
376 host = '8.8.8.8'
377 self.success = False
378 assert_not_equal(vcpe, None)
379 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
380 assert_not_equal(vcpe_ip, None)
381 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
382 log.info('Sending icmp echo requests to external network 8.8.8.8')
383 st, _ = getstatusoutput('ping -c 3 8.8.8.8')
384 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
385 assert_equal(st, 0)
386
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]387 def test_vsg_health(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]388 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]389 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]390 1. Login to compute node VM
391 2. Get all vSGs
392 3. Ping to all vSGs
393 4. Verifying Ping success
394 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]395 status = True
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]396 if self.on_pod is True:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]397 status = VSGAccess.health_check()
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]398 assert_equal(status, True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]399
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]400 def test_vsg_health_check(self, vsg_name='mysite_vsg-1', verify_status=True):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]401 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]402 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]403 1. If vsg name not specified, Get vsg corresponding to vcpe
404 1. Login to compute mode VM
405 3. Ping to the vSG
406 4. Verifying Ping success
407 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]408 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]409 return
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]410 if not vsg_name:
411 vcpe = self.vcpe_container
412 vsg = VSGAccess.get_vcpe_vsg(vcpe)
413 status = vsg.get_health()
414 assert_equal(status, verify_status)
415 else:
416 vsgs = VSGAccess.get_vsgs()
417 status = None
418 for vsg in vsgs:
419 if vsg.name == vsg_name:
420 status = vsg.get_health()
421 log.info('vsg health check status is %s'%status)
422 assert_equal(status,verify_status)
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]423
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]424 @deferred(TIMEOUT)
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]425 def test_vsg_for_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]426 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]427 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]428 1. Get list of all compute nodes created using Openstack
429 2. Login to compute mode VM
430 3. Get all vSGs
431 4. Verifying atleast one compute node and one vSG created
432 """
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]433 df = defer.Deferred()
434 def vsg_for_vcpe_df(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]435 if self.on_pod is True:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]436 vsgs = VSGAccess.get_vsgs()
437 compute_nodes = VSGAccess.get_compute_nodes()
438 time.sleep(14)
439 assert_not_equal(len(vsgs), 0)
440 assert_not_equal(len(compute_nodes), 0)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]441 df.callback(0)
442 reactor.callLater(0,vsg_for_vcpe_df,df)
443 return df
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]444
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]445 def test_vsg_for_login(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]446 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]447 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]448 1. Login to compute node VM
449 2. Get all vSGs
450 3. Verifying login to vSG is success
451 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]452 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]453 return
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]454 vsgs = VSGAccess.get_vsgs()
455 vsg_access_status = map(lambda vsg: vsg.check_access(), vsgs)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]456 status = filter(lambda st: st == False, vsg_access_status)
457 assert_equal(len(status), 0)
458
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]459 def test_vsg_for_default_route_through_testclient(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]460 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]461 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]462 1. Login to head node
463 2. Verifying for default route in lxc test client
464 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]465 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]466 return
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]467 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
468 cmd = "sudo lxc exec testclient -- route | grep default"
469 status, output = ssh_agent.run_cmd(cmd)
470 assert_equal(status, True)
471
472 def test_vsg_for_external_connectivity_through_testclient(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]473 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]474 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]475 1. Login to head node
476 2. On head node, executing ping to 8.8.8.8 from lxc test client
477 3. Verifying for the ping success
478 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]479 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]480 return
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]481 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
482 cmd = "lxc exec testclient -- ping -c 3 8.8.8.8"
483 status, output = ssh_agent.run_cmd(cmd)
484 assert_equal( status, True)
485
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]486 def test_vsg_for_external_connectivity(self):
487 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]488 Test Method:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]489 1. Get dhcp IP to vcpe interface in cord-tester
490 2. Verifying vcpe interface gets dhcp IP
491 3. Ping to 8.8.8.8 and Verifying ping should success
492 4. Restoring management interface configuration in cord-tester
493 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]494 reserved = True
495 if self.on_pod:
496 reserved = self.on_ciab
497 self.vsg_for_external_connectivity(0, reserved = reserved)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]498
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]499 def test_vsg_for_external_connectivity_to_google(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]500 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]501 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]502 1. Get dhcp IP to vcpe interface in cord-tester
503 2. Verifying vcpe interface gets dhcp IP
504 3. Ping to www.google.com and Verifying ping should success
505 4. Restoring management interface configuration in cord-tester
506 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]507 host = 'www.google.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]508 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]509 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]510 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]511 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]512 assert_not_equal(vcpe_ip, None)
513 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
514 log.info('Sending icmp ping requests to %s' %host)
515 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]516 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]517 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]518
A R Karthickb2618052017-05-10 09:23:22 -0700[diff] [blame]519 def retrieve_content_from_host_to_validate_path_mtu(self, host):
520 vcpe = self.vcpe_dhcp
521 mgmt = 'eth0'
522 assert_not_equal(vcpe, None)
523 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
524 assert_not_equal(vcpe_ip, None)
525 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
526 log.info('Initiating get requests to %s' %host)
527 r = requests.get('http://{}'.format(host))
528 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
529 return r.status_code
530
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]531 #Test cases to check path mtu across cord framework wih some selected websites to check response.
532 def test_vsg_to_retrieve_content_from_google_to_validate_path_mtu(self):
533 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]534 Test Method:
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]535 1. Get dhcp IP to vcpe interface in cord-tester
536 2. Verifying vcpe interface gets dhcp IP
537 3. Retrieve contents from www.google.com and Verify response status is 200 ok.
538 4. This validates path mtu for end to end traffic with request to retrieve web contents in cord framework.
539 (Based on website response, size differs, needs check on MTU)
540 4. Restoring management interface configuration in cord-tester
541 """
A R Karthickb2618052017-05-10 09:23:22 -0700[diff] [blame]542 status_code = self.retrieve_content_from_host_to_validate_path_mtu('www.google.com')
543 assert_equal(status_code, 200)
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]544
545 def test_vsg_to_retrieve_content_from_rediff_to_validate_path_mtu(self):
546 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]547 Test Method:
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]548 1. Get dhcp IP to vcpe interface in cord-tester
549 2. Verifying vcpe interface gets dhcp IP
550 3. Retrieve contents from www.rediff.com and Verify response status is 200 ok.
551 4. This validates path mtu for end to end traffic with request to retrieve web contents in cord framework.
552 (Based on website response, size differs, needs check on MTU)
553 4. Restoring management interface configuration in cord-tester
554 """
A R Karthickb2618052017-05-10 09:23:22 -0700[diff] [blame]555 status_code = self.retrieve_content_from_host_to_validate_path_mtu('www.rediff.com')
556 assert_equal(status_code, 200)
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]557
558 def test_vsg_to_retrieve_content_from_yahoo_to_validate_path_mtu(self):
559 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]560 Test Method:
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]561 1. Get dhcp IP to vcpe interface in cord-tester
562 2. Verifying vcpe interface gets dhcp IP
563 3. Retrieve contents from www.yahoo.com and Verify response status is 200 ok.
564 4. This validates path mtu for end to end traffic with request to retrieve web contents in cord framework.
565 (Based on website response, size differs, needs check on MTU)
566 4. Restoring management interface configuration in cord-tester
567 """
A R Karthickb2618052017-05-10 09:23:22 -0700[diff] [blame]568 status_code = self.retrieve_content_from_host_to_validate_path_mtu('www.yahoo.com')
569 assert_equal(status_code, 200)
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]570
571 def test_vsg_to_retrieve_content_from_facebook_to_validate_path_mtu(self):
572 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]573 Test Method:
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]574 1. Get dhcp IP to vcpe interface in cord-tester
575 2. Verifying vcpe interface gets dhcp IP
576 3. Retrieve contents from www.facebook.com and Verify response status is 200 ok.
577 4. This validates path mtu for end to end traffic with request to retrieve web contents in cord framework.
578 (Based on website response, size differs, needs check on MTU)
579 4. Restoring management interface configuration in cord-tester
580 """
A R Karthickb2618052017-05-10 09:23:22 -0700[diff] [blame]581 status_code = self.retrieve_content_from_host_to_validate_path_mtu('www.facebook.com')
582 assert_equal(status_code, 200)
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]583
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]584 def test_vsg_for_external_connectivity_to_invalid_host(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]585 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]586 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]587 1. Get dhcp IP to vcpe interface in cord-tester
588 2. Verifying vcpe interface gets dhcp IP
589 3. Ping to www.goglee.com and Verifying ping should not success
590 4. Restoring management interface configuration in cord-tester
591 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]592 host = 'www.goglee.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]593 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]594 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]595 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]596 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]597 assert_not_equal(vcpe_ip, None)
598 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
599 log.info('Sending icmp ping requests to non existent host %s' %host)
600 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]601 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]602 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]603
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]604 def test_vsg_for_external_connectivity_with_ttl_1(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]605 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]606 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]607 1. Get dhcp IP to vcpe interface in cord-tester
608 2. Verifying vcpe interface gets dhcp IP
609 3. Ping to 8.8.8.8 with ttl set to 1
610 4. Verifying ping should not success
611 5. Restoring management interface configuration in cord-tester
612 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]613 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]614 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]615 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]616 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]617 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]618 assert_not_equal(vcpe_ip, None)
619 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
620 log.info('Sending icmp ping requests to host %s with ttl 1' %host)
621 st, _ = getstatusoutput('ping -c 1 -t 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]622 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]623 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]624
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]625 def test_vsg_for_external_connectivity_with_wan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]626 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]627 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]628 1. Get dhcp IP to vcpe interface in cord-tester
629 2. Verifying vcpe interface gets dhcp IP
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]630 3. Ping to 8.8.8.8 and Verifying ping succeeds
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]631 4. Now down the WAN interface of vcpe
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]632 5. Ping to 8.8.8.8 and Verifying ping fails
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]633 6. Now Up the WAN interface of vcpe
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]634 7. Ping to 8.8.8.8 and Verifying ping succeeds
635 8. Restoring management interface configuration in cord-tester
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]636 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]637 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]638 return
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]639 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]640 mgmt = 'eth0'
641 vcpe = self.vcpe_container
642 assert_not_equal(vcpe, None)
643 assert_not_equal(self.vcpe_dhcp, None)
644 #first get dhcp on the vcpe interface
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]645 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
646 assert_not_equal(vcpe_ip, None)
647 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
648 log.info('Sending ICMP pings to host %s' %(host))
649 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
650 if st != 0:
651 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
652 assert_equal(st, 0)
653 #bring down the wan interface and check again
654 st = VSGAccess.vcpe_wan_down(vcpe)
655 if st is False:
656 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
657 assert_equal(st, True)
658 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
659 if st == 0:
660 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
661 assert_not_equal(st, 0)
662 st = VSGAccess.vcpe_wan_up(vcpe)
663 if st is False:
664 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
665 assert_equal(st, True)
666 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
667 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
668 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]669
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]670 def test_vsg_for_external_connectivity_with_lan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]671 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]672 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]673 1. Get dhcp IP to vcpe interface in cord-tester
674 2. Verifying vcpe interface gets dhcp IP
675 3. Ping to 8.8.8.8 and Verifying ping should success
676 4. Now down the LAN interface of vcpe
677 5. Ping to 8.8.8.8 and Verifying ping should not success
678 6. Now Up the LAN interface of vcpe
679 7. Ping to 8.8.8.8 and Verifying ping should success
680 8. Restoring management interface configuration in cord-tester
681 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]682 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]683 return
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]684 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]685 mgmt = 'eth0'
686 vcpe = self.vcpe_container
687 assert_not_equal(vcpe, None)
688 assert_not_equal(self.vcpe_dhcp, None)
689 #first get dhcp on the vcpe interface
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]690 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
691 assert_not_equal(vcpe_ip, None)
692 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
693 log.info('Sending ICMP pings to host %s' %(host))
694 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
695 if st != 0:
696 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
697 assert_equal(st, 0)
698 #bring down the lan interface and check again
699 st = VSGAccess.vcpe_lan_down(vcpe)
700 if st is False:
701 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
702 assert_equal(st, True)
703 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
704 if st == 0:
705 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
706 assert_not_equal(st, 0)
707 st = VSGAccess.vcpe_lan_up(vcpe)
708 if st is False:
709 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
710 assert_equal(st, True)
711 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
712 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
713 assert_equal(st, 0)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]714
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]715 def test_vsg_multiple_subscribers_for_same_vcpe_instace(self):
716 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]717 Test Method:
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]718 1. Create a vcpe instance
719 2. Create multiple vcpe interfaces in cord-tester with same s-tag and c-tag to access vcpe instance
720 3. Verify all the interfaces gets dhcp IP in same subnet
721 """
722 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
723 for vcpe in vcpe_intfs:
724 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
725 assert_not_equal(vcpe_ip,None)
726 for vcpe in vcpe_intfs:
727 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
728
729 def test_vsg_for_multiple_subscribers_with_same_vcpe_instance_and_validate_external_connectivity(self):
730 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]731 Test Method:
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]732 1. Create a vcpe instance
733 2. Create multiple vcpe interfaces in cord-tester with same s-tag and c-tag to access vcpe instance
734 3. Verify all the interfaces gets dhcp IP in same subnet
735 4. From cord-tester ping to external with vcpe interface option
736 """
737 host = '8.8.8.8'
738 vcpe_intfs, containers = self.get_vcpe_containers_and_interfaces()
739 for vcpe in vcpe_intfs:
740 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
741 assert_not_equal(vcpe_ip,None)
742 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe,dhcp_ip=False)
743 st, _ = getstatusoutput('ping -I {} -c 3 {}'.format(vcpe,host))
744 assert_equal(st, 0)
745 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe,dhcp_release=False)
746 for vcpe in vcpe_intfs:
747 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
748
749 def test_vsg_vcpe_interface_and_validate_dhcp_ip_after_interface_toggle(self):
750 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]751 Test Method:
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]752 1. Create a vcpe instance
753 2. Create a vcpe interface in cord-tester
754 3. Verify the interface gets dhcp IP
755 4. Toggle the interface
756 5. Verify the interface gets dhcp IP
757 """
758 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
759 for vcpe in vcpe_intfs:
760 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
761 assert_not_equal(vcpe_ip,None)
762 os.system('ifconfig {} down'.format(vcpe))
763 time.sleep(1)
764 os.system('ifconfig {} up'.format(vcpe))
765 time.sleep(1)
766 vcpe_ip2 = get_ip(vcpe)
767 assert_equal(vcpe_ip2,vcpe_ip)
768 for vcpe in vcpe_intfs:
769 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
770
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]771 @deferred(TIMEOUT)
Anil Kumar Sanka52a39f82017-05-10 17:39:31 +0000[diff] [blame]772 def test_vsg_for_external_connectivity_after_restarting_vcpe_instance(self,vcpe_name=None,vcpe_intf=None):
773 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]774 Test Method:
Anil Kumar Sanka52a39f82017-05-10 17:39:31 +0000[diff] [blame]775 1. Get vSG corresponding to vcpe
776 2. Get dhcp ip to vcpe interface
777 3. Add static route to destination route in test container
778 4. From test container ping to destination route and verify ping success
779 5. Login to compute node and execute command to pause vcpe container
780 6. From test container ping to destination route and verify ping success
781 """
782 if not vcpe_name:
783 vcpe_name = self.vcpe_container
784 if not vcpe_intf:
785 vcpe_intf = self.vcpe_dhcp
786 df = defer.Deferred()
787 def vcpe_firewall(df):
788 if self.on_pod is False:
789 df.callback(0)
790 return
791 host = '8.8.8.8'
792 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
793 try:
794 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
795 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
796 assert_equal(st, False)
797 st, _ = vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
798 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
799 assert_equal(st, False)
800 finally:
801 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
802 df.callback(0)
803 reactor.callLater(0, vcpe_firewall, df)
804 return df
805
806 @deferred(TIMEOUT)
807 def test_vsg_for_external_connectivity_after_restarting_vsg_vm(self,vcpe_name=None,vcpe_intf=None):
808 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]809 Test Method:
Anil Kumar Sanka52a39f82017-05-10 17:39:31 +0000[diff] [blame]810 1. Get vSG corresponding to vcpe
811 2. Get dhcp ip to vcpe interface
812 3. Add static route to destination route in test container
813 4. From test container ping to destination route and verify ping success
814 5. Login to compute node and execute command to pause vcpe container
815 6. From test container ping to destination route and verify ping success
816 """
817 if not vcpe_name:
818 vcpe_name = self.vcpe_container
819 if not vcpe_intf:
820 vcpe_intf = self.vcpe_dhcp
821 df = defer.Deferred()
822 def vcpe_firewall(df):
823 if self.on_pod is False:
824 df.callback(0)
825 return
826 host = '8.8.8.8'
827 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
828 try:
829 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
830 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
831 assert_equal(st, False)
832 st, _ = vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
833 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
834 assert_equal(st, False)
835 finally:
836 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
837 df.callback(0)
838 reactor.callLater(0, vcpe_firewall, df)
839 return df
840
841 @deferred(TIMEOUT)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]842 def test_vsg_for_external_connectivity_with_vcpe_container_paused(self,vcpe_name=None,vcpe_intf=None):
843 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]844 Test Method:
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]845 1. Get vSG corresponding to vcpe
846 2. Get dhcp ip to vcpe interface
847 3. Add static route to destination route in test container
848 4. From test container ping to destination route and verify ping success
849 5. Login to compute node and execute command to pause vcpe container
850 6. From test container ping to destination route and verify ping success
851 """
852 if not vcpe_name:
853 vcpe_name = self.vcpe_container
854 if not vcpe_intf:
855 vcpe_intf = self.vcpe_dhcp
856 df = defer.Deferred()
857 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]858 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]859 df.callback(0)
860 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]861 host = '8.8.8.8'
862 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
863 try:
864 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
865 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
866 assert_equal(st, False)
867 st, _ = vsg.run_cmd('sudo docker pause {}'.format(vcpe_name))
868 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
869 assert_equal(st, False)
870 finally:
871 vsg.run_cmd('sudo docker unpause'.format(vcpe_name))
872 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
873 df.callback(0)
874 reactor.callLater(0, vcpe_firewall, df)
875 return df
876
877 @deferred(TIMEOUT)
878 def test_vsg_firewall_with_deny_destination_ip(self, vcpe_name=None, vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]879 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]880 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]881 1. Get vSG corresponding to vcpe
882 2. Login to compute node
883 3. Execute iptable command on vcpe from compute node to deny a destination IP
884 4. From cord-tester ping to the denied IP address
885 5. Verifying that ping should not be successful
886 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]887 if not vcpe_name:
888 vcpe_name = self.vcpe_container
889 if not vcpe_intf:
890 vcpe_intf = self.vcpe_dhcp
891 df = defer.Deferred()
892 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]893 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]894 df.callback(0)
895 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]896 host = '8.8.8.8'
897 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
898 try:
899 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
900 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
901 assert_equal(st, False)
902 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
903 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
904 assert_equal(st, True)
905 finally:
906 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
907 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
908 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
909 df.callback(0)
910 reactor.callLater(0, vcpe_firewall, df)
911 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]912
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]913 @deferred(TIMEOUT)
914 def test_vsg_firewall_with_rule_add_and_delete_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]915 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]916 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]917 1. Get vSG corresponding to vcpe
918 2. Login to compute node
919 3. Execute iptable command on vcpe from compute node to deny a destination IP
920 4. From cord-tester ping to the denied IP address
921 5. Verifying that ping should not be successful
922 6. Delete the iptable rule in vcpe
923 7. From cord-tester ping to the denied IP address
924 8. Verifying the ping should success
925 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]926 if not vcpe_name:
927 vcpe_name = self.vcpe_container
928 if not vcpe_intf:
929 vcpe_intf = self.vcpe_dhcp
930 df = defer.Deferred()
931 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]932 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]933 df.callback(0)
934 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]935 host = '8.8.8.8'
936 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
937 try:
938 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
939 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
940 assert_equal(st, False)
941 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
942 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
943 assert_equal(st, True)
944 st,_ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
945 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
946 assert_equal(st, False)
947 finally:
948 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
949 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
950 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
951 df.callback(0)
952 reactor.callLater(0, vcpe_firewall, df)
953 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]954
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]955 @deferred(TIMEOUT)
956 def test_vsg_firewall_verifying_reachability_for_non_blocked_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]957 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]958 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]959 1. Get vSG corresponding to vcpe
960 2. Login to compute node
961 3. Execute iptable command on vcpe from compute node to deny a destination IP
962 4. From cord-tester ping to the denied IP address
963 5. Verifying that ping should not be successful
964 6. From cord-tester ping to the denied IP address other than the denied one
965 7. Verifying the ping should success
966 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]967 if not vcpe_name:
968 vcpe_name = self.vcpe_container
969 if not vcpe_intf:
970 vcpe_intf = self.vcpe_dhcp
971 df = defer.Deferred()
972 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]973 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]974 df.callback(0)
975 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]976 host1 = '8.8.8.8'
977 host2 = '204.79.197.203'
978 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
979 try:
980 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
981 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
982 assert_equal(st, False)
983 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
984 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
985 assert_equal(st, True)
986 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
987 assert_equal(st,False)
988 finally:
989 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
990 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
991 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
992 df.callback(0)
993 reactor.callLater(0, vcpe_firewall, df)
994 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]995
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]996 @deferred(TIMEOUT)
997 def test_vsg_firewall_appending_rules_with_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]998 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]999 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1000 1. Get vSG corresponding to vcpe
1001 2. Login to compute node
1002 3. Execute iptable command on vcpe from compute node to deny a destination IP1
1003 4. From cord-tester ping to the denied IP address IP1
1004 5. Verifying that ping should not be successful
1005 6. Execute iptable command on vcpe from compute node to deny a destination IP2
1006 6. From cord-tester ping to the denied IP address IP2
1007 7. Verifying that ping should not be successful
1008 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1009 if not vcpe_name:
1010 vcpe_name = self.vcpe_container
1011 if not vcpe_intf:
1012 vcpe_intf = self.vcpe_dhcp
1013 df = defer.Deferred()
1014 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1015 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1016 df.callback(0)
1017 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1018 host1 = '8.8.8.8'
1019 host2 = '204.79.197.203'
1020 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1021 try:
1022 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
1023 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1024 assert_equal(st, False)
1025 st,_ = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name))
1026 time.sleep(2)
1027 st,_ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
1028 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1029 assert_equal(st, True)
1030 st, out = getstatusoutput('ping -c 1 {}'.format(host2))
1031 log.info('host2 ping output is %s'%out)
1032 assert_equal(st, False)
1033 st, _ = vsg.run_cmd('sudo docker exec {} iptables -A FORWARD -d {} -j DROP'.format(vcpe_name,host2))
1034 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1035 assert_equal(st,True)
1036 finally:
1037 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
1038 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
1039 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
1040 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1041 df.callback(0)
1042 reactor.callLater(0, vcpe_firewall, df)
1043 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1044
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1045 @deferred(TIMEOUT)
1046 def test_vsg_firewall_removing_one_rule_denying_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1047 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1048 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1049 1. Get vSG corresponding to vcpe
1050 2. Login to compute node
1051 3. Execute iptable command on vcpe from compute node to deny a destination IP1
1052 4. Execute iptable command on vcpe from compute node to deny a destination IP2
1053 5. From cord-tester ping to the denied IP address IP1
1054 6. Verifying that ping should not be successful
1055 7. From cord-tester ping to the denied IP address IP2
1056 8. Verifying that ping should not be successful
1057 9. Execute iptable command on vcpe from compute node to remove deny a destination IP2 rule
1058 10. From cord-tester ping to the denied IP address IP2
1059 11. Verifying the ping should success
1060 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1061 if not vcpe_name:
1062 vcpe_name = self.vcpe_container
1063 if not vcpe_intf:
1064 vcpe_intf = self.vcpe_dhcp
1065 df = defer.Deferred()
1066 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1067 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1068 df.callback(0)
1069 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1070 host1 = '8.8.8.8'
1071 host2 = '204.79.197.203'
1072 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1073 try:
1074 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp)
1075 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1076 assert_equal(st, False)
1077 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
1078 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host2))
1079 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1080 assert_equal(st, True)
1081 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1082 assert_equal(st,True)
1083 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
1084 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1085 assert_equal(st,False)
1086 finally:
1087 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
1088 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
1089 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
1090 log.info('restarting vcpe container')
1091 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1092 df.callback(0)
1093 reactor.callLater(0, vcpe_firewall, df)
1094 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1095
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1096 @deferred(TIMEOUT)
1097 def test_vsg_firewall_changing_rule_id_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1098 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1099 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1100 1. Get vSG corresponding to vcpe
1101 2. Login to compute node
1102 3. Execute iptable command on vcpe from compute node to deny a destination IP
1103 5. From cord-tester ping to the denied IP address IP1
1104 6. Verifying that ping should not be successful
1105 9. Execute iptable command on vcpe from compute node to change the rule ID to 2 to deny the same destination IP
1106 10. From cord-tester ping to the denied IP address IP
1107 11. Verifying that ping should not be successful
1108 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1109 if not vcpe_name:
1110 vcpe_name = self.vcpe_container
1111 if not vcpe_intf:
1112 vcpe_intf = self.vcpe_dhcp
1113 df = defer.Deferred()
1114 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1115 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1116 df.callback(0)
1117 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1118 host = '8.8.8.8'
1119 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1120 try:
1121 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1122 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1123 assert_equal(st, False)
1124 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1125 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1126 assert_equal(st, True)
1127 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP '.format(vcpe_name,host))
1128 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1129 assert_equal(st,True)
1130 finally:
1131 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1132 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1133 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1134 df.callback(0)
1135 reactor.callLater(0, vcpe_firewall, df)
1136 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1137
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1138 @deferred(TIMEOUT)
1139 def test_vsg_firewall_changing_deny_rule_to_accept_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1140 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1141 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1142 1. Get vSG corresponding to vcpe
1143 2. Login to compute node
1144 3. Execute iptable command on vcpe from compute node to deny a destination IP
1145 5. From cord-tester ping to the denied IP address IP1
1146 6. Verifying that ping should not be successful
1147 9. Execute iptable command on vcpe from compute node to accept the same destination IP
1148 10. From cord-tester ping to the accepted IP
1149 11. Verifying the ping should success
1150 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1151 if not vcpe_name:
1152 vcpe_name = self.vcpe_container
1153 if not vcpe_intf:
1154 vcpe_intf = self.vcpe_dhcp
1155 df = defer.Deferred()
1156 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1157 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1158 df.callback(0)
1159 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1160 host = '8.8.8.8'
1161 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1162 try:
1163 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1164 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1165 assert_equal(st, False)
1166 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1167 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1168 assert_equal(st, True)
1169 st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -d {} -j ACCEPT'.format(vcpe_name,host))
1170 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1171 assert_equal(st,False)
1172 finally:
1173 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1174 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j ACCEPT'.format(vcpe_name,host))
1175 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1176 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1177 df.callback(0)
1178 reactor.callLater(0, vcpe_firewall, df)
1179 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1180
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1181 @deferred(TIMEOUT) #Fail
1182 def test_vsg_firewall_denying_destination_network(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1183 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1184 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1185 1. Get vSG corresponding to vcpe
1186 2. Login to compute node
1187 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet
1188 4. From cord-tester ping to the denied IP address IP1 in the denied subnet
1189 5. Verifying that ping should not be successful
1190 6. From cord-tester ping to the denied IP address IP2 in the denied subnet
1191 7. Verifying that ping should not be successful
1192 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1193 if not vcpe_name:
1194 vcpe_name = self.vcpe_container
1195 if not vcpe_intf:
1196 vcpe_intf = self.vcpe_dhcp
1197 df = defer.Deferred()
1198 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1199 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1200 df.callback(0)
1201 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1202 network = '204.79.197.192/28'
1203 host1 = '204.79.197.203'
1204 host2 = '204.79.197.210'
1205 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1206 try:
1207 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp)
1208 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1209 assert_equal(st, False)
1210 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network))
1211 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1212 assert_equal(st, True)
1213 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1214 assert_equal(st,False)
1215 finally:
1216 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network))
1217 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
1218 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1219 df.callback(0)
1220 reactor.callLater(0, vcpe_firewall, df)
1221 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1222
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1223 @deferred(TIMEOUT)
1224 def test_vsg_firewall_denying_destination_network_subnet_modification(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1225 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1226 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1227 1. Get vSG corresponding to vcpe
1228 2. Login to compute node
1229 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet
1230 4. From cord-tester ping to the denied IP address IP1 in the denied subnet
1231 5. Verifying that ping should not be successful
1232 6. From cord-tester ping to the denied IP address IP2 in the denied subnet
1233 7. Verifying that ping should not be successful
1234 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1235 if not vcpe_name:
1236 vcpe_name = self.vcpe_container
1237 if not vcpe_intf:
1238 vcpe_intf = self.vcpe_dhcp
1239 df = defer.Deferred()
1240 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1241 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1242 df.callback(0)
1243 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1244 network1 = '204.79.197.192/28'
1245 network2 = '204.79.197.192/27'
1246 host1 = '204.79.197.203'
1247 host2 = '204.79.197.210'
1248 host3 = '204.79.197.224'
1249 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1250 try:
1251 self.add_static_route_via_vcpe_interface([host1,host2,host3],vcpe=self.vcpe_dhcp)
1252 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1253 assert_equal(st, False)
1254 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network1))
1255 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1256 assert_equal(st, True)
1257 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1258 assert_equal(st,False)
1259 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP'.format(vcpe_name,network2))
1260 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1261 assert_equal(st, True)
1262 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1263 assert_equal(st, True)
1264 st, _ = getstatusoutput('ping -c 1 {}'.format(host3))
1265 assert_equal(st, False)
1266 finally:
1267 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network1))
1268 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network2))
1269 self.del_static_route_via_vcpe_interface([host1,host2,host3],vcpe=vcpe_intf)
1270 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1271 df.callback(0)
1272 reactor.callLater(0, vcpe_firewall, df)
1273 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1274
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1275 @deferred(TIMEOUT)
1276 def test_vsg_firewall_with_deny_source_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1277 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1278 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1279 1. Get vSG corresponding to vcpe
1280 2. Login to compute node
1281 3. Execute iptable command on vcpe from compute node to deny a source IP
1282 4. From cord-tester ping to 8.8.8.8 from the denied IP
1283 5. Verifying that ping should not be successful
1284 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1285 if not vcpe_name:
1286 vcpe_name = self.vcpe_container
1287 if not vcpe_intf:
1288 vcpe_intf = self.vcpe_dhcp
1289 df = defer.Deferred()
1290 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1291 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1292 df.callback(0)
1293 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1294 host = '8.8.8.8'
1295 #source_ip = get_ip(self.vcpe_dhcp)
1296 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1297 try:
1298 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1299 source_ip = get_ip(self.vcpe_dhcp)
1300 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1301 assert_equal(st, False)
1302 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1303 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1304 assert_equal(st, True)
1305 finally:
1306 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1307 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1308 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1309 df.callback(0)
1310 reactor.callLater(0, vcpe_firewall, df)
1311 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1312
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1313 @deferred(TIMEOUT)
1314 def test_vsg_firewall_rule_with_add_and_delete_deny_source_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1315 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1316 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1317 1. Get vSG corresponding to vcpe
1318 2. Login to compute node
1319 3. Execute iptable command on vcpe from compute node to deny a source IP
1320 4. From cord-tester ping to 8.8.8.8 from the denied IP
1321 5. Verifying that ping should not be successful
1322 6. Delete the iptable rule in vcpe
1323 7. From cord-tester ping to 8.8.8.8 from the denied IP
1324 8. Verifying the ping should success
1325 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1326 if not vcpe_name:
1327 vcpe_name = self.vcpe_container
1328 if not vcpe_intf:
1329 vcpe_intf = self.vcpe_dhcp
1330 df = defer.Deferred()
1331 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1332 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1333 df.callback(0)
1334 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1335 host = '8.8.8.8'
1336 source_ip = get_ip(self.vcpe_dhcp)
1337 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1338 try:
1339 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1340 source_ip = get_ip(self.vcpe_dhcp)
1341 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1342 assert_equal(st, False)
1343 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1344 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1345 assert_equal(st, True)
1346 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1347 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1348 assert_equal(st, False)
1349 finally:
1350 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1351 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1352 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1353 df.callback(0)
1354 reactor.callLater(0, vcpe_firewall, df)
1355 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1356
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1357 @deferred(TIMEOUT)
1358 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_requests_type(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1359 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1360 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1361 1. Get vSG corresponding to vcpe
1362 2. Login to compute node
1363 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets
1364 4. From cord-tester ping to 8.8.8.8
1365 5. Verifying that ping should not be successful
1366 6. Delete the iptable rule
1367 7. From cord-tester ping to 8.8.8.8
1368 8. Verifying the ping should success
1369 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1370 if not vcpe_name:
1371 vcpe_name = self.vcpe_container
1372 if not vcpe_intf:
1373 vcpe_intf = self.vcpe_dhcp
1374 df = defer.Deferred()
1375 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1376 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1377 df.callback(0)
1378 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1379 host = '8.8.8.8'
1380 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1381 try:
1382 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1383 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1384 assert_equal(st, False)
1385 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1386 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1387 assert_equal(st, True)
1388 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1389 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1390 assert_equal(st, False)
1391 finally:
1392 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1393 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1394 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1395 df.callback(0)
1396 reactor.callLater(0, vcpe_firewall, df)
1397 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1398
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1399 @deferred(TIMEOUT)
1400 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1401 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1402 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1403 1. Get vSG corresponding to vcpe
1404 2. Login to compute node
1405 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets
1406 4. From cord-tester ping to 8.8.8.8
1407 5. Verifying that ping should not be successful
1408 6. Delete the iptable rule
1409 7. From cord-tester ping to 8.8.8.8
1410 8. Verifying the ping should success
1411 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1412 if not vcpe_name:
1413 vcpe_name = self.vcpe_container
1414 if not vcpe_intf:
1415 vcpe_intf = self.vcpe_dhcp
1416 df = defer.Deferred()
1417 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1418 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1419 df.callback(0)
1420 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1421 host = '8.8.8.8'
1422 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1423 try:
1424 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1425 st, _ = getstatusoutput('ping -c 1 {}'.format('8.8.8.8'))
1426 assert_equal(st, False)
1427 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1428 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1429 assert_equal(st, True)
1430 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1431 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1432 assert_equal(st,False)
1433 finally:
1434 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1435 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1436 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1437 df.callback(0)
1438 reactor.callLater(0, vcpe_firewall, df)
1439 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1440
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1441 @deferred(TIMEOUT)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1442 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_requests_type(self, vcpe_name=None, vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1443 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1444 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1445 1. Get vSG corresponding to vcpe
1446 2. Login to compute node
1447 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets
1448 4. From cord-tester ping to 8.8.8.8
1449 5. Verifying that ping should not be successful
1450 6. Insert another rule to accept the icmp-echo requests protocol packets
1451 7. From cord-tester ping to 8.8.8.8
1452 8. Verifying the ping should success
1453 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1454 if not vcpe_name:
1455 vcpe_name = self.vcpe_container
1456 if not vcpe_intf:
1457 vcpe_intf = self.vcpe_dhcp
1458 df = defer.Deferred()
1459 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1460 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1461 df.callback(0)
1462 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1463 host = '8.8.8.8'
1464 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1465 try:
1466 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1467 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1468 assert_equal(st, False)
1469 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1470 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1471 assert_equal(st, True)
1472 st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name))
1473 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1474 assert_equal(st,False)
1475 finally:
1476 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1477 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name))
1478 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1479 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1480 df.callback(0)
1481 reactor.callLater(0, vcpe_firewall, df)
1482 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1483
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1484 @deferred(TIMEOUT)
1485 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None):
1486 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1487 Test Method:
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1488 1. Get vSG corresponding to vcpe
1489 2. Login to compute node
1490 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets
1491 4. From cord-tester ping to 8.8.8.8
1492 5. Verifying the ping should not success
1493 6. Insert another rule to accept the icmp-echo requests protocol packets
1494 7. From cord-tester ping to 8.8.8.8
1495 8. Verifying the ping should success
1496 """
1497 if not vcpe_name:
1498 vcpe_name = self.vcpe_container
1499 if not vcpe_intf:
1500 vcpe_intf = self.vcpe_dhcp
1501 df = defer.Deferred()
1502 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1503 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1504 df.callback(0)
1505 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1506 host = '8.8.8.8'
1507 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1508 try:
1509 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1510 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1511 assert_equal(st, False)
1512 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1513 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1514 assert_equal(st, True)
1515 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name))
1516 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1517 assert_equal(st,False)
1518 finally:
1519 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1520 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name))
1521 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1522 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1523 df.callback(0)
1524 reactor.callLater(0, vcpe_firewall, df)
1525 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1526
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1527 @deferred(TIMEOUT)
1528 def test_vsg_firewall_for_deny_icmp_protocol(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1529 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1530 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1531 1. Get vSG corresponding to vcpe
1532 2. Login to compute node
1533 3. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1534 4. From cord-tester ping to 8.8.8.8
1535 5. Verifying that ping should not be successful
1536 6. Delete the iptable rule
1537 7. From cord-tester ping to 8.8.8.8
1538 8. Verifying the ping should success
1539 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1540 if not vcpe_name:
1541 vcpe_name = self.vcpe_container
1542 if not vcpe_intf:
1543 vcpe_intf = self.vcpe_dhcp
1544 df = defer.Deferred()
1545 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1546 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1547 df.callback(0)
1548 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1549 host = '8.8.8.8'
1550 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1551 try:
1552 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1553 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1554 assert_equal(st, False)
1555 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1556 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1557 assert_equal(st, True)
1558 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1559 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1560 assert_equal(st,False)
1561 finally:
1562 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1563 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1564 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1565 df.callback(0)
1566 reactor.callLater(0, vcpe_firewall, df)
1567 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1568
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1569 @deferred(TIMEOUT)
1570 def test_vsg_firewall_rule_deny_icmp_protocol_and_destination_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1571 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1572 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1573 1. Get vSG corresponding to vcpe
1574 2. Login to compute node
1575 3. Execute iptable command on vcpe from compute node to deny a destination IP
1576 4. From cord-tester ping to 8.8.8.8
1577 5. Verifying that ping should not be successful
1578 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1579 7. From cord-tester ping to 8.8.8.8
1580 8. Verifying the ping should success
1581 9. Delete the rule added in step 3
1582 10. From cord-tester ping to 8.8.8.8
1583 11. Verifying that ping should not be successful
1584 12. Delete the rule added in step 6
1585 13. From cord-tester ping to 8.8.8.8
1586 14. Verifying the ping should success
1587 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1588 if not vcpe_name:
1589 vcpe_name = self.vcpe_container
1590 if not vcpe_intf:
1591 vcpe_intf = self.vcpe_dhcp
1592 df = defer.Deferred()
1593 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1594 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1595 df.callback(0)
1596 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1597 host = '8.8.8.8'
1598 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1599 try:
1600 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1601 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1602 assert_equal(st, False)
1603 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1604 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1605 assert_equal(st, True)
1606 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1607 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1608 assert_equal(st, True)
1609 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1610 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1611 assert_equal(st, True)
1612 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1613 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1614 assert_equal(st,False)
1615 finally:
1616 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1617 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1618 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1619 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1620 df.callback(0)
1621 reactor.callLater(0, vcpe_firewall, df)
1622 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1623
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1624 @deferred(TIMEOUT) #Fail
1625 def test_vsg_firewall_flushing_all_configured_rules(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1626 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1627 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1628 1. Get vSG corresponding to vcpe
1629 2. Login to compute node
1630 3. Execute iptable command on vcpe from compute node to deny a destination IP
1631 4. From cord-tester ping to 8.8.8.8
1632 5. Verifying that ping should not be successful
1633 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1634 7. From cord-tester ping to 8.8.8.8
1635 8. Verifying the ping should success
1636 9. Flush all the iptable rules configuraed in vcpe
1637 10. Delete the rule added in step 6
1638 11. From cord-tester ping to 8.8.8.8
1639 12. Verifying the ping should success
1640 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1641 if not vcpe_name:
1642 vcpe_name = self.vcpe_container
1643 if not vcpe_intf:
1644 vcpe_intf = self.vcpe_dhcp
1645 df = defer.Deferred()
1646 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1647 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1648 df.callback(0)
1649 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1650 host = '8.8.8.8'
1651 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1652 try:
1653 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1654 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1655 assert_equal(st, False)
1656 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1657 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1658 assert_equal(st, True)
1659 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1660 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1661 assert_equal(st, True)
1662 st,output = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name))
1663 time.sleep(1)
1664 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1665 assert_equal(st, False)
1666 finally:
1667 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1668 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1669 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1670 df.callback(0)
1671 reactor.callLater(0, vcpe_firewall, df)
1672 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1673
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1674 @deferred(TIMEOUT)
1675 def test_vsg_firewall_deny_all_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1676 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1677 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1678 1. Get vSG corresponding to vcpe
1679 2. Login to compute node
1680 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic
1681 4. From cord-tester ping to 8.8.8.8
1682 5. Verifying that ping should not be successful
1683 6. Delete the iptable rule added
1684 7. From cord-tester ping to 8.8.8.8
1685 8. Verifying the ping should success
1686 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1687 if not vcpe_name:
1688 vcpe_name = self.vcpe_container
1689 if not vcpe_intf:
1690 vcpe_intf = self.vcpe_dhcp
1691 df = defer.Deferred()
1692 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1693 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1694 df.callback(0)
1695 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1696 host = '8.8.8.8'
1697 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1698 try:
1699 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1700 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1701 assert_equal(st, False)
1702 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1703 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1704 assert_equal(st, True)
1705 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1706 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1707 assert_equal(st, False)
1708 finally:
1709 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1710 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1711 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1712 df.callback(0)
1713 reactor.callLater(0, vcpe_firewall, df)
1714 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1715
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1716 @deferred(TIMEOUT)
1717 def test_vsg_firewall_replacing_deny_rule_to_accept_rule_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1718 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1719 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1720 1. Get vSG corresponding to vcpe
1721 2. Login to compute node
1722 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic
1723 4. From cord-tester ping to 8.8.8.8
1724 5. Verifying that ping should not be successful
1725 6. Replace the deny rule added in step 3 with accept rule
1726 7. From cord-tester ping to 8.8.8.8
1727 8. Verifying the ping should success
1728 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1729 if not vcpe_name:
1730 vcpe_name = self.vcpe_container
1731 if not vcpe_intf:
1732 vcpe_intf = self.vcpe_dhcp
1733 df = defer.Deferred()
1734 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1735 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1736 df.callback(0)
1737 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1738 host = '8.8.8.8'
1739 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1740 try:
1741 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1742 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1743 assert_equal(st, False)
1744 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1745 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1746 assert_equal(st, True)
1747 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -4 -j ACCEPT'.format(vcpe_name))
1748 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1749 assert_equal(st, False)
1750 finally:
1751 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1752 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1753 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1754 df.callback(0)
1755 reactor.callLater(0, vcpe_firewall, df)
1756 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1757
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1758 @deferred(TIMEOUT)
1759 def test_vsg_firewall_deny_all_traffic_coming_on_lan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
1760 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1761 Test Method:
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1762 1. Get vSG corresponding to vcpe
1763 2. Login to compute node
1764 3. Execute iptable command on vcpe from compute node to deny all the traffic coming on lan interface inside vcpe container
1765 4. From cord-tester ping to 8.8.8.8
1766 5. Verifying the ping should not success
1767 6. Delete the iptable rule added
1768 7. From cord-tester ping to 8.8.8.8
1769 8. Verifying the ping should success
1770 """
1771 if not vcpe_name:
1772 vcpe_name = self.vcpe_container
1773 if not vcpe_intf:
1774 vcpe_intf = self.vcpe_dhcp
1775 df = defer.Deferred()
1776 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1777 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1778 df.callback(0)
1779 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1780 host = '8.8.8.8'
1781 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1782 try:
1783 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1784 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1785 assert_equal(st, False)
1786 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -j DROP'.format(vcpe_name))
1787 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1788 assert_equal(st, True)
1789 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name))
1790 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1791 assert_equal(st, False)
1792 finally:
1793 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name))
1794 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1795 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1796 df.callback(0)
1797 reactor.callLater(0, vcpe_firewall, df)
1798 return df
1799
1800 @deferred(TIMEOUT)
1801 def test_vsg_firewall_deny_all_traffic_going_out_of_wan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
1802 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1803 Test Method:
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1804 1. Get vSG corresponding to vcpe
1805 2. Login to compute node
1806 3. Execute iptable command on vcpe from compute node to deny all the traffic going out of wan interface inside vcpe container
1807 4. From cord-tester ping to 8.8.8.8
1808 5. Verifying the ping should not success
1809 6. Delete the iptable rule added
1810 7. From cord-tester ping to 8.8.8.8
1811 8. Verifying the ping should success
1812 """
1813 if not vcpe_name:
1814 vcpe_name = self.vcpe_container
1815 if not vcpe_intf:
1816 vcpe_intf = self.vcpe_dhcp
1817 df = defer.Deferred()
1818 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1819 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1820 df.callback(0)
1821 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1822 host = '8.8.8.8'
1823 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1824 try:
1825 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1826 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1827 assert_equal(st, False)
1828 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -o eth0 -j DROP'.format(vcpe_name))
1829 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1830 assert_equal(st, True)
1831 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name))
1832 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1833 assert_equal(st, False)
1834 finally:
1835 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name))
1836 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1837 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1838 df.callback(0)
1839 reactor.callLater(0, vcpe_firewall, df)
1840 return df
1841
1842 @deferred(TIMEOUT)
1843 def test_vsg_firewall_deny_all_traffic_from_lan_to_wan_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1844 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1845 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1846 1. Get vSG corresponding to vcpe
1847 2. Login to compute node
1848 3. Execute iptable command on vcpe from compute node to deny all the traffic from lan to wan interface in vcpe
1849 4. From cord-tester ping to 8.8.8.8
1850 5. Verifying that ping should not be successful
1851 6. Delete the iptable rule added
1852 7. From cord-tester ping to 8.8.8.8
1853 8. Verifying the ping should success
1854 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1855 if not vcpe_name:
1856 vcpe_name = self.vcpe_container
1857 if not vcpe_intf:
1858 vcpe_intf = self.vcpe_dhcp
1859 df = defer.Deferred()
1860 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1861 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1862 df.callback(0)
1863 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1864 host = '8.8.8.8'
1865 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1866 try:
1867 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1868 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1869 assert_equal(st, False)
1870 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1871 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1872 assert_equal(st, True)
1873 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1874 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1875 assert_equal(st, False)
1876 finally:
1877 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1878 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1879 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1880 df.callback(0)
1881 reactor.callLater(0, vcpe_firewall, df)
1882 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1883
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1884 #this test case needs modification.default route should be vcpe interface to run this test case
1885 @deferred(TIMEOUT)
1886 def test_vsg_firewall_deny_all_dns_traffic(self,vcpe_name=None,vcpe_intf=None):
1887 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1888 Test Method:
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1889 1. Get vSG corresponding to vcpe
1890 2. Login to compute node
1891 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1892 4. From cord-tester ping to www.google.com
1893 5. Verifying the ping should not success
1894 6. Delete the iptable rule added
1895 7. From cord-tester ping to www.google.com
1896 8. Verifying the ping should success
1897 """
1898 if not vcpe_name:
1899 vcpe_name = self.vcpe_container
1900 if not vcpe_intf:
1901 vcpe_intf = self.vcpe_dhcp
1902 df = defer.Deferred()
1903 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1904 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1905 df.callback(0)
1906 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1907 host = 'www.msn.com'
1908 host_ip = '131.253.33.203'
1909 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1910 try:
1911 self.add_static_route_via_vcpe_interface([host_ip],vcpe=self.vcpe_dhcp)
1912 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1913 assert_equal(st, False)
1914 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name))
1915 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1916 assert_equal(st, True)
1917 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p udp --dport 53 -j ACCEPT'.format(vcpe_name))
1918 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1919 assert_equal(st, False)
1920 finally:
1921 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name))
1922 self.del_static_route_via_vcpe_interface([host_ip],vcpe=vcpe_intf)
1923 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1924 df.callback(0)
1925 reactor.callLater(0, vcpe_firewall, df)
1926 return df
1927
1928 @deferred(TIMEOUT)
1929 def test_vsg_firewall_deny_all_ipv4_traffic_vcpe_container_restart(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1930 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1931 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1932 1. Get vSG corresponding to vcpe
1933 2. Login to compute node
1934 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1935 4. From cord-tester ping to www.google.com
1936 5. Verifying that ping should not be successful
1937 6. Delete the iptable rule added
1938 7. From cord-tester ping to www.google.com
1939 8. Verifying the ping should success
1940 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1941 if not vcpe_name:
1942 vcpe_name = self.vcpe_container
1943 if not vcpe_intf:
1944 vcpe_intf = self.vcpe_dhcp
1945 df = defer.Deferred()
1946 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1947 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1948 df.callback(0)
1949 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1950 host = '8.8.8.8'
1951 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1952 try:
1953 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1954 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1955 assert_equal(st, False)
1956 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1957 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1958 assert_equal(st, True)
1959 st,output = vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1960 time.sleep(3)
1961 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1962 assert_equal(st, False)
1963 finally:
1964 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1965 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1966 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1967 df.callback(0)
1968 reactor.callLater(0, vcpe_firewall, df)
1969 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1970
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1971 @deferred(TIMEOUT)
1972 def test_vsg_dnat_modifying_destination_ip(self,vcpe_name=None,vcpe_intf=None):
1973 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1974 Test Method:
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1975 1. Get vSG corresponding to vcpe
1976 2. Login to compute node
1977 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1978 4. From cord-tester ping to www.google.com
1979 5. Verifying the ping should not success
1980 6. Delete the iptable rule added
1981 7. From cord-tester ping to www.google.com
1982 8. Verifying the ping should success
1983 """
1984 if not vcpe_name:
1985 vcpe_name = self.vcpe_container
1986 if not vcpe_intf:
1987 vcpe_intf = self.vcpe_dhcp
1988 df = defer.Deferred()
1989 def vcpe_firewall(df):
1990 host = '8.8.8.8'
1991 dst_ip = '123.123.123.123'
1992 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1993 try:
1994 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1995 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1996 assert_equal(st, False)
1997 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1998 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1999 assert_equal(st, True)
2000 finally:
2001 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
2002 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
2003 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
2004 df.callback(0)
2005 reactor.callLater(0,vcpe_firewall,df)
2006 return df
2007
2008 @deferred(TIMEOUT)
2009 def test_vsg_dnat_modifying_destination_ip_and_delete(self,vcpe_name=None,vcpe_intf=None):
2010 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2011 Test Method:
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]2012 1. Get vSG corresponding to vcpe
2013 2. Login to compute node
2014 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
2015 4. From cord-tester ping to www.google.com
2016 5. Verifying the ping should not success
2017 6. Delete the iptable rule added
2018 7. From cord-tester ping to www.google.com
2019 8. Verifying the ping should success
2020 """
2021 if not vcpe_name:
2022 vcpe_name = self.vcpe_container
2023 if not vcpe_intf:
2024 vcpe_intf = self.vcpe_dhcp
2025 df = defer.Deferred()
2026 def vcpe_firewall(df):
2027 host = '8.8.8.8'
2028 dst_ip = '123.123.123.123'
2029 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
2030 try:
2031 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
2032 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2033 assert_equal(st, False)
2034 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
2035 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2036 assert_equal(st, True)
2037 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
2038 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2039 assert_equal(st, False)
2040 finally:
2041 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
2042 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
2043 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
2044 df.callback(0)
2045 reactor.callLater(0,vcpe_firewall,df)
2046 return df
2047
2048 @deferred(TIMEOUT)
2049 def test_vsg_dnat_change_modifying_destination_ip_address(self,vcpe_name=None,vcpe_intf=None):
2050 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2051 Test Method:
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]2052 1. Get vSG corresponding to vcpe
2053 2. Login to compute node
2054 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
2055 4. From cord-tester ping to www.google.com
2056 5. Verifying the ping should not success
2057 6. Delete the iptable rule added
2058 7. From cord-tester ping to www.google.com
2059 8. Verifying the ping should success
2060 """
2061 if not vcpe_name:
2062 vcpe_name = self.vcpe_container
2063 if not vcpe_intf:
2064 vcpe_intf = self.vcpe_dhcp
2065 df = defer.Deferred()
2066 def vcpe_firewall(df):
2067 host = '8.8.8.8'
2068 dst_ip = '123.123.123.123'
2069 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
2070 try:
2071 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
2072 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2073 assert_equal(st, False)
2074 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
2075 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2076 assert_equal(st, True)
2077 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -R PREROUTING 1 -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,host))
2078 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2079 assert_equal(st, False)
2080 finally:
2081 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
2082 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,host))
2083 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
2084 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
2085 df.callback(0)
2086 reactor.callLater(0,vcpe_firewall,df)
2087 return df
2088
A.R Karthicka3fa2f92017-05-18 18:51:36 -0700[diff] [blame^]2089 def vsg_xos_subscriber_create(self, index, subscriber_info = None, volt_subscriber_info = None):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]2090 if self.on_pod is False:
A.R Karthicka3fa2f92017-05-18 18:51:36 -0700[diff] [blame^]2091 return ''
2092 if subscriber_info is None:
2093 subscriber_info = self.subscriber_info[index]
2094 if volt_subscriber_info is None:
2095 volt_subscriber_info = self.volt_subscriber_info[index]
A R Karthickd0b06792017-04-25 15:11:23 -0700[diff] [blame]2096 s_tag = int(volt_subscriber_info['voltTenant']['s_tag'])
2097 c_tag = int(volt_subscriber_info['voltTenant']['c_tag'])
2098 vcpe = 'vcpe-{}-{}'.format(s_tag, c_tag)
2099 log.info('Creating tenant with s_tag: %d, c_tag: %d' %(s_tag, c_tag))
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]2100 subId = ''
2101 try:
2102 result = self.restApiXos.ApiPost('TENANT_SUBSCRIBER', subscriber_info)
2103 assert_equal(result, True)
2104 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
2105 assert_not_equal(result, None)
2106 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
2107 assert_not_equal(subId, '0')
A.R Karthicka3fa2f92017-05-18 18:51:36 -0700[diff] [blame^]2108 log.info('Subscriber ID for account num %s = %s' %(str(volt_subscriber_info['account_num']), subId))
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]2109 volt_tenant = volt_subscriber_info['voltTenant']
2110 #update the subscriber id in the tenant info before making the rest
2111 volt_tenant['subscriber'] = subId
2112 result = self.restApiXos.ApiPost('TENANT_VOLT', volt_tenant)
2113 assert_equal(result, True)
2114 #if the vsg instance was already instantiated, then reduce delay
2115 if c_tag % self.subscribers_per_s_tag == 0:
2116 delay = 350
2117 else:
2118 delay = 90
2119 log.info('Delaying %d seconds for the VCPE to be provisioned' %(delay))
2120 time.sleep(delay)
2121 log.info('Testing for external connectivity to VCPE %s' %(vcpe))
2122 self.vsg_for_external_connectivity(index)
2123 finally:
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2124 return subId
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]2125
A.R Karthicka3fa2f92017-05-18 18:51:36 -0700[diff] [blame^]2126 def vsg_xos_subscriber_delete(self, index, subId = '', voltId = '', subscriber_info = None, volt_subscriber_info = None):
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]2127 if self.on_pod is False:
2128 return
A.R Karthicka3fa2f92017-05-18 18:51:36 -0700[diff] [blame^]2129 if subscriber_info is None:
2130 subscriber_info = self.subscriber_info[index]
2131 if volt_subscriber_info is None:
2132 volt_subscriber_info = self.volt_subscriber_info[index]
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]2133 s_tag = int(volt_subscriber_info['voltTenant']['s_tag'])
2134 c_tag = int(volt_subscriber_info['voltTenant']['c_tag'])
2135 vcpe = 'vcpe-{}-{}'.format(s_tag, c_tag)
2136 log.info('Deleting tenant with s_tag: %d, c_tag: %d' %(s_tag, c_tag))
2137 if not subId:
2138 #get the subscriber id first
2139 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
2140 assert_not_equal(result, None)
2141 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
2142 assert_not_equal(subId, '0')
A.R Karthicka3fa2f92017-05-18 18:51:36 -0700[diff] [blame^]2143 if not voltId:
2144 #get the volt id for the subscriber
2145 result = self.restApiXos.ApiGet('TENANT_VOLT')
2146 assert_not_equal(result, None)
2147 voltId = self.getVoltId(result, subId)
2148 assert_not_equal(voltId, None)
2149 log.info('Deleting subscriber ID %s for account num %s' %(subId, str(volt_subscriber_info['account_num'])))
A R Karthicka385cea2017-04-26 10:12:43 -0700[diff] [blame]2150 status = self.restApiXos.ApiDelete('TENANT_SUBSCRIBER', subId)
2151 assert_equal(status, True)
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]2152 #Delete the tenant
2153 log.info('Deleting VOLT Tenant ID %s for subscriber %s' %(voltId, subId))
A R Karthick76944872017-04-26 10:21:37 -0700[diff] [blame]2154 self.restApiXos.ApiDelete('TENANT_VOLT', voltId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2155
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame]2156 def vsg_xos_subscriber_id(self, index):
2157 volt_subscriber_info = self.volt_subscriber_info[index]
2158 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
2159 assert_not_equal(result, None)
2160 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
2161 return subId
2162
A.R Karthicka3fa2f92017-05-18 18:51:36 -0700[diff] [blame^]2163 def test_vsg_xos_subscriber_create_reserved(self):
2164 tags_reserved = [ (int(vcpe['s_tag']), int(vcpe['c_tag'])) for vcpe in self.vcpes_reserved ]
2165 volt_tenants = self.restApiXos.ApiGet('TENANT_VOLT')
2166 subscribers = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
2167 reserved_tenants = filter(lambda tenant: (int(tenant['s_tag']), int(tenant['c_tag'])) in tags_reserved, volt_tenants)
2168 reserved_config = []
2169 for tenant in reserved_tenants:
2170 for subscriber in subscribers:
2171 if int(subscriber['id']) == int(tenant['subscriber']):
2172 volt_subscriber_info = {}
2173 volt_subscriber_info['voltTenant'] = dict(s_tag = tenant['s_tag'],
2174 c_tag = tenant['c_tag'],
2175 subscriber = tenant['subscriber'])
2176 volt_subscriber_info['volt_id'] = tenant['id']
2177 volt_subscriber_info['account_num'] = subscriber['identity']['account_num']
2178 reserved_config.append( (subscriber, volt_subscriber_info) )
2179 break
2180 else:
2181 log.info('Subscriber not found for tenant %s, s_tag: %s, c_tag: %s' %(str(tenant['subscriber']),
2182 str(tenant['s_tag']),
2183 str(tenant['c_tag'])))
2184
2185 for subscriber_info, volt_subscriber_info in reserved_config:
2186 self.vsg_xos_subscriber_delete(0,
2187 subId = str(subscriber_info['id']),
2188 voltId = str(volt_subscriber_info['volt_id']),
2189 subscriber_info = subscriber_info,
2190 volt_subscriber_info = volt_subscriber_info)
2191 subId = self.vsg_xos_subscriber_create(0,
2192 subscriber_info = subscriber_info,
2193 volt_subscriber_info = volt_subscriber_info)
2194 log.info('Created reserved subscriber %s' %(subId))
2195
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame]2196 def test_vsg_xos_subscriber_create_all(self):
2197 for index in xrange(len(self.subscriber_info)):
2198 #check if the index exists
2199 subId = self.vsg_xos_subscriber_id(index)
2200 if subId and subId != '0':
2201 self.vsg_xos_subscriber_delete(index, subId = subId)
2202 subId = self.vsg_xos_subscriber_create(index)
2203 log.info('Created Subscriber %s' %(subId))
2204
2205 def test_vsg_xos_subscriber_delete_all(self):
2206 for index in xrange(len(self.subscriber_info)):
2207 subId = self.vsg_xos_subscriber_id(index)
2208 if subId and subId != '0':
2209 self.vsg_xos_subscriber_delete(index, subId = subId)
2210
2211 def test_vsg_xos_subscriber_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2212 subId = self.vsg_xos_subscriber_create(0)
2213 if subId and subId != '0':
2214 self.vsg_xos_subscriber_delete(0, subId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2215
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame]2216 def test_vsg_xos_subscriber_2_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2217 subId = self.vsg_xos_subscriber_create(1)
2218 if subId and subId != '0':
2219 self.vsg_xos_subscriber_delete(1, subId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2220
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame]2221 def test_vsg_xos_subscriber_3_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2222 subId = self.vsg_xos_subscriber_create(2)
2223 if subId and subId != '0':
2224 self.vsg_xos_subscriber_delete(2, subId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2225
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame]2226 def test_vsg_xos_subscriber_4_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2227 subId = self.vsg_xos_subscriber_create(3)
2228 if subId and subId != '0':
2229 self.vsg_xos_subscriber_delete(3, subId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2230
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame]2231 def test_vsg_xos_subscriber_5_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2232 subId = self.vsg_xos_subscriber_create(4)
2233 if subId and subId != '0':
2234 self.vsg_xos_subscriber_delete(4, subId)
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]2235
Anil Kumar Sanka52a39f82017-05-10 17:39:31 +0000[diff] [blame]2236 def test_vsg_without_creating_vcpe_instance(self, index=0):
2237 vcpe = self.dhcp_vcpes[index]
2238 host = '8.8.8.8'
2239 st, _ = getstatusoutput('dhclient {}'.format(vcpe))
2240 assert_equal(st,True)
2241 subId = self.vsg_xos_subscriber_create(index)
2242 if subId and subId != '0':
2243 self.vsg_xos_subscriber_delete(index, subId)
2244
2245 def test_vsg_for_remove_vcpe_instance(self,index=0):
2246 subId = self.vsg_xos_subscriber_create(index)
2247 if subId and subId != '0':
2248 self.vsg_xos_subscriber_delete(index, subId)
2249 vcpe = self.dhcp_vcpes[index]
2250 host = '8.8.8.8'
2251 st, _ = getstatusoutput('dhclient {}'.format(vcpe))
2252 assert_equal(st,True)
2253
2254 def test_vsg_create_xos_subscribers_in_different_vsg_vm(self):
2255 subId1 = self.vsg_xos_subscriber_create(4)
2256 subId2 = self.vsg_xos_subscriber_create(6)
2257 if subId1 and subId1 != '0':
2258 self.vsg_xos_subscriber_delete(4, subId1)
2259 if subId2 and subId2 != '0':
2260 self.vsg_xos_subscriber_delete(6, subId2)
2261
Anil Kumar Sanka5bb352a2017-05-16 22:24:01 +0000[diff] [blame]2262 def test_vsg_xos_subscriber_external_connectivity_if_one_vcpe_goes_down(self):
2263 """
2264 Test Method:
2265 1.Create two vcpe instances in two different vsg vms using XOS
2266 2.Verify external connectivity through vcpe instances from cord-tester
2267 3.Kill first vcpe instance
2268 4.Verify external network cant be reachable form first vcpe interface
2269 """
2270 host = '8.8.8.8'
2271 subId1 = self.vsg_xos_subscriber_create(0)
2272 subId2 = self.vsg_xos_subscriber_create(1)
2273 vcpe_intf1 = self.dhcp_vcpes[0]
2274 vcpe_intf2 = self.dhcp_vcpes[1]
2275 vcpe_name1 = 'vcpe-{}-{}'.format(vcpe_intf1.split('.')[1],intf.split1('.')[2])
2276 vcpe_name1 = 'vcpe-{}-{}'.format(vcpe_intf2.split('.')[1],intf.split2('.')[2])
2277 vsg1 = VSGAccess.get_vcpe_vsg(vcpe_name1)
2278 vsg2 = VSGAccess.get_vcpe_vsg(vcpe_name2)
2279 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf2)
2280 st,output = vsg2.run_cmd('sudo docker kill {}'.format(vcpe_name2))
2281 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2282 assert_equal(st, True)
2283 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf2)
2284 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf1)
2285 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2286 assert_equal(st, False)
2287 if subId1 and subId1 != '0':
2288 self.vsg_xos_subscriber_delete(0, subId1)
2289 if subId2 and subId2 != '0':
2290 self.vsg_xos_subscriber_delete(1, subId2)
2291
2292 def test_vsg_xos_subscriber_external_connectivity_if_one_vcpe_is_removed_and_added_again(self):
2293 """
2294 Test Method:
2295 1.Create two vcpe instances in two different vsg vms using XOS
2296 2.Verify external connectivity through vcpe instances from cord-tester
2297 3.Remove first vcpe instance
2298 4.Verify external network cant be reachable form first vcpe interface
2299 5.Add back the removed vcpe instance
2300 6.Verify external connectivity through vcpe instances from cord-tester
2301 """
2302 host = '8.8.8.8'
2303 subId1 = self.vsg_xos_subscriber_create(0)
2304 subId2 = self.vsg_xos_subscriber_create(1)
2305 vcpe_intf1 = self.dhcp_vcpes[0]
2306 vcpe_intf2 = self.dhcp_vcpes[1]
2307 vcpe_name1 = 'vcpe-{}-{}'.format(vcpe_intf1.split('.')[1],intf.split1('.')[2])
2308 vcpe_name1 = 'vcpe-{}-{}'.format(vcpe_intf2.split('.')[1],intf.split2('.')[2])
2309 vsg1 = VSGAccess.get_vcpe_vsg(vcpe_name1)
2310 vsg2 = VSGAccess.get_vcpe_vsg(vcpe_name2)
2311 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf2)
2312 st,output = vsg2.run_cmd('sudo docker kill {}'.format(vcpe_name2))
2313 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2314 assert_equal(st, True)
2315 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf2)
2316 subId2 = self.vsg_xos_subscriber_create(1)
2317 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf2)
2318 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2319 assert_equal(st, False)
2320 if subId1 and subId1 != '0':
2321 self.vsg_xos_subscriber_delete(0, subId1)
2322 if subId2 and subId2 != '0':
2323 self.vsg_xos_subscriber_delete(1, subId2)
2324
2325
2326 def test_vsg_xos_subscriber_external_connectivity_if_one_vcpe_restarts(self):
2327 """
2328 Test Method:
2329 1.Create two vcpe instances in two different vsg vms using XOS
2330 2.Verify external connectivity through vcpe instances from cord-tester
2331 3.Restart first vcpe instance
2332 4.Verify external network cant be reachable form first vcpe interface
2333 """
2334 host = '8.8.8.8'
2335 subId1 = self.vsg_xos_subscriber_create(0)
2336 subId2 = self.vsg_xos_subscriber_create(1)
2337 vcpe_intf1 = self.dhcp_vcpes[0]
2338 vcpe_intf2 = self.dhcp_vcpes[1]
2339 vcpe_name1 = 'vcpe-{}-{}'.format(vcpe_intf1.split('.')[1],intf.split1('.')[2])
2340 vcpe_name1 = 'vcpe-{}-{}'.format(vcpe_intf2.split('.')[1],intf.split2('.')[2])
2341 vsg1 = VSGAccess.get_vcpe_vsg(vcpe_name1)
2342 vsg2 = VSGAccess.get_vcpe_vsg(vcpe_name2)
2343 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf2)
2344 st,output = vsg2.run_cmd('sudo docker restart {}'.format(vcpe_name1))
2345 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2346 assert_equal(st, True)
2347 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf1)
2348 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf1)
2349 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2350 assert_equal(st, False)
2351 if subId1 and subId1 != '0':
2352 self.vsg_xos_subscriber_delete(0, subId1)
2353 if subId2 and subId2 != '0':
2354 self.vsg_xos_subscriber_delete(1, subId2)
2355
2356 def test_vsg_xos_subscriber_external_connectivity_if_one_vcpe_pause(self):
2357 """
2358 Test Method:
2359 1.Create two vcpe instances in two different vsg vms using XOS
2360 2.Verify external connectivity through vcpe instances from cord-tester
2361 3.Pause running first vcpe instance
2362 4.Verify external network cant be reachable form first vcpe interface
2363 """
2364 host = '8.8.8.8'
2365 subId1 = self.vsg_xos_subscriber_create(0)
2366 subId2 = self.vsg_xos_subscriber_create(1)
2367 vcpe_intf1 = self.dhcp_vcpes[0]
2368 vcpe_intf2 = self.dhcp_vcpes[1]
2369 vcpe_name1 = 'vcpe-{}-{}'.format(vcpe_intf1.split('.')[1],intf.split1('.')[2])
2370 vcpe_name1 = 'vcpe-{}-{}'.format(vcpe_intf2.split('.')[1],intf.split2('.')[2])
2371 vsg1 = VSGAccess.get_vcpe_vsg(vcpe_name1)
2372 vsg2 = VSGAccess.get_vcpe_vsg(vcpe_name2)
2373 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf2)
2374 st,output = vsg2.run_cmd('sudo docker pause {}'.format(vcpe_name1))
2375 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2376 assert_equal(st, True)
2377 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf1)
2378 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf1)
2379 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2380 assert_equal(st, False)
2381 if subId1 and subId1 != '0':
2382 self.vsg_xos_subscriber_delete(0, subId1)
2383 if subId2 and subId2 != '0':
2384 self.vsg_xos_subscriber_delete(1, subId2)
2385
2386 def test_vsg_xos_subscriber_external_connectivity_if_one_vcpe_restarts_and_stops(self):
2387 """
2388 Test Method:
2389 1.Create two vcpe instances in two different vsg vms using XOS
2390 2.Verify external connectivity through vcpe instances from cord-tester
2391 3.Stop running first vcpe instance
2392 4.Verify external network cant be reachable form first vcpe interface
2393 """
2394 host = '8.8.8.8'
2395 subId1 = self.vsg_xos_subscriber_create(0)
2396 subId2 = self.vsg_xos_subscriber_create(1)
2397 vcpe_intf1 = self.dhcp_vcpes[0]
2398 vcpe_intf2 = self.dhcp_vcpes[1]
2399 vcpe_name1 = 'vcpe-{}-{}'.format(vcpe_intf1.split('.')[1],intf.split1('.')[2])
2400 vcpe_name1 = 'vcpe-{}-{}'.format(vcpe_intf2.split('.')[1],intf.split2('.')[2])
2401 vsg1 = VSGAccess.get_vcpe_vsg(vcpe_name1)
2402 vsg2 = VSGAccess.get_vcpe_vsg(vcpe_name2)
2403 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf2)
2404 st,output = vsg2.run_cmd('sudo docker stop {}'.format(vcpe_name1))
2405 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2406 assert_equal(st, True)
2407 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf1)
2408 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf1)
2409 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2410 assert_equal(st, False)
2411 if subId1 and subId1 != '0':
2412 self.vsg_xos_subscriber_delete(0, subId1)
2413 if subId2 and subId2 != '0':
2414 self.vsg_xos_subscriber_delete(1, subId2)
2415
2416 def test_vsg_xos_subscriber_external_connectivity_if_one_vsg_goes_down(self):
2417 """
2418 Test Method:
2419 1.Create two vcpe instances in two different vsg vms using XOS
2420 2.Verify external connectivity through vcpe instances from cord-tester
2421 3.Bring down first vSG vm
2422 4.Verify external network cant be reachable form first vcpe interface
2423 """
2424 subId1 = self.vsg_xos_subscriber_create(4)
2425 subId2 = self.vsg_xos_subscriber_create(6)
2426 if subId1 and subId1 != '0':
2427 self.vsg_xos_subscriber_delete(4, subId1)
2428 if subId2 and subId2 != '0':
2429 self.vsg_xos_subscriber_delete(6, subId2)
2430
2431 def test_vsg_xos_subscriber_external_connectivity_if_two_vsgs_goes_down(self):
2432 """
2433 Test Method:
2434 1.Create two vcpe instances in two different vsg vms using XOS
2435 2.Verify external connectivity through vcpe instances from cord-tester
2436 3.Bring down first vSG vm
2437 4.Verify external network cant be reachable form first vcpe interface
2438 5.Bring down second vSG vm also
2439 6.Verify external network cant be reachable form first vcpe interface also
2440 """
Anil Kumar Sanka52a39f82017-05-10 17:39:31 +0000[diff] [blame]2441 subId1 = self.vsg_xos_subscriber_create(4)
2442 subId2 = self.vsg_xos_subscriber_create(6)
2443 if subId1 and subId1 != '0':
2444 self.vsg_xos_subscriber_delete(4, subId1)
2445 if subId2 and subId2 != '0':
2446 self.vsg_xos_subscriber_delete(6, subId2)
2447
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2448 def test_vsg_with_xos_subscriber_creating_firewall(self,index=4):
2449 log.info('cls.dhcp_vcpes is %s'%self.dhcp_vcpes)
Chetan Gaonker4cff4432017-05-01 17:56:56 +0000[diff] [blame]2450 host = '8.8.8.8'
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2451 self.vsg_xos_subscriber_delete(4, 3)
2452 subId = self.vsg_xos_subscriber_create(index)
2453 if subId and subId != '0':
2454 subscriber_info = self.subscriber_info[index]
2455 volt_subscriber_info = self.volt_subscriber_info[index]
2456 s_tag = int(volt_subscriber_info['voltTenant']['s_tag'])
2457 c_tag = int(volt_subscriber_info['voltTenant']['c_tag'])
2458 vcpe = 'vcpe-{}-{}'.format(s_tag, c_tag)
2459 vcpe_intf = self.dhcp_vcpes[index] #'vcpe{}.{}.{}'.format(s_tag, c_tag)
2460 vsg = VSGAccess.get_vcpe_vsg(vcpe)
2461 try:
2462 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
2463 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2464 assert_equal(st, False)
2465 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe,host))
2466 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2467 assert_equal(st, True)
2468 st,_ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe,host))
2469 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2470 assert_equal(st, False)
2471 finally:
2472 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe,host))
2473 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
2474 vsg.run_cmd('sudo docker restart {}'.format(vcpe))
2475 self.vsg_xos_subscriber_delete(4, subId)
2476 self.vsg_xos_subscriber_delete(4, subId)
Chetan Gaonker4cff4432017-05-01 17:56:56 +0000[diff] [blame]2477
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2478
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2479 def test_vsg_for_packet_received_with_invalid_ip_fields(self):
2480 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2481 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2482 1.Create a vSG VM in compute node
2483 2.Create a vCPE container in vSG VM
2484 3.Ensure vSG VM and vCPE container created properly
2485 4.From subscriber, send a ping packet with invalid ip fields
2486 5.Verify that vSG drops the packet
2487 6.Verify ping fails
2488 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2489
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2490 def test_vsg_for_packet_received_with_invalid_mac_fields(self):
2491 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2492 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2493 1.Create a vSG VM in compute node
2494 2.Create a vCPE container in vSG VM
2495 3.Ensure vSG VM and vCPE container created properly
2496 4.From subscriber, send a ping packet with invalid mac fields
2497 5.Verify that vSG drops the packet
2498 6.Verify ping fails
2499 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2500
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2501 def test_vsg_for_vlan_id_mismatch_in_stag(self):
2502 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2503 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2504 1.Create a vSG VM in compute Node
2505 2.Create a vCPE container in vSG VM
2506 3.Ensure vSG VM and vCPE container created properly
2507 4.Send a ping request to external valid IP from subscriber, with incorrect vlan id in s-tag and valid c-tag
2508 5.Verify that ping fails as the packet drops at VM entry
2509 6.Repeat step 4 with correct s-tag
2510 7.Verify that ping success
2511 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2512
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2513 def test_vsg_for_vlan_id_mismatch_in_ctag(self):
2514 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2515 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2516 1.Create a vSG VM in compute node
2517 2.Create a vCPE container in vSG VM
2518 3.Ensure vSG VM and vCPE container created properly
2519 4.Send a ping request to external valid IP from subscriber, with valid s-tag and incorrect vlan id in c-tag
2520 5.Verify that ping fails as the packet drops at vCPE container entry
2521 6.Repeat step 4 with valid s-tag and c-tag
2522 7.Verify that ping success
2523 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2524
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2525 def test_vsg_for_matching_and_mismatching_vlan_id_in_stag(self):
2526 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2527 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2528 1.Create two vSG VMs in compute node
2529 2.Create a vCPE container in each vSG VM
2530 3.Ensure vSG VM and vCPE container created properly
2531 4.From subscriber one, send ping request with valid s and c tags
2532 5.From subscriber two, send ping request with vlan id mismatch in s-tag and valid c tags
2533 6.Verify that ping success for only subscriber one and fails for two.
2534 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2535
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2536 def test_vsg_for_matching_and_mismatching_vlan_id_in_ctag(self):
2537 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2538 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2539 1.Create a vSG VM in compute node
2540 2.Create two vCPE containers in vSG VM
2541 3.Ensure vSG VM and vCPE container created properly
2542 4.From subscriber one, send ping request with valid s and c tags
2543 5.From subscriber two, send ping request with valid s-tag and vlan id mismatch in c-tag
2544 6.Verify that ping success for only subscriber one and fails for two
2545 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2546
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2547 def test_vsg_for_out_of_range_vlanid_in_ctag(self):
2548 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2549 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2550 1.Create a vSG VM in compute node
2551 2.Create a vCPE container in vSG VM
2552 3.Ensure vSG VM and vCPE container created properly
2553 4.From subscriber, send ping request with valid stag and vlan id in c-tag is an out of range value ( like 0,4097 )
2554 4.Verify that ping fails as the ping packets drops at vCPE container entry
2555 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2556
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2557 def test_vsg_for_out_of_range_vlanid_in_stag(self):
2558 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2559 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2560 1.Create a vSG VM in compute node
2561 2.Create a vCPE container in vSG VM
2562 3.Ensure vSG VM and vCPE container created properly
2563 2.From subscriber, send ping request with vlan id in s-tag is an out of range value ( like 0,4097 ), with valid c-tag
2564 4.Verify that ping fails as the ping packets drops at vSG VM entry
2565 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2566
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2567 def test_vsg_for_extracting_all_compute_stats_from_all_vcpe_containers(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2568 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2569 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2570 1.Create a vSG VM in compute node
2571 2.Create 10 vCPE containers in VM
2572 3.Ensure vSG VM and vCPE containers created properly
2573 4.Login to all vCPE containers
2574 4.Get all compute stats from all vCPE containers
2575 5.Verify the stats # verification method need to add
2576 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2577
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2578 def test_vsg_for_extracting_dns_stats_from_all_vcpe_containers(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2579 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2580 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2581 1.Create a vSG VM in compute node
2582 2.Create 10 vCPE containers in VM
2583 3.Ensure vSG VM and vCPE containers created properly
2584 4.From 10 subscribers, send ping to valid and invalid dns hosts
2585 5.Verify dns resolves and ping success for valid dns hosts
2586 6.Verify ping fails for invalid dns hosts
2587 7.Verify dns host name resolve flows in OvS
2588 8.Login to all 10 vCPE containers
2589 9.Extract all dns stats
2590 10.Verify dns stats for queries sent, queries received for dns host resolve success and failed scenarios
2591 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2592
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2593 def test_subscriber_access_if_vsg1_goes_down(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2594 """
2595 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2596 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2597 1.Create two vSG VMs for two services in compute node
2598 2.Create one vCPE container in each VM for one subscriber
2599 3.Ensure VMs and containers created properly
2600 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2601 5.Verify ping gets success
2602 6.Verify ping success flows in OvS
2603 7.Down the vSG-1 VM
2604 8.Now repeat step 4
2605 9.Verify that ping fails as vSG-1 is down
2606 10.Repeat step 4 with stag corresponding to vSG-2
2607 9.Verify ping success and flows added in OvS
2608 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2609
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2610 def test_subscriber_access_if_vsg2_goes_down(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2611 """
2612 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2613 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2614 1.Create two vSG VMs for two services in compute node
2615 2.Create one vCPE container in each VM for one subscriber
2616 3.Ensure VMs and containers created properly
2617 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2618 5.Verify ping gets success
2619 6.Verify ping success flows added in OvS
2620 7.Now restart vSG-1 VM
2621 8.Now repeat step 4 while vSG-1 VM restarts
2622 9.Verify that ping fails as vSG-1 is restarting
2623 10.Repeat step 4 with stag corresponding to vSG-2 while vSG-1 VM restarts
2624 11.Verify ping success and flows added in OvS
2625 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2626
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2627 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_going_down(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2628 """
2629 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2630 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2631 1.Create a vSG VM in compute node
2632 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2633 3.Ensure VM and containers created properly
2634 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2635 5.Verify ping gets success
2636 6.Verify ping success flows added in OvS
2637 7.Now stop vCPE-1 container
2638 8.Now repeat step 4
2639 9.Verify that ping fails as vCPE-1 container is down
2640 10.Repeat step 4 with ctag corresponding to vCPE-2 container
2641 11.Verify ping success and flows added in OvS
2642 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2643
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2644 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_restart(self):
2645 """
2646 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2647 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2648 1.Create a vSG VM in compute node
2649 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2650 3.Ensure VM and containers created properly
2651 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2652 5.Verify ping gets success
2653 6.Verify ping success flows added in OvS
2654 7.Now restart vCPE-1 container
2655 8.Now repeat step 4 while vCPE-1 restarts
2656 9.Verify that ping fails as vCPE-1 container is restarts
2657 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 restarts
2658 11..Verify ping success and flows added in OvS
2659 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2660
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2661 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_paused(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2662 """
2663 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 paused
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2664 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2665 1.Create a vSG VM in compute node
2666 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2667 3.Ensure VM and containers created properly
2668 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2669 5.Verify ping gets success
2670 6.Verify ping success flows added in OvS
2671 7.Now pause vCPE-1 container
2672 8.Now repeat step 4 while vCPE-1 in pause state
2673 9.Verify that ping fails as vCPE-1 container in pause state
2674 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 in pause state
2675 11.Verify ping success and flows added in OvS
2676 """
2677 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_removed(self):
2678 """
2679 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 removed
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2680 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2681 1.Create a vSG VM in compute node
2682 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2683 3.Ensure VM and containers created properly
2684 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2685 5.Verify ping gets success
2686 6.Verify ping success flows added in OvS
2687 7.Now remove vCPE-1 container
2688 8.Now repeat step 4
2689 9.Verify that ping fails as vCPE-1 container removed
2690 10.Repeat step 4 with ctag corresponding to vCPE-2 container
2691 11.Verify ping success and flows added in OvS
2692 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2693
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2694 def test_vsg_for_vcpe_instance_removed_and_added_again(self):
2695 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2696 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2697 1.Create a vSG VM in compute node
2698 2.Create a vCPE container in vSG VM
2699 3.Ensure VM and containers created properly
2700 4.From subscriber end, send ping to public IP
2701 5.Verify ping gets success
2702 6.Verify ping success flows added in OvS
2703 7.Now remove vCPE container in vSG VM
2704 8.Now repeat step 4
2705 9.Verify that ping fails as vCPE container removed
2706 10.Create the vCPE container again for the same subscriber
2707 11.Ensure that vCPE created now
2708 12.Now repeat step 4
2709 13.Verify ping success and flows added in OvS
2710 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2711
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2712 def test_vsg_for_vsg_vm_removed_and_added_again(self):
2713 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2714 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2715 1.Create a vSG VM in compute node
2716 2.Create a vCPE container in vSG VM
2717 3.Ensure VM and containers created properly
2718 4.From subscriber end, send ping to public IP
2719 5.Verify ping gets success
2720 6.Verify ping success flows added in OvS
2721 7.Now remove vSG VM
2722 8.Now repeat step 4
2723 9.Verify that ping fails as vSG VM not exists
2724 10.Create the vSG VM and vCPE container in VM again
2725 11.Ensure that vSG and vCPE created
2726 12.Now repeat step 4
2727 13.Verify ping success and flows added in OvS
2728 """
2729
2730 #Test vSG - Subscriber Configuration
2731 def test_vsg_for_configuring_new_subscriber_in_vcpe(self):
2732 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2733 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2734 1.Create a vSG VM in compute node
2735 2.Create a vCPE container in vSG VM
2736 3.Ensure VM and containers created properly
2737 4.Configure a subscriber in XOS and assign a service id
2738 5.Set the admin privileges to the subscriber
2739 6.Verify subscriber configuration is success
2740 """
2741 def test_vsg_for_adding_subscriber_devices_in_vcpe(self):
2742 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2743 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2744 1.Create a vSG VM in compute node
2745 2.Create a vCPE container in vSG VM
2746 3.Ensure VM and containers created properly
2747 4.Configure a subscriber in XOS and assign a service id
2748 5.Verify subscriber successfully configured in vCPE
2749 6.Now add devices( Mac addresses ) under the subscriber admin group
2750 7.Verify all devices ( Macs ) added successfully
2751 """
2752 def test_vsg_for_removing_subscriber_devices_in_vcpe(self):
2753 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2754 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2755 1.Create a vSG VM in compute node
2756 2.Create a vCPE container in vSG VM
2757 3.Ensure VM and containers created properly
2758 4.Configure a subscriber in XOS and assign a service id
2759 5.Verify subscriber successfully configured
2760 6.Now add devices( Mac addresses ) under the subscriber admin group
2761 7.Verify all devices ( Macs ) added successfully
2762 8.Now remove All the added devices in XOS
2763 9.Verify all the devices removed
2764 """
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2765 def test_vsg_modifying_subscriber_devices_in_vcpe(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2766 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2767 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2768 1.Create a vSG VM in compute node
2769 2.Create a vCPE container in vSG VM
2770 3.Ensure VM and containers created properly
2771 4.Configure a user in XOS and assign a service id
2772 5.Verify subscriber successfully configured in vCPE.
2773 6.Now add devices( Mac addresses ) under the subscriber admin group
2774 7.Verify all devices ( Macs ) added successfully
2775 8.Now remove few devices in XOS
2776 9.Verify devices removed successfully
2777 10.Now add few additional devices in XOS under the same subscriber admin group
2778 11.Verify newly added devices successfully added
2779 """
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2780 def test_vsg_for_vcpe_login_failing_with_incorrect_subscriber_credentials(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2781 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2782 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2783 1.Create a vSG VM in compute node
2784 2.Create a vCPE container in vSG VM
2785 3.Ensure VM and containers created properly
2786 4.Configure a subscriber in XOS and assign a service id
2787 5.Verify subscriber successfully configured
2788 6.Now add devices( Mac addresses ) under the subscriber admin group
2789 7.Verify all devices ( Macs ) added successfully
2790 8.Login vCPE with credentials with which subscriber configured
2791 9.Verify subscriber successfully logged in
2792 10.Logout and login again with incorrect credentials ( either user name or password )
2793 11.Verify login attempt to vCPE fails wtih incorrect credentials
2794 """
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2795 def test_vsg_for_subscriber_configuration_in_vcpe_after_vcpe_restart(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2796 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2797 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2798 1.Create a vSG VM in compute node
2799 2.Create a vCPE container in vSG VM
2800 3.Ensure VM and containers created properly
2801 4.Configure a subscriber in XOS and assign a service id
2802 5.Verify subscriber successfully configured
2803 6.Now add devices( Mac addresses ) under the subscriber admin group
2804 7.Verify all devices ( Macs ) added successfully
2805 8.Restart vCPE ( locate backup config path while restart )
2806 9.Verify subscriber details in vCPE after restart should be same as before the restart
2807 """
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2808 def test_vsg_creating_multiple_vcpe_instances_and_configuring_subscriber_in_each_instance(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2809 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2810 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2811 1.Create a vSG VM in compute node
2812 2.Create 2 vCPE containers in vSG VM
2813 3.Ensure VM and containers created properly
2814 4.Configure a subscriber in XOS for each vCPE instance and assign a service id
2815 5.Verify subscribers successfully configured
2816 6.Now login vCPE-2 with subscriber-1 credentials
2817 7.Verify login fails
2818 8.Now login vCPE-1 with subscriber-2 credentials
2819 9.Verify login fails
2820 10.Now login vCPE-1 with subscriber-1 and vCPE-2 with subscriber-2 credentials
2821 11.Verify that both the subscribers able to login to their respective vCPE containers
2822 """
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2823 def test_vsg_for_same_subscriber_configuring_multiple_services(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2824 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2825 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2826 1.Create 2 vSG VMs in compute node
2827 2.Create a vCPE container in each vSG VM
2828 3.Ensure VMs and containers created properly
2829 4.Configure same subscriber in XOS for each vCPE instance and assign a service id
2830 5.Verify subscriber successfully configured
2831 6.Now login vCPE-1 with subscriber credentials
2832 7.Verify login success
2833 8.Now login vCPE-2 with the same subscriber credentials
2834 9.Verify login success
2835 """
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2836 #vCPE Firewall Functionality
2837 def test_vsg_firewall_for_creating_acl_rule_based_on_source_ip(self):
2838 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2839 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2840 1.Create a vSG VM in compute node
2841 2.Create vCPE container in the VM
2842 3.Ensure vSG VM and vCPE container created properly
2843 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
2844 5.Bound the acl rule to WAN interface of vCPE
2845 6.Verify configuration in vCPE is success
2846 8.Verify flows added in OvS
2847 """
2848 def test_vsg_firewall_for_creating_acl_rule_based_on_destination_ip(self):
2849 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2850 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2851 1.Create a vSG VM in compute node
2852 2.Create vCPE container in the VM
2853 3.Ensure vSG VM and vCPE container created properly
2854 4.Configure ac acl rule in vCPE to deny IP traffic to a destination ip
2855 5.Bound the acl rule to WAN interface of vCPE
2856 6.Verify configuration in vCPE is success
2857 8.Verify flows added in OvS
2858 """
2859 def test_vsg_firewall_for_acl_deny_rule_based_on_source_ip_traffic(self):
2860 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2861 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2862 1.Create a vSG VM in compute node
2863 2.Create vCPE container in the VM
2864 3.Ensure vSG VM and vCPE container created properly
2865 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
2866 5.Bound the acl rule to WAN interface of vCPE
2867 6.From subscriber, send ping to the denied IP address
2868 7.Verify that ping fails as vCPE denies ping response
2869 8.Verify flows added in OvS
2870 """
2871 def test_vsg_firewall_for_acl_deny_rule_based_on_destination_ip_traffic(self):
2872 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2873 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2874 1.Create a vSG VM in compute node
2875 2.Create vCPE container in the VM
2876 3.Ensure vSG VM and vCPE container created properly
2877 4.Configure ac acl rule in vCPE to deny IP traffic to a destination IP
2878 5.Bound the acl rule to WAN interface of vCPE
2879 6.From subscriber, send ping to the denied IP address
2880 7.Verify that ping fails as vCPE drops the ping request at WAN interface
2881 8.Verify flows added in OvS
2882 """
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]2883
2884 def test_vsg_dnsmasq(self):
2885 pass
2886
2887 def test_vsg_with_external_parental_control_family_shield_for_filter(self):
2888 pass
2889
2890 def test_vsg_with_external_parental_control_with_answerx(self):
2891 pass
2892
2893 def test_vsg_for_subscriber_upstream_bandwidth(self):
2894 pass
2895
2896 def test_vsg_for_subscriber_downstream_bandwidth(self):
2897 pass
2898
2899 def test_vsg_for_diagnostic_run_of_traceroute(self):
2900 pass
2901
2902 def test_vsg_for_diagnostic_run_of_tcpdump(self):
2903 pass
2904
2905 def test_vsg_for_iptable_rules(self):
2906 pass
2907
2908 def test_vsg_for_iptables_with_neutron(self):
2909 pass