Gitiles
Code Review Sign In
gerrit.opencord.org / cord-tester / b608d40478d21592ac3d1713b3f3236d834a853d / . / src / test / vsg / vsgTest.py
blob: 75a8e8246303d3fa6a7506b33278cfbc4091ddf3 [file] [log] [blame]
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]1#copyright 2016-present Ciena Corporation
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14#
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]15import time
16import os
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]17import sys
18import json
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]19import requests
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]20from nose.tools import *
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]21from twisted.internet import defer
22from nose.twistedtools import reactor, deferred
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]23from CordTestUtils import *
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]24from OltConfig import OltConfig
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]25from onosclidriver import OnosCliDriver
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]26from SSHTestAgent import SSHTestAgent
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]27from CordLogger import CordLogger
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]28from VSGAccess import VSGAccess
A R Karthick933f5b52017-03-27 15:27:16 -0700[diff] [blame]29from CordTestUtils import log_test as log
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]30from CordTestConfig import setup_module, running_on_ciab
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]31from OnosCtrl import OnosCtrl
A R Karthickb608d402017-06-02 11:48:41 -0700[diff] [blame^]32from CordContainer import Onos
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]33log.setLevel('INFO')
34
35class vsg_exchange(CordLogger):
36 ONOS_INSTANCES = 3
37 V_INF1 = 'veth0'
38 device_id = 'of:' + get_mac()
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]39 TEST_IP = '8.8.8.8'
40 HOST = "10.1.0.1"
41 USER = "vagrant"
42 PASS = "vagrant"
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]43 head_node = os.getenv('HEAD_NODE', 'prod')
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]44 HEAD_NODE = head_node + '.cord.lab' if len(head_node.split('.')) == 1 else head_node
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]45 test_path = os.path.dirname(os.path.realpath(__file__))
A.R Karthick5968e0d2017-05-16 14:50:46 -0700[diff] [blame]46 olt_conf_file = os.getenv('OLT_CONFIG_FILE', os.path.join(test_path, '..', 'setup/olt_config.json'))
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]47 restApiXos = None
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]48 subscriber_account_num = 200
49 subscriber_s_tag = 304
50 subscriber_c_tag = 304
51 subscribers_per_s_tag = 8
52 subscriber_map = {}
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]53 subscriber_info = []
54 volt_subscriber_info = []
A R Karthick9a16a112017-04-07 15:40:05 -0700[diff] [blame]55 restore_methods = []
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]56 TIMEOUT=120
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]57 FABRIC_PORT_HEAD_NODE = 1
58 FABRIC_PORT_COMPUTE_NODE = 2
59 APP_NAME = 'org.ciena.xconnect'
60 APP_FILE = os.path.join(test_path, '..', 'apps/xconnect-1.0-SNAPSHOT.oar')
A.R Karthick50f4d9a2017-04-20 16:44:19 -0700[diff] [blame]61 NUM_SUBSCRIBERS = 5
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]62
63 @classmethod
64 def getSubscriberCredentials(cls, subId):
65 """Generate our own account num, s_tag and c_tags"""
66 if subId in cls.subscriber_map:
67 return cls.subscriber_map[subId]
68 account_num = cls.subscriber_account_num
69 cls.subscriber_account_num += 1
70 s_tag, c_tag = cls.subscriber_s_tag, cls.subscriber_c_tag
71 cls.subscriber_c_tag += 1
72 if cls.subscriber_c_tag % cls.subscribers_per_s_tag == 0:
73 cls.subscriber_s_tag += 1
74 cls.subscriber_map[subId] = account_num, s_tag, c_tag
75 return cls.subscriber_map[subId]
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]76
77 @classmethod
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]78 def getXosCredentials(cls):
79 onos_cfg = OnosCtrl.get_config()
80 if onos_cfg is None:
81 return None
82 if 'apps' in onos_cfg and \
83 'org.opencord.vtn' in onos_cfg['apps'] and \
84 'cordvtn' in onos_cfg['apps']['org.opencord.vtn'] and \
85 'xos' in onos_cfg['apps']['org.opencord.vtn']['cordvtn']:
86 xos_cfg = onos_cfg['apps']['org.opencord.vtn']['cordvtn']['xos']
87 endpoint = xos_cfg['endpoint']
88 user = xos_cfg['user']
89 password = xos_cfg['password']
90 xos_endpoints = endpoint.split(':')
91 xos_host = xos_endpoints[1][len('//'):]
92 xos_port = xos_endpoints[2][:-1]
93 #log.info('xos_host: %s, port: %s, user: %s, password: %s' %(xos_host, xos_port, user, password))
94 return dict(host = xos_host, port = xos_port, user = user, password = password)
95
96 return None
97
98 @classmethod
A.R Karthick50f4d9a2017-04-20 16:44:19 -0700[diff] [blame]99 def getSubscriberConfig(cls, num_subscribers):
100 features = {
101 'cdn': True,
102 'uplink_speed': 1000000000,
103 'downlink_speed': 1000000000,
104 'uverse': True,
105 'status': 'enabled'
106 }
107 subscriber_map = []
108 for i in xrange(num_subscribers):
109 subId = 'sub{}'.format(i)
110 account_num, _, _ = cls.getSubscriberCredentials(subId)
111 identity = { 'account_num' : str(account_num),
112 'name' : 'My House {}'.format(i)
113 }
114 sub_info = { 'features' : features,
115 'identity' : identity
116 }
117 subscriber_map.append(sub_info)
118
119 return subscriber_map
120
121 @classmethod
122 def getVoltSubscriberConfig(cls, num_subscribers):
123 voltSubscriberMap = []
124 for i in xrange(num_subscribers):
125 subId = 'sub{}'.format(i)
126 account_num, s_tag, c_tag = cls.getSubscriberCredentials(subId)
127 voltSubscriberInfo = {}
128 voltSubscriberInfo['voltTenant'] = dict(s_tag = str(s_tag),
129 c_tag = str(c_tag),
130 subscriber = '')
131 voltSubscriberInfo['account_num'] = account_num
132 voltSubscriberMap.append(voltSubscriberInfo)
133
134 return voltSubscriberMap
135
136 @classmethod
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]137 def setUpCordApi(cls):
138 our_path = os.path.dirname(os.path.realpath(__file__))
139 cord_api_path = os.path.join(our_path, '..', 'cord-api')
140 framework_path = os.path.join(cord_api_path, 'Framework')
141 utils_path = os.path.join(framework_path, 'utils')
142 data_path = os.path.join(cord_api_path, 'Tests', 'data')
143 subscriber_cfg = os.path.join(data_path, 'Subscriber.json')
144 volt_tenant_cfg = os.path.join(data_path, 'VoltTenant.json')
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]145 num_subscribers = max(cls.NUM_SUBSCRIBERS, 5)
146 cls.subscriber_info = cls.getSubscriberConfig(num_subscribers)
147 cls.volt_subscriber_info = cls.getVoltSubscriberConfig(num_subscribers)
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]148
149 sys.path.append(utils_path)
150 sys.path.append(framework_path)
151 from restApi import restApi
152 restApiXos = restApi()
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]153 xos_credentials = cls.getXosCredentials()
154 if xos_credentials is None:
155 restApiXos.controllerIP = cls.HEAD_NODE
156 restApiXos.controllerPort = '9000'
157 else:
158 restApiXos.controllerIP = xos_credentials['host']
159 restApiXos.controllerPort = xos_credentials['port']
160 restApiXos.user = xos_credentials['user']
161 restApiXos.password = xos_credentials['password']
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]162 cls.restApiXos = restApiXos
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]163
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]164 @classmethod
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]165 def getVoltId(cls, result, subId):
166 if type(result) is not type([]):
167 return None
168 for tenant in result:
169 if str(tenant['subscriber']) == str(subId):
170 return str(tenant['id'])
171 return None
172
173 @classmethod
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]174 def closeVCPEAccess(cls, volt_subscriber_info):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]175 OnosCtrl.uninstall_app(cls.APP_NAME, onos_ip = cls.HEAD_NODE)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]176
177 @classmethod
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]178 def openVCPEAccess(cls, volt_subscriber_info):
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]179 """
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]180 This code is used to configure leaf switch for head node access to compute node over fabric.
181 Care is to be taken to avoid overwriting existing/default vcpe flows.
182 The access is opened for generated subscriber info which should not overlap.
183 We target the fabric onos instance on head node.
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]184 """
A R Karthickb608d402017-06-02 11:48:41 -0700[diff] [blame^]185 version = Onos.getVersion(onos_ip = cls.HEAD_NODE)
186 app_version = '1.0-SNAPSHOT'
187 major = int(version.split('.')[0])
188 minor = int(version.split('.')[1])
189 if major > 1:
190 app_version = '2.0-SNAPSHOT'
191 elif major == 1 and minor > 10:
192 app_version = '2.0-SNAPSHOT'
193 cls.APP_FILE = os.path.join(cls.test_path, '..', 'apps/xconnect-{}.oar'.format(app_version))
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]194 OnosCtrl.install_app(cls.APP_FILE, onos_ip = cls.HEAD_NODE)
195 time.sleep(2)
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]196 s_tags = map(lambda tenant: int(tenant['voltTenant']['s_tag']), volt_subscriber_info)
197 #only get unique vlan tags
198 s_tags = list(set(s_tags))
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]199 devices = OnosCtrl.get_device_ids(controller = cls.HEAD_NODE)
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]200 if devices:
201 device_config = {}
202 for device in devices:
203 device_config[device] = []
204 for s_tag in s_tags:
205 xconnect_config = {'vlan': s_tag, 'ports' : [ cls.FABRIC_PORT_HEAD_NODE, cls.FABRIC_PORT_COMPUTE_NODE ] }
206 device_config[device].append(xconnect_config)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]207
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]208 cfg = { 'apps' : { 'org.ciena.xconnect' : { 'xconnectTestConfig' : device_config } } }
209 OnosCtrl.config(cfg, controller = cls.HEAD_NODE)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]210
211 @classmethod
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]212 def setUpClass(cls):
213 cls.controllers = get_controllers()
214 cls.controller = cls.controllers[0]
215 cls.cli = None
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]216 cls.on_pod = running_on_pod()
217 cls.on_ciab = running_on_ciab()
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]218 cls.olt = OltConfig(olt_conf_file = cls.olt_conf_file)
219 cls.vcpes = cls.olt.get_vcpes()
220 cls.vcpes_dhcp = cls.olt.get_vcpes_by_type('dhcp')
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]221 cls.vcpes_reserved = cls.olt.get_vcpes_by_type('reserved')
222 cls.dhcp_vcpes_reserved = [ 'vcpe{}.{}.{}'.format(i, cls.vcpes_reserved[i]['s_tag'], cls.vcpes_reserved[i]['c_tag'])
223 for i in xrange(len(cls.vcpes_reserved)) ]
224 cls.untagged_dhcp_vcpes_reserved = [ 'vcpe{}'.format(i) for i in xrange(len(cls.vcpes_reserved)) ]
225 cls.container_vcpes_reserved = [ 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag']) for vcpe in cls.vcpes_reserved ]
226 vcpe_dhcp_reserved = None
227 vcpe_container_reserved = None
228 if cls.vcpes_reserved:
229 vcpe_dhcp_reserved = cls.dhcp_vcpes_reserved[0]
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]230 if cls.on_pod is False:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]231 vcpe_dhcp_reserved = cls.untagged_dhcp_vcpes_reserved[0]
232 vcpe_container_reserved = cls.container_vcpes_reserved[0]
233
234 cls.vcpe_dhcp_reserved = vcpe_dhcp_reserved
235 cls.vcpe_container_reserved = vcpe_container_reserved
236 dhcp_vcpe_offset = len(cls.vcpes_reserved)
A R Karthick927129c2017-04-25 14:08:02 -0700[diff] [blame]237 cls.dhcp_vcpes = [ 'vcpe{}.{}.{}'.format(i+dhcp_vcpe_offset, cls.vcpes_dhcp[i]['s_tag'], cls.vcpes_dhcp[i]['c_tag'])
238 for i in xrange(len(cls.vcpes_dhcp)) ]
239 cls.untagged_dhcp_vcpes = [ 'vcpe{}'.format(i+dhcp_vcpe_offset) for i in xrange(len(cls.vcpes_dhcp)) ]
240 cls.container_vcpes = [ 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag']) for vcpe in cls.vcpes_dhcp ]
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]241 vcpe_dhcp = None
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]242 vcpe_container = None
243 #cache the first dhcp vcpe in the class for quick testing
244 if cls.vcpes_dhcp:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]245 vcpe_container = cls.container_vcpes[0]
246 vcpe_dhcp = cls.dhcp_vcpes[0]
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]247 if cls.on_pod is False:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]248 vcpe_dhcp = cls.untagged_dhcp_vcpes[0]
249 cls.vcpe_container = vcpe_container_reserved or vcpe_container
250 cls.vcpe_dhcp = vcpe_dhcp_reserved or vcpe_dhcp
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]251 VSGAccess.setUp()
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]252 cls.setUpCordApi()
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]253 if cls.on_pod is True:
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]254 cls.openVCPEAccess(cls.volt_subscriber_info)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]255
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]256 @classmethod
257 def tearDownClass(cls):
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]258 VSGAccess.tearDown()
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]259 if cls.on_pod is True:
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]260 cls.closeVCPEAccess(cls.volt_subscriber_info)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]261
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]262 def onos_shutdown(self, controller = None):
263 status = True
A R Karthickb608d402017-06-02 11:48:41 -0700[diff] [blame^]264 cli = Onos.cliEnter(onos_ip = controller)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]265 try:
A R Karthickb608d402017-06-02 11:48:41 -0700[diff] [blame^]266 cli.shutdown(timeout = 10)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]267 except:
268 log.info('Graceful shutdown of ONOS failed for controller: %s' %controller)
269 status = False
270
A R Karthickb608d402017-06-02 11:48:41 -0700[diff] [blame^]271 Onos.cliExit(cli)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]272 return status
273
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]274 def log_set(self, level = None, app = 'org.onosproject'):
275 CordLogger.logSet(level = level, app = app, controllers = self.controllers, forced = True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]276
A R Karthick9a16a112017-04-07 15:40:05 -0700[diff] [blame]277 @classmethod
278 def get_dhcp(cls, vcpe, mgmt = 'eth0'):
279 """Get DHCP for vcpe interface saving management settings"""
280
281 def put_dhcp():
282 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
283
284 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
285 if vcpe_ip is not None:
286 cls.restore_methods.append(put_dhcp)
287 return vcpe_ip
288
289 @classmethod
290 def config_restore(cls):
291 """Restore the vsg test configuration on test case failures"""
292 for restore_method in cls.restore_methods:
293 restore_method()
294
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]295 def get_vsg_vcpe_pair(self):
296 vcpes = self.vcpes_dhcp
297 vcpe_containers = []
298 vsg_vcpe = {}
299 for vcp in vcpes:
300 vcpe_container = 'vcpe-{}-{}'.format(vcp['s_tag'], vcp['c_tag'])
301 vcpe_containers.append(vcpe_container)
302 vsg = VSGAccess.get_vcpe_vsg(vcpe_container)
303 vsg_vcpe[vcpe_container]=str(vsg.get_ip())
304 return vsg_vcpe
305
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]306 def get_vcpe_containers_and_interfaces(self):
307 vcpe_containers = {}
308 vcpe_interfaces = []
309 vcpes = self.vcpes_dhcp
310 count = 0
311 for vcpe in vcpes:
312 vcpe_intf = 'vcpe{}.{}.{}'.format(count,vcpe['s_tag'],vcpe['c_tag'])
313 vcpe_interfaces.append(vcpe_intf)
314 vcpe_container = 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag'])
315 vcpe_containers[vcpe_intf] = vcpe_container
316 count += 1
317 log.info('vcpe interfaces are %s'%vcpe_interfaces)
318 log.info('vcpe containers are %s'%vcpe_containers)
319 return vcpe_interfaces,vcpe_containers
320
321 def get_vcpe_interface_dhcp_ip(self,vcpe=None):
322 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]323 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]324 st, _ = getstatusoutput('dhclient {}'.format(vcpe))
325 vcpe_ip = get_ip(vcpe)
326 return vcpe_ip
327
328 def release_vcpe_interface_dhcp_ip(self,vcpe=None):
329 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]330 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]331 st, _ = getstatusoutput('dhclient {} -r'.format(vcpe))
332 vcpe_ip = get_ip(vcpe)
333 assert_equal(vcpe_ip, None)
334
335 def add_static_route_via_vcpe_interface(self, routes, vcpe=None,dhcp_ip=True):
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]336 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]337 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]338 if dhcp_ip:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]339 os.system('dhclient '+vcpe)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]340 time.sleep(1)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]341 for route in routes:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]342 log.info('route is %s'%route)
343 cmd = 'ip route add ' + route + ' via 192.168.0.1 '+ 'dev ' + vcpe
344 cmds.append(cmd)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]345 for cmd in cmds:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]346 os.system(cmd)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]347 return True
348
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]349 def del_static_route_via_vcpe_interface(self,routes,vcpe=None,dhcp_release=True):
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]350 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]351 vcpe = self.vcpe_dhcp
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]352 cmds = []
353 for route in routes:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]354 cmd = 'ip route del ' + route + ' via 192.168.0.1 ' + 'dev ' + vcpe
355 os.system(cmd)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]356 if dhcp_release:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]357 os.system('dhclient '+vcpe+' -r')
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]358 return True
359
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]360 def vsg_for_external_connectivity(self, subscriber_index, reserved = False):
361 if reserved is True:
362 if self.on_pod is True:
363 vcpe = self.dhcp_vcpes_reserved[subscriber_index]
364 else:
365 vcpe = self.untagged_dhcp_vcpes_reserved[subscriber_index]
366 else:
367 if self.on_pod is True:
368 vcpe = self.dhcp_vcpes[subscriber_index]
369 else:
370 vcpe = self.untagged_dhcp_vcpes[subscriber_index]
371 mgmt = 'eth0'
372 host = '8.8.8.8'
373 self.success = False
374 assert_not_equal(vcpe, None)
375 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
376 assert_not_equal(vcpe_ip, None)
377 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
378 log.info('Sending icmp echo requests to external network 8.8.8.8')
379 st, _ = getstatusoutput('ping -c 3 8.8.8.8')
380 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
381 assert_equal(st, 0)
382
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]383 def test_vsg_health(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]384 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]385 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]386 1. Login to compute node VM
387 2. Get all vSGs
388 3. Ping to all vSGs
389 4. Verifying Ping success
390 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]391 status = True
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]392 if self.on_pod is True:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]393 status = VSGAccess.health_check()
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]394 assert_equal(status, True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]395
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]396 def test_vsg_health_check(self, vsg_name='mysite_vsg-1', verify_status=True):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]397 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]398 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]399 1. If vsg name not specified, Get vsg corresponding to vcpe
400 1. Login to compute mode VM
401 3. Ping to the vSG
402 4. Verifying Ping success
403 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]404 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]405 return
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]406 if not vsg_name:
407 vcpe = self.vcpe_container
408 vsg = VSGAccess.get_vcpe_vsg(vcpe)
409 status = vsg.get_health()
410 assert_equal(status, verify_status)
411 else:
412 vsgs = VSGAccess.get_vsgs()
413 status = None
414 for vsg in vsgs:
415 if vsg.name == vsg_name:
416 status = vsg.get_health()
417 log.info('vsg health check status is %s'%status)
418 assert_equal(status,verify_status)
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]419
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]420 @deferred(TIMEOUT)
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]421 def test_vsg_for_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]422 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]423 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]424 1. Get list of all compute nodes created using Openstack
425 2. Login to compute mode VM
426 3. Get all vSGs
427 4. Verifying atleast one compute node and one vSG created
428 """
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]429 df = defer.Deferred()
430 def vsg_for_vcpe_df(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]431 if self.on_pod is True:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]432 vsgs = VSGAccess.get_vsgs()
433 compute_nodes = VSGAccess.get_compute_nodes()
434 time.sleep(14)
435 assert_not_equal(len(vsgs), 0)
436 assert_not_equal(len(compute_nodes), 0)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]437 df.callback(0)
438 reactor.callLater(0,vsg_for_vcpe_df,df)
439 return df
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]440
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]441 def test_vsg_for_login(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]442 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]443 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]444 1. Login to compute node VM
445 2. Get all vSGs
446 3. Verifying login to vSG is success
447 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]448 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]449 return
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]450 vsgs = VSGAccess.get_vsgs()
451 vsg_access_status = map(lambda vsg: vsg.check_access(), vsgs)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]452 status = filter(lambda st: st == False, vsg_access_status)
453 assert_equal(len(status), 0)
454
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]455 def test_vsg_for_default_route_through_testclient(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]456 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]457 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]458 1. Login to head node
459 2. Verifying for default route in lxc test client
460 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]461 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]462 return
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]463 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
464 cmd = "sudo lxc exec testclient -- route | grep default"
465 status, output = ssh_agent.run_cmd(cmd)
466 assert_equal(status, True)
467
468 def test_vsg_for_external_connectivity_through_testclient(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]469 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]470 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]471 1. Login to head node
472 2. On head node, executing ping to 8.8.8.8 from lxc test client
473 3. Verifying for the ping success
474 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]475 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]476 return
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]477 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
478 cmd = "lxc exec testclient -- ping -c 3 8.8.8.8"
479 status, output = ssh_agent.run_cmd(cmd)
480 assert_equal( status, True)
481
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]482 def test_vsg_for_external_connectivity(self):
483 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]484 Test Method:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]485 1. Get dhcp IP to vcpe interface in cord-tester
486 2. Verifying vcpe interface gets dhcp IP
487 3. Ping to 8.8.8.8 and Verifying ping should success
488 4. Restoring management interface configuration in cord-tester
489 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]490 reserved = True
491 if self.on_pod:
492 reserved = self.on_ciab
493 self.vsg_for_external_connectivity(0, reserved = reserved)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]494
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]495 def test_vsg_for_external_connectivity_to_google(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]496 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]497 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]498 1. Get dhcp IP to vcpe interface in cord-tester
499 2. Verifying vcpe interface gets dhcp IP
500 3. Ping to www.google.com and Verifying ping should success
501 4. Restoring management interface configuration in cord-tester
502 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]503 host = 'www.google.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]504 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]505 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]506 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]507 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]508 assert_not_equal(vcpe_ip, None)
509 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
510 log.info('Sending icmp ping requests to %s' %host)
511 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]512 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]513 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]514
A R Karthickb2618052017-05-10 09:23:22 -0700[diff] [blame]515 def retrieve_content_from_host_to_validate_path_mtu(self, host):
516 vcpe = self.vcpe_dhcp
517 mgmt = 'eth0'
518 assert_not_equal(vcpe, None)
519 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
520 assert_not_equal(vcpe_ip, None)
521 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
522 log.info('Initiating get requests to %s' %host)
523 r = requests.get('http://{}'.format(host))
524 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
525 return r.status_code
526
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]527 #Test cases to check path mtu across cord framework wih some selected websites to check response.
528 def test_vsg_to_retrieve_content_from_google_to_validate_path_mtu(self):
529 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]530 Test Method:
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]531 1. Get dhcp IP to vcpe interface in cord-tester
532 2. Verifying vcpe interface gets dhcp IP
533 3. Retrieve contents from www.google.com and Verify response status is 200 ok.
534 4. This validates path mtu for end to end traffic with request to retrieve web contents in cord framework.
535 (Based on website response, size differs, needs check on MTU)
536 4. Restoring management interface configuration in cord-tester
537 """
A R Karthickb2618052017-05-10 09:23:22 -0700[diff] [blame]538 status_code = self.retrieve_content_from_host_to_validate_path_mtu('www.google.com')
539 assert_equal(status_code, 200)
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]540
541 def test_vsg_to_retrieve_content_from_rediff_to_validate_path_mtu(self):
542 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]543 Test Method:
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]544 1. Get dhcp IP to vcpe interface in cord-tester
545 2. Verifying vcpe interface gets dhcp IP
546 3. Retrieve contents from www.rediff.com and Verify response status is 200 ok.
547 4. This validates path mtu for end to end traffic with request to retrieve web contents in cord framework.
548 (Based on website response, size differs, needs check on MTU)
549 4. Restoring management interface configuration in cord-tester
550 """
A R Karthickb2618052017-05-10 09:23:22 -0700[diff] [blame]551 status_code = self.retrieve_content_from_host_to_validate_path_mtu('www.rediff.com')
552 assert_equal(status_code, 200)
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]553
554 def test_vsg_to_retrieve_content_from_yahoo_to_validate_path_mtu(self):
555 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]556 Test Method:
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]557 1. Get dhcp IP to vcpe interface in cord-tester
558 2. Verifying vcpe interface gets dhcp IP
559 3. Retrieve contents from www.yahoo.com and Verify response status is 200 ok.
560 4. This validates path mtu for end to end traffic with request to retrieve web contents in cord framework.
561 (Based on website response, size differs, needs check on MTU)
562 4. Restoring management interface configuration in cord-tester
563 """
A R Karthickb2618052017-05-10 09:23:22 -0700[diff] [blame]564 status_code = self.retrieve_content_from_host_to_validate_path_mtu('www.yahoo.com')
565 assert_equal(status_code, 200)
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]566
567 def test_vsg_to_retrieve_content_from_facebook_to_validate_path_mtu(self):
568 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]569 Test Method:
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]570 1. Get dhcp IP to vcpe interface in cord-tester
571 2. Verifying vcpe interface gets dhcp IP
572 3. Retrieve contents from www.facebook.com and Verify response status is 200 ok.
573 4. This validates path mtu for end to end traffic with request to retrieve web contents in cord framework.
574 (Based on website response, size differs, needs check on MTU)
575 4. Restoring management interface configuration in cord-tester
576 """
A R Karthickb2618052017-05-10 09:23:22 -0700[diff] [blame]577 status_code = self.retrieve_content_from_host_to_validate_path_mtu('www.facebook.com')
578 assert_equal(status_code, 200)
Chetan Gaonker0bf76312017-05-09 16:48:10 +0000[diff] [blame]579
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]580 def test_vsg_for_external_connectivity_to_invalid_host(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]581 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]582 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]583 1. Get dhcp IP to vcpe interface in cord-tester
584 2. Verifying vcpe interface gets dhcp IP
585 3. Ping to www.goglee.com and Verifying ping should not success
586 4. Restoring management interface configuration in cord-tester
587 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]588 host = 'www.goglee.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]589 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]590 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]591 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]592 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]593 assert_not_equal(vcpe_ip, None)
594 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
595 log.info('Sending icmp ping requests to non existent host %s' %host)
596 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]597 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]598 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]599
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]600 def test_vsg_for_external_connectivity_with_ttl_1(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]601 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]602 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]603 1. Get dhcp IP to vcpe interface in cord-tester
604 2. Verifying vcpe interface gets dhcp IP
605 3. Ping to 8.8.8.8 with ttl set to 1
606 4. Verifying ping should not success
607 5. Restoring management interface configuration in cord-tester
608 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]609 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]610 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]611 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]612 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]613 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]614 assert_not_equal(vcpe_ip, None)
615 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
616 log.info('Sending icmp ping requests to host %s with ttl 1' %host)
617 st, _ = getstatusoutput('ping -c 1 -t 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]618 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]619 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]620
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]621 def test_vsg_for_external_connectivity_with_wan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]622 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]623 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]624 1. Get dhcp IP to vcpe interface in cord-tester
625 2. Verifying vcpe interface gets dhcp IP
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]626 3. Ping to 8.8.8.8 and Verifying ping succeeds
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]627 4. Now down the WAN interface of vcpe
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]628 5. Ping to 8.8.8.8 and Verifying ping fails
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]629 6. Now Up the WAN interface of vcpe
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]630 7. Ping to 8.8.8.8 and Verifying ping succeeds
631 8. Restoring management interface configuration in cord-tester
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]632 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]633 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]634 return
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]635 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]636 mgmt = 'eth0'
637 vcpe = self.vcpe_container
638 assert_not_equal(vcpe, None)
639 assert_not_equal(self.vcpe_dhcp, None)
640 #first get dhcp on the vcpe interface
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]641 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
642 assert_not_equal(vcpe_ip, None)
643 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
644 log.info('Sending ICMP pings to host %s' %(host))
645 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
646 if st != 0:
647 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
648 assert_equal(st, 0)
649 #bring down the wan interface and check again
650 st = VSGAccess.vcpe_wan_down(vcpe)
651 if st is False:
652 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
653 assert_equal(st, True)
654 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
655 if st == 0:
656 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
657 assert_not_equal(st, 0)
658 st = VSGAccess.vcpe_wan_up(vcpe)
659 if st is False:
660 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
661 assert_equal(st, True)
662 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
663 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
664 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]665
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]666 def test_vsg_for_external_connectivity_with_lan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]667 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]668 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]669 1. Get dhcp IP to vcpe interface in cord-tester
670 2. Verifying vcpe interface gets dhcp IP
671 3. Ping to 8.8.8.8 and Verifying ping should success
672 4. Now down the LAN interface of vcpe
673 5. Ping to 8.8.8.8 and Verifying ping should not success
674 6. Now Up the LAN interface of vcpe
675 7. Ping to 8.8.8.8 and Verifying ping should success
676 8. Restoring management interface configuration in cord-tester
677 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]678 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]679 return
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]680 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]681 mgmt = 'eth0'
682 vcpe = self.vcpe_container
683 assert_not_equal(vcpe, None)
684 assert_not_equal(self.vcpe_dhcp, None)
685 #first get dhcp on the vcpe interface
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]686 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
687 assert_not_equal(vcpe_ip, None)
688 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
689 log.info('Sending ICMP pings to host %s' %(host))
690 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
691 if st != 0:
692 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
693 assert_equal(st, 0)
694 #bring down the lan interface and check again
695 st = VSGAccess.vcpe_lan_down(vcpe)
696 if st is False:
697 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
698 assert_equal(st, True)
699 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
700 if st == 0:
701 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
702 assert_not_equal(st, 0)
703 st = VSGAccess.vcpe_lan_up(vcpe)
704 if st is False:
705 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
706 assert_equal(st, True)
707 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
708 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
709 assert_equal(st, 0)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]710
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]711 def test_vsg_multiple_subscribers_for_same_vcpe_instace(self):
712 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]713 Test Method:
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]714 1. Create a vcpe instance
715 2. Create multiple vcpe interfaces in cord-tester with same s-tag and c-tag to access vcpe instance
716 3. Verify all the interfaces gets dhcp IP in same subnet
717 """
718 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
719 for vcpe in vcpe_intfs:
720 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
721 assert_not_equal(vcpe_ip,None)
722 for vcpe in vcpe_intfs:
723 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
724
725 def test_vsg_for_multiple_subscribers_with_same_vcpe_instance_and_validate_external_connectivity(self):
726 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]727 Test Method:
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]728 1. Create a vcpe instance
729 2. Create multiple vcpe interfaces in cord-tester with same s-tag and c-tag to access vcpe instance
730 3. Verify all the interfaces gets dhcp IP in same subnet
731 4. From cord-tester ping to external with vcpe interface option
732 """
733 host = '8.8.8.8'
734 vcpe_intfs, containers = self.get_vcpe_containers_and_interfaces()
735 for vcpe in vcpe_intfs:
736 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
737 assert_not_equal(vcpe_ip,None)
738 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe,dhcp_ip=False)
739 st, _ = getstatusoutput('ping -I {} -c 3 {}'.format(vcpe,host))
740 assert_equal(st, 0)
741 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe,dhcp_release=False)
742 for vcpe in vcpe_intfs:
743 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
744
745 def test_vsg_vcpe_interface_and_validate_dhcp_ip_after_interface_toggle(self):
746 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]747 Test Method:
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]748 1. Create a vcpe instance
749 2. Create a vcpe interface in cord-tester
750 3. Verify the interface gets dhcp IP
751 4. Toggle the interface
752 5. Verify the interface gets dhcp IP
753 """
754 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
755 for vcpe in vcpe_intfs:
756 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
757 assert_not_equal(vcpe_ip,None)
758 os.system('ifconfig {} down'.format(vcpe))
759 time.sleep(1)
760 os.system('ifconfig {} up'.format(vcpe))
761 time.sleep(1)
762 vcpe_ip2 = get_ip(vcpe)
763 assert_equal(vcpe_ip2,vcpe_ip)
764 for vcpe in vcpe_intfs:
765 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
766
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]767 @deferred(TIMEOUT)
Anil Kumar Sanka52a39f82017-05-10 17:39:31 +0000[diff] [blame]768 def test_vsg_for_external_connectivity_after_restarting_vcpe_instance(self,vcpe_name=None,vcpe_intf=None):
769 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]770 Test Method:
Anil Kumar Sanka52a39f82017-05-10 17:39:31 +0000[diff] [blame]771 1. Get vSG corresponding to vcpe
772 2. Get dhcp ip to vcpe interface
773 3. Add static route to destination route in test container
774 4. From test container ping to destination route and verify ping success
775 5. Login to compute node and execute command to pause vcpe container
776 6. From test container ping to destination route and verify ping success
777 """
778 if not vcpe_name:
779 vcpe_name = self.vcpe_container
780 if not vcpe_intf:
781 vcpe_intf = self.vcpe_dhcp
782 df = defer.Deferred()
783 def vcpe_firewall(df):
784 if self.on_pod is False:
785 df.callback(0)
786 return
787 host = '8.8.8.8'
788 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
789 try:
790 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
791 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
792 assert_equal(st, False)
793 st, _ = vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
794 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
795 assert_equal(st, False)
796 finally:
797 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
798 df.callback(0)
799 reactor.callLater(0, vcpe_firewall, df)
800 return df
801
802 @deferred(TIMEOUT)
803 def test_vsg_for_external_connectivity_after_restarting_vsg_vm(self,vcpe_name=None,vcpe_intf=None):
804 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]805 Test Method:
Anil Kumar Sanka52a39f82017-05-10 17:39:31 +0000[diff] [blame]806 1. Get vSG corresponding to vcpe
807 2. Get dhcp ip to vcpe interface
808 3. Add static route to destination route in test container
809 4. From test container ping to destination route and verify ping success
810 5. Login to compute node and execute command to pause vcpe container
811 6. From test container ping to destination route and verify ping success
812 """
813 if not vcpe_name:
814 vcpe_name = self.vcpe_container
815 if not vcpe_intf:
816 vcpe_intf = self.vcpe_dhcp
817 df = defer.Deferred()
818 def vcpe_firewall(df):
819 if self.on_pod is False:
820 df.callback(0)
821 return
822 host = '8.8.8.8'
823 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
824 try:
825 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
826 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
827 assert_equal(st, False)
828 st, _ = vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
829 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
830 assert_equal(st, False)
831 finally:
832 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
833 df.callback(0)
834 reactor.callLater(0, vcpe_firewall, df)
835 return df
836
837 @deferred(TIMEOUT)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]838 def test_vsg_for_external_connectivity_with_vcpe_container_paused(self,vcpe_name=None,vcpe_intf=None):
839 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]840 Test Method:
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]841 1. Get vSG corresponding to vcpe
842 2. Get dhcp ip to vcpe interface
843 3. Add static route to destination route in test container
844 4. From test container ping to destination route and verify ping success
845 5. Login to compute node and execute command to pause vcpe container
846 6. From test container ping to destination route and verify ping success
847 """
848 if not vcpe_name:
849 vcpe_name = self.vcpe_container
850 if not vcpe_intf:
851 vcpe_intf = self.vcpe_dhcp
852 df = defer.Deferred()
853 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]854 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]855 df.callback(0)
856 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]857 host = '8.8.8.8'
858 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
859 try:
860 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
861 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
862 assert_equal(st, False)
863 st, _ = vsg.run_cmd('sudo docker pause {}'.format(vcpe_name))
864 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
865 assert_equal(st, False)
866 finally:
867 vsg.run_cmd('sudo docker unpause'.format(vcpe_name))
868 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
869 df.callback(0)
870 reactor.callLater(0, vcpe_firewall, df)
871 return df
872
873 @deferred(TIMEOUT)
874 def test_vsg_firewall_with_deny_destination_ip(self, vcpe_name=None, vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]875 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]876 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]877 1. Get vSG corresponding to vcpe
878 2. Login to compute node
879 3. Execute iptable command on vcpe from compute node to deny a destination IP
880 4. From cord-tester ping to the denied IP address
881 5. Verifying that ping should not be successful
882 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]883 if not vcpe_name:
884 vcpe_name = self.vcpe_container
885 if not vcpe_intf:
886 vcpe_intf = self.vcpe_dhcp
887 df = defer.Deferred()
888 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]889 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]890 df.callback(0)
891 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]892 host = '8.8.8.8'
893 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
894 try:
895 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
896 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
897 assert_equal(st, False)
898 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
899 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
900 assert_equal(st, True)
901 finally:
902 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
903 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
904 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
905 df.callback(0)
906 reactor.callLater(0, vcpe_firewall, df)
907 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]908
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]909 @deferred(TIMEOUT)
910 def test_vsg_firewall_with_rule_add_and_delete_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]911 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]912 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]913 1. Get vSG corresponding to vcpe
914 2. Login to compute node
915 3. Execute iptable command on vcpe from compute node to deny a destination IP
916 4. From cord-tester ping to the denied IP address
917 5. Verifying that ping should not be successful
918 6. Delete the iptable rule in vcpe
919 7. From cord-tester ping to the denied IP address
920 8. Verifying the ping should success
921 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]922 if not vcpe_name:
923 vcpe_name = self.vcpe_container
924 if not vcpe_intf:
925 vcpe_intf = self.vcpe_dhcp
926 df = defer.Deferred()
927 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]928 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]929 df.callback(0)
930 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]931 host = '8.8.8.8'
932 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
933 try:
934 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
935 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
936 assert_equal(st, False)
937 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
938 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
939 assert_equal(st, True)
940 st,_ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
941 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
942 assert_equal(st, False)
943 finally:
944 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
945 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
946 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
947 df.callback(0)
948 reactor.callLater(0, vcpe_firewall, df)
949 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]950
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]951 @deferred(TIMEOUT)
952 def test_vsg_firewall_verifying_reachability_for_non_blocked_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]953 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]954 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]955 1. Get vSG corresponding to vcpe
956 2. Login to compute node
957 3. Execute iptable command on vcpe from compute node to deny a destination IP
958 4. From cord-tester ping to the denied IP address
959 5. Verifying that ping should not be successful
960 6. From cord-tester ping to the denied IP address other than the denied one
961 7. Verifying the ping should success
962 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]963 if not vcpe_name:
964 vcpe_name = self.vcpe_container
965 if not vcpe_intf:
966 vcpe_intf = self.vcpe_dhcp
967 df = defer.Deferred()
968 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]969 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]970 df.callback(0)
971 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]972 host1 = '8.8.8.8'
973 host2 = '204.79.197.203'
974 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
975 try:
976 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
977 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
978 assert_equal(st, False)
979 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
980 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
981 assert_equal(st, True)
982 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
983 assert_equal(st,False)
984 finally:
985 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
986 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
987 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
988 df.callback(0)
989 reactor.callLater(0, vcpe_firewall, df)
990 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]991
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]992 @deferred(TIMEOUT)
993 def test_vsg_firewall_appending_rules_with_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]994 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]995 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]996 1. Get vSG corresponding to vcpe
997 2. Login to compute node
998 3. Execute iptable command on vcpe from compute node to deny a destination IP1
999 4. From cord-tester ping to the denied IP address IP1
1000 5. Verifying that ping should not be successful
1001 6. Execute iptable command on vcpe from compute node to deny a destination IP2
1002 6. From cord-tester ping to the denied IP address IP2
1003 7. Verifying that ping should not be successful
1004 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1005 if not vcpe_name:
1006 vcpe_name = self.vcpe_container
1007 if not vcpe_intf:
1008 vcpe_intf = self.vcpe_dhcp
1009 df = defer.Deferred()
1010 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1011 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1012 df.callback(0)
1013 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1014 host1 = '8.8.8.8'
1015 host2 = '204.79.197.203'
1016 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1017 try:
1018 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
1019 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1020 assert_equal(st, False)
1021 st,_ = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name))
1022 time.sleep(2)
1023 st,_ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
1024 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1025 assert_equal(st, True)
1026 st, out = getstatusoutput('ping -c 1 {}'.format(host2))
1027 log.info('host2 ping output is %s'%out)
1028 assert_equal(st, False)
1029 st, _ = vsg.run_cmd('sudo docker exec {} iptables -A FORWARD -d {} -j DROP'.format(vcpe_name,host2))
1030 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1031 assert_equal(st,True)
1032 finally:
1033 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
1034 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
1035 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
1036 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1037 df.callback(0)
1038 reactor.callLater(0, vcpe_firewall, df)
1039 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1040
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1041 @deferred(TIMEOUT)
1042 def test_vsg_firewall_removing_one_rule_denying_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1043 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1044 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1045 1. Get vSG corresponding to vcpe
1046 2. Login to compute node
1047 3. Execute iptable command on vcpe from compute node to deny a destination IP1
1048 4. Execute iptable command on vcpe from compute node to deny a destination IP2
1049 5. From cord-tester ping to the denied IP address IP1
1050 6. Verifying that ping should not be successful
1051 7. From cord-tester ping to the denied IP address IP2
1052 8. Verifying that ping should not be successful
1053 9. Execute iptable command on vcpe from compute node to remove deny a destination IP2 rule
1054 10. From cord-tester ping to the denied IP address IP2
1055 11. Verifying the ping should success
1056 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1057 if not vcpe_name:
1058 vcpe_name = self.vcpe_container
1059 if not vcpe_intf:
1060 vcpe_intf = self.vcpe_dhcp
1061 df = defer.Deferred()
1062 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1063 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1064 df.callback(0)
1065 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1066 host1 = '8.8.8.8'
1067 host2 = '204.79.197.203'
1068 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1069 try:
1070 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp)
1071 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1072 assert_equal(st, False)
1073 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
1074 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host2))
1075 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1076 assert_equal(st, True)
1077 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1078 assert_equal(st,True)
1079 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
1080 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1081 assert_equal(st,False)
1082 finally:
1083 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
1084 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
1085 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
1086 log.info('restarting vcpe container')
1087 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1088 df.callback(0)
1089 reactor.callLater(0, vcpe_firewall, df)
1090 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1091
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1092 @deferred(TIMEOUT)
1093 def test_vsg_firewall_changing_rule_id_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1094 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1095 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1096 1. Get vSG corresponding to vcpe
1097 2. Login to compute node
1098 3. Execute iptable command on vcpe from compute node to deny a destination IP
1099 5. From cord-tester ping to the denied IP address IP1
1100 6. Verifying that ping should not be successful
1101 9. Execute iptable command on vcpe from compute node to change the rule ID to 2 to deny the same destination IP
1102 10. From cord-tester ping to the denied IP address IP
1103 11. Verifying that ping should not be successful
1104 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1105 if not vcpe_name:
1106 vcpe_name = self.vcpe_container
1107 if not vcpe_intf:
1108 vcpe_intf = self.vcpe_dhcp
1109 df = defer.Deferred()
1110 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1111 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1112 df.callback(0)
1113 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1114 host = '8.8.8.8'
1115 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1116 try:
1117 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1118 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1119 assert_equal(st, False)
1120 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1121 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1122 assert_equal(st, True)
1123 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP '.format(vcpe_name,host))
1124 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1125 assert_equal(st,True)
1126 finally:
1127 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1128 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1129 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1130 df.callback(0)
1131 reactor.callLater(0, vcpe_firewall, df)
1132 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1133
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1134 @deferred(TIMEOUT)
1135 def test_vsg_firewall_changing_deny_rule_to_accept_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1136 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1137 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1138 1. Get vSG corresponding to vcpe
1139 2. Login to compute node
1140 3. Execute iptable command on vcpe from compute node to deny a destination IP
1141 5. From cord-tester ping to the denied IP address IP1
1142 6. Verifying that ping should not be successful
1143 9. Execute iptable command on vcpe from compute node to accept the same destination IP
1144 10. From cord-tester ping to the accepted IP
1145 11. Verifying the ping should success
1146 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1147 if not vcpe_name:
1148 vcpe_name = self.vcpe_container
1149 if not vcpe_intf:
1150 vcpe_intf = self.vcpe_dhcp
1151 df = defer.Deferred()
1152 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1153 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1154 df.callback(0)
1155 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1156 host = '8.8.8.8'
1157 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1158 try:
1159 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1160 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1161 assert_equal(st, False)
1162 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1163 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1164 assert_equal(st, True)
1165 st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -d {} -j ACCEPT'.format(vcpe_name,host))
1166 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1167 assert_equal(st,False)
1168 finally:
1169 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1170 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j ACCEPT'.format(vcpe_name,host))
1171 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1172 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1173 df.callback(0)
1174 reactor.callLater(0, vcpe_firewall, df)
1175 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1176
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1177 @deferred(TIMEOUT) #Fail
1178 def test_vsg_firewall_denying_destination_network(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1179 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1180 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1181 1. Get vSG corresponding to vcpe
1182 2. Login to compute node
1183 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet
1184 4. From cord-tester ping to the denied IP address IP1 in the denied subnet
1185 5. Verifying that ping should not be successful
1186 6. From cord-tester ping to the denied IP address IP2 in the denied subnet
1187 7. Verifying that ping should not be successful
1188 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1189 if not vcpe_name:
1190 vcpe_name = self.vcpe_container
1191 if not vcpe_intf:
1192 vcpe_intf = self.vcpe_dhcp
1193 df = defer.Deferred()
1194 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1195 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1196 df.callback(0)
1197 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1198 network = '204.79.197.192/28'
1199 host1 = '204.79.197.203'
1200 host2 = '204.79.197.210'
1201 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1202 try:
1203 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp)
1204 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1205 assert_equal(st, False)
1206 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network))
1207 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1208 assert_equal(st, True)
1209 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1210 assert_equal(st,False)
1211 finally:
1212 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network))
1213 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
1214 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1215 df.callback(0)
1216 reactor.callLater(0, vcpe_firewall, df)
1217 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1218
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1219 @deferred(TIMEOUT)
1220 def test_vsg_firewall_denying_destination_network_subnet_modification(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1221 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1222 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1223 1. Get vSG corresponding to vcpe
1224 2. Login to compute node
1225 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet
1226 4. From cord-tester ping to the denied IP address IP1 in the denied subnet
1227 5. Verifying that ping should not be successful
1228 6. From cord-tester ping to the denied IP address IP2 in the denied subnet
1229 7. Verifying that ping should not be successful
1230 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1231 if not vcpe_name:
1232 vcpe_name = self.vcpe_container
1233 if not vcpe_intf:
1234 vcpe_intf = self.vcpe_dhcp
1235 df = defer.Deferred()
1236 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1237 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1238 df.callback(0)
1239 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1240 network1 = '204.79.197.192/28'
1241 network2 = '204.79.197.192/27'
1242 host1 = '204.79.197.203'
1243 host2 = '204.79.197.210'
1244 host3 = '204.79.197.224'
1245 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1246 try:
1247 self.add_static_route_via_vcpe_interface([host1,host2,host3],vcpe=self.vcpe_dhcp)
1248 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1249 assert_equal(st, False)
1250 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network1))
1251 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1252 assert_equal(st, True)
1253 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1254 assert_equal(st,False)
1255 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP'.format(vcpe_name,network2))
1256 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1257 assert_equal(st, True)
1258 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1259 assert_equal(st, True)
1260 st, _ = getstatusoutput('ping -c 1 {}'.format(host3))
1261 assert_equal(st, False)
1262 finally:
1263 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network1))
1264 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network2))
1265 self.del_static_route_via_vcpe_interface([host1,host2,host3],vcpe=vcpe_intf)
1266 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1267 df.callback(0)
1268 reactor.callLater(0, vcpe_firewall, df)
1269 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1270
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1271 @deferred(TIMEOUT)
1272 def test_vsg_firewall_with_deny_source_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1273 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1274 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1275 1. Get vSG corresponding to vcpe
1276 2. Login to compute node
1277 3. Execute iptable command on vcpe from compute node to deny a source IP
1278 4. From cord-tester ping to 8.8.8.8 from the denied IP
1279 5. Verifying that ping should not be successful
1280 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1281 if not vcpe_name:
1282 vcpe_name = self.vcpe_container
1283 if not vcpe_intf:
1284 vcpe_intf = self.vcpe_dhcp
1285 df = defer.Deferred()
1286 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1287 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1288 df.callback(0)
1289 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1290 host = '8.8.8.8'
1291 #source_ip = get_ip(self.vcpe_dhcp)
1292 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1293 try:
1294 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1295 source_ip = get_ip(self.vcpe_dhcp)
1296 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1297 assert_equal(st, False)
1298 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1299 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1300 assert_equal(st, True)
1301 finally:
1302 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1303 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1304 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1305 df.callback(0)
1306 reactor.callLater(0, vcpe_firewall, df)
1307 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1308
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1309 @deferred(TIMEOUT)
1310 def test_vsg_firewall_rule_with_add_and_delete_deny_source_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1311 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1312 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1313 1. Get vSG corresponding to vcpe
1314 2. Login to compute node
1315 3. Execute iptable command on vcpe from compute node to deny a source IP
1316 4. From cord-tester ping to 8.8.8.8 from the denied IP
1317 5. Verifying that ping should not be successful
1318 6. Delete the iptable rule in vcpe
1319 7. From cord-tester ping to 8.8.8.8 from the denied IP
1320 8. Verifying the ping should success
1321 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1322 if not vcpe_name:
1323 vcpe_name = self.vcpe_container
1324 if not vcpe_intf:
1325 vcpe_intf = self.vcpe_dhcp
1326 df = defer.Deferred()
1327 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1328 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1329 df.callback(0)
1330 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1331 host = '8.8.8.8'
1332 source_ip = get_ip(self.vcpe_dhcp)
1333 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1334 try:
1335 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1336 source_ip = get_ip(self.vcpe_dhcp)
1337 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1338 assert_equal(st, False)
1339 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1340 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1341 assert_equal(st, True)
1342 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1343 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1344 assert_equal(st, False)
1345 finally:
1346 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1347 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1348 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1349 df.callback(0)
1350 reactor.callLater(0, vcpe_firewall, df)
1351 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1352
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1353 @deferred(TIMEOUT)
1354 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_requests_type(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1355 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1356 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1357 1. Get vSG corresponding to vcpe
1358 2. Login to compute node
1359 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets
1360 4. From cord-tester ping to 8.8.8.8
1361 5. Verifying that ping should not be successful
1362 6. Delete the iptable rule
1363 7. From cord-tester ping to 8.8.8.8
1364 8. Verifying the ping should success
1365 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1366 if not vcpe_name:
1367 vcpe_name = self.vcpe_container
1368 if not vcpe_intf:
1369 vcpe_intf = self.vcpe_dhcp
1370 df = defer.Deferred()
1371 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1372 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1373 df.callback(0)
1374 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1375 host = '8.8.8.8'
1376 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1377 try:
1378 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1379 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1380 assert_equal(st, False)
1381 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1382 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1383 assert_equal(st, True)
1384 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1385 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1386 assert_equal(st, False)
1387 finally:
1388 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1389 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1390 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1391 df.callback(0)
1392 reactor.callLater(0, vcpe_firewall, df)
1393 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1394
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1395 @deferred(TIMEOUT)
1396 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1397 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1398 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1399 1. Get vSG corresponding to vcpe
1400 2. Login to compute node
1401 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets
1402 4. From cord-tester ping to 8.8.8.8
1403 5. Verifying that ping should not be successful
1404 6. Delete the iptable rule
1405 7. From cord-tester ping to 8.8.8.8
1406 8. Verifying the ping should success
1407 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1408 if not vcpe_name:
1409 vcpe_name = self.vcpe_container
1410 if not vcpe_intf:
1411 vcpe_intf = self.vcpe_dhcp
1412 df = defer.Deferred()
1413 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1414 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1415 df.callback(0)
1416 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1417 host = '8.8.8.8'
1418 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1419 try:
1420 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1421 st, _ = getstatusoutput('ping -c 1 {}'.format('8.8.8.8'))
1422 assert_equal(st, False)
1423 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1424 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1425 assert_equal(st, True)
1426 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1427 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1428 assert_equal(st,False)
1429 finally:
1430 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1431 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1432 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1433 df.callback(0)
1434 reactor.callLater(0, vcpe_firewall, df)
1435 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1436
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1437 @deferred(TIMEOUT)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1438 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_requests_type(self, vcpe_name=None, vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1439 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1440 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1441 1. Get vSG corresponding to vcpe
1442 2. Login to compute node
1443 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets
1444 4. From cord-tester ping to 8.8.8.8
1445 5. Verifying that ping should not be successful
1446 6. Insert another rule to accept the icmp-echo requests protocol packets
1447 7. From cord-tester ping to 8.8.8.8
1448 8. Verifying the ping should success
1449 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1450 if not vcpe_name:
1451 vcpe_name = self.vcpe_container
1452 if not vcpe_intf:
1453 vcpe_intf = self.vcpe_dhcp
1454 df = defer.Deferred()
1455 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1456 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1457 df.callback(0)
1458 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1459 host = '8.8.8.8'
1460 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1461 try:
1462 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1463 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1464 assert_equal(st, False)
1465 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1466 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1467 assert_equal(st, True)
1468 st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name))
1469 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1470 assert_equal(st,False)
1471 finally:
1472 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1473 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name))
1474 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1475 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1476 df.callback(0)
1477 reactor.callLater(0, vcpe_firewall, df)
1478 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1479
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1480 @deferred(TIMEOUT)
1481 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None):
1482 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1483 Test Method:
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1484 1. Get vSG corresponding to vcpe
1485 2. Login to compute node
1486 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets
1487 4. From cord-tester ping to 8.8.8.8
1488 5. Verifying the ping should not success
1489 6. Insert another rule to accept the icmp-echo requests protocol packets
1490 7. From cord-tester ping to 8.8.8.8
1491 8. Verifying the ping should success
1492 """
1493 if not vcpe_name:
1494 vcpe_name = self.vcpe_container
1495 if not vcpe_intf:
1496 vcpe_intf = self.vcpe_dhcp
1497 df = defer.Deferred()
1498 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1499 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1500 df.callback(0)
1501 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1502 host = '8.8.8.8'
1503 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1504 try:
1505 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1506 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1507 assert_equal(st, False)
1508 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1509 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1510 assert_equal(st, True)
1511 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name))
1512 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1513 assert_equal(st,False)
1514 finally:
1515 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1516 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name))
1517 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1518 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1519 df.callback(0)
1520 reactor.callLater(0, vcpe_firewall, df)
1521 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1522
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1523 @deferred(TIMEOUT)
1524 def test_vsg_firewall_for_deny_icmp_protocol(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1525 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1526 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1527 1. Get vSG corresponding to vcpe
1528 2. Login to compute node
1529 3. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1530 4. From cord-tester ping to 8.8.8.8
1531 5. Verifying that ping should not be successful
1532 6. Delete the iptable rule
1533 7. From cord-tester ping to 8.8.8.8
1534 8. Verifying the ping should success
1535 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1536 if not vcpe_name:
1537 vcpe_name = self.vcpe_container
1538 if not vcpe_intf:
1539 vcpe_intf = self.vcpe_dhcp
1540 df = defer.Deferred()
1541 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1542 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1543 df.callback(0)
1544 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1545 host = '8.8.8.8'
1546 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1547 try:
1548 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1549 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1550 assert_equal(st, False)
1551 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1552 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1553 assert_equal(st, True)
1554 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1555 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1556 assert_equal(st,False)
1557 finally:
1558 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1559 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1560 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1561 df.callback(0)
1562 reactor.callLater(0, vcpe_firewall, df)
1563 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1564
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1565 @deferred(TIMEOUT)
1566 def test_vsg_firewall_rule_deny_icmp_protocol_and_destination_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1567 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1568 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1569 1. Get vSG corresponding to vcpe
1570 2. Login to compute node
1571 3. Execute iptable command on vcpe from compute node to deny a destination IP
1572 4. From cord-tester ping to 8.8.8.8
1573 5. Verifying that ping should not be successful
1574 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1575 7. From cord-tester ping to 8.8.8.8
1576 8. Verifying the ping should success
1577 9. Delete the rule added in step 3
1578 10. From cord-tester ping to 8.8.8.8
1579 11. Verifying that ping should not be successful
1580 12. Delete the rule added in step 6
1581 13. From cord-tester ping to 8.8.8.8
1582 14. Verifying the ping should success
1583 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1584 if not vcpe_name:
1585 vcpe_name = self.vcpe_container
1586 if not vcpe_intf:
1587 vcpe_intf = self.vcpe_dhcp
1588 df = defer.Deferred()
1589 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1590 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1591 df.callback(0)
1592 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1593 host = '8.8.8.8'
1594 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1595 try:
1596 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1597 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1598 assert_equal(st, False)
1599 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1600 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1601 assert_equal(st, True)
1602 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1603 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1604 assert_equal(st, True)
1605 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1606 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1607 assert_equal(st, True)
1608 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1609 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1610 assert_equal(st,False)
1611 finally:
1612 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1613 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1614 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1615 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1616 df.callback(0)
1617 reactor.callLater(0, vcpe_firewall, df)
1618 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1619
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1620 @deferred(TIMEOUT) #Fail
1621 def test_vsg_firewall_flushing_all_configured_rules(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1622 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1623 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1624 1. Get vSG corresponding to vcpe
1625 2. Login to compute node
1626 3. Execute iptable command on vcpe from compute node to deny a destination IP
1627 4. From cord-tester ping to 8.8.8.8
1628 5. Verifying that ping should not be successful
1629 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1630 7. From cord-tester ping to 8.8.8.8
1631 8. Verifying the ping should success
1632 9. Flush all the iptable rules configuraed in vcpe
1633 10. Delete the rule added in step 6
1634 11. From cord-tester ping to 8.8.8.8
1635 12. Verifying the ping should success
1636 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1637 if not vcpe_name:
1638 vcpe_name = self.vcpe_container
1639 if not vcpe_intf:
1640 vcpe_intf = self.vcpe_dhcp
1641 df = defer.Deferred()
1642 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1643 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1644 df.callback(0)
1645 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1646 host = '8.8.8.8'
1647 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1648 try:
1649 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1650 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1651 assert_equal(st, False)
1652 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1653 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1654 assert_equal(st, True)
1655 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1656 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1657 assert_equal(st, True)
1658 st,output = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name))
1659 time.sleep(1)
1660 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1661 assert_equal(st, False)
1662 finally:
1663 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1664 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1665 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1666 df.callback(0)
1667 reactor.callLater(0, vcpe_firewall, df)
1668 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1669
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1670 @deferred(TIMEOUT)
1671 def test_vsg_firewall_deny_all_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1672 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1673 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1674 1. Get vSG corresponding to vcpe
1675 2. Login to compute node
1676 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic
1677 4. From cord-tester ping to 8.8.8.8
1678 5. Verifying that ping should not be successful
1679 6. Delete the iptable rule added
1680 7. From cord-tester ping to 8.8.8.8
1681 8. Verifying the ping should success
1682 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1683 if not vcpe_name:
1684 vcpe_name = self.vcpe_container
1685 if not vcpe_intf:
1686 vcpe_intf = self.vcpe_dhcp
1687 df = defer.Deferred()
1688 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1689 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1690 df.callback(0)
1691 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1692 host = '8.8.8.8'
1693 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1694 try:
1695 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1696 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1697 assert_equal(st, False)
1698 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1699 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1700 assert_equal(st, True)
1701 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1702 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1703 assert_equal(st, False)
1704 finally:
1705 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1706 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1707 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1708 df.callback(0)
1709 reactor.callLater(0, vcpe_firewall, df)
1710 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1711
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1712 @deferred(TIMEOUT)
1713 def test_vsg_firewall_replacing_deny_rule_to_accept_rule_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1714 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1715 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1716 1. Get vSG corresponding to vcpe
1717 2. Login to compute node
1718 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic
1719 4. From cord-tester ping to 8.8.8.8
1720 5. Verifying that ping should not be successful
1721 6. Replace the deny rule added in step 3 with accept rule
1722 7. From cord-tester ping to 8.8.8.8
1723 8. Verifying the ping should success
1724 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1725 if not vcpe_name:
1726 vcpe_name = self.vcpe_container
1727 if not vcpe_intf:
1728 vcpe_intf = self.vcpe_dhcp
1729 df = defer.Deferred()
1730 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1731 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1732 df.callback(0)
1733 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1734 host = '8.8.8.8'
1735 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1736 try:
1737 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1738 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1739 assert_equal(st, False)
1740 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1741 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1742 assert_equal(st, True)
1743 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -4 -j ACCEPT'.format(vcpe_name))
1744 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1745 assert_equal(st, False)
1746 finally:
1747 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1748 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1749 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1750 df.callback(0)
1751 reactor.callLater(0, vcpe_firewall, df)
1752 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1753
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1754 @deferred(TIMEOUT)
1755 def test_vsg_firewall_deny_all_traffic_coming_on_lan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
1756 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1757 Test Method:
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1758 1. Get vSG corresponding to vcpe
1759 2. Login to compute node
1760 3. Execute iptable command on vcpe from compute node to deny all the traffic coming on lan interface inside vcpe container
1761 4. From cord-tester ping to 8.8.8.8
1762 5. Verifying the ping should not success
1763 6. Delete the iptable rule added
1764 7. From cord-tester ping to 8.8.8.8
1765 8. Verifying the ping should success
1766 """
1767 if not vcpe_name:
1768 vcpe_name = self.vcpe_container
1769 if not vcpe_intf:
1770 vcpe_intf = self.vcpe_dhcp
1771 df = defer.Deferred()
1772 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1773 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1774 df.callback(0)
1775 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1776 host = '8.8.8.8'
1777 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1778 try:
1779 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1780 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1781 assert_equal(st, False)
1782 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -j DROP'.format(vcpe_name))
1783 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1784 assert_equal(st, True)
1785 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name))
1786 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1787 assert_equal(st, False)
1788 finally:
1789 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name))
1790 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1791 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1792 df.callback(0)
1793 reactor.callLater(0, vcpe_firewall, df)
1794 return df
1795
1796 @deferred(TIMEOUT)
1797 def test_vsg_firewall_deny_all_traffic_going_out_of_wan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
1798 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1799 Test Method:
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1800 1. Get vSG corresponding to vcpe
1801 2. Login to compute node
1802 3. Execute iptable command on vcpe from compute node to deny all the traffic going out of wan interface inside vcpe container
1803 4. From cord-tester ping to 8.8.8.8
1804 5. Verifying the ping should not success
1805 6. Delete the iptable rule added
1806 7. From cord-tester ping to 8.8.8.8
1807 8. Verifying the ping should success
1808 """
1809 if not vcpe_name:
1810 vcpe_name = self.vcpe_container
1811 if not vcpe_intf:
1812 vcpe_intf = self.vcpe_dhcp
1813 df = defer.Deferred()
1814 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1815 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1816 df.callback(0)
1817 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1818 host = '8.8.8.8'
1819 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1820 try:
1821 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1822 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1823 assert_equal(st, False)
1824 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -o eth0 -j DROP'.format(vcpe_name))
1825 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1826 assert_equal(st, True)
1827 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name))
1828 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1829 assert_equal(st, False)
1830 finally:
1831 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name))
1832 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1833 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1834 df.callback(0)
1835 reactor.callLater(0, vcpe_firewall, df)
1836 return df
1837
1838 @deferred(TIMEOUT)
1839 def test_vsg_firewall_deny_all_traffic_from_lan_to_wan_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1840 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1841 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1842 1. Get vSG corresponding to vcpe
1843 2. Login to compute node
1844 3. Execute iptable command on vcpe from compute node to deny all the traffic from lan to wan interface in vcpe
1845 4. From cord-tester ping to 8.8.8.8
1846 5. Verifying that ping should not be successful
1847 6. Delete the iptable rule added
1848 7. From cord-tester ping to 8.8.8.8
1849 8. Verifying the ping should success
1850 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1851 if not vcpe_name:
1852 vcpe_name = self.vcpe_container
1853 if not vcpe_intf:
1854 vcpe_intf = self.vcpe_dhcp
1855 df = defer.Deferred()
1856 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1857 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1858 df.callback(0)
1859 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1860 host = '8.8.8.8'
1861 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1862 try:
1863 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1864 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1865 assert_equal(st, False)
1866 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1867 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1868 assert_equal(st, True)
1869 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1870 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1871 assert_equal(st, False)
1872 finally:
1873 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1874 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1875 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1876 df.callback(0)
1877 reactor.callLater(0, vcpe_firewall, df)
1878 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1879
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1880 #this test case needs modification.default route should be vcpe interface to run this test case
1881 @deferred(TIMEOUT)
1882 def test_vsg_firewall_deny_all_dns_traffic(self,vcpe_name=None,vcpe_intf=None):
1883 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1884 Test Method:
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1885 1. Get vSG corresponding to vcpe
1886 2. Login to compute node
1887 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1888 4. From cord-tester ping to www.google.com
1889 5. Verifying the ping should not success
1890 6. Delete the iptable rule added
1891 7. From cord-tester ping to www.google.com
1892 8. Verifying the ping should success
1893 """
1894 if not vcpe_name:
1895 vcpe_name = self.vcpe_container
1896 if not vcpe_intf:
1897 vcpe_intf = self.vcpe_dhcp
1898 df = defer.Deferred()
1899 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1900 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1901 df.callback(0)
1902 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1903 host = 'www.msn.com'
1904 host_ip = '131.253.33.203'
1905 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1906 try:
1907 self.add_static_route_via_vcpe_interface([host_ip],vcpe=self.vcpe_dhcp)
1908 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1909 assert_equal(st, False)
1910 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name))
1911 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1912 assert_equal(st, True)
1913 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p udp --dport 53 -j ACCEPT'.format(vcpe_name))
1914 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1915 assert_equal(st, False)
1916 finally:
1917 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name))
1918 self.del_static_route_via_vcpe_interface([host_ip],vcpe=vcpe_intf)
1919 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1920 df.callback(0)
1921 reactor.callLater(0, vcpe_firewall, df)
1922 return df
1923
1924 @deferred(TIMEOUT)
1925 def test_vsg_firewall_deny_all_ipv4_traffic_vcpe_container_restart(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1926 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1927 Test Method:
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1928 1. Get vSG corresponding to vcpe
1929 2. Login to compute node
1930 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1931 4. From cord-tester ping to www.google.com
1932 5. Verifying that ping should not be successful
1933 6. Delete the iptable rule added
1934 7. From cord-tester ping to www.google.com
1935 8. Verifying the ping should success
1936 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1937 if not vcpe_name:
1938 vcpe_name = self.vcpe_container
1939 if not vcpe_intf:
1940 vcpe_intf = self.vcpe_dhcp
1941 df = defer.Deferred()
1942 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1943 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1944 df.callback(0)
1945 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1946 host = '8.8.8.8'
1947 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1948 try:
1949 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1950 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1951 assert_equal(st, False)
1952 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1953 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1954 assert_equal(st, True)
1955 st,output = vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1956 time.sleep(3)
1957 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1958 assert_equal(st, False)
1959 finally:
1960 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1961 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1962 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1963 df.callback(0)
1964 reactor.callLater(0, vcpe_firewall, df)
1965 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1966
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1967 @deferred(TIMEOUT)
1968 def test_vsg_dnat_modifying_destination_ip(self,vcpe_name=None,vcpe_intf=None):
1969 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]1970 Test Method:
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1971 1. Get vSG corresponding to vcpe
1972 2. Login to compute node
1973 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1974 4. From cord-tester ping to www.google.com
1975 5. Verifying the ping should not success
1976 6. Delete the iptable rule added
1977 7. From cord-tester ping to www.google.com
1978 8. Verifying the ping should success
1979 """
1980 if not vcpe_name:
1981 vcpe_name = self.vcpe_container
1982 if not vcpe_intf:
1983 vcpe_intf = self.vcpe_dhcp
1984 df = defer.Deferred()
1985 def vcpe_firewall(df):
1986 host = '8.8.8.8'
1987 dst_ip = '123.123.123.123'
1988 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1989 try:
1990 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1991 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1992 assert_equal(st, False)
1993 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1994 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1995 assert_equal(st, True)
1996 finally:
1997 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1998 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1999 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
2000 df.callback(0)
2001 reactor.callLater(0,vcpe_firewall,df)
2002 return df
2003
2004 @deferred(TIMEOUT)
2005 def test_vsg_dnat_modifying_destination_ip_and_delete(self,vcpe_name=None,vcpe_intf=None):
2006 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2007 Test Method:
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]2008 1. Get vSG corresponding to vcpe
2009 2. Login to compute node
2010 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
2011 4. From cord-tester ping to www.google.com
2012 5. Verifying the ping should not success
2013 6. Delete the iptable rule added
2014 7. From cord-tester ping to www.google.com
2015 8. Verifying the ping should success
2016 """
2017 if not vcpe_name:
2018 vcpe_name = self.vcpe_container
2019 if not vcpe_intf:
2020 vcpe_intf = self.vcpe_dhcp
2021 df = defer.Deferred()
2022 def vcpe_firewall(df):
2023 host = '8.8.8.8'
2024 dst_ip = '123.123.123.123'
2025 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
2026 try:
2027 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
2028 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2029 assert_equal(st, False)
2030 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
2031 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2032 assert_equal(st, True)
2033 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
2034 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2035 assert_equal(st, False)
2036 finally:
2037 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
2038 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
2039 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
2040 df.callback(0)
2041 reactor.callLater(0,vcpe_firewall,df)
2042 return df
2043
2044 @deferred(TIMEOUT)
2045 def test_vsg_dnat_change_modifying_destination_ip_address(self,vcpe_name=None,vcpe_intf=None):
2046 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2047 Test Method:
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]2048 1. Get vSG corresponding to vcpe
2049 2. Login to compute node
2050 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
2051 4. From cord-tester ping to www.google.com
2052 5. Verifying the ping should not success
2053 6. Delete the iptable rule added
2054 7. From cord-tester ping to www.google.com
2055 8. Verifying the ping should success
2056 """
2057 if not vcpe_name:
2058 vcpe_name = self.vcpe_container
2059 if not vcpe_intf:
2060 vcpe_intf = self.vcpe_dhcp
2061 df = defer.Deferred()
2062 def vcpe_firewall(df):
2063 host = '8.8.8.8'
2064 dst_ip = '123.123.123.123'
2065 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
2066 try:
2067 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
2068 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2069 assert_equal(st, False)
2070 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
2071 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2072 assert_equal(st, True)
2073 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -R PREROUTING 1 -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,host))
2074 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2075 assert_equal(st, False)
2076 finally:
2077 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
2078 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,host))
2079 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
2080 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
2081 df.callback(0)
2082 reactor.callLater(0,vcpe_firewall,df)
2083 return df
2084
A.R Karthicka3fa2f92017-05-18 18:51:36 -0700[diff] [blame]2085 def vsg_xos_subscriber_create(self, index, subscriber_info = None, volt_subscriber_info = None):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]2086 if self.on_pod is False:
A.R Karthicka3fa2f92017-05-18 18:51:36 -0700[diff] [blame]2087 return ''
2088 if subscriber_info is None:
2089 subscriber_info = self.subscriber_info[index]
2090 if volt_subscriber_info is None:
2091 volt_subscriber_info = self.volt_subscriber_info[index]
A R Karthickd0b06792017-04-25 15:11:23 -0700[diff] [blame]2092 s_tag = int(volt_subscriber_info['voltTenant']['s_tag'])
2093 c_tag = int(volt_subscriber_info['voltTenant']['c_tag'])
2094 vcpe = 'vcpe-{}-{}'.format(s_tag, c_tag)
2095 log.info('Creating tenant with s_tag: %d, c_tag: %d' %(s_tag, c_tag))
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]2096 subId = ''
2097 try:
2098 result = self.restApiXos.ApiPost('TENANT_SUBSCRIBER', subscriber_info)
2099 assert_equal(result, True)
2100 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
2101 assert_not_equal(result, None)
2102 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
2103 assert_not_equal(subId, '0')
A.R Karthicka3fa2f92017-05-18 18:51:36 -0700[diff] [blame]2104 log.info('Subscriber ID for account num %s = %s' %(str(volt_subscriber_info['account_num']), subId))
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]2105 volt_tenant = volt_subscriber_info['voltTenant']
2106 #update the subscriber id in the tenant info before making the rest
2107 volt_tenant['subscriber'] = subId
2108 result = self.restApiXos.ApiPost('TENANT_VOLT', volt_tenant)
2109 assert_equal(result, True)
2110 #if the vsg instance was already instantiated, then reduce delay
2111 if c_tag % self.subscribers_per_s_tag == 0:
2112 delay = 350
2113 else:
2114 delay = 90
2115 log.info('Delaying %d seconds for the VCPE to be provisioned' %(delay))
2116 time.sleep(delay)
2117 log.info('Testing for external connectivity to VCPE %s' %(vcpe))
2118 self.vsg_for_external_connectivity(index)
2119 finally:
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2120 return subId
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]2121
A.R Karthicka3fa2f92017-05-18 18:51:36 -0700[diff] [blame]2122 def vsg_xos_subscriber_delete(self, index, subId = '', voltId = '', subscriber_info = None, volt_subscriber_info = None):
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]2123 if self.on_pod is False:
2124 return
A.R Karthicka3fa2f92017-05-18 18:51:36 -0700[diff] [blame]2125 if subscriber_info is None:
2126 subscriber_info = self.subscriber_info[index]
2127 if volt_subscriber_info is None:
2128 volt_subscriber_info = self.volt_subscriber_info[index]
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]2129 s_tag = int(volt_subscriber_info['voltTenant']['s_tag'])
2130 c_tag = int(volt_subscriber_info['voltTenant']['c_tag'])
2131 vcpe = 'vcpe-{}-{}'.format(s_tag, c_tag)
2132 log.info('Deleting tenant with s_tag: %d, c_tag: %d' %(s_tag, c_tag))
2133 if not subId:
2134 #get the subscriber id first
2135 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
2136 assert_not_equal(result, None)
2137 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
2138 assert_not_equal(subId, '0')
A.R Karthicka3fa2f92017-05-18 18:51:36 -0700[diff] [blame]2139 if not voltId:
2140 #get the volt id for the subscriber
2141 result = self.restApiXos.ApiGet('TENANT_VOLT')
2142 assert_not_equal(result, None)
2143 voltId = self.getVoltId(result, subId)
2144 assert_not_equal(voltId, None)
2145 log.info('Deleting subscriber ID %s for account num %s' %(subId, str(volt_subscriber_info['account_num'])))
A R Karthicka385cea2017-04-26 10:12:43 -0700[diff] [blame]2146 status = self.restApiXos.ApiDelete('TENANT_SUBSCRIBER', subId)
2147 assert_equal(status, True)
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]2148 #Delete the tenant
2149 log.info('Deleting VOLT Tenant ID %s for subscriber %s' %(voltId, subId))
A R Karthick76944872017-04-26 10:21:37 -0700[diff] [blame]2150 self.restApiXos.ApiDelete('TENANT_VOLT', voltId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2151
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame]2152 def vsg_xos_subscriber_id(self, index):
2153 volt_subscriber_info = self.volt_subscriber_info[index]
2154 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
2155 assert_not_equal(result, None)
2156 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
2157 return subId
2158
A.R Karthicka3fa2f92017-05-18 18:51:36 -0700[diff] [blame]2159 def test_vsg_xos_subscriber_create_reserved(self):
A.R Karthicka2960912017-05-18 18:52:55 -0700[diff] [blame]2160 if self.on_pod is False:
2161 return
A.R Karthicka3fa2f92017-05-18 18:51:36 -0700[diff] [blame]2162 tags_reserved = [ (int(vcpe['s_tag']), int(vcpe['c_tag'])) for vcpe in self.vcpes_reserved ]
2163 volt_tenants = self.restApiXos.ApiGet('TENANT_VOLT')
2164 subscribers = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
2165 reserved_tenants = filter(lambda tenant: (int(tenant['s_tag']), int(tenant['c_tag'])) in tags_reserved, volt_tenants)
2166 reserved_config = []
2167 for tenant in reserved_tenants:
2168 for subscriber in subscribers:
2169 if int(subscriber['id']) == int(tenant['subscriber']):
2170 volt_subscriber_info = {}
2171 volt_subscriber_info['voltTenant'] = dict(s_tag = tenant['s_tag'],
2172 c_tag = tenant['c_tag'],
2173 subscriber = tenant['subscriber'])
2174 volt_subscriber_info['volt_id'] = tenant['id']
2175 volt_subscriber_info['account_num'] = subscriber['identity']['account_num']
2176 reserved_config.append( (subscriber, volt_subscriber_info) )
2177 break
2178 else:
2179 log.info('Subscriber not found for tenant %s, s_tag: %s, c_tag: %s' %(str(tenant['subscriber']),
2180 str(tenant['s_tag']),
2181 str(tenant['c_tag'])))
2182
2183 for subscriber_info, volt_subscriber_info in reserved_config:
2184 self.vsg_xos_subscriber_delete(0,
2185 subId = str(subscriber_info['id']),
2186 voltId = str(volt_subscriber_info['volt_id']),
2187 subscriber_info = subscriber_info,
2188 volt_subscriber_info = volt_subscriber_info)
2189 subId = self.vsg_xos_subscriber_create(0,
2190 subscriber_info = subscriber_info,
2191 volt_subscriber_info = volt_subscriber_info)
2192 log.info('Created reserved subscriber %s' %(subId))
2193
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame]2194 def test_vsg_xos_subscriber_create_all(self):
2195 for index in xrange(len(self.subscriber_info)):
2196 #check if the index exists
2197 subId = self.vsg_xos_subscriber_id(index)
2198 if subId and subId != '0':
2199 self.vsg_xos_subscriber_delete(index, subId = subId)
2200 subId = self.vsg_xos_subscriber_create(index)
2201 log.info('Created Subscriber %s' %(subId))
2202
2203 def test_vsg_xos_subscriber_delete_all(self):
2204 for index in xrange(len(self.subscriber_info)):
2205 subId = self.vsg_xos_subscriber_id(index)
2206 if subId and subId != '0':
2207 self.vsg_xos_subscriber_delete(index, subId = subId)
2208
2209 def test_vsg_xos_subscriber_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2210 subId = self.vsg_xos_subscriber_create(0)
2211 if subId and subId != '0':
2212 self.vsg_xos_subscriber_delete(0, subId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2213
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame]2214 def test_vsg_xos_subscriber_2_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2215 subId = self.vsg_xos_subscriber_create(1)
2216 if subId and subId != '0':
2217 self.vsg_xos_subscriber_delete(1, subId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2218
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame]2219 def test_vsg_xos_subscriber_3_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2220 subId = self.vsg_xos_subscriber_create(2)
2221 if subId and subId != '0':
2222 self.vsg_xos_subscriber_delete(2, subId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2223
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame]2224 def test_vsg_xos_subscriber_4_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2225 subId = self.vsg_xos_subscriber_create(3)
2226 if subId and subId != '0':
2227 self.vsg_xos_subscriber_delete(3, subId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2228
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame]2229 def test_vsg_xos_subscriber_5_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2230 subId = self.vsg_xos_subscriber_create(4)
2231 if subId and subId != '0':
2232 self.vsg_xos_subscriber_delete(4, subId)
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]2233
Anil Kumar Sanka52a39f82017-05-10 17:39:31 +0000[diff] [blame]2234 def test_vsg_without_creating_vcpe_instance(self, index=0):
2235 vcpe = self.dhcp_vcpes[index]
2236 host = '8.8.8.8'
2237 st, _ = getstatusoutput('dhclient {}'.format(vcpe))
2238 assert_equal(st,True)
2239 subId = self.vsg_xos_subscriber_create(index)
2240 if subId and subId != '0':
2241 self.vsg_xos_subscriber_delete(index, subId)
2242
2243 def test_vsg_for_remove_vcpe_instance(self,index=0):
2244 subId = self.vsg_xos_subscriber_create(index)
2245 if subId and subId != '0':
2246 self.vsg_xos_subscriber_delete(index, subId)
2247 vcpe = self.dhcp_vcpes[index]
2248 host = '8.8.8.8'
2249 st, _ = getstatusoutput('dhclient {}'.format(vcpe))
2250 assert_equal(st,True)
2251
2252 def test_vsg_create_xos_subscribers_in_different_vsg_vm(self):
2253 subId1 = self.vsg_xos_subscriber_create(4)
2254 subId2 = self.vsg_xos_subscriber_create(6)
2255 if subId1 and subId1 != '0':
2256 self.vsg_xos_subscriber_delete(4, subId1)
2257 if subId2 and subId2 != '0':
2258 self.vsg_xos_subscriber_delete(6, subId2)
2259
Anil Kumar Sanka5bb352a2017-05-16 22:24:01 +0000[diff] [blame]2260 def test_vsg_xos_subscriber_external_connectivity_if_one_vcpe_goes_down(self):
2261 """
2262 Test Method:
2263 1.Create two vcpe instances in two different vsg vms using XOS
2264 2.Verify external connectivity through vcpe instances from cord-tester
2265 3.Kill first vcpe instance
2266 4.Verify external network cant be reachable form first vcpe interface
2267 """
2268 host = '8.8.8.8'
2269 subId1 = self.vsg_xos_subscriber_create(0)
2270 subId2 = self.vsg_xos_subscriber_create(1)
2271 vcpe_intf1 = self.dhcp_vcpes[0]
2272 vcpe_intf2 = self.dhcp_vcpes[1]
2273 vcpe_name1 = 'vcpe-{}-{}'.format(vcpe_intf1.split('.')[1],intf.split1('.')[2])
2274 vcpe_name1 = 'vcpe-{}-{}'.format(vcpe_intf2.split('.')[1],intf.split2('.')[2])
2275 vsg1 = VSGAccess.get_vcpe_vsg(vcpe_name1)
2276 vsg2 = VSGAccess.get_vcpe_vsg(vcpe_name2)
2277 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf2)
2278 st,output = vsg2.run_cmd('sudo docker kill {}'.format(vcpe_name2))
2279 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2280 assert_equal(st, True)
2281 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf2)
2282 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf1)
2283 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2284 assert_equal(st, False)
2285 if subId1 and subId1 != '0':
2286 self.vsg_xos_subscriber_delete(0, subId1)
2287 if subId2 and subId2 != '0':
2288 self.vsg_xos_subscriber_delete(1, subId2)
2289
2290 def test_vsg_xos_subscriber_external_connectivity_if_one_vcpe_is_removed_and_added_again(self):
2291 """
2292 Test Method:
2293 1.Create two vcpe instances in two different vsg vms using XOS
2294 2.Verify external connectivity through vcpe instances from cord-tester
2295 3.Remove first vcpe instance
2296 4.Verify external network cant be reachable form first vcpe interface
2297 5.Add back the removed vcpe instance
2298 6.Verify external connectivity through vcpe instances from cord-tester
2299 """
2300 host = '8.8.8.8'
2301 subId1 = self.vsg_xos_subscriber_create(0)
2302 subId2 = self.vsg_xos_subscriber_create(1)
2303 vcpe_intf1 = self.dhcp_vcpes[0]
2304 vcpe_intf2 = self.dhcp_vcpes[1]
2305 vcpe_name1 = 'vcpe-{}-{}'.format(vcpe_intf1.split('.')[1],intf.split1('.')[2])
2306 vcpe_name1 = 'vcpe-{}-{}'.format(vcpe_intf2.split('.')[1],intf.split2('.')[2])
2307 vsg1 = VSGAccess.get_vcpe_vsg(vcpe_name1)
2308 vsg2 = VSGAccess.get_vcpe_vsg(vcpe_name2)
2309 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf2)
2310 st,output = vsg2.run_cmd('sudo docker kill {}'.format(vcpe_name2))
2311 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2312 assert_equal(st, True)
2313 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf2)
2314 subId2 = self.vsg_xos_subscriber_create(1)
2315 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf2)
2316 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2317 assert_equal(st, False)
2318 if subId1 and subId1 != '0':
2319 self.vsg_xos_subscriber_delete(0, subId1)
2320 if subId2 and subId2 != '0':
2321 self.vsg_xos_subscriber_delete(1, subId2)
2322
2323
2324 def test_vsg_xos_subscriber_external_connectivity_if_one_vcpe_restarts(self):
2325 """
2326 Test Method:
2327 1.Create two vcpe instances in two different vsg vms using XOS
2328 2.Verify external connectivity through vcpe instances from cord-tester
2329 3.Restart first vcpe instance
2330 4.Verify external network cant be reachable form first vcpe interface
2331 """
2332 host = '8.8.8.8'
2333 subId1 = self.vsg_xos_subscriber_create(0)
2334 subId2 = self.vsg_xos_subscriber_create(1)
2335 vcpe_intf1 = self.dhcp_vcpes[0]
2336 vcpe_intf2 = self.dhcp_vcpes[1]
2337 vcpe_name1 = 'vcpe-{}-{}'.format(vcpe_intf1.split('.')[1],intf.split1('.')[2])
2338 vcpe_name1 = 'vcpe-{}-{}'.format(vcpe_intf2.split('.')[1],intf.split2('.')[2])
2339 vsg1 = VSGAccess.get_vcpe_vsg(vcpe_name1)
2340 vsg2 = VSGAccess.get_vcpe_vsg(vcpe_name2)
2341 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf2)
2342 st,output = vsg2.run_cmd('sudo docker restart {}'.format(vcpe_name1))
2343 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2344 assert_equal(st, True)
2345 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf1)
2346 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf1)
2347 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2348 assert_equal(st, False)
2349 if subId1 and subId1 != '0':
2350 self.vsg_xos_subscriber_delete(0, subId1)
2351 if subId2 and subId2 != '0':
2352 self.vsg_xos_subscriber_delete(1, subId2)
2353
2354 def test_vsg_xos_subscriber_external_connectivity_if_one_vcpe_pause(self):
2355 """
2356 Test Method:
2357 1.Create two vcpe instances in two different vsg vms using XOS
2358 2.Verify external connectivity through vcpe instances from cord-tester
2359 3.Pause running first vcpe instance
2360 4.Verify external network cant be reachable form first vcpe interface
2361 """
2362 host = '8.8.8.8'
2363 subId1 = self.vsg_xos_subscriber_create(0)
2364 subId2 = self.vsg_xos_subscriber_create(1)
2365 vcpe_intf1 = self.dhcp_vcpes[0]
2366 vcpe_intf2 = self.dhcp_vcpes[1]
2367 vcpe_name1 = 'vcpe-{}-{}'.format(vcpe_intf1.split('.')[1],intf.split1('.')[2])
2368 vcpe_name1 = 'vcpe-{}-{}'.format(vcpe_intf2.split('.')[1],intf.split2('.')[2])
2369 vsg1 = VSGAccess.get_vcpe_vsg(vcpe_name1)
2370 vsg2 = VSGAccess.get_vcpe_vsg(vcpe_name2)
2371 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf2)
2372 st,output = vsg2.run_cmd('sudo docker pause {}'.format(vcpe_name1))
2373 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2374 assert_equal(st, True)
2375 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf1)
2376 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf1)
2377 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2378 assert_equal(st, False)
2379 if subId1 and subId1 != '0':
2380 self.vsg_xos_subscriber_delete(0, subId1)
2381 if subId2 and subId2 != '0':
2382 self.vsg_xos_subscriber_delete(1, subId2)
2383
2384 def test_vsg_xos_subscriber_external_connectivity_if_one_vcpe_restarts_and_stops(self):
2385 """
2386 Test Method:
2387 1.Create two vcpe instances in two different vsg vms using XOS
2388 2.Verify external connectivity through vcpe instances from cord-tester
2389 3.Stop running first vcpe instance
2390 4.Verify external network cant be reachable form first vcpe interface
2391 """
2392 host = '8.8.8.8'
2393 subId1 = self.vsg_xos_subscriber_create(0)
2394 subId2 = self.vsg_xos_subscriber_create(1)
2395 vcpe_intf1 = self.dhcp_vcpes[0]
2396 vcpe_intf2 = self.dhcp_vcpes[1]
2397 vcpe_name1 = 'vcpe-{}-{}'.format(vcpe_intf1.split('.')[1],intf.split1('.')[2])
2398 vcpe_name1 = 'vcpe-{}-{}'.format(vcpe_intf2.split('.')[1],intf.split2('.')[2])
2399 vsg1 = VSGAccess.get_vcpe_vsg(vcpe_name1)
2400 vsg2 = VSGAccess.get_vcpe_vsg(vcpe_name2)
2401 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf2)
2402 st,output = vsg2.run_cmd('sudo docker stop {}'.format(vcpe_name1))
2403 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2404 assert_equal(st, True)
2405 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf1)
2406 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf1)
2407 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
2408 assert_equal(st, False)
2409 if subId1 and subId1 != '0':
2410 self.vsg_xos_subscriber_delete(0, subId1)
2411 if subId2 and subId2 != '0':
2412 self.vsg_xos_subscriber_delete(1, subId2)
2413
2414 def test_vsg_xos_subscriber_external_connectivity_if_one_vsg_goes_down(self):
2415 """
2416 Test Method:
2417 1.Create two vcpe instances in two different vsg vms using XOS
2418 2.Verify external connectivity through vcpe instances from cord-tester
2419 3.Bring down first vSG vm
2420 4.Verify external network cant be reachable form first vcpe interface
2421 """
2422 subId1 = self.vsg_xos_subscriber_create(4)
2423 subId2 = self.vsg_xos_subscriber_create(6)
2424 if subId1 and subId1 != '0':
2425 self.vsg_xos_subscriber_delete(4, subId1)
2426 if subId2 and subId2 != '0':
2427 self.vsg_xos_subscriber_delete(6, subId2)
2428
2429 def test_vsg_xos_subscriber_external_connectivity_if_two_vsgs_goes_down(self):
2430 """
2431 Test Method:
2432 1.Create two vcpe instances in two different vsg vms using XOS
2433 2.Verify external connectivity through vcpe instances from cord-tester
2434 3.Bring down first vSG vm
2435 4.Verify external network cant be reachable form first vcpe interface
2436 5.Bring down second vSG vm also
2437 6.Verify external network cant be reachable form first vcpe interface also
2438 """
Anil Kumar Sanka52a39f82017-05-10 17:39:31 +0000[diff] [blame]2439 subId1 = self.vsg_xos_subscriber_create(4)
2440 subId2 = self.vsg_xos_subscriber_create(6)
2441 if subId1 and subId1 != '0':
2442 self.vsg_xos_subscriber_delete(4, subId1)
2443 if subId2 and subId2 != '0':
2444 self.vsg_xos_subscriber_delete(6, subId2)
2445
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2446 def test_vsg_with_xos_subscriber_creating_firewall(self,index=4):
2447 log.info('cls.dhcp_vcpes is %s'%self.dhcp_vcpes)
Chetan Gaonker4cff4432017-05-01 17:56:56 +0000[diff] [blame]2448 host = '8.8.8.8'
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2449 self.vsg_xos_subscriber_delete(4, 3)
2450 subId = self.vsg_xos_subscriber_create(index)
2451 if subId and subId != '0':
2452 subscriber_info = self.subscriber_info[index]
2453 volt_subscriber_info = self.volt_subscriber_info[index]
2454 s_tag = int(volt_subscriber_info['voltTenant']['s_tag'])
2455 c_tag = int(volt_subscriber_info['voltTenant']['c_tag'])
2456 vcpe = 'vcpe-{}-{}'.format(s_tag, c_tag)
2457 vcpe_intf = self.dhcp_vcpes[index] #'vcpe{}.{}.{}'.format(s_tag, c_tag)
2458 vsg = VSGAccess.get_vcpe_vsg(vcpe)
2459 try:
2460 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
2461 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2462 assert_equal(st, False)
2463 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe,host))
2464 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2465 assert_equal(st, True)
2466 st,_ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe,host))
2467 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
2468 assert_equal(st, False)
2469 finally:
2470 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe,host))
2471 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
2472 vsg.run_cmd('sudo docker restart {}'.format(vcpe))
2473 self.vsg_xos_subscriber_delete(4, subId)
2474 self.vsg_xos_subscriber_delete(4, subId)
Chetan Gaonker4cff4432017-05-01 17:56:56 +0000[diff] [blame]2475
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2476
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2477 def test_vsg_for_packet_received_with_invalid_ip_fields(self):
2478 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2479 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2480 1.Create a vSG VM in compute node
2481 2.Create a vCPE container in vSG VM
2482 3.Ensure vSG VM and vCPE container created properly
2483 4.From subscriber, send a ping packet with invalid ip fields
2484 5.Verify that vSG drops the packet
2485 6.Verify ping fails
2486 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2487
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2488 def test_vsg_for_packet_received_with_invalid_mac_fields(self):
2489 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2490 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2491 1.Create a vSG VM in compute node
2492 2.Create a vCPE container in vSG VM
2493 3.Ensure vSG VM and vCPE container created properly
2494 4.From subscriber, send a ping packet with invalid mac fields
2495 5.Verify that vSG drops the packet
2496 6.Verify ping fails
2497 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2498
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2499 def test_vsg_for_vlan_id_mismatch_in_stag(self):
2500 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2501 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2502 1.Create a vSG VM in compute Node
2503 2.Create a vCPE container in vSG VM
2504 3.Ensure vSG VM and vCPE container created properly
2505 4.Send a ping request to external valid IP from subscriber, with incorrect vlan id in s-tag and valid c-tag
2506 5.Verify that ping fails as the packet drops at VM entry
2507 6.Repeat step 4 with correct s-tag
2508 7.Verify that ping success
2509 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2510
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2511 def test_vsg_for_vlan_id_mismatch_in_ctag(self):
2512 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2513 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2514 1.Create a vSG VM in compute node
2515 2.Create a vCPE container in vSG VM
2516 3.Ensure vSG VM and vCPE container created properly
2517 4.Send a ping request to external valid IP from subscriber, with valid s-tag and incorrect vlan id in c-tag
2518 5.Verify that ping fails as the packet drops at vCPE container entry
2519 6.Repeat step 4 with valid s-tag and c-tag
2520 7.Verify that ping success
2521 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2522
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2523 def test_vsg_for_matching_and_mismatching_vlan_id_in_stag(self):
2524 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2525 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2526 1.Create two vSG VMs in compute node
2527 2.Create a vCPE container in each vSG VM
2528 3.Ensure vSG VM and vCPE container created properly
2529 4.From subscriber one, send ping request with valid s and c tags
2530 5.From subscriber two, send ping request with vlan id mismatch in s-tag and valid c tags
2531 6.Verify that ping success for only subscriber one and fails for two.
2532 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2533
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2534 def test_vsg_for_matching_and_mismatching_vlan_id_in_ctag(self):
2535 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2536 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2537 1.Create a vSG VM in compute node
2538 2.Create two vCPE containers in vSG VM
2539 3.Ensure vSG VM and vCPE container created properly
2540 4.From subscriber one, send ping request with valid s and c tags
2541 5.From subscriber two, send ping request with valid s-tag and vlan id mismatch in c-tag
2542 6.Verify that ping success for only subscriber one and fails for two
2543 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2544
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2545 def test_vsg_for_out_of_range_vlanid_in_ctag(self):
2546 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2547 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2548 1.Create a vSG VM in compute node
2549 2.Create a vCPE container in vSG VM
2550 3.Ensure vSG VM and vCPE container created properly
2551 4.From subscriber, send ping request with valid stag and vlan id in c-tag is an out of range value ( like 0,4097 )
2552 4.Verify that ping fails as the ping packets drops at vCPE container entry
2553 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2554
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2555 def test_vsg_for_out_of_range_vlanid_in_stag(self):
2556 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2557 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2558 1.Create a vSG VM in compute node
2559 2.Create a vCPE container in vSG VM
2560 3.Ensure vSG VM and vCPE container created properly
2561 2.From subscriber, send ping request with vlan id in s-tag is an out of range value ( like 0,4097 ), with valid c-tag
2562 4.Verify that ping fails as the ping packets drops at vSG VM entry
2563 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2564
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2565 def test_vsg_for_extracting_all_compute_stats_from_all_vcpe_containers(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2566 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2567 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2568 1.Create a vSG VM in compute node
2569 2.Create 10 vCPE containers in VM
2570 3.Ensure vSG VM and vCPE containers created properly
2571 4.Login to all vCPE containers
2572 4.Get all compute stats from all vCPE containers
2573 5.Verify the stats # verification method need to add
2574 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2575
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2576 def test_vsg_for_extracting_dns_stats_from_all_vcpe_containers(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2577 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2578 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2579 1.Create a vSG VM in compute node
2580 2.Create 10 vCPE containers in VM
2581 3.Ensure vSG VM and vCPE containers created properly
2582 4.From 10 subscribers, send ping to valid and invalid dns hosts
2583 5.Verify dns resolves and ping success for valid dns hosts
2584 6.Verify ping fails for invalid dns hosts
2585 7.Verify dns host name resolve flows in OvS
2586 8.Login to all 10 vCPE containers
2587 9.Extract all dns stats
2588 10.Verify dns stats for queries sent, queries received for dns host resolve success and failed scenarios
2589 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2590
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2591 def test_subscriber_access_if_vsg1_goes_down(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2592 """
2593 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2594 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2595 1.Create two vSG VMs for two services in compute node
2596 2.Create one vCPE container in each VM for one subscriber
2597 3.Ensure VMs and containers created properly
2598 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2599 5.Verify ping gets success
2600 6.Verify ping success flows in OvS
2601 7.Down the vSG-1 VM
2602 8.Now repeat step 4
2603 9.Verify that ping fails as vSG-1 is down
2604 10.Repeat step 4 with stag corresponding to vSG-2
2605 9.Verify ping success and flows added in OvS
2606 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2607
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2608 def test_subscriber_access_if_vsg2_goes_down(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2609 """
2610 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2611 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2612 1.Create two vSG VMs for two services in compute node
2613 2.Create one vCPE container in each VM for one subscriber
2614 3.Ensure VMs and containers created properly
2615 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2616 5.Verify ping gets success
2617 6.Verify ping success flows added in OvS
2618 7.Now restart vSG-1 VM
2619 8.Now repeat step 4 while vSG-1 VM restarts
2620 9.Verify that ping fails as vSG-1 is restarting
2621 10.Repeat step 4 with stag corresponding to vSG-2 while vSG-1 VM restarts
2622 11.Verify ping success and flows added in OvS
2623 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2624
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2625 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_going_down(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2626 """
2627 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2628 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2629 1.Create a vSG VM in compute node
2630 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2631 3.Ensure VM and containers created properly
2632 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2633 5.Verify ping gets success
2634 6.Verify ping success flows added in OvS
2635 7.Now stop vCPE-1 container
2636 8.Now repeat step 4
2637 9.Verify that ping fails as vCPE-1 container is down
2638 10.Repeat step 4 with ctag corresponding to vCPE-2 container
2639 11.Verify ping success and flows added in OvS
2640 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2641
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2642 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_restart(self):
2643 """
2644 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2645 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2646 1.Create a vSG VM in compute node
2647 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2648 3.Ensure VM and containers created properly
2649 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2650 5.Verify ping gets success
2651 6.Verify ping success flows added in OvS
2652 7.Now restart vCPE-1 container
2653 8.Now repeat step 4 while vCPE-1 restarts
2654 9.Verify that ping fails as vCPE-1 container is restarts
2655 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 restarts
2656 11..Verify ping success and flows added in OvS
2657 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2658
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2659 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_paused(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2660 """
2661 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 paused
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2662 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2663 1.Create a vSG VM in compute node
2664 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2665 3.Ensure VM and containers created properly
2666 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2667 5.Verify ping gets success
2668 6.Verify ping success flows added in OvS
2669 7.Now pause vCPE-1 container
2670 8.Now repeat step 4 while vCPE-1 in pause state
2671 9.Verify that ping fails as vCPE-1 container in pause state
2672 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 in pause state
2673 11.Verify ping success and flows added in OvS
2674 """
2675 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_removed(self):
2676 """
2677 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 removed
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2678 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2679 1.Create a vSG VM in compute node
2680 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2681 3.Ensure VM and containers created properly
2682 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2683 5.Verify ping gets success
2684 6.Verify ping success flows added in OvS
2685 7.Now remove vCPE-1 container
2686 8.Now repeat step 4
2687 9.Verify that ping fails as vCPE-1 container removed
2688 10.Repeat step 4 with ctag corresponding to vCPE-2 container
2689 11.Verify ping success and flows added in OvS
2690 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2691
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2692 def test_vsg_for_vcpe_instance_removed_and_added_again(self):
2693 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2694 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2695 1.Create a vSG VM in compute node
2696 2.Create a vCPE container in vSG VM
2697 3.Ensure VM and containers created properly
2698 4.From subscriber end, send ping to public IP
2699 5.Verify ping gets success
2700 6.Verify ping success flows added in OvS
2701 7.Now remove vCPE container in vSG VM
2702 8.Now repeat step 4
2703 9.Verify that ping fails as vCPE container removed
2704 10.Create the vCPE container again for the same subscriber
2705 11.Ensure that vCPE created now
2706 12.Now repeat step 4
2707 13.Verify ping success and flows added in OvS
2708 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2709
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2710 def test_vsg_for_vsg_vm_removed_and_added_again(self):
2711 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2712 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2713 1.Create a vSG VM in compute node
2714 2.Create a vCPE container in vSG VM
2715 3.Ensure VM and containers created properly
2716 4.From subscriber end, send ping to public IP
2717 5.Verify ping gets success
2718 6.Verify ping success flows added in OvS
2719 7.Now remove vSG VM
2720 8.Now repeat step 4
2721 9.Verify that ping fails as vSG VM not exists
2722 10.Create the vSG VM and vCPE container in VM again
2723 11.Ensure that vSG and vCPE created
2724 12.Now repeat step 4
2725 13.Verify ping success and flows added in OvS
2726 """
2727
2728 #Test vSG - Subscriber Configuration
2729 def test_vsg_for_configuring_new_subscriber_in_vcpe(self):
2730 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2731 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2732 1.Create a vSG VM in compute node
2733 2.Create a vCPE container in vSG VM
2734 3.Ensure VM and containers created properly
2735 4.Configure a subscriber in XOS and assign a service id
2736 5.Set the admin privileges to the subscriber
2737 6.Verify subscriber configuration is success
2738 """
2739 def test_vsg_for_adding_subscriber_devices_in_vcpe(self):
2740 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2741 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2742 1.Create a vSG VM in compute node
2743 2.Create a vCPE container in vSG VM
2744 3.Ensure VM and containers created properly
2745 4.Configure a subscriber in XOS and assign a service id
2746 5.Verify subscriber successfully configured in vCPE
2747 6.Now add devices( Mac addresses ) under the subscriber admin group
2748 7.Verify all devices ( Macs ) added successfully
2749 """
2750 def test_vsg_for_removing_subscriber_devices_in_vcpe(self):
2751 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2752 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2753 1.Create a vSG VM in compute node
2754 2.Create a vCPE container in vSG VM
2755 3.Ensure VM and containers created properly
2756 4.Configure a subscriber in XOS and assign a service id
2757 5.Verify subscriber successfully configured
2758 6.Now add devices( Mac addresses ) under the subscriber admin group
2759 7.Verify all devices ( Macs ) added successfully
2760 8.Now remove All the added devices in XOS
2761 9.Verify all the devices removed
2762 """
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2763 def test_vsg_modifying_subscriber_devices_in_vcpe(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2764 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2765 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2766 1.Create a vSG VM in compute node
2767 2.Create a vCPE container in vSG VM
2768 3.Ensure VM and containers created properly
2769 4.Configure a user in XOS and assign a service id
2770 5.Verify subscriber successfully configured in vCPE.
2771 6.Now add devices( Mac addresses ) under the subscriber admin group
2772 7.Verify all devices ( Macs ) added successfully
2773 8.Now remove few devices in XOS
2774 9.Verify devices removed successfully
2775 10.Now add few additional devices in XOS under the same subscriber admin group
2776 11.Verify newly added devices successfully added
2777 """
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2778 def test_vsg_for_vcpe_login_failing_with_incorrect_subscriber_credentials(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2779 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2780 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2781 1.Create a vSG VM in compute node
2782 2.Create a vCPE container in vSG VM
2783 3.Ensure VM and containers created properly
2784 4.Configure a subscriber in XOS and assign a service id
2785 5.Verify subscriber successfully configured
2786 6.Now add devices( Mac addresses ) under the subscriber admin group
2787 7.Verify all devices ( Macs ) added successfully
2788 8.Login vCPE with credentials with which subscriber configured
2789 9.Verify subscriber successfully logged in
2790 10.Logout and login again with incorrect credentials ( either user name or password )
2791 11.Verify login attempt to vCPE fails wtih incorrect credentials
2792 """
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2793 def test_vsg_for_subscriber_configuration_in_vcpe_after_vcpe_restart(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2794 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2795 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2796 1.Create a vSG VM in compute node
2797 2.Create a vCPE container in vSG VM
2798 3.Ensure VM and containers created properly
2799 4.Configure a subscriber in XOS and assign a service id
2800 5.Verify subscriber successfully configured
2801 6.Now add devices( Mac addresses ) under the subscriber admin group
2802 7.Verify all devices ( Macs ) added successfully
2803 8.Restart vCPE ( locate backup config path while restart )
2804 9.Verify subscriber details in vCPE after restart should be same as before the restart
2805 """
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2806 def test_vsg_creating_multiple_vcpe_instances_and_configuring_subscriber_in_each_instance(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2807 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2808 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2809 1.Create a vSG VM in compute node
2810 2.Create 2 vCPE containers in vSG VM
2811 3.Ensure VM and containers created properly
2812 4.Configure a subscriber in XOS for each vCPE instance and assign a service id
2813 5.Verify subscribers successfully configured
2814 6.Now login vCPE-2 with subscriber-1 credentials
2815 7.Verify login fails
2816 8.Now login vCPE-1 with subscriber-2 credentials
2817 9.Verify login fails
2818 10.Now login vCPE-1 with subscriber-1 and vCPE-2 with subscriber-2 credentials
2819 11.Verify that both the subscribers able to login to their respective vCPE containers
2820 """
Anil Kumar Sankaf6a9f392017-05-06 00:18:31 +0000[diff] [blame]2821 def test_vsg_for_same_subscriber_configuring_multiple_services(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2822 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2823 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2824 1.Create 2 vSG VMs in compute node
2825 2.Create a vCPE container in each vSG VM
2826 3.Ensure VMs and containers created properly
2827 4.Configure same subscriber in XOS for each vCPE instance and assign a service id
2828 5.Verify subscriber successfully configured
2829 6.Now login vCPE-1 with subscriber credentials
2830 7.Verify login success
2831 8.Now login vCPE-2 with the same subscriber credentials
2832 9.Verify login success
2833 """
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2834 #vCPE Firewall Functionality
2835 def test_vsg_firewall_for_creating_acl_rule_based_on_source_ip(self):
2836 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2837 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2838 1.Create a vSG VM in compute node
2839 2.Create vCPE container in the VM
2840 3.Ensure vSG VM and vCPE container created properly
2841 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
2842 5.Bound the acl rule to WAN interface of vCPE
2843 6.Verify configuration in vCPE is success
2844 8.Verify flows added in OvS
2845 """
2846 def test_vsg_firewall_for_creating_acl_rule_based_on_destination_ip(self):
2847 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2848 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2849 1.Create a vSG VM in compute node
2850 2.Create vCPE container in the VM
2851 3.Ensure vSG VM and vCPE container created properly
2852 4.Configure ac acl rule in vCPE to deny IP traffic to a destination ip
2853 5.Bound the acl rule to WAN interface of vCPE
2854 6.Verify configuration in vCPE is success
2855 8.Verify flows added in OvS
2856 """
2857 def test_vsg_firewall_for_acl_deny_rule_based_on_source_ip_traffic(self):
2858 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2859 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2860 1.Create a vSG VM in compute node
2861 2.Create vCPE container in the VM
2862 3.Ensure vSG VM and vCPE container created properly
2863 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
2864 5.Bound the acl rule to WAN interface of vCPE
2865 6.From subscriber, send ping to the denied IP address
2866 7.Verify that ping fails as vCPE denies ping response
2867 8.Verify flows added in OvS
2868 """
2869 def test_vsg_firewall_for_acl_deny_rule_based_on_destination_ip_traffic(self):
2870 """
Chetan Gaonker72f3c4e2017-05-10 18:16:49 +0000[diff] [blame]2871 Test Method:
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2872 1.Create a vSG VM in compute node
2873 2.Create vCPE container in the VM
2874 3.Ensure vSG VM and vCPE container created properly
2875 4.Configure ac acl rule in vCPE to deny IP traffic to a destination IP
2876 5.Bound the acl rule to WAN interface of vCPE
2877 6.From subscriber, send ping to the denied IP address
2878 7.Verify that ping fails as vCPE drops the ping request at WAN interface
2879 8.Verify flows added in OvS
2880 """
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]2881
2882 def test_vsg_dnsmasq(self):
2883 pass
2884
2885 def test_vsg_with_external_parental_control_family_shield_for_filter(self):
2886 pass
2887
2888 def test_vsg_with_external_parental_control_with_answerx(self):
2889 pass
2890
2891 def test_vsg_for_subscriber_upstream_bandwidth(self):
2892 pass
2893
2894 def test_vsg_for_subscriber_downstream_bandwidth(self):
2895 pass
2896
2897 def test_vsg_for_diagnostic_run_of_traceroute(self):
2898 pass
2899
2900 def test_vsg_for_diagnostic_run_of_tcpdump(self):
2901 pass
2902
2903 def test_vsg_for_iptable_rules(self):
2904 pass
2905
2906 def test_vsg_for_iptables_with_neutron(self):
2907 pass