Gitiles
Code Review Sign In
gerrit.opencord.org / cord-tester / c28f6a93a8c717aa8a8523c208053b90194e7021 / . / src / test / vsg / vsgTest.py
blob: 125397bb50dd593a625eeada90f7a075124ce6c4 [file] [log] [blame]
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]1#copyright 2016-present Ciena Corporation
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14#
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]15import time
16import os
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]17import sys
18import json
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]19from nose.tools import *
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]20from twisted.internet import defer
21from nose.twistedtools import reactor, deferred
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]22from CordTestUtils import *
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]23from OltConfig import OltConfig
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]24from onosclidriver import OnosCliDriver
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]25from SSHTestAgent import SSHTestAgent
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]26from CordLogger import CordLogger
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]27from VSGAccess import VSGAccess
A R Karthick933f5b52017-03-27 15:27:16 -0700[diff] [blame]28from CordTestUtils import log_test as log
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]29from OnosCtrl import OnosCtrl
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]30
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]31log.setLevel('INFO')
32
33class vsg_exchange(CordLogger):
34 ONOS_INSTANCES = 3
35 V_INF1 = 'veth0'
36 device_id = 'of:' + get_mac()
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]37 TEST_IP = '8.8.8.8'
38 HOST = "10.1.0.1"
39 USER = "vagrant"
40 PASS = "vagrant"
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]41 head_node = os.getenv('HEAD_NODE', 'prod')
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]42 HEAD_NODE = head_node + '.cord.lab' if len(head_node.split('.')) == 1 else head_node
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]43 test_path = os.path.dirname(os.path.realpath(__file__))
44 olt_conf_file = os.path.join(test_path, '..', 'setup/olt_config.json')
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]45 restApiXos = None
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]46 subscriber_account_num = 200
47 subscriber_s_tag = 304
48 subscriber_c_tag = 304
49 subscribers_per_s_tag = 8
50 subscriber_map = {}
A R Karthick9a16a112017-04-07 15:40:05 -0700[diff] [blame]51 restore_methods = []
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]52 TIMEOUT=120
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]53
54 @classmethod
55 def getSubscriberCredentials(cls, subId):
56 """Generate our own account num, s_tag and c_tags"""
57 if subId in cls.subscriber_map:
58 return cls.subscriber_map[subId]
59 account_num = cls.subscriber_account_num
60 cls.subscriber_account_num += 1
61 s_tag, c_tag = cls.subscriber_s_tag, cls.subscriber_c_tag
62 cls.subscriber_c_tag += 1
63 if cls.subscriber_c_tag % cls.subscribers_per_s_tag == 0:
64 cls.subscriber_s_tag += 1
65 cls.subscriber_map[subId] = account_num, s_tag, c_tag
66 return cls.subscriber_map[subId]
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]67
68 @classmethod
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]69 def getXosCredentials(cls):
70 onos_cfg = OnosCtrl.get_config()
71 if onos_cfg is None:
72 return None
73 if 'apps' in onos_cfg and \
74 'org.opencord.vtn' in onos_cfg['apps'] and \
75 'cordvtn' in onos_cfg['apps']['org.opencord.vtn'] and \
76 'xos' in onos_cfg['apps']['org.opencord.vtn']['cordvtn']:
77 xos_cfg = onos_cfg['apps']['org.opencord.vtn']['cordvtn']['xos']
78 endpoint = xos_cfg['endpoint']
79 user = xos_cfg['user']
80 password = xos_cfg['password']
81 xos_endpoints = endpoint.split(':')
82 xos_host = xos_endpoints[1][len('//'):]
83 xos_port = xos_endpoints[2][:-1]
84 #log.info('xos_host: %s, port: %s, user: %s, password: %s' %(xos_host, xos_port, user, password))
85 return dict(host = xos_host, port = xos_port, user = user, password = password)
86
87 return None
88
89 @classmethod
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]90 def setUpCordApi(cls):
91 our_path = os.path.dirname(os.path.realpath(__file__))
92 cord_api_path = os.path.join(our_path, '..', 'cord-api')
93 framework_path = os.path.join(cord_api_path, 'Framework')
94 utils_path = os.path.join(framework_path, 'utils')
95 data_path = os.path.join(cord_api_path, 'Tests', 'data')
96 subscriber_cfg = os.path.join(data_path, 'Subscriber.json')
97 volt_tenant_cfg = os.path.join(data_path, 'VoltTenant.json')
98
99 with open(subscriber_cfg) as f:
100 subscriber_data = json.load(f)
101 subscriber_info = subscriber_data['SubscriberInfo']
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]102 for i in xrange(len(subscriber_info)):
103 subscriber = subscriber_info[i]
104 account_num, _, _ = cls.getSubscriberCredentials('sub{}'.format(i))
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]105 subscriber['identity']['account_num'] = str(account_num)
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]106 cls.subscriber_info = subscriber_info
107
108 with open(volt_tenant_cfg) as f:
109 volt_tenant_data = json.load(f)
110 volt_subscriber_info = volt_tenant_data['voltSubscriberInfo']
111 assert_equal(len(volt_subscriber_info), len(cls.subscriber_info))
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]112 for i in xrange(len(volt_subscriber_info)):
113 volt_subscriber = volt_subscriber_info[i]
114 account_num, s_tag, c_tag = cls.getSubscriberCredentials('sub{}'.format(i))
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]115 volt_subscriber['account_num'] = account_num
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]116 volt_subscriber['voltTenant']['s_tag'] = str(s_tag)
117 volt_subscriber['voltTenant']['c_tag'] = str(c_tag)
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]118 cls.volt_subscriber_info = volt_subscriber_info
119
120 sys.path.append(utils_path)
121 sys.path.append(framework_path)
122 from restApi import restApi
123 restApiXos = restApi()
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]124 xos_credentials = cls.getXosCredentials()
125 if xos_credentials is None:
126 restApiXos.controllerIP = cls.HEAD_NODE
127 restApiXos.controllerPort = '9000'
128 else:
129 restApiXos.controllerIP = xos_credentials['host']
130 restApiXos.controllerPort = xos_credentials['port']
131 restApiXos.user = xos_credentials['user']
132 restApiXos.password = xos_credentials['password']
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]133 cls.restApiXos = restApiXos
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]134
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]135 @classmethod
136 def setUpClass(cls):
137 cls.controllers = get_controllers()
138 cls.controller = cls.controllers[0]
139 cls.cli = None
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]140 cls.olt = OltConfig(olt_conf_file = cls.olt_conf_file)
141 cls.vcpes = cls.olt.get_vcpes()
142 cls.vcpes_dhcp = cls.olt.get_vcpes_by_type('dhcp')
143 vcpe_dhcp = None
144 vcpe_dhcp_stag = None
145 vcpe_container = None
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]146 cls.on_podd = running_on_podd()
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]147 #cache the first dhcp vcpe in the class for quick testing
148 if cls.vcpes_dhcp:
149 vcpe_container = 'vcpe-{}-{}'.format(cls.vcpes_dhcp[0]['s_tag'], cls.vcpes_dhcp[0]['c_tag'])
150 vcpe_dhcp = 'vcpe0.{}.{}'.format(cls.vcpes_dhcp[0]['s_tag'], cls.vcpes_dhcp[0]['c_tag'])
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]151 if cls.on_podd is False:
A R Karthick3d5ff792017-04-12 16:53:27 -0700[diff] [blame]152 vcpe_dhcp = 'vcpe0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]153 vcpe_dhcp_stag = 'vcpe0.{}'.format(cls.vcpes_dhcp[0]['s_tag'])
154 cls.vcpe_container = vcpe_container
155 cls.vcpe_dhcp = vcpe_dhcp
156 cls.vcpe_dhcp_stag = vcpe_dhcp_stag
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]157 VSGAccess.setUp()
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]158 cls.setUpCordApi()
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]159
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]160 @classmethod
161 def tearDownClass(cls):
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]162 VSGAccess.tearDown()
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]163
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]164 def cliEnter(self, controller = None):
165 retries = 0
166 while retries < 30:
167 self.cli = OnosCliDriver(controller = controller, connect = True)
168 if self.cli.handle:
169 break
170 else:
171 retries += 1
172 time.sleep(2)
173
174 def cliExit(self):
175 self.cli.disconnect()
176
177 def onos_shutdown(self, controller = None):
178 status = True
179 self.cliEnter(controller = controller)
180 try:
181 self.cli.shutdown(timeout = 10)
182 except:
183 log.info('Graceful shutdown of ONOS failed for controller: %s' %controller)
184 status = False
185
186 self.cliExit()
187 return status
188
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]189 def log_set(self, level = None, app = 'org.onosproject'):
190 CordLogger.logSet(level = level, app = app, controllers = self.controllers, forced = True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]191
A R Karthick9a16a112017-04-07 15:40:05 -0700[diff] [blame]192 @classmethod
193 def get_dhcp(cls, vcpe, mgmt = 'eth0'):
194 """Get DHCP for vcpe interface saving management settings"""
195
196 def put_dhcp():
197 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
198
199 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
200 if vcpe_ip is not None:
201 cls.restore_methods.append(put_dhcp)
202 return vcpe_ip
203
204 @classmethod
205 def config_restore(cls):
206 """Restore the vsg test configuration on test case failures"""
207 for restore_method in cls.restore_methods:
208 restore_method()
209
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]210 def get_vsg_vcpe_pair(self):
211 vcpes = self.vcpes_dhcp
212 vcpe_containers = []
213 vsg_vcpe = {}
214 for vcp in vcpes:
215 vcpe_container = 'vcpe-{}-{}'.format(vcp['s_tag'], vcp['c_tag'])
216 vcpe_containers.append(vcpe_container)
217 vsg = VSGAccess.get_vcpe_vsg(vcpe_container)
218 vsg_vcpe[vcpe_container]=str(vsg.get_ip())
219 return vsg_vcpe
220
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]221 def get_vcpe_containers_and_interfaces(self):
222 vcpe_containers = {}
223 vcpe_interfaces = []
224 vcpes = self.vcpes_dhcp
225 count = 0
226 for vcpe in vcpes:
227 vcpe_intf = 'vcpe{}.{}.{}'.format(count,vcpe['s_tag'],vcpe['c_tag'])
228 vcpe_interfaces.append(vcpe_intf)
229 vcpe_container = 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag'])
230 vcpe_containers[vcpe_intf] = vcpe_container
231 count += 1
232 log.info('vcpe interfaces are %s'%vcpe_interfaces)
233 log.info('vcpe containers are %s'%vcpe_containers)
234 return vcpe_interfaces,vcpe_containers
235
236 def get_vcpe_interface_dhcp_ip(self,vcpe=None):
237 if not vcpe:
238 vcpe = self.vcpe_dhcp
239 st, _ = getstatusoutput('dhclient {}'.format(vcpe))
240 vcpe_ip = get_ip(vcpe)
241 return vcpe_ip
242
243 def release_vcpe_interface_dhcp_ip(self,vcpe=None):
244 if not vcpe:
245 vcpe = self.vcpe_dhcp
246 st, _ = getstatusoutput('dhclient {} -r'.format(vcpe))
247 vcpe_ip = get_ip(vcpe)
248 assert_equal(vcpe_ip, None)
249
250 def add_static_route_via_vcpe_interface(self, routes, vcpe=None,dhcp_ip=True):
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]251 if not vcpe:
252 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]253 if dhcp_ip:
254 os.system('dhclient '+vcpe)
255 time.sleep(1)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]256 for route in routes:
257 log.info('route is %s'%route)
258 cmd = 'ip route add ' + route + ' via 192.168.0.1 '+ 'dev ' + vcpe
259 cmds.append(cmd)
260 for cmd in cmds:
261 os.system(cmd)
262 return True
263
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]264 def del_static_route_via_vcpe_interface(self,routes,vcpe=None,dhcp_release=True):
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]265 if not vcpe:
266 vcpe = self.vcpe_dhcp
267 cmds = []
268 for route in routes:
269 cmd = 'ip route del ' + route + ' via 192.168.0.1 ' + 'dev ' + vcpe
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]270 os.system(cmd)
271 if dhcp_release:
272 os.system('dhclient '+vcpe+' -r')
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]273 return True
274
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]275 def test_vsg_multiple_subscribers_for_same_vcpe_instace(self):
276 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
277 for vcpe in vcpe_intfs:
278 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
279 assert_not_equal(vcpe_ip,None)
280 for vcpe in vcpe_intfs:
281 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
282
283 def test_vsg_multiple_subscribers_for_same_vcpe_instance_ping_to_external_connectivity(self):
284 host = '8.8.8.8'
285 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
286 for vcpe in vcpe_intfs:
287 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
288 assert_not_equal(vcpe_ip,None)
289 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe,dhcp_ip=False)
290 st, _ = getstatusoutput('ping -I {} -c 3 {}'.format(vcpe,host))
291 assert_equal(st, 0)
292 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe,dhcp_release=False)
293 for vcpe in vcpe_intfs:
294 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
295
296 def test_vsg_vcpe_interface_gets_dhcp_ip_after_interface_toggle(self):
297 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
298 for vcpe in vcpe_intfs:
299 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
300 assert_not_equal(vcpe_ip,None)
301 os.system('ifconfig {} down'.format(vcpe))
302 time.sleep(1)
303 os.system('ifconfig {} up'.format(vcpe))
304 time.sleep(1)
305 vcpe_ip2 = get_ip(vcpe)
306 assert_equal(vcpe_ip2,vcpe_ip)
307 for vcpe in vcpe_intfs:
308 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
309
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]310
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]311 def test_vsg_health(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]312 """
313 Algo:
314 1. Login to compute node VM
315 2. Get all vSGs
316 3. Ping to all vSGs
317 4. Verifying Ping success
318 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]319 status = True
320 if self.on_podd is True:
321 status = VSGAccess.health_check()
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]322 assert_equal(status, True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]323
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]324 def test_vsg_health_check(self, vsg_name='mysite_vsg-1', verify_status=True):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]325 """
326 Algo:
327 1. If vsg name not specified, Get vsg corresponding to vcpe
328 1. Login to compute mode VM
329 3. Ping to the vSG
330 4. Verifying Ping success
331 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]332 if self.on_podd is False:
333 return
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]334 if not vsg_name:
335 vcpe = self.vcpe_container
336 vsg = VSGAccess.get_vcpe_vsg(vcpe)
337 status = vsg.get_health()
338 assert_equal(status, verify_status)
339 else:
340 vsgs = VSGAccess.get_vsgs()
341 status = None
342 for vsg in vsgs:
343 if vsg.name == vsg_name:
344 status = vsg.get_health()
345 log.info('vsg health check status is %s'%status)
346 assert_equal(status,verify_status)
347
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]348 @deferred(TIMEOUT)
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]349 def test_vsg_for_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]350 """
351 Algo:
352 1. Get list of all compute nodes created using Openstack
353 2. Login to compute mode VM
354 3. Get all vSGs
355 4. Verifying atleast one compute node and one vSG created
356 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]357 df = defer.Deferred()
358 def vsg_for_vcpe_df(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]359 if self.on_podd is True:
360 vsgs = VSGAccess.get_vsgs()
361 compute_nodes = VSGAccess.get_compute_nodes()
362 time.sleep(14)
363 assert_not_equal(len(vsgs), 0)
364 assert_not_equal(len(compute_nodes), 0)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]365 df.callback(0)
366 reactor.callLater(0,vsg_for_vcpe_df,df)
367 return df
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]368
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]369 def test_vsg_for_login(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]370 """
371 Algo:
372 1. Login to compute node VM
373 2. Get all vSGs
374 3. Verifying login to vSG is success
375 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]376 if self.on_podd is False:
377 return
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]378 vsgs = VSGAccess.get_vsgs()
379 vsg_access_status = map(lambda vsg: vsg.check_access(), vsgs)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]380 status = filter(lambda st: st == False, vsg_access_status)
381 assert_equal(len(status), 0)
382
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]383 def test_vsg_for_default_route_through_testclient(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]384 """
385 Algo:
386 1. Login to head node
387 2. Verifying for default route in lxc test client
388 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]389 if self.on_podd is False:
390 return
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]391 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
392 cmd = "sudo lxc exec testclient -- route | grep default"
393 status, output = ssh_agent.run_cmd(cmd)
394 assert_equal(status, True)
395
396 def test_vsg_for_external_connectivity_through_testclient(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]397 """
398 Algo:
399 1. Login to head node
400 2. On head node, executing ping to 8.8.8.8 from lxc test client
401 3. Verifying for the ping success
402 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]403 if self.on_podd is False:
404 return
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]405 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
406 cmd = "lxc exec testclient -- ping -c 3 8.8.8.8"
407 status, output = ssh_agent.run_cmd(cmd)
408 assert_equal( status, True)
409
410 def test_vsg_for_external_connectivity(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]411 """
412 Algo:
413 1. Get dhcp IP to vcpe interface in cord-tester
414 2. Verifying vcpe interface gets dhcp IP
415 3. Ping to 8.8.8.8 and Verifying ping should success
416 4. Restoring management interface configuration in cord-tester
417 """
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]418 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]419 mgmt = 'eth0'
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]420 host = '8.8.8.8'
421 self.success = False
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]422 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]423 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]424 assert_not_equal(vcpe_ip, None)
425 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
426 log.info('Sending icmp echo requests to external network 8.8.8.8')
427 st, _ = getstatusoutput('ping -c 3 8.8.8.8')
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]428 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]429 assert_equal(st, 0)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]430
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]431 def test_vsg_for_external_connectivity_to_google(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]432 """
433 Algo:
434 1. Get dhcp IP to vcpe interface in cord-tester
435 2. Verifying vcpe interface gets dhcp IP
436 3. Ping to www.google.com and Verifying ping should success
437 4. Restoring management interface configuration in cord-tester
438 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]439 host = 'www.google.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]440 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]441 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]442 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]443 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]444 assert_not_equal(vcpe_ip, None)
445 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
446 log.info('Sending icmp ping requests to %s' %host)
447 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]448 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]449 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]450
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]451 def test_vsg_for_external_connectivity_to_invalid_host(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]452 """
453 Algo:
454 1. Get dhcp IP to vcpe interface in cord-tester
455 2. Verifying vcpe interface gets dhcp IP
456 3. Ping to www.goglee.com and Verifying ping should not success
457 4. Restoring management interface configuration in cord-tester
458 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]459 host = 'www.goglee.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]460 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]461 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]462 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]463 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]464 assert_not_equal(vcpe_ip, None)
465 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
466 log.info('Sending icmp ping requests to non existent host %s' %host)
467 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]468 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]469 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]470
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]471 def test_vsg_for_external_connectivity_with_ttl_1(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]472 """
473 Algo:
474 1. Get dhcp IP to vcpe interface in cord-tester
475 2. Verifying vcpe interface gets dhcp IP
476 3. Ping to 8.8.8.8 with ttl set to 1
477 4. Verifying ping should not success
478 5. Restoring management interface configuration in cord-tester
479 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]480 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]481 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]482 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]483 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]484 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]485 assert_not_equal(vcpe_ip, None)
486 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
487 log.info('Sending icmp ping requests to host %s with ttl 1' %host)
488 st, _ = getstatusoutput('ping -c 1 -t 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]489 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]490 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]491
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]492 def test_vsg_for_external_connectivity_with_wan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]493 """
494 Algo:
495 1. Get dhcp IP to vcpe interface in cord-tester
496 2. Verifying vcpe interface gets dhcp IP
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]497 3. Ping to 8.8.8.8 and Verifying ping succeeds
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]498 4. Now down the WAN interface of vcpe
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]499 5. Ping to 8.8.8.8 and Verifying ping fails
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]500 6. Now Up the WAN interface of vcpe
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]501 7. Ping to 8.8.8.8 and Verifying ping succeeds
502 8. Restoring management interface configuration in cord-tester
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]503 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]504 if self.on_podd is False:
505 return
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]506 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]507 mgmt = 'eth0'
508 vcpe = self.vcpe_container
509 assert_not_equal(vcpe, None)
510 assert_not_equal(self.vcpe_dhcp, None)
511 #first get dhcp on the vcpe interface
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]512 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
513 assert_not_equal(vcpe_ip, None)
514 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
515 log.info('Sending ICMP pings to host %s' %(host))
516 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
517 if st != 0:
518 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
519 assert_equal(st, 0)
520 #bring down the wan interface and check again
521 st = VSGAccess.vcpe_wan_down(vcpe)
522 if st is False:
523 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
524 assert_equal(st, True)
525 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
526 if st == 0:
527 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
528 assert_not_equal(st, 0)
529 st = VSGAccess.vcpe_wan_up(vcpe)
530 if st is False:
531 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
532 assert_equal(st, True)
533 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
534 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
535 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]536
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]537 def test_vsg_for_external_connectivity_with_lan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]538 """
539 Algo:
540 1. Get dhcp IP to vcpe interface in cord-tester
541 2. Verifying vcpe interface gets dhcp IP
542 3. Ping to 8.8.8.8 and Verifying ping should success
543 4. Now down the LAN interface of vcpe
544 5. Ping to 8.8.8.8 and Verifying ping should not success
545 6. Now Up the LAN interface of vcpe
546 7. Ping to 8.8.8.8 and Verifying ping should success
547 8. Restoring management interface configuration in cord-tester
548 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]549 if self.on_podd is False:
550 return
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]551 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]552 mgmt = 'eth0'
553 vcpe = self.vcpe_container
554 assert_not_equal(vcpe, None)
555 assert_not_equal(self.vcpe_dhcp, None)
556 #first get dhcp on the vcpe interface
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]557 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
558 assert_not_equal(vcpe_ip, None)
559 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
560 log.info('Sending ICMP pings to host %s' %(host))
561 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
562 if st != 0:
563 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
564 assert_equal(st, 0)
565 #bring down the lan interface and check again
566 st = VSGAccess.vcpe_lan_down(vcpe)
567 if st is False:
568 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
569 assert_equal(st, True)
570 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
571 if st == 0:
572 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
573 assert_not_equal(st, 0)
574 st = VSGAccess.vcpe_lan_up(vcpe)
575 if st is False:
576 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
577 assert_equal(st, True)
578 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
579 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
580 assert_equal(st, 0)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]581
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]582 @deferred(TIMEOUT)
583 def test_vsg_for_external_connectivity_with_vcpe_container_paused(self,vcpe_name=None,vcpe_intf=None):
584 """
585 Algo:
586 1. Get vSG corresponding to vcpe
587 2. Get dhcp ip to vcpe interface
588 3. Add static route to destination route in test container
589 4. From test container ping to destination route and verify ping success
590 5. Login to compute node and execute command to pause vcpe container
591 6. From test container ping to destination route and verify ping success
592 """
593 if not vcpe_name:
594 vcpe_name = self.vcpe_container
595 if not vcpe_intf:
596 vcpe_intf = self.vcpe_dhcp
597 df = defer.Deferred()
598 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]599 if self.on_podd is False:
600 df.callback(0)
601 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]602 host = '8.8.8.8'
603 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
604 try:
605 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
606 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
607 assert_equal(st, False)
608 st, _ = vsg.run_cmd('sudo docker pause {}'.format(vcpe_name))
609 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
610 assert_equal(st, False)
611 finally:
612 vsg.run_cmd('sudo docker unpause'.format(vcpe_name))
613 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
614 df.callback(0)
615 reactor.callLater(0, vcpe_firewall, df)
616 return df
617
618 @deferred(TIMEOUT)
619 def test_vsg_firewall_with_deny_destination_ip(self, vcpe_name=None, vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]620 """
621 Algo:
622 1. Get vSG corresponding to vcpe
623 2. Login to compute node
624 3. Execute iptable command on vcpe from compute node to deny a destination IP
625 4. From cord-tester ping to the denied IP address
626 5. Verifying that ping should not be successful
627 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]628 if not vcpe_name:
629 vcpe_name = self.vcpe_container
630 if not vcpe_intf:
631 vcpe_intf = self.vcpe_dhcp
632 df = defer.Deferred()
633 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]634 if self.on_podd is False:
635 df.callback(0)
636 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]637 host = '8.8.8.8'
638 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
639 try:
640 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
641 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
642 assert_equal(st, False)
643 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
644 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
645 assert_equal(st, True)
646 finally:
647 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
648 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
649 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
650 df.callback(0)
651 reactor.callLater(0, vcpe_firewall, df)
652 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]653
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]654 @deferred(TIMEOUT)
655 def test_vsg_firewall_with_rule_add_and_delete_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]656 """
657 Algo:
658 1. Get vSG corresponding to vcpe
659 2. Login to compute node
660 3. Execute iptable command on vcpe from compute node to deny a destination IP
661 4. From cord-tester ping to the denied IP address
662 5. Verifying that ping should not be successful
663 6. Delete the iptable rule in vcpe
664 7. From cord-tester ping to the denied IP address
665 8. Verifying the ping should success
666 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]667 if not vcpe_name:
668 vcpe_name = self.vcpe_container
669 if not vcpe_intf:
670 vcpe_intf = self.vcpe_dhcp
671 df = defer.Deferred()
672 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]673 if self.on_podd is False:
674 df.callback(0)
675 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]676 host = '8.8.8.8'
677 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
678 try:
679 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
680 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
681 assert_equal(st, False)
682 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
683 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
684 assert_equal(st, True)
685 st,_ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
686 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
687 assert_equal(st, False)
688 finally:
689 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
690 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
691 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
692 df.callback(0)
693 reactor.callLater(0, vcpe_firewall, df)
694 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]695
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]696 @deferred(TIMEOUT)
697 def test_vsg_firewall_verifying_reachability_for_non_blocked_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]698 """
699 Algo:
700 1. Get vSG corresponding to vcpe
701 2. Login to compute node
702 3. Execute iptable command on vcpe from compute node to deny a destination IP
703 4. From cord-tester ping to the denied IP address
704 5. Verifying that ping should not be successful
705 6. From cord-tester ping to the denied IP address other than the denied one
706 7. Verifying the ping should success
707 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]708 if not vcpe_name:
709 vcpe_name = self.vcpe_container
710 if not vcpe_intf:
711 vcpe_intf = self.vcpe_dhcp
712 df = defer.Deferred()
713 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]714 if self.on_podd is False:
715 df.callback(0)
716 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]717 host1 = '8.8.8.8'
718 host2 = '204.79.197.203'
719 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
720 try:
721 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
722 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
723 assert_equal(st, False)
724 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
725 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
726 assert_equal(st, True)
727 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
728 assert_equal(st,False)
729 finally:
730 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
731 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
732 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
733 df.callback(0)
734 reactor.callLater(0, vcpe_firewall, df)
735 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]736
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]737 @deferred(TIMEOUT)
738 def test_vsg_firewall_appending_rules_with_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]739 """
740 Algo:
741 1. Get vSG corresponding to vcpe
742 2. Login to compute node
743 3. Execute iptable command on vcpe from compute node to deny a destination IP1
744 4. From cord-tester ping to the denied IP address IP1
745 5. Verifying that ping should not be successful
746 6. Execute iptable command on vcpe from compute node to deny a destination IP2
747 6. From cord-tester ping to the denied IP address IP2
748 7. Verifying that ping should not be successful
749 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]750 if not vcpe_name:
751 vcpe_name = self.vcpe_container
752 if not vcpe_intf:
753 vcpe_intf = self.vcpe_dhcp
754 df = defer.Deferred()
755 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]756 if self.on_podd is False:
757 df.callback(0)
758 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]759 host1 = '8.8.8.8'
760 host2 = '204.79.197.203'
761 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
762 try:
763 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
764 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
765 assert_equal(st, False)
766 st,_ = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name))
767 time.sleep(2)
768 st,_ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
769 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
770 assert_equal(st, True)
771 st, out = getstatusoutput('ping -c 1 {}'.format(host2))
772 log.info('host2 ping output is %s'%out)
773 assert_equal(st, False)
774 st, _ = vsg.run_cmd('sudo docker exec {} iptables -A FORWARD -d {} -j DROP'.format(vcpe_name,host2))
775 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
776 assert_equal(st,True)
777 finally:
778 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
779 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
780 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
781 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
782 df.callback(0)
783 reactor.callLater(0, vcpe_firewall, df)
784 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]785
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]786 @deferred(TIMEOUT)
787 def test_vsg_firewall_removing_one_rule_denying_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]788 """
789 Algo:
790 1. Get vSG corresponding to vcpe
791 2. Login to compute node
792 3. Execute iptable command on vcpe from compute node to deny a destination IP1
793 4. Execute iptable command on vcpe from compute node to deny a destination IP2
794 5. From cord-tester ping to the denied IP address IP1
795 6. Verifying that ping should not be successful
796 7. From cord-tester ping to the denied IP address IP2
797 8. Verifying that ping should not be successful
798 9. Execute iptable command on vcpe from compute node to remove deny a destination IP2 rule
799 10. From cord-tester ping to the denied IP address IP2
800 11. Verifying the ping should success
801 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]802 if not vcpe_name:
803 vcpe_name = self.vcpe_container
804 if not vcpe_intf:
805 vcpe_intf = self.vcpe_dhcp
806 df = defer.Deferred()
807 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]808 if self.on_podd is False:
809 df.callback(0)
810 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]811 host1 = '8.8.8.8'
812 host2 = '204.79.197.203'
813 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
814 try:
815 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp)
816 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
817 assert_equal(st, False)
818 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
819 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host2))
820 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
821 assert_equal(st, True)
822 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
823 assert_equal(st,True)
824 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
825 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
826 assert_equal(st,False)
827 finally:
828 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
829 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
830 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
831 log.info('restarting vcpe container')
832 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
833 df.callback(0)
834 reactor.callLater(0, vcpe_firewall, df)
835 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]836
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]837 @deferred(TIMEOUT)
838 def test_vsg_firewall_changing_rule_id_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]839 """
840 Algo:
841 1. Get vSG corresponding to vcpe
842 2. Login to compute node
843 3. Execute iptable command on vcpe from compute node to deny a destination IP
844 5. From cord-tester ping to the denied IP address IP1
845 6. Verifying that ping should not be successful
846 9. Execute iptable command on vcpe from compute node to change the rule ID to 2 to deny the same destination IP
847 10. From cord-tester ping to the denied IP address IP
848 11. Verifying that ping should not be successful
849 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]850 if not vcpe_name:
851 vcpe_name = self.vcpe_container
852 if not vcpe_intf:
853 vcpe_intf = self.vcpe_dhcp
854 df = defer.Deferred()
855 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]856 if self.on_podd is False:
857 df.callback(0)
858 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]859 host = '8.8.8.8'
860 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
861 try:
862 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
863 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
864 assert_equal(st, False)
865 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
866 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
867 assert_equal(st, True)
868 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP '.format(vcpe_name,host))
869 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
870 assert_equal(st,True)
871 finally:
872 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
873 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
874 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
875 df.callback(0)
876 reactor.callLater(0, vcpe_firewall, df)
877 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]878
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]879 @deferred(TIMEOUT)
880 def test_vsg_firewall_changing_deny_rule_to_accept_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]881 """
882 Algo:
883 1. Get vSG corresponding to vcpe
884 2. Login to compute node
885 3. Execute iptable command on vcpe from compute node to deny a destination IP
886 5. From cord-tester ping to the denied IP address IP1
887 6. Verifying that ping should not be successful
888 9. Execute iptable command on vcpe from compute node to accept the same destination IP
889 10. From cord-tester ping to the accepted IP
890 11. Verifying the ping should success
891 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]892 if not vcpe_name:
893 vcpe_name = self.vcpe_container
894 if not vcpe_intf:
895 vcpe_intf = self.vcpe_dhcp
896 df = defer.Deferred()
897 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]898 if self.on_podd is False:
899 df.callback(0)
900 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]901 host = '8.8.8.8'
902 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
903 try:
904 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
905 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
906 assert_equal(st, False)
907 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
908 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
909 assert_equal(st, True)
910 st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -d {} -j ACCEPT'.format(vcpe_name,host))
911 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
912 assert_equal(st,False)
913 finally:
914 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
915 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j ACCEPT'.format(vcpe_name,host))
916 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
917 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
918 df.callback(0)
919 reactor.callLater(0, vcpe_firewall, df)
920 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]921
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]922 @deferred(TIMEOUT) #Fail
923 def test_vsg_firewall_denying_destination_network(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]924 """
925 Algo:
926 1. Get vSG corresponding to vcpe
927 2. Login to compute node
928 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet
929 4. From cord-tester ping to the denied IP address IP1 in the denied subnet
930 5. Verifying that ping should not be successful
931 6. From cord-tester ping to the denied IP address IP2 in the denied subnet
932 7. Verifying that ping should not be successful
933 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]934 if not vcpe_name:
935 vcpe_name = self.vcpe_container
936 if not vcpe_intf:
937 vcpe_intf = self.vcpe_dhcp
938 df = defer.Deferred()
939 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]940 if self.on_podd is False:
941 df.callback(0)
942 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]943 network = '204.79.197.192/28'
944 host1 = '204.79.197.203'
945 host2 = '204.79.197.210'
946 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
947 try:
948 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp)
949 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
950 assert_equal(st, False)
951 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network))
952 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
953 assert_equal(st, True)
954 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
955 assert_equal(st,False)
956 finally:
957 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network))
958 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
959 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
960 df.callback(0)
961 reactor.callLater(0, vcpe_firewall, df)
962 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]963
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]964 @deferred(TIMEOUT)
965 def test_vsg_firewall_denying_destination_network_subnet_modification(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]966 """
967 Algo:
968 1. Get vSG corresponding to vcpe
969 2. Login to compute node
970 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet
971 4. From cord-tester ping to the denied IP address IP1 in the denied subnet
972 5. Verifying that ping should not be successful
973 6. From cord-tester ping to the denied IP address IP2 in the denied subnet
974 7. Verifying that ping should not be successful
975 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]976 if not vcpe_name:
977 vcpe_name = self.vcpe_container
978 if not vcpe_intf:
979 vcpe_intf = self.vcpe_dhcp
980 df = defer.Deferred()
981 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]982 if self.on_podd is False:
983 df.callback(0)
984 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]985 network1 = '204.79.197.192/28'
986 network2 = '204.79.197.192/27'
987 host1 = '204.79.197.203'
988 host2 = '204.79.197.210'
989 host3 = '204.79.197.224'
990 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
991 try:
992 self.add_static_route_via_vcpe_interface([host1,host2,host3],vcpe=self.vcpe_dhcp)
993 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
994 assert_equal(st, False)
995 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network1))
996 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
997 assert_equal(st, True)
998 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
999 assert_equal(st,False)
1000 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP'.format(vcpe_name,network2))
1001 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1002 assert_equal(st, True)
1003 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1004 assert_equal(st, True)
1005 st, _ = getstatusoutput('ping -c 1 {}'.format(host3))
1006 assert_equal(st, False)
1007 finally:
1008 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network1))
1009 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network2))
1010 self.del_static_route_via_vcpe_interface([host1,host2,host3],vcpe=vcpe_intf)
1011 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1012 df.callback(0)
1013 reactor.callLater(0, vcpe_firewall, df)
1014 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1015
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1016 @deferred(TIMEOUT)
1017 def test_vsg_firewall_with_deny_source_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1018 """
1019 Algo:
1020 1. Get vSG corresponding to vcpe
1021 2. Login to compute node
1022 3. Execute iptable command on vcpe from compute node to deny a source IP
1023 4. From cord-tester ping to 8.8.8.8 from the denied IP
1024 5. Verifying that ping should not be successful
1025 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1026 if not vcpe_name:
1027 vcpe_name = self.vcpe_container
1028 if not vcpe_intf:
1029 vcpe_intf = self.vcpe_dhcp
1030 df = defer.Deferred()
1031 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1032 if self.on_podd is False:
1033 df.callback(0)
1034 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1035 host = '8.8.8.8'
1036 #source_ip = get_ip(self.vcpe_dhcp)
1037 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1038 try:
1039 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1040 source_ip = get_ip(self.vcpe_dhcp)
1041 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1042 assert_equal(st, False)
1043 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1044 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1045 assert_equal(st, True)
1046 finally:
1047 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1048 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1049 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1050 df.callback(0)
1051 reactor.callLater(0, vcpe_firewall, df)
1052 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1053
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1054 @deferred(TIMEOUT)
1055 def test_vsg_firewall_rule_with_add_and_delete_deny_source_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1056 """
1057 Algo:
1058 1. Get vSG corresponding to vcpe
1059 2. Login to compute node
1060 3. Execute iptable command on vcpe from compute node to deny a source IP
1061 4. From cord-tester ping to 8.8.8.8 from the denied IP
1062 5. Verifying that ping should not be successful
1063 6. Delete the iptable rule in vcpe
1064 7. From cord-tester ping to 8.8.8.8 from the denied IP
1065 8. Verifying the ping should success
1066 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1067 if not vcpe_name:
1068 vcpe_name = self.vcpe_container
1069 if not vcpe_intf:
1070 vcpe_intf = self.vcpe_dhcp
1071 df = defer.Deferred()
1072 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1073 if self.on_podd is False:
1074 df.callback(0)
1075 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1076 host = '8.8.8.8'
1077 source_ip = get_ip(self.vcpe_dhcp)
1078 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1079 try:
1080 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1081 source_ip = get_ip(self.vcpe_dhcp)
1082 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1083 assert_equal(st, False)
1084 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1085 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1086 assert_equal(st, True)
1087 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1088 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1089 assert_equal(st, False)
1090 finally:
1091 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1092 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1093 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1094 df.callback(0)
1095 reactor.callLater(0, vcpe_firewall, df)
1096 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1097
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1098 @deferred(TIMEOUT)
1099 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_requests_type(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1100 """
1101 Algo:
1102 1. Get vSG corresponding to vcpe
1103 2. Login to compute node
1104 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets
1105 4. From cord-tester ping to 8.8.8.8
1106 5. Verifying that ping should not be successful
1107 6. Delete the iptable rule
1108 7. From cord-tester ping to 8.8.8.8
1109 8. Verifying the ping should success
1110 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1111 if not vcpe_name:
1112 vcpe_name = self.vcpe_container
1113 if not vcpe_intf:
1114 vcpe_intf = self.vcpe_dhcp
1115 df = defer.Deferred()
1116 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1117 if self.on_podd is False:
1118 df.callback(0)
1119 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1120 host = '8.8.8.8'
1121 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1122 try:
1123 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1124 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1125 assert_equal(st, False)
1126 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1127 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1128 assert_equal(st, True)
1129 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1130 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1131 assert_equal(st, False)
1132 finally:
1133 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1134 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1135 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1136 df.callback(0)
1137 reactor.callLater(0, vcpe_firewall, df)
1138 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1139
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1140 @deferred(TIMEOUT)
1141 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1142 """
1143 Algo:
1144 1. Get vSG corresponding to vcpe
1145 2. Login to compute node
1146 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets
1147 4. From cord-tester ping to 8.8.8.8
1148 5. Verifying that ping should not be successful
1149 6. Delete the iptable rule
1150 7. From cord-tester ping to 8.8.8.8
1151 8. Verifying the ping should success
1152 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1153 if not vcpe_name:
1154 vcpe_name = self.vcpe_container
1155 if not vcpe_intf:
1156 vcpe_intf = self.vcpe_dhcp
1157 df = defer.Deferred()
1158 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1159 if self.on_podd is False:
1160 df.callback(0)
1161 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1162 host = '8.8.8.8'
1163 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1164 try:
1165 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1166 st, _ = getstatusoutput('ping -c 1 {}'.format('8.8.8.8'))
1167 assert_equal(st, False)
1168 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1169 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1170 assert_equal(st, True)
1171 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1172 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1173 assert_equal(st,False)
1174 finally:
1175 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1176 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1177 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1178 df.callback(0)
1179 reactor.callLater(0, vcpe_firewall, df)
1180 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1181
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1182 @deferred(TIMEOUT)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1183 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_requests_type(self, vcpe_name=None, vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1184 """
1185 Algo:
1186 1. Get vSG corresponding to vcpe
1187 2. Login to compute node
1188 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets
1189 4. From cord-tester ping to 8.8.8.8
1190 5. Verifying that ping should not be successful
1191 6. Insert another rule to accept the icmp-echo requests protocol packets
1192 7. From cord-tester ping to 8.8.8.8
1193 8. Verifying the ping should success
1194 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1195 if not vcpe_name:
1196 vcpe_name = self.vcpe_container
1197 if not vcpe_intf:
1198 vcpe_intf = self.vcpe_dhcp
1199 df = defer.Deferred()
1200 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1201 if self.on_podd is False:
1202 df.callback(0)
1203 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1204 host = '8.8.8.8'
1205 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1206 try:
1207 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1208 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1209 assert_equal(st, False)
1210 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1211 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1212 assert_equal(st, True)
1213 st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name))
1214 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1215 assert_equal(st,False)
1216 finally:
1217 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1218 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name))
1219 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1220 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1221 df.callback(0)
1222 reactor.callLater(0, vcpe_firewall, df)
1223 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1224
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1225 @deferred(TIMEOUT)
1226 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None):
1227 """
1228 Algo:
1229 1. Get vSG corresponding to vcpe
1230 2. Login to compute node
1231 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets
1232 4. From cord-tester ping to 8.8.8.8
1233 5. Verifying the ping should not success
1234 6. Insert another rule to accept the icmp-echo requests protocol packets
1235 7. From cord-tester ping to 8.8.8.8
1236 8. Verifying the ping should success
1237 """
1238 if not vcpe_name:
1239 vcpe_name = self.vcpe_container
1240 if not vcpe_intf:
1241 vcpe_intf = self.vcpe_dhcp
1242 df = defer.Deferred()
1243 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1244 if self.on_podd is False:
1245 df.callback(0)
1246 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1247 host = '8.8.8.8'
1248 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1249 try:
1250 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1251 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1252 assert_equal(st, False)
1253 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1254 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1255 assert_equal(st, True)
1256 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name))
1257 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1258 assert_equal(st,False)
1259 finally:
1260 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1261 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name))
1262 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1263 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1264 df.callback(0)
1265 reactor.callLater(0, vcpe_firewall, df)
1266 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1267
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1268 @deferred(TIMEOUT)
1269 def test_vsg_firewall_for_deny_icmp_protocol(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1270 """
1271 Algo:
1272 1. Get vSG corresponding to vcpe
1273 2. Login to compute node
1274 3. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1275 4. From cord-tester ping to 8.8.8.8
1276 5. Verifying that ping should not be successful
1277 6. Delete the iptable rule
1278 7. From cord-tester ping to 8.8.8.8
1279 8. Verifying the ping should success
1280 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1281 if not vcpe_name:
1282 vcpe_name = self.vcpe_container
1283 if not vcpe_intf:
1284 vcpe_intf = self.vcpe_dhcp
1285 df = defer.Deferred()
1286 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1287 if self.on_podd is False:
1288 df.callback(0)
1289 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1290 host = '8.8.8.8'
1291 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1292 try:
1293 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1294 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1295 assert_equal(st, False)
1296 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1297 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1298 assert_equal(st, True)
1299 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1300 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1301 assert_equal(st,False)
1302 finally:
1303 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1304 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1305 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1306 df.callback(0)
1307 reactor.callLater(0, vcpe_firewall, df)
1308 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1309
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1310 @deferred(TIMEOUT)
1311 def test_vsg_firewall_rule_deny_icmp_protocol_and_destination_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1312 """
1313 Algo:
1314 1. Get vSG corresponding to vcpe
1315 2. Login to compute node
1316 3. Execute iptable command on vcpe from compute node to deny a destination IP
1317 4. From cord-tester ping to 8.8.8.8
1318 5. Verifying that ping should not be successful
1319 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1320 7. From cord-tester ping to 8.8.8.8
1321 8. Verifying the ping should success
1322 9. Delete the rule added in step 3
1323 10. From cord-tester ping to 8.8.8.8
1324 11. Verifying that ping should not be successful
1325 12. Delete the rule added in step 6
1326 13. From cord-tester ping to 8.8.8.8
1327 14. Verifying the ping should success
1328 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1329 if not vcpe_name:
1330 vcpe_name = self.vcpe_container
1331 if not vcpe_intf:
1332 vcpe_intf = self.vcpe_dhcp
1333 df = defer.Deferred()
1334 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1335 if self.on_podd is False:
1336 df.callback(0)
1337 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1338 host = '8.8.8.8'
1339 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1340 try:
1341 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1342 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1343 assert_equal(st, False)
1344 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1345 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1346 assert_equal(st, True)
1347 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1348 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1349 assert_equal(st, True)
1350 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1351 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1352 assert_equal(st, True)
1353 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1354 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1355 assert_equal(st,False)
1356 finally:
1357 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1358 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1359 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1360 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1361 df.callback(0)
1362 reactor.callLater(0, vcpe_firewall, df)
1363 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1364
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1365 @deferred(TIMEOUT) #Fail
1366 def test_vsg_firewall_flushing_all_configured_rules(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1367 """
1368 Algo:
1369 1. Get vSG corresponding to vcpe
1370 2. Login to compute node
1371 3. Execute iptable command on vcpe from compute node to deny a destination IP
1372 4. From cord-tester ping to 8.8.8.8
1373 5. Verifying that ping should not be successful
1374 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1375 7. From cord-tester ping to 8.8.8.8
1376 8. Verifying the ping should success
1377 9. Flush all the iptable rules configuraed in vcpe
1378 10. Delete the rule added in step 6
1379 11. From cord-tester ping to 8.8.8.8
1380 12. Verifying the ping should success
1381 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1382 if not vcpe_name:
1383 vcpe_name = self.vcpe_container
1384 if not vcpe_intf:
1385 vcpe_intf = self.vcpe_dhcp
1386 df = defer.Deferred()
1387 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1388 if self.on_podd is False:
1389 df.callback(0)
1390 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1391 host = '8.8.8.8'
1392 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1393 try:
1394 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1395 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1396 assert_equal(st, False)
1397 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1398 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1399 assert_equal(st, True)
1400 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1401 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1402 assert_equal(st, True)
1403 st,output = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name))
1404 time.sleep(1)
1405 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1406 assert_equal(st, False)
1407 finally:
1408 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1409 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1410 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1411 df.callback(0)
1412 reactor.callLater(0, vcpe_firewall, df)
1413 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1414
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1415 @deferred(TIMEOUT)
1416 def test_vsg_firewall_deny_all_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1417 """
1418 Algo:
1419 1. Get vSG corresponding to vcpe
1420 2. Login to compute node
1421 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic
1422 4. From cord-tester ping to 8.8.8.8
1423 5. Verifying that ping should not be successful
1424 6. Delete the iptable rule added
1425 7. From cord-tester ping to 8.8.8.8
1426 8. Verifying the ping should success
1427 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1428 if not vcpe_name:
1429 vcpe_name = self.vcpe_container
1430 if not vcpe_intf:
1431 vcpe_intf = self.vcpe_dhcp
1432 df = defer.Deferred()
1433 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1434 if self.on_podd is False:
1435 df.callback(0)
1436 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1437 host = '8.8.8.8'
1438 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1439 try:
1440 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1441 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1442 assert_equal(st, False)
1443 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1444 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1445 assert_equal(st, True)
1446 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1447 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1448 assert_equal(st, False)
1449 finally:
1450 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1451 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1452 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1453 df.callback(0)
1454 reactor.callLater(0, vcpe_firewall, df)
1455 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1456
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1457 @deferred(TIMEOUT)
1458 def test_vsg_firewall_replacing_deny_rule_to_accept_rule_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1459 """
1460 Algo:
1461 1. Get vSG corresponding to vcpe
1462 2. Login to compute node
1463 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic
1464 4. From cord-tester ping to 8.8.8.8
1465 5. Verifying that ping should not be successful
1466 6. Replace the deny rule added in step 3 with accept rule
1467 7. From cord-tester ping to 8.8.8.8
1468 8. Verifying the ping should success
1469 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1470 if not vcpe_name:
1471 vcpe_name = self.vcpe_container
1472 if not vcpe_intf:
1473 vcpe_intf = self.vcpe_dhcp
1474 df = defer.Deferred()
1475 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1476 if self.on_podd is False:
1477 df.callback(0)
1478 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1479 host = '8.8.8.8'
1480 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1481 try:
1482 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1483 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1484 assert_equal(st, False)
1485 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1486 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1487 assert_equal(st, True)
1488 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -4 -j ACCEPT'.format(vcpe_name))
1489 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1490 assert_equal(st, False)
1491 finally:
1492 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1493 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1494 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1495 df.callback(0)
1496 reactor.callLater(0, vcpe_firewall, df)
1497 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1498
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1499 @deferred(TIMEOUT)
1500 def test_vsg_firewall_deny_all_traffic_coming_on_lan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
1501 """
1502 Algo:
1503 1. Get vSG corresponding to vcpe
1504 2. Login to compute node
1505 3. Execute iptable command on vcpe from compute node to deny all the traffic coming on lan interface inside vcpe container
1506 4. From cord-tester ping to 8.8.8.8
1507 5. Verifying the ping should not success
1508 6. Delete the iptable rule added
1509 7. From cord-tester ping to 8.8.8.8
1510 8. Verifying the ping should success
1511 """
1512 if not vcpe_name:
1513 vcpe_name = self.vcpe_container
1514 if not vcpe_intf:
1515 vcpe_intf = self.vcpe_dhcp
1516 df = defer.Deferred()
1517 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1518 if self.on_podd is False:
1519 df.callback(0)
1520 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1521 host = '8.8.8.8'
1522 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1523 try:
1524 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1525 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1526 assert_equal(st, False)
1527 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -j DROP'.format(vcpe_name))
1528 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1529 assert_equal(st, True)
1530 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name))
1531 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1532 assert_equal(st, False)
1533 finally:
1534 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name))
1535 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1536 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1537 df.callback(0)
1538 reactor.callLater(0, vcpe_firewall, df)
1539 return df
1540
1541 @deferred(TIMEOUT)
1542 def test_vsg_firewall_deny_all_traffic_going_out_of_wan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
1543 """
1544 Algo:
1545 1. Get vSG corresponding to vcpe
1546 2. Login to compute node
1547 3. Execute iptable command on vcpe from compute node to deny all the traffic going out of wan interface inside vcpe container
1548 4. From cord-tester ping to 8.8.8.8
1549 5. Verifying the ping should not success
1550 6. Delete the iptable rule added
1551 7. From cord-tester ping to 8.8.8.8
1552 8. Verifying the ping should success
1553 """
1554 if not vcpe_name:
1555 vcpe_name = self.vcpe_container
1556 if not vcpe_intf:
1557 vcpe_intf = self.vcpe_dhcp
1558 df = defer.Deferred()
1559 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1560 if self.on_podd is False:
1561 df.callback(0)
1562 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1563 host = '8.8.8.8'
1564 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1565 try:
1566 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1567 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1568 assert_equal(st, False)
1569 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -o eth0 -j DROP'.format(vcpe_name))
1570 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1571 assert_equal(st, True)
1572 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name))
1573 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1574 assert_equal(st, False)
1575 finally:
1576 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name))
1577 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1578 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1579 df.callback(0)
1580 reactor.callLater(0, vcpe_firewall, df)
1581 return df
1582
1583 @deferred(TIMEOUT)
1584 def test_vsg_firewall_deny_all_traffic_from_lan_to_wan_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1585 """
1586 Algo:
1587 1. Get vSG corresponding to vcpe
1588 2. Login to compute node
1589 3. Execute iptable command on vcpe from compute node to deny all the traffic from lan to wan interface in vcpe
1590 4. From cord-tester ping to 8.8.8.8
1591 5. Verifying that ping should not be successful
1592 6. Delete the iptable rule added
1593 7. From cord-tester ping to 8.8.8.8
1594 8. Verifying the ping should success
1595 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1596 if not vcpe_name:
1597 vcpe_name = self.vcpe_container
1598 if not vcpe_intf:
1599 vcpe_intf = self.vcpe_dhcp
1600 df = defer.Deferred()
1601 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1602 if self.on_podd is False:
1603 df.callback(0)
1604 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1605 host = '8.8.8.8'
1606 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1607 try:
1608 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1609 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1610 assert_equal(st, False)
1611 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1612 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1613 assert_equal(st, True)
1614 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1615 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1616 assert_equal(st, False)
1617 finally:
1618 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1619 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1620 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1621 df.callback(0)
1622 reactor.callLater(0, vcpe_firewall, df)
1623 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1624
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1625
1626 #this test case needs modification.default route should be vcpe interface to run this test case
1627 @deferred(TIMEOUT)
1628 def test_vsg_firewall_deny_all_dns_traffic(self,vcpe_name=None,vcpe_intf=None):
1629 """
1630 Algo:
1631 1. Get vSG corresponding to vcpe
1632 2. Login to compute node
1633 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1634 4. From cord-tester ping to www.google.com
1635 5. Verifying the ping should not success
1636 6. Delete the iptable rule added
1637 7. From cord-tester ping to www.google.com
1638 8. Verifying the ping should success
1639 """
1640 if not vcpe_name:
1641 vcpe_name = self.vcpe_container
1642 if not vcpe_intf:
1643 vcpe_intf = self.vcpe_dhcp
1644 df = defer.Deferred()
1645 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1646 if self.on_podd is False:
1647 df.callback(0)
1648 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1649 host = 'www.msn.com'
1650 host_ip = '131.253.33.203'
1651 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1652 try:
1653 self.add_static_route_via_vcpe_interface([host_ip],vcpe=self.vcpe_dhcp)
1654 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1655 assert_equal(st, False)
1656 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name))
1657 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1658 assert_equal(st, True)
1659 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p udp --dport 53 -j ACCEPT'.format(vcpe_name))
1660 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1661 assert_equal(st, False)
1662 finally:
1663 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name))
1664 self.del_static_route_via_vcpe_interface([host_ip],vcpe=vcpe_intf)
1665 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1666 df.callback(0)
1667 reactor.callLater(0, vcpe_firewall, df)
1668 return df
1669
1670 @deferred(TIMEOUT)
1671 def test_vsg_firewall_deny_all_ipv4_traffic_vcpe_container_restart(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1672 """
1673 Algo:
1674 1. Get vSG corresponding to vcpe
1675 2. Login to compute node
1676 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1677 4. From cord-tester ping to www.google.com
1678 5. Verifying that ping should not be successful
1679 6. Delete the iptable rule added
1680 7. From cord-tester ping to www.google.com
1681 8. Verifying the ping should success
1682 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1683 if not vcpe_name:
1684 vcpe_name = self.vcpe_container
1685 if not vcpe_intf:
1686 vcpe_intf = self.vcpe_dhcp
1687 df = defer.Deferred()
1688 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1689 if self.on_podd is False:
1690 df.callback(0)
1691 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1692 host = '8.8.8.8'
1693 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1694 try:
1695 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1696 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1697 assert_equal(st, False)
1698 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1699 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1700 assert_equal(st, True)
1701 st,output = vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1702 time.sleep(3)
1703 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1704 assert_equal(st, False)
1705 finally:
1706 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1707 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1708 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1709 df.callback(0)
1710 reactor.callLater(0, vcpe_firewall, df)
1711 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1712
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1713 @deferred(TIMEOUT)
1714 def test_vsg_dnat_modifying_destination_ip(self,vcpe_name=None,vcpe_intf=None):
1715 """
1716 Algo:
1717 1. Get vSG corresponding to vcpe
1718 2. Login to compute node
1719 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1720 4. From cord-tester ping to www.google.com
1721 5. Verifying the ping should not success
1722 6. Delete the iptable rule added
1723 7. From cord-tester ping to www.google.com
1724 8. Verifying the ping should success
1725 """
1726 if not vcpe_name:
1727 vcpe_name = self.vcpe_container
1728 if not vcpe_intf:
1729 vcpe_intf = self.vcpe_dhcp
1730 df = defer.Deferred()
1731 def vcpe_firewall(df):
1732 host = '8.8.8.8'
1733 dst_ip = '123.123.123.123'
1734 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1735 try:
1736 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1737 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1738 assert_equal(st, False)
1739 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1740 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1741 assert_equal(st, True)
1742 finally:
1743 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1744 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1745 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1746 df.callback(0)
1747 reactor.callLater(0,vcpe_firewall,df)
1748 return df
1749
1750 @deferred(TIMEOUT)
1751 def test_vsg_dnat_modifying_destination_ip_and_delete(self,vcpe_name=None,vcpe_intf=None):
1752 """
1753 Algo:
1754 1. Get vSG corresponding to vcpe
1755 2. Login to compute node
1756 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1757 4. From cord-tester ping to www.google.com
1758 5. Verifying the ping should not success
1759 6. Delete the iptable rule added
1760 7. From cord-tester ping to www.google.com
1761 8. Verifying the ping should success
1762 """
1763 if not vcpe_name:
1764 vcpe_name = self.vcpe_container
1765 if not vcpe_intf:
1766 vcpe_intf = self.vcpe_dhcp
1767 df = defer.Deferred()
1768 def vcpe_firewall(df):
1769 host = '8.8.8.8'
1770 dst_ip = '123.123.123.123'
1771 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1772 try:
1773 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1774 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1775 assert_equal(st, False)
1776 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1777 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1778 assert_equal(st, True)
1779 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1780 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1781 assert_equal(st, False)
1782 finally:
1783 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1784 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1785 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1786 df.callback(0)
1787 reactor.callLater(0,vcpe_firewall,df)
1788 return df
1789
1790 @deferred(TIMEOUT)
1791 def test_vsg_dnat_change_modifying_destination_ip_address(self,vcpe_name=None,vcpe_intf=None):
1792 """
1793 Algo:
1794 1. Get vSG corresponding to vcpe
1795 2. Login to compute node
1796 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1797 4. From cord-tester ping to www.google.com
1798 5. Verifying the ping should not success
1799 6. Delete the iptable rule added
1800 7. From cord-tester ping to www.google.com
1801 8. Verifying the ping should success
1802 """
1803 if not vcpe_name:
1804 vcpe_name = self.vcpe_container
1805 if not vcpe_intf:
1806 vcpe_intf = self.vcpe_dhcp
1807 df = defer.Deferred()
1808 def vcpe_firewall(df):
1809 host = '8.8.8.8'
1810 dst_ip = '123.123.123.123'
1811 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1812 try:
1813 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1814 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1815 assert_equal(st, False)
1816 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1817 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1818 assert_equal(st, True)
1819 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -R PREROUTING 1 -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,host))
1820 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1821 assert_equal(st, False)
1822 finally:
1823 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1824 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,host))
1825 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1826 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1827 df.callback(0)
1828 reactor.callLater(0,vcpe_firewall,df)
1829 return df
1830
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]1831 def test_vsg_xos_subscriber(self):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1832 if self.on_podd is False:
1833 return
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]1834 subscriber_info = self.subscriber_info[0]
1835 volt_subscriber_info = self.volt_subscriber_info[0]
1836 result = self.restApiXos.ApiPost('TENANT_SUBSCRIBER', subscriber_info)
1837 assert_equal(result, True)
1838 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
1839 assert_not_equal(result, None)
1840 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
1841 assert_not_equal(subId, '0')
1842 log.info('Subscriber ID for account num %d = %s' %(volt_subscriber_info['account_num'], subId))
1843 volt_tenant = volt_subscriber_info['voltTenant']
1844 #update the subscriber id in the tenant info before making the rest
1845 volt_tenant['subscriber'] = subId
1846 result = self.restApiXos.ApiPost('TENANT_VOLT', volt_tenant)
1847 assert_equal(result, True)
1848
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]1849 def test_vsg_for_dns_service(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1850 """
1851 Algo:
1852 1. Create a test client in Prod VM
1853 2. Create a vCPE container in vSG VM inside compute Node
1854 3. Ensure vSG VM and vCPE container created properly
1855 4. Enable dns service in vCPE ( if not by default )
1856 5. Send ping request from test client to valid domain address say, 'www.google'com
1857 6. Verify that dns should resolve ping should success
1858 7. Now send ping request to invalid domain address say 'www.invalidaddress'.com'
1859 8. Verify that dns resolve should fail and hence ping
1860 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1861
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1862 def test_vsg_for_10_subscribers_for_same_service(self):
1863 """
1864 Algo:
1865 1.Create a vSG VM in compute node
1866 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
1867 3.Ensure vSG VM and vCPE container created properly
1868 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to valid external public IP
1869 5.Verify that ping success for all 10 subscribers
1870 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1871
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1872 def test_vsg_for_10_subscribers_for_same_service_ping_invalid_ip(self):
1873 """
1874 Algo:
1875 1.Create a vSG VM in compute Node
1876 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
1877 3.Ensure vSG VM and vCPE container created properly
1878 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to invalid IP
1879 5.Verify that ping fails for all 10 subscribers
1880 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1881
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1882 def test_vsg_for_10_subscribers_for_same_service_ping_valid_and_invalid_ip(self):
1883 """
1884 Algo:
1885 1.Create a vSG VM in VM
1886 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
1887 3.Ensure vSG VM and vCPE container created properly
1888 4.From first 5 subscribers, with same s-tag and different c-tag, send a ping to valid IP
1889 5.Verify that ping success for all 5 subscribers
1890 6.From next 5 subscribers, with same s-tag and different c-tag, send a ping to invalid IP
1891 7.Verify that ping fails for all 5 subscribers
1892 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1893
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1894 def test_vsg_for_100_subscribers_for_same_service(self):
1895 """
1896 Algo:
1897 1.Create a vSG VM in compute node
1898 2.Create 100 vCPE containers for 100 subscribers, in vSG VM
1899 3.Ensure vSG VM and vCPE container created properly
1900 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to valid external public IP
1901 5.Verify that ping success for all 100 subscribers
1902 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1903
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1904 def test_vsg_for_100_subscribers_for_same_service_ping_invalid_ip(self):
1905 """
1906 Algo:
1907 1.Create a vSG VM in compute Node
1908 2.Create 10 vCPE containers for 100 subscribers, in vSG VM
1909 3.Ensure vSG VM and vCPE container created properly
1910 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to invalid IP
1911 5.Verify that ping fails for all 100 subscribers
1912 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1913
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1914 def test_vsg_for_100_subscribers_for_same_service_ping_valid_and_invalid_ip(self):
1915 """
1916 Algo:
1917 1.Create a vSG VM in VM
1918 2.Create 10 vCPE containers for 100 subscribers, in vSG VM
1919 3.Ensure vSG VM and vCPE container created properly
1920 4.From first 5 subscribers, with same s-tag and different c-tag, send a ping to valid IP
1921 5.Verify that ping success for all 5 subscribers
1922 6.From next 5 subscribers, with same s-tag and different c-tag, send a ping to invalid IP
1923 7.Verify that ping fails for all 5 subscribers
1924 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1925
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1926 def test_vsg_for_packet_received_with_invalid_ip_fields(self):
1927 """
1928 Algo:
1929 1.Create a vSG VM in compute node
1930 2.Create a vCPE container in vSG VM
1931 3.Ensure vSG VM and vCPE container created properly
1932 4.From subscriber, send a ping packet with invalid ip fields
1933 5.Verify that vSG drops the packet
1934 6.Verify ping fails
1935 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1936
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1937 def test_vsg_for_packet_received_with_invalid_mac_fields(self):
1938 """
1939 Algo:
1940 1.Create a vSG VM in compute node
1941 2.Create a vCPE container in vSG VM
1942 3.Ensure vSG VM and vCPE container created properly
1943 4.From subscriber, send a ping packet with invalid mac fields
1944 5.Verify that vSG drops the packet
1945 6.Verify ping fails
1946 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1947
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1948 def test_vsg_for_vlan_id_mismatch_in_stag(self):
1949 """
1950 Algo:
1951 1.Create a vSG VM in compute Node
1952 2.Create a vCPE container in vSG VM
1953 3.Ensure vSG VM and vCPE container created properly
1954 4.Send a ping request to external valid IP from subscriber, with incorrect vlan id in s-tag and valid c-tag
1955 5.Verify that ping fails as the packet drops at VM entry
1956 6.Repeat step 4 with correct s-tag
1957 7.Verify that ping success
1958 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1959
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1960 def test_vsg_for_vlan_id_mismatch_in_ctag(self):
1961 """
1962 Algo:
1963 1.Create a vSG VM in compute node
1964 2.Create a vCPE container in vSG VM
1965 3.Ensure vSG VM and vCPE container created properly
1966 4.Send a ping request to external valid IP from subscriber, with valid s-tag and incorrect vlan id in c-tag
1967 5.Verify that ping fails as the packet drops at vCPE container entry
1968 6.Repeat step 4 with valid s-tag and c-tag
1969 7.Verify that ping success
1970 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1971
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1972 def test_vsg_for_matching_and_mismatching_vlan_id_in_stag(self):
1973 """
1974 Algo:
1975 1.Create two vSG VMs in compute node
1976 2.Create a vCPE container in each vSG VM
1977 3.Ensure vSG VM and vCPE container created properly
1978 4.From subscriber one, send ping request with valid s and c tags
1979 5.From subscriber two, send ping request with vlan id mismatch in s-tag and valid c tags
1980 6.Verify that ping success for only subscriber one and fails for two.
1981 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1982
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1983 def test_vsg_for_matching_and_mismatching_vlan_id_in_ctag(self):
1984 """
1985 Algo:
1986 1.Create a vSG VM in compute node
1987 2.Create two vCPE containers in vSG VM
1988 3.Ensure vSG VM and vCPE container created properly
1989 4.From subscriber one, send ping request with valid s and c tags
1990 5.From subscriber two, send ping request with valid s-tag and vlan id mismatch in c-tag
1991 6.Verify that ping success for only subscriber one and fails for two
1992 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1993
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1994 def test_vsg_for_out_of_range_vlanid_in_ctag(self):
1995 """
1996 Algo:
1997 1.Create a vSG VM in compute node
1998 2.Create a vCPE container in vSG VM
1999 3.Ensure vSG VM and vCPE container created properly
2000 4.From subscriber, send ping request with valid stag and vlan id in c-tag is an out of range value ( like 0,4097 )
2001 4.Verify that ping fails as the ping packets drops at vCPE container entry
2002 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2003
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2004 def test_vsg_for_out_of_range_vlanid_in_stag(self):
2005 """
2006 Algo:
2007 1.Create a vSG VM in compute node
2008 2.Create a vCPE container in vSG VM
2009 3.Ensure vSG VM and vCPE container created properly
2010 2.From subscriber, send ping request with vlan id in s-tag is an out of range value ( like 0,4097 ), with valid c-tag
2011 4.Verify that ping fails as the ping packets drops at vSG VM entry
2012 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2013
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2014 def test_vsg_without_creating_vcpe_instance(self):
2015 """
2016 Algo:
2017 1.Create a vSG VM in compute Node
2018 2.Ensure vSG VM created properly
2019 3.Do not create vCPE container inside vSG VM
2020 4.From a subscriber, send ping to external valid IP
2021 5.Verify that ping fails as the ping packet drops at vSG VM entry itself.
2022 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2023
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2024 def test_vsg_for_remove_vcpe_instance(self):
2025 """
2026 Algo:
2027 1.Create a vSG VM in compute node
2028 2.Create a vCPE container in vSG VM
2029 3.Ensure vSG VM and vCPE container created properly
2030 4.From subscriber, send ping request with valid s-tag and c-tag
2031 5.Verify that ping success
2032 6.Verify ping success flows in OvS switch in compute node
2033 7.Now remove the vCPE container in vSG VM
2034 8.Ensure that the container removed properly
2035 9.Repeat step 4
2036 10.Verify that now, ping fails
2037 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2038
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2039 def test_vsg_for_restart_vcpe_instance(self):
2040 """
2041 Algo:
2042 1.Create a vSG VM in compute node
2043 2.Create a vCPE container in vSG VM
2044 3.Ensure vSG VM and vCPE container created properly
2045 4.From subscriber, send ping request with valid s-tag and c-tag
2046 5.Verify that ping success
2047 6.Verify ping success flows in OvS switch in compute node
2048 7.Now restart the vCPE container in vSG VM
2049 8.Ensure that the container came up after restart
2050 9.Repeat step 4
2051 10.Verify that now,ping gets success and flows added in OvS
2052 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2053
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2054 def test_vsg_for_restart_vsg_vm(self):
2055 """
2056 Algo:
2057 1.Create a vSG VM in compute node
2058 2.Create a vCPE container in vSG VM
2059 3.Ensure vSG VM and vCPE container created properly
2060 4.From subscriber, send ping request with valid s-tag and c-tag
2061 5.Verify that ping success
2062 6.Verify ping success flows in OvS switch in compute node
2063 7.Now restart the vSG VM
2064 8.Ensure that the vSG comes up properly after restart
2065 9.Verify that vCPE container comes up after vSG restart
2066 10.Repeat step 4
2067 11.Verify that now,ping gets success and flows added in OvS
2068 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2069
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2070 def test_vsg_for_pause_vcpe_instance(self):
2071 """
2072 Algo:
2073 1.Create a vSG VM in compute node
2074 2.Create a vCPE container in vSG VM
2075 3.Ensure vSG VM and vCPE container created properly
2076 4.From subscriber, send ping request with valid s-tag and c-tag
2077 5.Verify that ping success
2078 6.Verify ping success flows in OvS switch in compute node
2079 7.Now pause vCPE container in vSG VM for a while
2080 8.Ensure that the container state is pause
2081 9.Repeat step 4
2082 10.Verify that now,ping fails now and verify flows in OvS
2083 11.Now resume the container
2084 12.Now repeat step 4 again
2085 13.Verify that now, ping gets success
2086 14.Verify ping success flows in OvS
2087 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2088
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2089 def test_vsg_for_extract_all_compute_stats_from_all_vcpe_containers(self):
2090 """
2091 Algo:
2092 1.Create a vSG VM in compute node
2093 2.Create 10 vCPE containers in VM
2094 3.Ensure vSG VM and vCPE containers created properly
2095 4.Login to all vCPE containers
2096 4.Get all compute stats from all vCPE containers
2097 5.Verify the stats # verification method need to add
2098 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2099
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2100 def test_vsg_for_extract_dns_stats_from_all_vcpe_containers(self):
2101 """
2102 Algo:
2103 1.Create a vSG VM in compute node
2104 2.Create 10 vCPE containers in VM
2105 3.Ensure vSG VM and vCPE containers created properly
2106 4.From 10 subscribers, send ping to valid and invalid dns hosts
2107 5.Verify dns resolves and ping success for valid dns hosts
2108 6.Verify ping fails for invalid dns hosts
2109 7.Verify dns host name resolve flows in OvS
2110 8.Login to all 10 vCPE containers
2111 9.Extract all dns stats
2112 10.Verify dns stats for queries sent, queries received for dns host resolve success and failed scenarios
2113 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2114
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2115 def test_vsg_for_subscriber_access_two_vsg_services(self):
2116 """
2117 # Intention is to verify if subscriber can reach internet via two vSG VMs
2118 Algo:
2119 1.Create two vSG VMs for two services in compute node
2120 2.Create one vCPE container in each VM for one subscriber
2121 3.Ensure VMs and containers created properly
2122 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2123 5.Verify ping gets success
2124 6.Verify ping success flows in OvS
2125 7.Now repeat step 4 with stag corresponds to vSG-2 VM
2126 8.Verify that ping again success
2127 9.Verify ping success flows in OvS
2128 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2129
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2130 def test_vsg_for_subscriber_access_service2_if_service1_goes_down(self):
2131 """
2132 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
2133 Algo:
2134 1.Create two vSG VMs for two services in compute node
2135 2.Create one vCPE container in each VM for one subscriber
2136 3.Ensure VMs and containers created properly
2137 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2138 5.Verify ping gets success
2139 6.Verify ping success flows in OvS
2140 7.Down the vSG-1 VM
2141 8.Now repeat step 4
2142 9.Verify that ping fails as vSG-1 is down
2143 10.Repeat step 4 with stag corresponding to vSG-2
2144 9.Verify ping success and flows added in OvS
2145 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2146
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2147 def test_vsg_for_subscriber_access_service2_if_service1_goes_restart(self):
2148 """
2149 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
2150 Algo:
2151 1.Create two vSG VMs for two services in compute node
2152 2.Create one vCPE container in each VM for one subscriber
2153 3.Ensure VMs and containers created properly
2154 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2155 5.Verify ping gets success
2156 6.Verify ping success flows added in OvS
2157 7.Now restart vSG-1 VM
2158 8.Now repeat step 4 while vSG-1 VM restarts
2159 9.Verify that ping fails as vSG-1 is restarting
2160 10.Repeat step 4 with stag corresponding to vSG-2 while vSG-1 VM restarts
2161 11.Verify ping success and flows added in OvS
2162 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2163
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2164 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_goes_down(self):
2165 """
2166 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
2167 Algo:
2168 1.Create a vSG VM in compute node
2169 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2170 3.Ensure VM and containers created properly
2171 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2172 5.Verify ping gets success
2173 6.Verify ping success flows added in OvS
2174 7.Now stop vCPE-1 container
2175 8.Now repeat step 4
2176 9.Verify that ping fails as vCPE-1 container is down
2177 10.Repeat step 4 with ctag corresponding to vCPE-2 container
2178 11.Verify ping success and flows added in OvS
2179 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2180
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2181 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_restart(self):
2182 """
2183 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
2184 Algo:
2185 1.Create a vSG VM in compute node
2186 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2187 3.Ensure VM and containers created properly
2188 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2189 5.Verify ping gets success
2190 6.Verify ping success flows added in OvS
2191 7.Now restart vCPE-1 container
2192 8.Now repeat step 4 while vCPE-1 restarts
2193 9.Verify that ping fails as vCPE-1 container is restarts
2194 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 restarts
2195 11..Verify ping success and flows added in OvS
2196 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2197
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2198 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_pause(self):
2199 """
2200 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 paused
2201 Algo:
2202 1.Create a vSG VM in compute node
2203 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2204 3.Ensure VM and containers created properly
2205 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2206 5.Verify ping gets success
2207 6.Verify ping success flows added in OvS
2208 7.Now pause vCPE-1 container
2209 8.Now repeat step 4 while vCPE-1 in pause state
2210 9.Verify that ping fails as vCPE-1 container in pause state
2211 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 in pause state
2212 11.Verify ping success and flows added in OvS
2213 """
2214 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_removed(self):
2215 """
2216 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 removed
2217 Algo:
2218 1.Create a vSG VM in compute node
2219 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2220 3.Ensure VM and containers created properly
2221 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2222 5.Verify ping gets success
2223 6.Verify ping success flows added in OvS
2224 7.Now remove vCPE-1 container
2225 8.Now repeat step 4
2226 9.Verify that ping fails as vCPE-1 container removed
2227 10.Repeat step 4 with ctag corresponding to vCPE-2 container
2228 11.Verify ping success and flows added in OvS
2229 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2230
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2231 def test_vsg_for_vcpe_instance_removed_and_added_again(self):
2232 """
2233 Algo:
2234 1.Create a vSG VM in compute node
2235 2.Create a vCPE container in vSG VM
2236 3.Ensure VM and containers created properly
2237 4.From subscriber end, send ping to public IP
2238 5.Verify ping gets success
2239 6.Verify ping success flows added in OvS
2240 7.Now remove vCPE container in vSG VM
2241 8.Now repeat step 4
2242 9.Verify that ping fails as vCPE container removed
2243 10.Create the vCPE container again for the same subscriber
2244 11.Ensure that vCPE created now
2245 12.Now repeat step 4
2246 13.Verify ping success and flows added in OvS
2247 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2248
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2249 def test_vsg_for_vsg_vm_removed_and_added_again(self):
2250 """
2251 Algo:
2252 1.Create a vSG VM in compute node
2253 2.Create a vCPE container in vSG VM
2254 3.Ensure VM and containers created properly
2255 4.From subscriber end, send ping to public IP
2256 5.Verify ping gets success
2257 6.Verify ping success flows added in OvS
2258 7.Now remove vSG VM
2259 8.Now repeat step 4
2260 9.Verify that ping fails as vSG VM not exists
2261 10.Create the vSG VM and vCPE container in VM again
2262 11.Ensure that vSG and vCPE created
2263 12.Now repeat step 4
2264 13.Verify ping success and flows added in OvS
2265 """
2266
2267 #Test vSG - Subscriber Configuration
2268 def test_vsg_for_configuring_new_subscriber_in_vcpe(self):
2269 """
2270 Algo:
2271 1.Create a vSG VM in compute node
2272 2.Create a vCPE container in vSG VM
2273 3.Ensure VM and containers created properly
2274 4.Configure a subscriber in XOS and assign a service id
2275 5.Set the admin privileges to the subscriber
2276 6.Verify subscriber configuration is success
2277 """
2278 def test_vsg_for_adding_subscriber_devices_in_vcpe(self):
2279 """
2280 Algo:
2281 1.Create a vSG VM in compute node
2282 2.Create a vCPE container in vSG VM
2283 3.Ensure VM and containers created properly
2284 4.Configure a subscriber in XOS and assign a service id
2285 5.Verify subscriber successfully configured in vCPE
2286 6.Now add devices( Mac addresses ) under the subscriber admin group
2287 7.Verify all devices ( Macs ) added successfully
2288 """
2289 def test_vsg_for_removing_subscriber_devices_in_vcpe(self):
2290 """
2291 Algo:
2292 1.Create a vSG VM in compute node
2293 2.Create a vCPE container in vSG VM
2294 3.Ensure VM and containers created properly
2295 4.Configure a subscriber in XOS and assign a service id
2296 5.Verify subscriber successfully configured
2297 6.Now add devices( Mac addresses ) under the subscriber admin group
2298 7.Verify all devices ( Macs ) added successfully
2299 8.Now remove All the added devices in XOS
2300 9.Verify all the devices removed
2301 """
2302 def test_vsg_for_modify_subscriber_devices_in_vcpe(self):
2303 """
2304 Algo:
2305 1.Create a vSG VM in compute node
2306 2.Create a vCPE container in vSG VM
2307 3.Ensure VM and containers created properly
2308 4.Configure a user in XOS and assign a service id
2309 5.Verify subscriber successfully configured in vCPE.
2310 6.Now add devices( Mac addresses ) under the subscriber admin group
2311 7.Verify all devices ( Macs ) added successfully
2312 8.Now remove few devices in XOS
2313 9.Verify devices removed successfully
2314 10.Now add few additional devices in XOS under the same subscriber admin group
2315 11.Verify newly added devices successfully added
2316 """
2317 def test_vsg_for_vcpe_login_fails_with_incorrect_subscriber_credentials(self):
2318 """
2319 Algo:
2320 1.Create a vSG VM in compute node
2321 2.Create a vCPE container in vSG VM
2322 3.Ensure VM and containers created properly
2323 4.Configure a subscriber in XOS and assign a service id
2324 5.Verify subscriber successfully configured
2325 6.Now add devices( Mac addresses ) under the subscriber admin group
2326 7.Verify all devices ( Macs ) added successfully
2327 8.Login vCPE with credentials with which subscriber configured
2328 9.Verify subscriber successfully logged in
2329 10.Logout and login again with incorrect credentials ( either user name or password )
2330 11.Verify login attempt to vCPE fails wtih incorrect credentials
2331 """
2332 def test_vsg_for_subscriber_configuration_in_vcpe_retain_after_vcpe_restart(self):
2333 """
2334 Algo:
2335 1.Create a vSG VM in compute node
2336 2.Create a vCPE container in vSG VM
2337 3.Ensure VM and containers created properly
2338 4.Configure a subscriber in XOS and assign a service id
2339 5.Verify subscriber successfully configured
2340 6.Now add devices( Mac addresses ) under the subscriber admin group
2341 7.Verify all devices ( Macs ) added successfully
2342 8.Restart vCPE ( locate backup config path while restart )
2343 9.Verify subscriber details in vCPE after restart should be same as before the restart
2344 """
2345 def test_vsg_for_create_multiple_vcpe_instances_and_configure_subscriber_in_each_instance(self):
2346 """
2347 Algo:
2348 1.Create a vSG VM in compute node
2349 2.Create 2 vCPE containers in vSG VM
2350 3.Ensure VM and containers created properly
2351 4.Configure a subscriber in XOS for each vCPE instance and assign a service id
2352 5.Verify subscribers successfully configured
2353 6.Now login vCPE-2 with subscriber-1 credentials
2354 7.Verify login fails
2355 8.Now login vCPE-1 with subscriber-2 credentials
2356 9.Verify login fails
2357 10.Now login vCPE-1 with subscriber-1 and vCPE-2 with subscriber-2 credentials
2358 11.Verify that both the subscribers able to login to their respective vCPE containers
2359 """
2360 def test_vsg_for_same_subscriber_can_be_configured_for_multiple_services(self):
2361 """
2362 Algo:
2363 1.Create 2 vSG VMs in compute node
2364 2.Create a vCPE container in each vSG VM
2365 3.Ensure VMs and containers created properly
2366 4.Configure same subscriber in XOS for each vCPE instance and assign a service id
2367 5.Verify subscriber successfully configured
2368 6.Now login vCPE-1 with subscriber credentials
2369 7.Verify login success
2370 8.Now login vCPE-2 with the same subscriber credentials
2371 9.Verify login success
2372 """
2373
2374 #Test Example Service
2375 def test_vsg_for_subcriber_avail_example_service_running_in_apache_server(self):
2376 """
2377 Algo:
2378 1.Create a vSG VM in compute node
2379 2.Create a vCPE container in each vSG VM
2380 3.Ensure VM and container created properly
2381 4.Configure a subscriber in XOS for the vCPE instance and assign a service id
2382 5.On-board an example service into cord pod
2383 6.Create a VM in compute node and run the example service ( Apache server )
2384 7.Configure the example service with service specific and subscriber specific messages
2385 8.Verify example service on-boarded successfully
2386 9.Verify example service running in VM
2387 10.Run a curl command from subscriber to reach example service
2388 11.Verify subscriber can successfully reach example service via vSG
2389 12.Verify that service specific and subscriber specific messages
2390 """
2391 def test_vsg_for_subcriber_avail_example_service_running_in_apache_server_after_service_restart(self):
2392 """
2393 Algo:
2394 1.Create a vSG VM in compute node
2395 2.Create a vCPE container in each vSG VM
2396 3.Ensure VM and container created properly
2397 4.Configure a subscriber in XOS for the vCPE instance and assign a service id
2398 5.On-board an example service into cord pod
2399 6.Create a VM in compute node and run the example service ( Apache server )
2400 7.Configure the example service with service specific and subscriber specific messages
2401 8.Verify example service on-boarded successfully
2402 9.Verify example service running in VM
2403 10.Run a curl command from subscriber to reach example service
2404 11.Verify subscriber can successfully reach example service via vSG
2405 12.Verify that service specific and subscriber specific messages
2406 13.Restart example service running in VM
2407 14.Repeat step 10
2408 15.Verify the same results as mentioned in steps 11, 12
2409 """
2410
2411 #vCPE Firewall Functionality
2412 def test_vsg_firewall_for_creating_acl_rule_based_on_source_ip(self):
2413 """
2414 Algo:
2415 1.Create a vSG VM in compute node
2416 2.Create vCPE container in the VM
2417 3.Ensure vSG VM and vCPE container created properly
2418 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
2419 5.Bound the acl rule to WAN interface of vCPE
2420 6.Verify configuration in vCPE is success
2421 8.Verify flows added in OvS
2422 """
2423 def test_vsg_firewall_for_creating_acl_rule_based_on_destination_ip(self):
2424 """
2425 Algo:
2426 1.Create a vSG VM in compute node
2427 2.Create vCPE container in the VM
2428 3.Ensure vSG VM and vCPE container created properly
2429 4.Configure ac acl rule in vCPE to deny IP traffic to a destination ip
2430 5.Bound the acl rule to WAN interface of vCPE
2431 6.Verify configuration in vCPE is success
2432 8.Verify flows added in OvS
2433 """
2434 def test_vsg_firewall_for_acl_deny_rule_based_on_source_ip_traffic(self):
2435 """
2436 Algo:
2437 1.Create a vSG VM in compute node
2438 2.Create vCPE container in the VM
2439 3.Ensure vSG VM and vCPE container created properly
2440 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
2441 5.Bound the acl rule to WAN interface of vCPE
2442 6.From subscriber, send ping to the denied IP address
2443 7.Verify that ping fails as vCPE denies ping response
2444 8.Verify flows added in OvS
2445 """
2446 def test_vsg_firewall_for_acl_deny_rule_based_on_destination_ip_traffic(self):
2447 """
2448 Algo:
2449 1.Create a vSG VM in compute node
2450 2.Create vCPE container in the VM
2451 3.Ensure vSG VM and vCPE container created properly
2452 4.Configure ac acl rule in vCPE to deny IP traffic to a destination IP
2453 5.Bound the acl rule to WAN interface of vCPE
2454 6.From subscriber, send ping to the denied IP address
2455 7.Verify that ping fails as vCPE drops the ping request at WAN interface
2456 8.Verify flows added in OvS
2457 """
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]2458
2459 def test_vsg_dnsmasq(self):
2460 pass
2461
2462 def test_vsg_with_external_parental_control_family_shield_for_filter(self):
2463 pass
2464
2465 def test_vsg_with_external_parental_control_with_answerx(self):
2466 pass
2467
2468 def test_vsg_for_subscriber_upstream_bandwidth(self):
2469 pass
2470
2471 def test_vsg_for_subscriber_downstream_bandwidth(self):
2472 pass
2473
2474 def test_vsg_for_diagnostic_run_of_traceroute(self):
2475 pass
2476
2477 def test_vsg_for_diagnostic_run_of_tcpdump(self):
2478 pass
2479
2480 def test_vsg_for_iptable_rules(self):
2481 pass
2482
2483 def test_vsg_for_iptables_with_neutron(self):
2484 pass