Gitiles
Code Review Sign In
gerrit.opencord.org / cord-tester / e29c8d46556abb9d41660bdf1e6149569288f91b / . / src / test / vsg / vsgTest.py
blob: b8476ae0ef8bab424817df61429b5f09ced5e74f [file] [log] [blame]
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]1#copyright 2016-present Ciena Corporation
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14#
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]15import time
16import os
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]17import sys
18import json
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]19from nose.tools import *
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]20from twisted.internet import defer
21from nose.twistedtools import reactor, deferred
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]22from CordTestUtils import *
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]23from OltConfig import OltConfig
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]24from onosclidriver import OnosCliDriver
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]25from SSHTestAgent import SSHTestAgent
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]26from CordLogger import CordLogger
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]27from VSGAccess import VSGAccess
A R Karthick933f5b52017-03-27 15:27:16 -0700[diff] [blame]28from CordTestUtils import log_test as log
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]29from CordTestConfig import setup_module, running_on_ciab
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]30from OnosCtrl import OnosCtrl
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]31
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]32log.setLevel('INFO')
33
34class vsg_exchange(CordLogger):
35 ONOS_INSTANCES = 3
36 V_INF1 = 'veth0'
37 device_id = 'of:' + get_mac()
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]38 TEST_IP = '8.8.8.8'
39 HOST = "10.1.0.1"
40 USER = "vagrant"
41 PASS = "vagrant"
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]42 head_node = os.getenv('HEAD_NODE', 'prod')
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]43 HEAD_NODE = head_node + '.cord.lab' if len(head_node.split('.')) == 1 else head_node
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]44 test_path = os.path.dirname(os.path.realpath(__file__))
45 olt_conf_file = os.path.join(test_path, '..', 'setup/olt_config.json')
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]46 restApiXos = None
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]47 subscriber_account_num = 200
48 subscriber_s_tag = 304
49 subscriber_c_tag = 304
50 subscribers_per_s_tag = 8
51 subscriber_map = {}
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]52 subscriber_info = []
53 volt_subscriber_info = []
A R Karthick9a16a112017-04-07 15:40:05 -0700[diff] [blame]54 restore_methods = []
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]55 TIMEOUT=120
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]56 FABRIC_PORT_HEAD_NODE = 1
57 FABRIC_PORT_COMPUTE_NODE = 2
58 APP_NAME = 'org.ciena.xconnect'
59 APP_FILE = os.path.join(test_path, '..', 'apps/xconnect-1.0-SNAPSHOT.oar')
A.R Karthick50f4d9a2017-04-20 16:44:19 -0700[diff] [blame]60 NUM_SUBSCRIBERS = 5
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]61
62 @classmethod
63 def getSubscriberCredentials(cls, subId):
64 """Generate our own account num, s_tag and c_tags"""
65 if subId in cls.subscriber_map:
66 return cls.subscriber_map[subId]
67 account_num = cls.subscriber_account_num
68 cls.subscriber_account_num += 1
69 s_tag, c_tag = cls.subscriber_s_tag, cls.subscriber_c_tag
70 cls.subscriber_c_tag += 1
71 if cls.subscriber_c_tag % cls.subscribers_per_s_tag == 0:
72 cls.subscriber_s_tag += 1
73 cls.subscriber_map[subId] = account_num, s_tag, c_tag
74 return cls.subscriber_map[subId]
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]75
76 @classmethod
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]77 def getXosCredentials(cls):
78 onos_cfg = OnosCtrl.get_config()
79 if onos_cfg is None:
80 return None
81 if 'apps' in onos_cfg and \
82 'org.opencord.vtn' in onos_cfg['apps'] and \
83 'cordvtn' in onos_cfg['apps']['org.opencord.vtn'] and \
84 'xos' in onos_cfg['apps']['org.opencord.vtn']['cordvtn']:
85 xos_cfg = onos_cfg['apps']['org.opencord.vtn']['cordvtn']['xos']
86 endpoint = xos_cfg['endpoint']
87 user = xos_cfg['user']
88 password = xos_cfg['password']
89 xos_endpoints = endpoint.split(':')
90 xos_host = xos_endpoints[1][len('//'):]
91 xos_port = xos_endpoints[2][:-1]
92 #log.info('xos_host: %s, port: %s, user: %s, password: %s' %(xos_host, xos_port, user, password))
93 return dict(host = xos_host, port = xos_port, user = user, password = password)
94
95 return None
96
97 @classmethod
A.R Karthick50f4d9a2017-04-20 16:44:19 -0700[diff] [blame]98 def getSubscriberConfig(cls, num_subscribers):
99 features = {
100 'cdn': True,
101 'uplink_speed': 1000000000,
102 'downlink_speed': 1000000000,
103 'uverse': True,
104 'status': 'enabled'
105 }
106 subscriber_map = []
107 for i in xrange(num_subscribers):
108 subId = 'sub{}'.format(i)
109 account_num, _, _ = cls.getSubscriberCredentials(subId)
110 identity = { 'account_num' : str(account_num),
111 'name' : 'My House {}'.format(i)
112 }
113 sub_info = { 'features' : features,
114 'identity' : identity
115 }
116 subscriber_map.append(sub_info)
117
118 return subscriber_map
119
120 @classmethod
121 def getVoltSubscriberConfig(cls, num_subscribers):
122 voltSubscriberMap = []
123 for i in xrange(num_subscribers):
124 subId = 'sub{}'.format(i)
125 account_num, s_tag, c_tag = cls.getSubscriberCredentials(subId)
126 voltSubscriberInfo = {}
127 voltSubscriberInfo['voltTenant'] = dict(s_tag = str(s_tag),
128 c_tag = str(c_tag),
129 subscriber = '')
130 voltSubscriberInfo['account_num'] = account_num
131 voltSubscriberMap.append(voltSubscriberInfo)
132
133 return voltSubscriberMap
134
135 @classmethod
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]136 def setUpCordApi(cls):
137 our_path = os.path.dirname(os.path.realpath(__file__))
138 cord_api_path = os.path.join(our_path, '..', 'cord-api')
139 framework_path = os.path.join(cord_api_path, 'Framework')
140 utils_path = os.path.join(framework_path, 'utils')
141 data_path = os.path.join(cord_api_path, 'Tests', 'data')
142 subscriber_cfg = os.path.join(data_path, 'Subscriber.json')
143 volt_tenant_cfg = os.path.join(data_path, 'VoltTenant.json')
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]144 num_subscribers = max(cls.NUM_SUBSCRIBERS, 5)
145 cls.subscriber_info = cls.getSubscriberConfig(num_subscribers)
146 cls.volt_subscriber_info = cls.getVoltSubscriberConfig(num_subscribers)
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]147
148 sys.path.append(utils_path)
149 sys.path.append(framework_path)
150 from restApi import restApi
151 restApiXos = restApi()
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]152 xos_credentials = cls.getXosCredentials()
153 if xos_credentials is None:
154 restApiXos.controllerIP = cls.HEAD_NODE
155 restApiXos.controllerPort = '9000'
156 else:
157 restApiXos.controllerIP = xos_credentials['host']
158 restApiXos.controllerPort = xos_credentials['port']
159 restApiXos.user = xos_credentials['user']
160 restApiXos.password = xos_credentials['password']
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]161 cls.restApiXos = restApiXos
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]162
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]163 @classmethod
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]164 def getVoltId(cls, result, subId):
165 if type(result) is not type([]):
166 return None
167 for tenant in result:
168 if str(tenant['subscriber']) == str(subId):
169 return str(tenant['id'])
170 return None
171
172 @classmethod
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]173 def closeVCPEAccess(cls, volt_subscriber_info):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]174 OnosCtrl.uninstall_app(cls.APP_NAME, onos_ip = cls.HEAD_NODE)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]175
176 @classmethod
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]177 def openVCPEAccess(cls, volt_subscriber_info):
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]178 """
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]179 This code is used to configure leaf switch for head node access to compute node over fabric.
180 Care is to be taken to avoid overwriting existing/default vcpe flows.
181 The access is opened for generated subscriber info which should not overlap.
182 We target the fabric onos instance on head node.
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]183 """
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]184 OnosCtrl.install_app(cls.APP_FILE, onos_ip = cls.HEAD_NODE)
185 time.sleep(2)
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]186 s_tags = map(lambda tenant: int(tenant['voltTenant']['s_tag']), volt_subscriber_info)
187 #only get unique vlan tags
188 s_tags = list(set(s_tags))
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]189 devices = OnosCtrl.get_device_ids(controller = cls.HEAD_NODE)
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]190 if devices:
191 device_config = {}
192 for device in devices:
193 device_config[device] = []
194 for s_tag in s_tags:
195 xconnect_config = {'vlan': s_tag, 'ports' : [ cls.FABRIC_PORT_HEAD_NODE, cls.FABRIC_PORT_COMPUTE_NODE ] }
196 device_config[device].append(xconnect_config)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]197
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]198 cfg = { 'apps' : { 'org.ciena.xconnect' : { 'xconnectTestConfig' : device_config } } }
199 OnosCtrl.config(cfg, controller = cls.HEAD_NODE)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]200
201 @classmethod
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]202 def setUpClass(cls):
203 cls.controllers = get_controllers()
204 cls.controller = cls.controllers[0]
205 cls.cli = None
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]206 cls.on_pod = running_on_pod()
207 cls.on_ciab = running_on_ciab()
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]208 cls.olt = OltConfig(olt_conf_file = cls.olt_conf_file)
209 cls.vcpes = cls.olt.get_vcpes()
210 cls.vcpes_dhcp = cls.olt.get_vcpes_by_type('dhcp')
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]211 cls.vcpes_reserved = cls.olt.get_vcpes_by_type('reserved')
212 cls.dhcp_vcpes_reserved = [ 'vcpe{}.{}.{}'.format(i, cls.vcpes_reserved[i]['s_tag'], cls.vcpes_reserved[i]['c_tag'])
213 for i in xrange(len(cls.vcpes_reserved)) ]
214 cls.untagged_dhcp_vcpes_reserved = [ 'vcpe{}'.format(i) for i in xrange(len(cls.vcpes_reserved)) ]
215 cls.container_vcpes_reserved = [ 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag']) for vcpe in cls.vcpes_reserved ]
216 vcpe_dhcp_reserved = None
217 vcpe_container_reserved = None
218 if cls.vcpes_reserved:
219 vcpe_dhcp_reserved = cls.dhcp_vcpes_reserved[0]
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]220 if cls.on_pod is False:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]221 vcpe_dhcp_reserved = cls.untagged_dhcp_vcpes_reserved[0]
222 vcpe_container_reserved = cls.container_vcpes_reserved[0]
223
224 cls.vcpe_dhcp_reserved = vcpe_dhcp_reserved
225 cls.vcpe_container_reserved = vcpe_container_reserved
226 dhcp_vcpe_offset = len(cls.vcpes_reserved)
A R Karthick927129c2017-04-25 14:08:02 -0700[diff] [blame]227 cls.dhcp_vcpes = [ 'vcpe{}.{}.{}'.format(i+dhcp_vcpe_offset, cls.vcpes_dhcp[i]['s_tag'], cls.vcpes_dhcp[i]['c_tag'])
228 for i in xrange(len(cls.vcpes_dhcp)) ]
229 cls.untagged_dhcp_vcpes = [ 'vcpe{}'.format(i+dhcp_vcpe_offset) for i in xrange(len(cls.vcpes_dhcp)) ]
230 cls.container_vcpes = [ 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag']) for vcpe in cls.vcpes_dhcp ]
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]231 vcpe_dhcp = None
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]232 vcpe_container = None
233 #cache the first dhcp vcpe in the class for quick testing
234 if cls.vcpes_dhcp:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]235 vcpe_container = cls.container_vcpes[0]
236 vcpe_dhcp = cls.dhcp_vcpes[0]
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]237 if cls.on_pod is False:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]238 vcpe_dhcp = cls.untagged_dhcp_vcpes[0]
239 cls.vcpe_container = vcpe_container_reserved or vcpe_container
240 cls.vcpe_dhcp = vcpe_dhcp_reserved or vcpe_dhcp
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]241 VSGAccess.setUp()
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]242 cls.setUpCordApi()
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]243 if cls.on_pod is True:
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]244 cls.openVCPEAccess(cls.volt_subscriber_info)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]245
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]246 @classmethod
247 def tearDownClass(cls):
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]248 VSGAccess.tearDown()
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]249 if cls.on_pod is True:
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]250 cls.closeVCPEAccess(cls.volt_subscriber_info)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]251
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]252 def cliEnter(self, controller = None):
253 retries = 0
254 while retries < 30:
255 self.cli = OnosCliDriver(controller = controller, connect = True)
256 if self.cli.handle:
257 break
258 else:
259 retries += 1
260 time.sleep(2)
261
262 def cliExit(self):
263 self.cli.disconnect()
264
265 def onos_shutdown(self, controller = None):
266 status = True
267 self.cliEnter(controller = controller)
268 try:
269 self.cli.shutdown(timeout = 10)
270 except:
271 log.info('Graceful shutdown of ONOS failed for controller: %s' %controller)
272 status = False
273
274 self.cliExit()
275 return status
276
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]277 def log_set(self, level = None, app = 'org.onosproject'):
278 CordLogger.logSet(level = level, app = app, controllers = self.controllers, forced = True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]279
A R Karthick9a16a112017-04-07 15:40:05 -0700[diff] [blame]280 @classmethod
281 def get_dhcp(cls, vcpe, mgmt = 'eth0'):
282 """Get DHCP for vcpe interface saving management settings"""
283
284 def put_dhcp():
285 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
286
287 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
288 if vcpe_ip is not None:
289 cls.restore_methods.append(put_dhcp)
290 return vcpe_ip
291
292 @classmethod
293 def config_restore(cls):
294 """Restore the vsg test configuration on test case failures"""
295 for restore_method in cls.restore_methods:
296 restore_method()
297
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]298 def get_vsg_vcpe_pair(self):
299 vcpes = self.vcpes_dhcp
300 vcpe_containers = []
301 vsg_vcpe = {}
302 for vcp in vcpes:
303 vcpe_container = 'vcpe-{}-{}'.format(vcp['s_tag'], vcp['c_tag'])
304 vcpe_containers.append(vcpe_container)
305 vsg = VSGAccess.get_vcpe_vsg(vcpe_container)
306 vsg_vcpe[vcpe_container]=str(vsg.get_ip())
307 return vsg_vcpe
308
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]309 def get_vcpe_containers_and_interfaces(self):
310 vcpe_containers = {}
311 vcpe_interfaces = []
312 vcpes = self.vcpes_dhcp
313 count = 0
314 for vcpe in vcpes:
315 vcpe_intf = 'vcpe{}.{}.{}'.format(count,vcpe['s_tag'],vcpe['c_tag'])
316 vcpe_interfaces.append(vcpe_intf)
317 vcpe_container = 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag'])
318 vcpe_containers[vcpe_intf] = vcpe_container
319 count += 1
320 log.info('vcpe interfaces are %s'%vcpe_interfaces)
321 log.info('vcpe containers are %s'%vcpe_containers)
322 return vcpe_interfaces,vcpe_containers
323
324 def get_vcpe_interface_dhcp_ip(self,vcpe=None):
325 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]326 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]327 st, _ = getstatusoutput('dhclient {}'.format(vcpe))
328 vcpe_ip = get_ip(vcpe)
329 return vcpe_ip
330
331 def release_vcpe_interface_dhcp_ip(self,vcpe=None):
332 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]333 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]334 st, _ = getstatusoutput('dhclient {} -r'.format(vcpe))
335 vcpe_ip = get_ip(vcpe)
336 assert_equal(vcpe_ip, None)
337
338 def add_static_route_via_vcpe_interface(self, routes, vcpe=None,dhcp_ip=True):
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]339 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]340 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]341 if dhcp_ip:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]342 os.system('dhclient '+vcpe)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]343 time.sleep(1)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]344 for route in routes:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]345 log.info('route is %s'%route)
346 cmd = 'ip route add ' + route + ' via 192.168.0.1 '+ 'dev ' + vcpe
347 cmds.append(cmd)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]348 for cmd in cmds:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]349 os.system(cmd)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]350 return True
351
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]352 def del_static_route_via_vcpe_interface(self,routes,vcpe=None,dhcp_release=True):
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]353 if not vcpe:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]354 vcpe = self.vcpe_dhcp
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]355 cmds = []
356 for route in routes:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]357 cmd = 'ip route del ' + route + ' via 192.168.0.1 ' + 'dev ' + vcpe
358 os.system(cmd)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]359 if dhcp_release:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]360 os.system('dhclient '+vcpe+' -r')
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]361 return True
362
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]363 def test_vsg_multiple_subscribers_for_same_vcpe_instace(self):
364 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
365 for vcpe in vcpe_intfs:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]366 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
367 assert_not_equal(vcpe_ip,None)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]368 for vcpe in vcpe_intfs:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]369 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]370
371 def test_vsg_multiple_subscribers_for_same_vcpe_instance_ping_to_external_connectivity(self):
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]372 host = '8.8.8.8'
373 vcpe_intfs, containers = self.get_vcpe_containers_and_interfaces()
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]374 for vcpe in vcpe_intfs:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]375 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
376 assert_not_equal(vcpe_ip,None)
377 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe,dhcp_ip=False)
378 st, _ = getstatusoutput('ping -I {} -c 3 {}'.format(vcpe,host))
379 assert_equal(st, 0)
380 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe,dhcp_release=False)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]381 for vcpe in vcpe_intfs:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]382 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]383
384 def test_vsg_vcpe_interface_gets_dhcp_ip_after_interface_toggle(self):
385 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
386 for vcpe in vcpe_intfs:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]387 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
388 assert_not_equal(vcpe_ip,None)
389 os.system('ifconfig {} down'.format(vcpe))
390 time.sleep(1)
391 os.system('ifconfig {} up'.format(vcpe))
392 time.sleep(1)
393 vcpe_ip2 = get_ip(vcpe)
394 assert_equal(vcpe_ip2,vcpe_ip)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]395 for vcpe in vcpe_intfs:
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]396 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]397
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]398 def test_vsg_health(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]399 """
400 Algo:
401 1. Login to compute node VM
402 2. Get all vSGs
403 3. Ping to all vSGs
404 4. Verifying Ping success
405 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]406 status = True
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]407 if self.on_pod is True:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]408 status = VSGAccess.health_check()
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]409 assert_equal(status, True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]410
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]411 def test_vsg_health_check(self, vsg_name='mysite_vsg-1', verify_status=True):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]412 """
413 Algo:
414 1. If vsg name not specified, Get vsg corresponding to vcpe
415 1. Login to compute mode VM
416 3. Ping to the vSG
417 4. Verifying Ping success
418 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]419 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]420 return
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]421 if not vsg_name:
422 vcpe = self.vcpe_container
423 vsg = VSGAccess.get_vcpe_vsg(vcpe)
424 status = vsg.get_health()
425 assert_equal(status, verify_status)
426 else:
427 vsgs = VSGAccess.get_vsgs()
428 status = None
429 for vsg in vsgs:
430 if vsg.name == vsg_name:
431 status = vsg.get_health()
432 log.info('vsg health check status is %s'%status)
433 assert_equal(status,verify_status)
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]434
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]435 @deferred(TIMEOUT)
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]436 def test_vsg_for_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]437 """
438 Algo:
439 1. Get list of all compute nodes created using Openstack
440 2. Login to compute mode VM
441 3. Get all vSGs
442 4. Verifying atleast one compute node and one vSG created
443 """
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]444 df = defer.Deferred()
445 def vsg_for_vcpe_df(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]446 if self.on_pod is True:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]447 vsgs = VSGAccess.get_vsgs()
448 compute_nodes = VSGAccess.get_compute_nodes()
449 time.sleep(14)
450 assert_not_equal(len(vsgs), 0)
451 assert_not_equal(len(compute_nodes), 0)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]452 df.callback(0)
453 reactor.callLater(0,vsg_for_vcpe_df,df)
454 return df
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]455
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]456 def test_vsg_for_login(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]457 """
458 Algo:
459 1. Login to compute node VM
460 2. Get all vSGs
461 3. Verifying login to vSG is success
462 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]463 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]464 return
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]465 vsgs = VSGAccess.get_vsgs()
466 vsg_access_status = map(lambda vsg: vsg.check_access(), vsgs)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]467 status = filter(lambda st: st == False, vsg_access_status)
468 assert_equal(len(status), 0)
469
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]470 def test_vsg_for_default_route_through_testclient(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]471 """
472 Algo:
473 1. Login to head node
474 2. Verifying for default route in lxc test client
475 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]476 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]477 return
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]478 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
479 cmd = "sudo lxc exec testclient -- route | grep default"
480 status, output = ssh_agent.run_cmd(cmd)
481 assert_equal(status, True)
482
483 def test_vsg_for_external_connectivity_through_testclient(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]484 """
485 Algo:
486 1. Login to head node
487 2. On head node, executing ping to 8.8.8.8 from lxc test client
488 3. Verifying for the ping success
489 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]490 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]491 return
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]492 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
493 cmd = "lxc exec testclient -- ping -c 3 8.8.8.8"
494 status, output = ssh_agent.run_cmd(cmd)
495 assert_equal( status, True)
496
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]497 def vsg_for_external_connectivity(self, subscriber_index, reserved = False):
498 if reserved is True:
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]499 if self.on_pod is True:
500 vcpe = self.dhcp_vcpes_reserved[subscriber_index]
501 else:
502 vcpe = self.untagged_dhcp_vcpes_reserved[subscriber_index]
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]503 else:
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]504 if self.on_pod is True:
505 vcpe = self.dhcp_vcpes[subscriber_index]
506 else:
507 vcpe = self.untagged_dhcp_vcpes[subscriber_index]
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]508 mgmt = 'eth0'
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]509 host = '8.8.8.8'
510 self.success = False
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]511 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]512 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]513 assert_not_equal(vcpe_ip, None)
514 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
515 log.info('Sending icmp echo requests to external network 8.8.8.8')
516 st, _ = getstatusoutput('ping -c 3 8.8.8.8')
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]517 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]518 assert_equal(st, 0)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]519
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]520 def test_vsg_for_external_connectivity(self):
521 """
522 Algo:
523 1. Get dhcp IP to vcpe interface in cord-tester
524 2. Verifying vcpe interface gets dhcp IP
525 3. Ping to 8.8.8.8 and Verifying ping should success
526 4. Restoring management interface configuration in cord-tester
527 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]528 reserved = True
529 if self.on_pod:
530 reserved = self.on_ciab
531 self.vsg_for_external_connectivity(0, reserved = reserved)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]532
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]533 def test_vsg_for_external_connectivity_to_google(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]534 """
535 Algo:
536 1. Get dhcp IP to vcpe interface in cord-tester
537 2. Verifying vcpe interface gets dhcp IP
538 3. Ping to www.google.com and Verifying ping should success
539 4. Restoring management interface configuration in cord-tester
540 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]541 host = 'www.google.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]542 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]543 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]544 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]545 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]546 assert_not_equal(vcpe_ip, None)
547 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
548 log.info('Sending icmp ping requests to %s' %host)
549 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]550 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]551 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]552
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]553 def test_vsg_for_external_connectivity_to_invalid_host(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]554 """
555 Algo:
556 1. Get dhcp IP to vcpe interface in cord-tester
557 2. Verifying vcpe interface gets dhcp IP
558 3. Ping to www.goglee.com and Verifying ping should not success
559 4. Restoring management interface configuration in cord-tester
560 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]561 host = 'www.goglee.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]562 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]563 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]564 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]565 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]566 assert_not_equal(vcpe_ip, None)
567 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
568 log.info('Sending icmp ping requests to non existent host %s' %host)
569 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]570 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]571 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]572
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]573 def test_vsg_for_external_connectivity_with_ttl_1(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]574 """
575 Algo:
576 1. Get dhcp IP to vcpe interface in cord-tester
577 2. Verifying vcpe interface gets dhcp IP
578 3. Ping to 8.8.8.8 with ttl set to 1
579 4. Verifying ping should not success
580 5. Restoring management interface configuration in cord-tester
581 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]582 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]583 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]584 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]585 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]586 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]587 assert_not_equal(vcpe_ip, None)
588 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
589 log.info('Sending icmp ping requests to host %s with ttl 1' %host)
590 st, _ = getstatusoutput('ping -c 1 -t 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]591 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]592 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]593
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]594 def test_vsg_for_external_connectivity_with_wan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]595 """
596 Algo:
597 1. Get dhcp IP to vcpe interface in cord-tester
598 2. Verifying vcpe interface gets dhcp IP
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]599 3. Ping to 8.8.8.8 and Verifying ping succeeds
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]600 4. Now down the WAN interface of vcpe
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]601 5. Ping to 8.8.8.8 and Verifying ping fails
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]602 6. Now Up the WAN interface of vcpe
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]603 7. Ping to 8.8.8.8 and Verifying ping succeeds
604 8. Restoring management interface configuration in cord-tester
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]605 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]606 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]607 return
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]608 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]609 mgmt = 'eth0'
610 vcpe = self.vcpe_container
611 assert_not_equal(vcpe, None)
612 assert_not_equal(self.vcpe_dhcp, None)
613 #first get dhcp on the vcpe interface
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]614 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
615 assert_not_equal(vcpe_ip, None)
616 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
617 log.info('Sending ICMP pings to host %s' %(host))
618 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
619 if st != 0:
620 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
621 assert_equal(st, 0)
622 #bring down the wan interface and check again
623 st = VSGAccess.vcpe_wan_down(vcpe)
624 if st is False:
625 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
626 assert_equal(st, True)
627 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
628 if st == 0:
629 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
630 assert_not_equal(st, 0)
631 st = VSGAccess.vcpe_wan_up(vcpe)
632 if st is False:
633 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
634 assert_equal(st, True)
635 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
636 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
637 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]638
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]639 def test_vsg_for_external_connectivity_with_lan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]640 """
641 Algo:
642 1. Get dhcp IP to vcpe interface in cord-tester
643 2. Verifying vcpe interface gets dhcp IP
644 3. Ping to 8.8.8.8 and Verifying ping should success
645 4. Now down the LAN interface of vcpe
646 5. Ping to 8.8.8.8 and Verifying ping should not success
647 6. Now Up the LAN interface of vcpe
648 7. Ping to 8.8.8.8 and Verifying ping should success
649 8. Restoring management interface configuration in cord-tester
650 """
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]651 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]652 return
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]653 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]654 mgmt = 'eth0'
655 vcpe = self.vcpe_container
656 assert_not_equal(vcpe, None)
657 assert_not_equal(self.vcpe_dhcp, None)
658 #first get dhcp on the vcpe interface
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]659 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
660 assert_not_equal(vcpe_ip, None)
661 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
662 log.info('Sending ICMP pings to host %s' %(host))
663 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
664 if st != 0:
665 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
666 assert_equal(st, 0)
667 #bring down the lan interface and check again
668 st = VSGAccess.vcpe_lan_down(vcpe)
669 if st is False:
670 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
671 assert_equal(st, True)
672 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
673 if st == 0:
674 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
675 assert_not_equal(st, 0)
676 st = VSGAccess.vcpe_lan_up(vcpe)
677 if st is False:
678 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
679 assert_equal(st, True)
680 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
681 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
682 assert_equal(st, 0)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]683
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]684 @deferred(TIMEOUT)
685 def test_vsg_for_external_connectivity_with_vcpe_container_paused(self,vcpe_name=None,vcpe_intf=None):
686 """
687 Algo:
688 1. Get vSG corresponding to vcpe
689 2. Get dhcp ip to vcpe interface
690 3. Add static route to destination route in test container
691 4. From test container ping to destination route and verify ping success
692 5. Login to compute node and execute command to pause vcpe container
693 6. From test container ping to destination route and verify ping success
694 """
695 if not vcpe_name:
696 vcpe_name = self.vcpe_container
697 if not vcpe_intf:
698 vcpe_intf = self.vcpe_dhcp
699 df = defer.Deferred()
700 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]701 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]702 df.callback(0)
703 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]704 host = '8.8.8.8'
705 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
706 try:
707 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
708 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
709 assert_equal(st, False)
710 st, _ = vsg.run_cmd('sudo docker pause {}'.format(vcpe_name))
711 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
712 assert_equal(st, False)
713 finally:
714 vsg.run_cmd('sudo docker unpause'.format(vcpe_name))
715 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
716 df.callback(0)
717 reactor.callLater(0, vcpe_firewall, df)
718 return df
719
720 @deferred(TIMEOUT)
721 def test_vsg_firewall_with_deny_destination_ip(self, vcpe_name=None, vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]722 """
723 Algo:
724 1. Get vSG corresponding to vcpe
725 2. Login to compute node
726 3. Execute iptable command on vcpe from compute node to deny a destination IP
727 4. From cord-tester ping to the denied IP address
728 5. Verifying that ping should not be successful
729 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]730 if not vcpe_name:
731 vcpe_name = self.vcpe_container
732 if not vcpe_intf:
733 vcpe_intf = self.vcpe_dhcp
734 df = defer.Deferred()
735 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]736 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]737 df.callback(0)
738 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]739 host = '8.8.8.8'
740 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
741 try:
742 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
743 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
744 assert_equal(st, False)
745 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
746 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
747 assert_equal(st, True)
748 finally:
749 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
750 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
751 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
752 df.callback(0)
753 reactor.callLater(0, vcpe_firewall, df)
754 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]755
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]756 @deferred(TIMEOUT)
757 def test_vsg_firewall_with_rule_add_and_delete_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]758 """
759 Algo:
760 1. Get vSG corresponding to vcpe
761 2. Login to compute node
762 3. Execute iptable command on vcpe from compute node to deny a destination IP
763 4. From cord-tester ping to the denied IP address
764 5. Verifying that ping should not be successful
765 6. Delete the iptable rule in vcpe
766 7. From cord-tester ping to the denied IP address
767 8. Verifying the ping should success
768 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]769 if not vcpe_name:
770 vcpe_name = self.vcpe_container
771 if not vcpe_intf:
772 vcpe_intf = self.vcpe_dhcp
773 df = defer.Deferred()
774 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]775 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]776 df.callback(0)
777 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]778 host = '8.8.8.8'
779 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
780 try:
781 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
782 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
783 assert_equal(st, False)
784 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
785 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
786 assert_equal(st, True)
787 st,_ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
788 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
789 assert_equal(st, False)
790 finally:
791 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
792 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
793 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
794 df.callback(0)
795 reactor.callLater(0, vcpe_firewall, df)
796 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]797
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]798 @deferred(TIMEOUT)
799 def test_vsg_firewall_verifying_reachability_for_non_blocked_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]800 """
801 Algo:
802 1. Get vSG corresponding to vcpe
803 2. Login to compute node
804 3. Execute iptable command on vcpe from compute node to deny a destination IP
805 4. From cord-tester ping to the denied IP address
806 5. Verifying that ping should not be successful
807 6. From cord-tester ping to the denied IP address other than the denied one
808 7. Verifying the ping should success
809 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]810 if not vcpe_name:
811 vcpe_name = self.vcpe_container
812 if not vcpe_intf:
813 vcpe_intf = self.vcpe_dhcp
814 df = defer.Deferred()
815 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]816 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]817 df.callback(0)
818 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]819 host1 = '8.8.8.8'
820 host2 = '204.79.197.203'
821 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
822 try:
823 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
824 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
825 assert_equal(st, False)
826 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
827 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
828 assert_equal(st, True)
829 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
830 assert_equal(st,False)
831 finally:
832 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
833 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
834 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
835 df.callback(0)
836 reactor.callLater(0, vcpe_firewall, df)
837 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]838
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]839 @deferred(TIMEOUT)
840 def test_vsg_firewall_appending_rules_with_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]841 """
842 Algo:
843 1. Get vSG corresponding to vcpe
844 2. Login to compute node
845 3. Execute iptable command on vcpe from compute node to deny a destination IP1
846 4. From cord-tester ping to the denied IP address IP1
847 5. Verifying that ping should not be successful
848 6. Execute iptable command on vcpe from compute node to deny a destination IP2
849 6. From cord-tester ping to the denied IP address IP2
850 7. Verifying that ping should not be successful
851 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]852 if not vcpe_name:
853 vcpe_name = self.vcpe_container
854 if not vcpe_intf:
855 vcpe_intf = self.vcpe_dhcp
856 df = defer.Deferred()
857 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]858 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]859 df.callback(0)
860 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]861 host1 = '8.8.8.8'
862 host2 = '204.79.197.203'
863 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
864 try:
865 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
866 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
867 assert_equal(st, False)
868 st,_ = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name))
869 time.sleep(2)
870 st,_ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
871 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
872 assert_equal(st, True)
873 st, out = getstatusoutput('ping -c 1 {}'.format(host2))
874 log.info('host2 ping output is %s'%out)
875 assert_equal(st, False)
876 st, _ = vsg.run_cmd('sudo docker exec {} iptables -A FORWARD -d {} -j DROP'.format(vcpe_name,host2))
877 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
878 assert_equal(st,True)
879 finally:
880 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
881 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
882 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
883 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
884 df.callback(0)
885 reactor.callLater(0, vcpe_firewall, df)
886 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]887
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]888 @deferred(TIMEOUT)
889 def test_vsg_firewall_removing_one_rule_denying_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]890 """
891 Algo:
892 1. Get vSG corresponding to vcpe
893 2. Login to compute node
894 3. Execute iptable command on vcpe from compute node to deny a destination IP1
895 4. Execute iptable command on vcpe from compute node to deny a destination IP2
896 5. From cord-tester ping to the denied IP address IP1
897 6. Verifying that ping should not be successful
898 7. From cord-tester ping to the denied IP address IP2
899 8. Verifying that ping should not be successful
900 9. Execute iptable command on vcpe from compute node to remove deny a destination IP2 rule
901 10. From cord-tester ping to the denied IP address IP2
902 11. Verifying the ping should success
903 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]904 if not vcpe_name:
905 vcpe_name = self.vcpe_container
906 if not vcpe_intf:
907 vcpe_intf = self.vcpe_dhcp
908 df = defer.Deferred()
909 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]910 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]911 df.callback(0)
912 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]913 host1 = '8.8.8.8'
914 host2 = '204.79.197.203'
915 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
916 try:
917 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp)
918 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
919 assert_equal(st, False)
920 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
921 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host2))
922 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
923 assert_equal(st, True)
924 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
925 assert_equal(st,True)
926 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
927 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
928 assert_equal(st,False)
929 finally:
930 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
931 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
932 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
933 log.info('restarting vcpe container')
934 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
935 df.callback(0)
936 reactor.callLater(0, vcpe_firewall, df)
937 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]938
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]939 @deferred(TIMEOUT)
940 def test_vsg_firewall_changing_rule_id_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]941 """
942 Algo:
943 1. Get vSG corresponding to vcpe
944 2. Login to compute node
945 3. Execute iptable command on vcpe from compute node to deny a destination IP
946 5. From cord-tester ping to the denied IP address IP1
947 6. Verifying that ping should not be successful
948 9. Execute iptable command on vcpe from compute node to change the rule ID to 2 to deny the same destination IP
949 10. From cord-tester ping to the denied IP address IP
950 11. Verifying that ping should not be successful
951 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]952 if not vcpe_name:
953 vcpe_name = self.vcpe_container
954 if not vcpe_intf:
955 vcpe_intf = self.vcpe_dhcp
956 df = defer.Deferred()
957 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]958 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]959 df.callback(0)
960 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]961 host = '8.8.8.8'
962 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
963 try:
964 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
965 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
966 assert_equal(st, False)
967 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
968 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
969 assert_equal(st, True)
970 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP '.format(vcpe_name,host))
971 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
972 assert_equal(st,True)
973 finally:
974 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
975 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
976 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
977 df.callback(0)
978 reactor.callLater(0, vcpe_firewall, df)
979 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]980
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]981 @deferred(TIMEOUT)
982 def test_vsg_firewall_changing_deny_rule_to_accept_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]983 """
984 Algo:
985 1. Get vSG corresponding to vcpe
986 2. Login to compute node
987 3. Execute iptable command on vcpe from compute node to deny a destination IP
988 5. From cord-tester ping to the denied IP address IP1
989 6. Verifying that ping should not be successful
990 9. Execute iptable command on vcpe from compute node to accept the same destination IP
991 10. From cord-tester ping to the accepted IP
992 11. Verifying the ping should success
993 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]994 if not vcpe_name:
995 vcpe_name = self.vcpe_container
996 if not vcpe_intf:
997 vcpe_intf = self.vcpe_dhcp
998 df = defer.Deferred()
999 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1000 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1001 df.callback(0)
1002 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1003 host = '8.8.8.8'
1004 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1005 try:
1006 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1007 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1008 assert_equal(st, False)
1009 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1010 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1011 assert_equal(st, True)
1012 st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -d {} -j ACCEPT'.format(vcpe_name,host))
1013 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1014 assert_equal(st,False)
1015 finally:
1016 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1017 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j ACCEPT'.format(vcpe_name,host))
1018 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1019 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1020 df.callback(0)
1021 reactor.callLater(0, vcpe_firewall, df)
1022 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1023
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1024 @deferred(TIMEOUT) #Fail
1025 def test_vsg_firewall_denying_destination_network(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1026 """
1027 Algo:
1028 1. Get vSG corresponding to vcpe
1029 2. Login to compute node
1030 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet
1031 4. From cord-tester ping to the denied IP address IP1 in the denied subnet
1032 5. Verifying that ping should not be successful
1033 6. From cord-tester ping to the denied IP address IP2 in the denied subnet
1034 7. Verifying that ping should not be successful
1035 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1036 if not vcpe_name:
1037 vcpe_name = self.vcpe_container
1038 if not vcpe_intf:
1039 vcpe_intf = self.vcpe_dhcp
1040 df = defer.Deferred()
1041 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1042 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1043 df.callback(0)
1044 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1045 network = '204.79.197.192/28'
1046 host1 = '204.79.197.203'
1047 host2 = '204.79.197.210'
1048 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1049 try:
1050 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp)
1051 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1052 assert_equal(st, False)
1053 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network))
1054 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1055 assert_equal(st, True)
1056 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1057 assert_equal(st,False)
1058 finally:
1059 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network))
1060 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
1061 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1062 df.callback(0)
1063 reactor.callLater(0, vcpe_firewall, df)
1064 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1065
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1066 @deferred(TIMEOUT)
1067 def test_vsg_firewall_denying_destination_network_subnet_modification(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1068 """
1069 Algo:
1070 1. Get vSG corresponding to vcpe
1071 2. Login to compute node
1072 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet
1073 4. From cord-tester ping to the denied IP address IP1 in the denied subnet
1074 5. Verifying that ping should not be successful
1075 6. From cord-tester ping to the denied IP address IP2 in the denied subnet
1076 7. Verifying that ping should not be successful
1077 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1078 if not vcpe_name:
1079 vcpe_name = self.vcpe_container
1080 if not vcpe_intf:
1081 vcpe_intf = self.vcpe_dhcp
1082 df = defer.Deferred()
1083 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1084 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1085 df.callback(0)
1086 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1087 network1 = '204.79.197.192/28'
1088 network2 = '204.79.197.192/27'
1089 host1 = '204.79.197.203'
1090 host2 = '204.79.197.210'
1091 host3 = '204.79.197.224'
1092 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1093 try:
1094 self.add_static_route_via_vcpe_interface([host1,host2,host3],vcpe=self.vcpe_dhcp)
1095 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1096 assert_equal(st, False)
1097 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network1))
1098 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1099 assert_equal(st, True)
1100 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1101 assert_equal(st,False)
1102 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP'.format(vcpe_name,network2))
1103 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1104 assert_equal(st, True)
1105 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1106 assert_equal(st, True)
1107 st, _ = getstatusoutput('ping -c 1 {}'.format(host3))
1108 assert_equal(st, False)
1109 finally:
1110 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network1))
1111 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network2))
1112 self.del_static_route_via_vcpe_interface([host1,host2,host3],vcpe=vcpe_intf)
1113 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1114 df.callback(0)
1115 reactor.callLater(0, vcpe_firewall, df)
1116 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1117
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1118 @deferred(TIMEOUT)
1119 def test_vsg_firewall_with_deny_source_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1120 """
1121 Algo:
1122 1. Get vSG corresponding to vcpe
1123 2. Login to compute node
1124 3. Execute iptable command on vcpe from compute node to deny a source IP
1125 4. From cord-tester ping to 8.8.8.8 from the denied IP
1126 5. Verifying that ping should not be successful
1127 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1128 if not vcpe_name:
1129 vcpe_name = self.vcpe_container
1130 if not vcpe_intf:
1131 vcpe_intf = self.vcpe_dhcp
1132 df = defer.Deferred()
1133 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1134 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1135 df.callback(0)
1136 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1137 host = '8.8.8.8'
1138 #source_ip = get_ip(self.vcpe_dhcp)
1139 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1140 try:
1141 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1142 source_ip = get_ip(self.vcpe_dhcp)
1143 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1144 assert_equal(st, False)
1145 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1146 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1147 assert_equal(st, True)
1148 finally:
1149 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1150 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1151 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1152 df.callback(0)
1153 reactor.callLater(0, vcpe_firewall, df)
1154 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1155
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1156 @deferred(TIMEOUT)
1157 def test_vsg_firewall_rule_with_add_and_delete_deny_source_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1158 """
1159 Algo:
1160 1. Get vSG corresponding to vcpe
1161 2. Login to compute node
1162 3. Execute iptable command on vcpe from compute node to deny a source IP
1163 4. From cord-tester ping to 8.8.8.8 from the denied IP
1164 5. Verifying that ping should not be successful
1165 6. Delete the iptable rule in vcpe
1166 7. From cord-tester ping to 8.8.8.8 from the denied IP
1167 8. Verifying the ping should success
1168 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1169 if not vcpe_name:
1170 vcpe_name = self.vcpe_container
1171 if not vcpe_intf:
1172 vcpe_intf = self.vcpe_dhcp
1173 df = defer.Deferred()
1174 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1175 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1176 df.callback(0)
1177 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1178 host = '8.8.8.8'
1179 source_ip = get_ip(self.vcpe_dhcp)
1180 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1181 try:
1182 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1183 source_ip = get_ip(self.vcpe_dhcp)
1184 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1185 assert_equal(st, False)
1186 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1187 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1188 assert_equal(st, True)
1189 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1190 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1191 assert_equal(st, False)
1192 finally:
1193 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1194 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1195 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1196 df.callback(0)
1197 reactor.callLater(0, vcpe_firewall, df)
1198 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1199
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1200 @deferred(TIMEOUT)
1201 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_requests_type(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1202 """
1203 Algo:
1204 1. Get vSG corresponding to vcpe
1205 2. Login to compute node
1206 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets
1207 4. From cord-tester ping to 8.8.8.8
1208 5. Verifying that ping should not be successful
1209 6. Delete the iptable rule
1210 7. From cord-tester ping to 8.8.8.8
1211 8. Verifying the ping should success
1212 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1213 if not vcpe_name:
1214 vcpe_name = self.vcpe_container
1215 if not vcpe_intf:
1216 vcpe_intf = self.vcpe_dhcp
1217 df = defer.Deferred()
1218 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1219 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1220 df.callback(0)
1221 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1222 host = '8.8.8.8'
1223 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1224 try:
1225 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1226 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1227 assert_equal(st, False)
1228 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1229 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1230 assert_equal(st, True)
1231 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1232 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1233 assert_equal(st, False)
1234 finally:
1235 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1236 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1237 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1238 df.callback(0)
1239 reactor.callLater(0, vcpe_firewall, df)
1240 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1241
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1242 @deferred(TIMEOUT)
1243 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1244 """
1245 Algo:
1246 1. Get vSG corresponding to vcpe
1247 2. Login to compute node
1248 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets
1249 4. From cord-tester ping to 8.8.8.8
1250 5. Verifying that ping should not be successful
1251 6. Delete the iptable rule
1252 7. From cord-tester ping to 8.8.8.8
1253 8. Verifying the ping should success
1254 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1255 if not vcpe_name:
1256 vcpe_name = self.vcpe_container
1257 if not vcpe_intf:
1258 vcpe_intf = self.vcpe_dhcp
1259 df = defer.Deferred()
1260 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1261 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1262 df.callback(0)
1263 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1264 host = '8.8.8.8'
1265 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1266 try:
1267 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1268 st, _ = getstatusoutput('ping -c 1 {}'.format('8.8.8.8'))
1269 assert_equal(st, False)
1270 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1271 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1272 assert_equal(st, True)
1273 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1274 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1275 assert_equal(st,False)
1276 finally:
1277 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1278 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1279 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1280 df.callback(0)
1281 reactor.callLater(0, vcpe_firewall, df)
1282 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1283
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1284 @deferred(TIMEOUT)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1285 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_requests_type(self, vcpe_name=None, vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1286 """
1287 Algo:
1288 1. Get vSG corresponding to vcpe
1289 2. Login to compute node
1290 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets
1291 4. From cord-tester ping to 8.8.8.8
1292 5. Verifying that ping should not be successful
1293 6. Insert another rule to accept the icmp-echo requests protocol packets
1294 7. From cord-tester ping to 8.8.8.8
1295 8. Verifying the ping should success
1296 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1297 if not vcpe_name:
1298 vcpe_name = self.vcpe_container
1299 if not vcpe_intf:
1300 vcpe_intf = self.vcpe_dhcp
1301 df = defer.Deferred()
1302 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1303 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1304 df.callback(0)
1305 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1306 host = '8.8.8.8'
1307 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1308 try:
1309 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1310 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1311 assert_equal(st, False)
1312 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1313 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1314 assert_equal(st, True)
1315 st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name))
1316 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1317 assert_equal(st,False)
1318 finally:
1319 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1320 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name))
1321 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1322 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1323 df.callback(0)
1324 reactor.callLater(0, vcpe_firewall, df)
1325 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1326
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1327 @deferred(TIMEOUT)
1328 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None):
1329 """
1330 Algo:
1331 1. Get vSG corresponding to vcpe
1332 2. Login to compute node
1333 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets
1334 4. From cord-tester ping to 8.8.8.8
1335 5. Verifying the ping should not success
1336 6. Insert another rule to accept the icmp-echo requests protocol packets
1337 7. From cord-tester ping to 8.8.8.8
1338 8. Verifying the ping should success
1339 """
1340 if not vcpe_name:
1341 vcpe_name = self.vcpe_container
1342 if not vcpe_intf:
1343 vcpe_intf = self.vcpe_dhcp
1344 df = defer.Deferred()
1345 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1346 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1347 df.callback(0)
1348 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1349 host = '8.8.8.8'
1350 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1351 try:
1352 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1353 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1354 assert_equal(st, False)
1355 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1356 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1357 assert_equal(st, True)
1358 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name))
1359 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1360 assert_equal(st,False)
1361 finally:
1362 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1363 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name))
1364 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1365 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1366 df.callback(0)
1367 reactor.callLater(0, vcpe_firewall, df)
1368 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1369
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1370 @deferred(TIMEOUT)
1371 def test_vsg_firewall_for_deny_icmp_protocol(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1372 """
1373 Algo:
1374 1. Get vSG corresponding to vcpe
1375 2. Login to compute node
1376 3. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1377 4. From cord-tester ping to 8.8.8.8
1378 5. Verifying that ping should not be successful
1379 6. Delete the iptable rule
1380 7. From cord-tester ping to 8.8.8.8
1381 8. Verifying the ping should success
1382 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1383 if not vcpe_name:
1384 vcpe_name = self.vcpe_container
1385 if not vcpe_intf:
1386 vcpe_intf = self.vcpe_dhcp
1387 df = defer.Deferred()
1388 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1389 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1390 df.callback(0)
1391 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1392 host = '8.8.8.8'
1393 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1394 try:
1395 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1396 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1397 assert_equal(st, False)
1398 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1399 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1400 assert_equal(st, True)
1401 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1402 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1403 assert_equal(st,False)
1404 finally:
1405 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1406 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1407 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1408 df.callback(0)
1409 reactor.callLater(0, vcpe_firewall, df)
1410 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1411
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1412 @deferred(TIMEOUT)
1413 def test_vsg_firewall_rule_deny_icmp_protocol_and_destination_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1414 """
1415 Algo:
1416 1. Get vSG corresponding to vcpe
1417 2. Login to compute node
1418 3. Execute iptable command on vcpe from compute node to deny a destination IP
1419 4. From cord-tester ping to 8.8.8.8
1420 5. Verifying that ping should not be successful
1421 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1422 7. From cord-tester ping to 8.8.8.8
1423 8. Verifying the ping should success
1424 9. Delete the rule added in step 3
1425 10. From cord-tester ping to 8.8.8.8
1426 11. Verifying that ping should not be successful
1427 12. Delete the rule added in step 6
1428 13. From cord-tester ping to 8.8.8.8
1429 14. Verifying the ping should success
1430 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1431 if not vcpe_name:
1432 vcpe_name = self.vcpe_container
1433 if not vcpe_intf:
1434 vcpe_intf = self.vcpe_dhcp
1435 df = defer.Deferred()
1436 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1437 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1438 df.callback(0)
1439 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1440 host = '8.8.8.8'
1441 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1442 try:
1443 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1444 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1445 assert_equal(st, False)
1446 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1447 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1448 assert_equal(st, True)
1449 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1450 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1451 assert_equal(st, True)
1452 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1453 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1454 assert_equal(st, True)
1455 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1456 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1457 assert_equal(st,False)
1458 finally:
1459 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1460 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1461 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1462 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1463 df.callback(0)
1464 reactor.callLater(0, vcpe_firewall, df)
1465 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1466
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1467 @deferred(TIMEOUT) #Fail
1468 def test_vsg_firewall_flushing_all_configured_rules(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1469 """
1470 Algo:
1471 1. Get vSG corresponding to vcpe
1472 2. Login to compute node
1473 3. Execute iptable command on vcpe from compute node to deny a destination IP
1474 4. From cord-tester ping to 8.8.8.8
1475 5. Verifying that ping should not be successful
1476 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1477 7. From cord-tester ping to 8.8.8.8
1478 8. Verifying the ping should success
1479 9. Flush all the iptable rules configuraed in vcpe
1480 10. Delete the rule added in step 6
1481 11. From cord-tester ping to 8.8.8.8
1482 12. Verifying the ping should success
1483 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1484 if not vcpe_name:
1485 vcpe_name = self.vcpe_container
1486 if not vcpe_intf:
1487 vcpe_intf = self.vcpe_dhcp
1488 df = defer.Deferred()
1489 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1490 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1491 df.callback(0)
1492 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1493 host = '8.8.8.8'
1494 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1495 try:
1496 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1497 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1498 assert_equal(st, False)
1499 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1500 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1501 assert_equal(st, True)
1502 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1503 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1504 assert_equal(st, True)
1505 st,output = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name))
1506 time.sleep(1)
1507 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1508 assert_equal(st, False)
1509 finally:
1510 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1511 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1512 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1513 df.callback(0)
1514 reactor.callLater(0, vcpe_firewall, df)
1515 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1516
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1517 @deferred(TIMEOUT)
1518 def test_vsg_firewall_deny_all_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1519 """
1520 Algo:
1521 1. Get vSG corresponding to vcpe
1522 2. Login to compute node
1523 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic
1524 4. From cord-tester ping to 8.8.8.8
1525 5. Verifying that ping should not be successful
1526 6. Delete the iptable rule added
1527 7. From cord-tester ping to 8.8.8.8
1528 8. Verifying the ping should success
1529 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1530 if not vcpe_name:
1531 vcpe_name = self.vcpe_container
1532 if not vcpe_intf:
1533 vcpe_intf = self.vcpe_dhcp
1534 df = defer.Deferred()
1535 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1536 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1537 df.callback(0)
1538 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1539 host = '8.8.8.8'
1540 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1541 try:
1542 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1543 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1544 assert_equal(st, False)
1545 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1546 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1547 assert_equal(st, True)
1548 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1549 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1550 assert_equal(st, False)
1551 finally:
1552 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1553 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1554 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1555 df.callback(0)
1556 reactor.callLater(0, vcpe_firewall, df)
1557 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1558
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1559 @deferred(TIMEOUT)
1560 def test_vsg_firewall_replacing_deny_rule_to_accept_rule_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1561 """
1562 Algo:
1563 1. Get vSG corresponding to vcpe
1564 2. Login to compute node
1565 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic
1566 4. From cord-tester ping to 8.8.8.8
1567 5. Verifying that ping should not be successful
1568 6. Replace the deny rule added in step 3 with accept rule
1569 7. From cord-tester ping to 8.8.8.8
1570 8. Verifying the ping should success
1571 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1572 if not vcpe_name:
1573 vcpe_name = self.vcpe_container
1574 if not vcpe_intf:
1575 vcpe_intf = self.vcpe_dhcp
1576 df = defer.Deferred()
1577 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1578 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1579 df.callback(0)
1580 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1581 host = '8.8.8.8'
1582 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1583 try:
1584 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1585 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1586 assert_equal(st, False)
1587 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1588 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1589 assert_equal(st, True)
1590 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -4 -j ACCEPT'.format(vcpe_name))
1591 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1592 assert_equal(st, False)
1593 finally:
1594 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1595 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1596 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1597 df.callback(0)
1598 reactor.callLater(0, vcpe_firewall, df)
1599 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1600
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1601 @deferred(TIMEOUT)
1602 def test_vsg_firewall_deny_all_traffic_coming_on_lan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
1603 """
1604 Algo:
1605 1. Get vSG corresponding to vcpe
1606 2. Login to compute node
1607 3. Execute iptable command on vcpe from compute node to deny all the traffic coming on lan interface inside vcpe container
1608 4. From cord-tester ping to 8.8.8.8
1609 5. Verifying the ping should not success
1610 6. Delete the iptable rule added
1611 7. From cord-tester ping to 8.8.8.8
1612 8. Verifying the ping should success
1613 """
1614 if not vcpe_name:
1615 vcpe_name = self.vcpe_container
1616 if not vcpe_intf:
1617 vcpe_intf = self.vcpe_dhcp
1618 df = defer.Deferred()
1619 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1620 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1621 df.callback(0)
1622 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1623 host = '8.8.8.8'
1624 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1625 try:
1626 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1627 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1628 assert_equal(st, False)
1629 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -j DROP'.format(vcpe_name))
1630 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1631 assert_equal(st, True)
1632 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name))
1633 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1634 assert_equal(st, False)
1635 finally:
1636 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name))
1637 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1638 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1639 df.callback(0)
1640 reactor.callLater(0, vcpe_firewall, df)
1641 return df
1642
1643 @deferred(TIMEOUT)
1644 def test_vsg_firewall_deny_all_traffic_going_out_of_wan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
1645 """
1646 Algo:
1647 1. Get vSG corresponding to vcpe
1648 2. Login to compute node
1649 3. Execute iptable command on vcpe from compute node to deny all the traffic going out of wan interface inside vcpe container
1650 4. From cord-tester ping to 8.8.8.8
1651 5. Verifying the ping should not success
1652 6. Delete the iptable rule added
1653 7. From cord-tester ping to 8.8.8.8
1654 8. Verifying the ping should success
1655 """
1656 if not vcpe_name:
1657 vcpe_name = self.vcpe_container
1658 if not vcpe_intf:
1659 vcpe_intf = self.vcpe_dhcp
1660 df = defer.Deferred()
1661 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1662 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1663 df.callback(0)
1664 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1665 host = '8.8.8.8'
1666 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1667 try:
1668 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1669 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1670 assert_equal(st, False)
1671 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -o eth0 -j DROP'.format(vcpe_name))
1672 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1673 assert_equal(st, True)
1674 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name))
1675 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1676 assert_equal(st, False)
1677 finally:
1678 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name))
1679 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1680 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1681 df.callback(0)
1682 reactor.callLater(0, vcpe_firewall, df)
1683 return df
1684
1685 @deferred(TIMEOUT)
1686 def test_vsg_firewall_deny_all_traffic_from_lan_to_wan_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1687 """
1688 Algo:
1689 1. Get vSG corresponding to vcpe
1690 2. Login to compute node
1691 3. Execute iptable command on vcpe from compute node to deny all the traffic from lan to wan interface in vcpe
1692 4. From cord-tester ping to 8.8.8.8
1693 5. Verifying that ping should not be successful
1694 6. Delete the iptable rule added
1695 7. From cord-tester ping to 8.8.8.8
1696 8. Verifying the ping should success
1697 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1698 if not vcpe_name:
1699 vcpe_name = self.vcpe_container
1700 if not vcpe_intf:
1701 vcpe_intf = self.vcpe_dhcp
1702 df = defer.Deferred()
1703 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1704 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1705 df.callback(0)
1706 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1707 host = '8.8.8.8'
1708 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1709 try:
1710 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1711 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1712 assert_equal(st, False)
1713 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1714 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1715 assert_equal(st, True)
1716 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1717 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1718 assert_equal(st, False)
1719 finally:
1720 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1721 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1722 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1723 df.callback(0)
1724 reactor.callLater(0, vcpe_firewall, df)
1725 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1726
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1727
1728 #this test case needs modification.default route should be vcpe interface to run this test case
1729 @deferred(TIMEOUT)
1730 def test_vsg_firewall_deny_all_dns_traffic(self,vcpe_name=None,vcpe_intf=None):
1731 """
1732 Algo:
1733 1. Get vSG corresponding to vcpe
1734 2. Login to compute node
1735 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1736 4. From cord-tester ping to www.google.com
1737 5. Verifying the ping should not success
1738 6. Delete the iptable rule added
1739 7. From cord-tester ping to www.google.com
1740 8. Verifying the ping should success
1741 """
1742 if not vcpe_name:
1743 vcpe_name = self.vcpe_container
1744 if not vcpe_intf:
1745 vcpe_intf = self.vcpe_dhcp
1746 df = defer.Deferred()
1747 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1748 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1749 df.callback(0)
1750 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1751 host = 'www.msn.com'
1752 host_ip = '131.253.33.203'
1753 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1754 try:
1755 self.add_static_route_via_vcpe_interface([host_ip],vcpe=self.vcpe_dhcp)
1756 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1757 assert_equal(st, False)
1758 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name))
1759 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1760 assert_equal(st, True)
1761 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p udp --dport 53 -j ACCEPT'.format(vcpe_name))
1762 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1763 assert_equal(st, False)
1764 finally:
1765 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name))
1766 self.del_static_route_via_vcpe_interface([host_ip],vcpe=vcpe_intf)
1767 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1768 df.callback(0)
1769 reactor.callLater(0, vcpe_firewall, df)
1770 return df
1771
1772 @deferred(TIMEOUT)
1773 def test_vsg_firewall_deny_all_ipv4_traffic_vcpe_container_restart(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1774 """
1775 Algo:
1776 1. Get vSG corresponding to vcpe
1777 2. Login to compute node
1778 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1779 4. From cord-tester ping to www.google.com
1780 5. Verifying that ping should not be successful
1781 6. Delete the iptable rule added
1782 7. From cord-tester ping to www.google.com
1783 8. Verifying the ping should success
1784 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1785 if not vcpe_name:
1786 vcpe_name = self.vcpe_container
1787 if not vcpe_intf:
1788 vcpe_intf = self.vcpe_dhcp
1789 df = defer.Deferred()
1790 def vcpe_firewall(df):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1791 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1792 df.callback(0)
1793 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1794 host = '8.8.8.8'
1795 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1796 try:
1797 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1798 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1799 assert_equal(st, False)
1800 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1801 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1802 assert_equal(st, True)
1803 st,output = vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1804 time.sleep(3)
1805 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1806 assert_equal(st, False)
1807 finally:
1808 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1809 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1810 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1811 df.callback(0)
1812 reactor.callLater(0, vcpe_firewall, df)
1813 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1814
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1815 @deferred(TIMEOUT)
1816 def test_vsg_dnat_modifying_destination_ip(self,vcpe_name=None,vcpe_intf=None):
1817 """
1818 Algo:
1819 1. Get vSG corresponding to vcpe
1820 2. Login to compute node
1821 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1822 4. From cord-tester ping to www.google.com
1823 5. Verifying the ping should not success
1824 6. Delete the iptable rule added
1825 7. From cord-tester ping to www.google.com
1826 8. Verifying the ping should success
1827 """
1828 if not vcpe_name:
1829 vcpe_name = self.vcpe_container
1830 if not vcpe_intf:
1831 vcpe_intf = self.vcpe_dhcp
1832 df = defer.Deferred()
1833 def vcpe_firewall(df):
1834 host = '8.8.8.8'
1835 dst_ip = '123.123.123.123'
1836 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1837 try:
1838 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1839 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1840 assert_equal(st, False)
1841 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1842 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1843 assert_equal(st, True)
1844 finally:
1845 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1846 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1847 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1848 df.callback(0)
1849 reactor.callLater(0,vcpe_firewall,df)
1850 return df
1851
1852 @deferred(TIMEOUT)
1853 def test_vsg_dnat_modifying_destination_ip_and_delete(self,vcpe_name=None,vcpe_intf=None):
1854 """
1855 Algo:
1856 1. Get vSG corresponding to vcpe
1857 2. Login to compute node
1858 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1859 4. From cord-tester ping to www.google.com
1860 5. Verifying the ping should not success
1861 6. Delete the iptable rule added
1862 7. From cord-tester ping to www.google.com
1863 8. Verifying the ping should success
1864 """
1865 if not vcpe_name:
1866 vcpe_name = self.vcpe_container
1867 if not vcpe_intf:
1868 vcpe_intf = self.vcpe_dhcp
1869 df = defer.Deferred()
1870 def vcpe_firewall(df):
1871 host = '8.8.8.8'
1872 dst_ip = '123.123.123.123'
1873 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1874 try:
1875 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1876 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1877 assert_equal(st, False)
1878 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1879 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1880 assert_equal(st, True)
1881 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1882 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1883 assert_equal(st, False)
1884 finally:
1885 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1886 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1887 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1888 df.callback(0)
1889 reactor.callLater(0,vcpe_firewall,df)
1890 return df
1891
1892 @deferred(TIMEOUT)
1893 def test_vsg_dnat_change_modifying_destination_ip_address(self,vcpe_name=None,vcpe_intf=None):
1894 """
1895 Algo:
1896 1. Get vSG corresponding to vcpe
1897 2. Login to compute node
1898 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1899 4. From cord-tester ping to www.google.com
1900 5. Verifying the ping should not success
1901 6. Delete the iptable rule added
1902 7. From cord-tester ping to www.google.com
1903 8. Verifying the ping should success
1904 """
1905 if not vcpe_name:
1906 vcpe_name = self.vcpe_container
1907 if not vcpe_intf:
1908 vcpe_intf = self.vcpe_dhcp
1909 df = defer.Deferred()
1910 def vcpe_firewall(df):
1911 host = '8.8.8.8'
1912 dst_ip = '123.123.123.123'
1913 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1914 try:
1915 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1916 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1917 assert_equal(st, False)
1918 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1919 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1920 assert_equal(st, True)
1921 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -R PREROUTING 1 -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,host))
1922 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1923 assert_equal(st, False)
1924 finally:
1925 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1926 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,host))
1927 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1928 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1929 df.callback(0)
1930 reactor.callLater(0,vcpe_firewall,df)
1931 return df
1932
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]1933 def vsg_xos_subscriber_create(self, index):
A R Karthick19771192017-04-25 14:57:05 -0700[diff] [blame]1934 if self.on_pod is False:
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1935 return
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]1936 subscriber_info = self.subscriber_info[index]
1937 volt_subscriber_info = self.volt_subscriber_info[index]
A R Karthickd0b06792017-04-25 15:11:23 -0700[diff] [blame]1938 s_tag = int(volt_subscriber_info['voltTenant']['s_tag'])
1939 c_tag = int(volt_subscriber_info['voltTenant']['c_tag'])
1940 vcpe = 'vcpe-{}-{}'.format(s_tag, c_tag)
1941 log.info('Creating tenant with s_tag: %d, c_tag: %d' %(s_tag, c_tag))
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]1942 subId = ''
1943 try:
1944 result = self.restApiXos.ApiPost('TENANT_SUBSCRIBER', subscriber_info)
1945 assert_equal(result, True)
1946 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
1947 assert_not_equal(result, None)
1948 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
1949 assert_not_equal(subId, '0')
1950 log.info('Subscriber ID for account num %d = %s' %(volt_subscriber_info['account_num'], subId))
1951 volt_tenant = volt_subscriber_info['voltTenant']
1952 #update the subscriber id in the tenant info before making the rest
1953 volt_tenant['subscriber'] = subId
1954 result = self.restApiXos.ApiPost('TENANT_VOLT', volt_tenant)
1955 assert_equal(result, True)
1956 #if the vsg instance was already instantiated, then reduce delay
1957 if c_tag % self.subscribers_per_s_tag == 0:
1958 delay = 350
1959 else:
1960 delay = 90
1961 log.info('Delaying %d seconds for the VCPE to be provisioned' %(delay))
1962 time.sleep(delay)
1963 log.info('Testing for external connectivity to VCPE %s' %(vcpe))
1964 self.vsg_for_external_connectivity(index)
1965 finally:
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]1966 return subId
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]1967
1968 def vsg_xos_subscriber_delete(self, index, subId = ''):
1969 if self.on_pod is False:
1970 return
1971 subscriber_info = self.subscriber_info[index]
1972 volt_subscriber_info = self.volt_subscriber_info[index]
1973 s_tag = int(volt_subscriber_info['voltTenant']['s_tag'])
1974 c_tag = int(volt_subscriber_info['voltTenant']['c_tag'])
1975 vcpe = 'vcpe-{}-{}'.format(s_tag, c_tag)
1976 log.info('Deleting tenant with s_tag: %d, c_tag: %d' %(s_tag, c_tag))
1977 if not subId:
1978 #get the subscriber id first
1979 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
1980 assert_not_equal(result, None)
1981 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
1982 assert_not_equal(subId, '0')
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]1983 #get the volt id for the subscriber
1984 result = self.restApiXos.ApiGet('TENANT_VOLT')
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]1985 assert_not_equal(result, None)
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]1986 voltId = self.getVoltId(result, subId)
1987 assert_not_equal(voltId, None)
A R Karthicka385cea2017-04-26 10:12:43 -0700[diff] [blame]1988 log.info('Deleting subscriber ID %s for account num %d' %(subId, volt_subscriber_info['account_num']))
1989 status = self.restApiXos.ApiDelete('TENANT_SUBSCRIBER', subId)
1990 assert_equal(status, True)
A R Karthick97e08852017-04-26 10:06:38 -0700[diff] [blame]1991 #Delete the tenant
1992 log.info('Deleting VOLT Tenant ID %s for subscriber %s' %(voltId, subId))
A R Karthick76944872017-04-26 10:21:37 -0700[diff] [blame]1993 self.restApiXos.ApiDelete('TENANT_VOLT', voltId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]1994
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame^]1995 def vsg_xos_subscriber_id(self, index):
1996 volt_subscriber_info = self.volt_subscriber_info[index]
1997 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
1998 assert_not_equal(result, None)
1999 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
2000 return subId
2001
2002 def test_vsg_xos_subscriber_create_all(self):
2003 for index in xrange(len(self.subscriber_info)):
2004 #check if the index exists
2005 subId = self.vsg_xos_subscriber_id(index)
2006 if subId and subId != '0':
2007 self.vsg_xos_subscriber_delete(index, subId = subId)
2008 subId = self.vsg_xos_subscriber_create(index)
2009 log.info('Created Subscriber %s' %(subId))
2010
2011 def test_vsg_xos_subscriber_delete_all(self):
2012 for index in xrange(len(self.subscriber_info)):
2013 subId = self.vsg_xos_subscriber_id(index)
2014 if subId and subId != '0':
2015 self.vsg_xos_subscriber_delete(index, subId = subId)
2016
2017 def test_vsg_xos_subscriber_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2018 subId = self.vsg_xos_subscriber_create(0)
2019 if subId and subId != '0':
2020 self.vsg_xos_subscriber_delete(0, subId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2021
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame^]2022 def test_vsg_xos_subscriber_2_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2023 subId = self.vsg_xos_subscriber_create(1)
2024 if subId and subId != '0':
2025 self.vsg_xos_subscriber_delete(1, subId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2026
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame^]2027 def test_vsg_xos_subscriber_3_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2028 subId = self.vsg_xos_subscriber_create(2)
2029 if subId and subId != '0':
2030 self.vsg_xos_subscriber_delete(2, subId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2031
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame^]2032 def test_vsg_xos_subscriber_4_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2033 subId = self.vsg_xos_subscriber_create(3)
2034 if subId and subId != '0':
2035 self.vsg_xos_subscriber_delete(3, subId)
A R Karthick035d2e22017-04-25 13:53:00 -0700[diff] [blame]2036
A R Karthicke29c8d42017-04-27 11:38:52 -0700[diff] [blame^]2037 def test_vsg_xos_subscriber_5_create_and_delete(self):
A R Karthick5d30b3c2017-04-27 10:25:40 -0700[diff] [blame]2038 subId = self.vsg_xos_subscriber_create(4)
2039 if subId and subId != '0':
2040 self.vsg_xos_subscriber_delete(4, subId)
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]2041
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]2042 def test_vsg_for_dns_service(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2043 """
2044 Algo:
2045 1. Create a test client in Prod VM
2046 2. Create a vCPE container in vSG VM inside compute Node
2047 3. Ensure vSG VM and vCPE container created properly
2048 4. Enable dns service in vCPE ( if not by default )
2049 5. Send ping request from test client to valid domain address say, 'www.google'com
2050 6. Verify that dns should resolve ping should success
2051 7. Now send ping request to invalid domain address say 'www.invalidaddress'.com'
2052 8. Verify that dns resolve should fail and hence ping
2053 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2054
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2055 def test_vsg_for_10_subscribers_for_same_service(self):
2056 """
2057 Algo:
2058 1.Create a vSG VM in compute node
2059 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
2060 3.Ensure vSG VM and vCPE container created properly
2061 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to valid external public IP
2062 5.Verify that ping success for all 10 subscribers
2063 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2064
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2065 def test_vsg_for_10_subscribers_for_same_service_ping_invalid_ip(self):
2066 """
2067 Algo:
2068 1.Create a vSG VM in compute Node
2069 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
2070 3.Ensure vSG VM and vCPE container created properly
2071 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to invalid IP
2072 5.Verify that ping fails for all 10 subscribers
2073 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2074
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2075 def test_vsg_for_10_subscribers_for_same_service_ping_valid_and_invalid_ip(self):
2076 """
2077 Algo:
2078 1.Create a vSG VM in VM
2079 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
2080 3.Ensure vSG VM and vCPE container created properly
2081 4.From first 5 subscribers, with same s-tag and different c-tag, send a ping to valid IP
2082 5.Verify that ping success for all 5 subscribers
2083 6.From next 5 subscribers, with same s-tag and different c-tag, send a ping to invalid IP
2084 7.Verify that ping fails for all 5 subscribers
2085 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2086
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2087 def test_vsg_for_100_subscribers_for_same_service(self):
2088 """
2089 Algo:
2090 1.Create a vSG VM in compute node
2091 2.Create 100 vCPE containers for 100 subscribers, in vSG VM
2092 3.Ensure vSG VM and vCPE container created properly
2093 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to valid external public IP
2094 5.Verify that ping success for all 100 subscribers
2095 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2096
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2097 def test_vsg_for_100_subscribers_for_same_service_ping_invalid_ip(self):
2098 """
2099 Algo:
2100 1.Create a vSG VM in compute Node
2101 2.Create 10 vCPE containers for 100 subscribers, in vSG VM
2102 3.Ensure vSG VM and vCPE container created properly
2103 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to invalid IP
2104 5.Verify that ping fails for all 100 subscribers
2105 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2106
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2107 def test_vsg_for_100_subscribers_for_same_service_ping_valid_and_invalid_ip(self):
2108 """
2109 Algo:
2110 1.Create a vSG VM in VM
2111 2.Create 10 vCPE containers for 100 subscribers, in vSG VM
2112 3.Ensure vSG VM and vCPE container created properly
2113 4.From first 5 subscribers, with same s-tag and different c-tag, send a ping to valid IP
2114 5.Verify that ping success for all 5 subscribers
2115 6.From next 5 subscribers, with same s-tag and different c-tag, send a ping to invalid IP
2116 7.Verify that ping fails for all 5 subscribers
2117 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2118
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2119 def test_vsg_for_packet_received_with_invalid_ip_fields(self):
2120 """
2121 Algo:
2122 1.Create a vSG VM in compute node
2123 2.Create a vCPE container in vSG VM
2124 3.Ensure vSG VM and vCPE container created properly
2125 4.From subscriber, send a ping packet with invalid ip fields
2126 5.Verify that vSG drops the packet
2127 6.Verify ping fails
2128 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2129
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2130 def test_vsg_for_packet_received_with_invalid_mac_fields(self):
2131 """
2132 Algo:
2133 1.Create a vSG VM in compute node
2134 2.Create a vCPE container in vSG VM
2135 3.Ensure vSG VM and vCPE container created properly
2136 4.From subscriber, send a ping packet with invalid mac fields
2137 5.Verify that vSG drops the packet
2138 6.Verify ping fails
2139 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2140
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2141 def test_vsg_for_vlan_id_mismatch_in_stag(self):
2142 """
2143 Algo:
2144 1.Create a vSG VM in compute Node
2145 2.Create a vCPE container in vSG VM
2146 3.Ensure vSG VM and vCPE container created properly
2147 4.Send a ping request to external valid IP from subscriber, with incorrect vlan id in s-tag and valid c-tag
2148 5.Verify that ping fails as the packet drops at VM entry
2149 6.Repeat step 4 with correct s-tag
2150 7.Verify that ping success
2151 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2152
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2153 def test_vsg_for_vlan_id_mismatch_in_ctag(self):
2154 """
2155 Algo:
2156 1.Create a vSG VM in compute node
2157 2.Create a vCPE container in vSG VM
2158 3.Ensure vSG VM and vCPE container created properly
2159 4.Send a ping request to external valid IP from subscriber, with valid s-tag and incorrect vlan id in c-tag
2160 5.Verify that ping fails as the packet drops at vCPE container entry
2161 6.Repeat step 4 with valid s-tag and c-tag
2162 7.Verify that ping success
2163 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2164
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2165 def test_vsg_for_matching_and_mismatching_vlan_id_in_stag(self):
2166 """
2167 Algo:
2168 1.Create two vSG VMs in compute node
2169 2.Create a vCPE container in each vSG VM
2170 3.Ensure vSG VM and vCPE container created properly
2171 4.From subscriber one, send ping request with valid s and c tags
2172 5.From subscriber two, send ping request with vlan id mismatch in s-tag and valid c tags
2173 6.Verify that ping success for only subscriber one and fails for two.
2174 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2175
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2176 def test_vsg_for_matching_and_mismatching_vlan_id_in_ctag(self):
2177 """
2178 Algo:
2179 1.Create a vSG VM in compute node
2180 2.Create two vCPE containers in vSG VM
2181 3.Ensure vSG VM and vCPE container created properly
2182 4.From subscriber one, send ping request with valid s and c tags
2183 5.From subscriber two, send ping request with valid s-tag and vlan id mismatch in c-tag
2184 6.Verify that ping success for only subscriber one and fails for two
2185 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2186
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2187 def test_vsg_for_out_of_range_vlanid_in_ctag(self):
2188 """
2189 Algo:
2190 1.Create a vSG VM in compute node
2191 2.Create a vCPE container in vSG VM
2192 3.Ensure vSG VM and vCPE container created properly
2193 4.From subscriber, send ping request with valid stag and vlan id in c-tag is an out of range value ( like 0,4097 )
2194 4.Verify that ping fails as the ping packets drops at vCPE container entry
2195 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2196
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2197 def test_vsg_for_out_of_range_vlanid_in_stag(self):
2198 """
2199 Algo:
2200 1.Create a vSG VM in compute node
2201 2.Create a vCPE container in vSG VM
2202 3.Ensure vSG VM and vCPE container created properly
2203 2.From subscriber, send ping request with vlan id in s-tag is an out of range value ( like 0,4097 ), with valid c-tag
2204 4.Verify that ping fails as the ping packets drops at vSG VM entry
2205 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2206
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2207 def test_vsg_without_creating_vcpe_instance(self):
2208 """
2209 Algo:
2210 1.Create a vSG VM in compute Node
2211 2.Ensure vSG VM created properly
2212 3.Do not create vCPE container inside vSG VM
2213 4.From a subscriber, send ping to external valid IP
2214 5.Verify that ping fails as the ping packet drops at vSG VM entry itself.
2215 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2216
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2217 def test_vsg_for_remove_vcpe_instance(self):
2218 """
2219 Algo:
2220 1.Create a vSG VM in compute node
2221 2.Create a vCPE container in vSG VM
2222 3.Ensure vSG VM and vCPE container created properly
2223 4.From subscriber, send ping request with valid s-tag and c-tag
2224 5.Verify that ping success
2225 6.Verify ping success flows in OvS switch in compute node
2226 7.Now remove the vCPE container in vSG VM
2227 8.Ensure that the container removed properly
2228 9.Repeat step 4
2229 10.Verify that now, ping fails
2230 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2231
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2232 def test_vsg_for_restart_vcpe_instance(self):
2233 """
2234 Algo:
2235 1.Create a vSG VM in compute node
2236 2.Create a vCPE container in vSG VM
2237 3.Ensure vSG VM and vCPE container created properly
2238 4.From subscriber, send ping request with valid s-tag and c-tag
2239 5.Verify that ping success
2240 6.Verify ping success flows in OvS switch in compute node
2241 7.Now restart the vCPE container in vSG VM
2242 8.Ensure that the container came up after restart
2243 9.Repeat step 4
2244 10.Verify that now,ping gets success and flows added in OvS
2245 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2246
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2247 def test_vsg_for_restart_vsg_vm(self):
2248 """
2249 Algo:
2250 1.Create a vSG VM in compute node
2251 2.Create a vCPE container in vSG VM
2252 3.Ensure vSG VM and vCPE container created properly
2253 4.From subscriber, send ping request with valid s-tag and c-tag
2254 5.Verify that ping success
2255 6.Verify ping success flows in OvS switch in compute node
2256 7.Now restart the vSG VM
2257 8.Ensure that the vSG comes up properly after restart
2258 9.Verify that vCPE container comes up after vSG restart
2259 10.Repeat step 4
2260 11.Verify that now,ping gets success and flows added in OvS
2261 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2262
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2263 def test_vsg_for_pause_vcpe_instance(self):
2264 """
2265 Algo:
2266 1.Create a vSG VM in compute node
2267 2.Create a vCPE container in vSG VM
2268 3.Ensure vSG VM and vCPE container created properly
2269 4.From subscriber, send ping request with valid s-tag and c-tag
2270 5.Verify that ping success
2271 6.Verify ping success flows in OvS switch in compute node
2272 7.Now pause vCPE container in vSG VM for a while
2273 8.Ensure that the container state is pause
2274 9.Repeat step 4
2275 10.Verify that now,ping fails now and verify flows in OvS
2276 11.Now resume the container
2277 12.Now repeat step 4 again
2278 13.Verify that now, ping gets success
2279 14.Verify ping success flows in OvS
2280 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2281
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2282 def test_vsg_for_extract_all_compute_stats_from_all_vcpe_containers(self):
2283 """
2284 Algo:
2285 1.Create a vSG VM in compute node
2286 2.Create 10 vCPE containers in VM
2287 3.Ensure vSG VM and vCPE containers created properly
2288 4.Login to all vCPE containers
2289 4.Get all compute stats from all vCPE containers
2290 5.Verify the stats # verification method need to add
2291 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2292
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2293 def test_vsg_for_extract_dns_stats_from_all_vcpe_containers(self):
2294 """
2295 Algo:
2296 1.Create a vSG VM in compute node
2297 2.Create 10 vCPE containers in VM
2298 3.Ensure vSG VM and vCPE containers created properly
2299 4.From 10 subscribers, send ping to valid and invalid dns hosts
2300 5.Verify dns resolves and ping success for valid dns hosts
2301 6.Verify ping fails for invalid dns hosts
2302 7.Verify dns host name resolve flows in OvS
2303 8.Login to all 10 vCPE containers
2304 9.Extract all dns stats
2305 10.Verify dns stats for queries sent, queries received for dns host resolve success and failed scenarios
2306 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2307
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2308 def test_vsg_for_subscriber_access_two_vsg_services(self):
2309 """
2310 # Intention is to verify if subscriber can reach internet via two vSG VMs
2311 Algo:
2312 1.Create two vSG VMs for two services in compute node
2313 2.Create one vCPE container in each VM for one subscriber
2314 3.Ensure VMs and containers created properly
2315 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2316 5.Verify ping gets success
2317 6.Verify ping success flows in OvS
2318 7.Now repeat step 4 with stag corresponds to vSG-2 VM
2319 8.Verify that ping again success
2320 9.Verify ping success flows in OvS
2321 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2322
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2323 def test_vsg_for_subscriber_access_service2_if_service1_goes_down(self):
2324 """
2325 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
2326 Algo:
2327 1.Create two vSG VMs for two services in compute node
2328 2.Create one vCPE container in each VM for one subscriber
2329 3.Ensure VMs and containers created properly
2330 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2331 5.Verify ping gets success
2332 6.Verify ping success flows in OvS
2333 7.Down the vSG-1 VM
2334 8.Now repeat step 4
2335 9.Verify that ping fails as vSG-1 is down
2336 10.Repeat step 4 with stag corresponding to vSG-2
2337 9.Verify ping success and flows added in OvS
2338 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2339
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2340 def test_vsg_for_subscriber_access_service2_if_service1_goes_restart(self):
2341 """
2342 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
2343 Algo:
2344 1.Create two vSG VMs for two services in compute node
2345 2.Create one vCPE container in each VM for one subscriber
2346 3.Ensure VMs and containers created properly
2347 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2348 5.Verify ping gets success
2349 6.Verify ping success flows added in OvS
2350 7.Now restart vSG-1 VM
2351 8.Now repeat step 4 while vSG-1 VM restarts
2352 9.Verify that ping fails as vSG-1 is restarting
2353 10.Repeat step 4 with stag corresponding to vSG-2 while vSG-1 VM restarts
2354 11.Verify ping success and flows added in OvS
2355 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2356
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2357 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_goes_down(self):
2358 """
2359 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
2360 Algo:
2361 1.Create a vSG VM in compute node
2362 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2363 3.Ensure VM and containers created properly
2364 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2365 5.Verify ping gets success
2366 6.Verify ping success flows added in OvS
2367 7.Now stop vCPE-1 container
2368 8.Now repeat step 4
2369 9.Verify that ping fails as vCPE-1 container is down
2370 10.Repeat step 4 with ctag corresponding to vCPE-2 container
2371 11.Verify ping success and flows added in OvS
2372 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2373
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2374 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_restart(self):
2375 """
2376 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
2377 Algo:
2378 1.Create a vSG VM in compute node
2379 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2380 3.Ensure VM and containers created properly
2381 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2382 5.Verify ping gets success
2383 6.Verify ping success flows added in OvS
2384 7.Now restart vCPE-1 container
2385 8.Now repeat step 4 while vCPE-1 restarts
2386 9.Verify that ping fails as vCPE-1 container is restarts
2387 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 restarts
2388 11..Verify ping success and flows added in OvS
2389 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2390
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2391 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_pause(self):
2392 """
2393 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 paused
2394 Algo:
2395 1.Create a vSG VM in compute node
2396 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2397 3.Ensure VM and containers created properly
2398 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2399 5.Verify ping gets success
2400 6.Verify ping success flows added in OvS
2401 7.Now pause vCPE-1 container
2402 8.Now repeat step 4 while vCPE-1 in pause state
2403 9.Verify that ping fails as vCPE-1 container in pause state
2404 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 in pause state
2405 11.Verify ping success and flows added in OvS
2406 """
2407 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_removed(self):
2408 """
2409 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 removed
2410 Algo:
2411 1.Create a vSG VM in compute node
2412 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2413 3.Ensure VM and containers created properly
2414 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2415 5.Verify ping gets success
2416 6.Verify ping success flows added in OvS
2417 7.Now remove vCPE-1 container
2418 8.Now repeat step 4
2419 9.Verify that ping fails as vCPE-1 container removed
2420 10.Repeat step 4 with ctag corresponding to vCPE-2 container
2421 11.Verify ping success and flows added in OvS
2422 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2423
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2424 def test_vsg_for_vcpe_instance_removed_and_added_again(self):
2425 """
2426 Algo:
2427 1.Create a vSG VM in compute node
2428 2.Create a vCPE container in vSG VM
2429 3.Ensure VM and containers created properly
2430 4.From subscriber end, send ping to public IP
2431 5.Verify ping gets success
2432 6.Verify ping success flows added in OvS
2433 7.Now remove vCPE container in vSG VM
2434 8.Now repeat step 4
2435 9.Verify that ping fails as vCPE container removed
2436 10.Create the vCPE container again for the same subscriber
2437 11.Ensure that vCPE created now
2438 12.Now repeat step 4
2439 13.Verify ping success and flows added in OvS
2440 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2441
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2442 def test_vsg_for_vsg_vm_removed_and_added_again(self):
2443 """
2444 Algo:
2445 1.Create a vSG VM in compute node
2446 2.Create a vCPE container in vSG VM
2447 3.Ensure VM and containers created properly
2448 4.From subscriber end, send ping to public IP
2449 5.Verify ping gets success
2450 6.Verify ping success flows added in OvS
2451 7.Now remove vSG VM
2452 8.Now repeat step 4
2453 9.Verify that ping fails as vSG VM not exists
2454 10.Create the vSG VM and vCPE container in VM again
2455 11.Ensure that vSG and vCPE created
2456 12.Now repeat step 4
2457 13.Verify ping success and flows added in OvS
2458 """
2459
2460 #Test vSG - Subscriber Configuration
2461 def test_vsg_for_configuring_new_subscriber_in_vcpe(self):
2462 """
2463 Algo:
2464 1.Create a vSG VM in compute node
2465 2.Create a vCPE container in vSG VM
2466 3.Ensure VM and containers created properly
2467 4.Configure a subscriber in XOS and assign a service id
2468 5.Set the admin privileges to the subscriber
2469 6.Verify subscriber configuration is success
2470 """
2471 def test_vsg_for_adding_subscriber_devices_in_vcpe(self):
2472 """
2473 Algo:
2474 1.Create a vSG VM in compute node
2475 2.Create a vCPE container in vSG VM
2476 3.Ensure VM and containers created properly
2477 4.Configure a subscriber in XOS and assign a service id
2478 5.Verify subscriber successfully configured in vCPE
2479 6.Now add devices( Mac addresses ) under the subscriber admin group
2480 7.Verify all devices ( Macs ) added successfully
2481 """
2482 def test_vsg_for_removing_subscriber_devices_in_vcpe(self):
2483 """
2484 Algo:
2485 1.Create a vSG VM in compute node
2486 2.Create a vCPE container in vSG VM
2487 3.Ensure VM and containers created properly
2488 4.Configure a subscriber in XOS and assign a service id
2489 5.Verify subscriber successfully configured
2490 6.Now add devices( Mac addresses ) under the subscriber admin group
2491 7.Verify all devices ( Macs ) added successfully
2492 8.Now remove All the added devices in XOS
2493 9.Verify all the devices removed
2494 """
2495 def test_vsg_for_modify_subscriber_devices_in_vcpe(self):
2496 """
2497 Algo:
2498 1.Create a vSG VM in compute node
2499 2.Create a vCPE container in vSG VM
2500 3.Ensure VM and containers created properly
2501 4.Configure a user in XOS and assign a service id
2502 5.Verify subscriber successfully configured in vCPE.
2503 6.Now add devices( Mac addresses ) under the subscriber admin group
2504 7.Verify all devices ( Macs ) added successfully
2505 8.Now remove few devices in XOS
2506 9.Verify devices removed successfully
2507 10.Now add few additional devices in XOS under the same subscriber admin group
2508 11.Verify newly added devices successfully added
2509 """
2510 def test_vsg_for_vcpe_login_fails_with_incorrect_subscriber_credentials(self):
2511 """
2512 Algo:
2513 1.Create a vSG VM in compute node
2514 2.Create a vCPE container in vSG VM
2515 3.Ensure VM and containers created properly
2516 4.Configure a subscriber in XOS and assign a service id
2517 5.Verify subscriber successfully configured
2518 6.Now add devices( Mac addresses ) under the subscriber admin group
2519 7.Verify all devices ( Macs ) added successfully
2520 8.Login vCPE with credentials with which subscriber configured
2521 9.Verify subscriber successfully logged in
2522 10.Logout and login again with incorrect credentials ( either user name or password )
2523 11.Verify login attempt to vCPE fails wtih incorrect credentials
2524 """
2525 def test_vsg_for_subscriber_configuration_in_vcpe_retain_after_vcpe_restart(self):
2526 """
2527 Algo:
2528 1.Create a vSG VM in compute node
2529 2.Create a vCPE container in vSG VM
2530 3.Ensure VM and containers created properly
2531 4.Configure a subscriber in XOS and assign a service id
2532 5.Verify subscriber successfully configured
2533 6.Now add devices( Mac addresses ) under the subscriber admin group
2534 7.Verify all devices ( Macs ) added successfully
2535 8.Restart vCPE ( locate backup config path while restart )
2536 9.Verify subscriber details in vCPE after restart should be same as before the restart
2537 """
2538 def test_vsg_for_create_multiple_vcpe_instances_and_configure_subscriber_in_each_instance(self):
2539 """
2540 Algo:
2541 1.Create a vSG VM in compute node
2542 2.Create 2 vCPE containers in vSG VM
2543 3.Ensure VM and containers created properly
2544 4.Configure a subscriber in XOS for each vCPE instance and assign a service id
2545 5.Verify subscribers successfully configured
2546 6.Now login vCPE-2 with subscriber-1 credentials
2547 7.Verify login fails
2548 8.Now login vCPE-1 with subscriber-2 credentials
2549 9.Verify login fails
2550 10.Now login vCPE-1 with subscriber-1 and vCPE-2 with subscriber-2 credentials
2551 11.Verify that both the subscribers able to login to their respective vCPE containers
2552 """
2553 def test_vsg_for_same_subscriber_can_be_configured_for_multiple_services(self):
2554 """
2555 Algo:
2556 1.Create 2 vSG VMs in compute node
2557 2.Create a vCPE container in each vSG VM
2558 3.Ensure VMs and containers created properly
2559 4.Configure same subscriber in XOS for each vCPE instance and assign a service id
2560 5.Verify subscriber successfully configured
2561 6.Now login vCPE-1 with subscriber credentials
2562 7.Verify login success
2563 8.Now login vCPE-2 with the same subscriber credentials
2564 9.Verify login success
2565 """
2566
2567 #Test Example Service
2568 def test_vsg_for_subcriber_avail_example_service_running_in_apache_server(self):
2569 """
2570 Algo:
2571 1.Create a vSG VM in compute node
2572 2.Create a vCPE container in each vSG VM
2573 3.Ensure VM and container created properly
2574 4.Configure a subscriber in XOS for the vCPE instance and assign a service id
2575 5.On-board an example service into cord pod
2576 6.Create a VM in compute node and run the example service ( Apache server )
2577 7.Configure the example service with service specific and subscriber specific messages
2578 8.Verify example service on-boarded successfully
2579 9.Verify example service running in VM
2580 10.Run a curl command from subscriber to reach example service
2581 11.Verify subscriber can successfully reach example service via vSG
2582 12.Verify that service specific and subscriber specific messages
2583 """
2584 def test_vsg_for_subcriber_avail_example_service_running_in_apache_server_after_service_restart(self):
2585 """
2586 Algo:
2587 1.Create a vSG VM in compute node
2588 2.Create a vCPE container in each vSG VM
2589 3.Ensure VM and container created properly
2590 4.Configure a subscriber in XOS for the vCPE instance and assign a service id
2591 5.On-board an example service into cord pod
2592 6.Create a VM in compute node and run the example service ( Apache server )
2593 7.Configure the example service with service specific and subscriber specific messages
2594 8.Verify example service on-boarded successfully
2595 9.Verify example service running in VM
2596 10.Run a curl command from subscriber to reach example service
2597 11.Verify subscriber can successfully reach example service via vSG
2598 12.Verify that service specific and subscriber specific messages
2599 13.Restart example service running in VM
2600 14.Repeat step 10
2601 15.Verify the same results as mentioned in steps 11, 12
2602 """
2603
2604 #vCPE Firewall Functionality
2605 def test_vsg_firewall_for_creating_acl_rule_based_on_source_ip(self):
2606 """
2607 Algo:
2608 1.Create a vSG VM in compute node
2609 2.Create vCPE container in the VM
2610 3.Ensure vSG VM and vCPE container created properly
2611 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
2612 5.Bound the acl rule to WAN interface of vCPE
2613 6.Verify configuration in vCPE is success
2614 8.Verify flows added in OvS
2615 """
2616 def test_vsg_firewall_for_creating_acl_rule_based_on_destination_ip(self):
2617 """
2618 Algo:
2619 1.Create a vSG VM in compute node
2620 2.Create vCPE container in the VM
2621 3.Ensure vSG VM and vCPE container created properly
2622 4.Configure ac acl rule in vCPE to deny IP traffic to a destination ip
2623 5.Bound the acl rule to WAN interface of vCPE
2624 6.Verify configuration in vCPE is success
2625 8.Verify flows added in OvS
2626 """
2627 def test_vsg_firewall_for_acl_deny_rule_based_on_source_ip_traffic(self):
2628 """
2629 Algo:
2630 1.Create a vSG VM in compute node
2631 2.Create vCPE container in the VM
2632 3.Ensure vSG VM and vCPE container created properly
2633 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
2634 5.Bound the acl rule to WAN interface of vCPE
2635 6.From subscriber, send ping to the denied IP address
2636 7.Verify that ping fails as vCPE denies ping response
2637 8.Verify flows added in OvS
2638 """
2639 def test_vsg_firewall_for_acl_deny_rule_based_on_destination_ip_traffic(self):
2640 """
2641 Algo:
2642 1.Create a vSG VM in compute node
2643 2.Create vCPE container in the VM
2644 3.Ensure vSG VM and vCPE container created properly
2645 4.Configure ac acl rule in vCPE to deny IP traffic to a destination IP
2646 5.Bound the acl rule to WAN interface of vCPE
2647 6.From subscriber, send ping to the denied IP address
2648 7.Verify that ping fails as vCPE drops the ping request at WAN interface
2649 8.Verify flows added in OvS
2650 """
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]2651
2652 def test_vsg_dnsmasq(self):
2653 pass
2654
2655 def test_vsg_with_external_parental_control_family_shield_for_filter(self):
2656 pass
2657
2658 def test_vsg_with_external_parental_control_with_answerx(self):
2659 pass
2660
2661 def test_vsg_for_subscriber_upstream_bandwidth(self):
2662 pass
2663
2664 def test_vsg_for_subscriber_downstream_bandwidth(self):
2665 pass
2666
2667 def test_vsg_for_diagnostic_run_of_traceroute(self):
2668 pass
2669
2670 def test_vsg_for_diagnostic_run_of_tcpdump(self):
2671 pass
2672
2673 def test_vsg_for_iptable_rules(self):
2674 pass
2675
2676 def test_vsg_for_iptables_with_neutron(self):
2677 pass