Gitiles
Code Review Sign In
gerrit.opencord.org / cord-tester / b145da8bbd43228eb3bf7b18271480888743599c / . / src / test / vsg / vsgTest.py
blob: 82eb1478f0773fe93c914bd1c48a1558d5584ab3 [file] [log] [blame]
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]1#copyright 2016-present Ciena Corporation
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14#
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]15import time
16import os
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]17import sys
18import json
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]19from nose.tools import *
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]20from twisted.internet import defer
21from nose.twistedtools import reactor, deferred
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]22from CordTestUtils import *
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]23from OltConfig import OltConfig
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]24from onosclidriver import OnosCliDriver
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]25from SSHTestAgent import SSHTestAgent
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]26from CordLogger import CordLogger
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]27from VSGAccess import VSGAccess
A R Karthick933f5b52017-03-27 15:27:16 -0700[diff] [blame]28from CordTestUtils import log_test as log
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]29from OnosCtrl import OnosCtrl
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]30
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]31log.setLevel('INFO')
32
33class vsg_exchange(CordLogger):
34 ONOS_INSTANCES = 3
35 V_INF1 = 'veth0'
36 device_id = 'of:' + get_mac()
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]37 TEST_IP = '8.8.8.8'
38 HOST = "10.1.0.1"
39 USER = "vagrant"
40 PASS = "vagrant"
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]41 head_node = os.getenv('HEAD_NODE', 'prod')
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]42 HEAD_NODE = head_node + '.cord.lab' if len(head_node.split('.')) == 1 else head_node
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]43 test_path = os.path.dirname(os.path.realpath(__file__))
44 olt_conf_file = os.path.join(test_path, '..', 'setup/olt_config.json')
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]45 restApiXos = None
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]46 subscriber_account_num = 200
47 subscriber_s_tag = 304
48 subscriber_c_tag = 304
49 subscribers_per_s_tag = 8
50 subscriber_map = {}
A R Karthick9a16a112017-04-07 15:40:05 -0700[diff] [blame]51 restore_methods = []
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]52 TIMEOUT=120
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame^]53 FABRIC_PORT_HEAD_NODE = 1
54 FABRIC_PORT_COMPUTE_NODE = 2
55 APP_NAME = 'org.ciena.xconnect'
56 APP_FILE = os.path.join(test_path, '..', 'apps/xconnect-1.0-SNAPSHOT.oar')
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]57
58 @classmethod
59 def getSubscriberCredentials(cls, subId):
60 """Generate our own account num, s_tag and c_tags"""
61 if subId in cls.subscriber_map:
62 return cls.subscriber_map[subId]
63 account_num = cls.subscriber_account_num
64 cls.subscriber_account_num += 1
65 s_tag, c_tag = cls.subscriber_s_tag, cls.subscriber_c_tag
66 cls.subscriber_c_tag += 1
67 if cls.subscriber_c_tag % cls.subscribers_per_s_tag == 0:
68 cls.subscriber_s_tag += 1
69 cls.subscriber_map[subId] = account_num, s_tag, c_tag
70 return cls.subscriber_map[subId]
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]71
72 @classmethod
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]73 def getXosCredentials(cls):
74 onos_cfg = OnosCtrl.get_config()
75 if onos_cfg is None:
76 return None
77 if 'apps' in onos_cfg and \
78 'org.opencord.vtn' in onos_cfg['apps'] and \
79 'cordvtn' in onos_cfg['apps']['org.opencord.vtn'] and \
80 'xos' in onos_cfg['apps']['org.opencord.vtn']['cordvtn']:
81 xos_cfg = onos_cfg['apps']['org.opencord.vtn']['cordvtn']['xos']
82 endpoint = xos_cfg['endpoint']
83 user = xos_cfg['user']
84 password = xos_cfg['password']
85 xos_endpoints = endpoint.split(':')
86 xos_host = xos_endpoints[1][len('//'):]
87 xos_port = xos_endpoints[2][:-1]
88 #log.info('xos_host: %s, port: %s, user: %s, password: %s' %(xos_host, xos_port, user, password))
89 return dict(host = xos_host, port = xos_port, user = user, password = password)
90
91 return None
92
93 @classmethod
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]94 def setUpCordApi(cls):
95 our_path = os.path.dirname(os.path.realpath(__file__))
96 cord_api_path = os.path.join(our_path, '..', 'cord-api')
97 framework_path = os.path.join(cord_api_path, 'Framework')
98 utils_path = os.path.join(framework_path, 'utils')
99 data_path = os.path.join(cord_api_path, 'Tests', 'data')
100 subscriber_cfg = os.path.join(data_path, 'Subscriber.json')
101 volt_tenant_cfg = os.path.join(data_path, 'VoltTenant.json')
102
103 with open(subscriber_cfg) as f:
104 subscriber_data = json.load(f)
105 subscriber_info = subscriber_data['SubscriberInfo']
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]106 for i in xrange(len(subscriber_info)):
107 subscriber = subscriber_info[i]
108 account_num, _, _ = cls.getSubscriberCredentials('sub{}'.format(i))
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]109 subscriber['identity']['account_num'] = str(account_num)
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]110 cls.subscriber_info = subscriber_info
111
112 with open(volt_tenant_cfg) as f:
113 volt_tenant_data = json.load(f)
114 volt_subscriber_info = volt_tenant_data['voltSubscriberInfo']
115 assert_equal(len(volt_subscriber_info), len(cls.subscriber_info))
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]116 for i in xrange(len(volt_subscriber_info)):
117 volt_subscriber = volt_subscriber_info[i]
118 account_num, s_tag, c_tag = cls.getSubscriberCredentials('sub{}'.format(i))
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]119 volt_subscriber['account_num'] = account_num
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]120 volt_subscriber['voltTenant']['s_tag'] = str(s_tag)
121 volt_subscriber['voltTenant']['c_tag'] = str(c_tag)
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]122 cls.volt_subscriber_info = volt_subscriber_info
123
124 sys.path.append(utils_path)
125 sys.path.append(framework_path)
126 from restApi import restApi
127 restApiXos = restApi()
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]128 xos_credentials = cls.getXosCredentials()
129 if xos_credentials is None:
130 restApiXos.controllerIP = cls.HEAD_NODE
131 restApiXos.controllerPort = '9000'
132 else:
133 restApiXos.controllerIP = xos_credentials['host']
134 restApiXos.controllerPort = xos_credentials['port']
135 restApiXos.user = xos_credentials['user']
136 restApiXos.password = xos_credentials['password']
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]137 cls.restApiXos = restApiXos
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]138
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]139 @classmethod
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame^]140 def closeVCPEAccess(cls, vcpes):
141 return
142 OnosCtrl.uninstall_app(cls.APP_NAME, onos_ip = cls.HEAD_NODE)
143
144 @classmethod
145 def openVCPEAccess(cls, vcpes):
146 """
147 This code works below to configure the leaf switch.
148 But it needs the olt_config.json to be modified to not overlap with existing/default vcpes.
149 That is to avoid overwriting the flows already provisioned for eg: for 222 vcpe.
150 (default and created on CiaB).
151 So returning for now with a no-op
152 """
153 return
154 OnosCtrl.install_app(cls.APP_FILE, onos_ip = cls.HEAD_NODE)
155 time.sleep(2)
156 s_tags = map(lambda vcpe: int(vcpe['s_tag']), vcpes)
157 devices = OnosCtrl.get_device_ids(controller = cls.HEAD_NODE)
158 device_config = {}
159 for device in devices:
160 device_config[device] = []
161 for s_tag in s_tags:
162 xconnect_config = {'vlan': s_tag, 'ports' : [ cls.FABRIC_PORT_HEAD_NODE, cls.FABRIC_PORT_COMPUTE_NODE ] }
163 device_config[device].append(xconnect_config)
164
165 cfg = { 'apps' : { 'org.ciena.xconnect' : { 'xconnectTestConfig' : device_config } } }
166 OnosCtrl.config(cfg, controller = cls.HEAD_NODE)
167
168 @classmethod
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]169 def setUpClass(cls):
170 cls.controllers = get_controllers()
171 cls.controller = cls.controllers[0]
172 cls.cli = None
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]173 cls.olt = OltConfig(olt_conf_file = cls.olt_conf_file)
174 cls.vcpes = cls.olt.get_vcpes()
175 cls.vcpes_dhcp = cls.olt.get_vcpes_by_type('dhcp')
176 vcpe_dhcp = None
177 vcpe_dhcp_stag = None
178 vcpe_container = None
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]179 cls.on_podd = running_on_podd()
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]180 #cache the first dhcp vcpe in the class for quick testing
181 if cls.vcpes_dhcp:
182 vcpe_container = 'vcpe-{}-{}'.format(cls.vcpes_dhcp[0]['s_tag'], cls.vcpes_dhcp[0]['c_tag'])
183 vcpe_dhcp = 'vcpe0.{}.{}'.format(cls.vcpes_dhcp[0]['s_tag'], cls.vcpes_dhcp[0]['c_tag'])
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]184 if cls.on_podd is False:
A R Karthick3d5ff792017-04-12 16:53:27 -0700[diff] [blame]185 vcpe_dhcp = 'vcpe0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]186 vcpe_dhcp_stag = 'vcpe0.{}'.format(cls.vcpes_dhcp[0]['s_tag'])
187 cls.vcpe_container = vcpe_container
188 cls.vcpe_dhcp = vcpe_dhcp
189 cls.vcpe_dhcp_stag = vcpe_dhcp_stag
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]190 VSGAccess.setUp()
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]191 cls.setUpCordApi()
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame^]192 if cls.on_podd is True:
193 cls.openVCPEAccess(cls.vcpes_dhcp)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]194
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]195 @classmethod
196 def tearDownClass(cls):
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]197 VSGAccess.tearDown()
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame^]198 if cls.on_podd is True:
199 cls.closeVCPEAccess(cls.vcpes_dhcp)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]200
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]201 def cliEnter(self, controller = None):
202 retries = 0
203 while retries < 30:
204 self.cli = OnosCliDriver(controller = controller, connect = True)
205 if self.cli.handle:
206 break
207 else:
208 retries += 1
209 time.sleep(2)
210
211 def cliExit(self):
212 self.cli.disconnect()
213
214 def onos_shutdown(self, controller = None):
215 status = True
216 self.cliEnter(controller = controller)
217 try:
218 self.cli.shutdown(timeout = 10)
219 except:
220 log.info('Graceful shutdown of ONOS failed for controller: %s' %controller)
221 status = False
222
223 self.cliExit()
224 return status
225
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]226 def log_set(self, level = None, app = 'org.onosproject'):
227 CordLogger.logSet(level = level, app = app, controllers = self.controllers, forced = True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]228
A R Karthick9a16a112017-04-07 15:40:05 -0700[diff] [blame]229 @classmethod
230 def get_dhcp(cls, vcpe, mgmt = 'eth0'):
231 """Get DHCP for vcpe interface saving management settings"""
232
233 def put_dhcp():
234 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
235
236 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
237 if vcpe_ip is not None:
238 cls.restore_methods.append(put_dhcp)
239 return vcpe_ip
240
241 @classmethod
242 def config_restore(cls):
243 """Restore the vsg test configuration on test case failures"""
244 for restore_method in cls.restore_methods:
245 restore_method()
246
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]247 def get_vsg_vcpe_pair(self):
248 vcpes = self.vcpes_dhcp
249 vcpe_containers = []
250 vsg_vcpe = {}
251 for vcp in vcpes:
252 vcpe_container = 'vcpe-{}-{}'.format(vcp['s_tag'], vcp['c_tag'])
253 vcpe_containers.append(vcpe_container)
254 vsg = VSGAccess.get_vcpe_vsg(vcpe_container)
255 vsg_vcpe[vcpe_container]=str(vsg.get_ip())
256 return vsg_vcpe
257
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]258 def get_vcpe_containers_and_interfaces(self):
259 vcpe_containers = {}
260 vcpe_interfaces = []
261 vcpes = self.vcpes_dhcp
262 count = 0
263 for vcpe in vcpes:
264 vcpe_intf = 'vcpe{}.{}.{}'.format(count,vcpe['s_tag'],vcpe['c_tag'])
265 vcpe_interfaces.append(vcpe_intf)
266 vcpe_container = 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag'])
267 vcpe_containers[vcpe_intf] = vcpe_container
268 count += 1
269 log.info('vcpe interfaces are %s'%vcpe_interfaces)
270 log.info('vcpe containers are %s'%vcpe_containers)
271 return vcpe_interfaces,vcpe_containers
272
273 def get_vcpe_interface_dhcp_ip(self,vcpe=None):
274 if not vcpe:
275 vcpe = self.vcpe_dhcp
276 st, _ = getstatusoutput('dhclient {}'.format(vcpe))
277 vcpe_ip = get_ip(vcpe)
278 return vcpe_ip
279
280 def release_vcpe_interface_dhcp_ip(self,vcpe=None):
281 if not vcpe:
282 vcpe = self.vcpe_dhcp
283 st, _ = getstatusoutput('dhclient {} -r'.format(vcpe))
284 vcpe_ip = get_ip(vcpe)
285 assert_equal(vcpe_ip, None)
286
287 def add_static_route_via_vcpe_interface(self, routes, vcpe=None,dhcp_ip=True):
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]288 if not vcpe:
289 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]290 if dhcp_ip:
291 os.system('dhclient '+vcpe)
292 time.sleep(1)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]293 for route in routes:
294 log.info('route is %s'%route)
295 cmd = 'ip route add ' + route + ' via 192.168.0.1 '+ 'dev ' + vcpe
296 cmds.append(cmd)
297 for cmd in cmds:
298 os.system(cmd)
299 return True
300
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]301 def del_static_route_via_vcpe_interface(self,routes,vcpe=None,dhcp_release=True):
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]302 if not vcpe:
303 vcpe = self.vcpe_dhcp
304 cmds = []
305 for route in routes:
306 cmd = 'ip route del ' + route + ' via 192.168.0.1 ' + 'dev ' + vcpe
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]307 os.system(cmd)
308 if dhcp_release:
309 os.system('dhclient '+vcpe+' -r')
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]310 return True
311
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]312 def test_vsg_multiple_subscribers_for_same_vcpe_instace(self):
313 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
314 for vcpe in vcpe_intfs:
315 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
316 assert_not_equal(vcpe_ip,None)
317 for vcpe in vcpe_intfs:
318 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
319
320 def test_vsg_multiple_subscribers_for_same_vcpe_instance_ping_to_external_connectivity(self):
321 host = '8.8.8.8'
322 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
323 for vcpe in vcpe_intfs:
324 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
325 assert_not_equal(vcpe_ip,None)
326 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe,dhcp_ip=False)
327 st, _ = getstatusoutput('ping -I {} -c 3 {}'.format(vcpe,host))
328 assert_equal(st, 0)
329 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe,dhcp_release=False)
330 for vcpe in vcpe_intfs:
331 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
332
333 def test_vsg_vcpe_interface_gets_dhcp_ip_after_interface_toggle(self):
334 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
335 for vcpe in vcpe_intfs:
336 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
337 assert_not_equal(vcpe_ip,None)
338 os.system('ifconfig {} down'.format(vcpe))
339 time.sleep(1)
340 os.system('ifconfig {} up'.format(vcpe))
341 time.sleep(1)
342 vcpe_ip2 = get_ip(vcpe)
343 assert_equal(vcpe_ip2,vcpe_ip)
344 for vcpe in vcpe_intfs:
345 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
346
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]347
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]348 def test_vsg_health(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]349 """
350 Algo:
351 1. Login to compute node VM
352 2. Get all vSGs
353 3. Ping to all vSGs
354 4. Verifying Ping success
355 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]356 status = True
357 if self.on_podd is True:
358 status = VSGAccess.health_check()
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]359 assert_equal(status, True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]360
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]361 def test_vsg_health_check(self, vsg_name='mysite_vsg-1', verify_status=True):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]362 """
363 Algo:
364 1. If vsg name not specified, Get vsg corresponding to vcpe
365 1. Login to compute mode VM
366 3. Ping to the vSG
367 4. Verifying Ping success
368 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]369 if self.on_podd is False:
370 return
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]371 if not vsg_name:
372 vcpe = self.vcpe_container
373 vsg = VSGAccess.get_vcpe_vsg(vcpe)
374 status = vsg.get_health()
375 assert_equal(status, verify_status)
376 else:
377 vsgs = VSGAccess.get_vsgs()
378 status = None
379 for vsg in vsgs:
380 if vsg.name == vsg_name:
381 status = vsg.get_health()
382 log.info('vsg health check status is %s'%status)
383 assert_equal(status,verify_status)
384
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]385 @deferred(TIMEOUT)
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]386 def test_vsg_for_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]387 """
388 Algo:
389 1. Get list of all compute nodes created using Openstack
390 2. Login to compute mode VM
391 3. Get all vSGs
392 4. Verifying atleast one compute node and one vSG created
393 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]394 df = defer.Deferred()
395 def vsg_for_vcpe_df(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]396 if self.on_podd is True:
397 vsgs = VSGAccess.get_vsgs()
398 compute_nodes = VSGAccess.get_compute_nodes()
399 time.sleep(14)
400 assert_not_equal(len(vsgs), 0)
401 assert_not_equal(len(compute_nodes), 0)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]402 df.callback(0)
403 reactor.callLater(0,vsg_for_vcpe_df,df)
404 return df
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]405
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]406 def test_vsg_for_login(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]407 """
408 Algo:
409 1. Login to compute node VM
410 2. Get all vSGs
411 3. Verifying login to vSG is success
412 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]413 if self.on_podd is False:
414 return
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]415 vsgs = VSGAccess.get_vsgs()
416 vsg_access_status = map(lambda vsg: vsg.check_access(), vsgs)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]417 status = filter(lambda st: st == False, vsg_access_status)
418 assert_equal(len(status), 0)
419
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]420 def test_vsg_for_default_route_through_testclient(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]421 """
422 Algo:
423 1. Login to head node
424 2. Verifying for default route in lxc test client
425 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]426 if self.on_podd is False:
427 return
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]428 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
429 cmd = "sudo lxc exec testclient -- route | grep default"
430 status, output = ssh_agent.run_cmd(cmd)
431 assert_equal(status, True)
432
433 def test_vsg_for_external_connectivity_through_testclient(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]434 """
435 Algo:
436 1. Login to head node
437 2. On head node, executing ping to 8.8.8.8 from lxc test client
438 3. Verifying for the ping success
439 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]440 if self.on_podd is False:
441 return
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]442 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
443 cmd = "lxc exec testclient -- ping -c 3 8.8.8.8"
444 status, output = ssh_agent.run_cmd(cmd)
445 assert_equal( status, True)
446
447 def test_vsg_for_external_connectivity(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]448 """
449 Algo:
450 1. Get dhcp IP to vcpe interface in cord-tester
451 2. Verifying vcpe interface gets dhcp IP
452 3. Ping to 8.8.8.8 and Verifying ping should success
453 4. Restoring management interface configuration in cord-tester
454 """
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]455 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]456 mgmt = 'eth0'
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]457 host = '8.8.8.8'
458 self.success = False
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]459 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]460 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]461 assert_not_equal(vcpe_ip, None)
462 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
463 log.info('Sending icmp echo requests to external network 8.8.8.8')
464 st, _ = getstatusoutput('ping -c 3 8.8.8.8')
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]465 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]466 assert_equal(st, 0)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]467
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]468 def test_vsg_for_external_connectivity_to_google(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]469 """
470 Algo:
471 1. Get dhcp IP to vcpe interface in cord-tester
472 2. Verifying vcpe interface gets dhcp IP
473 3. Ping to www.google.com and Verifying ping should success
474 4. Restoring management interface configuration in cord-tester
475 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]476 host = 'www.google.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]477 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]478 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]479 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]480 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]481 assert_not_equal(vcpe_ip, None)
482 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
483 log.info('Sending icmp ping requests to %s' %host)
484 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]485 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]486 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]487
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]488 def test_vsg_for_external_connectivity_to_invalid_host(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]489 """
490 Algo:
491 1. Get dhcp IP to vcpe interface in cord-tester
492 2. Verifying vcpe interface gets dhcp IP
493 3. Ping to www.goglee.com and Verifying ping should not success
494 4. Restoring management interface configuration in cord-tester
495 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]496 host = 'www.goglee.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]497 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]498 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]499 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]500 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]501 assert_not_equal(vcpe_ip, None)
502 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
503 log.info('Sending icmp ping requests to non existent host %s' %host)
504 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]505 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]506 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]507
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]508 def test_vsg_for_external_connectivity_with_ttl_1(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]509 """
510 Algo:
511 1. Get dhcp IP to vcpe interface in cord-tester
512 2. Verifying vcpe interface gets dhcp IP
513 3. Ping to 8.8.8.8 with ttl set to 1
514 4. Verifying ping should not success
515 5. Restoring management interface configuration in cord-tester
516 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]517 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]518 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]519 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]520 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]521 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]522 assert_not_equal(vcpe_ip, None)
523 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
524 log.info('Sending icmp ping requests to host %s with ttl 1' %host)
525 st, _ = getstatusoutput('ping -c 1 -t 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]526 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]527 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]528
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]529 def test_vsg_for_external_connectivity_with_wan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]530 """
531 Algo:
532 1. Get dhcp IP to vcpe interface in cord-tester
533 2. Verifying vcpe interface gets dhcp IP
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]534 3. Ping to 8.8.8.8 and Verifying ping succeeds
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]535 4. Now down the WAN interface of vcpe
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]536 5. Ping to 8.8.8.8 and Verifying ping fails
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]537 6. Now Up the WAN interface of vcpe
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]538 7. Ping to 8.8.8.8 and Verifying ping succeeds
539 8. Restoring management interface configuration in cord-tester
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]540 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]541 if self.on_podd is False:
542 return
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]543 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]544 mgmt = 'eth0'
545 vcpe = self.vcpe_container
546 assert_not_equal(vcpe, None)
547 assert_not_equal(self.vcpe_dhcp, None)
548 #first get dhcp on the vcpe interface
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]549 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
550 assert_not_equal(vcpe_ip, None)
551 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
552 log.info('Sending ICMP pings to host %s' %(host))
553 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
554 if st != 0:
555 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
556 assert_equal(st, 0)
557 #bring down the wan interface and check again
558 st = VSGAccess.vcpe_wan_down(vcpe)
559 if st is False:
560 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
561 assert_equal(st, True)
562 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
563 if st == 0:
564 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
565 assert_not_equal(st, 0)
566 st = VSGAccess.vcpe_wan_up(vcpe)
567 if st is False:
568 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
569 assert_equal(st, True)
570 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
571 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
572 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]573
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]574 def test_vsg_for_external_connectivity_with_lan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]575 """
576 Algo:
577 1. Get dhcp IP to vcpe interface in cord-tester
578 2. Verifying vcpe interface gets dhcp IP
579 3. Ping to 8.8.8.8 and Verifying ping should success
580 4. Now down the LAN interface of vcpe
581 5. Ping to 8.8.8.8 and Verifying ping should not success
582 6. Now Up the LAN interface of vcpe
583 7. Ping to 8.8.8.8 and Verifying ping should success
584 8. Restoring management interface configuration in cord-tester
585 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]586 if self.on_podd is False:
587 return
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]588 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]589 mgmt = 'eth0'
590 vcpe = self.vcpe_container
591 assert_not_equal(vcpe, None)
592 assert_not_equal(self.vcpe_dhcp, None)
593 #first get dhcp on the vcpe interface
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]594 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
595 assert_not_equal(vcpe_ip, None)
596 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
597 log.info('Sending ICMP pings to host %s' %(host))
598 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
599 if st != 0:
600 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
601 assert_equal(st, 0)
602 #bring down the lan interface and check again
603 st = VSGAccess.vcpe_lan_down(vcpe)
604 if st is False:
605 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
606 assert_equal(st, True)
607 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
608 if st == 0:
609 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
610 assert_not_equal(st, 0)
611 st = VSGAccess.vcpe_lan_up(vcpe)
612 if st is False:
613 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
614 assert_equal(st, True)
615 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
616 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
617 assert_equal(st, 0)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]618
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]619 @deferred(TIMEOUT)
620 def test_vsg_for_external_connectivity_with_vcpe_container_paused(self,vcpe_name=None,vcpe_intf=None):
621 """
622 Algo:
623 1. Get vSG corresponding to vcpe
624 2. Get dhcp ip to vcpe interface
625 3. Add static route to destination route in test container
626 4. From test container ping to destination route and verify ping success
627 5. Login to compute node and execute command to pause vcpe container
628 6. From test container ping to destination route and verify ping success
629 """
630 if not vcpe_name:
631 vcpe_name = self.vcpe_container
632 if not vcpe_intf:
633 vcpe_intf = self.vcpe_dhcp
634 df = defer.Deferred()
635 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]636 if self.on_podd is False:
637 df.callback(0)
638 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]639 host = '8.8.8.8'
640 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
641 try:
642 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
643 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
644 assert_equal(st, False)
645 st, _ = vsg.run_cmd('sudo docker pause {}'.format(vcpe_name))
646 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
647 assert_equal(st, False)
648 finally:
649 vsg.run_cmd('sudo docker unpause'.format(vcpe_name))
650 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
651 df.callback(0)
652 reactor.callLater(0, vcpe_firewall, df)
653 return df
654
655 @deferred(TIMEOUT)
656 def test_vsg_firewall_with_deny_destination_ip(self, vcpe_name=None, vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]657 """
658 Algo:
659 1. Get vSG corresponding to vcpe
660 2. Login to compute node
661 3. Execute iptable command on vcpe from compute node to deny a destination IP
662 4. From cord-tester ping to the denied IP address
663 5. Verifying that ping should not be successful
664 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]665 if not vcpe_name:
666 vcpe_name = self.vcpe_container
667 if not vcpe_intf:
668 vcpe_intf = self.vcpe_dhcp
669 df = defer.Deferred()
670 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]671 if self.on_podd is False:
672 df.callback(0)
673 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]674 host = '8.8.8.8'
675 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
676 try:
677 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
678 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
679 assert_equal(st, False)
680 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
681 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
682 assert_equal(st, True)
683 finally:
684 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
685 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
686 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
687 df.callback(0)
688 reactor.callLater(0, vcpe_firewall, df)
689 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]690
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]691 @deferred(TIMEOUT)
692 def test_vsg_firewall_with_rule_add_and_delete_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]693 """
694 Algo:
695 1. Get vSG corresponding to vcpe
696 2. Login to compute node
697 3. Execute iptable command on vcpe from compute node to deny a destination IP
698 4. From cord-tester ping to the denied IP address
699 5. Verifying that ping should not be successful
700 6. Delete the iptable rule in vcpe
701 7. From cord-tester ping to the denied IP address
702 8. Verifying the ping should success
703 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]704 if not vcpe_name:
705 vcpe_name = self.vcpe_container
706 if not vcpe_intf:
707 vcpe_intf = self.vcpe_dhcp
708 df = defer.Deferred()
709 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]710 if self.on_podd is False:
711 df.callback(0)
712 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]713 host = '8.8.8.8'
714 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
715 try:
716 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
717 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
718 assert_equal(st, False)
719 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
720 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
721 assert_equal(st, True)
722 st,_ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
723 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
724 assert_equal(st, False)
725 finally:
726 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
727 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
728 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
729 df.callback(0)
730 reactor.callLater(0, vcpe_firewall, df)
731 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]732
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]733 @deferred(TIMEOUT)
734 def test_vsg_firewall_verifying_reachability_for_non_blocked_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]735 """
736 Algo:
737 1. Get vSG corresponding to vcpe
738 2. Login to compute node
739 3. Execute iptable command on vcpe from compute node to deny a destination IP
740 4. From cord-tester ping to the denied IP address
741 5. Verifying that ping should not be successful
742 6. From cord-tester ping to the denied IP address other than the denied one
743 7. Verifying the ping should success
744 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]745 if not vcpe_name:
746 vcpe_name = self.vcpe_container
747 if not vcpe_intf:
748 vcpe_intf = self.vcpe_dhcp
749 df = defer.Deferred()
750 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]751 if self.on_podd is False:
752 df.callback(0)
753 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]754 host1 = '8.8.8.8'
755 host2 = '204.79.197.203'
756 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
757 try:
758 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
759 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
760 assert_equal(st, False)
761 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
762 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
763 assert_equal(st, True)
764 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
765 assert_equal(st,False)
766 finally:
767 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
768 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
769 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
770 df.callback(0)
771 reactor.callLater(0, vcpe_firewall, df)
772 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]773
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]774 @deferred(TIMEOUT)
775 def test_vsg_firewall_appending_rules_with_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]776 """
777 Algo:
778 1. Get vSG corresponding to vcpe
779 2. Login to compute node
780 3. Execute iptable command on vcpe from compute node to deny a destination IP1
781 4. From cord-tester ping to the denied IP address IP1
782 5. Verifying that ping should not be successful
783 6. Execute iptable command on vcpe from compute node to deny a destination IP2
784 6. From cord-tester ping to the denied IP address IP2
785 7. Verifying that ping should not be successful
786 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]787 if not vcpe_name:
788 vcpe_name = self.vcpe_container
789 if not vcpe_intf:
790 vcpe_intf = self.vcpe_dhcp
791 df = defer.Deferred()
792 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]793 if self.on_podd is False:
794 df.callback(0)
795 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]796 host1 = '8.8.8.8'
797 host2 = '204.79.197.203'
798 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
799 try:
800 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
801 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
802 assert_equal(st, False)
803 st,_ = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name))
804 time.sleep(2)
805 st,_ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
806 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
807 assert_equal(st, True)
808 st, out = getstatusoutput('ping -c 1 {}'.format(host2))
809 log.info('host2 ping output is %s'%out)
810 assert_equal(st, False)
811 st, _ = vsg.run_cmd('sudo docker exec {} iptables -A FORWARD -d {} -j DROP'.format(vcpe_name,host2))
812 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
813 assert_equal(st,True)
814 finally:
815 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
816 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
817 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
818 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
819 df.callback(0)
820 reactor.callLater(0, vcpe_firewall, df)
821 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]822
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]823 @deferred(TIMEOUT)
824 def test_vsg_firewall_removing_one_rule_denying_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]825 """
826 Algo:
827 1. Get vSG corresponding to vcpe
828 2. Login to compute node
829 3. Execute iptable command on vcpe from compute node to deny a destination IP1
830 4. Execute iptable command on vcpe from compute node to deny a destination IP2
831 5. From cord-tester ping to the denied IP address IP1
832 6. Verifying that ping should not be successful
833 7. From cord-tester ping to the denied IP address IP2
834 8. Verifying that ping should not be successful
835 9. Execute iptable command on vcpe from compute node to remove deny a destination IP2 rule
836 10. From cord-tester ping to the denied IP address IP2
837 11. Verifying the ping should success
838 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]839 if not vcpe_name:
840 vcpe_name = self.vcpe_container
841 if not vcpe_intf:
842 vcpe_intf = self.vcpe_dhcp
843 df = defer.Deferred()
844 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]845 if self.on_podd is False:
846 df.callback(0)
847 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]848 host1 = '8.8.8.8'
849 host2 = '204.79.197.203'
850 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
851 try:
852 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp)
853 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
854 assert_equal(st, False)
855 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
856 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host2))
857 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
858 assert_equal(st, True)
859 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
860 assert_equal(st,True)
861 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
862 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
863 assert_equal(st,False)
864 finally:
865 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
866 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
867 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
868 log.info('restarting vcpe container')
869 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
870 df.callback(0)
871 reactor.callLater(0, vcpe_firewall, df)
872 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]873
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]874 @deferred(TIMEOUT)
875 def test_vsg_firewall_changing_rule_id_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]876 """
877 Algo:
878 1. Get vSG corresponding to vcpe
879 2. Login to compute node
880 3. Execute iptable command on vcpe from compute node to deny a destination IP
881 5. From cord-tester ping to the denied IP address IP1
882 6. Verifying that ping should not be successful
883 9. Execute iptable command on vcpe from compute node to change the rule ID to 2 to deny the same destination IP
884 10. From cord-tester ping to the denied IP address IP
885 11. Verifying that ping should not be successful
886 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]887 if not vcpe_name:
888 vcpe_name = self.vcpe_container
889 if not vcpe_intf:
890 vcpe_intf = self.vcpe_dhcp
891 df = defer.Deferred()
892 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]893 if self.on_podd is False:
894 df.callback(0)
895 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]896 host = '8.8.8.8'
897 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
898 try:
899 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
900 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
901 assert_equal(st, False)
902 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
903 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
904 assert_equal(st, True)
905 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP '.format(vcpe_name,host))
906 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
907 assert_equal(st,True)
908 finally:
909 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
910 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
911 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
912 df.callback(0)
913 reactor.callLater(0, vcpe_firewall, df)
914 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]915
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]916 @deferred(TIMEOUT)
917 def test_vsg_firewall_changing_deny_rule_to_accept_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]918 """
919 Algo:
920 1. Get vSG corresponding to vcpe
921 2. Login to compute node
922 3. Execute iptable command on vcpe from compute node to deny a destination IP
923 5. From cord-tester ping to the denied IP address IP1
924 6. Verifying that ping should not be successful
925 9. Execute iptable command on vcpe from compute node to accept the same destination IP
926 10. From cord-tester ping to the accepted IP
927 11. Verifying the ping should success
928 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]929 if not vcpe_name:
930 vcpe_name = self.vcpe_container
931 if not vcpe_intf:
932 vcpe_intf = self.vcpe_dhcp
933 df = defer.Deferred()
934 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]935 if self.on_podd is False:
936 df.callback(0)
937 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]938 host = '8.8.8.8'
939 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
940 try:
941 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
942 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
943 assert_equal(st, False)
944 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
945 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
946 assert_equal(st, True)
947 st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -d {} -j ACCEPT'.format(vcpe_name,host))
948 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
949 assert_equal(st,False)
950 finally:
951 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
952 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j ACCEPT'.format(vcpe_name,host))
953 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
954 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
955 df.callback(0)
956 reactor.callLater(0, vcpe_firewall, df)
957 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]958
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]959 @deferred(TIMEOUT) #Fail
960 def test_vsg_firewall_denying_destination_network(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]961 """
962 Algo:
963 1. Get vSG corresponding to vcpe
964 2. Login to compute node
965 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet
966 4. From cord-tester ping to the denied IP address IP1 in the denied subnet
967 5. Verifying that ping should not be successful
968 6. From cord-tester ping to the denied IP address IP2 in the denied subnet
969 7. Verifying that ping should not be successful
970 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]971 if not vcpe_name:
972 vcpe_name = self.vcpe_container
973 if not vcpe_intf:
974 vcpe_intf = self.vcpe_dhcp
975 df = defer.Deferred()
976 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]977 if self.on_podd is False:
978 df.callback(0)
979 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]980 network = '204.79.197.192/28'
981 host1 = '204.79.197.203'
982 host2 = '204.79.197.210'
983 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
984 try:
985 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp)
986 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
987 assert_equal(st, False)
988 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network))
989 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
990 assert_equal(st, True)
991 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
992 assert_equal(st,False)
993 finally:
994 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network))
995 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
996 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
997 df.callback(0)
998 reactor.callLater(0, vcpe_firewall, df)
999 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1000
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1001 @deferred(TIMEOUT)
1002 def test_vsg_firewall_denying_destination_network_subnet_modification(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1003 """
1004 Algo:
1005 1. Get vSG corresponding to vcpe
1006 2. Login to compute node
1007 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet
1008 4. From cord-tester ping to the denied IP address IP1 in the denied subnet
1009 5. Verifying that ping should not be successful
1010 6. From cord-tester ping to the denied IP address IP2 in the denied subnet
1011 7. Verifying that ping should not be successful
1012 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1013 if not vcpe_name:
1014 vcpe_name = self.vcpe_container
1015 if not vcpe_intf:
1016 vcpe_intf = self.vcpe_dhcp
1017 df = defer.Deferred()
1018 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1019 if self.on_podd is False:
1020 df.callback(0)
1021 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1022 network1 = '204.79.197.192/28'
1023 network2 = '204.79.197.192/27'
1024 host1 = '204.79.197.203'
1025 host2 = '204.79.197.210'
1026 host3 = '204.79.197.224'
1027 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1028 try:
1029 self.add_static_route_via_vcpe_interface([host1,host2,host3],vcpe=self.vcpe_dhcp)
1030 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1031 assert_equal(st, False)
1032 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network1))
1033 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1034 assert_equal(st, True)
1035 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1036 assert_equal(st,False)
1037 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP'.format(vcpe_name,network2))
1038 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1039 assert_equal(st, True)
1040 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1041 assert_equal(st, True)
1042 st, _ = getstatusoutput('ping -c 1 {}'.format(host3))
1043 assert_equal(st, False)
1044 finally:
1045 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network1))
1046 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network2))
1047 self.del_static_route_via_vcpe_interface([host1,host2,host3],vcpe=vcpe_intf)
1048 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1049 df.callback(0)
1050 reactor.callLater(0, vcpe_firewall, df)
1051 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1052
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1053 @deferred(TIMEOUT)
1054 def test_vsg_firewall_with_deny_source_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1055 """
1056 Algo:
1057 1. Get vSG corresponding to vcpe
1058 2. Login to compute node
1059 3. Execute iptable command on vcpe from compute node to deny a source IP
1060 4. From cord-tester ping to 8.8.8.8 from the denied IP
1061 5. Verifying that ping should not be successful
1062 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1063 if not vcpe_name:
1064 vcpe_name = self.vcpe_container
1065 if not vcpe_intf:
1066 vcpe_intf = self.vcpe_dhcp
1067 df = defer.Deferred()
1068 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1069 if self.on_podd is False:
1070 df.callback(0)
1071 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1072 host = '8.8.8.8'
1073 #source_ip = get_ip(self.vcpe_dhcp)
1074 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1075 try:
1076 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1077 source_ip = get_ip(self.vcpe_dhcp)
1078 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1079 assert_equal(st, False)
1080 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1081 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1082 assert_equal(st, True)
1083 finally:
1084 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1085 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1086 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1087 df.callback(0)
1088 reactor.callLater(0, vcpe_firewall, df)
1089 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1090
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1091 @deferred(TIMEOUT)
1092 def test_vsg_firewall_rule_with_add_and_delete_deny_source_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1093 """
1094 Algo:
1095 1. Get vSG corresponding to vcpe
1096 2. Login to compute node
1097 3. Execute iptable command on vcpe from compute node to deny a source IP
1098 4. From cord-tester ping to 8.8.8.8 from the denied IP
1099 5. Verifying that ping should not be successful
1100 6. Delete the iptable rule in vcpe
1101 7. From cord-tester ping to 8.8.8.8 from the denied IP
1102 8. Verifying the ping should success
1103 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1104 if not vcpe_name:
1105 vcpe_name = self.vcpe_container
1106 if not vcpe_intf:
1107 vcpe_intf = self.vcpe_dhcp
1108 df = defer.Deferred()
1109 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1110 if self.on_podd is False:
1111 df.callback(0)
1112 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1113 host = '8.8.8.8'
1114 source_ip = get_ip(self.vcpe_dhcp)
1115 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1116 try:
1117 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1118 source_ip = get_ip(self.vcpe_dhcp)
1119 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1120 assert_equal(st, False)
1121 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1122 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1123 assert_equal(st, True)
1124 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1125 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1126 assert_equal(st, False)
1127 finally:
1128 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1129 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1130 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1131 df.callback(0)
1132 reactor.callLater(0, vcpe_firewall, df)
1133 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1134
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1135 @deferred(TIMEOUT)
1136 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_requests_type(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1137 """
1138 Algo:
1139 1. Get vSG corresponding to vcpe
1140 2. Login to compute node
1141 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets
1142 4. From cord-tester ping to 8.8.8.8
1143 5. Verifying that ping should not be successful
1144 6. Delete the iptable rule
1145 7. From cord-tester ping to 8.8.8.8
1146 8. Verifying the ping should success
1147 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1148 if not vcpe_name:
1149 vcpe_name = self.vcpe_container
1150 if not vcpe_intf:
1151 vcpe_intf = self.vcpe_dhcp
1152 df = defer.Deferred()
1153 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1154 if self.on_podd is False:
1155 df.callback(0)
1156 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1157 host = '8.8.8.8'
1158 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1159 try:
1160 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1161 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1162 assert_equal(st, False)
1163 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1164 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1165 assert_equal(st, True)
1166 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1167 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1168 assert_equal(st, False)
1169 finally:
1170 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1171 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1172 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1173 df.callback(0)
1174 reactor.callLater(0, vcpe_firewall, df)
1175 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1176
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1177 @deferred(TIMEOUT)
1178 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1179 """
1180 Algo:
1181 1. Get vSG corresponding to vcpe
1182 2. Login to compute node
1183 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets
1184 4. From cord-tester ping to 8.8.8.8
1185 5. Verifying that ping should not be successful
1186 6. Delete the iptable rule
1187 7. From cord-tester ping to 8.8.8.8
1188 8. Verifying the ping should success
1189 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1190 if not vcpe_name:
1191 vcpe_name = self.vcpe_container
1192 if not vcpe_intf:
1193 vcpe_intf = self.vcpe_dhcp
1194 df = defer.Deferred()
1195 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1196 if self.on_podd is False:
1197 df.callback(0)
1198 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1199 host = '8.8.8.8'
1200 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1201 try:
1202 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1203 st, _ = getstatusoutput('ping -c 1 {}'.format('8.8.8.8'))
1204 assert_equal(st, False)
1205 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1206 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1207 assert_equal(st, True)
1208 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1209 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1210 assert_equal(st,False)
1211 finally:
1212 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1213 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1214 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1215 df.callback(0)
1216 reactor.callLater(0, vcpe_firewall, df)
1217 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1218
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1219 @deferred(TIMEOUT)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1220 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_requests_type(self, vcpe_name=None, vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1221 """
1222 Algo:
1223 1. Get vSG corresponding to vcpe
1224 2. Login to compute node
1225 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets
1226 4. From cord-tester ping to 8.8.8.8
1227 5. Verifying that ping should not be successful
1228 6. Insert another rule to accept the icmp-echo requests protocol packets
1229 7. From cord-tester ping to 8.8.8.8
1230 8. Verifying the ping should success
1231 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1232 if not vcpe_name:
1233 vcpe_name = self.vcpe_container
1234 if not vcpe_intf:
1235 vcpe_intf = self.vcpe_dhcp
1236 df = defer.Deferred()
1237 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1238 if self.on_podd is False:
1239 df.callback(0)
1240 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1241 host = '8.8.8.8'
1242 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1243 try:
1244 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1245 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1246 assert_equal(st, False)
1247 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1248 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1249 assert_equal(st, True)
1250 st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name))
1251 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1252 assert_equal(st,False)
1253 finally:
1254 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1255 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name))
1256 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1257 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1258 df.callback(0)
1259 reactor.callLater(0, vcpe_firewall, df)
1260 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1261
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1262 @deferred(TIMEOUT)
1263 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None):
1264 """
1265 Algo:
1266 1. Get vSG corresponding to vcpe
1267 2. Login to compute node
1268 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets
1269 4. From cord-tester ping to 8.8.8.8
1270 5. Verifying the ping should not success
1271 6. Insert another rule to accept the icmp-echo requests protocol packets
1272 7. From cord-tester ping to 8.8.8.8
1273 8. Verifying the ping should success
1274 """
1275 if not vcpe_name:
1276 vcpe_name = self.vcpe_container
1277 if not vcpe_intf:
1278 vcpe_intf = self.vcpe_dhcp
1279 df = defer.Deferred()
1280 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1281 if self.on_podd is False:
1282 df.callback(0)
1283 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1284 host = '8.8.8.8'
1285 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1286 try:
1287 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1288 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1289 assert_equal(st, False)
1290 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1291 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1292 assert_equal(st, True)
1293 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name))
1294 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1295 assert_equal(st,False)
1296 finally:
1297 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1298 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name))
1299 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1300 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1301 df.callback(0)
1302 reactor.callLater(0, vcpe_firewall, df)
1303 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1304
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1305 @deferred(TIMEOUT)
1306 def test_vsg_firewall_for_deny_icmp_protocol(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1307 """
1308 Algo:
1309 1. Get vSG corresponding to vcpe
1310 2. Login to compute node
1311 3. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1312 4. From cord-tester ping to 8.8.8.8
1313 5. Verifying that ping should not be successful
1314 6. Delete the iptable rule
1315 7. From cord-tester ping to 8.8.8.8
1316 8. Verifying the ping should success
1317 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1318 if not vcpe_name:
1319 vcpe_name = self.vcpe_container
1320 if not vcpe_intf:
1321 vcpe_intf = self.vcpe_dhcp
1322 df = defer.Deferred()
1323 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1324 if self.on_podd is False:
1325 df.callback(0)
1326 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1327 host = '8.8.8.8'
1328 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1329 try:
1330 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1331 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1332 assert_equal(st, False)
1333 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1334 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1335 assert_equal(st, True)
1336 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1337 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1338 assert_equal(st,False)
1339 finally:
1340 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1341 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1342 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1343 df.callback(0)
1344 reactor.callLater(0, vcpe_firewall, df)
1345 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1346
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1347 @deferred(TIMEOUT)
1348 def test_vsg_firewall_rule_deny_icmp_protocol_and_destination_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1349 """
1350 Algo:
1351 1. Get vSG corresponding to vcpe
1352 2. Login to compute node
1353 3. Execute iptable command on vcpe from compute node to deny a destination IP
1354 4. From cord-tester ping to 8.8.8.8
1355 5. Verifying that ping should not be successful
1356 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1357 7. From cord-tester ping to 8.8.8.8
1358 8. Verifying the ping should success
1359 9. Delete the rule added in step 3
1360 10. From cord-tester ping to 8.8.8.8
1361 11. Verifying that ping should not be successful
1362 12. Delete the rule added in step 6
1363 13. From cord-tester ping to 8.8.8.8
1364 14. Verifying the ping should success
1365 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1366 if not vcpe_name:
1367 vcpe_name = self.vcpe_container
1368 if not vcpe_intf:
1369 vcpe_intf = self.vcpe_dhcp
1370 df = defer.Deferred()
1371 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1372 if self.on_podd is False:
1373 df.callback(0)
1374 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1375 host = '8.8.8.8'
1376 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1377 try:
1378 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1379 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1380 assert_equal(st, False)
1381 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1382 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1383 assert_equal(st, True)
1384 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1385 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1386 assert_equal(st, True)
1387 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1388 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1389 assert_equal(st, True)
1390 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1391 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1392 assert_equal(st,False)
1393 finally:
1394 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1395 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1396 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1397 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1398 df.callback(0)
1399 reactor.callLater(0, vcpe_firewall, df)
1400 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1401
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1402 @deferred(TIMEOUT) #Fail
1403 def test_vsg_firewall_flushing_all_configured_rules(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1404 """
1405 Algo:
1406 1. Get vSG corresponding to vcpe
1407 2. Login to compute node
1408 3. Execute iptable command on vcpe from compute node to deny a destination IP
1409 4. From cord-tester ping to 8.8.8.8
1410 5. Verifying that ping should not be successful
1411 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1412 7. From cord-tester ping to 8.8.8.8
1413 8. Verifying the ping should success
1414 9. Flush all the iptable rules configuraed in vcpe
1415 10. Delete the rule added in step 6
1416 11. From cord-tester ping to 8.8.8.8
1417 12. Verifying the ping should success
1418 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1419 if not vcpe_name:
1420 vcpe_name = self.vcpe_container
1421 if not vcpe_intf:
1422 vcpe_intf = self.vcpe_dhcp
1423 df = defer.Deferred()
1424 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1425 if self.on_podd is False:
1426 df.callback(0)
1427 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1428 host = '8.8.8.8'
1429 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1430 try:
1431 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1432 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1433 assert_equal(st, False)
1434 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1435 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1436 assert_equal(st, True)
1437 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1438 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1439 assert_equal(st, True)
1440 st,output = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name))
1441 time.sleep(1)
1442 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1443 assert_equal(st, False)
1444 finally:
1445 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1446 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1447 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1448 df.callback(0)
1449 reactor.callLater(0, vcpe_firewall, df)
1450 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1451
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1452 @deferred(TIMEOUT)
1453 def test_vsg_firewall_deny_all_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1454 """
1455 Algo:
1456 1. Get vSG corresponding to vcpe
1457 2. Login to compute node
1458 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic
1459 4. From cord-tester ping to 8.8.8.8
1460 5. Verifying that ping should not be successful
1461 6. Delete the iptable rule added
1462 7. From cord-tester ping to 8.8.8.8
1463 8. Verifying the ping should success
1464 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1465 if not vcpe_name:
1466 vcpe_name = self.vcpe_container
1467 if not vcpe_intf:
1468 vcpe_intf = self.vcpe_dhcp
1469 df = defer.Deferred()
1470 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1471 if self.on_podd is False:
1472 df.callback(0)
1473 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1474 host = '8.8.8.8'
1475 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1476 try:
1477 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1478 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1479 assert_equal(st, False)
1480 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1481 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1482 assert_equal(st, True)
1483 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1484 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1485 assert_equal(st, False)
1486 finally:
1487 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1488 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1489 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1490 df.callback(0)
1491 reactor.callLater(0, vcpe_firewall, df)
1492 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1493
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1494 @deferred(TIMEOUT)
1495 def test_vsg_firewall_replacing_deny_rule_to_accept_rule_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1496 """
1497 Algo:
1498 1. Get vSG corresponding to vcpe
1499 2. Login to compute node
1500 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic
1501 4. From cord-tester ping to 8.8.8.8
1502 5. Verifying that ping should not be successful
1503 6. Replace the deny rule added in step 3 with accept rule
1504 7. From cord-tester ping to 8.8.8.8
1505 8. Verifying the ping should success
1506 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1507 if not vcpe_name:
1508 vcpe_name = self.vcpe_container
1509 if not vcpe_intf:
1510 vcpe_intf = self.vcpe_dhcp
1511 df = defer.Deferred()
1512 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1513 if self.on_podd is False:
1514 df.callback(0)
1515 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1516 host = '8.8.8.8'
1517 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1518 try:
1519 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1520 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1521 assert_equal(st, False)
1522 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1523 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1524 assert_equal(st, True)
1525 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -4 -j ACCEPT'.format(vcpe_name))
1526 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1527 assert_equal(st, False)
1528 finally:
1529 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1530 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1531 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1532 df.callback(0)
1533 reactor.callLater(0, vcpe_firewall, df)
1534 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1535
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1536 @deferred(TIMEOUT)
1537 def test_vsg_firewall_deny_all_traffic_coming_on_lan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
1538 """
1539 Algo:
1540 1. Get vSG corresponding to vcpe
1541 2. Login to compute node
1542 3. Execute iptable command on vcpe from compute node to deny all the traffic coming on lan interface inside vcpe container
1543 4. From cord-tester ping to 8.8.8.8
1544 5. Verifying the ping should not success
1545 6. Delete the iptable rule added
1546 7. From cord-tester ping to 8.8.8.8
1547 8. Verifying the ping should success
1548 """
1549 if not vcpe_name:
1550 vcpe_name = self.vcpe_container
1551 if not vcpe_intf:
1552 vcpe_intf = self.vcpe_dhcp
1553 df = defer.Deferred()
1554 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1555 if self.on_podd is False:
1556 df.callback(0)
1557 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1558 host = '8.8.8.8'
1559 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1560 try:
1561 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1562 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1563 assert_equal(st, False)
1564 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -j DROP'.format(vcpe_name))
1565 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1566 assert_equal(st, True)
1567 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name))
1568 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1569 assert_equal(st, False)
1570 finally:
1571 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name))
1572 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1573 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1574 df.callback(0)
1575 reactor.callLater(0, vcpe_firewall, df)
1576 return df
1577
1578 @deferred(TIMEOUT)
1579 def test_vsg_firewall_deny_all_traffic_going_out_of_wan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
1580 """
1581 Algo:
1582 1. Get vSG corresponding to vcpe
1583 2. Login to compute node
1584 3. Execute iptable command on vcpe from compute node to deny all the traffic going out of wan interface inside vcpe container
1585 4. From cord-tester ping to 8.8.8.8
1586 5. Verifying the ping should not success
1587 6. Delete the iptable rule added
1588 7. From cord-tester ping to 8.8.8.8
1589 8. Verifying the ping should success
1590 """
1591 if not vcpe_name:
1592 vcpe_name = self.vcpe_container
1593 if not vcpe_intf:
1594 vcpe_intf = self.vcpe_dhcp
1595 df = defer.Deferred()
1596 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1597 if self.on_podd is False:
1598 df.callback(0)
1599 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1600 host = '8.8.8.8'
1601 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1602 try:
1603 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1604 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1605 assert_equal(st, False)
1606 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -o eth0 -j DROP'.format(vcpe_name))
1607 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1608 assert_equal(st, True)
1609 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name))
1610 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1611 assert_equal(st, False)
1612 finally:
1613 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name))
1614 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1615 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1616 df.callback(0)
1617 reactor.callLater(0, vcpe_firewall, df)
1618 return df
1619
1620 @deferred(TIMEOUT)
1621 def test_vsg_firewall_deny_all_traffic_from_lan_to_wan_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1622 """
1623 Algo:
1624 1. Get vSG corresponding to vcpe
1625 2. Login to compute node
1626 3. Execute iptable command on vcpe from compute node to deny all the traffic from lan to wan interface in vcpe
1627 4. From cord-tester ping to 8.8.8.8
1628 5. Verifying that ping should not be successful
1629 6. Delete the iptable rule added
1630 7. From cord-tester ping to 8.8.8.8
1631 8. Verifying the ping should success
1632 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1633 if not vcpe_name:
1634 vcpe_name = self.vcpe_container
1635 if not vcpe_intf:
1636 vcpe_intf = self.vcpe_dhcp
1637 df = defer.Deferred()
1638 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1639 if self.on_podd is False:
1640 df.callback(0)
1641 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1642 host = '8.8.8.8'
1643 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1644 try:
1645 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1646 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1647 assert_equal(st, False)
1648 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1649 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1650 assert_equal(st, True)
1651 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1652 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1653 assert_equal(st, False)
1654 finally:
1655 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1656 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1657 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1658 df.callback(0)
1659 reactor.callLater(0, vcpe_firewall, df)
1660 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1661
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1662
1663 #this test case needs modification.default route should be vcpe interface to run this test case
1664 @deferred(TIMEOUT)
1665 def test_vsg_firewall_deny_all_dns_traffic(self,vcpe_name=None,vcpe_intf=None):
1666 """
1667 Algo:
1668 1. Get vSG corresponding to vcpe
1669 2. Login to compute node
1670 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1671 4. From cord-tester ping to www.google.com
1672 5. Verifying the ping should not success
1673 6. Delete the iptable rule added
1674 7. From cord-tester ping to www.google.com
1675 8. Verifying the ping should success
1676 """
1677 if not vcpe_name:
1678 vcpe_name = self.vcpe_container
1679 if not vcpe_intf:
1680 vcpe_intf = self.vcpe_dhcp
1681 df = defer.Deferred()
1682 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1683 if self.on_podd is False:
1684 df.callback(0)
1685 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1686 host = 'www.msn.com'
1687 host_ip = '131.253.33.203'
1688 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1689 try:
1690 self.add_static_route_via_vcpe_interface([host_ip],vcpe=self.vcpe_dhcp)
1691 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1692 assert_equal(st, False)
1693 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name))
1694 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1695 assert_equal(st, True)
1696 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p udp --dport 53 -j ACCEPT'.format(vcpe_name))
1697 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1698 assert_equal(st, False)
1699 finally:
1700 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name))
1701 self.del_static_route_via_vcpe_interface([host_ip],vcpe=vcpe_intf)
1702 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1703 df.callback(0)
1704 reactor.callLater(0, vcpe_firewall, df)
1705 return df
1706
1707 @deferred(TIMEOUT)
1708 def test_vsg_firewall_deny_all_ipv4_traffic_vcpe_container_restart(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1709 """
1710 Algo:
1711 1. Get vSG corresponding to vcpe
1712 2. Login to compute node
1713 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1714 4. From cord-tester ping to www.google.com
1715 5. Verifying that ping should not be successful
1716 6. Delete the iptable rule added
1717 7. From cord-tester ping to www.google.com
1718 8. Verifying the ping should success
1719 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1720 if not vcpe_name:
1721 vcpe_name = self.vcpe_container
1722 if not vcpe_intf:
1723 vcpe_intf = self.vcpe_dhcp
1724 df = defer.Deferred()
1725 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1726 if self.on_podd is False:
1727 df.callback(0)
1728 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1729 host = '8.8.8.8'
1730 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1731 try:
1732 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1733 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1734 assert_equal(st, False)
1735 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1736 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1737 assert_equal(st, True)
1738 st,output = vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1739 time.sleep(3)
1740 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1741 assert_equal(st, False)
1742 finally:
1743 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1744 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1745 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1746 df.callback(0)
1747 reactor.callLater(0, vcpe_firewall, df)
1748 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1749
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1750 @deferred(TIMEOUT)
1751 def test_vsg_dnat_modifying_destination_ip(self,vcpe_name=None,vcpe_intf=None):
1752 """
1753 Algo:
1754 1. Get vSG corresponding to vcpe
1755 2. Login to compute node
1756 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1757 4. From cord-tester ping to www.google.com
1758 5. Verifying the ping should not success
1759 6. Delete the iptable rule added
1760 7. From cord-tester ping to www.google.com
1761 8. Verifying the ping should success
1762 """
1763 if not vcpe_name:
1764 vcpe_name = self.vcpe_container
1765 if not vcpe_intf:
1766 vcpe_intf = self.vcpe_dhcp
1767 df = defer.Deferred()
1768 def vcpe_firewall(df):
1769 host = '8.8.8.8'
1770 dst_ip = '123.123.123.123'
1771 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1772 try:
1773 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1774 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1775 assert_equal(st, False)
1776 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1777 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1778 assert_equal(st, True)
1779 finally:
1780 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1781 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1782 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1783 df.callback(0)
1784 reactor.callLater(0,vcpe_firewall,df)
1785 return df
1786
1787 @deferred(TIMEOUT)
1788 def test_vsg_dnat_modifying_destination_ip_and_delete(self,vcpe_name=None,vcpe_intf=None):
1789 """
1790 Algo:
1791 1. Get vSG corresponding to vcpe
1792 2. Login to compute node
1793 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1794 4. From cord-tester ping to www.google.com
1795 5. Verifying the ping should not success
1796 6. Delete the iptable rule added
1797 7. From cord-tester ping to www.google.com
1798 8. Verifying the ping should success
1799 """
1800 if not vcpe_name:
1801 vcpe_name = self.vcpe_container
1802 if not vcpe_intf:
1803 vcpe_intf = self.vcpe_dhcp
1804 df = defer.Deferred()
1805 def vcpe_firewall(df):
1806 host = '8.8.8.8'
1807 dst_ip = '123.123.123.123'
1808 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1809 try:
1810 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1811 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1812 assert_equal(st, False)
1813 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1814 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1815 assert_equal(st, True)
1816 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1817 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1818 assert_equal(st, False)
1819 finally:
1820 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1821 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1822 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1823 df.callback(0)
1824 reactor.callLater(0,vcpe_firewall,df)
1825 return df
1826
1827 @deferred(TIMEOUT)
1828 def test_vsg_dnat_change_modifying_destination_ip_address(self,vcpe_name=None,vcpe_intf=None):
1829 """
1830 Algo:
1831 1. Get vSG corresponding to vcpe
1832 2. Login to compute node
1833 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1834 4. From cord-tester ping to www.google.com
1835 5. Verifying the ping should not success
1836 6. Delete the iptable rule added
1837 7. From cord-tester ping to www.google.com
1838 8. Verifying the ping should success
1839 """
1840 if not vcpe_name:
1841 vcpe_name = self.vcpe_container
1842 if not vcpe_intf:
1843 vcpe_intf = self.vcpe_dhcp
1844 df = defer.Deferred()
1845 def vcpe_firewall(df):
1846 host = '8.8.8.8'
1847 dst_ip = '123.123.123.123'
1848 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1849 try:
1850 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1851 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1852 assert_equal(st, False)
1853 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1854 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1855 assert_equal(st, True)
1856 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -R PREROUTING 1 -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,host))
1857 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1858 assert_equal(st, False)
1859 finally:
1860 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1861 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,host))
1862 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1863 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1864 df.callback(0)
1865 reactor.callLater(0,vcpe_firewall,df)
1866 return df
1867
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]1868 def test_vsg_xos_subscriber(self):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1869 if self.on_podd is False:
1870 return
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]1871 subscriber_info = self.subscriber_info[0]
1872 volt_subscriber_info = self.volt_subscriber_info[0]
1873 result = self.restApiXos.ApiPost('TENANT_SUBSCRIBER', subscriber_info)
1874 assert_equal(result, True)
1875 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
1876 assert_not_equal(result, None)
1877 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
1878 assert_not_equal(subId, '0')
1879 log.info('Subscriber ID for account num %d = %s' %(volt_subscriber_info['account_num'], subId))
1880 volt_tenant = volt_subscriber_info['voltTenant']
1881 #update the subscriber id in the tenant info before making the rest
1882 volt_tenant['subscriber'] = subId
1883 result = self.restApiXos.ApiPost('TENANT_VOLT', volt_tenant)
1884 assert_equal(result, True)
1885
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]1886 def test_vsg_for_dns_service(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1887 """
1888 Algo:
1889 1. Create a test client in Prod VM
1890 2. Create a vCPE container in vSG VM inside compute Node
1891 3. Ensure vSG VM and vCPE container created properly
1892 4. Enable dns service in vCPE ( if not by default )
1893 5. Send ping request from test client to valid domain address say, 'www.google'com
1894 6. Verify that dns should resolve ping should success
1895 7. Now send ping request to invalid domain address say 'www.invalidaddress'.com'
1896 8. Verify that dns resolve should fail and hence ping
1897 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1898
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1899 def test_vsg_for_10_subscribers_for_same_service(self):
1900 """
1901 Algo:
1902 1.Create a vSG VM in compute node
1903 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
1904 3.Ensure vSG VM and vCPE container created properly
1905 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to valid external public IP
1906 5.Verify that ping success for all 10 subscribers
1907 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1908
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1909 def test_vsg_for_10_subscribers_for_same_service_ping_invalid_ip(self):
1910 """
1911 Algo:
1912 1.Create a vSG VM in compute Node
1913 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
1914 3.Ensure vSG VM and vCPE container created properly
1915 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to invalid IP
1916 5.Verify that ping fails for all 10 subscribers
1917 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1918
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1919 def test_vsg_for_10_subscribers_for_same_service_ping_valid_and_invalid_ip(self):
1920 """
1921 Algo:
1922 1.Create a vSG VM in VM
1923 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
1924 3.Ensure vSG VM and vCPE container created properly
1925 4.From first 5 subscribers, with same s-tag and different c-tag, send a ping to valid IP
1926 5.Verify that ping success for all 5 subscribers
1927 6.From next 5 subscribers, with same s-tag and different c-tag, send a ping to invalid IP
1928 7.Verify that ping fails for all 5 subscribers
1929 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1930
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1931 def test_vsg_for_100_subscribers_for_same_service(self):
1932 """
1933 Algo:
1934 1.Create a vSG VM in compute node
1935 2.Create 100 vCPE containers for 100 subscribers, in vSG VM
1936 3.Ensure vSG VM and vCPE container created properly
1937 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to valid external public IP
1938 5.Verify that ping success for all 100 subscribers
1939 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1940
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1941 def test_vsg_for_100_subscribers_for_same_service_ping_invalid_ip(self):
1942 """
1943 Algo:
1944 1.Create a vSG VM in compute Node
1945 2.Create 10 vCPE containers for 100 subscribers, in vSG VM
1946 3.Ensure vSG VM and vCPE container created properly
1947 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to invalid IP
1948 5.Verify that ping fails for all 100 subscribers
1949 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1950
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1951 def test_vsg_for_100_subscribers_for_same_service_ping_valid_and_invalid_ip(self):
1952 """
1953 Algo:
1954 1.Create a vSG VM in VM
1955 2.Create 10 vCPE containers for 100 subscribers, in vSG VM
1956 3.Ensure vSG VM and vCPE container created properly
1957 4.From first 5 subscribers, with same s-tag and different c-tag, send a ping to valid IP
1958 5.Verify that ping success for all 5 subscribers
1959 6.From next 5 subscribers, with same s-tag and different c-tag, send a ping to invalid IP
1960 7.Verify that ping fails for all 5 subscribers
1961 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1962
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1963 def test_vsg_for_packet_received_with_invalid_ip_fields(self):
1964 """
1965 Algo:
1966 1.Create a vSG VM in compute node
1967 2.Create a vCPE container in vSG VM
1968 3.Ensure vSG VM and vCPE container created properly
1969 4.From subscriber, send a ping packet with invalid ip fields
1970 5.Verify that vSG drops the packet
1971 6.Verify ping fails
1972 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1973
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1974 def test_vsg_for_packet_received_with_invalid_mac_fields(self):
1975 """
1976 Algo:
1977 1.Create a vSG VM in compute node
1978 2.Create a vCPE container in vSG VM
1979 3.Ensure vSG VM and vCPE container created properly
1980 4.From subscriber, send a ping packet with invalid mac fields
1981 5.Verify that vSG drops the packet
1982 6.Verify ping fails
1983 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1984
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1985 def test_vsg_for_vlan_id_mismatch_in_stag(self):
1986 """
1987 Algo:
1988 1.Create a vSG VM in compute Node
1989 2.Create a vCPE container in vSG VM
1990 3.Ensure vSG VM and vCPE container created properly
1991 4.Send a ping request to external valid IP from subscriber, with incorrect vlan id in s-tag and valid c-tag
1992 5.Verify that ping fails as the packet drops at VM entry
1993 6.Repeat step 4 with correct s-tag
1994 7.Verify that ping success
1995 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1996
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1997 def test_vsg_for_vlan_id_mismatch_in_ctag(self):
1998 """
1999 Algo:
2000 1.Create a vSG VM in compute node
2001 2.Create a vCPE container in vSG VM
2002 3.Ensure vSG VM and vCPE container created properly
2003 4.Send a ping request to external valid IP from subscriber, with valid s-tag and incorrect vlan id in c-tag
2004 5.Verify that ping fails as the packet drops at vCPE container entry
2005 6.Repeat step 4 with valid s-tag and c-tag
2006 7.Verify that ping success
2007 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2008
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2009 def test_vsg_for_matching_and_mismatching_vlan_id_in_stag(self):
2010 """
2011 Algo:
2012 1.Create two vSG VMs in compute node
2013 2.Create a vCPE container in each vSG VM
2014 3.Ensure vSG VM and vCPE container created properly
2015 4.From subscriber one, send ping request with valid s and c tags
2016 5.From subscriber two, send ping request with vlan id mismatch in s-tag and valid c tags
2017 6.Verify that ping success for only subscriber one and fails for two.
2018 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2019
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2020 def test_vsg_for_matching_and_mismatching_vlan_id_in_ctag(self):
2021 """
2022 Algo:
2023 1.Create a vSG VM in compute node
2024 2.Create two vCPE containers in vSG VM
2025 3.Ensure vSG VM and vCPE container created properly
2026 4.From subscriber one, send ping request with valid s and c tags
2027 5.From subscriber two, send ping request with valid s-tag and vlan id mismatch in c-tag
2028 6.Verify that ping success for only subscriber one and fails for two
2029 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2030
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2031 def test_vsg_for_out_of_range_vlanid_in_ctag(self):
2032 """
2033 Algo:
2034 1.Create a vSG VM in compute node
2035 2.Create a vCPE container in vSG VM
2036 3.Ensure vSG VM and vCPE container created properly
2037 4.From subscriber, send ping request with valid stag and vlan id in c-tag is an out of range value ( like 0,4097 )
2038 4.Verify that ping fails as the ping packets drops at vCPE container entry
2039 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2040
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2041 def test_vsg_for_out_of_range_vlanid_in_stag(self):
2042 """
2043 Algo:
2044 1.Create a vSG VM in compute node
2045 2.Create a vCPE container in vSG VM
2046 3.Ensure vSG VM and vCPE container created properly
2047 2.From subscriber, send ping request with vlan id in s-tag is an out of range value ( like 0,4097 ), with valid c-tag
2048 4.Verify that ping fails as the ping packets drops at vSG VM entry
2049 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2050
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2051 def test_vsg_without_creating_vcpe_instance(self):
2052 """
2053 Algo:
2054 1.Create a vSG VM in compute Node
2055 2.Ensure vSG VM created properly
2056 3.Do not create vCPE container inside vSG VM
2057 4.From a subscriber, send ping to external valid IP
2058 5.Verify that ping fails as the ping packet drops at vSG VM entry itself.
2059 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2060
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2061 def test_vsg_for_remove_vcpe_instance(self):
2062 """
2063 Algo:
2064 1.Create a vSG VM in compute node
2065 2.Create a vCPE container in vSG VM
2066 3.Ensure vSG VM and vCPE container created properly
2067 4.From subscriber, send ping request with valid s-tag and c-tag
2068 5.Verify that ping success
2069 6.Verify ping success flows in OvS switch in compute node
2070 7.Now remove the vCPE container in vSG VM
2071 8.Ensure that the container removed properly
2072 9.Repeat step 4
2073 10.Verify that now, ping fails
2074 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2075
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2076 def test_vsg_for_restart_vcpe_instance(self):
2077 """
2078 Algo:
2079 1.Create a vSG VM in compute node
2080 2.Create a vCPE container in vSG VM
2081 3.Ensure vSG VM and vCPE container created properly
2082 4.From subscriber, send ping request with valid s-tag and c-tag
2083 5.Verify that ping success
2084 6.Verify ping success flows in OvS switch in compute node
2085 7.Now restart the vCPE container in vSG VM
2086 8.Ensure that the container came up after restart
2087 9.Repeat step 4
2088 10.Verify that now,ping gets success and flows added in OvS
2089 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2090
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2091 def test_vsg_for_restart_vsg_vm(self):
2092 """
2093 Algo:
2094 1.Create a vSG VM in compute node
2095 2.Create a vCPE container in vSG VM
2096 3.Ensure vSG VM and vCPE container created properly
2097 4.From subscriber, send ping request with valid s-tag and c-tag
2098 5.Verify that ping success
2099 6.Verify ping success flows in OvS switch in compute node
2100 7.Now restart the vSG VM
2101 8.Ensure that the vSG comes up properly after restart
2102 9.Verify that vCPE container comes up after vSG restart
2103 10.Repeat step 4
2104 11.Verify that now,ping gets success and flows added in OvS
2105 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2106
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2107 def test_vsg_for_pause_vcpe_instance(self):
2108 """
2109 Algo:
2110 1.Create a vSG VM in compute node
2111 2.Create a vCPE container in vSG VM
2112 3.Ensure vSG VM and vCPE container created properly
2113 4.From subscriber, send ping request with valid s-tag and c-tag
2114 5.Verify that ping success
2115 6.Verify ping success flows in OvS switch in compute node
2116 7.Now pause vCPE container in vSG VM for a while
2117 8.Ensure that the container state is pause
2118 9.Repeat step 4
2119 10.Verify that now,ping fails now and verify flows in OvS
2120 11.Now resume the container
2121 12.Now repeat step 4 again
2122 13.Verify that now, ping gets success
2123 14.Verify ping success flows in OvS
2124 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2125
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2126 def test_vsg_for_extract_all_compute_stats_from_all_vcpe_containers(self):
2127 """
2128 Algo:
2129 1.Create a vSG VM in compute node
2130 2.Create 10 vCPE containers in VM
2131 3.Ensure vSG VM and vCPE containers created properly
2132 4.Login to all vCPE containers
2133 4.Get all compute stats from all vCPE containers
2134 5.Verify the stats # verification method need to add
2135 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2136
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2137 def test_vsg_for_extract_dns_stats_from_all_vcpe_containers(self):
2138 """
2139 Algo:
2140 1.Create a vSG VM in compute node
2141 2.Create 10 vCPE containers in VM
2142 3.Ensure vSG VM and vCPE containers created properly
2143 4.From 10 subscribers, send ping to valid and invalid dns hosts
2144 5.Verify dns resolves and ping success for valid dns hosts
2145 6.Verify ping fails for invalid dns hosts
2146 7.Verify dns host name resolve flows in OvS
2147 8.Login to all 10 vCPE containers
2148 9.Extract all dns stats
2149 10.Verify dns stats for queries sent, queries received for dns host resolve success and failed scenarios
2150 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2151
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2152 def test_vsg_for_subscriber_access_two_vsg_services(self):
2153 """
2154 # Intention is to verify if subscriber can reach internet via two vSG VMs
2155 Algo:
2156 1.Create two vSG VMs for two services in compute node
2157 2.Create one vCPE container in each VM for one subscriber
2158 3.Ensure VMs and containers created properly
2159 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2160 5.Verify ping gets success
2161 6.Verify ping success flows in OvS
2162 7.Now repeat step 4 with stag corresponds to vSG-2 VM
2163 8.Verify that ping again success
2164 9.Verify ping success flows in OvS
2165 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2166
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2167 def test_vsg_for_subscriber_access_service2_if_service1_goes_down(self):
2168 """
2169 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
2170 Algo:
2171 1.Create two vSG VMs for two services in compute node
2172 2.Create one vCPE container in each VM for one subscriber
2173 3.Ensure VMs and containers created properly
2174 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2175 5.Verify ping gets success
2176 6.Verify ping success flows in OvS
2177 7.Down the vSG-1 VM
2178 8.Now repeat step 4
2179 9.Verify that ping fails as vSG-1 is down
2180 10.Repeat step 4 with stag corresponding to vSG-2
2181 9.Verify ping success and flows added in OvS
2182 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2183
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2184 def test_vsg_for_subscriber_access_service2_if_service1_goes_restart(self):
2185 """
2186 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
2187 Algo:
2188 1.Create two vSG VMs for two services in compute node
2189 2.Create one vCPE container in each VM for one subscriber
2190 3.Ensure VMs and containers created properly
2191 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2192 5.Verify ping gets success
2193 6.Verify ping success flows added in OvS
2194 7.Now restart vSG-1 VM
2195 8.Now repeat step 4 while vSG-1 VM restarts
2196 9.Verify that ping fails as vSG-1 is restarting
2197 10.Repeat step 4 with stag corresponding to vSG-2 while vSG-1 VM restarts
2198 11.Verify ping success and flows added in OvS
2199 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2200
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2201 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_goes_down(self):
2202 """
2203 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
2204 Algo:
2205 1.Create a vSG VM in compute node
2206 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2207 3.Ensure VM and containers created properly
2208 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2209 5.Verify ping gets success
2210 6.Verify ping success flows added in OvS
2211 7.Now stop vCPE-1 container
2212 8.Now repeat step 4
2213 9.Verify that ping fails as vCPE-1 container is down
2214 10.Repeat step 4 with ctag corresponding to vCPE-2 container
2215 11.Verify ping success and flows added in OvS
2216 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2217
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2218 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_restart(self):
2219 """
2220 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
2221 Algo:
2222 1.Create a vSG VM in compute node
2223 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2224 3.Ensure VM and containers created properly
2225 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2226 5.Verify ping gets success
2227 6.Verify ping success flows added in OvS
2228 7.Now restart vCPE-1 container
2229 8.Now repeat step 4 while vCPE-1 restarts
2230 9.Verify that ping fails as vCPE-1 container is restarts
2231 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 restarts
2232 11..Verify ping success and flows added in OvS
2233 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2234
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2235 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_pause(self):
2236 """
2237 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 paused
2238 Algo:
2239 1.Create a vSG VM in compute node
2240 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2241 3.Ensure VM and containers created properly
2242 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2243 5.Verify ping gets success
2244 6.Verify ping success flows added in OvS
2245 7.Now pause vCPE-1 container
2246 8.Now repeat step 4 while vCPE-1 in pause state
2247 9.Verify that ping fails as vCPE-1 container in pause state
2248 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 in pause state
2249 11.Verify ping success and flows added in OvS
2250 """
2251 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_removed(self):
2252 """
2253 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 removed
2254 Algo:
2255 1.Create a vSG VM in compute node
2256 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2257 3.Ensure VM and containers created properly
2258 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2259 5.Verify ping gets success
2260 6.Verify ping success flows added in OvS
2261 7.Now remove vCPE-1 container
2262 8.Now repeat step 4
2263 9.Verify that ping fails as vCPE-1 container removed
2264 10.Repeat step 4 with ctag corresponding to vCPE-2 container
2265 11.Verify ping success and flows added in OvS
2266 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2267
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2268 def test_vsg_for_vcpe_instance_removed_and_added_again(self):
2269 """
2270 Algo:
2271 1.Create a vSG VM in compute node
2272 2.Create a vCPE container in vSG VM
2273 3.Ensure VM and containers created properly
2274 4.From subscriber end, send ping to public IP
2275 5.Verify ping gets success
2276 6.Verify ping success flows added in OvS
2277 7.Now remove vCPE container in vSG VM
2278 8.Now repeat step 4
2279 9.Verify that ping fails as vCPE container removed
2280 10.Create the vCPE container again for the same subscriber
2281 11.Ensure that vCPE created now
2282 12.Now repeat step 4
2283 13.Verify ping success and flows added in OvS
2284 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2285
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2286 def test_vsg_for_vsg_vm_removed_and_added_again(self):
2287 """
2288 Algo:
2289 1.Create a vSG VM in compute node
2290 2.Create a vCPE container in vSG VM
2291 3.Ensure VM and containers created properly
2292 4.From subscriber end, send ping to public IP
2293 5.Verify ping gets success
2294 6.Verify ping success flows added in OvS
2295 7.Now remove vSG VM
2296 8.Now repeat step 4
2297 9.Verify that ping fails as vSG VM not exists
2298 10.Create the vSG VM and vCPE container in VM again
2299 11.Ensure that vSG and vCPE created
2300 12.Now repeat step 4
2301 13.Verify ping success and flows added in OvS
2302 """
2303
2304 #Test vSG - Subscriber Configuration
2305 def test_vsg_for_configuring_new_subscriber_in_vcpe(self):
2306 """
2307 Algo:
2308 1.Create a vSG VM in compute node
2309 2.Create a vCPE container in vSG VM
2310 3.Ensure VM and containers created properly
2311 4.Configure a subscriber in XOS and assign a service id
2312 5.Set the admin privileges to the subscriber
2313 6.Verify subscriber configuration is success
2314 """
2315 def test_vsg_for_adding_subscriber_devices_in_vcpe(self):
2316 """
2317 Algo:
2318 1.Create a vSG VM in compute node
2319 2.Create a vCPE container in vSG VM
2320 3.Ensure VM and containers created properly
2321 4.Configure a subscriber in XOS and assign a service id
2322 5.Verify subscriber successfully configured in vCPE
2323 6.Now add devices( Mac addresses ) under the subscriber admin group
2324 7.Verify all devices ( Macs ) added successfully
2325 """
2326 def test_vsg_for_removing_subscriber_devices_in_vcpe(self):
2327 """
2328 Algo:
2329 1.Create a vSG VM in compute node
2330 2.Create a vCPE container in vSG VM
2331 3.Ensure VM and containers created properly
2332 4.Configure a subscriber in XOS and assign a service id
2333 5.Verify subscriber successfully configured
2334 6.Now add devices( Mac addresses ) under the subscriber admin group
2335 7.Verify all devices ( Macs ) added successfully
2336 8.Now remove All the added devices in XOS
2337 9.Verify all the devices removed
2338 """
2339 def test_vsg_for_modify_subscriber_devices_in_vcpe(self):
2340 """
2341 Algo:
2342 1.Create a vSG VM in compute node
2343 2.Create a vCPE container in vSG VM
2344 3.Ensure VM and containers created properly
2345 4.Configure a user in XOS and assign a service id
2346 5.Verify subscriber successfully configured in vCPE.
2347 6.Now add devices( Mac addresses ) under the subscriber admin group
2348 7.Verify all devices ( Macs ) added successfully
2349 8.Now remove few devices in XOS
2350 9.Verify devices removed successfully
2351 10.Now add few additional devices in XOS under the same subscriber admin group
2352 11.Verify newly added devices successfully added
2353 """
2354 def test_vsg_for_vcpe_login_fails_with_incorrect_subscriber_credentials(self):
2355 """
2356 Algo:
2357 1.Create a vSG VM in compute node
2358 2.Create a vCPE container in vSG VM
2359 3.Ensure VM and containers created properly
2360 4.Configure a subscriber in XOS and assign a service id
2361 5.Verify subscriber successfully configured
2362 6.Now add devices( Mac addresses ) under the subscriber admin group
2363 7.Verify all devices ( Macs ) added successfully
2364 8.Login vCPE with credentials with which subscriber configured
2365 9.Verify subscriber successfully logged in
2366 10.Logout and login again with incorrect credentials ( either user name or password )
2367 11.Verify login attempt to vCPE fails wtih incorrect credentials
2368 """
2369 def test_vsg_for_subscriber_configuration_in_vcpe_retain_after_vcpe_restart(self):
2370 """
2371 Algo:
2372 1.Create a vSG VM in compute node
2373 2.Create a vCPE container in vSG VM
2374 3.Ensure VM and containers created properly
2375 4.Configure a subscriber in XOS and assign a service id
2376 5.Verify subscriber successfully configured
2377 6.Now add devices( Mac addresses ) under the subscriber admin group
2378 7.Verify all devices ( Macs ) added successfully
2379 8.Restart vCPE ( locate backup config path while restart )
2380 9.Verify subscriber details in vCPE after restart should be same as before the restart
2381 """
2382 def test_vsg_for_create_multiple_vcpe_instances_and_configure_subscriber_in_each_instance(self):
2383 """
2384 Algo:
2385 1.Create a vSG VM in compute node
2386 2.Create 2 vCPE containers in vSG VM
2387 3.Ensure VM and containers created properly
2388 4.Configure a subscriber in XOS for each vCPE instance and assign a service id
2389 5.Verify subscribers successfully configured
2390 6.Now login vCPE-2 with subscriber-1 credentials
2391 7.Verify login fails
2392 8.Now login vCPE-1 with subscriber-2 credentials
2393 9.Verify login fails
2394 10.Now login vCPE-1 with subscriber-1 and vCPE-2 with subscriber-2 credentials
2395 11.Verify that both the subscribers able to login to their respective vCPE containers
2396 """
2397 def test_vsg_for_same_subscriber_can_be_configured_for_multiple_services(self):
2398 """
2399 Algo:
2400 1.Create 2 vSG VMs in compute node
2401 2.Create a vCPE container in each vSG VM
2402 3.Ensure VMs and containers created properly
2403 4.Configure same subscriber in XOS for each vCPE instance and assign a service id
2404 5.Verify subscriber successfully configured
2405 6.Now login vCPE-1 with subscriber credentials
2406 7.Verify login success
2407 8.Now login vCPE-2 with the same subscriber credentials
2408 9.Verify login success
2409 """
2410
2411 #Test Example Service
2412 def test_vsg_for_subcriber_avail_example_service_running_in_apache_server(self):
2413 """
2414 Algo:
2415 1.Create a vSG VM in compute node
2416 2.Create a vCPE container in each vSG VM
2417 3.Ensure VM and container created properly
2418 4.Configure a subscriber in XOS for the vCPE instance and assign a service id
2419 5.On-board an example service into cord pod
2420 6.Create a VM in compute node and run the example service ( Apache server )
2421 7.Configure the example service with service specific and subscriber specific messages
2422 8.Verify example service on-boarded successfully
2423 9.Verify example service running in VM
2424 10.Run a curl command from subscriber to reach example service
2425 11.Verify subscriber can successfully reach example service via vSG
2426 12.Verify that service specific and subscriber specific messages
2427 """
2428 def test_vsg_for_subcriber_avail_example_service_running_in_apache_server_after_service_restart(self):
2429 """
2430 Algo:
2431 1.Create a vSG VM in compute node
2432 2.Create a vCPE container in each vSG VM
2433 3.Ensure VM and container created properly
2434 4.Configure a subscriber in XOS for the vCPE instance and assign a service id
2435 5.On-board an example service into cord pod
2436 6.Create a VM in compute node and run the example service ( Apache server )
2437 7.Configure the example service with service specific and subscriber specific messages
2438 8.Verify example service on-boarded successfully
2439 9.Verify example service running in VM
2440 10.Run a curl command from subscriber to reach example service
2441 11.Verify subscriber can successfully reach example service via vSG
2442 12.Verify that service specific and subscriber specific messages
2443 13.Restart example service running in VM
2444 14.Repeat step 10
2445 15.Verify the same results as mentioned in steps 11, 12
2446 """
2447
2448 #vCPE Firewall Functionality
2449 def test_vsg_firewall_for_creating_acl_rule_based_on_source_ip(self):
2450 """
2451 Algo:
2452 1.Create a vSG VM in compute node
2453 2.Create vCPE container in the VM
2454 3.Ensure vSG VM and vCPE container created properly
2455 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
2456 5.Bound the acl rule to WAN interface of vCPE
2457 6.Verify configuration in vCPE is success
2458 8.Verify flows added in OvS
2459 """
2460 def test_vsg_firewall_for_creating_acl_rule_based_on_destination_ip(self):
2461 """
2462 Algo:
2463 1.Create a vSG VM in compute node
2464 2.Create vCPE container in the VM
2465 3.Ensure vSG VM and vCPE container created properly
2466 4.Configure ac acl rule in vCPE to deny IP traffic to a destination ip
2467 5.Bound the acl rule to WAN interface of vCPE
2468 6.Verify configuration in vCPE is success
2469 8.Verify flows added in OvS
2470 """
2471 def test_vsg_firewall_for_acl_deny_rule_based_on_source_ip_traffic(self):
2472 """
2473 Algo:
2474 1.Create a vSG VM in compute node
2475 2.Create vCPE container in the VM
2476 3.Ensure vSG VM and vCPE container created properly
2477 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
2478 5.Bound the acl rule to WAN interface of vCPE
2479 6.From subscriber, send ping to the denied IP address
2480 7.Verify that ping fails as vCPE denies ping response
2481 8.Verify flows added in OvS
2482 """
2483 def test_vsg_firewall_for_acl_deny_rule_based_on_destination_ip_traffic(self):
2484 """
2485 Algo:
2486 1.Create a vSG VM in compute node
2487 2.Create vCPE container in the VM
2488 3.Ensure vSG VM and vCPE container created properly
2489 4.Configure ac acl rule in vCPE to deny IP traffic to a destination IP
2490 5.Bound the acl rule to WAN interface of vCPE
2491 6.From subscriber, send ping to the denied IP address
2492 7.Verify that ping fails as vCPE drops the ping request at WAN interface
2493 8.Verify flows added in OvS
2494 """
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]2495
2496 def test_vsg_dnsmasq(self):
2497 pass
2498
2499 def test_vsg_with_external_parental_control_family_shield_for_filter(self):
2500 pass
2501
2502 def test_vsg_with_external_parental_control_with_answerx(self):
2503 pass
2504
2505 def test_vsg_for_subscriber_upstream_bandwidth(self):
2506 pass
2507
2508 def test_vsg_for_subscriber_downstream_bandwidth(self):
2509 pass
2510
2511 def test_vsg_for_diagnostic_run_of_traceroute(self):
2512 pass
2513
2514 def test_vsg_for_diagnostic_run_of_tcpdump(self):
2515 pass
2516
2517 def test_vsg_for_iptable_rules(self):
2518 pass
2519
2520 def test_vsg_for_iptables_with_neutron(self):
2521 pass